Hello,
Is this a good idea to allow testing of a given user name/password pair from anywhere in internet? I modified the latest conffile.c to accept authentication requests from anywhere by using the following directive: client 0.0.0.0/0 { secret = XXX shortname = superbt.ca } As you see, the significant part of netmask is reduced to 0 leftmost bits. Is this a safe approach? The patch is enclosed. -- Ilguiz Latypov computer programmer SuperBT Canada, Inc 153 Union St. E. Waterloo, Ontario N2J 1C4 Canada GMT-4 day time tel. +1 (519) 569-7818 GMT-4 night time tel. +1 (519) 569-7193 ====================================================================== diff -u ../../../radiusd.orig/src/main/conffile.c ./conffile.c --- ../../../radiusd.orig/src/main/conffile.c Mon Jun 10 11:06:16 2002 +++ ./conffile.c Tue Jul 9 19:47:58 2002 @@ -1145,15 +1145,16 @@ int i, mask_length; mask_length = atoi(netmask + 1); - if ((mask_length <= 0) || (mask_length > 32)) { + if ((mask_length < 0) || (mask_length > 32)) { radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.", filename, cs->item.lineno, netmask + 1); return -1; } - c->netmask = (1 << 31); - for (i = 1; i < mask_length; i++) { - c->netmask |= (c->netmask >> 1); + c->netmask = 0; + for (i = 1; i <= mask_length; i++) { + c->netmask >>= 1; + c->netmask |= (1 << 31); } *netmask = '\0'; ====================================================================== - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html