?? radius_authorize.c
字號:
} sptr_packet = (RADIUS_PACKET *) bptr_authentication_string; memcpy (bptr_authentication_string, (BYTE *)sptr_rx_packet, packet_length); memcpy (sptr_packet->header.authenticator, bptr_authenticator, RADIUS_SIZE_OF_AUTHENTICATOR); memcpy (bptr_authentication_string + packet_length, p_server->bp_secret, p_server->secret_length); MD_string (bptr_authentication_string, buffer_length, (BYTE *)&md5_result[0], MD5); table_free (bptr_authentication_string); if (memcmp (md5_result, sptr_rx_packet->header.authenticator, RADIUS_SIZE_OF_AUTHENTICATOR) == MEMORY_IS_IDENTICAL) { return (PASS); } else { return (FAIL); }}#ifdef __EAP__/*****************************************************************************************/bool radius_eap_message_present (RADIUS_LIST_CONTROLLER* p_radius_attribute_list_controller){ RW_CONTAINER_ITERATOR attribute_iterator; RADIUS_ATTRIBUTE_ENTRY* p_attribute; attribute_iterator = p_radius_attribute_list_controller->iterator; rw_container_goto_front (attribute_iterator); while (rw_container_is_at_end (attribute_iterator) == false) { p_attribute = rw_container_at (attribute_iterator); if (p_attribute->type == RADIUS_EAP_MESSAGE) { return (true); } rw_container_next (attribute_iterator); } return (false);}/*************************************************************************//* refer to rfc2869 section 5.14 for details */enum TEST radius_verifiy_message_authenticator (RADIUS_PACKET *sptr_rx_packet, BYTE *bptr_authenticator, RADIUS_LIST_CONTROLLER* p_radius_attribute_list_controller, RADIUS_SERVER* p_server){ BYTE *bptr_authentication_string; RADIUS_PACKET *sptr_packet; USHORT packet_length; BYTE hmac_md5_result[HMAC_MD5_RESULT_LENGTH]; BYTE message_authenticator[HMAC_MD5_RESULT_LENGTH]; if (radius_eap_message_present (p_radius_attribute_list_controller) == false) { return (PASS); } packet_length = swap (sptr_rx_packet->header.length); bptr_authentication_string = (BYTE *) table_malloc (1, packet_length); if (bptr_authentication_string == NULL) { return (FAIL); } sptr_packet = (RADIUS_PACKET *) bptr_authentication_string; memcpy (bptr_authentication_string, (BYTE *)sptr_rx_packet, packet_length); memcpy (sptr_packet->header.authenticator, bptr_authenticator, RADIUS_SIZE_OF_AUTHENTICATOR); memset (&message_authenticator[0], 0, HMAC_MD5_RESULT_LENGTH); if (radius_get_message_authenticator_attribute (sptr_packet, (BYTE *)&message_authenticator[0], p_radius_attribute_list_controller) == false) { table_free (bptr_authentication_string); return (FAIL); } memset (&hmac_md5_result[0], 0, HMAC_MD5_RESULT_LENGTH); radius_hmac_md5 ((unsigned char *)sptr_packet, packet_length, p_server->bp_secret, p_server->secret_length, (BYTE *)&hmac_md5_result[0]); table_free (bptr_authentication_string); if (memcmp (hmac_md5_result, message_authenticator, HMAC_MD5_RESULT_LENGTH) == MEMORY_IS_IDENTICAL) { return (PASS); } else { return (FAIL); }}/*****************************************************************************************//* Copy MA (Message Authenticator) and remove it from the attribute list of the radius *//* client. Also zeroing out the MA of the packet *//*****************************************************************************************/static bool radius_get_message_authenticator_attribute (RADIUS_PACKET *sptr_packet, BYTE* p_buffer, RADIUS_LIST_CONTROLLER* p_radius_attribute_list_controller){ bool message_authenticator_exist; enum RADIUS_ATTRIBUTE_TYPE type; RW_CONTAINER_ITERATOR attribute_iterator; RADIUS_ATTRIBUTE_ENTRY* p_attribute; RADIUS_ATTRIBUTE_ENTRY_IN_PACKET *sptr_attribute_entry_in_packet; UINT attribute_length; UINT packet_length; message_authenticator_exist = false; sptr_attribute_entry_in_packet = (RADIUS_ATTRIBUTE_ENTRY_IN_PACKET *) &sptr_packet->data; packet_length = (UINT) (swap (sptr_packet->header.length)); if (packet_length < sizeof (RADIUS_PACKET_HEADER)) { return (false); } packet_length -= sizeof (RADIUS_PACKET_HEADER); while (packet_length > 0) { type = sptr_attribute_entry_in_packet->type; attribute_length = (UINT) sptr_attribute_entry_in_packet->length; if (type == RADIUS_MESSAGE_AUTHENTICATOR) { memset (&sptr_attribute_entry_in_packet->value[0], 0, HMAC_MD5_RESULT_LENGTH); message_authenticator_exist = true; } sptr_attribute_entry_in_packet = (RADIUS_ATTRIBUTE_ENTRY_IN_PACKET *) ((BYTE *) sptr_attribute_entry_in_packet + sptr_attribute_entry_in_packet->length); packet_length -= attribute_length; } if (message_authenticator_exist == false) { return (false); } attribute_iterator = p_radius_attribute_list_controller->iterator; rw_container_goto_front (attribute_iterator); while (rw_container_is_at_end (attribute_iterator) == false) { p_attribute = rw_container_at (attribute_iterator); if (p_attribute->type == RADIUS_MESSAGE_AUTHENTICATOR) { memcpy (p_buffer, &p_attribute->value[0], p_attribute->length_of_attribute_value); rw_container_remove (attribute_iterator); table_free (p_attribute); return (true); } rw_container_next (attribute_iterator); } return (false);}/*****************************************************************************************//* check for eap message type and if it exists, we initialize the old message *//* authenticator to all zeros or add a new message authenticator. We also remove *//* message authenticator if eap message type doesn't exist. *//* NOTE: If EAP packet is longer than 253 octes, it will be placed into more than one *//* EAP Message attribute with multiple of 253 *//*****************************************************************************************/bool radius_check_eap_and_ma_attribute (RADIUS_LIST_CONTROLLER* p_radius_attribute_list_controller){ RW_CONTAINER_ITERATOR attribute_iterator; RADIUS_ATTRIBUTE_ENTRY* p_attribute; bool eap_message_exist = false; bool message_authenticator_exist = false; UINT attribute_length; UINT new_attribute_value_length; UINT new_attribute_entry_size; RADIUS_ATTRIBUTE_ENTRY *sptr_new_attribute; UINT temp_attribute_value_index; attribute_iterator = p_radius_attribute_list_controller->iterator; rw_container_goto_front (attribute_iterator); while (rw_container_is_at_end (attribute_iterator) == false) { p_attribute = rw_container_at (attribute_iterator); if (p_attribute->type == RADIUS_EAP_MESSAGE) { eap_message_exist = true; if (p_attribute->length_of_attribute_value > RADIUS_MAX_EAP_PAYLOAD) { rw_container_remove (attribute_iterator); temp_attribute_value_index = 0; attribute_length = p_attribute->length_of_attribute_value; while (attribute_length > 0) { if (attribute_length > RADIUS_MAX_EAP_PAYLOAD) new_attribute_value_length = RADIUS_MAX_EAP_PAYLOAD; else new_attribute_value_length = attribute_length; new_attribute_entry_size = new_attribute_value_length + sizeof (RADIUS_MESSAGE_ATTRIBUTE_HEADER); sptr_new_attribute = (RADIUS_ATTRIBUTE_ENTRY *) table_malloc (1, new_attribute_entry_size); if (sptr_new_attribute == NULL) { rw_container_free_iterator (attribute_iterator); return (false); } memset ((BYTE *) sptr_new_attribute, 0, new_attribute_entry_size); sptr_new_attribute->type = RADIUS_EAP_MESSAGE; sptr_new_attribute->length_of_attribute_value = new_attribute_value_length; memcpy (&sptr_new_attribute->value[0], &(p_attribute->value [temp_attribute_value_index]), new_attribute_value_length); rw_container_add_back (p_radius_attribute_list_controller->p_list, (RW_CONTAINER_ITEM*) sptr_new_attribute); temp_attribute_value_index += new_attribute_value_length; attribute_length -= new_attribute_value_length; } table_free (p_attribute); } } if (p_attribute->type == RADIUS_MESSAGE_AUTHENTICATOR) { memset (&p_attribute->value[0], 0, HMAC_MD5_RESULT_LENGTH); message_authenticator_exist = true; } rw_container_next (attribute_iterator); } if ((eap_message_exist == true) && (message_authenticator_exist == true)) return (false); else if (eap_message_exist == true) return (true); else if (message_authenticator_exist == true) { radius_remove_attribute ((RADIUS_ATTRIBUTE_LIST_HANDLE) p_radius_attribute_list_controller, RADIUS_MESSAGE_AUTHENTICATOR); return (false); } else return (false);}#endif /* __EAP__ *//*************************************************************************//* radius encryption as defined in RADIUS RFC *//* Note: the data must be a multiple of 16 bytes. */static bool do_radius_md5_encryption (BYTE *cptr_identifier, USHORT identifier_length, BYTE *p_secret, USHORT secret_length, BYTE *p_data, USHORT data_length){ BYTE md5_result[MD5_RESULT_LENGTH]; BYTE *bptr_md5_input; ULONG md5_input_length; USHORT xored_data_length; BYTE * bptr_data; USHORT md5_result_index; ULONG temp_value; if ((p_data == NULL) || (p_secret == NULL)) { return (false); } if ((data_length % RADIUS_PASSWORD_MODULUS) != 0) { return (false); } md5_input_length = identifier_length + secret_length; bptr_md5_input = (BYTE *) table_malloc (1, md5_input_length); if (bptr_md5_input == NULL) { return (false); } memcpy (bptr_md5_input, p_secret, secret_length); memcpy ((bptr_md5_input + secret_length), cptr_identifier, identifier_length); MD_string (bptr_md5_input, md5_input_length, (BYTE *) &md5_result[0], MD5); xored_data_length = data_length; bptr_data = p_data; md5_input_length = secret_length + MD5_RESULT_LENGTH; while (xored_data_length > 0) { for (md5_result_index = 0; (md5_result_index < MD5_RESULT_LENGTH) && (xored_data_length > 0); --xored_data_length, ++md5_result_index, ++bptr_data) { temp_value = *bptr_data; temp_value = temp_value ^ md5_result[md5_result_index]; *bptr_data = (BYTE) temp_value; md5_result[md5_result_index] = *bptr_data; } if (xored_data_length > 0) { memcpy ((bptr_md5_input + secret_length), md5_result, MD5_RESULT_LENGTH); MD_string (bptr_md5_input, md5_input_length, (BYTE *) &md5_result[0], MD5); } } table_free (bptr_md5_input); return (true);}/*************************************************************************//* radius decryption as defined in RADIUS RFC *//* Note: the data must be a multiple of 16 bytes. */static bool do_radius_md5_decryption (BYTE *cptr_identifier, USHORT identifier_length, BYTE *p_secret, USHORT secret_length, BYTE *p_data, USHORT data_length){ BYTE md5_result[MD5_RESULT_LENGTH]; BYTE *bptr_md5_input; ULONG md5_input_length; USHORT xored_data_length; BYTE * bptr_data; USHORT md5_result_index; ULONG temp_value; if ((p_data == NULL) || (p_secret == NULL)) { return (false); } if ((data_length % RADIUS_PASSWORD_MODULUS) != 0) { return (false); } md5_input_length = identifier_length + secret_length; bptr_md5_input = (BYTE *) table_malloc (1, md5_input_length); if (bptr_md5_input == NULL) { return (false); } memcpy (bptr_md5_input, p_secret, secret_length); memcpy ((bptr_md5_input + secret_length), cptr_identifier, identifier_length); MD_string (bptr_md5_input, md5_input_length, (BYTE *) &md5_result[0], MD5); xored_data_length = data_length; bptr_data = p_data; md5_input_length = secret_length + MD5_RESULT_LENGTH; while (xored_data_length > 0) { for (md5_result_index = 0; (md5_result_index < MD5_RESULT_LENGTH) && (xored_data_length > 0); --xored_data_length, ++md5_result_index, ++bptr_data) { temp_value = *bptr_data; temp_value = temp_value ^ md5_result[md5_result_index]; md5_result[md5_result_index] = *bptr_data; *bptr_data = (BYTE) temp_value; } if (xored_data_length > 0) { memcpy ((bptr_md5_input + secret_length), md5_result, MD5_RESULT_LENGTH); MD_string (bptr_md5_input, md5_input_length, (BYTE *) &md5_result[0], MD5); } } table_free (bptr_md5_input); return (true);}/*************************************************************************/bool radius_accounting_fill_in_request_authenticator (RADIUS_PACKET* p_packet, UINT length, RADIUS_SERVER* p_server, BYTE *bptr_authenticator){ BYTE md5_result[MD5_RESULT_LENGTH]; BYTE *bptr_authentication_string; UINT length_of_buffer_to_encrypt; length_of_buffer_to_encrypt = length + p_server->secret_length; bptr_authentication_string = table_malloc (1, length_of_buffer_to_encrypt); if (bptr_authentication_string == NULL) { return (false); } memcpy (bptr_authentication_string, p_packet, length); memcpy ((BYTE*) ((ULONG) bptr_authentication_string + length), p_server->bp_secret, p_server->secret_length); MD_string (bptr_authentication_string, length_of_buffer_to_encrypt, (BYTE *)&md5_result[0], MD5); memcpy ((void *) ((ULONG) p_packet + RADIUS_OFFSET_OF_AUTHENTICATOR), &md5_result[0], RADIUS_SIZE_OF_AUTHENTICATOR); memcpy ((void *) bptr_authenticator, &md5_result[0], RADIUS_SIZE_OF_AUTHENTICATOR); table_free (bptr_authentication_string); return (true);}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -