Alan T. DeKok [Mon, 25 Aug 2008 08:34:28 +0000 (10:34 +0200)]
Finish Session Resumption patch - cache User-Name
It just caches User-Name right now, and doesn't do much else.
But it's slightly better than it was before.
Alan T. DeKok [Sun, 24 Aug 2008 08:35:30 +0000 (10:35 +0200)]
PEAP & TTLS support for session resumption.
It works (sort of). it doesn't cache the original inner username,
so the user name in the reply is wrong (i.e. anonymous). It SHOULD
cache a lot more things, like CUI. This list could also be
configurable.
It also needs to run the resumption stuff through a virtual server
again, to see if the user is still authorized.
OR, have an attribute that's added to the request to mark it as
session resumption, and then any post-auth policy can key off of that,
and do more stuff
Alan T. DeKok [Sat, 23 Aug 2008 15:10:23 +0000 (17:10 +0200)]
Document TLS session cache
Alan T. DeKok [Sun, 24 Aug 2008 08:07:28 +0000 (10:07 +0200)]
First draft of session resumption.
It doesn't work, as TLS/PEAP/TTLS have to updated to handle
session resumption. But the basics are there.
Alan T. DeKok [Sun, 24 Aug 2008 08:04:55 +0000 (10:04 +0200)]
Clean up debug && log messages
Alan T. DeKok [Sat, 23 Aug 2008 19:56:16 +0000 (21:56 +0200)]
Added VALUEs taken from the PDF
Alan T. DeKok [Sun, 24 Aug 2008 07:02:41 +0000 (09:02 +0200)]
Automatically calculate MPPE keys
This involves
adding prf_label to tls_session_t
setting it in eaptls_initiate (depending on EAP type)
deleting references to gen_mppe_keys() from individual methods
making eaptls_success take HANDLER
passing HANDLER to eaptls_success
generating MPPE keys in eaptls_success
Also made eaptls_fail take HANDLER
and delete cached sessions (if any) on fail
This means that the EAP methods don't have to delete any sessions.
They just call fail, and it Does the Right Thing
Alan T. DeKok [Sat, 23 Aug 2008 12:01:53 +0000 (14:01 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 24 Aug 2008 06:58:20 +0000 (08:58 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sat, 23 Aug 2008 06:15:02 +0000 (08:15 +0200)]
Generate ephemeral RSA keys
Alan T. DeKok [Sat, 23 Aug 2008 05:53:11 +0000 (07:53 +0200)]
Pull SSL handshake code into libeap
Alan T. DeKok [Sat, 23 Aug 2008 19:42:08 +0000 (21:42 +0200)]
Close pipe FD's on failed fork
Alan T. DeKok [Sat, 23 Aug 2008 20:18:04 +0000 (22:18 +0200)]
Clear OpenSSL Error queue for the current thread
Alan T. DeKok [Sun, 24 Aug 2008 06:38:22 +0000 (08:38 +0200)]
Regular expressions are compiled at run-time, not compile time
Alan T. DeKok [Sun, 24 Aug 2008 06:21:51 +0000 (08:21 +0200)]
Print out filter, not optarg
Alan T. DeKok [Thu, 21 Aug 2008 08:29:27 +0000 (10:29 +0200)]
WiMAX tests
Alan T. DeKok [Thu, 21 Aug 2008 08:23:47 +0000 (10:23 +0200)]
Make WiMAX dictionary "live"
Alan T. DeKok [Thu, 21 Aug 2008 08:23:35 +0000 (10:23 +0200)]
Pack/unpack WiMAX attributes into RADIUS packets
Alan T. DeKok [Thu, 21 Aug 2008 08:22:58 +0000 (10:22 +0200)]
Read combo-ip, signed, and tlv types from dictionaries
Alan T. DeKok [Thu, 21 Aug 2008 08:22:22 +0000 (10:22 +0200)]
Parse, process, and free signed, combo-ip, and tlv types
Alan T. DeKok [Thu, 21 Aug 2008 08:21:25 +0000 (10:21 +0200)]
Print signed and TLV types
Alan T. DeKok [Thu, 21 Aug 2008 08:20:51 +0000 (10:20 +0200)]
Define COMBO IP, Signed, and TLV types
Alan T. DeKok [Thu, 21 Aug 2008 08:19:52 +0000 (10:19 +0200)]
Pretty-print VSA's a little better
Alan T. DeKok [Thu, 21 Aug 2008 08:19:15 +0000 (10:19 +0200)]
WiMAX dictionary.
Not included because the server doesn't yet understand it
Alan T. DeKok [Thu, 21 Aug 2008 08:18:37 +0000 (10:18 +0200)]
Simple module to fix WiMAX Calling-Station-Id
Alan T. DeKok [Thu, 21 Aug 2008 07:55:57 +0000 (09:55 +0200)]
Don't double-escape strings in pairread()
If 'value' is a double-quoted string, then gettoken() already
escaped \n -> 0x0a. Calling pairmake() with value does the
escaping again, which is wrong. Try this with:
DEFAULT
Filter-Id := "foo\nbar\\n"
gettoken() converts the first \n to 0x0a, and the \\ to \.
pairmake() then converts the last \n to 0x0a, leaving 2 0x0a's
in the string, rather than on 0x0a, and another \n.
I've also added handlers in pairread() for single quoted strings,
which didn't previously exist.
Alan T. DeKok [Thu, 21 Aug 2008 06:33:35 +0000 (08:33 +0200)]
Removed comments about NAS-Identifier. They're wrong
Alan T. DeKok [Wed, 20 Aug 2008 15:12:34 +0000 (17:12 +0200)]
Add VENDOR line, too
Alan T. DeKok [Wed, 20 Aug 2008 15:12:21 +0000 (17:12 +0200)]
Define vendor (oops)
Alan T. DeKok [Tue, 19 Aug 2008 16:50:43 +0000 (18:50 +0200)]
As posted to the list
Alan T. DeKok [Tue, 19 Aug 2008 16:44:49 +0000 (18:44 +0200)]
Script to convert funk to fr dictionaries
Alan T. DeKok [Tue, 19 Aug 2008 12:10:54 +0000 (14:10 +0200)]
Un-document %{exec:foo}, as the documentation was wrong
Alan T. DeKok [Mon, 18 Aug 2008 06:50:39 +0000 (08:50 +0200)]
Cleaned up debug messages
Alan T. DeKok [Mon, 18 Aug 2008 06:50:25 +0000 (08:50 +0200)]
Added radlog_request function
Alan T. DeKok [Mon, 18 Aug 2008 06:39:36 +0000 (08:39 +0200)]
Cleaned up && clarified debugging messages
Alan T. DeKok [Mon, 18 Aug 2008 06:39:12 +0000 (08:39 +0200)]
Minor changes to debug messages
Alan T. DeKok [Sun, 17 Aug 2008 16:20:12 +0000 (18:20 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 16:12:45 +0000 (18:12 +0200)]
Minor optimization
Alan T. DeKok [Sun, 17 Aug 2008 16:12:13 +0000 (18:12 +0200)]
Note dynamic clients on NAS-Identifier
Alan T. DeKok [Sun, 17 Aug 2008 16:11:49 +0000 (18:11 +0200)]
Document recent changes
Alan T. DeKok [Sun, 17 Aug 2008 16:11:36 +0000 (18:11 +0200)]
Build process uses git now, not CVS
Alan T. DeKok [Sun, 17 Aug 2008 08:17:50 +0000 (10:17 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 08:16:28 +0000 (10:16 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 08:10:44 +0000 (10:10 +0200)]
DEBUG -> RDEBUG, and related changes
Alan T. DeKok [Sun, 17 Aug 2008 07:50:06 +0000 (09:50 +0200)]
Use new debugging functions (RDEBUG, radlog_request)
Alan T. DeKok [Sun, 17 Aug 2008 07:45:28 +0000 (09:45 +0200)]
We don't use pthread functions, so delete them.
Alan T. DeKok [Sun, 17 Aug 2008 06:53:21 +0000 (08:53 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:52:00 +0000 (08:52 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:49:13 +0000 (08:49 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:47:01 +0000 (08:47 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:46:06 +0000 (08:46 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:44:49 +0000 (08:44 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 06:43:54 +0000 (08:43 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sat, 16 Aug 2008 09:01:05 +0000 (11:01 +0200)]
Added dBCSPwd == LM-Password
As noted on
http://msdn.microsoft.com/en-us/library/ms675480(VS.85).aspx
Alan T. DeKok [Thu, 14 Aug 2008 15:17:45 +0000 (17:17 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Wed, 13 Aug 2008 12:37:50 +0000 (14:37 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Wed, 13 Aug 2008 12:36:48 +0000 (14:36 +0200)]
Use new radlog_request function
Alan T. DeKok [Wed, 13 Aug 2008 10:07:49 +0000 (12:07 +0200)]
Set request->username to be Stripped-User-Name
Alan T. DeKok [Wed, 13 Aug 2008 09:31:01 +0000 (11:31 +0200)]
More examples for Acct-Status-Type
Alan T. DeKok [Wed, 13 Aug 2008 09:29:20 +0000 (11:29 +0200)]
Allow suppression of more log messages
Alan T. DeKok [Wed, 13 Aug 2008 09:23:13 +0000 (11:23 +0200)]
Increase buffer size for log messages
Alan T. DeKok [Wed, 13 Aug 2008 09:02:19 +0000 (11:02 +0200)]
Fixed typo
Alan T. DeKok [Wed, 13 Aug 2008 09:02:01 +0000 (11:02 +0200)]
More comments
Alan T. DeKok [Thu, 7 Aug 2008 08:10:27 +0000 (10:10 +0200)]
Print internal tunnel attributes in debug mode
Also clean up messages so that they are consistent across TTLS/PEAP.
This code should really be re-factored to put the inner tunnel stuff
all in one common file.
Alan T. DeKok [Wed, 30 Jul 2008 10:32:37 +0000 (12:32 +0200)]
Don't use one buffer for two purposes
Alan T. DeKok [Wed, 23 Jul 2008 06:45:26 +0000 (08:45 +0200)]
re-initialize session_tail on empty list, too
Alan T. DeKok [Tue, 22 Jul 2008 19:54:11 +0000 (21:54 +0200)]
Fixed typos
Alan T. DeKok [Sun, 20 Jul 2008 15:38:37 +0000 (17:38 +0200)]
Mark linelog as stable
Alan T. DeKok [Sun, 20 Jul 2008 13:43:20 +0000 (15:43 +0200)]
Make CA && Server certs depend on their cnf files
Alan T. DeKok [Sun, 20 Jul 2008 13:42:34 +0000 (15:42 +0200)]
Rely on rules in Makefile to build everything
Alan T. DeKok [Sun, 20 Jul 2008 08:16:21 +0000 (10:16 +0200)]
New SNMP code!
Alan T. DeKok [Sun, 20 Jul 2008 07:49:09 +0000 (09:49 +0200)]
Document rlm_linelog, and expand it's capabilities
Alan T. DeKok [Sun, 20 Jul 2008 07:19:18 +0000 (09:19 +0200)]
Allow parentcs to be NULL when referencing sections
Alan T. DeKok [Sat, 19 Jul 2008 10:25:17 +0000 (12:25 +0200)]
Updates as found on the net
Alan T. DeKok [Sat, 19 Jul 2008 10:21:32 +0000 (12:21 +0200)]
As found on the net, with URL included.
Alan T. DeKok [Fri, 18 Jul 2008 12:16:48 +0000 (14:16 +0200)]
Build on systems without IPv6 support
Alan T. DeKok [Thu, 17 Jul 2008 08:16:51 +0000 (10:16 +0200)]
fflush the log fp when debugging pair lists
Alan T. DeKok [Sun, 13 Jul 2008 15:31:35 +0000 (17:31 +0200)]
Use DEBUG in instantiate, not RDEBUG
Alan T. DeKok [Wed, 9 Jul 2008 16:07:02 +0000 (18:07 +0200)]
Use new RDEBUG macro
Alan T. DeKok [Wed, 9 Jul 2008 16:05:00 +0000 (18:05 +0200)]
Use new RDEBUG macro
Alan T. DeKok [Wed, 9 Jul 2008 16:04:23 +0000 (18:04 +0200)]
Set request->module to EAP type for clarity
Alan T. DeKok [Wed, 9 Jul 2008 16:03:30 +0000 (18:03 +0200)]
Turn on developer flags if .git exists, too
Alan T. DeKok [Wed, 9 Jul 2008 16:02:57 +0000 (18:02 +0200)]
Lots of .gitignore files
Alan T. DeKok [Wed, 9 Jul 2008 16:02:26 +0000 (18:02 +0200)]
Fix compiler warnings and potential crash
Alan T. DeKok [Wed, 9 Jul 2008 16:02:04 +0000 (18:02 +0200)]
Fake requests inherit debugging from their parent
Alan T. DeKok [Wed, 9 Jul 2008 14:36:58 +0000 (16:36 +0200)]
Use new RDEBUG macro in rlm_eap
Alan T. DeKok [Wed, 9 Jul 2008 14:01:43 +0000 (16:01 +0200)]
Clean up enforcement of EAP "max_sessions"
Don't add a State attribute if we couldn't remember the session.
On EAP FAIL, discard any previously encoded reply, and create
a new one
Alan T. DeKok [Tue, 8 Jul 2008 11:11:54 +0000 (13:11 +0200)]
Full statistics are available only on a statistics socket
Alan T. DeKok [Mon, 7 Jul 2008 09:17:33 +0000 (11:17 +0200)]
We no longer have SNMP
aland [Thu, 3 Jul 2008 13:25:32 +0000 (13:25 +0000)]
EPIPE means that writing is impossible, as the pipe is dead
aland [Thu, 3 Jul 2008 13:05:08 +0000 (13:05 +0000)]
"request" was deleted...
aland [Thu, 3 Jul 2008 11:52:08 +0000 (11:52 +0000)]
Reading global clients list is required...
aland [Wed, 2 Jul 2008 16:00:15 +0000 (16:00 +0000)]
Load clients only from listen sockets, not from mainconfig.
This allows us to die if no clients are defined...
aland [Wed, 2 Jul 2008 15:59:20 +0000 (15:59 +0000)]
Corrected error message
aland [Wed, 2 Jul 2008 09:48:02 +0000 (09:48 +0000)]
Added MIB RFC's
aland [Wed, 2 Jul 2008 01:17:08 +0000 (01:17 +0000)]
Removed refs to radius_snmp.c && smux.c
aland [Tue, 1 Jul 2008 15:41:37 +0000 (15:41 +0000)]
New attributes, as defined in RFC 5090.
NOT included in the default dictionary because of conflicts
with existing Digest attributes, and with VSA's that stomp on
the standard attribute space
aland [Tue, 1 Jul 2008 15:33:57 +0000 (15:33 +0000)]
New Digest RFC
aland [Tue, 1 Jul 2008 13:36:47 +0000 (13:36 +0000)]
Allow `/path/to/program args`, too. This replaces much
of rlm_exec. But it doesn't let you control which args get
passed to the program...
aland [Tue, 1 Jul 2008 13:12:14 +0000 (13:12 +0000)]
Note new %{exec:....} in config files