Alan T. DeKok [Sat, 22 Oct 2016 22:20:35 +0000 (18:20 -0400)]
Check for new OpenSSL. Fixes #1803
Old versions of OpenSSL don't have the necessary functions or
macro definitions, so we don't build rlm_eap_fast for them.
Aleksey Katargin [Wed, 19 Oct 2016 10:25:07 +0000 (15:25 +0500)]
rlm_ldap: cleanup memory after ldap version query
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Wed, 19 Oct 2016 17:56:43 +0000 (13:56 -0400)]
Merge pull request #1795 from intersvyaz/v3.0.x-patch1
conffile: cleanup section children and tail on data remove
Alan T. DeKok [Wed, 19 Oct 2016 16:39:35 +0000 (12:39 -0400)]
note recent changes
Alan T. DeKok [Wed, 19 Oct 2016 16:37:27 +0000 (12:37 -0400)]
return RLM_MODULE_NOTFOUND if nothing was found
Alan DeKok [Wed, 19 Oct 2016 13:52:36 +0000 (09:52 -0400)]
Merge branch 'v3.0.x' into v3.0.x-patch1
Alan T. DeKok [Wed, 19 Oct 2016 13:48:48 +0000 (09:48 -0400)]
Add cipher_server_preference. Manual port of #1797
Aleksey Katargin [Wed, 19 Oct 2016 08:05:11 +0000 (13:05 +0500)]
conffile: cleanup section children and tail on data remove
Signed-off-by: Aleksey Katargin <gureedo@intersvyaz.net>
Alan DeKok [Mon, 17 Oct 2016 16:15:50 +0000 (12:15 -0400)]
Merge pull request #1793 from andre-luiz-dos-santos/patch-1
Minor typo
André Luiz dos Santos [Mon, 17 Oct 2016 15:26:32 +0000 (13:26 -0200)]
Minor typo
Alan DeKok [Mon, 17 Oct 2016 14:37:55 +0000 (10:37 -0400)]
Merge pull request #1792 from mcnewton/v3.0.x
rlm_mschap: fix up password change test
Matthew Newton [Mon, 17 Oct 2016 13:55:54 +0000 (14:55 +0100)]
rlm_mschap: fix up password change test
Alan T. DeKok [Wed, 12 Oct 2016 14:13:00 +0000 (10:13 -0400)]
added RFC 7930
Alan DeKok [Tue, 11 Oct 2016 17:13:49 +0000 (13:13 -0400)]
Merge pull request #1777 from zmousm/raddebug-dash-n
Let raddebug also have the -n option
Alan T. DeKok [Tue, 11 Oct 2016 17:12:04 +0000 (13:12 -0400)]
note recent changes
Alan T. DeKok [Tue, 11 Oct 2016 16:54:54 +0000 (12:54 -0400)]
vps may be NULL. Fixes #1778
The VERIFY_LIST macro shouild be protected by an "if *vps" check.
It should also be run once all of the VPs have been added,
and not on every VP which is added.
Zenon Mousmoulas [Mon, 10 Oct 2016 05:20:00 +0000 (08:20 +0300)]
Let raddebug also have the -n option
Alan DeKok [Sat, 8 Oct 2016 13:39:33 +0000 (09:39 -0400)]
Merge pull request #1772 from zmousm/fix-deb-patch
Refresh debian/patches/radiusd-to-freeradius.diff
Alan DeKok [Sat, 8 Oct 2016 13:29:30 +0000 (09:29 -0400)]
Merge pull request #1775 from stapelberg/patch-1
fix: macro `IR(hours|minutes|seconds)' not defined
Michael Stapelberg [Sat, 8 Oct 2016 11:51:51 +0000 (13:51 +0200)]
fix: macro `IR(hours|minutes|seconds)' not defined
Zenon Mousmoulas [Sat, 8 Oct 2016 07:42:13 +0000 (10:42 +0300)]
Refresh debian/patches/radiusd-to-freeradius.diff
dpkg-source aborts due to missing initial spaces and fuzz in one
context line
Alan T. DeKok [Wed, 5 Oct 2016 14:56:33 +0000 (10:56 -0400)]
it's not a warning message
Alan T. DeKok [Tue, 4 Oct 2016 18:43:28 +0000 (14:43 -0400)]
fix warning messages for packet possibly truncated
rely on the "encode" function to display warning messages.
And make the warning messages debug only
Alan T. DeKok [Mon, 3 Oct 2016 15:05:08 +0000 (11:05 -0400)]
check num_rows before using them
Alan T. DeKok [Mon, 3 Oct 2016 13:22:22 +0000 (09:22 -0400)]
Check for expiry only if the password was OK. Fixes #1762
Alan T. DeKok [Mon, 3 Oct 2016 13:15:21 +0000 (09:15 -0400)]
note recent changes
Alan DeKok [Mon, 3 Oct 2016 13:11:05 +0000 (09:11 -0400)]
Merge pull request #1767 from djjudas21/patch-1
Fix typo in %files section to avoid error building RPM
Jonathan [Mon, 3 Oct 2016 10:42:06 +0000 (11:42 +0100)]
Fix typo in %files section to avoid error building RPM
File not found: /home/jg4461/rpmbuild/BUILDROOT/freeradius-3.0.12-2.el7.centos.x86_64/usr/share/man/man1/radcounter.1.gz
Arran Cudbard-Bell [Sat, 1 Oct 2016 12:05:11 +0000 (13:05 +0100)]
Merge pull request #1763 from alanbuxey/patch-1
another typo fix and capitalisations
Alan Buxey [Sat, 1 Oct 2016 11:46:02 +0000 (12:46 +0100)]
another typo fix and capitalisations
Alan T. DeKok [Fri, 30 Sep 2016 11:58:43 +0000 (07:58 -0400)]
update for 3.0.13
Alan T. DeKok [Fri, 30 Sep 2016 11:36:33 +0000 (07:36 -0400)]
add "date" module
Alan T. DeKok [Fri, 30 Sep 2016 11:36:50 +0000 (07:36 -0400)]
bump for 3.0.13
Alan T. DeKok [Thu, 29 Sep 2016 15:19:48 +0000 (11:19 -0400)]
typo
Alan T. DeKok [Thu, 29 Sep 2016 14:55:38 +0000 (10:55 -0400)]
note recent changes.
Alan T. DeKok [Thu, 29 Sep 2016 14:42:58 +0000 (10:42 -0400)]
allow for old-style names, too
Alan T. DeKok [Thu, 29 Sep 2016 14:33:22 +0000 (10:33 -0400)]
simplify debug messages
we don't need 'request %u' in RDEBUG messages
Alan T. DeKok [Thu, 29 Sep 2016 14:25:15 +0000 (10:25 -0400)]
more &
Alan T. DeKok [Wed, 28 Sep 2016 15:16:51 +0000 (11:16 -0400)]
Fix compile without ascend binary. fixes #1761
Alan DeKok [Tue, 27 Sep 2016 19:52:30 +0000 (15:52 -0400)]
Merge pull request #1760 from jrouzierinverse/feature/eap-fast-3.0.x
Fix talloc parenting issue
James Rouzier [Tue, 27 Sep 2016 19:41:16 +0000 (15:41 -0400)]
Fix talloc parenting issue
Alan T. DeKok [Tue, 27 Sep 2016 19:12:23 +0000 (15:12 -0400)]
notes on AD
Alan T. DeKok [Sun, 10 Jul 2016 18:03:18 +0000 (14:03 -0400)]
build headers before scanning
Matthew Newton [Tue, 27 Sep 2016 11:43:09 +0000 (12:43 +0100)]
Merge pull request #1759 from mcnewton/v3.0.x
small dhcpclient man page tweaks
Matthew Newton [Tue, 27 Sep 2016 11:02:32 +0000 (12:02 +0100)]
small dhcpclient man page tweaks
Alan T. DeKok [Mon, 26 Sep 2016 20:39:36 +0000 (16:39 -0400)]
one more check for virtual servers
Alan T. DeKok [Mon, 26 Sep 2016 20:20:30 +0000 (16:20 -0400)]
skip virtual servers in a pool
Alan T. DeKok [Mon, 26 Sep 2016 20:16:49 +0000 (16:16 -0400)]
remove from proxy hash on ping timeout
Arran Cudbard-Bell [Mon, 26 Sep 2016 15:47:51 +0000 (16:47 +0100)]
Don't ignore the fact we've hit vulnerable versions in previous checks
Alan T. DeKok [Mon, 26 Sep 2016 15:06:11 +0000 (11:06 -0400)]
reorder list
Alan T. DeKok [Mon, 26 Sep 2016 15:00:33 +0000 (11:00 -0400)]
one last check to narrow down the possibilities
Arran Cudbard-Bell [Mon, 26 Sep 2016 14:55:28 +0000 (15:55 +0100)]
Merge pull request #1758 from TheMysteriousX/v3.0.x
Check the CVE ID, not the name
Alan T. DeKok [Mon, 26 Sep 2016 14:54:33 +0000 (10:54 -0400)]
Add checks for Linux && OSX
Alan T. DeKok [Mon, 26 Sep 2016 14:54:26 +0000 (10:54 -0400)]
fix typos
Adam Bishop [Mon, 26 Sep 2016 14:52:02 +0000 (15:52 +0100)]
Check the CVE ID, not the name
Alan T. DeKok [Mon, 26 Sep 2016 14:27:25 +0000 (10:27 -0400)]
note recent changes
Alan T. DeKok [Mon, 26 Sep 2016 14:25:39 +0000 (10:25 -0400)]
Use opendir(/proc/self/fd) when we don't have closefrom(). Fixes #1757
Alan T. DeKok [Mon, 26 Sep 2016 12:10:07 +0000 (08:10 -0400)]
added F_MAXFD
Alan T. DeKok [Mon, 26 Sep 2016 12:08:04 +0000 (08:08 -0400)]
added F_CLOSEM, which might work, too
Alan T. DeKok [Mon, 26 Sep 2016 11:53:14 +0000 (07:53 -0400)]
add new man pages
Alan Buxey [Mon, 19 Sep 2016 10:39:02 +0000 (11:39 +0100)]
add man page for dhcpclient
Alan Buxey [Mon, 19 Sep 2016 10:39:54 +0000 (11:39 +0100)]
add man page for rad_counter
Alan T. DeKok [Mon, 26 Sep 2016 11:41:49 +0000 (07:41 -0400)]
update for new CVEs
Alan T. DeKok [Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)]
allow acknowledged CVEs
Alan T. DeKok [Sun, 25 Sep 2016 15:06:11 +0000 (11:06 -0400)]
Don't open new connections when exiting. Addresses #1604.
When we a get a SIGTERM or SIGQUIT, mark "exiting", and stop
returning new connections. Also, don't allow reconnection of
existing connections. This should help with CTRL-C.
Alan T. DeKok [Fri, 23 Sep 2016 19:41:08 +0000 (15:41 -0400)]
parent attributes from the right place.
Alan T. DeKok [Fri, 23 Sep 2016 18:01:08 +0000 (14:01 -0400)]
enable "date" by default
Alan T. DeKok [Fri, 23 Sep 2016 13:56:28 +0000 (09:56 -0400)]
note recent changes
Alan T. DeKok [Fri, 23 Sep 2016 13:55:33 +0000 (09:55 -0400)]
clean up OCSP / verify routines
Alan DeKok [Thu, 22 Sep 2016 23:34:47 +0000 (19:34 -0400)]
Merge pull request #1755 from spaetow/patch-3
Adding ABFAB-specific things to last 3.0.x release.
Alan T. DeKok [Thu, 22 Sep 2016 20:07:24 +0000 (16:07 -0400)]
minor update to rejection message
Alan T. DeKok [Thu, 22 Sep 2016 20:06:54 +0000 (16:06 -0400)]
inner tunnel of EAP-FAST cannot be proxied
Alan T. DeKok [Thu, 22 Sep 2016 15:59:08 +0000 (11:59 -0400)]
Fix tls_global_version_check() function and message
there is now more than one vulnerability in OpenSSL.
Alan T. DeKok [Thu, 22 Sep 2016 15:55:14 +0000 (11:55 -0400)]
simplify code
Alan T. DeKok [Thu, 22 Sep 2016 15:54:55 +0000 (11:54 -0400)]
typo in version string
Alan T. DeKok [Thu, 22 Sep 2016 15:26:58 +0000 (11:26 -0400)]
typo
Alan T. DeKok [Thu, 22 Sep 2016 15:24:14 +0000 (11:24 -0400)]
note OpenSSL breakage
Alan T. DeKok [Thu, 22 Sep 2016 15:22:45 +0000 (11:22 -0400)]
Add more vulnerabilities for OpenSSL
Alan T. DeKok [Thu, 22 Sep 2016 14:40:05 +0000 (10:40 -0400)]
note recent changes
Stefan Paetow [Thu, 22 Sep 2016 13:12:37 +0000 (15:12 +0200)]
Update inner-tunnel
Added the Moonshot (ABFAB) TargetedId generation to the standard distribution. Disabled by default.
Stefan Paetow [Thu, 22 Sep 2016 13:03:49 +0000 (15:03 +0200)]
Create moonshot-targeted-ids
Formally include the three Moonshot TargetedIds in the FreeRADIUS policy space so that it can be updated accordingly as the other policies (and features) progress.
Arran Cudbard-Bell [Wed, 21 Sep 2016 14:41:29 +0000 (18:41 +0400)]
RPM_OPT_FLAGS set by configure macro anyway... We just need to not mess with things.
Arran Cudbard-Bell [Wed, 21 Sep 2016 13:09:32 +0000 (17:09 +0400)]
Explain flags
Alan T. DeKok [Tue, 20 Sep 2016 21:24:39 +0000 (17:24 -0400)]
Don't use -O2 for --with developer on rpmbuild. Fixes #1753
Alan T. DeKok [Wed, 21 Sep 2016 13:46:25 +0000 (09:46 -0400)]
make code match the comments and documentation
Alan T. DeKok [Wed, 21 Sep 2016 13:38:50 +0000 (09:38 -0400)]
Use conf->ocsp_store, as it is always set.
Which helps with RadSec connections
Alan T. DeKok [Tue, 20 Sep 2016 12:06:03 +0000 (08:06 -0400)]
More cleanups
Alan T. DeKok [Tue, 20 Sep 2016 11:55:40 +0000 (07:55 -0400)]
clarify message
Alan T. DeKok [Tue, 20 Sep 2016 11:46:13 +0000 (07:46 -0400)]
remove unnecessary FIXMEs
Alan T. DeKok [Tue, 20 Sep 2016 11:44:41 +0000 (07:44 -0400)]
use defines for shift, instead of hard-coded number
Alan DeKok [Tue, 20 Sep 2016 11:43:13 +0000 (07:43 -0400)]
Merge pull request #1751 from jrouzierinverse/feature/eap-fast-3.0.x
Feature/eap fast 3.0.x
James Rouzier [Mon, 19 Sep 2016 16:31:45 +0000 (12:31 -0400)]
Use the proper eap version
James Rouzier [Mon, 19 Sep 2016 16:31:07 +0000 (12:31 -0400)]
Free list after usage
James Rouzier [Mon, 19 Sep 2016 16:29:46 +0000 (12:29 -0400)]
Remove unused variables
James Rouzier [Fri, 16 Sep 2016 16:27:46 +0000 (12:27 -0400)]
Shift to use the proper attribute id
Alan T. DeKok [Mon, 19 Sep 2016 20:04:55 +0000 (16:04 -0400)]
whitespace and formatting
Arran Cudbard-Bell [Mon, 19 Sep 2016 16:15:52 +0000 (20:15 +0400)]
Merge pull request #1750 from TheMysteriousX/v3.0.x
NULL the configuration item if no trust router is configured
Adam Bishop [Mon, 19 Sep 2016 14:47:20 +0000 (15:47 +0100)]
NULL the configuration item if no trust router is configured
Add a debug message so the user knows the dyanmic realm functionality is disabled
Alan T. DeKok [Mon, 19 Sep 2016 15:23:54 +0000 (11:23 -0400)]
use the correct function API
Alan T. DeKok [Mon, 19 Sep 2016 15:17:34 +0000 (11:17 -0400)]
separate messages for separate error cases