Subversion Repositories ALCASAR

Rev

Blame | Last modification | View Log

--- src/redir.c 2022-10-12 15:35:35.352336574 +0200
+++ src/redir.c 2022-10-11 14:01:22.000000000 +0200
@@ -28,6 +28,8 @@
 #endif
 #include "json/json.h"
 
+
+
 static int optionsdebug = 0; /* TODO: Should be changed to instance */
 
 static int termstate = REDIR_TERM_INIT;    /* When we were terminated */
@@ -2709,6 +2711,7 @@
                        struct redir_conn_t *conn, char reauth) {
   uint8_t user_password[RADIUS_PWSIZE + 1];
   uint8_t chap_password[REDIR_MD5LEN + 2];
+  uint8_t pap_challenge[REDIR_SHA256LEN];
   uint8_t chap_challenge[REDIR_MD5LEN];
   struct radius_packet_t radius_pack;
   struct radius_t *radius;      /* Radius client instance */
@@ -2718,7 +2721,7 @@
   fd_set fds;                  /* For select() */
   int status;
 
-  MD5_CTX context;
+  SHA256_CONTEXT context;
 
   char url[REDIR_URL_LEN];
   int n, m;
@@ -2761,10 +2764,10 @@
   if (redir->secret && *redir->secret) {
     //syslog(LOG_DEBUG, "SECRET: [%s]",redir->secret);
     /* Get MD5 hash on challenge and uamsecret */
-    MD5Init(&context);
-    MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
-    MD5Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
-    MD5Final(chap_challenge, &context);
+    SHA256Init(&context);
+    SHA256Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
+    SHA256Update(&context, (uint8_t *) redir->secret, strlen(redir->secret));
+    SHA256Final(&context, pap_challenge);
   }
   else {
     memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
@@ -2780,9 +2783,9 @@
                 sizeof(user_password));
       } else {
         for (m=0; m < RADIUS_PWSIZE;) {
-          for (n=0; n < REDIR_MD5LEN; m++, n++) {
+          for (n=0; n < REDIR_SHA256LEN; m++, n++) {
             user_password[m] =
-                conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
+                conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
           }
         }
       }
@@ -2963,6 +2966,7 @@
 
 int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) {
   uint8_t user_password[RADIUS_PWSIZE+1];
+  uint8_t pap_challenge[REDIR_SHA256LEN];
   uint8_t chap_challenge[REDIR_MD5LEN];
   char u[256]; char p[256];
   size_t usernamelen, sz=1024;
@@ -2970,6 +2974,7 @@
   int match=0;
   char *line=0;
   MD5_CTX context;
+  SHA256_CONTEXT SHA256context;
   FILE *f;
 
   if (!_options.localusers) return 0;
@@ -2990,10 +2995,10 @@
   }/**/
 
   if (redir->secret && *redir->secret) {
-    MD5Init(&context);
-    MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
-    MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret));
-    MD5Final(chap_challenge, &context);
+    SHA256Init(&SHA256context);
+    SHA256Update(&SHA256context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
+    SHA256Update(&SHA256context, (uint8_t*)redir->secret, strlen(redir->secret));
+    SHA256Final(&SHA256context, pap_challenge);
   }
   else {
     memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
@@ -3015,9 +3020,9 @@
       } else {
         int n, m;
         for (m=0; m < RADIUS_PWSIZE;)
-          for (n=0; n < REDIR_MD5LEN; m++, n++)
+          for (n=0; n < REDIR_SHA256LEN; m++, n++)
             user_password[m] =
-                conn->authdata.v.papmsg.password[m] ^ chap_challenge[n];
+                conn->authdata.v.papmsg.password[m] ^ pap_challenge[n];
       }
       break;
     case REDIR_AUTH_CHAP: