Alan T. DeKok [Mon, 6 Mar 2017 13:58:04 +0000 (08:58 -0500)]
note recent changes
Alan T. DeKok [Mon, 6 Mar 2017 12:31:08 +0000 (07:31 -0500)]
add missing \n
Alan T. DeKok [Sun, 5 Mar 2017 15:51:54 +0000 (10:51 -0500)]
note recent changes
Alan T. DeKok [Sun, 5 Mar 2017 13:51:27 +0000 (08:51 -0500)]
print summary if asked to do summary. Even without -x
Alan T. DeKok [Fri, 3 Mar 2017 14:32:49 +0000 (09:32 -0500)]
fr_log_fp ,ay be NULL. Closes #1926
Alan T. DeKok [Fri, 3 Mar 2017 14:22:10 +0000 (09:22 -0500)]
rely on talloc for certs, too
Alan T. DeKok [Fri, 3 Mar 2017 14:20:20 +0000 (09:20 -0500)]
Don't double free VPs. Fixes #1927
Alan T. DeKok [Tue, 28 Feb 2017 18:23:26 +0000 (13:23 -0500)]
document IPv6 addresses
Alan T. DeKok [Tue, 28 Feb 2017 18:11:31 +0000 (13:11 -0500)]
quiet compiler
Nikolai Kondrashov [Tue, 28 Feb 2017 17:39:45 +0000 (18:39 +0100)]
Fix buffer overflow in fr_pton_port
Alan T. DeKok [Mon, 27 Feb 2017 19:23:40 +0000 (14:23 -0500)]
note recent changes
Alan DeKok [Mon, 27 Feb 2017 18:42:04 +0000 (13:42 -0500)]
Merge pull request #1592 from spbnick/dlopen_actual_libpython
Dlopen the actual linked libpython
Alan T. DeKok [Mon, 27 Feb 2017 18:31:31 +0000 (13:31 -0500)]
Document python_path and gotchas. Addresses #1845
Alan T. DeKok [Fri, 24 Feb 2017 16:51:40 +0000 (11:51 -0500)]
add modules.sql.fail trigger. Fixes #1923
The connection pool knows when connections are opened / closed.
It doesn't know as much when a connection fails
Alan T. DeKok [Fri, 24 Feb 2017 16:49:41 +0000 (11:49 -0500)]
mod_conn_create should not be global
Alan T. DeKok [Fri, 24 Feb 2017 15:58:11 +0000 (10:58 -0500)]
set talloc ctx to handler
Alan T. DeKok [Fri, 24 Feb 2017 15:58:00 +0000 (10:58 -0500)]
set talloc parent to sock for thread safety
Alan T. DeKok [Fri, 24 Feb 2017 15:55:20 +0000 (10:55 -0500)]
recursive recursion is bad
Alan T. DeKok [Fri, 24 Feb 2017 13:11:07 +0000 (08:11 -0500)]
fmt may be NULL. Fixes #1922
Alan T. DeKok [Wed, 22 Feb 2017 20:00:33 +0000 (15:00 -0500)]
add usec resolution to %S. Fixes #1917
Alan T. DeKok [Wed, 22 Feb 2017 16:00:49 +0000 (11:00 -0500)]
typo
Alan T. DeKok [Wed, 22 Feb 2017 15:48:51 +0000 (10:48 -0500)]
better documentation for ipaddr & friends. Fixes #1921
Alan DeKok [Wed, 22 Feb 2017 14:37:33 +0000 (09:37 -0500)]
Merge pull request #1920 from spbnick/auth_type_system_removal
Remove mentions of Auth-Type = System from docs
Nikolai Kondrashov [Wed, 22 Feb 2017 12:36:05 +0000 (13:36 +0100)]
Remove mentions of Auth-Type = System from docs
Remove mentions of "Auth-Type = System" support from the manpages,
as it is removed.
Arran Cudbard-Bell [Tue, 21 Feb 2017 14:50:01 +0000 (14:50 +0000)]
Merge pull request #1919 from spbnick/fr_pton4_hostname_fix
Handle hostnames in fr_pton4/6
Nikolai Kondrashov [Fri, 17 Feb 2017 15:16:42 +0000 (16:16 +0100)]
Handle hostnames in fr_pton4/6
Make fr_pton4/6 handle hostnames longer than the longest address +
prefix.
Alan DeKok [Tue, 21 Feb 2017 01:52:40 +0000 (20:52 -0500)]
Merge pull request #1916 from spbnick/v3.0.x_openssl_1.1_fix_2
V3.0.x openssl 1.1 fix 2
Nikolai Kondrashov [Mon, 20 Feb 2017 13:40:52 +0000 (14:40 +0100)]
Check for EVP_CIPHER_CTX_new in rlm_eap_pwd
Switch to checking for EVP_CIPHER_CTX_new instead of EVP_cleanup to detect
presence of libcrypto in rlm_eap_pwd configure.ac, because EVP_cleanup was
removed as symbol from OpenSSL 1.1, and the check would always fail.
Previously only rlm_eap_fast configure.ac was switched.
Nikolai Kondrashov [Mon, 20 Feb 2017 15:45:46 +0000 (16:45 +0100)]
Switch rlm_eap_pwd to HMAC_CTX_new/free
Switch rlm_eap_pwd.c to using HMAC_CTX_new and HMAC_CTX_free to
allocate/free HMAC contexts, thus making it support OpenSSL v1.1.0.
Nikolai Kondrashov [Mon, 20 Feb 2017 13:26:57 +0000 (14:26 +0100)]
Use openssl dhparam instead of obsolete gendh
Use `openssl dhparam` command in raddb/certs/Makefile instead of the
obsolete (and removed in OpenSSL v1.1.0) `openssl gendh`.
Alan DeKok [Mon, 20 Feb 2017 13:36:00 +0000 (08:36 -0500)]
Merge pull request #1915 from spbnick/zero_char_pointer_compare_fix
Fix three cases of comparing pointer to zero char
Nikolai Kondrashov [Mon, 20 Feb 2017 13:04:06 +0000 (14:04 +0100)]
Fix three cases of comparing pointer to zero char
Fix three cases of comparing pointer to a zero character, where pointers
were apparently intended to be dereferenced first and then compared.
Found with the help of GCC 7 warnings.
Alan T. DeKok [Sat, 18 Feb 2017 17:11:05 +0000 (12:11 -0500)]
Dictionary from cnergee.
Which modifications so that the names don't conflict with
existing ones.
Alan T. DeKok [Thu, 16 Feb 2017 15:59:22 +0000 (10:59 -0500)]
suid down after fchown. Fixes #1914
Nikolai Kondrashov [Mon, 25 Apr 2016 15:58:53 +0000 (18:58 +0300)]
Dlopen the actual linked libpython
In rlm_python, if dl_iterate_phdr(3) is available, dlopen libpython
shared library at the actual path it was linked with on loading, instead
of with just its linker name (version-less SONAME).
This removes the need to have the linker name symlink (e.g.
"libpython2.7.so") in library directory, which is normally installed
only with the development packages. I.e. this removes the requirement of
having python-devel/libpython-dev installed, when loading rlm_python.
Alan T. DeKok [Wed, 15 Feb 2017 18:21:03 +0000 (13:21 -0500)]
Added systemd reload. Fixes #1662
v3.0.x has limited support for reload. While it limited, it
is possible. So supporting it is useful
Alan T. DeKok [Wed, 15 Feb 2017 15:57:33 +0000 (10:57 -0500)]
make the install process a little clearer
Alan T. DeKok [Wed, 15 Feb 2017 15:52:40 +0000 (10:52 -0500)]
pull openssl out as a macro
Alan T. DeKok [Wed, 15 Feb 2017 15:41:08 +0000 (10:41 -0500)]
remove extra assert. Addresses #1904
Alan DeKok [Tue, 14 Feb 2017 13:26:51 +0000 (08:26 -0500)]
Merge pull request #1859 from njm506/v3.0.x
v3.0.x: cherry-pick module/site symlink packaging changes from 4.0.x
Alan T. DeKok [Mon, 13 Feb 2017 20:53:35 +0000 (15:53 -0500)]
realms don't go into "server" sections
Alexander Clouter [Mon, 13 Feb 2017 17:10:16 +0000 (17:10 +0000)]
fix radrelay
Alan DeKok [Sun, 12 Feb 2017 14:17:48 +0000 (09:17 -0500)]
Merge pull request #1907 from virgofx/v3.0.x
Nomadix attribute fix for v3.0.x
Mark Johnson [Thu, 9 Feb 2017 20:15:37 +0000 (12:15 -0800)]
Updating Nomadix dictionary with missing attributes.
Alan DeKok [Wed, 8 Feb 2017 14:53:33 +0000 (09:53 -0500)]
Merge pull request #1902 from herwinw/v30x-debian-stretch
Added default-libmysqlclient-dev as build-depend in Debian
Alan T. DeKok [Wed, 8 Feb 2017 14:52:11 +0000 (09:52 -0500)]
add example for filtering Access-Challenge messages
Herwin Weststrate [Wed, 8 Feb 2017 07:30:22 +0000 (08:30 +0100)]
Added default-libmysqlclient-dev as build-depend in Debian
As an alternative for libmysqlclient-dev. This is required to build the
package under Debian Stretch.
Alan T. DeKok [Tue, 7 Feb 2017 20:04:38 +0000 (15:04 -0500)]
typo
Alan T. DeKok [Tue, 7 Feb 2017 19:32:00 +0000 (14:32 -0500)]
reject packets which contain multiple kinds of authentication protocols
Specifically, EAP and non-EAP packets.
In reality, no one should be caught by this.
Alan T. DeKok [Tue, 7 Feb 2017 15:43:06 +0000 (10:43 -0500)]
check handler before freeing it
Alan T. DeKok [Sun, 5 Feb 2017 14:38:34 +0000 (09:38 -0500)]
update hash based on client port, too
Alan T. DeKok [Sat, 4 Feb 2017 03:03:01 +0000 (22:03 -0500)]
note recent changes
Alan T. DeKok [Fri, 3 Feb 2017 22:29:18 +0000 (17:29 -0500)]
track TLS cache filename
And ensure it's deleted on failure.
Alan T. DeKok [Fri, 3 Feb 2017 22:17:24 +0000 (17:17 -0500)]
read the TLS data first, before the VPs
Matthew Newton [Thu, 2 Feb 2017 21:59:24 +0000 (21:59 +0000)]
Merge pull request #1896 from mcnewton/v3.0.x
systemd syslog.target is obsolete
Matthew Newton [Thu, 2 Feb 2017 21:10:43 +0000 (21:10 +0000)]
systemd syslog.target is obsolete
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:19:34 +0000 (10:19 +0000)]
Update copyright year
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:17:29 +0000 (10:17 +0000)]
Revert "Create the database by default..."
This reverts commit
70a41b507f36d1687dbf4b1457d62973b9a84ad0.
Arran Cudbard-Bell [Thu, 2 Feb 2017 10:13:22 +0000 (10:13 +0000)]
Merge pull request #1894 from herwinw/v30x_rlm_sql_mysql_whitespace
Removed combination of space+tab in rlm_sql_mysql.c
Herwin Weststrate [Thu, 2 Feb 2017 07:28:21 +0000 (08:28 +0100)]
Removed combination of space+tab in rlm_sql_mysql.c
Replaced it with just a tab
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:51:06 +0000 (20:51 +0000)]
Use the actual field lengths when creating the result array
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:50:14 +0000 (20:50 +0000)]
Trim whitespace before searching for operation type
Arran Cudbard-Bell [Wed, 1 Feb 2017 20:44:00 +0000 (20:44 +0000)]
Create the database by default...
Alan DeKok [Wed, 1 Feb 2017 19:29:19 +0000 (14:29 -0500)]
Merge pull request #1893 from spaetow/patch-2
Update abfab_tr policy
Matthew Newton [Wed, 1 Feb 2017 15:56:00 +0000 (15:56 +0000)]
Merge pull request #1892 from mcnewton/v3.0.x
update kibana dashboard so it doesn't have to be imported twice
Stefan Paetow [Wed, 1 Feb 2017 14:22:06 +0000 (14:22 +0000)]
Update abfab-tr
Only set the service name when it doesn't exist (=), not overwrite it (:=)
Matthew Newton [Wed, 1 Feb 2017 13:54:55 +0000 (13:54 +0000)]
update kibana dashboard so it doesn't have to be imported twice
define the search before the visualisations
Alan T. DeKok [Wed, 1 Feb 2017 00:52:00 +0000 (19:52 -0500)]
fix typo. Fixes #1891
Alan T. DeKok [Wed, 1 Feb 2017 00:51:54 +0000 (19:51 -0500)]
more warnings
Stefan Paetow [Tue, 31 Jan 2017 17:22:30 +0000 (17:22 +0000)]
Update abfab-tr
Since there seem to be problems with the GSS-Acceptor-Host-Name occasionally, set it if it hasn't been set yet (and it's defined in the client definition). Also add the GSS-Acceptor-Service-Name if it hasn't been set, or override the one set.
Alan T. DeKok [Thu, 26 Jan 2017 20:34:44 +0000 (15:34 -0500)]
more debugging about the data we're reading
Alan T. DeKok [Thu, 26 Jan 2017 20:34:30 +0000 (15:34 -0500)]
don't write empty packets to the detail file
Alan T. DeKok [Wed, 25 Jan 2017 21:38:54 +0000 (16:38 -0500)]
debug for non-threaded too
Alan T. DeKok [Wed, 25 Jan 2017 21:14:36 +0000 (16:14 -0500)]
note recent changes
Alan T. DeKok [Wed, 25 Jan 2017 21:11:54 +0000 (16:11 -0500)]
print out packet type, contents, and reply for detail packets
Alan T. DeKok [Wed, 25 Jan 2017 21:11:37 +0000 (16:11 -0500)]
don't print out IP addresses for detail packets
Alan T. DeKok [Mon, 23 Jan 2017 18:54:10 +0000 (13:54 -0500)]
note recent changes
Matthew Newton [Fri, 20 Jan 2017 16:26:15 +0000 (16:26 +0000)]
remove Kibana 3 dashboard, as it is now obsolete :(
Matthew Newton [Fri, 20 Jan 2017 16:25:48 +0000 (16:25 +0000)]
update elasticsearch/logstash examples so that they work with elastic stack v5
Alan T. DeKok [Wed, 18 Jan 2017 17:38:32 +0000 (12:38 -0500)]
note recent changes
Alan T. DeKok [Wed, 18 Jan 2017 17:37:46 +0000 (12:37 -0500)]
typo. Fixes #1882
Alan T. DeKok [Mon, 16 Jan 2017 15:25:49 +0000 (10:25 -0500)]
Add rule to catch BSDMake
Alan T. DeKok [Mon, 16 Jan 2017 14:20:37 +0000 (09:20 -0500)]
delete incorrect documentation
Arran Cudbard-Bell [Fri, 13 Jan 2017 16:59:01 +0000 (16:59 +0000)]
Don't emit errors if no result is available
Alan T. DeKok [Fri, 13 Jan 2017 15:46:22 +0000 (10:46 -0500)]
Revert ""no more rows" isn't an ERROR"
This reverts commit
9cd2d57c6f3594ae8c4d74f34fdc7770361d3bdb.
Better fix is coming
Alan T. DeKok [Fri, 13 Jan 2017 15:42:27 +0000 (10:42 -0500)]
"no more rows" isn't an ERROR
Arran Cudbard-Bell [Thu, 12 Jan 2017 19:07:02 +0000 (19:07 +0000)]
Typo
Arran Cudbard-Bell [Thu, 12 Jan 2017 18:13:06 +0000 (18:13 +0000)]
Use a proper rcode for no more rows
Arran Cudbard-Bell [Thu, 12 Jan 2017 16:54:50 +0000 (16:54 +0000)]
Merge pull request #1881 from mcnewton/v3.0.x
rlm_eap: RERROR type debugs so Module-Failure-Message gets set
Matthew Newton [Tue, 10 Jan 2017 11:44:55 +0000 (11:44 +0000)]
rlm_eap: RERROR type debugs so Module-Failure-Message gets set
Arran Cudbard-Bell [Thu, 12 Jan 2017 15:39:35 +0000 (15:39 +0000)]
Fix backport issue
Alan T. DeKok [Thu, 12 Jan 2017 15:15:19 +0000 (10:15 -0500)]
note recent changes
Arran Cudbard-Bell [Thu, 12 Jan 2017 15:10:22 +0000 (15:10 +0000)]
Call finish_select_query if we experience an error retrieving the result
# Conflicts:
# src/modules/rlm_sql/rlm_sql.c
Matthew Newton [Thu, 12 Jan 2017 12:52:33 +0000 (12:52 +0000)]
rlm_eap_pwd: initialise HMAC context
Closes #1876
Alan DeKok [Tue, 10 Jan 2017 19:02:27 +0000 (14:02 -0500)]
Merge pull request #1875 from spaetow/patch-2
Update realm module
Stefan Paetow [Tue, 10 Jan 2017 16:17:15 +0000 (16:17 +0000)]
Update realm
Add the tr_port keyword to specify the port for trust router connection
Alan T. DeKok [Mon, 9 Jan 2017 13:55:09 +0000 (08:55 -0500)]
typo
Alan T. DeKok [Wed, 4 Jan 2017 22:06:28 +0000 (17:06 -0500)]
hoist check to outside of switch statement
Alan T. DeKok [Mon, 2 Jan 2017 15:16:10 +0000 (10:16 -0500)]
note recent changes
Alan T. DeKok [Mon, 2 Jan 2017 15:15:21 +0000 (10:15 -0500)]
fix filtering operators