[PATCH] log escaped identities when they dont match

[Phil Mayers]

A more complex version replacing the previous version; this logs the 
escaped username, possibly useful if it contains various binary nonsense 
etc.

---
  src/modules/rlm_eap/eap.c |   12 ++++++++++--
  1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index e947844..6e2367e 100644
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -953,6 +953,8 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
  	eap_packet_t	*eap_packet = *eap_packet_p;
  	VALUE_PAIR	*vp;
  
+	char		ident_safe[MAX_STRING_LEN+1], username_safe[MAX_STRING_LEN+1];
+
  	/*
  	 *	Ensure it's a valid EAP-Request, or EAP-Response.
  	 */
@@ -1025,7 +1027,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
  			*/
                         if (strncmp(handler->identity, vp->vp_strvalue,
  				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", handler->identity, vp->vp_strvalue);
+                               librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, MAX_STRING_LEN);
+                               librad_safeprint(vp->vp_strvalue, strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN);
+
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", ident_safe, username_safe);
                                 free(*eap_packet_p);
                                 *eap_packet_p = NULL;
                                 return NULL;
@@ -1081,7 +1086,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
  			*/
                         if (strncmp(handler->identity, vp->vp_strvalue,
  				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity does not match User-Name, setting from EAP Identity.");
+                               librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, MAX_STRING_LEN);
+                               librad_safeprint(vp->vp_strvalue, strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN);
+
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", ident_safe, username_safe);
                                 free(*eap_packet_p);
                                 *eap_packet_p = NULL;
                                 eap_handler_free(handler);
-- 
1.5.4.1