Alan T. DeKok [Tue, 14 Sep 2010 00:40:24 +0000 (02:40 +0200)]
Allow sqlite filename to be specified in the configuration file.
Undocumented for now. Based on a patch from Sven Anders
Alan T. DeKok [Mon, 13 Sep 2010 14:55:34 +0000 (16:55 +0200)]
Module-Failure-Message goes in request, not in reply
Alan T. DeKok [Mon, 13 Sep 2010 09:55:36 +0000 (11:55 +0200)]
Fix parameter passing issue. closes bug #105
Alan T. DeKok [Sun, 12 Sep 2010 08:57:05 +0000 (10:57 +0200)]
Moved to RST format.
Alan T. DeKok [Sun, 12 Sep 2010 08:51:59 +0000 (10:51 +0200)]
Renamed in preparation for moving to RST format.
Alan T. DeKok [Tue, 14 Sep 2010 00:37:36 +0000 (02:37 +0200)]
Be more forgiving when starting proxy sockets.
Manual merge of
92beaf4f00ef
Alan T. DeKok [Fri, 10 Sep 2010 14:40:18 +0000 (16:40 +0200)]
Add message from ntlm_auth to Module-Failure-Message
Alan T. DeKok [Fri, 10 Sep 2010 13:31:35 +0000 (15:31 +0200)]
More docs on the inner tunnel stuff
Alan T. DeKok [Fri, 10 Sep 2010 12:22:16 +0000 (14:22 +0200)]
Fix typo in error message
Alan T. DeKok [Fri, 10 Sep 2010 11:55:47 +0000 (13:55 +0200)]
Fix typo in command-line option
And set "libltdl-installable" if we're using our local libltdl.
Otherwise, it will *still* use the system one. <sigh>
Alan T. DeKok [Thu, 9 Sep 2010 13:29:29 +0000 (15:29 +0200)]
Add support for extended attributes: draft-dekok-radext-radius-extensions
We can encode / decode all non-TLV types without a problem.
TLVs are currently limited to one level (241.1.2), and to the
length of the encapsulating RADIUS attribute.
The "M" flag for extended attributes with flags is not supported.
Alan T. DeKok [Thu, 9 Sep 2010 12:49:01 +0000 (14:49 +0200)]
Close file on error condition
Alan T. DeKok [Thu, 9 Sep 2010 12:40:48 +0000 (14:40 +0200)]
Free memory if out of memory
Alan T. DeKok [Thu, 9 Sep 2010 12:33:03 +0000 (14:33 +0200)]
Ensure we leave room for the trailing NUL
Bjørn Mork [Wed, 8 Sep 2010 13:17:15 +0000 (15:17 +0200)]
Updating dictionary.erx based on Juniper documentation
Also adding a note about JUNOS (M/MX) usage of this dictionary.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Alan T. DeKok [Thu, 9 Sep 2010 11:15:04 +0000 (13:15 +0200)]
Print error message if we're not configured to listen on any ports
Manual merge of
a50005713e5238
Alan T. DeKok [Wed, 8 Sep 2010 06:05:50 +0000 (08:05 +0200)]
Added missing check for lookup
Alan T. DeKok [Tue, 7 Sep 2010 20:37:41 +0000 (22:37 +0200)]
Made warning messages more consistent
Alan T. DeKok [Tue, 7 Sep 2010 20:36:35 +0000 (22:36 +0200)]
Regularized error messages
Alan T. DeKok [Tue, 7 Sep 2010 20:36:04 +0000 (22:36 +0200)]
Remove port 1814 from the default pcap filter. It isn't necessary
Alan T. DeKok [Tue, 7 Sep 2010 20:20:55 +0000 (22:20 +0200)]
Fix escaping rules. Closes bug #46
Alan T. DeKok [Tue, 7 Sep 2010 15:17:43 +0000 (17:17 +0200)]
Log issuer, not root cert.
Also only create attributes for the client && issuing certificate.
Alan T. DeKok [Tue, 7 Sep 2010 15:07:13 +0000 (17:07 +0200)]
Minor fixes as suggested by Michael Ross
- fix typo in Expiraton
- sprintf of serial was using the start of the buffer, and not the pointer
- use names for array references, rather than hard-coded numbers
- correct reference to issuer/subject
Alan T. DeKok [Mon, 6 Sep 2010 07:45:13 +0000 (09:45 +0200)]
Added support for {nthash} for compatibility with radiator
Alan T. DeKok [Fri, 3 Sep 2010 10:44:11 +0000 (12:44 +0200)]
Added ability to verify client certificates
Disabled in the default build.
Alan T. DeKok [Thu, 2 Sep 2010 15:48:40 +0000 (17:48 +0200)]
Remove \n from log messages
Alan T. DeKok [Thu, 2 Sep 2010 12:57:52 +0000 (14:57 +0200)]
Create Module-Failure-Message for *all* callback errors
Alan T. DeKok [Thu, 2 Sep 2010 12:53:44 +0000 (14:53 +0200)]
Fixed typo
Alan T. DeKok [Fri, 3 Sep 2010 08:17:55 +0000 (10:17 +0200)]
Removed test user
Alan T. DeKok [Wed, 1 Sep 2010 15:10:22 +0000 (17:10 +0200)]
Add /usr/lib to search path, to avoid warning messages on build
Alan T. DeKok [Wed, 1 Sep 2010 09:13:46 +0000 (11:13 +0200)]
Change default raddebug timeout to 60s
Alan T. DeKok [Tue, 31 Aug 2010 11:21:03 +0000 (13:21 +0200)]
Just published
Alan T. DeKok [Mon, 30 Aug 2010 14:55:00 +0000 (16:55 +0200)]
Fixed typo
Alan T. DeKok [Mon, 30 Aug 2010 13:18:48 +0000 (15:18 +0200)]
Catch LDAP constraint violation
closed bug #18
Alan T. DeKok [Mon, 30 Aug 2010 10:59:59 +0000 (12:59 +0200)]
Updated from bug #102
Alan T. DeKok [Fri, 27 Aug 2010 14:42:50 +0000 (16:42 +0200)]
Include DHCP test client.
It's not built by default, and it's not installed. But some may
find it useful for testing.
Alan T. DeKok [Fri, 27 Aug 2010 13:20:19 +0000 (15:20 +0200)]
Made module error / warning messages consistent
Alan T. DeKok [Fri, 27 Aug 2010 13:07:33 +0000 (15:07 +0200)]
Added new attribute. Closes bug #101
Alan T. DeKok [Fri, 27 Aug 2010 13:04:16 +0000 (15:04 +0200)]
Added empty opendirectory module
Alan T. DeKok [Fri, 27 Aug 2010 10:48:14 +0000 (12:48 +0200)]
Create new mutex for Access-Challenge debug code.
This prevents the recursive mutex problem on some platforms.
Alan T. DeKok [Thu, 26 Aug 2010 14:52:59 +0000 (16:52 +0200)]
Added more documentation for dynamic clients
Alan T. DeKok [Thu, 26 Aug 2010 14:47:13 +0000 (16:47 +0200)]
Fix typos
Alan T. DeKok [Thu, 26 Aug 2010 14:31:16 +0000 (16:31 +0200)]
Ensure WITHOUT flags are set if they're not being used
Alan T. DeKok [Thu, 26 Aug 2010 14:30:56 +0000 (16:30 +0200)]
Updated copyright date and build options
Alan T. DeKok [Thu, 26 Aug 2010 10:54:55 +0000 (12:54 +0200)]
Updated documentation
Alan T. DeKok [Tue, 24 Aug 2010 13:01:00 +0000 (15:01 +0200)]
Added support for EAP-MD5, using radeapclient.
Alan T. DeKok [Wed, 25 Aug 2010 12:11:39 +0000 (14:11 +0200)]
Add warning message about packets being too long
Conflicts:
src/lib/radius.c
Alan T. DeKok [Wed, 18 Aug 2010 15:42:30 +0000 (17:42 +0200)]
Added support for TLS-Cert-* and TLS-Client-Cert-* attributes
This has been needed for a long time. They only work for methods
which use a client certificate, but it's a start.
Alan T. DeKok [Thu, 12 Aug 2010 13:59:29 +0000 (15:59 +0200)]
Mkae sure we show EAP-Message in the debug output
Alan T. DeKok [Tue, 10 Aug 2010 06:13:32 +0000 (08:13 +0200)]
Added indexes to IP Pool table
Alan T. DeKok [Mon, 9 Aug 2010 19:50:45 +0000 (21:50 +0200)]
Use pairmake() which is in libradius, not radius_pairmake()
Alan T. DeKok [Mon, 9 Aug 2010 13:10:48 +0000 (15:10 +0200)]
Add Cached-Session-Policy attribute.
This can be placed into the cache in the first EAP session, and
grabbed from the cache on subsequet packets.
Alan T. DeKok [Mon, 9 Aug 2010 12:04:13 +0000 (14:04 +0200)]
Print out WARNING if EAP session did not finish.
This functionality has been sorely needed for some time. It works
ONLY in debugging mode. It prints out a warning if the handler still
exists when the request packet is cleaned up.
Alan T. DeKok [Mon, 9 Aug 2010 09:36:03 +0000 (11:36 +0200)]
Slightly lower impact way of cleaning up old sessions
Alan T. DeKok [Mon, 9 Aug 2010 09:33:36 +0000 (11:33 +0200)]
More errors to Module-Failure-Message
Alan T. DeKok [Sat, 7 Aug 2010 21:04:19 +0000 (23:04 +0200)]
Added ability to write to pcap file
Alan T. DeKok [Sat, 7 Aug 2010 20:30:52 +0000 (22:30 +0200)]
Do more checking of command-line arguments
Alan T. DeKok [Sat, 7 Aug 2010 07:48:24 +0000 (09:48 +0200)]
Fixes for 2.2 API
Alan T. DeKok [Sat, 7 Aug 2010 07:36:36 +0000 (09:36 +0200)]
Added example of "second_files" module, with documentation
Alan T. DeKok [Fri, 6 Aug 2010 15:48:44 +0000 (17:48 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:26:56 +0000 (17:26 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:24:54 +0000 (17:24 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:17:32 +0000 (17:17 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:13:31 +0000 (17:13 +0200)]
Regularized warning messages
Alan T. DeKok [Fri, 6 Aug 2010 12:59:54 +0000 (14:59 +0200)]
Added check for lt_dladvise_init
This helps solve loading issues when libraries depend on other libraries
Alan T. DeKok [Sat, 7 Aug 2010 07:43:01 +0000 (09:43 +0200)]
Fix for 2.2 API
Alan T. DeKok [Fri, 6 Aug 2010 12:36:04 +0000 (14:36 +0200)]
Added Packet-Transmit-Counter for retransmits.
Closes bug #13
Alan T. DeKok [Fri, 6 Aug 2010 08:23:07 +0000 (10:23 +0200)]
Back out some recent changes
While it's nice to know which part of the server is processing
something (by hacking request->module), it clutters the debug output
a fair bit.
Alan T. DeKok [Wed, 4 Aug 2010 12:17:37 +0000 (14:17 +0200)]
Be less agressive about marking home servers as zombie.
Instead of marking them as zombie as soon as ONE packet doesn't
receive a response, mark then as zombie when we have received NO
responses for (zombie_period / 4)
Alan T. DeKok [Wed, 4 Aug 2010 13:29:48 +0000 (15:29 +0200)]
Alan T. DeKok [Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)]
Notes on SHOULD set "require_message_authenticator"
Alan T. DeKok [Wed, 4 Aug 2010 08:13:10 +0000 (10:13 +0200)]
Set "component" and "module" to more descriptive values
So that when something goes wrong, we know where / why
Alan T. DeKok [Tue, 3 Aug 2010 15:25:27 +0000 (17:25 +0200)]
Enabled "digest" in the default configuration.
Now that the "digest" module is more forgiving, it's probably best
to allow it here.
Alan T. DeKok [Tue, 3 Aug 2010 12:37:36 +0000 (14:37 +0200)]
Be moe forgiving about the Digest attributes.
In the "authorize" section, check if the attributes exist, and are
properly formatted. If not, return NOOP. If so, decode them,
and set Auth-Type := digest
If they don't list "digest" in "authorize", decode the attributes
in the "authenticate" section, too.
Alan T. DeKok [Tue, 3 Aug 2010 09:41:24 +0000 (11:41 +0200)]
Added -t option
This lets people use radtest for CHAP and MS-CHAP authentication,
without worrying too much about the internals of what's going on.y
Alan T. DeKok [Mon, 2 Aug 2010 14:54:07 +0000 (16:54 +0200)]
Added more notes on FreeBSD with multiple LANs
Alan T. DeKok [Mon, 2 Aug 2010 14:34:15 +0000 (16:34 +0200)]
Removed extraneous fprintf
Alan T. DeKok [Mon, 2 Aug 2010 13:54:46 +0000 (15:54 +0200)]
Manual merge of
aec08bce7f
Better handle a "known" attribute with invalid length
If we receive an "integer" attribute with length "10", don't
leave the name as "Foo-Bar". Instead, make it clear that the
attribute is unknown, and print it as "Attr-%d"
Alan T. DeKok [Mon, 2 Aug 2010 06:41:34 +0000 (08:41 +0200)]
strcpy to a NULL pointer is bad.
Closes bug #98
Alan T. DeKok [Sun, 1 Aug 2010 07:29:59 +0000 (09:29 +0200)]
Notes on binding to interfaces for DHCP
Alan T. DeKok [Sat, 31 Jul 2010 06:57:10 +0000 (08:57 +0200)]
More descriptive error messages.
If the thread pool queue is full, or if the packets are stuck in it for
a long time, it's usually because someone has a DB with 10 million rows
and no index. Or, they're running long-lived queries against a MyISAM
database. Either way, there's little that the RADIUS server can do
to fix it.
When that happens, produce a descriptive error message suggesting
that they focus the blame in the right place.
Alan T. DeKok [Fri, 30 Jul 2010 13:27:00 +0000 (15:27 +0200)]
Added attributes from recent RFCs
Alan T. DeKok [Fri, 30 Jul 2010 12:43:49 +0000 (14:43 +0200)]
API fixes for 2.2.0
Alan T. DeKok [Thu, 29 Jul 2010 15:24:42 +0000 (17:24 +0200)]
Check sockets against home servers for proxy loops
This only works when using -C. It only prints messages with -XC
Alan T. DeKok [Thu, 29 Jul 2010 12:29:04 +0000 (14:29 +0200)]
Fix typos n default configution. Closes bug #11
Alan T. DeKok [Thu, 29 Jul 2010 12:21:06 +0000 (14:21 +0200)]
Updates as from jlockie
Alan T. DeKok [Thu, 29 Jul 2010 12:12:15 +0000 (14:12 +0200)]
Renamed in preparation for RST
Alan T. DeKok [Thu, 29 Jul 2010 12:08:15 +0000 (14:08 +0200)]
Added real DESC fields.
Patch from Turbo Fredriksson
Alan T. DeKok [Thu, 29 Jul 2010 12:03:31 +0000 (14:03 +0200)]
Update Oracle Autoconf scripts. Closes bug #57
Alan T. DeKok [Thu, 29 Jul 2010 07:45:11 +0000 (09:45 +0200)]
Put SSL errors into Module-Failure-Message
Alan T. DeKok [Tue, 27 Jul 2010 10:24:55 +0000 (12:24 +0200)]
Fix for 2.2.0 API
Alan T. DeKok [Tue, 27 Jul 2010 06:48:34 +0000 (08:48 +0200)]
Fixed typo
Alan T. DeKok [Mon, 26 Jul 2010 16:09:11 +0000 (18:09 +0200)]
Use MS-CHAP-User-Name in MS-CHAP module.
If available, we prefer it to User-Name. If it's NOT the same
(case-insensitive) as User-Name, we reject the request.
Closes bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:03:35 +0000 (17:03 +0200)]
Create MS-CHAP-User-Name, which is taken from the MS-CHAP packet.
Taken from bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:02:04 +0000 (17:02 +0200)]
Fix changes pulled from v2.1.x for new API
Alan T. DeKok [Mon, 26 Jul 2010 14:59:27 +0000 (16:59 +0200)]
Better fix for unlinking control sockets
Alan T. DeKok [Mon, 26 Jul 2010 14:53:00 +0000 (16:53 +0200)]
Revert "Delete control socket when the server exits."
This reverts commit
061916989a6328f5d725d4085d58adfc49d5940c.
Alan T. DeKok [Mon, 26 Jul 2010 14:50:50 +0000 (16:50 +0200)]
Be more careful freeing memory in detail reader
Alan T. DeKok [Mon, 26 Jul 2010 11:30:56 +0000 (13:30 +0200)]
Delete control socket when the server exits.
This prevents permission errors
Alan T. DeKok [Thu, 22 Jul 2010 13:41:19 +0000 (15:41 +0200)]
Added CLIENT_MULTI_STATEMENTS
Closes bug #94