Alan Buxey [Mon, 19 Sep 2016 10:39:02 +0000 (11:39 +0100)]
add man page for dhcpclient
Alan Buxey [Mon, 19 Sep 2016 10:39:54 +0000 (11:39 +0100)]
add man page for rad_counter
Alan T. DeKok [Mon, 26 Sep 2016 11:41:49 +0000 (07:41 -0400)]
update for new CVEs
Alan T. DeKok [Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)]
allow acknowledged CVEs
Alan T. DeKok [Sun, 25 Sep 2016 15:06:11 +0000 (11:06 -0400)]
Don't open new connections when exiting. Addresses #1604.
When we a get a SIGTERM or SIGQUIT, mark "exiting", and stop
returning new connections. Also, don't allow reconnection of
existing connections. This should help with CTRL-C.
Alan T. DeKok [Fri, 23 Sep 2016 19:41:08 +0000 (15:41 -0400)]
parent attributes from the right place.
Alan T. DeKok [Fri, 23 Sep 2016 18:01:08 +0000 (14:01 -0400)]
enable "date" by default
Alan T. DeKok [Fri, 23 Sep 2016 13:56:28 +0000 (09:56 -0400)]
note recent changes
Alan T. DeKok [Fri, 23 Sep 2016 13:55:33 +0000 (09:55 -0400)]
clean up OCSP / verify routines
Alan DeKok [Thu, 22 Sep 2016 23:34:47 +0000 (19:34 -0400)]
Merge pull request #1755 from spaetow/patch-3
Adding ABFAB-specific things to last 3.0.x release.
Alan T. DeKok [Thu, 22 Sep 2016 20:07:24 +0000 (16:07 -0400)]
minor update to rejection message
Alan T. DeKok [Thu, 22 Sep 2016 20:06:54 +0000 (16:06 -0400)]
inner tunnel of EAP-FAST cannot be proxied
Alan T. DeKok [Thu, 22 Sep 2016 15:59:08 +0000 (11:59 -0400)]
Fix tls_global_version_check() function and message
there is now more than one vulnerability in OpenSSL.
Alan T. DeKok [Thu, 22 Sep 2016 15:55:14 +0000 (11:55 -0400)]
simplify code
Alan T. DeKok [Thu, 22 Sep 2016 15:54:55 +0000 (11:54 -0400)]
typo in version string
Alan T. DeKok [Thu, 22 Sep 2016 15:26:58 +0000 (11:26 -0400)]
typo
Alan T. DeKok [Thu, 22 Sep 2016 15:24:14 +0000 (11:24 -0400)]
note OpenSSL breakage
Alan T. DeKok [Thu, 22 Sep 2016 15:22:45 +0000 (11:22 -0400)]
Add more vulnerabilities for OpenSSL
Alan T. DeKok [Thu, 22 Sep 2016 14:40:05 +0000 (10:40 -0400)]
note recent changes
Stefan Paetow [Thu, 22 Sep 2016 13:12:37 +0000 (15:12 +0200)]
Update inner-tunnel
Added the Moonshot (ABFAB) TargetedId generation to the standard distribution. Disabled by default.
Stefan Paetow [Thu, 22 Sep 2016 13:03:49 +0000 (15:03 +0200)]
Create moonshot-targeted-ids
Formally include the three Moonshot TargetedIds in the FreeRADIUS policy space so that it can be updated accordingly as the other policies (and features) progress.
Arran Cudbard-Bell [Wed, 21 Sep 2016 14:41:29 +0000 (18:41 +0400)]
RPM_OPT_FLAGS set by configure macro anyway... We just need to not mess with things.
Arran Cudbard-Bell [Wed, 21 Sep 2016 13:09:32 +0000 (17:09 +0400)]
Explain flags
Alan T. DeKok [Tue, 20 Sep 2016 21:24:39 +0000 (17:24 -0400)]
Don't use -O2 for --with developer on rpmbuild. Fixes #1753
Alan T. DeKok [Wed, 21 Sep 2016 13:46:25 +0000 (09:46 -0400)]
make code match the comments and documentation
Alan T. DeKok [Wed, 21 Sep 2016 13:38:50 +0000 (09:38 -0400)]
Use conf->ocsp_store, as it is always set.
Which helps with RadSec connections
Alan T. DeKok [Tue, 20 Sep 2016 12:06:03 +0000 (08:06 -0400)]
More cleanups
Alan T. DeKok [Tue, 20 Sep 2016 11:55:40 +0000 (07:55 -0400)]
clarify message
Alan T. DeKok [Tue, 20 Sep 2016 11:46:13 +0000 (07:46 -0400)]
remove unnecessary FIXMEs
Alan T. DeKok [Tue, 20 Sep 2016 11:44:41 +0000 (07:44 -0400)]
use defines for shift, instead of hard-coded number
Alan DeKok [Tue, 20 Sep 2016 11:43:13 +0000 (07:43 -0400)]
Merge pull request #1751 from jrouzierinverse/feature/eap-fast-3.0.x
Feature/eap fast 3.0.x
James Rouzier [Mon, 19 Sep 2016 16:31:45 +0000 (12:31 -0400)]
Use the proper eap version
James Rouzier [Mon, 19 Sep 2016 16:31:07 +0000 (12:31 -0400)]
Free list after usage
James Rouzier [Mon, 19 Sep 2016 16:29:46 +0000 (12:29 -0400)]
Remove unused variables
James Rouzier [Fri, 16 Sep 2016 16:27:46 +0000 (12:27 -0400)]
Shift to use the proper attribute id
Alan T. DeKok [Mon, 19 Sep 2016 20:04:55 +0000 (16:04 -0400)]
whitespace and formatting
Arran Cudbard-Bell [Mon, 19 Sep 2016 16:15:52 +0000 (20:15 +0400)]
Merge pull request #1750 from TheMysteriousX/v3.0.x
NULL the configuration item if no trust router is configured
Adam Bishop [Mon, 19 Sep 2016 14:47:20 +0000 (15:47 +0100)]
NULL the configuration item if no trust router is configured
Add a debug message so the user knows the dyanmic realm functionality is disabled
Alan T. DeKok [Mon, 19 Sep 2016 15:23:54 +0000 (11:23 -0400)]
use the correct function API
Alan T. DeKok [Mon, 19 Sep 2016 15:17:34 +0000 (11:17 -0400)]
separate messages for separate error cases
Alan T. DeKok [Tue, 24 Nov 2015 19:15:11 +0000 (14:15 -0500)]
The default rule is "all"
Alan T. DeKok [Mon, 19 Sep 2016 13:29:00 +0000 (09:29 -0400)]
note recent changes
Michael Stapelberg [Sun, 18 Sep 2016 12:01:45 +0000 (14:01 +0200)]
Make.inc.in: use relative include paths
This is necessary for the build to be reproducible (see
https://reproducible-builds.org/ for more details). Some binaries (e.g.
radeapclient or radiusd itself) include the CFLAGS with which they were
built, and hence the build path, which is different on different builds
of the package (at least on Debian).
Michael Stapelberg [Fri, 16 Sep 2016 20:29:07 +0000 (22:29 +0200)]
Don’t install src/tests/rbmonkey
fixes #1735
Michael Stapelberg [Sat, 17 Sep 2016 13:33:44 +0000 (15:33 +0200)]
install.mk: add jlibtool dependency
This commit adds a dependency on ${JLIBTOOL} to all targets using it via
${PROGRAM_INSTALL}.
fixes #1740
Alan T. DeKok [Tue, 24 Nov 2015 19:57:52 +0000 (14:57 -0500)]
Apparently 3.82 leaves the trailing / on for directories
Alan T. DeKok [Tue, 24 Nov 2015 18:15:14 +0000 (13:15 -0500)]
Create the output directory
Alan T. DeKok [Tue, 17 Nov 2015 19:55:36 +0000 (14:55 -0500)]
Automatically create install directories.
And make executables / libraries have order dependence on
install directories
Arran Cudbard-Bell [Mon, 19 Sep 2016 09:52:47 +0000 (13:52 +0400)]
Call pthread_setspecific for every thread that calls fr_thread_local_init, not just the first one. Otherwise, the value associated with the key is NULL and the destructor isn't called.
Alan T. DeKok [Fri, 16 Sep 2016 13:36:26 +0000 (09:36 -0400)]
formatting
Alan DeKok [Fri, 16 Sep 2016 13:34:19 +0000 (09:34 -0400)]
Merge pull request #1730 from jrouzierinverse/feature/eap-fast-3.0.x
Use the virtual_server defined in the eap fast config
Alan T. DeKok [Fri, 16 Sep 2016 13:12:23 +0000 (09:12 -0400)]
move sig rule to template
Matthew Newton [Thu, 15 Sep 2016 21:12:57 +0000 (22:12 +0100)]
make it clearer how to enable check-eap-tls
James Rouzier [Thu, 15 Sep 2016 16:39:57 +0000 (12:39 -0400)]
Use the virtual_server defined in the eap fast config
Arran Cudbard-Bell [Thu, 15 Sep 2016 03:09:11 +0000 (23:09 -0400)]
Add rlm_eap_fast.so to spec file
Alan T. DeKok [Wed, 14 Sep 2016 15:59:55 +0000 (11:59 -0400)]
releases are now signed by packages@freeradius.org
Alan T. DeKok [Wed, 14 Sep 2016 15:25:44 +0000 (11:25 -0400)]
note recent changes
Alan T. DeKok [Wed, 14 Sep 2016 15:25:10 +0000 (11:25 -0400)]
document EAP-FAST
Alan DeKok [Wed, 14 Sep 2016 15:15:05 +0000 (11:15 -0400)]
Merge pull request #1727 from jrouzierinverse/feature/eap-fast-3.0.x
Feature/eap fast 3.0.x
Alan DeKok [Wed, 14 Sep 2016 15:14:38 +0000 (11:14 -0400)]
Merge pull request #1728 from jrouzierinverse/feature/mschap-cisco
pull NEAT fix from v4.0.x branch
Alan T. DeKok [Wed, 14 Sep 2016 15:03:06 +0000 (11:03 -0400)]
Use normal escape routines, and not special ones.
Alan T. DeKok [Wed, 3 Aug 2016 06:52:30 +0000 (08:52 +0200)]
pull NEAT fix from v4.0.x branch
Alan T. DeKok [Tue, 13 Sep 2016 19:25:52 +0000 (15:25 -0400)]
note recent changes
Alan T. DeKok [Tue, 13 Sep 2016 19:25:40 +0000 (15:25 -0400)]
more checks
James Rouzier [Tue, 13 Sep 2016 19:16:59 +0000 (15:16 -0400)]
Use the new name FreeRADIUS-EAP-FAST-PAC-Opaque-TLV to get the dictionary attribute
James Rouzier [Tue, 13 Sep 2016 19:16:21 +0000 (15:16 -0400)]
Use dict_parent for figure the parent attribute
James Rouzier [Tue, 13 Sep 2016 19:07:56 +0000 (15:07 -0400)]
Expose dict_parent
James Rouzier [Tue, 13 Sep 2016 19:07:32 +0000 (15:07 -0400)]
Move EAP TLV definitions to share/dictionary.freeradius
James Rouzier [Tue, 13 Sep 2016 16:45:47 +0000 (12:45 -0400)]
copy_request_to_tunnel if turned on
James Rouzier [Tue, 13 Sep 2016 16:42:54 +0000 (12:42 -0400)]
Use the naming convention of 3.0.x
James Rouzier [Tue, 13 Sep 2016 16:42:29 +0000 (12:42 -0400)]
Remove debuging
James Rouzier [Tue, 13 Sep 2016 16:42:02 +0000 (12:42 -0400)]
Use 3.0.x style
James Rouzier [Tue, 13 Sep 2016 16:36:25 +0000 (12:36 -0400)]
Add eapfast_copy_request_to_tunnel
James Rouzier [Tue, 13 Sep 2016 14:57:37 +0000 (10:57 -0400)]
use eap_fast_decode_vp convert tlv to a value pair
James Rouzier [Tue, 13 Sep 2016 14:54:55 +0000 (10:54 -0400)]
Fix api change
James Rouzier [Tue, 13 Sep 2016 14:36:33 +0000 (10:36 -0400)]
new function eap_fast_decode_vp
James Rouzier [Tue, 13 Sep 2016 14:20:56 +0000 (10:20 -0400)]
Fix up tabs and have eap fast start append data
James Rouzier [Tue, 13 Sep 2016 14:05:17 +0000 (10:05 -0400)]
Remove default_provisioning_method
James Rouzier [Fri, 9 Sep 2016 15:39:27 +0000 (11:39 -0400)]
Set the stage to process
James Rouzier [Fri, 9 Sep 2016 15:38:38 +0000 (11:38 -0400)]
Compile all sources
James Rouzier [Thu, 8 Sep 2016 17:02:22 +0000 (13:02 -0400)]
fr_pair_asprint to vp_aprints_value
James Rouzier [Wed, 7 Sep 2016 19:17:44 +0000 (15:17 -0400)]
Use rad_virtual_server
James Rouzier [Wed, 7 Sep 2016 18:23:56 +0000 (14:23 -0400)]
Manually copy PW_STATE, PW_EAP_MESSAGE, and PW_REPLY_MESSAGE when a challage happens
James Rouzier [Wed, 7 Sep 2016 18:03:21 +0000 (14:03 -0400)]
Use the use_tunneled_reply
James Rouzier [Wed, 7 Sep 2016 17:25:18 +0000 (13:25 -0400)]
Backport use_tunneled_reply
James Rouzier [Wed, 7 Sep 2016 17:24:43 +0000 (13:24 -0400)]
Add state
James Rouzier [Wed, 7 Sep 2016 17:16:02 +0000 (13:16 -0400)]
Add eap_fast_tls_gen_challenge
James Rouzier [Wed, 7 Sep 2016 17:15:41 +0000 (13:15 -0400)]
Add new mschap codes
James Rouzier [Wed, 7 Sep 2016 17:15:04 +0000 (13:15 -0400)]
Add eap fast internal attributes
James Rouzier [Wed, 7 Sep 2016 17:14:30 +0000 (13:14 -0400)]
Init commit
James Rouzier [Tue, 6 Sep 2016 15:46:56 +0000 (11:46 -0400)]
T_PRF
Alan T. DeKok [Tue, 13 Sep 2016 16:14:47 +0000 (12:14 -0400)]
add verify request on debug >= 3
Alan T. DeKok [Tue, 13 Sep 2016 16:14:34 +0000 (12:14 -0400)]
parent username from the correct place
Alan T. DeKok [Tue, 13 Sep 2016 13:46:43 +0000 (09:46 -0400)]
cast to quiet compiler
Arran Cudbard-Bell [Tue, 13 Sep 2016 13:51:29 +0000 (09:51 -0400)]
FreeRADIUS is C11. Non of that Apple junk...
Alan T. DeKok [Mon, 12 Sep 2016 21:22:44 +0000 (17:22 -0400)]
Re-work dict_str2oid and dict_parent
So that they're no longer crazy. Also added debugging messages.
Everything seems to work.
Alan T. DeKok [Wed, 7 Sep 2016 19:57:59 +0000 (15:57 -0400)]
show when we start proxying
Alan T. DeKok [Thu, 1 Sep 2016 19:38:31 +0000 (15:38 -0400)]
set non-FIPS flag for FIPS build
Alan T. DeKok [Thu, 1 Sep 2016 19:33:45 +0000 (15:33 -0400)]
issuer_cert may be retrieved, but not exist
Alan T. DeKok [Wed, 31 Aug 2016 14:26:09 +0000 (10:26 -0400)]
check for enough room