'[PATCH] log escaped identities when they dont match'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    [PATCH] log escaped identities when they dont match
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2008-07-30 16:25:06
Message-ID: aea625acf240518cfbb0cddffc24d75622a75c31.1217434823.git.p.mayer
[Download RAW message or body]

A more complex version replacing the previous version; this logs the 
escaped username, possibly useful if it contains various binary nonsense 
etc.

---
  src/modules/rlm_eap/eap.c |   12 ++++++++++--
  1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index e947844..6e2367e 100644
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -953,6 +953,8 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
**eap_packet_p,  eap_packet_t	*eap_packet = *eap_packet_p;
  	VALUE_PAIR	*vp;
  
+	char		ident_safe[MAX_STRING_LEN+1], username_safe[MAX_STRING_LEN+1];
+
  	/*
  	 *	Ensure it's a valid EAP-Request, or EAP-Response.
  	 */
@@ -1025,7 +1027,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
                **eap_packet_p,
  			*/
                         if (strncmp(handler->identity, vp->vp_strvalue,
  				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s.  Authentication failed.", handler->identity, vp->vp_strvalue); +        \
librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, \
MAX_STRING_LEN); +                               librad_safeprint(vp->vp_strvalue, \
strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN); +
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s.  Authentication failed.", ident_safe, username_safe);  \
                free(*eap_packet_p);
                                 *eap_packet_p = NULL;
                                 return NULL;
@@ -1081,7 +1086,10 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t \
                **eap_packet_p,
  			*/
                         if (strncmp(handler->identity, vp->vp_strvalue,
  				   MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity does not match \
User-Name, setting from EAP Identity."); +                               \
librad_safeprint(handler->identity, strlen(handler->identity), ident_safe, \
MAX_STRING_LEN); +                               librad_safeprint(vp->vp_strvalue, \
strlen(vp->vp_strvalue), username_safe, MAX_STRING_LEN); +
+                               radlog(L_ERR, "rlm_eap: Identity %s does not match \
User-Name %s.  Authentication failed.", ident_safe, username_safe);  \
                free(*eap_packet_p);
                                 *eap_packet_p = NULL;
                                 eap_handler_free(handler);
-- 
1.5.4.1

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic