Alan T. DeKok [Wed, 22 Apr 2015 17:21:34 +0000 (13:21 -0400)]
Note recent changes. Prepare for 3.0.8
Alan T. DeKok [Wed, 22 Apr 2015 14:28:19 +0000 (10:28 -0400)]
Be more relaxed with default config
Alan T. DeKok [Wed, 22 Apr 2015 14:08:46 +0000 (10:08 -0400)]
Removed ref to check_config.
Alan T. DeKok [Wed, 22 Apr 2015 14:00:28 +0000 (10:00 -0400)]
Warn about unused config items for -C and -xxx
Alan T. DeKok [Wed, 22 Apr 2015 13:59:44 +0000 (09:59 -0400)]
Use new syntax
Santiago Gimeno [Tue, 21 Apr 2015 14:45:10 +0000 (16:45 +0200)]
psql: fix database setup.sql script
Santiago Gimeno [Tue, 21 Apr 2015 14:10:12 +0000 (16:10 +0200)]
psql: fix query of expire_on_login counter
Arran Cudbard-Bell [Tue, 21 Apr 2015 13:55:59 +0000 (14:55 +0100)]
More formatting fixes in rlm_perl
Arran Cudbard-Bell [Tue, 21 Apr 2015 13:44:36 +0000 (14:44 +0100)]
Seem duplicative...
Arran Cudbard-Bell [Tue, 21 Apr 2015 13:43:37 +0000 (14:43 +0100)]
Consistently indent function scoped variables in rlm_perl
Santiago Gimeno [Tue, 21 Apr 2015 10:15:43 +0000 (12:15 +0200)]
psql: fix accounting_on query syntax
Alan T. DeKok [Mon, 20 Apr 2015 15:01:45 +0000 (11:01 -0400)]
If check_config, don't start threads, pipes, etc.
Alan T. DeKok [Mon, 20 Apr 2015 13:14:44 +0000 (09:14 -0400)]
Convert errors to bounds checks
Arran Cudbard-Bell [Sun, 19 Apr 2015 22:50:00 +0000 (23:50 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 19 Apr 2015 22:33:11 +0000 (23:33 +0100)]
Actually add the User-Name attribute to the fake request, instead of just sticking it in the username VP pointer
EAP-PWD may actually work now...
Arran Cudbard-Bell [Sun, 19 Apr 2015 22:32:33 +0000 (23:32 +0100)]
Fix some weird formatting in EAP-PWD
Alan T. DeKok [Sat, 18 Apr 2015 19:15:42 +0000 (15:15 -0400)]
Use Fail-Accounting instead of Fail
Alan T. DeKok [Sat, 18 Apr 2015 19:13:18 +0000 (15:13 -0400)]
Remove text about accounting from auth-only server
Arran Cudbard-Bell [Sat, 18 Apr 2015 08:50:41 +0000 (09:50 +0100)]
If it's binary in radiator, it should be octets in FreeRADIUS
Arran Cudbard-Bell [Sat, 18 Apr 2015 08:48:31 +0000 (09:48 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 17 Apr 2015 23:12:48 +0000 (00:12 +0100)]
Open the detail file for writing if we need to write to it
Arran Cudbard-Bell [Fri, 17 Apr 2015 22:48:18 +0000 (23:48 +0100)]
More fine grained warnings, when marking detail requests as complete
Arran Cudbard-Bell [Fri, 17 Apr 2015 17:31:13 +0000 (18:31 +0100)]
Apparently we *do* still need to link to libpthread
Arran Cudbard-Bell [Fri, 17 Apr 2015 17:00:15 +0000 (18:00 +0100)]
Use -pthread when available (instead of -lpthread or -lc_r)
Alan T. DeKok [Fri, 17 Apr 2015 15:39:59 +0000 (11:39 -0400)]
Set FP to NULL if it's not being used
Alan T. DeKok [Fri, 17 Apr 2015 13:08:41 +0000 (09:08 -0400)]
Fix typo
Arran Cudbard-Bell [Fri, 17 Apr 2015 10:20:18 +0000 (11:20 +0100)]
Optionally enable/disable filename escaping in rlm_linelog
Arran Cudbard-Bell [Fri, 17 Apr 2015 09:55:10 +0000 (10:55 +0100)]
Whilst '.' is fine in filenames allowing ../ may introduce security issues
Arran Cudbard-Bell [Thu, 16 Apr 2015 11:21:56 +0000 (12:21 +0100)]
Slightly better name for cond_normalise_values
Arran Cudbard-Bell [Wed, 15 Apr 2015 19:22:02 +0000 (20:22 +0100)]
Add docs for unlang concat
Arran Cudbard-Bell [Wed, 15 Apr 2015 19:15:40 +0000 (20:15 +0100)]
There were plans to allow [#] references, but it turned out to be a bad idea...
Arran Cudbard-Bell [Wed, 15 Apr 2015 15:52:50 +0000 (16:52 +0100)]
Add test for multivalue regex matches
Alan T. DeKok [Wed, 15 Apr 2015 14:47:31 +0000 (10:47 -0400)]
Empty strings are NULL, not ""
Because the old API returns "", not NULL. We have to go fix
that, too
Alan T. DeKok [Wed, 15 Apr 2015 14:05:58 +0000 (10:05 -0400)]
Fix names for now
Herwin Weststrate [Wed, 15 Apr 2015 12:23:30 +0000 (14:23 +0200)]
Added `debug_session_state` to debug policy
Alan T. DeKok [Wed, 15 Apr 2015 12:32:50 +0000 (08:32 -0400)]
Allow for prefix to IP comparisons.
Update code, unify type check code, and add test cases
Arran Cudbard-Bell [Wed, 15 Apr 2015 01:36:33 +0000 (21:36 -0400)]
Print what type of tmpl/attr dhcp_options got, as well as what it needs
Arran Cudbard-Bell [Wed, 15 Apr 2015 01:21:05 +0000 (21:21 -0400)]
Some vendors split their DHCP options across multiple attributes, so allow dhcp_options to use multivalue attribute references
Arran Cudbard-Bell [Tue, 14 Apr 2015 17:13:53 +0000 (13:13 -0400)]
Add additional validation to rlm_cache
We never checked what list or request was set on the LHS, and there were asserts in the code to catch unsupported lists...
Arran Cudbard-Bell [Tue, 14 Apr 2015 04:05:23 +0000 (00:05 -0400)]
Add support for caching session-state
So when we do session resumption, the session-state can be pulled from the session-cache
Arran Cudbard-Bell [Mon, 13 Apr 2015 22:11:50 +0000 (18:11 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 13 Apr 2015 22:03:31 +0000 (18:03 -0400)]
Check for libpthread, we need to pass -lpthread to the compiler if it's a separate library, before doing the memcached checks
Arran Cudbard-Bell [Mon, 13 Apr 2015 21:13:02 +0000 (17:13 -0400)]
Need to set vp_length when deserializing cache entires
Alan T. DeKok [Mon, 13 Apr 2015 19:30:48 +0000 (15:30 -0400)]
note recent changes
Alan T. DeKok [Mon, 13 Apr 2015 17:56:16 +0000 (13:56 -0400)]
CHAP-Password isn't NUL terminated
Alan T. DeKok [Mon, 13 Apr 2015 16:44:54 +0000 (12:44 -0400)]
Expand buffer to max string size
Alan T. DeKok [Mon, 13 Apr 2015 16:04:12 +0000 (12:04 -0400)]
Remove unused variables
Alan T. DeKok [Mon, 13 Apr 2015 15:26:24 +0000 (11:26 -0400)]
Delete old MS-CHAP stuff before creating new ones
Alan T. DeKok [Mon, 13 Apr 2015 15:17:59 +0000 (11:17 -0400)]
Properly re-encode CHAP-Password. Fixes #955
Herwin Weststrate [Mon, 13 Apr 2015 11:33:02 +0000 (13:33 +0200)]
Include radeapclient in debian packages
Arran Cudbard-Bell [Mon, 13 Apr 2015 03:32:11 +0000 (23:32 -0400)]
Formatting
Arran Cudbard-Bell [Mon, 13 Apr 2015 03:13:12 +0000 (23:13 -0400)]
Add documentation missing in rlm_rest
Arran Cudbard-Bell [Sun, 12 Apr 2015 17:41:54 +0000 (13:41 -0400)]
Increment the tries counter when attempting to acquire a lock fixes CID 1293622
Also we should check how many times we've attempted to lock *before* attempting to lock the file descriptor again
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:52:18 +0000 (13:52 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:22:10 +0000 (13:22 -0400)]
Check we have all the functions needed for ldap_create_sort_control
Arran Cudbard-Bell [Sat, 11 Apr 2015 17:13:46 +0000 (13:13 -0400)]
Copyright updates and formatting in rlm_ldap
Arran Cudbard-Bell [Sat, 11 Apr 2015 05:06:25 +0000 (01:06 -0400)]
Add support for specifying server side sort controls
Arran Cudbard-Bell [Sat, 11 Apr 2015 04:49:14 +0000 (00:49 -0400)]
Formatting
Alan T. DeKok [Sat, 11 Apr 2015 12:31:06 +0000 (08:31 -0400)]
Fixup list name. Fixes #952
Arran Cudbard-Bell [Fri, 10 Apr 2015 21:51:58 +0000 (17:51 -0400)]
Notes on DN vs Filter escaping
Arran Cudbard-Bell [Fri, 10 Apr 2015 20:22:16 +0000 (16:22 -0400)]
Disable __DATE__ __TIME__ warning
Alan T. DeKok [Fri, 10 Apr 2015 17:31:35 +0000 (13:31 -0400)]
Cast auto-converted only if the RHS is hex
Alan T. DeKok [Fri, 10 Apr 2015 17:04:30 +0000 (13:04 -0400)]
Sessions may not exist. Address #924 for MySQL
We still need to audit / do something similar for the other DBs
Alan T. DeKok [Fri, 10 Apr 2015 17:02:56 +0000 (13:02 -0400)]
Cast auto-converted attrs to the correct type
Alan T. DeKok [Fri, 10 Apr 2015 15:53:09 +0000 (11:53 -0400)]
Encode WiMAX test
Alan T. DeKok [Fri, 10 Apr 2015 15:48:38 +0000 (11:48 -0400)]
Tests for strings vs explicit casts
Alan T. DeKok [Fri, 10 Apr 2015 14:46:14 +0000 (10:46 -0400)]
Mark up auto-converted templates.
Attr-26.9.1 --> Cisco-AVPair.
It's useful to know when this happens, so we can do a better job
of parsing the RHS of these kinds of expressions
Alan T. DeKok [Fri, 10 Apr 2015 14:44:58 +0000 (10:44 -0400)]
Remove redundant assignment
The type defaults to ATTR
Alan T. DeKok [Fri, 10 Apr 2015 13:12:27 +0000 (09:12 -0400)]
Print with quote from template, not hard-coded quote
Arran Cudbard-Bell [Fri, 10 Apr 2015 05:21:29 +0000 (01:21 -0400)]
Change tmpl_cast_in_place so it'll work with TMPL_TYPE_DATA
This can't break anything, as it's a superset of previous types (and there was an assert to ensure tmpl_cast_in_place was only called with a literal)
Arran Cudbard-Bell [Fri, 10 Apr 2015 05:16:32 +0000 (01:16 -0400)]
Formatting
Arran Cudbard-Bell [Fri, 10 Apr 2015 04:39:10 +0000 (00:39 -0400)]
Can't define an unknown attribute with TMPL_TYPE_DATA...
Arran Cudbard-Bell [Fri, 10 Apr 2015 03:52:34 +0000 (23:52 -0400)]
Fixup docs for tmpl_afrom_attr_substr
Arran Cudbard-Bell [Fri, 10 Apr 2015 00:50:31 +0000 (20:50 -0400)]
Need to set new rhs->name len
Arran Cudbard-Bell [Fri, 10 Apr 2015 00:50:13 +0000 (20:50 -0400)]
Use the same reverse goto on error as everywhere else...
Alan T. DeKok [Fri, 10 Apr 2015 01:00:14 +0000 (21:00 -0400)]
Call map_cast_from_hex only for unknown attrs. Addresses #952
Alan T. DeKok [Fri, 10 Apr 2015 00:01:19 +0000 (20:01 -0400)]
whitespace
Alan T. DeKok [Fri, 10 Apr 2015 00:00:26 +0000 (20:00 -0400)]
Fail if there's no Cleartext-Password
Arran Cudbard-Bell [Thu, 9 Apr 2015 23:05:31 +0000 (19:05 -0400)]
Fix for gcc
Arran Cudbard-Bell [Thu, 9 Apr 2015 22:54:33 +0000 (18:54 -0400)]
bstrndup and bstrncpy are probably better names
Arran Cudbard-Bell [Thu, 9 Apr 2015 22:15:10 +0000 (18:15 -0400)]
TALLOC_CTX not always available
Arran Cudbard-Bell [Thu, 9 Apr 2015 21:24:11 +0000 (17:24 -0400)]
Fixup a bunch of bad calls to talloc_memdup
The bulk of these either copied len + 1 (which is wrong, as we can't guarantee the next byte is \0 or is a valid address) or were used in places, where the duped buffer may have been expected to be \0 terminated.
Alan T. DeKok [Thu, 9 Apr 2015 14:41:31 +0000 (10:41 -0400)]
Fix for last few commits
The TLS attrs are strings, so we don't need VALUEs
Alan T. DeKok [Thu, 9 Apr 2015 14:24:18 +0000 (10:24 -0400)]
Define named value. We probably want to define more later..
Alan T. DeKok [Thu, 9 Apr 2015 14:22:48 +0000 (10:22 -0400)]
Mash name spaces to dashes, too
Alan T. DeKok [Thu, 9 Apr 2015 14:20:30 +0000 (10:20 -0400)]
Fix error message
Alan T. DeKok [Thu, 9 Apr 2015 13:59:48 +0000 (09:59 -0400)]
Remove extraneous "+ 16"
Alan T. DeKok [Wed, 8 Apr 2015 16:23:50 +0000 (12:23 -0400)]
make client certs available for TLS application data packets
i.e. PEAP and TTLS. But only when there's a client certificate,
AND EAP-TLS-Require-Client-Certificate = 1
Alan T. DeKok [Wed, 8 Apr 2015 15:47:25 +0000 (11:47 -0400)]
Note TLS issues
Alan T. DeKok [Wed, 8 Apr 2015 15:44:22 +0000 (11:44 -0400)]
On TLS success, add the certs to the request
So that they can be used in post-auth processing.
Alan T. DeKok [Wed, 8 Apr 2015 15:43:48 +0000 (11:43 -0400)]
The cert attributes are NOT added to the request.
They're added to the TLS session data. Don't confuse the user.
Arran Cudbard-Bell [Wed, 8 Apr 2015 15:29:49 +0000 (11:29 -0400)]
Apparently older versions of doxygen don't appreciate attributes before the function definition
Arran Cudbard-Bell [Wed, 8 Apr 2015 15:13:24 +0000 (11:13 -0400)]
Doxygen fixups
Arran Cudbard-Bell [Wed, 8 Apr 2015 00:46:12 +0000 (20:46 -0400)]
Typo in comment
Arran Cudbard-Bell [Tue, 7 Apr 2015 00:49:33 +0000 (20:49 -0400)]
Escape log filenames correctly in vradlog_request
Arran Cudbard-Bell [Mon, 6 Apr 2015 18:23:52 +0000 (14:23 -0400)]
Doxygen
Arran Cudbard-Bell [Mon, 6 Apr 2015 16:36:41 +0000 (12:36 -0400)]
Install doxygen
Alan T. DeKok [Sun, 5 Apr 2015 13:58:23 +0000 (09:58 -0400)]
note recent changes
Alan T. DeKok [Sun, 5 Apr 2015 13:56:44 +0000 (09:56 -0400)]
Better name for variable
Alan T. DeKok [Sat, 4 Apr 2015 21:57:53 +0000 (17:57 -0400)]
Fix for redundant-load-balance. Closes #945
In normal operations, modcall_child / modcall_recurse processes
the current node, and all of its children. For redundant-load-balance,
we want to loop BACK from the end of the list to the start, AND
stop when we reach the first one we found again.
This means we have to tell the functions "process ONE node only",
and do all "next" operations ourselves.