From 2802bf54abb5afebd660021bde1fa4a8509a0813 Mon Sep 17 00:00:00 2001 From: venaas Date: Tue, 8 Jul 2008 10:34:16 +0000 Subject: trying to verify accounting request authenticator, and correctly compute the authenticator when sending accounting requests git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@297 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'radsecproxy.c') diff --git a/radsecproxy.c b/radsecproxy.c index 56b9a54..d84642f 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -2029,6 +2029,14 @@ void radsrv(struct request *rq) { /* below: code == RAD_Access_Request || code == RAD_Accounting_Request */ + if (code == RAD_Accounting_Request) { + memset(newauth, 0, 16); + if (!validauth(rq->buf, newauth, (unsigned char *)rq->from->conf->secret)) { + debug(DBG_WARN, "radsrv: Accounting-Request message authentication failed"); + goto exit; + } + } + if (rq->from->conf->rewrite) { dorewrite(rq->buf, rq->from->conf->rewrite); len = RADLEN(rq->buf) - 20; @@ -2083,10 +2091,12 @@ void radsrv(struct request *rq) { radmsgtype2string(code), rq->from->conf->host, id); goto exit; } - - if (!RAND_bytes(newauth, 16)) { - debug(DBG_WARN, "radsrv: failed to generate random auth"); - goto exit; + + if (code != RAD_Accounting_Request) { + if (!RAND_bytes(newauth, 16)) { + debug(DBG_WARN, "radsrv: failed to generate random auth"); + goto exit; + } } #ifdef DEBUG @@ -2109,7 +2119,13 @@ void radsrv(struct request *rq) { rq->origid = id; memcpy(rq->origauth, auth, 16); - memcpy(auth, newauth, 16); + if (code == RAD_Accounting_Request) { + if (!radsign(rq->buf, (unsigned char *)to->conf->secret)) { + debug(DBG_WARN, "radsrv: failed to sign Accounting-Request message"); + goto exit; + } + } else + memcpy(auth, newauth, 16); sendrq(to, rq); return; -- cgit v1.2.3