diff options
| author | brian <brian@FreeBSD.org> | 2002-06-17 01:12:38 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2002-06-17 01:12:38 +0000 |
| commit | 50179a581980027539d8a5a3f805e0053d68ca8c (patch) | |
| tree | 9a698b9766e6465d1ffa7863d5d865f73bb51e8d /usr.sbin/ppp/radius.c | |
| parent | 47e1ed8bb9c0ae00f909dc4c3c9ed4dee013b38e (diff) | |
| download | FreeBSD-src-50179a581980027539d8a5a3f805e0053d68ca8c.zip FreeBSD-src-50179a581980027539d8a5a3f805e0053d68ca8c.tar.gz | |
Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the code
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.
Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.
While we're here, don't bother passing the peer challenge into
radius_Authenticate(). It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).
This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
Diffstat (limited to 'usr.sbin/ppp/radius.c')
| -rw-r--r-- | usr.sbin/ppp/radius.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index 99abb2a..be6953a 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -700,7 +700,7 @@ radius_put_physical_details(struct rad_handle *rad, struct physical *p) int radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, const char *key, int klen, const char *nchallenge, - int nclen, const char *pchallenge, int pclen) + int nclen) { struct timeval tv; int got; @@ -712,6 +712,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, #ifndef NODES struct mschap_response msresp; struct mschap2_response msresp2; + const struct MSCHAPv2_resp *keyv2; #endif if (!*r->cfg.file) @@ -794,26 +795,21 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, break; case 0x81: - if (klen != 50) { + if (klen != sizeof(*keyv2) + 1) { log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen); rad_close(r->cx.rad); return 0; } - if (pclen != sizeof msresp2.pchallenge) { - log_Printf(LogERROR, "CHAP81: Unrecognised peer challenge length %d\n", - pclen); - rad_close(r->cx.rad); - return 0; - } - + keyv2 = (const struct MSCHAPv2_resp *)(key + 1); rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen); msresp2.ident = *key; - msresp2.flags = 0x00; - memcpy(msresp2.response, key + 25, 24); + msresp2.flags = keyv2->Flags; + memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response); memset(msresp2.reserved, '\0', sizeof msresp2.reserved); - memcpy(msresp2.pchallenge, pchallenge, pclen); + memcpy(msresp2.pchallenge, keyv2->PeerChallenge, + sizeof msresp2.pchallenge); rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2, sizeof msresp2); |
