[Openswan dev] [PATCH] xl2tpd refuse authentication lac fix
Dean Scarff
dos at scarff.id.au
Mon Jun 9 15:35:24 EDT 2008
The "refuse authentication" option in xl2tpd.conf LAC sections has the
opposite semantics to what the English reading suggests. This bug
affects versions 1.2.0 and 1.1.12, among others probably.
The bug results in refuse-pap and refuse-chap being unconditionally
passed to pppd when 'refuse authentication = no'.
--- xl2tpd-1.2.0/file.c 2008-04-01 00:28:11.000000000 +0800
+++ xl2tpd-1.2.0.patched/file.c 2008-06-09 19:00:59.000000000 +0800
@@ -608,7 +608,7 @@
l->pap_require = result;
else if (c[0] == 'a') /* Authentication */
if (word[2] == 'f')
- l->authself = result;
+ l->authself = !result;
else
l->authpeer = result;
else /* CHAP */ if (word[2] == 'f')
LNS sections are unaffected because they already negate the 'refuse
authentication' result in the same way the LAC section does with this
patch.
--
Dean
More information about the Dev
mailing list