Nikolai Kondrashov [Fri, 5 Dec 2014 13:07:59 +0000 (15:07 +0200)]
dhcpclient: Add a short description to help output
Add a short description of the program's function to the help output of
dhcpclient.
Nikolai Kondrashov [Fri, 5 Dec 2014 10:24:37 +0000 (12:24 +0200)]
rad_counter: Refine help message
Refine rad_counter help message:
* use executable name without path,
* add program purpose,
* shorten usage summary line for clarity,
* separate arguments and options,
* add full stops to sentences,
* wrap a long line.
Nikolai Kondrashov [Fri, 5 Dec 2014 10:12:19 +0000 (12:12 +0200)]
rad_counter: Use heredoc for help message
Use Perl's here document syntax for rad_counter's help message and
replace tab escape sequences with spaces to make the source more
readable and easier to modify.
Arran Cudbard-Bell [Thu, 4 Dec 2014 19:40:20 +0000 (14:40 -0500)]
Escape filename expansions
Attributes used in xlat expansions involving filenames will now be subject to tight escaping rules to prevent injection attacks, and to allow maximum compatibility.
A little scary this wasn't done already, but for most systems it would have been pretty hard to exploit in a useful way.
Arran Cudbard-Bell [Thu, 4 Dec 2014 19:38:05 +0000 (14:38 -0500)]
Formatting
Arran Cudbard-Bell [Thu, 4 Dec 2014 16:54:33 +0000 (11:54 -0500)]
Note on why we don't need to escaping for execve
Arran Cudbard-Bell [Thu, 4 Dec 2014 15:14:51 +0000 (10:14 -0500)]
Cache Stripped-User-Domain too
Arran Cudbard-Bell [Thu, 4 Dec 2014 15:11:46 +0000 (10:11 -0500)]
Update range of cached TLS attributes
Arran Cudbard-Bell [Thu, 4 Dec 2014 15:09:57 +0000 (10:09 -0500)]
Formatting
Arran Cudbard-Bell [Thu, 4 Dec 2014 04:05:30 +0000 (23:05 -0500)]
Duplicate init
Arran Cudbard-Bell [Thu, 4 Dec 2014 01:44:55 +0000 (20:44 -0500)]
Slightly better debug output
Arran Cudbard-Bell [Thu, 4 Dec 2014 01:35:16 +0000 (20:35 -0500)]
Fix issue that caused radclient to default to sending Accounting-Request when auto was specified and Packet-Type was set
Alan T. DeKok [Wed, 3 Dec 2014 21:15:09 +0000 (16:15 -0500)]
Escape backslashes only when necessary
Arran Cudbard-Bell [Wed, 3 Dec 2014 18:31:46 +0000 (13:31 -0500)]
Merge pull request #847 from spbnick/man_clients_update
clients(5) update
Alan T. DeKok [Wed, 3 Dec 2014 18:11:07 +0000 (13:11 -0500)]
Note recent changes
Alan T. DeKok [Wed, 3 Dec 2014 16:36:02 +0000 (11:36 -0500)]
rlm_cache_rbtree isn't in "stable". It's ALWAYS built.
It has no configure script, so we don't need to recurse
into it's subdirectory to configure it
Alan T. DeKok [Wed, 3 Dec 2014 16:33:41 +0000 (11:33 -0500)]
Delete state correctly
Arran Cudbard-Bell [Wed, 3 Dec 2014 17:59:32 +0000 (12:59 -0500)]
Change references to vp->length to vp->vp_length
Arran Cudbard-Bell [Wed, 3 Dec 2014 18:00:31 +0000 (13:00 -0500)]
Add vp_length macro (makes it easier to backport changes from master)
Arran Cudbard-Bell [Wed, 3 Dec 2014 06:56:45 +0000 (01:56 -0500)]
Make IP resolution errors a bit clearer
Arran Cudbard-Bell [Wed, 3 Dec 2014 02:58:42 +0000 (21:58 -0500)]
Use correct type for log_lvl and add prefix to rdebug_pair
Nikolai Kondrashov [Tue, 2 Dec 2014 14:43:49 +0000 (16:43 +0200)]
man: Remove references to naslist and clients
Remove references to non-existent naslist and clients manpages as they
are confusing.
Nikolai Kondrashov [Tue, 2 Dec 2014 14:39:28 +0000 (16:39 +0200)]
man: Remove client attribute description
Remove attribute description from clients.conf(5) source as it is
outdated, lists just a few attributes and wasn't updated for more than a
year. Refer to clients.conf file itself, instead.
Alan T. DeKok [Tue, 2 Dec 2014 18:54:23 +0000 (13:54 -0500)]
Always get the "certs" index for SSL.
Alan T. DeKok [Tue, 2 Dec 2014 18:34:32 +0000 (13:34 -0500)]
Bump for version 3.0.6
Alan T. DeKok [Tue, 2 Dec 2014 15:05:27 +0000 (10:05 -0500)]
Clarify debugging message
Alan T. DeKok [Tue, 2 Dec 2014 15:03:33 +0000 (10:03 -0500)]
Debug attributes added in cbtls_verify
Arran Cudbard-Bell [Mon, 1 Dec 2014 19:15:45 +0000 (14:15 -0500)]
If we're doing fallback resolution we need to set the address family to AF_UNSPEC to get both IPv6 and IPv4 addresses
The af that was passed in, is then used to set the preference
Arran Cudbard-Bell [Mon, 1 Dec 2014 19:10:57 +0000 (14:10 -0500)]
Add extra tests for auto prefix conversion to condition.txt
Arran Cudbard-Bell [Mon, 1 Dec 2014 18:19:23 +0000 (13:19 -0500)]
Fix the conffile parser to parse RHS literals as prefix types when the LHS is an IPv4 address or IPv6 address
Arran Cudbard-Bell [Mon, 1 Dec 2014 15:26:37 +0000 (10:26 -0500)]
Fixup ipprefix tests
Arran Cudbard-Bell [Mon, 1 Dec 2014 14:52:50 +0000 (09:52 -0500)]
Typo
Arran Cudbard-Bell [Mon, 1 Dec 2014 00:08:04 +0000 (19:08 -0500)]
If sanity checks are converted to warnings, they should continue not cause module instantiation to fail...
Alan T. DeKok [Sun, 30 Nov 2014 16:21:31 +0000 (11:21 -0500)]
Check more query strings at boot time.
And therefore don't check query[0] at run time
Alan T. DeKok [Sun, 30 Nov 2014 16:17:59 +0000 (11:17 -0500)]
Extra config is a warning, not an error
Alan T. DeKok [Sun, 30 Nov 2014 16:09:12 +0000 (11:09 -0500)]
The rbtree submodule is always needed, therefore build it, too
Arran Cudbard-Bell [Fri, 28 Nov 2014 19:06:37 +0000 (14:06 -0500)]
Just set query fields to NULL if the strings are zerolength
Arran Cudbard-Bell [Fri, 28 Nov 2014 18:57:09 +0000 (13:57 -0500)]
Add more sanity checks to rlm_sql
Arran Cudbard-Bell [Fri, 28 Nov 2014 18:23:58 +0000 (13:23 -0500)]
Fix case where the user isn't found in any groups, where we'd go on to process profiles if user reply-item was Fall-Through = yes
Arran Cudbard-Bell [Fri, 28 Nov 2014 18:17:41 +0000 (13:17 -0500)]
Fix typo in rlm_sql.c, need to use goto in group evaluation loop as continue still evaluates the condition
Alan T. DeKok [Fri, 28 Nov 2014 16:50:18 +0000 (11:50 -0500)]
Note recent changes
Alan T. DeKok [Fri, 28 Nov 2014 16:45:37 +0000 (11:45 -0500)]
Skip post-auth when finishing originated CoA requests
Alan T. DeKok [Fri, 28 Nov 2014 16:33:14 +0000 (11:33 -0500)]
Call Post-Auth-Type Reject if we reject in post-auth
And write "Login OK" only if post-auth returns OK
And move Access-Request logic from process.c to rad_postauth
Alan T. DeKok [Fri, 28 Nov 2014 15:57:37 +0000 (10:57 -0500)]
Print "Login OK" AFTER post-auth, instead of before
So that we can reject users in the post-auth section
Arran Cudbard-Bell [Fri, 28 Nov 2014 16:29:35 +0000 (11:29 -0500)]
Add doc header for normify
Arran Cudbard-Bell [Fri, 28 Nov 2014 15:49:59 +0000 (10:49 -0500)]
Correct check of rlm_sql_select_query rcode
Arran Cudbard-Bell [Thu, 27 Nov 2014 19:16:17 +0000 (14:16 -0500)]
another issue...
Arran Cudbard-Bell [Thu, 27 Nov 2014 18:11:32 +0000 (13:11 -0500)]
Fix infinite loop on Fall-Through = yes when processing groups
Alan T. DeKok [Thu, 27 Nov 2014 17:57:45 +0000 (12:57 -0500)]
Don't call MS-CHAP for NT-Hash passwords.
So that passwords with backslashes work better
Alan T. DeKok [Wed, 26 Nov 2014 20:50:34 +0000 (15:50 -0500)]
Skip both characters, not just the escape. Closes #842
Alan T. DeKok [Wed, 26 Nov 2014 20:48:10 +0000 (15:48 -0500)]
Be more generous about values for correct escapes
Alan T. DeKok [Wed, 26 Nov 2014 20:22:40 +0000 (15:22 -0500)]
Revert "Enable control-socket by default, but only for root"
This doesn't work on OSX.
This reverts commit
7eadf64919d046216a3d9c6504b6aa9d2f037b57.
Alan T. DeKok [Wed, 26 Nov 2014 19:27:23 +0000 (14:27 -0500)]
Enable control-socket by default, but only for root
Arran Cudbard-Bell [Wed, 26 Nov 2014 16:53:59 +0000 (11:53 -0500)]
Breakout PAP header processing function, and add some tests
Only complain in PAP if the Auth-Type != our Auth-Type
Arran Cudbard-Bell [Wed, 26 Nov 2014 16:59:22 +0000 (11:59 -0500)]
Formatting in cursor.c
Arran Cudbard-Bell [Wed, 26 Nov 2014 16:53:33 +0000 (11:53 -0500)]
Fix another spurious warning
Arran Cudbard-Bell [Wed, 26 Nov 2014 16:49:24 +0000 (11:49 -0500)]
And don't complain about LM-Password if we have NT-Password
Arran Cudbard-Bell [Wed, 26 Nov 2014 16:45:30 +0000 (11:45 -0500)]
Fix spurious LM-Password / NT-Password warnings
Alan T. DeKok [Wed, 26 Nov 2014 18:06:04 +0000 (13:06 -0500)]
Note recent changes
Herwin Weststrate [Wed, 26 Nov 2014 16:43:56 +0000 (17:43 +0100)]
Typo fix in comments
completelty => completely
Herwin Weststrate [Wed, 26 Nov 2014 16:23:22 +0000 (17:23 +0100)]
Fixed off-by-one error when trying to cast attribute to ascend
This fixes the bug described in #843
Alan T. DeKok [Wed, 26 Nov 2014 17:54:14 +0000 (12:54 -0500)]
Use correct escapes in the tests
Alan T. DeKok [Wed, 26 Nov 2014 16:20:02 +0000 (11:20 -0500)]
Use correct comments
Alan T. DeKok [Wed, 26 Nov 2014 16:16:45 +0000 (11:16 -0500)]
Fix bug when using "correct_escapes=no". Closes #842
Arran Cudbard-Bell [Tue, 25 Nov 2014 21:59:20 +0000 (16:59 -0500)]
template_names should really be tmpl_names and should be in tmpl.c
Arran Cudbard-Bell [Tue, 25 Nov 2014 21:47:07 +0000 (16:47 -0500)]
remove tmpl_names it was a less complete duplicate of template names
Alan T. DeKok [Tue, 25 Nov 2014 21:45:45 +0000 (16:45 -0500)]
as found on the net
Alan T. DeKok [Tue, 25 Nov 2014 21:10:17 +0000 (16:10 -0500)]
Better error message, refer to mods-enabled
Alan T. DeKok [Tue, 25 Nov 2014 19:41:43 +0000 (14:41 -0500)]
Whitespace
Arran Cudbard-Bell [Tue, 25 Nov 2014 15:30:33 +0000 (10:30 -0500)]
Restore v3.0.x behaviour in rlm_cache
Arran Cudbard-Bell [Tue, 25 Nov 2014 14:42:26 +0000 (09:42 -0500)]
Update encoded pointer before checking for additional values
Arran Cudbard-Bell [Tue, 25 Nov 2014 04:54:36 +0000 (23:54 -0500)]
Standardise rlm_cache output with rlm_sql
Arran Cudbard-Bell [Tue, 25 Nov 2014 04:45:58 +0000 (23:45 -0500)]
Tweaks to libldap version output
Arran Cudbard-Bell [Tue, 25 Nov 2014 03:48:27 +0000 (22:48 -0500)]
These absolutely don't need to be at the default debug log level
Arran Cudbard-Bell [Tue, 25 Nov 2014 03:44:58 +0000 (22:44 -0500)]
Fixup log output to file
It was pretty awful before...
Arran Cudbard-Bell [Mon, 24 Nov 2014 22:50:12 +0000 (17:50 -0500)]
Update cache
Arran Cudbard-Bell [Mon, 24 Nov 2014 22:37:43 +0000 (17:37 -0500)]
Ignore .ok files
Alan T. DeKok [Mon, 24 Nov 2014 22:18:11 +0000 (17:18 -0500)]
Allow "if" etc. in the "instantiate" section
Arran Cudbard-Bell [Mon, 24 Nov 2014 22:16:21 +0000 (17:16 -0500)]
Update ChangeLog
Alan T. DeKok [Mon, 24 Nov 2014 22:08:54 +0000 (17:08 -0500)]
Note recent changes
Alan T. DeKok [Sat, 15 Nov 2014 13:50:23 +0000 (08:50 -0500)]
Document redundant xlats
Alan T. DeKok [Fri, 14 Nov 2014 19:18:41 +0000 (14:18 -0500)]
Failed to register redundant xlat is a warning, not an error
Alan T. DeKok [Sat, 15 Nov 2014 13:14:11 +0000 (08:14 -0500)]
Convert redundant checks to load time instead of run-time
Alan T. DeKok [Fri, 14 Nov 2014 19:18:29 +0000 (14:18 -0500)]
Fail if we can't find an xlat by this name
Alan T. DeKok [Fri, 14 Nov 2014 18:54:56 +0000 (13:54 -0500)]
Add redundancy for XLATs.
Via the "instantiate" section
redundant my_sql {
sql1
sql2
sql3
}
And now "%{my_sql:...}" will work
Arran Cudbard-Bell [Mon, 24 Nov 2014 21:59:33 +0000 (16:59 -0500)]
Update documentation for += and [#] [*]
Arran Cudbard-Bell [Mon, 24 Nov 2014 21:58:24 +0000 (16:58 -0500)]
Prefix some examples with '&' in man unlang
Alan T. DeKok [Mon, 24 Nov 2014 21:59:57 +0000 (16:59 -0500)]
Run PEAP and TTLS tests if eapol_test exists
Alan T. DeKok [Mon, 24 Nov 2014 21:59:28 +0000 (16:59 -0500)]
Relax restrictions on modules in instantiate
We can have "files.authorize", for example...
Alan T. DeKok [Mon, 24 Nov 2014 21:10:13 +0000 (16:10 -0500)]
Make it the same as other tests
Arran Cudbard-Bell [Mon, 24 Nov 2014 21:44:42 +0000 (16:44 -0500)]
Set the prefix in the ip address we use to locate the home server
Alan T. DeKok [Mon, 24 Nov 2014 20:44:35 +0000 (15:44 -0500)]
Note recent changes
Alan T. DeKok [Mon, 24 Nov 2014 20:44:06 +0000 (15:44 -0500)]
Document &Attribute-Name[*]
Arran Cudbard-Bell [Mon, 24 Nov 2014 20:41:24 +0000 (15:41 -0500)]
Fix raddebug so it exits on condition parse error
Arran Cudbard-Bell [Mon, 24 Nov 2014 20:41:10 +0000 (15:41 -0500)]
Typo
Alan T. DeKok [Mon, 24 Nov 2014 20:27:47 +0000 (15:27 -0500)]
Allow "group" in instantiate
Arran Cudbard-Bell [Mon, 24 Nov 2014 20:04:59 +0000 (15:04 -0500)]
Write condition parsing errors back to radmin so we know when they've failed
Arran Cudbard-Bell [Mon, 24 Nov 2014 20:04:26 +0000 (15:04 -0500)]
Fix issues from previous commit
Arran Cudbard-Bell [Mon, 24 Nov 2014 19:12:55 +0000 (14:12 -0500)]
Implement auto-reconnect in radmin (if the server goes away we re-establish the socket on the next command)
Arran Cudbard-Bell [Mon, 24 Nov 2014 19:07:36 +0000 (14:07 -0500)]
Tidy up preprocessor stuff in radmin.c