Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add msg-id to debug log outputmauchle-radsecproxy-60 | Fabian Mauchle | 2017-08-01 | 1 | -3/+2 |
| | |||||
* | make sure rq->to is set to NULL when cleaning up server output queue | Fabian Mauchle | 2017-03-10 | 1 | -2/+1 |
| | |||||
* | Revert partial fix for RADSECPROXY-69 (98d7bbe). | Linus Nordberg | 2016-11-01 | 1 | -2/+3 |
| | | | | This was potentially making things worse. | ||||
* | Look at servers->dynamiclookuparg for deciding if a server is dynamic. | Linus Nordberg | 2016-11-01 | 1 | -1/+1 |
| | | | | | | | | | | The dynamiclookupcommand member of the _config_ of the server is being set to NULL when it's copied in confserver_cb(), resulting in dynamic discovery being done for realms that already have a server. Patch from Fabian Mauchle. Addresses RADSECPROXY-69. | ||||
* | Remove --enable-experimental-dyndisc build config knob. | Linus Nordberg | 2016-11-01 | 1 | -38/+1 |
| | | | | | Be aware that use of the DynamicLookupCommand configuration option still enables code known to be buggy. | ||||
* | Assert that the server argument is non-NULL. | Linus Nordberg | 2016-10-06 | 1 | -0/+1 |
| | |||||
* | Don't follow the NULL pointer. | Linus Nordberg | 2016-10-06 | 1 | -1/+2 |
| | | | | | In practice, sendrq() is called from two functions, radsrv() and clientwr(), none of which should be able to pass rq->to == NULL. | ||||
* | Require libnettle unconditionally.openssl11-rebased | Linus Nordberg | 2016-09-21 | 1 | -14/+0 |
| | |||||
* | Use libnettle instead of libcrypto (from openssl) for MD5 and HMAC(MD5). | Linus Nordberg | 2016-09-21 | 1 | -69/+31 |
| | | | | | | | | | The HMAC_ and EVP_MD_ API:s changed in OpenSSL 1.1 in a way that made it unfeasable to support both older and newer OpenSSL. Radsecproxy already depends on libnettle for Fticks. Moving away from libcrypto makes it easier to add support for other TLS libraries than OpenSSL. | ||||
* | EVP_MD_CTX and HMAC_CTX are now pointers. | Linus Nordberg | 2016-09-21 | 1 | -57/+58 |
| | | | | | | | NOTE: pwdcrypt(), msmppencrypt(), msmppdecrypt(), _checkmsgauth(), _validauth() _createmessageauth() and _radsign() all become slightly more expensive since we're now allocating and freeing an EVP_MD_CTX or HMAC_CTX on each invocation. | ||||
* | Remove openssl thread lock handling. | Linus Nordberg | 2016-09-21 | 1 | -25/+0 |
| | | | | | openssl-1.1 uses a new threading API which makes manual locking wrt openssl not necessary. | ||||
* | Don't call ERR_remove_thread_state(). | Linus Nordberg | 2016-09-21 | 1 | -1/+0 |
| | | | | | Not needed as of openssl-1.1, see https://www.openssl.org/docs/man1.1.0/crypto/ERR_remove_thread_state.html | ||||
* | Use ERR_remove_thread_state() instead of ERR_remove_state(). | Linus Nordberg | 2016-09-21 | 1 | -1/+1 |
| | |||||
* | Merge branch 'docu' | Linus Nordberg | 2015-01-22 | 1 | -0/+3 |
|\ | |||||
| * | Add comments on functions. | Linus Nordberg | 2015-01-16 | 1 | -0/+3 |
| | | |||||
* | | Fix null pointer dereference in decttl(). | Linus Nordberg | 2015-01-16 | 1 | -0/+3 |
| | | | | | | | | Patch by Stephen Röttger. | ||||
* | | Fix use-after-free in _internal_removeserversubrealms(). | Linus Nordberg | 2015-01-16 | 1 | -2/+5 |
|/ | | | | Patch by Stephen Röttger. | ||||
* | Fix some issues showing when DEBUG is defined. | Linus Nordberg | 2015-01-16 | 1 | -5/+4 |
| | |||||
* | Update copyright notice. | Linus Nordberg | 2015-01-16 | 1 | -1/+1 |
| | |||||
* | When CHAP-Password, copy Request Authenticator to CHAP-Challenge. | Linus Nordberg | 2015-01-16 | 1 | -0/+22 |
| | |||||
* | Be consistent with naming of attribute defines. | Linus Nordberg | 2015-01-16 | 1 | -1/+1 |
| | |||||
* | Have rewriteIn for servers use the correct config section. | Linus Nordberg | 2015-01-14 | 1 | -2/+3 |
| | |||||
* | Keep Proxy-State attributes in all replies to clients. | Linus Nordberg | 2013-09-05 | 1 | -5/+13 |
| | | | | Closes RADSECPROXY-52. | ||||
* | Improve warning message when failing to resolve a dynamic server config. | Linus Nordberg | 2013-08-27 | 1 | -2/+2 |
| | |||||
* | Don't free struct clsrvconf members rewritein and rewriteout. | Linus Nordberg | 2013-08-26 | 1 | -2/+2 |
| | | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle. | ||||
* | Purge the duplication cache once per received packet. | Linus Nordberg | 2013-08-26 | 1 | -0/+17 |
| | |||||
* | Return free memory more aggressively.pthread_create_attr | Linus Nordberg | 2013-08-26 | 1 | -0/+7 |
| | | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle. | ||||
* | Create threads with a 32 KB stack rather than what happens to be the default. | Linus Nordberg | 2013-08-26 | 1 | -5/+10 |
| | | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle. | ||||
* | Honour escaped slashes in regular expressions.RADSECPROXY-51 | Linus Nordberg | 2013-05-31 | 1 | -1/+3 |
| | | | | Closes RADSECPROXY-51. | ||||
* | Adjust copyright lines to reflect git (svn) history of each and every file. | Linus Nordberg | 2012-11-12 | 1 | -1/+1 |
| | | | | | | The LICENSE file still aims to reflect a summary of all files. The LICENSE file was changed to not include year 2006 since there was no evidence in git (svn) of any contributions from that year. | ||||
* | Formatting changes.licensing-nogpl | Linus Nordberg | 2012-09-25 | 1 | -2/+2 |
| | | | | | | | | | And, actually, a typo in catgconf.c. Cherry-picked b712a6bf from branch 'licensing'. Conflicts: LICENSE | ||||
* | Remove the "Code contributions from" block from three files. | Linus Nordberg | 2012-09-17 | 1 | -8/+0 |
| | | | | | | | The contributors are mentioned in AUTHORS and these blocks are not being maintained. Info about what person has written what in source files should be obtained through the source control management system (i.e. git). | ||||
* | Remove the second copyright line, with both UNINETT and NORDUnet. | Linus Nordberg | 2012-09-17 | 1 | -1/+0 |
| | | | | The overlap is clearly expressed without it. | ||||
* | Remove Stig from first copyright line. | Linus Nordberg | 2012-09-17 | 1 | -1/+1 |
| | |||||
* | Update copyright and licensing information. | Linus Nordberg | 2012-09-14 | 1 | -8/+4 |
| | | | | | | Note that this change makes all files carry the same copyright info, regardless of when they've been touched. People interested in more detail will have to consult the commit history. | ||||
* | Release a lock. | Linus Nordberg | 2012-04-27 | 1 | -0/+1 |
| | | | | Patch from Ralf Paffrath <paffrath@dfn.de>. | ||||
* | Add experimental code for dynamic discovery (only if ↵ | Linus Nordberg | 2012-04-26 | 1 | -4/+41 |
| | | | | | | ENABLE_EXPERIMENTAL_DYNDISC). Patch from Ralf Paffrath <paffrath@dfn.de>. | ||||
* | Initialize ipv4only and ipv6only.selectfamily | Linus Nordberg | 2012-04-17 | 1 | -2/+2 |
| | |||||
* | Add top-level config options IPv4Only and IPv6Only. | Linus Nordberg | 2012-04-17 | 1 | -3/+17 |
| | | | | | | Related to RADSECPROXY-37. TODO: Add documentation. | ||||
* | Add client and server config options IPv4Only and IPv6Only. | Linus Nordberg | 2012-04-17 | 1 | -4/+32 |
| | | | | | | Related to RADSECPROXY-37. TODO: Add documentation. | ||||
* | Block a dynamic server for 15 minutes if it's not working. | Linus Nordberg | 2012-04-16 | 1 | -1/+1 |
| | | | | This is the old number. We used 1 minute during testing. | ||||
* | Don't treat exit 10 from dynamic scripts differently from any other non-zero ↵ | Linus Nordberg | 2012-04-12 | 1 | -8/+3 |
| | | | | | | | | | | | code. clientwr() should treat the dynamic lookup as a failure and will not be any happier to know that the exact error was that it didn't resolv. The script can do whatever logging is wanted. That said, this commit also makes the scripts exit with 10 in order to signal failure. | ||||
* | Keep track of a failing dynamic server and don't use it while failing. | Linus Nordberg | 2012-04-12 | 1 | -8/+35 |
| | | | | | | | | | | Also, sleep less than 15 minutes (900s), mainly for testing. This number will change. Also, die hard and explicitly if freeing an already freed config in freeclsrvconf(). This is part of fixing RADSECPROXY-33. | ||||
* | Add/update copyright years. | Linus Nordberg | 2012-04-12 | 1 | -1/+1 |
| | |||||
* | Add config option PidFile. | Linus Nordberg | 2012-04-11 | 1 | -0/+3 |
| | | | | | | Note that `-i' on the command line overrides this config option. This closes RADSECPROXY-32. | ||||
* | Copy three missing clsrvconf members when "merging configurations". | Linus Nordberg | 2012-04-10 | 1 | -1/+4 |
| | |||||
* | Don't free memory which others are still using. | Linus Nordberg | 2012-04-09 | 1 | -1/+2 |
| | | | | | | In the error case in confserver_cb() where compileserverconfig() we used to go to errexit and have resonf, passed as an argument through ARG, freed. Other parts are still using that conf. | ||||
* | Fix two error printouts. | Linus Nordberg | 2012-04-08 | 1 | -2/+2 |
| | |||||
* | New option for client block - fticksVISINST | Maja Gorecka-Wolniewicz | 2011-12-21 | 1 | -0/+1 |
| | |||||
* | Merge branch 'fticks_syslog2' | Linus Nordberg | 2011-12-12 | 1 | -2/+13 |
|\ |