Fix bugs in OSPF MD5 authentication. First bug is that default

values for MD5 password ID changed during reconfigure, Second bug is that BIRD chooses password in first-fit manner, but RFC says that it should use the one with the latest generate-from. It also modifies the syntax for multiple passwords. Now it is possible to just add more 'password' statements to the interface section and it is not needed to use 'passwords' section. Old syntax can be used too.
author: Ondrej Zajicek <santiago@crfreenet.org> 2008-11-08 17:24:23 +0100
committer: Ondrej Zajicek <santiago@crfreenet.org> 2008-11-08 17:24:23 +0100
commit: b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a (patch)
tree: 2bbf675877333084f912c5b18eae34eb247851b3 /proto
parent: 08cca48a149bd6d5210659daf220b6dae87a43b3 (diff)
download: bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.tar
bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.zip
4 files changed, 11 insertions, 9 deletions
diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y
index dfcab4e..0956d9e 100644
--- a/proto/ospf/config.Y
+++ b/proto/ospf/config.Y
@@ -32,7 +32,7 @@ CF_KEYWORDS(RX, BUFFER, LARGE, NORMAL)
 
 CF_GRAMMAR
 
-CF_ADDTO(proto, ospf_proto '}')
+CF_ADDTO(proto, ospf_proto '}' { OSPF_PATT->passwords = get_passwords(); } )
 
 ospf_proto_start: proto_start OSPF {
      this_proto = proto_config_new(&proto_ospf, sizeof(struct ospf_config));
@@ -102,7 +102,7 @@ ospf_vlink_item:
  | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
  | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
  | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
- | password_list {OSPF_PATT->passwords = (list *) $1; }
+ | password_list 
  ;
 
 ospf_vlink_start: VIRTUAL LINK idval
@@ -146,7 +146,7 @@ ospf_iface_item:
  | RX BUFFER LARGE { OSPF_PATT->rxbuf = OSPF_RXBUF_LARGE ; } 
  | RX BUFFER NORMAL { OSPF_PATT->rxbuf = OSPF_RXBUF_NORMAL ; } 
  | RX BUFFER expr { OSPF_PATT->rxbuf = $3 ; if ($3 < OSPF_RXBUF_MINSIZE) cf_error("Buffer size is too small") ; } 
- | password_list {OSPF_PATT->passwords = (list *) $1; }
+ | password_list
  ;
 
 pref_list:
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index 4e8dcaf..ee35282 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -41,7 +41,7 @@ ospf_pkt_maxsize(struct ospf_iface *ifa)
 void
 ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
 {
-  struct password_item *passwd = password_find (ifa->passwords);
+  struct password_item *passwd = NULL;
   void *tail;
   struct MD5Context ctxt;
   char password[OSPF_AUTH_CRYPT_SIZE];
@@ -52,6 +52,7 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
   {
     case OSPF_AUTH_SIMPLE:
       bzero(&pkt->u, sizeof(union ospf_auth));
+      passwd = password_find(ifa->passwords, 1);
       if (!passwd)
       {
         log( L_ERR "No suitable password found for authentication" );
@@ -65,6 +66,7 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
 				  sizeof(struct ospf_packet), NULL);
       break;
     case OSPF_AUTH_CRYPT:
+      passwd = password_find(ifa->passwords, 0);
       if (!passwd)
       {
         log( L_ERR "No suitable password found for authentication" );
@@ -123,7 +125,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
       return 1;
       break;
     case OSPF_AUTH_SIMPLE:
-      pass = password_find (ifa->passwords);
+      pass = password_find(ifa->passwords, 1);
       if(!pass)
       {
         OSPF_TRACE(D_PACKETS, "OSPF_auth: no password found");
diff --git a/proto/rip/auth.c b/proto/rip/auth.c
index 1f7050f..b7b0611 100644
--- a/proto/rip/auth.c
+++ b/proto/rip/auth.c
@@ -39,7 +39,7 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
   switch (ntohs(block->authtype)) {	/* Authentication type */
   case AT_PLAINTEXT: 
     {
-      struct password_item *passwd = password_find(P_CF->passwords);
+      struct password_item *passwd = password_find(P_CF->passwords, 1);
       DBG( "Plaintext passwd" );
       if (!passwd) {
 	log( L_AUTH "No passwords set and password authentication came" );
@@ -115,7 +115,7 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
 int
 rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
 {
-  struct password_item *passwd = password_find( P_CF->passwords);
+  struct password_item *passwd = password_find(P_CF->passwords, 1);
 
   if (!P_CF->authtype)
     return PACKETLEN(num);
diff --git a/proto/rip/config.Y b/proto/rip/config.Y
index bd303e9..f1ae43c 100644
--- a/proto/rip/config.Y
+++ b/proto/rip/config.Y
@@ -34,7 +34,7 @@ CF_KEYWORDS(RIP, INFINITY, METRIC, PORT, PERIOD, GARBAGE, TIMEOUT, PASSWORDS,
 
 CF_GRAMMAR
 
-CF_ADDTO(proto, rip_cfg '}')
+CF_ADDTO(proto, rip_cfg '}' { RIP_CFG->passwords = get_passwords(); } )
 
 rip_cfg_start: proto_start RIP {
      this_proto = proto_config_new(&proto_rip, sizeof(struct rip_proto_config));
@@ -51,7 +51,7 @@ rip_cfg:
  | rip_cfg GARBAGE TIME expr ';' { RIP_CFG->garbage_time = $4; }
  | rip_cfg TIMEOUT TIME expr ';' { RIP_CFG->timeout_time = $4; }
  | rip_cfg AUTHENTICATION rip_auth ';' {RIP_CFG->authtype = $3; }
- | rip_cfg password_list ';' {RIP_CFG->passwords = (list *)$2; }
+ | rip_cfg password_list ';'
  | rip_cfg HONOR ALWAYS ';'    { RIP_CFG->honor = HO_ALWAYS; }
  | rip_cfg HONOR NEIGHBOR ';'    { RIP_CFG->honor = HO_NEIGHBOR; }
  | rip_cfg HONOR NEVER ';'    { RIP_CFG->honor = HO_NEVER; }
author	Ondrej Zajicek <santiago@crfreenet.org>	2008-11-08 17:24:23 +0100
committer	Ondrej Zajicek <santiago@crfreenet.org>	2008-11-08 17:24:23 +0100
commit	b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a (patch)
tree	2bbf675877333084f912c5b18eae34eb247851b3 /proto
parent	08cca48a149bd6d5210659daf220b6dae87a43b3 (diff)
download	bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.tar bird-b21f68b4cd4794c84e5f0eb2c34204c87ccf0e9a.zip