Arran Cudbard-Bell [Fri, 13 Jun 2014 13:18:18 +0000 (14:18 +0100)]
Remove 'children' option from rlm_ldap debug messages when the children scope is not available
Arran Cudbard-Bell [Fri, 13 Jun 2014 13:08:48 +0000 (14:08 +0100)]
Only parse dereference value if we actually have a value to parse
Arran Cudbard-Bell [Fri, 13 Jun 2014 13:07:07 +0000 (14:07 +0100)]
Use correct lookup table. Fixes #686
Arran Cudbard-Bell [Fri, 13 Jun 2014 12:56:15 +0000 (13:56 +0100)]
Remove empty debug message
Arran Cudbard-Bell [Fri, 13 Jun 2014 12:53:56 +0000 (13:53 +0100)]
Respect fr_hostname_lookups in libfreeradius
Arran Cudbard-Bell [Fri, 13 Jun 2014 12:44:50 +0000 (13:44 +0100)]
Shouldn't be an error...
Arran Cudbard-Bell [Fri, 13 Jun 2014 12:42:23 +0000 (13:42 +0100)]
Fixup PG example and don't send application name by default
Arran Cudbard-Bell [Fri, 13 Jun 2014 12:37:20 +0000 (13:37 +0100)]
Debug fixes for radeapclient
Arran Cudbard-Bell [Fri, 13 Jun 2014 10:08:41 +0000 (11:08 +0100)]
Fix radtest to work when the local hostname is not resolvable
Herwin Weststrate [Fri, 13 Jun 2014 08:20:04 +0000 (10:20 +0200)]
Fixed compile error in rlm_ldap
Arran Cudbard-Bell [Fri, 13 Jun 2014 08:14:08 +0000 (09:14 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 13 Jun 2014 07:54:30 +0000 (08:54 +0100)]
Add support for dereferencing (following LDAP aliases)
Arran Cudbard-Bell [Wed, 12 Feb 2014 14:00:00 +0000 (14:00 +0000)]
Update ChangeLog
Alan T. DeKok [Fri, 13 Jun 2014 02:55:01 +0000 (22:55 -0400)]
Add sql_unset_user(). Fixes #640
It's really just a macro around pairdelete. But it's clearer
to have sql_set_user() / sql_unset_user, than to use pairdelete
Alan T. DeKok [Fri, 13 Jun 2014 02:46:15 +0000 (22:46 -0400)]
Make the configuration more understandable. Fixes #678
It should just be "response_timeouts", and not "max_response_timeouts"
it's not an upper limit, and there's no "min" limit.
Setting "ignore this many replies missing" is hard to understand.
It's easier to say "trigger zombie period after response_timeouts
packets are lost".
Nikolai Kondrashov [Wed, 4 Jun 2014 17:06:48 +0000 (20:06 +0300)]
Add max_response_timeouts option
Add "max_response_timeouts" - a home server option specifying number of
times replies are allowed to miss "response_window" before the server
enters the zombie period.
This allows more tolerance before transiting to zombie period for lower
response window configurations.
Nikolai Kondrashov [Fri, 30 May 2014 17:23:57 +0000 (20:23 +0300)]
Let client response windows override init_delay
Allow client's response_window lower than main_config.init_delay to
override it. This allows initial request processing delay to track
client response windows, in addition to home server response windows.
Alan T. DeKok [Thu, 12 Jun 2014 13:18:50 +0000 (09:18 -0400)]
Fix error message. Closs #683
Arran Cudbard-Bell [Wed, 11 Jun 2014 18:11:08 +0000 (19:11 +0100)]
More EAP attribute definitions which should have been converted
Arran Cudbard-Bell [Wed, 11 Jun 2014 17:51:07 +0000 (18:51 +0100)]
Search for the correct alternative attributes...
Arran Cudbard-Bell [Wed, 11 Jun 2014 17:47:19 +0000 (18:47 +0100)]
EAP Sim code should use PW_EAP_* definitions instead of ATTRIBUTE_EAP_SIM_*
Alan T. DeKok [Wed, 11 Jun 2014 17:02:52 +0000 (13:02 -0400)]
Whitespace
Arran Cudbard-Bell [Wed, 11 Jun 2014 15:50:37 +0000 (16:50 +0100)]
Formatting
Arran Cudbard-Bell [Wed, 11 Jun 2014 15:50:17 +0000 (16:50 +0100)]
Relax DHCP sub-option parser slightly
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:45:07 +0000 (15:45 +0100)]
Remove DHCP Client Identifier hack, this can, and should, be done in policy.
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:26:45 +0000 (15:26 +0100)]
DHCP-Client-Identifier and DHCP-Vendor-Class-Identifier should both be octets types
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:14:31 +0000 (15:14 +0100)]
We no longer need to artificially limit the size of DHCP options to 253 bytes
Dynamically allocated value buffers FTW
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:09:39 +0000 (15:09 +0100)]
Don't stop parsing on padding options
Alan T. DeKok [Wed, 11 Jun 2014 13:37:04 +0000 (09:37 -0400)]
VPs are allocated in the packet CTX, not the request
Arran Cudbard-Bell [Wed, 11 Jun 2014 12:22:35 +0000 (13:22 +0100)]
Fix horrific formatting in EAP-PWD
Arran Cudbard-Bell [Wed, 11 Jun 2014 09:41:26 +0000 (10:41 +0100)]
Add TALLOC_CTX to RADIUS protocol decoder. We're not always allocating in the context of a packet.
Fixes #668
Also fixes potential threading issues in EAP-TTLS
Arran Cudbard-Bell [Wed, 11 Jun 2014 08:23:41 +0000 (09:23 +0100)]
Formatting
Arran Cudbard-Bell [Wed, 11 Jun 2014 08:17:45 +0000 (09:17 +0100)]
Not every LDAP library supports setting Network Timeout
Arran Cudbard-Bell [Tue, 10 Jun 2014 20:46:05 +0000 (21:46 +0100)]
Hmm, setting _X_OPEN_SOURCE breaks everything
Arran Cudbard-Bell [Tue, 10 Jun 2014 20:14:08 +0000 (21:14 +0100)]
More fixes for Betriebssystemschwein
Set _X_OPEN_SOURCE=600 and -std=c99 earlier so that ./configure runs against appropriate versions of the POSIX APIs.
Fix rlm_krb5 configure script to correctly detect that Betriebssystemschwein's libkrb5 is based on MIT's
Include fcntl.h in log.c, this should probably always of been included...
Add alternative names for macros in rlm_ldap/ldap.h and #ifdef out a few lines of code, as starttls doesn't seen to be available...
Arran Cudbard-Bell [Tue, 10 Jun 2014 18:34:06 +0000 (19:34 +0100)]
Coverity CID #1222259
Arran Cudbard-Bell [Tue, 10 Jun 2014 18:04:51 +0000 (19:04 +0100)]
Add dependencies for load-balance redundant-load-balance tests, add load-balance test
Arran Cudbard-Bell [Tue, 10 Jun 2014 16:13:45 +0000 (17:13 +0100)]
Update ChangeLog
Alan T. DeKok [Tue, 10 Jun 2014 15:43:36 +0000 (11:43 -0400)]
Tests for redundant load balance
Alan T. DeKok [Tue, 10 Jun 2014 15:42:47 +0000 (11:42 -0400)]
Make redundant-load-balance work again. Closes #681
Alan T. DeKok [Tue, 10 Jun 2014 14:28:21 +0000 (10:28 -0400)]
Redundant, load-balance, etc. can't be empty
Arran Cudbard-Bell [Tue, 10 Jun 2014 10:23:20 +0000 (11:23 +0100)]
Convert request_free to a destructor to make double free problems easier to track down
Arran Cudbard-Bell [Tue, 10 Jun 2014 08:42:19 +0000 (09:42 +0100)]
Add inlen to fr_hex2bin. rlm_pap used fr_hex2bin with the assumption that the VP it was normifying was a string which caused reads into uninitialised memory. Fixes #679
Arran Cudbard-Bell [Mon, 9 Jun 2014 23:05:46 +0000 (00:05 +0100)]
Fix case change of attribute names when creating attributes.h on Solaris
Arran Cudbard-Bell [Mon, 9 Jun 2014 22:50:02 +0000 (23:50 +0100)]
More fixes for Solaris
Arran Cudbard-Bell [Mon, 9 Jun 2014 22:38:12 +0000 (23:38 +0100)]
Fix sig_t check
Arran Cudbard-Bell [Mon, 9 Jun 2014 22:13:48 +0000 (23:13 +0100)]
Typo in autoconf (check for htonlll not htonll)
Arran Cudbard-Bell [Mon, 9 Jun 2014 22:03:34 +0000 (23:03 +0100)]
Use simple patterns as the default grep in solaris is dumb
Arran Cudbard-Bell [Mon, 9 Jun 2014 21:04:35 +0000 (22:04 +0100)]
Better debug logging for NT-Password and LM-Password attribute searches
Arran Cudbard-Bell [Mon, 9 Jun 2014 11:05:59 +0000 (12:05 +0100)]
Fixup length in radsniff filter attributes
Arran Cudbard-Bell [Mon, 9 Jun 2014 10:05:31 +0000 (11:05 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 8 Jun 2014 21:12:06 +0000 (22:12 +0100)]
Enumerate escape-sequences tests
Arran Cudbard-Bell [Sun, 8 Jun 2014 21:08:50 +0000 (22:08 +0100)]
Fix UTF8 chars in %{escape:}, add %{unescape:} and tests
Arran Cudbard-Bell [Sun, 8 Jun 2014 21:08:08 +0000 (22:08 +0100)]
Use casts for all urlquote tests
Arran Cudbard-Bell [Sun, 8 Jun 2014 08:35:14 +0000 (09:35 +0100)]
Fix comment
Arran Cudbard-Bell [Sun, 8 Jun 2014 08:19:34 +0000 (09:19 +0100)]
Add urlunquote
Arran Cudbard-Bell [Sat, 7 Jun 2014 20:10:58 +0000 (21:10 +0100)]
Fix url quote, enable all url quote tests
Arran Cudbard-Bell [Sat, 7 Jun 2014 09:18:07 +0000 (10:18 +0100)]
Add tests for urlquote (which currently would not pass)
Arran Cudbard-Bell [Fri, 6 Jun 2014 23:18:58 +0000 (00:18 +0100)]
url quote chars should be upper case
Arran Cudbard-Bell [Fri, 6 Jun 2014 16:55:42 +0000 (17:55 +0100)]
Rename foreach-2 to something meaningful
Arran Cudbard-Bell [Fri, 6 Jun 2014 16:45:00 +0000 (17:45 +0100)]
Add tests for hexadecimal IP addresses
Arran Cudbard-Bell [Fri, 6 Jun 2014 11:47:47 +0000 (12:47 +0100)]
Fix pairfilter documentation
Arran Cudbard-Bell [Fri, 6 Jun 2014 11:26:56 +0000 (12:26 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 6 Jun 2014 11:23:50 +0000 (12:23 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 6 Jun 2014 11:03:23 +0000 (12:03 +0100)]
Fixup md4 function names
Arran Cudbard-Bell [Fri, 6 Jun 2014 11:01:33 +0000 (12:01 +0100)]
Fixup md5 function names
Arran Cudbard-Bell [Fri, 6 Jun 2014 10:56:48 +0000 (11:56 +0100)]
Add %{hmacmd5:} and %{hmacsha1} xlat expansions
Arran Cudbard-Bell [Fri, 6 Jun 2014 10:56:06 +0000 (11:56 +0100)]
Move hmac prototypes into the md5.h/sha1.h headers
Arran Cudbard-Bell [Fri, 6 Jun 2014 09:31:30 +0000 (10:31 +0100)]
Swap order of arguments in hmac functions so output is the first argument
Arran Cudbard-Bell [Fri, 6 Jun 2014 09:17:30 +0000 (10:17 +0100)]
Add dsp-id
Arran Cudbard-Bell [Fri, 6 Jun 2014 09:13:40 +0000 (10:13 +0100)]
Fixup SHA1 function names
Arran Cudbard-Bell [Thu, 5 Jun 2014 18:26:37 +0000 (19:26 +0100)]
Add notes on what's going on
Alan T. DeKok [Thu, 5 Jun 2014 14:57:58 +0000 (10:57 -0400)]
Double init_delay in preparation for halving it later. Closes #677
Alan T. DeKok [Thu, 5 Jun 2014 14:28:10 +0000 (10:28 -0400)]
init_delay = response_window / 2. Closes #677
This gives the event loop enough time to wake up, and set the
response_window timer before it fires
Arran Cudbard-Bell [Thu, 5 Jun 2014 10:20:51 +0000 (11:20 +0100)]
If REST xlat fails, output the contents of the body using REDEBUG so it's available in Module-Failure-Message
Arran Cudbard-Bell [Wed, 4 Jun 2014 23:19:35 +0000 (00:19 +0100)]
Allow custom HTTP headers to be specified with control:REST-HTTP-Header
Arran Cudbard-Bell [Wed, 4 Jun 2014 22:48:58 +0000 (23:48 +0100)]
Add HTTP_BODY_CUSTOM_LITERAL encoder and expose it through the %{rest:} xlat function
Arran Cudbard-Bell [Wed, 4 Jun 2014 22:43:11 +0000 (23:43 +0100)]
Return the correct handle in mod_conn_create if connect_uri is not specified
Alan T. DeKok [Wed, 4 Jun 2014 21:06:41 +0000 (17:06 -0400)]
Pull checks from master
If we're checking the config, don't create the packet lists
Alan T. DeKok [Wed, 4 Jun 2014 21:04:52 +0000 (17:04 -0400)]
Make DEBUG_STATE_MACHINE print out usec timestamps
Arran Cudbard-Bell [Wed, 4 Jun 2014 20:38:42 +0000 (21:38 +0100)]
Check for htonll and htonlll (you never know)
Use __builtin_bswap64 is htonll is not available
Arran Cudbard-Bell [Wed, 4 Jun 2014 20:17:16 +0000 (21:17 +0100)]
Add check for bswap64
Arran Cudbard-Bell [Wed, 4 Jun 2014 20:16:51 +0000 (21:16 +0100)]
Tweak builtin checks
Arran Cudbard-Bell [Wed, 4 Jun 2014 19:27:50 +0000 (20:27 +0100)]
Fix invalid assert and paircmp check
Alan T. DeKok [Wed, 4 Jun 2014 18:21:12 +0000 (14:21 -0400)]
More talloc_steal
Alan T. DeKok [Wed, 4 Jun 2014 13:23:47 +0000 (09:23 -0400)]
Allow no proxy reply. Closes #675
For "proxy_tunneled_request_as_eap = no"
Arran Cudbard-Bell [Wed, 4 Jun 2014 17:25:26 +0000 (18:25 +0100)]
We need paircmp to support regexes
Arran Cudbard-Bell [Wed, 4 Jun 2014 15:06:46 +0000 (16:06 +0100)]
Fixup length when converting xlat VPs back to literals in radclient
Arran Cudbard-Bell [Wed, 4 Jun 2014 13:48:55 +0000 (14:48 +0100)]
Support new tag behaviour correctly in pairvalidate
Arran Cudbard-Bell [Wed, 4 Jun 2014 13:48:36 +0000 (14:48 +0100)]
Simplify pairvalidate loop
Arran Cudbard-Bell [Wed, 4 Jun 2014 13:48:13 +0000 (14:48 +0100)]
Add assert to pairvalidate_debug to catch when pairvalidate misidentified an attribute as mismatching
Arran Cudbard-Bell [Wed, 4 Jun 2014 13:47:25 +0000 (14:47 +0100)]
Fix cosmetic error in pairvalidate_debug
Alan T. DeKok [Wed, 4 Jun 2014 12:15:25 +0000 (08:15 -0400)]
Add the proxy reply attributes to the reply. Fixes #675
Don't over-write the reply. The various EAP functions always
put their attributes into the reply, even when run in the
post-proxy stage
Alan T. DeKok [Wed, 4 Jun 2014 12:14:55 +0000 (08:14 -0400)]
Set the reply to CHALLENGE if we're not done
Alan T. DeKok [Wed, 4 Jun 2014 11:35:18 +0000 (07:35 -0400)]
More talloc_steal <sigh>
Alan T. DeKok [Wed, 4 Jun 2014 11:22:13 +0000 (07:22 -0400)]
Use new syntax
Alan T. DeKok [Wed, 4 Jun 2014 11:21:37 +0000 (07:21 -0400)]
Don't print out name for empty sub-section
Alan T. DeKok [Tue, 3 Jun 2014 21:24:31 +0000 (17:24 -0400)]
Be more careful with proxy delays. Should help #673
Alan T. DeKok [Tue, 3 Jun 2014 14:53:06 +0000 (10:53 -0400)]
Print timeouts for requests in debugging mode
Arran Cudbard-Bell [Tue, 3 Jun 2014 13:56:12 +0000 (14:56 +0100)]
We can't build with openssl sha1 by default