From: Pekka Riikonen Date: Sun, 29 Apr 2001 10:32:16 +0000 (+0000) Subject: updates. X-Git-Tag: SILC.0.1.1~5 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=3e265c812176cac635a3c2de387ab1b6abc94532 updates. --- diff --git a/CHANGES b/CHANGES index 9e449d75..26f91d23 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,13 @@ +Sun Apr 29 13:33:41 EEST 2001 Pekka Riikonen + + * Implemented the [DenyConnectin] config section in the server. + Added silc_server_config_denied_conn to check whether incoming + connection is denied. Affected file silcd/serverconfig.[ch]. + + * Do not check the ports when checking the incoming configuration + data if the port is 0, meaning any. Affected file is + silcd/serverconfig.c. + Fri Apr 20 18:58:43 EEST 2001 Pekka Riikonen * Fixed buffer overflow in silc_string_compare in the file diff --git a/TODO b/TODO index 319c9826..dfc08607 100644 --- a/TODO +++ b/TODO @@ -46,8 +46,6 @@ TODO/bugs In SILC Server hash tables should replace the lists. Thus, the ID cache should be rewritten to use hash tables internally. - o [DenyConnection] config section is not implemented. - o The backup router support described in the protocol specification should be done at some point. diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c index 50111068..1ff33119 100644 --- a/apps/silcd/packet_receive.c +++ b/apps/silcd/packet_receive.c @@ -956,7 +956,7 @@ void silc_server_notify_list(SilcServer server, SilcBuffer buffer; uint16 len; - SILC_LOG_DEBUG(("Processing New Notify List")); + SILC_LOG_DEBUG(("Processing Notify List")); if (sock->type == SILC_SOCKET_TYPE_CLIENT || packet->src_id_type != SILC_ID_SERVER) diff --git a/apps/silcd/server.c b/apps/silcd/server.c index 7982f239..dd7ea2c4 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -948,6 +948,7 @@ SILC_TASK_CALLBACK(silc_server_accept_new_connection) SilcServerKEInternalContext *proto_ctx; int sock, port; void *cconfig, *sconfig, *rconfig; + SilcServerConfigSectionDenyConnection *deny; SILC_LOG_DEBUG(("Accepting new connection")); @@ -1003,10 +1004,26 @@ SILC_TASK_CALLBACK(silc_server_accept_new_connection) later when outgoing data is available. */ SILC_REGISTER_CONNECTION_FOR_IO(sock); + port = server->sockets[fd]->port; /* Listenning port */ + + /* Check whether this connection is denied to connect to us. */ + deny = silc_server_config_denied_conn(server->config, newsocket->ip, port); + if (!deny) + deny = silc_server_config_denied_conn(server->config, newsocket->hostname, + port); + if (deny) { + /* The connection is denied */ + silc_server_disconnect_remote(server, newsocket, deny->comment ? + deny->comment : + "Server closed connection: " + "Connection refused"); + server->stat.conn_failures++; + return; + } + /* Check whether we have configred this sort of connection at all. We have to check all configurations since we don't know what type of connection this is. */ - port = server->sockets[fd]->port; /* Listenning port */ if (!(cconfig = silc_server_config_find_client_conn(server->config, newsocket->ip, port))) cconfig = silc_server_config_find_client_conn(server->config, diff --git a/apps/silcd/serverconfig.c b/apps/silcd/serverconfig.c index d099e7dd..032b46d5 100644 --- a/apps/silcd/serverconfig.c +++ b/apps/silcd/serverconfig.c @@ -54,7 +54,7 @@ SilcServerConfigSection silc_server_config_sections[] = { { "[AdminConnection]", SILC_CONFIG_SERVER_SECTION_TYPE_ADMIN_CONNECTION, 5 }, { "[DenyConnection]", - SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION, 4 }, + SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION, 3 }, { "[motd]", SILC_CONFIG_SERVER_SECTION_TYPE_MOTD, 1 }, @@ -1041,8 +1041,39 @@ int silc_server_config_parse_lines(SilcServerConfig config, break; case SILC_CONFIG_SERVER_SECTION_TYPE_DENY_CONNECTION: - /* Not implemented yet */ + + SILC_SERVER_CONFIG_LIST_ALLOC(config->denied); + + /* Get host */ + ret = silc_config_get_token(line, &config->denied->host); + if (ret < 0) + break; + if (ret == 0) { + /* Any host */ + config->denied->host = strdup("*"); + fprintf(stderr, "warning: %s:%d: Denying all connections", + config->filename, pc->linenum); + } + + /* Get port */ + ret = silc_config_get_token(line, &tmp); + if (ret < 0) + break; + if (ret == 0) { + /* Any port */ + config->denied->port = 0; + } else { + config->denied->port = atoi(tmp); + silc_free(tmp); + } + + /* Get comment */ + ret = silc_config_get_token(line, &config->denied->comment); + if (ret < 0) + break; + check = TRUE; + checkmask |= (1L << pc->section->type); break; case SILC_CONFIG_SERVER_SECTION_TYPE_MOTD: @@ -1447,7 +1478,7 @@ silc_server_config_find_client_conn(SilcServerConfig config, if (silc_string_compare(client->host, host)) match = TRUE; - if (port && client->port != port) + if (port && client->port && client->port != port) match = FALSE; if (match) @@ -1485,7 +1516,7 @@ silc_server_config_find_server_conn(SilcServerConfig config, if (silc_string_compare(serv->host, host)) match = TRUE; - if (port && serv->port != port) + if (port && serv->port && serv->port != port) match = FALSE; if (match) @@ -1522,7 +1553,7 @@ silc_server_config_find_router_conn(SilcServerConfig config, if (silc_string_compare(serv->host, host)) match = TRUE; - if (port && serv->port != port) + if (port && serv->port && serv->port != port) match = FALSE; if (match) @@ -1594,3 +1625,39 @@ silc_server_config_find_admin(SilcServerConfig config, return admin; } + +/* Returns the Denied connection configuration by host and port. */ + +SilcServerConfigSectionDenyConnection * +silc_server_config_denied_conn(SilcServerConfig config, char *host, + int port) +{ + int i; + SilcServerConfigSectionDenyConnection *deny = NULL; + bool match = FALSE; + + if (!host) + return NULL; + + if (!config->denied) + return NULL; + + deny = config->denied; + for (i = 0; deny; i++) { + if (silc_string_compare(deny->host, host)) + match = TRUE; + + if (port && deny->port && deny->port != port) + match = FALSE; + + if (match) + break; + + deny = deny->next; + } + + if (!deny) + return NULL; + + return deny; +} diff --git a/apps/silcd/serverconfig.h b/apps/silcd/serverconfig.h index 5b6c3aa9..e8ced3e0 100644 --- a/apps/silcd/serverconfig.h +++ b/apps/silcd/serverconfig.h @@ -137,11 +137,12 @@ typedef struct SilcServerConfigSectionServerConnectionStruct { } SilcServerConfigSectionServerConnection; /* Holds all configured denied connections from config file */ -typedef struct { +typedef struct SilcServerConfigSectionDenyConnectionStruct { char *host; - char *time; char *comment; uint16 port; + struct SilcServerConfigSectionDenyConnectionStruct *next; + struct SilcServerConfigSectionDenyConnectionStruct *prev; } SilcServerConfigSectionDenyConnection; /* Holds motd file */ @@ -273,6 +274,8 @@ bool silc_server_config_is_primary_route(SilcServerConfig config); SilcServerConfigSectionAdminConnection * silc_server_config_find_admin(SilcServerConfig config, char *host, char *username, char *nickname); -void silc_server_config_print(); +SilcServerConfigSectionDenyConnection * +silc_server_config_denied_conn(SilcServerConfig config, char *host, + int port); #endif diff --git a/doc/example_silcd.conf b/doc/example_silcd.conf index 7d6c537e..1c47a35c 100644 --- a/doc/example_silcd.conf +++ b/doc/example_silcd.conf @@ -182,6 +182,7 @@ infologfile:/usr/local/silc/logs/silcd.log:10000 # # These connections are denied to connect our server. # -# Format: :