← Back to branch summary

~ubuntu-branches/ubuntu/hardy/freeradius/hardy-proposed

« back to all changes in this revision

Viewing changes to src/modules/rlm_pap/rlm_pap.c

  • Committer: Bazaar Package Importer
  • Author(s): Mark Hymers
  • Date: 2006-12-16 20:45:11 UTC
  • mfrom: (3.1.10 feisty)
  • Revision ID: james.westby@ubuntu.com-20061216204511-3pbbsu4s8jtehsor
Tags: 1.1.3-3
http://bugs.debian.org/403384
Fix POSIX compliance problem in init script.  Closes: #403384. 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/modules/rlm_pap/rlm_pap.c
1
1
/*
2
2
 * rlm_pap.c
3
3
 *
4
 
 * Version:  $Id: rlm_pap.c,v 1.15 2004/02/29 13:52:50 kkalev Exp $
 
4
 * Version:  $Id: rlm_pap.c,v 1.15.2.2.2.1 2006/08/22 20:19:22 aland Exp $
5
5
 *
6
6
 *   This program is free software; you can redistribute it and/or modify
7
7
 *   it under the terms of the GNU General Public License as published by
40
40
#define PAP_ENC_CRYPT           1
41
41
#define PAP_ENC_MD5             2
42
42
#define PAP_ENC_SHA1            3
43
 
#define PAP_MAX_ENC             3
 
43
#define PAP_ENC_NT              4
 
44
#define PAP_MAX_ENC             4
44
45
 
45
46
#define PAP_INST_FREE(inst) \
46
47
        free((char *)inst->scheme); \
47
48
        free(inst)
48
49
 
49
 
static const char rcsid[] = "$Id: rlm_pap.c,v 1.15 2004/02/29 13:52:50 kkalev Exp $";
 
50
static const char rcsid[] = "$Id: rlm_pap.c,v 1.15.2.2.2.1 2006/08/22 20:19:22 aland Exp $";
50
51
 
51
52
/*
52
53
 *      Define a structure for our module configuration.
130
131
                inst->sch = PAP_ENC_MD5;
131
132
        else if (strcasecmp(inst->scheme,"sha1") == 0)
132
133
                inst->sch = PAP_ENC_SHA1;
 
134
        else if (strcasecmp(inst->scheme,"nt") == 0)
 
135
                inst->sch = PAP_ENC_NT;
133
136
        else{
134
137
                radlog(L_ERR, "rlm_pap: Wrong password scheme passed");
135
138
                PAP_INST_FREE(inst);
154
157
        char module_fmsg[MAX_STRING_LEN];
155
158
        MD5_CTX md5_context;
156
159
        SHA1_CTX sha1_context;
157
 
        char digest[20];
 
160
        unsigned char digest[20];
158
161
        char buff[MAX_STRING_LEN];
159
162
        rlm_pap_t *inst = (rlm_pap_t *) instance;
160
163
 
190
193
        if ((((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL) &&
191
194
                ((passwd_item = pairfind(request->config_items, PW_CRYPT_PASSWORD)) == NULL)) ||
192
195
            (passwd_item->length == 0) || (passwd_item->strvalue[0] == 0)) {
193
 
                DEBUG("rlm_pap: No password (or empty password) to check against for for user %s",request->username->strvalue);
 
196
                DEBUG("rlm_pap: No password (or empty password) to check against for user %s",request->username->strvalue);
194
197
                snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available");
195
198
                module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
196
199
                pairadd(&request->packet->vps, module_fmsg_vp);
286
289
                                return RLM_MODULE_REJECT;
287
290
                        }
288
291
                        break;
 
292
                case PAP_ENC_NT:
 
293
                        DEBUG("rlm_pap: Using NT HASH encryption.");
 
294
 
 
295
                        if (passwd_item->length != 32) {
 
296
                                DEBUG("rlm_pap: Configured NT password has incorrect length");
 
297
                                snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NT password has incorrect length");
 
298
                                module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
 
299
                                pairadd(&request->packet->vps, module_fmsg_vp);
 
300
                                return RLM_MODULE_REJECT;
 
301
                        } else {
 
302
                                char szUnicodePass[513];
 
303
                                int nPasswordLen;
 
304
                                int i;
 
305
                                
 
306
                                /*
 
307
                                 *      NT passwords are unicode.  Convert plain text password
 
308
                                 *      to unicode by inserting a zero every other byte
 
309
                                 */
 
310
                                nPasswordLen = strlen(request->password->strvalue);
 
311
                                for (i = 0; i < nPasswordLen; i++) {
 
312
                                        szUnicodePass[i << 1] = request->password->strvalue[i];
 
313
                                        szUnicodePass[(i << 1) + 1] = 0;
 
314
                                }
 
315
                                
 
316
                                /* Encrypt Unicode password to a 16-byte MD4 hash */
 
317
                                md4_calc(digest, szUnicodePass, (nPasswordLen<<1) );
 
318
                                
 
319
                                pap_hexify(buff,digest,16);
 
320
                                buff[32] = '\0';
 
321
                        }
 
322
                        if (strcmp((char *)passwd_item->strvalue, buff) != 0){
 
323
                                DEBUG("rlm_pap: Passwords don't match");
 
324
                                snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT HASH password check failed");
 
325
                                module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
 
326
                                pairadd(&request->packet->vps, module_fmsg_vp);
 
327
                                return RLM_MODULE_REJECT;
 
328
                        }
 
329
                        break;
289
330
        }
290
331
 
291
332
        DEBUG("rlm_pap: User authenticated succesfully");