[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] Why GNU Radius does not follow RFC in client/server
From: |
Sergey Poznyakoff |
Subject: |
Re: [Bug-gnu-radius] Why GNU Radius does not follow RFC in client/server exchange? |
Date: |
Tue, 05 Mar 2002 14:29:19 +0200 |
> As I see in the sources GNU Radius makes Authenticator field in packet
> header as random bytes set, i.e. without any using of the shared secret!
You seem to have misunderstood the RFC. The request authenticator sent
by the client application _is a random number_. This should not be
confused with the authenticator returned by the server side. The
following should explain this:
Quoting RFC 2138 (Page 10):
Request Authenticator
In Access-Request Packets, the Authenticator value is a 16 octet
random number, called the Request Authenticator. The value SHOULD
be unpredictable and unique over the lifetime of a secret (the
password shared between the client and the RADIUS server)
Quoting radlib/client.c:232-240:
/*
* Build an authentication request
*/
auth = (AUTH_HDR *)config->data_buffer;
auth->code = code;
auth->id = config->messg_id++ % 256;
random_vector(config->vector);
memcpy(auth->vector, config->vector, AUTH_VECTOR_LEN);
As you see, the implementation follows the RFC.
Quoting RFC 2138 (Page 11):
Response Authenticator
The value of the Authenticator field in Access-Accept, Access-
Reject, and Access-Challenge packets is called the Response
Authenticator, and contains a one-way MD5 hash calculated over a
stream of octets consisting of: the RADIUS packet, beginning with
the Code field, including the Identifier, the Length, the Request
Authenticator field from the Access-Request packet, and the
response Attributes, followed by the shared secret. That is,
ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret)
where + denotes concatenation.
Quoting radiusd/radius.c:228-236
/* Append secret and calculate the response digest */
secretlen = strlen(radreq->secret);
if (total_length + secretlen >= SEND_BUFFER_SIZE)
goto err;
memcpy(send_buffer + total_length, radreq->secret, secretlen);
md5_calc(digest, (u_char *)auth, total_length + secretlen);
memcpy(auth->vector, digest, AUTH_VECTOR_LEN);
memset(send_buffer + total_length, 0, secretlen);
Again, the implementation follows the RFC.
> Moreover, Authenticators of all packets during one second are equal
> because srand(time(NULL)) is called at each Authenticator making!
A method providing for a better enthropy is now being developed.
> What can it say about GNU Radius secure after that?
This all being said, it is up to you to decide.
Regards,
Sergey