Hello community, here is the log from the commit of package freeradius checked in at Wed Mar 29 00:11:01 CEST 2006. -------- --- /work/SRC/all/freeradius/freeradius.changes 2006-03-27 14:32:15.000000000 +0200 +++ /work/src/done/STABLE/freeradius/freeradius.changes 2006-03-28 21:04:23.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de + +- fixed an error on x86_64 machines when reading dictionaries + (#161503) +- make "use_tunneled_reply" work properly for PEAP + +------------------------------------------------------------------- New: ---- dict.patch peap.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius.spec ++++++ --- /var/tmp/diff_new_pack.WWusJJ/_old 2006-03-29 00:07:57.000000000 +0200 +++ /var/tmp/diff_new_pack.WWusJJ/_new 2006-03-29 00:07:57.000000000 +0200 @@ -16,7 +16,7 @@ Provides: radiusd Conflicts: radiusd-livingston radiusd-cistron icradius Version: 1.1.0 -Release: 12 +Release: 13 URL: http://www.freeradius.org/ Summary: Very Highly Configurable Radius Server Source0: %{name}-%{version}.tar.bz2 @@ -31,6 +31,8 @@ Patch3: ltdl.patch Patch4: dialup_admin.patch Patch5: mschapv2.patch +Patch6: dict.patch +Patch7: peap.patch %if %suse_version > 800 PreReq: /usr/sbin/useradd /usr/sbin/groupadd PreReq: %insserv_prereq %fillup_prereq @@ -114,6 +116,8 @@ %patch3 %patch4 %patch5 +%patch6 +%patch7 rm -rf `find . -name CVS` mkdir novell cp -f %{SOURCE3} %{SOURCE4} novell/ @@ -347,6 +351,10 @@ #%attr(644,root,root) /usr/lib/freeradius/*.la %changelog -n freeradius +* Tue Mar 28 2006 - stark@suse.de +- fixed an error on x86_64 machines when reading dictionaries + (#161503) +- make "use_tunneled_reply" work properly for PEAP * Mon Mar 27 2006 - ro@suse.de - also use fPIC on s390* * Thu Mar 23 2006 - stark@suse.de ++++++ dict.patch ++++++ --- src/lib/dict.c +++ src/lib/dict.c @@ -1207,7 +1207,7 @@ if (!name) return NULL; hash = dict_hashname(name); - hash = lrad_hash_update(&attr, sizeof(&attr), hash); + hash = lrad_hash_update(&attr, sizeof(attr), hash); return lrad_hash_table_finddata(values_byname, hash); } ++++++ peap.patch ++++++ Index: rlm_eap_peap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -p -r1.5 -r1.6 --- rlm_eap_peap.c 26 Feb 2004 19:04:31 -0000 1.5 +++ src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c 21 Nov 2004 14:32:14 -0000 1.6 @@ -131,6 +131,7 @@ static void peap_free(void *p) pairfree(&t->username); pairfree(&t->state); + pairfree(&t->accept_vps); free(t); } @@ -251,9 +252,22 @@ static int eappeap_authenticate(void *ar case RLM_MODULE_OK: eaptls_success(handler->eap_ds, 0); + + /* + * Move the saved VP's from the Access-Accept to + * our Access-Accept. + */ + if (((peap_tunnel_t *) tls_session->opaque)->accept_vps) { + DEBUG2(" Using saved attributes from the original Access-Accept"); + } + pairadd(&handler->request->reply->vps, + ((peap_tunnel_t *) tls_session->opaque)->accept_vps); + ((peap_tunnel_t *) tls_session->opaque)->accept_vps = NULL; + eaptls_gen_mppe_keys(&handler->request->reply->vps, tls_session->ssl, "client EAP encryption"); + return 1; /* Index: eap_peap.h =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -p -r1.5 -r1.6 --- eap_peap.h 26 Feb 2004 19:04:30 -0000 1.5 +++ src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h 21 Nov 2004 14:32:14 -0000 1.6 @@ -27,7 +27,9 @@ typedef struct peap_tunnel_t { VALUE_PAIR *username; VALUE_PAIR *state; + VALUE_PAIR *accept_vps; int status; + int home_access_accept; int default_eap_type; int copy_request_to_tunnel; int use_tunneled_reply; Index: peap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -p -r1.12 -r1.13 --- peap.c 9 Aug 2004 13:36:33 -0000 1.12 +++ src/modules/rlm_eap/types/rlm_eap_peap/peap.c 21 Nov 2004 14:32:14 -0000 1.13 @@ -290,13 +290,16 @@ static int process_reply(EAP_HANDLER *ha * tunneled user! */ if (t->use_tunneled_reply) { + DEBUG2(" Saving tunneled attributes for later"); + /* * Clean up the tunneled reply. */ pairdelete(&reply->vps, PW_PROXY_STATE); pairdelete(&reply->vps, PW_EAP_MESSAGE); + pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR); - pairadd(&request->reply->vps, reply->vps); + t->accept_vps = reply->vps; reply->vps = NULL; } break; @@ -328,6 +331,26 @@ static int process_reply(EAP_HANDLER *ha pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE); /* + * Handle EAP-MSCHAP-V2, where Access-Accept's + * from the home server may contain MS-CHAP-Success, + * which the module turns into challenges, so that + * the client may respond to the challenge with + * an "ack" packet. + */ + if (t->home_access_accept && t->use_tunneled_reply) { + DEBUG2(" Saving tunneled attributes for later"); + + /* + * Clean up the tunneled reply. + */ + pairdelete(&reply->vps, PW_PROXY_STATE); + pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR); + + t->accept_vps = reply->vps; + reply->vps = NULL; + } + + /* * Handle the ACK, by tunneling any necessary reply * VP's back to the client. */ @@ -374,6 +397,9 @@ static int eappeap_postproxy(EAP_HANDLER if (fake && (handler->request->proxy_reply->code == PW_AUTHENTICATION_ACK)) { VALUE_PAIR *vp; REQUEST *request = handler->request; + peap_tunnel_t *t = tls_session->opaque; + + t->home_access_accept = TRUE; /* * Terrible hacks. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...