From 29c626683ea1aa6136360a6afcc6a053d0342a3d Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 21 Mar 2018 18:09:12 +0100 Subject: auth: avoid sending duplicate CHAP Failure messages in mschap-v1 and mschap-v2 When pwdb returns PWDB_NO_IMPL and chap_recv_response() performs the authentication itself, it delegates this task to chap_check_response(). This function sends a CHAP Failure message if it can't retrieve the password, but not in case of password mismatch. Since chap_recv_response() already sends a CHAP Failure message on error, the one sent by chap_check_response() is useless. Signed-off-by: Guillaume Nault --- accel-pppd/auth/auth_mschap_v1.c | 1 - accel-pppd/auth/auth_mschap_v2.c | 1 - 2 files changed, 2 deletions(-) diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index f40a8735..10424866 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -437,7 +437,6 @@ static int chap_check_response(struct chap_auth_data *ad, struct chap_response * if (!passwd) { if (conf_ppp_verbose) log_ppp_warn("mschap-v1: user not found\n"); - chap_send_failure(ad, conf_msg_failure); return PWDB_DENIED; } diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index 86917cb3..33b95dea 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -521,7 +521,6 @@ static int chap_check_response(struct chap_auth_data *ad, struct chap_response * if (!passwd) { if (conf_ppp_verbose) log_ppp_warn("mschap-v2: user not found\n"); - chap_send_failure(ad, conf_msg_failure, conf_msg_failure2); return -1; } -- cgit v1.2.3