pnixon [Thu, 6 Oct 2005 17:44:23 +0000 (17:44 +0000)]
spelling fix
pnixon [Thu, 6 Oct 2005 17:36:50 +0000 (17:36 +0000)]
spelling fixes
aland [Thu, 6 Oct 2005 17:31:56 +0000 (17:31 +0000)]
Handle regex comparisons. Patch from Joe Maimon
pnixon [Thu, 6 Oct 2005 16:24:33 +0000 (16:24 +0000)]
spelling fixes
fcusack [Wed, 5 Oct 2005 22:40:33 +0000 (22:40 +0000)]
add maxtwin() cardops method to allow dynamic twin setting
fcusack [Wed, 5 Oct 2005 22:16:50 +0000 (22:16 +0000)]
pass 'when' and 'twin' to updatecsd(), so that time sync cards
can calculate drift
nbk [Wed, 5 Oct 2005 10:17:50 +0000 (10:17 +0000)]
Delete #include "autoconf.h" from other header files. It's
annoying for the people who want to use the libradius in an
external program.
aland [Tue, 4 Oct 2005 17:28:40 +0000 (17:28 +0000)]
As posted to the list
fcusack [Mon, 3 Oct 2005 04:48:13 +0000 (04:48 +0000)]
add some comments about twin2authtime() usage
fcusack [Mon, 3 Oct 2005 04:47:28 +0000 (04:47 +0000)]
twin2authtime() should return time_t, not int32_t
pnixon [Sun, 2 Oct 2005 21:51:26 +0000 (21:51 +0000)]
spelling fixes
pnixon [Sun, 2 Oct 2005 18:25:46 +0000 (18:25 +0000)]
spelling fix
pnixon [Sun, 2 Oct 2005 17:00:10 +0000 (17:00 +0000)]
small fixup
fcusack [Sat, 1 Oct 2005 08:49:54 +0000 (08:49 +0000)]
- add 'ewin' arg to cardops challenge() method, for e+t support
(e+t cards need to know the event count)
- otp_cardops.c:otp_pw_valid(): generate challenge at start of
sync response loop, rather than at the end, and save the last
successful challenge instead of the next one. This is needed
for t or e+t cards, where the saved challenge isn't meaningful.
It also cleans up the code a little.
- add minewin test to minauthtime test, so that e+t cards can
authenticate at the same minauthtime if it is a later event.
- bump state version to 4, and add minewin field.
nbk [Thu, 29 Sep 2005 17:57:35 +0000 (17:57 +0000)]
Add an attribute to the unused parameters.
Patch from Primoz Bratanic <primoz@slo-tech.com>
nbk [Thu, 29 Sep 2005 16:50:12 +0000 (16:50 +0000)]
Fix function declaration.
Patch from Primoz Bratanic <primoz@slo-tech.com>
nbk [Thu, 29 Sep 2005 15:11:08 +0000 (15:11 +0000)]
Include "request_list.h", too.
fcusack [Thu, 29 Sep 2005 05:42:46 +0000 (05:42 +0000)]
pass 'when' arg to cardops nullstate() method, for the same reason
we updated challenge() to accept a 'when' arg -- consistent time
calculation relative to a t=0 position.
fcusack [Thu, 29 Sep 2005 05:34:58 +0000 (05:34 +0000)]
Add 'challenge' arg to cardops updatecsd() method. The challenge
contains the time data which is probably needed for csd update.
fcusack [Thu, 29 Sep 2005 05:23:56 +0000 (05:23 +0000)]
style: document buffer sizes for char[] args
fcusack [Thu, 29 Sep 2005 05:17:57 +0000 (05:17 +0000)]
otp_keystring2keyblock(): add range checking
fcusack [Thu, 29 Sep 2005 04:55:10 +0000 (04:55 +0000)]
- Add nexttwin() cardops method, for help with evaluating
consecutive passwords. Each cardops module has to implement its
own method of "walking" the time (twin) counter, for now anyway.
- Add twin2authtime() cardops method, for help ensuring that a
passcode in the past (negative twin) is not earlier than the
most recently seen passcode. Remove comment insisting that
the challenge() or response() method needed to implement this;
that would have been awkward.
- Add minauthtime state field, to support twin2authtime() change.
- Change authtime state field to %x from %d.
- Leave state at version 3.
- Add 'when' arg to challenge() cardops method, to ensure that
sucessive challenges (as twin changes) are relative to the
same t=0 time.
aland [Wed, 28 Sep 2005 22:29:30 +0000 (22:29 +0000)]
Set src ip/port for auth & acct, too.
Based on last patch
aland [Wed, 28 Sep 2005 22:28:58 +0000 (22:28 +0000)]
When including conf files, reference 'cs' rather than 'parent'.
'cs' already references parent, so we still get the same benefit.
But if we reference 'parent' rather than 'cs', we don't get to
see the definitions in 'cs', which we want.
Bug & patch from Tariq Rashid
aland [Wed, 28 Sep 2005 16:44:36 +0000 (16:44 +0000)]
Set proxy packet src IP & port.
Bug found by Joe Maimon
aland [Wed, 28 Sep 2005 01:18:35 +0000 (01:18 +0000)]
Make the hashing a little better
nbk [Wed, 28 Sep 2005 00:25:29 +0000 (00:25 +0000)]
config.h is auto-generated by configure, therefore it shouldn't be
included in the repository.
nbk [Wed, 28 Sep 2005 00:22:49 +0000 (00:22 +0000)]
Delete unused #defines.
nbk [Wed, 28 Sep 2005 00:20:03 +0000 (00:20 +0000)]
Include headers that were missing.
nbk [Wed, 28 Sep 2005 00:13:22 +0000 (00:13 +0000)]
Fix typos.
Patch from Primoz Bratanic <primoz@slo-tech.com>
nbk [Wed, 28 Sep 2005 00:09:29 +0000 (00:09 +0000)]
Add the attribute UNUSED to parameters that need it.
Patch from Primoz Bratanic <primoz@slo-tech.com>
nbk [Tue, 27 Sep 2005 23:59:11 +0000 (23:59 +0000)]
Delete unused variables.
Patch from Primoz Bratanic <primoz@slo-tech.com>
aland [Tue, 27 Sep 2005 23:54:37 +0000 (23:54 +0000)]
Fix potential hash collision issues by a yucky hack.
Add rlm_init_proxy() function, and call it from mainconfig
after we've initialized mainconfig.list. It's still yucky, but
less so.
Double-check return values in rl_clean_list, so we don't return
a sleep time of < 0.
This should really be fixed *properly*
aland [Tue, 27 Sep 2005 23:27:07 +0000 (23:27 +0000)]
Added 'default' module rcode, which sets a whack of actions to
the same value.
nbk [Tue, 27 Sep 2005 12:39:15 +0000 (12:39 +0000)]
Install the libradius headers in /usr/include/freeradius, so that
the library may be used by external programs after the server has
been installed.
nbk [Tue, 27 Sep 2005 12:38:49 +0000 (12:38 +0000)]
Get the variable $(includedir) from autoconf, too.
nbk [Sun, 25 Sep 2005 16:07:26 +0000 (16:07 +0000)]
Fix some compilation warnings.
nbk [Sun, 25 Sep 2005 15:55:40 +0000 (15:55 +0000)]
Fix previous commit: Don't use the macros defined in headers
that aren't included.
nbk [Sun, 25 Sep 2005 15:27:16 +0000 (15:27 +0000)]
Add the attribute "noreturn" to the functions that need it.
Patch from Primoz Bratanic <primoz@slo-tech.com>
nbk [Fri, 23 Sep 2005 16:15:27 +0000 (16:15 +0000)]
Check whether strings were allocated already.
Thanks to Primoz Bratanic for spotting this.
nbk [Fri, 23 Sep 2005 15:54:30 +0000 (15:54 +0000)]
Limit the length of string radiusd_conf always to the same
value (50 bytes)
Based on comments from Primoz Bratanic <primoz@slo-tech.com>
nbk [Fri, 23 Sep 2005 14:35:00 +0000 (14:35 +0000)]
If strftime(3) returns 0, the contents of the string array is
undefined, therefore it should not be copied.
Thanks to Primoz Bratanic for spotting this.
fcusack [Fri, 23 Sep 2005 10:38:11 +0000 (10:38 +0000)]
Update csd on successful auth or rwindow candidate. We used to
only update it on a successful auth, but for null state we need
to update csd to correct a possible error in offset calculation
(due to user delay from card activation to passcode entry). Maybe
later we will test for null state on rwindow candidate csd update.
fcusack [Fri, 23 Sep 2005 07:09:24 +0000 (07:09 +0000)]
var name change p->dbc
fcusack [Fri, 23 Sep 2005 06:53:46 +0000 (06:53 +0000)]
warn if hardfail <= softfail (effectively disabling softfail)
fcusack [Fri, 23 Sep 2005 04:43:32 +0000 (04:43 +0000)]
pass csd to challenge() method
fcusack [Fri, 23 Sep 2005 02:04:54 +0000 (02:04 +0000)]
add updatecsd() cardops method
nbk [Thu, 22 Sep 2005 16:57:10 +0000 (16:57 +0000)]
Now that rlm_perl is stable, we need libperl-dev in Build-Depends.
fcusack [Thu, 22 Sep 2005 05:02:32 +0000 (05:02 +0000)]
otp_get_random(): fd is unused in FR
fcusack [Thu, 22 Sep 2005 00:46:07 +0000 (00:46 +0000)]
- cardops: Pass options to nullstate(), for future softfail verf.
- cardops: Add twindow support for time synchronous cards. Change
user_state authpos field to authewin, and add authtwin.
- cardops: Add OTP_CF_TW feature to inform cardops layer of
max clock skew.
- cardops: Add OTP_CF_FRW feature to force rwindow setting
(overriding admin options setting), for e+t cards (TRI-D).
This allows cards with fixed event window to inform
cardops layer of the window size and allows concurrent
operation with variable event window cards.
- cardops: Add logic to keep a user in "forced softfail", by keeping
authtime set to INT32_MAX. (It will always be too soon
for the user to avoid the delay.) Set by nullstate(),
reset by successful auth (softfail override).
- state version bump to 3, adding authtwin field. Not backward compat.
- state bugfix: Append trailing ':' to state data, matching docs.
- state bugfix: force authtime to int32_t instead of relying on ILP32.
- documentation update
nbk [Wed, 21 Sep 2005 16:42:24 +0000 (16:42 +0000)]
Move prototypes for {sn,vsn}printf to missing.h
nbk [Wed, 21 Sep 2005 16:34:36 +0000 (16:34 +0000)]
Add more prototypes for replacement functions.
nbk [Wed, 21 Sep 2005 16:16:05 +0000 (16:16 +0000)]
Fix compilation errors.
fcusack [Wed, 21 Sep 2005 09:07:51 +0000 (09:07 +0000)]
change i,j to t,e ... what a big difference a single letter makes
fcusack [Wed, 21 Sep 2005 08:57:07 +0000 (08:57 +0000)]
typo
fcusack [Wed, 21 Sep 2005 08:55:24 +0000 (08:55 +0000)]
fix a bug in async auth path where 'i' was initialized incorrectly
and 'j' was not initialized, which affected resync
fcusack [Wed, 21 Sep 2005 07:26:22 +0000 (07:26 +0000)]
add a helper function, isconsecutive(), to test for softfail override
fcusack [Wed, 21 Sep 2005 07:00:52 +0000 (07:00 +0000)]
otp_pw_valid(): get time once on entry rather than each time we test it
fcusack [Wed, 21 Sep 2005 06:02:16 +0000 (06:02 +0000)]
Swap the twindow and ewindow loops when testing sync responses.
twindow is now the outer loop and ewindow is the inner loop.
fcusack [Wed, 21 Sep 2005 05:20:16 +0000 (05:20 +0000)]
change ewindow2 to rwindow everywhere except documentation (to follow)
fcusack [Wed, 21 Sep 2005 05:04:23 +0000 (05:04 +0000)]
don't pass ewin to cardops challenge() method; use implied '1'
nbk [Wed, 21 Sep 2005 03:02:39 +0000 (03:02 +0000)]
Fix compilation warnings.
fcusack [Wed, 21 Sep 2005 02:37:38 +0000 (02:37 +0000)]
twindow support
fcusack [Wed, 21 Sep 2005 02:20:00 +0000 (02:20 +0000)]
pass csd to cardops response() method and update on successful auth
fcusack [Wed, 21 Sep 2005 01:27:05 +0000 (01:27 +0000)]
rollback challenge -> user_state change
fcusack [Tue, 20 Sep 2005 23:51:07 +0000 (23:51 +0000)]
remove lingering text about state (claiming it was not global,
which is no longer correct); highlight TRI-D and CRYPTOCard
features and differences
nbk [Tue, 20 Sep 2005 15:21:12 +0000 (15:21 +0000)]
Build strlcpy and strlcat files, too.
nbk [Tue, 20 Sep 2005 15:02:19 +0000 (15:02 +0000)]
Get strlcat from OpenBSD libc.
ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcat.c
nbk [Tue, 20 Sep 2005 15:00:13 +0000 (15:00 +0000)]
Get strlcpy from OpenBSD libc.
ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcpy.c
nbk [Tue, 20 Sep 2005 14:42:31 +0000 (14:42 +0000)]
Regenerate from configure.in 1.220
nbk [Tue, 20 Sep 2005 14:38:24 +0000 (14:38 +0000)]
Check the functions strlcpy and strlcat, too.
fcusack [Tue, 20 Sep 2005 07:54:56 +0000 (07:54 +0000)]
pass all of user_state to cardops challenge() and response() methods,
not just challenge; challenge and response may require csd in addition
to the challenge data
fcusack [Tue, 20 Sep 2005 06:15:05 +0000 (06:15 +0000)]
support nullstate in cardops layer, but no CRYPTOCard support for now
fcusack [Tue, 20 Sep 2005 05:48:13 +0000 (05:48 +0000)]
otp_state_put(): off-by-one when reporting failure reason
fcusack [Tue, 20 Sep 2005 05:47:53 +0000 (05:47 +0000)]
otp_state_put(): reset locked flag on successful PUT. We were
seeing a second PUT if (state_parse() failed, did a put(), returned
-1 to otp_pw_valid() with locked flag set, and then otp_pw_valid()
would try to PUT again before returning).
nbk [Sun, 18 Sep 2005 16:56:23 +0000 (16:56 +0000)]
Add rlm_perl and rlm_sqlcounter.
fcusack [Sun, 18 Sep 2005 07:30:23 +0000 (07:30 +0000)]
fix HMAC error report
fcusack [Sun, 18 Sep 2005 07:27:01 +0000 (07:27 +0000)]
pass log_prefix to cardops challenge() and response() methods
fcusack [Sun, 18 Sep 2005 06:38:22 +0000 (06:38 +0000)]
add hotp support
fcusack [Sat, 17 Sep 2005 18:17:29 +0000 (18:17 +0000)]
typo
fcusack [Sat, 17 Sep 2005 18:17:02 +0000 (18:17 +0000)]
remove state file documentation (now found in dsm documentation,
not part of freeradius)
nbk [Sat, 17 Sep 2005 12:47:35 +0000 (12:47 +0000)]
Fix annoying format string errors.
Thanks to Primoz Bratanic for bringing this to our attention.
fcusack [Sat, 17 Sep 2005 05:40:28 +0000 (05:40 +0000)]
otp_state_getfd(): add type for log_prefix arg to definition
for PAM case
aland [Fri, 16 Sep 2005 18:36:18 +0000 (18:36 +0000)]
Use closefrom(), which is guaranteed to close all file descriptors
Well, except for EINTR, which should be fixed...
nbk [Fri, 16 Sep 2005 09:01:41 +0000 (09:01 +0000)]
The Makefile is auto-generated by configure, thereore it
shouldn't be included in the repository.
fcusack [Thu, 15 Sep 2005 07:40:28 +0000 (07:40 +0000)]
update copyright (assign to TRI-D instead of myself)
fcusack [Thu, 15 Sep 2005 07:38:11 +0000 (07:38 +0000)]
update style
fcusack [Thu, 15 Sep 2005 07:35:31 +0000 (07:35 +0000)]
otp_get_user_info(): Return error if keystring too long -- we were
just reporting it but not returning error, and thus we also would
overflow the keystring buffer.
fcusack [Thu, 15 Sep 2005 07:34:29 +0000 (07:34 +0000)]
int format is %d not %i
fcusack [Thu, 15 Sep 2005 07:33:59 +0000 (07:33 +0000)]
fix quoting for "valid but in (hard|soft)fail" messages
fcusack [Thu, 15 Sep 2005 07:33:22 +0000 (07:33 +0000)]
fix FreeRADIUS idiotic warnings
fcusack [Thu, 15 Sep 2005 07:32:33 +0000 (07:32 +0000)]
last_auth_time -> user_state.authtime for FR chal_delay test
fcusack [Thu, 15 Sep 2005 07:31:59 +0000 (07:31 +0000)]
missed a s/strvalue/vp_strvalue/
fcusack [Thu, 15 Sep 2005 07:31:24 +0000 (07:31 +0000)]
otp_state_putfd() needs log_prefix arg
fcusack [Thu, 15 Sep 2005 07:30:53 +0000 (07:30 +0000)]
otp_detach(): syncdir is now lsmd_rp
fcusack [Thu, 15 Sep 2005 07:30:22 +0000 (07:30 +0000)]
FR support for state manager (connection pool)
fcusack [Thu, 15 Sep 2005 07:29:39 +0000 (07:29 +0000)]
fix detach member of module_t (broken in previous round of commits)
fcusack [Thu, 15 Sep 2005 07:28:38 +0000 (07:28 +0000)]
strvalue -> vp_strvalue (wiped out change in previous round of commits)
fcusack [Thu, 15 Sep 2005 07:27:04 +0000 (07:27 +0000)]
s/pin_adjust/pin_offset/
fcusack [Thu, 15 Sep 2005 07:26:31 +0000 (07:26 +0000)]
new error messages for hardfail/softfail