rlm_perl and CHAP authentication

Tomas Hoger thoger at pobox.sk
Fri Feb 9 21:07:41 CET 2007

On Fri, Feb 09, 2007 at 02:10:03PM +0100, Alan DeKok wrote:
> > It seems CVS version of rlm_perl may have some negative impact on CHAP
> > authentication.  If you use rlm_perl in authorize{}, it will replace
> > request vps with contents of %RAD_REQUEST.  After that, request->username
> > and request->password are updated.  Result is, that rlm_chap in
> > authenticate{} is not able to find CHAP password any more.  main/auth.c
> > fallbacks to searching for PW_CHAP_PASSWORD if PW_PASSWORD is not found.
>   OK, I've fixed that in rlm_perl, and updated rlm_chap &&
> src/main/auth.c to be a little smarter about looking for CHAP-Password

Regarding changes in rlm_chap - looking into the code, I see you have added
explicit pairfind for CHAP password and vp pointer is stored in chap.
However, request->password is used for length checking right below and
further down in function.  In worst case, this can be NULL.  That's what
happened with previous version of rlm_perl.


More information about the Freeradius-Devel mailing list