int radius_auth_new ( char * username, char * password )
{
int ret1, ret2;
printf ( "master = %d, slave = %d\n", master, slave );
/* Server did not respond */
if ( ( ret1 = radius_auth( username, password, radius_address[master], radius_port[master], radius_secret[master] ) ) == 0 )
{
kill( getppid(), 37 );
printf ( "[RADIUS CLIENT] Radius authentication master server %s did not respond to authentication requests!\n", radius_address[master] );
printf ( "[RADIUS CLIENT] Use radius authentication slave server %s .\n", radius_address[slave] );
ret2 = radius_auth( username, password, radius_address[slave], radius_port[slave], radius_secret[slave] );
if ( ret2 == 0 )
{
printf ( "[RADIUS CLIENT] Radius authentication slave server %s did not respond to authentication requests!\n", radius_address[slave] );
return 0;
}
else if ( ret2 == 2 )
{
return 2;
}
else if ( ret2 == 3 )
{
return 3;
}
else
{
return 1;
}
}
/* Success */
else if ( ret1 == 2 )
{
return 2;
}
/* Invalid username or password */
else if ( ret1 == 3 )
{
return 3;
}
/* Unknow error */
else
{
return 1;
}
}
/* Authenticate/authorize */
static int
radius_pap_auth(char *t_user, char *t_passwd, char **t_msgp,
struct wordlist **t_paddrs, struct wordlist **t_popts)
{
int ret;
struct radius_attrib *attriblist;
if (!use_radius) {
if (prev_pap_auth_hook)
return prev_pap_auth_hook(t_user, t_passwd, t_msgp,
t_paddrs, t_popts);
else
return -1;
}
*t_msgp = "Login failed";
if (radius_server == -1) {
error("RADIUS: server not found");
return 0;
}
attriblist = NULL;
if (!radius_add_attrib(
&attriblist, PW_VENDOR_NONE, PW_USER_NAME,
0, t_user, strlen(t_user))) {
radius_free_attrib(attriblist);
return 0;
}
if (!radius_add_attrib(
&attriblist, PW_VENDOR_NONE, PW_PASSWORD,
0, t_passwd, strlen(t_passwd))) {
radius_free_attrib(attriblist);
return 0;
}
ret = radius_auth(&attriblist, NULL);
if (ret > 0)
*t_msgp = "Login ok";
radius_free_attrib(attriblist);
return ret;
}
static int
radius_chap_auth(char *user, u_char *remmd, int remmd_len, chap_state *cstate)
{
struct radius_attrib *attriblist;
u_char chap_password[MAX_RESPONSE_LENGTH+1], *p;
int code = CHAP_SUCCESS;
if (!use_radius) {
if (prev_chap_auth_hook)
return prev_chap_auth_hook(user, remmd, remmd_len, cstate);
else
return -1;
}
if (radius_server == -1) {
error("RADIUS: server not found");
return CHAP_FAILURE;
}
attriblist = NULL;
if (!radius_add_attrib(
&attriblist, PW_VENDOR_NONE, PW_USER_NAME,
0, user, strlen(user)))
goto error;
switch (cstate->chal_type) {
case CHAP_DIGEST_MD5:
if (remmd_len != MD5_SIGNATURE_SIZE) {
error("RADIUS: invalid CHAP response length '%d'",
remmd_len);
goto error;
}
if (!radius_add_attrib(
&attriblist, PW_VENDOR_NONE, PW_CHAP_CHALLENGE,
0, cstate->challenge, cstate->chal_len))
goto error;
p = chap_password;
*p++ = cstate->chal_id;
memcpy(p, remmd, remmd_len);
if (!radius_add_attrib(
&attriblist, PW_VENDOR_NONE, PW_CHAP_PASSWORD,
0, chap_password, remmd_len+1))
goto error;
break;
#ifdef CHAPMS
case CHAP_MICROSOFT: {
MS_ChapResponse *response = (MS_ChapResponse *)remmd;
if (remmd_len != MS_CHAP_RESPONSE_LEN) {
error("RADIUS: invalid MSCHAP response length '%d'",
remmd_len);
goto error;
}
if (!radius_add_attrib(
&attriblist, PW_VENDOR_MICROSOFT, PW_MS_CHAP_CHALLENGE,
0, cstate->challenge, cstate->chal_len))
goto error;
p = chap_password;
*p++ = cstate->chal_id;
*p++ = response->UseNT;
memcpy(p, response->LANManResp, sizeof(response->LANManResp));
p += sizeof(response->LANManResp);
memcpy(p, response->NTResp, sizeof(response->NTResp));
p += sizeof(response->NTResp);
if (!radius_add_attrib(
&attriblist, PW_VENDOR_MICROSOFT, PW_MS_CHAP_RESPONSE,
0, chap_password, p-chap_password))
goto error;
break;
}
case CHAP_MICROSOFT_V2: {
MS_ChapResponse_v2 *response = (MS_ChapResponse_v2 *)remmd;
if (remmd_len != MS_CHAP_RESPONSE_LEN) {
error("RADIUS: invalid MSCHAPv2 response length '%d'",
remmd_len);
goto error;
}
if (!radius_add_attrib(
&attriblist, PW_VENDOR_MICROSOFT, PW_MS_CHAP_CHALLENGE,
0, cstate->challenge, cstate->chal_len))
goto error;
p = chap_password;
*p++ = cstate->chal_id;
*p++ = 0;
memcpy(p, response->PeerChallenge, sizeof(response->PeerChallenge));
p += sizeof(response->PeerChallenge);
memset(p, 0, sizeof(response->Reserved));
p += sizeof(response->Reserved);
memcpy(p, response->NTResp, sizeof(response->NTResp));
p += sizeof(response->NTResp);
if (!radius_add_attrib(
&attriblist, PW_VENDOR_MICROSOFT, PW_MS_CHAP2_RESPONSE,
0, chap_password, p-chap_password)) {
goto error;
}
code = CHAP_SUCCESS_R;
break;
}
#endif
default:
error("RADIUS: unsupported challenge type '%d'",
cstate->chal_type);
goto error;
}
if (radius_auth(&attriblist, cstate) == 1) {
radius_free_attrib(attriblist);
return code;
}
error:
radius_free_attrib(attriblist);
return CHAP_FAILURE;
}
