From 29b2e8f05c08b00a2a835bd5e3492e0e3b622d26 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 20 Apr 2020 08:04:44 +0000 Subject: main/freeradius: fix going though post-proxy on dead home server we also add an upstream improvement for fix request running segfault. Related report: http://lists.freeradius.org/pipermail/freeradius-users/2020-April/097815.html --- main/freeradius/APKBUILD | 6 ++- ...low-request_will_proxy-to-return-an-error.patch | 57 ++++++++++++++++++++++ main/freeradius/fix-request_running-segfault.patch | 55 +++++++++++++++++++++ 3 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 main/freeradius/allow-request_will_proxy-to-return-an-error.patch diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index 71c8462804..d6a30f9da0 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -5,7 +5,7 @@ pkgname=freeradius _realname=freeradius pkgver=3.0.20 -pkgrel=4 +pkgrel=5 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="https://freeradius.org/" arch="all" @@ -32,6 +32,7 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz freeradius-313-default-config.patch Fix-permissions-of-certs-in-bootstrap-fallback.patch fix-request_running-segfault.patch + allow-request_will_proxy-to-return-an-error.patch " builddir="$srcdir"/$_realname-server-$pkgver @@ -298,4 +299,5 @@ c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d 41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch 666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch f88cb4ae335d67211c8563b6df88e20ee3729e57aa56423f99b518f83b190479b38bb189a0ab53c70ef9709a6229ccaa506ea6b79844cbfd4f2a7f0c7c292045 Fix-permissions-of-certs-in-bootstrap-fallback.patch -7ddf75901f635216b0d972c14631334a8138e0dbb021685bb6b3a996f38d232b84146c621dae541b00f6149fa401e835d1579bbacd27fad72a80bacd4391b404 fix-request_running-segfault.patch" +0ef4e3ef373aeb1c009ecfc2314e30fe944981da904d5c6b9f81ed10c29d4ebc6519f1aacb28ca4c86079e20ca017fd8f84142bf95a823a2f89fd9548f822d3a fix-request_running-segfault.patch +e907bb315bd665c98723ccd4bad3c300138a8707a59c020833af63ce8c8b6570b36a9450eedde0b72abb87ff5fbc01f3f0be40cb40ac092a639315e05ebf9214 allow-request_will_proxy-to-return-an-error.patch" diff --git a/main/freeradius/allow-request_will_proxy-to-return-an-error.patch b/main/freeradius/allow-request_will_proxy-to-return-an-error.patch new file mode 100644 index 0000000000..34e352f423 --- /dev/null +++ b/main/freeradius/allow-request_will_proxy-to-return-an-error.patch @@ -0,0 +1,57 @@ +From 76e95d4300faa4ec0da970345e0043d6811896c5 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Sat, 18 Apr 2020 19:40:28 -0400 +Subject: [PATCH] allow request_will_proxy() to return an error + +and check it in request_running() +--- + src/main/process.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/main/process.c b/src/main/process.c +index 1a48517d43..fcd0a0ad06 100644 +--- a/src/main/process.c ++++ b/src/main/process.c +@@ -1598,6 +1598,8 @@ static void request_finish(REQUEST *request, int action) + */ + static void request_running(REQUEST *request, int action) + { ++ int rcode; ++ + VERIFY_REQUEST(request); + + TRACE_STATE_MACHINE; +@@ -1631,7 +1633,8 @@ static void request_running(REQUEST *request, int action) + /* + * We may need to send a proxied request. + */ +- if (request_will_proxy(request)) { ++ rcode = request_will_proxy(request); ++ if (rcode == 1) { + #ifdef DEBUG_STATE_MACHINE + if (rad_debug_lvl) printf("(%u) ********\tWill Proxy\t********\n", request->number); + #endif +@@ -1648,6 +1651,14 @@ static void request_running(REQUEST *request, int action) + process_proxy_reply(request, NULL); + goto req_finished; + } ++ ++ } else if (rcode < 0) { ++ /* ++ * No live home servers, run Post-Proxy-Type Fail. ++ */ ++ (void) setup_post_proxy_fail(request); ++ process_proxy_reply(request, NULL); ++ goto req_finished; + } else + #endif + { +@@ -3082,7 +3093,7 @@ static int request_will_proxy(REQUEST *request) + + if (!home) { + REDEBUG2("Failed to find live home server: Cancelling proxy"); +- return 1; ++ return -1; + } + + do_home: diff --git a/main/freeradius/fix-request_running-segfault.patch b/main/freeradius/fix-request_running-segfault.patch index d1ca890302..e6973b19a6 100644 --- a/main/freeradius/fix-request_running-segfault.patch +++ b/main/freeradius/fix-request_running-segfault.patch @@ -21,3 +21,58 @@ index 78c6d8a9e5..c8b3af24e2 100644 (void) setup_post_proxy_fail(request); process_proxy_reply(request, NULL); +From e2de6fab148e800380f1929fe4ea88a38de42053 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Wed, 20 Nov 2019 13:59:54 -0500 +Subject: [PATCH] a better fix for commit 30ffd21 + +Which still runs post-proxy-type fail if all of the home servers +are dead +--- + src/main/process.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/main/process.c b/src/main/process.c +index c8b3af24e2..1a48517d43 100644 +--- a/src/main/process.c ++++ b/src/main/process.c +@@ -1642,8 +1642,7 @@ static void request_running(REQUEST *request, int action) + * handler. + */ + if (request_proxy(request) < 0) { +- if (!request->home_server || +- (request->home_server && request->home_server->server)) goto req_finished; ++ if (request->home_server && request->home_server->server) goto req_finished; + + (void) setup_post_proxy_fail(request); + process_proxy_reply(request, NULL); +@@ -2475,13 +2474,12 @@ static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply) + } + + old_server = request->server; +- rad_assert(request->home_server != NULL); + + /* + * If the home server is virtual, just run pre_proxy from + * that section. + */ +- if (request->home_server->server) { ++ if (request->home_server && request->home_server->server) { + request->server = request->home_server->server; + + } else { +@@ -3182,13 +3180,12 @@ static int request_will_proxy(REQUEST *request) + } + + old_server = request->server; +- rad_assert(request->home_server != NULL); + + /* + * If the home server is virtual, just run pre_proxy from + * that section. + */ +- if (request->home_server->server) { ++ if (request->home_server && request->home_server->server) { + request->server = request->home_server->server; + + } else { -- cgit v1.2.3