From 0af3c76146cc782bf6748731934849ded63cee77 Mon Sep 17 00:00:00 2001
From: Andrea Lora <quivalen@gmail.com>
Date: Sun, 15 Jun 2014 01:38:07 +0200
Subject: [PATCH 1/3] Enable use of token to authenticate user vs radius

---
 src/Cedar/Protocol.c | 73 ++++++++++++++++++++++++++++++++++++++++++--
 src/Cedar/Sam.c      |  4 ++-
 2 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c
index 410d7f8f..0fbdcc08 100644
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@@ -97,9 +97,51 @@
 // SoftEther protocol related routines
 
 #include "CedarPch.h"
+char *tokenized;
 
 static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};
 
+//Service function too chcck for email in buffer
+int spc_email_isvalid(const char *address) {
+  int        count = 0;
+  const char *c, *domain;
+  static char *rfc822_specials = "()<>@,;:\\\"[]";
+
+  /* first we validate the name portion (name@domain) */
+  for (c = address;  *c;  c++) {
+    if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
+        '\"')) {
+      while (*++c) {
+        if (*c == '\"') break;
+        if (*c == '\\' && (*++c == ' ')) continue;
+        if (*c <= ' ' || *c >= 127) return 0;
+      }
+      if (!*c++) return 0;
+      if (*c == '@') break;
+      if (*c != '.') return 0;
+      continue;
+    }
+    if (*c == '@') break;
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+  }
+  if (c == address || *(c - 1) == '.') return 0;
+
+  /* next we validate the domain portion (name@domain) */
+  if (!*(domain = ++c)) return 0;
+  do {
+    if (*c == '.') {
+      if (c == domain || *(c - 1) == '.') return 0;
+      count++;
+    }
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+  } while (*++c);
+
+  return (count >= 1);
+}
+
+
 // Download and save intermediate certificates if necessary
 bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
 {
@@ -2000,7 +2042,23 @@ bool ServerAccept(CONNECTION *c)
 							{
 								AcLock(hub);
 								{
-									b = AcIsUser(hub, "*");
+									char *domain;
+									//check if username is an  email address
+									if(spc_email_isvalid(username)) {
+										domain = strchr (username, '@');
+										if (domain != NULL) {
+											domain++;
+										        tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
+										        sprintf(tokenized,"token#%s",domain);
+                                                                                        b = AcIsUser(hub, tokenized);
+										}
+									}
+									//fall back to the old method
+									if(b == false) {
+										b = AcIsUser(hub, "*");
+                                                                               system("echo Comunque dentro asterisk > /tmp/leggimi");
+								}
+										
 								}
 								AcUnlock(hub);
 
@@ -2010,7 +2068,10 @@ bool ServerAccept(CONNECTION *c)
 									auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
 									if (auth_ret && pol == NULL)
 									{
-										pol = SamGetUserPolicy(hub, "*");
+										if( tokenized != NULL ) 
+											pol = SamGetUserPolicy(hub,tokenized);
+										else
+											pol = SamGetUserPolicy(hub, "*");
 									}
 								}
 							}
@@ -2168,7 +2229,13 @@ bool ServerAccept(CONNECTION *c)
 					user = AcGetUser(hub, username);
 					if (user == NULL)
 					{
-						user = AcGetUser(hub, "*");
+						
+						if(tokenized != NULL) {
+							user = AcGetUser(hub, tokenized);
+							free(tokenized);
+						}
+						else
+							user = AcGetUser(hub, "*");
 						if (user == NULL)
 						{
 							// User acquisition failure
diff --git a/src/Cedar/Sam.c b/src/Cedar/Sam.c
index 7520e40a..5a45364c 100644
--- a/src/Cedar/Sam.c
+++ b/src/Cedar/Sam.c
@@ -97,7 +97,7 @@
 // Security Accounts Manager
 
 #include "CedarPch.h"
-
+extern char *tokenized;
 // Password encryption
 void SecurePassword(void *secure_password, void *password, void *random)
 {
@@ -186,6 +186,8 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 	{
 		USER *u;
 		u = AcGetUser(hub, ast == false ? username : "*");
+		if(tokenized != NULL)
+			u = AcGetUser(hub, tokenized);	
 		if (u)
 		{
 			Lock(u->lock);

From 4c0251143057558de11a9c28434e22d01d589ffb Mon Sep 17 00:00:00 2001
From: Andrea Lora <quivalen@gmail.com>
Date: Sun, 15 Jun 2014 02:25:42 +0200
Subject: [PATCH 2/3] Fixes compatibilty with legacy asterisk user Deleted ugly
 system line

---
 src/Cedar/Protocol.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c
index 0fbdcc08..38dac652 100644
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@@ -2043,6 +2043,7 @@ bool ServerAccept(CONNECTION *c)
 								AcLock(hub);
 								{
 									char *domain;
+									tokenized=NULL;
 									//check if username is an  email address
 									if(spc_email_isvalid(username)) {
 										domain = strchr (username, '@');
@@ -2051,12 +2052,16 @@ bool ServerAccept(CONNECTION *c)
 										        tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
 										        sprintf(tokenized,"token#%s",domain);
                                                                                         b = AcIsUser(hub, tokenized);
+											if(b == false) {
+												free(tokenized);
+												tokenized=NULL;
+											}
+											
 										}
 									}
 									//fall back to the old method
 									if(b == false) {
 										b = AcIsUser(hub, "*");
-                                                                               system("echo Comunque dentro asterisk > /tmp/leggimi");
 								}
 										
 								}

From 6433e53290313a1662fcb14f5dac9347870dc011 Mon Sep 17 00:00:00 2001
From: Andrea Lora <quivalen@gmail.com>
Date: Tue, 17 Jun 2014 14:47:39 +0200
Subject: [PATCH 3/3] Removed the "token" word. Now you can enable radius auth
 with #fqdn

---
 src/Cedar/Protocol.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c
index 38dac652..f091c6d0 100644
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@@ -2049,8 +2049,8 @@ bool ServerAccept(CONNECTION *c)
 										domain = strchr (username, '@');
 										if (domain != NULL) {
 											domain++;
-										        tokenized = (char*)malloc((strlen(domain)+6+1) * sizeof(char));
-										        sprintf(tokenized,"token#%s",domain);
+										        tokenized = (char*)malloc((strlen(domain)+2) * sizeof(char));
+										        sprintf(tokenized,"#%s",domain);
                                                                                         b = AcIsUser(hub, tokenized);
 											if(b == false) {
 												free(tokenized);