Enable use of token to authenticate user vs radius

2024-11-25 10:59:53 +03:00 · 2014-06-15 01:38:07 +02:00 · 2014-06-15 01:38:07 +02:00 · 0af3c76146
commit 0af3c76146
parent f75a2c2a12
2 changed files with 73 additions and 4 deletions
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@ -97,9 +97,51 @@
 // SoftEther protocol related routines
 #include "CedarPch.h"
 char *tokenized;
 static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};
 //Service function too chcck for email in buffer
 int spc_email_isvalid(const char *address) {
  int        count = 0;
  const char *c, *domain;
  static char *rfc822_specials = "()<>@,;:\\\"[]";
  /* first we validate the name portion (name@domain) */
  for (c = address;  *c;  c++) {
    if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
        '\"')) {
      while (*++c) {
        if (*c == '\"') break;
        if (*c == '\\' && (*++c == ' ')) continue;
        if (*c <= ' ' || *c >= 127) return 0;
      }
      if (!*c++) return 0;
      if (*c == '@') break;
      if (*c != '.') return 0;
      continue;
    }
    if (*c == '@') break;
    if (*c <= ' ' || *c >= 127) return 0;
    if (strchr(rfc822_specials, *c)) return 0;
  }
  if (c == address || *(c - 1) == '.') return 0;
  /* next we validate the domain portion (name@domain) */
  if (!*(domain = ++c)) return 0;
  do {
    if (*c == '.') {
      if (c == domain || *(c - 1) == '.') return 0;
      count++;
    }
    if (*c <= ' ' || *c >= 127) return 0;
    if (strchr(rfc822_specials, *c)) return 0;
  } while (*++c);
  return (count >= 1);
 }
 // Download and save intermediate certificates if necessary
 bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
 {
@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c)
 							{
 								AcLock(hub);
 								{
-									b = AcIsUser(hub, "*");
+									char *domain;
 									//check if username is an  email address
 									if(spc_email_isvalid(username)) {
 										domain = strchr (username, '@');
 										if (domain != NULL) {
 											domain++;
 										        tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
 										        sprintf(tokenized,"token#%s",domain);
                                                                                        b = AcIsUser(hub, tokenized);
 										}
 									}
 									//fall back to the old method
 									if(b == false) {
 										b = AcIsUser(hub, "*");
                                                                               system("echo Comunque dentro asterisk > /tmp/leggimi");
 								}
 								}
 								AcUnlock(hub);
@ -2010,7 +2068,10 @@ bool ServerAccept(CONNECTION *c)
 									auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
 									if (auth_ret && pol == NULL)
 									{
-										pol = SamGetUserPolicy(hub, "*");
+										if( tokenized != NULL ) 
 											pol = SamGetUserPolicy(hub,tokenized);
 										else
 											pol = SamGetUserPolicy(hub, "*");
 									}
 								}
 							}
@ -2168,7 +2229,13 @@ bool ServerAccept(CONNECTION *c)
 					user = AcGetUser(hub, username);
 					if (user == NULL)
 					{
-						user = AcGetUser(hub, "*");
+						
 						if(tokenized != NULL) {
 							user = AcGetUser(hub, tokenized);
 							free(tokenized);
 						}
 						else
 							user = AcGetUser(hub, "*");
 						if (user == NULL)
 						{
 							// User acquisition failure
--- a/src/Cedar/Sam.c
+++ b/src/Cedar/Sam.c
@ -97,7 +97,7 @@
 // Security Accounts Manager
 #include "CedarPch.h"
-
+extern char *tokenized;
 // Password encryption
 void SecurePassword(void *secure_password, void *password, void *random)
 {
@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 	{
 		USER *u;
 		u = AcGetUser(hub, ast == false ? username : "*");
 		if(tokenized != NULL)
 			u = AcGetUser(hub, tokenized);	
 		if (u)
 		{
 			Lock(u->lock);