allow for password longer than 128 characters

and update aruba dictionary for encrypted attribute

Manual port of commit 12a2cf4a6f8

diff --git a/share/dictionary/radius/dictionary.aruba b/share/dictionary/radius/dictionary.aruba
index 55132f3d27589ac1d39e7809f2f371627e2dd81d..3207f8f0a43553cce370693581508d36ff8e40a1 100644 (file)
--- a/share/dictionary/radius/dictionary.aruba
+++ b/share/dictionary/radius/dictionary.aruba
@@ -84,7 +84,7 @@ ATTRIBUTE     Device-Traffic-Class                    63      integer
 
 ATTRIBUTE      PVLAN-Port-Type                         64      integer
 ATTRIBUTE      Network-Test                            65      integer
-ATTRIBUTE      MPSK-Lookup-Info                        66      string
+ATTRIBUTE      MPSK-Lookup-Info                        66      string encrypt=1
 ATTRIBUTE      AVPair                                  67      string
 ATTRIBUTE      DPP-Service-Type                        68      integer
 

diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c
index 5008caf50662ed92fc6f7b5bb04f227e92563b5b..fc138fae3d4651c99b274a5c84461196854627be 100644 (file)
--- a/src/protocols/radius/decode.c
+++ b/src/protocols/radius/decode.c
@@ -204,11 +204,10 @@ ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret
        size_t          n, secretlen;
 
        /*
-        *      The RFC's say that the maximum is 128.
-        *      The buffer we're putting it into above is 254, so
-        *      we don't need to do any length checking.
+        *      The RFC's say that the maximum is 128, but where we
+        *      come from, we don't need limits.
         */
-       if (pwlen > 128) pwlen = 128;
+       if (pwlen > RADIUS_MAX_PASS_LENGTH) pwlen = RADIUS_MAX_PASS_LENGTH;
 
        /*
         *      Catch idiots.

diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h
index 5b100eab8b6c049c8398a831604775b074ddd3c7..47e14a9ee91c317192d5cde6aecd9de5b95756ae 100644 (file)
--- a/src/protocols/radius/radius.h
+++ b/src/protocols/radius/radius.h
@@ -35,7 +35,7 @@
 #define RADIUS_MAX_TUNNEL_PASSWORD_LENGTH      249
 #define RADIUS_AUTH_VECTOR_LENGTH              16
 #define RADIUS_MESSAGE_AUTHENTICATOR_LENGTH    16
-#define RADIUS_MAX_PASS_LENGTH                 128
+#define RADIUS_MAX_PASS_LENGTH                 256
 #define RADIUS_MAX_ATTRIBUTES                  255
 #define RADIUS_MAX_PACKET_SIZE                 4096
 

diff --git a/src/tests/unit/protocols/radius/vendor.txt b/src/tests/unit/protocols/radius/vendor.txt
index 3eeca1ee29ddc4e5121506ec67fdb6f61aaeb0c2..12af217c8356a480278487f0ccabe39b913ccc65 100644 (file)
--- a/src/tests/unit/protocols/radius/vendor.txt
+++ b/src/tests/unit/protocols/radius/vendor.txt
@@ -139,5 +139,11 @@ match 1a 0f 00 00 1a 99 01 09 02 07 03 05 ab cd ef
 decode-pair -
 match Vendor-Specific = { raw.6809 = { raw.1 = { raw.2 = { raw.3 = 0xabcdef } } } }
 
+encode-pair Aruba.MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxy"
+match 1a d8 00 00 39 e7 42 d2 ee 96 71 b2 0c 85 02 62 68 3e 7f 5c 78 6c fa f3 a9 c4 a5 ff 9a be 21 a2 d3 49 0a 21 4a 52 31 f5 d2 bc 00 94 49 bb 4b 04 e9 1b 95 45 00 04 f5 b7 38 65 58 f5 bf bc bd 25 7b b5 1d f6 6a 3b 01 b6 65 a1 33 4c 02 e6 1d e2 55 b9 88 45 30 2e 44 cb 67 69 b1 5c c1 ff ba 5c 56 95 f8 25 95 49 87 20 dd 43 5c f2 3b ae 37 e6 fa 32 01 46 2a 64 8f bb ac 3a bc 9c 64 a8 5e d6 27 da 3a d7 05 a4 0b bb 56 f8 ce 73 39 96 fa 69 8f 32 90 13 5e c2 bb 38 47 a8 31 51 b9 99 61 b1 ee 09 d7 b8 88 b8 3b 33 40 6e 5f 70 e1 0d 16 45 5c 63 91 0d 20 40 14 57 48 1a c1 c8 79 75 7b 47 23 af 25 b7 d9 92 71 a4 ee 09 4b f8 5e 83 2d 3b 8c 8a 98 b2 a7 97 44 7f
+
+decode-pair -
+match  Vendor-Specific = { Aruba = { MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxy" } }
+
 count
-match 66
+match 70