From bfb69e930f6c8b382eb6d2748a6d1cd5f3d0f8d6 Mon Sep 17 00:00:00 2001 From: Tim Kourt Date: Thu, 10 Jan 2019 14:34:23 -0800 Subject: [PATCH] eap-mschapv2: Fix domain name usage in username The domain name must be excluded from the username only for the NT challenge calculations and left in place for everything else. --- src/eap-mschapv2.c | 25 ++++--------------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c index e9392372..f79da88c 100644 --- a/src/eap-mschapv2.c +++ b/src/eap-mschapv2.c @@ -454,23 +454,6 @@ static bool set_password_from_string(struct eap_mschapv2_state *state, return mschapv2_nt_password_hash(password, state->password_hash); } -static void set_user_name(struct eap_mschapv2_state *state, const char *user) -{ - const char *pos; - - if (!user) - return; - - for (pos = user; *pos; ++pos) { - if (*pos == '\\') { - state->user = l_strdup(pos + 1); - return; - } - } - - state->user = l_strdup(user); -} - static int eap_mschapv2_check_settings(struct l_settings *settings, struct l_queue *secrets, const char *prefix, @@ -555,18 +538,18 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap, const char *prefix) { struct eap_mschapv2_state *state; - L_AUTO_FREE_VAR(char *, identity); L_AUTO_FREE_VAR(char *, password) = NULL; char setting[64]; state = l_new(struct eap_mschapv2_state, 1); snprintf(setting, sizeof(setting), "%sIdentity", prefix); - identity = l_settings_get_string(settings, "Security", setting); - if (!identity) + state->user = l_settings_get_string(settings, "Security", setting); + if (!state->user) { + l_error("'%s' setting is missing", setting); goto error; + } - set_user_name(state, identity); state->user_len = strlen(state->user); /* Either read the password-hash from hexdump or password and hash it */