MD5 authentication in OSPF works. :-)

2024-11-08 12:18:42 +00:00 · 2004-07-13 14:46:14 +00:00 · 2004-07-13 14:46:14 +00:00 · bc956fcab6
commit bc956fcab6
parent 32d3228d86
2 changed files with 10 additions and 10 deletions
--- a/nest/config.Y
+++ b/nest/config.Y
@ -2,6 +2,7 @@
 *	BIRD -- Core Configuration
 *
 *	(c) 1998--2000 Martin Mares <mj@ucw.cz>
 *      (c) 2004       Ondrej Filip <feela@network.cz>
 *
 *	Can be freely distributed and used under the terms of the GNU GPL.
 */
@ -208,7 +209,7 @@ password_item:
 password_item_begin:
   PASSWORD TEXT {
-     static int id = 0;
+     static int id = 1;
     this_p_item = cfg_alloc(sizeof (struct password_item));
     this_p_item->password = $2;
     this_p_item->genfrom = 0;
@ -226,7 +227,7 @@ password_item_params:
 | GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
 | ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
 | ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
- | ID expr ';' password_item_params { this_p_item->id = $2; }
+ | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
 ;
 password_list:
@ -254,7 +255,7 @@ password_begin:
     this_p_item->gento = TIME_INFINITY;
     this_p_item->accfrom = 0;
     this_p_item->accto = TIME_INFINITY;
-     this_p_item->id = 0;
+     this_p_item->id = 1;
     add_tail(this_p_list, &this_p_item->n);
     $$ = this_p_list;
  }
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
      password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
      MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
      MD5Final(tail, &ctxt);
      break;
    default:
      bug("Unknown authentication type");
@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
      WALK_LIST(ptmp, *(ifa->passwords))
      {
-        if (pkt->u.md5.keyid != pass->id) continue;
+        if (pkt->u.md5.keyid != ptmp->id) continue;
-        if ((pass->genfrom > now) || (pass->gento < now)) continue;
+        if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue;
        pass = ptmp;
        break;
      }
@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
      if(n)
      {
-        if(ntohs(pkt->u.md5.csn) <= n->csn)
+        if(ntohs(pkt->u.md5.csn) < n->csn)
        {
          OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
          return 0;
        }
        n->csn = ntohs(pkt->u.md5.csn);
      }
@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
      password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
      MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
      MD5Final(md5sum, &ctxt);
-      if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
+      if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
      {
        OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
        return 0;
@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size)
    return 1;
  }
-  if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
+  if ((ps->autype != htons(OSPF_AUTH_CRYPT)) &&
      (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
 		    ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
  {
    log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);