Implemented mschap authentication. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/exec_legacy.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/password.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/radius/defs.h>
#include <freeradius-devel/util/base16.h>
#include <freeradius-devel/util/md4.h>
#include <freeradius-devel/util/md5.h>
#include <freeradius-devel/util/misc.h>
#include <freeradius-devel/util/sha1.h>
#include <freeradius-devel/unlang/function.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <sys/wait.h>
#include "rlm_mschap.h"
#include "smbdes.h"

Include dependency graph for rlm_mschap.c:

Go to the source code of this file.

Data Structures
struct	mschap_autz_call_env_t

struct	mschap_xlat_call_env_t

Macros
#define	ACB_AUTOLOCK 0x04000000
	Account auto locked.

#define	ACB_DISABLED 0x00010000
	User account disabled.

#define	ACB_DOMTRUST 0x00400000
	Interdomain trust account.

#define	ACB_FR_EXPIRED 0x00020000
	Password Expired.

#define	ACB_HOMDIRREQ 0x00020000
	Home directory required.

#define	ACB_MNS 0x00200000
	MNS logon user account.

#define	ACB_NORMAL 0x00100000
	Normal user account.

#define	ACB_PWNOEXP 0x02000000
	User password does not expire.

#define	ACB_PWNOTREQ 0x00040000
	User password not required.

#define	ACB_SVRTRUST 0x01000000
	Server trust account.

#define	ACB_TEMPDUP 0x00080000
	Temporary duplicate account.

#define	ACB_WSTRUST 0x00800000
	Workstation trust account.

#define	CHECK_OPTION(_option)

#define	LOG_PREFIX mctx->mi->name

#define	MSCHAP_CALL_ENV(_x)

#define	MSCHAP_COMMON_CALL_ENV(_x)

#define	MSCHAP_OPT_CALL_ENV(_opt, _x) { FR_CALL_ENV_PARSE_ONLY_OFFSET(STRINGIFY(_opt), FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE, mschap_ ## _x ## _call_env_t, _opt) }

Functions
static int	do_mschap (rlm_mschap_t const inst, request_t request, mschap_auth_ctx_t auth_ctx, uint8_t const challenge, uint8_t const *response, uint8_t nthashhash[static NT_DIGEST_LENGTH])

static int	do_mschap_cpw (rlm_mschap_t const inst, request_t request, mschap_auth_ctx_t auth_ctx, uint8_t new_nt_password, uint8_t *old_nt_hash)

static unlang_action_t	mod_authenticate (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static unlang_action_t	mod_authenticate_domain_tmpl_push (rlm_rcode_t p_result, UNUSED int priority, request_t request, void uctx)
	When changing passwords using the ntlm_auth helper, evaluate the domain tmpl.

static unlang_action_t	mod_authenticate_resume (rlm_rcode_t p_result, UNUSED int priority, request_t request, void uctx)
	Complete mschap authentication after any tmpls have been expanded.

static unlang_action_t	mod_authorize (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static int	mod_bootstrap (module_inst_ctx_t const *mctx)

static int	mod_instantiate (module_inst_ctx_t const *mctx)

static void	mppe_add_reply (UNUSED rlm_mschap_t const inst, request_t request, fr_dict_attr_t const da, uint8_t const value, size_t len)

static void	mppe_chap2_gen_keys128 (uint8_t const nt_hashhash, uint8_t const response, uint8_t sendkey, uint8_t recvkey)

static void	mppe_chap2_get_keys128 (uint8_t const nt_hashhash, uint8_t const nt_response, uint8_t sendkey, uint8_t recvkey)

static void	mppe_GetAsymmetricStartKey (uint8_t masterkey, uint8_t sesskey, int keylen, int issend)

static void	mppe_GetMasterKey (uint8_t const nt_hashhash, uint8_t const nt_response, uint8_t *masterkey)

	MSCHAP_CALL_ENV (autz)

	MSCHAP_CALL_ENV (xlat)

static int	mschap_cpw_prepare (request_t request, mschap_auth_ctx_t auth_ctx)
	Validate data required for change password requests.

static unlang_action_t	mschap_error (rlm_rcode_t p_result, rlm_mschap_t const inst, request_t request, unsigned char ident, int mschap_result, int mschap_version, fr_pair_t smb_ctrl, mschap_auth_call_env_t *env_data)

static fr_pair_t *	mschap_identity_find (request_t request, fr_dict_attr_t const attr_user_name)

static unlang_action_t	mschap_process_cpw_request (rlm_rcode_t p_result, rlm_mschap_t const inst, request_t request, mschap_auth_ctx_t auth_ctx)

static unlang_action_t	mschap_process_response (rlm_rcode_t p_result, int mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const inst, request_t request, mschap_auth_ctx_t auth_ctx, fr_pair_t challenge, fr_pair_t *response)

static unlang_action_t	mschap_process_v2_response (rlm_rcode_t p_result, int mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const inst, request_t request, mschap_auth_ctx_t auth_ctx, fr_pair_t challenge, fr_pair_t *response)

static xlat_action_t	mschap_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Get data from MSCHAP attributes.

static int	nt_password_find (TALLOC_CTX ctx, fr_pair_t out, rlm_mschap_t const inst, request_t *request)
	Find a Password.NT value, or create one from a Password.Cleartext, or Password.With-Header attribute.

static int	pdb_decode_acct_ctrl (char const *p)

static int	write_all (int fd, char const *buf, size_t len)

Variables
fr_dict_attr_t const *	attr_auth_type

fr_dict_attr_t const *	attr_cleartext_password

fr_dict_attr_t const *	attr_eap_identity

fr_dict_attr_t const *	attr_ms_chap_new_cleartext_password

fr_dict_attr_t const *	attr_ms_chap_new_nt_password

fr_dict_attr_t const *	attr_ms_chap_peer_challenge

fr_dict_attr_t const *	attr_ms_chap_use_ntlm_auth

fr_dict_attr_t const *	attr_ms_chap_user_name

fr_dict_attr_t const *	attr_nt_password

fr_dict_attr_t const *	attr_smb_account_ctrl

fr_dict_attr_t const *	attr_smb_account_ctrl_text

static const call_env_parser_t	auth_call_env []

static const call_env_parser_t	autz_call_env []

static fr_dict_t const *	dict_freeradius

static fr_dict_t const *	dict_radius

static const uint8_t	magic1 [27]

static const uint8_t	magic2 [84]

static const uint8_t	magic3 [84]

static const conf_parser_t	module_config []

static const call_env_method_t	mschap_auth_method_env

static xlat_arg_parser_t const	mschap_xlat_args []

static const conf_parser_t	passchange_config []

module_rlm_t	rlm_mschap

fr_dict_autoload_t	rlm_mschap_dict []

fr_dict_attr_autoload_t	rlm_mschap_dict_attr []

static const uint8_t	SHSpad1 [40]

static const uint8_t	SHSpad2 [40]

static const conf_parser_t	winbind_config []

static const call_env_parser_t	xlat_call_env []

Detailed Description

Implemented mschap authentication.

Id: 8fe6ef4634a430f9af188f548216f6e7bcb8b9ea

Copyright: 2000, 2001, 2006 The FreeRADIUS server project

Definition in file rlm_mschap.c.

Data Structure Documentation

◆ mschap_autz_call_env_t

struct mschap_autz_call_env_t

Definition at line 208 of file rlm_mschap.c.

Collaboration diagram for mschap_autz_call_env_t:

Data Fields
tmpl_t const *	chap2_cpw
tmpl_t const *	chap2_response
tmpl_t const *	chap_challenge
tmpl_t const *	chap_response

◆ mschap_xlat_call_env_t

struct mschap_xlat_call_env_t

Definition at line 157 of file rlm_mschap.c.

Collaboration diagram for mschap_xlat_call_env_t:

Data Fields
tmpl_t const *	chap2_response
tmpl_t const *	chap_challenge
tmpl_t const *	chap_response
tmpl_t const *	username

Macro Definition Documentation

◆ ACB_AUTOLOCK

#define ACB_AUTOLOCK 0x04000000

Account auto locked.

Definition at line 79 of file rlm_mschap.c.

◆ ACB_DISABLED

#define ACB_DISABLED 0x00010000

User account disabled.

Definition at line 69 of file rlm_mschap.c.

◆ ACB_DOMTRUST

#define ACB_DOMTRUST 0x00400000

Interdomain trust account.

Definition at line 75 of file rlm_mschap.c.

◆ ACB_FR_EXPIRED

#define ACB_FR_EXPIRED 0x00020000

Password Expired.

Definition at line 80 of file rlm_mschap.c.

◆ ACB_HOMDIRREQ

#define ACB_HOMDIRREQ 0x00020000

Home directory required.

Definition at line 70 of file rlm_mschap.c.

◆ ACB_MNS

#define ACB_MNS 0x00200000

MNS logon user account.

Definition at line 74 of file rlm_mschap.c.

◆ ACB_NORMAL

#define ACB_NORMAL 0x00100000

Normal user account.

Definition at line 73 of file rlm_mschap.c.

◆ ACB_PWNOEXP

#define ACB_PWNOEXP 0x02000000

User password does not expire.

Definition at line 78 of file rlm_mschap.c.

◆ ACB_PWNOTREQ

#define ACB_PWNOTREQ 0x00040000

User password not required.

Definition at line 71 of file rlm_mschap.c.

◆ ACB_SVRTRUST

#define ACB_SVRTRUST 0x01000000

Server trust account.

Definition at line 77 of file rlm_mschap.c.

◆ ACB_TEMPDUP

#define ACB_TEMPDUP 0x00080000

Temporary duplicate account.

Definition at line 72 of file rlm_mschap.c.

◆ ACB_WSTRUST

#define ACB_WSTRUST 0x00800000

Workstation trust account.

Definition at line 76 of file rlm_mschap.c.

◆ CHECK_OPTION

#define CHECK_OPTION ( _option )

Value:

cp = cf_pair_find(attrs, STRINGIFY(_option)); \
if (!cp) { \
        WARN("Missing option \"" STRINGIFY(_option) "\", setting use_mppe to \"no\""); \
        inst->use_mppe = false; \
        goto done_mppe_check; \
}

◆ LOG_PREFIX

#define LOG_PREFIX mctx->mi->name

Definition at line 29 of file rlm_mschap.c.

◆ MSCHAP_CALL_ENV

#define MSCHAP_CALL_ENV ( _x )

Value:

static const call_env_method_t mschap_ ## _x ## _method_env = { \
        FR_CALL_ENV_METHOD_OUT(mschap_ ## _x ## _call_env_t), \
        .env = (call_env_parser_t[]){ \
                { FR_CALL_ENV_SUBSECTION("attributes", NULL, CALL_ENV_FLAG_REQUIRED, _x ## _call_env) }, \
                CALL_ENV_TERMINATOR \
        } \
}

Definition at line 137 of file rlm_mschap.c.

◆ MSCHAP_COMMON_CALL_ENV

#define MSCHAP_COMMON_CALL_ENV ( _x )

Value:

{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap_challenge", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap_challenge), \
                               .pair.dflt = "&Vendor-Specific.Microsoft.CHAP-Challenge", .pair.dflt_quote = T_BARE_WORD }, \
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap_response", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap_response), \
                               .pair.dflt = "&Vendor-Specific.Microsoft.CHAP-Response", .pair.dflt_quote = T_BARE_WORD }, \
{ FR_CALL_ENV_PARSE_ONLY_OFFSET("chap2_response", FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_ ## _x ## _call_env_t, chap2_response), \
                               .pair.dflt = "&Vendor-Specific.Microsoft.CHAP2-Response", .pair.dflt_quote = T_BARE_WORD }

Definition at line 146 of file rlm_mschap.c.

◆ MSCHAP_OPT_CALL_ENV

#define MSCHAP_OPT_CALL_ENV	(	_opt,
		_x
	)	{ FR_CALL_ENV_PARSE_ONLY_OFFSET(STRINGIFY(_opt), FR_TYPE_OCTETS, CALL_ENV_FLAG_ATTRIBUTE, mschap_ ## _x ## _call_env_t, _opt) }

Definition at line 154 of file rlm_mschap.c.

Function Documentation

◆ do_mschap()

static int do_mschap	(	rlm_mschap_t const *	inst,
		request_t *	request,
		mschap_auth_ctx_t *	auth_ctx,
		uint8_t const *	challenge,
		uint8_t const *	response,
		uint8_t	nthashhash[static NT_DIGEST_LENGTH]
	)

static

Definition at line 1054 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ do_mschap_cpw()

static int do_mschap_cpw	(	rlm_mschap_t const *	inst,
		request_t *	request,
		mschap_auth_ctx_t *	auth_ctx,
		uint8_t *	new_nt_password,
		uint8_t *	old_nt_hash
	)

static

Definition at line 842 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authenticate()

static unlang_action_t mod_authenticate	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 2231 of file rlm_mschap.c.

Here is the call graph for this function:

◆ mod_authenticate_domain_tmpl_push()

static unlang_action_t mod_authenticate_domain_tmpl_push	(	rlm_rcode_t *	p_result,
		UNUSED int *	priority,
		request_t *	request,
		void *	uctx
	)

static

When changing passwords using the ntlm_auth helper, evaluate the domain tmpl.

Definition at line 2063 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authenticate_resume()

static unlang_action_t mod_authenticate_resume	(	rlm_rcode_t *	p_result,
		UNUSED int *	priority,
		request_t *	request,
		void *	uctx
	)

static

Complete mschap authentication after any tmpls have been expanded.

Definition at line 1916 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 1361 of file rlm_mschap.c.

Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const * mctx )

static

Definition at line 2456 of file rlm_mschap.c.

Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const * mctx )

static

Definition at line 2362 of file rlm_mschap.c.

Here is the call graph for this function:

◆ mppe_add_reply()

static void mppe_add_reply	(	UNUSED rlm_mschap_t const *	inst,
		request_t *	request,
		fr_dict_attr_t const *	da,
		uint8_t const *	value,
		size_t	len
	)

static

Definition at line 799 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mppe_chap2_gen_keys128()

static void mppe_chap2_gen_keys128	(	uint8_t const *	nt_hashhash,
		uint8_t const *	response,
		uint8_t *	sendkey,
		uint8_t *	recvkey
	)

static

Definition at line 1337 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mppe_chap2_get_keys128()

static void mppe_chap2_get_keys128	(	uint8_t const *	nt_hashhash,
		uint8_t const *	nt_response,
		uint8_t *	sendkey,
		uint8_t *	recvkey
	)

static

Definition at line 1323 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mppe_GetAsymmetricStartKey()

static void mppe_GetAsymmetricStartKey	(	uint8_t *	masterkey,
		uint8_t *	sesskey,
		int	keylen,
		int	issend
	)

static

Definition at line 1297 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mppe_GetMasterKey()

static void mppe_GetMasterKey	(	uint8_t const *	nt_hashhash,
		uint8_t const *	nt_response,
		uint8_t *	masterkey
	)

static

Definition at line 1281 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ MSCHAP_CALL_ENV() [1/2]

MSCHAP_CALL_ENV ( autz )

◆ MSCHAP_CALL_ENV() [2/2]

MSCHAP_CALL_ENV ( xlat )

◆ mschap_cpw_prepare()

static int mschap_cpw_prepare	(	request_t *	request,
		mschap_auth_ctx_t *	auth_ctx
	)

static

Validate data required for change password requests.

Definition at line 1614 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mschap_error()

static unlang_action_t mschap_error	(	rlm_rcode_t *	p_result,
		rlm_mschap_t const *	inst,
		request_t *	request,
		unsigned char	ident,
		int	mschap_result,
		int	mschap_version,
		fr_pair_t *	smb_ctrl,
		mschap_auth_call_env_t *	env_data
	)

static

Definition at line 1396 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mschap_identity_find()

static fr_pair_t * mschap_identity_find	(	request_t *	request,
		fr_dict_attr_t const *	attr_user_name
	)

static

Definition at line 262 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mschap_process_cpw_request()

static unlang_action_t mschap_process_cpw_request	(	rlm_rcode_t *	p_result,
		rlm_mschap_t const *	inst,
		request_t *	request,
		mschap_auth_ctx_t *	auth_ctx
	)

static

Definition at line 1581 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mschap_process_response()

static unlang_action_t mschap_process_response	(	rlm_rcode_t *	p_result,
		int *	mschap_version,
		uint8_t	nthashhash[static NT_DIGEST_LENGTH],
		rlm_mschap_t const *	inst,
		request_t *	request,
		mschap_auth_ctx_t *	auth_ctx,
		fr_pair_t *	challenge,
		fr_pair_t *	response
	)

static

Definition at line 1714 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mschap_process_v2_response()

static unlang_action_t mschap_process_v2_response	(	rlm_rcode_t *	p_result,
		int *	mschap_version,
		uint8_t	nthashhash[static NT_DIGEST_LENGTH],
		rlm_mschap_t const *	inst,
		request_t *	request,
		mschap_auth_ctx_t *	auth_ctx,
		fr_pair_t *	challenge,
		fr_pair_t *	response
	)

static

Definition at line 1766 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ nt_password_find()

static int nt_password_find	(	TALLOC_CTX *	ctx,
		fr_pair_t **	out,
		rlm_mschap_t const *	inst,
		request_t *	request
	)

static

Find a Password.NT value, or create one from a Password.Cleartext, or Password.With-Header attribute.

Parameters

[in]	ctx	to allocate ephemeral passwords in.
[out]	out	Our new Password.NT.
[in]	inst	Module configuration.
[in]	request	The current request.

Returns

0 on success.
-1 on failure.

Definition at line 1494 of file rlm_mschap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ pdb_decode_acct_ctrl()

static int pdb_decode_acct_ctrl ( char const * p )

static

Definition at line 277 of file rlm_mschap.c.

Here is the caller graph for this function:

◆ write_all()

static int write_all	(	int	fd,
		char const *	buf,
		size_t	len
	)

static

Definition at line 814 of file rlm_mschap.c.

Here is the caller graph for this function:

Variable Documentation

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type

Definition at line 233 of file rlm_mschap.c.

◆ attr_cleartext_password

fr_dict_attr_t const* attr_cleartext_password

Definition at line 234 of file rlm_mschap.c.

◆ attr_eap_identity

fr_dict_attr_t const* attr_eap_identity

Definition at line 235 of file rlm_mschap.c.

◆ attr_ms_chap_new_cleartext_password

fr_dict_attr_t const* attr_ms_chap_new_cleartext_password

Definition at line 236 of file rlm_mschap.c.

◆ attr_ms_chap_new_nt_password

fr_dict_attr_t const* attr_ms_chap_new_nt_password

Definition at line 237 of file rlm_mschap.c.

◆ attr_ms_chap_peer_challenge

fr_dict_attr_t const* attr_ms_chap_peer_challenge

Definition at line 238 of file rlm_mschap.c.

◆ attr_ms_chap_use_ntlm_auth

fr_dict_attr_t const* attr_ms_chap_use_ntlm_auth

Definition at line 239 of file rlm_mschap.c.

◆ attr_ms_chap_user_name

fr_dict_attr_t const* attr_ms_chap_user_name

Definition at line 240 of file rlm_mschap.c.

◆ attr_nt_password

fr_dict_attr_t const* attr_nt_password

Definition at line 241 of file rlm_mschap.c.

◆ attr_smb_account_ctrl

fr_dict_attr_t const* attr_smb_account_ctrl

Definition at line 243 of file rlm_mschap.c.

◆ attr_smb_account_ctrl_text

fr_dict_attr_t const* attr_smb_account_ctrl_text

Definition at line 242 of file rlm_mschap.c.

◆ auth_call_env

const call_env_parser_t auth_call_env[]

static

Initial value:

= {
        { FR_CALL_ENV_PARSE_ONLY_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_auth_call_env_t, username), .pair.dflt = "&User-Name", .pair.dflt_quote = T_BARE_WORD },
        MSCHAP_COMMON_CALL_ENV(auth),
        MSCHAP_OPT_CALL_ENV(chap2_success, auth),
        MSCHAP_OPT_CALL_ENV(chap_error, auth),
        MSCHAP_OPT_CALL_ENV(chap_mppe_keys, auth),
        MSCHAP_OPT_CALL_ENV(mppe_encryption_policy, auth),
        MSCHAP_OPT_CALL_ENV(mppe_recv_key, auth),
        MSCHAP_OPT_CALL_ENV(mppe_send_key, auth),
        MSCHAP_OPT_CALL_ENV(mppe_encryption_types, auth),
        MSCHAP_OPT_CALL_ENV(chap2_cpw, auth),
        MSCHAP_OPT_CALL_ENV(chap_nt_enc_pw, auth),
        CALL_ENV_TERMINATOR
}

Definition at line 172 of file rlm_mschap.c.

◆ autz_call_env

const call_env_parser_t autz_call_env[]

static

Initial value:

= {
        MSCHAP_COMMON_CALL_ENV(autz),
        MSCHAP_OPT_CALL_ENV(chap2_cpw, autz),
        CALL_ENV_TERMINATOR
}

Definition at line 215 of file rlm_mschap.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 223 of file rlm_mschap.c.

◆ dict_radius

fr_dict_t const* dict_radius

static

Definition at line 224 of file rlm_mschap.c.

◆ magic1

const uint8_t magic1[27]

static

Initial value:

=
               { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
                 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
                 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }

Definition at line 1253 of file rlm_mschap.c.

◆ magic2

const uint8_t magic2[84]

static

Initial value:

=
               { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
                 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
                 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
                 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
                 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
                 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
                 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
                 0x6b, 0x65, 0x79, 0x2e }

Definition at line 1258 of file rlm_mschap.c.

◆ magic3

const uint8_t magic3[84]

static

Initial value:

=
               { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
                 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
                 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
                 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
                 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
                 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
                 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
                 0x6b, 0x65, 0x79, 0x2e }

Definition at line 1269 of file rlm_mschap.c.

◆ module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("normalise", rlm_mschap_t, normify), .dflt = "yes" },
 
        { FR_CONF_OFFSET("use_mppe", rlm_mschap_t, use_mppe), .dflt = "yes" },
        { FR_CONF_OFFSET("require_encryption", rlm_mschap_t, require_encryption), .dflt = "no" },
        { FR_CONF_OFFSET("require_strong", rlm_mschap_t, require_strong), .dflt = "no" },
        { FR_CONF_OFFSET("with_ntdomain_hack", rlm_mschap_t, with_ntdomain_hack), .dflt = "yes" },
        { FR_CONF_OFFSET_FLAGS("ntlm_auth", CONF_FLAG_XLAT, rlm_mschap_t, ntlm_auth) },
        { FR_CONF_OFFSET("ntlm_auth_timeout", rlm_mschap_t, ntlm_auth_timeout) },
 
        { FR_CONF_POINTER("passchange", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) passchange_config },
        { FR_CONF_OFFSET("allow_retry", rlm_mschap_t, allow_retry), .dflt = "yes" },
        { FR_CONF_OFFSET("retry_msg", rlm_mschap_t, retry_msg) },
 
        { FR_CONF_POINTER("winbind", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) winbind_config },
 
        { FR_CONF_DEPRECATED("winbind_username", rlm_mschap_t, wb_username) },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 103 of file rlm_mschap.c.

◆ mschap_auth_method_env

const call_env_method_t mschap_auth_method_env

static

Initial value:

= {
        FR_CALL_ENV_METHOD_OUT(mschap_auth_call_env_t),
        .env = (call_env_parser_t[]){ 
                { FR_CALL_ENV_SUBSECTION("attributes", NULL, CALL_ENV_FLAG_REQUIRED, auth_call_env) },
                { FR_CALL_ENV_SUBSECTION("passchange", NULL, CALL_ENV_FLAG_SUBSECTION,
                        ((call_env_parser_t[]) {
                                { FR_CALL_ENV_PARSE_ONLY_OFFSET("ntlm_auth_username", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, ntlm_cpw_username) },
                                { FR_CALL_ENV_PARSE_ONLY_OFFSET("ntlm_auth_domain", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, ntlm_cpw_domain) },
                                { FR_CALL_ENV_PARSE_ONLY_OFFSET("local_cpw", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, local_cpw) },
                                CALL_ENV_TERMINATOR
                        }))},
                { FR_CALL_ENV_SUBSECTION("winbind", NULL, CALL_ENV_FLAG_NONE,
                        ((call_env_parser_t[]) {
                                { FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_NONE, mschap_auth_call_env_t, wb_username) },
                                { FR_CALL_ENV_OFFSET("domain", FR_TYPE_STRING, CALL_ENV_FLAG_NULLABLE, mschap_auth_call_env_t, wb_domain) },
                                CALL_ENV_TERMINATOR
                        }))},
                CALL_ENV_TERMINATOR
        }
}

Definition at line 187 of file rlm_mschap.c.

◆ mschap_xlat_args

xlat_arg_parser_t const mschap_xlat_args[]

static

Initial value:

= {
        { .required = true, .single = true, .type = FR_TYPE_STRING },
        { .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 355 of file rlm_mschap.c.

◆ passchange_config

const conf_parser_t passchange_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_FLAGS("ntlm_auth", CONF_FLAG_XLAT, rlm_mschap_t, ntlm_cpw) },
        CONF_PARSER_TERMINATOR
}

Definition at line 82 of file rlm_mschap.c.

◆ rlm_mschap

module_rlm_t rlm_mschap

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "mschap",
                .inst_size      = sizeof(rlm_mschap_t),
                .config         = module_config,
                .bootstrap      = mod_bootstrap,
                .instantiate    = mod_instantiate,
 
 
 
 
 
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &mschap_auth_method_env },
                        { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &mschap_autz_method_env },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 2491 of file rlm_mschap.c.

◆ rlm_mschap_dict

fr_dict_autoload_t rlm_mschap_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { .out = &dict_radius, .proto = "radius" },
        { NULL }
}

Definition at line 227 of file rlm_mschap.c.

◆ rlm_mschap_dict_attr

fr_dict_attr_autoload_t rlm_mschap_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_eap_identity, .name = "EAP-Identity", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_ms_chap_new_cleartext_password, .name = "MS-CHAP-New-Cleartext-Password", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_ms_chap_new_nt_password, .name = "MS-CHAP-New-NT-Password", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
        { .out = &attr_ms_chap_peer_challenge, .name = "MS-CHAP-Peer-Challenge", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
        { .out = &attr_ms_chap_use_ntlm_auth, .name = "MS-CHAP-Use-NTLM-Auth", .type = FR_TYPE_UINT8, .dict = &dict_freeradius },
        { .out = &attr_ms_chap_user_name, .name = "MS-CHAP-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_nt_password, .name = "Password.NT", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
        { .out = &attr_smb_account_ctrl_text, .name = "SMB-Account-Ctrl-Text", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_smb_account_ctrl, .name = "SMB-Account-Ctrl", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
 
        { NULL }
}

Definition at line 246 of file rlm_mschap.c.

◆ SHSpad1

const uint8_t SHSpad1[40]

static

Initial value:

=
               { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

Definition at line 1241 of file rlm_mschap.c.

◆ SHSpad2

const uint8_t SHSpad2[40]

static

Initial value:

=
               { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
                 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }

Definition at line 1247 of file rlm_mschap.c.

◆ winbind_config

const conf_parser_t winbind_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("username", rlm_mschap_t, wb_username) },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 94 of file rlm_mschap.c.

◆ xlat_call_env

const call_env_parser_t xlat_call_env[]

static

Initial value:

= {
        { FR_CALL_ENV_PARSE_ONLY_OFFSET("username", FR_TYPE_STRING, CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED, mschap_xlat_call_env_t, username), .pair.dflt = "&User-Name", .pair.dflt_quote = T_BARE_WORD },
        MSCHAP_COMMON_CALL_ENV(xlat),
        CALL_ENV_TERMINATOR
}

Definition at line 164 of file rlm_mschap.c.

Data Structures

Macros

Functions

Variables

Detailed Description

Data Structure Documentation

◆ mschap_autz_call_env_t

◆ mschap_xlat_call_env_t

Macro Definition Documentation

◆ ACB_AUTOLOCK

◆ ACB_DISABLED

◆ ACB_DOMTRUST

◆ ACB_FR_EXPIRED

◆ ACB_HOMDIRREQ

◆ ACB_MNS

◆ ACB_NORMAL

◆ ACB_PWNOEXP

◆ ACB_PWNOTREQ

◆ ACB_SVRTRUST

◆ ACB_TEMPDUP

◆ ACB_WSTRUST

◆ CHECK_OPTION

◆ LOG_PREFIX

◆ MSCHAP_CALL_ENV

◆ MSCHAP_COMMON_CALL_ENV

◆ MSCHAP_OPT_CALL_ENV

Function Documentation

◆ do_mschap()

◆ do_mschap_cpw()

◆ mod_authenticate()

◆ mod_authenticate_domain_tmpl_push()

◆ mod_authenticate_resume()

◆ mod_authorize()

◆ mod_bootstrap()

◆ mod_instantiate()

◆ mppe_add_reply()

◆ mppe_chap2_gen_keys128()

◆ mppe_chap2_get_keys128()

◆ mppe_GetAsymmetricStartKey()

◆ mppe_GetMasterKey()

◆ MSCHAP_CALL_ENV() [1/2]

◆ MSCHAP_CALL_ENV() [2/2]

◆ mschap_cpw_prepare()

◆ mschap_error()

◆ mschap_identity_find()

◆ mschap_process_cpw_request()

◆ mschap_process_response()

◆ mschap_process_v2_response()

◆ nt_password_find()

◆ pdb_decode_acct_ctrl()

◆ write_all()

Variable Documentation

◆ attr_auth_type

◆ attr_cleartext_password

◆ attr_eap_identity

◆ attr_ms_chap_new_cleartext_password

◆ attr_ms_chap_new_nt_password

◆ attr_ms_chap_peer_challenge

◆ attr_ms_chap_use_ntlm_auth

◆ attr_ms_chap_user_name

◆ attr_nt_password

◆ attr_smb_account_ctrl

◆ attr_smb_account_ctrl_text

◆ auth_call_env

◆ autz_call_env

◆ dict_freeradius

◆ dict_radius

◆ magic1

◆ magic2

◆ magic3

◆ module_config

◆ mschap_auth_method_env

◆ mschap_xlat_args

◆ passchange_config

◆ rlm_mschap

◆ rlm_mschap_dict

◆ rlm_mschap_dict_attr

◆ SHSpad1

◆ SHSpad2

◆ winbind_config