Alan T. DeKok [Tue, 15 Sep 2015 13:09:37 +0000 (09:09 -0400)]
Lower the default pool size
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:32:52 +0000 (21:32 +0100)]
Include rlm_cache_memcached in spec file
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:29:50 +0000 (21:29 +0100)]
Merge pull request #1235 from FreeRADIUS/revert-1204-patch-1
Revert "Fix libs" - Only memcached will actually be built
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:29:20 +0000 (21:29 +0100)]
Revert "Fix libs"
Arran Cudbard-Bell [Mon, 14 Sep 2015 17:27:36 +0000 (18:27 +0100)]
This was never backported
Arran Cudbard-Bell [Mon, 14 Sep 2015 17:20:03 +0000 (18:20 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:22:56 +0000 (17:22 +0100)]
No ocsp_ok label either
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:21:21 +0000 (17:21 +0100)]
No skipped label in v3.0.x
Alan T. DeKok [Mon, 14 Sep 2015 16:02:37 +0000 (12:02 -0400)]
Try to open client socket in fr_server_domain_socket_perm()
Just like in fr_server_domain_socket_peercred()
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:18:02 +0000 (17:18 +0100)]
Should skip the OCSP check
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:13:41 +0000 (17:13 +0100)]
Typo
Alan T. DeKok [Mon, 14 Sep 2015 15:48:10 +0000 (11:48 -0400)]
Don't unlink socket if we can't open it
Alan T. DeKok [Mon, 14 Sep 2015 14:48:08 +0000 (10:48 -0400)]
Truncate to actual length, not by trailing zeros
Arran Cudbard-Bell [Sun, 13 Sep 2015 17:43:23 +0000 (18:43 +0100)]
If there's no OCSP URLs in the certificates, and we have a configured OCSP URL, we should fall back to that URL
Alan T. DeKok [Mon, 14 Sep 2015 12:51:09 +0000 (08:51 -0400)]
For encrypted attributes, set explicit length if given
for MS-CHAP-MPPE-Keys
Alan T. DeKok [Mon, 14 Sep 2015 12:50:00 +0000 (08:50 -0400)]
Set explicit length for MS-CHAP-MPPE-Key
Because it's encrypted with the same method as User-Password,
BUT it contains binary data. So it may have embedded zeros.
Which means the decoder needs to make it a fixed length,
instead of looking for zeros
Alan T. DeKok [Mon, 14 Sep 2015 12:47:56 +0000 (08:47 -0400)]
Enforce more restraints, and allow "octets[24] encrypt=1"
dict_addattr() can be called from places other than process_attribute()
so we move some of the checks to process_attribute()
This lets us do more checks on the "length" flag.
And to allow "octets[24] encrypt=1" for MS-CHAP-MPPE-Key.
Alan T. DeKok [Mon, 14 Sep 2015 12:21:40 +0000 (08:21 -0400)]
The MS-CHAP-MPPE-Keys attribute has 24 octets of data, not 32
This makes no difference to anyone, as the receiver will always
truncate it at 24 octets, and ignore the trailing zeros
Alan T. DeKok [Sun, 13 Sep 2015 14:30:32 +0000 (10:30 -0400)]
update explanation of what we're doing
Alan T. DeKok [Sun, 13 Sep 2015 14:30:11 +0000 (10:30 -0400)]
More debugging around session-state
Arran Cudbard-Bell [Sat, 12 Sep 2015 19:07:45 +0000 (20:07 +0100)]
Update ChangeLog
Alan T. DeKok [Sat, 12 Sep 2015 01:58:42 +0000 (21:58 -0400)]
note recent changes
Arran Cudbard-Bell [Fri, 11 Sep 2015 22:11:05 +0000 (23:11 +0100)]
Merge pull request #1231 from mcnewton/v3.0.x
small documentation fix/cleanups [ci skip]
Matthew Newton [Fri, 11 Sep 2015 22:07:27 +0000 (23:07 +0100)]
small documentation fix/cleanups
Arran Cudbard-Bell [Fri, 11 Sep 2015 17:04:31 +0000 (18:04 +0100)]
No need for if
Confusing because the rest of the frees don't use a condition
Alan T. DeKok [Fri, 11 Sep 2015 16:52:32 +0000 (12:52 -0400)]
Doxygen
Arran Cudbard-Bell [Fri, 11 Sep 2015 16:18:58 +0000 (17:18 +0100)]
Don't leak client_fd on error
Arran Cudbard-Bell [Fri, 11 Sep 2015 16:17:30 +0000 (17:17 +0100)]
Formatting
Alan T. DeKok [Fri, 11 Sep 2015 16:16:53 +0000 (12:16 -0400)]
Use fr_pair_list_mcopy... instead of fr_pair_list_move...
Alan T. DeKok [Fri, 11 Sep 2015 16:10:35 +0000 (12:10 -0400)]
Add fr_pair_list_mcopy_by_num()
Which is like fr_pair_list_move(), but does copy / delete
instead of talloc_steal.
The problem is that talloc_steal() keeps the original parent
context around for the lifetime of the VP being stolen. Which is
bad when the VP comes from a REQUEST, and is put into another
context, which lives for multiple seconds.
Alan T. DeKok [Fri, 11 Sep 2015 16:09:39 +0000 (12:09 -0400)]
Revert "Copy VPs instead of talloc_stealing them"
This reverts commit
a529c2d9bdef0f635fa10b2ab7e05527f95551b2.
There's a better fix
Alan T. DeKok [Fri, 11 Sep 2015 15:56:46 +0000 (11:56 -0400)]
Copy VPs instead of talloc_stealing them
Alan T. DeKok [Fri, 11 Sep 2015 14:33:17 +0000 (10:33 -0400)]
Check if the socket is in use before unlinking it
Arran Cudbard-Bell [Fri, 11 Sep 2015 14:13:03 +0000 (15:13 +0100)]
Add __packed__ to structs which cast over packet buffers
Alan T. DeKok [Fri, 11 Sep 2015 13:39:29 +0000 (09:39 -0400)]
note recent changes
Alan T. DeKok [Fri, 11 Sep 2015 13:18:33 +0000 (09:18 -0400)]
Syntax errors are errors, not assertions
Arran Cudbard-Bell [Fri, 11 Sep 2015 12:58:26 +0000 (13:58 +0100)]
Should be AF_UNSPEC, because we don't *know* what type of client IP we'll be parsing
Length should be -1.
Herwin Weststrate [Fri, 11 Sep 2015 06:06:10 +0000 (08:06 +0200)]
Remove second entry of Error-Cause in Access-Reject filter
This is effectively a revert of commit
caaca8da2eede537270a711742cc99f0ba854eb1.
Arran Cudbard-Bell [Fri, 11 Sep 2015 12:10:12 +0000 (13:10 +0100)]
Add support for "old" style clients back. This shouldn't be removed until v3.1.x.
Herwin Weststrate [Fri, 11 Sep 2015 07:28:39 +0000 (09:28 +0200)]
Prevent possible memleak in regex
There was a very small chance that preg was allocated but not freed. This is kind of a sequel to PR #1207.
Herwin Weststrate [Wed, 9 Sep 2015 13:12:20 +0000 (15:12 +0200)]
Optionally send rejects without a delay
Currently there is only one global option to set a delay to every Access-Reject packet: reject_delay. There are use cases where you want certain rejects to have no delay, while others should have a delay. An example might be using 802.1X on Cisco LAN Devices: If a client tries MAC authentication an Access-Reject can force it to switch to 802.1X, this is a reject you want to send without any delay. On the other hand, if the client tries 802.1X with a wrong password, you still want the reject to be delayed.
By setting a value to FreeRADIUS-Response-Delay(-USec) in reply, we overwrite the global delay. The maximum supported value is 10, larger values result in a delay of 10 seconds. A value of 0 removes the delay. Not having this attribute in control results in using the global delay. If both FreeRADIUS-Response-Delay and FreeRADIUS-Response-Delay-USec are set, the second one is ignored.
Herwin Weststrate [Thu, 10 Sep 2015 05:50:01 +0000 (07:50 +0200)]
Allow response_delay to be microseconds, too
This was already done with commit
1d1c50bb0c6f5f013b9680def4b7184ecb63f64b, but there was a second assertion that assumed the delay was at least 1 second.
Alan Buxey [Thu, 10 Sep 2015 19:26:28 +0000 (20:26 +0100)]
Update radiusd-example.txt
Alan Buxey [Thu, 10 Sep 2015 19:25:27 +0000 (20:25 +0100)]
Update xlat.c
Alan Buxey [Thu, 10 Sep 2015 19:24:30 +0000 (20:24 +0100)]
Update rlm_sqlippool
Alan Buxey [Thu, 10 Sep 2015 19:24:07 +0000 (20:24 +0100)]
Update vmpsd.conf.in
Alan Buxey [Thu, 10 Sep 2015 09:15:34 +0000 (10:15 +0100)]
Update expr
Arran Cudbard-Bell [Thu, 10 Sep 2015 08:46:15 +0000 (09:46 +0100)]
Check we're building with GLIBC before assuming the GNU version of strerror_r is present Closes #1222
Alan Buxey [Wed, 9 Sep 2015 19:42:01 +0000 (20:42 +0100)]
Update radiusd-example.txt
Alan Buxey [Wed, 9 Sep 2015 19:40:55 +0000 (20:40 +0100)]
Update xlat.c
Alan Buxey [Wed, 9 Sep 2015 19:39:46 +0000 (20:39 +0100)]
Update vmpsd.conf.in
Alan Buxey [Wed, 9 Sep 2015 19:37:42 +0000 (20:37 +0100)]
Update rlm_sqlippool
Alan T. DeKok [Wed, 9 Sep 2015 19:42:44 +0000 (15:42 -0400)]
compile warnings
Alan T. DeKok [Wed, 9 Sep 2015 19:16:28 +0000 (15:16 -0400)]
Don't allow %{rand} is we require %{rand:...}
Alan T. DeKok [Wed, 9 Sep 2015 17:40:31 +0000 (13:40 -0400)]
Count backslash - CHAR in node->len
Alan T. DeKok [Wed, 9 Sep 2015 17:26:55 +0000 (13:26 -0400)]
Typo
Arran Cudbard-Bell [Wed, 9 Sep 2015 16:20:46 +0000 (17:20 +0100)]
Merge pull request #1218 from mcnewton/v3.0.x
minor doc tweak from file move
Matthew Newton [Wed, 9 Sep 2015 16:17:12 +0000 (17:17 +0100)]
minor doc tweak from file move
Arran Cudbard-Bell [Wed, 9 Sep 2015 14:50:35 +0000 (15:50 +0100)]
Merge pull request #1217 from mcnewton/v3.0.x
add documentation for xlats in the expr module
Matthew Newton [Wed, 9 Sep 2015 14:47:30 +0000 (15:47 +0100)]
add documentation for xlats in the expr module
Alan T. DeKok [Wed, 9 Sep 2015 14:32:12 +0000 (10:32 -0400)]
Allow response delay in the response
Alan T. DeKok [Wed, 9 Sep 2015 14:16:20 +0000 (10:16 -0400)]
Allow response_delay to be microseconds, too
Alan T. DeKok [Wed, 9 Sep 2015 13:34:01 +0000 (09:34 -0400)]
ifdef out unused functions
Alan T. DeKok [Wed, 9 Sep 2015 13:21:55 +0000 (09:21 -0400)]
typo
Alan T. DeKok [Wed, 9 Sep 2015 13:18:50 +0000 (09:18 -0400)]
More fixes to use SSL_export_keying_material
Alan T. DeKok [Tue, 8 Sep 2015 17:45:32 +0000 (13:45 -0400)]
packet->proto is int, not unsigned int
Alan T. DeKok [Tue, 8 Sep 2015 17:30:03 +0000 (13:30 -0400)]
note recent changes
Alan T. DeKok [Tue, 8 Sep 2015 14:15:34 +0000 (10:15 -0400)]
Parse hex Ascend-Data-Filter correctly
Alan T. DeKok [Tue, 8 Sep 2015 14:13:58 +0000 (10:13 -0400)]
Use the input length for printing, not output length
Alan T. DeKok [Mon, 7 Sep 2015 00:44:24 +0000 (20:44 -0400)]
typos
Alan T. DeKok [Sun, 6 Sep 2015 18:52:52 +0000 (14:52 -0400)]
Debug TLVs when encoding, too
Arran Cudbard-Bell [Sat, 5 Sep 2015 21:36:22 +0000 (17:36 -0400)]
Remove old comment in rlm_example
Arran Cudbard-Bell [Sat, 5 Sep 2015 21:36:00 +0000 (17:36 -0400)]
Allow %} as an expansion for a literal } Closes #1209
Arran Cudbard-Bell [Sat, 5 Sep 2015 21:35:33 +0000 (17:35 -0400)]
Formatting
Arran Cudbard-Bell [Thu, 3 Sep 2015 23:38:38 +0000 (19:38 -0400)]
Add fake module_instantiate_method in map_unit.c
Alan T. DeKok [Fri, 4 Sep 2015 18:22:02 +0000 (14:22 -0400)]
Actually set method
Alan T. DeKok [Fri, 4 Sep 2015 15:25:28 +0000 (11:25 -0400)]
Allow virtual modules to have method over-rides, too
Alan T. DeKok [Fri, 4 Sep 2015 14:34:43 +0000 (10:34 -0400)]
Use correct name for module
Alan T. DeKok [Fri, 4 Sep 2015 14:20:50 +0000 (10:20 -0400)]
Make sure wbclient.h is included when needed. Fixes #1208
Alan T. DeKok [Fri, 4 Sep 2015 13:58:45 +0000 (09:58 -0400)]
Generate fewer complaints on trying "foo.authorize"
Alan T. DeKok [Thu, 3 Sep 2015 23:22:30 +0000 (19:22 -0400)]
Typo
Alan T. DeKok [Thu, 3 Sep 2015 22:39:38 +0000 (18:39 -0400)]
Add module_instantiate_method()
which allows the caller to instantiate "module.method"
Alan T. DeKok [Thu, 3 Sep 2015 19:13:09 +0000 (15:13 -0400)]
Notes about lease queries
Arran Cudbard-Bell [Thu, 3 Sep 2015 12:41:51 +0000 (08:41 -0400)]
Free expr of regex exec error Closes #1207
Alan T. DeKok [Wed, 2 Sep 2015 20:46:08 +0000 (16:46 -0400)]
Port fixes from v3.1.x
Alan T. DeKok [Wed, 2 Sep 2015 19:43:45 +0000 (15:43 -0400)]
note recent changes
Alan T. DeKok [Wed, 2 Sep 2015 19:41:48 +0000 (15:41 -0400)]
On HUP, reload a module which has changed
Alan T. DeKok [Wed, 2 Sep 2015 17:34:22 +0000 (13:34 -0400)]
Don't us be HUP'd repeatedly.
It should only be HUP'd every few seconds
Alan T. DeKok [Wed, 2 Sep 2015 17:31:02 +0000 (13:31 -0400)]
Make the "file changed" flag into a bitfield
Arran Cudbard-Bell [Wed, 2 Sep 2015 13:56:48 +0000 (09:56 -0400)]
Move xlat_listen
Alan T. DeKok [Wed, 2 Sep 2015 13:41:21 +0000 (09:41 -0400)]
Set default DHCP port if user has "port = 0"
Arran Cudbard-Bell [Wed, 2 Sep 2015 13:15:47 +0000 (09:15 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 2 Sep 2015 13:11:21 +0000 (09:11 -0400)]
Register the listen xlat in mainconfig not listen_init
By the time listen_init is called, it's too late (guessing that's why client and getclient were moved there too).
Alan T. DeKok [Wed, 2 Sep 2015 13:05:12 +0000 (09:05 -0400)]
Note recent changes
Alan T. DeKok [Wed, 2 Sep 2015 12:53:36 +0000 (08:53 -0400)]
Always delete MS-MPPE-* from the reply. Fixes #1206
Alan T. DeKok [Wed, 2 Sep 2015 12:49:44 +0000 (08:49 -0400)]
Use correct variable for check. Fixes #1205
Alan T. DeKok [Wed, 2 Sep 2015 12:26:52 +0000 (08:26 -0400)]
RHS of pairs can only be strings or bare words
Not comments, EOL, etc.
Alan T. DeKok [Tue, 1 Sep 2015 22:37:28 +0000 (18:37 -0400)]
note recent changes
Alan T. DeKok [Tue, 1 Sep 2015 22:36:56 +0000 (18:36 -0400)]
Fix for CID #1321695
Arran Cudbard-Bell [Tue, 1 Sep 2015 14:48:37 +0000 (10:48 -0400)]
Merge pull request #1204 from peruchi/patch-1
Fix libs