} else if (reply->attribute == PW_CHAP_PASSWORD) {
rad_chap_encode(packet, reply->strvalue, packet->id,
reply);
- reply->length = 1 + AUTH_VECTOR_LEN;
+ reply->length = 1 + CHAP_VALUE_LENGTH;
}
}
/*
* Encode a CHAP password
+ *
+ * FIXME: might not work with Ascend because
+ * we use vp->length, and Ascend gear likes
+ * to send an extra '\0' in the string!
*/
int rad_chap_encode(RADIUS_PACKET *packet, char *output, int id, VALUE_PAIR *password)
{
return -1;
}
+ /*
+ * Note that the password VP can be EITHER
+ * a Password attribute (from a check-item list),
+ * or a CHAP-Password attribute (the client asking
+ * the library to encode it).
+ */
+
i = 0;
ptr = string;
*ptr++ = id;
* CHAP - calculate MD5 sum over CHAP-ID,
* plain-text password and the Chap-Challenge.
* Compare to Chap-Response (strvalue + 1).
- *
- * FIXME: might not work with Ascend because
- * we use vp->length, and Ascend gear likes
- * to send an extra '\0' in the string!
*/
if (password_pair == NULL) {
result= -1;
break;
}
- i = 0;
- ptr = string;
- *ptr++ = *auth_item->strvalue;
- i++;
- memcpy(ptr, password_pair->strvalue,
- password_pair->length);
- ptr += password_pair->length;
- i += password_pair->length;
- /*
- * Use Chap-Challenge pair if present,
- * Request-Authenticator otherwise.
- */
- if ((tmp = pairfind(request->packet->vps,
- PW_CHAP_CHALLENGE)) != NULL) {
- memcpy(ptr, tmp->strvalue, tmp->length);
- i += tmp->length;
- } else {
- memcpy(ptr, request->packet->vector,
- AUTH_VECTOR_LEN);
- i += AUTH_VECTOR_LEN;
- }
- librad_md5_calc(chap_digest, string, i);
+ rad_chap_encode(request->packet, string,
+ *auth_item->strvalue, password_pair);
/*
* Compare them
*/
- if (memcmp(chap_digest, auth_item->strvalue + 1,
+ if (memcmp(string + 1, auth_item->strvalue + 1,
CHAP_VALUE_LENGTH) != 0)
result = -1;
break;