From 836a184609185d9d3e3c63e91dc3a370caaead3e Mon Sep 17 00:00:00 2001
From: Robert Anderson <randerson@lbsd.net>
Date: Tue, 10 Mar 2009 11:19:55 +0000
Subject: [PATCH] Compare with User-Password

---
 .../modules/authentication/mod_auth_pap.pm    | 29 ++++++++++++-------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/smradius/modules/authentication/mod_auth_pap.pm b/smradius/modules/authentication/mod_auth_pap.pm
index 1419f969..b64835b4 100644
--- a/smradius/modules/authentication/mod_auth_pap.pm
+++ b/smradius/modules/authentication/mod_auth_pap.pm
@@ -26,10 +26,9 @@ use warnings;
 
 # Modules we need
 use smradius::constants;
+use smradius::logging;
 use Digest::MD5;
 
-use Data::Dumper; 
-
 
 
 # Exporter stuff
@@ -82,22 +81,32 @@ sub authenticate
 	# Check if this is PAP authentication
 	return MOD_RES_SKIP if (!defined($encPassword));
 
-	print(STDERR "RECEIVED\n");
-	print(STDERR "User-Pass: len = ".length($encPassword).", hex = ".unpack("H*",$encPassword)."\n");
-	print(STDERR "\n\n");
+#	print(STDERR "RECEIVED\n");
+#	print(STDERR "User-Pass: len = ".length($encPassword).", hex = ".unpack("H*",$encPassword)."\n");
+#	print(STDERR "\n\n");
 
+	# FIXME - test is the radius secret, must pull it from the configuration attributes??
 	my $clearPassword = $packet->password("test","User-Password");
 
-	print(STDERR "CALC\n");
-	print(STDERR "Result   : len = ".length($clearPassword).", hex = ".unpack("H*",$clearPassword).", password = $clearPassword\n");
+#	print(STDERR "CALC\n");
+#	print(STDERR "Result   : len = ".length($clearPassword).", hex = ".unpack("H*",$clearPassword).", password = $clearPassword\n");
 
 
 	# Compare passwords
-	if ($user->{'ClearPassword'} eq $clearPassword) {
-		return MOD_RES_ACK;
+	if (defined($user->{'Attributes'}->{'User-Password'})) {
+		# Operator: ==
+		if (defined($user->{'Attributes'}->{'User-Password'}->{'=='})) {
+			# Compare
+			if ($user->{'Attributes'}->{'User-Password'}->{'=='}->{'Value'} eq $clearPassword) {
+				return MOD_RES_ACK;
+			} 
+		} else {
+			$server->log(LOG_NOTICE,"[MOD_AUTH_PAP] No valid operators for attribute 'User-Password', supported operators are: ==");
+		}
+	} else {
+		$server->log(LOG_NOTICE,"[MOD_AUTH_PAP] No 'User-Password' attribute, cannot authenticate");
 	}
 
-
 	return MOD_RES_NACK;
 }
 
-- 
GitLab