vp->length = strlen(vp->vp_strvalue);
} else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
- /*
- * FIXME: AND there's no CHAP-Challenge,
- * AND vp->length != 17
- * AND rad_chap_encode() != vp->vp_octets
- */
- strlcpy(vp->vp_strvalue, radclient->password,
- sizeof(vp->vp_strvalue));
- vp->length = strlen(vp->vp_strvalue);
+ int already_hex = 0;
- rad_chap_encode(radclient->request,
- vp->vp_octets,
- radclient->request->id, vp);
- vp->length = 17;
+ /*
+ * If it's 17 octets, it *might* be already encoded.
+ * Or, it might just be a 17-character password (maybe UTF-8)
+ * Check it for non-printable characters. The odds of ALL
+ * of the characters being 32..255 is (1-7/8)^17, or (1/8)^17,
+ * or 1/(2^51), which is pretty much zero.
+ */
+ if (vp->length == 17) {
+ for (i = 0; i < 17; i++) {
+ if (vp->vp_octets[i] < 32) {
+ already_hex = 1;
+ break;
+ }
+ }
+ }
+ /*
+ * Allow the user to specify ASCII or hex CHAP-Password
+ */
+ if (!already_hex) {
+ strlcpy(vp->vp_strvalue, radclient->password,
+ sizeof(vp->vp_strvalue));
+ vp->length = strlen(vp->vp_strvalue);
+
+ rad_chap_encode(radclient->request,
+ vp->vp_octets,
+ fr_rand() & 0xff, vp);
+ vp->length = 17;
+ }
} else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0) != NULL) {
mschapv1_encode(&radclient->request->vps,
radclient->password);
projects / thirdparty / freeradius-server.git / commitdiff
