AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 10:59:53 +03:00
Code Releases Activity

Enable use of token to authenticate user vs radius

Browse Source
This commit is contained in:
Andrea Lora 2014-06-15 01:38:07 +02:00
parent f75a2c2a12
commit 0af3c76146
2 changed files with 73 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/Cedar/Protocol.c
View File

@ -97,9 +97,51 @@
// SoftEther protocol related routines // SoftEther protocol related routines
#include "CedarPch.h" #include "CedarPch.h"
char *tokenized;
static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00}; static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};
//Service function too chcck for email in buffer
int spc_email_isvalid(const char *address) {
int count = 0;
const char *c, *domain;
static char *rfc822_specials = "()<>@,;:\\\"[]";
/* first we validate the name portion (name@domain) */
for (c = address; *c; c++) {
if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
'\"')) {
while (*++c) {
if (*c == '\"') break;
if (*c == '\\' && (*++c == ' ')) continue;
if (*c <= ' ' || *c >= 127) return 0;
}
if (!*c++) return 0;
if (*c == '@') break;
if (*c != '.') return 0;
continue;
}
if (*c == '@') break;
if (*c <= ' ' || *c >= 127) return 0;
if (strchr(rfc822_specials, *c)) return 0;
}
if (c == address || *(c - 1) == '.') return 0;
/* next we validate the domain portion (name@domain) */
if (!*(domain = ++c)) return 0;
do {
if (*c == '.') {
if (c == domain || *(c - 1) == '.') return 0;
count++;
}
if (*c <= ' ' || *c >= 127) return 0;
if (strchr(rfc822_specials, *c)) return 0;
} while (*++c);
return (count >= 1);
}
// Download and save intermediate certificates if necessary // Download and save intermediate certificates if necessary
bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x) bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
{ {
@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c)
{ {
AcLock(hub); AcLock(hub);
{ {
char *domain;
//check if username is an email address
if(spc_email_isvalid(username)) {
domain = strchr (username, '@');
if (domain != NULL) {
domain++;
tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
sprintf(tokenized,"token#%s",domain);
b = AcIsUser(hub, tokenized);
}
}
//fall back to the old method
if(b == false) {
b = AcIsUser(hub, "*"); b = AcIsUser(hub, "*");
system("echo Comunque dentro asterisk > /tmp/leggimi");
}
} }
AcUnlock(hub); AcUnlock(hub);
@ -2010,6 +2068,9 @@ bool ServerAccept(CONNECTION *c)
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20); auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
if (auth_ret && pol == NULL) if (auth_ret && pol == NULL)
{ {
if( tokenized != NULL )
pol = SamGetUserPolicy(hub,tokenized);
else
pol = SamGetUserPolicy(hub, "*"); pol = SamGetUserPolicy(hub, "*");
} }
} }
@ -2168,6 +2229,12 @@ bool ServerAccept(CONNECTION *c)
user = AcGetUser(hub, username); user = AcGetUser(hub, username);
if (user == NULL) if (user == NULL)
{ {
if(tokenized != NULL) {
user = AcGetUser(hub, tokenized);
free(tokenized);
}
else
user = AcGetUser(hub, "*"); user = AcGetUser(hub, "*");
if (user == NULL) if (user == NULL)
{ {

4
src/Cedar/Sam.c
View File

@ -97,7 +97,7 @@
// Security Accounts Manager // Security Accounts Manager
#include "CedarPch.h" #include "CedarPch.h"
extern char *tokenized;
// Password encryption // Password encryption
void SecurePassword(void *secure_password, void *password, void *random) void SecurePassword(void *secure_password, void *password, void *random)
{ {
@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
{ {
USER *u; USER *u;
u = AcGetUser(hub, ast == false ? username : "*"); u = AcGetUser(hub, ast == false ? username : "*");
if(tokenized != NULL)
u = AcGetUser(hub, tokenized);
if (u) if (u)
{ {
Lock(u->lock); Lock(u->lock);