Revision b21f68b4

View differences:

doc/bird.sgml
1072 1072
			rx buffer [normal|large|<num>];
1073 1073
			type [broadcast|nonbroadcast|pointopoint];
1074 1074
			strict nonbroadcast <switch>;
1075
			authentication [none|simple];
1075
			authentication [none|simple|cryptographics];
1076 1076
			password "<text>";
1077
			passwords {
1078
				password "<text>" {
1079
					id <num>;
1080
					generate from "<date>";
1081
					generate to "<date>";
1082
					accept from "<date>";
1083
					accept to "<date>";
1084
				};
1077
			password "<text>" {
1078
				id <num>;
1079
				generate from "<date>";
1080
				generate to "<date>";
1081
				accept from "<date>";
1082
				accept to "<date>";
1085 1083
			};
1086 1084
			neighbors {
1087 1085
				<ip>;
......
1210 1208
	 very weak.
1211 1209

  
1212 1210
	<tag>authentication cryptographic</tag>
1213
	 16-byte long md5 digest is appended to every packet. For the digest
1211
	 16-byte long MD5 digest is appended to every packet. For the digest
1214 1212
         generation 16-byte long passwords are used. Those passwords are 
1215 1213
         not sent via network, so this mechanismus is quite secure.
1216 1214
         Packets can still be read by an attacker.
......
1220 1218

  
1221 1219
	<tag>id <M>num</M></tag>
1222 1220
	 ID of the password, (0-255). If it's not used, BIRD will choose
1223
	 some automatically.
1221
	 ID based on an order of the password item in the interface. For
1222
	 example, second password item in one interface will have default
1223
	 ID 2.  
1224 1224

  
1225 1225
	<tag>generate from <M>date</M></tag>
1226 1226
	 The start time of the usage of the password for packet signing.
......
1439 1439
URL="http://www.ietf.org/html.charters/rip-charter.html" name="http://www.ietf.org/html.charters/rip-charter.html">. Both IPv4  
1440 1440
(RFC 1723<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1723.txt">)
1441 1441
and IPv6 (RFC 2080<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2080.txt">) versions of RIP are supported by BIRD, historical RIPv1 (RFC 1058<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1058.txt">)is
1442
not currently supported. RIPv4 md5 authentication (RFC 2082<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2082.txt">) is supported.
1442
not currently supported. RIPv4 MD5 authentication (RFC 2082<htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2082.txt">) is supported.
1443 1443

  
1444 1444
<p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow
1445 1445
convergence, big network load and inability to handle larger networks
......
1454 1454
<descrip>
1455 1455
	<tag/authentication none|plaintext|md5/ selects authentication method to be used. <cf/none/ means that
1456 1456
	  packets are not authenticated at all, <cf/plaintext/ means that a plaintext password is embedded
1457
	  into each packet, and <cf/md5/ means that packets are authenticated using a md5 cryptographic
1457
	  into each packet, and <cf/md5/ means that packets are authenticated using a MD5 cryptographic
1458 1458
	  hash. If you set authentication to not-none, it is a good idea to add <cf>passwords { }</cf>
1459 1459
	  section. Default: none.
1460 1460

  
nest/config.Y
20 20
static struct iface_patt *this_ipatt;
21 21
static list *this_p_list;
22 22
static struct password_item *this_p_item;
23
static int password_id;
24

  
25
static list *
26
get_passwords(void)
27
{
28
  list *rv = this_p_list;
29
  this_p_list = NULL;
30
  return rv;
31
}
32

  
23 33

  
24 34
CF_DECLS
25 35

  
......
37 47
%type <i32> idval
38 48
%type <f> imexport
39 49
%type <r> rtable
40
%type <p> password_list password_begin password_begin_list
41 50
%type <s> optsym
42 51
%type <ra> r_args
43 52
%type <i> echo_mask echo_size debug_mask debug_list debug_flag import_or_proto
......
197 206

  
198 207
/* Password lists */
199 208

  
209
password_list:
210
   PASSWORDS '{' password_items '}'
211
 | password_item
212
;
213

  
200 214
password_items: 
201 215
    /* empty */
202 216
  | password_item ';' password_items
......
209 223

  
210 224
password_item_begin:
211 225
   PASSWORD TEXT {
212
     static int id = 1;
226
     if (!this_p_list) {
227
     	this_p_list = cfg_alloc(sizeof(list));
228
     	init_list(this_p_list);
229
        password_id = 1;
230
     }
213 231
     this_p_item = cfg_alloc(sizeof (struct password_item));
214 232
     this_p_item->password = $2;
215 233
     this_p_item->genfrom = 0;
216 234
     this_p_item->gento = TIME_INFINITY;
217 235
     this_p_item->accfrom = 0;
218 236
     this_p_item->accto = TIME_INFINITY;
219
     this_p_item->id = id++;
237
     this_p_item->id = password_id++;
220 238
     add_tail(this_p_list, &this_p_item->n);
221 239
   }
222 240
;
......
230 248
 | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
231 249
 ;
232 250

  
233
password_list:
234
   password_begin_list '{' password_items '}' {
235
     $$ = $1;
236
   }
237
 | password_begin
238
;
239

  
240
password_begin_list:
241
  PASSWORDS {
242
     this_p_list = cfg_alloc(sizeof(list));
243
     init_list(this_p_list);
244
     $$ = (void *) this_p_list;
245
  }
246
;
247

  
248
password_begin:
249
  PASSWORD TEXT {
250
     this_p_list = cfg_alloc(sizeof(list));
251
     init_list(this_p_list);
252
     this_p_item = cfg_alloc(sizeof (struct password_item));
253
     this_p_item->password = $2;
254
     this_p_item->genfrom = 0;
255
     this_p_item->gento = TIME_INFINITY;
256
     this_p_item->accfrom = 0;
257
     this_p_item->accto = TIME_INFINITY;
258
     this_p_item->id = 1;
259
     add_tail(this_p_list, &this_p_item->n);
260
     $$ = (void *) this_p_list;
261
  }
262
;
263 251

  
264 252
/* Core commands */
265 253
CF_CLI_HELP(SHOW, ..., [[Show status information]])
nest/password.c
14 14
struct password_item *last_password_item = NULL;
15 15

  
16 16
struct password_item *
17
password_find(list *l)
17
password_find(list *l, int first_fit)
18 18
{
19 19
  struct password_item *pi;
20
  struct password_item *pf = NULL;
20 21

  
21 22
  if (l)
22 23
  {
23 24
    WALK_LIST(pi, *l)
24 25
    {
25 26
      if ((pi->genfrom < now_real) && (pi->gento > now_real))
26
        return pi;
27
      {
28
	if (first_fit)
29
	  return pi;
30

  
31
	if (!pf || pf->genfrom < pi->genfrom)
32
	  pf = pi;
33
      }
27 34
    }
28 35
  }
29
  return NULL;
36
  return pf;
30 37
}
31 38

  
32 39
void password_cpy(char *dst, char *src, int size)
nest/password.h
22 22

  
23 23
extern struct password_item *last_password_item;
24 24

  
25
struct password_item *password_find(list *);
25
struct password_item *password_find(list *l, int first_fit);
26 26
void password_cpy(char *dst, char *src, int size);
27 27

  
28 28
#endif
proto/ospf/config.Y
32 32

  
33 33
CF_GRAMMAR
34 34

  
35
CF_ADDTO(proto, ospf_proto '}')
35
CF_ADDTO(proto, ospf_proto '}' { OSPF_PATT->passwords = get_passwords(); } )
36 36

  
37 37
ospf_proto_start: proto_start OSPF {
38 38
     this_proto = proto_config_new(&proto_ospf, sizeof(struct ospf_config));
......
102 102
 | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
103 103
 | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
104 104
 | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
105
 | password_list {OSPF_PATT->passwords = (list *) $1; }
105
 | password_list 
106 106
 ;
107 107

  
108 108
ospf_vlink_start: VIRTUAL LINK idval
......
146 146
 | RX BUFFER LARGE { OSPF_PATT->rxbuf = OSPF_RXBUF_LARGE ; } 
147 147
 | RX BUFFER NORMAL { OSPF_PATT->rxbuf = OSPF_RXBUF_NORMAL ; } 
148 148
 | RX BUFFER expr { OSPF_PATT->rxbuf = $3 ; if ($3 < OSPF_RXBUF_MINSIZE) cf_error("Buffer size is too small") ; } 
149
 | password_list {OSPF_PATT->passwords = (list *) $1; }
149
 | password_list
150 150
 ;
151 151

  
152 152
pref_list:
proto/ospf/packet.c
41 41
void
42 42
ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
43 43
{
44
  struct password_item *passwd = password_find (ifa->passwords);
44
  struct password_item *passwd = NULL;
45 45
  void *tail;
46 46
  struct MD5Context ctxt;
47 47
  char password[OSPF_AUTH_CRYPT_SIZE];
......
52 52
  {
53 53
    case OSPF_AUTH_SIMPLE:
54 54
      bzero(&pkt->u, sizeof(union ospf_auth));
55
      passwd = password_find(ifa->passwords, 1);
55 56
      if (!passwd)
56 57
      {
57 58
        log( L_ERR "No suitable password found for authentication" );
......
65 66
				  sizeof(struct ospf_packet), NULL);
66 67
      break;
67 68
    case OSPF_AUTH_CRYPT:
69
      passwd = password_find(ifa->passwords, 0);
68 70
      if (!passwd)
69 71
      {
70 72
        log( L_ERR "No suitable password found for authentication" );
......
123 125
      return 1;
124 126
      break;
125 127
    case OSPF_AUTH_SIMPLE:
126
      pass = password_find (ifa->passwords);
128
      pass = password_find(ifa->passwords, 1);
127 129
      if(!pass)
128 130
      {
129 131
        OSPF_TRACE(D_PACKETS, "OSPF_auth: no password found");
proto/rip/auth.c
39 39
  switch (ntohs(block->authtype)) {	/* Authentication type */
40 40
  case AT_PLAINTEXT: 
41 41
    {
42
      struct password_item *passwd = password_find(P_CF->passwords);
42
      struct password_item *passwd = password_find(P_CF->passwords, 1);
43 43
      DBG( "Plaintext passwd" );
44 44
      if (!passwd) {
45 45
	log( L_AUTH "No passwords set and password authentication came" );
......
115 115
int
116 116
rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
117 117
{
118
  struct password_item *passwd = password_find( P_CF->passwords);
118
  struct password_item *passwd = password_find(P_CF->passwords, 1);
119 119

  
120 120
  if (!P_CF->authtype)
121 121
    return PACKETLEN(num);
proto/rip/config.Y
34 34

  
35 35
CF_GRAMMAR
36 36

  
37
CF_ADDTO(proto, rip_cfg '}')
37
CF_ADDTO(proto, rip_cfg '}' { RIP_CFG->passwords = get_passwords(); } )
38 38

  
39 39
rip_cfg_start: proto_start RIP {
40 40
     this_proto = proto_config_new(&proto_rip, sizeof(struct rip_proto_config));
......
51 51
 | rip_cfg GARBAGE TIME expr ';' { RIP_CFG->garbage_time = $4; }
52 52
 | rip_cfg TIMEOUT TIME expr ';' { RIP_CFG->timeout_time = $4; }
53 53
 | rip_cfg AUTHENTICATION rip_auth ';' {RIP_CFG->authtype = $3; }
54
 | rip_cfg password_list ';' {RIP_CFG->passwords = (list *)$2; }
54
 | rip_cfg password_list ';'
55 55
 | rip_cfg HONOR ALWAYS ';'    { RIP_CFG->honor = HO_ALWAYS; }
56 56
 | rip_cfg HONOR NEIGHBOR ';'    { RIP_CFG->honor = HO_NEIGHBOR; }
57 57
 | rip_cfg HONOR NEVER ';'    { RIP_CFG->honor = HO_NEVER; }

Also available in: Unified diff