-/*
+/*
Copyright (c) 1995-1998 by Cisco systems, Inc.
Permission to use, copy, modify, and distribute this software for
FITNESS FOR A PARTICULAR PURPOSE.
*/
+
#include "tac_plus.h"
-static int choose();
-static void authenticate();
-static void do_start();
+#include <stdlib.h>
+#include <netinet/in.h> /* for ntohl() */
+
+#include "authen.h"
+#include "packet.h"
+#include "report.h"
+#include "utils.h"
+#include "choose_authen.h"
+#include "do_author.h" /* for "struct identity" */
+#include "main.h"
+#include "cfgfile.h"
+
+#ifdef TCPWRAPPER
+#include "tcpwrap.h"
+#endif
+
+
+static void do_start TAC_ARGS((u_char *pak));
+static int choose TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+static void authenticate TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
+
+/* Configurable:
+ */
+
+#define TAC_PLUS_MAX_ITERATIONS 50
+
/*
* Come here when we receive an authentication START packet
*/
+void authen TAC_ARGS((u_char *pak));
+
void
authen(pak)
u_char *pak;
start = (struct authen_start *) (pak + TAC_PLUS_HDR_SIZE);
if ((hdr->seq_no != 1) ||
- (ntohl(hdr->datalength) != TAC_AUTHEN_START_FIXED_FIELDS_SIZE +
+ ((unsigned long) ntohl(hdr->datalength) != (unsigned long)(TAC_AUTHEN_START_FIXED_FIELDS_SIZE +
start->user_len + start->port_len + start->rem_addr_len +
- start->data_len)) {
+ start->data_len))) {
send_authen_error("Invalid AUTHEN/START packet (check keys)");
return;
}
* attempt to authenticate.
*/
+static void do_start TAC_ARGS((u_char *pak));
+
static void
do_start(pak)
u_char *pak;
identity.priv_lvl = start->priv_lvl;
+ cfg_request_identity(&identity);
+
/* The authen_data structure */
bzero(&authen_data, sizeof(struct authen_data));
* authentication function to call to actually do the work. */
#ifdef TCPWRAPPER
-if (check_from_wrap(&identity)) {
+if (check_from_wrap(&identity)) {
#endif
ret = choose(&authen_data, &authen_type);
authen_data.client_data = NULL;
}
if (authen_data.method_data) {
- report(LOG_ERR,
+ report(LOG_ERR,
"%s: Method data not set to NULL after authentication",
session.peer);
}
/* Choose an authentication function. Return 1 if we successfully
chose a function. 0 if we couldn't make a choice for some reason */
-static int
+static int choose TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
+static int
choose(datap, typep)
struct authen_data *datap;
struct authen_type *typep;
if (++iterations >= TAC_PLUS_MAX_ITERATIONS) {
report(LOG_ERR, "%s: %s Too many iterations for choose_authen",
- session.peer,
+ session.peer,
session.port);
return (0);
}
if (cont->user_data_len) {
/* An abort message exists. Log it */
- p = reply + TAC_PLUS_HDR_SIZE +
+ p = reply + TAC_PLUS_HDR_SIZE +
TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE + cont->user_msg_len;
bcopy(p, buf, cont->user_data_len);
buf[cont->user_data_len] = '\0';
}
- report(LOG_INFO, "%s %s: Login aborted by request -- msg: %s",
+ report(LOG_INFO, "%s %s: Login aborted by request -- msg: %s",
session.peer, session.port, buf);
free(reply);
return(0);
/* NOTREACHED */
}
+static void authenticate TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
/* Perform authentication assuming we have successfully chosen an
authentication method */
static void
int iterations = 0;
u_char *reply, *p;
struct authen_cont *cont;
- int (*func) ();
+ int (*func) TAC_ARGS((struct authen_data *data));
if (debug & DEBUG_PACKET_FLAG)
report(LOG_DEBUG, "Calling authentication function");
/* An abort message exists. Create a
null-terminated string for authen_data */
- datap->client_data = (char *)
+ datap->client_data = (char *)
tac_malloc(cont->user_data_len + 1);
p = reply + TAC_PLUS_HDR_SIZE + TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE +
/* NOTREACHED */
}
}
-