1999-05-26 22:24:57 +08:00
|
|
|
/*
|
|
|
|
* BIRD -- Password handling
|
|
|
|
*
|
2004-06-27 04:11:14 +08:00
|
|
|
* (c) 1999 Pavel Machek <pavel@ucw.cz>
|
|
|
|
* (c) 2004 Ondrej Filip <feela@network.cz>
|
1999-05-26 22:24:57 +08:00
|
|
|
*
|
|
|
|
* Can be freely distributed and used under the terms of the GNU GPL.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "nest/bird.h"
|
|
|
|
#include "nest/password.h"
|
2021-04-15 10:38:49 +08:00
|
|
|
#include "conf/conf.h"
|
2002-11-13 16:47:06 +08:00
|
|
|
#include "lib/string.h"
|
2017-06-20 21:55:39 +08:00
|
|
|
#include "lib/timer.h"
|
2016-10-26 22:07:45 +08:00
|
|
|
#include "lib/mac.h"
|
1999-05-26 22:24:57 +08:00
|
|
|
|
|
|
|
struct password_item *last_password_item = NULL;
|
1999-06-01 01:12:00 +08:00
|
|
|
|
|
|
|
struct password_item *
|
2008-11-09 00:24:23 +08:00
|
|
|
password_find(list *l, int first_fit)
|
1999-06-01 01:12:00 +08:00
|
|
|
{
|
2004-06-27 04:11:14 +08:00
|
|
|
struct password_item *pi;
|
2008-11-09 00:24:23 +08:00
|
|
|
struct password_item *pf = NULL;
|
2017-06-06 22:47:30 +08:00
|
|
|
btime now_ = current_real_time();
|
1999-06-01 01:12:00 +08:00
|
|
|
|
2004-07-01 23:01:26 +08:00
|
|
|
if (l)
|
2004-06-27 04:11:14 +08:00
|
|
|
{
|
2004-07-01 23:01:26 +08:00
|
|
|
WALK_LIST(pi, *l)
|
|
|
|
{
|
2017-06-06 22:47:30 +08:00
|
|
|
if ((pi->genfrom < now_) && (pi->gento > now_))
|
2008-11-09 00:24:23 +08:00
|
|
|
{
|
|
|
|
if (first_fit)
|
|
|
|
return pi;
|
|
|
|
|
|
|
|
if (!pf || pf->genfrom < pi->genfrom)
|
|
|
|
pf = pi;
|
|
|
|
}
|
2004-07-01 23:01:26 +08:00
|
|
|
}
|
1999-06-01 01:12:00 +08:00
|
|
|
}
|
2008-11-09 00:24:23 +08:00
|
|
|
return pf;
|
1999-06-01 01:12:00 +08:00
|
|
|
}
|
1999-06-01 03:15:52 +08:00
|
|
|
|
2014-10-24 16:27:21 +08:00
|
|
|
struct password_item *
|
2016-10-25 23:04:17 +08:00
|
|
|
password_find_by_id(list *l, uint id)
|
1999-06-01 03:15:52 +08:00
|
|
|
{
|
2014-10-24 16:27:21 +08:00
|
|
|
struct password_item *pi;
|
2017-06-06 22:47:30 +08:00
|
|
|
btime now_ = current_real_time();
|
2014-10-24 16:27:21 +08:00
|
|
|
|
|
|
|
if (!l)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
WALK_LIST(pi, *l)
|
2017-06-06 22:47:30 +08:00
|
|
|
if ((pi->id == id) && (pi->accfrom <= now_) && (now_ < pi->accto))
|
2014-10-24 16:27:21 +08:00
|
|
|
return pi;
|
|
|
|
|
|
|
|
return NULL;
|
1999-06-01 03:15:52 +08:00
|
|
|
}
|
|
|
|
|
2015-10-05 18:14:50 +08:00
|
|
|
struct password_item *
|
|
|
|
password_find_by_value(list *l, char *pass, uint size)
|
|
|
|
{
|
|
|
|
struct password_item *pi;
|
2017-06-06 22:47:30 +08:00
|
|
|
btime now_ = current_real_time();
|
2015-10-05 18:14:50 +08:00
|
|
|
|
|
|
|
if (!l)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
WALK_LIST(pi, *l)
|
2017-06-06 22:47:30 +08:00
|
|
|
if (password_verify(pi, pass, size) && (pi->accfrom <= now_) && (now_ < pi->accto))
|
2015-10-05 18:14:50 +08:00
|
|
|
return pi;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2016-10-26 22:07:45 +08:00
|
|
|
uint
|
|
|
|
max_mac_length(list *l)
|
|
|
|
{
|
|
|
|
struct password_item *pi;
|
|
|
|
uint val = 0;
|
|
|
|
|
|
|
|
if (!l)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
WALK_LIST(pi, *l)
|
|
|
|
val = MAX(val, mac_type_length(pi->alg));
|
|
|
|
|
|
|
|
return val;
|
|
|
|
}
|
2021-04-15 10:38:49 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* password_validate_length - enforce key length restrictions
|
|
|
|
* @pi: Password item
|
|
|
|
*
|
|
|
|
* This is a common MAC algorithm validation function that will enforce that the
|
|
|
|
* key length constrains specified in the MAC type table.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void
|
|
|
|
password_validate_length(const struct password_item *pi)
|
|
|
|
{
|
|
|
|
if (!pi->alg)
|
|
|
|
return;
|
|
|
|
|
|
|
|
const struct mac_desc *alg = &mac_table[pi->alg];
|
|
|
|
|
|
|
|
if (alg->min_key_length && (pi->length < alg->min_key_length))
|
|
|
|
cf_error("Key length (%u B) below minimum length of %u B for %s",
|
|
|
|
pi->length, alg->min_key_length, alg->name);
|
|
|
|
|
|
|
|
if (alg->max_key_length && (pi->length > alg->max_key_length))
|
|
|
|
cf_error("Key length (%u B) exceeds maximum length of %u B for %s",
|
|
|
|
pi->length, alg->max_key_length, alg->name);
|
|
|
|
}
|