]>
git.ipfire.org Git - thirdparty/freeradius-server.git/log
Alan T. DeKok [Tue, 15 Aug 2023 20:33:52 +0000 (16:33 -0400)]
we only care that it doesn't crash.
We don't care what the results are
Alan T. DeKok [Tue, 15 Aug 2023 20:07:25 +0000 (16:07 -0400)]
allow '=' for list assignment to leaf types, too
Alan T. DeKok [Tue, 15 Aug 2023 12:26:07 +0000 (08:26 -0400)]
clear out old resume function and rctx
when we have two xlats in a row, the first one might need to be
resumed, so it pushes a resume ctx onto the stack. It then returns
"done", and the xlat evaluator goes to the next xlat node.
However, the next xlat node might _not_ push a resume function onto
the stack. So when the evaluator resumes, it will see the first
resume function and rctx, and call it again. Cue boom.
The solution is on DONE, replace the resume function / rctx with
a NULL one which does nothing.
Alan T. DeKok [Tue, 15 Aug 2023 12:25:38 +0000 (08:25 -0400)]
copy from v3.2.x
Jorge Pereira [Mon, 14 Aug 2023 22:49:25 +0000 (19:49 -0300)]
Fix typos
Alan T. DeKok [Mon, 14 Aug 2023 16:16:44 +0000 (12:16 -0400)]
remove diag, as some compilers don't understand it
Alan T. DeKok [Mon, 14 Aug 2023 12:41:18 +0000 (08:41 -0400)]
clean up for semicolons
Alan T. DeKok [Sat, 12 Aug 2023 13:39:24 +0000 (09:39 -0400)]
move wimax tests to new framework
Matthew Newton [Fri, 11 Aug 2023 22:35:02 +0000 (23:35 +0100)]
CI: use correct inputs
Arran Cudbard-Bell [Fri, 11 Aug 2023 20:47:27 +0000 (14:47 -0600)]
json: Another test
Alan T. DeKok [Fri, 11 Aug 2023 13:33:27 +0000 (09:33 -0400)]
delay commas until necessary
we have a host of stopping conditions, which can be nested.
As a result, a simple `next != NULL` check isn't enough to
determine if we need to write out a comma. Instead, we delay
the comma until necessary.
Alan T. DeKok [Fri, 11 Aug 2023 13:27:23 +0000 (09:27 -0400)]
remove extraneous ,
Alan T. DeKok [Thu, 10 Aug 2023 16:03:51 +0000 (12:03 -0400)]
clean up fr_pair_list_print() and make it work in more situations
Alan T. DeKok [Wed, 9 Aug 2023 17:21:32 +0000 (13:21 -0400)]
remove extraneous assert
Arran Cudbard-Bell [Wed, 9 Aug 2023 22:24:03 +0000 (16:24 -0600)]
json: various fixes
Arran Cudbard-Bell [Wed, 9 Aug 2023 21:29:38 +0000 (15:29 -0600)]
json: Modify json_quote function to be more useful
Output can now be interpolated with other JSON text and will always produce valid JSON values.
Arran Cudbard-Bell [Thu, 3 Aug 2023 21:30:53 +0000 (15:30 -0600)]
initialise with zero length strings
Alan T. DeKok [Wed, 9 Aug 2023 14:55:44 +0000 (10:55 -0400)]
it helps to parse psk_identity etc. in the client configuration
James Jones [Tue, 8 Aug 2023 19:57:23 +0000 (14:57 -0500)]
typo
Alan T. DeKok [Tue, 8 Aug 2023 19:59:20 +0000 (15:59 -0400)]
add and use fr_pair_legacy_print_nested flag
so that we can update the tests to print flat attributes as nested,
without updating all of the tests.
The next step is to set the flag in the tests, so that the tests
will parse flat attributes, but will always print nested ones.
Alan T. DeKok [Tue, 8 Aug 2023 14:30:04 +0000 (10:30 -0400)]
unify "attribute" and "pair" commands
the "attribute" command parsed a pair or a list of pairs, as did
the "pair" command. But the "pair" command did it manually, which
meant that it was unable to correctly deal with structural attributes
Alan T. DeKok [Tue, 8 Aug 2023 14:25:22 +0000 (10:25 -0400)]
this was unused by anything
Nick Porter [Tue, 8 Aug 2023 14:55:05 +0000 (15:55 +0100)]
Add Ruckus attributes from Cloudpath config
Alan T. DeKok [Tue, 8 Aug 2023 12:57:19 +0000 (08:57 -0400)]
remove stray assert
Nick Porter [Tue, 8 Aug 2023 09:59:35 +0000 (10:59 +0100)]
Ensure temporary list is freed
Matthew Newton [Mon, 7 Aug 2023 14:56:14 +0000 (15:56 +0100)]
CI: split some install dependencies to separate action
Alan T. DeKok [Mon, 7 Aug 2023 13:53:37 +0000 (09:53 -0400)]
unify fr_pair_print() and fr_pair_list_print() functions
so that they call each other. i.e. less code.
And clean up various other bits
Alan T. DeKok [Mon, 7 Aug 2023 13:48:36 +0000 (09:48 -0400)]
Revert "Keep too-long lines from overwriting output_buffer (#5093)"
This reverts commit
b69393030a90e01aa9ff592d0171333efa1c3498 .
You can use "goto" to jump into another block, but that won't
cause the compiler to treat variables of the same name as identical.
Alan T. DeKok [Mon, 7 Aug 2023 13:10:21 +0000 (09:10 -0400)]
add and use fr_pair_list_print()
so that we can hoist the "nested or not" debug printing into
this function. Which also lets this function peek ahead, and
print attributes as if they were nested when they really aren't
Matthew Newton [Mon, 7 Aug 2023 11:53:45 +0000 (12:53 +0100)]
CI fuzzing: install extras repo for latest libkqueue
Matthew Newton [Mon, 7 Aug 2023 11:53:19 +0000 (12:53 +0100)]
CI fuzzing: show which commit is being tested
Matthew Newton [Sat, 5 Aug 2023 20:42:52 +0000 (21:42 +0100)]
docs: antora web redirects
Matthew Newton [Fri, 4 Aug 2023 21:04:04 +0000 (22:04 +0100)]
docs: ensure v4 antora docs are marked as development
Matthew Newton [Fri, 4 Aug 2023 15:57:08 +0000 (16:57 +0100)]
docs: antora ui dir and site url
Matthew Newton [Fri, 4 Aug 2023 20:56:41 +0000 (21:56 +0100)]
docs: minor updates
Alan T. DeKok [Thu, 3 Aug 2023 19:36:54 +0000 (15:36 -0400)]
minor tweak and notes on connected UDP sockets
Arran Cudbard-Bell [Thu, 3 Aug 2023 16:03:55 +0000 (11:03 -0500)]
cache: Don't deadlock rbtree module if the cache entry isn't found and the cache xlat is called
James Jones [Thu, 3 Aug 2023 12:30:06 +0000 (07:30 -0500)]
Remove pointless casts (#5132)
Arran Cudbard-Bell [Wed, 2 Aug 2023 20:21:37 +0000 (15:21 -0500)]
json: Add test for consuming output from function like xlat
James Jones [Wed, 2 Aug 2023 18:48:19 +0000 (13:48 -0500)]
Initialize local value boxes for some coercion results (CIDs below)
CIDs: #
1503917 , #
1503948 , #1503o5o, #
1503989
These are in calc_{string, octet}(), where coercion results stored
in locals must be cleared before returning. Currently coverity claims
that the value box's type is not set. One would think that modeling
fr_value_box_cast() to say it writes the destination on success would
suffice, but that might not be the case, so we will initialize the
value boxes just as we have done with some local buffers used in
sbuffs.
Nick Porter [Tue, 1 Aug 2023 15:15:36 +0000 (16:15 +0100)]
Improve sample TACACS virtual server
Nick Porter [Tue, 1 Aug 2023 14:08:55 +0000 (15:08 +0100)]
Add authentication flags attribute and set to No-Echo for TACACS GetPass
github-actions[bot] [Tue, 1 Aug 2023 09:34:49 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:46 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:43 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:40 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:37 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:34 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:31 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:28 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:24 +0000 (09:34 +0000)]
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
Matthew Newton [Mon, 31 Jul 2023 17:05:25 +0000 (18:05 +0100)]
Change other kqueue ifdef, too
See
433970a3ed07
Alan T. DeKok [Mon, 31 Jul 2023 15:55:28 +0000 (11:55 -0400)]
used / unused
Alan T. DeKok [Mon, 31 Jul 2023 15:33:48 +0000 (11:33 -0400)]
typo
Alan T. DeKok [Mon, 31 Jul 2023 15:31:57 +0000 (11:31 -0400)]
typos and word smithing
Alan T. DeKok [Mon, 31 Jul 2023 15:31:38 +0000 (11:31 -0400)]
add tests for explicit_bzero() and memset_explicit()
Alan T. DeKok [Mon, 31 Jul 2023 15:30:24 +0000 (11:30 -0400)]
move to using memset_explicit()
Alan T. DeKok [Mon, 31 Jul 2023 15:17:13 +0000 (11:17 -0400)]
move Interpreter to top
James Jones [Mon, 31 Jul 2023 15:19:05 +0000 (10:19 -0500)]
Missed out init in test_bstrncpy() (CID #
1504057 ) (#5127)
Arran Cudbard-Bell [Sat, 29 Jul 2023 15:42:02 +0000 (11:42 -0400)]
redisGetReply doesn't nullify the reply pointer when there's no reply...
Arran Cudbard-Bell [Fri, 28 Jul 2023 19:23:12 +0000 (15:23 -0400)]
redis: Expose read only toggle
Arran Cudbard-Bell [Fri, 28 Jul 2023 19:22:20 +0000 (15:22 -0400)]
redis: Don't prefix function loading with "read only"
James Jones [Fri, 28 Jul 2023 19:02:13 +0000 (14:02 -0500)]
Help coverity recognize the range check (CID #
1503921 ) (#5125)
The code checks that offset is in [12, start - packet), and
coverity recognizes the lower bound check as constraining
offset, but doesn't recognze the upper bound check, hence the
TAINTED_SCALAR defect. We rewrite the check in an equivalent
form with offset by itself on one side of the relational
operator.
James Jones [Fri, 28 Jul 2023 19:01:16 +0000 (14:01 -0500)]
Enclose explicit loop case of fr_memset_secure() in block (#5126)
Done because of the initial if statement, which makes the
explicit loop declaratons not be at the start of a block.
James Jones [Fri, 28 Jul 2023 14:15:29 +0000 (09:15 -0500)]
Keep too-long lines from overwriting output_buffer (#5093)
This came up because of CID #
1533664 , but almost certainly won't
placate coverity. It just makes sure that it won't ask for more
than will fit in output_buff, at the extremely rare cost of not
printing all of the remaining part of the line.
Alan T. DeKok [Thu, 27 Jul 2023 22:53:03 +0000 (15:53 -0700)]
add and use fr_memset_secure()
we will update the configure scripts later
Alan T. DeKok [Thu, 27 Jul 2023 22:42:18 +0000 (15:42 -0700)]
Revert "securely wipe secret information in pairs"
This reverts commit
d8ddfd4a1df33cfa21b942b20ce53af263b93c52 .
nope. Various Linux distributions don't have it.
Alan T. DeKok [Thu, 27 Jul 2023 22:27:38 +0000 (15:27 -0700)]
securely wipe secret information in pairs
James Jones [Thu, 27 Jul 2023 16:00:13 +0000 (11:00 -0500)]
Check fr_sbuff_in_bstrncpy() in generate_from_header() (CID #
1503908 ) (#5107)
James Jones [Thu, 27 Jul 2023 15:59:49 +0000 (10:59 -0500)]
Initialize sbuff_tests output buffers for now (#5098)
CID #
1503912 , #
1503930 , #
1503945 , #
1503930 , #
1503945
This should quiet coverity while we figure out why the
sbuff function models don't communicate to coverity that
on success, they really do write to the output sbuff.
James Jones [Thu, 27 Jul 2023 15:58:36 +0000 (10:58 -0500)]
Check sbuff returns in header_source() (CIDs #150424, #150280) (#5116)
It's seriously unlikely, since conf_buffer can use all the
memory there is, but in theory the generation of the SMTP header
*could* fail, and that's enough to make coverity kvetch.
James Jones [Thu, 27 Jul 2023 15:58:12 +0000 (10:58 -0500)]
Make clear to fr_radius_ok() that totallen is validated (CID #
1455247 ) (#5109)
Coverity thinks that calculating totallen via byte-swapping taints
the buffer holding the packet to be decoded. Modeling fr_radius_ok()
doesn't seem to have worked, so we'll try making it clear to coverity
that we validate totallen.
Arran Cudbard-Bell [Thu, 27 Jul 2023 15:11:28 +0000 (11:11 -0400)]
ldap: Alloc all resources at the start of the function
Max Khon [Thu, 27 Jul 2023 15:09:14 +0000 (23:09 +0800)]
Add _ldap_connection_close_watch only after `queries' have been (#5123)
initialized and after the connection is known to be correctly
initialized (and not free'd after being added to close watch list).
Matthew Newton [Thu, 27 Jul 2023 11:59:14 +0000 (12:59 +0100)]
minor documentation updates
Matthew Newton [Wed, 26 Jul 2023 15:11:56 +0000 (16:11 +0100)]
Update FreeRADIUS web site Antora documentation
Matthew Newton [Wed, 26 Jul 2023 15:05:43 +0000 (16:05 +0100)]
bump antora to 3.1 as 2.0 is now EOL
Nick Porter [Wed, 26 Jul 2023 12:35:40 +0000 (13:35 +0100)]
Add copying of secret flag to xlats which create a new value box
and produce output which can reveal the input
Nick Porter [Wed, 26 Jul 2023 12:33:48 +0000 (13:33 +0100)]
Use fr_value_box_contains_secret when securely printing lists
Lists can contain groups and the secret could be a child of a group
Nick Porter [Wed, 26 Jul 2023 12:28:53 +0000 (13:28 +0100)]
Set value box secret on all concat_in_place paths
Nick Porter [Wed, 26 Jul 2023 09:34:04 +0000 (10:34 +0100)]
Add sample "send ...Get..." sections to TACACS virtual server
Nick Porter [Wed, 26 Jul 2023 10:03:06 +0000 (11:03 +0100)]
Set the secret flag of User-Message based on the attribute it really holds
Nick Porter [Wed, 26 Jul 2023 10:02:10 +0000 (11:02 +0100)]
Add API for querying / manipulating value box secret flag
In anticipation of the flags moving to a structure.
Nick Porter [Wed, 26 Jul 2023 09:31:12 +0000 (10:31 +0100)]
TACACS User-Message can contain the password - so mark as secret
Matthew Newton [Wed, 26 Jul 2023 12:32:52 +0000 (13:32 +0100)]
doc: man page asciidoc fixes
Matthew Newton [Wed, 26 Jul 2023 12:10:49 +0000 (13:10 +0100)]
doc: fix nav for howtos and tutorials
Matthew Newton [Tue, 25 Jul 2023 18:23:13 +0000 (19:23 +0100)]
docs: some small antora fixes
and remove unused list.adoc (replaced by all_modules.adoc)
Matthew Newton [Tue, 25 Jul 2023 18:25:09 +0000 (19:25 +0100)]
doc: fix a load of broken xrefs
Arran Cudbard-Bell [Wed, 26 Jul 2023 03:58:20 +0000 (20:58 -0700)]
We don't need to qualify the enums in the calix dictionary
Nick Porter [Tue, 25 Jul 2023 12:38:48 +0000 (13:38 +0100)]
Record file destination from config into default_log
Needed so that each destination created from default_log knows what file
to use.
Nick Porter [Tue, 25 Jul 2023 06:48:24 +0000 (07:48 +0100)]
Typo
Nick Porter [Mon, 24 Jul 2023 16:11:43 +0000 (17:11 +0100)]
Keep track of secret flag when concatenating value boxes to string / octets
Nick Porter [Mon, 24 Jul 2023 14:31:56 +0000 (15:31 +0100)]
If suppress_secrets is set, use hide secret value boxes in %pM printing
Nick Porter [Mon, 24 Jul 2023 14:26:06 +0000 (15:26 +0100)]
Add fr_value_box_list_aprint_secure()
For printing lists of boxes in debug output when hiding secret values
Nick Porter [Mon, 24 Jul 2023 13:05:37 +0000 (14:05 +0100)]
Always parse log section of main config
There are other options in there besides the destination.
Arran Cudbard-Bell [Sat, 22 Jul 2023 22:36:01 +0000 (15:36 -0700)]
Whilst the fr_box() macros do something different to fr_value_box, it's still not appropriate to use strlen implicitly when boxing values
Alan T. DeKok [Sat, 22 Jul 2023 16:00:37 +0000 (12:00 -0400)]
User-Password is secret here, too
Alan T. DeKok [Sat, 22 Jul 2023 15:48:26 +0000 (11:48 -0400)]
in may be NULL
Alan T. DeKok [Sat, 22 Jul 2023 12:49:54 +0000 (08:49 -0400)]
mark secrets as secret
James Jones [Fri, 21 Jul 2023 12:55:47 +0000 (07:55 -0500)]
Uase __coverity_writeall__() in fr_value_vox_init() model