]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
This bug has probably been fixed for a decade or more
authorArran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 14 Apr 2021 23:29:37 +0000 (18:29 -0500)
committerArran Cudbard-Bell <a.cudbardb@freeradius.org>
Thu, 15 Apr 2021 02:19:16 +0000 (21:19 -0500)
doc/antora/modules/raddb/pages/mods-available/eap.adoc
raddb/mods-available/eap
src/modules/rlm_eap/rlm_eap.c
src/modules/rlm_eap/rlm_eap.h
src/tests/eapol_test/config/servers.conf

index d7751f098374907db3c099193a59f7cba77fd5ee..30954bf72f6b1b9b685de13ad4abeb5a75d1b6b4 100644 (file)
@@ -1585,7 +1585,6 @@ TODO
 eap {
        default_eap_type = md5
        ignore_unknown_eap_types = no
-       cisco_accounting_username_bug = no
        type = md5
 #      type = pwd
        type = gtc
index f32070a6ebe8027d234a668366a3bc92cc353e41..91e4e68d7891cfcdb4046abc1029d464b2aca272 100644 (file)
@@ -53,16 +53,6 @@ eap {
        #
        ignore_unknown_eap_types = no
 
-       #
-       #  cisco_accounting_username_bug::
-       #
-       #  Cisco AP1230B firmware 12.2(13)JA1 has a bug.  When given a `User-Name`
-       #  attribute in an `Access-Accept`, it copies one more byte than it should.
-       #
-       #  We can work around it by using this configuration option to add an extra zero byte.
-       #
-       cisco_accounting_username_bug = no
-
        #
        #  ## Allowed EAP-types
        #
index 75f9db174e0d73c132a0eec8c56807877196866d..f34240c7e361dd9e3e48bbe11eb9eca1da9400b5 100644 (file)
@@ -61,10 +61,11 @@ static const CONF_PARSER module_config[] = {
        { FR_CONF_OFFSET("type", FR_TYPE_VOID | FR_TYPE_MULTI | FR_TYPE_NOT_EMPTY, rlm_eap_t, submodule_cs),
                         .func = submodule_parse },
 
-       { FR_CONF_DEPRECATED("timer_expire", FR_TYPE_UINT32, rlm_eap_t, timer_limit), .dflt = "60" },
        { FR_CONF_OFFSET("ignore_unknown_eap_types", FR_TYPE_BOOL, rlm_eap_t, ignore_unknown_types), .dflt = "no" },
-       { FR_CONF_OFFSET("cisco_accounting_username_bug", FR_TYPE_BOOL, rlm_eap_t,
-                        cisco_accounting_username_bug), .dflt = "no" },
+
+       { FR_CONF_DEPRECATED("timer_expire", FR_TYPE_UINT32, rlm_eap_t, timer_limit), .dflt = "60" },
+       { FR_CONF_DEPRECATED("cisco_accounting_username_bug", FR_TYPE_BOOL, rlm_eap_t,
+                            cisco_accounting_username_bug), .dflt = "no" },
        { FR_CONF_DEPRECATED("max_sessions", FR_TYPE_UINT32, rlm_eap_t, max_sessions), .dflt = "2048" },
        CONF_PARSER_TERMINATOR
 };
@@ -920,18 +921,6 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *
                        vp = fr_pair_copy(request->reply_ctx, username);
                        fr_pair_append(&request->reply_pairs, vp);
                }
-
-               /*
-                *      Cisco AP1230 has a bug and needs a zero
-                *      terminated string in Access-Accept.
-                */
-               if (inst->cisco_accounting_username_bug) {
-                       char *new;
-
-                       MEM(new = talloc_zero_array(vp, char, vp->vp_length + 1 + 1));  /* \0 + \0 */
-                       memcpy(new, vp->vp_strvalue, vp->vp_length);
-                       fr_pair_value_bstrdup_buffer_shallow(vp, new, vp->vp_tainted);  /* Also frees existing buffer */
-               }
        }
 
        /*
index b4c4af6e26662ff20aa8594ad6fdd0f4bfb34de6..abb6846d8e31a8039008fb1a2a1adc7342f97104 100644 (file)
@@ -44,7 +44,6 @@ typedef struct {
        eap_type_t                      default_method;                 //!< Resolved default_method_name.
 
        bool                            ignore_unknown_types;           //!< Ignore unknown types (for later proxying).
-       bool                            cisco_accounting_username_bug;
 
        char const                      *name;                          //!< Name of this instance.
        fr_dict_enum_t                  *auth_type;
index 2069fdc851a2d03696684ef28e1f6feb52ac3436..e232267b0e3f79ea41a19162712a4c90554387ec 100644 (file)
@@ -65,7 +65,6 @@ modules {
                #  default_eap_type is set in the method file
                #
                ignore_unknown_eap_types = no
-               cisco_accounting_username_bug = no
 
                #
                #  Should use the same set of snakeoil certs as