Matthew Newton [Thu, 27 Sep 2012 22:38:57 +0000 (23:38 +0100)]
move User-Password warning from auth.c to rlm_pap
Matthew Newton [Thu, 27 Sep 2012 22:18:08 +0000 (23:18 +0100)]
Don't copy User-Password -> Cleartext-Password. They need to reconfigure if it breaks.
Matthew Newton [Thu, 27 Sep 2012 21:41:36 +0000 (22:41 +0100)]
Remove code for Auth-Types Local and Crypt; pap or chap should be used instead
Arran Cudbard-Bell [Thu, 27 Sep 2012 18:07:04 +0000 (19:07 +0100)]
debug: should output previous level instead of the level that was just set.
Don't set debug to 0 if no fmt string was passed, do nothing.
Arran Cudbard-Bell [Thu, 27 Sep 2012 12:58:30 +0000 (14:58 +0200)]
Update share/dictionary.bskyb
Arran Cudbard-Bell [Thu, 27 Sep 2012 12:57:52 +0000 (14:57 +0200)]
Latest updates
Alan T. DeKok [Thu, 27 Sep 2012 11:46:40 +0000 (13:46 +0200)]
Document cache parameters in listen + tls, too
Alan DeKok [Thu, 27 Sep 2012 10:07:56 +0000 (03:07 -0700)]
Merge pull request #93 from mcnewton/rad_virtual_server
Update post-auth handling in rad_authenticate etc
Alan DeKok [Thu, 27 Sep 2012 10:07:27 +0000 (03:07 -0700)]
Merge pull request #92 from philmayers/sess-persist
add the ability to persist SSL session cache to disk across server restarts
Matthew Newton [Tue, 25 Sep 2012 22:24:10 +0000 (23:24 +0100)]
rlm_eap virtual servers now call postauth for both accept and reject
Matthew Newton [Tue, 25 Sep 2012 22:04:04 +0000 (23:04 +0100)]
Add rad_virtual_server to call rad_authenticate and rad_postauth
Matthew Newton [Tue, 25 Sep 2012 21:42:26 +0000 (22:42 +0100)]
Move rad_postauth ACCEPT from rad_authenticate to request_finish
Arran Cudbard-Bell [Tue, 25 Sep 2012 19:59:57 +0000 (20:59 +0100)]
Remove duplicate version/copyright info
Print compilation flags at DEBUG >= 3 (this is actually useful if you're using a package version)
Arran Cudbard-Bell [Tue, 25 Sep 2012 15:30:53 +0000 (16:30 +0100)]
Pass rpath when installing libeap
Arran Cudbard-Bell [Tue, 25 Sep 2012 13:15:14 +0000 (14:15 +0100)]
More AL attributes to support their NAT features
Alan T. DeKok [Sat, 22 Sep 2012 07:58:55 +0000 (09:58 +0200)]
Check for dlopen, too
Alan T. DeKok [Sat, 22 Sep 2012 07:51:53 +0000 (09:51 +0200)]
If we can't install, print error rather than SEGV
Alan T. DeKok [Sat, 22 Sep 2012 07:51:36 +0000 (09:51 +0200)]
Add -rpath to allow it to link && install
Alan T. DeKok [Sat, 22 Sep 2012 07:32:32 +0000 (09:32 +0200)]
Hack dependencies to get "touch foo.c;make install" to work
the installed files depend on the "relink" versions, which have
the correct library paths in them. The normal versions have the
in-source paths, to allow in-source execution.
The relink versions now have a dependency on the normal versions,
which causes the normal versions to get built, too.
We should probably change the "relink" target to "final", and
get rid of the ADD_LIBTOOL_PATH stuff.
Phil Mayers [Fri, 21 Sep 2012 12:45:22 +0000 (13:45 +0100)]
add the ability to persist SSL session cache to disk across server restarts
Arran Cudbard-Bell [Fri, 21 Sep 2012 12:08:51 +0000 (13:08 +0100)]
Add safe-characters function from rlm_sql
Arran Cudbard-Bell [Thu, 20 Sep 2012 17:17:48 +0000 (10:17 -0700)]
Merge pull request #91 from philmayers/ldap-xlat-escape
we should use ldap_escape_func when escaping the URL
Phil Mayers [Thu, 20 Sep 2012 16:24:55 +0000 (17:24 +0100)]
we should use ldap_escape_func when escaping the URL
Arran Cudbard-Bell [Thu, 20 Sep 2012 13:25:47 +0000 (14:25 +0100)]
Start removing the old one char expansions
Arran Cudbard-Bell [Thu, 20 Sep 2012 12:55:08 +0000 (13:55 +0100)]
Move string manipulation functions from xlat.c to rlm_expr
Arran Cudbard-Bell [Thu, 20 Sep 2012 12:54:16 +0000 (13:54 +0100)]
Remove b from randstr and implement h (hex encoded b)
Arran Cudbard-Bell [Thu, 20 Sep 2012 12:49:19 +0000 (13:49 +0100)]
Mark instance as unused in %{rand:}
Alan DeKok [Thu, 20 Sep 2012 08:26:29 +0000 (01:26 -0700)]
Merge pull request #90 from philmayers/urlquote
add urlquote xlat - useful for LDAP DNs with comma, backslash
Phil Mayers [Wed, 19 Sep 2012 16:21:06 +0000 (17:21 +0100)]
add urlquote xlat - useful for LDAP DNs with comma, backslash
Arran Cudbard-Bell [Wed, 19 Sep 2012 14:00:16 +0000 (15:00 +0100)]
Quiet the compiler
Arran Cudbard-Bell [Wed, 19 Sep 2012 13:30:01 +0000 (14:30 +0100)]
Add dictionary for BSkyB
Alan Buxey [Tue, 18 Sep 2012 21:24:52 +0000 (22:24 +0100)]
remove compilation warnings
2 "warning: format '%ld' expects type 'long int', but argument 3 has
type 'ssize_t'" messages removed
Alan Buxey [Tue, 18 Sep 2012 19:53:42 +0000 (20:53 +0100)]
removed 2 compilation warnings
macaddr->length and sizeof are unsigned longs
Arran Cudbard-Bell [Tue, 18 Sep 2012 13:15:14 +0000 (14:15 +0100)]
Don't use ci to iterate over subsections if we might need to use it for logging later
Arran Cudbard-Bell [Mon, 17 Sep 2012 12:52:45 +0000 (13:52 +0100)]
Update links that point to wiki pages
Arran Cudbard-Bell [Mon, 17 Sep 2012 12:42:51 +0000 (13:42 +0100)]
Add bounds check for max_queue_size
Alan T. DeKok [Tue, 21 Aug 2012 13:31:09 +0000 (15:31 +0200)]
Use max_queue_size when initializing the queues
Arran Cudbard-Bell [Sun, 16 Sep 2012 08:49:33 +0000 (09:49 +0100)]
Add alphanumeric char class
Alan T. DeKok [Sun, 16 Sep 2012 07:38:55 +0000 (09:38 +0200)]
Use -rpath on install, so that we know the installation path
Alan T. DeKok [Sun, 16 Sep 2012 07:38:32 +0000 (09:38 +0200)]
Better errors. Use install path, if it exists
Arran Cudbard-Bell [Sat, 15 Sep 2012 18:23:10 +0000 (19:23 +0100)]
Add randstr expansion to generate random strings up to 256 bytes
Alan T. DeKok [Sun, 29 Apr 2012 07:23:23 +0000 (09:23 +0200)]
As posted to the Wiki
Alan T. DeKok [Fri, 14 Sep 2012 15:01:18 +0000 (17:01 +0200)]
Remove --finish for library directory
Alan T. DeKok [Fri, 14 Sep 2012 15:01:08 +0000 (17:01 +0200)]
Finish getting rid of radwatch
Alan T. DeKok [Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)]
Skip OCSP if there's no host / port / url
Manual port of
ff3f27d27.
Arran Cudbard-Bell [Fri, 14 Sep 2012 07:45:34 +0000 (08:45 +0100)]
Fix typo
Arran Cudbard-Bell [Thu, 13 Sep 2012 18:21:46 +0000 (19:21 +0100)]
git show-ref works in more cases than git tag
Alan T. DeKok [Thu, 13 Sep 2012 13:00:13 +0000 (15:00 +0200)]
Hacks to make it work with jlibtool
Alan T. DeKok [Thu, 13 Sep 2012 12:56:25 +0000 (14:56 +0200)]
Fix pattern substitution to work only for C/CPP
$(SRCS:.c=.o) followed by $(SRCS:.cpp=.o) results in any ".c" files
being added to the output. Using GNU Make features helps fix this
Alan T. DeKok [Thu, 13 Sep 2012 12:54:46 +0000 (14:54 +0200)]
Allow building without TLS
Alan T. DeKok [Thu, 13 Sep 2012 12:39:36 +0000 (14:39 +0200)]
Accept --quiet as a synonym for --silent
Alan T. DeKok [Mon, 10 Sep 2012 06:20:13 +0000 (08:20 +0200)]
Fix CVE-2012-3547. Found by Timo Warns.
Arran Cudbard-Bell [Wed, 12 Sep 2012 17:53:08 +0000 (10:53 -0700)]
Merge pull request #86 from armitasp/master
policy for operator-name injection
Scott Armitage [Wed, 12 Sep 2012 17:47:09 +0000 (19:47 +0200)]
Update raddb/sites-available/default
Scott Armitage [Wed, 12 Sep 2012 17:44:54 +0000 (19:44 +0200)]
Update raddb/policy.d/operator-name
proposed changes by aaron
Arran Cudbard-Bell [Wed, 12 Sep 2012 16:40:07 +0000 (17:40 +0100)]
Fix typo
Arran Cudbard-Bell [Wed, 12 Sep 2012 16:21:54 +0000 (18:21 +0200)]
Remove radwatch from configure scripts
Arran Cudbard-Bell [Wed, 12 Sep 2012 14:50:17 +0000 (16:50 +0200)]
Document the upgrade process for rlm_sql
Arran Cudbard-Bell [Wed, 12 Sep 2012 13:04:38 +0000 (15:04 +0200)]
Note more 3.0 features
GEANT GN3 JRA3 T1 [Tue, 11 Sep 2012 12:37:34 +0000 (13:37 +0100)]
Policy for injecting operator-name
Arran Cudbard-Bell [Sat, 8 Sep 2012 20:16:39 +0000 (21:16 +0100)]
Minor fixes
Alan T. DeKok [Sun, 2 Sep 2012 08:12:14 +0000 (10:12 +0200)]
Added script for monit
Arran Cudbard-Bell [Sat, 8 Sep 2012 20:19:52 +0000 (21:19 +0100)]
Remove old radwatch script
Arran Cudbard-Bell [Fri, 7 Sep 2012 16:01:59 +0000 (17:01 +0100)]
Don't die if the clients file doesn't contain client <name> {}
Arran Cudbard-Bell [Fri, 7 Sep 2012 15:39:27 +0000 (16:39 +0100)]
Don't die if the clients file doesn't contain client {}
Arran Cudbard-Bell [Fri, 7 Sep 2012 13:47:39 +0000 (14:47 +0100)]
Hungroups and hints should default to NULL, so theyre disabled if omitted
Arran Cudbard-Bell [Thu, 6 Sep 2012 16:55:27 +0000 (18:55 +0200)]
Update src/modules/rlm_cache/rlm_cache.c
Arran Cudbard-Bell [Thu, 6 Sep 2012 16:50:15 +0000 (18:50 +0200)]
Add cache to accounting and preacct
Alan T. DeKok [Thu, 6 Sep 2012 09:32:16 +0000 (11:32 +0200)]
Check for more parse errors when reading dicts. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 09:25:45 +0000 (11:25 +0200)]
Double-check that we don't over-run the buffer
Alan T. DeKok [Thu, 6 Sep 2012 09:22:24 +0000 (11:22 +0200)]
Check for memset of zero
Alan T. DeKok [Thu, 6 Sep 2012 09:21:09 +0000 (11:21 +0200)]
Close directory when done with it. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 09:18:15 +0000 (11:18 +0200)]
Close socket on error. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 09:11:02 +0000 (11:11 +0200)]
Close FD if there's nothing to log. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 09:09:46 +0000 (11:09 +0200)]
Ensure all fields are initialized
Alan T. DeKok [Thu, 6 Sep 2012 09:00:26 +0000 (11:00 +0200)]
Fix possible bug
Alan T. DeKok [Thu, 6 Sep 2012 08:57:53 +0000 (10:57 +0200)]
Fix use after free. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 08:54:27 +0000 (10:54 +0200)]
Only log known Acct-Status-Types. Bug found by Coverity
Alan T. DeKok [Thu, 6 Sep 2012 08:52:06 +0000 (10:52 +0200)]
Corrected bug with NS-MTA-MD5 passwords. Found by coverity.
Alan T. DeKok [Thu, 6 Sep 2012 08:42:18 +0000 (10:42 +0200)]
Remove double free. Found by Coverity
Arran Cudbard-Bell [Thu, 6 Sep 2012 08:58:19 +0000 (10:58 +0200)]
Add debug option
Arran Cudbard-Bell [Wed, 5 Sep 2012 17:46:25 +0000 (18:46 +0100)]
Add hup to default logrotate script
Arran Cudbard-Bell [Wed, 5 Sep 2012 17:23:13 +0000 (18:23 +0100)]
Allow defaults to come from env
Alan T. DeKok [Wed, 5 Sep 2012 14:50:10 +0000 (16:50 +0200)]
CFLAGS now includes OPENSSL_INCLUDE
So we can remove it from all sub-makefiles
Alan T. DeKok [Wed, 5 Sep 2012 14:44:05 +0000 (16:44 +0200)]
Make it build using old Make && new jlibtool
Arran Cudbard-Bell [Wed, 5 Sep 2012 13:29:27 +0000 (15:29 +0200)]
Disable ticket cache in the default configuration
Alan T. DeKok [Tue, 4 Sep 2012 13:12:52 +0000 (15:12 +0200)]
Fix build error
Alan T. DeKok [Tue, 4 Sep 2012 13:01:51 +0000 (15:01 +0200)]
Fix typo in m4 macro
Arran Cudbard-Bell [Wed, 5 Sep 2012 10:19:26 +0000 (12:19 +0200)]
Update wiki link
Arran Cudbard-Bell [Tue, 28 Aug 2012 10:20:06 +0000 (11:20 +0100)]
Add option to disable krb5 cache
Alan T. DeKok [Tue, 4 Sep 2012 12:27:01 +0000 (14:27 +0200)]
Remove very old libltdl
We now use dlopen() where possible. If --with-system-libltdl
is passed to configure, we use the systems version of libltdl.
Shipping our own version of libltdl is no longer necessary.
Alan T. DeKok [Tue, 4 Sep 2012 12:24:33 +0000 (14:24 +0200)]
Update configure to not use our local libltdl
Alan T. DeKok [Tue, 4 Sep 2012 12:19:11 +0000 (14:19 +0200)]
Switch to using dlopen() instead of libltdl.
And there was much rejoicing.
This commit does little more than change WITHOUT_LIBLTDL for WITH_LIBLTDL.
Previously, you had to specifically request WITHOUT_LIBLTDL.
Now you have to specifically request LIBLTDL.
Alan T. DeKok [Tue, 4 Sep 2012 12:13:51 +0000 (14:13 +0200)]
Disable EAP-PWD by default.
It's not available in all versions of OpenSSL
Arran Cudbard-Bell [Mon, 3 Sep 2012 11:00:38 +0000 (12:00 +0100)]
Tweak file read/parse errors, they're confusing when that's all you see
Arran Cudbard-Bell [Fri, 31 Aug 2012 14:49:21 +0000 (15:49 +0100)]
Add configuration check on restart/reload
Add configtest option
Switch to lsb functions for start/stop
Alan T. DeKok [Fri, 31 Aug 2012 06:04:33 +0000 (08:04 +0200)]
Drop packets means drop packets
Arran Cudbard-Bell [Thu, 30 Aug 2012 12:34:02 +0000 (13:34 +0100)]
Add BT dictionary
Arran Cudbard-Bell [Wed, 29 Aug 2012 17:57:23 +0000 (18:57 +0100)]
Unique indexes for everybody!
Alan T. DeKok [Wed, 29 Aug 2012 16:40:03 +0000 (18:40 +0200)]
Check for NULL secret on dynamic clients