}
if (request->password->length == 0) {
- radlog(L_ERR, "rlm_pap: empty password supplied");
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: empty password supplied");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_INVALID;
}
DEBUG("rlm_pap: login attempt by \"%s\" with password %s",
request->username->strvalue, request->password->strvalue);
- if (((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL) ||
+ if ((((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL) &&
+ ((passwd_item = pairfind(request->config_items, PW_CRYPT_PASSWORD)) == NULL)) ||
(passwd_item->length == 0) || (passwd_item->strvalue[0] == 0)) {
DEBUG("rlm_pap: No password (or empty password) to check against for for user %s",request->username->strvalue);
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available");
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_INVALID;
}
+ if (passwd_item->attribute == PW_CRYPT_PASSWORD){
+ if (inst->sch != PAP_ENC_CRYPT){
+ radlog(L_ERR, "rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT");
+ return RLM_MODULE_FAIL;
+ }
+ }
DEBUG("rlm_pap: Using password \"%s\" for user %s authentication.",
passwd_item->strvalue, request->username->strvalue);