Bug #2377: Captive portal fails on empty RADIUS password - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #2377

closed

Captive portal fails on empty RADIUS password

Added by Michael Newton about 12 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Captive Portal

Target version:

2.1

Start date:

04/16/2012

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.1

Affected Architecture:

Description

An empty password is not sent to the RADIUS server for verification, it just produces an error. PHP code is checking for a password value, when it means to check if the field was sent. The attached patch will fix things up; also fixed some whitespace problems in the vicinity.

Files

pfsense_radius_empty_password.diff (1.33 KB) pfsense_radius_empty_password.diff

Michael Newton, 04/16/2012 08:07 PM

History
Notes
Property changes

Actions

Copy link

Updated by Michael Newton about 12 years ago

Sorry, should be under category "Captive Portal" but I can't make that change now.

Actions

Copy link

Updated by Chris Buechler about 12 years ago

Category set to Captive Portal
Target version set to 2.1
Affected Version set to 2.1

Actions

Copy link

Updated by Ermal Luçi almost 12 years ago

Why do you need an empty pass?

Actions

Copy link

Updated by Michael Newton over 11 years ago

When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.

Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"

Actions

Copy link

Updated by Michael Newton over 11 years ago

No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...

Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.

Actions

Copy link

Updated by Cyrill B over 11 years ago

Do you still have a copy of your patch? The attached file produces a 404 here.

I recently submitted a pull request [1] that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.

[1] https://github.com/bsdperimeter/pfsense/pull/320

Actions

Copy link

Updated by Ermal Luçi about 11 years ago

Status changed from New to Feedback

Merged the pull request.

Actions

Copy link

Updated by Michael Newton about 11 years ago

That pull request was not for this issue. Please see https://github.com/bsdperimeter/pfsense/pull/357 for the patch allowing an empty password on the captive portal to be passed to RADIUS. Thanks.

Actions

Copy link