From ced2de2998817549665961a2360d899e30bea669 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Sat, 3 Nov 2001 16:04:16 +0000
Subject: [PATCH] 	updates.

---
 CHANGES                  | 11 +++++++++++
 apps/silcd/command.c     |  6 ++++--
 lib/silccrypt/silcpkcs.c | 19 +++++++++++++++++++
 lib/silccrypt/silcpkcs.h |  1 +
 4 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8ff7fae1..e1328f61 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,14 @@
+Sat Nov  3 17:48:55 EET 2001  Pekka Riikonen <priikone@silcnet.org>
+
+	* Added silc_pkcs_public_key_compare to compare two 
+	  public keys.  Affected file lib/silccrypt/silcpkcs.[ch].
+
+	* Check that the client who set the founder mode on the
+	  channel is the same client that is giving the founder
+	  mode to itself.  It is done by comparing the saved public
+	  key (it is saved even in the authentication is passphrase).
+	  Affected file silcd/command.c.
+
 Fri Nov  2 18:52:08 EST 2001  Pekka Riikonen <priikone@silcnet.org>
 
 	* Do not process packet for disconnected socket connection.
diff --git a/apps/silcd/command.c b/apps/silcd/command.c
index d0cb5316..5c42734f 100644
--- a/apps/silcd/command.c
+++ b/apps/silcd/command.c
@@ -4186,7 +4186,9 @@ SILC_SERVER_CMD_FUNC(cumode)
       }
 
       if (!(channel->mode & SILC_CHANNEL_MODE_FOUNDER_AUTH) ||
-	  !channel->founder_key) {
+	  !channel->founder_key || !idata->public_key ||
+	  !silc_pkcs_public_key_compare(channel->founder_key, 
+					idata->public_key)) {
 	silc_server_command_send_status_reply(cmd, SILC_COMMAND_CUMODE,
 					      SILC_STATUS_ERR_NOT_YOU);
 	goto out;
@@ -4198,7 +4200,7 @@ SILC_SERVER_CMD_FUNC(cumode)
 				     SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
 	goto out;
       }
-      
+
       auth = (channel->founder_method == SILC_AUTH_PASSWORD ?
 	      (void *)channel->founder_passwd : (void *)channel->founder_key);
       auth_len = (channel->founder_method == SILC_AUTH_PASSWORD ?
diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c
index fe0e1c65..866662b3 100644
--- a/lib/silccrypt/silcpkcs.c
+++ b/lib/silccrypt/silcpkcs.c
@@ -721,6 +721,25 @@ int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len,
   return FALSE;
 }
 
+/* Compares two public keys and returns TRUE if they are same key, and
+   FALSE if they are not same. */
+
+bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2)
+{
+  if (key1 == key2)
+    return TRUE;
+
+  if (key1->len == key2->len &&
+      key1->name && key2->name && key1->identifier && key2->identifier &&
+      !strcmp(key1->name, key2->name) &&
+      !strcmp(key1->identifier, key2->identifier) &&
+      !memcmp(key1->pk, key2->pk, key1->pk_len) &&
+      key1->pk_len == key2->pk_len)
+    return TRUE;
+
+  return FALSE;
+}
+
 /* Encodes SILC private key from SilcPrivateKey. Returns the encoded data. */
 
 unsigned char *
diff --git a/lib/silccrypt/silcpkcs.h b/lib/silccrypt/silcpkcs.h
index 4cf89666..5f291328 100644
--- a/lib/silccrypt/silcpkcs.h
+++ b/lib/silccrypt/silcpkcs.h
@@ -224,6 +224,7 @@ silc_pkcs_public_key_data_encode(unsigned char *pk, uint32 pk_len,
 				 uint32 *len);
 int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len,
 				SilcPublicKey *public_key);
+bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
 unsigned char *
 silc_pkcs_private_key_encode(SilcPrivateKey private_key, uint32 *len);
 unsigned char *
-- 
2.24.0