/*
* We require access to the plain-text password.
*/
- passwd = pairfind(request->config_items, PW_PASSWORD);
- if (!passwd) passwd = pairfind(request->config_items, PW_DIGEST_HA1);
+ passwd = pairfind(request->config_items, PW_DIGEST_HA1);
+ if (passwd) {
+ if (passwd->length != 32) {
+ radlog(L_AUTH, "rlm_digest: Digest-HA1 has invalid length, authentication failed.");
+ return RLM_MODULE_INVALID;
+ }
+ } else {
+ passwd = pairfind(request->config_items, PW_PASSWORD);
+ }
if (!passwd) {
radlog(L_AUTH, "rlm_digest: Configuration item \"User-Password\" or \"Digest-HA1\" is required for authentication.");
return RLM_MODULE_INVALID;
/*
* Set A1 to Digest-HA1 if no User-Password found
*/
- if (passwd->attribute != PW_USER_PASSWORD) {
- memcpy(&a1[0], passwd->vp_octets, 16);
+ if (passwd->attribute == PW_DIGEST_HA1) {
+ lrad_hex2bin(passwd->vp_strvalue, &a1[0], 16);
}
} else if (strcasecmp(algo->vp_strvalue, "MD5-sess") == 0) {
if (passwd->attribute == PW_USER_PASSWORD) {
librad_md5_calc(hash, &a1[0], a1_len);
lrad_bin2hex(hash, &a1[0], 16);
- } else {
- lrad_bin2hex(passwd->vp_octets, &a1[0], 16);
+ } else { /* MUST be Digest-HA1 */
+ memcpy(&a1[0], passwd->vp_strvalue, 32);
}
a1_len = 32;
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+#
+# 3.3
+#
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "89eb0059246c02b2f6ee02c7961d5ea3",
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-User-Name = "bob",
+Digest-QOP = "auth",
+Digest-Algorithm = "MD5",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+
+
+
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+##
+# 3.4
+#
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "e4e4ea61d186d07a92c9e1f6919902e9",
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-User-Name = "bob",
+Digest-QOP = "auth",
+Digest-Algorithm = "MD5-Sess",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+
+
+
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+#
+# 3.2
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "89eb0059246c02b2f6ee02c7961d5ea3",
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-User-Name = "bob",
+Digest-QOP = "auth",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+
+
+
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+#
+# 3.5.2
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "bdbeebb2da6adb6bca02599c2239e192"
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-Algorithm = "MD5",
+Digest-User-Name = "bob",
+Digest-QOP = "auth-int",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48",
+
+
+
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+##
+# 3.6
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "91984da2d8663716e91554859c22ca70",
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-User-Name = "bob",
+Digest-QOP = "auth-int",
+Digest-Algorithm = "MD5-Sess",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48",
+
+
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+#
+# 3.5.2
+#
+# In the "users" file:
+# bob User-Password := "zanzibar"
+# Or bob Digest-HA1 := "12af60467a33e8518da5c68bbff12b11"
+#
+User-Name = "bob",
+Digest-Response = "bdbeebb2da6adb6bca02599c2239e192"
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-User-Name = "bob",
+Digest-QOP = "auth-int",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48",
+
+
+