Re: [SOLVED] CHAP Modification

Alan DeKok-4 wrote:
>
> ChristosH wrote:
>> It's a VALUE_PAIR type, so could I check and modify the password->length
>> and
>> password->strvalue in that function?
>
> Huh? Why? Do it elsewhere.
>

Well, that's part of my issue; where's the best place to check the password
and convert it to binary when needed.

In the rlm_chap.C file I also notice that there's the code:

DEBUG(" rlm_chap: Using clear text password \"%s\" for user %s
authentication.",
passwd_item->strvalue, request->username->strvalue);


rad_chap_encode(request->packet,pass_str,request->password->strvalue[0],passwd_item);

if (memcmp(pass_str+1,request->password->strvalue+1,CHAP_VALUE_LENGTH) !=
0){
DEBUG(" rlm_chap: Password check failed");
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap : Wrong user password");
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}

Could I also modify the password there? I'm just trying to find the easiest
way to check if the password should be read as a string or binary and then
parse it properly BEFORE it is CHAP encoded because I can't change the
hardware.
> Also, is there a C function included in the libraries that will allow me
> to
> convert a hex string to binary? I'm worried I might get stuck in ASCII ->
> HEX -> BINARY conversions.

Yes. see "bin2hex" and "hex2bin". See also rlm_pap in 1.1.4, which
does a lot of this kind of normalization already.

Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
View this message in context: http://www.nabble.com/CHAP-Modificat....html#a9207275
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html