Alan T. DeKok [Fri, 21 Nov 2014 20:14:41 +0000 (15:14 -0500)]
Bump before 3.0.5
Alan T. DeKok [Fri, 21 Nov 2014 20:14:00 +0000 (15:14 -0500)]
Note recent changes
Alan T. DeKok [Fri, 21 Nov 2014 19:55:57 +0000 (14:55 -0500)]
Make "example" a dependency, too
Arran Cudbard-Bell [Fri, 21 Nov 2014 17:00:29 +0000 (12:00 -0500)]
Only transition to READ_STATE_END from READ_STATE_ATTR_BEGIN Fixes #835
Alan T. DeKok [Fri, 21 Nov 2014 16:34:19 +0000 (11:34 -0500)]
Don't re-use debug level for flags. Closes #839
Arran Cudbard-Bell [Fri, 21 Nov 2014 16:19:53 +0000 (11:19 -0500)]
Merge pull request #837 from leprechau/feature/check_simul
Implement and document requested simultaneous use checking feature.
Aaron Hurt [Fri, 21 Nov 2014 14:43:04 +0000 (08:43 -0600)]
simultanous use checking and cleanups
* implement requested simultaneous use checking
* update documentation to reflect new feature
* cleanup misc switch formatting
* cleanup and move token logic to fetch functions
* remove unused bits from json_missing.h
* change extra verbose logging to level 3 only
* misc json_object_put cleanup and wrapping
Arran Cudbard-Bell [Fri, 21 Nov 2014 03:39:42 +0000 (22:39 -0500)]
Rename fixup_unknown
Arran Cudbard-Bell [Fri, 21 Nov 2014 03:35:03 +0000 (22:35 -0500)]
Not unknown, but undefined
Helps distinguish between the two cases.
- Undefined attributes are where the attribute hasn't been defined in the dictionary, or by the attribute string
- Unknown attributes are where the attribute hasn't been defined in the dictionary, but has been defined by the attribute string
Arran Cudbard-Bell [Fri, 21 Nov 2014 03:26:28 +0000 (22:26 -0500)]
Use more specialised types in fr_cond_t
Arran Cudbard-Bell [Fri, 21 Nov 2014 00:40:27 +0000 (19:40 -0500)]
Freespace calculation fixes for rlm_rest (JSON). Fixes #835
Arran Cudbard-Bell [Fri, 21 Nov 2014 00:03:51 +0000 (19:03 -0500)]
Typo
Arran Cudbard-Bell [Thu, 20 Nov 2014 19:11:42 +0000 (14:11 -0500)]
Normalise group check DNs and LDAP DNs
Some special characters can be escaped such as ',' can be escaped either as \2c or \2C or \,
We don't care about case, because we do case insensitive matches on DNs, which isn't
entirely correct, but it's good enough.
We do care about format. Wherever we find the \xx version of a special char, we need to convert
it to the \special form, so strcmps work as expected.
Arran Cudbard-Bell [Thu, 20 Nov 2014 19:06:14 +0000 (14:06 -0500)]
Indent lists of attributes we're adding in rlm_ldap
Herwin Weststrate [Mon, 15 Sep 2014 09:46:49 +0000 (11:46 +0200)]
Typo fix in comment in rlm_rest
fundtion => function
Arran Cudbard-Bell [Thu, 20 Nov 2014 04:29:06 +0000 (23:29 -0500)]
Escape \n \r \t in the sql module escape function (now the xlat won't do it for us)
Arran Cudbard-Bell [Thu, 20 Nov 2014 04:15:48 +0000 (23:15 -0500)]
don't escape attribute values if we were passed an escape function
Arran Cudbard-Bell [Thu, 20 Nov 2014 03:52:14 +0000 (22:52 -0500)]
Rewrite xlat_getvp to take tmpls, and allow state attributes to be references in xlats
Because *someone* forgot to add the state list to xlat_getvp. What was that about too much abstraction?
Arran Cudbard-Bell [Thu, 20 Nov 2014 03:48:12 +0000 (22:48 -0500)]
Make uninitialised cursors behave sensibly
Arran Cudbard-Bell [Wed, 19 Nov 2014 20:51:42 +0000 (15:51 -0500)]
Fix use after free errors in xlat.c
Arran Cudbard-Bell [Wed, 19 Nov 2014 20:38:01 +0000 (15:38 -0500)]
Remove unused attributes
Arran Cudbard-Bell [Wed, 19 Nov 2014 20:35:17 +0000 (15:35 -0500)]
Don't molest group names or group DNs either
Arran Cudbard-Bell [Wed, 19 Nov 2014 19:22:09 +0000 (14:22 -0500)]
Don't molest the DN we get back from libldap
Arran Cudbard-Bell [Wed, 19 Nov 2014 19:17:09 +0000 (14:17 -0500)]
Don't remove backslash for chars which aren't escaped by us
Arran Cudbard-Bell [Wed, 19 Nov 2014 17:05:53 +0000 (12:05 -0500)]
Switch to using tmpl_from_attr_substr in xlat_tokenize_expansion instead of duplicating the attribute reference parsing code
* fixup radius_request_name/radius_list_name to have signature/behaviour consistent with other substr type parsing functions.
* pass through 'allow_unknown' to tmpl_from_attr_substr which determines whether an unknown attribute produces a parse failure or not.
Arran Cudbard-Bell [Wed, 19 Nov 2014 04:43:04 +0000 (23:43 -0500)]
Zero length unknown attributes should produce an error
Alan T. DeKok [Wed, 19 Nov 2014 17:07:22 +0000 (12:07 -0500)]
Allow empty strings in "case" statements. Closes #836
Arran Cudbard-Bell [Tue, 18 Nov 2014 16:01:26 +0000 (11:01 -0500)]
Fix potential race condition when originating CoA requests
Alan T. DeKok [Tue, 18 Nov 2014 15:18:15 +0000 (10:18 -0500)]
Complain if the config has empty strings
Alan T. DeKok [Tue, 18 Nov 2014 15:10:10 +0000 (10:10 -0500)]
Empty strings for queries aren't errors
Arran Cudbard-Bell [Tue, 18 Nov 2014 05:35:32 +0000 (00:35 -0500)]
Use more descriptive names for the unknown attribute buffers
Arran Cudbard-Bell [Tue, 18 Nov 2014 03:37:24 +0000 (22:37 -0500)]
We can assert map->lhs isn't NULL even when not building with VERIFY_MAP
Alan T. DeKok [Mon, 17 Nov 2014 20:45:26 +0000 (15:45 -0500)]
Quiet clang analyzer
Alan T. DeKok [Mon, 17 Nov 2014 20:41:40 +0000 (15:41 -0500)]
Quit clang analyzer
Alan T. DeKok [Mon, 17 Nov 2014 20:37:37 +0000 (15:37 -0500)]
More CPPFLAGS fixes for clang analyzer
Alan T. DeKok [Mon, 17 Nov 2014 20:35:51 +0000 (15:35 -0500)]
Shut up clang analyzer
Alan T. DeKok [Mon, 17 Nov 2014 20:35:18 +0000 (15:35 -0500)]
Dereferencing NULL is bad
Alan T. DeKok [Mon, 17 Nov 2014 20:31:48 +0000 (15:31 -0500)]
Don't pollute the global CPPFLAGS with crap just for version.c
Alan T. DeKok [Mon, 17 Nov 2014 20:31:37 +0000 (15:31 -0500)]
Fix new parser for commas, missed in previous commit
Alan T. DeKok [Mon, 17 Nov 2014 20:27:50 +0000 (15:27 -0500)]
Remove cppcheck warning
Alan T. DeKok [Mon, 17 Nov 2014 20:26:29 +0000 (15:26 -0500)]
tmpl_da, not da
Alan T. DeKok [Mon, 17 Nov 2014 20:22:20 +0000 (15:22 -0500)]
vp->da, not da
Alan T. DeKok [Mon, 17 Nov 2014 20:20:35 +0000 (15:20 -0500)]
Make cppcheck work again.
For some unknown reason CPPFLAGS is getting set from CFLAGS.
So... fix the symptom, not the cause
Arran Cudbard-Bell [Mon, 17 Nov 2014 15:14:38 +0000 (10:14 -0500)]
Better rlm_sql errors
Alan T. DeKok [Mon, 17 Nov 2014 14:28:53 +0000 (09:28 -0500)]
More error messages
Alan T. DeKok [Mon, 17 Nov 2014 14:15:18 +0000 (09:15 -0500)]
Be more forgiving for bare words in the new parser
If we have a bare word, just parse everything until space,
CR / LF, or comma. That allows parser special characters
such as braces...
Arran Cudbard-Bell [Mon, 17 Nov 2014 06:35:19 +0000 (01:35 -0500)]
Move radius_event_init and modules_init to after the fork
The kqueue used as the main event loop isn't inherited by the child process, and we get weird errors
Arran Cudbard-Bell [Mon, 17 Nov 2014 06:23:02 +0000 (01:23 -0500)]
Better debug messages for kqueue event insertion and signal pipes
Arran Cudbard-Bell [Mon, 17 Nov 2014 03:20:09 +0000 (22:20 -0500)]
Formatting
Arran Cudbard-Bell [Mon, 17 Nov 2014 02:15:08 +0000 (21:15 -0500)]
Explicitly free children of rlm_sql and rlm_cache instances, before calling dlclose on the driver
Prevents SEGV when talloc tries to call destructors that have already been unloaded
Arran Cudbard-Bell [Mon, 17 Nov 2014 02:07:25 +0000 (21:07 -0500)]
lldb doesn't like this
Arran Cudbard-Bell [Sun, 16 Nov 2014 19:16:13 +0000 (14:16 -0500)]
More reformatting
Arran Cudbard-Bell [Sun, 16 Nov 2014 19:07:12 +0000 (14:07 -0500)]
dlclose driver handles on mod_detach (rlm_sql and rlm_cache)
Alan T. DeKok [Sun, 16 Nov 2014 15:01:00 +0000 (10:01 -0500)]
Make tlsv1.2 and tlsv1.2 conditional on having them
Alan T. DeKok [Sun, 16 Nov 2014 14:43:50 +0000 (09:43 -0500)]
Allow for selective disabling of TLSv1.1 and TLSv1.2
Arran Cudbard-Bell [Sun, 16 Nov 2014 04:49:21 +0000 (23:49 -0500)]
Minor formatting fixups
Alan T. DeKok [Sat, 15 Nov 2014 20:24:58 +0000 (15:24 -0500)]
A better name
Alan T. DeKok [Sat, 15 Nov 2014 14:26:20 +0000 (09:26 -0500)]
Fix typo
Alan T. DeKok [Sat, 15 Nov 2014 13:47:05 +0000 (08:47 -0500)]
Document retry_delay
Arran Cudbard-Bell [Sat, 15 Nov 2014 06:34:31 +0000 (01:34 -0500)]
Use C99 field labels when initialising driver structs
Means it's possible to add new callback functions in the module structs without having to go through and add NULL field initialisers to every module
Arran Cudbard-Bell [Fri, 14 Nov 2014 21:54:43 +0000 (16:54 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 14 Nov 2014 21:54:06 +0000 (16:54 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 14 Nov 2014 21:51:00 +0000 (16:51 -0500)]
Backport rlm_cache merge fixes from master
Arran Cudbard-Bell [Fri, 14 Nov 2014 21:46:22 +0000 (16:46 -0500)]
Rename LDAP connection functions to be consistent with sql and cache
Arran Cudbard-Bell [Fri, 14 Nov 2014 21:46:04 +0000 (16:46 -0500)]
Remove redundant connection pool indirection in rlm_sql
Arran Cudbard-Bell [Fri, 14 Nov 2014 18:43:37 +0000 (13:43 -0500)]
Add note on status-server behaviour
Alan T. DeKok [Fri, 14 Nov 2014 16:55:02 +0000 (11:55 -0500)]
Check sections in "instantiate"
For more load-time syntax checking.
Arran Cudbard-Bell [Thu, 13 Nov 2014 19:30:45 +0000 (14:30 -0500)]
Make map_afrom_attr_str more caller friendly
Arran Cudbard-Bell [Thu, 13 Nov 2014 16:26:27 +0000 (11:26 -0500)]
Should be vp_aprints not vp_aprint
Alan T. DeKok [Thu, 13 Nov 2014 14:40:13 +0000 (09:40 -0500)]
Cleanups and better tests for foreach / return
Alan T. DeKok [Thu, 13 Nov 2014 14:39:38 +0000 (09:39 -0500)]
In foreach, check "next" stack for break / return
Instead of our stack
Alan T. DeKok [Wed, 12 Nov 2014 21:42:49 +0000 (16:42 -0500)]
Test for "return" in a "foreach" loop
Alan T. DeKok [Tue, 11 Nov 2014 19:28:19 +0000 (14:28 -0500)]
Enable kqueue for the main event loop
Which should be faster than select() for lots of sockets
Alan T. DeKok [Tue, 11 Nov 2014 19:27:46 +0000 (14:27 -0500)]
Look for kqueue() and sys/event.h
Alan T. DeKok [Tue, 11 Nov 2014 19:23:17 +0000 (14:23 -0500)]
Don't leak memory on exit
Alan T. DeKok [Tue, 11 Nov 2014 19:16:54 +0000 (14:16 -0500)]
Remove the listener when the last request is done with it
Arran Cudbard-Bell [Tue, 11 Nov 2014 01:31:33 +0000 (20:31 -0500)]
Merge pull request #831 from mcnewton/patch-ocsp-host-header
option to add HTTP Host: header in OCSP request
Arran Cudbard-Bell [Tue, 11 Nov 2014 01:30:50 +0000 (20:30 -0500)]
Merge pull request #832 from mcnewton/patch-softfail-default
disable softfail by default (in line with documentation)
Matthew Newton [Mon, 10 Nov 2014 14:21:29 +0000 (14:21 +0000)]
add HTTP Host: header in OCSP request
Matthew Newton [Mon, 10 Nov 2014 23:39:09 +0000 (23:39 +0000)]
disable softfail by default (in line with documentation)
Arran Cudbard-Bell [Mon, 10 Nov 2014 17:46:14 +0000 (12:46 -0500)]
pairfind_da -> pairfind_by_da
Arran Cudbard-Bell [Mon, 10 Nov 2014 17:44:07 +0000 (12:44 -0500)]
Convert some pairfind calls to pairfind_da calls
Alan T. DeKok [Mon, 10 Nov 2014 17:20:32 +0000 (12:20 -0500)]
Fix header file layout
Alan T. DeKok [Sun, 9 Nov 2014 13:59:32 +0000 (08:59 -0500)]
Compiler warning
Alan T. DeKok [Sun, 9 Nov 2014 13:26:07 +0000 (08:26 -0500)]
Glue state into more places
Alan T. DeKok [Sun, 9 Nov 2014 13:21:28 +0000 (08:21 -0500)]
Fix link / cleanup code
Alan T. DeKok [Sat, 8 Nov 2014 19:30:45 +0000 (14:30 -0500)]
Verify the state, too
Alan T. DeKok [Fri, 7 Nov 2014 21:58:17 +0000 (16:58 -0500)]
More debugging
Arran Cudbard-Bell [Fri, 7 Nov 2014 04:48:07 +0000 (23:48 -0500)]
Display CFLAGS etal with -xv
Arran Cudbard-Bell [Thu, 6 Nov 2014 20:12:37 +0000 (15:12 -0500)]
Fix evaluating IP type check items in the users file
Arran Cudbard-Bell [Thu, 6 Nov 2014 19:27:43 +0000 (14:27 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Thu, 6 Nov 2014 19:14:33 +0000 (14:14 -0500)]
Add not on why we return invalid if there are no cached groups
Arran Cudbard-Bell [Thu, 6 Nov 2014 16:24:15 +0000 (11:24 -0500)]
Make cached group checks work when the user is the member of a single group
Alan T. DeKok [Thu, 6 Nov 2014 16:06:15 +0000 (11:06 -0500)]
Fix initialization check
Arran Cudbard-Bell [Thu, 6 Nov 2014 15:43:28 +0000 (10:43 -0500)]
Use paircmp_op for comparing cached group memberships
Alan T. DeKok [Thu, 6 Nov 2014 15:38:42 +0000 (10:38 -0500)]
Slightly better checks which include "pending"
Alan T. DeKok [Thu, 6 Nov 2014 14:56:28 +0000 (09:56 -0500)]
Allow multiple creates at the same time
limited only by max
Arran Cudbard-Bell [Thu, 6 Nov 2014 04:05:08 +0000 (23:05 -0500)]
Set correct type for vpt->name
Arran Cudbard-Bell [Thu, 6 Nov 2014 04:04:48 +0000 (23:04 -0500)]
Fix expanded switch value being freed before it's done being used
Arran Cudbard-Bell [Thu, 6 Nov 2014 04:03:56 +0000 (23:03 -0500)]
Formatting