From 81be549dd2d87fb0009c155abb786442751f5f6d Mon Sep 17 00:00:00 2001
From: brian <brian@FreeBSD.org>
Date: Wed, 12 Jun 2002 21:36:07 +0000
Subject: Don't forget to process the Ident field on the front of
 RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS messages, and
 remove the hack in chap.c to ignore that ident field on the client side.

This anomoly was hacked around during development, and I forgot to
go back and fix it properly.

Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
---
 usr.sbin/ppp/chap.c   |  3 +--
 usr.sbin/ppp/radius.c | 39 +++++++++++++++++++++++++--------------
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c
index 02ad021..8bce946 100644
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@@ -926,8 +926,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
           if (p->link.lcp.auth_ineed == 0) {
 #ifndef NODES
             if (p->link.lcp.his_authtype == 0x81) {
-              if (strncmp(ans, chap->authresponse, 42) &&
-                  (*ans != 1 || strncmp(ans + 1, chap->authresponse, 41))) {
+              if (strncmp(ans, chap->authresponse, 42)) {
                 datalink_AuthNotOk(p->dl);
 	        log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
                            " != ans: (%.42s)\n", chap->authresponse, ans);
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c
index 1f43db2..cd72c4b 100644
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@@ -417,26 +417,37 @@ radius_Process(struct radius *r, int got)
 #ifndef NODES
               case RAD_MICROSOFT_MS_CHAP_ERROR:
                 free(r->errstr);
-                if ((r->errstr = rad_cvt_string(data, len)) == NULL) {
-                  log_Printf(LogERROR, "rad_cvt_string: %s\n",
-                             rad_strerror(r->cx.rad));
-                  auth_Failure(r->cx.auth);
-                  rad_close(r->cx.rad);
-                  return;
+                if (len == 0)
+                  r->errstr = NULL;
+                else {
+                  if ((r->errstr = rad_cvt_string((const char *)data + 1,
+                                                  len - 1)) == NULL) {
+                    log_Printf(LogERROR, "rad_cvt_string: %s\n",
+                               rad_strerror(r->cx.rad));
+                    auth_Failure(r->cx.auth);
+                    rad_close(r->cx.rad);
+                    return;
+                  }
+                  log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
                 }
-                log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
                 break;
 
               case RAD_MICROSOFT_MS_CHAP2_SUCCESS:
                 free(r->msrepstr);
-                if ((r->msrepstr = rad_cvt_string(data, len)) == NULL) {
-                  log_Printf(LogERROR, "rad_cvt_string: %s\n",
-                             rad_strerror(r->cx.rad));
-                  auth_Failure(r->cx.auth);
-                  rad_close(r->cx.rad);
-                  return;
+                if (len == 0)
+                  r->msrepstr = NULL;
+                else {
+                  if ((r->msrepstr = rad_cvt_string((const char *)data + 1,
+                                                    len - 1)) == NULL) {
+                    log_Printf(LogERROR, "rad_cvt_string: %s\n",
+                               rad_strerror(r->cx.rad));
+                    auth_Failure(r->cx.auth);
+                    rad_close(r->cx.rad);
+                    return;
+                  }
+                  log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n",
+                             r->msrepstr);
                 }
-                log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n", r->msrepstr);
                 break;
  
               case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
-- 
cgit v1.1