Alan T. DeKok [Sun, 6 Dec 2009 12:37:13 +0000 (13:37 +0100)]
Removed re-definition of detail structure
Alan T. DeKok [Sun, 6 Dec 2009 12:36:28 +0000 (13:36 +0100)]
Moved detail structure defs to a public header file
Alan T. DeKok [Sat, 5 Dec 2009 14:58:19 +0000 (15:58 +0100)]
Fix code so that corner cases of %{%{foo}:-%{bar}} work
The previous code was odd... this code is simpler, and works.
Alan T. DeKok [Sat, 5 Dec 2009 14:54:08 +0000 (15:54 +0100)]
Re-set FP after closing it
Alan T. DeKok [Fri, 4 Dec 2009 13:46:04 +0000 (14:46 +0100)]
Enable new dictionaries
Alan T. DeKok [Thu, 3 Dec 2009 09:25:33 +0000 (10:25 +0100)]
Sign client certs with CA rather than server cert
Alan T. DeKok [Wed, 2 Dec 2009 11:16:57 +0000 (12:16 +0100)]
Use intermediate buffer for error messages.
This prevents the messages from getting mangled
Alan T. DeKok [Wed, 2 Dec 2009 10:37:33 +0000 (11:37 +0100)]
Removed erroneous 'break'
Alan T. DeKok [Wed, 2 Dec 2009 07:51:27 +0000 (08:51 +0100)]
Fixed string copying in sub variable.
Apparently the only reason this worked before is that no one used it.
The decode_attribute() function did the string copying itself,
and therefore avoided this.
Alan T. DeKok [Tue, 1 Dec 2009 09:49:18 +0000 (10:49 +0100)]
Fixed typo
Alan T. DeKok [Tue, 1 Dec 2009 09:21:48 +0000 (10:21 +0100)]
Simplify use of fr_event_now
Alan T. DeKok [Mon, 30 Nov 2009 16:07:22 +0000 (17:07 +0100)]
Fix build problem
Alan T. DeKok [Mon, 30 Nov 2009 12:58:49 +0000 (13:58 +0100)]
Print out more useful debugging messages
Rather than
rlm_ldap: ...
do
[foo] ...
Which prints out the instance name in a slightly better format
Alan T. DeKok [Mon, 30 Nov 2009 09:05:37 +0000 (10:05 +0100)]
Cleanups and simplifications.
The FD_SET is now calculated in the event_loop() function,
making it harder to get it wrong.
fr_event_now() ALWAYS returns a time, calling gettimeofday()
if necessary
Alan T. DeKok [Mon, 30 Nov 2009 08:14:27 +0000 (09:14 +0100)]
Clean up "dead" child if there's no thread associated with the request
Alan T. DeKok [Sun, 29 Nov 2009 15:07:23 +0000 (16:07 +0100)]
Clean up state machine.
This error happens when "max_request_time" is set VERY low.
i.e. lower than "response_window". (12s versus 30s).
The current logic for enforcing the various timers is pretty bad. There
is one timer per request, and it bounces around between the different
requirements. At the time it was written, it seemed simpler than trying
to manage 3-4 simultaneous timers per request.
When the request is proxied, the timer being applied is for
"response_window". BUT by the time that expires, the "max_request_time"
has expired. The code *does* notice that it has expired. BUT it doesn't
notice that there's no child thread processing the request. So it waits
for the child thread to exit... forever.
At some point, a timer overflows, and it dies.
There are a few changes to make:
1) check for "no child" in this situation, and clean up the request rather
than waiting forever.
2) cap the timer to 5 minutes (this can still happen, for example, when a
bad DB locks a thread for hours at a time).
3) don't overflow when adding timer values.
Alan T. DeKok [Fri, 27 Nov 2009 14:58:58 +0000 (15:58 +0100)]
L_INFO, "PROXY:... --> L_PROXY, "...
Simplifies and regularizes the log messages
Alan T. DeKok [Fri, 27 Nov 2009 12:01:06 +0000 (13:01 +0100)]
Fix typo
Alan T. DeKok [Fri, 27 Nov 2009 11:07:25 +0000 (12:07 +0100)]
Initialize timers for Status-Server
For some weird reason they weren't initialized in debugging mode,
so we force it here. This WAS tested to work... so I have no idea
why it stopped.
We also ignore Status-Server packets when marking home_servers as
alive. That way, the ping_check will work properly...
Alan T. DeKok [Fri, 27 Nov 2009 10:53:29 +0000 (11:53 +0100)]
Use new home_server_find API
Alan T. DeKok [Fri, 27 Nov 2009 10:47:56 +0000 (11:47 +0100)]
Add tcp/udp to CLI for home_servers
Alan T. DeKok [Thu, 26 Nov 2009 18:10:44 +0000 (19:10 +0100)]
Remove erroneous handling of option 82
Alan T. DeKok [Thu, 26 Nov 2009 17:37:13 +0000 (18:37 +0100)]
Try to force libltdl non-install
Alan T. DeKok [Thu, 26 Nov 2009 17:16:00 +0000 (18:16 +0100)]
Change some DEBUG to radlog
So that interesting state changes / internal events will get
logged
Alan T. DeKok [Thu, 26 Nov 2009 13:24:30 +0000 (14:24 +0100)]
Log more messages, rather than just doing debug with them
Alan T. DeKok [Sun, 22 Nov 2009 15:56:14 +0000 (16:56 +0100)]
Print names for unsupported eap types
Alan T. DeKok [Sun, 22 Nov 2009 15:47:29 +0000 (16:47 +0100)]
More warnings
Modifying the values of a virtual attribute is a bad idea.
Alan T. DeKok [Sun, 22 Nov 2009 15:35:20 +0000 (16:35 +0100)]
Check for NULL
Alan T. DeKok [Sun, 22 Nov 2009 08:26:51 +0000 (09:26 +0100)]
Fixed typo
Alan T. DeKok [Sun, 22 Nov 2009 08:18:16 +0000 (09:18 +0100)]
As posted to the list
Alan T. DeKok [Sun, 22 Nov 2009 08:16:22 +0000 (09:16 +0100)]
Move definition so that it doesn't cause issues
Use the RFC definitions for the name
Alan T. DeKok [Sun, 22 Nov 2009 08:12:15 +0000 (09:12 +0100)]
Revert "errormsg may be NULL"
This reverts commit
45877bf44b02d418b6fb263a39e5de07ced58b6e.
It doesn't fix the problem, and it seems to cause issues for
other people
Alan T. DeKok [Wed, 18 Nov 2009 17:34:17 +0000 (18:34 +0100)]
As posted to the list
Alan T. DeKok [Tue, 17 Nov 2009 10:19:17 +0000 (11:19 +0100)]
Move user/group/chroot/core to bootstrap config
It adds some extra stuff when starting in debug mode as root, but it
also means that "allow_core_dumps" works again.
Alan T. DeKok [Sat, 14 Nov 2009 09:29:40 +0000 (10:29 +0100)]
Make templates work again
Alan T. DeKok [Fri, 13 Nov 2009 13:15:51 +0000 (14:15 +0100)]
Allow !* to work
The code to delete all attributes (as documented in unlang) was
previously added in evaluate.c. But the parser hadn't been updated,
so it was impossible to actually use that functionality.
Alan T. DeKok [Thu, 12 Nov 2009 15:19:25 +0000 (16:19 +0100)]
Print commands from radmin when in debug mode
Alan T. DeKok [Thu, 12 Nov 2009 11:25:03 +0000 (12:25 +0100)]
Fix WiMAX encoding bug introduced in
326a68b90a1a
Alan T. DeKok [Fri, 6 Nov 2009 13:16:42 +0000 (08:16 -0500)]
As posted to the list
Alan T. DeKok [Tue, 3 Nov 2009 21:40:03 +0000 (16:40 -0500)]
From bug #45
Alan T. DeKok [Wed, 28 Oct 2009 13:44:38 +0000 (09:44 -0400)]
errormsg may be NULL
Alan T. DeKok [Fri, 23 Oct 2009 09:37:44 +0000 (11:37 +0200)]
As posted to the list
Alan T. DeKok [Wed, 21 Oct 2009 13:15:28 +0000 (15:15 +0200)]
Removed recursive mutexes.
Some systems don't support recursive mutexes. Instead, they hang.
So... we've got to re-write the code so that it doesn't depend on
recursive mutexes.
Alan T. DeKok [Tue, 20 Oct 2009 14:28:58 +0000 (16:28 +0200)]
Conf for debugging
Alan T. DeKok [Tue, 20 Oct 2009 14:07:18 +0000 (16:07 +0200)]
Fix openssl checks
Alan T. DeKok [Tue, 20 Oct 2009 13:05:05 +0000 (15:05 +0200)]
Check src_port, not dst_port
Alan T. DeKok [Tue, 20 Oct 2009 13:03:54 +0000 (15:03 +0200)]
Always initialize proto
Alan T. DeKok [Tue, 20 Oct 2009 13:03:20 +0000 (15:03 +0200)]
Initialize proto for old-style realms
Alan T. DeKok [Tue, 20 Oct 2009 12:53:38 +0000 (14:53 +0200)]
Initialize via attr
Alan T. DeKok [Tue, 20 Oct 2009 10:14:36 +0000 (12:14 +0200)]
Retry if there was no response to the packet.
Alan T. DeKok [Sun, 18 Oct 2009 15:19:22 +0000 (17:19 +0200)]
Print env vars in parent, not child
Alan T. DeKok [Sun, 18 Oct 2009 11:47:06 +0000 (13:47 +0200)]
Changed stop packet msg to debug rather than error
Alan T. DeKok [Sun, 18 Oct 2009 07:04:36 +0000 (09:04 +0200)]
Define names
Alan T. DeKok [Fri, 16 Oct 2009 16:53:49 +0000 (18:53 +0200)]
Call detach only if function exists
Alan T. DeKok [Thu, 15 Oct 2009 09:23:30 +0000 (11:23 +0200)]
As posted to the list
Alan T. DeKok [Thu, 15 Oct 2009 08:08:40 +0000 (10:08 +0200)]
Fixed typo
Alan T. DeKok [Wed, 14 Oct 2009 12:09:41 +0000 (14:09 +0200)]
Fix to prevent compiler optimizations
from bug #30
Alan T. DeKok [Tue, 13 Oct 2009 10:53:49 +0000 (12:53 +0200)]
Write the PID file as late as possible
i.e. after checking the config, and after opening any sockets
Alan T. DeKok [Tue, 13 Oct 2009 10:52:12 +0000 (12:52 +0200)]
Fix typo
Alexander Clouter [Sat, 10 Oct 2009 12:25:29 +0000 (13:25 +0100)]
fix debian/rules to honour CFLAGS
Fixed up debian/rules to allow CFLAGS to be honoured.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Mon, 12 Oct 2009 11:56:49 +0000 (13:56 +0200)]
Fix typo
Alan T. DeKok [Mon, 12 Oct 2009 11:17:26 +0000 (13:17 +0200)]
Don't use source IP for EAP packets.
We control State, so it should be unique, too
Alan T. DeKok [Mon, 12 Oct 2009 11:14:09 +0000 (13:14 +0200)]
Make client/port/key-balance more like fail-over
Previously, they would default to load-balancing across all
found servers. Now they don't. This makes keyed-balance proxying
more robust with EAP
Alan T. DeKok [Mon, 12 Oct 2009 10:14:09 +0000 (12:14 +0200)]
Return rather than use the same ptr twice
Alan T. DeKok [Wed, 7 Oct 2009 13:08:55 +0000 (15:08 +0200)]
Fix typo
Alan T. DeKok [Tue, 6 Oct 2009 09:28:36 +0000 (11:28 +0200)]
Forgot to include this...
Alan T. DeKok [Tue, 6 Oct 2009 09:28:19 +0000 (11:28 +0200)]
Note changes
Alan T. DeKok [Tue, 6 Oct 2009 08:21:45 +0000 (10:21 +0200)]
Ensure that there is a cleanup event for proxied packets
If there was no reply, clean up, reject, etc. the request.
This doesn't matter so much for normal clients, as they will retransmit
and cause the old request to be deleted from the request hash.
But detail requests have random ports (for other reasons), so
they won't be cleaned up by new packets. Therefore, we need to clean
them up...
Alan T. DeKok [Tue, 6 Oct 2009 08:21:17 +0000 (10:21 +0200)]
Added more debugging messages
Alan T. DeKok [Tue, 6 Oct 2009 06:48:02 +0000 (08:48 +0200)]
Mark home server dead if it doesn't respond to pings
Alan T. DeKok [Mon, 5 Oct 2009 15:32:39 +0000 (17:32 +0200)]
Check for undefined types, too
Alan T. DeKok [Mon, 5 Oct 2009 15:12:33 +0000 (17:12 +0200)]
Set broadcast && reuseaddr before binding to socket
Alan T. DeKok [Sun, 4 Oct 2009 16:12:12 +0000 (18:12 +0200)]
Simplify the code
Alan T. DeKok [Sat, 3 Oct 2009 18:07:53 +0000 (20:07 +0200)]
More detailed debugging for detail
Alan T. DeKok [Sat, 3 Oct 2009 18:07:22 +0000 (20:07 +0200)]
Be more restrictive on bad input
Addresses bug #27
Alan T. DeKok [Sat, 3 Oct 2009 17:58:17 +0000 (19:58 +0200)]
Start simplifying the code that encodes attributes
Alan T. DeKok [Fri, 2 Oct 2009 08:52:44 +0000 (10:52 +0200)]
Fix passwords to have even length
Alan T. DeKok [Thu, 1 Oct 2009 13:07:51 +0000 (15:07 +0200)]
Increase max_sessions
Alan T. DeKok [Thu, 1 Oct 2009 13:06:59 +0000 (15:06 +0200)]
Print more descriptive error message for too many EAP sessions
Alan T. DeKok [Thu, 1 Oct 2009 09:15:55 +0000 (11:15 +0200)]
event.c frees the listener, so we don't need to
Alan T. DeKok [Thu, 1 Oct 2009 08:39:22 +0000 (10:39 +0200)]
Moved illegal attributes to the new dictionary
Alan T. DeKok [Wed, 30 Sep 2009 07:54:25 +0000 (09:54 +0200)]
Allow old-style dictionary formats, too
Alan T. DeKok [Tue, 29 Sep 2009 18:24:40 +0000 (20:24 +0200)]
Use packet codes from libradius
Alan T. DeKok [Tue, 29 Sep 2009 08:10:59 +0000 (10:10 +0200)]
Moved Ascends illegal attributes to their own file
Alan T. DeKok [Sun, 27 Sep 2009 17:45:20 +0000 (19:45 +0200)]
Assign variable before using it
Alan T. DeKok [Sun, 27 Sep 2009 16:28:17 +0000 (18:28 +0200)]
Use new API
Alan T. DeKok [Sun, 27 Sep 2009 16:23:18 +0000 (18:23 +0200)]
Include proto in API, no matter what build options
It's too hardware to have proto as a compile-time option
for the API. Instead, we add it everywhere. This slows down the
UDP-only case, but ensures that we can distinguish between a
home server of (ip,port) udp, and a home server of the same (ip,port)
and tcp
Alan T. DeKok [Fri, 25 Sep 2009 09:46:06 +0000 (11:46 +0200)]
Removed unnecessary line
Alan T. DeKok [Fri, 25 Sep 2009 09:21:50 +0000 (11:21 +0200)]
Be more flexible about parsing detail files
Allow any operator, not just '='
Alan T. DeKok [Fri, 25 Sep 2009 09:01:27 +0000 (11:01 +0200)]
Clean up state machine so it's more forgiving
Alan T. DeKok [Thu, 24 Sep 2009 20:01:54 +0000 (22:01 +0200)]
Fixed typo && include attrs.access_challenge in build
Alan T. DeKok [Thu, 24 Sep 2009 15:37:07 +0000 (17:37 +0200)]
Fixed compile error
bduncan [Tue, 22 Sep 2009 16:24:57 +0000 (09:24 -0700)]
64-bit fixes.
bduncan [Tue, 22 Sep 2009 16:23:47 +0000 (09:23 -0700)]
Check for NOOP from opendir.c
bduncan [Tue, 22 Sep 2009 16:22:49 +0000 (09:22 -0700)]
64-bit fixes and return NOOP for AD users.
bduncan [Tue, 22 Sep 2009 16:20:02 +0000 (09:20 -0700)]
Get private key passphrase from keychain using certadmin command.
Alan T. DeKok [Thu, 24 Sep 2009 15:28:56 +0000 (17:28 +0200)]
Jumbo patch to clean up socket handling
The transport protocol code is now more merged, and the "fr_tcp_radius_t"
structure and API are deleted. The resulting code is simpler and smaller.
Cleaned up how the listeners and even handlers deal with sockets.
The proxy sockets are now pushed into the proxy packet list, and are
not used in the main listener list.
The proxy packet list now deals with src/dst, and not just destination.
Alan T. DeKok [Thu, 24 Sep 2009 15:12:53 +0000 (17:12 +0200)]
Changed order of code to avoid race conditions
Alan T. DeKok [Thu, 24 Sep 2009 15:12:33 +0000 (17:12 +0200)]
Ensure that cached SSL sessions have data
Alan T. DeKok [Thu, 17 Sep 2009 10:03:36 +0000 (12:03 +0200)]
Fix arguments to client_find