Alan T. DeKok [Thu, 15 Oct 2009 08:08:40 +0000 (10:08 +0200)]
Fixed typo
Alan T. DeKok [Wed, 14 Oct 2009 12:09:41 +0000 (14:09 +0200)]
Fix to prevent compiler optimizations
from bug #30
Alan T. DeKok [Tue, 13 Oct 2009 10:53:49 +0000 (12:53 +0200)]
Write the PID file as late as possible
i.e. after checking the config, and after opening any sockets
Alan T. DeKok [Tue, 13 Oct 2009 10:52:12 +0000 (12:52 +0200)]
Fix typo
Alexander Clouter [Sat, 10 Oct 2009 12:25:29 +0000 (13:25 +0100)]
fix debian/rules to honour CFLAGS
Fixed up debian/rules to allow CFLAGS to be honoured.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Mon, 12 Oct 2009 11:56:49 +0000 (13:56 +0200)]
Fix typo
Alan T. DeKok [Mon, 12 Oct 2009 11:17:26 +0000 (13:17 +0200)]
Don't use source IP for EAP packets.
We control State, so it should be unique, too
Alan T. DeKok [Mon, 12 Oct 2009 11:14:09 +0000 (13:14 +0200)]
Make client/port/key-balance more like fail-over
Previously, they would default to load-balancing across all
found servers. Now they don't. This makes keyed-balance proxying
more robust with EAP
Alan T. DeKok [Mon, 12 Oct 2009 10:14:09 +0000 (12:14 +0200)]
Return rather than use the same ptr twice
Alan T. DeKok [Wed, 7 Oct 2009 13:08:55 +0000 (15:08 +0200)]
Fix typo
Alan T. DeKok [Tue, 6 Oct 2009 09:28:36 +0000 (11:28 +0200)]
Forgot to include this...
Alan T. DeKok [Tue, 6 Oct 2009 09:28:19 +0000 (11:28 +0200)]
Note changes
Alan T. DeKok [Tue, 6 Oct 2009 08:21:45 +0000 (10:21 +0200)]
Ensure that there is a cleanup event for proxied packets
If there was no reply, clean up, reject, etc. the request.
This doesn't matter so much for normal clients, as they will retransmit
and cause the old request to be deleted from the request hash.
But detail requests have random ports (for other reasons), so
they won't be cleaned up by new packets. Therefore, we need to clean
them up...
Alan T. DeKok [Tue, 6 Oct 2009 08:21:17 +0000 (10:21 +0200)]
Added more debugging messages
Alan T. DeKok [Tue, 6 Oct 2009 06:48:02 +0000 (08:48 +0200)]
Mark home server dead if it doesn't respond to pings
Alan T. DeKok [Mon, 5 Oct 2009 15:32:39 +0000 (17:32 +0200)]
Check for undefined types, too
Alan T. DeKok [Mon, 5 Oct 2009 15:12:33 +0000 (17:12 +0200)]
Set broadcast && reuseaddr before binding to socket
Alan T. DeKok [Sun, 4 Oct 2009 16:12:12 +0000 (18:12 +0200)]
Simplify the code
Alan T. DeKok [Sat, 3 Oct 2009 18:07:53 +0000 (20:07 +0200)]
More detailed debugging for detail
Alan T. DeKok [Sat, 3 Oct 2009 18:07:22 +0000 (20:07 +0200)]
Be more restrictive on bad input
Addresses bug #27
Alan T. DeKok [Sat, 3 Oct 2009 17:58:17 +0000 (19:58 +0200)]
Start simplifying the code that encodes attributes
Alan T. DeKok [Fri, 2 Oct 2009 08:52:44 +0000 (10:52 +0200)]
Fix passwords to have even length
Alan T. DeKok [Thu, 1 Oct 2009 13:07:51 +0000 (15:07 +0200)]
Increase max_sessions
Alan T. DeKok [Thu, 1 Oct 2009 13:06:59 +0000 (15:06 +0200)]
Print more descriptive error message for too many EAP sessions
Alan T. DeKok [Thu, 1 Oct 2009 09:15:55 +0000 (11:15 +0200)]
event.c frees the listener, so we don't need to
Alan T. DeKok [Thu, 1 Oct 2009 08:39:22 +0000 (10:39 +0200)]
Moved illegal attributes to the new dictionary
Alan T. DeKok [Wed, 30 Sep 2009 07:54:25 +0000 (09:54 +0200)]
Allow old-style dictionary formats, too
Alan T. DeKok [Tue, 29 Sep 2009 18:24:40 +0000 (20:24 +0200)]
Use packet codes from libradius
Alan T. DeKok [Tue, 29 Sep 2009 08:10:59 +0000 (10:10 +0200)]
Moved Ascends illegal attributes to their own file
Alan T. DeKok [Sun, 27 Sep 2009 17:45:20 +0000 (19:45 +0200)]
Assign variable before using it
Alan T. DeKok [Sun, 27 Sep 2009 16:28:17 +0000 (18:28 +0200)]
Use new API
Alan T. DeKok [Sun, 27 Sep 2009 16:23:18 +0000 (18:23 +0200)]
Include proto in API, no matter what build options
It's too hardware to have proto as a compile-time option
for the API. Instead, we add it everywhere. This slows down the
UDP-only case, but ensures that we can distinguish between a
home server of (ip,port) udp, and a home server of the same (ip,port)
and tcp
Alan T. DeKok [Fri, 25 Sep 2009 09:46:06 +0000 (11:46 +0200)]
Removed unnecessary line
Alan T. DeKok [Fri, 25 Sep 2009 09:21:50 +0000 (11:21 +0200)]
Be more flexible about parsing detail files
Allow any operator, not just '='
Alan T. DeKok [Fri, 25 Sep 2009 09:01:27 +0000 (11:01 +0200)]
Clean up state machine so it's more forgiving
Alan T. DeKok [Thu, 24 Sep 2009 20:01:54 +0000 (22:01 +0200)]
Fixed typo && include attrs.access_challenge in build
Alan T. DeKok [Thu, 24 Sep 2009 15:37:07 +0000 (17:37 +0200)]
Fixed compile error
bduncan [Tue, 22 Sep 2009 16:24:57 +0000 (09:24 -0700)]
64-bit fixes.
bduncan [Tue, 22 Sep 2009 16:23:47 +0000 (09:23 -0700)]
Check for NOOP from opendir.c
bduncan [Tue, 22 Sep 2009 16:22:49 +0000 (09:22 -0700)]
64-bit fixes and return NOOP for AD users.
bduncan [Tue, 22 Sep 2009 16:20:02 +0000 (09:20 -0700)]
Get private key passphrase from keychain using certadmin command.
Alan T. DeKok [Thu, 24 Sep 2009 15:28:56 +0000 (17:28 +0200)]
Jumbo patch to clean up socket handling
The transport protocol code is now more merged, and the "fr_tcp_radius_t"
structure and API are deleted. The resulting code is simpler and smaller.
Cleaned up how the listeners and even handlers deal with sockets.
The proxy sockets are now pushed into the proxy packet list, and are
not used in the main listener list.
The proxy packet list now deals with src/dst, and not just destination.
Alan T. DeKok [Thu, 24 Sep 2009 15:12:53 +0000 (17:12 +0200)]
Changed order of code to avoid race conditions
Alan T. DeKok [Thu, 24 Sep 2009 15:12:33 +0000 (17:12 +0200)]
Ensure that cached SSL sessions have data
Alan T. DeKok [Thu, 17 Sep 2009 10:03:36 +0000 (12:03 +0200)]
Fix arguments to client_find
Alan T. DeKok [Wed, 16 Sep 2009 15:14:55 +0000 (17:14 +0200)]
Bump to version 2.1.8
Dante [Wed, 16 Sep 2009 12:12:47 +0000 (14:12 +0200)]
More plumbing to get the server to listen on TCP sockets.
The last two functions are in a separate patch to make the merge easier.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 12:06:17 +0000 (14:06 +0200)]
More plumbing to get to home servers via TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 11:57:40 +0000 (13:57 +0200)]
Free tcp structure, too
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 10:24:44 +0000 (12:24 +0200)]
Allow outgoing TCP connections to home servers.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 10:17:34 +0000 (12:17 +0200)]
Add scaffolding for proxy listeners.
The functions exist, but aren't called by anyone.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:11:47 +0000 (23:11 +0200)]
More ifdef's and assertions for checkign TCP != UDP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:08:29 +0000 (23:08 +0200)]
Track the number of outstanding packets on a TCP connection.
This allows us to free the connection when all packets are
accounted for, and the connection is to be marked "closed"
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:03:21 +0000 (23:03 +0200)]
Stop processing packets when the socket is closed.
If the socket from the client, or to the proxy is closed,
then handle that situation.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:57:53 +0000 (17:57 +0200)]
Document TCP options for clients and home servers.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:46:15 +0000 (17:46 +0200)]
Allow radclient to send/receive RADIUS over TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:44:34 +0000 (17:44 +0200)]
Allow the packet API to auto-discover TCP
It will now call the udp/tcp "receive packet" function
as appropriate, so that the callers do not need to be changed
in order to handle TCP.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:43:17 +0000 (17:43 +0200)]
Allow clients to use TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:34:34 +0000 (17:34 +0200)]
Allow home servers to use TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:33:49 +0000 (17:33 +0200)]
Allow TCP code to build if WITH_TCP is defined
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:17:40 +0000 (17:17 +0200)]
Header file and protocol handler for RADIUS over TCP
This is the first step to getting full support for RADIUS
over TCP into the server.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Alan T. DeKok [Mon, 14 Sep 2009 14:43:29 +0000 (16:43 +0200)]
Update change logs before 2.1.7
Alan T. DeKok [Mon, 14 Sep 2009 12:29:23 +0000 (14:29 +0200)]
Print out a little more information
Alan T. DeKok [Mon, 14 Sep 2009 12:26:15 +0000 (14:26 +0200)]
Move "set state" to before log message
To avoid race conditions... though I'm not sure why this would
happen
Alan T. DeKok [Sun, 13 Sep 2009 15:07:22 +0000 (17:07 +0200)]
As posted to the list.
It isn't made live yet, because we have no idea if it works or not
Alan T. DeKok [Sun, 13 Sep 2009 14:01:51 +0000 (16:01 +0200)]
Removed redundant code
Alan T. DeKok [Fri, 11 Sep 2009 15:14:09 +0000 (17:14 +0200)]
Make a better name
Alan T. DeKok [Fri, 11 Sep 2009 15:12:06 +0000 (17:12 +0200)]
Wrap crap with more crap
Alan T. DeKok [Thu, 10 Sep 2009 13:16:40 +0000 (15:16 +0200)]
More updates
Alan T. DeKok [Thu, 10 Sep 2009 13:02:39 +0000 (15:02 +0200)]
Added sample configs for MySQL cluster
Alan T. DeKok [Wed, 9 Sep 2009 14:27:16 +0000 (16:27 +0200)]
Update to new syntax
Alan T. DeKok [Wed, 9 Sep 2009 12:12:35 +0000 (14:12 +0200)]
Check value of Fall-Through, too
Alan T. DeKok [Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)]
Be less forgiving about the allowed operators.
If they're not a "foo = bar" type of operator, then return
an error
Alan T. DeKok [Mon, 7 Sep 2009 05:49:34 +0000 (07:49 +0200)]
Wrap header file in protective #ifdef
Alan T. DeKok [Mon, 7 Sep 2009 05:48:57 +0000 (07:48 +0200)]
No need to include modules.h twice
Alan T. DeKok [Sun, 6 Sep 2009 13:58:59 +0000 (15:58 +0200)]
Check for the proper number of arguments to rebind
Alan T. DeKok [Sat, 5 Sep 2009 16:26:08 +0000 (18:26 +0200)]
Replace references to <ltdl.h> with <freeradius-devel/modpriv.h>
As part of our grand plan to better the world by ridding it of libltdl.
Alan T. DeKok [Sat, 5 Sep 2009 16:24:57 +0000 (18:24 +0200)]
First stab at removing libltdl.
The code is protected by preprocessor directives so that it doesn't
affect the release. But it's a good first step to removing insanity.
Alan T. DeKok [Sat, 5 Sep 2009 16:17:26 +0000 (18:17 +0200)]
First stab at removing libltdl.
The code is protected by preprocessor directives so that it doesn't
affect the release. But it's a good first step to removing insanity.
Alan T. DeKok [Sat, 5 Sep 2009 15:54:43 +0000 (17:54 +0200)]
Reference $(INCLTDL) instead of fixed link
This means that all of the system builds with the same version
of libltdl, either the local OR the system one
Alan T. DeKok [Sat, 5 Sep 2009 15:37:31 +0000 (17:37 +0200)]
Work around insane retarded libtool && libltdl issues.
Alan T. DeKok [Fri, 4 Sep 2009 09:00:04 +0000 (11:00 +0200)]
Added --with-system-libltdl
To avoid horrible libtool && libltld incompatibilities
Alan T. DeKok [Thu, 3 Sep 2009 13:33:09 +0000 (15:33 +0200)]
As posted to the list
Alan T. DeKok [Thu, 3 Sep 2009 13:31:42 +0000 (15:31 +0200)]
Fix values as note on list
and
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml
Alan T. DeKok [Wed, 2 Sep 2009 12:00:21 +0000 (14:00 +0200)]
Remove reference to cui.conf which isn't added yet
Alan T. DeKok [Wed, 2 Sep 2009 08:59:20 +0000 (10:59 +0200)]
Lots of notes prior to 2.1.7
Alan T. DeKok [Tue, 1 Sep 2009 12:49:39 +0000 (14:49 +0200)]
Set DF flag for packets from the server, too
Alan T. DeKok [Sat, 29 Aug 2009 08:54:25 +0000 (10:54 +0200)]
Return 0 if no counter exists
root [Mon, 24 Aug 2009 10:44:47 +0000 (11:44 +0100)]
Signed-off-by: root <root@pclinux-ccalmb.lut.ac.uk>
fixed example ntlm_auth command so that it doesnt throw up unlang warning message
Alan T. DeKok [Sat, 29 Aug 2009 08:44:54 +0000 (10:44 +0200)]
Added comments and simplified code
Alan T. DeKok [Fri, 21 Aug 2009 09:29:21 +0000 (11:29 +0200)]
As posted to the list
Alan T. DeKok [Thu, 20 Aug 2009 08:52:44 +0000 (10:52 +0200)]
Allow 100% to mean "read as fast as possible"
Alan T. DeKok [Thu, 20 Aug 2009 07:08:32 +0000 (09:08 +0200)]
Packet may not exist, so check for that, too
Alan T. DeKok [Wed, 19 Aug 2009 07:04:26 +0000 (09:04 +0200)]
Minor updates
Alan T. DeKok [Wed, 19 Aug 2009 06:58:47 +0000 (08:58 +0200)]
Disallow NULL for regex comparisons
Alan T. DeKok [Tue, 18 Aug 2009 15:23:49 +0000 (17:23 +0200)]
Fix more typos
Alan T. DeKok [Tue, 18 Aug 2009 10:07:40 +0000 (12:07 +0200)]
Fixed typo
Alan T. DeKok [Tue, 18 Aug 2009 08:31:43 +0000 (10:31 +0200)]
Turn off the DF bit.
Alan T. DeKok [Tue, 18 Aug 2009 07:47:19 +0000 (09:47 +0200)]
Fix args to printfy
Alan T. DeKok [Mon, 17 Aug 2009 12:25:57 +0000 (14:25 +0200)]
Add notes on SHA1 versus MD5