Hello all,
The patch for this problem is now available in the Radiator 3.5 patches area.
Cheers.
On Tue, 21 Jan 2003 02:48, Mike McCauley wrote:
-- Forwarded Message --
Subject: Re: (RADIATOR) Problems with Colubris CN3000
Date: Fri, 17 Jan 2003 19:06:56 -0500
From: Mike McCauley [EMAIL PROTECTED]
To: Hugh Irvine [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: 'engineering' [EMAIL PROTECTED], [EMAIL PROTECTED]
Hello all,
Vincents patch is exactly the right answer.
We will post a patch in about 2 days.
Cheers.
On Thu, 16 Jan 2003 19:36, Hugh Irvine wrote:
Hello Vincent -
Many thanks for the patch. This is indeed a bug.
Mike will have a patch up on the web site in the next day or so (we
will post a message to the list).
thanks again
regards
Hugh
On Friday, Jan 17, 2003, at 11:29 Australia/Melbourne, Vincent Hua
wrote:
Hi, there,
I'm assuming all of you are using EAP-MD5 for authentication. We
identified
the same problem with 3.5. 3.3.1 didn't have the issue. Upon checking
out
the source code, there was problems with the EAP_4.pm source code.
Maybe the
programming team can tell us whether this is a blind spot in the
design or a
failure in architect ?
I have the fix here for your reference here. Other auth methods seem
to be
fine.
Good luck!
==
Vincent Hua
Vice President Operations
Power2Roam Technologies Inc.
ISG InfoTech Systems Group Inc.
13988 Cambie Road, Suite 313 (2/F)
Richmond, BC, V6V 2K4
V: +1 (604) 303 6881 ext. 101
F: +1 (604) 303 6854
W:www.Power2Roam.com www.ISGGroup.com
ICQ: 196980 http://wwp.icq.com/196980
===
# EAP_4.pm
#
# Module for handling Authentication via EAP type 4 (MD5-Challenge) #
# See
RFCs 2869 2284 1994 # # Author: Mike McCauley ([EMAIL PROTECTED]) #
Copyright (C) 2001 Open System Consultants # $Id: EAP_4.pm,v 1.9
2002/11/07
04:10:47 mikem Exp $
package Radius::EAP_4;
use strict;
#
# request
# Called by EAP.pm when a request is received for this protocol type
sub
request {
my ($classname, $self, $context, $p, $data) = @_;
return ($main::ACCEPT);
}
#
# Called by EAP.pm when an EAP Response/Identity is received sub
response_identity {
my ($classname, $self, $context, $p) = @_;
$context-{md5_challenge} = Radius::Util::random_string(16);
my $message = pack('C a16 a*',
16, # MD5 challenge length
$context-{md5_challenge},
$main::hostname);
$self-eap_request($p-{rp}, $context,
$Radius::EAP::EAP_TYPE_MD5_CHALLENGE, $message);
return ($main::CHALLENGE, 'EAP MD5-Challenge');
}
#
# Called by EAP.pm when an EAP Response (other than Identity)
# is received
# $id is the id of the received EAP response
sub response
{
my ($classname, $self, $context, $p, $type, $typedata) = @_;
# This should be a response to a challenge
# we sent previously. The challenge is cached
# in the challenges array, indexed by
# challenge_id. The response should be the MD5 hash
# the challenge_id, the password, the challenge
my ($length, $response, $username) = unpack('C a16 a*', $typedata);
# OK, now we need the user details to check the password
my ($user, $result, $reason) =
$self-get_user($context-{identity},
$p);
if ($user $result == $main::ACCEPT)
{
my $correct_password = $user-get_check-get_attr('User-Password')
|| $user-get_check-get_attr('Password') ;
my $correct_response = Digest::MD5::md5
(chr($context-{this_id}) .
$correct_password . $context-{md5_challenge});
if ($correct_response eq $response)
{
$self-eap_success($p-{rp}, $context);
# add extra reply attributes for user == NEXT
LINE IS THE LINE THAT'S MISSING WHICH CAUSES PROBLEM!
$self-authoriseUser($user, $p);
$self-adjustReply($p);
return ($main::ACCEPT);
}
}
$self-eap_failure($p-{rp}, $context);
return ($main::REJECT, 'EAP MD5-Challenge failed');
}
1;
=
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of engineering
Sent: January 16, 2003 12:50 PM
To: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Problems with Colubris CN3000
Denis,
We are encountering a very similar (if not the same) problem. We are
also
testing with a Colubris