From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 23 Aug 2024 12:35:05 +0000 (-0400)
Subject: loosen "auto" checks for wildcard clients
X-Git-Tag: release_3_2_6~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=314ae1f8bc1dfe8b41c6e5039f86855289d439b6;p=thirdparty%2Ffreeradius-server.git

loosen "auto" checks for wildcard clients
---

diff --git a/src/main/listen.c b/src/main/listen.c
index e0ae6bdc1e5..0460e5f9bc9 100644
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -561,7 +561,18 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
 			 *	Message-Authenticator
 			 */
 			return;
+
+		} else if (((client->src_ipaddr.af == AF_INET) &&
+			    (client->src_ipaddr.prefix != 32)) ||
+			   ((client->src_ipaddr.af == AF_INET6) &&
+			    (client->src_ipaddr.prefix != 128))) {
+			/*
+			 *	Don't change it from "auto" for wildcard clients.
+			 */
+			return;
+
 		} else {
+
 			ERROR("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 			ERROR("BlastRADIUS check: Received packet with Message-Authenticator.");
 			ERROR("Setting \"require_message_authenticator = true\" for client %s", client->shortname);
@@ -621,6 +632,15 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
 
 		client->limit_proxy_state = FR_BOOL_FALSE;
 
+	} else if (((client->src_ipaddr.af == AF_INET) &&
+		    (client->src_ipaddr.prefix != 32)) ||
+		   ((client->src_ipaddr.af == AF_INET6) &&
+		    (client->src_ipaddr.prefix != 128))) {
+		/*
+		 *	Don't change it from "auto" for wildcard clients.
+		 */
+		return;
+
 	} else {
 		client->limit_proxy_state = FR_BOOL_TRUE;