Re: (ASCEND) Ascend's Radiusd

[Stephen Mulrine <skm@foremost.co.uk>]

Sascha Pollok wrote:
>Dear folks,
>we are currently using the following radiusd for authentication
>with a normal /etc/raddb/users file:
>./radiusd: RADIUS version 1.16 (plus Ascend extensions) 1998/18/06
> NOSHADOW BINARY_FILTERS ASCEND_SECRET ASCEND_LOGOUT sys5
>What I experienced is that in case we have a "testuser" in the
>users-file, the radiusd also accepts a "testuser anotherword" for
>this user. All following chars after the space seem to be
>ignored.

I've just had a quick look at the source code and the problem appears to
be in the user_find procedure in ascendd/users.c.  The code explicitly
zaps a space or tab (and any character thereafter) before it looks up a
name in the user database.  This is because space (and presumably tab)
are used as separators in this database - at least on the line which
specifies the username.  The source code lines in question are from 278
to 287, between
    mode = FIND_MODE_NAME;
and
    namelen=strlen(name);

If you remove or comment out these lines (excluding the ones shown),
which I haven't done myself, I can't guarantee that there wouldn't be
undesired consequences when the daemon subsequently tries to verify a
name containing spaces.  It might be okay if your database is in DBM
format, however.  (Valid usernames still wouldn't be able to contain
spaces unless further changes were made to the builddbm application, in
particular usr_read.c.)

s.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>