diff options
author | Pavel Machek <pavel@ucw.cz> | 1999-10-02 12:44:48 +0200 |
---|---|---|
committer | Pavel Machek <pavel@ucw.cz> | 1999-10-02 12:44:48 +0200 |
commit | ac40c888c21c72ae7f6c3d329dd2ba5417eec009 (patch) | |
tree | 028e6a4399941eef43afbbf68812aec7fbc92c59 | |
parent | 7db7b7db603a2d852066c313da76c72673a204fa (diff) | |
download | bird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.tar bird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.zip |
Obvious bugs in authentication fixed.
-rw-r--r-- | bird.conf | 9 | ||||
-rw-r--r-- | nest/config.Y | 6 | ||||
-rw-r--r-- | nest/password.c | 1 | ||||
-rw-r--r-- | proto/rip/auth.c | 6 | ||||
-rw-r--r-- | proto/rip/rip.c | 14 |
5 files changed, 25 insertions, 11 deletions
@@ -49,8 +49,8 @@ int i; callme ( 7, 2, ); print "done"; - quitbird; - print "*** FAIL: this is unreachable"; +# quitbird; +# print "*** FAIL: this is unreachable"; } filter testf @@ -67,12 +67,13 @@ protocol rip MyRIP_test { port 1520; period 5; garbagetime 30; - interface "*"; + interface "*" { mode broadcast; }; export filter testf; honour neighbour; passwords { password "ahoj" from 0 to 10; - password "nazdar" from 10 to 20; + password "nazdar" from 10; } + authentication md5; } protocol device { diff --git a/nest/config.Y b/nest/config.Y index dfef4e2..91cdad1 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -159,7 +159,7 @@ password_begin: last_password_item = cfg_alloc(sizeof (struct password_item)); last_password_item->password = $2; last_password_item->from = 0; - last_password_item->to = ~0; + last_password_item->to = 2000000000; last_password_item->id = 0; last_password_item->next = NULL; $$=last_password_item; @@ -177,8 +177,8 @@ password_items: password_list: /* empty */ { $$ = NULL; } | password_begin password_items ';' password_list { - last_password_item->next = $4; - $$ = last_password_item; + $1->next = $4; + $$ = $1; } ; diff --git a/nest/password.c b/nest/password.c index f0f433a..6a02028 100644 --- a/nest/password.c +++ b/nest/password.c @@ -35,6 +35,7 @@ get_best_password(struct password_item *head, int flags) good = cur; best = head; } + head=head->next; } return best; } diff --git a/proto/rip/auth.c b/proto/rip/auth.c index 9dd26da..7d09f27 100644 --- a/proto/rip/auth.c +++ b/proto/rip/auth.c @@ -61,8 +61,10 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru head = P_CF->passwords; while (head) { /* FIXME: should check serial numbers, somehow */ + DBG( "time, " ); if ((head->from > now) || (head->to < now)) - continue; + goto skip; + DBG( "check, " ); if (head->id == block->keyid) { struct MD5Context ctxt; char md5sum_packet[16]; @@ -77,7 +79,9 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru if (memcmp(md5sum_packet, md5sum_computed, 16)) return 1; + return 0; } + skip: head = head->next; } return 1; diff --git a/proto/rip/rip.c b/proto/rip/rip.c index ef98a78..7fcf624 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -60,6 +60,7 @@ rip_tx( sock *s ) struct rip_packet *packet = (void *) s->tbuf; int i; + DBG( "Sending to %I\n", s->daddr ); do { if (c->done) { @@ -285,7 +286,11 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr if (!neigh_find( p, &whotoldme, 0 )) { log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme ); +#if 0 return 0; +#else + log( L_ERR "...ignoring" ); +#endif } for (i=0; i<num; i++) { @@ -294,7 +299,8 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr if (!i) { if (rip_incoming_authentication(p, (void *) block, packet, num)) BAD( "Authentication failed" ); - } else BAD( "Authentication is not the first!" ); + } + /* FIXME: Need to reject packets which have no authentication */ ipa_ntoh( block->network ); ipa_ntoh( block->netmask ); ipa_ntoh( block->nexthop ); @@ -500,8 +506,10 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_ if (flags & IF_BROADCAST) rif->sock->daddr = new->addr->brd; - if (flags & IF_UNNUMBERED) /* Hmm, rip is not defined over unnumbered links */ + if (flags & IF_UNNUMBERED) { rif->sock->daddr = new->addr->opposite; + log( L_WARN "RIP/%s: rip is not defined over unnumbered links\n", P_NAME ); + } if (want_multicast) { rif->sock->daddr = ipa_from_u32(0xe0000009); rif->sock->saddr = ipa_from_u32(0xe0000009); @@ -516,7 +524,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_ /* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */ } - log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast" ); + log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s (%I)", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast", rif->sock->daddr ); return rif; } |