updates.

diff --git a/CHANGES b/CHANGES
index 8ff7fae132bbd0b7f2aedd682cb80afe91d12a6e..e1328f61e528702a361b193e649d269abf3e7007 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,14 @@
+Sat Nov  3 17:48:55 EET 2001  Pekka Riikonen <priikone@silcnet.org>
+
+       * Added silc_pkcs_public_key_compare to compare two 
+         public keys.  Affected file lib/silccrypt/silcpkcs.[ch].
+
+       * Check that the client who set the founder mode on the
+         channel is the same client that is giving the founder
+         mode to itself.  It is done by comparing the saved public
+         key (it is saved even in the authentication is passphrase).
+         Affected file silcd/command.c.
+
 Fri Nov  2 18:52:08 EST 2001  Pekka Riikonen <priikone@silcnet.org>
 
        * Do not process packet for disconnected socket connection.

diff --git a/apps/silcd/command.c b/apps/silcd/command.c
index d0cb5316bbb171660520c3d943de30558c328e90..5c42734f73d5a067aa15904e77bc56d2a08be6c5 100644 (file)
--- a/apps/silcd/command.c
+++ b/apps/silcd/command.c
@@ -4186,7 +4186,9 @@ SILC_SERVER_CMD_FUNC(cumode)
       }
 
       if (!(channel->mode & SILC_CHANNEL_MODE_FOUNDER_AUTH) ||
-         !channel->founder_key) {
+         !channel->founder_key || !idata->public_key ||
+         !silc_pkcs_public_key_compare(channel->founder_key, 
+                                       idata->public_key)) {
        silc_server_command_send_status_reply(cmd, SILC_COMMAND_CUMODE,
                                              SILC_STATUS_ERR_NOT_YOU);
        goto out;
@@ -4198,7 +4200,7 @@ SILC_SERVER_CMD_FUNC(cumode)
                                     SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
        goto out;
       }
-      
+
       auth = (channel->founder_method == SILC_AUTH_PASSWORD ?
              (void *)channel->founder_passwd : (void *)channel->founder_key);
       auth_len = (channel->founder_method == SILC_AUTH_PASSWORD ?

diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c
index fe0e1c659fad862933b3c379da19cea0fa58121d..866662b3e911256f58047c8d363a992c2be503f7 100644 (file)
--- a/lib/silccrypt/silcpkcs.c
+++ b/lib/silccrypt/silcpkcs.c
@@ -721,6 +721,25 @@ int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len,
   return FALSE;
 }
 
+/* Compares two public keys and returns TRUE if they are same key, and
+   FALSE if they are not same. */
+
+bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2)
+{
+  if (key1 == key2)
+    return TRUE;
+
+  if (key1->len == key2->len &&
+      key1->name && key2->name && key1->identifier && key2->identifier &&
+      !strcmp(key1->name, key2->name) &&
+      !strcmp(key1->identifier, key2->identifier) &&
+      !memcmp(key1->pk, key2->pk, key1->pk_len) &&
+      key1->pk_len == key2->pk_len)
+    return TRUE;
+
+  return FALSE;
+}
+
 /* Encodes SILC private key from SilcPrivateKey. Returns the encoded data. */
 
 unsigned char *

diff --git a/lib/silccrypt/silcpkcs.h b/lib/silccrypt/silcpkcs.h
index 4cf896660f09e9292e835a8e29c3d85611b8e163..5f291328f6a6037bcc3baee641278b3d8bc84ba6 100644 (file)
--- a/lib/silccrypt/silcpkcs.h
+++ b/lib/silccrypt/silcpkcs.h
@@ -224,6 +224,7 @@ silc_pkcs_public_key_data_encode(unsigned char *pk, uint32 pk_len,
                                 uint32 *len);
 int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len,
                                SilcPublicKey *public_key);
+bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
 unsigned char *
 silc_pkcs_private_key_encode(SilcPrivateKey private_key, uint32 *len);
 unsigned char *