diff options
| author | venaas <venaas> | 2008-07-08 10:34:16 +0000 |
|---|---|---|
| committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2008-07-08 10:34:16 +0000 |
| commit | 2802bf54abb5afebd660021bde1fa4a8509a0813 (patch) | |
| tree | 25b893fd9c587b32fb018bc5ac9d6226083f4618 /radsecproxy.c | |
| parent | cfd5e19d9abbeed4d9dc9050acfd718ef2fb548f (diff) | |
trying to verify accounting request authenticator, and correctly compute the authenticator when sending accounting requests
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@297 e88ac4ed-0b26-0410-9574-a7f39faa03bf
Diffstat (limited to 'radsecproxy.c')
| -rw-r--r-- | radsecproxy.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index 56b9a54..d84642f 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -2029,6 +2029,14 @@ void radsrv(struct request *rq) { /* below: code == RAD_Access_Request || code == RAD_Accounting_Request */ + if (code == RAD_Accounting_Request) { + memset(newauth, 0, 16); + if (!validauth(rq->buf, newauth, (unsigned char *)rq->from->conf->secret)) { + debug(DBG_WARN, "radsrv: Accounting-Request message authentication failed"); + goto exit; + } + } + if (rq->from->conf->rewrite) { dorewrite(rq->buf, rq->from->conf->rewrite); len = RADLEN(rq->buf) - 20; @@ -2083,10 +2091,12 @@ void radsrv(struct request *rq) { radmsgtype2string(code), rq->from->conf->host, id); goto exit; } - - if (!RAND_bytes(newauth, 16)) { - debug(DBG_WARN, "radsrv: failed to generate random auth"); - goto exit; + + if (code != RAD_Accounting_Request) { + if (!RAND_bytes(newauth, 16)) { + debug(DBG_WARN, "radsrv: failed to generate random auth"); + goto exit; + } } #ifdef DEBUG @@ -2109,7 +2119,13 @@ void radsrv(struct request *rq) { rq->origid = id; memcpy(rq->origauth, auth, 16); - memcpy(auth, newauth, 16); + if (code == RAD_Accounting_Request) { + if (!radsign(rq->buf, (unsigned char *)to->conf->secret)) { + debug(DBG_WARN, "radsrv: failed to sign Accounting-Request message"); + goto exit; + } + } else + memcpy(auth, newauth, 16); sendrq(to, rq); return; |