Kill the client-0.2.6 compatibility mode and the --plain option.
authorAndre Noll <maan@systemlinux.org>
Sat, 13 Jun 2009 18:41:59 +0000 (20:41 +0200)
committerAndre Noll <maan@systemlinux.org>
Sat, 13 Jun 2009 18:41:59 +0000 (20:41 +0200)
This makes rc4 encryption mandatory.

client_common.c
command.c
ggo/client.m4

index 5bce7fb..deb3a26 100644 (file)
@@ -179,8 +179,7 @@ static void client_post_select(struct sched *s, struct task *t)
                        ct->status = CL_RECEIVED_WELCOME;
                return;
        case CL_RECEIVED_WELCOME: /* send auth command */
-               sprintf(ct->buf, "auth %s%s", ct->conf.plain_given?
-                       "" : "rc4 ", ct->user);
+               sprintf(ct->buf, "auth rc4 %s", ct->user);
                PARA_INFO_LOG("--> %s\n", ct->buf);
                t->error = send_buffer(ct->fd, ct->buf);
                if (t->error >= 0)
@@ -221,13 +220,11 @@ static void client_post_select(struct sched *s, struct task *t)
                bytes_received = t->error;
                PARA_DEBUG_LOG("++++ server info ++++\n%s\n++++ end of server "
                        "info ++++\n", ct->buf);
-               /* check if server has sent "Proceed" message */
+               /* check if server has sent "Proceed" message and the rc4 keys */
                t->error = -E_CLIENT_AUTH;
-               if (!strstr(ct->buf, PROCEED_MSG))
+               if (bytes_received < PROCEED_MSG_LEN + 2 * RC4_KEY_LEN)
                        return;
-               t->error = 0;
-               ct->status = CL_RECEIVED_PROCEED;
-               if (bytes_received < PROCEED_MSG_LEN + 32)
+               if (!strstr(ct->buf, PROCEED_MSG))
                        return;
                PARA_INFO_LOG("decrypting session key\n");
                t->error = para_decrypt_buffer(ct->key_file, rc4_buf,
@@ -238,6 +235,8 @@ static void client_post_select(struct sched *s, struct task *t)
                RC4_set_key(&ct->rc4_send_key, RC4_KEY_LEN, rc4_buf);
                RC4_set_key(&ct->rc4_recv_key, RC4_KEY_LEN, rc4_buf + RC4_KEY_LEN);
                enable_crypt(ct->fd, rc4_recv, rc4_send, ct);
+               ct->status = CL_RECEIVED_PROCEED;
+               return;
                }
        case CL_RECEIVED_PROCEED: /* concat args and send command */
                {
index 1ca54da..15b166a 100644 (file)
--- a/command.c
+++ b/command.c
@@ -687,7 +687,7 @@ static void reset_signals(void)
  */
 __noreturn void handle_connect(int fd, const char *peername)
 {
-       int ret, argc, use_rc4 = 0;
+       int ret, argc;
        char buf[4096];
        unsigned char crypt_buf[MAXLINE];
        struct user *u;
@@ -712,23 +712,16 @@ __noreturn void handle_connect(int fd, const char *peername)
        ret = recv_buffer(fd, buf, sizeof(buf));
        if (ret < 0)
                goto err_out;
-       if (ret <= 6) {
+       if (ret < 10) {
                ret = -E_AUTH;
                goto err_out;
        }
        numbytes = ret;
        ret = -E_AUTH;
-       if (strncmp(buf, "auth ", 5))
+       if (strncmp(buf, "auth rc4 ", 9))
                goto err_out;
-
-       if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))
-               p = buf + 5; /* client version < 0.2.6 */
-       else {
-               p = buf + 9; /* client version >= 0.2.6 */
-               use_rc4 = 1;
-       }
-       PARA_DEBUG_LOG("received %s request for user %s\n",
-               use_rc4? "rc4" : "auth", p);
+       p = buf + 9;
+       PARA_DEBUG_LOG("received auth request for user %s\n", p);
        ret = -E_BAD_USER;
        u = lookup_user(p);
        if (!u)
@@ -756,20 +749,17 @@ __noreturn void handle_connect(int fd, const char *peername)
        /* auth successful, send 'Proceed' message */
        PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr);
        sprintf(buf, "%s", PROCEED_MSG);
-       if (use_rc4) {
-               init_rc4_keys();
-               ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
-                       (unsigned char *)buf + PROCEED_MSG_LEN + 1);
-               if (ret <= 0)
-                       goto err_out;
-               numbytes = ret + strlen(PROCEED_MSG) + 1;
-       } else
-               numbytes = strlen(buf);
+       init_rc4_keys();
+       /* Should we also encrypt the proceed message? */
+       ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
+               (unsigned char *)buf + PROCEED_MSG_LEN + 1);
+       if (ret <= 0)
+               goto err_out;
+       numbytes = ret + strlen(PROCEED_MSG) + 1;
        ret = send_bin_buffer(fd, buf, numbytes);
        if (ret < 0)
                goto net_err;
-       if (use_rc4)
-               enable_crypt(fd, rc4_recv, rc4_send, NULL);
+       enable_crypt(fd, rc4_recv, rc4_send, NULL);
        ret = read_command(fd, &command);
        if (ret == -E_COMMAND_SYNTAX)
                goto err_out;
index 1ae5a38..5770ff0 100644 (file)
@@ -11,7 +11,3 @@ option "key_file" k "(default='~/.paraslash/key.<user>')" string typestr="filena
 
 include(loglevel.m4)
 include(config_file.m4)
-
-<qu>
-option "plain" - "request an uncrypted session" flag off
-</qu>