]> git.ipfire.org Git - thirdparty/freeradius-server.git/log
thirdparty/freeradius-server.git
3 years agoNo need to set directory->type to 0 - it was allocated with talloc_zero
Nick Porter [Fri, 28 Apr 2023 18:47:57 +0000 (19:47 +0100)] 
No need to set directory->type to 0 - it was allocated with talloc_zero

3 years agoParent the directory discovery query from a trunk request
Nick Porter [Fri, 28 Apr 2023 18:38:18 +0000 (19:38 +0100)] 
Parent the directory discovery query from a trunk request

So that the query is cleared up when the request is completed - there is
no further use for the query after demux processing.

3 years agoLDAP query should be removed from outstanding list in demux
Nick Porter [Mon, 24 Apr 2023 17:15:28 +0000 (18:15 +0100)] 
LDAP query should be removed from outstanding list in demux

We have received a reply, so it is no longer outstanding.

Also libldap can reuse msgid values so there could be a conflict between
a query whose reply has been received and a new query.

3 years agoHandle trunk enqueueing failures when following LDAP referrals
Nick Porter [Mon, 24 Apr 2023 17:10:04 +0000 (18:10 +0100)] 
Handle trunk enqueueing failures when following LDAP referrals

3 years agoUpdate mods-available/cache update section comment to provide a clearer description...
Stephen Blackwell [Thu, 27 Apr 2023 14:38:11 +0000 (10:38 -0400)] 
Update mods-available/cache update section comment to provide a clearer description of how update sections are rendered and cached (#4981)

Signed-off-by: Stephen Blackwell <sblackwell@networkradius.com>
3 years agorename flag, and set it in detail work, too
Alan T. DeKok [Tue, 25 Apr 2023 16:28:08 +0000 (12:28 -0400)] 
rename flag, and set it in detail work, too

3 years agoRevert "disable detail tests until we track down Linux kqueue issues"
Alan T. DeKok [Tue, 25 Apr 2023 15:53:33 +0000 (11:53 -0400)] 
Revert "disable detail tests until we track down Linux kqueue issues"

This reverts commit 59f293091e1cda6c433184d07871847825474410.

this should now be fixed

3 years agosome listeners may be read-only
Alan T. DeKok [Tue, 25 Apr 2023 13:46:32 +0000 (09:46 -0400)] 
some listeners may be read-only

3 years agoargs are unused
Alan T. DeKok [Tue, 25 Apr 2023 13:45:34 +0000 (09:45 -0400)] 
args are unused

3 years agoquiet clang scan
Alan T. DeKok [Tue, 25 Apr 2023 12:35:00 +0000 (08:35 -0400)] 
quiet clang scan

3 years agodirectory and worker listeners may be on separate threads
Alan T. DeKok [Tue, 25 Apr 2023 12:14:32 +0000 (08:14 -0400)] 
directory and worker listeners may be on separate threads

add an assert saying we don't do writes

3 years agouse ${top_srcdir} instead of ${PWD}. Fixes #4977
Alan T. DeKok [Mon, 24 Apr 2023 14:35:50 +0000 (10:35 -0400)] 
use ${top_srcdir} instead of ${PWD}.  Fixes #4977

3 years agopassword may be NULL. CID #1524744
Alan T. DeKok [Sun, 23 Apr 2023 15:59:45 +0000 (11:59 -0400)] 
password may be NULL.   CID #1524744

3 years agodisable detail tests until we track down Linux kqueue issues
Alan T. DeKok [Sun, 23 Apr 2023 15:23:27 +0000 (11:23 -0400)] 
disable detail tests until we track down Linux kqueue issues

3 years agodoc: when complaining about documentation location, point to new documentation spot...
Michael Richardson [Sun, 23 Apr 2023 15:02:42 +0000 (11:02 -0400)] 
doc: when complaining about documentation location, point to new documentation spot (#4976)

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar
github-actions[bot] [Sat, 22 Apr 2023 09:34:37 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/bfd.tar

3 years agoload module from parent instance, not from CONF_SECTION
Alan T. DeKok [Fri, 21 Apr 2023 13:01:12 +0000 (09:01 -0400)] 
load module from parent instance, not from CONF_SECTION

because that's what the dl_module framework expects

3 years agothe detail worker MUST have en event loop set
Alan T. DeKok [Fri, 21 Apr 2023 12:38:06 +0000 (08:38 -0400)] 
the detail worker MUST have en event loop set

3 years agodepend on the proto_detail libraries, too
Alan T. DeKok [Fri, 21 Apr 2023 12:31:58 +0000 (08:31 -0400)] 
depend on the proto_detail libraries, too

and only succeed if the test succeeds

3 years agoRework eDirectory Universal Password lookup to be async
Nick Porter [Fri, 21 Apr 2023 10:33:10 +0000 (11:33 +0100)] 
Rework eDirectory Universal Password lookup to be async

3 years agoHandle LDAP extended operations in trunk mux / demux
Nick Porter [Fri, 21 Apr 2023 10:15:44 +0000 (11:15 +0100)] 
Handle LDAP extended operations in trunk mux / demux

3 years agoGrammar
Arran Cudbard-Bell [Fri, 21 Apr 2023 03:28:50 +0000 (13:28 +1000)] 
Grammar

3 years agotypo
Arran Cudbard-Bell [Fri, 21 Apr 2023 01:26:31 +0000 (11:26 +1000)] 
typo

3 years agoautoconf: with/without commands are not symmetrical
Arran Cudbard-Bell [Fri, 21 Apr 2023 01:09:39 +0000 (11:09 +1000)] 
autoconf: with/without commands are not symmetrical

3 years agorpm: Fix module selection
Arran Cudbard-Bell [Fri, 21 Apr 2023 00:39:39 +0000 (10:39 +1000)] 
rpm: Fix module selection

3 years agoFix default RADIUS status check config
Arran Cudbard-Bell [Thu, 20 Apr 2023 22:27:45 +0000 (08:27 +1000)] 
Fix default RADIUS status check config

3 years agoremove assertion
Alan T. DeKok [Thu, 20 Apr 2023 21:54:00 +0000 (17:54 -0400)] 
remove assertion

We need to fix up encode_tlv(), as for RADIUS, it's really
"encode TLV contents", and not "encode the entire TLV".

The encode_child() function also relies on the encode_value()
funtion to handle grouping attributes, which is likely also wrong.

The RADIUS encoder / decoder is not only more complex than the other
protocols, it was written earlier.  i.e. before we cleaned up and
clarified the process of encoding packets.

3 years agoclarify labels and behaviors for encode_child()
Alan T. DeKok [Thu, 20 Apr 2023 21:07:37 +0000 (17:07 -0400)] 
clarify labels and behaviors for encode_child()

Most protocols (for now) need to be able to handle flat or nested
pairs.  RADIUS only handles flat pairs, as it doesn't have groups

3 years agorename encode_foo_hdr() to encode_foo()
Alan T. DeKok [Thu, 20 Apr 2023 15:34:28 +0000 (11:34 -0400)] 
rename encode_foo_hdr() to encode_foo()

because the functions encode the entire attribute, including
header and value.

We also have separate encode_option_hdr() functions which only
encode the actual header contents.

3 years agorename encode_tlv() to encode_cursor()
Alan T. DeKok [Thu, 20 Apr 2023 15:30:28 +0000 (11:30 -0400)] 
rename encode_tlv() to encode_cursor()

because it encodes everything in the cursor.  As part of renaming
the functions to be consistent and more clear.

3 years agouse encode_child() consistenly for encoding one thing
Alan T. DeKok [Thu, 20 Apr 2023 15:18:44 +0000 (11:18 -0400)] 
use encode_child() consistenly for encoding one thing

while the protocols use random names (attribute, option, etc)
for consistency, our code should use common names.

This also lets us better track code duplication, and lets us do
deduplication.

3 years agouse consistent naming
Alan T. DeKok [Thu, 20 Apr 2023 15:12:48 +0000 (11:12 -0400)] 
use consistent naming

3 years agoadd test.detail to standard set of tests
Alan T. DeKok [Thu, 20 Apr 2023 14:54:27 +0000 (10:54 -0400)] 
add test.detail to standard set of tests

3 years agoupdate comments
Alan T. DeKok [Wed, 19 Apr 2023 17:16:01 +0000 (13:16 -0400)] 
update comments

3 years agoAdd support for LDAP extended operations to async framework
Nick Porter [Thu, 20 Apr 2023 13:24:09 +0000 (14:24 +0100)] 
Add support for LDAP extended operations to async framework

3 years agoImprove / correct comments on LDAP code
Nick Porter [Thu, 20 Apr 2023 13:20:34 +0000 (14:20 +0100)] 
Improve / correct comments on LDAP code

3 years agoAssure that aside from 0, reply_code() will return a valid code. (#4966)
James Jones [Thu, 20 Apr 2023 14:05:43 +0000 (09:05 -0500)] 
Assure that aside from 0, reply_code() will return a valid code. (#4966)

Uncertainty about this appears to cause the coverity defects in
src/process/tacacs/base.c.

3 years agoDon't pass NULL buffer to _fr_syserror() (#4963)
James Jones [Thu, 20 Apr 2023 14:05:19 +0000 (09:05 -0500)] 
Don't pass NULL buffer to _fr_syserror() (#4963)

The issue turns up if _fr_syserror_buffer() returns NULL.

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar
github-actions[bot] [Thu, 20 Apr 2023 09:35:07 +0000 (09:35 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/radius.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:51 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tacacs.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:49 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dns.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:46 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv6.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:42 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/dhcpv4.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:34 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/util.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:31 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/tftp.tar

3 years agoScheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar
github-actions[bot] [Thu, 20 Apr 2023 09:34:28 +0000 (09:34 +0000)] 
Scheduled fuzzing: Update src/tests/fuzzer-corpus/vmps.tar

3 years agoadd basic "test.detail"
Alan T. DeKok [Wed, 19 Apr 2023 17:13:13 +0000 (13:13 -0400)] 
add basic "test.detail"

3 years agoadd and use "exit_when_done" flag to the detail listener
Alan T. DeKok [Wed, 19 Apr 2023 13:12:04 +0000 (09:12 -0400)] 
add and use "exit_when_done" flag to the detail listener

So that we can use it as a one-shot client for reading and
processing detail files

3 years agoCI: fix scheduled fuzzer issues with pyOpenSSL
Matthew Newton [Wed, 19 Apr 2023 11:19:23 +0000 (12:19 +0100)] 
CI: fix scheduled fuzzer issues with pyOpenSSL

Force install of new version of pyOpenSSL before PyGithub is
installed - that depends on a newer cryptography pkg which then
breaks everything with old pyOpenSSL.

https://github.com/pyca/pyopenssl/issues/1143

3 years agoTidy debugging on LDAP admin binds
Nick Porter [Tue, 18 Apr 2023 10:44:27 +0000 (11:44 +0100)] 
Tidy debugging on LDAP admin binds

3 years agoradius_udp: Allow source IP address override, maybe...
Arran Cudbard-Bell [Wed, 19 Apr 2023 03:43:21 +0000 (13:43 +1000)] 
radius_udp: Allow source IP address override, maybe...

3 years agodetail_reader: Pass in correct instance data to the detail work submodule
Arran Cudbard-Bell [Wed, 19 Apr 2023 00:08:39 +0000 (10:08 +1000)] 
detail_reader: Pass in correct instance data to the detail work submodule

3 years agodetail: Emit an error message if we can't make changes
Arran Cudbard-Bell [Tue, 18 Apr 2023 22:48:33 +0000 (08:48 +1000)] 
detail: Emit an error message if we can't make changes

3 years agoclose fd and return fail. CID #1524731
Alan T. DeKok [Tue, 18 Apr 2023 20:27:07 +0000 (16:27 -0400)] 
close fd and return fail.  CID #1524731

3 years agoDon't enable modules which are not in the base package
Nick Porter [Tue, 18 Apr 2023 16:51:41 +0000 (17:51 +0100)] 
Don't enable modules which are not in the base package

3 years agoSuppress compiler warnings on make deb
Nick Porter [Tue, 18 Apr 2023 14:28:51 +0000 (15:28 +0100)] 
Suppress compiler warnings on make deb

3 years agoInclude connection name in LDAP trunk connection error message
Nick Porter [Tue, 18 Apr 2023 11:30:29 +0000 (12:30 +0100)] 
Include connection name in LDAP trunk connection error message

3 years agoComment corrections
Nick Porter [Tue, 18 Apr 2023 11:31:00 +0000 (12:31 +0100)] 
Comment corrections

3 years agorlm_detail: Don't re-resolve the group names to GIDs on every entry written to a...
Arran Cudbard-Bell [Tue, 18 Apr 2023 11:55:09 +0000 (21:55 +1000)] 
rlm_detail: Don't re-resolve the group names to GIDs on every entry written to a detail file

3 years agoFix spurious assert on exit
Arran Cudbard-Bell [Tue, 18 Apr 2023 11:16:45 +0000 (21:16 +1000)] 
Fix spurious assert on exit

3 years agoradius: Return treq to the free list if there's no upstreams
Arran Cudbard-Bell [Tue, 18 Apr 2023 11:12:19 +0000 (21:12 +1000)] 
radius: Return treq to the free list if there's no upstreams

3 years agoAlign unlang_function_signal_set with _unlang_function_signal_set
Nick Porter [Tue, 18 Apr 2023 09:30:42 +0000 (10:30 +0100)] 
Align unlang_function_signal_set with _unlang_function_signal_set

3 years agounlang_function_push actually returns an unlang_action_t
Nick Porter [Tue, 18 Apr 2023 09:29:44 +0000 (10:29 +0100)] 
unlang_function_push actually returns an unlang_action_t

3 years agozombie state should be determined outside of the muxer
Arran Cudbard-Bell [Mon, 17 Apr 2023 23:42:22 +0000 (09:42 +1000)] 
zombie state should be determined outside of the muxer

3 years agorest: Fix arg list
Arran Cudbard-Bell [Mon, 17 Apr 2023 10:13:07 +0000 (20:13 +1000)] 
rest: Fix arg list

3 years agoAdd multiple types of variadic argument
Arran Cudbard-Bell [Mon, 17 Apr 2023 05:51:57 +0000 (15:51 +1000)] 
Add multiple types of variadic argument

Fix redis xlats to keep argument order and not crash when empty values are provided

3 years agoDisallow setting required on varidic args
Arran Cudbard-Bell [Mon, 17 Apr 2023 05:51:14 +0000 (15:51 +1000)] 
Disallow setting required on varidic args

It makes the code more complex, and it's not 100% clear what it means

3 years agoskip null values in concat functions
Arran Cudbard-Bell [Mon, 17 Apr 2023 05:49:52 +0000 (15:49 +1000)] 
skip null values in concat functions

3 years agoremove instances of .variadic = false
Arran Cudbard-Bell [Mon, 17 Apr 2023 05:48:37 +0000 (15:48 +1000)] 
remove instances of .variadic = false

3 years agoxlat: Don't crash printing empty secondary alternate expansion
Arran Cudbard-Bell [Sun, 16 Apr 2023 23:45:52 +0000 (09:45 +1000)] 
xlat: Don't crash printing empty secondary alternate expansion

...and actually print alternate expansions correctly

3 years agoredis: Deal with first func argument specially
Arran Cudbard-Bell [Sun, 16 Apr 2023 22:28:17 +0000 (08:28 +1000)] 
redis:  Deal with first func argument specially

Make sure it's an integer, and don't require future varidic arguments to be non-null

3 years agoUse the existing bind function for binding client sockets to interfaces, ipaddrs...
Arran Cudbard-Bell [Sun, 16 Apr 2023 09:20:32 +0000 (19:20 +1000)] 
Use the existing bind function for binding client sockets to interfaces, ipaddrs, and ports

3 years agoradius: re-add support for binding radius client sockets to interfaces
Arran Cudbard-Bell [Sat, 15 Apr 2023 11:37:00 +0000 (21:37 +1000)] 
radius: re-add support for binding radius client sockets to interfaces

3 years ago...and another missing free
Arran Cudbard-Bell [Sat, 15 Apr 2023 02:48:51 +0000 (12:48 +1000)] 
...and another missing free

3 years agoredis: Don't leak replies when we reconnect a node
Arran Cudbard-Bell [Sat, 15 Apr 2023 00:38:30 +0000 (10:38 +1000)] 
redis: Don't leak replies when we reconnect a node

3 years agoredis: Free existing reply before attempting to call the function
Arran Cudbard-Bell [Sat, 15 Apr 2023 00:36:14 +0000 (10:36 +1000)] 
redis: Free existing reply before attempting to call the function

3 years agouse TLS_method()
Alan T. DeKok [Fri, 14 Apr 2023 14:56:11 +0000 (10:56 -0400)] 
use TLS_method()

as per https://www.openssl.org/docs/man3.1/man3/TLS_method.html

3 years agoadd test for editing session-state, too
Alan T. DeKok [Wed, 5 Apr 2023 19:50:30 +0000 (15:50 -0400)] 
add test for editing session-state, too

3 years agoNot an error
Nick Porter [Fri, 14 Apr 2023 07:43:53 +0000 (08:43 +0100)] 
Not an error

3 years agoFree on both read/write and read only paths
Nick Porter [Fri, 14 Apr 2023 07:43:32 +0000 (08:43 +0100)] 
Free on both read/write and read only paths

3 years agocustomer: *stab* *stab* *stab*
Arran Cudbard-Bell [Thu, 13 Apr 2023 22:52:02 +0000 (08:52 +1000)] 
customer: *stab* *stab* *stab*

3 years agoFix talloc foreach so it doesn't have issues with NULL input arrays
Arran Cudbard-Bell [Thu, 13 Apr 2023 21:48:20 +0000 (07:48 +1000)] 
Fix talloc foreach so it doesn't have issues with NULL input arrays

3 years agoOnly need trunk for lookups if we don't have a cached DN
Nick Porter [Thu, 13 Apr 2023 15:43:25 +0000 (16:43 +0100)] 
Only need trunk for lookups if we don't have a cached DN

If the cached DN is already in the control list, then there is no need
to perform any lookup queries - just the auth bind will be done, which
is not on the trunk used for queries.

3 years agoAdd missing net_timeout option to sample ldap config
Nick Porter [Tue, 11 Apr 2023 10:27:03 +0000 (11:27 +0100)] 
Add missing net_timeout option to sample ldap config

3 years agoUpdate sample ldap module to reflect trunk parameters
Nick Porter [Fri, 7 Apr 2023 15:25:46 +0000 (16:25 +0100)] 
Update sample ldap module to reflect trunk parameters

Aligned with fr_trunk_config CONF_PARSER

3 years agoAvoid NULL pointer error
Nick Porter [Thu, 13 Apr 2023 17:23:42 +0000 (18:23 +0100)] 
Avoid NULL pointer error

3 years agoFree redis result on failure paths
Nick Porter [Thu, 13 Apr 2023 16:19:14 +0000 (17:19 +0100)] 
Free redis result on failure paths

3 years agoFree previous redis result before retrieving another
Nick Porter [Thu, 13 Apr 2023 16:18:33 +0000 (17:18 +0100)] 
Free previous redis result before retrieving another

3 years agoredis: Don't allocate a default section
Arran Cudbard-Bell [Thu, 13 Apr 2023 11:41:10 +0000 (21:41 +1000)] 
redis: Don't allocate a default section

3 years agoredis ippool: Need the delay module here too
Arran Cudbard-Bell [Thu, 13 Apr 2023 11:06:12 +0000 (21:06 +1000)] 
redis ippool: Need the delay module here too

3 years agoredis: If remap fails because the connection is bad, don't leave the stale connection...
Arran Cudbard-Bell [Thu, 13 Apr 2023 10:57:07 +0000 (20:57 +1000)] 
redis: If remap fails because the connection is bad, don't leave the stale connection open

3 years agoredis: Fix remap rate limit
Arran Cudbard-Bell [Thu, 13 Apr 2023 10:55:43 +0000 (20:55 +1000)] 
redis: Fix remap rate limit

3 years agoredis: Fix const issue
Arran Cudbard-Bell [Thu, 13 Apr 2023 10:22:15 +0000 (20:22 +1000)] 
redis: Fix const issue

3 years agoredis: Version specific fixes in redis-setup.sh
Arran Cudbard-Bell [Thu, 13 Apr 2023 10:13:52 +0000 (20:13 +1000)] 
redis: Version specific fixes in redis-setup.sh

3 years agoredis: Add the ability to add xlat wrappers which allow lua functions to be called...
Arran Cudbard-Bell [Thu, 13 Apr 2023 05:55:59 +0000 (15:55 +1000)] 
redis: Add the ability to add xlat wrappers which allow lua functions to be called on the redis cluster

3 years agoredis: Fix node fail test to be more reliable
Arran Cudbard-Bell [Thu, 13 Apr 2023 07:43:41 +0000 (17:43 +1000)] 
redis: Fix node fail test to be more reliable

3 years agoredis: Fixup redis setup script to enable debug commands
Arran Cudbard-Bell [Thu, 13 Apr 2023 07:39:41 +0000 (17:39 +1000)] 
redis: Fixup redis setup script to enable debug commands

3 years agoredis: Fix timing issues in cluster reset
Arran Cudbard-Bell [Thu, 13 Apr 2023 07:11:06 +0000 (17:11 +1000)] 
redis: Fix timing issues in cluster reset

It takes 5-6 seconds for replicas to appear in the output of cluster slots

3 years agoredis: No need to mangle this for other platforms
Arran Cudbard-Bell [Thu, 13 Apr 2023 06:49:31 +0000 (16:49 +1000)] 
redis: No need to mangle this for other platforms

3 years agobuild: Document RELEASE=1 and RELEASE=0
Arran Cudbard-Bell [Wed, 12 Apr 2023 01:16:14 +0000 (11:16 +1000)] 
build: Document RELEASE=1 and RELEASE=0