]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
4 months agoadd and use FR_VALUE_BOX_SAFE_FOR_ANY developer/safe_for
Alan T. DeKok [Mon, 10 Mar 2025 12:31:03 +0000 (08:31 -0400)] 
add and use FR_VALUE_BOX_SAFE_FOR_ANY

which lets us *not* escape data which is taken from the
configuration files

This branch should be deleted when the work is merged to the
master branch

4 months agohackity hack, until such time as we fix xlat_copy()
Alan T. DeKok [Mon, 10 Mar 2025 02:42:53 +0000 (22:42 -0400)] 
hackity hack, until such time as we fix xlat_copy()

because xlat_copy() expects its output to exist

4 months agofix wrong assertion
Alan T. DeKok [Mon, 10 Mar 2025 02:24:50 +0000 (22:24 -0400)] 
fix wrong assertion

4 months agocopy literals_safe_for
Alan T. DeKok [Mon, 10 Mar 2025 02:18:38 +0000 (22:18 -0400)] 
copy literals_safe_for

4 months agoquote bare words in function arguments
Alan T. DeKok [Mon, 10 Mar 2025 01:23:28 +0000 (21:23 -0400)] 
quote bare words in function arguments

4 months agothese functions take variadic arguments
Alan T. DeKok [Mon, 10 Mar 2025 01:52:53 +0000 (21:52 -0400)] 
these functions take variadic arguments

4 months agofailure to find an OID isn't an OOM issue
Alan T. DeKok [Mon, 10 Mar 2025 01:26:01 +0000 (21:26 -0400)] 
failure to find an OID isn't an OOM issue

4 months agoallow stealing of name buffer
Alan T. DeKok [Sun, 9 Mar 2025 20:10:12 +0000 (16:10 -0400)] 
allow stealing of name buffer

4 months agomove keyword tests to new xlat argument parser
Alan T. DeKok [Sun, 9 Mar 2025 19:54:45 +0000 (15:54 -0400)] 
move keyword tests to new xlat argument parser

with a bit of good fortune, not all tests had to be updated.
However, there are still many tests which do unnecessary
expansions, ala

%foo(%{User-Name}

which is no longer necessary.  It may be useful to forbid that,
or to at least print an error message complaining about it.

4 months agoupdate the tmpl_rules for argument parsing
Alan T. DeKok [Sun, 9 Mar 2025 14:30:28 +0000 (10:30 -0400)] 
update the tmpl_rules for argument parsing

so that we don't do casts, etc. of the function arguments

add more checks, and produce better errors

when checking function arguments, we no longer assume that all
of the arguments have been parsed as a string.  Instead, they
may be parsed as some other data type.  We can then cast the
input expression to the expected data type for the argument.

this change also changes the expected output, where functions like
%md5() now print their parsed arguments as octet strings.

4 months ago%regex() takes variadic args
Alan T. DeKok [Sun, 9 Mar 2025 16:48:31 +0000 (12:48 -0400)] 
%regex() takes variadic args

4 months agoadd notes on future optimizations
Alan T. DeKok [Sun, 9 Mar 2025 16:43:25 +0000 (12:43 -0400)] 
add notes on future optimizations

4 months ago%test() takes a string argument in the tests.
Alan T. DeKok [Sun, 9 Mar 2025 15:54:11 +0000 (11:54 -0400)] 
%test() takes a string argument in the tests.

the old function argument parser didn't complain when it was
passed arguments to a function which didn't take arguments. It's
better to complain.

4 months agomake error easier to understand
Alan T. DeKok [Sun, 9 Mar 2025 15:53:57 +0000 (11:53 -0400)] 
make error easier to understand

4 months agodon't overflow the buffer, and make the output clearer
Alan T. DeKok [Sun, 9 Mar 2025 15:47:41 +0000 (11:47 -0400)] 
don't overflow the buffer, and make the output clearer

4 months agoit helps to copy TMPL_TYPE_DATA, too
Alan T. DeKok [Sun, 9 Mar 2025 14:05:17 +0000 (10:05 -0400)] 
it helps to copy TMPL_TYPE_DATA, too

and update the code so that all tmpl types are accounted for,
OR if there's one missing, we hit an assert

4 months agotmpl may not be an attribute
Alan T. DeKok [Sun, 9 Mar 2025 13:29:53 +0000 (09:29 -0400)] 
tmpl may not be an attribute

4 months agoadd quotes to function arguments in sample policies
Alan T. DeKok [Sun, 9 Mar 2025 12:43:02 +0000 (08:43 -0400)] 
add quotes to function arguments in sample policies

4 months agothis header file is no longer needed
Alan T. DeKok [Sat, 8 Mar 2025 17:54:58 +0000 (12:54 -0500)] 
this header file is no longer needed

4 months agolimit what types can be copied and escaped
Alan T. DeKok [Sat, 8 Mar 2025 17:46:16 +0000 (12:46 -0500)] 
limit what types can be copied and escaped

4 months agoremove & from default values for module configurations
Alan T. DeKok [Sat, 8 Mar 2025 17:32:15 +0000 (12:32 -0500)] 
remove & from default values for module configurations

4 months agoremove & from debug output and compiled names
Alan T. DeKok [Sat, 8 Mar 2025 15:38:57 +0000 (10:38 -0500)] 
remove & from debug output and compiled names

4 months agoremove files which should not have been committed
Alan T. DeKok [Sat, 8 Mar 2025 14:32:42 +0000 (09:32 -0500)] 
remove files which should not have been committed

4 months agoremove '&' from the date module
Alan T. DeKok [Sat, 8 Mar 2025 14:26:14 +0000 (09:26 -0500)] 
remove '&' from the date module

4 months agoremove '&' from json
Alan T. DeKok [Sat, 8 Mar 2025 14:25:32 +0000 (09:25 -0500)] 
remove '&' from json

4 months agocheck and use new xlat_func_bare_words
Alan T. DeKok [Sat, 8 Mar 2025 13:36:43 +0000 (08:36 -0500)] 
check and use new xlat_func_bare_words

which changes the parsing of function arguments from

  * all unquoted arguments must be single-token bare words

to

  * all unquoted arguments are expressions

The default is to enable the flag, as there are a large
number of configuration files to update.

for now, the compatibility flag is disabled for src/tests/unit
and src/tests/xlat, and enabled for src/tests/keywords and
src/tests/modules

4 months agoreturn bytes consumed, like the other parsing functions
Alan T. DeKok [Sat, 8 Mar 2025 12:59:15 +0000 (07:59 -0500)] 
return bytes consumed, like the other parsing functions

4 months agoadd migration flag for xlat functions
Alan T. DeKok [Sat, 8 Mar 2025 12:50:48 +0000 (07:50 -0500)] 
add migration flag for xlat functions

to treat the arguments as bare words or as expressions

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Sat, 8 Mar 2025 09:35:08 +0000 (09:35 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Sat, 8 Mar 2025 09:35:02 +0000 (09:35 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:40 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:38 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:31 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:19 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:16 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:14 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar

4 months agoScheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Sat, 8 Mar 2025 09:34:10 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar

4 months agodocs: Module section update and formatting. Partials added (single source)
nolade [Fri, 7 Mar 2025 15:15:34 +0000 (10:15 -0500)] 
docs: Module section update and formatting. Partials added (single source)

4 months agofix spacing of message
Alan T. DeKok [Fri, 7 Mar 2025 15:06:22 +0000 (10:06 -0500)] 
fix spacing of message

4 months agoupdate xlat_tokenize_arg() in preparation for move to non-'&'
Alan T. DeKok [Fri, 7 Mar 2025 14:44:44 +0000 (09:44 -0500)] 
update xlat_tokenize_arg() in preparation for move to non-'&'

audit the callers, and ensure that the expectations of the code
match the use-cases.

Update the code to match the use-cases, and with better error
messages.

update the tests to match the new error messages

4 months agorename function to be clearer, and check for errors
Alan T. DeKok [Fri, 7 Mar 2025 14:18:39 +0000 (09:18 -0500)] 
rename function to be clearer, and check for errors

4 months agoremove unused function
Alan T. DeKok [Fri, 7 Mar 2025 14:14:57 +0000 (09:14 -0500)] 
remove unused function

4 months agoremove one more '&' from files and ldap
Alan T. DeKok [Fri, 7 Mar 2025 14:01:23 +0000 (09:01 -0500)] 
remove one more '&' from files and ldap

4 months agoTidy up
Nick Porter [Fri, 7 Mar 2025 14:52:45 +0000 (14:52 +0000)] 
Tidy up

4 months agoTidy comments for sample rlm_smtp config
Nick Porter [Fri, 7 Mar 2025 14:41:38 +0000 (14:41 +0000)] 
Tidy comments for sample rlm_smtp config

4 months agoRemove & from rlm_smtp
Nick Porter [Fri, 7 Mar 2025 14:40:55 +0000 (14:40 +0000)] 
Remove & from rlm_smtp

4 months agoParameterise binding ip and ports for SMTP setup script
Nick Porter [Fri, 7 Mar 2025 14:12:00 +0000 (14:12 +0000)] 
Parameterise binding ip and ports for SMTP setup script

4 months agoadd example git configuration
Alan T. DeKok [Fri, 7 Mar 2025 11:55:03 +0000 (06:55 -0500)] 
add example git configuration

should be added a ~/.gitconfig

4 months agoRevert "value_box_copy() already sets "secret""
Nick Porter [Fri, 7 Mar 2025 12:14:33 +0000 (12:14 +0000)] 
Revert "value_box_copy() already sets "secret""

This reverts commit 6f19bf204a8f41f48dc5596675b5ce78ecf42cb0.

The user message could be the user name or the password - so this
sets `secret` based on the attribute being created.

4 months agoEnsure rlm_stats is only called from RADIUS virtual servers
Nick Porter [Fri, 7 Mar 2025 11:13:25 +0000 (11:13 +0000)] 
Ensure rlm_stats is only called from RADIUS virtual servers

4 months agoCorrect lookup of packet counter attributes
Nick Porter [Fri, 7 Mar 2025 11:03:52 +0000 (11:03 +0000)] 
Correct lookup of packet counter attributes

Using the nested structure

4 months agoAvoid repetition in stats attributes
Nick Porter [Fri, 7 Mar 2025 10:42:53 +0000 (10:42 +0000)] 
Avoid repetition in stats attributes

4 months agoSplit rlm_stats into two method calls
Nick Porter [Fri, 7 Mar 2025 10:42:05 +0000 (10:42 +0000)] 
Split rlm_stats into two method calls

To distinguish incrementing and fetching.

4 months agoremove '&' from dhcpv4
Alan T. DeKok [Thu, 6 Mar 2025 20:17:40 +0000 (15:17 -0500)] 
remove '&' from dhcpv4

4 months agoremove one more '&'
Alan T. DeKok [Thu, 6 Mar 2025 20:16:48 +0000 (15:16 -0500)] 
remove one more '&'

4 months agoremove '&' from json
Alan T. DeKok [Thu, 6 Mar 2025 20:15:23 +0000 (15:15 -0500)] 
remove '&' from json

but not from the function calls, because we need it for now

4 months agoremove '&' from redis_ippool
Alan T. DeKok [Thu, 6 Mar 2025 20:14:13 +0000 (15:14 -0500)] 
remove '&' from redis_ippool

4 months agouse consistent name for configuration directory
Alan T. DeKok [Thu, 6 Mar 2025 19:58:19 +0000 (14:58 -0500)] 
use consistent name for configuration directory

4 months agoremove '&' from etc_group
Alan T. DeKok [Thu, 6 Mar 2025 19:42:19 +0000 (14:42 -0500)] 
remove '&' from etc_group

4 months agotweak verbiology
Alan T. DeKok [Thu, 6 Mar 2025 19:42:04 +0000 (14:42 -0500)] 
tweak verbiology

4 months agoset tainted / secret flag based on both inputs
Alan T. DeKok [Thu, 6 Mar 2025 19:38:54 +0000 (14:38 -0500)] 
set tainted / secret flag based on both inputs

4 months agovalue_box_copy() already sets "secret"
Alan T. DeKok [Thu, 6 Mar 2025 19:29:21 +0000 (14:29 -0500)] 
value_box_copy() already sets "secret"

so we don't need to do it here

4 months agosuppress secrets, even for nested groups
Alan T. DeKok [Thu, 6 Mar 2025 19:25:08 +0000 (14:25 -0500)] 
suppress secrets, even for nested groups

4 months agoset secret flag based on source data
Alan T. DeKok [Thu, 6 Mar 2025 19:14:01 +0000 (14:14 -0500)] 
set secret flag based on source data

4 months agoMS-CHAP is plain-text equivalent.
Alan T. DeKok [Thu, 6 Mar 2025 19:02:50 +0000 (14:02 -0500)] 
MS-CHAP is plain-text equivalent.

Mark the Challenge field as secret, so that it doesn't get
exposed when people run the server in debug mode.

4 months agoremove '&'
Alan T. DeKok [Thu, 6 Mar 2025 17:25:14 +0000 (12:25 -0500)] 
remove '&'

4 months agoremove '&'
Alan T. DeKok [Thu, 6 Mar 2025 17:24:41 +0000 (12:24 -0500)] 
remove '&'

4 months agoremove '&' from delay
Alan T. DeKok [Thu, 6 Mar 2025 17:24:09 +0000 (12:24 -0500)] 
remove '&' from delay

4 months agoModule docs say this can be up to 5
Nick Porter [Thu, 6 Mar 2025 17:50:53 +0000 (17:50 +0000)] 
Module docs say this can be up to 5

4 months agoadd more and do tweaks
Alan T. DeKok [Thu, 6 Mar 2025 17:15:42 +0000 (12:15 -0500)] 
add more and do tweaks

4 months agodocs: Virtual Server section nav bar update. Landing pages for dhcp/dns/ldap added.
nolade [Thu, 6 Mar 2025 16:42:44 +0000 (11:42 -0500)] 
docs: Virtual Server section nav bar update. Landing pages for dhcp/dns/ldap added.

4 months agoremove '&' from krb5
Alan T. DeKok [Thu, 6 Mar 2025 16:24:01 +0000 (11:24 -0500)] 
remove '&' from krb5

4 months agoremove '&' from ldap
Alan T. DeKok [Thu, 6 Mar 2025 16:21:32 +0000 (11:21 -0500)] 
remove '&' from ldap

4 months agoremove '&' from linelog
Alan T. DeKok [Thu, 6 Mar 2025 16:19:25 +0000 (11:19 -0500)] 
remove '&' from linelog

4 months agoremove '&' from sql
Alan T. DeKok [Thu, 6 Mar 2025 16:16:39 +0000 (11:16 -0500)] 
remove '&' from sql

4 months agoremove '&' from cache
Alan T. DeKok [Thu, 6 Mar 2025 16:16:01 +0000 (11:16 -0500)] 
remove '&' from cache

4 months agoremove '&' from client module
Alan T. DeKok [Thu, 6 Mar 2025 16:10:42 +0000 (11:10 -0500)] 
remove '&' from client module

4 months agoremove '&' from exec
Alan T. DeKok [Thu, 6 Mar 2025 16:08:16 +0000 (11:08 -0500)] 
remove '&' from exec

and update the documentation

4 months agoremove more '&'
Alan T. DeKok [Thu, 6 Mar 2025 15:24:23 +0000 (10:24 -0500)] 
remove more '&'

4 months agoremove '&' from csv
Alan T. DeKok [Thu, 6 Mar 2025 15:19:38 +0000 (10:19 -0500)] 
remove '&' from csv

4 months agoremove '&' from rediswho
Alan T. DeKok [Thu, 6 Mar 2025 15:11:53 +0000 (10:11 -0500)] 
remove '&' from rediswho

and complain if the queries are missing

4 months agoremove '&' from mschap
Alan T. DeKok [Thu, 6 Mar 2025 15:04:14 +0000 (10:04 -0500)] 
remove '&' from mschap

4 months agoremove '&' from pap module
Alan T. DeKok [Thu, 6 Mar 2025 14:40:42 +0000 (09:40 -0500)] 
remove '&' from pap module

4 months agoremove '&' from sometimes module configuration
Alan T. DeKok [Thu, 6 Mar 2025 14:39:40 +0000 (09:39 -0500)] 
remove '&' from sometimes module configuration

4 months agoremove '&' from files module configuration
Alan T. DeKok [Thu, 6 Mar 2025 14:38:06 +0000 (09:38 -0500)] 
remove '&' from files module configuration

4 months agoremove '&' from passwd module configuration
Alan T. DeKok [Thu, 6 Mar 2025 14:31:34 +0000 (09:31 -0500)] 
remove '&' from passwd module configuration

4 months agoremove '&' from sqlippool configuration and source
Alan T. DeKok [Thu, 6 Mar 2025 14:30:40 +0000 (09:30 -0500)] 
remove '&' from sqlippool configuration and source

4 months agoproduce warnings and errors for attributes which have leading '&'
Alan T. DeKok [Thu, 6 Mar 2025 14:25:19 +0000 (09:25 -0500)] 
produce warnings and errors for attributes which have leading '&'

If we're in the new config and -C, produce a warning.

If the migration flag says to forbid '&', then we produce an
error.

4 months agoremove '&' from sqlcounter configuration and source
Alan T. DeKok [Thu, 6 Mar 2025 14:18:31 +0000 (09:18 -0500)] 
remove '&' from sqlcounter configuration and source

4 months agoAlways reset bio request
Nick Porter [Thu, 6 Mar 2025 16:16:34 +0000 (16:16 +0000)] 
Always reset bio request

4 months agoParent u->extra pairs from u
Nick Porter [Thu, 6 Mar 2025 16:15:24 +0000 (16:15 +0000)] 
Parent u->extra pairs from u

Makes freeing more consistent with all the different freeing paths.

4 months agoIf we're not saving the packet, clear u->packet
Nick Porter [Thu, 6 Mar 2025 16:14:04 +0000 (16:14 +0000)] 
If we're not saving the packet, clear u->packet

So bio_request_reset doesn't attempt to free it.

5 months agoHoist Module-Failue-Message from eap subrequest
Nick Porter [Wed, 5 Mar 2025 19:10:27 +0000 (19:10 +0000)] 
Hoist Module-Failue-Message from eap subrequest

So the parent request can log failure reasons

5 months agorearrange mods-available nav
Alan T. DeKok [Wed, 5 Mar 2025 11:49:34 +0000 (06:49 -0500)] 
rearrange mods-available nav

and add short summaries of the various modules

5 months agothis is no longer needed, we removed couchbase
Alan T. DeKok [Wed, 5 Mar 2025 11:48:43 +0000 (06:48 -0500)] 
this is no longer needed, we removed couchbase

5 months agoremove pre/post-proxy example
Alan T. DeKok [Wed, 5 Mar 2025 11:33:18 +0000 (06:33 -0500)] 
remove pre/post-proxy example

5 months agorlm_perl does support nested attributes now
Nick Porter [Wed, 5 Mar 2025 11:32:09 +0000 (11:32 +0000)] 
rlm_perl does support nested attributes now

5 months agoStart organizing the module navbar
nolade [Wed, 5 Mar 2025 00:49:07 +0000 (19:49 -0500)] 
Start organizing the module navbar

5 months agoFix capitalization of main nav items
nolade [Wed, 5 Mar 2025 00:26:21 +0000 (19:26 -0500)] 
Fix capitalization of main nav items

5 months agomove utility file to the proto_ldap_sync directory
Alan T. DeKok [Tue, 4 Mar 2025 15:18:41 +0000 (10:18 -0500)] 
move utility file to the proto_ldap_sync directory