raghu [Sat, 19 Jan 2002 22:47:17 +0000 (22:47 +0000)]
This file should be moved to src/lib.
A new file to generate & verify state attribute.
raghu [Sat, 19 Jan 2002 22:44:47 +0000 (22:44 +0000)]
EAP module is generalised to handle any EAP-Type.
Following are the changes
1. A new Data structure EAP_HANDLER for consistent interface
with all EAP-Types
2. An opaque container to hold Request-Response data for any EAP-Type
3. Password is no more checked in the EAP-Module, but will
checked in specific EAP-Type that requires it.
4. A new Data structure eaptype_t for EAP-Type specific data passing
between EAP module & EAP-Types
5. Some minor code enhancements & beautifications.
3APA3A [Sat, 19 Jan 2002 10:49:15 +0000 (10:49 +0000)]
+ Items for ms-chap support in ldap module added
3APA3A [Sat, 19 Jan 2002 10:38:53 +0000 (10:38 +0000)]
+ support for "authtype" configuration parameter added. Patch by
Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>
3APA3A [Sat, 19 Jan 2002 10:37:28 +0000 (10:37 +0000)]
+ LM-Password-TEXT/NT-Password-TEXT/SMB-Account-CTRL-TEXT attributes
handling added. Patch by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>
3APA3A [Sat, 19 Jan 2002 10:21:25 +0000 (10:21 +0000)]
+ defines for PW_LM_PASSWORD_TEXT/PW_NT_PASSWORD_TEXT/PW_SMB_ACCOUNT_CTRL_TEXT added
3APA3A [Sat, 19 Jan 2002 10:18:18 +0000 (10:18 +0000)]
+ LM-Password-TEXT/NT-Password-TEXT/SMB-Account-CTRL-TEXT attributes added
fcusack [Sat, 19 Jan 2002 01:20:24 +0000 (01:20 +0000)]
include rad_assert.h before using it
fcusack [Fri, 18 Jan 2002 22:47:08 +0000 (22:47 +0000)]
fix softfail bug (update last_auth on failed auth)
fcusack [Fri, 18 Jan 2002 21:34:57 +0000 (21:34 +0000)]
use rad_assert() to guarantee creation of mppe attributes.
fcusack [Fri, 18 Jan 2002 21:19:39 +0000 (21:19 +0000)]
remove (noreplace)
3APA3A [Fri, 18 Jan 2002 17:06:11 +0000 (17:06 +0000)]
! Check for ACB_DISABLED flag moved to authorization
aland [Fri, 18 Jan 2002 16:49:43 +0000 (16:49 +0000)]
Use the module's second name (i.e. "ldap ldap1") to register the
xlat function. If there is no second name, use the first name.
And when done, unregister the given name.
Based on a patch by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>
kkalev [Fri, 18 Jan 2002 12:41:20 +0000 (12:41 +0000)]
* Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and
radaclient).
* Add general_finger_type directive to determine if we will use snmpfinger in user_finger.php3
* Fix a bug in config.php3 when we have a directive containing ':'
* Fix a bug in lib/ldap/change_attrs.php3 that did not allow changing more than one value of a
multivalued attribute simultaneously.
miquels [Fri, 18 Jan 2002 12:39:16 +0000 (12:39 +0000)]
* todo/serverside-ip-pools: new file describing how to implemented
server-side IP pools
* todo/radius.conf.sample2: removed, we have a radius.conf don't we
3APA3A [Fri, 18 Jan 2002 07:45:01 +0000 (07:45 +0000)]
! createsmbpw bug patched Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>
fcusack [Fri, 18 Jan 2002 02:35:30 +0000 (02:35 +0000)]
Use rad_malloc() instead of malloc() + NULL test.
Fix prototype/function call mismatches.
Bug noted by Lance Uyehara <lance@verniernetworks.com>.
fcusack [Fri, 18 Jan 2002 02:22:48 +0000 (02:22 +0000)]
add missing '{' in rad_check_password().
Patch from Lance Uyehara <lance@verniernetworks.com>.
fcusack [Thu, 17 Jan 2002 04:02:17 +0000 (04:02 +0000)]
Update Copyright date.
fcusack [Thu, 17 Jan 2002 04:00:47 +0000 (04:00 +0000)]
Remove 2 TODOs that aren't needed. Update Copyright dates.
aland [Wed, 16 Jan 2002 21:51:45 +0000 (21:51 +0000)]
* wrap rlm_sql.h into #ifdef _RLM_SQL_H
* sql_iodbc.h - dumped typedef SQL_ROW (already defined in rlm_sql.h)
- typo fix
- function declaration fixes
* sql_iodbc.c - fixed row allocation in sql_select_query() (off by 1)
- moved SQLAllocStmt() from sql_init_socket() into sql_query()
(and inserted SQLFreeStmt() into sql_free_result()
- typo fix
Patch from Andreas Kainz <aka@maxxio.at>
aland [Wed, 16 Jan 2002 21:19:41 +0000 (21:19 +0000)]
Correctly check for the odbc lib.
(checks for SQLConnect() in libodbc.*)
Patch from Andreas Kainz <aka@maxxio.at>
aland [Wed, 16 Jan 2002 18:42:10 +0000 (18:42 +0000)]
Prefix attribute names with Quintum, to ensure they're unique,
and not the same as the Cisco attributes.
aland [Wed, 16 Jan 2002 16:32:36 +0000 (16:32 +0000)]
Made CHAP-Password 'octets', as it's normally a binary string.
Updated the 'octets' parser in parimake(), to allow for "string"
style data to be used, too.
aland [Wed, 16 Jan 2002 15:47:27 +0000 (15:47 +0000)]
Include the quintum dictionary in the default list.
3APA3A [Wed, 16 Jan 2002 14:16:38 +0000 (14:16 +0000)]
! THREAD_SAFE patch by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>
! removed "register" keywords for variables
aland [Tue, 15 Jan 2002 20:53:48 +0000 (20:53 +0000)]
If we cannot connect to the SQl database, then it's a module
failure, not an authentication reject.
Patch from Randy Moore <ramoore@axion-it.net>
aland [Tue, 15 Jan 2002 20:38:33 +0000 (20:38 +0000)]
Updated for changes we've made over the past while.
The man page was getting *seriously* out of date.
aland [Tue, 15 Jan 2002 20:30:25 +0000 (20:30 +0000)]
Change '--' to '-' in name of man page, due to reported problems
on Solaris.
aland [Tue, 15 Jan 2002 20:26:13 +0000 (20:26 +0000)]
Moved MS specific attribute definitions out of rlm_mschap, and into
the global header file. Since the LM-Password, etc. are defined
in the top-level dictionary, this makes sense.
It also helps to prevent from duplicating the values of certain
attributes.
aland [Tue, 15 Jan 2002 20:22:43 +0000 (20:22 +0000)]
Add assertions that pairmake() doesn't fail.
Add checks for errors, and debug logs, if it does.
Bug noted on the list by Chris Green <cmg@uab.edu>
aland [Tue, 15 Jan 2002 15:58:39 +0000 (15:58 +0000)]
Added information pointing to livingston mirror, and their documents
kkalev [Tue, 15 Jan 2002 14:45:21 +0000 (14:45 +0000)]
Add the dialup_admin web interface. Hope everything works fine
aland [Mon, 14 Jan 2002 22:23:10 +0000 (22:23 +0000)]
Minor changes to get rid of compiler warnings.
aland [Mon, 14 Jan 2002 22:21:12 +0000 (22:21 +0000)]
Delete an unused variable, and ensure that another is initialized.
aland [Mon, 14 Jan 2002 22:19:55 +0000 (22:19 +0000)]
Minor changes to fix compiler warnings.
aland [Mon, 14 Jan 2002 22:14:27 +0000 (22:14 +0000)]
Added more 'const' to get rid of some compiler warnings.
aland [Mon, 14 Jan 2002 22:09:40 +0000 (22:09 +0000)]
Removed 'register' keyword from variable declaration.
Using 'register' only matters if your compiler is broken.
aland [Mon, 14 Jan 2002 18:46:53 +0000 (18:46 +0000)]
Additional attributes for the Annex-RAC R18.0 software.
Larry Smith <lesmith@ecsis.net> and Bill Campbell <bill@celestial.com>
fcusack [Mon, 14 Jan 2002 17:13:58 +0000 (17:13 +0000)]
Don't blindly set auth_type just because we have a PW_PASSWORD.
Bug introduced in rev 1.97.
3APA3A [Mon, 14 Jan 2002 11:42:31 +0000 (11:42 +0000)]
! Cosmetic changes to avoid compilation warnings
3APA3A [Mon, 14 Jan 2002 11:31:36 +0000 (11:31 +0000)]
! Cosmetic changes to avoid compilation errors
3APA3A [Mon, 14 Jan 2002 11:22:48 +0000 (11:22 +0000)]
! Cosmetic changes to prevent warnings during compilation
3APA3A [Mon, 14 Jan 2002 11:11:42 +0000 (11:11 +0000)]
! Minor security improvements
fcusack [Sun, 13 Jan 2002 19:38:09 +0000 (19:38 +0000)]
Add some notables.
fcusack [Sun, 13 Jan 2002 19:34:51 +0000 (19:34 +0000)]
Remove Password = {"UNIX","PAM"} backwards compatibility.
fcusack [Sun, 13 Jan 2002 15:36:46 +0000 (15:36 +0000)]
Update based on RFC 2548
fcusack [Sun, 13 Jan 2002 14:56:54 +0000 (14:56 +0000)]
Give admin a hint about possible misconfiguration,
for a specific error that shouldn't happen.
fcusack [Sun, 13 Jan 2002 14:17:01 +0000 (14:17 +0000)]
Give credit to Takahiro Wagatsuma for MPPE.
fcusack [Sun, 13 Jan 2002 13:08:10 +0000 (13:08 +0000)]
make x99 MPPE support configurable.
fcusack [Sun, 13 Jan 2002 11:12:01 +0000 (11:12 +0000)]
Deprecate attribute 'Password' in favor of 'User-Password'.
fcusack [Sun, 13 Jan 2002 10:35:11 +0000 (10:35 +0000)]
don't artificially limit the secret length to 32.
fcusack [Sun, 13 Jan 2002 09:17:44 +0000 (09:17 +0000)]
Fix MS-CHAPv1 MPPE support. Still commented out by default.
Thanks to Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>.
aland [Sat, 12 Jan 2002 21:37:57 +0000 (21:37 +0000)]
Add the CHAP-Challenge, taken from the request authenticator,
so that later modules can have access to it.
Patch from Nathan Miller <nmiller_lists@visp.net>
3APA3A [Sat, 12 Jan 2002 13:39:54 +0000 (13:39 +0000)]
! MS-CHAP-MPPE-Keys bug fixed + now nthashhash is used to build attribute
instead of nthash. It's against RFC but it's like MPPE operates in fact.
3APA3A [Sat, 12 Jan 2002 13:37:14 +0000 (13:37 +0000)]
! rad_tunnel_pwencode/rad_tunnel_pwdecode fixed
3APA3A [Sat, 12 Jan 2002 13:36:19 +0000 (13:36 +0000)]
! rad_tunnel_pwdecode prototype changed
3APA3A [Fri, 11 Jan 2002 16:44:50 +0000 (16:44 +0000)]
! sha1.c now uses htonl() - no more BYTEORDER required.
3APA3A [Fri, 11 Jan 2002 15:24:35 +0000 (15:24 +0000)]
+ require_encryption and require_strong parameters added for mschap module
3APA3A [Fri, 11 Jan 2002 15:13:46 +0000 (15:13 +0000)]
+ if mppe enabled MS-MPPE-Encryption-Policy MS-MPPE-Encryption-Types
now added. 2 new configuration parameters: requiere_encryption and
require_strong
3APA3A [Fri, 11 Jan 2002 14:37:12 +0000 (14:37 +0000)]
+ use_mppe example added for mschap module configuration
3APA3A [Fri, 11 Jan 2002 12:44:15 +0000 (12:44 +0000)]
+ For MS-CHAP v1 MS-CHAP-MPPE-Keys attribute added
+ configuration option use_mppe added. On by default. For MS-CHAPv1
generates MS-CHAP-MPPE-Keys for MS-CHAPv2 generates pair MS-MPPE-Send-Key
MS-MPPE-Recv-Key
3APA3A [Fri, 11 Jan 2002 10:02:06 +0000 (10:02 +0000)]
+ MPPE support by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp> added
for both MS-CHAPv1 and MS-CHAPv2
kkalev [Thu, 10 Jan 2002 15:59:58 +0000 (15:59 +0000)]
Add support for multiple password attributes in one entry
aland [Wed, 9 Jan 2002 16:06:50 +0000 (16:06 +0000)]
Added text describing how attributes are converted to
environment variables.
fcusack [Sun, 6 Jan 2002 16:13:07 +0000 (16:13 +0000)]
update info on Sun /dev/random patches.
aland [Fri, 4 Jan 2002 16:47:26 +0000 (16:47 +0000)]
Added text for acct_users
aland [Fri, 4 Jan 2002 16:00:13 +0000 (16:00 +0000)]
Compile bugs:
lvalue is uint32_t, NOT int32_t
Don't use too many arguments for a format
De-reference an integer pointer, before comparing it to an integer
Bugs found by "Esken, Christian, VP-TS, CE" <Christian.Esken@passo.de>
aland [Thu, 3 Jan 2002 17:40:58 +0000 (17:40 +0000)]
Patch the default queries && DB schema to allow for the use
of the operators.
Patch from Randy Moore <ramoore@axion-it.net>
fcusack [Thu, 3 Jan 2002 05:58:43 +0000 (05:58 +0000)]
fix operator precedence bug
aland [Wed, 2 Jan 2002 23:20:25 +0000 (23:20 +0000)]
Use accounting host name for accounting IP address, NOT
the authentication host name.
Bug && patch by Angus Stewart <angus@ASCnet.COM>
aland [Wed, 2 Jan 2002 23:12:28 +0000 (23:12 +0000)]
Added checks for -lcipher (FreeBSD)
Patch by Victor Ivanov <v0rbiz@icon.bg>
aland [Wed, 2 Jan 2002 17:41:45 +0000 (17:41 +0000)]
Much belated patch to add fgetpwent(), etc. compatibility,
from Daniel Carroll <freeradius@defiant.mesastate.edu>
fcusack [Wed, 2 Jan 2002 12:57:47 +0000 (12:57 +0000)]
update Auth-Type handling
fcusack [Wed, 2 Jan 2002 12:07:10 +0000 (12:07 +0000)]
implement resync_req.
challenge_req now means challenge-without-resync,
resync_req means challenge-with-resync.
fcusack [Wed, 2 Jan 2002 08:35:41 +0000 (08:35 +0000)]
some minor fixups
fcusack [Wed, 2 Jan 2002 08:34:15 +0000 (08:34 +0000)]
add some TODOs
fcusack [Wed, 2 Jan 2002 08:30:46 +0000 (08:30 +0000)]
maxfail -> softfail/hardfail.
hardfail now acts as maxfail did (user lockout).
softfail restricts the authentication frequency.
fcusack [Mon, 31 Dec 2001 04:12:41 +0000 (04:12 +0000)]
More info on Solaris /dev/random
kkalev [Tue, 25 Dec 2001 15:38:24 +0000 (15:38 +0000)]
Add the rlm_pap module. Support multiple encryption schemes (clear,crypt,md5)
kkalev [Tue, 25 Dec 2001 15:37:28 +0000 (15:37 +0000)]
Add entries for rlm_pap in radiusd.conf
kkalev [Sun, 23 Dec 2001 23:20:19 +0000 (23:20 +0000)]
Fixed a bug in ldap_instantiate() when initializing inst->atts
kkalev [Sun, 23 Dec 2001 21:05:20 +0000 (21:05 +0000)]
Removed an ldap_enable_cache() causing problems
3APA3A [Sat, 22 Dec 2001 09:31:31 +0000 (09:31 +0000)]
! Fixed a crash on a packet without User-Name attribute
aland [Thu, 20 Dec 2001 20:20:14 +0000 (20:20 +0000)]
If a request hangs around for more than max_request_time,
send a reject message, and mark it finished.
kkalev [Thu, 20 Dec 2001 13:24:01 +0000 (13:24 +0000)]
Add changelog for recent changes in rlm_ldap.c
Add documentation for ldap_xlat in rlm_ldap
kkalev [Wed, 19 Dec 2001 21:06:06 +0000 (21:06 +0000)]
Add ldap caching. Make rlm_ldap thread safe. Fix a memory leak in ldap_xlat.
Remove a few dict_attrbyname in ldap_pairget which where unneeded.
Move two radius_xlat's in ldap_authenticate to the right place.
aland [Wed, 19 Dec 2001 20:22:43 +0000 (20:22 +0000)]
When decoding an attribute, break, and do NOT fall through to
copying extra characters.
Bug found and patch posted by radius@palosanto.com
kkalev [Wed, 19 Dec 2001 16:26:05 +0000 (16:26 +0000)]
Add user definable counter reset values. Something like:
reset = 10h were h means hours
fcusack [Wed, 19 Dec 2001 04:44:46 +0000 (04:44 +0000)]
Don't do anything if Auth-Type already set and == Reject
kkalev [Tue, 18 Dec 2001 21:49:07 +0000 (21:49 +0000)]
Add support for 'never' counter expiration.
Patch by Aleksandr Kuzminsky <ingoth@nbi.com.ua>
fcusack [Sun, 16 Dec 2001 03:47:25 +0000 (03:47 +0000)]
protect against missing dictionary entries when setting up known password types
fcusack [Sat, 15 Dec 2001 06:01:18 +0000 (06:01 +0000)]
MS-MPPE-Encryption-Types, not MS-MPPE-Encryption-Type (per RFC 2548).
fcusack [Sat, 15 Dec 2001 04:21:31 +0000 (04:21 +0000)]
remove #ifdef for vendor_dict hack.
fcusack [Sat, 15 Dec 2001 04:01:54 +0000 (04:01 +0000)]
correct usage hint for challenge_req.
fcusack [Fri, 14 Dec 2001 23:23:46 +0000 (23:23 +0000)]
Use attribute settings for 0.4+. My local tree is a butchered 0.3 which
is why this setting is even #ifdef'd.
fcusack [Fri, 14 Dec 2001 22:50:05 +0000 (22:50 +0000)]
Add flexible password support -- now supports pap/chap/mschap/mschapv2 and mppe.
fcusack [Fri, 14 Dec 2001 22:44:13 +0000 (22:44 +0000)]
forgot this earlier
fcusack [Fri, 14 Dec 2001 22:42:24 +0000 (22:42 +0000)]
Use MD5_DIGEST_LENGTH instead of '16'.
fcusack [Fri, 14 Dec 2001 22:34:52 +0000 (22:34 +0000)]
misc updates