]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
5 weeks agoRe-enable ring_buffer_test
Nick Porter [Tue, 2 Sep 2025 14:48:25 +0000 (15:48 +0100)] 
Re-enable ring_buffer_test

5 weeks agoCorrect comment
Nick Porter [Mon, 8 Sep 2025 15:48:12 +0000 (16:48 +0100)] 
Correct comment

5 weeks agoPop all pending control messages when the read event fires
Nick Porter [Mon, 8 Sep 2025 15:47:53 +0000 (16:47 +0100)] 
Pop all pending control messages when the read event fires

Under extreme load not all messages get popped, eventually leading to a
full ring buffer and so collapse of the control signalling.

5 weeks agoDon't re-run garbage collection
Nick Porter [Mon, 8 Sep 2025 15:31:38 +0000 (16:31 +0100)] 
Don't re-run garbage collection

`fr_control_message_alloc()` already attempts garbage collection if
allocation from the ring buffer fails, so trying again like this will
potentially result in 3 calls to `fr_control_gc()` when the buffer is
full.

5 weeks agoRetry writing to the pipe if it fails with EAGAIN / EWOULDBLOCK
Nick Porter [Mon, 8 Sep 2025 10:01:39 +0000 (11:01 +0100)] 
Retry writing to the pipe if it fails with EAGAIN / EWOULDBLOCK

5 weeks agoCorrect EV_SET for triggering user event
Nick Porter [Fri, 5 Sep 2025 14:32:59 +0000 (15:32 +0100)] 
Correct EV_SET for triggering user event

5 weeks agoAlign macro argument names with their use
Nick Porter [Fri, 5 Sep 2025 12:31:28 +0000 (13:31 +0100)] 
Align macro argument names with their use

5 weeks agoNo need to pass in event list as fr_event_user_t contains the list
Nick Porter [Fri, 5 Sep 2025 12:24:27 +0000 (13:24 +0100)] 
No need to pass in event list as fr_event_user_t contains the list

5 weeks agoDon't drop capabilities too early
Nick Porter [Wed, 17 Sep 2025 13:44:40 +0000 (14:44 +0100)] 
Don't drop capabilities too early

Dropping CAP_SETGID too early can cause setresuid() to fail on some
platforms.

Seen when running `freeradius -XC` on Debian platforms.

5 weeks agoclear CAP_SUID and CAP_GUID as necessary. Fixes #5647
Alan T. DeKok [Mon, 15 Sep 2025 19:29:49 +0000 (15:29 -0400)] 
clear CAP_SUID and CAP_GUID as necessary.  Fixes #5647

5 weeks agoPackage libfreeradius-der in .deb packages
Nick Porter [Mon, 15 Sep 2025 15:56:28 +0000 (16:56 +0100)] 
Package libfreeradius-der in .deb packages

5 weeks agoOptionally decode certificates using the DER decoder
Nick Porter [Mon, 15 Sep 2025 08:28:20 +0000 (09:28 +0100)] 
Optionally decode certificates using the DER decoder

This requires OpenSSL >= 3.4 where the custom stack allocator callback
is available.
The default stack size allocated by previous versions is too small and
the recursive calls involved in certificate decoding require a larger
stack.

5 weeks agoUse mmap to allocate for OpenSSL stack allocation
Nick Porter [Fri, 12 Sep 2025 19:53:37 +0000 (20:53 +0100)] 
Use mmap to allocate for OpenSSL stack allocation

Using the size reported by pthread_attr_getstacksize()

6 weeks agoAdd additional test for nested JSON encoding
Arran Cudbard-Bell [Wed, 10 Sep 2025 18:15:09 +0000 (19:15 +0100)] 
Add additional test for nested JSON encoding

6 weeks agoUpdate wiki link for redhat FAQ
ethan-thompson [Wed, 10 Sep 2025 14:32:39 +0000 (10:32 -0400)] 
Update wiki link for redhat FAQ

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Wed, 10 Sep 2025 04:29:55 +0000 (04:29 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Wed, 10 Sep 2025 04:28:46 +0000 (04:28 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Wed, 10 Sep 2025 04:28:19 +0000 (04:28 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Wed, 10 Sep 2025 04:26:22 +0000 (04:26 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
github-actions[bot] [Wed, 10 Sep 2025 04:26:13 +0000 (04:26 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Wed, 10 Sep 2025 04:25:04 +0000 (04:25 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Wed, 10 Sep 2025 04:24:46 +0000 (04:24 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Wed, 10 Sep 2025 04:24:40 +0000 (04:24 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar

6 weeks agoScheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Wed, 10 Sep 2025 04:24:37 +0000 (04:24 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar

7 weeks agoAdd test of %smtp.send() xlat
Nick Porter [Thu, 4 Sep 2025 14:18:08 +0000 (15:18 +0100)] 
Add test of %smtp.send() xlat

7 weeks agoAdd %smtp.send() xlat
Nick Porter [Thu, 4 Sep 2025 12:55:10 +0000 (13:55 +0100)] 
Add %smtp.send() xlat

For sending simple emails, e.g. as triggers or for logging exceptions.

7 weeks agoCorrect debug message types
Nick Porter [Thu, 4 Sep 2025 12:54:04 +0000 (13:54 +0100)] 
Correct debug message types

7 weeks agoUse correct rcode depending on why the call could not run
Nick Porter [Thu, 4 Sep 2025 12:50:05 +0000 (13:50 +0100)] 
Use correct rcode depending on why the call could not run

7 weeks agoCorrect comment
Nick Porter [Thu, 4 Sep 2025 12:45:50 +0000 (13:45 +0100)] 
Correct comment

7 weeks agoMake sure the randle is released if enqueue fails
Nick Porter [Thu, 4 Sep 2025 12:44:39 +0000 (13:44 +0100)] 
Make sure the randle is released if enqueue fails

7 weeks agoAdd aliases for sha2/sha3
Arran Cudbard-Bell [Thu, 4 Sep 2025 11:31:51 +0000 (13:31 +0200)] 
Add aliases for sha2/sha3

7 weeks agoEquality not assignment...
Arran Cudbard-Bell [Thu, 4 Sep 2025 11:01:47 +0000 (13:01 +0200)] 
Equality not assignment...

7 weeks agoAdd ordering match on attributes, to allow server side sort on profiles to return...
Arran Cudbard-Bell [Thu, 4 Sep 2025 11:00:42 +0000 (13:00 +0200)] 
Add ordering match on attributes, to allow server side sort on profiles to return attributes in a consistent order

7 weeks agoPass the correct uctx when resetting the timer
Nick Porter [Wed, 3 Sep 2025 18:23:03 +0000 (19:23 +0100)] 
Pass the correct uctx when resetting the timer

7 weeks agoRetry request will have state TRUNK_REQUEST_STATE_SENT
Nick Porter [Wed, 3 Sep 2025 18:14:14 +0000 (19:14 +0100)] 
Retry request will have state TRUNK_REQUEST_STATE_SENT

7 weeks agoPacify Coverity (CID #1503923)
Nick Porter [Wed, 3 Sep 2025 12:53:13 +0000 (13:53 +0100)] 
Pacify Coverity (CID #1503923)

Coverity is not correctly doing the calculations inside the loop to
realise that block_len is safely limited to protect against out of
bounds access to tpasswd.

7 weeks agoPacify Coverity (CID #1520878)
Nick Porter [Wed, 3 Sep 2025 10:50:17 +0000 (11:50 +0100)] 
Pacify Coverity (CID #1520878)

Coverity doesn't see that fd < 0 means the lock was released

7 weeks agoCorrect logic for finding trigger section for exfiles (CID #1665211)
Nick Porter [Wed, 3 Sep 2025 10:39:21 +0000 (11:39 +0100)] 
Correct logic for finding trigger section for exfiles (CID #1665211)

7 weeks agoPacify coverity (CID #1665209, #1665208, #1665207)
Nick Porter [Wed, 3 Sep 2025 09:53:14 +0000 (10:53 +0100)] 
Pacify coverity (CID #1665209, #1665208, #1665207)

Coverity doesn't follow that s_mac being wrapped in FR_DBUFF_TMP will be
populated by fr_base16_decode.

It also doesn't see that digest and mic will be populated by HMAC.

7 weeks agoEnsure pair list is allocated (CID #1665210)
Nick Porter [Wed, 3 Sep 2025 09:45:01 +0000 (10:45 +0100)] 
Ensure pair list is allocated (CID #1665210)

7 weeks agoUpdate repo lists after adding NR extras
Nick Porter [Tue, 2 Sep 2025 09:58:52 +0000 (10:58 +0100)] 
Update repo lists after adding NR extras

7 weeks agoDoxygen fixes
Nick Porter [Tue, 2 Sep 2025 09:30:40 +0000 (10:30 +0100)] 
Doxygen fixes

7 weeks agoadd backlog parameter for the listen() API
Alan T. DeKok [Mon, 1 Sep 2025 22:55:58 +0000 (18:55 -0400)] 
add backlog parameter for the listen() API

7 weeks agoadd more comments
Alan T. DeKok [Tue, 26 Aug 2025 19:20:08 +0000 (15:20 -0400)] 
add more comments

7 weeks agoRemove redundant options
Nick Porter [Mon, 1 Sep 2025 10:04:47 +0000 (11:04 +0100)] 
Remove redundant options

7 weeks agomode has to be set correctly, due to the CONF_PARSER function
Nick Porter [Mon, 1 Sep 2025 09:58:25 +0000 (10:58 +0100)] 
mode has to be set correctly, due to the CONF_PARSER function

7 weeks agoRemove incorrect comment
Nick Porter [Mon, 1 Sep 2025 09:53:36 +0000 (10:53 +0100)] 
Remove incorrect comment

7 weeks agoEnable NR extras repo
Nick Porter [Mon, 1 Sep 2025 09:09:23 +0000 (10:09 +0100)] 
Enable NR extras repo

The minimum version of libkqueue-dev set in debian/control is higher
than that provided by Ubuntu repos.

7 weeks agoUse Module-Name and Module-Instance in global triggers
Nick Porter [Mon, 1 Sep 2025 08:48:10 +0000 (09:48 +0100)] 
Use Module-Name and Module-Instance in global triggers

7 weeks agoUse correct value for trigger name
Nick Porter [Mon, 1 Sep 2025 08:40:09 +0000 (09:40 +0100)] 
Use correct value for trigger name

8 weeks agoPass trigger_args to trunk_alloc
Nick Porter [Fri, 29 Aug 2025 17:03:20 +0000 (18:03 +0100)] 
Pass trigger_args to trunk_alloc

8 weeks agoAdd trigger_args to rlm_tacacs
Nick Porter [Fri, 29 Aug 2025 17:00:41 +0000 (18:00 +0100)] 
Add trigger_args to rlm_tacacs

8 weeks agoAdd trigger_args to rlm_radius
Nick Porter [Fri, 29 Aug 2025 16:50:06 +0000 (17:50 +0100)] 
Add trigger_args to rlm_radius

8 weeks agoNo need for goto error
Nick Porter [Fri, 29 Aug 2025 16:29:42 +0000 (17:29 +0100)] 
No need for goto error

8 weeks agoAdd trigger args to rlm_ldap
Nick Porter [Fri, 29 Aug 2025 16:26:33 +0000 (17:26 +0100)] 
Add trigger args to rlm_ldap

8 weeks agoAdd trigger_args to rlm_sql
Nick Porter [Fri, 29 Aug 2025 16:01:13 +0000 (17:01 +0100)] 
Add trigger_args to rlm_sql

8 weeks agoAdd module_trigger_args_build
Nick Porter [Fri, 29 Aug 2025 15:57:57 +0000 (16:57 +0100)] 
Add module_trigger_args_build

As a common helper that can be called by modules which use triggers,
especially intended for modules which use trunks.

8 weeks agoAdd extra internal attributes for triggers
Nick Porter [Fri, 29 Aug 2025 15:54:04 +0000 (16:54 +0100)] 
Add extra internal attributes for triggers

8 weeks agoCorrect comment
Nick Porter [Fri, 29 Aug 2025 13:37:16 +0000 (14:37 +0100)] 
Correct comment

8 weeks agoAdd trigger_args to trunk
Nick Porter [Fri, 29 Aug 2025 11:00:45 +0000 (12:00 +0100)] 
Add trigger_args to trunk

8 weeks agoRemove stray &
Nick Porter [Fri, 29 Aug 2025 10:52:02 +0000 (11:52 +0100)] 
Remove stray &

2 months agoAllow control of triggers for rlm_redis_* using a conf option
Nick Porter [Tue, 26 Aug 2025 16:12:26 +0000 (17:12 +0100)] 
Allow control of triggers for rlm_redis_* using a conf option

2 months agoadd a completely bizarre, weird, confusing, and ridiculous dictionary
Alan T. DeKok [Tue, 26 Aug 2025 14:16:57 +0000 (10:16 -0400)] 
add a completely bizarre, weird, confusing, and ridiculous dictionary

2 months agoadd more helpful error message
Alan T. DeKok [Tue, 26 Aug 2025 12:34:26 +0000 (08:34 -0400)] 
add more helpful error message

2 months agoNo need for documentation build deps on crossbuild checks
Nick Porter [Tue, 26 Aug 2025 13:58:27 +0000 (14:58 +0100)] 
No need for documentation build deps on crossbuild checks

2 months agoCorrect talloc parenting of dynamic radclient
Nick Porter [Tue, 26 Aug 2025 13:18:11 +0000 (14:18 +0100)] 
Correct talloc parenting of dynamic radclient

2 months agocreate Event-Timestamp if it doesn't exist
Alan T. DeKok [Tue, 26 Aug 2025 11:41:23 +0000 (07:41 -0400)] 
create Event-Timestamp if it doesn't exist

2 months agoaccount for Acct-Delay-Time, too
Alan T. DeKok [Tue, 26 Aug 2025 10:47:07 +0000 (06:47 -0400)] 
account for Acct-Delay-Time, too

2 months agotypo
Alan T. DeKok [Mon, 25 Aug 2025 17:25:49 +0000 (13:25 -0400)] 
typo

2 months agoSet box to true if touch succeeds
Nick Porter [Mon, 25 Aug 2025 14:44:48 +0000 (15:44 +0100)] 
Set box to true if touch succeeds

2 months agoAdd test server environment variables to .vscode launcher
Nick Porter [Mon, 25 Aug 2025 14:40:24 +0000 (15:40 +0100)] 
Add test server environment variables to .vscode launcher

Based on values which match test servers set up by CI server setup
scripts.

2 months agoupdate key field based on found struct
Alan T. DeKok [Mon, 25 Aug 2025 14:36:17 +0000 (10:36 -0400)] 
update key field based on found struct

2 months agoEnsure ci is populated
Nick Porter [Mon, 25 Aug 2025 14:13:12 +0000 (15:13 +0100)] 
Ensure ci is populated

2 months agoDefine %file.touch()
Nick Porter [Mon, 25 Aug 2025 13:55:44 +0000 (14:55 +0100)] 
Define %file.touch()

Since it's used by ldap_sync tests

2 months agoThese are freed by freeing request
Nick Porter [Mon, 25 Aug 2025 13:19:28 +0000 (14:19 +0100)] 
These are freed by freeing request

2 months agoLDAP and SQL triggers are now driven by trunk code
Nick Porter [Mon, 25 Aug 2025 12:18:03 +0000 (13:18 +0100)] 
LDAP and SQL triggers are now driven by trunk code

Which use fixed names of `pool.<trigger name>` rather than
`modules.<module name>.<trigger name>`

2 months agoWS
Nick Porter [Mon, 25 Aug 2025 12:14:07 +0000 (13:14 +0100)] 
WS

2 months agoCorrect comment
Nick Porter [Mon, 25 Aug 2025 12:13:56 +0000 (13:13 +0100)] 
Correct comment

2 months agoAdd new MIB for trunk state triggers
Nick Porter [Mon, 25 Aug 2025 12:13:37 +0000 (13:13 +0100)] 
Add new MIB for trunk state triggers

2 months agoDon't attempt to run triggers when there's no event list
Nick Porter [Mon, 25 Aug 2025 10:36:34 +0000 (11:36 +0100)] 
Don't attempt to run triggers when there's no event list

Which will happen for any triggers fired late in the shutdown

2 months agoSet trigger_prefix for rlm_detail
Nick Porter [Mon, 25 Aug 2025 09:53:52 +0000 (10:53 +0100)] 
Set trigger_prefix for rlm_detail

So per-instance triggers can just go in a trigger subsection rather than
in file { trigger { ... } }

2 months agoIf trigger_prefix is defined, use the passed in CONF_SECTION
Nick Porter [Mon, 25 Aug 2025 09:52:23 +0000 (10:52 +0100)] 
If trigger_prefix is defined, use the passed in CONF_SECTION

Allows, for example, rlm_detail, which only outputs to files, to avoid
having to put trigger definitions inside overly nested sections.

2 months agoAdd caching of trigger CONF_PAIRs and trigger undef to exfile
Nick Porter [Mon, 25 Aug 2025 09:41:50 +0000 (10:41 +0100)] 
Add caching of trigger CONF_PAIRs and trigger undef to exfile

2 months agoAdd optional CONF_PAIR ** argument to trigger()
Nick Porter [Mon, 25 Aug 2025 08:11:49 +0000 (09:11 +0100)] 
Add optional CONF_PAIR ** argument to trigger()

Allows passing in of known CONF_PAIR and return of found pair, so
triggers which are called often don't have to repeatedly hunt for the
pair.

2 months agoMake connections triggers optional
Nick Porter [Fri, 22 Aug 2025 09:21:38 +0000 (10:21 +0100)] 
Make connections triggers optional

2 months agoCache when trunk triggers are not found
Nick Porter [Fri, 22 Aug 2025 09:18:06 +0000 (10:18 +0100)] 
Cache when trunk triggers are not found

So we don't hunt for them on every state change.

SQL trunks connections change from ACTIVE to FULL and back on every
query due to the limit of 1 query per connection - so it is unlikely
that triggers would be configured for those states, and caching that
they are not configured saves a lot of conf pair finding.

2 months agoMake exfile based triggers optional
Nick Porter [Fri, 22 Aug 2025 09:14:15 +0000 (10:14 +0100)] 
Make exfile based triggers optional

Otherwise, enabling triggers will cause `rlm_linelog` and `rlm_detail`
to perform a lot of hunting for configured triggers as files are openned
and closed.

2 months agoReturn different values depending on why a trigger was not fired
Nick Porter [Fri, 22 Aug 2025 09:10:33 +0000 (10:10 +0100)] 
Return different values depending on why a trigger was not fired

To allow cacheing of un-defined triggers

2 months agoUse a conf parser function to find module trunk trigger conf sections
Nick Porter [Fri, 22 Aug 2025 07:43:37 +0000 (08:43 +0100)] 
Use a conf parser function to find module trunk trigger conf sections

2 months agoAdd CONF_SECTION for trunk connection / request triggers
Nick Porter [Thu, 21 Aug 2025 18:17:17 +0000 (19:17 +0100)] 
Add CONF_SECTION for trunk connection / request triggers

So modules using trunks can have their own trigger sections.

2 months agoMove trunk triggers boolean to trunk->conf
Nick Porter [Thu, 21 Aug 2025 18:16:16 +0000 (19:16 +0100)] 
Move trunk triggers boolean to trunk->conf

Splitting between connection and request and add CONF_PARSER rules to
set the options.

2 months agoIf we find the module "trigger" subsection, use it
Nick Porter [Thu, 21 Aug 2025 17:24:16 +0000 (18:24 +0100)] 
If we find the module "trigger" subsection, use it

2 months agominor cleanups and notes
Alan T. DeKok [Mon, 25 Aug 2025 12:20:32 +0000 (08:20 -0400)] 
minor cleanups and notes

2 months agoadd migration flag for key field transition
Alan T. DeKok [Mon, 25 Aug 2025 12:19:57 +0000 (08:19 -0400)] 
add migration flag for key field transition

there's no configuration for it, but the flag is added automatically

2 months agoit helps to parse unions here, too
Alan T. DeKok [Mon, 25 Aug 2025 11:34:56 +0000 (07:34 -0400)] 
it helps to parse unions here, too

2 months agomove encode_keyed_struct() to its own function
Alan T. DeKok [Sun, 24 Aug 2025 12:12:35 +0000 (08:12 -0400)] 
move encode_keyed_struct() to its own function

and remove last vestiges of "flat" encoder

2 months agomove encode_tlv() to child function
Alan T. DeKok [Sun, 24 Aug 2025 12:04:52 +0000 (08:04 -0400)] 
move encode_tlv() to child function

2 months agorun dir is moved to /run (#5636)
Gerald Vogt [Sun, 24 Aug 2025 12:28:01 +0000 (14:28 +0200)] 
run dir is moved to /run (#5636)

2 months agoUse of MemoryLimit is deprecated (#5638)
Gerald Vogt [Sun, 24 Aug 2025 12:27:38 +0000 (14:27 +0200)] 
Use of MemoryLimit is deprecated (#5638)

2 months agomove generic encode / decode to encode.c and decode.c
Alan T. DeKok [Sun, 24 Aug 2025 02:16:43 +0000 (22:16 -0400)] 
move generic encode / decode to encode.c and decode.c