3085 |
rexy |
1 |
--- src/redir.c 2022-10-12 15:35:35.352336574 +0200
|
|
|
2 |
+++ src/redir.c 2022-10-11 14:01:22.000000000 +0200
|
|
|
3 |
@@ -28,6 +28,8 @@
|
|
|
4 |
#endif
|
|
|
5 |
#include "json/json.h"
|
|
|
6 |
|
|
|
7 |
+
|
|
|
8 |
+
|
|
|
9 |
static int optionsdebug = 0; /* TODO: Should be changed to instance */
|
|
|
10 |
|
|
|
11 |
static int termstate = REDIR_TERM_INIT; /* When we were terminated */
|
|
|
12 |
@@ -2709,6 +2711,7 @@
|
|
|
13 |
struct redir_conn_t *conn, char reauth) {
|
|
|
14 |
uint8_t user_password[RADIUS_PWSIZE + 1];
|
|
|
15 |
uint8_t chap_password[REDIR_MD5LEN + 2];
|
|
|
16 |
+ uint8_t pap_challenge[REDIR_SHA256LEN];
|
|
|
17 |
uint8_t chap_challenge[REDIR_MD5LEN];
|
|
|
18 |
struct radius_packet_t radius_pack;
|
|
|
19 |
struct radius_t *radius; /* Radius client instance */
|
|
|
20 |
@@ -2718,7 +2721,7 @@
|
|
|
21 |
fd_set fds; /* For select() */
|
|
|
22 |
int status;
|
|
|
23 |
|
|
|
24 |
- MD5_CTX context;
|
|
|
25 |
+ SHA256_CONTEXT context;
|
|
|
26 |
|
|
|
27 |
char url[REDIR_URL_LEN];
|
|
|
28 |
int n, m;
|
|
|
29 |
@@ -2761,10 +2764,10 @@
|
|
|
30 |
if (redir->secret && *redir->secret) {
|
|
|
31 |
//syslog(LOG_DEBUG, "SECRET: [%s]",redir->secret);
|
|
|
32 |
/* Get MD5 hash on challenge and uamsecret */
|
|
|
33 |
- MD5Init(&context);
|
|
|
34 |
- MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
35 |
- MD5Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
|
|
|
36 |
- MD5Final(chap_challenge, &context);
|
|
|
37 |
+ SHA256Init(&context);
|
|
|
38 |
+ SHA256Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
39 |
+ SHA256Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
|
|
|
40 |
+ SHA256Final(&context, pap_challenge);
|
|
|
41 |
}
|
|
|
42 |
else {
|
|
|
43 |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
44 |
@@ -2780,9 +2783,9 @@
|
|
|
45 |
sizeof(user_password));
|
|
|
46 |
} else {
|
|
|
47 |
for (m=0; m < RADIUS_PWSIZE;) {
|
|
|
48 |
- for (n=0; n < REDIR_MD5LEN; m++, n++) {
|
|
|
49 |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) {
|
|
|
50 |
user_password[m] =
|
|
|
51 |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
|
|
|
52 |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
|
|
|
53 |
}
|
|
|
54 |
}
|
|
|
55 |
}
|
|
|
56 |
@@ -2963,6 +2966,7 @@
|
|
|
57 |
|
|
|
58 |
int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) {
|
|
|
59 |
uint8_t user_password[RADIUS_PWSIZE+1];
|
|
|
60 |
+ uint8_t pap_challenge[REDIR_SHA256LEN];
|
|
|
61 |
uint8_t chap_challenge[REDIR_MD5LEN];
|
|
|
62 |
char u[256]; char p[256];
|
|
|
63 |
size_t usernamelen, sz=1024;
|
|
|
64 |
@@ -2970,6 +2974,7 @@
|
|
|
65 |
int match=0;
|
|
|
66 |
char *line=0;
|
|
|
67 |
MD5_CTX context;
|
|
|
68 |
+ SHA256_CONTEXT SHA256context;
|
|
|
69 |
FILE *f;
|
|
|
70 |
|
|
|
71 |
if (!_options.localusers) return 0;
|
|
|
72 |
@@ -2990,10 +2995,10 @@
|
|
|
73 |
}/**/
|
|
|
74 |
|
|
|
75 |
if (redir->secret && *redir->secret) {
|
|
|
76 |
- MD5Init(&context);
|
|
|
77 |
- MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
78 |
- MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret));
|
|
|
79 |
- MD5Final(chap_challenge, &context);
|
|
|
80 |
+ SHA256Init(&SHA256context);
|
|
|
81 |
+ SHA256Update(&SHA256context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
82 |
+ SHA256Update(&SHA256context, (uint8_t*)redir->secret, strlen(redir->secret));
|
|
|
83 |
+ SHA256Final(&SHA256context, pap_challenge);
|
|
|
84 |
}
|
|
|
85 |
else {
|
|
|
86 |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
|
|
|
87 |
@@ -3015,9 +3020,9 @@
|
|
|
88 |
} else {
|
|
|
89 |
int n, m;
|
|
|
90 |
for (m=0; m < RADIUS_PWSIZE;)
|
|
|
91 |
- for (n=0; n < REDIR_MD5LEN; m++, n++)
|
|
|
92 |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++)
|
|
|
93 |
user_password[m] =
|
|
|
94 |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
|
|
|
95 |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
|
|
|
96 |
}
|
|
|
97 |
break;
|
|
|
98 |
case REDIR_AUTH_CHAP:
|