* Copyright 2006 TRI-D Systems, Inc.
*/
-#include "ident.h"
-RCSID("$Id$")
+static const char rcsid[] = "$Id$";
-#include <freeradius-devel/autoconf.h>
-#include <freeradius-devel/radiusd.h>
-#include <freeradius-devel/modules.h>
+#include "autoconf.h"
+#include "radiusd.h"
+#include "modules.h"
#include "extern.h"
#include "otp.h"
otp_request_t otp_request;
otp_reply_t otp_reply;
VALUE_PAIR *cvp, *rvp;
- char *username = request->username->vp_strvalue;
+ char *username = request->username->strvalue;
int rc;
if (request->username->length > OTP_MAX_USERNAME_LEN) {
- (void) radlog(L_AUTH, "rlm_otp: username [%s] too long", username);
+ (void) radlog(L_AUTH, "rlm_otp: username [%s] too long\n", username);
return RLM_MODULE_REJECT;
}
/* we already know challenge is short enough */
switch (otp_request.pwe.pwe) {
case PWE_PAP:
if (rvp->length > OTP_MAX_PASSCODE_LEN) {
- (void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long", username);
+ (void) radlog(L_AUTH, "rlm_otp: passcode for [%s] too long\n",
+ username);
return RLM_MODULE_REJECT;
}
- (void) strcpy(otp_request.pwe.passcode, rvp->vp_strvalue);
+ (void) strcpy(otp_request.pwe.passcode, rvp->strvalue);
break;
case PWE_CHAP:
if (cvp->length > 16) {
- (void) radlog(L_AUTH, "rlm_otp: CHAP challenge for [%s] too long",
+ (void) radlog(L_AUTH, "rlm_otp: CHAP challenge for [%s] too long\n",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 17) {
- (void) radlog(L_AUTH, "rlm_otp: CHAP response for [%s] wrong size",
+ (void) radlog(L_AUTH, "rlm_otp: CHAP response for [%s] wrong size\n",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
case PWE_MSCHAP:
if (cvp->length != 8) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP challenge for [%s] wrong size",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP challenge for [%s] wrong size\n",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP response for [%s] wrong size",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP response for [%s] wrong size\n",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
case PWE_MSCHAP2:
if (cvp->length != 16) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 challenge for [%s] wrong size",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 challenge for [%s] wrong size\n",
username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 response for [%s] wrong size",
+ (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 response for [%s] wrong size\n",
username);
return RLM_MODULE_INVALID;
}
- (void) memcpy(otp_request.pwe.challenge, cvp->vp_strvalue, cvp->length);
+ (void) memcpy(otp_request.pwe.challenge, cvp->strvalue, cvp->length);
otp_request.pwe.clen = cvp->length;
- (void) memcpy(otp_request.pwe.response, rvp->vp_strvalue, rvp->length);
+ (void) memcpy(otp_request.pwe.response, rvp->strvalue, rvp->length);
otp_request.pwe.rlen = rvp->length;
break;
} /* switch (otp_request.pwe.pwe) */
(void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid "
"(version %d != 1)",
request->username, reply->version);
+ otp_putfd(fdp, 1);
return -1;
}
if (reply->passcode[OTP_MAX_PASSCODE_LEN] != '\0') {
(void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid (passcode)",
request->username);
+ otp_putfd(fdp, 1);
return -1;
}
+ otp_putfd(fdp, 0);
return reply->rc;
}
} else {
(void) radlog(L_ERR, "rlm_otp: %s: read from otpd: %s",
__func__, strerror(errno));
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return -1;
}
}
if (!n) {
(void) radlog(L_ERR, "rlm_otp: %s: otpd disconnect", __func__);
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return 0;
}
nread += n;
} else {
(void) radlog(L_ERR, "rlm_otp: %s: write to otpd: %s",
__func__, strerror(errno));
- otp_putfd(fdp);
+ otp_putfd(fdp, 1);
return errno;
}
}
return fdp;
}
- /* disconnect from otpd */
+ /* release fd, and optionally disconnect from otpd */
static void
- otp_putfd(otp_fd_t *fdp)
+ otp_putfd(otp_fd_t *fdp, int disconnect)
{
- (void) close(fdp->fd);
- fdp->fd = -1;
+ if (disconnect) {
+ (void) close(fdp->fd);
+ fdp->fd = -1;
+ }
+
/* make connection available to another thread */
otp_pthread_mutex_unlock(&fdp->mutex);
}