Arran Cudbard-Bell [Mon, 2 Feb 2015 15:01:42 +0000 (22:01 +0700)]
Remove unneeded pcap.h include Closes #896
Arran Cudbard-Bell [Mon, 2 Feb 2015 13:28:34 +0000 (20:28 +0700)]
SQL server errors and SQL client errors share the same number space and may both be returned by mysql_errno
Arran Cudbard-Bell [Mon, 2 Feb 2015 12:02:09 +0000 (19:02 +0700)]
Be less forgiving about passing NULL handles into sql_query functions
Arran Cudbard-Bell [Mon, 2 Feb 2015 10:23:33 +0000 (17:23 +0700)]
Why sometimes is marked as hupable
Arran Cudbard-Bell [Mon, 2 Feb 2015 10:10:10 +0000 (17:10 +0700)]
Always and sometimes are both hupsafe
Arran Cudbard-Bell [Mon, 2 Feb 2015 09:33:18 +0000 (16:33 +0700)]
Redundant Closes CID #1267792
Arran Cudbard-Bell [Mon, 2 Feb 2015 08:16:10 +0000 (15:16 +0700)]
Use the BOUND_CHECK macros in fr_connection_pool_init
Arran Cudbard-Bell [Mon, 2 Feb 2015 06:57:01 +0000 (13:57 +0700)]
Correct max_pending output
Arran Cudbard-Bell [Mon, 2 Feb 2015 05:50:46 +0000 (12:50 +0700)]
readvp2 should always initialise pfiledone in all cases
Arran Cudbard-Bell [Mon, 2 Feb 2015 05:47:14 +0000 (12:47 +0700)]
Fix MySQL query finaliser
Arran Cudbard-Bell [Mon, 2 Feb 2015 05:32:03 +0000 (12:32 +0700)]
Better error on library initialisation failure in rlm_sql_mysql
Arran Cudbard-Bell [Mon, 2 Feb 2015 04:32:12 +0000 (11:32 +0700)]
Downgrade the 'You probably need to increase \"spare\"' warning to debug
It's no longer a big issue since the connection pool supports multiple pending spawns, and can cope with rapid ramp up much better.
Arran Cudbard-Bell [Mon, 2 Feb 2015 04:28:20 +0000 (11:28 +0700)]
Fix cosmetic issues in connection pool logging
Avoids things like:
rlm_sql (telkom_sql_session_d5_rkt): 18 of 18 connections in use. You probably need to increase "spare"
rlm_sql (telkom_sql_session_d5_rkt): Opening additional connection (4000)
rlm_sql (telkom_sql_session_d5_rkt): 18 of 18 connections in use. You probably need to increase "spare"
rlm_sql (telkom_sql_session_d5_rkt): Opening additional connection (4000)
rlm_sql (telkom_sql_session_d5_rkt): 18 of 18 connections in use. You probably need to increase "spare"
rlm_sql (telkom_sql_session_d5_rkt): Opening additional connection (4000)
Connections were still enumerated correctly.
Arran Cudbard-Bell [Mon, 2 Feb 2015 02:01:36 +0000 (09:01 +0700)]
Always call the query finaliser, even on error
Arran Cudbard-Bell [Sun, 1 Feb 2015 17:22:48 +0000 (00:22 +0700)]
Remove trailing new lines in input files
Arran Cudbard-Bell [Sun, 1 Feb 2015 14:52:29 +0000 (21:52 +0700)]
Not required
Arran Cudbard-Bell [Sun, 1 Feb 2015 14:29:06 +0000 (21:29 +0700)]
Doxygen
Arran Cudbard-Bell [Sun, 1 Feb 2015 14:28:07 +0000 (21:28 +0700)]
For rlm_sql_mysql and rlm_sql_sqlite distinguish between constraints violations and server side errors
Arran Cudbard-Bell [Sun, 1 Feb 2015 14:14:18 +0000 (21:14 +0700)]
Ignore sqlite db
Arran Cudbard-Bell [Sun, 1 Feb 2015 14:13:22 +0000 (21:13 +0700)]
Add tests for rlm_sql_sqlite accounting
Arran Cudbard-Bell [Sun, 1 Feb 2015 13:56:11 +0000 (20:56 +0700)]
Add test_pass/test_fail policies
Arran Cudbard-Bell [Sun, 1 Feb 2015 13:55:43 +0000 (20:55 +0700)]
Change %{poke:} so it writes the previous value to the xlat output buffer
Arran Cudbard-Bell [Sun, 1 Feb 2015 13:55:11 +0000 (20:55 +0700)]
cf_pair_replace returns -1 on error
Arran Cudbard-Bell [Sun, 1 Feb 2015 13:54:45 +0000 (20:54 +0700)]
Add usage text for -i
Arran Cudbard-Bell [Sun, 1 Feb 2015 12:41:47 +0000 (19:41 +0700)]
Consistency dammit
Arran Cudbard-Bell [Sun, 1 Feb 2015 12:40:14 +0000 (19:40 +0700)]
Hack always so it works correctly with %{poke:}
This is really broken... We need a better way of managing instance value changes.
Arran Cudbard-Bell [Sun, 1 Feb 2015 12:39:38 +0000 (19:39 +0700)]
Use the mod_rcode_table to parse always rcodes into integers
Arran Cudbard-Bell [Sun, 1 Feb 2015 12:35:01 +0000 (19:35 +0700)]
Document cf_pair_replace
Arran Cudbard-Bell [Sun, 1 Feb 2015 11:15:10 +0000 (18:15 +0700)]
Create the directory to *contain* the target, don't create the directory with the same name as the target
Means module tests actually run and provide real results
Alan T. DeKok [Sun, 1 Feb 2015 13:48:42 +0000 (08:48 -0500)]
It's $@, not %@
Arran Cudbard-Bell [Sun, 1 Feb 2015 04:33:08 +0000 (11:33 +0700)]
Move MySQL no warnings message
Alan T. DeKok [Sun, 1 Feb 2015 04:08:05 +0000 (23:08 -0500)]
Delay may be NULL. Closes CID #1267741
Alan T. DeKok [Fri, 30 Jan 2015 16:34:31 +0000 (11:34 -0500)]
More tests for Attr-26
Arran Cudbard-Bell [Sat, 31 Jan 2015 17:44:06 +0000 (00:44 +0700)]
Fix argument order
Arran Cudbard-Bell [Sat, 31 Jan 2015 16:04:44 +0000 (23:04 +0700)]
Move inst->config->xlat_name to inst->name
Arran Cudbard-Bell [Sat, 31 Jan 2015 14:34:36 +0000 (21:34 +0700)]
Enhance rlm_sql logging to pull more errors back from mysql, and log as much as possible to the request log
Arran Cudbard-Bell [Sat, 31 Jan 2015 13:47:45 +0000 (20:47 +0700)]
Remove junk boilerplate text and whitespace from sql drivers to make future diffs easier to read
Arran Cudbard-Bell [Sat, 31 Jan 2015 10:20:28 +0000 (17:20 +0700)]
We now allow unix sockets and other schemes as well
Arran Cudbard-Bell [Sat, 31 Jan 2015 10:15:20 +0000 (17:15 +0700)]
RERROR, RWARN, RINFO should all go to the main server log even if there's no request logging function set
This allows us to use those macros to log related error messages with the request id, which can be very useful when running in threaded mode and trying to track down SQL issues which involve multiple errors.
Arran Cudbard-Bell [Sat, 31 Jan 2015 07:20:48 +0000 (14:20 +0700)]
Formatting
Arran Cudbard-Bell [Fri, 30 Jan 2015 10:22:22 +0000 (17:22 +0700)]
Ignore bad Acct-Delay-time values
Alan T. DeKok [Fri, 30 Jan 2015 16:11:52 +0000 (11:11 -0500)]
Disallow creation of 'Vendor-Specific = ..' Fixes #894
They should use 'Attr-26 = ..." instead
Alan T. DeKok [Fri, 30 Jan 2015 02:56:28 +0000 (21:56 -0500)]
Ensure output is initialized. Closes CID #1267457
Arran Cudbard-Bell [Thu, 29 Jan 2015 12:38:11 +0000 (19:38 +0700)]
MySQL error messages contain single quotes, so don't wrap them in more...
Arran Cudbard-Bell [Thu, 29 Jan 2015 07:26:26 +0000 (14:26 +0700)]
Print the user/group we were using when we tried to open input files and failed
It's actually pretty useful to know. Especially as we do different things running with -X.
Arran Cudbard-Bell [Thu, 29 Jan 2015 06:28:44 +0000 (13:28 +0700)]
Error out if we can't set LDAP options
Arran Cudbard-Bell [Thu, 29 Jan 2015 04:07:11 +0000 (11:07 +0700)]
Add notes on disabling peercred auth
Alan T. DeKok [Wed, 28 Jan 2015 18:53:10 +0000 (13:53 -0500)]
Filter out EAP-Message, too. Fixes #893
Alan T. DeKok [Wed, 28 Jan 2015 16:54:35 +0000 (11:54 -0500)]
Added simple dynamic xlat tests
for stand-alone expansions
Arran Cudbard-Bell [Wed, 28 Jan 2015 12:07:36 +0000 (19:07 +0700)]
We don't need to check for a User-Name in the request to authorize users in rlm_ldap
It's not used by the rlm_ldap code, we use a filter to locate the user.
Arran Cudbard-Bell [Wed, 28 Jan 2015 10:09:10 +0000 (17:09 +0700)]
Fix -Winitialize in ippool tool
Arran Cudbard-Bell [Wed, 28 Jan 2015 10:05:28 +0000 (17:05 +0700)]
Because GCC 4.4.7 apparently doesn't support the 'noreturn' pragma
Arran Cudbard-Bell [Wed, 28 Jan 2015 09:52:27 +0000 (16:52 +0700)]
Normalise indentation in rlm_ldap configure script
Arran Cudbard-Bell [Wed, 28 Jan 2015 09:51:15 +0000 (16:51 +0700)]
Link to libldap instead of libldap_r
This change may be reverted if it causes issues.
Alan T. DeKok [Tue, 27 Jan 2015 16:57:30 +0000 (11:57 -0500)]
Document attribute filtering. Fixes #893
Alan T. DeKok [Tue, 27 Jan 2015 13:51:09 +0000 (08:51 -0500)]
build cleanly WITH_GCD
Arran Cudbard-Bell [Tue, 27 Jan 2015 07:08:48 +0000 (14:08 +0700)]
Set query timeout correctly in the MySQL driver
read timeout is t * 3 write timeout is t * 2 and connect timeout is t *sigh*
Which means the effective minimum query timeout is 3.
Arran Cudbard-Bell [Tue, 27 Jan 2015 07:05:32 +0000 (14:05 +0700)]
Disable MySQL autoreconnect
We need to know when a connection has failed
Alan T. DeKok [Tue, 27 Jan 2015 03:17:05 +0000 (22:17 -0500)]
Fix cppcheck complaints
Alan T. DeKok [Tue, 27 Jan 2015 03:04:08 +0000 (22:04 -0500)]
Rearrange code to quiet cppcheck
Alan T. DeKok [Tue, 27 Jan 2015 03:01:12 +0000 (22:01 -0500)]
fix cppcheck warnings
Alan T. DeKok [Mon, 26 Jan 2015 22:29:19 +0000 (17:29 -0500)]
un-confuse cppcheck
Alan T. DeKok [Mon, 26 Jan 2015 22:11:22 +0000 (17:11 -0500)]
checks for start_tls were accidentally deleted
Alan T. DeKok [Mon, 26 Jan 2015 21:48:33 +0000 (16:48 -0500)]
Shut up C compiler by including header files
Alan T. DeKok [Mon, 26 Jan 2015 21:46:03 +0000 (16:46 -0500)]
signed int issues
Alan T. DeKok [Mon, 26 Jan 2015 21:45:53 +0000 (16:45 -0500)]
Shut up cppcheck
Alan T. DeKok [Mon, 26 Jan 2015 21:42:55 +0000 (16:42 -0500)]
Simplify many #ifdef's
Alan T. DeKok [Mon, 26 Jan 2015 21:34:55 +0000 (16:34 -0500)]
Ensure we close FILEs.
Alan T. DeKok [Mon, 26 Jan 2015 21:32:53 +0000 (16:32 -0500)]
Ensure we initialize variables
Alan T. DeKok [Mon, 26 Jan 2015 21:32:53 +0000 (16:32 -0500)]
Ensure we initialize variables
Alan T. DeKok [Mon, 26 Jan 2015 21:28:35 +0000 (16:28 -0500)]
Remove unneeded assertion.
Arran Cudbard-Bell [Mon, 26 Jan 2015 19:14:38 +0000 (02:14 +0700)]
#ifdef out CURLOPT_PROTOCOLS if not defined
Alan T. DeKok [Mon, 26 Jan 2015 18:08:21 +0000 (13:08 -0500)]
As found on the net
Arran Cudbard-Bell [Mon, 26 Jan 2015 13:15:20 +0000 (20:15 +0700)]
Fix nested #ifdef HAVE_SETUID
Arran Cudbard-Bell [Mon, 26 Jan 2015 12:48:19 +0000 (19:48 +0700)]
Merge pull request #890 from kokel/dict-perle
add perle dictionary
Tobias Hachmer [Mon, 26 Jan 2015 12:45:04 +0000 (13:45 +0100)]
add perle dictionary
Arran Cudbard-Bell [Mon, 26 Jan 2015 09:47:26 +0000 (16:47 +0700)]
Move suid* functions to util.c so they're included in libfreeradius-server
This fixes linking issues, when they're called from other libfreeradius-server functions
Arran Cudbard-Bell [Mon, 26 Jan 2015 05:55:00 +0000 (12:55 +0700)]
Helps to write the result to the result buffer...
Arran Cudbard-Bell [Sun, 25 Jan 2015 09:30:41 +0000 (16:30 +0700)]
Move socket permissions code into fr_server_domain_socket
Arran Cudbard-Bell [Sun, 25 Jan 2015 08:51:35 +0000 (15:51 +0700)]
Partially revert "call rad_mkdir to make the path for the control socket, and modify the default config to place the control socket into a 'control' subdirectory"
This reverts commit
2268bddadaf2d3aab09f18eea863895c9a01ce7a.
Better to keep the new logic entirely separate
Conflicts:
src/main/command.c
src/main/util.c
Arran Cudbard-Bell [Sat, 24 Jan 2015 15:46:51 +0000 (22:46 +0700)]
Address (some) potential TOCTOU attack vectors in rad_mkdir
We now leave ownership as the effective UID (which should be sufficiently restrictive) whilst creating the directory structure, and set initial permissions to 0700.
When setting final permissions, we first open the directory, check we still have write permissions by doing fchmod with our effective UID/GID (which should not be super user), then suid_up, and use fchown to set the owner.
Arran Cudbard-Bell [Sat, 24 Jan 2015 12:27:42 +0000 (19:27 +0700)]
Rename directory to dir in rad_mkdir, and add doxygen header
Alan T. DeKok [Sun, 25 Jan 2015 23:00:06 +0000 (18:00 -0500)]
Cleanups to match the rest of the server formatting
Alan T. DeKok [Sun, 25 Jan 2015 22:51:18 +0000 (17:51 -0500)]
Minor cleanups
Nicolas C [Tue, 5 Aug 2014 09:06:40 +0000 (11:06 +0200)]
dhcpclient - allow to specify interface and send/recv at raw packet level
As discussed earlier on the list:
- if the client host has multiple interfaces,
- and at least one of them already has an IP address, Then the source IP
address cannot be 0.0.0.0 (even with "Packet-Src-IP-Address=0.0.0.0").
An actual IP address is automatically used as source.
This is modified by the device driver.
This patch does the following:
- Add an option to dhcpclient allowing to specify which network
interface to use.
- Open a raw socket on the low level packet interface. This allows
packet data to be left unchanged by the device driver.
- Encode Ethernet (send to ff:ff:ff:ff:ff:ff), IP and UDP layers
manually. And let FreeRADIUS do the DHCP stuff, as before.
(This required new specific socket / send / recv functions.)
The existing behaviour of dhcpclient is unchanged, it is used if the new
option -i is not set (or if destination is not broadcast).
Conflicts:
src/modules/proto_dhcp/dhcpclient.c
Alan T. DeKok [Sun, 25 Jan 2015 14:37:23 +0000 (09:37 -0500)]
Honor Packet-Src-Port in radclient. Fixes #889
Alan T. DeKok [Sun, 25 Jan 2015 14:32:27 +0000 (09:32 -0500)]
These variables are "static"
Alan T. DeKok [Sun, 25 Jan 2015 14:32:17 +0000 (09:32 -0500)]
fix compiler warnings
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:44:24 +0000 (15:44 +0700)]
Exit with the status of FreeRADIUS for debugging
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:30:26 +0000 (15:30 +0700)]
Make Debian and RHEL scripts output the same message if debug or debug-threaded is used and the daemon is still running
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:29:32 +0000 (15:29 +0700)]
Bring suse init script into line with other init scripts. Closes #884
Arran Cudbard-Bell [Sat, 24 Jan 2015 08:28:13 +0000 (15:28 +0700)]
Unused
Arran Cudbard-Bell [Sat, 24 Jan 2015 07:48:21 +0000 (14:48 +0700)]
Typo
Alan T. DeKok [Fri, 23 Jan 2015 21:08:35 +0000 (16:08 -0500)]
Fix typo
Alan T. DeKok [Fri, 23 Jan 2015 20:48:33 +0000 (15:48 -0500)]
The old name is deprecated, not the new one
Arran Cudbard-Bell [Fri, 23 Jan 2015 18:06:28 +0000 (01:06 +0700)]
Fix capitalisation in ssha2passwd
Arran Cudbard-Bell [Fri, 23 Jan 2015 17:46:37 +0000 (00:46 +0700)]
Modernise logrotate configuration files and use copytruncate for the main server logs
Alan T. DeKok [Thu, 22 Jan 2015 22:17:02 +0000 (17:17 -0500)]
Don't dereference NULL. Fixes #888
An attribute may have zero length, but is still (sort of)
well formed.
Arran Cudbard-Bell [Thu, 22 Jan 2015 19:53:32 +0000 (02:53 +0700)]
Initialise ldapai_info_version field of LDAPAPIInfo struct so the LDAP_OPT_API_INFO call works
Arran Cudbard-Bell [Thu, 22 Jan 2015 15:58:12 +0000 (22:58 +0700)]
Sanitize curl-config cflags