Bug#930671: libauthen-radius-perl: most basic usage stopped working

Niko Tyni ntyni at debian.org
Wed Jun 19 18:27:51 BST 2019 

Control: severity -1 serious

On Tue, Jun 18, 2019 at 10:52:03AM +0200, Ferenc Wágner wrote:
> Package: libauthen-radius-perl
> Version: 0.29-1
> Severity: important
 
> I recently upgraded to buster and noticed that our RADIUS test plugin
> does not work anymore.  Downgrading libauthen-radius-perl to 0.27-1
> fixes the issue.  Take the first example from the top of the man page:
> 
>   use Authen::Radius;
>   $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret');
>   print "auth result=", $r->check_pwd('myname', 'mypwd'), "\n";
> 
> If I substitute the correct IPv4 address, secret, user name and password
> into the above, the result is 1 (success) with 0.27-1, but upgrading to
> 0.29-1 gives an error message instead:
> 
>   unknown attr name 1 at /usr/share/perl5/Authen/Radius.pm line 865.
> 
> There might be a workaround via using the lower level operations instead
> of the check_pwd method, but I haven't found it yet.  Please advise.

Thanks for reporting this. I can reproduce this just by pointing a query
towards localhost, even with no server available.

The check_pwd() method is indeed just a small wrapper around the lower
lever operations. It looks like this wrapper calls the add_attributes()
method in a way that broke recently:

    $self->add_attributes (
        { Name => 1, Value => $name, Type => 'string' },
        { Name => 2, Value => $pwd, Type => 'string' },
        { Name => 4, Value => $nas || '127.0.0.1', Type => 'ipaddr' }
    );

>From the documentation of the add_attributes() method:

    Adds any number of Radius attributes to the current Radius object.
    Attributes are specified as a list of anon hashes. They may be
    "Name"d with their dictionary name (provided a dictionary has been
    loaded first), or with their raw Radius attribute-type values.

so this does not seem intentional.

This needs to be reported and fixed upstream; I'll look at it in the
next few days unless someone else beats me to it.

I'm raising the severity of this; if we cannot get it fixed in time
for the Debian Buster release, it should at least be fixed in a stable
release update later.
-- 
Niko Tyni   ntyni at debian.org

More information about the pkg-perl-maintainers mailing list