Arran Cudbard-Bell [Wed, 25 Sep 2013 22:48:08 +0000 (23:48 +0100)]
Assume password src encoding is UTF8 and convert it to UCS2 before hashing with MD4
Patch by Andrei Korostelev
Closes #437
Arran Cudbard-Bell [Wed, 25 Sep 2013 21:03:23 +0000 (22:03 +0100)]
Fix some typos/issues in rlm_rest json as posted by Kevin Hester. Closes #438
Alan T. DeKok [Tue, 24 Sep 2013 15:18:03 +0000 (11:18 -0400)]
Packet data is talloc'd
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:23 +0000 (12:49 +0100)]
Add comp128 functions
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:06 +0000 (12:49 +0100)]
Cleanup EAP-SIM code
Alan T. DeKok [Mon, 23 Sep 2013 14:42:34 +0000 (10:42 -0400)]
Fix udpfromto bug on Mac OSX.
This is a NICE Mac OSX bug. Create an interface with
two IP address, and then configure one listener for
each IP address. Send thousands of packets to one
address, and some will show up on the OTHER socket.
This hack works ONLY if the clients are global. If
each listener has the same client IP, but with
different secrets, then it will fail the rad_recv()
check above, and there's nothing you can do.
Linux does the right thing.
Alan T. DeKok [Mon, 23 Sep 2013 01:52:47 +0000 (21:52 -0400)]
Clean up non-udpfromto code
So that it's simpler. We also ALWAYS use udpfromto, as we assume
the library is used for IPv4 and IPv6 interfaces, not anything else.
Alan T. DeKok [Sat, 21 Sep 2013 12:32:39 +0000 (08:32 -0400)]
check_cert_issuer in EAP-TLS broken in presence of X509v3 extensions
Patch from David Wood
Manual port of commit
ce169385f
Alan T. DeKok [Fri, 20 Sep 2013 21:14:00 +0000 (17:14 -0400)]
Mark request DONE when we start the cleanup delay
Arran Cudbard-Bell [Fri, 20 Sep 2013 19:41:36 +0000 (20:41 +0100)]
Typo
Arran Cudbard-Bell [Mon, 16 Sep 2013 17:02:17 +0000 (18:02 +0100)]
Only print EXIT info when ndef NDEBUG
Arran Cudbard-Bell [Mon, 16 Sep 2013 14:44:11 +0000 (15:44 +0100)]
Wrap _exit and exit. Prints error message, and when running under GDB, raises SIGTRAP which causes debugger to break before exit.
Alan T. DeKok [Fri, 20 Sep 2013 17:59:38 +0000 (13:59 -0400)]
proxy_listener may be NULL. Closes #434
Arran Cudbard-Bell [Fri, 20 Sep 2013 16:02:22 +0000 (17:02 +0100)]
Dig src/billing out of more places
Arran Cudbard-Bell [Fri, 20 Sep 2013 11:55:30 +0000 (12:55 +0100)]
Remove billing dir, those files don't belong there
Alan T. DeKok [Thu, 19 Sep 2013 18:10:17 +0000 (14:10 -0400)]
Don't delete the request if it's in the queue
request_done() should WAIT if the request is blocked in the queue.
It should also be callable by the child thread. i.e. if the
master says "DONE" when it's in the queue, the child thread MAY
pick it up and call request->process(). Which should just say DONE
and stop
Alan T. DeKok [Thu, 19 Sep 2013 18:09:43 +0000 (14:09 -0400)]
Print how many requests are blocked
So that the admin can see the queue grow over time
Alan T. DeKok [Thu, 19 Sep 2013 01:54:25 +0000 (21:54 -0400)]
Short-circuit "case"
Alan T. DeKok [Wed, 18 Sep 2013 14:36:52 +0000 (10:36 -0400)]
Remove complaint for DHCP
Alan T. DeKok [Wed, 18 Sep 2013 14:12:24 +0000 (10:12 -0400)]
Turn assert into talloc check.
Which should get more information on error
Arran Cudbard-Bell [Tue, 17 Sep 2013 22:03:01 +0000 (23:03 +0100)]
xlat expand profile filter
remove search for PW_USER_PROFILE and expand default profile instead. If people really want the old functionality they can just set default = "%{control:User-Profile}".
Arran Cudbard-Bell [Tue, 17 Sep 2013 12:04:30 +0000 (13:04 +0100)]
Doxygen
Arran Cudbard-Bell [Tue, 17 Sep 2013 11:23:09 +0000 (12:23 +0100)]
Make vp_prints_value_json behave the same as vp_prints_value
Arran Cudbard-Bell [Tue, 17 Sep 2013 10:02:13 +0000 (11:02 +0100)]
Fixup various functions in print.c to use common, consistent names for buffer pointers and lengths
Alan T. DeKok [Sun, 15 Sep 2013 17:18:29 +0000 (13:18 -0400)]
Make it build with GCD
Arran Cudbard-Bell [Mon, 16 Sep 2013 16:04:46 +0000 (17:04 +0100)]
Stupid doxygen
Arran Cudbard-Bell [Mon, 16 Sep 2013 15:59:20 +0000 (16:59 +0100)]
Typo
Arran Cudbard-Bell [Mon, 16 Sep 2013 15:56:14 +0000 (16:56 +0100)]
Print VP \t<name> <op> <value>\n as an atom to avoid issues when running with multiple threads
Arran Cudbard-Bell [Mon, 16 Sep 2013 10:45:41 +0000 (11:45 +0100)]
Minor typo in -h output
Arran Cudbard-Bell [Mon, 16 Sep 2013 10:34:47 +0000 (11:34 +0100)]
Should be debug2
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:57:51 +0000 (13:57 +0100)]
Cleanup formatting in rlm_replicate
Alan T. DeKok [Fri, 13 Sep 2013 12:49:32 +0000 (08:49 -0400)]
Remove extra debug
Alan T. DeKok [Fri, 13 Sep 2013 12:44:37 +0000 (08:44 -0400)]
Make max_requests_per_server work
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:32:20 +0000 (13:32 +0100)]
Replicated packet should be allocated in the request context
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:29:10 +0000 (13:29 +0100)]
Update file documentation and macro indentation in udpfromto
Alan T. DeKok [Fri, 13 Sep 2013 11:51:12 +0000 (07:51 -0400)]
Revert "Simplify ID allocation so that we don't loop over all IDs"
This reverts commit
a2ac633525c69a94ca3e1f91817a4b421f5375e6.
That commit (sadly) works only for one socket, not for multiple
ones.
Alan T. DeKok [Thu, 12 Sep 2013 15:07:57 +0000 (11:07 -0400)]
Document libldap fail-over
Arran Cudbard-Bell [Thu, 12 Sep 2013 14:47:19 +0000 (15:47 +0100)]
free -> talloc_free in rlm_replicate
Alan T. DeKok [Wed, 11 Sep 2013 12:42:34 +0000 (08:42 -0400)]
Remove extra \n
Alan T. DeKok [Wed, 11 Sep 2013 12:33:56 +0000 (08:33 -0400)]
Use slightly better algorithm for random IDs
Alan T. DeKok [Wed, 11 Sep 2013 12:33:48 +0000 (08:33 -0400)]
Removed unused debugging messages
Arran Cudbard-Bell [Wed, 11 Sep 2013 10:42:19 +0000 (06:42 -0400)]
Update radiusclients-openldap.ldif
Arran Cudbard-Bell [Wed, 11 Sep 2013 10:40:22 +0000 (06:40 -0400)]
Singular
Arran Cudbard-Bell [Tue, 10 Sep 2013 15:21:44 +0000 (16:21 +0100)]
Initialise server_ipaddr to 0
Caused undefined behaviour if an auth section wasn't specified
Arran Cudbard-Bell [Tue, 10 Sep 2013 13:50:55 +0000 (14:50 +0100)]
Use correct macros for defining IP string buffer lengths
Arran Cudbard-Bell [Tue, 10 Sep 2013 09:39:30 +0000 (10:39 +0100)]
UDP fromto should be on by default
Arran Cudbard-Bell [Tue, 10 Sep 2013 09:37:40 +0000 (10:37 +0100)]
Corectly left justify helptext in configure
Arran Cudbard-Bell [Mon, 9 Sep 2013 23:41:50 +0000 (00:41 +0100)]
Wrap ASCTIME too
Alan T. DeKok [Mon, 9 Sep 2013 14:32:05 +0000 (10:32 -0400)]
Fix typo
Alan T. DeKok [Mon, 9 Sep 2013 14:19:11 +0000 (10:19 -0400)]
Allow for and document make -Draddbdir=/tmp/garbage install
Alan T. DeKok [Mon, 9 Sep 2013 14:17:18 +0000 (10:17 -0400)]
Make modconfdir expand in Makefile, not in the shell
Arran Cudbard-Bell [Sun, 8 Sep 2013 17:02:33 +0000 (18:02 +0100)]
Don't copy cache control attributes when doing list copy. Closes #422
Alan T. DeKok [Sat, 7 Sep 2013 15:29:34 +0000 (11:29 -0400)]
Remember the highest priority. Fixes #425
Alan T. DeKok [Sat, 7 Sep 2013 15:01:04 +0000 (11:01 -0400)]
Use typedef for components instead of "int"
Alan T. DeKok [Sat, 7 Sep 2013 15:04:46 +0000 (11:04 -0400)]
Clean up debug messages for open / close brace
Alan T. DeKok [Fri, 6 Sep 2013 21:08:42 +0000 (17:08 -0400)]
Revert "Use AUTZ rules for AUTH groups. Fixes #425"
This reverts commit
d57ce27f07552367d01210ff8b9f48fa88c11ea3.
Which apparently doesn't really work. <sigh>
Arran Cudbard-Bell [Fri, 6 Sep 2013 11:12:44 +0000 (04:12 -0700)]
Merge pull request #427 from annanymous2/patch-1
Added endscript on logrotate
Alan T. DeKok [Fri, 6 Sep 2013 14:37:33 +0000 (10:37 -0400)]
Fix doxygen
Alan T. DeKok [Fri, 6 Sep 2013 14:05:57 +0000 (10:05 -0400)]
Use AUTZ rules for AUTH groups. Fixes #425
Alan T. DeKok [Fri, 6 Sep 2013 14:05:25 +0000 (10:05 -0400)]
Log the first name of the group
So we see "Auth-Type foo {...}"
instead of "group foo {...}"
Alan T. DeKok [Thu, 5 Sep 2013 15:40:26 +0000 (11:40 -0400)]
Re-enable virtual attributes for comparison. Fixes #400
Arran Cudbard-Bell [Wed, 4 Sep 2013 21:23:51 +0000 (22:23 +0100)]
Missing newline
Arran Cudbard-Bell [Wed, 4 Sep 2013 19:13:23 +0000 (20:13 +0100)]
Fix shared-libs
Alan T. DeKok [Wed, 4 Sep 2013 17:35:57 +0000 (13:35 -0400)]
In debug builds, call assertion on panic
Alan T. DeKok [Wed, 4 Sep 2013 17:33:53 +0000 (13:33 -0400)]
Be more careful about calling request_done(). Should fix #419
Alan T. DeKok [Wed, 4 Sep 2013 17:07:45 +0000 (13:07 -0400)]
Fixes for doxygen
Alan T. DeKok [Wed, 4 Sep 2013 14:41:52 +0000 (10:41 -0400)]
Use the default request if there's no "." in the reference.
update outer.reply {
User-Name := foo
}
ends up parsing "User-Name" with a default list of "outer",
BUT because "User-Name" has no ".", the old code would return
a hard-coded CURRENT
Alan T. DeKok [Wed, 4 Sep 2013 14:11:59 +0000 (10:11 -0400)]
Added %{debug_attr:...} from master
With some simplifications
Alan T. DeKok [Wed, 4 Sep 2013 13:44:36 +0000 (09:44 -0400)]
Use 'da' for DICT_ATTR*. "attribute' is for 'int'
Alan T. DeKok [Wed, 4 Sep 2013 12:33:45 +0000 (08:33 -0400)]
Skip '&' on attribute maps. Closes #423
And check return codes from request_name / list_name
Alan T. DeKok [Wed, 4 Sep 2013 12:22:28 +0000 (08:22 -0400)]
Update priority from child, too. Closes #424
Arran Cudbard-Bell [Tue, 3 Sep 2013 23:18:29 +0000 (00:18 +0100)]
Define grouptype as an enum for debugging purposes
Alan T. DeKok [Tue, 3 Sep 2013 12:45:15 +0000 (08:45 -0400)]
map may return NULL
Alan T. DeKok [Tue, 3 Sep 2013 12:00:04 +0000 (08:00 -0400)]
Do a second pass over the conditions. Fixes #421
Modules can register new attributes, so we may need to convert
literal comparisons to module comparisons.
The core can register new values for Auth-Type && friends
so we need to do a second pass to see if a failed lookup in pass1
is really a failure, or simply an early binding.
The next step is to add code to mark up late-registered paircompare
functions
Alan T. DeKok [Tue, 3 Sep 2013 01:32:48 +0000 (21:32 -0400)]
Allow for one/two-pass compilation of conditions.
If we allow two-pass compilation, certain errors are suppressed,
and the condition gets marked with a "pass2 flag"
Alan T. DeKok [Mon, 2 Sep 2013 13:30:51 +0000 (09:30 -0400)]
Added "walk" function to conditions
So that we can do post-processing
Arran Cudbard-Bell [Tue, 3 Sep 2013 11:51:48 +0000 (12:51 +0100)]
Fix ${value} expansion in backticked config pairs
Arran Cudbard-Bell [Tue, 3 Sep 2013 01:42:01 +0000 (02:42 +0100)]
Only fallback to dynamic search if no attributes exist, or we have a failure of some kind
Arran Cudbard-Bell [Tue, 3 Sep 2013 01:18:31 +0000 (02:18 +0100)]
and another logic bug in ldap group code
Arran Cudbard-Bell [Tue, 3 Sep 2013 01:08:58 +0000 (02:08 +0100)]
Limit to -1, 0, 1 in normal operation so we can use -2 for error
Arran Cudbard-Bell [Tue, 3 Sep 2013 00:36:34 +0000 (01:36 +0100)]
Not added to release branch
Arran Cudbard-Bell [Tue, 3 Sep 2013 00:35:11 +0000 (01:35 +0100)]
Fix broken group comparison logic
Arran Cudbard-Bell [Tue, 3 Sep 2013 00:06:41 +0000 (01:06 +0100)]
Print additional helpful group related debug
Arran Cudbard-Bell [Mon, 2 Sep 2013 23:52:58 +0000 (00:52 +0100)]
Talloced strings get freed with talloc...?
Arran Cudbard-Bell [Mon, 2 Sep 2013 23:36:35 +0000 (00:36 +0100)]
Typo
Arran Cudbard-Bell [Mon, 2 Sep 2013 23:32:50 +0000 (00:32 +0100)]
Don't forget the NULL byte when copying VALUE_PAIR values
Arran Cudbard-Bell [Mon, 2 Sep 2013 22:45:59 +0000 (23:45 +0100)]
Fix !* in update sections for non string attributes
Arran Cudbard-Bell [Mon, 2 Sep 2013 20:54:55 +0000 (21:54 +0100)]
Set SQL username properly
Arran Cudbard-Bell [Sun, 1 Sep 2013 15:07:18 +0000 (16:07 +0100)]
Remove incorrect entry for membership_attribute
Arran Cudbard-Bell [Sun, 1 Sep 2013 11:23:09 +0000 (12:23 +0100)]
unlang update sections support exec
Arran Cudbard-Bell [Sat, 31 Aug 2013 16:56:49 +0000 (17:56 +0100)]
Use destructors to do the cleanup for VALUE_PAIRs
Arran Cudbard-Bell [Fri, 30 Aug 2013 13:15:33 +0000 (14:15 +0100)]
Fix -Wsometimes-uninitialized
Arran Cudbard-Bell [Fri, 30 Aug 2013 13:14:20 +0000 (14:14 +0100)]
Record whether the server was built with NDEBUG in features.h
Arran Cudbard-Bell [Wed, 28 Aug 2013 13:38:32 +0000 (14:38 +0100)]
Sprinkle VERIFY_VP throughout the encoder
Arran Cudbard-Bell [Tue, 27 Aug 2013 16:43:19 +0000 (17:43 +0100)]
Correct typo. We should use foreach_depth as the request data index not stack depth.
Various whitespace fixes
Alan T. DeKok [Mon, 26 Aug 2013 12:25:40 +0000 (08:25 -0400)]
Correct logic for "elsif"
Alan T. DeKok [Mon, 26 Aug 2013 12:16:46 +0000 (08:16 -0400)]
Clean up debug / info messages
Alan T. DeKok [Mon, 26 Aug 2013 12:01:54 +0000 (08:01 -0400)]
Initialize "found"
Alan T. DeKok [Sun, 25 Aug 2013 14:34:27 +0000 (10:34 -0400)]
Fix typo in debug message
Alan T. DeKok [Sat, 24 Aug 2013 14:23:01 +0000 (10:23 -0400)]
Fix placement of parse error in condition