hartwick [Sun, 22 Feb 2004 06:30:19 +0000 (06:30 +0000)]
* Fix a couple of typos
aland [Fri, 20 Feb 2004 19:56:14 +0000 (19:56 +0000)]
Set Message-Authenticator to a known value.
Delete FreeRADIUS-Proxied-To attribute when proxying tunneled
sessions, as it tells others what's up.
aland [Fri, 20 Feb 2004 19:54:18 +0000 (19:54 +0000)]
Add "proxy_tunneled_request_as_eap" configuration entry, which tells
(for now) the rlm_eap_mschap module to decode EAP-MSCHAP-V2 into
plain MS-CHAPv2, so that it may be proxied to systems which don't
understand EAP-MSCHAP-V2
aland [Fri, 20 Feb 2004 19:51:45 +0000 (19:51 +0000)]
Clear RAD_REQUEST_OPTION_PROXY_EAP if we're not done initializing
the EAP session.
When we are done, use that option to decide when to proxy the
tunneled request.
aland [Fri, 20 Feb 2004 19:49:40 +0000 (19:49 +0000)]
Define RAD_REQUEST_OPTION_PROXY_EAP, and don't get excited
if we have an EAP response without Success/Fail when that
option is set, as the request will be proxied.
cparker [Fri, 20 Feb 2004 17:36:22 +0000 (17:36 +0000)]
Added comment to explain that failover is not possible when
synchronous is set to yes.
aland [Thu, 19 Feb 2004 21:40:58 +0000 (21:40 +0000)]
Added rl_add_proxy() to request_list.c, and made radiusd.c use it.
If WITH_RBTREE isn't defined in request_list.c, it does nothing.
If it is defined, then we use a new (and mutex-protected) tree
to keep track of proxied packets, and to find responses to those
packets. This should be HUGELY faster than the previous method.
Hmm... we don't check for packet codes in proxy replies. This
is probably a bad idea.
aland [Thu, 19 Feb 2004 21:35:35 +0000 (21:35 +0000)]
Added "number of elements" function, maily for debugging.
aland [Thu, 19 Feb 2004 20:03:41 +0000 (20:03 +0000)]
Added commented-out Red-black tree lookups for the request list
handling. It still needs the linked list for incremental walking
& cleanup, but the tree is used for finding requests, which is MUCH
faster.
i.e. We have two ways of storing requests:
a) linked list: O(1) insert and deletion, O(N) searching
We REQUIRE this for incremental walking & cleanup.
b) red-black tree: O(log(N)) insert, deletion, and searching.
Doing both isn't much of a problem.
aland [Thu, 19 Feb 2004 18:37:11 +0000 (18:37 +0000)]
Updates before 1.0
aland [Thu, 19 Feb 2004 17:33:25 +0000 (17:33 +0000)]
include propel dictionary
aland [Thu, 19 Feb 2004 17:31:14 +0000 (17:31 +0000)]
Found on the net
aland [Thu, 19 Feb 2004 17:23:36 +0000 (17:23 +0000)]
Whitespace changes
aland [Thu, 19 Feb 2004 17:23:17 +0000 (17:23 +0000)]
in DICT_VENDOR, name is "name", not "vendorname"
dict_vendorname is a bad name. Use dict_vendorbyname for compatibility
with other dictionary functions.
Add dict_vendorbyvalue
When printing names for unknown attributes, use vendor name, if
it exists. Cisco-Attr-1 is easier to read than Vendor-9-Attr-1
aland [Thu, 19 Feb 2004 17:12:31 +0000 (17:12 +0000)]
When creating attributes, parse things like Cisco-Attr-15,
which is a little easier to read than Vendor-9-Attr-15
aland [Thu, 19 Feb 2004 16:23:41 +0000 (16:23 +0000)]
after malloc'ing "inst", return it in initiate.
Set EAP_SUCCESS or EAP_FAILURE in authenticate.
Use data.length, not eap.length - 4 (which should have been 5)
New configuration option "auth_type", to determine what to do
with the response. For now, we assume it's a clear-text password,
and create a User-Password attribute. This lets PAP work...
We may want to look for a *second* Auth-Type in the request,
and use that. This means we'll need Auth-Type = EAP, to do the
EAP portion, and Auth-Type = Foo, for the decoded stuff.
But EAP-Generic-Token-Card now works with PEAP, and the Aegis client.
aland [Wed, 18 Feb 2004 17:23:14 +0000 (17:23 +0000)]
argc++ should have been argc--
Bug found by Chris Chapman
aland [Wed, 18 Feb 2004 14:44:08 +0000 (14:44 +0000)]
Build rbtree.c, too
aland [Tue, 17 Feb 2004 19:57:59 +0000 (19:57 +0000)]
Clean up minor stuff
aland [Tue, 17 Feb 2004 19:57:07 +0000 (19:57 +0000)]
Values are now looked up via RB-trees, too.
aland [Tue, 17 Feb 2004 19:56:36 +0000 (19:56 +0000)]
Prefer the "-" attribute names over "_"
aland [Tue, 17 Feb 2004 19:35:46 +0000 (19:35 +0000)]
Deleted duplicates
aland [Tue, 17 Feb 2004 17:02:28 +0000 (17:02 +0000)]
Don't free things twice
aland [Tue, 17 Feb 2004 16:45:57 +0000 (16:45 +0000)]
Made the red-black tree code "live" in dictionary attribute
lookups. This means that we can delete the "next" entry
from DICT_ATTR, as it's no longer necessary. The tree now holds
all of that information.
aland [Tue, 17 Feb 2004 16:18:59 +0000 (16:18 +0000)]
Minor comment updates
aland [Mon, 16 Feb 2004 22:48:46 +0000 (22:48 +0000)]
Updates to use red-black trees in the dictionaries. Should make
them a little faster...
Not yet included by default, but tested a bit.
aland [Mon, 16 Feb 2004 22:48:07 +0000 (22:48 +0000)]
A simple API for red-black trees. Tested somewhat with the
dictionaries.
aland [Mon, 16 Feb 2004 22:33:10 +0000 (22:33 +0000)]
Removed/updated attributes with duplicate names
aland [Sat, 14 Feb 2004 11:15:50 +0000 (11:15 +0000)]
Include types for FreeBSD.
Apparently it's a good idea to have system header files which
implicitely depend on other headers. Why it's so difficult to
include them is something I don't understand.
aland [Sat, 14 Feb 2004 10:51:05 +0000 (10:51 +0000)]
Patch from Florian Lohoff
Build when SNMP is enabled.
cparker [Fri, 13 Feb 2004 17:47:12 +0000 (17:47 +0000)]
Patch to correct windows MSCHAP issue, by adding 'ntdomain_hack'
to remove domain portion of username so that MSCHAP authentication
works. Patch submitted by: Michael Griego <mgriego@utdallas.edu>
wichert [Tue, 10 Feb 2004 15:57:19 +0000 (15:57 +0000)]
Small changes to fix compiler warnings
cparker [Mon, 9 Feb 2004 05:11:59 +0000 (05:11 +0000)]
Committing more man pages for modules.
mcr [Mon, 9 Feb 2004 03:38:05 +0000 (03:38 +0000)]
missing Makefile added.
cparker [Mon, 9 Feb 2004 00:20:31 +0000 (00:20 +0000)]
Additional man pages for modules.
phampson [Thu, 5 Feb 2004 07:32:47 +0000 (07:32 +0000)]
Update after changes to configure.in for openSSL detection.
phampson [Thu, 5 Feb 2004 07:29:57 +0000 (07:29 +0000)]
Allow EAP-SIM, EAP-TLS and EAP-TTLS to find the default OpenSSL installation
without needed parameters, like EAP-PEAP already does.
Pointed out by Lars Boegild Thomsen
cparker [Wed, 4 Feb 2004 05:58:48 +0000 (05:58 +0000)]
Added additional config explanation.
cparker [Wed, 4 Feb 2004 05:43:12 +0000 (05:43 +0000)]
Adding additional docs
cparker [Wed, 4 Feb 2004 05:30:10 +0000 (05:30 +0000)]
Adding needed docs to prepare for 1.0 release.
aland [Tue, 3 Feb 2004 16:21:28 +0000 (16:21 +0000)]
inet_aton is more portable than inet_pton
Patch from Manuel Ricca
aland [Mon, 2 Feb 2004 19:15:51 +0000 (19:15 +0000)]
Whoops... that's a typo
aland [Fri, 30 Jan 2004 21:01:40 +0000 (21:01 +0000)]
Don't include libradius.h, radiusd.h includes it.
Include netinet/in.h BEFORE radiusd.h, as radiusd.h includes
missing.h, which tries to define INADDR_*
Don't reference pthread functions if we're not building in threaded
mode
mcr [Fri, 30 Jan 2004 20:39:58 +0000 (20:39 +0000)]
updated documentation slightly - to reflect that attributes may
safely change now.
mcr [Fri, 30 Jan 2004 20:35:33 +0000 (20:35 +0000)]
capture the RAND/SRES/Kc when we initialize the SIM
rather than later, when they may have changed.
mcr [Fri, 30 Jan 2004 20:09:41 +0000 (20:09 +0000)]
turn off extra debugging.
mcr [Fri, 30 Jan 2004 20:04:54 +0000 (20:04 +0000)]
added rcsid.
mcr [Fri, 30 Jan 2004 20:00:53 +0000 (20:00 +0000)]
documentation for rlm_sim_triplets.
mcr [Fri, 30 Jan 2004 19:40:33 +0000 (19:40 +0000)]
new test case for simtriplets.dat based example.
mcr [Fri, 30 Jan 2004 19:39:15 +0000 (19:39 +0000)]
describe this test case.
mcr [Fri, 30 Jan 2004 19:38:45 +0000 (19:38 +0000)]
new module to read triplets out of a file for EAP-SIM.
mcr [Fri, 30 Jan 2004 19:38:29 +0000 (19:38 +0000)]
added some debugging of why EAP-sim might not want to
handle the request - lacking RAND1 attribute.
mcr [Fri, 30 Jan 2004 19:38:00 +0000 (19:38 +0000)]
fixed minor typo in comment.
mcr [Fri, 30 Jan 2004 19:37:38 +0000 (19:37 +0000)]
added new option -X to turn on sha1_data_problems.
mcr [Fri, 30 Jan 2004 19:37:13 +0000 (19:37 +0000)]
to further aid in debugging, dump the resulting key as well
aland [Thu, 29 Jan 2004 16:42:43 +0000 (16:42 +0000)]
Use ==, not =
aland [Thu, 29 Jan 2004 16:32:57 +0000 (16:32 +0000)]
Generate proper dh. From Michael Brown
aland [Wed, 28 Jan 2004 20:27:17 +0000 (20:27 +0000)]
the problem arises from the the krb5_data packet struct which
is not initialized. If the check with krb5_kt_read_service_key fails,
a "goto cleanup" occurs, which attempts to free the memory
contained in "packet" if its data pointer is non-NULL.
In our case, the uninitialized packet contained garbage pointing into
kernel space, resulting in a seg fault on the subsequent free().
The fix is simply to memset the struct to zero at the beginning of the
function.
Patch from Jon Moore
aland [Wed, 28 Jan 2004 19:36:09 +0000 (19:36 +0000)]
Update with new comments
aland [Wed, 28 Jan 2004 19:30:29 +0000 (19:30 +0000)]
Deleted lots of special-purpose code to do prefix/suffix matching
in the "hints" file.
We now call the "paircmp" function, which does more, and is less
work for us.
The old "hints" file did prefix & suffix matching, and not much
else. The new "hints" file does all that, and lots more
aland [Wed, 28 Jan 2004 17:08:48 +0000 (17:08 +0000)]
Reserver room for the trailing NUL byte, too
aland [Wed, 28 Jan 2004 16:11:10 +0000 (16:11 +0000)]
Corrected typo
aland [Wed, 28 Jan 2004 16:04:18 +0000 (16:04 +0000)]
Having eap_type2name return a "static" buffer is a very bad idea.
It now gets passed a buffer, and returns either that, or a
'static const char *' pointer to the array of pre-defined names.
aland [Wed, 28 Jan 2004 15:38:40 +0000 (15:38 +0000)]
A slightly different way to build radeapclient, which makes
sure the "make clean" works, too
aland [Tue, 27 Jan 2004 16:08:33 +0000 (16:08 +0000)]
If we get unexpected tunneled data, print it out when doing -Xx
aland [Tue, 27 Jan 2004 16:07:21 +0000 (16:07 +0000)]
Minor cleanups to messages
phampson [Tue, 27 Jan 2004 15:31:56 +0000 (15:31 +0000)]
Fix return value of 1 from cp'ing certificates into installation due to trying
to cp a directory.
Thanks to Toni Mueller
phampson [Tue, 27 Jan 2004 14:02:20 +0000 (14:02 +0000)]
Fix missing make dependancy on radeapclient when installling.
Thanks to Toni Mueller
aland [Mon, 26 Jan 2004 20:36:22 +0000 (20:36 +0000)]
Install certs, too...
aland [Mon, 26 Jan 2004 19:11:48 +0000 (19:11 +0000)]
More and better text
aland [Mon, 26 Jan 2004 19:11:03 +0000 (19:11 +0000)]
More and better documentation in the comments
aland [Mon, 26 Jan 2004 19:10:23 +0000 (19:10 +0000)]
For laziness, add a test certificate directory, which is NOT
installed by default!
aland [Mon, 26 Jan 2004 17:06:31 +0000 (17:06 +0000)]
Use User-Name, not stripped-user-name.
The MS-CHAP response depends on the user name, as sent by the NAS,
so we would do well to use it as-is
aland [Fri, 23 Jan 2004 20:43:40 +0000 (20:43 +0000)]
Clean up instructions for latest snapshot
aland [Fri, 23 Jan 2004 20:42:06 +0000 (20:42 +0000)]
Properly initialize a variable
aland [Fri, 23 Jan 2004 20:12:59 +0000 (20:12 +0000)]
Some systems need -lcrypt for the client...
aland [Fri, 23 Jan 2004 17:22:33 +0000 (17:22 +0000)]
Don't use strncpy
aland [Fri, 23 Jan 2004 17:20:52 +0000 (17:20 +0000)]
Update cheesy strNcpy to NOT call strncpy, which zero-fills the
memory...
aland [Fri, 23 Jan 2004 17:11:11 +0000 (17:11 +0000)]
Enable rlm_exec by default
aland [Fri, 23 Jan 2004 17:10:47 +0000 (17:10 +0000)]
It's NAS-Port, not NAS-Port-Id
aland [Fri, 23 Jan 2004 17:08:43 +0000 (17:08 +0000)]
Added EXE extensions. This may help for Windows, which needs
(and adds) extensions when building executable programs
aland [Fri, 23 Jan 2004 17:06:25 +0000 (17:06 +0000)]
More examples of using inter-variable references in the
configuration file.
aland [Fri, 23 Jan 2004 17:04:28 +0000 (17:04 +0000)]
Define HAVE_OPENSSL_SSL_H, too
aland [Fri, 23 Jan 2004 17:03:16 +0000 (17:03 +0000)]
Point to new scripts for certificate creation, and to suggested
location for certificate directory
aland [Fri, 23 Jan 2004 17:02:31 +0000 (17:02 +0000)]
Add scripts to automatically generate test certificates.
aland [Thu, 22 Jan 2004 19:43:29 +0000 (19:43 +0000)]
corrected typo
aland [Thu, 22 Jan 2004 18:23:19 +0000 (18:23 +0000)]
More attempts to get MySQL working
aland [Thu, 22 Jan 2004 16:47:50 +0000 (16:47 +0000)]
Added big warnings about old & untested features
aland [Thu, 22 Jan 2004 16:30:38 +0000 (16:30 +0000)]
Fix typos
aland [Thu, 22 Jan 2004 16:30:19 +0000 (16:30 +0000)]
Update sample password
aland [Thu, 22 Jan 2004 15:35:28 +0000 (15:35 +0000)]
Install radeapclient, too
aland [Wed, 21 Jan 2004 20:52:42 +0000 (20:52 +0000)]
${module.submodule.item} now works properly
aland [Wed, 21 Jan 2004 20:35:11 +0000 (20:35 +0000)]
Enhanced configuration file variable expansion, hopefully
without breaking anything.
OLD: ${foo} means "foo in current section, OR foo in main section}
e.g. ${logdir}
NEW: ${foo} means the same as before
${.foo} means "foo in current section ONLY", just in case
there are name conflicts.
${..foo} means "foo in the section enclosing this section"
${main.module.submodule.foo} should be obvious...
For now, we need "main" in there, but a commit in the next few
days should remove that restriction...
mcr [Wed, 21 Jan 2004 00:39:55 +0000 (00:39 +0000)]
fixed "ChalX" to "RandX".
added Autz-Type:=, which is really needed for basic testing.
aland [Tue, 20 Jan 2004 16:31:02 +0000 (16:31 +0000)]
Look for stripped user name, then user name, in group cmp.
aland [Mon, 19 Jan 2004 19:09:45 +0000 (19:09 +0000)]
Use a better name for the SQL stuff.
Bug noted by Keith Yoder
aland [Mon, 19 Jan 2004 19:08:21 +0000 (19:08 +0000)]
Don't return "OK" until the TLV success packet was sent back.
Bug & patch noted by Mike Saywell
phampson [Sun, 18 Jan 2004 07:57:11 +0000 (07:57 +0000)]
Imported changes from downstream Debian packaging.
kkalev [Fri, 16 Jan 2004 14:47:29 +0000 (14:47 +0000)]
* Add a message when adding a user in the badusers table
* Close sql connections in add_badusers.php3
kkalev [Fri, 16 Jan 2004 13:50:06 +0000 (13:50 +0000)]
* Add the ability to erase rows from the badusers table
* In log_badlogins for multiple logins if it is a mppp attempt, log it