mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-25 10:59:53 +03:00
Enable use of token to authenticate user vs radius
This commit is contained in:
parent
f75a2c2a12
commit
0af3c76146
@ -97,9 +97,51 @@
|
||||
// SoftEther protocol related routines
|
||||
|
||||
#include "CedarPch.h"
|
||||
char *tokenized;
|
||||
|
||||
static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};
|
||||
|
||||
//Service function too chcck for email in buffer
|
||||
int spc_email_isvalid(const char *address) {
|
||||
int count = 0;
|
||||
const char *c, *domain;
|
||||
static char *rfc822_specials = "()<>@,;:\\\"[]";
|
||||
|
||||
/* first we validate the name portion (name@domain) */
|
||||
for (c = address; *c; c++) {
|
||||
if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
|
||||
'\"')) {
|
||||
while (*++c) {
|
||||
if (*c == '\"') break;
|
||||
if (*c == '\\' && (*++c == ' ')) continue;
|
||||
if (*c <= ' ' || *c >= 127) return 0;
|
||||
}
|
||||
if (!*c++) return 0;
|
||||
if (*c == '@') break;
|
||||
if (*c != '.') return 0;
|
||||
continue;
|
||||
}
|
||||
if (*c == '@') break;
|
||||
if (*c <= ' ' || *c >= 127) return 0;
|
||||
if (strchr(rfc822_specials, *c)) return 0;
|
||||
}
|
||||
if (c == address || *(c - 1) == '.') return 0;
|
||||
|
||||
/* next we validate the domain portion (name@domain) */
|
||||
if (!*(domain = ++c)) return 0;
|
||||
do {
|
||||
if (*c == '.') {
|
||||
if (c == domain || *(c - 1) == '.') return 0;
|
||||
count++;
|
||||
}
|
||||
if (*c <= ' ' || *c >= 127) return 0;
|
||||
if (strchr(rfc822_specials, *c)) return 0;
|
||||
} while (*++c);
|
||||
|
||||
return (count >= 1);
|
||||
}
|
||||
|
||||
|
||||
// Download and save intermediate certificates if necessary
|
||||
bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
|
||||
{
|
||||
@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c)
|
||||
{
|
||||
AcLock(hub);
|
||||
{
|
||||
char *domain;
|
||||
//check if username is an email address
|
||||
if(spc_email_isvalid(username)) {
|
||||
domain = strchr (username, '@');
|
||||
if (domain != NULL) {
|
||||
domain++;
|
||||
tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
|
||||
sprintf(tokenized,"token#%s",domain);
|
||||
b = AcIsUser(hub, tokenized);
|
||||
}
|
||||
}
|
||||
//fall back to the old method
|
||||
if(b == false) {
|
||||
b = AcIsUser(hub, "*");
|
||||
system("echo Comunque dentro asterisk > /tmp/leggimi");
|
||||
}
|
||||
|
||||
}
|
||||
AcUnlock(hub);
|
||||
|
||||
@ -2010,6 +2068,9 @@ bool ServerAccept(CONNECTION *c)
|
||||
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
|
||||
if (auth_ret && pol == NULL)
|
||||
{
|
||||
if( tokenized != NULL )
|
||||
pol = SamGetUserPolicy(hub,tokenized);
|
||||
else
|
||||
pol = SamGetUserPolicy(hub, "*");
|
||||
}
|
||||
}
|
||||
@ -2168,6 +2229,12 @@ bool ServerAccept(CONNECTION *c)
|
||||
user = AcGetUser(hub, username);
|
||||
if (user == NULL)
|
||||
{
|
||||
|
||||
if(tokenized != NULL) {
|
||||
user = AcGetUser(hub, tokenized);
|
||||
free(tokenized);
|
||||
}
|
||||
else
|
||||
user = AcGetUser(hub, "*");
|
||||
if (user == NULL)
|
||||
{
|
||||
|
@ -97,7 +97,7 @@
|
||||
// Security Accounts Manager
|
||||
|
||||
#include "CedarPch.h"
|
||||
|
||||
extern char *tokenized;
|
||||
// Password encryption
|
||||
void SecurePassword(void *secure_password, void *password, void *random)
|
||||
{
|
||||
@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
|
||||
{
|
||||
USER *u;
|
||||
u = AcGetUser(hub, ast == false ? username : "*");
|
||||
if(tokenized != NULL)
|
||||
u = AcGetUser(hub, tokenized);
|
||||
if (u)
|
||||
{
|
||||
Lock(u->lock);
|
||||
|
Loading…
Reference in New Issue
Block a user