FITNESS FOR A PARTICULAR PURPOSE.
*/
+
#include "tac_plus.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "default_fn.h"
#include "expire.h"
#include "md5.h"
+#include "report.h"
+#include "utils.h"
+#include "cfgfile.h"
+#include "pwlib.h"
+#include "choose_authen.h" /* for "struct authen_data" */
+#include "do_author.h" /* for "struct identity" */
+#include "packet.h"
+#include "main.h"
#ifdef MSCHAP
#include "md4.h"
#include "mschap.h"
-
#ifdef MSCHAP_DES
#include "arap_des.h"
-#endif
+#endif /* MSCHAP_DES */
#endif /* MSCHAP */
#ifdef ARAP_DES
#include "arap_des.h"
#endif
+
+struct private_data;
+
+static void chap_verify TAC_ARGS((struct authen_data *data));
+static void arap_verify TAC_ARGS((struct authen_data *data));
+static void pap_verify TAC_ARGS((struct authen_data *data));
+static void tac_login TAC_ARGS((struct authen_data *data, struct private_data *p));
+
+#ifdef MSCHAP
+static void mschap_verify TAC_ARGS((struct authen_data *data));
+#endif
+
+
/* internal state variables */
#define STATE_AUTHEN_START 0 /* no requests issued */
#define STATE_AUTHEN_GETUSER 1 /* username has been requested */
int state;
};
-static void chap_verify();
-#ifdef MSCHAP
-static void mschap_verify();
-#endif /* MSCHAP */
-static void arap_verify();
-static void pap_verify();
-static void tac_login();
/*
* Default tacacs login authentication function. Wants a username
* Return 0 if data->status is valid, otherwise 1
*/
+int default_fn TAC_ARGS((struct authen_data *data));
+
int
default_fn(data)
struct authen_data *data;
*
*/
+static void tac_login TAC_ARGS((struct authen_data *data, struct private_data *p));
+
static void
tac_login(data, p)
struct authen_data *data;
* the START packet.
*/
+static void pap_verify TAC_ARGS((struct authen_data *data));
+
static void
pap_verify(data)
struct authen_data *data;
}
+static void chap_verify TAC_ARGS((struct authen_data *data));
+
/* Verify the challenge and id against the response by looking up the
* chap secret in the config file. Set data->status appropriately.
*/
chap_verify(data)
struct authen_data *data;
{
- char *name, *secret, *chal, digest[MD5_LEN];
- char *exp_date, *p;
+ char *name, *chal, digest[MD5_LEN];
+ const char *secret;
+ const char *exp_date, *p;
u_char *mdp;
char id;
int chal_len, inlen;
}
+static void pw_bitshift TAC_ARGS((char *pw));
+
/*
* Force the "parity" bit to zero on a password before passing it to
* des. This is not documented anywhere. (I believe forcing the parity
* to zero reduces the integrity of the encrypted keys but this is
* what Apple chose to do).
*/
-void
+static void
pw_bitshift(pw)
char *pw;
{
}
+static void arap_verify TAC_ARGS((struct authen_data *data));
+
static void
arap_verify(data)
struct authen_data *data;
{
char nas_chal[8], r_chal[8], r_resp[8], secret[8];
- char *name, *cfg_secret, *exp_date, *p;
+ const char *name, *cfg_secret, *exp_date, *p;
if (!(char) data->NAS_id->username[0]) {
report(LOG_ERR, "%s %s: no username for arap_verify",
#ifdef MSCHAP
/* Following code is added for ms-chap */
+
+static void mschap_desencrypt TAC_ARGS((const char *clear, unsigned char *str, unsigned char *cypher));
+
static void
mschap_desencrypt(clear, str, cypher)
-char *clear;
+const char *clear;
unsigned char *str;
unsigned char *cypher;
{
}
+static void mschap_deshash TAC_ARGS((unsigned char *clear, unsigned char *cypher));
+
static void
mschap_deshash(clear, cypher)
-char *clear;
-char *cypher;
+unsigned char *clear;
+unsigned char *cypher;
{
mschap_desencrypt(MSCHAP_KEY, clear, cypher);
}
+static void mschap_lmpasswordhash TAC_ARGS((const char *password, unsigned char *passwordhash));
+
static void
mschap_lmpasswordhash(password, passwordhash)
-char *password;
-char *passwordhash;
+const char *password;
+unsigned char *passwordhash;
{
unsigned char upassword[15];
int i = 0;
}
+static void mschap_challengeresponse TAC_ARGS((const char *challenge, unsigned char *passwordhash, unsigned char *response));
+
static void
mschap_challengeresponse(challenge, passwordhash, response)
-char *challenge;
-char *passwordhash;
-char *response;
+const char *challenge;
+unsigned char *passwordhash;
+unsigned char *response;
{
- char zpasswordhash[21];
+ unsigned char zpasswordhash[21];
memset(zpasswordhash, 0, 21);
memcpy(zpasswordhash, passwordhash, 16);
}
+void mschap_lmchallengeresponse TAC_ARGS((const char *challenge, const char *password, unsigned char *response));
+
void
mschap_lmchallengeresponse(challenge, password, response)
-char *challenge;
-char *password;
-char *response;
+const char *challenge;
+const char *password;
+unsigned char *response;
{
- char passwordhash[16];
+ unsigned char passwordhash[16];
mschap_lmpasswordhash(password, passwordhash);
mschap_challengeresponse(challenge, passwordhash, response);
}
+static int mschap_unicode_len TAC_ARGS((unsigned char *password));
+
static int
mschap_unicode_len(password)
-char *password;
+unsigned char *password;
{
int i;
}
+static void mschap_ntpasswordhash TAC_ARGS((const char *password, unsigned char *passwordhash));
+
static void
mschap_ntpasswordhash(password, passwordhash)
-char *password;
-char *passwordhash;
+const char *password;
+unsigned char *passwordhash;
{
MD4_CTX context;
int i;
- char *cp;
+ const char *cp;
unsigned char unicode_password[512];
memset(unicode_password, 0, 512);
}
+void mschap_ntchallengeresponse TAC_ARGS((const char *challenge, const char *password, unsigned char *response));
+
void
-mschap_ntchallengeresponse(challenge,
- password,
- response)
-char *challenge;
-char *password;
-char *response;
+mschap_ntchallengeresponse(challenge, password, response)
+const char *challenge;
+const char *password;
+unsigned char *response;
{
- char passwordhash[16];
+ unsigned char passwordhash[16];
mschap_ntpasswordhash(password, passwordhash);
mschap_challengeresponse(challenge, passwordhash, response);
/* Verify the challenge and id against the response by looking up the
* ms-chap secret in the config file. Set data->status appropriately.
*/
+
+static void mschap_verify TAC_ARGS((struct authen_data *data));
+
static void
mschap_verify(data)
struct authen_data *data;
{
- char *name, *secret, *chal, *resp;
- char *exp_date, *p;
+ const char *name, *secret, *chal, *resp;
+ const char *exp_date, *p;
char id;
int chal_len;
- char lmresponse[24];
- char ntresponse[24];
+ unsigned char lmresponse[24];
+ unsigned char ntresponse[24];
int bcmp_status;
if (!(char) data->NAS_id->username[0]) {