Matthew Newton [Mon, 19 Jan 2015 23:59:05 +0000 (23:59 +0000)]
update rlm_passwd
Matthew Newton [Sun, 11 Jan 2015 01:07:55 +0000 (01:07 +0000)]
update rlm_always
Arran Cudbard-Bell [Mon, 19 Jan 2015 14:02:36 +0000 (21:02 +0700)]
Max pending should be unsigned
Arran Cudbard-Bell [Mon, 19 Jan 2015 13:22:14 +0000 (20:22 +0700)]
Fix weird indentation in connection.c
Alan T. DeKok [Mon, 19 Jan 2015 13:40:10 +0000 (08:40 -0500)]
Rate-limit new connections after a failed attempt.
If we fail to open a connection, we don't want N child threads
to block on opening new connections. Instead, allow one connection
through. If that succeeds, allow 2, then 3, etc.
Arran Cudbard-Bell [Mon, 19 Jan 2015 04:02:57 +0000 (11:02 +0700)]
Use chmod permissions macros
Arran Cudbard-Bell [Mon, 19 Jan 2015 02:02:11 +0000 (09:02 +0700)]
Fix coverity issues
Arran Cudbard-Bell [Sun, 18 Jan 2015 16:22:53 +0000 (23:22 +0700)]
Need H: arg
Arran Cudbard-Bell [Sun, 18 Jan 2015 15:32:34 +0000 (22:32 +0700)]
call rad_mkdir to make the path for the control socket, and modify the default config to place the control socket into a 'control' subdirectory
If this works everywhere we should be able to manage control socket permissions using just the filesystem
Alan T. DeKok [Sun, 18 Jan 2015 15:14:37 +0000 (10:14 -0500)]
Remove UNUSED where the parameter is actually used
Alan T. DeKok [Sat, 17 Jan 2015 23:30:51 +0000 (18:30 -0500)]
Whitespace
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:07:14 +0000 (20:07 +0700)]
Fix control socket permissions control for none Linux systems
chown() on Unix sockets errors out on all BSD systems including OSX.
Arran Cudbard-Bell [Sun, 18 Jan 2015 12:32:01 +0000 (19:32 +0700)]
Fix stupid redundant getgr* and getpw* functions
We will *always* have the _r variants, and we should always have the headers. There's no need to check, there's no need to fallback.
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:35:27 +0000 (20:35 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 13:33:08 +0000 (20:33 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 07:50:56 +0000 (14:50 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 18 Jan 2015 07:38:03 +0000 (14:38 +0700)]
Fixup rlm_ldap to use bind credentials from the module instance that created the connection pool, not the module referencing it
Allow server to be NULL if the module instance is using a connection pool reference
Arran Cudbard-Bell [Sun, 18 Jan 2015 05:09:32 +0000 (12:09 +0700)]
Add %{ldapquote:} to escape special chars in filters and DNs
Arran Cudbard-Bell [Sun, 18 Jan 2015 05:01:24 +0000 (12:01 +0700)]
Typo
Arran Cudbard-Bell [Sun, 18 Jan 2015 04:26:07 +0000 (11:26 +0700)]
Optimise tmpl_expand to avoid copying to intermediary buffers when not required
This has two positive side effects. Firstly the LDAP code is marginally faster.
Second, when using attribute references or literals for DNs and filters the length is unlimited.
Arran Cudbard-Bell [Sun, 18 Jan 2015 04:21:33 +0000 (11:21 +0700)]
Should be jsonquote to match urlquote (not tojson)
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:52:26 +0000 (09:52 +0700)]
xlat.h needs conffile.h for xlat_register_redundant
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:34:54 +0000 (09:34 +0700)]
Remove restriction on assigning return codes only to module calls
Arran Cudbard-Bell [Sun, 18 Jan 2015 02:34:16 +0000 (09:34 +0700)]
No more hacks for xlat
Arran Cudbard-Bell [Sun, 18 Jan 2015 00:55:03 +0000 (07:55 +0700)]
cf_item_parse type should be unsigned to match PW_TYPE enum
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:10:04 +0000 (23:10 +0700)]
Switch relevant config items in rlm_ldap to tmpls
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:09:26 +0000 (23:09 +0700)]
Add PW_TYPE_TMPL which parses a conf item directly as a value_pair_tmpl_t
Arran Cudbard-Bell [Sat, 17 Jan 2015 16:07:17 +0000 (23:07 +0700)]
Move xlat functions into a separate header file
Arran Cudbard-Bell [Sat, 17 Jan 2015 10:15:25 +0000 (17:15 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 17 Jan 2015 09:59:02 +0000 (16:59 +0700)]
Add nexttime xlat, for calculating number of seconds before next hour, day, week, month or year
Arran Cudbard-Bell [Sat, 17 Jan 2015 03:24:01 +0000 (10:24 +0700)]
More useful default control policies
Arran Cudbard-Bell [Sat, 17 Jan 2015 02:20:22 +0000 (09:20 +0700)]
Fix for CID #1104360
Arran Cudbard-Bell [Sat, 17 Jan 2015 00:24:05 +0000 (07:24 +0700)]
Correct fix for #878
Alan T. DeKok [Fri, 16 Jan 2015 16:09:34 +0000 (11:09 -0500)]
Set length correctly. Fixes #878
Alan T. DeKok [Fri, 16 Jan 2015 15:50:32 +0000 (10:50 -0500)]
Solaris requires more headers. Fixes #872
Alan T. DeKok [Fri, 16 Jan 2015 15:08:30 +0000 (10:08 -0500)]
Save session-state after proxying. Fixes #854
Alan T. DeKok [Fri, 16 Jan 2015 14:49:41 +0000 (09:49 -0500)]
Test for "return { ...}"
Hm... the test framework doesn't check for false successes.
If a test contains "ERROR", it should fail if unittest.c succeeds
Alan T. DeKok [Fri, 16 Jan 2015 14:49:25 +0000 (09:49 -0500)]
Fix comments
Alan T. DeKok [Fri, 16 Jan 2015 14:44:25 +0000 (09:44 -0500)]
Return on parse error for break / return
Arran Cudbard-Bell [Fri, 16 Jan 2015 11:30:15 +0000 (18:30 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 16 Jan 2015 11:18:57 +0000 (18:18 +0700)]
Add tojson xlat for escaping json strings
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:39:49 +0000 (17:39 +0700)]
Print out info for MySQL server and libmysql client version
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:13:26 +0000 (17:13 +0700)]
Stop server INFOing about empty sections
Arran Cudbard-Bell [Fri, 16 Jan 2015 10:02:53 +0000 (17:02 +0700)]
Return updated if rlm_ldap updated the request
Also pass back more error conditions from the profile mapping code
Arran Cudbard-Bell [Fri, 16 Jan 2015 09:07:11 +0000 (16:07 +0700)]
Avoid spurious warnings about zero length queries
Arran Cudbard-Bell [Fri, 16 Jan 2015 07:26:28 +0000 (14:26 +0700)]
Change severity and return code for DN not found
When searching for a user, not finding the base DN is normal and should be converted to a notfound return code
Arran Cudbard-Bell [Fri, 2 Jan 2015 16:47:07 +0000 (11:47 -0500)]
Add support for XLATs on the LHS of update sections
Arran Cudbard-Bell [Thu, 1 Jan 2015 18:29:55 +0000 (13:29 -0500)]
Allow LHS of update maps to be exec or xlat
Alan T. DeKok [Fri, 16 Jan 2015 03:59:44 +0000 (22:59 -0500)]
Allow action over-rides for all modules. Fixes #876
For modules, policies, and things in the "instantiate" section.
Arran Cudbard-Bell [Thu, 15 Jan 2015 11:20:32 +0000 (18:20 +0700)]
Typo
Arran Cudbard-Bell [Thu, 15 Jan 2015 11:18:03 +0000 (18:18 +0700)]
Fix marked unused complains in mysql driver
Alan T. DeKok [Wed, 14 Jan 2015 16:32:00 +0000 (11:32 -0500)]
Check for destination IP, too. Closes #873
Alan T. DeKok [Wed, 14 Jan 2015 16:28:34 +0000 (11:28 -0500)]
home_pool may be NULL when packets go directly to an IP
Arran Cudbard-Bell [Wed, 14 Jan 2015 14:09:03 +0000 (21:09 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 14 Jan 2015 14:07:43 +0000 (21:07 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 14 Jan 2015 14:02:46 +0000 (21:02 +0700)]
Add connection timeout for rlm_rest
Arran Cudbard-Bell [Wed, 14 Jan 2015 09:41:34 +0000 (16:41 +0700)]
Doxygen
Arran Cudbard-Bell [Wed, 14 Jan 2015 09:08:30 +0000 (16:08 +0700)]
Support subsecond timeout values in rlm_rest
Arran Cudbard-Bell [Wed, 14 Jan 2015 06:33:00 +0000 (13:33 +0700)]
Add explode xlat %{explode:&ref <delim>}
Useful for breaking out values shoved into Class and User-Name
Arran Cudbard-Bell [Wed, 14 Jan 2015 01:34:09 +0000 (08:34 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 14 Jan 2015 01:18:18 +0000 (08:18 +0700)]
SQL counter query should be xlat'd
Arran Cudbard-Bell [Wed, 14 Jan 2015 01:18:05 +0000 (08:18 +0700)]
Add support for PATCH in rest
Alan T. DeKok [Wed, 14 Jan 2015 01:05:49 +0000 (20:05 -0500)]
Note recent changes
Arran Cudbard-Bell [Wed, 14 Jan 2015 00:43:05 +0000 (07:43 +0700)]
Markup sqlippol fields as xlat
Arran Cudbard-Bell [Wed, 14 Jan 2015 00:22:25 +0000 (07:22 +0700)]
Markup more fields in rlm_sql as xlat'd
Arran Cudbard-Bell [Wed, 14 Jan 2015 00:06:14 +0000 (07:06 +0700)]
Markup xlat'd fields in rlm_ldap
Alan T. DeKok [Tue, 13 Jan 2015 23:44:30 +0000 (18:44 -0500)]
Convert error to warning. So we don't break configs
Alan T. DeKok [Tue, 13 Jan 2015 21:47:20 +0000 (16:47 -0500)]
Strings NOT dynamically expanded shouldn't have %{ in them.
Alan T. DeKok [Tue, 13 Jan 2015 21:44:49 +0000 (16:44 -0500)]
Mark more strings as dynamically expanded
Alan T. DeKok [Tue, 13 Jan 2015 16:45:24 +0000 (11:45 -0500)]
Signal the main detail thread if we get a bad packet
Alan T. DeKok [Tue, 13 Jan 2015 16:35:13 +0000 (11:35 -0500)]
Set prefix for CoA, too
Alan T. DeKok [Tue, 13 Jan 2015 16:32:56 +0000 (11:32 -0500)]
Handle CoA packets, too
Alan T. DeKok [Tue, 13 Jan 2015 16:22:10 +0000 (11:22 -0500)]
Copy the VPs earlier, so that we can access them
Arran Cudbard-Bell [Tue, 13 Jan 2015 13:53:18 +0000 (20:53 +0700)]
Cleanup PAM code, and use the correct logging functions
Alan T. DeKok [Tue, 13 Jan 2015 04:07:31 +0000 (23:07 -0500)]
Fix license to be GPLv2.
As author, I allow this change.
Alan T. DeKok [Tue, 13 Jan 2015 04:01:12 +0000 (23:01 -0500)]
Fix license erroneously updated by commit
23d838445
The main LICENSE file and all in-code licenses are GPLv2 or later,
except for rlm_opendirectory. Apple insisted on GPLv2 for that.
Alan T. DeKok [Tue, 13 Jan 2015 03:51:26 +0000 (22:51 -0500)]
s/if/of/ in the GPL license
Alan T. DeKok [Tue, 13 Jan 2015 03:50:23 +0000 (22:50 -0500)]
Define "Auth-Type foo" before loading the modules.
Because some modules (e.g. EAP-GTC) may refer to them.
So we need to have the types defined before the module loads.
Alan T. DeKok [Mon, 12 Jan 2015 18:07:34 +0000 (13:07 -0500)]
Don't install rlm_test
Philippe Wooding [Mon, 12 Jan 2015 11:05:31 +0000 (12:05 +0100)]
Link libfreeradius-server against openssl to that linker can include version of SSLeay functions to use. Since version.c was moved to libfreeradius-server, the wrong version was being used on RadHat.
Arran Cudbard-Bell [Mon, 12 Jan 2015 02:20:22 +0000 (09:20 +0700)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 12 Jan 2015 01:04:04 +0000 (08:04 +0700)]
Add test script for radclient
Arran Cudbard-Bell [Sun, 11 Jan 2015 04:04:17 +0000 (11:04 +0700)]
Add foreach isolation test
Foreach should copy all target attributes, so modifying the list being iterated over shouldn't change how foreach behaves
Arran Cudbard-Bell [Sat, 10 Jan 2015 03:14:43 +0000 (10:14 +0700)]
Typo
Arran Cudbard-Bell [Thu, 8 Jan 2015 21:57:15 +0000 (04:57 +0700)]
Formatting
Matthew Newton [Sat, 10 Jan 2015 02:10:22 +0000 (02:10 +0000)]
bring rlm_pap man page up-to-date
Alan T. DeKok [Fri, 9 Jan 2015 19:33:25 +0000 (14:33 -0500)]
Typos
Alan T. DeKok [Fri, 9 Jan 2015 12:42:42 +0000 (07:42 -0500)]
<sigh> more weirdness
Alan T. DeKok [Wed, 7 Jan 2015 17:20:52 +0000 (12:20 -0500)]
Don't check EV_READ flag. It MUST be a read event
Alan T. DeKok [Tue, 6 Jan 2015 19:07:05 +0000 (14:07 -0500)]
If we can't load DHCP, complain. Closes #869
Alan T. DeKok [Tue, 6 Jan 2015 15:02:08 +0000 (10:02 -0500)]
Include "test" module in dependencies
Arran Cudbard-Bell [Tue, 6 Jan 2015 03:49:09 +0000 (22:49 -0500)]
Update README.rst
Arran Cudbard-Bell [Tue, 6 Jan 2015 03:45:05 +0000 (22:45 -0500)]
Update README.rst
Arran Cudbard-Bell [Tue, 6 Jan 2015 00:48:58 +0000 (19:48 -0500)]
Unignore all.mk in rlm_test
Arran Cudbard-Bell [Mon, 5 Jan 2015 21:12:23 +0000 (16:12 -0500)]
Add tests for Module-Failure-Message
Arran Cudbard-Bell [Mon, 5 Jan 2015 21:11:51 +0000 (16:11 -0500)]
Re-arrange internal dictionary
Arran Cudbard-Bell [Mon, 5 Jan 2015 19:08:08 +0000 (14:08 -0500)]
Fix log levels
Alan T. DeKok [Mon, 5 Jan 2015 17:36:22 +0000 (12:36 -0500)]
Remove extraneous debug message
Alan T. DeKok [Mon, 5 Jan 2015 16:56:22 +0000 (11:56 -0500)]
Initialize xlats before reading the config
Alan T. DeKok [Mon, 5 Jan 2015 16:31:22 +0000 (11:31 -0500)]
Don't unregister if the tree doesn't exist