Arran Cudbard-Bell [Wed, 23 Sep 2015 20:18:59 +0000 (16:18 -0400)]
Correct precedence for determining src ip of DHCP packet
Alan T. DeKok [Wed, 23 Sep 2015 18:23:04 +0000 (14:23 -0400)]
More fixes for virtual attributes
Alan T. DeKok [Wed, 23 Sep 2015 17:48:41 +0000 (13:48 -0400)]
Fix typo
Alan T. DeKok [Wed, 23 Sep 2015 17:36:54 +0000 (13:36 -0400)]
Allow checks for existence of virtual attrs. Fixes #1265
Alan T. DeKok [Wed, 23 Sep 2015 16:18:44 +0000 (12:18 -0400)]
change minimum pool size to be 2K
Arran Cudbard-Bell [Tue, 22 Sep 2015 18:38:38 +0000 (19:38 +0100)]
Fix crash in rlm_ldap if server goes away whilst processing profiles
Christopher Hoskin [Mon, 21 Sep 2015 19:57:58 +0000 (20:57 +0100)]
Initial stab at machine-readable copyright file
Christopher Hoskin [Sat, 19 Sep 2015 12:22:07 +0000 (13:22 +0100)]
Correct minor issues with package descriptions
Christopher Hoskin [Sat, 19 Sep 2015 12:19:39 +0000 (13:19 +0100)]
Use buildflags to enable hardening (https://wiki.debian.org/Hardening)
Christopher Hoskin [Sat, 19 Sep 2015 08:33:08 +0000 (09:33 +0100)]
Updated dh compat to 9
Updated standards to 3.9.6
Removed duplicate entry from debian/control
Alan T. DeKok [Tue, 22 Sep 2015 13:01:01 +0000 (09:01 -0400)]
Put state name into request->component
It makes the debug output a little easier to read, while still
allowing for complaint messages to show the state
Alan DeKok [Tue, 22 Sep 2015 12:34:18 +0000 (08:34 -0400)]
Merge pull request #1262 from jpereira/fix/better-msg1
Show the name of virtual-server
Jorge Pereira [Tue, 22 Sep 2015 01:08:33 +0000 (22:08 -0300)]
Show the name of virtual-server
Arran Cudbard-Bell [Mon, 21 Sep 2015 22:25:29 +0000 (23:25 +0100)]
Merge pull request #1259 from jpereira/fix/realm1
Fix single space in report message
Jorge Pereira [Mon, 21 Sep 2015 18:54:20 +0000 (15:54 -0300)]
Fix single space in report message
Alan T. DeKok [Mon, 21 Sep 2015 15:53:34 +0000 (11:53 -0400)]
set request->module, too, when dequeuing a request
Alan T. DeKok [Mon, 21 Sep 2015 15:50:54 +0000 (11:50 -0400)]
Simplify final state transitions with a macro
Alan DeKok [Mon, 21 Sep 2015 13:40:05 +0000 (09:40 -0400)]
Merge pull request #1258 from qnet-herwin/typo_fixes
Typo fix: doesnot => does not
Alan T. DeKok [Mon, 21 Sep 2015 13:34:40 +0000 (09:34 -0400)]
Set request->module to the request state
Herwin Weststrate [Thu, 6 Aug 2015 08:28:48 +0000 (10:28 +0200)]
Typo fix: doesnot => does not
Arran Cudbard-Bell [Sat, 19 Sep 2015 11:39:05 +0000 (12:39 +0100)]
Fix minor issues identified by clang-700.0.72
Arran Cudbard-Bell [Sat, 19 Sep 2015 17:13:16 +0000 (18:13 +0100)]
Merge pull request #1255 from alanbuxey/patch-8
Update sql with example/documented SSL connection for postgresql
Alan Buxey [Sat, 19 Sep 2015 16:02:37 +0000 (17:02 +0100)]
Update sql
Arran Cudbard-Bell [Sat, 19 Sep 2015 12:26:53 +0000 (13:26 +0100)]
Merge pull request #1250 from alanbuxey/patch-4
Update sql
Alan Buxey [Sat, 19 Sep 2015 12:19:07 +0000 (13:19 +0100)]
Update sql
Arran Cudbard-Bell [Sat, 19 Sep 2015 11:32:21 +0000 (12:32 +0100)]
With every new clang release, more incredibly useless warnings -Wno-reserved-id-macro
Alan T. DeKok [Sat, 19 Sep 2015 01:24:02 +0000 (21:24 -0400)]
Add @ in front of mkdir
Alan T. DeKok [Fri, 18 Sep 2015 14:09:54 +0000 (10:09 -0400)]
Don't grab SIGUSR1 and SIGUSR2.
There are now debug commands for getting talloc reports
Alan T. DeKok [Fri, 18 Sep 2015 13:10:34 +0000 (09:10 -0400)]
outlen may be zero, too
Alan T. DeKok [Fri, 18 Sep 2015 13:03:27 +0000 (09:03 -0400)]
Unify fr_prints() and fr_prints_len().
They were different, which was a source of errors.
They are now the same, which means errors are fewer
Alan T. DeKok [Fri, 18 Sep 2015 11:39:07 +0000 (07:39 -0400)]
note recent changes
Alan DeKok [Fri, 18 Sep 2015 11:37:59 +0000 (07:37 -0400)]
Merge pull request #1246 from mcnewton/v3.0.x
don't segfault when asked for help
Matthew Newton [Thu, 17 Sep 2015 23:36:41 +0000 (00:36 +0100)]
don't segfault when asked for help
print the help for the current command if there are no subcommands
to list
Arran Cudbard-Bell [Thu, 17 Sep 2015 17:56:35 +0000 (18:56 +0100)]
Merge pull request #1245 from jpereira/debian/logrotate1
Fix logrotate debian
Jorge Pereira [Thu, 17 Sep 2015 17:29:45 +0000 (14:29 -0300)]
Fix logrotate debian
Arran Cudbard-Bell [Thu, 17 Sep 2015 16:51:11 +0000 (17:51 +0100)]
No breaking changes in stable versions
Arran Cudbard-Bell [Thu, 17 Sep 2015 16:50:02 +0000 (17:50 +0100)]
Revert "if try to load a wrong client from SQL, don't start"
This is wrong, we don't introduce behaviour changes that will break people's deployments in stable versions of the server
Arran Cudbard-Bell [Thu, 17 Sep 2015 16:49:22 +0000 (17:49 +0100)]
Revert "logrotate: send a HUP after rotation"
This is wrong, copyrotate is the correct command to use
Alan T. DeKok [Thu, 17 Sep 2015 15:02:50 +0000 (11:02 -0400)]
note recent changes
Alan DeKok [Thu, 17 Sep 2015 15:02:35 +0000 (11:02 -0400)]
Merge pull request #1243 from jpereira/bug/debian-logrotate
debian: Fixing logrotate script
Jorge Pereira [Thu, 17 Sep 2015 14:27:21 +0000 (11:27 -0300)]
debian: Fixing logrotate script
Jorge Pereira [Thu, 17 Sep 2015 14:19:59 +0000 (11:19 -0300)]
logrotate: send a HUP after rotation
Alan T. DeKok [Thu, 17 Sep 2015 14:17:01 +0000 (10:17 -0400)]
More RFCs
Alan DeKok [Thu, 17 Sep 2015 13:09:07 +0000 (09:09 -0400)]
Merge pull request #1242 from jpereira/fix/wrong-client-sql
if has a wrong client-settings, don't rise!
Jorge Pereira [Thu, 17 Sep 2015 12:45:47 +0000 (09:45 -0300)]
if try to load a wrong client from SQL, don't start
Alan T. DeKok [Wed, 16 Sep 2015 19:17:34 +0000 (15:17 -0400)]
Accidentally committed
Alan T. DeKok [Wed, 16 Sep 2015 18:09:09 +0000 (14:09 -0400)]
note recent changes
Alan DeKok [Wed, 16 Sep 2015 18:36:14 +0000 (14:36 -0400)]
Merge pull request #1241 from jpereira/fix/xlat-space
xlat_explode: trim white space
Jorge Pereira [Wed, 16 Sep 2015 18:06:48 +0000 (15:06 -0300)]
xlat_explode: trim white space
Alan T. DeKok [Wed, 16 Sep 2015 17:15:40 +0000 (13:15 -0400)]
note recent changes
Alan T. DeKok [Wed, 16 Sep 2015 17:15:00 +0000 (13:15 -0400)]
Allow virtual attrs in switch. Fixes #1240
Alan T. DeKok [Wed, 16 Sep 2015 17:07:09 +0000 (13:07 -0400)]
Forgot a return...
Alan T. DeKok [Wed, 16 Sep 2015 16:47:37 +0000 (12:47 -0400)]
Be a bit more careful about thread transitions
Alan T. DeKok [Wed, 16 Sep 2015 00:58:46 +0000 (20:58 -0400)]
note recent changes
Alan T. DeKok [Wed, 16 Sep 2015 00:54:38 +0000 (20:54 -0400)]
Proxying to a bad destination is a failure.
Arran Cudbard-Bell [Tue, 15 Sep 2015 21:04:26 +0000 (22:04 +0100)]
Missed slash
Alan T. DeKok [Tue, 15 Sep 2015 16:01:17 +0000 (12:01 -0400)]
Remove extraneous debug
Arran Cudbard-Bell [Tue, 15 Sep 2015 14:06:43 +0000 (15:06 +0100)]
Package memcached
Arran Cudbard-Bell [Tue, 15 Sep 2015 13:53:52 +0000 (14:53 +0100)]
Revert "Include rlm_cache_memcached in spec file"
libmemcached on Centos is too old for this to work
Arran Cudbard-Bell [Tue, 15 Sep 2015 13:43:56 +0000 (14:43 +0100)]
Document and fix args
Alan T. DeKok [Tue, 15 Sep 2015 13:22:38 +0000 (09:22 -0400)]
Allow dots in policy / module names. Fixes #1237
Alan T. DeKok [Tue, 15 Sep 2015 13:09:37 +0000 (09:09 -0400)]
Lower the default pool size
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:32:52 +0000 (21:32 +0100)]
Include rlm_cache_memcached in spec file
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:29:50 +0000 (21:29 +0100)]
Merge pull request #1235 from FreeRADIUS/revert-1204-patch-1
Revert "Fix libs" - Only memcached will actually be built
Arran Cudbard-Bell [Mon, 14 Sep 2015 20:29:20 +0000 (21:29 +0100)]
Revert "Fix libs"
Arran Cudbard-Bell [Mon, 14 Sep 2015 17:27:36 +0000 (18:27 +0100)]
This was never backported
Arran Cudbard-Bell [Mon, 14 Sep 2015 17:20:03 +0000 (18:20 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:22:56 +0000 (17:22 +0100)]
No ocsp_ok label either
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:21:21 +0000 (17:21 +0100)]
No skipped label in v3.0.x
Alan T. DeKok [Mon, 14 Sep 2015 16:02:37 +0000 (12:02 -0400)]
Try to open client socket in fr_server_domain_socket_perm()
Just like in fr_server_domain_socket_peercred()
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:18:02 +0000 (17:18 +0100)]
Should skip the OCSP check
Arran Cudbard-Bell [Mon, 14 Sep 2015 16:13:41 +0000 (17:13 +0100)]
Typo
Alan T. DeKok [Mon, 14 Sep 2015 15:48:10 +0000 (11:48 -0400)]
Don't unlink socket if we can't open it
Alan T. DeKok [Mon, 14 Sep 2015 14:48:08 +0000 (10:48 -0400)]
Truncate to actual length, not by trailing zeros
Arran Cudbard-Bell [Sun, 13 Sep 2015 17:43:23 +0000 (18:43 +0100)]
If there's no OCSP URLs in the certificates, and we have a configured OCSP URL, we should fall back to that URL
Alan T. DeKok [Mon, 14 Sep 2015 12:51:09 +0000 (08:51 -0400)]
For encrypted attributes, set explicit length if given
for MS-CHAP-MPPE-Keys
Alan T. DeKok [Mon, 14 Sep 2015 12:50:00 +0000 (08:50 -0400)]
Set explicit length for MS-CHAP-MPPE-Key
Because it's encrypted with the same method as User-Password,
BUT it contains binary data. So it may have embedded zeros.
Which means the decoder needs to make it a fixed length,
instead of looking for zeros
Alan T. DeKok [Mon, 14 Sep 2015 12:47:56 +0000 (08:47 -0400)]
Enforce more restraints, and allow "octets[24] encrypt=1"
dict_addattr() can be called from places other than process_attribute()
so we move some of the checks to process_attribute()
This lets us do more checks on the "length" flag.
And to allow "octets[24] encrypt=1" for MS-CHAP-MPPE-Key.
Alan T. DeKok [Mon, 14 Sep 2015 12:21:40 +0000 (08:21 -0400)]
The MS-CHAP-MPPE-Keys attribute has 24 octets of data, not 32
This makes no difference to anyone, as the receiver will always
truncate it at 24 octets, and ignore the trailing zeros
Alan T. DeKok [Sun, 13 Sep 2015 14:30:32 +0000 (10:30 -0400)]
update explanation of what we're doing
Alan T. DeKok [Sun, 13 Sep 2015 14:30:11 +0000 (10:30 -0400)]
More debugging around session-state
Arran Cudbard-Bell [Sat, 12 Sep 2015 19:07:45 +0000 (20:07 +0100)]
Update ChangeLog
Alan T. DeKok [Sat, 12 Sep 2015 01:58:42 +0000 (21:58 -0400)]
note recent changes
Arran Cudbard-Bell [Fri, 11 Sep 2015 22:11:05 +0000 (23:11 +0100)]
Merge pull request #1231 from mcnewton/v3.0.x
small documentation fix/cleanups [ci skip]
Matthew Newton [Fri, 11 Sep 2015 22:07:27 +0000 (23:07 +0100)]
small documentation fix/cleanups
Arran Cudbard-Bell [Fri, 11 Sep 2015 17:04:31 +0000 (18:04 +0100)]
No need for if
Confusing because the rest of the frees don't use a condition
Alan T. DeKok [Fri, 11 Sep 2015 16:52:32 +0000 (12:52 -0400)]
Doxygen
Arran Cudbard-Bell [Fri, 11 Sep 2015 16:18:58 +0000 (17:18 +0100)]
Don't leak client_fd on error
Arran Cudbard-Bell [Fri, 11 Sep 2015 16:17:30 +0000 (17:17 +0100)]
Formatting
Alan T. DeKok [Fri, 11 Sep 2015 16:16:53 +0000 (12:16 -0400)]
Use fr_pair_list_mcopy... instead of fr_pair_list_move...
Alan T. DeKok [Fri, 11 Sep 2015 16:10:35 +0000 (12:10 -0400)]
Add fr_pair_list_mcopy_by_num()
Which is like fr_pair_list_move(), but does copy / delete
instead of talloc_steal.
The problem is that talloc_steal() keeps the original parent
context around for the lifetime of the VP being stolen. Which is
bad when the VP comes from a REQUEST, and is put into another
context, which lives for multiple seconds.
Alan T. DeKok [Fri, 11 Sep 2015 16:09:39 +0000 (12:09 -0400)]
Revert "Copy VPs instead of talloc_stealing them"
This reverts commit
a529c2d9bdef0f635fa10b2ab7e05527f95551b2.
There's a better fix
Alan T. DeKok [Fri, 11 Sep 2015 15:56:46 +0000 (11:56 -0400)]
Copy VPs instead of talloc_stealing them
Alan T. DeKok [Fri, 11 Sep 2015 14:33:17 +0000 (10:33 -0400)]
Check if the socket is in use before unlinking it
Arran Cudbard-Bell [Fri, 11 Sep 2015 14:13:03 +0000 (15:13 +0100)]
Add __packed__ to structs which cast over packet buffers
Alan T. DeKok [Fri, 11 Sep 2015 13:39:29 +0000 (09:39 -0400)]
note recent changes
Alan T. DeKok [Fri, 11 Sep 2015 13:18:33 +0000 (09:18 -0400)]
Syntax errors are errors, not assertions
Arran Cudbard-Bell [Fri, 11 Sep 2015 12:58:26 +0000 (13:58 +0100)]
Should be AF_UNSPEC, because we don't *know* what type of client IP we'll be parsing
Length should be -1.
Herwin Weststrate [Fri, 11 Sep 2015 06:06:10 +0000 (08:06 +0200)]
Remove second entry of Error-Cause in Access-Reject filter
This is effectively a revert of commit
caaca8da2eede537270a711742cc99f0ba854eb1.
Arran Cudbard-Bell [Fri, 11 Sep 2015 12:10:12 +0000 (13:10 +0100)]
Add support for "old" style clients back. This shouldn't be removed until v3.1.x.