From 3843e655e13031990049cfa425229827bea93ccf Mon Sep 17 00:00:00 2001
From: Herwin Weststrate <herwin@quarantainenet.nl>
Date: Thu, 14 Jan 2016 16:58:35 +0100
Subject: [PATCH] Removed workaround for Livingstone 1.16

That server is ancient, there shouldn't be any workarounds in the code for that. Just fix the radius server instead of the client.
---
 BUGS                                 |  6 --
 config.h.in                          |  3 -
 configure                            | 31 -----------
 configure.in                         | 20 -------
 lib/sendserver.c                     | 12 ----
 patches/Makefile.am                  |  3 +-
 patches/Makefile.in                  |  3 +-
 patches/README                       | 15 -----
 patches/radiusd-1.16.accounting.diff | 82 ----------------------------
 patches/radiusd-1.16.shadow.diff     | 12 ----
 10 files changed, 2 insertions(+), 185 deletions(-)
 delete mode 100644 patches/radiusd-1.16.accounting.diff
 delete mode 100644 patches/radiusd-1.16.shadow.diff

diff --git a/BUGS b/BUGS
index 606bb0f8..16757452 100644
--- a/BUGS
+++ b/BUGS
@@ -6,11 +6,5 @@ Testing can show the presense of bugs, but not their absence.
 Radlogin respectively send_server in sendserver.c does not honour a 
 ACCESS_CHALLENGE packet from the RADIUS server. 
 
-There are interoperability problems with radiusd 1.16... but all the Merit
-radiusds I tried worked (last one I tried 2.4.21). There is an option to
-configure (--enable-radius-116) to kludge around this... It turned out to be
-a bug in radiusd 1.16: it doesn't include the shared secret in the digest
-calculation. See patches/radiusd-1.16.accounting.diff for a real fix.
-
 There are some issues that occur on occasion when defining clients with
 hostnames, rather than dotted-quad IPs.  
diff --git a/config.h.in b/config.h.in
index 524c6212..a2535d88 100644
--- a/config.h.in
+++ b/config.h.in
@@ -238,9 +238,6 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
-/* include code to kludge aroung Livingston RADIUS server 1.16 */
-#undef RADIUS_116
-
 /* Define as the return type of signal handlers (`int' or `void'). */
 #undef RETSIGTYPE
 
diff --git a/configure b/configure
index 8557183e..1c4bac5f 100755
--- a/configure
+++ b/configure
@@ -783,7 +783,6 @@ enable_shadow
 with_nettle
 with_secure_path
 with_facility
-enable_radius_116
 enable_scp
 '
       ac_precious_vars='build_alias
@@ -1432,7 +1431,6 @@ Optional Features:
                           speeds up one-time build
   --disable-libtool-lock  avoid locking (might break parallel builds)
   --enable-shadow         Enable shadow password support
-  --enable-radius-116     Include support for Livingston's RADIUS server 1.16
   --enable-scp            Add service type hints derived from username prefix
 
 Optional Packages:
@@ -14319,35 +14317,6 @@ $as_echo "LOG_DAEMON" >&6; }
 fi
 
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include Livingston's RADIUS server 1.16 kludge" >&5
-$as_echo_n "checking whether to include Livingston's RADIUS server 1.16 kludge... " >&6; }
-# Check whether --enable-radius-116 was given.
-if test "${enable_radius_116+set}" = set; then :
-  enableval=$enable_radius_116;
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-	$as_echo "#define RADIUS_116 1" >>confdefs.h
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: !! This is a bug in Livingston's RADIUS server v1.16. There" >&5
-$as_echo "$as_me: WARNING: !! This is a bug in Livingston's RADIUS server v1.16. There" >&2;}
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: !! is a patch included with radiusclient which fixes this" >&5
-$as_echo "$as_me: WARNING: !! is a patch included with radiusclient which fixes this" >&2;}
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: !! problem. See patches/radiusd-1.16.accounting.diff. With" >&5
-$as_echo "$as_me: WARNING: !! problem. See patches/radiusd-1.16.accounting.diff. With" >&2;}
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: !! the patched RADIUS server you no longer need to activate" >&5
-$as_echo "$as_me: WARNING: !! the patched RADIUS server you no longer need to activate" >&2;}
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: !! this hack." >&5
-$as_echo "$as_me: WARNING: !! this hack." >&2;}
-
-else
-
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-
-fi
-
-
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to add service type hints derived from username prefix" >&5
 $as_echo_n "checking whether to add service type hints derived from username prefix... " >&6; }
 # Check whether --enable-scp was given.
diff --git a/configure.in b/configure.in
index ab74a437..c62e2350 100644
--- a/configure.in
+++ b/configure.in
@@ -291,24 +291,6 @@ AC_ARG_WITH(facility,
 ]
 )
 
-dnl RADIUS_116
-AC_MSG_CHECKING(whether to include Livingston's RADIUS server 1.16 kludge)
-AC_ARG_ENABLE(radius-116,
-[  --enable-radius-116     Include support for Livingston's RADIUS server 1.16],
-[
-        AC_MSG_RESULT(yes)
-	AC_DEFINE(RADIUS_116)
-	AC_MSG_WARN([!! This is a bug in Livingston's RADIUS server v1.16. There])
-	AC_MSG_WARN([!! is a patch included with radiusclient which fixes this])
-	AC_MSG_WARN([!! problem. See patches/radiusd-1.16.accounting.diff. With])
-	AC_MSG_WARN([!! the patched RADIUS server you no longer need to activate])
-	AC_MSG_WARN([!! this hack.])
-],
-[
-        AC_MSG_RESULT(no)
-]
-)
-
 dnl SCP
 AC_MSG_CHECKING(whether to add service type hints derived from username prefix)
 AC_ARG_ENABLE(scp,
@@ -337,8 +319,6 @@ AH_OUTPUT([HAVE_STRUCT_UTSNAME_DOMAINNAME], [/*struct utsname has domainname fie
 #undef HAVE_STRUCT_UTSNAME_DOMAINNAME])
 AH_OUTPUT([NEED_SIG_PROTOTYPES], [/* do you need the sig* prototypes ? */
 #undef NEED_SIG_PROTOTYPES])
-AH_OUTPUT([RADIUS_116], [/* include code to kludge aroung Livingston RADIUS server 1.16 */
-#undef RADIUS_116])
 AH_OUTPUT([SCP], [/* SCP support */
 #undef SCP])
 AH_OUTPUT([PACKAGE], [
diff --git a/lib/sendserver.c b/lib/sendserver.c
index 9f26df57..f898d5f3 100644
--- a/lib/sendserver.c
+++ b/lib/sendserver.c
@@ -609,18 +609,6 @@ static int rc_check_reply (AUTH_HDR *auth, int bufferlen, char const *secret, un
 	if (memcmp ((char *) reply_digest, (char *) calc_digest,
 		    AUTH_VECTOR_LEN) != 0)
 	{
-#ifdef RADIUS_116
-		/* the original Livingston radiusd v1.16 seems to have
-		   a bug in digest calculation with accounting requests,
-		   authentication request are ok. i looked at the code
-		   but couldn't find any bugs. any help to get this
-		   kludge out are welcome. preferably i want to
-		   reproduce the calculation bug here to be compatible
-		   to stock Livingston radiusd v1.16.	-lf, 03/14/96
-		 */
-		if (auth->code == PW_ACCOUNTING_RESPONSE)
-			return OK_RC;
-#endif
 		rc_log(LOG_ERR, "rc_check_reply: received invalid reply digest from RADIUS server");
 		return BADRESP_RC;
 	}
diff --git a/patches/Makefile.am b/patches/Makefile.am
index 3ea879f4..1f303856 100644
--- a/patches/Makefile.am
+++ b/patches/Makefile.am
@@ -12,5 +12,4 @@ AUTOMAKE_OPTIONS = foreign
 
 CLEANFILES = *~
 
-EXTRA_DIST = README merit-2.4.21-CHAP.diff radiusd-1.16.shadow.diff \
-	radiusd-1.16.accounting.diff
+EXTRA_DIST = README merit-2.4.21-CHAP.diff
diff --git a/patches/Makefile.in b/patches/Makefile.in
index 1b407298..623fbd51 100644
--- a/patches/Makefile.in
+++ b/patches/Makefile.in
@@ -253,8 +253,7 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = foreign
 CLEANFILES = *~
-EXTRA_DIST = README merit-2.4.21-CHAP.diff radiusd-1.16.shadow.diff \
-	radiusd-1.16.accounting.diff
+EXTRA_DIST = README merit-2.4.21-CHAP.diff
 
 all: all-am
 
diff --git a/patches/README b/patches/README
index 8049e0ca..08b77811 100644
--- a/patches/README
+++ b/patches/README
@@ -15,21 +15,6 @@ merit-2.4.21-CHAP.diff
 	this patch to Merit, so hopefully it'll be included in the next release.
 	Apply this patch from the "src" directory of the radiusd sources.
 
-radiusd-1.16.shadow.diff
-
-	Patch to the original radiusd by Livingston to recognize "*"
-	as a special password to look for shadow passwords.
-	Apply this patch from the "src" directory of the radiusd sources.
-
-
-radiusd-1.16.accounting.diff
-
-	The patch for Livingston's (now Lucent's) radiusd 1.16 fixes the
-	accounting reply digest bug. When you've applied this patch to your
-	RADIUS server you no longer need to compile radiusclient with
-	--enable-radius-116. This patch was contributed by Tilman
-	Mueller-Gerbes <tmg@suse.de>. Thanks, Tilman!
-
 rename.patch
 
         The patch renames the library to radiusclient-ng (that means 
diff --git a/patches/radiusd-1.16.accounting.diff b/patches/radiusd-1.16.accounting.diff
deleted file mode 100644
index feda35c6..00000000
--- a/patches/radiusd-1.16.accounting.diff
+++ /dev/null
@@ -1,82 +0,0 @@
-Message-ID: <19980211151522.51612@Galerkin.fs100.suse.de>
-Date: Wed, 11 Feb 1998 15:15:22 +0100
-From: Tilman Mueller-Gerbes <tmg@suse.de>
-To: Lars Fenneberg <lf@elemental.net>
-Subject: Re: Radiusclient-0.3-alpha
-
-Hi!
-
-Das mit der spec-Datei dauert noch ein bisschen, allerdings habe
-ich einen Bug-Fix fuer den Radiusd, d.h. dein Problem mit
-den Radius-Accounting-Requests geloest:
-
-Es ist so, dass bei Radius-Accounting Requests im Response-MD5-Digest
-der radiusd 1.16 schlicht und einfach das secret nicht mit
-einrechnet. Das secret wird mehr oder weniger zufaellig gesetzt
-(d.h. gar nicht erst initialisiert :(.
-
-Ich habe einen Patch fuer den Radiusd 1.16.1 (unten angehaengt).
-
-Der Radiusd Berechnet die Digests bei Accounting Requests nicht -
-ob das so i.O. ist sei mal dahingestellt, andere Implementationen
-werden es wohl auch nicht tun.
-
-
-****
-
---- src/Makefile
-+++ src/Makefile	1998/02/11 14:09:51
-@@ -14,7 +14,7 @@
- # unixware: add -Dunixware to CFLAGS, use LIBS= -lucb -lnsl -lsocket
- #
- SRCDIR=.
--CFLAGS= -O -DNOSHADOW
-+CFLAGS= -O -DFIX_ACCOUNTING_BUG
- LDFLAGS=
- CC=	cc
- LIBS=
---- src/acct.c
-+++ src/acct.c	1998/02/11 14:09:10
-@@ -70,6 +70,31 @@
- 	char		buffer[512];
- 	VALUE_PAIR	*pair;
- 	long		curtime;
-+	char		pw_digest[16];
-+	/*
-+	 * fix accounting bug: when receiving an accounting request
-+	 * the digest is not checked at all and a wrong
-+	 * reply digest is calculated, as authreq->secret is not
-+	 * initialized
-+	 * this fix should not break any existing code, as the
-+	 * reply digest was random anyway (and may be never checked
-+	 * by anyone) -tmg@suse.de-
-+	 */
-+#if defined(FIX_ACCOUNTING_BUG)
-+	/* Verify the client and Calculate the MD5 Password Digest */
-+	if(calc_digest(pw_digest, authreq) != 0) {
-+	        char		msg[512];
-+		/* We dont respond when this fails */
-+		sprintf(msg, "Authenticate: from %s - Security Breach Accounting\n",
-+			ip_hostname(authreq->ipaddr));
-+		msg[127] = '\0';
-+		log_err(msg);
-+		pairfree(authreq->request);
-+		memset(authreq, 0, sizeof(AUTH_REQ));
-+		free(authreq);
-+		return;
-+	}
-+#endif
- 
- 	strncpy(clientname, ip_hostname(authreq->ipaddr), 128);
- 	clientname[127] = '\0';
-
-
-
-
--- 
-  Tilman Mueller-Gerbes, S.u.S.E. GmbH, Gebhardtstr. 2, 90762 Fuerth, Germany
-  Tel: +49-911-7405330,       Fax: +49-911-7417755,      Email: tmg@suse.de
-+-------------------------------------------------------------------------+
-| S.u.S.E. auf der CeBIT '98!  --  Besuchen Sie uns in Halle 5, Stand A61 |
-+-------------------------------------------------------------------------+
-
diff --git a/patches/radiusd-1.16.shadow.diff b/patches/radiusd-1.16.shadow.diff
deleted file mode 100644
index ff2c1623..00000000
--- a/patches/radiusd-1.16.shadow.diff
+++ /dev/null
@@ -1,12 +0,0 @@
---- radiusd.c~	Fri Jan  6 22:58:16 1995
-+++ radiusd.c	Thu Apr  4 22:43:31 1996
-@@ -1426,7 +1426,8 @@
- 	encrypted_pass = pwd->pw_passwd;
- 
- #if !defined(NOSHADOW)
--	if(strcmp(pwd->pw_passwd, "x") == 0) {
-+	if ((strcmp(pwd->pw_passwd, "x") == 0) ||
-+	    (strcmp(pwd->pw_passwd, "*") == 0)) {
- 		if((spwd = getspnam(name)) == NULL) {
- 			return(-1);
- 		}