Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:56 +0000 (20:08 +0200)]
Do not use HMAC_CTX_init
Switch to using HMAC_CTX_new in place of HMAC_CTX_init, which was
removed in OpenSSL 1.1, resulting in broken build.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:54 +0000 (20:08 +0200)]
Initialize HMAC context in rlm_otp
Add the missing mandatory HMAC context initialization to rlm_otp's
otp_gen_state. Otherwise the outcome of the following HMAC operations is
undefined.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:49 +0000 (20:08 +0200)]
Do not try to access private OpenSSL structs
Some more OpenSSL structures were made private in v1.1 and accessor
functions were added instead. Switch to using accessor functions to fix
the build.
Nikolai Kondrashov [Wed, 7 Dec 2016 12:23:54 +0000 (14:23 +0200)]
Move func substitutes from rlm_eap to missing.c
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:47 +0000 (20:08 +0200)]
Add a few OpenSSL fallback funcs
Add four fallback function implementations to use in place of functions
removed/deprecated in OpenSSL 1.1. Those are to be used in the following
patches to make the build work and not produce deprecation warnings.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:21:33 +0000 (10:21 +0200)]
Check for openssl/conf.h
Check for presence of openssl/conf.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:13:55 +0000 (10:13 +0200)]
Check for openssl/asn1.h
Check for presence of openssl/asn1.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:43 +0000 (20:08 +0200)]
Check for openssl/hmac.h
Apart from dealing with a FIXME, this is needed for implementing
compatibility fallbacks for some functions introduced in OpenSSL 1.1, in
following commits.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:40 +0000 (20:08 +0200)]
Check for EVP_CIPHER_CTX_new to detect libcrypto
Switch to checking for EVP_CIPHER_CTX_new instead of EVP_cleanup to
detect presence of libcrypto, because EVP_cleanup was removed as symbol
from OpenSSL 1.1, and the check would always fail.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:33 +0000 (20:08 +0200)]
Fix SSL_get_client/server_random checks
Needed for conditionally avoiding accessing private OpenSSL structures
in a following patch.
Backported from v3.1.x.
Alan T. DeKok [Wed, 30 Nov 2016 13:30:38 +0000 (08:30 -0500)]
switch with no match and no default
Alan T. DeKok [Mon, 28 Nov 2016 15:37:17 +0000 (10:37 -0500)]
limit FD to FD_SETSIZE
Alan DeKok [Wed, 23 Nov 2016 18:16:55 +0000 (13:16 -0500)]
Merge pull request #1857 from jrouzierinverse/json-encoding
Cast byte as an unsigned char instead
James Rouzier [Wed, 23 Nov 2016 17:37:59 +0000 (12:37 -0500)]
Cast byte as an unsigned char instead
Alan T. DeKok [Wed, 23 Nov 2016 14:06:39 +0000 (09:06 -0500)]
use unsigned, not signed
Alan T. DeKok [Wed, 23 Nov 2016 14:05:50 +0000 (09:05 -0500)]
\n is \n, not \b
Alan T. DeKok [Tue, 22 Nov 2016 21:27:12 +0000 (16:27 -0500)]
make data unsigned
Alan DeKok [Mon, 21 Nov 2016 16:43:05 +0000 (11:43 -0500)]
Merge pull request #1853 from alanbuxey/patch-4
remove unnecessary "Need 0 more connections to reach..." INFO output
Alan Buxey [Mon, 21 Nov 2016 15:25:24 +0000 (15:25 +0000)]
remove unnecessary "Need 0 more connections to reach..." INFO output
the <= means that when the value is 0 the server keeps spewing out "Need 0 more connections to reach..." messages into the log output. this ensures messages come out only when there is a need.
Alan T. DeKok [Mon, 21 Nov 2016 14:06:32 +0000 (09:06 -0500)]
Check both attributes for message type and option 82
Alan T. DeKok [Mon, 21 Nov 2016 12:01:07 +0000 (07:01 -0500)]
added MS-MPPE-Encryption-Policy !* ANY
Alan T. DeKok [Sat, 19 Nov 2016 00:32:10 +0000 (19:32 -0500)]
fix inner-tunnel policy
This policy replaces "use_tunneled_reply". It's better to use
if (0) { ...} to disable blocks of code, instead of commenting it out.
Also, update the local reply before copying it to the outer
session-state list. That makes a lot more sense.
Alan T. DeKok [Fri, 18 Nov 2016 16:59:28 +0000 (11:59 -0500)]
set reject on reject
Alan T. DeKok [Fri, 18 Nov 2016 14:16:27 +0000 (09:16 -0500)]
remove unnecessary const
Alan T. DeKok [Tue, 15 Nov 2016 17:32:01 +0000 (12:32 -0500)]
pass the correct length to hex2bin
Alan T. DeKok [Mon, 14 Nov 2016 19:30:10 +0000 (14:30 -0500)]
NO is 0. YES is 1.
Alan T. DeKok [Fri, 11 Nov 2016 11:56:23 +0000 (06:56 -0500)]
from Microsemi
Boris Lytochkin [Wed, 9 Nov 2016 19:03:03 +0000 (22:03 +0300)]
fix build on FreeBSD: readline headers imply stdio.h is included prior
including readline.h
Arran Cudbard-Bell [Wed, 9 Nov 2016 15:09:21 +0000 (10:09 -0500)]
Really should be invalid
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:18 +0000 (07:36 -0500)]
Merge pull request #1829 from lytboris/init-out-v3.0.x
Initialize out before calling radius_axlat or radius_axlat_struct
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:06 +0000 (07:36 -0500)]
Merge branch 'v3.0.x' into init-out-v3.0.x
Arran Cudbard-Bell [Tue, 8 Nov 2016 14:15:04 +0000 (09:15 -0500)]
Merge pull request #1823 from lytboris/rlm_perl_radxlat_function-v3.0.x
implement radiusd::radius_xlat in rlm_perl (v3.0.x)
Boris Lytochkin [Fri, 4 Nov 2016 14:29:12 +0000 (17:29 +0300)]
implement radiusd::xlat in rlm_perl
Sponsored by: Yandex LLC
Alan T. DeKok [Tue, 8 Nov 2016 13:47:47 +0000 (08:47 -0500)]
fix previous commit
Arran Cudbard-Bell [Mon, 7 Nov 2016 18:32:29 +0000 (13:32 -0500)]
Sometimes we're spawning to reach min not spare
Alan T. DeKok [Mon, 7 Nov 2016 15:42:45 +0000 (10:42 -0500)]
note recent changes
Alan T. DeKok [Mon, 7 Nov 2016 15:42:02 +0000 (10:42 -0500)]
OpenSSL 1.1.0 compatability fixes
Philippe Wooding [Tue, 13 Sep 2016 11:20:00 +0000 (13:20 +0200)]
Initialize out before calling radius_axlat or radius_axlat_struct
Arran Cudbard-Bell [Sat, 5 Nov 2016 19:24:41 +0000 (15:24 -0400)]
Merge pull request #1815 from alanbuxey/v3.0.x
fixed variable in accounting policy to use correct "&" prefix - no more warnings with default configuration
Arran Cudbard-Bell [Sat, 5 Nov 2016 19:20:48 +0000 (15:20 -0400)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Fri, 4 Nov 2016 18:09:34 +0000 (14:09 -0400)]
success may still return nothing. Should help with #1824
Alan T. DeKok [Fri, 4 Nov 2016 15:35:43 +0000 (11:35 -0400)]
NUL terminating strings is a good idea.
Alan T. DeKok [Fri, 4 Nov 2016 12:38:35 +0000 (08:38 -0400)]
more error messages
Alan DeKok [Fri, 4 Nov 2016 13:43:23 +0000 (09:43 -0400)]
Merge pull request #1819 from jrouzierinverse/ldap-null-check
Check if info.ldapai_extensions is not NULL before freeing it
Arran Cudbard-Bell [Thu, 3 Nov 2016 20:13:21 +0000 (16:13 -0400)]
Ignore dirs from other branches
Arran Cudbard-Bell [Thu, 3 Nov 2016 20:11:32 +0000 (16:11 -0400)]
Initialise tminfo Closes #1820
Arran Cudbard-Bell [Thu, 3 Nov 2016 14:33:04 +0000 (10:33 -0400)]
Merge branch 'v3.0.x' into ldap-null-check
Alan T. DeKok [Thu, 3 Nov 2016 13:54:41 +0000 (09:54 -0400)]
note recent changes
Alan T. DeKok [Thu, 3 Nov 2016 13:50:56 +0000 (09:50 -0400)]
Rename lt_* to fr_*. Fixes #1277
Which fixes linker issues in libraries which link to libtool,
and then sometimes get the wrong function.
Changed via:
perl -p -i -e 's/lt_dlhandle/fr_dlhandle/g;s/lt_dlopenext/fr_dlopenext/g;s/lt_dlsym/fr_dlsym/g;s/lt_dlclose/fr_dlclose/g;s/lt_dlerror/fr_dlerror/g;' $(find . -name "*.[ch]" -print)
Alan Buxey [Tue, 1 Nov 2016 20:39:56 +0000 (20:39 +0000)]
Merge branch 'v3.0.x' into v3.0.x
Alan Buxey [Tue, 1 Nov 2016 20:38:56 +0000 (20:38 +0000)]
allow Calling-Station-Id and Chargeable-User-Identity to pass through
ensures configuration works out of box for various roaming consortia
James Rouzier [Tue, 1 Nov 2016 17:13:53 +0000 (13:13 -0400)]
Check if info.ldapai_extensions is not NULL before freeing it
Arran Cudbard-Bell [Mon, 31 Oct 2016 15:21:52 +0000 (11:21 -0400)]
Merge pull request #1799 from intersvyaz/v3.0.x-patch2
rlm_ldap: cleanup memory after ldap version query
Arran Cudbard-Bell [Mon, 31 Oct 2016 14:44:06 +0000 (10:44 -0400)]
Merge branch 'v3.0.x' into v3.0.x-patch2
Alan Buxey [Sun, 30 Oct 2016 22:27:38 +0000 (22:27 +0000)]
fixed variable to use the "&" prefix
Arran Cudbard-Bell [Sat, 29 Oct 2016 11:53:41 +0000 (07:53 -0400)]
Merge pull request #1811 from Caspinol/v3.0.x
Refer to raiusd.conf for more examples
Kris [Fri, 28 Oct 2016 15:49:56 +0000 (16:49 +0100)]
Refer to raiusd.conf for more examples
Alan DeKok [Fri, 28 Oct 2016 11:36:42 +0000 (07:36 -0400)]
Merge pull request #1810 from qnet-herwin/indentation_rlm_mschap
Indentation fix in rlm_mschap.c
Herwin Weststrate [Fri, 28 Oct 2016 11:11:03 +0000 (13:11 +0200)]
Indentation fix in rlm_mschap.c
Alan DeKok [Wed, 26 Oct 2016 14:47:42 +0000 (10:47 -0400)]
Merge pull request #1806 from candlerb/v3.0.x/candlerb/eap-updated
Add commented-out example to eap section to handle "updated" response
Brian Candler [Tue, 25 Oct 2016 17:19:10 +0000 (18:19 +0100)]
Add commented-out example to eap section to handle "updated" response
This occurs part-way through a PEAP tunneled exchange, and can cause
additional database lookups.
Alan T. DeKok [Tue, 25 Oct 2016 12:46:10 +0000 (08:46 -0400)]
typo
Alan T. DeKok [Sun, 23 Oct 2016 15:57:06 +0000 (11:57 -0400)]
no longer needed
Alan T. DeKok [Sat, 22 Oct 2016 22:20:35 +0000 (18:20 -0400)]
Check for new OpenSSL. Fixes #1803
Old versions of OpenSSL don't have the necessary functions or
macro definitions, so we don't build rlm_eap_fast for them.
Aleksey Katargin [Wed, 19 Oct 2016 10:25:07 +0000 (15:25 +0500)]
rlm_ldap: cleanup memory after ldap version query
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Wed, 19 Oct 2016 17:56:43 +0000 (13:56 -0400)]
Merge pull request #1795 from intersvyaz/v3.0.x-patch1
conffile: cleanup section children and tail on data remove
Alan T. DeKok [Wed, 19 Oct 2016 16:39:35 +0000 (12:39 -0400)]
note recent changes
Alan T. DeKok [Wed, 19 Oct 2016 16:37:27 +0000 (12:37 -0400)]
return RLM_MODULE_NOTFOUND if nothing was found
Alan DeKok [Wed, 19 Oct 2016 13:52:36 +0000 (09:52 -0400)]
Merge branch 'v3.0.x' into v3.0.x-patch1
Alan T. DeKok [Wed, 19 Oct 2016 13:48:48 +0000 (09:48 -0400)]
Add cipher_server_preference. Manual port of #1797
Aleksey Katargin [Wed, 19 Oct 2016 08:05:11 +0000 (13:05 +0500)]
conffile: cleanup section children and tail on data remove
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Mon, 17 Oct 2016 16:15:50 +0000 (12:15 -0400)]
Merge pull request #1793 from andre-luiz-dos-santos/patch-1
Minor typo
André Luiz dos Santos [Mon, 17 Oct 2016 15:26:32 +0000 (13:26 -0200)]
Minor typo
Alan DeKok [Mon, 17 Oct 2016 14:37:55 +0000 (10:37 -0400)]
Merge pull request #1792 from mcnewton/v3.0.x
rlm_mschap: fix up password change test
Matthew Newton [Mon, 17 Oct 2016 13:55:54 +0000 (14:55 +0100)]
rlm_mschap: fix up password change test
Alan T. DeKok [Wed, 12 Oct 2016 14:13:00 +0000 (10:13 -0400)]
added RFC 7930
Alan DeKok [Tue, 11 Oct 2016 17:13:49 +0000 (13:13 -0400)]
Merge pull request #1777 from zmousm/raddebug-dash-n
Let raddebug also have the -n option
Alan T. DeKok [Tue, 11 Oct 2016 17:12:04 +0000 (13:12 -0400)]
note recent changes
Alan T. DeKok [Tue, 11 Oct 2016 16:54:54 +0000 (12:54 -0400)]
vps may be NULL. Fixes #1778
The VERIFY_LIST macro shouild be protected by an "if *vps" check.
It should also be run once all of the VPs have been added,
and not on every VP which is added.
Zenon Mousmoulas [Mon, 10 Oct 2016 05:20:00 +0000 (08:20 +0300)]
Let raddebug also have the -n option
Alan DeKok [Sat, 8 Oct 2016 13:39:33 +0000 (09:39 -0400)]
Merge pull request #1772 from zmousm/fix-deb-patch
Refresh debian/patches/radiusd-to-freeradius.diff
Alan DeKok [Sat, 8 Oct 2016 13:29:30 +0000 (09:29 -0400)]
Merge pull request #1775 from stapelberg/patch-1
fix: macro `IR(hours|minutes|seconds)' not defined
Michael Stapelberg [Sat, 8 Oct 2016 11:51:51 +0000 (13:51 +0200)]
fix: macro `IR(hours|minutes|seconds)' not defined
Zenon Mousmoulas [Sat, 8 Oct 2016 07:42:13 +0000 (10:42 +0300)]
Refresh debian/patches/radiusd-to-freeradius.diff
dpkg-source aborts due to missing initial spaces and fuzz in one
context line
Alan T. DeKok [Wed, 5 Oct 2016 14:56:33 +0000 (10:56 -0400)]
it's not a warning message
Alan T. DeKok [Tue, 4 Oct 2016 18:43:28 +0000 (14:43 -0400)]
fix warning messages for packet possibly truncated
rely on the "encode" function to display warning messages.
And make the warning messages debug only
Alan T. DeKok [Mon, 3 Oct 2016 15:05:08 +0000 (11:05 -0400)]
check num_rows before using them
Alan T. DeKok [Mon, 3 Oct 2016 13:22:22 +0000 (09:22 -0400)]
Check for expiry only if the password was OK. Fixes #1762
Alan T. DeKok [Mon, 3 Oct 2016 13:15:21 +0000 (09:15 -0400)]
note recent changes
Alan DeKok [Mon, 3 Oct 2016 13:11:05 +0000 (09:11 -0400)]
Merge pull request #1767 from djjudas21/patch-1
Fix typo in %files section to avoid error building RPM
Jonathan [Mon, 3 Oct 2016 10:42:06 +0000 (11:42 +0100)]
Fix typo in %files section to avoid error building RPM
File not found: /home/jg4461/rpmbuild/BUILDROOT/freeradius-3.0.12-2.el7.centos.x86_64/usr/share/man/man1/radcounter.1.gz
Arran Cudbard-Bell [Sat, 1 Oct 2016 12:05:11 +0000 (13:05 +0100)]
Merge pull request #1763 from alanbuxey/patch-1
another typo fix and capitalisations
Alan Buxey [Sat, 1 Oct 2016 11:46:02 +0000 (12:46 +0100)]
another typo fix and capitalisations
Alan T. DeKok [Fri, 30 Sep 2016 11:58:43 +0000 (07:58 -0400)]
update for 3.0.13
Alan T. DeKok [Fri, 30 Sep 2016 11:36:33 +0000 (07:36 -0400)]
add "date" module
Alan T. DeKok [Fri, 30 Sep 2016 11:36:50 +0000 (07:36 -0400)]
bump for 3.0.13
Alan T. DeKok [Thu, 29 Sep 2016 15:19:48 +0000 (11:19 -0400)]
typo
Alan T. DeKok [Thu, 29 Sep 2016 14:55:38 +0000 (10:55 -0400)]
note recent changes.
Alan T. DeKok [Thu, 29 Sep 2016 14:42:58 +0000 (10:42 -0400)]
allow for old-style names, too
Alan T. DeKok [Thu, 29 Sep 2016 14:33:22 +0000 (10:33 -0400)]
simplify debug messages
we don't need 'request %u' in RDEBUG messages