Hello Francois

I have looked into rlm_eap_sim source and found that is incorrectly decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute calculation. MAC mismatch detected by supplicant and it refuses to continue EAP-SIM authentication.

Please try to apply patch I've attached. This patch fixes AT_IDENTITY attribute decoding.

Francois Gaudreault wrote:
Hi,


Don't know then. The client is sending the reject - it doesn't like
something the server is sending it. Clock sync - is the 2.2.0 machine a
different server?
Nope.  Simple yum remove / install.


Beyond that I'm only passing familiar with EAP-SIM, so would be guessing
I'm afraid. I think you might have to do some debugging yourself.
I am not familiar with bisect. So I guess it will take a while (build/test/tag as good or bad).

By the way, I removed that * from the rlm_eap_sim.c (typo fix), and the auth did work, but then RADIUS segfault a bit after.

Another question I have is, do I need more than 3 triplets line with 2.2.0?

--- freeradius-server-2.2.0.orig/src/modules/rlm_eap/libeap/eapsimlib.c 
2012-09-10 15:51:34.000000000 +0400
+++ freeradius-server-2.2.0/src/modules/rlm_eap/libeap/eapsimlib.c      
2012-09-14 11:10:08.000000000 +0400
@@ -321,6 +321,7 @@
        int                     eapsim_attribute;
        unsigned int            eapsim_len;
        int                     es_attribute_count;
+       unsigned int            id_len;
 
        es_attribute_count=0;
 
@@ -366,12 +367,35 @@
                               return 0;
                }
 
+               /* AT_IDENTITY has special format */
+               if (eapsim_attribute == PW_EAP_SIM_IDENTITY) {
+                       if (eapsim_len < 4) {
+                               radlog(L_ERR, "eap: EAP-Sim AT_IDENTITY (no.%d) 
has length too small",
+                                       es_attribute_count);
+                               goto loop_end;
+                       }
+                       id_len = (attr[2] << 8) + attr[3];
+                       if (4 + id_len > eapsim_len) {
+                               radlog(L_ERR, "eap: EAP-Sim AT_IDENTITY (no.%d) 
invalid length",
+                                       es_attribute_count);
+                               goto loop_end;
+                       }
+               }
+
                newvp = paircreate(eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, 
PW_TYPE_OCTETS);
-               memcpy(newvp->vp_strvalue, &attr[2], eapsim_len-2);
-               newvp->length = eapsim_len-2;
+               switch (eapsim_attribute) {
+               case PW_EAP_SIM_IDENTITY:
+                       memcpy(newvp->vp_strvalue, &attr[4], id_len);
+                       newvp->length = id_len;
+                       break;
+               default:
+                       memcpy(newvp->vp_strvalue, &attr[2], eapsim_len-2);
+                       newvp->length = eapsim_len-2;
+               }
                pairadd(&(r->vps), newvp);
                newvp = NULL;
 
+       loop_end:
                /* advance pointers, decrement length */
                attr += eapsim_len;
                attrlen  -= eapsim_len;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to