[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: [PATCH] log escaped identities when they dont match
From: Phil Mayers <p.mayers () imperial ! ac ! uk>
Date: 2008-07-30 16:25:06
Message-ID: aea625acf240518cfbb0cddffc24d75622a75c31.1217434823.git.p.mayer
[Download RAW message or body]
A more complex version replacing the previous version; this logs the
escaped username, possibly useful if it contains various binary nonsense
etc.
---
src/modules/rlm_eap/eap.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index e947844..6e2367e 100644
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -953,6 +953,8 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
**eap_packet_p, eap_packet_t *eap_packet = *eap_packet_p;
VALUE_PAIR *vp;
+ char ident_safe[MAX_STRING_LEN+1], username_safe[MAX_STRING_LEN+1];
+
/*
* Ensure it's a valid EAP-Request, or EAP-Response.
*/
@@ -1025,7 +1027,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
**eap_packet_p,
*/
if (strncmp(handler->identity, vp->vp_strvalue,
MAX_STRING_LEN) != 0) {
- radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s. Authentication failed.", handler->identity, vp->vp_strvalue); + \
librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, \
MAX_STRING_LEN); + librad_safeprint(vp->vp_strvalue, \
strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN); +
+ radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s. Authentication failed.", ident_safe, username_safe); \
free(*eap_packet_p);
*eap_packet_p = NULL;
return NULL;
@@ -1081,7 +1086,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
**eap_packet_p,
*/
if (strncmp(handler->identity, vp->vp_strvalue,
MAX_STRING_LEN) != 0) {
- radlog(L_ERR, "rlm_eap: Identity does not match \
User-Name, setting from EAP Identity."); + \
librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, \
MAX_STRING_LEN); + librad_safeprint(vp->vp_strvalue, \
strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN); +
+ radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s. Authentication failed.", ident_safe, username_safe); \
free(*eap_packet_p);
*eap_packet_p = NULL;
eap_handler_free(handler);
--
1.5.4.1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic