fcusack [Mon, 10 Jun 2002 05:40:03 +0000 (05:40 +0000)]
updated for libtool-1.4.2
fcusack [Mon, 10 Jun 2002 05:39:23 +0000 (05:39 +0000)]
update libtool to 1.4.2
aland [Fri, 7 Jun 2002 17:04:16 +0000 (17:04 +0000)]
Added : and space to list of un-escaped characters.
This list should really be configurable in the configuration file,
but the current source makes it a little difficult.
aland [Fri, 7 Jun 2002 13:22:36 +0000 (13:22 +0000)]
Correct variable declaration to get rid of compile warnings
aland [Fri, 7 Jun 2002 13:20:03 +0000 (13:20 +0000)]
Removed unused variables
fcusack [Fri, 7 Jun 2002 06:20:21 +0000 (06:20 +0000)]
tweak noreplace settings per Marko Myllynen.
aland [Thu, 6 Jun 2002 21:06:19 +0000 (21:06 +0000)]
Added 'AND AcctStopTime = 0' to queries. This means that the
SQL databases will not waste their time updating old and stopped
sessions, when broken NAS boxes send new requests with the same
Acct-Session-Id
Patch from Simon <lists@routemeister.net>
Also added notes on where the database schemas may be found, and
when to use which SQL configuration file.
cparker [Thu, 6 Jun 2002 18:37:58 +0000 (18:37 +0000)]
Added VSA Ascend-Auth-Delay to dictionary. This is the time in
milliseconds that the system took to perform authentication.
aland [Thu, 6 Jun 2002 15:03:30 +0000 (15:03 +0000)]
crypt() may fail, so we check for that.
Based on a patch from Josh Wilsdon
aland [Thu, 6 Jun 2002 14:56:44 +0000 (14:56 +0000)]
Copy sql user name over.
Bug noted by Simon <lists@routemeister.net
aland [Thu, 6 Jun 2002 14:35:51 +0000 (14:35 +0000)]
Use -liodbc, not -lodbc
aland [Wed, 5 Jun 2002 18:36:37 +0000 (18:36 +0000)]
Remove the garbage Proxy-Reply attributes which we receive from
the home server, before using them as the basis for our response.
aland [Wed, 5 Jun 2002 15:01:35 +0000 (15:01 +0000)]
Removed iodbc configuration checks from the top-level 'configure'
script, and moved then to src/modules/rlm_sql/drivers/rlm_sql_iodbc/
ramoore [Wed, 5 Jun 2002 13:33:23 +0000 (13:33 +0000)]
Correcting problem of bad patch of simultaneous use check in rlm_sql
ramoore [Tue, 4 Jun 2002 22:05:37 +0000 (22:05 +0000)]
Added simultaneous use checking capability to rlm_sql
aland [Tue, 4 Jun 2002 21:31:50 +0000 (21:31 +0000)]
Attributes for SIP accounting, from sipd:
http://www.cs.columbia.edu/IRT/cinema/doc/sipd
aland [Tue, 4 Jun 2002 21:06:05 +0000 (21:06 +0000)]
Moved sql_set_user() to rlm_sql.c, which allows us to make it
'static', and to use the sql_escape_func(), so that we simplify
the method of normalizing/escaping the strings.
Also added '_' to the list of un-escaped characters.
cparker [Tue, 4 Jun 2002 17:56:43 +0000 (17:56 +0000)]
Correct order of arguments to debug statement.
aland [Tue, 4 Jun 2002 17:54:28 +0000 (17:54 +0000)]
When parsing tags, only allow numeric tags. If we see anything
else, we give a parse error.
aland [Mon, 3 Jun 2002 21:14:24 +0000 (21:14 +0000)]
Added preliminary list of changes in 0.6
aland [Mon, 3 Jun 2002 20:46:47 +0000 (20:46 +0000)]
In refresh_request(), if the home server never responds, then
we do NOT have a 'request->reply->data'. So don't assert that
there is one.
When the proxy server DOES respond, in proxy_check_list(), check
FIRST that if there's already a response, we drop the new packet
on the floor, as the NAS has already seen our response, and there's
nothing more we can do.
aland [Mon, 3 Jun 2002 19:38:00 +0000 (19:38 +0000)]
Don't bother reprocessing usernames/passwords through the
'loweruser' code if they're accepted.
aland [Mon, 3 Jun 2002 17:42:33 +0000 (17:42 +0000)]
Do NOT call rad_free(). Instead, call free(). rad_free() is
something completely different
aland [Mon, 3 Jun 2002 16:29:04 +0000 (16:29 +0000)]
In request_free(), assert that there is no thread active on this
request. If so, it means that someone has asked us to delete
a request that someone else is using!
aland [Mon, 3 Jun 2002 15:06:22 +0000 (15:06 +0000)]
Added note on '-d raddb'
aland [Mon, 3 Jun 2002 15:00:19 +0000 (15:00 +0000)]
Added '-d' command line option, to find out where raddb dir is.
Bug noted by Matthew Schumacher
aland [Fri, 31 May 2002 19:41:03 +0000 (19:41 +0000)]
Added '@' to the list of un-escaped characters
aland [Thu, 30 May 2002 14:08:56 +0000 (14:08 +0000)]
Set SQL user name for ALIVE packets, too.
Also, don't worry if we don't have a user name.
Patch from Simon <lists@routemeister.net>
aland [Thu, 30 May 2002 14:04:35 +0000 (14:04 +0000)]
Look for radcheck and if the user isn't found, try radgroupcheck.
If that doesn't work, then try DEFAULT.
Patch from Thomas Jalsovsky, with minor additions by
Simon <lists@routemeister.net>
fcusack [Thu, 30 May 2002 04:21:10 +0000 (04:21 +0000)]
changes for PAM portability + add a module message for the auth log
fcusack [Thu, 30 May 2002 01:39:59 +0000 (01:39 +0000)]
Move PW_X99_FAST and reserve it's id in the dictionary
fcusack [Wed, 29 May 2002 23:46:50 +0000 (23:46 +0000)]
Change Module-Message to Module-Failure-Message,
add Module-Success-Message.
aland [Wed, 29 May 2002 19:23:55 +0000 (19:23 +0000)]
Include autoconf.h BEFORE any other includes.
Then include netinet/in.h
Then include "radiusd.h", which finally grabs "missing.h"
aland [Wed, 29 May 2002 19:20:53 +0000 (19:20 +0000)]
Added checks for uint16_t, which is used by the EAP module.
Bug noted by Spike Ilacqua
aland [Wed, 29 May 2002 16:18:34 +0000 (16:18 +0000)]
Use port-specific checking for realms, now that we allow realms
to proxy to different auth/acct servers.
The realms are now looked up by port. If the auth server fcr a
realm goes away, we may still be able to proxy to an acct server.
Patch from Eddie Stassen
cparker [Wed, 29 May 2002 14:18:11 +0000 (14:18 +0000)]
Fixed typo in examples. ( dstpost --> dstpoRt )
kkalev [Wed, 29 May 2002 12:20:53 +0000 (12:20 +0000)]
If perform_search fails check the ld != NULL before using it. Based on a bug report
by John <jhogenmiller@pennswoods.net>
fcusack [Wed, 29 May 2002 06:52:51 +0000 (06:52 +0000)]
-release is ignored for static archives; remove to quiet libtool.
aland [Tue, 28 May 2002 17:32:18 +0000 (17:32 +0000)]
Change -- to -
aland [Tue, 28 May 2002 17:24:15 +0000 (17:24 +0000)]
Added note on when/where we should translate and split the
input string.
aland [Tue, 28 May 2002 16:07:25 +0000 (16:07 +0000)]
Added '.' to the list of un-escaped characters, for IP addresses.
3APA3A [Tue, 28 May 2002 10:30:23 +0000 (10:30 +0000)]
! we do not encrypt MS-MPPE-Send-Key MS-MPPE-Recv-Key any more because
same encryption as for tunneling is used and we do all job in radius.c
3APA3A [Tue, 28 May 2002 10:28:32 +0000 (10:28 +0000)]
! MS-MPPE-Send-Key and MS-MPPE-Recv-Key are changed to use tunnel style
encryption
3APA3A [Mon, 27 May 2002 16:55:43 +0000 (16:55 +0000)]
! rad_tunnel_pwencode changed to produce unique salt for attributes inside
same packet.
fcusack [Sun, 26 May 2002 23:58:36 +0000 (23:58 +0000)]
Move struct x99_token_t to x99.h for PAM use.
aland [Sun, 26 May 2002 17:21:30 +0000 (17:21 +0000)]
Updated log message when re-sending packets to say so, and to
include the port number, like in the other log messages.
fcusack [Sun, 26 May 2002 11:37:48 +0000 (11:37 +0000)]
added the 'd' on /var/run/radiusd
fcusack [Sun, 26 May 2002 11:24:21 +0000 (11:24 +0000)]
Change run_dir default from /var/run to /var/run/radiusd.
/var/run is writable only by root and it is desirable to have
radiusd run as a non-root user (barring any need to read system
files like /etc/shadow). Changing the default run_dir path
promotes best practices.
fcusack [Sun, 26 May 2002 10:06:41 +0000 (10:06 +0000)]
Load versioned libs.
If a module is specified as 'FOO' in radiusd.conf, the module
loader will now try to load rlm_FOO-MAJOR.MINOR. This can be
overridden by explicitly starting the module name with rlm_,
eg rlm_FOO or rlm_FOO-0.1. This allows someone to have their
own modules which they don't have to recompile to use against
a newer core (assuming the interface is still compatible--a
method should be added to check this). This would be useful
for folks that have private modules or modules they wish to
distribute separately from freeradius as a binary.
This will force folks to upgrade the modules when they upgrade
freeradius, a common problem in the past.
It is no longer possible to have a module named rlm_rlm_*, not
that that was ever useful.
fcusack [Sun, 26 May 2002 00:42:36 +0000 (00:42 +0000)]
x99_log() and x99 radius-specific header separation
fcusack [Sun, 26 May 2002 00:38:44 +0000 (00:38 +0000)]
Use x99_log() in favor of radlog(), to make some of these files
portable to a PAM implementation.
fcusack [Sat, 25 May 2002 05:45:12 +0000 (05:45 +0000)]
Rename do_log() to vradlog(), and export it, it will be used by
rlm_x99_token. Once a second caller wishes to use it, a prototype
should be added to radiusd.h.
aland [Fri, 24 May 2002 17:31:23 +0000 (17:31 +0000)]
Don't bother locking the FD ourselves, as it appears to cause
locks on some platforms.
Instead, don't lock it, but declare the module to be single threaded.
aland [Fri, 24 May 2002 16:19:30 +0000 (16:19 +0000)]
Added sql_escape_string function, so garbage characters don't
get passed to the SQL parser, and confuse it.
aland [Thu, 23 May 2002 14:44:55 +0000 (14:44 +0000)]
Remove all references to nas_name(), as it's a bad function to
be using.
aland [Thu, 23 May 2002 14:29:50 +0000 (14:29 +0000)]
Make it work right
Patch from Rainer Weikusat
aland [Wed, 22 May 2002 18:58:52 +0000 (18:58 +0000)]
Enable new code to handle forking child programs, so that
Exec-Program-Wait won't lock the server.
aland [Tue, 21 May 2002 19:17:11 +0000 (19:17 +0000)]
Include string.h, to declare memcmp() and friends.
aland [Fri, 17 May 2002 18:04:23 +0000 (18:04 +0000)]
Include <sys/wait.h>, on systems which need it.
Don't use fancy new functions if we're not using threads.
aland [Fri, 17 May 2002 18:02:11 +0000 (18:02 +0000)]
Look for <sys/wait.h>, too
aland [Thu, 16 May 2002 19:28:22 +0000 (19:28 +0000)]
Corrected buffer size of stored pid/thread-id/status
aland [Thu, 16 May 2002 19:15:22 +0000 (19:15 +0000)]
If we have no effective user, don't call getpwnam().
aland [Thu, 16 May 2002 18:38:11 +0000 (18:38 +0000)]
Added prototypes for new functions in threads.c, to keep track
of thread && forking issues.
aland [Thu, 16 May 2002 18:36:51 +0000 (18:36 +0000)]
Fix up some issues with SIGHUP && thread pool re-initialization.
Added new functions (requiring *real* sem_post(), etc.) to handle
the issues of fork'ing with child threads, and getting the right
exit status to the right thread.
The functions aren't called from elsewhere in the code, that may
come soon.
aland [Thu, 16 May 2002 14:52:13 +0000 (14:52 +0000)]
Add docs on command-line options "-r server" and "-p port"
aland [Tue, 14 May 2002 16:54:21 +0000 (16:54 +0000)]
Re-arrange some of the code in rad_check_list() to be a little
cleaner.
Discard new requests if we have a thread processing the old one.
Don't send a delayed reject if we receive a new request of the
same id && code. Instead, drop the delayed reject on the floor.
aland [Mon, 13 May 2002 19:08:06 +0000 (19:08 +0000)]
Change includes to stop compiler warnings
kkalev [Mon, 13 May 2002 18:16:18 +0000 (18:16 +0000)]
Make the default behaviour for access_group = NULL more obvious
cparker [Mon, 13 May 2002 17:18:08 +0000 (17:18 +0000)]
Skip over := when walking through the reply-list.
Bug noted by Eddie Stassen
aland [Mon, 13 May 2002 16:34:51 +0000 (16:34 +0000)]
POSIX functions return the error, and don't set errno.
kkalev [Sat, 11 May 2002 15:08:02 +0000 (15:08 +0000)]
Change the nas entry in the ippool_key structure from uint32 to string[64]
That should allow us to also use the NAS-Identifier attribute
fcusack [Fri, 10 May 2002 04:51:00 +0000 (04:51 +0000)]
correct 'users' file check-item example
aland [Thu, 9 May 2002 15:59:18 +0000 (15:59 +0000)]
If we're proxying, we may not be able to sleep forever if there's
nothing to do. We may have to wake up periodically, to send
proxy retries.
Bug noted by Eddie Stassen
kkalev [Thu, 9 May 2002 13:04:57 +0000 (13:04 +0000)]
Add an entry for the ippool module
kkalev [Thu, 9 May 2002 11:49:35 +0000 (11:49 +0000)]
Realm attribute should be radiusRealm
kkalev [Wed, 8 May 2002 08:38:56 +0000 (08:38 +0000)]
Add a few more comments for the counter module
ramoore [Tue, 7 May 2002 19:19:52 +0000 (19:19 +0000)]
Fix several debug messages in rlm_sqlcounter that mistakenly appeared to come
from rlm_counter.
aland [Tue, 7 May 2002 17:11:23 +0000 (17:11 +0000)]
Implemented digest authentication, as per RFC 2617, and
draft-sterman-aaa-sip-00.txt
It's experimental, but inter-operable with a Cisco SIP server.
kkalev [Tue, 7 May 2002 12:40:48 +0000 (12:40 +0000)]
Check the return value of a gdbm_fetch() we didn't check
kkalev [Tue, 7 May 2002 10:51:08 +0000 (10:51 +0000)]
Add support for the Ldap-Group attribute in the ldap module
aland [Mon, 6 May 2002 14:29:41 +0000 (14:29 +0000)]
If no password or group files have been specified in the config,
use the standard system calls to find them, rather than giving up.
Patch from Steve Langasek
aland [Mon, 6 May 2002 14:13:01 +0000 (14:13 +0000)]
If we're delaying the reject message, then don't delete the request
pairs, which include the Proxy-State needed for the reply.
aland [Mon, 6 May 2002 14:05:38 +0000 (14:05 +0000)]
Cleaned up, extendend, and small re-arrangements of the comments
and descriptions of the config file.
aland [Mon, 6 May 2002 13:53:36 +0000 (13:53 +0000)]
Include netinet/in.h, as apparently OpenBSD needs it.
Based on a patch from Giacomo Cariello
aland [Mon, 6 May 2002 13:49:57 +0000 (13:49 +0000)]
Look for BSD style gethostbyaddrr()
Patch for OpenBSD port from Giacomo Cariello
kkalev [Fri, 3 May 2002 22:10:54 +0000 (22:10 +0000)]
* Change log_badlogins to use the mysql binary instead of the DBI module. That way we don't have any dependencies
and we don't need to bother with connection maintainance (dead mysql connections etc).
* Add a few comments in rlm_ippool.c
kkalev [Tue, 30 Apr 2002 15:27:10 +0000 (15:27 +0000)]
Reaarange a few things in user_admin. Put Subscription Analysis first and 'Account Status' second. Make a
few things bold.
aland [Mon, 29 Apr 2002 20:48:48 +0000 (20:48 +0000)]
Do NOT call rad_process() from a child thread to zap a session.
Instead, call rad_accounting(), which ends up doing the same thing,
but correctly.
raghu [Mon, 29 Apr 2002 18:11:38 +0000 (18:11 +0000)]
Added XP-freeradius (EAP/TLS) HOWTO link.
kkalev [Mon, 29 Apr 2002 17:31:56 +0000 (17:31 +0000)]
Fix a bug in time2strclock() in lib/functions.php3. Seconds ammount more than 9 would not show.
Bug noted by Timophey <bcloud@mail.ru>
aland [Mon, 29 Apr 2002 14:18:25 +0000 (14:18 +0000)]
Make all stable modules
Patch from Andrey Kotrekhov
3APA3A [Sat, 27 Apr 2002 11:07:14 +0000 (11:07 +0000)]
! replyItem changed to checkItem for MS-CHAP related attributes
raghu [Fri, 26 Apr 2002 21:52:03 +0000 (21:52 +0000)]
Proper fix to handle Unexpected ACKs from XP
raghu [Fri, 26 Apr 2002 21:44:52 +0000 (21:44 +0000)]
Fixed Datatypes
raghu [Fri, 26 Apr 2002 21:35:49 +0000 (21:35 +0000)]
Fixed memory leaks
EAP authentication without User-Name attribute
aland [Fri, 26 Apr 2002 19:32:12 +0000 (19:32 +0000)]
If rad_check_ts() returns an error, then close the radutmp file,
and return RLM_MODULE_FAIL, instead of trying to do anything.
cparker [Fri, 26 Apr 2002 00:07:58 +0000 (00:07 +0000)]
Updated example to show 'nastype', 'login', and 'password' as
optional config items.
cparker [Fri, 26 Apr 2002 00:01:39 +0000 (00:01 +0000)]
Added 'naslist' and 'naspasswd' items to RADCLIENT struct
which is generated from 'clients.conf'. This is the first
step to deprecating the old style 'naslist' and 'naspasswd'.
aland [Thu, 25 Apr 2002 18:49:17 +0000 (18:49 +0000)]
Added prio field
cparker [Thu, 25 Apr 2002 15:31:24 +0000 (15:31 +0000)]
Changed return code to RLM_MODULE_FAIL from NOOP when module cannot
allocate an SQL socket.
Bug noted by Aleksandr Kuzminsky <ingoth@nbi.com.ua>