rlm_perl and CHAP authentication
Tomas Hoger
thoger at pobox.sk
Thu Feb 8 19:18:37 CET 2007
Hi all!
It seems CVS version of rlm_perl may have some negative impact on CHAP
authentication. If you use rlm_perl in authorize{}, it will replace
request vps with contents of %RAD_REQUEST. After that, request->username
and request->password are updated. Result is, that rlm_chap in
authenticate{} is not able to find CHAP password any more. main/auth.c
fallbacks to searching for PW_CHAP_PASSWORD if PW_PASSWORD is not found.
Would it make sense to do the same in rlm_perl? Something like:
--- rlm_perl.c.orig 2007-02-08 17:11:48.000000000 +0100
+++ rlm_perl/rlm_perl.c 2007-02-08 17:26:43.000000000 +0100
@@ -1069,6 +1069,11 @@
PW_USER_NAME);
request->password = pairfind(request->packet->vps,
PW_USER_PASSWORD);
+ /* User-Password not found, try CHAP-Password */
+ if (request->password == NULL) {
+ request->password = pairfind(request->packet->vps,
+ PW_CHAP_PASSWORD);
+ }
}
if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) {
Maybe modifying rlm_chap may be better approach...
Ideas?
th.
More information about the Freeradius-Devel
mailing list