Error in passwordparsing

Stabla, Daniel dstabla at materna.de
Fri Jul 24 10:39:57 CEST 2015


Hello,

don't know if it's a bug or a change (doesn't found anything in the 
release notes), but if
you use commas for the password in e.g. clients.conf, then the password 
itself gets malformed.

###########################################################################
Normal request with password 123

Ready to process requests
Threads: total/active/spare threads = 5/0/5
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
(0) Received Access-Request Id 244 from 172.17.8.10:3072 to 
172.17.8.254:1812 length 180
(0)   User-Name = "123456-7890ab"
(0)   User-Password = "123"
(0)   NAS-Identifier = "wpa"
(0)   NAS-IP-Address = 172.17.8.10
(0)   Called-Station-Id = "12-34-56-78-90-AB:WLAN TEST"
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   NAS-Port = 1
(0)   NAS-Port-Id = "1"
(0)   Calling-Station-Id = "12-34-56-78-90-AB"
(0)   Connect-Info = "CONNECT 144 Mbps 802.11g/n"
(0) # Executing section authorize from file 
/etc/radiusd-mac/sites-enabled/default
(0)   authorize {
(0) radius-station-mac: EXPAND %{User-Name}
(0) radius-station-mac:    --> 123456-7890ab
Found User-Password == "..."
Are you sure you don't mean Cleartext-Password?
See "man rlm_pap" for more information
(0)     [radius-station-mac] = noop
(0)     if (!ok) {
(0)     if (!ok)  -> TRUE
(0)     if (!ok)  {
(0) radius-station-allow-mac: EXPAND %{User-Name}
(0) radius-station-allow-mac:    -->123456-7890ab
(0) radius-station-allow-mac: users: Matched entry 123456-7890ab at line 18
(0)       [radius-station-allow-mac] = ok
(0)       if (!ok) {
(0)       if (!ok)  -> FALSE
(0)     } # if (!ok)  = ok
(0)     [preprocess] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept, accepting the user
(0) Login OK: [123456-7890ab/123] (from client wpa port 1 cli 
12-34-56-78-90-AB)
(0) Sent Access-Accept Id 244 from 172.17.8.254:1812 to 172.17.8.10:3072 
length 0
(0) Finished request


###########################################################################
Malformed request with password 123,

Listening on auth address * port 1812 bound to server mac_server
Ready to process requests
Threads: total/active/spare threads = 5/0/5
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
(0) Received Access-Request Id 93 from 172.17.8.10:3072 to 
172.17.8.254:1812 length 180
(0)   User-Name = "123456-7890ab"
(0)   User-Password = "4\016\236\343\234B\177\230\006VZ\030\027E\301\324"
(0)   NAS-Identifier = "wpa"
(0)   NAS-IP-Address = 172.17.8.10
(0)   Called-Station-Id = "12-34-56-78-90-AB:WLAN TEST"
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   NAS-Port = 1
(0)   NAS-Port-Id = "1"
(0)   Calling-Station-Id = "12-34-56-78-90-AB"
(0)   Connect-Info = "CONNECT 144 Mbps 802.11g/n"
(0) # Executing section authorize from file 
/etc/radiusd-mac/sites-enabled/default
(0)   authorize {
(0) radius-station-mac: EXPAND %{User-Name}
(0) radius-station-mac:    --> 123456-7890ab
Found User-Password == "..."
Are you sure you don't mean Cleartext-Password?
See "man rlm_pap" for more information
(0)     [radius-station-mac] = noop
(0)     if (!ok) {
(0)     if (!ok)  -> TRUE
(0)     if (!ok)  {
(0) radius-station-allow-mac: EXPAND %{User-Name}
(0) radius-station-allow-mac:    --> 123456-7890ab
(0) radius-station-allow-mac: users: Matched entry 123456-7890ab at line 18
(0)       [radius-station-allow-mac] = ok
(0)       if (!ok) {
(0)       if (!ok)  -> FALSE
(0)     } # if (!ok)  = ok
(0)     [preprocess] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept, accepting the user
(0) Login OK: [123456-7890ab/4????B???VZ??E??] (from client wpa port 1 
cli 12-34-56-78-90-AB)
(0) Sent Access-Accept Id 93 from 172.17.8.254:1812 to 172.17.8.10:3072 
length 0
(0) Finished request

This behavior appeared with 3.0.7.
If it is a bug, please fix it.

Kind regards.
D. Stabla


More information about the Freeradius-Users mailing list