diff options
author | venaas <venaas> | 2008-07-08 11:40:56 +0000 |
---|---|---|
committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2008-07-08 11:40:56 +0000 |
commit | 9387c0f24a1a43275dea02c78b3c8dafbafcbe17 (patch) | |
tree | 5209ad873e2575627dcce9b31d3fd79a57982943 | |
parent | b14961abf5cff359049da398dd3c827427afd060 (diff) |
trying to verify accounting request authenticator, and correctly compute the authenticator when sending accounting requests
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/branches/release-1.1@298 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r-- | radsecproxy.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index 3eb601e..4400065 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1861,6 +1861,14 @@ void radsrv(struct request *rq) { /* below: code == RAD_Access_Request || code == RAD_Accounting_Request */ + if (code == RAD_Accounting_Request) { + memset(newauth, 0, 16); + if (!validauth(rq->buf, newauth, (unsigned char *)rq->from->conf->secret)) { + debug(DBG_WARN, "radsrv: Accounting-Request message authentication failed"); + goto exit; + } + } + if (rq->from->conf->rewrite) { dorewrite(rq->buf, rq->from->conf->rewrite); len = RADLEN(rq->buf) - 20; @@ -1918,9 +1926,11 @@ void radsrv(struct request *rq) { goto exit; } - if (!RAND_bytes(newauth, 16)) { - debug(DBG_WARN, "radsrv: failed to generate random auth"); - goto exit; + if (code != RAD_Accounting_Request) { + if (!RAND_bytes(newauth, 16)) { + debug(DBG_WARN, "radsrv: failed to generate random auth"); + goto exit; + } } #ifdef DEBUG @@ -1943,7 +1953,13 @@ void radsrv(struct request *rq) { rq->origid = id; memcpy(rq->origauth, auth, 16); - memcpy(auth, newauth, 16); + if (code == RAD_Accounting_Request) { + if (!radsign(rq->buf, (unsigned char *)to->conf->secret)) { + debug(DBG_WARN, "radsrv: failed to sign Accounting-Request message"); + goto exit; + } + } else + memcpy(auth, newauth, 16); sendrq(to, rq); return; |