handle_connect(): Don't send anything to non-authorized clients.

Currently, if we don't receive a valid authentication request, we send
back an RC4-encrypted error message to the client, which is kind of
pointless since the RC4 keys are not set up at this point.

Of course we could send an unencryted error message in this case,
but in since the peer could be anything, it seems safer to just close
the connection.

diff --git a/command.c b/command.c
index f462016b2e572f6a58691362cb52c9bdb280ea91..f9ef6cd75ab8733408d3c2542230ae806281bf85 100644 (file)
--- a/command.c
+++ b/command.c
@@ -743,24 +743,24 @@ __noreturn void handle_connect(int fd, const char *peername)
        /* we need a blocking fd here as recv() might return EAGAIN otherwise. */
        ret = mark_fd_blocking(fd);
        if (ret < 0)
        /* we need a blocking fd here as recv() might return EAGAIN otherwise. */
        ret = mark_fd_blocking(fd);
        if (ret < 0)

-               goto err_out;
+               goto net_err;

        /* send Welcome message */
        ret = send_va_buffer(fd, "This is para_server, version "
                PACKAGE_VERSION  ".\n" );
        if (ret < 0)
        /* send Welcome message */
        ret = send_va_buffer(fd, "This is para_server, version "
                PACKAGE_VERSION  ".\n" );
        if (ret < 0)

-               goto err_out;
+               goto net_err;

        /* recv auth request line */
        ret = recv_buffer(fd, buf, sizeof(buf));
        if (ret < 0)
        /* recv auth request line */
        ret = recv_buffer(fd, buf, sizeof(buf));
        if (ret < 0)

-               goto err_out;
+               goto net_err;

        if (ret < 10) {
                ret = -E_AUTH_REQUEST;
        if (ret < 10) {
                ret = -E_AUTH_REQUEST;

-               goto err_out;
+               goto net_err;

        }
        numbytes = ret;
        ret = -E_AUTH_REQUEST;
        if (strncmp(buf, AUTH_REQUEST_MSG, strlen(AUTH_REQUEST_MSG)))
        }
        numbytes = ret;
        ret = -E_AUTH_REQUEST;
        if (strncmp(buf, AUTH_REQUEST_MSG, strlen(AUTH_REQUEST_MSG)))

-               goto err_out;
+               goto net_err;

        p = buf + strlen(AUTH_REQUEST_MSG);
        PARA_DEBUG_LOG("received auth request for user %s\n", p);
        ret = -E_BAD_USER;
        p = buf + strlen(AUTH_REQUEST_MSG);
        PARA_DEBUG_LOG("received auth request for user %s\n", p);
        ret = -E_BAD_USER;


@@ -770,7 +770,7 @@ __noreturn void handle_connect(int fd, const char *peername)
                ret = para_encrypt_buffer(u->rsa, rand_buf, sizeof(rand_buf),
                        (unsigned char *)buf);
                if (ret < 0)
                ret = para_encrypt_buffer(u->rsa, rand_buf, sizeof(rand_buf),
                        (unsigned char *)buf);
                if (ret < 0)

-                       goto err_out;
+                       goto net_err;

                numbytes = ret;
        } else {
                /*
                numbytes = ret;
        } else {
                /*