import from HEAD:

[freeradius.git] / src / modules / rlm_otp / otp_rlm.c

diff --git a/src/modules/rlm_otp/otp_rlm.c b/src/modules/rlm_otp/otp_rlm.c
index ba6557b..cf411fc 100644 (file)
--- a/src/modules/rlm_otp/otp_rlm.c
+++ b/src/modules/rlm_otp/otp_rlm.c
@@ -18,7 +18,7 @@
  *
  * Copyright 2000,2001,2002  The FreeRADIUS server project
  * Copyright 2001,2002  Google, Inc.
- * Copyright 2005 TRI-D Systems, Inc.
+ * Copyright 2005,2006 TRI-D Systems, Inc.
  */
 
 /*
@@ -417,7 +417,6 @@ gen_challenge:
 
     u_challenge = rad_malloc(strlen(inst->chal_prompt) +
                              OTP_MAX_CHALLENGE_LEN + 1);
-/* XXX */
     (void) sprintf(u_challenge, inst->chal_prompt, challenge);
     pairadd(&request->reply->vps,
             pairmake("Reply-Message", u_challenge, T_OP_EQ));
@@ -458,6 +457,8 @@ otp_authenticate(void *instance, REQUEST *request)
     .returned_vps      = &add_vps
   };
 
+  challenge[0] = '\0'; /* initialize for otp_pw_valid() */
+
   /* User-Name attribute required. */
   if (!request->username) {
     otp_log(OTP_LOG_AUTH,
@@ -488,11 +489,13 @@ otp_authenticate(void *instance, REQUEST *request)
     int32_t            then;           /* state timestamp */
 
     if ((vp = pairfind(request->packet->vps, PW_STATE)) != NULL) {
-      int e_length = inst->chal_len;
+      int e_length;
 
-      /* Extend expected length if state should have been protected. */
+      /* set expected State length */
       if (inst->allow_async)
-        e_length += 4 + 4 + 16; /* sflags + time + hmac */
+        e_length += inst->chal_len + 4 + 4 + 16; /* see otp_gen_state() */
+      else
+        e_length = 1;
 
       if (vp->length != e_length) {
         otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: length",