Alan T. DeKok [Thu, 25 May 2017 20:59:14 +0000 (16:59 -0400)]
make outgoing SSL_connect() non-blocking
Alan DeKok [Thu, 25 May 2017 15:19:08 +0000 (11:19 -0400)]
Merge pull request #1995 from spaetow/patch-1
Update freeradius.spec with contents of PR #1991
Stefan Paetow [Thu, 25 May 2017 15:17:01 +0000 (16:17 +0100)]
As part of PR 1991, I forgot to update the FR SPEC file with the updated file list for mysql, postgresql and sqlite. Apologies!
Alan DeKok [Thu, 25 May 2017 12:56:51 +0000 (08:56 -0400)]
Merge pull request #1991 from spaetow/v3.0.x
Add SQL backing to Moonshot-*-TargetedId generation
Alan T. DeKok [Wed, 24 May 2017 21:21:55 +0000 (17:21 -0400)]
remove references to sql_log
Alan T. DeKok [Wed, 24 May 2017 19:55:26 +0000 (15:55 -0400)]
note recent changes
Alan T. DeKok [Wed, 24 May 2017 19:55:05 +0000 (15:55 -0400)]
as posted to the list
Stefan Paetow [Sat, 20 May 2017 20:05:56 +0000 (21:05 +0100)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Fri, 19 May 2017 18:10:37 +0000 (14:10 -0400)]
note recent changes
Alan T. DeKok [Wed, 17 May 2017 16:15:07 +0000 (12:15 -0400)]
reduce scope of variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:07:49 +0000 (12:07 -0400)]
request by be NULL. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:06:57 +0000 (12:06 -0400)]
move shutdown calls into check for ssn->ssl. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:03:46 +0000 (12:03 -0400)]
check sizeof(*packet). Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:51:44 +0000 (11:51 -0400)]
check ptr before dereferencing it. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:50:36 +0000 (11:50 -0400)]
remove redundant declaration. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:57 +0000 (11:46 -0400)]
move assertion to correct place. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:12 +0000 (11:46 -0400)]
remove redundant assignment. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:44:48 +0000 (11:44 -0400)]
move assertion to top of function. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:42:54 +0000 (11:42 -0400)]
fix wrong assertion. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:41:57 +0000 (11:41 -0400)]
check for OOM. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:39:07 +0000 (11:39 -0400)]
check before dereference. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:35:20 +0000 (11:35 -0400)]
don't assign wrong enum to variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:27:45 +0000 (11:27 -0400)]
remove redundant check. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:26:54 +0000 (11:26 -0400)]
don't use i for inner and outer loop. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:25:44 +0000 (11:25 -0400)]
remove duplicate checks. Found by PVS-Studio
Alan DeKok [Fri, 19 May 2017 18:06:40 +0000 (14:06 -0400)]
Merge pull request #1989 from Sp1l/v3.0.x
Fix build with LibreSSL
Stefan Paetow [Thu, 18 May 2017 21:14:47 +0000 (22:14 +0100)]
Changed wording. It's incorrect to claim it's a generation policy when it actually does a SQL XLAT.
Stefan Paetow [Thu, 18 May 2017 15:28:27 +0000 (16:28 +0100)]
Adjust the default table names to be SQL-standard compliant. Add the other supported SQL dialects.
Stefan Paetow [Thu, 18 May 2017 13:35:45 +0000 (14:35 +0100)]
Add SQL backing to Moonshot-*-TargetedId generation. Added three attributes for general use in this policy to avoid clashes with Tmp-* variables
Alan T. DeKok [Tue, 16 May 2017 12:07:12 +0000 (08:07 -0400)]
use correct packet for channel binding. Closes #1990
Alan T. DeKok [Fri, 12 May 2017 13:16:00 +0000 (09:16 -0400)]
create string only if it's needed
Alan T. DeKok [Fri, 12 May 2017 13:08:04 +0000 (09:08 -0400)]
use RDEBUG
Alan T. DeKok [Thu, 11 May 2017 14:06:19 +0000 (10:06 -0400)]
remove always-false condition
Bernard Spil [Sun, 14 May 2017 13:45:23 +0000 (15:45 +0200)]
Fix build with LibreSSL
LibreSSL does not have X509_get0_extensions and was forked from 0x1000200fL
See also: https://bugs.freebsd.org/218225
Alan DeKok [Fri, 12 May 2017 11:17:24 +0000 (07:17 -0400)]
Merge pull request #1988 from alejandro-perez/v3.0.x
Fix typo in previous commit
Alejandro Perez [Thu, 11 May 2017 16:16:20 +0000 (18:16 +0200)]
Fix typo in previous commit.
Alan T. DeKok [Thu, 11 May 2017 14:04:22 +0000 (10:04 -0400)]
re-order old names. New names come second...
Alan T. DeKok [Thu, 11 May 2017 13:59:14 +0000 (09:59 -0400)]
convert assertion to run-time check.
Alan T. DeKok [Thu, 11 May 2017 13:57:33 +0000 (09:57 -0400)]
convert assert to run-time check.
Alan T. DeKok [Thu, 11 May 2017 13:50:31 +0000 (09:50 -0400)]
revert debian packages to 3.0.12 versions
Brice Schaffner [Thu, 11 May 2017 10:05:24 +0000 (10:05 +0000)]
Added missing Patton Vendor Attributes
Added some new Patton Vendor Attributes to the list.
These attributes are now supported on the newest Patton device running on Trinity software version 3.11.2.
Arran Cudbard-Bell [Thu, 11 May 2017 10:51:10 +0000 (06:51 -0400)]
Merge pull request #1974 from alanbuxey/patch-3
fixed variable to use the "&" prefix
Arran Cudbard-Bell [Thu, 11 May 2017 10:50:55 +0000 (06:50 -0400)]
Merge branch 'v3.0.x' into patch-3
Alan T. DeKok [Wed, 10 May 2017 18:34:25 +0000 (14:34 -0400)]
add aliases for well-known names
Alan T. DeKok [Wed, 10 May 2017 18:07:54 +0000 (14:07 -0400)]
set statment to NULL. Fixes #1983
Alan DeKok [Wed, 10 May 2017 14:00:08 +0000 (10:00 -0400)]
Merge pull request #1985 from alejandro-perez/v3.0.x
Fix memory leak in trustrouter.c
Alejandro Perez [Wed, 10 May 2017 09:46:55 +0000 (11:46 +0200)]
Fix memory leak in trustrouter.c
In the trustrouter.c file, servers were being created using
talloc_zero() instead of tls_server_conf_alloc(). Thus, the
destructor _tls_server_conf_free() which frees the SSL_CTX
object was not being called.
Alan DeKok [Tue, 9 May 2017 13:36:26 +0000 (09:36 -0400)]
Merge pull request #1982 from alejandro-perez/v3.0.x
Some fixes to the trustrouter related code
Alejandro Perez [Tue, 9 May 2017 12:33:31 +0000 (14:33 +0200)]
Set idle_timeout to 5s to all the dynamic home servers
Dynamically generated home servers get eventually replaced.
We want sockets using these servers to close as soon as possible, to make sure that whenever a pool is replaced, sockets using old ones will not last long (hopefully less than 300s).
Alejandro Perez [Tue, 9 May 2017 12:21:44 +0000 (14:21 +0200)]
Increase the amount of time a pool spends in the garbage list
Under specific circumstances (e.g high authentication load) a client might keep using an old pool since the socket did not expire. 60 seconds seems too low.
Increased to make sure we do not delete it while it is still being used.
Alejandro Perez [Tue, 9 May 2017 12:13:52 +0000 (14:13 +0200)]
Remove unnecessary check to update REALM
Existing code precluded a REALM from being updated if there were traffic within the last 5 minutes.
This is an error since when the TLS keys expire, the home server will reject client’s attempts to establish a connection, leading to up to 5 minutes of denied user authentications.
Alan Buxey [Tue, 9 May 2017 11:28:07 +0000 (12:28 +0100)]
Merge branch 'v3.0.x' into patch-3
Alan T. DeKok [Mon, 8 May 2017 20:41:25 +0000 (16:41 -0400)]
note recent changes
Alan T. DeKok [Mon, 8 May 2017 20:38:56 +0000 (16:38 -0400)]
disable internal OpenSSL cache
Alan T. DeKok [Mon, 8 May 2017 20:02:27 +0000 (16:02 -0400)]
8 and 9 have tags, too
Alan T. DeKok [Mon, 8 May 2017 20:00:01 +0000 (16:00 -0400)]
set S_IWUSER when creating the file, not later
Alan T. DeKok [Sun, 7 May 2017 16:56:57 +0000 (12:56 -0400)]
added one more attribute
Matthew Newton [Fri, 28 Apr 2017 11:17:08 +0000 (12:17 +0100)]
update detail reader documentation
Closes #1973
Alan Buxey [Thu, 27 Apr 2017 19:53:21 +0000 (20:53 +0100)]
fixed variable to use the "&" prefix
removal of yellow warning when running with this enabled
Alan T. DeKok [Fri, 21 Apr 2017 17:26:51 +0000 (13:26 -0400)]
Patch from Jeff Gehlbach
The problem is that "radiusObject" is defined with an OBJECT-IDENTITY
macro, but it needs to be done with OBJECT-TYPE (i.e. a leaf node) to be
eligible for use in the OBJECTS clause of a NOTIFICATION-TYPE macro.
I've gotten jsmiparser happy by making that change, declaring the
object's syntax to be SNMP-FRAMEWORK-MIB::SnmpAdminString and setting
its max-access to "accessible-for-notify". These changes are reflected
in the attached version of the MIB definition.
Arran Cudbard-Bell [Thu, 20 Apr 2017 21:44:25 +0000 (17:44 -0400)]
Merge pull request #1964 from alanbuxey/v3.0.x
stop rotation of the session database files
Alan Buxey [Thu, 20 Apr 2017 21:33:33 +0000 (22:33 +0100)]
stop rotation of the session database files
you really don't want to be rotating these under the server - they are
not normal log files but are stateful session files (used by various
utilities). these were removed from the logrotate some time ago but
appear to have crept back in.
Alan T. DeKok [Wed, 19 Apr 2017 18:42:34 +0000 (14:42 -0400)]
terminate && check VP
Alan T. DeKok [Wed, 19 Apr 2017 13:20:11 +0000 (09:20 -0400)]
account for trailing zero. Closes #1960
Alan T. DeKok [Tue, 18 Apr 2017 15:31:10 +0000 (11:31 -0400)]
Revert "these messages don't need to go to the main radiusd.log"
This reverts commit
1f1a02baae35080b4037af88c709ef6c0ccdd2d7.
Alan T. DeKok [Tue, 18 Apr 2017 13:42:53 +0000 (09:42 -0400)]
note recent changes
Alan T. DeKok [Tue, 18 Apr 2017 13:33:50 +0000 (09:33 -0400)]
these messages don't need to go to the main radiusd.log
Alan DeKok [Thu, 13 Apr 2017 16:33:44 +0000 (12:33 -0400)]
Merge pull request #1961 from alanbuxey/patch-8
corrected some types and grammar in comments
Alan Buxey [Thu, 13 Apr 2017 14:11:53 +0000 (15:11 +0100)]
corrected some types and grammar in comments
Alan T. DeKok [Fri, 7 Apr 2017 01:18:27 +0000 (21:18 -0400)]
Don't crash on unexpected regex. Closes #1959
Alan T. DeKok [Fri, 31 Mar 2017 13:56:35 +0000 (09:56 -0400)]
check for request->packet. Closes #1935
Alan T. DeKok [Fri, 31 Mar 2017 13:37:04 +0000 (09:37 -0400)]
Fix typo. Closes #1955
Alan T. DeKok [Fri, 31 Mar 2017 01:08:53 +0000 (21:08 -0400)]
note recent changes
Alan T. DeKok [Fri, 31 Mar 2017 01:07:07 +0000 (21:07 -0400)]
these attributes are byte, not integer. Closes #1954
Alan T. DeKok [Wed, 29 Mar 2017 15:30:48 +0000 (11:30 -0400)]
start of peapv1
Alan DeKok [Wed, 29 Mar 2017 14:56:20 +0000 (10:56 -0400)]
Merge pull request #1952 from spbnick/rlm_ldap_segfault_fix
Handle connection error in rlm_ldap_cacheable_groupobj
Alan T. DeKok [Wed, 29 Mar 2017 14:54:07 +0000 (10:54 -0400)]
Allow utc. Patch from Peter Lambrechtsen
Nikolai Kondrashov [Wed, 29 Mar 2017 07:43:14 +0000 (10:43 +0300)]
Handle connection error in rlm_ldap_cacheable_groupobj
Closes #1951
Alan T. DeKok [Tue, 28 Mar 2017 19:43:38 +0000 (15:43 -0400)]
cf_log_err(), not fr_strerror_printf()
Alan T. DeKok [Tue, 28 Mar 2017 15:15:44 +0000 (11:15 -0400)]
map_cast_from_hex() does not produce error messages
Alan T. DeKok [Mon, 27 Mar 2017 19:49:34 +0000 (15:49 -0400)]
note recent changes
Alan T. DeKok [Mon, 27 Mar 2017 19:48:49 +0000 (15:48 -0400)]
re-add SSL wrappers for freeing VPs and Certs.
because OpenSSL caches things at it's own pleasure...
Alan T. DeKok [Mon, 27 Mar 2017 18:07:32 +0000 (14:07 -0400)]
more cisco VPN attributes
Florian Bauhaus [Mon, 27 Mar 2017 07:47:13 +0000 (09:47 +0200)]
Add Attribute 3076/85 (CVPN3000-Tunnel-Group-Lock)
http://www.cisco.com/c/en/us/support/docs/security/ios-easy-vpn/117634-configure-asa-00.html
Alan T. DeKok [Mon, 20 Mar 2017 15:58:33 +0000 (11:58 -0400)]
note recent changes
Alan T. DeKok [Mon, 20 Mar 2017 15:24:11 +0000 (11:24 -0400)]
Search from the beginning for altname. Closes #1946
Alan T. DeKok [Fri, 17 Mar 2017 14:14:21 +0000 (10:14 -0400)]
Allow no cert when psk is configured
Alan T. DeKok [Thu, 16 Mar 2017 14:25:47 +0000 (10:25 -0400)]
remove outdated link
Alan T. DeKok [Tue, 14 Mar 2017 23:44:43 +0000 (19:44 -0400)]
Ensure that error is always initialized
Alan T. DeKok [Tue, 14 Mar 2017 23:41:13 +0000 (19:41 -0400)]
Remove always-false condition from cf_item_parse
Alan T. DeKok [Tue, 14 Mar 2017 23:40:20 +0000 (19:40 -0400)]
Remove always-false condition in rlm_eap_fast
Alan T. DeKok [Tue, 14 Mar 2017 23:35:53 +0000 (19:35 -0400)]
return RLM_MODULE_FAIL for default switch statement
Alan T. DeKok [Tue, 14 Mar 2017 23:30:02 +0000 (19:30 -0400)]
close open FDs on error, and use error path in more situations
Alan T. DeKok [Tue, 14 Mar 2017 23:27:02 +0000 (19:27 -0400)]
remove unused variable
Alan DeKok [Tue, 14 Mar 2017 23:14:11 +0000 (19:14 -0400)]
Merge pull request #1941 from spbnick/openssl_1_1_cert_perms_fix
Relax OpenSSL permissions for default key files
Nikolai Kondrashov [Tue, 14 Mar 2017 12:55:57 +0000 (14:55 +0200)]
Relax OpenSSL permissions for default key files
Recent versions of OpenSSL appear to create keys with owner-only
permissions. Allow owning group to read the created default key files
in raddb/certs, so that they stay the same as with older OpenSSL, and
that the server can read its key.
Alan T. DeKok [Sat, 11 Mar 2017 15:50:05 +0000 (10:50 -0500)]
port ranges haven't been supported for years
Alan T. DeKok [Fri, 10 Mar 2017 14:14:45 +0000 (09:14 -0500)]
request->packet cannot be NULL. Helps with #1935
Alan T. DeKok [Fri, 10 Mar 2017 14:13:34 +0000 (09:13 -0500)]
Allo session resumption for RadSec connectins. Closes #1936
Alan T. DeKok [Fri, 10 Mar 2017 14:11:03 +0000 (09:11 -0500)]
Coverity. Closes #1937