]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
James Jones [Thu, 28 Sep 2023 16:30:16 +0000 (11:30 -0500)]
Avoid what coverity calls "downcasting" (CID #
1542293 ) (#5170)
packet->data is a uint8_t * formerly cast to dhcp_packet_t const *
to be passed to fr_dhcpv4_packet_get_option(). dhcp_packet_t is
more strictly aligned than uint8_t, so coverity considers this a
"tainted_data_downcast" and infers that the pointed-at data is
tainted.
To avoid the issue, the talloc_memdup() result is assigned first
to a dhcp_packet_t * to pass to fr_dhcpv4_packet_get_option(),
and cast to (uint8_t *) to assign to packet->data.
James Jones [Thu, 28 Sep 2023 16:29:07 +0000 (11:29 -0500)]
Placate coverity CID #
1542424 , #152423, #152422) (#5168)
Currently, three functions mark requests as fake. That involves
calling fr_pair_value_from_str() with the string being "127.0.0.1".
Coverity notices that fr_pair_value_from_str() returns a value
that isn't checked.
* setup_fake_request() nominally returns an int, but it always
returns zero, and no caller actuallly checks its return value.
* The other functions, chbind_process() and eap_fast_eap_payload(),
return fr_radius_packet_code_t, and it's not clear which
fr_radius_packet_code_t makes sense in this case.
So... we cast the fr_pair_value_from_str() calls to void.
Jorge Pereira [Thu, 28 Sep 2023 16:20:13 +0000 (13:20 -0300)]
Fix od_mschap_auth() call in rlm_mschap (#5192)
When build against the OSX
Alan T. DeKok [Thu, 28 Sep 2023 14:49:56 +0000 (10:49 -0400)]
add, document, and test filtering operators
Alan T. DeKok [Thu, 28 Sep 2023 12:36:28 +0000 (08:36 -0400)]
allow multiple local variables to be defined
Alan T. DeKok [Thu, 28 Sep 2023 12:33:04 +0000 (08:33 -0400)]
don't smash operator before printing it in error message
Alan T. DeKok [Thu, 28 Sep 2023 02:32:51 +0000 (22:32 -0400)]
remove policies which aren't really correct
they use old %C.%c, instead of just relying on the new fr_time_t
and fr_time_delta_t
Alan T. DeKok [Wed, 27 Sep 2023 23:45:47 +0000 (19:45 -0400)]
test function call inside of function argument
Alan T. DeKok [Wed, 27 Sep 2023 23:42:47 +0000 (19:42 -0400)]
add test for condition / edit of %func(args)
Alan T. DeKok [Wed, 27 Sep 2023 23:42:30 +0000 (19:42 -0400)]
use input ctx, as output value-box may be on the stack
Alan T. DeKok [Wed, 27 Sep 2023 20:08:40 +0000 (16:08 -0400)]
note new function syntax
Alan T. DeKok [Wed, 27 Sep 2023 20:01:57 +0000 (16:01 -0400)]
fix debugging error message
Alan T. DeKok [Wed, 27 Sep 2023 19:56:32 +0000 (15:56 -0400)]
be more careful about one-letter expansions
Alan T. DeKok [Wed, 27 Sep 2023 18:58:28 +0000 (14:58 -0400)]
don't allow registrations of one-letter overlaps with %Y etc.
Alan T. DeKok [Wed, 27 Sep 2023 18:52:05 +0000 (14:52 -0400)]
always support new function syntax
and put in hacks to allow %Y to work.
Alan T. DeKok [Wed, 27 Sep 2023 17:36:58 +0000 (13:36 -0400)]
make new function parsing work
%foo(bar, baz)
Something something miracle.
Alan T. DeKok [Wed, 27 Sep 2023 15:04:36 +0000 (11:04 -0400)]
$INCLUDE does not yet support file globbing
Alan T. DeKok [Wed, 27 Sep 2023 15:00:53 +0000 (11:00 -0400)]
shut up compiler
Alan T. DeKok [Wed, 27 Sep 2023 14:51:11 +0000 (10:51 -0400)]
move process $INCLUDE to its own function
Alan T. DeKok [Wed, 27 Sep 2023 13:49:55 +0000 (09:49 -0400)]
move testing code to totp.c
Alan T. DeKok [Wed, 27 Sep 2023 13:26:04 +0000 (09:26 -0400)]
Make rlm_totp use the API in libfreeradius-totp
and do some more cleanups
Jorge Pereira [Thu, 14 Sep 2023 01:09:02 +0000 (22:09 -0300)]
Add TOTP functionality in libfreeradius-totp.a
And add it to the packages
Jorge Pereira [Thu, 14 Sep 2023 00:58:24 +0000 (21:58 -0300)]
Hoist TOTP attribute out of Password
until we clean up some other dictionary things.
Jorge Pereira [Thu, 14 Sep 2023 03:19:28 +0000 (00:19 -0300)]
totp: Add scripts/totp/totp-gen.py sample
It's helpful to validate rlm_totp in realtime.
Jorge Pereira [Thu, 14 Sep 2023 01:06:56 +0000 (22:06 -0300)]
totp: Add Antora documentation
Jorge Pereira [Thu, 14 Sep 2023 01:03:18 +0000 (22:03 -0300)]
totp: Update raddb/mods-available/totp
* Update mods-available/totp to new asciidoc markup
* Fix the attributes
Alan T. DeKok [Wed, 27 Sep 2023 12:44:26 +0000 (08:44 -0400)]
move to v4 API for base32 functionality
Jorge Pereira [Wed, 6 Sep 2023 20:40:09 +0000 (17:40 -0300)]
Port new features and documentation from v3.2
Alan T. DeKok [Tue, 26 Sep 2023 22:10:41 +0000 (18:10 -0400)]
rename variable and clean up debug output
so that we show both the input string, and the unescaped string
Alan T. DeKok [Tue, 26 Sep 2023 20:23:01 +0000 (16:23 -0400)]
move check for brace to calling function
so xlat_tokenize_input() does not need to do it.
Alan T. DeKok [Tue, 26 Sep 2023 20:22:30 +0000 (16:22 -0400)]
Don't free node on error. The error label already does this
Alan T. DeKok [Tue, 26 Sep 2023 20:09:54 +0000 (16:09 -0400)]
rearrange xlat_tokenize_input() as part of rearchitecture
Alan T. DeKok [Tue, 26 Sep 2023 19:47:32 +0000 (15:47 -0400)]
single-quoted strings are constant
Alan T. DeKok [Tue, 26 Sep 2023 19:05:42 +0000 (15:05 -0400)]
rename function in preparation for cleanup
xlat_tokenize_string() in fact does not tokenize quoted strings.
There are multiple other places which parse quoted strings. That
code needs to be unified.
Alan T. DeKok [Tue, 26 Sep 2023 18:19:25 +0000 (14:19 -0400)]
debug output should not un-escape the input.
When we're trying to debug xlats, the output text should show
exactly what is being parsed.
Alan T. DeKok [Tue, 26 Sep 2023 18:17:16 +0000 (14:17 -0400)]
Documentation for things helps rather a lot.
Alan T. DeKok [Tue, 26 Sep 2023 18:06:22 +0000 (14:06 -0400)]
point to the global.d/ directory for more information.
Alan T. DeKok [Tue, 26 Sep 2023 18:02:24 +0000 (14:02 -0400)]
Revert "document path configuration. Fixes #5190"
This reverts commit
907f8f8a35962fdd60f6c1d9eede3dc7e5a855c2 .
Alan T. DeKok [Tue, 26 Sep 2023 13:38:38 +0000 (09:38 -0400)]
start of rearrangement
and t_rules may be NULL
Alan T. DeKok [Tue, 26 Sep 2023 13:11:14 +0000 (09:11 -0400)]
enforce correct names on function registrations
Alan T. DeKok [Tue, 26 Sep 2023 13:11:00 +0000 (09:11 -0400)]
move release to after the marker is used
Alan T. DeKok [Tue, 26 Sep 2023 12:50:09 +0000 (08:50 -0400)]
document path configuration. Fixes #5190
Alan T. DeKok [Mon, 25 Sep 2023 21:40:05 +0000 (17:40 -0400)]
start of %func()
Alan T. DeKok [Mon, 25 Sep 2023 21:19:36 +0000 (17:19 -0400)]
move to local variables, and away from Tmp-*
Alan T. DeKok [Mon, 25 Sep 2023 21:19:21 +0000 (17:19 -0400)]
whitespace
Nick Porter [Tue, 26 Sep 2023 07:34:20 +0000 (08:34 +0100)]
Remove remaining use of tacacs policy
All modules needed for TACACS authentication are now protocol agnostic.
Nick Porter [Thu, 31 Aug 2023 21:07:16 +0000 (22:07 +0100)]
Use a call_env in rlm_mschap
James Jones [Mon, 25 Sep 2023 19:33:39 +0000 (14:33 -0500)]
typo
Alan T. DeKok [Mon, 25 Sep 2023 18:43:12 +0000 (14:43 -0400)]
more text on what has changed, and what is changing
Alan T. DeKok [Mon, 25 Sep 2023 16:57:55 +0000 (12:57 -0400)]
remove debugging stuff
Nick Porter [Fri, 22 Sep 2023 12:27:34 +0000 (13:27 +0100)]
No need for extra escaping now
The `program` option is always parsed as T_BACK_QUOTED_STRING
Nick Porter [Wed, 13 Sep 2023 15:08:02 +0000 (16:08 +0100)]
Use call_env for rlm_exec
Nick Porter [Wed, 13 Sep 2023 15:06:43 +0000 (16:06 +0100)]
Allow call_env to force quoting when parsing tmpls
Nick Porter [Wed, 13 Sep 2023 12:59:59 +0000 (13:59 +0100)]
Whitespace
Alan T. DeKok [Mon, 25 Sep 2023 13:30:23 +0000 (09:30 -0400)]
typo
Alan T. DeKok [Mon, 25 Sep 2023 13:29:01 +0000 (09:29 -0400)]
more notes on what doesn't work in v4
Alan T. DeKok [Mon, 25 Sep 2023 12:29:17 +0000 (08:29 -0400)]
document new dictionary section
Alan T. DeKok [Mon, 25 Sep 2023 12:21:31 +0000 (08:21 -0400)]
allow for values too
this isn't quite a duplicate of the dictionary code, as it allows
the "local" dictionaries to be included with the virtual server.
We can always define a new configuration entry:
filename = ...
which loads dictionary entries from the given filename.
However, that SHOULD have a number of limitations:
* only DEFINE is allowed. No ATTRIBUTE or PROTO
The user shouldn't be tracking numbers
* no struct / vendor / vsa data types
* allow VALUEs
At some point in the future, we may allow server-specific _protocol_
attributes. But that would require updating the encoders to look
for dictionaries by number, and not by cached fr_dict_t
Nick Porter [Mon, 25 Sep 2023 08:18:18 +0000 (09:18 +0100)]
Placate clang scan
Alan T. DeKok [Mon, 25 Sep 2023 00:23:31 +0000 (20:23 -0400)]
delete all matchine local variables
they can be created in any order, so we can't rely on just checking
the tail
Alan T. DeKok [Mon, 25 Sep 2023 00:21:34 +0000 (20:21 -0400)]
dictionaries in virtual servers are internal, but not local
Alan T. DeKok [Mon, 25 Sep 2023 00:21:15 +0000 (20:21 -0400)]
stupid compiler
Alan T. DeKok [Sun, 24 Sep 2023 23:49:09 +0000 (19:49 -0400)]
allow local dictionaries to define TLVs
Alan T. DeKok [Sun, 24 Sep 2023 23:48:01 +0000 (19:48 -0400)]
allow TLVs for local dictionary definitions
Alan T. DeKok [Sun, 24 Sep 2023 23:47:36 +0000 (19:47 -0400)]
allow local varibles to be structured (e.g. tlv)
Alan T. DeKok [Sun, 24 Sep 2023 14:31:46 +0000 (10:31 -0400)]
allow local variables in case, but not in switch
Alan T. DeKok [Sun, 24 Sep 2023 14:14:17 +0000 (10:14 -0400)]
stupid compiler doesn't catch issues
Alan T. DeKok [Sun, 24 Sep 2023 13:59:15 +0000 (09:59 -0400)]
whitespace
Alan T. DeKok [Sun, 24 Sep 2023 13:58:53 +0000 (09:58 -0400)]
local dictionaries. too
Alan T. DeKok [Sun, 24 Sep 2023 13:49:55 +0000 (09:49 -0400)]
if we have local dict, look up next by name, too
Alan T. DeKok [Sun, 24 Sep 2023 13:49:24 +0000 (09:49 -0400)]
mark up local dictionaries as local
and try harder to avoid number overlaps
Alan T. DeKok [Sun, 24 Sep 2023 13:45:45 +0000 (09:45 -0400)]
test that local variables can be expanded
Alan T. DeKok [Sun, 24 Sep 2023 12:32:42 +0000 (08:32 -0400)]
add fr_dict_t to the top-level CONF_SECTION
Alan T. DeKok [Sun, 24 Sep 2023 12:04:51 +0000 (08:04 -0400)]
don't use update, and do use local variables
Alan T. DeKok [Sat, 23 Sep 2023 13:30:53 +0000 (09:30 -0400)]
word smithing
Alan T. DeKok [Sat, 23 Sep 2023 13:29:35 +0000 (09:29 -0400)]
pretty much all of this is done
Jorge Pereira [Sat, 23 Sep 2023 01:02:32 +0000 (22:02 -0300)]
Fix Antora examples to not use update
Alan T. DeKok [Sat, 23 Sep 2023 12:09:35 +0000 (08:09 -0400)]
oops. Let's delete typos
Alan T. DeKok [Sat, 23 Sep 2023 11:55:45 +0000 (07:55 -0400)]
create local variable list, and put local variables into it
Alan T. DeKok [Mon, 28 Nov 2022 20:05:19 +0000 (15:05 -0500)]
documentation for local variables
Alan T. DeKok [Thu, 21 Sep 2023 21:51:00 +0000 (17:51 -0400)]
brute-force delete local variables when leaving scope
we will later move them to their own list, which will help a lot.
Alan T. DeKok [Thu, 21 Sep 2023 18:06:12 +0000 (14:06 -0400)]
add function to iterate over only the leaf nodes
so that python, perl, detail, etc. can still work with "flat"
things
Alan T. DeKok [Wed, 20 Sep 2023 21:07:37 +0000 (17:07 -0400)]
ensure frame->retry doesn't leave a dangling pointer
Alan T. DeKok [Wed, 20 Sep 2023 21:05:03 +0000 (17:05 -0400)]
maps cannot have local variables
because the underlying map doesn't deal well with them :(
Alan T. DeKok [Wed, 20 Sep 2023 21:04:13 +0000 (17:04 -0400)]
enforce locations for local variables, and use correct t_rules
Alan T. DeKok [Wed, 20 Sep 2023 20:51:14 +0000 (16:51 -0400)]
add and use unlang_interpret_push_children()
which pushes the children of the current frame. This wrapper
function simplifies a bunch of keyword code.
subrequest does not use this, as it pushes another frame
before pushing the children. Perhaps that should instead be a
resume function?
Alan T. DeKok [Wed, 20 Sep 2023 20:46:04 +0000 (16:46 -0400)]
make sure that the section with local variables is run
Alan T. DeKok [Wed, 20 Sep 2023 19:45:44 +0000 (15:45 -0400)]
cannot delete local variables
Alan T. DeKok [Fri, 9 Dec 2022 19:30:44 +0000 (14:30 -0500)]
move variables to unlang_group_t
so that they can all be defined when the group is entered, and
cleaned up when the group leaves.
This also allows the variables to be used in statements such as
"switch" or "load-balance"
Alan T. DeKok [Mon, 28 Nov 2022 00:23:10 +0000 (19:23 -0500)]
add "local" flag to attributes and glue into tmpl parser
they current are put into the request list, due to the tmpl
code not supporting PAIR_LIST_ROOT. As the PAIR_LIST will be
going away soon
Arran Cudbard-Bell [Sat, 23 Sep 2023 04:02:31 +0000 (00:02 -0400)]
Determine number of workers if value is set to zero
Nick Porter [Fri, 22 Sep 2023 15:14:33 +0000 (16:14 +0100)]
ci: Check nested attributes are created correctly from LDAP attriubtes
Nick Porter [Fri, 22 Sep 2023 15:13:40 +0000 (16:13 +0100)]
Use map_to_request in place of map_to_vp to handle nested attributes
This allows for nested attributes to be handled in the rlm_ldap module
update map such that
update {
&control += "radiusControlAttribute"
}
with a directory entry containting
radiusControlAttribute: Vendor-Specific.Cisco.AVPair += 'foo=bar'
will result in the correct nested structure being built.
Nick Porter [Fri, 22 Sep 2023 14:44:59 +0000 (15:44 +0100)]
Handle possilble snprintf value truncation
Nick Porter [Fri, 22 Sep 2023 12:59:27 +0000 (13:59 +0100)]
ci: Use different data in each LDAP user profile
So we are sure the right thing happened
Nick Porter [Fri, 22 Sep 2023 12:34:37 +0000 (13:34 +0100)]
ldap: Add debug level 3 summary of search results
Nick Porter [Fri, 22 Sep 2023 09:19:36 +0000 (10:19 +0100)]
Tainted data doesn't work here
- the escape function expects a URI, not just a DN
- escaping cn= makes cn\3d - so the DN becomes invalid
Nick Porter [Fri, 22 Sep 2023 09:08:05 +0000 (10:08 +0100)]
Print errors when LDAP URI fails to escape
Arran Cudbard-Bell [Thu, 21 Sep 2023 20:31:37 +0000 (16:31 -0400)]
xlat: Switch base64 functions to final form
Nick Porter [Thu, 21 Sep 2023 11:10:00 +0000 (12:10 +0100)]
Add exec test which uses xlat function in its arguments