When CHAP-Password, copy Request Authenticator to CHAP-Challenge.

author: Linus Nordberg <linus@nordberg.se> 2015-01-16 12:23:37 +0100
committer: Linus Nordberg <linus@nordberg.se> 2015-01-16 12:27:30 +0100
commit: b000888b17865b0cb4f430bdeda73b30e054632d (patch)
tree: 8f486e7113acf5a20b80442959075d0cb821cc3a /radsecproxy.c
parent: 29bc92ec52febd23774deb5f731625f1e18e10ef (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index b5061e0..8319c6e 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1530,6 +1530,28 @@ int radsrv(struct request *rq) {
 	goto exit;
     }
 
+    /* If there is a CHAP-Password attribute but no CHAP-Challenge
+     * one, create a CHAP-Challenge containing the Request
+     * Authenticator because that's what the CHAP-Password is based
+     * on. */
+    attr = radmsg_gettype(msg, RAD_Attr_CHAP_Password);
+    if (attr) {
+	debug(DBG_DBG, "%s: found CHAP-Password with value length %d", __func__,
+              attr->l);
+        attr = radmsg_gettype(msg, RAD_Attr_CHAP_Challenge);
+        if (attr == NULL) {
+            debug(DBG_DBG, "%s: no CHAP-Challenge found, creating one", __func__);
+            attr = maketlv(RAD_Attr_CHAP_Challenge, 16, msg->auth);
+            if (attr == NULL || radmsg_add(msg, attr) != 1) {
+                debug(DBG_ERR, "%s: adding CHAP-Challenge failed, "
+                      "CHAP-Password request dropped", __func__);
+                freetlv(attr);
+                goto rmclrqexit;
+            }
+        }
+    }
+
+    /* Create new Request Authenticator. */
     if (msg->code == RAD_Accounting_Request)
 	memset(msg->auth, 0, 16);
     else if (!RAND_bytes(msg->auth, 16)) {
author	Linus Nordberg <linus@nordberg.se>	2015-01-16 12:23:37 +0100
committer	Linus Nordberg <linus@nordberg.se>	2015-01-16 12:27:30 +0100
commit	b000888b17865b0cb4f430bdeda73b30e054632d (patch)
tree	8f486e7113acf5a20b80442959075d0cb821cc3a /radsecproxy.c
parent	29bc92ec52febd23774deb5f731625f1e18e10ef (diff)