Hi, the proposed patch doesn't work on solaris 10 & RSA Authentication Manager 7.1: "Bus Error" and core-dump when the Access-Challenge is received.
The following patch works (gcc 3.4.3): --- pam_radius_auth.c.orig Tue Oct 28 13:07:22 2008 +++ pam_radius_auth.c Wed Oct 29 15:11:20 2008 @@ -1188,8 +1188,9 @@ * challenges as we receive. */ while (response->code == PW_ACCESS_CHALLENGE) { - attribute_t *a_state, *a_reply; + attribute_t *a_state, *a_reply, *a_prompt; char challenge[BUFFER_SIZE]; + int prompt; /* Now we do a bit more work: challenge the user, and get a response */ if (((a_state = find_attribute(response, PW_STATE)) == NULL) || @@ -1212,8 +1213,18 @@ memcpy(challenge, a_reply->data, a_reply->length - 2); challenge[a_reply->length - 2] = 0; + prompt = PAM_PROMPT_ECHO_ON; + if((a_prompt = find_attribute(response, PW_PROMPT)) != NULL){ + uint32_t prompt_val_net = 0; + uint32_t prompt_val = 0; + memcpy((void *)&prompt_val_net, (void *) a_prompt->data, sizeof(uint32_t)); + prompt_val = ntohl(prompt_val_net); + DPRINT(LOG_DEBUG, "Got Prompt=%d",prompt_val); + if(!prompt_val) prompt=PAM_PROMPT_ECHO_OFF; + } + /* It's full challenge-response, we should have echo on */ - retval = rad_converse(pamh, PAM_PROMPT_ECHO_ON, challenge, &resp2challenge); + retval = rad_converse(pamh, prompt, challenge, &resp2challenge); /* now that we've got a response, build a new radius packet */ build_radius_packet(request, user, resp2challenge, &config); --- radius.h.orig Tue Oct 28 13:07:29 2008 +++ radius.h Tue Oct 28 13:12:36 2008 @@ -123,7 +123,7 @@ #define PW_NAS_PORT_TYPE 61 /* integer */ #define PW_PORT_LIMIT 62 /* integer */ #define PW_LOGIN_LAT_PORT 63 /* string */ -#define PW_PROMPT 64 /* integer */ +#define PW_PROMPT 76 /* integer */ /* * INTEGER TRANSLATIONS Regards, Cesare --- Mer 22/10/08, Alan DeKok <[EMAIL PROTECTED]> ha scritto: > Da: Alan DeKok <[EMAIL PROTECTED]> > Oggetto: Re: PAM radius module and "Prompt" attribute. > A: [EMAIL PROTECTED], "FreeRadius users mailing list" > <freeradius-users@lists.freeradius.org> > Data: Mercoledì 22 ottobre 2008, 18:40 > [EMAIL PROTECTED] wrote: > > All is working well, but I found a problem when the > PAM module receives an Access-Challenge. > > > > Here is the problem: even if the RADIUS server sends a > Prompt="No Echo" attribute, my PAM conversation > function receives a PAM_PROMPT_ECHO_ON msg_style instead of > a PAM_PROMPT_ECHO_OFF. > > See: http://bugs.freeradius.org/show_bug.cgi?id=609 > > > As far as I know the Prompt attribute is not mandatory > for RFC 2865 compliance, in fact this attribute is specified > into RFC 2869 - Radius Extensions. > > > > The question is: will the Prompt attribute be > supported in a future release of the PAM service module? > > Possibly, yes. > > Alan DeKok. Unisciti alla community di Io fotografo e video, il nuovo corso di fotografia di Gazzetta dello sport: http://www.flickr.com/groups/iofotografoevideo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html