MS-CHAP-V2 with no retry

John.Hayward at wheaton.edu John.Hayward at wheaton.edu
Thu Apr 21 17:03:30 CEST 2011


Thanks again for your work on this facility.

I built and installed with the new patches.
Unfortunately things did not quite work - however with a small change I 
could get the retry to work properly on a windows7 machine.

The problem is that when we do a retry in addition to setting the challenge 
value we also need to change the data->code to challenge rather than 
failure.  When the response comes back we can correctly deal with it.

==== original patch -- with suggested changes **** ====
678 -    pairmove2(&response, &handler->request->reply->vps,
679 -        PW_MSCHAP_ERROR);
678 +    pairmove2(&response, &handler->request->reply->vps,
679 +        PW_MSCHAP_ERROR);
**** add failure code by default
  	 data->code = PW_EAP_MSCHAPV2_FAILURE;
****
680 +    if (response) {
681 +      int n,err,retry;
682 +      char buf[34];
683 + 
684 +      DEBUG2("  MSCHAP-Error: %s", response->vp_strvalue);
685 +
686 +      /*
687 +       * parse the new challenge out of the MS-CHAP-Error, so if the client
688 +       * issues a re-try, we'll know the challenge value they used
689 +       */
690 +      n = sscanf(response->vp_strvalue, "%*cE=%d R=%d C=%32s", &err, &retry, &buf);
691 +      if (n==3) {
692 +        DEBUG2("  Found new challenge from MS-CHAP-Error: err=%d retry=%d challenge=%s", err, retry, buf);
693 +        fr_hex2bin(buf, data->challenge, 16);
**** Set code to challenge if we find a challenge
  	     data->code = PW_EAP_MSCHAPV2_CHALLENGE;
****
694 +      } else {
695 +        DEBUG2("  Could not parse new challenge from MS-CHAP-Error: %d", n);
696 +      }
697 +    }
680
**** remove this code since set above
698 	data->code = PW_EAP_MSCHAPV2_FAILURE;
****
====   END OF original patch ===

johnh...



More information about the Freeradius-Users mailing list