*
* Copyright 2000,2001,2002 The FreeRADIUS server project
* Copyright 2001,2002 Google, Inc.
- * Copyright 2005 TRI-D Systems, Inc.
+ * Copyright 2005,2006 TRI-D Systems, Inc.
*/
/*
u_challenge = rad_malloc(strlen(inst->chal_prompt) +
OTP_MAX_CHALLENGE_LEN + 1);
-/* XXX */
(void) sprintf(u_challenge, inst->chal_prompt, challenge);
pairadd(&request->reply->vps,
pairmake("Reply-Message", u_challenge, T_OP_EQ));
.returned_vps = &add_vps
};
+ challenge[0] = '\0'; /* initialize for otp_pw_valid() */
+
/* User-Name attribute required. */
if (!request->username) {
otp_log(OTP_LOG_AUTH,
int32_t then; /* state timestamp */
if ((vp = pairfind(request->packet->vps, PW_STATE)) != NULL) {
- int e_length = inst->chal_len;
+ int e_length;
- /* Extend expected length if state should have been protected. */
+ /* set expected State length */
if (inst->allow_async)
- e_length += 4 + 4 + 16; /* sflags + time + hmac */
+ e_length += inst->chal_len + 4 + 4 + 16; /* see otp_gen_state() */
+ else
+ e_length = 1;
if (vp->length != e_length) {
otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: length",