auth.c and rlm_pap tidying patches

Matthew Newton mcn4 at leicester.ac.uk
Fri Sep 28 01:29:59 CEST 2012


Hi,

Been hacking on (mainly) rad_check_password in auth.c. It's got
sections marked as FIXME, and lots of it is duplicated in rlm_pap
and rlm_chap.

There are a series of patches here:

  https://github.com/mcnewton/freeradius-server/commits/auth_tidy

In order, they are:

5843221b3 -
  remove the large chunk of code that finds Crypt-Password, or
  User-Password or Cleartext-Password, sets Auth-Type to 'Crypt'
  or 'Local', and checks auth for these. It's completely
  duplicated in rlm_pap and rlm_chap, so unnecessary here. Still
  throws up warnings telling the user to fix their config to use
  pap or chap if Auth-Type has not been set (but
  Cleartext-Password or User-Password are set) before failing
  auth.

e12867d57 -
  no longer copy User-Password to Cleartext-Password if the admin
  configured it wrong. a) it's unnecessary because the login
  checks here have been removed, and b) rlm_pap will use both
  anyway, so no need to copy. Still throws up the big !!! warning !!!
  about using Cleartext-Password instead.

0cb1cb3cd -
  move the !!! warning !!! about User-Password from auth.c into
  rlm_pap.c, which is where it is checked. There's no reason for
  it to clutter up rad_check_password any more really.

c5350ba22 -
  tidy up comments in rad_check_password

fdd53ce23 -
  updates to rlm_pap.c - the (undocumented) encryption_scheme
  option was completely broken, so change 'scheme' to 'inst->sch'
  to fix that, and update it so that any forced encryption type
  with this option must compare with Cleartext-Password, not
  User-Password. Warn and fail if this is not the case.

The next step would be either to document the PAP encryption_scheme
option correctly, or to remove it entirely - I'm not sure of its
history, whether it has ever worked, and if it is wanted or not.
It seems a potentially useful option, but maybe {type} has
superseeded it. If it is removed, the rlm_pap.c could potentially
be tidied up quite a lot.

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Devel mailing list