On Fri, Sep 6, 2013 at 3:57 PM, Stefan Winter <stefan.win...@restena.lu> wrote:
>> So I ask: is there any way to backport the fix to 2.2.x branch? I
>> don't know C very well but if it's not so hard, I might try talking to
>> people who knows how to code and create a unnoficial patch. I saw that
>> the base64 is now using a brave new approach on 3.0.
>
> You should read the (entire!) thread on -devel titled
>
> "2.x.x (and earier?): yet another decoding SSHA issue"
>
> during which at some point the 2.x.x branch code got fixes for the bulk
> of the issue. This will be in 2.2.1; but you can safely grab current
> branch, it's running stable on my production systems for a long time now.

That's nice to hear! Thanks! I just tested the 2.x.x branch and it's
working for me.

> The fix still needs config changes with a bit of a hackish workaround -
> read the thread til the end to get all the goodness.

I tested some of the hashes that were giving me trouble and they all
worked with the current branch version. I also read all the thread,
and some things were not so clear for me (sorry for the "noobiness").
Could you explain your final configuration state?

I saw the unlang:

update reply {
      SSHA1-Password := "0x%{base64tohex: %{control:RESTENA-SSHA1-Password1}}"
}

And the SQL syntax:

SELECT id, username, 'RESTENA-SSHA1-Password', value, op FROM
check_smtp_ssha1 WHERE username='%{SQL-User-Name}

Is these configurations obligatory? I'm using the standard radcheck
table (id,username,attribute,op,value) and query that comes with
freeradius. From what I understood, I need to create a VSA, assign my
SSHA1-Password attribute to it and convert it to hex format using the
unlang and xlat?

Without these extra configuration, the messages from authorization are now:

[pap] login attempt with password "senhasecreta"
[pap] Using SSHA encryption.
[pap] User authenticated successfully
++[pap] = ok

So the "Normalizing error" and segmentation fault isn't happening anymore.

Thanks!

[]'s
Hugo
www.devin.com.br
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to