/*
* $Id$
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
*
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ *
+ * For alternative licensing terms, contact licensing@tri-dsystems.com.
*
* Copyright 2005,2006 TRI-D Systems, Inc.
*/
#ifndef OTP_H
#define OTP_H
-#include "ident.h"
-RCSIDH(otp_h, "$Id$");
+#include <freeradius-devel/ident.h>
+RCSIDH(otp_h, "$Id$")
#include <sys/types.h>
/*
- * NOTE: This file must be synced between plugins and otpd.
+ * NOTE: This file must be synced between plugins/otpd/lsmd/gsmd/changepin.
*/
#ifndef OTP_MAX_CHALLENGE_LEN
#define OTP_RC_SERVICE_ERR 5
#define OTP_MAX_USERNAME_LEN 31
+/* only needs to be MAX_PIN_LEN (16) + MAX_RESPONSE_LEN (16) */
#define OTP_MAX_PASSCODE_LEN 47
#define OTP_MAX_CHAP_CHALLENGE_LEN 16
#define OTP_MAX_CHAP_RESPONSE_LEN 50
} otp_pwe_t;
typedef struct otp_request_t {
- int version; /* 1 */
+ int version; /* 2 */
char username[OTP_MAX_USERNAME_LEN + 1];
char challenge[OTP_MAX_CHALLENGE_LEN + 1]; /* USER challenge */
struct {
otp_pwe_t pwe;
- char passcode[OTP_MAX_PASSCODE_LEN + 1];
- unsigned char challenge[OTP_MAX_CHAP_CHALLENGE_LEN]; /* CHAP challenge */
- size_t clen;
- unsigned char response[OTP_MAX_CHAP_RESPONSE_LEN];
- size_t rlen;
+ union {
+ struct {
+ char passcode[OTP_MAX_PASSCODE_LEN + 1];
+ } pap;
+ struct {
+ unsigned char challenge[OTP_MAX_CHAP_CHALLENGE_LEN]; /* CHAP chal */
+ size_t clen;
+ unsigned char response[OTP_MAX_CHAP_RESPONSE_LEN];
+ size_t rlen;
+ } chap;
+ } u;
} pwe;
int allow_async; /* async auth allowed? */
int allow_sync; /* sync auth allowed? */
* Copyright 2006 TRI-D Systems, Inc.
*/
-#include "ident.h"
+#include <freeradius-devel/ident.h>
RCSID("$Id$")
#include "autoconf.h"
-#include "radiusd.h"
+#include "radiusd.h
#include "modules.h"
#include "extern.h"
}
/* we already know challenge is short enough */
- otp_request.version = 1;
+ otp_request.version = 2;
(void) strcpy(otp_request.username, username);
(void) strcpy(otp_request.challenge, challenge);
otp_request.pwe.pwe = pwe;
/* otp_pwe_present() (done by caller) guarantees that both of these exist */
cvp = pairfind(request->packet->vps, pwattr[pwe - 1]);
rvp = pairfind(request->packet->vps, pwattr[pwe]);
- if (!rvp || !cvp) return RLM_MODULE_REJECT;
+ /* this is just to quiet Coverity */
+ if (!rvp || !cvp)
+ return RLM_MODULE_REJECT;
/*
* Validate available vps based on pwe type.
(void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long", username);
return RLM_MODULE_REJECT;
}
- (void) strcpy(otp_request.pwe.passcode, rvp->strvalue);
+ (void) strcpy(otp_request.pwe.u.pap.passcode, rvp->strvalue);
break;
case PWE_CHAP:
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
- otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
- otp_request.pwe.rlen = rvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->strvalue,
+ cvp->length);
+ otp_request.pwe.u.chap.clen = cvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.response, rvp->strvalue,
+ rvp->length);
+ otp_request.pwe.u.chap.rlen = rvp->length;
break;
case PWE_MSCHAP:
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
- otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
- otp_request.pwe.rlen = rvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->strvalue,
+ cvp->length);
+ otp_request.pwe.u.chap.clen = cvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.response, rvp->strvalue,
+ rvp->length);
+ otp_request.pwe.u.chap.rlen = rvp->length;
break;
case PWE_MSCHAP2:
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
- otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
- otp_request.pwe.rlen = rvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.challenge, cvp->strvalue,
+ cvp->length);
+ otp_request.pwe.u.chap.clen = cvp->length;
+ (void) memcpy(otp_request.pwe.u.chap.response, rvp->strvalue,
+ rvp->length);
+ otp_request.pwe.u.chap.rlen = rvp->length;
break;
} /* switch (otp_request.pwe.pwe) */
/* last byte must also be a terminator so otpd can verify length easily */
otp_request.username[OTP_MAX_USERNAME_LEN] = '\0';
otp_request.challenge[OTP_MAX_CHALLENGE_LEN] = '\0';
- otp_request.pwe.passcode[OTP_MAX_PASSCODE_LEN] = '\0';
+ if (otp_request.pwe.pwe == PWE_PAP)
+ otp_request.pwe.u.pap.passcode[OTP_MAX_PASSCODE_LEN] = '\0';
otp_request.allow_sync = opt->allow_sync;
otp_request.allow_async = opt->allow_async;
}
sa.sun_family = AF_UNIX;
(void) strcpy(sa.sun_path, path);
-
+
/* connect to otpd */
if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) {
(void) radlog(L_ERR, "rlm_otp: %s: socket: %s", __func__, strerror(errno));