At 11:48 AM 11/13/2001 +0000, you wrote:
> >1. A perl routine to convert octal -> hex OR octal -> binary for use in
> >md5 for comparing chap-password to digest.
>
># Octal to binary
>$string =~ s/\\(\d\d\d)/sprintf("%c", oct $1)/ge;
>
># Binary to hex
>$string =~ s/(.)/sprintf("%02X", ord $1)/ge;
>
>Mike.
>--
Mike, thanks for the info. I tried using these; however, about 50% of the
time it seems to not convert the data properly and therefore the
$chap-password and $digest do not match even if the password is
correct. This would have been my preferred method as then nothing with
freeradius would have had to been modified, not even the dictionary
files... makes for easy upgrades. =)
>What about simply editing the dictionary entries so that they say
'>octets' instead of 'string' ?
>Alan DeKok.
This is great!! I made these changes; however, radius sends it every time
with a leading 0x in front of the hex value which breaks md5. A simple
chap_password =~ s/^0x//;
chap_challenge =~ s/^0x//;
clears those and then we proceed to pack the data into binary and md5 is
all happy with these values 100% of the time!
I appreciate everyone's help on this. Thanks.
For the books.. the changes made for this to work are as follows:
1. Modify your dictionary file for attributes CHAP-Password and
CHAP-Challenge from 'string' to 'octets'
2. I use the following code to do the md5 digest vs chap-password
comparison. working perfect for me.
--- begin snippet ---
use MD5;
if ($ENV{"CHAP_PASSWORD"} && $ENV{"CHAP_CHALLENGE"}) {
$chap_password = $ENV{"CHAP_PASSWORD"};
$chap_challenge = $ENV{"CHAP_CHALLENGE"};
$chap_password =~ s/["']//g; #
remove "'s, var includes them for some reason
$chap_challenge =~ s/["']//g; #
remove "'s, var includes them for some reason
$chap_password =~ s/^0x//; #
remove leading 0x
$chap_challenge =~ s/^0x//; #
remove leading 0x
$chap_password = pack("H*", $chap_password); #
convert to binary from hex (required for md5)
$chap_challenge = pack("H*", $chap_challenge); #
convert to binary from hex (required for md5)
$md5 = new MD5;
$md5->reset;
$md5->add(substr($chap_password,0,1));
$md5->add($userinfo[1]);
$md5->add($chap_challenge);
$digest = $md5->digest();
if ($digest eq substr($chap_password,1)) {
# ALLOW USER
}
}
--- end snippet ---
I'm sure my perl code can be cleaned up a little (or a lot), but it's
working. =) /me claps. Another round of appluase for the freeradius
developers. It is an excellent program.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
