diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2004-09-11 03:19:09 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2004-09-11 03:19:09 +0000 |
| commit | d6a6d92a4b945604f1d6318e6ee5d5293939f0bc (patch) | |
| tree | 9894f13c584e42195c5722f3a407187af10ac3d6 /libexec/login_radius | |
| parent | 7b2714ca716596699d08e87df55dc5697825b7a7 (diff) | |
Verify packets from the server were md5'd with the same shared
secret we used in the request. OK deraadt@
Diffstat (limited to 'libexec/login_radius')
| -rw-r--r-- | libexec/login_radius/raddauth.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/libexec/login_radius/raddauth.c b/libexec/login_radius/raddauth.c index 44278b946f4..a539804cbda 100644 --- a/libexec/login_radius/raddauth.c +++ b/libexec/login_radius/raddauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raddauth.c,v 1.16 2004/03/10 21:30:27 millert Exp $ */ +/* $OpenBSD: raddauth.c,v 1.17 2004/09/11 03:19:08 millert Exp $ */ /*- * Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved. @@ -131,7 +131,7 @@ typedef struct { void servtimeout(int); in_addr_t get_ipaddr(char *); in_addr_t gethost(void); -int rad_recv(char *, char *); +int rad_recv(char *, char *, u_char *); void parse_challenge(auth_hdr_t *, char *, char *); void rad_request(pid_t, char *, char *, int, char *, char *); void getsecret(void); @@ -278,7 +278,7 @@ retry: rad_request(req_id, userstyle, passwd, auth_port, vector, pwstate); - switch (i = rad_recv(_pwstate, challenge)) { + switch (i = rad_recv(_pwstate, challenge, vector)) { case PW_AUTHENTICATION_ACK: /* * Make sure we don't think a challenge was issued. @@ -437,11 +437,13 @@ rad_request(pid_t id, char *name, char *password, int port, char *vector, * Receive UDP responses from the radius server */ int -rad_recv(char *state, char *challenge) +rad_recv(char *state, char *challenge, u_char *req_vector) { auth_hdr_t auth; socklen_t salen; struct sockaddr_in sin; + u_char recv_vector[AUTH_VECTOR_LEN], test_vector[AUTH_VECTOR_LEN]; + MD5_CTX context; salen = sizeof(sin); @@ -457,6 +459,16 @@ rad_recv(char *state, char *challenge) if (sin.sin_addr.s_addr != auth_server) errx(1, "bogus authentication server"); + /* verify server's shared secret */ + memcpy(recv_vector, auth.vector, AUTH_VECTOR_LEN); + memcpy(auth.vector, req_vector, AUTH_VECTOR_LEN); + MD5Init(&context); + MD5Update(&context, (u_char *)&auth, ntohs(auth.length)); + MD5Update(&context, auth_secret, strlen(auth_secret)); + MD5Final(test_vector, &context); + if (memcmp(recv_vector, test_vector, AUTH_VECTOR_LEN) != 0) + errx(1, "shared secret incorrect"); + if (auth.code == PW_ACCESS_CHALLENGE) parse_challenge(&auth, state, challenge); |