mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
Additional data are passed only to auth module's global_init
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -121,8 +121,7 @@ static void get_name(struct gssapi_ctx_st *pctx, gss_name_t client, gss_OID mech
|
||||
return;
|
||||
}
|
||||
|
||||
static int gssapi_auth_init(void **ctx, void *pool, const char *spnego, const char *ip,
|
||||
void *additional)
|
||||
static int gssapi_auth_init(void **ctx, void *pool, const char *spnego, const char *ip)
|
||||
{
|
||||
struct gssapi_ctx_st *pctx;
|
||||
OM_uint32 minor, flags, time;
|
||||
|
||||
@@ -155,7 +155,7 @@ wait:
|
||||
}
|
||||
}
|
||||
|
||||
static int pam_auth_init(void** ctx, void *pool, const char* user, const char* ip, void* additional)
|
||||
static int pam_auth_init(void** ctx, void *pool, const char* user, const char* ip)
|
||||
{
|
||||
int pret;
|
||||
struct pam_ctx_st * pctx;
|
||||
|
||||
@@ -42,11 +42,23 @@ struct plain_ctx_st {
|
||||
char *groupnames[MAX_GROUPS];
|
||||
unsigned groupnames_size;
|
||||
|
||||
const char *passwd; /* password file */
|
||||
const char *pass_msg;
|
||||
unsigned retries;
|
||||
};
|
||||
|
||||
static char *password_file = NULL;
|
||||
|
||||
static void plain_global_init(void *pool, void *additional)
|
||||
{
|
||||
password_file = talloc_strdup(pool, (char*)additional);
|
||||
if (password_file == NULL) {
|
||||
fprintf(stderr, "memory error\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* Breaks a list of "xxx", "yyy", to a character array, of
|
||||
* MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
|
||||
*/
|
||||
@@ -112,11 +124,11 @@ static int read_auth_pass(struct plain_ctx_st *pctx)
|
||||
char *p, *sp;
|
||||
int ret;
|
||||
|
||||
fp = fopen(pctx->passwd, "r");
|
||||
fp = fopen(password_file, "r");
|
||||
if (fp == NULL) {
|
||||
syslog(LOG_AUTH,
|
||||
"error in plain authentication; cannot open: %s",
|
||||
pctx->passwd);
|
||||
password_file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -161,8 +173,7 @@ static int read_auth_pass(struct plain_ctx_st *pctx)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int plain_auth_init(void **ctx, void *pool, const char *username, const char *ip,
|
||||
void *additional)
|
||||
static int plain_auth_init(void **ctx, void *pool, const char *username, const char *ip)
|
||||
{
|
||||
struct plain_ctx_st *pctx;
|
||||
int ret;
|
||||
@@ -178,7 +189,6 @@ static int plain_auth_init(void **ctx, void *pool, const char *username, const c
|
||||
return ERR_AUTH_FAIL;
|
||||
|
||||
strlcpy(pctx->username, username, sizeof(pctx->username));
|
||||
pctx->passwd = additional;
|
||||
pctx->pass_msg = pass_msg_first;
|
||||
|
||||
ret = read_auth_pass(pctx);
|
||||
@@ -360,6 +370,7 @@ static void plain_group_list(void *pool, void *additional, char ***groupname, un
|
||||
|
||||
const struct auth_mod_st plain_auth_funcs = {
|
||||
.type = AUTH_TYPE_PLAIN | AUTH_TYPE_USERNAME_PASS,
|
||||
.global_init = plain_global_init,
|
||||
.auth_init = plain_auth_init,
|
||||
.auth_deinit = plain_auth_deinit,
|
||||
.auth_msg = plain_auth_msg,
|
||||
|
||||
@@ -61,8 +61,7 @@ static void radius_global_deinit()
|
||||
rc_destroy(rh);
|
||||
}
|
||||
|
||||
static int radius_auth_init(void **ctx, void *pool, const char *username, const char *ip,
|
||||
void *additional)
|
||||
static int radius_auth_init(void **ctx, void *pool, const char *username, const char *ip)
|
||||
{
|
||||
struct radius_ctx_st *pctx;
|
||||
char *default_realm;
|
||||
@@ -79,7 +78,6 @@ static int radius_auth_init(void **ctx, void *pool, const char *username, const
|
||||
|
||||
strlcpy(pctx->username, username, sizeof(pctx->username));
|
||||
strlcpy(pctx->remote_ip, ip, sizeof(pctx->remote_ip));
|
||||
pctx->config = additional;
|
||||
pctx->pass_msg = pass_msg_first;
|
||||
|
||||
default_realm = rc_conf_str(rh, "default_realm");
|
||||
|
||||
@@ -46,7 +46,6 @@ struct radius_ctx_st {
|
||||
char **routes;
|
||||
unsigned routes_size;
|
||||
|
||||
const char *config; /* radius config file */
|
||||
const char *pass_msg;
|
||||
unsigned retries;
|
||||
};
|
||||
|
||||
@@ -491,7 +491,6 @@ int set_module(sec_mod_st * sec, client_entry_st *e, unsigned auth_type)
|
||||
if (sec->config->auth[i].enabled && (sec->config->auth[i].type & auth_type) == auth_type) {
|
||||
e->module = sec->config->auth[i].amod;
|
||||
e->auth_type = sec->config->auth[i].type;
|
||||
e->auth_additional = sec->config->auth[i].additional;
|
||||
|
||||
seclog(sec, LOG_INFO, "using '%s' authentication to authenticate user (%x)", sec->config->auth[i].name, auth_type);
|
||||
return 0;
|
||||
@@ -531,8 +530,7 @@ int handle_sec_auth_init(int cfd, sec_mod_st * sec, const SecAuthInitMsg * req)
|
||||
|
||||
if (e->module) {
|
||||
ret =
|
||||
e->module->auth_init(&e->auth_ctx, e, req->user_name, req->ip,
|
||||
e->auth_additional);
|
||||
e->module->auth_init(&e->auth_ctx, e, req->user_name, req->ip);
|
||||
if (ret == ERR_AUTH_CONTINUE) {
|
||||
need_continue = 1;
|
||||
} else if (ret < 0) {
|
||||
|
||||
@@ -31,7 +31,7 @@ struct auth_mod_st {
|
||||
unsigned int type;
|
||||
void (*global_init)(void *pool, void* additional);
|
||||
void (*global_deinit)(void);
|
||||
int (*auth_init)(void** ctx, void *pool, const char* username, const char* ip, void* additional);
|
||||
int (*auth_init)(void** ctx, void *pool, const char* username, const char* ip);
|
||||
int (*auth_msg)(void* ctx, void *pool, char** msg);
|
||||
int (*auth_pass)(void* ctx, const char* pass, unsigned pass_len);
|
||||
int (*auth_group)(void* ctx, const char *suggested, char *groupname, int groupname_size);
|
||||
|
||||
@@ -78,7 +78,6 @@ typedef struct client_entry_st {
|
||||
unsigned auth_type;
|
||||
/* the module this entry is using */
|
||||
const struct auth_mod_st *module;
|
||||
void *auth_additional; /* input to auth_init */
|
||||
} client_entry_st;
|
||||
|
||||
void *sec_mod_client_db_init(sec_mod_st *sec);
|
||||
|
||||
Reference in New Issue
Block a user