summaryrefslogtreecommitdiff
path: root/radsecproxy.c
diff options
context:
space:
mode:
authorvenaas <venaas>2007-05-21 16:35:11 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2007-05-21 16:35:11 +0000
commitdf0d41a4c20fbc77f7568585b7e62861cbeb0cc3 (patch)
tree78cfed127547e0a8f4c3f8acf1b2e90be7256ff4 /radsecproxy.c
parentb5216b2d4a840645cd2f6dcc64406b6378a07cda (diff)
cleaned up msmppe code
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@93 e88ac4ed-0b26-0410-9574-a7f39faa03bf
Diffstat (limited to 'radsecproxy.c')
-rw-r--r--radsecproxy.c49
1 files changed, 29 insertions, 20 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index deeb831..7b512d7 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1094,6 +1094,18 @@ int msmpprecrypt(uint8_t *msmpp, uint8_t len, char *oldsecret, char *newsecret,
return 1;
}
+int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct request *rq,
+ char *oldsecret, char *newsecret) {
+ unsigned char *attr;
+
+ for (attr = attrs; (attr = attrget(attr, length - (attr - attrs), type)); attr += ATTRLEN(attr)) {
+ debug(DBG_DBG, "msmppe: Got %s", attrtxt);
+ if (!msmpprecrypt(ATTRVAL(attr), ATTRVALLEN(attr), oldsecret, newsecret, rq->buf + 4, rq->origauth))
+ return 0;
+ }
+ return 1;
+}
+
struct server *radsrv(struct request *rq, unsigned char *buf, struct client *from) {
uint8_t code, id, *auth, *attrs, *attr;
uint16_t len;
@@ -1187,7 +1199,7 @@ void *clientrd(void *arg) {
struct server *server = (struct server *)arg;
struct client *from;
int i, len, sublen;
- unsigned char *buf, *messageauth, *subattrs, *attrs, *attr, *msmpp;
+ unsigned char *buf, *messageauth, *subattrs, *attrs, *attr;
struct sockaddr_storage fromsa;
struct timeval lastconnecttry;
char tmp[256];
@@ -1266,29 +1278,26 @@ void *clientrd(void *arg) {
/* MS MPPE */
for (attr = attrs; (attr = attrget(attr, len - (attr - attrs), RAD_Attr_Vendor_Specific)); attr += ATTRLEN(attr)) {
- if (ATTRVALLEN(attr) <= 4 || ((uint16_t *)attr)[1] != 0 || ntohs(((uint16_t *)attr)[2]) != 311) /* 311 == MS */
+ if (ATTRVALLEN(attr) <= 4)
+ break;
+
+ if (((uint16_t *)attr)[1] != 0 || ntohs(((uint16_t *)attr)[2]) != 311) /* 311 == MS */
continue;
+
sublen = ATTRVALLEN(attr) - 4;
subattrs = ATTRVAL(attr) + 4;
- if (!attrvalidate(subattrs, sublen)) {
- debug(DBG_WARN, "clientrd: MS attribute validation failed, ignoring packet");
- continue;
- }
-
- for (msmpp = subattrs; (msmpp = attrget(msmpp, sublen - (msmpp - subattrs), RAD_VS_ATTR_MS_MPPE_Send_Key)); msmpp += ATTRLEN(msmpp)) {
- debug(DBG_DBG, "clientrd: Got MS MPPE Send Key");
- if (!msmpprecrypt(ATTRVAL(msmpp), ATTRVALLEN(msmpp), server->peer.secret, from->peer.secret,
- server->requests[i].buf + 4, server->requests[i].origauth))
- continue; /* should jump out completely, put this into a function */
- }
- for (msmpp = subattrs; (msmpp = attrget(msmpp, sublen - (msmpp - subattrs), RAD_VS_ATTR_MS_MPPE_Recv_Key)); msmpp += ATTRLEN(msmpp)) {
- debug(DBG_DBG, "clientrd: Got MS MPPE Recv Key");
- if (!msmpprecrypt(ATTRVAL(msmpp), ATTRVALLEN(msmpp), server->peer.secret, from->peer.secret,
- server->requests[i].buf + 4, server->requests[i].origauth))
- continue; /* should jump out completely, put this into a function */
- }
+ if (!attrvalidate(subattrs, sublen) ||
+ !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Send_Key, "MS MPPE Send Key",
+ server->requests + i, server->peer.secret, from->peer.secret) ||
+ !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Recv_Key, "MS MPPE Recv Key",
+ server->requests + i, server->peer.secret, from->peer.secret))
+ break;
}
-
+ if (attr) {
+ debug(DBG_WARN, "clientrd: MS attribute handling failed, ignoring packet");
+ continue;
+ }
+
if (*buf == RAD_Access_Accept || *buf == RAD_Access_Reject) {
attr = attrget(server->requests[i].buf + 20, RADLEN(server->requests[i].buf) - 20, RAD_Attr_User_Name);
/* we know the attribute exists */