Herwin Weststrate [Mon, 26 Jan 2015 12:56:47 +0000 (13:56 +0100)]
Fixed indention of ChangeLog for release 3.0.7
It was a mess of tabs and spaces, and impossible to read with a tabwidth other than 8.
Arran Cudbard-Bell [Mon, 26 Jan 2015 05:55:00 +0000 (12:55 +0700)]
Helps to write the result to the result buffer...
Arran Cudbard-Bell [Sun, 25 Jan 2015 09:30:41 +0000 (16:30 +0700)]
Move socket permissions code into fr_server_domain_socket
Arran Cudbard-Bell [Sun, 25 Jan 2015 08:51:35 +0000 (15:51 +0700)]
Partially revert "call rad_mkdir to make the path for the control socket, and modify the default config to place the control socket into a 'control' subdirectory"
This reverts commit
2268bddadaf2d3aab09f18eea863895c9a01ce7a.
Better to keep the new logic entirely separate
Conflicts:
src/main/command.c
src/main/util.c
Arran Cudbard-Bell [Sat, 24 Jan 2015 15:46:51 +0000 (22:46 +0700)]
Address (some) potential TOCTOU attack vectors in rad_mkdir
We now leave ownership as the effective UID (which should be sufficiently restrictive) whilst creating the directory structure, and set initial permissions to 0700.
When setting final permissions, we first open the directory, check we still have write permissions by doing fchmod with our effective UID/GID (which should not be super user), then suid_up, and use fchown to set the owner.
Arran Cudbard-Bell [Sat, 24 Jan 2015 12:27:42 +0000 (19:27 +0700)]
Rename directory to dir in rad_mkdir, and add doxygen header
Alan T. DeKok [Sun, 25 Jan 2015 23:00:06 +0000 (18:00 -0500)]
Cleanups to match the rest of the server formatting
Alan T. DeKok [Sun, 25 Jan 2015 22:51:18 +0000 (17:51 -0500)]
Minor cleanups
Nicolas C [Tue, 5 Aug 2014 09:06:40 +0000 (11:06 +0200)]
dhcpclient - allow to specify interface and send/recv at raw packet level
As discussed earlier on the list:
- if the client host has multiple interfaces,
- and at least one of them already has an IP address, Then the source IP
address cannot be 0.0.0.0 (even with "Packet-Src-IP-Address=0.0.0.0").
An actual IP address is automatically used as source.
This is modified by the device driver.
This patch does the following:
- Add an option to dhcpclient allowing to specify which network
interface to use.
- Open a raw socket on the low level packet interface. This allows
packet data to be left unchanged by the device driver.
- Encode Ethernet (send to ff:ff:ff:ff:ff:ff), IP and UDP layers
manually. And let FreeRADIUS do the DHCP stuff, as before.
(This required new specific socket / send / recv functions.)
The existing behaviour of dhcpclient is unchanged, it is used if the new
option -i is not set (or if destination is not broadcast).
Conflicts:
src/modules/proto_dhcp/dhcpclient.c
Alan T. DeKok [Sun, 25 Jan 2015 14:37:23 +0000 (09:37 -0500)]
Honor Packet-Src-Port in radclient. Fixes #889
Alan T. DeKok [Sun, 25 Jan 2015 14:32:27 +0000 (09:32 -0500)]
These variables are "static"
Alan T. DeKok [Sun, 25 Jan 2015 14:32:17 +0000 (09:32 -0500)]
fix compiler warnings
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:44:24 +0000 (15:44 +0700)]
Exit with the status of FreeRADIUS for debugging
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:30:26 +0000 (15:30 +0700)]
Make Debian and RHEL scripts output the same message if debug or debug-threaded is used and the daemon is still running
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:29:32 +0000 (15:29 +0700)]
Bring suse init script into line with other init scripts. Closes #884
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:28:13 +0000 (15:28 +0700)]
Unused
Arran Cudbard-Bell [Sat, 24 Jan 2015 07:48:21 +0000 (14:48 +0700)]
Typo
Alan T. DeKok [Fri, 23 Jan 2015 21:08:35 +0000 (16:08 -0500)]
Fix typo
Alan T. DeKok [Fri, 23 Jan 2015 20:48:33 +0000 (15:48 -0500)]
The old name is deprecated, not the new one
Arran Cudbard-Bell [Fri, 23 Jan 2015 18:06:28 +0000 (01:06 +0700)]
Fix capitalisation in ssha2passwd
Arran Cudbard-Bell [Fri, 23 Jan 2015 17:46:37 +0000 (00:46 +0700)]
Modernise logrotate configuration files and use copytruncate for the main server logs
Alan T. DeKok [Thu, 22 Jan 2015 22:17:02 +0000 (17:17 -0500)]
Don't dereference NULL. Fixes #888
An attribute may have zero length, but is still (sort of)
well formed.
Arran Cudbard-Bell [Thu, 22 Jan 2015 19:53:32 +0000 (02:53 +0700)]
Initialise ldapai_info_version field of LDAPAPIInfo struct so the LDAP_OPT_API_INFO call works
Arran Cudbard-Bell [Thu, 22 Jan 2015 15:58:12 +0000 (22:58 +0700)]
Sanitize curl-config cflags
Arran Cudbard-Bell [Thu, 22 Jan 2015 15:50:11 +0000 (22:50 +0700)]
Fix typo in base64 docs
Arran Cudbard-Bell [Thu, 22 Jan 2015 15:47:03 +0000 (22:47 +0700)]
Pass through LIBCURL_CPPFLAGS
Arran Cudbard-Bell [Thu, 22 Jan 2015 09:56:52 +0000 (16:56 +0700)]
Set src/dst IP address prefix lengths correctly when copying their values from VALUE_PAIRs Closes #887
Alan T. DeKok [Wed, 21 Jan 2015 20:01:21 +0000 (15:01 -0500)]
Remove extraneous semicolon
Alan T. DeKok [Wed, 21 Jan 2015 19:06:31 +0000 (14:06 -0500)]
Attempt to remove failing test when there's no OpenSSL
Alan T. DeKok [Wed, 21 Jan 2015 17:38:29 +0000 (12:38 -0500)]
Remove unused variable
Alan T. DeKok [Wed, 21 Jan 2015 16:44:28 +0000 (11:44 -0500)]
Note recent changes
Alan T. DeKok [Wed, 21 Jan 2015 16:40:32 +0000 (11:40 -0500)]
Added rpad && lpad
Alan T. DeKok [Wed, 21 Jan 2015 16:34:30 +0000 (11:34 -0500)]
Remove wrong assertion. "out" can be NULL
Arran Cudbard-Bell [Wed, 21 Jan 2015 05:37:12 +0000 (12:37 +0700)]
add assert to normify_with_header, checking vp type
Arran Cudbard-Bell [Wed, 21 Jan 2015 02:57:07 +0000 (09:57 +0700)]
Skip if the server wasn't built with OpenSSL
Arran Cudbard-Bell [Wed, 21 Jan 2015 02:38:58 +0000 (09:38 +0700)]
Add support for SSHA2 - Original patch by PDD
Arran Cudbard-Bell [Wed, 21 Jan 2015 02:07:23 +0000 (09:07 +0700)]
Minor fixes in rlm_pap
Arran Cudbard-Bell [Wed, 21 Jan 2015 01:41:11 +0000 (08:41 +0700)]
Document and rename some configuration structure fields in rlm_sql
Alan T. DeKok [Tue, 20 Jan 2015 21:42:54 +0000 (16:42 -0500)]
Limit switch to non-list, too
Alan T. DeKok [Tue, 20 Jan 2015 21:02:00 +0000 (16:02 -0500)]
case statements can't refer to lists
Alan DeKok [Tue, 20 Jan 2015 21:38:59 +0000 (16:38 -0500)]
Merge pull request #879 from mcnewton/manupdate
update man pages
Alan T. DeKok [Tue, 20 Jan 2015 20:40:02 +0000 (15:40 -0500)]
Note that break means "break now"
Alan T. DeKok [Tue, 20 Jan 2015 20:12:22 +0000 (15:12 -0500)]
Modules cannot be named for reserved words in unlang
Arran Cudbard-Bell [Tue, 20 Jan 2015 13:39:00 +0000 (20:39 +0700)]
Build debug package
Arran Cudbard-Bell [Tue, 20 Jan 2015 12:40:17 +0000 (19:40 +0700)]
Typo
Arran Cudbard-Bell [Tue, 20 Jan 2015 04:41:54 +0000 (11:41 +0700)]
Update redhat init scripts
Add the same additional options as debian (configtest, debug, debug-threaded)
Matthew Newton [Mon, 19 Jan 2015 23:59:05 +0000 (23:59 +0000)]
update rlm_passwd
Matthew Newton [Sun, 11 Jan 2015 01:07:55 +0000 (01:07 +0000)]
update rlm_always
Arran Cudbard-Bell [Mon, 19 Jan 2015 14:02:36 +0000 (21:02 +0700)]
Max pending should be unsigned
Arran Cudbard-Bell [Mon, 19 Jan 2015 13:22:14 +0000 (20:22 +0700)]
Fix weird indentation in connection.c
Alan T. DeKok [Mon, 19 Jan 2015 13:40:10 +0000 (08:40 -0500)]
Rate-limit new connections after a failed attempt.
If we fail to open a connection, we don't want N child threads
to block on opening new connections. Instead, allow one connection
through. If that succeeds, allow 2, then 3, etc.
Arran Cudbard-Bell [Mon, 19 Jan 2015 04:02:57 +0000 (11:02 +0700)]
Use chmod permissions macros
Arran Cudbard-Bell [Mon, 19 Jan 2015 02:02:11 +0000 (09:02 +0700)]
Fix coverity issues
Arran Cudbard-Bell [Sun, 18 Jan 2015 16:22:53 +0000 (23:22 +0700)]
Need H: arg
Arran Cudbard-Bell [Sun, 18 Jan 2015 15:32:34 +0000 (22:32 +0700)]
call rad_mkdir to make the path for the control socket, and modify the default config to place the control socket into a 'control' subdirectory
If this works everywhere we should be able to manage control socket permissions using just the filesystem
Alan T. DeKok [Sun, 18 Jan 2015 15:14:37 +0000 (10:14 -0500)]
Remove UNUSED where the parameter is actually used
Alan T. DeKok [Sat, 17 Jan 2015 23:30:51 +0000 (18:30 -0500)]
Whitespace
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:07:14 +0000 (20:07 +0700)]
Fix control socket permissions control for none Linux systems
chown() on Unix sockets errors out on all BSD systems including OSX.
Arran Cudbard-Bell [Sun, 18 Jan 2015 12:32:01 +0000 (19:32 +0700)]
Fix stupid redundant getgr* and getpw* functions
We will *always* have the _r variants, and we should always have the headers. There's no need to check, there's no need to fallback.
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:35:27 +0000 (20:35 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:33:08 +0000 (20:33 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 07:50:56 +0000 (14:50 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 07:38:03 +0000 (14:38 +0700)]
Fixup rlm_ldap to use bind credentials from the module instance that created the connection pool, not the module referencing it
Allow server to be NULL if the module instance is using a connection pool reference
Arran Cudbard-Bell [Sun, 18 Jan 2015 05:09:32 +0000 (12:09 +0700)]
Add %{ldapquote:} to escape special chars in filters and DNs
Arran Cudbard-Bell [Sun, 18 Jan 2015 05:01:24 +0000 (12:01 +0700)]
Typo
Arran Cudbard-Bell [Sun, 18 Jan 2015 04:26:07 +0000 (11:26 +0700)]
Optimise tmpl_expand to avoid copying to intermediary buffers when not required
This has two positive side effects. Firstly the LDAP code is marginally faster.
Second, when using attribute references or literals for DNs and filters the length is unlimited.
Arran Cudbard-Bell [Sun, 18 Jan 2015 04:21:33 +0000 (11:21 +0700)]
Should be jsonquote to match urlquote (not tojson)
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:52:26 +0000 (09:52 +0700)]
xlat.h needs conffile.h for xlat_register_redundant
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:34:54 +0000 (09:34 +0700)]
Remove restriction on assigning return codes only to module calls
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:34:16 +0000 (09:34 +0700)]
No more hacks for xlat
Arran Cudbard-Bell [Sun, 18 Jan 2015 00:55:03 +0000 (07:55 +0700)]
cf_item_parse type should be unsigned to match PW_TYPE enum
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:10:04 +0000 (23:10 +0700)]
Switch relevant config items in rlm_ldap to tmpls
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:09:26 +0000 (23:09 +0700)]
Add PW_TYPE_TMPL which parses a conf item directly as a value_pair_tmpl_t
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:07:17 +0000 (23:07 +0700)]
Move xlat functions into a separate header file
Arran Cudbard-Bell [Sat, 17 Jan 2015 10:15:25 +0000 (17:15 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 17 Jan 2015 09:59:02 +0000 (16:59 +0700)]
Add nexttime xlat, for calculating number of seconds before next hour, day, week, month or year
Arran Cudbard-Bell [Sat, 17 Jan 2015 03:24:01 +0000 (10:24 +0700)]
More useful default control policies
Arran Cudbard-Bell [Sat, 17 Jan 2015 02:20:22 +0000 (09:20 +0700)]
Fix for CID #1104360
Arran Cudbard-Bell [Sat, 17 Jan 2015 00:24:05 +0000 (07:24 +0700)]
Correct fix for #878
Alan T. DeKok [Fri, 16 Jan 2015 16:09:34 +0000 (11:09 -0500)]
Set length correctly. Fixes #878
Alan T. DeKok [Fri, 16 Jan 2015 15:50:32 +0000 (10:50 -0500)]
Solaris requires more headers. Fixes #872
Alan T. DeKok [Fri, 16 Jan 2015 15:08:30 +0000 (10:08 -0500)]
Save session-state after proxying. Fixes #854
Alan T. DeKok [Fri, 16 Jan 2015 14:49:41 +0000 (09:49 -0500)]
Test for "return { ...}"
Hm... the test framework doesn't check for false successes.
If a test contains "ERROR", it should fail if unittest.c succeeds
Alan T. DeKok [Fri, 16 Jan 2015 14:49:25 +0000 (09:49 -0500)]
Fix comments
Alan T. DeKok [Fri, 16 Jan 2015 14:44:25 +0000 (09:44 -0500)]
Return on parse error for break / return
Arran Cudbard-Bell [Fri, 16 Jan 2015 11:30:15 +0000 (18:30 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 16 Jan 2015 11:18:57 +0000 (18:18 +0700)]
Add tojson xlat for escaping json strings
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:39:49 +0000 (17:39 +0700)]
Print out info for MySQL server and libmysql client version
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:13:26 +0000 (17:13 +0700)]
Stop server INFOing about empty sections
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:02:53 +0000 (17:02 +0700)]
Return updated if rlm_ldap updated the request
Also pass back more error conditions from the profile mapping code
Arran Cudbard-Bell [Fri, 16 Jan 2015 09:07:11 +0000 (16:07 +0700)]
Avoid spurious warnings about zero length queries
Arran Cudbard-Bell [Fri, 16 Jan 2015 07:26:28 +0000 (14:26 +0700)]
Change severity and return code for DN not found
When searching for a user, not finding the base DN is normal and should be converted to a notfound return code
Arran Cudbard-Bell [Fri, 2 Jan 2015 16:47:07 +0000 (11:47 -0500)]
Add support for XLATs on the LHS of update sections
Arran Cudbard-Bell [Thu, 1 Jan 2015 18:29:55 +0000 (13:29 -0500)]
Allow LHS of update maps to be exec or xlat
Alan T. DeKok [Fri, 16 Jan 2015 03:59:44 +0000 (22:59 -0500)]
Allow action over-rides for all modules. Fixes #876
For modules, policies, and things in the "instantiate" section.
Arran Cudbard-Bell [Thu, 15 Jan 2015 11:20:32 +0000 (18:20 +0700)]
Typo
Arran Cudbard-Bell [Thu, 15 Jan 2015 11:18:03 +0000 (18:18 +0700)]
Fix marked unused complains in mysql driver
Alan T. DeKok [Wed, 14 Jan 2015 16:32:00 +0000 (11:32 -0500)]
Check for destination IP, too. Closes #873
Alan T. DeKok [Wed, 14 Jan 2015 16:28:34 +0000 (11:28 -0500)]
home_pool may be NULL when packets go directly to an IP
Arran Cudbard-Bell [Wed, 14 Jan 2015 14:09:03 +0000 (21:09 +0700)]
Update ChangeLog