All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
otp_pwe.c
Go to the documentation of this file.
1 /*
2  * $Id: 5fa84a77c3d7476e781f58f26ec3a5a0d56e42e2 $
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  *
18  * Copyright 2001,2002 Google, Inc.
19  * Copyright 2005,2006 TRI-D Systems, Inc.
20  */
21 
22 /*
23  * This file implements passcode (password) checking functions for each
24  * supported encoding (PAP, CHAP, etc.). The current libradius interface
25  * is not sufficient for X9.9 use.
26  */
27 
28 RCSID("$Id: 5fa84a77c3d7476e781f58f26ec3a5a0d56e42e2 $")
29 
30 /* avoid inclusion of these FR headers which conflict w/ OpenSSL */
31 #define _FR_MD4_H
32 #define _FR_SHA1_H
33 #include <freeradius-devel/radiusd.h>
34 #include <freeradius-devel/rad_assert.h>
35 
36 #include "extern.h"
37 
39 #include <openssl/des.h>
40 #include <openssl/md4.h>
41 #include <openssl/md5.h>
42 #include <openssl/sha.h>
43 
44 #include <string.h>
45 
46 /* Attribute IDs for supported password encodings. */
47 #define SIZEOF_PWATTR (4 * 2)
49 
50 
51 /* Initialize the pwattr array for supported password encodings. */
52 void
54 {
55  fr_dict_attr_t const *da;
56 
57  /*
58  * Setup known password types. These are pairs.
59  * NB: Increase pwattr array size when adding a type.
60  * It should be sized as (number of password types * 2)
61  * NB: Array indices must match otp_pwe_t! (see otp.h)
62  */
63  (void) memset(pwattr, 0, sizeof(pwattr));
64 
65  /* PAP */
66  da = fr_dict_attr_by_name(NULL, "User-Password");
67  if (da) {
68  pwattr[0] = da;
69  pwattr[1] = da;
70  }
71 
72  /* CHAP */
73  da = fr_dict_attr_by_name(NULL, "CHAP-Challenge");
74  if (da) {
75  pwattr[2] = da;
76 
77  da = fr_dict_attr_by_name(NULL, "CHAP-Password");
78  if (da) {
79  pwattr[3] = da;
80  } else {
81  pwattr[2] = NULL;
82  }
83  }
84 
85 #if 0
86  /* MS-CHAP (recommended not to use) */
87  da = fr_dict_attr_by_name("MS-CHAP-Challenge");
88  if (da) {
89  pwattr[4] = da;
90 
91  da = fr_dict_attr_by_name("MS-CHAP-Response");
92  if (da) {
93  pwattr[5] = da;
94  } else {
95  pwattr[4] = NULL;
96  }
97  }
98 #endif /* 0 */
99 
100  /* MS-CHAPv2 */
101  da = fr_dict_attr_by_name(NULL, "MS-CHAP-Challenge");
102  if (da) {
103  pwattr[6] = da;
104 
105  da = fr_dict_attr_by_name(NULL, "MS-CHAP2-Response");
106  if (da) {
107  pwattr[7] = da;
108  } else {
109  pwattr[6] = NULL;
110  }
111  }
112 }
113 
114 
115 /*
116  * Test for password presence in an Access-Request packet.
117  * Returns 0 for "no supported password present", or the
118  * password encoding type.
119  */
121 {
122  unsigned i;
123 
124  for (i = 0; i < SIZEOF_PWATTR; i += 2) {
125  if (!pwattr[i]) {
126  continue;
127  }
128 
129  if (fr_pair_find_by_num(request->packet->vps, pwattr[i]->vendor, pwattr[i]->attr, TAG_ANY) &&
130  fr_pair_find_by_num(request->packet->vps, pwattr[i + 1]->vendor, pwattr[i + 1]->attr,
131  TAG_ANY)) {
132  DEBUG("rlm_otp: %s: password attributes %s, %s",
133  __func__, pwattr[i]->name, pwattr[i + 1]->name);
134 
135  return i + 1; /* Can't return 0 (indicates failure) */
136  }
137  }
138 
139  DEBUG("rlm_otp: %s: no password attributes present", __func__);
140  return PWE_NONE;
141 }
enum otp_pwe otp_pwe_t
Dictionary attribute.
Definition: dict.h:77
static char const * name
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
Definition: libradius.h:162
#define SIZEOF_PWATTR
Definition: otp_pwe.c:47
void otp_pwe_init(void)
Definition: otp_pwe.c:53
#define DEBUG(fmt,...)
Definition: log.h:175
fr_dict_attr_t const * pwattr[SIZEOF_PWATTR]
Definition: otp_pwe.c:48
unsigned int attr
Attribute number.
Definition: dict.h:79
otp_pwe_t otp_pwe_present(REQUEST const *request)
Definition: otp_pwe.c:120
unsigned int vendor
Vendor that defines this attribute.
Definition: dict.h:78
#define TAG_ANY
Definition: pair.h:191
RADIUS_PACKET * packet
Incoming request.
Definition: radiusd.h:221
Definition: otp.h:57
VALUE_PAIR * fr_pair_find_by_num(VALUE_PAIR *head, unsigned int vendor, unsigned int attr, int8_t tag)
Find the pair with the matching attribute.
Definition: pair.c:639
#define RCSID(id)
Definition: build.h:135
#define USES_APPLE_DEPRECATED_API
Definition: build.h:122
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_t *dict, char const *attr)
Locate a fr_dict_attr_t by its name.
Definition: dict.c:3493