+Sun Apr 29 13:33:41 EEST 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Implemented the [DenyConnectin] config section in the server.
+ Added silc_server_config_denied_conn to check whether incoming
+ connection is denied. Affected file silcd/serverconfig.[ch].
+
+ * Do not check the ports when checking the incoming configuration
+ data if the port is 0, meaning any. Affected file is
+ silcd/serverconfig.c.
+
Fri Apr 20 18:58:43 EEST 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
* Fixed buffer overflow in silc_string_compare in the file
hash tables should replace the lists. Thus, the ID cache should be
rewritten to use hash tables internally.
- o [DenyConnection] config section is not implemented.
-
o The backup router support described in the protocol specification
should be done at some point.
SilcBuffer buffer;
uint16 len;
- SILC_LOG_DEBUG(("Processing New Notify List"));
+ SILC_LOG_DEBUG(("Processing Notify List"));
if (sock->type == SILC_SOCKET_TYPE_CLIENT ||
packet->src_id_type != SILC_ID_SERVER)
SilcServerKEInternalContext *proto_ctx;
int sock, port;
void *cconfig, *sconfig, *rconfig;
+ SilcServerConfigSectionDenyConnection *deny;
SILC_LOG_DEBUG(("Accepting new connection"));
later when outgoing data is available. */
SILC_REGISTER_CONNECTION_FOR_IO(sock);
+ port = server->sockets[fd]->port; /* Listenning port */
+
+ /* Check whether this connection is denied to connect to us. */
+ deny = silc_server_config_denied_conn(server->config, newsocket->ip, port);
+ if (!deny)
+ deny = silc_server_config_denied_conn(server->config, newsocket->hostname,
+ port);
+ if (deny) {
+ /* The connection is denied */
+ silc_server_disconnect_remote(server, newsocket, deny->comment ?
+ deny->comment :
+ "Server closed connection: "
+ "Connection refused");
+ server->stat.conn_failures++;
+ return;
+ }
+
/* Check whether we have configred this sort of connection at all. We
have to check all configurations since we don't know what type of
connection this is. */
- port = server->sockets[fd]->port; /* Listenning port */
if (!(cconfig = silc_server_config_find_client_conn(server->config,
newsocket->ip, port)))
cconfig = silc_server_config_find_client_conn(server->config,
{ "[AdminConnection]",
SILC_CONFIG_SERVER_SECTION_TYPE_ADMIN_CONNECTION, 5 },
{ "[DenyConnection]",
- SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION, 4 },
+ SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION, 3 },
{ "[motd]",
SILC_CONFIG_SERVER_SECTION_TYPE_MOTD, 1 },
break;
case SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION:
- /* Not implemented yet */
+
+ SILC_SERVER_CONFIG_LIST_ALLOC(config->denied);
+
+ /* Get host */
+ ret = silc_config_get_token(line, &config->denied->host);
+ if (ret < 0)
+ break;
+ if (ret == 0) {
+ /* Any host */
+ config->denied->host = strdup("*");
+ fprintf(stderr, "warning: %s:%d: Denying all connections",
+ config->filename, pc->linenum);
+ }
+
+ /* Get port */
+ ret = silc_config_get_token(line, &tmp);
+ if (ret < 0)
+ break;
+ if (ret == 0) {
+ /* Any port */
+ config->denied->port = 0;
+ } else {
+ config->denied->port = atoi(tmp);
+ silc_free(tmp);
+ }
+
+ /* Get comment */
+ ret = silc_config_get_token(line, &config->denied->comment);
+ if (ret < 0)
+ break;
+
check = TRUE;
+ checkmask |= (1L << pc->section->type);
break;
case SILC_CONFIG_SERVER_SECTION_TYPE_MOTD:
if (silc_string_compare(client->host, host))
match = TRUE;
- if (port && client->port != port)
+ if (port && client->port && client->port != port)
match = FALSE;
if (match)
if (silc_string_compare(serv->host, host))
match = TRUE;
- if (port && serv->port != port)
+ if (port && serv->port && serv->port != port)
match = FALSE;
if (match)
if (silc_string_compare(serv->host, host))
match = TRUE;
- if (port && serv->port != port)
+ if (port && serv->port && serv->port != port)
match = FALSE;
if (match)
return admin;
}
+
+/* Returns the Denied connection configuration by host and port. */
+
+SilcServerConfigSectionDenyConnection *
+silc_server_config_denied_conn(SilcServerConfig config, char *host,
+ int port)
+{
+ int i;
+ SilcServerConfigSectionDenyConnection *deny = NULL;
+ bool match = FALSE;
+
+ if (!host)
+ return NULL;
+
+ if (!config->denied)
+ return NULL;
+
+ deny = config->denied;
+ for (i = 0; deny; i++) {
+ if (silc_string_compare(deny->host, host))
+ match = TRUE;
+
+ if (port && deny->port && deny->port != port)
+ match = FALSE;
+
+ if (match)
+ break;
+
+ deny = deny->next;
+ }
+
+ if (!deny)
+ return NULL;
+
+ return deny;
+}
} SilcServerConfigSectionServerConnection;
/* Holds all configured denied connections from config file */
-typedef struct {
+typedef struct SilcServerConfigSectionDenyConnectionStruct {
char *host;
- char *time;
char *comment;
uint16 port;
+ struct SilcServerConfigSectionDenyConnectionStruct *next;
+ struct SilcServerConfigSectionDenyConnectionStruct *prev;
} SilcServerConfigSectionDenyConnection;
/* Holds motd file */
SilcServerConfigSectionAdminConnection *
silc_server_config_find_admin(SilcServerConfig config,
char *host, char *username, char *nickname);
-void silc_server_config_print();
+SilcServerConfigSectionDenyConnection *
+silc_server_config_denied_conn(SilcServerConfig config, char *host,
+ int port);
#endif
#
# These connections are denied to connect our server.
#
-# Format: <remote host/nickname>:<time interval>:<comment>:<port>
+# Format: <remote host>:<port>:<comment>
#
[DenyConnection]
+#10.2.1.99:0:Your connection has been denied
\ No newline at end of file
# temporary files (including these prepare* scripts) are removed.
#
-SILC_VERSION=0.1
+SILC_VERSION=0.1.1
version=$1
if test "$version" = ""; then
echo "#define SILC_VERSION_STRING \"$version\"" >>$file
echo "#define SILC_PROTOCOL_VERSION_STRING \"SILC-1.0-$version\"" >>$file
-echo "Done, now run ./configure and make."
\ No newline at end of file
+echo "Done, now run ./configure and make."
projects / silc.git / commitdiff