[Freeciv-Dev] Re: client/server authentication (PR#1767)

["Mike Kaufman" <kaufman@xxxxxxxxxxxxxxxxxxxxxx>]

here's version 6p of the auth patch.

here are the changes:

o moved int type in struct packet_authentication_request to
  enum authentication_type
o user strlen(GUEST_NAME) instead of the #define
o edited some comments
o changed enum conn_status to enum auth_status
o rewrote user_db_load and user_db_save with gotos
o lockfile.c uses fopen and fileno, eliminating the need for sys/stat.h
  or sys/types.h
o moved MAX_AUTHENTICATION_TRIES to connecthand.c
o added AS_THROTTLED_FAILED and AS_THROTTLED_PASSED to auth_status
o added unthrottle_authentication() which is called by sniff_packets()

it works thusly:

everything works the same as before except if the server asks the client
for a password for an already registered user (which it does in
handle_login_request()) If so, it switches auth_status to
AS_REQUESTING_OLD_PASS and sends the auth request. The client will reply and
the server hands off to handle_authentication_reply(). The server
immediately decides if the password is good or bad and sets auth status to 
AS_THROTTLED_PASSED or AS_THROTTLED_FAILED. It also sets a timeout named
pconn->server.authentication_stop. which is set several seconds in the
future depending on what the retries are. handle_authentication_reply()
then returns.

sniff_packets will check to see if time(NULL) is greater than
authentication_stop and will then hand off to unthrottle_authentication()
to: establish the connection, reject the connection if retries is too high,
or send another request to the client.

names can easily be changed. need opinions.

-mike

auth6p.diff.bz2
Description: auth6p.diff.bz2