produce better errors on bad passwords

diff --git a/src/modules/rlm_mschap/mschap.c b/src/modules/rlm_mschap/mschap.c
index 4e088ed962169313d0338ff59eb23e2b975129f4..759db2b69c6952b8ef99c824c233245bd9d15e00 100644 (file)
--- a/src/modules/rlm_mschap/mschap.c
+++ b/src/modules/rlm_mschap/mschap.c
@@ -52,8 +52,14 @@ int mschap_ntpwdhash(uint8_t *out, char const *password)
        ssize_t len;
        uint8_t ucs2_password[512];
 
+       if (!password || !*password) {
+               fr_strerror_printf("Password is missing or is empty");
+               return -1;
+       }
+
        len = fr_utf8_to_ucs2(ucs2_password, sizeof(ucs2_password), password, strlen(password));
        if (len < 0) {
+               fr_strerror_printf("Password contains invalid UTF-8 characters, and cannot be converted to UCS2");
                *out = '\0';
                return -1;
        }

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 4742f9f9630936193c838790056c125fe681cf6d..7ac5f6ac09bbf708bb884133f3369f65997dc1af 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1743,7 +1743,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
                        nt_password->vp_octets = p = talloc_array(nt_password, uint8_t, nt_password->vp_length);
 
                        if (mschap_ntpwdhash(p, password->vp_strvalue) < 0) {
-                               RERROR("Failed generating NT-Password");
+                               RERROR("Failed generating NT-Password - %s", fr_strerror());
                                return RLM_MODULE_FAIL;
                        }
                } else if (auth_method == AUTH_INTERNAL) {