xlat failure in 2.1.8 (worked in 2.1.6)

Stefan Winter stefan.winter at restena.lu
Wed Feb 3 11:55:50 CET 2010


after an upgrade from 2.1.6+ (a GIT version shortly after 2.1.6) to
2.1.8, we see failed mschap xlat on some exotic passwords.

After some tests, we think that either the space character (" ") or the
single quote ("'") cause xlat to fail.

The basic use scenario is a mySQL DB backend which pulls a NT-Hash for
the user. Input is PAP, so rlm_pap calls xlat:NT-Hash for the input, and
then returns with the log message that mschap xlat failed.

I've traced down the code in rlm_pap (no changes between the two
versions), rlm_mschap (only unrelated changes), and main/xlat.c. xlat.c
seems to have had a *major* revision in between.

For the moment, I rolled back to 2.1.6+ (and had to give up on the
"do_not_respond feature, sigh) but it would sure be nice if this worked
again :-/.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100203/fed70009/attachment.pgp>

More information about the Freeradius-Devel mailing list