Alan DeKok [Tue, 15 Dec 2015 17:26:35 +0000 (12:26 -0500)]
Merge pull request #1455 from qnet-herwin/virtual_server_peap
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Tue, 15 Dec 2015 17:23:57 +0000 (12:23 -0500)]
remove duplicate triggers
This is now handled in the connection pool
Herwin Weststrate [Tue, 15 Dec 2015 17:14:08 +0000 (18:14 +0100)]
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Mon, 14 Dec 2015 20:49:52 +0000 (15:49 -0500)]
Require "virtual_server" for TTLS and PEAP
Alexis La Goutte [Tue, 15 Dec 2015 15:18:09 +0000 (16:18 +0100)]
dictionnary: fix typo on URL
Missing rfc on url...
Arran Cudbard-Bell [Tue, 15 Dec 2015 03:53:45 +0000 (22:53 -0500)]
Fix SNMP notifications import
Alan T. DeKok [Mon, 14 Dec 2015 15:34:10 +0000 (10:34 -0500)]
check undefined attributes
Arran Cudbard-Bell [Fri, 11 Dec 2015 16:32:41 +0000 (11:32 -0500)]
Pass correct struct to field counting functions
Alan T. DeKok [Fri, 11 Dec 2015 14:56:24 +0000 (09:56 -0500)]
notes for AD security
Alan T. DeKok [Fri, 11 Dec 2015 14:13:37 +0000 (09:13 -0500)]
disable tls 1.2 for OpenSSL 1.0.1f and 1.0.1g
Alan T. DeKok [Fri, 11 Dec 2015 13:45:14 +0000 (08:45 -0500)]
remove removed feature
Arran Cudbard-Bell [Fri, 11 Dec 2015 13:15:48 +0000 (08:15 -0500)]
Merge pull request #1447 from qnet-herwin/wbclient_drop_option_allow_mschapv2
Removed option winbind_allow_mschapv2 in rlm_mschap
Herwin Weststrate [Fri, 11 Dec 2015 09:05:32 +0000 (10:05 +0100)]
Removed option winbind_allow_mschapv2 in rlm_mschap
See the discussion at https://github.com/FreeRADIUS/freeradius-server/commit/
37f2f6d8e09bdebdf3031e419c00a0d3193b074a for more information
Alan T. DeKok [Thu, 10 Dec 2015 20:28:45 +0000 (15:28 -0500)]
Copy TLS cert VPs to request, even on fail.
This lets you log *why* it failed, and for who
Arran Cudbard-Bell [Thu, 10 Dec 2015 16:13:19 +0000 (11:13 -0500)]
Missing semicolon
Alan T. DeKok [Thu, 10 Dec 2015 15:39:53 +0000 (10:39 -0500)]
add a comma
Alan T. DeKok [Thu, 10 Dec 2015 15:11:21 +0000 (10:11 -0500)]
remove 3.1 syntax
Alan T. DeKok [Thu, 10 Dec 2015 14:20:00 +0000 (09:20 -0500)]
note recent changes
Alan T. DeKok [Thu, 10 Dec 2015 14:16:41 +0000 (09:16 -0500)]
Added TLS-OCSP-Cert-Valid to 3.0
Set by the TLS code. Not checked for anything.
Alan DeKok [Thu, 10 Dec 2015 14:08:53 +0000 (09:08 -0500)]
Merge pull request #1443 from qnet-herwin/WBC_MSV1_0_ALLOW_MSVCHAPV2
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
Alan DeKok [Thu, 10 Dec 2015 14:08:35 +0000 (09:08 -0500)]
Merge pull request #1444 from qnet-herwin/debian_heimdal-dev
Added heimdal-dev as alternative for libkrb5-dev
Alan T. DeKok [Thu, 10 Dec 2015 14:01:37 +0000 (09:01 -0500)]
building the initial certs requires make. Fixes #1442
Herwin Weststrate [Thu, 10 Dec 2015 11:53:37 +0000 (12:53 +0100)]
Added heimdal-dev as alternative for libkrb5-dev
The package builds fine without it. It does not have the functionality of krb5_get_error_message, but the freeradius code is already able to work around that limitation (using HAVE_KRB5_GET_ERROR_MESSAGE).
The main reason for this change is that the packages libkrb5-dev and heimdal-dev cannot both be installed on a machine, and Samba has a requirement on the heimdal-dev package. With this patch, my machine can happily compile Samba and FreeRADIUS.
Herwin Weststrate [Tue, 8 Dec 2015 11:29:42 +0000 (12:29 +0100)]
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
The functionality is the same as https://github.com/samba-team/samba/pull/45: allow authentication via winbind when the AD has a higher security level.
Alan T. DeKok [Wed, 9 Dec 2015 16:10:25 +0000 (11:10 -0500)]
More warnings for broken software
Alan T. DeKok [Tue, 8 Dec 2015 16:20:04 +0000 (11:20 -0500)]
Document disable tls 1.2 because of OpenSSL breakage
Alan T. DeKok [Tue, 8 Dec 2015 16:19:55 +0000 (11:19 -0500)]
note recent changes
Alan T. DeKok [Tue, 8 Dec 2015 14:30:35 +0000 (09:30 -0500)]
typo
Alan T. DeKok [Mon, 7 Dec 2015 19:14:15 +0000 (14:14 -0500)]
port enum changes from head, which clarify the code
Alan T. DeKok [Mon, 7 Dec 2015 19:01:36 +0000 (14:01 -0500)]
run verify only on skipped
Arran Cudbard-Bell [Mon, 7 Dec 2015 19:13:03 +0000 (14:13 -0500)]
Merge pull request #1429 from pwdng/freebsd_fix
Some error codes aren't defined on FreeBSD
Philippe Wooding [Fri, 4 Dec 2015 23:38:51 +0000 (00:38 +0100)]
Some error codes aren't defined on FreeBSD
Alan T. DeKok [Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)]
clean up SSL errors on OCSP soft fail
Alan T. DeKok [Mon, 7 Dec 2015 16:43:11 +0000 (11:43 -0500)]
verify_callback should return 0 or 1
Alan T. DeKok [Mon, 7 Dec 2015 16:38:18 +0000 (11:38 -0500)]
Added "skip verify if OCSP succeeds". Fixes #1426
Alan T. DeKok [Sat, 5 Dec 2015 17:30:20 +0000 (12:30 -0500)]
note recent changes
Alan T. DeKok [Sat, 5 Dec 2015 17:27:38 +0000 (12:27 -0500)]
WARN if we find duplicate configuration items.
Because some people think randomly adding things is a good idea.
Alan T. DeKok [Fri, 4 Dec 2015 13:29:15 +0000 (08:29 -0500)]
formatting
Alan T. DeKok [Fri, 4 Dec 2015 13:29:04 +0000 (08:29 -0500)]
Check buffer as we copy data into it
Arran Cudbard-Bell [Thu, 3 Dec 2015 19:19:03 +0000 (14:19 -0500)]
Fix includes in installed headers
Arran Cudbard-Bell [Thu, 3 Dec 2015 15:58:44 +0000 (10:58 -0500)]
Invalid assert
Alan T. DeKok [Thu, 3 Dec 2015 13:56:00 +0000 (08:56 -0500)]
sqlhpwippool is unstable
Alan T. DeKok [Wed, 2 Dec 2015 18:51:39 +0000 (13:51 -0500)]
Revert "Commit mk files for sql modules"
This reverts commit
2b77b7e830222d0192f42efe66cae38f061aa34c.
Arran Cudbard-Bell [Mon, 30 Nov 2015 03:12:44 +0000 (22:12 -0500)]
Some compilation fixes for trusty tapier
Alan T. DeKok [Wed, 2 Dec 2015 18:21:17 +0000 (13:21 -0500)]
Dynamically check Auth-Type values
Alan T. DeKok [Wed, 2 Dec 2015 15:46:05 +0000 (10:46 -0500)]
Remove most Auth-Type values.
Accept / Reject are needed by the server core.
MS-CHAP and EAP are needed by EAP.
Everything else should be auto-created at run time.
If someone sets "Auth-Type foo" without an authentication type
"foo" defined, the server should refuse to start.
Alan T. DeKok [Mon, 30 Nov 2015 20:01:23 +0000 (15:01 -0500)]
cast for %u
Alan T. DeKok [Mon, 30 Nov 2015 19:57:45 +0000 (14:57 -0500)]
Simplify logic for getpeereid()
for systems which don't have that, but do have SO_PEERCRED
Alan T. DeKok [Mon, 30 Nov 2015 19:40:57 +0000 (14:40 -0500)]
Simplify setting of RADIUSD_VERSION
because "awk" on Solaris is broken
Alan T. DeKok [Mon, 30 Nov 2015 19:40:02 +0000 (14:40 -0500)]
Better sun fixes
Alan T. DeKok [Mon, 30 Nov 2015 19:21:30 +0000 (14:21 -0500)]
Fixes for GCC on Solaris
Because I like pain.
Alan T. DeKok [Mon, 30 Nov 2015 16:36:27 +0000 (11:36 -0500)]
test for %{string:...}
Alan T. DeKok [Mon, 30 Nov 2015 16:18:47 +0000 (11:18 -0500)]
typo
Alan T. DeKok [Mon, 30 Nov 2015 16:01:24 +0000 (11:01 -0500)]
Notes on embedded zeros in passwords
Arran Cudbard-Bell [Mon, 30 Nov 2015 01:51:49 +0000 (20:51 -0500)]
Fix RADIUS-STAT-MIB so it compiles
Alan T. DeKok [Fri, 27 Nov 2015 15:12:04 +0000 (10:12 -0500)]
Use fr_pair_value_bstrncpy() where appropriate
Arran Cudbard-Bell [Fri, 27 Nov 2015 12:52:54 +0000 (07:52 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Thu, 26 Nov 2015 19:20:21 +0000 (14:20 -0500)]
Merge pull request #1405 from jpereira/fix/copy-scripts-collected
Bring branch://master/scripts/collected to here
Jorge Pereira [Thu, 26 Nov 2015 19:18:53 +0000 (17:18 -0200)]
Bring branch://master/scripts/collected to here
Arran Cudbard-Bell [Thu, 26 Nov 2015 19:01:20 +0000 (14:01 -0500)]
Merge pull request #1404 from jpereira/v3.0.x
Bring branch://master/scripts/munin/radsniff to here
Jorge Pereira [Thu, 26 Nov 2015 18:59:09 +0000 (16:59 -0200)]
Bring branch://master/scripts/munin/radsniff to here
Arran Cudbard-Bell [Thu, 26 Nov 2015 18:53:48 +0000 (13:53 -0500)]
Merge pull request #1402 from jpereira/fix/bug-with-stats
Bugfix - Used a wrong list to global statistics in 'stats'
Jorge Pereira [Thu, 26 Nov 2015 18:43:25 +0000 (16:43 -0200)]
Bugfix - Used a wrong list to global statistics in 'stats'
Alan T. DeKok [Thu, 26 Nov 2015 16:02:37 +0000 (11:02 -0500)]
typo
Alan DeKok [Thu, 26 Nov 2015 14:11:37 +0000 (09:11 -0500)]
Merge pull request #1401 from mcnewton/v30soh
SoH isn't very useful without attributes
Matthew Newton [Thu, 26 Nov 2015 11:24:44 +0000 (11:24 +0000)]
SoH isn't very useful without attributes
Broken in
c11e3d8454 by no longer setting fake->packet->vps.
eapsoh_verify has no need to see the original request as long
as it's got access to the data to parse, so just pass in the
fake request and get the attributes created there directly.
Alan T. DeKok [Wed, 25 Nov 2015 21:05:42 +0000 (16:05 -0500)]
Remove extraneous message
Alan T. DeKok [Wed, 25 Nov 2015 21:02:01 +0000 (16:02 -0500)]
Set src/dst ip/port for TCP connections
Arran Cudbard-Bell [Wed, 25 Nov 2015 18:05:08 +0000 (13:05 -0500)]
Merge pull request #1399 from jpereira/fix/syserror1
better call fr_syserror() when in POSIX contexts
Jorge Pereira [Wed, 25 Nov 2015 17:50:22 +0000 (15:50 -0200)]
better call fr_syserror() when in POSIX contexts
Alan T. DeKok [Wed, 25 Nov 2015 16:57:20 +0000 (11:57 -0500)]
note recent changes
Alan T. DeKok [Wed, 25 Nov 2015 16:46:52 +0000 (11:46 -0500)]
Complain if error isn't ENOENT. Fixes #1398
Alan T. DeKok [Wed, 25 Nov 2015 16:12:03 +0000 (11:12 -0500)]
Don't use full prefix
Alan DeKok [Tue, 24 Nov 2015 21:05:15 +0000 (16:05 -0500)]
Merge pull request #1394 from jpereira/fix/ramin1
Fixing problem with radmin> stats detail <filename>
Alan T. DeKok [Tue, 24 Nov 2015 18:01:52 +0000 (13:01 -0500)]
If OCSP checks fail, don't run verify command
because the client will be rejected, so we don't want to run
extra resources
Jorge Pereira [Tue, 24 Nov 2015 03:14:51 +0000 (01:14 -0200)]
Fixing problem with radmin> stats detail <filename>
Arran Cudbard-Bell [Fri, 20 Nov 2015 17:05:49 +0000 (12:05 -0500)]
Fix buffer overflow in soh.c
Arran Cudbard-Bell [Fri, 20 Nov 2015 13:34:05 +0000 (08:34 -0500)]
No cases where this is helpful
Alan T. DeKok [Wed, 18 Nov 2015 17:48:42 +0000 (12:48 -0500)]
use correct number...
Alan T. DeKok [Wed, 18 Nov 2015 16:48:34 +0000 (11:48 -0500)]
Check name, not number
Arran Cudbard-Bell [Wed, 18 Nov 2015 16:32:23 +0000 (11:32 -0500)]
Various fixes for LEAP proxying
Alan T. DeKok [Wed, 18 Nov 2015 16:14:02 +0000 (11:14 -0500)]
"localhost" is a valid host name
Alan T. DeKok [Tue, 17 Nov 2015 19:53:18 +0000 (14:53 -0500)]
Turns out GNU people are retarded.
If "install-sh" is asked to do an installation, it helpfully
creates the destination directory for you. Then, if the install
target is a directory, it tries to create the directory. Which
was just created. And then it fails with an error.
Alan DeKok [Tue, 17 Nov 2015 19:04:57 +0000 (14:04 -0500)]
Merge pull request #1387 from jpereira/minor/warnings1
Fix warnings with $raddb/mods-available/cache
Arran Cudbard-Bell [Tue, 17 Nov 2015 14:47:46 +0000 (09:47 -0500)]
Remove duplicates
Arran Cudbard-Bell [Tue, 17 Nov 2015 14:45:30 +0000 (09:45 -0500)]
Merge pull request #1392 from mcnewton/conffix
fixup configure script
Matthew Newton [Tue, 17 Nov 2015 14:37:31 +0000 (14:37 +0000)]
fixup configure script
Pascal Penners [Mon, 16 Nov 2015 14:16:13 +0000 (15:16 +0100)]
added more Lancom VSAs
Arran Cudbard-Bell [Mon, 16 Nov 2015 21:25:11 +0000 (16:25 -0500)]
Minor fix
Arran Cudbard-Bell [Mon, 16 Nov 2015 20:57:57 +0000 (15:57 -0500)]
fclose destroys file descriptor Closes #1390
Arran Cudbard-Bell [Mon, 16 Nov 2015 20:05:36 +0000 (15:05 -0500)]
Merge pull request #1389 from jpereira/fix/vdprintf1
Fixing the missing vdprintf()
Jorge Pereira [Mon, 16 Nov 2015 20:03:22 +0000 (18:03 -0200)]
Fixing the missing vdprintf()
Arran Cudbard-Bell [Mon, 16 Nov 2015 19:44:41 +0000 (14:44 -0500)]
Provide fdprintf if it's missing Closes #1366
Jorge Pereira [Fri, 13 Nov 2015 16:44:50 +0000 (14:44 -0200)]
Fix warnings with $raddb/mods-available/cache
Pascal Penners [Fri, 13 Nov 2015 14:44:42 +0000 (15:44 +0100)]
added IKEv2 Attributes to Lancom dictionary
Alan T. DeKok [Fri, 13 Nov 2015 13:27:23 +0000 (08:27 -0500)]
Notes on location-info
Alan T. DeKok [Wed, 11 Nov 2015 15:43:17 +0000 (10:43 -0500)]
Remove duplicate definition
Arran Cudbard-Bell [Fri, 13 Nov 2015 12:50:23 +0000 (07:50 -0500)]
Fix oracle login error message
Arran Cudbard-Bell [Tue, 10 Nov 2015 22:33:10 +0000 (17:33 -0500)]
Merge pull request #1382 from jpereira/fix/minor-pre-proxy1
Fix minor about NAS-Ip-Address. correct is NAS-IP-Address
Jorge Pereira [Tue, 10 Nov 2015 22:01:52 +0000 (20:01 -0200)]
Fix minor about NAS-Ip-Address. correct is NAS-IP-Address