Re: [SOLVED] CHAP Modification
Thanks, problem resovled. Alan DeKok-4 wrote: ChristosH wrote: Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? No, but the top-level Make.inc contains the list of modules to build. Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. Yes. See the code in rlm_chap: it sets Auth-Type = CHAP for CHAP requests. You can do the same thing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9360755 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? No, but the top-level Make.inc contains the list of modules to build. Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. Yes. See the code in rlm_chap: it sets Auth-Type = CHAP for CHAP requests. You can do the same thing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Um... rlm_example? Or the files in doc/? It's not like the module system is that complicated. A C file, a tiny Makefile, and you're pretty much done. Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? You can do that if you want. But rlm_chap may change, and your patch may not work any more. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: Um... rlm_example? Or the files in doc/? It's not like the module system is that complicated. A C file, a tiny Makefile, and you're pretty much done. Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? You can do that if you want. But rlm_chap may change, and your patch may not work any more. Alan DeKok. I can't seem to find where in rlm_example it tells me how to create all the stuff to integrate my own module. I get that I'm going to have to create a slightly modified 'clone' of rlm_chap, and it's going to have to have it's own header file and makefile (for right now I'll refer to my module as rlm_altchap). The makefile looks relatively easy to do, the header looks simple enough also (just has to list functions contained in my module). Now, how do I make sure that my new module is included? Is everything in the modules folder complied in with FreeRadius every time you make it? Finally, how would I also set the module to intercept any CHAP requests? I was thinking to set the Auth-Type := altCHAP. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9273523 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: I don't see anything usefull in rlm_pap that could help me because it's CHAP authentication I'm working on. Yes, I know. I knew that when I pointed to rlm_pap. My point was that it may be possible in rlm_pap to normalize the password... just like it does for other types of passwords. If rlm_pap won't help, then I *strongly* suggest you write your own module. It's easier to integrate a module into a new release of FreeRADIUS than it is to apply a patch to the server core. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: My point was that it may be possible in rlm_pap to normalize the password... just like it does for other types of passwords. If rlm_pap won't help, then I *strongly* suggest you write your own module. It's easier to integrate a module into a new release of FreeRADIUS than it is to apply a patch to the server core. Alan DeKok. Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9253679 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: Okay, in the radius.c file they call a function rad_chap_encode() that uses the password attribute. Is that what I'm looking for? Yes. It's a VALUE_PAIR type, so could I check and modify the password-length and password-strvalue in that function? Huh? Why? Do it elsewhere. Or should I back out and modify it in the auth.c rad_check_password () where it's called? I won't run into any issues if I modify the VALUE_PAIR values, will I? No. I would suggest patching the server as little as possible. Also, is there a C function included in the libraries that will allow me to convert a hex string to binary? I'm worried I might get stuck in ASCII - HEX - BINARY conversions. Yes. see bin2hex and hex2bin. See also rlm_pap in 1.1.4, which does a lot of this kind of normalization already. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Okay, in the radius.c file they call a function rad_chap_encode() that uses the password attribute. Is that what I'm looking for? It's a VALUE_PAIR type, so could I check and modify the password-length and password-strvalue in that function? Or should I back out and modify it in the auth.c rad_check_password () where it's called? I won't run into any issues if I modify the VALUE_PAIR values, will I? Also, is there a C function included in the libraries that will allow me to convert a hex string to binary? I'm worried I might get stuck in ASCII - HEX - BINARY conversions. Alan DeKok-4 wrote: radius.c, rad_chap_encode(). Alan DeKok. -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9186780 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html