From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 4 Feb 2010 07:45:12 +0000 (+0100)
Subject: Make MS-CHAP call xlat on NT-Hash and LM-Password
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff_plain;h=efa03059b2be34253a3ada47f00b12216bbdbe38

Make MS-CHAP call xlat on NT-Hash and LM-Password

This moves the "expand variable" code to the correct place.
---

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index faee861..24fb192 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -535,16 +535,25 @@ static size_t mschap_xlat(void *instance, REQUEST *request,
 		 */
 	} else if (strncasecmp(fmt, "NT-Hash ", 8) == 0) {
 		char *p;
+		char buf2[1024];
 
 		p = fmt + 8;	/* 7 is the length of 'NT-Hash' */
 		if ((p == '\0')	 || (outlen <= 32))
 			return 0;
-		RDEBUG("rlm_mschap: NT-Hash: %s",p);
-		ntpwdhash(buffer,p);
+
+		while (isspace(*p)) p++;
+
+		if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+			RDEBUG("xlat failed");
+			*buffer = '\0';
+			return 0;
+		}
+
+		ntpwdhash(buffer,buf2);
 
 		fr_bin2hex(buffer, out, 16);
 		out[32] = '\0';
-		RDEBUG("rlm_mschap: NT-Hash: Result: %s",out);
+		RDEBUG("NT-Hash of %s = %s", buf2, out);
 		return 32;
 
 		/*
@@ -552,16 +561,24 @@ static size_t mschap_xlat(void *instance, REQUEST *request,
 		 */
 	} else if (strncasecmp(fmt, "LM-Hash ", 8) == 0) {
 		char *p;
+		char buf2[1024];
 
 		p = fmt + 8;	/* 7 is the length of 'LM-Hash' */
 		if ((p == '\0') || (outlen <= 32))
 			return 0;
 
-		RDEBUG("rlm_mschap: LM-Hash: %s",p);
-		smbdes_lmpwdhash(p, buffer);
+		while (isspace(*p)) p++;
+
+		if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+			RDEBUG("xlat failed");
+			*buffer = '\0';
+			return 0;
+		}
+
+		smbdes_lmpwdhash(buf2, buffer);
 		fr_bin2hex(buffer, out, 16);
 		out[32] = '\0';
-		RDEBUG("rlm_mschap: LM-Hash: Result: %s",out);
+		RDEBUG("LM-Hash of %s = %s", buf2, out);
 		return 32;
 	} else {
 		RDEBUG2("Unknown expansion string \"%s\"",
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 540aa4d..c66c22c 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -709,8 +709,8 @@ static int pap_authenticate(void *instance, REQUEST *request)
 			goto make_msg;
 		}
 
-		snprintf(buff2, sizeof(buff2), "%%{mschap:NT-Hash %s}",
-			request->password->vp_strvalue);
+
+		strlcpy(buff2, "%{mschap:NT-Hash %{User-Password}}", sizeof(buff2));
 		if (!radius_xlat(digest, sizeof(digest),buff2,request,NULL)){
 			RDEBUG("mschap xlat failed");
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
@@ -734,8 +734,7 @@ static int pap_authenticate(void *instance, REQUEST *request)
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: Configured LM-Password has incorrect length");
 			goto make_msg;
 		}
-		snprintf(buff2, sizeof(buff2), "%%{mschap:LM-Hash %s}",
-			request->password->vp_strvalue);
+		strlcpy(buff2, "%{mschap:LM-Hash %{User-Password}}", sizeof(buff2));
 		if (!radius_xlat(digest,sizeof(digest),buff2,request,NULL)){
 			RDEBUG("mschap xlat failed");
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");