summaryrefslogtreecommitdiff
path: root/usr.sbin/radiusd
AgeCommit message (Collapse)Author
2019-12-14Strip out the optional login style before looking up user in passwd.Todd C. Miller
Reported by Dennis Lindroos. OK tb@
2019-12-03don't crash with *NULL if user does not existTheo de Raadt
from discussion with jsg
2019-11-10Consistently use _rcctl enable foo_ in examples, it's simpler and lessLandry Breuil
error prone than manually editing rc.conf.local, and also works to enable ipsec and accounting. tweak from schwarze@ to use the \(dq\(dq syntax for quotes in '.Dl foo_flags="" lines' instead of \&"\&". while at it, fix a reference to a bogus /dev/dhclient.conf file that recently snuck in. ok jmc@ deraadt@ schwarze@
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
2019-04-03Fix the bug that radius module didn't work when the size of radius messageYASUOKA Masahiko
changes.
2019-04-01tweak previous;Jason McIntyre
2019-04-01Pass the debug status to modules. Also some non functional changesYASUOKA Masahiko
(comment, log message, and rearrange lines).
2019-04-01Update authenticator and message authenticator always. Previous wasYASUOKA Masahiko
to keep the original authenticators and modify them only if needed. But actually, there supposed to be no case such that the original authenticators can be used for the client. Original diff from IIJ.
2019-04-01Update radiusd.conf(5) man page and its example to recommend toYASUOKA Masahiko
surround words with double quote. Also fix a bug in the man page that module argument was missing for "module set".
2019-04-01Make "secret" become a required configuration for both client andYASUOKA Masahiko
radius module. "secret" for client was required already, but it hadn't cause an error if it's missing. Original diff from IIJ.
2019-03-31Fix a memory leak.YASUOKA Masahiko
2019-03-31Fix white spaces and a typo.YASUOKA Masahiko
2019-03-31Modify radiusd_bsdauth module to do "fork + exec" main process instead ofYASUOKA Masahiko
just fork to have separate ASLR/cookies per process. Based on claudio@ work for bgpd.
2019-03-31Remove "proc" from pledge(2) since it is not needed even ifdefYASUOKA Masahiko
RADIUSD_DEBUG.
2019-03-31Save errno before doing other things. Also add __deade for fatal() andYASUOKA Masahiko
fatalx().
2019-03-29Use u_char for buffer in yylex. This happened on the other parse.yYASUOKA Masahiko
already.
2019-03-29Add printf format attributes to yyerror() in parse.y. This happened alreadyYASUOKA Masahiko
on the other parse.y. Also fix the format warnings.
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
(and other lexers too) This commit rectifies earlier change: in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). OK deraadt@, OK millert@
2018-10-09Fix a spelling in log messages.YASUOKA Masahiko
diff from Lukasz Ratajski
2018-08-01Fix segmentation fault on radiusd(8) when exiting.Ricardo Mestre
If one of the configured modules doesn't have a secret setup then module->secret == NULL which would call strlen(NULL), within freezero(3), and that shouldn't happen, but in this case since the call is done it segfaults and the daemon is not properly shutdown. cluebat stick provided by semarie@, OK tb@ and deraadt@
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
2017-10-17add missing HISTORY; based on CVS logs and release announcementsIngo Schwarze
2017-08-21Use waitpid()/EINTR idiom for the specific pid, rather than generic wait(),Theo de Raadt
in case the parent process was started with a dangling child. This style ensures any potential parent:child interlock isn't disrupted due to the "wrong" child being waited on first. Then the other other childs can safely zombie. ok millert jca brynet
2017-06-13Initialize the length parameter for radius_get_vs_raw_attr() sinceYASUOKA Masahiko
it's read/write. diff from IIJ.
2017-05-30Don't call TAILQ_REMOVE twice. This caused radiusd crash if it has aYASUOKA Masahiko
pending request when it stops.
2017-05-21A few more freezero() usesTheo de Raadt
ok yasuoka mikeb
2017-03-29Bring radiusd log.c copyright in line with other program's log.cAlexander Bluhm
and other radiusd source files. Remove the LOSS OF MIND clause. OK henning@ yasuoka@ deraadt@
2017-03-13Fix typo in FILES sectionJeremie Courreges-Anglas
from Pierre Emeriaud
2017-02-21Stop using "DEBUG" make variable for extra debugs.YASUOKA Masahiko
2016-09-20some fixes from rob pierce; ok yasuokaJason McIntyre
2016-08-27Add missing $OpenBSD$ line and remove an unnecessary comment line.YASUOKA Masahiko
2016-04-16Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).Kenneth R Westerback
No functional change. ok millert@
2016-04-13remove "abort" promise from debugging code in radiusdSebastien Marie
it is the default now, and the promise name isn't valid anymore. ok yasuoka@
2016-04-05Move more fcntl(,F_GETFL,0) -> fcntl(,F_GETFL).Kenneth R Westerback
No functional change. ok guenther@
2016-03-21Instead of creating a socket with socket() or accept() and thenPhilip Guenther
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards, just pass SOCK_NONBLOCK to socket() or accept4() and get it right to begin with. ok millert@ krw@ beck@ deraadt@ jca@
2016-02-09fix a use after free in an error pathJonathan Gray
ok yasuoka@
2015-12-31Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just useTodd C. Miller
EXIT_*.
2015-12-05EAGAIN handling for imsg_read. OK henning@ benno@Claudio Jeker
2015-12-05Remove NULL-checks before free()mmcc
2015-12-01Fix a couple typos. ok yasuoka@mmcc
2015-11-03Blank lines around pledge call.mmcc
2015-10-27Free the received radius packet when it is duplicated.YASUOKA Masahiko
diff from Yuuichi Someya
2015-10-27Initialize module_radius_req before use it.YASUOKA Masahiko
diff from Yuuichi Someya
2015-10-27Set O_NONBLOCK for UDP sockets not to block on recv(). ActuallyYASUOKA Masahiko
block had happened if an error of the socket is handled by send(). diff from Yuuichi Someya.
2015-10-27Fix radiusd module to set O_NONBLOCK properly.YASUOKA Masahiko
diff from Yuuichi Someya.
2015-10-26Using realm for bsdauth is misleading. It is currently unusable.YASUOKA Masahiko
2015-10-19Add pledge(2) for radiusctl(8) and radiusd(8).YASUOKA Masahiko
- radiusd: "stdio inet" - radiusd_radius: "stdio inet" - radiusd_bsdauth: - "stdio proc" for the non-priviledged process - "stdio getpw rpath proc exec" for the priviledged process - radiusctl: "stdio dns inet" "go ahead" deraadt