From 122aea06277ca4ec6cc4fca25612de3e142b9162 Mon Sep 17 00:00:00 2001 From: aland Date: Wed, 8 Feb 2006 22:54:24 +0000 Subject: [PATCH] Pull digest fix from CVS head --- share/dictionary.freeradius.internal | 2 +- src/include/radius.h | 17 ++++++++++++++++- src/modules/rlm_digest/rlm_digest.c | 10 ++++------ 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal index a211943..4e1df7e 100644 --- a/share/dictionary.freeradius.internal +++ b/share/dictionary.freeradius.internal @@ -107,7 +107,7 @@ ATTRIBUTE Module-Failure-Message 1076 string ATTRIBUTE Rewrite-Rule 1078 string ATTRIBUTE Sql-Group 1079 string ATTRIBUTE Response-Packet-Type 1080 integer -# 1081 unused +ATTRIBUTE Digest-HA1 1081 octets ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer ATTRIBUTE NTLM-User-Name 1083 string ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr diff --git a/src/include/radius.h b/src/include/radius.h index cf2e438..72020a3 100644 --- a/src/include/radius.h +++ b/src/include/radius.h @@ -111,6 +111,7 @@ #define PW_ARAP_CHALLENGE_RESPONSE 84 #define PW_NAS_PORT_ID_STRING 87 #define PW_FRAMED_POOL 88 +#define PW_NAS_IPV6_ADDRESS 95 #define PW_DIGEST_RESPONSE 206 #define PW_DIGEST_ATTRIBUTES 207 @@ -179,12 +180,26 @@ #define PW_LDAP_GROUP 1074 #define PW_MODULE_SUCCESS_MESSAGE 1075 #define PW_MODULE_FAILURE_MESSAGE 1076 +#if 0 /* no longer used */ #define PW_X99_FAST 1077 +#endif #define PW_REWRITE_RULE 1078 #define PW_SQL_GROUP 1079 #define PW_RESPONSE_PACKET_TYPE 1080 -#define PW_PACKET_DST_PORT 1081 +#define PW_DIGEST_HA1 1081 #define PW_MS_CHAP_USE_NTLM_AUTH 1082 +#define PW_PACKET_SRC_IP_ADDRESS 1084 +#define PW_PACKET_DST_IP_ADDRESS 1085 +#define PW_PACKET_SRC_PORT 1086 +#define PW_PACKET_DST_PORT 1087 +#define PW_PACKET_AUTHENTICATION_VECTOR 1088 +#define PW_TIME_OF_DAY 1089 + +#define PW_SHA_PASSWORD 1093 +#define PW_SSHA_PASSWORD 1094 +#define PW_MD5_PASSWORD 1095 +#define PW_SMD5_PASSWORD 1096 + /* * Integer Translations diff --git a/src/modules/rlm_digest/rlm_digest.c b/src/modules/rlm_digest/rlm_digest.c index d92f467..3024ca1 100644 --- a/src/modules/rlm_digest/rlm_digest.c +++ b/src/modules/rlm_digest/rlm_digest.c @@ -97,9 +97,7 @@ static int digest_authenticate(void *instance, REQUEST *request) * We require access to the plain-text password. */ passwd = pairfind(request->config_items, PW_PASSWORD); -#ifdef PW_MD5_PASSWORD - if (!passwd) passwd = pairfind(request->config_items, PW_MD5_PASSWORD); -#endif + if (!passwd) passwd = pairfind(request->config_items, PW_DIGEST_HA1); if (!passwd) { radlog(L_AUTH, "rlm_digest: Configuration item \"User-Password\" or MD5-Password is required for authentication."); return RLM_MODULE_INVALID; @@ -236,7 +234,7 @@ static int digest_authenticate(void *instance, REQUEST *request) DEBUG2("A1 = %s", a1); } else { a1[a1_len] = '\0'; - DEBUG2("A1 = %s (using MD5-Password)", a1); + DEBUG2("A1 = %s (using Digest-HA1)", a1); a1_len = 16; } @@ -248,7 +246,7 @@ static int digest_authenticate(void *instance, REQUEST *request) if ((algo == NULL) || (strcasecmp(algo->strvalue, "MD5") == 0)) { /* - * Set A1 to MD5-Password if no User-Password found + * Set A1 to Digest-HA1 if no User-Password found */ if (passwd->attribute != PW_USER_PASSWORD) { memcpy(&a1[0], passwd->strvalue, 16); @@ -258,7 +256,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * K1 = H(A1) : Digest-Nonce ... : H(A2) * - * If we find MD5-Password, we assume it contains + * If we find Digest-HA1, we assume it contains * H(A1). */ if (passwd->attribute == PW_USER_PASSWORD) { -- 2.1.4