]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
2 years agotypos and word smithing
Alan T. DeKok [Fri, 25 Aug 2023 11:55:39 +0000 (07:55 -0400)] 
typos and word smithing

2 years agobe nice to people
Alan T. DeKok [Fri, 25 Aug 2023 11:55:28 +0000 (07:55 -0400)] 
be nice to people

2 years agocreate proper nested ctx
Alan T. DeKok [Fri, 25 Aug 2023 11:44:28 +0000 (07:44 -0400)] 
create proper nested ctx

2 years agoNo need for an intermediary variable
Nick Porter [Fri, 25 Aug 2023 08:47:35 +0000 (09:47 +0100)] 
No need for an intermediary variable

2 years agoAlways use expanded "if" condition
Nick Porter [Thu, 24 Aug 2023 18:54:07 +0000 (19:54 +0100)] 
Always use expanded "if" condition

Makes debug output correct when variables are referenced in conditions.

2 years agoadd missing return
Alan T. DeKok [Thu, 24 Aug 2023 21:09:38 +0000 (17:09 -0400)] 
add missing return

I wish to write an "Ode to C compilers".  It will be composed
moslty of curse words.

2 years agoit helps to define the group attribute
Alan T. DeKok [Thu, 24 Aug 2023 20:28:47 +0000 (16:28 -0400)] 
it helps to define the group attribute

as paircmp no longer does that for us

2 years agoconvert Unix-Group to xlat
Alan T. DeKok [Thu, 24 Aug 2023 20:20:35 +0000 (16:20 -0400)] 
convert Unix-Group to xlat

2 years agopass in correct value
Alan T. DeKok [Thu, 24 Aug 2023 19:57:55 +0000 (15:57 -0400)] 
pass in correct value

Why won't the local compiler complain?

2 years agoremove old paircmp, and update docs to match
Alan T. DeKok [Thu, 24 Aug 2023 19:06:34 +0000 (15:06 -0400)] 
remove old paircmp, and update docs to match

2 years agouse real names for counter start / end
Alan T. DeKok [Thu, 24 Aug 2023 18:57:37 +0000 (14:57 -0400)] 
use real names for counter start / end

2 years agoconvert horrific %b and %e to real attributes
Alan T. DeKok [Thu, 24 Aug 2023 18:46:24 +0000 (14:46 -0400)] 
convert horrific %b and %e to real attributes

2 years agotypo
Alan T. DeKok [Thu, 24 Aug 2023 18:33:24 +0000 (14:33 -0400)] 
typo

2 years agoadd and document cache_groups
Alan T. DeKok [Thu, 24 Aug 2023 15:25:55 +0000 (11:25 -0400)] 
add and document cache_groups

2 years agoremove paircmp() callback for SQL-Group
Alan T. DeKok [Thu, 24 Aug 2023 14:35:12 +0000 (10:35 -0400)] 
remove paircmp() callback for SQL-Group

2 years agoFix remaining uninitialized scalar values (CID #1503958, #1504020) (#5150)
James Jones [Thu, 24 Aug 2023 15:26:25 +0000 (10:26 -0500)] 
Fix remaining uninitialized scalar values (CID #1503958, #1504020) (#5150)

The latter issue was interesting; the dbuff is set to use ether.addr,
but fr_value_box_ethernet_addr() is passed &ether, which looks like
it will put random garbage in the value box until you notice that
the address is the only member of the type. We'll see whether coverity
considers (fr_ethernet_t * const) fr_dbuff_start(&dbuff) a dangerous
downcast (whatever that means in C) and still complains. I hope not,
because the only reason that comes to mind for it is alignment issues,
which shouldn't happen here.

2 years agoChange fr_vlog_perror() behavior in what might be an edge case (#5153)
James Jones [Thu, 24 Aug 2023 15:25:42 +0000 (10:25 -0500)] 
Change fr_vlog_perror() behavior in what might be an edge case (#5153)

As things stand, if the error stack is non-empty and fmt is null,
the copy of f_rules->first_prefix to sbuff won't make any
difference.

2 years agoTest LDAP xlat and map using ldapi:// scheme
Nick Porter [Thu, 24 Aug 2023 13:50:56 +0000 (14:50 +0100)] 
Test LDAP xlat and map using ldapi:// scheme

2 years agoUse ldap_url_desc2str to canonify LDAP host URI
Nick Porter [Thu, 24 Aug 2023 13:42:57 +0000 (14:42 +0100)] 
Use ldap_url_desc2str to canonify LDAP host URI

Gives consistent host URI strings for looking up trunk connections.

Also appears to catch some invalid URIs which ldap_url_parse does not -
e.g. ldap://%2Ftmp%2fldap/...

2 years agoAdd LDAP test using ldapi:// scheme
Nick Porter [Thu, 24 Aug 2023 13:22:19 +0000 (14:22 +0100)] 
Add LDAP test using ldapi:// scheme

2 years agoSet LDAP servers start to 0 in tests
Nick Porter [Thu, 24 Aug 2023 13:04:38 +0000 (14:04 +0100)] 
Set LDAP servers start to 0 in tests

Reduces noise in logs as only the relevant server connection starts

2 years agoAdd LDAP test using SASL for user auth binds
Nick Porter [Thu, 24 Aug 2023 12:57:48 +0000 (13:57 +0100)] 
Add LDAP test using SASL for user auth binds

2 years agoldap_debug is no longer in module config
Nick Porter [Thu, 24 Aug 2023 10:54:03 +0000 (11:54 +0100)] 
ldap_debug is no longer in module config

2 years agoCorrectly parent value boxes when concatenating
Nick Porter [Thu, 24 Aug 2023 10:53:30 +0000 (11:53 +0100)] 
Correctly parent value boxes when concatenating

2 years agoCorrectly escape LDAP uri in map
Nick Porter [Thu, 24 Aug 2023 10:44:53 +0000 (11:44 +0100)] 
Correctly escape LDAP uri in map

2 years agoTidy up
Nick Porter [Thu, 24 Aug 2023 10:33:46 +0000 (11:33 +0100)] 
Tidy up

2 years agoAdd regex to allow ldapi:// peercred admin binds in tests
Nick Porter [Thu, 24 Aug 2023 10:23:36 +0000 (11:23 +0100)] 
Add regex to allow ldapi:// peercred admin binds in tests

2 years agoAllow Symas LDAP packages for test server and add ldapi:// listener
Nick Porter [Thu, 24 Aug 2023 10:22:45 +0000 (11:22 +0100)] 
Allow Symas LDAP packages for test server and add ldapi:// listener

2 years agoRework LDAP xlat timeout / cancel callbacks
Nick Porter [Wed, 23 Aug 2023 18:34:08 +0000 (19:34 +0100)] 
Rework LDAP xlat timeout / cancel callbacks

To handle the case where the request has returned but the query has not
yet resumed.

In this case there is no outstanding request to cancel.

2 years agoUse boolean enum in ldap group membership xlat
Nick Porter [Wed, 23 Aug 2023 18:28:57 +0000 (19:28 +0100)] 
Use boolean enum in ldap group membership xlat

To be consistent with SQL group membership xlat

2 years agoRename fr_dhcv4_raw_packet_recv() as fr_dhcpv4_raw_packet_recv()
James Jones [Wed, 23 Aug 2023 18:50:32 +0000 (13:50 -0500)] 
Rename fr_dhcv4_raw_packet_recv() as fr_dhcpv4_raw_packet_recv()

2 years agoCorrect tests where xlat outputs boolean
Nick Porter [Wed, 23 Aug 2023 16:26:38 +0000 (17:26 +0100)] 
Correct tests where xlat outputs boolean

2 years agoPay attention to return value of fr_trunk_request_enqueue
Nick Porter [Wed, 23 Aug 2023 15:00:53 +0000 (16:00 +0100)] 
Pay attention to return value of fr_trunk_request_enqueue

2 years agoRe-work failure paths to ensure correct cleanups
Nick Porter [Wed, 23 Aug 2023 15:00:02 +0000 (16:00 +0100)] 
Re-work failure paths to ensure correct cleanups

2 years agotypo
Alan T. DeKok [Wed, 23 Aug 2023 17:43:06 +0000 (13:43 -0400)] 
typo

2 years agowe don't need to rename the SQL-Group attribute
Alan T. DeKok [Wed, 23 Aug 2023 16:56:37 +0000 (12:56 -0400)] 
we don't need to rename the SQL-Group attribute

2 years agothe register function automatically adds our instance name
Alan T. DeKok [Wed, 23 Aug 2023 15:09:08 +0000 (11:09 -0400)] 
the register function automatically adds our instance name

2 years agorespect group_attribute and update it to sql.group
Alan T. DeKok [Wed, 23 Aug 2023 14:23:09 +0000 (10:23 -0400)] 
respect group_attribute and update it to sql.group

2 years agoprint error and fail if registration fails
Alan T. DeKok [Wed, 23 Aug 2023 14:19:24 +0000 (10:19 -0400)] 
print error and fail if registration fails

2 years agoremove logintime module
Alan T. DeKok [Wed, 23 Aug 2023 14:16:09 +0000 (10:16 -0400)] 
remove logintime module

and all references to it, and the attributes it uses

2 years agoadd rule to make adoc file from configuration
Alan T. DeKok [Wed, 23 Aug 2023 14:15:29 +0000 (10:15 -0400)] 
add rule to make adoc file from configuration

2 years agomove SQL-Group ==... to %{sql.group:...}
Alan T. DeKok [Wed, 23 Aug 2023 13:50:57 +0000 (09:50 -0400)] 
move SQL-Group ==... to %{sql.group:...}

2 years agono escaping is done, so we don't need func _or_ uctx
Alan T. DeKok [Wed, 23 Aug 2023 13:12:41 +0000 (09:12 -0400)] 
no escaping is done, so we don't need func _or_ uctx

2 years agoUse a dummy escape function to satisfy xlat arg validation
Nick Porter [Wed, 23 Aug 2023 09:15:25 +0000 (10:15 +0100)] 
Use a dummy escape function to satisfy xlat arg validation

2 years agoadd %{sql.group:name}
Alan T. DeKok [Wed, 23 Aug 2023 01:36:04 +0000 (21:36 -0400)] 
add %{sql.group:name}

to replace SQL-Group == ...

which was misleading because it didn't allow !=, or =~, etc.

2 years agomove group check to stand-alone function
Alan T. DeKok [Wed, 23 Aug 2023 01:18:45 +0000 (21:18 -0400)] 
move group check to stand-alone function

in preparation for adding %{sql.group:name}

2 years agowarn on not removing immutable attribute
Alan T. DeKok [Tue, 22 Aug 2023 19:55:01 +0000 (15:55 -0400)] 
warn on not removing immutable attribute

2 years agoFix missing \n (#5155)
Jorge Pereira [Wed, 23 Aug 2023 01:08:11 +0000 (22:08 -0300)] 
Fix missing \n (#5155)

2 years agoMake the configure scripts work better on macOS
Arran Cudbard-Bell [Tue, 22 Aug 2023 21:46:17 +0000 (15:46 -0600)] 
Make the configure scripts work better on macOS

2 years agocleanups as per unit tests
Alan T. DeKok [Tue, 22 Aug 2023 14:39:10 +0000 (10:39 -0400)] 
cleanups as per unit tests

2 years agoforce these flags, too
Alan T. DeKok [Tue, 22 Aug 2023 14:11:59 +0000 (10:11 -0400)] 
force these flags, too

2 years agodon't sort if the list is already flat.
Alan T. DeKok [Tue, 22 Aug 2023 13:01:55 +0000 (09:01 -0400)] 
don't sort if the list is already flat.

That breaks things due to key fields + child structs

2 years agomake sorting a bit better
Alan T. DeKok [Tue, 22 Aug 2023 12:57:28 +0000 (08:57 -0400)] 
make sorting a bit better

like attributes are now sorted together

2 years agoalso print out offset if the input is long
Alan T. DeKok [Tue, 22 Aug 2023 12:43:48 +0000 (08:43 -0400)] 
also print out offset if the input is long

2 years agoshow which attribute had the issue
Alan T. DeKok [Tue, 22 Aug 2023 12:43:28 +0000 (08:43 -0400)] 
show which attribute had the issue

2 years agoHave struct encoder return the PAIR_ENCODE_FATAL_ERROR constant
Arran Cudbard-Bell [Tue, 22 Aug 2023 02:03:52 +0000 (20:03 -0600)] 
Have struct encoder return the PAIR_ENCODE_FATAL_ERROR constant

2 years agoldap: Typo
Arran Cudbard-Bell [Mon, 21 Aug 2023 23:40:44 +0000 (17:40 -0600)] 
ldap: Typo

2 years agoxlat: Fix xlat alternations that use functions
Arran Cudbard-Bell [Mon, 21 Aug 2023 22:58:16 +0000 (16:58 -0600)] 
xlat: Fix xlat alternations that use functions

2 years agoldap: Print why URI parsing failed
Arran Cudbard-Bell [Thu, 17 Aug 2023 21:17:13 +0000 (15:17 -0600)] 
ldap: Print why URI parsing failed

2 years agolet's make tests pass
Alan T. DeKok [Mon, 21 Aug 2023 22:19:46 +0000 (18:19 -0400)] 
let's make tests pass

2 years ago+= also means "create if it doesn't exist"
Alan T. DeKok [Mon, 21 Aug 2023 21:58:41 +0000 (17:58 -0400)] 
+= also means "create if it doesn't exist"

at least for operations where "+=" is meaningful

We probably want to do something similar for union, merge, etc.
if the LHS doesn't exist.

2 years agoupdate for new behavior of :=
Alan T. DeKok [Mon, 21 Aug 2023 21:37:44 +0000 (17:37 -0400)] 
update for new behavior of :=

2 years agohoist checks to be more consistent
Alan T. DeKok [Mon, 21 Aug 2023 21:19:58 +0000 (17:19 -0400)] 
hoist checks to be more consistent

2 years agoupdate behavior of :=
Alan T. DeKok [Mon, 21 Aug 2023 21:15:19 +0000 (17:15 -0400)] 
update behavior of :=

if RHS expansion fails, it still nukes all of the LHS

2 years agoReassure coverity (CID #1504052) (#5152)
James Jones [Mon, 21 Aug 2023 19:02:21 +0000 (14:02 -0500)] 
Reassure coverity (CID #1504052) (#5152)

Non-group structural type attributes may always have a namespace
hash table, but coverity can't figure that out.

2 years agoforce flatten unless migration flags are set
Alan T. DeKok [Mon, 21 Aug 2023 16:22:39 +0000 (12:22 -0400)] 
force flatten unless migration flags are set

this means we can safely update all of the decoders to create
nested attributes

2 years agoadd flatten migration configuration
Alan T. DeKok [Mon, 21 Aug 2023 16:16:54 +0000 (12:16 -0400)] 
add flatten migration configuration

it turns out "unflatten" is hard, so we need to find a better way
to deal with things

2 years agoprint out more text around mismatch so we can better find it
Alan T. DeKok [Mon, 21 Aug 2023 15:18:45 +0000 (11:18 -0400)] 
print out more text around mismatch so we can better find it

2 years agoadd unflatten_after_encode for test API
Alan T. DeKok [Mon, 21 Aug 2023 15:18:27 +0000 (11:18 -0400)] 
add unflatten_after_encode for test API

2 years agohandle key fields in unflatten
Alan T. DeKok [Mon, 21 Aug 2023 15:17:18 +0000 (11:17 -0400)] 
handle key fields in unflatten

2 years agoif there's no "next", then we don't need a comma
Alan T. DeKok [Mon, 21 Aug 2023 14:41:15 +0000 (10:41 -0400)] 
if there's no "next", then we don't need a comma

2 years agouse correct name
Alan T. DeKok [Mon, 21 Aug 2023 12:38:58 +0000 (08:38 -0400)] 
use correct name

2 years agoclean up and comments
Alan T. DeKok [Mon, 21 Aug 2023 01:06:05 +0000 (21:06 -0400)] 
clean up and comments

2 years agonotes on immutable children of temporary attibutes
Alan T. DeKok [Mon, 21 Aug 2023 00:56:49 +0000 (20:56 -0400)] 
notes on immutable children of temporary attibutes

2 years agoallow operations on list which has some immutable values
Alan T. DeKok [Mon, 21 Aug 2023 00:48:00 +0000 (20:48 -0400)] 
allow operations on list which has some immutable values

2 years agouse vp_ name for immutable field
Alan T. DeKok [Mon, 21 Aug 2023 00:45:31 +0000 (20:45 -0400)] 
use vp_ name for immutable field

2 years agowe can copy immutable values, and the copy is mutable
Alan T. DeKok [Sun, 20 Aug 2023 22:22:05 +0000 (18:22 -0400)] 
we can copy immutable values, and the copy is mutable

2 years agoadd undocumented immutable xlat, and test based on it
Alan T. DeKok [Sun, 20 Aug 2023 15:33:40 +0000 (11:33 -0400)] 
add undocumented immutable xlat, and test based on it

2 years agoadd immutable flag, and check it most places
Alan T. DeKok [Sun, 20 Aug 2023 14:33:52 +0000 (10:33 -0400)] 
add immutable flag, and check it most places

the main purpose of immutable flags is to prevent users from
modifying values that the server wants to keep around.

As a result, the main checks for immutable values are in the
various editing routines:

    src/lib/util/calc.c - cannot store results to immutable leaves
    src/lib/util/edit.c - cannot edit immutable values
  or delete immutable leaves from lists
    src/lib/unlang/edit.c - cannot store to immutable leaves

Many of the internal value box / pair APIs will ignore the
immutable flag, and happily over-write values.  This behavior
is likely good enough for now.  The intention is to stop admins
from doing stupid things, and not to prevent the internal code
from doing what makes sense.

There is currently no flag in structural VPs which says "contains
an immutable child".  The edit code therefore has to check each
time by walking the list recursively.  That's fine for now.

There is as yet no code to set the immutable flag, or unit tests.
The goal is to have the decoders set the immutable flag as necessary,
which means that they don't need to save / restore attributes with
special meaning.

2 years agohoist the secret flag on fr_pair_value_copy() too
Alan T. DeKok [Sun, 20 Aug 2023 13:47:49 +0000 (09:47 -0400)] 
hoist the secret flag on fr_pair_value_copy() too

2 years agocopy tests from keywords/xlat-dhcpv4
Alan T. DeKok [Sat, 19 Aug 2023 14:51:13 +0000 (10:51 -0400)] 
copy tests from keywords/xlat-dhcpv4

2 years agomigrate more tests to new methods
Alan T. DeKok [Sat, 19 Aug 2023 12:57:20 +0000 (08:57 -0400)] 
migrate more tests to new methods

2 years agoremove unused definitions
Alan T. DeKok [Thu, 17 Aug 2023 20:49:24 +0000 (16:49 -0400)] 
remove unused definitions

2 years agoGet rid of remaining unchecked return value (CID #1533664, #1524617)
James Jones [Fri, 18 Aug 2023 13:54:39 +0000 (08:54 -0500)] 
Get rid of remaining unchecked return value (CID #1533664, #1524617)

2 years agoTidy up on connection close
Nick Porter [Thu, 17 Aug 2023 19:10:45 +0000 (20:10 +0100)] 
Tidy up on connection close

2 years agoSwitch from ntohs() to fr_nbo_to_uint16() (CID #1243443)
James Jones [Thu, 17 Aug 2023 19:34:23 +0000 (14:34 -0500)] 
Switch from ntohs() to fr_nbo_to_uint16() (CID #1243443)

Takes advantage of coverity thinking fr_nbo_to_foo() taints
the passed pointer, which here is it's only use, while the
returned value is used several times.

2 years agoCheck returns of [sd]buff write functions (CIDs listed below)
James Jones [Thu, 17 Aug 2023 15:15:17 +0000 (10:15 -0500)] 
Check returns of [sd]buff write functions (CIDs listed below)

CIDs: 16246161524609152461115246181524615

2 years agoRevert "Remove closed connections from the parent's tracking list"
Nick Porter [Thu, 17 Aug 2023 17:13:12 +0000 (18:13 +0100)] 
Revert "Remove closed connections from the parent's tracking list"

This reverts commit bac1129ed8dab05a976fd97cbcd6df98276104ff.

2 years agoRemove closed connections from the parent's tracking list
Nick Porter [Thu, 17 Aug 2023 17:01:14 +0000 (18:01 +0100)] 
Remove closed connections from the parent's tracking list

2 years agovarious coverity fixes
Alan T. DeKok [Thu, 17 Aug 2023 12:46:50 +0000 (08:46 -0400)] 
various coverity fixes

2 years agoallow &leaf += { list }
Alan T. DeKok [Wed, 16 Aug 2023 13:48:41 +0000 (09:48 -0400)] 
allow &leaf += { list }

which applies all of the list to the first found version of "leaf"

2 years agomove "Alive" to dictionary.compat
Alan T. DeKok [Wed, 16 Aug 2023 12:26:05 +0000 (08:26 -0400)] 
move "Alive" to dictionary.compat

it's not defined in any RFC

2 years agorlm_sql_mysql: Formatting
Arran Cudbard-Bell [Thu, 17 Aug 2023 04:47:02 +0000 (22:47 -0600)] 
rlm_sql_mysql: Formatting

2 years agorlm_sql_mysql: Check validity of conn
Arran Cudbard-Bell [Wed, 16 Aug 2023 22:40:41 +0000 (16:40 -0600)] 
rlm_sql_mysql:  Check validity of conn

If conn's magic number is still good, then there's an extremely high chance conn->sock != NULL.  Closes #5144

2 years agoImprove sql_pair_afrom_row() debug output
Jorge Pereira [Tue, 15 Aug 2023 17:25:25 +0000 (14:25 -0300)] 
Improve sql_pair_afrom_row() debug output

It will change the result for:

e.g:

Tue Aug 15 14:24:21 2023: (0) sql - Found row[1]: Acct-Input-Gigawords := 8192

2 years agoUse canonicalized names for Acct-Status-Type
Alan T. DeKok [Tue, 15 Aug 2023 23:56:19 +0000 (19:56 -0400)] 
Use canonicalized names for Acct-Status-Type

Alive is Livingston or maybe Cistron?  It's not in RFC 2059 or
RFC 2139.  RFC 2866 has Interim-Update:

https://www.rfc-editor.org/rfc/rfc2866.html#section-5.1

So we change the "accounting" type to Interim-Update, and add
a unit test which verifies that any attempt to read Alive will
result in the server printing Interim-Update

2 years agoCheck returns (CID #1538387)
James Jones [Fri, 4 Aug 2023 18:56:57 +0000 (13:56 -0500)] 
Check returns (CID #1538387)

Humans can figure out that
        FR_DBUFF_REMAINING_RETURN(&foo, bar);
implies that one can safely write bar bytes to the dbuff foo,
but coverity can't. There's another use, in fr_tacacs_encode(),
but the following operations using the dbuff are checked there.

2 years agoAttempt at a simpler uninit local buffer workaround (CIDs below)
James Jones [Thu, 10 Aug 2023 22:06:27 +0000 (17:06 -0500)] 
Attempt at a simpler uninit local buffer workaround (CIDs below)

CIDs: 150669015066891504436150404115040201503918

This doesn't name the uninitialized local array, but instead
goes via the sbuff/dbuff API to get to the data.

2 years agoradeapol_uat: Add new script for user tests
Jorge Pereira [Thu, 13 Oct 2022 22:06:11 +0000 (19:06 -0300)] 
radeapol_uat: Add new script for user tests

We need something similar to scripts/util/raduat, but instead of using radclient. it needs to be implemented in python calling the eapol_test.

the python one needs to also take an eapol_test config as part of the request
as a separate file like:

"my_peap_test", "my_peap_test_conf", "my_peap_test_expected"

"my_peap_test" contains all the attributes we want to send
"my_peap_test_conf" contains the eapol test config
"my_peap_test_expected' contains the attributes we want to see , and whether it'll be an Access-Accept or Access-Reject

the python script needs to implement something similar to raduat, with how the test files are laid out
it needs to take "my_peap_test", "my_peap_test_conf", and figure out how to pass them to eapol_test (maybe using the radict)

i.e. how to get the attributes out of "my_peap_test" and pass them in a format eapol_test wants
passing the config and when eapol_test finishes, checking to see if the attributes it returned match "my_peap_test_expected"

2 years agoThere's no need to load in the suppressions file
Arran Cudbard-Bell [Tue, 15 Aug 2023 22:48:40 +0000 (16:48 -0600)] 
There's no need to load in the suppressions file