Problem with WISPr in release 1.0.13
Rodrigo Martínez
rmartinez at tilsor.com.uy
Tue May 12 20:50:47 UTC 2009
David,
thanks for the quick response and for committing the changes to the
svn.
In our solution the smart clients use usernames and passwords that
are 40 bytes long. When we try to login using these password,
CoovaChilli send to RADIUS the password truncated to 16 bytes. We just
found this problem and we are looking for a solution in the code, any
advice would be very helpful.
Rodrigo
wlanmac wrote:
> Thanks... I committed a similar fix to svn - the difference being an
> option addedd to bstring_buildurl() for what kind of ampersand to use
> "&" vs. "%amp;".
>
> David
>
> On Tue, 2009-05-12 at 16:46 -0300, Rodrigo Martínez wrote:
>
>> Hello,
>> We are using CoovaChilli release 1.0.13 in a solution for access
>> control system. We have smart clients that authenticate using WISPr
>> protocol to communicate with the CoovaChilli. We start using
>> CoovaChilli release 1.0.12, with this version the WISPr communication
>> worked fine, but when we update to release 1.0.13 the client stop
>> connecting.
>>
>> Analyzing the problem we found that in the new release, when the
>> redirect message is send (302 page was moved), the WISPr message had
>> two tags with the LoginURL. One of the tags had the same value as in
>> release 1.0.12 and the second one has some differences. The main
>> problem of the second tag is that the "&" it is not scaped, so when we
>> check syntax against the xsd, it always fail. Looking around in the
>> code, we found the piece of code that was generating the WISPr message
>> and we modify it to match the WISPr standard. Attached in the mail we
>> are sending the file with the patch that contains the modifications in
>> the redir.c file. We hope this can help developers to fix this problem
>> in next releases.
>>
>> Thanks in advance
>>
>> Regards,
>> Rodrigo
>>
>> --
>>
>> ______________________________________________________________________
>>
>>
>> Ing. Rodrigo Martínez
>> Consultor
>> Consultoría & Desarrollo
>>
>>
>>
>>
>>
>> Tilsor S.A
>> Pza.
>> Independencia 822
>> Piso 4
>> C.P. 11100 -
>> Montevideo
>> Uruguay
>> Tel Fax: (598 2)
>> 9039313
>> www.tilsor.com.uy
>>
>>
>> plain text document attachment (chilli-wisprLoginURL.patch)
>> Index: redir.c
>> ===================================================================
>> --- redir.c (revision 199)
>> +++ redir.c (working copy)
>> @@ -221,12 +221,12 @@
>> bstring bt = bfromcstr("");
>> bstring bt2 = bfromcstr("");
>>
>> - bassignformat(str, "%s%cres=%s&uamip=%s&uamport=%d",
>> + bassignformat(str, "%s%cres=%s&uamip=%s&uamport=%d",
>> redir_url, strchr(redir_url, '?') ? '&' : '?',
>> resp, inet_ntoa(redir->addr), redir->port);
>>
>> if (hexchal) {
>> - bassignformat(bt, "&challenge=%s", hexchal);
>> + bassignformat(bt, "&challenge=%s", hexchal);
>> bconcat(str, bt);
>> bassigncstr(bt,"");
>> }
>> @@ -239,37 +239,37 @@
>>
>> sessiontime = timenow - starttime;
>>
>> - bassignformat(bt, "&starttime=%ld", starttime);
>> + bassignformat(bt, "&starttime=%ld", starttime);
>> bconcat(str, bt);
>> - bassignformat(bt, "&sessiontime=%ld", sessiontime);
>> + bassignformat(bt, "&sessiontime=%ld", sessiontime);
>> bconcat(str, bt);
>> }
>>
>> if (conn->s_params.sessiontimeout) {
>> - bassignformat(bt, "&sessiontimeout=%ld", conn->s_params.sessiontimeout);
>> + bassignformat(bt, "&sessiontimeout=%ld", conn->s_params.sessiontimeout);
>> bconcat(str, bt);
>> }
>>
>> if (conn->s_params.sessionterminatetime) {
>> - bassignformat(bt, "&stoptime=%ld", conn->s_params.sessionterminatetime);
>> + bassignformat(bt, "&stoptime=%ld", conn->s_params.sessionterminatetime);
>> bconcat(str, bt);
>> }
>> }
>>
>> if (uid) {
>> - bcatcstr(str, "&uid=");
>> + bcatcstr(str, "&uid=");
>> bassigncstr(bt, uid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (timeleft) {
>> - bassignformat(bt, "&timeleft=%ld", timeleft);
>> + bassignformat(bt, "&timeleft=%ld", timeleft);
>> bconcat(str, bt);
>> }
>>
>> if (hismac) {
>> - bcatcstr(str, "&mac=");
>> + bcatcstr(str, "&mac=");
>> bassignformat(bt, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
>> hismac[0], hismac[1],
>> hismac[2], hismac[3],
>> @@ -279,54 +279,54 @@
>> }
>>
>> if (hisip) {
>> - bassignformat(bt, "&ip=%s", inet_ntoa(*hisip));
>> + bassignformat(bt, "&ip=%s", inet_ntoa(*hisip));
>> bconcat(str, bt);
>> }
>>
>> if (reply) {
>> - bcatcstr(str, "&reply=");
>> + bcatcstr(str, "&reply=");
>> bassigncstr(bt, reply);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->ssid) {
>> - bcatcstr(str, "&ssid=");
>> + bcatcstr(str, "&ssid=");
>> bassigncstr(bt, redir->ssid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->nasmac) {
>> - bcatcstr(str, "&called=");
>> + bcatcstr(str, "&called=");
>> bassigncstr(bt, redir->nasmac);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->radiusnasid) {
>> - bcatcstr(str, "&nasid=");
>> + bcatcstr(str, "&nasid=");
>> bassigncstr(bt, redir->radiusnasid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (conn->lang[0]) {
>> - bcatcstr(str, "&lang=");
>> + bcatcstr(str, "&lang=");
>> bassigncstr(bt, conn->lang);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redirurl) {
>> - bcatcstr(str, "&redirurl=");
>> + bcatcstr(str, "&redirurl=");
>> bassigncstr(bt, redirurl);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (userurl) {
>> - bcatcstr(str, "&userurl=");
>> + bcatcstr(str, "&userurl=");
>> bassigncstr(bt, userurl);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> @@ -347,7 +347,7 @@
>> for (i=0; i<16; i++)
>> sprintf(hex+strlen(hex), "%.2X", cksum[i]);
>>
>> - bcatcstr(str, "&md=");
>> + bcatcstr(str, "&md=");
>> bcatcstr(str, hex);
>> }
>>
>> @@ -478,12 +478,14 @@
>> bconcat(b, bt);
>>
>> bcatcstr(b, "</LoginURL>\r\n");
>> -
>> +
>> +/*
>> bassignformat(bt, "<LoginURL>%s%cres=smartclient&uamip=%s&uamport=%d&challenge=%s</LoginURL>\r\n",
>> options.wisprlogin ? options.wisprlogin : redir->url,
>> strchr(options.wisprlogin ? options.wisprlogin : redir->url, '?') ? '&' : '?',
>> inet_ntoa(redir->addr), redir->port, hexchal);
>> bconcat(b, bt);
>> +*/
>>
>> bassignformat(bt, "<AbortLoginURL>http://%s:%d/abort</AbortLoginURL>\r\n",
>> inet_ntoa(redir->addr), redir->port);
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>> For additional commands, e-mail: chilli-help at coova.org
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
--
------------------------------------------------------------------------
Ing. Rodrigo Martínez
Consultor
Consultoría & Desarrollo
Tilsor S.A
Pza. Independencia 822 Piso 4
C.P. 11100 - Montevideo Uruguay
Tel Fax: (598 2) 9039313
www.tilsor.com.uy <http://www.tilsor.com.uy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090512/c3cda744/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tilsor_logo_nuevo.jpg
Type: image/jpeg
Size: 17463 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090512/c3cda744/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tilsor_logo_nuevo.gif
Type: image/gif
Size: 2119 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090512/c3cda744/attachment.gif>
More information about the Chilli
mailing list