Alan T. DeKok [Fri, 3 Feb 2017 22:17:24 +0000 (17:17 -0500)]
read the TLS data first, before the VPs
Matthew Newton [Thu, 2 Feb 2017 21:59:24 +0000 (21:59 +0000)]
Merge pull request #1896 from mcnewton/v3.0.x
systemd syslog.target is obsolete
Matthew Newton [Thu, 2 Feb 2017 21:10:43 +0000 (21:10 +0000)]
systemd syslog.target is obsolete
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:19:34 +0000 (10:19 +0000)]
Update copyright year
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:17:29 +0000 (10:17 +0000)]
Revert "Create the database by default..."
This reverts commit
70a41b507f36d1687dbf4b1457d62973b9a84ad0.
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:13:22 +0000 (10:13 +0000)]
Merge pull request #1894 from herwinw/v30x_rlm_sql_mysql_whitespace
Removed combination of space+tab in rlm_sql_mysql.c
Herwin Weststrate [Thu, 2 Feb 2017 07:28:21 +0000 (08:28 +0100)]
Removed combination of space+tab in rlm_sql_mysql.c
Replaced it with just a tab
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:51:06 +0000 (20:51 +0000)]
Use the actual field lengths when creating the result array
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:50:14 +0000 (20:50 +0000)]
Trim whitespace before searching for operation type
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:44:00 +0000 (20:44 +0000)]
Create the database by default...
Alan DeKok [Wed, 1 Feb 2017 19:29:19 +0000 (14:29 -0500)]
Merge pull request #1893 from spaetow/patch-2
Update abfab_tr policy
Matthew Newton [Wed, 1 Feb 2017 15:56:00 +0000 (15:56 +0000)]
Merge pull request #1892 from mcnewton/v3.0.x
update kibana dashboard so it doesn't have to be imported twice
Stefan Paetow [Wed, 1 Feb 2017 14:22:06 +0000 (14:22 +0000)]
Update abfab-tr
Only set the service name when it doesn't exist (=), not overwrite it (:=)
Matthew Newton [Wed, 1 Feb 2017 13:54:55 +0000 (13:54 +0000)]
update kibana dashboard so it doesn't have to be imported twice
define the search before the visualisations
Alan T. DeKok [Wed, 1 Feb 2017 00:52:00 +0000 (19:52 -0500)]
fix typo. Fixes #1891
Alan T. DeKok [Wed, 1 Feb 2017 00:51:54 +0000 (19:51 -0500)]
more warnings
Stefan Paetow [Tue, 31 Jan 2017 17:22:30 +0000 (17:22 +0000)]
Update abfab-tr
Since there seem to be problems with the GSS-Acceptor-Host-Name occasionally, set it if it hasn't been set yet (and it's defined in the client definition). Also add the GSS-Acceptor-Service-Name if it hasn't been set, or override the one set.
Alan T. DeKok [Thu, 26 Jan 2017 20:34:44 +0000 (15:34 -0500)]
more debugging about the data we're reading
Alan T. DeKok [Thu, 26 Jan 2017 20:34:30 +0000 (15:34 -0500)]
don't write empty packets to the detail file
Alan T. DeKok [Wed, 25 Jan 2017 21:38:54 +0000 (16:38 -0500)]
debug for non-threaded too
Alan T. DeKok [Wed, 25 Jan 2017 21:14:36 +0000 (16:14 -0500)]
note recent changes
Alan T. DeKok [Wed, 25 Jan 2017 21:11:54 +0000 (16:11 -0500)]
print out packet type, contents, and reply for detail packets
Alan T. DeKok [Wed, 25 Jan 2017 21:11:37 +0000 (16:11 -0500)]
don't print out IP addresses for detail packets
Alan T. DeKok [Mon, 23 Jan 2017 18:54:10 +0000 (13:54 -0500)]
note recent changes
Matthew Newton [Fri, 20 Jan 2017 16:26:15 +0000 (16:26 +0000)]
remove Kibana 3 dashboard, as it is now obsolete :(
Matthew Newton [Fri, 20 Jan 2017 16:25:48 +0000 (16:25 +0000)]
update elasticsearch/logstash examples so that they work with elastic stack v5
Alan T. DeKok [Wed, 18 Jan 2017 17:38:32 +0000 (12:38 -0500)]
note recent changes
Alan T. DeKok [Wed, 18 Jan 2017 17:37:46 +0000 (12:37 -0500)]
typo. Fixes #1882
Alan T. DeKok [Mon, 16 Jan 2017 15:25:49 +0000 (10:25 -0500)]
Add rule to catch BSDMake
Alan T. DeKok [Mon, 16 Jan 2017 14:20:37 +0000 (09:20 -0500)]
delete incorrect documentation
Arran Cudbard-Bell [Fri, 13 Jan 2017 16:59:01 +0000 (16:59 +0000)]
Don't emit errors if no result is available
Alan T. DeKok [Fri, 13 Jan 2017 15:46:22 +0000 (10:46 -0500)]
Revert ""no more rows" isn't an ERROR"
This reverts commit
9cd2d57c6f3594ae8c4d74f34fdc7770361d3bdb.
Better fix is coming
Alan T. DeKok [Fri, 13 Jan 2017 15:42:27 +0000 (10:42 -0500)]
"no more rows" isn't an ERROR
Arran Cudbard-Bell [Thu, 12 Jan 2017 19:07:02 +0000 (19:07 +0000)]
Typo
Arran Cudbard-Bell [Thu, 12 Jan 2017 18:13:06 +0000 (18:13 +0000)]
Use a proper rcode for no more rows
Arran Cudbard-Bell [Thu, 12 Jan 2017 16:54:50 +0000 (16:54 +0000)]
Merge pull request #1881 from mcnewton/v3.0.x
rlm_eap: RERROR type debugs so Module-Failure-Message gets set
Matthew Newton [Tue, 10 Jan 2017 11:44:55 +0000 (11:44 +0000)]
rlm_eap: RERROR type debugs so Module-Failure-Message gets set
Arran Cudbard-Bell [Thu, 12 Jan 2017 15:39:35 +0000 (15:39 +0000)]
Fix backport issue
Alan T. DeKok [Thu, 12 Jan 2017 15:15:19 +0000 (10:15 -0500)]
note recent changes
Arran Cudbard-Bell [Thu, 12 Jan 2017 15:10:22 +0000 (15:10 +0000)]
Call finish_select_query if we experience an error retrieving the result
# Conflicts:
# src/modules/rlm_sql/rlm_sql.c
Matthew Newton [Thu, 12 Jan 2017 12:52:33 +0000 (12:52 +0000)]
rlm_eap_pwd: initialise HMAC context
Closes #1876
Alan DeKok [Tue, 10 Jan 2017 19:02:27 +0000 (14:02 -0500)]
Merge pull request #1875 from spaetow/patch-2
Update realm module
Stefan Paetow [Tue, 10 Jan 2017 16:17:15 +0000 (16:17 +0000)]
Update realm
Add the tr_port keyword to specify the port for trust router connection
Alan T. DeKok [Mon, 9 Jan 2017 13:55:09 +0000 (08:55 -0500)]
typo
Alan T. DeKok [Wed, 4 Jan 2017 22:06:28 +0000 (17:06 -0500)]
hoist check to outside of switch statement
Alan T. DeKok [Mon, 2 Jan 2017 15:16:10 +0000 (10:16 -0500)]
note recent changes
Alan T. DeKok [Mon, 2 Jan 2017 15:15:21 +0000 (10:15 -0500)]
fix filtering operators
Alan T. DeKok [Mon, 2 Jan 2017 15:12:48 +0000 (10:12 -0500)]
update date
Alan T. DeKok [Mon, 2 Jan 2017 15:12:21 +0000 (10:12 -0500)]
document filtering operators < and >
Alan T. DeKok [Mon, 2 Jan 2017 14:56:43 +0000 (09:56 -0500)]
more descriptive
Alan T. DeKok [Mon, 2 Jan 2017 14:11:16 +0000 (09:11 -0500)]
document != as a filtering operator
Alan T. DeKok [Mon, 2 Jan 2017 14:04:20 +0000 (09:04 -0500)]
fix documentation
Alan T. DeKok [Tue, 20 Dec 2016 16:56:54 +0000 (11:56 -0500)]
note recent changes
Alan T. DeKok [Tue, 20 Dec 2016 16:54:51 +0000 (11:54 -0500)]
add recv_coa
which is a copy of authorize
Matthew Newton [Tue, 20 Dec 2016 13:08:31 +0000 (13:08 +0000)]
Merge pull request #1835 from qnet-herwin/retry_winbind_auth_with_normalized_username
Allow authentication retry in winbind
Herwin Weststrate [Wed, 9 Nov 2016 09:29:08 +0000 (10:29 +0100)]
Allow authentication retry in winbind
A setup with the following properties:
* Active Directory backend
* FreeRadius with eap-inner-proxy
* Windows client with single sign-on
* User using different casing in username than in backend
may result in failing connections. It looks like Windows reads the
correct username from the domain server once it has logged in, and uses
that to create the MS-CHAP2-Response attribute. The User-Name attribute
is still the one with the incorrect casing, causing the authentication
to fail.
The introduced config option kicks in after a failed authentication: it
reads the correct username from the backend, tries another
authentication, and uses the found User-Name to calculate
MS-CHAP2-Response if the second authentication works.
Alan DeKok [Wed, 7 Dec 2016 16:37:15 +0000 (11:37 -0500)]
Merge pull request #1850 from spbnick/v3.0.x_openssl_1.1_fix
OpenSSL v1.1 fixes for v3.0.x
Alan T. DeKok [Wed, 7 Dec 2016 14:57:06 +0000 (09:57 -0500)]
note recent changes
Alan T. DeKok [Wed, 7 Dec 2016 14:56:01 +0000 (09:56 -0500)]
continue to "next" in xlat alternate. Fixes #1866
Nikolai Kondrashov [Wed, 23 Nov 2016 08:27:45 +0000 (10:27 +0200)]
Do not assign OpenSSL callbacks if not needed
Check if CRYPTO_set_id_callback and CRYPTO_set_locking_callback are
defined as functions (as opposed to stub macros), and if they aren't,
don't call them and don't define the corresponding callbacks.
This avoids the "unused function" warnings with OpenSSL v1.1.
Nikolai Kondrashov [Wed, 23 Nov 2016 07:40:24 +0000 (09:40 +0200)]
Handle deprecated OpenSSL thread cleanup functions
Use appropriate OpenSSL thread cleanup function or don't use any,
depending on their deprecation status in various OpenSSL versions.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:15 +0000 (20:09 +0200)]
Accomodate consts added in OpenSSL 1.1
Update some declarations to use const to match respective changes in
OpenSSL 1.1 and not produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:05 +0000 (20:09 +0200)]
Do not use OPENSSL_config
Switch to using CONF_modules_load_file instead of OPENSSL_config, which
was deprecated in OpenSSL 1.1 and would produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:02 +0000 (20:09 +0200)]
Do not use ASN1_STRING_data
Switch to using ASN1_STRING_get0_data instead of ASN1_STRING_data, which
was deprecated in OpenSSL 1.1 and would produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:59 +0000 (20:08 +0200)]
Do not use HMAC_Init
Replace remaining use of HMAC_Init with HMAC_Init_ex to silence
deprecation warnings with OpenSSL 1.1.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:56 +0000 (20:08 +0200)]
Do not use HMAC_CTX_init
Switch to using HMAC_CTX_new in place of HMAC_CTX_init, which was
removed in OpenSSL 1.1, resulting in broken build.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:54 +0000 (20:08 +0200)]
Initialize HMAC context in rlm_otp
Add the missing mandatory HMAC context initialization to rlm_otp's
otp_gen_state. Otherwise the outcome of the following HMAC operations is
undefined.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:49 +0000 (20:08 +0200)]
Do not try to access private OpenSSL structs
Some more OpenSSL structures were made private in v1.1 and accessor
functions were added instead. Switch to using accessor functions to fix
the build.
Nikolai Kondrashov [Wed, 7 Dec 2016 12:23:54 +0000 (14:23 +0200)]
Move func substitutes from rlm_eap to missing.c
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:47 +0000 (20:08 +0200)]
Add a few OpenSSL fallback funcs
Add four fallback function implementations to use in place of functions
removed/deprecated in OpenSSL 1.1. Those are to be used in the following
patches to make the build work and not produce deprecation warnings.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:21:33 +0000 (10:21 +0200)]
Check for openssl/conf.h
Check for presence of openssl/conf.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:13:55 +0000 (10:13 +0200)]
Check for openssl/asn1.h
Check for presence of openssl/asn1.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:43 +0000 (20:08 +0200)]
Check for openssl/hmac.h
Apart from dealing with a FIXME, this is needed for implementing
compatibility fallbacks for some functions introduced in OpenSSL 1.1, in
following commits.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:40 +0000 (20:08 +0200)]
Check for EVP_CIPHER_CTX_new to detect libcrypto
Switch to checking for EVP_CIPHER_CTX_new instead of EVP_cleanup to
detect presence of libcrypto, because EVP_cleanup was removed as symbol
from OpenSSL 1.1, and the check would always fail.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:33 +0000 (20:08 +0200)]
Fix SSL_get_client/server_random checks
Needed for conditionally avoiding accessing private OpenSSL structures
in a following patch.
Backported from v3.1.x.
Alan T. DeKok [Wed, 7 Dec 2016 00:22:12 +0000 (19:22 -0500)]
indentation helps
Alan T. DeKok [Wed, 30 Nov 2016 13:30:38 +0000 (08:30 -0500)]
switch with no match and no default
Alan T. DeKok [Mon, 28 Nov 2016 15:37:17 +0000 (10:37 -0500)]
limit FD to FD_SETSIZE
Alan DeKok [Wed, 23 Nov 2016 18:16:55 +0000 (13:16 -0500)]
Merge pull request #1857 from jrouzierinverse/json-encoding
Cast byte as an unsigned char instead
James Rouzier [Wed, 23 Nov 2016 17:37:59 +0000 (12:37 -0500)]
Cast byte as an unsigned char instead
Alan T. DeKok [Wed, 23 Nov 2016 14:06:39 +0000 (09:06 -0500)]
use unsigned, not signed
Alan T. DeKok [Wed, 23 Nov 2016 14:05:50 +0000 (09:05 -0500)]
\n is \n, not \b
Alan T. DeKok [Tue, 22 Nov 2016 21:27:12 +0000 (16:27 -0500)]
make data unsigned
Alan DeKok [Mon, 21 Nov 2016 16:43:05 +0000 (11:43 -0500)]
Merge pull request #1853 from alanbuxey/patch-4
remove unnecessary "Need 0 more connections to reach..." INFO output
Alan Buxey [Mon, 21 Nov 2016 15:25:24 +0000 (15:25 +0000)]
remove unnecessary "Need 0 more connections to reach..." INFO output
the <= means that when the value is 0 the server keeps spewing out "Need 0 more connections to reach..." messages into the log output. this ensures messages come out only when there is a need.
Alan T. DeKok [Mon, 21 Nov 2016 14:06:32 +0000 (09:06 -0500)]
Check both attributes for message type and option 82
Alan T. DeKok [Mon, 21 Nov 2016 12:01:07 +0000 (07:01 -0500)]
added MS-MPPE-Encryption-Policy !* ANY
Alan T. DeKok [Sat, 19 Nov 2016 00:32:10 +0000 (19:32 -0500)]
fix inner-tunnel policy
This policy replaces "use_tunneled_reply". It's better to use
if (0) { ...} to disable blocks of code, instead of commenting it out.
Also, update the local reply before copying it to the outer
session-state list. That makes a lot more sense.
Alan T. DeKok [Fri, 18 Nov 2016 16:59:28 +0000 (11:59 -0500)]
set reject on reject
Alan T. DeKok [Fri, 18 Nov 2016 14:16:27 +0000 (09:16 -0500)]
remove unnecessary const
Alan T. DeKok [Tue, 15 Nov 2016 17:32:01 +0000 (12:32 -0500)]
pass the correct length to hex2bin
Alan T. DeKok [Mon, 14 Nov 2016 19:30:10 +0000 (14:30 -0500)]
NO is 0. YES is 1.
Alan T. DeKok [Fri, 11 Nov 2016 11:56:23 +0000 (06:56 -0500)]
from Microsemi
Boris Lytochkin [Wed, 9 Nov 2016 19:03:03 +0000 (22:03 +0300)]
fix build on FreeBSD: readline headers imply stdio.h is included prior
including readline.h
Arran Cudbard-Bell [Wed, 9 Nov 2016 15:09:21 +0000 (10:09 -0500)]
Really should be invalid
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:18 +0000 (07:36 -0500)]
Merge pull request #1829 from lytboris/init-out-v3.0.x
Initialize out before calling radius_axlat or radius_axlat_struct
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:06 +0000 (07:36 -0500)]
Merge branch 'v3.0.x' into init-out-v3.0.x
Arran Cudbard-Bell [Tue, 8 Nov 2016 14:15:04 +0000 (09:15 -0500)]
Merge pull request #1823 from lytboris/rlm_perl_radxlat_function-v3.0.x
implement radiusd::radius_xlat in rlm_perl (v3.0.x)
Boris Lytochkin [Fri, 4 Nov 2016 14:29:12 +0000 (17:29 +0300)]
implement radiusd::xlat in rlm_perl
Sponsored by: Yandex LLC
Alan T. DeKok [Tue, 8 Nov 2016 13:47:47 +0000 (08:47 -0500)]
fix previous commit