Regression #12017
closed
FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
Added by Michele Rento over 3 years ago.
Updated about 3 years ago.
Plus Target Version:
22.01
Release Notes:
Force Exclusion
Affected Architecture:
amd64
Description
[[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken after the upgrade to version 2.6.0.a.20210608.0100
Logging of l2tp service shows:
l2tps 42538 [l2tp_l-1] RADIUS: Authenticating user 'username'
l2tps 42538 [l2tp_l-1] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'username'
l2tps 42538 [l2tp_l-1] RADIUS: PANIC no MS-CHAP2-Success received from server!
l2tps 42538 [l2tp_l-1] AUTH: RADIUS returned error
- Target version set to 2.6.0
- Plus Target Version set to 21.09
I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication through RADIUS succeeded even when L2TP is set to use MSCHAPv2
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: rec'd Configure Ack #2 (Ack-Sent)
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] ACFCOMP
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] PROTOCOMP
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] MRU 1500
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] MAGICNUM 0x<stuff>
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTHPROTO CHAP MSOFTv2
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: state change Ack-Sent --> Opened
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: auth: peer wants nothing, I want CHAP
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: sending CHALLENGE #1 len: 21
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: LayerUp
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: rec'd RESPONSE #1 len: 61
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] Name: "<stuff>"
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTH: Trying RADIUS
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] RADIUS: Authenticating user '<stuff>'
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user '<stuff>'
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTH: RADIUS returned: authenticated
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: Auth return status: authenticated
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: Reply message: S=<stuff>
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: sending SUCCESS #1 len: 46
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: authorization successful
We should still check to be sure the errata patch made it in the tree.
After several attempts I confirm that the bug is on libradius.so.4
I've replaced the library with the patched version and everything works.
- Assignee set to Luiz Souza
- Target version changed from 2.6.0 to 2.5.2
I do see the initial broken commit (83280d17fccff2db7d79c7f38e80ec29078ef35e
) in 2.5.2 as well, so we need to bring in the follow-up commit (6bb5699d2b59491097bc21ffa3c097cdd4853f89
) for RELENG_2_5_2 and devel-12 for 2.6.0.
- Release Notes changed from Default to Force Exclusion
Jim Pingle wrote:
I do see the initial broken commit (83280d17fccff2db7d79c7f38e80ec29078ef35e
) in 2.5.2 as well, so we need to bring in the follow-up commit (6bb5699d2b59491097bc21ffa3c097cdd4853f89
) for RELENG_2_5_2 and devel-12 for 2.6.0.
I've cherry-picked 6bb5699d2b59491097bc21ffa3c097cdd4853f89 to RELENG_2_5_2. It will be brought to devel-12 on next merge from upstream stable/12
- Status changed from New to Feedback
- Status changed from Feedback to Resolved
- Plus Target Version changed from 21.09 to 22.01
Also available in: Atom
PDF