All password checks disbaled... ugh
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Apr 15 21:45:28 CEST 2014
On 15 Apr 2014, at 13:17, Stefan Winter <stefan.winter at restena.lu> wrote:
> Follow-up to myself,
>
>> As you see, no proxying (no suffix module at all) nor EAP-Message in the
>> debug log.
>>
>
> Ah, there is a suffix instance but it does nothing, noop.
>
>> I have looked at other occasions where NT-Password gets used (e.g. we
>> have a vserver which pulls it out of SQL). I guess I should be seeing
>> that normify() outputs something in the debug output I sent - but not at
>> all. It is hex-encoded though, so the RDEBUG2 inside normify can't
>> possibly be silent.
>>
>> This makes me believe that the NT-Password is not actually evaluated .
>> But then again, the log also says that the line matched, so it should
>> really get going.
>>
>> Wondering about inst->normify - that's inside an if. Maybe it is false,
>> so pw_found is set to true, but the normifying is never done? I also see
>> that instantiate() does not set inst->normify. Does it have to? Not good
>> enough in C to answer this.
>>
>
> Found that it is set in config. My pap module config is really minimal:
> pap {
> auto_header = no
> }
>
> It doesn't set normalise, and as per code it then defaults to "yes". So inst->normify should do its job.
>
> Which means I'm more clueless than before, if that's even possible :-(
Use GDB and step through?
It can attach to a running process, especially if you've got a panic action set :)
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140415/5363e86d/attachment.pgp>
More information about the Freeradius-Devel
mailing list