isakmp_xauth.c revision d30604685e6cc1fa878806ae590dcd1fc9d43f91
1f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh/* $NetBSD: isakmp_xauth.c,v 1.22 2011/03/14 15:50:36 vanhu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 2004-2005 Emmanuel Dreyfus 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/queue.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 43f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#include <assert.h> 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <pwd.h> 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <grp.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if TIME_WITH_SYS_TIME 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#else 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# if HAVE_SYS_TIME_H 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# else 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# endif 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <ctype.h> 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_SHADOW_H 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <shadow.h> 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "crypto_openssl.h" 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "privsep.h" 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "throttle.h" 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_xauth.h" 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_unity.h" 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "strnames.h" 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ipsec_doi.h" 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <radlib.h> 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct rad_handle *radius_auth_state = NULL; 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct rad_handle *radius_acct_state = NULL; 101f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehstruct xauth_rad_config xauth_rad_config; 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <security/pam_appl.h> 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic char *PAM_usr = NULL; 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic char *PAM_pwd = NULL; 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int PAM_conv(int, const struct pam_message **, 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct pam_response **, void *); 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic struct pam_conv PAM_chat = { &PAM_conv, NULL }; 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ldap.h" 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <arpa/inet.h> 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct xauth_ldap_config xauth_ldap_config; 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_sendreq(iph1) 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attr; 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *typeattr; 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *usrattr; 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *pwdattr; 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst = &iph1->mode_cfg->xauth; 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t tlen; 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Status checks */ 133f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (iph1->status < PHASE1ST_ESTABLISHED) { 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth request while phase 1 is not completed\n"); 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->status != XAUTHST_NOTYET) { 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth request whith Xauth state %d\n", xst->status); 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, "Sending Xauth request\n"); 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*attr) + 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + sizeof(*typeattr) + 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + sizeof(*usrattr) + 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + sizeof(*pwdattr); 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(tlen)) == NULL) { 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate buffer\n"); 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_pl_attr *)buffer->v; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(attr, 0, tlen); 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->h.len = htons(tlen); 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = ISAKMP_CFG_REQUEST; 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->id = htons(eay_random()); 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang typeattr = (struct isakmp_data *)(attr + 1); 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang typeattr->type = htons(XAUTH_TYPE | ISAKMP_GEN_TV); 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang typeattr->lorv = htons(XAUTH_TYPE_GENERIC); 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usrattr = (struct isakmp_data *)(typeattr + 1); 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usrattr->type = htons(XAUTH_USER_NAME | ISAKMP_GEN_TLV); 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usrattr->lorv = htons(0); 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pwdattr = (struct isakmp_data *)(usrattr + 1); 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pwdattr->type = htons(XAUTH_USER_PASSWORD | ISAKMP_GEN_TLV); 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pwdattr->lorv = htons(0); 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_send(iph1, buffer, 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 1); 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xst->status = XAUTHST_REQSENT; 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_attr_reply(iph1, attr, id) 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int id; 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char **outlet = NULL; 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = 0; 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst = &iph1->mode_cfg->xauth; 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) { 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth reply but peer did not declare " 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "itself as Xauth capable\n"); 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->status != XAUTHST_REQSENT) { 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth reply while Xauth state is %d\n", xst->status); 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type) & ~ISAKMP_GEN_MASK; 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (ntohs(attr->lorv)) { 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE_GENERIC: 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xst->authtype = XAUTH_TYPE_GENERIC; 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected authentication type %d\n", 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ntohs(type)); 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang outlet = &xst->authdata.generic.usr; 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang outlet = &xst->authdata.generic.pwd; 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ignored Xauth attribute %d\n", type); 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (outlet != NULL) { 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((*outlet = racoon_malloc(alen + 1)) == NULL) { 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory for Xauth Data\n"); 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(*outlet, attr + 1, alen); 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*outlet)[alen] = '\0'; 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang outlet = NULL; 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((xst->authdata.generic.usr != NULL) && 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (xst->authdata.generic.pwd != NULL)) { 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res; 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr = xst->authdata.generic.usr; 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pwd = xst->authdata.generic.pwd; 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang time_t throttle_delay = 0; 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 /* Real debug, don't do that at home */ 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Got username \"%s\", password \"%s\"\n", usr, pwd); 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strncpy(iph1->mode_cfg->login, usr, LOGINLEN); 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->login[LOGINLEN] = '\0'; 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = -1; 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((port = isakmp_cfg_getport(iph1)) == -1) { 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Port pool depleted\n"); 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto skip_auth; 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (isakmp_cfg_config.authsource) { 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_AUTH_SYSTEM: 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = privsep_xauth_login_system(usr, pwd); 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_AUTH_RADIUS: 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = xauth_login_radius(iph1, usr, pwd); 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_AUTH_PAM: 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = privsep_xauth_login_pam(iph1->mode_cfg->port, 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->remote, usr, pwd); 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_AUTH_LDAP: 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = xauth_login_ldap(iph1, usr, pwd); 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected authentication source\n"); 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = -1; 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Optional group authentication 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!res && (isakmp_cfg_config.groupcount)) 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = group_check(iph1, 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.grouplist, 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.groupcount); 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * On failure, throttle the connexion for the remote host 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * in order to make password attacks more difficult. 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 315f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh throttle_delay = throttle_host(iph1->remote, res); 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (throttle_delay > 0) { 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *str; 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang str = saddrwop2str(iph1->remote); 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Throttling in action for %s: delay %lds\n", 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang str, (unsigned long)throttle_delay); 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = -1; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang throttle_delay = 0; 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangskip_auth: 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (throttle_delay != 0) { 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_reply_arg *xra; 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 333f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if ((xra = racoon_calloc(1, sizeof(*xra))) == NULL) { 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "malloc failed, bypass throttling\n"); 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return xauth_reply(iph1, port, id, res); 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We need to store the ph1, but it might have 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * disapeared when xauth_reply is called, so 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * store the index instead. 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xra->index = iph1->index; 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xra->port = port; 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xra->id = id; 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xra->res = res; 348f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh sched_schedule(&xra->sc, throttle_delay, 349f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_reply_stub); 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return xauth_reply(iph1, port, id, res); 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 359f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehxauth_reply_stub(sc) 360f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct sched *sc; 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 362f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct xauth_reply_arg *xra = container_of(sc, struct xauth_reply_arg, sc); 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1 = getph1byindex(&xra->index)) != NULL) 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)xauth_reply(iph1, xra->port, xra->id, xra->res); 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Delayed Xauth reply: phase 1 no longer exists.\n"); 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(xra); 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_reply(iph1, port, id, res) 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int id; 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst = &iph1->mode_cfg->xauth; 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr = xst->authdata.generic.usr; 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res != 0) { 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (port != -1) 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_putport(iph1, port); 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "login failed for user \"%s\"\n", usr); 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_sendstatus(iph1, XAUTH_STATUS_FAIL, id); 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xst->status = XAUTHST_NOTYET; 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Delete Phase 1 SA */ 394f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (iph1->status >= PHASE1ST_ESTABLISHED) 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph1(iph1); 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph1(iph1); 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xst->status = XAUTHST_OK; 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "login succeeded for user \"%s\"\n", usr); 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_sendstatus(iph1, XAUTH_STATUS_OK, id); 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_sendstatus(iph1, status, id) 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int status; 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int id; 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attr; 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *stattr; 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t tlen; 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*attr) + 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + sizeof(*stattr); 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(tlen)) == NULL) { 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate buffer\n"); 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_pl_attr *)buffer->v; 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(attr, 0, tlen); 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->h.len = htons(tlen); 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = ISAKMP_CFG_SET; 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->id = htons(id); 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang stattr = (struct isakmp_data *)(attr + 1); 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang stattr->type = htons(XAUTH_STATUS | ISAKMP_GEN_TV); 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang stattr->lorv = htons(status); 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_send(iph1, buffer, 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 1); 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 451f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehxauth_radius_init_conf(int free) 452f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh{ 453f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh /* free radius config resources */ 454f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (free) { 455f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int i; 456f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh for (i = 0; i < xauth_rad_config.auth_server_count; i++) { 457f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh vfree(xauth_rad_config.auth_server_list[i].host); 458f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh vfree(xauth_rad_config.auth_server_list[i].secret); 459f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 460f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh for (i = 0; i < xauth_rad_config.acct_server_count; i++) { 461f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh vfree(xauth_rad_config.acct_server_list[i].host); 462f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh vfree(xauth_rad_config.acct_server_list[i].secret); 463f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 464f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (radius_auth_state != NULL) 465f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_close(radius_auth_state); 466f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (radius_acct_state != NULL) 467f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_close(radius_acct_state); 468f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 469f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 470f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh /* initialize radius config */ 471f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh memset(&xauth_rad_config, 0, sizeof(xauth_rad_config)); 472f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return 0; 473f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh} 474f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 475f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehint 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_radius_init(void) 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* For first time use, initialize Radius */ 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_RADIUS) && 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (radius_auth_state == NULL)) { 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((radius_auth_state = rad_auth_open()) == NULL) { 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot init libradius\n"); 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 487f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int auth_count = xauth_rad_config.auth_server_count; 488f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int auth_added = 0; 489f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (auth_count) { 490f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int i; 491f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh for (i = 0; i < auth_count; i++) { 492f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if(!rad_add_server( 493f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh radius_auth_state, 494f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.auth_server_list[i].host->v, 495f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.auth_server_list[i].port, 496f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.auth_server_list[i].secret->v, 497f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.timeout, 498f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.retries )) 499f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh auth_added++; 500f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh else 501f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_WARNING, LOCATION, NULL, 502f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "could not add radius auth server %s\n", 503f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.auth_server_list[i].host->v); 504f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 505f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 506f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 507f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (!auth_added) { 508f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (rad_config(radius_auth_state, NULL) != 0) { 509f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 510f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "Cannot open libradius config file: %s\n", 511f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_strerror(radius_auth_state)); 512f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_close(radius_auth_state); 513f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh radius_auth_state = NULL; 514f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return -1; 515f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_RADIUS) && 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (radius_acct_state == NULL)) { 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((radius_acct_state = rad_acct_open()) == NULL) { 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot init libradius\n"); 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 527f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int acct_count = xauth_rad_config.acct_server_count; 528f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int acct_added = 0; 529f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (acct_count) { 530f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh int i; 531f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh for (i = 0; i < acct_count; i++) { 532f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if(!rad_add_server( 533f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh radius_acct_state, 534f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.acct_server_list[i].host->v, 535f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.acct_server_list[i].port, 536f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.acct_server_list[i].secret->v, 537f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.timeout, 538f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.retries )) 539f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh acct_added++; 540f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh else 541f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_WARNING, LOCATION, NULL, 542f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "could not add radius account server %s\n", 543f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh xauth_rad_config.acct_server_list[i].host->v); 544f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 545f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 546f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 547f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (!acct_added) { 548f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (rad_config(radius_acct_state, NULL) != 0) { 549f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 550f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "Cannot open libradius config file: %s\n", 551f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_strerror(radius_acct_state)); 552f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh rad_close(radius_acct_state); 553f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh radius_acct_state = NULL; 554f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return -1; 555f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_login_radius(iph1, usr, pwd) 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pwd; 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res; 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang const void *data; 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_create_request(radius_auth_state, RAD_ACCESS_REQUEST) != 0) { 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_create_request failed: %s\n", 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_auth_state)); 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_string(radius_auth_state, RAD_USER_NAME, usr) != 0) { 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_string failed: %s\n", 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_auth_state)); 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_string(radius_auth_state, RAD_USER_PASSWORD, pwd) != 0) { 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_string failed: %s\n", 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_auth_state)); 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_radius_common(radius_auth_state, iph1->mode_cfg->port) != 0) 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (res = rad_send_request(radius_auth_state)) { 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case RAD_ACCESS_ACCEPT: 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((type = rad_get_attr(radius_auth_state, &data, &len)) != 0) { 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case RAD_FRAMED_IP_ADDRESS: 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->addr4 = rad_cvt_addr(data); 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang |= ISAKMP_CFG_ADDR4_EXTERN; 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case RAD_FRAMED_IP_NETMASK: 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->mask4 = rad_cvt_addr(data); 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang |= ISAKMP_CFG_MASK4_EXTERN; 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected attribute: %d\n", type); 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case RAD_ACCESS_REJECT: 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case -1: 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_send_request failed: %s\n", 6300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_auth_state)); 6310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 6350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_send_request returned %d\n", res); 6360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 6430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 6450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 6460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih WangPAM_conv(msg_count, msg, rsp, dontcare) 6470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int msg_count; 6480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang const struct pam_message **msg; 6490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct pam_response **rsp; 6500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang void *dontcare; 6510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 6530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int replies = 0; 6540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct pam_response *reply = NULL; 6550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((reply = racoon_malloc(sizeof(*reply) * msg_count)) == NULL) 6570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return PAM_CONV_ERR; 6580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bzero(reply, sizeof(*reply) * msg_count); 6590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < msg_count; i++) { 6610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (msg[i]->msg_style) { 6620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PAM_PROMPT_ECHO_ON: 6630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Send the username, libpam frees resp */ 6640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply[i].resp_retcode = PAM_SUCCESS; 6650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((reply[i].resp = strdup(PAM_usr)) == NULL) { 6660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, 6670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, "strdup failed\n"); 6680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang exit(1); 6690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PAM_PROMPT_ECHO_OFF: 6730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Send the password, libpam frees resp */ 6740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply[i].resp_retcode = PAM_SUCCESS; 6750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((reply[i].resp = strdup(PAM_pwd)) == NULL) { 6760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, 6770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, "strdup failed\n"); 6780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang exit(1); 6790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PAM_TEXT_INFO: 6830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PAM_ERROR_MSG: 6840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply[i].resp_retcode = PAM_SUCCESS; 6850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply[i].resp = NULL; 6860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply != NULL) 6900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(reply); 6910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return PAM_CONV_ERR; 6920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply != NULL) 6970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *rsp = reply; 6980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return PAM_SUCCESS; 7000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 7030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_login_pam(port, raddr, usr, pwd) 7040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 7050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *raddr; 7060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 7070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pwd; 7080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 7100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res; 7110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang const void *data; 7120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 7130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 7140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *remote = NULL; 7150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_handle_t *pam = NULL; 7160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 7180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 7200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 7210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = pam_start("racoon", usr, 7240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &PAM_chat, &isakmp_cfg_config.port_pool[port].pam)) != 0) { 7250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[port].pam == NULL) { 7260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "pam_start failed\n"); 7270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 7280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 7290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_start failed: %s\n", 7310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(isakmp_cfg_config.port_pool[port].pam, 7320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error)); 7330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam = isakmp_cfg_config.port_pool[port].pam; 7370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((remote = strdup(saddrwop2str(raddr))) == NULL) { 7390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "cannot allocate memory: %s\n", strerror(errno)); 7410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 743f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 7440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = pam_set_item(pam, PAM_RHOST, remote)) != 0) { 7450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_set_item failed: %s\n", 7470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 7480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 751f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if ((error = pam_set_item(pam, PAM_RUSER, usr)) != 0) { 752f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 753f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "pam_set_item failed: %s\n", 754f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh pam_strerror(pam, error)); 755f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh goto out; 756f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 757f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 7580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang PAM_usr = usr; 7590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang PAM_pwd = pwd; 7600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = pam_authenticate(pam, 0); 7610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang PAM_usr = NULL; 7620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang PAM_pwd = NULL; 7630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0) { 7640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_authenticate failed: %s\n", 7660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 7670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = pam_acct_mgmt(pam, 0)) != 0) { 7710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_acct_mgmt failed: %s\n", 7730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 7740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = pam_setcred(pam, 0)) != 0) { 7780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_setcred failed: %s\n", 7800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 7810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 7820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (remote != NULL) 7850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(remote); 7860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 7880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 7900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_end(pam, error); 7910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[port].pam = NULL; 7920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (remote != NULL) 7930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(remote); 7940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 7950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 7970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 7990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 800f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehxauth_ldap_init_conf(void) 8010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tmplen; 8030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 8040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.pver = 3; 8060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.host = NULL; 8070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.port = LDAP_PORT; 8080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.base = NULL; 8090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.subtree = 0; 8100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.bind_dn = NULL; 8110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.bind_pw = NULL; 8120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.auth_type = LDAP_AUTH_SIMPLE; 8130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_user = NULL; 8140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_addr = NULL; 8150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_mask = NULL; 8160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_group = NULL; 8170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_member = NULL; 8180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default host */ 8200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_HOST); 8210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.host = vmalloc(tmplen); 8220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.host == NULL) 8230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.host->v, LDAP_DFLT_HOST, tmplen); 8250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default user naming attribute */ 8270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_USER); 8280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_user = vmalloc(tmplen); 8290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.attr_user == NULL) 8300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.attr_user->v, LDAP_DFLT_USER, tmplen); 8320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default address attribute */ 8340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_ADDR); 8350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_addr = vmalloc(tmplen); 8360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.attr_addr == NULL) 8370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.attr_addr->v, LDAP_DFLT_ADDR, tmplen); 8390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default netmask attribute */ 8410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_MASK); 8420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_mask = vmalloc(tmplen); 8430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.attr_mask == NULL) 8440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.attr_mask->v, LDAP_DFLT_MASK, tmplen); 8460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default group naming attribute */ 8480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_GROUP); 8490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_group = vmalloc(tmplen); 8500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.attr_group == NULL) 8510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.attr_group->v, LDAP_DFLT_GROUP, tmplen); 8530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* set default member attribute */ 8550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(LDAP_DFLT_MEMBER); 8560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_member = vmalloc(tmplen); 8570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.attr_member == NULL) 8580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 8590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(xauth_ldap_config.attr_member->v, LDAP_DFLT_MEMBER, tmplen); 8600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 8620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 8630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0) 8640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "cannot allocate memory\n"); 8650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 8670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 8680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 8700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_login_ldap(iph1, usr, pwd) 8710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 8720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 8730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pwd; 8740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 8750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int rtn = -1; 8760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res = -1; 8770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAP *ld = NULL; 8780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAPMessage *lr = NULL; 8790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAPMessage *le = NULL; 8800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct berval cred; 8810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct berval **bv = NULL; 8820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval timeout; 8830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *init = NULL; 8840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *filter = NULL; 8850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *atlist[3]; 8860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *basedn = NULL; 8870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *userdn = NULL; 8880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tmplen = 0; 8890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ecount = 0; 8900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int scope = LDAP_SCOPE_ONE; 8910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang atlist[0] = NULL; 8930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang atlist[1] = NULL; 8940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang atlist[2] = NULL; 8950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* build our initialization url */ 8970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen("ldap://:") + 17; 8980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(xauth_ldap_config.host->v); 8990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang init = racoon_malloc(tmplen); 9000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (init == NULL) { 9010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unable to alloc ldap init url\n"); 9030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sprintf(init,"ldap://%s:%d", 9060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.host->v, 9070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.port ); 9080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialize the ldap handle */ 9100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_initialize(&ld, init); 9110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res != LDAP_SUCCESS) { 9120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_initialize failed: %s\n", 9140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 9150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialize the protocol version */ 9190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, 9200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &xauth_ldap_config.pver); 9210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 9230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * attempt to bind to the ldap server. 9240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * default to anonymous bind unless a 9250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * user dn and password has been 9260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * specified in our configuration 9270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 9280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((xauth_ldap_config.bind_dn != NULL)&& 9290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (xauth_ldap_config.bind_pw != NULL)) 9300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 9310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_val = xauth_ldap_config.bind_pw->v; 9320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_len = strlen( cred.bv_val ); 9330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_sasl_bind_s(ld, 9340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.bind_dn->v, NULL, &cred, 9350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL); 9360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 9380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 9390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_sasl_bind_s(ld, 9400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL, 9410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL); 9420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res!=LDAP_SUCCESS) { 9450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_sasl_bind_s (search) failed: %s\n", 9470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 9480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* build an ldap user search filter */ 9520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(xauth_ldap_config.attr_user->v); 9530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += 1; 9540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(usr); 9550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += 1; 9560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter = racoon_malloc(tmplen); 9570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (filter == NULL) { 9580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unable to alloc ldap search filter buffer\n"); 9600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sprintf(filter, "%s=%s", 9630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_user->v, usr); 9640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* build our return attribute list */ 9660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(xauth_ldap_config.attr_addr->v) + 1; 9670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang atlist[0] = racoon_malloc(tmplen); 9680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen(xauth_ldap_config.attr_mask->v) + 1; 9690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang atlist[1] = racoon_malloc(tmplen); 9700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((atlist[0] == NULL)||(atlist[1] == NULL)) { 9710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unable to alloc ldap attrib list buffer\n"); 9730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strcpy(atlist[0],xauth_ldap_config.attr_addr->v); 9760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strcpy(atlist[1],xauth_ldap_config.attr_mask->v); 9770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* attempt to locate the user dn */ 9790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.base != NULL) 9800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang basedn = xauth_ldap_config.base->v; 9810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.subtree) 9820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang scope = LDAP_SCOPE_SUBTREE; 9830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang timeout.tv_sec = 15; 9840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang timeout.tv_usec = 0; 9850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_search_ext_s(ld, basedn, scope, 9860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter, atlist, 0, NULL, NULL, 9870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &timeout, 2, &lr); 9880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res != LDAP_SUCCESS) { 9890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 9900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_search_ext_s failed: %s\n", 9910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 9920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 9930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check the number of ldap entries returned */ 9960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ecount = ldap_count_entries(ld, lr); 9970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ecount < 1) { 9980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 9990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "no ldap results for filter \'%s\'\n", 10000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter); 10010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 10020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ecount > 1) { 10040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 10050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "multiple (%i) ldap results for filter \'%s\'\n", 10060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ecount, filter); 10070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* obtain the dn from the first result */ 10100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang le = ldap_first_entry(ld, lr); 10110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (le == NULL) { 10120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 10130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_first_entry failed: invalid entry returned\n"); 10140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 10150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang userdn = ldap_get_dn(ld, le); 10170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (userdn == NULL) { 10180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 10190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_get_dn failed: invalid string returned\n"); 10200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 10210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* cache the user dn in the xauth state */ 10240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->xauth.udn = racoon_malloc(strlen(userdn)+1); 10250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strcpy(iph1->mode_cfg->xauth.udn,userdn); 10260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* retrieve modecfg address */ 10280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bv = ldap_get_values_len(ld, le, xauth_ldap_config.attr_addr->v); 10290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (bv != NULL) { 10300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char tmpaddr[16]; 10310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* sanity check for address value */ 10320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((bv[0]->bv_len < 7)||(bv[0]->bv_len > 15)) { 10330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 10340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap returned invalid modecfg address\n"); 10350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_value_free_len(bv); 10360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 10370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(tmpaddr,bv[0]->bv_val,bv[0]->bv_len); 10390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmpaddr[bv[0]->bv_len]=0; 10400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->addr4.s_addr = inet_addr(tmpaddr); 10410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_ADDR4_EXTERN; 10420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 10430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap returned modecfg address %s\n", tmpaddr); 10440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_value_free_len(bv); 10450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* retrieve modecfg netmask */ 10480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bv = ldap_get_values_len(ld, le, xauth_ldap_config.attr_mask->v); 10490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (bv != NULL) { 10500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char tmpmask[16]; 10510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* sanity check for netmask value */ 10520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((bv[0]->bv_len < 7)||(bv[0]->bv_len > 15)) { 10530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 10540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap returned invalid modecfg netmask\n"); 10550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_value_free_len(bv); 10560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_end; 10570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(tmpmask,bv[0]->bv_val,bv[0]->bv_len); 10590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmpmask[bv[0]->bv_len]=0; 10600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->mask4.s_addr = inet_addr(tmpmask); 10610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_MASK4_EXTERN; 10620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 10630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap returned modecfg netmask %s\n", tmpmask); 10640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_value_free_len(bv); 10650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 10680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * finally, use the dn and the xauth 10690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * password to check the users given 10700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * credentials by attempting to bind 10710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * to the ldap server 10720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 10730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 10740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "attempting ldap bind for dn \'%s\'\n", userdn); 10750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_val = pwd; 10760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_len = strlen( cred.bv_val ); 10770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_sasl_bind_s(ld, 10780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang userdn, NULL, &cred, 10790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL); 10800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(res==LDAP_SUCCESS) 10810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rtn = 0; 10820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangldap_end: 10840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* free ldap resources */ 10860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (userdn != NULL) 10870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_memfree(userdn); 10880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (atlist[0] != NULL) 10890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(atlist[0]); 10900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (atlist[1] != NULL) 10910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(atlist[1]); 10920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (filter != NULL) 10930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(filter); 10940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lr != NULL) 10950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_msgfree(lr); 10960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (init != NULL) 10970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(init); 10980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_unbind_ext_s(ld, NULL, NULL); 11000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return rtn; 11020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 11030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 11050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_group_ldap(udn, grp) 11060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * udn; 11070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * grp; 11080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 11090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int rtn = -1; 11100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res = -1; 11110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAP *ld = NULL; 11120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAPMessage *lr = NULL; 11130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LDAPMessage *le = NULL; 11140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct berval cred; 11150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval timeout; 11160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *init = NULL; 11170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *filter = NULL; 11180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *basedn = NULL; 11190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *groupdn = NULL; 11200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tmplen = 0; 11210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ecount = 0; 11220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int scope = LDAP_SCOPE_ONE; 11230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* build our initialization url */ 11250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen("ldap://:") + 17; 11260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(xauth_ldap_config.host->v); 11270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang init = racoon_malloc(tmplen); 11280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (init == NULL) { 11290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unable to alloc ldap init url\n"); 11310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 11320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sprintf(init,"ldap://%s:%d", 11340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.host->v, 11350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.port ); 11360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialize the ldap handle */ 11380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_initialize(&ld, init); 11390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res != LDAP_SUCCESS) { 11400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_initialize failed: %s\n", 11420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 11430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 11440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialize the protocol version */ 11470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, 11480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &xauth_ldap_config.pver); 11490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 11510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * attempt to bind to the ldap server. 11520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * default to anonymous bind unless a 11530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * user dn and password has been 11540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * specified in our configuration 11550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 11560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((xauth_ldap_config.bind_dn != NULL)&& 11570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (xauth_ldap_config.bind_pw != NULL)) 11580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 11590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_val = xauth_ldap_config.bind_pw->v; 11600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred.bv_len = strlen( cred.bv_val ); 11610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_sasl_bind_s(ld, 11620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.bind_dn->v, NULL, &cred, 11630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL); 11640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 11660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 11670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_sasl_bind_s(ld, 11680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL, 11690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL, NULL); 11700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res!=LDAP_SUCCESS) { 11730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_sasl_bind_s (search) failed: %s\n", 11750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 11760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 11770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* build an ldap group search filter */ 11800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen = strlen("(&(=)(=))") + 1; 11810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(xauth_ldap_config.attr_group->v); 11820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(grp); 11830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(xauth_ldap_config.attr_member->v); 11840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmplen += strlen(udn); 11850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter = racoon_malloc(tmplen); 11860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (filter == NULL) { 11870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unable to alloc ldap search filter buffer\n"); 11890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 11900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sprintf(filter, "(&(%s=%s)(%s=%s))", 11920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_group->v, grp, 11930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_ldap_config.attr_member->v, udn); 11940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* attempt to locate the group dn */ 11960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.base != NULL) 11970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang basedn = xauth_ldap_config.base->v; 11980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_ldap_config.subtree) 11990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang scope = LDAP_SCOPE_SUBTREE; 12000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang timeout.tv_sec = 15; 12010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang timeout.tv_usec = 0; 12020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = ldap_search_ext_s(ld, basedn, scope, 12030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter, NULL, 0, NULL, NULL, 12040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &timeout, 2, &lr); 12050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res != LDAP_SUCCESS) { 12060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 12070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_search_ext_s failed: %s\n", 12080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_err2string(res)); 12090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 12100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check the number of ldap entries returned */ 12130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ecount = ldap_count_entries(ld, lr); 12140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ecount < 1) { 12150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 12160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "no ldap results for filter \'%s\'\n", 12170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang filter); 12180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 12190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* success */ 12220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rtn = 0; 12230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* obtain the dn from the first result */ 12250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang le = ldap_first_entry(ld, lr); 12260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (le == NULL) { 12270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 12280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_first_entry failed: invalid entry returned\n"); 12290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 12300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang groupdn = ldap_get_dn(ld, le); 12320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (groupdn == NULL) { 12330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 12340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap_get_dn failed: invalid string returned\n"); 12350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto ldap_group_end; 12360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 12390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ldap membership group returned \'%s\'\n", groupdn); 12400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangldap_group_end: 12410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* free ldap resources */ 12430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (groupdn != NULL) 12440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_memfree(groupdn); 12450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (filter != NULL) 12460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(filter); 12470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lr != NULL) 12480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_msgfree(lr); 12490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (init != NULL) 12500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(init); 12510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ldap_unbind_ext_s(ld, NULL, NULL); 12530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return rtn; 12550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 12560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 12580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1259514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#ifndef ANDROID_PATCHED 1260514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 12610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 12620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_login_system(usr, pwd) 12630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 12640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pwd; 12650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 12660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct passwd *pw; 12670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *cryptpwd; 12680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *syscryptpwd; 12690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_SHADOW_H 12700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct spwd *spw; 12710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((spw = getspnam(usr)) == NULL) 12730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 12740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang syscryptpwd = spw->sp_pwdp; 12760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 12770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((pw = getpwnam(usr)) == NULL) 12790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 12800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifndef HAVE_SHADOW_H 12820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang syscryptpwd = pw->pw_passwd; 12830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 12840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* No root login. Ever. */ 12860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pw->pw_uid == 0) 12870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 12880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((cryptpwd = crypt(pwd, syscryptpwd)) == NULL) 12900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 12910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (strcmp(cryptpwd, syscryptpwd) == 0) 12930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 12940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 12960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 12970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1298514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#endif 1299514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 13000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_group_system(usr, grp) 13020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * usr; 13030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * grp; 13040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct group * gr; 13060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * member; 13070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int index = 0; 13080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gr = getgrnam(grp); 13100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gr == NULL) { 13110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "the system group name \'%s\' is unknown\n", 13130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang grp); 13140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((member = gr->gr_mem[index++])!=NULL) { 13180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!strcmp(member,usr)) { 13190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 13200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "membership validated\n"); 13210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 13220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_check(iph1) 13300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst = &iph1->mode_cfg->xauth; 13330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 13350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Only the server side (edge device) really check for Xauth 13360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * status. It does it if the chose authmethod is using Xauth. 13370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * On the client side (roadwarrior), we don't check anything. 13380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1339f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh switch (iph1->approval->authmethod) { 13400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R: 13410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R: 13420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: 13430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* The following are not yet implemented */ 13440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R: 13450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R: 13460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R: 13470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R: 13480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) { 13490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Hybrid auth negotiated but peer did not " 13510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "announced as Xauth capable\n"); 13520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->status != XAUTHST_OK) { 13560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Hybrid auth negotiated but peer did not " 13580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "succeed Xauth exchange\n"); 13590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 13630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 13640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 13650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 13660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 13670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 13700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggroup_check(iph1, grp_list, grp_count) 13740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char **grp_list; 13760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int grp_count; 13770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int res = -1; 13790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int grp_index = 0; 13800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char * usr = NULL; 13810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check for presence of modecfg data */ 13830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg == NULL) { 13850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "xauth group specified but modecfg not found\n"); 13870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return res; 13880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* loop through our group list */ 13910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for(; grp_index < grp_count; grp_index++) { 13930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check for presence of xauth data */ 13950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usr = iph1->mode_cfg->xauth.authdata.generic.usr; 13970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(usr == NULL) { 13990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "xauth group specified but xauth not found\n"); 14010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return res; 14020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* call appropriate group validation funtion */ 14050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (isakmp_cfg_config.groupsource) { 14070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_GROUP_SYSTEM: 14090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = xauth_group_system( 14100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usr, 14110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang grp_list[grp_index]); 14120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 14150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_GROUP_LDAP: 14160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang res = xauth_group_ldap( 14170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->xauth.udn, 14180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang grp_list[grp_index]); 14190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 14230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* we should never get here */ 14240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unknown group auth source\n"); 14260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if( !res ) { 14300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 14310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "user \"%s\" is a member of group \"%s\"\n", 14320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usr, 14330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang grp_list[grp_index]); 14340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 14360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 14370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "user \"%s\" is not a member of group \"%s\"\n", 14380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usr, 14390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang grp_list[grp_index]); 14400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return res; 14440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 14470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_xauth_req(iph1, attr) 14480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 14490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 14500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 14520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t dlen = 0; 14530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ashort = 0; 14540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int value = 0; 14550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer = NULL; 14561c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh char *mraw = NULL, *mdata; 14570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 14580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *usr = NULL; 14590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *pwd = NULL; 14600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t skip = 0; 14610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int freepwd = 0; 14620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) { 14640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth mode config request but peer " 14660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "did not declare itself as Xauth capable\n"); 14670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 14680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type) & ~ISAKMP_GEN_MASK; 14710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Sanity checks */ 14730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 14740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 14750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) { 14760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected long XAUTH_TYPE attribute\n"); 14780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 14790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ntohs(attr->lorv) != XAUTH_TYPE_GENERIC) { 14810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unsupported Xauth authentication %d\n", 14830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ntohs(attr->lorv)); 14840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 14850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ashort = 1; 14870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dlen = 0; 14880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang value = XAUTH_TYPE_GENERIC; 14890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 14920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!iph1->rmconf->xauth || !iph1->rmconf->xauth->login) { 14930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Xauth performed " 14940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "with no login supplied\n"); 14950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 14960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dlen = iph1->rmconf->xauth->login->l - 1; 14990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->xauth->state |= XAUTH_SENT_USERNAME; 15000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1502d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh#ifdef ANDROID_PATCHED 1503d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh case XAUTH_PASSCODE: 1504d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh#endif 15050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 15060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!iph1->rmconf->xauth || !iph1->rmconf->xauth->login) 15070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang skip = sizeof(struct ipsecdoi_id_b); 15100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang usr = vmalloc(iph1->rmconf->xauth->login->l - 1 + skip); 15110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (usr == NULL) { 15120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 15140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(usr->v, 0, skip); 15170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(usr->v + skip, 15180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->xauth->login->v, 15190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->xauth->login->l - 1); 15200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->rmconf->xauth->pass) { 15220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* A key given through racoonctl */ 15230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pwd = iph1->rmconf->xauth->pass; 15240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 15250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((pwd = getpskbyname(usr)) == NULL) { 15260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No password was found for login %s\n", 15280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->xauth->login->v); 15290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(usr); 15300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* We have to free it before returning */ 15330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang freepwd = 1; 15340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(usr); 15360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->xauth->state |= XAUTH_SENT_PASSWORD; 15380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dlen = pwd->l; 15390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 15420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) { 15430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dlen = ntohs(attr->lorv); 15440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (dlen > 0) { 15450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang mraw = (char*)(attr + 1); 15461c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh mdata = binsanitize(mraw, dlen); 15471c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh if (mdata == NULL) { 15480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, iph1->remote, 15490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 15500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_NOTIFY,LOCATION, iph1->remote, 15530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "XAUTH Message: '%s'.\n", 15541c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh mdata); 15551c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh racoon_free(mdata); 15560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 15600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 15610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", s_isakmp_cfg_type(type)); 15620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 15630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + dlen)) == NULL) { 15670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 15690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 15700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)buffer->v; 15730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ashort) { 15740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = htons(type | ISAKMP_GEN_TV); 15750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->lorv = htons(value); 15760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 15770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = htons(type | ISAKMP_GEN_TLV); 15800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->lorv = htons(dlen); 15810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(attr + 1); 15820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 15840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 15850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 15860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * iph1->rmconf->xauth->login->v is valid, 15870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * we just checked it in the previous switch case 15880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 15890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(data, iph1->rmconf->xauth->login->v, dlen); 15900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 1591d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh#ifdef ANDROID_PATCHED 1592d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh case XAUTH_PASSCODE: 1593d30604685e6cc1fa878806ae590dcd1fc9d43f91Chia-chi Yeh#endif 15940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 15950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(data, pwd->v, dlen); 15960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 15980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 16020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (freepwd) 16030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(pwd); 16040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 16060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 16070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 16090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_xauth_set(iph1, attr) 16100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 16110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 16120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 16130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 16140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer = NULL; 16150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 16160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst; 16170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t dlen = 0; 16181c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh char* mraw = NULL, *mdata; 16190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) { 16210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth mode config set but peer " 16230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "did not declare itself as Xauth capable\n"); 16240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 16250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type) & ~ISAKMP_GEN_MASK; 16280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 16300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 16310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 16320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We should only receive ISAKMP mode_cfg SET XAUTH_STATUS 16330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * when running as a client (initiator). 16340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 16350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xst = &iph1->mode_cfg->xauth; 1636f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh switch (iph1->approval->authmethod) { 16370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I: 1638f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I: 16390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I: 16400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Not implemented ... */ 16410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I: 16420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I: 16430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I: 16440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I: 16450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 16470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected XAUTH_STATUS_OK\n"); 16490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 16500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* If we got a failure, delete iph1 */ 16540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ntohs(attr->lorv) != XAUTH_STATUS_OK) { 16550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Xauth authentication failed\n"); 16570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1658f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh evt_phase1(iph1, EVT_PHASE1_XAUTH_FAILED, NULL); 16590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_DELETE_PH1; 16610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 1662f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh evt_phase1(iph1, EVT_PHASE1_XAUTH_SUCCESS, NULL); 16630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* We acknowledge it */ 16670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 16690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) { 16700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dlen = ntohs(attr->lorv); 16710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (dlen > 0) { 16720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang mraw = (char*)(attr + 1); 16731c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh mdata = binsanitize(mraw, dlen); 16741c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh if (mdata == NULL) { 16750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, iph1->remote, 16760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 16770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 16780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_NOTIFY,LOCATION, iph1->remote, 16800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "XAUTH Message: '%s'.\n", 16811c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh mdata); 16821c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh racoon_free(mdata); 16830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 16870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 16880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", s_isakmp_cfg_type(type)); 16890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 16900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr))) == NULL) { 16940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 16960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 16970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)buffer->v; 17000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = htons(type | ISAKMP_GEN_TV); 17010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->lorv = htons(0); 17020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 17040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 17080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_rmstate(xst) 17090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_state *xst; 17100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (xst->authtype) { 17120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE_GENERIC: 17130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->authdata.generic.usr) 17140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(xst->authdata.generic.usr); 17150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->authdata.generic.pwd) 17170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(xst->authdata.generic.pwd); 17180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE_CHAP: 17220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE_OTP: 17230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE_SKEY: 17240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 17250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unsupported authtype %d\n", xst->authtype); 17260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 17290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 17300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected authtype %d\n", xst->authtype); 17310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 17350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xst->udn != NULL) 17360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(xst->udn); 17370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 17380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 17420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_rmconf_used(xauth_rmconf) 17430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_rmconf **xauth_rmconf; 17440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*xauth_rmconf == NULL) { 17460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *xauth_rmconf = racoon_malloc(sizeof(**xauth_rmconf)); 17470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*xauth_rmconf == NULL) { 17480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 17490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "xauth_rmconf_used: malloc failed\n"); 17500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 17510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*xauth_rmconf)->login = NULL; 17540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*xauth_rmconf)->pass = NULL; 17550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*xauth_rmconf)->state = 0; 17560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 17590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 17620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangxauth_rmconf_delete(xauth_rmconf) 17630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct xauth_rmconf **xauth_rmconf; 17640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*xauth_rmconf != NULL) { 17660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((*xauth_rmconf)->login != NULL) 17670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree((*xauth_rmconf)->login); 17680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((*xauth_rmconf)->pass != NULL) 17690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree((*xauth_rmconf)->pass); 17700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(*xauth_rmconf); 17720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *xauth_rmconf = NULL; 17730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1777f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1778f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehstruct xauth_rmconf * 1779f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehxauth_rmconf_dup(xauth_rmconf) 1780f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct xauth_rmconf *xauth_rmconf; 1781f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh{ 1782f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct xauth_rmconf *new; 1783f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1784f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (xauth_rmconf != NULL) { 1785f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new = racoon_malloc(sizeof(*new)); 1786f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (new == NULL) { 1787f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1788f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "xauth_rmconf_dup: malloc failed\n"); 1789f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return NULL; 1790f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1791f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1792f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh memcpy(new, xauth_rmconf, sizeof(*new)); 1793f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1794f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (xauth_rmconf->login != NULL) { 1795f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new->login = vdup(xauth_rmconf->login); 1796f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (new->login == NULL) { 1797f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1798f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "xauth_rmconf_dup: malloc failed (login)\n"); 1799f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return NULL; 1800f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1801f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1802f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (xauth_rmconf->pass != NULL) { 1803f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new->pass = vdup(xauth_rmconf->pass); 1804f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (new->pass == NULL) { 1805f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1806f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "xauth_rmconf_dup: malloc failed (password)\n"); 1807f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return NULL; 1808f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1809f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1810f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1811f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return new; 1812f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1813f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1814f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return NULL; 1815f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh} 1816