Help on Getting Cleartext-Password attribute in my module

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

Help on Getting Cleartext-Password attribute in my module

shivaprasad2452
Hi All,

In my module I want to restrict  only  Cleartext-Password passwords, and
need  reject(ignore) the other type of passwords request like mds sha and
all.

I am able to get only User-Password attribute not  Cleartext-Password

in mod_authorize I am checking for the vp->da->attr type
I even try to extract cleartext_passord from request packet  if not i check
in request_config  like below

    pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD,
0, TAG_ANY);

    password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD,
0, TAG_ANY);

But both the way I not  able to get Cleartext-Password

I verified sending  the  request in rad-client

radtest bob hello localhost 0 testing123
Sent Access-Request Id 95 from 0.0.0.0:33290 to 127.0.0.1:1812 length 73
    User-Name = "bob"
    User-Password = "hello"
    NAS-IP-Address = *
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "hello"

but in my module only      User-Password = "hello" is coming

  User-Name = "bob"
  User-Password = "hello"
 NAS-IP-Address = 10.196.49.149
  NAS-Port = 0
 Message-Authenticator = 0x3ada3e00aafb8861cae40493d3d35421

I am not getting where the  Cleartext-Password password geting terminated
or do I need to add any config to update the User-Password to
Cleartext-Password?.

Regards,
Shivaprasad
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Help on Getting Cleartext-Password attribute in my module

Suman Dash
The module is working as it meant to be. Cleartext-password is being shown
in your radtest.

You need to show your module logs.


On Wed 30 Jan, 2019, 9:14 PM shivu prasad, <[hidden email]>
wrote:

> Hi All,
>
> In my module I want to restrict  only  Cleartext-Password passwords, and
> need  reject(ignore) the other type of passwords request like mds sha and
> all.
>
> I am able to get only User-Password attribute not  Cleartext-Password
>
> in mod_authorize I am checking for the vp->da->attr type
> I even try to extract cleartext_passord from request packet  if not i check
> in request_config  like below
>
>     pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD,
> 0, TAG_ANY);
>
>     password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD,
> 0, TAG_ANY);
>
> But both the way I not  able to get Cleartext-Password
>
> I verified sending  the  request in rad-client
>
> radtest bob hello localhost 0 testing123
> Sent Access-Request Id 95 from 0.0.0.0:33290 to 127.0.0.1:1812 length 73
>     User-Name = "bob"
>     User-Password = "hello"
>     NAS-IP-Address = *
>     NAS-Port = 0
>     Message-Authenticator = 0x00
>     Cleartext-Password = "hello"
>
> but in my module only      User-Password = "hello" is coming
>
>   User-Name = "bob"
>   User-Password = "hello"
>  NAS-IP-Address = 10.196.49.149
>   NAS-Port = 0
>  Message-Authenticator = 0x3ada3e00aafb8861cae40493d3d35421
>
> I am not getting where the  Cleartext-Password password geting terminated
> or do I need to add any config to update the User-Password to
> Cleartext-Password?.
>
> Regards,
> Shivaprasad
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Help on Getting Cleartext-Password attribute in my module

Alan DeKok-2
In reply to this post by shivaprasad2452
On Jan 30, 2019, at 10:44 AM, shivu prasad <[hidden email]> wrote:
>
> In my module I want to restrict  only  Cleartext-Password passwords, and
> need  reject(ignore) the other type of passwords request like mds sha and
> all.

  OK... you can do that via "unlang", too.

> I am able to get only User-Password attribute not  Cleartext-Password

  If the Cleartext-Password exists, you can get it in the module.  The other modules do it, so it's absolutely possible.

> in mod_authorize I am checking for the vp->da->attr type
> I even try to extract cleartext_passord from request packet  if not i check
> in request_config  like below
>
>    pass = fr_pair_find_by_num(request->packet->vps, PW_CLEARTEXT_PASSWORD,
> 0, TAG_ANY);
>
>    password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD,
> 0, TAG_ANY);
>
> But both the way I not  able to get Cleartext-Password

  Did it get added by *another* module?  The server doesn't magically invent that attribute.  It gets the attribute from a database.

> I verified sending  the  request in rad-client

  Hmm... trying to debug the server, and looking at the client logs. That's not useful.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html