Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 1997 - 2001 Pekka Riikonen
+ Copyright (C) 1997 - 2002 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
/*
* This is the actual SILC server than handles everything relating to
- * servicing the SILC connections. This is also a SILC router as a router
+ * servicing the SILC connections. This is also a SILC router as a router
* is also normal server.
*/
/* $Id$ */
silc_dlist_uninit(server->sim);
#endif
- silc_free(server->params);
-
if (server->pending_commands)
silc_dlist_uninit(server->pending_commands);
/* Initializes the entire SILC server. This is called always before running
the server. This is called only once at the initialization of the program.
- This binds the server to its listenning port. After this function returns
- one should call silc_server_run to start the server. This returns TRUE
+ This binds the server to its listenning port. After this function returns
+ one should call silc_server_run to start the server. This returns TRUE
when everything is ok to run the server. Configuration file must be
read and parsed before calling this. */
int silc_server_init(SilcServer server)
{
- int *sock = NULL, sock_count, i;
+ int sock;
SilcServerID *id;
SilcServerEntry id_entry;
SilcIDListPurge purge;
- SilcServerConfigSectionListenPort *listen;
SILC_LOG_DEBUG(("Initializing server"));
assert(server);
assert(server->config);
/* Set public and private keys */
- if (!server->config->server_keys ||
- !server->config->server_keys->public_key ||
- !server->config->server_keys->private_key) {
+ if (!server->config->server_info ||
+ !server->config->server_info->public_key ||
+ !server->config->server_info->private_key) {
SILC_LOG_ERROR(("Server public key and/or private key does not exist"));
return FALSE;
}
- server->public_key = server->config->server_keys->public_key;
- server->private_key = server->config->server_keys->private_key;
-
- /* XXX After server is made as Silc Server Library this can be given
- as argument, for now this is hard coded */
- server->params = silc_calloc(1, sizeof(*server->params));
- server->params->retry_count = SILC_SERVER_RETRY_COUNT;
- server->params->retry_interval_min = SILC_SERVER_RETRY_INTERVAL_MIN;
- server->params->retry_interval_max = SILC_SERVER_RETRY_INTERVAL_MAX;
- server->params->retry_keep_trying = FALSE;
- server->params->protocol_timeout = 60;
- server->params->require_reverse_mapping = FALSE;
-
- /* Set log files where log message should be saved. */
- server->config->server = server;
-
+ server->public_key = server->config->server_info->public_key;
+ server->private_key = server->config->server_info->private_key;
+
+ /* Set default to configuration parameters */
+ silc_server_config_set_defaults(server);
+
/* Register all configured ciphers, PKCS and hash functions. */
- if (!silc_server_config_register_ciphers(server->config))
+ if (!silc_server_config_register_ciphers(server))
silc_cipher_register_default();
- if (!silc_server_config_register_pkcs(server->config))
+ if (!silc_server_config_register_pkcs(server))
silc_pkcs_register_default();
- if (!silc_server_config_register_hashfuncs(server->config))
+ if (!silc_server_config_register_hashfuncs(server))
silc_hash_register_default();
- if (!silc_server_config_register_hmacs(server->config))
+ if (!silc_server_config_register_hmacs(server))
silc_hmac_register_default();
/* Initialize random number generator for the server. */
silc_pkcs_public_key_set(server->pkcs, server->public_key);
silc_pkcs_private_key_set(server->pkcs, server->private_key);
- /* Create a listening server. Note that our server can listen on multiple
- ports. All listeners are created here and now. */
- sock_count = 0;
- listen = server->config->listen_port;
- while(listen) {
- int tmp;
-
- tmp = silc_net_create_server(server->config->listen_port->port,
- server->config->listen_port->listener_ip);
-
- if (tmp < 0) {
- SILC_LOG_ERROR(("Could not create server listener: %s on %d",
- server->config->listen_port->listener_ip,
- server->config->listen_port->port));
- goto err0;
- }
-
- sock = silc_realloc(sock, sizeof(*sock) * (sock_count + 1));
- sock[sock_count] = tmp;
- sock_count++;
- listen = listen->next;
+ /* Create a listening server */
+ sock = silc_net_create_server(server->config->server_info->port,
+ server->config->server_info->server_ip);
+ if (sock < 0) {
+ SILC_LOG_ERROR(("Could not create server listener: %s on %hu",
+ server->config->server_info->server_ip,
+ server->config->server_info->port));
+ goto err;
}
/* Initialize ID caches */
- server->local_list->clients =
+ server->local_list->clients =
silc_idcache_alloc(0, SILC_ID_CLIENT, silc_idlist_client_destructor);
server->local_list->servers = silc_idcache_alloc(0, SILC_ID_SERVER, NULL);
server->local_list->channels = silc_idcache_alloc(0, SILC_ID_CHANNEL, NULL);
- /* These are allocated for normal server as well as these hold some
- global information that the server has fetched from its router. For
+ /* These are allocated for normal server as well as these hold some
+ global information that the server has fetched from its router. For
router these are used as they are supposed to be used on router. */
- server->global_list->clients =
+ server->global_list->clients =
silc_idcache_alloc(0, SILC_ID_CLIENT, silc_idlist_client_destructor);
server->global_list->servers = silc_idcache_alloc(0, SILC_ID_SERVER, NULL);
server->global_list->channels = silc_idcache_alloc(0, SILC_ID_CHANNEL, NULL);
- /* Allocate the entire socket list that is used in server. Eventually
- all connections will have entry in this table (it is a table of
- pointers to the actual object that is allocated individually
+ /* Allocate the entire socket list that is used in server. Eventually
+ all connections will have entry in this table (it is a table of
+ pointers to the actual object that is allocated individually
later). */
- server->sockets = silc_calloc(SILC_SERVER_MAX_CONNECTIONS,
+ server->sockets = silc_calloc(server->config->param.connections_max,
sizeof(*server->sockets));
- for (i = 0; i < sock_count; i++) {
+ do {
SilcSocketConnection newsocket = NULL;
/* Set socket to non-blocking mode */
- silc_net_set_socket_nonblock(sock[i]);
- server->sock = sock[i];
-
+ silc_net_set_socket_nonblock(sock);
+ server->sock = sock;
+
/* Add ourselves also to the socket table. The entry allocated above
is sent as argument for fast referencing in the future. */
- silc_socket_alloc(sock[i], SILC_SOCKET_TYPE_SERVER, NULL, &newsocket);
- server->sockets[sock[i]] = newsocket;
-
+ silc_socket_alloc(sock, SILC_SOCKET_TYPE_SERVER, NULL, &newsocket);
+ server->sockets[sock] = newsocket;
+
/* Perform name and address lookups to resolve the listenning address
and port. */
- if (!silc_net_check_local_by_sock(sock[i], &newsocket->hostname,
+ if (!silc_net_check_local_by_sock(sock, &newsocket->hostname,
&newsocket->ip)) {
- if ((server->params->require_reverse_mapping && !newsocket->hostname) ||
+ if ((server->config->require_reverse_lookup && !newsocket->hostname) ||
!newsocket->ip) {
SILC_LOG_ERROR(("IP/DNS lookup failed for local host %s",
newsocket->hostname ? newsocket->hostname :
newsocket->ip ? newsocket->ip : ""));
server->stat.conn_failures++;
- goto err0;
+ goto err;
}
if (!newsocket->hostname)
newsocket->hostname = strdup(newsocket->ip);
}
- newsocket->port = silc_net_get_local_port(sock[i]);
+ newsocket->port = silc_net_get_local_port(sock);
/* Create a Server ID for the server. */
silc_id_create_server_id(newsocket->ip, newsocket->port, server->rng, &id);
if (!id)
- goto err0;
-
+ goto err;
+
server->id = id;
server->id_string = silc_id_id2str(id, SILC_ID_SERVER);
server->id_string_len = silc_id_get_len(id, SILC_ID_SERVER);
server->id_type = SILC_ID_SERVER;
server->server_name = server->config->server_info->server_name;
- /* Add ourselves to the server list. We don't have a router yet
- beacuse we haven't established a route yet. It will be done later.
+ /* Add ourselves to the server list. We don't have a router yet
+ beacuse we haven't established a route yet. It will be done later.
For now, NULL is sent as router. This allocates new entry to
the ID list. */
- id_entry =
+ id_entry =
silc_idlist_add_server(server->local_list,
server->config->server_info->server_name,
server->server_type, server->id, NULL, NULL);
if (!id_entry) {
SILC_LOG_ERROR(("Could not add ourselves to cache"));
- goto err0;
+ goto err;
}
id_entry->data.status |= SILC_IDLIST_STATUS_REGISTERED;
-
- /* Put the allocated socket pointer also to the entry allocated above
+
+ /* Put the allocated socket pointer also to the entry allocated above
for fast back-referencing to the socket list. */
newsocket->user_data = (void *)id_entry;
id_entry->connection = (void *)newsocket;
server->id_entry = id_entry;
- }
+ } while (0);
/* Register protocols */
silc_server_protocols_register();
/* Initialize the scheduler. */
- server->schedule = silc_schedule_init(SILC_SERVER_MAX_CONNECTIONS);
+ server->schedule = silc_schedule_init(server->config->param.connections_max);
if (!server->schedule)
- goto err0;
+ goto err;
/* Add the first task to the scheduler. This is task that is executed by
timeout. It expires as soon as the caller calls silc_server_run. This
task performs authentication protocol and key exchange with our
primary router. */
- silc_schedule_task_add(server->schedule, sock[0],
+ silc_schedule_task_add(server->schedule, sock,
silc_server_connect_to_router,
(void *)server, 0, 1,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
/* Add listener task to the scheduler. This task receives new connections
- to the server. This task remains on the queue until the end of the
+ to the server. This task remains on the queue until the end of the
program. */
- silc_schedule_task_add(server->schedule, sock[0],
+ silc_schedule_task_add(server->schedule, sock,
silc_server_accept_new_connection,
- (void *)server, 0, 0,
+ (void *)server, 0, 0,
SILC_TASK_FD,
SILC_TASK_PRI_NORMAL);
server->listenning = TRUE;
/* Send log file configuration */
- silc_server_config_setlogfiles(server->config, server->schedule);
+ silc_server_config_setlogfiles(server);
/* If server connections has been configured then we must be router as
normal server cannot have server connections, only router connections. */
if (server->config->servers) {
- SilcServerConfigSectionServerConnection *ptr = server->config->servers;
+ SilcServerConfigServer *ptr = server->config->servers;
server->server_type = SILC_ROUTER;
while (ptr) {
purge->cache = server->local_list->clients;
purge->schedule = server->schedule;
purge->timeout = 600;
- silc_schedule_task_add(purge->schedule, 0,
+ silc_schedule_task_add(purge->schedule, 0,
silc_idlist_purge,
(void *)purge, purge->timeout, 0,
SILC_TASK_TIMEOUT, SILC_TASK_PRI_LOW);
purge->cache = server->global_list->clients;
purge->schedule = server->schedule;
purge->timeout = 300;
- silc_schedule_task_add(purge->schedule, 0,
+ silc_schedule_task_add(purge->schedule, 0,
silc_idlist_purge,
(void *)purge, purge->timeout, 0,
SILC_TASK_TIMEOUT, SILC_TASK_PRI_LOW);
/* We are done here, return succesfully */
return TRUE;
- err0:
- for (i = 0; i < sock_count; i++)
- silc_net_close_server(sock[i]);
-
+ err:
+ silc_net_close_server(sock);
return FALSE;
}
struct group *gr;
char *user, *group;
- if (!server->config->identity || !server->config->identity->user ||
- !server->config->identity->group) {
- fprintf(stderr, "Error:"
+ /* Get the values given for user and group in configuration file */
+ user = server->config->server_info->user;
+ group = server->config->server_info->group;
+
+ if (!user || !group) {
+ fprintf(stderr, "Error:" /* XXX update this error message */
"\tSILC server must not be run as root. For the security of your\n"
"\tsystem it is strongly suggested that you run SILC under dedicated\n"
"\tuser account. Modify the [Identity] configuration section to run\n"
exit(1);
}
- /* Get the values given for user and group in configuration file */
- user=server->config->identity->user;
- group=server->config->identity->group;
-
- /* Check whether the user/group information is text */
- if (atoi(user)!=0 || atoi(group)!=0) {
- SILC_LOG_DEBUG(("Invalid user and/or group information"));
- SILC_LOG_DEBUG(("User and/or group given as number"));
+ /* Check whether the user/group does not begin with a number */
+ if (isdigit(user[0]) || isdigit(group[0])) {
+ SILC_LOG_DEBUG(("User and/or group starts with a number"));
fprintf(stderr, "Invalid user and/or group information\n");
fprintf(stderr, "Please assign them as names, not numbers\n");
exit(1);
}
- /* Catch the nasty incident of string "0" returning 0 from atoi */
- if (strcmp("0", user)==0 || strcmp("0", group)==0) {
- SILC_LOG_DEBUG(("User and/or group configured to 0. Unacceptable"));
- fprintf(stderr, "User and/or group configured to 0. Exiting\n");
- exit(1);
- }
-
- if (!(pw=getpwnam(user))) {
- fprintf(stderr, "No such user %s found\n", user);
+ if (!(pw = getpwnam(user))) {
+ fprintf(stderr, "Error: No such user %s found.\n", user);
exit(1);
}
-
- if (!(gr=getgrnam(group))) {
- fprintf(stderr, "No such group %s found\n", group);
+ if (!(gr = getgrnam(group))) {
+ fprintf(stderr, "Error: No such group %s found.\n", group);
exit(1);
}
/* Check whether user and/or group is set to root. If yes, exit
immediately. Otherwise, setgid and setuid server to user.group */
- if (gr->gr_gid==0 || pw->pw_uid==0) {
+ if ((gr->gr_gid == 0) || (pw->pw_uid == 0)) {
fprintf(stderr, "Error:"
"\tSILC server must not be run as root. For the security of your\n"
"\tsystem it is strongly suggested that you run SILC under dedicated\n"
"\tuser account. Modify the [Identity] configuration section to run\n"
"\tthe server as non-root user.\n");
exit(1);
- } else {
- SILC_LOG_DEBUG(("Changing to group %s", group));
- if (setgid(gr->gr_gid)==0) {
- SILC_LOG_DEBUG(("Setgid to %s", group));
- } else {
- SILC_LOG_DEBUG(("Setgid to %s failed", group));
- fprintf(stderr, "Tried to setgid %s but no such group. Exiting\n",
- group);
- exit(1);
- }
+ }
+
+ SILC_LOG_DEBUG(("Changing to group %s (gid=%u)", group, gr->gr_gid));
+ if (setgid(gr->gr_gid) != 0) {
+ fprintf(stderr, "Error: Failed setgid() to %s (gid=%u). Exiting.\n",
+ group, gr->gr_gid);
+ exit(1);
+ }
#if defined HAVE_SETGROUPS && defined HAVE_INITGROUPS
- if (setgroups(0, NULL)!=0) {
- SILC_LOG_DEBUG(("Setgroups to NULL failed"));
- fprintf(stderr, "Tried to setgroups NULL but failed. Exiting\n");
- exit(1);
- }
- if (initgroups(user, gr->gr_gid)!=0) {
- SILC_LOG_DEBUG(("Initgroups to user %s (gid=%d) failed", user, gr->gr_gid));
- fprintf(stderr, "Tried to initgroups %s (gid=%d) but no such user. Exiting\n",
- user, gr->gr_gid);
- exit(1);
- }
+ SILC_LOG_DEBUG(("Removing supplementary groups"));
+ if (setgroups(0, NULL) != 0) {
+ fprintf(stderr, "Error: Failed setgroups() to NULL. Exiting.\n");
+ exit(1);
+ }
+ SILC_LOG_DEBUG(("Setting supplementary groups for user %s", user));
+ if (initgroups(user, gr->gr_gid) != 0) {
+ fprintf(stderr, "Error: Failed initgroups() for user %s (gid=%u). "
+ "Exiting.\n", user, gr->gr_gid);
+ exit(1);
+ }
#endif
- SILC_LOG_DEBUG(("Changing to user %s", user));
- if (setuid(pw->pw_uid)==0) {
- SILC_LOG_DEBUG(("Setuid to %s", user));
- } else {
- SILC_LOG_DEBUG(("Setuid to %s failed", user));
- fprintf(stderr, "Tried to setuid %s but no such user. Exiting\n",
- user);
- exit(1);
- }
+ SILC_LOG_DEBUG(("Changing to user %s (uid=%u)", user, pw->pw_uid));
+ if (setuid(pw->pw_uid) != 0) {
+ fprintf(stderr, "Error: Failed to setuid() to %s (gid=%u). Exiting.\n",
+ user, pw->pw_uid);
+ exit(1);
}
}
}
-/* The heart of the server. This runs the scheduler thus runs the server.
+/* The heart of the server. This runs the scheduler thus runs the server.
When this returns the server has been stopped and the program will
be terminated. */
silc_schedule(server->schedule);
}
-/* Stops the SILC server. This function is used to shutdown the server.
- This is usually called after the scheduler has returned. After stopping
+/* Stops the SILC server. This function is used to shutdown the server.
+ This is usually called after the scheduler has returned. After stopping
the server one should call silc_server_free. */
void silc_server_stop(SilcServer server)
SilcSocketConnection newsocket;
SilcProtocol protocol;
SilcServerKEInternalContext *proto_ctx;
+ SilcServerConfigRouter *conn = sconn->conn;
void *context;
/* Cancel any possible retry timeouts */
proto_ctx->sock = newsocket;
proto_ctx->rng = server->rng;
proto_ctx->responder = FALSE;
-
+
+ /* Set Key Exchange flags from configuration, but fall back to global
+ settings too. */
+ SILC_GET_SKE_FLAGS(conn, proto_ctx);
+ if (server->config->param.key_exchange_pfs)
+ proto_ctx->flags |= SILC_SKE_SP_FLAG_PFS;
+
/* Perform key exchange protocol. silc_server_connect_to_router_second
will be called after the protocol is finished. */
silc_protocol_alloc(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
is not executed within set limit. */
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock,
- silc_server_timeout_remote,
- server, server->params->protocol_timeout,
- server->params->protocol_timeout_usec,
- SILC_TASK_TIMEOUT,
- SILC_TASK_PRI_LOW);
+ silc_server_timeout_remote,
+ server, server->config->key_exchange_timeout, 0,
+ SILC_TASK_TIMEOUT,
+ SILC_TASK_PRI_LOW);
/* Register the connection for network input and output. This sets
that scheduler will listen for incoming packets for this connection
- and sets that outgoing packets may be sent to this connection as
+ and sets that outgoing packets may be sent to this connection as
well. However, this doesn't set the scheduler for outgoing traffic,
it will be set separately by calling SILC_SET_CONNECTION_FOR_OUTPUT,
later when outgoing data is available. */
context = (void *)server;
SILC_REGISTER_CONNECTION_FOR_IO(sock);
-
+
/* Run the protocol */
silc_protocol_execute(protocol, server->schedule, 0, 0);
}
{
SilcServerConnection sconn = (SilcServerConnection)context;
SilcServer server = sconn->server;
+ SilcServerConfigConnParams *param =
+ (sconn->param ? sconn->param : &server->config->param);
SILC_LOG_INFO(("Retrying connecting to a router"));
/* Calculate next timeout */
if (sconn->retry_count >= 1) {
sconn->retry_timeout = sconn->retry_timeout * SILC_SERVER_RETRY_MULTIPLIER;
- if (sconn->retry_timeout > SILC_SERVER_RETRY_INTERVAL_MAX)
- sconn->retry_timeout = SILC_SERVER_RETRY_INTERVAL_MAX;
+ if (sconn->retry_timeout > param->reconnect_interval_max)
+ sconn->retry_timeout = param->reconnect_interval_max;
} else {
- sconn->retry_timeout = server->params->retry_interval_min;
+ sconn->retry_timeout = param->reconnect_interval;
}
sconn->retry_count++;
sconn->retry_timeout = sconn->retry_timeout +
silc_rng_get_rn32(server->rng) % SILC_SERVER_RETRY_RANDOMIZER;
/* If we've reached max retry count, give up. */
- if (sconn->retry_count > server->params->retry_count &&
- server->params->retry_keep_trying == FALSE) {
+ if (sconn->retry_count > param->reconnect_count &&
+ param->reconnect_keep_trying == FALSE) {
SILC_LOG_ERROR(("Could not connect to router, giving up"));
silc_free(sconn->remote_host);
silc_free(sconn);
/* Wait one before retrying */
silc_schedule_task_add(server->schedule, fd, silc_server_connect_router,
- context, sconn->retry_timeout,
- server->params->retry_interval_min_usec,
+ context, sconn->retry_timeout, 0,
SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL);
}
/* Generic routine to use connect to a router. */
SILC_TASK_CALLBACK(silc_server_connect_router)
-{
+{
SilcServerConnection sconn = (SilcServerConnection)context;
SilcServer server = sconn->server;
int sock;
(sconn->backup ? "backup router" : "router"),
sconn->remote_host, sconn->remote_port));
- server->router_connect = time(0);
+ server->router_connect = time(NULL);
/* Connect to remote host */
- sock = silc_net_create_connection(server->config->listen_port->local_ip,
+ sock = silc_net_create_connection(server->config->server_info->server_ip,
sconn->remote_port,
sconn->remote_host);
if (sock < 0) {
SILC_LOG_ERROR(("Could not connect to router %s:%d",
sconn->remote_host, sconn->remote_port));
if (!sconn->no_reconnect)
- silc_schedule_task_add(server->schedule, fd,
+ silc_schedule_task_add(server->schedule, fd,
silc_server_connect_to_router_retry,
- context, 0, 1, SILC_TASK_TIMEOUT,
+ context, 0, 1, SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
return;
}
{
SilcServer server = (SilcServer)context;
SilcServerConnection sconn;
- SilcServerConfigSectionServerConnection *ptr;
+ SilcServerConfigRouter *ptr;
SILC_LOG_DEBUG(("Connecting to router(s)"));
if (!server->router_conn && !sconn->backup)
server->router_conn = sconn;
+ sconn->conn = ptr;
+ sconn->param = ptr->param;
+
silc_schedule_task_add(server->schedule, fd,
silc_server_connect_router,
(void *)sconn, 0, 1, SILC_TASK_TIMEOUT,
SilcServerConnection sconn = (SilcServerConnection)ctx->context;
SilcSocketConnection sock = ctx->sock;
SilcServerConnAuthInternalContext *proto_ctx;
- SilcServerConfigSectionServerConnection *conn = NULL;
+ SilcServerConfigRouter *conn = NULL;
SILC_LOG_DEBUG(("Start"));
/* Resolve the authentication method used in this connection. Check if
we find a match from user configured connections */
- conn = silc_server_config_find_router_conn(server->config,
- sock->hostname,
- sock->port);
+ if (!sconn->conn)
+ conn = silc_server_config_find_router_conn(server, sock->hostname,
+ sock->port);
+ else
+ conn = sconn->conn;
+
if (conn) {
/* Match found. Use the configured authentication method */
- proto_ctx->auth_meth = conn->auth_meth;
- if (conn->auth_data) {
- proto_ctx->auth_data = strdup(conn->auth_data);
- proto_ctx->auth_data_len = strlen(conn->auth_data);
+ if (conn->passphrase) {
+ if (conn->publickey && !server->config->prefer_passphrase_auth) {
+ proto_ctx->auth_data = conn->publickey;
+ proto_ctx->auth_data_len = 0;
+ proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
+ } else {
+ proto_ctx->auth_data = strdup(conn->passphrase);
+ proto_ctx->auth_data_len = strlen(conn->passphrase);
+ proto_ctx->auth_meth = SILC_AUTH_PASSWORD;
+ }
+ } else if (conn->publickey) {
+ proto_ctx->auth_data = conn->publickey;
+ proto_ctx->auth_data_len = 0;
+ proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
+ } else {
+ proto_ctx->auth_meth = SILC_AUTH_NONE;
}
} else {
SILC_LOG_ERROR(("Could not find connection data for %s (%s) on port",
silc_server_connect_to_router_final);
/* Register timeout task. If the protocol is not executed inside
- this timelimit the connection will be terminated. Currently
- this is 15 seconds and is hard coded limit (XXX). */
- proto_ctx->timeout_task =
- silc_schedule_task_add(server->schedule, sock->sock,
- silc_server_timeout_remote,
- (void *)server, 15, 0,
- SILC_TASK_TIMEOUT,
- SILC_TASK_PRI_LOW);
+ this timelimit the connection will be terminated. */
+ proto_ctx->timeout_task =
+ silc_schedule_task_add(server->schedule, sock->sock,
+ silc_server_timeout_remote,
+ (void *)server,
+ server->config->conn_auth_timeout, 0,
+ SILC_TASK_TIMEOUT,
+ SILC_TASK_PRI_LOW);
/* Run the protocol */
silc_protocol_execute(sock->protocol, server->schedule, 0, 0);
SILC_TASK_CALLBACK(silc_server_connect_to_router_final)
{
SilcProtocol protocol = (SilcProtocol)context;
- SilcServerConnAuthInternalContext *ctx =
+ SilcServerConnAuthInternalContext *ctx =
(SilcServerConnAuthInternalContext *)protocol->context;
SilcServer server = (SilcServer)ctx->server;
SilcServerConnection sconn = (SilcServerConnection)ctx->context;
unsigned char *id_string;
uint32 id_len;
SilcIDListData idata;
+ SilcServerConfigConnParams *param;
SILC_LOG_DEBUG(("Start"));
goto out;
}
- /* Add a task to the queue. This task receives new connections to the
+ /* Add a task to the queue. This task receives new connections to the
server. This task remains on the queue until the end of the program. */
if (!server->listenning && !sconn->backup) {
- silc_schedule_task_add(server->schedule, server->sock,
+ silc_schedule_task_add(server->schedule, server->sock,
silc_server_accept_new_connection,
- (void *)server, 0, 0,
+ (void *)server, 0, 0,
SILC_TASK_FD,
SILC_TASK_PRI_NORMAL);
server->listenning = TRUE;
idata = (SilcIDListData)sock->user_data;
idata->status |= SILC_IDLIST_STATUS_REGISTERED;
+ param = (sconn->param ? sconn->param : &server->config->param);
+
/* Perform keepalive. The `hb_context' will be freed automatically
- when finally calling the silc_socket_free function. XXX hardcoded
- timeout!! */
+ when finally calling the silc_socket_free function. */
hb_context = silc_calloc(1, sizeof(*hb_context));
hb_context->server = server;
- silc_socket_set_heartbeat(sock, 300, hb_context,
+ silc_socket_set_heartbeat(sock, param->keepalive_secs, hb_context,
silc_server_perform_heartbeat,
server->schedule);
/* Register re-key timeout */
- idata->rekey->timeout = 3600; /* XXX hardcoded */
+ idata->rekey->timeout = param->key_exchange_rekey;
idata->rekey->context = (void *)server;
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_rekey_callback,
silc_packet_context_free(ctx->packet);
if (ctx->ske)
silc_ske_free(ctx->ske);
- silc_free(ctx->auth_data);
+ if (ctx->auth_meth == SILC_AUTH_PASSWORD)
+ silc_free(ctx->auth_data);
silc_free(ctx);
}
{
SilcServer server = (SilcServer)context;
SilcServerKEInternalContext *proto_ctx;
- void *cconfig, *sconfig, *rconfig;
- SilcServerConfigSectionDenyConnection *deny;
+ SilcServerConfigClient *cconfig = NULL;
+ SilcServerConfigServer *sconfig = NULL;
+ SilcServerConfigRouter *rconfig = NULL;
+ SilcServerConfigDeny *deny;
int port;
SILC_LOG_DEBUG(("Start"));
/* Check whether we could resolve both IP and FQDN. */
if (!sock->ip || (!strcmp(sock->ip, sock->hostname) &&
- server->params->require_reverse_mapping)) {
+ server->config->require_reverse_lookup)) {
SILC_LOG_ERROR(("IP/DNS lookup failed %s",
sock->hostname ? sock->hostname :
sock->ip ? sock->ip : ""));
port = server->sockets[server->sock]->port; /* Listenning port */
/* Check whether this connection is denied to connect to us. */
- deny = silc_server_config_denied_conn(server->config, sock->ip, port);
+ deny = silc_server_config_find_denied(server, sock->ip);
if (!deny)
- deny = silc_server_config_denied_conn(server->config, sock->hostname,
- port);
+ deny = silc_server_config_find_denied(server, sock->hostname);
if (deny) {
/* The connection is denied */
SILC_LOG_INFO(("Connection %s (%s) is denied",
sock->hostname, sock->ip));
- silc_server_disconnect_remote(server, sock, deny->comment ?
- deny->comment :
+ silc_server_disconnect_remote(server, sock, deny->reason ?
+ deny->reason :
"Server closed connection: "
"Connection refused");
server->stat.conn_failures++;
/* Check whether we have configred this sort of connection at all. We
have to check all configurations since we don't know what type of
connection this is. */
- if (!(cconfig = silc_server_config_find_client_conn(server->config,
- sock->ip, port)))
- cconfig = silc_server_config_find_client_conn(server->config,
- sock->hostname,
- port);
- if (!(sconfig = silc_server_config_find_server_conn(server->config,
- sock->ip,
- port)))
- sconfig = silc_server_config_find_server_conn(server->config,
- sock->hostname,
- port);
- if (!(rconfig = silc_server_config_find_router_conn(server->config,
- sock->ip, port)))
- rconfig = silc_server_config_find_router_conn(server->config,
- sock->hostname,
- port);
+ if (!(cconfig = silc_server_config_find_client(server, sock->ip)))
+ cconfig = silc_server_config_find_client(server, sock->hostname);
+ if (!(sconfig = silc_server_config_find_server_conn(server, sock->ip)))
+ sconfig = silc_server_config_find_server_conn(server, sock->hostname);
+ if (server->server_type == SILC_ROUTER) {
+ if (!(rconfig = silc_server_config_find_router_conn(server,
+ sock->ip, port)))
+ rconfig = silc_server_config_find_router_conn(server, sock->hostname,
+ sock->port);
+ }
if (!cconfig && !sconfig && !rconfig) {
- SILC_LOG_INFO(("Connection %s (%s) is not allowed",
- sock->hostname, sock->ip));
+ SILC_LOG_INFO(("Connection %s (%s) is not allowed", sock->hostname,
+ sock->ip));
silc_server_disconnect_remote(server, sock,
"Server closed connection: "
"Connection refused");
proto_ctx->sconfig = sconfig;
proto_ctx->rconfig = rconfig;
+ /* Take flags for key exchange. Since we do not know what type of connection
+ this is, we go through all found configuratios and use the global ones
+ as well. This will result always into strictest key exchange flags. */
+ SILC_GET_SKE_FLAGS(cconfig, proto_ctx);
+ SILC_GET_SKE_FLAGS(sconfig, proto_ctx);
+ SILC_GET_SKE_FLAGS(rconfig, proto_ctx);
+ if (server->config->param.key_exchange_pfs)
+ proto_ctx->flags |= SILC_SKE_SP_FLAG_PFS;
+
/* Prepare the connection for key exchange protocol. We allocate the
protocol but will not start it yet. The connector will be the
initiator of the protocol thus we will wait for initiation from
silc_server_accept_new_connection_second);
/* Register a timeout task that will be executed if the connector
- will not start the key exchange protocol within 60 seconds. For
- now, this is a hard coded limit. After 60 secs the connection will
- be closed if the key exchange protocol has not been started. */
+ will not start the key exchange protocol within specified timeout
+ and the connection will be closed. */
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_timeout_remote,
- context, 60, 0,
+ context, server->config->key_exchange_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
}
return;
}
- /* Check max connections */
- if (sock > SILC_SERVER_MAX_CONNECTIONS) {
- SILC_LOG_ERROR(("Refusing connection, server is full"));
+ /* Check for maximum allowed connections */
+ if (sock > server->config->param.connections_max) {
+ SILC_LOG_ERROR(("Refusing connection, server is full, try again later"));
server->stat.conn_failures++;
return;
- }
+ }
/* Set socket options */
silc_net_set_socket_nonblock(sock);
silc_server_accept_new_connection_final);
/* Register timeout task. If the protocol is not executed inside
- this timelimit the connection will be terminated. Currently
- this is 60 seconds and is hard coded limit (XXX). */
+ this timelimit the connection will be terminated. */
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_timeout_remote,
- (void *)server, 60, 0,
+ (void *)server,
+ server->config->conn_auth_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
}
SilcServerHBContext hb_context;
SilcUnknownEntry entry = (SilcUnknownEntry)sock->user_data;
void *id_entry;
+ uint32 hearbeat_timeout = server->config->param.keepalive_secs;
+ uint32 num_sockets;
SILC_LOG_DEBUG(("Start"));
entry->data.last_receive = time(NULL);
+ num_sockets = silc_server_num_sockets_by_ip(server, sock->ip);
+
switch (ctx->conn_type) {
case SILC_SOCKET_TYPE_CLIENT:
{
SilcClientEntry client;
+ SilcServerConfigClient *conn = ctx->cconfig;
+ uint32 max_per_host = server->config->param.connections_max_per_host;
+
+ /* Check for maximum connections limit */
+ if (conn->param) {
+ if (conn->param->connections_max &&
+ server->stat.my_clients >= conn->param->connections_max) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+
+ max_per_host = conn->param->connections_max_per_host;
+ }
+
+ if (num_sockets > max_per_host) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Too many connections from your host");
+ server->stat.auth_failures++;
+ goto out;
+ }
SILC_LOG_DEBUG(("Remote host is client"));
SILC_LOG_INFO(("Connection from %s (%s) is client", sock->hostname,
if (server->server_type == SILC_ROUTER)
server->stat.cell_clients++;
+ /* Get connection parameters */
+ if (conn->param) {
+ if (conn->param->keepalive_secs)
+ hearbeat_timeout = conn->param->keepalive_secs;
+ }
+
id_entry = (void *)client;
break;
}
case SILC_SOCKET_TYPE_ROUTER:
{
SilcServerEntry new_server;
- SilcServerConfigSectionServerConnection *conn =
- ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
- ctx->sconfig : ctx->rconfig;
+ bool initiator = FALSE;
+ bool backup_local = FALSE;
+ bool backup_router = FALSE;
+ char *backup_replace_ip = NULL;
+ uint16 backup_replace_port = 0;
+ SilcServerConfigServer *sconn = ctx->sconfig;
+ SilcServerConfigRouter *rconn = ctx->rconfig;
+ uint32 max_per_host = server->config->param.connections_max_per_host;
+
+ if (ctx->conn_type == SILC_SOCKET_TYPE_ROUTER && rconn) {
+ if (rconn->param) {
+ /* Check for maximum connections limit */
+ if (rconn->param->connections_max &&
+ server->stat.my_routers >= rconn->param->connections_max) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+ max_per_host = rconn->param->connections_max_per_host;
+
+ if (rconn->param->keepalive_secs)
+ hearbeat_timeout = rconn->param->keepalive_secs;
+ }
+
+ initiator = rconn->initiator;
+ backup_local = rconn->backup_local;
+ backup_router = rconn->backup_router;
+ backup_replace_ip = rconn->backup_replace_ip;
+ backup_replace_port = rconn->backup_replace_port;
+ }
+
+ if (ctx->conn_type == SILC_SOCKET_TYPE_SERVER && sconn) {
+ if (sconn->param) {
+ /* Check for maximum connections limit */
+ if (sconn->param->connections_max &&
+ server->stat.my_servers >= sconn->param->connections_max) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+ max_per_host = sconn->param->connections_max_per_host;
+
+ if (sconn->param->keepalive_secs)
+ hearbeat_timeout = sconn->param->keepalive_secs;
+ }
+
+ backup_router = sconn->backup_router;
+ }
+
+ if (num_sockets > max_per_host) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Too many connections from your host");
+ server->stat.auth_failures++;
+ goto out;
+ }
SILC_LOG_DEBUG(("Remote host is %s",
ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
- "server" : (conn->backup_router ?
+ "server" : (backup_router ?
"backup router" : "router")));
SILC_LOG_INFO(("Connection from %s (%s) is %s", sock->hostname,
sock->ip, ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
- "server" : (conn->backup_router ?
+ "server" : (backup_router ?
"backup router" : "router")));
/* Add the server into server cache. The server name and Server ID
are router. */
new_server =
silc_idlist_add_server((ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
- server->local_list : (conn->backup_router ?
+ server->local_list : (backup_router ?
server->local_list :
server->global_list)),
NULL,
SILC_SERVER : SILC_ROUTER),
NULL,
(ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
- server->id_entry : (conn->backup_router ?
+ server->id_entry : (backup_router ?
server->id_entry : NULL)),
sock);
if (!new_server) {
/* If the incoming connection is router and marked as backup router
then add it to be one of our backups */
- if (ctx->conn_type == SILC_SOCKET_TYPE_ROUTER && conn->backup_router) {
- silc_server_backup_add(server, new_server, conn->backup_replace_ip,
- conn->backup_replace_port, conn->backup_local);
+ if (ctx->conn_type == SILC_SOCKET_TYPE_ROUTER && backup_router) {
+ silc_server_backup_add(server, new_server, backup_replace_ip,
+ backup_replace_port, backup_local);
/* Change it back to SERVER type since that's what it really is. */
- if (conn->backup_local)
+ if (backup_local)
ctx->conn_type = SILC_SOCKET_TYPE_SERVER;
new_server->server_type = SILC_BACKUP_ROUTER;
/* Check whether this connection is to be our primary router connection
if we do not already have the primary route. */
if (server->standalone && ctx->conn_type == SILC_SOCKET_TYPE_ROUTER) {
- if (silc_server_config_is_primary_route(server->config) &&
- !conn->initiator)
+ if (silc_server_config_is_primary_route(server) && !initiator)
break;
SILC_LOG_DEBUG(("We are not standalone server anymore"));
SILC_LOG_DEBUG(("New connection authenticated"));
/* Perform keepalive. The `hb_context' will be freed automatically
- when finally calling the silc_socket_free function. XXX hardcoded
- timeout!! */
+ when finally calling the silc_socket_free function. */
hb_context = silc_calloc(1, sizeof(*hb_context));
hb_context->server = server;
- silc_socket_set_heartbeat(sock, 400, hb_context,
+ silc_socket_set_heartbeat(sock, hearbeat_timeout, hb_context,
silc_server_perform_heartbeat,
server->schedule);
sconn->remote_host = strdup(remote_host);
sconn->remote_port = port;
sconn->no_reconnect = TRUE;
+ sconn->param = &server->config->param;
silc_schedule_task_add(server->schedule, 0,
silc_server_connect_router,
/* Remove client from channel's client list */
silc_hash_table_del(channel->user_list, chl->client);
+ channel->user_count--;
/* If there is no global users on the channel anymore mark the channel
as local channel. Do not check if the removed client is local client. */
while (silc_hash_table_get(&htl2, NULL, (void *)&chl2)) {
silc_hash_table_del(chl2->client->channels, channel);
silc_hash_table_del(channel->user_list, chl2->client);
+ channel->user_count--;
silc_free(chl2);
}
+ silc_hash_table_list_reset(&htl2);
continue;
}
if (keygen && !(channel->mode & SILC_CHANNEL_MODE_PRIVKEY)) {
/* Re-generate channel key */
if (!silc_server_create_channel_key(server, channel, 0))
- return;
+ goto out;
/* Send the channel key to the channel. The key of course is not sent
to the client who was removed from the channel. */
}
}
+ out:
+ silc_hash_table_list_reset(&htl);
silc_buffer_free(clidp);
}
/* Remove client from channel's client list */
silc_hash_table_del(channel->user_list, chl->client);
+ channel->user_count--;
/* If there is no global users on the channel anymore mark the channel
as local channel. Do not check if the client is local client. */
while (silc_hash_table_get(&htl2, NULL, (void *)&chl2)) {
silc_hash_table_del(chl2->client->channels, channel);
silc_hash_table_del(channel->user_list, chl2->client);
+ channel->user_count--;
silc_free(chl2);
}
+ silc_hash_table_list_reset(&htl2);
return FALSE;
}
/* Save the key */
channel->key_len = len * 8;
- channel->key = silc_calloc(len, sizeof(*channel->key));
- memcpy(channel->key, channel_key, len);
+ channel->key = silc_memdup(channel_key, len);
memset(channel_key, 0, sizeof(channel_key));
/* Generate HMAC key from the channel key data and set it */
channel->rekey->task =
silc_schedule_task_add(server->schedule, 0,
silc_server_channel_key_rekey,
- (void *)channel->rekey, 36, 0,
+ (void *)channel->rekey,
+ server->config->channel_rekey_secs, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
}
/* Save the key */
channel->key_len = tmp_len * 8;
- channel->key = silc_calloc(tmp_len, sizeof(unsigned char));
- memcpy(channel->key, tmp, tmp_len);
+ channel->key = silc_memdup(tmp, tmp_len);
silc_cipher_set_key(channel->channel_key, tmp, channel->key_len);
/* Generate HMAC key from the channel key data and set it */
channel->rekey->task =
silc_schedule_task_add(server->schedule, 0,
silc_server_channel_key_rekey,
- (void *)channel->rekey, 36, 0,
+ (void *)channel->rekey,
+ server->config->channel_rekey_secs, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
}
silc_buffer_free(clidp);
}
+ silc_hash_table_list_reset(&htl);
silc_buffer_free(chidp);
}
silc_hash_table_list(channel->user_list, &htl);
while (silc_hash_table_get(&htl, NULL, (void *)&chl))
len += (silc_id_get_len(chl->client->id, SILC_ID_CLIENT) + 4);
+ silc_hash_table_list_reset(&htl);
client_id_list = silc_buffer_alloc(len);
client_mode_list =
list_count++;
}
+ silc_hash_table_list_reset(&htl);
silc_buffer_push(client_id_list,
client_id_list->data - client_id_list->head);
silc_buffer_push(client_mode_list,
chl->channel = channel;
silc_hash_table_add(channel->user_list, chl->client, chl);
silc_hash_table_add(client->channels, chl->channel, chl);
+ channel->user_count++;
}
}
}
silc_buffer_pull(buffer, len);
silc_free(cid);
}
+ silc_hash_table_list_reset(&htl);
if (buffer)
silc_buffer_push(buffer, buffer->data - buffer->head);
projects / silc.git / blobdiff