Alan T. DeKok [Wed, 22 Apr 2015 17:31:54 +0000 (13:31 -0400)]
Release for 2.2.7
Alan T. DeKok [Mon, 13 Apr 2015 16:43:49 +0000 (12:43 -0400)]
Expand buffer to max string size
Alan T. DeKok [Wed, 8 Apr 2015 18:42:57 +0000 (14:42 -0400)]
Add certs to the packet, too
Manual port of commit #
994db028
Alan T. DeKok [Sun, 5 Apr 2015 13:57:52 +0000 (09:57 -0400)]
note recent changes
Alan T. DeKok [Sun, 5 Apr 2015 13:57:04 +0000 (09:57 -0400)]
Port fix for #945 from v3.0.x branch
Alan T. DeKok [Tue, 31 Mar 2015 16:07:29 +0000 (12:07 -0400)]
Fix for v2
Alan T. DeKok [Tue, 31 Mar 2015 15:34:50 +0000 (11:34 -0400)]
Note recent changes
Alan T. DeKok [Tue, 31 Mar 2015 15:34:23 +0000 (11:34 -0400)]
Revert "Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test."
This reverts commit
d541351bba3f874bcb9d51483679970981892c49.
No longer necessary after previous commit
Alan T. DeKok [Tue, 31 Mar 2015 15:33:12 +0000 (11:33 -0400)]
Use SSL_export_keying_material for TLSv1.2 PRF derivation
Alan T. DeKok [Tue, 31 Mar 2015 02:51:09 +0000 (22:51 -0400)]
Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test.
Manual port of commit 8ac08a4 to v2.
Alan T. DeKok [Sun, 29 Mar 2015 14:03:11 +0000 (10:03 -0400)]
Fix error message to be correct
Alan T. DeKok [Thu, 26 Mar 2015 18:15:15 +0000 (13:15 -0500)]
Note recent changes
Alan T. DeKok [Thu, 26 Mar 2015 18:12:45 +0000 (13:12 -0500)]
Allow "eap" in Post-Auth-Type Reject
which sends EAP failure and Message-Authenticator
Alan T. DeKok [Tue, 24 Mar 2015 22:12:14 +0000 (17:12 -0500)]
start from 0 for failover
Alan T. DeKok [Tue, 10 Mar 2015 13:54:44 +0000 (09:54 -0400)]
md5 == nt
Alan T. DeKok [Wed, 4 Mar 2015 13:07:53 +0000 (08:07 -0500)]
note recent changes
Alan T. DeKok [Wed, 4 Mar 2015 13:06:12 +0000 (08:06 -0500)]
Use the correct name if there are multiple tagged attributes
Alan T. DeKok [Wed, 25 Feb 2015 19:22:06 +0000 (14:22 -0500)]
Note recent changes
Alan T. DeKok [Wed, 25 Feb 2015 19:21:17 +0000 (14:21 -0500)]
Set correct default destination port for replies to relay
Alan DeKok [Fri, 13 Feb 2015 12:36:46 +0000 (07:36 -0500)]
Merge pull request #907 from spbnick/ssl_headers_fix
Include headers for OpenSSL init
Nikolai Kondrashov [Fri, 13 Feb 2015 10:54:29 +0000 (11:54 +0100)]
Include headers for OpenSSL init
Inlude OpenSSL headers into radiusd.c for OpenSSL init.
This fixes "implicit declaration of function" warnings concerning
SSL_library_init and SSL_load_error_strings.
Arran Cudbard-Bell [Wed, 11 Feb 2015 16:13:00 +0000 (11:13 -0500)]
Merge pull request #906 from spbnick/fix-openssl-version-check-disabling
Move OpenSSL init out of version check
Nikolai Kondrashov [Wed, 11 Feb 2015 14:24:23 +0000 (15:24 +0100)]
Move OpenSSL init out of version check
Initialize OpenSSL outside ssl_version_check() to execute even with
disabled version check. Otherwise SSL_CTX_new() returns zero and
FreeRADIUS segfaults in init_tls_ctx with version check disabled.
Alan DeKok [Tue, 3 Feb 2015 19:40:05 +0000 (14:40 -0500)]
Merge pull request #898 from spbnick/disable_openssl_vercheck_v2.x.x
Add --disable-openssl-version-check option
Nikolai Kondrashov [Tue, 3 Feb 2015 09:33:48 +0000 (10:33 +0100)]
Add --disable-openssl-version-check option
Add "--disable-openssl-version-check" configure option, which removes
checking for vulnerable OpenSSL versions. It is supposed to be used by
downstream packagers and distributions who have other means to ensure
vulnerabilities are fixed, such as versioned package dependencies and
vulnerability handling processes.
This avoids the necessity of editing radiusd.conf on package upgrade to
make sure it keeps working. At the same time, it provides safe default
to those installing FreeRADIUS from source.
Instead of defining a dummy ssl_check_version function and ignoring
allow_vulnerable_openssl option, remove these altogether to match the
v3.0.x branch.
Alan DeKok [Tue, 3 Feb 2015 13:32:49 +0000 (08:32 -0500)]
Merge pull request #897 from spbnick/strlcpy_fix
log: Check message buffer length to avoid overflow
Nikolai Kondrashov [Tue, 3 Feb 2015 11:10:52 +0000 (12:10 +0100)]
log: Check message buffer length to avoid overflow
Check that adding strlcpy result to the message length didn't exceed
size of the message buffer to avoid underflow in calculating remaining
size and overflowing the buffer.
Alan T. DeKok [Sun, 1 Feb 2015 22:24:23 +0000 (17:24 -0500)]
Replace strncat() with strlcpy()
Alan DeKok [Sun, 1 Feb 2015 22:12:02 +0000 (17:12 -0500)]
Merge pull request #895 from spbnick/v2.x.x_misc_fixes
v2.x.x misc fixes
Nikolai Kondrashov [Fri, 30 Jan 2015 14:13:57 +0000 (16:13 +0200)]
Don't dereference NULL cs in cf_item_parse
Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it
invokes.
This fixes the following Coverity errors:
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it.
freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs".
freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs".
freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs").
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs".
Nikolai Kondrashov [Fri, 30 Jan 2015 13:23:49 +0000 (15:23 +0200)]
dhcp: Remove useless variable initializer
Remove an initialization of a variable, which is then overwritten, in
dhcp_get_option.
This fixes the following Clang warning:
freeradius-server-2.2.6/src/lib/dhcp.c:144:11: warning: Value stored to 'data' during its initialization is never read
Nikolai Kondrashov [Fri, 30 Jan 2015 11:35:06 +0000 (13:35 +0200)]
dhcpd: Verify DICT_VALUE exists itself
Verify that a DICT_VALUE was returned from dict_valbyattr by checking
the returned pointer, not the "name" field address. This likely fixes a
possible segfault when debugging.
This also fixes the following Coverity error:
Error: NO_EFFECT (CWE-398):
freeradius-server-2.2.6/src/main/dhcpd.c:300: array_null: Comparing an array to null is not useful: "dv->name".
Nikolai Kondrashov [Fri, 30 Jan 2015 10:54:39 +0000 (12:54 +0200)]
dhcp: Use correct format specifiers in a message
Format size_t with %zu specifier, instead of %d, as size_t is not
guaranteed to be the same size as int.
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/lib/dhcp.c: scope_hint: In function 'fr_dhcp_add_arp_entry'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 2 has type 'long unsigned int'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 3 has type 'size_t'
Nikolai Kondrashov [Thu, 29 Jan 2015 19:39:44 +0000 (21:39 +0200)]
Fix two pointer signedness warnings
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c: scope_hint: In function 'cbtls_verify'
freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:711: warning: pointer targets in passing argument 2 of 'pairmake' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:373: note: expected 'const char *' but argument is of type 'unsigned char *'
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c: scope_hint: In function 'base64_to_hex_xlat'
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:678: warning: pointer targets in passing argument 1 of 'fr_bin2hex' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:418: note: expected 'const uint8_t *' but argument is of type 'char *'
Nikolai Kondrashov [Thu, 29 Jan 2015 19:32:29 +0000 (21:32 +0200)]
Remove two unused variable declarations
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/main/listen.c:1359: included_from: Included from here.
freeradius-server-2.2.6/src/main/command.c: scope_hint: In function 'command_show_module_status'
freeradius-server-2.2.6/src/main/command.c:589: warning: unused variable 'mod'
freeradius-server-2.2.6/src/modules/rlm_sql/rlm_sql.c: scope_hint: In function 'rlm_sql_detach'
freeradius-server-2.2.6/src/modules/rlm_sql/rlm_sql.c:824: warning: unused variable 'i'
Nikolai Kondrashov [Thu, 29 Jan 2015 12:32:24 +0000 (14:32 +0200)]
Limit log level string when building message
Use strncat instead of strcat to limit the length of copied log level
name in radlog_request. This makes the code easier to reason about
overall and to make sure no buffer overflow happens.
This fixes the following Coverity error:
Error: STRING_OVERFLOW (CWE-120):
freeradius-server-2.2.6/src/main/log.c:310: fixed_size_dest: You might overrun the 1024 byte fixed-size string "buffer" by copying the return value of "fr_int2str" without checking the length.
Nikolai Kondrashov [Thu, 29 Jan 2015 12:08:12 +0000 (14:08 +0200)]
Initialize child count in modcall_recurse
Initialize child count in modcall_recurse to explicitly handle the case of no
children, making the code at least slightly easier to read, if not actually
fixing an issue.
This fixes the following Coverity error:
Error: UNINIT (CWE-457):
freeradius-server-2.2.6/src/main/modcall.c:691: var_decl: Declaring variable "count" without initializer.
freeradius-server-2.2.6/src/main/modcall.c:727: uninit_use: Using uninitialized value "count".
Nikolai Kondrashov [Thu, 29 Jan 2015 12:01:49 +0000 (14:01 +0200)]
Check cf_item_parse return value
Check cf_item_parse return value in dhcp_socket_parse to match all other
invocations.
This fixes the following Coverity errors:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/dhcpd.c:618: check_return: Calling "cf_item_parse" without checking return value (as is done elsewhere 12 out of 14 times).
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/dhcpd.c:624: check_return: Calling "cf_item_parse" without checking return value (as is done elsewhere 12 out of 14 times).
Nikolai Kondrashov [Thu, 29 Jan 2015 11:57:59 +0000 (13:57 +0200)]
Check radius_get_vp return value
Check radius_get_vp return value in modcall_recurse to match other
invocations.
This fixes the following Coverity error:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/modcall.c:649: check_return: Calling "radius_get_vp" without checking return value (as is done elsewhere 6 out of 7 times).
Nikolai Kondrashov [Thu, 29 Jan 2015 11:51:29 +0000 (13:51 +0200)]
Return positive integers from each radius_xlat
Make all versions of radius_xlat return positive integers only,
including stubs, to match the result checking.
This fixes the following Coverity errors:
Error: NEGATIVE_RETURNS (CWE-394):
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:625: negative_return_fn: Function "radius_xlat(buffer, 1024, fmt, request, func)" returns a negative number.
freeradius-server-2.2.6/src/main/radconf2xml.c:52:2: return_negative_constant: Explicitly returning negative value "-1".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:625: var_assign: Assigning: unsigned variable "len" = "radius_xlat".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:637: negative_returns: "len" is passed to a parameter that cannot be negative.
freeradius-server-2.2.6/src/lib/base64.c:66:50: sizet: "inlen" is a size_t parameter.
Error: NEGATIVE_RETURNS (CWE-394):
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:659: negative_return_fn: Function "radius_xlat(buffer, 1024, fmt, request, func)" returns a negative number.
freeradius-server-2.2.6/src/main/radconf2xml.c:52:2: return_negative_constant: Explicitly returning negative value "-1".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:659: var_assign: Assigning: unsigned variable "len" = "radius_xlat".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:666: negative_returns: "len" is passed to a parameter that cannot be negative.
freeradius-server-2.2.6/src/lib/base64.c:315:3: parm_loop_bound: Using unsigned parameter "inlen" in a loop exit test.
Nikolai Kondrashov [Thu, 29 Jan 2015 10:49:18 +0000 (12:49 +0200)]
rlm_sql_log: Check rad_mkdir result
Check the result of rad_mkdir in sql_log_write, abort on error.
This makes the reported error clearer and fixes the following Coverity
error:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/modules/rlm_sql_log/rlm_sql_log.c:374: check_return: Calling "rad_mkdir" without checking return value (as is done elsewhere 4 out of 5 times).
Nikolai Kondrashov [Thu, 29 Jan 2015 10:28:23 +0000 (12:28 +0200)]
xlat: Always free head
Move "head" deallocation into the path for handling fr_dhcp_decode_options
failure, in xlat_dhcp_options. This makes sure it is freed, as
fr_dhcp_decode_options is complicated and is not documented to guarantee
deallocation in case of error.
This fixes the following Coverity error:
Error: RESOURCE_LEAK (CWE-772):
freeradius-server-2.2.6/src/main/xlat.c:639: alloc_arg: "fr_dhcp_decode_options" allocates memory that is stored into "head".
freeradius-server-2.2.6/src/lib/dhcp.c:581:2: var_assign_parm: Assigning: "tail" = "head".
freeradius-server-2.2.6/src/lib/dhcp.c:647:4: alloc_fn: Storage is returned from allocation function "pairmake".
freeradius-server-2.2.6/src/lib/valuepair.c:1523:3: alloc_fn: Storage is returned from allocation function "pairmake_any".
freeradius-server-2.2.6/src/lib/valuepair.c:1406:2: alloc_fn: Storage is returned from allocation function "paircreate".
freeradius-server-2.2.6/src/lib/valuepair.c:174:2: alloc_fn: Storage is returned from allocation function "pairalloc".
freeradius-server-2.2.6/src/lib/valuepair.c:72:2: alloc_fn: Storage is returned from allocation function "malloc".
freeradius-server-2.2.6/src/lib/valuepair.c:72:2: var_assign: Assigning: "vp" = "malloc(312UL + name_len)".
freeradius-server-2.2.6/src/lib/valuepair.c:74:2: noescape: Resource "vp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
freeradius-server-2.2.6/src/lib/valuepair.c:134:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:174:2: var_assign: Assigning: "vp" = "pairalloc(da)".
freeradius-server-2.2.6/src/lib/valuepair.c:185:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:1406:2: var_assign: Assigning: "vp" = "paircreate(attr, 5)".
freeradius-server-2.2.6/src/lib/valuepair.c:1466:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:1523:3: return_alloc_fn: Directly returning storage allocated by "pairmake_any".
freeradius-server-2.2.6/src/lib/dhcp.c:647:4: var_assign: Assigning: "vp" = "pairmake(da->name, NULL, T_OP_ADD)".
freeradius-server-2.2.6/src/lib/dhcp.c:671:4: var_assign: Assigning: "*tail" = "vp".
freeradius-server-2.2.6/src/main/xlat.c:661: leaked_storage: Variable "head" going out of scope leaks the storage it points to.
Nikolai Kondrashov [Thu, 29 Jan 2015 09:52:50 +0000 (11:52 +0200)]
rlm_otp: Fix key size calculation
Take size of key array element, instead of an expression attempting to
calculate the key size, in otp_gen_state().
This makes the HMAC use the full key, instead of just 4 first bytes,
increasing key strength.
This also fixes the following Coverity error:
Error: BAD_SIZEOF (CWE-467):
freeradius-server-2.2.6/src/modules/rlm_otp/otp_radstate.c:100: bad_sizeof: Taking the size of arithmetic expression "key[0] * 16" is suspicious.
freeradius-server-2.2.6/src/modules/rlm_otp/otp_radstate.c:100: remediation: Did you intend "sizeof (key[0]) * 16"?
Nikolai Kondrashov [Thu, 29 Jan 2015 09:27:25 +0000 (11:27 +0200)]
rlm_pap: Account for terminating zero
Account for terminating '\0' character in target (raw) buffer space when
verifying supplied vp->length in rlm_pap.c normify().
Otherwise both the source (vp->vp_octets) and the target (raw) buffer
will overflow with vp->length == sizeof(raw).
This fixes the following Coverity errors:
Error: OVERRUN (CWE-119):
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:260: cond_at_most: Checking "vp->length > 255UL" implies that "vp->length" has the value which may be up to 255 on the false branch.
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:262: overrun-buffer-arg: Overrunning array "vp->data.octets" of 254 bytes by passing it to a function which accesses it at byte offset 254 using argument "vp->length" (which evaluates to 255). [Note: The source code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:260: cond_at_most: Checking "vp->length > 255UL" implies that "vp->length" has the value which may be up to 255 on the false branch.
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:263: overrun-local: Overrunning array "raw" of 255 bytes at byte offset 255 using index "vp->length" (which evaluates to 255).
Nikolai Kondrashov [Tue, 27 Jan 2015 13:58:22 +0000 (15:58 +0200)]
Verify start_servers <= max_servers
Alan T. DeKok [Wed, 21 Jan 2015 14:08:52 +0000 (09:08 -0500)]
Note recent changes
Alan T. DeKok [Tue, 20 Jan 2015 14:46:33 +0000 (09:46 -0500)]
Fix typo. Closes #880
Alan T. DeKok [Thu, 15 Jan 2015 15:03:19 +0000 (10:03 -0500)]
More EXEEXT
Alan T. DeKok [Thu, 15 Jan 2015 14:45:27 +0000 (09:45 -0500)]
Use $(EXEEXT) for radeapclient. Closes #875
Alan T. DeKok [Fri, 9 Jan 2015 19:33:25 +0000 (14:33 -0500)]
Typos
Arran Cudbard-Bell [Wed, 31 Dec 2014 23:14:07 +0000 (18:14 -0500)]
Update copyright notices
Alan T. DeKok [Wed, 31 Dec 2014 13:25:13 +0000 (08:25 -0500)]
Sometimes we don't need to generate ephemeral RSA keys
Alan T. DeKok [Fri, 12 Dec 2014 17:04:22 +0000 (12:04 -0500)]
Don't free packet twice
Alan T. DeKok [Fri, 12 Dec 2014 12:23:59 +0000 (07:23 -0500)]
Clarify warning message
Alan T. DeKok [Wed, 10 Dec 2014 14:45:20 +0000 (09:45 -0500)]
Port detail fixes from v3.0.x
Alan T. DeKok [Wed, 10 Dec 2014 14:44:24 +0000 (09:44 -0500)]
Fix filename_escape for v2.x xlat API
Alan T. DeKok [Tue, 9 Dec 2014 20:55:38 +0000 (15:55 -0500)]
Allow spaces in certificate passwords
Arran Cudbard-Bell [Thu, 4 Dec 2014 19:49:31 +0000 (14:49 -0500)]
Backport the filename escaping fix
Alan T. DeKok [Sun, 23 Nov 2014 17:02:27 +0000 (12:02 -0500)]
Request is done..
Alan T. DeKok [Sun, 23 Nov 2014 14:49:30 +0000 (09:49 -0500)]
Mark the request to be cleaned up when there's no proxy response
Alan T. DeKok [Fri, 21 Nov 2014 16:46:29 +0000 (11:46 -0500)]
Don't set RUNNING unless a thread is running
Alan T. DeKok [Fri, 21 Nov 2014 16:39:01 +0000 (11:39 -0500)]
Remove misleading message
Alan T. DeKok [Tue, 18 Nov 2014 20:32:11 +0000 (15:32 -0500)]
Bump in preparation for 2.2.7
Alan T. DeKok [Tue, 18 Nov 2014 19:56:52 +0000 (14:56 -0500)]
Bump version number here, too
Alan T. DeKok [Tue, 18 Nov 2014 19:55:43 +0000 (14:55 -0500)]
We should have bumped to 2.2.6 a while ago
Alan T. DeKok [Tue, 18 Nov 2014 19:54:59 +0000 (14:54 -0500)]
Note for 2.2.6
Alan T. DeKok [Tue, 18 Nov 2014 16:03:25 +0000 (11:03 -0500)]
Acct-Session-Time doesn't have to exist
Alan T. DeKok [Sun, 16 Nov 2014 15:03:32 +0000 (10:03 -0500)]
Note recent changes
Alan T. DeKok [Sun, 16 Nov 2014 15:02:20 +0000 (10:02 -0500)]
Make tlsv1.2 and tlsv1.2 conditional on having them
Alan T. DeKok [Sun, 16 Nov 2014 14:42:49 +0000 (09:42 -0500)]
Allow for selective disabling of TLSv1.1 and TLSv1.2
Arran Cudbard-Bell [Tue, 11 Nov 2014 19:18:43 +0000 (14:18 -0500)]
Backport udpfromto IPv6 fixes from v3.0.x
Arran Cudbard-Bell [Tue, 11 Nov 2014 19:16:52 +0000 (14:16 -0500)]
Remove xcodebuild stuff, it's not required
Alan T. DeKok [Tue, 4 Nov 2014 12:48:08 +0000 (07:48 -0500)]
Note TLS 1.1 and 1.2
Alan T. DeKok [Mon, 3 Nov 2014 19:36:25 +0000 (14:36 -0500)]
Allow TLS 1.1 and 1.2
Alan T. DeKok [Mon, 3 Nov 2014 18:57:48 +0000 (13:57 -0500)]
Note recent changes
Alan T. DeKok [Mon, 3 Nov 2014 16:45:27 +0000 (11:45 -0500)]
Allow all UTF-8 characters
Alan T. DeKok [Wed, 29 Oct 2014 15:12:26 +0000 (11:12 -0400)]
Note recent changes
Alan T. DeKok [Wed, 29 Oct 2014 15:12:08 +0000 (11:12 -0400)]
Time zone is 2 octets, not "integer"
Alan DeKok [Tue, 28 Oct 2014 21:40:52 +0000 (17:40 -0400)]
Merge pull request #824 from jrouzierinverse/v2.x.x
Lock thread_pool.wait_mutex before forking to avoid a race condition bet...
James Rouzier [Tue, 28 Oct 2014 21:13:43 +0000 (17:13 -0400)]
Lock thread_pool.wait_mutex before forking to avoid a race condition between rad_fork, rad_waitpid and reap_children.
There is a race condition that can occur under high load where a child is reaped before being added to the waiters list.
Alan T. DeKok [Sun, 26 Oct 2014 13:57:48 +0000 (09:57 -0400)]
Do OCSP checks only if we got issuer_cert. Closes #756
Alan T. DeKok [Tue, 7 Oct 2014 14:37:27 +0000 (10:37 -0400)]
Move to SHA256. SHA1 is deprecated
Alan T. DeKok [Sun, 21 Sep 2014 20:29:07 +0000 (16:29 -0400)]
Don't use DHCP-Server-IP-Address for source IP
use Packet-Src-IP-Address instead.
And don't use server identifier for SIADDR
Alan T. DeKok [Mon, 8 Sep 2014 15:28:42 +0000 (11:28 -0400)]
Find the SUB section, not the NEXT one
Arran Cudbard-Bell [Thu, 4 Sep 2014 18:33:23 +0000 (14:33 -0400)]
Merge pull request #777 from matsimon/f5-dictionary
F5 dictionary
Alan T. DeKok [Sun, 31 Aug 2014 13:50:05 +0000 (09:50 -0400)]
Added dictionary for RFC 7268
Arran Cudbard-Bell [Thu, 12 Dec 2013 18:18:57 +0000 (10:18 -0800)]
Merge pull request #489 from spaetow/master
Adding RFC7055 (ABFAB/Moonshot RFC)
Alan T. DeKok [Sun, 7 Sep 2014 03:00:44 +0000 (23:00 -0400)]
Run format.pl
Alan T. DeKok [Sun, 31 Aug 2014 12:49:27 +0000 (08:49 -0400)]
Enable new dictionaries and fix minor issues
Mathieu Simon [Sun, 31 Aug 2014 08:36:06 +0000 (10:36 +0200)]
dictionary.trapeze: Add attribute
- Trapeze-Audit seems to be a accounting-only value that
contains logging data for audit as the attribute says.
- Since MSS software still seems to be developed by Juniper
add a Juniper reference and remove the mail address as the
domain redirects to Juniper.com these days.
Mathieu Simon [Sun, 31 Aug 2014 09:28:27 +0000 (11:28 +0200)]
Add 3 attributes to the Bay dict. (Nortel/Avaya)
Found in the Avaya AAA for ERS and ES Technical Configuration
Guide from 2010 as publicly available at Avaya.
Some attributes have been changed by Avaya but left unchanged here
to not break existing installations.
Mathieu Simon [Sun, 11 May 2014 20:46:38 +0000 (22:46 +0200)]
dictionary.altiga: Fix small typo & space-to-tab
Try unifying mixed usage of spaces and tabs (later seems more common)
then pass with the formatter.
Mathieu Simon [Sun, 9 Feb 2014 09:55:56 +0000 (10:55 +0100)]
Add newly found attribute to dictionary.telebit
Found in: Cisco Prime Access Registrar 6.0.1 Users Guide
Chapter: RADIUS Attributes.
Telebit has been bought quite some time ago, that's why
the references come from Cisco.
Mathieu Simon [Sun, 31 Aug 2014 09:07:46 +0000 (11:07 +0200)]
Add Ruckus dictionary
Compiled out of a Ruckus user guides and tech notes
publicly available on the Ruckus website.
Mathieu Simon [Sun, 11 May 2014 20:44:26 +0000 (22:44 +0200)]
Add Compatible Systems dictionary
Add Compatible Systems Corp. dictionary as found in the
Cisco Prime Access Registrar 6.1 User Guide.
Includes historical note about Compatible Systems's acquisition
in case someone is (still) looking for documentation.
Alan T. DeKok [Fri, 29 Aug 2014 16:15:31 +0000 (12:15 -0400)]
As posted to the list
Conflicts:
share/dictionary.bluecoat
Alan T. DeKok [Wed, 3 Sep 2014 15:02:28 +0000 (11:02 -0400)]
Free output bio, too
Alan T. DeKok [Wed, 3 Sep 2014 14:52:54 +0000 (10:52 -0400)]
Print debug messages only in debug mode. Closes #779
Alan T. DeKok [Tue, 2 Sep 2014 21:17:18 +0000 (17:17 -0400)]
note recent changes
Alan T. DeKok [Tue, 2 Sep 2014 21:12:58 +0000 (17:12 -0400)]
in client_add() add to a virtual server is first argument is NULL