Add support for xlat'd challenge in rlm_eap_gtc

[freeradius.git] / src / modules / rlm_eap / types / rlm_eap_gtc / rlm_eap_gtc.c

diff --git a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c
index b8d3a25..60e6eb2 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c
+++ b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c
@@ -90,7 +90,7 @@ static int gtc_attach(CONF_SECTION *cs, void **instance)
                return -1;
        }
 
-       dval = dict_valbyname(PW_AUTH_TYPE, inst->auth_type_name);
+       dval = dict_valbyname(PW_AUTH_TYPE, 0, inst->auth_type_name);
        if (!dval) {
                radlog(L_ERR, "rlm_eap_gtc: Unknown Auth-Type %s",
                       inst->auth_type_name);
@@ -110,14 +110,17 @@ static int gtc_attach(CONF_SECTION *cs, void **instance)
  */
 static int gtc_initiate(void *type_data, EAP_HANDLER *handler)
 {
+       char challenge_str[1024];
        int length;
        EAP_DS *eap_ds = handler->eap_ds;
        rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) type_data;
 
-       /*
-        *      FIXME: call radius_xlat on the challenge
-        */
-       length = strlen(inst->challenge);
+       if (!radius_xlat(challenge_str, sizeof(challenge_str), inst->challenge, handler->request, NULL)) {
+               radlog(L_ERR, "rlm_eap_gtc: xlat failed.", inst->challenge);
+               return 0;
+       }
+
+       length = strlen(challenge_str);
 
        /*
         *      We're sending a request...
@@ -130,7 +133,7 @@ static int gtc_initiate(void *type_data, EAP_HANDLER *handler)
                return 0;
        }
 
-       memcpy(eap_ds->request->type.data, inst->challenge, length);
+       memcpy(eap_ds->request->type.data, challenge_str, length);
        eap_ds->request->type.length = length;
 
        /*
@@ -192,7 +195,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler)
                /*
                 *      For now, do clear-text password authentication.
                 */
-               vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD);
+               vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0);
                if (!vp) {
                        DEBUG2("  rlm_eap_gtc: ERROR: Cleartext-Password is required for authentication.");
                        eap_ds->request->code = PW_EAP_FAILURE;
@@ -200,7 +203,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler)
                }
 
                if (eap_ds->response->type.length != vp->length) {
-                       DEBUG2("  rlm_eap_gtc: ERROR: Passwords are of different length. %d %d", eap_ds->response->type.length, vp->length);
+                 DEBUG2("  rlm_eap_gtc: ERROR: Passwords are of different length. %d %d", (int) eap_ds->response->type.length, (int) vp->length);
                        eap_ds->request->code = PW_EAP_FAILURE;
                        return 0;
                }
@@ -223,7 +226,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler)
                 *      If there was a User-Password in the request,
                 *      why the heck are they using EAP-GTC?
                 */
-               pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD);
+               pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0);
 
                vp = pairmake("User-Password", "", T_OP_EQ);
                if (!vp) {