From 438ed2329e36abe0ea33ec6f9768ffb879c3c3ee Mon Sep 17 00:00:00 2001 From: Faidon Liambotis Date: Thu, 5 Sep 2019 02:55:10 +0300 Subject: [PATCH 01/12] Fix radsecproxy.conf.5 manpage errors Remove references to 'T<' and 'T>' macros, as well as a a reference to a URL macro. The latter was for a pointer to RFC 6614, which is entirely removed as not overly helpful. Fixes: #49 --- radsecproxy.conf.5 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 8d1c7dd..5a30425 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -222,7 +222,7 @@ not supported. The FTicksPrefix option is used to set the \fIprefix\fR printed in F-Ticks messages. This allows for use of F-Ticks messages in non-eduroam environments. If no FTicksPrefix option is given, it defaults to the prefix used for eduroam -(\*(T) +(\fIF\-TICKS/eduroam/1.0\fR). .RE @@ -915,5 +915,4 @@ subattributes are removed. .RE .SH "SEE ALSO" -\fBradsecproxy\fR(1), -.URL https://tools.ietf.org/html/rfc6614 " Transport Layer Security (TLS) Encryption for RADIUS " +\fBradsecproxy\fR(1) From 1e12b94c020a241a4ec395667bf857164c65bbc8 Mon Sep 17 00:00:00 2001 From: Faidon Liambotis Date: Thu, 5 Sep 2019 03:40:45 +0300 Subject: [PATCH 02/12] Avoid the hardcoding of /usr/local/etc On Linux systems, sysconfdir is usually /etc, while all the documentation refers to /usr/local/etc. Switch the two manpages that need to refer to the config file location to autoconf-substituted variables, and remove a spurious reference from the example config. --- .gitignore | 2 ++ README | 6 +++--- configure.ac | 10 ++++++++++ radsecproxy.1 => radsecproxy.1.in | 2 +- radsecproxy.conf-example | 3 +-- radsecproxy.conf.5 => radsecproxy.conf.5.in | 4 ++-- 6 files changed, 19 insertions(+), 8 deletions(-) rename radsecproxy.1 => radsecproxy.1.in (98%) rename radsecproxy.conf.5 => radsecproxy.conf.5.in (99%) diff --git a/.gitignore b/.gitignore index fa95497..b7d90ba 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,8 @@ TAGS radsecproxy radsecproxy-conf radsecproxy-hash +radsecproxy.1 +radsecproxy.conf.5 build-aux/* tests/t_fticks tests/t_rewrite diff --git a/README b/README index 5576b5e..9ce2df2 100644 --- a/README +++ b/README @@ -13,9 +13,9 @@ support. Without any special options to configure, all transports supported by the system will be enabled. See the output from "./configure --help" for how to change this. -To use radsecproxy you need to create a config file which is normally -found in /usr/local/etc/radsecproxy.conf. You can also specify the -location with the "-c" command line option (see below). For further +To use radsecproxy you need to create a config file which is normally found in +/etc/radsecproxy.conf or /usr/local/etc/radsecproxy.conf. You can also specify +the location with the "-c" command line option (see below). For further instructions, please see the enclosed example file and the manpages radsecproxy(1) and radsecproxy.conf(5) diff --git a/configure.ac b/configure.ac index 55d0921..4d53e89 100644 --- a/configure.ac +++ b/configure.ac @@ -92,6 +92,16 @@ if test "x$dtls" = "xyes" ; then TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_DTLS" fi +dnl Substitute variables such as sysconfdir +AC_CONFIG_FILES([radsecproxy.1 radsecproxy.conf.5]) + +dnl Expand sysconfdir early to avoid two layers of substitution +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' +SYSCONFDIR=`eval echo $sysconfdir` +SYSCONFDIR=`eval echo $SYSCONFDIR` +AC_SUBST(SYSCONFDIR) + AC_SUBST(TARGET_CFLAGS) AC_SUBST(TARGET_LDFLAGS) AX_CHECK_SSL diff --git a/radsecproxy.1 b/radsecproxy.1.in similarity index 98% rename from radsecproxy.1 rename to radsecproxy.1.in index b556ba7..5a5c9e0 100644 --- a/radsecproxy.1 +++ b/radsecproxy.1.in @@ -84,7 +84,7 @@ This signal is ignored. .SH "FILES" .TP -.B /usr/local/etc/radsecproxy.conf +.B @SYSCONFDIR@/radsecproxy.conf .sp The default configuration file. diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index c9347ee..1730e55 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -1,5 +1,4 @@ -# Master config file, must be in /usr/local/etc/radsecproxy or specified with -c option -# All possible config options are listed below +# Master config file, all possible config options are listed below # First you may define any global options, these are: # diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5.in similarity index 99% rename from radsecproxy.conf.5 rename to radsecproxy.conf.5.in index 5a30425..5b79e82 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5.in @@ -6,7 +6,7 @@ radsecproxy.conf \- Radsec proxy configuration file .SH DESCRIPTION When the proxy server starts, it will first check the command line arguments, and then read the configuration file. Normally radsecproxy will read the -configuration file \fI/usr/local/etc/radsecproxy.conf\fR. The command line +configuration file \fI@SYSCONFDIR@/radsecproxy.conf\fR. The command line \fB\-c\fR option can be used to instead read an alternate file (see \fBradsecproxy\fR(1) for details). @@ -79,7 +79,7 @@ be included. The value can be a single file, or it can use normal shell globbing to specify multiple files, e.g.: .RS -include /usr/local/etc/radsecproxy.conf.d/*.conf +include @SYSCONFDIR@/radsecproxy.conf.d/*.conf .RE The files are sorted alphabetically. Included files are read in the order they From 2ec81cae3824950d44e53e22e4b505254d2d761e Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Mon, 30 Sep 2019 14:27:59 +0200 Subject: [PATCH 03/12] update ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 4b07ae7..4c56953 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ - Fix BSD platform issues - Fix spelling in log messages and manpages - Fix compile issues for unit tests + - Don't hardcode location of config files 2019-07-04 1.8.0 New features: From de8b9434a19d34da77215cc6093700bccb5115d9 Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Mon, 30 Sep 2019 16:32:08 +0200 Subject: [PATCH 04/12] ready for radsecproxy 1.8.1 --- ChangeLog | 2 +- README | 2 +- configure.ac | 2 +- radsecproxy.conf.5.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4c56953..aed6337 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -2019-09-30 changes since 1.8.0 +2019-10-01 1.8.1 Bug fixes: - Handle Tunnel-Password attribute correctly - Fix BSD platform issues diff --git a/README b/README index 9ce2df2..28dfdc2 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is radsecproxy 1.8.0 +This is radsecproxy 1.8.1 radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. There is also experimental support for diff --git a/configure.ac b/configure.ac index 4d53e89..a5b8356 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl Copyright (c) 2006-2010, UNINETT AS dnl Copyright (c) 2010-2013,2016, NORDUnet A/S dnl See LICENSE for licensing information. -AC_INIT(radsecproxy, 1.8.0, https://radsecproxy.github.io) +AC_INIT(radsecproxy, 1.8.1, https://radsecproxy.github.io) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_TARGET AM_INIT_AUTOMAKE diff --git a/radsecproxy.conf.5.in b/radsecproxy.conf.5.in index 5b79e82..10d9a3f 100644 --- a/radsecproxy.conf.5.in +++ b/radsecproxy.conf.5.in @@ -1,4 +1,4 @@ -.TH radsecproxy.conf 5 2019-07-04 "radsecproxy 1.8.0" "" +.TH radsecproxy.conf 5 2019-10-01 "radsecproxy 1.8.1" "" .SH NAME radsecproxy.conf \- Radsec proxy configuration file From 93f47610f710a173ccafed8762ab81c2a09552fe Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Wed, 16 Oct 2019 18:55:14 +0200 Subject: [PATCH 05/12] Fix wrong config-unhexing if %25 (%) occurs --- ChangeLog | 4 +++ gconfig.c | 63 ++++++++++++++++++++++------------------ gconfig.h | 2 ++ radsecproxy.c | 12 ++++---- tests/t_rewrite_config.c | 6 ++-- 5 files changed, 50 insertions(+), 37 deletions(-) diff --git a/ChangeLog b/ChangeLog index aed6337..03021f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +chanes since 1.8.1 + Bug fixes: + - Fix wrong config-unhexing if %25 (%) occurs + 2019-10-01 1.8.1 Bug fixes: - Handle Tunnel-Password attribute correctly diff --git a/gconfig.c b/gconfig.c index 81fe63e..db60501 100644 --- a/gconfig.c +++ b/gconfig.c @@ -415,12 +415,14 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) { while ((word = va_arg(ap, char *))) { type = va_arg(ap, int); switch (type) { - case CONF_STR: + case CONF_STR: /*intentional fall-thru, these are identical*/ + case CONF_STR_NOESC: str = va_arg(ap, char **); if (!str) goto errparam; break; - case CONF_MSTR: + case CONF_MSTR: /*intentional fall-thru, these are identical*/ + case CONF_MSTR_NOESC: mstr = va_arg(ap, char ***); if (!mstr) goto errparam; @@ -456,38 +458,43 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) { goto errexit; } - if (((type == CONF_STR || type == CONF_MSTR || type == CONF_BLN || type == CONF_LINT) && conftype != CONF_STR) || - (type == CONF_CBK && conftype != CONF_CBK)) { + if (((type == CONF_STR || type == CONF_STR_NOESC || type == CONF_MSTR || type == CONF_MSTR_NOESC || + type == CONF_BLN || type == CONF_LINT) && conftype != CONF_STR) || + (type == CONF_CBK && conftype != CONF_CBK)) { if (block) debug(DBG_ERR, "configuration error in block %s, wrong syntax for option %s", block, opt); debug(DBG_ERR, "configuration error, wrong syntax for option %s", opt); goto errexit; } - switch (type) { - case CONF_STR: - if (*str) { - debug(DBG_ERR, "configuration error, option %s already set to %s", opt, *str); - goto errexit; - } - unhex(val,0); - *str = val; - break; - case CONF_MSTR: - if (*mstr) - for (n = 0; (*mstr)[n]; n++); - else - n = 0; - newmstr = realloc(*mstr, sizeof(char *) * (n + 2)); - if (!newmstr) { - debug(DBG_ERR, "malloc failed"); - goto errexit; - } - unhex(val,0); - newmstr[n] = val; - newmstr[n + 1] = NULL; - *mstr = newmstr; - break; + switch (type) { + case CONF_STR: /*intentional fall-thru, these are almost identical*/ + case CONF_STR_NOESC: + if (*str) { + debug(DBG_ERR, "configuration error, option %s already set to %s", opt, *str); + goto errexit; + } + if (type == CONF_STR) + unhex(val,0); + *str = val; + break; + case CONF_MSTR: /*intentional fall-thru, these are almost identical*/ + case CONF_MSTR_NOESC: + if (*mstr) + for (n = 0; (*mstr)[n]; n++); + else + n = 0; + newmstr = realloc(*mstr, sizeof(char *) * (n + 2)); + if (!newmstr) { + debug(DBG_ERR, "malloc failed"); + goto errexit; + } + if (type == CONF_MSTR) + unhex(val,0); + newmstr[n] = val; + newmstr[n + 1] = NULL; + *mstr = newmstr; + break; case CONF_BLN: if (!strcasecmp(val, "on")) *bln = 1; diff --git a/gconfig.h b/gconfig.h index a5276f1..6657d96 100644 --- a/gconfig.h +++ b/gconfig.h @@ -6,6 +6,8 @@ #define CONF_MSTR 3 #define CONF_BLN 4 #define CONF_LINT 5 +#define CONF_STR_NOESC 6 +#define CONF_MSTR_NOESC 7 #include diff --git a/radsecproxy.c b/radsecproxy.c index 76b9f90..d5204db 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -2322,7 +2322,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "host", CONF_MSTR, &conf->hostsrc, "IPv4Only", CONF_BLN, &ipv4only, "IPv6Only", CONF_BLN, &ipv6only, - "secret", CONF_STR, &conf->confsecret, + "secret", CONF_STR_NOESC, &conf->confsecret, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "tls", CONF_STR, &conf->tls, "matchcertificateattribute", CONF_STR, &conf->matchcertattr, @@ -2523,7 +2523,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "IPv4Only", CONF_BLN, &ipv4only, "IPv6Only", CONF_BLN, &ipv6only, "port", CONF_STR, &conf->portsrc, - "secret", CONF_STR, &conf->confsecret, + "secret", CONF_STR_NOESC, &conf->confsecret, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "tls", CONF_STR, &conf->tls, "MatchCertificateAttribute", CONF_STR, &conf->matchcertattr, @@ -2688,12 +2688,12 @@ int confrewrite_cb(struct gconffile **cf, void *arg, char *block, char *opt, cha "removeVendorAttribute", CONF_MSTR, &rmvattrs, "whitelistAttribute", CONF_MSTR, &wlattrs, "whitelistVendorAttribute", CONF_MSTR, &wlvattrs, - "addAttribute", CONF_MSTR, &addattrs, - "addVendorAttribute", CONF_MSTR, &addvattrs, + "addAttribute", CONF_MSTR_NOESC, &addattrs, + "addVendorAttribute", CONF_MSTR_NOESC, &addvattrs, "modifyAttribute", CONF_MSTR, &modattrs, "modifyVendorAttribute", CONF_MSTR, &modvattrs, - "supplementAttribute", CONF_MSTR, &supattrs, - "supplementVendorAttribute", CONF_MSTR, &supvattrs, + "supplementAttribute", CONF_MSTR_NOESC, &supattrs, + "supplementVendorAttribute", CONF_MSTR_NOESC, &supvattrs, NULL)) debugx(1, DBG_ERR, "configuration error"); addrewrite(val, whitelist_mode, whitelist_mode? wlattrs : rmattrs, whitelist_mode? wlvattrs : rmvattrs, diff --git a/tests/t_rewrite_config.c b/tests/t_rewrite_config.c index 97ae7fc..2e0ac89 100644 --- a/tests/t_rewrite_config.c +++ b/tests/t_rewrite_config.c @@ -17,16 +17,16 @@ main (int argc, char *argv[]) char **addattrs; int numtests = 1, i; struct tlv *tlv, *expected; - uint8_t expectedvalue[] = {'1',0,0,'1','A'}; + uint8_t expectedvalue[] = {'1',0,0,'1','A','%','4','1'}; printf("1..%d\n", numtests); numtests = 1; addattrs = malloc(2); - addattrs[0] = stringcopy("1:'1%00%001%41", 0); + addattrs[0] = stringcopy("1:'1%00%001%41%2541", 0); addattrs[1] = NULL; - expected = maketlv(1,5,expectedvalue); + expected = maketlv(1,8,expectedvalue); addrewrite(rewritename, 0, NULL, NULL, addattrs, NULL, NULL, NULL, NULL, NULL); From c1daf53d9bcff12619c55dd9538b42aadad1ff6c Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Sun, 2 Feb 2020 20:37:16 +0100 Subject: [PATCH 06/12] Declare pthread_attr as extern in header (fixes #63) GCC 10 compatibility as per https://gcc.gnu.org/gcc-10/porting_to.html --- radsecproxy.c | 1 + radsecproxy.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/radsecproxy.c b/radsecproxy.c index d5204db..1c575bc 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -84,6 +84,7 @@ extern int optind; extern char *optarg; #endif static const struct protodefs *protodefs[RAD_PROTOCOUNT]; +pthread_attr_t pthread_attr; /* minimum required declarations to avoid reordering code */ struct realm *adddynamicrealmserver(struct realm *realm, char *id); diff --git a/radsecproxy.h b/radsecproxy.h index 18a8702..d375a81 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -262,7 +262,7 @@ int radsrv(struct request *rq); void replyh(struct server *server, unsigned char *buf); struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); uint8_t *radattr2ascii(struct tlv *attr); /* TODO: mv this to radmsg? */ -pthread_attr_t pthread_attr; +extern pthread_attr_t pthread_attr; /* Local Variables: */ /* c-file-style: "stroustrup" */ From 91b6559d9747456a7db20c031d526465f47b96b7 Mon Sep 17 00:00:00 2001 From: Sven Hartge Date: Sun, 5 Jul 2020 15:04:37 +0200 Subject: [PATCH 07/12] Fix spelling error detected by lintian --- radsecproxy.conf.5.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radsecproxy.conf.5.in b/radsecproxy.conf.5.in index 10d9a3f..d2f947e 100644 --- a/radsecproxy.conf.5.in +++ b/radsecproxy.conf.5.in @@ -533,7 +533,7 @@ default to 1812 while TLS and DTLS will default to 2083. .BI "DynamicLookupCommand " command .RS -Execude the \fIcommand\fR to dynamically configure a server. The executable file +Execute the \fIcommand\fR to dynamically configure a server. The executable file should be given with full path and will be invoked with the name of the realm as its first and only argument. It should either print a valid \fBserver {...}\fR option on stdout and exit with a code of 0 or print nothing and exit with a From 63405d3006c2c012c0b5e2540cab6aace682bc97 Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Wed, 22 Jul 2020 15:35:57 +0200 Subject: [PATCH 08/12] update ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 03021f9..fc188a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ chanes since 1.8.1 Bug fixes: - Fix wrong config-unhexing if %25 (%) occurs + - Fix compatibility with GCC 10 (#63) + - Fix spelling in manpage 2019-10-01 1.8.1 Bug fixes: From 219fd23cb860837051f5273506c02298de8b09cd Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Thu, 23 Jul 2020 18:33:25 +0200 Subject: [PATCH 09/12] Fix modifyVendorAttribute not applied (#62) --- ChangeLog | 1 + rewrite.c | 6 ++-- tests/t_rewrite.c | 53 +++++++++++++++++++++++++++-- tests/t_rewrite_config.c | 73 +++++++++++++++++++++++++++++----------- 4 files changed, 107 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index fc188a1..8511116 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ chanes since 1.8.1 - Fix wrong config-unhexing if %25 (%) occurs - Fix compatibility with GCC 10 (#63) - Fix spelling in manpage + - Fix modifyVendorAttribute not applied (#62) 2019-10-01 1.8.1 Bug fixes: diff --git a/rewrite.c b/rewrite.c index fa50f95..04dae00 100644 --- a/rewrite.c +++ b/rewrite.c @@ -147,7 +147,7 @@ struct modattr *extractmodvattr(char *nameval) { s = strchr(nameval, ':'); vendor = atoi(nameval); - if (!s || !vendor || !strchr(s,':')) + if (!s || !vendor || !strchr(s+1,':')) return NULL; modvattr = extractmodattr(s+1); if (modvattr) @@ -278,7 +278,7 @@ void addrewrite(char *value, uint8_t whitelist_mode, char **rmattrs, char **rmva freegconfmstr(supvattrs); } - if (rma || rmva || adda || moda || supa) { + if (rma || rmva || adda || moda || modva || supa) { rewrite = malloc(sizeof(struct rewrite)); if (!rewrite) debugx(1, DBG_ERR, "malloc failed"); @@ -499,7 +499,7 @@ int dorewritemodvattr(struct tlv *vendortlv, struct modattr *modvattr) { int dorewritemod(struct radmsg *msg, struct list *modattrs, struct list *modvattrs) { struct list_node *n, *m; uint32_t vendor; - + for (n = list_first(msg->attrs); n; n = list_next(n)) { struct tlv *attr = (struct tlv *)n->data; if (attr->t == RAD_Attr_Vendor_Specific) { diff --git a/tests/t_rewrite.c b/tests/t_rewrite.c index bbbe469..80d6bee 100644 --- a/tests/t_rewrite.c +++ b/tests/t_rewrite.c @@ -4,16 +4,26 @@ #include #include #include +#include #include "../rewrite.h" #include "../radmsg.h" #include "../debug.h" +static void printescape(uint8_t *v, uint8_t l) { + int i; + for(i=0; idata, (struct tlv *)m->data)) { - printf("attribute list not as expected\n"); + struct tlv *tlv_exp = (struct tlv *)n->data, *tlv_act = (struct tlv *)m->data; + if (!eqtlv(tlv_exp, tlv_act)) { + printf("attribute list at %d not as expected!\n", i); + printf(" expected type: %d, actual type: %d\n", tlv_exp->t, tlv_act->t); + printf(" expected length: %d, actual length: %d\n", tlv_exp->l, tlv_act->l); + printf(" expected value: "); + printescape(tlv_exp->v, tlv_exp->l); + printf(" actual value: "); + printescape(tlv_act->v, tlv_act->l); + printf("\n"); return 1; } m=list_next(m); + i++; } return 0; } @@ -65,7 +84,7 @@ void _reset_rewrite(struct rewrite *rewrite) { int main (int argc, char *argv[]) { - int testcount = 25; + int testcount = 26; struct list *origattrs, *expectedattrs; struct rewrite rewrite; char *username = "user@realm"; @@ -643,6 +662,34 @@ main (int argc, char *argv[]) _reset_rewrite(&rewrite); } + /* test issue #62 + rewrite 9:102:/^(h323-credit-time).*$/\1=86400/ + */ + { + char *value = "h323-credit-time=1846422"; + char *expect = "h323-credit-time=86400"; + struct modattr *mod = malloc(sizeof(struct modattr)); + regex_t regex; + + mod->t = 102; + mod->vendor = 9; + mod->regex = ®ex; + mod->replacement = "\\1=86400"; + regcomp(mod->regex, "^(h323-credit-time).*$", REG_ICASE | REG_EXTENDED); + + list_push(rewrite.modvattrs, mod); + list_push(origattrs, makevendortlv(9,maketlv(102,strlen(value), value))); + list_push(expectedattrs, makevendortlv(9,maketlv(102,strlen(expect), expect))); + + if (_check_rewrite(origattrs, &rewrite, expectedattrs, 0)) + printf("not "); + printf("ok %d - issue #62\n", testcount++); + + _tlv_list_clear(origattrs); + _tlv_list_clear(expectedattrs); + _reset_rewrite(&rewrite); + } + list_destroy(origattrs); list_destroy(expectedattrs); list_destroy(rewrite.addattrs); diff --git a/tests/t_rewrite_config.c b/tests/t_rewrite_config.c index 2e0ac89..129bbbd 100644 --- a/tests/t_rewrite_config.c +++ b/tests/t_rewrite_config.c @@ -15,40 +15,73 @@ main (int argc, char *argv[]) struct rewrite *result; char *rewritename = "rewrite"; char **addattrs; - int numtests = 1, i; + int numtests = 2, i; struct tlv *tlv, *expected; uint8_t expectedvalue[] = {'1',0,0,'1','A','%','4','1'}; printf("1..%d\n", numtests); numtests = 1; - addattrs = malloc(2); - addattrs[0] = stringcopy("1:'1%00%001%41%2541", 0); - addattrs[1] = NULL; + { + addattrs = malloc(2); + addattrs[0] = stringcopy("1:'1%00%001%41%2541", 0); + addattrs[1] = NULL; - expected = maketlv(1,8,expectedvalue); + expected = maketlv(1,8,expectedvalue); - addrewrite(rewritename, 0, NULL, NULL, addattrs, - NULL, NULL, NULL, NULL, NULL); + addrewrite(rewritename, 0, NULL, NULL, addattrs, + NULL, NULL, NULL, NULL, NULL); - result = getrewrite(rewritename, NULL); + result = getrewrite(rewritename, NULL); - if (result->addattrs->first) { - tlv = (struct tlv *)result->addattrs->first->data; - if (!eqtlv(tlv, expected)) { - printf ("tlv value was: 0x"); - for (i = 0; i < tlv->l; i++) { - printf ("%x", *((tlv->v)+i)); + if (result->addattrs->first) { + tlv = (struct tlv *)result->addattrs->first->data; + if (!eqtlv(tlv, expected)) { + printf ("tlv value was: 0x"); + for (i = 0; i < tlv->l; i++) { + printf ("%x", *((tlv->v)+i)); + } + printf ("\n"); + printf ("not "); } - printf ("\n"); - printf ("not "); + printf("ok %d - rewrite config\n", numtests++); + } else { + printf("not ok %d - rewrite config\n", numtests++); } - printf("ok %d - rewrite config\n", numtests++); - } else { - printf("not ok %d - rewrite ocnfig\n", numtests++); + + freetlv(expected); } - freetlv(expected); + /* test issue #62 */ + { + char *expectreplace = "\\1=86400"; + char **modvattrs = malloc(2); + rewritename= "issue62"; + + modvattrs[0] = stringcopy("9:102:/^(h323-credit-time).*$/\\1=86400/",0); + modvattrs[1] = NULL; + + addrewrite(rewritename, 0, NULL, NULL, NULL, NULL, NULL, modvattrs, NULL, NULL); + result = getrewrite(rewritename, NULL); + + if (result && result->modvattrs && result->modvattrs->first) { + struct modattr *mod = (struct modattr *)result->modvattrs->first->data; + if (regexec(mod->regex,"h323-credit-time=1846422",0,NULL,0)) { + printf("not "); + } + if (strcmp(mod->replacement, expectreplace)) { + printf("not "); + } + else if (mod->t != 102 || mod->vendor != 9) { + printf("not "); + } + printf("ok %d - rewrite config issue #62\n", numtests++); + } else { + printf("not ok %d - rewrite config issue #62\n", numtests++); + } + + free(modvattrs); + } return 0; } From 55e22d505292e438cbfd7e3f1c5649efe610fed6 Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Fri, 31 Jul 2020 15:43:09 +0200 Subject: [PATCH 10/12] fix coverity issues --- radmsg.c | 2 +- radsecproxy.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/radmsg.c b/radmsg.c index 6828f0d..5f49237 100644 --- a/radmsg.c +++ b/radmsg.c @@ -296,7 +296,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, int secret_len, uint8_t while (p - buf + 2 <= len) { t = *p++; l = *p++; - if (l < 2) { + if (l < 2 || l > 255) { debug(DBG_WARN, "buf2radmsg: invalid attribute length %d", l); radmsg_free(msg); return NULL; diff --git a/radsecproxy.c b/radsecproxy.c index 1c575bc..a8bb07a 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -3043,7 +3043,8 @@ int radsecproxy_main(int argc, char **argv) { sigaddset(&sigset, SIGHUP); sigaddset(&sigset, SIGPIPE); pthread_sigmask(SIG_BLOCK, &sigset, NULL); - pthread_create(&sigth, &pthread_attr, sighandler, NULL); + if (pthread_create(&sigth, &pthread_attr, sighandler, NULL)) + debugx(1, DBG_ERR, "pthread_create failed: sighandler"); for (entry = list_first(srvconfs); entry; entry = list_next(entry)) { srvconf = (struct clsrvconf *)entry->data; From 05fc57cc88e12d060ac74c94568f10d9ba9d3948 Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Thu, 6 Aug 2020 13:39:10 +0200 Subject: [PATCH 11/12] don't send status-server when connection resets --- ChangeLog | 1 + radsecproxy.c | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8511116..f6c8159 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ chanes since 1.8.1 - Fix compatibility with GCC 10 (#63) - Fix spelling in manpage - Fix modifyVendorAttribute not applied (#62) + - Fix unncessary status-server when in minimal mode (#61) 2019-10-01 1.8.1 Bug fixes: diff --git a/radsecproxy.c b/radsecproxy.c index a8bb07a..8f7f2b6 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1649,8 +1649,11 @@ void *clientwr(void *arg) { #endif pthread_mutex_unlock(&server->newrq_mutex); - for (i = 0; i < MAX_REQUESTS; i++) { - if (server->clientrdgone) { + if (do_resend || server->lastrcv.tv_sec > laststatsrv.tv_sec) + statusserver_requested = 0; + + for (i = 0; i < MAX_REQUESTS; i++) { + if (server->clientrdgone) { server->state = RSP_SERVER_STATE_FAILING; if (conf->pdef->connecter) pthread_join(clientrdth, NULL); @@ -1681,7 +1684,7 @@ void *clientwr(void *arg) { continue; } - if (rqout->tries > 0 && now.tv_sec - server->lastrcv.tv_sec > conf->retryinterval) + if (rqout->tries > 0 && now.tv_sec - server->lastrcv.tv_sec > conf->retryinterval && !do_resend) statusserver_requested = 1; if (rqout->tries == (*rqout->rq->buf == RAD_Status_Server ? 1 : conf->retrycount + 1)) { debug(DBG_DBG, "clientwr: removing expired packet from queue"); From 087f19407a64d353058f2faf7b51479340651cda Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Thu, 6 Aug 2020 13:58:50 +0200 Subject: [PATCH 12/12] ready for radsecproxy 1.8.2 --- ChangeLog | 2 +- README | 2 +- configure.ac | 2 +- radsecproxy.conf.5.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f6c8159..af1b336 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -chanes since 1.8.1 +2020-08-06 1.8.2 Bug fixes: - Fix wrong config-unhexing if %25 (%) occurs - Fix compatibility with GCC 10 (#63) diff --git a/README b/README index 28dfdc2..8e74ab1 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is radsecproxy 1.8.1 +This is radsecproxy 1.8.2 radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. There is also experimental support for diff --git a/configure.ac b/configure.ac index a5b8356..00feb06 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl Copyright (c) 2006-2010, UNINETT AS dnl Copyright (c) 2010-2013,2016, NORDUnet A/S dnl See LICENSE for licensing information. -AC_INIT(radsecproxy, 1.8.1, https://radsecproxy.github.io) +AC_INIT(radsecproxy, 1.8.2, https://radsecproxy.github.io) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_TARGET AM_INIT_AUTOMAKE diff --git a/radsecproxy.conf.5.in b/radsecproxy.conf.5.in index d2f947e..0fa6f47 100644 --- a/radsecproxy.conf.5.in +++ b/radsecproxy.conf.5.in @@ -1,4 +1,4 @@ -.TH radsecproxy.conf 5 2019-10-01 "radsecproxy 1.8.1" "" +.TH radsecproxy.conf 5 2020-08-06 "radsecproxy 1.8.2" "" .SH NAME radsecproxy.conf \- Radsec proxy configuration file