Univention Bugzilla – Full Text Bug Listing |
Summary: | univention-radius-ntlm-auth breaks with certain passwords | ||
---|---|---|---|
Product: | UCS | Reporter: | Janis Meybohm <meybohm> |
Component: | Radius | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=48128 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 38794, 39301 | ||
Attachments: | /usr/share/pyshared/univention/pyMsChapV2.py |
Description
Janis Meybohm
2015-06-29 11:12:16 CEST
Created attachment 7152 [details]
/usr/share/pyshared/univention/pyMsChapV2.py
Here is a replacement for /usr/share/pyshared/univention/pyMsChapV2.py from univention-radius which uses a different method for expanding keys to 8 bit (stolen from univention-squid).
Seems to work in my tests.
Maybe even better we use passlib.utils.des, which is part of the debian package python-passlib (already maintained).
This does the encryption and expansion and would be a replacement for the whole univention.pyDes stuff.
import passlib.utils.des
passlib.utils.des.des_encrypt_block(key, data)
Replaced univention.pyMsChapV2.DesEncrypt.expandDesKey() with convertKey() from univention-squid. Added some more tests. 4.0-3: r63424 4.1-0: r63427 Create Bug #39301 for replacing this with passlib.utils.des.des_encrypt_block(key, data) YAML: 2015-09-03-univention-radius.yaml OK: automated test OK: manual test * install radius app, add user lisa, univention-radius-ntlm-auth → Traceback * upgrade to fixed version of univention-radius, univention-radius-ntlm-auth → OK OK: merge to 4.1 OK: YAML |