+Wed Feb 13 20:51:13 EET 2002 Johnny Mnemonic <johnny@themnemonic.org>
+
+ * Unified the serverconfig.[ch]'s helper function interface.
+ Affected file silcd/serverconfig.[ch].
+
+ * Removed doc/example_silc.conf.in since it is redundant.
+ The make install will now install irssi/silc.conf file.
+
+ * Added new Passphrase and Publickey authentication methods to
+ config file, allowing both public key and passphrase based
+ authentication to be set at the same time.
+
+ Added `prefer_passphrase_auth' setting in config file which
+ can be used to set to prefer passwd auth if both passwd and
+ public key is set. If not set, public key is preferred.
+ This has effect only when being initiator (responder will try
+ both anyway).
+
+ Added support for authentication with passphrase and public key
+ at the same time. The passphrase is tried first always since
+ it is faster to check.
+
+ Affected file silcd/serverconfig.[ch], server.c, protocol.[ch].
+
Wed Feb 13 12:46:25 CET 2002 Johnny Mnemonic <johnny@themnemonic.org>
* Merged the new SILC Config library, with the server parsing
chmod go= $(etcdir)/silcd.conf; \
fi
-@if test '!' -f $(etcdir)/silc.conf ; then \
- $(INSTALL_DATA) $(srcdir)/doc/example_silc.conf \
+ $(INSTALL_DATA) $(srcdir)/irssi/silc.conf \
$(etcdir)/silc.conf; \
fi
uint32 tmp_len;
SilcServerConfigSectionAdmin *admin;
SilcIDListData idata = (SilcIDListData)client;
+ bool result = FALSE;
SILC_SERVER_COMMAND_CHECK(SILC_COMMAND_OPER, cmd, 1, 2);
}
/* Get the admin configuration */
- admin = silc_server_config_find_admin(server->config, cmd->sock->ip,
+ admin = silc_server_config_find_admin(server, cmd->sock->ip,
username, client->nickname);
if (!admin) {
- admin = silc_server_config_find_admin(server->config, cmd->sock->hostname,
+ admin = silc_server_config_find_admin(server, cmd->sock->hostname,
username, client->nickname);
if (!admin) {
silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
goto out;
}
- /* Verify the authentication data */
- if (!silc_auth_verify_data(auth, tmp_len, admin->auth_meth,
- admin->auth_data, admin->auth_data_len,
- idata->hash, client->id, SILC_ID_CLIENT)) {
+ /* Verify the authentication data. If both passphrase and public key
+ is set then try both of them. */
+ if (admin->passphrase)
+ result = silc_auth_verify_data(auth, tmp_len, SILC_AUTH_PASSWORD,
+ admin->passphrase, admin->passphrase_len,
+ idata->hash, client->id, SILC_ID_CLIENT);
+ if (!result && admin->publickey)
+ result = silc_auth_verify_data(auth, tmp_len, SILC_AUTH_PUBLIC_KEY,
+ admin->publickey, 0,
+ idata->hash, client->id, SILC_ID_CLIENT);
+ if (!result) {
+ /* Authentication failed */
silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
SILC_STATUS_ERR_AUTH_FAILED);
goto out;
uint32 tmp_len;
SilcServerConfigSectionAdmin *admin;
SilcIDListData idata = (SilcIDListData)client;
+ bool result = FALSE;
SILC_SERVER_COMMAND_CHECK(SILC_COMMAND_SILCOPER, cmd, 1, 2);
}
/* Get the admin configuration */
- admin = silc_server_config_find_admin(server->config, cmd->sock->ip,
+ admin = silc_server_config_find_admin(server, cmd->sock->ip,
username, client->nickname);
if (!admin) {
- admin = silc_server_config_find_admin(server->config, cmd->sock->hostname,
+ admin = silc_server_config_find_admin(server, cmd->sock->hostname,
username, client->nickname);
if (!admin) {
silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
goto out;
}
- /* Verify the authentication data */
- if (!silc_auth_verify_data(auth, tmp_len, admin->auth_meth,
- admin->auth_data, admin->auth_data_len,
- idata->hash, client->id, SILC_ID_CLIENT)) {
- silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ /* Verify the authentication data. If both passphrase and public key
+ is set then try both of them. */
+ if (admin->passphrase)
+ result = silc_auth_verify_data(auth, tmp_len, SILC_AUTH_PASSWORD,
+ admin->passphrase, admin->passphrase_len,
+ idata->hash, client->id, SILC_ID_CLIENT);
+ if (!result && admin->publickey)
+ result = silc_auth_verify_data(auth, tmp_len, SILC_AUTH_PUBLIC_KEY,
+ admin->publickey, 0,
+ idata->hash, client->id, SILC_ID_CLIENT);
+ if (!result) {
+ /* Authentication failed */
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
SILC_STATUS_ERR_AUTH_FAILED);
goto out;
}
SilcServerConfigSectionClient *client = NULL;
uint16 conn_type;
int ret, port;
- SilcAuthMethod auth_meth;
+ SilcAuthMethod auth_meth = SILC_AUTH_NONE;
SILC_LOG_DEBUG(("Start"));
/* Get the authentication method for the client */
auth_meth = SILC_AUTH_NONE;
port = server->sockets[server->sock]->port; /* Listenning port */
- client = silc_server_config_find_client(server->config,
- sock->ip,
- port);
+ client = silc_server_config_find_client(server, sock->ip, port);
if (!client)
- client = silc_server_config_find_client(server->config,
- sock->hostname,
- port);
- if (client)
- auth_meth = client->auth_meth;
-
+ client = silc_server_config_find_client(server, sock->hostname, port);
+ if (client) {
+ if (client->passphrase) {
+ if (client->publickey && !server->config->prefer_passphrase_auth)
+ auth_meth = SILC_AUTH_PUBLIC_KEY;
+ else
+ auth_meth = SILC_AUTH_PASSWORD;
+ } else if (client->publickey)
+ auth_meth = SILC_AUTH_PUBLIC_KEY;
+ }
+
/* Send it back to the client */
- silc_server_send_connection_auth_request(server, sock,
- conn_type,
- auth_meth);
+ silc_server_send_connection_auth_request(server, sock, conn_type, auth_meth);
}
/* Received REKEY packet. The sender of the packet wants to regenerate
return FALSE;
}
+/* Function that actually performs the authentication to the remote. This
+ supports both passphrase and public key authentication. */
+
+static bool
+silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
+ char *local_passphrase,
+ void *local_publickey,
+ unsigned char *remote_auth,
+ uint32 remote_auth_len)
+{
+ SilcServer server = (SilcServer)ctx->server;
+ SilcSKE ske = ctx->ske;
+ bool result = FALSE;
+
+ /* If we don't have authentication data set at all we do not require
+ authentication at all */
+ if (!local_passphrase && !local_publickey) {
+ SILC_LOG_DEBUG(("No authentication required"));
+ return TRUE;
+ }
+
+ /* If both passphrase and public key is provided then we'll try both of
+ them and see which one of them authenticates. If only one of them is
+ set, then try only that. */
+
+ /* Try first passphrase (as it is faster to check) */
+ if (local_passphrase) {
+ SILC_LOG_DEBUG(("Password authentication"));
+ result = silc_server_password_authentication(server, local_passphrase,
+ remote_auth);
+ }
+
+ /* Try public key authenetication */
+ if (!result && local_publickey) {
+ SILC_LOG_DEBUG(("Public key authentication"));
+ result = silc_server_public_key_authentication(server,
+ local_publickey,
+ remote_auth,
+ remote_auth_len,
+ ske);
+ }
+
+ return result;
+}
+
/* Performs connection authentication protocol. If responder, we
authenticate the remote data received. If initiator, we will send
authentication data to the remote end. */
SilcServerConfigSectionClient *client = ctx->cconfig;
if (client) {
- switch(client->auth_meth) {
- case SILC_AUTH_NONE:
- /* No authentication required */
- SILC_LOG_DEBUG(("No authentication required"));
- break;
-
- case SILC_AUTH_PASSWORD:
- /* Password authentication */
- SILC_LOG_DEBUG(("Password authentication"));
- ret = silc_server_password_authentication(server, auth_data,
- client->auth_data);
-
- if (ret)
- break;
-
+ ret = silc_server_get_authentication(ctx, client->passphrase,
+ client->publickey,
+ auth_data, payload_len);
+ if (!ret) {
/* Authentication failed */
SILC_LOG_ERROR(("Authentication failed"));
SILC_LOG_DEBUG(("Authentication failed"));
silc_free(auth_data);
protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
- return;
- break;
-
- case SILC_AUTH_PUBLIC_KEY:
- /* Public key authentication */
- SILC_LOG_DEBUG(("Public key authentication"));
- ret = silc_server_public_key_authentication(server,
- client->auth_data,
- auth_data,
- payload_len,
- ctx->ske);
-
- if (ret)
- break;
-
- SILC_LOG_ERROR(("Authentication failed"));
- SILC_LOG_DEBUG(("Authentication failed"));
- silc_free(auth_data);
- protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
+ silc_protocol_execute(protocol, server->schedule, 0, 300000);
return;
}
} else {
SilcServerConfigSectionServer *serv = ctx->sconfig;
if (serv) {
- switch(serv->auth_meth) {
- case SILC_AUTH_NONE:
- /* No authentication required */
- SILC_LOG_DEBUG(("No authentication required"));
- break;
-
- case SILC_AUTH_PASSWORD:
- /* Password authentication */
- SILC_LOG_DEBUG(("Password authentication"));
- ret = silc_server_password_authentication(server, auth_data,
- serv->auth_data);
-
- if (ret)
- break;
-
+ ret = silc_server_get_authentication(ctx, serv->passphrase,
+ serv->publickey,
+ auth_data, payload_len);
+ if (!ret) {
/* Authentication failed */
SILC_LOG_ERROR(("Authentication failed"));
SILC_LOG_DEBUG(("Authentication failed"));
silc_free(auth_data);
protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
- return;
- break;
-
- case SILC_AUTH_PUBLIC_KEY:
- /* Public key authentication */
- SILC_LOG_DEBUG(("Public key authentication"));
- ret = silc_server_public_key_authentication(server,
- serv->auth_data,
- auth_data,
- payload_len,
- ctx->ske);
-
- if (ret)
- break;
-
- SILC_LOG_ERROR(("Authentication failed"));
- SILC_LOG_DEBUG(("Authentication failed"));
- silc_free(auth_data);
- protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
+ silc_protocol_execute(protocol, server->schedule, 0, 300000);
return;
}
} else {
SilcServerConfigSectionRouter *serv = ctx->rconfig;
if (serv) {
- switch(serv->auth_meth) {
- case SILC_AUTH_NONE:
- /* No authentication required */
- SILC_LOG_DEBUG(("No authentication required"));
- break;
-
- case SILC_AUTH_PASSWORD:
- /* Password authentication */
- SILC_LOG_DEBUG(("Password authentication"));
- ret = silc_server_password_authentication(server, auth_data,
- serv->auth_data);
-
- if (ret)
- break;
-
+ ret = silc_server_get_authentication(ctx, serv->passphrase,
+ serv->publickey,
+ auth_data, payload_len);
+ if (!ret) {
/* Authentication failed */
SILC_LOG_ERROR(("Authentication failed"));
SILC_LOG_DEBUG(("Authentication failed"));
silc_free(auth_data);
protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
- return;
- break;
-
- case SILC_AUTH_PUBLIC_KEY:
- /* Public key authentication */
- SILC_LOG_DEBUG(("Public key authentication"));
- ret = silc_server_public_key_authentication(server,
- serv->auth_data,
- auth_data,
- payload_len,
- ctx->ske);
-
- if (ret)
- break;
-
- SILC_LOG_ERROR(("Authentication failed"));
- SILC_LOG_DEBUG(("Authentication failed"));
- silc_free(auth_data);
- protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->schedule,
- 0, 300000);
+ silc_protocol_execute(protocol, server->schedule, 0, 300000);
return;
}
} else {
/* SKE object from Key Exchange protocol. */
SilcSKE ske;
- /* Auth method that must be used. This is resolved before this
- connection authentication protocol is started. Used when we are
- initiating. */
+ /* Authentication method and data if we alreay know it. This is filled
+ before starting the protocol if we know the authentication data.
+ Otherwise these are and remain NULL. Used when we are initiating. */
uint32 auth_meth;
-
- /* Authentication data if we alreay know it. This is filled before
- starting the protocol if we know the authentication data. Otherwise
- these are and remain NULL. Used when we are initiating. */
void *auth_data;
uint32 auth_data_len;
SILC_LOG_ERROR(("Could not create server listener: %s on %hd",
server->config->server_info->server_ip,
server->config->server_info->port));
- goto err0;
+ goto err;
}
sock = silc_realloc(sock, sizeof(*sock) * (sock_count + 1));
newsocket->hostname ? newsocket->hostname :
newsocket->ip ? newsocket->ip : ""));
server->stat.conn_failures++;
- goto err0;
+ goto err;
}
if (!newsocket->hostname)
newsocket->hostname = strdup(newsocket->ip);
/* Create a Server ID for the server. */
silc_id_create_server_id(newsocket->ip, newsocket->port, server->rng, &id);
if (!id)
- goto err0;
+ goto err;
server->id = id;
server->id_string = silc_id_id2str(id, SILC_ID_SERVER);
server->server_type, server->id, NULL, NULL);
if (!id_entry) {
SILC_LOG_ERROR(("Could not add ourselves to cache"));
- goto err0;
+ goto err;
}
id_entry->data.status |= SILC_IDLIST_STATUS_REGISTERED;
/* Initialize the scheduler. */
server->schedule = silc_schedule_init(SILC_SERVER_MAX_CONNECTIONS);
if (!server->schedule)
- goto err0;
+ goto err;
/* Add the first task to the scheduler. This is task that is executed by
timeout. It expires as soon as the caller calls silc_server_run. This
server->listenning = TRUE;
/* Send log file configuration */
- silc_server_config_setlogfiles(server->config, server->schedule);
+ silc_server_config_setlogfiles(server);
/* If server connections has been configured then we must be router as
normal server cannot have server connections, only router connections. */
/* We are done here, return succesfully */
return TRUE;
- err0:
+ err:
for (i = 0; i < sock_count; i++)
silc_net_close_server(sock[i]);
/* Resolve the authentication method used in this connection. Check if
we find a match from user configured connections */
- conn = silc_server_config_find_router_conn(server->config,
- sock->hostname,
+ conn = silc_server_config_find_router_conn(server, sock->hostname,
sock->port);
if (conn) {
/* Match found. Use the configured authentication method */
- proto_ctx->auth_meth = conn->auth_meth;
- if (conn->auth_data) {
- proto_ctx->auth_data = strdup(conn->auth_data);
- proto_ctx->auth_data_len = strlen(conn->auth_data);
+ if (conn->passphrase) {
+ if (conn->publickey && !server->config->prefer_passphrase_auth) {
+ proto_ctx->auth_data = conn->publickey;
+ proto_ctx->auth_data_len = 0;
+ proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
+ } else {
+ proto_ctx->auth_data = strdup(conn->passphrase);
+ proto_ctx->auth_data_len = strlen(conn->passphrase);
+ proto_ctx->auth_meth = SILC_AUTH_PASSWORD;
+ }
+ } else if (conn->publickey) {
+ proto_ctx->auth_data = conn->publickey;
+ proto_ctx->auth_data_len = 0;
+ proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
+ } else {
+ proto_ctx->auth_meth = SILC_AUTH_NONE;
}
} else {
SILC_LOG_ERROR(("Could not find connection data for %s (%s) on port",
silc_packet_context_free(ctx->packet);
if (ctx->ske)
silc_ske_free(ctx->ske);
- silc_free(ctx->auth_data);
+ if (ctx->auth_meth == SILC_AUTH_PASSWORD)
+ silc_free(ctx->auth_data);
silc_free(ctx);
}
port = server->sockets[server->sock]->port; /* Listenning port */
/* Check whether this connection is denied to connect to us. */
- deny = silc_server_config_find_denied(server->config, sock->ip, port);
+ deny = silc_server_config_find_denied(server, sock->ip, port);
if (!deny)
- deny = silc_server_config_find_denied(server->config, sock->hostname,
- port);
+ deny = silc_server_config_find_denied(server, sock->hostname, port);
if (deny) {
/* The connection is denied */
SILC_LOG_INFO(("Connection %s (%s) is denied",
/* Check whether we have configred this sort of connection at all. We
have to check all configurations since we don't know what type of
connection this is. */
- if (!(cconfig = silc_server_config_find_client(server->config,
- sock->ip, port)))
- cconfig = silc_server_config_find_client(server->config,
- sock->hostname,
- port);
- if (!(sconfig = silc_server_config_find_server_conn(server->config,
- sock->ip,
- port)))
- sconfig = silc_server_config_find_server_conn(server->config,
- sock->hostname,
- port);
- if (!(rconfig = silc_server_config_find_router_conn(server->config,
- sock->ip, port)))
- rconfig = silc_server_config_find_router_conn(server->config,
- sock->hostname,
- port);
+ if (!(cconfig = silc_server_config_find_client(server, sock->ip, port)))
+ cconfig = silc_server_config_find_client(server, sock->hostname, port);
+ if (!(sconfig = silc_server_config_find_server_conn(server, sock->ip)))
+ sconfig = silc_server_config_find_server_conn(server, sock->hostname);
+ if (!(rconfig = silc_server_config_find_router_conn(server, sock->ip, port)))
+ rconfig = silc_server_config_find_router_conn(server, sock->hostname,
+ sock->port);
if (!cconfig && !sconfig && !rconfig) {
- SILC_LOG_INFO(("Connection %s (%s) is not allowed",
- sock->hostname, sock->ip));
+ SILC_LOG_INFO(("Connection %s (%s) is not allowed", sock->hostname,
+ sock->ip));
silc_server_disconnect_remote(server, sock,
"Server closed connection: "
"Connection refused");
/* Check whether this connection is to be our primary router connection
if we do not already have the primary route. */
if (server->standalone && ctx->conn_type == SILC_SOCKET_TYPE_ROUTER) {
- if (silc_server_config_is_primary_route(server->config) &&
+ if (silc_server_config_is_primary_route(server) &&
!conn->initiator)
break;
/* Connect to the primary router that was down that is now supposed
to be back online. We send the CONNECTED packet after we've
established the connection to the primary router. */
- primary = silc_server_config_get_primary_router(server->config);
+ primary = silc_server_config_get_primary_router(server);
if (primary && server->backup_primary) {
silc_server_backup_reconnect(server,
primary->host, primary->port,
to next state. */
if (server->router &&
!(server->router->data.status & SILC_IDLIST_STATUS_DISABLED) &&
- silc_server_config_is_primary_route(server->config)) {
+ silc_server_config_is_primary_route(server)) {
/* We'll wait for RESUMED packet */
protocol->state = SILC_PROTOCOL_STATE_END;
break;
{
SilcServerConfig config = (SilcServerConfig) context;
- if (!strcmp(name, "modulepath")) {
+ if (!strcmp(name, "module_path")) {
if (config->module_path)
return SILC_CONFIG_EDOUBLE;
/* dup it only if non-empty, otherwise point it to NULL */
tmp->module = (*(char *)val ? strdup((char *) val) : NULL);
}
- else if (!strcmp(name, "key_length"))
+ else if (!strcmp(name, "keylength"))
tmp->key_length = *(uint32 *)val;
- else if (!strcmp(name, "block_length"))
+ else if (!strcmp(name, "blocklength"))
tmp->block_length = *(uint32 *)val;
else
return SILC_CONFIG_EINTERNAL;
/* dup it only if non-empty, otherwise point it to NULL */
tmp->module = (*(char *)val ? strdup((char *) val) : NULL);
}
- else if (!strcmp(name, "block_length"))
+ else if (!strcmp(name, "blocklength"))
tmp->block_length = *(int *)val;
- else if (!strcmp(name, "digest_length"))
+ else if (!strcmp(name, "digestlength"))
tmp->digest_length = *(int *)val;
else
return SILC_CONFIG_EINTERNAL;
if (tmp->hash) { got_errno = SILC_CONFIG_EDOUBLE; goto got_err; }
tmp->hash = strdup((char *) val);
}
- else if (!strcmp(name, "mac_length"))
+ else if (!strcmp(name, "maclength"))
tmp->mac_length = *(int *)val;
else
return SILC_CONFIG_EINTERNAL;
Author: Johnny Mnemonic <johnny@themnemonic.org>
- Copyright (C) 1997 - 2002 Pekka Riikonen
+ Copyright (C) 1997 - 2002 Johnny Mnemonic
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/* Holds all client authentication data from config file */
typedef struct SilcServerConfigSectionClientStruct {
char *host;
- SilcAuthMethod auth_meth;
- void *auth_data;
- uint32 auth_data_len;
+ unsigned char *passphrase;
+ uint32 passphrase_len;
+ void *publickey;
uint16 port;
uint32 class;
struct SilcServerConfigSectionClientStruct *next;
char *host;
char *user;
char *nick;
- SilcAuthMethod auth_meth;
- void *auth_data;
- uint32 auth_data_len;
+ unsigned char *passphrase;
+ uint32 passphrase_len;
+ void *publickey;
struct SilcServerConfigSectionAdminStruct *next;
} SilcServerConfigSectionAdmin;
/* Holds all configured server connections from config file */
typedef struct SilcServerConfigSectionServerStruct {
char *host;
- SilcAuthMethod auth_meth;
- void *auth_data;
- uint32 auth_data_len;
- uint16 port;
+ unsigned char *passphrase;
+ uint32 passphrase_len;
+ void *publickey;
char *version;
uint32 class;
bool backup_router;
/* Holds all configured router connections from config file */
typedef struct SilcServerConfigSectionRouterStruct {
char *host;
- SilcAuthMethod auth_meth;
- void *auth_data;
- uint32 auth_data_len;
+ unsigned char *passphrase;
+ uint32 passphrase_len;
+ void *publickey;
uint16 port;
char *version;
uint32 class;
typedef struct {
void *tmp;
char *module_path;
+ bool prefer_passphrase_auth;
SilcServerConfigSectionCipher *cipher;
SilcServerConfigSectionHash *hash;
/* Prototypes */
-/* basic config operations */
+/* Basic config operations */
SilcServerConfig silc_server_config_alloc(char *filename);
void silc_server_config_destroy(SilcServerConfig config);
-/* algorithm registering and reset functions */
+/* Algorithm registering and reset functions */
bool silc_server_config_register_ciphers(SilcServer server);
bool silc_server_config_register_hashfuncs(SilcServer server);
bool silc_server_config_register_hmacs(SilcServer server);
bool silc_server_config_register_pkcs(SilcServer server);
-void silc_server_config_setlogfiles(SilcServerConfig config, SilcSchedule sked);
+void silc_server_config_setlogfiles(SilcServer server);
-/* run-time config access functions */
+/* Run-time config access functions */
SilcServerConfigSectionClient *
-silc_server_config_find_client(SilcServerConfig config, char *host, int port);
-
+silc_server_config_find_client(SilcServer server, char *host, int port);
SilcServerConfigSectionAdmin *
-silc_server_config_find_admin(SilcServerConfig config,
- char *host, char *user, char *nick);
-
+silc_server_config_find_admin(SilcServer server, char *host, char *user,
+ char *nick);
SilcServerConfigSectionDeny *
-silc_server_config_find_denied(SilcServerConfig config,
- char *host, uint16 port);
-
-/* Prototypes - OLD */
+silc_server_config_find_denied(SilcServer server, char *host, uint16 port);
SilcServerConfigSectionServer *
-silc_server_config_find_server_conn(SilcServerConfig config,
- char *host, int port);
+silc_server_config_find_server_conn(SilcServer server, char *host);
SilcServerConfigSectionRouter *
-silc_server_config_find_router_conn(SilcServerConfig config,
- char *host, int port);
-bool silc_server_config_is_primary_route(SilcServerConfig config);
+silc_server_config_find_router_conn(SilcServer server, char *host, int port);
+bool silc_server_config_is_primary_route(SilcServer server);
SilcServerConfigSectionRouter *
-silc_server_config_get_primary_router(SilcServerConfig config);
+silc_server_config_get_primary_router(SilcServer server);
#endif /* !SERVERCONFIG_H */
#
-# configure.in
+# configure.in.pre
#
-# Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
+# Author: Pekka Riikonen <priikone@silcnet.org>
#
-# Copyright (C) 2000 - 2001 Pekka Riikonen
+# Copyright (C) 2000 - 2002 Pekka Riikonen
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
lib/silcutil/win32/Makefile
lib/silcsftp/Makefile
lib/silcsftp/tests/Makefile
-doc/example_silc.conf
doc/example_silcd.conf
-)
+)
if test "x$silc_dist" = "xsilc-client" ||
test "x$silc_dist" = "xsilc-toolkit"; then
CodingStyle \
FAQ \
example_silcd.conf \
- example_silc.conf \
draft-riikonen*.txt $(SILC_EXTRA_DIST)
+++ /dev/null
-#
-# Configured ciphers.
-#
-# Format: <name>:<module path>:<key length>:<block length>
-#
-# If the cipher is builtin the <module path> maybe omitted.
-#
-[cipher]
-aes-256-cbc:@MODULESDIR@/aes.sim.so:32:16
-aes-192-cbc:@MODULESDIR@/aes.sim.so:24:16
-aes-128-cbc:@MODULESDIR@/aes.sim.so:16:16
-twofish-256-cbc:@MODULESDIR@/twofish.sim.so:32:16
-twofish-192-cbc:@MODULESDIR@/twofish.sim.so:24:16
-twofish-128-cbc:@MODULESDIR@/twofish.sim.so:16:16
-mars-256-cbc:@MODULESDIR@/mars.sim.so:32:16
-mars-192-cbc:@MODULESDIR@/mars.sim.so:24:16
-mars-128-cbc:@MODULESDIR@/mars.sim.so:16:16
-none:@MODULESDIR@/none.sim.so:0:0
-
-#
-# Configured hash functions.
-#
-# Format: <name>:<module path>:<block length>:<digest length>
-#
-# If the hash function is builtin the <module path> maybe omitted.
-#
-[hash]
-sha1::64:20
-md5::64:16
-
-#
-# Configured HMAC functions. The hash function used in the HMAC must
-# configured to the [hash] section.
-#
-# Format: <name>:<hash name>:<mac length>
-#
-[hmac]
-hmac-sha1-96:sha1:12
-hmac-md5-96:md5:12
-hmac-sha1:sha1:20
-hmac-md5:md5:16
-
-#
-# Configured PKCS.
-#
-# Format: <name>
-#
-[pkcs]
-rsa
-
-#
-# Configured connections to servers.
-#
-# Format: <remote host>:<auth type>:<auth data>:<port>
-#
-# <auth type> maybe `passwd' or `pubkey'.
-#
-[connection]
-#lassi.kuo.fi.ssh.com:passwd::706
-
-#
-# Commands. These are executed when SILC client is run. Normal
-# SILC commands may be executed here.
-#
-# Format: <command>
-#
-[commands]
-/server silc.pspt.fi
General {
# This is the default path where to search modules
# You can comment it out to use builtin modules globally.
- ModulePath = "@MODULESDIR@";
+ module_path = "@MODULESDIR@";
+
+ # If both passphrase and public key authentication is set for a
+ # connection the public key authentication is the preferred one
+ # to use. Set this to `true' to prefer passphrase authentication
+ # over public key authentication in these cases.
+ #
+ # prefer_passphrase_auth = true;
};
#
cipher {
name = "aes-256-cbc";
module = "aes.sim.so";
- key_length = 32;
- block_length = 16;
+ keylength = 32;
+ blocklength = 16;
};
cipher {
name = "aes-192-cbc";
module = "aes.sim.so";
- key_length = 24;
- block_length = 16;
+ keylength = 24;
+ blocklength = 16;
};
cipher {
name = "aes-128-cbc";
module = "aes.sim.so";
- key_length = 16;
- block_length = 16;
+ keylength = 16;
+ blocklength = 16;
};
cipher {
name = "twofish-256-cbc";
module = "twofish.sim.so";
- key_length = 32;
- block_length = 16;
+ keylength = 32;
+ blocklength = 16;
};
cipher {
name = "twofish-192-cbc";
module = "twofish.sim.so";
- key_length = 24;
- block_length = 16;
+ keylength = 24;
+ blocklength = 16;
};
cipher {
name = "twofish-128-cbc";
module = "twofish.sim.so";
- key_length = 16;
- block_length = 16;
+ keylength = 16;
+ blocklength = 16;
};
cipher {
name = "mars-256-cbc";
module = "mars.sim.so";
- key_length = 32;
- block_length = 16;
+ keylength = 32;
+ blocklength = 16;
};
cipher {
name = "mars-192-cbc";
module = "mars.sim.so";
- key_length = 24;
- block_length = 16;
+ keylength = 24;
+ blocklength = 16;
};
cipher {
name = "mars-128-cbc";
module = "mars.sim.so";
- key_length = 16;
- block_length = 16;
+ keylength = 16;
+ blocklength = 16;
};
cipher {
name = "none";
#
hash {
name = "sha1";
- block_length = 64;
- digest_length = 20;
+ blocklength = 64;
+ digestlength = 20;
};
hash {
name = "md5";
- block_length = 64;
- digest_length = 16;
+ blocklength = 64;
+ digestlength = 16;
};
#
hmac {
name = "hmac-sha1-96";
hash = "sha1";
- mac_length = 12;
+ maclength = 12;
};
hmac {
name = "hmac-md5-96";
hash = "md5";
- mac_length = 12;
+ maclength = 12;
};
hmac {
name = "hmac-sha1";
hash = "sha1";
- mac_length = 20;
+ maclength = 20;
};
hmac {
name = "hmac-md5";
hash = "md5";
- mac_length = 16;
+ maclength = 16;
};
#
EMail = "priikone@poseidon.pspt.fi";
#
- # Run SILC server as specific user and group. The server must be initially
- # run as root.
+ # Run SILC server as specific user and group. The server must be
+ # initially run as root.
#
User = "nobody";
Group = "nobody";
#
# The fields "Host", "User", and "Nick", are optional but you are encouraged
# in using them to better identify your admins.
-# "AuthMethod" and "AuthData" fields are mandatory. The "AuthMethod" field
-# can be either the special string "passwd" or "pubkey" to identify the type
-# of data specified by "AuthData".
+#
+# The authentication data is specified by Passphrase and/or Publickey.
+# If both are provided then both password and public key based authentication
+# is allowed. If the Publickey is used it includes the file path to the
+# public key file. If none of them is provided then authentication is not
+# required.
#
Admin {
Host = "10.2.1.199";
User = "priikone";
Nick = "pekka";
- AuthMethod = "passwd";
- AuthData = "verysecret";
+ Passphrase = "verysecret";
+ # Publickey = "/path/to/the/public.key";
};
#
# Thus, if this server is not router do not configure this section. If
# your server is router, this must be configured.
#
-# The "AuthData" option is either passphrase or file path to the public key
-# file. If the connection is backup connection then set the "Backup" option
-# to true. For normal connections set it false. If it is
-# set to true then this server will be backup router.
+# The authentication data is specified by Passphrase and/or Publickey.
+# If both are provided then both password and public key based authentication
+# is allowed. If the Publickey is used it includes the file path to the
+# public key file. If none of them is provided then authentication is not
+# required.
+#
+# If the connection is backup connection then set the "Backup" option
+# to true. For normal connections set it false. If it is set to true then
+# this server will be backup router.
#
ServerConnection {
Host = "10.2.1.7";
- AuthMethod = passwd;
- AuthData = "verysecret";
- Port = 706;
+ Passphrase = "verysecret";
+ # Publickey = "/path/to/the/public.key";
VersionID = 1;
Class = "norm";
Backup = false;
# this section includes all configured router connections. The first
# configured connection is the primary route.
#
-# The "AuthData" option is either passphrase or file path to the public key
-# file. If you are the initiator of the connection then set the "Initiator"
+# The authentication data is specified by Passphrase and/or Publickey.
+# If both are provided then both password and public key based authentication
+# is allowed. If the Publickey is used it includes the file path to the
+# public key file. If none of them is provided then authentication is not
+# required.
+#
+# If you are the initiator of the connection then set the "Initiator"
# option to true. If you are the responder of the connection (waiting for
# incoming connection) then set it to false.
#
#
RouterConnection {
Host = "10.2.1.100";
- AuthMethod = passwd;
- AuthData = "verysecret";
Port = 706;
+ Passphrase = "verysecret";
+ # Publickey = "/path/to/the/public.key";
VersionID = 1;
Class = "norm";
Initiator = true;
SILC_CLIENT_CMD(info, INFO, "INFO", 2);
SILC_CLIENT_CMD(connect, CONNECT, "CONNECT", 3);
SILC_CLIENT_CMD(ping, PING, "PING", 2);
- SILC_CLIENT_CMD(oper, OPER, "OPER", 2);
+ SILC_CLIENT_CMD(oper, OPER, "OPER", 3);
SILC_CLIENT_CMD(join, JOIN, "JOIN", 9);
SILC_CLIENT_CMD(motd, MOTD, "MOTD", 2);
SILC_CLIENT_CMD(umode, UMODE, "UMODE", 2);
projects / silc.git / commitdiff