freeradius-server  3.0.23
About: FreeRADIUS Server Project - a high performance and highly configurable RADIUS server.
  Fossies Dox: freeradius-server-3.0.23.tar.bz2  ("unofficial" and yet experimental doxygen-generated source code documentation)  

rlm_mschap.c File Reference

Implemented mschap authentication. More...

#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/rad_assert.h>
#include <freeradius-devel/md5.h>
#include <freeradius-devel/sha1.h>
#include <ctype.h>
#include "rlm_mschap.h"
#include "mschap.h"
#include "smbdes.h"
+ Include dependency graph for rlm_mschap.c:

Go to the source code of this file.

Macros

#define ACB_DISABLED   0x00010000
 User account disabled. More...
 
#define ACB_HOMDIRREQ   0x00020000
 Home directory required. More...
 
#define ACB_PWNOTREQ   0x00040000
 User password not required. More...
 
#define ACB_TEMPDUP   0x00080000
 Temporary duplicate account. More...
 
#define ACB_NORMAL   0x00100000
 Normal user account. More...
 
#define ACB_MNS   0x00200000
 MNS logon user account. More...
 
#define ACB_DOMTRUST   0x00400000
 Interdomain trust account. More...
 
#define ACB_WSTRUST   0x00800000
 Workstation trust account. More...
 
#define ACB_SVRTRUST   0x01000000
 Server trust account. More...
 
#define ACB_PWNOEXP   0x02000000
 User password does not expire. More...
 
#define ACB_AUTOLOCK   0x04000000
 Account auto locked. More...
 
#define ACB_PW_EXPIRED   0x00020000
 Password Expired. More...
 

Functions

static int pdb_decode_acct_ctrl (char const *p)
 
static ssize_t mschap_xlat (void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen)
 
static int mod_bootstrap (CONF_SECTION *conf, void *instance)
 
static int mod_instantiate (CONF_SECTION *conf, void *instance)
 
static int mod_detach (UNUSED void *instance)
 
void mschap_add_reply (REQUEST *request, unsigned char ident, char const *name, char const *value, size_t len)
 
static void mppe_add_reply (REQUEST *request, char const *name, uint8_t const *value, size_t len)
 
static int write_all (int fd, char const *buf, int len)
 
static int CC_HINT (nonnull(1, 2, 4, 5))
 
static int CC_HINT (nonnull(1, 2, 4, 5, 6))
 
static void mppe_GetMasterKey (uint8_t const *nt_hashhash, uint8_t const *nt_response, uint8_t *masterkey)
 
static void mppe_GetAsymmetricStartKey (uint8_t *masterkey, uint8_t *sesskey, int keylen, int issend)
 
static void mppe_chap2_get_keys128 (uint8_t const *nt_hashhash, uint8_t const *nt_response, uint8_t *sendkey, uint8_t *recvkey)
 
static void mppe_chap2_gen_keys128 (uint8_t const *nt_hashhash, uint8_t const *response, uint8_t *sendkey, uint8_t *recvkey)
 
static rlm_rcode_t CC_HINT (nonnull)
 
static rlm_rcode_t mschap_error (rlm_mschap_t *inst, REQUEST *request, unsigned char ident, int mschap_result, int mschap_version, VALUE_PAIR *smb_ctrl)
 

Variables

static const CONF_PARSER passchange_config []
 
static const CONF_PARSER module_config []
 
static const uint8_t SHSpad1 [40]
 
static const uint8_t SHSpad2 [40]
 
static const uint8_t magic1 [27]
 
static const uint8_t magic2 [84]
 
static const uint8_t magic3 [84]
 
module_t rlm_mschap
 

Detailed Description

Implemented mschap authentication.

Id
5b17676a9f62b23c85ff70f6dbb1c42033fc13d6

Definition in file rlm_mschap.c.

Macro Definition Documentation

◆ ACB_AUTOLOCK

#define ACB_AUTOLOCK   0x04000000

Account auto locked.

Definition at line 64 of file rlm_mschap.c.

◆ ACB_DISABLED

#define ACB_DISABLED   0x00010000

User account disabled.

Definition at line 54 of file rlm_mschap.c.

◆ ACB_DOMTRUST

#define ACB_DOMTRUST   0x00400000

Interdomain trust account.

Definition at line 60 of file rlm_mschap.c.

◆ ACB_HOMDIRREQ

#define ACB_HOMDIRREQ   0x00020000

Home directory required.

Definition at line 55 of file rlm_mschap.c.

◆ ACB_MNS

#define ACB_MNS   0x00200000

MNS logon user account.

Definition at line 59 of file rlm_mschap.c.

◆ ACB_NORMAL

#define ACB_NORMAL   0x00100000

Normal user account.

Definition at line 58 of file rlm_mschap.c.

◆ ACB_PW_EXPIRED

#define ACB_PW_EXPIRED   0x00020000

Password Expired.

Definition at line 65 of file rlm_mschap.c.

◆ ACB_PWNOEXP

#define ACB_PWNOEXP   0x02000000

User password does not expire.

Definition at line 63 of file rlm_mschap.c.

◆ ACB_PWNOTREQ

#define ACB_PWNOTREQ   0x00040000

User password not required.

Definition at line 56 of file rlm_mschap.c.

◆ ACB_SVRTRUST

#define ACB_SVRTRUST   0x01000000

Server trust account.

Definition at line 62 of file rlm_mschap.c.

◆ ACB_TEMPDUP

#define ACB_TEMPDUP   0x00080000

Temporary duplicate account.

Definition at line 57 of file rlm_mschap.c.

◆ ACB_WSTRUST

#define ACB_WSTRUST   0x00800000

Workstation trust account.

Definition at line 61 of file rlm_mschap.c.

Function Documentation

◆ CC_HINT() [1/3]

static int CC_HINT ( nonnull(1, 2, 4, 5)  )
static

Definition at line 792 of file rlm_mschap.c.

References AUTH_INTERNAL, fr_bin2hex(), fr_md4_calc(), fr_pair_value_memcpy(), fr_syserror(), inst, key, NT_DIGEST_LENGTH, pair_make_request, rad_waitpid(), radius_readfrom_program(), radius_start_program(), radius_xlat(), RDEBUG, RDEBUG2, REDEBUG, request, RWDEBUG2, smbhash(), status, strsep(), T_OP_EQ, and write_all().

+ Here is the call graph for this function:

◆ CC_HINT() [2/3]

static int CC_HINT ( nonnull(1, 2, 4, 5,6)  )
static

Definition at line 1155 of file rlm_mschap.c.

References AUTH_INTERNAL, AUTH_NTLMAUTH_EXEC, do_auth_wbclient(), fr_hex2bin(), fr_md4_calc(), inst, MD4_DIGEST_LENGTH, NT_DIGEST_LENGTH, rad_digest_cmp(), radius_exec_program(), RDEBUG2, REDEBUG, REDEBUG2, request, RERROR, smbdes_mschap(), and strcasecmp().

+ Here is the call graph for this function:

◆ CC_HINT() [3/3]

static rlm_rcode_t CC_HINT ( nonnull  )
static

Definition at line 1457 of file rlm_mschap.c.

References rad_request::config, fr_pair_find_by_num(), inst, rad_request::packet, pair_make_config, PW_MSCHAP2_CPW, PW_MSCHAP2_RESPONSE, PW_MSCHAP_CHALLENGE, PW_MSCHAP_RESPONSE, RDEBUG2, request, RLM_MODULE_FAIL, RLM_MODULE_NOOP, RLM_MODULE_OK, RWDEBUG2, T_OP_EQ, TAG_ANY, VENDORPEC_MICROSOFT, and radius_packet::vps.

+ Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( CONF_SECTION conf,
void *  instance 
)
static

Definition at line 621 of file rlm_mschap.c.

References cf_section_name1(), cf_section_name2(), conf, inst, mschap_xlat(), and xlat_register().

+ Here is the call graph for this function:

◆ mod_detach()

static int mod_detach ( UNUSED void *  instance)
static

Definition at line 716 of file rlm_mschap.c.

References fr_connection_pool_free(), and inst.

+ Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( CONF_SECTION conf,
void *  instance 
)
static

Definition at line 641 of file rlm_mschap.c.

References AUTH_INTERNAL, AUTH_NTLMAUTH_EXEC, cf_log_err_cs(), conf, DEBUG, dict_valbyname(), EXEC_TIMEOUT, fr_connection_pool_module_init(), inst, and mod_conn_create().

+ Here is the call graph for this function:

◆ mppe_add_reply()

static void mppe_add_reply ( REQUEST request,
char const *  name,
uint8_t const *  value,
size_t  len 
)
static

Definition at line 763 of file rlm_mschap.c.

References fr_pair_value_memcpy(), fr_strerror(), pair_make_reply, REDEBUG, and T_OP_EQ.

+ Here is the call graph for this function:

◆ mppe_chap2_gen_keys128()

static void mppe_chap2_gen_keys128 ( uint8_t const *  nt_hashhash,
uint8_t const *  response,
uint8_t *  sendkey,
uint8_t *  recvkey 
)
static

Definition at line 1433 of file rlm_mschap.c.

References mppe_chap2_get_keys128().

+ Here is the call graph for this function:

◆ mppe_chap2_get_keys128()

static void mppe_chap2_get_keys128 ( uint8_t const *  nt_hashhash,
uint8_t const *  nt_response,
uint8_t *  sendkey,
uint8_t *  recvkey 
)
static

Definition at line 1419 of file rlm_mschap.c.

References mppe_GetAsymmetricStartKey(), and mppe_GetMasterKey().

Referenced by mppe_chap2_gen_keys128().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_GetAsymmetricStartKey()

static void mppe_GetAsymmetricStartKey ( uint8_t *  masterkey,
uint8_t *  sesskey,
int  keylen,
int  issend 
)
static

Definition at line 1393 of file rlm_mschap.c.

References fr_sha1_final(), fr_sha1_init(), fr_sha1_update(), magic2, magic3, SHSpad1, and SHSpad2.

Referenced by mppe_chap2_get_keys128().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mppe_GetMasterKey()

static void mppe_GetMasterKey ( uint8_t const *  nt_hashhash,
uint8_t const *  nt_response,
uint8_t *  masterkey 
)
static

Definition at line 1377 of file rlm_mschap.c.

References fr_sha1_final(), fr_sha1_init(), fr_sha1_update(), magic1, and NT_DIGEST_LENGTH.

Referenced by mppe_chap2_get_keys128().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_add_reply()

void mschap_add_reply ( REQUEST request,
unsigned char  ident,
char const *  name,
char const *  value,
size_t  len 
)

Definition at line 731 of file rlm_mschap.c.

References value_pair::da, fr_strerror(), pair_make_reply, PW_TYPE_STRING, REDEBUG, T_OP_EQ, and dict_attr::type.

Referenced by mschap_error().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mschap_error()

static rlm_rcode_t mschap_error ( rlm_mschap_t inst,
REQUEST request,
unsigned char  ident,
int  mschap_result,
int  mschap_version,
VALUE_PAIR smb_ctrl 
)
static

Definition at line 1493 of file rlm_mschap.c.

References ACB_AUTOLOCK, ACB_DISABLED, ACB_NORMAL, ACB_PW_EXPIRED, ACB_WSTRUST, fr_rand(), inst, mschap_add_reply(), RDEBUG, REDEBUG, request, RLM_MODULE_FAIL, RLM_MODULE_NOTFOUND, RLM_MODULE_OK, RLM_MODULE_REJECT, RLM_MODULE_USERLOCK, and snprintf().

+ Here is the call graph for this function:

◆ mschap_xlat()

static ssize_t mschap_xlat ( void *  instance,
REQUEST request,
char const *  fmt,
char *  out,
size_t  outlen 
)
static

Definition at line 152 of file rlm_mschap.c.

References dict_attr::attr, value_pair::da, data, fmt, fr_bin2hex(), fr_pair_find_by_num(), inst, LM_DIGEST_LENGTH, mschap_challenge_hash(), mschap_ntpwdhash(), NT_DIGEST_LENGTH, rad_request::packet, PW_MSCHAP2_RESPONSE, PW_MSCHAP_CHALLENGE, PW_MSCHAP_RESPONSE, RDEBUG, RDEBUG2, REDEBUG, request, RWDEBUG2, smbdes_lmpwdhash(), snprintf(), strlcpy(), strncasecmp(), TAG_ANY, dict_attr::vendor, VENDORPEC_MICROSOFT, and radius_packet::vps.

Referenced by mod_bootstrap().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ pdb_decode_acct_ctrl()

static int pdb_decode_acct_ctrl ( char const *  p)
static

◆ write_all()

static int write_all ( int  fd,
char const *  buf,
int  len 
)
static

Definition at line 776 of file rlm_mschap.c.

References done.

Referenced by CC_HINT().

+ Here is the caller graph for this function:

Variable Documentation

◆ magic1

const uint8_t magic1[27]
static
Initial value:
=
{ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }

Definition at line 1349 of file rlm_mschap.c.

Referenced by mppe_GetMasterKey(), mschap_auth_response(), and otp_mppe().

◆ magic2

const uint8_t magic2[84]
static
Initial value:
=
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x2e }

Definition at line 1354 of file rlm_mschap.c.

Referenced by mppe_GetAsymmetricStartKey(), mschap_auth_response(), and otp_mppe().

◆ magic3

const uint8_t magic3[84]
static
Initial value:
=
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
0x6b, 0x65, 0x79, 0x2e }

Definition at line 1365 of file rlm_mschap.c.

Referenced by mppe_GetAsymmetricStartKey().

◆ module_config

const CONF_PARSER module_config[]
static
Initial value:
= {
{ "use_mppe", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, use_mppe), "yes" },
{ "require_encryption", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, require_encryption), "no" },
{ "require_strong", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, require_strong), "no" },
{ "with_ntdomain_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, with_ntdomain_hack), "yes" },
{ "ntlm_auth", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_mschap_t, ntlm_auth), NULL },
{ "ntlm_auth_timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_mschap_t, ntlm_auth_timeout), NULL },
{ "passchange", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) passchange_config },
{ "allow_retry", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, allow_retry), "yes" },
{ "retry_msg", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_mschap_t, retry_msg), NULL },
{ "winbind_username", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_username), NULL },
{ "winbind_domain", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_domain), NULL },
{ "winbind_retry_with_normalised_username", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, wb_retry_with_normalised_username), "no" },
}
#define CONF_PARSER_TERMINATOR
Definition: conffile.h:217
#define PW_TYPE_SUBSECTION
Definition: conffile.h:118
#define PW_TYPE_XLAT
string will be dynamically expanded.
Definition: conffile.h:137
#define FR_CONF_OFFSET(_t, _s, _f)
Definition: conffile.h:106
#define PW_TYPE_TMPL
CONF_PAIR should be parsed as a template.
Definition: conffile.h:138
#define FR_CONF_POINTER(_t, _p)
Definition: conffile.h:107
@ PW_TYPE_BOOLEAN
A truth value.
Definition: radius.h:35
@ PW_TYPE_INTEGER
32 Bit unsigned integer.
Definition: radius.h:14
@ PW_TYPE_STRING
String of printable characters.
Definition: radius.h:13
static const CONF_PARSER passchange_config[]
Definition: rlm_mschap.c:590

Definition at line 598 of file rlm_mschap.c.

◆ passchange_config

const CONF_PARSER passchange_config[]
static
Initial value:
= {
{ "ntlm_auth", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_mschap_t, ntlm_cpw), NULL },
{ "ntlm_auth_username", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_mschap_t, ntlm_cpw_username), NULL },
{ "ntlm_auth_domain", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_mschap_t, ntlm_cpw_domain), NULL },
{ "local_cpw", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_mschap_t, local_cpw), NULL },
}

Definition at line 590 of file rlm_mschap.c.

◆ rlm_mschap

module_t rlm_mschap
Initial value:
= {
.magic = RLM_MODULE_INIT,
.name = "mschap",
.type = 0,
.inst_size = sizeof(rlm_mschap_t),
.config = module_config,
.bootstrap = mod_bootstrap,
.methods = {
},
}
@ MOD_AUTHORIZE
1 methods index for authorize section.
Definition: modules.h:44
@ MOD_AUTHENTICATE
0 methods index for authenticate section.
Definition: modules.h:43
#define RLM_MODULE_INIT
Definition: modules.h:88
def detach(p)
Definition: example.py:96
def instantiate(p)
Definition: example.py:13
static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
Handle authorization requests using Couchbase document data.
static rlm_rcode_t mod_authenticate(void *instance, REQUEST *request) CC_HINT(nonnull)
static int mod_detach(UNUSED void *instance)
Definition: rlm_mschap.c:716
static int mod_instantiate(CONF_SECTION *conf, void *instance)
Definition: rlm_mschap.c:641
static const CONF_PARSER module_config[]
Definition: rlm_mschap.c:598
static int mod_bootstrap(CONF_SECTION *conf, void *instance)
Definition: rlm_mschap.c:621
struct rlm_mschap_t rlm_mschap_t

Definition at line 2102 of file rlm_mschap.c.

◆ SHSpad1

const uint8_t SHSpad1[40]
static
Initial value:
=
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

Definition at line 1337 of file rlm_mschap.c.

Referenced by mppe_GetAsymmetricStartKey(), and otp_mppe().

◆ SHSpad2

const uint8_t SHSpad2[40]
static
Initial value:
=
{ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }

Definition at line 1343 of file rlm_mschap.c.

Referenced by mppe_GetAsymmetricStartKey(), and otp_mppe().