Problem with WISPr in release 1.0.13
Felipe Zipitria
fzipi at fing.edu.uy
Wed May 13 01:38:10 UTC 2009
Thierry,
That macro is never used in any file:
$ grep -Ri RADIUS_PASSWORD_LEN coova-chilli-1.0.13/
coova-chilli-1.0.13/src/limits.h:#define RADIUS_PASSWORD_LEN
16
I think the macros involved in radius encoding are:
#define RADIUS_MD5LEN 16 /* Length of MD5 hash */
#define RADIUS_AUTHLEN 16 /* RFC 2865: Length of
authenticator */
#define RADIUS_PWSIZE 128 /* RFC 2865: Max 128 octets
in password */
In fact, RFC 2865 has the algorithm for encoding the password (and is
made of 16bytes chunks), in section User-Password.
I was looking maybe at the file 'src/radius.c', in function
'radius_pwenconde'.... ¿David?
Felipe.
>
> #define RADIUS_PASSWORD_LEN 16
>
>
>
>
>
> Thierry Museux
>
> ------------------------------------------------------------------------
>
> *De :* Rodrigo Martínez [mailto:rmartinez at tilsor.com.uy]
> *Envoyé :* mardi 12 mai 2009 22:51
> *À :* chilli at coova.org
> *Objet :* Re: Problem with WISPr in release 1.0.13
>
>
>
> David,
> thanks for the quick response and for committing the changes to the
> svn.
>
> In our solution the smart clients use usernames and passwords that
> are 40 bytes long. When we try to login using these password,
> CoovaChilli send to RADIUS the password truncated to 16 bytes. We just
> found this problem and we are looking for a solution in the code, any
> advice would be very helpful.
>
> Rodrigo
>
>
> wlanmac wrote:
>
> Thanks... I committed a similar fix to svn - the difference being an
>
> option addedd to bstring_buildurl() for what kind of ampersand to use
>
> "&" vs. "%amp;".
>
>
>
> David
>
>
>
> On Tue, 2009-05-12 at 16:46 -0300, Rodrigo Martínez wrote:
>
>
>
>> Hello,
>> We are using CoovaChilli release 1.0.13 in a solution for access
>> control system. We have smart clients that authenticate using WISPr
>> protocol to communicate with the CoovaChilli. We start using
>> CoovaChilli release 1.0.12, with this version the WISPr communication
>> worked fine, but when we update to release 1.0.13 the client stop
>> connecting.
>>
>> Analyzing the problem we found that in the new release, when the
>> redirect message is send (302 page was moved), the WISPr message had
>> two tags with the LoginURL. One of the tags had the same value as in
>> release 1.0.12 and the second one has some differences. The main
>> problem of the second tag is that the "&" it is not scaped, so when we
>> check syntax against the xsd, it always fail. Looking around in the
>> code, we found the piece of code that was generating the WISPr message
>> and we modify it to match the WISPr standard. Attached in the mail we
>> are sending the file with the patch that contains the modifications in
>> the redir.c file. We hope this can help developers to fix this problem
>> in next releases.
>>
>> Thanks in advance
>>
>> Regards,
>> Rodrigo
>>
>> --
>>
>> ______________________________________________________________________
>>
>>
>> Ing. Rodrigo Martínez
>> Consultor
>> Consultoría & Desarrollo
>>
>>
>>
>>
>>
>> Tilsor S.A
>> Pza.
>> Independencia 822
>> Piso 4
>> C.P. 11100 -
>> Montevideo
>> Uruguay
>> Tel Fax: (598 2)
>> 9039313
>> www.tilsor.com.uy <http://www.tilsor.com.uy>
>>
>>
>> plain text document attachment (chilli-wisprLoginURL.patch)
>> Index: redir.c
>> ===================================================================
>> --- redir.c (revision 199)
>> +++ redir.c (working copy)
>> @@ -221,12 +221,12 @@
>> bstring bt = bfromcstr("");
>> bstring bt2 = bfromcstr("");
>>
>> - bassignformat(str, "%s%cres=%s&uamip=%s&uamport=%d",
>> + bassignformat(str, "%s%cres=%s&uamip=%s&uamport=%d",
>> redir_url, strchr(redir_url, '?') ? '&' : '?',
>> resp, inet_ntoa(redir->addr), redir->port);
>>
>> if (hexchal) {
>> - bassignformat(bt, "&challenge=%s", hexchal);
>> + bassignformat(bt, "&challenge=%s", hexchal);
>> bconcat(str, bt);
>> bassigncstr(bt,"");
>> }
>> @@ -239,37 +239,37 @@
>>
>> sessiontime = timenow - starttime;
>>
>> - bassignformat(bt, "&starttime=%ld", starttime);
>> + bassignformat(bt, "&starttime=%ld", starttime);
>> bconcat(str, bt);
>> - bassignformat(bt, "&sessiontime=%ld", sessiontime);
>> + bassignformat(bt, "&sessiontime=%ld", sessiontime);
>> bconcat(str, bt);
>> }
>>
>> if (conn->s_params.sessiontimeout) {
>> - bassignformat(bt, "&sessiontimeout=%ld", conn->s_params.sessiontimeout);
>> + bassignformat(bt, "&sessiontimeout=%ld", conn->s_params.sessiontimeout);
>> bconcat(str, bt);
>> }
>>
>> if (conn->s_params.sessionterminatetime) {
>> - bassignformat(bt, "&stoptime=%ld", conn->s_params.sessionterminatetime);
>> + bassignformat(bt, "&stoptime=%ld", conn->s_params.sessionterminatetime);
>> bconcat(str, bt);
>> }
>> }
>>
>> if (uid) {
>> - bcatcstr(str, "&uid=");
>> + bcatcstr(str, "&uid=");
>> bassigncstr(bt, uid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (timeleft) {
>> - bassignformat(bt, "&timeleft=%ld", timeleft);
>> + bassignformat(bt, "&timeleft=%ld", timeleft);
>> bconcat(str, bt);
>> }
>>
>> if (hismac) {
>> - bcatcstr(str, "&mac=");
>> + bcatcstr(str, "&mac=");
>> bassignformat(bt, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
>> hismac[0], hismac[1],
>> hismac[2], hismac[3],
>> @@ -279,54 +279,54 @@
>> }
>>
>> if (hisip) {
>> - bassignformat(bt, "&ip=%s", inet_ntoa(*hisip));
>> + bassignformat(bt, "&ip=%s", inet_ntoa(*hisip));
>> bconcat(str, bt);
>> }
>>
>> if (reply) {
>> - bcatcstr(str, "&reply=");
>> + bcatcstr(str, "&reply=");
>> bassigncstr(bt, reply);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->ssid) {
>> - bcatcstr(str, "&ssid=");
>> + bcatcstr(str, "&ssid=");
>> bassigncstr(bt, redir->ssid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->nasmac) {
>> - bcatcstr(str, "&called=");
>> + bcatcstr(str, "&called=");
>> bassigncstr(bt, redir->nasmac);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redir->radiusnasid) {
>> - bcatcstr(str, "&nasid=");
>> + bcatcstr(str, "&nasid=");
>> bassigncstr(bt, redir->radiusnasid);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (conn->lang[0]) {
>> - bcatcstr(str, "&lang=");
>> + bcatcstr(str, "&lang=");
>> bassigncstr(bt, conn->lang);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (redirurl) {
>> - bcatcstr(str, "&redirurl=");
>> + bcatcstr(str, "&redirurl=");
>> bassigncstr(bt, redirurl);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> }
>>
>> if (userurl) {
>> - bcatcstr(str, "&userurl=");
>> + bcatcstr(str, "&userurl=");
>> bassigncstr(bt, userurl);
>> redir_urlencode(bt, bt2);
>> bconcat(str, bt2);
>> @@ -347,7 +347,7 @@
>> for (i=0; i<16; i++)
>> sprintf(hex+strlen(hex), "%.2X", cksum[i]);
>>
>> - bcatcstr(str, "&md=");
>> + bcatcstr(str, "&md=");
>> bcatcstr(str, hex);
>> }
>>
>> @@ -478,12 +478,14 @@
>> bconcat(b, bt);
>>
>> bcatcstr(b, "</LoginURL>\r\n");
>> -
>> +
>> +/*
>> bassignformat(bt, "<LoginURL>%s%cres=smartclient&uamip=%s&uamport=%d&challenge=%s</LoginURL>\r\n",
>> options.wisprlogin ? options.wisprlogin : redir->url,
>> strchr(options.wisprlogin ? options.wisprlogin : redir->url, '?') ? '&' : '?',
>> inet_ntoa(redir->addr), redir->port, hexchal);
>> bconcat(b, bt);
>> +*/
>>
>> bassignformat(bt, "<AbortLoginURL>http://%s:%d/abort <http://%25s:%25d/abort></AbortLoginURL>\r\n",
>> inet_ntoa(redir->addr), redir->port);
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org <mailto:chilli-unsubscribe at coova.org>
>> For additional commands, e-mail: chilli-help at coova.org <mailto:chilli-help at coova.org>
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
>
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org <mailto:chilli-unsubscribe at coova.org>
>
> For additional commands, e-mail: chilli-help at coova.org <mailto:chilli-help at coova.org>
>
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>
>
>
>
> --
>
> ------------------------------------------------------------------------
>
>
>
>
>
>
> Ing. Rodrigo Martínez
> Consultor
> Consultoría & Desarrollo
>
>
>
>
>
>
>
>
>
>
>
>
>
> Tilsor S.A
> Pza. Independencia 822 Piso 4
> C.P. 11100 - Montevideo Uruguay
> Tel Fax: (598 2) 9039313
> www.tilsor.com.uy <http://www.tilsor.com.uy>
>
>
>
>
>
More information about the Chilli
mailing list