projects
/
freeradius.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c9871b8
)
remove auth check against User-Password, add autz warning
author
Matthew Newton
<mcn4@leicester.ac.uk>
Wed, 3 Oct 2012 00:14:44 +0000
(
01:14
+0100)
committer
Matthew Newton
<mcn4@leicester.ac.uk>
Wed, 3 Oct 2012 16:43:49 +0000
(17:43 +0100)
src/modules/rlm_pap/rlm_pap.c
patch
|
blob
|
history
diff --git
a/src/modules/rlm_pap/rlm_pap.c
b/src/modules/rlm_pap/rlm_pap.c
index
54bfa43
..
7828606
100644
(file)
--- a/
src/modules/rlm_pap/rlm_pap.c
+++ b/
src/modules/rlm_pap/rlm_pap.c
@@
-260,16
+260,12
@@
static int pap_authorize(void *instance, REQUEST *request)
switch (vp->attribute) {
case PW_USER_PASSWORD: /* deprecated */
switch (vp->attribute) {
case PW_USER_PASSWORD: /* deprecated */
- found_pw = TRUE;
-
- /*
- * Look for '{foo}', and use them
- */
- if (!inst->auto_header ||
- (vp->vp_strvalue[0] != '{')) {
- break;
- }
- /* FALL-THROUGH */
+ RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
+ RDEBUG("!!! Please update your configuration so that the \"known !!!");
+ RDEBUG("!!! good\" clear text password is in Cleartext-Password, !!!");
+ RDEBUG("!!! and NOT in User-Password. !!!");
+ RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
+ break;
case PW_PASSWORD_WITH_HEADER: /* preferred */
{
case PW_PASSWORD_WITH_HEADER: /* preferred */
{
@@
-290,8
+286,7
@@
static int pap_authorize(void *instance, REQUEST *request)
* Password already exists: use
* that instead of this one.
*/
* Password already exists: use
* that instead of this one.
*/
- if (pairfind(request->config_items, PW_USER_PASSWORD, 0) ||
- pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) {
+ if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) {
RDEBUG("Config already contains \"known good\" password. Ignoring Password-With-Header");
break;
}
RDEBUG("Config already contains \"known good\" password. Ignoring Password-With-Header");
break;
}
@@
-336,14
+331,6
@@
static int pap_authorize(void *instance, REQUEST *request)
new_vp->length = vp->length;
new_vp->length -= (p - q + 1);
memcpy(new_vp->vp_strvalue, p + 1, new_vp->length);
new_vp->length = vp->length;
new_vp->length -= (p - q + 1);
memcpy(new_vp->vp_strvalue, p + 1, new_vp->length);
-
- /*
- * May be old-style User-Password with header.
- * We've found the header & created the proper
- * attribute, so we should delete the old
- * User-Password here.
- */
- pairdelete(&request->config_items, PW_USER_PASSWORD, 0);
}
break;
}
break;
@@
-501,8
+488,7
@@
static int pap_authenticate(void *instance, REQUEST *request)
*/
for (vp = request->config_items; vp != NULL; vp = vp->next) {
switch (vp->attribute) {
*/
for (vp = request->config_items; vp != NULL; vp = vp->next) {
switch (vp->attribute) {
- case PW_USER_PASSWORD: /* deprecated */
- case PW_CLEARTEXT_PASSWORD: /* preferred */
+ case PW_CLEARTEXT_PASSWORD:
auth_func = &pap_auth_clear;
break;
auth_func = &pap_auth_clear;
break;
@@
-579,14
+565,6
@@
static int pap_authenticate(void *instance, REQUEST *request)
static int pap_auth_clear(REQUEST *request, VALUE_PAIR *vp, char *fmsg)
{
static int pap_auth_clear(REQUEST *request, VALUE_PAIR *vp, char *fmsg)
{
- if (vp->attribute == PW_USER_PASSWORD) {
- RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- RDEBUG("!!! Please update your configuration so that the \"known !!!");
- RDEBUG("!!! good\" clear text password is in Cleartext-Password, !!!");
- RDEBUG("!!! and NOT in User-Password. !!!");
- RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- }
-
RDEBUG("Using clear text password \"%s\"", vp->vp_strvalue);
if ((vp->length != request->password->length) ||
RDEBUG("Using clear text password \"%s\"", vp->vp_strvalue);
if ((vp->length != request->password->length) ||