Alan T. DeKok [Thu, 11 Jun 2009 08:37:51 +0000 (10:37 +0200)]
More debugging messages
Alan T. DeKok [Thu, 11 Jun 2009 07:55:48 +0000 (09:55 +0200)]
Include chillispot dictionary
Alan T. DeKok [Tue, 9 Jun 2009 07:46:29 +0000 (09:46 +0200)]
Filter Access-Challenge packets, too
Alan T. DeKok [Sat, 6 Jun 2009 07:42:40 +0000 (09:42 +0200)]
Some clients end option 53 buried inside of the packet.
Pointed out on the list by Martin Lorentz
Alan T. DeKok [Tue, 2 Jun 2009 08:35:38 +0000 (10:35 +0200)]
Mark the proxy mutex as being recursive
Some systems needs this to avoid deadlocks. Others (Linux) don't
Alan T. DeKok [Mon, 1 Jun 2009 22:07:01 +0000 (00:07 +0200)]
Copy the User-Name by value
The previous method treated the User-Name as a string, and parsed it
to create the User-Name for the reply. However... if that happens,
it SHOULD print the User-Name to a string, and then parse that.
That way things like 'FOO\tbar' will get escaped to 'FOO\\tbar',
and therefore parsed properly.
Or, we could just copy the contents verbatim, which is what we did
Alan T. DeKok [Sat, 30 May 2009 07:40:05 +0000 (09:40 +0200)]
Suppress more ping check none
If the home server is zombie, and status_check=none, don't ping it
Alan T. DeKok [Wed, 27 May 2009 12:02:54 +0000 (14:02 +0200)]
Fixe typo
Alan T. DeKok [Wed, 27 May 2009 10:06:47 +0000 (12:06 +0200)]
Read all of the packet using MSG_PEEK for dynamic clients
Alan T. DeKok [Tue, 26 May 2009 14:30:14 +0000 (16:30 +0200)]
Fix typo in last commit
Alan T. DeKok [Tue, 26 May 2009 14:11:15 +0000 (16:11 +0200)]
Don't over-ride NAK with ACK
Alan T. DeKok [Tue, 26 May 2009 13:00:41 +0000 (15:00 +0200)]
Don't walk over empty trees
Alan T. DeKok [Tue, 26 May 2009 08:56:11 +0000 (10:56 +0200)]
"perl -MExtUtils::Embed -e ldopts" LIES to us
So... check if the lying liar is lying. If so, complain, and
refuse to build the module.
i.e. it says "Use -lperl to link!" But there's no "libperl.so"
on the system. And the upstream developers don't see a problem
with Perl lying to the applications. This means that we have to
check for liars, and to work around bugs in other peoples software
Alan T. DeKok [Tue, 26 May 2009 08:44:35 +0000 (10:44 +0200)]
Look for <ruby.h>, and refuse to build without it
Alan T. DeKok [Tue, 26 May 2009 08:41:30 +0000 (10:41 +0200)]
Fixed typo in recv/send coa
Alan T. DeKok [Sun, 24 May 2009 16:19:43 +0000 (18:19 +0200)]
Check for misconfigured systems
Alan T. DeKok [Sun, 24 May 2009 16:18:50 +0000 (18:18 +0200)]
Add notes
Alan T. DeKok [Sun, 24 May 2009 16:16:45 +0000 (18:16 +0200)]
Use now(), not now
Alan T. DeKok [Sat, 23 May 2009 09:59:46 +0000 (11:59 +0200)]
Automatic proxy listeners are created last
Alan T. DeKok [Sat, 23 May 2009 09:53:42 +0000 (11:53 +0200)]
Allow for IPv6 src_ipaddr in home server
Alan T. DeKok [Sat, 23 May 2009 09:53:24 +0000 (11:53 +0200)]
Print more descriptive error message
Alan T. DeKok [Sat, 23 May 2009 07:08:43 +0000 (09:08 +0200)]
Have the server automatically create proxy listeners
When src_ipaddr is set.
Also fix a bug in parsing the src IP address. For now, it's not
IPv6 capable (sorry)
Alan T. DeKok [Thu, 21 May 2009 15:08:29 +0000 (17:08 +0200)]
Added -I to read from filename
Alan T. DeKok [Thu, 21 May 2009 14:50:49 +0000 (16:50 +0200)]
Missed this in the last commit
Alan T. DeKok [Thu, 21 May 2009 13:58:44 +0000 (15:58 +0200)]
Allow src_ipaddr to be specified for home servers
Alan T. DeKok [Thu, 21 May 2009 12:55:06 +0000 (14:55 +0200)]
Minor comments updated
Niko Tyni [Wed, 20 May 2009 09:11:19 +0000 (12:11 +0300)]
make_passwd: only use 'inlen' bytes of the input string
In some situations (at least a roundtrip through the rlm_perl module)
the User-Password value pair can have extra non-null bytes at the end
so that strlen(vp->data.strvalue) > vp->length.
These extra bytes shold not be used by make_passwd to construct the
Message-Authenticator, so copy just 'inlen' bytes of the input string
before rounding up the length.
Alan T. DeKok [Wed, 20 May 2009 11:52:28 +0000 (13:52 +0200)]
Increase default attribute size to 64
Alan T. DeKok [Tue, 19 May 2009 07:11:56 +0000 (09:11 +0200)]
The server can now listen on CoA ports.
Alan T. DeKok [Tue, 19 May 2009 07:11:06 +0000 (09:11 +0200)]
Added event handlers for CoA
The listen section will be next
Alan T. DeKok [Tue, 19 May 2009 07:09:56 +0000 (09:09 +0200)]
Add documentation and examples for CoA
Alan T. DeKok [Tue, 19 May 2009 06:56:33 +0000 (08:56 +0200)]
Added send/recv CoA methods to the server.
Many modules have been updated to be able to process CoA packets.
The server core has been updated to process CoA packets. However,
it does not yet actually listen on a CoA port.
Alan T. DeKok [Mon, 18 May 2009 12:16:38 +0000 (14:16 +0200)]
Run code if proxy is defined, too
Alan T. DeKok [Mon, 18 May 2009 12:16:26 +0000 (14:16 +0200)]
Include udpfromto.h
Alan T. DeKok [Mon, 18 May 2009 12:15:38 +0000 (14:15 +0200)]
Now that we've released 2.1.6, updated to 2.1.7
Alan T. DeKok [Mon, 18 May 2009 11:13:55 +0000 (13:13 +0200)]
Corrected date
Alan T. DeKok [Mon, 18 May 2009 11:12:30 +0000 (13:12 +0200)]
Fix '=='
Alan T. DeKok [Thu, 14 May 2009 07:42:54 +0000 (09:42 +0200)]
Finalize for 2.1.6 release
Alan T. DeKok [Wed, 13 May 2009 06:52:09 +0000 (08:52 +0200)]
More typos
Alan T. DeKok [Wed, 13 May 2009 06:51:53 +0000 (08:51 +0200)]
Corrected typo in last commit
Alan T. DeKok [Tue, 12 May 2009 19:26:20 +0000 (21:26 +0200)]
Return from function
Alan T. DeKok [Tue, 12 May 2009 18:45:24 +0000 (20:45 +0200)]
Remove two unneeded header files
Alan T. DeKok [Tue, 12 May 2009 18:43:22 +0000 (20:43 +0200)]
Include rad_assert.h to define rad_assert
Alan T. DeKok [Tue, 12 May 2009 10:29:33 +0000 (12:29 +0200)]
Fixed typo
Alan T. DeKok [Tue, 12 May 2009 08:59:26 +0000 (10:59 +0200)]
Added notes on certificate compatibility
Alan T. DeKok [Tue, 12 May 2009 06:50:12 +0000 (08:50 +0200)]
Added policy up/down
Alan T. DeKok [Tue, 12 May 2009 06:38:20 +0000 (08:38 +0200)]
A number of fixes to make it work
- reset signal handlers to NULL just before any sleep, which
allows us to exit
- save our PID file along with radiusd.pid
- correct minor typos
- automatically figure out which arguments to pass to "tail"
Alan T. DeKok [Mon, 11 May 2009 15:07:44 +0000 (17:07 +0200)]
This corrects the typo (sigh)
Alan T. DeKok [Mon, 11 May 2009 13:59:10 +0000 (15:59 +0200)]
Corrected typo
Validate reply against packet, not against reply
Alan T. DeKok [Sun, 10 May 2009 17:33:32 +0000 (19:33 +0200)]
Moved verifiation of proxy responses to earlier in the packet handling
This slows down the main server thread a bit, but means that we
catch attackers earlier, i.e. before pushing a request to a
child thread.
Alan T. DeKok [Sun, 10 May 2009 17:26:57 +0000 (19:26 +0200)]
Added event wrapper around request_free
This function takes care of removing the request from the various
hashes && event lists
Alan T. DeKok [Sun, 10 May 2009 10:49:33 +0000 (12:49 +0200)]
Don't touch request after it was proxied
Alan T. DeKok [Fri, 8 May 2009 22:40:05 +0000 (00:40 +0200)]
Portability fixes
tail -n is in /usr/xpg4/bin on Solaris.
date +%s is *BSD && Linux, but not Solaris. Work around this for now...
Alan T. DeKok [Fri, 8 May 2009 15:17:26 +0000 (17:17 +0200)]
Fix radwatch for "wait" exit codes on Solaris
Alan T. DeKok [Fri, 8 May 2009 13:40:07 +0000 (15:40 +0200)]
Expose radius_get_vp, and make switch {} use it
This allows bare words to be used for switch statements. If the
statement is a bare word, the server looks for a VALUE_PAIR of that
name, and prints its value.
Alan T. DeKok [Fri, 8 May 2009 13:20:26 +0000 (15:20 +0200)]
Corrected typo
Alan T. DeKok [Fri, 8 May 2009 13:00:41 +0000 (15:00 +0200)]
More LLVM checks
Alan T. DeKok [Fri, 8 May 2009 12:49:39 +0000 (14:49 +0200)]
Minor changes in "remove from proxy hash"
This avoids esoteric race conditions that no one has seen in practice
Alan T. DeKok [Fri, 8 May 2009 11:05:46 +0000 (13:05 +0200)]
Catch invalid ACKs
Alan T. DeKok [Fri, 8 May 2009 10:53:02 +0000 (12:53 +0200)]
Fix issues found by LLVM checker.
These are mostly dead stores, etc.
Alan T. DeKok [Thu, 7 May 2009 10:28:12 +0000 (12:28 +0200)]
Updated these to 2.1.6, too
Alan T. DeKok [Thu, 7 May 2009 10:26:51 +0000 (12:26 +0200)]
Started 2.1.6
Alan T. DeKok [Thu, 7 May 2009 10:14:26 +0000 (12:14 +0200)]
Added ability to send mail when something goes wrong
This is rate-limited to once per hour, and includes the last
portion of the log file.
Alan T. DeKok [Thu, 7 May 2009 09:52:41 +0000 (11:52 +0200)]
Fixed sleep to be in one location.
Alan T. DeKok [Thu, 7 May 2009 08:55:58 +0000 (10:55 +0200)]
Check before dereference
Alan T. DeKok [Thu, 7 May 2009 08:43:27 +0000 (10:43 +0200)]
Add option "include_length" for TTLS, too.
We've always set it to "yes" in the past, by inheriting the
value from the TLS configuration. In contrast, PEAP always sets it
to "no".
However... RFC 5281 says that we should set it to "no". Since the
previous code works with everyone, we don't want to change the
defaults. But we DO add the flag that allows it to be RFC compliant.y
Alan T. DeKok [Wed, 6 May 2009 15:01:40 +0000 (17:01 +0200)]
Initialize variables on all paths...
Alan T. DeKok [Wed, 6 May 2009 14:55:13 +0000 (16:55 +0200)]
Added ability to do "command ?"
this shows the help for the command.
Alan T. DeKok [Tue, 5 May 2009 19:30:38 +0000 (21:30 +0200)]
Update to do a LOT more checking, and to NOT send email.
Sending email is bad, as it wasn't rate limited. This new script
checks for a lot more conditions, including HUP and TERM sent
to the script itself.
Alan T. DeKok [Tue, 5 May 2009 12:51:12 +0000 (14:51 +0200)]
Exit with error on more signals
Alan T. DeKok [Tue, 5 May 2009 12:12:02 +0000 (14:12 +0200)]
Include more header files in the default install
Alan T. DeKok [Mon, 4 May 2009 14:14:47 +0000 (16:14 +0200)]
Fix double free on exit
Alan T. DeKok [Fri, 1 May 2009 16:32:39 +0000 (18:32 +0200)]
Don't mark pools for freeing twice
Alan T. DeKok [Wed, 29 Apr 2009 15:04:55 +0000 (17:04 +0200)]
Don't force reject if the home server doesn't respond.
The main event handler already does this, so there's no need for
us to do it, too.
Alan T. DeKok [Wed, 29 Apr 2009 15:02:11 +0000 (17:02 +0200)]
When not responding, wait longer for cleanups.
wait max_request_time, not cleanup_delay to clean up packets
that we're not responding to. This means that we don't clean up
after 5s, and the re-process the packet.
Instead, we just look at the cached packet, and don't respond
Alan T. DeKok [Wed, 29 Apr 2009 12:36:47 +0000 (14:36 +0200)]
Updates
Alan T. DeKok [Wed, 29 Apr 2009 12:34:13 +0000 (14:34 +0200)]
Cache modcallables for authorize, etc. for minor speed
Alan T. DeKok [Wed, 29 Apr 2009 11:26:58 +0000 (13:26 +0200)]
Print out more server {} around debugging messages
Alan T. DeKok [Wed, 29 Apr 2009 10:13:38 +0000 (12:13 +0200)]
Set free'd pointers to NULL
Alan T. DeKok [Thu, 23 Apr 2009 17:28:10 +0000 (19:28 +0200)]
Load ALL virtual servers on HUP, even if one fails
Alan T. DeKok [Thu, 23 Apr 2009 15:14:46 +0000 (17:14 +0200)]
Return 0 on error, not -1
Alan T. DeKok [Thu, 23 Apr 2009 11:04:48 +0000 (13:04 +0200)]
Reload module configuration on HUP
Alan T. DeKok [Thu, 23 Apr 2009 11:03:15 +0000 (13:03 +0200)]
Whoops... server->name could be NULL
Alan T. DeKok [Thu, 23 Apr 2009 09:20:02 +0000 (11:20 +0200)]
Ensure we don't delete servers that are in use
Alan T. DeKok [Thu, 23 Apr 2009 09:00:10 +0000 (11:00 +0200)]
Allow virtual servers to be reloaded dynamically on HUP
Alan T. DeKok [Thu, 23 Apr 2009 08:20:24 +0000 (10:20 +0200)]
Created and use virtual_server_t structure
The module loading code is now abstracted to load and look for modules
ONLY by virtual server. Each virtual server has its own component
tree, that is not shared with any other virtual server.
The virtual servers themselves are now in a simple hash table, which
lets them be dynamically reloaded.
Alan T. DeKok [Thu, 23 Apr 2009 06:59:02 +0000 (08:59 +0200)]
Moved HUP code to mainconfig
Alan T. DeKok [Thu, 23 Apr 2009 05:07:20 +0000 (07:07 +0200)]
Allow administrators to force_check_config
Alan T. DeKok [Wed, 22 Apr 2009 12:42:13 +0000 (14:42 +0200)]
Don't lose tags
Alan T. DeKok [Wed, 22 Apr 2009 11:37:53 +0000 (13:37 +0200)]
Added tunnel attributes
Alan T. DeKok [Wed, 22 Apr 2009 06:59:42 +0000 (08:59 +0200)]
Re-did via autoreconf
Alan T. DeKok [Wed, 22 Apr 2009 06:50:20 +0000 (08:50 +0200)]
Moved local definitions to acinclude.m4
message for your changes.
Alan T. DeKok [Tue, 21 Apr 2009 15:07:46 +0000 (17:07 +0200)]
Added "control" as alias for "config.
Patch from Alexander Clouter
Alan T. DeKok [Tue, 21 Apr 2009 14:12:55 +0000 (16:12 +0200)]
Note where unlang can go, and where it can't go
Alan T. DeKok [Sat, 18 Apr 2009 06:41:06 +0000 (08:41 +0200)]
Removed LICENSE and re-generated "configure"
The main FreeRADIUS source has the same LICENSE, so it doesn't
need to be here, too.
The "configure" scripts in the server are all generated on the same
machine, using the same version of autoconf. That seems to ensure
that the autoconf magic is happy.
Antti [Fri, 17 Apr 2009 16:17:30 +0000 (19:17 +0300)]
Adding rlm_ruby module.
Alan T. DeKok [Fri, 17 Apr 2009 14:03:20 +0000 (16:03 +0200)]
More documentation for weird WiMAX stuff
Alan T. DeKok [Fri, 17 Apr 2009 13:57:28 +0000 (15:57 +0200)]
Added configuration to delete the MS-MPPE-*-Keys
Alan T. DeKok [Fri, 17 Apr 2009 13:16:24 +0000 (15:16 +0200)]
Note recent changes
Alan T. DeKok [Fri, 17 Apr 2009 13:12:30 +0000 (15:12 +0200)]
Allow operations OTHER than == to work for Packet-Src-IP-Address
... and associated virtual attributes.
The issue is that the paircompare_register'd functions return 0
for match, and 1 for didn't match. This is wrong. They should just
return the results of the comparison. And then radius_callback_compare
should check the results of the comparison against the operators,
to see if the CONDITION succeeded or failed.