Alan T. DeKok [Mon, 7 Oct 2013 19:49:47 +0000 (15:49 -0400)]
Publish to correct location
Alan T. DeKok [Mon, 7 Oct 2013 19:48:34 +0000 (15:48 -0400)]
Final changes for 3.0
Alan T. DeKok [Mon, 7 Oct 2013 02:08:01 +0000 (22:08 -0400)]
Update version before release
Alan T. DeKok [Mon, 7 Oct 2013 02:07:16 +0000 (22:07 -0400)]
Fix sed script for version in debian file
Alan T. DeKok [Mon, 7 Oct 2013 02:07:05 +0000 (22:07 -0400)]
Use correct release branch
Alan T. DeKok [Fri, 4 Oct 2013 13:27:32 +0000 (09:27 -0400)]
Revert
afe57485. Fixes #442
Arran Cudbard-Bell [Wed, 2 Oct 2013 16:45:33 +0000 (17:45 +0100)]
IPv6_RECVPKTINFO isn't defined unless the advanced API is available, IPV6_2292PKTINFO is the 'legacy' socket option but should work just as well.
Arran Cudbard-Bell [Wed, 2 Oct 2013 12:41:49 +0000 (13:41 +0100)]
Ignore editor projects
Arran Cudbard-Bell [Tue, 1 Oct 2013 21:36:11 +0000 (22:36 +0100)]
Update aruba dictionary, extra definitions from alagoutte
Alan T. DeKok [Mon, 30 Sep 2013 19:57:32 +0000 (15:57 -0400)]
Silently skip empty subgroups
Alan T. DeKok [Mon, 30 Sep 2013 19:50:21 +0000 (15:50 -0400)]
"case" can only occur within a "switch"
Alan T. DeKok [Mon, 30 Sep 2013 15:01:48 +0000 (11:01 -0400)]
Don't set parent priority when calling a child
It's wrong.
Arran Cudbard-Bell [Sun, 29 Sep 2013 14:58:48 +0000 (15:58 +0100)]
Segfault in libperl when doing perl_xlat(). Fix by kvainkainen. Closes #436
In rlm_perl.c Perl interpreter cloning is controlled by #ifdef USE_ITHREADS.
However, for some unknown reason in perl_xlat() #ifndef WITH_ITHREADS is
used instead. At least my Perl does not have WITH_ITHREADS compile option,
meaning all perl_xlat() calls are handled by same Perl instance.
If you run Freeradius in multithread mode, this causes segfault in libperl
when two threads do perl_xlat() simultaneously.
Alan T. DeKok [Sun, 29 Sep 2013 13:18:01 +0000 (09:18 -0400)]
Port fix for update sections from v2.x.x
Alan T. DeKok [Sat, 28 Sep 2013 14:38:21 +0000 (10:38 -0400)]
Fix priority handling
Arran Cudbard-Bell [Fri, 27 Sep 2013 16:16:22 +0000 (17:16 +0100)]
instance is not used in rest_decode_post
Arran Cudbard-Bell [Fri, 27 Sep 2013 11:46:54 +0000 (12:46 +0100)]
Update rlm_rest to use newer log macros
Arran Cudbard-Bell [Fri, 27 Sep 2013 09:23:00 +0000 (10:23 +0100)]
Typo
Arran Cudbard-Bell [Fri, 27 Sep 2013 09:16:05 +0000 (10:16 +0100)]
Use newer API functions to iterate and sort attributes. Closes #440
Kevin Hester [Thu, 26 Sep 2013 23:24:35 +0000 (13:24 -1000)]
fix JSON upload in rlm_rest
Previously the POSTED json would be invalid - it would truncate at the
end of the first tuple (because of accidentally including a \0 in the
string). This change ensures that the returned length from
vp_prints_value_json does not include the nul terminator (which is
conventional and I assme the intent)
Arran Cudbard-Bell [Thu, 26 Sep 2013 13:15:20 +0000 (14:15 +0100)]
Fix places where old VP values were not freed
Arran Cudbard-Bell [Thu, 26 Sep 2013 09:53:31 +0000 (10:53 +0100)]
Fixup code formatting in EAP-LEAP, and use R*log functions
Arran Cudbard-Bell [Wed, 25 Sep 2013 22:48:08 +0000 (23:48 +0100)]
Assume password src encoding is UTF8 and convert it to UCS2 before hashing with MD4
Patch by Andrei Korostelev
Closes #437
Arran Cudbard-Bell [Wed, 25 Sep 2013 21:03:23 +0000 (22:03 +0100)]
Fix some typos/issues in rlm_rest json as posted by Kevin Hester. Closes #438
Alan T. DeKok [Tue, 24 Sep 2013 15:18:03 +0000 (11:18 -0400)]
Packet data is talloc'd
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:23 +0000 (12:49 +0100)]
Add comp128 functions
Arran Cudbard-Bell [Tue, 24 Sep 2013 11:49:06 +0000 (12:49 +0100)]
Cleanup EAP-SIM code
Alan T. DeKok [Mon, 23 Sep 2013 14:42:34 +0000 (10:42 -0400)]
Fix udpfromto bug on Mac OSX.
This is a NICE Mac OSX bug. Create an interface with
two IP address, and then configure one listener for
each IP address. Send thousands of packets to one
address, and some will show up on the OTHER socket.
This hack works ONLY if the clients are global. If
each listener has the same client IP, but with
different secrets, then it will fail the rad_recv()
check above, and there's nothing you can do.
Linux does the right thing.
Alan T. DeKok [Mon, 23 Sep 2013 01:52:47 +0000 (21:52 -0400)]
Clean up non-udpfromto code
So that it's simpler. We also ALWAYS use udpfromto, as we assume
the library is used for IPv4 and IPv6 interfaces, not anything else.
Alan T. DeKok [Sat, 21 Sep 2013 12:32:39 +0000 (08:32 -0400)]
check_cert_issuer in EAP-TLS broken in presence of X509v3 extensions
Patch from David Wood
Manual port of commit
ce169385f
Alan T. DeKok [Fri, 20 Sep 2013 21:14:00 +0000 (17:14 -0400)]
Mark request DONE when we start the cleanup delay
Arran Cudbard-Bell [Fri, 20 Sep 2013 19:41:36 +0000 (20:41 +0100)]
Typo
Arran Cudbard-Bell [Mon, 16 Sep 2013 17:02:17 +0000 (18:02 +0100)]
Only print EXIT info when ndef NDEBUG
Arran Cudbard-Bell [Mon, 16 Sep 2013 14:44:11 +0000 (15:44 +0100)]
Wrap _exit and exit. Prints error message, and when running under GDB, raises SIGTRAP which causes debugger to break before exit.
Alan T. DeKok [Fri, 20 Sep 2013 17:59:38 +0000 (13:59 -0400)]
proxy_listener may be NULL. Closes #434
Arran Cudbard-Bell [Fri, 20 Sep 2013 16:02:22 +0000 (17:02 +0100)]
Dig src/billing out of more places
Arran Cudbard-Bell [Fri, 20 Sep 2013 11:55:30 +0000 (12:55 +0100)]
Remove billing dir, those files don't belong there
Alan T. DeKok [Thu, 19 Sep 2013 18:10:17 +0000 (14:10 -0400)]
Don't delete the request if it's in the queue
request_done() should WAIT if the request is blocked in the queue.
It should also be callable by the child thread. i.e. if the
master says "DONE" when it's in the queue, the child thread MAY
pick it up and call request->process(). Which should just say DONE
and stop
Alan T. DeKok [Thu, 19 Sep 2013 18:09:43 +0000 (14:09 -0400)]
Print how many requests are blocked
So that the admin can see the queue grow over time
Alan T. DeKok [Thu, 19 Sep 2013 01:54:25 +0000 (21:54 -0400)]
Short-circuit "case"
Alan T. DeKok [Wed, 18 Sep 2013 14:36:52 +0000 (10:36 -0400)]
Remove complaint for DHCP
Alan T. DeKok [Wed, 18 Sep 2013 14:12:24 +0000 (10:12 -0400)]
Turn assert into talloc check.
Which should get more information on error
Arran Cudbard-Bell [Tue, 17 Sep 2013 22:03:01 +0000 (23:03 +0100)]
xlat expand profile filter
remove search for PW_USER_PROFILE and expand default profile instead. If people really want the old functionality they can just set default = "%{control:User-Profile}".
Arran Cudbard-Bell [Tue, 17 Sep 2013 12:04:30 +0000 (13:04 +0100)]
Doxygen
Arran Cudbard-Bell [Tue, 17 Sep 2013 11:23:09 +0000 (12:23 +0100)]
Make vp_prints_value_json behave the same as vp_prints_value
Arran Cudbard-Bell [Tue, 17 Sep 2013 10:02:13 +0000 (11:02 +0100)]
Fixup various functions in print.c to use common, consistent names for buffer pointers and lengths
Alan T. DeKok [Sun, 15 Sep 2013 17:18:29 +0000 (13:18 -0400)]
Make it build with GCD
Arran Cudbard-Bell [Mon, 16 Sep 2013 16:04:46 +0000 (17:04 +0100)]
Stupid doxygen
Arran Cudbard-Bell [Mon, 16 Sep 2013 15:59:20 +0000 (16:59 +0100)]
Typo
Arran Cudbard-Bell [Mon, 16 Sep 2013 15:56:14 +0000 (16:56 +0100)]
Print VP \t<name> <op> <value>\n as an atom to avoid issues when running with multiple threads
Arran Cudbard-Bell [Mon, 16 Sep 2013 10:45:41 +0000 (11:45 +0100)]
Minor typo in -h output
Arran Cudbard-Bell [Mon, 16 Sep 2013 10:34:47 +0000 (11:34 +0100)]
Should be debug2
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:57:51 +0000 (13:57 +0100)]
Cleanup formatting in rlm_replicate
Alan T. DeKok [Fri, 13 Sep 2013 12:49:32 +0000 (08:49 -0400)]
Remove extra debug
Alan T. DeKok [Fri, 13 Sep 2013 12:44:37 +0000 (08:44 -0400)]
Make max_requests_per_server work
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:32:20 +0000 (13:32 +0100)]
Replicated packet should be allocated in the request context
Arran Cudbard-Bell [Fri, 13 Sep 2013 12:29:10 +0000 (13:29 +0100)]
Update file documentation and macro indentation in udpfromto
Alan T. DeKok [Fri, 13 Sep 2013 11:51:12 +0000 (07:51 -0400)]
Revert "Simplify ID allocation so that we don't loop over all IDs"
This reverts commit
a2ac633525c69a94ca3e1f91817a4b421f5375e6.
That commit (sadly) works only for one socket, not for multiple
ones.
Alan T. DeKok [Thu, 12 Sep 2013 15:07:57 +0000 (11:07 -0400)]
Document libldap fail-over
Arran Cudbard-Bell [Thu, 12 Sep 2013 14:47:19 +0000 (15:47 +0100)]
free -> talloc_free in rlm_replicate
Alan T. DeKok [Wed, 11 Sep 2013 12:42:34 +0000 (08:42 -0400)]
Remove extra \n
Alan T. DeKok [Wed, 11 Sep 2013 12:33:56 +0000 (08:33 -0400)]
Use slightly better algorithm for random IDs
Alan T. DeKok [Wed, 11 Sep 2013 12:33:48 +0000 (08:33 -0400)]
Removed unused debugging messages
Arran Cudbard-Bell [Wed, 11 Sep 2013 10:42:19 +0000 (06:42 -0400)]
Update radiusclients-openldap.ldif
Arran Cudbard-Bell [Wed, 11 Sep 2013 10:40:22 +0000 (06:40 -0400)]
Singular
Arran Cudbard-Bell [Tue, 10 Sep 2013 15:21:44 +0000 (16:21 +0100)]
Initialise server_ipaddr to 0
Caused undefined behaviour if an auth section wasn't specified
Arran Cudbard-Bell [Tue, 10 Sep 2013 13:50:55 +0000 (14:50 +0100)]
Use correct macros for defining IP string buffer lengths
Arran Cudbard-Bell [Tue, 10 Sep 2013 09:39:30 +0000 (10:39 +0100)]
UDP fromto should be on by default
Arran Cudbard-Bell [Tue, 10 Sep 2013 09:37:40 +0000 (10:37 +0100)]
Corectly left justify helptext in configure
Arran Cudbard-Bell [Mon, 9 Sep 2013 23:41:50 +0000 (00:41 +0100)]
Wrap ASCTIME too
Alan T. DeKok [Mon, 9 Sep 2013 14:32:05 +0000 (10:32 -0400)]
Fix typo
Alan T. DeKok [Mon, 9 Sep 2013 14:19:11 +0000 (10:19 -0400)]
Allow for and document make -Draddbdir=/tmp/garbage install
Alan T. DeKok [Mon, 9 Sep 2013 14:17:18 +0000 (10:17 -0400)]
Make modconfdir expand in Makefile, not in the shell
Arran Cudbard-Bell [Sun, 8 Sep 2013 17:02:33 +0000 (18:02 +0100)]
Don't copy cache control attributes when doing list copy. Closes #422
Alan T. DeKok [Sat, 7 Sep 2013 15:29:34 +0000 (11:29 -0400)]
Remember the highest priority. Fixes #425
Alan T. DeKok [Sat, 7 Sep 2013 15:01:04 +0000 (11:01 -0400)]
Use typedef for components instead of "int"
Alan T. DeKok [Sat, 7 Sep 2013 15:04:46 +0000 (11:04 -0400)]
Clean up debug messages for open / close brace
Alan T. DeKok [Fri, 6 Sep 2013 21:08:42 +0000 (17:08 -0400)]
Revert "Use AUTZ rules for AUTH groups. Fixes #425"
This reverts commit
d57ce27f07552367d01210ff8b9f48fa88c11ea3.
Which apparently doesn't really work. <sigh>
Arran Cudbard-Bell [Fri, 6 Sep 2013 11:12:44 +0000 (04:12 -0700)]
Merge pull request #427 from annanymous2/patch-1
Added endscript on logrotate
Alan T. DeKok [Fri, 6 Sep 2013 14:37:33 +0000 (10:37 -0400)]
Fix doxygen
Alan T. DeKok [Fri, 6 Sep 2013 14:05:57 +0000 (10:05 -0400)]
Use AUTZ rules for AUTH groups. Fixes #425
Alan T. DeKok [Fri, 6 Sep 2013 14:05:25 +0000 (10:05 -0400)]
Log the first name of the group
So we see "Auth-Type foo {...}"
instead of "group foo {...}"
Alan T. DeKok [Thu, 5 Sep 2013 15:40:26 +0000 (11:40 -0400)]
Re-enable virtual attributes for comparison. Fixes #400
Arran Cudbard-Bell [Wed, 4 Sep 2013 21:23:51 +0000 (22:23 +0100)]
Missing newline
Arran Cudbard-Bell [Wed, 4 Sep 2013 19:13:23 +0000 (20:13 +0100)]
Fix shared-libs
Alan T. DeKok [Wed, 4 Sep 2013 17:35:57 +0000 (13:35 -0400)]
In debug builds, call assertion on panic
Alan T. DeKok [Wed, 4 Sep 2013 17:33:53 +0000 (13:33 -0400)]
Be more careful about calling request_done(). Should fix #419
Alan T. DeKok [Wed, 4 Sep 2013 17:07:45 +0000 (13:07 -0400)]
Fixes for doxygen
Alan T. DeKok [Wed, 4 Sep 2013 14:41:52 +0000 (10:41 -0400)]
Use the default request if there's no "." in the reference.
update outer.reply {
User-Name := foo
}
ends up parsing "User-Name" with a default list of "outer",
BUT because "User-Name" has no ".", the old code would return
a hard-coded CURRENT
Alan T. DeKok [Wed, 4 Sep 2013 14:11:59 +0000 (10:11 -0400)]
Added %{debug_attr:...} from master
With some simplifications
Alan T. DeKok [Wed, 4 Sep 2013 13:44:36 +0000 (09:44 -0400)]
Use 'da' for DICT_ATTR*. "attribute' is for 'int'
Alan T. DeKok [Wed, 4 Sep 2013 12:33:45 +0000 (08:33 -0400)]
Skip '&' on attribute maps. Closes #423
And check return codes from request_name / list_name
Alan T. DeKok [Wed, 4 Sep 2013 12:22:28 +0000 (08:22 -0400)]
Update priority from child, too. Closes #424
Arran Cudbard-Bell [Tue, 3 Sep 2013 23:18:29 +0000 (00:18 +0100)]
Define grouptype as an enum for debugging purposes
Alan T. DeKok [Tue, 3 Sep 2013 12:45:15 +0000 (08:45 -0400)]
map may return NULL
Alan T. DeKok [Tue, 3 Sep 2013 12:00:04 +0000 (08:00 -0400)]
Do a second pass over the conditions. Fixes #421
Modules can register new attributes, so we may need to convert
literal comparisons to module comparisons.
The core can register new values for Auth-Type && friends
so we need to do a second pass to see if a failed lookup in pass1
is really a failure, or simply an early binding.
The next step is to add code to mark up late-registered paircompare
functions
Alan T. DeKok [Tue, 3 Sep 2013 01:32:48 +0000 (21:32 -0400)]
Allow for one/two-pass compilation of conditions.
If we allow two-pass compilation, certain errors are suppressed,
and the condition gets marked with a "pass2 flag"
Alan T. DeKok [Mon, 2 Sep 2013 13:30:51 +0000 (09:30 -0400)]
Added "walk" function to conditions
So that we can do post-processing
Arran Cudbard-Bell [Tue, 3 Sep 2013 11:51:48 +0000 (12:51 +0100)]
Fix ${value} expansion in backticked config pairs
Arran Cudbard-Bell [Tue, 3 Sep 2013 01:42:01 +0000 (02:42 +0100)]
Only fallback to dynamic search if no attributes exist, or we have a failure of some kind