📄 radiud.mp.c
字号:
}else{
memcpy(name_str,namepair->strvalue,sizeof(namepair->strvalue));
}
/* Verify the realm and the radius host(remote/local) */
if(realm_find(authreq, realm_suffix) != 0) {
sprintf(msg, "Authenticate: from %s - Invalid Realm: %s\n", ip_hostname(authreq->ipaddr), realm_suffix);
msg[127] = '\0';
log_err(msg);
send_reject(authreq, (char *)NULL, activefd);
pairfree(authreq->request);
memset(authreq, 0, sizeof(AUTH_REQ));
free(authreq);
return;
}
/* Verify whether the local realm */
/* if not then forwarding the request */
/* else authentication at local */
if(authreq->proxy_state){
/* Log to the file */
ipaddr2str(addr_str,authreq->r_serv);
sprintf(msg,"Auth remote: %s - Realm: %s\n",addr_str,authreq->realm);
msg[127]='\0';
log_err(msg);
/* Forwarding the request to the remote server */
forwarding_request_reply(authreq,activefd);
/* Just for test */
/*-------------------
sprintf(msg, "Auth remote: reply from %s:%d\n", ip_hostname(authreq->r_serv),authreq->udp_port);
msg[127] = '\0';
log_err(msg);
-------------------*/
/* send_reject(authreq, (char *)NULL, activefd); */
/* pairfree(authreq->request); */
/* memset(authreq, 0, sizeof(AUTH_REQ)); */
/* free(authreq); */
return;
}else{
/* Log to the logfile */
ipaddr2str(addr_str,authreq->r_serv);
sprintf(msg,"Auth Local: %s - Realm: %s\n",addr_str,authreq->realm);
msg[127]='\0';
log_err(msg);
/* Chech result sign */
result = 0;
user_msg = (char *)NULL;
/*----------------------*/
/* Tempary add function */
/*----------------------*/
if(user_find(name_str, &user_check, &user_reply) != 0) {
sprintf(msg, "Authenticate: from %s - Invalid User: %s\n", ip_hostname(authreq->ipaddr), namepair->strvalue);
msg[127] = '\0';
log_err(msg);
send_reject(authreq, (char *)NULL, activefd);
pairfree(authreq->request);
memset(authreq, 0, sizeof(AUTH_REQ));
free(authreq);
return;
}
/* Validate the user */
/* Look for matching check items */
authreq->check_item = user_check;
authreq->reply_item = user_reply;
check_item = user_check;
auth_type_pair = (VALUE_PAIR *)NULL;
while(check_item != (VALUE_PAIR *)NULL) {
if(check_item->attribute == PW_AUTH_TYPE) {
auth_type_pair = check_item;
break;
}
check_item = check_item->next;
}
if(auth_type_pair != (VALUE_PAIR *)NULL) {
switch(auth_type_pair->lvalue) {
case PW_AUTH_LOCAL:
check_item = authreq->check_item;
while(result == 0 && check_item != (VALUE_PAIR *)NULL) {
/* Exclude the Auth-Type Attribute */
if(check_item->attribute == PW_AUTH_TYPE) {
check_item = check_item->next;
continue;
}
/* Check expiration */
if(check_item->attribute == PW_EXPIRATION) {
if(check_expiration(check_item) != 0) {
result = -1;
}
check_item = check_item->next;
continue;
}
/* Check simultaneous_use */
if(check_item->attribute == PW_SIMULTANEOUS_USE) {
check_item = check_item->next;
continue;
}
auth_item = authreq->request;
while(auth_item != (VALUE_PAIR *)NULL) {
if(check_item->attribute == auth_item->attribute) {
break;
}
auth_item = auth_item->next;
}
if(auth_item == (VALUE_PAIR *)NULL) {
result = -1;
continue;
}
/* Decrypt the password and check it */
if(check_item->attribute == PW_PASSWORD) {
memcpy(string, auth_item->strvalue,AUTH_PASS_LEN);
for(i=0; i<AUTH_PASS_LEN; i++) {
string[i] ^= pw_digest[i];
}
string[AUTH_PASS_LEN]='\0';
if(strcmp(check_item->strvalue, string) != 0) {
result = -1;
user_msg = (char *)NULL;
}
}else{
switch(check_item->type) {
case PW_TYPE_STRING:
if(strcmp(check_item->strvalue,auth_item->strvalue)!=0) {
result = -1;
}
break;
case PW_TYPE_IPADDR:
case PW_TYPE_INTEGER:
if(check_item->lvalue != auth_item->lvalue) {
result = -1;
}
break;
default:
result = -1;
break;
}
}
check_item = check_item->next;
} /* end of while(result==0) */
break;
case PW_AUTH_CRYPT_LOCAL:
check_item = authreq->check_item;
while(result == 0 && check_item != (VALUE_PAIR *)NULL) {
/* Exclude the Auth-Type Attribute */
if(check_item->attribute == PW_AUTH_TYPE) {
check_item = check_item->next;
continue;
}
/* Check expiration */
if(check_item->attribute == PW_EXPIRATION) {
if(check_expiration(check_item) != 0) {
result = -1;
/* Just for test */
/*------------------
sprintf(msg,"Auth: password expired - result: %d\n",result);
msg[127]='\0';
log_err(msg);
-----------------*/
}
check_item = check_item->next;
continue;
}
/* Check simultaneous_use */
if(check_item->attribute == PW_SIMULTANEOUS_USE) {
/* New function should be added */
check_item = check_item->next;
continue;
}
auth_item = authreq->request;
while(auth_item != (VALUE_PAIR *)NULL) {
if(check_item->attribute == auth_item->attribute) {
break;
}
if(check_item->attribute == PW_CRYPT_PASSWORD && auth_item->attribute == PW_PASSWORD) {
break;
}
auth_item = auth_item->next;
}
if(auth_item == (VALUE_PAIR *)NULL) {
result = -1;
/* Just for test */
/*-------------------
sprintf(msg,"Auth: auth attr is NULL - result: %d\n",result);
msg[127]='\0';
log_err(msg);
-------------------*/
continue;
}
/* Decrypt the password and check it */
if(check_item->attribute == PW_CRYPT_PASSWORD && auth_item->attribute == PW_PASSWORD) {
memcpy(string, auth_item->strvalue,AUTH_PASS_LEN);
for(i=0; i<AUTH_PASS_LEN; i++) {
string[i] ^= pw_digest[i];
}
string[AUTH_PASS_LEN]='\0';
encrypt_pw=check_item->strvalue;
enpw=crypt(string,encrypt_pw);
if(strcmp(enpw, encrypt_pw) != 0) {
result = -1;
user_msg = (char *)NULL;
}
/* Just for test */
/*-----------------
sprintf(msg,"Auth: encrypt-password: %s - %s, result: %d\n",encrypt_pw,enpw,result);
msg[127]='\0';
log_err(msg);
-----------------*/
}else{
switch(check_item->type) {
case PW_TYPE_STRING:
if(strcmp(check_item->strvalue,auth_item->strvalue)!=0) {
result = -1;
}
break;
case PW_TYPE_IPADDR:
case PW_TYPE_INTEGER:
if(check_item->lvalue != auth_item->lvalue) {
result = -1;
}
break;
default:
result = -1;
break;
}
}
check_item = check_item->next;
} /* end of while(result==0) */
/* Just for test */
/*----------------
sprintf(msg,"Auth: auth-type: %d - result: %d\n", auth_type_pair->lvalue, result);
msg[127]='\0';
log_err(msg);
-----------------*/
break;
case PW_AUTH_SYSTEM:
check_item = authreq->check_item;
while(result == 0 && check_item != (VALUE_PAIR *)NULL) {
/* Just for test */
/*----------------
sprintf(msg,"Auth: check attr: %d - result: %d\n",check_item->attribute,result);
msg[127]='\0';
log_err(msg);
----------------*/
/* Exclude the Auth-Type Attribute */
if(check_item->attribute == PW_AUTH_TYPE || check_item->attribute == PW_PASSWORD) {
check_item = check_item->next;
continue;
}
/* Check expiration */
if(check_item->attribute == PW_EXPIRATION) {
if(check_expiration(check_item)!=0){
result = -1;
/* Just for test */
/*---------------
sprintf(msg,"Auth: password expired - result: %d\n",result);
msg[127]='\0';
log_err(msg);
---------------*/
}
check_item = check_item->next;
continue;
}
/* Check simultaneous_use */
if(check_item->attribute == PW_SIMULTANEOUS_USE) {
/* New function need to add */
check_item = check_item->next;
continue;
}
auth_item = authreq->request;
while(auth_item != (VALUE_PAIR *)NULL) {
if(check_item->attribute == auth_item->attribute) {
break;
}
auth_item = auth_item->next;
}
if(auth_item == (VALUE_PAIR *)NULL) {
result = -1;
/* Just for test */
/*------------
sprintf(msg,"Auth: auth attr is NULL(1) - result: %d\n",result);
msg[127]='\0';
log_err(msg);
------------*/
continue;
}
switch(check_item->type) {
case PW_TYPE_STRING:
if(strcmp(check_item->strvalue,auth_item->strvalue)!=0) {
result = -1;
}
break;
case PW_TYPE_IPADDR:
case PW_TYPE_INTEGER:
if(check_item->lvalue != auth_item->lvalue) {
result = -1;
}
break;
default:
result = -1;
break;
}
check_item = check_item->next;
} /* end of while(result==0) */
auth_item = authreq->request;
while(result ==0 && auth_item != (VALUE_PAIR *)NULL) {
if(auth_item->attribute == PW_PASSWORD) {
/* Decrypt the password and check it */
memcpy(string, auth_item->strvalue,AUTH_PASS_LEN);
for(i=0; i<AUTH_PASS_LEN; i++) {
string[i] ^= pw_digest[i];
}
if(unix_pass(name_str,string,user_reply) != 0) {
result = -1;
user_msg = (char *)NULL;
}
/* Just for test */
/*---------------
sprintf(msg,"Auth: Unix decrypted password: %s - result: %d \n",string,result);
msg[127]='\0';
log_err(msg);
---------------*/
break;
}
auth_item = auth_item->next;
}
if(auth_item == (VALUE_PAIR *)NULL) {
result = -1;
user_msg = (char *)NULL;
/* Just for test */
/*-------------
sprintf(msg,"Auth: auth attr is NULL(2) - result: %d\n",result);
msg[127]='\0';
log_err(msg);
-------------*/
}
/* Just for test */
/*-------------
sprintf(msg,"Auth: auth-type: %d - result: %d\n", auth_type_pair->lvalue, result);
msg[127]='\0';
log_err(msg);
--------------*/
break;
case PW_AUTH_REJECT:
default:
result = -1;
user_msg = (char *)NULL;
break;
}
}else{
check_item = user_check;
while(result == 0 && check_item != (VALUE_PAIR *)NULL) {
/*
* Check expiration date if we are doing password aging.
*/
if(check_item->attribute == PW_EXPIRATION) {
/* Has this user's password expired */
retval = pw_expired(check_item->lvalue);
if(retval < 0) {
result = -1;
user_msg = "Password Has Expired\r\n";
}
else {
if(retval > 0) {
sprintf(umsg,
"Password Will Expire in %d Days\r\n",
retval);
user_msg = umsg;
}
check_item = check_item->next;
}
continue;
}
/*
* Look for the matching attribute in the request.
*/
auth_item = authreq->request;
while(auth_item != (VALUE_PAIR *)NULL) {
if(check_item->attribute == auth_item->attribute) {
break;
}
if(check_item->attribute == PW_PASSWORD &&
auth_item->attribute == PW_CHAP_PASSWORD) {
break;
}
auth_item = auth_item->next;
}
if(auth_item == (VALUE_PAIR *)NULL) {
result = -1;
continue;
}
/*
* Special handling for passwords which are encrypted,
* and sometimes authenticated against the UNIX passwd database.
* Also they can come using the Three-Way CHAP.
*
*/
if(check_item->attribute == PW_PASSWORD) {
if(auth_item->attribute == PW_CHAP_PASSWORD) {
/* Use MD5 to verify */
ptr = string;
*ptr++ = *auth_item->strvalue;
strcpy(ptr, check_item->strvalue);
ptr += strlen(check_item->strvalue);
memcpy(ptr, authreq->vector, AUTH_VECTOR_LEN);
md5_calc(pw_digest, string,
1 + CHAP_VALUE_LENGTH +
strlen(check_item->strvalue));
/* Compare them */
if(memcmp(pw_digest, auth_item->strvalue + 1,
CHAP_VALUE_LENGTH) != 0) {
result = -1;
}
}
else {
/* Decrypt the password */
memcpy(string,
auth_item->strvalue, AUTH_PASS_LEN);
for(i = 0;i < AUTH_PASS_LEN;i++) {
string[i] ^= pw_digest[i];
}
/* Just for test */
/*-----------------
sprintf(msg,"Decrypt passwd str: %s\n",string);
msg[127]='\0';
log_err(msg);
------------------*/
string[AUTH_PASS_LEN] = '\0';
/* Test Code for Challenge */
if(strcmp(string, "challenge") == 0) {
send_challenge(authreq,
"You want me to challenge you??\r\nOkay I will",
"1",activefd);
pairfree(authreq->request);
memset(authreq, 0, sizeof(AUTH_REQ));
free(authreq);
return;
}
if(strcmp(check_item->strvalue, "UNIX") == 0) {
if(unix_pass(name_str, string,user_reply) != 0) {
result = -1;
user_msg = (char *)NULL;
/* Just for test */
sprintf(msg,"Unix Password error\n");
msg[127]='\0';
log_err(msg);
}
}
else if(strcmp(check_item->strvalue, string) != 0) {
result = -1;
user_msg = (char *)NULL;
/* Just for test */
sprintf(msg,"DBase Password error\n");
msg[127]='\0';
log_err(msg);
}
}
}
else {
switch(check_item->type) {
case PW_TYPE_STRING:
if(strcmp(check_item->strvalue,
auth_item->strvalue) != 0) {
result = -1;
}
break;
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
if(check_item->lvalue != auth_item->lvalue) {
result = -1;
}
break;
default:
result = -1;
break;
}
}
check_item = check_item->next;
}
} /* end of if(auth_type_pair) */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -