Source Code Modification Help - No Clear Text User-Password logging

[Alan DeKok]

Mark Selby wrote:
> I do not have any C
> programming experience but have made small modifications and compiled
> tens of open source software programs.

  That will make it more difficult.

> As a general practice we never ask what other users passwords are,
> never transmit passwords over the wire in clear text, and never log
> passwords on disk.

  That's nice.  But it's often more useful to have them.

> I have found there are 2 ways to get the freeradius server to log
> clear text passwords and would like to ask for source code
> modification examples or at least pointers the right place to make
> them such that I can compile a custom version of the software that
> does not do this. We do want to be able ever to see our users
> passwords

  This is a hopeless goal.  If you have the shared secrets, you have the
users passwords.  Modifying the source code makes that less obviously
true, but it's still true.

> (1) log_auth_badpass|log_auth_goodpass
> 
> I see there are 4 source files (radiusd.h auth.c mainconfig.c
> radiusd.c) that include references to log_auth_badpass and
> log_auth_goodpass. I figure that I can read the code and make any
> minor modifications that make sure these options can not be turned on.

  Or just never enable them.  Why modify the source?

> (2) radiusd -X
> 
> When running in debug mode I can often see on the screen output like the below:

  Yes.  It prints out the attributes it receives.

> I can not seem to figure out in the code how to make sure that the
> User-Password is never printed in the clear like it is above. Any
> pointers to where in the code I can turn this off would be greatly
> appreciated.

  See src/lib/radius.c.  It prints out ALL of the attributes it
receives.  There is NOTHING magic about User-Password.

  Alan DeKok.