From f3d67bba31f61993fc079f89478c0ac7da0ddaaf Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Tue, 11 Jun 2024 15:13:12 -0400 Subject: verify Message-Authenticator if we receive it --- src/pam_radius_auth.c | 98 +++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 46 deletions(-) (limited to 'src/pam_radius_auth.c') diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index ed6c5a0..009fe4a 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -379,11 +379,40 @@ static void get_accounting_vector(AUTH_HDR * request, radius_server_t * server) /* * Verify the response from the server */ -static int verify_packet(char *secret, AUTH_HDR * response, AUTH_HDR * request) +static int verify_packet(radius_server_t *server, AUTH_HDR *response, AUTH_HDR *request) { MD5_CTX my_md5; - unsigned char calculated[AUTH_VECTOR_LEN]; - unsigned char reply[AUTH_VECTOR_LEN]; + uint8_t calculated[AUTH_VECTOR_LEN]; + uint8_t reply[AUTH_VECTOR_LEN]; + uint8_t *message_authenticator = NULL; + CONST uint8_t *attr, *end; + size_t secret_len = strlen(server->secret); + + attr = response->data; + end = (uint8_t *) response + ntohs(response->length); + + /* + * Check that the packet is well-formed, and find the Message-Authenticator. + */ + while (attr < end) { + size_t remaining = end - attr; + + if (remaining < 2) return FALSE; + + if (attr[1] < 2) return FALSE; + + if (attr[1] > remaining) return FALSE; + + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + if (attr[1] != 18) return FALSE; + + if (message_authenticator) return FALSE; + + message_authenticator = (uint8_t *) response + (attr - (uint8_t *) response) + 2; + } + + attr += attr[1]; + } /* * We could dispense with the memcpy, and do MD5's of the packet @@ -394,27 +423,30 @@ static int verify_packet(char *secret, AUTH_HDR * response, AUTH_HDR * request) /* MD5(response packet header + vector + response packet data + secret) */ MD5Init(&my_md5); - MD5Update(&my_md5, (unsigned char *)response, ntohs(response->length)); + MD5Update(&my_md5, (uint8_t *) response, ntohs(response->length)); + MD5Update(&my_md5, (CONST uint8_t *) server->secret, secret_len); + MD5Final(calculated, &my_md5); /* set the final vector */ + + /* Did he use the same random vector + shared secret? */ + if (memcmp(calculated, reply, AUTH_VECTOR_LEN) != 0) return FALSE; + + if (!message_authenticator) return TRUE; /* - * This next bit is necessary because of a bug in the original Livingston - * RADIUS server. The authentication vector is *supposed* to be MD5'd - * with the old password (as the secret) for password changes. - * However, the old password isn't used. The "authentication" vector - * for the server reply packet is simply the MD5 of the reply packet. - * Odd, the code is 99% there, but the old password is never copied - * to the secret! + * RFC2869 Section 5.14. + * + * Message-Authenticator is calculated with the Request + * Authenticator (copied into the packet above), and with + * the Message-Authenticator attribute contents set to + * zero. */ - if (*secret) { - MD5Update(&my_md5, (unsigned char *)secret, strlen(secret)); - } + memcpy(reply, message_authenticator, AUTH_VECTOR_LEN); + memset(message_authenticator, 0, AUTH_VECTOR_LEN); - MD5Final(calculated, &my_md5); /* set the final vector */ + hmac_md5(calculated, (uint8_t *) response, ntohs(response->length), (const uint8_t *) server->secret, secret_len); + + if (memcmp(calculated, reply, AUTH_VECTOR_LEN) != 0) return FALSE; - /* Did he use the same random vector + shared secret? */ - if (memcmp(calculated, reply, AUTH_VECTOR_LEN) != 0) { - return FALSE; - } return TRUE; } @@ -1172,8 +1204,6 @@ static int talk_radius(radius_conf_t * conf, AUTH_HDR * request, /* there's data, see if it's valid */ } else { - char *p = server->secret; - if ((ntohs(response->length) != total_length) || (ntohs(response->length) > @@ -1187,32 +1217,8 @@ static int talk_radius(radius_conf_t * conf, AUTH_HDR * request, break; } - /* Check if we have the data OK. - * We should also check request->id */ - if (password) { - if (old_password) { -#ifdef LIVINGSTON_PASSWORD_VERIFY_BUG_FIXED - /* what it should be */ - p = old_password; -#else - /* what it really is */ - p = ""; -#endif - } - /* - * RFC 2139 p.6 says not do do this, but - * the Livingston 1.16 server disagrees. - * If the user says he wants the bug, - * give in. - */ - } else { /* authentication request */ - if (conf->accounting_bug) { - p = ""; - } - } - if (!verify_packet - (p, response, request)) { + (server, response, request)) { _pam_log(pamh, LOG_ERR, "response from server" " %s failed" -- cgit v1.2.3 From 84184844ec80c840a3499bb3fedd74ea9acf4dd2 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Tue, 11 Jun 2024 15:17:09 -0400 Subject: always add Message-Authenticator to Access-Request packets --- src/md5.h | 1 + src/pam_radius_auth.c | 38 ++++++++++++++++++++++++++++++++++---- src/pam_radius_auth.h | 4 ++++ 3 files changed, 39 insertions(+), 4 deletions(-) (limited to 'src/pam_radius_auth.c') diff --git a/src/md5.h b/src/md5.h index 90c571b..39bbb9b 100644 --- a/src/md5.h +++ b/src/md5.h @@ -39,6 +39,7 @@ #define MD5Transform pra_MD5Transform #include +#include struct MD5Context { uint32_t buf[4]; diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index 009fe4a..aa3a650 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -1001,10 +1001,25 @@ static void build_radius_packet(AUTH_HDR * request, CONST char *user, hostname[0] = '\0'; gethostname(hostname, sizeof(hostname) - 1); - request->length = htons(AUTH_HDR_LEN); + /* + * For Access-Request, create a random authentication + * vector, and always add a Message-Authenticator + * attribute. + */ + if (request->code == PW_AUTHENTICATION_REQUEST) { + uint8_t *attr = (uint8_t *) request + AUTH_HDR_LEN; - if (password) { /* make a random authentication req vector */ - get_random_vector(request->vector); + get_random_vector(request->vector); + + attr[0] = PW_MESSAGE_AUTHENTICATOR; + attr[1] = 18; + memset(attr + 2, 0, AUTH_VECTOR_LEN); + conf->message_authenticator = attr + 2; + + request->length = htons(AUTH_HDR_LEN + 18); + } else { + request->length = htons(AUTH_HDR_LEN); + conf->message_authenticator = NULL; } add_attribute(request, PW_USER_NAME, (unsigned char *)user, @@ -1097,7 +1112,22 @@ static int talk_radius(radius_conf_t * conf, AUTH_HDR * request, /* clear the response */ memset(response, 0, sizeof(AUTH_HDR)); - if (!password) { /* make an RFC 2139 p6 request authenticator */ + /* only look up IP information as necessary */ + retval = host2server(pamh, server); + if (retval != 0) { + _pam_log(pamh, LOG_ERR, + "Failed looking up IP address for RADIUS server %s (error=%s)", + server->hostname, gai_strerror(retval)); + ok = FALSE; + goto next; /* skip to the next server */ + } + + if (request->code == PW_AUTHENTICATION_REQUEST) { + hmac_md5(conf->message_authenticator, (uint8_t *) request, ntohs(request->length), + (const uint8_t *) server->secret, strlen(server->secret)); + + } else { + /* make an RFC 2139 p6 request authenticator */ get_accounting_vector(request, server); } diff --git a/src/pam_radius_auth.h b/src/pam_radius_auth.h index b1a3173..da7177b 100644 --- a/src/pam_radius_auth.h +++ b/src/pam_radius_auth.h @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -155,6 +156,9 @@ typedef struct radius_conf_t { char prompt[MAXPROMPT]; char vrfname[64]; char privusrmap[64]; + int prompt_attribute; + int privilege_level; + uint8_t *message_authenticator; } radius_conf_t; void __write_mapfile(pam_handle_t * p, const char *usr, uid_t uid, int priv, -- cgit v1.2.3 From dde67d80623bdca4da8e76467b90754e34835ae3 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 12 Jun 2024 13:29:36 -0400 Subject: add and document "require_message_authenticator" flag --- USAGE | 8 ++++++++ src/pam_radius_auth.c | 11 +++++++++-- src/pam_radius_auth.h | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'src/pam_radius_auth.c') diff --git a/USAGE b/USAGE index 0fce66b..fdd1e70 100644 --- a/USAGE +++ b/USAGE @@ -104,5 +104,13 @@ max_challenge=# - configure maximum number of challenges that a server may request. This is a workaround for broken servers and disabled by default. +prompt_attribute - Enable honoring of Prompt attribute sent from server for + challenge-response to enable/disable of echoing of user + input. Without this option all user input during + challenge-response will be echoed. See RFC2869 Section 5.10 + +require_message_authenticator - Discard Access-Accept, Access-Challenge, and + Access-Reject packets which do not contain Message-Authenticator. + --------------------------------------------------------------------------- diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index aa3a650..560b141 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -131,6 +131,9 @@ static int _pam_parse(pam_handle_t * pamh, int argc, CONST char **argv, } else if (!strncmp(*argv, "max_challenge=", 14)) { conf->max_challenge = atoi(*argv + 14); + } else if (!strcmp(*argv, "require_message_authenticator")) { + conf->require_message_authenticator = TRUE; + } else { _pam_log(pamh, LOG_WARNING, "unrecognized option '%s'", *argv); @@ -379,7 +382,7 @@ static void get_accounting_vector(AUTH_HDR * request, radius_server_t * server) /* * Verify the response from the server */ -static int verify_packet(radius_server_t *server, AUTH_HDR *response, AUTH_HDR *request) +static int verify_packet(radius_server_t *server, AUTH_HDR *response, AUTH_HDR *request, radius_conf_t *conf) { MD5_CTX my_md5; uint8_t calculated[AUTH_VECTOR_LEN]; @@ -414,6 +417,10 @@ static int verify_packet(radius_server_t *server, AUTH_HDR *response, AUTH_HDR * attr += attr[1]; } + if ((request->code == PW_AUTHENTICATION_REQUEST) && conf->require_message_authenticator && !message_authenticator) { + return FALSE; + } + /* * We could dispense with the memcpy, and do MD5's of the packet * + vector piece by piece. This is easier understand, and maybe faster. @@ -1248,7 +1255,7 @@ static int talk_radius(radius_conf_t * conf, AUTH_HDR * request, } if (!verify_packet - (server, response, request)) { + (server, response, request, conf)) { _pam_log(pamh, LOG_ERR, "response from server" " %s failed" diff --git a/src/pam_radius_auth.h b/src/pam_radius_auth.h index da7177b..5f056c5 100644 --- a/src/pam_radius_auth.h +++ b/src/pam_radius_auth.h @@ -158,6 +158,7 @@ typedef struct radius_conf_t { char privusrmap[64]; int prompt_attribute; int privilege_level; + int require_message_authenticator; uint8_t *message_authenticator; } radius_conf_t; -- cgit v1.2.3 From 15b5a25b3ce48cc9cf6aec7e9fbd736df833450a Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 25 Jul 2024 08:39:14 -0700 Subject: set Message-Authenticator to zero each time we send a packet. Fixes #96 --- src/pam_radius_auth.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/pam_radius_auth.c') diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index 560b141..cc7bf2d 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -1130,6 +1130,7 @@ static int talk_radius(radius_conf_t * conf, AUTH_HDR * request, } if (request->code == PW_AUTHENTICATION_REQUEST) { + memset(conf->message_authenticator, 0, AUTH_VECTOR_LEN); hmac_md5(conf->message_authenticator, (uint8_t *) request, ntohs(request->length), (const uint8_t *) server->secret, strlen(server->secret)); -- cgit v1.2.3