Issue with rlm_digest module

[Alan DeKok]

malaya.kishore at wipro.com wrote:
> Here is the debug log for the same, with the actual code:
> Debug: ERROR: Received Digest-Attributes with invalid sub-attribute 115

  As I said, the module is inter-operable with all existing
implementations, and has been inter-operable for 6 years.

  Changing it now is not an option.

> I find that the length in the packet is the length of the attr-length
> not the complete one (type + attr-length).

  Which client are you using to generate the digest attributes?

> Here is the log when we tried to print the values of p[o] and p[1].
> 
...
> Thu Nov 27 16:17:38 2008 : Info: [digest] ERROR: p[1] Received
> Digest-Attributes with sub-attribute length 6
> 
>         Digest-Realm = "fr.com"

  The client is broken.

  The sub-attribute is *supposed* to be packed in the same way as a
normal RADIUS attribute.  The length is *supposed* to be "data-len + 2".
This client has the length as "data-len".

  See the "sterman" draft, Nonce-Count sub-attribute.  It's length is
10, with 8 bytes of hex data.

> Thu Nov 27 16:17:38 2008 : Info: [digest] ERROR: p[1] Received
> Digest-Attributes with sub-attribute length 8
> 
>         Digest-Nonce-Count = "00000001"

  The client is violating the specification as written in the sterman
draft.  See doc/rfc/draft-sterman-aaa-sip-00.txt in the FreeRADIUS "tar"
file.

> We are not able to analyze the ethereal traces, as these are vendor
> specific values, which are not understood by ethereal.
> 
> Can it be a error in the client side. Like the length of VSA is not
> inserted correctly.

  It is an error on the client side.  The client is broken, and needs to
be fixed.

  As it is now, the client does NOT work with FreeRADIUS, and it will
NOT work with any other RADIUS server that implements the draft-sterman
document.

  Alan DeKok.