Alan T. DeKok [Wed, 22 Feb 2012 08:38:46 +0000 (09:38 +0100)]
Note recent changes
Alan DeKok [Wed, 22 Feb 2012 08:37:49 +0000 (00:37 -0800)]
Merge pull request #50 from arr2036/rlm_rest
Add rlm_rest which does REST calls to an external HTTP server.
Alan T. DeKok [Wed, 22 Feb 2012 08:25:18 +0000 (09:25 +0100)]
Use names for logging parameters, and correct values
Alan T. DeKok [Tue, 21 Feb 2012 17:07:23 +0000 (18:07 +0100)]
Better fix for fixed point computations
So if rate_pps < 1000, we can still count it.
Alan T. DeKok [Tue, 21 Feb 2012 16:51:08 +0000 (17:51 +0100)]
Add rate limiting for network sockets
via "max_pps" in the "listen" section. It takes a count of the
packets received in the last second. If it's over max_pps, the
new packet is ignored. Otherwise, it's allowed.
We probably should instead have adaptive rate limiting based on
how many packets/s *finish* processing. But that's harder to do
for now.
Alan T. DeKok [Tue, 21 Feb 2012 13:54:08 +0000 (14:54 +0100)]
Added virtual server support
To make it simpler, and like the rest of the system
Alan T. DeKok [Tue, 21 Feb 2012 08:08:44 +0000 (09:08 +0100)]
Warn if we can't shut down modules cleanly
Alan T. DeKok [Tue, 21 Feb 2012 08:08:27 +0000 (09:08 +0100)]
Don't close connections that are in use.
Alan T. DeKok [Tue, 21 Feb 2012 07:57:49 +0000 (08:57 +0100)]
Try to use identity from SIM protocol, not EAP-Identity
Dan Harkins [Tue, 21 Feb 2012 08:15:53 +0000 (09:15 +0100)]
Sample configuration for EAP-PWD
Alan T. DeKok [Tue, 21 Feb 2012 08:13:53 +0000 (09:13 +0100)]
Make files so that EAP-PWD builds
Dan Harkins [Tue, 21 Feb 2012 08:12:24 +0000 (09:12 +0100)]
EAP-PWD Implementation
http://ietf.org/rfc/rfc5931.txt
Alan T. DeKok [Tue, 21 Feb 2012 08:10:42 +0000 (09:10 +0100)]
Define name and value for EAP-PWD
Arran Cudbard-Bell [Mon, 10 Oct 2011 18:20:44 +0000 (20:20 +0200)]
Initial commit of rlm_rest module
Add library independent streaming JSON generator
Add library independent streaming POST generator
Add support for parsing JSON and POST responses
Add support for parsing do_xlat and is_json flags in JSON responses
Add function to emulate CURLs multiple calls to the JSON generator when in stream mode, to allow transfer of data as a single contiguous block
Deduplicate truncation detection code.
Improvde consistancy of documentation.
Replace 1, 0 return codes with TRUE/FALSE macros.
Slightly better version of rest_uri_build
Add tables for auth types
Add a bunch of formatting fixes and extra options for SSL certs in curl
Alan T. DeKok [Fri, 17 Feb 2012 14:19:29 +0000 (15:19 +0100)]
Document MySQL character set issues
Patch from Stefan Winter
Alan T. DeKok [Fri, 17 Feb 2012 10:19:50 +0000 (11:19 +0100)]
New dictionary
Alan T. DeKok [Mon, 13 Feb 2012 19:59:29 +0000 (20:59 +0100)]
Added User-Role attribute
Alan T. DeKok [Fri, 17 Feb 2012 08:58:07 +0000 (09:58 +0100)]
New purewave dictionary
Alan T. DeKok [Mon, 13 Feb 2012 20:10:16 +0000 (21:10 +0100)]
Added provisions for "site local" dictionaries
Alan T. DeKok [Mon, 13 Feb 2012 16:02:14 +0000 (17:02 +0100)]
Change ports to not conflict with inner-tunnel
Alan T. DeKok [Mon, 13 Feb 2012 10:19:08 +0000 (11:19 +0100)]
Fix EAP-Type values
Noticed by Stefan Winter
Alan T. DeKok [Sat, 11 Feb 2012 09:07:11 +0000 (10:07 +0100)]
Directories need to be +x
Matthew Newton [Fri, 10 Feb 2012 00:51:07 +0000 (00:51 +0000)]
Add examples to EAP-TLS virtual server
Alan T. DeKok [Fri, 10 Feb 2012 10:37:22 +0000 (11:37 +0100)]
Save TLS-* attributes on session resumption
Manual pull from
d73fc3b75d
We could probably just save the certs in the ssl->session data,
just like the cached VPs. But that's more work...
Alan T. DeKok [Thu, 9 Feb 2012 12:28:31 +0000 (13:28 +0100)]
Automatically make directories
Alan T. DeKok [Thu, 9 Feb 2012 12:29:09 +0000 (13:29 +0100)]
Manual port of
ed8edcac2da6f1db
Create common name only if there's a subject
Alan T. DeKok [Wed, 8 Feb 2012 15:01:43 +0000 (16:01 +0100)]
strncpy is evil. Don't use it.
Alan T. DeKok [Thu, 9 Feb 2012 10:00:56 +0000 (11:00 +0100)]
src_ipaddr is needed for non-STATS builds
Alan T. DeKok [Wed, 8 Feb 2012 15:19:31 +0000 (16:19 +0100)]
Start of allowing multiple packets outstanding for detail file
configuration option "max_outstanding"
Each packet read has a unique counter
Alan T. DeKok [Wed, 8 Feb 2012 14:28:17 +0000 (15:28 +0100)]
Faster detail file reader.
If "delay = 0", go read another packet immediately.
Matthew Newton [Wed, 8 Feb 2012 10:51:44 +0000 (11:51 +0100)]
Add virtual-server option for EAP-TLS to allow certificate field checks
Normally attributes such as TLS-Client-Cert-Common-Name can be seen in
Post-Auth only, which is too late to act if the return to the client should
be changed. This code adds a virtual-server option to EAP-TLS to allow
these values to be examined, and the return status updated accordingly.
Alan T. DeKok [Wed, 8 Feb 2012 08:33:19 +0000 (09:33 +0100)]
Note recent changes
Alan T. DeKok [Wed, 8 Feb 2012 08:32:55 +0000 (09:32 +0100)]
Remove these modules from the new build system
Alan DeKok [Wed, 8 Feb 2012 08:30:47 +0000 (00:30 -0800)]
Merge pull request #48 from cmikk/abinary-fix
Print abinary values without delimiters, unless requested by caller.
Chris Mikkelson [Tue, 7 Feb 2012 21:40:13 +0000 (15:40 -0600)]
Print abinary values without delimiters, unless requested by caller.
Alan T. DeKok [Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)]
heck for account and password expiration
Alan T. DeKok [Tue, 7 Feb 2012 19:54:11 +0000 (20:54 +0100)]
Fix typos
Alan T. DeKok [Tue, 7 Feb 2012 09:30:48 +0000 (10:30 +0100)]
Move README to README.rst and fixes RST formatting
Matthew Newton [Mon, 6 Feb 2012 15:07:32 +0000 (16:07 +0100)]
Add "syslog_facility" to rlm_linelog
Document it. Export the facility name to integer table
from mainconfig.c
Alan T. DeKok [Mon, 6 Feb 2012 14:30:49 +0000 (15:30 +0100)]
Sync with upstream
Alan T. DeKok [Mon, 6 Feb 2012 14:08:38 +0000 (15:08 +0100)]
Add FreeRADIUS-specific output file
Alan T. DeKok [Mon, 6 Feb 2012 13:37:49 +0000 (14:37 +0100)]
Sync with original github project
Alan T. DeKok [Mon, 6 Feb 2012 10:44:29 +0000 (11:44 +0100)]
Fix typo in last commit
Alan T. DeKok [Mon, 6 Feb 2012 09:53:52 +0000 (10:53 +0100)]
Allow data2vp_any() to be called with packet==NULL
The packet is only used to decrypt certain attributes.
If there is no need to decrypt those attributes, then the
packet pointer isn't necessary.
Alan T. DeKok [Fri, 3 Feb 2012 09:45:50 +0000 (10:45 +0100)]
Note TLS-* attribute allocation
Alan T. DeKok [Tue, 31 Jan 2012 14:18:33 +0000 (15:18 +0100)]
Remove compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 14:13:40 +0000 (15:13 +0100)]
Get rid of compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 14:03:50 +0000 (15:03 +0100)]
Print out one value for --config=value
Alan T. DeKok [Tue, 31 Jan 2012 14:03:20 +0000 (15:03 +0100)]
CC jlibtool.c
to make it compatible with the rest of the build system
Alan T. DeKok [Tue, 31 Jan 2012 13:53:02 +0000 (14:53 +0100)]
Note errors if trying to build shared libs without -rpath
Alan T. DeKok [Tue, 31 Jan 2012 11:39:10 +0000 (12:39 +0100)]
Removed unused file
Alan T. DeKok [Tue, 31 Jan 2012 11:21:16 +0000 (12:21 +0100)]
Get rid of compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 11:18:35 +0000 (12:18 +0100)]
Added more compiler warning flags
for format string issues
Alan T. DeKok [Tue, 31 Jan 2012 11:16:38 +0000 (12:16 +0100)]
Fix compiler warnings
As part of the goal of getting the code to build cleanly,
without warnings
Alan T. DeKok [Tue, 31 Jan 2012 11:10:36 +0000 (12:10 +0100)]
Fix typo when using list
Alan T. DeKok [Tue, 31 Jan 2012 10:51:30 +0000 (11:51 +0100)]
Don't link in sites-enabled/tls
It confuses too many people
Alan T. DeKok [Tue, 31 Jan 2012 09:55:11 +0000 (10:55 +0100)]
Add documentation
Alan T. DeKok [Tue, 31 Jan 2012 09:25:25 +0000 (10:25 +0100)]
First pass at cablelabs nonsense
It doesn't do anything. But we've at least recorded the structures
necessary for full decoding
Alan T. DeKok [Mon, 30 Jan 2012 19:05:33 +0000 (20:05 +0100)]
Use unused variable
Alan T. DeKok [Mon, 30 Jan 2012 19:03:46 +0000 (20:03 +0100)]
Parantheses to avoid compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 19:03:05 +0000 (20:03 +0100)]
Add "const" for compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 19:02:05 +0000 (20:02 +0100)]
Fix compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 18:58:34 +0000 (19:58 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:55:05 +0000 (19:55 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:50:27 +0000 (19:50 +0100)]
deal with unused arguments
Alan T. DeKok [Mon, 30 Jan 2012 18:49:54 +0000 (19:49 +0100)]
Change data type to avoid compiler warnings
Alan T. DeKok [Sun, 29 Jan 2012 11:14:51 +0000 (12:14 +0100)]
Enable DHCP by default
Alan T. DeKok [Fri, 27 Jan 2012 09:48:40 +0000 (10:48 +0100)]
A bit better fix. Not done yet
Alan T. DeKok [Fri, 27 Jan 2012 09:35:09 +0000 (10:35 +0100)]
Correctly determine TARGET
Don't just blindly append a ".a" to it
Alan T. DeKok [Fri, 27 Jan 2012 09:29:48 +0000 (10:29 +0100)]
Correct references to record_plus/minus()
Alan T. DeKok [Fri, 27 Jan 2012 09:26:04 +0000 (10:26 +0100)]
Move dump_hex() function to tls_listen.c
Alan T. DeKok [Fri, 27 Jan 2012 08:00:31 +0000 (09:00 +0100)]
Add in missing C file again
Alan T. DeKok [Fri, 27 Jan 2012 07:59:05 +0000 (08:59 +0100)]
FIx typos
Alan T. DeKok [Fri, 27 Jan 2012 07:53:20 +0000 (08:53 +0100)]
Add missing file
Alan T. DeKok [Thu, 26 Jan 2012 15:06:02 +0000 (16:06 +0100)]
Move server-specific code to tls_listen.c
This lets us build radeapclient, which can do EAP-MD5,
or EAP-TLS if OpenSSL is enabled
Alan T. DeKok [Thu, 26 Jan 2012 09:28:39 +0000 (10:28 +0100)]
Add radsniff to configure scripts
Alan T. DeKok [Thu, 26 Jan 2012 09:01:05 +0000 (10:01 +0100)]
Made ECHO a macro
so that doing "ECHO=true" means the ONLY output becomes errors
from the compiler.
Alan T. DeKok [Thu, 26 Jan 2012 08:54:21 +0000 (09:54 +0100)]
Fix typo
Alan T. DeKok [Wed, 25 Jan 2012 17:02:50 +0000 (18:02 +0100)]
Start integrating new build system with "configure"
Have the "all.mk" files generated by "configure".
Alan T. DeKok [Tue, 24 Jan 2012 14:55:30 +0000 (15:55 +0100)]
Put quotes around string
Alan T. DeKok [Wed, 25 Jan 2012 13:44:14 +0000 (14:44 +0100)]
Use non-zero timeout in pcap_open_live
http://www.tcpdump.org/pcap.html says:
to_ms is the read time out in milliseconds (a value of 0 means
no time out; on at least some platforms, this means that you may
wait until a sufficient number of packets arrive before seeing
any packets, so you should use a non-zero timeout)
Nice..
Alan T. DeKok [Wed, 25 Jan 2012 13:34:53 +0000 (14:34 +0100)]
New build rules for radsniff
Alan T. DeKok [Wed, 25 Jan 2012 10:53:29 +0000 (11:53 +0100)]
Remove "hash" from RADIUS_PACKET
It's no longer needed. Various support functions are
also removed.
Alan T. DeKok [Wed, 25 Jan 2012 10:52:23 +0000 (11:52 +0100)]
Correctly calculate dependencies
FIRST filter absolute path -> ${top_srcdir}
THEN filter absolute path -> ${BUILDDIR}
THEN delete all other absolute paths.
They're not part of our build!
Alan DeKok [Tue, 24 Jan 2012 18:59:16 +0000 (10:59 -0800)]
Merge pull request #45 from mcnewton/build-tidy
Couple of minor build tidyness issues
Alan T. DeKok [Tue, 24 Jan 2012 14:31:23 +0000 (15:31 +0100)]
Fix typo. "post-auth", not "postauth"
Alan T. DeKok [Tue, 24 Jan 2012 14:24:53 +0000 (15:24 +0100)]
Fix rules for installing header files
Alan T. DeKok [Tue, 24 Jan 2012 14:13:42 +0000 (15:13 +0100)]
Link to the crypt libraries if necessary
Alan T. DeKok [Tue, 24 Jan 2012 14:10:54 +0000 (15:10 +0100)]
Don't build radeapclient.
It requires the TLS code from src/main, which in turn requires
much of the server core. People should use eapol_test instead.
Alan T. DeKok [Tue, 24 Jan 2012 12:17:58 +0000 (13:17 +0100)]
One last build rule
CFLAGS points to -Isrc, instead of -I$(BUILDDIR)/make/include
Alan T. DeKok [Tue, 24 Jan 2012 10:37:12 +0000 (11:37 +0100)]
Print out correct install target
Alan T. DeKok [Tue, 24 Jan 2012 10:09:43 +0000 (11:09 +0100)]
Use $(LIBS) for TGT_LDLIBS
Which automatically gets -lpthread if needed, and the Max OSX
directory services flags
Alan T. DeKok [Tue, 24 Jan 2012 10:09:18 +0000 (11:09 +0100)]
Don't delete blank lines from dependency fixer.
It breaks on Linux
Alan T. DeKok [Tue, 24 Jan 2012 08:57:06 +0000 (09:57 +0100)]
add_rpath is static
Matthew Newton [Mon, 23 Jan 2012 20:27:53 +0000 (20:27 +0000)]
Tidy src/modules/rlm_wimax/Makefile
Matthew Newton [Mon, 23 Jan 2012 20:16:14 +0000 (20:16 +0000)]
Fix up debian package after modules -> mods-available move
Alan T. DeKok [Mon, 23 Jan 2012 20:10:01 +0000 (21:10 +0100)]
OCSP_REQ_CTX is only in newer versions of OpenSSL
Alan T. DeKok [Mon, 23 Jan 2012 17:16:51 +0000 (18:16 +0100)]
Use the new build framework
By editing Make.inc, and adding "BOILER=yes" to the end.
It's not automatically enabled, because we don't want it to
break peoples systems.
The result is MUCH faster build times. "make" from the top
level takes ~0.2s, instead of 7 seconds.
Alan T. DeKok [Mon, 23 Jan 2012 17:15:57 +0000 (18:15 +0100)]
A libtool-style wrapper.
Faster, and portable. For more, see:
https://github.com/alandekok/jlibtool
Alan T. DeKok [Mon, 23 Jan 2012 17:11:20 +0000 (18:11 +0100)]
Support new build system
After 10+ years, recursive make should be left behind.
This new framework is taken from:
https://github.com/dmoulding/boilermake
with some changes by myself. The basic framework is ~500 lines
of GNU Makefile code. Adding libtool-style wrappers and install
frameworks is another ~500 LoC. The result is that we now
have a build system which all developers should use.
Each individual Makefile is small, simple, etc. Dependencies
are automatically calculated and tracked, so the developer
doesn't have to worry.
The minor downside is that you can't do "cd X;make". This is
a GOOD thing, because Make now handles all dependencies. i.e.
building in a subdirectory should NEVER be necessary.
All output goes into the "build" directory, which is a bit of
a change.