From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 23 Feb 2025 14:32:38 +0000 (-0500)
Subject: produce better errors on bad passwords
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f60322854fcbac6cdd17af5d5fca6c8617a0b7b;p=thirdparty%2Ffreeradius-server.git

produce better errors on bad passwords
---

diff --git a/src/modules/rlm_mschap/mschap.c b/src/modules/rlm_mschap/mschap.c
index 4e088ed962..759db2b69c 100644
--- a/src/modules/rlm_mschap/mschap.c
+++ b/src/modules/rlm_mschap/mschap.c
@@ -52,8 +52,14 @@ int mschap_ntpwdhash(uint8_t *out, char const *password)
 	ssize_t len;
 	uint8_t ucs2_password[512];
 
+	if (!password || !*password) {
+		fr_strerror_printf("Password is missing or is empty");
+		return -1;
+	}
+
 	len = fr_utf8_to_ucs2(ucs2_password, sizeof(ucs2_password), password, strlen(password));
 	if (len < 0) {
+		fr_strerror_printf("Password contains invalid UTF-8 characters, and cannot be converted to UCS2");
 		*out = '\0';
 		return -1;
 	}
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 4742f9f963..7ac5f6ac09 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1743,7 +1743,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
 			nt_password->vp_octets = p = talloc_array(nt_password, uint8_t, nt_password->vp_length);
 
 			if (mschap_ntpwdhash(p, password->vp_strvalue) < 0) {
-				RERROR("Failed generating NT-Password");
+				RERROR("Failed generating NT-Password - %s", fr_strerror());
 				return RLM_MODULE_FAIL;
 			}
 		} else if (auth_method == AUTH_INTERNAL) {