| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
We're moving x509 and psk config from rs_realm to rs_peer while
allowing these to be configured on the realm level and overriden at
peer level.
Also, add support for printing the read configuration, for debugging.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/include/radsec/radsec.h
Original commit message (1e3a2613):
Rename most 'package' to 'message'.
RADIUS (RFC2865) is defined to be transported over UDP so the term
"radius packet" makes a lot of sense. RADIUS/TCP (RFC6613) and
RADIUS/TLS (RFC6614), a.k.a. RadSec, use stream transport protocols
though. The term "message" doesn't imply any kind of transport -- a
message can be sent using datagrams as well as in a stream.
This (large) commit changes 'package' to 'message' where it makes
sense. It does not touch the 'radius' subdirectory. It includes
preprocessor directives (#define) to make the public interface
compatible with previous releases of the library.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RADIUS (RFC2865) is defined to be transported over UDP so the term
"radius packet" makes a lot of sense. RADIUS/TCP (RFC6613) and
RADIUS/TLS (RFC6614), a.k.a. RadSec, use stream transport protocols
though. The term "message" doesn't imply any kind of transport -- a
message can be sent using datagrams as well as in a stream.
This (large) commit changes 'package' to 'message' where it makes
sense. It does not touch the 'radius' subdirectory. It includes
preprocessor directives (#define) to make the public interface
compatible with previous releases of the library.
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
| |
Uppercase to make them appear as the constants they are, as opposed to
variables.
Remove 'flag' suffix, typically used for variables.
Spell out HEADER.
|
| |
|
|
|
|
| |
And distribute LICENSE and HACKING.
|
|
|
|
|
|
|
|
|
|
| |
The functions are rs_packet_create_authn_request() and
rs_request_create_authn().
Attributes of type PW_USER_PASSWORD are supposed to be MD5
obfuscated (see vp2data_any()).
NOTE: This is a non-backward compatible API change.
|
|\ |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/configure.ac
lib/include/radsec/radsec.h
lib/radius/client.h
|
| | |
|
| | |
|
| |
| |
| |
| | |
Also add error text for missing RSE_CRED.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to resolve DNS names when reading configuration. We now do it
in event_init_socket() and cache the result in the connection object.
The imminent need for changing this is to keep host names around for
X509 certificate verification (CNAME and subjectAltName). This will
also help later when we implement server failover (and later, when
people want to do more dynamic configuration, f.ex. NAPTR).
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
Use rs_context_create() to read FreeRADIUS dictionary, possibly by
taking dict file from configuration file.
CONFIG CHANGE: s/config/realm/g.
|
|
|
|
|
|
|
| |
A new API for attributes will be added once we've decided how to deal
with RADIUS packets internally. For now, removing the half baked
wrapping seems more sensible than trying to free rs_attr objects and
their VALUE_PAIR's.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Also, rename enum rs_err_code to not collide with the function named
the same.
|
|
|
|
| |
TODO: UDP.
|
|
|
|
| |
More to be done here!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the user_dispatch_flag on connections with
conn_user_dispatch_p().
Remove the 'original' member from packet and instead have an upper
layer verify.
Rename packet valid_flag --> received_flag to reflect that we don't
verify.
Move _close_conn() --> conn_close().
Move packet flags into a single unsigned int, for portability.
(_read_packet): Don't verify packet.
(rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet.
(rs_conn_receive_packet): Verify packet using packet_verify_response().
|
| |
|
|
|
|
| |
Sending, no retransmitting and no receiving.
|
| |
|
| |
|
|
|
|
| |
Split timeout errors in connecting and I/O.
|
|
|
|
|
| |
Remove RSE_SOME_ERROR.
rs_tls_init: Push SSL error stack on libradsec error stack.
|
| |
|
| |
|
|
|
|
| |
Also add a "bare" create request function.
|
|
|
|
|
| |
Move peer (former server) things to new file peer.c.
Update examples.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In blocking mode, breaking the event loop with loopbreak will probably
be needed for exceptions like timeout so we shouldn't use it for
breaking the loop and signalling success.
In the user callbaks used in blocking mode (_rcb and _wcb), disable
read and write events on the event buffer. This will stop the loop.
Also, set a flag in the packet struct to signal success.
In the "low level callbacks" (_read_cb and _write_cb), enable read or
write, accordingly.
|
|
|
|
|
|
|
|
| |
'timeout' and 'tries' move from 'server' stanza to top. 'tries' is
now 'retries'.
Moving around in internal data structs, making struct peer strictly config.
Bug fixes in configuration code.
Adding some more cleanup code, freeing allocated memory (still not done!).
|
|
|
|
|
|
|
|
|
|
|
|
| |
All aborts are removed, as well as all asserts which aren't
programming errors.
When an invalid packet is received, the connection is closed, as per
draft-ietf-radext-tcp-transport-08 (2.6.4).
Use new rs_debug() macro rather than fprintf() for debug printouts.
Coding style overhaul.
|
| |
|
| |
|