Make radtest use Cleartext-Password for EAP

2017-03-30 16:34:41 +03:00 · 2017-03-30 16:34:41 +03:00 · e824373dca
commit e824373dca
parent 5b4fff6aff
2 changed files with 42 additions and 0 deletions
--- a/freeradius-radtest-should-use-Cleartext-Password-for-EAP.patch
+++ b/freeradius-radtest-should-use-Cleartext-Password-for-EAP.patch
@ -0,0 +1,39 @@
+From 362533a64646cce89799ba0759d4304b8de1e917 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Tue, 7 Mar 2017 09:22:10 -0500
+Subject: [PATCH] radtest should use Cleartext-Password for EAP
+
+(cherry picked from commit 0251c6c9d049f06c8f10974f9e67ef8142b17047)
+---
+ src/main/radtest.in                | 2 +-
+ src/modules/rlm_eap/radeapclient.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/main/radtest.in b/src/main/radtest.in
+index 7f009ae68..38b1ba9a0 100644
+--- a/src/main/radtest.in
+++ b/src/main/radtest.in
+@@ -81,7 +81,7 @@ do
+ 				PASSWORD="MS-CHAP-Password"
+ 				;;
+ 			eap-md5)
+-				PASSWORD="User-Password"
+				PASSWORD="Cleartext-Password"
+ 				if [ ! -x "$radeapclient" ]
+ 				then
+ 				    echo "radtest: No 'radeapclient' program was found.  Cannot perform EAP-MD5." >&1
+diff --git a/src/modules/rlm_eap/radeapclient.c b/src/modules/rlm_eap/radeapclient.c
+index 020d252f1..ff69361e4 100644
+--- a/src/modules/rlm_eap/radeapclient.c
+++ b/src/modules/rlm_eap/radeapclient.c
+@@ -468,6 +468,7 @@ static int rc_init_packet(rc_transaction_t *trans)
+ 		/*
+ 		 *	Keep a copy of the the password attribute.
+ 		 */
+		case PW_CLEARTEXT_PASSWORD:
+ 		case PW_USER_PASSWORD:
+ 		case PW_CHAP_PASSWORD:
+ 		case PW_MS_CHAP_PASSWORD:
+-- 
+2.11.0
+
--- a/freeradius.spec
+++ b/freeradius.spec
@ -26,6 +26,7 @@ Patch2: freeradius-Use-system-crypto-policy-by-default.patch
 Patch3: freeradius-Relax-OpenSSL-permissions-for-default-key-files.patch
 Patch4: freeradius-Fix-some-issues-found-with-static-analyzers.patch
 Patch5: freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch
+Patch6: freeradius-radtest-should-use-Cleartext-Password-for-EAP.patch

 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}

@ -198,6 +199,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1

 %build
 # Force compile/link options, extra security for network facing daemon
@ -805,6 +807,7 @@ exit 0
  dependencies are installed, and it is built, but not packaged.
 - Prevent segfaults by adding a missing handling of connection errors in
  rlm_ldap.
+- Make radtest use Cleartext-Password for EAP, fixing its support for eap-md5.

 * Wed Mar 15 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-2
 - Fix permissions of default key files in raddb/certs.