Alan T. DeKok [Fri, 9 May 2014 16:56:15 +0000 (12:56 -0400)]
Remove unused variable
Arran Cudbard-Bell [Fri, 9 May 2014 20:44:27 +0000 (21:44 +0100)]
that one too...
Arran Cudbard-Bell [Fri, 9 May 2014 20:42:01 +0000 (21:42 +0100)]
Try not to leak so much memory on failure
Arran Cudbard-Bell [Fri, 9 May 2014 18:02:59 +0000 (19:02 +0100)]
Hide markers unless -Xx
Arran Cudbard-Bell [Fri, 9 May 2014 17:54:30 +0000 (18:54 +0100)]
api key is a secret too
Arran Cudbard-Bell [Fri, 9 May 2014 17:52:48 +0000 (18:52 +0100)]
Nope it was wrong
Arran Cudbard-Bell [Fri, 9 May 2014 17:50:01 +0000 (18:50 +0100)]
Add better debugging messages when we fail to split an OTP string
Arran Cudbard-Bell [Fri, 9 May 2014 17:21:29 +0000 (18:21 +0100)]
Add docs for REMARKER
Arran Cudbard-Bell [Fri, 9 May 2014 14:23:15 +0000 (15:23 +0100)]
Replace EDEBUG and WDEBUG with ERROR and WARN
Alan T. DeKok [Fri, 9 May 2014 14:20:44 +0000 (10:20 -0400)]
Replace ad-hoc code with RATE_LIMIT(...) macro
So that messages are limited to once per second
Arran Cudbard-Bell [Fri, 9 May 2014 14:03:02 +0000 (15:03 +0100)]
Doxygen
Alan T. DeKok [Fri, 9 May 2014 14:00:16 +0000 (10:00 -0400)]
Too many connections to a home server is INFO not WDEBUG
Arran Cudbard-Bell [Fri, 9 May 2014 13:47:00 +0000 (14:47 +0100)]
Add "split" functionality, so rlm_yubikey just works in more cases
Alan T. DeKok [Fri, 9 May 2014 13:33:42 +0000 (09:33 -0400)]
Re-add trailing "
Alan T. DeKok [Fri, 9 May 2014 11:43:30 +0000 (07:43 -0400)]
If there's no Acct-Status-Type, ignore the packet
but still return OK
Alan T. DeKok [Fri, 9 May 2014 11:23:24 +0000 (07:23 -0400)]
add a third query to start / stop
The queries have 'AND AcctStopTime IS NULL', which speeds up
the normal case substantially. However, we can still have
the case where we get a delayed stop, or where the detail file
is being replayed multiple times. We therefore want to be able
to insert the record where AcctStopTime is NOT NULL
Arran Cudbard-Bell [Fri, 9 May 2014 07:50:12 +0000 (08:50 +0100)]
We still have coverity issues...
Arran Cudbard-Bell [Fri, 9 May 2014 07:40:12 +0000 (08:40 +0100)]
Fix stop update query
Alan T. DeKok [Fri, 9 May 2014 02:21:47 +0000 (22:21 -0400)]
Include NAS-IPv6-Address in Acct-Unique-Session-Id
Alan T. DeKok [Thu, 8 May 2014 21:00:45 +0000 (17:00 -0400)]
Fix build issues
Alan T. DeKok [Thu, 8 May 2014 20:33:21 +0000 (16:33 -0400)]
Lower connection limit in listener_free, and nowhere else
Alan T. DeKok [Thu, 8 May 2014 20:29:49 +0000 (16:29 -0400)]
Normalize debug message
Alan T. DeKok [Thu, 8 May 2014 20:13:55 +0000 (16:13 -0400)]
Events are only managed by the main thread
event_new_fd() is now private. There's a wrapper function
which takes care of adding the listener to a queue, and signalling
the main thread.
Alan T. DeKok [Thu, 8 May 2014 17:45:24 +0000 (13:45 -0400)]
Only use self pipes when threaded
Alan T. DeKok [Thu, 8 May 2014 17:02:42 +0000 (13:02 -0400)]
Note recent changes
Alan T. DeKok [Thu, 8 May 2014 16:57:05 +0000 (12:57 -0400)]
Use self pipes for signals.
So that the detail file "reply" code doesn't call the "read"
code from a child thread
Alan T. DeKok [Thu, 8 May 2014 13:01:44 +0000 (09:01 -0400)]
Use talloc_ctx for new attributes, too
Alan T. DeKok [Thu, 8 May 2014 12:58:36 +0000 (08:58 -0400)]
Make INDEX_CERTS dynamic, too.
So that we can supply a free function.
Also bump the values of the other indexes. OpenSSL allocates
indexes starting from zero, so we don't want it's indexes to
conflict with our indexes
Alan T. DeKok [Thu, 8 May 2014 12:45:09 +0000 (08:45 -0400)]
Use proper talloc context in tls.c. Fixes #629
For sockets, the context is the parent listener.
For EAP sessions, the context is the TLS configuration.
Arran Cudbard-Bell [Thu, 8 May 2014 07:30:34 +0000 (08:30 +0100)]
Whitespace
Johnny Walker [Wed, 7 May 2014 17:58:39 +0000 (11:58 -0600)]
Added TLS-Client-Cert-Subject-Alt-Name-Upn and TLS-Client-Cert-Subject-Alt-Name-Dns attributes (intended for use with EAP-TLS and checking certificates)
Arran Cudbard-Bell [Thu, 8 May 2014 06:55:34 +0000 (07:55 +0100)]
Print message before connecting
Arran Cudbard-Bell [Thu, 8 May 2014 06:41:03 +0000 (07:41 +0100)]
Revert "Minor fixes"
Arran Cudbard-Bell [Wed, 7 May 2014 23:37:49 +0000 (00:37 +0100)]
Don't leak the results of open_querys
Arran Cudbard-Bell [Wed, 7 May 2014 23:22:10 +0000 (00:22 +0100)]
Minor fixes
Arran Cudbard-Bell [Wed, 7 May 2014 23:17:43 +0000 (00:17 +0100)]
Cleanup connection properly on error
Arran Cudbard-Bell [Wed, 7 May 2014 23:05:56 +0000 (00:05 +0100)]
Various minor PG fixes
Alan T. DeKok [Wed, 7 May 2014 20:24:52 +0000 (16:24 -0400)]
note recent changes
Alan T. DeKok [Wed, 7 May 2014 20:08:32 +0000 (16:08 -0400)]
Disabled debug checks
Alan T. DeKok [Wed, 7 May 2014 20:08:11 +0000 (16:08 -0400)]
Simplified sanity checks
Alan T. DeKok [Wed, 7 May 2014 20:05:45 +0000 (16:05 -0400)]
Spawn connections "in_use" or not.
No more double uses of the connections
Arran Cudbard-Bell [Wed, 7 May 2014 19:28:25 +0000 (20:28 +0100)]
Move PQ ssl init to instantiation function, just in case it needs to be done before we spawn threads
Arran Cudbard-Bell [Wed, 7 May 2014 18:58:16 +0000 (19:58 +0100)]
More SSL initialisation
Arran Cudbard-Bell [Wed, 7 May 2014 18:40:32 +0000 (19:40 +0100)]
Use talloc for row memory
Arran Cudbard-Bell [Wed, 7 May 2014 16:32:08 +0000 (17:32 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 7 May 2014 15:14:40 +0000 (16:14 +0100)]
Anything which eventually has the value it got interpreted by pairparsevalue, or doesn't pass the length of the string around must not pre-unescape the string
This broke pretty much all escape sequences in preprocess, sql, ldap and radclient. Arguably as conffile.c is the only place which needs this, it should probably be the thing doing the unescaping.
No, I don't buy that things should be prefixed with \\, that's shit. The server should be able to reingest what it spits out in detail files and there's no way that worked in the current server with octal escape sequences.
Arran Cudbard-Bell [Wed, 7 May 2014 14:35:01 +0000 (15:35 +0100)]
Clear the error buffer after loading dictionaries
Arran Cudbard-Bell [Wed, 7 May 2014 14:31:22 +0000 (15:31 +0100)]
Remove duplicate test (list-delete) was duplicate test of update-remove-list
Arran Cudbard-Bell [Wed, 7 May 2014 14:28:47 +0000 (15:28 +0100)]
Typo
Alan T. DeKok [Wed, 7 May 2014 11:18:40 +0000 (07:18 -0400)]
Cap spawn at max
Alan T. DeKok [Tue, 6 May 2014 23:39:11 +0000 (19:39 -0400)]
Rework min/max/spare handling
So we don't let idle connections make us go below "min"
Alan T. DeKok [Tue, 6 May 2014 18:19:12 +0000 (14:19 -0400)]
Free handle if we can't spawn a thread. Found by codesonar
Arran Cudbard-Bell [Tue, 6 May 2014 22:41:55 +0000 (23:41 +0100)]
Merge pull request #625 from leprechau/v3.0.x
Make internal references match configuration references and update README
Aaron Hurt [Tue, 6 May 2014 15:57:12 +0000 (10:57 -0500)]
Make internal references match configuration references and update README.md to match.
Alan T. DeKok [Tue, 6 May 2014 15:55:41 +0000 (11:55 -0400)]
Close the FD if we can't fdopen it. Found by codesonar
Alan T. DeKok [Tue, 6 May 2014 15:53:29 +0000 (11:53 -0400)]
Close the FD if we can't fdopen it. Found by codesonar
Alan T. DeKok [Tue, 6 May 2014 15:24:27 +0000 (11:24 -0400)]
Tweak reconnect logic.
A reconnect means open new connection, or if that fails, try
to find an unused one. But don't spawn a new connection.
Also, we can only reconnect a used connection. It's an error
to reconnect an unused connection.
Alan T. DeKok [Tue, 6 May 2014 14:23:40 +0000 (10:23 -0400)]
You can only reconnect a handle if it's in-use by you
Alan T. DeKok [Tue, 6 May 2014 13:55:25 +0000 (09:55 -0400)]
Use pthread ID for more connection debugging. Helps debug #624
Alan T. DeKok [Tue, 6 May 2014 13:09:16 +0000 (09:09 -0400)]
Tests for list delete
Alan T. DeKok [Tue, 6 May 2014 12:30:36 +0000 (08:30 -0400)]
Query may be an empty string, too.
We should really fix that in the init function
Arran Cudbard-Bell [Tue, 6 May 2014 12:30:58 +0000 (13:30 +0100)]
Use consistent config item names in couchbase
Arran Cudbard-Bell [Tue, 6 May 2014 08:34:24 +0000 (09:34 +0100)]
Fix dereferencing NULL pointer in json_object_object_get_ex
Arran Cudbard-Bell [Tue, 6 May 2014 08:24:43 +0000 (09:24 +0100)]
Correct behaviour processing stops in rlm_couchbase (unintended fallthrough)
Arran Cudbard-Bell [Tue, 6 May 2014 08:18:18 +0000 (09:18 +0100)]
Check handle is not NULL before dereferencing it CID #1211838
Arran Cudbard-Bell [Mon, 5 May 2014 21:12:38 +0000 (22:12 +0100)]
Open query should default to NULL
Arran Cudbard-Bell [Mon, 5 May 2014 21:02:29 +0000 (22:02 +0100)]
Increase max nodes *sigh*
Arran Cudbard-Bell [Mon, 5 May 2014 20:58:23 +0000 (21:58 +0100)]
Don't continue to fail spawning connections if we failed once...
Arran Cudbard-Bell [Mon, 5 May 2014 19:09:14 +0000 (20:09 +0100)]
Don't need to check, it's marked as required
Arran Cudbard-Bell [Mon, 5 May 2014 09:58:00 +0000 (10:58 +0100)]
Ignore all.mk
Arran Cudbard-Bell [Mon, 5 May 2014 09:56:38 +0000 (10:56 +0100)]
Simpler way of redoing the delimiters (which also doesn't crash if the server item is commented out)
Arran Cudbard-Bell [Mon, 5 May 2014 09:24:38 +0000 (10:24 +0100)]
Config parsing is now handled by the server core, individual modules are no longer expected to do it, except in the case of special sections such as 'map'
Arran Cudbard-Bell [Mon, 5 May 2014 09:04:54 +0000 (10:04 +0100)]
Reduce doxy node depth further
Arran Cudbard-Bell [Mon, 5 May 2014 09:00:55 +0000 (10:00 +0100)]
Merge pull request #620 from leprechau/v3.0.x
import rlm_couchbase
Aaron Hurt [Mon, 5 May 2014 02:23:31 +0000 (21:23 -0500)]
import rlm_couchbase
Alan T. DeKok [Mon, 5 May 2014 00:01:55 +0000 (20:01 -0400)]
Document open_query
Arran Cudbard-Bell [Sun, 4 May 2014 23:54:47 +0000 (00:54 +0100)]
Remove obsolete declarations for new version of DoxyGen
Alan T. DeKok [Sun, 4 May 2014 23:54:43 +0000 (19:54 -0400)]
It's better as open_query
Alan T. DeKok [Sun, 4 May 2014 23:46:28 +0000 (19:46 -0400)]
Add "start_query" to set session-specific parameters
Alan T. DeKok [Sun, 4 May 2014 12:55:55 +0000 (08:55 -0400)]
Don't unlink on close. Fixes #621
Arran Cudbard-Bell [Sun, 4 May 2014 11:46:40 +0000 (12:46 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 4 May 2014 11:42:40 +0000 (12:42 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 4 May 2014 11:36:33 +0000 (12:36 +0100)]
Clients aren't talloced yet
Arran Cudbard-Bell [Sun, 4 May 2014 11:16:24 +0000 (12:16 +0100)]
Ignore more test products
Arran Cudbard-Bell [Sun, 4 May 2014 10:47:44 +0000 (11:47 +0100)]
Fix minor memory leaks in detail file reader
Arran Cudbard-Bell [Sun, 4 May 2014 08:50:12 +0000 (09:50 +0100)]
Avoid allocing *ANY* memory for backtraces.
Arran Cudbard-Bell [Sat, 3 May 2014 22:32:36 +0000 (23:32 +0100)]
Don't alloc any memory inside in fr_fault or functions called by fr_fault.
Alan T. DeKok [Sat, 3 May 2014 19:12:10 +0000 (15:12 -0400)]
Revert changes...
Network RADIUS [Sat, 3 May 2014 18:17:24 +0000 (13:17 -0500)]
Linux is crazy
Alan T. DeKok [Sat, 3 May 2014 18:00:14 +0000 (14:00 -0400)]
Apparently we need unlink?
Arran Cudbard-Bell [Sat, 3 May 2014 17:51:00 +0000 (18:51 +0100)]
Include NDEBUG state when printing out server features
Alan T. DeKok [Sat, 3 May 2014 16:38:25 +0000 (12:38 -0400)]
Final fix for previous commit
Arran Cudbard-Bell [Sat, 3 May 2014 16:35:23 +0000 (17:35 +0100)]
Doxygen
Alan T. DeKok [Sat, 3 May 2014 16:27:06 +0000 (12:27 -0400)]
Don't unlink the socket. Closes CID #720456
The pattern of unlinking before bind is so that we don't open
a socket owned by someone else. We already check that, so
unlinking serves no purpose.
Also, in close_socket(), unlink the file if it was a domain
socket. That way it doesn't stick around
Alan T. DeKok [Sat, 3 May 2014 16:13:32 +0000 (12:13 -0400)]
Parent is the special node NIL, not NULL. CID #1187991
Arran Cudbard-Bell [Sat, 3 May 2014 16:13:20 +0000 (17:13 +0100)]
Quiet gcc
Arran Cudbard-Bell [Sat, 3 May 2014 16:09:40 +0000 (17:09 +0100)]
Hack to temporarily enable dumpable flag, call panic_action, then disable it again (if required)
Arran Cudbard-Bell [Sat, 3 May 2014 11:49:30 +0000 (12:49 +0100)]
Only iterate over VPs if we have a request: CID #1211052
Arran Cudbard-Bell [Sat, 3 May 2014 11:43:27 +0000 (12:43 +0100)]
Remove assert (it was weird) - absence doesn't trigger complaint from clang scan
Arran Cudbard-Bell [Sat, 3 May 2014 11:35:18 +0000 (12:35 +0100)]
Make comparison functions use a generic comparator type
Add fr_quicksort to quicksort arrays using a comparator
Fix issue in radsniff, where the list of DICT_ATTRs needed to be sorted but weren't, meaning most of them would probably have been ignored