]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 21307a0)
loosen "auto" checks for wildcard clients
authorAlan T. DeKok <aland@freeradius.org>
Fri, 23 Aug 2024 12:35:05 +0000 (08:35 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Fri, 23 Aug 2024 12:35:05 +0000 (08:35 -0400)
src/main/listen.c patch | blob | blame | history

diff --git a/src/main/listen.c b/src/main/listen.c
index e0ae6bdc1e5501202ee513e17c2d6c25915712bd..0460e5f9bc9e9466600e1c0fcb1bc9d6950f41e3 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -561,7 +561,18 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
                         *      Message-Authenticator
                         */
                        return;
+
+               } else if (((client->src_ipaddr.af == AF_INET) &&
+                           (client->src_ipaddr.prefix != 32)) ||
+                          ((client->src_ipaddr.af == AF_INET6) &&
+                           (client->src_ipaddr.prefix != 128))) {
+                       /*
+                        *      Don't change it from "auto" for wildcard clients.
+                        */
+                       return;
+
                } else {
+
                        ERROR("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                        ERROR("BlastRADIUS check: Received packet with Message-Authenticator.");
                        ERROR("Setting \"require_message_authenticator = true\" for client %s", client->shortname);
@@ -621,6 +632,15 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
 
                client->limit_proxy_state = FR_BOOL_FALSE;
 
+       } else if (((client->src_ipaddr.af == AF_INET) &&
+                   (client->src_ipaddr.prefix != 32)) ||
+                  ((client->src_ipaddr.af == AF_INET6) &&
+                   (client->src_ipaddr.prefix != 128))) {
+               /*
+                *      Don't change it from "auto" for wildcard clients.
+                */
+               return;
+
        } else {
                client->limit_proxy_state = FR_BOOL_TRUE;
 
Mirror of https://github.com/FreeRADIUS/freeradius-server.git