Statistics
| Branch: | Revision:

iof-bird-daemon / proto / rip / auth.c @ b21f68b4

History | View | Annotate | Download (4.82 KB)

1 1b16029c Pavel Machek
/*
2
 *        Rest in pieces - RIP protocol
3
 *
4
 *        Copyright (c) 1999 Pavel Machek <pavel@ucw.cz>
5 5236fb03 Ondrej Filip
 *        Copyright (c) 2004 Ondrej Filip <feela@network.cz>
6 1b16029c Pavel Machek
 *
7 8cf76fa8 Martin Mares
 *        Bug fixes by Eric Leblond <eleblond@init-sys.com>, April 2003
8
 * 
9 1b16029c Pavel Machek
 *        Can be freely distributed and used under the terms of the GNU GPL.
10
 */
11
12 8cf76fa8 Martin Mares
#undef LOCAL_DEBUG
13 1b16029c Pavel Machek
14
#include "nest/bird.h"
15
#include "nest/iface.h"
16
#include "nest/protocol.h"
17
#include "nest/route.h"
18
#include "lib/socket.h"
19
#include "lib/resource.h"
20
#include "lib/lists.h"
21
#include "lib/timer.h"
22 91c7c741 Pavel Machek
#include "lib/md5.h"
23 221135d6 Martin Mares
#include "lib/string.h"
24 1b16029c Pavel Machek
25
#include "rip.h"
26
27
#define P ((struct rip_proto *) p)
28
#define P_CF ((struct rip_proto_config *)p->cf)
29
30 29818140 Pavel Machek
#define PACKETLEN(num) (num * sizeof(struct rip_block) + sizeof(struct rip_packet_heading))
31
32 4c5f93d7 Pavel Machek
/*
33 b093c328 Pavel Machek
 * rip_incoming_authentication - check authentication of incomming packet and return 1 if there's problem.
34
 */
35 1b16029c Pavel Machek
int
36 639e6285 Pavel Machek
rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
37 1b16029c Pavel Machek
{
38
  DBG( "Incoming authentication: " );
39 8cf76fa8 Martin Mares
  switch (ntohs(block->authtype)) {        /* Authentication type */
40 d3702d57 Pavel Machek
  case AT_PLAINTEXT: 
41
    {
42 b21f68b4 Ondrej Zajicek
      struct password_item *passwd = password_find(P_CF->passwords, 1);
43 d3702d57 Pavel Machek
      DBG( "Plaintext passwd" );
44
      if (!passwd) {
45 df49d4e1 Martin Mares
        log( L_AUTH "No passwords set and password authentication came" );
46 d3702d57 Pavel Machek
        return 1;
47
      }
48
      if (strncmp( (char *) (&block->packetlen), passwd->password, 16)) {
49 df49d4e1 Martin Mares
        log( L_AUTH "Passwd authentication failed!" );
50 19bd5c8e Pavel Machek
        DBG( "Expected %s, got %.16s\n", passwd->password, &block->packetlen );
51 d3702d57 Pavel Machek
        return 1;
52
      }
53 1b16029c Pavel Machek
    }
54 5236fb03 Ondrej Filip
    break;
55 10915c96 Pavel Machek
  case AT_MD5:
56
    DBG( "md5 password" );
57
    {
58 5236fb03 Ondrej Filip
      struct password_item *pass = NULL, *ptmp;
59 91c7c741 Pavel Machek
      struct rip_md5_tail *tail;
60 5236fb03 Ondrej Filip
      struct MD5Context ctxt;
61
      char md5sum_packet[16];
62
      char md5sum_computed[16];
63
      struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
64
      list *l = P_CF->passwords;
65
66 8cf76fa8 Martin Mares
      if (ntohs(block->packetlen) != PACKETLEN(num) - sizeof(struct rip_md5_tail) ) {
67 df49d4e1 Martin Mares
        log( L_ERR "Packet length in MD5 does not match computed value" );
68 29818140 Pavel Machek
        return 1;
69
      }
70 bce8a34b Pavel Machek
71 8cf76fa8 Martin Mares
      tail = (struct rip_md5_tail *) ((char *) packet + (ntohs(block->packetlen) ));
72
      if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0100)) {
73 df49d4e1 Martin Mares
        log( L_ERR "MD5 tail signature is not there" );
74 d3702d57 Pavel Machek
        return 1;
75
      }
76 91c7c741 Pavel Machek
77 5236fb03 Ondrej Filip
      WALK_LIST(ptmp, *l)
78
      {
79 c6dce04b Ondrej Filip
        if (block->keyid != ptmp->id) continue;
80 fd91ae33 Ondrej Zajicek
        if ((ptmp->genfrom > now_real) || (ptmp->gento < now_real)) continue;
81 5236fb03 Ondrej Filip
        pass = ptmp;
82
        break;
83
      }
84
85
      if(!pass) return 1;
86
87
      if (!neigh) {
88
        log( L_AUTH "Non-neighbour MD5 checksummed packet?" );
89
      } else {
90
        if (neigh->aux > block->seq) {
91
          log( L_AUTH "MD5 protected packet with lower numbers" );
92
          return 1;
93
        }
94
        neigh->aux = block->seq;
95 10915c96 Pavel Machek
      }
96 5236fb03 Ondrej Filip
97
      memcpy(md5sum_packet, tail->md5, 16);
98
      password_cpy(tail->md5, pass->password, 16);
99
100
      MD5Init(&ctxt);
101
      MD5Update(&ctxt, (char *) packet, ntohs(block->packetlen) +  sizeof(struct rip_block_auth) );
102
      MD5Final(md5sum_computed, &ctxt);
103
      if (memcmp(md5sum_packet, md5sum_computed, 16))
104
        return 1;
105 10915c96 Pavel Machek
    }
106 1b16029c Pavel Machek
  }
107
    
108
  return 0;
109
}
110
111 4c5f93d7 Pavel Machek
/*
112 b093c328 Pavel Machek
 * rip_outgoing_authentication - append authentication information to the packet.
113
 * %num: number of rip_blocks already in packets. This function returns size of packet to send.
114
 */
115 d3702d57 Pavel Machek
int
116 10915c96 Pavel Machek
rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
117 1b16029c Pavel Machek
{
118 b21f68b4 Ondrej Zajicek
  struct password_item *passwd = password_find(P_CF->passwords, 1);
119 d3702d57 Pavel Machek
120
  if (!P_CF->authtype)
121
    return PACKETLEN(num);
122
123 1b16029c Pavel Machek
  DBG( "Outgoing authentication: " );
124
125 bce8a34b Pavel Machek
  if (!passwd) {
126 df49d4e1 Martin Mares
    log( L_ERR "No suitable password found for authentication" );
127 d3702d57 Pavel Machek
    return PACKETLEN(num);
128 bce8a34b Pavel Machek
  }
129
130 8cf76fa8 Martin Mares
  block->authtype = htons(P_CF->authtype);
131 bce8a34b Pavel Machek
  block->mustbeFFFF = 0xffff;
132 1b16029c Pavel Machek
  switch (P_CF->authtype) {
133
  case AT_PLAINTEXT:
134 5236fb03 Ondrej Filip
    password_cpy( (char *) (&block->packetlen), passwd->password, 16);
135 d3702d57 Pavel Machek
    return PACKETLEN(num);
136 bce8a34b Pavel Machek
  case AT_MD5:
137
    {
138
      struct rip_md5_tail *tail;
139
      struct MD5Context ctxt;
140 3cb96cd3 Martin Mares
      static u32 sequence = 0;
141 bce8a34b Pavel Machek
142
      if (num > PACKET_MD5_MAX)
143 df49d4e1 Martin Mares
        bug(  "We can not add MD5 authentication to this long packet" );
144 bce8a34b Pavel Machek
145 3cb96cd3 Martin Mares
      /* need to preset the sequence number to a sane value */
146 0757bcb7 Martin Mares
      if (!sequence)
147 3cb96cd3 Martin Mares
        sequence = (u32) time(NULL);
148
149 bce8a34b Pavel Machek
      block->keyid = passwd->id;
150 8cf76fa8 Martin Mares
      block->authlen = sizeof(struct rip_block_auth);
151 bce8a34b Pavel Machek
      block->seq = sequence++;
152
      block->zero0 = 0;
153 d3702d57 Pavel Machek
      block->zero1 = 0;
154 8cf76fa8 Martin Mares
      block->packetlen = htons(PACKETLEN(num));
155
      tail = (struct rip_md5_tail *) ((char *) packet + PACKETLEN(num) );
156 bce8a34b Pavel Machek
      tail->mustbeFFFF = 0xffff;
157 8cf76fa8 Martin Mares
      tail->mustbe0001 = 0x0100;
158 bce8a34b Pavel Machek
159 5236fb03 Ondrej Filip
      password_cpy(tail->md5, passwd->password, 16);
160 bce8a34b Pavel Machek
      MD5Init(&ctxt);
161 8cf76fa8 Martin Mares
      MD5Update(&ctxt, (char *) packet, PACKETLEN(num) + sizeof(struct  rip_md5_tail));
162
      MD5Final(tail->md5, &ctxt);
163 1a509a63 Pavel Machek
      return PACKETLEN(num) + block->authlen;
164 10915c96 Pavel Machek
    }
165 d3702d57 Pavel Machek
  default:
166 df49d4e1 Martin Mares
    bug( "Unknown authtype in outgoing authentication?" );
167 1b16029c Pavel Machek
  }
168
}