--- src/radius.c.orig Mon Apr 3 15:39:46 2000 +++ src/radius.c Mon Apr 3 15:46:02 2000 @@ -28,6 +28,37 @@ static int i_send_buffer[1024]; static char *send_buffer = (char *)i_send_buffer; + +#ifdef ASCEND_SECRET +/************************************************************************* + * + * Function: make_secret + * + * Purpose: Build an encrypted secret value to return in a reply + * packet. The secret is hidden by xoring with a MD5 digest + * created from the shared secret and the authentication + * vector. We put them into MD5 in the reverse order from + * that used when encrypting passwords to RADIUS. + * + *************************************************************************/ + +void make_secret(u_char *digest, u_char *vector, u_char *secret, char *value) +{ + u_char buffer[ AUTH_STRING_LEN ]; + int secretLen = strlen( (const char *)secret ); + int ix; + + memcpy( buffer, vector, AUTH_VECTOR_LEN ); + memcpy( buffer + AUTH_VECTOR_LEN, secret, secretLen ); + md5_calc( digest, buffer, AUTH_VECTOR_LEN + secretLen ); + memset( buffer, 0, AUTH_STRING_LEN ); + for ( ix = 0; ix < AUTH_VECTOR_LEN; ix += 1 ) { + digest[ ix ] ^= value[ ix ]; + } +} +#endif /* ASCEND_SECRET */ + + /* * Reply to the request. Also attach * reply attribute value pairs and any user message provided. @@ -135,6 +166,24 @@ switch(reply->type) { case PW_TYPE_STRING: + /* + * This is to hash the Ascend-Send-Secret before + * we send it to the Max. + */ +#ifdef ASCEND_SECRET + if (( strcmp(reply->name, "Ascend-Send-Secret") == 0 ) + || ( strcmp(reply->name, "Ascend-Recv-Secret") == 0 )) + { + make_secret( digest, authreq->vector, + authreq->secret, reply->strvalue ); + *ptr++ = AUTH_VECTOR_LEN + 2; + memcpy( ptr, digest, AUTH_VECTOR_LEN ); + ptr += AUTH_VECTOR_LEN; + total_length += AUTH_VECTOR_LEN + 2; + break; + } +#endif + /* * FIXME: this is just to make sure but * should NOT be needed. In fact I have no @@ -587,5 +636,4 @@ &saremote, sizeof(struct sockaddr_in)); } #endif -