Merged from silc_1_0_branch.

[silc.git] / apps / silcd / packet_send.c
diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c

index e51506acc27f757acc4f80ebf8a0f04580d45e09..8e3ab0f248742ce3a308a3074059467eb3aec13b 100644 (file)
--- a/apps/silcd/packet_send.c
+++ b/apps/silcd/packet_send.c
@@ -38,18 +38,24 @@ int silc_server_packet_send_real(SilcServer server,
    if (SILC_IS_DISCONNECTING(sock))
      return -1;
  
-  /* If rekey protocol is active we must assure that all packets are
-     sent through packet queue. */
-  if (SILC_SERVER_IS_REKEY(sock))
-    force_send = FALSE;
-
-  /* If outbound data is already pending do not force send */
-  if (SILC_IS_OUTBUF_PENDING(sock))
-    force_send = FALSE;
-
    /* Send the packet */
-  ret = silc_packet_send(sock, force_send);
+  ret = silc_packet_send(sock, FALSE);
    if (ret != -2) {
+    if (ret == -1) {
+      SILC_LOG_ERROR(("Error sending packet to connection "
+                     "%s:%d [%s]", sock->hostname, sock->port,
+                     (sock->type == SILC_SOCKET_TYPE_UNKNOWN ? "Unknown" :
+                      sock->type == SILC_SOCKET_TYPE_CLIENT ? "Client" :
+                      sock->type == SILC_SOCKET_TYPE_SERVER ? "Server" :
+                      "Router")));
+
+      SILC_SET_DISCONNECTING(sock);
+      if (sock->user_data)
+       silc_server_free_sock_user_data(server, sock, NULL);
+      silc_server_close_connection(server, sock);
+      return ret;
+    }
+
      server->stat.packets_sent++;
      return ret;
    }
@@ -168,7 +174,8 @@ void silc_server_packet_send_dest(SilcServer server,
      return;
    }
  
-  SILC_LOG_DEBUG(("Sending %s packet", silc_get_packet_name(type)));
+  SILC_LOG_DEBUG(("Sending %s packet (forced=%s)",
+                 silc_get_packet_name(type), force_send ? "yes" : "no"));
  
    if (dst_id) {
      dst_id_data = silc_id_id2str(dst_id, dst_id_type);
@@ -179,7 +186,14 @@ void silc_server_packet_send_dest(SilcServer server,
      cipher = idata->send_key;
      hmac = idata->hmac_send;
      sequence = idata->psn_send++;
-    block_len = silc_cipher_get_block_len(cipher);
+    if (cipher)
+      block_len = silc_cipher_get_block_len(cipher);
+
+    /* Check for mandatory rekey */
+    if (sequence == SILC_SERVER_REKEY_THRESHOLD)
+      silc_schedule_task_add(server->schedule, sock->sock,
+                            silc_server_rekey_callback, sock, 0, 1,
+                            SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
    }
  
    /* Set the packet context pointers */
@@ -196,7 +210,10 @@ void silc_server_packet_send_dest(SilcServer server,
                                             packetdata.dst_id_len));
    packetdata.truelen = data_len + SILC_PACKET_HEADER_LEN + 
      packetdata.src_id_len + dst_id_len;
-  packetdata.padlen = SILC_PACKET_PADLEN(packetdata.truelen, block_len);
+  if (type == SILC_PACKET_CONNECTION_AUTH)
+    SILC_PACKET_PADLEN_MAX(packetdata.truelen, block_len, packetdata.padlen);
+  else
+    SILC_PACKET_PADLEN(packetdata.truelen, block_len, packetdata.padlen);
  
    /* Create the outgoing packet */
    if (!silc_packet_assemble(&packetdata, NULL, cipher, hmac, sock,
@@ -271,6 +288,12 @@ void silc_server_packet_send_srcdest(SilcServer server,
      hmac = idata->hmac_send;
      sequence = idata->psn_send++;
      block_len = silc_cipher_get_block_len(cipher);
+
+    /* Check for mandatory rekey */
+    if (sequence == SILC_SERVER_REKEY_THRESHOLD)
+      silc_schedule_task_add(server->schedule, sock->sock,
+                            silc_server_rekey_callback, sock, 0, 1,
+                            SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
    }
  
    if (dst_id) {
@@ -297,7 +320,7 @@ void silc_server_packet_send_srcdest(SilcServer server,
                                             dst_id_len));
    packetdata.truelen = data_len + SILC_PACKET_HEADER_LEN + 
      packetdata.src_id_len + dst_id_len;
-  packetdata.padlen = SILC_PACKET_PADLEN(packetdata.truelen, block_len);
+  SILC_PACKET_PADLEN(packetdata.truelen, block_len, packetdata.padlen);
  
    /* Create the outgoing packet */
    if (!silc_packet_assemble(&packetdata, NULL, cipher, hmac, sock, data,
@@ -363,6 +386,12 @@ void silc_server_packet_broadcast(SilcServer server,
      /* Now actually send the packet */
      silc_server_packet_send_real(server, sock, TRUE);
      silc_free(id);
+
+    /* Check for mandatory rekey */
+    if (idata->psn_send == SILC_SERVER_REKEY_THRESHOLD)
+      silc_schedule_task_add(server->schedule, sock->sock,
+                            silc_server_rekey_callback, sock, 0, 1,
+                            SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
      return;
    }
  
@@ -401,6 +430,12 @@ void silc_server_packet_route(SilcServer server,
  
    /* Now actually send the packet */
    silc_server_packet_send_real(server, sock, TRUE);
+
+  /* Check for mandatory rekey */
+  if (idata->psn_send == SILC_SERVER_REKEY_THRESHOLD)
+    silc_schedule_task_add(server->schedule, sock->sock,
+                          silc_server_rekey_callback, sock, 0, 1,
+                          SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
  }
  
  /* This routine can be used to send a packet to table of clients provided
@@ -512,11 +547,11 @@ silc_server_packet_send_to_channel_real(SilcServer server,
  
    block_len = cipher ? silc_cipher_get_block_len(cipher) : 0;
    if (channel_message)
-    packet->padlen = SILC_PACKET_PADLEN((SILC_PACKET_HEADER_LEN +
-                                        packet->src_id_len +
-                                        packet->dst_id_len), block_len);
+    SILC_PACKET_PADLEN((SILC_PACKET_HEADER_LEN +
+                       packet->src_id_len +
+                       packet->dst_id_len), block_len, packet->padlen);
    else
-    packet->padlen = SILC_PACKET_PADLEN(packet->truelen, block_len);
+    SILC_PACKET_PADLEN(packet->truelen, block_len, packet->padlen);
  
    /* Put the data to buffer, assemble and encrypt the packet. The packet
       is encrypted with normal session key shared with the client, unless
@@ -712,6 +747,9 @@ silc_server_packet_relay_to_channel_encrypt(SilcServer server,
                                             unsigned char *data,
                                             unsigned int data_len)
  {
+  SilcUInt32 mac_len, iv_len;
+  unsigned char iv[SILC_CIPHER_MAX_IV_SIZE];
+
    /* If we are router and the packet came from router and private key
       has not been set for the channel then we must encrypt the packet
       as it was decrypted with the session key shared between us and the
@@ -719,21 +757,27 @@ silc_server_packet_relay_to_channel_encrypt(SilcServer server,
       same channel key. */
    if (server->server_type == SILC_ROUTER &&
        sock->type == SILC_SOCKET_TYPE_ROUTER &&
-      !(channel->mode & SILC_CHANNEL_MODE_PRIVKEY) &&
-      channel->channel_key) {
-    SilcUInt32 mac_len = silc_hmac_len(channel->hmac);
-    SilcUInt32 iv_len = silc_cipher_get_block_len(channel->channel_key);
-    unsigned char iv[SILC_CIPHER_MAX_IV_SIZE];
+      !(channel->mode & SILC_CHANNEL_MODE_PRIVKEY) && channel->key) {
+
+    /* If we are backup router and remote is our primary router and
+       we are currently doing backup resuming protocol we must not
+       re-encrypt message with session key. */
+    if (server->backup_router && SILC_SERVER_IS_BACKUP(sock) &&
+       SILC_PRIMARY_ROUTE(server) == sock)
+      return TRUE;
+
+    mac_len = silc_hmac_len(channel->hmac);
+    iv_len = silc_cipher_get_block_len(channel->channel_key);
  
      if (data_len <= mac_len + iv_len) {
        SILC_LOG_WARNING(("Corrupted channel message, cannot relay it"));
        return FALSE;
      }
  
-    memcpy(iv, data + (data_len - iv_len), iv_len);
-    silc_channel_message_payload_encrypt(data, data_len - iv_len - mac_len,
-                                        data_len, iv, iv_len,
-                                        channel->channel_key, channel->hmac);
+    memcpy(iv, data + (data_len - iv_len - mac_len), iv_len);
+    silc_message_payload_encrypt(data, data_len - iv_len, data_len,
+                                iv, iv_len, channel->channel_key,
+                                channel->hmac);
    }
  
    return TRUE;
@@ -882,6 +926,20 @@ void silc_server_packet_relay_to_channel(SilcServer server,
           continue;
         gone = TRUE;
  
+       /* If we are backup router and remote is our primary router and
+          we are currently doing backup resuming protocol we must not
+          re-encrypt message with session key. */
+       if (server->backup_router && SILC_SERVER_IS_BACKUP(sock) &&
+           SILC_PRIMARY_ROUTE(server) == sock) {
+         silc_server_packet_send_to_channel_real(server, sock, &packetdata,
+                                                 idata->send_key,
+                                                 idata->hmac_send,
+                                                 idata->psn_send++,
+                                                 data, data_len, TRUE,
+                                                 force_send);
+         continue;
+       }
+
         SILC_LOG_DEBUG(("Remote is router, encrypt with session key"));
  
         /* If private key mode is not set then decrypt the packet
@@ -895,8 +953,9 @@ void silc_server_packet_relay_to_channel(SilcServer server,
           memcpy(tmp, data, data_len);
  
           /* Decrypt the channel message (we don't check the MAC) */
-         silc_channel_message_payload_decrypt(tmp, data_len,
-                                              channel->channel_key, NULL);
+         silc_message_payload_decrypt(tmp, data_len, FALSE, FALSE,
+                                      channel->channel_key,
+                                      channel->hmac, FALSE);
  
           /* Now re-encrypt and send it to the router */
           silc_server_packet_send_srcdest(server, sock,
@@ -1030,6 +1089,12 @@ void silc_server_send_private_message(SilcServer server,
  
    /* Send the packet */
    silc_server_packet_send_real(server, dst_sock, FALSE);
+
+  /* Check for mandatory rekey */
+  if (sequence == SILC_SERVER_REKEY_THRESHOLD)
+    silc_schedule_task_add(server->schedule, dst_sock->sock,
+                          silc_server_rekey_callback, dst_sock, 0, 1,
+                          SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
  }
  
  /* Sends current motd to client */
@@ -1222,14 +1287,13 @@ void silc_server_send_notify_cmode(SilcServer server,
                                    const char *passphrase,
                                    SilcPublicKey founder_key)
  {
-  SilcBuffer idp;
-  unsigned char mode[4], *key = NULL;
-  SilcUInt32 key_len = 0;
+  SilcBuffer idp, fkey = NULL;
+  unsigned char mode[4];
  
    idp = silc_id_payload_encode((void *)id, id_type);
    SILC_PUT32_MSB(mode_mask, mode);
    if (founder_key)
-    key = silc_pkcs_public_key_encode(founder_key, &key_len);
+    fkey = silc_pkcs_public_key_payload_encode(founder_key);
  
    silc_server_send_notify_dest(server, sock, broadcast, (void *)channel->id,
                                SILC_ID_CHANNEL, SILC_NOTIFY_TYPE_CMODE_CHANGE,
@@ -1239,8 +1303,8 @@ void silc_server_send_notify_cmode(SilcServer server,
                                hmac, hmac ? strlen(hmac) : 0,
                                passphrase, passphrase ? 
                                strlen(passphrase) : 0,
-                              key, key_len);
-  silc_free(key);
+                              fkey ? fkey->data : NULL, fkey ? fkey->len : 0);
+  silc_buffer_free(fkey),
    silc_buffer_free(idp);
  }
  
@@ -1257,15 +1321,14 @@ void silc_server_send_notify_cumode(SilcServer server,
                                     SilcClientID *target,
                                     SilcPublicKey founder_key)
  {
-  SilcBuffer idp1, idp2;
-  unsigned char mode[4], *key = NULL;
-  SilcUInt32 key_len = 0;
+  SilcBuffer idp1, idp2, fkey = NULL;
+  unsigned char mode[4];
  
    idp1 = silc_id_payload_encode((void *)id, id_type);
    idp2 = silc_id_payload_encode((void *)target, SILC_ID_CLIENT);
    SILC_PUT32_MSB(mode_mask, mode);
    if (founder_key)
-    key = silc_pkcs_public_key_encode(founder_key, &key_len);
+    fkey = silc_pkcs_public_key_payload_encode(founder_key);
  
    silc_server_send_notify_dest(server, sock, broadcast, (void *)channel->id,
                                SILC_ID_CHANNEL, 
@@ -1273,8 +1336,8 @@ void silc_server_send_notify_cumode(SilcServer server,
                                idp1->data, idp1->len,
                                mode, 4,
                                idp2->data, idp2->len,
-                              key, key_len);
-  silc_free(key);
+                              fkey ? fkey->data : NULL, fkey ? fkey->len : 0);
+  silc_buffer_free(fkey);
    silc_buffer_free(idp1);
    silc_buffer_free(idp2);
  }
@@ -1407,7 +1470,8 @@ void silc_server_send_notify_ban(SilcServer server,
                                  SilcSocketConnection sock,
                                  bool broadcast,
                                  SilcChannelEntry channel,
-                                char *add, char *del)
+                                unsigned char *action,
+                                SilcBuffer list)
  {
    SilcBuffer idp;
  
@@ -1415,8 +1479,8 @@ void silc_server_send_notify_ban(SilcServer server,
    silc_server_send_notify(server, sock, broadcast,
                           SILC_NOTIFY_TYPE_BAN, 3,
                           idp->data, idp->len,
-                         add, add ? strlen(add) : 0,
-                         del, del ? strlen(del) : 0);
+                         action ? action : NULL, action ? 1 : 0,
+                         list ? list->data : NULL, list ? list->len : 0);
    silc_buffer_free(idp);
  }
  
@@ -1430,7 +1494,8 @@ void silc_server_send_notify_invite(SilcServer server,
                                     bool broadcast,
                                     SilcChannelEntry channel,
                                     SilcClientID *client_id,
-                                   char *add, char *del)
+                                   unsigned char *action,
+                                   SilcBuffer list)
  {
    SilcBuffer idp, idp2;
  
@@ -1441,8 +1506,8 @@ void silc_server_send_notify_invite(SilcServer server,
                           idp->data, idp->len,
                           channel->channel_name, strlen(channel->channel_name),
                           idp2->data, idp2->len,
-                         add, add ? strlen(add) : 0,
-                         del, del ? strlen(del) : 0);
+                         action ? action : NULL, action ? 1 : 0,
+                         list ? list->data : NULL, list ? list->len : 0);
    silc_buffer_free(idp);
    silc_buffer_free(idp2);
  }
@@ -1765,6 +1830,7 @@ void silc_server_send_channel_key(SilcServer server,
    SilcBuffer packet;
    unsigned char *chid;
    SilcUInt32 tmp_len;
+  const char *cipher;
   
    SILC_LOG_DEBUG(("Sending key to channel %s", channel->channel_name));
   
@@ -1776,11 +1842,11 @@ void silc_server_send_channel_key(SilcServer server,
      return;
   
    /* Encode channel key packet */
-  tmp_len = strlen(channel->channel_key->cipher->name);
+  cipher = silc_cipher_get_name(channel->channel_key);
+  tmp_len = strlen(cipher);
    packet = silc_channel_key_payload_encode(silc_id_get_len(channel->id,
                                                            SILC_ID_CHANNEL),
-                                          chid, tmp_len,
-                                           channel->channel_key->cipher->name,
+                                          chid, tmp_len, cipher,
                                             channel->key_len / 8, channel->key);
    silc_server_packet_send_to_channel(server, sender, channel, 
                                      SILC_PACKET_CHANNEL_KEY,
@@ -1901,6 +1967,12 @@ void silc_server_relay_packet(SilcServer server,
  
    silc_buffer_pull(packet->buffer, SILC_PACKET_HEADER_LEN + packet->src_id_len 
                    + packet->dst_id_len + packet->padlen);
+
+  /* Check for mandatory rekey */
+  if (sequence == SILC_SERVER_REKEY_THRESHOLD)
+    silc_schedule_task_add(server->schedule, dst_sock->sock,
+                          silc_server_rekey_callback, dst_sock, 0, 1,
+                          SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
  }
  
  /* Routine used to send the connection authentication packet. */
@@ -1935,7 +2007,6 @@ void silc_server_packet_queue_purge(SilcServer server,
        (SILC_IS_DISCONNECTED(sock) == FALSE)) {
      server->stat.packets_sent++;
      silc_packet_send(sock, TRUE);
-    SILC_SET_CONNECTION_FOR_INPUT(server->schedule, sock->sock);
      SILC_UNSET_OUTBUF_PENDING(sock);
      silc_buffer_clear(sock->outbuf);
    }