At 11:48 AM 11/13/2001 +0000, you wrote: > >1. A perl routine to convert octal -> hex OR octal -> binary for use in > >md5 for comparing chap-password to digest. > ># Octal to binary >$string =~ s/\\(\d\d\d)/sprintf("%c", oct $1)/ge; > ># Binary to hex >$string =~ s/(.)/sprintf("%02X", ord $1)/ge; > >Mike. >--
Mike, thanks for the info. I tried using these; however, about 50% of the time it seems to not convert the data properly and therefore the $chap-password and $digest do not match even if the password is correct. This would have been my preferred method as then nothing with freeradius would have had to been modified, not even the dictionary files... makes for easy upgrades. =) >What about simply editing the dictionary entries so that they say '>octets' instead of 'string' ? >Alan DeKok. This is great!! I made these changes; however, radius sends it every time with a leading 0x in front of the hex value which breaks md5. A simple chap_password =~ s/^0x//; chap_challenge =~ s/^0x//; clears those and then we proceed to pack the data into binary and md5 is all happy with these values 100% of the time! I appreciate everyone's help on this. Thanks. For the books.. the changes made for this to work are as follows: 1. Modify your dictionary file for attributes CHAP-Password and CHAP-Challenge from 'string' to 'octets' 2. I use the following code to do the md5 digest vs chap-password comparison. working perfect for me. --- begin snippet --- use MD5; if ($ENV{"CHAP_PASSWORD"} && $ENV{"CHAP_CHALLENGE"}) { $chap_password = $ENV{"CHAP_PASSWORD"}; $chap_challenge = $ENV{"CHAP_CHALLENGE"}; $chap_password =~ s/["']//g; # remove "'s, var includes them for some reason $chap_challenge =~ s/["']//g; # remove "'s, var includes them for some reason $chap_password =~ s/^0x//; # remove leading 0x $chap_challenge =~ s/^0x//; # remove leading 0x $chap_password = pack("H*", $chap_password); # convert to binary from hex (required for md5) $chap_challenge = pack("H*", $chap_challenge); # convert to binary from hex (required for md5) $md5 = new MD5; $md5->reset; $md5->add(substr($chap_password,0,1)); $md5->add($userinfo[1]); $md5->add($chap_challenge); $digest = $md5->digest(); if ($digest eq substr($chap_password,1)) { # ALLOW USER } } --- end snippet --- I'm sure my perl code can be cleaned up a little (or a lot), but it's working. =) /me claps. Another round of appluase for the freeradius developers. It is an excellent program. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html