Linus Nordberg [Wed, 18 Dec 2013 19:38:49 +0000 (20:38 +0100)]
Bump version number.
Linus Nordberg [Wed, 18 Dec 2013 12:26:54 +0000 (13:26 +0100)]
Distribute new CHANGES file.
Linus Nordberg [Wed, 18 Dec 2013 12:16:40 +0000 (13:16 +0100)]
Update documentation and configure.ac for libradsec-0.0.4.
Linus Nordberg [Wed, 18 Dec 2013 12:05:59 +0000 (13:05 +0100)]
Clarify README.
Linus Nordberg [Mon, 18 Nov 2013 16:28:54 +0000 (17:28 +0100)]
Add a debug printout when dropping an incoming response message.
Also, terminate another debug message with \n.
Linus Nordberg [Mon, 18 Nov 2013 16:27:23 +0000 (17:27 +0100)]
Avoid leaking memory when receiving a bad response.
A badly authenticated response message or one that didn't decode or
decrypt correctly was never freed. If caller didn't pass pkt_out, any
response was leaked as well.
As a bonus, the code is now readable too.
Linus Nordberg [Mon, 18 Nov 2013 15:34:21 +0000 (16:34 +0100)]
Stop rs_request_send() from leaking RSE_TIMEOUT_CONN and RSE_TIMEOUT_IO.
If sending or receiving time out, pop the error off the stack before
continuing the loop. Push a new error, RS_TIMEOUT, before timing out
for real.
Addresses LIBRADSEC-3.
Linus Nordberg [Mon, 18 Nov 2013 14:30:00 +0000 (15:30 +0100)]
Disable/delete events in the timeout callback.
Without this, the sequence
(1) send (successfully)
(2) receive (timeout)
(3) resend (successfully)
will have the read event from (2) trigger a read in (3) and the
response is lost.
Addresses LIBRADSEC-3.
Linus Nordberg [Fri, 15 Nov 2013 14:20:18 +0000 (15:20 +0100)]
Make sure that configure without --enable-tls works.
Also, --disable-tls, --enable-tls and --enable-tls=no.
Closes LIBRADSEC-2.
Linus Nordberg [Thu, 3 Oct 2013 19:16:53 +0000 (21:16 +0200)]
Merge branch 'libradsec' of git.nordu.net:radsecproxy into libradsec
# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
Linus Nordberg [Thu, 3 Oct 2013 19:13:54 +0000 (21:13 +0200)]
Implement disable_hostname_check config option.
Patch by Sam Hartman.
Linus Nordberg [Tue, 1 Oct 2013 17:18:50 +0000 (17:18 +0000)]
Enable TLS by default, configure time.
Linus Nordberg [Fri, 17 May 2013 08:53:36 +0000 (10:53 +0200)]
Have the library depend on radsec.sym.
Linus Nordberg [Fri, 17 May 2013 08:50:11 +0000 (10:50 +0200)]
Merge branch 'libradsec-add-avp-2' into libradsec
Conflicts:
lib/Makefile.am
Linus Nordberg [Fri, 17 May 2013 08:44:11 +0000 (10:44 +0200)]
Don't provide bogus info in an error.
Linus Nordberg [Fri, 17 May 2013 08:41:50 +0000 (10:41 +0200)]
Move PSK example configuration to a separate file.
Linus Nordberg [Wed, 15 May 2013 13:44:52 +0000 (15:44 +0200)]
Fix typo.
Linus Nordberg [Wed, 15 May 2013 09:57:09 +0000 (11:57 +0200)]
Don't crash on reading invalid messages.
Also, invoke disconnected callback and close connection in error
cases.
Linus Nordberg [Thu, 9 May 2013 07:50:11 +0000 (09:50 +0200)]
Whitespace changes in license headers.
Linus Nordberg [Thu, 9 May 2013 07:49:37 +0000 (09:49 +0200)]
Update copyright years.
Linus Nordberg [Thu, 9 May 2013 07:32:31 +0000 (09:32 +0200)]
Include stdlib.h everywhere we call (m|c)alloc.
Linus Nordberg [Thu, 9 May 2013 06:59:00 +0000 (08:59 +0200)]
Use malloc+memcpy rather than calloc+strcpy in rs_strdup.
For effiency (but triggered by calloc needing unistd.h on Darwin).
Linus Nordberg [Wed, 8 May 2013 21:10:11 +0000 (23:10 +0200)]
Revert "Bump library interface revision."
So there were two things wrong with that commit.
1. Library interface revision should be bumped only immediately before
a public release.
2. Given the changes in the library, it should change to 0:1:0 since
the interface didn't change (including not being extended).
This reverts commit
b9e967b3cde6af41cd0e863e9ff073897019625a.
Conflicts:
lib/Makefile.am
Linus Nordberg [Wed, 8 May 2013 21:03:51 +0000 (23:03 +0200)]
Export rs_packet_add_avp() and set library revision.
Correct library revision is 1:0:1, given that the last "released"
library was 0:0:0. (The current 1:0:0 is wrong.)
Linus Nordberg [Wed, 8 May 2013 20:42:00 +0000 (22:42 +0200)]
Clarify and reformat comments on how to use Libtool's -version-info.
Linus Nordberg [Wed, 8 May 2013 20:18:27 +0000 (22:18 +0200)]
Pass make distcheck.
Linus Nordberg [Wed, 8 May 2013 20:17:32 +0000 (22:17 +0200)]
Don't include tests in SUBIDRS after all.
It requires a running radius server. That's not a nice thing to
require for something like distcheck.
Linus Nordberg [Wed, 8 May 2013 19:42:17 +0000 (21:42 +0200)]
Initial RPM packaging
Adapted from
commit
8ff4e9ab2308fc6ee1e9b140d85ba45eff5287ce
Author: Sam hartman <hartmans@painless-security.com>
Date: Mon Oct 10 15:25:11 2011 +0100
Conflicts:
lib/Makefile.am
lib/configure.ac
Linus Nordberg [Wed, 8 May 2013 19:17:54 +0000 (21:17 +0200)]
Add a few bits to README.
Linus Nordberg [Wed, 8 May 2013 18:28:17 +0000 (20:28 +0200)]
Exit tests with number of failures.
Now 'make check' really fails when a test fails.
Linus Nordberg [Wed, 8 May 2013 18:23:06 +0000 (20:23 +0200)]
Add 'tests' to SUBDIRS to make 'make check' work.
Linus Nordberg [Wed, 8 May 2013 18:21:18 +0000 (20:21 +0200)]
Constify the MD5 implementation.
Linus Nordberg [Wed, 8 May 2013 15:08:14 +0000 (17:08 +0200)]
Add rs_packet_add_avp() and use it.
rs_packet_create_authn_request() now uses rs_packet_add_avp() instead
of rs_packet_append_avp() which makes it possible to create a
authentication packet without knowing the shared secret.
Calling rs_packet_add_avp() on a packet is incompatible with using
rs_packet_append_avp() on the same packet but since
rs_packet_create_authn_request() adds attribute-value pairs for user
name and password only if those arguments are supplied, code that
doesn't use user name and password (i.e. mech_eap) should still be
fine.
Linus Nordberg [Wed, 8 May 2013 15:10:10 +0000 (17:10 +0200)]
Push an error on the error stack when returning !RSE_OK.
Linus Nordberg [Wed, 8 May 2013 15:05:57 +0000 (17:05 +0200)]
Revive RSE_MAX.
It's being used after all.
Linus Nordberg [Wed, 8 May 2013 13:00:00 +0000 (15:00 +0200)]
Add an assert in error handling code.
Linus Nordberg [Wed, 8 May 2013 10:00:00 +0000 (12:00 +0200)]
Remove an unused error code and unusued RSE_MAX.
Also, remove unused file attr.c.
Linus Nordberg [Mon, 6 May 2013 10:01:00 +0000 (12:01 +0200)]
Follow API change in tests.
Linus Nordberg [Mon, 6 May 2013 10:00:00 +0000 (12:00 +0200)]
Revert "Add formal argument 'secret' to two public functions."
This reverts commit
09d1cff2418a900b587b2113f508984f2417cc11.
Conflicts:
lib/include/radsec/request.h
Sam Hartman [Wed, 19 Sep 2012 00:50:12 +0000 (20:50 -0400)]
Add and fix RADIUS attributes (
4b9e4cb1,
e4b6e972).
Fix capitalization in abfab dictionary
Update to IETF RADIUS attributes
draft-ietf-abfab-gss-eap has been approved; include IANA-issued
standard radius attributes for Moonshot.
Fix capitalization in abfab dictionary
Linus Nordberg [Tue, 7 May 2013 08:09:53 +0000 (10:09 +0200)]
Build include before building '.'
Patch by Sam Hartman (
ff1af013 in moonshot).
Linus Nordberg [Mon, 6 May 2013 18:30:47 +0000 (20:30 +0200)]
Use CUnit for tests.
cgreen didn't seem properly maintained. CUnit seems to be widely used.
Linus Nordberg [Mon, 6 May 2013 12:45:33 +0000 (14:45 +0200)]
Bump library interface revision.
Commit
edf4c047 claimed it did this but didn't really do it.
Should really have been done as part of bumping the library version
(0.0.2.dev in configure.ac).
Linus Nordberg [Mon, 6 May 2013 12:35:12 +0000 (14:35 +0200)]
Bump version to 0.0.4.dev to keep ahead of moonshot.
Linus Nordberg [Tue, 29 Jan 2013 14:27:26 +0000 (15:27 +0100)]
Improve documentation.
Linus Nordberg [Mon, 28 Jan 2013 15:22:14 +0000 (16:22 +0100)]
Remove dead code.
Linus Nordberg [Fri, 25 Jan 2013 08:58:26 +0000 (09:58 +0100)]
Update HACKING with a rough road map.
Linus Nordberg [Thu, 24 Jan 2013 16:33:08 +0000 (17:33 +0100)]
Add PSK example in examples/client.conf.
Linus Nordberg [Thu, 24 Jan 2013 16:32:18 +0000 (17:32 +0100)]
Do the test for PSK properly.
Fixes
823ea9ba.
Linus Nordberg [Thu, 24 Jan 2013 16:31:49 +0000 (17:31 +0100)]
Add two helper functions to conn.[ch].
Linus Nordberg [Thu, 24 Jan 2013 16:22:14 +0000 (17:22 +0100)]
Order functions properly in conn.c.
Linus Nordberg [Thu, 24 Jan 2013 15:51:36 +0000 (16:51 +0100)]
Don't verify server certificate if we're using PSK.
Linus Nordberg [Thu, 24 Jan 2013 11:44:19 +0000 (12:44 +0100)]
Add missing key files to demoCA.
Linus Nordberg [Thu, 24 Jan 2013 07:32:23 +0000 (08:32 +0100)]
Rename rs_packet_flags members.
Uppercase to make them appear as the constants they are, as opposed to
variables.
Remove 'flag' suffix, typically used for variables.
Spell out HEADER.
Linus Nordberg [Wed, 23 Jan 2013 17:26:12 +0000 (18:26 +0100)]
New demo CA for tests.
Update examples config file accordingly.
Linus Nordberg [Wed, 23 Jan 2013 15:18:26 +0000 (16:18 +0100)]
Handle case where config hasn't yet been read better.
Don't segfault is a good start.
Linus Nordberg [Wed, 23 Jan 2013 11:21:06 +0000 (12:21 +0100)]
Add some info on usage modes.
Linus Nordberg [Tue, 22 Jan 2013 14:52:09 +0000 (15:52 +0100)]
Add docstrings and a comment.
Linus Nordberg [Tue, 22 Jan 2013 14:46:11 +0000 (15:46 +0100)]
Remove unnecessary #includes.
Linus Nordberg [Tue, 22 Jan 2013 14:45:47 +0000 (15:45 +0100)]
Whitespace.
Linus Nordberg [Tue, 22 Jan 2013 14:45:33 +0000 (15:45 +0100)]
Compile with -Werror.
Linus Nordberg [Tue, 22 Jan 2013 13:14:07 +0000 (14:14 +0100)]
Remove incorrect build instruction from HACKING.
Linus Nordberg [Tue, 22 Jan 2013 13:11:32 +0000 (14:11 +0100)]
Add md5.[ch] for when we are configured without OpenSSL.
This is Solar Designers implementation from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 .
RS_MD5Transform goes away since it's not in md5.h. It's not used in
lib/radius/.
Might want to move this into lib/radius/ if we end up not using it in
lib/.
Linus Nordberg [Tue, 22 Jan 2013 10:01:59 +0000 (11:01 +0100)]
Revive radsecproxy.h and hostport_types.h and move rsp_* into radsecproxy/.
Linus Nordberg [Tue, 22 Jan 2013 09:36:57 +0000 (10:36 +0100)]
Clean up top dir.
Linus Nordberg [Mon, 21 Jan 2013 10:02:17 +0000 (11:02 +0100)]
Merge branch 'libradsec-new-client' into libradsec
Linus Nordberg [Mon, 21 Jan 2013 09:50:53 +0000 (10:50 +0100)]
Update README and HACKING.
Whitespace fixes.
Say Debian instead of Ubuntu.
Update versions of library dependencies.
HACKING:
Revive the "fully reentrant" design goal.
Admit that we don't implement a server API.
Linus Nordberg [Wed, 16 Jan 2013 14:39:53 +0000 (15:39 +0100)]
Fix a doc comment.
Linus Nordberg [Wed, 19 Dec 2012 14:45:42 +0000 (15:45 +0100)]
Define WITHOUT_OPENSSL if we don't have openssl.
This is for radius/client.h.
We will want an alternative way of getting MD5. Include md5.[ch] from
FreeBSD? Link with libnettle?
Linus Nordberg [Wed, 19 Dec 2012 11:15:15 +0000 (12:15 +0100)]
Fix typos.
#error messages.
Linus Nordberg [Wed, 19 Dec 2012 09:49:24 +0000 (10:49 +0100)]
Remove generated autotools files.
Linus Nordberg [Wed, 19 Dec 2012 09:41:57 +0000 (10:41 +0100)]
Rename COPYING -> LICENSE.
And distribute LICENSE and HACKING.
Linus Nordberg [Tue, 18 Dec 2012 13:40:35 +0000 (14:40 +0100)]
Remove the option to use GPLv2 as the license.
This follows the changes to the upstream radsecproxy repository.
Also, Stig Venaas is removed from all copyright, replaced by UNINETT.
Add JANET as copyright holder (avp.c).
Linus Nordberg [Tue, 18 Dec 2012 12:24:59 +0000 (13:24 +0100)]
Config docu.
Linus Nordberg [Tue, 18 Dec 2012 12:24:45 +0000 (13:24 +0100)]
Whitespace.
Linus Nordberg [Tue, 18 Dec 2012 07:40:00 +0000 (08:40 +0100)]
Include <sys/types.h> for Junos.
Fix from Luke Howard.
Linus Nordberg [Mon, 17 Dec 2012 15:11:42 +0000 (16:11 +0100)]
Whitespace.
Linus Nordberg [Mon, 17 Dec 2012 15:11:14 +0000 (16:11 +0100)]
Add formal argument 'secret' to two public functions.
The functions are rs_packet_create_authn_request() and
rs_request_create_authn().
Attributes of type PW_USER_PASSWORD are supposed to be MD5
obfuscated (see vp2data_any()).
NOTE: This is a non-backward compatible API change.
Linus Nordberg [Mon, 17 Dec 2012 15:07:16 +0000 (16:07 +0100)]
Example code: Print a little bit more helpful information on failure.
Linus Nordberg [Mon, 17 Dec 2012 15:05:55 +0000 (16:05 +0100)]
Example code: Don't create rs_error on failing context creation.
We don't export err_create() and the error is ENOMEM nowadays.
Linus Nordberg [Mon, 17 Dec 2012 15:04:30 +0000 (16:04 +0100)]
Docu: Fix libevent url.
Linus Nordberg [Mon, 17 Dec 2012 15:03:12 +0000 (16:03 +0100)]
Docu: Remove dependency on libradius.
Linus Nordberg [Wed, 12 Dec 2012 10:04:31 +0000 (11:04 +0100)]
Fix language.
Linus Nordberg [Fri, 27 Apr 2012 15:00:17 +0000 (17:00 +0200)]
Merge libradsec-new-client.
Linus Nordberg [Fri, 27 Apr 2012 14:58:03 +0000 (16:58 +0200)]
Fix struct in6_addr undefined.
Have lib/rsp_tlscommon.h include netinet/in.h since it's included by radsecproxy.h.
Linus Nordberg [Thu, 26 Apr 2012 08:19:52 +0000 (10:19 +0200)]
Verify certificate CN against configured hostname.
NOTE: The subjectAltName check is not well tested.
Linus Nordberg [Thu, 26 Apr 2012 08:18:33 +0000 (10:18 +0200)]
Implement cert verification.
NOTE: Not used yet.
Linus Nordberg [Thu, 26 Apr 2012 08:17:24 +0000 (10:17 +0200)]
Handle failing rs_context_create().
Linus Nordberg [Thu, 26 Apr 2012 08:15:51 +0000 (10:15 +0200)]
Use existing temporary variable conn.
Linus Nordberg [Thu, 26 Apr 2012 08:12:36 +0000 (10:12 +0200)]
Add an error code.
Also add error text for missing RSE_CRED.
Linus Nordberg [Thu, 26 Apr 2012 08:10:33 +0000 (10:10 +0200)]
Don't resolve DNS names in rs_peer_set_address().
It simply stores (a copy of) hostname and service name in PEER.
Linus Nordberg [Thu, 26 Apr 2012 08:08:59 +0000 (10:08 +0200)]
Use rs_strdup().
Linus Nordberg [Thu, 26 Apr 2012 08:03:42 +0000 (10:03 +0200)]
Add util.h and util.c.
Linus Nordberg [Thu, 26 Apr 2012 07:48:36 +0000 (09:48 +0200)]
Follow name change of rs_resolv().
Linus Nordberg [Wed, 25 Apr 2012 15:45:24 +0000 (17:45 +0200)]
Add missing radsec.h.
Linus Nordberg [Wed, 25 Apr 2012 15:41:27 +0000 (17:41 +0200)]
Postpone resolving of DNS names of server.
We used to resolve DNS names when reading configuration. We now do it
in event_init_socket() and cache the result in the connection object.
The imminent need for changing this is to keep host names around for
X509 certificate verification (CNAME and subjectAltName). This will
also help later when we implement server failover (and later, when
people want to do more dynamic configuration, f.ex. NAPTR).
Linus Nordberg [Wed, 25 Apr 2012 15:33:40 +0000 (17:33 +0200)]
Update HACKING.
Linus Nordberg [Wed, 25 Apr 2012 13:23:06 +0000 (15:23 +0200)]
Missing response packet in rs_conn_receive_packet doesn't have to be a bug.
Linus Nordberg [Wed, 25 Apr 2012 13:22:36 +0000 (15:22 +0200)]
Fix a comment.
Linus Nordberg [Mon, 23 Apr 2012 12:44:49 +0000 (14:44 +0200)]
Conditionally compile TLS-PSK code (--enable-tls-psk).
Also, allow for PSK-only configuration, i.e. don't barf on missing cert stuff.