Statistics
| Branch: | Revision:

iof-bird-daemon / proto / rip / auth.c @ 0757bcb7

History | View | Annotate | Download (4.82 KB)

1
/*
2
 *        Rest in pieces - RIP protocol
3
 *
4
 *        Copyright (c) 1999 Pavel Machek <pavel@ucw.cz>
5
 *
6
 *        Bug fixes by Eric Leblond <eleblond@init-sys.com>, April 2003
7
 * 
8
 *        Can be freely distributed and used under the terms of the GNU GPL.
9
 */
10

    
11
#undef LOCAL_DEBUG
12

    
13
#include "nest/bird.h"
14
#include "nest/iface.h"
15
#include "nest/protocol.h"
16
#include "nest/route.h"
17
#include "lib/socket.h"
18
#include "lib/resource.h"
19
#include "lib/lists.h"
20
#include "lib/timer.h"
21
#include "lib/md5.h"
22
#include "lib/string.h"
23

    
24
#include "rip.h"
25

    
26
#define P ((struct rip_proto *) p)
27
#define P_CF ((struct rip_proto_config *)p->cf)
28

    
29
#define PACKETLEN(num) (num * sizeof(struct rip_block) + sizeof(struct rip_packet_heading))
30

    
31
/*
32
 * rip_incoming_authentication - check authentication of incomming packet and return 1 if there's problem.
33
 */
34
int
35
rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
36
{
37
  DBG( "Incoming authentication: " );
38
  switch (ntohs(block->authtype)) {        /* Authentication type */
39
  case AT_PLAINTEXT: 
40
    {
41
      struct password_item *passwd = get_best_password( P_CF->passwords, 0 );
42
      DBG( "Plaintext passwd" );
43
      if (!passwd) {
44
        log( L_AUTH "No passwords set and password authentication came" );
45
        return 1;
46
      }
47
      if (strncmp( (char *) (&block->packetlen), passwd->password, 16)) {
48
        log( L_AUTH "Passwd authentication failed!" );
49
        DBG( "Expected %s, got %.16s\n", passwd->password, &block->packetlen );
50
        return 1;
51
      }
52
    }
53
    return 0;
54
  case AT_MD5:
55
    DBG( "md5 password" );
56
    {
57
      struct password_item *head;
58
      struct rip_md5_tail *tail;
59
      if (ntohs(block->packetlen) != PACKETLEN(num) - sizeof(struct rip_md5_tail) ) {
60
        log( L_ERR "Packet length in MD5 does not match computed value" );
61
        return 1;
62
      }
63

    
64
      tail = (struct rip_md5_tail *) ((char *) packet + (ntohs(block->packetlen) ));
65
      if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0100)) {
66
        log( L_ERR "MD5 tail signature is not there" );
67
        return 1;
68
      }
69

    
70
      head = P_CF->passwords;
71
      while (head) {
72
        DBG( "time, " );
73
        if ((head->from > now) || (head->to < now))
74
          goto skip;
75
        if (block->seq) {
76
          struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
77
          if (!neigh) {
78
            log( L_AUTH "Non-neighbour MD5 checksummed packet?" );
79
          } else {
80
            if (neigh->aux > block->seq) {
81
              log( L_AUTH "MD5 protected packet with lower numbers" );
82
              return 0;
83
            }
84
            neigh->aux = block->seq;
85
          }
86
        }
87
        DBG( "check, " );
88
        if (head->id == block->keyid) {
89
          struct MD5Context ctxt;
90
          char md5sum_packet[16];
91
          char md5sum_computed[16];
92

    
93
          memset(md5sum_packet,0,16);
94
          memcpy(md5sum_packet, tail->md5, 16);
95
          password_strncpy(tail->md5, head->password, 16);
96

    
97
          MD5Init(&ctxt);
98
          MD5Update(&ctxt, (char *) packet, ntohs(block->packetlen) +  sizeof(struct rip_block_auth) );
99
          MD5Final(md5sum_computed, &ctxt);
100
          if (memcmp(md5sum_packet, md5sum_computed, 16))
101
            return 1;
102
          return 0;
103
        }
104
      skip:
105
        head = head->next;
106
      }
107
      return 1;
108
    }
109
  }
110
    
111
  return 0;
112
}
113

    
114
/*
115
 * rip_outgoing_authentication - append authentication information to the packet.
116
 * %num: number of rip_blocks already in packets. This function returns size of packet to send.
117
 */
118
int
119
rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
120
{
121
  struct password_item *passwd = get_best_password( P_CF->passwords, 0 );
122

    
123
  if (!P_CF->authtype)
124
    return PACKETLEN(num);
125

    
126
  DBG( "Outgoing authentication: " );
127

    
128
  if (!passwd) {
129
    log( L_ERR "No suitable password found for authentication" );
130
    return PACKETLEN(num);
131
  }
132

    
133
  block->authtype = htons(P_CF->authtype);
134
  block->mustbeFFFF = 0xffff;
135
  switch (P_CF->authtype) {
136
  case AT_PLAINTEXT:
137
    password_strncpy( (char *) (&block->packetlen), passwd->password, 16);
138
    return PACKETLEN(num);
139
  case AT_MD5:
140
    {
141
      struct rip_md5_tail *tail;
142
      struct MD5Context ctxt;
143
      static u32 sequence = 0;
144

    
145
      if (num > PACKET_MD5_MAX)
146
        bug(  "We can not add MD5 authentication to this long packet" );
147

    
148
      /* need to preset the sequence number to a sane value */
149
      if (!sequence)
150
        sequence = (u32) time(NULL);
151

    
152
      block->keyid = passwd->id;
153
      block->authlen = sizeof(struct rip_block_auth);
154
      block->seq = sequence++;
155
      block->zero0 = 0;
156
      block->zero1 = 0;
157
      block->packetlen = htons(PACKETLEN(num));
158
      tail = (struct rip_md5_tail *) ((char *) packet + PACKETLEN(num) );
159
      tail->mustbeFFFF = 0xffff;
160
      tail->mustbe0001 = 0x0100;
161

    
162
      memset(tail->md5,0,16);
163
      password_strncpy( tail->md5, passwd->password, 16 );
164
      MD5Init(&ctxt);
165
      MD5Update(&ctxt, (char *) packet, PACKETLEN(num) + sizeof(struct  rip_md5_tail));
166
      MD5Final(tail->md5, &ctxt);
167
      return PACKETLEN(num) + block->authlen;
168
    }
169
  default:
170
    bug( "Unknown authtype in outgoing authentication?" );
171
  }
172
}