From: Andre Noll Date: Sat, 13 Jun 2009 18:41:59 +0000 (+0200) Subject: Kill the client-0.2.6 compatibility mode and the --plain option. X-Git-Tag: v0.4.0~76^2~4 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=7137a51458b34fe031c005539ba5035edcd67695;p=paraslash.git Kill the client-0.2.6 compatibility mode and the --plain option. This makes rc4 encryption mandatory. --- diff --git a/client_common.c b/client_common.c index 5bce7fb4..deb3a26d 100644 --- a/client_common.c +++ b/client_common.c @@ -179,8 +179,7 @@ static void client_post_select(struct sched *s, struct task *t) ct->status = CL_RECEIVED_WELCOME; return; case CL_RECEIVED_WELCOME: /* send auth command */ - sprintf(ct->buf, "auth %s%s", ct->conf.plain_given? - "" : "rc4 ", ct->user); + sprintf(ct->buf, "auth rc4 %s", ct->user); PARA_INFO_LOG("--> %s\n", ct->buf); t->error = send_buffer(ct->fd, ct->buf); if (t->error >= 0) @@ -221,13 +220,11 @@ static void client_post_select(struct sched *s, struct task *t) bytes_received = t->error; PARA_DEBUG_LOG("++++ server info ++++\n%s\n++++ end of server " "info ++++\n", ct->buf); - /* check if server has sent "Proceed" message */ + /* check if server has sent "Proceed" message and the rc4 keys */ t->error = -E_CLIENT_AUTH; - if (!strstr(ct->buf, PROCEED_MSG)) + if (bytes_received < PROCEED_MSG_LEN + 2 * RC4_KEY_LEN) return; - t->error = 0; - ct->status = CL_RECEIVED_PROCEED; - if (bytes_received < PROCEED_MSG_LEN + 32) + if (!strstr(ct->buf, PROCEED_MSG)) return; PARA_INFO_LOG("decrypting session key\n"); t->error = para_decrypt_buffer(ct->key_file, rc4_buf, @@ -238,6 +235,8 @@ static void client_post_select(struct sched *s, struct task *t) RC4_set_key(&ct->rc4_send_key, RC4_KEY_LEN, rc4_buf); RC4_set_key(&ct->rc4_recv_key, RC4_KEY_LEN, rc4_buf + RC4_KEY_LEN); enable_crypt(ct->fd, rc4_recv, rc4_send, ct); + ct->status = CL_RECEIVED_PROCEED; + return; } case CL_RECEIVED_PROCEED: /* concat args and send command */ { diff --git a/command.c b/command.c index 1ca54da9..15b166ad 100644 --- a/command.c +++ b/command.c @@ -687,7 +687,7 @@ static void reset_signals(void) */ __noreturn void handle_connect(int fd, const char *peername) { - int ret, argc, use_rc4 = 0; + int ret, argc; char buf[4096]; unsigned char crypt_buf[MAXLINE]; struct user *u; @@ -712,23 +712,16 @@ __noreturn void handle_connect(int fd, const char *peername) ret = recv_buffer(fd, buf, sizeof(buf)); if (ret < 0) goto err_out; - if (ret <= 6) { + if (ret < 10) { ret = -E_AUTH; goto err_out; } numbytes = ret; ret = -E_AUTH; - if (strncmp(buf, "auth ", 5)) + if (strncmp(buf, "auth rc4 ", 9)) goto err_out; - - if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9)) - p = buf + 5; /* client version < 0.2.6 */ - else { - p = buf + 9; /* client version >= 0.2.6 */ - use_rc4 = 1; - } - PARA_DEBUG_LOG("received %s request for user %s\n", - use_rc4? "rc4" : "auth", p); + p = buf + 9; + PARA_DEBUG_LOG("received auth request for user %s\n", p); ret = -E_BAD_USER; u = lookup_user(p); if (!u) @@ -756,20 +749,17 @@ __noreturn void handle_connect(int fd, const char *peername) /* auth successful, send 'Proceed' message */ PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr); sprintf(buf, "%s", PROCEED_MSG); - if (use_rc4) { - init_rc4_keys(); - ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN, - (unsigned char *)buf + PROCEED_MSG_LEN + 1); - if (ret <= 0) - goto err_out; - numbytes = ret + strlen(PROCEED_MSG) + 1; - } else - numbytes = strlen(buf); + init_rc4_keys(); + /* Should we also encrypt the proceed message? */ + ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN, + (unsigned char *)buf + PROCEED_MSG_LEN + 1); + if (ret <= 0) + goto err_out; + numbytes = ret + strlen(PROCEED_MSG) + 1; ret = send_bin_buffer(fd, buf, numbytes); if (ret < 0) goto net_err; - if (use_rc4) - enable_crypt(fd, rc4_recv, rc4_send, NULL); + enable_crypt(fd, rc4_recv, rc4_send, NULL); ret = read_command(fd, &command); if (ret == -E_COMMAND_SYNTAX) goto err_out; diff --git a/ggo/client.m4 b/ggo/client.m4 index 1ae5a38a..5770ff0a 100644 --- a/ggo/client.m4 +++ b/ggo/client.m4 @@ -11,7 +11,3 @@ option "key_file" k "(default='~/.paraslash/key.')" string typestr="filena include(loglevel.m4) include(config_file.m4) - - -option "plain" - "request an uncrypted session" flag off -