The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Macros | Functions | Variables
rlm_mschap.c File Reference

Implemented mschap authentication. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/exec_legacy.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/password.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/radius/defs.h>
#include <freeradius-devel/util/base16.h>
#include <freeradius-devel/util/md4.h>
#include <freeradius-devel/util/md5.h>
#include <freeradius-devel/util/misc.h>
#include <freeradius-devel/util/sha1.h>
#include <freeradius-devel/unlang/function.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <sys/wait.h>
#include "rlm_mschap.h"
#include "mschap.h"
#include "smbdes.h"
+ Include dependency graph for rlm_mschap.c:

Go to the source code of this file.

Data Structures

struct  mschap_auth_ctx_t
 
struct  mschap_autz_call_env_t
 
struct  mschap_cpw_ctx_t
 
struct  mschap_xlat_call_env_t
 

Macros

#define ACB_AUTOLOCK   0x04000000
 Account auto locked. More...
 
#define ACB_DISABLED   0x00010000
 User account disabled. More...
 
#define ACB_DOMTRUST   0x00400000
 Interdomain trust account. More...
 
#define ACB_FR_EXPIRED   0x00020000
 Password Expired. More...
 
#define ACB_HOMDIRREQ   0x00020000
 Home directory required. More...
 
#define ACB_MNS   0x00200000
 MNS logon user account. More...
 
#define ACB_NORMAL   0x00100000
 Normal user account. More...
 
#define ACB_PWNOEXP   0x02000000
 User password does not expire. More...
 
#define ACB_PWNOTREQ   0x00040000
 User password not required. More...
 
#define ACB_SVRTRUST   0x01000000
 Server trust account. More...
 
#define ACB_TEMPDUP   0x00080000
 Temporary duplicate account. More...
 
#define ACB_WSTRUST   0x00800000
 Workstation trust account. More...
 
#define CHECK_OPTION(_option)
 
#define LOG_PREFIX   mctx->mi->name
 
#define MSCHAP_CALL_ENV(_x)
 
#define MSCHAP_COMMON_CALL_ENV(_x)
 
#define MSCHAP_OPT_CALL_ENV(_opt, _x)   { FR_CALL_ENV_PARSE_ONLY_OFFSET(STRINGIFY(_opt), FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE, mschap_ ## _x ## _call_env_t, _opt) }
 

Functions

static int do_mschap (rlm_mschap_t const *inst, request_t *request, fr_pair_t *password, uint8_t const *challenge, uint8_t const *response, uint8_t nthashhash[static NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, UNUSED mschap_auth_call_env_t *env_data)
 
static int do_mschap_cpw (rlm_mschap_t const *inst, request_t *request, mschap_auth_ctx_t *auth_ctx, uint8_t *new_nt_password, uint8_t *old_nt_hash)
 
static unlang_action_t mod_authenticate (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 
static unlang_action_t mod_authenticate_domain_tmpl_push (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 When changing passwords using the ntlm_auth helper, evaluate the domain tmpl. More...
 
static unlang_action_t mod_authenticate_resume (rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
 Complete mschap authentication after any tmpls have been expanded. More...
 
static unlang_action_t mod_authorize (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 
static int mod_bootstrap (module_inst_ctx_t const *mctx)
 
static int mod_detach (UNUSED module_detach_ctx_t const *mctx)
 
static int mod_instantiate (module_inst_ctx_t const *mctx)
 
static void mppe_add_reply (UNUSED rlm_mschap_t const *inst, request_t *request, fr_dict_attr_t const *da, uint8_t const *value, size_t len)
 
static void mppe_chap2_gen_keys128 (uint8_t const *nt_hashhash, uint8_t const *response, uint8_t *sendkey, uint8_t *recvkey)
 
static void mppe_chap2_get_keys128 (uint8_t const *nt_hashhash, uint8_t const *nt_response, uint8_t *sendkey, uint8_t *recvkey)
 
static void mppe_GetAsymmetricStartKey (uint8_t *masterkey, uint8_t *sesskey, int keylen, int issend)
 
static void mppe_GetMasterKey (uint8_t const *nt_hashhash, uint8_t const *nt_response, uint8_t *masterkey)
 
 MSCHAP_CALL_ENV (autz)
 
 MSCHAP_CALL_ENV (xlat)
 
static int mschap_cpw_prepare (request_t *request, mschap_auth_ctx_t *auth_ctx)
 Validate data required for change password requests. More...
 
static unlang_action_t mschap_error (rlm_rcode_t *p_result, rlm_mschap_t const *inst, request_t *request, unsigned char ident, int mschap_result, int mschap_version, fr_pair_t *smb_ctrl, mschap_auth_call_env_t *env_data)
 
static fr_pair_tmschap_identity_find (request_t *request, fr_dict_attr_t const *attr_user_name)
 
static unlang_action_t mschap_process_cpw_request (rlm_rcode_t *p_result, rlm_mschap_t const *inst, request_t *request, mschap_auth_ctx_t *auth_ctx)
 
static unlang_action_t mschap_process_response (rlm_rcode_t *p_result, int *mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const *inst, request_t *request, fr_pair_t *smb_ctrl, fr_pair_t *nt_password, fr_pair_t *challenge, fr_pair_t *response, MSCHAP_AUTH_METHOD method, mschap_auth_call_env_t *env_data)
 
static unlang_action_t mschap_process_v2_response (rlm_rcode_t *p_result, int *mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const *inst, request_t *request, fr_pair_t *smb_ctrl, fr_pair_t *nt_password, fr_pair_t *challenge, fr_pair_t *response, MSCHAP_AUTH_METHOD method, mschap_auth_call_env_t *env_data)
 
static xlat_action_t mschap_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
 Get data from MSCHAP attributes. More...
 
static int nt_password_find (TALLOC_CTX *ctx, fr_pair_t **out, rlm_mschap_t const *inst, request_t *request)
 Find a Password.NT value, or create one from a Password.Cleartext, or Password.With-Header attribute. More...
 
static int pdb_decode_acct_ctrl (char const *p)
 
static int write_all (int fd, char const *buf, size_t len)
 

Variables

fr_dict_attr_t const * attr_auth_type
 
fr_dict_attr_t const * attr_cleartext_password
 
fr_dict_attr_t const * attr_eap_identity
 
fr_dict_attr_t const * attr_ms_chap_new_cleartext_password
 
fr_dict_attr_t const * attr_ms_chap_new_nt_password
 
fr_dict_attr_t const * attr_ms_chap_peer_challenge
 
fr_dict_attr_t const * attr_ms_chap_use_ntlm_auth
 
fr_dict_attr_t const * attr_ms_chap_user_name
 
fr_dict_attr_t const * attr_nt_password
 
fr_dict_attr_t const * attr_smb_account_ctrl
 
fr_dict_attr_t const * attr_smb_account_ctrl_text
 
static const call_env_parser_t auth_call_env []
 
static const call_env_parser_t autz_call_env []
 
static fr_dict_t const * dict_freeradius
 
static fr_dict_t const * dict_radius
 
static const uint8_t magic1 [27]
 
static const uint8_t magic2 [84]
 
static const uint8_t magic3 [84]
 
static const conf_parser_t module_config []
 
static const call_env_method_t mschap_auth_method_env
 
static xlat_arg_parser_t const mschap_xlat_args []
 
static const conf_parser_t passchange_config []
 
module_rlm_t rlm_mschap
 
fr_dict_autoload_t rlm_mschap_dict []
 
fr_dict_attr_autoload_t rlm_mschap_dict_attr []
 
static const uint8_t SHSpad1 [40]
 
static const uint8_t SHSpad2 [40]
 
static const conf_parser_t winbind_config []
 
static const call_env_parser_t xlat_call_env []
 

Detailed Description

Implemented mschap authentication.

Id
3f479a3ad4037956735aa20bc576064ff7be0c90
Copyright
2000, 2001, 2006 The FreeRADIUS server project

Definition in file rlm_mschap.c.

Data Structure Documentation

◆ mschap_auth_ctx_t

struct mschap_auth_ctx_t

Definition at line 225 of file rlm_mschap.c.

+ Collaboration diagram for mschap_auth_ctx_t:
Data Fields
fr_pair_t * cpw
mschap_cpw_ctx_t * cpw_ctx
mschap_auth_call_env_t * env_data
rlm_mschap_t const * inst
MSCHAP_AUTH_METHOD method
char const * name
fr_pair_t * nt_password
fr_pair_t * smb_ctrl

◆ mschap_autz_call_env_t

struct mschap_autz_call_env_t

Definition at line 201 of file rlm_mschap.c.

+ Collaboration diagram for mschap_autz_call_env_t:
Data Fields
tmpl_t const * chap2_cpw
tmpl_t const * chap2_response
tmpl_t const * chap_challenge
tmpl_t const * chap_response

◆ mschap_cpw_ctx_t

struct mschap_cpw_ctx_t

Definition at line 216 of file rlm_mschap.c.

+ Collaboration diagram for mschap_cpw_ctx_t:
Data Fields
fr_value_box_list_t cpw_domain
fr_value_box_list_t cpw_user
fr_value_box_list_t local_cpw_result
fr_pair_t * new_hash
uint8_t new_nt_encrypted[516]
uint8_t old_nt_hash[NT_DIGEST_LENGTH]

◆ mschap_xlat_call_env_t

struct mschap_xlat_call_env_t

Definition at line 150 of file rlm_mschap.c.

+ Collaboration diagram for mschap_xlat_call_env_t:
Data Fields
tmpl_t const * chap2_response
tmpl_t const * chap_challenge
tmpl_t const * chap_response
tmpl_t const * username

Macro Definition Documentation

◆ ACB_AUTOLOCK

#define ACB_AUTOLOCK   0x04000000

Account auto locked.

Definition at line 80 of file rlm_mschap.c.

◆ ACB_DISABLED

#define ACB_DISABLED   0x00010000

User account disabled.

Definition at line 70 of file rlm_mschap.c.

◆ ACB_DOMTRUST

#define ACB_DOMTRUST   0x00400000

Interdomain trust account.

Definition at line 76 of file rlm_mschap.c.

◆ ACB_FR_EXPIRED

#define ACB_FR_EXPIRED   0x00020000

Password Expired.

Definition at line 81 of file rlm_mschap.c.

◆ ACB_HOMDIRREQ

#define ACB_HOMDIRREQ   0x00020000

Home directory required.

Definition at line 71 of file rlm_mschap.c.

◆ ACB_MNS

#define ACB_MNS   0x00200000

MNS logon user account.

Definition at line 75 of file rlm_mschap.c.

◆ ACB_NORMAL

#define ACB_NORMAL   0x00100000

Normal user account.

Definition at line 74 of file rlm_mschap.c.

◆ ACB_PWNOEXP

#define ACB_PWNOEXP   0x02000000

User password does not expire.

Definition at line 79 of file rlm_mschap.c.

◆ ACB_PWNOTREQ

#define ACB_PWNOTREQ   0x00040000

User password not required.

Definition at line 72 of file rlm_mschap.c.

◆ ACB_SVRTRUST

#define ACB_SVRTRUST   0x01000000

Server trust account.

Definition at line 78 of file rlm_mschap.c.

◆ ACB_TEMPDUP

#define ACB_TEMPDUP   0x00080000

Temporary duplicate account.

Definition at line 73 of file rlm_mschap.c.

◆ ACB_WSTRUST

#define ACB_WSTRUST   0x00800000

Workstation trust account.

Definition at line 77 of file rlm_mschap.c.

◆ CHECK_OPTION

#define CHECK_OPTION (   _option)
Value:
cp = cf_pair_find(attrs, STRINGIFY(_option)); \
if (!cp) { \
WARN("Missing option \"" STRINGIFY(_option) "\", setting use_mppe to \"no\""); \
inst->use_mppe = false; \
goto done_mppe_check; \
}
STRINGIFY
#define STRINGIFY(x)
Definition: build.h:195
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition: cf_util.c:1439

◆ LOG_PREFIX

#define LOG_PREFIX   mctx->mi->name

Definition at line 29 of file rlm_mschap.c.

◆ MSCHAP_CALL_ENV

#define MSCHAP_CALL_ENV (   _x)
Value:
static const call_env_method_t mschap_ ## _x ## _method_env = { \
FR_CALL_ENV_METHOD_OUT(mschap_ ## _x ## _call_env_t), \
.env = (call_env_parser_t[]){ \
{ FR_CALL_ENV_SUBSECTION("attributes", NULL, CALL_ENV_FLAG_REQUIRED, _x ## _call_env) }, \
CALL_ENV_TERMINATOR \
} \
}
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition: call_env.h:242
FR_CALL_ENV_SUBSECTION
#define FR_CALL_ENV_SUBSECTION(_name, _name2, _flags, _subcs)
Specify a call_env_parser_t which defines a nested subsection.
Definition: call_env.h:397
CALL_ENV_FLAG_REQUIRED
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition: call_env.h:75
call_env_method_s
Definition: call_env.h:239
call_env_parser_s
Per method call config.
Definition: call_env.h:175

Definition at line 130 of file rlm_mschap.c.

◆ MSCHAP_COMMON_CALL_ENV

#define MSCHAP_COMMON_CALL_ENV (   _x)
Value:
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap_challenge", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap_challenge), \
.pair.dflt = "&Vendor-Specific.Microsoft.CHAP-Challenge", .pair.dflt_quote = T_BARE_WORD }, \
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap_response", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap_response), \
.pair.dflt = "&Vendor-Specific.Microsoft.CHAP-Response", .pair.dflt_quote = T_BARE_WORD }, \
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap2_response", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap2_response), \
.pair.dflt = "&Vendor-Specific.Microsoft.CHAP2-Response", .pair.dflt_quote = T_BARE_WORD }
CALL_ENV_FLAG_ATTRIBUTE
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl must contain an attribute reference.
Definition: call_env.h:86
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition: call_env.h:384
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition: merged_model.c:84
T_BARE_WORD
@ T_BARE_WORD
Definition: token.h:120

Definition at line 139 of file rlm_mschap.c.

◆ MSCHAP_OPT_CALL_ENV

#define MSCHAP_OPT_CALL_ENV (   _opt,
  _x 
)    { FR_CALL_ENV_PARSE_ONLY_OFFSET(STRINGIFY(_opt), FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE, mschap_ ## _x ## _call_env_t, _opt) }

Definition at line 147 of file rlm_mschap.c.

Function Documentation

◆ do_mschap()

static int do_mschap ( rlm_mschap_t const *  inst,
request_t request,
fr_pair_t password,
uint8_t const *  challenge,
uint8_t const *  response,
uint8_t  nthashhash[static NT_DIGEST_LENGTH],
MSCHAP_AUTH_METHOD  method,
UNUSED mschap_auth_call_env_t env_data 
)
static

Definition at line 1068 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ do_mschap_cpw()

static int do_mschap_cpw ( rlm_mschap_t const *  inst,
request_t request,
mschap_auth_ctx_t auth_ctx,
uint8_t new_nt_password,
uint8_t old_nt_hash 
)
static

Definition at line 856 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authenticate()

static unlang_action_t mod_authenticate ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Definition at line 2266 of file rlm_mschap.c.

+ Here is the call graph for this function:

◆ mod_authenticate_domain_tmpl_push()

static unlang_action_t mod_authenticate_domain_tmpl_push ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

When changing passwords using the ntlm_auth helper, evaluate the domain tmpl.

Definition at line 2098 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authenticate_resume()

static unlang_action_t mod_authenticate_resume ( rlm_rcode_t p_result,
UNUSED int *  priority,
request_t request,
void *  uctx 
)
static

Complete mschap authentication after any tmpls have been expanded.

Definition at line 1949 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Definition at line 1382 of file rlm_mschap.c.

+ Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx)
static

Definition at line 2491 of file rlm_mschap.c.

+ Here is the call graph for this function:

◆ mod_detach()

static int mod_detach ( UNUSED module_detach_ctx_t const *  mctx)
static

Definition at line 2505 of file rlm_mschap.c.

+ Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx)
static

Definition at line 2391 of file rlm_mschap.c.

+ Here is the call graph for this function:

◆ mppe_add_reply()

static void mppe_add_reply ( UNUSED rlm_mschap_t const *  inst,
request_t request,
fr_dict_attr_t const *  da,
uint8_t const *  value,
size_t  len 
)
static

Definition at line 822 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_chap2_gen_keys128()

static void mppe_chap2_gen_keys128 ( uint8_t const *  nt_hashhash,
uint8_t const *  response,
uint8_t sendkey,
uint8_t recvkey 
)
static

Definition at line 1358 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_chap2_get_keys128()

static void mppe_chap2_get_keys128 ( uint8_t const *  nt_hashhash,
uint8_t const *  nt_response,
uint8_t sendkey,
uint8_t recvkey 
)
static

Definition at line 1344 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_GetAsymmetricStartKey()

static void mppe_GetAsymmetricStartKey ( uint8_t masterkey,
uint8_t sesskey,
int  keylen,
int  issend 
)
static

Definition at line 1318 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_GetMasterKey()

static void mppe_GetMasterKey ( uint8_t const *  nt_hashhash,
uint8_t const *  nt_response,
uint8_t masterkey 
)
static

Definition at line 1302 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MSCHAP_CALL_ENV() [1/2]

MSCHAP_CALL_ENV ( autz  )

◆ MSCHAP_CALL_ENV() [2/2]

MSCHAP_CALL_ENV ( xlat  )

◆ mschap_cpw_prepare()

static int mschap_cpw_prepare ( request_t request,
mschap_auth_ctx_t auth_ctx 
)
static

Validate data required for change password requests.

Definition at line 1635 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_error()

static unlang_action_t mschap_error ( rlm_rcode_t p_result,
rlm_mschap_t const *  inst,
request_t request,
unsigned char  ident,
int  mschap_result,
int  mschap_version,
fr_pair_t smb_ctrl,
mschap_auth_call_env_t env_data 
)
static

Definition at line 1417 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_identity_find()

static fr_pair_t* mschap_identity_find ( request_t request,
fr_dict_attr_t const *  attr_user_name 
)
static

Definition at line 275 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_process_cpw_request()

static unlang_action_t mschap_process_cpw_request ( rlm_rcode_t p_result,
rlm_mschap_t const *  inst,
request_t request,
mschap_auth_ctx_t auth_ctx 
)
static

Definition at line 1602 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_process_response()

static unlang_action_t mschap_process_response ( rlm_rcode_t p_result,
int *  mschap_version,
uint8_t  nthashhash[static NT_DIGEST_LENGTH],
rlm_mschap_t const *  inst,
request_t request,
fr_pair_t smb_ctrl,
fr_pair_t nt_password,
fr_pair_t challenge,
fr_pair_t response,
MSCHAP_AUTH_METHOD  method,
mschap_auth_call_env_t env_data 
)
static

Definition at line 1735 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_process_v2_response()

static unlang_action_t mschap_process_v2_response ( rlm_rcode_t p_result,
int *  mschap_version,
uint8_t  nthashhash[static NT_DIGEST_LENGTH],
rlm_mschap_t const *  inst,
request_t request,
fr_pair_t smb_ctrl,
fr_pair_t nt_password,
fr_pair_t challenge,
fr_pair_t response,
MSCHAP_AUTH_METHOD  method,
mschap_auth_call_env_t env_data 
)
static

Definition at line 1793 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nt_password_find()

static int nt_password_find ( TALLOC_CTX *  ctx,
fr_pair_t **  out,
rlm_mschap_t const *  inst,
request_t request 
)
static

Find a Password.NT value, or create one from a Password.Cleartext, or Password.With-Header attribute.

Parameters
[in]ctxto allocate ephemeral passwords in.
[out]outOur new Password.NT.
[in]instModule configuration.
[in]requestThe current request.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 1515 of file rlm_mschap.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ pdb_decode_acct_ctrl()

static int pdb_decode_acct_ctrl ( char const *  p)
static

Definition at line 290 of file rlm_mschap.c.

+ Here is the caller graph for this function:

◆ write_all()

static int write_all ( int  fd,
char const *  buf,
size_t  len 
)
static

Definition at line 837 of file rlm_mschap.c.

+ Here is the caller graph for this function:

Variable Documentation

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type

Definition at line 246 of file rlm_mschap.c.

◆ attr_cleartext_password

fr_dict_attr_t const* attr_cleartext_password

Definition at line 247 of file rlm_mschap.c.

◆ attr_eap_identity

fr_dict_attr_t const* attr_eap_identity

Definition at line 248 of file rlm_mschap.c.

◆ attr_ms_chap_new_cleartext_password

fr_dict_attr_t const* attr_ms_chap_new_cleartext_password

Definition at line 249 of file rlm_mschap.c.

◆ attr_ms_chap_new_nt_password

fr_dict_attr_t const* attr_ms_chap_new_nt_password

Definition at line 250 of file rlm_mschap.c.

◆ attr_ms_chap_peer_challenge

fr_dict_attr_t const* attr_ms_chap_peer_challenge

Definition at line 251 of file rlm_mschap.c.

◆ attr_ms_chap_use_ntlm_auth

fr_dict_attr_t const* attr_ms_chap_use_ntlm_auth

Definition at line 252 of file rlm_mschap.c.

◆ attr_ms_chap_user_name

fr_dict_attr_t const* attr_ms_chap_user_name

Definition at line 253 of file rlm_mschap.c.

◆ attr_nt_password

fr_dict_attr_t const* attr_nt_password

Definition at line 254 of file rlm_mschap.c.

◆ attr_smb_account_ctrl

fr_dict_attr_t const* attr_smb_account_ctrl

Definition at line 256 of file rlm_mschap.c.

◆ attr_smb_account_ctrl_text

fr_dict_attr_t const* attr_smb_account_ctrl_text

Definition at line 255 of file rlm_mschap.c.

◆ auth_call_env

const call_env_parser_t auth_call_env[]
static
Initial value:
= {
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_auth_call_env_t, username), .pair.dflt = "&User-Name", .pair.dflt_quote = T_BARE_WORD },
MSCHAP_COMMON_CALL_ENV(auth),
MSCHAP_OPT_CALL_ENV(chap2_success, auth),
MSCHAP_OPT_CALL_ENV(chap_error, auth),
MSCHAP_OPT_CALL_ENV(chap_mppe_keys, auth),
MSCHAP_OPT_CALL_ENV(mppe_encryption_policy, auth),
MSCHAP_OPT_CALL_ENV(mppe_recv_key, auth),
MSCHAP_OPT_CALL_ENV(mppe_send_key, auth),
MSCHAP_OPT_CALL_ENV(mppe_encryption_types, auth),
MSCHAP_OPT_CALL_ENV(chap2_cpw, auth),
MSCHAP_OPT_CALL_ENV(chap_nt_enc_pw, auth),
CALL_ENV_TERMINATOR
}
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition: call_env.h:231
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition: merged_model.c:83
MSCHAP_OPT_CALL_ENV
#define MSCHAP_OPT_CALL_ENV(_opt, _x)
Definition: rlm_mschap.c:147
MSCHAP_COMMON_CALL_ENV
#define MSCHAP_COMMON_CALL_ENV(_x)
Definition: rlm_mschap.c:139
mschap_auth_call_env_t
Definition: rlm_mschap.h:68
username
username
Definition: rlm_securid.c:420

Definition at line 165 of file rlm_mschap.c.

◆ autz_call_env

const call_env_parser_t autz_call_env[]
static
Initial value:
= {
MSCHAP_COMMON_CALL_ENV(autz),
MSCHAP_OPT_CALL_ENV(chap2_cpw, autz),
CALL_ENV_TERMINATOR
}

Definition at line 208 of file rlm_mschap.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius
static

Definition at line 236 of file rlm_mschap.c.

◆ dict_radius

fr_dict_t const* dict_radius
static

Definition at line 237 of file rlm_mschap.c.

◆ magic1

const uint8_t magic1[27]
static
Initial value:
=
{ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }

Definition at line 1274 of file rlm_mschap.c.

◆ magic2

const uint8_t magic2[84]
static
Initial value:
=
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x2e }

Definition at line 1279 of file rlm_mschap.c.

◆ magic3

const uint8_t magic3[84]
static
Initial value:
=
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
0x6b, 0x65, 0x79, 0x2e }

Definition at line 1290 of file rlm_mschap.c.

◆ module_config

const conf_parser_t module_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("normalise", rlm_mschap_t, normify), .dflt = "yes" },
{ FR_CONF_OFFSET("use_mppe", rlm_mschap_t, use_mppe), .dflt = "yes" },
{ FR_CONF_OFFSET("require_encryption", rlm_mschap_t, require_encryption), .dflt = "no" },
{ FR_CONF_OFFSET("require_strong", rlm_mschap_t, require_strong), .dflt = "no" },
{ FR_CONF_OFFSET("with_ntdomain_hack", rlm_mschap_t, with_ntdomain_hack), .dflt = "yes" },
{ FR_CONF_OFFSET_FLAGS("ntlm_auth", CONF_FLAG_XLAT, rlm_mschap_t, ntlm_auth) },
{ FR_CONF_OFFSET("ntlm_auth_timeout", rlm_mschap_t, ntlm_auth_timeout) },
{ FR_CONF_POINTER("passchange", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) passchange_config },
{ FR_CONF_OFFSET("allow_retry", rlm_mschap_t, allow_retry), .dflt = "yes" },
{ FR_CONF_OFFSET("retry_msg", rlm_mschap_t, retry_msg) },
{ FR_CONF_POINTER("winbind", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) winbind_config },
{ FR_CONF_DEPRECATED("winbind_username", rlm_mschap_t, wb_username) },
CONF_PARSER_TERMINATOR
}
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:627
FR_CONF_DEPRECATED
#define FR_CONF_DEPRECATED(_name, _struct, _field)
conf_parser_t entry which raises an error if a matching CONF_PAIR is found
Definition: cf_parse.h:385
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
FR_CONF_POINTER
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:256
CONF_FLAG_XLAT
@ CONF_FLAG_XLAT
string will be dynamically expanded.
Definition: cf_parse.h:416
CONF_FLAG_SUBSECTION
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:399
normify
static ssize_t normify(normalise_t *action, uint8_t *buffer, size_t bufflen, char const *known_good, size_t len, size_t min_len)
Definition: password.c:400
passchange_config
static const conf_parser_t passchange_config[]
Definition: rlm_mschap.c:83
winbind_config
static const conf_parser_t winbind_config[]
Definition: rlm_mschap.c:88
rlm_mschap_t
Definition: rlm_mschap.h:41

Definition at line 96 of file rlm_mschap.c.

◆ mschap_auth_method_env

const call_env_method_t mschap_auth_method_env
static
Initial value:
= {
FR_CALL_ENV_METHOD_OUT(mschap_auth_call_env_t),
.env = (call_env_parser_t[]){
{ FR_CALL_ENV_SUBSECTION("attributes", NULL, CALL_ENV_FLAG_REQUIRED, auth_call_env) },
{ FR_CALL_ENV_SUBSECTION("passchange", NULL, CALL_ENV_FLAG_SUBSECTION,
((call_env_parser_t[]) {
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("ntlm_auth_username", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, ntlm_cpw_username) },
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("ntlm_auth_domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, ntlm_cpw_domain) },
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("local_cpw", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, local_cpw) },
CALL_ENV_TERMINATOR
}))},
{ FR_CALL_ENV_SUBSECTION("winbind", NULL, CALL_ENV_FLAG_NONE,
((call_env_parser_t[]) {
{ FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, wb_username) },
{ FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NULLABLE, mschap_auth_call_env_t, wb_domain) },
CALL_ENV_TERMINATOR
}))},
CALL_ENV_TERMINATOR
}
}
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition: call_env.h:235
CALL_ENV_FLAG_SUBSECTION
@ CALL_ENV_FLAG_SUBSECTION
This is a subsection.
Definition: call_env.h:87
CALL_ENV_FLAG_NONE
@ CALL_ENV_FLAG_NONE
Definition: call_env.h:74
CALL_ENV_FLAG_NULLABLE
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition: call_env.h:80
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition: call_env.h:335
auth_call_env
static const call_env_parser_t auth_call_env[]
Definition: rlm_mschap.c:165

Definition at line 180 of file rlm_mschap.c.

◆ mschap_xlat_args

xlat_arg_parser_t const mschap_xlat_args[]
static
Initial value:
= {
{ .required = true, .single = true, .type = FR_TYPE_STRING },
{ .concat = true, .type = FR_TYPE_STRING },
XLAT_ARG_PARSER_TERMINATOR
}
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition: xlat.h:166

Definition at line 368 of file rlm_mschap.c.

◆ passchange_config

const conf_parser_t passchange_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET_FLAGS("ntlm_auth", CONF_FLAG_XLAT, rlm_mschap_t, ntlm_cpw) },
CONF_PARSER_TERMINATOR
}

Definition at line 83 of file rlm_mschap.c.

◆ rlm_mschap

module_rlm_t rlm_mschap
Initial value:
= {
.common = {
.magic = MODULE_MAGIC_INIT,
.name = "mschap",
.inst_size = sizeof(rlm_mschap_t),
.config = module_config,
.bootstrap = mod_bootstrap,
.instantiate = mod_instantiate,
.detach = mod_detach
},
.method_group = {
.bindings = (module_method_binding_t[]){
{ .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &mschap_auth_method_env },
{ .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &mschap_autz_method_env },
MODULE_BINDING_TERMINATOR
}
}
}
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition: cf_util.h:78
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
config
static const conf_parser_t config[]
Definition: base.c:183
mschap_auth_method_env
static const call_env_method_t mschap_auth_method_env
Definition: rlm_mschap.c:180
mod_authenticate
static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_mschap.c:2266
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition: rlm_mschap.c:2491
mod_detach
static int mod_detach(UNUSED module_detach_ctx_t const *mctx)
Definition: rlm_mschap.c:2505
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_mschap.c:1382
module_config
static const conf_parser_t module_config[]
Definition: rlm_mschap.c:96
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition: rlm_mschap.c:2391
instantiate
static int instantiate(module_inst_ctx_t const *mctx)
Definition: rlm_rest.c:1302
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition: section.h:40
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition: module.h:151
module_method_binding_s
Named methods exported by a module.
Definition: module.h:173

Definition at line 2522 of file rlm_mschap.c.

◆ rlm_mschap_dict

fr_dict_autoload_t rlm_mschap_dict
Initial value:
= {
{ .out = &dict_freeradius, .proto = "freeradius" },
{ .out = &dict_radius, .proto = "radius" },
{ NULL }
}
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition: rlm_mschap.c:236
dict_radius
static fr_dict_t const * dict_radius
Definition: rlm_mschap.c:237

Definition at line 240 of file rlm_mschap.c.

◆ rlm_mschap_dict_attr

fr_dict_attr_autoload_t rlm_mschap_dict_attr
Initial value:
= {
{ .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
{ .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_eap_identity, .name = "EAP-Identity", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_ms_chap_new_cleartext_password, .name = "MS-CHAP-New-Cleartext-Password", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_ms_chap_new_nt_password, .name = "MS-CHAP-New-NT-Password", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
{ .out = &attr_ms_chap_peer_challenge, .name = "MS-CHAP-Peer-Challenge", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
{ .out = &attr_ms_chap_use_ntlm_auth, .name = "MS-CHAP-Use-NTLM-Auth", .type = FR_TYPE_UINT8, .dict = &dict_freeradius },
{ .out = &attr_ms_chap_user_name, .name = "MS-CHAP-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_nt_password, .name = "Password.NT", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
{ .out = &attr_smb_account_ctrl_text, .name = "SMB-Account-Ctrl-Text", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_smb_account_ctrl, .name = "SMB-Account-Ctrl", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
{ NULL }
}
FR_TYPE_UINT8
@ FR_TYPE_UINT8
8 Bit unsigned integer.
Definition: merged_model.c:97
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
attr_smb_account_ctrl
fr_dict_attr_t const * attr_smb_account_ctrl
Definition: rlm_mschap.c:256
attr_nt_password
fr_dict_attr_t const * attr_nt_password
Definition: rlm_mschap.c:254
attr_ms_chap_new_cleartext_password
fr_dict_attr_t const * attr_ms_chap_new_cleartext_password
Definition: rlm_mschap.c:249
attr_eap_identity
fr_dict_attr_t const * attr_eap_identity
Definition: rlm_mschap.c:248
attr_smb_account_ctrl_text
fr_dict_attr_t const * attr_smb_account_ctrl_text
Definition: rlm_mschap.c:255
attr_auth_type
fr_dict_attr_t const * attr_auth_type
Definition: rlm_mschap.c:246
attr_ms_chap_user_name
fr_dict_attr_t const * attr_ms_chap_user_name
Definition: rlm_mschap.c:253
attr_ms_chap_use_ntlm_auth
fr_dict_attr_t const * attr_ms_chap_use_ntlm_auth
Definition: rlm_mschap.c:252
attr_cleartext_password
fr_dict_attr_t const * attr_cleartext_password
Definition: rlm_mschap.c:247
attr_ms_chap_new_nt_password
fr_dict_attr_t const * attr_ms_chap_new_nt_password
Definition: rlm_mschap.c:250
attr_ms_chap_peer_challenge
fr_dict_attr_t const * attr_ms_chap_peer_challenge
Definition: rlm_mschap.c:251

Definition at line 259 of file rlm_mschap.c.

◆ SHSpad1

const uint8_t SHSpad1[40]
static
Initial value:
=
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

Definition at line 1262 of file rlm_mschap.c.

◆ SHSpad2

const uint8_t SHSpad2[40]
static
Initial value:
=
{ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }

Definition at line 1268 of file rlm_mschap.c.

◆ winbind_config

const conf_parser_t winbind_config[]
static
Initial value:
= {
{ FR_CONF_OFFSET("username", rlm_mschap_t, wb_username) },
CONF_PARSER_TERMINATOR
}

Definition at line 88 of file rlm_mschap.c.

◆ xlat_call_env

const call_env_parser_t xlat_call_env[]
static
Initial value:
= {
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_xlat_call_env_t, username), .pair.dflt = "&User-Name", .pair.dflt_quote = T_BARE_WORD },
MSCHAP_COMMON_CALL_ENV(xlat),
CALL_ENV_TERMINATOR
}
mschap_xlat_call_env_t
Definition: rlm_mschap.c:150

Definition at line 157 of file rlm_mschap.c.

Generated by   doxygen 1.9.1