]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
3 years agoUse udp_len in UDP length checks
James Jones [Fri, 2 Jun 2023 13:45:24 +0000 (08:45 -0500)] 
Use udp_len in UDP length checks

Coverity appears to be faked out by the use of diff to
validate udp_len, and hence complains about tainted data.

3 years agoRewrite check on length in dhcpv6_print_hex()
James Jones [Fri, 2 Jun 2023 18:44:47 +0000 (13:44 -0500)] 
Rewrite check on length in dhcpv6_print_hex()

We suspect that coverity is confused by the check as written, and
so rewrite it so that the variable checked is alone on the LHS of
the comparison.

3 years agoradius: Make it impossible for the user to modify Proxy-State attributes, as we do...
Arran Cudbard-Bell [Tue, 6 Jun 2023 16:41:37 +0000 (12:41 -0400)] 
radius: Make it impossible for the user to modify Proxy-State attributes, as we do with DHCPv6 and response fields

3 years agoRemove NO_RCTX state machine macros, there's always an RCTX now
Arran Cudbard-Bell [Tue, 6 Jun 2023 16:41:08 +0000 (12:41 -0400)] 
Remove NO_RCTX state machine macros, there's always an RCTX now

3 years agoRevert "Quick hack to try and get tests passing again"
Arran Cudbard-Bell [Tue, 6 Jun 2023 13:20:38 +0000 (09:20 -0400)] 
Revert "Quick hack to try and get tests passing again"

This reverts commit 82ef4fc33b2d61fe3da92501b036f6db59fde5c5.

3 years agoDO_NOT_RESPOND is a valid reply packet type for DHCP
Nick Porter [Tue, 6 Jun 2023 11:29:50 +0000 (12:29 +0100)] 
DO_NOT_RESPOND is a valid reply packet type for DHCP

3 years agoUpdate tests to match echoed back Proxy-State
Nick Porter [Tue, 6 Jun 2023 10:11:30 +0000 (11:11 +0100)] 
Update tests to match echoed back Proxy-State

The module accounting tests use Access-Request packets but call the
modules in accouning context.

Since Access-Request packets are used, the Proxy-State in the request is
reflected back in the Access-Accept

3 years agoSet pool min and start defaults to 0, to ensure they are < max
Nick Porter [Tue, 6 Jun 2023 09:40:39 +0000 (10:40 +0100)] 
Set pool min and start defaults to 0, to ensure they are < max

3 years agoSet default for "max" in pool for rlm_redis_ippool_tool
Nick Porter [Tue, 6 Jun 2023 09:20:12 +0000 (10:20 +0100)] 
Set default for "max" in pool for rlm_redis_ippool_tool

3 years agoCheck vb is allocated (CID #1532274)
Nick Porter [Tue, 6 Jun 2023 07:24:40 +0000 (08:24 +0100)] 
Check vb is allocated (CID #1532274)

3 years agoAdd support for destination = stdout and destination = stderr
Max Khon [Mon, 5 Jun 2023 16:11:20 +0000 (17:11 +0100)] 
Add support for destination = stdout and destination = stderr

3 years agoQuick hack to try and get tests passing again
Arran Cudbard-Bell [Mon, 5 Jun 2023 17:36:27 +0000 (13:36 -0400)] 
Quick hack to try and get tests passing again

Can't replicate on local system because a bug in make makes it difficult to run these tests

3 years agoprocess_radius: Correctly store/restore proxy-state values
Arran Cudbard-Bell [Mon, 5 Jun 2023 17:34:16 +0000 (13:34 -0400)] 
process_radius:  Correctly store/restore proxy-state values

As this is required by RFC2865 we should copy proxy-state implicitly.  The values are available in the relevant send sections so can still be removed/modified if the user wants.  If there are complaints we can always add a toggle.

3 years agomake: Add toupper and tolower to reduce calls to $(shell)
Arran Cudbard-Bell [Fri, 2 Jun 2023 19:14:44 +0000 (15:14 -0400)] 
make: Add toupper and tolower to reduce calls to $(shell)

3 years agoset pool max default internally
Arran Cudbard-Bell [Wed, 31 May 2023 23:22:40 +0000 (19:22 -0400)] 
set pool max default internally

3 years agoDon't set a default value
Arran Cudbard-Bell [Wed, 31 May 2023 22:40:44 +0000 (18:40 -0400)] 
Don't set a default value

3 years agoDon't mess with the default core count
Arran Cudbard-Bell [Wed, 31 May 2023 22:30:01 +0000 (18:30 -0400)] 
Don't mess with the default core count

3 years agoUse '0' to mean error
Arran Cudbard-Bell [Wed, 31 May 2023 22:22:57 +0000 (18:22 -0400)] 
Use '0' to mean error

3 years agoWarn when we can't retrieve a core count
Arran Cudbard-Bell [Wed, 31 May 2023 22:17:45 +0000 (18:17 -0400)] 
Warn when we can't retrieve a core count

3 years agoPass parent through to common functions
Arran Cudbard-Bell [Wed, 31 May 2023 19:53:48 +0000 (15:53 -0400)] 
Pass parent through to common functions

3 years agoFixup kafka default functions
Arran Cudbard-Bell [Wed, 31 May 2023 19:39:55 +0000 (15:39 -0400)] 
Fixup kafka default functions

3 years agoSet num_workers default value earlier
Arran Cudbard-Bell [Wed, 31 May 2023 19:15:34 +0000 (15:15 -0400)] 
Set num_workers default value earlier

3 years agoWhy OpenSSL why...
Arran Cudbard-Bell [Wed, 31 May 2023 19:09:17 +0000 (15:09 -0400)] 
Why OpenSSL why...

3 years agoFix 'start' pool values
Jorge Pereira [Wed, 31 May 2023 13:36:02 +0000 (10:36 -0300)] 
Fix 'start' pool values

3 years agoRemove unnecessary return in fr_pool_init()
Jorge Pereira [Wed, 31 May 2023 16:21:50 +0000 (13:21 -0300)] 
Remove unnecessary return in fr_pool_init()

3 years agoDeprecate Debian 10 and add Ubuntu 22.04 to full deb packaging tests
Nick Porter [Wed, 31 May 2023 06:54:18 +0000 (07:54 +0100)] 
Deprecate Debian 10 and add Ubuntu 22.04 to full deb packaging tests

Debian 10 does not have Python 3.8 packages which are required for
rlm_python

3 years agoPull check for non-NULL randle after check for NULL randle
James Jones [Tue, 30 May 2023 20:06:07 +0000 (15:06 -0500)] 
Pull check for non-NULL randle after check for NULL randle

randle is local to mod_authenticate(), so in the then clause
of an if checking for randle being NULL, randle won't be non-NULL.

3 years agoDeprecate CentOS 7 and add Rocky 9 to full RPM build tests
Nick Porter [Tue, 30 May 2023 15:25:39 +0000 (16:25 +0100)] 
Deprecate CentOS 7 and add Rocky 9 to full RPM build tests

CentOS 7 doesn't have Python 3.8 which is now required for rlm_python,
and is EoL in June 2024

3 years agoInitialize num_commands to 0, the actual initial number of commands.
James Jones [Tue, 30 May 2023 18:48:48 +0000 (13:48 -0500)] 
Initialize num_commands to 0, the actual initial number of commands.

Doing this should keep coverity from getting confused and requiring
annotations.

3 years agoCorrect maths in redis_ippool_tool statistics
Nick Porter [Tue, 30 May 2023 11:41:43 +0000 (12:41 +0100)] 
Correct maths in redis_ippool_tool statistics

3 years agoFix segfault in redis_ippool_tool stats
Nick Porter [Tue, 30 May 2023 11:23:25 +0000 (12:23 +0100)] 
Fix segfault in redis_ippool_tool stats

3 years agomake DHCPv4 use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:26 +0000 (22:54 -0300)] 
make DHCPv4 use flat or nested attributes

3 years agomake TTLS use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:26 +0000 (22:54 -0300)] 
make TTLS use flat or nested attributes

3 years agomake TACACS use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:25 +0000 (22:54 -0300)] 
make TACACS use flat or nested attributes

3 years agomake RADIUS use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:25 +0000 (22:54 -0300)] 
make RADIUS use flat or nested attributes

3 years agomake Stats use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:25 +0000 (22:54 -0300)] 
make Stats use flat or nested attributes

3 years agomake MSCHAP use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:24 +0000 (22:54 -0300)] 
make MSCHAP use flat or nested attributes

3 years agomake LDAP use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:24 +0000 (22:54 -0300)] 
make LDAP use flat or nested attributes

3 years agomake Digest use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:24 +0000 (22:54 -0300)] 
make Digest use flat or nested attributes

3 years agomake BFD use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:24 +0000 (22:54 -0300)] 
make BFD use flat or nested attributes

3 years agomake EAP use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:54:24 +0000 (22:54 -0300)] 
make EAP use flat or nested attributes

3 years agomake radclient use flat or nested attributes
Jorge Pereira [Fri, 26 May 2023 01:51:34 +0000 (22:51 -0300)] 
make radclient use flat or nested attributes

3 years agoInitialize all of find.addr in fr_redis_cluster_pool_by_node_addr()
James Jones [Mon, 29 May 2023 01:14:13 +0000 (20:14 -0500)] 
Initialize all of find.addr in fr_redis_cluster_pool_by_node_addr()

Coverity rightly pointed out that only parts of it were set.
Better to initialize it fully than to annotate the defect.

3 years agoname the individual listeners
Alan T. DeKok [Mon, 29 May 2023 14:42:34 +0000 (10:42 -0400)] 
name the individual listeners

as per commit 99b2e070e27

3 years agoprint out which listener had the error
Alan T. DeKok [Mon, 29 May 2023 14:32:04 +0000 (10:32 -0400)] 
print out which listener had the error

3 years agodefine DHCPV6_MAX_ATTRIBUTES
Alan T. DeKok [Mon, 29 May 2023 14:27:27 +0000 (10:27 -0400)] 
define DHCPV6_MAX_ATTRIBUTES

as it was used, but wasn't defined

3 years agominor cleanups
Alan T. DeKok [Wed, 24 May 2023 14:19:25 +0000 (10:19 -0400)] 
minor cleanups

the key is now expanded to a local value-box, instead of pointing
to an attribute which might be edited by the operations we're
doing.  As a result, we don't need to copy the key to a local
buffer.

3 years agomacos: eapol_test seems to build against OpenSSL 3.0, albeit with lots of warnings
Arran Cudbard-Bell [Sun, 28 May 2023 03:09:16 +0000 (22:09 -0500)] 
macos: eapol_test seems to build against OpenSSL 3.0, albeit with lots of warnings

3 years agojlibtool: Print environment in verbose mode
Arran Cudbard-Bell [Sun, 28 May 2023 02:57:35 +0000 (21:57 -0500)] 
jlibtool: Print environment in verbose mode

3 years agoRemove potentially unecessary explicit framework includes
Arran Cudbard-Bell [Fri, 26 May 2023 23:24:33 +0000 (19:24 -0400)] 
Remove potentially unecessary explicit framework includes

3 years agoSearch in the place we found the last OpenSSL libary for subsequent libraries
Arran Cudbard-Bell [Fri, 26 May 2023 23:19:04 +0000 (19:19 -0400)] 
Search in the place we found the last OpenSSL libary for subsequent libraries

3 years agorecord where we found the library
Arran Cudbard-Bell [Fri, 26 May 2023 23:18:43 +0000 (19:18 -0400)] 
record where we found the library

3 years agomacos: Search in the new ARM homebrew location by default
Arran Cudbard-Bell [Fri, 26 May 2023 23:18:24 +0000 (19:18 -0400)] 
macos: Search in the new ARM homebrew location by default

3 years agorlm_totp: Convert to call_env
Arran Cudbard-Bell [Fri, 26 May 2023 15:08:09 +0000 (11:08 -0400)] 
rlm_totp: Convert to call_env

3 years agoSkip recursive _raddict_export() call if children == NULL
James Jones [Fri, 26 May 2023 11:59:47 +0000 (06:59 -0500)] 
Skip recursive _raddict_export() call if children == NULL

Arguably a redundant test, but the alternative would be to
model talloc_array_length() to make clear to coverity that
it returns zero if handed NULL, and we're not sure that
modeling functions can check their parameters.

3 years agoradclient: Allow source IP address to be set on the command line
Arran Cudbard-Bell [Thu, 25 May 2023 21:56:25 +0000 (17:56 -0400)] 
radclient: Allow source IP address to be set on the command line

3 years agoradhttpcheck: Should probably just default to status-server out of the box
Arran Cudbard-Bell [Thu, 25 May 2023 21:50:53 +0000 (17:50 -0400)] 
radhttpcheck: Should probably just default to status-server out of the box

3 years agoRemove uninit_use_in_call annotations to verity model
James Jones [Thu, 25 May 2023 18:37:11 +0000 (13:37 -0500)] 
Remove uninit_use_in_call annotations to verity model

3 years agoAdd modeling to indicate when functions actually write data
James Jones [Wed, 24 May 2023 18:52:44 +0000 (13:52 -0500)] 
Add modeling to indicate when functions actually write data

These assure coverity that the modeled functions on success
actually write to the intended output parameter.

3 years agoNo need to persist the default Python path
Nick Porter [Thu, 25 May 2023 08:27:08 +0000 (09:27 +0100)] 
No need to persist the default Python path

3 years agoForce Python to 3.8 on RHEL < 9
Nick Porter [Wed, 24 May 2023 15:40:12 +0000 (16:40 +0100)] 
Force Python to 3.8 on RHEL < 9

Default Python on RHEL 8 is 3.6.
RHEL 9 has Python 3.9 as default.

3 years agoRemove old Python 2 specific module config
Nick Porter [Tue, 23 May 2023 17:37:32 +0000 (18:37 +0100)] 
Remove old Python 2 specific module config

3 years agoRemove module config for python path
Nick Porter [Tue, 23 May 2023 17:35:59 +0000 (18:35 +0100)] 
Remove module config for python path

3 years agoMove python path setting to library init
Nick Porter [Tue, 23 May 2023 17:33:29 +0000 (18:33 +0100)] 
Move python path setting to library init

3 years agoRework libpython initialization to use PyConfig
Nick Porter [Tue, 23 May 2023 15:43:53 +0000 (16:43 +0100)] 
Rework libpython initialization to use PyConfig

Makes minimum Python version required 3.8

3 years agoReplace mod_load and mod_unload with global init / free functions
Nick Porter [Tue, 23 May 2023 15:16:32 +0000 (16:16 +0100)] 
Replace mod_load and mod_unload with global init / free functions

3 years agoAdd a global config for libpython
Nick Porter [Tue, 23 May 2023 15:10:57 +0000 (16:10 +0100)] 
Add a global config for libpython

3 years agoRemove pre Python 3.7 code
Nick Porter [Tue, 23 May 2023 14:46:14 +0000 (15:46 +0100)] 
Remove pre Python 3.7 code

3 years agomake SoH use flat or nested attributes
Jorge Pereira [Thu, 18 May 2023 18:14:34 +0000 (15:14 -0300)] 
make SoH use flat or nested attributes

3 years agomake WiMAX use flat or nested attributes.
Jorge Pereira [Thu, 18 May 2023 17:56:44 +0000 (14:56 -0300)] 
make WiMAX use flat or nested attributes.

3 years agoradhttpcheck: Typo
Arran Cudbard-Bell [Wed, 24 May 2023 05:45:40 +0000 (01:45 -0400)] 
radhttpcheck: Typo

3 years agoradhttpcheck: Fix doc link
Arran Cudbard-Bell [Wed, 24 May 2023 02:15:56 +0000 (22:15 -0400)] 
radhttpcheck: Fix doc link

3 years agoradhttpcheck: Tweak systemd unit
Arran Cudbard-Bell [Wed, 24 May 2023 02:10:41 +0000 (22:10 -0400)] 
radhttpcheck: Tweak systemd unit

3 years agoradhttpcheck: Catch broken pipe error
Arran Cudbard-Bell [Wed, 24 May 2023 01:48:32 +0000 (21:48 -0400)] 
radhttpcheck: Catch broken pipe error

3 years agoradhttpcheck: Allow config path to be specified
Arran Cudbard-Bell [Wed, 24 May 2023 01:21:26 +0000 (21:21 -0400)] 
radhttpcheck: Allow config path to be specified

3 years agoradhttpcheck: Add default NAS-Identifier
Arran Cudbard-Bell [Tue, 23 May 2023 23:00:16 +0000 (19:00 -0400)] 
radhttpcheck: Add default NAS-Identifier

3 years agoradhttpcheck: Bind interface is called ipaddr not server
Arran Cudbard-Bell [Tue, 23 May 2023 22:50:08 +0000 (18:50 -0400)] 
radhttpcheck: Bind interface is called ipaddr not server

3 years agoDocument server
Arran Cudbard-Bell [Tue, 23 May 2023 22:38:10 +0000 (18:38 -0400)] 
Document server

3 years agoradhttpcheck: slightly clearer
Arran Cudbard-Bell [Tue, 23 May 2023 22:36:49 +0000 (18:36 -0400)] 
radhttpcheck: slightly clearer

3 years agoAdd HTTP <-> RADIUS healthcheck gateway
Arran Cudbard-Bell [Tue, 23 May 2023 22:29:22 +0000 (18:29 -0400)] 
Add HTTP <-> RADIUS healthcheck gateway

3 years agoLDAP_MAX_CACHEABLE only applies to name to DN and DN to name resolution
Nick Porter [Tue, 23 May 2023 13:36:54 +0000 (14:36 +0100)] 
LDAP_MAX_CACHEABLE only applies to name to DN and DN to name resolution

3 years agorlm_mschap is also already built if we're doing package tests
Nick Porter [Tue, 23 May 2023 09:49:04 +0000 (10:49 +0100)] 
rlm_mschap is also already built if we're doing package tests

3 years agoPackage tests already have the modules built
Nick Porter [Tue, 23 May 2023 08:28:39 +0000 (09:28 +0100)] 
Package tests already have the modules built

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Tue, 23 May 2023 09:34:37 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar

3 years agoOnly call query->parser if there are valid results. Fix for CID #1529242
Nick Porter [Tue, 23 May 2023 07:18:06 +0000 (08:18 +0100)] 
Only call query->parser if there are valid results. Fix for CID #1529242

3 years agoCorrect return
Nick Porter [Tue, 23 May 2023 07:17:18 +0000 (08:17 +0100)] 
Correct return

3 years agoAdd Calix vendor dictionary
Arran Cudbard-Bell [Mon, 22 May 2023 21:50:36 +0000 (17:50 -0400)] 
Add Calix vendor dictionary

3 years agotry to quiet clang scan
Alan T. DeKok [Mon, 22 May 2023 21:06:41 +0000 (17:06 -0400)] 
try to quiet clang scan

3 years agomake rlm_eap_mschapv2 use flat or nested attributes
Alan T. DeKok [Mon, 22 May 2023 20:25:11 +0000 (16:25 -0400)] 
make rlm_eap_mschapv2 use flat or nested attributes

3 years agomake EAP tests depend on the source modules
Alan T. DeKok [Mon, 22 May 2023 20:07:07 +0000 (16:07 -0400)] 
make EAP tests depend on the source modules

3 years agoadd test.eap.help target
Alan T. DeKok [Mon, 22 May 2023 19:55:25 +0000 (15:55 -0400)] 
add test.eap.help target

3 years agoremove RAD_REQUEST_OPTION_PROXY_EAP
Alan T. DeKok [Mon, 22 May 2023 19:52:02 +0000 (15:52 -0400)] 
remove RAD_REQUEST_OPTION_PROXY_EAP

this is a v3 thing, and won't work in v4.  We will need a new
way to convert EAP-MSCHAPv2 to MS-CHAPv2 and vice-versa.  Likely
with an xlat.

3 years agomore cleanups
Alan T. DeKok [Mon, 22 May 2023 19:50:02 +0000 (15:50 -0400)] 
more cleanups

3 years agoremove duplicate code, and use MEM()
Alan T. DeKok [Mon, 22 May 2023 19:45:04 +0000 (15:45 -0400)] 
remove duplicate code, and use MEM()

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Sun, 21 May 2023 09:34:49 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Sun, 21 May 2023 09:34:46 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Sun, 21 May 2023 09:34:43 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Sun, 21 May 2023 09:34:40 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Sun, 21 May 2023 09:34:34 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Sun, 21 May 2023 09:34:31 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar