aland [Thu, 27 Dec 2007 05:41:40 +0000 (05:41 +0000)]
Replaced DEBUG2 stuff with log of config/modules, to make it
clear what's going on, and to have one point of control for
logging information
aland [Wed, 26 Dec 2007 16:34:07 +0000 (16:34 +0000)]
Added new "policy.conf" to permit simplified configuration of
policies
aland [Wed, 26 Dec 2007 16:12:42 +0000 (16:12 +0000)]
Virtual modules that are groups to themselves are called
"policies"
aland [Wed, 26 Dec 2007 16:05:23 +0000 (16:05 +0000)]
Don't get excited if virtual modules have only one name.
Handle them as simple groups.
aland [Wed, 26 Dec 2007 15:29:44 +0000 (15:29 +0000)]
document escaping of strings
aland [Wed, 26 Dec 2007 03:38:26 +0000 (03:38 +0000)]
Not needed any more
aland [Tue, 25 Dec 2007 08:31:01 +0000 (08:31 +0000)]
No one is using this module. It doesn't build, and it
implements an *old* version of the specification, not the final
one. As a result, it shouldn't be here.
aland [Tue, 25 Dec 2007 08:28:43 +0000 (08:28 +0000)]
Free memory after use. Patch from Jouni Malinen, with
minor edits
aland [Tue, 25 Dec 2007 08:26:25 +0000 (08:26 +0000)]
Free memory after we're done using it, not before.
Patch from Jouni Malinen
aland [Tue, 25 Dec 2007 08:21:56 +0000 (08:21 +0000)]
Corrected typo. Patch from Jouni Malinen
aland [Tue, 25 Dec 2007 08:19:38 +0000 (08:19 +0000)]
Call va_end() after va_start(). Patch from Jouni Malinen
aland [Tue, 25 Dec 2007 08:18:56 +0000 (08:18 +0000)]
Free packet on return. Patch from Jouni Malinen
aland [Tue, 25 Dec 2007 08:17:26 +0000 (08:17 +0000)]
Free packet on OOM
pnixon [Sun, 23 Dec 2007 16:22:11 +0000 (16:22 +0000)]
Reformat
pnixon [Sun, 23 Dec 2007 13:54:55 +0000 (13:54 +0000)]
Fix paths to work with new layout
aland [Thu, 20 Dec 2007 15:33:03 +0000 (15:33 +0000)]
Use less data from the PRNG when creating State.
aland [Tue, 18 Dec 2007 08:15:11 +0000 (08:15 +0000)]
Use new wpabuf API for handling buffers.
Correctly initialize handler
Check for more corner cases
aland [Tue, 18 Dec 2007 01:30:48 +0000 (01:30 +0000)]
First RFC!
aland [Mon, 17 Dec 2007 16:16:14 +0000 (16:16 +0000)]
updated "last updated" field
aland [Mon, 17 Dec 2007 16:12:33 +0000 (16:12 +0000)]
Fixed typos and cross-references
aland [Mon, 17 Dec 2007 14:57:20 +0000 (14:57 +0000)]
Free memory
aland [Mon, 17 Dec 2007 12:30:42 +0000 (12:30 +0000)]
Casts to quiet compiler
aland [Mon, 17 Dec 2007 12:29:30 +0000 (12:29 +0000)]
Use FR_DIR_SEP
aland [Mon, 17 Dec 2007 12:22:50 +0000 (12:22 +0000)]
Added vp_print_name(). Made vp_prints() use it if !name
Made paircreate() use it, too.
aland [Mon, 17 Dec 2007 10:43:38 +0000 (10:43 +0000)]
Use radius_pairmake, not pairmake.
#ifdef __APPLE__
aland [Mon, 17 Dec 2007 10:32:30 +0000 (10:32 +0000)]
Added more 'const'
aland [Mon, 17 Dec 2007 07:49:42 +0000 (07:49 +0000)]
Fix compiler warnings
aland [Mon, 17 Dec 2007 07:45:46 +0000 (07:45 +0000)]
Added more 'const'
aland [Mon, 17 Dec 2007 07:39:31 +0000 (07:39 +0000)]
Added more 'const'
aland [Mon, 17 Dec 2007 07:38:37 +0000 (07:38 +0000)]
Fix compiler warnings
aland [Mon, 17 Dec 2007 06:45:34 +0000 (06:45 +0000)]
Require client cert for TLS
aland [Sun, 16 Dec 2007 08:37:56 +0000 (08:37 +0000)]
Catch and deny multiple levels of TLS nesting
aland [Sun, 16 Dec 2007 08:31:30 +0000 (08:31 +0000)]
Re-arranged and re-named code to convert VP's to EAP packets,
and vice-versa.
Removed complaints about TLS inside of TLS methods, as it now
works
Relaxed restrictions on matching EAP sessions.
aland [Sun, 16 Dec 2007 08:26:56 +0000 (08:26 +0000)]
If we're inside of a TLS tunnel, don't require a client
certificate. I'm not sure how the user gets authenticated,
but it's what hostapd does...
aland [Sun, 16 Dec 2007 07:33:52 +0000 (07:33 +0000)]
Added python
aland [Sat, 15 Dec 2007 21:43:45 +0000 (21:43 +0000)]
Fix more warnings
aland [Sat, 15 Dec 2007 21:26:51 +0000 (21:26 +0000)]
get rid of more warnings
aland [Sat, 15 Dec 2007 21:25:46 +0000 (21:25 +0000)]
get rid of warning messages
aland [Sat, 15 Dec 2007 21:10:48 +0000 (21:10 +0000)]
Corrected typo
aland [Sat, 15 Dec 2007 21:03:34 +0000 (21:03 +0000)]
More 'const' fixes
aland [Sat, 15 Dec 2007 20:45:09 +0000 (20:45 +0000)]
Added more 'const'
aland [Sat, 15 Dec 2007 20:41:39 +0000 (20:41 +0000)]
get rid of more warnings
aland [Sat, 15 Dec 2007 20:40:01 +0000 (20:40 +0000)]
More 'const'
aland [Sat, 15 Dec 2007 20:39:45 +0000 (20:39 +0000)]
Added more 'const'
aland [Sat, 15 Dec 2007 19:40:30 +0000 (19:40 +0000)]
Moved #ifdef's to before where they're used
Added more #ifdef's to define things only if they're used
aland [Sat, 15 Dec 2007 18:10:53 +0000 (18:10 +0000)]
fix compile warnings
aland [Sat, 15 Dec 2007 18:01:32 +0000 (18:01 +0000)]
Fixed structure from char* to const char*, and added
initializers.
aland [Sat, 15 Dec 2007 17:05:46 +0000 (17:05 +0000)]
Cleaned up conf file reading, continuation handling, etc.
aland [Sat, 15 Dec 2007 15:29:26 +0000 (15:29 +0000)]
removed dependency on strtok
aland [Sat, 15 Dec 2007 15:18:57 +0000 (15:18 +0000)]
Pulled from GNU. This closes bug #496
aland [Sat, 15 Dec 2007 15:13:29 +0000 (15:13 +0000)]
Allow tunnel password encrypted attributes in
Accounting-Request, Disconnect-Request, and CoA-Request, too
aland [Sat, 15 Dec 2007 14:56:10 +0000 (14:56 +0000)]
Fixes to allegedly make it work on more systems
aland [Thu, 13 Dec 2007 17:55:00 +0000 (17:55 +0000)]
The last change seems to break things. Don't use it...
aland [Thu, 13 Dec 2007 14:45:35 +0000 (14:45 +0000)]
Initialize fake->client, too. If not done, this affects
TTLS and PEAP
aland [Thu, 13 Dec 2007 14:40:46 +0000 (14:40 +0000)]
Fixed typo. it's &&, not &
aland [Thu, 13 Dec 2007 10:03:25 +0000 (10:03 +0000)]
Document %{mschap:User-Name}
aland [Tue, 11 Dec 2007 13:43:37 +0000 (13:43 +0000)]
Notes on eap2
aland [Tue, 11 Dec 2007 13:17:55 +0000 (13:17 +0000)]
Don't load TLS if it's not necessary.
aland [Tue, 11 Dec 2007 10:53:30 +0000 (10:53 +0000)]
Allow configuration file to control what EAP types are permitted
outside of the tunnel
aland [Tue, 11 Dec 2007 07:58:34 +0000 (07:58 +0000)]
Added second EAP module which uses the hostap libeap to do it's
work.
Some issues:
- you have to build hosteap/eap_example/libeap.so yourself
- if libeap.so is build with TLS, this module REQUIRES tls
(certs, etc) and WILL NOT run without it
- you CANNOT control inner or outer tunneled methods, except
by editing the source to this module and (perhaps) the
hostap Makefiles
- the "inner tunnel" sessions are NOT run through a virtual
server as with rlm_eap. This MUST be fixed for production use
- as a result, the inner tunnele sessions CANNOT be proxied,
and they CANNOT have a separate policy applied to them
- you MUST set "Auth-Type = eap2" manually.
- you will have to edit this Makefile yourself to get it to
build. No "configure" script is supplied
aland [Mon, 10 Dec 2007 16:07:30 +0000 (16:07 +0000)]
Now that we have request->client, we don't need client_find()
as much
aland [Sun, 9 Dec 2007 22:17:51 +0000 (22:17 +0000)]
let's free memory...
aland [Sat, 8 Dec 2007 22:34:26 +0000 (22:34 +0000)]
After some careful code analysis, be a little more careful
about freeing the memory. There have been reports of memory
leaks...
sub-types do: type.data = malloc()
eap_wireformat does: free(type.data)
BUT eap_packet_free doesn't free type.data, even if it's not
NULL. This may be a surprise. There may also be code paths
where the memory gets allocated WITHOUT it being packed into
a packet. So we fix the code here to be a little more careful
aland [Sat, 8 Dec 2007 22:18:27 +0000 (22:18 +0000)]
Call memset AFTER checking if the ptr is NULL
aland [Sat, 8 Dec 2007 11:35:16 +0000 (11:35 +0000)]
More functions that have no business being public
aland [Sat, 8 Dec 2007 11:01:15 +0000 (11:01 +0000)]
map/unmap_eap_types are used ONLY for eapsim testing program,
which is #ifdef'd out, AND by radeapclient. They don't belong in
libeap.
aland [Sat, 8 Dec 2007 10:19:47 +0000 (10:19 +0000)]
Don't duplicate a function. It's stupid
aland [Sat, 8 Dec 2007 09:21:06 +0000 (09:21 +0000)]
Catch corner case, as posted to the list
aland [Thu, 6 Dec 2007 10:55:49 +0000 (10:55 +0000)]
Use local array for FD's. It's marginally faster.
aland [Thu, 6 Dec 2007 09:02:10 +0000 (09:02 +0000)]
Enabled O_NONBLOCK for UDP sockets
aland [Thu, 6 Dec 2007 09:01:47 +0000 (09:01 +0000)]
Updated log message
aland [Thu, 6 Dec 2007 08:53:11 +0000 (08:53 +0000)]
Delay a little longer in wait_a_bit. It can't hurt.
rcode is ssize_t, not size_t
aland [Wed, 5 Dec 2007 14:44:22 +0000 (14:44 +0000)]
Signed / unsigned issues
And oracle LM/NT password headers, as posted to the list
aland [Wed, 5 Dec 2007 10:22:41 +0000 (10:22 +0000)]
Remove 'caseless' from VALUE_PAIR flags. It's not needed.
Added 'unknown_attr' to VALUE_PAIR flags, which tracks if
vp->name points to a DICT_ATTR entry name or not.
vp->name is now a pointer, rather than a character array.
Updated code to have "vp->name = da->name" for known attributes.
Otherwise, the memory allocated for the VALUE_PAIR is increased
by ~24 characters. The name is printed there (Vendor-X-Attr-Y),
and vp->name is pointed to the string.
Updated paircopy() to look at vp->flags.unknown_attr,
if set, it allocates more room for the name, and does
a memcpy() of the VALUE_PAIR + the name.
Updated rlm_preprocess to NOT print to vp->name.
Nothing else in the code should now write to vp->name
Updated paircreate() to simplify printing of Vendor-X-Attr-Y
Updated pairmake_any() to simplify parsing of Vendor-X-Attr-Y.
It now also checks size of attribute values (e.g. 1-octet,
2-octet, etc). It now parses the octet string as an octet
string, no matter what the final type is. So you can
have "Attr-5 = 0x00000001", and have it show up as
"NAS-Port = 1".
aland [Sun, 2 Dec 2007 23:40:32 +0000 (23:40 +0000)]
Safer way of setting things
aland [Sun, 2 Dec 2007 16:52:51 +0000 (16:52 +0000)]
Reference net-snmp API, if it exists
aland [Sun, 2 Dec 2007 16:43:16 +0000 (16:43 +0000)]
Fix more compiler warnings
aland [Sun, 2 Dec 2007 16:37:16 +0000 (16:37 +0000)]
Fix all compiler warnings. With luck, this will fix 64-bit
issues, too
aland [Sun, 2 Dec 2007 15:48:14 +0000 (15:48 +0000)]
Call lt_dlexit() AFTER detach modules.
Call xlat_free() AFTER detach modules.
Move module instances to a tree, in preparation for getting rid
of cf_data (which should help with HUP)
aland [Sun, 2 Dec 2007 08:17:59 +0000 (08:17 +0000)]
Include file for prototypes
nbk [Sat, 1 Dec 2007 00:28:09 +0000 (00:28 +0000)]
Add an example of the option "sql_user_name" to the config of
module "rlm_sql_log" so the users can notice its existence.
aland [Wed, 28 Nov 2007 23:27:14 +0000 (23:27 +0000)]
Corrected typos
aland [Wed, 28 Nov 2007 22:50:19 +0000 (22:50 +0000)]
More OS portability issue
aland [Wed, 28 Nov 2007 22:43:16 +0000 (22:43 +0000)]
Corrected typo in name
added better #ifdef's around possibly used variables
aland [Wed, 28 Nov 2007 17:05:52 +0000 (17:05 +0000)]
Corrected typo
aland [Wed, 28 Nov 2007 12:32:10 +0000 (12:32 +0000)]
Define TNC-VLAN-{Access,Isolate}, and look for them in
rlm_eap_tnc
aland [Wed, 28 Nov 2007 12:27:56 +0000 (12:27 +0000)]
Use FreeRADIUS configuration files to set vlan_access and
vlan_isolate.
aland [Wed, 28 Nov 2007 12:27:26 +0000 (12:27 +0000)]
Use libtool for linking, rather than dlopen().
Clean up code a little.
aland [Tue, 27 Nov 2007 20:01:54 +0000 (20:01 +0000)]
If the client puts many types into a NAK, pick the first one
that we can agree on.
aland [Tue, 27 Nov 2007 19:44:11 +0000 (19:44 +0000)]
TNC can only be run inside of a tunneled method.
aland [Tue, 27 Nov 2007 16:01:53 +0000 (16:01 +0000)]
Changes to make EAP-TLS inside of EAP-TTLS at least partially
work.
aland [Tue, 27 Nov 2007 15:51:54 +0000 (15:51 +0000)]
Removed hack-y generate_state() and verify_state() functions.
There's no need for much of what they do, and the timer_expire
config item already takes care of expiring old attributes.
Added instance-specific random pool for EAP.
This also fixes a DoS issue where too many simultaneous calls
to fr_rand() could result in issues...
aland [Tue, 27 Nov 2007 15:17:19 +0000 (15:17 +0000)]
Convert radlog(L_INFO, ... to DEBUG2(... to avoid polluting
the logs
aland [Tue, 27 Nov 2007 15:05:25 +0000 (15:05 +0000)]
Cleaned up debugging
aland [Tue, 27 Nov 2007 14:44:36 +0000 (14:44 +0000)]
Changed radlog(L_INFO... to DEBUG2(... to avoid polluting the
log file with useless information
aland [Tue, 27 Nov 2007 14:40:49 +0000 (14:40 +0000)]
Made some functions static.
printf -> DEBUG2
some type changes for consistency
aland [Tue, 27 Nov 2007 13:37:53 +0000 (13:37 +0000)]
Re-assemble fragments properly for tunneled data
aland [Tue, 27 Nov 2007 10:16:09 +0000 (10:16 +0000)]
*Correctly* Re-assemble large amounts of data inside of the TLS
tunnel.
aland [Mon, 26 Nov 2007 17:31:16 +0000 (17:31 +0000)]
Removed UTF-8 text.
aland [Mon, 26 Nov 2007 17:29:04 +0000 (17:29 +0000)]
Minor edits to configure.in, and re-generated configure