| Subject: | auth_acct_verify does not work |
The auth_acct_verify function does not work. To verify the authenticator in a response packet requires the authenticator from the request packet, and it does not have that available and so cannot work.
It actually uses 16 bytes of zeros for that, which is not correct - it should be the 16-byte authenticator that was sent to the server.
The authenticator in an accounting response is basically the same as that in an access response, and what does work is this:
On sending the Accounting-Request:
my $rqst = $req->pack;
$rqst = auth_resp($rqst, $secret);
# Save the request authenticator:
my $req_auth = substr($rqst, 4, 16);
$rc = $socket->send($rqst);
Then after receiving the Accounting-Response:
my $recv;
$rc = $socket->recv($recv, 4096);
print "Bad authenticator" if (!auth_req_verify($recv, $secret, $req_auth));