4
* Version: $Id: rlm_pap.c,v 1.15 2004/02/29 13:52:50 kkalev Exp $
4
* Version: $Id: rlm_pap.c,v 1.15.2.2.2.1 2006/08/22 20:19:22 aland Exp $
6
6
* This program is free software; you can redistribute it and/or modify
7
7
* it under the terms of the GNU General Public License as published by
40
40
#define PAP_ENC_CRYPT 1
41
41
#define PAP_ENC_MD5 2
42
42
#define PAP_ENC_SHA1 3
45
46
#define PAP_INST_FREE(inst) \
46
47
free((char *)inst->scheme); \
49
static const char rcsid[] = "$Id: rlm_pap.c,v 1.15 2004/02/29 13:52:50 kkalev Exp $";
50
static const char rcsid[] = "$Id: rlm_pap.c,v 1.15.2.2.2.1 2006/08/22 20:19:22 aland Exp $";
52
53
* Define a structure for our module configuration.
130
131
inst->sch = PAP_ENC_MD5;
131
132
else if (strcasecmp(inst->scheme,"sha1") == 0)
132
133
inst->sch = PAP_ENC_SHA1;
134
else if (strcasecmp(inst->scheme,"nt") == 0)
135
inst->sch = PAP_ENC_NT;
134
137
radlog(L_ERR, "rlm_pap: Wrong password scheme passed");
135
138
PAP_INST_FREE(inst);
190
193
if ((((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL) &&
191
194
((passwd_item = pairfind(request->config_items, PW_CRYPT_PASSWORD)) == NULL)) ||
192
195
(passwd_item->length == 0) || (passwd_item->strvalue[0] == 0)) {
193
DEBUG("rlm_pap: No password (or empty password) to check against for for user %s",request->username->strvalue);
196
DEBUG("rlm_pap: No password (or empty password) to check against for user %s",request->username->strvalue);
194
197
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available");
195
198
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
196
199
pairadd(&request->packet->vps, module_fmsg_vp);
286
289
return RLM_MODULE_REJECT;
293
DEBUG("rlm_pap: Using NT HASH encryption.");
295
if (passwd_item->length != 32) {
296
DEBUG("rlm_pap: Configured NT password has incorrect length");
297
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NT password has incorrect length");
298
module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
299
pairadd(&request->packet->vps, module_fmsg_vp);
300
return RLM_MODULE_REJECT;
302
char szUnicodePass[513];
307
* NT passwords are unicode. Convert plain text password
308
* to unicode by inserting a zero every other byte
310
nPasswordLen = strlen(request->password->strvalue);
311
for (i = 0; i < nPasswordLen; i++) {
312
szUnicodePass[i << 1] = request->password->strvalue[i];
313
szUnicodePass[(i << 1) + 1] = 0;
316
/* Encrypt Unicode password to a 16-byte MD4 hash */
317
md4_calc(digest, szUnicodePass, (nPasswordLen<<1) );
319
pap_hexify(buff,digest,16);
322
if (strcmp((char *)passwd_item->strvalue, buff) != 0){
323
DEBUG("rlm_pap: Passwords don't match");
324
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT HASH password check failed");
325
module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
326
pairadd(&request->packet->vps, module_fmsg_vp);
327
return RLM_MODULE_REJECT;
291
332
DEBUG("rlm_pap: User authenticated succesfully");