From aea197e5a35aa47df06c02986ebf698d39527472 Mon Sep 17 00:00:00 2001 From: Oskar Berggren Date: Sat, 9 Apr 2016 20:18:15 +0200 Subject: [PATCH 1/3] RDSHandler.vb, tokenform.aspx.cs: Internal spelling fixes. --- server/handlers/RDSHandler.vb | 28 ++++++++++++------------- web/RDWeb/Pages/en-US/tokenform.aspx.cs | 8 +++---- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/server/handlers/RDSHandler.vb b/server/handlers/RDSHandler.vb index 0010f51..49e9efe 100644 --- a/server/handlers/RDSHandler.vb +++ b/server/handlers/RDSHandler.vb @@ -10,7 +10,7 @@ Public Class RDSHandler Private Shared userSessions As New Hashtable Private Shared sessionTimestamps As New Hashtable - Private Shared encryptedChallangeResults As New Hashtable + Private Shared encryptedChallengeResults As New Hashtable Private Shared userLaunchTimestamps As New Hashtable Private mPacket As RADIUSPacket @@ -175,7 +175,7 @@ Public Class RDSHandler Public Sub ProcessAccessRequest() Dim hasState = mPacket.Attributes.AttributeExists(RadiusAttributeType.State) If hasState Then - ' An Access-Request with a state is pr. definition a challange response. + ' An Access-Request with a state is pr. definition a challenge response. ProcessChallengeResponse() Exit Sub End If @@ -212,48 +212,48 @@ Public Class RDSHandler Private Sub ProcessChallengeResponse() Dim authToken = mPacket.Attributes.GetFirstAttribute(RadiusAttributeType.State).ToString If Not authToken = authTokens(mUsername) Then - Throw New Exception("User is trying to respond to challange without valid auth token") + Throw New Exception("User is trying to respond to challenge without valid auth token") End If - ' When the packet is an Challange-Response the password attr. contains the encrypted result + ' When the packet is an Challenge-Response the password attr. contains the encrypted result Dim userEncryptedResult = mPassword - Dim localEncryptedResult = encryptedChallangeResults(mUsername) + Dim localEncryptedResult = encryptedChallengeResults(mUsername) If localEncryptedResult = userEncryptedResult Then RDSFactor.LogDebug(mPacket, "ChallengeResponse Success") - encryptedChallangeResults.Remove(mUsername) + encryptedChallengeResults.Remove(mUsername) authTokens.Remove(mUsername) Accept() Else - RDSFactor.LogDebug(mPacket, "Wrong challange code!") + RDSFactor.LogDebug(mPacket, "Wrong challenge code!") mPacket.RejectAccessRequest() End If End Sub Private Sub TwoFactorChallenge(ldapResult As SearchResult) - Dim challangeCode = RDSFactor.GenerateCode + Dim challengeCode = RDSFactor.GenerateCode Dim authToken = System.Guid.NewGuid.ToString Dim clientIP = mPacket.EndPoint.Address.ToString Dim sharedSecret = RDSFactor.secrets(clientIP) - RDSFactor.LogDebug(mPacket, "Access Challange Code: " & challangeCode) + RDSFactor.LogDebug(mPacket, "Access Challenge Code: " & challengeCode) If sharedSecret = Nothing Then Throw New Exception("No shared secret for client:" & clientIP) End If authTokens(mUsername) = authToken - Dim encryptedChallangeResult = Crypto.SHA256(mUsername & challangeCode & sharedSecret) - encryptedChallangeResults(mUsername) = encryptedChallangeResult + Dim encryptedChallengeResult = Crypto.SHA256(mUsername & challengeCode & sharedSecret) + encryptedChallengeResults(mUsername) = encryptedChallengeResult If mUseSMSFactor Then Dim mobile = LdapGetNumber(ldapResult) - RDSFactor.SendSMS(mobile, challangeCode) + RDSFactor.SendSMS(mobile, challengeCode) End If If mUseEmailFactor Then Dim email = LdapGetEmail(ldapResult) - RDSFactor.SendEmail(email, challangeCode) + RDSFactor.SendEmail(email, challengeCode) End If Dim attributes As New RADIUSAttributes @@ -333,7 +333,7 @@ Public Class RDSHandler userSessions.Remove(username) sessionTimestamps.Remove(username) userLaunchTimestamps.Remove(username) - encryptedChallangeResults.Remove(username) + encryptedChallengeResults.Remove(username) authTokens.Remove(username) End If Next diff --git a/web/RDWeb/Pages/en-US/tokenform.aspx.cs b/web/RDWeb/Pages/en-US/tokenform.aspx.cs index 6a81b5f..60cac1f 100644 --- a/web/RDWeb/Pages/en-US/tokenform.aspx.cs +++ b/web/RDWeb/Pages/en-US/tokenform.aspx.cs @@ -45,8 +45,8 @@ public partial class SMSToken : System.Web.UI.Page atts.Add(state); - String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret); - RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts); + String encryptedChallengeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret); + RADIUSPacket response = client.Authenticate(username, encryptedChallengeResult, atts); onRadiusResponse(response); } @@ -57,7 +57,7 @@ public partial class SMSToken : System.Web.UI.Page void onRadiusResponse(RADIUSPacket response) { if (response.Code == RadiusPacketCode.AccessChallenge) { - onRadiusChallange(response); + onRadiusChallenge(response); } else if (response.Code == RadiusPacketCode.AccessAccept) { onRadiusAccept(response); @@ -84,7 +84,7 @@ public partial class SMSToken : System.Web.UI.Page logoff(); } - void onRadiusChallange(RADIUSPacket response){ + void onRadiusChallenge(RADIUSPacket response){ RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State); Session["State"] = state; } From d4af4d6f6ab3e79ea3456175f92459d9fb5b4e1a Mon Sep 17 00:00:00 2001 From: Oskar Berggren Date: Sat, 9 Apr 2016 20:47:37 +0200 Subject: [PATCH 2/3] server/RDSFactor.vb: Spelling/grammar fix. --- server/RDSFactor.vb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/RDSFactor.vb b/server/RDSFactor.vb index 8ac1004..6f939cb 100644 --- a/server/RDSFactor.vb +++ b/server/RDSFactor.vb @@ -253,7 +253,7 @@ Public Class RDSFactor mail.To.Add(email) mail.From = New MailAddress(SenderEmail) mail.Subject = "Token: " & passcode - mail.Body = "Subject contains the token code to login to you site" + mail.Body = "Subject contains the token code to login to the site" mail.IsBodyHtml = False Dim smtp As New SmtpClient(MailServer) @@ -261,7 +261,7 @@ Public Class RDSFactor Try smtp.Send(mail) If DEBUG = True Then - LogDebug(Now & ": Mail send to: " & email) + LogDebug(Now & ": Mail sent to: " & email) End If Return "SEND" Catch e As InvalidCastException From a7d447029e98f0ee30016b076990ba5ec1e37173 Mon Sep 17 00:00:00 2001 From: Oskar Berggren Date: Sat, 9 Apr 2016 21:18:22 +0200 Subject: [PATCH 3/3] RDSHandler.vb: Minor spelling. --- server/handlers/RDSHandler.vb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/handlers/RDSHandler.vb b/server/handlers/RDSHandler.vb index 49e9efe..73dd438 100644 --- a/server/handlers/RDSHandler.vb +++ b/server/handlers/RDSHandler.vb @@ -149,7 +149,7 @@ Public Class RDSHandler Dim attributes As New RADIUSAttributes If sessionId = Nothing Or launchTimestamp = Nothing Then - RDSFactor.LogDebug(mPacket, "User's has no launch window. User must re-authenticate") + RDSFactor.LogDebug(mPacket, "User has no launch window. User must re-authenticate") mPacket.RejectAccessRequest() Exit Sub End If