freeradius.git
8 years agoNew build path variable stable
Sam Hartman [Tue, 16 Nov 2010 07:59:05 +0000 (02:59 -0500)]
New build path variable

Libtool 2.6 and Autoconf 2.67 require an additional substitution so LIBLTDL is set correctly

8 years agoFix syntax error
Sam Hartman [Tue, 16 Nov 2010 07:58:52 +0000 (02:58 -0500)]
Fix syntax error

8 years agoUse assert not rad_assert
Sam Hartman [Tue, 16 Nov 2010 07:58:01 +0000 (02:58 -0500)]
Use assert not rad_assert

rad_assert depends on rad_assert_fail which is only in freeradius. This causes radeapclient to fail to build.
An alternative would be to remove that EAP client.

8 years agoAdd AC_PROG_LIBTOOL in with-system-libtool path
Sam Hartman [Tue, 16 Nov 2010 07:56:50 +0000 (02:56 -0500)]
Add AC_PROG_LIBTOOL in with-system-libtool path

The symptom of not including this is strange; with autoconf 2.67, some
of the libtool variables in config.status are incorrectly quoted and
configure crashes.

8 years agoNAS-Port is a text field. Don't cast it to integer origin/stable
Alan T. DeKok [Thu, 11 Nov 2010 08:42:51 +0000 (09:42 +0100)]
NAS-Port is a text field.  Don't cast it to integer

This solves the 2^31+1 problem.  Closes bug #112

8 years agoAdd group membership query
Alan T. DeKok [Thu, 11 Nov 2010 08:37:04 +0000 (09:37 +0100)]
Add group membership query

Closes bug #120

8 years agoInclude Mikrotik dictionary
Alan T. DeKok [Thu, 11 Nov 2010 08:35:02 +0000 (09:35 +0100)]
Include Mikrotik dictionary

Closes bug #121

8 years agoPrint out *which* socket could not be opened.
Alan T. DeKok [Wed, 10 Nov 2010 16:19:12 +0000 (17:19 +0100)]
Print out *which* socket could not be opened.

8 years agoThe NAS generates the MN-FA key, not the AAA
Alan T. DeKok [Wed, 10 Nov 2010 15:59:34 +0000 (16:59 +0100)]
The NAS generates the MN-FA key, not the AAA

Patch from Ben Weichman

8 years agoRemoved extra calls to HMAC_CTX_init()
Alan T. DeKok [Wed, 10 Nov 2010 14:13:20 +0000 (15:13 +0100)]
Removed extra calls to HMAC_CTX_init()

Noticed by James Ballantine

8 years agoAllow spaces in shared secret, as posted to the list.
Alan T. DeKok [Wed, 10 Nov 2010 13:06:35 +0000 (14:06 +0100)]
Allow spaces in shared secret, as posted to the list.

8 years agoAdd support for xlat'd challenge in rlm_eap_gtc
Alexander Clouter [Mon, 8 Nov 2010 18:29:30 +0000 (18:29 +0000)]
Add support for xlat'd challenge in rlm_eap_gtc

The FIXME in rlm_eap_gtc.c has gone on so long unloved.  God said, let
there be xlat'ing and so there was...

This patch shamelessly steals the xlat functionality in
rlm_eap_tls.c and slaps it into rlm_eap_gtc.c, thus lettings
you do handy things such as:
----
challenge = "%{reply:Reply-Message}"
----

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
8 years agoKeep track of "last in list" properly.
Alan T. DeKok [Mon, 8 Nov 2010 11:43:04 +0000 (12:43 +0100)]
Keep track of "last in list" properly.

Patch from James Ballantine.

Every other instance of "continue" in this function sets "tailfrom".
This one should, too.

8 years agoFix typos in previous commit
Alan T. DeKok [Wed, 3 Nov 2010 14:04:03 +0000 (10:04 -0400)]
Fix typos in previous commit

8 years agoDo checks on attribute *and* vendor.
Alan T. DeKok [Fri, 29 Oct 2010 18:07:37 +0000 (14:07 -0400)]
Do checks on attribute *and* vendor.

Doing it on just attr is no longer appropriate in 2.2

8 years agoUse VENDORPEC_MICROSOFT instead of hard-coded 311
Alan T. DeKok [Fri, 29 Oct 2010 17:50:29 +0000 (13:50 -0400)]
Use VENDORPEC_MICROSOFT instead of hard-coded 311

Also updated API for 2.2

8 years agoUse shift for VSAs instead of OR
Alan T. DeKok [Fri, 29 Oct 2010 17:48:53 +0000 (13:48 -0400)]
Use shift for VSAs instead of OR

8 years agoUpdated API for 2.2
Alan T. DeKok [Fri, 29 Oct 2010 17:47:27 +0000 (13:47 -0400)]
Updated API for 2.2

8 years agoUpdated API for 2.2.
Alan T. DeKok [Fri, 29 Oct 2010 17:45:57 +0000 (13:45 -0400)]
Updated API for 2.2.

8 years agoUpdated API for 2.2
Alan T. DeKok [Fri, 29 Oct 2010 17:43:50 +0000 (13:43 -0400)]
Updated API for 2.2

8 years agoFix typo in zombie period start time
Alan T. DeKok [Mon, 25 Oct 2010 10:34:55 +0000 (12:34 +0200)]
Fix typo in zombie period start time

8 years agoThe cert "bootstrap" code now checks certs for validity
Alan T. DeKok [Sat, 23 Oct 2010 06:57:58 +0000 (08:57 +0200)]
The cert "bootstrap" code now checks certs for validity

Otherwise, the server can load expired certificates.  The clients will
refuse to connect, via the usual "access-challenge followed by nothing"
issue.  A better approach is for the server to print an error message
on startup, and refuse to run.

8 years agoMore checks on handler_tree
Alan T. DeKok [Thu, 21 Oct 2010 13:09:11 +0000 (15:09 +0200)]
More checks on handler_tree

Use the pointer if it exists, not if debug_flag is set

8 years agoFix child state on corner case
Alan T. DeKok [Sun, 17 Oct 2010 16:21:25 +0000 (18:21 +0200)]
Fix child state on corner case

8 years agoAdd all home_servers in the configuration.
Alan T. DeKok [Fri, 15 Oct 2010 13:19:30 +0000 (15:19 +0200)]
Add all home_servers in the configuration.

Previously, the realms were added, then pools, then home servers.
This works, but it is awkward for dynamically adding home servers.

Instead, we should add home servers, then pools, and then realms.

8 years agoLink with libradius, too
Alan T. DeKok [Fri, 15 Oct 2010 00:21:33 +0000 (02:21 +0200)]
Link with libradius, too

8 years agoFix corner case when not threaded.
Alan T. DeKok [Fri, 15 Oct 2010 00:10:18 +0000 (02:10 +0200)]
Fix corner case when not threaded.

If the request is still running after 30s, it's probably because
it was proxied, and the home server didn't bother to respond.

8 years agoCheck data_len for internal TLVs
Alan T. DeKok [Wed, 13 Oct 2010 20:59:59 +0000 (22:59 +0200)]
Check data_len for internal TLVs

8 years agoFixes to build without PTHREADs
Alan T. DeKok [Wed, 13 Oct 2010 20:58:48 +0000 (22:58 +0200)]
Fixes to build without PTHREADs

8 years agouse RDEBUG
Phil Mayers [Tue, 12 Oct 2010 16:20:08 +0000 (17:20 +0100)]
use RDEBUG

8 years agoAdded REQUEST to soh_verify() parameters
Alan T. DeKok [Tue, 12 Oct 2010 11:12:13 +0000 (13:12 +0200)]
Added REQUEST to soh_verify() parameters

In preparation for DEBUG -> RDEBUG changes.

Also made rlm_soh return FAIL on bad SoH packets.

8 years agoProtect SoH server messages
Alan T. DeKok [Tue, 12 Oct 2010 11:07:12 +0000 (13:07 +0200)]
Protect SoH server messages

8 years agoMove the SoH code to the server directory
Alan T. DeKok [Tue, 12 Oct 2010 11:04:15 +0000 (13:04 +0200)]
Move the SoH code to the server directory

The code is suitable only for servers, not clients.  So it doesn't need
to be in the client library.

8 years agoUse handler mutex for checks, not session mutex
Alan T. DeKok [Tue, 12 Oct 2010 10:10:34 +0000 (12:10 +0200)]
Use handler mutex for checks, not session mutex

8 years agoFix parameters to soh_verify
Alan T. DeKok [Sat, 9 Oct 2010 15:52:56 +0000 (17:52 +0200)]
Fix parameters to soh_verify

8 years agoAdd "extern C {...} to header files for C++ builds.
Alan T. DeKok [Sat, 9 Oct 2010 11:53:44 +0000 (13:53 +0200)]
Add "extern C {...} to header files for C++ builds.

Also renamed "operator" to "op_token" for C++ builds.  This doesn't affect
the server core, but it should allow C++ modules to build.  It should
also allow C++ applications to use libfreeradius-radius

8 years agoCode in src/lib shouldn't reference the REQUEST structure
Alan T. DeKok [Fri, 8 Oct 2010 15:31:54 +0000 (17:31 +0200)]
Code in src/lib shouldn't reference the REQUEST structure

8 years agoShouldn't include <radiusd.h>
Alan T. DeKok [Fri, 8 Oct 2010 15:23:57 +0000 (17:23 +0200)]
Shouldn't include <radiusd.h>

8 years agoFixes for porting to "stable" branch
Alan T. DeKok [Fri, 8 Oct 2010 15:21:10 +0000 (17:21 +0200)]
Fixes for porting to "stable" branch

8 years agoMarked SoH module as "stable"
Alan T. DeKok [Fri, 8 Oct 2010 10:02:15 +0000 (12:02 +0200)]
Marked SoH module as "stable"

8 years agoAdded SoH functionality to the PEAP module
Phil Mayers [Fri, 8 Oct 2010 10:01:40 +0000 (12:01 +0200)]
Added SoH functionality to the PEAP module

8 years agoMoved "fake request" code into its own function
Phil Mayers [Fri, 8 Oct 2010 09:45:07 +0000 (11:45 +0200)]
Moved "fake request" code into its own function

8 years agoSoH docs & example
Phil Mayers [Fri, 8 Oct 2010 09:30:43 +0000 (11:30 +0200)]
SoH docs & example

8 years agoFix compiler warnings
Alan T. DeKok [Fri, 8 Oct 2010 09:29:15 +0000 (11:29 +0200)]
Fix compiler warnings

8 years agook, working SoH standalone module
Phil Mayers [Fri, 8 Oct 2010 09:26:15 +0000 (11:26 +0200)]
ok, working SoH standalone module

8 years agoBase SoH code for Microsoft NAP.
Phil Mayers [Fri, 8 Oct 2010 07:36:15 +0000 (09:36 +0200)]
Base SoH code for Microsoft NAP.

This code will be used by other protocols (PEAP, DHCP) to encode/decode
the SoH information.

8 years agoFix call to otp_write
Alan T. DeKok [Fri, 8 Oct 2010 07:28:08 +0000 (09:28 +0200)]
Fix call to otp_write

8 years agoFixes from clang / scan-build
Alan T. DeKok [Thu, 7 Oct 2010 08:30:12 +0000 (10:30 +0200)]
Fixes from clang / scan-build

Nothing to see here, folks.  Move along.

8 years agoSigned / unsigned fixes and function prototypes
Alan T. DeKok [Sun, 3 Oct 2010 09:53:10 +0000 (11:53 +0200)]
Signed / unsigned fixes and function prototypes

This reduces the number of warnings on compile.

8 years agoProtect pcap_fopen calls
Alan T. DeKok [Fri, 1 Oct 2010 13:35:28 +0000 (15:35 +0200)]
Protect pcap_fopen calls

Apparently not all versions of pcap have this <sigh>

8 years agoMore patches to build without certain features
Alan T. DeKok [Thu, 30 Sep 2010 10:28:32 +0000 (12:28 +0200)]
More patches to build without certain features

8 years agoAllow building WITHOUT_STATS
Alan T. DeKok [Thu, 30 Sep 2010 07:42:16 +0000 (09:42 +0200)]
Allow building WITHOUT_STATS

8 years agoEnable building WITHOUT_ACCOUNTING
Alan T. DeKok [Wed, 29 Sep 2010 14:36:24 +0000 (16:36 +0200)]
Enable building WITHOUT_ACCOUNTING

8 years agoEnable building #WITHOUT_PROXY
Alan T. DeKok [Wed, 29 Sep 2010 14:05:24 +0000 (16:05 +0200)]
Enable building #WITHOUT_PROXY

8 years agoIgnore post-proxy type if proxy is disabled
Alan T. DeKok [Wed, 29 Sep 2010 13:47:28 +0000 (15:47 +0200)]
Ignore post-proxy type if proxy is disabled

8 years agoBetter way of updating cf_data_add
Alan T. DeKok [Tue, 28 Sep 2010 11:03:56 +0000 (13:03 +0200)]
Better way of updating cf_data_add

8 years agoDisable example config in default build
Alan T. DeKok [Tue, 28 Sep 2010 10:07:30 +0000 (12:07 +0200)]
Disable example config in default build

8 years agoNote TLS-Client-Cert-* attributes
Alan T. DeKok [Mon, 27 Sep 2010 12:02:05 +0000 (14:02 +0200)]
Note TLS-Client-Cert-* attributes

8 years agoAdded '-F' to filter RADIUS from input to output
Alan T. DeKok [Sun, 26 Sep 2010 08:24:54 +0000 (10:24 +0200)]
Added '-F' to filter RADIUS from input to output

This can be used to "clean up" horrible pcap files that people create.
i.e. when asked for a RADIUS pcap file, they just capture *everything*
on the interface for a period of time.  This makes it harder to track
down the real RADIUS issues.

Adding -F makes it easy to filter the packets.

8 years agoFix long-standing bug where unix Groupcmp didn't work
Alan T. DeKok [Sat, 25 Sep 2010 15:57:09 +0000 (17:57 +0200)]
Fix long-standing bug where unix Groupcmp didn't work

It was looking in the wrong list for the user name.

8 years agoUpdates from redhat
Alan T. DeKok [Sat, 25 Sep 2010 20:13:12 +0000 (22:13 +0200)]
Updates from redhat

8 years agoUse server version for version string
Alan T. DeKok [Thu, 23 Sep 2010 12:06:29 +0000 (14:06 +0200)]
Use server version for version string

8 years agoFix condition for attribute not found
Alan T. DeKok [Wed, 22 Sep 2010 09:44:34 +0000 (11:44 +0200)]
Fix condition for attribute not found

This is a "false" comparison, but not a syntax error in the evaluation logic

8 years agoBootstrap CoA home servers, as they can stand alone.
Alan T. DeKok [Wed, 22 Sep 2010 06:04:22 +0000 (08:04 +0200)]
Bootstrap CoA home servers, as they can stand alone.

For the next rev, loop over all home servers *first*, before creating
the pools.

9 years agoMove variable declaration to the start of the block
Alan T. DeKok [Tue, 21 Sep 2010 09:09:44 +0000 (11:09 +0200)]
Move variable declaration to the start of the block

9 years agoMade listener_print be CONST
Alan T. DeKok [Tue, 21 Sep 2010 09:08:16 +0000 (11:08 +0200)]
Made listener_print be CONST

Manual merge of 3ab506f60fb46010a

9 years agoAdded toupper function
Alan T. DeKok [Tue, 21 Sep 2010 08:16:00 +0000 (10:16 +0200)]
Added toupper function

9 years agoAs posted to the list by Alexander Kubatkin
Alan T. DeKok [Tue, 21 Sep 2010 08:10:41 +0000 (10:10 +0200)]
As posted to the list by Alexander Kubatkin

9 years agoMore attributes as sent in by a nice person at HP
Alan T. DeKok [Tue, 21 Sep 2010 08:08:17 +0000 (10:08 +0200)]
More attributes as sent in by a nice person at HP

9 years agoAdded tolower function
Alan T. DeKok [Mon, 20 Sep 2010 14:49:13 +0000 (16:49 +0200)]
Added tolower function

9 years agoMultiple calls to ber_printf seem to work better. Closes #106
Alan T. DeKok [Sun, 19 Sep 2010 06:49:51 +0000 (08:49 +0200)]
Multiple calls to ber_printf seem to work better.  Closes #106

9 years agoRetry on write failure. Closes bug #58
Alan T. DeKok [Sun, 19 Sep 2010 06:46:06 +0000 (08:46 +0200)]
Retry on write failure.  Closes bug #58

9 years agoVarious fixes
Alan T. DeKok [Sun, 19 Sep 2010 06:41:44 +0000 (08:41 +0200)]
Various fixes

If timeout is zero, set it to 1^6.  That should be good enough.

Don't filter output through sed, this makes it impossible to kill the
"tail" process.

Catch the tail PID, and kill it on exit.

Trap on signals, not on normal exit.

Duplicate code in trap for normal exit.  This ensures that the code is
only executed once.

9 years agoFixed typo
Alan T. DeKok [Sat, 18 Sep 2010 15:21:56 +0000 (17:21 +0200)]
Fixed typo

9 years agoClean up loopback / inaddr_any checks
Alan T. DeKok [Sat, 18 Sep 2010 14:06:46 +0000 (16:06 +0200)]
Clean up loopback / inaddr_any checks

9 years agoAdded "del client <ipaddr>" command for dynamic clients
Alan T. DeKok [Fri, 17 Sep 2010 12:59:33 +0000 (14:59 +0200)]
Added "del client <ipaddr>" command for dynamic clients

9 years agoFix typo
Alan T. DeKok [Fri, 17 Sep 2010 10:13:23 +0000 (12:13 +0200)]
Fix typo

9 years agoAdded dynamic port-access attributes
Alan T. DeKok [Fri, 17 Sep 2010 09:07:12 +0000 (11:07 +0200)]
Added dynamic port-access attributes

As noted by HP

9 years agoRemoved unused attribute
Alan T. DeKok [Fri, 17 Sep 2010 09:06:31 +0000 (11:06 +0200)]
Removed unused attribute

HP says #47 isn't used by anyone.

9 years agoFix logic for using udpfromto
Alan T. DeKok [Thu, 16 Sep 2010 19:17:10 +0000 (21:17 +0200)]
Fix logic for using udpfromto

Notes from bug #110

9 years agoUse local EAP, even if the realm doesn't exist
Alan T. DeKok [Wed, 15 Sep 2010 14:59:08 +0000 (16:59 +0200)]
Use local EAP, even if the realm doesn't exist

9 years agoFix typo
Alan T. DeKok [Wed, 15 Sep 2010 11:38:06 +0000 (13:38 +0200)]
Fix typo

9 years agoAdded functions for sql_affected_rows and sql_error
Alan T. DeKok [Tue, 14 Sep 2010 00:52:55 +0000 (02:52 +0200)]
Added functions for sql_affected_rows and sql_error

These look like they're not used right now, but they're worth having

9 years agoAllow sqlite filename to be specified in the configuration file.
Alan T. DeKok [Tue, 14 Sep 2010 00:40:24 +0000 (02:40 +0200)]
Allow sqlite filename to be specified in the configuration file.

Undocumented for now.  Based on a patch from Sven Anders

9 years agoModule-Failure-Message goes in request, not in reply
Alan T. DeKok [Mon, 13 Sep 2010 14:55:34 +0000 (16:55 +0200)]
Module-Failure-Message goes in request, not in reply

9 years agoFix parameter passing issue. closes bug #105
Alan T. DeKok [Mon, 13 Sep 2010 09:55:36 +0000 (11:55 +0200)]
Fix parameter passing issue.  closes bug #105

9 years agoMoved to RST format.
Alan T. DeKok [Sun, 12 Sep 2010 08:57:05 +0000 (10:57 +0200)]
Moved to RST format.

9 years agoRenamed in preparation for moving to RST format.
Alan T. DeKok [Sun, 12 Sep 2010 08:51:59 +0000 (10:51 +0200)]
Renamed in preparation for moving to RST format.

9 years agoBe more forgiving when starting proxy sockets.
Alan T. DeKok [Tue, 14 Sep 2010 00:37:36 +0000 (02:37 +0200)]
Be more forgiving when starting proxy sockets.

Manual merge of 92beaf4f00ef

9 years agoAdd message from ntlm_auth to Module-Failure-Message
Alan T. DeKok [Fri, 10 Sep 2010 14:40:18 +0000 (16:40 +0200)]
Add message from ntlm_auth to Module-Failure-Message

9 years agoMore docs on the inner tunnel stuff
Alan T. DeKok [Fri, 10 Sep 2010 13:31:35 +0000 (15:31 +0200)]
More docs on the inner tunnel stuff

9 years agoFix typo in error message
Alan T. DeKok [Fri, 10 Sep 2010 12:22:16 +0000 (14:22 +0200)]
Fix typo in error message

9 years agoFix typo in command-line option
Alan T. DeKok [Fri, 10 Sep 2010 11:55:47 +0000 (13:55 +0200)]
Fix typo in command-line option

And set "libltdl-installable" if we're using our local libltdl.
Otherwise, it will *still* use the system one.  <sigh>

9 years agoAdd support for extended attributes: draft-dekok-radext-radius-extensions
Alan T. DeKok [Thu, 9 Sep 2010 13:29:29 +0000 (15:29 +0200)]
Add support for extended attributes: draft-dekok-radext-radius-extensions

We can encode / decode all non-TLV types without a problem.
TLVs are currently limited to one level (241.1.2), and to the
length of the encapsulating RADIUS attribute.

The "M" flag for extended attributes with flags is not supported.

9 years agoClose file on error condition
Alan T. DeKok [Thu, 9 Sep 2010 12:49:01 +0000 (14:49 +0200)]
Close file on error condition

9 years agoFree memory if out of memory
Alan T. DeKok [Thu, 9 Sep 2010 12:40:48 +0000 (14:40 +0200)]
Free memory if out of memory

9 years agoEnsure we leave room for the trailing NUL
Alan T. DeKok [Thu, 9 Sep 2010 12:33:03 +0000 (14:33 +0200)]
Ensure we leave room for the trailing NUL

9 years agoUpdating dictionary.erx based on Juniper documentation
Bjørn Mork [Wed, 8 Sep 2010 13:17:15 +0000 (15:17 +0200)]
Updating dictionary.erx based on Juniper documentation

Also adding a note about JUNOS (M/MX) usage of this dictionary.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
9 years agoPrint error message if we're not configured to listen on any ports
Alan T. DeKok [Thu, 9 Sep 2010 11:15:04 +0000 (13:15 +0200)]
Print error message if we're not configured to listen on any ports

Manual merge of a50005713e5238

9 years agoAdded missing check for lookup
Alan T. DeKok [Wed, 8 Sep 2010 06:05:50 +0000 (08:05 +0200)]
Added missing check for lookup