summaryrefslogtreecommitdiff
path: root/radsecproxy.c
Commit message (Collapse)AuthorAgeFilesLines
* Look at servers->dynamiclookuparg for deciding if a server is dynamic.radsecproxy-69Linus Nordberg2017-08-061-1/+1
| | | | | | | | | | The dynamiclookupcommand member of the _config_ of the server is being set to NULL when it's copied in confserver_cb(), resulting in dynamic discovery being done for realms that already have a server. Patch from Fabian Mauchle. Addresses RADSECPROXY-69.
* replace server states with enumFabian Mauchle2017-08-061-16/+12
|
* proposed fix for RADSECPROXY-71Fabian Mauchle2017-08-061-3/+4
| | | | | | | | never set clsrvconf->servers=null after it has been properly set up. set servers->dynfailing=1 instead Conflicts: radsecproxy.c
* Move allocation of memory to not have to free in error case.Linus Nordberg2017-08-011-7/+6
|
* Check return value from setsockopt().Linus Nordberg2017-08-011-2/+4
| | | | coverity: 1449508, 1449522.
* Free 'in' in success case too.Linus Nordberg2017-08-011-0/+1
| | | | coverity: 1449514
* Revert ed6f9b47.Linus Nordberg2017-08-011-2/+1
| | | | | | | Going to errexit doesn't free resconf as that commit claims. It does free conf though, which is good. coverity: 1449524
* Don't pthread_join unless we actually created a thread.Linus Nordberg2017-08-011-1/+2
| | | | coverity: 1449504
* maketlv() makes a copy of v, so free it.Linus Nordberg2017-08-011-3/+2
| | | | coverity: 1449503
* Add mutex guarding realm refcount.Linus Nordberg2017-08-011-3/+11
| | | | NOTE: Only guarding writes.
* add msg-id to debug log outputFabian Mauchle2017-08-011-3/+2
|
* make sure rq->to is set to NULL when cleaning up server output queueFabian Mauchle2017-03-101-2/+1
|
* Revert partial fix for RADSECPROXY-69 (98d7bbe).Linus Nordberg2016-11-011-2/+3
| | | | This was potentially making things worse.
* Look at servers->dynamiclookuparg for deciding if a server is dynamic.Linus Nordberg2016-11-011-1/+1
| | | | | | | | | | The dynamiclookupcommand member of the _config_ of the server is being set to NULL when it's copied in confserver_cb(), resulting in dynamic discovery being done for realms that already have a server. Patch from Fabian Mauchle. Addresses RADSECPROXY-69.
* Remove --enable-experimental-dyndisc build config knob.Linus Nordberg2016-11-011-38/+1
| | | | | Be aware that use of the DynamicLookupCommand configuration option still enables code known to be buggy.
* Assert that the server argument is non-NULL.Linus Nordberg2016-10-061-0/+1
|
* Don't follow the NULL pointer.Linus Nordberg2016-10-061-1/+2
| | | | | In practice, sendrq() is called from two functions, radsrv() and clientwr(), none of which should be able to pass rq->to == NULL.
* Require libnettle unconditionally.Linus Nordberg2016-09-211-14/+0
|
* Use libnettle instead of libcrypto (from openssl) for MD5 and HMAC(MD5).Linus Nordberg2016-09-211-69/+31
| | | | | | | | | The HMAC_ and EVP_MD_ API:s changed in OpenSSL 1.1 in a way that made it unfeasable to support both older and newer OpenSSL. Radsecproxy already depends on libnettle for Fticks. Moving away from libcrypto makes it easier to add support for other TLS libraries than OpenSSL.
* EVP_MD_CTX and HMAC_CTX are now pointers.Linus Nordberg2016-09-211-57/+58
| | | | | | | NOTE: pwdcrypt(), msmppencrypt(), msmppdecrypt(), _checkmsgauth(), _validauth() _createmessageauth() and _radsign() all become slightly more expensive since we're now allocating and freeing an EVP_MD_CTX or HMAC_CTX on each invocation.
* Remove openssl thread lock handling.Linus Nordberg2016-09-211-25/+0
| | | | | openssl-1.1 uses a new threading API which makes manual locking wrt openssl not necessary.
* Don't call ERR_remove_thread_state().Linus Nordberg2016-09-211-1/+0
| | | | | Not needed as of openssl-1.1, see https://www.openssl.org/docs/man1.1.0/crypto/ERR_remove_thread_state.html
* Use ERR_remove_thread_state() instead of ERR_remove_state().Linus Nordberg2016-09-211-1/+1
|
* Merge branch 'docu'Linus Nordberg2015-01-221-0/+3
|\
| * Add comments on functions.Linus Nordberg2015-01-161-0/+3
| |
* | Fix null pointer dereference in decttl().Linus Nordberg2015-01-161-0/+3
| | | | | | | | Patch by Stephen Röttger.
* | Fix use-after-free in _internal_removeserversubrealms().Linus Nordberg2015-01-161-2/+5
|/ | | | Patch by Stephen Röttger.
* Fix some issues showing when DEBUG is defined.Linus Nordberg2015-01-161-5/+4
|
* Update copyright notice.Linus Nordberg2015-01-161-1/+1
|
* When CHAP-Password, copy Request Authenticator to CHAP-Challenge.Linus Nordberg2015-01-161-0/+22
|
* Be consistent with naming of attribute defines.Linus Nordberg2015-01-161-1/+1
|
* Have rewriteIn for servers use the correct config section.Linus Nordberg2015-01-141-2/+3
|
* Keep Proxy-State attributes in all replies to clients.Linus Nordberg2013-09-051-5/+13
| | | | Closes RADSECPROXY-52.
* Improve warning message when failing to resolve a dynamic server config.Linus Nordberg2013-08-271-2/+2
|
* Don't free struct clsrvconf members rewritein and rewriteout.Linus Nordberg2013-08-261-2/+2
| | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle.
* Purge the duplication cache once per received packet.Linus Nordberg2013-08-261-0/+17
|
* Return free memory more aggressively.Linus Nordberg2013-08-261-0/+7
| | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle.
* Create threads with a 32 KB stack rather than what happens to be the default.Linus Nordberg2013-08-261-5/+10
| | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle.
* Honour escaped slashes in regular expressions.Linus Nordberg2013-05-311-1/+3
| | | | Closes RADSECPROXY-51.
* Adjust copyright lines to reflect git (svn) history of each and every file.Linus Nordberg2012-11-121-1/+1
| | | | | | The LICENSE file still aims to reflect a summary of all files. The LICENSE file was changed to not include year 2006 since there was no evidence in git (svn) of any contributions from that year.
* Formatting changes.Linus Nordberg2012-09-251-2/+2
| | | | | | | | | And, actually, a typo in catgconf.c. Cherry-picked b712a6bf from branch 'licensing'. Conflicts: LICENSE
* Remove the "Code contributions from" block from three files.Linus Nordberg2012-09-171-8/+0
| | | | | | | The contributors are mentioned in AUTHORS and these blocks are not being maintained. Info about what person has written what in source files should be obtained through the source control management system (i.e. git).
* Remove the second copyright line, with both UNINETT and NORDUnet.Linus Nordberg2012-09-171-1/+0
| | | | The overlap is clearly expressed without it.
* Remove Stig from first copyright line.Linus Nordberg2012-09-171-1/+1
|
* Update copyright and licensing information.Linus Nordberg2012-09-141-8/+4
| | | | | | Note that this change makes all files carry the same copyright info, regardless of when they've been touched. People interested in more detail will have to consult the commit history.
* Release a lock.Linus Nordberg2012-04-271-0/+1
| | | | Patch from Ralf Paffrath <paffrath@dfn.de>.
* Add experimental code for dynamic discovery (only if ↵Linus Nordberg2012-04-261-4/+41
| | | | | | ENABLE_EXPERIMENTAL_DYNDISC). Patch from Ralf Paffrath <paffrath@dfn.de>.
* Initialize ipv4only and ipv6only.Linus Nordberg2012-04-171-2/+2
|
* Add top-level config options IPv4Only and IPv6Only.Linus Nordberg2012-04-171-3/+17
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
* Add client and server config options IPv4Only and IPv6Only.Linus Nordberg2012-04-171-4/+32
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
generated by cgit v1.1 at 2024-10-06 08:30:33 +0000