Blame | Last modification | View Log
--- src/redir.c 2022-10-12 15:35:35.352336574 +0200
+++ src/redir.c 2022-10-11 14:01:22.000000000 +0200
@@ -28,6 +28,8 @@
#endif
#include "json/json.h"
+
+
static int optionsdebug = 0; /* TODO: Should be changed to instance */
static int termstate = REDIR_TERM_INIT; /* When we were terminated */
@@ -2709,6 +2711,7 @@
struct redir_conn_t *conn, char reauth) {
uint8_t user_password[RADIUS_PWSIZE + 1];
uint8_t chap_password[REDIR_MD5LEN + 2];
+ uint8_t pap_challenge[REDIR_SHA256LEN];
uint8_t chap_challenge[REDIR_MD5LEN];
struct radius_packet_t radius_pack;
struct radius_t *radius; /* Radius client instance */
@@ -2718,7 +2721,7 @@
fd_set fds; /* For select() */
int status;
- MD5_CTX context;
+ SHA256_CONTEXT context;
char url[REDIR_URL_LEN];
int n, m;
@@ -2761,10 +2764,10 @@
if (redir->secret && *redir->secret) {
//syslog(LOG_DEBUG, "SECRET: [%s]",redir->secret);
/* Get MD5 hash on challenge and uamsecret */
- MD5Init(&context);
- MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
- MD5Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
- MD5Final(chap_challenge, &context);
+ SHA256Init(&context);
+ SHA256Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
+ SHA256Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
+ SHA256Final(&context, pap_challenge);
}
else {
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
@@ -2780,9 +2783,9 @@
sizeof(user_password));
} else {
for (m=0; m < RADIUS_PWSIZE;) {
- for (n=0; n < REDIR_MD5LEN; m++, n++) {
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) {
user_password[m] =
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
}
}
}
@@ -2963,6 +2966,7 @@
int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) {
uint8_t user_password[RADIUS_PWSIZE+1];
+ uint8_t pap_challenge[REDIR_SHA256LEN];
uint8_t chap_challenge[REDIR_MD5LEN];
char u[256]; char p[256];
size_t usernamelen, sz=1024;
@@ -2970,6 +2974,7 @@
int match=0;
char *line=0;
MD5_CTX context;
+ SHA256_CONTEXT SHA256context;
FILE *f;
if (!_options.localusers) return 0;
@@ -2990,10 +2995,10 @@
}/**/
if (redir->secret && *redir->secret) {
- MD5Init(&context);
- MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
- MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret));
- MD5Final(chap_challenge, &context);
+ SHA256Init(&SHA256context);
+ SHA256Update(&SHA256context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
+ SHA256Update(&SHA256context, (uint8_t*)redir->secret, strlen(redir->secret));
+ SHA256Final(&SHA256context, pap_challenge);
}
else {
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
@@ -3015,9 +3020,9 @@
} else {
int n, m;
for (m=0; m < RADIUS_PWSIZE;)
- for (n=0; n < REDIR_MD5LEN; m++, n++)
+ for (n=0; n < REDIR_SHA256LEN; m++, n++)
user_password[m] =
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
}
break;
case REDIR_AUTH_CHAP: