1999-05-11 09:53:45 +00:00
|
|
|
/*
|
|
|
|
* Rest in pieces - RIP protocol
|
|
|
|
*
|
|
|
|
* Copyright (c) 1999 Pavel Machek <pavel@ucw.cz>
|
|
|
|
*
|
|
|
|
* Can be freely distributed and used under the terms of the GNU GPL.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define LOCAL_DEBUG
|
|
|
|
|
|
|
|
#include "nest/bird.h"
|
|
|
|
#include "nest/iface.h"
|
|
|
|
#include "nest/protocol.h"
|
|
|
|
#include "nest/route.h"
|
|
|
|
#include "lib/socket.h"
|
|
|
|
#include "lib/resource.h"
|
|
|
|
#include "lib/lists.h"
|
|
|
|
#include "lib/timer.h"
|
1999-05-31 19:16:22 +00:00
|
|
|
#include "lib/md5.h"
|
2000-03-31 23:30:21 +00:00
|
|
|
#include "lib/string.h"
|
1999-05-11 09:53:45 +00:00
|
|
|
|
|
|
|
#include "rip.h"
|
|
|
|
|
|
|
|
#define P ((struct rip_proto *) p)
|
|
|
|
#define P_CF ((struct rip_proto_config *)p->cf)
|
|
|
|
|
1999-08-20 09:59:39 +00:00
|
|
|
#define PACKETLEN(num) (num * sizeof(struct rip_block) + sizeof(struct rip_packet_heading))
|
|
|
|
|
2000-06-05 17:13:36 +00:00
|
|
|
/*
|
2000-06-05 12:52:57 +00:00
|
|
|
* rip_incoming_authentication - check authentication of incomming packet and return 1 if there's problem.
|
|
|
|
*/
|
1999-05-11 09:53:45 +00:00
|
|
|
int
|
1999-12-01 12:52:57 +00:00
|
|
|
rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
|
1999-05-11 09:53:45 +00:00
|
|
|
{
|
|
|
|
DBG( "Incoming authentication: " );
|
1999-05-31 17:12:38 +00:00
|
|
|
switch (block->authtype) { /* Authentication type */
|
1999-11-25 14:54:08 +00:00
|
|
|
case AT_PLAINTEXT:
|
|
|
|
{
|
|
|
|
struct password_item *passwd = get_best_password( P_CF->passwords, 0 );
|
|
|
|
DBG( "Plaintext passwd" );
|
|
|
|
if (!passwd) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_AUTH "No passwords set and password authentication came" );
|
1999-11-25 14:54:08 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (strncmp( (char *) (&block->packetlen), passwd->password, 16)) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_AUTH "Passwd authentication failed!" );
|
2002-09-21 13:57:48 +00:00
|
|
|
DBG( "Expected %s, got %.16s\n", passwd->password, &block->packetlen );
|
1999-11-25 14:54:08 +00:00
|
|
|
return 1;
|
|
|
|
}
|
1999-05-11 09:53:45 +00:00
|
|
|
}
|
|
|
|
return 0;
|
1999-05-31 17:12:38 +00:00
|
|
|
case AT_MD5:
|
|
|
|
DBG( "md5 password" );
|
|
|
|
{
|
|
|
|
struct password_item *head;
|
1999-05-31 19:16:22 +00:00
|
|
|
struct rip_md5_tail *tail;
|
|
|
|
|
1999-11-25 15:03:12 +00:00
|
|
|
if (block->packetlen != PACKETLEN(num)) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_ERR "Packet length in MD5 does not match computed value" );
|
1999-08-20 09:59:39 +00:00
|
|
|
return 1;
|
|
|
|
}
|
1999-08-18 13:19:33 +00:00
|
|
|
|
1999-05-31 19:22:40 +00:00
|
|
|
tail = (struct rip_md5_tail *) ((char *) packet + (block->packetlen - sizeof(struct rip_block_auth)));
|
1999-11-25 14:54:08 +00:00
|
|
|
if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0001)) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_ERR "MD5 tail signature is not there" );
|
1999-11-25 14:54:08 +00:00
|
|
|
return 1;
|
|
|
|
}
|
1999-05-31 19:16:22 +00:00
|
|
|
|
1999-05-31 17:12:38 +00:00
|
|
|
head = P_CF->passwords;
|
1999-08-20 09:59:39 +00:00
|
|
|
while (head) {
|
1999-10-02 10:44:48 +00:00
|
|
|
DBG( "time, " );
|
1999-08-20 09:59:39 +00:00
|
|
|
if ((head->from > now) || (head->to < now))
|
1999-10-02 10:44:48 +00:00
|
|
|
goto skip;
|
1999-12-01 12:52:57 +00:00
|
|
|
if (block->seq) {
|
|
|
|
struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
|
|
|
|
if (!neigh) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_AUTH "Non-neighbour MD5 checksummed packet?" );
|
1999-12-01 12:52:57 +00:00
|
|
|
} else {
|
|
|
|
if (neigh->aux > block->seq) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_AUTH "MD5 protected packet with lower numbers" );
|
1999-12-01 12:52:57 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
neigh->aux = block->seq;
|
|
|
|
}
|
|
|
|
}
|
1999-10-02 10:44:48 +00:00
|
|
|
DBG( "check, " );
|
1999-05-31 19:16:22 +00:00
|
|
|
if (head->id == block->keyid) {
|
|
|
|
struct MD5Context ctxt;
|
|
|
|
char md5sum_packet[16];
|
|
|
|
char md5sum_computed[16];
|
|
|
|
|
1999-05-31 19:22:40 +00:00
|
|
|
memcpy(md5sum_packet, tail->md5, 16);
|
1999-05-31 19:16:22 +00:00
|
|
|
password_strncpy(tail->md5, head->password, 16);
|
|
|
|
|
|
|
|
MD5Init(&ctxt);
|
1999-05-31 19:22:40 +00:00
|
|
|
MD5Update(&ctxt, (char *) packet, block->packetlen );
|
1999-05-31 19:16:22 +00:00
|
|
|
MD5Final(md5sum_computed, &ctxt);
|
|
|
|
|
|
|
|
if (memcmp(md5sum_packet, md5sum_computed, 16))
|
|
|
|
return 1;
|
1999-10-02 10:44:48 +00:00
|
|
|
return 0;
|
1999-05-31 19:16:22 +00:00
|
|
|
}
|
1999-10-02 10:44:48 +00:00
|
|
|
skip:
|
1999-05-31 17:12:38 +00:00
|
|
|
head = head->next;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
1999-05-11 09:53:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2000-06-05 17:13:36 +00:00
|
|
|
/*
|
2000-06-05 12:52:57 +00:00
|
|
|
* rip_outgoing_authentication - append authentication information to the packet.
|
|
|
|
* %num: number of rip_blocks already in packets. This function returns size of packet to send.
|
|
|
|
*/
|
1999-11-25 14:54:08 +00:00
|
|
|
int
|
1999-05-31 17:12:38 +00:00
|
|
|
rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
|
1999-05-11 09:53:45 +00:00
|
|
|
{
|
1999-08-18 13:19:33 +00:00
|
|
|
struct password_item *passwd = get_best_password( P_CF->passwords, 0 );
|
1999-11-25 14:54:08 +00:00
|
|
|
|
|
|
|
if (!P_CF->authtype)
|
|
|
|
return PACKETLEN(num);
|
|
|
|
|
1999-05-11 09:53:45 +00:00
|
|
|
DBG( "Outgoing authentication: " );
|
|
|
|
|
1999-08-18 13:19:33 +00:00
|
|
|
if (!passwd) {
|
2000-06-04 19:56:06 +00:00
|
|
|
log( L_ERR "No suitable password found for authentication" );
|
1999-11-25 14:54:08 +00:00
|
|
|
return PACKETLEN(num);
|
1999-08-18 13:19:33 +00:00
|
|
|
}
|
|
|
|
|
1999-05-31 17:12:38 +00:00
|
|
|
block->authtype = P_CF->authtype;
|
1999-08-18 13:19:33 +00:00
|
|
|
block->mustbeFFFF = 0xffff;
|
1999-05-11 09:53:45 +00:00
|
|
|
switch (P_CF->authtype) {
|
|
|
|
case AT_PLAINTEXT:
|
1999-08-18 13:19:33 +00:00
|
|
|
password_strncpy( (char *) (&block->packetlen), passwd->password, 16);
|
1999-11-25 14:54:08 +00:00
|
|
|
return PACKETLEN(num);
|
1999-08-18 13:19:33 +00:00
|
|
|
case AT_MD5:
|
|
|
|
{
|
|
|
|
struct rip_md5_tail *tail;
|
|
|
|
struct MD5Context ctxt;
|
|
|
|
static int sequence = 0;
|
|
|
|
|
|
|
|
if (num > PACKET_MD5_MAX)
|
2000-06-04 19:56:06 +00:00
|
|
|
bug( "We can not add MD5 authentication to this long packet" );
|
1999-08-18 13:19:33 +00:00
|
|
|
|
|
|
|
block->keyid = passwd->id;
|
|
|
|
block->authlen = 20;
|
|
|
|
block->seq = sequence++;
|
|
|
|
block->zero0 = 0;
|
1999-11-25 14:54:08 +00:00
|
|
|
block->zero1 = 0;
|
|
|
|
block->packetlen = PACKETLEN(num) + block->authlen;
|
1999-08-18 13:19:33 +00:00
|
|
|
|
|
|
|
tail = (struct rip_md5_tail *) ((char *) packet + (block->packetlen - sizeof(struct rip_block_auth)));
|
|
|
|
tail->mustbeFFFF = 0xffff;
|
|
|
|
tail->mustbe0001 = 0x0001;
|
|
|
|
password_strncpy( (char *) (&tail->md5), passwd->password, 16 );
|
|
|
|
|
|
|
|
MD5Init(&ctxt);
|
|
|
|
MD5Update(&ctxt, (char *) packet, block->packetlen );
|
|
|
|
MD5Final((char *) (&tail->md5), &ctxt);
|
1999-11-25 15:03:12 +00:00
|
|
|
return PACKETLEN(num) + block->authlen;
|
1999-05-31 17:12:38 +00:00
|
|
|
}
|
1999-11-25 14:54:08 +00:00
|
|
|
default:
|
2000-06-04 19:56:06 +00:00
|
|
|
bug( "Unknown authtype in outgoing authentication?" );
|
1999-05-11 09:53:45 +00:00
|
|
|
}
|
|
|
|
}
|