Date: Thu, 17 Feb 2011 10:21:53 GMT From: Yaroslav Verbin <yv@lifelink.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: standards/154842: invalid request authenticator in the second and subsequent acct-packets, generated by libradius Message-ID: <201102171021.p1HALrQp048781@red.freebsd.org> Resent-Message-ID: <201102171030.p1HAUB5N009973@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154842 >Category: standards >Synopsis: invalid request authenticator in the second and subsequent acct-packets, generated by libradius >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-standards >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 17 10:30:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Yaroslav Verbin >Release: 7.3,8.1 >Organization: lifelink >Environment: FreeBSD nas 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: This problem occurs when the software (i used mpd5 from ports), that uses libradius, re-sends the acct-packet. Due to a bug in the library the second and subsequent acct-packets are have corrupted request authenticator and can not be accepted radius server with an error: Received Accounting-Request packet from client x.x.x.x with invalid signature! (Shared secret is incorrect.) Dropping packet without response. >How-To-Repeat: drop first acct-packet. >Fix: --- radlib.c 2010-06-14 02:09:06.000000000 +0000 +++ radlib.c.new 2011-02-16 10:28:11.000000000 +0000 @@ -641,10 +641,6 @@ insert_scrambled_password(h, h->srv); } insert_message_authenticator(h, 0); - if (h->out[POS_CODE] != RAD_ACCESS_REQUEST) { - /* Insert the request authenticator into the request */ - insert_request_authenticator(h, h->srv); - } /* Send the request */ n = sendto(h->fd, h->out, h->out_len, 0, @@ -910,6 +906,10 @@ } h->try = h->srv = 0; + if (h->out[POS_CODE] != RAD_ACCESS_REQUEST) { + /* Insert the request authenticator into the request */ + insert_request_authenticator(h, h->srv); + } return rad_continue_send_request(h, 0, fd, tv); } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102171021.p1HALrQp048781>