cat <<\_ACEOF
++Optional Packages:
++ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
++ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
++ --with-rlm-otp-lib-dir directory for otp libs
++ --with-rlm-otp-include-dir directory for otp includes
++ --with-openssl-includes=DIR Directory to look for OpenSSL include files
++
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
-- if test "x$OPENSSL_LIBS" = "x"; then
-- fail="$fail OpenSSL"
-- fi
++
++# Check whether --with-rlm-otp-lib-dir or --without-rlm-otp-lib-dir was given.
++if test "${with_rlm_otp_lib_dir+set}" = set; then
++ withval="$with_rlm_otp_lib_dir"
++ otp_ldflags="$otp_ldflags -L$withval"
++fi;
++
++# Check whether --with-rlm-otp-include-dir or --without-rlm-otp-include-dir was given.
++if test "${with_rlm_otp_include_dir+set}" = set; then
++ withval="$with_rlm_otp_include_dir"
++ otp_cflags="$otp_cflags -I$withval"
++fi;
++
++
++# Check whether --with-openssl-includes or --without-openssl-includes was given.
++if test "${with_openssl_includes+set}" = set; then
++ withval="$with_openssl_includes"
++ case "$withval" in
++ *)
++ SMART_CFLAGS="$SMART_CFLAGS -I$withval"
++ ;;
++ esac
++
++fi;
targetname=rlm_otp # keep this! Don't change!
else
#ifdef FREERADIUS
#define _LRAD_MD4_H
#define _LRAD_SHA1_H
--#include <freeradius-devel/rad_assert.h>
++#include <rad_assert.h>
#endif
#include "otp.h"
#include "otp_pwe.h"
switch(pwattr[attr]) {
case PW_PASSWORD:
DEBUG("%s: %s: handling PW_PASSWORD", log_prefix, __func__);
-- nmatch = strcmp(password, resp_vp->vp_strvalue);
++ nmatch = strcmp(password, resp_vp->strvalue);
break;
case PW_CHAP_PASSWORD:
nmatch = -1;
break;
}
-- input[0] = *(resp_vp->vp_strvalue);
++ input[0] = *(resp_vp->strvalue);
(void) memcpy(&input[1], password, strlen(password));
-- (void) memcpy(&input[1+strlen(password)], chal_vp->vp_strvalue,
++ (void) memcpy(&input[1+strlen(password)], chal_vp->strvalue,
chal_vp->length);
(void) MD5(input, 1 + strlen(password) + chal_vp->length, output);
-- nmatch = memcmp(output, &(resp_vp->vp_strvalue)[1], MD5_DIGEST_LENGTH);
++ nmatch = memcmp(output, &(resp_vp->strvalue)[1], MD5_DIGEST_LENGTH);
} /* case PW_CHAP_PASSWORD */
break;
nmatch = -1;
break;
}
-- if ((resp_vp->vp_strvalue)[1] != 1) {
++ if ((resp_vp->strvalue)[1] != 1) {
otp_log(OTP_LOG_AUTH,
"%s: %s: MS-CHAP-Response bad flags (LM not supported)",
log_prefix, __func__);
(void) MD4(input, 2 * password_len, nt_keys);
/* The challenge gets encrypted. */
-- (void) memcpy(input, chal_vp->vp_strvalue, 8);
++ (void) memcpy(input, chal_vp->strvalue, 8);
/* Convert the password hash to keys, and do the encryptions. */
for (i = 0; i < 3; ++i) {
ks, DES_ENCRYPT);
}
-- nmatch = memcmp(output, resp_vp->vp_strvalue + 26, 24);
++ nmatch = memcmp(output, resp_vp->strvalue + 26, 24);
if (nmatch || !vps)
break;
{
SHA_CTX ctx;
unsigned char md[SHA_DIGEST_LENGTH];
-- char *username = request->username->vp_strvalue;
++ char *username = request->username->strvalue;
int username_len = request->username->length;
SHA1_Init(&ctx);
-- SHA1_Update(&ctx, resp_vp->vp_strvalue + 2, 16);
-- SHA1_Update(&ctx, chal_vp->vp_strvalue, 16);
++ SHA1_Update(&ctx, resp_vp->strvalue + 2, 16);
++ SHA1_Update(&ctx, chal_vp->strvalue, 16);
SHA1_Update(&ctx, username, username_len);
SHA1_Final(md, &ctx);
ks, DES_ENCRYPT);
}
-- nmatch = memcmp(output, resp_vp->vp_strvalue + 26, 24);
++ nmatch = memcmp(output, resp_vp->strvalue + 26, 24);
if (nmatch || !vps)
break;
/* 0x (ID) ( ASCII("S="ASCII(auth_md))) */
char auth_octet_string[2 + 2 + (2 * sizeof(auth_md_string))];
-- char *username = request->username->vp_strvalue;
++ char *username = request->username->strvalue;
int username_len = request->username->length;
/* "Magic server to client signing constant" */
(void) MD4(nt_keys, MD4_DIGEST_LENGTH, password_md_md);
SHA1_Init(&ctx);
SHA1_Update(&ctx, password_md_md, MD4_DIGEST_LENGTH);
-- SHA1_Update(&ctx, resp_vp->vp_strvalue + 26, 24);
++ SHA1_Update(&ctx, resp_vp->strvalue + 26, 24);
SHA1_Update(&ctx, magic1, sizeof(magic1));
SHA1_Final(md1, &ctx);
/* MD2 */
SHA1_Init(&ctx);
-- SHA1_Update(&ctx, resp_vp->vp_strvalue + 2, 16);
-- SHA1_Update(&ctx, chal_vp->vp_strvalue, 16);
++ SHA1_Update(&ctx, resp_vp->strvalue + 2, 16);
++ SHA1_Update(&ctx, chal_vp->strvalue, 16);
SHA1_Update(&ctx, username, username_len);
SHA1_Final(md2, &ctx);
/* And then octet conversion. Ugh! */
auth_octet_string[0] = '0';
auth_octet_string[1] = 'x';
-- (void) sprintf(&auth_octet_string[2], "%02X", resp_vp->vp_strvalue[0]);
++ (void) sprintf(&auth_octet_string[2], "%02X", resp_vp->strvalue[0]);
for (i = 0; i < sizeof(auth_md_string) - 1; ++i)
(void) sprintf(&auth_octet_string[i * 2 +4], "%02X", auth_md_string[i]);
/* Generate the master session key. */
SHA1_Init(&ctx);
SHA1_Update(&ctx, password_md_md, MD4_DIGEST_LENGTH);
-- SHA1_Update(&ctx, resp_vp->vp_strvalue + 26, 24);
++ SHA1_Update(&ctx, resp_vp->strvalue + 26, 24);
SHA1_Update(&ctx, Magic1, sizeof(Magic1));
SHA1_Final(sha_md, &ctx);
(void) memcpy(MasterKey, sha_md, 16);
#include "otp.h"
#ifdef FREERADIUS
--#include <freeradius-devel/modules.h>
++#include <modules.h>
#endif
static const char rcsid[] = "$Id$";
auth_type_found = 0;
if ((vp = pairfind(request->config_items, PW_AUTHTYPE)) != NULL) {
auth_type_found = 1;
-- if (strcmp(vp->vp_strvalue, inst->name))
++ if (strcmp(vp->strvalue, inst->name))
return RLM_MODULE_NOOP;
}
}
log_prefix, __func__);
return RLM_MODULE_INVALID;
}
-- username = request->username->vp_strvalue;
++ username = request->username->strvalue;
if ((data.pwattr = otp_pwe_present(request, log_prefix)) == 0) {
otp_log(OTP_LOG_AUTH, "%s: %s: Attribute \"User-Password\" "
if (inst->allow_async) {
/* Verify the state. */
-- (void) memcpy(challenge, vp->vp_strvalue, inst->chal_len);
-- (void) memcpy(&sflags, vp->vp_strvalue + inst->chal_len, 4);
-- (void) memcpy(&then, vp->vp_strvalue + inst->chal_len + 4, 4);
++ (void) memcpy(challenge, vp->strvalue, inst->chal_len);
++ (void) memcpy(&sflags, vp->strvalue + inst->chal_len, 4);
++ (void) memcpy(&then, vp->strvalue + inst->chal_len + 4, 4);
if (otp_gen_state(NULL, &state, challenge, inst->chal_len,
sflags, then, hmac_key) != 0) {
otp_log(OTP_LOG_ERR, "%s: %s: failed to generate state",
log_prefix, __func__);
return RLM_MODULE_FAIL;
}
-- if (memcmp(state, vp->vp_strvalue, vp->length)) {
++ if (memcmp(state, vp->strvalue, vp->length)) {
otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: hmac",
log_prefix, __func__, username);
free(state);
* is single-threaded.
*/
module_t rlm_otp = {
-- RLM_MODULE_INIT,
"otp",
RLM_TYPE_THREAD_SAFE, /* type */
++ NULL, /* initialization */
otp_instantiate, /* instantiation */
-- otp_detach, /* detach */
{
otp_authenticate, /* authentication */
otp_authorize, /* authorization */
NULL, /* post-proxy */
NULL /* post-auth */
},
++ otp_detach, /* detach */
++ NULL, /* destroy */
};