summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2007-01-08 16:15:38 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2007-01-08 16:15:38 +0000
commitec6870142cd361a16ff11fd655b94a7fd4dbabcb (patch)
tree68d9f7fc4054b22d8f54e25364b82ce7e65fa336
parentdc2f39cfed932c5c1021d29d68dbe6dc7cb59c8a (diff)
bug fixing
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@33 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--radsecproxy.c33
1 files changed, 18 insertions, 15 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index c5806f8..5abdd16 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -281,8 +281,10 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) {
sleep(10);
else if (elapsed < 600)
sleep(elapsed * 2);
- else if (elapsed < 10000) /* no sleep at startup */
+ else if (elapsed < 10000)
sleep(900);
+ else
+ server->lastconnecttry.tv_sec = now.tv_sec; // no sleep at startup
printf("tlsconnect: trying to open TLS connection to %s port %s\n", server->peer.host, server->peer.port);
if (server->sock >= 0)
close(server->sock);
@@ -541,14 +543,13 @@ void sendreply(struct client *to, struct server *from, char *buf, struct sockadd
pthread_mutex_unlock(&replyq->count_mutex);
}
-int pwdencrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen,
- uint8_t *auth) {
+int pwdencrypt(uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, uint8_t *auth) {
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
static unsigned char first = 1;
static EVP_MD_CTX mdctx;
unsigned char hash[EVP_MAX_MD_SIZE], *input;
unsigned int md_len;
- uint8_t i, offset = 0;
+ uint8_t i, offset = 0, out[128];
pthread_mutex_lock(&lock);
if (first) {
@@ -573,18 +574,18 @@ int pwdencrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t
if (offset == len)
break;
}
+ memcpy(in, out, len);
pthread_mutex_unlock(&lock);
return 1;
}
-int pwddecrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen,
- uint8_t *auth) {
+int pwddecrypt(uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, uint8_t *auth) {
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
static unsigned char first = 1;
static EVP_MD_CTX mdctx;
unsigned char hash[EVP_MAX_MD_SIZE], *input;
unsigned int md_len;
- uint8_t i, offset = 0;
+ uint8_t i, offset = 0, out[128];
pthread_mutex_lock(&lock);
if (first) {
@@ -609,6 +610,7 @@ int pwddecrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t
if (offset == len)
break;
}
+ memcpy(in, out, len);
pthread_mutex_unlock(&lock);
return 1;
}
@@ -664,11 +666,12 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen,
text[i] ^= hash[i];
for (offset = 16; offset < len; offset += 16) {
+#if 0
printf("text + offset - 16 c(%d): ", offset / 16);
for (i = 0; i < 16; i++)
printf("%02x ", (text + offset - 16)[i]);
printf("\n");
-
+#endif
if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) ||
!EVP_DigestUpdate(&mdctx, shared, sharedlen) ||
!EVP_DigestUpdate(&mdctx, text + offset - 16, 16) ||
@@ -813,7 +816,7 @@ struct server *id2server(char *id, uint8_t len) {
}
struct server *radsrv(struct request *rq, char *buf, struct client *from) {
- uint8_t code, id, *auth, *attr, pwd[128], attrvallen;
+ uint8_t code, id, *auth, *attr, attrvallen;
uint8_t *usernameattr = NULL, *userpwdattr = NULL, *tunnelpwdattr = NULL, *messageauthattr = NULL;
int i;
uint16_t len;
@@ -896,15 +899,15 @@ struct server *radsrv(struct request *rq, char *buf, struct client *from) {
return NULL;
}
- if (!pwddecrypt(pwd, &userpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) {
+ if (!pwddecrypt(&userpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) {
printf("radsrv: cannot decrypt password\n");
return NULL;
}
printf("radsrv: password: ");
for (i = 0; i < attrvallen; i++)
- printf("%02x ", pwd[i]);
+ printf("%02x ", userpwdattr[RAD_Attr_Value + i]);
printf("\n");
- if (!pwdencrypt(&userpwdattr[RAD_Attr_Value], pwd, attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) {
+ if (!pwdencrypt(&userpwdattr[RAD_Attr_Value], attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) {
printf("radsrv: cannot encrypt password\n");
return NULL;
}
@@ -918,15 +921,15 @@ struct server *radsrv(struct request *rq, char *buf, struct client *from) {
return NULL;
}
- if (!pwddecrypt(pwd, &tunnelpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) {
+ if (!pwddecrypt(&tunnelpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) {
printf("radsrv: cannot decrypt password\n");
return NULL;
}
printf("radsrv: password: ");
for (i = 0; i < attrvallen; i++)
- printf("%02x ", pwd[i]);
+ printf("%02x ", tunnelpwdattr[RAD_Attr_Value + i]);
printf("\n");
- if (!pwdencrypt(&tunnelpwdattr[RAD_Attr_Value], pwd, attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) {
+ if (!pwdencrypt(&tunnelpwdattr[RAD_Attr_Value], attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) {
printf("radsrv: cannot encrypt password\n");
return NULL;
}