Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2005 Pekka Riikonen
+ Copyright (C) 2005 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
struct SilcConnAuthStruct {
SilcSKE ske;
SilcFSM fsm;
+ SilcAsyncOperationStruct op;
SilcConnectionType conn_type;
SilcAuthMethod auth_method;
void *auth_data;
/* Compute signature */
if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth),
- *auth_data, len, auth_data_len, ske->prop->hash)) {
+ *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) {
silc_free(*auth_data);
silc_buffer_free(auth);
return FALSE;
connauth->timeout_secs = timeout_secs;
connauth->ske = ske;
+ ske->refcnt++;
return connauth;
}
{
if (connauth->public_keys)
silc_dlist_uninit(connauth->public_keys);
+
+ /* Free reference */
+ silc_ske_free(connauth->ske);
+
silc_free(connauth);
}
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Start timeout */
if (!auth_data) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
auth_data_len = connauth->auth_data_len;
flags = SILC_PACKET_FLAG_LONG_PAD;
if (!silc_connauth_get_signature(connauth, &auth_data, &auth_data_len)) {
/** Error computing signature */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
break;
}
if (!packet) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_buffer_format(packet,
flags, packet->data, silc_buffer_len(packet))) {
/** Error sending packet */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (auth_data) {
/** Wait for responder */
silc_fsm_next(fsm, silc_connauth_st_initiator_result);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
SILC_FSM_STATE(silc_connauth_st_initiator_result)
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Check the status of authentication */
SILC_LOG_DEBUG(("Authentication successful"));
connauth->success = TRUE;
} else {
- SILC_LOG_DEBUG(("Authentication failed"));
+ SILC_LOG_DEBUG(("Authentication failed, packet %s received",
+ silc_get_packet_name(connauth->packet->type)));
connauth->success = FALSE;
}
silc_packet_free(connauth->packet);
/* Call completion callback */
connauth->completion(connauth, connauth->success, connauth->context);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SILC_FSM_STATE(silc_connauth_st_initiator_failure)
SILC_LOG_DEBUG(("Start"));
- /* Send FAILURE packet */
- SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
- silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
+ if (!connauth->aborted) {
+ /* Send FAILURE packet */
+ SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
+ silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
- /* Call completion callback */
- connauth->completion(connauth, FALSE, connauth->context);
+ silc_packet_stream_unlink(connauth->ske->stream,
+ &silc_connauth_stream_cbs, connauth);
+ silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
+ /* Call completion callback */
+ connauth->completion(connauth, FALSE, connauth->context);
+ return SILC_FSM_FINISH;
+ }
silc_packet_stream_unlink(connauth->ske->stream,
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SilcAsyncOperation
SilcConnAuthCompletion completion,
void *context)
{
- SilcAsyncOperation op;
-
SILC_LOG_DEBUG(("Connection authentication as initiator"));
if (auth_method == SILC_AUTH_PASSWORD && !auth_data) {
SILC_PACKET_FAILURE, -1);
/* Start the protocol */
- op = silc_async_alloc(silc_connauth_abort, NULL, connauth);
+ silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start);
- return op;
+ return &connauth->op;
}
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Start timeout */
/** Wait for initiator */
silc_fsm_next(fsm, silc_connauth_st_responder_authenticate);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
if (connauth->aborted) {
/** Aborted */
- silc_packet_free(connauth->packet);
+ if (connauth->packet)
+ silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (connauth->packet->type != SILC_PACKET_CONNECTION_AUTH) {
/** Protocol failure */
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Parse the received authentication data packet. The received
SILC_LOG_ERROR(("Bad payload in authentication packet"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (payload_len != silc_buffer_len(&connauth->packet->buffer)) {
SILC_LOG_ERROR(("Bad payload length in authentication packet"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
payload_len -= 4;
conn_type));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (payload_len > 0) {
SILC_LOG_DEBUG(("Bad payload in authentication payload"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
}
silc_packet_free(connauth->packet);
/** Connection not configured */
SILC_LOG_ERROR(("Remote connection not configured"));
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Verify */
/* Passphrase authentication */
if (passphrase && passphrase_len) {
SILC_LOG_DEBUG(("Passphrase authentication"));
- if (!memcmp(auth_data, passphrase, passphrase_len)) {
+ if (!auth_data || payload_len != passphrase_len ||
+ memcmp(auth_data, passphrase, passphrase_len)) {
/** Authentication failed */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
} else if (repository) {
/* Digital signature */
SILC_LOG_DEBUG(("Digital signature authentication"));
+ if (!auth_data) {
+ /** Authentication failed */
+ silc_fsm_next(fsm, silc_connauth_st_responder_failure);
+ return SILC_FSM_CONTINUE;
+ }
+
connauth->auth_data = silc_memdup(auth_data, payload_len);
connauth->auth_data_len = payload_len;
if (!find || !connauth->auth_data) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_skr_find_set_pkcs_type(find, connauth->ske->pk_type);
/** Find public key */
silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk);
- SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback,
+ SILC_FSM_CALL(silc_skr_find(repository, silc_fsm_get_schedule(fsm),
+ find, silc_connauth_skr_callback,
connauth));
/* NOT REACHED */
}
/** Authentication successful */
silc_fsm_next(fsm, silc_connauth_st_responder_success);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk)
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (connauth->skr_status != SILC_SKR_OK) {
/** Public key not found */
SILC_LOG_DEBUG(("Public key not found, error %d", connauth->skr_status));
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_LOG_DEBUG(("Found %d public keys",
SILC_LOG_DEBUG(("Invalid signature"));
silc_free(connauth->auth_data);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_free(connauth->auth_data);
/** Authentication successful */
silc_fsm_next(fsm, silc_connauth_st_responder_success);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_FSM_STATE(silc_connauth_st_responder_success)
SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
- /* Call completion callback */
- connauth->completion(connauth, TRUE, connauth->context);
-
silc_packet_stream_unlink(connauth->ske->stream,
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ /* Call completion callback */
+ connauth->completion(connauth, TRUE, connauth->context);
+
+ return SILC_FSM_FINISH;
}
SILC_FSM_STATE(silc_connauth_st_responder_failure)
SILC_LOG_ERROR(("Authentication failed"));
- /* Send FAILURE packet */
- SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
- silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
+ if (!connauth->aborted) {
+ /* Send FAILURE packet */
+ SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
+ silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
- /* Call completion callback */
- connauth->completion(connauth, FALSE, connauth->context);
+ silc_packet_stream_unlink(connauth->ske->stream,
+ &silc_connauth_stream_cbs, connauth);
+ silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
+ /* Call completion callback */
+ connauth->completion(connauth, FALSE, connauth->context);
+
+ return SILC_FSM_FINISH;
+ }
silc_packet_stream_unlink(connauth->ske->stream,
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SilcAsyncOperation
SilcConnAuthCompletion completion,
void *context)
{
- SilcAsyncOperation op;
-
SILC_LOG_DEBUG(("Connection authentication as responder"));
connauth->get_auth_data = get_auth_data;
SILC_PACKET_FAILURE, -1);
/* Start the protocol */
- op = silc_async_alloc(silc_connauth_abort, NULL, connauth);
+ silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start);
- return op;
+ return &connauth->op;
}
projects / silc.git / blobdiff