From: Phil Mayers <p.mayers@imperial.ac.uk>
Date: Tue, 19 Apr 2011 14:20:46 +0000 (+0100)
Subject: save the new challenge in MS-CHAP-Error, to allow authentication retries to succeed
X-Git-Tag: release_3_0_0_beta0~838
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6878fcf4833655097c11a347371f55c146e066ca;p=thirdparty%2Ffreeradius-server.git

save the new challenge in MS-CHAP-Error, to allow authentication retries to succeed
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
index 14bf14199e7..a258efc0c2b 100644
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -674,8 +674,28 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 		data->code = PW_EAP_MSCHAPV2_SUCCESS;
 
 	} else if (inst->send_error) {
-	  pairmove2(&response, &handler->request->reply->vps,
-		    PW_MSCHAP_ERROR, 0);
+		pairmove2(&response, &handler->request->reply->vps,
+			  PW_MSCHAP_ERROR, 0);
+		if (response) {
+			int n,err,retry;
+			char buf[34];
+
+			DEBUG2("  MSCHAP-Error: %s", response->vp_strvalue);
+
+			/*
+			 *	Pxarse the new challenge out of the
+			 *	MS-CHAP-Error, so that if the client
+			 *	issues a re-try, we will know which
+			 *	challenge value that they used.
+			 */
+			n = sscanf(response->vp_strvalue, "%*cE=%d R=%d C=%32s", &err, &retry, &buf);
+			if (n == 3) {
+				DEBUG2("  Found new challenge from MS-CHAP-Error: err=%d retry=%d challenge=%s", err, retry, buf);
+				fr_hex2bin(buf, data->challenge, 16);
+			} else {
+				DEBUG2("  Could not parse new challenge from MS-CHAP-Error: %d", n);
+			}
+		}
 		data->code = PW_EAP_MSCHAPV2_FAILURE;
 	} else {
 		eap_ds->request->code = PW_EAP_FAILURE;