Obvious bugs in authentication fixed.

diff --git a/bird.conf b/bird.conf
index bc31efc03b59c3e7756eb722f821e3325770120d..75a2408cced622d391a72c8e8e0e8452adbb95e0 100644 (file)
--- a/bird.conf
+++ b/bird.conf
@@ -49,8 +49,8 @@ int i;
        callme ( 7, 2, );
 
        print "done";
-       quitbird;
-       print "*** FAIL: this is unreachable"; 
+#      quitbird;
+#      print "*** FAIL: this is unreachable"; 
 }
 
 filter testf 
@@ -67,12 +67,13 @@ protocol rip MyRIP_test {
        port 1520;
        period 5;
        garbagetime 30;
-       interface "*";
+       interface "*" { mode broadcast; };
        export filter testf;
        honour neighbour;
        passwords { password "ahoj" from 0 to 10;
-               password "nazdar" from 10 to 20;
+               password "nazdar" from 10;
        }
+       authentication md5;
 }
 
 protocol device {

diff --git a/nest/config.Y b/nest/config.Y
index dfef4e273794a48c1fe72c05a95beaf56743a0dc..91cdad118066c04c8cc51dc340620d25a56d68c4 100644 (file)
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -159,7 +159,7 @@ password_begin:
      last_password_item = cfg_alloc(sizeof (struct password_item));
      last_password_item->password = $2;
      last_password_item->from = 0;
-     last_password_item->to = ~0;
+     last_password_item->to = 2000000000;
      last_password_item->id = 0;
      last_password_item->next = NULL;
      $$=last_password_item;
@@ -177,8 +177,8 @@ password_items:
 password_list: 
    /* empty */ { $$ = NULL; } 
  | password_begin password_items ';' password_list {
-     last_password_item->next = $4;
-     $$ = last_password_item;
+     $1->next = $4;
+     $$ = $1;
    }
  ;
 

diff --git a/nest/password.c b/nest/password.c
index f0f433abe8df25c24aea612be4529f33eec975c1..6a02028732e1987caf3378e962e50880da2c18ca 100644 (file)
--- a/nest/password.c
+++ b/nest/password.c
@@ -35,6 +35,7 @@ get_best_password(struct password_item *head, int flags)
       good = cur;
       best = head;
     }
+    head=head->next;
   }
   return best;
 }

diff --git a/proto/rip/auth.c b/proto/rip/auth.c
index 9dd26dab106ae7752f48bd31a0d699e1d8aede3f..7d09f2736279883f49ecac3cbd92286b111a156e 100644 (file)
--- a/proto/rip/auth.c
+++ b/proto/rip/auth.c
@@ -61,8 +61,10 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
       head = P_CF->passwords;
       while (head) {
        /* FIXME: should check serial numbers, somehow */
+       DBG( "time, " );
        if ((head->from > now) || (head->to < now))
-         continue;
+         goto skip;
+       DBG( "check, " );
        if (head->id == block->keyid) {
          struct MD5Context ctxt;
          char md5sum_packet[16];
@@ -77,7 +79,9 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
 
          if (memcmp(md5sum_packet, md5sum_computed, 16))
            return 1;
+         return 0;
        }
+      skip:
        head = head->next;
       }
       return 1;

diff --git a/proto/rip/rip.c b/proto/rip/rip.c
index ef98a78a9e034e3b4a82e2fd59b4608b5f6f244a..7fcf62450c2f409ec4bc2c9b51bb12f8cc1c08a5 100644 (file)
--- a/proto/rip/rip.c
+++ b/proto/rip/rip.c
@@ -60,6 +60,7 @@ rip_tx( sock *s )
   struct rip_packet *packet = (void *) s->tbuf;
   int i;
 
+  DBG( "Sending to %I\n", s->daddr );
   do {
 
     if (c->done) {
@@ -285,7 +286,11 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
 
          if (!neigh_find( p, &whotoldme, 0 )) {
            log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme );
+#if 0
            return 0;
+#else
+           log( L_ERR "...ignoring" );
+#endif
          }
 
           for (i=0; i<num; i++) {
@@ -294,7 +299,8 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
              if (!i) {
                if (rip_incoming_authentication(p, (void *) block, packet, num))
                  BAD( "Authentication failed" );
-             } else BAD( "Authentication is not the first!" );
+             } 
+           /* FIXME: Need to reject packets which have no authentication */
            ipa_ntoh( block->network );
            ipa_ntoh( block->netmask );
            ipa_ntoh( block->nexthop );
@@ -500,8 +506,10 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
 
   if (flags & IF_BROADCAST)
     rif->sock->daddr = new->addr->brd;
-  if (flags & IF_UNNUMBERED)   /* Hmm, rip is not defined over unnumbered links */
+  if (flags & IF_UNNUMBERED) {
     rif->sock->daddr = new->addr->opposite;
+    log( L_WARN "RIP/%s: rip is not defined over unnumbered links\n", P_NAME );
+  }
   if (want_multicast) {
     rif->sock->daddr = ipa_from_u32(0xe0000009);
     rif->sock->saddr = ipa_from_u32(0xe0000009);
@@ -516,7 +524,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
        /* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */
       }
 
-  log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast" );
+  log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s (%I)", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast", rif->sock->daddr );
   
   return rif;
 }