]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
Alan T. DeKok [Wed, 20 Jul 2022 18:28:32 +0000 (14:28 -0400)]
use xlat_debug_attr_list
Alan T. DeKok [Wed, 20 Jul 2022 18:25:47 +0000 (14:25 -0400)]
export functions to debug attrs and lists
Alan T. DeKok [Wed, 20 Jul 2022 17:05:20 +0000 (13:05 -0400)]
support list_as_attr in tmpl_get_list()
Alan T. DeKok [Wed, 20 Jul 2022 16:52:02 +0000 (12:52 -0400)]
shut up clang scan
Alan T. DeKok [Wed, 20 Jul 2022 15:44:13 +0000 (11:44 -0400)]
typo
Alan T. DeKok [Wed, 20 Jul 2022 15:00:57 +0000 (11:00 -0400)]
more rough-in for getting child lists to work in edit sections
we need some changes / additions to the dcursor API in order
for this to be finalized.
James Jones [Wed, 20 Jul 2022 15:34:09 +0000 (10:34 -0500)]
Add missing MEM() guards to fr_value_box_alloc_null() calls (#4619)
One, in debug_attr_vp(), will silence CID #
1507353 . The
other is not associated with a coveriy issue, but should
be there. With this change, all fr_value_box_alloc_null()
call returns will either be checked by MEM() or have an
explicit check in the code.
Alan T. DeKok [Wed, 20 Jul 2022 14:36:14 +0000 (10:36 -0400)]
manually unwind indentation on cancel. Fixes #4622
Alan T. DeKok [Wed, 20 Jul 2022 13:45:52 +0000 (09:45 -0400)]
comments and docs
Alan T. DeKok [Tue, 19 Jul 2022 14:21:24 +0000 (10:21 -0400)]
separate out leaf / structural edit apply
Alan T. DeKok [Mon, 18 Jul 2022 22:37:20 +0000 (18:37 -0400)]
added fr_pair_list_steal()
Alan T. DeKok [Mon, 18 Jul 2022 18:40:29 +0000 (14:40 -0400)]
don't print RHS when it's a list
this has to be updated later to do the Right Thing
Alan T. DeKok [Mon, 18 Jul 2022 22:28:39 +0000 (18:28 -0400)]
more leak suppressions for recent OSX
Alan T. DeKok [Mon, 18 Jul 2022 16:30:57 +0000 (12:30 -0400)]
start of parent / child relationships for nested edit sections
Alan T. DeKok [Mon, 18 Jul 2022 15:45:00 +0000 (11:45 -0400)]
do less copying when editing lists
Alan T. DeKok [Mon, 18 Jul 2022 14:50:25 +0000 (10:50 -0400)]
move edit state to sub-structure
in preparation for allowing nested lists
Alan T. DeKok [Mon, 18 Jul 2022 14:20:45 +0000 (10:20 -0400)]
allow TMPL_TYPE_DATA on RHS of map
James Jones [Tue, 19 Jul 2022 12:37:59 +0000 (07:37 -0500)]
Constrain rcodes mapped to eap codes (CID #
1503933 ) (#4620)
Coverity notices that there are rlm_rcode_t values that
exceed the bounds on rcode_to_eap_code[].
Max Khon [Tue, 19 Jul 2022 12:19:12 +0000 (15:19 +0300)]
xlat_func_subst: do not add an additional self-reference (#4621)
Fixes the following talloc error when %(subst) is used:
ERROR: talloc_free with references at src/lib/util/value.c:3425
reference at src/lib/util/value.c:3982
Nick Porter [Mon, 18 Jul 2022 10:27:17 +0000 (11:27 +0100)]
Second fix on changing /etc/apt/sources.list
Alan T. DeKok [Sun, 17 Jul 2022 14:21:09 +0000 (10:21 -0400)]
print nested pairs, too
Alan T. DeKok [Sun, 17 Jul 2022 14:10:14 +0000 (10:10 -0400)]
allow edits of structural attributes.
this should work, as the underlying infrastructure now supports it.
Alan T. DeKok [Sun, 17 Jul 2022 14:08:27 +0000 (10:08 -0400)]
don't record NOOPs
Alan T. DeKok [Sun, 17 Jul 2022 12:51:39 +0000 (08:51 -0400)]
we now have head->flags, so just use that
Alan T. DeKok [Fri, 15 Jul 2022 20:24:05 +0000 (16:24 -0400)]
add %{paircmp:LDAP-Group foo} API and tests
so we can hack up "&LDAP-Group == 'foo'" in the short term
Alan T. DeKok [Fri, 15 Jul 2022 20:23:49 +0000 (16:23 -0400)]
rearrange code
Alan T. DeKok [Fri, 15 Jul 2022 15:50:04 +0000 (11:50 -0400)]
hoist common code to common function
in preparation for doing paircmp() in the new xlat framework
James Jones [Fri, 15 Jul 2022 14:08:49 +0000 (09:08 -0500)]
Annotate strcpy() in make_vlog; log_keyword is always short (CID #
1503899 ) (#4615)
All calls to make_vlog are done via macros that pass one of
"error", "warning", or "info" as log_keyword, all much shorter
than the 256-byte buffer that accumulates the log entry.
Alan T. DeKok [Fri, 15 Jul 2022 00:11:26 +0000 (20:11 -0400)]
Keep attr_protocol_encapsulation specific to one gctx
Alan T. DeKok [Thu, 14 Jul 2022 23:58:39 +0000 (19:58 -0400)]
hoist static analysis checks to before when they're used
Alan T. DeKok [Thu, 14 Jul 2022 13:48:50 +0000 (09:48 -0400)]
unify resolution of FUNC_UNRESOLVED and FUNC
by turning FUNC_UNRESOLVED into FUNC, and then just falling
through and using the normal FUNC resolution process.
Alan T. DeKok [Wed, 13 Jul 2022 20:13:24 +0000 (16:13 -0400)]
set more flags correctly
Alan T. DeKok [Wed, 13 Jul 2022 19:57:22 +0000 (15:57 -0400)]
more asserts for sanity checks on needs_resolving
Alan T. DeKok [Tue, 12 Jul 2022 21:03:38 +0000 (17:03 -0400)]
free conditions and children of "if" sections which were skipped
and ensure that cf_section_free_children() doesn't free CONF_DATA,
as that's still needed.
Alan T. DeKok [Wed, 13 Jul 2022 15:20:06 +0000 (11:20 -0400)]
don't merge flags quite as yet
the node may be re-written. We only merge flags when we're adding
the node to a function argument list
Alan T. DeKok [Tue, 12 Jul 2022 18:48:42 +0000 (14:48 -0400)]
regex now loops over input
Alan T. DeKok [Mon, 11 Jul 2022 20:44:27 +0000 (16:44 -0400)]
use fr_value_calc_list_cmp() for comparison operators
Alan T. DeKok [Mon, 11 Jul 2022 20:43:45 +0000 (16:43 -0400)]
add fr_value_calc_list_cmp()
which is O(N^2), and implements v3 functionality.
We arguably need a real list comparison, which checks each member
for equality
James Jones [Thu, 14 Jul 2022 13:32:32 +0000 (08:32 -0500)]
Uniform way of dealing with static analysis (#4613)
Static analysis doesn't necessarily infer all properties of code
and thus may give false positives. Since we use at least two static
analyzers, clang's and coverity, we define STATIC_ANALYZER if and
only if some static analysis is running, and check it instead of
a macro specific to a particular static analyzer. It's defined,
or not, in src/include/build.h, so that adding a new static
analyzer only requires adding code, not changing it.
Nick Porter [Thu, 14 Jul 2022 08:21:09 +0000 (09:21 +0100)]
Debian sid docker image no-longer has /etc/apt/sources.list
Nick Porter [Wed, 13 Jul 2022 15:10:20 +0000 (16:10 +0100)]
Use a child vp when encoding children of a group
Nick Porter [Wed, 13 Jul 2022 09:14:13 +0000 (10:14 +0100)]
Add VS code intellisense configuration
Alan T. DeKok [Mon, 11 Jul 2022 15:52:44 +0000 (11:52 -0400)]
remove unnecessary calls to fr_dcursor_current()
Alan T. DeKok [Mon, 11 Jul 2022 15:44:23 +0000 (11:44 -0400)]
don't create value-boxes with NULL ptrs for 'octets'
Alan T. DeKok [Mon, 11 Jul 2022 15:29:44 +0000 (11:29 -0400)]
simplify checks
Alan T. DeKok [Mon, 11 Jul 2022 15:29:18 +0000 (11:29 -0400)]
print out which function has issues
Alan T. DeKok [Mon, 11 Jul 2022 12:54:53 +0000 (08:54 -0400)]
fix bug and add test for logical ||
(&Framed-IP-Address || &Packet-Src-IP-Address) == (ipaddr) 127.0.0.1
should work when one of the attributes doesn't exist
Alan T. DeKok [Mon, 11 Jul 2022 12:11:27 +0000 (08:11 -0400)]
more docs
Alan T. DeKok [Sun, 10 Jul 2022 19:35:36 +0000 (15:35 -0400)]
shut up clang scan
Alan T. DeKok [Sun, 10 Jul 2022 13:12:36 +0000 (09:12 -0400)]
don't free vp before using it
Alan T. DeKok [Fri, 8 Jul 2022 20:10:56 +0000 (16:10 -0400)]
auto-remove the auto-added references
Max Khon [Sat, 9 Jul 2022 08:24:17 +0000 (11:24 +0300)]
Fix when filename starts with a directory separator (is an absolute path). (#4601)
Max Khon [Sat, 9 Jul 2022 00:38:22 +0000 (03:38 +0300)]
Fix UNIT_TEST_KEYWORD_ARGS when BUILD_DIR is an absolute path name (#4602)
* Fix UNIT_TEST_KEYWORD_ARGS when BUILD_DIR is an absolute path name
* Fix the following error when eapol_test test fails:
/bin/sh: line 8: ": command not found
* Fix map, modules and radclient tests when BUILD_DIR is an absolute path name
James Jones [Sat, 9 Jul 2022 00:37:00 +0000 (19:37 -0500)]
annotation typo (CID #
1504436 ) (#4596)
James Jones [Sat, 9 Jul 2022 00:34:10 +0000 (19:34 -0500)]
Annotate false positive in _raddict_report() (CID #
1505146 ) (#4588)
coverity doesn't know that if children == NULL, len will be
zero, so children won't be dereferenced.
James Jones [Sat, 9 Jul 2022 00:33:42 +0000 (19:33 -0500)]
Annotate false positive sizeof mismatch (CID #
1504018 ) (#4599)
James Jones [Sat, 9 Jul 2022 00:33:01 +0000 (19:33 -0500)]
Check tmpl_find_vp() return value (CID #
1503995 ) (#4600)
Now that tmpl_find_vp() returns -2 as advertised, we can check
the return value rather than checking vp, placating coverity.
James Jones [Sat, 9 Jul 2022 00:31:06 +0000 (19:31 -0500)]
Accomodate coverity in tls_cache_session_ticket_app_data_get() (CID #
1503904 ) (#4604)
Make the default appear for coverity as well as for clang static
analysis, for the same reason: otherwise, an unexpected status
could pass a NULL request to tls_cache_app_data_get().
James Jones [Sat, 9 Jul 2022 00:30:28 +0000 (19:30 -0500)]
Annotate false positive on curl_escape call (CID #
1503903 ) (#4605)
The NUL terminator isn't counted in the length parameter of
curl_escape():
1. You can pass 0 and curl_escape() will itself use strlen().
2. The example code from "man curl_escape" gives a length
that doesn't include the NUL terminator.
We therefore annotate the call to placate coverity.
Alan T. DeKok [Fri, 8 Jul 2022 15:11:23 +0000 (11:11 -0400)]
tests for %{string:} with other data types
Alan T. DeKok [Fri, 8 Jul 2022 15:07:43 +0000 (11:07 -0400)]
update documentation on string escaping, etc.
Alan T. DeKok [Fri, 8 Jul 2022 15:00:21 +0000 (11:00 -0400)]
removed duplicate page, and merged content
Arran Cudbard-Bell [Fri, 1 Jul 2022 18:59:01 +0000 (13:59 -0500)]
Start adding common module methods
Alan T. DeKok [Fri, 8 Jul 2022 13:22:10 +0000 (09:22 -0400)]
fixes and tests for regexes
Alan T. DeKok [Fri, 8 Jul 2022 13:02:52 +0000 (09:02 -0400)]
Revert "zero-length strings are allowed to have NULL ptrs"
This reverts commit
a49569534534c33bc0dad3505f012767dd241b85 .
Alan T. DeKok [Thu, 7 Jul 2022 19:13:15 +0000 (15:13 -0400)]
added new RFCs
Nick Porter [Fri, 8 Jul 2022 09:23:47 +0000 (10:23 +0100)]
Update python version on FreeBSD CI
Alan T. DeKok [Thu, 7 Jul 2022 14:59:56 +0000 (10:59 -0400)]
call xlat_init() manually, before registering any xlats
so that we don't need to check xlat_root every time we try to
register an xlat
Alan T. DeKok [Thu, 7 Jul 2022 14:06:52 +0000 (10:06 -0400)]
resolve all tmpls which need resolving
Alan T. DeKok [Thu, 7 Jul 2022 14:05:58 +0000 (10:05 -0400)]
pass the current dictionary to xlat_resolve()
Alan T. DeKok [Wed, 6 Jul 2022 18:07:09 +0000 (14:07 -0400)]
don't leave shallow references to an sbuff
Alan T. DeKok [Wed, 6 Jul 2022 17:36:46 +0000 (13:36 -0400)]
let's commit this, too
Alan T. DeKok [Wed, 6 Jul 2022 16:46:17 +0000 (12:46 -0400)]
allow for encoding of other protocols inside of the internal dict
we can't just drop the other protocols into a packet along side
internal attributes, because we can't distinguish the internal
attribute "1" from the protocol number "1".
We therefore need an encapsulation layer.
The internal encoder / decoder still needs to be updated to handle
Protocol-Encapsulation as a special-case, ala Message-Authenticator
Alan T. DeKok [Wed, 6 Jul 2022 15:40:40 +0000 (11:40 -0400)]
allow for 'ref=PROTOCOL' as a bare word
Alan T. DeKok [Wed, 6 Jul 2022 14:50:26 +0000 (10:50 -0400)]
always assign t_rules. Fixes #4594
t_rules is checked for NULL, but it later always dereferenced.
So just assign it to default_rules.
Alan T. DeKok [Wed, 6 Jul 2022 14:20:28 +0000 (10:20 -0400)]
add cf_item_free_children()
for use with if (0) { ... }, so that unused xlats can be freed.
Otherwise they're stuck in the instantiation tree, and will cause
issues.
Alan T. DeKok [Wed, 6 Jul 2022 14:17:09 +0000 (10:17 -0400)]
test for manual encoding of TLVs
Alan T. DeKok [Tue, 5 Jul 2022 17:53:17 +0000 (13:53 -0400)]
typo
Alan T. DeKok [Tue, 5 Jul 2022 17:52:52 +0000 (13:52 -0400)]
more casting comments
Nick Porter [Wed, 6 Jul 2022 13:32:06 +0000 (14:32 +0100)]
Typo
Nick Porter [Wed, 6 Jul 2022 13:28:08 +0000 (14:28 +0100)]
Report correct type in error message
Nick Porter [Wed, 6 Jul 2022 09:49:40 +0000 (10:49 +0100)]
Align docs with function definition
Nick Porter [Wed, 6 Jul 2022 09:19:42 +0000 (10:19 +0100)]
remove UNUSED
Alan T. DeKok [Tue, 5 Jul 2022 17:43:12 +0000 (13:43 -0400)]
Revert "map_afrom_cp: unescape double-quoted and back-quoted RHS prior to parsing it (#4590)"
This reverts commit
db35ae505b78437f1a726f0635cf6ef7a0d16ce3 .
this breaks many unit tests. We will need a better fix.
Alan T. DeKok [Tue, 5 Jul 2022 17:25:38 +0000 (13:25 -0400)]
update casting rules
(string)&Foo now means "print to string". This change only affects
'octets' types, as other types were already printed to a string
Alan T. DeKok [Tue, 5 Jul 2022 12:22:06 +0000 (08:22 -0400)]
more docs
Max Khon [Tue, 5 Jul 2022 13:34:28 +0000 (16:34 +0300)]
map_afrom_cp: unescape double-quoted and back-quoted RHS prior to parsing it (#4590)
Nick Porter [Tue, 5 Jul 2022 07:38:02 +0000 (08:38 +0100)]
ctx is used
Nick Porter [Tue, 5 Jul 2022 07:22:12 +0000 (08:22 +0100)]
Remove un-needed variable
Alan T. DeKok [Mon, 4 Jul 2022 22:29:30 +0000 (18:29 -0400)]
remove unused variable
Alan T. DeKok [Mon, 4 Jul 2022 22:03:39 +0000 (18:03 -0400)]
use print xlat for double-quoted strings
"foo%{Bar}"
produces "foo" plus the *printable* version of &Bar
"foo" + (string) &Bar
produces "foo" pluse &Bar *cast* to a string.
Both are useful.
Alan T. DeKok [Mon, 4 Jul 2022 22:03:09 +0000 (18:03 -0400)]
add "print" xlat, which produces a printable string
using double-escaping rules when we have tainted inputs
Alan T. DeKok [Mon, 4 Jul 2022 22:02:14 +0000 (18:02 -0400)]
quote data type, to be clear that it's a data type
Alan T. DeKok [Mon, 4 Jul 2022 18:59:25 +0000 (14:59 -0400)]
always escape 'octets' in fr_value_box_print()
fr_value_box_list_aprint() calls fr_value_box_print() to print
normal types. And fr_value_box_print() prints 'octets' as hex
base16.
However, fr_value_box_list_aprint() calls
fr_value_box_list_concat_as_string() for 'group' types, and
that function just copies 'octets' to the output string. Which
results in non-grouped 'octets' being printed as hex, and grouped
'octets' bring printed as binary.
the solution is to update fr_value_box_print() to enforce hex/octets
printing of 'octets'
At the same time, update the escaping logic so that if the octets
string is tainted, OR there are escaping rules, we just escape
the raw octets value. The previous code printed it as hex, and
then escaped that, which doesn't make much sense.
Alan T. DeKok [Mon, 4 Jul 2022 18:54:26 +0000 (14:54 -0400)]
resepct cast in tmpl_eval_pair_virtual(), too
github-actions[bot] [Sun, 3 Jul 2022 09:41:43 +0000 (09:41 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Sun, 3 Jul 2022 09:41:40 +0000 (09:41 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Sun, 3 Jul 2022 09:41:37 +0000 (09:41 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Sun, 3 Jul 2022 09:41:34 +0000 (09:41 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Sun, 3 Jul 2022 09:41:31 +0000 (09:41 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar