* Copyright 2006 TRI-D Systems, Inc.
*/
-static const char rcsid[] = "$Id$";
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
-#include <autoconf.h>
-#include <radiusd.h>
-#include <modules.h>
+#include <freeradius-devel/radiusd.h>
+#include <freeradius-devel/modules.h>
#include "extern.h"
#include "otp.h"
#include "otp_pw_valid.h"
-#include <errno.h>
+#ifdef HAVE_PTHREAD_H
#include <pthread.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
+#endif
#include <sys/un.h>
-#include <unistd.h>
/* transform otpd return codes into rlm return codes */
otp_request_t otp_request;
otp_reply_t otp_reply;
VALUE_PAIR *cvp, *rvp;
- char *username = request->username->strvalue;
+ char *username = request->username->vp_strvalue;
int rc;
if (request->username->length > OTP_MAX_USERNAME_LEN) {
- (void) radlog(L_AUTH, "rlm_otp: username [%s] too long\n", username);
+ (void) radlog(L_AUTH, "rlm_otp: username [%s] too long", username);
return RLM_MODULE_REJECT;
}
/* we already know challenge is short enough */
otp_request.pwe.pwe = pwe;
/* otp_pwe_present() (done by caller) guarantees that both of these exist */
- rvp = pairfind(request->packet->vps, pwattr[pwe - 1]);
- cvp = pairfind(request->packet->vps, pwattr[pwe]);
+ cvp = pairfind(request->packet->vps, pwattr[pwe - 1]);
+ rvp = pairfind(request->packet->vps, pwattr[pwe]);
/*
* Validate available vps based on pwe type.
switch (otp_request.pwe.pwe) {
case PWE_PAP:
if (rvp->length > OTP_MAX_PASSCODE_LEN) {
- (void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long\n",
- username);
+ (void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long", username);
return RLM_MODULE_REJECT;
}
- (void) strcpy(otp_request.pwe.passcode, rvp->strvalue);
+ (void) strcpy(otp_request.pwe.passcode, rvp->vp_strvalue);
break;
case PWE_CHAP:
if (cvp->length > 16) {
- (void) radlog(L_AUTH, "rlm_otp: CHAP challenge for [%s] too long\n",
+ (void) radlog(L_AUTH, "rlm_otp: CHAP challenge for [%s] too long",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 17) {
- (void) radlog(L_AUTH, "rlm_otp: CHAP response for [%s] wrong size\n",
+ (void) radlog(L_AUTH, "rlm_otp: CHAP response for [%s] wrong size",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
case PWE_MSCHAP:
if (cvp->length != 8) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP challenge for [%s] wrong size\n",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP challenge for [%s] wrong size",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP response for [%s] wrong size\n",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP response for [%s] wrong size",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
case PWE_MSCHAP2:
if (cvp->length != 16) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 challenge for [%s] wrong size\n",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 challenge for [%s] wrong size",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 response for [%s] wrong size\n",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 response for [%s] wrong size",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
} /* switch (otp_request.pwe.pwe) */
(void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid "
"(version %d != 1)",
request->username, reply->version);
+ otp_putfd(fdp, 1);
return -1;
}
if (reply->passcode[OTP_MAX_PASSCODE_LEN] != '\0') {
(void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid (passcode)",
request->username);
+ otp_putfd(fdp, 1);
return -1;
}
+ otp_putfd(fdp, 0);
return reply->rc;
}
} else {
(void) radlog(L_ERR, "rlm_otp: %s: read from otpd: %s",
__func__, strerror(errno));
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return -1;
}
}
if (!n) {
(void) radlog(L_ERR, "rlm_otp: %s: otpd disconnect", __func__);
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return 0;
}
nread += n;
} else {
(void) radlog(L_ERR, "rlm_otp: %s: write to otpd: %s",
__func__, strerror(errno));
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return errno;
}
}
return fdp;
}
-/* disconnect from otpd */
+/* release fd, and optionally disconnect from otpd */
static void
-otp_putfd(otp_fd_t *fdp)
+otp_putfd(otp_fd_t *fdp, int disconnect)
{
- (void) close(fdp->fd);
- fdp->fd = -1;
+ if (disconnect) {
+ (void) close(fdp->fd);
+ fdp->fd = -1;
+ }
+
/* make connection available to another thread */
otp_pthread_mutex_unlock(&fdp->mutex);
}
projects / freeradius.git / blobdiff