diff options
| author | Martin Willi <martin@strongswan.org> | 2008-08-21 14:40:03 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-08-21 14:40:03 +0000 |
| commit | b848f0377c3b76aeb4d4aefd9b818e05ae4e24e2 (patch) | |
| tree | 1ec1c73001896984c35ff072d7b173f55438c5c9 /src/charon/plugins/eap_gtc | |
| parent | 1caa265c6106659a2b96f8fe4ff2d16522d31d2f (diff) | |
| download | strongswan-b848f0377c3b76aeb4d4aefd9b818e05ae4e24e2.tar.bz2 strongswan-b848f0377c3b76aeb4d4aefd9b818e05ae4e24e2.tar.xz | |
fixed EAP-GTC secret lookup
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability
Diffstat (limited to 'src/charon/plugins/eap_gtc')
| -rw-r--r-- | src/charon/plugins/eap_gtc/eap_gtc.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c index f178786e4..fd39e5ad7 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.c +++ b/src/charon/plugins/eap_gtc/eap_gtc.c @@ -105,18 +105,26 @@ static int auth_conv(int num_msg, const struct pam_message **msg, */ static bool authenticate(char *service, char *user, char *password) { - pam_handle_t *pamh; + pam_handle_t *pamh = NULL; static struct pam_conv conv; int ret; conv.conv = (void*)auth_conv; conv.appdata_ptr = password; - if (pam_start(service, user, &conv, &pamh) != PAM_SUCCESS) + ret = pam_start(service, user, &conv, &pamh); + if (ret != PAM_SUCCESS) { + DBG1(DBG_IKE, "EAP-GTC pam_start failed: %s", + pam_strerror(pamh, ret)); return FALSE; } ret = pam_authenticate(pamh, 0); + if (ret != PAM_SUCCESS) + { + DBG1(DBG_IKE, "EAP-GTC pam_authenticate failed: %s", + pam_strerror(pamh, ret)); + } pam_end(pamh, ret); return ret == PAM_SUCCESS; } @@ -154,7 +162,7 @@ static status_t process_peer(private_eap_gtc_t *this, size_t len; shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, - this->server, this->peer); + this->peer, this->server); if (shared == NULL) { DBG1(DBG_IKE, "no EAP key found for '%D' - '%D'", @@ -163,6 +171,8 @@ static status_t process_peer(private_eap_gtc_t *this, } key = shared->get_key(shared); len = key.len; + + /* TODO: According to the draft we should "SASLprep" password, RFC4013. */ res = alloca(sizeof(eap_gtc_header_t) + len); res->length = htons(sizeof(eap_gtc_header_t) + len); @@ -206,11 +216,8 @@ static status_t process_server(private_eap_gtc_t *this, service = lib->settings->get_str(lib->settings, "charon.plugins.eap_gtc.pam_service", GTC_PAM_SERVICE); - /* TODO: According to the draft we should "SASLprep" username and - * passwords... RFC4013 */ if (!authenticate(service, user, password)) { - DBG1(DBG_IKE, "EAP-GTC PAM authentication failed"); return FAILED; } return SUCCESS; |