Alan T. DeKok [Sat, 5 Sep 2009 16:17:26 +0000 (18:17 +0200)]
First stab at removing libltdl.
The code is protected by preprocessor directives so that it doesn't
affect the release. But it's a good first step to removing insanity.
Alan T. DeKok [Sat, 5 Sep 2009 15:54:43 +0000 (17:54 +0200)]
Reference $(INCLTDL) instead of fixed link
This means that all of the system builds with the same version
of libltdl, either the local OR the system one
Alan T. DeKok [Sat, 5 Sep 2009 15:37:31 +0000 (17:37 +0200)]
Work around insane retarded libtool && libltdl issues.
Alan T. DeKok [Fri, 4 Sep 2009 09:00:04 +0000 (11:00 +0200)]
Added --with-system-libltdl
To avoid horrible libtool && libltld incompatibilities
Alan T. DeKok [Thu, 3 Sep 2009 13:33:09 +0000 (15:33 +0200)]
As posted to the list
Alan T. DeKok [Thu, 3 Sep 2009 13:31:42 +0000 (15:31 +0200)]
Fix values as note on list
and
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml
Alan T. DeKok [Wed, 2 Sep 2009 12:00:21 +0000 (14:00 +0200)]
Remove reference to cui.conf which isn't added yet
Alan T. DeKok [Wed, 2 Sep 2009 08:59:20 +0000 (10:59 +0200)]
Lots of notes prior to 2.1.7
Alan T. DeKok [Tue, 1 Sep 2009 12:49:39 +0000 (14:49 +0200)]
Set DF flag for packets from the server, too
Alan T. DeKok [Sat, 29 Aug 2009 08:54:25 +0000 (10:54 +0200)]
Return 0 if no counter exists
root [Mon, 24 Aug 2009 10:44:47 +0000 (11:44 +0100)]
Signed-off-by: root <root@pclinux-ccalmb.lut.ac.uk>
fixed example ntlm_auth command so that it doesnt throw up unlang warning message
Alan T. DeKok [Sat, 29 Aug 2009 08:44:54 +0000 (10:44 +0200)]
Added comments and simplified code
Alan T. DeKok [Fri, 21 Aug 2009 09:29:21 +0000 (11:29 +0200)]
As posted to the list
Alan T. DeKok [Thu, 20 Aug 2009 08:52:44 +0000 (10:52 +0200)]
Allow 100% to mean "read as fast as possible"
Alan T. DeKok [Thu, 20 Aug 2009 07:08:32 +0000 (09:08 +0200)]
Packet may not exist, so check for that, too
Alan T. DeKok [Wed, 19 Aug 2009 07:04:26 +0000 (09:04 +0200)]
Minor updates
Alan T. DeKok [Wed, 19 Aug 2009 06:58:47 +0000 (08:58 +0200)]
Disallow NULL for regex comparisons
Alan T. DeKok [Tue, 18 Aug 2009 15:23:49 +0000 (17:23 +0200)]
Fix more typos
Alan T. DeKok [Tue, 18 Aug 2009 10:07:40 +0000 (12:07 +0200)]
Fixed typo
Alan T. DeKok [Tue, 18 Aug 2009 08:31:43 +0000 (10:31 +0200)]
Turn off the DF bit.
Alan T. DeKok [Tue, 18 Aug 2009 07:47:19 +0000 (09:47 +0200)]
Fix args to printfy
Alan T. DeKok [Mon, 17 Aug 2009 12:25:57 +0000 (14:25 +0200)]
Add notes on SHA1 versus MD5
Alan T. DeKok [Mon, 17 Aug 2009 10:14:01 +0000 (12:14 +0200)]
Allow "no response" to DHCPy
Alan T. DeKok [Mon, 17 Aug 2009 06:53:47 +0000 (08:53 +0200)]
Catch non-fatal race conditions
Alan T. DeKok [Sat, 15 Aug 2009 05:45:05 +0000 (07:45 +0200)]
Fix typo in last commit
Alan T. DeKok [Fri, 14 Aug 2009 12:53:24 +0000 (14:53 +0200)]
Chave the hash comparison algorithm to avoid timing attacks
Alan T. DeKok [Thu, 13 Aug 2009 08:06:03 +0000 (10:06 +0200)]
Internal functions should be static
Alan T. DeKok [Thu, 13 Aug 2009 08:03:27 +0000 (10:03 +0200)]
Added query_timeout parameter. For now, it does nothing.
It is therefore not documented, either.
Alan T. DeKok [Thu, 13 Aug 2009 08:01:42 +0000 (10:01 +0200)]
Alpha version from Gabriel Blanchard
Alan T. DeKok [Wed, 12 Aug 2009 15:14:28 +0000 (17:14 +0200)]
Fix minor issue
Alan T. DeKok [Wed, 12 Aug 2009 12:15:58 +0000 (14:15 +0200)]
Look up home servers by type, too.
Alan T. DeKok [Wed, 12 Aug 2009 09:12:49 +0000 (11:12 +0200)]
Remove final restrictions on attributes > 32767
Alan T. DeKok [Wed, 12 Aug 2009 08:48:12 +0000 (10:48 +0200)]
Move restrictions on vendor ID from 32767 to 65535
Now that "attr" is stored as an unsigned integer.
Based on a patch from Rafael Ugolini
Alan T. DeKok [Wed, 12 Aug 2009 08:22:23 +0000 (10:22 +0200)]
Moved prototypes to a better place
Alan T. DeKok [Wed, 12 Aug 2009 08:10:45 +0000 (10:10 +0200)]
Move "attr" to unsigned int
So that we don't have to worry about whether or not the high bit is set
Alan T. DeKok [Wed, 12 Aug 2009 05:46:21 +0000 (07:46 +0200)]
Add "const" and remove compiler warningsy
Alan T. DeKok [Tue, 11 Aug 2009 12:35:29 +0000 (14:35 +0200)]
Make code consistent with examples.
Fixes bug #10
Alan T. DeKok [Mon, 10 Aug 2009 17:14:39 +0000 (19:14 +0200)]
request may be NULL
Alan T. DeKok [Mon, 10 Aug 2009 10:17:11 +0000 (12:17 +0200)]
RFC 5580 and dictionary
Alan T. DeKok [Sun, 9 Aug 2009 15:26:41 +0000 (17:26 +0200)]
Cache module lists for VMPS and DHCP
Alan T. DeKok [Wed, 5 Aug 2009 13:36:21 +0000 (15:36 +0200)]
Remove wrong documentation
Alan T. DeKok [Mon, 3 Aug 2009 09:35:27 +0000 (11:35 +0200)]
Use more fields in the query.
These are the same fields used for the other queries, so it makes
sense to use them here
Based on a patch from Chris Moules.
Alan T. DeKok [Mon, 3 Aug 2009 09:27:12 +0000 (11:27 +0200)]
Allow home_server_pools to exist without realms
via a pretty bad hack. The previous code assumed that the home
servers were all loaded, which wasn't true. This fix is temporary,
and should be replaced by one that:
1 loads all home servers
2 loads all home_server_pools
3 loads all realms
Right now, it loads the realms, and uses those to bootstrap the
pools and servers. This is arguably wrong.
Boian Jordanov [Wed, 29 Jul 2009 07:56:54 +0000 (10:56 +0300)]
Moved pthread keys to the "perl_inst" struct. Keys are allocated
per thread, and not via pthread_once.
Alan T. DeKok [Wed, 29 Jul 2009 15:32:23 +0000 (17:32 +0200)]
As posted to bug #7
Alan T. DeKok [Wed, 29 Jul 2009 15:30:20 +0000 (17:30 +0200)]
Log reasons for failure.
Closes bug #8
Alan T. DeKok [Mon, 27 Jul 2009 08:04:44 +0000 (10:04 +0200)]
Move chown to place where it checks for log file existence
Alan T. DeKok [Mon, 27 Jul 2009 07:56:48 +0000 (09:56 +0200)]
Don't increment total_requests for proxied packets
This causes double counting. Instead, only touch outstanding_requests
which is protected by the proxy mutex
Alan T. DeKok [Mon, 27 Jul 2009 07:50:55 +0000 (09:50 +0200)]
Set state to RUNNING when proxying fails
Alan T. DeKok [Mon, 27 Jul 2009 07:34:48 +0000 (09:34 +0200)]
Make %l work
Alan T. DeKok [Mon, 27 Jul 2009 07:33:33 +0000 (09:33 +0200)]
Fix use of memset.
This closes bug #6
Alan T. DeKok [Fri, 17 Jul 2009 14:07:33 +0000 (16:07 +0200)]
suid down earlier, ensure log files have correct ownership
Alan T. DeKok [Fri, 17 Jul 2009 12:45:15 +0000 (14:45 +0200)]
Move zombie checks to later so other rules apply, too
Alan T. DeKok [Fri, 17 Jul 2009 12:33:23 +0000 (14:33 +0200)]
Allow requests to fail over to live servers earlier
Alan T. DeKok [Wed, 15 Jul 2009 13:37:54 +0000 (15:37 +0200)]
Added wildcard to sub-dirs
So that you can delete directories you don't need after configure
Alan T. DeKok [Wed, 15 Jul 2009 10:04:54 +0000 (12:04 +0200)]
Fix typo
Alan T. DeKok [Wed, 15 Jul 2009 09:04:47 +0000 (11:04 +0200)]
Better handle variable that isn't in the module instance
This kind of thing should be discouraged...
Alan T. DeKok [Mon, 13 Jul 2009 14:23:06 +0000 (16:23 +0200)]
Allow response_window && zombie_period to be smaller.
Accept values outside of the recommended range.
Also when proxying, skip home servers that are marked zombie.
They're not responding, so for *new* requests, we treat them
like they're dead
Alan T. DeKok [Thu, 9 Jul 2009 13:00:06 +0000 (15:00 +0200)]
Fix for newer versions of MySQL
Alan T. DeKok [Thu, 9 Jul 2009 08:46:14 +0000 (10:46 +0200)]
Use postgresl style comments
Based on patch from Wickert Akkerman
Alan T. DeKok [Wed, 8 Jul 2009 06:46:33 +0000 (08:46 +0200)]
Fix typos
Alan T. DeKok [Wed, 8 Jul 2009 06:44:29 +0000 (08:44 +0200)]
Fix for newer versions of MySQL
Alan T. DeKok [Mon, 6 Jul 2009 08:18:23 +0000 (10:18 +0200)]
Added sample radrelay.conf
Alan T. DeKok [Sun, 5 Jul 2009 08:02:05 +0000 (10:02 +0200)]
Made thread pool section optional
If it doesn't exist, the server will run single threaded
Alan T. DeKok [Fri, 3 Jul 2009 20:08:18 +0000 (22:08 +0200)]
Preliminary implementation of DHCP relay
For now, it can only relay packets if giaddr = 0.
If giaddr != 0, we are required to cache the packet by XID/MAC, so that
we can capture the response on the DHCP port, look up the XID/MAC, and
respond to the client.
We will also need to update the fr_dhcp_encode function, which can
currently only respond to clients, and not originate packets.
Alan T. DeKok [Fri, 3 Jul 2009 16:16:15 +0000 (18:16 +0200)]
Use new name
Alan T. DeKok [Fri, 3 Jul 2009 11:13:08 +0000 (13:13 +0200)]
Suppress more messages in debugging mode
Alan T. DeKok [Fri, 3 Jul 2009 07:34:21 +0000 (09:34 +0200)]
First draft of CUI policies
Taken from http://github.com/twoln/freeradius-server/
with edits for consistency and clarity
Alan T. DeKok [Fri, 3 Jul 2009 06:57:38 +0000 (08:57 +0200)]
Allow UTF-8 in SQL log
Based on patch from http://github.com/stjaeger/freeradius-server/commit/
769d35691ef3adbf4de84602a63a72df00712b2c
Alan T. DeKok [Thu, 2 Jul 2009 13:55:51 +0000 (15:55 +0200)]
Document chase_referrals and rebind
Alan T. DeKok [Thu, 2 Jul 2009 13:51:24 +0000 (15:51 +0200)]
Extend the logging capabilities of auth good/badpass
Alan T. DeKok [Wed, 1 Jul 2009 07:17:31 +0000 (09:17 +0200)]
Updates as posted by David Hobley
Alan T. DeKok [Tue, 30 Jun 2009 14:57:42 +0000 (16:57 +0200)]
If the previous evaluation failed, don't process '!'
This catches the case of ((expr1) && !(expr2)), where it
would still process expr2 if expr1 failed.
Alan T. DeKok [Thu, 25 Jun 2009 18:57:00 +0000 (20:57 +0200)]
Remove bad assertion
Alan T. DeKok [Fri, 19 Jun 2009 14:02:24 +0000 (16:02 +0200)]
Fix typos
Alan T. DeKok [Fri, 19 Jun 2009 09:57:44 +0000 (11:57 +0200)]
A number of fixes for the DHCP code.
- send server identifier in siaddr field, too
- find message-type option anywhere in the packet, not just
at the start
- respond to unicast packets that have yiaddr == giaddr == 0
Alan T. DeKok [Wed, 17 Jun 2009 10:35:04 +0000 (12:35 +0200)]
Sort attributes, and print times as offsets
Alan T. DeKok [Wed, 17 Jun 2009 06:26:27 +0000 (08:26 +0200)]
Note recent changes
Alan T. DeKok [Wed, 17 Jun 2009 05:35:43 +0000 (07:35 +0200)]
Document Cleartext-Password
Alan T. DeKok [Wed, 17 Jun 2009 05:34:18 +0000 (07:34 +0200)]
Allow for overload, to read packets as fast as possible
Alan T. DeKok [Tue, 16 Jun 2009 14:39:57 +0000 (16:39 +0200)]
Removed requirement for DHCP to have clients
Alan T. DeKok [Tue, 16 Jun 2009 14:38:02 +0000 (16:38 +0200)]
Added udpfromto support for sending, too
Alan T. DeKok [Tue, 16 Jun 2009 13:55:08 +0000 (15:55 +0200)]
Added the ability to selectively mark a module as alive/dead
This is useful for when you KNOW that a server is down for a long
time, but you don't want to edit your configuration.
Alan T. DeKok [Tue, 16 Jun 2009 12:52:40 +0000 (14:52 +0200)]
Option to suppress packet contents
Alan T. DeKok [Tue, 16 Jun 2009 12:22:47 +0000 (14:22 +0200)]
Make radsniff more useful.
It now prints out LESS information, like the RADIUS filters && secret.
That information can be printed out using '-X' (should be -x)
Fixed pointer type for IP, to catch alignment issues.
use data + size, NOT ethernet + size
Cleaned up output so it's easier to read, and includes timestamps.
Added packet tree for filters. IF there's a filter, AND it matches
a request packet, THEN also print out the reply packet for that request
Alan T. DeKok [Mon, 15 Jun 2009 14:50:12 +0000 (16:50 +0200)]
Updated to apply packet src/dst rules BEFORE printing header out
Otherwise, debugging mode prints out the wrong information
Alan T. DeKok [Mon, 15 Jun 2009 14:39:39 +0000 (16:39 +0200)]
Make it work on Mac OS X
Alan T. DeKok [Mon, 15 Jun 2009 12:23:12 +0000 (14:23 +0200)]
Fix stupid typo
Alan T. DeKok [Mon, 15 Jun 2009 09:41:15 +0000 (11:41 +0200)]
Fixed typo
Alan T. DeKok [Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)]
Document how to filter access-challenges
Alan T. DeKok [Mon, 15 Jun 2009 07:51:38 +0000 (09:51 +0200)]
Run packet through processing ONLY if we have a reply
Alan T. DeKok [Sun, 14 Jun 2009 06:25:52 +0000 (08:25 +0200)]
Hack the dhcp offset
The dictionary files don't agree with the code, so we've got to
fix the code
Alan T. DeKok [Thu, 11 Jun 2009 08:38:24 +0000 (10:38 +0200)]
More debugging messages
Alan T. DeKok [Thu, 11 Jun 2009 08:37:51 +0000 (10:37 +0200)]
More debugging messages
Alan T. DeKok [Thu, 11 Jun 2009 07:55:48 +0000 (09:55 +0200)]
Include chillispot dictionary
Alan T. DeKok [Tue, 9 Jun 2009 07:46:29 +0000 (09:46 +0200)]
Filter Access-Challenge packets, too
Alan T. DeKok [Sat, 6 Jun 2009 07:42:40 +0000 (09:42 +0200)]
Some clients end option 53 buried inside of the packet.
Pointed out on the list by Martin Lorentz
Alan T. DeKok [Tue, 2 Jun 2009 08:35:38 +0000 (10:35 +0200)]
Mark the proxy mutex as being recursive
Some systems needs this to avoid deadlocks. Others (Linux) don't
Alan T. DeKok [Mon, 1 Jun 2009 22:07:01 +0000 (00:07 +0200)]
Copy the User-Name by value
The previous method treated the User-Name as a string, and parsed it
to create the User-Name for the reply. However... if that happens,
it SHOULD print the User-Name to a string, and then parse that.
That way things like 'FOO\tbar' will get escaped to 'FOO\\tbar',
and therefore parsed properly.
Or, we could just copy the contents verbatim, which is what we did
Alan T. DeKok [Sat, 30 May 2009 07:40:05 +0000 (09:40 +0200)]
Suppress more ping check none
If the home server is zombie, and status_check=none, don't ping it