*
* Copyright 2000,2001,2002 The FreeRADIUS server project
* Copyright 2001,2002 Google, Inc.
- * Copyright 2005 TRI-D Systems, Inc.
+ * Copyright 2005,2006 TRI-D Systems, Inc.
*/
/*
#include "otp.h"
#ifdef FREERADIUS
-#include <freeradius-devel/modules.h>
+#include <modules.h>
#endif
static const char rcsid[] = "$Id$";
auth_type_found = 0;
if ((vp = pairfind(request->config_items, PW_AUTHTYPE)) != NULL) {
auth_type_found = 1;
- if (strcmp(vp->vp_strvalue, inst->name))
+ if (strcmp(vp->strvalue, inst->name))
return RLM_MODULE_NOOP;
}
}
u_challenge = rad_malloc(strlen(inst->chal_prompt) +
OTP_MAX_CHALLENGE_LEN + 1);
-/* XXX */
(void) sprintf(u_challenge, inst->chal_prompt, challenge);
pairadd(&request->reply->vps,
pairmake("Reply-Message", u_challenge, T_OP_EQ));
.returned_vps = &add_vps
};
+ challenge[0] = '\0'; /* initialize for otp_pw_valid() */
+
/* User-Name attribute required. */
if (!request->username) {
otp_log(OTP_LOG_AUTH,
log_prefix, __func__);
return RLM_MODULE_INVALID;
}
- username = request->username->vp_strvalue;
+ username = request->username->strvalue;
if ((data.pwattr = otp_pwe_present(request, log_prefix)) == 0) {
otp_log(OTP_LOG_AUTH, "%s: %s: Attribute \"User-Password\" "
int32_t then; /* state timestamp */
if ((vp = pairfind(request->packet->vps, PW_STATE)) != NULL) {
- int e_length = inst->chal_len;
+ int e_length;
- /* Extend expected length if state should have been protected. */
+ /* set expected State length */
if (inst->allow_async)
- e_length += 4 + 4 + 16; /* sflags + time + hmac */
+ e_length += inst->chal_len + 4 + 4 + 16; /* see otp_gen_state() */
+ else
+ e_length = 1;
if (vp->length != e_length) {
otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: length",
if (inst->allow_async) {
/* Verify the state. */
- (void) memcpy(challenge, vp->vp_strvalue, inst->chal_len);
- (void) memcpy(&sflags, vp->vp_strvalue + inst->chal_len, 4);
- (void) memcpy(&then, vp->vp_strvalue + inst->chal_len + 4, 4);
+ (void) memcpy(challenge, vp->strvalue, inst->chal_len);
+ (void) memcpy(&sflags, vp->strvalue + inst->chal_len, 4);
+ (void) memcpy(&then, vp->strvalue + inst->chal_len + 4, 4);
if (otp_gen_state(NULL, &state, challenge, inst->chal_len,
sflags, then, hmac_key) != 0) {
otp_log(OTP_LOG_ERR, "%s: %s: failed to generate state",
log_prefix, __func__);
return RLM_MODULE_FAIL;
}
- if (memcmp(state, vp->vp_strvalue, vp->length)) {
+ if (memcmp(state, vp->strvalue, vp->length)) {
otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: hmac",
log_prefix, __func__, username);
free(state);
* is single-threaded.
*/
module_t rlm_otp = {
- RLM_MODULE_INIT,
"otp",
RLM_TYPE_THREAD_SAFE, /* type */
+ NULL, /* initialization */
otp_instantiate, /* instantiation */
- otp_detach, /* detach */
{
otp_authenticate, /* authentication */
otp_authorize, /* authorization */
NULL, /* post-proxy */
NULL /* post-auth */
},
+ otp_detach, /* detach */
+ NULL, /* destroy */
};