Commit graph

81 commits

Author SHA1 Message Date
salo
d963b28e1a Updated to version 0.9.15.
This release focuses especially fixing the remaining MAC failed errors that
people have been experiencing and the infamous Error in select() error which
should now finally be gone.  Upgrading is strongly recommended.

Changes:

- Fixed KICK command to not send the command reply twice.
- Fixed the QoS unregistering to avoid the errors in select() for invalid
  socket connection.
- Fixed the rekey protocol timeout handling
- Fixed the packet processing to avoid clearing QoS data underneath the QoS.
2003-11-01 16:41:37 +00:00
salo
ac6ed089d3 Updated to version 0.9.14.
This version is a major upgrade release and everyone running older version is
strongly recommended to upgrade to this version.  This version introduces
several bugfixes, security fixes and bunch of new features.  This also
completes the development work for the SILC protocol version 1.2.

Changes:

- removed patch-ac, merged into distribution
- create server keys with strict permissions

0.9.14:
=======
- Several bugfixes and security fixes were made.  A major remote exploit
  was also fixed.

- The SILC Server now ignores SIGXFSZ and SIGXCPU signals which will
  terminate the process if they occur.  They can occur in poorly
  configured environment.

- Fixed SERVER_SIGNOFF notify handling which caused ghosts to remain in
  the network.

- Fixed inviting and banning by public key.  Fixed invite and ban string
  handling.  Implemented SILC 1.2 complying invite and ban data
  distribution between routers and servers.  To also comply with SILC 1.2,
  prohibited using '@' and '!' characters in invite and ban strings.

- Support for channel public keys added.  A new feature in SILC 1.2, that
  allows join authentication using digital signatures.  Use the latest
  SILC Client to take advantage of this feature.

- Support for SILC 1.2 backup protocol.  This version introduces rewritten
  version of the backup router protocol.  The purpose of the backup router
  protocol is to prevent servers from splitting from the rest of the SILC
  network if the primary router becomes unresponsive.  There are no
  changes to the configuration of the backup router support, and old
  configurations will work with this version too.

  This version is now able to detect much better different network failure
  situations and understand how to work with them.  The servers are now
  able to actually detect when the backup router can/must be used.  They
  are also able, in case of error in backup router protocol, to resume
  back to either to the backup router or to the primary router, and always
  recover from desyncs automatically (usually within 60 seconds).

- Support for command reply error arguments was added.  This allows
  clients to better handle error conditions within command execution.

- The founder public key distribution now complies with the SILC 1.2.
2003-10-16 12:37:44 +00:00
jlam
b2677a2cb0 Add definitions for DEINSTALL_EXTRA_TMPL and INSTALL_EXTRA_TMPL if
USE_PKGINSTALL is "YES".  bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.
2003-08-30 22:51:11 +00:00
grant
91f00f1cbc s/netbsd.org/NetBSD.org/ 2003-07-17 21:21:03 +00:00
wiz
7166660e08 Dependency bumps, needed because of devel/pth's major bump, and related
dependency bumps.
2003-05-02 11:53:34 +00:00
salo
da605e0b37 Updated to version 0.9.13.
Changes:

- Fixed EOF handling in SILC Config.

- Do not send full INVITE and BAN lists in INVITE and BAN
  notifys, only the changed information.

- Fixed INVITE notify sending in INVITE command, send it
  only when needed.

- Handle the founder key change properly in CMODE_CHANGE
  notify.  Bug #122.

- Remove the mark for output (mark it only for input) after
  purging outgoing queue.  Prevents the "Error in select()"
  floods.

- Check server private key file permissions before starting
  the server.

- NULL terminate allocated string in silc_buffer_strformat.

- Rewrote the invite/ban list string handling in server to
  use SilcBuffer instead.

- Fixed double free in CMODE command when setting new HMAC
  for channel.

- Added couple of missing memset's to zero sensitive memory.
2003-03-17 20:12:47 +00:00
jlam
d7f69e47ce Instead of including bsd.pkg.install.mk directly in a package Makefile,
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES".  This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile.  Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
2003-01-28 22:03:00 +00:00
salo
d8a46d336e Update to version 0.9.12.
- use SHLIBTOOL_OVERRIDE instead of LIBTOOL_OVERRIDE, the ugly
  static libraries hack is now gone.

Changes from 0.9.11 to 0.9.12
=============================

 * Added macros SILC_SWAB_[16|32] to swab byte order of
   16-bit and 32-bit unsigned integers.
 * Use the SILC_SWAB_16 instead of htons() in server when
   handling ports since the ports in structures are always
   in little-endian order (regardless of platform).
 * Send DISCONNECT in close admin command in server.
 * Check whether we are already connecting to a remote router
   (in addition of checking whether we are already connected)
   before creating new connection.
 * Check that socket is valid after QoS is applied to data.
 * Make sure the socket connecetion is not closed to early
   when closing connection in server.  Also make sure the
   connection is always closed after error in a protocol.
 * Fixed server crash with double Primary block in config file.
 * Fixed various memory leaks around the config file parser.
 * Fixed a double free in INVITE command error handling in
   server.
2003-01-26 14:10:44 +00:00
salo
8eef73cdfa Update to version 0.9.11
IMPORTANT NOTE: This version does not include backwards support
                for the old style SILC private key so if you
                skipped 0.9.10 version you won't be able to run
                this server without generating new key pair.

Changes from 0.9.10 to 0.9.11
=============================

 * Workaround GCC bug which causes memory exhaustion when
   compiling sha1 with optimizations on UltraSPARC.  from openbsd

 * Added some sanity checks in server for correctness of the
   server configuration.
 * More log printing during backup router protocol.

 * Removed backwards support for old private key file format.
 * Removed backwards support for not-so-strict decryption length
   check, it's strict now.

 * Fixed error handling of invalid client entry when calling
   commands in server.  Fixes a crash.
 * Fixed double free in async host lookup code.
 * On backup router handle now the SERVER_SIGNOFF from router
   for local connected servers too, and close the connections.
   Do not process them as normally signing off servers when they
   really signoff by sending EOF fe, but always assume that
   router sends the SERVER_SIGNOFF.
 * Fixed socket unsetting when closing connections.
 * Fixed close command to use the port correctly when closing
   server connections.
 * Check for NULL outbuf in silc_socket_write.  It is possible
   that it is NULL is some odd case.
 * Do not call final protocol callback for backup router
   resuming protocol when closing connection.  It is closed
   by timeout in case of error.
 * Backup reconnect to router if backup resuming protocol failed.
 * Fixed double free in SKE library error hadling when signature
   error occurred.
 * Fixed double free in invite list adding code when adding
   invite strings.
2003-01-08 23:56:44 +00:00
salo
2712980903 An important note to all server users:
The private key file format has changed due to a bug in the
older code.  When you run this server version it automatically
changes your private key file to the correct format.
The future versions of the SILC Server will not do that, so
do not skip this version or you will need to generate new key
pair after 0.9.11 is released.

Also backup router bugs was fixed which caused several
interesting decryption problems, so upgrading regardless
if you are runinng normal server, backup router or primary
router is strongly recommended.

Changes from 0.9.9.1 to 0.9.10
==============================

* Added the config directive PublicKeyDir for the client
  block.
* Extended the SILC_SERVER_LOG_ERROR macro to all available
  logging channels.
* Load only files with .pub suffix in PublicKeyDir.

* Fixed a typo in resuming code that fixed detach/resume
  code in server.
* Fixed CMODE setting in server when founder mode was set.
* Fixed wrong invite and ban list handling in server command
  reply.
* Fixed CUMODE founder authentication in server to not check
  for client's public key since it's not supposed to do that.
* Fixed backup router bugs: When backup resumes router and
  receives a CHANNEL_MESSAGE packet the backup must not act
  as router since the packet header decryption would be
  different.  Also, when relaying packets to channel, do not
  re-encrypt packets on backup that came from the primary
  since the connection isn't really router-router connection.
2002-12-06 19:52:37 +00:00
salo
35e3ae25a5 Update to version 0.9.9.1.
Changes from 0.9.8 to 0.9.9.1
=============================

* Updated protocol version to 1.2.

  Clients and servers with support for 1.1 are not compatible with
  the new protocol!

* Print notify for server opers when backup router comes online.
* Resolve the client's public key in JOIN command if the founder auth
  data is being requested but we don't know the client's public key.
* Added idle and signon fields to the ATTRIBUTE_SERVICE attribute to
  indicate the user's current idle and signon timeof a service.
* Added MAC field to the Private Message Payload to protect against
  chosen ciphertext attacks.
* Defined the SILC_MESSAGE_FLAG_SIGNED.
* Added ERR_UNSUPPORTED_PUBLIC_KEY and ERR_OPERATION_ALLOWED status
  types.
* Added support for normal client to kill its own entries from
  the network.
* Compute maximum padding for authentication packets to make
  passphrase approximation attacks impossible (padding must be at
  least 8 bytes now).
* Added support for rekey before 2^32 sequence number wraps.
* Added Encrypt-Then-MAC order to SILC packet MAC generation.
  Deprecated the old Encrypt-And-MAC order.
* Added Encrypt-Then-MAC order to Channel Message Payload MAC
  generation.
* Added support for setting FOUNDER mode on channel with specific
  public key which can be set with CMODE command.
* Don't wait for EOF after socket error has occurred, but close the
  connection.
* Assure the RESUME_CLIENT packet is not sent to twice to backup
  router if the detached client was originated from the backup.
* Added support for removing client from invite list when kicked
  from channel, as SILC 1.2 dictates.
* Added support for the SILC 1.2 BAN and INVITEcommands and new
  ban and invite lists to server.
* Remove client from invite list in KILLED notify and in KILL
  command.
* Do not send invite list back unless asked (when sending no
  arguments) or when list was modified.
* MARS is now gone.
* Added manual pages for silcd(8) and silcd.conf(5).

* Fixed WATCH command reply handling on normal server which was
  missing altogether.
* Fixed double free in WHOIS query on normal server when forwarding
  query to router.
* Fixed MOTD command reply sending.
* Fixed the INVITE command to send the invite list in command reply.
* Fixed PING command sending in client library and handling in
  server.  The server ID must be ID Payload, not raw ID data.
* Fixed NICK command to not crash if nickname was not sent.
* Fixed channel's global_user boolean checking after detaching.
  Check it after changing the owner of the client not before.
* Fixed channel key distribution after resuming detached client.
* Fixed memory leaks with SIMs in server.
* Fixed bugs in invite list handling in INVITE command.
2002-12-04 17:31:55 +00:00
salo
7fa14c31b7 update to version 0.9.8
Changes from 0.9.5 to 0.9.8
===========================

* Added support for aborting automatically pending commands
  that never receives the reply (to avoid memory leaks).
* Added support for removing explicitly added client connections
  in rehash and closing the client connections if they were
  unconfigured in the rehash.
* Rewrote WHOIS, WHOWAS and IDENTIFY commands in the server.
* If packet processing fails (like integrity check fails)
  the connection is closed now.
* Normal server now reconnects to backup router automatically
  if connection is lost to it.
* Added support for replying on behalf of the user to the
  Requested Attributes in WHOIS command in the server.
* Failed OPER and SILCOPER authentications are now logged.
* Added sort-of "Quality of Service" (QoS) support. Data
  reception can be controlled with rate limit per second
  and/or read data length limit.
* Added support for encrypted private key files. Now passphrase
  must be provided when new key pair is created , and prompted
  when loading the private key.

* Resumed client packet handling from server put the resumed
  client on wrong list on router and caused the client not be
  present on the network anymore.
* Various cleanup in error message output in config parsing code
  and in server init code.  Fixed error log files containing too
  many newlines in some situations.
* Assure that channel key is set before sending it.  May crash
  server otherwise.
* Don't swtich to become primary router if we are backup if
  decryption error has occurred.
* Fixed a bug in backup router IP address comparison
* Fixed a crashbug in incoming server accepting.
* Fixed packet decryption problem when backup router encrypted
  channel message with wrong key during backup resuming protocol.
* Fixed memory leaks in server.
* Fixed channel key packet processing bug on backup router
  during backup resuming protocol.
2002-11-21 15:42:45 +00:00
jlam
a042cd2e0b Belatedly note that the example rc.d file moved to ${PREFIX}/etc/rc.d. 2002-09-20 23:45:44 +00:00
grant
0c5bb6abcc Make these scripts more portable by taking advantage of automatic rc.d
script handling and using @RCD_SCRIPTS_SHELL@.

as discussed with jlam.
2002-09-20 02:01:54 +00:00
jlam
5c053dd06a Take advantage of the auto-generation and installation of rc.d scripts. 2002-09-19 09:04:02 +00:00
jlam
e507190d0d When using bsd.pkg.install.mk, if a DEINSTALL or INSTALL file already
exists, then use it as the default value of DEINSTALL_EXTRA_TMPL or
INSTALL_EXTRA_TMPL.
2002-09-18 21:15:07 +00:00
hubertf
1e9b2fb879 Maintainer update of chat/silc-server to version 0.9.5. Changes:
buildlink->buildlink2

Main changes from 0.9.2 to 0.9.5
=================================

 * Use the primary router as the origin of the locally connected server when
   it is disconnecting from the backup router since that's where it really
   is coming from.  Now the clients from the disconnecting server are removed
   correctly and "shadow" clients are not left to the backup router.

 * If normal server is standalone and found existing but disabled channel, do
   not re-create the channel since it creates duplicate same channels.

 * Added anonymous client connections support to server.  New "anonymous"
   configuration option to ConnectionParams section added.  If set to true,
   the username and hostname information of the client will be scrambled and
   anonymous user mode is set automatically to the user.

 * In JOIN notify handling, mark that the cache entry of the client cannot be
   expired.  Can cause crashes on normal server (asserts client->channels).

 * Added silcd configuration option Timestamp in the Logging section.

 * Fixed fingerprint checking to check for entirely empty fingerprint instead
   of two first bytes when determining if it is set.

 * Remove server/router operator privileges in DETACH command, since it's
   possible to resume to server where these privileges would not be allowed.

 * Do not re-create channel keys and send them when removing clients in server
   shutdown.

 * Completed backup router support for standalone routers.  Supports also
   servers in the cell that do not use the backup at all.  Server/router
   operator now receives notify when network switches to backup router and
   when it resumes the use of primary router.

 * Added -D option to server.  It can be used to give debug level.  The levels
   are from 0 - 99, and are predefined for smooth server debugging.

Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 18278.
2002-09-14 02:59:25 +00:00
jschauma
a7fd9ee6fa Add patch that escaped the last commit. Part of the update to 0.9.2 2002-06-21 16:00:14 +00:00
jschauma
7f70221135 Update to version 0.9.2 using patch provided by MAINTAINER in PR pkg/17304,
closing this PR.  Thank to Lubomir Sedlacik.

Changes from 0.9.1 to 0.9.2
 ===========================
* Support for multiple interfaces so now it's possible e.g. to listen
   on IPv4 and IPv6 within one daemon incarnation.

WARNING: you will need to update your silcd.conf to reflect changes!

* Added lots of new statistics updating that was missing from the
   server and router code.  Sending SIGUSR1 signal to server now dumps
   the current server statistics into /tmp directory.
* Implemented the SILC_CHANNEL_UMODE_QUIET mode that can be used
   to silence a user on a channel.

* Fixed various fatal bugs,in handling of malformed command payload,
   double free when announcing channel users to router, missing
   parameter in a function call that caused server crash when
   a non-allowed connection arrived.

* Fixed some backup data sending around the code to work better
   if the router is standalone router and fixed the router connectin
   when connecting to multiple routers.

* Fixed detach timeout handling to use Client ID and not the actual
   client entry which may be freed in the callback.
2002-06-21 15:57:16 +00:00
hubertf
71968dd999 Update silc-server to version 0.9.1. Changes:
* Fixed CUMODE_CHANGE notify handling in server.

* Fixed USERS command to support empty channels.

* Check the watcher list before sending signoff notifys
  when closing client connection.

* Added better CMODE command rights checking.

* Fixed watcher list checking during server signoff.  It
  crashed the server.

* The JOIN command reply returns now the founder's public
  key.

* Announce the channel mode, and the mode properties with
  CMODE_CHANGE notify.

* Mark new channels by default disabled, untill at least
  one user joins the channel.

* The nickname argument to watch notify can be optional.
  Fixes a crash in server.

* Check the watcher list before and after changing nickname
  when the NICK_CHANGE notify is received.

* Added the founder's public key delivery to the
  CUMODE_CHANGE notify type as well.  Updated the protocol
  specs and the code.

* Added support for sending the founder's public key in
  the CMODE_CHANGE notify packet in the server.

* Changed the FOUNDER_AUTH authentication to use only
  public key authentication as defined by new protocol
  specs.  Passphrase authentication with that mode cannot
  be used anymore.  It is now possible to reclaim founder
  mode from any server in the network.

* Added permanent channels support by making the channel
  permanent when FOUNDER_AUTH mode is set on the channel.
  The channel will not be destroyed even if channel is empty
  when that mode is set.  Protocol TODO #17.

* Added BLOCK_INVITE user mode to be able to block incoming
  invite notifications.  Protoocol TODO #26.

* Disconnect Payload includes now the status type.  Updated
  the protocol specs and the code.  Protocol TODO #25.

* Defined that the nickname hash in Client ID MUST be from
  lowercase nickname.  This effectively changes nicknames in
  SILC to case-insensitive.  Updated the protocol specs and
  the code.

* Added new channel user modes BLOCK_MESSAGES_USERS and
  BLOCK_MESSAGES_ROBOTS.  Updated the protocol specs and the
  code.

* Added support for watch list.  It is possible to add nicknames
  to be watched, and when they come to network, leave network
  or user mode changes the watcher will be notified of this
  change.  Added SILC_COMMAND_WATCH command, added new
  notify type SILC_NOTIFY_TYPE_WATCH to deliver the watch
  notifications.  Updated the protocol specs and implemented
  this to library, client and server.  Protocol TODO #21.

* Fixed a bug in the pid writing function, which couldn't be
  written in a root-owned directory.

* Added detach_disabled and detach_timeout server config
  options to the server.

* Defined that server receives WHOIS command reply for private
  and secret channels too.  Updated protocol specs and the
  code in server.

* Defined <channel user mode list> argument to WHOIS command
  reply for returning user modes on the channels.  The
  channel list now doesn't include the user mode anymore but the
  actual channel mode.  Updated protocol specs and the code in
  client and server.

* Save the channels list in WHOIS command reply in normal server
  so that WHOIS always shows joined channels also in normal
  server and not just on router.

* Defined that server receives USERS command reply for private
  and secret channels too.  Updated protocol specs and the
  code in server.

* Changed the UMODE's mode mask argument to be optional.  If
  not provided then the command merely returns the current mode
  mask to the client.

* Added SILC session detachment/resuming support.  It is possible
  to detach by closing the network connection and then re-connect
  and resume to the old client session.  Added DETACHED user
  mode that server will set for detached client.  Added new
  packet RESUME_CLIENT which is used to perform the resuming
  process.  Added DETACH command.  Updated the protocol specs,
  core library, client and server.  Protocol TODO #22.

* Changed the CMODE's mode mask argument to be optional.  If
  not provided then the command merely returns the current mode
  mask to the client.  Updated protocol specs and the server.

* Added new user modes ANONYMOUS for special anonymous servers
  that may set the mode for client, and BLOCK_PRIVMSG which
  client may set to block incoming private messages unless the
  Private Message Key flag is set (using private keys to protect
  private messages).  Updated protocol specs and code in client
  and server and core library.  Protocol TODO #23.

* Added new channel user mode BLOCK_MESSAGES which the client
  may set to itself to tell server not send channel messages.
  Other packets such as channel key packets are still sent.
  Protocol TODO #23.  Updated the protocol specs, client and
  server.

* Fixed a bug in the fetch_logging() config callback.

* Drop root privileges when started in foreground.  Don't drop them
  if debugging also.

* Added STATS command to the protocol after all, to return
  various statistical information about the network.  It can
  be used by clients to retrieve statistical information, and
  servers may use it to to fetch cell and network wide
  statistics from router.  Updated the protocol specs and
  implemented it to the server.  Protocol TODO #16.

* Rewrote the version SKE version checking in client libary
  and in server to use the silc_parse_version_string.

* Added two new channel modes: SILC_CMODE_SILENCE_USERS
  and SILC_CMODE_SILENCE_OPERS which can be used to moderate
  the channel.  Updated protocol specs and impelemented this
  to client and server.  Protocol TODO #6.

* Deprecated all administrative commands from SILC protocol
  since they are highly implementation specific commands.
  Updated protocol specs.  Moved the old commands in
  implementations to private range of command types.

* Fixed a bug in server where sending unknown command crashes
  the server.

* Fixed the rekey protocol with PFS, which was totally broken.

* Merged version 1.1.4 of zlib. Even if it not currently in use,
  it's good not to have security holes here.

* Fixed a negative refcount situtuation for the config context.
  Affected file is silcd/serverconfig.c.

changes in silc-server package:
===============================

- removed INSTALL file, don't generate server keys during installation,
  if missing, generate them on server startup


Patch contributed by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 16981
2002-05-24 22:15:36 +00:00
hubertf
ed75026f1f Update silc-server pkg to 0.8.4. Changes:
changes in silc-server package:
===============================

- upgraded to version 0.8.4
- added generic startup script for Solaris and Linux (i can't test it on
  Darwin/Mac OS X because i don't have any.. please let me know if it works
  for you. thanks)

  You will need to copy ${PREFIX}/etc/rc.d/silcd to appropriate location in
  your system and do neccessary actions to enable it.

  e.g. Solaris: copy ${PREFIX}/etc/rc.d/silcd to /etc/init.d/ and make links
                in /etc/rc2.d/, /etc/rc1.d/, /etc/rc0.d/.

changes in silc-server since 0.8.1:
===================================

* Fixed a bug in library where sending a bogus authentication
  payload would lead to a crash.

* Fixed a bug in the fetch_logging() config callback.

* Drop root privileges when started in foreground.  Don't drop them
  if debugging also.

* Added better error logging in rekey protocol.

* Do not check public key types in SKE during rekey.

* Fixed the rekey protocol with PFS, which was totally broken.

* Fixed a negative refcount situtuation for the config context.

* Fixed memory leaks from config object.

* Added support for adding new connections to the server in rehash.

  After rehash they take effect.

* Added support for changing the maximum allowed connections in
  rehash.  The number can grow but going smaller is not supported.

* Added preliminary checking during config parsing for a valid
  public/private key and removed further checks in the code.

* Fixed silc_net_gethostbyaddr to correctly resolve by
  address.

* Fixed the notify relaying to client.  The HMAC to be used
  with relayed packets ws wrong and caused decryption failure
  at the client end.

* Fixed the silc_log_quick handling in the logging routines.
  It didn't log quickly when it was TRUE. Also the flush delay
  was set even if it was 0 in config file.

* Added support for changing key pair of the server in rehash.

* Fixed the TOPIC_SET notify to not crash.  It changed the topic
  too early, before getting the channel entry.

* Added rehash support. Added function silc_server_rehash() that
  will perform all the basic tasks of the rehashing procedure.

* Added command line option `-x, --hexdump'. This will enable the
  SILC_LOG_HEXDUMP calls that are no longer enabled with `--debug'.
  The option `--hexdump' implies `--debug'.

* Fixed a bad bug in the logging APIs (silcutil library) where
  the application would crash after calling silc_log_reset_all().


Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 16612
2002-05-03 22:02:49 +00:00
rh
3b745d42a9 Update silc-server to 0.8.1. Update provided by the package maintainer,
Lubomir Sedlacik <salo@silcnet.org> in PR pkg/16099, thanks!

Changes from 0.8 to 0.8.1
=========================

* IPv6 fixes. IPv6 should work without problems now.

* Fixed a minor bug in looking up correct client entry in KICKED notify
  in server.

* Don't change the topic if olod topic is same as new one.

* Packet relaying is now done by router without any extra memory
  allocations.

* Fixed the INVITE notify handling.  It took wrong arguments as invite
  list and invite delete.

* Added check for INVITE, TOPIC_SET, KICKED, CMODE_CHANGE notify types
  that particular action is allowed by the client.

* Fixed a packet sending bug on very high load, where outgoing
  packet queue wasn't handled correctly and packets got corrupted.

* Added checks for maximum length of channel message payload and private
  message payload also.

* Added checks for maximum packet length in server and in client library.

* Added new configuration params: version_protocol, version_software
  and version_software_vendor to specify what version the remote host
  must at least be to be able to connect to server.  The vendor string
  can be regex matched too.

* Added new function silc_server_connection_allowed to check maximum number
  of allowed connections, and allowed versions for incoming connections.

* Added logging of DISCONNECT packet message in the server.

* Check for valid socket connection in client entries before sending any
  messages.  Fixes a crash, but doesn't fix some other underlaying bug that
  is lurking there.

* Added support for specifying multiple public keys for Client connection
  section in server configuration file.  This makes it possible to accept
  multiple public keys from same host, or to make a section that accepts
  any incoming host, and have the accepted public keys listed in the section.

* Added more error printing to logs in server code.
2002-03-29 11:34:51 +00:00
hubertf
a26b957174 Update silc-server to 0.8.
Patches contributed by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15779

Changes from 0.7.9 to 0.8:
==========================

* Removed 0.6.x backwards support.
* Added `prefer_ipv6' argument to the functions
  silc_net_gethostbyname[_async].  If it is TRUE it will return
  IPv6 address over IPv4.  If FALSE IPv4 address is returned
  even if IPv6 address was found.
* Added support silc_net_create_connection[_async] to fallback
  to IPv4 address if IPv6 address could not be used (like if
  it doesn't work on a specific system).  Affected file in
* Added `user_count' to the SilcChannelEntry which now tells the
  number of users on the channel.  The user count is now saved
  in normal server of global channels as well.
* Added following new config file settings:
  channel_rekey_secs, key_exchange_rekey, key_exchange_pfs,
  key_exchange_timeout, conn_auth_timeout, connections_max,
  links_max.
  Implemented all the new config settings handling in the server.
  Optimized the use of SKE Mutual flag usage.  Use it only
  if connection authentication protocol is not based in public
  key authentication.
* Added new configuration options and blocks:
  keepalive_secs, reconnect_count, reconnect_interval,
  reconnect_interval_max, reconnect_keep_trying and
  require_reverser_lookup.  Added ConnectionParam block, and
  implemented the connection parameters when connecting as
  initiator and when accepting connections as responder.
* Splitted the doc/example_silcd.conf.in.  Separated the crypto
  algorithm parts and created new file silcalgs.conf, that
  is now included from the example_silcd.conf.in.
* Optimized the silc_server_connect_to_router_second to take
  the connection configuration object from the SilcServerConnection
  object instead of finding it during the connecting phase.
  Added the configuration object to SilcServerConnection struct.
* Fixed the public key authentication to allocate always the
  destination signature buffer instead of using static buffer.
* Added new Passphrase and Publickey authentication methods to
  config file, allowing both public key and passphrase based
  authentication to be set at the same time.
  Added `prefer_passphrase_auth' setting in config file which
  can be used to set to prefer passwd auth if both passwd and
  public key is set.  If not set, public key is preferred.
  This has effect only when being initiator (responder will try
  both anyway).
  Added support for authentication with passphrase and public key
  at the same time.  The passphrase is tried first always since
  it is faster to check.
* Merged the new SILC Config library, with the server parsing
  support.  Read the header file silcconfig.h or the toolkit
  documentation for the news.
2002-03-03 23:49:49 +00:00
hubertf
45612504b1 Update silc-server to 0.7.9. Changes:
0.7.9: This time a lot of little bugs has been fixed and some major crashbugs
       as well.  Namely, I found problem in the hash table routine that could
       have caused some really weird problems, and I've encountered such
       problem at least in one core file earlier.  Some additional desync
       problems has been fixed as well, so if you are running a normal server
       then upgrading is strongly recommended.

check full changelog at:

  http://silcnet.org/txt/changes-server.txt

Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15453
2002-02-02 10:58:31 +00:00
hubertf
4efb009db4 Update silc-server from 0.7.6 to 0.7.8. Changes:
this release includes many patches which fix various problems ending in
crashing the server. upgrade is strongly recommended.

0.7.7: This server attempts to fix various crash bugs, for example one crash
       relating to BAN command is fixed.

0.7.8: Another quick bugfix to fix the descync problems of normal SILC server
       when it connects to SILC router.  The descyning could happen if there
       were a lot of channels, like we had on Sunday and Monday after being
       slashdotted.  Upgrading is strongly recommended if you are running
       a server that is connected to a router.  Took me only 6 hours to find
       the problem...

Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15416
2002-02-02 10:31:22 +00:00
hubertf
347bab6e43 Update silc-server to 0.7.6:
changes in the package since 0.7.3 to 0.7.6:

 - rewrite of package's Makefile. big parts of INSTALL and DEINSTALL scripts
   were moved into Makefile itself
 - silc-server now creates user silcd:silcd who run silcd by default
 - INSTALL and DEINSTALL files are smaller and contains only neccessary
   actions which cannot be executed from Makefile
 - partial rewrite of rc script, added rcvar support, it is neccessary to have
   silcd=YES in rc.conf now to start silc server (unless force is used)
 - changed motd.txt to contain BSD daemon ;)
 - updated patch-aa and patch-ab files

changes in the silc-server software since 0.7.3 to 0.7.6:

 0.7.4: This version fixes a crash that can occur mainly on normal server.
        Upgrading is recommended to avoid instability later.  This version
        also fixes the BAN and INVITE commands that were pretty much broken.
        This version also disallows a situation where the nickname that server
        sets initially for the client could be a bad nickname (like nick
        including whitespaces).  It used to be possible but now server checks
        for this.  Johnny also introduces a new logging system to this version
        with log files being open all the time and not opened every time
        something is logged, and log rotation support.

 0.7.5: Hopefully fixed the most nasty bugs.  I found bunch of weird bugs
        that causes server syncing problems.  Upgrading is strongly
        recommended as soon as possible.

 0.7.6: Only a minor bugfix release to fix the CUMODE command that allowed
        non-founder channel users to remove modes of the founder, and to fix
        GETKEY always return server's public key if it is requested, and to
        fix the TOPIC_CHANGE notify to not route it twice to router.

Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15373
2002-01-26 14:43:16 +00:00
hubertf
8009f7aff2 Update silc-server to 0.7.3.
Patches sent by Lubomir Sedlacik <salo@silcnet.org> in PR 15079.

Changes in the silc-server package:

 - update to the silc-server package version 0.7.3
 - patch-ab is no longer needed--it has been integratedinto distribution,
   patch-ac moved into its place
 - complete release notes can be found at:

    http://silcnet.org/txt/release-server.txt

 - complete changelog can be found at:

    http://silcnet.org/txt/changes-server.txt
2001-12-28 21:29:16 +00:00
hubertf
54204fcb93 Update silc-server to 0.7.2.
Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15013.


changes in the silc-server package:

 - upgrade to silc-server package, version 0.7.2
 - minor changes in the MASTER_SITES variable
 - minor change in the DEINSTALL script not to print output from rc script
 - removed the USE_NCURSES definition and added --without-ncurses configure
   option not to link against -lncurses, this was really unwanted behavior

changes in the silc-server-0.7.2:

 - fixed the server to router reconnection
 - various fixes in password authentications in the server, authentication
   payload and channels
 - fixed silc_server_command_pending, this should fix various IDENTIFY and
   WHOIS related crashes
2001-12-21 09:07:09 +00:00
hubertf
9bbac6d451 This file is no longer needed after the latest update.
Pointed out by Lubomir Sedlacik <salo@silcnet.org> in private mail.
2001-12-21 08:58:33 +00:00
hubertf
72f6aad26d update the silc-server package to version 0.7.1.
Submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 14887

Changes in the NetBSD's package from version 0.6.4 -> 0.7.1:

   - upgrade to silc-server-0.7.1 (the main changes below)
     the biggest change is the ipv6 support (new configuration file format is
     needed, though)
   - removed patch-ac because it was integrated into distribution
     (patch-ad was moved in its place)
   - completely rewritten rc.d script to use rc.subr instead and fixed the
     problem with removing pidfile so now status) works fine.
   - added default motd file
   - INSTALL and DEINSTALL scripts are cleaner and more useful, check for logs
     directory before creating it, added motd.txt installing/removing.
   - better and more helpful default configuration file (added Example:
     sections for each variable)
   - added examples/ directory containing sample configurations of various
     scenarios into $DOCDIR

changes in the silc-server itself:
        o Fixed WHOIS and IDENTIFY commands to return correct replies,
          and correct error replies.  This fixes various weird bugs
          related to these commands.
        o Send NO_SUCH_CLIENT_ID error notify if received private
          message to invalid Client ID.  It is guaranteed that if
          private message is sent to unknown client, the sender will
          receive a notification for it.
        o Send the kicker's information in KICK command to the kicked
          client.
        o Fixed LIST command to return correct amount of channels.
          This fixes the weird bug that LIST would show like 50 channels
          and some channels multiple times.
        o Channel topics, and users SILC modes are announced now during
          server->router connecting.
        o Implemented the founder authentication during JOIN command.
        o Support for IPv6 based Server ID added.
        o Memory leak fixes.
2001-12-17 00:43:10 +00:00
hubertf
3813fa37f8 Add silc-server 0.6.4:
SILC (Secure Internet Live Conferencing) is a protocol which provides
secure conferencing services in the Internet over insecure channel.

Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 14562
2001-11-30 23:33:34 +00:00