28
28
#include <freeradius-devel/ident.h>
29
RCSID("$Id: rlm_chap.c,v 1.21 2007/11/11 22:02:02 aland Exp $")
31
31
#include <freeradius-devel/radiusd.h>
32
32
#include <freeradius-devel/modules.h>
45
45
if (pairfind(request->config_items, PW_AUTHTYPE) != NULL) {
46
DEBUG2(" rlm_chap: WARNING: Auth-Type already set. Not setting to CHAP");
46
RDEBUG2("WARNING: Auth-Type already set. Not setting to CHAP");
47
47
return RLM_MODULE_NOOP;
50
DEBUG(" rlm_chap: Setting 'Auth-Type := CHAP'");
50
RDEBUG("Setting 'Auth-Type := CHAP'");
51
51
pairadd(&request->config_items,
52
52
pairmake("Auth-Type", "CHAP", T_OP_EQ));
53
53
return RLM_MODULE_OK;
74
74
if (!request->username) {
75
radlog(L_AUTH, "rlm_chap: Attribute \"User-Name\" is required for authentication.\n");
75
radlog_request(L_AUTH, 0, request, "rlm_chap: Attribute \"User-Name\" is required for authentication.\n");
76
76
return RLM_MODULE_INVALID;
79
79
chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD);
81
radlog(L_AUTH, "rlm_chap: Attribute \"CHAP-Password\" is required for authentication.");
81
radlog_request(L_AUTH, 0, request, "rlm_chap: Attribute \"CHAP-Password\" is required for authentication.");
82
82
return RLM_MODULE_INVALID;
85
85
if (chap->length == 0) {
86
radlog(L_ERR, "rlm_chap: empty password supplied");
86
radlog_request(L_ERR, 0, request, "rlm_chap: empty password supplied");
87
87
return RLM_MODULE_INVALID;
90
90
if (chap->length != CHAP_VALUE_LENGTH + 1) {
91
radlog(L_ERR, "rlm_chap: password supplied has wrong length");
91
radlog_request(L_ERR, 0, request, "rlm_chap: password supplied has wrong length");
92
92
return RLM_MODULE_INVALID;
96
96
* Don't print out the CHAP password here. It's binary crap.
98
DEBUG(" rlm_chap: login attempt by \"%s\" with CHAP password",
98
RDEBUG("login attempt by \"%s\" with CHAP password",
99
99
request->username->vp_strvalue);
101
101
if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD)) == NULL){
102
DEBUG(" rlm_chap: Cleartext-Password is required for authentication");
102
RDEBUG("Cleartext-Password is required for authentication");
103
103
snprintf(module_fmsg, sizeof(module_fmsg),
104
104
"rlm_chap: Clear text password not available");
105
105
module_fmsg_vp = pairmake("Module-Failure-Message",
108
108
return RLM_MODULE_INVALID;
111
DEBUG(" rlm_chap: Using clear text password \"%s\" for user %s authentication.",
111
RDEBUG("Using clear text password \"%s\" for user %s authentication.",
112
112
passwd_item->vp_strvalue, request->username->vp_strvalue);
114
114
rad_chap_encode(request->packet,pass_str,
117
117
if (memcmp(pass_str + 1, chap->vp_octets + 1,
118
118
CHAP_VALUE_LENGTH) != 0){
119
DEBUG(" rlm_chap: Password check failed");
119
RDEBUG("Password check failed");
120
120
snprintf(module_fmsg, sizeof(module_fmsg),
121
121
"rlm_chap: Wrong user password");
122
122
module_fmsg_vp = pairmake("Module-Failure-Message",
125
125
return RLM_MODULE_REJECT;
128
DEBUG(" rlm_chap: chap user %s authenticated succesfully",
128
RDEBUG("chap user %s authenticated succesfully",
129
129
request->username->vp_strvalue);
131
131
return RLM_MODULE_OK;