Allow rekey with PFS in backup router (for disabled connections).

diff --git a/CHANGES b/CHANGES
index 06a7b92738f36845e30feec1d5670b68d7efaaeb..a1a520bda05b7eb75694e1a3bf908585ace47646 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@ Wed Mar  3 15:13:49 CET 2004  Pekka Riikonen <priikone@silcnet.org>
          completion callback, which might have closed it already.
          Affected file silcd/server.c.
 
+       * Fixed rekey with PFS in backup router.  It did not allow
+         rekeys with PFS, and when the rekey protocol timedout
+         it crashed the backup router without the above fix.  Affected
+         file silcd/packet_send.c and server.c.
+
 Sat Feb 28 16:25:09 EET 2004  Pekka Riikonen <priikone@silcnet.org>
 
        * The silc_client_add_channel_private_key now returns the

diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c
index 68cff9dee0e953c4cede321751a660c2201fc60d..0a7e52332a242cbe0c07f4b36397c821115b1b41 100644 (file)
--- a/apps/silcd/packet_send.c
+++ b/apps/silcd/packet_send.c
@@ -114,7 +114,8 @@ void silc_server_packet_send(SilcServer server,
      rekeys, though */
   if ((idata && idata->status & SILC_IDLIST_STATUS_DISABLED &&
        type != SILC_PACKET_HEARTBEAT && type != SILC_PACKET_REKEY &&
-       type != SILC_PACKET_REKEY_DONE) ||
+       type != SILC_PACKET_REKEY_DONE && type != SILC_PACKET_KEY_EXCHANGE_1
+       && type != SILC_PACKET_KEY_EXCHANGE_2) ||
       (sock->user_data == server->id_entry)) {
     SILC_LOG_DEBUG(("Connection is disabled"));
     return;
@@ -176,9 +177,13 @@ void silc_server_packet_send_dest(SilcServer server,
 
   idata = (SilcIDListData)sock->user_data;
 
-  /* If entry is disabled do not sent anything. */
-  if ((idata && idata->status & SILC_IDLIST_STATUS_DISABLED) ||
-      sock->user_data == server->id_entry) {
+  /* If entry is disabled do not sent anything.  Allow hearbeat and
+     rekeys, though */
+  if ((idata && idata->status & SILC_IDLIST_STATUS_DISABLED &&
+       type != SILC_PACKET_HEARTBEAT && type != SILC_PACKET_REKEY &&
+       type != SILC_PACKET_REKEY_DONE && type != SILC_PACKET_KEY_EXCHANGE_1
+       && type != SILC_PACKET_KEY_EXCHANGE_2) ||
+      (sock->user_data == server->id_entry)) {
     SILC_LOG_DEBUG(("Connection is disabled"));
     return;
   }
@@ -285,9 +290,13 @@ void silc_server_packet_send_srcdest(SilcServer server,
   /* Get data used in the packet sending, keys and stuff */
   idata = (SilcIDListData)sock->user_data;
 
-  /* If entry is disabled do not sent anything. */
-  if ((idata && idata->status & SILC_IDLIST_STATUS_DISABLED) ||
-      sock->user_data == server->id_entry) {
+  /* If entry is disabled do not sent anything.  Allow hearbeat and
+     rekeys, though */
+  if ((idata && idata->status & SILC_IDLIST_STATUS_DISABLED &&
+       type != SILC_PACKET_HEARTBEAT && type != SILC_PACKET_REKEY &&
+       type != SILC_PACKET_REKEY_DONE && type != SILC_PACKET_KEY_EXCHANGE_1
+       && type != SILC_PACKET_KEY_EXCHANGE_2) ||
+      (sock->user_data == server->id_entry)) {
     SILC_LOG_DEBUG(("Connection is disabled"));
     return;
   }

diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index fb4a68dcd1416a1227c2e91ce666b90702e59a2a..20188476f68f96e6aa3bea390095a2e0702580ed 100644 (file)
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -2509,8 +2509,10 @@ SILC_TASK_CALLBACK(silc_server_packet_parse_real)
   /* If entry is disabled ignore what we got. */
   if (idata && idata->status & SILC_IDLIST_STATUS_DISABLED &&
       ret != SILC_PACKET_HEARTBEAT && ret != SILC_PACKET_RESUME_ROUTER &&
-      ret != SILC_PACKET_REKEY && ret != SILC_PACKET_REKEY_DONE) {
-    SILC_LOG_DEBUG(("Connection is disabled"));
+      ret != SILC_PACKET_REKEY && ret != SILC_PACKET_REKEY_DONE &&
+      ret != SILC_PACKET_KEY_EXCHANGE_1 && ret != SILC_PACKET_KEY_EXCHANGE_2) {
+    SILC_LOG_DEBUG(("Connection is disabled (packet %s dropped)",
+                   silc_get_packet_name(ret)));
     goto out;
   }