Alan T. DeKok [Sun, 15 Feb 2009 08:29:45 +0000 (09:29 +0100)]
Allow the detail poll interval to be configurable
Alan T. DeKok [Sun, 15 Feb 2009 08:04:10 +0000 (09:04 +0100)]
More documentation
Alan T. DeKok [Sun, 15 Feb 2009 08:00:28 +0000 (09:00 +0100)]
Documentation for raddebug
Alan T. DeKok [Sun, 15 Feb 2009 07:44:38 +0000 (08:44 +0100)]
Minor cleanups
Added -d and usage
Alan T. DeKok [Fri, 13 Feb 2009 20:49:22 +0000 (21:49 +0100)]
Command to print debugging from a running server.
Very useful!
Alan T. DeKok [Fri, 13 Feb 2009 15:08:27 +0000 (16:08 +0100)]
Fix handling of "debug file [filename]"
Make filename optional, which means "no debug file".
Re-arrange how we handle the pointers, to avoid threading issues
Alan T. DeKok [Fri, 13 Feb 2009 15:06:07 +0000 (16:06 +0100)]
Suppress LF's if there's no output
Alan T. DeKok [Fri, 13 Feb 2009 14:08:14 +0000 (15:08 +0100)]
Change detail polling interval from 1s to 10s
This lowers the noise in debugging mode. It shouldn't affect performance.
Alan T. DeKok [Wed, 11 Feb 2009 17:39:21 +0000 (18:39 +0100)]
Fixed typo
Alan T. DeKok [Tue, 10 Feb 2009 08:48:17 +0000 (09:48 +0100)]
More instructions on DHCP
Alan T. DeKok [Tue, 10 Feb 2009 08:08:13 +0000 (09:08 +0100)]
Moved otp.conf to modules/otp
Alan T. DeKok [Thu, 5 Feb 2009 15:22:10 +0000 (16:22 +0100)]
Add "require message authenticator" config to home servers
Alan T. DeKok [Thu, 5 Feb 2009 15:11:06 +0000 (16:11 +0100)]
Move "allocate request->proxy" to home_server_ldb
In preparation for other work
Alan T. DeKok [Thu, 5 Feb 2009 11:05:38 +0000 (12:05 +0100)]
Moved checks for detail to home_server_ldb
Rather than proxying to a home server, and THEN deciding it
wasn't a good idea, we simply skip that home server during
the process of trying to find one.
Alan T. DeKok [Tue, 3 Feb 2009 14:15:03 +0000 (15:15 +0100)]
Corrected typo. Noted by Chris Moules
Alan T. DeKok [Tue, 3 Feb 2009 13:39:41 +0000 (14:39 +0100)]
Fixed name
Alan T. DeKok [Tue, 3 Feb 2009 13:33:53 +0000 (14:33 +0100)]
Note issue as reported in bug #622
Alan T. DeKok [Tue, 3 Feb 2009 13:33:29 +0000 (14:33 +0100)]
Free insthandle if there's no detach function
Alan T. DeKok [Tue, 3 Feb 2009 13:32:23 +0000 (14:32 +0100)]
Corrected typo
Alan T. DeKok [Tue, 3 Feb 2009 13:22:03 +0000 (14:22 +0100)]
Cleaned up source code && updated "configure"
Alan T. DeKok [Tue, 3 Feb 2009 10:26:34 +0000 (11:26 +0100)]
New module as supplied by Siemens
Alan T. DeKok [Tue, 3 Feb 2009 09:54:32 +0000 (10:54 +0100)]
Revert "Change default hash function to SHA1. MD5 is broken."
This reverts commit
340f01028f6f2dc8fa18336c9448f2787fc8de0f.
However, many versions of OpenSSL don't include SHA support,
so doing this would break the default install. <sigh>
Alan T. DeKok [Mon, 2 Feb 2009 10:24:51 +0000 (11:24 +0100)]
Note recent changes
Alan T. DeKok [Mon, 2 Feb 2009 09:47:40 +0000 (10:47 +0100)]
Expose more functions
Based on a patch from Chris Moules
Alan T. DeKok [Mon, 2 Feb 2009 09:31:04 +0000 (10:31 +0100)]
Load anonymous pools by type, not hard-coded to CoA
Alan T. DeKok [Sun, 1 Feb 2009 18:13:37 +0000 (19:13 +0100)]
Updated copyright date
Alan T. DeKok [Sun, 1 Feb 2009 18:13:06 +0000 (19:13 +0100)]
Updates for 2009
Alan T. DeKok [Fri, 30 Jan 2009 10:24:11 +0000 (11:24 +0100)]
Added UNUSED
Alan T. DeKok [Fri, 30 Jan 2009 10:23:13 +0000 (11:23 +0100)]
Save string for regexes
Alan T. DeKok [Fri, 30 Jan 2009 10:20:32 +0000 (11:20 +0100)]
Simplified patch from b4c873
Arnaud Ebalard [Fri, 30 Jan 2009 10:16:37 +0000 (11:16 +0100)]
Fix broken EAP-TLS (bug introduced 2008/08/24 by
b51a3a82)
Thu, 29 Jan 2009 16:31:10 +0100
To: aland <aland@deployingradius.com>
CC: Axel Tillequin <axel.tillequin@eads.net>, FreeRadius developers mailing list <freeradius-devel@lists.freeradius.org>
Hi,
As explained in previous mails of the thread, FreeRadius EAP-TLS support
is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished
messages are not sent). Bisecting the issue led me here:
commit
b51a3a82edb797f5d0a2758bd1a38359d6f66803
Author: Alan T. DeKok <aland@freeradius.org>
Date: Sun Aug 24 10:04:55 2008 +0200
Clean up debug && log messages
AFAICT, the test that prevented eaptls_ack_handler() to return
EAPTLS_SUCCESS *before* flushing remaining local messages
(i.e. returning EAPTLS_REQUEST so that they be sent to the peer to
complete the TLS handshake) was removed in that commit.
The patch below is against current git tree. With Axel, we tested the
fix with 2.1.3: it corrects the issue.
Cheers,
a+
Signed-off-by: Arnaud Ebalard <arno@natisbad.org>
Tested-by: Axel Tillequin <axel.tillequin@gmail.com>
Alan T. DeKok [Fri, 30 Jan 2009 10:13:48 +0000 (11:13 +0100)]
Corrected typo
Alan T. DeKok [Thu, 29 Jan 2009 11:54:00 +0000 (12:54 +0100)]
Chop ethernet frame to 253 rather than rejecting the packet
Alan T. DeKok [Wed, 28 Jan 2009 15:25:21 +0000 (16:25 +0100)]
Corrected typo
Alan T. DeKok [Wed, 28 Jan 2009 13:59:42 +0000 (14:59 +0100)]
Corrected MySQL syntax to = NULL
Alan T. DeKok [Tue, 27 Jan 2009 09:14:02 +0000 (10:14 +0100)]
Added freeswitch dictionary
Alan T. DeKok [Wed, 21 Jan 2009 13:32:29 +0000 (14:32 +0100)]
Look for setuid, too
Alan T. DeKok [Wed, 21 Jan 2009 10:13:24 +0000 (11:13 +0100)]
If we're at EOF, the socket will never be ready
So check for EOF in more places
Alan T. DeKok [Mon, 19 Jan 2009 15:15:08 +0000 (16:15 +0100)]
Notes on MySQL
Alan T. DeKok [Mon, 19 Jan 2009 13:51:19 +0000 (14:51 +0100)]
Try to work around transactional issues...
Alan T. DeKok [Mon, 19 Jan 2009 12:41:34 +0000 (13:41 +0100)]
Clean up CoA origination to not depend on CoA
This makes the patch a little cleaner
Alan T. DeKok [Sun, 18 Jan 2009 16:16:10 +0000 (17:16 +0100)]
Removed extraneous line
Alan T. DeKok [Sun, 18 Jan 2009 15:13:13 +0000 (16:13 +0100)]
CoA is in request->proxy, not request->packet
Alan T. DeKok [Tue, 13 Jan 2009 13:01:14 +0000 (14:01 +0100)]
Note restrictions on detail file usage
Alan T. DeKok [Mon, 12 Jan 2009 13:32:10 +0000 (14:32 +0100)]
Commented out SQL modules by default.
Unlike the EAP module, they need *additional* things to be configured
before they will work. So you can't just build the server with SQL
support, and then start it. You need to edit sql.conf, etc.
In the interest of making the server start quickly in debugging mode,
the SQL module configurations are now commented out.
Alan T. DeKok [Mon, 12 Jan 2009 09:14:12 +0000 (10:14 +0100)]
Change default hash function to SHA1. MD5 is broken.
Alan T. DeKok [Mon, 12 Jan 2009 09:13:14 +0000 (10:13 +0100)]
More updates
Alan T. DeKok [Mon, 12 Jan 2009 09:12:05 +0000 (10:12 +0100)]
run_dir depends on ${name}, too
Alan T. DeKok [Wed, 7 Jan 2009 09:51:34 +0000 (10:51 +0100)]
Added notes on using "screen"
Alan T. DeKok [Tue, 6 Jan 2009 11:09:30 +0000 (12:09 +0100)]
Check for setuid, and use those checks
Alan T. DeKok [Tue, 6 Jan 2009 11:02:34 +0000 (12:02 +0100)]
Updated build to use (or not) self-pipes
If we're on platforms that don't support pipes, OR on platforms
that don't have threads, don't use self pipes.
Alan T. DeKok [Fri, 28 Nov 2008 10:42:59 +0000 (11:42 +0100)]
Limit the maximum number of queries over one SQL socket.
Similar to the "lifetime" change. If there are issues such as DB
memory leaks per client socket, then it is a good idea to periodically
close the client sockets.
Alan T. DeKok [Fri, 28 Nov 2008 10:00:25 +0000 (11:00 +0100)]
Add "lifetime" to SQL sockets.
After "lifetime" seconds, an open connection is closed. This can help
address issues such as firewalls that time out open connections...
Alan T. DeKok [Fri, 2 Jan 2009 18:43:53 +0000 (19:43 +0100)]
Corrected typo
Alan T. DeKok [Fri, 2 Jan 2009 15:23:03 +0000 (16:23 +0100)]
Enable the server to originate CoA-Request && Disconnect-Request
This is a fairly large change in the server, but is protected
by WITH_COA, so you can build without it, if you want to do that.
Alan T. DeKok [Thu, 1 Jan 2009 09:31:23 +0000 (10:31 +0100)]
Added "make cert" commands to bootstrap file
This helps it work when people don't have "make" installed
Alan T. DeKok [Thu, 18 Dec 2008 09:38:31 +0000 (10:38 +0100)]
Added WiMAX-MN-NAI and other server-side attributes
These were inexplicably left out.
Alan T. DeKok [Tue, 16 Dec 2008 15:24:25 +0000 (16:24 +0100)]
Simplified detail file polling
Moved loop over listeners to using the event API. This removes one
function, and simplifies the code.
Alan T. DeKok [Mon, 15 Dec 2008 10:57:54 +0000 (11:57 +0100)]
Removed dead code.
Closes Coverity #2
Alan T. DeKok [Mon, 15 Dec 2008 10:55:08 +0000 (11:55 +0100)]
If input pairs is NULL, return NOOP
Closes Coverity #6
Alan T. DeKok [Mon, 15 Dec 2008 10:49:09 +0000 (11:49 +0100)]
Free memory on error && exit.
Closes Coverity #16
Alan T. DeKok [Mon, 15 Dec 2008 10:43:15 +0000 (11:43 +0100)]
Removed dead code.
Closes Coverity #56
Alan T. DeKok [Mon, 15 Dec 2008 10:41:51 +0000 (11:41 +0100)]
If it's not a known option, it's an error.
Closes Coverity #57
Alan T. DeKok [Mon, 15 Dec 2008 10:39:31 +0000 (11:39 +0100)]
Suppress trailing NULs properly.
Closes Coverity #58
Alan T. DeKok [Mon, 15 Dec 2008 10:35:32 +0000 (11:35 +0100)]
Check tag values, too.
When comparing attributes, both tag AND value have to match
for the attributes to compare as equal.
Closes Coverity #59
Alan T. DeKok [Mon, 15 Dec 2008 10:32:52 +0000 (11:32 +0100)]
pairparsevalue() cannot be passed a NULL value.
Closes Coverity #62
Alan T. DeKok [Sun, 14 Dec 2008 22:02:21 +0000 (23:02 +0100)]
Remove dead code
Fixes Coverity #60
Alan T. DeKok [Sun, 14 Dec 2008 09:40:43 +0000 (10:40 +0100)]
Prepare for 2.1.4
Alan T. DeKok [Sun, 14 Dec 2008 09:31:17 +0000 (10:31 +0100)]
Change where we do suid up/down.
If the server starts as root, but it supposed to run as another
user, we want to *temporarily* drop permissions very early. Then,
when binding to privileged sockets, we re-gain permissions.
Once all of the sockets are open, we drop them permanently.
However, if we suid up for *all* sockets, then the control socket
will be created as root, rather than as the unprivileged user.
To fix that, we put suid up/down just around the 2 calls that
need it.
Alan T. DeKok [Sun, 14 Dec 2008 08:48:03 +0000 (09:48 +0100)]
Work around issue in gmake.
We were using PWD, and expecting it to be the current directory.
But apparently that's not how gmake works. We have to call
$(shell pwd) instead.
Alan T. DeKok [Sat, 13 Dec 2008 08:44:51 +0000 (09:44 +0100)]
One more check for parse error
If the statement didn't have a condition check, it's a parse error.
e.g.
()
(!)
(cond || )
(cond && )
Alan T. DeKok [Fri, 12 Dec 2008 18:01:34 +0000 (19:01 +0100)]
Fix evaluation parser
It would previously *not* evaluate things properly if there were
nested conditions, because the logic was broken and weird.
This is simplified, with the result that it's easy to understand,
and works correctly.
Alan T. DeKok [Fri, 12 Dec 2008 14:50:59 +0000 (15:50 +0100)]
Minor updates
Alan T. DeKok [Fri, 12 Dec 2008 08:36:30 +0000 (09:36 +0100)]
Define SUN_LEN for systems that don't have it
Alan T. DeKok [Thu, 11 Dec 2008 18:23:13 +0000 (19:23 +0100)]
Don't leak new listeners
Alan T. DeKok [Thu, 11 Dec 2008 14:26:58 +0000 (15:26 +0100)]
Permit multiple "-e"
Alan T. DeKok [Thu, 11 Dec 2008 14:21:11 +0000 (15:21 +0100)]
Corrected typo
Alan T. DeKok [Thu, 11 Dec 2008 11:18:49 +0000 (12:18 +0100)]
Fix minor bug. Check correct ptr
Alan T. DeKok [Fri, 5 Dec 2008 16:37:56 +0000 (17:37 +0100)]
Note 2.1.3
Alan T. DeKok [Fri, 5 Dec 2008 16:35:48 +0000 (17:35 +0100)]
Note 2.1.3
Alan T. DeKok [Fri, 5 Dec 2008 16:33:40 +0000 (17:33 +0100)]
Check out STABLE branch for 2.1.x, not the MASTER branch
Alan T. DeKok [Fri, 5 Dec 2008 06:56:16 +0000 (07:56 +0100)]
TTLSv0 RFC
Alan T. DeKok [Thu, 4 Dec 2008 11:01:02 +0000 (12:01 +0100)]
We're now 2.1.3
Alan T. DeKok [Thu, 4 Dec 2008 09:50:29 +0000 (10:50 +0100)]
Note 2.1.2
Alan T. DeKok [Thu, 4 Dec 2008 09:47:01 +0000 (10:47 +0100)]
Update time for release 2.1.2
Alan T. DeKok [Thu, 4 Dec 2008 09:00:03 +0000 (10:00 +0100)]
Added Cisco TFTP server option 150. Closes #618
Alan T. DeKok [Wed, 3 Dec 2008 16:29:52 +0000 (17:29 +0100)]
Allow all ports to be used. Closes #559
Alan T. DeKok [Wed, 3 Dec 2008 16:27:03 +0000 (17:27 +0100)]
Corrected VSA types. Closes #617
Alan T. DeKok [Tue, 2 Dec 2008 10:28:03 +0000 (11:28 +0100)]
Sample module to expire user after first login
Alan T. DeKok [Tue, 2 Dec 2008 09:26:29 +0000 (10:26 +0100)]
Note RedHat build FAQ
Alan T. DeKok [Tue, 2 Dec 2008 09:14:57 +0000 (10:14 +0100)]
Note final changes
Alan T. DeKok [Tue, 2 Dec 2008 09:11:38 +0000 (10:11 +0100)]
Fix for CVE-2008-4474
Dialup-admin uses tmp files insecurely. Since it isn't running
in a default install, this shouldn't be a major problem.
Patch from bug #605
Alan T. DeKok [Tue, 2 Dec 2008 08:00:52 +0000 (09:00 +0100)]
Don't leak memory on error conditions.
Closes Coverity #74.
The program exits anyways on error conditions, but cleaning up
is usually good practice.
Alan T. DeKok [Tue, 2 Dec 2008 07:56:54 +0000 (08:56 +0100)]
Simplify handling of structs.
This closes Coverity #73.
Rather than fixing the problem of leaked memory, we avoid it
completely by avoiding practices that require complex code to
avoid leaking memory.
Alan T. DeKok [Mon, 1 Dec 2008 15:10:51 +0000 (16:10 +0100)]
Die if we failed to allocate memory
Closes Coverity #63
We don't need to check for "cs->section_tree" twice. Just check for it
once, and if we can't allocate it, die. Checking a second time is
pointless.
Alan T. DeKok [Mon, 1 Dec 2008 15:08:09 +0000 (16:08 +0100)]
"name" cannot be NULL
If it's NULL, we can't use it at all. The previous code used it if
it was NULL...
Closes Coverity #64
Alan T. DeKok [Mon, 1 Dec 2008 15:02:15 +0000 (16:02 +0100)]
log_file may be NULL
Closes Coverity #65
Alan T. DeKok [Mon, 1 Dec 2008 14:54:01 +0000 (15:54 +0100)]
Request may be NULL
Closes Coverity #66
Alan T. DeKok [Mon, 1 Dec 2008 13:44:25 +0000 (14:44 +0100)]
Set "found" to first server.
Closes Coverity #67
Alan T. DeKok [Mon, 1 Dec 2008 13:40:00 +0000 (14:40 +0100)]
secret is NULL for LOCAL realms.
Fixes Coverity #68