op public repos

Blame

Date:: Fri Jan 10 14:54:30 2020 UTC
Message:: Trivial changes: whitespace and modes. Remote whitespace at the ends of lines. Remove blank lines from the ends of files. Change modes on source files so that they are not executable. Signed-off-by: Dan Cross <cross@gajendra.net>
Actions:: History | Blob | Raw File
  1 6e527fbc 2005-02-13 devnull /* RFC2138 */
  2 6e527fbc 2005-02-13 devnull #include <u.h>
  3 6e527fbc 2005-02-13 devnull #include <libc.h>
  4 6e527fbc 2005-02-13 devnull #include <ip.h>
  5 6e527fbc 2005-02-13 devnull #include <ctype.h>
  6 6e527fbc 2005-02-13 devnull #include <mp.h>
  7 6e527fbc 2005-02-13 devnull #include <libsec.h>
  8 6e527fbc 2005-02-13 devnull #include <bio.h>
  9 6e527fbc 2005-02-13 devnull #include <ndb.h>
 10 6e527fbc 2005-02-13 devnull #define AUTHLOG "auth"
 11 6e527fbc 2005-02-13 devnull 
 12 6e527fbc 2005-02-13 devnull enum{	R_AccessRequest=1,	/* Packet code */
 13 6e527fbc 2005-02-13 devnull 	R_AccessAccept=2,
 14 6e527fbc 2005-02-13 devnull 	R_AccessReject=3,
 15 6e527fbc 2005-02-13 devnull 	R_AccessChallenge=11,
 16 6e527fbc 2005-02-13 devnull 	R_UserName=1,
 17 6e527fbc 2005-02-13 devnull 	R_UserPassword=2,
 18 6e527fbc 2005-02-13 devnull 	R_NASIPAddress=4,
 19 6e527fbc 2005-02-13 devnull 	R_ReplyMessage=18,
 20 6e527fbc 2005-02-13 devnull 	R_State=24,
 21 6e527fbc 2005-02-13 devnull 	R_NASIdentifier=32
 22 6e527fbc 2005-02-13 devnull };
 23 6e527fbc 2005-02-13 devnull 
 24 6e527fbc 2005-02-13 devnull typedef struct Secret{
 25 6e527fbc 2005-02-13 devnull 	uchar *s;
 26 6e527fbc 2005-02-13 devnull 	int len;
 27 6e527fbc 2005-02-13 devnull } Secret;
 28 6e527fbc 2005-02-13 devnull 
 29 6e527fbc 2005-02-13 devnull typedef struct Attribute{
 30 6e527fbc 2005-02-13 devnull 	struct Attribute *next;
 31 6e527fbc 2005-02-13 devnull 	uchar type;
 32 cbeb0b26 2006-04-01 devnull 	uchar len;	/* number of bytes in value */
 33 6e527fbc 2005-02-13 devnull 	uchar val[256];
 34 6e527fbc 2005-02-13 devnull } Attribute;
 35 6e527fbc 2005-02-13 devnull 
 36 6e527fbc 2005-02-13 devnull typedef struct Packet{
 37 6e527fbc 2005-02-13 devnull 	uchar code, ID;
 38 6e527fbc 2005-02-13 devnull 	uchar authenticator[16];
 39 6e527fbc 2005-02-13 devnull 	Attribute first;
 40 6e527fbc 2005-02-13 devnull } Packet;
 41 6e527fbc 2005-02-13 devnull 
 42 cbeb0b26 2006-04-01 devnull /* assumes pass is at most 16 chars */
 43 6e527fbc 2005-02-13 devnull void
 44 6e527fbc 2005-02-13 devnull hide(Secret *shared, uchar *auth, Secret *pass, uchar *x)
 45 6e527fbc 2005-02-13 devnull {
 46 6e527fbc 2005-02-13 devnull 	DigestState *M;
 47 6e527fbc 2005-02-13 devnull 	int i, n = pass->len;
 48 6e527fbc 2005-02-13 devnull 
 49 6e527fbc 2005-02-13 devnull 	M = md5(shared->s, shared->len, nil, nil);
 50 6e527fbc 2005-02-13 devnull 	md5(auth, 16, x, M);
 51 6e527fbc 2005-02-13 devnull 	if(n > 16)
 52 6e527fbc 2005-02-13 devnull 		n = 16;
 53 6e527fbc 2005-02-13 devnull 	for(i = 0; i < n; i++)
 54 6e527fbc 2005-02-13 devnull 		x[i] ^= (pass->s)[i];
 55 6e527fbc 2005-02-13 devnull }
 56 6e527fbc 2005-02-13 devnull 
 57 6e527fbc 2005-02-13 devnull int
 58 6e527fbc 2005-02-13 devnull authcmp(Secret *shared, uchar *buf, int m, uchar *auth)
 59 6e527fbc 2005-02-13 devnull {
 60 6e527fbc 2005-02-13 devnull 	DigestState *M;
 61 6e527fbc 2005-02-13 devnull 	uchar x[16];
 62 6e527fbc 2005-02-13 devnull 
 63 cbeb0b26 2006-04-01 devnull 	M = md5(buf, 4, nil, nil); /* Code+ID+Length */
 64 cbeb0b26 2006-04-01 devnull 	M = md5(auth, 16, nil, M); /* RequestAuth */
 65 cbeb0b26 2006-04-01 devnull 	M = md5(buf+20, m-20, nil, M); /* Attributes */
 66 6e527fbc 2005-02-13 devnull 	md5(shared->s, shared->len, x, M);
 67 6e527fbc 2005-02-13 devnull 	return memcmp(x, buf+4, 16);
 68 6e527fbc 2005-02-13 devnull }
 69 6e527fbc 2005-02-13 devnull 
 70 6e527fbc 2005-02-13 devnull Packet*
 71 6e527fbc 2005-02-13 devnull newRequest(uchar *auth)
 72 6e527fbc 2005-02-13 devnull {
 73 6e527fbc 2005-02-13 devnull 	static uchar ID = 0;
 74 6e527fbc 2005-02-13 devnull 	Packet *p;
 75 6e527fbc 2005-02-13 devnull 
 76 6e527fbc 2005-02-13 devnull 	p = (Packet*)malloc(sizeof(*p));
 77 6e527fbc 2005-02-13 devnull 	if(p == nil)
 78 6e527fbc 2005-02-13 devnull 		return nil;
 79 6e527fbc 2005-02-13 devnull 	p->code = R_AccessRequest;
 80 6e527fbc 2005-02-13 devnull 	p->ID = ++ID;
 81 6e527fbc 2005-02-13 devnull 	memmove(p->authenticator, auth, 16);
 82 6e527fbc 2005-02-13 devnull 	p->first.next = nil;
 83 6e527fbc 2005-02-13 devnull 	p->first.type = 0;
 84 6e527fbc 2005-02-13 devnull 	return p;
 85 6e527fbc 2005-02-13 devnull }
 86 6e527fbc 2005-02-13 devnull 
 87 6e527fbc 2005-02-13 devnull void
 88 6e527fbc 2005-02-13 devnull freePacket(Packet *p)
 89 6e527fbc 2005-02-13 devnull {
 90 6e527fbc 2005-02-13 devnull 	Attribute *a, *x;
 91 6e527fbc 2005-02-13 devnull 
 92 6e527fbc 2005-02-13 devnull 	if(!p)
 93 6e527fbc 2005-02-13 devnull 		return;
 94 6e527fbc 2005-02-13 devnull 	a = p->first.next;
 95 6e527fbc 2005-02-13 devnull 	while(a){
 96 6e527fbc 2005-02-13 devnull 		x = a;
 97 6e527fbc 2005-02-13 devnull 		a = a->next;
 98 6e527fbc 2005-02-13 devnull 		free(x);
 99 6e527fbc 2005-02-13 devnull 	}
100 6e527fbc 2005-02-13 devnull 	free(p);
101 6e527fbc 2005-02-13 devnull }
102 6e527fbc 2005-02-13 devnull 
103 6e527fbc 2005-02-13 devnull int
104 6e527fbc 2005-02-13 devnull ding(void *v, char *msg)
105 6e527fbc 2005-02-13 devnull {
106 6e527fbc 2005-02-13 devnull 	USED(v);
107 6e527fbc 2005-02-13 devnull /*	syslog(0, AUTHLOG, "ding %s", msg); */
108 6e527fbc 2005-02-13 devnull 	if(strstr(msg, "alarm"))
109 6e527fbc 2005-02-13 devnull 		return 1;
110 6e527fbc 2005-02-13 devnull 	return 0;
111 6e527fbc 2005-02-13 devnull }
112 6e527fbc 2005-02-13 devnull 
113 6e527fbc 2005-02-13 devnull Packet *
114 6e527fbc 2005-02-13 devnull rpc(char *dest, Secret *shared, Packet *req)
115 6e527fbc 2005-02-13 devnull {
116 6e527fbc 2005-02-13 devnull 	uchar buf[4096], buf2[4096], *b, *e;
117 6e527fbc 2005-02-13 devnull 	Packet *resp;
118 6e527fbc 2005-02-13 devnull 	Attribute *a;
119 6e527fbc 2005-02-13 devnull 	int m, n, fd, try;
120 6e527fbc 2005-02-13 devnull 
121 cbeb0b26 2006-04-01 devnull 	/* marshal request */
122 6e527fbc 2005-02-13 devnull 	e = buf + sizeof buf;
123 6e527fbc 2005-02-13 devnull 	buf[0] = req->code;
124 6e527fbc 2005-02-13 devnull 	buf[1] = req->ID;
125 6e527fbc 2005-02-13 devnull 	memmove(buf+4, req->authenticator, 16);
126 6e527fbc 2005-02-13 devnull 	b = buf+20;
127 6e527fbc 2005-02-13 devnull 	for(a = &req->first; a; a = a->next){
128 6e527fbc 2005-02-13 devnull 		if(b + 2 + a->len > e)
129 6e527fbc 2005-02-13 devnull 			return nil;
130 6e527fbc 2005-02-13 devnull 		*b++ = a->type;
131 6e527fbc 2005-02-13 devnull 		*b++ = 2 + a->len;
132 6e527fbc 2005-02-13 devnull 		memmove(b, a->val, a->len);
133 6e527fbc 2005-02-13 devnull 		b += a->len;
134 6e527fbc 2005-02-13 devnull 	}
135 6e527fbc 2005-02-13 devnull 	n = b-buf;
136 6e527fbc 2005-02-13 devnull 	buf[2] = n>>8;
137 6e527fbc 2005-02-13 devnull 	buf[3] = n;
138 6e527fbc 2005-02-13 devnull 
139 cbeb0b26 2006-04-01 devnull 	/* send request, wait for reply */
140 6e527fbc 2005-02-13 devnull 	fd = dial(dest, 0, 0, 0);
141 6e527fbc 2005-02-13 devnull 	if(fd < 0){
142 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "%s: rpc can't get udp channel", dest);
143 6e527fbc 2005-02-13 devnull 		return nil;
144 6e527fbc 2005-02-13 devnull 	}
145 6e527fbc 2005-02-13 devnull 	atnotify(ding, 1);
146 6e527fbc 2005-02-13 devnull 	m = -1;
147 6e527fbc 2005-02-13 devnull 	for(try = 0; try < 2; try++){
148 6e527fbc 2005-02-13 devnull 		alarm(4000);
149 6e527fbc 2005-02-13 devnull 		m = write(fd, buf, n);
150 6e527fbc 2005-02-13 devnull 		if(m != n){
151 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s: rpc write err %d %d: %r", dest, m, n);
152 6e527fbc 2005-02-13 devnull 			m = -1;
153 6e527fbc 2005-02-13 devnull 			break;
154 6e527fbc 2005-02-13 devnull 		}
155 6e527fbc 2005-02-13 devnull 		m = read(fd, buf2, sizeof buf2);
156 6e527fbc 2005-02-13 devnull 		alarm(0);
157 6e527fbc 2005-02-13 devnull 		if(m < 0){
158 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s rpc read err %d: %r", dest, m);
159 cbeb0b26 2006-04-01 devnull 			break; /* failure */
160 6e527fbc 2005-02-13 devnull 		}
161 cbeb0b26 2006-04-01 devnull 		if(m == 0 || buf2[1] != buf[1]){  /* need matching ID */
162 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s unmatched reply %d", dest, m);
163 6e527fbc 2005-02-13 devnull 			continue;
164 6e527fbc 2005-02-13 devnull 		}
165 6e527fbc 2005-02-13 devnull 		if(authcmp(shared, buf2, m, buf+4) == 0)
166 6e527fbc 2005-02-13 devnull 			break;
167 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "%s bad rpc chksum", dest);
168 6e527fbc 2005-02-13 devnull 	}
169 6e527fbc 2005-02-13 devnull 	close(fd);
170 6e527fbc 2005-02-13 devnull 	if(m <= 0)
171 6e527fbc 2005-02-13 devnull 		return nil;
172 6e527fbc 2005-02-13 devnull 
173 cbeb0b26 2006-04-01 devnull 	/* unmarshal reply */
174 6e527fbc 2005-02-13 devnull 	b = buf2;
175 6e527fbc 2005-02-13 devnull 	e = buf2+m;
176 6e527fbc 2005-02-13 devnull 	resp = (Packet*)malloc(sizeof(*resp));
177 6e527fbc 2005-02-13 devnull 	if(resp == nil)
178 6e527fbc 2005-02-13 devnull 		return nil;
179 6e527fbc 2005-02-13 devnull 	resp->code = *b++;
180 6e527fbc 2005-02-13 devnull 	resp->ID = *b++;
181 6e527fbc 2005-02-13 devnull 	n = *b++;
182 6e527fbc 2005-02-13 devnull 	n = (n<<8) | *b++;
183 6e527fbc 2005-02-13 devnull 	if(m != n){
184 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "rpc got %d bytes, length said %d", m, n);
185 6e527fbc 2005-02-13 devnull 		if(m > n)
186 6e527fbc 2005-02-13 devnull 			e = buf2+n;
187 6e527fbc 2005-02-13 devnull 	}
188 6e527fbc 2005-02-13 devnull 	memmove(resp->authenticator, b, 16);
189 6e527fbc 2005-02-13 devnull 	b += 16;
190 6e527fbc 2005-02-13 devnull 	a = &resp->first;
191 6e527fbc 2005-02-13 devnull 	a->type = 0;
192 6e527fbc 2005-02-13 devnull 	while(1){
193 6e527fbc 2005-02-13 devnull 		if(b >= e){
194 6e527fbc 2005-02-13 devnull 			a->next = nil;
195 cbeb0b26 2006-04-01 devnull 			break;			/* exit loop */
196 6e527fbc 2005-02-13 devnull 		}
197 6e527fbc 2005-02-13 devnull 		a->type = *b++;
198 6e527fbc 2005-02-13 devnull 		a->len = (*b++) - 2;
199 cbeb0b26 2006-04-01 devnull 		if(b + a->len > e){ /* corrupt packet */
200 6e527fbc 2005-02-13 devnull 			a->next = nil;
201 6e527fbc 2005-02-13 devnull 			freePacket(resp);
202 6e527fbc 2005-02-13 devnull 			return nil;
203 6e527fbc 2005-02-13 devnull 		}
204 6e527fbc 2005-02-13 devnull 		memmove(a->val, b, a->len);
205 6e527fbc 2005-02-13 devnull 		b += a->len;
206 cbeb0b26 2006-04-01 devnull 		if(b < e){  /* any more attributes? */
207 6e527fbc 2005-02-13 devnull 			a->next = (Attribute*)malloc(sizeof(*a));
208 6e527fbc 2005-02-13 devnull 			if(a->next == nil){
209 6e527fbc 2005-02-13 devnull 				free(req);
210 6e527fbc 2005-02-13 devnull 				return nil;
211 6e527fbc 2005-02-13 devnull 			}
212 6e527fbc 2005-02-13 devnull 			a = a->next;
213 6e527fbc 2005-02-13 devnull 		}
214 6e527fbc 2005-02-13 devnull 	}
215 6e527fbc 2005-02-13 devnull 	return resp;
216 6e527fbc 2005-02-13 devnull }
217 6e527fbc 2005-02-13 devnull 
218 6e527fbc 2005-02-13 devnull int
219 6e527fbc 2005-02-13 devnull setAttribute(Packet *p, uchar type, uchar *s, int n)
220 6e527fbc 2005-02-13 devnull {
221 6e527fbc 2005-02-13 devnull 	Attribute *a;
222 6e527fbc 2005-02-13 devnull 
223 6e527fbc 2005-02-13 devnull 	a = &p->first;
224 6e527fbc 2005-02-13 devnull 	if(a->type != 0){
225 6e527fbc 2005-02-13 devnull 		a = (Attribute*)malloc(sizeof(*a));
226 6e527fbc 2005-02-13 devnull 		if(a == nil)
227 6e527fbc 2005-02-13 devnull 			return -1;
228 6e527fbc 2005-02-13 devnull 		a->next = p->first.next;
229 6e527fbc 2005-02-13 devnull 		p->first.next = a;
230 6e527fbc 2005-02-13 devnull 	}
231 6e527fbc 2005-02-13 devnull 	a->type = type;
232 6e527fbc 2005-02-13 devnull 	a->len = n;
233 cbeb0b26 2006-04-01 devnull 	if(a->len > 253 )  /* RFC2138, section 5 */
234 6e527fbc 2005-02-13 devnull 		a->len = 253;
235 6e527fbc 2005-02-13 devnull 	memmove(a->val, s, a->len);
236 6e527fbc 2005-02-13 devnull 	return 0;
237 6e527fbc 2005-02-13 devnull }
238 6e527fbc 2005-02-13 devnull 
239 6e527fbc 2005-02-13 devnull /* return a reply message attribute string */
240 6e527fbc 2005-02-13 devnull char*
241 6e527fbc 2005-02-13 devnull replymsg(Packet *p)
242 6e527fbc 2005-02-13 devnull {
243 6e527fbc 2005-02-13 devnull 	Attribute *a;
244 6e527fbc 2005-02-13 devnull 	static char buf[255];
245 6e527fbc 2005-02-13 devnull 
246 6e527fbc 2005-02-13 devnull 	for(a = &p->first; a; a = a->next){
247 6e527fbc 2005-02-13 devnull 		if(a->type == R_ReplyMessage){
248 6e527fbc 2005-02-13 devnull 			if(a->len >= sizeof buf)
249 6e527fbc 2005-02-13 devnull 				a->len = sizeof(buf)-1;
250 6e527fbc 2005-02-13 devnull 			memmove(buf, a->val, a->len);
251 6e527fbc 2005-02-13 devnull 			buf[a->len] = 0;
252 6e527fbc 2005-02-13 devnull 		}
253 6e527fbc 2005-02-13 devnull 	}
254 6e527fbc 2005-02-13 devnull 	return buf;
255 6e527fbc 2005-02-13 devnull }
256 6e527fbc 2005-02-13 devnull 
257 6e527fbc 2005-02-13 devnull /* for convenience while debugging */
258 6e527fbc 2005-02-13 devnull char *replymess;
259 6e527fbc 2005-02-13 devnull Attribute *stateattr;
260 6e527fbc 2005-02-13 devnull 
261 6e527fbc 2005-02-13 devnull void
262 6e527fbc 2005-02-13 devnull logPacket(Packet *p)
263 6e527fbc 2005-02-13 devnull {
264 6e527fbc 2005-02-13 devnull 	Attribute *a;
265 6e527fbc 2005-02-13 devnull 	char buf[255];
266 6e527fbc 2005-02-13 devnull 	char pbuf[4*1024];
267 6e527fbc 2005-02-13 devnull 	uchar *au = p->authenticator;
268 6e527fbc 2005-02-13 devnull 	int i;
269 6e527fbc 2005-02-13 devnull 	char *np, *e;
270 6e527fbc 2005-02-13 devnull 
271 6e527fbc 2005-02-13 devnull 	e = pbuf + sizeof(pbuf);
272 6e527fbc 2005-02-13 devnull 
273 6e527fbc 2005-02-13 devnull 	np = seprint(pbuf, e, "Packet ID=%d auth=%x %x %x... ", p->ID, au[0], au[1], au[2]);
274 6e527fbc 2005-02-13 devnull 	switch(p->code){
275 6e527fbc 2005-02-13 devnull 	case R_AccessRequest:
276 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "request\n");
277 6e527fbc 2005-02-13 devnull 		break;
278 6e527fbc 2005-02-13 devnull 	case R_AccessAccept:
279 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "accept\n");
280 6e527fbc 2005-02-13 devnull 		break;
281 6e527fbc 2005-02-13 devnull 	case R_AccessReject:
282 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "reject\n");
283 6e527fbc 2005-02-13 devnull 		break;
284 6e527fbc 2005-02-13 devnull 	case R_AccessChallenge:
285 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "challenge\n");
286 6e527fbc 2005-02-13 devnull 		break;
287 6e527fbc 2005-02-13 devnull 	default:
288 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "code=%d\n", p->code);
289 6e527fbc 2005-02-13 devnull 		break;
290 6e527fbc 2005-02-13 devnull 	}
291 6e527fbc 2005-02-13 devnull 	replymess = "0000000";
292 6e527fbc 2005-02-13 devnull 	for(a = &p->first; a; a = a->next){
293 6e527fbc 2005-02-13 devnull 		if(a->len > 253 )
294 6e527fbc 2005-02-13 devnull 			a->len = 253;
295 6e527fbc 2005-02-13 devnull 		memmove(buf, a->val, a->len);
296 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, " [%d]", a->type);
297 6e527fbc 2005-02-13 devnull 		for(i = 0; i<a->len; i++)
298 6e527fbc 2005-02-13 devnull 			if(isprint(a->val[i]))
299 6e527fbc 2005-02-13 devnull 				np = seprint(np, e, "%c", a->val[i]);
300 6e527fbc 2005-02-13 devnull 			else
301 6e527fbc 2005-02-13 devnull 				np = seprint(np, e, "\\%o", a->val[i]);
302 6e527fbc 2005-02-13 devnull 		np = seprint(np, e, "\n");
303 6e527fbc 2005-02-13 devnull 		buf[a->len] = 0;
304 6e527fbc 2005-02-13 devnull 		if(a->type == R_ReplyMessage)
305 6e527fbc 2005-02-13 devnull 			replymess = strdup(buf);
306 6e527fbc 2005-02-13 devnull 		else if(a->type == R_State)
307 6e527fbc 2005-02-13 devnull 			stateattr = a;
308 6e527fbc 2005-02-13 devnull 	}
309 6e527fbc 2005-02-13 devnull 
310 6e527fbc 2005-02-13 devnull 	syslog(0, AUTHLOG, "%s", pbuf);
311 6e527fbc 2005-02-13 devnull }
312 6e527fbc 2005-02-13 devnull 
313 6e527fbc 2005-02-13 devnull static uchar*
314 6e527fbc 2005-02-13 devnull getipv4addr(void)
315 6e527fbc 2005-02-13 devnull {
316 6e527fbc 2005-02-13 devnull 	Ipifc *nifc;
317 6e527fbc 2005-02-13 devnull 	Iplifc *lifc;
318 6e527fbc 2005-02-13 devnull 	static Ipifc *ifc;
319 6e527fbc 2005-02-13 devnull 
320 6e527fbc 2005-02-13 devnull 	ifc = readipifc("/net", ifc, -1);
321 6e527fbc 2005-02-13 devnull 	for(nifc = ifc; nifc; nifc = nifc->next)
322 6e527fbc 2005-02-13 devnull 		for(lifc = nifc->lifc; lifc; lifc = lifc->next)
323 6e527fbc 2005-02-13 devnull 			if(ipcmp(lifc->ip, IPnoaddr) != 0 && ipcmp(lifc->ip, v4prefix) != 0)
324 6e527fbc 2005-02-13 devnull 				return lifc->ip;
325 6e527fbc 2005-02-13 devnull 	return nil;
326 6e527fbc 2005-02-13 devnull }
327 6e527fbc 2005-02-13 devnull 
328 6e527fbc 2005-02-13 devnull extern Ndb *db;
329 6e527fbc 2005-02-13 devnull 
330 6e527fbc 2005-02-13 devnull /* returns 0 on success, error message on failure */
331 6e527fbc 2005-02-13 devnull char*
332 6e527fbc 2005-02-13 devnull secureidcheck(char *user, char *response)
333 6e527fbc 2005-02-13 devnull {
334 6e527fbc 2005-02-13 devnull 	Packet *req = nil, *resp = nil;
335 6e527fbc 2005-02-13 devnull 	ulong u[4];
336 6e527fbc 2005-02-13 devnull 	uchar x[16];
337 6e527fbc 2005-02-13 devnull 	char *radiussecret;
338 6e527fbc 2005-02-13 devnull 	char ruser[ 64];
339 6e527fbc 2005-02-13 devnull 	char dest[3*IPaddrlen+20];
340 6e527fbc 2005-02-13 devnull 	Secret shared, pass;
341 6e527fbc 2005-02-13 devnull 	char *rv = "authentication failed";
342 6e527fbc 2005-02-13 devnull 	Ndbs s;
343 6e527fbc 2005-02-13 devnull 	Ndbtuple *t, *nt, *tt;
344 6e527fbc 2005-02-13 devnull 	uchar *ip;
345 6e527fbc 2005-02-13 devnull 	static Ndb *netdb;
346 6e527fbc 2005-02-13 devnull 
347 6e527fbc 2005-02-13 devnull 	if(netdb == nil)
348 6e527fbc 2005-02-13 devnull 		netdb = ndbopen(0);
349 6e527fbc 2005-02-13 devnull 
350 6e527fbc 2005-02-13 devnull 	/* bad responses make them disable the fob, avoid silly checks */
351 6e527fbc 2005-02-13 devnull 	if(strlen(response) < 4 || strpbrk(response,"abcdefABCDEF") != nil)
352 6e527fbc 2005-02-13 devnull 		goto out;
353 6e527fbc 2005-02-13 devnull 
354 6e527fbc 2005-02-13 devnull 	/* get radius secret */
355 6e527fbc 2005-02-13 devnull 	radiussecret = ndbgetvalue(db, &s, "radius", "lra-radius", "secret", &t);
356 6e527fbc 2005-02-13 devnull 	if(radiussecret == nil){
357 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "secureidcheck: nil radius secret: %r");
358 6e527fbc 2005-02-13 devnull 		goto out;
359 6e527fbc 2005-02-13 devnull 	}
360 6e527fbc 2005-02-13 devnull 
361 6e527fbc 2005-02-13 devnull 	/* translate user name if we have to */
362 6e527fbc 2005-02-13 devnull 	strcpy(ruser, user);
363 6e527fbc 2005-02-13 devnull 	for(nt = t; nt; nt = nt->entry){
364 6e527fbc 2005-02-13 devnull 		if(strcmp(nt->attr, "uid") == 0 && strcmp(nt->val, user) == 0)
365 6e527fbc 2005-02-13 devnull 			for(tt = nt->line; tt != nt; tt = tt->line)
366 6e527fbc 2005-02-13 devnull 				if(strcmp(tt->attr, "rid") == 0){
367 6e527fbc 2005-02-13 devnull 					strcpy(ruser, tt->val);
368 6e527fbc 2005-02-13 devnull 					break;
369 6e527fbc 2005-02-13 devnull 				}
370 6e527fbc 2005-02-13 devnull 	}
371 6e527fbc 2005-02-13 devnull 	ndbfree(t);
372 6e527fbc 2005-02-13 devnull 
373 6e527fbc 2005-02-13 devnull 	u[0] = fastrand();
374 6e527fbc 2005-02-13 devnull 	u[1] = fastrand();
375 6e527fbc 2005-02-13 devnull 	u[2] = fastrand();
376 6e527fbc 2005-02-13 devnull 	u[3] = fastrand();
377 6e527fbc 2005-02-13 devnull 	req = newRequest((uchar*)u);
378 6e527fbc 2005-02-13 devnull 	if(req == nil)
379 6e527fbc 2005-02-13 devnull 		goto out;
380 6e527fbc 2005-02-13 devnull 	shared.s = (uchar*)radiussecret;
381 6e527fbc 2005-02-13 devnull 	shared.len = strlen(radiussecret);
382 6e527fbc 2005-02-13 devnull 	ip = getipv4addr();
383 6e527fbc 2005-02-13 devnull 	if(ip == nil){
384 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "no interfaces: %r\n");
385 6e527fbc 2005-02-13 devnull 		goto out;
386 6e527fbc 2005-02-13 devnull 	}
387 6e527fbc 2005-02-13 devnull 	if(setAttribute(req, R_NASIPAddress, ip + IPv4off, 4) < 0)
388 6e527fbc 2005-02-13 devnull 		goto out;
389 6e527fbc 2005-02-13 devnull 
390 6e527fbc 2005-02-13 devnull 	if(setAttribute(req, R_UserName, (uchar*)ruser, strlen(ruser)) < 0)
391 6e527fbc 2005-02-13 devnull 		goto out;
392 6e527fbc 2005-02-13 devnull 	pass.s = (uchar*)response;
393 6e527fbc 2005-02-13 devnull 	pass.len = strlen(response);
394 6e527fbc 2005-02-13 devnull 	hide(&shared, req->authenticator, &pass, x);
395 6e527fbc 2005-02-13 devnull 	if(setAttribute(req, R_UserPassword, x, 16) < 0)
396 6e527fbc 2005-02-13 devnull 		goto out;
397 6e527fbc 2005-02-13 devnull 
398 6e527fbc 2005-02-13 devnull 	t = ndbsearch(netdb, &s, "sys", "lra-radius");
399 6e527fbc 2005-02-13 devnull 	if(t == nil){
400 6e527fbc 2005-02-13 devnull 		syslog(0, AUTHLOG, "secureidcheck: nil radius sys search: %r\n");
401 6e527fbc 2005-02-13 devnull 		goto out;
402 6e527fbc 2005-02-13 devnull 	}
403 6e527fbc 2005-02-13 devnull 	for(nt = t; nt; nt = nt->entry){
404 6e527fbc 2005-02-13 devnull 		if(strcmp(nt->attr, "ip") != 0)
405 6e527fbc 2005-02-13 devnull 			continue;
406 6e527fbc 2005-02-13 devnull 
407 6e527fbc 2005-02-13 devnull 		snprint(dest,sizeof dest,"udp!%s!oradius", nt->val);
408 6e527fbc 2005-02-13 devnull 		resp = rpc(dest, &shared, req);
409 6e527fbc 2005-02-13 devnull 		if(resp == nil){
410 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s nil response", dest);
411 6e527fbc 2005-02-13 devnull 			continue;
412 6e527fbc 2005-02-13 devnull 		}
413 6e527fbc 2005-02-13 devnull 		if(resp->ID != req->ID){
414 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s mismatched ID  req=%d resp=%d",
415 6e527fbc 2005-02-13 devnull 				dest, req->ID, resp->ID);
416 6e527fbc 2005-02-13 devnull 			freePacket(resp);
417 6e527fbc 2005-02-13 devnull 			resp = nil;
418 6e527fbc 2005-02-13 devnull 			continue;
419 6e527fbc 2005-02-13 devnull 		}
420 fa325e9b 2020-01-10 cross 
421 6e527fbc 2005-02-13 devnull 		switch(resp->code){
422 6e527fbc 2005-02-13 devnull 		case R_AccessAccept:
423 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s accepted ruser=%s", dest, ruser);
424 6e527fbc 2005-02-13 devnull 			rv = nil;
425 6e527fbc 2005-02-13 devnull 			break;
426 6e527fbc 2005-02-13 devnull 		case R_AccessReject:
427 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s rejected ruser=%s %s", dest, ruser, replymsg(resp));
428 6e527fbc 2005-02-13 devnull 			rv = "secureid failed";
429 6e527fbc 2005-02-13 devnull 			break;
430 6e527fbc 2005-02-13 devnull 		case R_AccessChallenge:
431 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s challenge ruser=%s %s", dest, ruser, replymsg(resp));
432 6e527fbc 2005-02-13 devnull 			rv = "secureid out of sync";
433 6e527fbc 2005-02-13 devnull 			break;
434 6e527fbc 2005-02-13 devnull 		default:
435 6e527fbc 2005-02-13 devnull 			syslog(0, AUTHLOG, "%s code=%d ruser=%s %s", dest, resp->code, ruser, replymsg(resp));
436 6e527fbc 2005-02-13 devnull 			break;
437 6e527fbc 2005-02-13 devnull 		}
438 cbeb0b26 2006-04-01 devnull 		break; /* we have a proper reply, no need to ask again */
439 6e527fbc 2005-02-13 devnull 	}
440 6e527fbc 2005-02-13 devnull 	ndbfree(t);
441 6e527fbc 2005-02-13 devnull 	free(radiussecret);
442 6e527fbc 2005-02-13 devnull out:
443 6e527fbc 2005-02-13 devnull 	freePacket(req);
444 6e527fbc 2005-02-13 devnull 	freePacket(resp);
445 6e527fbc 2005-02-13 devnull 	return rv;
446 6e527fbc 2005-02-13 devnull }