[PATCH] log escaped identities when they dont match

To: freeradius-users@lists.freeradius.org
Subject: [PATCH] log escaped identities when they dont match
From: Phil Mayers <p.mayers@imperial.ac.uk>
Date: Wed, 30 Jul 2008 17:25:06 +0100
In-reply-to: <de7f3d61bee448c83694142d6c96b61a3e4609fd.1217434823.git.p.mayers@imperial.ac.uk>
References: <de7f3d61bee448c83694142d6c96b61a3e4609fd.1217434823.git.p.mayers@imperial.ac.uk>
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
User-agent: Mutt/1.5.18 (2008-05-17)

A more complex version replacing the previous version; this logs theescaped username, possibly useful if it contains various binary nonsenseetc.


---
 src/modules/rlm_eap/eap.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index e947844..6e2367e 100644
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -953,6 +953,8 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
 	eap_packet_t	*eap_packet = *eap_packet_p;
 	VALUE_PAIR	*vp;

+ char ident_safe[MAX_STRING_LEN+1], username_safe[MAX_STRING_LEN+1];

+
 	/*
 	 *	Ensure it's a valid EAP-Request, or EAP-Response.
 	 */
@@ -1025,7 +1027,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
 			*/
                        if (strncmp(handler->identity, vp->vp_strvalue,
 				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", handler->identity, vp->vp_strvalue);
+                               librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, MAX_STRING_LEN);
+                               librad_safeprint(vp->vp_strvalue, strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN);
+
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", ident_safe, username_safe);
                                free(*eap_packet_p);
                                *eap_packet_p = NULL;
                                return NULL;
@@ -1081,7 +1086,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
 			*/
                        if (strncmp(handler->identity, vp->vp_strvalue,
 				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity does not match User-Name, setting from EAP Identity.");
+                               librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, MAX_STRING_LEN);
+                               librad_safeprint(vp->vp_strvalue, strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN);
+
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match User-Name %s.  Authentication failed.", ident_safe, username_safe);
                                free(*eap_packet_p);
                                *eap_packet_p = NULL;
                                eap_handler_free(handler);
--
1.5.4.1

Previous by Date: [PATCH] log identitied when they dont match
Next by Date: Re: Possible bug in unlang?
Previous by Thread: Re: [Fwd: LDAP CHAP born again]
Next by Thread: about "freeradius accepts anybody"
Freeradius-Users July 2008 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.