From 125427e658ed4e2da30f6dee149514e98aea0aab Mon Sep 17 00:00:00 2001 From: aland Date: Mon, 30 Jun 2008 09:31:36 +0000 Subject: [PATCH] Use new RDEBUG macro --- src/modules/rlm_chap/rlm_chap.c | 22 +++--- src/modules/rlm_mschap/opendir.c | 2 +- src/modules/rlm_mschap/rlm_mschap.c | 132 ++++++++++++++++++------------------ src/modules/rlm_pap/rlm_pap.c | 84 +++++++++++------------ 4 files changed, 120 insertions(+), 120 deletions(-) diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index c69d503..73ea4db 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -43,11 +43,11 @@ static int chap_authorize(void *instance, REQUEST *request) } if (pairfind(request->config_items, PW_AUTHTYPE) != NULL) { - DEBUG2(" rlm_chap: WARNING: Auth-Type already set. Not setting to CHAP"); + RDEBUG2("WARNING: Auth-Type already set. Not setting to CHAP"); return RLM_MODULE_NOOP; } - DEBUG(" rlm_chap: Setting 'Auth-Type := CHAP'"); + RDEBUG("Setting 'Auth-Type := CHAP'"); pairadd(&request->config_items, pairmake("Auth-Type", "CHAP", T_OP_EQ)); return RLM_MODULE_OK; @@ -72,34 +72,34 @@ static int chap_authenticate(void *instance, REQUEST *request) request = request; if (!request->username) { - radlog(L_AUTH, "rlm_chap: Attribute \"User-Name\" is required for authentication.\n"); + radlog_request(L_AUTH, 0, request, "rlm_chap: Attribute \"User-Name\" is required for authentication.\n"); return RLM_MODULE_INVALID; } chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD); if (!chap) { - radlog(L_AUTH, "rlm_chap: Attribute \"CHAP-Password\" is required for authentication."); + radlog_request(L_AUTH, 0, request, "rlm_chap: Attribute \"CHAP-Password\" is required for authentication."); return RLM_MODULE_INVALID; } if (chap->length == 0) { - radlog(L_ERR, "rlm_chap: empty password supplied"); + radlog_request(L_ERR, 0, request, "rlm_chap: empty password supplied"); return RLM_MODULE_INVALID; } if (chap->length != CHAP_VALUE_LENGTH + 1) { - radlog(L_ERR, "rlm_chap: password supplied has wrong length"); + radlog_request(L_ERR, 0, request, "rlm_chap: password supplied has wrong length"); return RLM_MODULE_INVALID; } /* * Don't print out the CHAP password here. It's binary crap. */ - DEBUG(" rlm_chap: login attempt by \"%s\" with CHAP password", + RDEBUG("login attempt by \"%s\" with CHAP password", request->username->vp_strvalue); if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD)) == NULL){ - DEBUG(" rlm_chap: Cleartext-Password is required for authentication"); + RDEBUG("Cleartext-Password is required for authentication"); snprintf(module_fmsg, sizeof(module_fmsg), "rlm_chap: Clear text password not available"); module_fmsg_vp = pairmake("Module-Failure-Message", @@ -108,7 +108,7 @@ static int chap_authenticate(void *instance, REQUEST *request) return RLM_MODULE_INVALID; } - DEBUG(" rlm_chap: Using clear text password \"%s\" for user %s authentication.", + RDEBUG("Using clear text password \"%s\" for user %s authentication.", passwd_item->vp_strvalue, request->username->vp_strvalue); rad_chap_encode(request->packet,pass_str, @@ -116,7 +116,7 @@ static int chap_authenticate(void *instance, REQUEST *request) if (memcmp(pass_str + 1, chap->vp_octets + 1, CHAP_VALUE_LENGTH) != 0){ - DEBUG(" rlm_chap: Password check failed"); + RDEBUG("Password check failed"); snprintf(module_fmsg, sizeof(module_fmsg), "rlm_chap: Wrong user password"); module_fmsg_vp = pairmake("Module-Failure-Message", @@ -125,7 +125,7 @@ static int chap_authenticate(void *instance, REQUEST *request) return RLM_MODULE_REJECT; } - DEBUG(" rlm_chap: chap user %s authenticated succesfully", + RDEBUG("chap user %s authenticated succesfully", request->username->vp_strvalue); return RLM_MODULE_OK; diff --git a/src/modules/rlm_mschap/opendir.c b/src/modules/rlm_mschap/opendir.c index d451bf8..52345b2 100644 --- a/src/modules/rlm_mschap/opendir.c +++ b/src/modules/rlm_mschap/opendir.c @@ -351,7 +351,7 @@ int od_mschap_auth(REQUEST *request, VALUE_PAIR *challenge, mschap_reply[0] = 'S'; mschap_reply[1] = '='; memcpy(&(mschap_reply[2]), &(pStepBuff->fBufferData[4]), len); - mschap_add_reply(&request->reply->vps, + mschap_add_reply(request, &request->reply->vps, *response->vp_strvalue, "MS-CHAP2-Success", mschap_reply, len+2); diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index 9b51da2..cf879b4 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -300,7 +300,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, chap_challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE); if (!chap_challenge) { - DEBUG2(" rlm_mschap: No MS-CHAP-Challenge in the request."); + RDEBUG2("No MS-CHAP-Challenge in the request."); return 0; } @@ -309,7 +309,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * for MS-CHAPv2 */ if (chap_challenge->length == 8) { - DEBUG2(" mschap1: %02x", + RDEBUG2(" mschap1: %02x", chap_challenge->vp_octets[0]); data = chap_challenge->vp_octets; data_len = 8; @@ -321,11 +321,11 @@ static size_t mschap_xlat(void *instance, REQUEST *request, } else if (chap_challenge->length == 16) { char *username_string; - DEBUG2(" mschap2: %02x", chap_challenge->vp_octets[0]); + RDEBUG2(" mschap2: %02x", chap_challenge->vp_octets[0]); response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE); if (!response) { - DEBUG2(" rlm_mschap: MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge."); + RDEBUG2("MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge."); return 0; } @@ -333,14 +333,14 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * Responses are 50 octets. */ if (response->length < 50) { - radlog(L_AUTH, "rlm_mschap: MS-CHAP-Response has the wrong format."); + radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format."); return 0; } user_name = pairfind(request->packet->vps, PW_USER_NAME); if (!user_name) { - DEBUG2(" rlm_mschap: User-Name is required to calculateMS-CHAPv1 Challenge."); + RDEBUG2("User-Name is required to calculateMS-CHAPv1 Challenge."); return 0; } @@ -351,7 +351,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, if (inst->with_ntdomain_hack) { username_string++; } else { - DEBUG2(" rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?"); + RDEBUG2("NT Domain delimeter found, should we have enabled with_ntdomain_hack?"); username_string = user_name->vp_strvalue; } } else { @@ -369,7 +369,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, data = buffer; data_len = 8; } else { - DEBUG2(" rlm_mschap: Invalid MS-CHAP challenge length"); + RDEBUG2("Invalid MS-CHAP challenge length"); return 0; } @@ -383,7 +383,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, if (!response) response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE); if (!response) { - DEBUG2(" rlm_mschap: No MS-CHAP-Response or MS-CHAP2-Response was found in the request."); + RDEBUG2("No MS-CHAP-Response or MS-CHAP2-Response was found in the request."); return 0; } @@ -393,7 +393,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, */ if ((response->attribute == PW_MSCHAP_RESPONSE) && ((response->vp_octets[1] & 0x01) == 0)) { - DEBUG2(" rlm_mschap: No NT-Response in MS-CHAP-Response"); + RDEBUG2("No NT-Response in MS-CHAP-Response"); return 0; } @@ -413,7 +413,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE); if (!response) { - DEBUG2(" rlm_mschap: No MS-CHAP-Response was found in the request."); + RDEBUG2("No MS-CHAP-Response was found in the request."); return 0; } @@ -422,7 +422,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * if the second octet says so. */ if ((response->vp_octets[1] & 0x01) != 0) { - DEBUG2(" rlm_mschap: No LM-Response in MS-CHAP-Response"); + RDEBUG2("No LM-Response in MS-CHAP-Response"); return 0; } data = response->vp_octets + 2; @@ -436,7 +436,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, user_name = pairfind(request->packet->vps, PW_USER_NAME); if (!user_name) { - DEBUG2(" rlm_mschap: No User-Name was found in the request."); + RDEBUG2("No User-Name was found in the request."); return 0; } @@ -453,7 +453,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, */ p = strchr(user_name->vp_strvalue, '.'); if (!p) { - DEBUG2(" rlm_mschap: setting NT-Domain to same as machine name"); + RDEBUG2("setting NT-Domain to same as machine name"); strlcpy(out, user_name->vp_strvalue + 5, outlen); } else { p++; /* skip the period */ @@ -469,7 +469,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, } else { p = strchr(user_name->vp_strvalue, '\\'); if (!p) { - DEBUG2(" rlm_mschap: No NT-Domain was found in the User-Name."); + RDEBUG2("No NT-Domain was found in the User-Name."); return 0; } @@ -491,7 +491,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, user_name = pairfind(request->packet->vps, PW_USER_NAME); if (!user_name) { - DEBUG2(" rlm_mschap: No User-Name was found in the request."); + RDEBUG2("No User-Name was found in the request."); return 0; } @@ -539,12 +539,12 @@ static size_t mschap_xlat(void *instance, REQUEST *request, p = fmt + 8; /* 7 is the length of 'NT-Hash' */ if ((p == '\0') || (outlen <= 32)) return 0; - DEBUG("rlm_mschap: NT-Hash: %s",p); + RDEBUG("rlm_mschap: NT-Hash: %s",p); ntpwdhash(buffer,p); fr_bin2hex(buffer, out, 16); out[32] = '\0'; - DEBUG("rlm_mschap: NT-Hash: Result: %s",out); + RDEBUG("rlm_mschap: NT-Hash: Result: %s",out); return 32; /* @@ -557,14 +557,14 @@ static size_t mschap_xlat(void *instance, REQUEST *request, if ((p == '\0') || (outlen <= 32)) return 0; - DEBUG("rlm_mschap: LM-Hash: %s",p); + RDEBUG("rlm_mschap: LM-Hash: %s",p); smbdes_lmpwdhash(p, buffer); fr_bin2hex(buffer, out, 16); out[32] = '\0'; - DEBUG("rlm_mschap: LM-Hash: Result: %s",out); + RDEBUG("rlm_mschap: LM-Hash: Result: %s",out); return 32; } else { - DEBUG2(" rlm_mschap: Unknown expansion string \"%s\"", + RDEBUG2("Unknown expansion string \"%s\"", fmt); return 0; } @@ -575,7 +575,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * Didn't set anything: this is bad. */ if (!data) { - DEBUG2(" rlm_mschap: Failed to do anything intelligent"); + RDEBUG2("Failed to do anything intelligent"); return 0; } @@ -692,13 +692,13 @@ static int mschap_instantiate(CONF_SECTION *conf, void **instance) * add_reply() adds either MS-CHAP2-Success or MS-CHAP-Error * attribute to reply packet */ -void mschap_add_reply(VALUE_PAIR** vp, unsigned char ident, +void mschap_add_reply(REQUEST *request, VALUE_PAIR** vp, unsigned char ident, const char* name, const char* value, int len) { VALUE_PAIR *reply_attr; reply_attr = pairmake(name, "", T_OP_EQ); if (!reply_attr) { - DEBUG(" rlm_mschap: Failed to create attribute %s: %s\n", name, librad_errstr); + RDEBUG("Failed to create attribute %s: %s\n", name, librad_errstr); return; } @@ -717,7 +717,7 @@ static void mppe_add_reply(REQUEST *request, VALUE_PAIR *vp; vp = radius_pairmake(request, &request->reply->vps, name, "", T_OP_EQ); if (!vp) { - DEBUG("rlm_mschap: mppe_add_reply failed to create attribute %s: %s\n", name, librad_errstr); + RDEBUG("rlm_mschap: mppe_add_reply failed to create attribute %s: %s\n", name, librad_errstr); return; } @@ -762,7 +762,7 @@ static int do_mschap(rlm_mschap_t *inst, * know what to do... */ if (!inst->ntlm_auth && do_ntlm_auth) { - DEBUG2(" rlm_mschap: Asked to use ntlm_auth, but it was not configured in the mschap{} section."); + RDEBUG2("Asked to use ntlm_auth, but it was not configured in the mschap{} section."); return -1; } @@ -774,7 +774,7 @@ static int do_mschap(rlm_mschap_t *inst, * No password: can't do authentication. */ if (!password) { - DEBUG2(" rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication."); + RDEBUG2("FAILED: No NT/LM-Password. Cannot perform authentication."); return -1; } @@ -807,7 +807,7 @@ static int do_mschap(rlm_mschap_t *inst, buffer, sizeof(buffer), NULL, NULL, 1); if (result != 0) { - DEBUG2(" rlm_mschap: External script failed."); + RDEBUG2("External script failed."); return -1; } @@ -818,7 +818,7 @@ static int do_mschap(rlm_mschap_t *inst, * NT_KEY: 000102030405060708090a0b0c0d0e0f */ if (memcmp(buffer, "NT_KEY: ", 8) != 0) { - DEBUG2(" rlm_mschap: Invalid output from ntlm_auth: expecting NT_KEY"); + RDEBUG2("Invalid output from ntlm_auth: expecting NT_KEY"); return -1; } @@ -827,7 +827,7 @@ static int do_mschap(rlm_mschap_t *inst, * with an LF at the end. */ if (strlen(buffer + 8) < 32) { - DEBUG2(" rlm_mschap: Invalid output from ntlm_auth: NT_KEY has unexpected length"); + RDEBUG2("Invalid output from ntlm_auth: NT_KEY has unexpected length"); return -1; } @@ -835,7 +835,7 @@ static int do_mschap(rlm_mschap_t *inst, * Update the NT hash hash, from the NT key. */ if (fr_hex2bin(buffer + 8, nthashhash, 16) != 16) { - DEBUG2(" rlm_mschap: Invalid output from ntlm_auth: NT_KEY has non-hex values"); + RDEBUG2("Invalid output from ntlm_auth: NT_KEY has non-hex values"); return -1; } } @@ -985,16 +985,16 @@ static int mschap_authorize(void * instance, REQUEST *request) * Nothing we recognize. Don't do anything. */ if (!response) { - DEBUG2(" rlm_mschap: Found MS-CHAP-Challenge, but no MS-CHAP-Response."); + RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP-Response."); return RLM_MODULE_NOOP; } if (pairfind(request->config_items, PW_AUTH_TYPE)) { - DEBUG2(" rlm_mschap: Found existing Auth-Type. Not changing it."); + RDEBUG2("Found existing Auth-Type. Not changing it."); return RLM_MODULE_NOOP; } - DEBUG2(" rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = %s'", inst->xlat_name); + RDEBUG2("Found MS-CHAP attributes. Setting 'Auth-Type = %s'", inst->xlat_name); /* * Set Auth-Type to MS-CHAP. The authentication code @@ -1068,7 +1068,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * Password is not required. */ if ((smb_ctrl->vp_integer & ACB_PWNOTREQ) != 0) { - DEBUG2(" rlm_mschap: SMB-Account-Ctrl says no password is required."); + RDEBUG2("SMB-Account-Ctrl says no password is required."); return RLM_MODULE_OK; } } @@ -1090,22 +1090,22 @@ static int mschap_authenticate(void * instance, REQUEST *request) ((lm_password->length == 32) && (fr_hex2bin(lm_password->vp_strvalue, lm_password->vp_octets, 16) == 16))) { - DEBUG2(" rlm_mschap: Found LM-Password"); + RDEBUG2("Found LM-Password"); lm_password->length = 16; } else { - radlog(L_ERR, "rlm_mschap: Invalid LM-Password"); + radlog_request(L_ERR, 0, request, "Invalid LM-Password"); lm_password = NULL; } } else if (!password) { - DEBUG2(" rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password."); + RDEBUG2("No Cleartext-Password configured. Cannot create LM-Password."); } else { /* there is a configured Cleartext-Password */ lm_password = radius_pairmake(request, &request->config_items, "LM-Password", "", T_OP_EQ); if (!lm_password) { - radlog(L_ERR, "No memory"); + radlog_request(L_ERR, 0, request, "No memory"); } else { smbdes_lmpwdhash(password->vp_strvalue, lm_password->vp_octets); @@ -1122,21 +1122,21 @@ static int mschap_authenticate(void * instance, REQUEST *request) ((nt_password->length == 32) && (fr_hex2bin(nt_password->vp_strvalue, nt_password->vp_octets, 16) == 16))) { - DEBUG2(" rlm_mschap: Found NT-Password"); + RDEBUG2("Found NT-Password"); nt_password->length = 16; } else { - radlog(L_ERR, "rlm_mschap: Invalid NT-Password"); + radlog_request(L_ERR, 0, request, "Invalid NT-Password"); nt_password = NULL; } } else if (!password) { - DEBUG2(" rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password."); + RDEBUG2("No Cleartext-Password configured. Cannot create NT-Password."); } else { /* there is a configured Cleartext-Password */ nt_password = radius_pairmake(request, &request->config_items, "NT-Password", "", T_OP_EQ); if (!nt_password) { - radlog(L_ERR, "No memory"); + radlog_request(L_ERR, 0, request, "No memory"); return RLM_MODULE_FAIL; } else { ntpwdhash(nt_password->vp_octets, @@ -1147,7 +1147,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE); if (!challenge) { - DEBUG2(" rlm_mschap: No MS-CHAP-Challenge in the request"); + RDEBUG2("No MS-CHAP-Challenge in the request"); return RLM_MODULE_REJECT; } @@ -1166,7 +1166,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * MS-CHAPv1 challenges are 8 octets. */ if (challenge->length < 8) { - radlog(L_AUTH, "rlm_mschap: MS-CHAP-Challenge has the wrong format."); + radlog_request(L_AUTH, 0, request, "MS-CHAP-Challenge has the wrong format."); return RLM_MODULE_INVALID; } @@ -1174,7 +1174,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * Responses are 50 octets. */ if (response->length < 50) { - radlog(L_AUTH, "rlm_mschap: MS-CHAP-Response has the wrong format."); + radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format."); return RLM_MODULE_INVALID; } @@ -1183,11 +1183,11 @@ static int mschap_authenticate(void * instance, REQUEST *request) * response */ if (response->vp_octets[1] & 0x01) { - DEBUG2(" rlm_mschap: Told to do MS-CHAPv1 with NT-Password"); + RDEBUG2("Told to do MS-CHAPv1 with NT-Password"); password = nt_password; offset = 26; } else { - DEBUG2(" rlm_mschap: Told to do MS-CHAPv1 with LM-Password"); + RDEBUG2("Told to do MS-CHAPv1 with LM-Password"); password = lm_password; offset = 2; } @@ -1197,8 +1197,8 @@ static int mschap_authenticate(void * instance, REQUEST *request) */ if (do_mschap(inst, request, password, challenge->vp_octets, response->vp_octets + offset, nthashhash) < 0) { - DEBUG2(" rlm_mschap: MS-CHAP-Response is incorrect."); - mschap_add_reply(&request->reply->vps, + RDEBUG2("MS-CHAP-Response is incorrect."); + mschap_add_reply(request, &request->reply->vps, *response->vp_octets, "MS-CHAP-Error", "E=691 R=1", 9); return RLM_MODULE_REJECT; @@ -1213,7 +1213,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * MS-CHAPv2 challenges are 16 octets. */ if (challenge->length < 16) { - radlog(L_AUTH, "rlm_mschap: MS-CHAP-Challenge has the wrong format."); + radlog_request(L_AUTH, 0, request, "MS-CHAP-Challenge has the wrong format."); return RLM_MODULE_INVALID; } @@ -1221,7 +1221,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * Responses are 50 octets. */ if (response->length < 50) { - radlog(L_AUTH, "rlm_mschap: MS-CHAP-Response has the wrong format."); + radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format."); return RLM_MODULE_INVALID; } @@ -1230,7 +1230,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) */ username = pairfind(request->packet->vps, PW_USER_NAME); if (!username) { - radlog(L_AUTH, "rlm_mschap: We require a User-Name for MS-CHAPv2"); + radlog_request(L_AUTH, 0, request, "We require a User-Name for MS-CHAPv2"); return RLM_MODULE_INVALID; } @@ -1242,7 +1242,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) if (inst->with_ntdomain_hack) { username_string++; } else { - DEBUG2(" rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?"); + RDEBUG2(" NT Domain delimeter found, should we have enabled with_ntdomain_hack?"); username_string = username->vp_strvalue; } } else { @@ -1255,7 +1255,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * OpenDirectory authentication. */ if (!nt_password && inst->open_directory) { - DEBUG2(" rlm_mschap: No NT-Password configured. Trying DirectoryService Authentication."); + RDEBUG2("No NT-Password configured. Trying DirectoryService Authentication."); return od_mschap_auth(request, challenge, username); } #endif @@ -1271,13 +1271,13 @@ static int mschap_authenticate(void * instance, REQUEST *request) username_string, /* user name */ mschapv1_challenge); /* resulting challenge */ - DEBUG2(" rlm_mschap: Told to do MS-CHAPv2 for %s with NT-Password", + RDEBUG2("Told to do MS-CHAPv2 for %s with NT-Password", username_string); if (do_mschap(inst, request, nt_password, mschapv1_challenge, response->vp_octets + 26, nthashhash) < 0) { - DEBUG2(" rlm_mschap: FAILED: MS-CHAP2-Response is incorrect"); - mschap_add_reply(&request->reply->vps, + RDEBUG2("FAILED: MS-CHAP2-Response is incorrect"); + mschap_add_reply(request, &request->reply->vps, *response->vp_octets, "MS-CHAP-Error", "E=691 R=1", 9); return RLM_MODULE_REJECT; @@ -1295,12 +1295,12 @@ static int mschap_authenticate(void * instance, REQUEST *request) response->vp_octets + 2, /* peer challenge */ challenge->vp_octets, /* our challenge */ msch2resp); /* calculated MPPE key */ - mschap_add_reply(&request->reply->vps, *response->vp_octets, + mschap_add_reply(request, &request->reply->vps, *response->vp_octets, "MS-CHAP2-Success", msch2resp, 42); chap = 2; } else { /* Neither CHAPv1 or CHAPv2 response: die */ - radlog(L_AUTH, "rlm_mschap: No MS-CHAP response found"); + radlog_request(L_AUTH, 0, request, "No MS-CHAP response found"); return RLM_MODULE_INVALID; } @@ -1318,8 +1318,8 @@ static int mschap_authenticate(void * instance, REQUEST *request) */ if (((smb_ctrl->vp_integer & ACB_DISABLED) != 0) || ((smb_ctrl->vp_integer & ACB_NORMAL) == 0)) { - DEBUG2(" rlm_mschap: SMB-Account-Ctrl says that the account is disabled, or is not a normal account."); - mschap_add_reply( &request->reply->vps, + RDEBUG2("SMB-Account-Ctrl says that the account is disabled, or is not a normal account."); + mschap_add_reply(request, &request->reply->vps, *response->vp_octets, "MS-CHAP-Error", "E=691 R=1", 9); return RLM_MODULE_NOTFOUND; @@ -1329,8 +1329,8 @@ static int mschap_authenticate(void * instance, REQUEST *request) * User is locked out. */ if ((smb_ctrl->vp_integer & ACB_AUTOLOCK) != 0) { - DEBUG2(" rlm_mschap: SMB-Account-Ctrl says that the account is locked out."); - mschap_add_reply( &request->reply->vps, + RDEBUG2("SMB-Account-Ctrl says that the account is locked out."); + mschap_add_reply(request, &request->reply->vps, *response->vp_octets, "MS-CHAP-Error", "E=647 R=0", 9); return RLM_MODULE_USERLOCK; @@ -1343,7 +1343,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) uint8_t mppe_recvkey[34]; if (chap == 1){ - DEBUG2("rlm_mschap: adding MS-CHAPv1 MPPE keys"); + RDEBUG2("adding MS-CHAPv1 MPPE keys"); memset(mppe_sendkey, 0, 32); if (lm_password) { memcpy(mppe_sendkey, lm_password->vp_octets, 8); @@ -1367,7 +1367,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) "MS-CHAP-MPPE-Keys", mppe_sendkey, 32); } else if (chap == 2) { - DEBUG2("rlm_mschap: adding MS-CHAPv2 MPPE keys"); + RDEBUG2("adding MS-CHAPv2 MPPE keys"); mppe_chap2_gen_keys128(nthashhash, response->vp_octets + 26, mppe_sendkey, mppe_recvkey); diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 70ab418..71b768b 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -240,7 +240,7 @@ static int base64_decode (const char *src, uint8_t *dst) /* * Hex or base64 or bin auto-discovery. */ -static void normify(VALUE_PAIR *vp, size_t min_length) +static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) { size_t decoded; uint8_t buffer[64]; @@ -253,7 +253,7 @@ static void normify(VALUE_PAIR *vp, size_t min_length) if (vp->length >= (2 * min_length)) { decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1); if (decoded == (vp->length >> 1)) { - DEBUG2("rlm_pap: Normalizing %s from hex encoding", vp->name); + RDEBUG2("Normalizing %s from hex encoding", vp->name); memcpy(vp->vp_octets, buffer, decoded); vp->length = decoded; return; @@ -267,7 +267,7 @@ static void normify(VALUE_PAIR *vp, size_t min_length) if ((vp->length * 3) >= ((min_length * 4))) { decoded = base64_decode(vp->vp_strvalue, buffer); if (decoded >= min_length) { - DEBUG2("rlm_pap: Normalizing %s from base64 encoding", vp->name); + RDEBUG2("Normalizing %s from base64 encoding", vp->name); memcpy(vp->vp_octets, buffer, decoded); vp->length = decoded; return; @@ -336,7 +336,7 @@ static int pap_authorize(void *instance, REQUEST *request) attr = fr_str2int(header_names, buffer, 0); if (!attr) { - DEBUG2("rlm_pap: Found unknown header {%s}: Not doing anything", buffer); + RDEBUG2("Found unknown header {%s}: Not doing anything", buffer); break; } @@ -366,13 +366,13 @@ static int pap_authorize(void *instance, REQUEST *request) case PW_SMD5_PASSWORD: case PW_NT_PASSWORD: case PW_LM_PASSWORD: - normify(vp, 16); /* ensure it's in the right format */ + normify(request, vp, 16); /* ensure it's in the right format */ found_pw = TRUE; break; case PW_SHA_PASSWORD: case PW_SSHA_PASSWORD: - normify(vp, 20); /* ensure it's in the right format */ + normify(request, vp, 20); /* ensure it's in the right format */ found_pw = TRUE; break; @@ -432,7 +432,7 @@ static int pap_authorize(void *instance, REQUEST *request) return RLM_MODULE_NOOP; } - DEBUG("rlm_pap: WARNING! No \"known good\" password found for the user. Authentication may fail because of this."); + RDEBUG("WARNING! No \"known good\" password found for the user. Authentication may fail because of this."); return RLM_MODULE_NOOP; } @@ -440,7 +440,7 @@ static int pap_authorize(void *instance, REQUEST *request) * Don't touch existing Auth-Types. */ if (auth_type) { - DEBUG2("rlm_pap: Found existing Auth-Type, not changing it."); + RDEBUG2("Found existing Auth-Type, not changing it."); return RLM_MODULE_NOOP; } @@ -457,7 +457,7 @@ static int pap_authorize(void *instance, REQUEST *request) return RLM_MODULE_NOOP; } - DEBUG2("rlm_pap: No clear-text password in the request. Not performing PAP."); + RDEBUG2("No clear-text password in the request. Not performing PAP."); return RLM_MODULE_NOOP; } @@ -488,7 +488,7 @@ static int pap_authenticate(void *instance, REQUEST *request) int scheme = PAP_ENC_INVALID; if (!request->password){ - radlog(L_AUTH, "rlm_pap: Attribute \"Password\" is required for authentication."); + radlog_request(L_AUTH, 0, request, "Attribute \"Password\" is required for authentication."); return RLM_MODULE_INVALID; } @@ -496,7 +496,7 @@ static int pap_authenticate(void *instance, REQUEST *request) * Clear-text passwords are the only ones we support. */ if (request->password->attribute != PW_USER_PASSWORD) { - radlog(L_AUTH, "rlm_pap: Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->name); + radlog_request(L_AUTH, 0, request, "Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->name); return RLM_MODULE_INVALID; } @@ -510,7 +510,7 @@ static int pap_authenticate(void *instance, REQUEST *request) return RLM_MODULE_INVALID; } - DEBUG("rlm_pap: login attempt with password \"%s\"", + RDEBUG("login attempt with password \"%s\"", request->password->vp_strvalue); /* @@ -555,7 +555,7 @@ static int pap_authenticate(void *instance, REQUEST *request) } fail: - DEBUG("rlm_pap: No password configured for the user. Cannot do authentication"); + RDEBUG("No password configured for the user. Cannot do authentication"); return RLM_MODULE_FAIL; } else { @@ -580,7 +580,7 @@ static int pap_authenticate(void *instance, REQUEST *request) switch (scheme) { case PAP_ENC_CLEAR: do_clear: - DEBUG("rlm_pap: Using clear text password \"%s\"", + RDEBUG("Using clear text password \"%s\"", vp->vp_strvalue); if (strcmp((char *) vp->vp_strvalue, (char *) request->password->vp_strvalue) != 0){ @@ -588,13 +588,13 @@ static int pap_authenticate(void *instance, REQUEST *request) goto make_msg; } done: - DEBUG("rlm_pap: User authenticated successfully"); + RDEBUG("User authenticated successfully"); return RLM_MODULE_OK; break; case PAP_ENC_CRYPT: do_crypt: - DEBUG("rlm_pap: Using CRYPT encryption."); + RDEBUG("Using CRYPT encryption."); if (fr_crypt_check((char *) request->password->vp_strvalue, (char *) vp->vp_strvalue) != 0) { snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CRYPT password check failed"); @@ -605,11 +605,11 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_MD5_PASSWORD: do_md5: - DEBUG("rlm_pap: Using MD5 encryption."); + RDEBUG("Using MD5 encryption."); - normify(vp, 16); + normify(request, vp, 16); if (vp->length != 16) { - DEBUG("rlm_pap: Configured MD5 password has incorrect length"); + RDEBUG("Configured MD5 password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured MD5 password has incorrect length"); goto make_msg; } @@ -627,11 +627,11 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_SMD5_PASSWORD: do_smd5: - DEBUG("rlm_pap: Using SMD5 encryption."); + RDEBUG("Using SMD5 encryption."); - normify(vp, 16); + normify(request, vp, 16); if (vp->length <= 16) { - DEBUG("rlm_pap: Configured SMD5 password has incorrect length"); + RDEBUG("Configured SMD5 password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured SMD5 password has incorrect length"); goto make_msg; } @@ -654,11 +654,11 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_SHA_PASSWORD: do_sha: - DEBUG("rlm_pap: Using SHA1 encryption."); + RDEBUG("Using SHA1 encryption."); - normify(vp, 20); + normify(request, vp, 20); if (vp->length != 20) { - DEBUG("rlm_pap: Configured SHA1 password has incorrect length"); + RDEBUG("Configured SHA1 password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured SHA1 password has incorrect length"); goto make_msg; } @@ -676,11 +676,11 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_SSHA_PASSWORD: do_ssha: - DEBUG("rlm_pap: Using SSHA encryption."); + RDEBUG("Using SSHA encryption."); - normify(vp, 20); + normify(request, vp, 20); if (vp->length <= 20) { - DEBUG("rlm_pap: Configured SSHA password has incorrect length"); + RDEBUG("Configured SSHA password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured SHA password has incorrect length"); goto make_msg; } @@ -700,11 +700,11 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_NT_PASSWORD: do_nt: - DEBUG("rlm_pap: Using NT encryption."); + RDEBUG("Using NT encryption."); - normify(vp, 16); + normify(request, vp, 16); if (vp->length != 16) { - DEBUG("rlm_pap: Configured NT-Password has incorrect length"); + RDEBUG("Configured NT-Password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NT-Password has incorrect length"); goto make_msg; } @@ -712,7 +712,7 @@ static int pap_authenticate(void *instance, REQUEST *request) snprintf(buff2, sizeof(buff2), "%%{mschap:NT-Hash %s}", request->password->vp_strvalue); if (!radius_xlat(digest, sizeof(digest),buff2,request,NULL)){ - DEBUG("rlm_pap: mschap xlat failed"); + RDEBUG("mschap xlat failed"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); goto make_msg; } @@ -726,18 +726,18 @@ static int pap_authenticate(void *instance, REQUEST *request) case PW_LM_PASSWORD: do_lm: - DEBUG("rlm_pap: Using LM encryption."); + RDEBUG("Using LM encryption."); - normify(vp, 16); + normify(request, vp, 16); if (vp->length != 16) { - DEBUG("rlm_pap: Configured LM-Password has incorrect length"); + RDEBUG("Configured LM-Password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured LM-Password has incorrect length"); goto make_msg; } snprintf(buff2, sizeof(buff2), "%%{mschap:LM-Hash %s}", request->password->vp_strvalue); if (!radius_xlat(digest,sizeof(digest),buff2,request,NULL)){ - DEBUG("rlm_pap: mschap xlat failed"); + RDEBUG("mschap xlat failed"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); goto make_msg; } @@ -745,7 +745,7 @@ static int pap_authenticate(void *instance, REQUEST *request) (memcmp(digest, vp->vp_octets, vp->length) != 0)) { snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed"); make_msg: - DEBUG("rlm_pap: Passwords don't match"); + RDEBUG("Passwords don't match"); module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); pairadd(&request->packet->vps, module_fmsg_vp); @@ -756,10 +756,10 @@ static int pap_authenticate(void *instance, REQUEST *request) case PAP_ENC_NS_MTA_MD5: do_ns_mta_md5: - DEBUG("rlm_pap: Using NT-MTA-MD5 password"); + RDEBUG("Using NT-MTA-MD5 password"); if (vp->length != 64) { - DEBUG("rlm_pap: Configured NS-MTA-MD5-Password has incorrect length"); + RDEBUG("Configured NS-MTA-MD5-Password has incorrect length"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NS-MTA-MD5-Password has incorrect length"); goto make_msg; } @@ -768,7 +768,7 @@ static int pap_authenticate(void *instance, REQUEST *request) * Sanity check the value of NS-MTA-MD5-Password */ if (fr_hex2bin(vp->vp_strvalue, buff, 32) != 16) { - DEBUG("rlm_pap: Configured NS-MTA-MD5-Password has invalid value"); + RDEBUG("Configured NS-MTA-MD5-Password has invalid value"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured NS-MTA-MD5-Password has invalid value"); goto make_msg; } @@ -779,7 +779,7 @@ static int pap_authenticate(void *instance, REQUEST *request) * This really: sizeof(buff) - 2 - 2*32 - strlen(passwd) */ if (strlen(request->password->vp_strvalue) >= (sizeof(buff2) - 2 - 2 * 32)) { - DEBUG("rlm_pap: Configured password is too long"); + RDEBUG("Configured password is too long"); snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: password is too long"); goto make_msg; } @@ -814,7 +814,7 @@ static int pap_authenticate(void *instance, REQUEST *request) break; } - DEBUG("rlm_pap: No password configured for the user. Cannot do authentication"); + RDEBUG("No password configured for the user. Cannot do authentication"); return RLM_MODULE_FAIL; } -- 2.1.4