]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
Nick Porter [Thu, 21 Sep 2023 11:07:48 +0000 (12:07 +0100)]
Bootstrap xlats produced when parsing TMPL_TYPE_EXEC tmpls
Nick Porter [Thu, 21 Sep 2023 16:30:39 +0000 (17:30 +0100)]
Better comment for LDAP profile xlat
Nick Porter [Thu, 21 Sep 2023 09:33:02 +0000 (10:33 +0100)]
Re-enable ldap_sync tests and improve error reporting
Nick Porter [Thu, 21 Sep 2023 08:29:14 +0000 (09:29 +0100)]
Correct expansion of LDAP attributes
Arran Cudbard-Bell [Wed, 20 Sep 2023 23:17:45 +0000 (19:17 -0400)]
ldap: Fix process the generic attribute in profiles
Arran Cudbard-Bell [Wed, 20 Sep 2023 19:06:26 +0000 (15:06 -0400)]
Add radiusProfileSuspendedDN
Alan T. DeKok [Wed, 20 Sep 2023 00:47:37 +0000 (20:47 -0400)]
use the correct list
Alan T. DeKok [Wed, 20 Sep 2023 00:25:33 +0000 (20:25 -0400)]
don't write to buffer we're reading from
Alan T. DeKok [Wed, 20 Sep 2023 00:19:45 +0000 (20:19 -0400)]
"original" CONF_PAIR always exists
Alan T. DeKok [Tue, 19 Sep 2023 22:01:52 +0000 (18:01 -0400)]
address more corner cases as caught by the keyword tests
Alan T. DeKok [Tue, 19 Sep 2023 20:42:46 +0000 (16:42 -0400)]
fix rewrite_update and add debug
we likely need more tests for rewrite_update.
But it now prints out in debug mode how to convert from an "update"
entry to an edit section.
Alan T. DeKok [Tue, 19 Sep 2023 20:42:08 +0000 (16:42 -0400)]
note that RHS of edits can now be expressions
Alan T. DeKok [Tue, 19 Sep 2023 20:41:22 +0000 (16:41 -0400)]
word smithing
Alan T. DeKok [Tue, 19 Sep 2023 12:39:58 +0000 (08:39 -0400)]
catch nested attributes accidentally being added to the top-level list
Alan T. DeKok [Tue, 19 Sep 2023 12:20:55 +0000 (08:20 -0400)]
enforce parent / child relationships for structural pairs
so that if we have nested TLVs, the children have to go into the
parent, subject to some limitations.
This requirement helps to enforce correct structure.
Note that children can still go into "internal" group attributes,
which means that they can still go into the top-level request list.
This isn't ideal, but it's not clear how to fix that without also
breaking it for control and session-state
Alan T. DeKok [Mon, 18 Sep 2023 21:02:00 +0000 (17:02 -0400)]
typo
Alan T. DeKok [Mon, 18 Sep 2023 20:58:29 +0000 (16:58 -0400)]
once again remove tmpl_tokenize_all_nested
Alan T. DeKok [Mon, 18 Sep 2023 16:59:20 +0000 (12:59 -0400)]
force tmpl_tokenize_all_nested
Alan T. DeKok [Mon, 18 Sep 2023 13:05:22 +0000 (09:05 -0400)]
enable tmpl_tokenize_all_nested for all module tests
Alan T. DeKok [Mon, 18 Sep 2023 12:32:24 +0000 (08:32 -0400)]
use nesting when creating SQL pairs
Alan T. DeKok [Mon, 18 Sep 2023 11:46:17 +0000 (07:46 -0400)]
more migrations. Only SQL is left
Alan T. DeKok [Mon, 18 Sep 2023 00:39:58 +0000 (20:39 -0400)]
add more migrations
Alan T. DeKok [Mon, 18 Sep 2023 00:23:46 +0000 (20:23 -0400)]
more migration for modules
Alan T. DeKok [Sun, 17 Sep 2023 21:55:57 +0000 (17:55 -0400)]
framework for per-module migration flags
Alan T. DeKok [Sun, 17 Sep 2023 21:50:51 +0000 (17:50 -0400)]
Revert "force tmpl_tokenize_all_nested"
This reverts commit
5dc2aac671c609dbfc36ec19cddbec357c5a4c5f .
Well, no. Too late on a weekend.
Alan T. DeKok [Sun, 17 Sep 2023 21:37:52 +0000 (17:37 -0400)]
Revert "remove tmpl_tokenize_all_nested"
This reverts commit
861c6a07630b4b6c32bcbc4994b07803e0ed84a8 .
let's see if this causes CI to pass?
Alan T. DeKok [Sun, 17 Sep 2023 21:13:35 +0000 (17:13 -0400)]
typo
Alan T. DeKok [Sun, 17 Sep 2023 20:18:48 +0000 (16:18 -0400)]
try to created nested VPs
This likely won't work perfectly due to the fact that converting
attrs to Perl doesn't do nesting properly.
Alan T. DeKok [Sun, 17 Sep 2023 20:16:26 +0000 (16:16 -0400)]
disable Perl tests until such time as it creates nested attrs
Alan T. DeKok [Sun, 17 Sep 2023 19:57:03 +0000 (15:57 -0400)]
remove tmpl_tokenize_all_nested
Alan T. DeKok [Sun, 17 Sep 2023 16:55:47 +0000 (12:55 -0400)]
force tmpl_tokenize_all_nested
Alan T. DeKok [Sun, 17 Sep 2023 14:38:57 +0000 (10:38 -0400)]
update to use correct syntax for -=
Alan T. DeKok [Sun, 17 Sep 2023 14:29:13 +0000 (10:29 -0400)]
be a bit smarter about it
Alan T. DeKok [Sun, 17 Sep 2023 14:23:11 +0000 (10:23 -0400)]
relax test a bit
Alan T. DeKok [Sun, 17 Sep 2023 13:57:38 +0000 (09:57 -0400)]
remove assertion
memdup_shallow() is sometimes called with non-talloc'd memory
in some cases the calls are wrong, and this causes a later assert
in the verify functions. In other cases, the calls are correct.
Alan T. DeKok [Sun, 17 Sep 2023 13:46:41 +0000 (09:46 -0400)]
catch corner case for -=
&control -= {
&Password.Cleartext == 'oracle01' # ERROR
}
the edit code doesn't do this correctly (yet). Add a test case
which catches it and complains, instead of dogn the wrong thing.
It's also not clear what is meant by the above. Do we need to
delete &Password, too?
Alan T. DeKok [Sun, 17 Sep 2023 13:26:26 +0000 (09:26 -0400)]
use correct escaping
now that we've fixed fr_asprint() in commit b10640, and the
escaping in
41193841eb , this test also needs fixing. In order to
pass \' to a shell which takes a string in ' quotes, the config
file string must use one layer of escaping for FR, and a second
layer of escaping for the shell.
this issue highlights the fact that we likely need a "q" operator
ala Perl.
Alan T. DeKok [Sun, 17 Sep 2023 12:59:36 +0000 (08:59 -0400)]
temporarily stop ldap_sync until the failing test is fixed
Alan T. DeKok [Sat, 16 Sep 2023 19:40:16 +0000 (15:40 -0400)]
manually redo commit
0c6d48394867e2d2
gettoken() parses the RHS of a CONF_PAIR, but that function only
unescapes the \", and doesn't unescape anything else. Therefore
we do the unescaping here.
Alan T. DeKok [Sat, 16 Sep 2023 17:55:57 +0000 (13:55 -0400)]
fr_asprint() takes a quotation 'char', not a fr_token_t
Alan T. DeKok [Sat, 16 Sep 2023 15:15:04 +0000 (11:15 -0400)]
allow T_HASH for edit sections. See map_afrom_cp()
James Jones [Fri, 15 Sep 2023 19:21:05 +0000 (14:21 -0500)]
Annotate fr_nbo_to_uint{16,24}() at function level
CIDs: #
1419883 , #
1520415 , #
1503954 , #
14516665 , #
1519002
This should keep coverity from tainting the pointer to data
being converted to host order.
Alan T. DeKok [Sat, 16 Sep 2023 01:25:39 +0000 (21:25 -0400)]
check return codes to quiet static analyzer
Alan T. DeKok [Fri, 15 Sep 2023 17:51:14 +0000 (13:51 -0400)]
force tmpl_tokenize_all_nested here, too
Alan T. DeKok [Fri, 15 Sep 2023 17:36:45 +0000 (13:36 -0400)]
ensure that the buffers are talloc'd
the memdup_shallow() call will just assign the ptr to the
value-box. But the added talloc_get_name() fails, because the
ptr isn't talloced.
Alan T. DeKok [Fri, 15 Sep 2023 16:41:36 +0000 (12:41 -0400)]
move legacy function to the only place which uses it
Alan T. DeKok [Fri, 15 Sep 2023 16:37:29 +0000 (12:37 -0400)]
remove legacy print nested, and old "unflatten" code
Nick Porter [Fri, 15 Sep 2023 13:20:24 +0000 (14:20 +0100)]
Attempt to ignore spurios LeakSanitizer fatal errors
James Jones [Thu, 14 Sep 2023 19:06:59 +0000 (14:06 -0500)]
Placate coverity with excessive buffer_len (CID #
1503922 , #
1503986 )
open_buffer_as_file() is a wrapper aound the fmemopen() function.
The example shown on fmemopen()'s man page passes a string as buffer
and strlen(<string>) as length, and open_buffer_as_file() calls did the
same thing--but coverity gives it an alloc_strlen defect with the
comment "allocating insufficient memory for the terminating null of
the string".
At least one other project using coverity and calling fmemopen()
in conformity with "man fmemopen" also gets this defect and ended
up passing strlen(<string>) + 1 to deal with it. Making the analogous
change here passes tests and should quiet coverity.
Alan T. DeKok [Fri, 15 Sep 2023 12:52:01 +0000 (08:52 -0400)]
start removing "update"
Alan T. DeKok [Fri, 15 Sep 2023 12:44:25 +0000 (08:44 -0400)]
note "please don't use %{expr:..}"
Alan T. DeKok [Fri, 15 Sep 2023 12:38:12 +0000 (08:38 -0400)]
add in-line expressions with add
Alan T. DeKok [Fri, 15 Sep 2023 12:33:51 +0000 (08:33 -0400)]
clean up handling of Acct-Delay-Time
use new edit expressions, and check for sane Event-Timestamp
Alan T. DeKok [Fri, 15 Sep 2023 11:01:00 +0000 (07:01 -0400)]
decode unknown extended VSAs as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:25:34 +0000 (15:25 -0400)]
decode WiMAX as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:11:39 +0000 (15:11 -0400)]
decode RADIUS structs as nested
Alan T. DeKok [Thu, 14 Sep 2023 19:06:08 +0000 (15:06 -0400)]
decode extended VSAs as nested
Alan T. DeKok [Thu, 14 Sep 2023 18:47:04 +0000 (14:47 -0400)]
remove migrate command
we no longer use it for anything.
Alan T. DeKok [Thu, 14 Sep 2023 13:58:54 +0000 (09:58 -0400)]
always decode RADIUS VSAs as nested
not sure why this wasn't done before. But now we're happy.
Alan T. DeKok [Thu, 14 Sep 2023 13:49:40 +0000 (09:49 -0400)]
more comments on antora and asciidoc
Alan T. DeKok [Thu, 14 Sep 2023 13:27:21 +0000 (09:27 -0400)]
no need for macro, just rename the struct fields
Alan T. DeKok [Thu, 14 Sep 2023 12:08:52 +0000 (08:08 -0400)]
allow raw.Vendor-Specific = 0xabcdef
which parses it as a Vendor-Specific, then sees the 0x..., and
converts it to type 'octets'.
Note that the attribute MUST already be marked up as "raw"
Alan T. DeKok [Thu, 14 Sep 2023 00:44:54 +0000 (20:44 -0400)]
set a default type size and length for unknown attributes
Which lets us create unknown vendors
Alan T. DeKok [Thu, 14 Sep 2023 00:44:25 +0000 (20:44 -0400)]
don't print nested if parent is key field
Alan T. DeKok [Wed, 13 Sep 2023 22:52:15 +0000 (18:52 -0400)]
make arp always decode as nested
Alan T. DeKok [Wed, 13 Sep 2023 22:49:12 +0000 (18:49 -0400)]
remove pair_legacy_nested
Jorge Pereira [Thu, 14 Sep 2023 02:18:53 +0000 (23:18 -0300)]
Fix small leak in rlm_pap load (#5176)
Alan T. DeKok [Wed, 13 Sep 2023 22:43:36 +0000 (18:43 -0400)]
remove flatten / unflatten APIs
Alan T. DeKok [Wed, 13 Sep 2023 22:40:11 +0000 (18:40 -0400)]
remove "flatten" migration flags
Alan T. DeKok [Wed, 13 Sep 2023 22:33:15 +0000 (18:33 -0400)]
always create Net attributes as nested
Alan T. DeKok [Wed, 13 Sep 2023 19:53:08 +0000 (15:53 -0400)]
force all nested
Alan T. DeKok [Wed, 13 Sep 2023 19:30:34 +0000 (15:30 -0400)]
ignore structural types
Alan T. DeKok [Wed, 13 Sep 2023 19:15:17 +0000 (15:15 -0400)]
don't print nested types to environment variables
Alan T. DeKok [Wed, 13 Sep 2023 18:08:00 +0000 (14:08 -0400)]
swap migration flag to always true
Alan T. DeKok [Wed, 13 Sep 2023 16:49:16 +0000 (12:49 -0400)]
add fr_pair_delete_by_da_nested()
and use it in server macros. This change allows the uses of
pair_delete_request() etc. to work properly with nested attributes
Alan T. DeKok [Wed, 13 Sep 2023 16:47:21 +0000 (12:47 -0400)]
minor cleanups for EAP attributes and rearrangements
Alan T. DeKok [Wed, 13 Sep 2023 14:03:02 +0000 (10:03 -0400)]
make EAP decode nested pairs
Alan T. DeKok [Wed, 13 Sep 2023 14:02:06 +0000 (10:02 -0400)]
Handle empty lists.
Don't recurse, as that drops a literal \0 in the middle of the
output. And also adds two spaces between the brackets.
Alan T. DeKok [Wed, 13 Sep 2023 12:09:46 +0000 (08:09 -0400)]
the EAP tests depend on libfreeradius-eap-aka-sim
not libfreeradius-eap
Alan T. DeKok [Tue, 12 Sep 2023 21:11:40 +0000 (17:11 -0400)]
explicitly encode all of the suboptions
We may want to revisit the behavior of &foo.[*]. Does it mean
only that level, or all children?
Alan T. DeKok [Tue, 12 Sep 2023 20:57:48 +0000 (16:57 -0400)]
allow EAP-AKA-SIM to encode nested pairs.
The decoder is still not done. That's next.
Alan T. DeKok [Tue, 12 Sep 2023 20:38:04 +0000 (16:38 -0400)]
fix error.
It would be nice if OSX decided to rebuild things when code changed.
Alan T. DeKok [Tue, 12 Sep 2023 20:28:36 +0000 (16:28 -0400)]
remove unused assignment
Alan T. DeKok [Tue, 12 Sep 2023 18:21:06 +0000 (14:21 -0400)]
just look at the dict, instead of calling common ancestor
because if we check for a common ancestor between a da and the
dict root, we're just checking if the da is in the dict.
Alan T. DeKok [Tue, 12 Sep 2023 18:14:21 +0000 (14:14 -0400)]
minor tweaks, and link into the main nav bar
James Jones [Fri, 8 Sep 2023 19:25:55 +0000 (14:25 -0500)]
Add coverity overview to developer documentation
James Jones [Tue, 12 Sep 2023 15:23:10 +0000 (10:23 -0500)]
Set pair list verified on initialization (true) and append (false)
CIDs: #
1544620 through #
1544624
Alan T. DeKok [Tue, 12 Sep 2023 18:02:26 +0000 (14:02 -0400)]
add and use fr_pair_dcursor_child_iter_init()
all of the encoders previously just called fr_pair_dcursor_init()
for child cursors. Which meant that the iterator could return
internal attributes.
The child cursor now uses the same iterator as the parent cursor.
This ensures that it only returns the correct encodable attributes
for this protocol.
Alan T. DeKok [Tue, 12 Sep 2023 15:00:46 +0000 (11:00 -0400)]
NDEBUG...
Alan T. DeKok [Tue, 12 Sep 2023 14:57:32 +0000 (10:57 -0400)]
add UNUSED
Alan T. DeKok [Tue, 12 Sep 2023 12:53:03 +0000 (08:53 -0400)]
fix RADIUS for nested attribute encoding
the main difference is that we fix encode_extended() to correctly
handle nesting, and update the tests. As a side effect, the
encode_extended() function now always requires nesting, and if
passed flat extended attributes, will return an encoding error.
We also fix up the fr_pair_cursor_to_network() function to remove
the flat vs nested hacks. It now always expects nesting.
We also fix up fr_struct_to_network() to always expect nesting
for the trailing TLV in a struct.
Alan T. DeKok [Mon, 11 Sep 2023 18:59:14 +0000 (14:59 -0400)]
hoist encode_cursor() function to common API
Alan T. DeKok [Mon, 11 Sep 2023 18:38:48 +0000 (14:38 -0400)]
unify function prototypes
Alan T. DeKok [Mon, 11 Sep 2023 10:31:56 +0000 (06:31 -0400)]
add RFC 7710
Alan T. DeKok [Mon, 11 Sep 2023 10:23:21 +0000 (06:23 -0400)]
trust the dcursor, and don't check for flags.internal
Alan T. DeKok [Mon, 11 Sep 2023 10:11:45 +0000 (06:11 -0400)]
allow for raw members of a struct
which can only occur when the raw VP is a direct child of the
parent struct.
Alan T. DeKok [Mon, 11 Sep 2023 09:37:09 +0000 (05:37 -0400)]
reformat
Alan T. DeKok [Mon, 11 Sep 2023 09:36:47 +0000 (05:36 -0400)]
just use tabs function instead of hand-rolling things
Alan T. DeKok [Mon, 11 Sep 2023 00:20:57 +0000 (20:20 -0400)]
comment out assertion check
because it fails for update sections, where the vp being deleted
isn't parented from the list!
If we add the migration flags
-S rewrite_update=yes -S tmpl_tokenize_all_nested=yes
then the test passes. We'll leave these checks disabled until
we either find and fix the issue (if we care) or until we enable
everything nested.
Alan T. DeKok [Sun, 10 Sep 2023 23:59:35 +0000 (19:59 -0400)]
add / clear verified flag to pair lists
so that we avoid slowdowns with repeated recursion