keydb.cpp

伯克利做的SFTP安全文件传输协议

//  $Archive:: /SafeTP/keydb.cc                                           $
//     $Date: 1999/10/08 03:36:56 $
// $Revision: 1.14 $
// Description: handles keys coming in from server
// copyright SafeTP Development Group, Inc., 2000  Terms of use are as specified in license.txt

// this is used so sftpd can link sec_de3s, by sftpc,
// and by performance testing and debugging code

#include "keydb.h"        // this module
#include "datablok.h"     // DataBlock
#include "str.h"          // stringb
#include "sockutil.h"     // formatAddress
#include "sdsa.h"         // DSABrandedPublicKey
#include "security.h"     // xsecurity

// sm: I moved this to below the other #includes because linux gnu
// libc wants to #define NULL as ((void*)0), which is wrong!
// typ.h correctly defines it as 0
#include <iostream.h>     // cout, endl

// -------------------------------------------------------
// SM: both the client and server should use this code, with
//     differences isolated to the KeyEnvironment


// convenient way to ensure sth is deleted on fn exit
class DelIPAddress {
  IPAddress *addrs;
public:
  DelIPAddress(IPAddress *a) : addrs(a) {}
  ~DelIPAddress() { delete[] addrs; }
};


// this is now purely a mechanism implementation; all policy and
// storage decisions are delegated elsewhere (to the 'environment')
void handleServerKey(DataBlock const &serverKey, IPAddress serverAddr,
                     KeyEnvironment &environment) {
  // convenient aliases
  KeyPolicy &policy = environment.policy;
  KeyDB &db = environment.db;

  // log the key reception
  policy.keyReceived(serverAddr, serverKey);

  // see if we already have a key for this server
  if (db.containsKey(serverAddr)) {
    // get what we already have
    DataBlock storedKey = db.getKey(serverAddr);

    // compare it to server's
    if (storedKey == serverKey) {
      // they match - access granted
      policy.keyMatched(serverAddr);
    }
    else {
      // mismatch

      // count how many keys match this one
      int numMatching;
      IPAddress *matching = db.getMatchingAddrs(numMatching, storedKey);
      DelIPAddress delAddrs(matching);    // dealloc on exit

      // consult policy
      KeyPolicy::MismatchAction action =
        policy.getMismatchAction(serverAddr, serverKey, storedKey,
                                 numMatching, matching);
      switch (action) {
        case KeyPolicy::MA_ALLOW_ONCE:
          // we'll allow the connection this time, but leave the
          // key database unchanged
          break;

        case KeyPolicy::MA_REJECT:
          xsecurity("Server key rejected because of mismatch - connection aborted.");
          break;    // not reached

        case KeyPolicy::MA_REPLACE_THIS:
          // change the key database for this address only
          db.setKey(serverAddr, serverKey);
          break;

        case KeyPolicy::MA_REPLACE_ALL: {
          // replace all instances of 'storedKey' with 'serverKey'
          for (int i=0; i<numMatching; i++) {
            db.setKey(matching[i], serverKey);
          }
          break;
        }

        default:
          xfailure("unknown mismatch action");
          break;     // not reached
      }
    }
  }

  else {
    // we have never contacted this address before

    // ask policy object whether to accept
    KeyPolicy::NewServerAction action =
      policy.getNewServerAction(serverAddr, serverKey);
    switch (action) {
      case KeyPolicy::NSA_ACCEPT_ONCE:
        // accept the connection this time, but don't modify the
        // key database
        break;

      case KeyPolicy::NSA_ACCEPT:
        // accept it, and store the key
        db.setKey(serverAddr, serverKey);
        break;

      case KeyPolicy::NSA_REJECT:
        // don't accept the key or the connection
        xsecurity("Server key rejected because it is new - connection aborted.");
        break;     // not reached

      default:
        xfailure("unknown new server action");
        break;     // not reached
    }
  }
}