Kill the client-0.2.6 compatibility mode and the --plain option.

This makes rc4 encryption mandatory.

diff --git a/client_common.c b/client_common.c
index 5bce7fb4c21d7a9dfaa6e7e0a220fe57bc7ad8e0..deb3a26ded485f79855516fcd2c1c5f9772761b6 100644 (file)
--- a/client_common.c
+++ b/client_common.c
@@ -179,8 +179,7 @@ static void client_post_select(struct sched *s, struct task *t)
                        ct->status = CL_RECEIVED_WELCOME;
                return;
        case CL_RECEIVED_WELCOME: /* send auth command */
-               sprintf(ct->buf, "auth %s%s", ct->conf.plain_given?
-                       "" : "rc4 ", ct->user);
+               sprintf(ct->buf, "auth rc4 %s", ct->user);
                PARA_INFO_LOG("--> %s\n", ct->buf);
                t->error = send_buffer(ct->fd, ct->buf);
                if (t->error >= 0)
@@ -221,13 +220,11 @@ static void client_post_select(struct sched *s, struct task *t)
                bytes_received = t->error;
                PARA_DEBUG_LOG("++++ server info ++++\n%s\n++++ end of server "
                        "info ++++\n", ct->buf);
-               /* check if server has sent "Proceed" message */
+               /* check if server has sent "Proceed" message and the rc4 keys */
                t->error = -E_CLIENT_AUTH;
-               if (!strstr(ct->buf, PROCEED_MSG))
+               if (bytes_received < PROCEED_MSG_LEN + 2 * RC4_KEY_LEN)
                        return;
-               t->error = 0;
-               ct->status = CL_RECEIVED_PROCEED;
-               if (bytes_received < PROCEED_MSG_LEN + 32)
+               if (!strstr(ct->buf, PROCEED_MSG))
                        return;
                PARA_INFO_LOG("decrypting session key\n");
                t->error = para_decrypt_buffer(ct->key_file, rc4_buf,
@@ -238,6 +235,8 @@ static void client_post_select(struct sched *s, struct task *t)
                RC4_set_key(&ct->rc4_send_key, RC4_KEY_LEN, rc4_buf);
                RC4_set_key(&ct->rc4_recv_key, RC4_KEY_LEN, rc4_buf + RC4_KEY_LEN);
                enable_crypt(ct->fd, rc4_recv, rc4_send, ct);
+               ct->status = CL_RECEIVED_PROCEED;
+               return;
                }
        case CL_RECEIVED_PROCEED: /* concat args and send command */
                {

diff --git a/command.c b/command.c
index 1ca54da90191fd270c98b3001d16a4b5f5c04c53..15b166adbb1c959c803c46bc38a270e95e1e8e7d 100644 (file)
--- a/command.c
+++ b/command.c
@@ -687,7 +687,7 @@ static void reset_signals(void)
  */
 __noreturn void handle_connect(int fd, const char *peername)
 {
-       int ret, argc, use_rc4 = 0;
+       int ret, argc;
        char buf[4096];
        unsigned char crypt_buf[MAXLINE];
        struct user *u;
@@ -712,23 +712,16 @@ __noreturn void handle_connect(int fd, const char *peername)
        ret = recv_buffer(fd, buf, sizeof(buf));
        if (ret < 0)
                goto err_out;
-       if (ret <= 6) {
+       if (ret < 10) {
                ret = -E_AUTH;
                goto err_out;
        }
        numbytes = ret;
        ret = -E_AUTH;
-       if (strncmp(buf, "auth ", 5))
+       if (strncmp(buf, "auth rc4 ", 9))
                goto err_out;
-
-       if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))
-               p = buf + 5; /* client version < 0.2.6 */
-       else {
-               p = buf + 9; /* client version >= 0.2.6 */
-               use_rc4 = 1;
-       }
-       PARA_DEBUG_LOG("received %s request for user %s\n",
-               use_rc4? "rc4" : "auth", p);
+       p = buf + 9;
+       PARA_DEBUG_LOG("received auth request for user %s\n", p);
        ret = -E_BAD_USER;
        u = lookup_user(p);
        if (!u)
@@ -756,20 +749,17 @@ __noreturn void handle_connect(int fd, const char *peername)
        /* auth successful, send 'Proceed' message */
        PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr);
        sprintf(buf, "%s", PROCEED_MSG);
-       if (use_rc4) {
-               init_rc4_keys();
-               ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
-                       (unsigned char *)buf + PROCEED_MSG_LEN + 1);
-               if (ret <= 0)
-                       goto err_out;
-               numbytes = ret + strlen(PROCEED_MSG) + 1;
-       } else
-               numbytes = strlen(buf);
+       init_rc4_keys();
+       /* Should we also encrypt the proceed message? */
+       ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
+               (unsigned char *)buf + PROCEED_MSG_LEN + 1);
+       if (ret <= 0)
+               goto err_out;
+       numbytes = ret + strlen(PROCEED_MSG) + 1;
        ret = send_bin_buffer(fd, buf, numbytes);
        if (ret < 0)
                goto net_err;
-       if (use_rc4)
-               enable_crypt(fd, rc4_recv, rc4_send, NULL);
+       enable_crypt(fd, rc4_recv, rc4_send, NULL);
        ret = read_command(fd, &command);
        if (ret == -E_COMMAND_SYNTAX)
                goto err_out;

diff --git a/ggo/client.m4 b/ggo/client.m4
index 1ae5a38ace2c8ba041d14a6fd187ac11f260c091..5770ff0a6711230f644699df0504d775c552eea6 100644 (file)
--- a/ggo/client.m4
+++ b/ggo/client.m4
@@ -11,7 +11,3 @@ option "key_file" k "(default='~/.paraslash/key.<user>')" string typestr="filena
 
 include(loglevel.m4)
 include(config_file.m4)
-
-<qu>
-option "plain" - "request an uncrypted session" flag off
-</qu>