Merge branch 'master' into multi-server-tests

Author: marc-casavant

debian/control.in

@@ -1,6 +1,5 @@
 Source: freeradius
 Build-Depends: @BUILDDEPS@ debhelper (>= 9),
- asciidoctor,
  autotools-dev,
  dh-systemd (>= 1.5) | debhelper (>= 13.3.0),
  dpkg-dev (>= 1.13.19),
@@ -34,7 +33,6 @@ Build-Depends: @BUILDDEPS@ debhelper (>= 9),
  libwbclient-dev,
  libykclient-dev,
  libyubikey-dev,
- pandoc,
  python3-dev,
  quilt,
  samba-dev,

doc/antora/modules/reference/pages/raddb/sites-available/default.adoc

@@ -1542,11 +1542,16 @@ The server is supposed to conclude that the start time was
 "Acct-Delay-Time" seconds in the past.
 
 If there's no Event-Timestamp, then we create one, using
-Acct-Delay-Time as an offset if it exists.
+Acct-Delay-Time as an offset if it exists.  BUT we only do
+this if Acct-Delay-Time exists, and has a reasonable value.
 
 ```
 	if (!Event-Timestamp) {
-		Event-Timestamp := %time.request() - %{Acct-Delay-Time || 0}
+		Event-Timestamp := %time.request()
+
+		if (Acct-Delay-Time && (Acct-Delay-Time < 86400 * 7)) {
+			Event-Timestamp -= Acct-Delay-Time
+		}
 	}
 
 ```

doc/antora/modules/troubleshooting/nav.adoc

@@ -5,13 +5,14 @@
 *** Server does not start
 **** xref:network/bind.adoc[Failed binding to socket]
 
-*** Common Errors
+*** Common Errors*
+**** xref:network/shared_secret.adoc[Shared secret is incorrect]
+**** xref:network/packet_fails_verification.adoc[Packet fails verification]
+**** xref:network/message_authenticator_invalid.adoc[Message-Authenticator fail verification]
 **** xref:network/unknown_packet_code.adoc[Unknown packet code]
 **** xref:network/unexpected_request_code.adoc[Unexpected request code]
 **** xref:network/message_authenticator_missing.adoc[Message-Authenticator is missing]
-**** xref:network/message_authenticator_invalid.adoc[Message-Authenticator fail verification]
 **** xref:network/proxy_state_missing.adoc[Proxy-State is missing]
-**** xref:network/packet_fails_verification.adoc[Packet fails verification]
 **** xref:network/no_matching_request.adoc[Did not find request which matched response]
 
 *** Other Errors

doc/antora/modules/troubleshooting/pages/network/shared_secret.adoc

@@ -0,0 +1,6 @@
+= Shared Secret is incorrect.
+
+The shared secret is wrong.  Fix it.
+
+// Copyright (C) 2026 Network RADIUS SAS.  Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.

raddb/sites-available/default

@@ -1357,10 +1357,15 @@ recv Accounting-Request {
 	#  "Acct-Delay-Time" seconds in the past.
 	#
 	#  If there's no Event-Timestamp, then we create one, using
-	#  Acct-Delay-Time as an offset if it exists.
+	#  Acct-Delay-Time as an offset if it exists.  BUT we only do
+	#  this if Acct-Delay-Time exists, and has a reasonable value.
 	#
 	if (!Event-Timestamp) {
-		Event-Timestamp := %time.request() - %{Acct-Delay-Time || 0}
+		Event-Timestamp := %time.request()
+
+		if (Acct-Delay-Time && (Acct-Delay-Time < 86400 * 7)) {
+			Event-Timestamp -= Acct-Delay-Time
+		}
 	}
 
 	#

share/dictionary/radius/dictionary.rfc8045

@@ -26,9 +26,6 @@ ATTRIBUTE	Range-End				.10	uint32
 ATTRIBUTE	Local-Id				.11	string
 
 ATTRIBUTE	IP-Port-Range				241.6	tlv clone=.IP-Port-Limit-Info
-ATTRIBUTE	Range-Start				.9	uint32
-ATTRIBUTE	Range-End				.10	uint32
-ATTRIBUTE	Local-Id				.11	string
 
 ATTRIBUTE	IP-Port-Forwarding-Map			241.7	tlv clone=.IP-Port-Range
 

src/lib/io/worker.c

@@ -994,12 +994,21 @@ static int8_t worker_runnable_cmp(void const *one, void const *two)
 	request_t const *a = one, *b = two;
 	int ret;
 
-	ret = CMP(b->priority, a->priority);
+	/*
+	 *	Prefer higher priority packets.
+	 */
+	ret = CMP_PREFER_LARGER(b->priority, a->priority);
 	if (ret != 0) return ret;
 
-	ret = CMP(a->sequence, b->sequence);
+	/*
+	 *	Prefer packets which are further along in their processing sequence.
+	 */
+	ret = CMP_PREFER_LARGER(a->sequence, b->sequence);
 	if (ret != 0) return ret;
 
+	/*
+	 *	Smaller timestamp (i.e. earlier) is more important.
+	 */
 	return fr_time_cmp(a->async->recv_time, b->async->recv_time);
 }
 

src/lib/server/cf_file.c

@@ -307,27 +307,35 @@ char const *cf_expand_variables(char const *cf, int lineno,
 			 *	it's the property of a section.
 			 */
 			if (q) {
-				CONF_SECTION *find = cf_item_to_section(ci);
+				CONF_SECTION *find;
+				char const *f;
+				size_t flen;
 
 				if (ci->type != CONF_ITEM_SECTION) {
 					ERROR("%s[%d]: Can only reference properties of sections", cf, lineno);
 					return NULL;
 				}
 
+				find = cf_item_to_section(ci);
 				switch (fr_table_value_by_str(conf_property_name, q, CONF_PROPERTY_INVALID)) {
 				case CONF_PROPERTY_NAME:
-					strcpy(p, find->name1);
+					f = find->name1;
 					break;
 
 				case CONF_PROPERTY_INSTANCE:
-					strcpy(p, find->name2 ? find->name2 : find->name1);
+					f = find->name2 ? find->name2 : find->name1;
 					break;
 
 				default:
 					ERROR("%s[%d]: Invalid property '%s'", cf, lineno, q);
 					return NULL;
 				}
-				p += strlen(p);
+
+				flen = talloc_array_length(f) - 1;
+				if ((p + flen) >= (output + outsize)) goto too_long;
+
+				memcpy(p, f, flen);
+				p += flen;
 				ptr = next;
 
 			} else if (ci->type == CONF_ITEM_PAIR) {
@@ -462,6 +470,7 @@ char const *cf_expand_variables(char const *cf, int lineno,
 
 	check_eos:
 		if (p >= (output + outsize)) {
+		too_long:
 			ERROR("%s[%d]: Reference \"%s\" is too long",
 			      cf, lineno, input);
 			return NULL;
@@ -595,7 +604,10 @@ static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, F
 			return -1;
 		}
 
-		if (fstatat(my_fd, r, &my_file.buf, 0) < 0) goto error;
+		if (fstatat(my_fd, r, &my_file.buf, 0) < 0) {
+			if (my_fd != AT_FDCWD) close(my_fd);
+			goto error;
+		}
 
 		file = fr_rb_find(tree, &my_file);
 
@@ -671,8 +683,8 @@ static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, F
  */
 void cf_file_check_set_uid_gid(uid_t uid, gid_t gid)
 {
-	if (uid != 0) conf_check_uid = uid;
-	if (gid != 0) conf_check_gid = gid;
+	if (uid != (uid_t) -1) conf_check_uid = uid;
+	if (gid != (gid_t) -1) conf_check_gid = gid;
 }
 
 /** Perform an operation with the effect/group set to conf_check_gid and conf_check_uid
@@ -689,17 +701,17 @@ cf_file_check_err_t cf_file_check_effective(char const *filename,
 {
 	int ret;
 
-	uid_t euid = (uid_t)-1;
-	gid_t egid = (gid_t)-1;
+	uid_t euid = (uid_t) -1;
+	gid_t egid = (gid_t) -1;
 
-	if ((conf_check_gid != (gid_t)-1) && ((egid = getegid()) != conf_check_gid)) {
+	if ((conf_check_gid != (gid_t) -1) && ((egid = getegid()) != conf_check_gid)) {
 		if (setegid(conf_check_gid) < 0) {
 			fr_strerror_printf("Failed setting effective group ID (%d) for file check: %s",
 					   (int) conf_check_gid, fr_syserror(errno));
 			return CF_FILE_OTHER_ERROR;
 		}
 	}
-	if ((conf_check_uid != (uid_t)-1) && ((euid = geteuid()) != conf_check_uid)) {
+	if ((conf_check_uid != (uid_t) -1) && ((euid = geteuid()) != conf_check_uid)) {
 		if (seteuid(conf_check_uid) < 0) {
 			fr_strerror_printf("Failed setting effective user ID (%d) for file check: %s",
 					   (int) conf_check_uid, fr_syserror(errno));
@@ -915,10 +927,10 @@ cf_file_check_err_t cf_file_check(CONF_PAIR *cp, bool check_perms)
 
 	top = cf_root(cp);
 	tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
-	if (!tree) return false;
+	if (!tree) return CF_FILE_OTHER_ERROR;
 
 	file = talloc(tree, cf_file_t);
-	if (!file) return false;
+	if (!file) return CF_FILE_OTHER_ERROR;
 
 	file->filename = talloc_strdup(file, filename);	/* The rest of the code expects this to be talloced */
 	file->cs = cf_item_to_section(cf_parent(cp));
@@ -1236,7 +1248,7 @@ static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *
 	 */
 	{
 		char		*directory;
-		DIR		*dir;
+		DIR		*dir = NULL;
 		struct dirent	*dp;
 		struct stat	stat_buf;
 		cf_file_heap_t	*h;
@@ -1258,6 +1270,7 @@ static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *
 			      frame->filename, frame->lineno, value,
 			      fr_syserror(errno));
 		error:
+			if (dir) closedir(dir);
 			talloc_free(directory);
 			return -1;
 		}
@@ -1318,8 +1331,8 @@ static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *
 			 *	Check for valid characters
 			 */
 			for (p = dp->d_name; *p != '\0'; p++) {
-				if (isalpha((uint8_t)*p) ||
-				    isdigit((uint8_t)*p) ||
+				if (isalpha((uint8_t) *p) ||
+				    isdigit((uint8_t) *p) ||
 				    (*p == '-') ||
 				    (*p == '_') ||
 				    (*p == '.')) continue;
@@ -1337,8 +1350,8 @@ static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *
 			 	continue;
 			}
 			if ((len > 9) && (strncmp(&dp->d_name[len - 9], ".dpkg-old", 9) == 0)) goto pkg_file;
-			if ((len > 7) && (strncmp(&dp->d_name[len - 7], ".rpmnew", 9) == 0)) goto pkg_file;
-			if ((len > 8) && (strncmp(&dp->d_name[len - 8], ".rpmsave", 10) == 0)) goto pkg_file;
+			if ((len > 7) && (strncmp(&dp->d_name[len - 7], ".rpmnew", 7) == 0)) goto pkg_file;
+			if ((len > 8) && (strncmp(&dp->d_name[len - 8], ".rpmsave", 8) == 0)) goto pkg_file;
 
 			snprintf(stack->buff[1], stack->bufsize, "%s%s",
 				 frame->directory, dp->d_name);
@@ -1362,6 +1375,7 @@ static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *
 			h->heap_id = FR_HEAP_INDEX_INVALID;
 			(void) fr_heap_insert(&frame->heap, h);
 		}
+
 		closedir(dir);
 		return 1;
 	}
@@ -1870,9 +1884,10 @@ static CONF_ITEM *process_catch(cf_stack_t *stack)
 			continue;
 		}
 
-		if (argc > RLM_MODULE_NUMCODES) {
+		if (argc >= RLM_MODULE_NUMCODES) {
 			ERROR("%s[%d]: Invalid syntax for 'catch' - too many arguments at'%s'",
 			      frame->filename, frame->lineno, ptr);
+			talloc_free(name2);
 			return NULL;
 		}
 
@@ -2623,11 +2638,11 @@ static int parse_input(cf_stack_t *stack)
 		}
 
 		name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
-		if (name1_token == T_INVALID) {
+		if (name2_token == T_INVALID) {
 			return parse_error(stack, ptr2, fr_strerror());
 		}
 
-		if (name1_token != T_BARE_WORD) {
+		if (name2_token != T_BARE_WORD) {
 			return parse_error(stack, ptr2, "Unexpected quoted string after section name");
 		}
 

src/lib/server/cf_parse.c

@@ -441,8 +441,6 @@ static int cf_pair_unescape(CONF_PAIR *cp, conf_parser_t const *rule)
 	p = cp->value;
 	q = str;
 	while (*p) {
-		unsigned int x;
-
 		if (*p != '\\') {
 			*(q++) = *(p++);
 			continue;
@@ -461,15 +459,30 @@ static int cf_pair_unescape(CONF_PAIR *cp, conf_parser_t const *rule)
 			break;
 
 		default:
-			if (*p >= '0' && *p <= '9' &&
-			    sscanf(p, "%3o", &x) == 1) {
-				if (!x) {
-					cf_log_err(cp, "Cannot have embedded zeros in value for %s", cp->attr);
+			if ((*p >= '0') && (*p <= '7')) {
+				unsigned long oct;
+				char *end;
+
+				oct = strtoul(p, &end, 8);
+				if (oct == ULONG_MAX) {
+					cf_log_err(cp, "Failed parsing octal string");
+				error:
+					talloc_free(str);
 					return -1;
 				}
 
-				*q++ = x;
-				p += 2;
+				if (!oct) {
+					cf_log_err(cp, "Cannot have embedded zeros in value at %s", p);
+					goto error;
+				}
+
+				if (oct > UINT8_MAX) {
+					cf_log_err(cp, "Invalid octal number in value at %s", p);
+					goto error;
+				}
+
+				*q++ = oct;
+				p = end;
 			} else {
 				*q++ = *p;
 			}
@@ -480,9 +493,8 @@ static int cf_pair_unescape(CONF_PAIR *cp, conf_parser_t const *rule)
 	*q = '\0';
 
 	unescaped = talloc_typed_strdup(cp, str); /* no embedded NUL */
-	if (!unescaped) return -1;
-
 	talloc_free(str);
+	if (!unescaped) return -1;
 
 	/*
 	 *	Replace the old value with the new one.

src/lib/server/cf_priv.h

@@ -148,7 +148,7 @@ typedef struct {
  *				Will be declared in the scope of the loop.
  */
 #define cf_item_foreach(_ci, _iter) \
-	for (CONF_ITEM *_iter = fr_dlist_head(&(_ci)->children); _iter; _iter = fr_dlist_next(&(_ci)->children, _iter))
+	for (CONF_ITEM *JOIN(_next,_iter), *_iter = fr_dlist_head(&(_ci)->children); JOIN(_next,_iter) = fr_dlist_next(&(_ci)->children, _iter), _iter != NULL; _iter = JOIN(_next,_iter))
 
 /** Iterate over the contents of a list
  *