rpms/freeradius
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix five issues

Browse Source
This commit is contained in:
Nikolai Kondrashov 2014-09-30 16:25:07 +03:00
parent 4004751c5f
commit d2cf93dd4f
8 changed files with 803 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

401
freeradius-access-union-consistently.patch Normal file
View File

@ -0,0 +1,401 @@
From 5e8a69d547461c757abe2870ecbff2aa7a1fea55 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Wed, 1 Oct 2014 11:51:51 -0400
Subject: [PATCH 2/4] Access union value_data members consistently
Use the same, appropriate union value_data member for each access of
BOOLEAN, BYTE and SHORT PW_TYPEs, without assuming they're
interchangeable with "integer", as that is only true on little-endian
architectures.
This fixes at least this wimax unit test failure on s390x and ppc64:
Mismatch in line 11 of src/tests/unit/wimax.txt, got: 1a 0c 00 00 60 b5 01 06 00 02 03 00 expected: 1a 0c 00 00 60 b5 01 06 00 02 03 01
---
src/lib/print.c | 56 ++++++++++++------
src/lib/radius.c | 8 +--
src/lib/valuepair.c | 83 +++++++++++++++++++--------
src/main/evaluate.c | 4 +-
src/main/valuepair.c | 4 ++
src/main/xlat.c | 4 +-
src/modules/rlm_couchbase/mod.c | 17 +++++-
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 4 +-
8 files changed, 128 insertions(+), 52 deletions(-)
diff --git a/src/lib/print.c b/src/lib/print.c
index 67263bc..fc1ae42 100644
--- a/src/lib/print.c
+++ b/src/lib/print.c
@@ -314,6 +314,7 @@ size_t vp_data_prints_value(char *out, size_t outlen,
char const *a = NULL;
time_t t;
struct tm s_tm;
+ unsigned int i;
size_t len = 0, freespace = outlen;
@@ -365,15 +366,24 @@ size_t vp_data_prints_value(char *out, size_t outlen,
return fr_print_string(data->strvalue, data_len, out, outlen);
case PW_TYPE_INTEGER:
- case PW_TYPE_BYTE:
+ i = data->integer;
+ goto print_int;
+
case PW_TYPE_SHORT:
+ i = data->ushort;
+ goto print_int;
+
+ case PW_TYPE_BYTE:
+ i = data->byte;
+
+print_int:
/* Normal, non-tagged attribute */
- if ((v = dict_valbyattr(da->attr, da->vendor, data->integer)) != NULL) {
+ if ((v = dict_valbyattr(da->attr, da->vendor, i)) != NULL) {
a = v->name;
len = strlen(a);
} else {
/* should never be truncated */
- len = snprintf(buf, sizeof(buf), "%u", data->integer);
+ len = snprintf(buf, sizeof(buf), "%u", i);
a = buf;
}
break;
@@ -590,12 +600,20 @@ size_t vp_prints_value_json(char *out, size_t outlen, VALUE_PAIR const *vp)
if (!vp->da->flags.has_tag) {
switch (vp->da->type) {
case PW_TYPE_INTEGER:
- case PW_TYPE_BYTE:
- case PW_TYPE_SHORT:
if (vp->da->flags.has_value) break;
return snprintf(out, freespace, "%u", vp->vp_integer);
+ case PW_TYPE_SHORT:
+ if (vp->da->flags.has_value) break;
+
+ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_short);
+
+ case PW_TYPE_BYTE:
+ if (vp->da->flags.has_value) break;
+
+ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_byte);
+
case PW_TYPE_SIGNED:
return snprintf(out, freespace, "%d", vp->vp_signed);
@@ -834,6 +852,8 @@ void vp_printlist(FILE *fp, VALUE_PAIR const *vp)
char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape)
{
char *p;
+ unsigned int i;
+ DICT_VALUE const *dv;
switch (vp->da->type) {
case PW_TYPE_STRING:
@@ -860,19 +880,23 @@ char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape)
break;
}
- case PW_TYPE_BYTE:
- case PW_TYPE_SHORT:
case PW_TYPE_INTEGER:
- {
- DICT_VALUE *dv;
+ i = vp->vp_integer;
+ goto print_int;
- dv = dict_valbyattr(vp->da->attr, vp->da->vendor,
- vp->vp_integer);
- if (dv) {
- p = talloc_typed_strdup(ctx, dv->name);
- } else {
- p = talloc_typed_asprintf(ctx, "%u", vp->vp_integer);
- }
+ case PW_TYPE_SHORT:
+ i = vp->vp_short;
+ goto print_int;
+
+ case PW_TYPE_BYTE:
+ i = vp->vp_byte;
+
+ print_int:
+ dv = dict_valbyattr(vp->da->attr, vp->da->vendor, i);
+ if (dv) {
+ p = talloc_typed_strdup(ctx, dv->name);
+ } else {
+ p = talloc_typed_asprintf(ctx, "%u", i);
}
break;
diff --git a/src/lib/radius.c b/src/lib/radius.c
index 0a40682..aabc545 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -3984,18 +3984,18 @@ ssize_t rad_vp2data(uint8_t const **out, VALUE_PAIR const *vp)
}
case PW_TYPE_BOOLEAN:
- buffer[0] = vp->vp_integer & 0x01;
+ buffer[0] = vp->vp_byte & 0x01;
*out = buffer;
break;
case PW_TYPE_BYTE:
- buffer[0] = vp->vp_integer & 0xff;
+ buffer[0] = vp->vp_byte & 0xff;
*out = buffer;
break;
case PW_TYPE_SHORT:
- buffer[0] = (vp->vp_integer >> 8) & 0xff;
- buffer[1] = vp->vp_integer & 0xff;
+ buffer[0] = (vp->vp_short >> 8) & 0xff;
+ buffer[1] = vp->vp_short & 0xff;
*out = buffer;
break;
diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c
index 9dcae70..7d6ee88 100644
--- a/src/lib/valuepair.c
+++ b/src/lib/valuepair.c
@@ -1369,65 +1369,100 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t inlen)
case PW_TYPE_BYTE:
{
char *p;
- vp->length = 1;
+ unsigned int i;
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = fr_strtoul(value, &p);
- if (!*p) {
- if (vp->vp_integer > 255) {
+ i = fr_strtoul(value, &p);
+
+ /*
+ * Look for the named value for the given
+ * attribute.
+ */
+ if (*p && !is_whitespace(p)) {
+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) {
+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name);
+ return -1;
+ }
+
+ vp->vp_byte = dval->value;
+ } else {
+ if (i > 255) {
fr_strerror_printf("Byte value \"%s\" is larger than 255", value);
return -1;
}
- break;
+
+ vp->vp_byte = i;
}
- if (is_whitespace(p)) break;
+
+ vp->length = 1;
+ break;
}
- goto check_for_value;
case PW_TYPE_SHORT:
{
char *p;
+ unsigned int i;
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = fr_strtoul(value, &p);
- vp->length = 2;
- if (!*p) {
- if (vp->vp_integer > 65535) {
- fr_strerror_printf("Byte value \"%s\" is larger than 65535", value);
+ i = fr_strtoul(value, &p);
+
+ /*
+ * Look for the named value for the given
+ * attribute.
+ */
+ if (*p && !is_whitespace(p)) {
+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) {
+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name);
return -1;
}
- break;
+
+ vp->vp_short = dval->value;
+ } else {
+ if (i > 65535) {
+ fr_strerror_printf("Short value \"%s\" is larger than 65535", value);
+ return -1;
+ }
+
+ vp->vp_short = i;
}
- if (is_whitespace(p)) break;
+
+ vp->length = 2;
+ break;
}
- goto check_for_value;
case PW_TYPE_INTEGER:
{
char *p;
+ unsigned int i;
/*
* Note that ALL integers are unsigned!
*/
- vp->vp_integer = fr_strtoul(value, &p);
- vp->length = 4;
- if (!*p) break;
- if (is_whitespace(p)) break;
+ i = fr_strtoul(value, &p);
- check_for_value:
/*
* Look for the named value for the given
* attribute.
*/
- if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) {
- fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name);
- return -1;
+ if (*p && !is_whitespace(p)) {
+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) {
+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name);
+ return -1;
+ }
+
+ vp->vp_integer = dval->value;
+ } else {
+ /*
+ * Value is always within the limits
+ */
+ vp->vp_integer = i;
}
- vp->vp_integer = dval->value;
+
+ vp->length = 4;
}
break;
diff --git a/src/main/evaluate.c b/src/main/evaluate.c
index 5cf597d..a100c70 100644
--- a/src/main/evaluate.c
+++ b/src/main/evaluate.c
@@ -485,11 +485,11 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src)
break;
case PW_TYPE_SHORT:
- dst->vp_integer = ntohs(*(uint16_t const *) src->vp_octets);
+ dst->vp_short = ntohs(*(uint16_t const *) src->vp_octets);
break;
case PW_TYPE_BYTE:
- dst->vp_integer = src->vp_octets[0];
+ dst->vp_byte = src->vp_octets[0];
break;
default:
diff --git a/src/main/valuepair.c b/src/main/valuepair.c
index dc2bfc7..2dd517a 100644
--- a/src/main/valuepair.c
+++ b/src/main/valuepair.c
@@ -180,7 +180,11 @@ int radius_compare_vps(UNUSED REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *v
break;
case PW_TYPE_BYTE:
+ ret = vp->vp_byte - check->vp_byte;
+ break;
case PW_TYPE_SHORT:
+ ret = vp->vp_short - check->vp_short;
+ break;
case PW_TYPE_INTEGER:
ret = vp->vp_integer - check->vp_integer;
break;
diff --git a/src/main/xlat.c b/src/main/xlat.c
index f2c8aff..a069919 100644
--- a/src/main/xlat.c
+++ b/src/main/xlat.c
@@ -177,9 +177,11 @@ static ssize_t xlat_integer(UNUSED void *instance, REQUEST *request,
case PW_TYPE_INTEGER:
case PW_TYPE_DATE:
+ return snprintf(out, outlen, "%u", vp->vp_integer);
case PW_TYPE_BYTE:
+ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_byte);
case PW_TYPE_SHORT:
- return snprintf(out, outlen, "%u", vp->vp_integer);
+ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_short);
/*
* Ethernet is weird... It's network related, so we assume to it should be
diff --git a/src/modules/rlm_couchbase/mod.c b/src/modules/rlm_couchbase/mod.c
index cc14677..36406a0 100644
--- a/src/modules/rlm_couchbase/mod.c
+++ b/src/modules/rlm_couchbase/mod.c
@@ -296,22 +296,33 @@ json_object *mod_value_pair_to_json_object(REQUEST *request, VALUE_PAIR *vp)
/* add this attribute/value pair to our json output */
if (!vp->da->flags.has_tag) {
+ unsigned int i;
+
switch (vp->da->type) {
case PW_TYPE_INTEGER:
- case PW_TYPE_BYTE:
+ i = vp->vp_integer;
+ goto print_int;
+
case PW_TYPE_SHORT:
+ i = vp->vp_short;
+ goto print_int;
+
+ case PW_TYPE_BYTE:
+ i = vp->vp_byte;
+
+ print_int:
/* skip if we have flags */
if (vp->da->flags.has_value) break;
#ifdef HAVE_JSON_OBJECT_NEW_INT64
/* debug */
RDEBUG3("creating new int64 for unsigned 32 bit int/byte/short '%s'", vp->da->name);
/* return as 64 bit int - JSON spec does not support unsigned ints */
- return json_object_new_int64(vp->vp_integer);
+ return json_object_new_int64(i);
#else
/* debug */
RDEBUG3("creating new int for unsigned 32 bit int/byte/short '%s'", vp->da->name);
/* return as 64 bit int - JSON spec does not support unsigned ints */
- return json_object_new_int(vp->vp_integer);
+ return json_object_new_int(i);
#endif
break;
case PW_TYPE_SIGNED:
diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index 152f4ca..55e8e14 100644
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -325,12 +325,12 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl,
case PW_TYPE_BYTE:
if (size != vp->length) goto raw;
- vp->vp_integer = data[0];
+ vp->vp_byte = data[0];
break;
case PW_TYPE_SHORT:
if (size != vp->length) goto raw;
- vp->vp_integer = (data[0] * 256) + data[1];
+ vp->vp_short = (data[0] * 256) + data[1];
break;
case PW_TYPE_SIGNED:
--
2.1.0

50
freeradius-dont-detach-after-perl_parse.patch Normal file
View File

@ -0,0 +1,50 @@
From fa9b2cd01fb5dbe583f5063f611a45c9d033a54a Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Tue, 30 Sep 2014 16:19:47 +0300
Subject: [PATCH 1/1] perl: Don't call detach after failed perl_parse
Don't call "detach" callback in rlm_perl, if perl_parse of the Perl
module failed.
This fixes segfault when the module file cannot be read:
Can't open perl script "/etc/raddb/mods-config/perl/example.pl": Permission denied
rlm_perl: perl_parse failed: /etc/raddb/mods-config/perl/example.pl not found or has syntax errors.
/etc/raddb/mods-enabled/perl[7]: Instantiation failed for module "perl"
Segmentation fault
---
src/modules/rlm_perl/rlm_perl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c
index d423524..039d7c8 100644
--- a/src/modules/rlm_perl/rlm_perl.c
+++ b/src/modules/rlm_perl/rlm_perl.c
@@ -73,6 +73,7 @@ typedef struct rlm_perl_t {
char const *xlat_name;
char const *perl_flags;
PerlInterpreter *perl;
+ bool perl_parsed;
pthread_key_t *thread_key;
#ifdef USE_ITHREADS
@@ -538,6 +539,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
PL_endav = (AV *)NULL;
if(!exitstatus) {
+ inst->perl_parsed = true;
perl_run(inst->perl);
} else {
ERROR("rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module);
@@ -1012,7 +1014,7 @@ static int mod_detach(void *instance)
}
#endif
- if (inst->func_detach) {
+ if (inst->perl_parsed && inst->func_detach) {
dTHXa(inst->perl);
PERL_SET_CONTEXT(inst->perl);
{
--
2.1.0

46
freeradius-dont-swap-uint128-printing-on-be.patch Normal file
View File

@ -0,0 +1,46 @@
From 168275c3f4ffe9d0e09ed7a3789b45b440416f73 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Wed, 1 Oct 2014 16:32:11 +0300
Subject: [PATCH 4/4] Don't assume little-endian in fr_prints_uint128
Add handling of big-endian architectures to fr_prints_uint128.
---
src/lib/misc.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/lib/misc.c b/src/lib/misc.c
index 66171ff..d0ccd6c 100644
--- a/src/lib/misc.c
+++ b/src/lib/misc.c
@@ -1366,6 +1366,13 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num)
uint64_t n[2];
char *p = buff;
int i;
+#ifdef RADIUS_LITTLE_ENDIAN
+ const size_t l = 0;
+ const size_t h = 1;
+#else
+ const size_t l = 1;
+ const size_t h = 0;
+#endif
memset(buff, '0', sizeof(buff) - 1);
buff[sizeof(buff) - 1] = '\0';
@@ -1376,11 +1383,11 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num)
ssize_t j;
int carry;
- carry = (n[1] >= 0x8000000000000000);
+ carry = (n[h] >= 0x8000000000000000);
// Shift n[] left, doubling it
- n[1] = ((n[1] << 1) & 0xffffffffffffffff) + (n[0] >= 0x8000000000000000);
- n[0] = ((n[0] << 1) & 0xffffffffffffffff);
+ n[h] = ((n[h] << 1) & 0xffffffffffffffff) + (n[l] >= 0x8000000000000000);
+ n[l] = ((n[l] << 1) & 0xffffffffffffffff);
// Add s[] to itself in decimal, doubling it
for (j = sizeof(buff) - 2; j >= 0; j--) {
--
2.1.0

27
freeradius-dont-truncate-uint64.patch Normal file
View File

@ -0,0 +1,27 @@
From de77beacf1c0bd64335f0f949af9da71437d3ba5 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Tue, 30 Sep 2014 22:27:36 +0300
Subject: [PATCH 1/4] Don't truncate 64-bit integers in do_cast_copy
Assign converted octets to vp_integer64, instead of vp_integer to avoid
truncation in do_cast_copy.
---
src/main/evaluate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/evaluate.c b/src/main/evaluate.c
index f91d482..5cf597d 100644
--- a/src/main/evaluate.c
+++ b/src/main/evaluate.c
@@ -475,7 +475,7 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src)
do_octets:
switch (dst->da->type) {
case PW_TYPE_INTEGER64:
- dst->vp_integer = ntohll(*(uint64_t const *) src->vp_octets);
+ dst->vp_integer64 = ntohll(*(uint64_t const *) src->vp_octets);
break;
case PW_TYPE_INTEGER:
--
2.1.0

40
freeradius-fix-dhcp-dictionary-loading.patch Normal file
View File

@ -0,0 +1,40 @@
From dda57af171687d60e21e8e2620e87b25939d0c29 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Mon, 6 Oct 2014 17:00:25 +0300
Subject: [PATCH 1/1] dhcpclient: Load dictionary.dhcp from DICTDIR.
Load dictionary.dhcp from DICTDIR instead of RADDBDIR in dhcpclient.c,
as it is found only in the former.
This fixes the following error printed when invoking dhcpclient:
Failed reading dictionary.dhcp: dict_init: Couldn't open dictionary
"/etc/raddb/dictionary.dhcp": No such file or directory
---
src/modules/proto_dhcp/dhcpclient.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/modules/proto_dhcp/dhcpclient.c b/src/modules/proto_dhcp/dhcpclient.c
index b29b9a2..ac52ffd 100644
--- a/src/modules/proto_dhcp/dhcpclient.c
+++ b/src/modules/proto_dhcp/dhcpclient.c
@@ -264,6 +264,7 @@ int main(int argc, char **argv)
char *p;
int c;
char const *radius_dir = RADDBDIR;
+ char const *dict_dir = DICTDIR;
char const *filename = NULL;
DICT_ATTR const *da;
@@ -315,7 +316,7 @@ int main(int argc, char **argv)
*/
da = dict_attrbyname("DHCP-Message-Type");
if (!da) {
- if (dict_read(radius_dir, "dictionary.dhcp") < 0) {
+ if (dict_read(dict_dir, "dictionary.dhcp") < 0) {
fprintf(stderr, "Failed reading dictionary.dhcp: %s",
fr_strerror());
return -1;
--
2.1.1

168
freeradius-prefix-endian-macros.patch Normal file
View File

@ -0,0 +1,168 @@
From 4a906c702ac31da5977eba6698fa5435474cb47f Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Wed, 1 Oct 2014 15:11:12 +0300
Subject: [PATCH 3/4] Prefix *_ENDIAN macros with RADIUS_
Rename LITTLE_ENDIAN and BIG_ENDIAN macros to RADIUS_LITTLE_ENDIAN and
RADIUS_BIG_ENDIAN respectively to avoid clashes with
/usr/include/endian.h defines, which result in always assuming
little-endian architecture.
---
configure | 4 ++--
configure.ac | 4 ++--
src/include/autoconf.h.in | 16 ++++++++--------
src/include/build.h | 6 +++---
src/include/missing-h | 4 ++--
src/lib/missing.c | 2 +-
src/main/version.c | 4 ++--
7 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/configure b/configure
index f15072d..1b54efd 100755
--- a/configure
+++ b/configure
@@ -4771,11 +4771,11 @@ $as_echo "$ac_cv_c_bigendian" >&6; }
case $ac_cv_c_bigendian in #(
yes)
-$as_echo "#define BIG_ENDIAN 1" >>confdefs.h
+$as_echo "#define RADIUS_BIG_ENDIAN 1" >>confdefs.h
;; #(
no)
-$as_echo "#define LITTLE_ENDIAN 1" >>confdefs.h
+$as_echo "#define RADIUS_LITTLE_ENDIAN 1" >>confdefs.h
;; #(
universal)
diff --git a/configure.ac b/configure.ac
index 76466ec..30b226b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -167,8 +167,8 @@ dnl # check for system bytesex
dnl # AC_DEFINES WORDS_BIGENDIAN
dnl #
AC_C_BIGENDIAN(
- [AC_DEFINE(BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])],
- [AC_DEFINE(LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])]
+ [AC_DEFINE(RADIUS_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])],
+ [AC_DEFINE(RADIUS_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])]
)
dnl #
diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in
index 6e6e355..c313bca 100644
--- a/src/include/autoconf.h.in
+++ b/src/include/autoconf.h.in
@@ -3,10 +3,6 @@
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
-/* Define if your processor stores words with the most significant byte first
- */
-#undef BIG_ENDIAN
-
/* BSD-Style get*byaddr_r */
#undef BSDSTYLE
@@ -443,10 +439,6 @@
/* compiler specific 128 bit unsigned integer */
#undef HAVE___UINT128_T
-/* Define if your processor stores words with the least significant byte first
- */
-#undef LITTLE_ENDIAN
-
/* define if you have OSFC2 authentication */
#undef OSFC2
@@ -483,6 +475,14 @@
/* Raw version string from VERSION file */
#undef RADIUSD_VERSION_STRING
+/* Define if your processor stores words with the most significant byte first
+ */
+#undef RADIUS_BIG_ENDIAN
+
+/* Define if your processor stores words with the least significant byte first
+ */
+#undef RADIUS_LITTLE_ENDIAN
+
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
diff --git a/src/include/build.h b/src/include/build.h
index 66c3087..4c1bf1a 100644
--- a/src/include/build.h
+++ b/src/include/build.h
@@ -105,13 +105,13 @@ extern "C" {
* Here at least the endianess can be set explicitly with
* -DLITTLE_ENDIAN or -DBIG_ENDIAN.
*/
-#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
+#if !defined(RADIUS_LITTLE_ENDIAN) && !defined(RADIUS_BIG_ENDIAN)
# if defined(__LITTLE_ENDIAN__) || \
(defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__))
-# define LITTLE_ENDIAN 1
+# define RADIUS_LITTLE_ENDIAN 1
# elif defined(__BIG_ENDIAN__) || \
(defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__))
-# define BIG_ENDIAN 1
+# define RADIUS_BIG_ENDIAN 1
# else
# error Failed determining endianness of system
# endif
diff --git a/src/include/missing-h b/src/include/missing-h
index 3f286a4..7136172 100644
--- a/src/include/missing-h
+++ b/src/include/missing-h
@@ -424,7 +424,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t;
/* abcd efgh -> dcba hgfe -> hgfe dcba */
#ifndef HAVE_HTON_LL
-# ifdef LITTLE_ENDIAN
+# ifdef RADIUS_LITTLE_ENDIAN
# ifdef HAVE_BUILTIN_BSWAP64
# define ntohll(x) __builtin_bswap64(x)
# else
@@ -437,7 +437,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t;
#endif
#ifndef HAVE_HTON_LLL
-# ifdef LITTLE_ENDIAN
+# ifdef RADIUS_LITTLE_ENDIAN
# ifdef HAVE_128BIT_INTEGERS
# define ntohlll(x) (((uint128_t)ntohll((uint64_t)(x >> 64))) | (((uint128_t)ntohll(((uint64_t) x)) << 64)))
# else
diff --git a/src/lib/missing.c b/src/lib/missing.c
index 4598c8f..efd5461 100644
--- a/src/lib/missing.c
+++ b/src/lib/missing.c
@@ -273,7 +273,7 @@ ntp2timeval(struct timeval *tv, char const *ntp)
tv->tv_usec = usec / 4295; /* close enough */
}
-#if !defined(HAVE_128BIT_INTEGERS) && defined(LITTLE_ENDIAN)
+#if !defined(HAVE_128BIT_INTEGERS) && defined(RADIUS_LITTLE_ENDIAN)
/** Swap byte order of 128 bit integer
*
* @param num 128bit integer to swap.
diff --git a/src/main/version.c b/src/main/version.c
index 0aba383..8b56ffa 100644
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -276,9 +276,9 @@ void version(void)
DEBUG3(" 0x%llx", (unsigned long long) libmagic);
DEBUG3("Endianess:");
-#if defined(LITTLE_ENDIAN)
+#if defined(RADIUS_LITTLE_ENDIAN)
DEBUG3(" little");
-#elif defined(BIG_ENDIAN)
+#elif defined(RADIUS_BIG_ENDIAN)
DEBUG3(" big");
#else
DEBUG3(" unknown");
--
2.1.0

48
freeradius-talloc-dummy-request.patch Normal file
View File

@ -0,0 +1,48 @@
From 03c5915208234255484ece4c233c9e252776e3a3 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Mon, 29 Sep 2014 17:40:10 +0300
Subject: [PATCH 1/1] process: Talloc home_trigger dummy request
Allocate the dummy request in home_trigger with talloc, instead of
allocating it on the stack, as the rest of the code expects it to be a
valid talloc context.
This fixes a talloc_abort resulting from xlat_tokenize_request invoking
talloc_typed_strdup with the dummy request as the talloc context.
---
src/main/process.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/main/process.c b/src/main/process.c
index 76ce4ea..7e1a51e 100644
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -3212,16 +3212,17 @@ static void ping_home_server(void *ctx)
static void home_trigger(home_server_t *home, char const *trigger)
{
- REQUEST my_request;
- RADIUS_PACKET my_packet;
+ REQUEST *my_request;
+ RADIUS_PACKET *my_packet;
- memset(&my_request, 0, sizeof(my_request));
- memset(&my_packet, 0, sizeof(my_packet));
- my_request.proxy = &my_packet;
- my_packet.dst_ipaddr = home->ipaddr;
- my_packet.src_ipaddr = home->src_ipaddr;
+ my_request = talloc_zero(NULL, REQUEST);
+ my_packet = talloc_zero(my_request, RADIUS_PACKET);
+ my_request->proxy = my_packet;
+ my_packet->dst_ipaddr = home->ipaddr;
+ my_packet->src_ipaddr = home->src_ipaddr;
- exec_trigger(&my_request, home->cs, trigger, false);
+ exec_trigger(my_request, home->cs, trigger, false);
+ talloc_free(my_request);
}
static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window)
--
2.1.0

25
freeradius.spec
View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.4
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
@ -24,6 +24,13 @@ Source104: freeradius-tmpfiles.conf
Patch1: freeradius-redhat-config.patch
Patch2: freeradius-postgres-sql.patch
Patch3: freeradius-heartbleed-confirm.patch
Patch4: freeradius-talloc-dummy-request.patch
Patch5: freeradius-dont-detach-after-perl_parse.patch
Patch6: freeradius-access-union-consistently.patch
Patch7: freeradius-dont-truncate-uint64.patch
Patch8: freeradius-prefix-endian-macros.patch
Patch9: freeradius-dont-swap-uint128-printing-on-be.patch
Patch10: freeradius-fix-dhcp-dictionary-loading.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@ -183,6 +190,13 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build
# Force compile/link options, extra security for network facing daemon
@ -658,7 +672,7 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/perl
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/perl
/etc/raddb/mods-config/perl/example.pl
%attr(640,root,radiusd) /etc/raddb/mods-config/perl/example.pl
%{_libdir}/freeradius/rlm_perl.so
@ -764,6 +778,13 @@ exit 0
%{_libdir}/freeradius/rlm_sql_unixodbc.so
%changelog
* Mon Oct 6 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.4-2
- Fix abort on home server triggers.
- Fix segfault upon example.pl read failure.
- Fix example.pl permissions.
- Fix integer handling in various cases.
- Fix dhcpclient's dictionary.dhcp loading.
* Mon Sep 15 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.4-1
- Upgrade to upstream 3.0.4 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).