Project

General

Profile

Actions

Bug #2377

closed

Captive portal fails on empty RADIUS password

Added by Michael Newton over 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
04/16/2012
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

An empty password is not sent to the RADIUS server for verification, it just produces an error. PHP code is checking for a password value, when it means to check if the field was sent. The attached patch will fix things up; also fixed some whitespace problems in the vicinity.


Files

pfsense_radius_empty_password.diff (1.33 KB) pfsense_radius_empty_password.diff Michael Newton, 04/16/2012 08:07 PM
Actions #1

Updated by Michael Newton over 9 years ago

Sorry, should be under category "Captive Portal" but I can't make that change now.

Actions #2

Updated by Chris Buechler over 9 years ago

  • Category set to Captive Portal
  • Target version set to 2.1
  • Affected Version set to 2.1
Actions #3

Updated by Ermal Luçi over 9 years ago

Why do you need an empty pass?

Actions #4

Updated by Michael Newton about 9 years ago

When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.

Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"

Actions #5

Updated by Michael Newton almost 9 years ago

No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...

Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.

Actions #6

Updated by Cyrill B almost 9 years ago

Do you still have a copy of your patch? The attached file produces a 404 here.

I recently submitted a pull request [1] that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.

[1] https://github.com/bsdperimeter/pfsense/pull/320

Actions #7

Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback

Merged the pull request.

Actions #8

Updated by Michael Newton almost 9 years ago

That pull request was not for this issue. Please see https://github.com/bsdperimeter/pfsense/pull/357 for the patch allowing an empty password on the captive portal to be passed to RADIUS. Thanks.

Actions #9

Updated by Renato Botelho almost 9 years ago

Pull request 357 was merged.

Actions #10

Updated by Renato Botelho almost 9 years ago

  • % Done changed from 0 to 100
Actions #11

Updated by Renato Botelho over 8 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF