From bc956fcab678f591137cba2a0ebe80c0812437db Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Tue, 13 Jul 2004 14:46:14 +0000 Subject: [PATCH] MD5 authentication in OSPF works. :-) --- nest/config.Y | 7 ++++--- proto/ospf/packet.c | 13 ++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nest/config.Y b/nest/config.Y index 7a83a60a..744c0692 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -2,6 +2,7 @@ * BIRD -- Core Configuration * * (c) 1998--2000 Martin Mares + * (c) 2004 Ondrej Filip * * Can be freely distributed and used under the terms of the GNU GPL. */ @@ -208,7 +209,7 @@ password_item: password_item_begin: PASSWORD TEXT { - static int id = 0; + static int id = 1; this_p_item = cfg_alloc(sizeof (struct password_item)); this_p_item->password = $2; this_p_item->genfrom = 0; @@ -226,7 +227,7 @@ password_item_params: | GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; } | ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; } | ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; } - | ID expr ';' password_item_params { this_p_item->id = $2; } + | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); } ; password_list: @@ -254,7 +255,7 @@ password_begin: this_p_item->gento = TIME_INFINITY; this_p_item->accfrom = 0; this_p_item->accto = TIME_INFINITY; - this_p_item->id = 0; + this_p_item->id = 1; add_tail(this_p_list, &this_p_item->n); $$ = this_p_list; } diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 9d5a924d..488a3a29 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE); MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE); MD5Final(tail, &ctxt); - break; default: bug("Unknown authentication type"); @@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ WALK_LIST(ptmp, *(ifa->passwords)) { - if (pkt->u.md5.keyid != pass->id) continue; - if ((pass->genfrom > now) || (pass->gento < now)) continue; + if (pkt->u.md5.keyid != ptmp->id) continue; + if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue; pass = ptmp; break; } @@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ if(n) { - if(ntohs(pkt->u.md5.csn) <= n->csn) + if(ntohs(pkt->u.md5.csn) < n->csn) { OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number"); return 0; } - n->csn = ntohs(pkt->u.md5.csn); } @@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE); MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE); MD5Final(md5sum, &ctxt); - if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE)) + if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE)) { OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest"); return 0; @@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size) return 1; } - if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet), + if ((ps->autype != htons(OSPF_AUTH_CRYPT)) && + (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet), ntohs(ps->length) - sizeof(struct ospf_packet), NULL))) { log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);