5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2005 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
21 #include "silcserver.h"
22 #include "server_internal.h"
24 /************************ Static utility functions **************************/
26 /* SKE public key verification callback */
29 silc_server_accept_verify_key(SilcSKE ske,
30 SilcSKEPKType pk_type,
31 SilcPublicKey public_key,
33 SilcSKEVerifyCbCompletion completion,
34 void *completion_context)
36 SilcServerAccept ac = context;
38 SILC_LOG_DEBUG(("Verifying public key"));
40 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
41 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
42 ac->hostname, ac->ip, ac->port, pk_type));
43 completion(ac->data.ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
48 /* We accept all keys without explicit verification */
49 completion(ac->data.ske, SILC_SKE_STATUS_OK, completion_context);
52 /* SKE completion callback */
55 silc_server_accept_completed(SilcSKE ske, SilcSKEStatus status,
56 SilcSKESecurityProperties prop,
57 SilcSKEKeyMaterial keymat,
58 SilcSKERekeyMaterial rekey,
61 SilcServerAccept ac = context;
68 /* Continue synchronously to take keys into use immediately */
69 SILC_FSM_CALL_CONTINUE_SYNC(ac->t);
72 /* Authentication data callback */
75 silc_server_accept_get_auth(SilcConnAuth connauth,
76 SilcConnectionType conn_type,
77 unsigned char **passphrase,
78 SilcUInt32 *passphrase_len,
82 SilcServerAccept ac = context;
84 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
86 /* Remote end is client */
87 if (conn_type == SILC_CONN_CLIENT) {
91 *passphrase = ac->cconfig->passphrase;
92 *passphrase_len = ac->cconfig->passphrase_len;
93 if (ac->cconfig->pubkey_auth)
94 *repository = ac->thread->server->repository;
97 /* Remote end is server */
98 if (conn_type == SILC_CONN_SERVER) {
102 *passphrase = ac->sconfig->passphrase;
103 *passphrase_len = ac->sconfig->passphrase_len;
104 if (ac->sconfig->pubkey_auth)
105 *repository = ac->thread->server->repository;
108 /* Remote end is router */
109 if (conn_type == SILC_CONN_ROUTER) {
113 *passphrase = ac->rconfig->passphrase;
114 *passphrase_len = ac->rconfig->passphrase_len;
115 if (ac->rconfig->pubkey_auth)
116 *repository = ac->thread->server->repository;
119 ac->data.type = conn_type;
124 /* Authentication completion callback */
127 silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success,
130 SilcServerAccept ac = context;
131 ac->auth_success = success;
132 SILC_FSM_CALL_CONTINUE(ac->t);
137 static void silc_server_accept_free(SilcServerAccept ac)
140 silc_connauth_free(ac->connauth);
141 silc_free(ac->error_string);
145 void silc_server_accept_connection_dest(SilcFSM fsm, void *fsm_context,
146 void *destructor_context)
148 SilcServerAccept ac = fsm_context;
150 silc_server_accept_free(ac);
154 /********************* Accepting new connection thread **********************/
156 SILC_FSM_STATE(silc_server_st_accept_connection)
158 SilcServerAccept ac = fsm_context;
159 SilcServer server = ac->thread->server;
160 SilcServerParamDeny deny;
161 SilcSKESecurityPropertyFlag flags = 0;
163 SILC_LOG_DEBUG(("Accepting new connection"));
165 /* Create packet stream */
166 ac->packet_stream = silc_packet_stream_create(ac->thread->packet_engine,
167 silc_fsm_get_schedule(fsm),
169 if (!ac->packet_stream) {
170 /** Cannot create packet stream */
171 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
172 silc_fsm_next(fsm, silc_server_st_accept_error);
173 return SILC_FSM_CONTINUE;
176 silc_packet_set_context(ac->packet_stream, ac);
178 /* Set source ID to packet stream */
179 if (!silc_packet_set_ids(ac->packet_stream, SILC_ID_SERVER, &server->id,
182 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
183 silc_fsm_next(fsm, silc_server_st_accept_error);
184 return SILC_FSM_CONTINUE;
187 if (!silc_socket_stream_get_info(ac->stream, NULL, &ac->hostname,
188 &ac->ip, &ac->port)) {
189 /** Bad socket stream */
190 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
191 silc_fsm_next(fsm, silc_server_st_accept_error);
192 return SILC_FSM_CONTINUE;
195 /* Check whether this connection is denied to connect to us. */
196 deny = silc_server_params_find_denied(server, ac->ip, ac->hostname);
198 /** Connection is denied */
199 SILC_LOG_INFO(("Connection %s (%s) is denied", ac->hostname, ac->ip));
200 ac->error = SILC_STATUS_ERR_BANNED_FROM_SERVER;
201 silc_fsm_next(fsm, silc_server_st_accept_error);
202 return SILC_FSM_CONTINUE;
205 server->params->refcnt++;
207 /* Check whether we have configured this sort of connection at all. We
208 have to check all configurations since we don't know what type of
209 connection this is. */
210 ac->cconfig = silc_server_params_find_client(server, ac->ip, ac->hostname);
211 ac->sconfig = silc_server_params_find_server(server, ac->ip, ac->hostname);
212 if (server->server_type == SILC_ROUTER)
213 ac->rconfig = silc_server_params_find_router(server, ac->ip,
214 ac->hostname, ac->port);
215 if (!ac->cconfig && !ac->sconfig && !ac->rconfig) {
216 /** Connection not configured */
217 SILC_LOG_INFO(("Connection %s (%s) not configured", ac->hostname,
219 ac->error = SILC_STATUS_ERR_BANNED_FROM_SERVER;
220 silc_fsm_next(fsm, silc_server_st_accept_error);
221 return SILC_FSM_CONTINUE;
224 SILC_LOG_INFO(("Incoming connection %s (%s)", ac->hostname, ac->ip));
226 /* Take flags for key exchange. Since we do not know what type of connection
227 this is, we go through all found configurations and use the global ones
228 as well. This will result always into strictest key exchange flags. */
229 SILC_GET_SKE_FLAGS(ac->cconfig, flags);
230 SILC_GET_SKE_FLAGS(ac->sconfig, flags);
231 SILC_GET_SKE_FLAGS(ac->rconfig, flags);
232 if (server->params->param.key_exchange_pfs)
233 flags |= SILC_SKE_SP_FLAG_PFS;
235 server->stat.conn_attempts++;
237 /* Start SILC Key Exchange protocol */
238 SILC_LOG_DEBUG(("Starting key exchange protocol"));
239 ac->data.ske = silc_ske_alloc(server->rng, silc_fsm_get_schedule(fsm),
240 server->public_key, server->private_key, ac);
243 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
244 silc_fsm_next(fsm, silc_server_st_accept_error);
245 return SILC_FSM_CONTINUE;
247 silc_ske_set_callbacks(ac->data.ske, silc_server_accept_verify_key,
248 silc_server_accept_completed, ac);
250 /** Waiting for SKE completion */
251 silc_fsm_next(fsm, silc_server_st_accept_set_keys);
252 SILC_FSM_CALL((ac->op = silc_ske_responder(ac->data.ske, ac->packet_stream,
253 silc_version_string, flags)));
256 SILC_FSM_STATE(silc_server_st_accept_set_keys)
258 SilcServerAccept ac = fsm_context;
259 SilcServer server = ac->thread->server;
260 SilcCipher send_key, receive_key;
261 SilcHmac hmac_send, hmac_receive;
263 if (ac->status != SILC_SKE_STATUS_OK) {
265 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
266 silc_ske_map_status(ac->status), ac->hostname, ac->ip));
267 ac->error = SILC_STATUS_ERR_KEY_EXCHANGE_FAILED;
268 silc_fsm_next(fsm, silc_server_st_accept_error);
269 return SILC_FSM_CONTINUE;
272 SILC_LOG_DEBUG(("Setting keys into use"));
274 /* Set the keys into use. The data will be encrypted after this. */
275 if (!silc_ske_set_keys(ac->data.ske, ac->keymat, ac->prop, &send_key,
276 &receive_key, &hmac_send, &hmac_receive,
278 /** Error setting keys */
279 ac->error = SILC_STATUS_ERR_KEY_EXCHANGE_FAILED;
280 silc_fsm_next(fsm, silc_server_st_accept_error);
281 return SILC_FSM_CONTINUE;
283 silc_packet_set_ciphers(ac->packet_stream, send_key, receive_key);
284 silc_packet_set_hmacs(ac->packet_stream, hmac_send, hmac_receive);
286 SILC_LOG_DEBUG(("Starting connection authentication"));
287 server->stat.auth_attempts++;
289 ac->connauth = silc_connauth_alloc(silc_fsm_get_schedule(fsm), ac->data.ske,
290 server->params->conn_auth_timeout);
292 /** Error allocating auth protocol */
293 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
294 silc_fsm_next(fsm, silc_server_st_accept_error);
295 return SILC_FSM_CONTINUE;
298 /** Waiting authentication completion */
299 silc_fsm_next(fsm, silc_server_st_accept_authenticated);
300 SILC_FSM_CALL((ac->op = silc_connauth_responder(
302 silc_server_accept_get_auth,
303 silc_server_accept_auth_compl,
307 SILC_FSM_STATE(silc_server_st_accept_authenticated)
309 SilcServerAccept ac = fsm_context;
310 SilcServer server = ac->thread->server;
311 SilcUInt32 conn_number, num_sockets, max_hosts, max_per_host;
312 SilcUInt32 r_protocol_version, l_protocol_version;
313 SilcUInt32 r_software_version, l_software_version;
314 char *r_vendor_version = NULL, *l_vendor_version;
315 SilcServerParamConnParams params, global;
316 SilcBool backup_router = FALSE;
318 if (ac->auth_success == FALSE) {
319 /** Authentication failed */
320 SILC_LOG_INFO(("Authentication failed for %s (%s) [%s]",
321 ac->hostname, ac->ip,
322 SILC_CONNTYPE_STRING(ac->data.type)));
323 ac->error = SILC_STATUS_ERR_AUTH_FAILED;
324 silc_fsm_next(fsm, silc_server_st_accept_error);
325 return SILC_FSM_CONTINUE;
328 SILC_LOG_DEBUG(("Checking whether connection is allowed"));
330 global = &server->params->param;
332 if (ac->data.type == SILC_CONN_CLIENT) {
333 /** Accept client connection */
334 silc_fsm_next(fsm, silc_server_st_accept_client);
335 params = ac->cconfig->param;
336 conn_number = server->stat.my_clients;
337 } else if (ac->data.type == SILC_CONN_SERVER) {
338 /** Accept server connection */
339 silc_fsm_next(fsm, silc_server_st_accept_server);
340 params = ac->sconfig->param;
341 backup_router = ac->sconfig->backup_router;
342 conn_number = server->stat.my_servers;
344 /** Accept router connection */
345 silc_fsm_next(fsm, silc_server_st_accept_server);
346 params = ac->rconfig->param;
347 backup_router = ac->rconfig->backup_router;
348 conn_number = server->stat.my_routers;
351 silc_fsm_sema_init(&ac->wait_register, silc_fsm_get_machine(fsm), 0);
354 l_protocol_version = silc_version_to_num(params && params->version_protocol ?
355 params->version_protocol :
356 global->version_protocol);
357 l_software_version = silc_version_to_num(params && params->version_software ?
358 params->version_software :
359 global->version_software);
360 l_vendor_version = (params && params->version_software_vendor ?
361 params->version_software_vendor :
362 global->version_software_vendor);
364 silc_ske_parse_version(ac->data.ske, &r_protocol_version, NULL,
365 &r_software_version, NULL, &r_vendor_version);
367 /* Match protocol version */
368 if (l_protocol_version && r_protocol_version &&
369 r_protocol_version < l_protocol_version) {
370 /** Protocol version mismatch */
371 SILC_LOG_INFO(("Connection %s (%s) is too old version", ac->hostname,
373 ac->error = SILC_STATUS_ERR_BAD_VERSION;
374 ac->error_string = strdup("You support too old protocol version");
375 silc_fsm_next(fsm, silc_server_st_accept_error);
376 return SILC_FSM_CONTINUE;
379 /* Match software version */
380 if (l_software_version && r_software_version &&
381 r_software_version < l_software_version) {
382 /** Software version mismatch */
383 SILC_LOG_INFO(("Connection %s (%s) is too old version", ac->hostname,
385 ac->error = SILC_STATUS_ERR_BAD_VERSION;
386 ac->error_string = strdup("You support too old software version");
387 silc_fsm_next(fsm, silc_server_st_accept_error);
388 return SILC_FSM_CONTINUE;
391 /* Regex match vendor version */
392 if (l_vendor_version && r_vendor_version &&
393 !silc_string_match(l_vendor_version, r_vendor_version)) {
394 /** Vendor version mismatch */
395 SILC_LOG_INFO(("Connection %s (%s) is unsupported version", ac->hostname,
397 ac->error = SILC_STATUS_ERR_BAD_VERSION;
398 ac->error_string = strdup("Your software is not supported");
399 silc_fsm_next(fsm, silc_server_st_accept_error);
400 return SILC_FSM_CONTINUE;
402 silc_free(r_vendor_version);
404 /* Check for maximum connections limit */
405 // num_sockets = silc_server_num_sockets_by_ip(server, sock->ip, type);
406 max_hosts = (params ? params->connections_max : global->connections_max);
407 max_per_host = (params ? params->connections_max_per_host :
408 global->connections_max_per_host);
410 if (max_hosts && conn_number >= max_hosts) {
411 /** Server is full */
412 SILC_LOG_INFO(("Server is full, closing %s (%s) connection", ac->hostname,
414 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
415 ac->error_string = strdup("Server is full, try again later");
416 silc_fsm_next(fsm, silc_server_st_accept_error);
417 return SILC_FSM_CONTINUE;
422 if (num_sockets >= max_per_host) {
423 /** Too many connections */
424 SILC_LOG_INFO(("Too many connections from %s (%s), closing connection",
425 ac->hostname, ac->ip));
426 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
427 ac->error_string = strdup("Too many connections from your host");
428 silc_fsm_next(fsm, silc_server_st_accept_error);
429 return SILC_FSM_CONTINUE;
432 /* If we are waiting backup router connection, do not accept any other
434 if (server->wait_backup && !backup_router) {
435 /** No backup established */
436 SILC_LOG_INFO(("Will not accept connections because we do "
437 "not have backup router connection established"));
438 ac->error = SILC_STATUS_ERR_PERM_DENIED;
439 ac->error_string = strdup("We do not have connection to backup router "
440 "established, try later");
441 silc_fsm_next(fsm, silc_server_st_accept_error);
442 return SILC_FSM_CONTINUE;
445 /* If we are backup router and this is incoming server connection
446 and we do not have connection to primary router, do not allow
448 if (server->server_type == SILC_BACKUP_ROUTER &&
449 ac->data.type == SILC_CONN_SERVER &&
450 !SILC_PRIMARY_ROUTE(server)) {
451 /** No primary established */
452 SILC_LOG_INFO(("Will not accept server connection because we do "
453 "not have primary router connection established"));
454 ac->error = SILC_STATUS_ERR_PERM_DENIED;
455 ac->error_string = strdup("We do not have connection to primary router "
456 "established, try later");
457 silc_fsm_next(fsm, silc_server_st_accept_error);
458 return SILC_FSM_CONTINUE;
461 return SILC_FSM_CONTINUE;
464 SILC_FSM_STATE(silc_server_st_accept_client)
466 SilcServerAccept ac = fsm_context;
467 SilcServer server = ac->thread->server;
468 SilcServerParamClient conn = ac->cconfig;
469 SilcServerParamConnParams param = &server->params->param;
470 SilcClientEntry client;
471 SilcClientID client_id;
473 char *username = NULL, *realname = NULL;
474 SilcUInt16 username_len;
475 SilcUInt32 id_len, mode = 0;
476 char n[128], u[384], h[256];
479 /* Wait here for the NEW_CLIENT or RESUME_CLIENT packet */
480 SILC_FSM_SEMA_TIMEDWAIT(&ac->wait_register, 20, 0, &timedout);
482 if (!ac->register_packet || timedout) {
483 /** Client did not register */
484 SILC_LOG_INFO(("Client connection %s (%s) did not register",
485 ac->hostname, ac->ip));
486 ac->error = SILC_STATUS_ERR_NOT_REGISTERED;
487 silc_fsm_next(fsm, silc_server_st_accept_error);
488 return SILC_FSM_CONTINUE;
491 SILC_LOG_DEBUG(("Connection %s (%s) is client", ac->hostname, ac->ip));
492 SILC_LOG_INFO(("Connection %s (%s) is client", ac->hostname, ac->ip));
494 /* Handle resuming separately */
495 if (ac->register_packet->type == SILC_PACKET_RESUME_CLIENT) {
496 /** Resume client connection */
497 silc_fsm_next(fsm, silc_server_st_accept_resume_client);
498 return SILC_FSM_CONTINUE;
501 /* Get connection parameters */
505 if (!param->keepalive_secs)
506 param->keepalive_secs = server->params->param.keepalive_secs;
508 if (!param->qos && server->params->param.qos) {
509 param->qos = server->params->param.qos;
510 param->qos_rate_limit = server->params->param.qos_rate_limit;
511 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
512 param->qos_limit_sec = server->params->param.qos_limit_sec;
513 param->qos_limit_usec = server->params->param.qos_limit_usec;
516 /* Check if to be anonymous connection */
517 if (param->anonymous)
518 mode |= SILC_UMODE_ANONYMOUS;
521 /* Parse NEW_CLIENT packet */
522 ret = silc_buffer_unformat(&ac->register_packet->buffer,
523 SILC_STR_UI16_NSTRING(&username,
525 SILC_STR_UI16_STRING(&realname),
528 /** Bad NEW_CLIENT packet */
529 SILC_LOG_ERROR(("Client %s (%s) sent incomplete information",
530 ac->hostname, ac->ip));
531 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
532 ac->error_string = strdup("Bad NEW_CLIENT packet");
533 silc_fsm_next(fsm, silc_server_st_accept_error);
534 return SILC_FSM_CONTINUE;
538 /** Client did not send username */
539 SILC_LOG_ERROR(("Client %s (%s) did not send its username",
540 ac->hostname, ac->ip));
541 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
542 ac->error_string = strdup("You did not send username");
543 silc_fsm_next(fsm, silc_server_st_accept_error);
544 return SILC_FSM_CONTINUE;
547 if (username_len > 128) {
549 username[username_len - 1] = '\0';
552 memset(n, 0, sizeof(n));
553 memset(u, 0, sizeof(u));
554 memset(h, 0, sizeof(h));
556 ret = silc_parse_userfqdn(username, u, 128, h, sizeof(h));
558 /* Hostname not present, add it */
559 snprintf(n, sizeof(n), "%s", u);
560 snprintf(u, sizeof(u) - 1, "%s@%s", n, ac->hostname);
562 /* Verify that hostname is same than resolved hostname */
563 if (strcmp(ac->hostname, h)) {
564 /** Wrong hostname string */
565 SILC_LOG_ERROR(("Client %s (%s) sent wrong hostname string",
566 ac->hostname, ac->ip));
567 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
568 ac->error_string = strdup("You sent wrong hostname string");
569 silc_fsm_next(fsm, silc_server_st_accept_error);
570 return SILC_FSM_CONTINUE;
572 snprintf(n, sizeof(n), "%s", u);
573 snprintf(u, sizeof(u) - 1, "%s@%s", n, h);
576 /* If configured as anonymous, scramble the username and hostname */
577 if (mode & SILC_UMODE_ANONYMOUS) {
580 u[0] = silc_rng_get_byte_fast(server->rng);
581 u[1] = silc_rng_get_byte_fast(server->rng);
582 u[2] = silc_rng_get_byte_fast(server->rng);
583 u[3] = silc_rng_get_byte_fast(server->rng);
585 scramble = silc_hash_babbleprint(server->sha1hash, u, strlen(u));
588 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
589 silc_fsm_next(fsm, silc_server_st_accept_error);
590 return SILC_FSM_CONTINUE;
593 username_len = strlen(scramble);
594 memset(u, 0, username_len);
595 memcpy(u, scramble, username_len);
598 memcpy(&u[16], ".silc", 5);
601 /* Get nickname from scrambled username */
602 silc_parse_userfqdn(u, n, sizeof(n), NULL, 0);
606 /* Create Client ID */
607 if (!silc_server_create_client_id(server, n, &client_id)) {
608 /** Could not create Client ID */
609 SILC_LOG_ERROR(("Client %s (%s) sent bad nickname string",
610 ac->hostname, ac->ip));
611 ac->error = SILC_STATUS_ERR_BAD_NICKNAME;
612 ac->error_string = strdup("Bad nickname");
613 silc_fsm_next(fsm, silc_server_st_accept_error);
614 return SILC_FSM_CONTINUE;
617 /* Create client entry */
618 client = silc_server_add_client(server, n, u, realname, &client_id,
619 mode, ac->packet_stream);
621 /** Could not create client entry */
622 SILC_LOG_ERROR(("Could not create new client entry"));
623 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
624 silc_fsm_next(fsm, silc_server_st_accept_error);
625 return SILC_FSM_CONTINUE;
628 /* Save entry data */
629 client->data = ac->data;
630 client->data.registered = TRUE;
631 client->data.local = TRUE;
632 silc_packet_set_context(ac->packet_stream, client);
634 /* Set destination ID to packet stream */
635 if (!silc_packet_set_ids(client->stream, 0, NULL, SILC_ID_CLIENT,
638 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
639 silc_fsm_next(fsm, silc_server_st_accept_error);
640 return SILC_FSM_CONTINUE;
643 /* Send the new client ID to the client. */
644 silc_server_send_new_id(ac->packet_stream, FALSE, &client->id,
647 /* Send nice welcome to the client */
648 silc_server_send_welcome(ac, client);
650 /* Notify our router about new client on the SILC network */
651 silc_server_send_new_id(SILC_PRIMARY_ROUTE(server), SILC_BROADCAST(server),
652 &client->id, SILC_ID_CLIENT);
655 /* Distribute to backup routers */
656 if (server->server_type == SILC_ROUTER) {
657 SilcBuffer idp = silc_id_payload_encode(client->id, SILC_ID_CLIENT);
658 silc_server_backup_send(server, sock->user_data, SILC_PACKET_NEW_ID, 0,
659 idp->data, idp->len, FALSE, TRUE);
660 silc_buffer_free(idp);
664 /* Check if anyone is watching this nickname */
665 if (server->server_type == SILC_ROUTER)
666 silc_server_check_watcher_list(server, client, NULL, 0);
671 silc_packet_free(ac->register_packet);
673 /** Connection accepted */
674 silc_fsm_next(fsm, silc_server_st_accept_finish);
675 return SILC_FSM_CONTINUE;
678 SILC_FSM_STATE(silc_server_st_accept_resume_client)
681 /** Connection accepted */
682 silc_fsm_next(fsm, silc_server_st_accept_finish);
683 return SILC_FSM_CONTINUE;
686 SILC_FSM_STATE(silc_server_st_accept_server)
688 SilcServerAccept ac = fsm_context;
689 SilcServer server = ac->thread->server;
690 SilcBool initiator = FALSE;
691 SilcBool backup_local = FALSE;
692 SilcBool backup_router = FALSE;
693 char *backup_replace_ip = NULL;
694 SilcUInt16 backup_replace_port = 0;
695 SilcServerParamServer sconn = ac->sconfig;
696 SilcServerParamRouter rconn = ac->rconfig;
697 SilcServerEntry server_entry;
698 SilcServerID server_id;
700 unsigned char *server_name, *server_namec, *id_string;
701 SilcUInt16 id_len, name_len;
706 /* Wait here for the NEW_SERVER packet */
707 SILC_FSM_SEMA_TIMEDWAIT(&ac->wait_register, 20, 0, &timedout);
709 if (!ac->register_packet || timedout) {
710 /** Server did not register */
711 SILC_LOG_INFO(("%s connection %s (%s) did not register",
712 SILC_CONNTYPE_STRING(ac->data.type),
713 ac->hostname, ac->ip));
714 ac->error = SILC_STATUS_ERR_NOT_REGISTERED;
715 silc_fsm_next(fsm, silc_server_st_accept_error);
716 return SILC_FSM_CONTINUE;
719 /* Get connection parameters */
720 if (ac->data.type == SILC_CONN_ROUTER) {
723 param = rconn->param;
725 if (!param->keepalive_secs)
726 param->keepalive_secs = server->params->param.keepalive_secs;
728 if (!param->qos && server->params->param.qos) {
729 param->qos = server->params->param.qos;
730 param->qos_rate_limit = server->params->param.qos_rate_limit;
731 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
732 param->qos_limit_sec = server->params->param.qos_limit_sec;
733 param->qos_limit_usec = server->params->param.qos_limit_usec;
737 initiator = rconn->initiator;
738 backup_local = rconn->backup_local;
739 backup_router = rconn->backup_router;
740 backup_replace_ip = rconn->backup_replace_ip;
741 backup_replace_port = rconn->backup_replace_port;
743 } else if (ac->data.type == SILC_CONN_SERVER) {
746 param = sconn->param;
748 if (!param->keepalive_secs)
749 param->keepalive_secs = server->params->param.keepalive_secs;
751 if (!param->qos && server->params->param.qos) {
752 param->qos = server->params->param.qos;
753 param->qos_rate_limit = server->params->param.qos_rate_limit;
754 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
755 param->qos_limit_sec = server->params->param.qos_limit_sec;
756 param->qos_limit_usec = server->params->param.qos_limit_usec;
760 backup_router = sconn->backup_router;
764 SILC_LOG_DEBUG(("Connection %s (%s) is %s", sock->hostname,
765 sock->ip, ac->data.type == SILC_CONN_SERVER ?
766 "server" : (backup_router ? "backup router" : "router")));
767 SILC_LOG_INFO(("Connection %s (%s) is %s", sock->hostname,
768 sock->ip, ac->data.type == SILC_CONN_SERVER ?
769 "server" : (backup_router ? "backup router" : "router")));
771 /* Parse NEW_SERVER packet */
772 ret = silc_buffer_unformat(buffer,
773 SILC_STR_UI16_NSTRING(&id_string, &id_len),
774 SILC_STR_UI16_NSTRING(&server_name, &name_len),
777 /** Bad NEW_SERVER packet */
778 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
779 SILC_CONNTYPE_STRING(ac->data.type),
780 ac->hostname, ac->ip));
781 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
782 ac->error_string = strdup("Bad NEW_SERVER packet");
783 silc_fsm_next(fsm, silc_server_st_accept_error);
784 return SILC_FSM_CONTINUE;
787 if (name_len > 256) {
789 server_name[name_len - 1] = '\0';
793 if (!silc_id_str2id(id_string, id_len, SILC_ID_SERVER, &server_id,
794 sizeof(server_id))) {
796 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
797 SILC_CONNTYPE_STRING(ac->data.type),
798 ac->hostname, ac->ip));
799 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
800 ac->error_string = strdup("Bad Server ID");
801 silc_fsm_next(fsm, silc_server_st_accept_error);
802 return SILC_FSM_CONTINUE;
805 /* Check for valid server ID */
806 if (!silc_server_check_server_id(ac->ip, &server_id)) {
807 /** Invalid Server ID */
808 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
809 SILC_CONNTYPE_STRING(ac->data.type),
810 ac->hostname, ac->ip));
811 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
812 ac->error_string = strdup("Your Server ID is not based on your real "
813 "IP address. Check your configuration.");
814 silc_fsm_next(fsm, silc_server_st_accept_error);
815 return SILC_FSM_CONTINUE;
818 /* Create server entry */
820 silc_server_add_server(server, server_name,
821 (ac->data.type == SILC_CONN_SERVER ?
822 SILC_SERVER : SILC_ROUTER), &server_id,
825 /** Could not create server entry */
826 SILC_LOG_ERROR(("Could not create new server entry"));
827 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
828 silc_fsm_next(fsm, silc_server_st_accept_error);
829 return SILC_FSM_CONTINUE;
832 /* Save entry data */
833 server_entry->data = ac->data;
834 server_entry->data.registered = TRUE;
835 server_entry->data.local = TRUE;
836 silc_packet_set_context(ac->packet_stream, server_entry);
838 /* Set source ID to packet stream */
839 if (!silc_packet_set_ids(server_entry->stream, 0, NULL, SILC_ID_SERVER,
840 &server_entry->id)) {
842 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
843 silc_fsm_next(fsm, silc_server_st_accept_error);
844 return SILC_FSM_CONTINUE;
847 /* If the incoming connection is router and marked as backup router
848 then add it to be one of our backups */
849 if (ac->data.type == SILC_CONN_ROUTER && backup_router) {
850 /* Change it back to SERVER type since that's what it really is. */
852 server->data.type = SILC_CONN_SERVER;
853 server_entry->thread->server_type = SILC_BACKUP_ROUTER;
855 SILC_SERVER_SEND_OPERS(server, FALSE, TRUE, SILC_NOTIFY_TYPE_NONE,
856 ("Backup router %s is now online",
860 /* Check whether this connection is to be our primary router connection
861 if we do not already have the primary route. */
862 if (!backup_router && server->standalone &&
863 server_entry->data.type == SILC_CONN_ROUTER) {
864 if (silc_server_config_is_primary_route(server) && !initiator)
867 SILC_LOG_DEBUG(("We are not standalone server anymore"));
868 server->standalone = FALSE;
869 if (!server->id_entry->router) {
870 server->id_entry->router = id_entry;
871 server->router = id_entry;
877 /* Distribute the information about new server in the SILC network
878 to our router. If we are normal server we won't send anything
879 since this connection must be our router connection. */
880 if (server->server_type == SILC_ROUTER && !server->standalone &&
881 SILC_PRIMARY_ROUTE(server) != sock)
882 silc_server_send_new_id(server, SILC_PRIMARY_ROUTE(server),
883 TRUE, new_server->id, SILC_ID_SERVER,
884 silc_id_get_len(server_id, SILC_ID_SERVER));
886 if (server->server_type == SILC_ROUTER) {
887 /* Distribute to backup routers */
888 SilcBuffer idp = silc_id_payload_encode(new_server->id, SILC_ID_SERVER);
889 silc_server_backup_send(server, sock->user_data, SILC_PACKET_NEW_ID, 0,
890 idp->data, idp->len, FALSE, TRUE);
891 silc_buffer_free(idp);
894 /* Check whether this router connection has been replaced by an
895 backup router. If it has been then we'll disable the server and will
896 ignore everything it will send until the backup router resuming
897 protocol has been completed. */
898 if (sock->type == SILC_SOCKET_TYPE_ROUTER &&
899 silc_server_backup_replaced_get(server, server_id, NULL)) {
900 /* Send packet to the router indicating that it cannot use this
901 connection as it has been replaced by backup router. */
902 SILC_LOG_DEBUG(("Remote router has been replaced by backup router, "
903 "disabling its connection"));
905 silc_server_backup_send_replaced(server, sock);
907 /* Mark the router disabled. The data sent earlier will go but nothing
908 after this goes to this connection. */
909 idata->status |= SILC_IDLIST_STATUS_DISABLED;
911 /* If it is router announce our stuff to it. */
912 if (sock->type == SILC_SOCKET_TYPE_ROUTER &&
913 server->server_type == SILC_ROUTER) {
914 silc_server_announce_servers(server, FALSE, 0, sock);
915 silc_server_announce_clients(server, 0, sock);
916 silc_server_announce_channels(server, 0, sock);
919 /* Announce our information to backup router */
920 if (new_server->thread->server_type == SILC_BACKUP_ROUTER &&
921 sock->type == SILC_SOCKET_TYPE_SERVER &&
922 server->thread->server_type == SILC_ROUTER) {
923 silc_server_announce_servers(server, TRUE, 0, sock);
924 silc_server_announce_clients(server, 0, sock);
925 silc_server_announce_channels(server, 0, sock);
928 /* If backup router, mark it as one of ours. This server is considered
929 to be backup router after this setting. */
930 if (new_server->thread->server_type == SILC_BACKUP_ROUTER) {
931 SilcServerParamRouter backup;
932 backup = silc_server_params_find_backup(server, sock->ip,
935 /* Add as our backup router */
936 silc_server_backup_add(server, new_server, backup->backup_replace_ip,
937 backup->backup_replace_port,
938 backup->backup_local);
942 /* By default the servers connected to backup router are disabled
943 until backup router has become the primary */
944 if (server->thread->server_type == SILC_BACKUP_ROUTER &&
945 server_entry->data.type == SILC_CONN_SERVER)
946 server_entry->data.disabled = TRUE;
952 silc_packet_free(ac->register_packet);
955 /** Connection accepted */
956 silc_fsm_next(fsm, silc_server_st_accept_finish);
957 return SILC_FSM_CONTINUE;
960 SILC_FSM_STATE(silc_server_st_accept_finish)
962 SilcServerAccept ac = fsm_context;
963 SilcServer server = ac->thread->server;
965 SILC_LOG_DEBUG(("New connection accepted"));
967 return SILC_FSM_FINISH;
970 SILC_FSM_STATE(silc_server_st_accept_error)
972 SilcServerAccept ac = fsm_context;
973 SilcServer server = ac->thread->server;
975 SILC_LOG_DEBUG(("Error accepting new connection"));
977 /* Disconnect remote connection */
978 if (ac->packet_stream)
979 silc_server_disconnect(server, ac->packet_stream, ac->error,
982 silc_stream_destroy(ac->stream);
985 server->stat.conn_failures++;
987 server->stat.auth_failures++;
989 return SILC_FSM_FINISH;