Sam Hartman [Fri, 3 Oct 2014 14:35:48 +0000 (10:35 -0400)]
Increment spec file version
Alan T. DeKok [Wed, 1 Oct 2014 14:06:46 +0000 (10:06 -0400)]
Better error messages
(cherry picked from commit
b7e9206c4ec1dfd86663e74e1ad46e0c87172d09)
Sam Hartman [Wed, 17 Sep 2014 19:05:56 +0000 (15:05 -0400)]
Merge tag '3.0.4+moonshot1' into tr-integ
Conflicts:
raddb/mods-available/realm
src/modules/rlm_eap/libeap/eap_chbind.c
Alan T. DeKok [Wed, 10 Sep 2014 13:33:26 +0000 (09:33 -0400)]
Order by callingstation-Id, too. Fixes #786
Alan T. DeKok [Wed, 10 Sep 2014 13:06:42 +0000 (09:06 -0400)]
Added schema for DHCP IP pools.
With a key on Calling-Station-Id.
Alan T. DeKok [Wed, 10 Sep 2014 12:56:05 +0000 (08:56 -0400)]
Update accounting queries to use NOW(), too. Addresses #786
Alan T. DeKok [Wed, 10 Sep 2014 12:53:19 +0000 (08:53 -0400)]
Remove "and expiry_time IS NULL". Fixes #786
DHCP does multiple passes to allocate one IP. We want to update
the allocated IP, no matter what it's previous state.
The allocate_find query takes care of allocating the correct IP.
We don't need to do extra checks in the allocate_update query
Alan T. DeKok [Wed, 10 Sep 2014 12:50:35 +0000 (08:50 -0400)]
When clearing entries, set expiry time to now. Addresses #786
This is so that the allocate_find will return the oldest IP.
And, the allocate_find will now use an index, rather than
potentially scanning the entire table
Alan T. DeKok [Wed, 10 Sep 2014 12:49:08 +0000 (08:49 -0400)]
Fix allocate_find query. Addresses #786
Alan T. DeKok [Wed, 10 Sep 2014 12:39:14 +0000 (08:39 -0400)]
Document IPv6 option
Alan T. DeKok [Wed, 10 Sep 2014 12:26:57 +0000 (08:26 -0400)]
Be more flexible about parsing parameters
Arran Cudbard-Bell [Tue, 9 Sep 2014 23:35:12 +0000 (19:35 -0400)]
Should be map_prints
Arran Cudbard-Bell [Tue, 9 Sep 2014 20:10:07 +0000 (16:10 -0400)]
Add .gitignore for rlm_realm
Arran Cudbard-Bell [Tue, 9 Sep 2014 20:09:38 +0000 (16:09 -0400)]
rename rlm_realm config struct so it doesn't conflict with the main realms config struct
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:50:23 +0000 (15:50 -0400)]
Cache realm regular expressions
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:49:58 +0000 (15:49 -0400)]
Free home_servers with talloc_free
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:27:01 +0000 (15:27 -0400)]
Dual should be bool
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:25:47 +0000 (15:25 -0400)]
Fix parenting of dual homeservers
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:18:30 +0000 (15:18 -0400)]
Quiet valgrind error in rlm_ldap
Arran Cudbard-Bell [Tue, 9 Sep 2014 19:18:17 +0000 (15:18 -0400)]
striprealm should be strip_realm and a bool
Arran Cudbard-Bell [Tue, 9 Sep 2014 17:31:34 +0000 (13:31 -0400)]
Correctly allocate unknown sub-options
Alan DeKok [Tue, 9 Sep 2014 17:29:00 +0000 (13:29 -0400)]
Merge pull request #787 from spbnick/coverity_fixes1
Coverity fixes part 1
Nikolai Kondrashov [Tue, 9 Sep 2014 11:57:12 +0000 (14:57 +0300)]
listen: Retrieve configuration pairs once
Retrieve configuration pairs with cf_pair_find only once, before
checking their existence, in common_socket_parse. This avoids ambiguity
confusing Coverity, which otherwise reports the following issue.
Error: NULL_RETURNS (CWE-476):
freeradius-server-3.0.4rc2/src/main/listen.c:1139: returned_null: Function "cf_pair_find(CONF_SECTION const *, char const *)" returns null (checked 51 out of 54 times).
freeradius-server-3.0.4rc2/src/main/conffile.c:2353:20: return_null: Explicitly returning null.
freeradius-server-3.0.4rc2/src/main/client.c:514: example_checked: Example 1: "cf_pair_find(cs, "ipaddr")" has its value checked in "cf_pair_find(cs, "ipaddr")".
freeradius-server-3.0.4rc2/src/main/conffile.c:667: example_assign: Example 2: Assigning: "cp" = return value from "cf_pair_find(cs, p)".
freeradius-server-3.0.4rc2/src/main/conffile.c:668: example_checked: Example 2 (cont.): "cp" has its value checked in "cp".
freeradius-server-3.0.4rc2/src/main/command.c:1556: example_assign: Example 3: Assigning: "cp" = return value from "cf_pair_find(mi->cs, argv[1])".
freeradius-server-3.0.4rc2/src/main/command.c:1557: example_checked: Example 3 (cont.): "cp" has its value checked in "cp".
freeradius-server-3.0.4rc2/src/main/listen.c:103: example_assign: Example 4: Assigning: "cp" = return value from "cf_pair_find(request->listener->cs, fmt)".
freeradius-server-3.0.4rc2/src/main/listen.c:104: example_checked: Example 4 (cont.): "cp" has its value checked in "cp".
freeradius-server-3.0.4rc2/src/main/mainconfig.c:345: example_assign: Example 5: Assigning: "cp" = return value from "cf_pair_find(request->client->cs, fmt)".
freeradius-server-3.0.4rc2/src/main/mainconfig.c:346: example_checked: Example 5 (cont.): "cp" has its value checked in "cp".
freeradius-server-3.0.4rc2/src/main/listen.c:1139: var_assigned: Assigning: "cp" = null return value from "cf_pair_find(CONF_SECTION const *, char const *)".
freeradius-server-3.0.4rc2/src/main/listen.c:1142: dereference: Dereferencing a pointer that might be null "cp" when calling "cf_log_err_cp(CONF_PAIR const *, char const *, ...)".
freeradius-server-3.0.4rc2/src/main/conffile.c:2930:2: deref_parm: Directly dereferencing parameter "cp".
Nikolai Kondrashov [Tue, 9 Sep 2014 11:36:29 +0000 (14:36 +0300)]
dhcpclient: Verify socket timeout was set
Verify the return code of setsockopt, as it may fail, in dhcpclient.c.
Coverity has reported the following error for this issue.
Error: CHECKED_RETURN (CWE-252):
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpclient.c:424:
check_return: Calling function "setsockopt(sockfd, 1, 20, (char *)&tv,
16U)" without checking return value. This library function may fail and
return an error code.
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpclient.c:424:
unchecked_value: No check of the return value of "setsockopt(sockfd, 1,
20, (char *)&tv, 16U)".
Nikolai Kondrashov [Tue, 9 Sep 2014 11:29:55 +0000 (14:29 +0300)]
dhcpd: Check cf_item_parse result
Check the result of cf_item_parse for error, propagating it up the
stack in dhcp_socket_parse.
Coverity has reported the following errors for this issue.
Error: CHECKED_RETURN (CWE-252):
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpd.c:638: check_return: Calling function "cf_item_parse(CONF_SECTION *, char const *, int, void *, char const *)" without checking return value (as is done elsewhere 12 out of 14 times).
freeradius-server-3.0.4rc2/src/main/conffile.c:1416: example_assign: Example 1: Assigning: "ret" = return value from "cf_item_parse(cs, (variables + i).name, (variables + i).type, data, (variables + i).dflt)".
freeradius-server-3.0.4rc2/src/main/conffile.c:1417: example_checked: Example 1 (cont.): "ret" has its value checked in "ret < 0".
freeradius-server-3.0.4rc2/src/main/command.c:1569: example_assign: Example 2: Assigning: "rcode" = return value from "cf_item_parse(mi->cs, argv[1], (variables + i).type, data, argv[2])".
freeradius-server-3.0.4rc2/src/main/command.c:1570: example_checked: Example 2 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/listen.c:916: example_assign: Example 3: Assigning: "rcode" = return value from "cf_item_parse(cs, "ipaddr", 14, &ipaddr, NULL)".
freeradius-server-3.0.4rc2/src/main/listen.c:917: example_checked: Example 3 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/listen.c:2834: example_assign: Example 4: Assigning: "rcode" = return value from "cf_item_parse(cs, "type", 1, &listen_type, "")".
freeradius-server-3.0.4rc2/src/main/listen.c:2835: example_checked: Example 4 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/radmin.c:530: example_assign: Example 5: Assigning: "rcode" = return value from "cf_item_parse(subcs, "socket", 1, &file, NULL)".
freeradius-server-3.0.4rc2/src/main/radmin.c:531: example_checked: Example 5 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpd.c:638: unchecked_value: No check of the return value of "cf_item_parse(cs, "suppress_responses", 23, &sock->suppress_responses, NULL)".
Error: CHECKED_RETURN (CWE-252):
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpd.c:643: check_return: Calling function "cf_item_parse(CONF_SECTION *, char const *, int, void *, char const *)" without checking return value (as is done elsewhere 12 out of 14 times).
freeradius-server-3.0.4rc2/src/main/conffile.c:1416: example_assign: Example 1: Assigning: "ret" = return value from "cf_item_parse(cs, (variables + i).name, (variables + i).type, data, (variables + i).dflt)".
freeradius-server-3.0.4rc2/src/main/conffile.c:1417: example_checked: Example 1 (cont.): "ret" has its value checked in "ret < 0".
freeradius-server-3.0.4rc2/src/main/command.c:1569: example_assign: Example 2: Assigning: "rcode" = return value from "cf_item_parse(mi->cs, argv[1], (variables + i).type, data, argv[2])".
freeradius-server-3.0.4rc2/src/main/command.c:1570: example_checked: Example 2 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/listen.c:916: example_assign: Example 3: Assigning: "rcode" = return value from "cf_item_parse(cs, "ipaddr", 14, &ipaddr, NULL)".
freeradius-server-3.0.4rc2/src/main/listen.c:917: example_checked: Example 3 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/listen.c:2834: example_assign: Example 4: Assigning: "rcode" = return value from "cf_item_parse(cs, "type", 1, &listen_type, "")".
freeradius-server-3.0.4rc2/src/main/listen.c:2835: example_checked: Example 4 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/main/radmin.c:530: example_assign: Example 5: Assigning: "rcode" = return value from "cf_item_parse(subcs, "socket", 1, &file, NULL)".
freeradius-server-3.0.4rc2/src/main/radmin.c:531: example_checked: Example 5 (cont.): "rcode" has its value checked in "rcode < 0".
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcpd.c:643: unchecked_value: No check of the return value of "cf_item_parse(cs, "src_interface", 1, &sock->src_interface, NULL)".
Nikolai Kondrashov [Tue, 9 Sep 2014 10:52:05 +0000 (13:52 +0300)]
dhcp: Remove unused attribute allocation
Remove unused and unfreed unknown attribute allocation to prevent memory
leak. Coverity has reported the following error for this issue.
Error: RESOURCE_LEAK (CWE-772):
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcp.c:956: alloc_fn: Storage is returned from allocation function "dict_attrunknown(unsigned int, unsigned int, int)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2666:2: alloc_fn: Storage is returned from allocation function "malloc(size_t)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2666:2: var_assign: Assigning: "da" = "malloc(148UL)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2671:2: noescape: Resource "da" is not freed or pointed-to in function "memset(void *, int, size_t)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2687:2: var_assign: Assigning: "p" = "da".
freeradius-server-3.0.4rc2/src/lib/dict.c:2689:2: noescape: Resource "p" is not freed or pointed-to in function "snprintf(char * restrict, size_t, char const * restrict, ...)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2712:3: noescape: Resource "p" is not freed or pointed-to in function "snprintf(char * restrict, size_t, char const * restrict, ...)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2718:2: noescape: Resource "p" is not freed or pointed-to in function "print_attr_oid(char *, size_t, unsigned int, int)".
freeradius-server-3.0.4rc2/src/lib/dict.c:2546:36: noescape: "print_attr_oid(char *, size_t, unsigned int, int)" does not free or save its pointer parameter "buffer".
freeradius-server-3.0.4rc2/src/lib/dict.c:2720:2: return_alloc: Returning allocated memory "da".
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcp.c:956: var_assign: Assigning: "da" = storage returned from "dict_attrunknown(p[0], 54U, 1)".
freeradius-server-3.0.4rc2/src/modules/proto_dhcp/dhcp.c:991: leaked_storage: Variable "da" going out of scope leaks the storage it points to.
Nikolai Kondrashov [Tue, 9 Sep 2014 09:06:46 +0000 (12:06 +0300)]
radsniff: Fix buffer overruns
Divide by the element size when checking for circular buffer wrap in
rs_response_to_pcap and rs_request_to_pcap.
The following Coverity errors were reported for the defect.
Error: OVERRUN (CWE-119):
freeradius-server-3.0.4rc2/src/main/radsniff.c:934: illegal_address:
"&request->capture[80UL]" evaluates to an address that is at byte offset
1280 of an array of 80 bytes.
Error: SIZEOF_MISMATCH (CWE-398):
freeradius-server-3.0.4rc2/src/main/radsniff.c:934:
suspicious_pointer_arithmetic: Adding "80UL /* sizeof (request->capture)
*/" to pointer "request->capture" of type "rs_capture_t [5]" is
suspicious because adding an integral value to this pointer
automatically scales that value by the size, 16 bytes, of the pointed-to
type, "rs_capture_t". Most likely, you intended to use the number of
elements in "request->capture" rather than its size in bytes.
Error: OVERRUN (CWE-119):
freeradius-server-3.0.4rc2/src/main/radsniff.c:972: illegal_address:
"&request->capture[80UL]" evaluates to an address that is at byte offset 1280
of an array of 80 bytes.
Error: SIZEOF_MISMATCH (CWE-398):
freeradius-server-3.0.4rc2/src/main/radsniff.c:972:
suspicious_pointer_arithmetic: Adding "80UL /* sizeof (request->capture) */" to
pointer "request->capture" of type "rs_capture_t [5]" is suspicious because
adding an integral value to this pointer automatically scales that value by the
size, 16 bytes, of the pointed-to type, "rs_capture_t". Most likely, you
intended to use the number of elements in "request->capture" rather than its
size in bytes.
Alan T. DeKok [Tue, 9 Sep 2014 13:15:16 +0000 (09:15 -0400)]
Fix typo. Closes #784
Alan T. DeKok [Tue, 9 Sep 2014 12:15:41 +0000 (08:15 -0400)]
Fix typo. Closes #783
Arran Cudbard-Bell [Tue, 9 Sep 2014 12:07:21 +0000 (08:07 -0400)]
TLV memory should be zerod in DHCP suboption encoder
Arran Cudbard-Bell [Mon, 8 Sep 2014 15:45:47 +0000 (11:45 -0400)]
Allow bootstrap from multiple files in sqlite driver
Arran Cudbard-Bell [Tue, 9 Sep 2014 01:56:28 +0000 (21:56 -0400)]
Generate snakeoil certs on package install (debian)
Arran Cudbard-Bell [Tue, 9 Sep 2014 01:55:27 +0000 (21:55 -0400)]
Line endings
Arran Cudbard-Bell [Mon, 8 Sep 2014 16:09:41 +0000 (12:09 -0400)]
Quiet gcc
Arran Cudbard-Bell [Mon, 8 Sep 2014 15:43:26 +0000 (11:43 -0400)]
Not all servers have sections
Alan T. DeKok [Mon, 8 Sep 2014 15:29:49 +0000 (11:29 -0400)]
Find the SUB section, not the NEXT one
Alan T. DeKok [Mon, 8 Sep 2014 14:51:05 +0000 (10:51 -0400)]
remove 'const' so it builds
The various talloc() functions don't take 'const', so we can't,
either
Alan T. DeKok [Mon, 8 Sep 2014 14:09:42 +0000 (10:09 -0400)]
Update comments to be more descriptive
Alan T. DeKok [Mon, 8 Sep 2014 13:52:43 +0000 (09:52 -0400)]
Clarify debug message and raise level
Alan T. DeKok [Mon, 8 Sep 2014 13:48:57 +0000 (09:48 -0400)]
Pull autoconf.h definitions into the Make variable space
Alan T. DeKok [Mon, 8 Sep 2014 13:23:10 +0000 (09:23 -0400)]
Remove old documentation
Alan T. DeKok [Sun, 7 Sep 2014 21:50:19 +0000 (17:50 -0400)]
Final patches to make trust router work
Kevin Wasserman [Sun, 7 Sep 2014 19:28:58 +0000 (15:28 -0400)]
Remove calls to deprecated talloc_reference()
Kevin Wasserman [Sun, 7 Sep 2014 18:39:23 +0000 (14:39 -0400)]
Remove old code to preserve tls attributes
Kevin Wasserman [Sun, 7 Sep 2014 18:01:17 +0000 (14:01 -0400)]
Whitespace fixups to match 3.0.x
Kevin Wasserman [Sun, 7 Sep 2014 17:59:33 +0000 (13:59 -0400)]
Fix missed merge conflicts
Kevin Wasserman [Sun, 7 Sep 2014 16:35:19 +0000 (12:35 -0400)]
Fix rlm_realm configure bugs
Kevin Wasserman [Sun, 7 Sep 2014 15:11:18 +0000 (11:11 -0400)]
Merge branch 'v3.0.x' into tr-integ
Conflicts:
raddb/mods-available/abfab_psk_sql
raddb/policy.d/abfab-tr
raddb/sites-available/abfab-tls
raddb/sites-available/abfab-tr-idp
raddb/sites-available/channel_bindings
share/dictionary.ukerna
src/modules/rlm_realm/all.mk
Kevin Wasserman [Sun, 7 Sep 2014 08:46:40 +0000 (04:46 -0400)]
Only tr_init() once
Alan T. DeKok [Sat, 6 Sep 2014 19:21:02 +0000 (15:21 -0400)]
Let's build it, shall we?
Alan T. DeKok [Sat, 6 Sep 2014 19:20:53 +0000 (15:20 -0400)]
Missed in last commit
Alan T. DeKok [Sat, 6 Sep 2014 19:17:02 +0000 (15:17 -0400)]
Module for PSK authorizations from ABFAB trust router
Alan T. DeKok [Sat, 6 Sep 2014 19:15:29 +0000 (15:15 -0400)]
Updates and move some moonshot to Trust-Router
Alan T. DeKok [Sat, 6 Sep 2014 19:12:02 +0000 (15:12 -0400)]
Virtual server for GSS-EAP (RFC 7055)
Include a virtual server for clients that use GSS-EAP (RFC 7055). This
server works both for proxies and for home servers that actually
perform authentication.
Alan T. DeKok [Sat, 6 Sep 2014 19:06:24 +0000 (15:06 -0400)]
Add ABFAB sample policy
* pre-proxy policy to enforce constraints that section 3.5 of RFC 7055
say should be enforced near NAS
* authorize section to enforce policies enforced near home server according to RFC 7055 3.5
* Channel bindings policy to enforce ABFAB channel bindings
Alan T. DeKok [Sat, 6 Sep 2014 18:59:00 +0000 (14:59 -0400)]
Add Moonshot-COI and Moonshot-APC attributes
Alan T. DeKok [Sat, 6 Sep 2014 18:58:14 +0000 (14:58 -0400)]
Reject on any channel bindings attribute mismatch
ABFAB (RFC 7055) is a new deployment. In this case, it makes sense to
be very strict about channel bindings checks, because we have high
confidence that anyone supplying ABFAb channel bindings will supply
accurate info.
Other uses of channel bindings may require more liberal policies.
Alan T. DeKok [Sat, 6 Sep 2014 18:54:10 +0000 (14:54 -0400)]
Fix typo
Alan T. DeKok [Sat, 6 Sep 2014 18:53:40 +0000 (14:53 -0400)]
Added configure checks for trust router code
Alan T. DeKok [Sat, 6 Sep 2014 13:29:05 +0000 (09:29 -0400)]
Delete detaching message. It's annoying
Arran Cudbard-Bell [Sat, 6 Sep 2014 11:25:42 +0000 (07:25 -0400)]
Can't build without regexes on Travis because it causes the tests to fail
Arran Cudbard-Bell [Fri, 5 Sep 2014 23:02:26 +0000 (19:02 -0400)]
Fix building without regex support
Arran Cudbard-Bell [Fri, 5 Sep 2014 23:01:52 +0000 (19:01 -0400)]
Don't leak expanded lhs/rhs in do_regex
Arran Cudbard-Bell [Fri, 5 Sep 2014 18:52:34 +0000 (14:52 -0400)]
Fix PCRE checks on FreeBSD
Use FR_SMART_CHECK_LIB so we pick up the PCRE libraries on FreeBSD (they're in /usr/local/lib)
Pass pcre_lib_dir to FR_SMART_CHECK_LIB, so the user defined libpcre ./configure argument isn't ignored
Correct use of macros in the code, so we actually *use* the result of the -lpcre check
Remove unused variables and substitutions
Add output for extended regular expressions check
Philippe Wooding [Fri, 5 Sep 2014 14:58:11 +0000 (16:58 +0200)]
Add dependency on version of openssl with heartbleed fix based on distribution (debian or Ubuntu) and remove vulnerable openssl check at startup.
Alan T. DeKok [Fri, 5 Sep 2014 14:58:27 +0000 (10:58 -0400)]
Handle replies from virtual servers, too
Alan T. DeKok [Fri, 5 Sep 2014 14:43:11 +0000 (10:43 -0400)]
Don't walk over VPs in normal mode.
Debug code should only run when debugging is enabled
Alan T. DeKok [Fri, 5 Sep 2014 13:39:17 +0000 (09:39 -0400)]
map->dst->tmpl_da can be NULL if it's not TMPL_TYPE_ATTR
Alan T. DeKok [Fri, 5 Sep 2014 13:31:33 +0000 (09:31 -0400)]
Asserts to quiet scan
Alan T. DeKok [Thu, 4 Sep 2014 23:22:04 +0000 (19:22 -0400)]
Fix scan for SRC_INCDIRS, too
Alan T. DeKok [Thu, 4 Sep 2014 15:58:00 +0000 (11:58 -0400)]
Signed / unsigned changes for printing
Arran Cudbard-Bell [Thu, 4 Sep 2014 18:33:23 +0000 (14:33 -0400)]
Merge pull request #777 from matsimon/f5-dictionary
F5 dictionary
Kevin Wasserman [Thu, 4 Sep 2014 17:59:56 +0000 (13:59 -0400)]
Merge remote-tracking branch 'freeradius/v3.0.x' into tr-integ
Conflicts:
raddb/sites-available/channel_bindings
share/dictionary.ukerna
src/include/tls-h
src/main/realms.c
src/modules/rlm_realm/all.mk
src/modules/rlm_realm/rlm_realm.c
Alan T. DeKok [Thu, 4 Sep 2014 15:53:30 +0000 (11:53 -0400)]
Move addprefix for SRC_INCDIRS.
It was adding -I 3 time ???
Alan T. DeKok [Thu, 4 Sep 2014 14:10:27 +0000 (10:10 -0400)]
Add rules for cppcheck
$ CPPCHECK=yes make
will produce more warnings. For now, we suppress variable scope
complaints.
Alan T. DeKok [Thu, 4 Sep 2014 14:01:56 +0000 (10:01 -0400)]
Use "handshake_finished" instead of "finished"
To avoid polluting the global namespace with an enum
Alan T. DeKok [Thu, 4 Sep 2014 13:59:45 +0000 (09:59 -0400)]
Don't conflict with enum
Alan T. DeKok [Thu, 4 Sep 2014 13:57:00 +0000 (09:57 -0400)]
Check limit on 'i' before dereferencing it
Alan T. DeKok [Thu, 4 Sep 2014 13:54:51 +0000 (09:54 -0400)]
Zero is false. found by cppcheck
Alan T. DeKok [Thu, 4 Sep 2014 13:45:47 +0000 (09:45 -0400)]
remove space after -I
Alan T. DeKok [Thu, 4 Sep 2014 13:35:05 +0000 (09:35 -0400)]
Remove spaces after -D
Alan T. DeKok [Wed, 3 Sep 2014 20:24:30 +0000 (16:24 -0400)]
Add realm_pool_free() which garbage collects the pools.
So that the server doesn't crash
Alan T. DeKok [Wed, 3 Sep 2014 20:05:02 +0000 (16:05 -0400)]
Preliminary support for trust router code
Alan T. DeKok [Wed, 3 Sep 2014 19:06:35 +0000 (15:06 -0400)]
Expose tls_init_ctx()
Alan T. DeKok [Wed, 3 Sep 2014 18:07:03 +0000 (14:07 -0400)]
Build without getgrnam_r()
Alan T. DeKok [Wed, 3 Sep 2014 15:09:30 +0000 (11:09 -0400)]
This branch is now 3.0.5
Alan T. DeKok [Wed, 3 Sep 2014 15:08:40 +0000 (11:08 -0400)]
Update specs for v3.0.4
Alan T. DeKok [Wed, 3 Sep 2014 15:04:19 +0000 (11:04 -0400)]
Auto-discover current branch
Alan T. DeKok [Wed, 3 Sep 2014 15:01:28 +0000 (11:01 -0400)]
Free output bio, too
Alan T. DeKok [Wed, 3 Sep 2014 14:56:15 +0000 (10:56 -0400)]
Print debug messages only in debug mode. Closes #779
Herwin Weststrate [Wed, 3 Sep 2014 13:21:01 +0000 (15:21 +0200)]
Fixed quoting for mac-addr-regexp
Otherwise, a "Parse error: Unterminated string" is thrown
Arran Cudbard-Bell [Mon, 1 Sep 2014 15:50:32 +0000 (22:50 +0700)]
Update mac canonicalization policy
Alan T. DeKok [Tue, 2 Sep 2014 21:41:51 +0000 (17:41 -0400)]
Added checks for libpcre
Alan T. DeKok [Tue, 2 Sep 2014 21:15:48 +0000 (17:15 -0400)]
Allow SQL to add clients to virtual servers
Alan T. DeKok [Tue, 2 Sep 2014 18:17:18 +0000 (14:17 -0400)]
Fix use of talloc buffers
Alan T. DeKok [Tue, 2 Sep 2014 16:05:45 +0000 (12:05 -0400)]
Use ralloc'd memory for getgrnam_r(). Closes #776
Alan T. DeKok [Tue, 2 Sep 2014 16:04:12 +0000 (12:04 -0400)]
Use new fr_getgid() function. Addresses #776
Alan T. DeKok [Tue, 2 Sep 2014 15:47:13 +0000 (11:47 -0400)]
Add and expose fr_getgid(). Addresses #776
The current users of getgwnam() don't need the entire group
structure. They just need the gid. So we create a function
which returns that.
Alan T. DeKok [Tue, 2 Sep 2014 13:00:42 +0000 (09:00 -0400)]
Use getpwnam_r() and getgrnam_r() if available. Closes #775.
If the user is building threaded on a system without those functions,
too bad. It's 2014, and every sane system has those functions
Alan T. DeKok [Tue, 2 Sep 2014 12:28:49 +0000 (08:28 -0400)]
Add autoconf checks for getpwnam_r and getgrnam_r.
Right now, only the checks are included. The functions aren't
used at all.