From 7be25a326bb9c2fc7279519d3e34e99351d73e1e Mon Sep 17 00:00:00 2001
From: Nick Couchman <nick_couchman@cotyinc.com>
Date: Tue, 9 Apr 2019 10:31:29 -0400
Subject: [PATCH] GUACAMOLE-774: Add in MD4 support for MSCHAPv1/2.

---
 .../auth/radius/RadiusConnectionService.java     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
index ec82a63ee..171e41566 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
@@ -25,6 +25,8 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleServerException;
 import org.slf4j.Logger;
@@ -41,6 +43,8 @@ import net.jradius.packet.AccessRequest;
 import net.jradius.packet.attribute.AttributeList;
 import net.jradius.client.auth.EAPTLSAuthenticator;
 import net.jradius.client.auth.EAPTTLSAuthenticator;
+import net.jradius.client.auth.MSCHAPv1Authenticator;
+import net.jradius.client.auth.MSCHAPv2Authenticator;
 import net.jradius.client.auth.RadiusAuthenticator;
 import net.jradius.client.auth.PEAPAuthenticator;
 import net.jradius.packet.attribute.AttributeFactory;
@@ -129,6 +133,18 @@ public class RadiusConnectionService {
         if (radAuth == null)
             throw new GuacamoleException("Could not get a valid RadiusAuthenticator for specified protocol: " + confService.getRadiusAuthProtocol());
 
+        // For MSCHAPv1/2, we need MD4 support
+        if (radAuth instanceof MSCHAPv1Authenticator
+                || radAuth instanceof MSCHAPv2Authenticator) {
+            
+            Security.addProvider(new Provider("MD4", 0.00, "MD4 for MSCHAPv1/2 RADIUS") {
+                {
+                    this.put("MessageDigest.MD4", org.bouncycastle.jce.provider.JDKMessageDigest.MD4.class.getName());
+                }
+            });
+    
+        }
+
         // If we're using any of the TLS protocols, we need to configure them
         if (radAuth instanceof PEAPAuthenticator || 
             radAuth instanceof EAPTLSAuthenticator ||