]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
2 years agowe only care that it doesn't crash.
Alan T. DeKok [Tue, 15 Aug 2023 20:33:52 +0000 (16:33 -0400)] 
we only care that it doesn't crash.

We don't care what the results are

2 years agoallow '=' for list assignment to leaf types, too
Alan T. DeKok [Tue, 15 Aug 2023 20:07:25 +0000 (16:07 -0400)] 
allow '=' for list assignment to leaf types, too

2 years agoclear out old resume function and rctx
Alan T. DeKok [Tue, 15 Aug 2023 12:26:07 +0000 (08:26 -0400)] 
clear out old resume function and rctx

when we have two xlats in a row, the first one might need to be
resumed, so it pushes a resume ctx onto the stack.  It then returns
"done", and the xlat evaluator goes to the next xlat node.

However, the next xlat node might _not_ push a resume function onto
the stack.  So when the evaluator resumes, it will see the first
resume function and rctx, and call it again.  Cue boom.

The solution is on DONE, replace the resume function / rctx with
a NULL one which does nothing.

2 years agocopy from v3.2.x
Alan T. DeKok [Tue, 15 Aug 2023 12:25:38 +0000 (08:25 -0400)] 
copy from v3.2.x

2 years agoFix typos
Jorge Pereira [Mon, 14 Aug 2023 22:49:25 +0000 (19:49 -0300)] 
Fix typos

2 years agoremove diag, as some compilers don't understand it
Alan T. DeKok [Mon, 14 Aug 2023 16:16:44 +0000 (12:16 -0400)] 
remove diag, as some compilers don't understand it

2 years agoclean up for semicolons
Alan T. DeKok [Mon, 14 Aug 2023 12:41:18 +0000 (08:41 -0400)] 
clean up for semicolons

2 years agomove wimax tests to new framework
Alan T. DeKok [Sat, 12 Aug 2023 13:39:24 +0000 (09:39 -0400)] 
move wimax tests to new framework

2 years agoCI: use correct inputs
Matthew Newton [Fri, 11 Aug 2023 22:35:02 +0000 (23:35 +0100)] 
CI: use correct inputs

2 years agojson: Another test
Arran Cudbard-Bell [Fri, 11 Aug 2023 20:47:27 +0000 (14:47 -0600)] 
json: Another test

2 years agodelay commas until necessary
Alan T. DeKok [Fri, 11 Aug 2023 13:33:27 +0000 (09:33 -0400)] 
delay commas until necessary

we have a host of stopping conditions, which can be nested.
As a result, a simple `next != NULL` check isn't enough to
determine if we need to write out a comma.  Instead, we delay
the comma until necessary.

2 years agoremove extraneous ,
Alan T. DeKok [Fri, 11 Aug 2023 13:27:23 +0000 (09:27 -0400)] 
remove extraneous ,

2 years agoclean up fr_pair_list_print() and make it work in more situations
Alan T. DeKok [Thu, 10 Aug 2023 16:03:51 +0000 (12:03 -0400)] 
clean up fr_pair_list_print() and make it work in more situations

2 years agoremove extraneous assert
Alan T. DeKok [Wed, 9 Aug 2023 17:21:32 +0000 (13:21 -0400)] 
remove extraneous assert

2 years agojson: various fixes
Arran Cudbard-Bell [Wed, 9 Aug 2023 22:24:03 +0000 (16:24 -0600)] 
json: various fixes

2 years agojson: Modify json_quote function to be more useful
Arran Cudbard-Bell [Wed, 9 Aug 2023 21:29:38 +0000 (15:29 -0600)] 
json: Modify json_quote function to be more useful

Output can now be interpolated with other JSON text and will always produce valid JSON values.

2 years agoinitialise with zero length strings
Arran Cudbard-Bell [Thu, 3 Aug 2023 21:30:53 +0000 (15:30 -0600)] 
initialise with zero length strings

2 years agoit helps to parse psk_identity etc. in the client configuration
Alan T. DeKok [Wed, 9 Aug 2023 14:55:44 +0000 (10:55 -0400)] 
it helps to parse psk_identity etc. in the client configuration

2 years agotypo
James Jones [Tue, 8 Aug 2023 19:57:23 +0000 (14:57 -0500)] 
typo

2 years agoadd and use fr_pair_legacy_print_nested flag
Alan T. DeKok [Tue, 8 Aug 2023 19:59:20 +0000 (15:59 -0400)] 
add and use fr_pair_legacy_print_nested flag

so that we can update the tests to print flat attributes as nested,
without updating all of the tests.

The next step is to set the flag in the tests, so that the tests
will parse flat attributes, but will always print nested ones.

2 years agounify "attribute" and "pair" commands
Alan T. DeKok [Tue, 8 Aug 2023 14:30:04 +0000 (10:30 -0400)] 
unify "attribute" and "pair" commands

the "attribute" command parsed a pair or a list of pairs, as did
the "pair" command.  But the "pair" command did it manually, which
meant that it was unable to correctly deal with structural attributes

2 years agothis was unused by anything
Alan T. DeKok [Tue, 8 Aug 2023 14:25:22 +0000 (10:25 -0400)] 
this was unused by anything

2 years agoAdd Ruckus attributes from Cloudpath config
Nick Porter [Tue, 8 Aug 2023 14:55:05 +0000 (15:55 +0100)] 
Add Ruckus attributes from Cloudpath config

2 years agoremove stray assert
Alan T. DeKok [Tue, 8 Aug 2023 12:57:19 +0000 (08:57 -0400)] 
remove stray assert

2 years agoEnsure temporary list is freed
Nick Porter [Tue, 8 Aug 2023 09:59:35 +0000 (10:59 +0100)] 
Ensure temporary list is freed

2 years agoCI: split some install dependencies to separate action
Matthew Newton [Mon, 7 Aug 2023 14:56:14 +0000 (15:56 +0100)] 
CI: split some install dependencies to separate action

2 years agounify fr_pair_print() and fr_pair_list_print() functions
Alan T. DeKok [Mon, 7 Aug 2023 13:53:37 +0000 (09:53 -0400)] 
unify fr_pair_print() and fr_pair_list_print() functions

so that they call each other.  i.e. less code.

And clean up various other bits

2 years agoRevert "Keep too-long lines from overwriting output_buffer (#5093)"
Alan T. DeKok [Mon, 7 Aug 2023 13:48:36 +0000 (09:48 -0400)] 
Revert "Keep too-long lines from overwriting output_buffer (#5093)"

This reverts commit b69393030a90e01aa9ff592d0171333efa1c3498.

You can use "goto" to jump into another block, but that won't
cause the compiler to treat variables of the same name as identical.

2 years agoadd and use fr_pair_list_print()
Alan T. DeKok [Mon, 7 Aug 2023 13:10:21 +0000 (09:10 -0400)] 
add and use fr_pair_list_print()

so that we can hoist the "nested or not" debug printing into
this function.  Which also lets this function peek ahead, and
print attributes as if they were nested when they really aren't

2 years agoCI fuzzing: install extras repo for latest libkqueue
Matthew Newton [Mon, 7 Aug 2023 11:53:45 +0000 (12:53 +0100)] 
CI fuzzing: install extras repo for latest libkqueue

2 years agoCI fuzzing: show which commit is being tested
Matthew Newton [Mon, 7 Aug 2023 11:53:19 +0000 (12:53 +0100)] 
CI fuzzing: show which commit is being tested

2 years agodocs: antora web redirects
Matthew Newton [Sat, 5 Aug 2023 20:42:52 +0000 (21:42 +0100)] 
docs: antora web redirects

2 years agodocs: ensure v4 antora docs are marked as development
Matthew Newton [Fri, 4 Aug 2023 21:04:04 +0000 (22:04 +0100)] 
docs: ensure v4 antora docs are marked as development

2 years agodocs: antora ui dir and site url
Matthew Newton [Fri, 4 Aug 2023 15:57:08 +0000 (16:57 +0100)] 
docs: antora ui dir and site url

2 years agodocs: minor updates
Matthew Newton [Fri, 4 Aug 2023 20:56:41 +0000 (21:56 +0100)] 
docs: minor updates

2 years agominor tweak and notes on connected UDP sockets
Alan T. DeKok [Thu, 3 Aug 2023 19:36:54 +0000 (15:36 -0400)] 
minor tweak and notes on connected UDP sockets

2 years agocache: Don't deadlock rbtree module if the cache entry isn't found and the cache...
Arran Cudbard-Bell [Thu, 3 Aug 2023 16:03:55 +0000 (11:03 -0500)] 
cache: Don't deadlock rbtree module if the cache entry isn't found and the cache xlat is called

2 years agoRemove pointless casts (#5132)
James Jones [Thu, 3 Aug 2023 12:30:06 +0000 (07:30 -0500)] 
Remove pointless casts (#5132)

2 years agojson: Add test for consuming output from function like xlat
Arran Cudbard-Bell [Wed, 2 Aug 2023 20:21:37 +0000 (15:21 -0500)] 
json: Add test for consuming output from function like xlat

2 years agoInitialize local value boxes for some coercion results (CIDs below)
James Jones [Wed, 2 Aug 2023 18:48:19 +0000 (13:48 -0500)] 
Initialize local value boxes for some coercion results (CIDs below)

CIDs: #1503917, #1503948, #1503o5o, #1503989

These are in calc_{string, octet}(), where coercion results stored
in locals must be cleared before returning. Currently coverity claims
that the value box's type is not set. One would think that modeling
fr_value_box_cast() to say it writes the destination on success would
suffice, but that might not be the case, so we will initialize the
value boxes just as we have done with some local buffers used in
sbuffs.

2 years agoImprove sample TACACS virtual server
Nick Porter [Tue, 1 Aug 2023 15:15:36 +0000 (16:15 +0100)] 
Improve sample TACACS virtual server

2 years agoAdd authentication flags attribute and set to No-Echo for TACACS GetPass
Nick Porter [Tue, 1 Aug 2023 14:08:55 +0000 (15:08 +0100)] 
Add authentication flags attribute and set to No-Echo for TACACS GetPass

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:49 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:46 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:43 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:40 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:37 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:34 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:31 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:28 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar

2 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
github-actions[bot] [Tue, 1 Aug 2023 09:34:24 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar

2 years agoChange other kqueue ifdef, too
Matthew Newton [Mon, 31 Jul 2023 17:05:25 +0000 (18:05 +0100)] 
Change other kqueue ifdef, too

See 433970a3ed07

2 years agoused / unused
Alan T. DeKok [Mon, 31 Jul 2023 15:55:28 +0000 (11:55 -0400)] 
used / unused

2 years agotypo
Alan T. DeKok [Mon, 31 Jul 2023 15:33:48 +0000 (11:33 -0400)] 
typo

2 years agotypos and word smithing
Alan T. DeKok [Mon, 31 Jul 2023 15:31:57 +0000 (11:31 -0400)] 
typos and word smithing

2 years agoadd tests for explicit_bzero() and memset_explicit()
Alan T. DeKok [Mon, 31 Jul 2023 15:31:38 +0000 (11:31 -0400)] 
add tests for explicit_bzero() and memset_explicit()

2 years agomove to using memset_explicit()
Alan T. DeKok [Mon, 31 Jul 2023 15:30:24 +0000 (11:30 -0400)] 
move to using memset_explicit()

2 years agomove Interpreter to top
Alan T. DeKok [Mon, 31 Jul 2023 15:17:13 +0000 (11:17 -0400)] 
move Interpreter to top

2 years agoMissed out init in test_bstrncpy() (CID #1504057) (#5127)
James Jones [Mon, 31 Jul 2023 15:19:05 +0000 (10:19 -0500)] 
Missed out init in test_bstrncpy() (CID #1504057) (#5127)

2 years agoredisGetReply doesn't nullify the reply pointer when there's no reply...
Arran Cudbard-Bell [Sat, 29 Jul 2023 15:42:02 +0000 (11:42 -0400)] 
redisGetReply doesn't nullify the reply pointer when there's no reply...

2 years agoredis: Expose read only toggle
Arran Cudbard-Bell [Fri, 28 Jul 2023 19:23:12 +0000 (15:23 -0400)] 
redis: Expose read only toggle

2 years agoredis: Don't prefix function loading with "read only"
Arran Cudbard-Bell [Fri, 28 Jul 2023 19:22:20 +0000 (15:22 -0400)] 
redis: Don't prefix function loading with "read only"

2 years agoHelp coverity recognize the range check (CID #1503921) (#5125)
James Jones [Fri, 28 Jul 2023 19:02:13 +0000 (14:02 -0500)] 
Help coverity recognize the range check (CID #1503921) (#5125)

The code checks that offset is in [12, start - packet), and
coverity recognizes the lower bound check as constraining
offset, but doesn't recognze the upper bound check, hence the
TAINTED_SCALAR defect. We rewrite the check in an equivalent
form with offset by itself on one side of the relational
operator.

2 years agoEnclose explicit loop case of fr_memset_secure() in block (#5126)
James Jones [Fri, 28 Jul 2023 19:01:16 +0000 (14:01 -0500)] 
Enclose explicit loop case of fr_memset_secure() in block (#5126)

Done because of the initial if statement, which makes the
explicit loop declaratons not be at the start of a block.

2 years agoKeep too-long lines from overwriting output_buffer (#5093)
James Jones [Fri, 28 Jul 2023 14:15:29 +0000 (09:15 -0500)] 
Keep too-long lines from overwriting output_buffer (#5093)

This came up because of CID #1533664, but almost certainly won't
placate coverity. It just makes sure that it won't ask for more
than will fit in output_buff, at the extremely rare cost of not
printing all of the remaining part of the line.

2 years agoadd and use fr_memset_secure()
Alan T. DeKok [Thu, 27 Jul 2023 22:53:03 +0000 (15:53 -0700)] 
add and use fr_memset_secure()

we will update the configure scripts later

2 years agoRevert "securely wipe secret information in pairs"
Alan T. DeKok [Thu, 27 Jul 2023 22:42:18 +0000 (15:42 -0700)] 
Revert "securely wipe secret information in pairs"

This reverts commit d8ddfd4a1df33cfa21b942b20ce53af263b93c52.

nope.  Various Linux distributions don't have it.

2 years agosecurely wipe secret information in pairs
Alan T. DeKok [Thu, 27 Jul 2023 22:27:38 +0000 (15:27 -0700)] 
securely wipe secret information in pairs

2 years agoCheck fr_sbuff_in_bstrncpy() in generate_from_header() (CID #1503908) (#5107)
James Jones [Thu, 27 Jul 2023 16:00:13 +0000 (11:00 -0500)] 
Check fr_sbuff_in_bstrncpy() in generate_from_header() (CID #1503908) (#5107)

2 years agoInitialize sbuff_tests output buffers for now (#5098)
James Jones [Thu, 27 Jul 2023 15:59:49 +0000 (10:59 -0500)] 
Initialize sbuff_tests output buffers for now (#5098)

CID #1503912, #1503930, #1503945, #1503930, #1503945

This should quiet coverity while we figure out why the
sbuff function models don't communicate to coverity that
on success, they really do write to the output sbuff.

2 years agoCheck sbuff returns in header_source() (CIDs #150424, #150280) (#5116)
James Jones [Thu, 27 Jul 2023 15:58:36 +0000 (10:58 -0500)] 
Check sbuff returns in header_source() (CIDs #150424, #150280) (#5116)

It's seriously unlikely, since conf_buffer can use all the
memory there is, but in theory the generation of the SMTP header
*could* fail, and that's enough to make coverity kvetch.

2 years agoMake clear to fr_radius_ok() that totallen is validated (CID #1455247) (#5109)
James Jones [Thu, 27 Jul 2023 15:58:12 +0000 (10:58 -0500)] 
Make clear to fr_radius_ok() that totallen is validated (CID #1455247) (#5109)

Coverity thinks that calculating totallen via byte-swapping taints
the buffer holding the packet to be decoded. Modeling fr_radius_ok()
doesn't seem to have worked, so we'll try making it clear to coverity
that we validate totallen.

2 years agoldap: Alloc all resources at the start of the function
Arran Cudbard-Bell [Thu, 27 Jul 2023 15:11:28 +0000 (11:11 -0400)] 
ldap: Alloc all resources at the start of the function

2 years agoAdd _ldap_connection_close_watch only after `queries' have been (#5123)
Max Khon [Thu, 27 Jul 2023 15:09:14 +0000 (23:09 +0800)] 
Add _ldap_connection_close_watch only after `queries' have been (#5123)

initialized and after the connection is known to be correctly
initialized (and not free'd after being added to close watch list).

2 years agominor documentation updates
Matthew Newton [Thu, 27 Jul 2023 11:59:14 +0000 (12:59 +0100)] 
minor documentation updates

2 years agoUpdate FreeRADIUS web site Antora documentation
Matthew Newton [Wed, 26 Jul 2023 15:11:56 +0000 (16:11 +0100)] 
Update FreeRADIUS web site Antora documentation

2 years agobump antora to 3.1 as 2.0 is now EOL
Matthew Newton [Wed, 26 Jul 2023 15:05:43 +0000 (16:05 +0100)] 
bump antora to 3.1 as 2.0 is now EOL

2 years agoAdd copying of secret flag to xlats which create a new value box
Nick Porter [Wed, 26 Jul 2023 12:35:40 +0000 (13:35 +0100)] 
Add copying of secret flag to xlats which create a new value box

and produce output which can reveal the input

2 years agoUse fr_value_box_contains_secret when securely printing lists
Nick Porter [Wed, 26 Jul 2023 12:33:48 +0000 (13:33 +0100)] 
Use fr_value_box_contains_secret when securely printing lists

Lists can contain groups and the secret could be a child of a group

2 years agoSet value box secret on all concat_in_place paths
Nick Porter [Wed, 26 Jul 2023 12:28:53 +0000 (13:28 +0100)] 
Set value box secret on all concat_in_place paths

2 years agoAdd sample "send ...Get..." sections to TACACS virtual server
Nick Porter [Wed, 26 Jul 2023 09:34:04 +0000 (10:34 +0100)] 
Add sample "send ...Get..." sections to TACACS virtual server

2 years agoSet the secret flag of User-Message based on the attribute it really holds
Nick Porter [Wed, 26 Jul 2023 10:03:06 +0000 (11:03 +0100)] 
Set the secret flag of User-Message based on the attribute it really holds

2 years agoAdd API for querying / manipulating value box secret flag
Nick Porter [Wed, 26 Jul 2023 10:02:10 +0000 (11:02 +0100)] 
Add API for querying / manipulating value box secret flag

In anticipation of the flags moving to a structure.

2 years agoTACACS User-Message can contain the password - so mark as secret
Nick Porter [Wed, 26 Jul 2023 09:31:12 +0000 (10:31 +0100)] 
TACACS User-Message can contain the password - so mark as secret

2 years agodoc: man page asciidoc fixes
Matthew Newton [Wed, 26 Jul 2023 12:32:52 +0000 (13:32 +0100)] 
doc: man page asciidoc fixes

2 years agodoc: fix nav for howtos and tutorials
Matthew Newton [Wed, 26 Jul 2023 12:10:49 +0000 (13:10 +0100)] 
doc: fix nav for howtos and tutorials

2 years agodocs: some small antora fixes
Matthew Newton [Tue, 25 Jul 2023 18:23:13 +0000 (19:23 +0100)] 
docs: some small antora fixes

and remove unused list.adoc (replaced by all_modules.adoc)

2 years agodoc: fix a load of broken xrefs
Matthew Newton [Tue, 25 Jul 2023 18:25:09 +0000 (19:25 +0100)] 
doc: fix a load of broken xrefs

2 years agoWe don't need to qualify the enums in the calix dictionary
Arran Cudbard-Bell [Wed, 26 Jul 2023 03:58:20 +0000 (20:58 -0700)] 
We don't need to qualify the enums in the calix dictionary

2 years agoRecord file destination from config into default_log
Nick Porter [Tue, 25 Jul 2023 12:38:48 +0000 (13:38 +0100)] 
Record file destination from config into default_log

Needed so that each destination created from default_log knows what file
to use.

2 years agoTypo
Nick Porter [Tue, 25 Jul 2023 06:48:24 +0000 (07:48 +0100)] 
Typo

2 years agoKeep track of secret flag when concatenating value boxes to string / octets
Nick Porter [Mon, 24 Jul 2023 16:11:43 +0000 (17:11 +0100)] 
Keep track of secret flag when concatenating value boxes to string / octets

2 years agoIf suppress_secrets is set, use hide secret value boxes in %pM printing
Nick Porter [Mon, 24 Jul 2023 14:31:56 +0000 (15:31 +0100)] 
If suppress_secrets is set, use hide secret value boxes in %pM printing

2 years agoAdd fr_value_box_list_aprint_secure()
Nick Porter [Mon, 24 Jul 2023 14:26:06 +0000 (15:26 +0100)] 
Add fr_value_box_list_aprint_secure()

For printing lists of boxes in debug output when hiding secret values

2 years agoAlways parse log section of main config
Nick Porter [Mon, 24 Jul 2023 13:05:37 +0000 (14:05 +0100)] 
Always parse log section of main config

There are other options in there besides the destination.

2 years agoWhilst the fr_box() macros do something different to fr_value_box, it's still not...
Arran Cudbard-Bell [Sat, 22 Jul 2023 22:36:01 +0000 (15:36 -0700)] 
Whilst the fr_box() macros do something different to fr_value_box, it's still not appropriate to use strlen implicitly when boxing values

2 years agoUser-Password is secret here, too
Alan T. DeKok [Sat, 22 Jul 2023 16:00:37 +0000 (12:00 -0400)] 
User-Password is secret here, too

2 years agoin may be NULL
Alan T. DeKok [Sat, 22 Jul 2023 15:48:26 +0000 (11:48 -0400)] 
in may be NULL

2 years agomark secrets as secret
Alan T. DeKok [Sat, 22 Jul 2023 12:49:54 +0000 (08:49 -0400)] 
mark secrets as secret

2 years agoUase __coverity_writeall__() in fr_value_vox_init() model
James Jones [Fri, 21 Jul 2023 12:55:47 +0000 (07:55 -0500)] 
Uase __coverity_writeall__() in fr_value_vox_init() model