From: fcusack Date: Thu, 8 Dec 2005 02:07:31 +0000 (+0000) Subject: backport from HEAD X-Git-Tag: release_1_1_0_pre0~53 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff_plain;h=93233da20a83ecb4e2815466ce3fa35a6dd2e71d backport from HEAD --- 93233da20a83ecb4e2815466ce3fa35a6dd2e71d diff --cc src/modules/rlm_otp/configure index 9c20df0,9c20df0..fa7d77f --- a/src/modules/rlm_otp/configure +++ b/src/modules/rlm_otp/configure @@@ -838,6 -838,6 +838,13 @@@ if test -n "$ac_init_help"; the cat <<\_ACEOF ++Optional Packages: ++ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] ++ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) ++ --with-rlm-otp-lib-dir directory for otp libs ++ --with-rlm-otp-include-dir directory for otp includes ++ --with-openssl-includes=DIR Directory to look for OpenSSL include files ++ Some influential environment variables: CC C compiler command CFLAGS C compiler flags @@@ -2857,9 -2857,9 +2864,30 @@@ f -- if test "x$OPENSSL_LIBS" = "x"; then -- fail="$fail OpenSSL" -- fi ++ ++# Check whether --with-rlm-otp-lib-dir or --without-rlm-otp-lib-dir was given. ++if test "${with_rlm_otp_lib_dir+set}" = set; then ++ withval="$with_rlm_otp_lib_dir" ++ otp_ldflags="$otp_ldflags -L$withval" ++fi; ++ ++# Check whether --with-rlm-otp-include-dir or --without-rlm-otp-include-dir was given. ++if test "${with_rlm_otp_include_dir+set}" = set; then ++ withval="$with_rlm_otp_include_dir" ++ otp_cflags="$otp_cflags -I$withval" ++fi; ++ ++ ++# Check whether --with-openssl-includes or --without-openssl-includes was given. ++if test "${with_openssl_includes+set}" = set; then ++ withval="$with_openssl_includes" ++ case "$withval" in ++ *) ++ SMART_CFLAGS="$SMART_CFLAGS -I$withval" ++ ;; ++ esac ++ ++fi; targetname=rlm_otp # keep this! Don't change! else diff --cc src/modules/rlm_otp/configure.in index 2b0af76,2b0af76..06e24a9 --- a/src/modules/rlm_otp/configure.in +++ b/src/modules/rlm_otp/configure.in @@@ -15,9 -15,9 +15,25 @@@ if test x$with_[]modname != xno; the [ fail="$fail inttypes.h" ] ) -- if test "x$OPENSSL_LIBS" = "x"; then -- fail="$fail OpenSSL" -- fi ++ dnl mostly for openssl ++ AC_ARG_WITH(rlm-otp-lib-dir, ++ [ --with-rlm-otp-lib-dir directory for otp libs], ++ otp_ldflags="$otp_ldflags -L$withval") ++ AC_ARG_WITH(rlm-otp-include-dir, ++ [ --with-rlm-otp-include-dir directory for otp includes], ++ otp_cflags="$otp_cflags -I$withval") ++ ++ dnl # ++ dnl # extra argument: --openssl-includes=dir ++ dnl # ++ AC_ARG_WITH(openssl-includes, ++ [ --with-openssl-includes=DIR Directory to look for OpenSSL include files], ++ [ case "$withval" in ++ *) ++ SMART_CFLAGS="$SMART_CFLAGS -I$withval" ++ ;; ++ esac ] ++ ) targetname=modname # keep this! Don't change! else diff --cc src/modules/rlm_otp/otp_pwe.c index 0eac7fc,0eac7fc..6fd23cc --- a/src/modules/rlm_otp/otp_pwe.c +++ b/src/modules/rlm_otp/otp_pwe.c @@@ -29,7 -29,7 +29,7 @@@ #ifdef FREERADIUS #define _LRAD_MD4_H #define _LRAD_SHA1_H --#include ++#include #endif #include "otp.h" #include "otp_pwe.h" @@@ -157,7 -157,7 +157,7 @@@ otp_pwe_cmp(struct otp_pwe_cmp_t *data switch(pwattr[attr]) { case PW_PASSWORD: DEBUG("%s: %s: handling PW_PASSWORD", log_prefix, __func__); -- nmatch = strcmp(password, resp_vp->vp_strvalue); ++ nmatch = strcmp(password, resp_vp->strvalue); break; case PW_CHAP_PASSWORD: @@@ -190,12 -190,12 +190,12 @@@ nmatch = -1; break; } -- input[0] = *(resp_vp->vp_strvalue); ++ input[0] = *(resp_vp->strvalue); (void) memcpy(&input[1], password, strlen(password)); -- (void) memcpy(&input[1+strlen(password)], chal_vp->vp_strvalue, ++ (void) memcpy(&input[1+strlen(password)], chal_vp->strvalue, chal_vp->length); (void) MD5(input, 1 + strlen(password) + chal_vp->length, output); -- nmatch = memcmp(output, &(resp_vp->vp_strvalue)[1], MD5_DIGEST_LENGTH); ++ nmatch = memcmp(output, &(resp_vp->strvalue)[1], MD5_DIGEST_LENGTH); } /* case PW_CHAP_PASSWORD */ break; @@@ -237,7 -237,7 +237,7 @@@ nmatch = -1; break; } -- if ((resp_vp->vp_strvalue)[1] != 1) { ++ if ((resp_vp->strvalue)[1] != 1) { otp_log(OTP_LOG_AUTH, "%s: %s: MS-CHAP-Response bad flags (LM not supported)", log_prefix, __func__); @@@ -268,7 -268,7 +268,7 @@@ (void) MD4(input, 2 * password_len, nt_keys); /* The challenge gets encrypted. */ -- (void) memcpy(input, chal_vp->vp_strvalue, 8); ++ (void) memcpy(input, chal_vp->strvalue, 8); /* Convert the password hash to keys, and do the encryptions. */ for (i = 0; i < 3; ++i) { @@@ -282,7 -282,7 +282,7 @@@ ks, DES_ENCRYPT); } -- nmatch = memcmp(output, resp_vp->vp_strvalue + 26, 24); ++ nmatch = memcmp(output, resp_vp->strvalue + 26, 24); if (nmatch || !vps) break; @@@ -412,12 -412,12 +412,12 @@@ { SHA_CTX ctx; unsigned char md[SHA_DIGEST_LENGTH]; -- char *username = request->username->vp_strvalue; ++ char *username = request->username->strvalue; int username_len = request->username->length; SHA1_Init(&ctx); -- SHA1_Update(&ctx, resp_vp->vp_strvalue + 2, 16); -- SHA1_Update(&ctx, chal_vp->vp_strvalue, 16); ++ SHA1_Update(&ctx, resp_vp->strvalue + 2, 16); ++ SHA1_Update(&ctx, chal_vp->strvalue, 16); SHA1_Update(&ctx, username, username_len); SHA1_Final(md, &ctx); @@@ -436,7 -436,7 +436,7 @@@ ks, DES_ENCRYPT); } -- nmatch = memcmp(output, resp_vp->vp_strvalue + 26, 24); ++ nmatch = memcmp(output, resp_vp->strvalue + 26, 24); if (nmatch || !vps) break; @@@ -466,7 -466,7 +466,7 @@@ /* 0x (ID) ( ASCII("S="ASCII(auth_md))) */ char auth_octet_string[2 + 2 + (2 * sizeof(auth_md_string))]; -- char *username = request->username->vp_strvalue; ++ char *username = request->username->strvalue; int username_len = request->username->length; /* "Magic server to client signing constant" */ @@@ -487,14 -487,14 +487,14 @@@ (void) MD4(nt_keys, MD4_DIGEST_LENGTH, password_md_md); SHA1_Init(&ctx); SHA1_Update(&ctx, password_md_md, MD4_DIGEST_LENGTH); -- SHA1_Update(&ctx, resp_vp->vp_strvalue + 26, 24); ++ SHA1_Update(&ctx, resp_vp->strvalue + 26, 24); SHA1_Update(&ctx, magic1, sizeof(magic1)); SHA1_Final(md1, &ctx); /* MD2 */ SHA1_Init(&ctx); -- SHA1_Update(&ctx, resp_vp->vp_strvalue + 2, 16); -- SHA1_Update(&ctx, chal_vp->vp_strvalue, 16); ++ SHA1_Update(&ctx, resp_vp->strvalue + 2, 16); ++ SHA1_Update(&ctx, chal_vp->strvalue, 16); SHA1_Update(&ctx, username, username_len); SHA1_Final(md2, &ctx); @@@ -514,7 -514,7 +514,7 @@@ /* And then octet conversion. Ugh! */ auth_octet_string[0] = '0'; auth_octet_string[1] = 'x'; -- (void) sprintf(&auth_octet_string[2], "%02X", resp_vp->vp_strvalue[0]); ++ (void) sprintf(&auth_octet_string[2], "%02X", resp_vp->strvalue[0]); for (i = 0; i < sizeof(auth_md_string) - 1; ++i) (void) sprintf(&auth_octet_string[i * 2 +4], "%02X", auth_md_string[i]); @@@ -624,7 -624,7 +624,7 @@@ /* Generate the master session key. */ SHA1_Init(&ctx); SHA1_Update(&ctx, password_md_md, MD4_DIGEST_LENGTH); -- SHA1_Update(&ctx, resp_vp->vp_strvalue + 26, 24); ++ SHA1_Update(&ctx, resp_vp->strvalue + 26, 24); SHA1_Update(&ctx, Magic1, sizeof(Magic1)); SHA1_Final(sha_md, &ctx); (void) memcpy(MasterKey, sha_md, 16); diff --cc src/modules/rlm_otp/otp_rad.h index dfad2d3,dfad2d3..a379ea6 --- a/src/modules/rlm_otp/otp_rad.h +++ b/src/modules/rlm_otp/otp_rad.h @@@ -23,8 -23,8 +23,8 @@@ #ifndef OTP_RAD_H #define OTP_RAD_H --#include --#include ++#include ++#include #define OTP_LOG_DEBUG L_DBG #define OTP_LOG_ERR L_ERR #define OTP_LOG_AUTH L_AUTH @@@ -37,7 -37,7 +37,7 @@@ extern int otp_gen_state(char **, unsig int32_t, int32_t, const unsigned char [16]); /* otp_pwe.c */ --#include /* VALUE_PAIR */ ++#include /* VALUE_PAIR */ struct otp_pwe_cmp_t { const REQUEST *request; const otp_option_t *inst; diff --cc src/modules/rlm_otp/otp_rlm.c index a138408,a138408..ba6557b --- a/src/modules/rlm_otp/otp_rlm.c +++ b/src/modules/rlm_otp/otp_rlm.c @@@ -49,7 -49,7 +49,7 @@@ #include "otp.h" #ifdef FREERADIUS --#include ++#include #endif static const char rcsid[] = "$Id$"; @@@ -320,7 -320,7 +320,7 @@@ otp_authorize(void *instance, REQUEST * auth_type_found = 0; if ((vp = pairfind(request->config_items, PW_AUTHTYPE)) != NULL) { auth_type_found = 1; -- if (strcmp(vp->vp_strvalue, inst->name)) ++ if (strcmp(vp->strvalue, inst->name)) return RLM_MODULE_NOOP; } } @@@ -465,7 -465,7 +465,7 @@@ otp_authenticate(void *instance, REQUES log_prefix, __func__); return RLM_MODULE_INVALID; } -- username = request->username->vp_strvalue; ++ username = request->username->strvalue; if ((data.pwattr = otp_pwe_present(request, log_prefix)) == 0) { otp_log(OTP_LOG_AUTH, "%s: %s: Attribute \"User-Password\" " @@@ -502,16 -502,16 +502,16 @@@ if (inst->allow_async) { /* Verify the state. */ -- (void) memcpy(challenge, vp->vp_strvalue, inst->chal_len); -- (void) memcpy(&sflags, vp->vp_strvalue + inst->chal_len, 4); -- (void) memcpy(&then, vp->vp_strvalue + inst->chal_len + 4, 4); ++ (void) memcpy(challenge, vp->strvalue, inst->chal_len); ++ (void) memcpy(&sflags, vp->strvalue + inst->chal_len, 4); ++ (void) memcpy(&then, vp->strvalue + inst->chal_len + 4, 4); if (otp_gen_state(NULL, &state, challenge, inst->chal_len, sflags, then, hmac_key) != 0) { otp_log(OTP_LOG_ERR, "%s: %s: failed to generate state", log_prefix, __func__); return RLM_MODULE_FAIL; } -- if (memcmp(state, vp->vp_strvalue, vp->length)) { ++ if (memcmp(state, vp->strvalue, vp->length)) { otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: hmac", log_prefix, __func__, username); free(state); @@@ -575,11 -575,11 +575,10 @@@ otp_detach(void *instance * is single-threaded. */ module_t rlm_otp = { -- RLM_MODULE_INIT, "otp", RLM_TYPE_THREAD_SAFE, /* type */ ++ NULL, /* initialization */ otp_instantiate, /* instantiation */ -- otp_detach, /* detach */ { otp_authenticate, /* authentication */ otp_authorize, /* authorization */ @@@ -590,4 -590,4 +589,6 @@@ NULL, /* post-proxy */ NULL /* post-auth */ }, ++ otp_detach, /* detach */ ++ NULL, /* destroy */ };