Re: CHAP Modification

Alan DeKok-4 wrote:

ChristosH wrote:
> It's a VALUE_PAIR type, so could I check and modify the password->length and
> password->strvalue in that function?

  Huh?  Why?  Do it elsewhere.

Well, that's part of my issue; where's the best place to check the password and convert it to binary when needed.

In the rlm_chap.C file I also notice that there's the code:

        DEBUG("  rlm_chap: Using clear text password \"%s\" for user %s authentication.",
              passwd_item->strvalue, request->username->strvalue);

        rad_chap_encode(request->packet,pass_str,request->password->strvalue[0],passwd_item);

        if (memcmp(pass_str+1,request->password->strvalue+1,CHAP_VALUE_LENGTH) != 0){
                DEBUG("  rlm_chap: Password check failed");
                snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Wrong user password");
                module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
                pairadd(&request->packet->vps, module_fmsg_vp);
                return RLM_MODULE_REJECT;
        }

Could I also modify the password there? I'm just trying to find the easiest way to check if the password should be read as a string or binary and then parse it properly BEFORE it is CHAP encoded because I can't change the hardware.
> Also, is there a C function included in the libraries that will allow me to
> convert a hex string to binary? I'm worried I might get stuck in ASCII ->
> HEX -> BINARY conversions.

  Yes.  see "bin2hex" and "hex2bin".  See also rlm_pap in 1.1.4, which
does a lot of this kind of normalization already.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html