Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 591254 Details for
Bug 820488
Review Request: mod_auth_xradius - Apache module that provides authentication against RADIUS Servers
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch libxradius for mozilla-nss support
mod_auth_xradius-0.4.6-libnss_libxradius.patch (text/plain), 8.25 KB, created by
Stephen Gallagher
on 2012-06-12 18:49:36 UTC
(
hide
)
Description:
Patch libxradius for mozilla-nss support
Filename:
MIME Type:
Creator:
Stephen Gallagher
Created:
2012-06-12 18:49:36 UTC
Size:
8.25 KB
patch
obsolete
>From 3224da658d9c8793fa797bd47d53fa201ab717e8 Mon Sep 17 00:00:00 2001 >From: Stephen Gallagher <sgallagh@redhat.com> >Date: Tue, 12 Jun 2012 14:02:06 -0400 >Subject: [PATCH 5/5] libnss_libxradius > >--- > Makefile.am | 7 ++-- > libradius/porting.h | 2 +- > libradius/radlib.c | 114 +++++++++++++++++++++++++++++++++------------------ > 3 files changed, 79 insertions(+), 44 deletions(-) > >diff --git a/Makefile.am b/Makefile.am >index a398ad718cd19e474a73ca7b8be5ba4bbe270e54..268a7eef52f27b6e3f60cad637ea5ebbd628e442 100644 >--- a/Makefile.am >+++ b/Makefile.am >@@ -24,12 +24,11 @@ apachemod_LTLIBRARIES = mod_auth_xradius.la > apachemoddir=${AP_LIBEXECDIR} > > lib_LTLIBRARIES = libxradius.la >-libxradius_la_SOURCES = libradius/radlib.c libradius/md5c.c >-libxradius_la_CFLAGS = ${MODULE_CFLAGS} >-libxradius_la_LDFLAGS = ${MODULE_LIBS} >+libxradius_la_SOURCES = libradius/radlib.c >+libxradius_la_CFLAGS = ${MODULE_CFLAGS} -I${includedir}/nss3 -I${includedir}/nspr4 >+libxradius_la_LDFLAGS = ${MODULE_LIBS} -lnss3 -lnspr4 > > include_HEADERS = \ >- libradius/md5.h \ > libradius/porting.h \ > libradius/radlib.h \ > libradius/radlib_private.h \ >diff --git a/libradius/porting.h b/libradius/porting.h >index 6fe7dedd357fa120d43d4dbb2261ecf6410cc8fb..fd9c483a35757e89a62421eeb8065d186a0e6c59 100644 >--- a/libradius/porting.h >+++ b/libradius/porting.h >@@ -15,7 +15,7 @@ typedef unsigned int u_int32_t; > > #else > >-#include "md5.h" >+#include "sechash.h" > #define MD5_DIGEST_LENGTH 16 > #define MD5Final xrad_MD5Final > #define MD5Init xrad_MD5Init >diff --git a/libradius/radlib.c b/libradius/radlib.c >index 1fd2141c1685c9e280dfdb1e93374cf4c4b97448..11824b466f2398010b8ebf2628b13bc2a5666a7e 100644 >--- a/libradius/radlib.c >+++ b/libradius/radlib.c >@@ -110,24 +110,30 @@ generr(struct xrad_handle *h, const char *format, ...) > static void > insert_scrambled_password(struct xrad_handle *h, int srv) > { >- MD5_CTX ctx; >+ HASHContext *md5_ctx; > unsigned char md5[MD5_DIGEST_LENGTH]; > const struct xrad_server *srvp; > int padded_len; > int pos; >+ unsigned int len; > > srvp = &h->servers[srv]; > padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf; > >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ > memcpy(md5, &h->request[POS_AUTH], LEN_AUTH); > for (pos = 0; pos < padded_len; pos += 16) { > int i; > > /* Calculate the new scrambler */ >- MD5Init(&ctx); >- MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); >- MD5Update(&ctx, md5, 16); >- MD5Final(md5, &ctx); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, >+ (const unsigned char *)srvp->secret, >+ strlen(srvp->secret)); >+ HASH_Update(md5_ctx, md5, 16); >+ HASH_End(md5_ctx, md5, &len, sizeof(md5)); >+ > > /* > * Mix in the current chunk of the password, and copy >@@ -139,24 +145,35 @@ insert_scrambled_password(struct xrad_handle *h, int srv) > h->request[h->pass_pos + pos + i] = > md5[i] ^= h->pass[pos + i]; > } >+ >+ HASH_Destroy(md5_ctx); > } > > static void > insert_request_authenticator(struct xrad_handle *h, int srv) > { >- MD5_CTX ctx; >+ HASHContext *md5_ctx; > const struct xrad_server *srvp; >+ unsigned int len; > > srvp = &h->servers[srv]; > > /* Create the request authenticator */ >- MD5Init(&ctx); >- MD5Update(&ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE); >- apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH); >- MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH); >- MD5Update(&ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS); >- MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); >- MD5Final(&h->request[POS_AUTH], &ctx); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE); >+ apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH); >+ HASH_Update(md5_ctx, >+ (const unsigned char *)&h->request[POS_AUTH], >+ LEN_AUTH); >+ HASH_Update(md5_ctx, >+ (const unsigned char *)&h->request[POS_ATTRS], >+ h->req_len - POS_ATTRS); >+ HASH_Update(md5_ctx, >+ (const unsigned char *)srvp->secret, >+ strlen(srvp->secret)); >+ HASH_End(md5_ctx, &h->request[POS_AUTH], &len, sizeof(h->request[POS_AUTH])); > } > > static void >@@ -192,10 +209,11 @@ static int > is_valid_response(struct xrad_handle *h, int srv, > const struct sockaddr_in *from) > { >- MD5_CTX ctx; >+ HASHContext *md5_ctx; > unsigned char md5[MD5_DIGEST_LENGTH]; > const struct xrad_server *srvp; > int len; >+ unsigned int hash_len; > #ifdef WITH_SSL > HMAC_CTX hctx; > u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE]; >@@ -218,12 +236,17 @@ is_valid_response(struct xrad_handle *h, int srv, > return 0; > > /* Check the response authenticator */ >- MD5Init(&ctx); >- MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE); >- MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH); >- MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS); >- MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); >- MD5Final(md5, &ctx); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE); >+ HASH_Update(md5_ctx, &h->request[POS_AUTH], LEN_AUTH); >+ HASH_Update(md5_ctx, &h->response[POS_ATTRS], len - POS_ATTRS); >+ HASH_Update(md5_ctx, >+ (const unsigned char *)srvp->secret, >+ strlen(srvp->secret)); >+ HASH_End(md5_ctx, md5, &hash_len, sizeof(md5)); >+ HASH_Destroy(md5_ctx); >+ > if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0) > return 0; > >@@ -1128,7 +1151,8 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen) > char R[LEN_AUTH]; > const char *S; > int i, Ppos; >- MD5_CTX Context; >+ int hash_len; >+ HASHContext *md5_ctx; > u_char b[MD5_DIGEST_LENGTH], *C, *demangled; > > if ((mlen % 16 != 0) || mlen > 128) { >@@ -1152,10 +1176,13 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen) > if (!demangled) > return NULL; > >- MD5Init(&Context); >- MD5Update(&Context, S, strlen(S)); >- MD5Update(&Context, R, LEN_AUTH); >- MD5Final(b, &Context); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, S, strlen(S)); >+ HASH_Update(md5_ctx, R, LEN_AUTH); >+ HASH_End(md5_ctx, b, &hash_len, sizeof(b)); >+ HASH_Destroy(md5_ctx); >+ > Ppos = 0; > while (mlen) { > >@@ -1164,10 +1191,12 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen) > demangled[Ppos++] = C[i] ^ b[i]; > > if (mlen) { >- MD5Init(&Context); >- MD5Update(&Context, S, strlen(S)); >- MD5Update(&Context, C, 16); >- MD5Final(b, &Context); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, S, strlen(S)); >+ HASH_Update(md5_ctx, C, 16); >+ HASH_End(md5_ctx, b, &hash_len, sizeof(b)); >+ HASH_Destroy(md5_ctx); > } > > C += 16; >@@ -1184,9 +1213,10 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled, > const char *S; > u_char b[MD5_DIGEST_LENGTH], *demangled; > const u_char *A, *C; >- MD5_CTX Context; >+ HASHContext *md5_ctx; > int Slen, i, Clen, Ppos; > u_char *P; >+ unsigned int hash_len; > > if (mlen % 16 != SALT_LEN) { > generr(h, "Cannot interpret mangled data of length %lu", >@@ -1207,11 +1237,14 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled, > Slen = strlen(S); > P = alloca(Clen); /* We derive our plaintext */ > >- MD5Init(&Context); >- MD5Update(&Context, S, Slen); >- MD5Update(&Context, R, LEN_AUTH); >- MD5Update(&Context, A, SALT_LEN); >- MD5Final(b, &Context); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, S, Slen); >+ HASH_Update(md5_ctx, R, LEN_AUTH); >+ HASH_Update(md5_ctx, A, SALT_LEN); >+ HASH_End(md5_ctx, b, &hash_len, sizeof(b)); >+ HASH_Destroy(md5_ctx); >+ > Ppos = 0; > > while (Clen) { >@@ -1221,10 +1254,13 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled, > P[Ppos++] = C[i] ^ b[i]; > > if (Clen) { >- MD5Init(&Context); >- MD5Update(&Context, S, Slen); >- MD5Update(&Context, C, 16); >- MD5Final(b, &Context); >+ md5_ctx = HASH_Create(HASH_AlgMD5); >+ HASH_Begin(md5_ctx); >+ HASH_Update(md5_ctx, S, Slen); >+ HASH_Update(md5_ctx, C, 16); >+ HASH_Update(md5_ctx, A, SALT_LEN); >+ HASH_End(md5_ctx, b, &hash_len, sizeof(b)); >+ HASH_Destroy(md5_ctx); > } > > C += 16; >-- >1.7.10.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 820488
:
584723
|
591005
|
591006
| 591254 |
598069