Error in passwordparsing
Stabla, Daniel
dstabla at materna.de
Fri Jul 24 10:39:57 CEST 2015
Hello,
don't know if it's a bug or a change (doesn't found anything in the
release notes), but if
you use commas for the password in e.g. clients.conf, then the password
itself gets malformed.
###########################################################################
Normal request with password 123
Ready to process requests
Threads: total/active/spare threads = 5/0/5
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
(0) Received Access-Request Id 244 from 172.17.8.10:3072 to
172.17.8.254:1812 length 180
(0) User-Name = "123456-7890ab"
(0) User-Password = "123"
(0) NAS-Identifier = "wpa"
(0) NAS-IP-Address = 172.17.8.10
(0) Called-Station-Id = "12-34-56-78-90-AB:WLAN TEST"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 1
(0) NAS-Port-Id = "1"
(0) Calling-Station-Id = "12-34-56-78-90-AB"
(0) Connect-Info = "CONNECT 144 Mbps 802.11g/n"
(0) # Executing section authorize from file
/etc/radiusd-mac/sites-enabled/default
(0) authorize {
(0) radius-station-mac: EXPAND %{User-Name}
(0) radius-station-mac: --> 123456-7890ab
Found User-Password == "..."
Are you sure you don't mean Cleartext-Password?
See "man rlm_pap" for more information
(0) [radius-station-mac] = noop
(0) if (!ok) {
(0) if (!ok) -> TRUE
(0) if (!ok) {
(0) radius-station-allow-mac: EXPAND %{User-Name}
(0) radius-station-allow-mac: -->123456-7890ab
(0) radius-station-allow-mac: users: Matched entry 123456-7890ab at line 18
(0) [radius-station-allow-mac] = ok
(0) if (!ok) {
(0) if (!ok) -> FALSE
(0) } # if (!ok) = ok
(0) [preprocess] = ok
(0) } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept, accepting the user
(0) Login OK: [123456-7890ab/123] (from client wpa port 1 cli
12-34-56-78-90-AB)
(0) Sent Access-Accept Id 244 from 172.17.8.254:1812 to 172.17.8.10:3072
length 0
(0) Finished request
###########################################################################
Malformed request with password 123,
Listening on auth address * port 1812 bound to server mac_server
Ready to process requests
Threads: total/active/spare threads = 5/0/5
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
(0) Received Access-Request Id 93 from 172.17.8.10:3072 to
172.17.8.254:1812 length 180
(0) User-Name = "123456-7890ab"
(0) User-Password = "4\016\236\343\234B\177\230\006VZ\030\027E\301\324"
(0) NAS-Identifier = "wpa"
(0) NAS-IP-Address = 172.17.8.10
(0) Called-Station-Id = "12-34-56-78-90-AB:WLAN TEST"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 1
(0) NAS-Port-Id = "1"
(0) Calling-Station-Id = "12-34-56-78-90-AB"
(0) Connect-Info = "CONNECT 144 Mbps 802.11g/n"
(0) # Executing section authorize from file
/etc/radiusd-mac/sites-enabled/default
(0) authorize {
(0) radius-station-mac: EXPAND %{User-Name}
(0) radius-station-mac: --> 123456-7890ab
Found User-Password == "..."
Are you sure you don't mean Cleartext-Password?
See "man rlm_pap" for more information
(0) [radius-station-mac] = noop
(0) if (!ok) {
(0) if (!ok) -> TRUE
(0) if (!ok) {
(0) radius-station-allow-mac: EXPAND %{User-Name}
(0) radius-station-allow-mac: --> 123456-7890ab
(0) radius-station-allow-mac: users: Matched entry 123456-7890ab at line 18
(0) [radius-station-allow-mac] = ok
(0) if (!ok) {
(0) if (!ok) -> FALSE
(0) } # if (!ok) = ok
(0) [preprocess] = ok
(0) } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept, accepting the user
(0) Login OK: [123456-7890ab/4????B???VZ??E??] (from client wpa port 1
cli 12-34-56-78-90-AB)
(0) Sent Access-Accept Id 93 from 172.17.8.254:1812 to 172.17.8.10:3072
length 0
(0) Finished request
This behavior appeared with 3.0.7.
If it is a bug, please fix it.
Kind regards.
D. Stabla
More information about the Freeradius-Users
mailing list