I'm attempting to authenticate a user who is trying to connect to pptp via an external means. They would sign up on the site and have the username and password stored in a database(I do not want direct database access). The password would be encrypted(MD5). On 3/10/2014 9:01 AM, James Carlson wrote: > On 03/10/14 08:31, Greg wrote: >> as stated before, I'm trying to write a plugin to authenticate against >> an external script. So far, I've only managed to get it to write a bit >> information to a log file on the server. > It would help if you could provide details -- the code you're using, the > debug log messages, the configuration options in use, and any other > information related to your system. > > At this point, I'm not even really sure whether you're attempting to > write authenticator or authenticatee code. The two are different. > Details on the problem to be solved would help -- "authenticate against > an external script" is a chosen solution to some issue, not a problem > statement. I'm attempting to write an authenticator on the server itself. As for the debugging, how can I provide that for you? The code is attached. >> I'm trying to use the digest->code to determine the type of digest used. >> I figured that if I can find out which type it's using then I could then >> move forward with converting it or determining how to store the >> encrypted password to do a comparison. > digest->code will have the PPP code number for the digest type, which > will be CHAP_MD5 (0x05), CHAP_MICROSOFT (0x80), or CHAP_MICROSOFT_V2 (0x81). > > You can see all of the registered chap_digest_type objects by grepping > the code for chap_register_digest. > > I don't believe it can end up being anything else, given the current design. It's empty. >> I've also made it return 1 so that no matter what I enter, it should >> show authenticated. >> >> digest->code writes as blank. > "writes"? I'm writing the output of the variables to a file. I've tried writing the value of digest->code to a file. it's empty or being interpreted in such a way that it's not writing anything to the file. > >> When using it as a switch->case scenario, it goes to default: >> switch (digest->code) { >> case CHAP_MICROSOFT: >> { >> codemess = "MIC"; >> } >> case CHAP_MICROSOFT_V2: >> { >> codemess = "MV2"; >> } >> default: >> codemess = "Default"; >> } > At a guess, that should mean that digest->code is CHAP_MD5, though I'm > really not sure without more information. A debug trace would likely > show more, as would a copy of your code. I missed that one, but added it to the check and it to still shows default. >> The return 1 appears to work, but then I get the message: >> MPPE required, but keys are not available. Possible plugin problem? > If you return 1 when MS-CHAP is enabled, then you're required to set up > keys and set the mppe_keys_set flag. It's a bit ugly, but MPPE and > MS-CHAP are deeply intertwined. > >> I REALLY wish this was a documented better. Though I code in other >> scripting languages, C is not something I'm used to coding. So please >> feel free to give me a hard time, I'm muddling my way through C just to >> get the basics right. > The plug-in interface just is not designed for use by someone without a > deep understanding of the existing code and a healthy amount of C > experience. I somewhat doubt that a plug-in shared library type > interface, regardless of the depth of the documentation, could get > around that. > > Normally, when folks want to do external authentication, they do it with > RADIUS or some other AAA protocol like that. It might help to know what > problem you're trying to solve. > Thank you, Greg Borbonus *Nix Server administrator