[PacketFence-users] Packetfence mschap radius module segmentation fault

Jaap Gordijn via PacketFence-users Tue, 28 Mar 2023 05:38:04 -0700

Hi,

I use packetfence 12.2 on debian 11 (inux pf2 5.10.0-21-amd64 #1 SMP Debian
5.10.162-1 (2023-01-21) x86_64 GNU/Linux).


The mschap module results in a segmentation fault at:

mschap chrooted_mschap {
    ...
        ntlm_auth = "/usr/bin/sudo /usr/sbin/chroot
/chroots/%{PacketFence-Domain} /usr/local/pf/bin/ntlm_auth_wrapper -p 8125
-- \
            --request-nt-key
--username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap
:User-Name:-None}}} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}"
   ...
}


/usr/sbin/freeradius -d /usr/local/pf/raddb -n auth -fxx -l stdout ....
(2) chrooted_mschap: Creating challenge hash with username: xxx
(2) chrooted_mschap: Client is using MS-CHAPv2
(2) chrooted_mschap: Executing: /usr/bin/sudo /usr/sbin/chroot
/chroots/%{PacketFence-Domain} /usr/local/pf/bin/ntlm_auth_wrapper -p 8125
--             --request-nt-key
--username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap
:User-Name:-None}}} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}:
(2) chrooted_mschap: EXPAND /chroots/%{PacketFence-Domain}
(2) chrooted_mschap:    --> /chroots/yyy
(2) chrooted_mschap: EXPAND
--username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap
:User-Name:-None}}}
(2) chrooted_mschap:    --> --username=xxx
(2) chrooted_mschap: Creating challenge hash with username: xxx
(2) chrooted_mschap: EXPAND --challenge=%{mschap:Challenge:-00}
(2) chrooted_mschap:    --> --challenge=437c750cabb201bb
(2) chrooted_mschap: EXPAND --nt-response=%{mschap:NT-Response:-00}
(2) chrooted_mschap:    -->
--nt-response=51d306663c6e2beb48aaf079bfbc0b371070750b6fa8bb85
(2) chrooted_mschap: EXPAND %{PacketFence-NTLMv2-Only}
(2) chrooted_mschap:    -->
Segmentation fault

Calling a simple program e.g. /usr/bin/ls  also results in a segmentation
fault.
Something seems to be wrong in how freeradius calls external programs

Manually calling works:
# /usr/bin/sudo /usr/sbin/chroot /chroots/gordijn
/usr/local/pf/bin/ntlm_auth_wrapper -p 8125 --          --request-nt-key
--username=xxx --challenge=2a9aad9a1367bb65
--nt-response=642acf5713d9c0ead62de4e78133565ac240bcd6beef89a2
NT_KEY: 4D109E5DB9758CAFDC7BE2690950018C

Any ideas how to fix this?

Best,

-- Jaap



_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence mschap radius module segmentation fault

Reply via email to