[exim-dev] [Bug 1850] New: "auths/call_radius.c": in switch …

Góra strony
Delete this message
Reply to this message
Autor: admin
Data:  
Dla: exim-dev
Temat: [exim-dev] [Bug 1850] New: "auths/call_radius.c": in switch statement "case REJECT_RC" missing
https://bugs.exim.org/show_bug.cgi?id=1850

            Bug ID: 1850
           Summary: "auths/call_radius.c":  in switch statement "case
                    REJECT_RC" missing
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: SMTP Authentication
          Assignee: pdp@???
          Reporter: lk@???
                CC: exim-dev@???


Created attachment 896
--> https://bugs.exim.org/attachment.cgi?id=896&action=edit
auths/call_radius.c: case REJECT_RC missing

Until now we used Exim 4.85 with own RADIUS-client (adapted from the
Merit-Software) with _own_ "auths/call_radius.c".
The "auths/call_radius.c" from the Exim distribution was not used.
All works fine (Solaris 8 and 9 ;-) ).

With the changeover to Solaris10/11 and RADIUSCLIENTNEW with
"radiusclient-ng-0.5.6" now the exim-own "auths/call_radius.c" is used.

But with the exim-own "auths/call_radius.c" a error occours:

 + positive authentication:    all is OK, no problem.
 + negative authentication:
    - not the correct information
        535 Incorrect authentication data ........          # Code 5xx
    - instead of this 
        435 Unable to authenticate at present (set_id=xxxxx):
                                          RADIUS: unexpected response (2)
      is reported.


Here is the reason:
The source code of "auths/call_radius.c" is wrong.


Original code:
--------------

[.......]
#ifdef RADIUS_LIB_RADIUSCLIENT
result = rc_auth(0, send, &received, msg);
#else
result = rc_auth(h, 0, send, &received, msg);
#endif

DEBUG(D_auth) debug_printf("RADIUS code returned %d\n", result);

switch (result)
{
case OK_RC:
return OK;

case ERROR_RC:
return FAIL;

case TIMEOUT_RC:
*errptr = US"RADIUS: timed out";
return ERROR;

default:
case BADRESP_RC:
*errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
return ERROR;
}
[.......]

>>> In the switch statement is missing the examination of the return
>>> code REJECT_RC.



Here the corrected code:
........................


[.......]
switch (result)
{
case OK_RC:
return OK;

  case REJECT_RC:                               // added 20.06.2016
  return FAIL;                                  //  LK


case ERROR_RC:
return FAIL;

case TIMEOUT_RC:
*errptr = US"RADIUS: timed out";
return ERROR;

default:
case BADRESP_RC:
*errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
return ERROR;
}
[.......]

Now all works fine.


------------------

Also the freeradius-client software (Exim 4.87 ff.) use the same modul
"call_radius.c".
And also in Exim 4.87 is missing the REJECT_RC code, so also there
the error is occoured.

>>> ALL Exim 4.xx versions has this error, incl the new 4.87.


Please correct all Exim versions.

Remark: The used RADIUS Server is Freeradius2.

Regards,
leonhard

--
You are receiving this mail because:
You are on the CC list for the bug.