[RADIATOR-ANNOUNCE] Radiator Version 4.14 released - includes a fix for EAP authentication vulnerability

Thu Dec 4 03:21:33 CST 2014

We are pleased to announce the release of Radiator version 4.14

This version contains a fix for an EAP authentication vulnerability. 
Upgrade is strongly recommended. Please review OSC security advisory 
OSC-SEC-2014-01 for more information:
https://www.open.com.au/OSC-SEC-2014-01.html

As usual, the new version is available to current licensees from:
https://www.open.com.au/radiator/downloads/

and to current evaluators from:
https://www.open.com.au/radiator/demo-downloads

Licensees with expired access contracts can renew at:
https://www.open.com.au/renewal.html

An extract from the history file
https://www.open.com.au/radiator/history.html is below:

-----------------------------

Revision 4.14 (2014-12-03)

     Selected fixes, compatibility notes and enhancements

Fixes a vulnerability and very significant bug in EAP authentication.
OSC recommends all users to review OSC security advisory
OSC-SEC-2014-01 to see if they are affected.
https://www.open.com.au/OSC-SEC-2014-01.html

Client findAddress() was changed to lookup CIDR clients before DEFAULT
client. Affects ServerTACACSPLUS and in some cases SessionDatabase
modules.

Added support for non-blocking sockets on Windows

SessionDatabase SQL queries now support bind variables

     Detailed changes

Added VENDOR Allot 2603 and VSA Allot-User-Role to dictionary.

Added Diameter AVP flag hints in the Diameter Credit-Control
Application dictionary.

Prevented crash during startup when configured to support a Diameter
application for which no dictionary module was not present. Reported
by Arthur. Improved logging of loading of Diameter application
dictionary modules.

Improvements to AuthBy SIP2 to add support for SIP2Hook. SIP2Hook can
be used for patron authorisation and/or authentication. Added an
example hook goodies/sip2hook.pl. Added a new optional parameter
UsePatronInformationRequest for configurations in which Patron Status
Request is not sufficient.

Fixed a problem with SNMPAgent which could cause a crash if the
configuration had no Clients.

Stream and StreamServer sockets are now set to nonblocking mode on
Windows too. This allows for example, RadSec to use nonblocking
sockets on Windows.

radpwtst now honours -message_authenticator option for all request
types specified with the -code parameter.

Client.pm findAddress() was changed to look up CIDR clients before
DEFAULT client. This is the same order Client lookup for incoming
RADIUS requests uses. This affects mostly
ServerTACACSPLUS. SessionDatabase DBM, INTERNAL and SQL also use
findAddress() and are affected when Clients have NasType configured
for Simultaneous-Use online checking. Client lookup was simplified in
ServerTACACSPLUS.

Added VENDOR Cambium 17713 and four Cambium-Canopy VSAs to
dictionary. "RADIUS Attributes for IEEE 802 Networks" is now RFC
7268. Updated some of its attribute types.

AuthBy MULTICAST now checks first, not after, if the next hop host is
working before creating the request to forward. This will save cycles
when the next hop is not working.

Added VENDOR Apcon 10830 and VSA Apcon-User-Level to
dictionary. Contributed by Jason Griffith.

Added support for custom password hashes and other user defined
password check methods. When the new configuration parameter
CheckPasswordHook is defined for an AuthBy and the password retrieved
from the user database starts with leading '{OSC-pw-hook}', the
request, the submitted password and the retrieved password are passed
to the CheckPasswordHook. The hook must return true if the submitted
password is deemed correct. TranslatePasswordHook runs before
CheckPasswordHook and can be used to add '{OSC-pw-hook}' to the
retrieved passwords.

AuthLog SYSLOG and Log SYSLOG now check LogOpt during the
configuration check phase. Any problems are now logged with the
loggers Identifier.

The defaults for SessionDatabase SQL AddQuery and CountQuery now use
%0 where username is needed. Updated the documentation to clarify the
value of %0 for AddQuery, CountQuery, ReplaceQuery, UpdateQuery and
DeleteQuery: %0 is the quoted original username. However, if
SessionDatabaseUseRewrittenName is set for the Handler and the check
is done by Handler (MaxSessions) or AuthBy (DefaultSimultaneousUse),
then %0 is the rewritten username. For per-user session database
queries %0 is always the original username. Updated the documentation
for CountQuery to include %0 and %1. For CountQuery %1 is the value of
the simultaneous use limit.

Enhanced resolution of vendor names to Vendor-Id values for
SupportedVendorIds, VendorAuthApplicationIds and
VendorAcctApplicationIds. Keyword DictVendors for SupportedVendorIds
now includes vendors from all dictionaries that are loaded. Vendor
name in Vendor*ApplicationIds can be in any of the loaded dictionaries
in addition of being listed in DiaMsg module.

Added VENDOR InMon 4300 and VSA InMon-Access-Level to
dictionary. Contributed by Garry Shtern.

Added ReplyTimeoutHook to AuthBy RADIUS, called if no reply is heard
from the currently tried remote server. The hook is called if no reply
is heard for a specific request after the Retries retransmissions and
the request is deemed to have failed for that Host. Suggested by David
Zych.

The default ConnectionAttemptFailedHook no longer logs the real DBAuth
value but '**obscured**' instead.

Name clash with SqlDb disconnect method caused unnecessary Fidelio
interface disconnects and reconnects in AuthBy FIDELIOHOTSPOT after
SQL errors. AuthBy FIDELIOHOTSPOT now inherits directly from SqlDb.

Added VENDOR 4ipnet 31932 and and 14 4ipnet VSAs to dictionary. These
VSA are also used by devices from 4ipnet partners, such as
LevelOne. Contributed by Itzik Ben Itzhak.

MaxTargetHosts now applies to AuthBy RADIUS and its sub-types AuthBy
ROUNDROBIN, VOLUMEBALANCE, LOADBALANCE, HASHBALANCE and
EAPBALANCE. MaxTargetHosts was previously implemented only for AuthBy
VOLUMEBALANCE. Suggested by David Zych.

Added VENDOR ZTE 3902 and multiple VSAs to dictionary with the kind
assistance of Nguyen Song Huy. Updated Cisco VSAs in dictionary.

Added radiator.service, a sample systemd startup file for Linux.

AuthBy FIDELIO and its sub-types now log a warning if the server sends
no records during the database resync. This usually indicates a
configuration problem on the Fidelio server side, unless there really
are no checked in guests. Added a note about this in fidelio.txt in
goodies.

Added Diameter Base Protocol AVP flag rules in DiaDict. Radiator no
longer sends CEA with Firmware-Revision AVP that has M flag set.

BogoMips again defaults correctly to 1 when BogoMips is not configured
in a Host clause in AuthBy LOADBALANCE or VOLUMEBALANCE. Reported by
Serge ANDREY. The default was broken in release 4.12. Updated
LOADBALANCE example in proxyalgorithm.cfg in goodies.

Ensured that Hosts with BogoMips set to 0 in AuthBy VOLUMEBALANCE will
not be a candidates for proxying.

Added Diameter AVP flag rules in DiaDict for the following Diameter
applications: RFC 4005 and 7155 NASREQ, RFC 4004 Mobile IPv4
Application, RFC 4740 SIP Application and RFC 4072 EAP Application.

Added the attributes from RFC 6929 to dictionary. The attributes will
now be proxied by default but no specific handling is done for them
yet.

Added VENDOR Covaro Networks 18022 and multiple Covaro VSAs to
dictionary. These VSAs are used by products from ADVA Optical
Networking.

Significant performance enhancements in ServerDIAMETER and Diameter
request processing. Diameter requests are now formatted for debugging
only when the Trace level is set to debug or higher.

AuthLog FILE and Log FILE now support LogFormatHook to customise the
log message. The hook is expected to return a single scalar value
containing the log message. This allows formatting the logs, for
example, in JSON or any other format suitable for the required
postprocessing. Suggestion and help by Alexander Hartmaier.

Updated the values for Acct-Terminate-Cause, NAS-Port-Type and
Error-Cause in dictionary to match the latest IANA assignments.

Updated sample certificates from SHA-1 and RSA 1024 to SHA-256 and RSA
2048 algorithms. Added new directories certificates/sha1-rsa1024 and
certificates/sha256-secp256r1 with certificates using the previous and
ECC (Elliptic curve cryptography) algorithms. All sample certificates
use the same subject and issuer information and extensions. This
allows testing the different signature and public key algorithms with
minimal configuration changes. Updated mkcertificate.sh in goodies to
create certificates with SHA-256 and RSA 2048 algorithms.

Added new configuration parameters EAPTLS_ECDH_Curve for TLS based EAP
methods and TLS_ECDH_Curve for Stream clients and servers such as
RadSec and Diameter. This parameter allows Elliptic Curve ephemeral
keying negotiation and its value is the EC 'short name' as returned by
openssl ecparam -list_curves command. The new parameters require
Net-SSLeay 1.56 or later and matching OpenSSL.

Tested Radiator with RSA2048/SHA256 and ECDSA(curve secp256r1)/SHA256
certificates on different platforms and with different clients. EAP
client support was widely available on both mobile, such as, Android,
IOS and WP8, and other operating systems. Updated multiple EAP,
RadSec, Diameter and other configuration files in goodies to include
examples of the new EAPTLS_ECDH_Curve and TLS_ECDH_Curve configuration
parameters.

Handler and AuthBy SQL, RADIUS, RADSEC and FREERADIUSSQL now support
AcctLogFileFormatHook. This hook is available to customise the
Accounting-Request messages logged by AcctLogFileName or
AcctFailedLogFileName. The hook is expected to return a single scalar
value containing the log message. This allows formatting the logs, for
example, in JSON or any other format suitable for the required
postprocessing.

The Group configuration parameter now supports setting the
supplementary group ids in addition to the effective group id. Group
can now be specified as comma separated list of groups where the first
group is the desired effective group id. If there are names that can
not be resolved, groups are not set. The supplementary groups may help
with, for example, AuthBy NTLM accessing the winbindd socket.

Added multiple Alcatel, vendor 6527, VSAs to dictionary.

Name resolution for Radius Clients and IdenticalClients is now tested
during configuration check phase. Suggested by Garry
Shtern. Incorrectly specified IPv4 and IPv6 CIDR blocks are now
clearly logged. The checks also cover clients loaded by ClientListLDAP
and ClientListSQL.

Special formatting now supports %{AuthBy:parmname} which is replaced
by the parmname parameter from the AuthBy clause that is handling the
current packet. Suggested by Alexander Hartmaier.

Added VENDOR Tropic Networks 7483, now Alcatel-Lucent, and two Tropic
VSAs to dictionary. These VSAs are used by some Alcatel-Lucent
products, such as the 1830 Photonic Service Switch. Fixed a typo in
RB-IPv6-Option attribute.

TLS 1.1 and TLS 1.2 are now allowed for EAP methods when supported by
OpenSSL and EAP supplicants. Thanks to Nick Lowe of Lugatech.

AuthBy FIDELIOHOTSPOT now supports prepaid services, such as plans
with different bandwidth. The purchases are posted to Opera with
billing records. Configuration files fidelio-hotspot.cfg and
fidelio-hotspot.sql in goodies were updated with an example of
Mikrotik captive portal integration.

AuthBy RADIUS and AuthBy RADSEC now use less-than and equal when
comparing time stamps using MaxFailedGraceTime. Previously strict
less-than was used causing an off by one second error when marking
next hop Hosts down. Debugged and reported by David Zych.

AuthBy SQLTOTP was updated to support HMAC-SHA-256 and HMAC-SHA-512
functions. The HMAC hash algorithm can now be parametrised for each
token as well as time step and Unix time origin. An empty password
will now launch Access-Challenge to prompt for the OTP. SQL and
configuration examples were updated. A new utility generate-totp.pl in
goodies/ can be used to create shared secrets. The secrets are created
in hex and RFC 4648 Base32 text formats and as QR code images which
can be imported by authenticators such as Google Authenticator and
FreeOTP Authenticator.

Reformatted root.pem, cert-clt.pem and cert-srv.pem in the
certificates/ directory. The encrypted private keys in these files are
now formatted in the traditional SSLeay format instead of PKCS#8
format. Some older systems, such as RHEL 5 and CentOS 5, do not
understand the PKCS#8 format and fail with an error message like 'TLS
could not use_PrivateKey_file ./certificates/cert-srv.pem, 1: 27197: 1
- error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown
pbe algorithm' when trying to load the keys. The encrypted private
keys in sha1-rsa1024 and sha256-secp256r1 directories remain in the
PKCS#8 format. A note about the private key format was added in
certificates/README.

Added new parameter for all AuthBys: EAP_GTC_PAP_Convert forces all
EAP-GTC requests to be converted to conventional Radius PAP requests
that are redespatched, perhaps to be proxied to another non-EAP-GTC
capable Radius server or for local authentication. The converted
requests can be detected and handled with Handler ConvertedFromGTC=1.

SessionDatabase SQL queries now support bind variables. The query
parameters follow the usual naming convention where, for example,
AddQueryParam is used for AddQuery bind variables. The updated queries
are: AddQuery, DeleteQuery, ReplaceQuery, UpdateQuery, ClearNasQuery,
ClearNasSessionQuery, CountQuery and CountNasSessionsQuery.

AddressAllocator SQL now supports a new optional parameter UpdateQuery
which will run an SQL statement for each accounting message with
Acct-Status-Type of Start or Alive. This query can be used to update
the expiry time stamp allowing shorter LeaseReclaimInterval. Added an
example of UpdateQuery in addressallocator.cfg in goodies.

Fixed badly formatted log message in AuthBy RADIUS. Reported by Patrik
Forsberg. Fixed log messages in EAP-PAX and EAP-PSK and updated a
number of configuration examples in goodies.

Compiled Win32-Lsa Windows PPM packages for Perl 5.18 and 5.20 for
both x64 and x86 with 32bit integers. The PPMs were compiled with
Strawberry Perl 5.18.4.1 and 5.20.1.1. Included these and the
previously compiled Win32-Lsa PPMs in the Radiator distribution.

Compiled Authen-Digipass Windows PPM packages with Strawberry Perl
5.18.4.1 and 5.20.1.1 for Perl 5.18 and 5.20 for x86 with 32bit
integers. Updated digipass.pl to use Getopt::Long instead of
deprecated newgetopt.pl. Repacked Authen-Digipass PPM for Perl 5.16 to
include the updated digipass.pl.

Diameter Address type attributes with IPv6 values are now decoded to
human readable IPv6 address text representation. Previously, decode
returned the raw attribute value. Reported by Arthur Konovalov.

Improved Diameter EAP handling for both AuthBy DIAMETER and
ServerDIAMETER. Both modules now advertise Diameter-EAP application by
default during the initial capabilities exchange. AuthBy DIAMETER now
supports AuthApplicationIds, AcctApplicationIds and SupportedVendorIds
configuration parameters

Changed the type of Chargeable-User-Identity in dictionary to binary
to make sure any trailing NUL characters are not stripped.

More updates to example configuration files. Remove 'DupInterval 0'
and use Handlers instead of Realms

Fixed an EAP bug which could allow bypassing EAP method
restrictions. Copied the EAP expanded type test module to goodies and
changed the test module to always respond with access reject.

Added backport notes and backports for older Radiator versions to
address the EAP bug in OSC security advisory OSC-SEC-2014-01.

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.