aland [Mon, 4 Nov 2002 17:29:33 +0000 (17:29 +0000)]
Added files from 'suse', to shorten the chain of patches.
fcusack [Mon, 4 Nov 2002 04:02:02 +0000 (04:02 +0000)]
Don't encode MS-CHAP-MPPE-Keys; handled in library.
kkalev [Fri, 1 Nov 2002 21:36:43 +0000 (21:36 +0000)]
Set LDAP version to V3 before binding. Now freeradius should work with openldap21
aland [Fri, 1 Nov 2002 16:35:11 +0000 (16:35 +0000)]
Include netinet/in.h before radius specific stuff
aland [Fri, 1 Nov 2002 16:32:41 +0000 (16:32 +0000)]
Moved core dump handling back to radiusd.c
aland [Fri, 1 Nov 2002 16:16:51 +0000 (16:16 +0000)]
Delete submodules from the list. The modules which DO have
sub-modules should have their own 'stable' list, and process it
themselves. Putting them here just confuses the build rules.
aland [Fri, 1 Nov 2002 15:59:14 +0000 (15:59 +0000)]
Added notes from the list.
aland [Fri, 1 Nov 2002 15:36:58 +0000 (15:36 +0000)]
Added note about SQL configuration
aland [Thu, 31 Oct 2002 17:16:54 +0000 (17:16 +0000)]
Updated with latest set of changes.
aland [Thu, 31 Oct 2002 16:23:32 +0000 (16:23 +0000)]
Use the new mainconfig.clients, instead of the old 'clients'
fcusack [Thu, 31 Oct 2002 10:01:23 +0000 (10:01 +0000)]
only log unknown user events once instead of 4x.
aland [Wed, 30 Oct 2002 20:38:18 +0000 (20:38 +0000)]
Clear the main config, before reading radiusd.conf
aland [Wed, 30 Oct 2002 20:17:36 +0000 (20:17 +0000)]
Made read_radius_conf_file() return the actual CONF_SECTION*
which was read. This makes it easier to do HUP later, and
removes the need for radrelay, radwho, and radzap, to have
access to the radius daemons 'mainconfig' stuff.
aland [Wed, 30 Oct 2002 20:02:39 +0000 (20:02 +0000)]
Made read_radius_conf_file() return the actual CONF_SECTION*
which was read. This makes it easier to do HUP later, and
removes the need for radrelay, radwho, and radzap, to have
access to the radius daemons 'mainconfig' stuff.
aland [Wed, 30 Oct 2002 19:52:55 +0000 (19:52 +0000)]
Delayed commit from yesterday, as part of cleaning up the configuration
handling.
aland [Wed, 30 Oct 2002 18:15:43 +0000 (18:15 +0000)]
After installation, make 'clients' and 'clients.conf' r/w only
by the owner, and non-readable by everyone else.
aland [Wed, 30 Oct 2002 18:01:17 +0000 (18:01 +0000)]
SQL fail-over patch, based on one supplied by
Thomas Jalsovsky.
If we have an error on the SQL select, then do NOT return
RLM_MODULE_OK. Instead, when we log an error, ALSO set the
return code to RLM_MODULE_FAIL, and return that.
This allows one SQL module to fail-over to another, if the DB for
the first one goes down.
aland [Wed, 30 Oct 2002 17:50:47 +0000 (17:50 +0000)]
Don't go into all of the SQL sub-directories. Instead, only go
into the ones with Makefiles.
aland [Wed, 30 Oct 2002 16:05:53 +0000 (16:05 +0000)]
New 'free mainconfig' function, to remove more code from radiusd.c
kkalev [Wed, 30 Oct 2002 08:50:21 +0000 (08:50 +0000)]
Add radiusCheckItem and radiusReplyItem in the ldap schema
fcusack [Wed, 30 Oct 2002 04:35:58 +0000 (04:35 +0000)]
Change ewindow2 logic so that a repeat of the same
password doesn't reset the sequence to the initial state;
instead it just resets the timer. So now, a sequence like
2,2,3 will count as an ewindow2 override. This should help
Windows users, since the failed login dialog is confusing
and encourages sequences like (1,1,2,2,3,3). Previously,
the repeat (1,1) would reset the sequence and the following
2 would not count as an override.
vorlon [Wed, 30 Oct 2002 04:02:08 +0000 (04:02 +0000)]
Update rlm_krb5 configure script to use AC_SMART_CHECK_LIB, needed in
order to build on Red Hat.
aland [Tue, 29 Oct 2002 22:55:25 +0000 (22:55 +0000)]
Massive changes to configuration handling (re-arranging, mostly)
Moved the configuration items and parsing to mainconfig.c
conffile.c now does ONLY handling of CONF_ITEM, CONF_SECTION,
and CONF_PAIR. No more radius config stuff for it.
Ripped the configuration-related code out of radiusd.c, and log.c,
and moved it into mainconfig.c. This should allow us to better
control configuration changes, as they're all together in one
file now.
Moved many 'static' or global variables from radiusd.c into the
mainconfig data structure. This will allow us to better handle HUP
signals in the future, as we can simply allocate a NEW configuration,
without deleting the old one. We can then clean up the old one
later, once the threads/modules/whatever have finished processing
them.
Added 'mainconfig.o' to the list of dependencies for radwho, radzap,
and radrelay. We might have to do some additional sanity checking,
but it appears to work for now.
aland [Tue, 29 Oct 2002 21:05:22 +0000 (21:05 +0000)]
Removed unused variable.
aland [Mon, 28 Oct 2002 21:11:29 +0000 (21:11 +0000)]
Be a little more selective about RADIUS replies. If we get a reply
from an IP:port which wasn't sent the request, then complain
loudly, and exit.
aland [Mon, 28 Oct 2002 20:38:39 +0000 (20:38 +0000)]
Whitespace changes, grammar changes, and additional explanations.
aland [Mon, 28 Oct 2002 20:14:03 +0000 (20:14 +0000)]
Changed default caching of /etc/passwd files to 'no'.
Changed default for radwtmp to NULL (no radwtmp)
Updated handling of radwtmp config, to ignore wtmp if inst->radwtmp
is set to NULL.
aland [Mon, 28 Oct 2002 19:13:31 +0000 (19:13 +0000)]
Moved the 'clients', 'realms', and 'config' variables into the
'mainfconfig' data structure, so everyone can see them.
Moved the signal handling code to be a bit better (yet again)
When receiving a SIGTERM, (or any other fatal signal), try
our best to clean up and exit.
aland [Mon, 28 Oct 2002 19:03:48 +0000 (19:03 +0000)]
It's a good policy to initialize variables.
aland [Mon, 28 Oct 2002 17:23:28 +0000 (17:23 +0000)]
Removed sig_stats() on SIGUSR1. We should be able to get stats
via SNMP, and SIGUSR1 is used by some threading libraries to
switch between threads.
aland [Mon, 28 Oct 2002 15:55:04 +0000 (15:55 +0000)]
A little better rule for 'make clean', bu Paul Hampson
kkalev [Mon, 28 Oct 2002 11:08:06 +0000 (11:08 +0000)]
Skip Auth-Type and Autz-Type in paircmp
kkalev [Sun, 27 Oct 2002 22:45:08 +0000 (22:45 +0000)]
Add a configuration directive about how many days back we should clean the db
aland [Sun, 27 Oct 2002 15:41:49 +0000 (15:41 +0000)]
Added chap module config.
Moved pap and chap modules to the start of the modules section.
uncommented chap and pap in the 'authenticate' section, as most
people want to use them.
aland [Sun, 27 Oct 2002 15:32:04 +0000 (15:32 +0000)]
Correct stupid typos in the use of 'kill'
aland [Fri, 25 Oct 2002 16:30:56 +0000 (16:30 +0000)]
Disallow packet codes of 0 (nothing defined in the RFC for this),
and 16 or greater (also nothing defined for this.)
aland [Fri, 25 Oct 2002 14:33:07 +0000 (14:33 +0000)]
Added ',Op' to the queries, to get the operators.
aland [Fri, 25 Oct 2002 13:46:44 +0000 (13:46 +0000)]
Updated killing of children when the server receives a SIGTERM
aland [Thu, 24 Oct 2002 18:12:36 +0000 (18:12 +0000)]
More Cisco dictionaries, with information taken from
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/ad.htm
aland [Thu, 24 Oct 2002 18:05:36 +0000 (18:05 +0000)]
Updated the Cisco VPN3000 vendor ID, and corrected a typo.
Included the dictionary in the main one, now that it's correct.
cparker [Thu, 24 Oct 2002 17:50:41 +0000 (17:50 +0000)]
Added the Juniper dictionary file with entries from Eric Kilfoil <ekilfoil@uslec.net>
aland [Thu, 24 Oct 2002 16:06:25 +0000 (16:06 +0000)]
Noted that 'clients' and 'naslist' are now deprecated.
Added more documentation to 'clients.conf'.
Removed comments in 'clients.conf' which talked about using
NAS-IP-Address from the contents of a packet to determine
allowed clients. That's a bad security practice.
aland [Wed, 23 Oct 2002 13:46:04 +0000 (13:46 +0000)]
Don't include $(LIBLTDL) in the list of dependencies for radiusd.
Sometimes we have LIBLTDL=-ltdl, which confuses 'make'
kkalev [Tue, 22 Oct 2002 13:49:09 +0000 (13:49 +0000)]
Only destroy the mutex if we have PAP as encryption scheme
aland [Mon, 21 Oct 2002 16:12:35 +0000 (16:12 +0000)]
After installing the server, ensure that the naspasswd file
is readable ONLY by the owner, to minimize security issues...
aland [Mon, 21 Oct 2002 16:07:59 +0000 (16:07 +0000)]
If asked to exit, ALWAYS exit, even if there are packets waiting
to be processed.
aland [Mon, 21 Oct 2002 15:58:23 +0000 (15:58 +0000)]
Removed use of 'radwatch'
Removed debian-specific 'start-stop-daemon' stuff, and replaced
it with simple & stupid code which should work most places...
aland [Mon, 21 Oct 2002 15:41:05 +0000 (15:41 +0000)]
Enable SIGTERM to shut down the server a little more cleanly.
The child threads have SIGTERM blocked. When the parent gets
a SIGTERM, it sends a SIGKILL to all associated processes and
threads. When it returns from the signal handler, the main
loop frees the modules and exits.
kkalev [Sun, 20 Oct 2002 09:15:19 +0000 (09:15 +0000)]
Add an snmpwalk() function. Add snmp timeout and retries in calls to snmpget
and snmpwalk. Defaults are 5 secs and 1 retry.
kkalev [Sat, 19 Oct 2002 09:18:31 +0000 (09:18 +0000)]
Use the MAX_FAILED_CONNS_* in ldap_authenticate() when calling ldap_connect()
aland [Fri, 18 Oct 2002 21:24:15 +0000 (21:24 +0000)]
Added text describing what else has changed.
aland [Fri, 18 Oct 2002 18:44:30 +0000 (18:44 +0000)]
Deleted unused functions.
Removed calls to nas_find, now that we no longer need it, as the
RADCLIENT structure contains what we need, and the NAS information
is always pulled over from the 'naslist' file.
aland [Fri, 18 Oct 2002 18:42:22 +0000 (18:42 +0000)]
Got rid of the call to nas_find(), and replaced it with client_find(),
now that the clients file reader pulls in the shortname from the
naslist file.
aland [Fri, 18 Oct 2002 18:40:41 +0000 (18:40 +0000)]
Now that the 'naslist' is read in before the 'clients' file, we
can pull the nastype && shortname information into the RADCLIENT
data structure, from the NAS data structure.
This is one more step in getting rid of the 'naslist' file, and
the NAS data structure
aland [Fri, 18 Oct 2002 18:36:03 +0000 (18:36 +0000)]
Read the old-style 'naslist' file, before reading the old-style
'clients' file.
This is in preparation for having the old-style 'clients' update
the 'shortname' and 'nastype' fields, so that we can get rid of
the 'naslist' file, and the whole NAS data structure
aland [Thu, 17 Oct 2002 16:27:29 +0000 (16:27 +0000)]
Added Status-Server support, stolen shamelessly from Cistron.
kkalev [Thu, 17 Oct 2002 13:01:22 +0000 (13:01 +0000)]
Add an append control in attr_rewrite.
Patch from Alessandro Maioli <amaioli@intelcom.sm>
aland [Tue, 15 Oct 2002 20:50:48 +0000 (20:50 +0000)]
Added more notes to NOT use '%a' and friends.
aland [Tue, 15 Oct 2002 20:43:05 +0000 (20:43 +0000)]
Add a missing 'p++'
Bug found by Franklin Trumpy
aland [Tue, 15 Oct 2002 20:25:00 +0000 (20:25 +0000)]
Don't do sub-modules from the top-level directory.
Patch from Kevin Bonner
aland [Tue, 15 Oct 2002 18:02:54 +0000 (18:02 +0000)]
Removed all knowledge of the pre-processor define CHECKRAD,
and went to using the new configuration file entry.
aland [Tue, 15 Oct 2002 17:52:43 +0000 (17:52 +0000)]
Made the call to checkrad use the new thread-safe version of fork(),
which should be a bit better than before...
aland [Tue, 15 Oct 2002 17:41:20 +0000 (17:41 +0000)]
Read the location of 'checkrad' from the configuration file.
Patch from Andrea Gabellini
aland [Tue, 15 Oct 2002 17:38:22 +0000 (17:38 +0000)]
Use Session-Id values in max40xx finger routine.
Patch from Aleksandr Kuzminsky <ingoth@nbi.com.ua>
aland [Tue, 15 Oct 2002 17:33:31 +0000 (17:33 +0000)]
Fix USR-Hiper SNMP code to match the cisco snmp bit.
aland [Tue, 15 Oct 2002 15:06:11 +0000 (15:06 +0000)]
Minor reformatting.
Don't do minor buffer overflow: 'array[size] = 0' is out of bounds.
aland [Tue, 15 Oct 2002 15:04:06 +0000 (15:04 +0000)]
Define a 'last' token, so we know how many tokens exist.
When decoding a packet, set the operator for the VALUE_PAIR to T_OP_EQ
Update vp_prints() to print out the real operators, instead of
always '='. This makes it easier to see what's going on, as the
correct operators are printed...
aland [Tue, 15 Oct 2002 14:51:18 +0000 (14:51 +0000)]
Removed duplicate function 'sm_prints', and replaced it with
call to library function 'vp_prints'
kkalev [Sun, 13 Oct 2002 20:18:17 +0000 (20:18 +0000)]
* Add a string encoder for greek
* If general_decode_normal_attributes is set then encode attributes in lib/ldap/change_info. In the near future
language specific user attributes will be added in the change info and new user pages. Remove comments from
admin.conf about the change info page not working if this directive is used.
* When spliting cn in lib/ldap/create_user.php3 limit the split to 2 new elements not 3.
kkalev [Sun, 13 Oct 2002 18:46:48 +0000 (18:46 +0000)]
Map a specific username to the directory manager if we are using ldap and http authentication
kkalev [Sun, 13 Oct 2002 18:29:16 +0000 (18:29 +0000)]
Add a comment in admin.conf about ldap server failover
kkalev [Sun, 13 Oct 2002 06:48:55 +0000 (06:48 +0000)]
Disable cache after searching for the default profile
kkalev [Sat, 12 Oct 2002 11:45:31 +0000 (11:45 +0000)]
Fix a small bug in lib/ldap/defaults.php3. We should not be using $i in a for() loop but a new variable
kkalev [Fri, 11 Oct 2002 13:26:20 +0000 (13:26 +0000)]
Do a memset(0) on the key.nas before doing searches. Nusty bug
aland [Thu, 10 Oct 2002 15:23:42 +0000 (15:23 +0000)]
Turn off caching of the passwd files for the Unix module. Too many
people are totally confused as to what it's doing, and why.
Apparently reading the comments in the config file is too hard,
so turning off the caching will allow the module to work for most
people.
People willing to read the config files can still get it to do
what they want, so there's no loss for them.
aland [Wed, 9 Oct 2002 18:58:06 +0000 (18:58 +0000)]
Make the installation directories BEFORE recursing over
sub-directories. This means that any module can safely install
something into $(R)$(bindir), or $(R)$(raddbdir), and it will
be installed in that directory.
If we don't make the directories before calling the modules,
then installing something into $(R)$(raddbdir) MAY create a normal
file named '$(R)$(raddbdir)', and a subsequent 'mkdir' will fail.
aland [Tue, 8 Oct 2002 21:48:27 +0000 (21:48 +0000)]
Don't over-write pointers to allocated memory when handling
a proxy reply.
aland [Mon, 7 Oct 2002 20:31:56 +0000 (20:31 +0000)]
Deleted the freetds SQL sub-module, as it's nowhere near stable
aland [Mon, 7 Oct 2002 20:31:24 +0000 (20:31 +0000)]
Added the new expression module
kkalev [Sat, 5 Oct 2002 09:04:52 +0000 (09:04 +0000)]
Allow for normal ldap user attributes to be utf8 encoded instead of ascii. Changing attribute values through
user_info will not work in that case.
cmiller [Thu, 3 Oct 2002 20:09:28 +0000 (20:09 +0000)]
Inserted names of stable "submodules" into stable list.
debian: search new stable (sub-)module list at configure-time.
cmiller [Thu, 3 Oct 2002 20:01:00 +0000 (20:01 +0000)]
debian: pidfile directory correction
debian: changelog comment
aland [Thu, 3 Oct 2002 14:46:06 +0000 (14:46 +0000)]
Remember what the main module list is..
fcusack [Wed, 2 Oct 2002 18:49:23 +0000 (18:49 +0000)]
change some 'password' refs to 'passcode'
3APA3A [Wed, 2 Oct 2002 14:37:08 +0000 (14:37 +0000)]
! Commited patch from Jorge Boncompte [DTI2] <jorge@dti2.net> (typo in
MS-MPPE-Encryption-Types causing assert if require_strong is disabled)
aland [Wed, 2 Oct 2002 14:34:41 +0000 (14:34 +0000)]
Simplify the 'add to end of list' code
For unknown attributes, make them type 'octets', and not 'string'.
This means that there will be less mangling of them as the server
reads/writes them.
aland [Wed, 2 Oct 2002 14:27:22 +0000 (14:27 +0000)]
Fix simple mistake in checking return value from userparse()
kkalev [Wed, 2 Oct 2002 09:15:11 +0000 (09:15 +0000)]
Allow for multiple regular profile attributes in a user entry.
cparker [Tue, 1 Oct 2002 22:39:55 +0000 (22:39 +0000)]
Updated to include a few more names of developers.
cparker [Tue, 1 Oct 2002 22:32:50 +0000 (22:32 +0000)]
Updated config to have same default value for servers_per_realm as the
default for a blank config item.
cparker [Tue, 1 Oct 2002 22:18:50 +0000 (22:18 +0000)]
Patch to add support for a 'round_robin' load balancing distribution of
radius requests to realms with multiple entries. Configureable number
of 'max servers' per realm. Default behaviour maintains backwards
compatability of simple 'fail-over'.
Contributed by <cbrotsos@starnetusa.net>
kkalev [Tue, 1 Oct 2002 19:16:06 +0000 (19:16 +0000)]
Fix a problem in failed_logins when NASIPAddress is not set.
aland [Tue, 1 Oct 2002 16:59:30 +0000 (16:59 +0000)]
Implemented pre-proxy callbacks. The proxy_send() function now
returns:
RLM_MODULE_FAIL: error
RLM_MODULE_NOOP: didn't do anything: no proxying was done
RLM_MODULE_HANDLED: request was proxied.
The 'preproxy_users' file should now work...
aland [Tue, 1 Oct 2002 15:27:02 +0000 (15:27 +0000)]
Added configuration and documentation for the expression module,
and added more math support.
aland [Mon, 30 Sep 2002 19:05:02 +0000 (19:05 +0000)]
Use the numeric NAS-Port attribute, and not the string NAS-Port-Id
aland [Mon, 30 Sep 2002 18:43:47 +0000 (18:43 +0000)]
Re-arranged the documentation, to make it easier to follow for
people who've never done this before.
aland [Mon, 30 Sep 2002 18:10:13 +0000 (18:10 +0000)]
Minor additions for HPUX support
aland [Mon, 30 Sep 2002 16:34:49 +0000 (16:34 +0000)]
Save the radiusd PID
aland [Mon, 30 Sep 2002 16:24:44 +0000 (16:24 +0000)]
New modules get put into the START of the list, so that when
we unlink them, we do FILO, instead of FIFO. This change appears
to make some platforms work better, and enable C++ modules.
Patch from Andrey Kotrekhov
aland [Mon, 30 Sep 2002 16:21:05 +0000 (16:21 +0000)]
Empty target, with note that hand-editing is required to get
this module to work.