+Wed Jul 25 16:04:35 EEST 2001 Pekka Riikonen <priikone@silcnet.org>
+
+ * Do not enable SILC_THREADS if the linking with libpthread
+ did not happen. Affected file configure.in.pre.
+
+ * Added notion to protocol specification that server must
+ verify the sent authentication payload with CMODE when
+ setting the channel founder key. Implemented it to the
+ server. Affected file silcd/command.c.
+
Mon Jul 23 18:31:43 EEST 2001 Pekka Riikonen <priikone@silcnet.org>
* Added _EXTRA_DIST SILC distribution variable to the
silc_calloc(tmp_len + 1, sizeof(*channel->founder_passwd));
memcpy(channel->founder_passwd, tmp, tmp_len);
channel->founder_passwd_len = tmp_len;
+ } else {
+ /* Verify the payload before setting the mode */
+ if (!silc_auth_verify(auth, channel->founder_method,
+ channel->founder_key, 0, idata->hash,
+ client->id, SILC_ID_CLIENT)) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_CMODE,
+ SILC_STATUS_ERR_AUTH_FAILED);
+ goto out;
+ }
}
silc_auth_payload_free(auth);
as operator. The <authentication payload> is the data that the
client is authenticated against. It may be passphrase prompted
for user on client's screen or it may be public key or certificate
- authentication data (data signed with private key).
+ authentication data (data signed with private key). The public
+ key that server will use to verify the signature found in the
+ payload should be verified. It is recommended that the public
+ key is saved locally in the server and server would not use
+ any public keys received during the SKE.
After changing the mode the server MUST send the notify type
SILC_NOTIFY_TYPE_UMODE_CHANGE to its primary router.
method is public key authentication the server MUST NOT
save the authentication data from the payload as the
data is different on all authentications. In this case the
- server only saves the authentication method.
+ server only saves the authentication method. However,
+ server MUST verify the sent authentication payload and
+ set the mode only if the verification was successful.
Note that this mode is effective only in the current server.
The client MUST connect to the same server later to be able
SILC_STATUS_ERR_NO_CHANNEL_PRIV
SILC_STATUS_ERR_UNKNOWN_MODE
SILC_STATUS_ERR_NO_SUCH_CLIENT_ID
+ SILC_STATUS_ERR_AUTH_FAILED
18 SILC_COMMAND_CUMODE
However, if the SILC_CMODE_FOUNDER_AUTH channel mode has
been set, the client can claim channel founder privileges
by providing the <auth payload> that the server will use
- to authenticate the client. The client MAY remove this
- mode at any time.
+ to authenticate the client. The public key that server will
+ use to verify the <auth payload> must the same public key
+ that was saved when the SILC_CMODE_FOUNDER_AUTH channel
+ mode was set. The client MAY remove this mode at any time.
0x0002 SILC_CUMODE_OPERATOR
as operator. The <authentication payload> is the data that the
client is authenticated against. It may be passphrase prompted
for user on client's screen or it may be public key or certificate
- authentication data (data signed with private key).
+ authentication data (data signed with private key). The public
+ key that router will use to verify the signature found in the
+ payload should be verified. It is recommended that the public
+ key is saved locally in the router and router would not use
+ any public keys received during the SKE.
Difference between router operator and server operator is that
router operator is able to handle cell level properties while
projects / silc.git / commitdiff