]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
2 years agoreturn OOM on oom
Alan T. DeKok [Sun, 10 Sep 2023 14:07:05 +0000 (10:07 -0400)] 
return OOM on oom

2 years agowe have talloc_const_free(), so just use that
Alan T. DeKok [Sun, 10 Sep 2023 13:02:01 +0000 (09:02 -0400)] 
we have talloc_const_free(), so just use that

2 years agoclarify code so that we can find uses of a variable
Alan T. DeKok [Sun, 10 Sep 2023 12:48:37 +0000 (08:48 -0400)] 
clarify code so that we can find uses of a variable

2 years agoremove unused function
Alan T. DeKok [Sun, 10 Sep 2023 12:43:21 +0000 (08:43 -0400)] 
remove unused function

2 years agopair_afrom_da() already copies the unknown da
Alan T. DeKok [Sun, 10 Sep 2023 12:40:54 +0000 (08:40 -0400)] 
pair_afrom_da() already copies the unknown da

2 years agotry to quiet static analyzers
Alan T. DeKok [Sat, 9 Sep 2023 20:58:16 +0000 (16:58 -0400)] 
try to quiet static analyzers

2 years agoclean up in preparation for further raw cleanups
Alan T. DeKok [Sat, 9 Sep 2023 15:43:56 +0000 (11:43 -0400)] 
clean up in preparation for further raw cleanups

fr_dict_unknown_afrom_oid_substr() now continues from where the
previous parser left off.  The raw handling is now essentially
all out of the dictionaries

2 years agoallow unknown attributes to be relative, too.
Alan T. DeKok [Sat, 9 Sep 2023 11:50:02 +0000 (07:50 -0400)] 
allow unknown attributes to be relative, too.

As part of a general cleanup and rearrangement, fix the code,
have less code, and make it more functional

2 years agoswitch encoders to use vp->vp_type
Alan T. DeKok [Sat, 9 Sep 2023 11:29:19 +0000 (07:29 -0400)] 
switch encoders to use vp->vp_type

because vp_type could be different from da->type in some cases

2 years agofr_pair_to_unknown() -> fr_pair_raw_from_pair()
Alan T. DeKok [Fri, 8 Sep 2023 20:15:54 +0000 (16:15 -0400)] 
fr_pair_to_unknown() -> fr_pair_raw_from_pair()

because all of the callers are creating a raw pair from malformed
data, and aren't creating an unknown pair.

2 years agomore debugging, and return OOM on OOM
Alan T. DeKok [Fri, 8 Sep 2023 20:15:25 +0000 (16:15 -0400)] 
more debugging, and return OOM on OOM

2 years agoonly free the the vp on the error path
Alan T. DeKok [Fri, 8 Sep 2023 20:12:55 +0000 (16:12 -0400)] 
only free the the vp on the error path

if the first byte is non-zero, then the result is non-zero,
and we don't need to check it on all paths

2 years agodon't bother checking chaddr size during decode
Alan T. DeKok [Fri, 8 Sep 2023 17:25:46 +0000 (13:25 -0400)] 
don't bother checking chaddr size during decode

fr_dhcpv4_ok() checks if htype==1 && hlen==6, and fails if that
isn't true.

So either that test passed, or the caller didn't call fr_dhcpv4_ok()
to verify the packet.  In either case, there's no reason to do
additional validation here.

2 years agoclear the value, to be consistent with other uses of free_value
Alan T. DeKok [Fri, 8 Sep 2023 19:42:17 +0000 (15:42 -0400)] 
clear the value, to be consistent with other uses of free_value

2 years agodon't clear the box, clear only the value.
Alan T. DeKok [Fri, 8 Sep 2023 19:42:02 +0000 (15:42 -0400)] 
don't clear the box, clear only the value.

2 years agohoist TLV checks to before creating the VP
Alan T. DeKok [Fri, 8 Sep 2023 19:01:47 +0000 (15:01 -0400)] 
hoist TLV checks to before creating the VP

because there's no point in creating the VP and then freeing it.

2 years agouse fr_pair_raw_from_network() instead of hand-rolling it
Alan T. DeKok [Fri, 8 Sep 2023 14:59:48 +0000 (10:59 -0400)] 
use fr_pair_raw_from_network() instead of hand-rolling it

2 years agodefine and use fr_dict_unknown_copy()
Alan T. DeKok [Fri, 8 Sep 2023 14:24:54 +0000 (10:24 -0400)] 
define and use fr_dict_unknown_copy()

because we want to get rid of fr_pair_to_unknown().  The caller
should instead have created a raw attribute

2 years agodon't need to check is_raw flag
Alan T. DeKok [Fri, 8 Sep 2023 14:09:41 +0000 (10:09 -0400)] 
don't need to check is_raw flag

because we now always set is_raw for unknowns, so it's enough to
check the is_unknown flag

2 years agohoist setting of "is raw" out of protocol decoders
Alan T. DeKok [Fri, 8 Sep 2023 14:06:43 +0000 (10:06 -0400)] 
hoist setting of "is raw" out of protocol decoders

and into the dictionary code so it's more centralized.

Another side effect is that unknown attributes are now always
"raw".  Which is likely what we should always have done anyways

2 years agohoist "is_raw" to be more public
Alan T. DeKok [Fri, 8 Sep 2023 13:01:19 +0000 (09:01 -0400)] 
hoist "is_raw" to be more public

There was already an "is_raw" field in the unresolved sub-structure
so just hoist it out, and use it instead of da->flags.is_raw

2 years agofix unused
Alan T. DeKok [Fri, 8 Sep 2023 12:59:32 +0000 (08:59 -0400)] 
fix unused

2 years agouse macros / functions instead of accessing fields directly
Alan T. DeKok [Fri, 8 Sep 2023 12:53:24 +0000 (08:53 -0400)] 
use macros / functions instead of accessing fields directly

2 years agodefine and use vp_raw
Alan T. DeKok [Fri, 8 Sep 2023 11:47:52 +0000 (07:47 -0400)] 
define and use vp_raw

In preparation for moving the "raw" flag out of the dictionaries

2 years agofix corner case CID 1544258
Alan T. DeKok [Thu, 7 Sep 2023 21:41:40 +0000 (17:41 -0400)] 
fix corner case  CID 1544258

2 years agouse the correct name for the parnt type
Alan T. DeKok [Thu, 7 Sep 2023 20:19:27 +0000 (16:19 -0400)] 
use the correct name for the parnt type

2 years agoSimplify fr_ldap_edir_get_password
Nick Porter [Fri, 8 Sep 2023 12:24:49 +0000 (13:24 +0100)] 
Simplify fr_ldap_edir_get_password

2 years agoReturn an unlang_action_t from ldap bind auth functions
Nick Porter [Fri, 8 Sep 2023 11:25:45 +0000 (12:25 +0100)] 
Return an unlang_action_t from ldap bind auth functions

2 years agoEnsure we free memory on errors
Nick Porter [Thu, 7 Sep 2023 18:13:59 +0000 (19:13 +0100)] 
Ensure we free memory on errors

2 years agoHandle rcode from previous async call
Nick Porter [Fri, 8 Sep 2023 10:01:08 +0000 (11:01 +0100)] 
Handle rcode from previous async call

2 years agoNo need for p_result in async LDAP functions
Nick Porter [Fri, 8 Sep 2023 09:37:14 +0000 (10:37 +0100)] 
No need for p_result in async LDAP functions

It was only set on failure, and that is handled by the
UNLANG_ACTION_FAIL return code

2 years agoAdd max_request_time timer to unit_test_module
Nick Porter [Thu, 7 Sep 2023 17:09:55 +0000 (18:09 +0100)] 
Add max_request_time timer to unit_test_module

2 years agoTypos
Nick Porter [Thu, 7 Sep 2023 14:42:20 +0000 (15:42 +0100)] 
Typos

2 years agoEnsure auth bind resume functions clear up after failed requests
Nick Porter [Thu, 7 Sep 2023 13:25:22 +0000 (14:25 +0100)] 
Ensure auth bind resume functions clear up after failed requests

2 years agoAdd callback for failed ldap auth binds
Nick Porter [Thu, 7 Sep 2023 13:20:10 +0000 (14:20 +0100)] 
Add callback for failed ldap auth binds

2 years agoNo need for request_free callback
Nick Porter [Thu, 7 Sep 2023 12:59:27 +0000 (13:59 +0100)] 
No need for request_free callback

bind_auth_ctx is parented of the trunk request so is freed automatically

2 years agoTypo
Nick Porter [Fri, 8 Sep 2023 06:59:44 +0000 (07:59 +0100)] 
Typo

2 years agoalways decode tacacs as nested
Alan T. DeKok [Thu, 7 Sep 2023 19:24:29 +0000 (15:24 -0400)] 
always decode tacacs as nested

2 years agoallow tacacs to encode nested attributes
Alan T. DeKok [Thu, 7 Sep 2023 19:19:58 +0000 (15:19 -0400)] 
allow tacacs to encode nested attributes

2 years agotypos
Alan T. DeKok [Thu, 7 Sep 2023 19:09:08 +0000 (15:09 -0400)] 
typos

2 years agoit's smarter to have clear-text unit tests
Alan T. DeKok [Thu, 7 Sep 2023 19:04:33 +0000 (15:04 -0400)] 
it's smarter to have clear-text unit tests

instead of encrypted ones.  We should also add unit tests for
encrypted packets, too

2 years agomake pair_legacy_nested=true the default
Alan T. DeKok [Thu, 7 Sep 2023 18:52:05 +0000 (14:52 -0400)] 
make pair_legacy_nested=true the default

EAP-SIM and TACACS+ do not yet handle nested attributes, so they
manually set the flag to false.

2 years agoremove flatten / unflatten tests and keywords
Alan T. DeKok [Thu, 7 Sep 2023 18:44:42 +0000 (14:44 -0400)] 
remove flatten / unflatten tests and keywords

they are no longer necessary, as we are moving to nested attributes

2 years agodon't run unbound tests on OSX
Alan T. DeKok [Thu, 7 Sep 2023 18:02:36 +0000 (14:02 -0400)] 
don't run unbound tests on OSX

it fails in CI, and we don't care enough to fix it

2 years agojson: Add json escape
Arran Cudbard-Bell [Thu, 7 Sep 2023 17:58:18 +0000 (11:58 -0600)] 
json: Add json escape

2 years agominor tweaks
Alan T. DeKok [Thu, 7 Sep 2023 17:39:28 +0000 (13:39 -0400)] 
minor tweaks

2 years agotests for nested types
Alan T. DeKok [Thu, 7 Sep 2023 17:20:17 +0000 (13:20 -0400)] 
tests for nested types

2 years agoloop over nested extended types
Alan T. DeKok [Thu, 7 Sep 2023 17:19:55 +0000 (13:19 -0400)] 
loop over nested extended types

2 years agoVSAs can only contain internal attributes and VENDORs
Alan T. DeKok [Thu, 7 Sep 2023 17:19:29 +0000 (13:19 -0400)] 
VSAs can only contain internal attributes and VENDORs

2 years agothe RADIUS protocol cannot encode attributes of type 'group'
Alan T. DeKok [Thu, 7 Sep 2023 17:17:06 +0000 (13:17 -0400)] 
the RADIUS protocol cannot encode attributes of type 'group'

2 years agocheck return for CID 1544245
Alan T. DeKok [Wed, 6 Sep 2023 21:04:27 +0000 (17:04 -0400)] 
check return for CID 1544245

Realistically, unlang_xlat_yield() _always_ returns
XLAT_ACTION_YIELD, and the only reason it returns anything
is so that we can do "return unlang_xlat_yield()"

2 years agodecode TLVs nested
Alan T. DeKok [Wed, 6 Sep 2023 18:26:59 +0000 (14:26 -0400)] 
decode TLVs nested

2 years agonested tests for wimax
Alan T. DeKok [Wed, 6 Sep 2023 18:22:20 +0000 (14:22 -0400)] 
nested tests for wimax

2 years agonote that giving flat lists results in us creating nested ones
Alan T. DeKok [Wed, 6 Sep 2023 18:05:09 +0000 (14:05 -0400)] 
note that giving flat lists results in us creating nested ones

2 years agoAdd 'Net.*' pairs to TACACS
Nick Porter [Wed, 6 Sep 2023 18:58:42 +0000 (19:58 +0100)] 
Add 'Net.*' pairs to TACACS

2 years agoVSA types are decoded as groups
Alan T. DeKok [Wed, 6 Sep 2023 16:50:14 +0000 (12:50 -0400)] 
VSA types are decoded as groups

note that we will have to audit all of the "decode raw" routines.
the current behavior is for the _called_ function to create a
"raw" parent if the decode fails.  If the parent is itself a group,
the called function will instead have to return an error, and then
the calling function will turn it into a raw attribute

2 years agocoalesce VENDOR attributes at the same level
Alan T. DeKok [Wed, 6 Sep 2023 14:09:36 +0000 (10:09 -0400)] 
coalesce VENDOR attributes at the same level

2 years agoVSA types are decoded as groups
Alan T. DeKok [Wed, 6 Sep 2023 12:22:51 +0000 (08:22 -0400)] 
VSA types are decoded as groups

2 years agocoalesce VSAs at the same level
Alan T. DeKok [Wed, 6 Sep 2023 12:18:25 +0000 (08:18 -0400)] 
coalesce VSAs at the same level

2 years agoInsert new pair where we were asked to
Nick Porter [Wed, 6 Sep 2023 11:26:52 +0000 (12:26 +0100)] 
Insert new pair where we were asked to

2 years agodecode as nested
Alan T. DeKok [Wed, 6 Sep 2023 12:07:35 +0000 (08:07 -0400)] 
decode as nested

except for FR_TYPE_GROUP, which gets put into the group VP, but
the attributes are decoded from the dict root

@todo - we don't coalesce vendor / VSA data types, and we should
probably do that.

2 years agofix group decoding
Alan T. DeKok [Wed, 6 Sep 2023 01:48:32 +0000 (21:48 -0400)] 
fix group decoding

on failed decode of group, create a raw attribute instead of
returning an error.

return in the group handler, so that we don't set vp->vp_tainted
for a structural data type.

2 years agoDon't leak memory
Nick Porter [Wed, 6 Sep 2023 09:40:38 +0000 (10:40 +0100)] 
Don't leak memory

2 years agoldap: Quiet clang
Arran Cudbard-Bell [Wed, 6 Sep 2023 08:55:51 +0000 (02:55 -0600)] 
ldap: Quiet clang

2 years agoldap: Accept profile in either URI form or DN form
Arran Cudbard-Bell [Wed, 6 Sep 2023 05:28:39 +0000 (23:28 -0600)] 
ldap: Accept profile in either URI form or DN form

2 years agoldap: Fix auth tests
Arran Cudbard-Bell [Wed, 6 Sep 2023 04:53:00 +0000 (22:53 -0600)] 
ldap: Fix auth tests

2 years agoldap: Add profile xlat to allow application of arbitrary profiles
Arran Cudbard-Bell [Wed, 6 Sep 2023 04:00:06 +0000 (22:00 -0600)] 
ldap: Add profile xlat to allow application of arbitrary profiles

2 years agoldap: Take a ctx in fr_lap_map_expand
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:58:02 +0000 (21:58 -0600)] 
ldap: Take a ctx in fr_lap_map_expand

2 years agoldap: Return the result code from the LDAP operation in rlm_ldap_map_profile instead...
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:57:16 +0000 (21:57 -0600)] 
ldap: Return the result code from the LDAP operation in rlm_ldap_map_profile instead of messing with the rcode

2 years agoldap: Make type names more explicit
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:42:54 +0000 (21:42 -0600)] 
ldap: Make type names more explicit

2 years agoldap: Replace confusing macro with static inline
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:40:55 +0000 (21:40 -0600)] 
ldap: Replace confusing macro with static inline

2 years agoSplit out and abstract ldap profile code
Arran Cudbard-Bell [Tue, 5 Sep 2023 22:08:42 +0000 (16:08 -0600)] 
Split out and abstract ldap profile code

2 years agoalso use local libraries for unit tests
Alan T. DeKok [Tue, 5 Sep 2023 22:09:50 +0000 (18:09 -0400)] 
also use local libraries for unit tests

2 years agoInitialise more boxes correctly
Arran Cudbard-Bell [Tue, 5 Sep 2023 21:19:12 +0000 (15:19 -0600)] 
Initialise more boxes correctly

2 years agoRevert "always call fr_pair_tlvs_from_network() as nested"
Alan T. DeKok [Tue, 5 Sep 2023 19:48:43 +0000 (15:48 -0400)] 
Revert "always call fr_pair_tlvs_from_network() as nested"

This reverts commit 53d37c2b16802920a6d6ebcba568859e48dc5789.

2 years agoupdate tests, too
Alan T. DeKok [Tue, 5 Sep 2023 19:29:39 +0000 (15:29 -0400)] 
update tests, too

2 years agothis is now nested
Alan T. DeKok [Tue, 5 Sep 2023 18:59:28 +0000 (14:59 -0400)] 
this is now nested

2 years agoalways call fr_pair_tlvs_from_network() as nested
Alan T. DeKok [Tue, 5 Sep 2023 17:59:27 +0000 (13:59 -0400)] 
always call fr_pair_tlvs_from_network() as nested

2 years agoalways call fr_pair_tlvs_from_network() as nested
Alan T. DeKok [Tue, 5 Sep 2023 17:56:19 +0000 (13:56 -0400)] 
always call fr_pair_tlvs_from_network() as nested

2 years agomore peephole optimizations for logical operations
Alan T. DeKok [Tue, 5 Sep 2023 17:38:34 +0000 (13:38 -0400)] 
more peephole optimizations for logical operations

2 years agomark up "@todo" with more comments and classifications
Alan T. DeKok [Tue, 5 Sep 2023 17:35:20 +0000 (13:35 -0400)] 
mark up "@todo" with more comments and classifications

2 years agodecode DHCPv6 structs as nested
Alan T. DeKok [Tue, 5 Sep 2023 17:18:29 +0000 (13:18 -0400)] 
decode DHCPv6 structs as nested

2 years agoset mutable recursively
Alan T. DeKok [Tue, 5 Sep 2023 16:55:56 +0000 (12:55 -0400)] 
set mutable recursively

2 years agotypo
Alan T. DeKok [Tue, 5 Sep 2023 16:55:41 +0000 (12:55 -0400)] 
typo

2 years agoRemove unused variable
Nick Porter [Tue, 5 Sep 2023 16:00:18 +0000 (17:00 +0100)] 
Remove unused variable

2 years agoReconnect trunk connection if the error is FR_LDAP_BAD_CONN
Nick Porter [Tue, 5 Sep 2023 13:10:35 +0000 (14:10 +0100)] 
Reconnect trunk connection if the error is FR_LDAP_BAD_CONN

2 years agoCorrect passing of fr_ldap_connection_t in async functions
Nick Porter [Tue, 5 Sep 2023 11:22:09 +0000 (12:22 +0100)] 
Correct passing of fr_ldap_connection_t in async functions

The comment about changing the connection due to auto re-connect is
wrong - that was the old sync code behaviour.

2 years agoUse standard routine to proces LDAP errors
Nick Porter [Tue, 5 Sep 2023 11:02:29 +0000 (12:02 +0100)] 
Use standard routine to proces LDAP errors

Allows distinguishing between e.g. syntax errors and connection errors.

2 years agoHandle LDAP query result codes correctly
Nick Porter [Tue, 5 Sep 2023 09:53:32 +0000 (10:53 +0100)] 
Handle LDAP query result codes correctly

2 years agoAdd callback to tidy up if LDAP trunk requests fail
Nick Porter [Tue, 5 Sep 2023 15:40:04 +0000 (16:40 +0100)] 
Add callback to tidy up if LDAP trunk requests fail

2 years agonotes on future peephole optimization
Alan T. DeKok [Tue, 5 Sep 2023 14:19:50 +0000 (10:19 -0400)] 
notes on future peephole optimization

2 years agopass in the correct operator
Alan T. DeKok [Tue, 5 Sep 2023 14:18:53 +0000 (10:18 -0400)] 
pass in the correct operator

2 years agoif aavailable, check the enum name at parse time
Alan T. DeKok [Tue, 5 Sep 2023 13:37:04 +0000 (09:37 -0400)] 
if aavailable, check the enum name at parse time

2 years agoonly set fixed length for leaf types which have fixed length
Alan T. DeKok [Tue, 5 Sep 2023 13:36:39 +0000 (09:36 -0400)] 
only set fixed length for leaf types which have fixed length

2 years agomake sure the value-box is initialized
Alan T. DeKok [Tue, 5 Sep 2023 13:30:22 +0000 (09:30 -0400)] 
make sure the value-box is initialized

2 years agoIf we have a LHS leaf, pass it to the RHS tmpl parser
Alan T. DeKok [Mon, 4 Sep 2023 19:54:14 +0000 (15:54 -0400)] 
If we have a LHS leaf, pass it to the RHS tmpl parser

which means that we catch more load-time errors for typos in
the configuration files.

and add test case.

The RHS resolution is done in pass2, so there's no issue with an
enum name being defined after the configuration files have been read.

2 years agoadd unknown only if the LHS is unknown
Alan T. DeKok [Mon, 4 Sep 2023 19:50:10 +0000 (15:50 -0400)] 
add unknown only if the LHS is unknown

and assert that the LHS is an attribute, which it should be for
being a bare word

2 years agouse attr_net_*, and suppress Net.* if they exist in the list
Alan T. DeKok [Mon, 4 Sep 2023 17:23:33 +0000 (13:23 -0400)] 
use attr_net_*, and suppress Net.* if they exist in the list

2 years agoAdd ldap test using SASL proxy authorization for admin bind
Nick Porter [Tue, 5 Sep 2023 08:11:52 +0000 (09:11 +0100)] 
Add ldap test using SASL proxy authorization for admin bind

2 years agoPacify coverity
Nick Porter [Tue, 5 Sep 2023 07:17:48 +0000 (08:17 +0100)] 
Pacify coverity