pull NEAT fix from v4.0.x branch

author Alan T. DeKok <aland@freeradius.org>

Wed, 3 Aug 2016 06:52:30 +0000 (08:52 +0200)

committer James Rouzier <jrouzier@inverse.ca>

Tue, 13 Sep 2016 19:57:23 +0000 (15:57 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 3 Aug 2016 06:52:30 +0000 (08:52 +0200)
committer James Rouzier <jrouzier@inverse.ca>
Tue, 13 Sep 2016 19:57:23 +0000 (15:57 -0400)
diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c

index 223456c..c1a0045 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -545,8 +545,15 @@ failure:
          *      The 'value_size' is the size of the response,
          *      which is supposed to be the response (48
          *      bytes) plus 1 byte of flags at the end.
+        *
+        *      NOTE: When using Cisco NEAT with EAP-MSCHAPv2, the
+        *            switch supplicant will send MSCHAPv2 data (EAP type = 26)
+        *            but will always set a value_size of 16 and NULL out the
+        *            peer challenge.
+        *
          */
-       if (eap_ds->response->type.data[4] != 49) {
+       if ((eap_ds->response->type.data[4] != 49) &&
+           (eap_ds->response->type.data[4] != 16)) {
                 REDEBUG("Response is of incorrect length %d", eap_ds->response->type.data[4]);
                 return 0;
         }
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 3 Aug 2016 06:52:30 +0000 (08:52 +0200)
committer	James Rouzier <jrouzier@inverse.ca>
	Tue, 13 Sep 2016 19:57:23 +0000 (15:57 -0400)