Corrected typo in debugging message

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 355ec00..c0de84e 100644 (file)
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -40,7 +40,8 @@
 #define PAP_ENC_CRYPT          1
 #define PAP_ENC_MD5            2
 #define PAP_ENC_SHA1           3
-#define PAP_MAX_ENC            3
+#define PAP_ENC_NT             4
+#define PAP_MAX_ENC            4
 
 #define PAP_INST_FREE(inst) \
        free((char *)inst->scheme); \
@@ -130,6 +131,8 @@ static int pap_instantiate(CONF_SECTION *conf, void **instance)
                inst->sch = PAP_ENC_MD5;
        else if (strcasecmp(inst->scheme,"sha1") == 0)
                inst->sch = PAP_ENC_SHA1;
+       else if (strcasecmp(inst->scheme,"nt") == 0)
+               inst->sch = PAP_ENC_NT;
        else{
                radlog(L_ERR, "rlm_pap: Wrong password scheme passed");
                PAP_INST_FREE(inst);
@@ -154,7 +157,7 @@ static int pap_authenticate(void *instance, REQUEST *request)
        char module_fmsg[MAX_STRING_LEN];
        MD5_CTX md5_context;
        SHA1_CTX sha1_context;
-       char digest[20];
+       unsigned char digest[20];
        char buff[MAX_STRING_LEN];
        rlm_pap_t *inst = (rlm_pap_t *) instance;
 
@@ -190,7 +193,7 @@ static int pap_authenticate(void *instance, REQUEST *request)
        if ((((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL) &&
                ((passwd_item = pairfind(request->config_items, PW_CRYPT_PASSWORD)) == NULL)) ||
            (passwd_item->length == 0) || (passwd_item->strvalue[0] == 0)) {
-               DEBUG("rlm_pap: No password (or empty password) to check against for for user %s",request->username->strvalue);
+               DEBUG("rlm_pap: No password (or empty password) to check against for user %s",request->username->strvalue);
                snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available");
                module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
                pairadd(&request->packet->vps, module_fmsg_vp);
@@ -286,6 +289,44 @@ static int pap_authenticate(void *instance, REQUEST *request)
                                return RLM_MODULE_REJECT;
                        }
                        break;
+               case PAP_ENC_NT:
+                       DEBUG("rlm_pap: Using NT HASH encryption.");
+
+                       if (passwd_item->length != 32) {
+                               DEBUG("rlm_pap: Configured NT password has incorrect length");
+                               snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NT password has incorrect length");
+                               module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
+                               pairadd(&request->packet->vps, module_fmsg_vp);
+                               return RLM_MODULE_REJECT;
+                       } else {
+                               char szUnicodePass[513];
+                               int nPasswordLen;
+                               int i;
+                               
+                               /*
+                                *      NT passwords are unicode.  Convert plain text password
+                                *      to unicode by inserting a zero every other byte
+                                */
+                               nPasswordLen = strlen(request->password->strvalue);
+                               for (i = 0; i < nPasswordLen; i++) {
+                                       szUnicodePass[i << 1] = request->password->strvalue[i];
+                                       szUnicodePass[(i << 1) + 1] = 0;
+                               }
+                               
+                               /* Encrypt Unicode password to a 16-byte MD4 hash */
+                               md4_calc(digest, szUnicodePass, (nPasswordLen<<1) );
+                               
+                               pap_hexify(buff,digest,16);
+                               buff[32] = '\0';
+                       }
+                       if (strcmp((char *)passwd_item->strvalue, buff) != 0){
+                               DEBUG("rlm_pap: Passwords don't match");
+                               snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT HASH password check failed");
+                               module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
+                               pairadd(&request->packet->vps, module_fmsg_vp);
+                               return RLM_MODULE_REJECT;
+                       }
+                       break;
        }
 
        DEBUG("rlm_pap: User authenticated succesfully");