The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_pap.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: dd98c0b278d2942cb570a3e995cb3dec9cd704b7 $
19 * @file rlm_pap.c
20 * @brief Hashes plaintext passwords to compare against a prehashed reference.
21 *
22 * @copyright 2001-2012 The FreeRADIUS server project.
23 * @copyright 2012 Matthew Newton (matthew@newtoncomputing.co.uk)
24 * @copyright 2001 Kostas Kalevras (kkalev@noc.ntua.gr)
25 */
26#include "lib/unlang/action.h"
27RCSID("$Id: dd98c0b278d2942cb570a3e995cb3dec9cd704b7 $")
29
30#include <freeradius-devel/server/base.h>
31#include <freeradius-devel/server/module_rlm.h>
32#include <freeradius-devel/server/password.h>
33#include <freeradius-devel/tls/base.h>
34#include <freeradius-devel/tls/log.h>
35
36#include <freeradius-devel/util/base64.h>
37#include <freeradius-devel/util/debug.h>
38#include <freeradius-devel/util/base16.h>
39#include <freeradius-devel/util/md5.h>
40#include <freeradius-devel/util/sha1.h>
41
42#include <freeradius-devel/unlang/call_env.h>
43
44#include <freeradius-devel/protocol/freeradius/freeradius.internal.password.h>
45
46#include <ctype.h>
47
48#ifdef HAVE_CRYPT_H
49# include <crypt.h>
50#endif
51#include <unistd.h> /* Contains crypt function declarations */
52
53#ifdef HAVE_OPENSSL_EVP_H
54# include <freeradius-devel/tls/openssl_user_macros.h>
55# include <openssl/evp.h>
56#endif
57
58/*
59 * We don't have threadsafe crypt, so we have to wrap
60 * calls in a mutex
61 */
62#ifndef HAVE_CRYPT_R
63# include <pthread.h>
64static pthread_mutex_t fr_crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
65#endif
66
67/*
68 * Define a structure for our module configuration.
69 *
70 * These variables do not need to be in a structure, but it's
71 * a lot cleaner to do so, and a pointer to the structure can
72 * be used as the instance handle.
73 */
74typedef struct {
76 bool normify;
77} rlm_pap_t;
78
79typedef unlang_action_t (*pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *);
80
81static const conf_parser_t module_config[] = {
82 { FR_CONF_OFFSET("normalise", rlm_pap_t, normify), .dflt = "yes" },
84};
85
90
92 .inst_size = sizeof(pap_call_env_t),
93 .inst_type = "pap_call_env_t",
94 .env = (call_env_parser_t[]) {
95 { FR_CALL_ENV_PARSE_OFFSET("password_attribute", FR_TYPE_STRING,
97 pap_call_env_t, password, password_tmpl), .pair.dflt = "User-Password", .pair.dflt_quote = T_BARE_WORD },
99 }
100};
101
103
105 { .out = &dict_freeradius, .proto = "freeradius" },
106 { NULL }
107};
108
111
113 { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
114 { .out = &attr_root, .name = "Password", .type = FR_TYPE_TLV, .dict = &dict_freeradius },
115
116 { NULL }
117};
118
119#ifdef HAVE_OPENSSL_EVP_H
120static fr_table_num_sorted_t const pbkdf2_crypt_names[] = {
121 { L("HMACSHA1"), FR_SSHA1 },
122 { L("HMACSHA2+224"), FR_SSHA2_224 },
123 { L("HMACSHA2+256"), FR_SSHA2_256 },
124 { L("HMACSHA2+384"), FR_SSHA2_384 },
125 { L("HMACSHA2+512"), FR_SSHA2_512 },
126 { L("HMACSHA3+224"), FR_SSHA3_224 },
127 { L("HMACSHA3+256"), FR_SSHA3_256 },
128 { L("HMACSHA3+384"), FR_SSHA3_384 },
129 { L("HMACSHA3+512"), FR_SSHA3_512 },
130};
131static size_t pbkdf2_crypt_names_len = NUM_ELEMENTS(pbkdf2_crypt_names);
132
133static fr_table_num_sorted_t const pbkdf2_passlib_names[] = {
134 { L("sha1"), FR_SSHA1 },
135 { L("sha256"), FR_SSHA2_256 },
136 { L("sha512"), FR_SSHA2_512 }
137};
138static size_t pbkdf2_passlib_names_len = NUM_ELEMENTS(pbkdf2_passlib_names);
139#endif
140
142
143/*
144 * Authorize the user for PAP authentication.
145 *
146 * This isn't strictly necessary, but it does make the
147 * server simpler to configure.
148 */
149static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
150{
152 pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
153
154 if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) {
155 RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name);
157 }
158
159 if (env_data->password.type != FR_TYPE_STRING) {
160 RDEBUG2("No %s attribute in the request. Cannot do PAP", env_data->password_tmpl->name);
162 }
163
164 if (!inst->auth_type) {
165 WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup PAP authentication.",
166 mctx->mi->name, mctx->mi->name);
168 }
169
171
173}
174
175/*
176 * PAP authentication functions
177 */
178
180 UNUSED rlm_pap_t const *inst, request_t *request,
181 fr_pair_t const *known_good, fr_value_box_t const *password)
182{
183 if ((known_good->vp_length != password->vb_length) ||
184 (fr_digest_cmp(known_good->vp_octets, password->vb_octets, known_good->vp_length) != 0)) {
185 REDEBUG("Cleartext password does not match \"known good\" password");
186 REDEBUG3("Password : %pV", password);
187 REDEBUG3("Expected : %pV", &known_good->data);
189 }
191}
192
193#ifdef HAVE_CRYPT
194static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(unlang_result_t *p_result,
195 UNUSED rlm_pap_t const *inst, request_t *request,
196 fr_pair_t const *known_good, fr_value_box_t const *password)
197{
198 char *crypt_out;
199 int cmp = 0;
200
201#ifdef HAVE_CRYPT_R
202 struct crypt_data crypt_data = { .initialized = 0 };
203
204 crypt_out = crypt_r(password->vb_strvalue, known_good->vp_strvalue, &crypt_data);
205 if (crypt_out) cmp = strcmp(known_good->vp_strvalue, crypt_out);
206#else
207 /*
208 * Ensure we're thread-safe, as crypt() isn't.
209 */
210 pthread_mutex_lock(&fr_crypt_mutex);
211 crypt_out = crypt(password->vb_strvalue, known_good->vp_strvalue);
212
213 /*
214 * Got something, check it within the lock. This is
215 * faster than copying it to a local buffer, and the
216 * time spent within the lock is critical.
217 */
218 if (crypt_out) cmp = strcmp(known_good->vp_strvalue, crypt_out);
219 pthread_mutex_unlock(&fr_crypt_mutex);
220#endif
221
222 /*
223 * Error.
224 */
225 if (!crypt_out || (cmp != 0)) {
226 REDEBUG("Crypt digest does not match \"known good\" digest");
228 }
229
231}
232#endif
233
235 UNUSED rlm_pap_t const *inst, request_t *request,
236 fr_pair_t const *known_good, fr_value_box_t const *password)
237{
239
240 if (known_good->vp_length != MD5_DIGEST_LENGTH) {
241 REDEBUG("\"known-good\" MD5 password has incorrect length, expected 16 got %zu", known_good->vp_length);
243 }
244
245 fr_md5_calc(digest, password->vb_octets, password->vb_length);
246
247 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
248 REDEBUG("MD5 digest does not match \"known good\" digest");
249 REDEBUG3("Password : %pV", password);
250 REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
251 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
253 }
254
256}
257
258
260 UNUSED rlm_pap_t const *inst, request_t *request,
261 fr_pair_t const *known_good, fr_value_box_t const *password)
262{
263 fr_md5_ctx_t *md5_ctx;
265
266 if (known_good->vp_length <= MD5_DIGEST_LENGTH) {
267 REDEBUG("\"known-good\" Password.SMD5 has incorrect length, expected 16 got %zu", known_good->vp_length);
269 }
270
271 md5_ctx = fr_md5_ctx_alloc_from_list();
272 fr_md5_update(md5_ctx, password->vb_octets, password->vb_length);
273 fr_md5_update(md5_ctx, known_good->vp_octets + MD5_DIGEST_LENGTH, known_good->vp_length - MD5_DIGEST_LENGTH);
274 fr_md5_final(digest, md5_ctx);
276
277 /*
278 * Compare only the MD5 hash results, not the salt.
279 */
280 if (fr_digest_cmp(digest, known_good->vp_octets, MD5_DIGEST_LENGTH) != 0) {
281 REDEBUG("SMD5 digest does not match \"known good\" digest");
282 REDEBUG3("Password : %pV", password);
283 REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
284 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
286 }
287
289}
290
292 UNUSED rlm_pap_t const *inst, request_t *request,
293 fr_pair_t const *known_good, fr_value_box_t const *password)
294{
295 fr_sha1_ctx sha1_context;
297
298 if (known_good->vp_length != SHA1_DIGEST_LENGTH) {
299 REDEBUG("\"known-good\" Password.SHA1 has incorrect length, expected 20 got %zu", known_good->vp_length);
301 }
302
303 fr_sha1_init(&sha1_context);
304 fr_sha1_update(&sha1_context, password->vb_octets, password->vb_length);
305 fr_sha1_final(digest,&sha1_context);
306
307 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
308 REDEBUG("SHA1 digest does not match \"known good\" digest");
309 REDEBUG3("Password : %pV", password);
310 REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
311 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
313 }
314
316}
317
319 UNUSED rlm_pap_t const *inst, request_t *request,
320 fr_pair_t const *known_good, fr_value_box_t const *password)
321{
322 fr_sha1_ctx sha1_context;
324
325 if (known_good->vp_length <= SHA1_DIGEST_LENGTH) {
326 REDEBUG("\"known-good\" Password.SSHA has incorrect length, expected > 20 got %zu", known_good->vp_length);
328 }
329
330 fr_sha1_init(&sha1_context);
331 fr_sha1_update(&sha1_context, password->vb_octets, password->vb_length);
332
333 fr_sha1_update(&sha1_context, known_good->vp_octets + SHA1_DIGEST_LENGTH, known_good->vp_length - SHA1_DIGEST_LENGTH);
334 fr_sha1_final(digest, &sha1_context);
335
336 if (fr_digest_cmp(digest, known_good->vp_octets, SHA1_DIGEST_LENGTH) != 0) {
337 REDEBUG("SSHA digest does not match \"known good\" digest");
338 REDEBUG3("Password : %pV", password);
339 REDEBUG3("Salt : %pH", fr_box_octets(known_good->vp_octets + SHA1_DIGEST_LENGTH,
340 known_good->vp_length - SHA1_DIGEST_LENGTH));
341 REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
342 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
344 }
345
347}
348
349#ifdef HAVE_OPENSSL_EVP_H
350static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(unlang_result_t *p_result,
351 UNUSED rlm_pap_t const *inst, request_t *request,
352 fr_pair_t const *known_good, fr_value_box_t const *password,
353 char const *name, EVP_MD const *md)
354{
355 EVP_MD_CTX *ctx;
356 uint8_t digest[EVP_MAX_MD_SIZE];
357 unsigned int digest_len;
358
359 ctx = EVP_MD_CTX_create();
360 EVP_DigestInit_ex(ctx, md, NULL);
361 EVP_DigestUpdate(ctx, password->vb_octets, password->vb_length);
362 EVP_DigestFinal_ex(ctx, digest, &digest_len);
363 EVP_MD_CTX_destroy(ctx);
364
365 fr_assert((size_t) digest_len == known_good->vp_length); /* This would be an OpenSSL bug... */
366
367 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
368 REDEBUG("%s digest does not match \"known good\" digest", name);
369 REDEBUG3("Password : %pV", password);
370 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
371 REDEBUG3("Expected : %pH", &known_good->data);
373 }
374
376}
377
378static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(unlang_result_t *p_result,
379 UNUSED rlm_pap_t const *inst, request_t *request,
380 fr_pair_t const *known_good, fr_value_box_t const *password,
381 char const *name, EVP_MD const *md)
382{
383 EVP_MD_CTX *ctx;
384 uint8_t digest[EVP_MAX_MD_SIZE];
385 unsigned int digest_len, min_len;
386
387 min_len = EVP_MD_size(md);
388 ctx = EVP_MD_CTX_create();
389 EVP_DigestInit_ex(ctx, md, NULL);
390 EVP_DigestUpdate(ctx, password->vb_octets, password->vb_length);
391 EVP_DigestUpdate(ctx, known_good->vp_octets + min_len, known_good->vp_length - min_len);
392 EVP_DigestFinal_ex(ctx, digest, &digest_len);
393 EVP_MD_CTX_destroy(ctx);
394
395 fr_assert((size_t) digest_len == min_len); /* This would be an OpenSSL bug... */
396
397 /*
398 * Only compare digest_len bytes, the rest is salt.
399 */
400 if (fr_digest_cmp(digest, known_good->vp_octets, (size_t)digest_len) != 0) {
401 REDEBUG("%s digest does not match \"known good\" digest", name);
402 REDEBUG3("Password : %pV", password);
403 REDEBUG3("Salt : %pH",
404 fr_box_octets(known_good->vp_octets + digest_len, known_good->vp_length - digest_len));
405 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
406 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, digest_len));
408 }
409
411}
412
413/** Define a new OpenSSL EVP based password hashing function
414 *
415 */
416#define PAP_AUTH_EVP_MD(_func, _new_func, _name, _md) \
417static unlang_action_t CC_HINT(nonnull) _new_func(unlang_result_t *p_result, \
418 rlm_pap_t const *inst, request_t *request, \
419 fr_pair_t const *known_good, fr_value_box_t const *password) \
420{ \
421 return _func(p_result, inst, request, known_good, password, _name, _md); \
422}
423
424PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_224, "SHA2-224", EVP_sha224())
425PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_256, "SHA2-256", EVP_sha256())
426PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_384, "SHA2-384", EVP_sha384())
427PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_512, "SHA2-512", EVP_sha512())
428PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_224, "SSHA2-224", EVP_sha224())
429PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_256, "SSHA2-256", EVP_sha256())
430PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_384, "SSHA2-384", EVP_sha384())
431PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_512, "SSHA2-512", EVP_sha512())
432
433PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_224, "SHA3-224", EVP_sha3_224())
434PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_256, "SHA3-256", EVP_sha3_256())
435PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_384, "SHA3-384", EVP_sha3_384())
436PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_512, "SHA3-512", EVP_sha3_512())
437PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_224, "SSHA3-224", EVP_sha3_224())
438PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_256, "SSHA3-256", EVP_sha3_256())
439PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_384, "SSHA3-384", EVP_sha3_384())
440PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_512, "SSHA3-512", EVP_sha3_512())
441
442/** Validates Crypt::PBKDF2 LDAP format strings
443 *
444 * @param[out] p_result The result of comparing the pbkdf2 hash with the password.
445 * @param[in] request The current request.
446 * @param[in] str Raw PBKDF2 string.
447 * @param[in] len Length of string.
448 * @param[in] digest_type Digest type to use.
449 * @param[in] iter_sep Separation character between the iterations and the next component.
450 * @param[in] salt_sep Separation character between the salt and the next component.
451 * @param[in] iter_is_base64 Whether the iterations is are encoded as base64.
452 * @param[in] password to validate.
453 * @return
454 * - RLM_MODULE_REJECT
455 * - RLM_MODULE_OK
456 */
457static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unlang_result_t *p_result,
458 request_t *request, const uint8_t *str, size_t len,
459 int digest_type, char iter_sep, char salt_sep,
460 bool iter_is_base64, fr_value_box_t const *password)
461{
463
464 uint8_t const *p, *q, *end;
465 ssize_t slen;
466
467 EVP_MD const *evp_md;
468 size_t digest_len;
469
470 uint32_t iterations = 1;
471
472 uint8_t *salt = NULL;
473 size_t salt_len;
474 uint8_t hash[EVP_MAX_MD_SIZE];
475 uint8_t digest[EVP_MAX_MD_SIZE];
476
477 /*
478 * Parse PBKDF string for given digest = <iterations><iter_sep>b64(<salt>)<salt_sep>b64(<hash>)
479 */
480 p = str;
481 end = p + len;
482
483 switch (digest_type) {
484 case FR_SSHA1:
485 evp_md = EVP_sha1();
486 digest_len = SHA1_DIGEST_LENGTH;
487 break;
488
489 case FR_SSHA2_224:
490 evp_md = EVP_sha224();
491 digest_len = SHA224_DIGEST_LENGTH;
492 break;
493
494 case FR_SSHA2_256:
495 evp_md = EVP_sha256();
496 digest_len = SHA256_DIGEST_LENGTH;
497 break;
498
499 case FR_SSHA2_384:
500 evp_md = EVP_sha384();
501 digest_len = SHA384_DIGEST_LENGTH;
502 break;
503
504 case FR_SSHA2_512:
505 evp_md = EVP_sha512();
506 digest_len = SHA512_DIGEST_LENGTH;
507 break;
508
509 case FR_SSHA3_224:
510 evp_md = EVP_sha3_224();
511 digest_len = SHA224_DIGEST_LENGTH;
512 break;
513
514 case FR_SSHA3_256:
515 evp_md = EVP_sha3_256();
516 digest_len = SHA256_DIGEST_LENGTH;
517 break;
518
519 case FR_SSHA3_384:
520 evp_md = EVP_sha3_384();
521 digest_len = SHA384_DIGEST_LENGTH;
522 break;
523
524 case FR_SSHA3_512:
525 evp_md = EVP_sha3_512();
526 digest_len = SHA512_DIGEST_LENGTH;
527 break;
528
529 default:
530 REDEBUG("Unknown PBKDF2 digest type \"%d\"", digest_type);
531 goto finish;
532 }
533
534 if (((end - p) < 1) || !(q = memchr(p, iter_sep, end - p))) {
535 REDEBUG("Password.PBKDF2 missing iterations component");
536 goto finish;
537 }
538
539 if ((q - p) == 0) {
540 REDEBUG("Password.PBKDF2 iterations component too short");
541 goto finish;
542 }
543
544 /*
545 * If it's not base64 encoded, assume it's ascii
546 */
547 if (!iter_is_base64) {
548 char iterations_buff[sizeof("4294967295") + 1];
549 char *qq;
550
551 /*
552 * While passwords come from "trusted" sources, we don't trust them too much!
553 */
554 if ((size_t) (q - p) >= sizeof(iterations_buff)) {
555 REMARKER((char const *) p, q - p,
556 "Password.PBKDF2 iterations field is too large");
557
558 goto finish;
559 }
560
561 strlcpy(iterations_buff, (char const *)p, (q - p) + 1);
562
563 iterations = strtoul(iterations_buff, &qq, 10);
564 if (*qq != '\0') {
565 REMARKER(iterations_buff, qq - iterations_buff,
566 "Password.PBKDF2 iterations field contains an invalid character");
567
568 goto finish;
569 }
570 p = q + 1;
571 /*
572 * base64 encoded and big endian
573 */
574 } else {
576 slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *)&iterations, sizeof(iterations)),
577 &FR_SBUFF_IN((char const *)p, (char const *)q), false, false);
578 if (slen <= 0) {
579 RPEDEBUG("Failed decoding Password.PBKDF2 iterations component (%.*s)", (int)(q - p), p);
580 goto finish;
581 }
582 if (slen != sizeof(iterations)) {
583 REDEBUG("Decoded Password.PBKDF2 iterations component is wrong size");
584 }
585
586 iterations = ntohl(iterations);
587
588 p = q + 1;
589 }
590
591 /*
592 * 0 iterations is invalid (we need at least one)
593 */
594 if (iterations == 0) iterations = 1;
595
596 if (((end - p) < 1) || !(q = memchr(p, salt_sep, end - p))) {
597 REDEBUG("Password.PBKDF2 missing salt component");
598 goto finish;
599 }
600
601 if ((q - p) == 0) {
602 REDEBUG("Password.PBKDF2 salt component too short");
603 goto finish;
604 }
605
606 MEM(salt = talloc_array(request, uint8_t, FR_BASE64_DEC_LENGTH(q - p)));
607 slen = fr_base64_decode(&FR_DBUFF_TMP(salt, talloc_array_length(salt)),
608 &FR_SBUFF_IN((char const *) p, (char const *)q), false, false);
609 if (slen <= 0) {
610 RPEDEBUG("Failed decoding Password.PBKDF2 salt component");
611 goto finish;
612 }
613 salt_len = (size_t)slen;
614
615 p = q + 1;
616
617 if ((q - p) == 0) {
618 REDEBUG("Password.PBKDF2 hash component too short");
619 goto finish;
620 }
621
622 slen = fr_base64_decode(&FR_DBUFF_TMP(hash, sizeof(hash)),
623 &FR_SBUFF_IN((char const *)p, (char const *)end), false, false);
624 if (slen <= 0) {
625 RPEDEBUG("Failed decoding Password.PBKDF2 hash component");
626 goto finish;
627 }
628
629 if ((size_t)slen != digest_len) {
630 REDEBUG("Password.PBKDF2 hash component length is incorrect for hash type, expected %zu, got %zd",
631 digest_len, slen);
632
633 RHEXDUMP2(hash, slen, "hash component");
634
635 goto finish;
636 }
637
638 RDEBUG2("PBKDF2 %s: Iterations %u, salt length %zu, hash length %zd",
639 fr_table_str_by_value(pbkdf2_crypt_names, digest_type, "<UNKNOWN>"),
640 iterations, salt_len, slen);
641
642 /*
643 * Hash and compare
644 */
645 if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length,
646 (unsigned char const *)salt, (int)salt_len,
647 (int)iterations,
648 evp_md,
649 (int)digest_len, (unsigned char *)digest) == 0) {
650 fr_tls_log(request, "PBKDF2 digest failure");
651 goto finish;
652 }
653
654 if (fr_digest_cmp(digest, hash, (size_t)digest_len) != 0) {
655 REDEBUG("PBKDF2 digest does not match \"known good\" digest");
656 REDEBUG3("Salt : %pH", fr_box_octets(salt, salt_len));
657 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
658 REDEBUG3("Expected : %pH", fr_box_octets(hash, slen));
659 rcode = RLM_MODULE_REJECT;
660 } else {
661 rcode = RLM_MODULE_OK;
662 }
663
664finish:
665 talloc_free(salt);
666
667 RETURN_UNLANG_RCODE(rcode);
668}
669
670/** Validates Crypt::PBKDF2 LDAP format strings
671 *
672 * @param[out] p_result The result of comparing the pbkdf2 hash with the password.
673 * @param[in] request The current request.
674 * @param[in] str Raw PBKDF2 string.
675 * @param[in] len Length of string.
676 * @param[in] hash_names Table containing valid hash names.
677 * @param[in] hash_names_len How long the table is.
678 * @param[in] scheme_sep Separation character between the scheme and the next component.
679 * @param[in] iter_sep Separation character between the iterations and the next component.
680 * @param[in] salt_sep Separation character between the salt and the next component.
681 * @param[in] iter_is_base64 Whether the iterations is are encoded as base64.
682 * @param[in] password to validate.
683 * @return
684 * - RLM_MODULE_REJECT
685 * - RLM_MODULE_OK
686 */
687static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(unlang_result_t *p_result,
688 request_t *request, const uint8_t *str, size_t len,
689 fr_table_num_sorted_t const hash_names[], size_t hash_names_len,
690 char scheme_sep, char iter_sep, char salt_sep,
691 bool iter_is_base64, fr_value_box_t const *password)
692{
694
695 uint8_t const *p, *q, *end;
696 int digest_type;
697
698 RDEBUG2("Comparing with \"known-good\" Password.PBKDF2");
699
700 if (len <= 1) {
701 REDEBUG("Password.PBKDF2 is too short");
702 goto finish;
703 }
704
705 /*
706 * Parse PBKDF string = {hash_algorithm}<scheme_sep><iterations><iter_sep>b64(<salt>)<salt_sep>b64(<hash>)
707 */
708 p = str;
709 end = p + len;
710
711 q = memchr(p, scheme_sep, end - p);
712 if (!q) {
713 REDEBUG("Password.PBKDF2 has no component separators");
714 goto finish;
715 }
716
717 digest_type = fr_table_value_by_substr(hash_names, (char const *)p, q - p, -1);
718
719 p = q + 1;
720
721 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, digest_type, iter_sep, salt_sep, iter_is_base64, password);
722
723finish:
724 RETURN_UNLANG_RCODE(rcode);
725}
726
727static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(unlang_result_t *p_result,
728 UNUSED rlm_pap_t const *inst,
729 request_t *request,
730 fr_pair_t const *known_good, fr_value_box_t const *password)
731{
732 uint8_t const *p = known_good->vp_octets, *q, *end = p + known_good->vp_length;
733
734 if ((end - p) < 2) {
735 REDEBUG("Password.PBKDF2 too short");
737 }
738
739 /*
740 * If it doesn't begin with a $ assume
741 * it's Crypt::PBKDF2 LDAP format
742 *
743 * {X-PBKDF2}<digest>:<b64 rounds>:<b64_salt>:<b64_hash>
744 *
745 * or 389ds LDAP format
746 *
747 * {PBKDF2-SHA512}<round>$<b64_salt>$<b64_hash>
748 */
749 if (*p != '$') {
750 if ((size_t)(end - p) >= sizeof("{PBKDF2-") && (memcmp(p, "{PBKDF2-", sizeof("{PBKDF2-") - 1) == 0)) {
751 p += sizeof("{PBKDF2-") - 1;
752 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
753 pbkdf2_passlib_names, pbkdf2_passlib_names_len,
754 '}', '$', '$', false, password);
755 } else {
756 /*
757 * Strip the header if it's present
758 */
759 if (*p == '{') {
760 q = memchr(p, '}', end - p);
761 p = q + 1;
762 }
763 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
764 pbkdf2_crypt_names, pbkdf2_crypt_names_len,
765 ':', ':', ':', true, password);
766 }
767 }
768
769 /*
770 * Crypt::PBKDF2 Crypt format
771 *
772 * $PBKDF2$<digest>:<rounds>:<b64_salt>$<b64_hash>
773 */
774 if ((size_t)(end - p) >= sizeof("$PBKDF2$") && (memcmp(p, "$PBKDF2$", sizeof("$PBKDF2$") - 1) == 0)) {
775 p += sizeof("$PBKDF2$") - 1;
776 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
777 pbkdf2_crypt_names, pbkdf2_crypt_names_len,
778 ':', ':', '$', false, password);
779 }
780
781 /*
782 * Python's passlib format
783 *
784 * $pbkdf2-<digest>$<rounds>$<alt_b64_salt>$<alt_b64_hash>
785 *
786 * Note: Our base64 functions also work with alt_b64
787 */
788 if ((size_t)(end - p) >= sizeof("$pbkdf2-") && (memcmp(p, "$pbkdf2-", sizeof("$pbkdf2-") - 1) == 0)) {
789 p += sizeof("$pbkdf2-") - 1;
790 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
791 pbkdf2_passlib_names, pbkdf2_passlib_names_len,
792 '$', '$', '$', false, password);
793 }
794
795 REDEBUG("Can't determine format of Password.PBKDF2");
796
798}
799
800/*
801 * 389ds pbkdf2 passwords
802 *
803 * {PBKDF2-<digest>}<rounds>$<b64_salt>$<b64_hash>
804 */
805static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(unlang_result_t *p_result,
806 UNUSED rlm_pap_t const *inst,
807 request_t *request,
808 fr_pair_t const *known_good, fr_value_box_t const *password)
809{
810 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
811
812 if ((end - p) < 2) {
813 REDEBUG("Password.With-Header {PBKDF2-SHA1} too short");
815 }
816
817 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA1, '$', '$', false, password);
818}
819
820static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(unlang_result_t *p_result,
821 UNUSED rlm_pap_t const *inst,
822 request_t *request,
823 fr_pair_t const *known_good, fr_value_box_t const *password)
824{
825 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
826
827 if ((end - p) < 2) {
828 REDEBUG("Password.With-Header {PBKDF2-SHA256} too short");
830 }
831
832 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_256, '$', '$', false, password);
833}
834
835static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(unlang_result_t *p_result,
836 UNUSED rlm_pap_t const *inst,
837 request_t *request,
838 fr_pair_t const *known_good, fr_value_box_t const *password)
839{
840 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
841
842 if ((end - p) < 2) {
843 REDEBUG("Password.With-Header {PBKDF2-SHA512} too short");
845 }
846
847 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_512, '$', '$', false, password);
848}
849
850/*
851 * 389ds pbkdf2 legacy password with header {PBKDF2_SHA256}
852 *
853 * this was the first implementation in 389ds using a fixed length struct as base64.
854 * at some point it was the default scheme, although it's not recommened anymore.
855 *
856 * content struct is
857 * 4 bytes iterations (value 8192)
858 * 64 bytes salt
859 * 256 bytes hash
860 */
861static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(unlang_result_t *p_result,
862 UNUSED rlm_pap_t const *inst,
863 request_t *request,
864 fr_pair_t const *known_good, fr_value_box_t const *password)
865{
866#define PBKDF2_SHA256_LEGACY_SALT_LENGTH 64
867#define PBKDF2_SHA256_LEGACY_ITERATIONS_LENGTH 4
868#define PBKDF2_SHA256_LEGACY_HASH_LENGTH 256
869#define PBKDF2_SHA256_LEGACY_TOTAL_LENGTH (PBKDF2_SHA256_LEGACY_ITERATIONS_LENGTH + PBKDF2_SHA256_LEGACY_SALT_LENGTH + PBKDF2_SHA256_LEGACY_HASH_LENGTH)
870#define PBKDF2_SHA256_LEGACY_ITERATIONS 8192
871#define PBKDF2_SHA256_LEGACY_B64_LENGTH (PBKDF2_SHA256_LEGACY_TOTAL_LENGTH * 4 / 3)
872
873 struct pbkdf2_bufs {
874 uint32_t iterations;
875 uint8_t salt[PBKDF2_SHA256_LEGACY_SALT_LENGTH];
876 uint8_t hash[PBKDF2_SHA256_LEGACY_HASH_LENGTH];
877 };
878 struct pbkdf2_bufs pbkdf2_buf = { .iterations = PBKDF2_SHA256_LEGACY_ITERATIONS };
879
880 ssize_t slen;
881 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
882
883 EVP_MD const *evp_md = EVP_sha256();
884 size_t digest_len = SHA256_DIGEST_LENGTH;
885 uint8_t digest[SHA256_DIGEST_LENGTH];
886
887 if ((end - p) != PBKDF2_SHA256_LEGACY_B64_LENGTH) {
888 REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect size %zd instead of %d.", known_good->vp_length, PBKDF2_SHA256_LEGACY_B64_LENGTH);
890 }
891
892 slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *) &pbkdf2_buf, sizeof(pbkdf2_buf)),
893 &FR_SBUFF_IN((char const *) p, (char const *)end), false, false);
894
895 if (slen <= 0) {
896 RPEDEBUG("Failed decoding Password.With-Header {PBKDF2_SHA256}: \"%.*s\"", (int)(end -p), p);
898 }
899
900 if (slen != PBKDF2_SHA256_LEGACY_TOTAL_LENGTH) {
901 REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect decoded size %zd instead of %d.", slen, PBKDF2_SHA256_LEGACY_TOTAL_LENGTH);
903 }
904
905 pbkdf2_buf.iterations = ntohl(pbkdf2_buf.iterations);
906
907 if (pbkdf2_buf.iterations != PBKDF2_SHA256_LEGACY_ITERATIONS) {
908 REDEBUG("Password.With-Header {PBKDF2_SHA256} has unexpected number of iterations %d instead of %d.", pbkdf2_buf.iterations, PBKDF2_SHA256_LEGACY_ITERATIONS);
910 }
911
912 if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length,
913 (unsigned char const *)pbkdf2_buf.salt, (int)PBKDF2_SHA256_LEGACY_SALT_LENGTH,
914 (int)pbkdf2_buf.iterations,
915 evp_md,
916 (int)digest_len, (unsigned char *)digest) == 0) {
917 fr_tls_log(request, "PBKDF2_SHA256 digest failure");
919 }
920
921 if (fr_digest_cmp(digest, pbkdf2_buf.hash, (size_t)digest_len) != 0) {
922 REDEBUG("PBKDF2_SHA256 digest does not match \"known good\" digest");
923 REDEBUG3("Salt : %pH", fr_box_octets(pbkdf2_buf.salt, PBKDF2_SHA256_LEGACY_SALT_LENGTH));
924 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
925 REDEBUG3("Expected : %pH", fr_box_octets(pbkdf2_buf.hash, PBKDF2_SHA256_LEGACY_HASH_LENGTH));
927 } else {
929 }
930}
931#endif
932
934 UNUSED rlm_pap_t const *inst, request_t *request,
935 fr_pair_t const *known_good, fr_value_box_t const *password)
936{
937 ssize_t len;
939 uint8_t ucs2[512];
940
941 RDEBUG2("Comparing with \"known-good\" Password.NT");
942
943 if (known_good->vp_length != MD4_DIGEST_LENGTH) {
944 REDEBUG("\"known good\" Password.NT has incorrect length, expected 16 got %zu", known_good->vp_length);
946 }
947
948 len = fr_utf8_to_ucs2(ucs2, sizeof(ucs2),
949 password->vb_strvalue, password->vb_length);
950 if (len < 0) {
951 REDEBUG("User-Password is not in UCS2 format");
953 }
954
955 fr_md4_calc(digest, (uint8_t *)ucs2, len);
956
957 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
958 REDEBUG("NT digest does not match \"known good\" digest");
959 REDEBUG3("Calculated : %pH", fr_box_octets(digest, sizeof(digest)));
960 REDEBUG3("Expected : %pH", &known_good->data);
962 }
963
965}
966
968 UNUSED rlm_pap_t const *inst, request_t *request,
969 fr_pair_t const *known_good, fr_value_box_t const *password)
970{
971 uint8_t digest[128];
973 uint8_t buff2[FR_MAX_STRING_LEN + 50];
974 fr_dbuff_t digest_dbuff = FR_DBUFF_TMP(digest, sizeof(digest));
975
976 RDEBUG2("Using Password.NT-MTA-MD5");
977
978 if (known_good->vp_length != 64) {
979 REDEBUG("\"known good\" Password.NS-MTA-MD5 has incorrect length, expected 64 got %zu",
980 known_good->vp_length);
982 }
983
984 /*
985 * Sanity check the value of Password.NS-MTA-MD5
986 */
987 if (fr_base16_decode(NULL, &digest_dbuff,
988 &FR_SBUFF_IN(known_good->vp_strvalue, known_good->vp_length), false) != 16) {
989 REDEBUG("\"known good\" Password.NS-MTA-MD5 has invalid value");
991 }
992
993 /*
994 * Ensure we don't have buffer overflows.
995 *
996 * This really: sizeof(buff) - 2 - 2*32 - strlen(passwd)
997 */
998 if (password->vb_length >= (sizeof(buff) - 2 - 2 * 32)) {
999 REDEBUG("\"known good\" Password.NS-MTA-MD5 is too long");
1001 }
1002
1003 /*
1004 * Set up the algorithm.
1005 */
1006 {
1007 uint8_t *p = buff2;
1008
1009 memcpy(p, &known_good->vp_octets[32], 32);
1010 p += 32;
1011 *(p++) = 89;
1012 memcpy(p, password->vb_strvalue, password->vb_length);
1013 p += password->vb_length;
1014 *(p++) = 247;
1015 memcpy(p, &known_good->vp_octets[32], 32);
1016 p += 32;
1017
1018 fr_md5_calc(buff, (uint8_t *) buff2, p - buff2);
1019 }
1020
1021 if (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), buff, 16) != 0) {
1022 REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
1024 }
1025
1027}
1028
1029/** Auth func for password types that should have been normalised away
1030 *
1031 */
1033 UNUSED rlm_pap_t const *inst, UNUSED request_t *request,
1034 UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password)
1035{
1037}
1038
1039/** Table of password types we can process
1040 *
1041 */
1043 [FR_CLEARTEXT] = pap_auth_clear,
1044 [FR_MD5] = pap_auth_md5,
1045 [FR_SMD5] = pap_auth_smd5,
1046
1047#ifdef HAVE_CRYPT
1048 [FR_CRYPT] = pap_auth_crypt,
1049#endif
1050 [FR_NS_MTA_MD5] = pap_auth_ns_mta_md5,
1051 [FR_NT] = pap_auth_nt,
1052 [FR_WITH_HEADER] = pap_auth_dummy,
1053 [FR_SHA1] = pap_auth_sha1,
1054 [FR_SSHA1] = pap_auth_ssha1,
1055
1056#ifdef HAVE_OPENSSL_EVP_H
1057 [FR_PBKDF2] = pap_auth_pbkdf2,
1058 [FR_PBKDF2_SHA1] = pap_auth_pbkdf2_sha1,
1059 [FR_PBKDF2_SHA256] = pap_auth_pbkdf2_sha256,
1060 [FR_PBKDF2_SHA512] = pap_auth_pbkdf2_sha512,
1061 [FR_PBKDF2_SHA256_LEGACY] = pap_auth_pbkdf2_sha256_legacy,
1062 [FR_SHA2] = pap_auth_dummy,
1063 [FR_SHA2_224] = pap_auth_sha2_224,
1064 [FR_SHA2_256] = pap_auth_sha2_256,
1065 [FR_SHA2_384] = pap_auth_sha2_384,
1066 [FR_SHA2_512] = pap_auth_sha2_512,
1067 [FR_SSHA2_224] = pap_auth_ssha2_224,
1068 [FR_SSHA2_256] = pap_auth_ssha2_256,
1069 [FR_SSHA2_384] = pap_auth_ssha2_384,
1070 [FR_SSHA2_512] = pap_auth_ssha2_512,
1071 [FR_SHA3] = pap_auth_dummy,
1072 [FR_SHA3_224] = pap_auth_sha3_224,
1073 [FR_SHA3_256] = pap_auth_sha3_256,
1074 [FR_SHA3_384] = pap_auth_sha3_384,
1075 [FR_SHA3_512] = pap_auth_sha3_512,
1076 [FR_SSHA3_224] = pap_auth_ssha3_224,
1077 [FR_SSHA3_256] = pap_auth_ssha3_256,
1078 [FR_SSHA3_384] = pap_auth_ssha3_384,
1079 [FR_SSHA3_512] = pap_auth_ssha3_512,
1080#endif /* HAVE_OPENSSL_EVP_H */
1081};
1082
1083/*
1084 * Authenticate the user via one of any well-known password.
1085 */
1086static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1087{
1089 fr_pair_t *known_good;
1090 pap_auth_func_t auth_func;
1091 bool ephemeral;
1092 pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
1093
1094 p_result->rcode = RLM_MODULE_INVALID;
1095
1096 if (env_data->password.type != FR_TYPE_STRING) {
1097 REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a %s attribute!",
1098 env_data->password_tmpl->name);
1100 }
1101
1102 /*
1103 * The user MUST supply a non-zero-length password.
1104 */
1105 if (env_data->password.vb_length == 0) {
1106 REDEBUG("Password must not be empty");
1108 }
1109
1110 if (RDEBUG_ENABLED3) {
1111 RDEBUG3("Login attempt with %s = %pV (%zd)", env_data->password_tmpl->name,
1112 &env_data->password, env_data->password.vb_length);
1113 } else {
1114 RDEBUG2("Login attempt with password");
1115 }
1116
1117 /*
1118 * Retrieve the normalised version of
1119 * the known_good password, without
1120 * mangling the current password attributes
1121 * in the request.
1122 */
1123 known_good = password_find(&ephemeral, request, request,
1124 pap_alloweds, talloc_array_length(pap_alloweds),
1125 inst->normify);
1126 if (!known_good) {
1127 REDEBUG("No \"known good\" password found for user");
1129 }
1130
1131 fr_assert(known_good->da->attr < NUM_ELEMENTS(auth_func_table));
1132
1133 auth_func = auth_func_table[known_good->da->attr];
1134 fr_assert(auth_func);
1135
1136 if (RDEBUG_ENABLED3) {
1137 RDEBUG3("Comparing with \"known good\" %pP (%zu)", known_good, known_good->vp_length);
1138 } else {
1139 RDEBUG2("Comparing with \"known-good\" %s (%zu)", known_good->da->name, known_good->vp_length);
1140 }
1141
1142 /*
1143 * Authenticate, and return.
1144 */
1145 auth_func(p_result, inst, request, known_good, &env_data->password);
1146 if (ephemeral) TALLOC_FREE(known_good);
1147 switch (p_result->rcode) {
1148 case RLM_MODULE_REJECT:
1149 REDEBUG("Password incorrect");
1150 break;
1151
1152 case RLM_MODULE_OK:
1153 RDEBUG2("User authenticated successfully");
1154 break;
1155
1156 default:
1157 break;
1158 }
1159
1161}
1162
1163static int mod_instantiate(module_inst_ctx_t const *mctx)
1164{
1165 rlm_pap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_pap_t);
1166
1167 inst->auth_type = fr_dict_enum_by_name(attr_auth_type, mctx->mi->name, -1);
1168 if (!inst->auth_type) {
1169 WARN("Failed to find 'authenticate %s {...}' section. PAP will likely not work",
1170 mctx->mi->name);
1171 }
1172
1173 return 0;
1174}
1175
1176static int mod_load(void)
1177{
1178 size_t i, j = 0;
1179 size_t allowed = 0;
1180
1181 /*
1182 * Load the dictionaries early
1183 */
1184 if (fr_dict_autoload(rlm_pap_dict) < 0) {
1185 PERROR("%s", __FUNCTION__);
1186 return -1;
1187 }
1189 PERROR("%s", __FUNCTION__);
1191 return -1;
1192 }
1193
1194 /*
1195 * Figure out how many password types we allow
1196 */
1197 for (i = 0; i < NUM_ELEMENTS(auth_func_table); i++) {
1198 if (auth_func_table[i] == NULL) continue;
1199
1200 allowed++;
1201 }
1202
1203 /*
1204 * Get a list of the DAs that match are allowed
1205 * functions.
1206 */
1207 pap_alloweds = talloc_array(NULL, fr_dict_attr_t const *, allowed);
1208 for (i = 0; i < NUM_ELEMENTS(auth_func_table); i++) {
1209 fr_dict_attr_t const *password_da;
1210
1211 if (auth_func_table[i] == NULL) continue;
1212
1213 password_da = fr_dict_attr_child_by_num(attr_root, i);
1214 if (!fr_cond_assert(password_da)) {
1215 ERROR("Could not resolve password attribute %zu", i);
1218 return -1;
1219 }
1220
1221 pap_alloweds[j++] = password_da;
1222 }
1223
1224 return 0;
1225}
1226
1227static void mod_unload(void)
1228{
1231}
1232
1233/*
1234 * The module name should be the only globally exported symbol.
1235 * That is, everything else should be 'static'.
1236 *
1237 * If the module needs to temporarily modify it's instantiation
1238 * data, the type should be changed to MODULE_TYPE_THREAD_UNSAFE.
1239 * The server will then take care of ensuring that the module
1240 * is single-threaded.
1241 */
1242extern module_rlm_t rlm_pap;
1244 .common = {
1245 .magic = MODULE_MAGIC_INIT,
1246 .name = "pap",
1247 .inst_size = sizeof(rlm_pap_t),
1248 .onload = mod_load,
1249 .unload = mod_unload,
1252 },
1253 .method_group = {
1254 .bindings = (module_method_binding_t[]){
1255 /*
1256 * Hack to support old configurations
1257 */
1258 { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &pap_method_env },
1259 { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &pap_method_env },
1260 { .section = SECTION_NAME(CF_IDENT_ANY, CF_IDENT_ANY), .method = mod_authorize, .method_env = &pap_method_env },
1261
1263 }
1264 }
1265};
Unlang interpreter actions.
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
#define fr_base16_decode(_err, _out, _in, _no_trailing)
Definition base16.h:95
#define fr_base64_decode(_out, _in, _expect_padding, _no_trailing)
Definition base64.h:81
#define FR_BASE64_DEC_LENGTH(_inlen)
Definition base64.h:44
#define USES_APPLE_DEPRECATED_API
Definition build.h:472
#define RCSID(id)
Definition build.h:485
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
#define UNUSED
Definition build.h:317
#define NUM_ELEMENTS(_t)
Definition build.h:339
#define CALL_ENV_TERMINATOR
Definition call_env.h:236
#define FR_CALL_ENV_PARSE_OFFSET(_name, _cast_type, _flags, _struct, _field, _parse_field)
Specify a call_env_parser_t which writes out runtime results and the result of the parsing phase to t...
Definition call_env.h:365
size_t inst_size
Size of per call env.
Definition call_env.h:245
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl MUST contain an attribute reference.
Definition call_env.h:86
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition call_env.h:75
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition call_env.h:80
Per method call config.
Definition call_env.h:180
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:658
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:284
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:595
#define CF_IDENT_ANY
Definition cf_util.h:78
#define fr_dbuff_start(_dbuff_or_marker)
Return the 'start' position of a dbuff or marker.
Definition dbuff.h:898
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:139
#define MEM(x)
Definition debug.h:36
#define ERROR(fmt,...)
Definition dhcpclient.c:41
#define fr_dict_autofree(_to_free)
Definition dict.h:870
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:274
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:287
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
Definition dict_util.c:4134
#define fr_dict_autoload(_to_load)
Definition dict.h:867
fr_dict_attr_t const * fr_dict_attr_child_by_num(fr_dict_attr_t const *parent, unsigned int attr)
Check if a child attribute exists in a parent using an attribute number.
Definition dict_util.c:3331
fr_dict_enum_value_t const * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition dict_util.c:3439
Specifies an attribute which must be present for the module to function.
Definition dict.h:273
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:286
Value of an enumerated attribute.
Definition dict.h:233
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
#define PERROR(_fmt,...)
Definition log.h:228
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:335
#define RDEBUG3(fmt,...)
Definition log.h:343
#define REDEBUG3(fmt,...)
Definition log.h:373
#define REMARKER(_str, _marker_idx, _marker,...)
Output string with error marker, showing where format error occurred.
Definition log.h:498
#define RPEDEBUG(fmt,...)
Definition log.h:376
#define RHEXDUMP2(_data, _len, _fmt,...)
Definition log.h:704
talloc_free(reap)
void fr_md4_calc(uint8_t out[static MD4_DIGEST_LENGTH], uint8_t const *in, size_t inlen)
Calculate the MD4 hash of the contents of a buffer.
Definition md4.c:482
#define MD4_DIGEST_LENGTH
Definition md4.h:25
fr_md5_update_t fr_md5_update
Definition md5.c:442
fr_md5_final_t fr_md5_final
Definition md5.c:443
void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx)
Definition md5.c:522
fr_md5_ctx_t * fr_md5_ctx_alloc_from_list(void)
Definition md5.c:477
void fr_md5_ctx_t
Definition md5.h:28
#define MD5_DIGEST_LENGTH
@ FR_TYPE_TLV
Contains nested attributes.
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
unsigned int uint32_t
long int ssize_t
void fr_md5_calc(uint8_t out[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen)
Perform a single digest operation on a single input buffer.
unsigned char uint8_t
unsigned long int size_t
ssize_t fr_utf8_to_ucs2(uint8_t *out, size_t outlen, char const *in, size_t inlen)
Convert UTF8 string to UCS2 encoding.
Definition misc.c:315
int fr_digest_cmp(uint8_t const *a, uint8_t const *b, size_t length)
Do a comparison of two authentication digests by comparing the FULL data.
Definition misc.c:472
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
bool module_rlm_section_type_set(request_t *request, fr_dict_attr_t const *type_da, fr_dict_enum_value_t const *enumv)
Set the next section type if it's not already set.
Definition module_rlm.c:413
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:697
static ssize_t normify(normalise_t *action, uint8_t *buffer, size_t bufflen, char const *known_good, size_t len, size_t min_len)
Definition password.c:429
fr_pair_t * password_find(bool *ephemeral, TALLOC_CTX *ctx, request_t *request, fr_dict_attr_t const *allowed_attrs[], size_t allowed_attrs_len, bool normify)
Find a "known good" password in the control list of a request.
Definition password.c:983
static const conf_parser_t config[]
Definition base.c:186
#define fr_assert(_expr)
Definition rad_assert.h:38
#define REDEBUG(fmt,...)
Definition radclient.h:52
#define RDEBUG2(fmt,...)
Definition radclient.h:54
#define WARN(fmt,...)
Definition radclient.h:47
#define RETURN_UNLANG_UPDATED
Definition rcode.h:64
#define RETURN_UNLANG_INVALID
Definition rcode.h:60
#define RETURN_UNLANG_RCODE(_rcode)
Definition rcode.h:66
#define RETURN_UNLANG_FAIL
Definition rcode.h:57
#define RETURN_UNLANG_REJECT
Definition rcode.h:56
#define RETURN_UNLANG_OK
Definition rcode.h:58
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:45
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:41
#define RETURN_UNLANG_NOOP
Definition rcode.h:63
static const pap_auth_func_t auth_func_table[]
Table of password types we can process.
Definition rlm_pap.c:1042
static int mod_load(void)
Definition rlm_pap.c:1176
unlang_action_t(* pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *)
Definition rlm_pap.c:79
static fr_dict_attr_autoload_t rlm_pap_dict_attr[]
Definition rlm_pap.c:112
static unlang_action_t pap_auth_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:234
static fr_dict_t const * dict_freeradius
Definition rlm_pap.c:102
module_rlm_t rlm_pap
Definition rlm_pap.c:1243
fr_value_box_t password
Definition rlm_pap.c:87
static const call_env_method_t pap_method_env
Definition rlm_pap.c:91
fr_dict_enum_value_t const * auth_type
Definition rlm_pap.c:75
static fr_dict_autoload_t rlm_pap_dict[]
Definition rlm_pap.c:104
static unlang_action_t pap_auth_nt(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:933
static fr_dict_attr_t const * attr_auth_type
Definition rlm_pap.c:109
static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_pap.c:149
static void mod_unload(void)
Definition rlm_pap.c:1227
static unlang_action_t pap_auth_sha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:291
static unlang_action_t pap_auth_clear(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:179
static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_pap.c:1086
static fr_dict_attr_t const * attr_root
Definition rlm_pap.c:110
static unlang_action_t pap_auth_dummy(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, UNUSED request_t *request, UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password)
Auth func for password types that should have been normalised away.
Definition rlm_pap.c:1032
static unlang_action_t pap_auth_ns_mta_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:967
static unlang_action_t pap_auth_ssha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:318
static fr_dict_attr_t const ** pap_alloweds
Definition rlm_pap.c:141
static USES_APPLE_DEPRECATED_API pthread_mutex_t fr_crypt_mutex
Definition rlm_pap.c:64
static const conf_parser_t module_config[]
Definition rlm_pap.c:81
bool normify
Definition rlm_pap.c:76
tmpl_t * password_tmpl
Definition rlm_pap.c:88
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_pap.c:1163
static unlang_action_t pap_auth_smd5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:259
static unsigned int hash(char const *username, unsigned int tablesize)
Definition rlm_passwd.c:132
static char const * name
static int instantiate(module_inst_ctx_t const *mctx)
Definition rlm_rest.c:1297
#define FR_SBUFF_IN(_start, _len_or_end)
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
char const * name
Instance name e.g. user_database.
Definition module.h:355
size_t inst_size
Size of the module's instance data.
Definition module.h:212
void * data
Module's instance data.
Definition module.h:291
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:152
Named methods exported by a module.
Definition module.h:174
void fr_sha1_init(fr_sha1_ctx *context)
Definition sha1.c:93
void fr_sha1_final(uint8_t digest[static SHA1_DIGEST_LENGTH], fr_sha1_ctx *context)
Definition sha1.c:141
void fr_sha1_update(fr_sha1_ctx *context, uint8_t const *in, size_t len)
Definition sha1.c:105
#define SHA1_DIGEST_LENGTH
Definition sha1.h:29
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
eap_aka_sim_process_conf_t * inst
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
#define fr_table_value_by_substr(_table, _name, _name_len, _def)
Convert a partial string to a value using an ordered or sorted table.
Definition table.h:693
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
#define talloc_get_type_abort_const
Definition talloc.h:287
@ T_BARE_WORD
Definition token.h:120
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:576
#define FR_MAX_STRING_LEN
Definition value.h:30
int nonnull(2, 5))
#define fr_box_octets(_val, _len)
Definition value.h:307