Alan T. DeKok [Mon, 25 Jan 2016 18:27:03 +0000 (13:27 -0500)]
update release time
Arran Cudbard-Bell [Mon, 25 Jan 2016 14:47:08 +0000 (09:47 -0500)]
Move captive portal URL
Alexis La Goutte [Mon, 25 Jan 2016 14:29:59 +0000 (15:29 +0100)]
Add new HP Attribute
from Aruba ClearPass 6.5.5
HP-Port-Bounce-Host (attribute id 23) and HP-Captive-Portal-URL (attribute id 24),
Alan T. DeKok [Thu, 21 Jan 2016 21:21:08 +0000 (16:21 -0500)]
Require passwords for "request" status in "auth+acct", too
Alan T. DeKok [Tue, 19 Jan 2016 20:39:36 +0000 (15:39 -0500)]
move check to be closer to where it's needed
Alan T. DeKok [Tue, 19 Jan 2016 20:38:16 +0000 (15:38 -0500)]
typo
Alan T. DeKok [Tue, 19 Jan 2016 20:37:00 +0000 (15:37 -0500)]
Move run-time error to run-time warning
Alan T. DeKok [Tue, 19 Jan 2016 19:43:56 +0000 (14:43 -0500)]
make error message clearer
Alan T. DeKok [Mon, 18 Jan 2016 20:23:23 +0000 (15:23 -0500)]
Attribute contents on the LHS of regexes are not escaped
Alan T. DeKok [Mon, 18 Jan 2016 20:09:38 +0000 (15:09 -0500)]
Don't regex-escape the LHS of a regex comparison.
We're not making the regex from it
Arran Cudbard-Bell [Mon, 18 Jan 2016 19:33:40 +0000 (14:33 -0500)]
Merge pull request #1501 from mcnewton/nes30
Update elasticsearch fields to use "_" rather than "."
Matthew Newton [Mon, 18 Jan 2016 17:41:49 +0000 (17:41 +0000)]
Update elasticsearch fields to use "_" rather than "."
It seems that while elasticsearch can have data in a field as well as sub-fields, logstash
can't currently do this (it stores the event in a hash, so an entry either contains data
or another hash or list).
Work around this by using underscores, which should in theory also mean these examples will
work with elasticsearch 2, though I haven't tried it.
Alan T. DeKok [Mon, 18 Jan 2016 17:08:11 +0000 (12:08 -0500)]
Server may be NULL
Alan T. DeKok [Mon, 18 Jan 2016 15:32:27 +0000 (10:32 -0500)]
Check if Auth-Type EAP is defined
by checking inst->xlat_name
Alan T. DeKok [Mon, 18 Jan 2016 14:22:05 +0000 (09:22 -0500)]
Make inner EAP name configurable
Arran Cudbard-Bell [Mon, 18 Jan 2016 14:19:30 +0000 (09:19 -0500)]
Merge pull request #1499 from mcnewton/es30
add note about elasticsearch versions
Alan T. DeKok [Mon, 18 Jan 2016 13:56:22 +0000 (08:56 -0500)]
Look for mschap, not eap
Matthew Newton [Mon, 18 Jan 2016 10:55:02 +0000 (10:55 +0000)]
add note about elasticsearch versions
Alan T. DeKok [Fri, 15 Jan 2016 14:09:26 +0000 (09:09 -0500)]
note recent changes
Alan T. DeKok [Fri, 15 Jan 2016 00:14:34 +0000 (19:14 -0500)]
allow Message-Authenticator, too.
It's auto-calculated.
Alan T. DeKok [Thu, 14 Jan 2016 22:08:08 +0000 (17:08 -0500)]
fix last commit
Alan T. DeKok [Thu, 14 Jan 2016 22:05:28 +0000 (17:05 -0500)]
Skip encoding zero-length attributes
Alan T. DeKok [Thu, 14 Jan 2016 21:50:13 +0000 (16:50 -0500)]
fix typo
Alan T. DeKok [Thu, 14 Jan 2016 16:07:49 +0000 (11:07 -0500)]
note recent changes
Alan DeKok [Thu, 14 Jan 2016 19:53:27 +0000 (14:53 -0500)]
Merge pull request #1495 from mcnewton/elk30
Update elasticsearch example files
Matthew Newton [Thu, 14 Jan 2016 16:29:02 +0000 (16:29 +0000)]
Update elasticsearch example files
- update mappings to correctly set common attributes as "long" rather
than "string"
- logstash now creates useful sub-fields, as well as combining
Gigawords/Octets to a single 64-bit value.
- add example log-courier configuration
- add dashboards for Kibana3 and Kibana4
Alan DeKok [Thu, 14 Jan 2016 15:53:45 +0000 (10:53 -0500)]
Merge pull request #1494 from matsimon/debian-packaging
Fix build on wheezy
Alan T. DeKok [Thu, 14 Jan 2016 15:51:51 +0000 (10:51 -0500)]
Remove old documentation
Mathieu Simon [Thu, 14 Jan 2016 08:58:12 +0000 (09:58 +0100)]
Fix build on wheezy
ntstatus.h file is present in samba-dev, however before jessie it
was called samba4-dev. Ubuntu precise 12.04LTS is another derived
distribution release with this package name.
Alan T. DeKok [Wed, 13 Jan 2016 22:20:37 +0000 (17:20 -0500)]
Allow setting of Response-Packet-Type in Post-Proxy-Type fail
which lets you "invent" responses when the home server times out
Alan T. DeKok [Wed, 13 Jan 2016 20:31:44 +0000 (15:31 -0500)]
checks for auth_item due to issues reported on the list
Alan DeKok [Wed, 13 Jan 2016 19:59:13 +0000 (14:59 -0500)]
Merge pull request #1488 from herwinw/debian_samba_dev
Add samba-dev as build-dependency for debian
Alan DeKok [Tue, 12 Jan 2016 17:04:10 +0000 (12:04 -0500)]
Merge pull request #1492 from qnet-herwin/rlm_perl_dbg_constants
Fixed debugging constants in rlm_perl
Herwin Weststrate [Tue, 12 Jan 2016 16:58:12 +0000 (17:58 +0100)]
Fixed debugging constants in rlm_perl
This is just a workaround, the correct fix would be to push these constants to the perl script from freeradius, instead of duplicating data.
Alan T. DeKok [Tue, 12 Jan 2016 15:06:10 +0000 (10:06 -0500)]
note recent changes
Alan T. DeKok [Tue, 12 Jan 2016 14:46:49 +0000 (09:46 -0500)]
Don't use pair_make_request for fake packets
Herwin Weststrate [Thu, 7 Jan 2016 18:30:29 +0000 (19:30 +0100)]
Add samba-dev as build-dependency
Needed for "core/ntstatus.h" in rlm_mschap, in addition to libwbclient-dev.
Alan DeKok [Wed, 6 Jan 2016 21:24:41 +0000 (16:24 -0500)]
Merge pull request #1484 from herwinw/rlm_python_fixes
Rlm python fixes
Alan T. DeKok [Wed, 6 Jan 2016 21:23:52 +0000 (16:23 -0500)]
Add --silent for jlibtool
Herwin Weststrate [Thu, 17 Dec 2015 19:28:55 +0000 (20:28 +0100)]
Allow strings as operator in rlm_python
Because ('Tmp-String-0', '!*', 'ANY') is just so more readable than ('Tmp-String-0', 21, 'ANY'). Plain integers still work for backwards compatibility. As a bonus, we get rid of the OP table in radiusd.py: this module was not supposed to be included in scripts running from FreeRADIUS, but was still referenced from prepaid.py. As a bonus, we get rid of a table that was no longer in sync with the definitions in tokens.h.
Herwin Weststrate [Thu, 17 Dec 2015 19:00:25 +0000 (20:00 +0100)]
Show operator that is actually used instead of the default in rlm_python
So if we remove a certain attribute, display "!* ANY" instead of "= ANY"
Alan T. DeKok [Wed, 6 Jan 2016 20:36:11 +0000 (15:36 -0500)]
Use jlibtool when running local binaries.
It knows how to find the libraries
Herwin Weststrate [Thu, 17 Dec 2015 18:51:13 +0000 (19:51 +0100)]
Use other functions to update list after rlm_python call
Now we also support things like "!* ANY" to remove items.
Herwin Weststrate [Thu, 17 Dec 2015 18:04:07 +0000 (19:04 +0100)]
Show list name in debug messages in rlm_python
The module has the possibility to update the reply and the control list. It is nice to know what list is updated or generates errors. The name of the parameter is based on the parameter with the same use in `rlm_perl`.
Alan T. DeKok [Wed, 6 Jan 2016 14:30:33 +0000 (09:30 -0500)]
Print out Cleartext-Password if comparison fails
Alan T. DeKok [Tue, 5 Jan 2016 18:39:15 +0000 (13:39 -0500)]
alloc reply, not request packet.
This initializes all of the necessary fields
Alan T. DeKok [Tue, 5 Jan 2016 18:07:05 +0000 (13:07 -0500)]
Fix typo
Alan T. DeKok [Mon, 4 Jan 2016 20:04:06 +0000 (15:04 -0500)]
typo
Alan T. DeKok [Mon, 4 Jan 2016 20:01:25 +0000 (15:01 -0500)]
convert assert to run-time check. Fixes #1483
Alan T. DeKok [Mon, 4 Jan 2016 19:49:54 +0000 (14:49 -0500)]
note recent changes
Alan T. DeKok [Mon, 4 Jan 2016 19:47:48 +0000 (14:47 -0500)]
Produce debug warnings on spoofing or non-anonymous identities
Arran Cudbard-Bell [Sat, 2 Jan 2016 20:11:00 +0000 (15:11 -0500)]
It's 2016
Alan T. DeKok [Thu, 31 Dec 2015 15:50:05 +0000 (10:50 -0500)]
Reorganize checks for inner / outer filter.
Move regexes to [^@]+ instead of .*
If there's an outer realm, require the user portion to be
empty or begin with "anon"
Alan T. DeKok [Thu, 31 Dec 2015 06:41:56 +0000 (01:41 -0500)]
fix for accounting packets
Alan T. DeKok [Thu, 31 Dec 2015 00:53:17 +0000 (19:53 -0500)]
notes on case sensitivity
Alan T. DeKok [Thu, 31 Dec 2015 00:51:43 +0000 (19:51 -0500)]
more careful checks for realm comparisons
Alan T. DeKok [Thu, 31 Dec 2015 00:43:05 +0000 (19:43 -0500)]
Clarify error messages
Alan T. DeKok [Thu, 31 Dec 2015 00:40:35 +0000 (19:40 -0500)]
set Module-Failure-Message, not Reply-Message
Alan T. DeKok [Thu, 31 Dec 2015 00:38:05 +0000 (19:38 -0500)]
filter_username applies only if there is a User-Name
Alan T. DeKok [Thu, 31 Dec 2015 00:31:02 +0000 (19:31 -0500)]
Simplify regex.
Arran Cudbard-Bell [Wed, 30 Dec 2015 23:12:07 +0000 (18:12 -0500)]
Document section name override
Arran Cudbard-Bell [Wed, 30 Dec 2015 18:56:39 +0000 (13:56 -0500)]
consistent names for xlats
Alan T. DeKok [Wed, 30 Dec 2015 19:08:30 +0000 (14:08 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 19:05:33 +0000 (14:05 -0500)]
Simplify the code
Alan T. DeKok [Wed, 30 Dec 2015 18:47:29 +0000 (13:47 -0500)]
Ensure that the authentication vectors are always updated
Alan T. DeKok [Wed, 30 Dec 2015 18:40:47 +0000 (13:40 -0500)]
Make rad_print_hex take const
Alan T. DeKok [Wed, 30 Dec 2015 16:47:44 +0000 (11:47 -0500)]
note recent changes
Alan T. DeKok [Wed, 30 Dec 2015 16:44:25 +0000 (11:44 -0500)]
fixes found from additional tests in 3.1
Alan T. DeKok [Wed, 30 Dec 2015 16:43:58 +0000 (11:43 -0500)]
don't use fixed-size buffers
Alan T. DeKok [Wed, 30 Dec 2015 16:29:50 +0000 (11:29 -0500)]
turn off debugging
Alan T. DeKok [Wed, 30 Dec 2015 16:27:42 +0000 (11:27 -0500)]
Escape special characters in regex expansion. Fixes #1474
Arran Cudbard-Bell [Wed, 30 Dec 2015 06:24:42 +0000 (01:24 -0500)]
Fix potential SEGV in SQL simultaneous use check
Arran Cudbard-Bell [Wed, 30 Dec 2015 02:28:10 +0000 (21:28 -0500)]
Fix spec building under clang
Alan T. DeKok [Tue, 29 Dec 2015 21:20:46 +0000 (16:20 -0500)]
Allow fail-over logic for TCP home servers
Alan T. DeKok [Sun, 27 Dec 2015 15:21:34 +0000 (10:21 -0500)]
Remove 3.1 features
Alan T. DeKok [Sun, 27 Dec 2015 14:02:51 +0000 (09:02 -0500)]
disable filter_inner_identity by default
It *might* break some systems. Better safe than sorry
Alan T. DeKok [Sun, 27 Dec 2015 02:23:38 +0000 (21:23 -0500)]
use filter_username inside of the tunnel, too
Because spaces and multiple @'s are a bad idea.
Alan T. DeKok [Sun, 27 Dec 2015 02:22:18 +0000 (21:22 -0500)]
Add policy to check outer / inner tunnel user names
They should be compatible as per github issue #1471
Alan T. DeKok [Mon, 21 Dec 2015 14:27:17 +0000 (09:27 -0500)]
Don't smash magic values
Alan T. DeKok [Sun, 20 Dec 2015 21:30:56 +0000 (16:30 -0500)]
typo
Arran Cudbard-Bell [Sun, 20 Dec 2015 21:28:53 +0000 (16:28 -0500)]
Merge pull request #1377 from skids/virtualize_state
Mix virtual server into session-state rbtree index key
Alan T. DeKok [Sat, 19 Dec 2015 14:23:27 +0000 (09:23 -0500)]
parent instances off of instance tree
because that's where they live.
Arran Cudbard-Bell [Fri, 18 Dec 2015 18:44:14 +0000 (13:44 -0500)]
Merge pull request #1462 from mcnewton/debsystemd30
Add systemd support for Debian Jessie
Matthew Newton [Fri, 18 Dec 2015 15:47:48 +0000 (15:47 +0000)]
Add systemd support for Debian Jessie
Apparently it is moving a step forward to break convenience.
So systemd users will have to manually update the system to use
/usr/local/etc/freeradius themselves if that is where their
config is located.
Alan DeKok [Fri, 18 Dec 2015 14:31:11 +0000 (09:31 -0500)]
Merge pull request #1461 from qnet-herwin/fragment_size_comment
Updated comment about default fragment_size
Herwin Weststrate [Fri, 18 Dec 2015 14:18:16 +0000 (15:18 +0100)]
Updated comment about default fragment_size
The default is 1024, as can be seen in tls.c:
./src/main/tls.c: { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, fragment_size), "1024" }
Arran Cudbard-Bell [Thu, 17 Dec 2015 18:08:53 +0000 (13:08 -0500)]
Merge pull request #1458 from jpereira/fix/open1
print out error message if we're unable to open the file
Jorge Pereira [Thu, 17 Dec 2015 17:58:17 +0000 (15:58 -0200)]
print out error message if we're unable to open the file
Alan T. DeKok [Thu, 17 Dec 2015 14:44:04 +0000 (09:44 -0500)]
We can't xlat expand non-strings
Alan T. DeKok [Wed, 16 Dec 2015 17:21:20 +0000 (12:21 -0500)]
typos
Alan T. DeKok [Tue, 15 Dec 2015 21:50:40 +0000 (16:50 -0500)]
better fix for #1456
Alan T. DeKok [Tue, 15 Dec 2015 19:43:09 +0000 (14:43 -0500)]
note recent changes
Alan T. DeKok [Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)]
Allow password change to work again
retry MUST be zero
Alan DeKok [Tue, 15 Dec 2015 17:26:35 +0000 (12:26 -0500)]
Merge pull request #1455 from qnet-herwin/virtual_server_peap
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Tue, 15 Dec 2015 17:23:57 +0000 (12:23 -0500)]
remove duplicate triggers
This is now handled in the connection pool
Herwin Weststrate [Tue, 15 Dec 2015 17:14:08 +0000 (18:14 +0100)]
Fixed error message for virtual server in rlm_eap_peap
Alan T. DeKok [Mon, 14 Dec 2015 20:49:52 +0000 (15:49 -0500)]
Require "virtual_server" for TTLS and PEAP
Alexis La Goutte [Tue, 15 Dec 2015 15:18:09 +0000 (16:18 +0100)]
dictionnary: fix typo on URL
Missing rfc on url...
Arran Cudbard-Bell [Tue, 15 Dec 2015 03:53:45 +0000 (22:53 -0500)]
Fix SNMP notifications import
Alan T. DeKok [Mon, 14 Dec 2015 15:34:10 +0000 (10:34 -0500)]
check undefined attributes