Don't forget to process the Ident field on the front of

RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS messages, and remove the hack in chap.c to ignore that ident field on the client side. This anomoly was hacked around during development, and I forgot to go back and fix it properly. Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
2002-06-12 21:36:07 +00:00 · 2002-06-12 21:36:07 +00:00 · a95b23a6b2
commit a95b23a6b2
parent 5fb49f9fd6
2 changed files with 26 additions and 16 deletions
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@ -926,8 +926,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
          if (p->link.lcp.auth_ineed == 0) {
 #ifndef NODES
            if (p->link.lcp.his_authtype == 0x81) {
-              if (strncmp(ans, chap->authresponse, 42) &&
-                  (*ans != 1 || strncmp(ans + 1, chap->authresponse, 41))) {
+              if (strncmp(ans, chap->authresponse, 42)) {
                datalink_AuthNotOk(p->dl);
 	        log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
                           " != ans: (%.42s)\n", chap->authresponse, ans);
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@ -417,26 +417,37 @@ radius_Process(struct radius *r, int got)
 #ifndef NODES
              case RAD_MICROSOFT_MS_CHAP_ERROR:
                free(r->errstr);
-                if ((r->errstr = rad_cvt_string(data, len)) == NULL) {
-                  log_Printf(LogERROR, "rad_cvt_string: %s\n",
-                             rad_strerror(r->cx.rad));
-                  auth_Failure(r->cx.auth);
-                  rad_close(r->cx.rad);
-                  return;
+                if (len == 0)
+                  r->errstr = NULL;
+                else {
+                  if ((r->errstr = rad_cvt_string((const char *)data + 1,
+                                                  len - 1)) == NULL) {
+                    log_Printf(LogERROR, "rad_cvt_string: %s\n",
+                               rad_strerror(r->cx.rad));
+                    auth_Failure(r->cx.auth);
+                    rad_close(r->cx.rad);
+                    return;
+                  }
+                  log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
                }
-                log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
                break;

              case RAD_MICROSOFT_MS_CHAP2_SUCCESS:
                free(r->msrepstr);
-                if ((r->msrepstr = rad_cvt_string(data, len)) == NULL) {
-                  log_Printf(LogERROR, "rad_cvt_string: %s\n",
-                             rad_strerror(r->cx.rad));
-                  auth_Failure(r->cx.auth);
-                  rad_close(r->cx.rad);
-                  return;
+                if (len == 0)
+                  r->msrepstr = NULL;
+                else {
+                  if ((r->msrepstr = rad_cvt_string((const char *)data + 1,
+                                                    len - 1)) == NULL) {
+                    log_Printf(LogERROR, "rad_cvt_string: %s\n",
+                               rad_strerror(r->cx.rad));
+                    auth_Failure(r->cx.auth);
+                    rad_close(r->cx.rad);
+                    return;
+                  }
+                  log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n",
+                             r->msrepstr);
                }
-                log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n", r->msrepstr);
                break;
 
              case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: