Alan T. DeKok [Fri, 17 Apr 2015 13:08:41 +0000 (09:08 -0400)]
Fix typo
Arran Cudbard-Bell [Fri, 17 Apr 2015 10:20:18 +0000 (11:20 +0100)]
Optionally enable/disable filename escaping in rlm_linelog
Arran Cudbard-Bell [Fri, 17 Apr 2015 09:55:10 +0000 (10:55 +0100)]
Whilst '.' is fine in filenames allowing ../ may introduce security issues
Arran Cudbard-Bell [Thu, 16 Apr 2015 11:21:56 +0000 (12:21 +0100)]
Slightly better name for cond_normalise_values
Arran Cudbard-Bell [Wed, 15 Apr 2015 19:22:02 +0000 (20:22 +0100)]
Add docs for unlang concat
Arran Cudbard-Bell [Wed, 15 Apr 2015 19:15:40 +0000 (20:15 +0100)]
There were plans to allow [#] references, but it turned out to be a bad idea...
Arran Cudbard-Bell [Wed, 15 Apr 2015 15:52:50 +0000 (16:52 +0100)]
Add test for multivalue regex matches
Alan T. DeKok [Wed, 15 Apr 2015 14:47:31 +0000 (10:47 -0400)]
Empty strings are NULL, not ""
Because the old API returns "", not NULL. We have to go fix
that, too
Alan T. DeKok [Wed, 15 Apr 2015 14:05:58 +0000 (10:05 -0400)]
Fix names for now
Herwin Weststrate [Wed, 15 Apr 2015 12:23:30 +0000 (14:23 +0200)]
Added `debug_session_state` to debug policy
Alan T. DeKok [Wed, 15 Apr 2015 12:32:50 +0000 (08:32 -0400)]
Allow for prefix to IP comparisons.
Update code, unify type check code, and add test cases
Arran Cudbard-Bell [Wed, 15 Apr 2015 01:36:33 +0000 (21:36 -0400)]
Print what type of tmpl/attr dhcp_options got, as well as what it needs
Arran Cudbard-Bell [Wed, 15 Apr 2015 01:21:05 +0000 (21:21 -0400)]
Some vendors split their DHCP options across multiple attributes, so allow dhcp_options to use multivalue attribute references
Arran Cudbard-Bell [Tue, 14 Apr 2015 17:13:53 +0000 (13:13 -0400)]
Add additional validation to rlm_cache
We never checked what list or request was set on the LHS, and there were asserts in the code to catch unsupported lists...
Arran Cudbard-Bell [Tue, 14 Apr 2015 04:05:23 +0000 (00:05 -0400)]
Add support for caching session-state
So when we do session resumption, the session-state can be pulled from the session-cache
Arran Cudbard-Bell [Mon, 13 Apr 2015 22:11:50 +0000 (18:11 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 13 Apr 2015 22:03:31 +0000 (18:03 -0400)]
Check for libpthread, we need to pass -lpthread to the compiler if it's a separate library, before doing the memcached checks
Arran Cudbard-Bell [Mon, 13 Apr 2015 21:13:02 +0000 (17:13 -0400)]
Need to set vp_length when deserializing cache entires
Alan T. DeKok [Mon, 13 Apr 2015 19:30:48 +0000 (15:30 -0400)]
note recent changes
Alan T. DeKok [Mon, 13 Apr 2015 17:56:16 +0000 (13:56 -0400)]
CHAP-Password isn't NUL terminated
Alan T. DeKok [Mon, 13 Apr 2015 16:44:54 +0000 (12:44 -0400)]
Expand buffer to max string size
Alan T. DeKok [Mon, 13 Apr 2015 16:04:12 +0000 (12:04 -0400)]
Remove unused variables
Alan T. DeKok [Mon, 13 Apr 2015 15:26:24 +0000 (11:26 -0400)]
Delete old MS-CHAP stuff before creating new ones
Alan T. DeKok [Mon, 13 Apr 2015 15:17:59 +0000 (11:17 -0400)]
Properly re-encode CHAP-Password. Fixes #955
Herwin Weststrate [Mon, 13 Apr 2015 11:33:02 +0000 (13:33 +0200)]
Include radeapclient in debian packages
Arran Cudbard-Bell [Mon, 13 Apr 2015 03:32:11 +0000 (23:32 -0400)]
Formatting
Arran Cudbard-Bell [Mon, 13 Apr 2015 03:13:12 +0000 (23:13 -0400)]
Add documentation missing in rlm_rest
Arran Cudbard-Bell [Sun, 12 Apr 2015 17:41:54 +0000 (13:41 -0400)]
Increment the tries counter when attempting to acquire a lock fixes CID 1293622
Also we should check how many times we've attempted to lock *before* attempting to lock the file descriptor again
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:52:18 +0000 (13:52 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:22:10 +0000 (13:22 -0400)]
Check we have all the functions needed for ldap_create_sort_control
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:13:46 +0000 (13:13 -0400)]
Copyright updates and formatting in rlm_ldap
Arran Cudbard-Bell [Sat, 11 Apr 2015 05:06:25 +0000 (01:06 -0400)]
Add support for specifying server side sort controls
Arran Cudbard-Bell [Sat, 11 Apr 2015 04:49:14 +0000 (00:49 -0400)]
Formatting
Alan T. DeKok [Sat, 11 Apr 2015 12:31:06 +0000 (08:31 -0400)]
Fixup list name. Fixes #952
Arran Cudbard-Bell [Fri, 10 Apr 2015 21:51:58 +0000 (17:51 -0400)]
Notes on DN vs Filter escaping
Arran Cudbard-Bell [Fri, 10 Apr 2015 20:22:16 +0000 (16:22 -0400)]
Disable __DATE__ __TIME__ warning
Alan T. DeKok [Fri, 10 Apr 2015 17:31:35 +0000 (13:31 -0400)]
Cast auto-converted only if the RHS is hex
Alan T. DeKok [Fri, 10 Apr 2015 17:04:30 +0000 (13:04 -0400)]
Sessions may not exist. Address #924 for MySQL
We still need to audit / do something similar for the other DBs
Alan T. DeKok [Fri, 10 Apr 2015 17:02:56 +0000 (13:02 -0400)]
Cast auto-converted attrs to the correct type
Alan T. DeKok [Fri, 10 Apr 2015 15:53:09 +0000 (11:53 -0400)]
Encode WiMAX test
Alan T. DeKok [Fri, 10 Apr 2015 15:48:38 +0000 (11:48 -0400)]
Tests for strings vs explicit casts
Alan T. DeKok [Fri, 10 Apr 2015 14:46:14 +0000 (10:46 -0400)]
Mark up auto-converted templates.
Attr-26.9.1 --> Cisco-AVPair.
It's useful to know when this happens, so we can do a better job
of parsing the RHS of these kinds of expressions
Alan T. DeKok [Fri, 10 Apr 2015 14:44:58 +0000 (10:44 -0400)]
Remove redundant assignment
The type defaults to ATTR
Alan T. DeKok [Fri, 10 Apr 2015 13:12:27 +0000 (09:12 -0400)]
Print with quote from template, not hard-coded quote
Arran Cudbard-Bell [Fri, 10 Apr 2015 05:21:29 +0000 (01:21 -0400)]
Change tmpl_cast_in_place so it'll work with TMPL_TYPE_DATA
This can't break anything, as it's a superset of previous types (and there was an assert to ensure tmpl_cast_in_place was only called with a literal)
Arran Cudbard-Bell [Fri, 10 Apr 2015 05:16:32 +0000 (01:16 -0400)]
Formatting
Arran Cudbard-Bell [Fri, 10 Apr 2015 04:39:10 +0000 (00:39 -0400)]
Can't define an unknown attribute with TMPL_TYPE_DATA...
Arran Cudbard-Bell [Fri, 10 Apr 2015 03:52:34 +0000 (23:52 -0400)]
Fixup docs for tmpl_afrom_attr_substr
Arran Cudbard-Bell [Fri, 10 Apr 2015 00:50:31 +0000 (20:50 -0400)]
Need to set new rhs->name len
Arran Cudbard-Bell [Fri, 10 Apr 2015 00:50:13 +0000 (20:50 -0400)]
Use the same reverse goto on error as everywhere else...
Alan T. DeKok [Fri, 10 Apr 2015 01:00:14 +0000 (21:00 -0400)]
Call map_cast_from_hex only for unknown attrs. Addresses #952
Alan T. DeKok [Fri, 10 Apr 2015 00:01:19 +0000 (20:01 -0400)]
whitespace
Alan T. DeKok [Fri, 10 Apr 2015 00:00:26 +0000 (20:00 -0400)]
Fail if there's no Cleartext-Password
Arran Cudbard-Bell [Thu, 9 Apr 2015 23:05:31 +0000 (19:05 -0400)]
Fix for gcc
Arran Cudbard-Bell [Thu, 9 Apr 2015 22:54:33 +0000 (18:54 -0400)]
bstrndup and bstrncpy are probably better names
Arran Cudbard-Bell [Thu, 9 Apr 2015 22:15:10 +0000 (18:15 -0400)]
TALLOC_CTX not always available
Arran Cudbard-Bell [Thu, 9 Apr 2015 21:24:11 +0000 (17:24 -0400)]
Fixup a bunch of bad calls to talloc_memdup
The bulk of these either copied len + 1 (which is wrong, as we can't guarantee the next byte is \0 or is a valid address) or were used in places, where the duped buffer may have been expected to be \0 terminated.
Alan T. DeKok [Thu, 9 Apr 2015 14:41:31 +0000 (10:41 -0400)]
Fix for last few commits
The TLS attrs are strings, so we don't need VALUEs
Alan T. DeKok [Thu, 9 Apr 2015 14:24:18 +0000 (10:24 -0400)]
Define named value. We probably want to define more later..
Alan T. DeKok [Thu, 9 Apr 2015 14:22:48 +0000 (10:22 -0400)]
Mash name spaces to dashes, too
Alan T. DeKok [Thu, 9 Apr 2015 14:20:30 +0000 (10:20 -0400)]
Fix error message
Alan T. DeKok [Thu, 9 Apr 2015 13:59:48 +0000 (09:59 -0400)]
Remove extraneous "+ 16"
Alan T. DeKok [Wed, 8 Apr 2015 16:23:50 +0000 (12:23 -0400)]
make client certs available for TLS application data packets
i.e. PEAP and TTLS. But only when there's a client certificate,
AND EAP-TLS-Require-Client-Certificate = 1
Alan T. DeKok [Wed, 8 Apr 2015 15:47:25 +0000 (11:47 -0400)]
Note TLS issues
Alan T. DeKok [Wed, 8 Apr 2015 15:44:22 +0000 (11:44 -0400)]
On TLS success, add the certs to the request
So that they can be used in post-auth processing.
Alan T. DeKok [Wed, 8 Apr 2015 15:43:48 +0000 (11:43 -0400)]
The cert attributes are NOT added to the request.
They're added to the TLS session data. Don't confuse the user.
Arran Cudbard-Bell [Wed, 8 Apr 2015 15:29:49 +0000 (11:29 -0400)]
Apparently older versions of doxygen don't appreciate attributes before the function definition
Arran Cudbard-Bell [Wed, 8 Apr 2015 15:13:24 +0000 (11:13 -0400)]
Doxygen fixups
Arran Cudbard-Bell [Wed, 8 Apr 2015 00:46:12 +0000 (20:46 -0400)]
Typo in comment
Arran Cudbard-Bell [Tue, 7 Apr 2015 00:49:33 +0000 (20:49 -0400)]
Escape log filenames correctly in vradlog_request
Arran Cudbard-Bell [Mon, 6 Apr 2015 18:23:52 +0000 (14:23 -0400)]
Doxygen
Arran Cudbard-Bell [Mon, 6 Apr 2015 16:36:41 +0000 (12:36 -0400)]
Install doxygen
Alan T. DeKok [Sun, 5 Apr 2015 13:58:23 +0000 (09:58 -0400)]
note recent changes
Alan T. DeKok [Sun, 5 Apr 2015 13:56:44 +0000 (09:56 -0400)]
Better name for variable
Alan T. DeKok [Sat, 4 Apr 2015 21:57:53 +0000 (17:57 -0400)]
Fix for redundant-load-balance. Closes #945
In normal operations, modcall_child / modcall_recurse processes
the current node, and all of its children. For redundant-load-balance,
we want to loop BACK from the end of the list to the start, AND
stop when we reach the first one we found again.
This means we have to tell the functions "process ONE node only",
and do all "next" operations ourselves.
Alan T. DeKok [Sat, 4 Apr 2015 20:38:54 +0000 (16:38 -0400)]
Remove redundant open brace
Alan T. DeKok [Sat, 4 Apr 2015 20:34:26 +0000 (16:34 -0400)]
Revert "Loop over COUNT entries. Maybe addresses #945"
Nope.
This reverts commit
e774cb6ff53032a632957e57c06a5939bb26e5f5.
Alan T. DeKok [Fri, 3 Apr 2015 00:36:50 +0000 (20:36 -0400)]
More checks on identity
Alan T. DeKok [Fri, 3 Apr 2015 00:32:03 +0000 (20:32 -0400)]
Limit identity length
Alan T. DeKok [Thu, 2 Apr 2015 23:40:56 +0000 (19:40 -0400)]
Allow EAP-MSCHAPv2 to have configurable server identity. Fixes #932.
We don't allow this to be dynamically expanded. It's just easier.
Alan T. DeKok [Wed, 1 Apr 2015 17:49:22 +0000 (13:49 -0400)]
added VALUEs
Alan T. DeKok [Wed, 1 Apr 2015 17:34:19 +0000 (13:34 -0400)]
Added from RFC which has numbers assigned
Alan T. DeKok [Wed, 1 Apr 2015 16:08:30 +0000 (12:08 -0400)]
Warning for old config
Alan T. DeKok [Wed, 1 Apr 2015 15:13:56 +0000 (11:13 -0400)]
Fix cppcheck complaint
Alan T. DeKok [Wed, 1 Apr 2015 14:36:50 +0000 (10:36 -0400)]
Update proxy docs for TLS
Alan T. DeKok [Wed, 1 Apr 2015 14:32:45 +0000 (10:32 -0400)]
Remove bad free
Alan T. DeKok [Wed, 1 Apr 2015 12:57:15 +0000 (08:57 -0400)]
Loop over COUNT entries. Maybe addresses #945
Alan T. DeKok [Wed, 1 Apr 2015 12:30:04 +0000 (08:30 -0400)]
Revert "Unlock file while waiting for the DB"
This reverts commit
a91017d3c391093493757cd4651a455770c4c8c1.
it's better for the server to do this in exfile.c
Alan T. DeKok [Wed, 1 Apr 2015 12:28:26 +0000 (08:28 -0400)]
Try 3 times to lock it. If it fails, return an error
Alan T. DeKok [Wed, 1 Apr 2015 12:17:05 +0000 (08:17 -0400)]
Create correctly formatted session cache entries
Alan T. DeKok [Tue, 31 Mar 2015 21:18:48 +0000 (17:18 -0400)]
Complain if stupid people disable all TLS versions
Alan DeKok [Wed, 1 Apr 2015 12:02:22 +0000 (08:02 -0400)]
Merge pull request #946 from mcnewton/pr2
Small elasticsearch fixups
Matthew Newton [Wed, 1 Apr 2015 11:41:48 +0000 (12:41 +0100)]
Small elasticsearch fixups
Arran Cudbard-Bell [Tue, 31 Mar 2015 22:16:10 +0000 (18:16 -0400)]
Merge pull request #944 from mcnewton/pr
logstash/elasticsearch config for detail file analysis
Matthew Newton [Tue, 31 Mar 2015 21:48:26 +0000 (22:48 +0100)]
Add example elasticsearch/logstash config for detail files
Matthew Newton [Tue, 31 Mar 2015 21:45:33 +0000 (22:45 +0100)]
Tidy documentation formatting/whitespace
Arran Cudbard-Bell [Tue, 31 Mar 2015 21:39:02 +0000 (17:39 -0400)]
Servers are freed individually on server exit, so can't be parented off of the client
Alan T. DeKok [Tue, 31 Mar 2015 20:59:03 +0000 (16:59 -0400)]
note recent changes
Alan T. DeKok [Tue, 31 Mar 2015 20:57:49 +0000 (16:57 -0400)]
Warn on use of expanded EAP types
Alan T. DeKok [Tue, 31 Mar 2015 20:45:46 +0000 (16:45 -0400)]
Convert expanded EAP to normal EAP