Alan T. DeKok [Fri, 20 Dec 2013 22:14:25 +0000 (17:14 -0500)]
Use talloc_free
Alan T. DeKok [Fri, 20 Dec 2013 22:10:28 +0000 (17:10 -0500)]
Removed unnecessary listen block
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:55:47 +0000 (00:55 +0000)]
Fix places where tls field was used in listen.c without WITH_TLS being defined
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:43:06 +0000 (00:43 +0000)]
Try setting multiple vars for each row in the matrix
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:39:13 +0000 (00:39 +0000)]
Mark tls_required as unused if were building without tls...
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:21:34 +0000 (00:21 +0000)]
Mark nt_password parameter in do_mschap_cpw as unused if were building without openssl
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:20:12 +0000 (00:20 +0000)]
More cbuff fixes...
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:09:45 +0000 (00:09 +0000)]
Fixup formatting
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:09:37 +0000 (00:09 +0000)]
#include <sys/wait.h> if were using waitpid
Arran Cudbard-Bell [Fri, 20 Dec 2013 00:04:57 +0000 (00:04 +0000)]
Fix comments in our version of md5.c
Arran Cudbard-Bell [Thu, 19 Dec 2013 23:48:59 +0000 (23:48 +0000)]
Fix issues in cbuff when building without threads with GCC
Arran Cudbard-Bell [Thu, 19 Dec 2013 23:40:14 +0000 (23:40 +0000)]
Expand the matrix to build with and without shared libs
Arran Cudbard-Bell [Thu, 19 Dec 2013 23:33:23 +0000 (23:33 +0000)]
Create a small build matrix with optional libraries disabled
Arran Cudbard-Bell [Thu, 19 Dec 2013 23:12:50 +0000 (23:12 +0000)]
Only setup should have a semi colon after it in threads.h
Arran Cudbard-Bell [Thu, 19 Dec 2013 23:00:03 +0000 (23:00 +0000)]
Fix typos, and some slightly incorrect assumptions
The last time I saw this in the wild it was the supplicant, it's actually pretty unlikely the NAS would modify the EAP type
Arran Cudbard-Bell [Thu, 19 Dec 2013 20:17:49 +0000 (20:17 +0000)]
Various fixes to allow building without threads
Arran Cudbard-Bell [Thu, 19 Dec 2013 19:11:31 +0000 (19:11 +0000)]
We need to set LDFLAGS and CFLAGS from SMART_CFLAGS and SMART_LDFLAGS when linking the krb5_thread_safe test program (else it might pick up the wrong version of the library)
We can now remove the dependency on MIT KRB5 > 1.11.4
Arran Cudbard-Bell [Thu, 19 Dec 2013 19:16:30 +0000 (19:16 +0000)]
Add connection pool support to rlm_krb5
This allows us to remove the dependency on krb5_copy_context, and support threaded operation for more versions of MIT krb5
Alan T. DeKok [Thu, 19 Dec 2013 16:20:51 +0000 (11:20 -0500)]
More descriptive error message
Alan T. DeKok [Thu, 19 Dec 2013 14:03:32 +0000 (09:03 -0500)]
Use correct ifdef
Alan T. DeKok [Thu, 19 Dec 2013 14:02:07 +0000 (09:02 -0500)]
Failed to do this earlier
Alan T. DeKok [Thu, 19 Dec 2013 13:59:16 +0000 (08:59 -0500)]
Allow auth+acct for TCP / TLS sockets
Alan T. DeKok [Thu, 19 Dec 2013 13:30:57 +0000 (08:30 -0500)]
Automatically figure out which modules need enabling
Alan T. DeKok [Thu, 19 Dec 2013 13:28:13 +0000 (08:28 -0500)]
Remove extraneous #ifdef's
Alan T. DeKok [Thu, 19 Dec 2013 13:17:28 +0000 (08:17 -0500)]
Move "digest" to new authentication test framework
Alan T. DeKok [Thu, 19 Dec 2013 13:15:24 +0000 (08:15 -0500)]
Added Response-Packet-Type to output VPs
Alan T. DeKok [Thu, 19 Dec 2013 13:15:01 +0000 (08:15 -0500)]
Allow Packet-Type, Digest-*, etc.
Code copied from radclient
Arran Cudbard-Bell [Wed, 18 Dec 2013 14:52:38 +0000 (14:52 +0000)]
rlm_ldap_modify returns and ldap_rcode_t NOT and rlm_rcode_t. Static analysis should of caught this...
Arran Cudbard-Bell [Wed, 18 Dec 2013 12:29:01 +0000 (12:29 +0000)]
Use correct operator in eDirectory debug message
Arran Cudbard-Bell [Wed, 18 Dec 2013 11:57:37 +0000 (11:57 +0000)]
Cleanup formatting in rlm_mschap, and add some additional debug messages to make it clear what's going on with NT-Password and LM-Password
Arran Cudbard-Bell [Tue, 17 Dec 2013 18:00:58 +0000 (10:00 -0800)]
Merge pull request #493 from kokel/v3.0.x-dictionary.foundry
Update dictionary.foundry
Tobias Hachmer [Tue, 17 Dec 2013 17:57:14 +0000 (18:57 +0100)]
Update dictionary.foundry
Arran Cudbard-Bell [Tue, 17 Dec 2013 09:31:35 +0000 (09:31 +0000)]
Typo in krb5 configure script
Arran Cudbard-Bell [Tue, 17 Dec 2013 09:27:26 +0000 (09:27 +0000)]
now() must not be quoted
Arran Cudbard-Bell [Tue, 17 Dec 2013 00:50:40 +0000 (00:50 +0000)]
Update PostgreSQL schema to use text instead of VARCHAR except for the op field where it's useful to restrict size to two chars
Arran Cudbard-Bell [Mon, 16 Dec 2013 22:43:06 +0000 (22:43 +0000)]
Fix some typos in sqlite and mysql queries
Arran Cudbard-Bell [Mon, 16 Dec 2013 22:25:24 +0000 (22:25 +0000)]
Print the value of the VP, after assigning the value to it...
Arran Cudbard-Bell [Mon, 16 Dec 2013 22:11:03 +0000 (22:11 +0000)]
Clean up more code
Break entry writing out into a separate function to allow us to separate it from acquiring the FP in future...
Arran Cudbard-Bell [Mon, 16 Dec 2013 19:27:35 +0000 (19:27 +0000)]
Cleanup formatting in rlm_detail
Remove prefixes from RERROR messages, they're not needed
Arran Cudbard-Bell [Sat, 14 Dec 2013 10:47:40 +0000 (05:47 -0500)]
Add password-with-header example to the update section.
Arran Cudbard-Bell [Fri, 13 Dec 2013 23:06:51 +0000 (18:06 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 13 Dec 2013 20:16:39 +0000 (20:16 +0000)]
Ah the sound of silence...
The heimdal guys invented their own function header doc format, which is close enough to doxygen to be parsed by it, and far enough away to generate literally 100s of warning messages
Arran Cudbard-Bell [Fri, 13 Dec 2013 20:54:42 +0000 (20:54 +0000)]
Don't add 'no' to cflags when libkrb5 is not threadsafe
Arran Cudbard-Bell [Fri, 13 Dec 2013 22:47:54 +0000 (22:47 +0000)]
Should use krb5_free_error_message to free error message
Arran Cudbard-Bell [Fri, 13 Dec 2013 20:57:52 +0000 (20:57 +0000)]
Better error handling for heimdal
Apparently they don't use the comm_err API so all the messages come out as unknown...
Arran Cudbard-Bell [Fri, 13 Dec 2013 17:20:01 +0000 (17:20 +0000)]
Ignore icon.png
Arran Cudbard-Bell [Fri, 13 Dec 2013 14:28:58 +0000 (14:28 +0000)]
Disable threading for MIT libkrb5 <= 1.11.4 i.e. all currently released versions
Arran Cudbard-Bell [Thu, 12 Dec 2013 18:18:57 +0000 (10:18 -0800)]
Merge pull request #489 from spaetow/master
Adding RFC7055 (ABFAB/Moonshot RFC)
Alan T. DeKok [Thu, 12 Dec 2013 18:41:56 +0000 (13:41 -0500)]
Added VALUEs from the RFC
Alan T. DeKok [Thu, 12 Dec 2013 14:16:59 +0000 (09:16 -0500)]
Use memdup for binary data, not strdup
Alan T. DeKok [Thu, 12 Dec 2013 13:57:23 +0000 (08:57 -0500)]
Sometimes KRB5_IS_THREAD_SAFE isn't defined
Alan T. DeKok [Thu, 12 Dec 2013 13:55:09 +0000 (08:55 -0500)]
More sanity checks for connection limits
Arran Cudbard-Bell [Thu, 12 Dec 2013 12:24:28 +0000 (12:24 +0000)]
Only apply hack if rlm_krb5 was compiled thread capable
Arran Cudbard-Bell [Thu, 12 Dec 2013 12:20:50 +0000 (12:20 +0000)]
formatting
Arran Cudbard-Bell [Thu, 12 Dec 2013 12:20:15 +0000 (12:20 +0000)]
Free service principal on detach
Alan T. DeKok [Wed, 11 Dec 2013 19:06:29 +0000 (14:06 -0500)]
Note that it's OK to fall through
Alan T. DeKok [Wed, 11 Dec 2013 19:04:38 +0000 (14:04 -0500)]
Added assert
Alan T. DeKok [Wed, 11 Dec 2013 18:59:48 +0000 (13:59 -0500)]
We can only decode attributes of 256 bytes or less
Alan T. DeKok [Wed, 11 Dec 2013 18:50:54 +0000 (13:50 -0500)]
Prototype functions if they're needed
Alan T. DeKok [Wed, 11 Dec 2013 16:44:57 +0000 (11:44 -0500)]
Only munge pps fields for non-detail sockets
Alan T. DeKok [Wed, 11 Dec 2013 16:29:34 +0000 (11:29 -0500)]
If there's no children, we can just mark the request as done
Arran Cudbard-Bell [Wed, 11 Dec 2013 13:38:37 +0000 (13:38 +0000)]
Should print the result code too for eDir failures
Arran Cudbard-Bell [Wed, 11 Dec 2013 13:36:24 +0000 (13:36 +0000)]
Add some additional error definitions from the eDir docs
Arran Cudbard-Bell [Tue, 10 Dec 2013 17:37:31 +0000 (17:37 +0000)]
cache is no longer setable, so remove the config item from the default config
Arran Cudbard-Bell [Tue, 10 Dec 2013 17:10:33 +0000 (12:10 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 10 Dec 2013 17:03:20 +0000 (17:03 +0000)]
Work around bug in MIT krb5_copy_context which attempts to copy the list of tgs_kytpes and tkt_ktypes associated with a context...
Except by default the pointers to those lists are NULL (which it does not check), and so it SEGVs
Arran Cudbard-Bell [Tue, 10 Dec 2013 13:35:19 +0000 (13:35 +0000)]
Typo in MIT krb5
Arran Cudbard-Bell [Mon, 9 Dec 2013 19:30:28 +0000 (19:30 +0000)]
Remove restrictions on VSAs in sqlcounter
Tobias Hachmer [Mon, 9 Dec 2013 06:46:19 +0000 (07:46 +0100)]
Update dictionary.xylan
Arran Cudbard-Bell [Mon, 9 Dec 2013 13:42:52 +0000 (13:42 +0000)]
base_dn is no longer required
Arran Cudbard-Bell [Sat, 7 Dec 2013 22:55:49 +0000 (22:55 +0000)]
Fix conflicting names
Arran Cudbard-Bell [Sat, 7 Dec 2013 22:29:13 +0000 (22:29 +0000)]
Dictionary formatting
Arran Cudbard-Bell [Sat, 7 Dec 2013 22:28:06 +0000 (22:28 +0000)]
Additions to the Juniper dictionary
Alan T. DeKok [Fri, 6 Dec 2013 15:20:38 +0000 (10:20 -0500)]
We can proxy nodup sockets. We can't proxy synchronous
The nodup ones can come out of order, but they can't be duplicates.
The synchronous ones wait for a response before replying. Proxying
can take a long time, so we can't do synchronous there
Alan T. DeKok [Thu, 5 Dec 2013 17:34:26 +0000 (12:34 -0500)]
Use correct struct entry for pedanticism
Arran Cudbard-Bell [Thu, 5 Dec 2013 20:54:53 +0000 (12:54 -0800)]
Merge pull request #485 from kokel/freeradius.spec
Update spec file for sqlite counter files
Arran Cudbard-Bell [Thu, 5 Dec 2013 20:54:40 +0000 (12:54 -0800)]
Merge pull request #484 from kokel/openldap-schema30x
radiusProfileDn is now a multivalued attribute
Tobias Hachmer [Thu, 5 Dec 2013 20:48:38 +0000 (21:48 +0100)]
Update spec file for sqlite counter files
Tobias Hachmer [Thu, 5 Dec 2013 20:41:20 +0000 (21:41 +0100)]
radiusProfileDn is now a multivalued attribute
Arran Cudbard-Bell [Thu, 5 Dec 2013 16:15:41 +0000 (11:15 -0500)]
Formatting
Arran Cudbard-Bell [Thu, 5 Dec 2013 19:05:02 +0000 (19:05 +0000)]
Formatting
Arran Cudbard-Bell [Thu, 5 Dec 2013 11:45:12 +0000 (11:45 +0000)]
Output more verbose errors for eDirectory
Arran Cudbard-Bell [Thu, 5 Dec 2013 10:24:58 +0000 (10:24 +0000)]
Increase debug level required to show missing attribute messages in rlm_ldap
Arran Cudbard-Bell [Wed, 4 Dec 2013 22:06:16 +0000 (17:06 -0500)]
Note case insensitivity
Arran Cudbard-Bell [Wed, 4 Dec 2013 19:38:30 +0000 (19:38 +0000)]
base_dn defaults to a zero length string to allow top of tree searching like in >= 2.2.3
Arran Cudbard-Bell [Wed, 4 Dec 2013 18:52:37 +0000 (13:52 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 4 Dec 2013 18:50:30 +0000 (18:50 +0000)]
radiusProfileDn is now a multivalued attribute
Arran Cudbard-Bell [Wed, 4 Dec 2013 18:25:35 +0000 (18:25 +0000)]
Small tweak to ldap debug output
Arran Cudbard-Bell [Wed, 4 Dec 2013 17:15:34 +0000 (17:15 +0000)]
Use a single generic attribute in the RADIUS LDAP schema
Add ldiff version of the standard RADIUS LDAP schema for newer versions of OpenLDAP
Schema can be loaded with sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ./radius.ldif
Arran Cudbard-Bell [Wed, 4 Dec 2013 15:39:34 +0000 (15:39 +0000)]
Add comments field to other forms of schema
Arran Cudbard-Bell [Wed, 4 Dec 2013 15:14:55 +0000 (10:14 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 4 Dec 2013 14:54:31 +0000 (14:54 +0000)]
Use pairmove to add SQL-User-Name
Alan T. DeKok [Wed, 4 Dec 2013 14:18:17 +0000 (09:18 -0500)]
Added test for error parsing IP address
Alan T. DeKok [Wed, 4 Dec 2013 14:17:17 +0000 (09:17 -0500)]
Added flag to disallow hostname -> IP lookups.
Mainly for the tests . It's still OK (and needed) for admins
to use "client.example.com" in the configs. Requiring them to
use only IP addresses is annoying.
Arran Cudbard-Bell [Wed, 4 Dec 2013 11:49:04 +0000 (11:49 +0000)]
Add test for literal values
Only do RHS literal validation in updates and rlm_cache
Alan T. DeKok [Wed, 4 Dec 2013 02:58:41 +0000 (21:58 -0500)]
Run "radiusd -C" only if something changed
Alan T. DeKok [Wed, 4 Dec 2013 02:58:01 +0000 (21:58 -0500)]
No need to end a line with a trailing quotation mark
Alan T. DeKok [Wed, 4 Dec 2013 02:57:40 +0000 (21:57 -0500)]
Quieter output
Alan T. DeKok [Wed, 4 Dec 2013 02:50:00 +0000 (21:50 -0500)]
Building raddb is an order dependency
re-doing it changes the directory, which causes the tests to be run again
Alan T. DeKok [Wed, 4 Dec 2013 00:24:17 +0000 (19:24 -0500)]
Word smithing