From: Arran Cudbard-Bell Date: Wed, 14 Apr 2021 23:29:37 +0000 (-0500) Subject: This bug has probably been fixed for a decade or more X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=635d88c849568063f3d8d8b88e7a2dee24e1e341;p=thirdparty%2Ffreeradius-server.git This bug has probably been fixed for a decade or more --- diff --git a/doc/antora/modules/raddb/pages/mods-available/eap.adoc b/doc/antora/modules/raddb/pages/mods-available/eap.adoc index d7751f09837..30954bf72f6 100644 --- a/doc/antora/modules/raddb/pages/mods-available/eap.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/eap.adoc @@ -1585,7 +1585,6 @@ TODO eap { default_eap_type = md5 ignore_unknown_eap_types = no - cisco_accounting_username_bug = no type = md5 # type = pwd type = gtc diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index f32070a6ebe..91e4e68d789 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap @@ -53,16 +53,6 @@ eap { # ignore_unknown_eap_types = no - # - # cisco_accounting_username_bug:: - # - # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given a `User-Name` - # attribute in an `Access-Accept`, it copies one more byte than it should. - # - # We can work around it by using this configuration option to add an extra zero byte. - # - cisco_accounting_username_bug = no - # # ## Allowed EAP-types # diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index 75f9db174e0..f34240c7e36 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -61,10 +61,11 @@ static const CONF_PARSER module_config[] = { { FR_CONF_OFFSET("type", FR_TYPE_VOID | FR_TYPE_MULTI | FR_TYPE_NOT_EMPTY, rlm_eap_t, submodule_cs), .func = submodule_parse }, - { FR_CONF_DEPRECATED("timer_expire", FR_TYPE_UINT32, rlm_eap_t, timer_limit), .dflt = "60" }, { FR_CONF_OFFSET("ignore_unknown_eap_types", FR_TYPE_BOOL, rlm_eap_t, ignore_unknown_types), .dflt = "no" }, - { FR_CONF_OFFSET("cisco_accounting_username_bug", FR_TYPE_BOOL, rlm_eap_t, - cisco_accounting_username_bug), .dflt = "no" }, + + { FR_CONF_DEPRECATED("timer_expire", FR_TYPE_UINT32, rlm_eap_t, timer_limit), .dflt = "60" }, + { FR_CONF_DEPRECATED("cisco_accounting_username_bug", FR_TYPE_BOOL, rlm_eap_t, + cisco_accounting_username_bug), .dflt = "no" }, { FR_CONF_DEPRECATED("max_sessions", FR_TYPE_UINT32, rlm_eap_t, max_sessions), .dflt = "2048" }, CONF_PARSER_TERMINATOR }; @@ -920,18 +921,6 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * vp = fr_pair_copy(request->reply_ctx, username); fr_pair_append(&request->reply_pairs, vp); } - - /* - * Cisco AP1230 has a bug and needs a zero - * terminated string in Access-Accept. - */ - if (inst->cisco_accounting_username_bug) { - char *new; - - MEM(new = talloc_zero_array(vp, char, vp->vp_length + 1 + 1)); /* \0 + \0 */ - memcpy(new, vp->vp_strvalue, vp->vp_length); - fr_pair_value_bstrdup_buffer_shallow(vp, new, vp->vp_tainted); /* Also frees existing buffer */ - } } /* diff --git a/src/modules/rlm_eap/rlm_eap.h b/src/modules/rlm_eap/rlm_eap.h index b4c4af6e266..abb6846d8e3 100644 --- a/src/modules/rlm_eap/rlm_eap.h +++ b/src/modules/rlm_eap/rlm_eap.h @@ -44,7 +44,6 @@ typedef struct { eap_type_t default_method; //!< Resolved default_method_name. bool ignore_unknown_types; //!< Ignore unknown types (for later proxying). - bool cisco_accounting_username_bug; char const *name; //!< Name of this instance. fr_dict_enum_t *auth_type; diff --git a/src/tests/eapol_test/config/servers.conf b/src/tests/eapol_test/config/servers.conf index 2069fdc851a..e232267b0e3 100644 --- a/src/tests/eapol_test/config/servers.conf +++ b/src/tests/eapol_test/config/servers.conf @@ -65,7 +65,6 @@ modules { # default_eap_type is set in the method file # ignore_unknown_eap_types = no - cisco_accounting_username_bug = no # # Should use the same set of snakeoil certs as