BINGO! Found it. The bug is that function dict_addvendor() in src/lib/dict.c, around line 440 is missing an initialization of dv->flags: dv->flags = 0; If I add that then the Windows PC client successfully connects to the WLAN station and authenticates correctly... - Peter INGO!
Notice the following that I feel are a bit 'suspect' that happens in the rad_vp2attr() function:
1. dv->flags=808989706 2. vp->attribute=20381713
This is printed in the code around:
/* * This must be an RFC-format attribute. If it * wasn't, then the "decode" function would have * made a Vendor-Specific attribute (i.e. type * 26), and we would have "vendorcode == 0" here. */ if (dv) { vsa_tlen = dv->type; vsa_llen = dv->length; if (dv->flags) vsa_offset = 1; DEBUG("PETER: dv->flags=%d\n", dv->flags); }
DEBUG("PETER: rad_vp2attr: vendorcode=%d, vsa_tlen=%d, vsa_llen=%d, vsa_offset=%d, vp->attribute=%d\n", vendorcode, vsa_tlen, vsa_llen, vsa_offset, vp->attribute);
With dv->flags set to '808989706' then vsa_offset is set to 1, and then a bit down in the code this happens (notice the 'ptr[0] = 0x00;' - could this be where the mysterious 0x00-byte gets added?):
if (vsa_offset) { /* * Allow TLV's to be encoded, if someone * manages to somehow encode the sub-tlv's. * * FIXME: Keep track of room in the packet! */ if (vp->length > (254 - (ptr - start))) { DEBUG("PETER: rad_vp2attr: Calling rad_vp2continuation\n"); return rad_vp2continuation(vp, start, ptr); }
ptr[0] = 0x00; ptr++;
/* * sub-TLV's can only be in one format. */ if (vp->flags.is_tlv) { DEBUG("PETER: rad_vp2attr: vp->flags.is_tlv=%d\n", vp->flags.is_tlv);
*(ptr++) = (vp->attribute & 0xff00) >> 8; tlv_length_ptr = ptr; *(ptr++) = 2; vsa_offset += 2;
Output from the server when running with my DEBUG() calls added:
Sending Access-Accept of id 5 to 192.168.160.158 port 2299 MS-MPPE-Recv-Key = 0x3b7338c7c2942aa068f6b52ba9616e0b6daf553595483804575f70c3910b49e4 PETER: rad_vp2attr: start=ffffffff7fffc344 PETER: dv->flags=808989706 PETER: rad_vp2attr: vendorcode=311, vsa_tlen=1, vsa_llen=1, vsa_offset=1, vp->attribute=20381713 PETER: rad_vp2attr: vp->flags.has_tag=0, vp->flags.tag=0 PETER: vp2data: offset=0, room=246, vp->length=32, vp->flags.encrypt=2 PETER: make_tunnel_passwd: inlen=32, room=246 PETER: make_tunnel_passwd: adjusted len=48 MS-MPPE-Send-Key = 0x6a238a9b2f97d43cfef37c80bc88309fc843d571dd97316b3754d0dee7c8754a PETER: rad_vp2attr: start=ffffffff7fffc37f PETER: dv->flags=808989706 PETER: rad_vp2attr: vendorcode=311, vsa_tlen=1, vsa_llen=1, vsa_offset=1, vp->attribute=20381712 PETER: rad_vp2attr: vp->flags.has_tag=0, vp->flags.tag=0 PETER: vp2data: offset=0, room=246, vp->length=32, vp->flags.encrypt=2 PETER: make_tunnel_passwd: inlen=32, room=246 PETER: make_tunnel_passwd: adjusted len=48 EAP-Message = 0x03050004 PETER: rad_vp2attr: start=ffffffff7fffc3ba PETER: rad_vp2attr: vendorcode=0 PETER: rad_vp2attr: vp->flags.has_tag=0, vp->flags.tag=0 PETER: vp2data: offset=0, room=253, vp->length=4, vp->flags.encrypt=0 Message-Authenticator = 0x00000000000000000000000000000000 PETER: rad_vp2attr: start=ffffffff7fffc3c0 PETER: rad_vp2attr: vendorcode=0 PETER: rad_vp2attr: vp->flags.has_tag=0, vp->flags.tag=0 PETER: vp2data: offset=0, room=253, vp->length=16, vp->flags.encrypt=0 User-Name = "" PETER: rad_vp2attr: start=ffffffff7fffc3d2 PETER: rad_vp2attr: vendorcode=0 PETER: rad_vp2attr: vp->flags.has_tag=0, vp->flags.tag=0 PETER: vp2data: offset=0, room=253, vp->length=0, vp->flags.encrypt=0 PETER: rad_encode, packet data (162 bytes): 020500a26ac716ea68df22aa04b11b19748b4cd41a3b00000137113500812965b0fd4eab49fe3130 a05e5c23ba80f7165b2f81fab9a798cdd4d42ec06e85496fe978b1ece15c4eb60342e59fca50781a3b000001371035008edb28255c56fbc717358e4599af b0ea6e99a802da0445c3d2ee12387d2ad9d31ce168bfeee5e3222881fd1d659ff1dcd3234f0603050004501200000000000000000000000000000000 Tue Sep 30 11:20:36 2008 : Debug: Finished request 5.
Ah well. Back to adding mot DEBUG() calls to locate what's going on...
- Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html