summaryrefslogtreecommitdiff
path: root/radsecproxy.c
Commit message (Collapse)AuthorAgeFilesLines
* Assert that the server argument is non-NULL.Linus Nordberg2016-10-061-0/+1
|
* Don't follow the NULL pointer.Linus Nordberg2016-10-061-1/+2
| | | | | In practice, sendrq() is called from two functions, radsrv() and clientwr(), none of which should be able to pass rq->to == NULL.
* Require libnettle unconditionally.openssl11-rebasedLinus Nordberg2016-09-211-14/+0
|
* Use libnettle instead of libcrypto (from openssl) for MD5 and HMAC(MD5).Linus Nordberg2016-09-211-69/+31
| | | | | | | | | The HMAC_ and EVP_MD_ API:s changed in OpenSSL 1.1 in a way that made it unfeasable to support both older and newer OpenSSL. Radsecproxy already depends on libnettle for Fticks. Moving away from libcrypto makes it easier to add support for other TLS libraries than OpenSSL.
* EVP_MD_CTX and HMAC_CTX are now pointers.Linus Nordberg2016-09-211-57/+58
| | | | | | | NOTE: pwdcrypt(), msmppencrypt(), msmppdecrypt(), _checkmsgauth(), _validauth() _createmessageauth() and _radsign() all become slightly more expensive since we're now allocating and freeing an EVP_MD_CTX or HMAC_CTX on each invocation.
* Remove openssl thread lock handling.Linus Nordberg2016-09-211-25/+0
| | | | | openssl-1.1 uses a new threading API which makes manual locking wrt openssl not necessary.
* Don't call ERR_remove_thread_state().Linus Nordberg2016-09-211-1/+0
| | | | | Not needed as of openssl-1.1, see https://www.openssl.org/docs/man1.1.0/crypto/ERR_remove_thread_state.html
* Use ERR_remove_thread_state() instead of ERR_remove_state().Linus Nordberg2016-09-211-1/+1
|
* Merge branch 'docu'Linus Nordberg2015-01-221-0/+3
|\
| * Add comments on functions.Linus Nordberg2015-01-161-0/+3
| |
* | Fix null pointer dereference in decttl().Linus Nordberg2015-01-161-0/+3
| | | | | | | | Patch by Stephen Röttger.
* | Fix use-after-free in _internal_removeserversubrealms().Linus Nordberg2015-01-161-2/+5
|/ | | | Patch by Stephen Röttger.
* Fix some issues showing when DEBUG is defined.Linus Nordberg2015-01-161-5/+4
|
* Update copyright notice.Linus Nordberg2015-01-161-1/+1
|
* When CHAP-Password, copy Request Authenticator to CHAP-Challenge.Linus Nordberg2015-01-161-0/+22
|
* Be consistent with naming of attribute defines.Linus Nordberg2015-01-161-1/+1
|
* Have rewriteIn for servers use the correct config section.Linus Nordberg2015-01-141-2/+3
|
* Keep Proxy-State attributes in all replies to clients.Linus Nordberg2013-09-051-5/+13
| | | | Closes RADSECPROXY-52.
* Improve warning message when failing to resolve a dynamic server config.Linus Nordberg2013-08-271-2/+2
|
* Don't free struct clsrvconf members rewritein and rewriteout.Linus Nordberg2013-08-261-2/+2
| | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle.
* Purge the duplication cache once per received packet.Linus Nordberg2013-08-261-0/+17
|
* Return free memory more aggressively.pthread_create_attrLinus Nordberg2013-08-261-0/+7
| | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle.
* Create threads with a 32 KB stack rather than what happens to be the default.Linus Nordberg2013-08-261-5/+10
| | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle.
* Honour escaped slashes in regular expressions.RADSECPROXY-51Linus Nordberg2013-05-311-1/+3
| | | | Closes RADSECPROXY-51.
* Adjust copyright lines to reflect git (svn) history of each and every file.Linus Nordberg2012-11-121-1/+1
| | | | | | The LICENSE file still aims to reflect a summary of all files. The LICENSE file was changed to not include year 2006 since there was no evidence in git (svn) of any contributions from that year.
* Formatting changes.licensing-nogplLinus Nordberg2012-09-251-2/+2
| | | | | | | | | And, actually, a typo in catgconf.c. Cherry-picked b712a6bf from branch 'licensing'. Conflicts: LICENSE
* Remove the "Code contributions from" block from three files.Linus Nordberg2012-09-171-8/+0
| | | | | | | The contributors are mentioned in AUTHORS and these blocks are not being maintained. Info about what person has written what in source files should be obtained through the source control management system (i.e. git).
* Remove the second copyright line, with both UNINETT and NORDUnet.Linus Nordberg2012-09-171-1/+0
| | | | The overlap is clearly expressed without it.
* Remove Stig from first copyright line.Linus Nordberg2012-09-171-1/+1
|
* Update copyright and licensing information.Linus Nordberg2012-09-141-8/+4
| | | | | | Note that this change makes all files carry the same copyright info, regardless of when they've been touched. People interested in more detail will have to consult the commit history.
* Release a lock.Linus Nordberg2012-04-271-0/+1
| | | | Patch from Ralf Paffrath <paffrath@dfn.de>.
* Add experimental code for dynamic discovery (only if ↵Linus Nordberg2012-04-261-4/+41
| | | | | | ENABLE_EXPERIMENTAL_DYNDISC). Patch from Ralf Paffrath <paffrath@dfn.de>.
* Initialize ipv4only and ipv6only.selectfamilyLinus Nordberg2012-04-171-2/+2
|
* Add top-level config options IPv4Only and IPv6Only.Linus Nordberg2012-04-171-3/+17
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
* Add client and server config options IPv4Only and IPv6Only.Linus Nordberg2012-04-171-4/+32
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
* Block a dynamic server for 15 minutes if it's not working.Linus Nordberg2012-04-161-1/+1
| | | | This is the old number. We used 1 minute during testing.
* Don't treat exit 10 from dynamic scripts differently from any other non-zero ↵Linus Nordberg2012-04-121-8/+3
| | | | | | | | | | | code. clientwr() should treat the dynamic lookup as a failure and will not be any happier to know that the exact error was that it didn't resolv. The script can do whatever logging is wanted. That said, this commit also makes the scripts exit with 10 in order to signal failure.
* Keep track of a failing dynamic server and don't use it while failing.Linus Nordberg2012-04-121-8/+35
| | | | | | | | | | Also, sleep less than 15 minutes (900s), mainly for testing. This number will change. Also, die hard and explicitly if freeing an already freed config in freeclsrvconf(). This is part of fixing RADSECPROXY-33.
* Add/update copyright years.Linus Nordberg2012-04-121-1/+1
|
* Add config option PidFile.Linus Nordberg2012-04-111-0/+3
| | | | | | Note that `-i' on the command line overrides this config option. This closes RADSECPROXY-32.
* Copy three missing clsrvconf members when "merging configurations".Linus Nordberg2012-04-101-1/+4
|
* Don't free memory which others are still using.Linus Nordberg2012-04-091-1/+2
| | | | | | In the error case in confserver_cb() where compileserverconfig() we used to go to errexit and have resonf, passed as an argument through ARG, freed. Other parts are still using that conf.
* Fix two error printouts.Linus Nordberg2012-04-081-2/+2
|
* New option for client block - fticksVISINSTMaja Gorecka-Wolniewicz2011-12-211-0/+1
|
* Merge branch 'fticks_syslog2'Linus Nordberg2011-12-121-2/+13
|\
| * Reorder fticks command line options.Linus Nordberg2011-12-121-1/+1
| |
| * Rename DEBUG_LOG and FTICKS_LOG.Linus Nordberg2011-12-121-2/+3
| |
| * cosmeticsLinus Nordberg2011-12-121-6/+8
| |
| * F-Ticks logging changesMaja Gorecka-Wolniewicz2011-12-121-3/+11
| |
* | Use correct capitalisation for defaultClient and defaultServer.Linus Nordberg2011-12-121-4/+12
|/ | | | | | Used in 'tls defaultClient' and 'tls defaultServer' configuration blocks. Reported by Maja Gorecka-Wolniewicz.
generated by cgit v1.1 at 2024-12-26 22:14:46 +0000