#
radclient.lo: radclient.c $(INCLUDES)
- $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c radclient.c
+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -I ../modules/rlm_mschap -c radclient.c
-radclient: radclient.lo $(LIBRADIUS)
- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LINK_MODE) -o radclient radclient.lo $(LIBRADIUS) $(LIBS)
+MSCHAP_OBJS := ../modules/rlm_mschap/smbdes.lo ../modules/rlm_mschap/mschap.lo
+
+radclient: radclient.lo $(MSCHAP_OBJS) $(LIBRADIUS)
+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LINK_MODE) -o radclient radclient.lo $(MSCHAP_OBJS) $(LIBRADIUS) $(LIBS)
+
+# These two rules need to be specific in order to supercede the generic
+# "compile C file" rules.
+../modules/rlm_mschap/smbdes.lo: ../modules/rlm_mschap/smbdes.c
+ ${MAKE} -C ../modules/rlm_mschap/
+
+../modules/rlm_mschap/mschap.lo: ../modules/rlm_mschap/mschap.c
+ ${MAKE} -C ../modules/rlm_mschap/
radsniff.lo: radsniff.c $(INCLUDES) ../include/radsniff.h
$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c radsniff.c
#include <assert.h>
+#include "smbdes.h"
+#include "mschap.h"
+
static int success = 0;
static int retries = 3;
static float timeout = 5;
free(radclient);
}
+static int mschapv1_encode(VALUE_PAIR **request, const char *password)
+{
+ unsigned int i;
+ VALUE_PAIR *challenge, *response;
+ uint8_t nthash[16];
+
+ challenge = paircreate(PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, PW_TYPE_OCTETS);
+ if (!challenge) {
+ fprintf(stderr, "GOT IT %d!\n", __LINE__);
+ return 0;
+ }
+
+ pairadd(request, challenge);
+ challenge->length = 8;
+ for (i = 0; i < challenge->length; i++) {
+ challenge->vp_octets[i] = fr_rand();
+ }
+
+ response = paircreate(PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, PW_TYPE_OCTETS);
+ if (!response) {
+ fprintf(stderr, "GOT IT %d!\n", __LINE__);
+ return 0;
+ }
+
+ pairadd(request, response);
+ response->length = 50;
+ memset(response->vp_octets, 0, response->length);
+
+ response->vp_octets[1] = 0x01; /* NT hash */
+
+ mschap_ntpwdhash(nthash, password);
+
+ smbdes_mschap(nthash, challenge->vp_octets,
+ response->vp_octets + 26);
+ return 1;
+}
+
+
/*
* Initialize a radclient data structure and add it to
* the global linked list.
} else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
+
+ } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
+ strlcpy(radclient->password, vp->vp_strvalue,
+ sizeof(radclient->password));
} else {
radclient->password[0] = '\0';
}
vp->vp_octets,
radclient->request->id, vp);
vp->length = 17;
+
+ } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
+ mschapv1_encode(&radclient->request->vps,
+ radclient->password);
+ } else if (fr_debug_flag) {
+ printf("WARNING: No password in the request\n");
}
}