Bump the shared secret maximum length to 256 #104
Conversation
DimitriPapadopoulos
force-pushed
the
MAX_SECRET_LENGTH
branch
3 times, most recently
from
965199f
to
eeccbf8
Compare
|
Thanks. Can you merge the changes into a single commit with a signed-off-by? |
Bump the shared secret maximal length MAX_SECRET_LENGTH to 256: * The FreeRADIUS library bumped it from 6 * 16 to 16 * 16 as well: FreeRADIUS/freeradius-client#112 FreeRADIUS/freeradius-client@6ec5f43 * A value of 256 covers most commercial RADIUS servers, except the AWS Directory Service with an upper limit of 512 characters. * In practice, I doubt anyone uses shared secrets larger than 256 out there. Bump the password maximal length AUTH_PASS_LEN to 128: * According to RFC 2865, User-Password is between 16 and 128 octets long, inclusive. * The FreeRADIUS library bumped it from 7 * 16 to 8 * 16 as well: FreeRADIUS/freeradius-client#112 FreeRADIUS/freeradius-client@6ec5f43 Bump V_CURRENT to account for the ABI change Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
DimitriPapadopoulos
force-pushed
the
MAX_SECRET_LENGTH
branch
from
eeccbf8
to
c22606e
Compare
|
I could be wrong, but I think the abi-check CI error appeared after simply squashing the commits. Strange. Any way, do we really need the major version bump? The breaking case at hand is the one where software is built against a new version of the radcli library/header which advertises the new higher values of However, I question whether this changes the ABI: functions and their signatures don't change and But then again, even the API change is questionable. It all depends on the underlying promise made by putting Finally, I don't understand the error message, which seems to imply a 6 → 5 instead of a 5 → 6 modification of the soname. And functions are not removed, where does this come from? |
|
The version bump is necessary. A software compiled with the new version cannot be linked with the older version since the sizes differ. |
|
Why cannot it be linked? I don't see the size being part of the API. It's just a constant. I cannot make any sense of the CI error, but I suspect it is unhappy with the 5 → 6 bump and suggests bumping down 6 → 5. |
What happens when an application linked with the new constant is used with an older library that has the previous value of the constant, when a username is copied that exceeds the previous value? |
|
This has been merged already. |
|
I think such constants should not be part of the ABI. Functions that use that constant internally should exit gracefully, whenever an argument is incompatible, without the need to expose a constant. Client programmer, don't really care about the exact value of a constant, they only care whether the function is able to process or not a given argument. Said otherwise, I believe client code should look like this: if (process(arg) == 0) {
log("cannot process string of length %d", strlen(arg));
goto error;
}instead of: if strlen(arg) > AUTH_PASS_LEN) {
log("cannot process string of length %d > %d", strlen(arg), AUTH_PASS_LEN);
goto error;
} else {
process(arg);
}Currently, (i) I am not certain we handle or give the means to handle such errors gracefully, and (ii) it's indeed unclear whether the constant is part or not of the contract. Sure, it's in the header file, but code client should not use it. To be on the safe side, let's consider the constant is part of the ABI. I nevertheless would like to see it removed from the ABI in the future. |
6 * 16to16 * 16as well:User-password and shared secret limits too low, should be 128. FreeRADIUS/freeradius-client#112
FreeRADIUS/freeradius-client@6ec5f43
Fixes #103.