Alan T. DeKok [Thu, 29 May 2014 14:28:28 +0000 (10:28 -0400)]
Don't return OK for EAP-MSCHAPv2 success/fail
it breaks other things in the server, when we have
eap {
ok = return
}
There is minimal additional cost to doing this
Alan T. DeKok [Thu, 29 May 2014 14:22:09 +0000 (10:22 -0400)]
Move last few conf items to FR_CONF_OFFSET
and fix resulting compiler warnings
Arran Cudbard-Bell [Thu, 29 May 2014 13:26:28 +0000 (14:26 +0100)]
Use pairmake_packet for Module-Failure-Message
Arran Cudbard-Bell [Thu, 29 May 2014 13:08:22 +0000 (14:08 +0100)]
Add macro for FR_FAULT_LOG
Arran Cudbard-Bell [Thu, 29 May 2014 12:29:32 +0000 (13:29 +0100)]
Print maps for !* ANY
Arran Cudbard-Bell [Thu, 29 May 2014 11:30:04 +0000 (12:30 +0100)]
Remove code in radius_map2vp for !* ANY (it's not needed)
Arran Cudbard-Bell [Thu, 29 May 2014 11:55:34 +0000 (12:55 +0100)]
Fix double & with attribute references in debug_map
It's completely pointless, so much so there's not
Arran Cudbard-Bell [Thu, 29 May 2014 11:29:30 +0000 (12:29 +0100)]
Comment
Arran Cudbard-Bell [Thu, 29 May 2014 11:29:23 +0000 (12:29 +0100)]
Formatting
Alan T. DeKok [Wed, 28 May 2014 23:30:30 +0000 (19:30 -0400)]
It's OK to send packets in outgoing proxy socket INIT state
Alan T. DeKok [Wed, 28 May 2014 23:25:36 +0000 (19:25 -0400)]
Don't print out useless proxy ID
Alan T. DeKok [Wed, 28 May 2014 23:16:54 +0000 (19:16 -0400)]
close_notify isn't an error. It's a polite notification
Alan T. DeKok [Wed, 28 May 2014 22:38:58 +0000 (18:38 -0400)]
only use TLS if TLS is enabled
Alan T. DeKok [Wed, 28 May 2014 21:26:57 +0000 (17:26 -0400)]
Add the proxy listener to the packet list immediately
so that we can allocate IDs immediately
Alan T. DeKok [Wed, 28 May 2014 21:26:20 +0000 (17:26 -0400)]
certs will be NULL for outgoing proxy sockets.
Alan T. DeKok [Wed, 28 May 2014 21:18:10 +0000 (17:18 -0400)]
Fix use of fr_nonblock && listen() for sockets
Outgoing TCP sockets are non-blocking. Incoming sockets
are non-blocking. Outgoing TLS sockets are blocking.
Don't call listen() on outgoing sockets
Alan T. DeKok [Wed, 28 May 2014 21:17:43 +0000 (17:17 -0400)]
Don't set nonblock on outgoing client connections.
The caller will need to set it if necessary
Arran Cudbard-Bell [Wed, 28 May 2014 19:13:37 +0000 (20:13 +0100)]
Status should always be initialised in rlm_ldap_bind
We'll never actually hit this (it would require fr_connection_get_num to return a negative value).
Arran Cudbard-Bell [Wed, 28 May 2014 16:34:01 +0000 (17:34 +0100)]
Need extra break
Arran Cudbard-Bell [Wed, 28 May 2014 16:12:03 +0000 (17:12 +0100)]
Don't need memset if it's static
Arran Cudbard-Bell [Wed, 28 May 2014 16:03:05 +0000 (17:03 +0100)]
pairparsevalue should return 0 or -1 like pretty much every other function int the server
Arran Cudbard-Bell [Wed, 28 May 2014 15:53:41 +0000 (16:53 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 28 May 2014 15:28:03 +0000 (16:28 +0100)]
Add some more asserts for catching invalid VPs when build without WITH_VERIFY_PTR
Arran Cudbard-Bell [Wed, 28 May 2014 15:05:44 +0000 (16:05 +0100)]
Add \0 safe parsing of LDAP binary attributes
Arran Cudbard-Bell [Wed, 28 May 2014 14:40:24 +0000 (15:40 +0100)]
Make pairparsevalue binary safe
Herwin Weststrate [Wed, 28 May 2014 13:53:29 +0000 (15:53 +0200)]
Added debian/freeradius-rest to gitignore
Otherwise, building a Debian package leaves a change in the repository.
Tested with Debian Wheezy 32bit on tag release_3_0_4_rc0 and current
master (commit
73c90fc26a6a56becdf9153abce8d05175fdb06a).
Arran Cudbard-Bell [Wed, 28 May 2014 08:26:42 +0000 (09:26 +0100)]
More LDAP tweaks
Arran Cudbard-Bell [Wed, 28 May 2014 07:24:40 +0000 (08:24 +0100)]
Don't retry ldap binds on failure (if were opening a new connection)
Arran Cudbard-Bell [Tue, 27 May 2014 22:47:56 +0000 (23:47 +0100)]
Extra message
Arran Cudbard-Bell [Tue, 27 May 2014 22:40:01 +0000 (23:40 +0100)]
Make it clearer what's happening on exit Fixes #665
Alan T. DeKok [Tue, 27 May 2014 17:30:29 +0000 (13:30 -0400)]
Tweak error message
Arran Cudbard-Bell [Tue, 27 May 2014 15:04:34 +0000 (16:04 +0100)]
Add option not to add applicaiton_name
Alan T. DeKok [Tue, 27 May 2014 14:45:26 +0000 (10:45 -0400)]
Re-arrange calls to setup_post_proxy_fail
So they all follow the same pattern
Alan T. DeKok [Tue, 27 May 2014 13:12:54 +0000 (09:12 -0400)]
We can suppress delayed proxy responses, too
Arran Cudbard-Bell [Tue, 27 May 2014 11:39:33 +0000 (12:39 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 27 May 2014 11:19:33 +0000 (12:19 +0100)]
Need to create new attributes as integer64 type in rlm_sqlcounter
Arran Cudbard-Bell [Tue, 27 May 2014 09:25:38 +0000 (10:25 +0100)]
New DHCP options encoder
Use the correct fields for accessing non uint32_t types
Arran Cudbard-Bell [Tue, 27 May 2014 09:24:52 +0000 (10:24 +0100)]
Backport radius_vpt_get_vp changes from master
Alan T. DeKok [Tue, 27 May 2014 00:41:09 +0000 (20:41 -0400)]
Use OpenSSL MD4 and MD5 by default.
Don't do this for SHA, because src/modules/rlm_eap/libeap/fips186prf.c
needs access to the SHA internals
Arran Cudbard-Bell [Tue, 27 May 2014 00:05:32 +0000 (01:05 +0100)]
Merge pull request #662 from fajarnugraha/v3.0.x-suse-
20140526
V3.0.x suse specfile build fix
Fajar A. Nugraha [Mon, 26 May 2014 23:51:20 +0000 (06:51 +0700)]
suse: specfile build fixes
Alan T. DeKok [Mon, 26 May 2014 22:16:34 +0000 (18:16 -0400)]
fix compile error
Alan T. DeKok [Mon, 26 May 2014 22:14:51 +0000 (18:14 -0400)]
We always have a "request" now
Alan T. DeKok [Mon, 26 May 2014 22:10:53 +0000 (18:10 -0400)]
Start request numbers at 1
Which distinguishes them from fake requests
Alan T. DeKok [Mon, 26 May 2014 22:10:09 +0000 (18:10 -0400)]
Add a fake request for outgoing TLS client connections
Arran Cudbard-Bell [Mon, 26 May 2014 21:59:52 +0000 (22:59 +0100)]
Fix cbtls now we don't check for request in RDEBUG macros
Arran Cudbard-Bell [Mon, 26 May 2014 20:22:45 +0000 (21:22 +0100)]
Add instance to application name
Arran Cudbard-Bell [Mon, 26 May 2014 19:28:57 +0000 (20:28 +0100)]
Should be error message
Arran Cudbard-Bell [Mon, 26 May 2014 19:27:39 +0000 (20:27 +0100)]
Add asserts to radlog functions
Arran Cudbard-Bell [Mon, 26 May 2014 18:47:14 +0000 (19:47 +0100)]
rm unused goto
Arran Cudbard-Bell [Mon, 26 May 2014 18:29:55 +0000 (19:29 +0100)]
This should never happen
Arran Cudbard-Bell [Mon, 26 May 2014 18:16:44 +0000 (19:16 +0100)]
Impose a hard limit on the number of reconnection attempts for rlm_sql and rlm_ldap
Arran Cudbard-Bell [Mon, 26 May 2014 18:16:15 +0000 (19:16 +0100)]
Don't reconnect on QUERY CANCELED
Arran Cudbard-Bell [Mon, 26 May 2014 14:34:47 +0000 (15:34 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 26 May 2014 14:28:43 +0000 (15:28 +0100)]
Use the same format as other applications
Arran Cudbard-Bell [Mon, 26 May 2014 13:45:27 +0000 (14:45 +0100)]
Tighter range constraint on INTEGER types
Alan T. DeKok [Mon, 26 May 2014 13:31:04 +0000 (09:31 -0400)]
Call rad_postauth() and send the packet from proxy_no_reply. Closes #657
Alan T. DeKok [Mon, 26 May 2014 13:30:38 +0000 (09:30 -0400)]
Don't delay proxy replies when there was a timeout
Arran Cudbard-Bell [Mon, 26 May 2014 13:23:01 +0000 (14:23 +0100)]
One last sign fix for rlm_securid
Arran Cudbard-Bell [Mon, 26 May 2014 13:03:44 +0000 (14:03 +0100)]
Typo
Arran Cudbard-Bell [Mon, 26 May 2014 12:30:48 +0000 (13:30 +0100)]
Cast interval values to ints before use, so we don't get sign issues with time_t. Fixes #659
Arran Cudbard-Bell [Mon, 26 May 2014 12:09:25 +0000 (13:09 +0100)]
Use signed int to represent epoch in rlm_cache
Nikolai Kondrashov [Mon, 26 May 2014 11:26:41 +0000 (14:26 +0300)]
Fix compilation of rlm_eap
Mark rlm_eap_tnc connection_string const to cater to FR_CONF_OFFSET
invocation. This fixes the build of rlm_eap module.
Arran Cudbard-Bell [Mon, 26 May 2014 11:25:58 +0000 (12:25 +0100)]
Doing it the smart way causes Doxygen errors
Arran Cudbard-Bell [Mon, 26 May 2014 11:07:42 +0000 (12:07 +0100)]
Move db_string building into the pg instantiation function
Add application_name to the db_string
Arran Cudbard-Bell [Sun, 25 May 2014 22:42:14 +0000 (23:42 +0100)]
Add talloc_frees in realm
Arran Cudbard-Bell [Sun, 25 May 2014 22:21:14 +0000 (23:21 +0100)]
Sync rlm_python and rlm_ldap with master
Arran Cudbard-Bell [Sun, 25 May 2014 22:00:11 +0000 (23:00 +0100)]
Add compile time checking for config pointers
Arran Cudbard-Bell [Sat, 24 May 2014 21:28:37 +0000 (22:28 +0100)]
Fix comments which caused doxygen parse issues
Arran Cudbard-Bell [Sat, 24 May 2014 21:07:53 +0000 (22:07 +0100)]
Rest auth should just do the same checks as rlm_pap for credentials
Alan T. DeKok [Sat, 24 May 2014 19:31:24 +0000 (15:31 -0400)]
Fix for scan warning
Arran Cudbard-Bell [Sat, 24 May 2014 19:19:55 +0000 (20:19 +0100)]
Don't set SO_REUSEADDR for UDP ports
Arran Cudbard-Bell [Sat, 24 May 2014 17:50:09 +0000 (18:50 +0100)]
Formatting
Arran Cudbard-Bell [Sat, 24 May 2014 17:36:35 +0000 (18:36 +0100)]
All usage messages should go to the same place
Arran Cudbard-Bell [Sat, 24 May 2014 17:35:23 +0000 (18:35 +0100)]
Exit after reading all packets in radsniff
Arran Cudbard-Bell [Sat, 24 May 2014 16:25:36 +0000 (17:25 +0100)]
It's either a read error or a read of an invalid number of bytes
Arran Cudbard-Bell [Sat, 24 May 2014 15:59:53 +0000 (16:59 +0100)]
Check for NULL hs_type first
Alan T. DeKok [Sat, 24 May 2014 15:51:41 +0000 (11:51 -0400)]
Add coa_no_reply and glue it into the state machine
Alan T. DeKok [Sat, 24 May 2014 15:50:58 +0000 (11:50 -0400)]
DEBUG2 --> RDEBUG2 for messages
Alan T. DeKok [Sat, 24 May 2014 15:49:46 +0000 (11:49 -0400)]
Catch race condition in proxy_reply
If we've decided there's no reply, then we don't use it, even
if one comes in
Arran Cudbard-Bell [Sat, 24 May 2014 15:37:16 +0000 (16:37 +0100)]
Add check for limits.h
Arran Cudbard-Bell [Sat, 24 May 2014 15:10:58 +0000 (16:10 +0100)]
Add limits.h to libradius.h
Arran Cudbard-Bell [Sat, 24 May 2014 15:01:13 +0000 (16:01 +0100)]
Change num to int
Arran Cudbard-Bell [Sat, 24 May 2014 14:49:17 +0000 (15:49 +0100)]
Typo
Arran Cudbard-Bell [Sat, 24 May 2014 12:31:02 +0000 (13:31 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 24 May 2014 12:27:47 +0000 (13:27 +0100)]
Add xlat to print the current tag of an attribute
Arran Cudbard-Bell [Sat, 24 May 2014 12:03:56 +0000 (13:03 +0100)]
#647 only appeared after 3.0.3 and #648 is so minor it doesn't need mentioning
Arran Cudbard-Bell [Sat, 24 May 2014 11:52:17 +0000 (12:52 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 24 May 2014 11:12:49 +0000 (12:12 +0100)]
Should be signed
Arran Cudbard-Bell [Sat, 24 May 2014 11:03:58 +0000 (12:03 +0100)]
Various coverity fixes
Arran Cudbard-Bell [Sat, 24 May 2014 10:39:29 +0000 (11:39 +0100)]
Don't SEGV on parse error in unittest
Arran Cudbard-Bell [Sat, 24 May 2014 09:56:52 +0000 (10:56 +0100)]
clang analyzer issue
Arran Cudbard-Bell [Sat, 24 May 2014 09:48:23 +0000 (10:48 +0100)]
Reformatting
Arran Cudbard-Bell [Sat, 24 May 2014 09:43:35 +0000 (10:43 +0100)]
Tests for removal by tag and index
Make tag processing consistent everywhere
Make all internally created VALUE_PAIRs default to TAG_ANY so that when used as 'check'/'filter' vps they match all tagged and untagged attributes.
Arran Cudbard-Bell [Fri, 23 May 2014 22:05:51 +0000 (23:05 +0100)]
Various fixups in xlat_getvp
Arran Cudbard-Bell [Fri, 23 May 2014 22:02:36 +0000 (23:02 +0100)]
number xlat-attr-tag
Arran Cudbard-Bell [Fri, 23 May 2014 21:08:59 +0000 (22:08 +0100)]
nonnull declarations should go at the begining
Arran Cudbard-Bell [Fri, 23 May 2014 22:01:26 +0000 (23:01 +0100)]
Minor fixes in pairmake
Arran Cudbard-Bell [Fri, 23 May 2014 22:00:23 +0000 (23:00 +0100)]
Fix tag filter debug
Arran Cudbard-Bell [Fri, 23 May 2014 21:01:09 +0000 (22:01 +0100)]
Using [*] [#] [0] on fake attributes should produce the same result as on the real ones