MD5 authentication in OSPF works. :-)

diff --git a/nest/config.Y b/nest/config.Y
index 7a83a60aa8f62338bdb4ee8014bfe8dc20ef93e5..744c0692dd7c374d5b4e29191e4ea8f9d16710aa 100644 (file)
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -2,6 +2,7 @@
  *     BIRD -- Core Configuration
  *
  *     (c) 1998--2000 Martin Mares <mj@ucw.cz>
+ *      (c) 2004       Ondrej Filip <feela@network.cz>
  *
  *     Can be freely distributed and used under the terms of the GNU GPL.
  */
@@ -208,7 +209,7 @@ password_item:
 
 password_item_begin:
    PASSWORD TEXT {
-     static int id = 0;
+     static int id = 1;
      this_p_item = cfg_alloc(sizeof (struct password_item));
      this_p_item->password = $2;
      this_p_item->genfrom = 0;
@@ -226,7 +227,7 @@ password_item_params:
  | GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; }
  | ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; }
  | ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; }
- | ID expr ';' password_item_params { this_p_item->id = $2; }
+ | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); }
  ;
 
 password_list:
@@ -254,7 +255,7 @@ password_begin:
      this_p_item->gento = TIME_INFINITY;
      this_p_item->accfrom = 0;
      this_p_item->accto = TIME_INFINITY;
-     this_p_item->id = 0;
+     this_p_item->id = 1;
      add_tail(this_p_list, &this_p_item->n);
      $$ = this_p_list;
   }

diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index 9d5a924d29bd6b7573a2efb66b14c73a1cf45b6c..488a3a2941582073071a4a9d6f24004d24b5a627 100644 (file)
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
       password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
       MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
       MD5Final(tail, &ctxt);
-      
       break;
     default:
       bug("Unknown authentication type");
@@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
 
       WALK_LIST(ptmp, *(ifa->passwords))
       {
-        if (pkt->u.md5.keyid != pass->id) continue;
-        if ((pass->genfrom > now) || (pass->gento < now)) continue;
+        if (pkt->u.md5.keyid != ptmp->id) continue;
+        if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue;
         pass = ptmp;
         break;
       }
@@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
 
       if(n)
       {
-        if(ntohs(pkt->u.md5.csn) <= n->csn)
+        if(ntohs(pkt->u.md5.csn) < n->csn)
         {
           OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
           return 0;
         }
-
         n->csn = ntohs(pkt->u.md5.csn);
       }
 
@@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
       password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
       MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
       MD5Final(md5sum, &ctxt);
-      if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
+      if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
       {
         OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
         return 0;
@@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size)
     return 1;
   }
 
-  if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
+  if ((ps->autype != htons(OSPF_AUTH_CRYPT)) &&
+      (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
                    ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
   {
     log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);