aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-04-20 08:04:44 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2020-04-20 18:30:06 +0200
commit29b2e8f05c08b00a2a835bd5e3492e0e3b622d26 (patch)
treec03532ae0d2b78f9abd98b5c7a092c3ecb130a72
parent1677b4591d331919e7292a47819a838c57688e08 (diff)
downloadaports-29b2e8f05c08b00a2a835bd5e3492e0e3b622d26.tar.gz
aports-29b2e8f05c08b00a2a835bd5e3492e0e3b622d26.tar.bz2
aports-29b2e8f05c08b00a2a835bd5e3492e0e3b622d26.tar.xz
main/freeradius: fix going though post-proxy on dead home server
we also add an upstream improvement for fix request running segfault. Related report: http://lists.freeradius.org/pipermail/freeradius-users/2020-April/097815.html
-rw-r--r--main/freeradius/APKBUILD6
-rw-r--r--main/freeradius/allow-request_will_proxy-to-return-an-error.patch57
-rw-r--r--main/freeradius/fix-request_running-segfault.patch55
3 files changed, 116 insertions, 2 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD
index 71c8462804..d6a30f9da0 100644
--- a/main/freeradius/APKBUILD
+++ b/main/freeradius/APKBUILD
@@ -5,7 +5,7 @@
pkgname=freeradius
_realname=freeradius
pkgver=3.0.20
-pkgrel=4
+pkgrel=5
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="https://freeradius.org/"
arch="all"
@@ -32,6 +32,7 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
freeradius-313-default-config.patch
Fix-permissions-of-certs-in-bootstrap-fallback.patch
fix-request_running-segfault.patch
+ allow-request_will_proxy-to-return-an-error.patch
"
builddir="$srcdir"/$_realname-server-$pkgver
@@ -298,4 +299,5 @@ c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch
666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch
f88cb4ae335d67211c8563b6df88e20ee3729e57aa56423f99b518f83b190479b38bb189a0ab53c70ef9709a6229ccaa506ea6b79844cbfd4f2a7f0c7c292045 Fix-permissions-of-certs-in-bootstrap-fallback.patch
-7ddf75901f635216b0d972c14631334a8138e0dbb021685bb6b3a996f38d232b84146c621dae541b00f6149fa401e835d1579bbacd27fad72a80bacd4391b404 fix-request_running-segfault.patch"
+0ef4e3ef373aeb1c009ecfc2314e30fe944981da904d5c6b9f81ed10c29d4ebc6519f1aacb28ca4c86079e20ca017fd8f84142bf95a823a2f89fd9548f822d3a fix-request_running-segfault.patch
+e907bb315bd665c98723ccd4bad3c300138a8707a59c020833af63ce8c8b6570b36a9450eedde0b72abb87ff5fbc01f3f0be40cb40ac092a639315e05ebf9214 allow-request_will_proxy-to-return-an-error.patch"
diff --git a/main/freeradius/allow-request_will_proxy-to-return-an-error.patch b/main/freeradius/allow-request_will_proxy-to-return-an-error.patch
new file mode 100644
index 0000000000..34e352f423
--- /dev/null
+++ b/main/freeradius/allow-request_will_proxy-to-return-an-error.patch
@@ -0,0 +1,57 @@
+From 76e95d4300faa4ec0da970345e0043d6811896c5 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Sat, 18 Apr 2020 19:40:28 -0400
+Subject: [PATCH] allow request_will_proxy() to return an error
+
+and check it in request_running()
+---
+ src/main/process.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/process.c b/src/main/process.c
+index 1a48517d43..fcd0a0ad06 100644
+--- a/src/main/process.c
++++ b/src/main/process.c
+@@ -1598,6 +1598,8 @@ static void request_finish(REQUEST *request, int action)
+ */
+ static void request_running(REQUEST *request, int action)
+ {
++ int rcode;
++
+ VERIFY_REQUEST(request);
+
+ TRACE_STATE_MACHINE;
+@@ -1631,7 +1633,8 @@ static void request_running(REQUEST *request, int action)
+ /*
+ * We may need to send a proxied request.
+ */
+- if (request_will_proxy(request)) {
++ rcode = request_will_proxy(request);
++ if (rcode == 1) {
+ #ifdef DEBUG_STATE_MACHINE
+ if (rad_debug_lvl) printf("(%u) ********\tWill Proxy\t********\n", request->number);
+ #endif
+@@ -1648,6 +1651,14 @@ static void request_running(REQUEST *request, int action)
+ process_proxy_reply(request, NULL);
+ goto req_finished;
+ }
++
++ } else if (rcode < 0) {
++ /*
++ * No live home servers, run Post-Proxy-Type Fail.
++ */
++ (void) setup_post_proxy_fail(request);
++ process_proxy_reply(request, NULL);
++ goto req_finished;
+ } else
+ #endif
+ {
+@@ -3082,7 +3093,7 @@ static int request_will_proxy(REQUEST *request)
+
+ if (!home) {
+ REDEBUG2("Failed to find live home server: Cancelling proxy");
+- return 1;
++ return -1;
+ }
+
+ do_home:
diff --git a/main/freeradius/fix-request_running-segfault.patch b/main/freeradius/fix-request_running-segfault.patch
index d1ca890302..e6973b19a6 100644
--- a/main/freeradius/fix-request_running-segfault.patch
+++ b/main/freeradius/fix-request_running-segfault.patch
@@ -21,3 +21,58 @@ index 78c6d8a9e5..c8b3af24e2 100644
(void) setup_post_proxy_fail(request);
process_proxy_reply(request, NULL);
+From e2de6fab148e800380f1929fe4ea88a38de42053 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Wed, 20 Nov 2019 13:59:54 -0500
+Subject: [PATCH] a better fix for commit 30ffd21
+
+Which still runs post-proxy-type fail if all of the home servers
+are dead
+---
+ src/main/process.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/main/process.c b/src/main/process.c
+index c8b3af24e2..1a48517d43 100644
+--- a/src/main/process.c
++++ b/src/main/process.c
+@@ -1642,8 +1642,7 @@ static void request_running(REQUEST *request, int action)
+ * handler.
+ */
+ if (request_proxy(request) < 0) {
+- if (!request->home_server ||
+- (request->home_server && request->home_server->server)) goto req_finished;
++ if (request->home_server && request->home_server->server) goto req_finished;
+
+ (void) setup_post_proxy_fail(request);
+ process_proxy_reply(request, NULL);
+@@ -2475,13 +2474,12 @@ static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply)
+ }
+
+ old_server = request->server;
+- rad_assert(request->home_server != NULL);
+
+ /*
+ * If the home server is virtual, just run pre_proxy from
+ * that section.
+ */
+- if (request->home_server->server) {
++ if (request->home_server && request->home_server->server) {
+ request->server = request->home_server->server;
+
+ } else {
+@@ -3182,13 +3180,12 @@ static int request_will_proxy(REQUEST *request)
+ }
+
+ old_server = request->server;
+- rad_assert(request->home_server != NULL);
+
+ /*
+ * If the home server is virtual, just run pre_proxy from
+ * that section.
+ */
+- if (request->home_server->server) {
++ if (request->home_server && request->home_server->server) {
+ request->server = request->home_server->server;
+
+ } else {