Please find below a patch to enable support UTF-8 encoded passwords. It also adds a single configuration option to enable or disable this. josh. --- ../../../../freeradius-1.1.2/src/modules/rlm_mschap/rlm_mschap.c 2006-04-13 17:28:30.000000000 +0100 +++ rlm_mschap.c 2006-07-26 10:55:42.000000000 +0100 @@ -187,21 +187,80 @@ * ntpwdhash converts Unicode password to 16-byte NT hash * with MD4 */ -static void ntpwdhash (unsigned char *szHash, const char *szPassword) +static void ntpwdhash (unsigned char *szHash, const char *szPassword, int utf8_password) { char szUnicodePass[513]; int nPasswordLen; int i; + if (utf8_password) { + + /* + * We've been told to expect a UTF-8 password. + * Use iconv() to perform UTF-8 to Unicode conversion. + */ + + DEBUG2(" rlm_mschap: using UTF-8 to Unicode conversion"); + + iconv_t cd; + const char *fptr; + char *tptr; + size_t ileft,oleft; + fptr=szPassword; + tptr=szUnicodePass; + + cd=iconv_open("UCS-2LE", "UTF-8"); + + if (cd == (iconv_t)-1) { + DEBUG2(" rlm_mschap: iconv failed; trying the 7-bit conversion"); + /* + * Skip to the 7-bit password conversion + */ + goto sevenbit; + } + + ileft=strlen(szPassword); + oleft=512; + if (iconv(cd,&fptr, &ileft, &tptr, &oleft) != (size_t)-1) { + iconv_close(cd); + nPasswordLen = strlen(szUnicodePass); + nPasswordLen=512-oleft; + /* Encrypt Unicode password to a 16-byte MD4 hash */ + md4_calc(szHash, szUnicodePass, nPasswordLen ); + return; + } + + /* + * We encountered a problem. Recovery isn't possible, + * so log the problem and optimistically try the 7-bit conversion. + */ + + if (errno == EINVAL) { + DEBUG2(" rlm_mschap: An incomplete multibyte sequence has been encountered in the password"); + } else if (errno == E2BIG) { + DEBUG2(" rlm_mschap: password too big to convert"); + } else if (errno == EILSEQ) { + DEBUG2(" rlm_mschap: an invalid multibyte sequence has been encountered in the password"); + } else { + DEBUG2(" rlm_mschap: unknown iconv error"); + } + DEBUG2(" rlm_mschap: trying the 7-bit conversion instead"); + iconv_close(cd); + } + /* - * NT passwords are unicode. Convert plain text password - * to unicode by inserting a zero every other byte + * 7-bit password conversion */ + + sevenbit: + + DEBUG2(" rlm_mschap: using 7-bit to Unicode conversion"); + nPasswordLen = strlen(szPassword); for (i = 0; i < nPasswordLen; i++) { szUnicodePass[i << 1] = szPassword[i]; szUnicodePass[(i << 1) + 1] = 0; - } + } /* Encrypt Unicode password to a 16-byte MD4 hash */ md4_calc(szHash, szUnicodePass, (nPasswordLen<<1) ); @@ -290,6 +349,7 @@ char *xlat_name; char *ntlm_auth; char *auth_type; + int utf8_password; } rlm_mschap_t; @@ -602,6 +662,8 @@ offsetof(rlm_mschap_t, passwd_file), NULL, NULL }, { "ntlm_auth", PW_TYPE_STRING_PTR, offsetof(rlm_mschap_t, ntlm_auth), NULL, NULL }, + { "utf8_password", PW_TYPE_BOOLEAN, + offsetof(rlm_mschap_t,utf8_password), NULL, "yes" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; @@ -1121,7 +1183,7 @@ radlog(L_ERR, "No memory"); return RLM_MODULE_FAIL; } else { - ntpwdhash(nt_password->strvalue, password->strvalue); + ntpwdhash(nt_password->strvalue, password->strvalue, inst->utf8_password); nt_password->length = 16; pairadd(&request->config_items, nt_password); } --- ../../../../freeradius-1.1.2/raddb/radiusd.conf.in 2006-04-20 19:40:29.000000000 +0100 +++ ../../../raddb/radiusd.conf.in 2006-07-26 10:57:29.000000000 +0100 @@ -707,6 +707,10 @@ # Be VERY careful when editing the following line! # #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" + + # Use UTF-8 encoded passwords. + # + utf8_password = yes } # Lightweight Directory Access Protocol (LDAP)
participants (1)
-
Josh Howlett