Dan Breslau [Fri, 27 Jan 2017 16:30:03 +0000 (11:30 -0500)]
Upstream freeradius had a slightly different calling sequence for opening the sqlite database and setting the busy_timeout. I think upstream is correct.
Dan Breslau [Fri, 27 Jan 2017 16:28:17 +0000 (11:28 -0500)]
Removed a call to talloc_steal that had been removed much earlier in the upstream freeradius base (roughly 18 months ago, though that's not meant to be exact.)
Dan Breslau [Fri, 27 Jan 2017 16:19:35 +0000 (11:19 -0500)]
Merge tag 'release_3_0_12' into branch moonshot-fr-3.0.12-upgrade.
Conflicts:
src/modules/rlm_realm/rlm_realm.c
Alan T. DeKok [Thu, 29 Sep 2016 15:19:48 +0000 (11:19 -0400)]
typo
Alan T. DeKok [Thu, 29 Sep 2016 14:55:38 +0000 (10:55 -0400)]
note recent changes.
Alan T. DeKok [Thu, 29 Sep 2016 14:42:58 +0000 (10:42 -0400)]
allow for old-style names, too
Alan T. DeKok [Thu, 29 Sep 2016 14:33:22 +0000 (10:33 -0400)]
simplify debug messages
we don't need 'request %u' in RDEBUG messages
Alan T. DeKok [Thu, 29 Sep 2016 14:25:15 +0000 (10:25 -0400)]
more &
Alan T. DeKok [Wed, 28 Sep 2016 15:16:51 +0000 (11:16 -0400)]
Fix compile without ascend binary. fixes #1761
Alan DeKok [Tue, 27 Sep 2016 19:52:30 +0000 (15:52 -0400)]
Merge pull request #1760 from jrouzierinverse/feature/eap-fast-3.0.x
Fix talloc parenting issue
James Rouzier [Tue, 27 Sep 2016 19:41:16 +0000 (15:41 -0400)]
Fix talloc parenting issue
Alan T. DeKok [Tue, 27 Sep 2016 19:12:23 +0000 (15:12 -0400)]
notes on AD
Alan T. DeKok [Sun, 10 Jul 2016 18:03:18 +0000 (14:03 -0400)]
build headers before scanning
Matthew Newton [Tue, 27 Sep 2016 11:43:09 +0000 (12:43 +0100)]
Merge pull request #1759 from mcnewton/v3.0.x
small dhcpclient man page tweaks
Matthew Newton [Tue, 27 Sep 2016 11:02:32 +0000 (12:02 +0100)]
small dhcpclient man page tweaks
Alan T. DeKok [Mon, 26 Sep 2016 20:39:36 +0000 (16:39 -0400)]
one more check for virtual servers
Alan T. DeKok [Mon, 26 Sep 2016 20:20:30 +0000 (16:20 -0400)]
skip virtual servers in a pool
Alan T. DeKok [Mon, 26 Sep 2016 20:16:49 +0000 (16:16 -0400)]
remove from proxy hash on ping timeout
Arran Cudbard-Bell [Mon, 26 Sep 2016 15:47:51 +0000 (16:47 +0100)]
Don't ignore the fact we've hit vulnerable versions in previous checks
Alan T. DeKok [Mon, 26 Sep 2016 15:06:11 +0000 (11:06 -0400)]
reorder list
Alan T. DeKok [Mon, 26 Sep 2016 15:00:33 +0000 (11:00 -0400)]
one last check to narrow down the possibilities
Arran Cudbard-Bell [Mon, 26 Sep 2016 14:55:28 +0000 (15:55 +0100)]
Merge pull request #1758 from TheMysteriousX/v3.0.x
Check the CVE ID, not the name
Alan T. DeKok [Mon, 26 Sep 2016 14:54:33 +0000 (10:54 -0400)]
Add checks for Linux && OSX
Alan T. DeKok [Mon, 26 Sep 2016 14:54:26 +0000 (10:54 -0400)]
fix typos
Adam Bishop [Mon, 26 Sep 2016 14:52:02 +0000 (15:52 +0100)]
Check the CVE ID, not the name
Alan T. DeKok [Mon, 26 Sep 2016 14:27:25 +0000 (10:27 -0400)]
note recent changes
Alan T. DeKok [Mon, 26 Sep 2016 14:25:39 +0000 (10:25 -0400)]
Use opendir(/proc/self/fd) when we don't have closefrom(). Fixes #1757
Alan T. DeKok [Mon, 26 Sep 2016 12:10:07 +0000 (08:10 -0400)]
added F_MAXFD
Alan T. DeKok [Mon, 26 Sep 2016 12:08:04 +0000 (08:08 -0400)]
added F_CLOSEM, which might work, too
Alan T. DeKok [Mon, 26 Sep 2016 11:53:14 +0000 (07:53 -0400)]
add new man pages
Alan Buxey [Mon, 19 Sep 2016 10:39:02 +0000 (11:39 +0100)]
add man page for dhcpclient
Alan Buxey [Mon, 19 Sep 2016 10:39:54 +0000 (11:39 +0100)]
add man page for rad_counter
Alan T. DeKok [Mon, 26 Sep 2016 11:41:49 +0000 (07:41 -0400)]
update for new CVEs
Alan T. DeKok [Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)]
allow acknowledged CVEs
Alan T. DeKok [Sun, 25 Sep 2016 15:06:11 +0000 (11:06 -0400)]
Don't open new connections when exiting. Addresses #1604.
When we a get a SIGTERM or SIGQUIT, mark "exiting", and stop
returning new connections. Also, don't allow reconnection of
existing connections. This should help with CTRL-C.
Alan T. DeKok [Fri, 23 Sep 2016 19:41:08 +0000 (15:41 -0400)]
parent attributes from the right place.
Alan T. DeKok [Fri, 23 Sep 2016 18:01:08 +0000 (14:01 -0400)]
enable "date" by default
Alan T. DeKok [Fri, 23 Sep 2016 13:56:28 +0000 (09:56 -0400)]
note recent changes
Alan T. DeKok [Fri, 23 Sep 2016 13:55:33 +0000 (09:55 -0400)]
clean up OCSP / verify routines
Alan DeKok [Thu, 22 Sep 2016 23:34:47 +0000 (19:34 -0400)]
Merge pull request #1755 from spaetow/patch-3
Adding ABFAB-specific things to last 3.0.x release.
Alan T. DeKok [Thu, 22 Sep 2016 20:07:24 +0000 (16:07 -0400)]
minor update to rejection message
Alan T. DeKok [Thu, 22 Sep 2016 20:06:54 +0000 (16:06 -0400)]
inner tunnel of EAP-FAST cannot be proxied
Alan T. DeKok [Thu, 22 Sep 2016 15:59:08 +0000 (11:59 -0400)]
Fix tls_global_version_check() function and message
there is now more than one vulnerability in OpenSSL.
Alan T. DeKok [Thu, 22 Sep 2016 15:55:14 +0000 (11:55 -0400)]
simplify code
Alan T. DeKok [Thu, 22 Sep 2016 15:54:55 +0000 (11:54 -0400)]
typo in version string
Alan T. DeKok [Thu, 22 Sep 2016 15:26:58 +0000 (11:26 -0400)]
typo
Alan T. DeKok [Thu, 22 Sep 2016 15:24:14 +0000 (11:24 -0400)]
note OpenSSL breakage
Alan T. DeKok [Thu, 22 Sep 2016 15:22:45 +0000 (11:22 -0400)]
Add more vulnerabilities for OpenSSL
Alan T. DeKok [Thu, 22 Sep 2016 14:40:05 +0000 (10:40 -0400)]
note recent changes
Stefan Paetow [Thu, 22 Sep 2016 13:12:37 +0000 (15:12 +0200)]
Update inner-tunnel
Added the Moonshot (ABFAB) TargetedId generation to the standard distribution. Disabled by default.
Stefan Paetow [Thu, 22 Sep 2016 13:03:49 +0000 (15:03 +0200)]
Create moonshot-targeted-ids
Formally include the three Moonshot TargetedIds in the FreeRADIUS policy space so that it can be updated accordingly as the other policies (and features) progress.
Arran Cudbard-Bell [Wed, 21 Sep 2016 14:41:29 +0000 (18:41 +0400)]
RPM_OPT_FLAGS set by configure macro anyway... We just need to not mess with things.
Arran Cudbard-Bell [Wed, 21 Sep 2016 13:09:32 +0000 (17:09 +0400)]
Explain flags
Alan T. DeKok [Tue, 20 Sep 2016 21:24:39 +0000 (17:24 -0400)]
Don't use -O2 for --with developer on rpmbuild. Fixes #1753
Alan T. DeKok [Wed, 21 Sep 2016 13:46:25 +0000 (09:46 -0400)]
make code match the comments and documentation
Alan T. DeKok [Wed, 21 Sep 2016 13:38:50 +0000 (09:38 -0400)]
Use conf->ocsp_store, as it is always set.
Which helps with RadSec connections
Alan T. DeKok [Tue, 20 Sep 2016 12:06:03 +0000 (08:06 -0400)]
More cleanups
Alan T. DeKok [Tue, 20 Sep 2016 11:55:40 +0000 (07:55 -0400)]
clarify message
Alan T. DeKok [Tue, 20 Sep 2016 11:46:13 +0000 (07:46 -0400)]
remove unnecessary FIXMEs
Alan T. DeKok [Tue, 20 Sep 2016 11:44:41 +0000 (07:44 -0400)]
use defines for shift, instead of hard-coded number
Alan DeKok [Tue, 20 Sep 2016 11:43:13 +0000 (07:43 -0400)]
Merge pull request #1751 from jrouzierinverse/feature/eap-fast-3.0.x
Feature/eap fast 3.0.x
James Rouzier [Mon, 19 Sep 2016 16:31:45 +0000 (12:31 -0400)]
Use the proper eap version
James Rouzier [Mon, 19 Sep 2016 16:31:07 +0000 (12:31 -0400)]
Free list after usage
James Rouzier [Mon, 19 Sep 2016 16:29:46 +0000 (12:29 -0400)]
Remove unused variables
James Rouzier [Fri, 16 Sep 2016 16:27:46 +0000 (12:27 -0400)]
Shift to use the proper attribute id
Alan T. DeKok [Mon, 19 Sep 2016 20:04:55 +0000 (16:04 -0400)]
whitespace and formatting
Arran Cudbard-Bell [Mon, 19 Sep 2016 16:15:52 +0000 (20:15 +0400)]
Merge pull request #1750 from TheMysteriousX/v3.0.x
NULL the configuration item if no trust router is configured
Adam Bishop [Mon, 19 Sep 2016 14:47:20 +0000 (15:47 +0100)]
NULL the configuration item if no trust router is configured
Add a debug message so the user knows the dyanmic realm functionality is disabled
Alan T. DeKok [Mon, 19 Sep 2016 15:23:54 +0000 (11:23 -0400)]
use the correct function API
Alan T. DeKok [Mon, 19 Sep 2016 15:17:34 +0000 (11:17 -0400)]
separate messages for separate error cases
Alan T. DeKok [Tue, 24 Nov 2015 19:15:11 +0000 (14:15 -0500)]
The default rule is "all"
Alan T. DeKok [Mon, 19 Sep 2016 13:29:00 +0000 (09:29 -0400)]
note recent changes
Michael Stapelberg [Sun, 18 Sep 2016 12:01:45 +0000 (14:01 +0200)]
Make.inc.in: use relative include paths
This is necessary for the build to be reproducible (see
https://reproducible-builds.org/ for more details). Some binaries (e.g.
radeapclient or radiusd itself) include the CFLAGS with which they were
built, and hence the build path, which is different on different builds
of the package (at least on Debian).
Michael Stapelberg [Fri, 16 Sep 2016 20:29:07 +0000 (22:29 +0200)]
Don’t install src/tests/rbmonkey
fixes #1735
Michael Stapelberg [Sat, 17 Sep 2016 13:33:44 +0000 (15:33 +0200)]
install.mk: add jlibtool dependency
This commit adds a dependency on ${JLIBTOOL} to all targets using it via
${PROGRAM_INSTALL}.
fixes #1740
Alan T. DeKok [Tue, 24 Nov 2015 19:57:52 +0000 (14:57 -0500)]
Apparently 3.82 leaves the trailing / on for directories
Alan T. DeKok [Tue, 24 Nov 2015 18:15:14 +0000 (13:15 -0500)]
Create the output directory
Alan T. DeKok [Tue, 17 Nov 2015 19:55:36 +0000 (14:55 -0500)]
Automatically create install directories.
And make executables / libraries have order dependence on
install directories
Arran Cudbard-Bell [Mon, 19 Sep 2016 09:52:47 +0000 (13:52 +0400)]
Call pthread_setspecific for every thread that calls fr_thread_local_init, not just the first one. Otherwise, the value associated with the key is NULL and the destructor isn't called.
Alan T. DeKok [Fri, 16 Sep 2016 13:36:26 +0000 (09:36 -0400)]
formatting
Alan DeKok [Fri, 16 Sep 2016 13:34:19 +0000 (09:34 -0400)]
Merge pull request #1730 from jrouzierinverse/feature/eap-fast-3.0.x
Use the virtual_server defined in the eap fast config
Alan T. DeKok [Fri, 16 Sep 2016 13:12:23 +0000 (09:12 -0400)]
move sig rule to template
Matthew Newton [Thu, 15 Sep 2016 21:12:57 +0000 (22:12 +0100)]
make it clearer how to enable check-eap-tls
James Rouzier [Thu, 15 Sep 2016 16:39:57 +0000 (12:39 -0400)]
Use the virtual_server defined in the eap fast config
Arran Cudbard-Bell [Thu, 15 Sep 2016 03:09:11 +0000 (23:09 -0400)]
Add rlm_eap_fast.so to spec file
Alan T. DeKok [Wed, 14 Sep 2016 15:59:55 +0000 (11:59 -0400)]
releases are now signed by packages@freeradius.org
Alan T. DeKok [Wed, 14 Sep 2016 15:25:44 +0000 (11:25 -0400)]
note recent changes
Alan T. DeKok [Wed, 14 Sep 2016 15:25:10 +0000 (11:25 -0400)]
document EAP-FAST
Alan DeKok [Wed, 14 Sep 2016 15:15:05 +0000 (11:15 -0400)]
Merge pull request #1727 from jrouzierinverse/feature/eap-fast-3.0.x
Feature/eap fast 3.0.x
Alan DeKok [Wed, 14 Sep 2016 15:14:38 +0000 (11:14 -0400)]
Merge pull request #1728 from jrouzierinverse/feature/mschap-cisco
pull NEAT fix from v4.0.x branch
Alan T. DeKok [Wed, 14 Sep 2016 15:03:06 +0000 (11:03 -0400)]
Use normal escape routines, and not special ones.
Alan T. DeKok [Wed, 3 Aug 2016 06:52:30 +0000 (08:52 +0200)]
pull NEAT fix from v4.0.x branch
Alan T. DeKok [Tue, 13 Sep 2016 19:25:52 +0000 (15:25 -0400)]
note recent changes
Alan T. DeKok [Tue, 13 Sep 2016 19:25:40 +0000 (15:25 -0400)]
more checks
James Rouzier [Tue, 13 Sep 2016 19:16:59 +0000 (15:16 -0400)]
Use the new name FreeRADIUS-EAP-FAST-PAC-Opaque-TLV to get the dictionary attribute
James Rouzier [Tue, 13 Sep 2016 19:16:21 +0000 (15:16 -0400)]
Use dict_parent for figure the parent attribute
James Rouzier [Tue, 13 Sep 2016 19:07:56 +0000 (15:07 -0400)]
Expose dict_parent
James Rouzier [Tue, 13 Sep 2016 19:07:32 +0000 (15:07 -0400)]
Move EAP TLV definitions to share/dictionary.freeradius
James Rouzier [Tue, 13 Sep 2016 16:45:47 +0000 (12:45 -0400)]
copy_request_to_tunnel if turned on
James Rouzier [Tue, 13 Sep 2016 16:42:54 +0000 (12:42 -0400)]
Use the naming convention of 3.0.x