Philippe Wooding [Mon, 8 Jun 2015 10:18:22 +0000 (12:18 +0200)]
Fix bug that caused spinning when home server was put in zombie state.
Arran Cudbard-Bell [Mon, 8 Jun 2015 12:14:44 +0000 (08:14 -0400)]
xlat value concat uses ','
Arran Cudbard-Bell [Mon, 8 Jun 2015 02:37:30 +0000 (22:37 -0400)]
sqlhpwippool gets built irrespective of experimental
Arran Cudbard-Bell [Sun, 7 Jun 2015 15:06:27 +0000 (11:06 -0400)]
Print out log message before validation
Arran Cudbard-Bell [Sat, 6 Jun 2015 17:53:08 +0000 (13:53 -0400)]
Check that the total length of all received fragments matches exactly the length specified in the first fragment
Arran Cudbard-Bell [Fri, 5 Jun 2015 21:47:43 +0000 (15:47 -0600)]
Use bools where appropriate
Arran Cudbard-Bell [Fri, 5 Jun 2015 21:47:24 +0000 (15:47 -0600)]
Document tls_session_t fields
Alan T. DeKok [Sun, 7 Jun 2015 14:47:30 +0000 (10:47 -0400)]
Revert "Make WITH_DETAIL_THREAD the default."
This reverts commit
e9f596f45bf8271bde5ff46cffd4909aaa2cd234.
arg. Some systems don't have pthreads. <sigh>
Alan T. DeKok [Sun, 7 Jun 2015 14:30:19 +0000 (10:30 -0400)]
Do less work on check_config
Alan T. DeKok [Sun, 7 Jun 2015 14:29:46 +0000 (10:29 -0400)]
Make WITH_DETAIL_THREAD the default.
Alan T. DeKok [Sat, 6 Jun 2015 14:34:13 +0000 (10:34 -0400)]
Start of "hup module" code.
Handle module config files, too. e.g. "users" file.
It's not clear how to best handle that. A module has to be told
to re-load the files it loads... but with no changes to the
module config section. It's probably best to add a "hup" method
to the modules
Alan T. DeKok [Sat, 6 Jun 2015 13:36:45 +0000 (09:36 -0400)]
Document what's going on
Alan T. DeKok [Sat, 6 Jun 2015 13:35:11 +0000 (09:35 -0400)]
Can't hup a module with bootstrap method
Becvause bootstrap registers xlat's, paircompare, etc.
Alan T. DeKok [Sat, 6 Jun 2015 13:31:28 +0000 (09:31 -0400)]
With winbind stuff, it's no longer HUP-safe
Alan T. DeKok [Fri, 5 Jun 2015 23:06:43 +0000 (19:06 -0400)]
Fix CID 1271301
Ignore the return code of rbtree_walk()
Alan T. DeKok [Fri, 5 Jun 2015 19:15:42 +0000 (15:15 -0400)]
note recent changes
Alan T. DeKok [Fri, 5 Jun 2015 18:37:31 +0000 (14:37 -0400)]
Cache FILE_INPUT from modules, too.
So that we can do HUP if a file changes for a module, but
avoid HUP if all of the files remain the same
Alan T. DeKok [Fri, 5 Jun 2015 18:28:58 +0000 (14:28 -0400)]
Allow the same config file to be read twice
Because it's sometimes useful, and as an error, it rarely happens
Alan T. DeKok [Fri, 5 Jun 2015 18:27:45 +0000 (14:27 -0400)]
re-open log file even if no config was changed
Alan T. DeKok [Fri, 5 Jun 2015 18:26:03 +0000 (14:26 -0400)]
Ignore HUP if no config files have changed
Alan T. DeKok [Fri, 5 Jun 2015 16:34:12 +0000 (12:34 -0400)]
Make an rbtree of files we've included
And track the dev / inode, instead of the filename. It's better
and easier.
Alan T. DeKok [Fri, 5 Jun 2015 14:38:51 +0000 (10:38 -0400)]
cf_file_include() is private.
And no one outside of conffile.c calls it. Everyone else should
call cf_file_read()
Alan T. DeKok [Fri, 5 Jun 2015 14:37:09 +0000 (10:37 -0400)]
Track include files at the top level, instead of each section
So that when we're asked to include the same file twice, but
from different sub-sections, we can track that.
Alan T. DeKok [Fri, 5 Jun 2015 14:30:00 +0000 (10:30 -0400)]
Whitespace
Arran Cudbard-Bell [Fri, 5 Jun 2015 18:12:42 +0000 (12:12 -0600)]
OCSP messages should go to the request log, not the global log
Arran Cudbard-Bell [Fri, 5 Jun 2015 17:47:52 +0000 (11:47 -0600)]
Check if eaptls_prev is NULL
Arran Cudbard-Bell [Fri, 5 Jun 2015 16:27:12 +0000 (10:27 -0600)]
Fix indentation for some messages, lower priority of others to make EAP-TLS debug cleaner
Reword yet more log messages, so they make sense for mortals
Arran Cudbard-Bell [Fri, 5 Jun 2015 15:40:07 +0000 (09:40 -0600)]
Move tls_status_table outside of ENABLE_OPENSSL_VERSOIN_CHECK Closes #1030
Arran Cudbard-Bell [Fri, 5 Jun 2015 04:29:49 +0000 (22:29 -0600)]
Doxygen
Arran Cudbard-Bell [Fri, 5 Jun 2015 03:51:24 +0000 (21:51 -0600)]
Use common prefix for all TLS log messages
Arran Cudbard-Bell [Fri, 5 Jun 2015 02:38:31 +0000 (20:38 -0600)]
More logging fixes
Arran Cudbard-Bell [Fri, 5 Jun 2015 00:01:40 +0000 (18:01 -0600)]
Define a prefix for ROPTIONAL global messages
Arran Cudbard-Bell [Thu, 4 Jun 2015 23:33:51 +0000 (17:33 -0600)]
Request may be null
Arran Cudbard-Bell [Thu, 4 Jun 2015 23:21:28 +0000 (17:21 -0600)]
More minor message tweaks
Arran Cudbard-Bell [Thu, 4 Jun 2015 22:57:51 +0000 (16:57 -0600)]
Typos
Arran Cudbard-Bell [Thu, 4 Jun 2015 22:42:15 +0000 (16:42 -0600)]
Clearer debugging for EAP-TLS peer fragmentation
Arran Cudbard-Bell [Thu, 4 Jun 2015 22:40:45 +0000 (16:40 -0600)]
int_ssl_status_check should log to the request log
Arran Cudbard-Bell [Thu, 4 Jun 2015 22:40:07 +0000 (16:40 -0600)]
These aren't global errors, so should be REDEBUG not RERROR
Arran Cudbard-Bell [Thu, 4 Jun 2015 22:29:29 +0000 (16:29 -0600)]
Use standard return code message format
Arran Cudbard-Bell [Thu, 4 Jun 2015 17:33:48 +0000 (11:33 -0600)]
verify mode no longer needed in eaptls_session
Arran Cudbard-Bell [Thu, 4 Jun 2015 17:28:28 +0000 (11:28 -0600)]
Messages in tls_handshake_recv should be logged to the request log
Arran Cudbard-Bell [Thu, 4 Jun 2015 17:26:46 +0000 (11:26 -0600)]
Make Peer Sent method message slightly clearer
Arran Cudbard-Bell [Thu, 4 Jun 2015 17:17:36 +0000 (11:17 -0600)]
More duplicate code (tls_new_session also sets client cert verification flags)
Arran Cudbard-Bell [Thu, 4 Jun 2015 16:53:33 +0000 (10:53 -0600)]
Document FR_TLS_* constants with doxygen prefixes, and expose fr_tls_status_table
Arran Cudbard-Bell [Thu, 4 Jun 2015 16:31:18 +0000 (10:31 -0600)]
expose request in eaptls_operation
Arran Cudbard-Bell [Thu, 4 Jun 2015 16:27:36 +0000 (10:27 -0600)]
print the string version of the return code from eaptls_process
Arran Cudbard-Bell [Thu, 4 Jun 2015 16:21:33 +0000 (10:21 -0600)]
More tweaks
Arran Cudbard-Bell [Thu, 4 Jun 2015 16:17:40 +0000 (10:17 -0600)]
Slightly improved debug messages for EAP/TLS
Arran Cudbard-Bell [Thu, 4 Jun 2015 15:24:11 +0000 (09:24 -0600)]
Only print decode errors if we're running in debug mode
Arran Cudbard-Bell [Thu, 4 Jun 2015 15:23:44 +0000 (09:23 -0600)]
Don't need to check the debug levels here...
Alan T. DeKok [Thu, 4 Jun 2015 15:04:25 +0000 (11:04 -0400)]
print out "bad packet" errors only in debug mode
Alan T. DeKok [Thu, 4 Jun 2015 14:53:28 +0000 (10:53 -0400)]
More errors on rad_recv_header()
Alan T. DeKok [Thu, 4 Jun 2015 14:49:19 +0000 (10:49 -0400)]
No need for WARNING in message
Alan T. DeKok [Thu, 4 Jun 2015 14:46:20 +0000 (10:46 -0400)]
Make debug messages consistent for bad packets
Arran Cudbard-Bell [Thu, 4 Jun 2015 01:28:30 +0000 (19:28 -0600)]
Log the reason *WHY* we're rejecting malformed packets, instead of doing it silently
This probably wasn't done before for security reasons, but now we have the RATE_LIMIT macro, there's really no reason not to.
This was discovered by a poorly configured F5 probe.
Alan T. DeKok [Wed, 3 Jun 2015 15:24:30 +0000 (11:24 -0400)]
Fix LGPL text broken by
1af9582b2
Philippe Wooding [Sun, 17 May 2015 15:10:18 +0000 (17:10 +0200)]
Add SQL auth reject test
Philippe Wooding [Sun, 17 May 2015 15:08:49 +0000 (17:08 +0200)]
Should not call test_pass in auth test SQL test
Philippe Wooding [Sun, 17 May 2015 09:18:14 +0000 (11:18 +0200)]
Update SQL insert query in test to be compatible with old version of SQLite that comes with Travis.
Philippe Wooding [Sat, 16 May 2015 13:13:46 +0000 (15:13 +0200)]
Define a set of common SQL tests that all driver specific directories links to.
Philippe Wooding [Thu, 14 May 2015 20:26:04 +0000 (22:26 +0200)]
Don't use instance name in SQL module tests.
Philippe Wooding [Tue, 12 May 2015 05:41:40 +0000 (07:41 +0200)]
Make MySQL & SQLite queries more robust
Philippe Wooding [Wed, 6 May 2015 16:18:23 +0000 (18:18 +0200)]
Add support for ldap, mysql and postgres tests through the use of an external VM.
Required either TEST_SERVER of <MODULE>_TEST_SERVER env variable(s) to be defined.
Add support for 'PRE' conditions in module tests' unlang definition (just like it's used in the keywords tests)
Philippe Wooding [Wed, 6 May 2015 16:13:12 +0000 (18:13 +0200)]
Add SSL support to unittest
Philippe Wooding [Wed, 6 May 2015 16:12:19 +0000 (18:12 +0200)]
Bug fix: when adding a list of VPs to and existing list, the operators weren't processed as they should be.
Philippe Wooding [Wed, 6 May 2015 16:05:39 +0000 (18:05 +0200)]
Rename generic LDAP attributes to: radiusControlAttribute, radiusReplyAttribute & radiusRequestAttribute
and add these new attributes the the schema definition.
Arran Cudbard-Bell [Tue, 2 Jun 2015 17:16:41 +0000 (11:16 -0600)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 2 Jun 2015 17:16:14 +0000 (11:16 -0600)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 2 Jun 2015 17:07:35 +0000 (11:07 -0600)]
Add dictionary for hotspot 2.0
Alan T. DeKok [Mon, 1 Jun 2015 17:53:39 +0000 (13:53 -0400)]
note recent changes
Alan T. DeKok [Mon, 1 Jun 2015 15:48:52 +0000 (11:48 -0400)]
Fix rad_suid_up / down / down_permanent for non-Linux systems
Alan T. DeKok [Mon, 1 Jun 2015 15:36:41 +0000 (11:36 -0400)]
create radlog_dir along with run_dir.
And create the output log file AFTER changing SUID
Alan T. DeKok [Mon, 1 Jun 2015 15:08:25 +0000 (11:08 -0400)]
re-arrange and document the various config blocks
Alan T. DeKok [Mon, 1 Jun 2015 14:59:03 +0000 (10:59 -0400)]
Parse ${logdir} and ${run_dir} as part of bootstrap
Alan T. DeKok [Mon, 1 Jun 2015 14:57:56 +0000 (10:57 -0400)]
parse ${logdir} as part of the destinations
Alan T. DeKok [Mon, 1 Jun 2015 14:29:06 +0000 (10:29 -0400)]
Loading modules is a debug message
Alan T. DeKok [Mon, 1 Jun 2015 13:04:43 +0000 (09:04 -0400)]
Remove redundant "open log files"
Alan T. DeKok [Mon, 1 Jun 2015 13:03:31 +0000 (09:03 -0400)]
Create run_dir in daemon mode
Sebastian Hagedorn [Fri, 29 May 2015 12:52:37 +0000 (14:52 +0200)]
Check if radius is running
post-receive checks if radius is running. If not, it will accept
changes based on the config check, without trying to restart radiusd.
Alan T. DeKok [Sun, 31 May 2015 22:27:37 +0000 (18:27 -0400)]
on the odd chance that fmt may be NULL...
Arran Cudbard-Bell [Fri, 29 May 2015 20:07:24 +0000 (16:07 -0400)]
Assert not required and causes warnings with NDEBUG
Arran Cudbard-Bell [Fri, 29 May 2015 19:41:21 +0000 (15:41 -0400)]
Typo
Jorge Pereira [Fri, 29 May 2015 18:54:51 +0000 (15:54 -0300)]
bugfix a SIGSEGV during 'show debug condition' in radmin
Alan T. DeKok [Fri, 29 May 2015 16:10:27 +0000 (12:10 -0400)]
note recent changes
Alan T. DeKok [Fri, 29 May 2015 16:09:35 +0000 (12:09 -0400)]
nitgroups only when changing UIDs
Arran Cudbard-Bell [Fri, 29 May 2015 15:24:00 +0000 (11:24 -0400)]
Parent may be NULL
Alan T. DeKok [Fri, 29 May 2015 14:55:25 +0000 (10:55 -0400)]
Allow the server to start as "radiusd" with "user = radiusd"
Alan T. DeKok [Fri, 29 May 2015 00:48:50 +0000 (20:48 -0400)]
send packet as the last thing in a thread
Alan T. DeKok [Thu, 28 May 2015 16:07:46 +0000 (12:07 -0400)]
Be more careful when originating CoA requests
And document the process a bit more
Alan T. DeKok [Thu, 28 May 2015 15:49:46 +0000 (11:49 -0400)]
Allow sendign CoA packets from post-auth
Alan T. DeKok [Thu, 28 May 2015 15:28:39 +0000 (11:28 -0400)]
cp filename may be NULL
Alan T. DeKok [Wed, 27 May 2015 15:01:28 +0000 (11:01 -0400)]
Use correct data types for TLS fields
Alan T. DeKok [Wed, 27 May 2015 14:05:48 +0000 (10:05 -0400)]
note recent changes
Alan T. DeKok [Wed, 27 May 2015 14:04:56 +0000 (10:04 -0400)]
Use allow_retry for expired passwords, too
Alan T. DeKok [Wed, 27 May 2015 12:50:30 +0000 (08:50 -0400)]
More debugging
Arran Cudbard-Bell [Tue, 26 May 2015 18:21:58 +0000 (14:21 -0400)]
Always need strvalue
Arran Cudbard-Bell [Mon, 25 May 2015 18:03:46 +0000 (14:03 -0400)]
Update ldap
Alan T. DeKok [Fri, 22 May 2015 13:36:12 +0000 (09:36 -0400)]
Avoid strdup for filename, if at all possible
Alan T. DeKok [Fri, 22 May 2015 13:26:25 +0000 (09:26 -0400)]
Use the same <internal>
Arran Cudbard-Bell [Thu, 21 May 2015 23:15:43 +0000 (19:15 -0400)]
Regen configure