1 files changed, 51 insertions, 3 deletions

diff --git a/distfoldd/serveragent.cc b/distfoldd/serveragent.cc
index 13e7848..3f133bd 100644
--- a/distfoldd/serveragent.cc
+++ b/distfoldd/serveragent.cc
@@ -2,8 +2,9 @@
 
 #include "serveragent.h"
 
-ServerAgent::ServerAgent(QSslSocket *socket, const QDir& local_dir, SyncFlags flags, QObject *parent) :
-    Agent(socket, local_dir, flags, parent)
+ServerAgent::ServerAgent(QSslSocket *socket, const QDir& local_dir, const QString& passwd, SyncFlags flags, QObject *parent) :
+    Agent(socket, local_dir, passwd, flags, parent),
+    _challenge(generateChallenge()), _authAttempted(false), _authOk(false)
 {
 	qDebug() << "Starting server agent at" << QDateTime::currentDateTime();
 }
@@ -13,24 +14,37 @@ void ServerAgent::handleMessage(MessageType msg, const QByteArray& data)
 	qDebug() << "Server::handleMessage" << msg << data.size();
 	switch (msg) {
 	case MSG_HELLO:
-		sendMessage(MSG_HELLO_REPLY);
+		if (decodeHelloMessage(data, &_clientChallenge) == PROTO_BAD) {
+			qWarning() << "Invalid protocol version";
+			_socket->close();
+		}
+		sendMessage(MSG_HELLO_REPLY, _challenge);
+		break;
+	case MSG_AUTH:
+		handleAuth(data);
 		break;
 	case MSG_FILE_LIST:
+		if (!checkAuth()) return;
 		handleClientFileList(decodeFileInfoList(data));
 		break;
 	case MSG_PULL_FILE:
+		if (!checkAuth()) return;
 		handlePullFile(decodeFileName(data));
 		break;
 	case MSG_PUSH_FILE:
+		if (!checkAuth()) return;
 		handlePushedFile(data);
 		break;
 	case MSG_PUSH_FILE_METADATA:
+		if (!checkAuth()) return;
 		handlePushedMetadata(decodeFileInfoList(data));
 		break;
 	case MSG_DELETE_FILE:
+		if (!checkAuth()) return;
 		handleDeleteFile(decodeFileName(data));
 		break;
 	case MSG_BYE:
+		if (!checkAuth()) return;
 		qDebug() << "Got Bye";
 		emit finished();
 		_socket->close();
@@ -41,6 +55,40 @@ void ServerAgent::handleMessage(MessageType msg, const QByteArray& data)
 	}
 }
 
+bool ServerAgent::checkAuth()
+{
+	if (_authOk) {
+		return true;
+	} else {
+		sendMessage(MSG_AUTH_REPLY, encodeAuthReply(AUTH_FAILED));
+		return false;
+	}
+}
+
+void ServerAgent::handleAuth(const QByteArray &response)
+{
+	if (_authAttempted) {
+		qWarning() << "Too many auth attempts";
+		sendMessage(MSG_AUTH_REPLY, encodeAuthReply(AUTH_FAILED));
+		_socket->flush();
+		_socket->close();
+		return;
+	}
+	_authAttempted = true;
+
+	qDebug() << "Server Handling client auth";
+
+	if (response == generateChallengeResponse(_challenge, _clientChallenge)) {
+		_authOk = true;
+		qDebug() << "Authentication successful";
+	} else {
+		_authOk = false;
+		qDebug() << "Authentication failed";
+	}
+
+	sendMessage(MSG_AUTH_REPLY, encodeAuthReply(_authOk ? AUTH_OK : AUTH_FAILED));
+}
+
 void ServerAgent::handleClientFileList(const RemoteFileInfoList& list)
 {
 	QFileInfoList files = scanFiles(QDir(wireToLocalPath(_subPath)));