]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc5fcfa)
allow for password longer than 128 characters
authorAlan T. DeKok <aland@freeradius.org>
Sat, 18 Nov 2023 13:57:55 +0000 (08:57 -0500)
committerAlan T. DeKok <aland@freeradius.org>
Sat, 18 Nov 2023 13:57:55 +0000 (08:57 -0500)
and update aruba dictionary for encrypted attribute

share/dictionary.aruba patch | blob | blame | history
src/lib/radius.c patch | blob | blame | history
src/tests/unit/vendor.txt patch | blob | blame | history

diff --git a/share/dictionary.aruba b/share/dictionary.aruba
index c2373ed64e2266eaee8f8611f3b0d4da1afc4710..26bd82a50f15e7aeee1b3545ccaa8c1256ab19b0 100644 (file)
--- a/share/dictionary.aruba
+++ b/share/dictionary.aruba
@@ -82,7 +82,7 @@ ATTRIBUTE     Aruba-Device-Traffic-Class              63      integer
 
 ATTRIBUTE      Aruba-PVLAN-Port-Type                   64      integer
 ATTRIBUTE      Aruba-Network-Test                      65      integer
-ATTRIBUTE      Aruba-MPSK-Lookup-Info                  66      string
+ATTRIBUTE      Aruba-MPSK-Lookup-Info                  66      string encrypt=1
 ATTRIBUTE      Aruba-AVPair                            67      string
 ATTRIBUTE      Aruba-DPP-Service-Type                  68      integer
 
diff --git a/src/lib/radius.c b/src/lib/radius.c
index 6aec0f042333a3980d9a215435b1baf382651086..7ff5bd1406c691b8008fb28b4ddddf4403ad34f4 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -536,7 +536,7 @@ static void make_secret(uint8_t *digest, uint8_t const *vector,
        fr_md5_destroy(&context);
 }
 
-#define MAX_PASS_LEN (128)
+#define MAX_PASS_LEN (256)
 static void make_passwd(uint8_t *output, ssize_t *outlen,
                        uint8_t const *input, size_t inlen,
                        char const *secret, uint8_t const *vector)
@@ -3938,7 +3938,7 @@ ssize_t data2vp(TALLOC_CTX *ctx,
        VALUE_PAIR *vp;
        uint8_t const *data = start;
        char *p;
-       uint8_t buffer[256];
+       uint8_t buffer[MAX_PASS_LEN];
 
        /*
         *      FIXME: Attrlen can be larger than 253 for extended attrs!
@@ -4054,7 +4054,7 @@ ssize_t data2vp(TALLOC_CTX *ctx,
                                             attrlen, secret,
                                             packet->vector);
                        }
-                       buffer[253] = '\0';
+                       buffer[attrlen] = '\0';
 
                        /*
                         *      MS-CHAP-MPPE-Keys are 24 octets, and
@@ -4761,7 +4761,7 @@ int rad_pwencode(char *passwd, size_t *pwlen, char const *secret,
         */
        len = *pwlen;
 
-       if (len > 128) len = 128;
+       if (len > MAX_STRING_LEN) len = MAX_STRING_LEN;
 
        if (len == 0) {
                memset(passwd, 0, AUTH_PASS_LEN);
@@ -4820,13 +4820,6 @@ int rad_pwdecode(char *passwd, size_t pwlen, char const *secret,
        int     i;
        size_t  n, secretlen;
 
-       /*
-        *      The RFC's say that the maximum is 128.
-        *      The buffer we're putting it into above is 254, so
-        *      we don't need to do any length checking.
-        */
-       if (pwlen > 128) pwlen = 128;
-
        /*
         *      Catch idiots.
         */
diff --git a/src/tests/unit/vendor.txt b/src/tests/unit/vendor.txt
index 1325f49bd8b0502de6b75ea70b74354d3ed2ee6b..088bd1b551e6bfed17513298683722b700787b38 100644 (file)
--- a/src/tests/unit/vendor.txt
+++ b/src/tests/unit/vendor.txt
@@ -46,3 +46,9 @@ original null
 encode ERX-LI-Action = off
 decode -
 data ERX-LI-Action = off
+
+encode Aruba-MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+data 1a c8 00 00 39 e7 42 c2 c5 6f 16 e5 de 2d 2a 2d d3 0e ac 92 12 c5 97 af 8e 08 f0 92 b4 45 4d 24 5d 73 16 a8 5a cd 78 0a f2 5e 7f e5 e1 fe 95 79 ee 2e 5b 0e ac bf fd 8c 15 da 9c 59 1d 53 5b 76 49 e9 71 4d d7 00 1c 04 65 51 cb 35 66 81 36 0d 25 ab 23 3b 67 5a 30 f8 0d 66 2b bf 97 f5 18 03 34 79 7a 22 11 c1 02 78 94 b0 26 62 13 4a c1 9c 77 6f b8 7c 29 ee 8b 61 14 de 90 b6 94 3f d0 01 00 57 6d 48 2a 59 f3 d4 57 d2 04 af 4e 64 0b 11 31 9e 63 49 f3 fa 61 4d c9 38 88 d1 89 3f 2a 10 d3 8f a0 5d 46 5f 0a b1 2f 9a 70 fa 35 79 c7 a6 68 69 28 98 49 d5 7a 29 9d dc 3d 2f 43 52 f5 12 b3 bf 61 80 2e 7a 3a 0c
+
+decode -
+data Aruba-MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Mirror of https://github.com/FreeRADIUS/freeradius-server.git