avoid use after free of q
found by smatch, ok miod@ deraadt@

Refactor some functions to prepare accounting support.

Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.

Fix radiusd(8) to fixup MPPE-{Send,Recv}-Key and Tunnel-Password
attributes of the response properly.

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Refactor some functions to prepare accounting support.

Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.

Fix radiusd(8) to fixup MPPE-{Send,Recv}-Key and Tunnel-Password
attributes of the response properly.

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.

Fix radiusd(8) to fixup MPPE-{Send,Recv}-Key and Tunnel-Password
attributes of the response properly.

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Fix radiusd(8) to fixup MPPE-{Send,Recv}-Key and Tunnel-Password
attributes of the response properly.

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.

Revert previous. It caused the stdio of the modules be NONBLOCK.
Generally programs don't expect that.

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Specify SOCK_NONBLOCK for socketpair(2) instead of fcntl(2).

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

spelling fixes; from paul tagliamonte
any parts of his diff not taken are noted on tech

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Fix the bug that radius module didn't work when the size of radius message
changes.

Pass the debug status to modules. Also some non functional changes
(comment, log message, and rearrange lines).

Update authenticator and message authenticator always. Previous was
to keep the original authenticators and modify them only if needed.
But actually, there supposed to be no case such that the original
authenticators can be used for the client. Original diff from IIJ.

Remove "proc" from pledge(2) since it is not needed even ifdef
RADIUSD_DEBUG.

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Fix a spelling in log messages.
diff from Lukasz Ratajski

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Fix segmentation fault on radiusd(8) when exiting.
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.

cluebat stick provided by semarie@, OK tb@ and deraadt@

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt

Initialize the length parameter for radius_get_vs_raw_attr() since
it's read/write. diff from IIJ.

A few more freezero() uses
ok yasuoka mikeb

Change last non-/gnu/ fcntl(x, F_GETFL, 0) strays to fcntl(x, F_GETFL).

No functional change.

ok millert@

remove "abort" promise from debugging code in radiusd

it is the default now, and the promise name isn't valid anymore.

ok yasuoka@

Instead of creating a socket with socket() or accept() and then
setting the O_NONBLOCK flag on it with fcntl(F_SETFL) afterwards,
just pass SOCK_NONBLOCK to socket() or accept4() and get it right
to begin with.

ok millert@ krw@ beck@ deraadt@ jca@

fix a use after free in an error path
ok yasuoka@

Do not mix EX_* from sysexits.h and EXIT_* from stdlib.h, just use
EXIT_*.

Remove NULL-checks before free()

Free the received radius packet when it is duplicated.

diff from Yuuichi Someya

Set O_NONBLOCK for UDP sockets not to block on recv(). Actually
block had happened if an error of the socket is handled by send().

diff from Yuuichi Someya.

Fix radiusd module to set O_NONBLOCK properly.

diff from Yuuichi Someya.

Add pledge(2) for radiusctl(8) and radiusd(8).
- radiusd: "stdio inet"
- radiusd_radius: "stdio inet"
- radiusd_bsdauth:
- "stdio proc" for the non-priviledged process
- "stdio getpw rpath proc exec" for the priviledged process
- radiusctl: "stdio dns inet"

"go ahead" deraadt

Can't assert "module->fd >= 0" in radiusd_stop() since the module may
be closed already when error.

Remove -h command line option from radiusd(8) to make it better style.

Patch from Michael Reed

Fire pending events when the module starts.

Tweak XXX comments.

Fix radiusd to start without -d. Also stop using event_initialized()
to check whether the event handler is set.

Use log_warn() instead of warn() in radiusd_module_load(). Also fix style.

add missing -n to the SYNOPSIS and usage() and -d to the DESCRIPTION;
OK yasuoka@

Add radiusd(8) and radiusctl(8). They are WIP. radiusd(8) is a RADIUS
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.

fixes from jsg blambert
ok deraadt