Alan T. DeKok [Fri, 25 Mar 2011 12:53:10 +0000 (13:53 +0100)]
Correct debug log for internal proxied requests
Alan T. DeKok [Fri, 25 Mar 2011 09:21:07 +0000 (10:21 +0100)]
Fix generation of autoheader, and re-build it
Alan T. DeKok [Fri, 25 Mar 2011 09:14:57 +0000 (10:14 +0100)]
Fix typo in last commit
Alan T. DeKok [Fri, 25 Mar 2011 09:09:33 +0000 (10:09 +0100)]
Re-build more on reconfig
John Dennis [Thu, 24 Mar 2011 15:59:37 +0000 (11:59 -0400)]
Fix autogen.sh
The script is invoked with -e which causes the script to exit
immediately if a subshell command enclosed in parentheses
has a non-zero exit status. The command
grep "^AC_CONFIG_HEADER" configure.in > /dev/null
returns non-zero for many of the subdirs which causes the autogen.sh
script to immediately exit. In fact it exits on the very first
subdirectory (src/modules/rlm_sql) prematurely aborting the entire
operation.
Alan T. DeKok [Wed, 23 Mar 2011 07:59:22 +0000 (08:59 +0100)]
Move illegal attributes around
And enable the Motorola VSA dictionary
Alan T. DeKok [Wed, 23 Mar 2011 07:41:38 +0000 (08:41 +0100)]
Remove trailing whitespace
Alan T. DeKok [Wed, 23 Mar 2011 07:41:21 +0000 (08:41 +0100)]
More Canopy attributes as posted to the list
Alan T. DeKok [Wed, 23 Mar 2011 07:40:21 +0000 (08:40 +0100)]
Fix typos
Alan T. DeKok [Sun, 20 Mar 2011 07:11:05 +0000 (08:11 +0100)]
Clearer warnings about unsupported operators
Alan T. DeKok [Sun, 20 Mar 2011 07:10:47 +0000 (08:10 +0100)]
Expose API to get token names
Alan T. DeKok [Sat, 19 Mar 2011 15:16:12 +0000 (16:16 +0100)]
How RADIUS should be done.
Alan T. DeKok [Wed, 16 Mar 2011 10:26:04 +0000 (11:26 +0100)]
Expose rad_print_hex, and use it in radsniff
Alan T. DeKok [Tue, 15 Mar 2011 16:23:22 +0000 (17:23 +0100)]
Fix compilation errors
Alan T. DeKok [Tue, 15 Mar 2011 14:30:37 +0000 (15:30 +0100)]
Id is unsigned for printing
Alan T. DeKok [Tue, 15 Mar 2011 10:27:47 +0000 (11:27 +0100)]
Fix build error
Alan T. DeKok [Tue, 15 Mar 2011 09:19:10 +0000 (10:19 +0100)]
Updated as per latest spec
Alan T. DeKok [Tue, 15 Mar 2011 09:11:22 +0000 (10:11 +0100)]
Fixed for latest rev
Alan T. DeKok [Tue, 15 Mar 2011 08:45:11 +0000 (09:45 +0100)]
If select() returns an error, show it to the user.
Helps to address bug #149
However, the underlying issue still isn't fixed. It isn't clear
why select() returns an error. An alternate solution might be
to simply re-do all of the FD_SET stuff, in the hope that
the cached version was wrong.
Alan T. DeKok [Tue, 15 Mar 2011 08:34:54 +0000 (09:34 +0100)]
Note bad configuration
The sqlcounter module does it's own expansion. This doesn't
seem to work.
Alan T. DeKok [Mon, 14 Mar 2011 13:15:21 +0000 (14:15 +0100)]
Updated command list
radmin -e "help -r" | perl -ne 's/^(.*) - /\n/;$foo = $1; $foo =~ s/\ /\\ /g;print ".IP ", $foo;print;' > foo
Alan T. DeKok [Mon, 14 Mar 2011 13:06:17 +0000 (14:06 +0100)]
Notes changes for 2.1.11
Alan T. DeKok [Mon, 14 Mar 2011 13:01:28 +0000 (14:01 +0100)]
Check pre-condictions
"inject file" requires "inject to" and "inject from"
Alan T. DeKok [Mon, 14 Mar 2011 11:04:56 +0000 (12:04 +0100)]
If the source address is INADDR_ANY, don't use udpfromto
It breaks various systems. Closes bug #148
Alan T. DeKok [Mon, 14 Mar 2011 11:02:57 +0000 (12:02 +0100)]
Expose fr_inaddr_any
Alan T. DeKok [Mon, 14 Mar 2011 09:25:45 +0000 (10:25 +0100)]
Moved USR/ascend illegal dictionaries back to share/
raddb/dictionary is *not* changed on an upgrade, so removing those
dictionaries from share/dictionary means that they might be
surprisingly removed from the local configuration, and break things.
That would be bad.
Alan T. DeKok [Sun, 13 Mar 2011 17:50:54 +0000 (18:50 +0100)]
Revert "Fix typos and regenerate for 2.1.11"
This reverts commit
2d0c5fa94938f727b4f37fb7399b777437171eeb.
Alan T. DeKok [Sun, 13 Mar 2011 09:12:11 +0000 (10:12 +0100)]
Complain about duplicate virtual servers, too
Alan T. DeKok [Sun, 13 Mar 2011 09:02:33 +0000 (10:02 +0100)]
Look for duplicate module definitions.
Doing an O(N^2) search over the modules{} section. If the same module
is defined twice, print an error detailing *both* locations where it
occurs, and exit.
This helps prevent broken configurations by disallowing the server
from loading two conflicting module definitions
Alan T. DeKok [Sun, 13 Mar 2011 09:02:06 +0000 (10:02 +0100)]
Added cf_section_find_name2() API
This lets us find the next section by name1 and name2
Alan T. DeKok [Fri, 11 Mar 2011 09:49:43 +0000 (10:49 +0100)]
Added dictionary from Moonshot project
Alan T. DeKok [Sat, 5 Mar 2011 07:07:14 +0000 (08:07 +0100)]
Hack to let developers catch bad dictionaries
uses fprintf to print warning messages when the attributes are
illegally defined in the IANA standard space
Alan T. DeKok [Sat, 5 Mar 2011 06:55:14 +0000 (07:55 +0100)]
Move references to illegal dictionaries to raddb/dictionary
The main dictionary files should NOT be edited. Ever. So placing
the "illegal" attributes in a file which can be edited is a good idea.
Alan T. DeKok [Sat, 5 Mar 2011 06:50:37 +0000 (07:50 +0100)]
Added license text
Alan T. DeKok [Sat, 5 Mar 2011 06:48:17 +0000 (07:48 +0100)]
Fix typo
Alan T. DeKok [Sat, 5 Mar 2011 06:31:39 +0000 (07:31 +0100)]
Regen configure scripts
Alan T. DeKok [Sat, 5 Mar 2011 06:20:21 +0000 (07:20 +0100)]
Look for <openssl/hmac.h>
Alan T. DeKok [Fri, 4 Mar 2011 14:07:56 +0000 (15:07 +0100)]
Mark pointer NULL when it's free
Alan T. DeKok [Thu, 3 Mar 2011 14:22:26 +0000 (15:22 +0100)]
udpfromto doesn't seem to work for DHCP.
It should really be replaced on sending by using an ethernet socket
Alan T. DeKok [Tue, 1 Mar 2011 15:58:57 +0000 (16:58 +0100)]
Be more forgiving about policy parsing
Alan T. DeKok [Tue, 1 Mar 2011 12:28:23 +0000 (13:28 +0100)]
Fix typo
Alan T. DeKok [Tue, 1 Mar 2011 09:04:24 +0000 (10:04 +0100)]
Allow SQLite to do non-NAS select queries
Alan T. DeKok [Mon, 28 Feb 2011 10:00:14 +0000 (11:00 +0100)]
Added sample of using global / static variables
Alan T. DeKok [Wed, 23 Feb 2011 10:04:31 +0000 (11:04 +0100)]
Use rad_digest_cmp() to avoid timing attacks
Alan T. DeKok [Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)]
Use rad_digest_cmp() to avoid timing attacks
Alan T. DeKok [Wed, 23 Feb 2011 10:01:02 +0000 (11:01 +0100)]
Use rad_digest_cmp() to avoid timing attacks
Alan T. DeKok [Wed, 23 Feb 2011 09:59:55 +0000 (10:59 +0100)]
Expose digest_cmp function
So that it can be used in other places to avoid timing attacks
Alan T. DeKok [Wed, 23 Feb 2011 08:46:30 +0000 (09:46 +0100)]
Updated license to LGPL rather than GPL
The "lib" directory and everything it needs have been lgpl for a long time.
Alan T. DeKok [Wed, 23 Feb 2011 08:26:03 +0000 (09:26 +0100)]
Corrected license to LGPL rather than GPL
Alan T. DeKok [Sun, 20 Feb 2011 08:39:57 +0000 (09:39 +0100)]
Print error if we can't send a packet in rad_send()
Alan T. DeKok [Fri, 18 Feb 2011 14:44:20 +0000 (15:44 +0100)]
Use new format for %{..:-...}
Alan T. DeKok [Fri, 18 Feb 2011 09:37:17 +0000 (10:37 +0100)]
Added radtee
Shamelessly taken from http://horde.net/~jwm/software/misc/comparison-tee
Alan T. DeKok [Fri, 18 Feb 2011 09:29:24 +0000 (10:29 +0100)]
Use newer expansion
Alan T. DeKok [Fri, 18 Feb 2011 09:25:07 +0000 (10:25 +0100)]
Basic configure scripts
Alan T. DeKok [Fri, 18 Feb 2011 09:01:11 +0000 (10:01 +0100)]
Make CoA proxying work again.
Only set the reply code if it isn't meant to be proxied.
Alan T. DeKok [Fri, 18 Feb 2011 08:26:31 +0000 (09:26 +0100)]
Make query lengths match rlm_sql
Closes bug #139
Alan T. DeKok [Thu, 17 Feb 2011 11:05:54 +0000 (12:05 +0100)]
Better fixes for bug #141
Alan T. DeKok [Mon, 14 Feb 2011 14:27:40 +0000 (15:27 +0100)]
Suppress messages if thread pool is ~full.
If it's full and all threads are buys, we shouldn't try to create spare
threads.
Alan T. DeKok [Mon, 14 Feb 2011 14:03:48 +0000 (15:03 +0100)]
Fix typos and regenerate for 2.1.11
Alan T. DeKok [Mon, 14 Feb 2011 14:03:00 +0000 (15:03 +0100)]
Generated for 2.1.11
Alan T. DeKok [Fri, 11 Feb 2011 09:59:42 +0000 (10:59 +0100)]
gnore socket if address families don't match. Closes bug #143
When allocating an Id for proxying, the code previously did not
pay attention to address families. So if you have two home servers,
on V4 only and one V6 only, it could use a local V4 proxy socket to
connect to a V6 server, This doesn't work.
Alan T. DeKok [Thu, 10 Feb 2011 15:20:39 +0000 (16:20 +0100)]
No DB handles is an error, not an informational message.
Alan T. DeKok [Thu, 10 Feb 2011 15:13:59 +0000 (16:13 +0100)]
Fixed typo
Alan T. DeKok [Thu, 10 Feb 2011 13:41:38 +0000 (14:41 +0100)]
Fixed onoff query
Alan T. DeKok [Thu, 10 Feb 2011 12:35:52 +0000 (13:35 +0100)]
Enable udpfromto() for IPv6
On the theory that it will work, or that some magic will get it to work
Alan T. DeKok [Thu, 10 Feb 2011 12:34:20 +0000 (13:34 +0100)]
Try to fix udpfromto for IPv6
Alan T. DeKok [Thu, 10 Feb 2011 09:49:03 +0000 (10:49 +0100)]
Change the rules for sending DHCP responses
giaddr -> giaddr
broadcast -> broadcast
nak -> broadcast
!ciaddr -> broadcast
ciaddr -> ciaddr BUT
if the request was not *from* ciaddr, we need to send a "raw"
response.
Many DHCP clients can handle a broadcast DHCP OFFER / ACK when first
assigning an address. Some clients expect a response unicast to
their MAC address.
Alan T. DeKok [Wed, 9 Feb 2011 10:53:50 +0000 (11:53 +0100)]
Allow spaces and CRs
Now that the underlying redis escape function handles spaces and
control characters
Alan T. DeKok [Wed, 9 Feb 2011 10:52:39 +0000 (11:52 +0100)]
Added escape function
The rules for redis escaping aren't overly clear. So we escape
control characters, spaces, and the backslash.
Ken-ichirou MATSUZAWA [Tue, 8 Feb 2011 12:19:10 +0000 (21:19 +0900)]
fix freeing eap_handler as opaque (and typo)
Hello,
I hope this would be hint for fixing segfault and
better solution.
Thanks.
Subject: [PATCH 1/2] freeing EAP opaque with one arg
Alan T. DeKok [Wed, 2 Feb 2011 09:14:01 +0000 (10:14 +0100)]
Added sample for dynamic clients from LDAP
Alan T. DeKok [Sat, 29 Jan 2011 14:44:25 +0000 (15:44 +0100)]
Fix compile warnings and check for !vp
Alan T. DeKok [Fri, 28 Jan 2011 11:14:03 +0000 (12:14 +0100)]
Check return value of lseek correctly
Alan T. DeKok [Thu, 27 Jan 2011 14:33:32 +0000 (15:33 +0100)]
Add %{string:...} for printable data
Alan T. DeKok [Thu, 27 Jan 2011 14:33:17 +0000 (15:33 +0100)]
make fr_print_string return the string length
Alan T. DeKok [Tue, 25 Jan 2011 16:20:54 +0000 (17:20 +0100)]
Clarify parse error for ascend attributes
Printing to the same string we're reading from is a bad idea.
B. Candler [Mon, 24 Jan 2011 13:18:08 +0000 (14:18 +0100)]
This patch adds a 'key' parameter to rlm_fastusers, in the same way as
rlm_files has.
Closes bug #126
Alan T. DeKok [Mon, 24 Jan 2011 13:03:44 +0000 (14:03 +0100)]
Fixed mismatch
Alan T. DeKok [Thu, 20 Jan 2011 15:01:17 +0000 (16:01 +0100)]
Add $(LIBRADIUS) to allow it to link
Alan T. DeKok [Thu, 20 Jan 2011 09:00:38 +0000 (10:00 +0100)]
Update ignore files
Alan T. DeKok [Thu, 20 Jan 2011 08:52:20 +0000 (09:52 +0100)]
Use _sysconfdir instead of /etc
It allows the config files to be placed anywhere, instead of
a hard-coded path
Alan T. DeKok [Wed, 19 Jan 2011 16:25:10 +0000 (17:25 +0100)]
Call write() rather than fwrite()
It returns real errors...
Alexandre Chapellon [Tue, 18 Jan 2011 13:57:05 +0000 (14:57 +0100)]
Update to work with more recent versions of Oracle
Alan T. DeKok [Mon, 17 Jan 2011 16:20:22 +0000 (17:20 +0100)]
Enforce the requirement that TLVs cannot be nested
Gabriel Blanchard [Fri, 14 Jan 2011 06:14:29 +0000 (07:14 +0100)]
fixes seg fault whenever the redis server goes down
Alan T. DeKok [Thu, 13 Jan 2011 23:10:42 +0000 (00:10 +0100)]
Sample configuration for the "redis" module
Alan T. DeKok [Thu, 13 Jan 2011 23:09:57 +0000 (00:09 +0100)]
Added password support (untested)
Alan T. DeKok [Thu, 13 Jan 2011 22:51:28 +0000 (23:51 +0100)]
More fixes
Gabriel Blanchard [Thu, 13 Jan 2011 22:47:27 +0000 (23:47 +0100)]
Sample configuration for the rediswho module
Gabriel Blanchard [Thu, 13 Jan 2011 22:35:00 +0000 (23:35 +0100)]
radwho using the redis database.
Gabriel Blanchard [Thu, 13 Jan 2011 22:09:35 +0000 (23:09 +0100)]
Module which connects to a redis server.
Alan T. DeKok [Thu, 13 Jan 2011 10:12:53 +0000 (11:12 +0100)]
File contents .php3 -> .php
Alan T. DeKok [Thu, 13 Jan 2011 10:11:07 +0000 (11:11 +0100)]
Renamed *.php3 to *.php
Alan T. DeKok [Tue, 11 Jan 2011 12:22:09 +0000 (13:22 +0100)]
Added more sample policies
Alan T. DeKok [Tue, 11 Jan 2011 10:56:54 +0000 (11:56 +0100)]
Fixed typo
Alan T. DeKok [Tue, 11 Jan 2011 08:54:40 +0000 (09:54 +0100)]
Allow hints && huntgroup files to be NULL
Alan T. DeKok [Sat, 8 Jan 2011 08:55:52 +0000 (09:55 +0100)]
Removed notes on CVS
Alan T. DeKok [Fri, 7 Jan 2011 11:28:56 +0000 (12:28 +0100)]
Fixes as posted by Stefan Winter
just now I have had to upgrade my dialup_admin installation to a machine running PHP5.3, and also noticed numerous PHP errors.
I have fixed the code, see attached patch. It solves the following bugs/deprecated code warnings:
* replace ereg -> preg_match, ereg_replace -> preg_replace, split -> preg_split for PHP5.3 compatibility
* fix LIMIT not working when using MySQL
* add configuration item "timezone" to make PHP 5.1+ happy
and adds one (trivial, one-liner) feature:
* add comparison operators "!=" and "not like" to Accounting
Now, I have an almost error/warning/notice free installation. There is still something bogus around the use of mktime() someplace, but I don't use that part of dialup_admin, so I'll leave that alone.
Alan T. DeKok [Fri, 7 Jan 2011 10:14:06 +0000 (11:14 +0100)]
Fixed typo
Alan T. DeKok [Thu, 6 Jan 2011 10:49:18 +0000 (11:49 +0100)]
Be less aggressive about printing message
If the client re-uses the same RADIUS Id, the "check_handler" callback
will be called. However, it's *not* being called because the RADIUS packet
timed out, so we should *not* print the warning message that the EAP
session didn't finish