Merged silc_1_1_branch to trunk.

[silc.git] / lib / silcske / silcconnauth.c

diff --git a/lib/silcske/silcconnauth.c b/lib/silcske/silcconnauth.c
index b5e59ab53af9cf37539b2763d1471f2555f23b0d..c3799a8187ead72e327813bf6c7e6b76fb8bf84b 100644 (file)
--- a/lib/silcske/silcconnauth.c
+++ b/lib/silcske/silcconnauth.c
@@ -227,6 +227,7 @@ SilcConnAuth silc_connauth_alloc(SilcSchedule schedule,
 
   connauth->timeout_secs = timeout_secs;
   connauth->ske = ske;
+  ske->refcnt++;
 
   return connauth;
 }
@@ -237,6 +238,10 @@ void silc_connauth_free(SilcConnAuth connauth)
 {
   if (connauth->public_keys)
     silc_dlist_uninit(connauth->public_keys);
+
+  /* Free reference */
+  silc_ske_free(connauth->ske);
+
   silc_free(connauth);
 }
 
@@ -352,7 +357,8 @@ SILC_FSM_STATE(silc_connauth_st_initiator_result)
     SILC_LOG_DEBUG(("Authentication successful"));
     connauth->success = TRUE;
   } else {
-    SILC_LOG_DEBUG(("Authentication failed"));
+    SILC_LOG_DEBUG(("Authentication failed, packet %s received",
+                   silc_get_packet_name(connauth->packet->type)));
     connauth->success = FALSE;
   }
   silc_packet_free(connauth->packet);
@@ -374,12 +380,19 @@ SILC_FSM_STATE(silc_connauth_st_initiator_failure)
 
   SILC_LOG_DEBUG(("Start"));
 
-  /* Send FAILURE packet */
-  SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
-  silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
+  if (!connauth->aborted) {
+    /* Send FAILURE packet */
+    SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
+    silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 
-  /* Call completion callback */
-  connauth->completion(connauth, FALSE, connauth->context);
+    silc_packet_stream_unlink(connauth->ske->stream,
+                             &silc_connauth_stream_cbs, connauth);
+    silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
+    /* Call completion callback */
+    connauth->completion(connauth, FALSE, connauth->context);
+    return SILC_FSM_FINISH;
+  }
 
   silc_packet_stream_unlink(connauth->ske->stream,
                            &silc_connauth_stream_cbs, connauth);
@@ -474,7 +487,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 
   if (connauth->aborted) {
     /** Aborted */
-    silc_packet_free(connauth->packet);
+    if (connauth->packet)
+      silc_packet_free(connauth->packet);
     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
     return SILC_FSM_CONTINUE;
   }
@@ -553,7 +567,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
   /* Passphrase authentication */
   if (passphrase && passphrase_len) {
     SILC_LOG_DEBUG(("Passphrase authentication"));
-    if (!memcmp(auth_data, passphrase, passphrase_len)) {
+    if (!auth_data || payload_len != passphrase_len ||
+       memcmp(auth_data, passphrase, passphrase_len)) {
       /** Authentication failed */
       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
       return SILC_FSM_CONTINUE;
@@ -564,6 +579,12 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 
     SILC_LOG_DEBUG(("Digital signature authentication"));
 
+    if (!auth_data) {
+      /** Authentication failed */
+      silc_fsm_next(fsm, silc_connauth_st_responder_failure);
+      return SILC_FSM_CONTINUE;
+    }
+
     connauth->auth_data = silc_memdup(auth_data, payload_len);
     connauth->auth_data_len = payload_len;
 
@@ -583,7 +604,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 
     /** Find public key */
     silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk);
-    SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback,
+    SILC_FSM_CALL(silc_skr_find(repository, silc_fsm_get_schedule(fsm),
+                               find, silc_connauth_skr_callback,
                                connauth));
     /* NOT REACHED */
   }
@@ -646,13 +668,13 @@ SILC_FSM_STATE(silc_connauth_st_responder_success)
   SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
   silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
 
-  /* Call completion callback */
-  connauth->completion(connauth, TRUE, connauth->context);
-
   silc_packet_stream_unlink(connauth->ske->stream,
                            &silc_connauth_stream_cbs, connauth);
   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 
+  /* Call completion callback */
+  connauth->completion(connauth, TRUE, connauth->context);
+
   return SILC_FSM_FINISH;
 }
 
@@ -663,12 +685,20 @@ SILC_FSM_STATE(silc_connauth_st_responder_failure)
 
   SILC_LOG_ERROR(("Authentication failed"));
 
-  /* Send FAILURE packet */
-  SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
-  silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
+  if (!connauth->aborted) {
+    /* Send FAILURE packet */
+    SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
+    silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 
-  /* Call completion callback */
-  connauth->completion(connauth, FALSE, connauth->context);
+    silc_packet_stream_unlink(connauth->ske->stream,
+                             &silc_connauth_stream_cbs, connauth);
+    silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
+
+    /* Call completion callback */
+    connauth->completion(connauth, FALSE, connauth->context);
+
+    return SILC_FSM_FINISH;
+  }
 
   silc_packet_stream_unlink(connauth->ske->stream,
                            &silc_connauth_stream_cbs, connauth);