From ec6870142cd361a16ff11fd655b94a7fd4dbabcb Mon Sep 17 00:00:00 2001 From: venaas Date: Mon, 8 Jan 2007 16:15:38 +0000 Subject: bug fixing git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@33 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'radsecproxy.c') diff --git a/radsecproxy.c b/radsecproxy.c index c5806f8..5abdd16 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -281,8 +281,10 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) { sleep(10); else if (elapsed < 600) sleep(elapsed * 2); - else if (elapsed < 10000) /* no sleep at startup */ + else if (elapsed < 10000) sleep(900); + else + server->lastconnecttry.tv_sec = now.tv_sec; // no sleep at startup printf("tlsconnect: trying to open TLS connection to %s port %s\n", server->peer.host, server->peer.port); if (server->sock >= 0) close(server->sock); @@ -541,14 +543,13 @@ void sendreply(struct client *to, struct server *from, char *buf, struct sockadd pthread_mutex_unlock(&replyq->count_mutex); } -int pwdencrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, - uint8_t *auth) { +int pwdencrypt(uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, uint8_t *auth) { static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; static unsigned char first = 1; static EVP_MD_CTX mdctx; unsigned char hash[EVP_MAX_MD_SIZE], *input; unsigned int md_len; - uint8_t i, offset = 0; + uint8_t i, offset = 0, out[128]; pthread_mutex_lock(&lock); if (first) { @@ -573,18 +574,18 @@ int pwdencrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t if (offset == len) break; } + memcpy(in, out, len); pthread_mutex_unlock(&lock); return 1; } -int pwddecrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, - uint8_t *auth) { +int pwddecrypt(uint8_t *in, uint8_t len, uint8_t *shared, uint8_t sharedlen, uint8_t *auth) { static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; static unsigned char first = 1; static EVP_MD_CTX mdctx; unsigned char hash[EVP_MAX_MD_SIZE], *input; unsigned int md_len; - uint8_t i, offset = 0; + uint8_t i, offset = 0, out[128]; pthread_mutex_lock(&lock); if (first) { @@ -609,6 +610,7 @@ int pwddecrypt(uint8_t *out, uint8_t *in, uint8_t len, uint8_t *shared, uint8_t if (offset == len) break; } + memcpy(in, out, len); pthread_mutex_unlock(&lock); return 1; } @@ -664,11 +666,12 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, text[i] ^= hash[i]; for (offset = 16; offset < len; offset += 16) { +#if 0 printf("text + offset - 16 c(%d): ", offset / 16); for (i = 0; i < 16; i++) printf("%02x ", (text + offset - 16)[i]); printf("\n"); - +#endif if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || !EVP_DigestUpdate(&mdctx, shared, sharedlen) || !EVP_DigestUpdate(&mdctx, text + offset - 16, 16) || @@ -813,7 +816,7 @@ struct server *id2server(char *id, uint8_t len) { } struct server *radsrv(struct request *rq, char *buf, struct client *from) { - uint8_t code, id, *auth, *attr, pwd[128], attrvallen; + uint8_t code, id, *auth, *attr, attrvallen; uint8_t *usernameattr = NULL, *userpwdattr = NULL, *tunnelpwdattr = NULL, *messageauthattr = NULL; int i; uint16_t len; @@ -896,15 +899,15 @@ struct server *radsrv(struct request *rq, char *buf, struct client *from) { return NULL; } - if (!pwddecrypt(pwd, &userpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) { + if (!pwddecrypt(&userpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) { printf("radsrv: cannot decrypt password\n"); return NULL; } printf("radsrv: password: "); for (i = 0; i < attrvallen; i++) - printf("%02x ", pwd[i]); + printf("%02x ", userpwdattr[RAD_Attr_Value + i]); printf("\n"); - if (!pwdencrypt(&userpwdattr[RAD_Attr_Value], pwd, attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) { + if (!pwdencrypt(&userpwdattr[RAD_Attr_Value], attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) { printf("radsrv: cannot encrypt password\n"); return NULL; } @@ -918,15 +921,15 @@ struct server *radsrv(struct request *rq, char *buf, struct client *from) { return NULL; } - if (!pwddecrypt(pwd, &tunnelpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) { + if (!pwddecrypt(&tunnelpwdattr[RAD_Attr_Value], attrvallen, from->peer.secret, strlen(from->peer.secret), auth)) { printf("radsrv: cannot decrypt password\n"); return NULL; } printf("radsrv: password: "); for (i = 0; i < attrvallen; i++) - printf("%02x ", pwd[i]); + printf("%02x ", tunnelpwdattr[RAD_Attr_Value + i]); printf("\n"); - if (!pwdencrypt(&tunnelpwdattr[RAD_Attr_Value], pwd, attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) { + if (!pwdencrypt(&tunnelpwdattr[RAD_Attr_Value], attrvallen, to->peer.secret, strlen(to->peer.secret), newauth)) { printf("radsrv: cannot encrypt password\n"); return NULL; } -- cgit v1.2.3