summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOndrej Filip <feela@network.cz>2004-07-13 14:46:14 +0000
committerOndrej Filip <feela@network.cz>2004-07-13 14:46:14 +0000
commitbc956fcab678f591137cba2a0ebe80c0812437db (patch)
treefdd40cd36d69559e1a0997cfaa7e58ae208a3f00
parent32d3228d864cb6af8c679a7742f4b0a71c2facc0 (diff)
MD5 authentication in OSPF works. :-)
-rw-r--r--nest/config.Y7
-rw-r--r--proto/ospf/packet.c13
2 files changed, 10 insertions, 10 deletions
diff --git a/nest/config.Y b/nest/config.Y
index 7a83a60a..744c0692 100644
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -2,6 +2,7 @@
* BIRD -- Core Configuration
*
* (c) 1998--2000 Martin Mares <mj@ucw.cz>
+ * (c) 2004 Ondrej Filip <feela@network.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
@@ -208,7 +209,7 @@ password_item:
password_item_begin:
PASSWORD TEXT {
- static int id = 0;
+ static int id = 1;
this_p_item = cfg_alloc(sizeof (struct password_item));
this_p_item->password = $2;
this_p_item->genfrom = 0;
@@ -226,7 +227,7 @@ password_item_params:
| GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
| ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
| ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
- | ID expr ';' password_item_params { this_p_item->id = $2; }
+ | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
;
password_list:
@@ -254,7 +255,7 @@ password_begin:
this_p_item->gento = TIME_INFINITY;
this_p_item->accfrom = 0;
this_p_item->accto = TIME_INFINITY;
- this_p_item->id = 0;
+ this_p_item->id = 1;
add_tail(this_p_list, &this_p_item->n);
$$ = this_p_list;
}
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index 9d5a924d..488a3a29 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
MD5Final(tail, &ctxt);
-
break;
default:
bug("Unknown authentication type");
@@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
WALK_LIST(ptmp, *(ifa->passwords))
{
- if (pkt->u.md5.keyid != pass->id) continue;
- if ((pass->genfrom > now) || (pass->gento < now)) continue;
+ if (pkt->u.md5.keyid != ptmp->id) continue;
+ if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue;
pass = ptmp;
break;
}
@@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
if(n)
{
- if(ntohs(pkt->u.md5.csn) <= n->csn)
+ if(ntohs(pkt->u.md5.csn) < n->csn)
{
OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
return 0;
}
-
n->csn = ntohs(pkt->u.md5.csn);
}
@@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
MD5Final(md5sum, &ctxt);
- if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
+ if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
{
OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
return 0;
@@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size)
return 1;
}
- if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
+ if ((ps->autype != htons(OSPF_AUTH_CRYPT)) &&
+ (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
{
log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);