Alan, Thank you for taking the time to review the patch and for your feedback.
> has a look at this but it's only of interest for classic MS-CHAP
> activity rather than MSCHAPv2 in PEAP or TTLS - correct?
> (in this case we wouldnt use this function or be able to test
> this at our site...but logically it all looks sane)
Actually, the problem definitely impacts PEAP/MSCHAPv2 (and I believe
TTLS/MSCHAPv2 also because it's an error in MS-CHAP, but we don't use TTLS so I
can't test that). (I haven't thought about it enough to know whether it affects
v1, but it definitely occurs with v2 as that's where I found it.)
The problem occurs when the client creates the MS-CHAPv2 response and uses a
userid whose case differs from what FR subsequently uses to create the
challenge for ntlm_auth.
> a few changes though (?) - its 'delimiter', not 'delimeter' ;-)
True, but I just copied that line from what was already in the code. I'm ok
with fixing the spelling error as part of this patch though ;-)
> and...some RDEBUG2 starts with a white space and others print tight to
> the line - reason for such differences?
I was trying to mimic some of the existing code (when in Rome ;-) )... For
instance, there was already an RDEBUG2 for:
RDEBUG2(" NT Domain delimeter found, should we have enabled
with_ntdomain_hack?");
I'm not opposed to eliminating the leading spaces if you think it is more
readable.
BTW, I just fixed one of the attachments (rlm_eap_mschapv2.c patch). I
inadvertently had all 3 patches included in that one file - the replacement now
only contains the changes for rlm_eap_mschapv2.c. Sorry about the confusion..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
