kkalev [Sun, 2 Jan 2005 13:36:33 +0000 (13:36 +0000)]
Add Novell patch for reading the user's Universal Password from LDAP (eDirectory).
kkalev [Sun, 2 Jan 2005 10:37:32 +0000 (10:37 +0000)]
If we are near a reset then, before doing anything else, change the return value
to the time left to the next reset, instead of the time left in the counter.
Bug found by fduch@antar.bryansk.ru (Bug #190)
phampson [Wed, 29 Dec 2004 22:52:23 +0000 (22:52 +0000)]
Add an option to rlm_exec to control whether shell escaping is done on
the RADIUS attributes passed into the environment variables.
Also give the return values from programs executed by rlm_exec more
meanings than RLM_MODULE_OK or RLM_MODULE_FAIL, allowing rlm_exec to
participate fully in configurable failover.
phampson [Wed, 29 Dec 2004 08:25:42 +0000 (08:25 +0000)]
Fix typo
phampson [Wed, 29 Dec 2004 08:14:58 +0000 (08:14 +0000)]
Correctly process the Dialupadmin configuration and perl scripts for the
correct locations of binaries and configuration files.
phampson [Wed, 29 Dec 2004 08:10:49 +0000 (08:10 +0000)]
Update to config.sub 2004-11-30 and config.guess 2004-11-12
phampson [Wed, 29 Dec 2004 06:00:52 +0000 (06:00 +0000)]
More autoheader cleanups. HAVE_REGEX_H is provided by autoconf.h already
phampson [Wed, 29 Dec 2004 05:48:40 +0000 (05:48 +0000)]
Rollback 1.12, which was comitted with the wrong comment and without the
rest of the patch.
phampson [Wed, 29 Dec 2004 05:45:42 +0000 (05:45 +0000)]
Regenerate configure with autogen.sh
phampson [Wed, 29 Dec 2004 05:37:38 +0000 (05:37 +0000)]
More autoheader updates
phampson [Wed, 29 Dec 2004 05:09:02 +0000 (05:09 +0000)]
More autoheader cleanups. Use autoheader for modules that
have AC_CONFIG_HEADER in their configure.in scripts.
pnixon [Tue, 28 Dec 2004 10:37:55 +0000 (10:37 +0000)]
oops. typo
pnixon [Sun, 26 Dec 2004 22:48:39 +0000 (22:48 +0000)]
Use Timestamp in Accttime field
phampson [Thu, 23 Dec 2004 03:10:31 +0000 (03:10 +0000)]
History corrections to match what actually happened with the version
numbers.
phampson [Thu, 23 Dec 2004 02:08:17 +0000 (02:08 +0000)]
Apply patch from Bugzilla #149 to process REJECT post-auth stanza for rejections
from a home server or external process.
kkalev [Tue, 21 Dec 2004 15:11:33 +0000 (15:11 +0000)]
Also add a Makefile.in
We need to copy the configure script from rlm_counter here.
kkalev [Tue, 21 Dec 2004 15:08:05 +0000 (15:08 +0000)]
Add the first version of a request caching module. More information in
experimental.conf
When creating the datadir, create it with mode 755, not 700. Otherwise, only
root may run radclient.
kkalev [Mon, 20 Dec 2004 16:58:16 +0000 (16:58 +0000)]
* In bin/snmpfinger also accept @,. in the username
* If we are stripping realms, then if needed strip them from the data returned by snmpfinger in
user_finger.php3
phampson [Sun, 19 Dec 2004 02:31:07 +0000 (02:31 +0000)]
Debian updates:
Two second pause during restart
Copyright information about OpenSSL
Versioned dependancies between freeradius package and module packages.
phampson [Sun, 19 Dec 2004 00:52:55 +0000 (00:52 +0000)]
Repair 1.0.0 release date
phampson [Sun, 19 Dec 2004 00:43:18 +0000 (00:43 +0000)]
Update changelog with 1.0.1's changelog
phampson [Sun, 19 Dec 2004 00:32:53 +0000 (00:32 +0000)]
Change big-endian detection to use the autoconf-defined macro, not the
sometimes locally defined macro.
phampson [Sun, 19 Dec 2004 00:30:22 +0000 (00:30 +0000)]
Rerun autogen.sh after changes to build system
phampson [Sat, 18 Dec 2004 23:52:30 +0000 (23:52 +0000)]
Add support so using autoheader to generate autoconf.h, and add
AC_C_BIGENDIAN and AC_SYS_LARGEFILE macros. This required the
HAVE_LOCAL_SNPRINTF macro to move to libradius.h.
Refreshed config.guess, config.sub and ltmain.sh.
aland [Fri, 17 Dec 2004 17:45:53 +0000 (17:45 +0000)]
Remove rlm_x99_token. There's no maintainer, and it's causing
too many other people problems.
aland [Thu, 16 Dec 2004 22:21:41 +0000 (22:21 +0000)]
Remove DOS CR's
aland [Thu, 16 Dec 2004 06:45:17 +0000 (06:45 +0000)]
Better text
aland [Wed, 15 Dec 2004 23:55:37 +0000 (23:55 +0000)]
Fix minor typos
aland [Wed, 15 Dec 2004 23:38:05 +0000 (23:38 +0000)]
Unlock mutex after updating structure, not before
aland [Wed, 15 Dec 2004 23:36:47 +0000 (23:36 +0000)]
Unblock SIGCHLD when returning.
Bug noted by L.C. Badea
aland [Tue, 14 Dec 2004 21:24:49 +0000 (21:24 +0000)]
Updated error messages for %{config:...}
Allowed the config to be dynamically translated, too.
e.g. %{config: section.%{sub-section-name}.item
causes the sub-section-name to be expanded at run-time.
This didn't work before because (I think) the dynamic expansion
code expects to see %{foo} as a bare word, surrounded by whitespace.
e.g. "%{foo}" gets expanded, "...%{foo}..." doesn't.
This should be checked...
aland [Tue, 14 Dec 2004 21:14:14 +0000 (21:14 +0000)]
Made the name search a little more forgiving, so it works
as previously advertised
aland [Tue, 14 Dec 2004 20:04:59 +0000 (20:04 +0000)]
Update dict_attrbyname() to accept
Attr-%d
Vendor-%d-Attr-%d
VendorName-Attr-%d
VendorName-Attribute-Name
which should be a little more generic than what we had previously.
See recent comments to src/lib/valuepair.c, on how these changes
affect pairmake(), and pairparsevalue()
aland [Tue, 14 Dec 2004 20:01:37 +0000 (20:01 +0000)]
Additional comments about things we should eventually do
wichert [Tue, 14 Dec 2004 12:13:04 +0000 (12:13 +0000)]
Include crypt.h if it is available so we get a prototype for crypt()
wichert [Tue, 14 Dec 2004 11:57:25 +0000 (11:57 +0000)]
Change return type of ip_ntoa and ipv6_ntoa to const char* to fix a compile warning
kkalev [Mon, 13 Dec 2004 13:34:31 +0000 (13:34 +0000)]
Version 1.0 of radsqlrelay.c No Makefile additions for now
aland [Thu, 9 Dec 2004 02:31:18 +0000 (02:31 +0000)]
No DOS nonsense.
More documentation.
aland [Wed, 8 Dec 2004 22:05:31 +0000 (22:05 +0000)]
Calling policies is now done by foo(), not by "call foo"
aland [Wed, 8 Dec 2004 17:20:25 +0000 (17:20 +0000)]
Look in /usr/include/et for krb5 headers, so that stupid FC
systems will work
kkalev [Wed, 8 Dec 2004 15:10:42 +0000 (15:10 +0000)]
* Add a snmp_clearsession which can disconnect a user by using the Cisco AAA Session MIB
* Add a configuration directive general_sessionclear_bin
kkalev [Wed, 8 Dec 2004 15:06:25 +0000 (15:06 +0000)]
Also delete sessions from sql_extra_servers. Add the ability to disconnect
a user (using the AAA Session MIB of Cisco)
kkalev [Tue, 7 Dec 2004 18:45:16 +0000 (18:45 +0000)]
Add a not about return-attribute being only integer type
kkalev [Tue, 7 Dec 2004 18:42:20 +0000 (18:42 +0000)]
Update documentation
kkalev [Tue, 7 Dec 2004 18:40:28 +0000 (18:40 +0000)]
Add a return-attribute directive. That way we can send back configurable
attributes instead of session-timeout. The return-attribute will work *only*
if we *don't* count Acct-Session-Time
aland [Tue, 7 Dec 2004 18:04:27 +0000 (18:04 +0000)]
Minor updates
aland [Tue, 7 Dec 2004 17:59:48 +0000 (17:59 +0000)]
First stab at documentation.
aland [Tue, 7 Dec 2004 00:27:36 +0000 (00:27 +0000)]
Document new load balancing among the modules
aland [Mon, 6 Dec 2004 20:57:02 +0000 (20:57 +0000)]
whitespace
Better error messages if we can't find a module
kkalev [Mon, 6 Dec 2004 16:47:02 +0000 (16:47 +0000)]
Print out statistics every so many packets if we are in forground. Useful for
perfomance testing
kkalev [Mon, 6 Dec 2004 15:28:44 +0000 (15:28 +0000)]
inline ms_sleep and isdateline
Make the sleep time between sending packets configurable
Also sleep only after sending a configurable number of packets (default 1)
aland [Mon, 6 Dec 2004 00:26:19 +0000 (00:26 +0000)]
All policies have to be in named policies...
aland [Sun, 5 Dec 2004 23:54:32 +0000 (23:54 +0000)]
Parse load-balance groups by parsing them as normal groups,
and then setting their type to MOD_LOAD_BALANCE. This means
that the parsing code is the same (nice), but that their processing
is done by the special "load-balance" group.
aland [Sun, 5 Dec 2004 23:40:15 +0000 (23:40 +0000)]
Added some support for load balancing sections. Some defines,
and a function to do load balancing, if and when they're defined.
We still have to write the code to parse the load balancing stuff,
and create the data structures...
aland [Sat, 4 Dec 2004 18:02:52 +0000 (18:02 +0000)]
Sample of policy language
aland [Sat, 4 Dec 2004 17:58:04 +0000 (17:58 +0000)]
First pass at a "policy language"
In the tradition of programmers everywhere, there's no documentation.
But it works, honest
aland [Fri, 3 Dec 2004 18:41:24 +0000 (18:41 +0000)]
Get less excited about % in strings...
aland [Fri, 3 Dec 2004 18:24:31 +0000 (18:24 +0000)]
Change $(INSTALL) to $(LIBTOOL) --mode=install $(INSTALL)
It doesn't hurt, and it helps some platforms work.
kkalev [Fri, 3 Dec 2004 16:13:42 +0000 (16:13 +0000)]
Fix Bug #167
aland [Wed, 1 Dec 2004 22:33:29 +0000 (22:33 +0000)]
Added Request-Processing-Stage as an xlat, in which modules
can now discover which stage they're in.
aland [Wed, 1 Dec 2004 22:31:58 +0000 (22:31 +0000)]
Line-based log module.
No examples of documentation yet.
pnixon [Tue, 30 Nov 2004 15:47:09 +0000 (15:47 +0000)]
add a make target to install radwatch only
kkalev [Tue, 30 Nov 2004 13:02:23 +0000 (13:02 +0000)]
Update documentation about read_groups
kkalev [Tue, 30 Nov 2004 12:57:06 +0000 (12:57 +0000)]
Update configuration about read_groups
kkalev [Tue, 30 Nov 2004 12:52:10 +0000 (12:52 +0000)]
* Add a default '1' in the priority column definition of the usergroup table
* Add a read_groups directive (by default 'yes'). If set we read groups non
the less. Otherwise, the user MUST have a Fall-Through = Yes in radreply
pnixon [Tue, 30 Nov 2004 10:45:56 +0000 (10:45 +0000)]
Use freeradius Timestamp field as it implicitly has a Timezone AND exists in EVERY record regardless of NAS Type
pnixon [Fri, 26 Nov 2004 12:33:36 +0000 (12:33 +0000)]
Clearer stats notification and some minor logic changes to increase speed
pnixon [Thu, 25 Nov 2004 01:21:43 +0000 (01:21 +0000)]
cleanups and random hacking.
pnixon [Wed, 24 Nov 2004 23:34:48 +0000 (23:34 +0000)]
Fairly major update to support Cisco Gatekeeper billing records
pnixon [Wed, 24 Nov 2004 14:38:40 +0000 (14:38 +0000)]
Minor logging change
aland [Tue, 23 Nov 2004 17:20:23 +0000 (17:20 +0000)]
In paircompare, don't get excited if the first attribute
doesn't exist. It may be a "virtual" attribute, and there may
be a comparison function registered for it.
aland [Tue, 23 Nov 2004 17:11:57 +0000 (17:11 +0000)]
Added support for Time-Of-Day, which takes HH:MM[:SS]
aland [Sun, 21 Nov 2004 14:32:14 +0000 (14:32 +0000)]
Make "use_tunneled_reply" work properly for PEAP, where the
Access-Accept from the home server results in the local server
sending more Access-Challenges. The VP's from the Access-Accept
have to be stored somewhere until the local server sends an
Access-Accept
aland [Sun, 21 Nov 2004 14:30:39 +0000 (14:30 +0000)]
Make "use_tunneled_reply" work for MS-CHAPv2
aland [Sun, 21 Nov 2004 14:30:01 +0000 (14:30 +0000)]
As found on the net, with edits to make it work with FreeRADIUS
aland [Sun, 21 Nov 2004 14:29:33 +0000 (14:29 +0000)]
Added xlat support for Packet-Authentication-Vector
aland [Sat, 20 Nov 2004 22:32:18 +0000 (22:32 +0000)]
Use /dev/urandom, if it exists.
After getting a random vector, stir the pool again.
phampson [Thu, 18 Nov 2004 01:36:16 +0000 (01:36 +0000)]
Add Suggests for php4-mysql | php4-pgsql to DialUpAdmin package
aland [Wed, 10 Nov 2004 17:46:53 +0000 (17:46 +0000)]
radeapclient is built using libtool, so it should be installed
with libtool.
Bug found by Christophe Boyanique.
aland [Wed, 10 Nov 2004 01:16:27 +0000 (01:16 +0000)]
Added future note
kkalev [Tue, 9 Nov 2004 17:55:23 +0000 (17:55 +0000)]
Instead of a 'SELECT *' for the nas table support which requires specific row
order, just use 'SELECT id,nasname,shortname,type,secret FROM %{nas-table}'
and get the rows we need.
pnixon [Mon, 8 Nov 2004 00:19:51 +0000 (00:19 +0000)]
Support (FreeRADIUS Style) Quintum VSAs
kkalev [Wed, 3 Nov 2004 19:22:50 +0000 (19:22 +0000)]
Add radiusReplyMessage as Reply-Message reply item. This closes BUG #152
kkalev [Sun, 31 Oct 2004 19:59:10 +0000 (19:59 +0000)]
Add NAS-IP-Address LDAP attribute. This closes BUG#143
aland [Sat, 30 Oct 2004 01:05:39 +0000 (01:05 +0000)]
s/T_INVALID/T_OP_INVALID/g
kkalev [Thu, 28 Oct 2004 11:12:10 +0000 (11:12 +0000)]
In lib/sql/group_info.php3 only unset variables if we need to. In lib/sql/defaults.php3 don't run for groups
only for users
kkalev [Wed, 27 Oct 2004 11:33:42 +0000 (11:33 +0000)]
In the show groups page, note that we only show groups with members
kkalev [Wed, 27 Oct 2004 11:22:41 +0000 (11:22 +0000)]
On group creation, if member list is empty report that, not that the group was created.
kkalev [Mon, 25 Oct 2004 13:55:04 +0000 (13:55 +0000)]
* Add lib/sql/group_change.php3 to add and delete a user from groups
* Add a new directive sql_show_all_groups. If set to true then in user edit page we show all available
groups with the ones the user is a member of highlighted. The administrator can then directly
change user group membership by changing membership in this group list.
kkalev [Fri, 22 Oct 2004 12:12:37 +0000 (12:12 +0000)]
In config.php3 remove whitespaces from $login. Don't remove '-'
pnixon [Thu, 21 Oct 2004 20:53:04 +0000 (20:53 +0000)]
Added selectable database support
aland [Thu, 21 Oct 2004 18:29:20 +0000 (18:29 +0000)]
Removed unnecessary if statement
pnixon [Thu, 21 Oct 2004 09:58:23 +0000 (09:58 +0000)]
spelling mistake
aland [Wed, 20 Oct 2004 21:24:34 +0000 (21:24 +0000)]
Don't mark a request finished until the post-proxy-fail stuff
has handled it.
aland [Wed, 20 Oct 2004 21:23:51 +0000 (21:23 +0000)]
include parsing for new proxy fail directive, which isn't used
anywhere yet
aland [Wed, 20 Oct 2004 21:23:15 +0000 (21:23 +0000)]
Include request_process into radiusd
aland [Wed, 20 Oct 2004 21:22:27 +0000 (21:22 +0000)]
Move yet more code around.
It turns out util.c is included in radrelay and radwho, so putting
server-specific stuff in there is dumb. We now have a new file,
request_process.c, which has rad_respond (freshly moved out of
radiusd.c to threads.c, to here), and some other functions here.
aland [Wed, 20 Oct 2004 19:58:54 +0000 (19:58 +0000)]
move rad_respond() to threads.c. It's not the perfect location,
but it's better than radiusd.c. This should help reduce the churn
in radiusd.c, and make it easier to implement a more state machine
approach to handling requests.
aland [Wed, 20 Oct 2004 18:20:45 +0000 (18:20 +0000)]
If we've rejected a request because it's taken too long to process,
then stop calling any modules to process the request. Instead,
bail out of all sections && module calls.
aland [Wed, 20 Oct 2004 18:09:41 +0000 (18:09 +0000)]
More debug messages in request_reject
Better messages on timeout, when a module is "locked", and doesn't
respond.