Matthew Newton [Tue, 15 Oct 2013 21:49:22 +0000 (22:49 +0100)]
add timeout arg to radius_exec_program, with default EXEC_TIMEOUT
Alan T. DeKok [Wed, 16 Oct 2013 14:49:12 +0000 (10:49 -0400)]
Note issues with spaces in User-Name
Alan T. DeKok [Tue, 15 Oct 2013 15:43:33 +0000 (11:43 -0400)]
Quiet clang analyzer
Alan T. DeKok [Tue, 15 Oct 2013 15:13:26 +0000 (11:13 -0400)]
Remove unused assignments
Arran Cudbard-Bell [Mon, 14 Oct 2013 21:31:59 +0000 (22:31 +0100)]
Better way of detecting clang
Alan T. DeKok [Mon, 14 Oct 2013 21:10:21 +0000 (17:10 -0400)]
Last conversion to talloc
Alan T. DeKok [Mon, 14 Oct 2013 20:52:23 +0000 (16:52 -0400)]
Add target-specific scan rules
Alan T. DeKok [Mon, 14 Oct 2013 20:46:54 +0000 (16:46 -0400)]
Minor fixes for scanner
Alan T. DeKok [Mon, 14 Oct 2013 20:45:20 +0000 (16:45 -0400)]
Analyzer ignores function attributes
Alan T. DeKok [Mon, 14 Oct 2013 20:43:48 +0000 (16:43 -0400)]
Clang analyzer appears to ignore function attributes
Alan T. DeKok [Mon, 14 Oct 2013 20:42:49 +0000 (16:42 -0400)]
Remove unused assignment
Alan T. DeKok [Mon, 14 Oct 2013 20:37:31 +0000 (16:37 -0400)]
Fixes for analyzer
Alan T. DeKok [Mon, 14 Oct 2013 20:15:56 +0000 (16:15 -0400)]
set L_WARN to yellow, too
Alan T. DeKok [Mon, 14 Oct 2013 20:00:36 +0000 (16:00 -0400)]
Allow clients to have "proto = tls".
This means tls is REQUIRED for them. So if someone accidentally
allows that client for RADIUS/TCP, or RADIUS/TCP, the connection
will not be allowed.
Alan T. DeKok [Mon, 14 Oct 2013 14:24:39 +0000 (10:24 -0400)]
Note that the radsec shared secret is radsec
Alan T. DeKok [Sun, 13 Oct 2013 13:55:02 +0000 (09:55 -0400)]
Assert to quiet clang analyzer
Alan T. DeKok [Sun, 13 Oct 2013 13:45:28 +0000 (09:45 -0400)]
Remove unused assignment
Alan T. DeKok [Sun, 13 Oct 2013 13:44:02 +0000 (09:44 -0400)]
Rearrange code to quiet clang analyzer
Alan T. DeKok [Sun, 13 Oct 2013 13:41:59 +0000 (09:41 -0400)]
Assert to quiet clang analyzer
Alan T. DeKok [Sun, 13 Oct 2013 13:41:08 +0000 (09:41 -0400)]
Assert to quiet clang analyzer
Alan T. DeKok [Sun, 13 Oct 2013 13:39:00 +0000 (09:39 -0400)]
Removed unused assignments
Alan T. DeKok [Sun, 13 Oct 2013 13:33:57 +0000 (09:33 -0400)]
Remove unnecessary assignment
Alan T. DeKok [Sun, 13 Oct 2013 02:16:25 +0000 (22:16 -0400)]
Removed duplicate code
Alan T. DeKok [Sun, 13 Oct 2013 02:10:42 +0000 (22:10 -0400)]
Realm struct to talloc
Alan T. DeKok [Sun, 13 Oct 2013 02:10:27 +0000 (22:10 -0400)]
One more minor assert
Alan T. DeKok [Sun, 13 Oct 2013 02:04:15 +0000 (22:04 -0400)]
Be more careful about initialization in a loop
Alan T. DeKok [Sun, 13 Oct 2013 02:02:16 +0000 (22:02 -0400)]
Clean rules for scan
Alan T. DeKok [Sun, 13 Oct 2013 02:01:00 +0000 (22:01 -0400)]
Use clang analyzer macro to tell it about asserts
Alan T. DeKok [Sat, 12 Oct 2013 16:17:01 +0000 (12:17 -0400)]
Rules for clang analyzer
do "make scan" for a LONG build, with lots of scanning,
and (for now) a number of errors.
Phil Mayers [Mon, 14 Oct 2013 12:58:58 +0000 (13:58 +0100)]
correct the log/colourise logic
Arran Cudbard-Bell [Mon, 14 Oct 2013 12:40:16 +0000 (13:40 +0100)]
Seeing as we now encode ethernet, and we check that ethernet VPs are the correct length, we should probably decode ethernet to.
Arran Cudbard-Bell [Mon, 14 Oct 2013 11:22:36 +0000 (12:22 +0100)]
regexec doesn't seem to initialised unused elements of rxmatch
Ryan Steinmetz [Sun, 13 Oct 2013 16:00:46 +0000 (12:00 -0400)]
- Fix build when linking against OpenSSL
Alan T. DeKok [Sun, 13 Oct 2013 13:57:03 +0000 (09:57 -0400)]
Properly initialize variable
Alan T. DeKok [Sat, 12 Oct 2013 14:34:55 +0000 (10:34 -0400)]
Add OpenSSL to smbencrypt, for the MD4 functions
Now that we always use OpenSSL for MD4 when it's available
Alan T. DeKok [Sat, 12 Oct 2013 12:45:41 +0000 (08:45 -0400)]
Use correct struct entry
Arran Cudbard-Bell [Sat, 12 Oct 2013 18:21:49 +0000 (19:21 +0100)]
Only set ARP dev if interface is known
Arran Cudbard-Bell [Fri, 11 Oct 2013 17:10:48 +0000 (18:10 +0100)]
vsnprintf may of returned random crap, but talloc is consistent
Phil Mayers [Fri, 11 Oct 2013 16:31:51 +0000 (17:31 +0100)]
pool-key and lease-duration now have _
Phil Mayers [Fri, 11 Oct 2013 16:26:57 +0000 (17:26 +0100)]
set vp length
Alan T. DeKok [Fri, 11 Oct 2013 12:31:34 +0000 (08:31 -0400)]
Make ID printing %u, not %d
Arran Cudbard-Bell [Thu, 10 Oct 2013 22:35:25 +0000 (23:35 +0100)]
Whitespace
Arran Cudbard-Bell [Thu, 10 Oct 2013 22:35:17 +0000 (23:35 +0100)]
Slightly better error message
Arran Cudbard-Bell [Thu, 10 Oct 2013 22:24:58 +0000 (23:24 +0100)]
Remove error on accessing invalid request
Arran Cudbard-Bell [Thu, 10 Oct 2013 21:29:36 +0000 (22:29 +0100)]
Fix potential overflow in fr_dhcp_add_arp_entry
Arran Cudbard-Bell [Thu, 10 Oct 2013 20:38:51 +0000 (21:38 +0100)]
Typo?
Arran Cudbard-Bell [Thu, 10 Oct 2013 20:24:40 +0000 (21:24 +0100)]
Remove timezone from changelog
Arran Cudbard-Bell [Thu, 10 Oct 2013 18:56:17 +0000 (19:56 +0100)]
Fix stupid nesting in sqlippool
Arran Cudbard-Bell [Thu, 10 Oct 2013 18:51:29 +0000 (19:51 +0100)]
sql_query now returns < 0 for error. Closes #444
sqlippool_command should also indicated that it errored
Arran Cudbard-Bell [Wed, 9 Oct 2013 12:11:17 +0000 (13:11 +0100)]
Better way of doing pairremove
Arran Cudbard-Bell [Tue, 8 Oct 2013 16:34:05 +0000 (17:34 +0100)]
Fix potential segv in pairremove
Arran Cudbard-Bell [Wed, 9 Oct 2013 14:43:51 +0000 (15:43 +0100)]
Should be fr_assert
Alan T. DeKok [Wed, 9 Oct 2013 14:37:59 +0000 (10:37 -0400)]
Bump for 3.0.1
Arran Cudbard-Bell [Wed, 9 Oct 2013 14:06:09 +0000 (15:06 +0100)]
Fix segv in fr_dhcp_add_arp_entry
Arran Cudbard-Bell [Tue, 8 Oct 2013 14:21:42 +0000 (15:21 +0100)]
TGT_PRLIBS not needed for libraries
Arran Cudbard-Bell [Tue, 8 Oct 2013 11:54:19 +0000 (12:54 +0100)]
Treat check attributes as unsigned 64bit integers, this should be OK, as all VALUE_PAIRs can hold 64bit integers anyway, and the left 32bits of a integer attribute will be 0.
Arran Cudbard-Bell [Mon, 7 Oct 2013 22:58:41 +0000 (18:58 -0400)]
Get branch specific build status
Alan T. DeKok [Mon, 7 Oct 2013 19:49:47 +0000 (15:49 -0400)]
Publish to correct location
Alan T. DeKok [Mon, 7 Oct 2013 19:48:34 +0000 (15:48 -0400)]
Final changes for 3.0
Alan T. DeKok [Mon, 7 Oct 2013 02:08:01 +0000 (22:08 -0400)]
Update version before release
Alan T. DeKok [Mon, 7 Oct 2013 02:07:16 +0000 (22:07 -0400)]
Fix sed script for version in debian file
Alan T. DeKok [Mon, 7 Oct 2013 02:07:05 +0000 (22:07 -0400)]
Use correct release branch
Alan T. DeKok [Fri, 4 Oct 2013 13:27:32 +0000 (09:27 -0400)]
Revert
afe57485. Fixes #442
Arran Cudbard-Bell [Wed, 2 Oct 2013 16:45:33 +0000 (17:45 +0100)]
IPv6_RECVPKTINFO isn't defined unless the advanced API is available, IPV6_2292PKTINFO is the 'legacy' socket option but should work just as well.
Arran Cudbard-Bell [Wed, 2 Oct 2013 12:41:49 +0000 (13:41 +0100)]
Ignore editor projects
Arran Cudbard-Bell [Tue, 1 Oct 2013 21:36:11 +0000 (22:36 +0100)]
Update aruba dictionary, extra definitions from alagoutte
Alan T. DeKok [Mon, 30 Sep 2013 19:57:32 +0000 (15:57 -0400)]
Silently skip empty subgroups
Alan T. DeKok [Mon, 30 Sep 2013 19:50:21 +0000 (15:50 -0400)]
"case" can only occur within a "switch"
Alan T. DeKok [Mon, 30 Sep 2013 15:01:48 +0000 (11:01 -0400)]
Don't set parent priority when calling a child
It's wrong.
Arran Cudbard-Bell [Sun, 29 Sep 2013 14:58:48 +0000 (15:58 +0100)]
Segfault in libperl when doing perl_xlat(). Fix by kvainkainen. Closes #436
In rlm_perl.c Perl interpreter cloning is controlled by #ifdef USE_ITHREADS.
However, for some unknown reason in perl_xlat() #ifndef WITH_ITHREADS is
used instead. At least my Perl does not have WITH_ITHREADS compile option,
meaning all perl_xlat() calls are handled by same Perl instance.
If you run Freeradius in multithread mode, this causes segfault in libperl
when two threads do perl_xlat() simultaneously.
Alan T. DeKok [Sun, 29 Sep 2013 13:18:01 +0000 (09:18 -0400)]
Port fix for update sections from v2.x.x
Alan T. DeKok [Sat, 28 Sep 2013 14:38:21 +0000 (10:38 -0400)]
Fix priority handling
Arran Cudbard-Bell [Fri, 27 Sep 2013 16:16:22 +0000 (17:16 +0100)]
instance is not used in rest_decode_post
Arran Cudbard-Bell [Fri, 27 Sep 2013 11:46:54 +0000 (12:46 +0100)]
Update rlm_rest to use newer log macros
Arran Cudbard-Bell [Fri, 27 Sep 2013 09:23:00 +0000 (10:23 +0100)]
Typo
Arran Cudbard-Bell [Fri, 27 Sep 2013 09:16:05 +0000 (10:16 +0100)]
Use newer API functions to iterate and sort attributes. Closes #440
Kevin Hester [Thu, 26 Sep 2013 23:24:35 +0000 (13:24 -1000)]
fix JSON upload in rlm_rest
Previously the POSTED json would be invalid - it would truncate at the
end of the first tuple (because of accidentally including a \0 in the
string). This change ensures that the returned length from
vp_prints_value_json does not include the nul terminator (which is
conventional and I assme the intent)
Arran Cudbard-Bell [Thu, 26 Sep 2013 13:15:20 +0000 (14:15 +0100)]
Fix places where old VP values were not freed
Arran Cudbard-Bell [Thu, 26 Sep 2013 09:53:31 +0000 (10:53 +0100)]
Fixup code formatting in EAP-LEAP, and use R*log functions
Arran Cudbard-Bell [Wed, 25 Sep 2013 22:48:08 +0000 (23:48 +0100)]
Assume password src encoding is UTF8 and convert it to UCS2 before hashing with MD4
Patch by Andrei Korostelev
Closes #437
Arran Cudbard-Bell [Wed, 25 Sep 2013 21:03:23 +0000 (22:03 +0100)]
Fix some typos/issues in rlm_rest json as posted by Kevin Hester. Closes #438
Alan T. DeKok [Tue, 24 Sep 2013 15:18:03 +0000 (11:18 -0400)]
Packet data is talloc'd
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:23 +0000 (12:49 +0100)]
Add comp128 functions
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:06 +0000 (12:49 +0100)]
Cleanup EAP-SIM code
Alan T. DeKok [Mon, 23 Sep 2013 14:42:34 +0000 (10:42 -0400)]
Fix udpfromto bug on Mac OSX.
This is a NICE Mac OSX bug. Create an interface with
two IP address, and then configure one listener for
each IP address. Send thousands of packets to one
address, and some will show up on the OTHER socket.
This hack works ONLY if the clients are global. If
each listener has the same client IP, but with
different secrets, then it will fail the rad_recv()
check above, and there's nothing you can do.
Linux does the right thing.
Alan T. DeKok [Mon, 23 Sep 2013 01:52:47 +0000 (21:52 -0400)]
Clean up non-udpfromto code
So that it's simpler. We also ALWAYS use udpfromto, as we assume
the library is used for IPv4 and IPv6 interfaces, not anything else.
Alan T. DeKok [Sat, 21 Sep 2013 12:32:39 +0000 (08:32 -0400)]
check_cert_issuer in EAP-TLS broken in presence of X509v3 extensions
Patch from David Wood
Manual port of commit
ce169385f
Alan T. DeKok [Fri, 20 Sep 2013 21:14:00 +0000 (17:14 -0400)]
Mark request DONE when we start the cleanup delay
Arran Cudbard-Bell [Fri, 20 Sep 2013 19:41:36 +0000 (20:41 +0100)]
Typo
Arran Cudbard-Bell [Mon, 16 Sep 2013 17:02:17 +0000 (18:02 +0100)]
Only print EXIT info when ndef NDEBUG
Arran Cudbard-Bell [Mon, 16 Sep 2013 14:44:11 +0000 (15:44 +0100)]
Wrap _exit and exit. Prints error message, and when running under GDB, raises SIGTRAP which causes debugger to break before exit.
Alan T. DeKok [Fri, 20 Sep 2013 17:59:38 +0000 (13:59 -0400)]
proxy_listener may be NULL. Closes #434
Arran Cudbard-Bell [Fri, 20 Sep 2013 16:02:22 +0000 (17:02 +0100)]
Dig src/billing out of more places
Arran Cudbard-Bell [Fri, 20 Sep 2013 11:55:30 +0000 (12:55 +0100)]
Remove billing dir, those files don't belong there
Alan T. DeKok [Thu, 19 Sep 2013 18:10:17 +0000 (14:10 -0400)]
Don't delete the request if it's in the queue
request_done() should WAIT if the request is blocked in the queue.
It should also be callable by the child thread. i.e. if the
master says "DONE" when it's in the queue, the child thread MAY
pick it up and call request->process(). Which should just say DONE
and stop
Alan T. DeKok [Thu, 19 Sep 2013 18:09:43 +0000 (14:09 -0400)]
Print how many requests are blocked
So that the admin can see the queue grow over time
Alan T. DeKok [Thu, 19 Sep 2013 01:54:25 +0000 (21:54 -0400)]
Short-circuit "case"
Alan T. DeKok [Wed, 18 Sep 2013 14:36:52 +0000 (10:36 -0400)]
Remove complaint for DHCP
Alan T. DeKok [Wed, 18 Sep 2013 14:12:24 +0000 (10:12 -0400)]
Turn assert into talloc check.
Which should get more information on error
Arran Cudbard-Bell [Tue, 17 Sep 2013 22:03:01 +0000 (23:03 +0100)]
xlat expand profile filter
remove search for PW_USER_PROFILE and expand default profile instead. If people really want the old functionality they can just set default = "%{control:User-Profile}".