0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

Obvious bugs in authentication fixed.

This commit is contained in:
Pavel Machek 1999-10-02 10:44:48 +00:00
parent 7db7b7db60
commit ac40c888c2
5 changed files with 25 additions and 11 deletions

View File

@ -49,8 +49,8 @@ int i;
callme ( 7, 2, ); callme ( 7, 2, );
print "done"; print "done";
quitbird; # quitbird;
print "*** FAIL: this is unreachable"; # print "*** FAIL: this is unreachable";
} }
filter testf filter testf
@ -67,12 +67,13 @@ protocol rip MyRIP_test {
port 1520; port 1520;
period 5; period 5;
garbagetime 30; garbagetime 30;
interface "*"; interface "*" { mode broadcast; };
export filter testf; export filter testf;
honour neighbour; honour neighbour;
passwords { password "ahoj" from 0 to 10; passwords { password "ahoj" from 0 to 10;
password "nazdar" from 10 to 20; password "nazdar" from 10;
} }
authentication md5;
} }
protocol device { protocol device {

View File

@ -159,7 +159,7 @@ password_begin:
last_password_item = cfg_alloc(sizeof (struct password_item)); last_password_item = cfg_alloc(sizeof (struct password_item));
last_password_item->password = $2; last_password_item->password = $2;
last_password_item->from = 0; last_password_item->from = 0;
last_password_item->to = ~0; last_password_item->to = 2000000000;
last_password_item->id = 0; last_password_item->id = 0;
last_password_item->next = NULL; last_password_item->next = NULL;
$$=last_password_item; $$=last_password_item;
@ -177,8 +177,8 @@ password_items:
password_list: password_list:
/* empty */ { $$ = NULL; } /* empty */ { $$ = NULL; }
| password_begin password_items ';' password_list { | password_begin password_items ';' password_list {
last_password_item->next = $4; $1->next = $4;
$$ = last_password_item; $$ = $1;
} }
; ;

View File

@ -35,6 +35,7 @@ get_best_password(struct password_item *head, int flags)
good = cur; good = cur;
best = head; best = head;
} }
head=head->next;
} }
return best; return best;
} }

View File

@ -61,8 +61,10 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
head = P_CF->passwords; head = P_CF->passwords;
while (head) { while (head) {
/* FIXME: should check serial numbers, somehow */ /* FIXME: should check serial numbers, somehow */
DBG( "time, " );
if ((head->from > now) || (head->to < now)) if ((head->from > now) || (head->to < now))
continue; goto skip;
DBG( "check, " );
if (head->id == block->keyid) { if (head->id == block->keyid) {
struct MD5Context ctxt; struct MD5Context ctxt;
char md5sum_packet[16]; char md5sum_packet[16];
@ -77,7 +79,9 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
if (memcmp(md5sum_packet, md5sum_computed, 16)) if (memcmp(md5sum_packet, md5sum_computed, 16))
return 1; return 1;
return 0;
} }
skip:
head = head->next; head = head->next;
} }
return 1; return 1;

View File

@ -60,6 +60,7 @@ rip_tx( sock *s )
struct rip_packet *packet = (void *) s->tbuf; struct rip_packet *packet = (void *) s->tbuf;
int i; int i;
DBG( "Sending to %I\n", s->daddr );
do { do {
if (c->done) { if (c->done) {
@ -285,7 +286,11 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (!neigh_find( p, &whotoldme, 0 )) { if (!neigh_find( p, &whotoldme, 0 )) {
log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme ); log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme );
#if 0
return 0; return 0;
#else
log( L_ERR "...ignoring" );
#endif
} }
for (i=0; i<num; i++) { for (i=0; i<num; i++) {
@ -294,7 +299,8 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (!i) { if (!i) {
if (rip_incoming_authentication(p, (void *) block, packet, num)) if (rip_incoming_authentication(p, (void *) block, packet, num))
BAD( "Authentication failed" ); BAD( "Authentication failed" );
} else BAD( "Authentication is not the first!" ); }
/* FIXME: Need to reject packets which have no authentication */
ipa_ntoh( block->network ); ipa_ntoh( block->network );
ipa_ntoh( block->netmask ); ipa_ntoh( block->netmask );
ipa_ntoh( block->nexthop ); ipa_ntoh( block->nexthop );
@ -500,8 +506,10 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
if (flags & IF_BROADCAST) if (flags & IF_BROADCAST)
rif->sock->daddr = new->addr->brd; rif->sock->daddr = new->addr->brd;
if (flags & IF_UNNUMBERED) /* Hmm, rip is not defined over unnumbered links */ if (flags & IF_UNNUMBERED) {
rif->sock->daddr = new->addr->opposite; rif->sock->daddr = new->addr->opposite;
log( L_WARN "RIP/%s: rip is not defined over unnumbered links\n", P_NAME );
}
if (want_multicast) { if (want_multicast) {
rif->sock->daddr = ipa_from_u32(0xe0000009); rif->sock->daddr = ipa_from_u32(0xe0000009);
rif->sock->saddr = ipa_from_u32(0xe0000009); rif->sock->saddr = ipa_from_u32(0xe0000009);
@ -516,7 +524,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
/* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */ /* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */
} }
log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast" ); log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s (%I)", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast", rif->sock->daddr );
return rif; return rif;
} }