[Radiusplugin-users] username-as-common-name interpreted incorrectly

[Evgheni Dereveanchin]

Hi,

 

I started out testing the plugin with both “client-cert-not-required” and “username-as-common-name” options and everything worked properly (well, except the client routes that I resolved in the other thread.) The correct CCDs were created for respective usernames and propagated routes sent by RADIUS (win2012 NPS in my case)

 

Then I decided to add security and use a group certificate for the clients and commented out “client-cert-not-required”. After this the CCDs started to get generated for the CN in the certificate, not the username. The issue was in the sequence of CommonName decisions in radiusplugin.cpp:

 

    if ( context->conf.getUsernameAsCommonname() == true )

    {

        if ( DEBUG ( context->getVerbosity() ) ) cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND: Commonname set to Username\n";

        user->setCommonname ( get_env ( "username", envp ) );

    }

    if ( get_env ( "common_name", envp ) !=NULL )

    {

        user->setCommonname ( get_env ( "common_name", envp ) );

    }

 

I switched places of these IF statements since this sequence was wrong. Please consider this a bug report J

 

Regards,

Evgheni

 

---

The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are mine and do not necessarily represent the opinions of the Company. Emails are susceptible to interference. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited and may be unlawful. If you have received this message in error, do not open any attachments but please notify the EndavaIT Support Service Desk on (+44 (0)870 423 0187), and delete this message from your system. The sender accepts no responsibility for information, errors or omissions in this email, or for its use or misuse, or for any act committed or omitted in connection with this communication. If in doubt, please verify the authenticity of the contents with the sender. Please rely on your own virus checkers as no responsibility is taken by the sender for any damage rising out of any bug or virus infection.

Endava Limited is a company registered in England under company number 5722669 whose registered office is at 125 Old Broad Street, London, EC2N 1AR, United Kingdom. Endava Limited is the Endava group holding company and does not provide any services to clients. Each of Endava Limited and its subsidiaries is a separate legal entity and has no liability for another such entity's acts or omissions. Please refer to the “Legal” section on our website for a list of legal entities.