0,0 → 1,98 |
--- src/redir.c 2022-10-12 15:35:35.352336574 +0200 |
+++ src/redir.c 2022-10-11 14:01:22.000000000 +0200 |
@@ -28,6 +28,8 @@ |
#endif |
#include "json/json.h" |
|
+ |
+ |
static int optionsdebug = 0; /* TODO: Should be changed to instance */ |
|
static int termstate = REDIR_TERM_INIT; /* When we were terminated */ |
@@ -2709,6 +2711,7 @@ |
struct redir_conn_t *conn, char reauth) { |
uint8_t user_password[RADIUS_PWSIZE + 1]; |
uint8_t chap_password[REDIR_MD5LEN + 2]; |
+ uint8_t pap_challenge[REDIR_SHA256LEN]; |
uint8_t chap_challenge[REDIR_MD5LEN]; |
struct radius_packet_t radius_pack; |
struct radius_t *radius; /* Radius client instance */ |
@@ -2718,7 +2721,7 @@ |
fd_set fds; /* For select() */ |
int status; |
|
- MD5_CTX context; |
+ SHA256_CONTEXT context; |
|
char url[REDIR_URL_LEN]; |
int n, m; |
@@ -2761,10 +2764,10 @@ |
if (redir->secret && *redir->secret) { |
//syslog(LOG_DEBUG, "SECRET: [%s]",redir->secret); |
/* Get MD5 hash on challenge and uamsecret */ |
- MD5Init(&context); |
- MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
- MD5Update(&context, (uint8_t *) redir->secret, strlen(redir->secret)); |
- MD5Final(chap_challenge, &context); |
+ SHA256Init(&context); |
+ SHA256Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
+ SHA256Update(&context, (uint8_t *) redir->secret, strlen(redir->secret)); |
+ SHA256Final(&context, pap_challenge); |
} |
else { |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
@@ -2780,9 +2783,9 @@ |
sizeof(user_password)); |
} else { |
for (m=0; m < RADIUS_PWSIZE;) { |
- for (n=0; n < REDIR_MD5LEN; m++, n++) { |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) { |
user_password[m] = |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n]; |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n]; |
} |
} |
} |
@@ -2963,6 +2966,7 @@ |
|
int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) { |
uint8_t user_password[RADIUS_PWSIZE+1]; |
+ uint8_t pap_challenge[REDIR_SHA256LEN]; |
uint8_t chap_challenge[REDIR_MD5LEN]; |
char u[256]; char p[256]; |
size_t usernamelen, sz=1024; |
@@ -2970,6 +2974,7 @@ |
int match=0; |
char *line=0; |
MD5_CTX context; |
+ SHA256_CONTEXT SHA256context; |
FILE *f; |
|
if (!_options.localusers) return 0; |
@@ -2990,10 +2995,10 @@ |
}/**/ |
|
if (redir->secret && *redir->secret) { |
- MD5Init(&context); |
- MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN); |
- MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret)); |
- MD5Final(chap_challenge, &context); |
+ SHA256Init(&SHA256context); |
+ SHA256Update(&SHA256context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN); |
+ SHA256Update(&SHA256context, (uint8_t*)redir->secret, strlen(redir->secret)); |
+ SHA256Final(&SHA256context, pap_challenge); |
} |
else { |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
@@ -3015,9 +3020,9 @@ |
} else { |
int n, m; |
for (m=0; m < RADIUS_PWSIZE;) |
- for (n=0; n < REDIR_MD5LEN; m++, n++) |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) |
user_password[m] = |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n]; |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n]; |
} |
break; |
case REDIR_AUTH_CHAP: |