Help on Getting Cleartext-Password attribute in my module
Hi All, In my module I want to restrict only Cleartext-Password passwords, and need reject(ignore) the other type of passwords request like mds sha and all. I am able to get only User-Password attribute not Cleartext-Password in mod_authorize I am checking for the vp->da->attr type I even try to extract cleartext_passord from request packet if not i check in request_config like below pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); But both the way I not able to get Cleartext-Password I verified sending the request in rad-client radtest bob hello localhost 0 testing123 Sent Access-Request Id 95 from 0.0.0.0:33290 to 127.0.0.1:1812 length 73 User-Name = "bob" User-Password = "hello" NAS-IP-Address = * NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "hello" but in my module only User-Password = "hello" is coming User-Name = "bob" User-Password = "hello" NAS-IP-Address = 10.196.49.149 NAS-Port = 0 Message-Authenticator = 0x3ada3e00aafb8861cae40493d3d35421 I am not getting where the Cleartext-Password password geting terminated or do I need to add any config to update the User-Password to Cleartext-Password?. Regards, Shivaprasad
The module is working as it meant to be. Cleartext-password is being shown in your radtest. You need to show your module logs. On Wed 30 Jan, 2019, 9:14 PM shivu prasad, <shivaprasad2452@gmail.com> wrote:
Hi All,
In my module I want to restrict only Cleartext-Password passwords, and need reject(ignore) the other type of passwords request like mds sha and all.
I am able to get only User-Password attribute not Cleartext-Password
in mod_authorize I am checking for the vp->da->attr type I even try to extract cleartext_passord from request packet if not i check in request_config like below
pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
But both the way I not able to get Cleartext-Password
I verified sending the request in rad-client
radtest bob hello localhost 0 testing123 Sent Access-Request Id 95 from 0.0.0.0:33290 to 127.0.0.1:1812 length 73 User-Name = "bob" User-Password = "hello" NAS-IP-Address = * NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "hello"
but in my module only User-Password = "hello" is coming
User-Name = "bob" User-Password = "hello" NAS-IP-Address = 10.196.49.149 NAS-Port = 0 Message-Authenticator = 0x3ada3e00aafb8861cae40493d3d35421
I am not getting where the Cleartext-Password password geting terminated or do I need to add any config to update the User-Password to Cleartext-Password?.
Regards, Shivaprasad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jan 30, 2019, at 10:44 AM, shivu prasad <shivaprasad2452@gmail.com> wrote:
In my module I want to restrict only Cleartext-Password passwords, and need reject(ignore) the other type of passwords request like mds sha and all.
OK... you can do that via "unlang", too.
I am able to get only User-Password attribute not Cleartext-Password
If the Cleartext-Password exists, you can get it in the module. The other modules do it, so it's absolutely possible.
in mod_authorize I am checking for the vp->da->attr type I even try to extract cleartext_passord from request packet if not i check in request_config like below
pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
But both the way I not able to get Cleartext-Password
Did it get added by *another* module? The server doesn't magically invent that attribute. It gets the attribute from a database.
I verified sending the request in rad-client
Hmm... trying to debug the server, and looking at the client logs. That's not useful. Alan DeKok.
participants (3)
-
Alan DeKok -
shivu prasad -
Suman Dash