MD5 authentication in OSPF works. :-)
This commit is contained in:
parent
32d3228d86
commit
bc956fcab6
2 changed files with 10 additions and 10 deletions
|
@ -2,6 +2,7 @@
|
||||||
* BIRD -- Core Configuration
|
* BIRD -- Core Configuration
|
||||||
*
|
*
|
||||||
* (c) 1998--2000 Martin Mares <mj@ucw.cz>
|
* (c) 1998--2000 Martin Mares <mj@ucw.cz>
|
||||||
|
* (c) 2004 Ondrej Filip <feela@network.cz>
|
||||||
*
|
*
|
||||||
* Can be freely distributed and used under the terms of the GNU GPL.
|
* Can be freely distributed and used under the terms of the GNU GPL.
|
||||||
*/
|
*/
|
||||||
|
@ -208,7 +209,7 @@ password_item:
|
||||||
|
|
||||||
password_item_begin:
|
password_item_begin:
|
||||||
PASSWORD TEXT {
|
PASSWORD TEXT {
|
||||||
static int id = 0;
|
static int id = 1;
|
||||||
this_p_item = cfg_alloc(sizeof (struct password_item));
|
this_p_item = cfg_alloc(sizeof (struct password_item));
|
||||||
this_p_item->password = $2;
|
this_p_item->password = $2;
|
||||||
this_p_item->genfrom = 0;
|
this_p_item->genfrom = 0;
|
||||||
|
@ -226,7 +227,7 @@ password_item_params:
|
||||||
| GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
|
| GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
|
||||||
| ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
|
| ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
|
||||||
| ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
|
| ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
|
||||||
| ID expr ';' password_item_params { this_p_item->id = $2; }
|
| ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
|
||||||
;
|
;
|
||||||
|
|
||||||
password_list:
|
password_list:
|
||||||
|
@ -254,7 +255,7 @@ password_begin:
|
||||||
this_p_item->gento = TIME_INFINITY;
|
this_p_item->gento = TIME_INFINITY;
|
||||||
this_p_item->accfrom = 0;
|
this_p_item->accfrom = 0;
|
||||||
this_p_item->accto = TIME_INFINITY;
|
this_p_item->accto = TIME_INFINITY;
|
||||||
this_p_item->id = 0;
|
this_p_item->id = 1;
|
||||||
add_tail(this_p_list, &this_p_item->n);
|
add_tail(this_p_list, &this_p_item->n);
|
||||||
$$ = this_p_list;
|
$$ = this_p_list;
|
||||||
}
|
}
|
||||||
|
|
|
@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
|
||||||
password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
|
password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
|
||||||
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
|
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
|
||||||
MD5Final(tail, &ctxt);
|
MD5Final(tail, &ctxt);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
bug("Unknown authentication type");
|
bug("Unknown authentication type");
|
||||||
|
@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
|
||||||
|
|
||||||
WALK_LIST(ptmp, *(ifa->passwords))
|
WALK_LIST(ptmp, *(ifa->passwords))
|
||||||
{
|
{
|
||||||
if (pkt->u.md5.keyid != pass->id) continue;
|
if (pkt->u.md5.keyid != ptmp->id) continue;
|
||||||
if ((pass->genfrom > now) || (pass->gento < now)) continue;
|
if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue;
|
||||||
pass = ptmp;
|
pass = ptmp;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
|
||||||
|
|
||||||
if(n)
|
if(n)
|
||||||
{
|
{
|
||||||
if(ntohs(pkt->u.md5.csn) <= n->csn)
|
if(ntohs(pkt->u.md5.csn) < n->csn)
|
||||||
{
|
{
|
||||||
OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
|
OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
n->csn = ntohs(pkt->u.md5.csn);
|
n->csn = ntohs(pkt->u.md5.csn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
|
||||||
password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
|
password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
|
||||||
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
|
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
|
||||||
MD5Final(md5sum, &ctxt);
|
MD5Final(md5sum, &ctxt);
|
||||||
if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
|
if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
|
||||||
{
|
{
|
||||||
OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
|
OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
|
if ((ps->autype != htons(OSPF_AUTH_CRYPT)) &&
|
||||||
|
(!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
|
||||||
ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
|
ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
|
||||||
{
|
{
|
||||||
log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);
|
log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);
|
||||||
|
|
Loading…
Reference in a new issue