# # PRE: update if # update { reply:Filter-Id := 'filter' control: !* ANY request:Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt } # # Unencoded Cleartext-Password in password with header # update { control:Password-With-Header := "%{request:User-Password}" } pap.authorize pap.authenticate { reject = 1 } if (reject) { update reply { Filter-Id += 'fail 0' } } update { control: !* ANY } # # Base64 encoded Cleartext-Password in password with header # update { Tmp-String-1 := "{clear}%{User-Password}" } update { control:Password-With-Header := "%{base64:&request:Tmp-String-1}" } pap.authorize pap.authenticate { reject = 1 } if (reject) { update reply { Filter-Id += 'fail 0' } } update { control: !* ANY } # # Hex encoded SSHA password # update { control:Password-With-Header += "{ssha}%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" } pap.authorize pap.authenticate { reject = 1 } if (reject) { update reply { Filter-Id += 'fail 1' } } update { control: !* ANY } # # Base64 encoded SSHA password # update { control:Tmp-String-1 := "%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" } # To Binary update { control:Tmp-Octets-0 := "0x%{control:Tmp-String-1}" } # To Base64 update { control:Tmp-String-1 := "%{base64:&control:Tmp-Octets-0}" } update { control:Password-With-Header += "{ssha}%{control:Tmp-String-1}" } pap.authorize pap.authenticate { reject = 1 } if (reject) { update reply { Filter-Id += 'fail 2' } } update { control: !* ANY } # # Base64 of Base64 encoded SSHA password # update { control:Tmp-String-1 := "%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" } # To Binary update { control:Tmp-Octets-0 := "0x%{control:Tmp-String-1}" } # To Base64 update { control:Tmp-String-1 := "{ssha}%{base64:&control:Tmp-Octets-0}" } update { control:Password-With-Header += "%{base64:&control:Tmp-String-1}" } pap.authorize pap.authenticate { reject = 1 } if (reject) { update reply { Filter-Id += 'fail 3' } } update { control: !* ANY } update control { Auth-Type := Accept }