]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
2 years agoAvoid what coverity calls "downcasting" (CID #1542293) (#5170)
James Jones [Thu, 28 Sep 2023 16:30:16 +0000 (11:30 -0500)] 
Avoid what coverity calls "downcasting" (CID #1542293) (#5170)

packet->data is a uint8_t * formerly cast to dhcp_packet_t const *
to be passed to fr_dhcpv4_packet_get_option(). dhcp_packet_t is
more strictly aligned than uint8_t, so coverity considers this a
"tainted_data_downcast" and infers that the pointed-at data is
tainted.

To avoid the issue, the talloc_memdup() result is assigned first
to a dhcp_packet_t * to pass to fr_dhcpv4_packet_get_option(),
and cast to (uint8_t *) to assign to packet->data.

2 years agoPlacate coverity CID #1542424, #152423, #152422) (#5168)
James Jones [Thu, 28 Sep 2023 16:29:07 +0000 (11:29 -0500)] 
Placate coverity CID #1542424, #152423, #152422) (#5168)

Currently, three functions mark requests as fake. That involves
calling fr_pair_value_from_str() with the string being "127.0.0.1".
Coverity notices that fr_pair_value_from_str() returns a value
that isn't checked.

 * setup_fake_request() nominally returns an int, but it always
   returns zero, and no caller actuallly checks its return value.
 * The other functions, chbind_process() and eap_fast_eap_payload(),
   return fr_radius_packet_code_t, and it's not clear which
   fr_radius_packet_code_t makes sense in this case.

So... we cast the fr_pair_value_from_str() calls to void.

2 years agoFix od_mschap_auth() call in rlm_mschap (#5192)
Jorge Pereira [Thu, 28 Sep 2023 16:20:13 +0000 (13:20 -0300)] 
Fix od_mschap_auth() call in rlm_mschap (#5192)

When build against the OSX

2 years agoadd, document, and test filtering operators
Alan T. DeKok [Thu, 28 Sep 2023 14:49:56 +0000 (10:49 -0400)] 
add, document, and test filtering operators

2 years agoallow multiple local variables to be defined
Alan T. DeKok [Thu, 28 Sep 2023 12:36:28 +0000 (08:36 -0400)] 
allow multiple local variables to be defined

2 years agodon't smash operator before printing it in error message
Alan T. DeKok [Thu, 28 Sep 2023 12:33:04 +0000 (08:33 -0400)] 
don't smash operator before printing it in error message

2 years agoremove policies which aren't really correct
Alan T. DeKok [Thu, 28 Sep 2023 02:32:51 +0000 (22:32 -0400)] 
remove policies which aren't really correct

they use old %C.%c, instead of just relying on the new fr_time_t
and fr_time_delta_t

2 years agotest function call inside of function argument
Alan T. DeKok [Wed, 27 Sep 2023 23:45:47 +0000 (19:45 -0400)] 
test function call inside of function argument

2 years agoadd test for condition / edit of %func(args)
Alan T. DeKok [Wed, 27 Sep 2023 23:42:47 +0000 (19:42 -0400)] 
add test for condition / edit of %func(args)

2 years agouse input ctx, as output value-box may be on the stack
Alan T. DeKok [Wed, 27 Sep 2023 23:42:30 +0000 (19:42 -0400)] 
use input ctx, as output value-box may be on the stack

2 years agonote new function syntax
Alan T. DeKok [Wed, 27 Sep 2023 20:08:40 +0000 (16:08 -0400)] 
note new function syntax

2 years agofix debugging error message
Alan T. DeKok [Wed, 27 Sep 2023 20:01:57 +0000 (16:01 -0400)] 
fix debugging error message

2 years agobe more careful about one-letter expansions
Alan T. DeKok [Wed, 27 Sep 2023 19:56:32 +0000 (15:56 -0400)] 
be more careful about one-letter expansions

2 years agodon't allow registrations of one-letter overlaps with %Y etc.
Alan T. DeKok [Wed, 27 Sep 2023 18:58:28 +0000 (14:58 -0400)] 
don't allow registrations of one-letter overlaps with %Y etc.

2 years agoalways support new function syntax
Alan T. DeKok [Wed, 27 Sep 2023 18:52:05 +0000 (14:52 -0400)] 
always support new function syntax

and put in hacks to allow %Y to work.

2 years agomake new function parsing work
Alan T. DeKok [Wed, 27 Sep 2023 17:36:58 +0000 (13:36 -0400)] 
make new function parsing work

%foo(bar, baz)

Something something miracle.

2 years ago$INCLUDE does not yet support file globbing
Alan T. DeKok [Wed, 27 Sep 2023 15:04:36 +0000 (11:04 -0400)] 
$INCLUDE does not yet support file globbing

2 years agoshut up compiler
Alan T. DeKok [Wed, 27 Sep 2023 15:00:53 +0000 (11:00 -0400)] 
shut up compiler

2 years agomove process $INCLUDE to its own function
Alan T. DeKok [Wed, 27 Sep 2023 14:51:11 +0000 (10:51 -0400)] 
move process $INCLUDE to its own function

2 years agomove testing code to totp.c
Alan T. DeKok [Wed, 27 Sep 2023 13:49:55 +0000 (09:49 -0400)] 
move testing code to totp.c

2 years agoMake rlm_totp use the API in libfreeradius-totp
Alan T. DeKok [Wed, 27 Sep 2023 13:26:04 +0000 (09:26 -0400)] 
Make rlm_totp use the API in libfreeradius-totp

and do some more cleanups

2 years agoAdd TOTP functionality in libfreeradius-totp.a
Jorge Pereira [Thu, 14 Sep 2023 01:09:02 +0000 (22:09 -0300)] 
Add TOTP functionality in libfreeradius-totp.a

And add it to the packages

2 years agoHoist TOTP attribute out of Password
Jorge Pereira [Thu, 14 Sep 2023 00:58:24 +0000 (21:58 -0300)] 
Hoist TOTP attribute out of Password

until we clean up some other dictionary things.

2 years agototp: Add scripts/totp/totp-gen.py sample
Jorge Pereira [Thu, 14 Sep 2023 03:19:28 +0000 (00:19 -0300)] 
totp: Add scripts/totp/totp-gen.py sample

It's helpful to validate rlm_totp in realtime.

2 years agototp: Add Antora documentation
Jorge Pereira [Thu, 14 Sep 2023 01:06:56 +0000 (22:06 -0300)] 
totp: Add Antora documentation

2 years agototp: Update raddb/mods-available/totp
Jorge Pereira [Thu, 14 Sep 2023 01:03:18 +0000 (22:03 -0300)] 
totp: Update raddb/mods-available/totp

* Update mods-available/totp to new asciidoc markup
* Fix the attributes

2 years agomove to v4 API for base32 functionality
Alan T. DeKok [Wed, 27 Sep 2023 12:44:26 +0000 (08:44 -0400)] 
move to v4 API for base32 functionality

2 years agoPort new features and documentation from v3.2
Jorge Pereira [Wed, 6 Sep 2023 20:40:09 +0000 (17:40 -0300)] 
Port new features and documentation from v3.2

2 years agorename variable and clean up debug output
Alan T. DeKok [Tue, 26 Sep 2023 22:10:41 +0000 (18:10 -0400)] 
rename variable and clean up debug output

so that we show both the input string, and the unescaped string

2 years agomove check for brace to calling function
Alan T. DeKok [Tue, 26 Sep 2023 20:23:01 +0000 (16:23 -0400)] 
move check for brace to calling function

so xlat_tokenize_input() does not need to do it.

2 years agoDon't free node on error. The error label already does this
Alan T. DeKok [Tue, 26 Sep 2023 20:22:30 +0000 (16:22 -0400)] 
Don't free node on error.  The error label already does this

2 years agorearrange xlat_tokenize_input() as part of rearchitecture
Alan T. DeKok [Tue, 26 Sep 2023 20:09:54 +0000 (16:09 -0400)] 
rearrange xlat_tokenize_input() as part of rearchitecture

2 years agosingle-quoted strings are constant
Alan T. DeKok [Tue, 26 Sep 2023 19:47:32 +0000 (15:47 -0400)] 
single-quoted strings are constant

2 years agorename function in preparation for cleanup
Alan T. DeKok [Tue, 26 Sep 2023 19:05:42 +0000 (15:05 -0400)] 
rename function in preparation for cleanup

xlat_tokenize_string() in fact does not tokenize quoted strings.
There are multiple other places which parse quoted strings.  That
code needs to be unified.

2 years agodebug output should not un-escape the input.
Alan T. DeKok [Tue, 26 Sep 2023 18:19:25 +0000 (14:19 -0400)] 
debug output should not un-escape the input.

When we're trying to debug xlats, the output text should show
exactly what is being parsed.

2 years agoDocumentation for things helps rather a lot.
Alan T. DeKok [Tue, 26 Sep 2023 18:17:16 +0000 (14:17 -0400)] 
Documentation for things helps rather a lot.

2 years agopoint to the global.d/ directory for more information.
Alan T. DeKok [Tue, 26 Sep 2023 18:06:22 +0000 (14:06 -0400)] 
point to the global.d/ directory for more information.

2 years agoRevert "document path configuration. Fixes #5190"
Alan T. DeKok [Tue, 26 Sep 2023 18:02:24 +0000 (14:02 -0400)] 
Revert "document path configuration.  Fixes #5190"

This reverts commit 907f8f8a35962fdd60f6c1d9eede3dc7e5a855c2.

2 years agostart of rearrangement
Alan T. DeKok [Tue, 26 Sep 2023 13:38:38 +0000 (09:38 -0400)] 
start of rearrangement

and t_rules may be NULL

2 years agoenforce correct names on function registrations
Alan T. DeKok [Tue, 26 Sep 2023 13:11:14 +0000 (09:11 -0400)] 
enforce correct names on function registrations

2 years agomove release to after the marker is used
Alan T. DeKok [Tue, 26 Sep 2023 13:11:00 +0000 (09:11 -0400)] 
move release to after the marker is used

2 years agodocument path configuration. Fixes #5190
Alan T. DeKok [Tue, 26 Sep 2023 12:50:09 +0000 (08:50 -0400)] 
document path configuration.  Fixes #5190

2 years agostart of %func()
Alan T. DeKok [Mon, 25 Sep 2023 21:40:05 +0000 (17:40 -0400)] 
start of %func()

2 years agomove to local variables, and away from Tmp-*
Alan T. DeKok [Mon, 25 Sep 2023 21:19:36 +0000 (17:19 -0400)] 
move to local variables, and away from Tmp-*

2 years agowhitespace
Alan T. DeKok [Mon, 25 Sep 2023 21:19:21 +0000 (17:19 -0400)] 
whitespace

2 years agoRemove remaining use of tacacs policy
Nick Porter [Tue, 26 Sep 2023 07:34:20 +0000 (08:34 +0100)] 
Remove remaining use of tacacs policy

All modules needed for TACACS authentication are now protocol agnostic.

2 years agoUse a call_env in rlm_mschap
Nick Porter [Thu, 31 Aug 2023 21:07:16 +0000 (22:07 +0100)] 
Use a call_env in rlm_mschap

2 years agotypo
James Jones [Mon, 25 Sep 2023 19:33:39 +0000 (14:33 -0500)] 
typo

2 years agomore text on what has changed, and what is changing
Alan T. DeKok [Mon, 25 Sep 2023 18:43:12 +0000 (14:43 -0400)] 
more text on what has changed, and what is changing

2 years agoremove debugging stuff
Alan T. DeKok [Mon, 25 Sep 2023 16:57:55 +0000 (12:57 -0400)] 
remove debugging stuff

2 years agoNo need for extra escaping now
Nick Porter [Fri, 22 Sep 2023 12:27:34 +0000 (13:27 +0100)] 
No need for extra escaping now

The `program` option is always parsed as T_BACK_QUOTED_STRING

2 years agoUse call_env for rlm_exec
Nick Porter [Wed, 13 Sep 2023 15:08:02 +0000 (16:08 +0100)] 
Use call_env for rlm_exec

2 years agoAllow call_env to force quoting when parsing tmpls
Nick Porter [Wed, 13 Sep 2023 15:06:43 +0000 (16:06 +0100)] 
Allow call_env to force quoting when parsing tmpls

2 years agoWhitespace
Nick Porter [Wed, 13 Sep 2023 12:59:59 +0000 (13:59 +0100)] 
Whitespace

2 years agotypo
Alan T. DeKok [Mon, 25 Sep 2023 13:30:23 +0000 (09:30 -0400)] 
typo

2 years agomore notes on what doesn't work in v4
Alan T. DeKok [Mon, 25 Sep 2023 13:29:01 +0000 (09:29 -0400)] 
more notes on what doesn't work in v4

2 years agodocument new dictionary section
Alan T. DeKok [Mon, 25 Sep 2023 12:29:17 +0000 (08:29 -0400)] 
document new dictionary section

2 years agoallow for values too
Alan T. DeKok [Mon, 25 Sep 2023 12:21:31 +0000 (08:21 -0400)] 
allow for values too

this isn't quite a duplicate of the dictionary code, as it allows
the "local" dictionaries to be included with the virtual server.

We can always define a new configuration entry:

filename = ...

which loads dictionary entries from the given filename.

However, that SHOULD have a number of limitations:

* only DEFINE is allowed.  No ATTRIBUTE or PROTO
  The user shouldn't be tracking numbers

* no struct / vendor / vsa data types

* allow VALUEs

At some point in the future, we may allow server-specific _protocol_
attributes.  But that would require updating the encoders to look
for dictionaries by number, and not by cached fr_dict_t

2 years agoPlacate clang scan
Nick Porter [Mon, 25 Sep 2023 08:18:18 +0000 (09:18 +0100)] 
Placate clang scan

2 years agodelete all matchine local variables
Alan T. DeKok [Mon, 25 Sep 2023 00:23:31 +0000 (20:23 -0400)] 
delete all matchine local variables

they can be created in any order, so we can't rely on just checking
the tail

2 years agodictionaries in virtual servers are internal, but not local
Alan T. DeKok [Mon, 25 Sep 2023 00:21:34 +0000 (20:21 -0400)] 
dictionaries in virtual servers are internal, but not local

2 years agostupid compiler
Alan T. DeKok [Mon, 25 Sep 2023 00:21:15 +0000 (20:21 -0400)] 
stupid compiler

2 years agoallow local dictionaries to define TLVs
Alan T. DeKok [Sun, 24 Sep 2023 23:49:09 +0000 (19:49 -0400)] 
allow local dictionaries to define TLVs

2 years agoallow TLVs for local dictionary definitions
Alan T. DeKok [Sun, 24 Sep 2023 23:48:01 +0000 (19:48 -0400)] 
allow TLVs for local dictionary definitions

2 years agoallow local varibles to be structured (e.g. tlv)
Alan T. DeKok [Sun, 24 Sep 2023 23:47:36 +0000 (19:47 -0400)] 
allow local varibles to be structured (e.g. tlv)

2 years agoallow local variables in case, but not in switch
Alan T. DeKok [Sun, 24 Sep 2023 14:31:46 +0000 (10:31 -0400)] 
allow local variables in case, but not in switch

2 years agostupid compiler doesn't catch issues
Alan T. DeKok [Sun, 24 Sep 2023 14:14:17 +0000 (10:14 -0400)] 
stupid compiler doesn't catch issues

2 years agowhitespace
Alan T. DeKok [Sun, 24 Sep 2023 13:59:15 +0000 (09:59 -0400)] 
whitespace

2 years agolocal dictionaries. too
Alan T. DeKok [Sun, 24 Sep 2023 13:58:53 +0000 (09:58 -0400)] 
local dictionaries. too

2 years agoif we have local dict, look up next by name, too
Alan T. DeKok [Sun, 24 Sep 2023 13:49:55 +0000 (09:49 -0400)] 
if we have local dict, look up next by name, too

2 years agomark up local dictionaries as local
Alan T. DeKok [Sun, 24 Sep 2023 13:49:24 +0000 (09:49 -0400)] 
mark up local dictionaries as local

and try harder to avoid number overlaps

2 years agotest that local variables can be expanded
Alan T. DeKok [Sun, 24 Sep 2023 13:45:45 +0000 (09:45 -0400)] 
test that local variables can be expanded

2 years agoadd fr_dict_t to the top-level CONF_SECTION
Alan T. DeKok [Sun, 24 Sep 2023 12:32:42 +0000 (08:32 -0400)] 
add fr_dict_t to the top-level CONF_SECTION

2 years agodon't use update, and do use local variables
Alan T. DeKok [Sun, 24 Sep 2023 12:04:51 +0000 (08:04 -0400)] 
don't use update, and do use local variables

2 years agoword smithing
Alan T. DeKok [Sat, 23 Sep 2023 13:30:53 +0000 (09:30 -0400)] 
word smithing

2 years agopretty much all of this is done
Alan T. DeKok [Sat, 23 Sep 2023 13:29:35 +0000 (09:29 -0400)] 
pretty much all of this is done

2 years agoFix Antora examples to not use update
Jorge Pereira [Sat, 23 Sep 2023 01:02:32 +0000 (22:02 -0300)] 
Fix Antora examples to not use update

2 years agooops. Let's delete typos
Alan T. DeKok [Sat, 23 Sep 2023 12:09:35 +0000 (08:09 -0400)] 
oops.  Let's delete typos

2 years agocreate local variable list, and put local variables into it
Alan T. DeKok [Sat, 23 Sep 2023 11:55:45 +0000 (07:55 -0400)] 
create local variable list, and put local variables into it

2 years agodocumentation for local variables
Alan T. DeKok [Mon, 28 Nov 2022 20:05:19 +0000 (15:05 -0500)] 
documentation for local variables

2 years agobrute-force delete local variables when leaving scope
Alan T. DeKok [Thu, 21 Sep 2023 21:51:00 +0000 (17:51 -0400)] 
brute-force delete local variables when leaving scope

we will later move them to their own list, which will help a lot.

2 years agoadd function to iterate over only the leaf nodes
Alan T. DeKok [Thu, 21 Sep 2023 18:06:12 +0000 (14:06 -0400)] 
add function to iterate over only the leaf nodes

so that python, perl, detail, etc. can still work with "flat"
things

2 years agoensure frame->retry doesn't leave a dangling pointer
Alan T. DeKok [Wed, 20 Sep 2023 21:07:37 +0000 (17:07 -0400)] 
ensure frame->retry doesn't leave a dangling pointer

2 years agomaps cannot have local variables
Alan T. DeKok [Wed, 20 Sep 2023 21:05:03 +0000 (17:05 -0400)] 
maps cannot have local variables

because the underlying map doesn't deal well with them :(

2 years agoenforce locations for local variables, and use correct t_rules
Alan T. DeKok [Wed, 20 Sep 2023 21:04:13 +0000 (17:04 -0400)] 
enforce locations for local variables, and use correct t_rules

2 years agoadd and use unlang_interpret_push_children()
Alan T. DeKok [Wed, 20 Sep 2023 20:51:14 +0000 (16:51 -0400)] 
add and use unlang_interpret_push_children()

which pushes the children of the current frame.  This wrapper
function simplifies a bunch of keyword code.

subrequest does not use this, as it pushes another frame
before pushing the children.  Perhaps that should instead be a
resume function?

2 years agomake sure that the section with local variables is run
Alan T. DeKok [Wed, 20 Sep 2023 20:46:04 +0000 (16:46 -0400)] 
make sure that the section with local variables is run

2 years agocannot delete local variables
Alan T. DeKok [Wed, 20 Sep 2023 19:45:44 +0000 (15:45 -0400)] 
cannot delete local variables

2 years agomove variables to unlang_group_t
Alan T. DeKok [Fri, 9 Dec 2022 19:30:44 +0000 (14:30 -0500)] 
move variables to unlang_group_t

so that they can all be defined when the group is entered, and
cleaned up when the group leaves.

This also allows the variables to be used in statements such as
"switch" or "load-balance"

2 years agoadd "local" flag to attributes and glue into tmpl parser
Alan T. DeKok [Mon, 28 Nov 2022 00:23:10 +0000 (19:23 -0500)] 
add "local" flag to attributes and glue into tmpl parser

they current are put into the request list, due to the tmpl
code not supporting PAIR_LIST_ROOT.  As the PAIR_LIST will be
going away soon

2 years agoDetermine number of workers if value is set to zero
Arran Cudbard-Bell [Sat, 23 Sep 2023 04:02:31 +0000 (00:02 -0400)] 
Determine number of workers if value is set to zero

2 years agoci: Check nested attributes are created correctly from LDAP attriubtes
Nick Porter [Fri, 22 Sep 2023 15:14:33 +0000 (16:14 +0100)] 
ci: Check nested attributes are created correctly from LDAP attriubtes

2 years agoUse map_to_request in place of map_to_vp to handle nested attributes
Nick Porter [Fri, 22 Sep 2023 15:13:40 +0000 (16:13 +0100)] 
Use map_to_request in place of map_to_vp to handle nested attributes

This allows for nested attributes to be handled in the rlm_ldap module
update map such that

update {
&control += "radiusControlAttribute"
}

with a directory entry containting

radiusControlAttribute: Vendor-Specific.Cisco.AVPair += 'foo=bar'

will result in the correct nested structure being built.

2 years agoHandle possilble snprintf value truncation
Nick Porter [Fri, 22 Sep 2023 14:44:59 +0000 (15:44 +0100)] 
Handle possilble snprintf value truncation

2 years agoci: Use different data in each LDAP user profile
Nick Porter [Fri, 22 Sep 2023 12:59:27 +0000 (13:59 +0100)] 
ci: Use different data in each LDAP user profile

So we are sure the right thing happened

2 years agoldap: Add debug level 3 summary of search results
Nick Porter [Fri, 22 Sep 2023 12:34:37 +0000 (13:34 +0100)] 
ldap: Add debug level 3 summary of search results

2 years agoTainted data doesn't work here
Nick Porter [Fri, 22 Sep 2023 09:19:36 +0000 (10:19 +0100)] 
Tainted data doesn't work here

- the escape function expects a URI, not just a DN
- escaping cn= makes cn\3d - so the DN becomes invalid

2 years agoPrint errors when LDAP URI fails to escape
Nick Porter [Fri, 22 Sep 2023 09:08:05 +0000 (10:08 +0100)] 
Print errors when LDAP URI fails to escape

2 years agoxlat: Switch base64 functions to final form
Arran Cudbard-Bell [Thu, 21 Sep 2023 20:31:37 +0000 (16:31 -0400)] 
xlat: Switch base64 functions to final form

2 years agoAdd exec test which uses xlat function in its arguments
Nick Porter [Thu, 21 Sep 2023 11:10:00 +0000 (12:10 +0100)] 
Add exec test which uses xlat function in its arguments