Alan T. DeKok [Mon, 2 Jan 2017 15:15:21 +0000 (10:15 -0500)]
fix filtering operators
Alan T. DeKok [Mon, 2 Jan 2017 15:12:48 +0000 (10:12 -0500)]
update date
Alan T. DeKok [Mon, 2 Jan 2017 15:12:21 +0000 (10:12 -0500)]
document filtering operators < and >
Alan T. DeKok [Mon, 2 Jan 2017 14:56:43 +0000 (09:56 -0500)]
more descriptive
Alan T. DeKok [Mon, 2 Jan 2017 14:11:16 +0000 (09:11 -0500)]
document != as a filtering operator
Alan T. DeKok [Mon, 2 Jan 2017 14:04:20 +0000 (09:04 -0500)]
fix documentation
Alan T. DeKok [Tue, 20 Dec 2016 16:56:54 +0000 (11:56 -0500)]
note recent changes
Alan T. DeKok [Tue, 20 Dec 2016 16:54:51 +0000 (11:54 -0500)]
add recv_coa
which is a copy of authorize
Matthew Newton [Tue, 20 Dec 2016 13:08:31 +0000 (13:08 +0000)]
Merge pull request #1835 from qnet-herwin/retry_winbind_auth_with_normalized_username
Allow authentication retry in winbind
Herwin Weststrate [Wed, 9 Nov 2016 09:29:08 +0000 (10:29 +0100)]
Allow authentication retry in winbind
A setup with the following properties:
* Active Directory backend
* FreeRadius with eap-inner-proxy
* Windows client with single sign-on
* User using different casing in username than in backend
may result in failing connections. It looks like Windows reads the
correct username from the domain server once it has logged in, and uses
that to create the MS-CHAP2-Response attribute. The User-Name attribute
is still the one with the incorrect casing, causing the authentication
to fail.
The introduced config option kicks in after a failed authentication: it
reads the correct username from the backend, tries another
authentication, and uses the found User-Name to calculate
MS-CHAP2-Response if the second authentication works.
Alan DeKok [Wed, 7 Dec 2016 16:37:15 +0000 (11:37 -0500)]
Merge pull request #1850 from spbnick/v3.0.x_openssl_1.1_fix
OpenSSL v1.1 fixes for v3.0.x
Alan T. DeKok [Wed, 7 Dec 2016 14:57:06 +0000 (09:57 -0500)]
note recent changes
Alan T. DeKok [Wed, 7 Dec 2016 14:56:01 +0000 (09:56 -0500)]
continue to "next" in xlat alternate. Fixes #1866
Nikolai Kondrashov [Wed, 23 Nov 2016 08:27:45 +0000 (10:27 +0200)]
Do not assign OpenSSL callbacks if not needed
Check if CRYPTO_set_id_callback and CRYPTO_set_locking_callback are
defined as functions (as opposed to stub macros), and if they aren't,
don't call them and don't define the corresponding callbacks.
This avoids the "unused function" warnings with OpenSSL v1.1.
Nikolai Kondrashov [Wed, 23 Nov 2016 07:40:24 +0000 (09:40 +0200)]
Handle deprecated OpenSSL thread cleanup functions
Use appropriate OpenSSL thread cleanup function or don't use any,
depending on their deprecation status in various OpenSSL versions.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:15 +0000 (20:09 +0200)]
Accomodate consts added in OpenSSL 1.1
Update some declarations to use const to match respective changes in
OpenSSL 1.1 and not produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:05 +0000 (20:09 +0200)]
Do not use OPENSSL_config
Switch to using CONF_modules_load_file instead of OPENSSL_config, which
was deprecated in OpenSSL 1.1 and would produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:09:02 +0000 (20:09 +0200)]
Do not use ASN1_STRING_data
Switch to using ASN1_STRING_get0_data instead of ASN1_STRING_data, which
was deprecated in OpenSSL 1.1 and would produce build warnings.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:59 +0000 (20:08 +0200)]
Do not use HMAC_Init
Replace remaining use of HMAC_Init with HMAC_Init_ex to silence
deprecation warnings with OpenSSL 1.1.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:56 +0000 (20:08 +0200)]
Do not use HMAC_CTX_init
Switch to using HMAC_CTX_new in place of HMAC_CTX_init, which was
removed in OpenSSL 1.1, resulting in broken build.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:54 +0000 (20:08 +0200)]
Initialize HMAC context in rlm_otp
Add the missing mandatory HMAC context initialization to rlm_otp's
otp_gen_state. Otherwise the outcome of the following HMAC operations is
undefined.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:49 +0000 (20:08 +0200)]
Do not try to access private OpenSSL structs
Some more OpenSSL structures were made private in v1.1 and accessor
functions were added instead. Switch to using accessor functions to fix
the build.
Nikolai Kondrashov [Wed, 7 Dec 2016 12:23:54 +0000 (14:23 +0200)]
Move func substitutes from rlm_eap to missing.c
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:47 +0000 (20:08 +0200)]
Add a few OpenSSL fallback funcs
Add four fallback function implementations to use in place of functions
removed/deprecated in OpenSSL 1.1. Those are to be used in the following
patches to make the build work and not produce deprecation warnings.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:21:33 +0000 (10:21 +0200)]
Check for openssl/conf.h
Check for presence of openssl/conf.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Mon, 21 Nov 2016 08:13:55 +0000 (10:13 +0200)]
Check for openssl/asn1.h
Check for presence of openssl/asn1.h to support definition of fallback
functions in later patches.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:43 +0000 (20:08 +0200)]
Check for openssl/hmac.h
Apart from dealing with a FIXME, this is needed for implementing
compatibility fallbacks for some functions introduced in OpenSSL 1.1, in
following commits.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:40 +0000 (20:08 +0200)]
Check for EVP_CIPHER_CTX_new to detect libcrypto
Switch to checking for EVP_CIPHER_CTX_new instead of EVP_cleanup to
detect presence of libcrypto, because EVP_cleanup was removed as symbol
from OpenSSL 1.1, and the check would always fail.
Nikolai Kondrashov [Fri, 18 Nov 2016 18:08:33 +0000 (20:08 +0200)]
Fix SSL_get_client/server_random checks
Needed for conditionally avoiding accessing private OpenSSL structures
in a following patch.
Backported from v3.1.x.
Alan T. DeKok [Wed, 7 Dec 2016 00:22:12 +0000 (19:22 -0500)]
indentation helps
Alan T. DeKok [Wed, 30 Nov 2016 13:30:38 +0000 (08:30 -0500)]
switch with no match and no default
njm506 [Wed, 30 Nov 2016 13:00:17 +0000 (13:00 +0000)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Mon, 28 Nov 2016 15:37:17 +0000 (10:37 -0500)]
limit FD to FD_SETSIZE
Graham Clinch [Sat, 1 Oct 2016 23:01:35 +0000 (00:01 +0100)]
dhcp module isn't built by default, don't try to enable it
Graham Clinch [Sat, 1 Oct 2016 22:08:07 +0000 (23:08 +0100)]
Don't package symlinks in sites-enabled and mods-enabled
Graham Clinch [Sat, 1 Oct 2016 22:04:26 +0000 (23:04 +0100)]
Create default mods-enabled symlinks on install, remove dangling links on purge
Graham Clinch [Sat, 1 Oct 2016 22:01:11 +0000 (23:01 +0100)]
freeradius-config is the package responsible creating and removing symlinks
Alan DeKok [Wed, 23 Nov 2016 18:16:55 +0000 (13:16 -0500)]
Merge pull request #1857 from jrouzierinverse/json-encoding
Cast byte as an unsigned char instead
James Rouzier [Wed, 23 Nov 2016 17:37:59 +0000 (12:37 -0500)]
Cast byte as an unsigned char instead
Alan T. DeKok [Wed, 23 Nov 2016 14:06:39 +0000 (09:06 -0500)]
use unsigned, not signed
Alan T. DeKok [Wed, 23 Nov 2016 14:05:50 +0000 (09:05 -0500)]
\n is \n, not \b
Alan T. DeKok [Tue, 22 Nov 2016 21:27:12 +0000 (16:27 -0500)]
make data unsigned
Alan DeKok [Mon, 21 Nov 2016 16:43:05 +0000 (11:43 -0500)]
Merge pull request #1853 from alanbuxey/patch-4
remove unnecessary "Need 0 more connections to reach..." INFO output
Alan Buxey [Mon, 21 Nov 2016 15:25:24 +0000 (15:25 +0000)]
remove unnecessary "Need 0 more connections to reach..." INFO output
the <= means that when the value is 0 the server keeps spewing out "Need 0 more connections to reach..." messages into the log output. this ensures messages come out only when there is a need.
Alan T. DeKok [Mon, 21 Nov 2016 14:06:32 +0000 (09:06 -0500)]
Check both attributes for message type and option 82
Alan T. DeKok [Mon, 21 Nov 2016 12:01:07 +0000 (07:01 -0500)]
added MS-MPPE-Encryption-Policy !* ANY
Alan T. DeKok [Sat, 19 Nov 2016 00:32:10 +0000 (19:32 -0500)]
fix inner-tunnel policy
This policy replaces "use_tunneled_reply". It's better to use
if (0) { ...} to disable blocks of code, instead of commenting it out.
Also, update the local reply before copying it to the outer
session-state list. That makes a lot more sense.
Alan T. DeKok [Fri, 18 Nov 2016 16:59:28 +0000 (11:59 -0500)]
set reject on reject
Alan T. DeKok [Fri, 18 Nov 2016 14:16:27 +0000 (09:16 -0500)]
remove unnecessary const
Alan T. DeKok [Tue, 15 Nov 2016 17:32:01 +0000 (12:32 -0500)]
pass the correct length to hex2bin
Alan T. DeKok [Mon, 14 Nov 2016 19:30:10 +0000 (14:30 -0500)]
NO is 0. YES is 1.
Alan T. DeKok [Fri, 11 Nov 2016 11:56:23 +0000 (06:56 -0500)]
from Microsemi
Boris Lytochkin [Wed, 9 Nov 2016 19:03:03 +0000 (22:03 +0300)]
fix build on FreeBSD: readline headers imply stdio.h is included prior
including readline.h
Arran Cudbard-Bell [Wed, 9 Nov 2016 15:09:21 +0000 (10:09 -0500)]
Really should be invalid
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:18 +0000 (07:36 -0500)]
Merge pull request #1829 from lytboris/init-out-v3.0.x
Initialize out before calling radius_axlat or radius_axlat_struct
Arran Cudbard-Bell [Wed, 9 Nov 2016 12:36:06 +0000 (07:36 -0500)]
Merge branch 'v3.0.x' into init-out-v3.0.x
Arran Cudbard-Bell [Tue, 8 Nov 2016 14:15:04 +0000 (09:15 -0500)]
Merge pull request #1823 from lytboris/rlm_perl_radxlat_function-v3.0.x
implement radiusd::radius_xlat in rlm_perl (v3.0.x)
Boris Lytochkin [Fri, 4 Nov 2016 14:29:12 +0000 (17:29 +0300)]
implement radiusd::xlat in rlm_perl
Sponsored by: Yandex LLC
Alan T. DeKok [Tue, 8 Nov 2016 13:47:47 +0000 (08:47 -0500)]
fix previous commit
Arran Cudbard-Bell [Mon, 7 Nov 2016 18:32:29 +0000 (13:32 -0500)]
Sometimes we're spawning to reach min not spare
Alan T. DeKok [Mon, 7 Nov 2016 15:42:45 +0000 (10:42 -0500)]
note recent changes
Alan T. DeKok [Mon, 7 Nov 2016 15:42:02 +0000 (10:42 -0500)]
OpenSSL 1.1.0 compatability fixes
Philippe Wooding [Tue, 13 Sep 2016 11:20:00 +0000 (13:20 +0200)]
Initialize out before calling radius_axlat or radius_axlat_struct
Arran Cudbard-Bell [Sat, 5 Nov 2016 19:24:41 +0000 (15:24 -0400)]
Merge pull request #1815 from alanbuxey/v3.0.x
fixed variable in accounting policy to use correct "&" prefix - no more warnings with default configuration
Arran Cudbard-Bell [Sat, 5 Nov 2016 19:20:48 +0000 (15:20 -0400)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Fri, 4 Nov 2016 18:09:34 +0000 (14:09 -0400)]
success may still return nothing. Should help with #1824
Alan T. DeKok [Fri, 4 Nov 2016 15:35:43 +0000 (11:35 -0400)]
NUL terminating strings is a good idea.
Alan T. DeKok [Fri, 4 Nov 2016 12:38:35 +0000 (08:38 -0400)]
more error messages
Alan DeKok [Fri, 4 Nov 2016 13:43:23 +0000 (09:43 -0400)]
Merge pull request #1819 from jrouzierinverse/ldap-null-check
Check if info.ldapai_extensions is not NULL before freeing it
Arran Cudbard-Bell [Thu, 3 Nov 2016 20:13:21 +0000 (16:13 -0400)]
Ignore dirs from other branches
Arran Cudbard-Bell [Thu, 3 Nov 2016 20:11:32 +0000 (16:11 -0400)]
Initialise tminfo Closes #1820
Arran Cudbard-Bell [Thu, 3 Nov 2016 14:33:04 +0000 (10:33 -0400)]
Merge branch 'v3.0.x' into ldap-null-check
Alan T. DeKok [Thu, 3 Nov 2016 13:54:41 +0000 (09:54 -0400)]
note recent changes
Alan T. DeKok [Thu, 3 Nov 2016 13:50:56 +0000 (09:50 -0400)]
Rename lt_* to fr_*. Fixes #1277
Which fixes linker issues in libraries which link to libtool,
and then sometimes get the wrong function.
Changed via:
perl -p -i -e 's/lt_dlhandle/fr_dlhandle/g;s/lt_dlopenext/fr_dlopenext/g;s/lt_dlsym/fr_dlsym/g;s/lt_dlclose/fr_dlclose/g;s/lt_dlerror/fr_dlerror/g;' $(find . -name "*.[ch]" -print)
Alan Buxey [Tue, 1 Nov 2016 20:39:56 +0000 (20:39 +0000)]
Merge branch 'v3.0.x' into v3.0.x
Alan Buxey [Tue, 1 Nov 2016 20:38:56 +0000 (20:38 +0000)]
allow Calling-Station-Id and Chargeable-User-Identity to pass through
ensures configuration works out of box for various roaming consortia
James Rouzier [Tue, 1 Nov 2016 17:13:53 +0000 (13:13 -0400)]
Check if info.ldapai_extensions is not NULL before freeing it
Arran Cudbard-Bell [Mon, 31 Oct 2016 15:21:52 +0000 (11:21 -0400)]
Merge pull request #1799 from intersvyaz/v3.0.x-patch2
rlm_ldap: cleanup memory after ldap version query
Arran Cudbard-Bell [Mon, 31 Oct 2016 14:44:06 +0000 (10:44 -0400)]
Merge branch 'v3.0.x' into v3.0.x-patch2
Alan Buxey [Sun, 30 Oct 2016 22:27:38 +0000 (22:27 +0000)]
fixed variable to use the "&" prefix
Arran Cudbard-Bell [Sat, 29 Oct 2016 11:53:41 +0000 (07:53 -0400)]
Merge pull request #1811 from Caspinol/v3.0.x
Refer to raiusd.conf for more examples
Kris [Fri, 28 Oct 2016 15:49:56 +0000 (16:49 +0100)]
Refer to raiusd.conf for more examples
Alan DeKok [Fri, 28 Oct 2016 11:36:42 +0000 (07:36 -0400)]
Merge pull request #1810 from qnet-herwin/indentation_rlm_mschap
Indentation fix in rlm_mschap.c
Herwin Weststrate [Fri, 28 Oct 2016 11:11:03 +0000 (13:11 +0200)]
Indentation fix in rlm_mschap.c
Alan DeKok [Wed, 26 Oct 2016 14:47:42 +0000 (10:47 -0400)]
Merge pull request #1806 from candlerb/v3.0.x/candlerb/eap-updated
Add commented-out example to eap section to handle "updated" response
Brian Candler [Tue, 25 Oct 2016 17:19:10 +0000 (18:19 +0100)]
Add commented-out example to eap section to handle "updated" response
This occurs part-way through a PEAP tunneled exchange, and can cause
additional database lookups.
Alan T. DeKok [Tue, 25 Oct 2016 12:46:10 +0000 (08:46 -0400)]
typo
Alan T. DeKok [Sun, 23 Oct 2016 15:57:06 +0000 (11:57 -0400)]
no longer needed
Alan T. DeKok [Sat, 22 Oct 2016 22:20:35 +0000 (18:20 -0400)]
Check for new OpenSSL. Fixes #1803
Old versions of OpenSSL don't have the necessary functions or
macro definitions, so we don't build rlm_eap_fast for them.
Aleksey Katargin [Wed, 19 Oct 2016 10:25:07 +0000 (15:25 +0500)]
rlm_ldap: cleanup memory after ldap version query
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Wed, 19 Oct 2016 17:56:43 +0000 (13:56 -0400)]
Merge pull request #1795 from intersvyaz/v3.0.x-patch1
conffile: cleanup section children and tail on data remove
Alan T. DeKok [Wed, 19 Oct 2016 16:39:35 +0000 (12:39 -0400)]
note recent changes
Alan T. DeKok [Wed, 19 Oct 2016 16:37:27 +0000 (12:37 -0400)]
return RLM_MODULE_NOTFOUND if nothing was found
Alan DeKok [Wed, 19 Oct 2016 13:52:36 +0000 (09:52 -0400)]
Merge branch 'v3.0.x' into v3.0.x-patch1
Alan T. DeKok [Wed, 19 Oct 2016 13:48:48 +0000 (09:48 -0400)]
Add cipher_server_preference. Manual port of #1797
Aleksey Katargin [Wed, 19 Oct 2016 08:05:11 +0000 (13:05 +0500)]
conffile: cleanup section children and tail on data remove
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Mon, 17 Oct 2016 16:15:50 +0000 (12:15 -0400)]
Merge pull request #1793 from andre-luiz-dos-santos/patch-1
Minor typo
André Luiz dos Santos [Mon, 17 Oct 2016 15:26:32 +0000 (13:26 -0200)]
Minor typo
Alan DeKok [Mon, 17 Oct 2016 14:37:55 +0000 (10:37 -0400)]
Merge pull request #1792 from mcnewton/v3.0.x
rlm_mschap: fix up password change test
Matthew Newton [Mon, 17 Oct 2016 13:55:54 +0000 (14:55 +0100)]
rlm_mschap: fix up password change test