Kevin Wasserman [Wed, 16 Jul 2014 18:00:59 +0000 (14:00 -0400)]
Make tls-psk-identity available during request processing
Retrieve from SSL and add to request vps immediately prior to packet decode.
Kevin Wasserman [Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)]
Reject on any channel bindings attribute mismatch
Sam Hartman [Thu, 10 Jul 2014 14:58:53 +0000 (10:58 -0400)]
tr_integ: set home server response window
Sam Hartman [Thu, 10 Jul 2014 14:13:17 +0000 (10:13 -0400)]
Clean up changes no longer needed.
we had several hunks left over from merges with upstream that are no longer needed.
Clean up the upstream diff.
Sam Hartman [Thu, 10 Jul 2014 13:42:18 +0000 (09:42 -0400)]
fr_inaddr_mask fix 0 prefix
Don't depend on the behavior of shifting by 32-bits on a 32-bit type.
Sam Hartman [Thu, 10 Jul 2014 11:41:09 +0000 (07:41 -0400)]
find_client: min prefix of 0 needs to work
Use signed loop counter to permit 0-1 to be <= min_prefix
Sam Hartman [Wed, 9 Jul 2014 11:28:07 +0000 (07:28 -0400)]
Allow null parent in add_home_server
When dynamically adding a home server it is likely that no config
section will be available thus no parent section.
Kevin Wasserman [Wed, 2 Jul 2014 11:56:39 +0000 (07:56 -0400)]
Channel bindings fixes
-fix size calculation
-skip unwanted attrs when copying
-add safety check to copy code in case size is wrong
-add cast to get correct result from talloc_array_length()
Kevin Wasserman [Mon, 30 Jun 2014 15:41:32 +0000 (11:41 -0400)]
Don't call free on talloc'ed channel bindings packet
Kevin Wasserman [Sat, 28 Jun 2014 09:46:38 +0000 (05:46 -0400)]
realms_pools_add -> realm_pool_add
Kevin Wasserman [Sat, 28 Jun 2014 09:22:25 +0000 (05:22 -0400)]
Fix cursor initialization bugs in eap_chbind_vp2packet
Kevin Wasserman [Thu, 26 Jun 2014 17:44:58 +0000 (13:44 -0400)]
eliminate unneeded debug spew
Kevin Wasserman [Thu, 26 Jun 2014 17:41:00 +0000 (13:41 -0400)]
more whitespace
Kevin Wasserman [Thu, 26 Jun 2014 17:39:28 +0000 (13:39 -0400)]
whitespace cleanup
Kevin Wasserman [Thu, 26 Jun 2014 17:37:08 +0000 (13:37 -0400)]
eliminate eap_chbind_packet_t
Kevin Wasserman [Thu, 26 Jun 2014 17:24:24 +0000 (13:24 -0400)]
eliminate bogus whitespace diff
Kevin Wasserman [Thu, 26 Jun 2014 17:20:21 +0000 (13:20 -0400)]
Remove redundant call to set_psk_client_callback()
Kevin Wasserman [Thu, 26 Jun 2014 17:07:59 +0000 (13:07 -0400)]
Remove duplicate chbind functions now located in eap_chbind.*
Kevin Wasserman [Thu, 26 Jun 2014 17:06:19 +0000 (13:06 -0400)]
Merge remote-tracking branch 'freeradius/v3.0.x' into tr-upgrade
Conflicts:
src/include/realms.h
src/main/realms.c
src/main/tls.c
src/modules/rlm_eap/libeap/eap_chbind.c
src/modules/rlm_eap/libeap/eap_chbind.h
src/modules/rlm_eap/radeapclient.c
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
Alan T. DeKok [Thu, 26 Jun 2014 12:33:32 +0000 (08:33 -0400)]
Set a timer for marking a home server dead. Closes #712
Alan T. DeKok [Thu, 26 Jun 2014 12:20:15 +0000 (08:20 -0400)]
Note recent changes
Alan T. DeKok [Thu, 26 Jun 2014 12:17:30 +0000 (08:17 -0400)]
Pass2 for attributes in existence checks
if (&foo-LDAP-Group) {
...
}
Arran Cudbard-Bell [Thu, 26 Jun 2014 11:00:57 +0000 (12:00 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Thu, 26 Jun 2014 10:59:00 +0000 (11:59 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Thu, 26 Jun 2014 10:55:53 +0000 (11:55 +0100)]
Remove redundant includes of netinet/in.h
Arran Cudbard-Bell [Thu, 26 Jun 2014 10:55:40 +0000 (11:55 +0100)]
Set errno appropriately if we're building without IPv6 support and an IPv6 socket is requested
Arran Cudbard-Bell [Thu, 26 Jun 2014 10:55:12 +0000 (11:55 +0100)]
Define __APPLE_USER_RFC_2292 so the IPv6 socket options are exposed on OSX
Herwin Weststrate [Thu, 26 Jun 2014 09:59:13 +0000 (11:59 +0200)]
Updated some required packages for Debian build
With newer version of Debian (Jessie) or Ubuntu (Trusty), the packages
libjson0{,-dev} are transitional packages. Prefer their replacements if
they're available.
Arran Cudbard-Bell [Thu, 26 Jun 2014 08:17:11 +0000 (09:17 +0100)]
Use sizeof
Arran Cudbard-Bell [Thu, 26 Jun 2014 00:24:19 +0000 (01:24 +0100)]
Check return code of write
Arran Cudbard-Bell [Wed, 25 Jun 2014 23:03:38 +0000 (00:03 +0100)]
Use _fr_fault_log by default
Arran Cudbard-Bell [Wed, 25 Jun 2014 22:29:45 +0000 (23:29 +0100)]
Only register fr_fault signal handlers if we're not running under a debugger
Alan T. DeKok [Wed, 25 Jun 2014 21:20:19 +0000 (17:20 -0400)]
Allow delayed references to attributes. Helps with #711
The short answer for the issue is to use attribute references.
if (&ldap-psec-Ldap-Group == "Professors") {
...
}
however, using "&" would result in an error. This commit allows
the "&", which will make the check work.
Alan T. DeKok [Wed, 25 Jun 2014 20:30:51 +0000 (16:30 -0400)]
Just print out what we have for debugging.
Alan T. DeKok [Wed, 25 Jun 2014 20:04:54 +0000 (16:04 -0400)]
The variable name is "max_response_timeouts"
Arran Cudbard-Bell [Wed, 25 Jun 2014 20:28:33 +0000 (21:28 +0100)]
Only register signal handlers if we have a PANIC_ACTION set
Arran Cudbard-Bell [Wed, 25 Jun 2014 19:47:32 +0000 (20:47 +0100)]
CID #1223702
Herwin Weststrate [Wed, 25 Jun 2014 18:56:37 +0000 (20:56 +0200)]
Updated return type of process_reply to rlm_rcode_t
Minor code cleanup.
Alan T. DeKok [Wed, 25 Jun 2014 16:43:11 +0000 (12:43 -0400)]
Add secret "dynamic" flag to realms
Which adds mutexes to the RBtree for home server add and lookup.
i.e. the mutexes are likely to be contended, and therefore
slower
Arran Cudbard-Bell [Wed, 25 Jun 2014 16:42:36 +0000 (17:42 +0100)]
Use newSVpvn so we don't SEGV on zero length values in rlm_perl
Arran Cudbard-Bell [Wed, 25 Jun 2014 16:39:42 +0000 (17:39 +0100)]
Add fr_abin2hex
Alan T. DeKok [Wed, 25 Jun 2014 16:18:50 +0000 (12:18 -0400)]
Exposed realm_realm_add()
For future work
Alan T. DeKok [Wed, 25 Jun 2014 16:13:05 +0000 (12:13 -0400)]
Exposed realm_pool_add()
For future work
Alan T. DeKok [Wed, 25 Jun 2014 16:07:07 +0000 (12:07 -0400)]
Exposed realm_home_server_add()
For future work
Alan T. DeKok [Wed, 25 Jun 2014 15:38:16 +0000 (11:38 -0400)]
Print out limits when opening/closing proxy sockets.
Should help debug issue #680
Arran Cudbard-Bell [Wed, 25 Jun 2014 14:28:48 +0000 (15:28 +0100)]
Similar += fixes for other modules
Alan Buxey [Tue, 24 Jun 2014 22:28:59 +0000 (23:28 +0100)]
remove the bootstrap from this VS
its commented out and NOT in eap.conf
Alan Buxey [Tue, 24 Jun 2014 22:35:31 +0000 (23:35 +0100)]
server should be ready on IPv6 by default
FR should be ready for IPv6 out of the box. auth/acct done.
Philippe Wooding [Wed, 25 Jun 2014 13:46:51 +0000 (15:46 +0200)]
Some shells don't support the '+=' concatenation operator.
Arran Cudbard-Bell [Wed, 25 Jun 2014 14:18:56 +0000 (15:18 +0100)]
Merge pull request #709 from qnet-herwin/perl_fixes_707
Fixed some segfaults in rlm_perl
Herwin Weststrate [Wed, 25 Jun 2014 14:05:49 +0000 (16:05 +0200)]
Fixed some segfaults in rlm_perl
This should fix the changes of #707
Arran Cudbard-Bell [Wed, 25 Jun 2014 13:06:52 +0000 (14:06 +0100)]
We don't actually copy...
Arran Cudbard-Bell [Wed, 25 Jun 2014 13:04:11 +0000 (14:04 +0100)]
Do something sane for converting FreeRADIUS values to Kamelschewine. Fixes #707
Apparently Spracheschewine means porcupine
Arran Cudbard-Bell [Wed, 25 Jun 2014 12:59:55 +0000 (13:59 +0100)]
Add fr_cursor_next_peek
Arran Cudbard-Bell [Wed, 25 Jun 2014 12:59:44 +0000 (13:59 +0100)]
Formatting
Arran Cudbard-Bell [Wed, 25 Jun 2014 11:52:33 +0000 (12:52 +0100)]
Populate DHCP-Paramter-Request-List values dynamically
Arran Cudbard-Bell [Wed, 25 Jun 2014 11:06:44 +0000 (12:06 +0100)]
Remove param documentation from all connection callbacks
Alan T. DeKok [Wed, 25 Jun 2014 11:03:18 +0000 (07:03 -0400)]
Doxygen is stupid, so delete doxygen comments.
It keeps complaining that "ctx" isn't documented. Fine. Go away.
Arran Cudbard-Bell [Wed, 25 Jun 2014 10:56:51 +0000 (11:56 +0100)]
Fix spurious soft asserts Fixes #706
Alan T. DeKok [Tue, 24 Jun 2014 23:29:44 +0000 (19:29 -0400)]
Use NULL for talloc ctx in EAP
It's safer
Alan T. DeKok [Tue, 24 Jun 2014 21:22:37 +0000 (17:22 -0400)]
Add in rad_virtual_server() which is now required for libeap
Arran Cudbard-Bell [Fri, 13 Jun 2014 10:12:04 +0000 (11:12 +0100)]
Add support for Vendor Specific Suboptions (RFC 4243)
Add support for array type suboptions
Allow terminating suboption and padding suboption
Add dictionary attributes for a many more DHCP RFCs
Alan T. DeKok [Tue, 24 Jun 2014 18:42:55 +0000 (14:42 -0400)]
Glue channel bindings into the TTLS code
Alan T. DeKok [Tue, 24 Jun 2014 18:42:30 +0000 (14:42 -0400)]
Channel binding encode/decoder and process functions
Alan T. DeKok [Tue, 24 Jun 2014 18:42:10 +0000 (14:42 -0400)]
Attributes and definitions fo channel bindings
Alan T. DeKok [Tue, 24 Jun 2014 18:06:36 +0000 (14:06 -0400)]
Move debug messages into rad_virtual_server
To remove duplication
Arran Cudbard-Bell [Tue, 24 Jun 2014 17:07:12 +0000 (18:07 +0100)]
Move exit functions to debug.c
Arran Cudbard-Bell [Tue, 24 Jun 2014 16:32:01 +0000 (17:32 +0100)]
Merge pull request #700 from mcnewton/rlm_files
make "this file is processed in order" more clear...
Arran Cudbard-Bell [Wed, 8 Jan 2014 18:25:00 +0000 (18:25 +0000)]
Fix build when building on OSX, using non standard libssl, and a non standard version of clang/gcc (or a < OSX 10.9 version of clang/gcc)
Arran Cudbard-Bell [Tue, 24 Jun 2014 14:52:44 +0000 (15:52 +0100)]
Extra include dirs should be specified with -isystem
Matthew Newton [Tue, 24 Jun 2014 10:06:47 +0000 (11:06 +0100)]
make "this file is processed in order" more clear...
Alan T. DeKok [Tue, 24 Jun 2014 13:20:25 +0000 (09:20 -0400)]
talloc_steal the packet after reading it
Arran Cudbard-Bell [Tue, 24 Jun 2014 12:18:27 +0000 (13:18 +0100)]
newvector should be a bool
Alan T. DeKok [Tue, 24 Jun 2014 12:54:48 +0000 (08:54 -0400)]
Ensure packet is parented correctly
Arran Cudbard-Bell [Tue, 24 Jun 2014 11:57:12 +0000 (12:57 +0100)]
Print which packet in the request failed validation
Arran Cudbard-Bell [Tue, 24 Jun 2014 10:11:55 +0000 (11:11 +0100)]
Minor connection API fixes
Arran Cudbard-Bell [Tue, 24 Jun 2014 09:15:03 +0000 (10:15 +0100)]
Print out TAG_ANY attributes correctly
When attributes are inserted into the lists they should have their tag set to TAG_NONE if their tag was previously TAG_ANY
Arran Cudbard-Bell [Mon, 23 Jun 2014 21:14:06 +0000 (22:14 +0100)]
Simpler VERIFY_REQUEST macro in process.c
Alan T. DeKok [Mon, 23 Jun 2014 21:02:29 +0000 (17:02 -0400)]
Thread-safe VERIFY_REQUEST
Arran Cudbard-Bell [Mon, 23 Jun 2014 20:31:17 +0000 (21:31 +0100)]
Increase cbuff size
Alan T. DeKok [Mon, 23 Jun 2014 20:11:44 +0000 (16:11 -0400)]
Allow for dynamically expanded PSK.
When a client connects to a server, the server can now dynamically
determine which PSK to use for that client.
Arran Cudbard-Bell [Mon, 23 Jun 2014 19:34:53 +0000 (20:34 +0100)]
Typo
Arran Cudbard-Bell [Mon, 23 Jun 2014 18:21:26 +0000 (19:21 +0100)]
Multiple fixes for circular buffer based backtraces
Arran Cudbard-Bell [Mon, 23 Jun 2014 18:21:12 +0000 (19:21 +0100)]
Formatting
Arran Cudbard-Bell [Mon, 23 Jun 2014 15:50:42 +0000 (16:50 +0100)]
Other obviously bad, allocations
Arran Cudbard-Bell [Mon, 23 Jun 2014 15:17:42 +0000 (16:17 +0100)]
Remove fr_connection_delete
Arran Cudbard-Bell [Mon, 23 Jun 2014 13:54:13 +0000 (14:54 +0100)]
Pass a threadsafe ctx into fr_connection_pool create callback
Create callbacks should allocate any connection specific data in this specially created thread safe ctx.
For freeing connection specific data, a talloc destructor should be used. The delete callback will be
removed shortly.
Arran Cudbard-Bell [Mon, 23 Jun 2014 12:27:30 +0000 (13:27 +0100)]
Rename mod_socket_create/delete to mod_conn_create/delete
Arran Cudbard-Bell [Mon, 23 Jun 2014 12:01:01 +0000 (13:01 +0100)]
Minor formatting in rlm_couchbase
Arran Cudbard-Bell [Sat, 21 Jun 2014 15:26:01 +0000 (17:26 +0200)]
Same fix for eap session and handler trees
Arran Cudbard-Bell [Sat, 21 Jun 2014 15:21:44 +0000 (17:21 +0200)]
Don't parent the rlm_cache rbtree directly from inst
Arran Cudbard-Bell [Fri, 20 Jun 2014 21:18:51 +0000 (22:18 +0100)]
Alloc connections pools in the NULL ctx
Arran Cudbard-Bell [Fri, 20 Jun 2014 19:17:05 +0000 (20:17 +0100)]
Rbtree shouldn't be allocated from inst
Arran Cudbard-Bell [Fri, 20 Jun 2014 19:12:55 +0000 (20:12 +0100)]
Alloc handlers from the NULL context
Arran Cudbard-Bell [Fri, 20 Jun 2014 19:07:15 +0000 (20:07 +0100)]
Disable NULL context tracking
Arran Cudbard-Bell [Fri, 20 Jun 2014 18:54:20 +0000 (19:54 +0100)]
Don't use prefix variable (used by AC)
Arran Cudbard-Bell [Fri, 20 Jun 2014 18:33:38 +0000 (19:33 +0100)]
Add support for searching in 'prefix' dirs for headers
Arran Cudbard-Bell [Fri, 20 Jun 2014 16:50:40 +0000 (12:50 -0400)]
Merge pull request #696 from leprechau/v3.0.x
multiple fixes and minor additions
Aaron Hurt [Fri, 20 Jun 2014 16:24:14 +0000 (11:24 -0500)]
multiple fixes and minor additions
* fixed json-c header inclusion for new upstream install location
* fixed server string building
* added json-c library to version checking
Arran Cudbard-Bell [Fri, 20 Jun 2014 15:53:44 +0000 (16:53 +0100)]
Cleanup IKEv2 code so it builds again