import from HEAD:

[freeradius.git] / src / modules / rlm_otp / otp_rlm.c

diff --git a/src/modules/rlm_otp/otp_rlm.c b/src/modules/rlm_otp/otp_rlm.c
index b510928..cf411fc 100644 (file)
--- a/src/modules/rlm_otp/otp_rlm.c
+++ b/src/modules/rlm_otp/otp_rlm.c
@@ -49,7 +49,7 @@
 
 #include "otp.h"
 #ifdef FREERADIUS
-#include <freeradius-devel/modules.h>
+#include <modules.h>
 #endif
 
 static const char rcsid[] = "$Id$";
@@ -320,7 +320,7 @@ otp_authorize(void *instance, REQUEST *request)
     auth_type_found = 0;
     if ((vp = pairfind(request->config_items, PW_AUTHTYPE)) != NULL) {
       auth_type_found = 1;
-      if (strcmp(vp->vp_strvalue, inst->name))
+      if (strcmp(vp->strvalue, inst->name))
         return RLM_MODULE_NOOP;
     }
   }
@@ -466,7 +466,7 @@ otp_authenticate(void *instance, REQUEST *request)
             log_prefix, __func__);
     return RLM_MODULE_INVALID;
   }
-  username = request->username->vp_strvalue;
+  username = request->username->strvalue;
 
   if ((data.pwattr = otp_pwe_present(request, log_prefix)) == 0) {
     otp_log(OTP_LOG_AUTH, "%s: %s: Attribute \"User-Password\" "
@@ -489,11 +489,13 @@ otp_authenticate(void *instance, REQUEST *request)
     int32_t            then;           /* state timestamp */
 
     if ((vp = pairfind(request->packet->vps, PW_STATE)) != NULL) {
-      int e_length = inst->chal_len;
+      int e_length;
 
-      /* Extend expected length if state should have been protected. */
+      /* set expected State length */
       if (inst->allow_async)
-        e_length += 4 + 4 + 16; /* sflags + time + hmac */
+        e_length += inst->chal_len + 4 + 4 + 16; /* see otp_gen_state() */
+      else
+        e_length = 1;
 
       if (vp->length != e_length) {
         otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: length",
@@ -503,16 +505,16 @@ otp_authenticate(void *instance, REQUEST *request)
 
       if (inst->allow_async) {
         /* Verify the state. */
-        (void) memcpy(challenge, vp->vp_strvalue, inst->chal_len);
-        (void) memcpy(&sflags, vp->vp_strvalue + inst->chal_len, 4);
-        (void) memcpy(&then, vp->vp_strvalue + inst->chal_len + 4, 4);
+        (void) memcpy(challenge, vp->strvalue, inst->chal_len);
+        (void) memcpy(&sflags, vp->strvalue + inst->chal_len, 4);
+        (void) memcpy(&then, vp->strvalue + inst->chal_len + 4, 4);
         if (otp_gen_state(NULL, &state, challenge, inst->chal_len,
                           sflags, then, hmac_key) != 0) {
           otp_log(OTP_LOG_ERR, "%s: %s: failed to generate state",
                   log_prefix, __func__);
           return RLM_MODULE_FAIL;
         }
-        if (memcmp(state, vp->vp_strvalue, vp->length)) {
+        if (memcmp(state, vp->strvalue, vp->length)) {
           otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: hmac",
                   log_prefix, __func__, username);
           free(state);
@@ -576,11 +578,10 @@ otp_detach(void *instance)
  *     is single-threaded.
  */
 module_t rlm_otp = {
-  RLM_MODULE_INIT,
   "otp",
   RLM_TYPE_THREAD_SAFE,                /* type */
+  NULL,                                /* initialization */
   otp_instantiate,             /* instantiation */
-  otp_detach,                  /* detach */
   {
     otp_authenticate,          /* authentication */
     otp_authorize,             /* authorization */
@@ -591,4 +592,6 @@ module_t rlm_otp = {
     NULL,                      /* post-proxy */
     NULL                       /* post-auth */
   },
+  otp_detach,                  /* detach */
+  NULL,                                /* destroy */
 };