Fwd: (RADIATOR) Problem with Tunnel-Password encryption

Hugh Irvine hugh at open.com.au
Fri Apr 25 03:12:16 CDT 2008 

Hello Francisco -

Here are some suggestions from our developers.

regards

Hugh


Begin forwarded message:
>>
>
> I think he would be better off calling  
> Radius::Radius::encode_salted than
> reproducing the code verbatim. He may be much better off declaring  
> in his
> dictionary:
>
> ATTRIBUTE       Tunnel-Server-Endpoint          67      tagged-string
> encrypt=2
>
> Cheers.
>
>>
>> cheers
>>
>> Hugh
>>
>> Begin forwarded message:
>>> From: "Francisco Rodrigo Cortinas Maseda"
>>> <francisco.cortinas at jazztel.com>
>>> Date: 24 April 2008 01:31:59 GMT+10:00
>>> To: <radiator at open.com.au>
>>> Subject: RE: (RADIATOR) Problem with Tunnel-Password encryption
>>>
>>> hi all,
>>>
>>> i think i have found a solution:
>>>
>>> sub {
>>>    my $p=${$_[1]};
>>>    if (my @avpair = $p->get_attr('Tunnel-Server-Endpoint')) {
>>>       foreach my $avpair (@avpair) {
>>>         my $tag = substr($avpair,0,1);
>>> #    my ($self, $pwdin, $secret, $tag) = @_;
>>>     my $self=$p;
>>>     my $pwdin='laboratorio';
>>>     my $secret='mysecret';
>>>
>>>     $tag = $tag || 0;
>>>
>>>     my $P = pack('C',  length($pwdin)) . $pwdin;
>>>     my $A = pack('n', rand(65535) | 0x8000);
>>>     my $c_i = $self->authenticator . $A;     # Ciphertext blocks
>>>     my $C;                                   # Encrypted result
>>>     while (length($P))
>>>     {
>>>         $c_i = substr($P, 0, 16, undef) ^ Digest::MD5::md5
>>> ($secret . $c_i);
>>>         $C .= $c_i;
>>>     }
>>> #    return chr($tag) . $A . $C;
>>>     my $passwordd=chr($tag) . $A . $C;
>>>          $p->add_attr('Tunnel-Password', $passwordd);
>>>       }
>>>    }
>>> }
>>>
>>>
>>> Any of the experts can tell me if im right, and this seems to be a
>>> solution?
>>>
>>> Regards.
>>>
>>>  -----Mensaje original-----
>>> De: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]
>>> En nombre de Francisco Rodrigo Cortinas Maseda
>>> Enviado el: miércoles 23 de abril de 2008 16:47
>>> Para: radiator at open.com.au
>>> Asunto: (RADIATOR) Problem with Tunnel-Password encryption
>>>
>>> Hello,
>>>
>>> we are designing a new service for one of our customers, and i have
>>> a problem with the encryption of the tunnel-password attribute.
>>>
>>> the problem is that we have to read the index of the Tunnel-Server-
>>> Endpoint, and the concatenating it to the password ("laboratorio");
>>> so that we have written the script:
>>>
>>> sub {
>>>    my $p=${$_[1]};
>>>    my $id;
>>>    if (my @avpair = $p->get_attr('Tunnel-Server-Endpoint')) {
>>>       foreach my $avpair (@avpair) {
>>>         my $part = substr($avpair,0,1);
>>>          $p->add_attr('Tunnel-Password', $part.':laboratorio');
>>>       }
>>>    }
>>> }
>>>
>>>
>>> but the problem now is the encryption of the attribute.
>>>
>>> Someone lnows how to do this?
>>>
>>> Regards.
>>> Antes de imprimir este e-mail piense bien si es necesario hacerlo.
>>>
>>> Este mensaje es privado y CONFIDENCIAL y se dirige exclusivamente a
>>> su destinatario. Si usted ha recibido este mensaje por error, no
>>> debe revelar, copiar, distribuir o usarlo en ningun sentido. Le
>>> rogamos lo comunique al remitente y borre dicho mensaje y cualquier
>>> documento adjunto que pudiera contener. El correo electronico via
>>> Internet no permite asegurar la confidencialidad de los mensajes
>>> que se transmiten ni su integridad o correcta recepcion. JAZZTEL no
>>> asume responsabilidad por estas circunstancias. Si el destinatario
>>> de este mensaje no consintiera la utilizacion del correo
>>> electronico via Internet y la grabacion de los mensajes, rogamos lo
>>> ponga en nuestro conocimiento de forma inmediata.Cualquier opinion
>>> expresada en este mensaje pertenece unicamente al autor remitente,
>>> y no representa necesariamente la opinion de JAZZTEL, a no ser que
>>> expresamente se diga y el remitente este autorizado para hacerlo.
>>>
>>>
>>> This message is private and CONFIDENTIAL and it is intended
>>> exclusively for its addressee. If you receive this message in
>>> error, you should not disclose, copy, distribute this e-mail or use
>>> it in any other way. Please inform the sender and delete the
>>> message and attachments from your system.Internet e-mail neither
>>> guarantees the confidentiality nor the integrity or proper receipt
>>> of the messages sent. JAZZTEL does not assume any liability for
>>> those circumstances. If the addressee of this message does not
>>> consent to the use of Internet e-mail and message recording, please
>>> notify us immediately.Any views or opinions contained in this
>>> message are solely those of the author, and do not necessarily
>>> represent those of JAZZTEL, unless otherwise specifically stated
>>> and the sender is authorised to do so.
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,  
> WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http:// 
> www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,  
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list