headers
Christian Lackas | 6 Dec 2005 16:22
Picon
Picon
Favicon

[patch] support for RSA SecurID tags

Hello Maurice, ML,

got the following mail from Poul-Henning Kamp including a patch I ask
you to try out (I lack supporting hardware) and to include it into
vpnc if it is usefull for anyone.

----- Forwarded message from Poul-Henning Kamp <phk [at] phk.freebsd.dk> -----

Hi there,

Included is a patch I hacked up for vpnc to make it work with
a site that used RSA SecurID tags.

The patch implements support for the "ISAKMP_XAUTH_ATTRIB_NEXT_PIN"
thing which one gets first time in order to select a pincode.

The two lines a the bottom (setbuf(..., NULL)) make the debugging output
synchronous and therefore a fair bit less confusing.

I have no idea if this patch is correct, but it does work for me,
so you are welcome to submit it to the VPNC project/maintainers if
you think you can get them to take it.

Poul-Henning

diff -ur work/vpnc-0.3.3/vpnc.c work_/vpnc-0.3.3/vpnc.c
--- work/vpnc-0.3.3/vpnc.c	Thu May  5 15:24:17 2005
+++ work_/vpnc-0.3.3/vpnc.c	Tue Dec  6 11:50:09 2005
 <at>  <at>  -1439,6 +1439,7  <at>  <at> 
 			case ISAKMP_XAUTH_ATTRIB_PASSCODE:
 			case ISAKMP_XAUTH_ATTRIB_DOMAIN:
 			case ISAKMP_XAUTH_ATTRIB_ANSWER:
+			case ISAKMP_XAUTH_ATTRIB_NEXT_PIN:
 			case ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR:
 				break;
 			case ISAKMP_XAUTH_ATTRIB_MESSAGE:
 <at>  <at>  -1455,6 +1456,7  <at>  <at> 
 				}
 				break;
 			default:
+				DEBUG(2, printf("ap->type = %x\n", ap->type));
 				reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
 			}
 		DEBUG(2, printf("S5.5\n"));
 <at>  <at>  -1495,16 +1497,27  <at>  <at> 
 				}
 			case ISAKMP_XAUTH_ATTRIB_ANSWER:
 			case ISAKMP_XAUTH_ATTRIB_USER_PASSWORD:
+			case ISAKMP_XAUTH_ATTRIB_NEXT_PIN:
 			case ISAKMP_XAUTH_ATTRIB_PASSCODE:
 				if (seen_answer || config[CONFIG_XAUTH_INTERACTIVE]) {
-					char *pass, *prompt = NULL;
+					char *pass, *prompt = NULL, *ps;
 					struct isakmp_attribute *na;

-					asprintf(&prompt, "%s for VPN %s <at> %s: ",
-						(ap->type == ISAKMP_XAUTH_ATTRIB_ANSWER) ?
-						"Answer" :
-						(ap->type == ISAKMP_XAUTH_ATTRIB_USER_PASSWORD) ?
-						"Password" : "Passcode",
+					switch (ap->type) {
+					case ISAKMP_XAUTH_ATTRIB_ANSWER:
+						ps = "Answer";
+						break;
+					case ISAKMP_XAUTH_ATTRIB_USER_PASSWORD:
+						ps = "Password";
+						break;
+					case ISAKMP_XAUTH_ATTRIB_PASSCODE:
+						ps = "Passcode";
+						break;
+					case ISAKMP_XAUTH_ATTRIB_NEXT_PIN:
+						ps = "Next Pin";
+						break;
+					}
+					asprintf(&prompt, "%s for VPN %s <at> %s: ", ps,
 						config[CONFIG_XAUTH_USERNAME], ntop_buf);
 					pass = getpass(prompt);
 					free(prompt);
 <at>  <at>  -2208,6 +2221,8  <at>  <at> 
 	int do_load_balance;
 	const uint8_t hex_test[] = { 0, 1, 2, 3 };

+	setbuf(stdout, NULL);
+	setbuf(stderr, NULL);
 	test_pack_unpack();
 	gcry_check_version("1.1.90");
 	gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);

----- End forwarded message -----

Cheers
 Christian

--

-- 
Forschungszentrum Juelich       Central Institute For Electronics (ZEL)
Leo-Brandt-Strasse              52425 Juelich, Germany
Tel: +49-2461-61 2425           Fax: +49-2461-61 3990
Permalink | Reply |

Gmane