Alan T. DeKok [Mon, 12 May 2014 19:21:38 +0000 (15:21 -0400)]
Note recent changes
Alan T. DeKok [Mon, 12 May 2014 12:27:10 +0000 (08:27 -0400)]
better error messages for logfile. And use them in rlm_detail
Arran Cudbard-Bell [Mon, 12 May 2014 10:17:53 +0000 (11:17 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Mon, 12 May 2014 10:14:26 +0000 (11:14 +0100)]
Don't crash when exiting if there are EAP sessions
Arran Cudbard-Bell [Mon, 12 May 2014 05:24:35 +0000 (01:24 -0400)]
Update ChangeLog
Arran Cudbard-Bell [Sun, 11 May 2014 18:41:06 +0000 (19:41 +0100)]
Can't use main_config directly
Arran Cudbard-Bell [Sun, 11 May 2014 16:51:43 +0000 (17:51 +0100)]
Don't rate limit messages with -X so we get consistent debug output
Arran Cudbard-Bell [Sun, 11 May 2014 16:12:30 +0000 (17:12 +0100)]
Remove module specific debug messages when failing to acquire handle
Alan T. DeKok [Sun, 11 May 2014 15:42:03 +0000 (11:42 -0400)]
Use counters even if there's no parent
Alan T. DeKok [Sun, 11 May 2014 12:58:04 +0000 (08:58 -0400)]
Convert connection pool to using talloc
Alan T. DeKok [Sun, 11 May 2014 12:54:26 +0000 (08:54 -0400)]
prefix is "const"
Alan T. DeKok [Fri, 15 Feb 2013 13:36:44 +0000 (08:36 -0500)]
EAP-Key-Name is octets, not printable text
Alan T. DeKok [Sat, 10 May 2014 13:03:30 +0000 (09:03 -0400)]
pedantic: parent is structure which holds the pointer
Arran Cudbard-Bell [Sat, 10 May 2014 17:58:11 +0000 (18:58 +0100)]
Typo
Arran Cudbard-Bell [Sat, 10 May 2014 17:50:57 +0000 (18:50 +0100)]
Use the passcode char * pointer instead of request->password
Arran Cudbard-Bell [Sat, 10 May 2014 12:54:44 +0000 (13:54 +0100)]
Disable null tracking on exit else valgrind complains
Arran Cudbard-Bell [Sat, 10 May 2014 12:41:26 +0000 (13:41 +0100)]
Increment first
Arran Cudbard-Bell [Sat, 10 May 2014 12:34:04 +0000 (13:34 +0100)]
Make super sure the API key has been set
Arran Cudbard-Bell [Sat, 10 May 2014 12:03:02 +0000 (13:03 +0100)]
Return number of bytes written closes #629
Arran Cudbard-Bell [Sat, 10 May 2014 09:55:57 +0000 (10:55 +0100)]
Ifdef out unfixable warnings
Arran Cudbard-Bell [Sat, 10 May 2014 09:39:28 +0000 (10:39 +0100)]
Remove uneeded explicit frees in detail_free
Arran Cudbard-Bell [Sat, 10 May 2014 09:32:00 +0000 (10:32 +0100)]
That'd be why we used stdup...
Arran Cudbard-Bell [Sat, 10 May 2014 09:25:00 +0000 (10:25 +0100)]
Fix minor memory leak
Arran Cudbard-Bell [Sat, 10 May 2014 08:52:02 +0000 (09:52 +0100)]
Passcode needs to be a pointer into the new buffer
Arran Cudbard-Bell [Fri, 9 May 2014 23:26:51 +0000 (00:26 +0100)]
Revert "Remove more couchbase"
This reverts commit
29468bc3ecd59ccec328c9e55a56f9b0a8324a4b.
Arran Cudbard-Bell [Fri, 9 May 2014 23:26:38 +0000 (00:26 +0100)]
Revert "Remove couchbase. They're refusing packages"
This reverts commit
5317358833b1635dab0dce0b03430ad26b8073dd.
Alan T. DeKok [Fri, 9 May 2014 22:14:42 +0000 (18:14 -0400)]
Remove more couchbase
Alan T. DeKok [Fri, 9 May 2014 22:11:14 +0000 (18:11 -0400)]
Remove couchbase. They're refusing packages
Alan T. DeKok [Fri, 9 May 2014 21:50:42 +0000 (17:50 -0400)]
Parse the detail config when doing -C
Alan T. DeKok [Fri, 9 May 2014 21:50:20 +0000 (17:50 -0400)]
handle -C in detail_free
Alan T. DeKok [Fri, 9 May 2014 21:46:58 +0000 (17:46 -0400)]
We now have a warning on line 8 instead of line 21
Alan T. DeKok [Fri, 9 May 2014 21:39:46 +0000 (17:39 -0400)]
filenames should be strdup'd
Alan T. DeKok [Fri, 9 May 2014 21:37:27 +0000 (17:37 -0400)]
Initialize request
Alan T. DeKok [Fri, 9 May 2014 21:34:16 +0000 (17:34 -0400)]
Declare variable
Alan T. DeKok [Fri, 9 May 2014 21:26:22 +0000 (17:26 -0400)]
Enable child thread for detail file reader.
Which is simpler and much faster.
Alan T. DeKok [Fri, 9 May 2014 20:26:05 +0000 (16:26 -0400)]
Remove extraneous quotes
Alan T. DeKok [Fri, 9 May 2014 16:56:15 +0000 (12:56 -0400)]
Remove unused variable
Arran Cudbard-Bell [Fri, 9 May 2014 20:44:27 +0000 (21:44 +0100)]
that one too...
Arran Cudbard-Bell [Fri, 9 May 2014 20:42:01 +0000 (21:42 +0100)]
Try not to leak so much memory on failure
Arran Cudbard-Bell [Fri, 9 May 2014 18:02:59 +0000 (19:02 +0100)]
Hide markers unless -Xx
Arran Cudbard-Bell [Fri, 9 May 2014 17:54:30 +0000 (18:54 +0100)]
api key is a secret too
Arran Cudbard-Bell [Fri, 9 May 2014 17:52:48 +0000 (18:52 +0100)]
Nope it was wrong
Arran Cudbard-Bell [Fri, 9 May 2014 17:50:01 +0000 (18:50 +0100)]
Add better debugging messages when we fail to split an OTP string
Arran Cudbard-Bell [Fri, 9 May 2014 17:21:29 +0000 (18:21 +0100)]
Add docs for REMARKER
Arran Cudbard-Bell [Fri, 9 May 2014 14:23:15 +0000 (15:23 +0100)]
Replace EDEBUG and WDEBUG with ERROR and WARN
Alan T. DeKok [Fri, 9 May 2014 14:20:44 +0000 (10:20 -0400)]
Replace ad-hoc code with RATE_LIMIT(...) macro
So that messages are limited to once per second
Arran Cudbard-Bell [Fri, 9 May 2014 14:03:02 +0000 (15:03 +0100)]
Doxygen
Alan T. DeKok [Fri, 9 May 2014 14:00:16 +0000 (10:00 -0400)]
Too many connections to a home server is INFO not WDEBUG
Arran Cudbard-Bell [Fri, 9 May 2014 13:47:00 +0000 (14:47 +0100)]
Add "split" functionality, so rlm_yubikey just works in more cases
Alan T. DeKok [Fri, 9 May 2014 13:33:42 +0000 (09:33 -0400)]
Re-add trailing "
Alan T. DeKok [Fri, 9 May 2014 11:43:30 +0000 (07:43 -0400)]
If there's no Acct-Status-Type, ignore the packet
but still return OK
Alan T. DeKok [Fri, 9 May 2014 11:23:24 +0000 (07:23 -0400)]
add a third query to start / stop
The queries have 'AND AcctStopTime IS NULL', which speeds up
the normal case substantially. However, we can still have
the case where we get a delayed stop, or where the detail file
is being replayed multiple times. We therefore want to be able
to insert the record where AcctStopTime is NOT NULL
Arran Cudbard-Bell [Fri, 9 May 2014 07:50:12 +0000 (08:50 +0100)]
We still have coverity issues...
Arran Cudbard-Bell [Fri, 9 May 2014 07:40:12 +0000 (08:40 +0100)]
Fix stop update query
Alan T. DeKok [Fri, 9 May 2014 02:21:47 +0000 (22:21 -0400)]
Include NAS-IPv6-Address in Acct-Unique-Session-Id
Alan T. DeKok [Thu, 8 May 2014 21:00:45 +0000 (17:00 -0400)]
Fix build issues
Alan T. DeKok [Thu, 8 May 2014 20:33:21 +0000 (16:33 -0400)]
Lower connection limit in listener_free, and nowhere else
Alan T. DeKok [Thu, 8 May 2014 20:29:49 +0000 (16:29 -0400)]
Normalize debug message
Alan T. DeKok [Thu, 8 May 2014 20:13:55 +0000 (16:13 -0400)]
Events are only managed by the main thread
event_new_fd() is now private. There's a wrapper function
which takes care of adding the listener to a queue, and signalling
the main thread.
Alan T. DeKok [Thu, 8 May 2014 17:45:24 +0000 (13:45 -0400)]
Only use self pipes when threaded
Alan T. DeKok [Thu, 8 May 2014 17:02:42 +0000 (13:02 -0400)]
Note recent changes
Alan T. DeKok [Thu, 8 May 2014 16:57:05 +0000 (12:57 -0400)]
Use self pipes for signals.
So that the detail file "reply" code doesn't call the "read"
code from a child thread
Alan T. DeKok [Thu, 8 May 2014 13:01:44 +0000 (09:01 -0400)]
Use talloc_ctx for new attributes, too
Alan T. DeKok [Thu, 8 May 2014 12:58:36 +0000 (08:58 -0400)]
Make INDEX_CERTS dynamic, too.
So that we can supply a free function.
Also bump the values of the other indexes. OpenSSL allocates
indexes starting from zero, so we don't want it's indexes to
conflict with our indexes
Alan T. DeKok [Thu, 8 May 2014 12:45:09 +0000 (08:45 -0400)]
Use proper talloc context in tls.c. Fixes #629
For sockets, the context is the parent listener.
For EAP sessions, the context is the TLS configuration.
Arran Cudbard-Bell [Thu, 8 May 2014 07:30:34 +0000 (08:30 +0100)]
Whitespace
Johnny Walker [Wed, 7 May 2014 17:58:39 +0000 (11:58 -0600)]
Added TLS-Client-Cert-Subject-Alt-Name-Upn and TLS-Client-Cert-Subject-Alt-Name-Dns attributes (intended for use with EAP-TLS and checking certificates)
Arran Cudbard-Bell [Thu, 8 May 2014 06:55:34 +0000 (07:55 +0100)]
Print message before connecting
Arran Cudbard-Bell [Thu, 8 May 2014 06:41:03 +0000 (07:41 +0100)]
Revert "Minor fixes"
Arran Cudbard-Bell [Wed, 7 May 2014 23:37:49 +0000 (00:37 +0100)]
Don't leak the results of open_querys
Arran Cudbard-Bell [Wed, 7 May 2014 23:22:10 +0000 (00:22 +0100)]
Minor fixes
Arran Cudbard-Bell [Wed, 7 May 2014 23:17:43 +0000 (00:17 +0100)]
Cleanup connection properly on error
Arran Cudbard-Bell [Wed, 7 May 2014 23:05:56 +0000 (00:05 +0100)]
Various minor PG fixes
Alan T. DeKok [Wed, 7 May 2014 20:24:52 +0000 (16:24 -0400)]
note recent changes
Alan T. DeKok [Wed, 7 May 2014 20:08:32 +0000 (16:08 -0400)]
Disabled debug checks
Alan T. DeKok [Wed, 7 May 2014 20:08:11 +0000 (16:08 -0400)]
Simplified sanity checks
Alan T. DeKok [Wed, 7 May 2014 20:05:45 +0000 (16:05 -0400)]
Spawn connections "in_use" or not.
No more double uses of the connections
Arran Cudbard-Bell [Wed, 7 May 2014 19:28:25 +0000 (20:28 +0100)]
Move PQ ssl init to instantiation function, just in case it needs to be done before we spawn threads
Arran Cudbard-Bell [Wed, 7 May 2014 18:58:16 +0000 (19:58 +0100)]
More SSL initialisation
Arran Cudbard-Bell [Wed, 7 May 2014 18:40:32 +0000 (19:40 +0100)]
Use talloc for row memory
Arran Cudbard-Bell [Wed, 7 May 2014 16:32:08 +0000 (17:32 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 7 May 2014 15:14:40 +0000 (16:14 +0100)]
Anything which eventually has the value it got interpreted by pairparsevalue, or doesn't pass the length of the string around must not pre-unescape the string
This broke pretty much all escape sequences in preprocess, sql, ldap and radclient. Arguably as conffile.c is the only place which needs this, it should probably be the thing doing the unescaping.
No, I don't buy that things should be prefixed with \\, that's shit. The server should be able to reingest what it spits out in detail files and there's no way that worked in the current server with octal escape sequences.
Arran Cudbard-Bell [Wed, 7 May 2014 14:35:01 +0000 (15:35 +0100)]
Clear the error buffer after loading dictionaries
Arran Cudbard-Bell [Wed, 7 May 2014 14:31:22 +0000 (15:31 +0100)]
Remove duplicate test (list-delete) was duplicate test of update-remove-list
Arran Cudbard-Bell [Wed, 7 May 2014 14:28:47 +0000 (15:28 +0100)]
Typo
Alan T. DeKok [Wed, 7 May 2014 11:18:40 +0000 (07:18 -0400)]
Cap spawn at max
Alan T. DeKok [Tue, 6 May 2014 23:39:11 +0000 (19:39 -0400)]
Rework min/max/spare handling
So we don't let idle connections make us go below "min"
Alan T. DeKok [Tue, 6 May 2014 18:19:12 +0000 (14:19 -0400)]
Free handle if we can't spawn a thread. Found by codesonar
Arran Cudbard-Bell [Tue, 6 May 2014 22:41:55 +0000 (23:41 +0100)]
Merge pull request #625 from leprechau/v3.0.x
Make internal references match configuration references and update README
Aaron Hurt [Tue, 6 May 2014 15:57:12 +0000 (10:57 -0500)]
Make internal references match configuration references and update README.md to match.
Alan T. DeKok [Tue, 6 May 2014 15:55:41 +0000 (11:55 -0400)]
Close the FD if we can't fdopen it. Found by codesonar
Alan T. DeKok [Tue, 6 May 2014 15:53:29 +0000 (11:53 -0400)]
Close the FD if we can't fdopen it. Found by codesonar
Alan T. DeKok [Tue, 6 May 2014 15:24:27 +0000 (11:24 -0400)]
Tweak reconnect logic.
A reconnect means open new connection, or if that fails, try
to find an unused one. But don't spawn a new connection.
Also, we can only reconnect a used connection. It's an error
to reconnect an unused connection.
Alan T. DeKok [Tue, 6 May 2014 14:23:40 +0000 (10:23 -0400)]
You can only reconnect a handle if it's in-use by you
Alan T. DeKok [Tue, 6 May 2014 13:55:25 +0000 (09:55 -0400)]
Use pthread ID for more connection debugging. Helps debug #624
Alan T. DeKok [Tue, 6 May 2014 13:09:16 +0000 (09:09 -0400)]
Tests for list delete
Alan T. DeKok [Tue, 6 May 2014 12:30:36 +0000 (08:30 -0400)]
Query may be an empty string, too.
We should really fix that in the init function
Arran Cudbard-Bell [Tue, 6 May 2014 12:30:58 +0000 (13:30 +0100)]
Use consistent config item names in couchbase
Arran Cudbard-Bell [Tue, 6 May 2014 08:34:24 +0000 (09:34 +0100)]
Fix dereferencing NULL pointer in json_object_object_get_ex
Arran Cudbard-Bell [Tue, 6 May 2014 08:24:43 +0000 (09:24 +0100)]
Correct behaviour processing stops in rlm_couchbase (unintended fallthrough)