Re: [SOLVED] CHAP Modification
Thanks, problem resovled. Alan DeKok-4 wrote: ChristosH wrote: Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? No, but the top-level Make.inc contains the list of modules to build. Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. Yes. See the code in rlm_chap: it sets Auth-Type = CHAP for CHAP requests. You can do the same thing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9360755 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? No, but the top-level Make.inc contains the list of modules to build. Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. Yes. See the code in rlm_chap: it sets Auth-Type = CHAP for CHAP requests. You can do the same thing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Um... rlm_example? Or the files in doc/? It's not like the module system is that complicated. A C file, a tiny Makefile, and you're pretty much done. Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? You can do that if you want. But rlm_chap may change, and your patch may not work any more. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: Um... rlm_example? Or the files in doc/? It's not like the module system is that complicated. A C file, a tiny Makefile, and you're pretty much done. Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? You can do that if you want. But rlm_chap may change, and your patch may not work any more. Alan DeKok. I can't seem to find where in rlm_example it tells me how to create all the stuff to integrate my own module. I get that I'm going to have to create a slightly modified 'clone' of rlm_chap, and it's going to have to have it's own header file and makefile (for right now I'll refer to my module as rlm_altchap). The makefile looks relatively easy to do, the header looks simple enough also (just has to list functions contained in my module). Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9273523 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: I don't see anything usefull in rlm_pap that could help me because it's CHAP authentication I'm working on. Yes, I know. I knew that when I pointed to rlm_pap. My point was that it may be possible in rlm_pap to normalize the password... just like it does for other types of passwords. If rlm_pap won't help, then I *strongly* suggest you write your own module. It's easier to integrate a module into a new release of FreeRADIUS than it is to apply a patch to the server core. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: My point was that it may be possible in rlm_pap to normalize the password... just like it does for other types of passwords. If rlm_pap won't help, then I *strongly* suggest you write your own module. It's easier to integrate a module into a new release of FreeRADIUS than it is to apply a patch to the server core. Alan DeKok. Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9253679 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Okay, in the radius.c file they call a function rad_chap_encode() that uses the password attribute. Is that what I'm looking for? Yes. It's a VALUE_PAIR type, so could I check and modify the password-length and password-strvalue in that function? Huh? Why? Do it elsewhere. Or should I back out and modify it in the auth.c rad_check_password () where it's called? I won't run into any issues if I modify the VALUE_PAIR values, will I? No. I would suggest patching the server as little as possible. Also, is there a C function included in the libraries that will allow me to convert a hex string to binary? I'm worried I might get stuck in ASCII - HEX - BINARY conversions. Yes. see bin2hex and hex2bin. See also rlm_pap in 1.1.4, which does a lot of this kind of normalization already. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Okay, in the radius.c file they call a function rad_chap_encode() that uses the password attribute. Is that what I'm looking for? It's a VALUE_PAIR type, so could I check and modify the password-length and password-strvalue in that function? Or should I back out and modify it in the auth.c rad_check_password () where it's called? I won't run into any issues if I modify the VALUE_PAIR values, will I? Also, is there a C function included in the libraries that will allow me to convert a hex string to binary? I'm worried I might get stuck in ASCII - HEX - BINARY conversions. Alan DeKok-4 wrote: radius.c, rad_chap_encode(). Alan DeKok. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9186780 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP Modification
ChristosH wrote: My problem is where exactly is this password CHAP challege code? I'm sifting through the radius.c file but can't seem to find anything. radius.c, rad_chap_encode(). Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP Modification
I'm trying to edit the way the CHAP module fetches passwords before hasing them due to a limitation in 2 different types of hardware we have. One set of devices takes a HEX password stored on the device, converts it to binary, and then calculates the MD5 CHAP challenge to send to the server. The other set of devices just takes the HEX password and calculates the MD5 as if it were a string. I can distinguish which device is which when I'm adding passwords to my database (by adding a prefix 0x to let me know it's going from HEX - BIN or whatnot) because the password is fixed at 32 characters, but definately not which device is which at run time. I guess what I'm trying to do is find where in the CHAP encoding module is the password attribute accessed/read and then passed (I'm guessing as an arguement) to be hashed. I think I could possibly do my funky math in mind there by checking the length of the password or the first two letters, and then converting to binary as needed or just passing it through. My problem is where exactly is this password CHAP challege code? I'm sifting through the radius.c file but can't seem to find anything. I'm comfortable writing some stuff with C and reading more complex things, so I don't think that will be a barrier. When I change it, will it require me to recompile everything every time I want to check? I'm using Fedora Core 6, Freerad 1.1.4, and MySql 5.0. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9136389 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
