X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Frlm_otp%2Fotp_pw_valid.c;h=204e20f58a02a9922c5510800bbf13840a2fe248;hb=94dc4bb60ec649ce899c1d5e32b575d9523a48f2;hp=a036231bf6e951202d14afe0901bfdab47bcd63d;hpb=453fdacff5940e4ef329694a467e582de927896c;p=freeradius.git diff --git a/src/modules/rlm_otp/otp_pw_valid.c b/src/modules/rlm_otp/otp_pw_valid.c index a036231..204e20f 100644 --- a/src/modules/rlm_otp/otp_pw_valid.c +++ b/src/modules/rlm_otp/otp_pw_valid.c @@ -18,13 +18,12 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * * - * Copyright 2006 TRI-D Systems, Inc. + * Copyright 2006,2007 TRI-D Systems, Inc. */ #include RCSID("$Id$") -#include #include #include @@ -32,14 +31,10 @@ RCSID("$Id$") #include "otp.h" #include "otp_pw_valid.h" -#include +#ifdef HAVE_PTHREAD_H #include -#include -#include -#include -#include +#endif #include -#include /* transform otpd return codes into rlm return codes */ @@ -47,13 +42,15 @@ static int otprc2rlmrc(int rc) { switch (rc) { - case OTP_RC_OK: return RLM_MODULE_OK; - case OTP_RC_USER_UNKNOWN: return RLM_MODULE_REJECT; - case OTP_RC_AUTHINFO_UNAVAIL: return RLM_MODULE_REJECT; - case OTP_RC_AUTH_ERR: return RLM_MODULE_REJECT; - case OTP_RC_MAXTRIES: return RLM_MODULE_USERLOCK; - case OTP_RC_SERVICE_ERR: return RLM_MODULE_FAIL; - default: return RLM_MODULE_FAIL; + case OTP_RC_OK: return RLM_MODULE_OK; + case OTP_RC_USER_UNKNOWN: return RLM_MODULE_REJECT; + case OTP_RC_AUTHINFO_UNAVAIL: return RLM_MODULE_REJECT; + case OTP_RC_AUTH_ERR: return RLM_MODULE_REJECT; + case OTP_RC_MAXTRIES: return RLM_MODULE_USERLOCK; + case OTP_RC_NEXTPASSCODE: return RLM_MODULE_USERLOCK; + case OTP_RC_IPIN: return RLM_MODULE_REJECT; + case OTP_RC_SERVICE_ERR: return RLM_MODULE_FAIL; + default: return RLM_MODULE_FAIL; } } @@ -89,14 +86,17 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, } /* we already know challenge is short enough */ - otp_request.version = 1; + otp_request.version = 2; (void) strcpy(otp_request.username, username); (void) strcpy(otp_request.challenge, challenge); otp_request.pwe.pwe = pwe; /* otp_pwe_present() (done by caller) guarantees that both of these exist */ - cvp = pairfind(request->packet->vps, pwattr[pwe - 1]); - rvp = pairfind(request->packet->vps, pwattr[pwe]); + cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor); + rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor); + /* this is just to quiet Coverity */ + if (!rvp || !cvp) + return RLM_MODULE_REJECT; /* * Validate available vps based on pwe type. @@ -108,7 +108,7 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, (void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long", username); return RLM_MODULE_REJECT; } - (void) strcpy(otp_request.pwe.passcode, rvp->vp_strvalue); + (void) strcpy(otp_request.pwe.u.pap.passcode, rvp->vp_strvalue); break; case PWE_CHAP: @@ -122,10 +122,12 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, username); return RLM_MODULE_INVALID; } - (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length); - otp_request.pwe.clen = cvp->length; - (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length); - otp_request.pwe.rlen = rvp->length; + (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->vp_strvalue, + cvp->length); + otp_request.pwe.u.chap.clen = cvp->length; + (void) memcpy(otp_request.pwe.u.chap.response, rvp->vp_strvalue, + rvp->length); + otp_request.pwe.u.chap.rlen = rvp->length; break; case PWE_MSCHAP: @@ -139,10 +141,12 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, username); return RLM_MODULE_INVALID; } - (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length); - otp_request.pwe.clen = cvp->length; - (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length); - otp_request.pwe.rlen = rvp->length; + (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->vp_strvalue, + cvp->length); + otp_request.pwe.u.chap.clen = cvp->length; + (void) memcpy(otp_request.pwe.u.chap.response, rvp->vp_strvalue, + rvp->length); + otp_request.pwe.u.chap.rlen = rvp->length; break; case PWE_MSCHAP2: @@ -156,17 +160,20 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, username); return RLM_MODULE_INVALID; } - (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length); - otp_request.pwe.clen = cvp->length; - (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length); - otp_request.pwe.rlen = rvp->length; + (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->vp_strvalue, + cvp->length); + otp_request.pwe.u.chap.clen = cvp->length; + (void) memcpy(otp_request.pwe.u.chap.response, rvp->vp_strvalue, + rvp->length); + otp_request.pwe.u.chap.rlen = rvp->length; break; } /* switch (otp_request.pwe.pwe) */ /* last byte must also be a terminator so otpd can verify length easily */ otp_request.username[OTP_MAX_USERNAME_LEN] = '\0'; otp_request.challenge[OTP_MAX_CHALLENGE_LEN] = '\0'; - otp_request.pwe.passcode[OTP_MAX_PASSCODE_LEN] = '\0'; + if (otp_request.pwe.pwe == PWE_PAP) + otp_request.pwe.u.pap.passcode[OTP_MAX_PASSCODE_LEN] = '\0'; otp_request.allow_sync = opt->allow_sync; otp_request.allow_async = opt->allow_async; @@ -199,8 +206,7 @@ retry: if (!fdp || fdp->fd == -1) return -1; - if ((rc = otp_write(fdp, (const char *) request, sizeof(*request))) != 0) { - if (rc == EPIPE) + if ((rc = otp_write(fdp, (const char *) request, sizeof(*request))) != sizeof(*request)) { if (rc == 0) goto retry; /* otpd disconnect */ /*TODO: pause */ else return -1; @@ -277,7 +283,7 @@ otp_write(otp_fd_t *fdp, const char *buf, size_t len) while (nleft) { if ((nwrote = write(fdp->fd, &buf[len - nleft], nleft)) == -1) { - if (errno == EINTR || errno == EPIPE) { + if (errno == EINTR) { continue; } else { (void) radlog(L_ERR, "rlm_otp: %s: write to otpd: %s", @@ -309,7 +315,7 @@ otp_connect(const char *path) } sa.sun_family = AF_UNIX; (void) strcpy(sa.sun_path, path); - + /* connect to otpd */ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) { (void) radlog(L_ERR, "rlm_otp: %s: socket: %s", __func__, strerror(errno));