Herwin Weststrate [Tue, 12 Jan 2016 16:58:12 +0000 (17:58 +0100)]
Fixed debugging constants in rlm_perl
This is just a workaround, the correct fix would be to push these constants to the perl script from freeradius, instead of duplicating data.
Alan DeKok [Wed, 6 Jan 2016 21:24:41 +0000 (16:24 -0500)]
Merge pull request #1484 from herwinw/rlm_python_fixes
Rlm python fixes
Alan T. DeKok [Wed, 6 Jan 2016 21:23:52 +0000 (16:23 -0500)]
Add --silent for jlibtool
Herwin Weststrate [Thu, 17 Dec 2015 19:28:55 +0000 (20:28 +0100)]
Allow strings as operator in rlm_python
Because ('Tmp-String-0', '!*', 'ANY') is just so more readable than ('Tmp-String-0', 21, 'ANY'). Plain integers still work for backwards compatibility. As a bonus, we get rid of the OP table in radiusd.py: this module was not supposed to be included in scripts running from FreeRADIUS, but was still referenced from prepaid.py. As a bonus, we get rid of a table that was no longer in sync with the definitions in tokens.h.
Herwin Weststrate [Thu, 17 Dec 2015 19:00:25 +0000 (20:00 +0100)]
Show operator that is actually used instead of the default in rlm_python
So if we remove a certain attribute, display "!* ANY" instead of "= ANY"
Alan T. DeKok [Wed, 6 Jan 2016 20:36:11 +0000 (15:36 -0500)]
Use jlibtool when running local binaries.
It knows how to find the libraries
Herwin Weststrate [Thu, 17 Dec 2015 18:51:13 +0000 (19:51 +0100)]
Use other functions to update list after rlm_python call
Now we also support things like "!* ANY" to remove items.
Herwin Weststrate [Thu, 17 Dec 2015 18:04:07 +0000 (19:04 +0100)]
Show list name in debug messages in rlm_python
The module has the possibility to update the reply and the control list. It is nice to know what list is updated or generates errors. The name of the parameter is based on the parameter with the same use in `rlm_perl`.
Alan T. DeKok [Wed, 6 Jan 2016 14:30:33 +0000 (09:30 -0500)]
Print out Cleartext-Password if comparison fails
Alan T. DeKok [Tue, 5 Jan 2016 18:39:15 +0000 (13:39 -0500)]
alloc reply, not request packet.
This initializes all of the necessary fields
Alan T. DeKok [Tue, 5 Jan 2016 18:07:05 +0000 (13:07 -0500)]
Fix typo
Alan T. DeKok [Mon, 4 Jan 2016 20:04:06 +0000 (15:04 -0500)]
typo
Alan T. DeKok [Mon, 4 Jan 2016 20:01:25 +0000 (15:01 -0500)]
convert assert to run-time check. Fixes #1483
Alan T. DeKok [Mon, 4 Jan 2016 19:49:54 +0000 (14:49 -0500)]
note recent changes
Alan T. DeKok [Mon, 4 Jan 2016 19:47:48 +0000 (14:47 -0500)]
Produce debug warnings on spoofing or non-anonymous identities
Arran Cudbard-Bell [Sat, 2 Jan 2016 20:11:00 +0000 (15:11 -0500)]
It's 2016
Alan T. DeKok [Thu, 31 Dec 2015 15:50:05 +0000 (10:50 -0500)]
Reorganize checks for inner / outer filter.
Move regexes to [^@]+ instead of .*
If there's an outer realm, require the user portion to be
empty or begin with "anon"
Alan T. DeKok [Thu, 31 Dec 2015 06:41:56 +0000 (01:41 -0500)]
fix for accounting packets
Alan T. DeKok [Thu, 31 Dec 2015 00:53:17 +0000 (19:53 -0500)]
notes on case sensitivity
Alan T. DeKok [Thu, 31 Dec 2015 00:51:43 +0000 (19:51 -0500)]
more careful checks for realm comparisons
Alan T. DeKok [Thu, 31 Dec 2015 00:43:05 +0000 (19:43 -0500)]
Clarify error messages
Alan T. DeKok [Thu, 31 Dec 2015 00:40:35 +0000 (19:40 -0500)]
set Module-Failure-Message, not Reply-Message
Alan T. DeKok [Thu, 31 Dec 2015 00:38:05 +0000 (19:38 -0500)]
filter_username applies only if there is a User-Name
Alan T. DeKok [Thu, 31 Dec 2015 00:31:02 +0000 (19:31 -0500)]
Simplify regex.
Arran Cudbard-Bell [Wed, 30 Dec 2015 23:12:07 +0000 (18:12 -0500)]
Document section name override
Arran Cudbard-Bell [Wed, 30 Dec 2015 18:56:39 +0000 (13:56 -0500)]
consistent names for xlats
Alan T. DeKok [Wed, 30 Dec 2015 19:08:30 +0000 (14:08 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 19:05:33 +0000 (14:05 -0500)]
Simplify the code
Alan T. DeKok [Wed, 30 Dec 2015 18:47:29 +0000 (13:47 -0500)]
Ensure that the authentication vectors are always updated
Alan T. DeKok [Wed, 30 Dec 2015 18:40:47 +0000 (13:40 -0500)]
Make rad_print_hex take const
Alan T. DeKok [Wed, 30 Dec 2015 16:47:44 +0000 (11:47 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 16:44:25 +0000 (11:44 -0500)]
fixes found from additional tests in 3.1
Alan T. DeKok [Wed, 30 Dec 2015 16:43:58 +0000 (11:43 -0500)]
don't use fixed-size buffers
Alan T. DeKok [Wed, 30 Dec 2015 16:29:50 +0000 (11:29 -0500)]
turn off debugging
Alan T. DeKok [Wed, 30 Dec 2015 16:27:42 +0000 (11:27 -0500)]
Escape special characters in regex expansion. Fixes #1474
Arran Cudbard-Bell [Wed, 30 Dec 2015 06:24:42 +0000 (01:24 -0500)]
Fix potential SEGV in SQL simultaneous use check
Arran Cudbard-Bell [Wed, 30 Dec 2015 02:28:10 +0000 (21:28 -0500)]
Fix spec building under clang
Alan T. DeKok [Tue, 29 Dec 2015 21:20:46 +0000 (16:20 -0500)]
Allow fail-over logic for TCP home servers
Alan T. DeKok [Sun, 27 Dec 2015 15:21:34 +0000 (10:21 -0500)]
Remove 3.1 features
Alan T. DeKok [Sun, 27 Dec 2015 14:02:51 +0000 (09:02 -0500)]
disable filter_inner_identity by default
It *might* break some systems. Better safe than sorry
Alan T. DeKok [Sun, 27 Dec 2015 02:23:38 +0000 (21:23 -0500)]
use filter_username inside of the tunnel, too
Because spaces and multiple @'s are a bad idea.
Alan T. DeKok [Sun, 27 Dec 2015 02:22:18 +0000 (21:22 -0500)]
Add policy to check outer / inner tunnel user names
They should be compatible as per github issue #1471
Alan T. DeKok [Mon, 21 Dec 2015 14:27:17 +0000 (09:27 -0500)]
Don't smash magic values
Alan T. DeKok [Sun, 20 Dec 2015 21:30:56 +0000 (16:30 -0500)]
typo
Arran Cudbard-Bell [Sun, 20 Dec 2015 21:28:53 +0000 (16:28 -0500)]
Merge pull request #1377 from skids/virtualize_state
Mix virtual server into session-state rbtree index key
Alan T. DeKok [Sat, 19 Dec 2015 14:23:27 +0000 (09:23 -0500)]
parent instances off of instance tree
because that's where they live.
Arran Cudbard-Bell [Fri, 18 Dec 2015 18:44:14 +0000 (13:44 -0500)]
Merge pull request #1462 from mcnewton/debsystemd30
Add systemd support for Debian Jessie
Matthew Newton [Fri, 18 Dec 2015 15:47:48 +0000 (15:47 +0000)]
Add systemd support for Debian Jessie
Apparently it is moving a step forward to break convenience.
So systemd users will have to manually update the system to use
/usr/local/etc/freeradius themselves if that is where their
config is located.
Alan DeKok [Fri, 18 Dec 2015 14:31:11 +0000 (09:31 -0500)]
Merge pull request #1461 from qnet-herwin/fragment_size_comment
Updated comment about default fragment_size
Herwin Weststrate [Fri, 18 Dec 2015 14:18:16 +0000 (15:18 +0100)]
Updated comment about default fragment_size
The default is 1024, as can be seen in tls.c:
./src/main/tls.c: { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, fragment_size), "1024" }
Arran Cudbard-Bell [Thu, 17 Dec 2015 18:08:53 +0000 (13:08 -0500)]
Merge pull request #1458 from jpereira/fix/open1
print out error message if we're unable to open the file
Jorge Pereira [Thu, 17 Dec 2015 17:58:17 +0000 (15:58 -0200)]
print out error message if we're unable to open the file
Alan T. DeKok [Thu, 17 Dec 2015 14:44:04 +0000 (09:44 -0500)]
We can't xlat expand non-strings
Alan T. DeKok [Wed, 16 Dec 2015 17:21:20 +0000 (12:21 -0500)]
typos
Alan T. DeKok [Tue, 15 Dec 2015 21:50:40 +0000 (16:50 -0500)]
better fix for #1456
Alan T. DeKok [Tue, 15 Dec 2015 19:43:09 +0000 (14:43 -0500)]
note recent changes
Alan T. DeKok [Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)]
Allow password change to work again
retry MUST be zero
Alan DeKok [Tue, 15 Dec 2015 17:26:35 +0000 (12:26 -0500)]
Merge pull request #1455 from qnet-herwin/virtual_server_peap
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Tue, 15 Dec 2015 17:23:57 +0000 (12:23 -0500)]
remove duplicate triggers
This is now handled in the connection pool
Herwin Weststrate [Tue, 15 Dec 2015 17:14:08 +0000 (18:14 +0100)]
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Mon, 14 Dec 2015 20:49:52 +0000 (15:49 -0500)]
Require "virtual_server" for TTLS and PEAP
Alexis La Goutte [Tue, 15 Dec 2015 15:18:09 +0000 (16:18 +0100)]
dictionnary: fix typo on URL
Missing rfc on url...
Arran Cudbard-Bell [Tue, 15 Dec 2015 03:53:45 +0000 (22:53 -0500)]
Fix SNMP notifications import
Alan T. DeKok [Mon, 14 Dec 2015 15:34:10 +0000 (10:34 -0500)]
check undefined attributes
Arran Cudbard-Bell [Fri, 11 Dec 2015 16:32:41 +0000 (11:32 -0500)]
Pass correct struct to field counting functions
Alan T. DeKok [Fri, 11 Dec 2015 14:56:24 +0000 (09:56 -0500)]
notes for AD security
Alan T. DeKok [Fri, 11 Dec 2015 14:13:37 +0000 (09:13 -0500)]
disable tls 1.2 for OpenSSL 1.0.1f and 1.0.1g
Alan T. DeKok [Fri, 11 Dec 2015 13:45:14 +0000 (08:45 -0500)]
remove removed feature
Arran Cudbard-Bell [Fri, 11 Dec 2015 13:15:48 +0000 (08:15 -0500)]
Merge pull request #1447 from qnet-herwin/wbclient_drop_option_allow_mschapv2
Removed option winbind_allow_mschapv2 in rlm_mschap
Herwin Weststrate [Fri, 11 Dec 2015 09:05:32 +0000 (10:05 +0100)]
Removed option winbind_allow_mschapv2 in rlm_mschap
See the discussion at https://github.com/FreeRADIUS/freeradius-server/commit/
37f2f6d8e09bdebdf3031e419c00a0d3193b074a for more information
Alan T. DeKok [Thu, 10 Dec 2015 20:28:45 +0000 (15:28 -0500)]
Copy TLS cert VPs to request, even on fail.
This lets you log *why* it failed, and for who
Arran Cudbard-Bell [Thu, 10 Dec 2015 16:13:19 +0000 (11:13 -0500)]
Missing semicolon
Alan T. DeKok [Thu, 10 Dec 2015 15:39:53 +0000 (10:39 -0500)]
add a comma
Alan T. DeKok [Thu, 10 Dec 2015 15:11:21 +0000 (10:11 -0500)]
remove 3.1 syntax
Alan T. DeKok [Thu, 10 Dec 2015 14:20:00 +0000 (09:20 -0500)]
note recent changes
Alan T. DeKok [Thu, 10 Dec 2015 14:16:41 +0000 (09:16 -0500)]
Added TLS-OCSP-Cert-Valid to 3.0
Set by the TLS code. Not checked for anything.
Alan DeKok [Thu, 10 Dec 2015 14:08:53 +0000 (09:08 -0500)]
Merge pull request #1443 from qnet-herwin/WBC_MSV1_0_ALLOW_MSVCHAPV2
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
Alan DeKok [Thu, 10 Dec 2015 14:08:35 +0000 (09:08 -0500)]
Merge pull request #1444 from qnet-herwin/debian_heimdal-dev
Added heimdal-dev as alternative for libkrb5-dev
Alan T. DeKok [Thu, 10 Dec 2015 14:01:37 +0000 (09:01 -0500)]
building the initial certs requires make. Fixes #1442
Herwin Weststrate [Thu, 10 Dec 2015 11:53:37 +0000 (12:53 +0100)]
Added heimdal-dev as alternative for libkrb5-dev
The package builds fine without it. It does not have the functionality of krb5_get_error_message, but the freeradius code is already able to work around that limitation (using HAVE_KRB5_GET_ERROR_MESSAGE).
The main reason for this change is that the packages libkrb5-dev and heimdal-dev cannot both be installed on a machine, and Samba has a requirement on the heimdal-dev package. With this patch, my machine can happily compile Samba and FreeRADIUS.
Herwin Weststrate [Tue, 8 Dec 2015 11:29:42 +0000 (12:29 +0100)]
Add ALLOW_MSVCHAPV2 flag to mschap/libwbclient
The functionality is the same as https://github.com/samba-team/samba/pull/45: allow authentication via winbind when the AD has a higher security level.
Alan T. DeKok [Wed, 9 Dec 2015 16:10:25 +0000 (11:10 -0500)]
More warnings for broken software
Alan T. DeKok [Tue, 8 Dec 2015 16:20:04 +0000 (11:20 -0500)]
Document disable tls 1.2 because of OpenSSL breakage
Alan T. DeKok [Tue, 8 Dec 2015 16:19:55 +0000 (11:19 -0500)]
note recent changes
Alan T. DeKok [Tue, 8 Dec 2015 14:30:35 +0000 (09:30 -0500)]
typo
Alan T. DeKok [Mon, 7 Dec 2015 19:14:15 +0000 (14:14 -0500)]
port enum changes from head, which clarify the code
Alan T. DeKok [Mon, 7 Dec 2015 19:01:36 +0000 (14:01 -0500)]
run verify only on skipped
Arran Cudbard-Bell [Mon, 7 Dec 2015 19:13:03 +0000 (14:13 -0500)]
Merge pull request #1429 from pwdng/freebsd_fix
Some error codes aren't defined on FreeBSD
Philippe Wooding [Fri, 4 Dec 2015 23:38:51 +0000 (00:38 +0100)]
Some error codes aren't defined on FreeBSD
Alan T. DeKok [Mon, 7 Dec 2015 17:01:15 +0000 (12:01 -0500)]
clean up SSL errors on OCSP soft fail
Alan T. DeKok [Mon, 7 Dec 2015 16:43:11 +0000 (11:43 -0500)]
verify_callback should return 0 or 1
Alan T. DeKok [Mon, 7 Dec 2015 16:38:18 +0000 (11:38 -0500)]
Added "skip verify if OCSP succeeds". Fixes #1426
Alan T. DeKok [Sat, 5 Dec 2015 17:30:20 +0000 (12:30 -0500)]
note recent changes
Alan T. DeKok [Sat, 5 Dec 2015 17:27:38 +0000 (12:27 -0500)]
WARN if we find duplicate configuration items.
Because some people think randomly adding things is a good idea.
Alan T. DeKok [Fri, 4 Dec 2015 13:29:15 +0000 (08:29 -0500)]
formatting
Alan T. DeKok [Fri, 4 Dec 2015 13:29:04 +0000 (08:29 -0500)]
Check buffer as we copy data into it
Arran Cudbard-Bell [Thu, 3 Dec 2015 19:19:03 +0000 (14:19 -0500)]
Fix includes in installed headers
Arran Cudbard-Bell [Thu, 3 Dec 2015 15:58:44 +0000 (10:58 -0500)]
Invalid assert
Alan T. DeKok [Thu, 3 Dec 2015 13:56:00 +0000 (08:56 -0500)]
sqlhpwippool is unstable
Alan T. DeKok [Wed, 2 Dec 2015 18:51:39 +0000 (13:51 -0500)]
Revert "Commit mk files for sql modules"
This reverts commit
2b77b7e830222d0192f42efe66cae38f061aa34c.