From 0af3c76146cc782bf6748731934849ded63cee77 Mon Sep 17 00:00:00 2001 From: Andrea Lora Date: Sun, 15 Jun 2014 01:38:07 +0200 Subject: [PATCH] Enable use of token to authenticate user vs radius --- src/Cedar/Protocol.c | 73 ++++++++++++++++++++++++++++++++++++++++++-- src/Cedar/Sam.c | 4 ++- 2 files changed, 73 insertions(+), 4 deletions(-) diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index 410d7f8f..0fbdcc08 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -97,9 +97,51 @@ // SoftEther protocol related routines #include "CedarPch.h" +char *tokenized; static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00}; +//Service function too chcck for email in buffer +int spc_email_isvalid(const char *address) { + int count = 0; + const char *c, *domain; + static char *rfc822_specials = "()<>@,;:\\\"[]"; + + /* first we validate the name portion (name@domain) */ + for (c = address; *c; c++) { + if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) == + '\"')) { + while (*++c) { + if (*c == '\"') break; + if (*c == '\\' && (*++c == ' ')) continue; + if (*c <= ' ' || *c >= 127) return 0; + } + if (!*c++) return 0; + if (*c == '@') break; + if (*c != '.') return 0; + continue; + } + if (*c == '@') break; + if (*c <= ' ' || *c >= 127) return 0; + if (strchr(rfc822_specials, *c)) return 0; + } + if (c == address || *(c - 1) == '.') return 0; + + /* next we validate the domain portion (name@domain) */ + if (!*(domain = ++c)) return 0; + do { + if (*c == '.') { + if (c == domain || *(c - 1) == '.') return 0; + count++; + } + if (*c <= ' ' || *c >= 127) return 0; + if (strchr(rfc822_specials, *c)) return 0; + } while (*++c); + + return (count >= 1); +} + + // Download and save intermediate certificates if necessary bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x) { @@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c) { AcLock(hub); { - b = AcIsUser(hub, "*"); + char *domain; + //check if username is an email address + if(spc_email_isvalid(username)) { + domain = strchr (username, '@'); + if (domain != NULL) { + domain++; + tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char)); + sprintf(tokenized,"token#%s",domain); + b = AcIsUser(hub, tokenized); + } + } + //fall back to the old method + if(b == false) { + b = AcIsUser(hub, "*"); + system("echo Comunque dentro asterisk > /tmp/leggimi"); + } + } AcUnlock(hub); @@ -2010,7 +2068,10 @@ bool ServerAccept(CONNECTION *c) auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20); if (auth_ret && pol == NULL) { - pol = SamGetUserPolicy(hub, "*"); + if( tokenized != NULL ) + pol = SamGetUserPolicy(hub,tokenized); + else + pol = SamGetUserPolicy(hub, "*"); } } } @@ -2168,7 +2229,13 @@ bool ServerAccept(CONNECTION *c) user = AcGetUser(hub, username); if (user == NULL) { - user = AcGetUser(hub, "*"); + + if(tokenized != NULL) { + user = AcGetUser(hub, tokenized); + free(tokenized); + } + else + user = AcGetUser(hub, "*"); if (user == NULL) { // User acquisition failure diff --git a/src/Cedar/Sam.c b/src/Cedar/Sam.c index 7520e40a..5a45364c 100644 --- a/src/Cedar/Sam.c +++ b/src/Cedar/Sam.c @@ -97,7 +97,7 @@ // Security Accounts Manager #include "CedarPch.h" - +extern char *tokenized; // Password encryption void SecurePassword(void *secure_password, void *password, void *random) { @@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p { USER *u; u = AcGetUser(hub, ast == false ? username : "*"); + if(tokenized != NULL) + u = AcGetUser(hub, tokenized); if (u) { Lock(u->lock);