Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
eduroam
radsecproxy
Commits
8bbdecd3
Commit
8bbdecd3
authored
Jan 16, 2015
by
Linus Nordberg
Browse files
When CHAP-Password, copy Request Authenticator to CHAP-Challenge.
Conflicts: radmsg.h
parent
bf2cb969
Changes
3
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
8bbdecd3
...
...
@@ -4,6 +4,8 @@ Unreleased 1.6.6-dev
used to apply rewriteIn using the rewrite block of the client
rather than the server. Patch by Fabian Mauchle. Fixes
RADSECPROXY-59.
- Handle CHAP authentication properly when there is no
CHAP-Challenge. Fixes RADSECPROXY-58.
2013-09-06 1.6.5
Bug fixes:
...
...
radmsg.h
View file @
8bbdecd3
...
...
@@ -17,10 +17,12 @@
#define RAD_Attr_User_Name 1
#define RAD_Attr_User_Password 2
#define RAD_Attr_CHAP_Password 3
#define RAD_Attr_Reply_Message 18
#define RAD_Attr_Vendor_Specific 26
#define RAD_Attr_Calling_Station_Id 31
#define RAD_Proxy_State 33
#define RAD_Attr_CHAP_Challenge 60
#define RAD_Attr_Tunnel_Password 69
#define RAD_Attr_Message_Authenticator 80
...
...
radsecproxy.c
View file @
8bbdecd3
...
...
@@ -1543,6 +1543,28 @@ int radsrv(struct request *rq) {
goto
exit
;
}
/* If there is a CHAP-Password attribute but no CHAP-Challenge
* one, create a CHAP-Challenge containing the Request
* Authenticator because that's what the CHAP-Password is based
* on. */
attr
=
radmsg_gettype
(
msg
,
RAD_Attr_CHAP_Password
);
if
(
attr
)
{
debug
(
DBG_DBG
,
"%s: found CHAP-Password with value length %d"
,
__func__
,
attr
->
l
);
attr
=
radmsg_gettype
(
msg
,
RAD_Attr_CHAP_Challenge
);
if
(
attr
==
NULL
)
{
debug
(
DBG_DBG
,
"%s: no CHAP-Challenge found, creating one"
,
__func__
);
attr
=
maketlv
(
RAD_Attr_CHAP_Challenge
,
16
,
msg
->
auth
);
if
(
attr
==
NULL
||
radmsg_add
(
msg
,
attr
)
!=
1
)
{
debug
(
DBG_ERR
,
"%s: adding CHAP-Challenge failed, "
"CHAP-Password request dropped"
,
__func__
);
freetlv
(
attr
);
goto
rmclrqexit
;
}
}
}
/* Create new Request Authenticator. */
if
(
msg
->
code
==
RAD_Accounting_Request
)
memset
(
msg
->
auth
,
0
,
16
);
else
if
(
!
RAND_bytes
(
msg
->
auth
,
16
))
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment