X-Git-Url: http://git.jankratochvil.net/?a=blobdiff_plain;ds=sidebyside;f=choose_authen.c;fp=choose_authen.c;h=d6b306253acbf6a48cfcf91dd73778ca6fc52aba;hb=413c510553a773cd16e2b538e4a208b4c4d9f775;hp=9329b739abc517ba0648138ba28545dcd293c4f1;hpb=a296ccf128acec69a7db2312ebcc231cd18e5944;p=tac_plus.git diff --git a/choose_authen.c b/choose_authen.c index 9329b73..d6b3062 100644 --- a/choose_authen.c +++ b/choose_authen.c @@ -1,4 +1,4 @@ -/* +/* Copyright (c) 1995-1998 by Cisco systems, Inc. Permission to use, copy, modify, and distribute this software for @@ -17,24 +17,47 @@ FITNESS FOR A PARTICULAR PURPOSE. */ + #include "tac_plus.h" + +#include "choose_authen.h" #include "expire.h" +#include "enable.h" +#include "report.h" +#include "cfgfile.h" +#include "default_fn.h" +#include "default_v0_fn.h" +#include "sendauth.h" +#include "sendpass.h" +#include "packet.h" +#include "main.h" +#include "do_author.h" /* for "struct identity" */ + +#ifdef SKEY +#include "skey_fn.h" +#endif -static int choose_login(); -static int choose_sendpass(); -static int choose_sendauth(); -int +static int choose_sendpass TAC_ARGS((struct authen_data *data, struct authen_type *type)); +static int choose_sendauth TAC_ARGS((struct authen_data *data, struct authen_type *type)); +static int choose_login TAC_ARGS((struct authen_data *data, struct authen_type *type)); + + +#if 0 /* unused */ +static int get_minor_version() { return(session.version & ~TAC_PLUS_MAJOR_VER_MASK); } +#endif /* unused */ -/* +/* * Choose an authentication function. Return CHOOSE_OK if chosen, - * CHOOSE_GETUSER if we need a username, CHOOSE_FAILED on failure + * CHOOSE_GETUSER if we need a username, CHOOSE_FAILED on failure */ +int choose_authen TAC_ARGS((struct authen_data *data, struct authen_type *type)); + int choose_authen(data, type) struct authen_data *data; @@ -51,7 +74,7 @@ struct authen_type *type; case TAC_PLUS_AUTHEN_LOGIN: /* For enabling, enable_fn handles everything. Must be minor - * version zero + * version zero */ if (data->service == TAC_PLUS_AUTHEN_SVC_ENABLE) { if (session.version != TAC_PLUS_VER_0) { @@ -74,7 +97,7 @@ struct authen_type *type; /* never heard of this lot */ report(LOG_ERR, "%s: %s %s Illegal packet ver=%d action=%d type=%d", - session.peer, + session.peer, session.port, name ? name : "", session.version, @@ -84,14 +107,16 @@ struct authen_type *type; return(CHOOSE_FAILED); } +static int choose_login TAC_ARGS((struct authen_data *data, struct authen_type *type)); + /* Choose an authentication function for action == LOGIN, service != enable */ static int choose_login(data, type) struct authen_data *data; struct authen_type *type; { - char *name = data->NAS_id->username; - char *cfg_passwd; + const char *name = data->NAS_id->username; + const char *cfg_passwd; switch(type->authen_type) { case TAC_PLUS_AUTHEN_TYPE_ASCII: @@ -108,14 +133,14 @@ struct authen_type *type; cfg_passwd = cfg_get_login_secret(name, TAC_PLUS_RECURSE); if (cfg_passwd && STREQ(cfg_passwd, "skey")) { if (debug & DEBUG_PASSWD_FLAG) - report(LOG_DEBUG, "%s %s: user %s requires skey", + report(LOG_DEBUG, "%s %s: user %s requires skey", session.peer, session.port, name); #ifdef SKEY type->authen_func = skey_fn; strcpy(type->authen_name, "skey_fn"); return (CHOOSE_OK); #else /* SKEY */ - report(LOG_ERR, + report(LOG_ERR, "%s %s: user %s s/key support has not been compiled in", name ? name : "", session.peer, session.port); @@ -130,7 +155,7 @@ struct authen_type *type; case TAC_PLUS_AUTHEN_TYPE_ARAP: #ifndef ARAP_DES - /* + /* * If we have no des code we can't do ARAP via SENDAUTH. We'll * have to do it via SENDPASS. Return a down-rev reply * packet and hope the NAS is smart enough to deal with it. @@ -145,7 +170,7 @@ struct authen_type *type; #ifdef MSCHAP case TAC_PLUS_AUTHEN_TYPE_MSCHAP: #ifndef MSCHAP_DES - /* + /* * If we have no des code we can't do MSCHAP via LOGIN. We'll * have to do it via SENDPASS. Return a down-rev reply * packet and hope the NAS is smart enough to deal with it. @@ -167,7 +192,7 @@ struct authen_type *type; } /* Version 1 login/[pap|chap|arap]. - * The username must in the initial START packet + * The username must in the initial START packet */ if (!name[0]) { report(LOG_ERR, "%s %s: No user in START packet for PAP/CHAP/ARAP", @@ -184,7 +209,7 @@ struct authen_type *type; /* Illegal value combination */ report(LOG_ERR, "%s: %s %s Illegal packet ver=%d action=%d type=%d", - session.peer, + session.peer, session.port, name ? name : "", session.version, @@ -193,6 +218,8 @@ struct authen_type *type; return(CHOOSE_FAILED); } +static int choose_sendauth TAC_ARGS((struct authen_data *data, struct authen_type *type)); + static int choose_sendauth(data, type) struct authen_data *data; @@ -204,7 +231,7 @@ struct authen_type *type; #ifdef MSCHAP case TAC_PLUS_AUTHEN_TYPE_MSCHAP: #ifndef MSCHAP_DES - /* + /* * If we have no des code we can't do MSCHAP via SENDAUTH. We'll * have to do it via SENDPASS. Return a down-rev reply * packet and hope the NAS is smart enough to deal with it. @@ -237,7 +264,7 @@ struct authen_type *type; } /* Illegal value combination */ report(LOG_ERR, "%s: %s %s Illegal packet ver=%d action=%d type=%d", - session.peer, + session.peer, session.port, name ? name : "", session.version, @@ -247,6 +274,8 @@ struct authen_type *type; return(CHOOSE_FAILED); } +static int choose_sendpass TAC_ARGS((struct authen_data *data, struct authen_type *type)); + /* Compatibility routine for (obsolete) minor version == 0 */ static int choose_sendpass(data, type) @@ -282,13 +311,12 @@ struct authen_type *type; /* Illegal value combination */ report(LOG_ERR, "%s: %s %s Illegal packet ver=%d action=%d type=%d", - session.peer, + session.peer, session.port, name ? name : "", - session.version, + session.version, data->action, type->authen_type); return(CHOOSE_FAILED); } -