diff options
| author | Ondrej Zajicek <santiago@crfreenet.org> | 2008-11-08 17:24:23 +0100 |
|---|---|---|
| committer | Ondrej Zajicek <santiago@crfreenet.org> | 2008-11-08 17:24:23 +0100 |
| commit | b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a (patch) | |
| tree | 2bbf675877333084f912c5b18eae34eb247851b3 /proto/ospf | |
| parent | 08cca48a149bd6d5210659daf220b6dae87a43b3 (diff) | |
| download | bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.tar bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.zip | |
Fix bugs in OSPF MD5 authentication. First bug is that default
values for MD5 password ID changed during reconfigure, Second
bug is that BIRD chooses password in first-fit manner, but RFC
says that it should use the one with the latest generate-from.
It also modifies the syntax for multiple passwords.
Now it is possible to just add more 'password' statements
to the interface section and it is not needed to use
'passwords' section. Old syntax can be used too.
Diffstat (limited to 'proto/ospf')
| -rw-r--r-- | proto/ospf/config.Y | 6 | ||||
| -rw-r--r-- | proto/ospf/packet.c | 6 |
2 files changed, 7 insertions, 5 deletions
diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y index dfcab4e..0956d9e 100644 --- a/proto/ospf/config.Y +++ b/proto/ospf/config.Y @@ -32,7 +32,7 @@ CF_KEYWORDS(RX, BUFFER, LARGE, NORMAL) CF_GRAMMAR -CF_ADDTO(proto, ospf_proto '}') +CF_ADDTO(proto, ospf_proto '}' { OSPF_PATT->passwords = get_passwords(); } ) ospf_proto_start: proto_start OSPF { this_proto = proto_config_new(&proto_ospf, sizeof(struct ospf_config)); @@ -102,7 +102,7 @@ ospf_vlink_item: | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; } | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; } | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; } - | password_list {OSPF_PATT->passwords = (list *) $1; } + | password_list ; ospf_vlink_start: VIRTUAL LINK idval @@ -146,7 +146,7 @@ ospf_iface_item: | RX BUFFER LARGE { OSPF_PATT->rxbuf = OSPF_RXBUF_LARGE ; } | RX BUFFER NORMAL { OSPF_PATT->rxbuf = OSPF_RXBUF_NORMAL ; } | RX BUFFER expr { OSPF_PATT->rxbuf = $3 ; if ($3 < OSPF_RXBUF_MINSIZE) cf_error("Buffer size is too small") ; } - | password_list {OSPF_PATT->passwords = (list *) $1; } + | password_list ; pref_list: diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 4e8dcaf..ee35282 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -41,7 +41,7 @@ ospf_pkt_maxsize(struct ospf_iface *ifa) void ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) { - struct password_item *passwd = password_find (ifa->passwords); + struct password_item *passwd = NULL; void *tail; struct MD5Context ctxt; char password[OSPF_AUTH_CRYPT_SIZE]; @@ -52,6 +52,7 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) { case OSPF_AUTH_SIMPLE: bzero(&pkt->u, sizeof(union ospf_auth)); + passwd = password_find(ifa->passwords, 1); if (!passwd) { log( L_ERR "No suitable password found for authentication" ); @@ -65,6 +66,7 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) sizeof(struct ospf_packet), NULL); break; case OSPF_AUTH_CRYPT: + passwd = password_find(ifa->passwords, 0); if (!passwd) { log( L_ERR "No suitable password found for authentication" ); @@ -123,7 +125,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ return 1; break; case OSPF_AUTH_SIMPLE: - pass = password_find (ifa->passwords); + pass = password_find(ifa->passwords, 1); if(!pass) { OSPF_TRACE(D_PACKETS, "OSPF_auth: no password found"); |