/CHANGELOG |
---|
6,6 → 6,7 |
NEWS |
- Mageia 8 |
CHANGES |
- Add SHA256 in PAP protocol (coovachilli). Thanks to Paul BAESKENS (aka StaringCat) |
ACC |
BUGS |
- Replace deprecated php functions (php7 --> php8) |
/rpms/coova-chilli-1.6.spec |
---|
File deleted |
/rpms/CoovaChilli/CoovaChilliLib.py.patch |
---|
0,0 → 1,92 |
--- conf/CoovaChilliLib.py.in 2022-10-07 09:40:14.000000000 +0200 |
+++ conf/CoovaChilliLib.py.in 2022-11-02 10:35:29.022431562 +0100 |
@@ -1,4 +1,4 @@ |
-#!/usr/bin/python |
+#!/usr/bin/python3 |
""" |
CoovaChilli Python Library |
Copyright (C) 2009 David Bird <david@coova.com> |
@@ -148,7 +148,7 @@ |
return |
def saveConfig( self, data=None ): |
- print "Storing configuration changes" |
+ print ("Storing configuration changes") |
for setting in self.Settings: |
if self.Entries.get(setting): |
@@ -181,7 +181,7 @@ |
selectPath = -1 |
for line in p.stdout.readlines(): |
- print line |
+ print (line) |
s = line.split() |
self.sessionsStore.append([ s[0], s[1] ]) |
if self.selectedMac == s[0]: |
@@ -222,20 +222,20 @@ |
return True |
def sessionRelease( self, widget ): |
- print 'Releasing '+self.selectedMac |
+ print ('Releasing '+self.selectedMac) |
p = subprocess.Popen([self.Query, self.Socket, "dhcp-release", self.selectedMac]).communicate() |
self.chilliQuery() |
return |
def sessionBlock( self, widget ): |
- print 'Blocking access from '+self.selectedMac |
+ print ('Blocking access from '+self.selectedMac) |
p = subprocess.Popen([self.Query, self.Socket, "block", self.selectedMac]).communicate() |
self.chilliQuery() |
return |
def sessionAuthorize( self, widget ): |
if self.selectedSessionId: |
- print 'Authorizing '+self.selectedSessionId |
+ print ('Authorizing '+self.selectedSessionId) |
p = subprocess.Popen([self.Query, self.Socket, "authorize", "sessionid", self.selectedSessionId]).communicate() |
self.chilliQuery() |
return |
@@ -305,7 +305,7 @@ |
return |
def _changeSection(self, section): |
- print 'change to '+section |
+ print ('change to '+section) |
self.section = section |
for setting in self.Settings: |
@@ -329,7 +329,7 @@ |
return |
def row3(self, treeview, iter, path, action): |
- print action |
+ print (action) |
def row1(self, treeview, action): |
if action == 'cursor-changed': |
@@ -337,12 +337,12 @@ |
model, iter = selection.get_selected() |
if iter: |
mac = self.sessionsStore.get_value(iter, 0) |
- print 'Selected: '+mac |
+ print ('Selected: '+mac) |
self.sesAuth.set_sensitive( True ) |
self.sesRelease.set_sensitive( True ) |
self.sesBlock.set_sensitive( True ) |
self._chilliQuery( mac ) |
- print action |
+ print (action) |
def formatOctets(self, o): |
return o |
@@ -499,7 +499,7 @@ |
self.btnStop.connect( "clicked", self.stopCoovaChilli ) |
def main( self ): |
- print 'hello' |
+ print ('hello') |
/rpms/CoovaChilli/Makefile.am.patch |
---|
0,0 → 1,22 |
--- src/Makefile.am 2022-11-02 11:31:50.537726993 +0100 |
+++ src/Makefile.am 2022-11-02 11:32:30.857524726 +0100 |
@@ -12,7 +12,8 @@ |
tun.h ippool.h md5.h redir.h dhcp.h iphash.h \ |
radius_wispr.h radius_coovachilli.h ssl.h dns.h net.h \ |
pkt.h conn.h lookup.h chilli_limits.h cmdline.h debug.h \ |
-radius_pkt.h ../bstring/bstrlib.h ../config.h system.h |
+radius_pkt.h ../bstring/bstrlib.h ../config.h system.h \ |
+SHA256.h |
lib_LTLIBRARIES = libchilli.la |
sbin_PROGRAMS = \ |
@@ -23,7 +24,8 @@ |
libchilli_la_SOURCES = \ |
chilli.c tun.c ippool.c radius.c md5.c redir.c dhcp.c \ |
iphash.c lookup.c system.h util.c options.c statusfile.c conn.c sig.c \ |
-garden.c dns.c session.c pkt.c chksum.c net.c safe.c |
+garden.c dns.c session.c pkt.c chksum.c net.c safe.c \ |
+SHA256.c |
AM_CFLAGS = -D_GNU_SOURCE -Wall -fno-builtin -fno-strict-aliasing \ |
-fomit-frame-pointer -funroll-loops -pipe -I$(top_builddir)/bstring \ |
/rpms/CoovaChilli/SHA256.c |
---|
0,0 → 1,158 |
/********************************************************************* |
* Filename: sha256.c |
* Author: Brad Conte (brad AT bradconte.com) |
* Copyright: |
* Disclaimer: This code is presented "as is" without any guarantees. |
* Details: Implementation of the SHA-256 hashing algorithm. |
SHA-256 is one of the three algorithms in the SHA2 |
specification. The others, SHA-384 and SHA-512, are not |
offered in this implementation. |
Algorithm specification can be found here: |
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf |
This implementation uses little endian byte order. |
*********************************************************************/ |
/*************************** HEADER FILES ***************************/ |
#include <stdlib.h> |
#include <memory.h> |
#include "SHA256.h" |
/****************************** MACROS ******************************/ |
#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b)))) |
#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b)))) |
#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z))) |
#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22)) |
#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25)) |
#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3)) |
#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10)) |
/**************************** VARIABLES *****************************/ |
static const uint32_t k[64] = { |
0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, |
0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, |
0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, |
0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, |
0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, |
0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070, |
0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, |
0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 |
}; |
/*********************** FUNCTION DEFINITIONS ***********************/ |
void sha256_transform(SHA256_CONTEXT* ctx, const uint8_t data[]) |
{ |
uint32_t a, b, c, d, e, f, g, h, i, j, t1, t2, m[64]; |
for (i = 0, j = 0; i < 16; ++i, j += 4) |
m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]); |
for (; i < 64; ++i) |
m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16]; |
a = ctx->state[0]; |
b = ctx->state[1]; |
c = ctx->state[2]; |
d = ctx->state[3]; |
e = ctx->state[4]; |
f = ctx->state[5]; |
g = ctx->state[6]; |
h = ctx->state[7]; |
for (i = 0; i < 64; ++i) { |
t1 = h + EP1(e) + CH(e, f, g) + k[i] + m[i]; |
t2 = EP0(a) + MAJ(a, b, c); |
h = g; |
g = f; |
f = e; |
e = d + t1; |
d = c; |
c = b; |
b = a; |
a = t1 + t2; |
} |
ctx->state[0] += a; |
ctx->state[1] += b; |
ctx->state[2] += c; |
ctx->state[3] += d; |
ctx->state[4] += e; |
ctx->state[5] += f; |
ctx->state[6] += g; |
ctx->state[7] += h; |
} |
void SHA256Init(SHA256_CONTEXT* ctx) |
{ |
ctx->datalen = 0; |
ctx->bitlen = 0; |
ctx->state[0] = 0x6a09e667; |
ctx->state[1] = 0xbb67ae85; |
ctx->state[2] = 0x3c6ef372; |
ctx->state[3] = 0xa54ff53a; |
ctx->state[4] = 0x510e527f; |
ctx->state[5] = 0x9b05688c; |
ctx->state[6] = 0x1f83d9ab; |
ctx->state[7] = 0x5be0cd19; |
} |
void SHA256Update(SHA256_CONTEXT* ctx, const uint8_t data[], size_t len) |
{ |
uint32_t i; |
for (i = 0; i < len; ++i) { |
ctx->data[ctx->datalen] = data[i]; |
ctx->datalen++; |
if (ctx->datalen == 64) { |
sha256_transform(ctx, ctx->data); |
ctx->bitlen += 512; |
ctx->datalen = 0; |
} |
} |
} |
void SHA256Final(SHA256_CONTEXT* ctx, uint8_t hash[]) |
{ |
uint32_t i; |
i = ctx->datalen; |
// Pad whatever data is left in the buffer. |
if (ctx->datalen < 56) { |
ctx->data[i++] = 0x80; |
while (i < 56) |
ctx->data[i++] = 0x00; |
} |
else { |
ctx->data[i++] = 0x80; |
while (i < 64) |
ctx->data[i++] = 0x00; |
sha256_transform(ctx, ctx->data); |
memset(ctx->data, 0, 56); |
} |
// Append to the padding the total message's length in bits and transform. |
ctx->bitlen += ctx->datalen * 8; |
ctx->data[63] = ctx->bitlen; |
ctx->data[62] = ctx->bitlen >> 8; |
ctx->data[61] = ctx->bitlen >> 16; |
ctx->data[60] = ctx->bitlen >> 24; |
ctx->data[59] = ctx->bitlen >> 32; |
ctx->data[58] = ctx->bitlen >> 40; |
ctx->data[57] = ctx->bitlen >> 48; |
ctx->data[56] = ctx->bitlen >> 56; |
sha256_transform(ctx, ctx->data); |
// Since this implementation uses little endian byte ordering and SHA uses big endian, |
// reverse all the bytes when copying the final state to the output hash. |
for (i = 0; i < 4; ++i) { |
hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff; |
hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff; |
} |
} |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
/rpms/CoovaChilli/SHA256.h |
---|
0,0 → 1,35 |
#pragma once |
/********************************************************************* |
* Filename: sha256.h |
* Author: Brad Conte (brad AT bradconte.com) |
* Copyright: |
* Disclaimer: This code is presented "as is" without any guarantees. |
* Details: Defines the API for the corresponding SHA1 implementation. |
*********************************************************************/ |
#ifndef SHA256_H |
#define SHA256_H |
#include "stdint.h" |
/*************************** HEADER FILES ***************************/ |
#include <stddef.h> |
/****************************** MACROS ******************************/ |
#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest |
typedef struct { |
uint8_t data[64]; |
uint32_t datalen; |
unsigned long long bitlen; |
uint32_t state[8]; |
} SHA256_CONTEXT; |
/*********************** FUNCTION DECLARATIONS **********************/ |
void SHA256Init(SHA256_CONTEXT* ctx); |
void SHA256Update(SHA256_CONTEXT* ctx, const uint8_t data[], size_t len); |
void SHA256Final(SHA256_CONTEXT* ctx, uint8_t hash[]); |
#endif // SHA256_H |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
/rpms/CoovaChilli/chilli.h.patch |
---|
0,0 → 1,10 |
--- /BUILD/coova-chilli-master/src/chilli.h 2022-10-12 15:37:13.041870873 +0200 |
+++ /BUILD/coova-chilli-master/src/chilli.h 2022-10-11 14:01:04.000000000 +0200 |
@@ -35,6 +35,7 @@ |
#include "net.h" |
#include "md5.h" |
#include "dns.h" |
+#include "SHA256.h" |
#ifndef HAVE_STRLCPY |
extern size_t strlcpy(char *dst, const char *src, size_t dsize); |
/rpms/CoovaChilli/chilli_limits.h.patch |
---|
0,0 → 1,10 |
--- src/chilli_limits.h 2022-10-12 15:36:42.152019418 +0200 |
+++ src/chilli_limits.h 2022-10-07 09:48:22.000000000 +0200 |
@@ -53,6 +53,7 @@ |
#define REDIR_RADIUS_SELECT_TIME 500000 /* microseconds = 0.5 seconds */ |
#define REDIR_CHALLEN 16 |
#define REDIR_MD5LEN 16 |
+#define REDIR_SHA256LEN 32 |
#define REDIR_MACSTRLEN 17 |
#define REDIR_MAXBUFFER 65535 |
/rpms/CoovaChilli/coova-chilli-1.6.spec |
---|
0,0 → 1,148 |
%define _disable_ld_no_undefined 1 |
%define _unpackaged_files_terminate_build 0 |
Summary: CoovaChilli is an open-source software access controller for captive portal hotspots |
Name: coova-chilli |
Version: 1.6 |
Release: 2%{?dist} |
License: GPLv3 |
Packager: Richard REY (Rexy) |
Group: System/Servers |
URL: https://coova.github.io/CoovaChilli |
Source: %{name}-master.tar.gz |
Patch0: chilli.h.patch |
Patch1: chilli_limits.h.patch |
Patch2: redir.c.patch |
Patch3: Makefile.am.patch |
Patch4: CoovaChilliLib.py.patch |
BuildRequires: gengetopt |
BuildRequires: libtool |
BuildRequires: openssl-devel |
Provides: coova-chilli = %{version}-%{release} |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot |
%description |
Coova-Chilli is a fork of the ChilliSpot project - an open source captive |
portal or wireless LAN access point controller. It supports web based login |
(Universal Access Method, or UAM), standard for public HotSpots, and it |
supports Wireless Protected Access (WPA), the standard for secure roamable |
networks. Authentication, Authorization and Accounting (AAA) is handled by |
your favorite radius server. Read more at http://coova.github.io/. |
%prep |
%setup -q -n %{name}-master |
%patch0 -p3 |
%patch1 -p0 |
%patch2 -p0 |
%patch3 -p0 |
%patch4 -p0 |
cp ../../SOURCES/SHA256.c ./src/SHA256.c |
cp ../../SOURCES/SHA256.h ./src/SHA256.h |
%build |
sh bootstrap |
%configure \ |
--disable-static \ |
--enable-shared \ |
--enable-largelimits \ |
--enable-chilliredir \ |
--enable-chilliscript \ |
--with-poll \ |
--enable-dhcpopt \ |
--enable-json \ |
--enable-mdns \ |
--with-openssl |
automake --add-missing |
%make_build |
%post |
%_post_service chilli |
%preun |
%_preun_service chilli |
%install |
%make_install |
%clean |
rm -rf %{buildroot} |
%files |
%defattr(-,root,root) |
%{_sbindir}/* |
%{_libdir}/*.so* |
%doc AUTHORS COPYING ChangeLog INSTALL README doc/dictionary.coovachilli doc/attributes |
%config %{_sysconfdir}/chilli.conf |
%config %{_sysconfdir}/chilli/gui-config-default.ini |
%config(noreplace) %{_sysconfdir}/chilli/defaults |
%dir %{_sysconfdir}/chilli |
%{_sysconfdir}/init.d/chilli |
%{_sysconfdir}/chilli/wwwsh |
%{_sysconfdir}/chilli/functions |
%{_sysconfdir}/chilli/*.sh |
%{_mandir}/man1/*.1* |
%{_mandir}/man5/*.5* |
%{_mandir}/man8/*.8* |
%exclude %{_sysconfdir}/chilli/www/* |
%exclude %{_sysconfdir}/chilli/wpad.dat |
%exclude %{_includedir}/chilli* |
%exclude %{_libdir}/*.la* |
%exclude %{_libdir}/python/CoovaChilliLib.py* |
%changelog |
* Fri Oct 14 2022 Paul BAESKENS (aka StaringCat) - 1.6-1.mga8 |
- Add SHA256 in PAP protocol |
* Sat Jul 23 2022 Richard REY (aka Rexy) - 1.6-1.mga8 |
- 1.6 release |
* Wed Feb 24 2021 Richard REY (aka Rexy) - 1.6-1.mga7 |
- 1.6 release |
* Fri May 22 2020 Richard REY (aka Rexy) - 1.5-1.mga7 |
- 1.5 release |
* Mon May 22 2017 Tom Houdayer - 1.4-3.mga5 |
- Add mDNS support |
* Sat May 06 2017 Tom Houdayer - 1.4-2.mga5 |
- Add OpenSSL support |
* Mon Dec 19 2016 Rexy for ALCASAR project |
- 1.4-1 release |
* Sun Nov 13 2016 Rexy for ALCASAR project |
- 1.3.2-2 release (including the code resolving IPSEC bug #255 & #301) |
* Tue Oct 25 2016 Rexy for ALCASAR project |
- 1.3.2-1 release |
* Thu Jun 2 2016 Rexy for ALCASAR project |
- 1.3.1.4 release |
* Sun Apr 3 2016 Rexy for ALCASAR project |
- 1.3.1.3 release |
* Tue May 14 2013 Crox for ALCASAR project |
- 1.3.0 release |
* Mon Jun 18 2012 Rexy for ALCASAR project |
- 1.2.9-1 release |
* Wed Jan 18 2012 Rexy for ALCASAR project |
- 1.2.9 release |
* Sun Jul 11 2011 Rexy for ALCASAR project |
- 1.2.8 release |
* Sat Feb 12 2011 Rexy for Alcasar project |
+ revision: 433 |
+ add _disable_ld_no_undefined 1 |
- 1.2.6 release |
* Sat Nov 20 2010 Rexy for Alcasar project |
+ revision: 394 |
- 1.2.5 release |
* Sat Jan 2 2010 <david@coova.com> |
- 1.2.0 release |
* Thu Sep 30 2007 <david@coova.com> |
- 1.0.8 release |
* Thu Aug 20 2007 <david@coova.com> |
- 1.0-coova.7 release |
* Thu Jun 7 2007 <david@coova.com> |
- 1.0-coova.6 release |
* Wed May 16 2007 <david@coova.com> |
- 1.0-coova.5 release |
* Wed Feb 07 2007 <david@coova.com> |
- 1.0-coova.4 release |
* Wed Nov 15 2006 <david@coova.com> |
- 1.0-coova.3 release |
* Thu Mar 25 2004 <support@chillispot.org> |
- Initial release. |
/rpms/CoovaChilli/redir.c.patch |
---|
0,0 → 1,98 |
--- src/redir.c 2022-10-12 15:35:35.352336574 +0200 |
+++ src/redir.c 2022-10-11 14:01:22.000000000 +0200 |
@@ -28,6 +28,8 @@ |
#endif |
#include "json/json.h" |
+ |
+ |
static int optionsdebug = 0; /* TODO: Should be changed to instance */ |
static int termstate = REDIR_TERM_INIT; /* When we were terminated */ |
@@ -2709,6 +2711,7 @@ |
struct redir_conn_t *conn, char reauth) { |
uint8_t user_password[RADIUS_PWSIZE + 1]; |
uint8_t chap_password[REDIR_MD5LEN + 2]; |
+ uint8_t pap_challenge[REDIR_SHA256LEN]; |
uint8_t chap_challenge[REDIR_MD5LEN]; |
struct radius_packet_t radius_pack; |
struct radius_t *radius; /* Radius client instance */ |
@@ -2718,7 +2721,7 @@ |
fd_set fds; /* For select() */ |
int status; |
- MD5_CTX context; |
+ SHA256_CONTEXT context; |
char url[REDIR_URL_LEN]; |
int n, m; |
@@ -2761,10 +2764,10 @@ |
if (redir->secret && *redir->secret) { |
//syslog(LOG_DEBUG, "SECRET: [%s]",redir->secret); |
/* Get MD5 hash on challenge and uamsecret */ |
- MD5Init(&context); |
- MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
- MD5Update(&context, (uint8_t *) redir->secret, strlen(redir->secret)); |
- MD5Final(chap_challenge, &context); |
+ SHA256Init(&context); |
+ SHA256Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
+ SHA256Update(&context, (uint8_t *) redir->secret, strlen(redir->secret)); |
+ SHA256Final(&context, pap_challenge); |
} |
else { |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
@@ -2780,9 +2783,9 @@ |
sizeof(user_password)); |
} else { |
for (m=0; m < RADIUS_PWSIZE;) { |
- for (n=0; n < REDIR_MD5LEN; m++, n++) { |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) { |
user_password[m] = |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n]; |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n]; |
} |
} |
} |
@@ -2963,6 +2966,7 @@ |
int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) { |
uint8_t user_password[RADIUS_PWSIZE+1]; |
+ uint8_t pap_challenge[REDIR_SHA256LEN]; |
uint8_t chap_challenge[REDIR_MD5LEN]; |
char u[256]; char p[256]; |
size_t usernamelen, sz=1024; |
@@ -2970,6 +2974,7 @@ |
int match=0; |
char *line=0; |
MD5_CTX context; |
+ SHA256_CONTEXT SHA256context; |
FILE *f; |
if (!_options.localusers) return 0; |
@@ -2990,10 +2995,10 @@ |
}/**/ |
if (redir->secret && *redir->secret) { |
- MD5Init(&context); |
- MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN); |
- MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret)); |
- MD5Final(chap_challenge, &context); |
+ SHA256Init(&SHA256context); |
+ SHA256Update(&SHA256context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN); |
+ SHA256Update(&SHA256context, (uint8_t*)redir->secret, strlen(redir->secret)); |
+ SHA256Final(&SHA256context, pap_challenge); |
} |
else { |
memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN); |
@@ -3015,9 +3020,9 @@ |
} else { |
int n, m; |
for (m=0; m < RADIUS_PWSIZE;) |
- for (n=0; n < REDIR_MD5LEN; m++, n++) |
+ for (n=0; n < REDIR_SHA256LEN; m++, n++) |
user_password[m] = |
- conn->authdata.v.papmsg.password[m] ^ chap_challenge[n]; |
+ conn->authdata.v.papmsg.password[m] ^ pap_challenge[n]; |
} |
break; |
case REDIR_AUTH_CHAP: |
/web/intercept.php |
---|
443,7 → 443,7 |
//correction password length in coova-chilli |
//thanks to http://www.stochasticgeometry.ie/2009/09/09/maximum-password-length-in-coova-chilli/ |
$hexchal = pack('H*', $challenge); |
$newchal = pack('H*', md5($hexchal . $uamsecret)); |
$newchal = pack('H*', hash('sha256',$hexchal . $uamsecret)); |
// If challenge isn't long enough, repeat it until it is |
while (strlen($newchal) < strlen($password)) { |