Alan T. DeKok [Mon, 4 Jul 2011 16:02:54 +0000 (18:02 +0200)]
Allow root to connect to control socket
Even if the configured "allowed UID" has a different value.
They're root, so they can do anything. We might as well be polite.
Alan T. DeKok [Mon, 4 Jul 2011 15:59:31 +0000 (17:59 +0200)]
Server closing connection returns 0
We should close our end and complain in that case.
Bug found by Brian Candler
Arran Cudbard-Bell [Mon, 4 Jul 2011 08:47:04 +0000 (10:47 +0200)]
Add relax-filter check item to override the relaxed config item on a filter by filter basis
Conflicts:
src/modules/rlm_attr_filter/rlm_attr_filter.c
Arran Cudbard-Bell [Sun, 3 Jul 2011 17:10:59 +0000 (19:10 +0200)]
Add 'relaxed' option to rlm_attr_filter, when 'yes' attributes which do not explicitly match any filter rules are still copied.
Alan T. DeKok [Sun, 3 Jul 2011 15:35:13 +0000 (17:35 +0200)]
Use correct length
Alan T. DeKok [Sun, 3 Jul 2011 09:07:49 +0000 (11:07 +0200)]
Fix offset bug in %{string:...}
It prints the correct amount with the correct limits, but
to the wrong location
Alan T. DeKok [Thu, 30 Jun 2011 14:01:56 +0000 (16:01 +0200)]
Be less strict about duplicate virtual servers
If they share the same top-level CONF_SECTION, they're duplicates.
Otherwise, the server is reloading it's configuration, so the new
configuration should be allowed to be loaded.
Alan T. DeKok [Tue, 28 Jun 2011 15:28:00 +0000 (17:28 +0200)]
Handle relayed packets better...
If the request a client packet, we can relay it using
the existing code.
If the request is a server packet, then it MUST be from
the real server, and we MUST be acting as a relay. In that
case, set the giaddr to 0.0.0.0, and forward the packet to the
yiaddr.
And do something with broadcast replies...
Alan T. DeKok [Tue, 28 Jun 2011 13:54:12 +0000 (15:54 +0200)]
Allow DHCP-Opcode and DHCP-Hop-Count to be set from VPs.
This makes it easier to relay && respond to clients
Alan T. DeKok [Tue, 28 Jun 2011 13:38:33 +0000 (15:38 +0200)]
Allow giaddr to be updated when relaying
Alan T. DeKok [Mon, 27 Jun 2011 15:03:38 +0000 (17:03 +0200)]
Fix typo
Petr Uzel [Mon, 27 Jun 2011 07:21:18 +0000 (09:21 +0200)]
rlm_mschap: silence gcc buffer overflow detection mechanism
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
Alan T. DeKok [Mon, 27 Jun 2011 11:04:46 +0000 (13:04 +0200)]
Fix calculation of response authenticator
The Status-Server packet can get an Accounting-Response
packet in return. Since the Status-Server has a random
authentication vector, the response needs to be calculated
using that. We can't use the normal Accounting-Response
calculation.
Oops. No one found this in RFC 5997.
Alan T. DeKok [Mon, 27 Jun 2011 10:55:32 +0000 (12:55 +0200)]
Prepare for 2.1.12
Alan T. DeKok [Mon, 27 Jun 2011 09:16:43 +0000 (11:16 +0200)]
Fix > vs >= bug
Alan T. DeKok [Fri, 24 Jun 2011 10:41:17 +0000 (12:41 +0200)]
fclose() frees buffers, too
Alan T. DeKok [Tue, 21 Jun 2011 09:23:56 +0000 (11:23 +0200)]
If a child process gets a signal to exit, then just exit.
Alan T. DeKok [Tue, 21 Jun 2011 09:22:36 +0000 (11:22 +0200)]
Print out *which* program is causing the delay
Alan T. DeKok [Tue, 21 Jun 2011 09:19:29 +0000 (11:19 +0200)]
Update copyright year
Alan T. DeKok [Tue, 21 Jun 2011 07:06:38 +0000 (09:06 +0200)]
Fix > vs >= bug
Alan T. DeKok [Mon, 20 Jun 2011 14:57:14 +0000 (16:57 +0200)]
Don't go too far ahead
if (..){
is OK. The previous code skipped over the curly brace, assuming
that it was there... the code to check for syntax errors assumed
that the curly brace was not skipped over. This change fixes
that conflict
Alan T. DeKok [Mon, 20 Jun 2011 10:58:09 +0000 (12:58 +0200)]
Made the date today
Alan T. DeKok [Sat, 18 Jun 2011 08:48:02 +0000 (10:48 +0200)]
Note changes for version 2.1.11
Alan T. DeKok [Thu, 16 Jun 2011 10:53:37 +0000 (12:53 +0200)]
Be more stringent about unexpected text
Alan T. DeKok [Wed, 15 Jun 2011 09:39:54 +0000 (11:39 +0200)]
Releases don't get replied to
Alan T. DeKok [Wed, 15 Jun 2011 08:49:58 +0000 (10:49 +0200)]
Document "max_outstanding" for home servers
Alan T. DeKok [Tue, 14 Jun 2011 06:10:28 +0000 (08:10 +0200)]
Allow policies by section
authorize {
foo
}
will look for first:
policy {
foo.authorize {
...
}
}
and then
policy {
foo {
...
}
}
This allows section-specific overrides for policies and modules.
Alan T. DeKok [Mon, 13 Jun 2011 09:31:47 +0000 (11:31 +0200)]
Allow policies to refer to modules of the same name
policy {
files {
files
...
}
}
Means that you can over-ride the behavior of the "files" module,
and add anything else you need.
Alan T. DeKok [Sun, 12 Jun 2011 04:41:57 +0000 (06:41 +0200)]
New modules && configs for v2.1.11
Alan T. DeKok [Fri, 10 Jun 2011 13:16:16 +0000 (15:16 +0200)]
Fix data types
Alan T. DeKok [Tue, 7 Jun 2011 09:18:44 +0000 (11:18 +0200)]
Fix typo. Closes bug #150
Alan T. DeKok [Sun, 5 Jun 2011 16:15:05 +0000 (18:15 +0200)]
Note existence of "inner-tunnel"
So that people remember to edit it, too
Alan T. DeKok [Tue, 31 May 2011 19:21:23 +0000 (21:21 +0200)]
Added MS-CHAP-V2
Alan T. DeKok [Tue, 31 May 2011 18:39:42 +0000 (20:39 +0200)]
Last set of vp_print fixes
Alan T. DeKok [Tue, 31 May 2011 11:20:12 +0000 (13:20 +0200)]
Move \t into vp_print, just like the last commit
Alan T. DeKok [Tue, 31 May 2011 07:32:20 +0000 (09:32 +0200)]
vp_print should add a "\n" to the end
All callers already do this, so it's best to move that code
into vp_print
Alan T. DeKok [Mon, 30 May 2011 15:14:18 +0000 (17:14 +0200)]
Revert most of the "checked_write" code.
It apparently caused crashes on some machines. This code
reverts (mostly) back to the original code which worked, but
it should also notice when the disk is full, and return FAIL
Alan T. DeKok [Fri, 27 May 2011 12:49:17 +0000 (14:49 +0200)]
Document the "locking" configuration item
Alan T. DeKok [Fri, 27 May 2011 08:47:09 +0000 (10:47 +0200)]
Make home server coa config match raddb/proxy.conf
Alan T. DeKok [Thu, 26 May 2011 11:59:10 +0000 (13:59 +0200)]
Bump buffer size for regex matches
Alan T. DeKok [Thu, 26 May 2011 08:54:25 +0000 (10:54 +0200)]
Terminate string when using %{Attribute-Name[*]}
Alan T. DeKok [Wed, 25 May 2011 12:42:34 +0000 (14:42 +0200)]
Handle CHAP-Challenge
Alan T. DeKok [Wed, 25 May 2011 10:31:25 +0000 (12:31 +0200)]
Use rlm_redis CFLAGS and LDFLAGS
This lets the module build
Alan T. DeKok [Wed, 25 May 2011 09:46:14 +0000 (11:46 +0200)]
Replicate is now stable
Alan T. DeKok [Wed, 25 May 2011 09:46:06 +0000 (11:46 +0200)]
Mark "replicate" as stable
Alan T. DeKok [Wed, 25 May 2011 09:43:35 +0000 (11:43 +0200)]
Ensure AF for src IP matches AF for dst IP
Alan T. DeKok [Wed, 25 May 2011 09:43:12 +0000 (11:43 +0200)]
Make it build && work.
Apparently infinite loops are bad. Who knew?
Alan T. DeKok [Wed, 25 May 2011 08:52:35 +0000 (10:52 +0200)]
Make errors more prominent
Alan T. DeKok [Wed, 25 May 2011 08:49:28 +0000 (10:49 +0200)]
Note recent changes
Alan T. DeKok [Wed, 25 May 2011 08:21:41 +0000 (10:21 +0200)]
Initial version of rlm_replicate
Allows replication of packets (send without response),
to multiple destinations.
Alan T. DeKok [Tue, 24 May 2011 12:35:40 +0000 (14:35 +0200)]
This attribute is string. Closes #160
Alexander Clouter [Mon, 23 May 2011 10:43:04 +0000 (11:43 +0100)]
debian/patches/dialupadmin-help.diff wrong filename
'dpkg-buildpackage -b -us -uc -rfakeroot' grumbles as the following file
no longer exists. The patch fixes things, but it might be worth
'resync'ing as the large upstream Debian resync was Dec 2009 (
5ed6809a).
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Mon, 23 May 2011 10:15:09 +0000 (12:15 +0200)]
Set limits on string/octet attributes
Alan T. DeKok [Wed, 18 May 2011 11:22:18 +0000 (13:22 +0200)]
Cleaned up the "checked write" code a fair bit
Alan T. DeKok [Mon, 16 May 2011 11:42:54 +0000 (13:42 +0200)]
Configure checks for deprecated functionality
Alan T. DeKok [Mon, 16 May 2011 11:30:20 +0000 (13:30 +0200)]
Added deprecated functionality as compile-time option
Alan T. DeKok [Fri, 13 May 2011 14:58:16 +0000 (16:58 +0200)]
Support outer.control in dynamic xlat
Alan T. DeKok [Wed, 11 May 2011 19:07:34 +0000 (21:07 +0200)]
Now that log_packet_header is documented, make sure it works
Alan T. DeKok [Wed, 11 May 2011 15:41:29 +0000 (17:41 +0200)]
Updated documentation and samples
Handle IPv6 in detail filename.
Document "log_packet_header"
Alan T. DeKok [Wed, 11 May 2011 08:55:56 +0000 (10:55 +0200)]
Handle node deletions when walking over the tree.
The current node may be deleted, so we cache the left/right
pointers where necessary, and use the cached versions instead
of de-referencing the current node again.
Alan T. DeKok [Tue, 10 May 2011 08:45:54 +0000 (10:45 +0200)]
If accounting start/interim/stop doesn't do anything, return NOOP
If num_affected_rows == 0, return NOOP
Alan T. DeKok [Mon, 9 May 2011 17:37:46 +0000 (19:37 +0200)]
Fix typo
If we're making a directory, make sure it's from the '/',
and not from the whole filename.
Alan T. DeKok [Mon, 9 May 2011 11:16:04 +0000 (13:16 +0200)]
Call fnmatch only if the packet was read from the detail file.
And re-arranged the logic to make sense.
If the packet was read from the detail file AND will be written back
to the same directory (glob match), then do NOOP.
Otherwise, just go make the directory
Alexander Clouter [Mon, 9 May 2011 10:15:16 +0000 (11:15 +0100)]
fix lower->tolower typo in policy.conf
git commit
abc96955 contains a typo that this patch fixes. As the
module 'lower' does not exist calling this policy always results in a
reject.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Fri, 6 May 2011 14:49:32 +0000 (16:49 +0200)]
Define _GNU_SOURCE before checking for structures
On Linux, useful features that are industry standard are
"protected" by requiring -D_GNU_SOURCE. Why would you want
your users to *use* the features of libc?
Alan T. DeKok [Fri, 6 May 2011 12:32:12 +0000 (14:32 +0200)]
Add EAP tests to automated test suite
Alan T. DeKok [Wed, 4 May 2011 11:50:46 +0000 (13:50 +0200)]
Move proxy ID handler to RB trees instead of hashes
This is apparently the root cause behind bug #35. It's not
clear why the hash table has that problem, but making this change
fixes it.
Alan T. DeKok [Wed, 4 May 2011 11:42:25 +0000 (13:42 +0200)]
Change assert to run-time check
Alan T. DeKok [Tue, 3 May 2011 07:23:41 +0000 (09:23 +0200)]
Don't decode attributes if there's no secret
This is really a bug in the caller, but it's a reasonable
change to make.
Alan T. DeKok [Mon, 2 May 2011 12:47:16 +0000 (14:47 +0200)]
Use built-in "offsetof"
Look for "stddef.h", and if found, include it in the various
configure checks. Also use it at run time.
Alan T. DeKok [Thu, 28 Apr 2011 09:09:45 +0000 (11:09 +0200)]
pairmake may return NULL if the dictionaries are broken.
The code should check for this, and behave gracefully
Alan T. DeKok [Thu, 28 Apr 2011 09:07:07 +0000 (11:07 +0200)]
Fix typo in attribute name
Alan T. DeKok [Wed, 27 Apr 2011 07:41:08 +0000 (09:41 +0200)]
Load the default virtual server before any others
This avoids user surprise
Alan T. DeKok [Thu, 21 Apr 2011 07:00:09 +0000 (09:00 +0200)]
Mark the module as HUP-safe
Alan T. DeKok [Fri, 15 Apr 2011 13:28:57 +0000 (15:28 +0200)]
Make proxy inner tunnel MS-CHAP work again
Alan T. DeKok [Sun, 10 Apr 2011 14:28:27 +0000 (16:28 +0200)]
Fix arguments to pairmove2
Alan T. DeKok [Sun, 10 Apr 2011 06:02:05 +0000 (08:02 +0200)]
Don't set "EAP Failure" when sending error message back
Alan T. DeKok [Fri, 8 Apr 2011 11:04:25 +0000 (13:04 +0200)]
The file may be closed when there are no VPs
Alan T. DeKok [Fri, 8 Apr 2011 07:36:49 +0000 (09:36 +0200)]
Make error sending configurable
Alan T. DeKok [Thu, 7 Apr 2011 14:29:20 +0000 (16:29 +0200)]
Handle failures
Alan T. DeKok [Thu, 7 Apr 2011 14:18:27 +0000 (16:18 +0200)]
Add allow_retry and retry_msg functionality
Based on a patch from John Hayward.
Setting "allow_retry=0" and "retry_msg = hello" seems to help
with EAP-MSCHAPv2 and cached passwords...
Alan T. DeKok [Thu, 7 Apr 2011 14:11:58 +0000 (16:11 +0200)]
Allow MS-CHAP-Error in Access-Reject
Alan T. DeKok [Thu, 7 Apr 2011 07:44:26 +0000 (09:44 +0200)]
Don't over-write a fail code with a success code.
Closes bug #152
Alan T. DeKok [Tue, 5 Apr 2011 14:56:33 +0000 (16:56 +0200)]
Add -4 and -6 options
These force NAS-IP-Address or NAS-IPv6-Address
Alan T. DeKok [Tue, 29 Mar 2011 13:53:01 +0000 (15:53 +0200)]
Fix handling of "-l stdout"
Alan T. DeKok [Fri, 25 Mar 2011 12:53:10 +0000 (13:53 +0100)]
Correct debug log for internal proxied requests
Alan T. DeKok [Fri, 25 Mar 2011 09:21:07 +0000 (10:21 +0100)]
Fix generation of autoheader, and re-build it
Alan T. DeKok [Fri, 25 Mar 2011 09:14:57 +0000 (10:14 +0100)]
Fix typo in last commit
Alan T. DeKok [Fri, 25 Mar 2011 09:09:33 +0000 (10:09 +0100)]
Re-build more on reconfig
John Dennis [Thu, 24 Mar 2011 15:59:37 +0000 (11:59 -0400)]
Fix autogen.sh
The script is invoked with -e which causes the script to exit
immediately if a subshell command enclosed in parentheses
has a non-zero exit status. The command
grep "^AC_CONFIG_HEADER" configure.in > /dev/null
returns non-zero for many of the subdirs which causes the autogen.sh
script to immediately exit. In fact it exits on the very first
subdirectory (src/modules/rlm_sql) prematurely aborting the entire
operation.
Alan T. DeKok [Wed, 23 Mar 2011 07:59:22 +0000 (08:59 +0100)]
Move illegal attributes around
And enable the Motorola VSA dictionary
Alan T. DeKok [Wed, 23 Mar 2011 07:41:38 +0000 (08:41 +0100)]
Remove trailing whitespace
Alan T. DeKok [Wed, 23 Mar 2011 07:41:21 +0000 (08:41 +0100)]
More Canopy attributes as posted to the list
Alan T. DeKok [Wed, 23 Mar 2011 07:40:21 +0000 (08:40 +0100)]
Fix typos
Alan T. DeKok [Sun, 20 Mar 2011 07:11:05 +0000 (08:11 +0100)]
Clearer warnings about unsupported operators
Alan T. DeKok [Sun, 20 Mar 2011 07:10:47 +0000 (08:10 +0100)]
Expose API to get token names
Alan T. DeKok [Sat, 19 Mar 2011 15:16:12 +0000 (16:16 +0100)]
How RADIUS should be done.
Alan T. DeKok [Wed, 16 Mar 2011 10:26:04 +0000 (11:26 +0100)]
Expose rad_print_hex, and use it in radsniff
Alan T. DeKok [Tue, 15 Mar 2011 16:23:22 +0000 (17:23 +0100)]
Fix compilation errors
Alan T. DeKok [Tue, 15 Mar 2011 14:30:37 +0000 (15:30 +0100)]
Id is unsigned for printing