diff options
| author |   yasuoka <yasuoka@openbsd.org> | 2016-03-22 04:11:27 +0000 |
|---|---|---|
| committer | yasuoka <yasuoka@openbsd.org> | 2016-03-22 04:11:27 +0000 |
| commit | 70452a203e0bc4342c0b7abe3dec8aed0eac64d4 (patch) | |
| tree | 378ee67b19b75593bae6cc72b31260a1d62e924b /usr.sbin/npppd | |
| parent | sync (diff) | |
| download | wireguard-openbsd-70452a203e0bc4342c0b7abe3dec8aed0eac64d4.tar.xz wireguard-openbsd-70452a203e0bc4342c0b7abe3dec8aed0eac64d4.zip | |
Log the reply message from RADIUS server when the authenticaion fails.
Diff from Yuuichi Someya
Diffstat (limited to 'usr.sbin/npppd')
| -rw-r--r-- | usr.sbin/npppd/npppd/chap.c | 19 | ||||
| -rw-r--r-- | usr.sbin/npppd/npppd/pap.c | 19 |
2 files changed, 34 insertions, 4 deletions
diff --git a/usr.sbin/npppd/npppd/chap.c b/usr.sbin/npppd/npppd/chap.c index ecd8c1439f2..1389e8f795d 100644 --- a/usr.sbin/npppd/npppd/chap.c +++ b/usr.sbin/npppd/npppd/chap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chap.c,v 1.14 2015/07/23 09:04:06 yasuoka Exp $ */ +/* $OpenBSD: chap.c,v 1.15 2016/03/22 04:11:27 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -36,7 +36,7 @@ * </ul></p> */ /* RFC 1994, 2433 */ -/* $Id: chap.c,v 1.14 2015/07/23 09:04:06 yasuoka Exp $ */ +/* $Id: chap.c,v 1.15 2016/03/22 04:11:27 yasuoka Exp $ */ #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> @@ -52,6 +52,7 @@ #include <time.h> #include <event.h> #include <md5.h> +#include <vis.h> #include "slist.h" #include "npppd.h" @@ -915,6 +916,20 @@ chap_radius_response(void *context, RADIUS_PACKET *pkt, int flags, auth_failed: chap_log(_this, LOG_WARNING, "Radius authentication request failed: %s", reason); + /* log reply messages from radius server */ + if (pkt != NULL) { + char radmsg[255], vissed[1024]; + size_t rmlen = 0; + if ((radius_get_raw_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE, + radmsg, &rmlen)) == 0) { + if (rmlen != 0) { + strvisx(vissed, radmsg, rmlen, VIS_WHITE); + chap_log(_this, LOG_WARNING, + "Radius reply message: %s", vissed); + } + } + } + /* No extra information */ chap_failure(_this, "FAILED", errorCode); } diff --git a/usr.sbin/npppd/npppd/pap.c b/usr.sbin/npppd/npppd/pap.c index 30ec93da9f7..2738e669ee4 100644 --- a/usr.sbin/npppd/npppd/pap.c +++ b/usr.sbin/npppd/npppd/pap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pap.c,v 1.9 2015/07/23 09:04:06 yasuoka Exp $ */ +/* $OpenBSD: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: pap.c,v 1.9 2015/07/23 09:04:06 yasuoka Exp $ */ +/* $Id: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */ /**@file * This file provides Password Authentication Protocol (PAP) handlers. * @author Yasuoka Masahiko @@ -44,6 +44,7 @@ #include <string.h> #include <syslog.h> #include <errno.h> +#include <vis.h> #include "slist.h" #include "npppd.h" @@ -510,6 +511,20 @@ auth_failed: /* Autentication failure */ pap_log(_this, LOG_WARNING, "Radius authentication request failed: %s", reason); + /* log reply messages from radius server */ + if (pkt != NULL) { + char radmsg[255], vissed[1024]; + size_t rmlen = 0; + if ((radius_get_raw_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE, + radmsg, &rmlen)) == 0) { + if (rmlen != 0) { + strvisx(vissed, radmsg, rmlen, VIS_WHITE); + pap_log(_this, LOG_WARNING, + "Radius reply message: %s", vissed); + } + } + } + pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE); } #endif |