X-Git-Url: http://git.jankratochvil.net/?p=tac_plus.git;a=blobdiff_plain;f=authen.c;h=7c873fe5b960d798fa09e86d7dcd82e64389a984;hp=a12745e10e93b70b5126533949801d3d554db371;hb=HEAD;hpb=a4d53c2fe3dc1952c7c7d8a4283545389ba5aa64

diff --git a/authen.c b/authen.c
index a12745e..7c873fe 100644
--- a/authen.c
+++ b/authen.c
@@ -1,4 +1,4 @@
-/* 
+/*
    Copyright (c) 1995-1998 by Cisco systems, Inc.
 
    Permission to use, copy, modify, and distribute this software for
@@ -17,16 +17,43 @@
    FITNESS FOR A PARTICULAR PURPOSE.
 */
 
+
 #include "tac_plus.h"
 
-static int choose();
-static void authenticate();
-static void do_start();
+#include <stdlib.h>
+#include <netinet/in.h>		/* for ntohl() */
+
+#include "authen.h"
+#include "packet.h"
+#include "report.h"
+#include "utils.h"
+#include "choose_authen.h"
+#include "do_author.h"		/* for "struct identity" */
+#include "main.h"
+#include "cfgfile.h"
+
+#ifdef TCPWRAPPER
+#include "tcpwrap.h"
+#endif
+
+
+static void do_start TAC_ARGS((u_char *pak));
+static int choose TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+static void authenticate TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
+
+/* Configurable:
+ */
+
+#define TAC_PLUS_MAX_ITERATIONS 50
+
 
 /*
  *  Come here when we receive an authentication START packet
  */
 
+void authen TAC_ARGS((u_char *pak));
+
 void
 authen(pak)
 u_char *pak;
@@ -39,9 +66,9 @@ u_char *pak;
     start = (struct authen_start *) (pak + TAC_PLUS_HDR_SIZE);
 
     if ((hdr->seq_no != 1) ||
-	(ntohl(hdr->datalength) != TAC_AUTHEN_START_FIXED_FIELDS_SIZE + 
+	((unsigned long) ntohl(hdr->datalength) != (unsigned long)(TAC_AUTHEN_START_FIXED_FIELDS_SIZE +
 	 start->user_len + start->port_len + start->rem_addr_len +
-	 start->data_len)) {
+	 start->data_len))) {
 	send_authen_error("Invalid AUTHEN/START packet (check keys)");
 	return;
     }
@@ -65,6 +92,8 @@ u_char *pak;
  * attempt to authenticate.
  */
 
+static void do_start TAC_ARGS((u_char *pak));
+
 static void
 do_start(pak)
 u_char *pak;
@@ -109,6 +138,8 @@ u_char *pak;
 
     identity.priv_lvl = start->priv_lvl;
 
+    cfg_request_identity(&identity);
+
     /* The authen_data structure */
 
     bzero(&authen_data, sizeof(struct authen_data));
@@ -133,7 +164,7 @@ u_char *pak;
      * authentication function to call to actually do the work. */
 
 #ifdef TCPWRAPPER
-if (check_from_wrap(&identity)) {   
+if (check_from_wrap(&identity)) {
 #endif
     ret = choose(&authen_data, &authen_type);
 
@@ -170,7 +201,7 @@ send_authen_error("You are not allowed to access here");
 	authen_data.client_data = NULL;
     }
     if (authen_data.method_data) {
-	report(LOG_ERR, 
+	report(LOG_ERR,
 	       "%s: Method data not set to NULL after authentication",
 	       session.peer);
     }
@@ -184,7 +215,9 @@ send_authen_error("You are not allowed to access here");
 /* Choose an authentication function. Return 1 if we successfully
    chose a function.  0 if we couldn't make a choice for some reason */
 
-static int 
+static int choose TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
+static int
 choose(datap, typep)
 struct authen_data *datap;
 struct authen_type *typep;
@@ -203,7 +236,7 @@ struct authen_type *typep;
 
 	if (++iterations >= TAC_PLUS_MAX_ITERATIONS) {
 	    report(LOG_ERR, "%s: %s Too many iterations for choose_authen",
-		   session.peer, 
+		   session.peer,
 		   session.port);
 	    return (0);
 	}
@@ -267,13 +300,13 @@ struct authen_type *typep;
 
 		if (cont->user_data_len) {
 		    /* An abort message exists. Log it */
-		    p = reply + TAC_PLUS_HDR_SIZE + 
+		    p = reply + TAC_PLUS_HDR_SIZE +
 			TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE + cont->user_msg_len;
 
 		    bcopy(p, buf, cont->user_data_len);
 		    buf[cont->user_data_len] = '\0';
 		}
-		report(LOG_INFO, "%s %s: Login aborted by request -- msg: %s", 
+		report(LOG_INFO, "%s %s: Login aborted by request -- msg: %s",
 		       session.peer, session.port, buf);
 		free(reply);
 		return(0);
@@ -293,6 +326,8 @@ struct authen_type *typep;
     /* NOTREACHED */
 }
 
+static void authenticate TAC_ARGS((struct authen_data *datap, struct authen_type *typep));
+
 /* Perform authentication assuming we have successfully chosen an
    authentication method */
 static void
@@ -303,7 +338,7 @@ struct authen_type *typep;
     int iterations = 0;
     u_char *reply, *p;
     struct authen_cont *cont;
-    int (*func) ();
+    int (*func) TAC_ARGS((struct authen_data *data));
 
     if (debug & DEBUG_PACKET_FLAG)
 	report(LOG_DEBUG, "Calling authentication function");
@@ -429,7 +464,7 @@ struct authen_type *typep;
 		    /* An abort message exists. Create a
 		       null-terminated string for authen_data */
 
-		    datap->client_data = (char *) 
+		    datap->client_data = (char *)
 			tac_malloc(cont->user_data_len + 1);
 
 		    p = reply + TAC_PLUS_HDR_SIZE + TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE +
@@ -469,4 +504,3 @@ struct authen_type *typep;
 	/* NOTREACHED */
     }
 }
-