Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Don't follow the NULL pointer, not even in debug printouts. | Linus Nordberg | 2017-08-02 | 3 | -1/+6 |
| | | | | | | Bug reported by Leonhard Knauff. Closes RADSECPROXY-68. | ||||
* | Use a listen(2) backlog of 128. | Linus Nordberg | 2017-08-02 | 3 | -2/+5 |
| | | | | | | | | | | | | | | | | | | | | There's a chance that incoming (legitimate) connections arrive faster than what it takes to spawn a new thread and get back to listen(). Therefore we should ask the stack to queue at least one entry, i.e. use a backlog value of at least 1. There's arguable also a chance of more than two concurrent incoming connections, which would make a case for a backlog value greater than one. A reasonable high value seems to be 128, which also is what SOMAXCONN is on many unix systems. In the choice between 1 and 128, an argument against the higher value is that it may mask the potential problem of spending a long time serving incoming connections. Being reasonably confident that radsecproxy is efficient when it comes to serving incoming connections, by handing them off to a newly spawned thread, I think that 128 is a fine choice. Closes RADSECPROXY-72. | ||||
* | Update ChangeLog with -77. | Linus Nordberg | 2017-08-02 | 1 | -0/+1 |
| | |||||
* | Merge branch 'RADSECPROXY-77' into maint-1.6 | Linus Nordberg | 2017-08-02 | 2 | -3/+12 |
|\ | |||||
| * | Add mutex guarding realm refcount.RADSECPROXY-77 | Linus Nordberg | 2017-07-28 | 2 | -3/+12 |
| | | |||||
* | | Update ChangeLog. | Linus Nordberg | 2017-08-01 | 1 | -0/+1 |
| | | |||||
* | | Move allocation of memory, making error case simpler. | Linus Nordberg | 2017-08-01 | 1 | -7/+6 |
| | | |||||
* | | Make warning about failing IPV6_V6ONLY info level. | Linus Nordberg | 2017-08-01 | 1 | -1/+1 |
| | | | | | | | | | | | | We might have a bug where bindtoaddr() tries to set V6ONLY on IPv4 sockets. Until that's been resolved, don't alarm users on debug level 'warning'. | ||||
* | | Verify return code from fcntl calls. | Linus Nordberg | 2017-08-01 | 1 | -2/+10 |
| | | | | | | | | | | | | | | Have connectnonblocking() warn and fail if setting O_NONBLOCK fails. Have it warn if restoring of flags fail. coverity: 1449515 | ||||
* | | Cleanup varargs in error case too. | Linus Nordberg | 2017-08-01 | 1 | -0/+1 |
| | | | | | | | | coverity: 1449517 | ||||
* | | Don't use 'out' if malloc fails. | Linus Nordberg | 2017-08-01 | 1 | -8/+8 |
| | | | | | | | | coverity: 1449518 | ||||
* | | Don't risk calling _validauth() with sec == NULL. | Linus Nordberg | 2017-08-01 | 1 | -1/+1 |
| | | | | | | | | | | | | | | buf2radmsg() is never called with rqauth != NULL and secret == NULL but let's protect against future callers. coverity: 1449519 | ||||
* | | Check return value from setsockopt(). | Linus Nordberg | 2017-08-01 | 2 | -4/+8 |
| | | | | | | | | coverity: 1449508, 1449522. | ||||
* | | Dont deref 'to' if it's NULL. | Linus Nordberg | 2017-08-01 | 1 | -1/+2 |
| | | | | | | | | coverity: 1450948 | ||||
* | | Don't use r if malloc fails. | Linus Nordberg | 2017-08-01 | 1 | -2/+4 |
| | | | | | | | | coverity: 1450949 | ||||
* | | Free 'in' in success case too. | Linus Nordberg | 2017-08-01 | 1 | -0/+1 |
| | | | | | | | | coverity: 1449514 | ||||
* | | Revert ed6f9b47. | Linus Nordberg | 2017-08-01 | 1 | -2/+1 |
| | | | | | | | | | | | | | | Going to errexit doesn't free resconf as that commit claims. It does free conf though, which is good. coverity: 1449524 | ||||
* | | Don't pthread_join unless we actually created a thread. | Linus Nordberg | 2017-08-01 | 1 | -1/+2 |
| | | | | | | | | coverity: 1449504 | ||||
* | | maketlv() makes a copy of v, so free it. | Linus Nordberg | 2017-08-01 | 1 | -3/+2 |
| | | | | | | | | coverity: 1449503 | ||||
* | | add msg-id to debug log output | Fabian Mauchle | 2017-08-01 | 2 | -3/+3 |
| | | |||||
* | | create new cert_store before reloading CAs and CRLs | Fabian Mauchle | 2017-08-01 | 2 | -0/+5 |
|/ | | | | | Conflicts: ChangeLog | ||||
* | Revert partial fix for RADSECPROXY-69 (47ccc9f). | Linus Nordberg | 2016-11-01 | 2 | -10/+1 |
| | | | | This was potentially making things worse. | ||||
* | Look at servers->dynamiclookuparg for deciding if a server is dynamic. | Linus Nordberg | 2016-11-01 | 2 | -1/+10 |
| | | | | | | | | | | The dynamiclookupcommand member of the _config_ of the server is being set to NULL when it's copied in confserver_cb(), resulting in dynamic discovery being done for realms that already have a server. Patch from Fabian Mauchle. Addresses RADSECPROXY-69. | ||||
* | Bump version to 1.6.9-dev. | Linus Nordberg | 2016-11-01 | 3 | -3/+3 |
| | |||||
* | radsecproxy-1.6.8.radsecproxy-1.6.8 | Linus Nordberg | 2016-09-21 | 4 | -4/+9 |
| | |||||
* | Stomp less on other threads memory. | Linus Nordberg | 2016-09-21 | 2 | -4/+16 |
| | | | | See RADSECPROXY-64. | ||||
* | Don't wait for _writable_ when _reading_ a TCP socket. | Linus Nordberg | 2016-09-19 | 1 | -3/+2 |
| | | | | | | Like 92a0c39a for TCP. Patch by Fabian Mauchle. | ||||
* | Fix spelling. | Linus Nordberg | 2016-03-23 | 1 | -4/+4 |
| | | | | Pointed out by Faidon Liambotis. | ||||
* | radsecproxy-1.6.7radsecproxy-1.6.7 | Linus Nordberg | 2016-03-14 | 4 | -5/+5 |
| | |||||
* | Update ChangeLog for upcoming radsecproxy-1.6.7. | Linus Nordberg | 2016-03-11 | 1 | -0/+8 |
| | |||||
* | Fix the html target. | Linus Nordberg | 2016-03-11 | 1 | -5/+6 |
| | | | | | List the three .html files. Add targets for building .html from .1 and .5. | ||||
* | #include <string.h> for memcpy() and strcmp(). | Linus Nordberg | 2016-03-11 | 2 | -0/+2 |
| | |||||
* | Use DTLS_method() for new SSL context if it exists. | Linus Nordberg | 2016-03-11 | 1 | -0/+5 |
| | | | | | Effectively turning on support for DTLS 1.2 when OpenSSL version 1.0.2 or higher. | ||||
* | Allow TLSv1.1 and TLSv1.2. | Linus Nordberg | 2016-02-25 | 1 | -1/+2 |
| | | | | | This should in theory allow for later versions of TLS too but let's verify that when the time comes. | ||||
* | Mention radsecproxy-hash(1) in radsecproxy.1. | Linus Nordberg | 2016-02-25 | 1 | -3/+2 |
| | |||||
* | Install radsecproxy.conf.5 unconditionally.radsecproxy-1.6.6 | Linus Nordberg | 2015-01-19 | 2 | -1/+3 |
| | | | | Keep regeneration of it dependent on configure finding docbook2x-man(1). | ||||
* | radsecproxy-1.6.6 | Linus Nordberg | 2015-01-19 | 4 | -5/+5 |
| | |||||
* | Refer to RFC6614 instead of the old draft. | Linus Nordberg | 2015-01-19 | 1 | -2/+2 |
| | |||||
* | ChangeLog for the four security patches. | Linus Nordberg | 2015-01-16 | 1 | -0/+4 |
| | | | | | Conflicts: ChangeLog | ||||
* | Fix heap overflow in raddtlsget(), radtcpget() and radtlsget(). | Linus Nordberg | 2015-01-16 | 3 | -0/+12 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix null pointer dereference in decttl(). | Linus Nordberg | 2015-01-16 | 1 | -0/+3 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix use-after-free in _internal_removeserversubrealms(). | Linus Nordberg | 2015-01-16 | 1 | -2/+5 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix use-after-free in hash_extract(). | Linus Nordberg | 2015-01-16 | 2 | -1/+4 |
| | | | | Patch by Stephen Röttger. | ||||
* | Remove 'compile', generated by Automake. | Linus Nordberg | 2015-01-16 | 3 | -143/+2 |
| | | | | Patch by Christian Hesse. | ||||
* | Update copyright notice. | Linus Nordberg | 2015-01-16 | 1 | -1/+1 |
| | | | | | Conflicts: radsecproxy.c | ||||
* | When CHAP-Password, copy Request Authenticator to CHAP-Challenge. | Linus Nordberg | 2015-01-16 | 3 | -0/+26 |
| | | | | | Conflicts: radmsg.h | ||||
* | radsecproxy-1.6.5 --> 1.6.6-dev | Linus Nordberg | 2015-01-14 | 3 | -3/+3 |
| | |||||
* | Have rewriteIn for servers use the correct config section. | Linus Nordberg | 2015-01-14 | 2 | -2/+10 |
| | | | | | Conflicts: ChangeLog | ||||
* | radsecproxy-1.6.5.radsecproxy-1.6.5 | Linus Nordberg | 2013-09-06 | 4 | -4/+4 |
| | |||||
* | Have radmsg_copy_attrs() return error in all error cases. | Linus Nordberg | 2013-09-06 | 1 | -4/+2 |
| | | | | Also when copying of the first attribute fails. |