Make MS-CHAP call xlat on NT-Hash and LM-Password

This moves the "expand variable" code to the correct place.

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index faee861..24fb192 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -535,16 +535,25 @@ static size_t mschap_xlat(void *instance, REQUEST *request,
                 */
        } else if (strncasecmp(fmt, "NT-Hash ", 8) == 0) {
                char *p;
+               char buf2[1024];
 
                p = fmt + 8;    /* 7 is the length of 'NT-Hash' */
                if ((p == '\0')  || (outlen <= 32))
                        return 0;
-               RDEBUG("rlm_mschap: NT-Hash: %s",p);
-               ntpwdhash(buffer,p);
+
+               while (isspace(*p)) p++;
+
+               if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+                       RDEBUG("xlat failed");
+                       *buffer = '\0';
+                       return 0;
+               }
+
+               ntpwdhash(buffer,buf2);
 
                fr_bin2hex(buffer, out, 16);
                out[32] = '\0';
-               RDEBUG("rlm_mschap: NT-Hash: Result: %s",out);
+               RDEBUG("NT-Hash of %s = %s", buf2, out);
                return 32;
 
                /*
@@ -552,16 +561,24 @@ static size_t mschap_xlat(void *instance, REQUEST *request,
                 */
        } else if (strncasecmp(fmt, "LM-Hash ", 8) == 0) {
                char *p;
+               char buf2[1024];
 
                p = fmt + 8;    /* 7 is the length of 'LM-Hash' */
                if ((p == '\0') || (outlen <= 32))
                        return 0;
 
-               RDEBUG("rlm_mschap: LM-Hash: %s",p);
-               smbdes_lmpwdhash(p, buffer);
+               while (isspace(*p)) p++;
+
+               if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+                       RDEBUG("xlat failed");
+                       *buffer = '\0';
+                       return 0;
+               }
+
+               smbdes_lmpwdhash(buf2, buffer);
                fr_bin2hex(buffer, out, 16);
                out[32] = '\0';
-               RDEBUG("rlm_mschap: LM-Hash: Result: %s",out);
+               RDEBUG("LM-Hash of %s = %s", buf2, out);
                return 32;
        } else {
                RDEBUG2("Unknown expansion string \"%s\"",

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 540aa4d..c66c22c 100644 (file)
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -709,8 +709,8 @@ static int pap_authenticate(void *instance, REQUEST *request)
                        goto make_msg;
                }
 
-               snprintf(buff2, sizeof(buff2), "%%{mschap:NT-Hash %s}",
-                       request->password->vp_strvalue);
+
+               strlcpy(buff2, "%{mschap:NT-Hash %{User-Password}}", sizeof(buff2));
                if (!radius_xlat(digest, sizeof(digest),buff2,request,NULL)){
                        RDEBUG("mschap xlat failed");
                        snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
@@ -734,8 +734,7 @@ static int pap_authenticate(void *instance, REQUEST *request)
                        snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured LM-Password has incorrect length");
                        goto make_msg;
                }
-               snprintf(buff2, sizeof(buff2), "%%{mschap:LM-Hash %s}",
-                       request->password->vp_strvalue);
+               strlcpy(buff2, "%{mschap:LM-Hash %{User-Password}}", sizeof(buff2));
                if (!radius_xlat(digest,sizeof(digest),buff2,request,NULL)){
                        RDEBUG("mschap xlat failed");
                        snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");