0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-09 12:48:43 +00:00
bird/nest/password.c

114 lines
2.3 KiB
C
Raw Normal View History

/*
* BIRD -- Password handling
*
* (c) 1999 Pavel Machek <pavel@ucw.cz>
* (c) 2004 Ondrej Filip <feela@network.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "nest/bird.h"
#include "nest/password.h"
#include "conf/conf.h"
2002-11-13 08:47:06 +00:00
#include "lib/string.h"
#include "lib/timer.h"
#include "lib/mac.h"
struct password_item *last_password_item = NULL;
1999-05-31 17:12:00 +00:00
struct password_item *
password_find(list *l, int first_fit)
1999-05-31 17:12:00 +00:00
{
struct password_item *pi;
struct password_item *pf = NULL;
btime now_ = current_real_time();
1999-05-31 17:12:00 +00:00
2004-07-01 15:01:26 +00:00
if (l)
{
2004-07-01 15:01:26 +00:00
WALK_LIST(pi, *l)
{
if ((pi->genfrom < now_) && (pi->gento > now_))
{
if (first_fit)
return pi;
if (!pf || pf->genfrom < pi->genfrom)
pf = pi;
}
2004-07-01 15:01:26 +00:00
}
1999-05-31 17:12:00 +00:00
}
return pf;
1999-05-31 17:12:00 +00:00
}
2014-10-24 08:27:21 +00:00
struct password_item *
password_find_by_id(list *l, uint id)
{
2014-10-24 08:27:21 +00:00
struct password_item *pi;
btime now_ = current_real_time();
2014-10-24 08:27:21 +00:00
if (!l)
return NULL;
WALK_LIST(pi, *l)
if ((pi->id == id) && (pi->accfrom <= now_) && (now_ < pi->accto))
2014-10-24 08:27:21 +00:00
return pi;
return NULL;
}
struct password_item *
password_find_by_value(list *l, char *pass, uint size)
{
struct password_item *pi;
btime now_ = current_real_time();
if (!l)
return NULL;
WALK_LIST(pi, *l)
if (password_verify(pi, pass, size) && (pi->accfrom <= now_) && (now_ < pi->accto))
return pi;
return NULL;
}
uint
max_mac_length(list *l)
{
struct password_item *pi;
uint val = 0;
if (!l)
return 0;
WALK_LIST(pi, *l)
val = MAX(val, mac_type_length(pi->alg));
return val;
}
/**
* password_validate_length - enforce key length restrictions
* @pi: Password item
*
* This is a common MAC algorithm validation function that will enforce that the
* key length constrains specified in the MAC type table.
*/
void
password_validate_length(const struct password_item *pi)
{
if (!pi->alg)
return;
const struct mac_desc *alg = &mac_table[pi->alg];
if (alg->min_key_length && (pi->length < alg->min_key_length))
cf_error("Key length (%u B) below minimum length of %u B for %s",
pi->length, alg->min_key_length, alg->name);
if (alg->max_key_length && (pi->length > alg->max_key_length))
cf_error("Key length (%u B) exceeds maximum length of %u B for %s",
pi->length, alg->max_key_length, alg->name);
}