Freeradius 3.0.21+dfsg-3build1 fails test of moonshot-gss-eap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freeradius (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack | ||
moonshot-gss-eap (Ubuntu) |
Invalid
|
Undecided
|
Andreas Hasenack |
Bug Description
As part of the openssl3 transition [1] built fine.
But it got stuck in proposed due to the test of moonshot-gss-eap failing on all architectures [2].
Note: ssl deps worked find
Depends: libc6 (>= 2.34), libcap2 (>= 1:2.10), libpcap0.8 (>= 1.0.0), libpcre3, libssl3 (>= 3.0.0~~alpha1), libtalloc2 (>= 2.0.4~git20101213)
Ginggs and Vorlon already tried to retry the run, but the result seems to be reproducible.
A migration-
The error around gss eap encryption might indicate a real issue with openssl3 in this case:
autopkgtest [01:23:20]: test gss-client: [------
/etc/freeradius
/tmp/autopkgtes
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
starting...
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
dbus-daemon[3317]: [session uid=0 pid=3317] Activating service name='org.
dbus-daemon[3317]: [session uid=0 pid=3317] Successfully activated service 'org.janet.
gss_init_
gss_accept_
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_
EAP: using anonymous identity - hexdump_
Could not connect to dbus session bus. (DBUS_SESSION_
You may want to unset DBUS_SESSION_
40 74 65 73 74 2e 63 6f 6d @test.com
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-
EAP: Status notification: accept proposed method (param=TTLS)
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: EAP
TLS: Phase2 EAP types - hexdump(len=72): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00
TLS: using phase1 config options
CTRL-EVENT-
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=183): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 188 bytes pending from ssl_out
SSL: 188 bytes left to be sent out (of total 188 bytes)
EAP: method process -> ignore=FALSE methodState=
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 1262
SSL: Need 268 bytes more input data
SSL: Building ACK (type=21 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=278) - Flags 0x80
SSL: TLS Message Length: 1262
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): [REMOVED]
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=22 (handshake/
OpenSSL: Message - hexdump(len=844): [REMOVED]
TLS: tls_verify_cb - preverify_ok=1 err=18 (self-signed certificate) ca_cert_verify=0 depth=0 buf='/CN=
EAP: Status notification: remote certificate verification (param=success)
TLS: tls_verify_cb - preverify_ok=1 err=18 (self-signed certificate) ca_cert_verify=0 depth=0 buf='/CN=
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): [REMOVED]
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/
OpenSSL: Message - hexdump(len=16): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=61) - Flags 0x80
SSL: TLS Message Length: 51
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
OpenSSL: RX ver=0x303 content_type=22 (handshake/
OpenSSL: Message - hexdump(len=16): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived EMSK - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c e9 38 71 78 d0 62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 13 30 b3 89 bd 13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 63 4e 0a
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 EAP Request: type=1
EAP: using real identity - hexdump_
73 74 65 76 65 40 74 65 73 74 2e 63 6f 6d <email address hidden>
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=19): 02 00 00 13 01 73 74 65 76 65 40 74 65 73 74 2e 63 6f 6d
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=28): [REMOVED]
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: 57 bytes left to be sent out (of total 57 bytes)
EAP: method process -> ignore=FALSE methodState=
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=71) - Flags 0x80
SSL: TLS Message Length: 61
EAP-TTLS: received 61 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-TTLS: Decrypted Phase 2 AVPs - hexdump(len=32): 00 00 00 4f 40 00 00 1e 01 01 00 16 04 10 b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 34 e4 00 00
EAP-TTLS: AVP: code=79 flags=0x40 length=30
EAP-TTLS: AVP data - hexdump(len=22): 01 01 00 16 04 10 b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 34 e4
EAP-TTLS: AVP - EAP Message
EAP-TTLS: Phase 2 EAP - hexdump(len=22): 01 01 00 16 04 10 b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 34 e4
EAP-TTLS: received Phase 2: code=1 identifier=1 length=22
EAP-TTLS: Phase 2 EAP Request: type=4
EAP-TTLS: Selected Phase 2 EAP vendor 0 method 4
EAP-MD5: Challenge - hexdump(len=16): b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 34 e4
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 15 e3 07 81 04 1a 85 18 ee fc 53 db 85 89 d9 2d
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=22): 02 01 00 16 04 10 15 e3 07 81 04 1a 85 18 ee fc 53 db 85 89 d9 2d
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=68): [REMOVED]
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: 97 bytes left to be sent out (of total 97 bytes)
EAP-TTLS: Authentication completed successfully (MAY_CONT)
EAP: method process -> ignore=FALSE methodState=
EAP: Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c e9 38 71 78 d0 62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 13 30 b3 89 bd 13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 63 4e 0a
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=75) - Flags 0x80
SSL: TLS Message Length: 65
EAP-TTLS: received 65 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-TTLS: Decrypted Phase 2 AVPs - hexdump(len=36): 00 00 00 87 c0 00 00 21 00 00 64 16 02 00 11 01 a4 06 68 6f 73 74 a5 0b 6c 6f 63 61 6c 68 6f 73 74 00 00 00
EAP-TTLS: AVP: code=135 flags=0xc0 length=33
EAP-TTLS: AVP vendor_id 25622
EAP-TTLS: AVP data - hexdump(len=21): 02 00 11 01 a4 06 68 6f 73 74 a5 0b 6c 6f 63 61 6c 68 6f 73 74
EAP-TTLS: AVP - Channel Binding Message
EAP-TTLS: Authentication completed successfully
SSL: Building ACK (type=21 id=7 ver=0)
EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC eapRespData=
EAP: Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c e9 38 71 78 d0 62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 13 30 b3 89 bd 13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 63 4e 0a
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_
### finalize_
GSS-API error accepting context: Invalid credential was supplied
GSS-API error accepting context: Authentication rejected by RADIUS server
gss_accept_
### ~finalize_
### gssEapFinalize()
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
gss_init_
sending token length: Broken pipe
### finalize_
Sending init_sec_context token (size=81)
Sending init_sec_context token (size=50)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=235)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=173)
Sending init_sec_context token (size=99)
Sending init_sec_context token (size=142)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=9)...### ~finalize_
### gssEapFinalize()
autopkgtest [01:23:23]: test gss-client: -------
gss-client FAIL non-zero exit status 1autopkgtest [01:23:23]: test gss-client: - - - - - - - - - - results - - - - - - - - - -
[1]: https:/
[2]: https:/
Related branches
- Athos Ribeiro (community): Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 35783 lines (+8831/-7827)723 files modified.github/workflows/ci-deb.yml (+8/-0)
.github/workflows/ci-rpm.yml (+73/-31)
.github/workflows/ci.yml (+115/-20)
.gitignore (+2/-0)
Make.inc.in (+1/-1)
Makefile (+4/-4)
VERSION (+1/-1)
acinclude.m4 (+1/-69)
configure (+5434/-4857)
configure.ac (+0/-1)
debian/changelog (+7/-0)
debian/control (+2/-1)
debian/patches/snakeoil-certs.diff (+8/-8)
dev/null (+0/-128)
doc/ChangeLog (+33/-0)
doc/antora/antora.yml (+1/-1)
doc/antora/modules/howto/nav.adoc (+0/-6)
doc/antora/modules/unlang/pages/attr.adoc (+5/-38)
doc/bugs (+1/-1)
doc/configuration/variables.rst (+1/-1)
doc/modules/rlm_eap (+2/-13)
doc/source/Doxyfile (+1/-1)
doc/vendor/ascend (+1/-1)
raddb/certs/Makefile (+1/-1)
raddb/certs/bootstrap (+1/-1)
raddb/certs/realms/README.md (+22/-1)
raddb/clients.conf (+1/-1)
raddb/dictionary (+1/-1)
raddb/experimental.conf (+1/-1)
raddb/mods-available/abfab_psk_sql (+1/-1)
raddb/mods-available/always (+1/-1)
raddb/mods-available/attr_filter (+1/-1)
raddb/mods-available/cache (+1/-1)
raddb/mods-available/cache_auth (+116/-0)
raddb/mods-available/chap (+1/-1)
raddb/mods-available/counter (+1/-1)
raddb/mods-available/cui (+1/-1)
raddb/mods-available/detail (+1/-1)
raddb/mods-available/detail.example.com (+1/-1)
raddb/mods-available/detail.log (+1/-1)
raddb/mods-available/dhcp (+1/-1)
raddb/mods-available/dhcp_files (+1/-1)
raddb/mods-available/dhcp_passwd (+1/-1)
raddb/mods-available/dhcp_sql (+1/-1)
raddb/mods-available/dhcp_sqlippool (+1/-1)
raddb/mods-available/digest (+1/-1)
raddb/mods-available/dynamic_clients (+1/-1)
raddb/mods-available/eap (+29/-5)
raddb/mods-available/echo (+1/-1)
raddb/mods-available/etc_group (+1/-1)
raddb/mods-available/exec (+1/-1)
raddb/mods-available/expiration (+1/-1)
raddb/mods-available/expr (+7/-1)
raddb/mods-available/files (+1/-1)
raddb/mods-available/idn (+1/-1)
raddb/mods-available/inner-eap (+1/-1)
raddb/mods-available/ippool (+1/-1)
raddb/mods-available/krb5 (+1/-1)
raddb/mods-available/ldap (+1/-1)
raddb/mods-available/ldap_google (+262/-0)
raddb/mods-available/linelog (+1/-1)
raddb/mods-available/logintime (+1/-1)
raddb/mods-available/mac2ip (+1/-1)
raddb/mods-available/mac2vlan (+1/-1)
raddb/mods-available/moonshot-targeted-ids (+1/-1)
raddb/mods-available/mschap (+1/-1)
raddb/mods-available/opendirectory (+1/-1)
raddb/mods-available/pam (+1/-1)
raddb/mods-available/pap (+1/-1)
raddb/mods-available/passwd (+1/-1)
raddb/mods-available/perl (+1/-1)
raddb/mods-available/preprocess (+1/-1)
raddb/mods-available/radutmp (+1/-1)
raddb/mods-available/realm (+1/-1)
raddb/mods-available/redis (+1/-1)
raddb/mods-available/rediswho (+1/-1)
raddb/mods-available/smbpasswd (+1/-1)
raddb/mods-available/smsotp (+1/-1)
raddb/mods-available/sometimes (+1/-1)
raddb/mods-available/sql (+1/-1)
raddb/mods-available/sqlippool (+1/-1)
raddb/mods-available/sradutmp (+1/-1)
raddb/mods-available/totp (+1/-1)
raddb/mods-available/unix (+1/-1)
raddb/mods-available/unpack (+1/-1)
raddb/mods-config/attr_filter/access_challenge (+1/-1)
raddb/mods-config/attr_filter/access_reject (+1/-1)
raddb/mods-config/attr_filter/accounting_response (+1/-1)
raddb/mods-config/attr_filter/coa (+1/-1)
raddb/mods-config/attr_filter/post-proxy (+1/-1)
raddb/mods-config/attr_filter/pre-proxy (+1/-1)
raddb/mods-config/files/accounting (+1/-1)
raddb/mods-config/files/pre-proxy (+1/-1)
raddb/mods-config/preprocess/hints (+1/-1)
raddb/mods-config/sql/counter/mysql/dailycounter.conf (+13/-0)
raddb/mods-config/sql/cui/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/cui/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/cui/sqlite/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/mssql/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/mssql/schema.sql (+1/-1)
raddb/mods-config/sql/dhcp/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/mysql/schema.sql (+1/-1)
raddb/mods-config/sql/dhcp/mysql/setup.sql (+1/-1)
raddb/mods-config/sql/dhcp/oracle/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/oracle/schema.sql (+1/-1)
raddb/mods-config/sql/dhcp/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/postgresql/schema.sql (+1/-1)
raddb/mods-config/sql/dhcp/postgresql/setup.sql (+1/-1)
raddb/mods-config/sql/dhcp/sqlite/queries.conf (+1/-1)
raddb/mods-config/sql/dhcp/sqlite/schema.sql (+1/-1)
raddb/mods-config/sql/ippool-dhcp/mssql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf (+1/-1)
raddb/mods-config/sql/ippool-dhcp/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/mongo/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/mssql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/oracle/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/ippool/sqlite/queries.conf (+1/-1)
raddb/mods-config/sql/main/mongo/queries.conf (+1/-1)
raddb/mods-config/sql/main/mssql/process-radacct.sql (+1/-1)
raddb/mods-config/sql/main/mssql/queries.conf (+5/-5)
raddb/mods-config/sql/main/mssql/schema.sql (+1/-1)
raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf (+1/-1)
raddb/mods-config/sql/main/mysql/process-radacct.sql (+1/-1)
raddb/mods-config/sql/main/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/main/mysql/schema.sql (+1/-1)
raddb/mods-config/sql/main/mysql/setup.sql (+1/-1)
raddb/mods-config/sql/main/ndb/schema.sql (+1/-1)
raddb/mods-config/sql/main/ndb/setup.sql (+1/-1)
raddb/mods-config/sql/main/oracle/process-radacct.sql (+1/-1)
raddb/mods-config/sql/main/oracle/queries.conf (+4/-4)
raddb/mods-config/sql/main/oracle/schema.sql (+1/-1)
raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql (+1/-1)
raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf (+1/-1)
raddb/mods-config/sql/main/postgresql/process-radacct.sql (+1/-1)
raddb/mods-config/sql/main/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/main/postgresql/schema.sql (+1/-1)
raddb/mods-config/sql/main/postgresql/setup.sql (+1/-1)
raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh (+1/-1)
raddb/mods-config/sql/main/sqlite/process-radacct-schema.sql (+1/-1)
raddb/mods-config/sql/main/sqlite/schema.sql (+1/-1)
raddb/mods-config/sql/moonshot-targeted-ids/mysql/queries.conf (+1/-1)
raddb/mods-config/sql/moonshot-targeted-ids/postgresql/queries.conf (+1/-1)
raddb/mods-config/sql/moonshot-targeted-ids/sqlite/queries.conf (+1/-1)
raddb/policy.d/abfab-tr (+1/-1)
raddb/policy.d/accounting (+4/-0)
raddb/policy.d/rfc7542 (+1/-1)
raddb/proxy.conf (+4/-1)
raddb/radiusd.conf.in (+1/-1)
raddb/radrelay.conf.in (+1/-1)
raddb/sites-available/abfab-tls (+1/-1)
raddb/sites-available/abfab-tr-idp (+1/-1)
raddb/sites-available/buffered-sql (+1/-1)
raddb/sites-available/challenge (+1/-1)
raddb/sites-available/channel_bindings (+1/-1)
raddb/sites-available/control-socket (+1/-1)
raddb/sites-available/copy-acct-to-home-server (+1/-1)
raddb/sites-available/decoupled-accounting (+1/-1)
raddb/sites-available/default (+1/-1)
raddb/sites-available/dhcp (+1/-1)
raddb/sites-available/dynamic-clients (+1/-1)
raddb/sites-available/example (+1/-1)
raddb/sites-available/google-ldap-auth (+225/-0)
raddb/sites-available/inner-tunnel (+1/-1)
raddb/sites-available/proxy-inner-tunnel (+1/-1)
raddb/sites-available/robust-proxy-accounting (+1/-1)
raddb/sites-available/status (+1/-1)
raddb/sites-available/tls (+38/-30)
raddb/sites-available/totp (+1/-1)
raddb/sites-available/virtual.example.com (+1/-1)
raddb/sites-available/vmps (+1/-1)
raddb/templates.conf (+1/-1)
raddb/trigger.conf (+1/-1)
raddb/vmpsd.conf.in (+1/-1)
redhat/freeradius.spec (+1/-1)
scripts/ci/eapol_test-build.sh (+15/-3)
scripts/ci/eapol_test/config_freebsd (+9/-3)
scripts/ci/eapol_test/config_linux (+9/-3)
scripts/ci/eapol_test/config_osx (+4/-3)
scripts/ci/ldap-setup.sh (+51/-0)
scripts/ci/ldap/slapd.conf (+51/-0)
scripts/ci/ldap/slapd2.conf (+61/-0)
scripts/ci/ldap2-setup.sh (+63/-0)
scripts/ci/mysql-setup.sh (+19/-0)
scripts/ci/postgresql-setup.sh (+26/-0)
scripts/clients.pl (+1/-1)
scripts/collectd/radsniff_types.db (+1/-1)
scripts/cryptpasswd.in (+1/-1)
scripts/dhcp/rlm_iscfixed2ippool (+1/-1)
scripts/exec-program-wait (+1/-1)
scripts/libtool.mk (+1/-1)
scripts/min-includes.pl (+1/-1)
scripts/radiusd.sh (+1/-1)
scripts/sql/align_sql_pools.pl (+1/-1)
scripts/sql/generate_pool_addresses.pl (+1/-1)
scripts/sql/radsqlrelay (+1/-1)
scripts/sql/rlm_sqlippool_tool (+1/-1)
share/Makefile (+1/-1)
share/attrnew.pl (+1/-1)
share/attrsort.pl (+1/-1)
share/backref.pl (+1/-1)
share/dictionary (+2/-1)
share/dictionary.3com (+1/-1)
share/dictionary.3gpp (+1/-1)
share/dictionary.3gpp2 (+1/-1)
share/dictionary.actelis (+1/-1)
share/dictionary.aerohive (+1/-1)
share/dictionary.airespace (+1/-1)
share/dictionary.alcatel (+1/-1)
share/dictionary.alcatel-lucent.aaa (+1/-1)
share/dictionary.alcatel.sr (+1/-1)
share/dictionary.alteon (+1/-1)
share/dictionary.altiga (+1/-1)
share/dictionary.alvarion (+1/-1)
share/dictionary.alvarion.wimax.v2_2 (+1/-1)
share/dictionary.apc (+1/-1)
share/dictionary.aptis (+1/-1)
share/dictionary.arbor (+1/-1)
share/dictionary.arista (+1/-1)
share/dictionary.aruba (+5/-2)
share/dictionary.ascend (+1/-1)
share/dictionary.ascend.illegal (+1/-1)
share/dictionary.asn (+1/-1)
share/dictionary.audiocodes (+1/-1)
share/dictionary.avaya (+1/-1)
share/dictionary.azaire (+1/-1)
share/dictionary.bigswitch (+1/-1)
share/dictionary.bintec (+1/-1)
share/dictionary.bluecoat (+1/-1)
share/dictionary.bristol (+1/-1)
share/dictionary.bskyb (+1/-1)
share/dictionary.bt (+1/-1)
share/dictionary.cablelabs (+1/-1)
share/dictionary.cabletron (+1/-1)
share/dictionary.cambium (+1/-1)
share/dictionary.chillispot (+1/-1)
share/dictionary.cisco (+1/-1)
share/dictionary.cisco.asa (+1/-1)
share/dictionary.cisco.bbsm (+1/-1)
share/dictionary.cisco.vpn3000 (+1/-1)
share/dictionary.cisco.vpn5000 (+1/-1)
share/dictionary.citrix (+1/-1)
share/dictionary.clavister (+1/-1)
share/dictionary.columbia_university (+1/-1)
share/dictionary.cosine (+1/-1)
share/dictionary.dhcp (+1/-1)
share/dictionary.digium (+1/-1)
share/dictionary.dlink (+1/-1)
share/dictionary.dragonwave (+1/-1)
share/dictionary.efficientip (+1/-1)
share/dictionary.ericsson (+1/-1)
share/dictionary.erx (+2/-2)
share/dictionary.extreme (+1/-1)
share/dictionary.f5 (+1/-1)
share/dictionary.force10 (+1/-1)
share/dictionary.fortinet (+1/-1)
share/dictionary.foundry (+1/-1)
share/dictionary.freedhcp (+1/-1)
share/dictionary.freeradius (+1/-1)
share/dictionary.freeradius.internal (+1/-1)
share/dictionary.freeswitch (+1/-1)
share/dictionary.gandalf (+1/-1)
share/dictionary.garderos (+1/-1)
share/dictionary.h3c (+1/-1)
share/dictionary.hillstone (+1/-1)
share/dictionary.hp (+1/-1)
share/dictionary.huawei (+7/-5)
share/dictionary.iana (+1/-1)
share/dictionary.ipunplugged (+1/-1)
share/dictionary.issanni (+1/-1)
share/dictionary.itk (+1/-1)
share/dictionary.juniper (+1/-1)
share/dictionary.kineto (+1/-1)
share/dictionary.lucent (+1/-1)
share/dictionary.meinberg (+1/-1)
share/dictionary.mellanox (+18/-0)
share/dictionary.merit (+1/-1)
share/dictionary.meru (+1/-1)
share/dictionary.microsemi (+1/-1)
share/dictionary.microsoft (+1/-1)
share/dictionary.mikrotik (+1/-1)
share/dictionary.motorola (+1/-1)
share/dictionary.motorola.illegal (+1/-1)
share/dictionary.motorola.wimax (+1/-1)
share/dictionary.navini (+1/-1)
share/dictionary.networkphysics (+1/-1)
share/dictionary.nexans (+1/-1)
share/dictionary.nokia (+1/-1)
share/dictionary.nokia.conflict (+1/-1)
share/dictionary.nomadix (+1/-1)
share/dictionary.nortel (+2/-2)
share/dictionary.openser (+1/-1)
share/dictionary.packeteer (+1/-1)
share/dictionary.paloalto (+2/-2)
share/dictionary.patton (+1/-1)
share/dictionary.pica8 (+1/-1)
share/dictionary.propel (+1/-1)
share/dictionary.prosoft (+1/-1)
share/dictionary.proxim (+1/-1)
share/dictionary.purewave (+1/-1)
share/dictionary.quiconnect (+1/-1)
share/dictionary.quintum (+1/-1)
share/dictionary.rcntec (+1/-1)
share/dictionary.redcreek (+1/-1)
share/dictionary.rfc2865 (+1/-1)
share/dictionary.rfc2866 (+1/-1)
share/dictionary.rfc2867 (+1/-1)
share/dictionary.rfc2868 (+1/-1)
share/dictionary.rfc2869 (+1/-1)
share/dictionary.rfc3162 (+1/-1)
share/dictionary.rfc3576 (+1/-1)
share/dictionary.rfc3580 (+1/-1)
share/dictionary.rfc4072 (+1/-1)
share/dictionary.rfc4372 (+1/-1)
share/dictionary.rfc4603 (+1/-1)
share/dictionary.rfc4675 (+1/-1)
share/dictionary.rfc4679 (+1/-1)
share/dictionary.rfc4818 (+1/-1)
share/dictionary.rfc4849 (+1/-1)
share/dictionary.rfc5090 (+1/-1)
share/dictionary.rfc5176 (+1/-1)
share/dictionary.rfc5447 (+1/-1)
share/dictionary.rfc5580 (+1/-1)
share/dictionary.rfc5607 (+1/-1)
share/dictionary.rfc5904 (+1/-1)
share/dictionary.rfc6519 (+1/-1)
share/dictionary.rfc6572 (+1/-1)
share/dictionary.rfc7268 (+1/-1)
share/dictionary.rfc7499 (+1/-1)
share/dictionary.rfc8045 (+1/-1)
share/dictionary.riverbed (+1/-1)
share/dictionary.riverstone (+1/-1)
share/dictionary.roaringpenguin (+1/-1)
share/dictionary.sg (+1/-1)
share/dictionary.shiva (+1/-1)
share/dictionary.siemens (+1/-1)
share/dictionary.slipstream (+1/-1)
share/dictionary.sofaware (+1/-1)
share/dictionary.softbank (+1/-1)
share/dictionary.sonicwall (+1/-1)
share/dictionary.springtide (+1/-1)
share/dictionary.surfnet (+1/-1)
share/dictionary.symbol (+1/-1)
share/dictionary.t_systems_nova (+1/-1)
share/dictionary.telebit (+1/-1)
share/dictionary.telkom (+1/-1)
share/dictionary.terena (+1/-1)
share/dictionary.trapeze (+1/-1)
share/dictionary.tripplite (+2/-2)
share/dictionary.tropos (+1/-1)
share/dictionary.ukerna (+1/-1)
share/dictionary.unix (+1/-1)
share/dictionary.usr (+1/-1)
share/dictionary.usr.illegal (+1/-1)
share/dictionary.utstarcom (+1/-1)
share/dictionary.valemount (+1/-1)
share/dictionary.vasexperts (+1/-1)
share/dictionary.vqp (+1/-1)
share/dictionary.walabi (+1/-1)
share/dictionary.waverider (+1/-1)
share/dictionary.wichorus (+1/-1)
share/dictionary.wifialliance (+1/-1)
share/dictionary.wimax (+1/-1)
share/dictionary.wimax.alvarion (+1/-1)
share/dictionary.wimax.wichorus (+1/-1)
share/dictionary.wispr (+1/-1)
share/dictionary.xedia (+1/-1)
share/dictionary.xylan (+1/-1)
share/dictionary.yubico (+1/-1)
share/dictionary.zte (+1/-1)
share/dictionary.zyxel (+1/-1)
share/format.pl (+1/-1)
src/include/all.mk (+1/-1)
src/include/atomic_queue.h (+2/-2)
src/include/automask.h (+1/-1)
src/include/base64.h (+1/-1)
src/include/build-radpaths-h.in (+1/-1)
src/include/build.h (+8/-3)
src/include/channel.h (+2/-2)
src/include/clients.h (+1/-1)
src/include/conffile.h (+2/-2)
src/include/connection.h (+2/-2)
src/include/detail.h (+2/-2)
src/include/dhcp.h (+2/-2)
src/include/event.h (+2/-2)
src/include/exfile.h (+2/-2)
src/include/features-h (+0/-14)
src/include/hash.h (+2/-2)
src/include/heap.h (+2/-2)
src/include/libradius.h (+2/-7)
src/include/listen.h (+1/-20)
src/include/log.h (+2/-2)
src/include/map.h (+2/-2)
src/include/md4.h (+47/-3)
src/include/md5.h (+30/-3)
src/include/missing-h (+2/-2)
src/include/modcall.h (+1/-1)
src/include/modpriv.h (+1/-1)
src/include/modules.h (+2/-2)
src/include/net.h (+1/-1)
src/include/openssl3.h (+109/-0)
src/include/packet.h (+2/-2)
src/include/parser.h (+2/-2)
src/include/pcap.h (+1/-1)
src/include/process.h (+7/-2)
src/include/protocol.h (+2/-2)
src/include/rad_assert.h (+2/-2)
src/include/radclient.h (+1/-1)
src/include/radius.h (+1/-1)
src/include/radiusd.h (+2/-9)
src/include/radsniff.h (+2/-2)
src/include/radutmp.h (+2/-2)
src/include/realms.h (+3/-13)
src/include/regex.h (+2/-2)
src/include/soh.h (+2/-2)
src/include/state.h (+2/-2)
src/include/stats.h (+2/-2)
src/include/sysutmp.h (+2/-2)
src/include/tcp.h (+2/-2)
src/include/threads.h (+1/-1)
src/include/tls-h (+3/-4)
src/include/tmpl.h (+2/-2)
src/include/token.h (+2/-2)
src/include/udpfromto.h (+2/-2)
src/include/xlat.h (+2/-2)
src/lib/all.mk (+1/-1)
src/lib/atomic_queue.c (+2/-2)
src/lib/base64.c (+1/-1)
src/lib/cbuff.c (+1/-1)
src/lib/cursor.c (+1/-1)
src/lib/debug.c (+2/-0)
src/lib/dict.c (+2/-2)
src/lib/event.c (+2/-2)
src/lib/fifo.c (+2/-2)
src/lib/filters.c (+2/-2)
src/lib/getaddrinfo.c (+1/-1)
src/lib/hash.c (+2/-2)
src/lib/heap.c (+1/-1)
src/lib/hmacmd5.c (+4/-2)
src/lib/hmacsha1.c (+5/-2)
src/lib/isaac.c (+1/-1)
src/lib/log.c (+2/-2)
src/lib/md4.c (+3/-2)
src/lib/md5.c (+3/-2)
src/lib/misc.c (+2/-2)
src/lib/missing.c (+2/-2)
src/lib/net.c (+1/-1)
src/lib/packet.c (+2/-2)
src/lib/pair.c (+2/-2)
src/lib/pcap.c (+1/-1)
src/lib/print.c (+2/-2)
src/lib/radius.c (+38/-14)
src/lib/rbtree.c (+2/-2)
src/lib/sha1.c (+2/-2)
src/lib/snprintf.c (+1/-1)
src/lib/snprintf.h (+1/-1)
src/lib/socket.c (+1/-1)
src/lib/strlcat.c (+2/-2)
src/lib/strlcpy.c (+2/-2)
src/lib/tcp.c (+2/-2)
src/lib/token.c (+2/-2)
src/lib/udpfromto.c (+2/-2)
src/lib/value.c (+2/-2)
src/lib/version.c (+2/-2)
src/main/acct.c (+2/-2)
src/main/auth.c (+2/-2)
src/main/cb.c (+6/-6)
src/main/channel.c (+2/-2)
src/main/checkrad.in (+1/-1)
src/main/client.c (+2/-2)
src/main/collectd.c (+1/-1)
src/main/command.c (+6/-2)
src/main/conffile.c (+2/-2)
src/main/connection.c (+1/-1)
src/main/crypt.c (+1/-1)
src/main/detail.c (+2/-2)
src/main/evaluate.c (+2/-2)
src/main/exec.c (+2/-2)
src/main/exfile.c (+1/-1)
src/main/files.c (+2/-2)
src/main/listen.c (+2/-501)
src/main/log.c (+2/-2)
src/main/mainconfig.c (+2/-12)
src/main/map.c (+2/-2)
src/main/modcall.c (+2/-2)
src/main/modules.c (+3/-3)
src/main/pair.c (+2/-2)
src/main/parser.c (+2/-2)
src/main/process.c (+40/-229)
src/main/radattr.c (+2/-2)
src/main/radclient.c (+4/-2)
src/main/radiusd.c (+2/-9)
src/main/radmin.c (+2/-2)
src/main/radsniff.c (+2/-2)
src/main/radtest.in (+1/-1)
src/main/radwho.c (+2/-2)
src/main/radzap (+1/-1)
src/main/realms.c (+3/-109)
src/main/regex.c (+2/-2)
src/main/session.c (+2/-2)
src/main/soh.c (+2/-2)
src/main/state.c (+2/-2)
src/main/stats.c (+2/-2)
src/main/threads.c (+2/-2)
src/main/tls.c (+258/-73)
src/main/tls_listen.c (+29/-438)
src/main/tmpl.c (+2/-2)
src/main/unittest.c (+2/-2)
src/main/util.c (+2/-2)
src/main/version.c (+2/-10)
src/main/xlat.c (+50/-5)
src/mkinstalldirs (+1/-1)
src/modules/proto_dhcp/dhcp.c (+2/-2)
src/modules/proto_dhcp/dhcpclient.c (+2/-2)
src/modules/proto_dhcp/dhcpd.c (+1/-1)
src/modules/proto_dhcp/rlm_dhcp.c (+2/-2)
src/modules/proto_vmps/vmps.c (+2/-2)
src/modules/proto_vmps/vqp.c (+2/-2)
src/modules/proto_vmps/vqp.h (+2/-2)
src/modules/rlm_always/rlm_always.c (+2/-2)
src/modules/rlm_attr_filter/rlm_attr_filter.c (+2/-2)
src/modules/rlm_cache/drivers/rlm_cache_memcached/rlm_cache_memcached.c (+1/-1)
src/modules/rlm_cache/drivers/rlm_cache_rbtree/rlm_cache_rbtree.c (+1/-1)
src/modules/rlm_cache/rlm_cache.c (+2/-2)
src/modules/rlm_cache/rlm_cache.h (+2/-2)
src/modules/rlm_cache/serialize.c (+2/-2)
src/modules/rlm_cache/serialize.h (+2/-2)
src/modules/rlm_chap/rlm_chap.c (+2/-2)
src/modules/rlm_couchbase/couchbase.c (+2/-2)
src/modules/rlm_couchbase/couchbase.h (+2/-2)
src/modules/rlm_couchbase/jsonc_missing.c (+2/-2)
src/modules/rlm_couchbase/jsonc_missing.h (+2/-2)
src/modules/rlm_couchbase/mod.c (+2/-2)
src/modules/rlm_couchbase/mod.h (+2/-2)
src/modules/rlm_couchbase/rlm_couchbase.c (+2/-2)
src/modules/rlm_counter/rad_counter (+1/-1)
src/modules/rlm_counter/rlm_counter.c (+2/-2)
src/modules/rlm_cram/dictionary.sandy (+1/-1)
src/modules/rlm_cram/rlm_cram.c (+2/-2)
src/modules/rlm_detail/rlm_detail.c (+2/-2)
src/modules/rlm_digest/rlm_digest.c (+2/-2)
src/modules/rlm_dynamic_clients/rlm_dynamic_clients.c (+2/-2)
src/modules/rlm_eap/eap.c (+2/-2)
src/modules/rlm_eap/eap.h (+2/-2)
src/modules/rlm_eap/libeap/comp128.c (+1/-1)
src/modules/rlm_eap/libeap/eap_chbind.c (+2/-2)
src/modules/rlm_eap/libeap/eap_chbind.h (+2/-2)
src/modules/rlm_eap/libeap/eap_sim.h (+2/-2)
src/modules/rlm_eap/libeap/eap_tls.c (+17/-2)
src/modules/rlm_eap/libeap/eap_tls.h (+2/-2)
src/modules/rlm_eap/libeap/eap_types.h (+2/-2)
src/modules/rlm_eap/libeap/eapcommon.c (+2/-2)
src/modules/rlm_eap/libeap/eapcrypto.c (+2/-2)
src/modules/rlm_eap/libeap/eapsimlib.c (+54/-19)
src/modules/rlm_eap/libeap/fips186prf.c (+2/-2)
src/modules/rlm_eap/libeap/mppe_keys.c (+12/-65)
src/modules/rlm_eap/mem.c (+2/-2)
src/modules/rlm_eap/radeapclient.c (+3/-3)
src/modules/rlm_eap/rlm_eap.c (+2/-2)
src/modules/rlm_eap/rlm_eap.h (+2/-2)
src/modules/rlm_eap/types/rlm_eap_fast/configure.ac (+1/-1)
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.h (+2/-2)
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast_crypto.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c (+4/-3)
src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.h (+1/-1)
src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h (+1/-1)
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h (+2/-2)
src/modules/rlm_eap/types/rlm_eap_peap/peap.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c (+4/-24)
src/modules/rlm_eap/types/rlm_eap_pwd/configure.ac (+1/-1)
src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c (+76/-33)
src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h (+1/-1)
src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_sim/configure.ac (+1/-1)
src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c (+2/-2)
src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h (+2/-2)
src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c (+1/-1)
src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h (+2/-2)
src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c (+4/-24)
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c (+2/-2)
src/modules/rlm_example/other.c (+2/-2)
src/modules/rlm_example/other.h (+1/-1)
src/modules/rlm_example/rlm_example.c (+2/-2)
src/modules/rlm_exec/rlm_exec.c (+2/-2)
src/modules/rlm_expiration/rlm_expiration.c (+2/-2)
src/modules/rlm_expr/paircmp.c (+2/-2)
src/modules/rlm_expr/rlm_expr.c (+46/-2)
src/modules/rlm_expr/rlm_expr.h (+1/-1)
src/modules/rlm_files/rlm_files.c (+2/-2)
src/modules/rlm_idn/rlm_idn.c (+2/-2)
src/modules/rlm_ippool/all.mk.in (+1/-1)
src/modules/rlm_ippool/rlm_ippool.c (+2/-2)
src/modules/rlm_ippool/rlm_ippool.mk (+1/-1)
src/modules/rlm_ippool/rlm_ippool_tool.c (+2/-2)
src/modules/rlm_ippool/rlm_ippool_tool.mk (+1/-1)
src/modules/rlm_krb5/krb5.c (+2/-2)
src/modules/rlm_krb5/krb5.h (+2/-2)
src/modules/rlm_krb5/rlm_krb5.c (+2/-2)
src/modules/rlm_ldap/attrmap.c (+1/-1)
src/modules/rlm_ldap/clients.c (+1/-1)
src/modules/rlm_ldap/edir.c (+2/-2)
src/modules/rlm_ldap/groups.c (+1/-1)
src/modules/rlm_ldap/ldap.c (+1/-1)
src/modules/rlm_ldap/ldap.h (+2/-1)
src/modules/rlm_ldap/rlm_ldap.c (+2/-2)
src/modules/rlm_ldap/sasl.c (+9/-3)
src/modules/rlm_linelog/rlm_linelog.c (+2/-2)
src/modules/rlm_logintime/rlm_logintime.c (+2/-2)
src/modules/rlm_logintime/timestr.c (+2/-2)
src/modules/rlm_mschap/auth_wbclient.c (+2/-2)
src/modules/rlm_mschap/auth_wbclient.h (+1/-1)
src/modules/rlm_mschap/mschap.c (+2/-2)
src/modules/rlm_mschap/mschap.h (+1/-1)
src/modules/rlm_mschap/opendir.c (+1/-1)
src/modules/rlm_mschap/rlm_mschap.c (+43/-8)
src/modules/rlm_mschap/rlm_mschap.h (+3/-1)
src/modules/rlm_mschap/smbdes.c (+1/-1)
src/modules/rlm_mschap/smbdes.h (+1/-1)
src/modules/rlm_mschap/smbencrypt.c (+1/-1)
src/modules/rlm_opendirectory/rlm_opendirectory.c (+1/-1)
src/modules/rlm_otp/extern.h (+2/-2)
src/modules/rlm_otp/otp.h (+2/-2)
src/modules/rlm_otp/otp_mppe.c (+16/-4)
src/modules/rlm_otp/otp_mppe.h (+2/-2)
src/modules/rlm_otp/otp_pw_valid.c (+2/-2)
src/modules/rlm_otp/otp_pw_valid.h (+2/-2)
src/modules/rlm_otp/otp_pwe.c (+2/-10)
src/modules/rlm_otp/otp_radstate.c (+5/-8)
src/modules/rlm_otp/otp_util.c (+2/-2)
src/modules/rlm_otp/rlm_otp.c (+2/-2)
src/modules/rlm_pam/rlm_pam.c (+2/-2)
src/modules/rlm_pap/rlm_pap.c (+11/-2)
src/modules/rlm_passwd/rlm_passwd.c (+2/-2)
src/modules/rlm_perl/rlm_perl.c (+2/-2)
src/modules/rlm_preprocess/rlm_preprocess.c (+2/-2)
src/modules/rlm_python/example.py (+1/-1)
src/modules/rlm_python/prepaid.py (+1/-1)
src/modules/rlm_python/radiusd.py (+1/-1)
src/modules/rlm_python/radiusd_test.py (+1/-1)
src/modules/rlm_python/rlm_python.c (+2/-2)
src/modules/rlm_python3/configure (+3/-1)
src/modules/rlm_python3/configure.ac (+5/-1)
src/modules/rlm_python3/example.py (+1/-1)
src/modules/rlm_python3/prepaid.py (+1/-1)
src/modules/rlm_python3/radiusd.py (+1/-1)
src/modules/rlm_python3/rlm_python3.c (+2/-2)
src/modules/rlm_radutmp/rlm_radutmp.c (+2/-2)
src/modules/rlm_realm/rlm_realm.c (+2/-2)
src/modules/rlm_realm/trustrouter.c (+1/-1)
src/modules/rlm_realm/trustrouter.h (+1/-1)
src/modules/rlm_redis/rlm_redis.c (+2/-2)
src/modules/rlm_redis/rlm_redis.h (+2/-2)
src/modules/rlm_rediswho/rlm_rediswho.c (+2/-2)
src/modules/rlm_replicate/rlm_replicate.c (+2/-2)
src/modules/rlm_rest/rest.c (+2/-2)
src/modules/rlm_rest/rest.h (+2/-2)
src/modules/rlm_rest/rlm_rest.c (+2/-2)
src/modules/rlm_ruby/rlm_ruby.c (+2/-2)
src/modules/rlm_securid/rlm_securid.c (+1/-1)
src/modules/rlm_smsotp/rlm_smsotp.c (+2/-2)
src/modules/rlm_soh/rlm_soh.c (+2/-2)
src/modules/rlm_sometimes/rlm_sometimes.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_db2/rlm_sql_db2.c (+8/-8)
src/modules/rlm_sql/drivers/rlm_sql_firebird/rlm_sql_firebird.c (+1/-1)
src/modules/rlm_sql/drivers/rlm_sql_firebird/sql_fbapi.c (+1/-1)
src/modules/rlm_sql/drivers/rlm_sql_firebird/sql_fbapi.h (+1/-1)
src/modules/rlm_sql/drivers/rlm_sql_freetds/rlm_sql_freetds.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_iodbc/rlm_sql_iodbc.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_mongo/rlm_sql_mongo.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c (+13/-4)
src/modules/rlm_sql/drivers/rlm_sql_null/rlm_sql_null.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_oracle/rlm_sql_oracle.c (+1/-1)
src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.h (+1/-1)
src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c (+2/-2)
src/modules/rlm_sql/drivers/rlm_sql_unixodbc/rlm_sql_unixodbc.c (+1/-1)
src/modules/rlm_sql/rlm_sql.c (+2/-2)
src/modules/rlm_sql/rlm_sql.h (+2/-2)
src/modules/rlm_sql/sql.c (+2/-2)
src/modules/rlm_sql_map/configure.ac (+1/-1)
src/modules/rlm_sql_map/rlm_sql_map.c (+2/-2)
src/modules/rlm_sqlcounter/rlm_sqlcounter.c (+2/-2)
src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c (+2/-2)
src/modules/rlm_sqlippool/configure.ac (+1/-1)
src/modules/rlm_sqlippool/rlm_sqlippool.c (+12/-10)
src/modules/rlm_test/rlm_test.c (+2/-2)
src/modules/rlm_totp/rlm_totp.c (+2/-2)
src/modules/rlm_unbound/rlm_unbound.c (+2/-2)
src/modules/rlm_unix/rlm_unix.c (+2/-2)
src/modules/rlm_unpack/rlm_unpack.c (+2/-2)
src/modules/rlm_utf8/rlm_utf8.c (+2/-2)
src/modules/rlm_wimax/rlm_wimax.c (+12/-2)
src/modules/rlm_yubikey/decrypt.c (+1/-1)
src/modules/rlm_yubikey/rlm_yubikey.c (+2/-2)
src/modules/rlm_yubikey/validate.c (+1/-1)
src/tests/Makefile (+22/-11)
src/tests/config/test.conf (+1/-1)
src/tests/eapsim-02/check.gdb (+1/-1)
src/tests/eapsim-03/radiusd-example.txt (+1/-1)
src/tests/keywords/md4 (+58/-0)
src/tests/keywords/xlat-concat (+40/-0)
src/tests/map/map_unit.c (+2/-2)
src/tests/modules/ldap/all.mk (+0/-3)
src/tests/modules/ldap/module.conf (+3/-3)
src/tests/radiusd.mk (+1/-1)
src/tests/salt-test-server/salt/ldap/base.ldif (+5/-9)
src/tests/salt-test-server/salt/ldap/base2.ldif (+81/-0)
src/tests/salt-test-server/salt/mysql/schema.sql (+1/-1)
src/tests/salt-test-server/salt/mysql/setup.sql (+1/-1)
src/tests/salt-test-server/salt/postgres/schema.sql (+1/-1)
src/tests/salt-test-server/salt/postgres/setup.sql (+1/-1)
src/tests/sql_nas_table/config/radiusd.conf (+1/-1)
src/tests/unit/condition.txt (+1/-1)
suse/freeradius.spec (+1/-1)
tags: | added: server-next |
tags: | added: update-excuse |
Changed in freeradius (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in moonshot-gss-eap (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → Triaged |
Changed in freeradius (Ubuntu): | |
status: | New → Triaged |
Changed in freeradius (Ubuntu): | |
milestone: | none → ubuntu-22.04-feature-freeze |
tags: | added: transition-openssl3-jj |
Changed in freeradius (Ubuntu): | |
status: | Triaged → In Progress |
importance: | Undecided → High |
Changed in moonshot-gss-eap (Ubuntu): | |
status: | Triaged → Invalid |
Reproducible in local autopkgtest
Good: shib_attr_ provider: :init() : Initializing ShibResolver library class:: finalize_ class() : Constructing ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed...
### gss_eap_
### finalize_
Sending init_sec_context token (size=81)
Sending init_sec_context token (size=50)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=235)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=173)
Sending init_sec_context token (size=99)
Sending init_sec_context token (size=142)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=60)
context flag: GSS_C_MUTUAL_FLAG class:: finalize_ class() : Constructing Application : no MetadataProvider available, configure at least one for standard SSO usage bio/bss_ file.c, line 288 /etc/shibboleth /sp-signing- key.pem' ,'r') bio/bss_ file.c, line 290 CredentialResol ver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibbolet h/sp-signing- key.pem) . bio/bss_ file.c, line 288 /etc/shibboleth /sp-encrypt- key.pem' ,'r') bio/bss_ file.c, line 290 CredentialResol ver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibbolet h/sp-encrypt- key.pem) . params: gss:radius- attribute 79 Authenticated Complete
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"<email address hidden>" to "host/localhost", lifetime -1, flags 13e, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 3 6 1 5 5 15 1 1 17 } supports 6 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 4 }
2: { 1 3 6 1 5 6 4 }
3: { 1 3 6 1 5 6 6 }
4: { 1 3 6 1 5 5 15 2 1 }
5: { 1 3 6 1 5 6 3 }
Signature verified.
### finalize_
2021-12-16 09:44:16 WARN Shibboleth.
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/
2021-12-16 09:44:16 ERROR XMLTooling.
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/
2021-12-16 09:44:16 ERROR XMLTooling.
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Attribute urn:ietf:
03070004
Attribute urn:ietf: params: gss:radius- attribute 80 Authenticated Complete
fea2dc1b41a1812 01e5650cd85cf90 f5
Attribute urn:ietf: params: gss:radius- attribute 1 Authenticated Complete
@test.com
40746573742e636f6d
Accepted connection: "@test.com" :ShibFinalizer( ): Constructing dersInitInterna l(): Calling gssEapSamlAttrP rovidersInit( ) dersInitInterna l(): Setti...
Received message: "testmessage"
NOOP token
### ShibFinalizer:
### gssEapAttrProvi
### gssEapAttrProvi