Alan T. DeKok [Mon, 3 Jul 2017 15:36:13 +0000 (11:36 -0400)]
FR-GV-206 - decode option 60 (string) not 63 (octets), and check length
Alan T. DeKok [Tue, 4 Jul 2017 14:12:09 +0000 (10:12 -0400)]
FR-GV-201 - check input / output length in make_secret()
Alan T. DeKok [Wed, 5 Jul 2017 15:27:55 +0000 (11:27 -0400)]
FR-AD-001 - (v3) use strncmp() instead of memcmp() for bounded data
Alan DeKok [Mon, 3 Jul 2017 13:10:57 +0000 (09:10 -0400)]
Merge pull request #2014 from philmayers/patch-1
Add openssl to BuildRequires
Phil Mayers [Mon, 3 Jul 2017 12:42:54 +0000 (13:42 +0100)]
Add openssl to BuildRequires
The build step:
BOOTSTRAP raddb/certs/
...run `openssl dhparam -out dh -2 2048` which means you need to BuildRequires: openssl - openssl-devel does not pull in the binaries
Philippe Wooding [Thu, 29 Jun 2017 13:32:16 +0000 (15:32 +0200)]
Fix typo for huntgroups bug as described in freeradius.1045715.n5.nabble.com/Problem-with-huntgroups-upgrading-from-2-2-9-to-3-0-x-td5744845.html
Alan T. DeKok [Thu, 29 Jun 2017 12:29:15 +0000 (08:29 -0400)]
note recent changes
Alan T. DeKok [Thu, 29 Jun 2017 11:58:14 +0000 (07:58 -0400)]
don't process VMPS packets twice
Alan T. DeKok [Thu, 29 Jun 2017 11:56:04 +0000 (07:56 -0400)]
This doesn't need bash. SH is more portable
Alan T. DeKok [Thu, 29 Jun 2017 11:54:39 +0000 (07:54 -0400)]
DLT_LINUX_SLL isn't defined everywhere
Alan T. DeKok [Thu, 29 Jun 2017 11:53:38 +0000 (07:53 -0400)]
Add OpenBSD
Alan T. DeKok [Thu, 29 Jun 2017 11:52:57 +0000 (07:52 -0400)]
default to using 2048 bit keys
Alan T. DeKok [Thu, 29 Jun 2017 11:50:18 +0000 (07:50 -0400)]
Fixes for LibreSSL
Alan T. DeKok [Tue, 27 Jun 2017 17:40:52 +0000 (13:40 -0400)]
length in bytes, not chbind packets
Alan T. DeKok [Mon, 26 Jun 2017 13:04:54 +0000 (09:04 -0400)]
typo
Alan T. DeKok [Thu, 22 Jun 2017 01:03:54 +0000 (21:03 -0400)]
Fix OpenSSL API issue. Based on a patch from Guido Vranken
Arran Cudbard-Bell [Wed, 21 Jun 2017 13:46:14 +0000 (09:46 -0400)]
Provide HOSTNAME in the default unit files
# Conflicts:
# redhat/radiusd.service
Alan T. DeKok [Tue, 20 Jun 2017 20:27:15 +0000 (16:27 -0400)]
move rad_authlog() for Access-Reject
to after running post-auth
Arran Cudbard-Bell [Mon, 19 Jun 2017 21:14:00 +0000 (17:14 -0400)]
Use the correct preun command
Alan T. DeKok [Fri, 16 Jun 2017 13:00:28 +0000 (09:00 -0400)]
incorporate all redhat specific files into the tarball. Closes #1987
Manual pull of patch
Alan T. DeKok [Thu, 15 Jun 2017 23:26:56 +0000 (19:26 -0400)]
fix typo. Closes #2006
Arran Cudbard-Bell [Wed, 7 Jun 2017 10:33:47 +0000 (06:33 -0400)]
Merge pull request #2003 from mcnewton/v3.0.x
update starent dictionary as posted to mailing list
Matthew Newton [Wed, 7 Jun 2017 09:58:47 +0000 (10:58 +0100)]
update starent dictionary as posted to mailing list
Alan T. DeKok [Tue, 6 Jun 2017 15:40:25 +0000 (11:40 -0400)]
notes on db_dir vs logdir
Alan T. DeKok [Tue, 6 Jun 2017 14:27:56 +0000 (10:27 -0400)]
as posted to the list
Alan T. DeKok [Mon, 5 Jun 2017 14:47:29 +0000 (10:47 -0400)]
fix printing of long hex values
Alan T. DeKok [Mon, 5 Jun 2017 13:02:29 +0000 (09:02 -0400)]
do less alloc/free
Alan T. DeKok [Sun, 4 Jun 2017 20:48:59 +0000 (16:48 -0400)]
don't truncate at 1K
Alan T. DeKok [Fri, 2 Jun 2017 18:55:17 +0000 (14:55 -0400)]
ifdef out the whole function...
Alan T. DeKok [Fri, 2 Jun 2017 18:54:08 +0000 (14:54 -0400)]
fixes for builds without TCP
Alan T. DeKok [Fri, 2 Jun 2017 18:52:16 +0000 (14:52 -0400)]
expose WITH_DHCP to Make, and then don't build proto_dhcp
Alan T. DeKok [Fri, 2 Jun 2017 13:17:32 +0000 (09:17 -0400)]
note recent changes
Alan T. DeKok [Fri, 2 Jun 2017 13:10:05 +0000 (09:10 -0400)]
parse port. Closes #2000
Alan T. DeKok [Thu, 1 Jun 2017 18:27:21 +0000 (14:27 -0400)]
note recent changes
Alan T. DeKok [Thu, 1 Jun 2017 18:26:04 +0000 (14:26 -0400)]
set 'sess = NULL' after freeing it. Closes #1999
Alan T. DeKok [Mon, 29 May 2017 13:50:04 +0000 (09:50 -0400)]
note that 3.0.14 wasn't released in March...
Alan T. DeKok [Mon, 29 May 2017 13:45:15 +0000 (09:45 -0400)]
bump for 3.0.15
Alan T. DeKok [Mon, 29 May 2017 13:44:51 +0000 (09:44 -0400)]
bump for 3.0.15
Alan T. DeKok [Fri, 26 May 2017 18:11:20 +0000 (14:11 -0400)]
note recent updates
Alan T. DeKok [Fri, 26 May 2017 14:56:11 +0000 (10:56 -0400)]
remove unnecessary assert
Alan T. DeKok [Fri, 26 May 2017 14:54:14 +0000 (10:54 -0400)]
check before dereference.
Found by PVS-Studio
Alan T. DeKok [Fri, 26 May 2017 14:52:20 +0000 (10:52 -0400)]
check before dereference.
Found by PVS-Studio
Alan T. DeKok [Fri, 26 May 2017 13:04:12 +0000 (09:04 -0400)]
check for username, too
Alan DeKok [Fri, 26 May 2017 10:21:27 +0000 (06:21 -0400)]
Merge pull request #1996 from alejandro-perez/v3.0.x
Fix deadlock
Alejandro Perez [Fri, 26 May 2017 06:15:07 +0000 (08:15 +0200)]
Fix deadlock.
This fixes a regression introduced in #
8391d0ba8ebd2599212317259d26a17cfebb5b2a
Alan T. DeKok [Thu, 25 May 2017 21:04:16 +0000 (17:04 -0400)]
note recent changes
Alan T. DeKok [Thu, 25 May 2017 20:59:14 +0000 (16:59 -0400)]
make outgoing SSL_connect() non-blocking
Alan DeKok [Thu, 25 May 2017 15:19:08 +0000 (11:19 -0400)]
Merge pull request #1995 from spaetow/patch-1
Update freeradius.spec with contents of PR #1991
Stefan Paetow [Thu, 25 May 2017 15:17:01 +0000 (16:17 +0100)]
As part of PR 1991, I forgot to update the FR SPEC file with the updated file list for mysql, postgresql and sqlite. Apologies!
Alan DeKok [Thu, 25 May 2017 12:56:51 +0000 (08:56 -0400)]
Merge pull request #1991 from spaetow/v3.0.x
Add SQL backing to Moonshot-*-TargetedId generation
Alan T. DeKok [Wed, 24 May 2017 21:21:55 +0000 (17:21 -0400)]
remove references to sql_log
Alan T. DeKok [Wed, 24 May 2017 19:55:26 +0000 (15:55 -0400)]
note recent changes
Alan T. DeKok [Wed, 24 May 2017 19:55:05 +0000 (15:55 -0400)]
as posted to the list
Stefan Paetow [Sat, 20 May 2017 20:05:56 +0000 (21:05 +0100)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Fri, 19 May 2017 18:10:37 +0000 (14:10 -0400)]
note recent changes
Alan T. DeKok [Wed, 17 May 2017 16:15:07 +0000 (12:15 -0400)]
reduce scope of variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:07:49 +0000 (12:07 -0400)]
request by be NULL. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:06:57 +0000 (12:06 -0400)]
move shutdown calls into check for ssn->ssl. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:03:46 +0000 (12:03 -0400)]
check sizeof(*packet). Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:51:44 +0000 (11:51 -0400)]
check ptr before dereferencing it. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:50:36 +0000 (11:50 -0400)]
remove redundant declaration. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:57 +0000 (11:46 -0400)]
move assertion to correct place. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:12 +0000 (11:46 -0400)]
remove redundant assignment. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:44:48 +0000 (11:44 -0400)]
move assertion to top of function. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:42:54 +0000 (11:42 -0400)]
fix wrong assertion. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:41:57 +0000 (11:41 -0400)]
check for OOM. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:39:07 +0000 (11:39 -0400)]
check before dereference. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:35:20 +0000 (11:35 -0400)]
don't assign wrong enum to variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:27:45 +0000 (11:27 -0400)]
remove redundant check. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:26:54 +0000 (11:26 -0400)]
don't use i for inner and outer loop. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:25:44 +0000 (11:25 -0400)]
remove duplicate checks. Found by PVS-Studio
Alan DeKok [Fri, 19 May 2017 18:06:40 +0000 (14:06 -0400)]
Merge pull request #1989 from Sp1l/v3.0.x
Fix build with LibreSSL
Stefan Paetow [Thu, 18 May 2017 21:14:47 +0000 (22:14 +0100)]
Changed wording. It's incorrect to claim it's a generation policy when it actually does a SQL XLAT.
Stefan Paetow [Thu, 18 May 2017 15:28:27 +0000 (16:28 +0100)]
Adjust the default table names to be SQL-standard compliant. Add the other supported SQL dialects.
Stefan Paetow [Thu, 18 May 2017 13:35:45 +0000 (14:35 +0100)]
Add SQL backing to Moonshot-*-TargetedId generation. Added three attributes for general use in this policy to avoid clashes with Tmp-* variables
Alan T. DeKok [Tue, 16 May 2017 12:07:12 +0000 (08:07 -0400)]
use correct packet for channel binding. Closes #1990
Alan T. DeKok [Fri, 12 May 2017 13:16:00 +0000 (09:16 -0400)]
create string only if it's needed
Alan T. DeKok [Fri, 12 May 2017 13:08:04 +0000 (09:08 -0400)]
use RDEBUG
Alan T. DeKok [Thu, 11 May 2017 14:06:19 +0000 (10:06 -0400)]
remove always-false condition
Bernard Spil [Sun, 14 May 2017 13:45:23 +0000 (15:45 +0200)]
Fix build with LibreSSL
LibreSSL does not have X509_get0_extensions and was forked from 0x1000200fL
See also: https://bugs.freebsd.org/218225
Alan DeKok [Fri, 12 May 2017 11:17:24 +0000 (07:17 -0400)]
Merge pull request #1988 from alejandro-perez/v3.0.x
Fix typo in previous commit
Alejandro Perez [Thu, 11 May 2017 16:16:20 +0000 (18:16 +0200)]
Fix typo in previous commit.
Alan T. DeKok [Thu, 11 May 2017 14:04:22 +0000 (10:04 -0400)]
re-order old names. New names come second...
Alan T. DeKok [Thu, 11 May 2017 13:59:14 +0000 (09:59 -0400)]
convert assertion to run-time check.
Alan T. DeKok [Thu, 11 May 2017 13:57:33 +0000 (09:57 -0400)]
convert assert to run-time check.
Alan T. DeKok [Thu, 11 May 2017 13:50:31 +0000 (09:50 -0400)]
revert debian packages to 3.0.12 versions
Brice Schaffner [Thu, 11 May 2017 10:05:24 +0000 (10:05 +0000)]
Added missing Patton Vendor Attributes
Added some new Patton Vendor Attributes to the list.
These attributes are now supported on the newest Patton device running on Trinity software version 3.11.2.
Arran Cudbard-Bell [Thu, 11 May 2017 10:51:10 +0000 (06:51 -0400)]
Merge pull request #1974 from alanbuxey/patch-3
fixed variable to use the "&" prefix
Arran Cudbard-Bell [Thu, 11 May 2017 10:50:55 +0000 (06:50 -0400)]
Merge branch 'v3.0.x' into patch-3
Alan T. DeKok [Wed, 10 May 2017 18:34:25 +0000 (14:34 -0400)]
add aliases for well-known names
Alan T. DeKok [Wed, 10 May 2017 18:07:54 +0000 (14:07 -0400)]
set statment to NULL. Fixes #1983
Alan DeKok [Wed, 10 May 2017 14:00:08 +0000 (10:00 -0400)]
Merge pull request #1985 from alejandro-perez/v3.0.x
Fix memory leak in trustrouter.c
Alejandro Perez [Wed, 10 May 2017 09:46:55 +0000 (11:46 +0200)]
Fix memory leak in trustrouter.c
In the trustrouter.c file, servers were being created using
talloc_zero() instead of tls_server_conf_alloc(). Thus, the
destructor _tls_server_conf_free() which frees the SSL_CTX
object was not being called.
Alan DeKok [Tue, 9 May 2017 13:36:26 +0000 (09:36 -0400)]
Merge pull request #1982 from alejandro-perez/v3.0.x
Some fixes to the trustrouter related code
Alejandro Perez [Tue, 9 May 2017 12:33:31 +0000 (14:33 +0200)]
Set idle_timeout to 5s to all the dynamic home servers
Dynamically generated home servers get eventually replaced.
We want sockets using these servers to close as soon as possible, to make sure that whenever a pool is replaced, sockets using old ones will not last long (hopefully less than 300s).
Alejandro Perez [Tue, 9 May 2017 12:21:44 +0000 (14:21 +0200)]
Increase the amount of time a pool spends in the garbage list
Under specific circumstances (e.g high authentication load) a client might keep using an old pool since the socket did not expire. 60 seconds seems too low.
Increased to make sure we do not delete it while it is still being used.
Alejandro Perez [Tue, 9 May 2017 12:13:52 +0000 (14:13 +0200)]
Remove unnecessary check to update REALM
Existing code precluded a REALM from being updated if there were traffic within the last 5 minutes.
This is an error since when the TLS keys expire, the home server will reject client’s attempts to establish a connection, leading to up to 5 minutes of denied user authentications.
Alan Buxey [Tue, 9 May 2017 11:28:07 +0000 (12:28 +0100)]
Merge branch 'v3.0.x' into patch-3
Alan T. DeKok [Mon, 8 May 2017 20:41:25 +0000 (16:41 -0400)]
note recent changes
Alan T. DeKok [Mon, 8 May 2017 20:38:56 +0000 (16:38 -0400)]
disable internal OpenSSL cache
projects / freeradius.git / log