fcusack [Sun, 26 May 2002 11:24:21 +0000 (11:24 +0000)]
Change run_dir default from /var/run to /var/run/radiusd.
/var/run is writable only by root and it is desirable to have
radiusd run as a non-root user (barring any need to read system
files like /etc/shadow). Changing the default run_dir path
promotes best practices.
fcusack [Sun, 26 May 2002 10:06:41 +0000 (10:06 +0000)]
Load versioned libs.
If a module is specified as 'FOO' in radiusd.conf, the module
loader will now try to load rlm_FOO-MAJOR.MINOR. This can be
overridden by explicitly starting the module name with rlm_,
eg rlm_FOO or rlm_FOO-0.1. This allows someone to have their
own modules which they don't have to recompile to use against
a newer core (assuming the interface is still compatible--a
method should be added to check this). This would be useful
for folks that have private modules or modules they wish to
distribute separately from freeradius as a binary.
This will force folks to upgrade the modules when they upgrade
freeradius, a common problem in the past.
It is no longer possible to have a module named rlm_rlm_*, not
that that was ever useful.
fcusack [Sun, 26 May 2002 00:42:36 +0000 (00:42 +0000)]
x99_log() and x99 radius-specific header separation
fcusack [Sun, 26 May 2002 00:38:44 +0000 (00:38 +0000)]
Use x99_log() in favor of radlog(), to make some of these files
portable to a PAM implementation.
fcusack [Sat, 25 May 2002 05:45:12 +0000 (05:45 +0000)]
Rename do_log() to vradlog(), and export it, it will be used by
rlm_x99_token. Once a second caller wishes to use it, a prototype
should be added to radiusd.h.
aland [Fri, 24 May 2002 17:31:23 +0000 (17:31 +0000)]
Don't bother locking the FD ourselves, as it appears to cause
locks on some platforms.
Instead, don't lock it, but declare the module to be single threaded.
aland [Fri, 24 May 2002 16:19:30 +0000 (16:19 +0000)]
Added sql_escape_string function, so garbage characters don't
get passed to the SQL parser, and confuse it.
aland [Thu, 23 May 2002 14:44:55 +0000 (14:44 +0000)]
Remove all references to nas_name(), as it's a bad function to
be using.
aland [Thu, 23 May 2002 14:29:50 +0000 (14:29 +0000)]
Make it work right
Patch from Rainer Weikusat
aland [Wed, 22 May 2002 18:58:52 +0000 (18:58 +0000)]
Enable new code to handle forking child programs, so that
Exec-Program-Wait won't lock the server.
aland [Tue, 21 May 2002 19:17:11 +0000 (19:17 +0000)]
Include string.h, to declare memcmp() and friends.
aland [Fri, 17 May 2002 18:04:23 +0000 (18:04 +0000)]
Include <sys/wait.h>, on systems which need it.
Don't use fancy new functions if we're not using threads.
aland [Fri, 17 May 2002 18:02:11 +0000 (18:02 +0000)]
Look for <sys/wait.h>, too
aland [Thu, 16 May 2002 19:28:22 +0000 (19:28 +0000)]
Corrected buffer size of stored pid/thread-id/status
aland [Thu, 16 May 2002 19:15:22 +0000 (19:15 +0000)]
If we have no effective user, don't call getpwnam().
aland [Thu, 16 May 2002 18:38:11 +0000 (18:38 +0000)]
Added prototypes for new functions in threads.c, to keep track
of thread && forking issues.
aland [Thu, 16 May 2002 18:36:51 +0000 (18:36 +0000)]
Fix up some issues with SIGHUP && thread pool re-initialization.
Added new functions (requiring *real* sem_post(), etc.) to handle
the issues of fork'ing with child threads, and getting the right
exit status to the right thread.
The functions aren't called from elsewhere in the code, that may
come soon.
aland [Thu, 16 May 2002 14:52:13 +0000 (14:52 +0000)]
Add docs on command-line options "-r server" and "-p port"
aland [Tue, 14 May 2002 16:54:21 +0000 (16:54 +0000)]
Re-arrange some of the code in rad_check_list() to be a little
cleaner.
Discard new requests if we have a thread processing the old one.
Don't send a delayed reject if we receive a new request of the
same id && code. Instead, drop the delayed reject on the floor.
aland [Mon, 13 May 2002 19:08:06 +0000 (19:08 +0000)]
Change includes to stop compiler warnings
kkalev [Mon, 13 May 2002 18:16:18 +0000 (18:16 +0000)]
Make the default behaviour for access_group = NULL more obvious
cparker [Mon, 13 May 2002 17:18:08 +0000 (17:18 +0000)]
Skip over := when walking through the reply-list.
Bug noted by Eddie Stassen
aland [Mon, 13 May 2002 16:34:51 +0000 (16:34 +0000)]
POSIX functions return the error, and don't set errno.
kkalev [Sat, 11 May 2002 15:08:02 +0000 (15:08 +0000)]
Change the nas entry in the ippool_key structure from uint32 to string[64]
That should allow us to also use the NAS-Identifier attribute
fcusack [Fri, 10 May 2002 04:51:00 +0000 (04:51 +0000)]
correct 'users' file check-item example
aland [Thu, 9 May 2002 15:59:18 +0000 (15:59 +0000)]
If we're proxying, we may not be able to sleep forever if there's
nothing to do. We may have to wake up periodically, to send
proxy retries.
Bug noted by Eddie Stassen
kkalev [Thu, 9 May 2002 13:04:57 +0000 (13:04 +0000)]
Add an entry for the ippool module
kkalev [Thu, 9 May 2002 11:49:35 +0000 (11:49 +0000)]
Realm attribute should be radiusRealm
kkalev [Wed, 8 May 2002 08:38:56 +0000 (08:38 +0000)]
Add a few more comments for the counter module
ramoore [Tue, 7 May 2002 19:19:52 +0000 (19:19 +0000)]
Fix several debug messages in rlm_sqlcounter that mistakenly appeared to come
from rlm_counter.
aland [Tue, 7 May 2002 17:11:23 +0000 (17:11 +0000)]
Implemented digest authentication, as per RFC 2617, and
draft-sterman-aaa-sip-00.txt
It's experimental, but inter-operable with a Cisco SIP server.
kkalev [Tue, 7 May 2002 12:40:48 +0000 (12:40 +0000)]
Check the return value of a gdbm_fetch() we didn't check
kkalev [Tue, 7 May 2002 10:51:08 +0000 (10:51 +0000)]
Add support for the Ldap-Group attribute in the ldap module
aland [Mon, 6 May 2002 14:29:41 +0000 (14:29 +0000)]
If no password or group files have been specified in the config,
use the standard system calls to find them, rather than giving up.
Patch from Steve Langasek
aland [Mon, 6 May 2002 14:13:01 +0000 (14:13 +0000)]
If we're delaying the reject message, then don't delete the request
pairs, which include the Proxy-State needed for the reply.
aland [Mon, 6 May 2002 14:05:38 +0000 (14:05 +0000)]
Cleaned up, extendend, and small re-arrangements of the comments
and descriptions of the config file.
aland [Mon, 6 May 2002 13:53:36 +0000 (13:53 +0000)]
Include netinet/in.h, as apparently OpenBSD needs it.
Based on a patch from Giacomo Cariello
aland [Mon, 6 May 2002 13:49:57 +0000 (13:49 +0000)]
Look for BSD style gethostbyaddrr()
Patch for OpenBSD port from Giacomo Cariello
kkalev [Fri, 3 May 2002 22:10:54 +0000 (22:10 +0000)]
* Change log_badlogins to use the mysql binary instead of the DBI module. That way we don't have any dependencies
and we don't need to bother with connection maintainance (dead mysql connections etc).
* Add a few comments in rlm_ippool.c
kkalev [Tue, 30 Apr 2002 15:27:10 +0000 (15:27 +0000)]
Reaarange a few things in user_admin. Put Subscription Analysis first and 'Account Status' second. Make a
few things bold.
aland [Mon, 29 Apr 2002 20:48:48 +0000 (20:48 +0000)]
Do NOT call rad_process() from a child thread to zap a session.
Instead, call rad_accounting(), which ends up doing the same thing,
but correctly.
raghu [Mon, 29 Apr 2002 18:11:38 +0000 (18:11 +0000)]
Added XP-freeradius (EAP/TLS) HOWTO link.
kkalev [Mon, 29 Apr 2002 17:31:56 +0000 (17:31 +0000)]
Fix a bug in time2strclock() in lib/functions.php3. Seconds ammount more than 9 would not show.
Bug noted by Timophey <bcloud@mail.ru>
aland [Mon, 29 Apr 2002 14:18:25 +0000 (14:18 +0000)]
Make all stable modules
Patch from Andrey Kotrekhov
3APA3A [Sat, 27 Apr 2002 11:07:14 +0000 (11:07 +0000)]
! replyItem changed to checkItem for MS-CHAP related attributes
raghu [Fri, 26 Apr 2002 21:52:03 +0000 (21:52 +0000)]
Proper fix to handle Unexpected ACKs from XP
raghu [Fri, 26 Apr 2002 21:44:52 +0000 (21:44 +0000)]
Fixed Datatypes
raghu [Fri, 26 Apr 2002 21:35:49 +0000 (21:35 +0000)]
Fixed memory leaks
EAP authentication without User-Name attribute
aland [Fri, 26 Apr 2002 19:32:12 +0000 (19:32 +0000)]
If rad_check_ts() returns an error, then close the radutmp file,
and return RLM_MODULE_FAIL, instead of trying to do anything.
cparker [Fri, 26 Apr 2002 00:07:58 +0000 (00:07 +0000)]
Updated example to show 'nastype', 'login', and 'password' as
optional config items.
cparker [Fri, 26 Apr 2002 00:01:39 +0000 (00:01 +0000)]
Added 'naslist' and 'naspasswd' items to RADCLIENT struct
which is generated from 'clients.conf'. This is the first
step to deprecating the old style 'naslist' and 'naspasswd'.
aland [Thu, 25 Apr 2002 18:49:17 +0000 (18:49 +0000)]
Added prio field
cparker [Thu, 25 Apr 2002 15:31:24 +0000 (15:31 +0000)]
Changed return code to RLM_MODULE_FAIL from NOOP when module cannot
allocate an SQL socket.
Bug noted by Aleksandr Kuzminsky <ingoth@nbi.com.ua>
aland [Thu, 25 Apr 2002 14:58:28 +0000 (14:58 +0000)]
Updated with patches from original author
aland [Thu, 25 Apr 2002 14:57:40 +0000 (14:57 +0000)]
Changed C++ comments to C comments
aland [Thu, 25 Apr 2002 14:52:06 +0000 (14:52 +0000)]
MSSQL query configuration
aland [Thu, 25 Apr 2002 14:51:18 +0000 (14:51 +0000)]
Added FreeTDS driver, to access MS-SQL databases, from
Dmitri Ageev <d_ageev@ortcc.ru>
aland [Thu, 25 Apr 2002 14:43:20 +0000 (14:43 +0000)]
Include sys/types.h, for FreeBSD.
Patch from Andrey Kotrekhov
aland [Wed, 24 Apr 2002 20:15:17 +0000 (20:15 +0000)]
After configuring for only certain modules, we should only build
the configured modules. The other modules should be ignored.
Patch from Andey Kotrekhov
aland [Wed, 24 Apr 2002 18:00:06 +0000 (18:00 +0000)]
When writing a Tunnel-Password attribute to a packet, ALWAYS write
a tag to the raw packet.
aland [Wed, 24 Apr 2002 15:34:29 +0000 (15:34 +0000)]
Use a configure script which works
aland [Wed, 24 Apr 2002 15:14:46 +0000 (15:14 +0000)]
If we're NOT debugging, print the time stamps to the log.
aland [Wed, 24 Apr 2002 14:15:08 +0000 (14:15 +0000)]
Added cvs ID line, and note about the stupid use of _ instead of -
cparker [Tue, 23 Apr 2002 16:04:05 +0000 (16:04 +0000)]
Finalized logic in module to support multiple rules for each a/v
pair. ( to allow multiple rules to create a "range" )
Added support for new =* and !* operators.
Updated documentation and examples for new functionality.
cparker [Tue, 23 Apr 2002 15:41:32 +0000 (15:41 +0000)]
Fixed bug in pairlist_read, in reporting syntax errors on
previous line. Code was not checking for T_INVALID token
correctly.
cparker [Tue, 23 Apr 2002 15:06:30 +0000 (15:06 +0000)]
Updated core server to understand new check_item operators:
=* Always compare true
!* Always compare false
This allows 'rlm_attr_filter' to use 'Reply-Message *= ANY'
as a filter rule to allow any Reply-Message values through.
aland [Tue, 23 Apr 2002 15:04:17 +0000 (15:04 +0000)]
Fixed stable module build
ramoore [Tue, 23 Apr 2002 05:50:07 +0000 (05:50 +0000)]
Add docs for rlm_sqlcounter module to experimental.conf
ramoore [Tue, 23 Apr 2002 05:48:39 +0000 (05:48 +0000)]
Added rlm_sqlcounter module. It impliments counters based on the accounting
data stored by the rlm_sql module. It does not require additional GDBM
databases for each counter.
aland [Mon, 22 Apr 2002 19:44:57 +0000 (19:44 +0000)]
Added xlat function %{config:...}
e.g. %{config:modules.unix.passwd}
The string value of the 'passwd' configuration item in the 'unix'
module, in the 'modules' section of radiusd.conf.
This should be used VERY carefully, as they may leak secret
information from your RADIUS server, if you use them in reply
attributes to the NAS!
aland [Mon, 22 Apr 2002 19:37:13 +0000 (19:37 +0000)]
Add 'const' to character pointers which are passed to functions,
but which are not modified.
Explicitely initialize the 'xlat' list of functions.
aland [Mon, 22 Apr 2002 19:03:49 +0000 (19:03 +0000)]
removed reference to using short name to create the directory name
aland [Mon, 22 Apr 2002 16:05:58 +0000 (16:05 +0000)]
Bumped version number.
Preliminary support for building only experimental modules.
aland [Mon, 22 Apr 2002 16:04:18 +0000 (16:04 +0000)]
Added rlm_eap: It works on multiple platforms.
aland [Mon, 22 Apr 2002 15:51:50 +0000 (15:51 +0000)]
Increment the length of the tunnel attribute ONLY if the tag is
valid.
Bug noted by Sinnwell Wolfgang
aland [Fri, 19 Apr 2002 17:30:06 +0000 (17:30 +0000)]
Cleaned up logic, so that accounting requests can be proxied
without getting excited over authentication configuration.
aland [Fri, 19 Apr 2002 16:11:42 +0000 (16:11 +0000)]
Updated patch from Andrew Kukhta <andy@wubn.net>, as posted to
freeradius-users on Mon, 8 Apr 2002 10:48:59 +0300
aland [Fri, 19 Apr 2002 16:02:27 +0000 (16:02 +0000)]
Increase the buffer size, to allow huge SQL queries.
As noted to the list by Peter Shin
cparker [Fri, 19 Apr 2002 14:06:40 +0000 (14:06 +0000)]
Fixed coredump on logging when 'radlog_dir' is not defined.
aland [Wed, 17 Apr 2002 16:34:53 +0000 (16:34 +0000)]
Cleaned up some of the logic, and added debug level 3, where the
debugging messages have time stamps.
aland [Wed, 17 Apr 2002 15:09:14 +0000 (15:09 +0000)]
Use the correct name for the utmp file, as decided on by configure.
This isn't a fix for the real problem (radwho doesn't read
radiusd.conf), but it's a work-around which will help for most
people.
kkalev [Tue, 16 Apr 2002 14:31:18 +0000 (14:31 +0000)]
Add an option to specify the maximum results returned from the sql query
kkalev [Tue, 16 Apr 2002 14:22:34 +0000 (14:22 +0000)]
Add the corresponding attributes for Max-{Daily,Weekly}-Session in sql.attrmap
kkalev [Tue, 16 Apr 2002 11:55:40 +0000 (11:55 +0000)]
Pass the nas server community as an argument to the snmpfinger script
raghu [Mon, 15 Apr 2002 21:41:27 +0000 (21:41 +0000)]
Fixed "Unexpected ACK" bug that was introduced with the previous check in.
aland [Mon, 15 Apr 2002 20:59:36 +0000 (20:59 +0000)]
User ippool_flags, not counter_flags
aland [Mon, 15 Apr 2002 19:04:05 +0000 (19:04 +0000)]
Fix apparent memory leak, by using the correct data type for the
variable.
Patch from Vladimir Krymov <krymov@oskolnet.ru>
3APA3A [Mon, 15 Apr 2002 09:00:28 +0000 (09:00 +0000)]
! rad_tunnel_pwencode/rad_tunnel_pwdecode corrected
kkalev [Sat, 13 Apr 2002 10:49:05 +0000 (10:49 +0000)]
Add the Pool-Name attribute containing the name of the ip pool we want to use
for the corresponding user. Add support in rlm_ippool. Add comment in radiusd.conf
raghu [Fri, 12 Apr 2002 22:08:12 +0000 (22:08 +0000)]
Reject in case of Buffer read errors.
Backward compatibility to make it compile with some old SSL releases.
raghu [Fri, 12 Apr 2002 21:54:39 +0000 (21:54 +0000)]
Fixed the problem with Index that seems incrementing for every new session.
aland [Wed, 10 Apr 2002 17:23:22 +0000 (17:23 +0000)]
Added code to turn internal server attributes Digest-FOO into
on-the-wire Digest-Attribute, which is in a ridiculously stupid form.
This is in preparation for the Digest Authentication, from IETF
internet draft draft-sterman-aaa-sip-00.txt
Only radclient was edited. Due to the way the protocol works, the
server will NEVER generate these attributes. If it's proxying them,
then they will exist correctly in the incoming packet, and the server
won't ever have to edit them.
So the only place where they need to be generated is radclient, and
that's where the code goes.
aland [Wed, 10 Apr 2002 17:20:28 +0000 (17:20 +0000)]
Added dictionary entries and defines for Digest Authentication
from IETF Internet Draft draft-sterman-aaa-sip-00.txt
3APA3A [Tue, 9 Apr 2002 16:41:52 +0000 (16:41 +0000)]
+ passwd configuration exapmles added. Recommendations added to
mschap passwd option to use rlm_mschap instead.
For a while passwd module is experimental.
cmiller [Tue, 9 Apr 2002 16:12:01 +0000 (16:12 +0000)]
Fixed up section.
aland [Tue, 9 Apr 2002 14:54:10 +0000 (14:54 +0000)]
This is the list of stable modules. It should be ONE directory
name per line, no comments, and NO other text.
cmiller [Mon, 8 Apr 2002 23:38:12 +0000 (23:38 +0000)]
Moved warning message out of necessary condition.
cmiller [Mon, 8 Apr 2002 23:36:10 +0000 (23:36 +0000)]
Preparing for 0.5+cvs20020408 release.
aland [Mon, 8 Apr 2002 16:33:26 +0000 (16:33 +0000)]
Configure script for IP Pool module
aland [Mon, 8 Apr 2002 16:28:05 +0000 (16:28 +0000)]
Updated use of $1 and $2 in AC_SMART_CHECK_LIB() to work properly