-/*
+/*
Copyright (c) 1995-1998 by Cisco systems, Inc.
Permission to use, copy, modify, and distribute this software for
FITNESS FOR A PARTICULAR PURPOSE.
*/
+
#include "tac_plus.h"
+
+#include <stdlib.h>
+
+#include "sendauth.h"
#include "expire.h"
#include "md5.h"
+#include "report.h"
+#include "cfgfile.h"
+#include "utils.h"
+#include "pwlib.h"
+#include "choose_authen.h" /* for "struct authen_data" */
+#include "do_author.h" /* for "struct identity" */
+#include "packet.h"
+#include "main.h"
-static int do_sendauth_fn();
-static void outbound_chap();
#ifdef MSCHAP
-static void outbound_mschap();
-#endif /* MSCHAP */
-void outbound_pap();
+#include "default_fn.h"
+#endif
+
+
+static int do_sendauth_fn TAC_ARGS((struct authen_data *data));
+static void outbound_chap TAC_ARGS((struct authen_data *data));
+static void outbound_pap TAC_ARGS((struct authen_data *data));
+
+#ifdef MSCHAP
+static void outbound_mschap TAC_ARGS((struct authen_data *data));
+#endif
+
+
+int sendauth_fn TAC_ARGS((struct authen_data *data));
int sendauth_fn(data)
struct authen_data *data;
{
- int status;
+ int retval;
char *name, *p;
name = data->NAS_id->username;
if (STREQ(name, DEFAULT_USERNAME)) {
/* This username is only valid for authorization */
data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
+ retval = 0;
} else {
- status = do_sendauth_fn(data);
+ retval = do_sendauth_fn(data);
}
if (debug) {
report(LOG_INFO, "%s-sendauth query for '%s' %s from %s %s",
p,
name && name[0] ? name : "unknown",
- session.peer, session.port,
+ session.peer, session.port,
(data->status == TAC_PLUS_AUTHEN_STATUS_PASS) ?
"accepted" : "rejected");
}
- return(status);
+ return (retval);
}
/*
* For PAP we need to supply the outgoing PAP cleartext password.
- * from the config file.
+ * from the config file.
*
* For CHAP, we expect an id and a challenge. We will return an MD5 hash
* if we're successful,
*
- * Return 0 if data->status is valid, otherwise 1
+ * Return 0 if data->status is valid, otherwise 1
*/
+static int do_sendauth_fn TAC_ARGS((struct authen_data *data));
+
static int
do_sendauth_fn(data)
struct authen_data *data;
{
- char *name, *exp_date;
+ const char *name, *exp_date;
data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
default:
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
- report(LOG_ERR, "%s %s: %s Illegal data type for sendauth_fn",
+ report(LOG_ERR, "%s %s: %s Illegal data type for sendauth_fn",
session.peer, session.port, name);
- return (0);
+ return (0);
}
exp_date = cfg_get_expires(name, TAC_PLUS_RECURSE);
return (0);
}
-void
+static void outbound_pap TAC_ARGS((struct authen_data *data));
+
+static void
outbound_pap(data)
struct authen_data *data;
{
- char *secret, *p, *name;
+ const char *secret, *p, *name;
name = data->NAS_id->username;
return;
}
- data->server_data = tac_strdup(p);
- data->server_dlen = strlen(data->server_data);
+ data->server_data = (unsigned char *) tac_strdup(p);
+ data->server_dlen = strlen((char *) data->server_data);
data->status = TAC_PLUS_AUTHEN_STATUS_PASS;
}
+static void outbound_chap TAC_ARGS((struct authen_data *data));
+
static void
outbound_chap(data)
struct authen_data *data;
{
- char *name, *secret, *chal, digest[MD5_LEN];
- char *p;
+ const char *name, *secret, *chal, *p;
+ char digest[MD5_LEN];
u_char *mdp;
char id;
int chal_len, inlen;
name = data->NAS_id->username;
if (!name) {
- report(LOG_ERR, "%s %s: no username for outbound_chap",
+ report(LOG_ERR, "%s %s: no username for outbound_chap",
session.peer, session.port);
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
return;
/* Get the secret */
secret = cfg_get_chap_secret(name, TAC_PLUS_RECURSE);
- /* If there is no chap password for this user, see if there is
+ /* If there is no chap password for this user, see if there is
a global password for her that we can use */
if (!secret) {
secret = cfg_get_global_secret(name, TAC_PLUS_RECURSE);
secret = p;
/*
- * We now have the secret, the id, and the challenge value.
+ * We now have the secret, the id, and the challenge value.
* Put them all together, and run them through the MD5 digest
* algorithm. */
#ifdef MSCHAP
+static void outbound_mschap TAC_ARGS((struct authen_data *data));
+
static void
outbound_mschap(data)
struct authen_data *data;
{
- char *name, *secret, *chal;
- char *p;
+ const char *name, *secret, *chal, *p;
char id;
int chal_len;
/* Get the secret */
secret = cfg_get_mschap_secret(name, TAC_PLUS_RECURSE);
- /* If there is no chap password for this user, see if there is
+ /* If there is no chap password for this user, see if there is
a global password for her that we can use */
if (!secret) {
secret = cfg_get_global_secret(name, TAC_PLUS_RECURSE);
secret = p;
/*
- * We now have the secret, the id, and the challenge value.
+ * We now have the secret, the id, and the challenge value.
* Put them all together, and run them through the MD4 digest
* algorithm. */