The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_pap.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 2e4d15bf9609eea3229dbb0bb4769fc394e4e429 $
19 * @file rlm_pap.c
20 * @brief Hashes plaintext passwords to compare against a prehashed reference.
21 *
22 * @copyright 2001-2012 The FreeRADIUS server project.
23 * @copyright 2012 Matthew Newton (matthew@newtoncomputing.co.uk)
24 * @copyright 2001 Kostas Kalevras (kkalev@noc.ntua.gr)
25 */
26RCSID("$Id: 2e4d15bf9609eea3229dbb0bb4769fc394e4e429 $")
28
29#include <freeradius-devel/server/base.h>
30#include <freeradius-devel/server/module_rlm.h>
31#include <freeradius-devel/server/password.h>
32#include <freeradius-devel/tls/base.h>
33#include <freeradius-devel/tls/log.h>
34
35#include <freeradius-devel/util/base64.h>
36#include <freeradius-devel/util/debug.h>
37#include <freeradius-devel/util/base16.h>
38#include <freeradius-devel/util/md5.h>
39#include <freeradius-devel/util/sha1.h>
40
41#include <freeradius-devel/unlang/action.h>
42#include <freeradius-devel/unlang/call_env.h>
43
44#include <freeradius-devel/protocol/freeradius/freeradius.internal.password.h>
45
46#include <ctype.h>
47
48#ifdef HAVE_CRYPT_H
49# include <crypt.h>
50#endif
51#include <unistd.h> /* Contains crypt function declarations */
52
53#ifdef HAVE_OPENSSL_EVP_H
54# include <freeradius-devel/tls/openssl_user_macros.h>
55# include <openssl/evp.h>
56#endif
57
58/*
59 * We don't have threadsafe crypt, so we have to wrap
60 * calls in a mutex
61 */
62#ifndef HAVE_CRYPT_R
63# include <pthread.h>
64static pthread_mutex_t fr_crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
65#endif
66
67/*
68 * Define a structure for our module configuration.
69 *
70 * These variables do not need to be in a structure, but it's
71 * a lot cleaner to do so, and a pointer to the structure can
72 * be used as the instance handle.
73 */
74typedef struct {
76 bool normify;
77} rlm_pap_t;
78
79typedef unlang_action_t (*pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *);
80
81static const conf_parser_t module_config[] = {
82 { FR_CONF_OFFSET("normalise", rlm_pap_t, normify), .dflt = "yes" },
84};
85
90
92 .inst_size = sizeof(pap_call_env_t),
93 .inst_type = "pap_call_env_t",
94 .env = (call_env_parser_t[]) {
95 { FR_CALL_ENV_PARSE_OFFSET("password_attribute", FR_TYPE_STRING,
97 pap_call_env_t, password, password_tmpl), .pair.dflt = "User-Password", .pair.dflt_quote = T_BARE_WORD },
99 }
100};
101
103
105 { .out = &dict_freeradius, .proto = "freeradius" },
106 { NULL }
107};
108
111
113 { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
114 { .out = &attr_root, .name = "Password", .type = FR_TYPE_TLV, .dict = &dict_freeradius },
115
116 { NULL }
117};
118
119#ifdef HAVE_OPENSSL_EVP_H
120static fr_table_num_sorted_t const pbkdf2_crypt_names[] = {
121 { L("HMACSHA1"), FR_SSHA1 },
122 { L("HMACSHA2+224"), FR_SSHA2_224 },
123 { L("HMACSHA2+256"), FR_SSHA2_256 },
124 { L("HMACSHA2+384"), FR_SSHA2_384 },
125 { L("HMACSHA2+512"), FR_SSHA2_512 },
126 { L("HMACSHA3+224"), FR_SSHA3_224 },
127 { L("HMACSHA3+256"), FR_SSHA3_256 },
128 { L("HMACSHA3+384"), FR_SSHA3_384 },
129 { L("HMACSHA3+512"), FR_SSHA3_512 },
130};
131static size_t pbkdf2_crypt_names_len = NUM_ELEMENTS(pbkdf2_crypt_names);
132
133static fr_table_num_sorted_t const pbkdf2_passlib_names[] = {
134 { L("sha1"), FR_SSHA1 },
135 { L("sha256"), FR_SSHA2_256 },
136 { L("sha512"), FR_SSHA2_512 }
137};
138static size_t pbkdf2_passlib_names_len = NUM_ELEMENTS(pbkdf2_passlib_names);
139#endif
140
142
143/*
144 * Authorize the user for PAP authentication.
145 *
146 * This isn't strictly necessary, but it does make the
147 * server simpler to configure.
148 */
149static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
150{
152 pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
153
154 if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) {
155 RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name);
157 }
158
159 if (env_data->password.type != FR_TYPE_STRING) {
160 RDEBUG2("No %s attribute in the request. Cannot do PAP", env_data->password_tmpl->name);
162 }
163
164 if (!inst->auth_type) {
165 WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup PAP authentication.",
166 mctx->mi->name, mctx->mi->name);
168 }
169
171
173}
174
175/*
176 * PAP authentication functions
177 */
178
180 UNUSED rlm_pap_t const *inst, request_t *request,
181 fr_pair_t const *known_good, fr_value_box_t const *password)
182{
183 if ((known_good->vp_length != password->vb_length) ||
184 (fr_digest_cmp(known_good->vp_octets, password->vb_octets, known_good->vp_length) != 0)) {
185 REDEBUG("Cleartext password does not match \"known good\" password");
187 REDEBUG3("Password : %pV", password);
188 REDEBUG3("Expected : %pV", &known_good->data);
190 }
192}
193
194#ifdef HAVE_CRYPT
195static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(unlang_result_t *p_result,
196 UNUSED rlm_pap_t const *inst, request_t *request,
197 fr_pair_t const *known_good, fr_value_box_t const *password)
198{
199 char *crypt_out;
200 int cmp = 0;
201
202#ifdef HAVE_CRYPT_R
203 struct crypt_data crypt_data = { .initialized = 0 };
204
205 crypt_out = crypt_r(password->vb_strvalue, known_good->vp_strvalue, &crypt_data);
206 if (crypt_out) cmp = strcmp(known_good->vp_strvalue, crypt_out);
207#else
208 /*
209 * Ensure we're thread-safe, as crypt() isn't.
210 */
211 pthread_mutex_lock(&fr_crypt_mutex);
212 crypt_out = crypt(password->vb_strvalue, known_good->vp_strvalue);
213
214 /*
215 * Got something, check it within the lock. This is
216 * faster than copying it to a local buffer, and the
217 * time spent within the lock is critical.
218 */
219 if (crypt_out) cmp = strcmp(known_good->vp_strvalue, crypt_out);
220 pthread_mutex_unlock(&fr_crypt_mutex);
221#endif
222
223 /*
224 * Error.
225 */
226 if (!crypt_out || (cmp != 0)) {
227 REDEBUG("Crypt digest does not match \"known good\" digest");
229 }
230
232}
233#endif
234
236 UNUSED rlm_pap_t const *inst, request_t *request,
237 fr_pair_t const *known_good, fr_value_box_t const *password)
238{
240
241 if (known_good->vp_length != MD5_DIGEST_LENGTH) {
242 REDEBUG("\"known-good\" MD5 password has incorrect length, expected 16 got %zu", known_good->vp_length);
244 }
245
246 fr_md5_calc(digest, password->vb_octets, password->vb_length);
247
248 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
249 REDEBUG("MD5 digest does not match \"known good\" digest");
251 REDEBUG3("Password : %pV", password);
252 REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
253 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
255 }
256
258}
259
260
262 UNUSED rlm_pap_t const *inst, request_t *request,
263 fr_pair_t const *known_good, fr_value_box_t const *password)
264{
265 fr_md5_ctx_t *md5_ctx;
267
268 if (known_good->vp_length <= MD5_DIGEST_LENGTH) {
269 REDEBUG("\"known-good\" Password.SMD5 has incorrect length, expected 16 got %zu", known_good->vp_length);
271 }
272
273 md5_ctx = fr_md5_ctx_alloc_from_list();
274 fr_md5_update(md5_ctx, password->vb_octets, password->vb_length);
275 fr_md5_update(md5_ctx, known_good->vp_octets + MD5_DIGEST_LENGTH, known_good->vp_length - MD5_DIGEST_LENGTH);
276 fr_md5_final(digest, md5_ctx);
278
279 /*
280 * Compare only the MD5 hash results, not the salt.
281 */
282 if (fr_digest_cmp(digest, known_good->vp_octets, MD5_DIGEST_LENGTH) != 0) {
283 REDEBUG("SMD5 digest does not match \"known good\" digest");
285 REDEBUG3("Password : %pV", password);
286 REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
287 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
289 }
290
292}
293
295 UNUSED rlm_pap_t const *inst, request_t *request,
296 fr_pair_t const *known_good, fr_value_box_t const *password)
297{
298 fr_sha1_ctx sha1_context;
300
301 if (known_good->vp_length != SHA1_DIGEST_LENGTH) {
302 REDEBUG("\"known-good\" Password.SHA1 has incorrect length, expected 20 got %zu", known_good->vp_length);
304 }
305
306 fr_sha1_init(&sha1_context);
307 fr_sha1_update(&sha1_context, password->vb_octets, password->vb_length);
308 fr_sha1_final(digest,&sha1_context);
309
310 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
311 REDEBUG("SHA1 digest does not match \"known good\" digest");
313 REDEBUG3("Password : %pV", password);
314 REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
315 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
317 }
318
320}
321
323 UNUSED rlm_pap_t const *inst, request_t *request,
324 fr_pair_t const *known_good, fr_value_box_t const *password)
325{
326 fr_sha1_ctx sha1_context;
328
329 if (known_good->vp_length <= SHA1_DIGEST_LENGTH) {
330 REDEBUG("\"known-good\" Password.SSHA has incorrect length, expected > 20 got %zu", known_good->vp_length);
332 }
333
334 fr_sha1_init(&sha1_context);
335 fr_sha1_update(&sha1_context, password->vb_octets, password->vb_length);
336
337 fr_sha1_update(&sha1_context, known_good->vp_octets + SHA1_DIGEST_LENGTH, known_good->vp_length - SHA1_DIGEST_LENGTH);
338 fr_sha1_final(digest, &sha1_context);
339
340 if (fr_digest_cmp(digest, known_good->vp_octets, SHA1_DIGEST_LENGTH) != 0) {
341 REDEBUG("SSHA digest does not match \"known good\" digest");
343 REDEBUG3("Password : %pV", password);
344 REDEBUG3("Salt : %pH", fr_box_octets(known_good->vp_octets + SHA1_DIGEST_LENGTH,
345 known_good->vp_length - SHA1_DIGEST_LENGTH));
346 REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
347 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
349 }
350
352}
353
354#ifdef HAVE_OPENSSL_EVP_H
355static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(unlang_result_t *p_result,
356 UNUSED rlm_pap_t const *inst, request_t *request,
357 fr_pair_t const *known_good, fr_value_box_t const *password,
358 char const *name, EVP_MD const *md)
359{
360 EVP_MD_CTX *ctx;
361 uint8_t digest[EVP_MAX_MD_SIZE];
362 unsigned int digest_len;
363
364 ctx = EVP_MD_CTX_create();
365 EVP_DigestInit_ex(ctx, md, NULL);
366 EVP_DigestUpdate(ctx, password->vb_octets, password->vb_length);
367 EVP_DigestFinal_ex(ctx, digest, &digest_len);
368 EVP_MD_CTX_destroy(ctx);
369
370 fr_assert((size_t) digest_len == known_good->vp_length); /* This would be an OpenSSL bug... */
371
372 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
373 REDEBUG("%s digest does not match \"known good\" digest", name);
375 REDEBUG3("Password : %pV", password);
376 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
377 REDEBUG3("Expected : %pH", &known_good->data);
379 }
380
382}
383
384static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(unlang_result_t *p_result,
385 UNUSED rlm_pap_t const *inst, request_t *request,
386 fr_pair_t const *known_good, fr_value_box_t const *password,
387 char const *name, EVP_MD const *md)
388{
389 EVP_MD_CTX *ctx;
390 uint8_t digest[EVP_MAX_MD_SIZE];
391 unsigned int digest_len, min_len;
392
393 min_len = EVP_MD_size(md);
394 ctx = EVP_MD_CTX_create();
395 EVP_DigestInit_ex(ctx, md, NULL);
396 EVP_DigestUpdate(ctx, password->vb_octets, password->vb_length);
397 EVP_DigestUpdate(ctx, known_good->vp_octets + min_len, known_good->vp_length - min_len);
398 EVP_DigestFinal_ex(ctx, digest, &digest_len);
399 EVP_MD_CTX_destroy(ctx);
400
401 fr_assert((size_t) digest_len == min_len); /* This would be an OpenSSL bug... */
402
403 /*
404 * Only compare digest_len bytes, the rest is salt.
405 */
406 if (fr_digest_cmp(digest, known_good->vp_octets, (size_t)digest_len) != 0) {
407 REDEBUG("%s digest does not match \"known good\" digest", name);
409 REDEBUG3("Password : %pV", password);
410 REDEBUG3("Salt : %pH",
411 fr_box_octets(known_good->vp_octets + digest_len, known_good->vp_length - digest_len));
412 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
413 REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, digest_len));
415 }
416
418}
419
420/** Define a new OpenSSL EVP based password hashing function
421 *
422 */
423#define PAP_AUTH_EVP_MD(_func, _new_func, _name, _md) \
424static unlang_action_t CC_HINT(nonnull) _new_func(unlang_result_t *p_result, \
425 rlm_pap_t const *inst, request_t *request, \
426 fr_pair_t const *known_good, fr_value_box_t const *password) \
427{ \
428 return _func(p_result, inst, request, known_good, password, _name, _md); \
429}
430
431PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_224, "SHA2-224", EVP_sha224())
432PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_256, "SHA2-256", EVP_sha256())
433PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_384, "SHA2-384", EVP_sha384())
434PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha2_512, "SHA2-512", EVP_sha512())
435PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_224, "SSHA2-224", EVP_sha224())
436PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_256, "SSHA2-256", EVP_sha256())
437PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_384, "SSHA2-384", EVP_sha384())
438PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha2_512, "SSHA2-512", EVP_sha512())
439
440PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_224, "SHA3-224", EVP_sha3_224())
441PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_256, "SHA3-256", EVP_sha3_256())
442PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_384, "SHA3-384", EVP_sha3_384())
443PAP_AUTH_EVP_MD(pap_auth_evp_md, pap_auth_sha3_512, "SHA3-512", EVP_sha3_512())
444PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_224, "SSHA3-224", EVP_sha3_224())
445PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_256, "SSHA3-256", EVP_sha3_256())
446PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_384, "SSHA3-384", EVP_sha3_384())
447PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_512, "SSHA3-512", EVP_sha3_512())
448
449/** Validates Crypt::PBKDF2 LDAP format strings
450 *
451 * @param[out] p_result The result of comparing the pbkdf2 hash with the password.
452 * @param[in] request The current request.
453 * @param[in] str Raw PBKDF2 string.
454 * @param[in] len Length of string.
455 * @param[in] digest_type Digest type to use.
456 * @param[in] iter_sep Separation character between the iterations and the next component.
457 * @param[in] salt_sep Separation character between the salt and the next component.
458 * @param[in] iter_is_base64 Whether the iterations is are encoded as base64.
459 * @param[in] password to validate.
460 * @return
461 * - RLM_MODULE_REJECT
462 * - RLM_MODULE_OK
463 */
464static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unlang_result_t *p_result,
465 request_t *request, const uint8_t *str, size_t len,
466 int digest_type, char iter_sep, char salt_sep,
467 bool iter_is_base64, fr_value_box_t const *password)
468{
470
471 uint8_t const *p, *q, *end;
472 ssize_t slen;
473
474 EVP_MD const *evp_md;
475 size_t digest_len;
476
477 uint32_t iterations = 1;
478
479 uint8_t *salt = NULL;
480 size_t salt_len;
481 uint8_t hash[EVP_MAX_MD_SIZE];
482 uint8_t digest[EVP_MAX_MD_SIZE];
483
484 /*
485 * Parse PBKDF string for given digest = <iterations><iter_sep>b64(<salt>)<salt_sep>b64(<hash>)
486 */
487 p = str;
488 end = p + len;
489
490 switch (digest_type) {
491 case FR_SSHA1:
492 evp_md = EVP_sha1();
493 digest_len = SHA1_DIGEST_LENGTH;
494 break;
495
496 case FR_SSHA2_224:
497 evp_md = EVP_sha224();
498 digest_len = SHA224_DIGEST_LENGTH;
499 break;
500
501 case FR_SSHA2_256:
502 evp_md = EVP_sha256();
503 digest_len = SHA256_DIGEST_LENGTH;
504 break;
505
506 case FR_SSHA2_384:
507 evp_md = EVP_sha384();
508 digest_len = SHA384_DIGEST_LENGTH;
509 break;
510
511 case FR_SSHA2_512:
512 evp_md = EVP_sha512();
513 digest_len = SHA512_DIGEST_LENGTH;
514 break;
515
516 case FR_SSHA3_224:
517 evp_md = EVP_sha3_224();
518 digest_len = SHA224_DIGEST_LENGTH;
519 break;
520
521 case FR_SSHA3_256:
522 evp_md = EVP_sha3_256();
523 digest_len = SHA256_DIGEST_LENGTH;
524 break;
525
526 case FR_SSHA3_384:
527 evp_md = EVP_sha3_384();
528 digest_len = SHA384_DIGEST_LENGTH;
529 break;
530
531 case FR_SSHA3_512:
532 evp_md = EVP_sha3_512();
533 digest_len = SHA512_DIGEST_LENGTH;
534 break;
535
536 default:
537 REDEBUG("Unknown PBKDF2 digest type \"%d\"", digest_type);
538 goto finish;
539 }
540
541 if (((end - p) < 1) || !(q = memchr(p, iter_sep, end - p))) {
542 REDEBUG("Password.PBKDF2 missing iterations component");
543 goto finish;
544 }
545
546 if ((q - p) == 0) {
547 REDEBUG("Password.PBKDF2 iterations component too short");
548 goto finish;
549 }
550
551 /*
552 * If it's not base64 encoded, assume it's ascii
553 */
554 if (!iter_is_base64) {
555 char iterations_buff[sizeof("4294967295") + 1];
556 char *qq;
557
558 /*
559 * While passwords come from "trusted" sources, we don't trust them too much!
560 */
561 if ((size_t) (q - p) >= sizeof(iterations_buff)) {
562 REMARKER((char const *) p, q - p,
563 "Password.PBKDF2 iterations field is too large");
564
565 goto finish;
566 }
567
568 strlcpy(iterations_buff, (char const *)p, (q - p) + 1);
569
570 iterations = strtoul(iterations_buff, &qq, 10);
571 if (*qq != '\0') {
572 REMARKER(iterations_buff, qq - iterations_buff,
573 "Password.PBKDF2 iterations field contains an invalid character");
574
575 goto finish;
576 }
577 p = q + 1;
578 /*
579 * base64 encoded and big endian
580 */
581 } else {
583 slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *)&iterations, sizeof(iterations)),
584 &FR_SBUFF_IN((char const *)p, (char const *)q), false, false);
585 if (slen <= 0) {
586 RPEDEBUG("Failed decoding Password.PBKDF2 iterations component (%.*s)", (int)(q - p), p);
587 goto finish;
588 }
589 if (slen != sizeof(iterations)) {
590 REDEBUG("Decoded Password.PBKDF2 iterations component is wrong size");
591 }
592
593 iterations = ntohl(iterations);
594
595 p = q + 1;
596 }
597
598 /*
599 * 0 iterations is invalid (we need at least one)
600 */
601 if (iterations == 0) iterations = 1;
602
603 if (((end - p) < 1) || !(q = memchr(p, salt_sep, end - p))) {
604 REDEBUG("Password.PBKDF2 missing salt component");
605 goto finish;
606 }
607
608 if ((q - p) == 0) {
609 REDEBUG("Password.PBKDF2 salt component too short");
610 goto finish;
611 }
612
613 MEM(salt = talloc_array(request, uint8_t, FR_BASE64_DEC_LENGTH(q - p)));
614 slen = fr_base64_decode(&FR_DBUFF_TMP(salt, talloc_array_length(salt)),
615 &FR_SBUFF_IN((char const *) p, (char const *)q), false, false);
616 if (slen <= 0) {
617 RPEDEBUG("Failed decoding Password.PBKDF2 salt component");
618 goto finish;
619 }
620 salt_len = (size_t)slen;
621
622 p = q + 1;
623
624 if ((q - p) == 0) {
625 REDEBUG("Password.PBKDF2 hash component too short");
626 goto finish;
627 }
628
629 slen = fr_base64_decode(&FR_DBUFF_TMP(hash, sizeof(hash)),
630 &FR_SBUFF_IN((char const *)p, (char const *)end), false, false);
631 if (slen <= 0) {
632 RPEDEBUG("Failed decoding Password.PBKDF2 hash component");
633 goto finish;
634 }
635
636 if ((size_t)slen != digest_len) {
637 REDEBUG("Password.PBKDF2 hash component length is incorrect for hash type, expected %zu, got %zd",
638 digest_len, slen);
639
640 RHEXDUMP2(hash, slen, "hash component");
641
642 goto finish;
643 }
644
645 RDEBUG2("PBKDF2 %s: Iterations %u, salt length %zu, hash length %zd",
646 fr_table_str_by_value(pbkdf2_crypt_names, digest_type, "<UNKNOWN>"),
647 iterations, salt_len, slen);
648
649 /*
650 * Hash and compare
651 */
652 if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length,
653 (unsigned char const *)salt, (int)salt_len,
654 (int)iterations,
655 evp_md,
656 (int)digest_len, (unsigned char *)digest) == 0) {
657 fr_tls_log(request, "PBKDF2 digest failure");
658 goto finish;
659 }
660
661 if (fr_digest_cmp(digest, hash, (size_t)digest_len) != 0) {
662 REDEBUG("PBKDF2 digest does not match \"known good\" digest");
664 REDEBUG3("Salt : %pH", fr_box_octets(salt, salt_len));
665 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
666 REDEBUG3("Expected : %pH", fr_box_octets(hash, slen));
667 rcode = RLM_MODULE_REJECT;
668 } else {
669 rcode = RLM_MODULE_OK;
670 }
671
672finish:
673 talloc_free(salt);
674
675 RETURN_UNLANG_RCODE(rcode);
676}
677
678/** Validates Crypt::PBKDF2 LDAP format strings
679 *
680 * @param[out] p_result The result of comparing the pbkdf2 hash with the password.
681 * @param[in] request The current request.
682 * @param[in] str Raw PBKDF2 string.
683 * @param[in] len Length of string.
684 * @param[in] hash_names Table containing valid hash names.
685 * @param[in] hash_names_len How long the table is.
686 * @param[in] scheme_sep Separation character between the scheme and the next component.
687 * @param[in] iter_sep Separation character between the iterations and the next component.
688 * @param[in] salt_sep Separation character between the salt and the next component.
689 * @param[in] iter_is_base64 Whether the iterations is are encoded as base64.
690 * @param[in] password to validate.
691 * @return
692 * - RLM_MODULE_REJECT
693 * - RLM_MODULE_OK
694 */
695static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(unlang_result_t *p_result,
696 request_t *request, const uint8_t *str, size_t len,
697 fr_table_num_sorted_t const hash_names[], size_t hash_names_len,
698 char scheme_sep, char iter_sep, char salt_sep,
699 bool iter_is_base64, fr_value_box_t const *password)
700{
702
703 uint8_t const *p, *q, *end;
704 int digest_type;
705
706 RDEBUG2("Comparing with \"known-good\" Password.PBKDF2");
707
708 if (len <= 1) {
709 REDEBUG("Password.PBKDF2 is too short");
710 goto finish;
711 }
712
713 /*
714 * Parse PBKDF string = {hash_algorithm}<scheme_sep><iterations><iter_sep>b64(<salt>)<salt_sep>b64(<hash>)
715 */
716 p = str;
717 end = p + len;
718
719 q = memchr(p, scheme_sep, end - p);
720 if (!q) {
721 REDEBUG("Password.PBKDF2 has no component separators");
722 goto finish;
723 }
724
725 digest_type = fr_table_value_by_substr(hash_names, (char const *)p, q - p, -1);
726
727 p = q + 1;
728
729 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, digest_type, iter_sep, salt_sep, iter_is_base64, password);
730
731finish:
732 RETURN_UNLANG_RCODE(rcode);
733}
734
735static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(unlang_result_t *p_result,
736 UNUSED rlm_pap_t const *inst,
737 request_t *request,
738 fr_pair_t const *known_good, fr_value_box_t const *password)
739{
740 uint8_t const *p = known_good->vp_octets, *q, *end = p + known_good->vp_length;
741
742 if ((end - p) < 2) {
743 REDEBUG("Password.PBKDF2 too short");
745 }
746
747 /*
748 * If it doesn't begin with a $ assume
749 * it's Crypt::PBKDF2 LDAP format
750 *
751 * {X-PBKDF2}<digest>:<b64 rounds>:<b64_salt>:<b64_hash>
752 *
753 * or 389ds LDAP format
754 *
755 * {PBKDF2-SHA512}<round>$<b64_salt>$<b64_hash>
756 */
757 if (*p != '$') {
758 if ((size_t)(end - p) >= sizeof("{PBKDF2-") && (memcmp(p, "{PBKDF2-", sizeof("{PBKDF2-") - 1) == 0)) {
759 p += sizeof("{PBKDF2-") - 1;
760 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
761 pbkdf2_passlib_names, pbkdf2_passlib_names_len,
762 '}', '$', '$', false, password);
763 } else {
764 /*
765 * Strip the header if it's present
766 */
767 if (*p == '{') {
768 q = memchr(p, '}', end - p);
769 p = q + 1;
770 }
771 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
772 pbkdf2_crypt_names, pbkdf2_crypt_names_len,
773 ':', ':', ':', true, password);
774 }
775 }
776
777 /*
778 * Crypt::PBKDF2 Crypt format
779 *
780 * $PBKDF2$<digest>:<rounds>:<b64_salt>$<b64_hash>
781 */
782 if ((size_t)(end - p) >= sizeof("$PBKDF2$") && (memcmp(p, "$PBKDF2$", sizeof("$PBKDF2$") - 1) == 0)) {
783 p += sizeof("$PBKDF2$") - 1;
784 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
785 pbkdf2_crypt_names, pbkdf2_crypt_names_len,
786 ':', ':', '$', false, password);
787 }
788
789 /*
790 * Python's passlib format
791 *
792 * $pbkdf2-<digest>$<rounds>$<alt_b64_salt>$<alt_b64_hash>
793 *
794 * Note: Our base64 functions also work with alt_b64
795 */
796 if ((size_t)(end - p) >= sizeof("$pbkdf2-") && (memcmp(p, "$pbkdf2-", sizeof("$pbkdf2-") - 1) == 0)) {
797 p += sizeof("$pbkdf2-") - 1;
798 return pap_auth_pbkdf2_parse(p_result, request, p, end - p,
799 pbkdf2_passlib_names, pbkdf2_passlib_names_len,
800 '$', '$', '$', false, password);
801 }
802
803 REDEBUG("Can't determine format of Password.PBKDF2");
804
806}
807
808/*
809 * 389ds pbkdf2 passwords
810 *
811 * {PBKDF2-<digest>}<rounds>$<b64_salt>$<b64_hash>
812 */
813static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(unlang_result_t *p_result,
814 UNUSED rlm_pap_t const *inst,
815 request_t *request,
816 fr_pair_t const *known_good, fr_value_box_t const *password)
817{
818 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
819
820 if ((end - p) < 2) {
821 REDEBUG("Password.With-Header {PBKDF2-SHA1} too short");
823 }
824
825 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA1, '$', '$', false, password);
826}
827
828static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(unlang_result_t *p_result,
829 UNUSED rlm_pap_t const *inst,
830 request_t *request,
831 fr_pair_t const *known_good, fr_value_box_t const *password)
832{
833 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
834
835 if ((end - p) < 2) {
836 REDEBUG("Password.With-Header {PBKDF2-SHA256} too short");
838 }
839
840 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_256, '$', '$', false, password);
841}
842
843static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(unlang_result_t *p_result,
844 UNUSED rlm_pap_t const *inst,
845 request_t *request,
846 fr_pair_t const *known_good, fr_value_box_t const *password)
847{
848 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
849
850 if ((end - p) < 2) {
851 REDEBUG("Password.With-Header {PBKDF2-SHA512} too short");
853 }
854
855 return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_512, '$', '$', false, password);
856}
857
858/*
859 * 389ds pbkdf2 legacy password with header {PBKDF2_SHA256}
860 *
861 * this was the first implementation in 389ds using a fixed length struct as base64.
862 * at some point it was the default scheme, although it's not recommened anymore.
863 *
864 * content struct is
865 * 4 bytes iterations (value 8192)
866 * 64 bytes salt
867 * 256 bytes hash
868 */
869static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(unlang_result_t *p_result,
870 UNUSED rlm_pap_t const *inst,
871 request_t *request,
872 fr_pair_t const *known_good, fr_value_box_t const *password)
873{
874#define PBKDF2_SHA256_LEGACY_SALT_LENGTH 64
875#define PBKDF2_SHA256_LEGACY_ITERATIONS_LENGTH 4
876#define PBKDF2_SHA256_LEGACY_HASH_LENGTH 256
877#define PBKDF2_SHA256_LEGACY_TOTAL_LENGTH (PBKDF2_SHA256_LEGACY_ITERATIONS_LENGTH + PBKDF2_SHA256_LEGACY_SALT_LENGTH + PBKDF2_SHA256_LEGACY_HASH_LENGTH)
878#define PBKDF2_SHA256_LEGACY_ITERATIONS 8192
879#define PBKDF2_SHA256_LEGACY_B64_LENGTH (PBKDF2_SHA256_LEGACY_TOTAL_LENGTH * 4 / 3)
880
881 struct pbkdf2_bufs {
882 uint32_t iterations;
883 uint8_t salt[PBKDF2_SHA256_LEGACY_SALT_LENGTH];
884 uint8_t hash[PBKDF2_SHA256_LEGACY_HASH_LENGTH];
885 };
886 struct pbkdf2_bufs pbkdf2_buf = { .iterations = PBKDF2_SHA256_LEGACY_ITERATIONS };
887
888 ssize_t slen;
889 uint8_t const *p = known_good->vp_octets, *end = p + known_good->vp_length;
890
891 EVP_MD const *evp_md = EVP_sha256();
892 size_t digest_len = SHA256_DIGEST_LENGTH;
893 uint8_t digest[SHA256_DIGEST_LENGTH];
894
895 if ((end - p) != PBKDF2_SHA256_LEGACY_B64_LENGTH) {
896 REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect size %zd instead of %d.", known_good->vp_length, PBKDF2_SHA256_LEGACY_B64_LENGTH);
898 }
899
900 slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *) &pbkdf2_buf, sizeof(pbkdf2_buf)),
901 &FR_SBUFF_IN((char const *) p, (char const *)end), false, false);
902
903 if (slen <= 0) {
904 RPEDEBUG("Failed decoding Password.With-Header {PBKDF2_SHA256}: \"%.*s\"", (int)(end -p), p);
906 }
907
908 if (slen != PBKDF2_SHA256_LEGACY_TOTAL_LENGTH) {
909 REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect decoded size %zd instead of %d.", slen, PBKDF2_SHA256_LEGACY_TOTAL_LENGTH);
911 }
912
913 pbkdf2_buf.iterations = ntohl(pbkdf2_buf.iterations);
914
915 if (pbkdf2_buf.iterations != PBKDF2_SHA256_LEGACY_ITERATIONS) {
916 REDEBUG("Password.With-Header {PBKDF2_SHA256} has unexpected number of iterations %d instead of %d.", pbkdf2_buf.iterations, PBKDF2_SHA256_LEGACY_ITERATIONS);
918 }
919
920 if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length,
921 (unsigned char const *)pbkdf2_buf.salt, (int)PBKDF2_SHA256_LEGACY_SALT_LENGTH,
922 (int)pbkdf2_buf.iterations,
923 evp_md,
924 (int)digest_len, (unsigned char *)digest) == 0) {
925 fr_tls_log(request, "PBKDF2_SHA256 digest failure");
927 }
928
929 if (fr_digest_cmp(digest, pbkdf2_buf.hash, (size_t)digest_len) != 0) {
930 REDEBUG("PBKDF2_SHA256 digest does not match \"known good\" digest");
932 REDEBUG3("Salt : %pH", fr_box_octets(pbkdf2_buf.salt, PBKDF2_SHA256_LEGACY_SALT_LENGTH));
933 REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
934 REDEBUG3("Expected : %pH", fr_box_octets(pbkdf2_buf.hash, PBKDF2_SHA256_LEGACY_HASH_LENGTH));
936 } else {
938 }
939}
940#endif
941
943 UNUSED rlm_pap_t const *inst, request_t *request,
944 fr_pair_t const *known_good, fr_value_box_t const *password)
945{
946 ssize_t len;
948 uint8_t ucs2[512];
949
950 RDEBUG2("Comparing with \"known-good\" Password.NT");
951
952 if (known_good->vp_length != MD4_DIGEST_LENGTH) {
953 REDEBUG("\"known good\" Password.NT has incorrect length, expected 16 got %zu", known_good->vp_length);
955 }
956
957 len = fr_utf8_to_ucs2(ucs2, sizeof(ucs2),
958 password->vb_strvalue, password->vb_length);
959 if (len < 0) {
960 REDEBUG("User-Password is not in UCS2 format");
962 }
963
964 fr_md4_calc(digest, (uint8_t *)ucs2, len);
965
966 if (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0) {
967 REDEBUG("NT digest does not match \"known good\" digest");
969 REDEBUG3("Calculated : %pH", fr_box_octets(digest, sizeof(digest)));
970 REDEBUG3("Expected : %pH", &known_good->data);
972 }
973
975}
976
978 UNUSED rlm_pap_t const *inst, request_t *request,
979 fr_pair_t const *known_good, fr_value_box_t const *password)
980{
981 uint8_t digest[128];
983 uint8_t buff2[FR_MAX_STRING_LEN + 50];
984 fr_dbuff_t digest_dbuff = FR_DBUFF_TMP(digest, sizeof(digest));
985
986 RDEBUG2("Using Password.NT-MTA-MD5");
987
988 if (known_good->vp_length != 64) {
989 REDEBUG("\"known good\" Password.NS-MTA-MD5 has incorrect length, expected 64 got %zu",
990 known_good->vp_length);
992 }
993
994 /*
995 * Sanity check the value of Password.NS-MTA-MD5
996 */
997 if (fr_base16_decode(NULL, &digest_dbuff,
998 &FR_SBUFF_IN(known_good->vp_strvalue, known_good->vp_length), false) != 16) {
999 REDEBUG("\"known good\" Password.NS-MTA-MD5 has invalid value");
1001 }
1002
1003 /*
1004 * Ensure we don't have buffer overflows.
1005 *
1006 * This really: sizeof(buff) - 2 - 2*32 - strlen(passwd)
1007 */
1008 if (password->vb_length >= (sizeof(buff) - 2 - 2 * 32)) {
1009 REDEBUG("\"known good\" Password.NS-MTA-MD5 is too long");
1011 }
1012
1013 /*
1014 * Set up the algorithm.
1015 */
1016 {
1017 uint8_t *p = buff2;
1018
1019 memcpy(p, &known_good->vp_octets[32], 32);
1020 p += 32;
1021 *(p++) = 89;
1022 memcpy(p, password->vb_strvalue, password->vb_length);
1023 p += password->vb_length;
1024 *(p++) = 247;
1025 memcpy(p, &known_good->vp_octets[32], 32);
1026 p += 32;
1027
1028 fr_md5_calc(buff, (uint8_t *) buff2, p - buff2);
1029 }
1030
1031 if (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), buff, 16) != 0) {
1032 REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
1034 }
1035
1037}
1038
1039/** Auth func for password types that should have been normalised away
1040 *
1041 */
1043 UNUSED rlm_pap_t const *inst, UNUSED request_t *request,
1044 UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password)
1045{
1047}
1048
1049/** Table of password types we can process
1050 *
1051 */
1053 [FR_CLEARTEXT] = pap_auth_clear,
1054 [FR_MD5] = pap_auth_md5,
1055 [FR_SMD5] = pap_auth_smd5,
1056
1057#ifdef HAVE_CRYPT
1058 [FR_CRYPT] = pap_auth_crypt,
1059#endif
1060 [FR_NS_MTA_MD5] = pap_auth_ns_mta_md5,
1061 [FR_NT] = pap_auth_nt,
1062 [FR_WITH_HEADER] = pap_auth_dummy,
1063 [FR_SHA1] = pap_auth_sha1,
1064 [FR_SSHA1] = pap_auth_ssha1,
1065
1066#ifdef HAVE_OPENSSL_EVP_H
1067 [FR_PBKDF2] = pap_auth_pbkdf2,
1068 [FR_PBKDF2_SHA1] = pap_auth_pbkdf2_sha1,
1069 [FR_PBKDF2_SHA256] = pap_auth_pbkdf2_sha256,
1070 [FR_PBKDF2_SHA512] = pap_auth_pbkdf2_sha512,
1071 [FR_PBKDF2_SHA256_LEGACY] = pap_auth_pbkdf2_sha256_legacy,
1072 [FR_SHA2] = pap_auth_dummy,
1073 [FR_SHA2_224] = pap_auth_sha2_224,
1074 [FR_SHA2_256] = pap_auth_sha2_256,
1075 [FR_SHA2_384] = pap_auth_sha2_384,
1076 [FR_SHA2_512] = pap_auth_sha2_512,
1077 [FR_SSHA2_224] = pap_auth_ssha2_224,
1078 [FR_SSHA2_256] = pap_auth_ssha2_256,
1079 [FR_SSHA2_384] = pap_auth_ssha2_384,
1080 [FR_SSHA2_512] = pap_auth_ssha2_512,
1081 [FR_SHA3] = pap_auth_dummy,
1082 [FR_SHA3_224] = pap_auth_sha3_224,
1083 [FR_SHA3_256] = pap_auth_sha3_256,
1084 [FR_SHA3_384] = pap_auth_sha3_384,
1085 [FR_SHA3_512] = pap_auth_sha3_512,
1086 [FR_SSHA3_224] = pap_auth_ssha3_224,
1087 [FR_SSHA3_256] = pap_auth_ssha3_256,
1088 [FR_SSHA3_384] = pap_auth_ssha3_384,
1089 [FR_SSHA3_512] = pap_auth_ssha3_512,
1090#endif /* HAVE_OPENSSL_EVP_H */
1091};
1092
1093/*
1094 * Authenticate the user via one of any well-known password.
1095 */
1096static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1097{
1099 fr_pair_t *known_good;
1100 pap_auth_func_t auth_func;
1101 bool ephemeral;
1102 pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
1103
1104 p_result->rcode = RLM_MODULE_INVALID;
1105
1106 if (env_data->password.type != FR_TYPE_STRING) {
1107 REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a %s attribute!",
1108 env_data->password_tmpl->name);
1110 }
1111
1112 /*
1113 * The user MUST supply a non-zero-length password.
1114 */
1115 if (env_data->password.vb_length == 0) {
1116 REDEBUG("Password must not be empty");
1118 }
1119
1120 if (RDEBUG_ENABLED3) {
1121 RDEBUG3("Login attempt with %s = %pV (%zd)", env_data->password_tmpl->name,
1122 &env_data->password, env_data->password.vb_length);
1123 } else {
1124 RDEBUG2("Login attempt with password");
1125 }
1126
1127 /*
1128 * Retrieve the normalised version of
1129 * the known_good password, without
1130 * mangling the current password attributes
1131 * in the request.
1132 */
1133 known_good = password_find(&ephemeral, request, request,
1134 pap_alloweds, talloc_array_length(pap_alloweds),
1135 inst->normify);
1136 if (!known_good) {
1137 REDEBUG("No \"known good\" password found for user");
1139 }
1140
1141 fr_assert(known_good->da->attr < NUM_ELEMENTS(auth_func_table));
1142
1143 auth_func = auth_func_table[known_good->da->attr];
1144 fr_assert(auth_func);
1145
1146 if (RDEBUG_ENABLED3) {
1147 RDEBUG3("Comparing with \"known good\" %pP (%zu)", known_good, known_good->vp_length);
1148 } else {
1149 RDEBUG2("Comparing with \"known-good\" %s (%zu)", known_good->da->name, known_good->vp_length);
1150 }
1151
1152 /*
1153 * Authenticate, and return.
1154 */
1155 auth_func(p_result, inst, request, known_good, &env_data->password);
1156 if (ephemeral) TALLOC_FREE(known_good);
1157 switch (p_result->rcode) {
1158 case RLM_MODULE_REJECT:
1159 REDEBUG("Password incorrect");
1160 break;
1161
1162 case RLM_MODULE_OK:
1163 RDEBUG2("User authenticated successfully");
1164 break;
1165
1166 default:
1167 break;
1168 }
1169
1171}
1172
1173static int mod_instantiate(module_inst_ctx_t const *mctx)
1174{
1175 rlm_pap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_pap_t);
1176
1177 inst->auth_type = fr_dict_enum_by_name(attr_auth_type, mctx->mi->name, -1);
1178 if (!inst->auth_type) {
1179 WARN("Failed to find 'authenticate %s {...}' section. PAP will likely not work",
1180 mctx->mi->name);
1181 }
1182
1183 return 0;
1184}
1185
1186static int mod_load(void)
1187{
1188 size_t i, j = 0;
1189 size_t allowed = 0;
1190
1191 /*
1192 * Load the dictionaries early
1193 */
1194 if (fr_dict_autoload(rlm_pap_dict) < 0) {
1195 PERROR("%s", __FUNCTION__);
1196 return -1;
1197 }
1199 PERROR("%s", __FUNCTION__);
1201 return -1;
1202 }
1203
1204 /*
1205 * Figure out how many password types we allow
1206 */
1207 for (i = 0; i < NUM_ELEMENTS(auth_func_table); i++) {
1208 if (auth_func_table[i] == NULL) continue;
1209
1210 allowed++;
1211 }
1212
1213 /*
1214 * Get a list of the DAs that match are allowed
1215 * functions.
1216 */
1217 pap_alloweds = talloc_array(NULL, fr_dict_attr_t const *, allowed);
1218 for (i = 0; i < NUM_ELEMENTS(auth_func_table); i++) {
1219 fr_dict_attr_t const *password_da;
1220
1221 if (auth_func_table[i] == NULL) continue;
1222
1223 password_da = fr_dict_attr_child_by_num(attr_root, i);
1224 if (!fr_cond_assert(password_da)) {
1225 ERROR("Could not resolve password attribute %zu", i);
1228 return -1;
1229 }
1230
1231 pap_alloweds[j++] = password_da;
1232 }
1233
1234 return 0;
1235}
1236
1237static void mod_unload(void)
1238{
1241}
1242
1243/*
1244 * The module name should be the only globally exported symbol.
1245 * That is, everything else should be 'static'.
1246 *
1247 * If the module needs to temporarily modify it's instantiation
1248 * data, the type should be changed to MODULE_TYPE_THREAD_UNSAFE.
1249 * The server will then take care of ensuring that the module
1250 * is single-threaded.
1251 */
1252extern module_rlm_t rlm_pap;
1254 .common = {
1255 .magic = MODULE_MAGIC_INIT,
1256 .name = "pap",
1257 .inst_size = sizeof(rlm_pap_t),
1258 .onload = mod_load,
1259 .unload = mod_unload,
1261 .instantiate = mod_instantiate
1262 },
1263 .method_group = {
1264 .bindings = (module_method_binding_t[]){
1265 /*
1266 * Hack to support old configurations
1267 */
1268 { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &pap_method_env },
1269 { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &pap_method_env },
1270 { .section = SECTION_NAME(CF_IDENT_ANY, CF_IDENT_ANY), .method = mod_authorize, .method_env = &pap_method_env },
1271
1273 }
1274 }
1275};
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
#define fr_base16_decode(_err, _out, _in, _no_trailing)
Definition base16.h:95
#define fr_base64_decode(_out, _in, _expect_padding, _no_trailing)
Definition base64.h:81
#define FR_BASE64_DEC_LENGTH(_inlen)
Definition base64.h:44
#define USES_APPLE_DEPRECATED_API
Definition build.h:472
#define RCSID(id)
Definition build.h:485
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
#define UNUSED
Definition build.h:317
#define NUM_ELEMENTS(_t)
Definition build.h:339
#define CALL_ENV_TERMINATOR
Definition call_env.h:236
#define FR_CALL_ENV_PARSE_OFFSET(_name, _cast_type, _flags, _struct, _field, _parse_field)
Specify a call_env_parser_t which writes out runtime results and the result of the parsing phase to t...
Definition call_env.h:365
size_t inst_size
Size of per call env.
Definition call_env.h:245
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl MUST contain an attribute reference.
Definition call_env.h:86
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition call_env.h:75
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition call_env.h:80
Per method call config.
Definition call_env.h:180
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:662
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:284
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:599
#define CF_IDENT_ANY
Definition cf_util.h:78
#define fr_dbuff_start(_dbuff_or_marker)
Return the 'start' position of a dbuff or marker.
Definition dbuff.h:898
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:131
#define MEM(x)
Definition debug.h:36
#define ERROR(fmt,...)
Definition dhcpclient.c:41
#define fr_dict_autofree(_to_free)
Definition dict.h:879
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:274
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:287
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
Definition dict_util.c:4207
#define fr_dict_autoload(_to_load)
Definition dict.h:876
fr_dict_attr_t const * fr_dict_attr_child_by_num(fr_dict_attr_t const *parent, unsigned int attr)
Check if a child attribute exists in a parent using an attribute number.
Definition dict_util.c:3404
fr_dict_enum_value_t const * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition dict_util.c:3512
Specifies an attribute which must be present for the module to function.
Definition dict.h:273
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:286
Value of an enumerated attribute.
Definition dict.h:233
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
#define PERROR(_fmt,...)
Definition log.h:228
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:335
#define RDEBUG3(fmt,...)
Definition log.h:343
#define REDEBUG3(fmt,...)
Definition log.h:373
#define REMARKER(_str, _marker_idx, _marker,...)
Output string with error marker, showing where format error occurred.
Definition log.h:498
#define RPEDEBUG(fmt,...)
Definition log.h:376
#define DEBUG_ENABLED3
True if global debug level 1-3 messages are enabled.
Definition log.h:259
#define RHEXDUMP2(_data, _len, _fmt,...)
Definition log.h:704
talloc_free(reap)
void fr_md4_calc(uint8_t out[static MD4_DIGEST_LENGTH], uint8_t const *in, size_t inlen)
Calculate the MD4 hash of the contents of a buffer.
Definition md4.c:482
#define MD4_DIGEST_LENGTH
Definition md4.h:25
fr_md5_update_t fr_md5_update
Definition md5.c:442
fr_md5_final_t fr_md5_final
Definition md5.c:443
void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx)
Definition md5.c:522
fr_md5_ctx_t * fr_md5_ctx_alloc_from_list(void)
Definition md5.c:477
void fr_md5_ctx_t
Definition md5.h:28
#define MD5_DIGEST_LENGTH
@ FR_TYPE_TLV
Contains nested attributes.
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
unsigned int uint32_t
long int ssize_t
void fr_md5_calc(uint8_t out[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen)
Perform a single digest operation on a single input buffer.
unsigned char uint8_t
unsigned long int size_t
ssize_t fr_utf8_to_ucs2(uint8_t *out, size_t outlen, char const *in, size_t inlen)
Convert UTF8 string to UCS2 encoding.
Definition misc.c:316
int fr_digest_cmp(uint8_t const *a, uint8_t const *b, size_t length)
Do a comparison of two authentication digests by comparing the FULL data.
Definition misc.c:473
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
bool module_rlm_section_type_set(request_t *request, fr_dict_attr_t const *type_da, fr_dict_enum_value_t const *enumv)
Set the next section type if it's not already set.
Definition module_rlm.c:413
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:698
static ssize_t normify(normalise_t *action, uint8_t *buffer, size_t bufflen, char const *known_good, size_t len, size_t min_len)
Definition password.c:429
fr_pair_t * password_find(bool *ephemeral, TALLOC_CTX *ctx, request_t *request, fr_dict_attr_t const *allowed_attrs[], size_t allowed_attrs_len, bool normify)
Find a "known good" password in the control list of a request.
Definition password.c:983
static const conf_parser_t config[]
Definition base.c:186
#define fr_assert(_expr)
Definition rad_assert.h:38
#define REDEBUG(fmt,...)
Definition radclient.h:52
#define RDEBUG2(fmt,...)
Definition radclient.h:54
#define WARN(fmt,...)
Definition radclient.h:47
#define RETURN_UNLANG_UPDATED
Definition rcode.h:66
#define RETURN_UNLANG_INVALID
Definition rcode.h:62
#define RETURN_UNLANG_RCODE(_rcode)
Definition rcode.h:57
#define RETURN_UNLANG_FAIL
Definition rcode.h:59
#define RETURN_UNLANG_REJECT
Definition rcode.h:58
#define RETURN_UNLANG_OK
Definition rcode.h:60
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:47
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:45
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:43
#define RETURN_UNLANG_NOOP
Definition rcode.h:65
static const pap_auth_func_t auth_func_table[]
Table of password types we can process.
Definition rlm_pap.c:1052
static int mod_load(void)
Definition rlm_pap.c:1186
unlang_action_t(* pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *)
Definition rlm_pap.c:79
static fr_dict_attr_autoload_t rlm_pap_dict_attr[]
Definition rlm_pap.c:112
static unlang_action_t pap_auth_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:235
static fr_dict_t const * dict_freeradius
Definition rlm_pap.c:102
module_rlm_t rlm_pap
Definition rlm_pap.c:1253
fr_value_box_t password
Definition rlm_pap.c:87
static const call_env_method_t pap_method_env
Definition rlm_pap.c:91
fr_dict_enum_value_t const * auth_type
Definition rlm_pap.c:75
static fr_dict_autoload_t rlm_pap_dict[]
Definition rlm_pap.c:104
static unlang_action_t pap_auth_nt(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:942
static fr_dict_attr_t const * attr_auth_type
Definition rlm_pap.c:109
static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_pap.c:149
static void mod_unload(void)
Definition rlm_pap.c:1237
static unlang_action_t pap_auth_sha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:294
static unlang_action_t pap_auth_clear(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:179
static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_pap.c:1096
static fr_dict_attr_t const * attr_root
Definition rlm_pap.c:110
static unlang_action_t pap_auth_dummy(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, UNUSED request_t *request, UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password)
Auth func for password types that should have been normalised away.
Definition rlm_pap.c:1042
static unlang_action_t pap_auth_ns_mta_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:977
static unlang_action_t pap_auth_ssha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:322
static fr_dict_attr_t const ** pap_alloweds
Definition rlm_pap.c:141
static USES_APPLE_DEPRECATED_API pthread_mutex_t fr_crypt_mutex
Definition rlm_pap.c:64
static const conf_parser_t module_config[]
Definition rlm_pap.c:81
bool normify
Definition rlm_pap.c:76
tmpl_t * password_tmpl
Definition rlm_pap.c:88
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_pap.c:1173
static unlang_action_t pap_auth_smd5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password)
Definition rlm_pap.c:261
static unsigned int hash(char const *username, unsigned int tablesize)
Definition rlm_passwd.c:132
static char const * name
#define FR_SBUFF_IN(_start, _len_or_end)
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
char const * name
Instance name e.g. user_database.
Definition module.h:355
size_t inst_size
Size of the module's instance data.
Definition module.h:212
void * data
Module's instance data.
Definition module.h:291
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:152
Named methods exported by a module.
Definition module.h:174
void fr_sha1_init(fr_sha1_ctx *context)
Definition sha1.c:93
void fr_sha1_final(uint8_t digest[static SHA1_DIGEST_LENGTH], fr_sha1_ctx *context)
Definition sha1.c:141
void fr_sha1_update(fr_sha1_ctx *context, uint8_t const *in, size_t len)
Definition sha1.c:105
#define SHA1_DIGEST_LENGTH
Definition sha1.h:29
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
eap_aka_sim_process_conf_t * inst
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
#define fr_table_value_by_substr(_table, _name, _name_len, _def)
Convert a partial string to a value using an ordered or sorted table.
Definition table.h:693
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
#define talloc_get_type_abort_const
Definition talloc.h:287
@ T_BARE_WORD
Definition token.h:120
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:576
#define FR_MAX_STRING_LEN
Definition value.h:30
int nonnull(2, 5))
#define fr_box_octets(_val, _len)
Definition value.h:310