From 7f20dfa91fc930b67eeeaf29f98cdf5587911da6 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Wed, 25 Jul 2001 13:59:33 +0000
Subject: [PATCH] 	updates.

---
 CHANGES                                   | 10 ++++++++++
 apps/silcd/command.c                      |  9 +++++++++
 doc/draft-riikonen-silc-commands-01.nroff | 23 ++++++++++++++++++-----
 3 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 98887322..ee878a57 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,13 @@
+Wed Jul 25 16:04:35 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
+
+	* Do not enable SILC_THREADS if the linking with libpthread
+	  did not happen.  Affected file configure.in.pre.
+
+	* Added notion to protocol specification that server must
+	  verify the sent authentication payload with CMODE when
+	  setting the channel founder key.  Implemented it to the
+	  server.  Affected file silcd/command.c.
+
 Mon Jul 23 18:31:43 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
 
 	* Added _EXTRA_DIST SILC distribution variable to the
diff --git a/apps/silcd/command.c b/apps/silcd/command.c
index b2b268db..c5041bcb 100644
--- a/apps/silcd/command.c
+++ b/apps/silcd/command.c
@@ -3768,6 +3768,15 @@ SILC_SERVER_CMD_FUNC(cmode)
 	    silc_calloc(tmp_len + 1, sizeof(*channel->founder_passwd));
 	  memcpy(channel->founder_passwd, tmp, tmp_len);
 	  channel->founder_passwd_len = tmp_len;
+	} else {
+	  /* Verify the payload before setting the mode */
+	  if (!silc_auth_verify(auth, channel->founder_method, 
+				channel->founder_key, 0, idata->hash,
+				client->id, SILC_ID_CLIENT)) {
+	    silc_server_command_send_status_reply(cmd, SILC_COMMAND_CMODE,
+						  SILC_STATUS_ERR_AUTH_FAILED);
+	    goto out;
+	  }
 	}
 
 	silc_auth_payload_free(auth);
diff --git a/doc/draft-riikonen-silc-commands-01.nroff b/doc/draft-riikonen-silc-commands-01.nroff
index 299f9ba7..e3e57c6b 100644
--- a/doc/draft-riikonen-silc-commands-01.nroff
+++ b/doc/draft-riikonen-silc-commands-01.nroff
@@ -775,7 +775,11 @@ List of all defined commands in SILC follows.
         as operator.  The <authentication payload> is the data that the
         client is authenticated against.  It may be passphrase prompted
         for user on client's screen or it may be public key or certificate
-        authentication data (data signed with private key).
+        authentication data (data signed with private key).  The public
+        key that server will use to verify the signature found in the
+        payload should be verified.  It is recommended that the public
+        key is saved locally in the server and server would not use
+        any public keys received during the SKE.
 
         After changing the mode the server MUST send the notify type
         SILC_NOTIFY_TYPE_UMODE_CHANGE to its primary router.
@@ -1147,7 +1151,9 @@ List of all defined commands in SILC follows.
               method is public key authentication the server MUST NOT
               save the authentication data from the payload as the
               data is different on all authentications.  In this case the
-              server only saves the authentication method.
+              server only saves the authentication method.  However,
+              server MUST verify the sent authentication payload and
+              set the mode only if the verification was successful.
 
               Note that this mode is effective only in the current server.
               The client MUST connect to the same server later to be able
@@ -1193,6 +1199,7 @@ List of all defined commands in SILC follows.
             SILC_STATUS_ERR_NO_CHANNEL_PRIV
             SILC_STATUS_ERR_UNKNOWN_MODE
             SILC_STATUS_ERR_NO_SUCH_CLIENT_ID
+            SILC_STATUS_ERR_AUTH_FAILED
 
 
    18   SILC_COMMAND_CUMODE
@@ -1229,8 +1236,10 @@ List of all defined commands in SILC follows.
               However, if the SILC_CMODE_FOUNDER_AUTH channel mode has
               been set, the client can claim channel founder privileges
               by providing the <auth payload> that the server will use
-              to authenticate the client.  The client MAY remove this
-              mode at any time.
+              to authenticate the client.  The public key that server will
+              use to verify the <auth payload> must the same public key
+              that was saved when the SILC_CMODE_FOUNDER_AUTH channel
+              mode was set.  The client MAY remove this mode at any time.
 
 
            0x0002    SILC_CUMODE_OPERATOR
@@ -1411,7 +1420,11 @@ List of all defined commands in SILC follows.
         as operator.  The <authentication payload> is the data that the
         client is authenticated against.  It may be passphrase prompted
         for user on client's screen or it may be public key or certificate
-        authentication data (data signed with private key).
+        authentication data (data signed with private key).  The public
+        key that router will use to verify the signature found in the
+        payload should be verified.  It is recommended that the public
+        key is saved locally in the router and router would not use
+        any public keys received during the SKE.
 
         Difference between router operator and server operator is that
         router operator is able to handle cell level properties while
-- 
2.24.0