From a9cf3cba84f9c41ad48eb023b0e3dfaba802ddf9 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Tue, 10 Apr 2001 09:42:02 +0000 Subject: [PATCH] updates. --- CHANGES | 12 ++++++++++++ Makefile.am | 20 +++++++++++++------- apps/silcd/packet_receive.c | 4 ++++ apps/silcd/packet_send.c | 9 --------- apps/silcd/protocol.c | 22 ++++++++-------------- apps/silcd/server.c | 18 +++++++++++++----- lib/silcclient/protocol.c | 24 +++++++++--------------- lib/silccore/silcpacket.c | 6 +++--- lib/silcutil/silcnet.c | 8 +++++--- 9 files changed, 67 insertions(+), 56 deletions(-) diff --git a/CHANGES b/CHANGES index e666e254..3932d767 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,15 @@ +Tue Apr 10 16:20:34 EEST 2001 Pekka Riikonen + + * When MAC computation fails the silc_packet_decrypt returned 0 + even though it was supposed to return -1. Fixed this. The + affected file is lib/silccore/silcpacket.c. + + * Do not replace the config files in /etc/silc (in make install) + if they already exist. Affected file ./Makefile.am. + + * Do not send re-key packets immediately but through packet queue. + Affected file silcd/protocol.c and lib/silcclient/protocol.c. + Mon Apr 9 21:54:44 EEST 2001 Pekka Riikonen * Added silc_pkcs_decode_identifier to decode the public key's diff --git a/Makefile.am b/Makefile.am index da17d191..64286004 100644 --- a/Makefile.am +++ b/Makefile.am @@ -50,14 +50,20 @@ sim-install: -cp -fR $(srcdir)/lib/silcsim/modules/*.so $(modulesdir)/ doc-install: - -cp -fR $(srcdir)/doc/* $(docdir)/ - -cp -fR $(srcdir)/COPYING $(docdir)/ - -cp -fR $(srcdir)/README $(docdir)/ - -cp -fR $(srcdir)/INSTALL $(docdir)/ - -cp -fR $(srcdir)/TODO $(docdir)/ + $(INSTALL_DATA) $(srcdir)/doc/* $(docdir)/ + $(INSTALL_DATA) $(srcdir)/COPYING $(docdir)/ + $(INSTALL_DATA) $(srcdir)/README $(docdir)/ + $(INSTALL_DATA) $(srcdir)/INSTALL $(docdir)/ + $(INSTALL_DATA) $(srcdir)/TODO $(docdir)/ etc-install: - -cp -fR $(srcdir)/doc/example_silcd.conf $(etcdir)/silcd.conf - -cp -fR $(srcdir)/doc/example_silc.conf $(etcdir)/silc.conf + -@if test '!' -f $(etcdir)/silcd.conf ; then \ + $(INSTALL_DATA) $(srcdir)/doc/example_silcd.conf \ + $(etcdir)/silcd.conf; \ + fi + -@if test '!' -f $(etcdir)silc.conf ; then \ + $(INSTALL_DATA) $(srcdir)/doc/example_silc.conf \ + $(etcdir)/silc.conf; \ + fi install-data-hook: install-dirs generate-server-key sim-install doc-install etc-install diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c index 46b0aac1..1855c27c 100644 --- a/apps/silcd/packet_receive.c +++ b/apps/silcd/packet_receive.c @@ -1296,6 +1296,8 @@ SilcClientEntry silc_server_new_client(SilcServer server, if (!silc_idcache_find_by_context(server->local_list->clients, sock->user_data, &cache)) { SILC_LOG_ERROR(("Lost client's cache entry - bad thing")); + silc_server_disconnect_remote(server, sock, "Server closed connection: " + "Unknown client"); return NULL; } @@ -1309,6 +1311,8 @@ SilcClientEntry silc_server_new_client(SilcServer server, silc_free(username); if (realname) silc_free(realname); + silc_server_disconnect_remote(server, sock, "Server closed connection: " + "Incomplete client information"); return NULL; } diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c index 8a9511dd..a88eedbe 100644 --- a/apps/silcd/packet_send.c +++ b/apps/silcd/packet_send.c @@ -25,15 +25,6 @@ #include "serverincludes.h" #include "server_internal.h" -/* Internal context that holds the packet data and packet sending function - callbacks when the packet is sent with timeout. This is used when - the server is performing re-key protocol. During re-key we will prevent - sending of any other than re-key packets so that the packets would not - be encrypted with wrong keys. Other than that, this is not used at all. */ -typedef struct { - -} *SilcServerSendPacket; - /* Routine that sends packet or marks packet to be sent. This is used directly only in special cases. Normal cases should use silc_server_packet_send. Returns < 0 error. */ diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c index abb40e71..aef7267c 100644 --- a/apps/silcd/protocol.c +++ b/apps/silcd/protocol.c @@ -1110,7 +1110,7 @@ silc_server_protocol_rekey_send_packet(SilcSKE ske, /* Send the packet immediately */ silc_server_packet_send(server, ctx->sock, - type, 0, packet->data, packet->len, TRUE); + type, 0, packet->data, packet->len, FALSE); } /* Performs re-key as defined in the SILC protocol specification. */ @@ -1197,7 +1197,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) /* Start the re-key by sending the REKEY packet */ silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY, - 0, NULL, 0, TRUE); + 0, NULL, 0, FALSE); if (ctx->pfs == TRUE) { /* @@ -1232,9 +1232,12 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) * Do normal and simple re-key. */ - /* The protocol ends in next stage. We have sent the REKEY packet - and now we just wait that the responder send REKEY_DONE and - the we'll generate the new key, simple. */ + /* Send the REKEY_DONE to indicate we will take new keys into use + now. */ + silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE, + 0, NULL, 0, FALSE); + + /* The protocol ends in next stage. */ protocol->state = SILC_PROTOCOL_STATE_END; } } @@ -1313,15 +1316,6 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0); } - if (ctx->responder == FALSE) { - if (ctx->pfs == FALSE) { - /* Send the REKEY_DONE to indicate we will take new keys into use - now. */ - silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE, - 0, NULL, 0, FALSE); - } - } - /* Protocol has ended, call the final callback */ if (protocol->final_callback) protocol->execute_final(server->timeout_queue, 0, protocol, fd); diff --git a/apps/silcd/server.c b/apps/silcd/server.c index 7fd9b86c..533d46ae 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -514,6 +514,9 @@ SILC_TASK_CALLBACK(silc_server_connect_router) SilcServerKEInternalContext *proto_ctx; int sock; + SILC_LOG_INFO(("Connecting to the router %s on port %d", + sconn->remote_host, sconn->remote_port)); + /* Connect to remote host */ sock = silc_net_create_connection(sconn->remote_port, sconn->remote_host); @@ -855,7 +858,7 @@ SILC_TASK_CALLBACK(silc_server_connect_to_router_final) /* Add the connected router to local server list */ server->standalone = FALSE; - id_entry = silc_idlist_add_server(server->local_list, sock->hostname, + id_entry = silc_idlist_add_server(server->local_list, strdup(sock->hostname), SILC_ROUTER, ctx->dest_id, NULL, sock); if (!id_entry) { if (ctx->dest_id) @@ -1991,7 +1994,12 @@ SILC_TASK_CALLBACK(silc_server_close_connection_final) void silc_server_close_connection(SilcServer server, SilcSocketConnection sock) { - SILC_LOG_DEBUG(("Closing connection %d", sock->sock)); + SILC_LOG_INFO(("Closing connection %s:%d [%s] (%d)", sock->hostname, + sock->port, + (sock->type == SILC_SOCKET_TYPE_UNKNOWN ? "Unknown" : + sock->type == SILC_SOCKET_TYPE_CLIENT ? "Client" : + sock->type == SILC_SOCKET_TYPE_SERVER ? "Server" : + "Router"), sock->sock)); /* We won't listen for this connection anymore */ silc_schedule_unset_listen_fd(sock->sock); @@ -2796,7 +2804,7 @@ SILC_TASK_CALLBACK(silc_server_channel_key_rekey) silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)rekey, 3600 + 5, 0, + (void *)rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } @@ -2867,7 +2875,7 @@ void silc_server_create_channel_key(SilcServer server, silc_server_channel_key_rekey); silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)channel->rekey, 3600 + 5, 0, + (void *)channel->rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } @@ -2972,7 +2980,7 @@ SilcChannelEntry silc_server_save_channel_key(SilcServer server, silc_server_channel_key_rekey); silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)channel->rekey, 3600 + 5, 0, + (void *)channel->rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } diff --git a/lib/silcclient/protocol.c b/lib/silcclient/protocol.c index 02939acb..801a5b95 100644 --- a/lib/silcclient/protocol.c +++ b/lib/silcclient/protocol.c @@ -742,7 +742,7 @@ silc_client_protocol_rekey_send_packet(SilcSKE ske, /* Send the packet immediately */ silc_client_packet_send(client, ctx->sock, type, NULL, 0, NULL, NULL, - packet->data, packet->len, TRUE); + packet->data, packet->len, FALSE); } /* Performs re-key as defined in the SILC protocol specification. */ @@ -830,7 +830,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) /* Start the re-key by sending the REKEY packet */ silc_client_packet_send(client, ctx->sock, SILC_PACKET_REKEY, - NULL, 0, NULL, NULL, NULL, 0, TRUE); + NULL, 0, NULL, NULL, NULL, 0, FALSE); if (ctx->pfs == TRUE) { /* @@ -865,9 +865,13 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) * Do normal and simple re-key. */ - /* The protocol ends in next stage. We have sent the REKEY packet - and now we just wait that the responder send REKEY_DONE and - the we'll generate the new key, simple. */ + /* Send the REKEY_DONE to indicate we will take new keys into use + now. */ + silc_client_packet_send(client, ctx->sock, + SILC_PACKET_REKEY_DONE, + NULL, 0, NULL, NULL, NULL, 0, FALSE); + + /* The protocol ends in next stage. */ protocol->state = SILC_PROTOCOL_STATE_END; } } @@ -946,16 +950,6 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) protocol->execute(client->timeout_queue, 0, protocol, fd, 0, 0); } - if (ctx->responder == FALSE) { - if (ctx->pfs == FALSE) { - /* Send the REKEY_DONE to indicate we will take new keys into use - now. */ - silc_client_packet_send(client, ctx->sock, - SILC_PACKET_REKEY_DONE, - NULL, 0, NULL, NULL, NULL, 0, FALSE); - } - } - /* Protocol has ended, call the final callback */ if (protocol->final_callback) protocol->execute_final(client->timeout_queue, 0, protocol, fd); diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c index 9895fa25..80be09c4 100644 --- a/lib/silccore/silcpacket.c +++ b/lib/silccore/silcpacket.c @@ -478,7 +478,7 @@ static int silc_packet_check_mac(SilcHmac hmac, SilcBuffer buffer) /* Compare the HMAC's (buffer->tail has the packet's HMAC) */ if (memcmp(mac, buffer->tail, mac_len)) { - SILC_LOG_DEBUG(("MAC failed")); + SILC_LOG_ERROR(("MAC failed")); return FALSE; } @@ -607,7 +607,7 @@ int silc_packet_decrypt(SilcCipher cipher, SilcHmac hmac, /* Check MAC */ if (!silc_packet_check_mac(hmac, buffer)) - return FALSE; + return -1; return 0; } else { @@ -618,7 +618,7 @@ int silc_packet_decrypt(SilcCipher cipher, SilcHmac hmac, /* Check MAC */ if (!silc_packet_check_mac(hmac, buffer)) - return FALSE; + return -1; return 1; } diff --git a/lib/silcutil/silcnet.c b/lib/silcutil/silcnet.c index bb55b3a2..cc09a130 100644 --- a/lib/silcutil/silcnet.c +++ b/lib/silcutil/silcnet.c @@ -267,6 +267,11 @@ void silc_net_check_host_by_sock(int sock, char **hostname, char **ip) the who it says it is */ memset(host_name, 0, sizeof(host_name)); memcpy(host_name, dest->h_name, strlen(dest->h_name)); + + *hostname = silc_calloc(strlen(host_name) + 1, sizeof(char)); + memcpy(*hostname, host_name, strlen(host_name)); + SILC_LOG_DEBUG(("Resolved hostname `%s'", *hostname)); + dest = gethostbyname(host_name); if (!dest) return; @@ -283,9 +288,6 @@ void silc_net_check_host_by_sock(int sock, char **hostname, char **ip) if (!host_ip) return; - *hostname = silc_calloc(strlen(host_name) + 1, sizeof(char)); - memcpy(*hostname, host_name, strlen(host_name)); - SILC_LOG_DEBUG(("Resolved hostname `%s'", *hostname)); *ip = silc_calloc(strlen(host_ip) + 1, sizeof(char)); memcpy(*ip, host_ip, strlen(host_ip)); SILC_LOG_DEBUG(("Resolved IP address `%s'", *ip)); -- 2.24.0