]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
Alan T. DeKok [Sun, 10 Sep 2023 14:07:05 +0000 (10:07 -0400)]
return OOM on oom
Alan T. DeKok [Sun, 10 Sep 2023 13:02:01 +0000 (09:02 -0400)]
we have talloc_const_free(), so just use that
Alan T. DeKok [Sun, 10 Sep 2023 12:48:37 +0000 (08:48 -0400)]
clarify code so that we can find uses of a variable
Alan T. DeKok [Sun, 10 Sep 2023 12:43:21 +0000 (08:43 -0400)]
remove unused function
Alan T. DeKok [Sun, 10 Sep 2023 12:40:54 +0000 (08:40 -0400)]
pair_afrom_da() already copies the unknown da
Alan T. DeKok [Sat, 9 Sep 2023 20:58:16 +0000 (16:58 -0400)]
try to quiet static analyzers
Alan T. DeKok [Sat, 9 Sep 2023 15:43:56 +0000 (11:43 -0400)]
clean up in preparation for further raw cleanups
fr_dict_unknown_afrom_oid_substr() now continues from where the
previous parser left off. The raw handling is now essentially
all out of the dictionaries
Alan T. DeKok [Sat, 9 Sep 2023 11:50:02 +0000 (07:50 -0400)]
allow unknown attributes to be relative, too.
As part of a general cleanup and rearrangement, fix the code,
have less code, and make it more functional
Alan T. DeKok [Sat, 9 Sep 2023 11:29:19 +0000 (07:29 -0400)]
switch encoders to use vp->vp_type
because vp_type could be different from da->type in some cases
Alan T. DeKok [Fri, 8 Sep 2023 20:15:54 +0000 (16:15 -0400)]
fr_pair_to_unknown() -> fr_pair_raw_from_pair()
because all of the callers are creating a raw pair from malformed
data, and aren't creating an unknown pair.
Alan T. DeKok [Fri, 8 Sep 2023 20:15:25 +0000 (16:15 -0400)]
more debugging, and return OOM on OOM
Alan T. DeKok [Fri, 8 Sep 2023 20:12:55 +0000 (16:12 -0400)]
only free the the vp on the error path
if the first byte is non-zero, then the result is non-zero,
and we don't need to check it on all paths
Alan T. DeKok [Fri, 8 Sep 2023 17:25:46 +0000 (13:25 -0400)]
don't bother checking chaddr size during decode
fr_dhcpv4_ok() checks if htype==1 && hlen==6, and fails if that
isn't true.
So either that test passed, or the caller didn't call fr_dhcpv4_ok()
to verify the packet. In either case, there's no reason to do
additional validation here.
Alan T. DeKok [Fri, 8 Sep 2023 19:42:17 +0000 (15:42 -0400)]
clear the value, to be consistent with other uses of free_value
Alan T. DeKok [Fri, 8 Sep 2023 19:42:02 +0000 (15:42 -0400)]
don't clear the box, clear only the value.
Alan T. DeKok [Fri, 8 Sep 2023 19:01:47 +0000 (15:01 -0400)]
hoist TLV checks to before creating the VP
because there's no point in creating the VP and then freeing it.
Alan T. DeKok [Fri, 8 Sep 2023 14:59:48 +0000 (10:59 -0400)]
use fr_pair_raw_from_network() instead of hand-rolling it
Alan T. DeKok [Fri, 8 Sep 2023 14:24:54 +0000 (10:24 -0400)]
define and use fr_dict_unknown_copy()
because we want to get rid of fr_pair_to_unknown(). The caller
should instead have created a raw attribute
Alan T. DeKok [Fri, 8 Sep 2023 14:09:41 +0000 (10:09 -0400)]
don't need to check is_raw flag
because we now always set is_raw for unknowns, so it's enough to
check the is_unknown flag
Alan T. DeKok [Fri, 8 Sep 2023 14:06:43 +0000 (10:06 -0400)]
hoist setting of "is raw" out of protocol decoders
and into the dictionary code so it's more centralized.
Another side effect is that unknown attributes are now always
"raw". Which is likely what we should always have done anyways
Alan T. DeKok [Fri, 8 Sep 2023 13:01:19 +0000 (09:01 -0400)]
hoist "is_raw" to be more public
There was already an "is_raw" field in the unresolved sub-structure
so just hoist it out, and use it instead of da->flags.is_raw
Alan T. DeKok [Fri, 8 Sep 2023 12:59:32 +0000 (08:59 -0400)]
fix unused
Alan T. DeKok [Fri, 8 Sep 2023 12:53:24 +0000 (08:53 -0400)]
use macros / functions instead of accessing fields directly
Alan T. DeKok [Fri, 8 Sep 2023 11:47:52 +0000 (07:47 -0400)]
define and use vp_raw
In preparation for moving the "raw" flag out of the dictionaries
Alan T. DeKok [Thu, 7 Sep 2023 21:41:40 +0000 (17:41 -0400)]
fix corner case CID
1544258
Alan T. DeKok [Thu, 7 Sep 2023 20:19:27 +0000 (16:19 -0400)]
use the correct name for the parnt type
Nick Porter [Fri, 8 Sep 2023 12:24:49 +0000 (13:24 +0100)]
Simplify fr_ldap_edir_get_password
Nick Porter [Fri, 8 Sep 2023 11:25:45 +0000 (12:25 +0100)]
Return an unlang_action_t from ldap bind auth functions
Nick Porter [Thu, 7 Sep 2023 18:13:59 +0000 (19:13 +0100)]
Ensure we free memory on errors
Nick Porter [Fri, 8 Sep 2023 10:01:08 +0000 (11:01 +0100)]
Handle rcode from previous async call
Nick Porter [Fri, 8 Sep 2023 09:37:14 +0000 (10:37 +0100)]
No need for p_result in async LDAP functions
It was only set on failure, and that is handled by the
UNLANG_ACTION_FAIL return code
Nick Porter [Thu, 7 Sep 2023 17:09:55 +0000 (18:09 +0100)]
Add max_request_time timer to unit_test_module
Nick Porter [Thu, 7 Sep 2023 14:42:20 +0000 (15:42 +0100)]
Typos
Nick Porter [Thu, 7 Sep 2023 13:25:22 +0000 (14:25 +0100)]
Ensure auth bind resume functions clear up after failed requests
Nick Porter [Thu, 7 Sep 2023 13:20:10 +0000 (14:20 +0100)]
Add callback for failed ldap auth binds
Nick Porter [Thu, 7 Sep 2023 12:59:27 +0000 (13:59 +0100)]
No need for request_free callback
bind_auth_ctx is parented of the trunk request so is freed automatically
Nick Porter [Fri, 8 Sep 2023 06:59:44 +0000 (07:59 +0100)]
Typo
Alan T. DeKok [Thu, 7 Sep 2023 19:24:29 +0000 (15:24 -0400)]
always decode tacacs as nested
Alan T. DeKok [Thu, 7 Sep 2023 19:19:58 +0000 (15:19 -0400)]
allow tacacs to encode nested attributes
Alan T. DeKok [Thu, 7 Sep 2023 19:09:08 +0000 (15:09 -0400)]
typos
Alan T. DeKok [Thu, 7 Sep 2023 19:04:33 +0000 (15:04 -0400)]
it's smarter to have clear-text unit tests
instead of encrypted ones. We should also add unit tests for
encrypted packets, too
Alan T. DeKok [Thu, 7 Sep 2023 18:52:05 +0000 (14:52 -0400)]
make pair_legacy_nested=true the default
EAP-SIM and TACACS+ do not yet handle nested attributes, so they
manually set the flag to false.
Alan T. DeKok [Thu, 7 Sep 2023 18:44:42 +0000 (14:44 -0400)]
remove flatten / unflatten tests and keywords
they are no longer necessary, as we are moving to nested attributes
Alan T. DeKok [Thu, 7 Sep 2023 18:02:36 +0000 (14:02 -0400)]
don't run unbound tests on OSX
it fails in CI, and we don't care enough to fix it
Arran Cudbard-Bell [Thu, 7 Sep 2023 17:58:18 +0000 (11:58 -0600)]
json: Add json escape
Alan T. DeKok [Thu, 7 Sep 2023 17:39:28 +0000 (13:39 -0400)]
minor tweaks
Alan T. DeKok [Thu, 7 Sep 2023 17:20:17 +0000 (13:20 -0400)]
tests for nested types
Alan T. DeKok [Thu, 7 Sep 2023 17:19:55 +0000 (13:19 -0400)]
loop over nested extended types
Alan T. DeKok [Thu, 7 Sep 2023 17:19:29 +0000 (13:19 -0400)]
VSAs can only contain internal attributes and VENDORs
Alan T. DeKok [Thu, 7 Sep 2023 17:17:06 +0000 (13:17 -0400)]
the RADIUS protocol cannot encode attributes of type 'group'
Alan T. DeKok [Wed, 6 Sep 2023 21:04:27 +0000 (17:04 -0400)]
check return for CID
1544245
Realistically, unlang_xlat_yield() _always_ returns
XLAT_ACTION_YIELD, and the only reason it returns anything
is so that we can do "return unlang_xlat_yield()"
Alan T. DeKok [Wed, 6 Sep 2023 18:26:59 +0000 (14:26 -0400)]
decode TLVs nested
Alan T. DeKok [Wed, 6 Sep 2023 18:22:20 +0000 (14:22 -0400)]
nested tests for wimax
Alan T. DeKok [Wed, 6 Sep 2023 18:05:09 +0000 (14:05 -0400)]
note that giving flat lists results in us creating nested ones
Nick Porter [Wed, 6 Sep 2023 18:58:42 +0000 (19:58 +0100)]
Add 'Net.*' pairs to TACACS
Alan T. DeKok [Wed, 6 Sep 2023 16:50:14 +0000 (12:50 -0400)]
VSA types are decoded as groups
note that we will have to audit all of the "decode raw" routines.
the current behavior is for the _called_ function to create a
"raw" parent if the decode fails. If the parent is itself a group,
the called function will instead have to return an error, and then
the calling function will turn it into a raw attribute
Alan T. DeKok [Wed, 6 Sep 2023 14:09:36 +0000 (10:09 -0400)]
coalesce VENDOR attributes at the same level
Alan T. DeKok [Wed, 6 Sep 2023 12:22:51 +0000 (08:22 -0400)]
VSA types are decoded as groups
Alan T. DeKok [Wed, 6 Sep 2023 12:18:25 +0000 (08:18 -0400)]
coalesce VSAs at the same level
Nick Porter [Wed, 6 Sep 2023 11:26:52 +0000 (12:26 +0100)]
Insert new pair where we were asked to
Alan T. DeKok [Wed, 6 Sep 2023 12:07:35 +0000 (08:07 -0400)]
decode as nested
except for FR_TYPE_GROUP, which gets put into the group VP, but
the attributes are decoded from the dict root
@todo - we don't coalesce vendor / VSA data types, and we should
probably do that.
Alan T. DeKok [Wed, 6 Sep 2023 01:48:32 +0000 (21:48 -0400)]
fix group decoding
on failed decode of group, create a raw attribute instead of
returning an error.
return in the group handler, so that we don't set vp->vp_tainted
for a structural data type.
Nick Porter [Wed, 6 Sep 2023 09:40:38 +0000 (10:40 +0100)]
Don't leak memory
Arran Cudbard-Bell [Wed, 6 Sep 2023 08:55:51 +0000 (02:55 -0600)]
ldap: Quiet clang
Arran Cudbard-Bell [Wed, 6 Sep 2023 05:28:39 +0000 (23:28 -0600)]
ldap: Accept profile in either URI form or DN form
Arran Cudbard-Bell [Wed, 6 Sep 2023 04:53:00 +0000 (22:53 -0600)]
ldap: Fix auth tests
Arran Cudbard-Bell [Wed, 6 Sep 2023 04:00:06 +0000 (22:00 -0600)]
ldap: Add profile xlat to allow application of arbitrary profiles
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:58:02 +0000 (21:58 -0600)]
ldap: Take a ctx in fr_lap_map_expand
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:57:16 +0000 (21:57 -0600)]
ldap: Return the result code from the LDAP operation in rlm_ldap_map_profile instead of messing with the rcode
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:42:54 +0000 (21:42 -0600)]
ldap: Make type names more explicit
Arran Cudbard-Bell [Wed, 6 Sep 2023 03:40:55 +0000 (21:40 -0600)]
ldap: Replace confusing macro with static inline
Arran Cudbard-Bell [Tue, 5 Sep 2023 22:08:42 +0000 (16:08 -0600)]
Split out and abstract ldap profile code
Alan T. DeKok [Tue, 5 Sep 2023 22:09:50 +0000 (18:09 -0400)]
also use local libraries for unit tests
Arran Cudbard-Bell [Tue, 5 Sep 2023 21:19:12 +0000 (15:19 -0600)]
Initialise more boxes correctly
Alan T. DeKok [Tue, 5 Sep 2023 19:48:43 +0000 (15:48 -0400)]
Revert "always call fr_pair_tlvs_from_network() as nested"
This reverts commit
53d37c2b16802920a6d6ebcba568859e48dc5789 .
Alan T. DeKok [Tue, 5 Sep 2023 19:29:39 +0000 (15:29 -0400)]
update tests, too
Alan T. DeKok [Tue, 5 Sep 2023 18:59:28 +0000 (14:59 -0400)]
this is now nested
Alan T. DeKok [Tue, 5 Sep 2023 17:59:27 +0000 (13:59 -0400)]
always call fr_pair_tlvs_from_network() as nested
Alan T. DeKok [Tue, 5 Sep 2023 17:56:19 +0000 (13:56 -0400)]
always call fr_pair_tlvs_from_network() as nested
Alan T. DeKok [Tue, 5 Sep 2023 17:38:34 +0000 (13:38 -0400)]
more peephole optimizations for logical operations
Alan T. DeKok [Tue, 5 Sep 2023 17:35:20 +0000 (13:35 -0400)]
mark up "@todo" with more comments and classifications
Alan T. DeKok [Tue, 5 Sep 2023 17:18:29 +0000 (13:18 -0400)]
decode DHCPv6 structs as nested
Alan T. DeKok [Tue, 5 Sep 2023 16:55:56 +0000 (12:55 -0400)]
set mutable recursively
Alan T. DeKok [Tue, 5 Sep 2023 16:55:41 +0000 (12:55 -0400)]
typo
Nick Porter [Tue, 5 Sep 2023 16:00:18 +0000 (17:00 +0100)]
Remove unused variable
Nick Porter [Tue, 5 Sep 2023 13:10:35 +0000 (14:10 +0100)]
Reconnect trunk connection if the error is FR_LDAP_BAD_CONN
Nick Porter [Tue, 5 Sep 2023 11:22:09 +0000 (12:22 +0100)]
Correct passing of fr_ldap_connection_t in async functions
The comment about changing the connection due to auto re-connect is
wrong - that was the old sync code behaviour.
Nick Porter [Tue, 5 Sep 2023 11:02:29 +0000 (12:02 +0100)]
Use standard routine to proces LDAP errors
Allows distinguishing between e.g. syntax errors and connection errors.
Nick Porter [Tue, 5 Sep 2023 09:53:32 +0000 (10:53 +0100)]
Handle LDAP query result codes correctly
Nick Porter [Tue, 5 Sep 2023 15:40:04 +0000 (16:40 +0100)]
Add callback to tidy up if LDAP trunk requests fail
Alan T. DeKok [Tue, 5 Sep 2023 14:19:50 +0000 (10:19 -0400)]
notes on future peephole optimization
Alan T. DeKok [Tue, 5 Sep 2023 14:18:53 +0000 (10:18 -0400)]
pass in the correct operator
Alan T. DeKok [Tue, 5 Sep 2023 13:37:04 +0000 (09:37 -0400)]
if aavailable, check the enum name at parse time
Alan T. DeKok [Tue, 5 Sep 2023 13:36:39 +0000 (09:36 -0400)]
only set fixed length for leaf types which have fixed length
Alan T. DeKok [Tue, 5 Sep 2023 13:30:22 +0000 (09:30 -0400)]
make sure the value-box is initialized
Alan T. DeKok [Mon, 4 Sep 2023 19:54:14 +0000 (15:54 -0400)]
If we have a LHS leaf, pass it to the RHS tmpl parser
which means that we catch more load-time errors for typos in
the configuration files.
and add test case.
The RHS resolution is done in pass2, so there's no issue with an
enum name being defined after the configuration files have been read.
Alan T. DeKok [Mon, 4 Sep 2023 19:50:10 +0000 (15:50 -0400)]
add unknown only if the LHS is unknown
and assert that the LHS is an attribute, which it should be for
being a bare word
Alan T. DeKok [Mon, 4 Sep 2023 17:23:33 +0000 (13:23 -0400)]
use attr_net_*, and suppress Net.* if they exist in the list
Nick Porter [Tue, 5 Sep 2023 08:11:52 +0000 (09:11 +0100)]
Add ldap test using SASL proxy authorization for admin bind
Nick Porter [Tue, 5 Sep 2023 07:17:48 +0000 (08:17 +0100)]
Pacify coverity