Skip to content
GitLab
Commit 3f93da6a authored by Robert Dubner's avatar Robert Dubner
Browse files

Format to 80-char lines; update Copyright notices

parent 33b902a3
Pipeline #3660 passed with stage
in 50 minutes and 22 seconds
Expand all Hide whitespace changes
Inline Side-by-side
contrib/slapd-modules/radiusov/demonstration/radiusclient/mschap.c
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -13,6 +12,11 @@
* <http://www.OpenLDAP.org/license.html>.
*/
/*
* The code in this module is largely derived from a public domain source.
*
*/
/*
* This module implements MS-CHAP, as described in RFC 2548
*
......@@ -129,12 +133,12 @@ GenerateAuthenticatorResponse( uint8_t const *unicode_password,
uint8_t nt_hash_hash[MD4_DIGEST_LENGTH];
// Hash the password
NTPasswordHash( unicode_password,
unicode_password_length,
NTPasswordHash( unicode_password,
unicode_password_length,
nt_hash);
// Hash the hash
NTPasswordHash( nt_hash,
MD4_DIGEST_LENGTH,
NTPasswordHash( nt_hash,
MD4_DIGEST_LENGTH,
nt_hash_hash);
SHA1Init(&Context);
......@@ -190,7 +194,7 @@ ChallengeHash( const uint8_t *peer_challenge,
}
void
GenerateNTResponse(
GenerateNTResponse(
const uint8_t *authenticator_challenge, // 16-byte random value we sent the peer
const uint8_t *peer_challenge, // 16-byte random value from authenticating peer
const char *username, // 0 to 256-character ASCII username
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/mschap.h
View file @ 3f93da6a
/* md4.h */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -12,7 +10,9 @@
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*
*/
/*
* The code in this module is largely derived from a public domain source.
*
*/
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/radiusclient.c
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/reap.c
View file @ 3f93da6a
......@@ -48,8 +48,10 @@ const EAP_MESSAGE_TYPE eap_message_types[] =
{24,"EAP-3Com Wireless","[Albert_Young]"},
{25,"PEAP","[Ashwin_Palekar]"},
{26,"MS-EAP-Authentication","[Ashwin_Palekar]"},
{27,"Mutual Authentication w/Key Exchange (MAKE)",
"[Romain_Berrendonner]"},
{
27,"Mutual Authentication w/Key Exchange (MAKE)",
"[Romain_Berrendonner]"
},
{28,"CRYPTOCard","[Stephen_M_Webb]"},
{29,"EAP-MSCHAP-V2","[Darran_Potter]"},
{30,"DynamID","[Pascal_Merlin]"},
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/rpacket.c
View file @ 3f93da6a
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/rpacket.h
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -10,9 +9,10 @@
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.build
* <http://www.OpenLDAP.org/license.html>.
*/
#ifndef RPACKET_H
#define RPACKET_H
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/sha1.c
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -11,7 +10,9 @@
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*
*/
/*
* The code in this module is largely derived from a public domain source.
*
*/
......
contrib/slapd-modules/radiusov/demonstration/radiusclient/sha1.h
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -11,7 +10,9 @@
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*
*/
/*
* The code in this module is largely derived from a public domain source.
*
*/
......
contrib/slapd-modules/radiusov/mschap.c
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -129,12 +128,12 @@ GenerateAuthenticatorResponse( uint8_t const *unicode_password,
uint8_t nt_hash_hash[MD4_DIGEST_LENGTH];
// Hash the password
NTPasswordHash( unicode_password,
unicode_password_length,
NTPasswordHash( unicode_password,
unicode_password_length,
nt_hash);
// Hash the hash
NTPasswordHash( nt_hash,
MD4_DIGEST_LENGTH,
NTPasswordHash( nt_hash,
MD4_DIGEST_LENGTH,
nt_hash_hash);
SHA1Init(&Context);
......@@ -190,7 +189,7 @@ ChallengeHash( const uint8_t *peer_challenge,
}
void
GenerateNTResponse(
GenerateNTResponse(
const uint8_t *authenticator_challenge, // 16-byte random value we sent the peer
const uint8_t *peer_challenge, // 16-byte random value from authenticating peer
const char *username, // 0 to 256-character ASCII username
......
contrib/slapd-modules/radiusov/mschap.h
View file @ 3f93da6a
/* md4.h */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -12,7 +10,9 @@
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*
*/
/*
* The code in this module is largely derived from a public domain source.
*
*/
......
contrib/slapd-modules/radiusov/radius.c
View file @ 3f93da6a
This diff is collapsed.
contrib/slapd-modules/radiusov/radiusov.c
View file @ 3f93da6a
/* radiusov.c - radius-ldap overlay for slapd */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2021 The OpenLDAP Foundation.
* Portions Copyright 2008 by Howard Chu, Symas Corp.
* Portions Copyright 2013 by Ted C. Cheng, Symas Corp.
* Portions Copyright 2021 by Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -41,17 +36,19 @@
ldap_pvt_thread_mutex_t libradius_mutex;
// This is used during debugging. It can be used to suppress processing of
// incoming packets after the first N have come in. This can reduce confusion
// when working with a Wireless Access Point that insists on retrying while you
// are trapping through code in a multi-threaded environment.
// packet_eat_count is used during debugging. It can be used to suppress
// processing of incoming packets after the first N have come in. This can
// reduce confusion when working with a Wireless Access Point that insists on
// retrying while you are trapping through code in a multi-threaded
// environment.
//
// A negative value means just process everything without touching the counter
static int packet_eat_count = -1;
#if DANGEROUS_TESTING_ENABLED
#pragma GCC warning "DANGEROUS_TESTING_ENABLED is set to 1, which is a security flaw."
#pragma GCC warning "DANGEROUS_TESTING_ENABLED is set to 1, "
"which is a security flaw."
#endif
static void
......@@ -154,20 +151,18 @@ radiusov_generalized_callback(Operation *op, SlapReply *rs)
// We found our result last time through, so we can leave
break;
}
//Debug(LDAP_DEBUG_TRACE, " There is an e_attrs[] value\n");
for( i = 0; a->a_nvals[i].bv_val != NULL; i++ )
{
BerValue *ber_name;
BerValue *ber_attr;
ber_name = &a->a_desc[i].ad_cname;
ber_attr = &a->a_nvals[i];
//Debug(LDAP_DEBUG_TRACE, " There is an a_nval[%d] ber_name %s\n", i, ber_name->bv_val);
if( ber_name->bv_len == strlen(desired_attribute->attribute_name)
if( ber_name->bv_len
== strlen(desired_attribute->attribute_name)
&& memcmp( ber_name->bv_val,
desired_attribute->attribute_name,
ber_name->bv_len) == 0 )
{
//Debug(LDAP_DEBUG_TRACE, " Found you, my pretty!\n");
size_t to_be_copied = ber_attr->bv_len;
if( desired_attribute->len-1 < to_be_copied )
{
......@@ -477,10 +472,10 @@ Nanoseconds(void)
return ts.tv_sec * 1000000000 + ts.tv_nsec ;
}
// The GV_packet_count variable is intended to count up the number of packets sent
// and received. It is reported as the "nominal packet #". In normal operation
// it will correspond to the packet numbering in Wireshark when the capture and
// slapd are started together.
// The GV_packet_count variable is intended to count up the number of packets
// sent and received. It is reported as the "nominal packet #". In normal
// operation it will correspond to the packet numbering in Wireshark when the
// capture and slapd are started together.
// This is a headache reducer when debugging.
......@@ -510,7 +505,7 @@ radiusov_acceptconn(void *ctx, void *arg)
char ebuf[128];
static const int MAX_MESSAGE_LENGTH = 4096;
uint8_t incoming_request[MAX_MESSAGE_LENGTH + 1]; // Room for a '\0 fencepost
uint8_t incoming_request[MAX_MESSAGE_LENGTH + 1]; // Room for a \0 fencepost
slen = sizeof(client_addr);
recv_len = recvfrom(radius_info->udp_socket,
incoming_request,
......@@ -605,7 +600,8 @@ radiusov_acceptconn(void *ctx, void *arg)
GV_packet_count += 1;
Debug( LDAP_DEBUG_ARGS | LDAP_DEBUG_CONNS | LDAP_DEBUG_PACKETS,
DPREFIX "%s(): ************************************** Nominal packet #%d \n",
DPREFIX "%s(): "
"************************************** Nominal packet #%d \n",
__func__,
GV_packet_count);
......@@ -689,18 +685,6 @@ radiusov_create_udp_port( BackendDB *be,
port_host,
port_number);
// At the present time, port_host needs to be a dotted quad number.
// "0.0.0.0" is the equivalent of INADDR_ANY
// "127.0.0.1" is not equivalent; see man ip(7). It is the local
// loopback, which means that only connections from the machine will be
// made.
// At some point we should see if port_host is a fully qualified domain name,
// and convert it to an IP address. Dubner thinks this is a bad idea, and
// that even in a multi-homed server it makes sense to use explicit values.
// But he may not have the last word on this.
slap_overinst *radiusov = (slap_overinst *)be->bd_info;
RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;
......@@ -721,8 +705,9 @@ radiusov_create_udp_port( BackendDB *be,
// assign IP, PORT
server_addr.sin_family = AF_INET;
//server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
int rc = inet_aton( port_host,
struct hostent *hostbyname = gethostbyname(port_host);
int rc = inet_aton( hostbyname->h_name,
(struct in_addr *)&server_addr.sin_addr.s_addr);
if ( rc == 0 )
{
......@@ -782,12 +767,14 @@ enum
// __COUNTER__, which is a macro, has to be expanded. I find it confusing.
// This works. I am not sure why. Mess with it if you have the inclination,
// time, and energy.
#define NV2(a) #a // NV2 takes the number <n> and converts it to a string
#define NV1(a) NV2(a) // I believe NV1 takes the text "__COUNTER__", and
// // expands it to "NV2(__COUNTER__)", and is evaluated as NV2(<n>)
#define NEXT_VALUE NV1(__COUNTER__) // I think this takes the text "__COUNTER__" and passes it to NV1
#define NV2(a) #a // NV2 takes the number <n> and converts it to a string
#define NV1(a) NV2(a) // I believe NV1 takes the text "__COUNTER__", and
// // expands it to "NV2(__COUNTER__)", and is evaluated as NV2(<n>)
#define NEXT_VALUE NV1(__COUNTER__) // I think this takes the text
// // "__COUNTER__" and passes it to NV1
volatile int unused_dummy_variable = __COUNTER__; // This bumps __COUNTER__ from zero to one
volatile int unused_dummy_variable = __COUNTER__; // This bumps __COUNTER__
// // from zero to one
static ConfigTable radiuscfg[] =
{
......@@ -837,7 +824,8 @@ static ConfigTable radiuscfg[] =
ARG_MAGIC|RADIUS_CLIENT_URI,
radius_config_driver,
"( OLcfgOvAt:" OVERLAY_OID "." NEXT_VALUE " NAME 'olcRadiusClientUri' "
"DESC 'URL for searching for RADIUS client shared secret by IP address:port' "
"DESC 'URL for searching for RADIUS client shared secret by "
"IP address:port' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )",
NULL, NULL
......@@ -863,7 +851,8 @@ static ConfigTable radiuscfg[] =
2, 2, 0,
ARG_MAGIC|RADIUS_TLS_CONFIG_FILE,
radius_config_driver,
"( OLcfgOvAt:" OVERLAY_OID "." NEXT_VALUE " NAME 'olcRadiusTlsConfigFile' "
"( OLcfgOvAt:" OVERLAY_OID "." NEXT_VALUE " NAME "
"'olcRadiusTlsConfigFile' "
"DESC 'Filename for SSL context configuration parameters' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString "
......@@ -900,7 +889,8 @@ static ConfigOCs radiusocs[] =
"SUP olcOverlayConfig "
"MUST olcRadiusClientUri "
#if DANGEROUS_TESTING_ENABLED
"MAY (olcRadiusPort $ olcRadiusHost $ olcRadiusTest $ olcRadiusTlsConfigFile) "
"MAY (olcRadiusPort $ olcRadiusHost $ olcRadiusTest "
"$ olcRadiusTlsConfigFile) "
#else
"MAY (olcRadiusPort $ olcRadiusHost $ olcRadiusTlsConfigFile) "
#endif
......@@ -915,7 +905,8 @@ radius_config_driver(ConfigArgs *config_args)
{
DENTER;
Debug( LDAP_DEBUG_ARGS,
DPREFIX "%s(): config_args->op is 0x%X; config_args->type is 0x%X\n",
DPREFIX "%s(): config_args->op is 0x%X; "
"config_args->type is 0x%X\n",
__func__,
(int)config_args->op,
(int)config_args->type);
......@@ -936,14 +927,15 @@ radius_config_driver(ConfigArgs *config_args)
Debug( LDAP_DEBUG_ARGS,
" radiusPort is %d\n",
atoi(config_args->argv[1]));
radius_info->radius_port_number = atoi(config_args->argv[1]);
radius_info->radius_port_number
= atoi(config_args->argv[1]);
if( radius_info->radius_port_number <= 0
|| radius_info->radius_port_number > 65535 )
{
Debug( LDAP_DEBUG_ANY,
"The RADIUS port number is %d, which makes no "
"sense; it has to be a 16-bit number\n",
"The RADIUS port number is %d, which makes "
"no sense; it has to be a 16-bit number\n",
radius_info->radius_port_number);
return 1;
}
......@@ -959,7 +951,8 @@ radius_config_driver(ConfigArgs *config_args)
strncpy(radius_info->radius_port_host,
config_args->argv[1],
sizeof(radius_info->radius_port_host) );
radius_info->radius_port_host[sizeof(radius_info->radius_port_host)-1] = '\0';
radius_info->radius_port_host[
sizeof(radius_info->radius_port_host)-1] = '\0';
}
break;
......@@ -1006,7 +999,8 @@ radius_config_driver(ConfigArgs *config_args)
strncpy(radius_info->radius_tls_config_file,
config_args->argv[1],
sizeof(radius_info->radius_tls_config_file) );
radius_info->radius_port_host[sizeof(radius_info->radius_tls_config_file)-1] = '\0';
radius_info->radius_port_host[
sizeof(radius_info->radius_tls_config_file)-1] = '\0';
}
break;
......@@ -1118,7 +1112,9 @@ radiusov_db_open(BackendDB *be, ConfigReply *cr)
"Initializing SSL_CTX\n");
radius_info->conf = ch_calloc( 1, sizeof(SSL_CONFIGURATION) );
tls_global_init();
if( get_configuration_from_file(radius_info->conf, radius_info->radius_tls_config_file) )
if( get_configuration_from_file(
radius_info->conf,
radius_info->radius_tls_config_file) )
{
Debug( LDAP_DEBUG_ANY,
"Failed reading SSL context configuration file\n");
......
contrib/slapd-modules/radiusov/radiusov.h
View file @ 3f93da6a
/* radiusov.h - RADIUS overlay header file */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2008-2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -15,8 +12,8 @@
* <http://www.OpenLDAP.org/license.html>.
*/
#ifndef RADIUSOV_H
#define RADIUSOV_H
#ifndef _h_RADIUSOV_H
#define _h_RADIUSOV_H
#include <stdio.h>
#include <errno.h>
......@@ -46,7 +43,8 @@
#define IDENTIFIER_SIZE 17
#define MAXIMUM_USERNAME_CHARACTERS 256 // MS-CHAP has a username limit of 256 ASCII characters
// MS-CHAP has a username limit of 256 ASCII characters
#define MAXIMUM_USERNAME_CHARACTERS 256
#define MAXIMUM_PASSWORD_CHARACTERS 256
#define CHAP_AUTHENTICATOR_CHALLENGE_SIZE 16
......@@ -55,11 +53,12 @@
#define STATE_LIFETIME_IN_SECONDS 120
#define DEFAULT_RADIUS_PORT 1812 // This is the well-known RADIUS server port
#define DEFAULT_RADIUS_HOST "0.0.0.0" // 0.0.0.0 is the equivalent of INADDR_ANY
// // 127.0.0.1 is *not* equivalent. It is the
// // Loopback IP address, which means that requests
// // from outside the local server will be ignored.
#define DEFAULT_RADIUS_PORT 1812 // Well-known RADIUS server port
#define DEFAULT_RADIUS_HOST "0.0.0.0" // 0.0.0.0 is the equivalent of INADDR_ANY
// // 127.0.0.1 is *not* equivalent. It is
// // the Loopback IP address, which means
// // that requests from outside the local
// server will be ignored.
typedef struct _STATE_VOLATILES
{
......@@ -72,17 +71,26 @@ typedef struct _STATE_VOLATILES
typedef struct _STATE
{
char state_identifier_text[IDENTIFIER_SIZE]; // Copy of the RATV-State text for identifying the state
struct _STATE *left; // We maintain a doubly-linked list of states
// Copy of the RATV-State text for identifying the state
char state_identifier_text[IDENTIFIER_SIZE];
struct _STATE *left; // We maintain a doubly-linked list of states
struct _STATE *right;
size_t dirty_bytes_sent_so_far; // Runs from zero to ciphertext_out.used when sending sequential RADIUS packets
// Runs from zero to ciphertext_out.used when sending sequential
// RADIUS packets
size_t dirty_bytes_sent_so_far;
uint8_t encrypted_message_id;
char username[MAXIMUM_USERNAME_CHARACTERS+1];
uint8_t challenge[CHAP_AUTHENTICATOR_CHALLENGE_SIZE];
uint8_t peer_nt_response[24];
uint8_t nthashhash[MD4_DIGEST_LENGTH];
uint8_t md5_challenge[16]; // Magic number: Yes, an MD5 challenge random sequence is sixteen bytes.
time_t birthday; // Birthdate, in Unix epoch seconds, of this state.
// An MD5 challenge random sequence is sixteen bytes.
uint8_t md5_challenge[16];
// Birthdate, in Unix epoch seconds, of this state.
time_t birthday;
SSL *ssl;
TLS_INFO info;
......@@ -90,16 +98,19 @@ typedef struct _STATE
// These elements are used for sending/receiving TLS data
BIO *into_ssl;
BIO *from_ssl;
SSL_RECORD ciphertext_in; // Data that EAP server receives from the client.
SSL_RECORD ciphertext_in; // Data EAP server receives from the client.
SSL_RECORD cleartext_in; // The decrypted ciphertext_in
SSL_RECORD cleartext_out; // Data that the EAP server will send to the client
SSL_RECORD cleartext_out; // Data the EAP server sends to the client
SSL_RECORD ciphertext_out; // The encrypted cleartext_out
size_t mtu; // Current fragment size
size_t tls_record_expected_length; // peer value for total length of TLS record
size_t tls_record_in_recvd_len; // how much of that we've already read in
// The peer says the TLS data will be this long
size_t tls_record_expected_length;
// This is how much of thatwe've already read in
size_t tls_record_in_recvd_len;
char const *keying_material_label;
......@@ -119,12 +130,21 @@ typedef struct _RADIUS_INFO
{
// Parameters from slapd.conf:
int radius_port_number; // From slapd.conf
char radius_port_host[256]; // From slapd.conf. Usually 127.0.0.1, but
// // we leave room for a fully qualified domain name
char radius_tls_config_file[4096]; // Full path to the SSL_CTX configuration file
LDAPURLDesc *lud_radius_client; // From slapd.conf. The parsed search URI for RADIUS client shared secret
LDAPURLDesc *lud_radius_user; // From slapd.conf. The parsed search URI for RADIUS user password
LDAPURLDesc *lud_simple_test; // From slapd.conf. The parsed search URI for simple testing
char radius_port_host[256]; // From slapd.conf. Usually 0.0.0.0,
// // but we leave room for a FQDN
// Full path to the SSL_CTX configuration file
char radius_tls_config_file[4096];
// From slapd.conf. The parsed search URI for RADIUS client shared secret
LDAPURLDesc *lud_radius_client;
// From slapd.conf. The parsed search URI for RADIUS user password
LDAPURLDesc *lud_radius_user;
// From slapd.conf. The parsed search URI for simple testing
LDAPURLDesc *lud_simple_test;
int udp_socket;
Connection *radius_connection;
......@@ -136,7 +156,8 @@ typedef struct _RADIUS_INFO
typedef enum _search_methods
{
TEST_AND_DEVELOPMENT, // Expects a simple <username>,<password> in the input packet
TEST_AND_DEVELOPMENT, // Expects a simple <username>,<password>
// // in the input packet
RADIUS_PROTOCOL, // This is a formal RADIUS protocol implementation
} search_methods;
......
contrib/slapd-modules/radiusov/reap.c
View file @ 3f93da6a
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* Copyright 1998-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -14,6 +12,7 @@
* <http://www.OpenLDAP.org/license.html>.
*/
#include "radiusov.h"
#include "lber-int.h"
#include "reap.h"
......
contrib/slapd-modules/radiusov/reap.h
View file @ 3f93da6a
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2021 The OpenLDAP Foundation.
* Portions Copyright 2021 Robert Dubner, Symas Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......@@ -61,7 +60,6 @@ typedef enum EAP_MESSAGE_CODES
#define EAP_TLS_FLAG_START 0x20
#define EAP_TLS_FLAG_VERSION 0x00