3APA3A <[EMAIL PROTECTED]> wrote:
> The problem is tag 0 is invalid.
Exactly.
> Both rad_tunnel_pwencode and rad_tunnel_pwdecode don't care about tag at
> all.
That's not the point. See 'src/lib/radius.c', function
rad_decode():
...
} else if (pair->flags.encrypt == 2) {
...
pair->flags.tag = 0x00;
ptr++;
pair->length--;
...
So that function EXPECTS the tag to be in the attribute in the
packet.
> They can operate with each over without problem. If it wasn't
> changed since my last fix 2 weeks ago :)
For Tunnel-Password, the RFC says:
Tag
The Tag field is one octet in length and is intended to provide a
means of grouping attributes in the same packet which refer to the
same tunnel. Valid values for this field are 0x01 through 0x1F,
inclusive. If the value of the Tag field is greater than 0x00 and
less than or equal to 0x1F, it SHOULD be interpreted as indicating
which tunnel (of several alternatives) this attribute pertains;
otherwise, the Tag field SHOULD be ignored.
The other attributes which use a tag say:
If the Tag field is greater than 0x1F, it SHOULD be
interpreted as the first byte of the following String field.
To me, this means that for Tunnel-Password, the tag octet MUST be
there, and if it's not a valid tag, it SHOULD be zero.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
