Enable use of token to authenticate user vs radius

2024-11-25 02:49:52 +03:00 · 2014-06-15 01:38:07 +02:00 · 2014-06-15 01:38:07 +02:00 · 0af3c76146
commit 0af3c76146
parent f75a2c2a12
2 changed files with 73 additions and 4 deletions
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@ -97,9 +97,51 @@
 // SoftEther protocol related routines

 #include "CedarPch.h"
+char *tokenized;

 static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};

+//Service function too chcck for email in buffer
+int spc_email_isvalid(const char *address) {
+  int        count = 0;
+  const char *c, *domain;
+  static char *rfc822_specials = "()<>@,;:\\\"[]";
+
+  /* first we validate the name portion (name@domain) */
+  for (c = address;  *c;  c++) {
+    if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
+        '\"')) {
+      while (*++c) {
+        if (*c == '\"') break;
+        if (*c == '\\' && (*++c == ' ')) continue;
+        if (*c <= ' ' || *c >= 127) return 0;
+      }
+      if (!*c++) return 0;
+      if (*c == '@') break;
+      if (*c != '.') return 0;
+      continue;
+    }
+    if (*c == '@') break;
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+  }
+  if (c == address || *(c - 1) == '.') return 0;
+
+  /* next we validate the domain portion (name@domain) */
+  if (!*(domain = ++c)) return 0;
+  do {
+    if (*c == '.') {
+      if (c == domain || *(c - 1) == '.') return 0;
+      count++;
+    }
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+  } while (*++c);
+
+  return (count >= 1);
+}
+
+
 // Download and save intermediate certificates if necessary
 bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
 {
@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c)
 							{
 								AcLock(hub);
 								{
-									b = AcIsUser(hub, "*");
+									char *domain;
+									//check if username is an  email address
+									if(spc_email_isvalid(username)) {
+										domain = strchr (username, '@');
+										if (domain != NULL) {
+											domain++;
+										        tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
+										        sprintf(tokenized,"token#%s",domain);
+                                                                                        b = AcIsUser(hub, tokenized);
+										}
+									}
+									//fall back to the old method
+									if(b == false) {
+										b = AcIsUser(hub, "*");
+                                                                               system("echo Comunque dentro asterisk > /tmp/leggimi");
+								}
+										
 								}
 								AcUnlock(hub);

@ -2010,7 +2068,10 @@ bool ServerAccept(CONNECTION *c)
 									auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
 									if (auth_ret && pol == NULL)
 									{
-										pol = SamGetUserPolicy(hub, "*");
+										if( tokenized != NULL ) 
+											pol = SamGetUserPolicy(hub,tokenized);
+										else
+											pol = SamGetUserPolicy(hub, "*");
 									}
 								}
 							}
@ -2168,7 +2229,13 @@ bool ServerAccept(CONNECTION *c)
 					user = AcGetUser(hub, username);
 					if (user == NULL)
 					{
-						user = AcGetUser(hub, "*");
+						
+						if(tokenized != NULL) {
+							user = AcGetUser(hub, tokenized);
+							free(tokenized);
+						}
+						else
+							user = AcGetUser(hub, "*");
 						if (user == NULL)
 						{
 							// User acquisition failure
--- a/src/Cedar/Sam.c
+++ b/src/Cedar/Sam.c
@ -97,7 +97,7 @@
 // Security Accounts Manager

 #include "CedarPch.h"
-
+extern char *tokenized;
 // Password encryption
 void SecurePassword(void *secure_password, void *password, void *random)
 {
@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 	{
 		USER *u;
 		u = AcGetUser(hub, ast == false ? username : "*");
+		if(tokenized != NULL)
+			u = AcGetUser(hub, tokenized);	
 		if (u)
 		{
 			Lock(u->lock);