From: Alan T. DeKok Date: Tue, 17 Apr 2012 16:07:07 +0000 (+0200) Subject: Auto-calculate the CHAP-Password X-Git-Tag: release_3_0_0_beta0~225 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a45f91e658d4bf37155865bb81c0036cee616ed2;p=thirdparty%2Ffreeradius-server.git Auto-calculate the CHAP-Password As before, *unless* it's 17 hex digits. In that case, leave it alone. --- diff --git a/src/main/radclient.c b/src/main/radclient.c index edbb2decd2a..2359de7b851 100644 --- a/src/main/radclient.c +++ b/src/main/radclient.c @@ -605,20 +605,37 @@ static int send_one_packet(radclient_t *radclient) vp->length = strlen(vp->vp_strvalue); } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) { - /* - * FIXME: AND there's no CHAP-Challenge, - * AND vp->length != 17 - * AND rad_chap_encode() != vp->vp_octets - */ - strlcpy(vp->vp_strvalue, radclient->password, - sizeof(vp->vp_strvalue)); - vp->length = strlen(vp->vp_strvalue); + int already_hex = 0; - rad_chap_encode(radclient->request, - vp->vp_octets, - radclient->request->id, vp); - vp->length = 17; + /* + * If it's 17 octets, it *might* be already encoded. + * Or, it might just be a 17-character password (maybe UTF-8) + * Check it for non-printable characters. The odds of ALL + * of the characters being 32..255 is (1-7/8)^17, or (1/8)^17, + * or 1/(2^51), which is pretty much zero. + */ + if (vp->length == 17) { + for (i = 0; i < 17; i++) { + if (vp->vp_octets[i] < 32) { + already_hex = 1; + break; + } + } + } + /* + * Allow the user to specify ASCII or hex CHAP-Password + */ + if (!already_hex) { + strlcpy(vp->vp_strvalue, radclient->password, + sizeof(vp->vp_strvalue)); + vp->length = strlen(vp->vp_strvalue); + + rad_chap_encode(radclient->request, + vp->vp_octets, + fr_rand() & 0xff, vp); + vp->length = 17; + } } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0) != NULL) { mschapv1_encode(&radclient->request->vps, radclient->password);