Bug Summary

File:src/libexec/login_radius/raddauth.c
Warning:line 324, column 5
Value stored to 'passwd' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name raddauth.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/libexec/login_radius/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/libexec/login_radius/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/libexec/login_radius/raddauth.c
1/* $OpenBSD: raddauth.c,v 1.31 2023/03/02 16:13:57 millert Exp $ */
2
3/*-
4 * Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by Berkeley Software Design,
17 * Inc.
18 * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
19 * or promote products derived from this software without specific prior
20 * written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * BSDI $From: raddauth.c,v 1.6 1998/04/14 00:39:04 prb Exp $
35 */
36/*
37 * Copyright(c) 1996 by tfm associates.
38 * All rights reserved.
39 *
40 * tfm associates
41 * P.O. Box 2086
42 * Eugene OR 97402-0031
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 * 3. The name of tfm associates may not be used to endorse or promote
53 * products derived from this software without specific prior written
54 * permission.
55 *
56 * THIS SOFTWARE IS PROVIDED BY TFM ASSOC``AS IS'' AND ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
58 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
59 * IN NO EVENT SHALL TFM ASSOCIATES BE LIABLE FOR ANY DIRECT, INDIRECT,
60 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
61 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
62 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
63 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
64 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
65 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
66 */
67
68#include <sys/types.h>
69#include <sys/socket.h>
70#include <netinet/in.h>
71#include <arpa/inet.h>
72
73#include <ctype.h>
74#include <err.h>
75#include <errno(*__errno()).h>
76#include <stdint.h>
77#include <limits.h>
78#include <login_cap.h>
79#include <netdb.h>
80#include <signal.h>
81#include <stdio.h>
82#include <stdlib.h>
83#include <string.h>
84#include <syslog.h>
85#include <time.h>
86#include <unistd.h>
87#include <md5.h>
88#include <readpassphrase.h>
89#include "login_radius.h"
90
91
92#define MAXPWNETNAM64 64 /* longest username */
93#define MAXSECRETLEN128 128 /* maximum length of secret */
94
95#define AUTH_VECTOR_LEN16 16
96#define AUTH_HDR_LEN20 20
97#define AUTH_PASS_LEN(256 - 16) (256 - 16)
98#define PW_AUTHENTICATION_REQUEST1 1
99#define PW_AUTHENTICATION_ACK2 2
100#define PW_AUTHENTICATION_REJECT3 3
101#define PW_ACCESS_CHALLENGE11 11
102#define PW_USER_NAME1 1
103#define PW_PASSWORD2 2
104#define PW_CLIENT_ID4 4
105#define PW_CLIENT_PORT_ID5 5
106#define PW_PORT_MESSAGE18 18
107#define PW_STATE24 24
108
109#ifndef RADIUS_DIR"/etc/raddb"
110#define RADIUS_DIR"/etc/raddb" "/etc/raddb"
111#endif
112#define RADIUS_SERVERS"servers" "servers"
113
114char *radius_dir = RADIUS_DIR"/etc/raddb";
115char auth_secret[MAXSECRETLEN128+1];
116volatile sig_atomic_t timedout;
117int alt_retries;
118int retries;
119int sockfd;
120int timeout;
121in_addr_t alt_server;
122in_addr_t auth_server;
123in_port_t radius_port;
124
125typedef struct {
126 u_char code;
127 u_char id;
128 u_short length;
129 u_char vector[AUTH_VECTOR_LEN16];
130 u_char data[4096 - AUTH_HDR_LEN20];
131} auth_hdr_t;
132
133void servtimeout(int);
134in_addr_t get_ipaddr(char *);
135in_addr_t gethost(void);
136int rad_recv(char *, char *, u_char *);
137void parse_challenge(auth_hdr_t *, char *, char *);
138void rad_request(u_char, char *, char *, int, char *, char *);
139void getsecret(void);
140
141/*
142 * challenge -- NULL for interactive service
143 * password -- NULL for interactive service and when requesting a challenge
144 */
145int
146raddauth(char *username, char *class, char *style, char *challenge,
147 char *password, char **emsg)
148{
149 static char _pwstate[1024];
150 u_char req_id;
151 char *userstyle, *passwd, *pwstate, *rad_service;
152 char pbuf[AUTH_PASS_LEN(256 - 16)+1];
153 int auth_port;
154 char vector[AUTH_VECTOR_LEN16+1], *p, *v;
155 int i;
156 login_cap_t *lc;
157 u_int32_t r;
158 struct servent *svp;
159 struct sockaddr_in sin;
160 struct sigaction sa;
161 const char *errstr;
162
163 memset(_pwstate, 0, sizeof(_pwstate));
164 pwstate = password ? challenge : _pwstate;
165
166 if ((lc = login_getclass(class)) == NULL((void *)0)) {
167 snprintf(_pwstate, sizeof(_pwstate),
168 "%s: no such class", class);
169 *emsg = _pwstate;
170 return (1);
171 }
172
173 rad_service = login_getcapstr(lc, "radius-port", "radius", "radius");
174 timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
175 retries = login_getcapnum(lc, "radius-retries", 6, 6);
176
177 if (timeout < 1)
178 timeout = 1;
179 if (retries < 2)
180 retries = 2;
181
182 if (challenge == NULL((void *)0)) {
183 passwd = NULL((void *)0);
184 v = login_getcapstr(lc, "radius-challenge-styles",
185 NULL((void *)0), NULL((void *)0));
186 i = strlen(style);
187 while (v && (p = strstr(v, style)) != NULL((void *)0)) {
188 if ((p == v || p[-1] == ',') &&
189 (p[i] == ',' || p[i] == '\0')) {
190 passwd = "";
191 break;
192 }
193 v = p+1;
194 }
195 if (passwd == NULL((void *)0))
196 passwd = readpassphrase("Password:", pbuf, sizeof(pbuf),
197 RPP_ECHO_OFF0x00);
198 } else
199 passwd = password;
200 if (passwd == NULL((void *)0))
201 passwd = "";
202
203 if ((v = login_getcapstr(lc, "radius-server", NULL((void *)0), NULL((void *)0))) == NULL((void *)0)){
204 *emsg = "radius-server not configured";
205 return (1);
206 }
207
208 auth_server = get_ipaddr(v);
209
210 if ((v = login_getcapstr(lc, "radius-server-alt", NULL((void *)0), NULL((void *)0))) == NULL((void *)0))
211 alt_server = 0;
212 else {
213 alt_server = get_ipaddr(v);
214 alt_retries = retries/2;
215 retries >>= 1;
216 }
217
218 /* get port number */
219 radius_port = strtonum(rad_service, 1, UINT16_MAX0xffff, &errstr);
220 if (errstr) {
221 svp = getservbyname(rad_service, "udp");
222 if (svp == NULL((void *)0)) {
223 snprintf(_pwstate, sizeof(_pwstate),
224 "No such service: %s/udp", rad_service);
225 *emsg = _pwstate;
226 return (1);
227 }
228 radius_port = svp->s_port;
229 } else
230 radius_port = htons(radius_port)(__uint16_t)(__builtin_constant_p(radius_port) ? (__uint16_t)
(((__uint16_t)(radius_port) & 0xffU) << 8 | ((__uint16_t
)(radius_port) & 0xff00U) >> 8) : __swap16md(radius_port
));
231
232 /* get the secret from the servers file */
233 getsecret();
234
235 /* set up socket */
236 if ((sockfd = socket(AF_INET2, SOCK_DGRAM2, 0)) == -1) {
237 snprintf(_pwstate, sizeof(_pwstate), "%s", strerror(errno(*__errno())));
238 *emsg = _pwstate;
239 return (1);
240 }
241
242 /* set up client structure */
243 memset(&sin, 0, sizeof(sin));
244 sin.sin_family = AF_INET2;
245 sin.sin_addr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
246 sin.sin_port = radius_port;
247
248 req_id = (u_char) arc4random();
249 auth_port = ttyslot();
250 if (auth_port == 0)
251 auth_port = (int)getppid();
252 if (strcmp(style, "radius") != 0) {
253 if (asprintf(&userstyle, "%s:%s", username, style) == -1)
254 err(1, NULL((void *)0));
255 } else
256 userstyle = username;
257
258 /* generate random vector */
259 for (i = 0; i < AUTH_VECTOR_LEN16;) {
260 r = arc4random();
261 memcpy(&vector[i], &r, sizeof(r));
262 i += sizeof(r);
263 }
264 vector[AUTH_VECTOR_LEN16] = '\0';
265
266 sigemptyset(&sa.sa_mask);
267 sa.sa_handler__sigaction_u.__sa_handler = servtimeout;
268 sa.sa_flags = 0; /* don't restart system calls */
269 (void)sigaction(SIGALRM14, &sa, NULL((void *)0));
270retry:
271 if (timedout) {
272 timedout = 0;
273 if (--retries <= 0) {
274 /*
275 * If we ran out of tries but there is an alternate
276 * server, switch to it and try again.
277 */
278 if (alt_retries) {
279 auth_server = alt_server;
280 retries = alt_retries;
281 alt_retries = 0;
282 getsecret();
283 } else
284 warnx("no response from authentication server");
285 }
286 }
287
288 if (retries > 0) {
289 rad_request(req_id, userstyle, passwd, auth_port, vector,
290 pwstate);
291
292 switch (i = rad_recv(_pwstate, challenge, vector)) {
293 case PW_AUTHENTICATION_ACK2:
294 /*
295 * Make sure we don't think a challenge was issued.
296 */
297 if (challenge)
298 *challenge = '\0';
299 return (0);
300
301 case PW_AUTHENTICATION_REJECT3:
302 return (1);
303
304 case PW_ACCESS_CHALLENGE11:
305 /*
306 * If this is a response then reject them if
307 * we got a challenge.
308 */
309 if (password)
310 return (1);
311 /*
312 * If we wanted a challenge, just return
313 */
314 if (challenge) {
315 if (strcmp(challenge, _pwstate) != 0)
316 syslog(LOG_WARNING4,
317 "challenge for %s does not match state",
318 userstyle);
319 return (0);
320 }
321 req_id++;
322 if ((passwd = readpassphrase("", pbuf, sizeof(pbuf),
323 RPP_ECHO_OFF0x00)) == NULL((void *)0))
324 passwd = "";
Value stored to 'passwd' is never read
325 break;
326
327 default:
328 if (timedout)
329 goto retry;
330 snprintf(_pwstate, sizeof(_pwstate),
331 "invalid response type %d\n", i);
332 *emsg = _pwstate;
333 return (1);
334 }
335 }
336 return (1);
337}
338
339/*
340 * Build a radius authentication digest and submit it to the radius server
341 */
342void
343rad_request(u_char id, char *name, char *password, int port, char *vector,
344 char *state)
345{
346 auth_hdr_t auth;
347 int i, len, secretlen, total_length, p;
348 struct sockaddr_in sin;
349 u_char md5buf[MAXSECRETLEN128+AUTH_VECTOR_LEN16], digest[AUTH_VECTOR_LEN16],
350 pass_buf[AUTH_PASS_LEN(256 - 16)], *pw, *ptr;
351 u_int length;
352 in_addr_t ipaddr;
353 MD5_CTX context;
354
355 memset(&auth, 0, sizeof(auth));
356 auth.code = PW_AUTHENTICATION_REQUEST1;
357 auth.id = id;
358 memcpy(auth.vector, vector, AUTH_VECTOR_LEN16);
359 total_length = AUTH_HDR_LEN20;
360 ptr = auth.data;
361
362 /* User name */
363 *ptr++ = PW_USER_NAME1;
364 length = strlen(name);
365 if (length > MAXPWNETNAM64)
366 length = MAXPWNETNAM64;
367 *ptr++ = length + 2;
368 memcpy(ptr, name, length);
369 ptr += length;
370 total_length += length + 2;
371
372 /* Password */
373 length = strlen(password);
374 if (length > AUTH_PASS_LEN(256 - 16))
375 length = AUTH_PASS_LEN(256 - 16);
376
377 p = (length + AUTH_VECTOR_LEN16 - 1) / AUTH_VECTOR_LEN16;
378 *ptr++ = PW_PASSWORD2;
379 *ptr++ = p * AUTH_VECTOR_LEN16 + 2;
380
381 memset(pass_buf, 0, sizeof(pass_buf)); /* must zero fill */
382 strlcpy((char *)pass_buf, password, sizeof(pass_buf));
383
384 /* Calculate the md5 digest */
385 secretlen = strlen(auth_secret);
386 memcpy(md5buf, auth_secret, secretlen);
387 memcpy(md5buf + secretlen, auth.vector, AUTH_VECTOR_LEN16);
388
389 total_length += 2;
390
391 /* XOR the password into the md5 digest */
392 pw = pass_buf;
393 while (p-- > 0) {
394 MD5Init(&context);
395 MD5Update(&context, md5buf, secretlen + AUTH_VECTOR_LEN16);
396 MD5Final(digest, &context);
397 for (i = 0; i < AUTH_VECTOR_LEN16; ++i) {
398 *ptr = digest[i] ^ *pw;
399 md5buf[secretlen+i] = *ptr++;
400 *pw++ = '\0';
401 }
402 total_length += AUTH_VECTOR_LEN16;
403 }
404 explicit_bzero(pass_buf, strlen(pass_buf));
405
406 /* Client id */
407 *ptr++ = PW_CLIENT_ID4;
408 *ptr++ = sizeof(in_addr_t) + 2;
409 ipaddr = gethost();
410 memcpy(ptr, &ipaddr, sizeof(in_addr_t));
411 ptr += sizeof(in_addr_t);
412 total_length += sizeof(in_addr_t) + 2;
413
414 /* client port */
415 *ptr++ = PW_CLIENT_PORT_ID5;
416 *ptr++ = sizeof(in_addr_t) + 2;
417 port = htonl(port)(__uint32_t)(__builtin_constant_p(port) ? (__uint32_t)(((__uint32_t
)(port) & 0xff) << 24 | ((__uint32_t)(port) & 0xff00
) << 8 | ((__uint32_t)(port) & 0xff0000) >> 8
| ((__uint32_t)(port) & 0xff000000) >> 24) : __swap32md
(port));
418 memcpy(ptr, &port, sizeof(int));
419 ptr += sizeof(int);
420 total_length += sizeof(int) + 2;
421
422 /* Append the state info */
423 if ((state != NULL((void *)0)) && (strlen(state) > 0)) {
424 len = strlen(state);
425 *ptr++ = PW_STATE24;
426 *ptr++ = len + 2;
427 memcpy(ptr, state, len);
428 ptr += len;
429 total_length += len + 2;
430 }
431
432 auth.length = htons(total_length)(__uint16_t)(__builtin_constant_p(total_length) ? (__uint16_t
)(((__uint16_t)(total_length) & 0xffU) << 8 | ((__uint16_t
)(total_length) & 0xff00U) >> 8) : __swap16md(total_length
));
433
434 memset(&sin, 0, sizeof (sin));
435 sin.sin_family = AF_INET2;
436 sin.sin_addr.s_addr = auth_server;
437 sin.sin_port = radius_port;
438 if (sendto(sockfd, &auth, total_length, 0, (struct sockaddr *)&sin,
439 sizeof(sin)) == -1)
440 err(1, NULL((void *)0));
441}
442
443/*
444 * Receive UDP responses from the radius server
445 */
446int
447rad_recv(char *state, char *challenge, u_char *req_vector)
448{
449 auth_hdr_t auth;
450 socklen_t salen;
451 struct sockaddr_in sin;
452 u_char recv_vector[AUTH_VECTOR_LEN16], test_vector[AUTH_VECTOR_LEN16];
453 MD5_CTX context;
454 ssize_t total_length;
455
456 salen = sizeof(sin);
457
458 alarm(timeout);
459 total_length = recvfrom(sockfd, &auth, sizeof(auth), 0,
460 (struct sockaddr *)&sin, &salen);
461 alarm(0);
462 if (total_length < AUTH_HDR_LEN20) {
463 if (timedout)
464 return(-1);
465 errx(1, "bogus auth packet from server");
466 }
467 if (ntohs(auth.length)(__uint16_t)(__builtin_constant_p(auth.length) ? (__uint16_t)
(((__uint16_t)(auth.length) & 0xffU) << 8 | ((__uint16_t
)(auth.length) & 0xff00U) >> 8) : __swap16md(auth.length
)) > total_length)
468 errx(1, "bogus auth packet from server");
469
470 if (sin.sin_addr.s_addr != auth_server)
471 errx(1, "bogus authentication server");
472
473 /* verify server's shared secret */
474 memcpy(recv_vector, auth.vector, AUTH_VECTOR_LEN16);
475 memcpy(auth.vector, req_vector, AUTH_VECTOR_LEN16);
476 MD5Init(&context);
477 MD5Update(&context, (u_char *)&auth, ntohs(auth.length)(__uint16_t)(__builtin_constant_p(auth.length) ? (__uint16_t)
(((__uint16_t)(auth.length) & 0xffU) << 8 | ((__uint16_t
)(auth.length) & 0xff00U) >> 8) : __swap16md(auth.length
)));
478 MD5Update(&context, auth_secret, strlen(auth_secret));
479 MD5Final(test_vector, &context);
480 if (memcmp(recv_vector, test_vector, AUTH_VECTOR_LEN16) != 0)
481 errx(1, "shared secret incorrect");
482
483 if (auth.code == PW_ACCESS_CHALLENGE11)
484 parse_challenge(&auth, state, challenge);
485
486 return (auth.code);
487}
488
489/*
490 * Get IP address of local hostname
491 */
492in_addr_t
493gethost(void)
494{
495 char hostname[HOST_NAME_MAX255+1];
496
497 if (gethostname(hostname, sizeof(hostname)))
498 err(1, "gethost");
499 return (get_ipaddr(hostname));
500}
501
502/*
503 * Get an IP address in host in_addr_t notation from a hostname or dotted quad.
504 */
505in_addr_t
506get_ipaddr(char *host)
507{
508 struct hostent *hp;
509
510 if ((hp = gethostbyname(host)) == NULL((void *)0))
511 return (0);
512
513 return (((struct in_addr *)hp->h_addrh_addr_list[0])->s_addr);
514}
515
516/*
517 * Get the secret from the servers file
518 */
519void
520getsecret(void)
521{
522 FILE *servfd;
523 char *host, *secret, buffer[PATH_MAX1024];
524 size_t len;
525
526 snprintf(buffer, sizeof(buffer), "%s/%s",
527 radius_dir, RADIUS_SERVERS"servers");
528
529 if ((servfd = fopen(buffer, "r")) == NULL((void *)0)) {
530 syslog(LOG_ERR3, "%s: %m", buffer);
531 return;
532 }
533
534 secret = NULL((void *)0); /* Keeps gcc happy */
535 while ((host = fgetln(servfd, &len)) != NULL((void *)0)) {
536 if (*host == '#') {
537 memset(host, 0, len);
538 continue;
539 }
540 if (host[len-1] == '\n')
541 --len;
542 else {
543 /* No trailing newline, must allocate len+1 for NUL */
544 if ((secret = malloc(len + 1)) == NULL((void *)0)) {
545 memset(host, 0, len);
546 continue;
547 }
548 memcpy(secret, host, len);
549 memset(host, 0, len);
550 host = secret;
551 }
552 while (len > 0 && isspace((unsigned char)host[--len]))
553 ;
554 host[++len] = '\0';
555 while (isspace((unsigned char)*host)) {
556 ++host;
557 --len;
558 }
559 if (*host == '\0')
560 continue;
561 secret = host;
562 while (*secret && !isspace((unsigned char)*secret))
563 ++secret;
564 if (*secret)
565 *secret++ = '\0';
566 if (get_ipaddr(host) != auth_server) {
567 memset(host, 0, len);
568 continue;
569 }
570 while (isspace((unsigned char)*secret))
571 ++secret;
572 if (*secret)
573 break;
574 }
575 if (host) {
576 strlcpy(auth_secret, secret, sizeof(auth_secret));
577 memset(host, 0, len);
578 }
579 fclose(servfd);
580}
581
582void
583servtimeout(int signo)
584{
585
586 timedout = 1;
587}
588
589/*
590 * Parse a challenge received from the server
591 */
592void
593parse_challenge(auth_hdr_t *authhdr, char *state, char *challenge)
594{
595 int length;
596 int attribute, attribute_len;
597 u_char *ptr;
598
599 ptr = authhdr->data;
600 length = ntohs(authhdr->length)(__uint16_t)(__builtin_constant_p(authhdr->length) ? (__uint16_t
)(((__uint16_t)(authhdr->length) & 0xffU) << 8 |
((__uint16_t)(authhdr->length) & 0xff00U) >> 8)
: __swap16md(authhdr->length)) - AUTH_HDR_LEN20;
601
602 *state = 0;
603
604 while (length > 0) {
605 attribute = *ptr++;
606 attribute_len = *ptr++;
607 length -= attribute_len;
608 attribute_len -= 2;
609
610 switch (attribute) {
611 case PW_PORT_MESSAGE18:
612 if (challenge) {
613 memcpy(challenge, ptr, attribute_len);
614 challenge[attribute_len] = '\0';
615 } else
616 printf("%.*s", attribute_len, ptr);
617 break;
618 case PW_STATE24:
619 memcpy(state, ptr, attribute_len);
620 state[attribute_len] = '\0';
621 break;
622 }
623 ptr += attribute_len;
624 }
625}