]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
2 years agoBootstrap xlats produced when parsing TMPL_TYPE_EXEC tmpls
Nick Porter [Thu, 21 Sep 2023 11:07:48 +0000 (12:07 +0100)] 
Bootstrap xlats produced when parsing TMPL_TYPE_EXEC tmpls

2 years agoBetter comment for LDAP profile xlat
Nick Porter [Thu, 21 Sep 2023 16:30:39 +0000 (17:30 +0100)] 
Better comment for LDAP profile xlat

2 years agoRe-enable ldap_sync tests and improve error reporting
Nick Porter [Thu, 21 Sep 2023 09:33:02 +0000 (10:33 +0100)] 
Re-enable ldap_sync tests and improve error reporting

2 years agoCorrect expansion of LDAP attributes
Nick Porter [Thu, 21 Sep 2023 08:29:14 +0000 (09:29 +0100)] 
Correct expansion of LDAP attributes

2 years agoldap: Fix process the generic attribute in profiles
Arran Cudbard-Bell [Wed, 20 Sep 2023 23:17:45 +0000 (19:17 -0400)] 
ldap: Fix process the generic attribute in profiles

2 years agoAdd radiusProfileSuspendedDN
Arran Cudbard-Bell [Wed, 20 Sep 2023 19:06:26 +0000 (15:06 -0400)] 
Add radiusProfileSuspendedDN

2 years agouse the correct list
Alan T. DeKok [Wed, 20 Sep 2023 00:47:37 +0000 (20:47 -0400)] 
use the correct list

2 years agodon't write to buffer we're reading from
Alan T. DeKok [Wed, 20 Sep 2023 00:25:33 +0000 (20:25 -0400)] 
don't write to buffer we're reading from

2 years ago"original" CONF_PAIR always exists
Alan T. DeKok [Wed, 20 Sep 2023 00:19:45 +0000 (20:19 -0400)] 
"original" CONF_PAIR always exists

2 years agoaddress more corner cases as caught by the keyword tests
Alan T. DeKok [Tue, 19 Sep 2023 22:01:52 +0000 (18:01 -0400)] 
address more corner cases as caught by the keyword tests

2 years agofix rewrite_update and add debug
Alan T. DeKok [Tue, 19 Sep 2023 20:42:46 +0000 (16:42 -0400)] 
fix rewrite_update and add debug

we likely need more tests for rewrite_update.

But it now prints out in debug mode how to convert from an "update"
entry to an edit section.

2 years agonote that RHS of edits can now be expressions
Alan T. DeKok [Tue, 19 Sep 2023 20:42:08 +0000 (16:42 -0400)] 
note that RHS of edits can now be expressions

2 years agoword smithing
Alan T. DeKok [Tue, 19 Sep 2023 20:41:22 +0000 (16:41 -0400)] 
word smithing

2 years agocatch nested attributes accidentally being added to the top-level list
Alan T. DeKok [Tue, 19 Sep 2023 12:39:58 +0000 (08:39 -0400)] 
catch nested attributes accidentally being added to the top-level list

2 years agoenforce parent / child relationships for structural pairs
Alan T. DeKok [Tue, 19 Sep 2023 12:20:55 +0000 (08:20 -0400)] 
enforce parent / child relationships for structural pairs

so that if we have nested TLVs, the children have to go into the
parent, subject to some limitations.

This requirement helps to enforce correct structure.

Note that children can still go into "internal" group attributes,
which means that they can still go into the top-level request list.

This isn't ideal, but it's not clear how to fix that without also
breaking it for control and session-state

2 years agotypo
Alan T. DeKok [Mon, 18 Sep 2023 21:02:00 +0000 (17:02 -0400)] 
typo

2 years agoonce again remove tmpl_tokenize_all_nested
Alan T. DeKok [Mon, 18 Sep 2023 20:58:29 +0000 (16:58 -0400)] 
once again remove tmpl_tokenize_all_nested

2 years agoforce tmpl_tokenize_all_nested
Alan T. DeKok [Mon, 18 Sep 2023 16:59:20 +0000 (12:59 -0400)] 
force tmpl_tokenize_all_nested

2 years agoenable tmpl_tokenize_all_nested for all module tests
Alan T. DeKok [Mon, 18 Sep 2023 13:05:22 +0000 (09:05 -0400)] 
enable tmpl_tokenize_all_nested for all module tests

2 years agouse nesting when creating SQL pairs
Alan T. DeKok [Mon, 18 Sep 2023 12:32:24 +0000 (08:32 -0400)] 
use nesting when creating SQL pairs

2 years agomore migrations. Only SQL is left
Alan T. DeKok [Mon, 18 Sep 2023 11:46:17 +0000 (07:46 -0400)] 
more migrations. Only SQL is left

2 years agoadd more migrations
Alan T. DeKok [Mon, 18 Sep 2023 00:39:58 +0000 (20:39 -0400)] 
add more migrations

2 years agomore migration for modules
Alan T. DeKok [Mon, 18 Sep 2023 00:23:46 +0000 (20:23 -0400)] 
more migration for modules

2 years agoframework for per-module migration flags
Alan T. DeKok [Sun, 17 Sep 2023 21:55:57 +0000 (17:55 -0400)] 
framework for per-module migration flags

2 years agoRevert "force tmpl_tokenize_all_nested"
Alan T. DeKok [Sun, 17 Sep 2023 21:50:51 +0000 (17:50 -0400)] 
Revert "force tmpl_tokenize_all_nested"

This reverts commit 5dc2aac671c609dbfc36ec19cddbec357c5a4c5f.

Well, no.  Too late on a weekend.

2 years agoRevert "remove tmpl_tokenize_all_nested"
Alan T. DeKok [Sun, 17 Sep 2023 21:37:52 +0000 (17:37 -0400)] 
Revert "remove tmpl_tokenize_all_nested"

This reverts commit 861c6a07630b4b6c32bcbc4994b07803e0ed84a8.

let's see if this causes CI to pass?

2 years agotypo
Alan T. DeKok [Sun, 17 Sep 2023 21:13:35 +0000 (17:13 -0400)] 
typo

2 years agotry to created nested VPs
Alan T. DeKok [Sun, 17 Sep 2023 20:18:48 +0000 (16:18 -0400)] 
try to created nested VPs

This likely won't work perfectly due to the fact that converting
attrs to Perl doesn't do nesting properly.

2 years agodisable Perl tests until such time as it creates nested attrs
Alan T. DeKok [Sun, 17 Sep 2023 20:16:26 +0000 (16:16 -0400)] 
disable Perl tests until such time as it creates nested attrs

2 years agoremove tmpl_tokenize_all_nested
Alan T. DeKok [Sun, 17 Sep 2023 19:57:03 +0000 (15:57 -0400)] 
remove tmpl_tokenize_all_nested

2 years agoforce tmpl_tokenize_all_nested
Alan T. DeKok [Sun, 17 Sep 2023 16:55:47 +0000 (12:55 -0400)] 
force tmpl_tokenize_all_nested

2 years agoupdate to use correct syntax for -=
Alan T. DeKok [Sun, 17 Sep 2023 14:38:57 +0000 (10:38 -0400)] 
update to use correct syntax for -=

2 years agobe a bit smarter about it
Alan T. DeKok [Sun, 17 Sep 2023 14:29:13 +0000 (10:29 -0400)] 
be a bit smarter about it

2 years agorelax test a bit
Alan T. DeKok [Sun, 17 Sep 2023 14:23:11 +0000 (10:23 -0400)] 
relax test a bit

2 years agoremove assertion
Alan T. DeKok [Sun, 17 Sep 2023 13:57:38 +0000 (09:57 -0400)] 
remove assertion

memdup_shallow() is sometimes called with non-talloc'd memory

in some cases the calls are wrong, and this causes a later assert
in the verify functions.  In other cases, the calls are correct.

2 years agocatch corner case for -=
Alan T. DeKok [Sun, 17 Sep 2023 13:46:41 +0000 (09:46 -0400)] 
catch corner case for -=

&control -= {
&Password.Cleartext == 'oracle01' # ERROR
 }

the edit code doesn't do this correctly (yet).  Add a test case
which catches it and complains, instead of dogn the wrong thing.
It's also not clear what is meant by the above.  Do we need to
delete &Password, too?

2 years agouse correct escaping
Alan T. DeKok [Sun, 17 Sep 2023 13:26:26 +0000 (09:26 -0400)] 
use correct escaping

now that we've fixed fr_asprint() in commit b10640, and the
escaping in 41193841eb, this test also needs fixing.  In order to
pass \' to a shell which takes a string in ' quotes, the config
file string must use one layer of escaping for FR, and a second
layer of escaping for the shell.

this issue highlights the fact that we likely need a "q" operator
ala Perl.

2 years agotemporarily stop ldap_sync until the failing test is fixed
Alan T. DeKok [Sun, 17 Sep 2023 12:59:36 +0000 (08:59 -0400)] 
temporarily stop ldap_sync until the failing test is fixed

2 years agomanually redo commit 0c6d48394867e2d2
Alan T. DeKok [Sat, 16 Sep 2023 19:40:16 +0000 (15:40 -0400)] 
manually redo commit 0c6d48394867e2d2

gettoken() parses the RHS of a CONF_PAIR, but that function only
unescapes the \", and doesn't unescape anything else.  Therefore
we do the unescaping here.

2 years agofr_asprint() takes a quotation 'char', not a fr_token_t
Alan T. DeKok [Sat, 16 Sep 2023 17:55:57 +0000 (13:55 -0400)] 
fr_asprint() takes a quotation 'char', not a fr_token_t

2 years agoallow T_HASH for edit sections. See map_afrom_cp()
Alan T. DeKok [Sat, 16 Sep 2023 15:15:04 +0000 (11:15 -0400)] 
allow T_HASH for edit sections.  See map_afrom_cp()

2 years agoAnnotate fr_nbo_to_uint{16,24}() at function level
James Jones [Fri, 15 Sep 2023 19:21:05 +0000 (14:21 -0500)] 
Annotate fr_nbo_to_uint{16,24}() at function level

CIDs: #1419883, #1520415, #1503954, #14516665, #1519002

This should keep coverity from tainting the pointer to data
being converted to host order.

2 years agocheck return codes to quiet static analyzer
Alan T. DeKok [Sat, 16 Sep 2023 01:25:39 +0000 (21:25 -0400)] 
check return codes to quiet static analyzer

2 years agoforce tmpl_tokenize_all_nested here, too
Alan T. DeKok [Fri, 15 Sep 2023 17:51:14 +0000 (13:51 -0400)] 
force tmpl_tokenize_all_nested here, too

2 years agoensure that the buffers are talloc'd
Alan T. DeKok [Fri, 15 Sep 2023 17:36:45 +0000 (13:36 -0400)] 
ensure that the buffers are talloc'd

the memdup_shallow() call will just assign the ptr to the
value-box.  But the added talloc_get_name() fails, because the
ptr isn't talloced.

2 years agomove legacy function to the only place which uses it
Alan T. DeKok [Fri, 15 Sep 2023 16:41:36 +0000 (12:41 -0400)] 
move legacy function to the only place which uses it

2 years agoremove legacy print nested, and old "unflatten" code
Alan T. DeKok [Fri, 15 Sep 2023 16:37:29 +0000 (12:37 -0400)] 
remove legacy print nested, and old "unflatten" code

2 years agoAttempt to ignore spurios LeakSanitizer fatal errors
Nick Porter [Fri, 15 Sep 2023 13:20:24 +0000 (14:20 +0100)] 
Attempt to ignore spurios LeakSanitizer fatal errors

2 years agoPlacate coverity with excessive buffer_len (CID #1503922, #1503986)
James Jones [Thu, 14 Sep 2023 19:06:59 +0000 (14:06 -0500)] 
Placate coverity with excessive buffer_len (CID #1503922, #1503986)

open_buffer_as_file() is a wrapper aound the fmemopen() function.
The example shown on fmemopen()'s man page passes a string as buffer
and strlen(<string>) as length, and open_buffer_as_file() calls did the
same thing--but coverity gives it an alloc_strlen defect with the
comment "allocating insufficient memory for the terminating null of
the string".

At least one other project using coverity and calling fmemopen()
in conformity with "man fmemopen" also gets this defect and ended
up passing strlen(<string>) + 1 to deal with it. Making the analogous
change here passes tests and should quiet coverity.

2 years agostart removing "update"
Alan T. DeKok [Fri, 15 Sep 2023 12:52:01 +0000 (08:52 -0400)] 
start removing "update"

2 years agonote "please don't use %{expr:..}"
Alan T. DeKok [Fri, 15 Sep 2023 12:44:25 +0000 (08:44 -0400)] 
note "please don't use %{expr:..}"

2 years agoadd in-line expressions with add
Alan T. DeKok [Fri, 15 Sep 2023 12:38:12 +0000 (08:38 -0400)] 
add in-line expressions with add

2 years agoclean up handling of Acct-Delay-Time
Alan T. DeKok [Fri, 15 Sep 2023 12:33:51 +0000 (08:33 -0400)] 
clean up handling of Acct-Delay-Time

use new edit expressions, and check for sane Event-Timestamp

2 years agodecode unknown extended VSAs as nested
Alan T. DeKok [Fri, 15 Sep 2023 11:01:00 +0000 (07:01 -0400)] 
decode unknown extended VSAs as nested

2 years agodecode WiMAX as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:25:34 +0000 (15:25 -0400)] 
decode WiMAX as nested

2 years agodecode RADIUS structs as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:11:39 +0000 (15:11 -0400)] 
decode RADIUS structs as nested

2 years agodecode extended VSAs as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:06:08 +0000 (15:06 -0400)] 
decode extended VSAs as nested

2 years agoremove migrate command
Alan T. DeKok [Thu, 14 Sep 2023 18:47:04 +0000 (14:47 -0400)] 
remove migrate command

we no longer use it for anything.

2 years agoalways decode RADIUS VSAs as nested
Alan T. DeKok [Thu, 14 Sep 2023 13:58:54 +0000 (09:58 -0400)] 
always decode RADIUS VSAs as nested

not sure why this wasn't done before.  But now we're happy.

2 years agomore comments on antora and asciidoc
Alan T. DeKok [Thu, 14 Sep 2023 13:49:40 +0000 (09:49 -0400)] 
more comments on antora and asciidoc

2 years agono need for macro, just rename the struct fields
Alan T. DeKok [Thu, 14 Sep 2023 13:27:21 +0000 (09:27 -0400)] 
no need for macro, just rename the struct fields

2 years agoallow raw.Vendor-Specific = 0xabcdef
Alan T. DeKok [Thu, 14 Sep 2023 12:08:52 +0000 (08:08 -0400)] 
allow raw.Vendor-Specific = 0xabcdef

which parses it as a Vendor-Specific, then sees the 0x..., and
converts it to type 'octets'.

Note that the attribute MUST already be marked up as "raw"

2 years agoset a default type size and length for unknown attributes
Alan T. DeKok [Thu, 14 Sep 2023 00:44:54 +0000 (20:44 -0400)] 
set a default type size and length for unknown attributes

Which lets us create unknown vendors

2 years agodon't print nested if parent is key field
Alan T. DeKok [Thu, 14 Sep 2023 00:44:25 +0000 (20:44 -0400)] 
don't print nested if parent is key field

2 years agomake arp always decode as nested
Alan T. DeKok [Wed, 13 Sep 2023 22:52:15 +0000 (18:52 -0400)] 
make arp always decode as nested

2 years agoremove pair_legacy_nested
Alan T. DeKok [Wed, 13 Sep 2023 22:49:12 +0000 (18:49 -0400)] 
remove pair_legacy_nested

2 years agoFix small leak in rlm_pap load (#5176)
Jorge Pereira [Thu, 14 Sep 2023 02:18:53 +0000 (23:18 -0300)] 
Fix small leak in rlm_pap load (#5176)

2 years agoremove flatten / unflatten APIs
Alan T. DeKok [Wed, 13 Sep 2023 22:43:36 +0000 (18:43 -0400)] 
remove flatten / unflatten APIs

2 years agoremove "flatten" migration flags
Alan T. DeKok [Wed, 13 Sep 2023 22:40:11 +0000 (18:40 -0400)] 
remove "flatten" migration flags

2 years agoalways create Net attributes as nested
Alan T. DeKok [Wed, 13 Sep 2023 22:33:15 +0000 (18:33 -0400)] 
always create Net attributes as nested

2 years agoforce all nested
Alan T. DeKok [Wed, 13 Sep 2023 19:53:08 +0000 (15:53 -0400)] 
force all nested

2 years agoignore structural types
Alan T. DeKok [Wed, 13 Sep 2023 19:30:34 +0000 (15:30 -0400)] 
ignore structural types

2 years agodon't print nested types to environment variables
Alan T. DeKok [Wed, 13 Sep 2023 19:15:17 +0000 (15:15 -0400)] 
don't print nested types to environment variables

2 years agoswap migration flag to always true
Alan T. DeKok [Wed, 13 Sep 2023 18:08:00 +0000 (14:08 -0400)] 
swap migration flag to always true

2 years agoadd fr_pair_delete_by_da_nested()
Alan T. DeKok [Wed, 13 Sep 2023 16:49:16 +0000 (12:49 -0400)] 
add fr_pair_delete_by_da_nested()

and use it in server macros.  This change allows the uses of
pair_delete_request() etc. to work properly with nested attributes

2 years agominor cleanups for EAP attributes and rearrangements
Alan T. DeKok [Wed, 13 Sep 2023 16:47:21 +0000 (12:47 -0400)] 
minor cleanups for EAP attributes and rearrangements

2 years agomake EAP decode nested pairs
Alan T. DeKok [Wed, 13 Sep 2023 14:03:02 +0000 (10:03 -0400)] 
make EAP decode nested pairs

2 years agoHandle empty lists.
Alan T. DeKok [Wed, 13 Sep 2023 14:02:06 +0000 (10:02 -0400)] 
Handle empty lists.

Don't recurse, as that drops a literal \0 in the middle of the
output.  And also adds two spaces between the brackets.

2 years agothe EAP tests depend on libfreeradius-eap-aka-sim
Alan T. DeKok [Wed, 13 Sep 2023 12:09:46 +0000 (08:09 -0400)] 
the EAP tests depend on libfreeradius-eap-aka-sim

not libfreeradius-eap

2 years agoexplicitly encode all of the suboptions
Alan T. DeKok [Tue, 12 Sep 2023 21:11:40 +0000 (17:11 -0400)] 
explicitly encode all of the suboptions

We may want to revisit the behavior of &foo.[*].  Does it mean
only that level, or all children?

2 years agoallow EAP-AKA-SIM to encode nested pairs.
Alan T. DeKok [Tue, 12 Sep 2023 20:57:48 +0000 (16:57 -0400)] 
allow EAP-AKA-SIM to encode nested pairs.

The decoder is still not done.  That's next.

2 years agofix error.
Alan T. DeKok [Tue, 12 Sep 2023 20:38:04 +0000 (16:38 -0400)] 
fix error.

It would be nice if OSX decided to rebuild things when code changed.

2 years agoremove unused assignment
Alan T. DeKok [Tue, 12 Sep 2023 20:28:36 +0000 (16:28 -0400)] 
remove unused assignment

2 years agojust look at the dict, instead of calling common ancestor
Alan T. DeKok [Tue, 12 Sep 2023 18:21:06 +0000 (14:21 -0400)] 
just look at the dict, instead of calling common ancestor

because if we check for a common ancestor between a da and the
dict root, we're just checking if the da is in the dict.

2 years agominor tweaks, and link into the main nav bar
Alan T. DeKok [Tue, 12 Sep 2023 18:14:21 +0000 (14:14 -0400)] 
minor tweaks, and link into the main nav bar

2 years agoAdd coverity overview to developer documentation
James Jones [Fri, 8 Sep 2023 19:25:55 +0000 (14:25 -0500)] 
Add coverity overview to developer documentation

2 years agoSet pair list verified on initialization (true) and append (false)
James Jones [Tue, 12 Sep 2023 15:23:10 +0000 (10:23 -0500)] 
Set pair list verified on initialization (true) and append (false)

CIDs: #1544620 through #1544624

2 years agoadd and use fr_pair_dcursor_child_iter_init()
Alan T. DeKok [Tue, 12 Sep 2023 18:02:26 +0000 (14:02 -0400)] 
add and use fr_pair_dcursor_child_iter_init()

all of the encoders previously just called fr_pair_dcursor_init()
for child cursors.  Which meant that the iterator could return
internal attributes.

The child cursor now uses the same iterator as the parent cursor.
This ensures that it only returns the correct encodable attributes
for this protocol.

2 years agoNDEBUG...
Alan T. DeKok [Tue, 12 Sep 2023 15:00:46 +0000 (11:00 -0400)] 
NDEBUG...

2 years agoadd UNUSED
Alan T. DeKok [Tue, 12 Sep 2023 14:57:32 +0000 (10:57 -0400)] 
add UNUSED

2 years agofix RADIUS for nested attribute encoding
Alan T. DeKok [Tue, 12 Sep 2023 12:53:03 +0000 (08:53 -0400)] 
fix RADIUS for nested attribute encoding

the main difference is that we fix encode_extended() to correctly
handle nesting, and update the tests.  As a side effect, the
encode_extended() function now always requires nesting, and if
passed flat extended attributes, will return an encoding error.

We also fix up the fr_pair_cursor_to_network() function to remove
the flat vs nested hacks.  It now always expects nesting.

We also fix up fr_struct_to_network() to always expect nesting
for the trailing TLV in a struct.

2 years agohoist encode_cursor() function to common API
Alan T. DeKok [Mon, 11 Sep 2023 18:59:14 +0000 (14:59 -0400)] 
hoist encode_cursor() function to common API

2 years agounify function prototypes
Alan T. DeKok [Mon, 11 Sep 2023 18:38:48 +0000 (14:38 -0400)] 
unify function prototypes

2 years agoadd RFC 7710
Alan T. DeKok [Mon, 11 Sep 2023 10:31:56 +0000 (06:31 -0400)] 
add RFC 7710

2 years agotrust the dcursor, and don't check for flags.internal
Alan T. DeKok [Mon, 11 Sep 2023 10:23:21 +0000 (06:23 -0400)] 
trust the dcursor, and don't check for flags.internal

2 years agoallow for raw members of a struct
Alan T. DeKok [Mon, 11 Sep 2023 10:11:45 +0000 (06:11 -0400)] 
allow for raw members of a struct

which can only occur when the raw VP is a direct child of the
parent struct.

2 years agoreformat
Alan T. DeKok [Mon, 11 Sep 2023 09:37:09 +0000 (05:37 -0400)] 
reformat

2 years agojust use tabs function instead of hand-rolling things
Alan T. DeKok [Mon, 11 Sep 2023 09:36:47 +0000 (05:36 -0400)] 
just use tabs function instead of hand-rolling things

2 years agocomment out assertion check
Alan T. DeKok [Mon, 11 Sep 2023 00:20:57 +0000 (20:20 -0400)] 
comment out assertion check

because it fails for update sections, where the vp being deleted
isn't parented from the list!

If we add the migration flags

-S rewrite_update=yes -S tmpl_tokenize_all_nested=yes

then the test passes.  We'll leave these checks disabled until
we either find and fix the issue (if we care) or until we enable
everything nested.

2 years agoadd / clear verified flag to pair lists
Alan T. DeKok [Sun, 10 Sep 2023 23:59:35 +0000 (19:59 -0400)] 
add / clear verified flag to pair lists

so that we avoid slowdowns with repeated recursion