Matthew Newton [Tue, 31 Mar 2015 21:45:33 +0000 (22:45 +0100)]
Tidy documentation formatting/whitespace
Alan T. DeKok [Tue, 31 Mar 2015 20:59:03 +0000 (16:59 -0400)]
note recent changes
Alan T. DeKok [Tue, 31 Mar 2015 20:57:49 +0000 (16:57 -0400)]
Warn on use of expanded EAP types
Alan T. DeKok [Tue, 31 Mar 2015 20:45:46 +0000 (16:45 -0400)]
Convert expanded EAP to normal EAP
Alan T. DeKok [Tue, 31 Mar 2015 19:58:29 +0000 (15:58 -0400)]
First stab at supporting Expanded Type EAP packets
Only for vendor 0 (IETF). And only for known EAP types.
Untested, so it's ifdef'd out. Once it's tested, we can enable
it.
Alan T. DeKok [Tue, 31 Mar 2015 19:16:33 +0000 (15:16 -0400)]
Only call tr_init if trust router is configured
And only call "get realm" on the same conditions
Alan T. DeKok [Tue, 31 Mar 2015 17:39:20 +0000 (13:39 -0400)]
Fail safely if there's no trust router
Alan T. DeKok [Tue, 31 Mar 2015 16:35:20 +0000 (12:35 -0400)]
Be a bit more careful about locking files
We try to lock it non-blocking. If fail, close the file,
re-open it, and try to lock it again.
This lets us catch the corner case of the reader re-naming the
file after we opened it, locking it, and trying again.
Alan T. DeKok [Tue, 31 Mar 2015 15:50:55 +0000 (11:50 -0400)]
Unlock file while waiting for the DB
Otherwise the server might block forever waiting for our lock
to be released
Alan T. DeKok [Tue, 31 Mar 2015 15:36:28 +0000 (11:36 -0400)]
Remove unnecessary comment
Arran Cudbard-Bell [Tue, 31 Mar 2015 16:24:51 +0000 (12:24 -0400)]
Add version strings for TLS 1.1, 1.2 and 1.3
Arran Cudbard-Bell [Tue, 31 Mar 2015 16:14:59 +0000 (12:14 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 31 Mar 2015 15:25:29 +0000 (11:25 -0400)]
Re-enable TLS 1.2 by default
Arran Cudbard-Bell [Tue, 31 Mar 2015 14:50:06 +0000 (10:50 -0400)]
Typos
Arran Cudbard-Bell [Tue, 31 Mar 2015 14:38:51 +0000 (10:38 -0400)]
Use SSL_export_keying_material if available. This generates keys using the correct PRF with TLS 1.2
Alan T. DeKok [Tue, 31 Mar 2015 13:59:22 +0000 (09:59 -0400)]
note recent changes
Alan T. DeKok [Tue, 31 Mar 2015 13:57:41 +0000 (09:57 -0400)]
Allow disabling of tlsv1
Alan T. DeKok [Tue, 31 Mar 2015 13:14:55 +0000 (09:14 -0400)]
Stop on no next entry
Alan T. DeKok [Tue, 31 Mar 2015 13:14:41 +0000 (09:14 -0400)]
Fix compilation errors
Alan T. DeKok [Tue, 31 Mar 2015 02:46:24 +0000 (22:46 -0400)]
Update for 3.0.8
Alan T. DeKok [Tue, 31 Mar 2015 02:46:12 +0000 (22:46 -0400)]
Comments
Alan T. DeKok [Mon, 30 Mar 2015 17:59:53 +0000 (13:59 -0400)]
Don't use 2 names for the same thing
Arran Cudbard-Bell [Tue, 31 Mar 2015 00:25:11 +0000 (20:25 -0400)]
Merge pull request #931 from nchaigne/3.0.x-fb4-rc
radeapclient - eap context struct
Arran Cudbard-Bell [Mon, 30 Mar 2015 22:01:06 +0000 (18:01 -0400)]
New travis apt plugin config structure
Arran Cudbard-Bell [Mon, 30 Mar 2015 21:40:16 +0000 (17:40 -0400)]
Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test.
Arran Cudbard-Bell [Mon, 30 Mar 2015 16:38:32 +0000 (12:38 -0400)]
Print the attributes EAP-TLS extension attribute we're not going to add
Alan T. DeKok [Sun, 29 Mar 2015 19:55:05 +0000 (15:55 -0400)]
Note recent changes
Alan T. DeKok [Sun, 29 Mar 2015 19:48:16 +0000 (15:48 -0400)]
Remove references to ${certdir}/random, and replace with /dev/urandom
Arran Cudbard-Bell [Sun, 29 Mar 2015 14:37:53 +0000 (10:37 -0400)]
Another analyzer error
Arran Cudbard-Bell [Sun, 29 Mar 2015 14:36:08 +0000 (10:36 -0400)]
Build doxygen docs
Arran Cudbard-Bell [Sun, 29 Mar 2015 14:19:48 +0000 (10:19 -0400)]
Clang scan analyzer errors
Arran Cudbard-Bell [Sun, 29 Mar 2015 03:56:35 +0000 (23:56 -0400)]
Fail on scan errors
Arran Cudbard-Bell [Sun, 29 Mar 2015 02:41:02 +0000 (22:41 -0400)]
Doxygen
Arran Cudbard-Bell [Sun, 22 Mar 2015 01:49:01 +0000 (21:49 -0400)]
Attempt to move to travis container infrastructure
Seeing as the linux build farm is currently maxed out at 320 concurrent builds
Alan T. DeKok [Sat, 28 Mar 2015 21:55:38 +0000 (16:55 -0500)]
Initialize raddb_dir, too
Alan T. DeKok [Fri, 27 Mar 2015 17:30:50 +0000 (12:30 -0500)]
note recent changes
Alan T. DeKok [Fri, 27 Mar 2015 17:26:39 +0000 (12:26 -0500)]
Set "nodup" for DHCP sockets
Alan T. DeKok [Fri, 27 Mar 2015 17:16:36 +0000 (12:16 -0500)]
Simplify cleanup logic.
Debug the packet prior to sending it. Do cleanup_delay on
RADIUS Access-Requests and CoA packets. Everything else gets
cleaned up immediately.
Alan T. DeKok [Fri, 27 Mar 2015 17:06:40 +0000 (12:06 -0500)]
Cleanup DHCP packets immediately
Alan T. DeKok [Fri, 27 Mar 2015 16:10:48 +0000 (11:10 -0500)]
No comment in comment issues
Alan T. DeKok [Fri, 27 Mar 2015 15:41:52 +0000 (10:41 -0500)]
Set dict_dir
Alan T. DeKok [Fri, 27 Mar 2015 13:37:05 +0000 (08:37 -0500)]
Better fix for previous commit
Matthew Newton [Thu, 26 Mar 2015 22:35:27 +0000 (22:35 +0000)]
Improve errors on winbind authentication failure
This is very nice, as Samba gives us useful messages like
Wrong Password [0xC000006A]
Account expired [0xC0000193]
Must change password [0xC0000224]
Account locked out [0xC0000234]
when the authentication fails, which are then pushed into
Module-Failure-Message so the admin knows exactly what happened.
This also now handles password expiry so mschap returns the
"change password" trigger.
Alan T. DeKok [Fri, 27 Mar 2015 13:33:24 +0000 (08:33 -0500)]
note recent changes
Alan T. DeKok [Fri, 27 Mar 2015 13:30:35 +0000 (08:30 -0500)]
Add -D to radwho and radzap
Arran Cudbard-Bell [Fri, 27 Mar 2015 13:09:31 +0000 (09:09 -0400)]
Minor formatting in tls.c
Arran Cudbard-Bell [Fri, 27 Mar 2015 05:48:29 +0000 (01:48 -0400)]
Don't crash when using the NULL driver in select queries
Arran Cudbard-Bell [Fri, 27 Mar 2015 12:31:59 +0000 (08:31 -0400)]
Merge pull request #940 from nchaigne/3.0.x-fb5-fqdn
DHCP-Client-FQDN is not a string
Nicolas C [Fri, 27 Mar 2015 11:38:23 +0000 (12:38 +0100)]
DHCP-Client-FQDN is not a string
See RFC 4702.
DHCP-Client-FQDN (DHCP option 81) is actually a record composed of:
- first octet: "Flags"
- second octet: "RCODE1"
- third octet: "RCODE2"
- and then "Domain Name" (which is a string)
But I don't think that FreeRADIUS dictionaries support encoding /
decoding such a format, so octets is the best option we have.
Alan T. DeKok [Thu, 26 Mar 2015 16:52:58 +0000 (11:52 -0500)]
More dot graphs for state machines
Arran Cudbard-Bell [Thu, 26 Mar 2015 13:09:13 +0000 (09:09 -0400)]
Hyphens
Arran Cudbard-Bell [Thu, 26 Mar 2015 12:32:05 +0000 (08:32 -0400)]
Merge pull request #936 from spbnick/mikrotik_update
Update dictionary.mikrotik
Nikolai Kondrashov [Thu, 26 Mar 2015 10:13:39 +0000 (12:13 +0200)]
Update dictionary.mikrotik
Update dictionary.mikrotik to have new attributes and values mentioned
in Mikrotik wiki:
http://wiki.mikrotik.com/index.php?title=Manual:RADIUS_Client/vendor_dictionary
Alan T. DeKok [Wed, 25 Mar 2015 22:16:16 +0000 (17:16 -0500)]
Oops. Define this, too
Alan T. DeKok [Wed, 25 Mar 2015 22:07:23 +0000 (17:07 -0500)]
Freeze proxy sockets on EOL, too.
and eol requests only if listener->count > 0
Alan T. DeKok [Wed, 25 Mar 2015 21:17:18 +0000 (16:17 -0500)]
TCP socket timer limits mean they're marked frozen, not EOL
EOL is now only for errors. a frozen socket can still have
requests using it. For auth/acct, we can't close the socket
until all requests using it have finished. We can't close
socket while the client is still sending packets. That's rude.
For proxy sockets, most of the same applies. The only difference
is that the frozen socket won't be used to proxy new requests.
But retransmits will still go out the proxy socket. And replies
will still be received from it.
Alan T. DeKok [Wed, 25 Mar 2015 21:04:35 +0000 (16:04 -0500)]
Freeze the proxy socket on timeout
But we don't want to EOL it just yet
Alan T. DeKok [Wed, 25 Mar 2015 20:40:02 +0000 (15:40 -0500)]
Motorola error message
Arran Cudbard-Bell [Wed, 25 Mar 2015 16:42:32 +0000 (12:42 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 25 Mar 2015 16:05:42 +0000 (12:05 -0400)]
Add systemd unit file for systems that use systemd
Alan T. DeKok [Wed, 25 Mar 2015 16:20:42 +0000 (11:20 -0500)]
Remove unused assignement
Nicolas C [Wed, 25 Mar 2015 15:49:56 +0000 (16:49 +0100)]
radeapclient - fixed EAP-MD5
EAP-MD5 works again now.
Nicolas C [Wed, 25 Mar 2015 10:47:10 +0000 (11:47 +0100)]
radeapclient - union for eap context
Use an union to separate sim and md5 specific members.
Nicolas C [Wed, 25 Mar 2015 08:09:40 +0000 (09:09 +0100)]
radeapclient - code clean-up
Fixes, formatting, and code clean-up.
Removed old (now unused) functions:
- debug_packet
- send_packet
- sendrecv_eap
Alan T. DeKok [Tue, 24 Mar 2015 22:49:36 +0000 (17:49 -0500)]
Allow home server "auth+acct"
Alan T. DeKok [Tue, 24 Mar 2015 22:48:23 +0000 (17:48 -0500)]
Better fix for dual home servers
Alan T. DeKok [Tue, 24 Mar 2015 21:16:32 +0000 (16:16 -0500)]
note recent changes
Alan T. DeKok [Tue, 24 Mar 2015 21:12:35 +0000 (16:12 -0500)]
Use FR_CHANNEL_FAIL / SUCCESS for radmin return codes
Alan T. DeKok [Tue, 24 Mar 2015 21:09:11 +0000 (16:09 -0500)]
Use names instead of numbers for command OK / FAIL
And use the same return codes as for the channels
Alan T. DeKok [Tue, 24 Mar 2015 21:03:03 +0000 (16:03 -0500)]
Regularize return codes for radmin commands
Alan T. DeKok [Tue, 24 Mar 2015 20:58:44 +0000 (15:58 -0500)]
Go to status after running a command
Arran Cudbard-Bell [Tue, 24 Mar 2015 20:47:37 +0000 (16:47 -0400)]
Probably need a systemd script instead *sigh*
Alan T. DeKok [Tue, 24 Mar 2015 20:37:39 +0000 (15:37 -0500)]
Use same port for acct if using RadSec
Alan T. DeKok [Tue, 24 Mar 2015 14:41:11 +0000 (09:41 -0500)]
whitespace
Arran Cudbard-Bell [Tue, 24 Mar 2015 20:45:16 +0000 (16:45 -0400)]
Add option for secret
Arran Cudbard-Bell [Tue, 24 Mar 2015 19:09:46 +0000 (15:09 -0400)]
Update raduat
Nicolas C [Tue, 24 Mar 2015 17:27:04 +0000 (18:27 +0100)]
radeapclient - process special attributes
Last commit did not build on Travis. Fixed.
Added processing of special attributes in input vps (copied from
radclient).
And some other minor stuff.
Arran Cudbard-Bell [Tue, 24 Mar 2015 16:58:51 +0000 (12:58 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 24 Mar 2015 16:50:51 +0000 (12:50 -0400)]
Rename fr_connect_pool_delete to fr_connection_pool_free
Arran Cudbard-Bell [Tue, 24 Mar 2015 16:50:25 +0000 (12:50 -0400)]
Add reference counter to connection pool to prevent double frees when referenced
Arran Cudbard-Bell [Tue, 24 Mar 2015 16:32:43 +0000 (12:32 -0400)]
Cleanup some of the tls code, add doxygen headers etc...
Arran Cudbard-Bell [Tue, 24 Mar 2015 16:32:07 +0000 (12:32 -0400)]
Fix invalid assert in state.c
If there's a previous linked state, we want to assert that the entry can't be *head* of the list not the tail
Nicolas C [Tue, 24 Mar 2015 15:54:49 +0000 (16:54 +0100)]
radeapclient - parallel mode (now working)
This one is larger. (but this was necessary.)
The new stuff is now in use, and working!
The old "sendrecv_eap" sequential function is no longer called.
Instead a main loop handles: starting new transactions and sending
packets, receiving and handling responses, checking for timeouts and
handling retransmissions.
Some minor things needs to be addressed, but I feel this is very close
to being mergeable.
New option added: "-p <parallel>".
I removed option "-i", which has been broken for ages and I think will
never be fixed (since we use FreeRADIUS's packet list library, the ID is
automatically allocated).
Nicolas C [Tue, 24 Mar 2015 09:48:15 +0000 (10:48 +0100)]
radeapclient - receive using packet list
Added an event list (not yet used).
Added new functions:
- rc_finish_transaction
- rc_send_transaction_packet
- rc_deallocate_id
- rc_recv_one_packet (not yet used)
Nicolas C [Tue, 24 Mar 2015 08:37:03 +0000 (09:37 +0100)]
radeapclient - preparing packet list use
Cleaned-up main.
Added a packet list (not yet used)
Added new functions:
- rc_add_socket
- rc_resolve_hostname
- rc_send_one_packet (not yet used)
These I stole from radclient:
- rc_request_types[] array
- rc_get_port function
- rc_get_code function
Matthew Newton [Mon, 23 Mar 2015 22:59:50 +0000 (22:59 +0000)]
Add connection pool to rlm_mschap for wbclient contexts
Arran Cudbard-Bell [Tue, 24 Mar 2015 00:49:32 +0000 (20:49 -0400)]
Make the init script work with centos
Arran Cudbard-Bell [Mon, 23 Mar 2015 23:07:26 +0000 (19:07 -0400)]
Print proper error for unknown attributes in rlm_ldap mapping sections
Arran Cudbard-Bell [Mon, 23 Mar 2015 23:08:41 +0000 (19:08 -0400)]
Some libldap packagers define LDAP_VENDOR_VERSION_PATCH as X
... thanks for that ltb-project.
Nicolas C [Mon, 23 Mar 2015 18:34:32 +0000 (19:34 +0100)]
radeapclient - now use the transactions
Now load the input data and use it to properly initialize transactions.
These are then used to do the EAP-SIM workflow.
Nicolas C [Mon, 23 Mar 2015 17:29:21 +0000 (18:29 +0100)]
radeapclient - init transactions
New functions (not yet used) to initialize transactions, and yank
elements from the input list of vps.
Nicolas C [Mon, 23 Mar 2015 16:47:00 +0000 (17:47 +0100)]
radeapclient - new structures (input, transactions)
New structures added to hold:
- input value pairs read from file or stdin.
- transactions contexts (similar to radclient's 'rc_request_t').
And new functions (not yet used) to read input vps and load them into a
list.
Nicolas C [Mon, 23 Mar 2015 15:35:04 +0000 (16:35 +0100)]
radeapclient - use eap context
Make use of the previously defined eap context struct.
Arran Cudbard-Bell [Mon, 23 Mar 2015 15:16:45 +0000 (11:16 -0400)]
Proper way of getting TCP connection errors
Nicolas C [Mon, 23 Mar 2015 08:32:03 +0000 (09:32 +0100)]
radeapclient - eap context struct
Definition of a structure which will hold the EAP context information.
This will also make easier to merge with radclient later on.
As requested, small commits on purpose. If they are too small please let
me know, I will adjust :)
Arran Cudbard-Bell [Sun, 22 Mar 2015 21:52:40 +0000 (17:52 -0400)]
Docs for request_will_proxy
Arran Cudbard-Bell [Sun, 22 Mar 2015 21:48:56 +0000 (17:48 -0400)]
Fixup formatting and logging in rlm_chap
Alan T. DeKok [Sun, 22 Mar 2015 13:11:24 +0000 (09:11 -0400)]
Minor changes to meet v3.1.x
Alan T. DeKok [Sat, 21 Mar 2015 22:51:37 +0000 (18:51 -0400)]
Don't initialize the proxy list on check_config
Arran Cudbard-Bell [Sun, 22 Mar 2015 04:43:17 +0000 (00:43 -0400)]
Cleanup NONNULL
According to the compiler documentation putting attributes before the name and argument list of a function definition is not officially supported. Even for static functions.
The proper way is to add them add the end of the declaration. This certainly makes doxygen, and my code editor happier.