bug-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnu-radius] Why GNU Radius does not follow RFC in client/server

From: Sergey Poznyakoff
Subject: Re: [Bug-gnu-radius] Why GNU Radius does not follow RFC in client/server exchange?
Date: Tue, 05 Mar 2002 14:29:19 +0200 
> As I see in the sources GNU Radius makes Authenticator field in packet
> header as random bytes set, i.e. without any using of the shared secret!

You seem to have misunderstood the RFC. The request authenticator sent
by the client application _is a random number_. This should not be
confused with the authenticator returned by the server side. The
following should explain this:

Quoting RFC 2138 (Page 10):

Request Authenticator

      In Access-Request Packets, the Authenticator value is a 16 octet
      random number, called the Request Authenticator.  The value SHOULD
      be unpredictable and unique over the lifetime of a secret (the
      password shared between the client and the RADIUS server)

Quoting radlib/client.c:232-240:

        /*
         *      Build an authentication request
         */
        auth = (AUTH_HDR *)config->data_buffer;
        auth->code = code;
        auth->id = config->messg_id++ % 256;
        random_vector(config->vector);
        memcpy(auth->vector, config->vector, AUTH_VECTOR_LEN);

As you see, the implementation follows the RFC.

Quoting RFC 2138 (Page 11):

   Response Authenticator

      The value of the Authenticator field in Access-Accept, Access-
      Reject, and Access-Challenge packets is called the Response
      Authenticator, and contains a one-way MD5 hash calculated over a
      stream of octets consisting of: the RADIUS packet, beginning with
      the Code field, including the Identifier, the Length, the Request
      Authenticator field from the Access-Request packet, and the
      response Attributes, followed by the shared secret.  That is,
      ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret)
      where + denotes concatenation.
 
Quoting radiusd/radius.c:228-236

        /* Append secret and calculate the response digest */
        secretlen = strlen(radreq->secret);
        if (total_length + secretlen >= SEND_BUFFER_SIZE)
            goto err;
        memcpy(send_buffer + total_length, radreq->secret, secretlen);
        md5_calc(digest, (u_char *)auth, total_length + secretlen);
        memcpy(auth->vector, digest, AUTH_VECTOR_LEN);
        memset(send_buffer + total_length, 0, secretlen);

Again, the implementation follows the RFC.

> Moreover, Authenticators of all packets during one second are equal
> because srand(time(NULL)) is called at each Authenticator making!

A method providing for a better enthropy is now being developed.

> What can it say about GNU Radius secure after that?

This all being said, it is up to you to decide.

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]