X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;fp=command.c;h=2171457168c294861ece3c644efe34709f74f5cf;hp=f4eeb524deaf87c303fec3ff78d4a56c278a8cff;hb=b92a1de60b4988ba966b16948e9a331a0ac35e60;hpb=e74113b0e1a6ca1c047667218b089362372aa0f0 diff --git a/command.c b/command.c index f4eeb524..21714571 100644 --- a/command.c +++ b/command.c @@ -762,7 +762,7 @@ static void reset_signals(void) } struct connection_features { - int dummy; /* none at the moment */ + bool sha256_requested; /* can be removed after 0.7.0 */ }; static int parse_auth_request(char *buf, int len, const struct user **u, @@ -797,6 +797,12 @@ static int parse_auth_request(char *buf, int len, const struct user **u, continue; if (strcmp(features[i], "aes_ctr128") == 0) continue; + /* + * ->sha256_requested can go away after 0.7.0 but the + * check has to stay until 0.9.0. + */ + if (strcmp(features[i], "sha256") == 0) + cf->sha256_requested = true; else { ret = -E_BAD_FEATURE; goto out; @@ -894,7 +900,7 @@ int handle_connect(int fd) { int ret; unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; - unsigned char challenge_hash[HASH_SIZE]; + unsigned char challenge_hash[HASH2_SIZE]; char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; size_t numbytes; struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct; @@ -910,7 +916,7 @@ int handle_connect(int fd) /* send Welcome message */ ret = write_va_buffer(fd, "This is para_server, version " PACKAGE_VERSION ".\n" - "Features:\n" + "Features: sha256\n" /* no longer announce this after 0.8.0 */ ); if (ret < 0) goto net_err; @@ -958,11 +964,19 @@ int handle_connect(int fd) * of the random data. */ ret = -E_BAD_AUTH; - if (numbytes != HASH_SIZE) - goto net_err; - hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); - if (memcmp(challenge_hash, buf, HASH_SIZE)) - goto net_err; + if (cf.sha256_requested) { + if (numbytes != HASH2_SIZE) + goto net_err; + hash2_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH2_SIZE)) + goto net_err; + } else { /* old client. This can be removed after 0.7.0 */ + if (numbytes != HASH_SIZE) + goto net_err; + hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH_SIZE)) + goto net_err; + } /* auth successful */ alarm(0); PARA_INFO_LOG("good auth for %s\n", cc->u->name);