Hi,
This diff implements the hashing of the carp password before using it
inside of the Kernel. It fix the problem that passwords like
"12345678901234567890" and "12345678901234567890XXX" are equal for carp.
But It breaks the compatibility with older Versions. Maybe you need to
increase the protocol number?
bluhm@ have an other idea to solve this problem: ifconfig could XOR
every 20 Byte long Chuck of the Passwort. This would not break the
compatibility of setups with less than 20 char password.
Just tell me every thing thats wrong with that diff and I will fix it.
bye,
Jan
Index: ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.264
diff -u -p -r1.264 ifconfig.c
--- ifconfig.c 31 May 2013 19:56:06 -0000 1.264
+++ ifconfig.c 2 Jul 2013 10:12:53 -0000
@@ -101,6 +101,7 @@
#include <string.h>
#include <unistd.h>
#include <ifaddrs.h>
+#include <sha1.h>
#include "brconfig.h"
@@ -3383,6 +3384,7 @@ void
setcarp_passwd(const char *val, int d)
{
struct carpreq carpr;
+ SHA1_CTX sha;
bzero(&carpr, sizeof(struct carpreq));
ifr.ifr_data = (caddr_t)&carpr;
@@ -3390,8 +3392,9 @@ setcarp_passwd(const char *val, int d)
if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1)
err(1, "SIOCGVH");
- /* XXX Should hash the password into the key here, perhaps? */
- strlcpy((char *)carpr.carpr_key, val, CARP_KEY_LEN);
+ SHA1Init(&sha);
+ SHA1Update(&sha, val, strlen(val));
+ SHA1Final((char *)carpr.carpr_key, &sha);
if (ioctl(s, SIOCSVH, (caddr_t)&ifr) == -1)
err(1, "SIOCSVH");
