Herwin Weststrate [Tue, 8 Dec 2015 11:29:42 +0000 (12:29 +0100)]
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
The functionality is the same as https://github.com/samba-team/samba/pull/45: allow authentication via winbind when the AD has a higher security level.
Alan T. DeKok [Wed, 9 Dec 2015 16:10:25 +0000 (11:10 -0500)]
More warnings for broken software
Alan T. DeKok [Tue, 8 Dec 2015 16:20:04 +0000 (11:20 -0500)]
Document disable tls 1.2 because of OpenSSL breakage
Alan T. DeKok [Tue, 8 Dec 2015 16:19:55 +0000 (11:19 -0500)]
note recent changes
Alan T. DeKok [Tue, 8 Dec 2015 14:30:35 +0000 (09:30 -0500)]
typo
Alan T. DeKok [Mon, 7 Dec 2015 19:14:15 +0000 (14:14 -0500)]
port enum changes from head, which clarify the code
Alan T. DeKok [Mon, 7 Dec 2015 19:01:36 +0000 (14:01 -0500)]
run verify only on skipped
Arran Cudbard-Bell [Mon, 7 Dec 2015 19:13:03 +0000 (14:13 -0500)]
Merge pull request #1429 from pwdng/freebsd_fix
Some error codes aren't defined on FreeBSD
Philippe Wooding [Fri, 4 Dec 2015 23:38:51 +0000 (00:38 +0100)]
Some error codes aren't defined on FreeBSD
Alan T. DeKok [Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)]
clean up SSL errors on OCSP soft fail
Alan T. DeKok [Mon, 7 Dec 2015 16:43:11 +0000 (11:43 -0500)]
verify_callback should return 0 or 1
Alan T. DeKok [Mon, 7 Dec 2015 16:38:18 +0000 (11:38 -0500)]
Added "skip verify if OCSP succeeds". Fixes #1426
Alan T. DeKok [Sat, 5 Dec 2015 17:30:20 +0000 (12:30 -0500)]
note recent changes
Alan T. DeKok [Sat, 5 Dec 2015 17:27:38 +0000 (12:27 -0500)]
WARN if we find duplicate configuration items.
Because some people think randomly adding things is a good idea.
Alan T. DeKok [Fri, 4 Dec 2015 13:29:15 +0000 (08:29 -0500)]
formatting
Alan T. DeKok [Fri, 4 Dec 2015 13:29:04 +0000 (08:29 -0500)]
Check buffer as we copy data into it
Arran Cudbard-Bell [Thu, 3 Dec 2015 19:19:03 +0000 (14:19 -0500)]
Fix includes in installed headers
Arran Cudbard-Bell [Thu, 3 Dec 2015 15:58:44 +0000 (10:58 -0500)]
Invalid assert
Alan T. DeKok [Thu, 3 Dec 2015 13:56:00 +0000 (08:56 -0500)]
sqlhpwippool is unstable
Alan T. DeKok [Wed, 2 Dec 2015 18:51:39 +0000 (13:51 -0500)]
Revert "Commit mk files for sql modules"
This reverts commit
2b77b7e830222d0192f42efe66cae38f061aa34c.
Arran Cudbard-Bell [Mon, 30 Nov 2015 03:12:44 +0000 (22:12 -0500)]
Some compilation fixes for trusty tapier
Alan T. DeKok [Wed, 2 Dec 2015 18:21:17 +0000 (13:21 -0500)]
Dynamically check Auth-Type values
Alan T. DeKok [Wed, 2 Dec 2015 15:46:05 +0000 (10:46 -0500)]
Remove most Auth-Type values.
Accept / Reject are needed by the server core.
MS-CHAP and EAP are needed by EAP.
Everything else should be auto-created at run time.
If someone sets "Auth-Type foo" without an authentication type
"foo" defined, the server should refuse to start.
Alan T. DeKok [Mon, 30 Nov 2015 20:01:23 +0000 (15:01 -0500)]
cast for %u
Alan T. DeKok [Mon, 30 Nov 2015 19:57:45 +0000 (14:57 -0500)]
Simplify logic for getpeereid()
for systems which don't have that, but do have SO_PEERCRED
Alan T. DeKok [Mon, 30 Nov 2015 19:40:57 +0000 (14:40 -0500)]
Simplify setting of RADIUSD_VERSION
because "awk" on Solaris is broken
Alan T. DeKok [Mon, 30 Nov 2015 19:40:02 +0000 (14:40 -0500)]
Better sun fixes
Alan T. DeKok [Mon, 30 Nov 2015 19:21:30 +0000 (14:21 -0500)]
Fixes for GCC on Solaris
Because I like pain.
Alan T. DeKok [Mon, 30 Nov 2015 16:36:27 +0000 (11:36 -0500)]
test for %{string:...}
Alan T. DeKok [Mon, 30 Nov 2015 16:18:47 +0000 (11:18 -0500)]
typo
Alan T. DeKok [Mon, 30 Nov 2015 16:01:24 +0000 (11:01 -0500)]
Notes on embedded zeros in passwords
Arran Cudbard-Bell [Mon, 30 Nov 2015 01:51:49 +0000 (20:51 -0500)]
Fix RADIUS-STAT-MIB so it compiles
Alan T. DeKok [Fri, 27 Nov 2015 15:12:04 +0000 (10:12 -0500)]
Use fr_pair_value_bstrncpy() where appropriate
Arran Cudbard-Bell [Fri, 27 Nov 2015 12:52:54 +0000 (07:52 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Thu, 26 Nov 2015 19:20:21 +0000 (14:20 -0500)]
Merge pull request #1405 from jpereira/fix/copy-scripts-collected
Bring branch://master/scripts/collected to here
Jorge Pereira [Thu, 26 Nov 2015 19:18:53 +0000 (17:18 -0200)]
Bring branch://master/scripts/collected to here
Arran Cudbard-Bell [Thu, 26 Nov 2015 19:01:20 +0000 (14:01 -0500)]
Merge pull request #1404 from jpereira/v3.0.x
Bring branch://master/scripts/munin/radsniff to here
Jorge Pereira [Thu, 26 Nov 2015 18:59:09 +0000 (16:59 -0200)]
Bring branch://master/scripts/munin/radsniff to here
Arran Cudbard-Bell [Thu, 26 Nov 2015 18:53:48 +0000 (13:53 -0500)]
Merge pull request #1402 from jpereira/fix/bug-with-stats
Bugfix - Used a wrong list to global statistics in 'stats'
Jorge Pereira [Thu, 26 Nov 2015 18:43:25 +0000 (16:43 -0200)]
Bugfix - Used a wrong list to global statistics in 'stats'
Alan T. DeKok [Thu, 26 Nov 2015 16:02:37 +0000 (11:02 -0500)]
typo
Alan DeKok [Thu, 26 Nov 2015 14:11:37 +0000 (09:11 -0500)]
Merge pull request #1401 from mcnewton/v30soh
SoH isn't very useful without attributes
Matthew Newton [Thu, 26 Nov 2015 11:24:44 +0000 (11:24 +0000)]
SoH isn't very useful without attributes
Broken in
c11e3d8454 by no longer setting fake->packet->vps.
eapsoh_verify has no need to see the original request as long
as it's got access to the data to parse, so just pass in the
fake request and get the attributes created there directly.
Alan T. DeKok [Wed, 25 Nov 2015 21:05:42 +0000 (16:05 -0500)]
Remove extraneous message
Alan T. DeKok [Wed, 25 Nov 2015 21:02:01 +0000 (16:02 -0500)]
Set src/dst ip/port for TCP connections
Arran Cudbard-Bell [Wed, 25 Nov 2015 18:05:08 +0000 (13:05 -0500)]
Merge pull request #1399 from jpereira/fix/syserror1
better call fr_syserror() when in POSIX contexts
Jorge Pereira [Wed, 25 Nov 2015 17:50:22 +0000 (15:50 -0200)]
better call fr_syserror() when in POSIX contexts
Alan T. DeKok [Wed, 25 Nov 2015 16:57:20 +0000 (11:57 -0500)]
note recent changes
Alan T. DeKok [Wed, 25 Nov 2015 16:46:52 +0000 (11:46 -0500)]
Complain if error isn't ENOENT. Fixes #1398
Alan T. DeKok [Wed, 25 Nov 2015 16:12:03 +0000 (11:12 -0500)]
Don't use full prefix
Alan DeKok [Tue, 24 Nov 2015 21:05:15 +0000 (16:05 -0500)]
Merge pull request #1394 from jpereira/fix/ramin1
Fixing problem with radmin> stats detail <filename>
Alan T. DeKok [Tue, 24 Nov 2015 18:01:52 +0000 (13:01 -0500)]
If OCSP checks fail, don't run verify command
because the client will be rejected, so we don't want to run
extra resources
Jorge Pereira [Tue, 24 Nov 2015 03:14:51 +0000 (01:14 -0200)]
Fixing problem with radmin> stats detail <filename>
Arran Cudbard-Bell [Fri, 20 Nov 2015 17:05:49 +0000 (12:05 -0500)]
Fix buffer overflow in soh.c
Arran Cudbard-Bell [Fri, 20 Nov 2015 13:34:05 +0000 (08:34 -0500)]
No cases where this is helpful
Alan T. DeKok [Wed, 18 Nov 2015 17:48:42 +0000 (12:48 -0500)]
use correct number...
Alan T. DeKok [Wed, 18 Nov 2015 16:48:34 +0000 (11:48 -0500)]
Check name, not number
Arran Cudbard-Bell [Wed, 18 Nov 2015 16:32:23 +0000 (11:32 -0500)]
Various fixes for LEAP proxying
Alan T. DeKok [Wed, 18 Nov 2015 16:14:02 +0000 (11:14 -0500)]
"localhost" is a valid host name
Alan T. DeKok [Tue, 17 Nov 2015 19:53:18 +0000 (14:53 -0500)]
Turns out GNU people are retarded.
If "install-sh" is asked to do an installation, it helpfully
creates the destination directory for you. Then, if the install
target is a directory, it tries to create the directory. Which
was just created. And then it fails with an error.
Alan DeKok [Tue, 17 Nov 2015 19:04:57 +0000 (14:04 -0500)]
Merge pull request #1387 from jpereira/minor/warnings1
Fix warnings with $raddb/mods-available/cache
Arran Cudbard-Bell [Tue, 17 Nov 2015 14:47:46 +0000 (09:47 -0500)]
Remove duplicates
Arran Cudbard-Bell [Tue, 17 Nov 2015 14:45:30 +0000 (09:45 -0500)]
Merge pull request #1392 from mcnewton/conffix
fixup configure script
Matthew Newton [Tue, 17 Nov 2015 14:37:31 +0000 (14:37 +0000)]
fixup configure script
Pascal Penners [Mon, 16 Nov 2015 14:16:13 +0000 (15:16 +0100)]
added more Lancom VSAs
Arran Cudbard-Bell [Mon, 16 Nov 2015 21:25:11 +0000 (16:25 -0500)]
Minor fix
Arran Cudbard-Bell [Mon, 16 Nov 2015 20:57:57 +0000 (15:57 -0500)]
fclose destroys file descriptor Closes #1390
Arran Cudbard-Bell [Mon, 16 Nov 2015 20:05:36 +0000 (15:05 -0500)]
Merge pull request #1389 from jpereira/fix/vdprintf1
Fixing the missing vdprintf()
Jorge Pereira [Mon, 16 Nov 2015 20:03:22 +0000 (18:03 -0200)]
Fixing the missing vdprintf()
Arran Cudbard-Bell [Mon, 16 Nov 2015 19:44:41 +0000 (14:44 -0500)]
Provide fdprintf if it's missing Closes #1366
Jorge Pereira [Fri, 13 Nov 2015 16:44:50 +0000 (14:44 -0200)]
Fix warnings with $raddb/mods-available/cache
Pascal Penners [Fri, 13 Nov 2015 14:44:42 +0000 (15:44 +0100)]
added IKEv2 Attributes to Lancom dictionary
Alan T. DeKok [Fri, 13 Nov 2015 13:27:23 +0000 (08:27 -0500)]
Notes on location-info
Alan T. DeKok [Wed, 11 Nov 2015 15:43:17 +0000 (10:43 -0500)]
Remove duplicate definition
Arran Cudbard-Bell [Fri, 13 Nov 2015 12:50:23 +0000 (07:50 -0500)]
Fix oracle login error message
Arran Cudbard-Bell [Tue, 10 Nov 2015 22:33:10 +0000 (17:33 -0500)]
Merge pull request #1382 from jpereira/fix/minor-pre-proxy1
Fix minor about NAS-Ip-Address. correct is NAS-IP-Address
Jorge Pereira [Tue, 10 Nov 2015 22:01:52 +0000 (20:01 -0200)]
Fix minor about NAS-Ip-Address. correct is NAS-IP-Address
Alan T. DeKok [Tue, 10 Nov 2015 17:33:44 +0000 (12:33 -0500)]
Cleanups
Alan DeKok [Tue, 10 Nov 2015 17:32:06 +0000 (12:32 -0500)]
Merge pull request #1378 from skids/mschap_ad_errs
Pass on MSCHAP errors from ntlm_auth, too
Alan DeKok [Tue, 10 Nov 2015 17:16:07 +0000 (12:16 -0500)]
Merge pull request #1379 from jpereira/fix/abfab-tr1
Fixing wrong set with $raddb/sites-available/abfab-tr-idp
Jorge Pereira [Tue, 10 Nov 2015 17:00:18 +0000 (15:00 -0200)]
Fixing wrong set with $raddb/sites-available/abfab-tr-idp
skids [Tue, 10 Nov 2015 16:28:42 +0000 (11:28 -0500)]
Pass on MSCHAP errors from ntlm_auth, too
Not that supplicants do anything helpful with them, but locked
and disabled account error codes can be gleaned from ntlm_auth.
Previously only SMB-Account-Cntrl could cause them to send.
Alan T. DeKok [Mon, 9 Nov 2015 20:46:34 +0000 (15:46 -0500)]
fix modules debug
Alan T. DeKok [Mon, 9 Nov 2015 20:27:46 +0000 (15:27 -0500)]
Set FR specific library path.
Because we need to manually look at a library path on El Capitan.
OSX prevents us from loading library paths via the standard
environment variable.
Alan T. DeKok [Mon, 9 Nov 2015 18:50:58 +0000 (13:50 -0500)]
free paircompare only if we had them
Arran Cudbard-Bell [Sun, 8 Nov 2015 21:34:33 +0000 (16:34 -0500)]
Merge pull request #1374 from spaetow/patch-2
Update abfab-tr-idp
Stefan Paetow [Fri, 6 Nov 2015 16:21:17 +0000 (16:21 +0000)]
Update abfab-tr-idp
Add the 'new' tunneled attribute stuff to the ABFAB server too!
Alan Buxey [Thu, 5 Nov 2015 21:01:45 +0000 (21:01 +0000)]
Update dictionary.starent
fixed historical typo
Alan T. DeKok [Tue, 3 Nov 2015 17:42:28 +0000 (12:42 -0500)]
Print out CFLAGS, etc. in version.c
Since version.c is built in 3 places, just add the SRC_CFLAGS
definitions in 3 places. It's easier than trying to hack the
build system to set the flags for version.c only once.
Alan T. DeKok [Tue, 3 Nov 2015 17:06:42 +0000 (12:06 -0500)]
Remove unused flags.
These are only used by version.c, which isn't part of radiusd,
but is instead part of libfreeradius-server
Alan T. DeKok [Tue, 3 Nov 2015 16:58:58 +0000 (11:58 -0500)]
Always have at least '-x' for '-v'
So we get pretty output. And then more -x gets more information
from -v
Alan T. DeKok [Tue, 3 Nov 2015 16:57:41 +0000 (11:57 -0500)]
Extra info is debug2, not debug3
Because we don't want (or care) about time stamps
Arran Cudbard-Bell [Tue, 3 Nov 2015 17:39:30 +0000 (12:39 -0500)]
Merge pull request #1369 from mcnewton/noeap2
there is no eap2 module any more
Arran Cudbard-Bell [Tue, 3 Nov 2015 17:39:10 +0000 (12:39 -0500)]
Merge pull request #1367 from mcnewton/rname1
remove redundant "name" config option
Matthew Newton [Tue, 3 Nov 2015 17:37:10 +0000 (17:37 +0000)]
there is no eap2 module any more
Matthew Newton [Tue, 3 Nov 2015 17:19:04 +0000 (17:19 +0000)]
remove redundant "name" config option
Alan T. DeKok [Tue, 3 Nov 2015 15:15:25 +0000 (10:15 -0500)]
Remove unused variable
Alan DeKok [Tue, 3 Nov 2015 14:41:01 +0000 (09:41 -0500)]
Merge pull request #1365 from jpereira/fix/debug-with-yes1
if the variable DEBUG could be 'no', so need to accept 'yes' also
Alan T. DeKok [Tue, 3 Nov 2015 14:38:16 +0000 (09:38 -0500)]
Hard-code the default name to radiusd.
Because debian renames the binaries and configuration directory,
but *not* the configuration file
Alan T. DeKok [Tue, 3 Nov 2015 03:24:42 +0000 (22:24 -0500)]
We want unittest.c to pretend it's radiusd