Alan DeKok [Thu, 14 Jan 2016 19:53:27 +0000 (14:53 -0500)]
Merge pull request #1495 from mcnewton/elk30
Update elasticsearch example files
Matthew Newton [Thu, 14 Jan 2016 16:29:02 +0000 (16:29 +0000)]
Update elasticsearch example files
- update mappings to correctly set common attributes as "long" rather
than "string"
- logstash now creates useful sub-fields, as well as combining
Gigawords/Octets to a single 64-bit value.
- add example log-courier configuration
- add dashboards for Kibana3 and Kibana4
Alan DeKok [Thu, 14 Jan 2016 15:53:45 +0000 (10:53 -0500)]
Merge pull request #1494 from matsimon/debian-packaging
Fix build on wheezy
Alan T. DeKok [Thu, 14 Jan 2016 15:51:51 +0000 (10:51 -0500)]
Remove old documentation
Mathieu Simon [Thu, 14 Jan 2016 08:58:12 +0000 (09:58 +0100)]
Fix build on wheezy
ntstatus.h file is present in samba-dev, however before jessie it
was called samba4-dev. Ubuntu precise 12.04LTS is another derived
distribution release with this package name.
Alan T. DeKok [Wed, 13 Jan 2016 22:20:37 +0000 (17:20 -0500)]
Allow setting of Response-Packet-Type in Post-Proxy-Type fail
which lets you "invent" responses when the home server times out
Alan T. DeKok [Wed, 13 Jan 2016 20:31:44 +0000 (15:31 -0500)]
checks for auth_item due to issues reported on the list
Alan DeKok [Wed, 13 Jan 2016 19:59:13 +0000 (14:59 -0500)]
Merge pull request #1488 from herwinw/debian_samba_dev
Add samba-dev as build-dependency for debian
Alan DeKok [Tue, 12 Jan 2016 17:04:10 +0000 (12:04 -0500)]
Merge pull request #1492 from qnet-herwin/rlm_perl_dbg_constants
Fixed debugging constants in rlm_perl
Herwin Weststrate [Tue, 12 Jan 2016 16:58:12 +0000 (17:58 +0100)]
Fixed debugging constants in rlm_perl
This is just a workaround, the correct fix would be to push these constants to the perl script from freeradius, instead of duplicating data.
Alan T. DeKok [Tue, 12 Jan 2016 15:06:10 +0000 (10:06 -0500)]
note recent changes
Alan T. DeKok [Tue, 12 Jan 2016 14:46:49 +0000 (09:46 -0500)]
Don't use pair_make_request for fake packets
Herwin Weststrate [Thu, 7 Jan 2016 18:30:29 +0000 (19:30 +0100)]
Add samba-dev as build-dependency
Needed for "core/ntstatus.h" in rlm_mschap, in addition to libwbclient-dev.
Alan DeKok [Wed, 6 Jan 2016 21:24:41 +0000 (16:24 -0500)]
Merge pull request #1484 from herwinw/rlm_python_fixes
Rlm python fixes
Alan T. DeKok [Wed, 6 Jan 2016 21:23:52 +0000 (16:23 -0500)]
Add --silent for jlibtool
Herwin Weststrate [Thu, 17 Dec 2015 19:28:55 +0000 (20:28 +0100)]
Allow strings as operator in rlm_python
Because ('Tmp-String-0', '!*', 'ANY') is just so more readable than ('Tmp-String-0', 21, 'ANY'). Plain integers still work for backwards compatibility. As a bonus, we get rid of the OP table in radiusd.py: this module was not supposed to be included in scripts running from FreeRADIUS, but was still referenced from prepaid.py. As a bonus, we get rid of a table that was no longer in sync with the definitions in tokens.h.
Herwin Weststrate [Thu, 17 Dec 2015 19:00:25 +0000 (20:00 +0100)]
Show operator that is actually used instead of the default in rlm_python
So if we remove a certain attribute, display "!* ANY" instead of "= ANY"
Alan T. DeKok [Wed, 6 Jan 2016 20:36:11 +0000 (15:36 -0500)]
Use jlibtool when running local binaries.
It knows how to find the libraries
Herwin Weststrate [Thu, 17 Dec 2015 18:51:13 +0000 (19:51 +0100)]
Use other functions to update list after rlm_python call
Now we also support things like "!* ANY" to remove items.
Herwin Weststrate [Thu, 17 Dec 2015 18:04:07 +0000 (19:04 +0100)]
Show list name in debug messages in rlm_python
The module has the possibility to update the reply and the control list. It is nice to know what list is updated or generates errors. The name of the parameter is based on the parameter with the same use in `rlm_perl`.
Alan T. DeKok [Wed, 6 Jan 2016 14:30:33 +0000 (09:30 -0500)]
Print out Cleartext-Password if comparison fails
Alan T. DeKok [Tue, 5 Jan 2016 18:39:15 +0000 (13:39 -0500)]
alloc reply, not request packet.
This initializes all of the necessary fields
Alan T. DeKok [Tue, 5 Jan 2016 18:07:05 +0000 (13:07 -0500)]
Fix typo
Alan T. DeKok [Mon, 4 Jan 2016 20:04:06 +0000 (15:04 -0500)]
typo
Alan T. DeKok [Mon, 4 Jan 2016 20:01:25 +0000 (15:01 -0500)]
convert assert to run-time check. Fixes #1483
Alan T. DeKok [Mon, 4 Jan 2016 19:49:54 +0000 (14:49 -0500)]
note recent changes
Alan T. DeKok [Mon, 4 Jan 2016 19:47:48 +0000 (14:47 -0500)]
Produce debug warnings on spoofing or non-anonymous identities
Arran Cudbard-Bell [Sat, 2 Jan 2016 20:11:00 +0000 (15:11 -0500)]
It's 2016
Alan T. DeKok [Thu, 31 Dec 2015 15:50:05 +0000 (10:50 -0500)]
Reorganize checks for inner / outer filter.
Move regexes to [^@]+ instead of .*
If there's an outer realm, require the user portion to be
empty or begin with "anon"
Alan T. DeKok [Thu, 31 Dec 2015 06:41:56 +0000 (01:41 -0500)]
fix for accounting packets
Alan T. DeKok [Thu, 31 Dec 2015 00:53:17 +0000 (19:53 -0500)]
notes on case sensitivity
Alan T. DeKok [Thu, 31 Dec 2015 00:51:43 +0000 (19:51 -0500)]
more careful checks for realm comparisons
Alan T. DeKok [Thu, 31 Dec 2015 00:43:05 +0000 (19:43 -0500)]
Clarify error messages
Alan T. DeKok [Thu, 31 Dec 2015 00:40:35 +0000 (19:40 -0500)]
set Module-Failure-Message, not Reply-Message
Alan T. DeKok [Thu, 31 Dec 2015 00:38:05 +0000 (19:38 -0500)]
filter_username applies only if there is a User-Name
Alan T. DeKok [Thu, 31 Dec 2015 00:31:02 +0000 (19:31 -0500)]
Simplify regex.
Arran Cudbard-Bell [Wed, 30 Dec 2015 23:12:07 +0000 (18:12 -0500)]
Document section name override
Arran Cudbard-Bell [Wed, 30 Dec 2015 18:56:39 +0000 (13:56 -0500)]
consistent names for xlats
Alan T. DeKok [Wed, 30 Dec 2015 19:08:30 +0000 (14:08 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 19:05:33 +0000 (14:05 -0500)]
Simplify the code
Alan T. DeKok [Wed, 30 Dec 2015 18:47:29 +0000 (13:47 -0500)]
Ensure that the authentication vectors are always updated
Alan T. DeKok [Wed, 30 Dec 2015 18:40:47 +0000 (13:40 -0500)]
Make rad_print_hex take const
Alan T. DeKok [Wed, 30 Dec 2015 16:47:44 +0000 (11:47 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 16:44:25 +0000 (11:44 -0500)]
fixes found from additional tests in 3.1
Alan T. DeKok [Wed, 30 Dec 2015 16:43:58 +0000 (11:43 -0500)]
don't use fixed-size buffers
Alan T. DeKok [Wed, 30 Dec 2015 16:29:50 +0000 (11:29 -0500)]
turn off debugging
Alan T. DeKok [Wed, 30 Dec 2015 16:27:42 +0000 (11:27 -0500)]
Escape special characters in regex expansion. Fixes #1474
Arran Cudbard-Bell [Wed, 30 Dec 2015 06:24:42 +0000 (01:24 -0500)]
Fix potential SEGV in SQL simultaneous use check
Arran Cudbard-Bell [Wed, 30 Dec 2015 02:28:10 +0000 (21:28 -0500)]
Fix spec building under clang
Alan T. DeKok [Tue, 29 Dec 2015 21:20:46 +0000 (16:20 -0500)]
Allow fail-over logic for TCP home servers
Alan T. DeKok [Sun, 27 Dec 2015 15:21:34 +0000 (10:21 -0500)]
Remove 3.1 features
Alan T. DeKok [Sun, 27 Dec 2015 14:02:51 +0000 (09:02 -0500)]
disable filter_inner_identity by default
It *might* break some systems. Better safe than sorry
Alan T. DeKok [Sun, 27 Dec 2015 02:23:38 +0000 (21:23 -0500)]
use filter_username inside of the tunnel, too
Because spaces and multiple @'s are a bad idea.
Alan T. DeKok [Sun, 27 Dec 2015 02:22:18 +0000 (21:22 -0500)]
Add policy to check outer / inner tunnel user names
They should be compatible as per github issue #1471
Alan T. DeKok [Mon, 21 Dec 2015 14:27:17 +0000 (09:27 -0500)]
Don't smash magic values
Alan T. DeKok [Sun, 20 Dec 2015 21:30:56 +0000 (16:30 -0500)]
typo
Arran Cudbard-Bell [Sun, 20 Dec 2015 21:28:53 +0000 (16:28 -0500)]
Merge pull request #1377 from skids/virtualize_state
Mix virtual server into session-state rbtree index key
Alan T. DeKok [Sat, 19 Dec 2015 14:23:27 +0000 (09:23 -0500)]
parent instances off of instance tree
because that's where they live.
Arran Cudbard-Bell [Fri, 18 Dec 2015 18:44:14 +0000 (13:44 -0500)]
Merge pull request #1462 from mcnewton/debsystemd30
Add systemd support for Debian Jessie
Matthew Newton [Fri, 18 Dec 2015 15:47:48 +0000 (15:47 +0000)]
Add systemd support for Debian Jessie
Apparently it is moving a step forward to break convenience.
So systemd users will have to manually update the system to use
/usr/local/etc/freeradius themselves if that is where their
config is located.
Alan DeKok [Fri, 18 Dec 2015 14:31:11 +0000 (09:31 -0500)]
Merge pull request #1461 from qnet-herwin/fragment_size_comment
Updated comment about default fragment_size
Herwin Weststrate [Fri, 18 Dec 2015 14:18:16 +0000 (15:18 +0100)]
Updated comment about default fragment_size
The default is 1024, as can be seen in tls.c:
./src/main/tls.c: { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, fragment_size), "1024" }
Arran Cudbard-Bell [Thu, 17 Dec 2015 18:08:53 +0000 (13:08 -0500)]
Merge pull request #1458 from jpereira/fix/open1
print out error message if we're unable to open the file
Jorge Pereira [Thu, 17 Dec 2015 17:58:17 +0000 (15:58 -0200)]
print out error message if we're unable to open the file
Alan T. DeKok [Thu, 17 Dec 2015 14:44:04 +0000 (09:44 -0500)]
We can't xlat expand non-strings
Alan T. DeKok [Wed, 16 Dec 2015 17:21:20 +0000 (12:21 -0500)]
typos
Alan T. DeKok [Tue, 15 Dec 2015 21:50:40 +0000 (16:50 -0500)]
better fix for #1456
Alan T. DeKok [Tue, 15 Dec 2015 19:43:09 +0000 (14:43 -0500)]
note recent changes
Alan T. DeKok [Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)]
Allow password change to work again
retry MUST be zero
Alan DeKok [Tue, 15 Dec 2015 17:26:35 +0000 (12:26 -0500)]
Merge pull request #1455 from qnet-herwin/virtual_server_peap
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Tue, 15 Dec 2015 17:23:57 +0000 (12:23 -0500)]
remove duplicate triggers
This is now handled in the connection pool
Herwin Weststrate [Tue, 15 Dec 2015 17:14:08 +0000 (18:14 +0100)]
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Mon, 14 Dec 2015 20:49:52 +0000 (15:49 -0500)]
Require "virtual_server" for TTLS and PEAP
Alexis La Goutte [Tue, 15 Dec 2015 15:18:09 +0000 (16:18 +0100)]
dictionnary: fix typo on URL
Missing rfc on url...
Arran Cudbard-Bell [Tue, 15 Dec 2015 03:53:45 +0000 (22:53 -0500)]
Fix SNMP notifications import
Alan T. DeKok [Mon, 14 Dec 2015 15:34:10 +0000 (10:34 -0500)]
check undefined attributes
Arran Cudbard-Bell [Fri, 11 Dec 2015 16:32:41 +0000 (11:32 -0500)]
Pass correct struct to field counting functions
Alan T. DeKok [Fri, 11 Dec 2015 14:56:24 +0000 (09:56 -0500)]
notes for AD security
Alan T. DeKok [Fri, 11 Dec 2015 14:13:37 +0000 (09:13 -0500)]
disable tls 1.2 for OpenSSL 1.0.1f and 1.0.1g
Alan T. DeKok [Fri, 11 Dec 2015 13:45:14 +0000 (08:45 -0500)]
remove removed feature
Arran Cudbard-Bell [Fri, 11 Dec 2015 13:15:48 +0000 (08:15 -0500)]
Merge pull request #1447 from qnet-herwin/wbclient_drop_option_allow_mschapv2
Removed option winbind_allow_mschapv2 in rlm_mschap
Herwin Weststrate [Fri, 11 Dec 2015 09:05:32 +0000 (10:05 +0100)]
Removed option winbind_allow_mschapv2 in rlm_mschap
See the discussion at https://github.com/FreeRADIUS/freeradius-server/commit/
37f2f6d8e09bdebdf3031e419c00a0d3193b074a for more information
Alan T. DeKok [Thu, 10 Dec 2015 20:28:45 +0000 (15:28 -0500)]
Copy TLS cert VPs to request, even on fail.
This lets you log *why* it failed, and for who
Arran Cudbard-Bell [Thu, 10 Dec 2015 16:13:19 +0000 (11:13 -0500)]
Missing semicolon
Alan T. DeKok [Thu, 10 Dec 2015 15:39:53 +0000 (10:39 -0500)]
add a comma
Alan T. DeKok [Thu, 10 Dec 2015 15:11:21 +0000 (10:11 -0500)]
remove 3.1 syntax
Alan T. DeKok [Thu, 10 Dec 2015 14:20:00 +0000 (09:20 -0500)]
note recent changes
Alan T. DeKok [Thu, 10 Dec 2015 14:16:41 +0000 (09:16 -0500)]
Added TLS-OCSP-Cert-Valid to 3.0
Set by the TLS code. Not checked for anything.
Alan DeKok [Thu, 10 Dec 2015 14:08:53 +0000 (09:08 -0500)]
Merge pull request #1443 from qnet-herwin/WBC_MSV1_0_ALLOW_MSVCHAPV2
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
Alan DeKok [Thu, 10 Dec 2015 14:08:35 +0000 (09:08 -0500)]
Merge pull request #1444 from qnet-herwin/debian_heimdal-dev
Added heimdal-dev as alternative for libkrb5-dev
Alan T. DeKok [Thu, 10 Dec 2015 14:01:37 +0000 (09:01 -0500)]
building the initial certs requires make. Fixes #1442
Herwin Weststrate [Thu, 10 Dec 2015 11:53:37 +0000 (12:53 +0100)]
Added heimdal-dev as alternative for libkrb5-dev
The package builds fine without it. It does not have the functionality of krb5_get_error_message, but the freeradius code is already able to work around that limitation (using HAVE_KRB5_GET_ERROR_MESSAGE).
The main reason for this change is that the packages libkrb5-dev and heimdal-dev cannot both be installed on a machine, and Samba has a requirement on the heimdal-dev package. With this patch, my machine can happily compile Samba and FreeRADIUS.
Herwin Weststrate [Tue, 8 Dec 2015 11:29:42 +0000 (12:29 +0100)]
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
The functionality is the same as https://github.com/samba-team/samba/pull/45: allow authentication via winbind when the AD has a higher security level.
Alan T. DeKok [Wed, 9 Dec 2015 16:10:25 +0000 (11:10 -0500)]
More warnings for broken software
Alan T. DeKok [Tue, 8 Dec 2015 16:20:04 +0000 (11:20 -0500)]
Document disable tls 1.2 because of OpenSSL breakage
Alan T. DeKok [Tue, 8 Dec 2015 16:19:55 +0000 (11:19 -0500)]
note recent changes
Alan T. DeKok [Tue, 8 Dec 2015 14:30:35 +0000 (09:30 -0500)]
typo
Alan T. DeKok [Mon, 7 Dec 2015 19:14:15 +0000 (14:14 -0500)]
port enum changes from head, which clarify the code
Alan T. DeKok [Mon, 7 Dec 2015 19:01:36 +0000 (14:01 -0500)]
run verify only on skipped
Arran Cudbard-Bell [Mon, 7 Dec 2015 19:13:03 +0000 (14:13 -0500)]
Merge pull request #1429 from pwdng/freebsd_fix
Some error codes aren't defined on FreeBSD