Re-enable wildcard clients. The clients.conf had a reference to it working previously...

diff --git a/src/lib/misc.c b/src/lib/misc.c
index 58f8622..c5d2c79 100644 (file)
--- a/src/lib/misc.c
+++ b/src/lib/misc.c
@@ -214,6 +214,10 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
                 */
                if ((value[0] == '*') && (value[1] == '\0')) {
                        out->ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
+                       out->prefix = 0;
+                       out->af = AF_INET;
+
+                       return 0;
                /*
                 *      Convert things which are obviously integers to IP addresses
                 *
@@ -314,6 +318,10 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
                 */
                if ((value[0] == '*') && (value[1] == '\0')) {
                        memset(&out->ipaddr.ip6addr.s6_addr, 0, sizeof(out->ipaddr.ip6addr.s6_addr));
+                       out->prefix = 0;
+                       out->af = AF_INET6;
+
+                       return 0;
                } else if (!resolve) {
                        if (inet_pton(AF_INET6, value, &(out->ipaddr.ip6addr.s6_addr)) <= 0) {
                                fr_strerror_printf("Failed to parse IPv6 address string \"%s\"", value);

diff --git a/src/main/client.c b/src/main/client.c
index 4a6c740..cb92ce7 100644 (file)
--- a/src/main/client.c
+++ b/src/main/client.c
@@ -194,7 +194,7 @@ int client_add(RADCLIENT_LIST *clients, RADCLIENT *client)
        }
 
        fr_ntop(buffer, sizeof(buffer), &client->ipaddr);
-       DEBUG("Adding client %s (%s)", buffer, client->longname);
+       DEBUG3("Adding client %s (%s) to prefix tree %i", buffer, client->longname, client->ipaddr.prefix);
 
        /*
         *      If "clients" is NULL, it means add to the global list.
@@ -543,7 +543,6 @@ static RADCLIENT *client_parse(CONF_SECTION *cs, int in_server)
                                      fr_strerror());
                        goto error;
                }
-               cf_log_err_cs(cs, "Wildcard client addresses are not allowed");
 
                c->longname = talloc_typed_strdup(c, name2);
                if (!c->shortname) c->shortname = talloc_typed_strdup(c, c->longname);
@@ -580,11 +579,6 @@ static RADCLIENT *client_parse(CONF_SECTION *cs, int in_server)
                fr_ipaddr_mask(&c->ipaddr, cl_prefix);
        }
 
-       if ((c->ipaddr.prefix == 0) || is_wildcard(&c->ipaddr)) {
-               cf_log_err_cs(cs, "Wildcard client addresses are not allowed");
-               goto error;
-       }
-
        c->proto = IPPROTO_UDP;
        if (hs_proto) {
                if (strcmp(hs_proto, "udp") == 0) {
@@ -1006,12 +1000,6 @@ RADCLIENT *client_from_query(TALLOC_CTX *ctx, char const *identifier, char const
                return NULL;
        }
 
-       if ((c->ipaddr.prefix == 0) || is_wildcard(&c->ipaddr)) {
-               ERROR("Wildcard client addresses are not allowed");
-
-               goto error;
-       }
-
 #ifdef WITH_DYNAMIC_CLIENTS
        c->dynamic = true;
 #endif
@@ -1144,12 +1132,6 @@ RADCLIENT *client_from_request(RADCLIENT_LIST *clients, REQUEST *request)
                }
        }
 
-       if ((c->ipaddr.prefix == 0) || is_wildcard(&c->ipaddr)) {
-               DEBUG("- Wildcard client addresses are not allowed");
-
-               goto error;
-       }
-
        if (c->ipaddr.af == AF_UNSPEC) {
                DEBUG("- Cannot add client %s: No IP address was specified.",
                      ip_ntoh(&request->packet->src_ipaddr,

diff --git a/src/main/conffile.c b/src/main/conffile.c
index 1aa61f7..33eebc5 100644 (file)
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -930,7 +930,7 @@ static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW
        case PW_TYPE_IP_ADDR:
                switch (ipaddr->af) {
                case AF_INET:
-               if (ipaddr->prefix != 32) {
+               if (!is_wildcard(ipaddr) && (ipaddr->prefix != 32)) {
                        ERROR("Invalid IPv4 mask length \"/%i\".  Only \"/32\" permitted for non-prefix types",
                              ipaddr->prefix);
 
@@ -939,7 +939,7 @@ static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW
                        break;
 
                case AF_INET6:
-               if (ipaddr->prefix != 128) {
+               if (!is_wildcard(ipaddr) && (ipaddr->prefix != 128)) {
                        ERROR("Invalid IPv6 mask length \"/%i\".  Only \"/128\" permitted for non-prefix types",
                              ipaddr->prefix);
 

diff --git a/src/main/realms.c b/src/main/realms.c
index 329c894..4e5383c 100644 (file)
--- a/src/main/realms.c
+++ b/src/main/realms.c
@@ -379,6 +379,10 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs)
         *      Figure out which one to use.
         */
        if (cf_pair_find(cs, "ipaddr") || cf_pair_find(cs, "ipv4addr") || cf_pair_find(cs, "ipv6addr")) {
+               if (is_wildcard(&hs_ipaddr)) {
+                       cf_log_err_cs(cs, "Wildcard '*' addresses are not permitted for home servers");
+                       goto error;
+               }
                home->ipaddr = hs_ipaddr;
        } else if ((cp = cf_pair_find(cs, "virtual_server")) != NULL) {
                home->ipaddr.af = AF_UNSPEC;