PEAP-MSCHAP question.

Makarand Pradhan makarandpradhan at ruggedcom.com
Tue May 3 00:28:05 CEST 2011 

Hi All,

I made a stupid mistake. Sorry for that. Kindly ignore the solution part in my 
last email.

The correct "if" check that I meant to recommend before using the secret 
pointer is:

File radius.c
function: data2vp
2242         /*
2243          *      Decrypt the attribute.
2244          */
2245         if (NULL != secret)
2246         {
2247 
2248                 switch (vp->flags.encrypt) {
2249                         /*
2250                          *  User-Password
2251                          */
2252                 case FLAG_ENCRYPT_USER_PASSWORD:
2253                         if (original) {
2254                                 rad_pwdecode((char *)vp->vp_strvalue,
...
2301                 } /* switch over encryption flags */
2302 
2303         }

Once again a sincere apology for the wrong diff.

Rgds,
Makarand.



diff -Naur radius.c.orig radius.c
--- radius.c.orig       2011-05-02 17:19:33.988204676 -0400
+++ radius.c    2011-05-02 18:18:37.423705767 -0400
@@ -2242,60 +2242,65 @@
        /*
         *      Decrypt the attribute.
         */
-       switch (vp->flags.encrypt) {
-               /*
-                *  User-Password
-                */
-       case FLAG_ENCRYPT_USER_PASSWORD:
-               if (original) {
-                       rad_pwdecode((char *)vp->vp_strvalue,



On Monday 02 May 2011 17:42:36 you wrote:
> Hi All,
> 
> Hope all of you are having a nice day. This is my first post on this list,
> so kindly overlook any novice mistakes.
> 
> I am facing a problem while working with freeradius. The description of the
> problem and a probable solution is given below:
> 
> Problem Scenario:
> I work on a router. I am working on PEAP with default_eap_type=mschapv2. On
> the router, I am a tunnel exchanging packets with the port on one side and
> the radius server on the other. rad_decode is used to get the EAP
> attributes coming from the server, so that they can be sent to the port
> which is being authenticated.
> While invoking rad_decode, the secret is set to NULL. This causes a trap
> while trying to decode Microsoft specific attributes as
> dictionary.microsoft says the key should be encrypted.
> 
> ATTRIBUTE       MS-MPPE-Send-Key                        16      octets
> encrypt=2
> ATTRIBUTE       MS-MPPE-Recv-Key                        17      octets
> encrypt=2
> 
> Resolution:
> To resolve this issue, I had to add a NULL ptr check in radius.c, function
> data2vp.
> 
> diff -Naur radius.c.orig  radius.c
> --- radius.c.orig       2011-05-02 17:19:33.988204676 -0400
> +++ radius.c    2011-05-02 17:21:29.528702423 -0400
> @@ -2242,7 +2242,7 @@
>         /*
>          *      Decrypt the attribute.
>          */
> -       switch (vp->flags.encrypt) {
> +       switch (vp->flags.encrypt && (NULL != secret)) {
>                 /*
>                  *  User-Password
>                  */
> 
> I would highly appreciate your opinions regarding the issue. If this
> resolution is not acceptable, then kindly let me know alternatives that
> would be acceptable.
> 
> Warm Rgds,
> Makarand.

-- 
NOTICE OF CONFIDENTIALITY:
-------------------------------------------
This e-mail and any attachments may contain confidential and privileged 
information. If you are not the intended recipient, please notify the sender 
immediately by return e-mail and delete this e-mail and any copies. Any 
dissemination or use of this information by a person other than the intended 
recipient is unauthorized and may be illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110502/e0a4296a/attachment.html>

More information about the Freeradius-Devel mailing list