Patchwork Remove FreeRADIUS workaround from default configuration

login
register
mail settings
Submitter Dmitry Shmidt
Date July 16, 2014, 6:01 p.m.
Message ID <20140716180238.6A8101406C3@ushik.mtv.corp.google.com>
Download mbox | patch
Permalink /patch/370835/
State Accepted
Headers show

Comments

Dmitry Shmidt - July 16, 2014, 6:01 p.m.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
 src/eap_peer/eap_config.h    | 2 ++
 src/eap_peer/eap_ttls.c      | 2 +-
 wpa_supplicant/config_ssid.h | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)
Jouni Malinen - July 26, 2014, 6:28 p.m.
On Wed, Jul 16, 2014 at 11:01:26AM -0700, Dmitry Shmidt wrote:
> diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
> @@ -501,7 +501,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
> -	if (sm->workaround) {
> +	if (sm->workaround & EAP_WORKAROUND_FREERADIUS) {
>  		/* At least FreeRADIUS seems to be terminating
>  		 * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
>  		 * packet. */
...

Thanks, I applied this with the workaround removed here completely
rather than leaving it as an optional workaround based on the
sm->workaround value. This is simpler and there does not seem to be
enough justification for this workaround to exist anymore.

FreeRADIUS changed its behavior in the 1.1.4 release and the older
versions of FreeRADIUS were the only documented case having needed this
workaround.  No one should be using that old version of the server
anymore, so it is fine to just get rid of this wpa_supplicant workaround
completely.
Alan DeKok - July 26, 2014, 6:33 p.m.
Jouni Malinen wrote:
> FreeRADIUS changed its behavior in the 1.1.4 release and the older
> versions of FreeRADIUS were the only documented case having needed this
> workaround.  No one should be using that old version of the server
> anymore, so it is fine to just get rid of this wpa_supplicant workaround
> completely.

  I agree.

  Alan DeKok.

Patch

diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index 2591e11..f7d37c2 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -9,6 +9,8 @@ 
 #ifndef EAP_CONFIG_H
 #define EAP_CONFIG_H
 
+#define EAP_WORKAROUND_FREERADIUS BIT(0)
+
 /**
  * struct eap_peer_config - EAP peer configuration/credentials
  */
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index e110236..65a20cc 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -501,7 +501,7 @@  static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 	wpabuf_put(msg, pos - buf);
 	*resp = msg;
 
-	if (sm->workaround) {
+	if (sm->workaround & EAP_WORKAROUND_FREERADIUS) {
 		/* At least FreeRADIUS seems to be terminating
 		 * EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
 		 * packet. */
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index ab474ff..dfed662 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -16,7 +16,8 @@ 
 #define MAX_SSID_LEN 32
 
 
-#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+#define DEFAULT_EAP_WORKAROUND (((unsigned int) -1) & \
+				~EAP_WORKAROUND_FREERADIUS)
 #define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
 			     EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
 #define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)