Alan T. DeKok [Wed, 14 Sep 2011 10:01:31 +0000 (12:01 +0200)]
Note recent changes
Alan T. DeKok [Wed, 14 Sep 2011 09:57:04 +0000 (11:57 +0200)]
Make warning message more coherent
Alan T. DeKok [Wed, 14 Sep 2011 09:56:24 +0000 (11:56 +0200)]
WARNING on potential proxy loop
Alan T. DeKok [Mon, 12 Sep 2011 21:41:23 +0000 (23:41 +0200)]
Fixed long-standing typos
I guess no one ever used this...
Arran Cudbard-Bell [Mon, 12 Sep 2011 14:04:28 +0000 (16:04 +0200)]
Remove values for Auth-Type, these values were only defined for legacy reasons
Alan T. DeKok [Mon, 12 Sep 2011 13:00:00 +0000 (15:00 +0200)]
Fixed typo
Alan T. DeKok [Sat, 10 Sep 2011 18:12:01 +0000 (20:12 +0200)]
Document max_queue_size
Alan T. DeKok [Sat, 10 Sep 2011 18:04:20 +0000 (20:04 +0200)]
Limit complaints to 1/s, not 1/packet
Alan T. DeKok [Wed, 7 Sep 2011 15:34:49 +0000 (17:34 +0200)]
Fixed typo
Alan T. DeKok [Wed, 7 Sep 2011 10:59:21 +0000 (12:59 +0200)]
Document keepalive
Alan T. DeKok [Mon, 5 Sep 2011 17:57:54 +0000 (13:57 -0400)]
Fixed typo
Alan T. DeKok [Mon, 5 Sep 2011 15:39:53 +0000 (11:39 -0400)]
Updated copyright year
Alan T. DeKok [Mon, 5 Sep 2011 14:05:21 +0000 (10:05 -0400)]
Complain if password is !UTF-8
for the "shared secret is incorrect" check. The old code
checked for "printable" characters. Changing it to a check for
!UTF-8 is more general, and likely more robust with fewer false
positives
Alan T. DeKok [Sat, 3 Sep 2011 13:01:21 +0000 (09:01 -0400)]
Allow entry if UID or GID match
Alan T. DeKok [Fri, 2 Sep 2011 21:38:56 +0000 (17:38 -0400)]
More updates
Alan T. DeKok [Fri, 2 Sep 2011 21:38:00 +0000 (17:38 -0400)]
Added %{rand:...} to generate uniformly distributed random numbers
Arran Cudbard-Bell [Wed, 31 Aug 2011 16:17:26 +0000 (18:17 +0200)]
Add support for NAS implementing standard IEEE802.1X mib (Tested against ProCurve 3500)
Fix regular expressions to work with recent versions of snmp_get (should still be backwards compatible)
Alan T. DeKok [Mon, 29 Aug 2011 14:06:31 +0000 (10:06 -0400)]
Bump for 2.1.12
Alan T. DeKok [Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)]
Note policy for filtering user names
Alan T. DeKok [Sun, 28 Aug 2011 15:01:50 +0000 (11:01 -0400)]
Enable possibility for ecdh by default
Alan T. DeKok [Sun, 28 Aug 2011 14:58:16 +0000 (10:58 -0400)]
Note recent changes
Alan T. DeKok [Sun, 28 Aug 2011 14:57:23 +0000 (10:57 -0400)]
Enable elliptical curve cryptography
Alan T. DeKok [Fri, 26 Aug 2011 11:09:05 +0000 (07:09 -0400)]
More/better documentation
Bjørn Mork [Wed, 24 Aug 2011 10:33:13 +0000 (12:33 +0200)]
radmin: fixup error message when attemting to delete non-dynamic client
commit
b9e5dd2c changed the command syntax in line with docs, but failed
to update the error message accordingly.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Bjørn Mork [Tue, 23 Aug 2011 09:07:39 +0000 (11:07 +0200)]
radmin: make "del client ipaddr" command behave as documented
Fixes this error:
radmin> del client ipaddr 192.168.168.111
ERROR: Must specify <ipaddr>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Alan T. DeKok [Sat, 20 Aug 2011 01:09:13 +0000 (21:09 -0400)]
Note recent changes
Alan T. DeKok [Thu, 18 Aug 2011 01:23:50 +0000 (21:23 -0400)]
Add mkdir, based on patch from Oliver Schroder
This lets the module put logs into automagically created subdirs
Arran Cudbard-Bell [Fri, 19 Aug 2011 14:51:02 +0000 (16:51 +0200)]
Should use 8th capture group for Called-Station-ID rewrite
Alan T. DeKok [Mon, 15 Aug 2011 13:20:45 +0000 (09:20 -0400)]
Catch sub-realms && example.net, too
Alan T. DeKok [Mon, 15 Aug 2011 13:01:54 +0000 (09:01 -0400)]
Clean up debug message
Alan T. DeKok [Sat, 13 Aug 2011 14:56:28 +0000 (10:56 -0400)]
Allow empty strings to mean NULL
this lets us specify the default (i.e. NULL) virtual server
Alan T. DeKok [Fri, 12 Aug 2011 14:32:34 +0000 (10:32 -0400)]
Note recent updates
Alan T. DeKok [Fri, 12 Aug 2011 14:25:47 +0000 (10:25 -0400)]
Add conflicting starent dictionary from bug #159
Alan T. DeKok [Fri, 12 Aug 2011 14:20:03 +0000 (10:20 -0400)]
Updated with edits from bug #159
Alan T. DeKok [Fri, 12 Aug 2011 11:51:00 +0000 (07:51 -0400)]
Added siemens dictionary
Bjørn Mork [Mon, 1 Aug 2011 08:57:55 +0000 (10:57 +0200)]
Adding new attributes to the ERX dictionary
This should make it compatible with JUNOSe version 12.1.1
and JUNOS version 11.2.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Arran Cudbard-Bell [Thu, 28 Jul 2011 14:32:40 +0000 (16:32 +0200)]
Replace stale version of oracle configure script with one generated from current version of configure.in (now supports library versions 9, 10, 11 instead of just 10
Alan T. DeKok [Wed, 27 Jul 2011 22:36:20 +0000 (18:36 -0400)]
Check cert validity
In the process of checking the OCSP response there are only checks for the
correct signed OCSP answer in the function ocsp_check()
(src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:349).
The problem is that the current code does not check the status of the certificate.
For example if a certificate is revoked. Thus, a user with a revoked certificate
is able to bypass the verification.
Alan T. DeKok [Fri, 22 Jul 2011 12:32:00 +0000 (14:32 +0200)]
Added HUP on log rotate
Alan T. DeKok [Sat, 16 Jul 2011 12:01:30 +0000 (08:01 -0400)]
Note URL on how to create various passwords
Alan T. DeKok [Wed, 13 Jul 2011 12:50:41 +0000 (14:50 +0200)]
More fixes for DHCP relaying
Alan T. DeKok [Wed, 13 Jul 2011 12:50:26 +0000 (14:50 +0200)]
Allow it to send offers
Alan T. DeKok [Wed, 13 Jul 2011 12:50:08 +0000 (14:50 +0200)]
When in debugging mode, print out VPs from header
Alan DeKok [Wed, 13 Jul 2011 09:40:20 +0000 (02:40 -0700)]
Merge pull request #12 from angdraug/v2.1.x_linelog_permissions_v2
Configurable file permissions in rlm_linelog
Phil Mayers [Thu, 7 Jul 2011 15:39:11 +0000 (16:39 +0100)]
save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP, and restore on the final Access-Accept
Arran Cudbard-Bell [Thu, 7 Jul 2011 11:33:48 +0000 (13:33 +0200)]
Fix xlat expansion of values assigned in rlm_attr_filter
Remove comparison that was generating compiler warning
Alan T. DeKok [Thu, 7 Jul 2011 10:51:07 +0000 (12:51 +0200)]
Initialize answer variable
Dmitry Borodaenko [Tue, 5 Jul 2011 13:23:06 +0000 (16:23 +0300)]
Configurable file permissions in rlm_linelog
Alan T. DeKok [Tue, 5 Jul 2011 15:54:59 +0000 (17:54 +0200)]
chown if uid or gid is set
Alan T. DeKok [Tue, 5 Jul 2011 10:42:19 +0000 (12:42 +0200)]
Don't need original packet when proxying
Alan T. DeKok [Mon, 4 Jul 2011 17:08:12 +0000 (19:08 +0200)]
Get peer id on new socket, not old one
Alan T. DeKok [Mon, 4 Jul 2011 16:55:43 +0000 (18:55 +0200)]
tr.freeradius.org seems to be dead
Alan T. DeKok [Mon, 4 Jul 2011 16:55:20 +0000 (18:55 +0200)]
Note recent changes
Alan T. DeKok [Mon, 4 Jul 2011 16:09:00 +0000 (18:09 +0200)]
Set ownership of domain socket when starting
Alan T. DeKok [Mon, 4 Jul 2011 16:02:54 +0000 (18:02 +0200)]
Allow root to connect to control socket
Even if the configured "allowed UID" has a different value.
They're root, so they can do anything. We might as well be polite.
Alan T. DeKok [Mon, 4 Jul 2011 15:59:31 +0000 (17:59 +0200)]
Server closing connection returns 0
We should close our end and complain in that case.
Bug found by Brian Candler
Arran Cudbard-Bell [Mon, 4 Jul 2011 08:47:04 +0000 (10:47 +0200)]
Add relax-filter check item to override the relaxed config item on a filter by filter basis
Conflicts:
src/modules/rlm_attr_filter/rlm_attr_filter.c
Arran Cudbard-Bell [Sun, 3 Jul 2011 17:10:59 +0000 (19:10 +0200)]
Add 'relaxed' option to rlm_attr_filter, when 'yes' attributes which do not explicitly match any filter rules are still copied.
Alan T. DeKok [Sun, 3 Jul 2011 15:35:13 +0000 (17:35 +0200)]
Use correct length
Alan T. DeKok [Sun, 3 Jul 2011 09:07:49 +0000 (11:07 +0200)]
Fix offset bug in %{string:...}
It prints the correct amount with the correct limits, but
to the wrong location
Alan T. DeKok [Thu, 30 Jun 2011 14:01:56 +0000 (16:01 +0200)]
Be less strict about duplicate virtual servers
If they share the same top-level CONF_SECTION, they're duplicates.
Otherwise, the server is reloading it's configuration, so the new
configuration should be allowed to be loaded.
Alan T. DeKok [Tue, 28 Jun 2011 15:28:00 +0000 (17:28 +0200)]
Handle relayed packets better...
If the request a client packet, we can relay it using
the existing code.
If the request is a server packet, then it MUST be from
the real server, and we MUST be acting as a relay. In that
case, set the giaddr to 0.0.0.0, and forward the packet to the
yiaddr.
And do something with broadcast replies...
Alan T. DeKok [Tue, 28 Jun 2011 13:54:12 +0000 (15:54 +0200)]
Allow DHCP-Opcode and DHCP-Hop-Count to be set from VPs.
This makes it easier to relay && respond to clients
Alan T. DeKok [Tue, 28 Jun 2011 13:38:33 +0000 (15:38 +0200)]
Allow giaddr to be updated when relaying
Alan T. DeKok [Mon, 27 Jun 2011 15:03:38 +0000 (17:03 +0200)]
Fix typo
Petr Uzel [Mon, 27 Jun 2011 07:21:18 +0000 (09:21 +0200)]
rlm_mschap: silence gcc buffer overflow detection mechanism
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
Alan T. DeKok [Mon, 27 Jun 2011 11:04:46 +0000 (13:04 +0200)]
Fix calculation of response authenticator
The Status-Server packet can get an Accounting-Response
packet in return. Since the Status-Server has a random
authentication vector, the response needs to be calculated
using that. We can't use the normal Accounting-Response
calculation.
Oops. No one found this in RFC 5997.
Alan T. DeKok [Mon, 27 Jun 2011 10:55:32 +0000 (12:55 +0200)]
Prepare for 2.1.12
Alan T. DeKok [Mon, 27 Jun 2011 09:16:43 +0000 (11:16 +0200)]
Fix > vs >= bug
Alan T. DeKok [Fri, 24 Jun 2011 10:41:17 +0000 (12:41 +0200)]
fclose() frees buffers, too
Alan T. DeKok [Tue, 21 Jun 2011 09:23:56 +0000 (11:23 +0200)]
If a child process gets a signal to exit, then just exit.
Alan T. DeKok [Tue, 21 Jun 2011 09:22:36 +0000 (11:22 +0200)]
Print out *which* program is causing the delay
Alan T. DeKok [Tue, 21 Jun 2011 09:19:29 +0000 (11:19 +0200)]
Update copyright year
Alan T. DeKok [Tue, 21 Jun 2011 07:06:38 +0000 (09:06 +0200)]
Fix > vs >= bug
Alan T. DeKok [Mon, 20 Jun 2011 14:57:14 +0000 (16:57 +0200)]
Don't go too far ahead
if (..){
is OK. The previous code skipped over the curly brace, assuming
that it was there... the code to check for syntax errors assumed
that the curly brace was not skipped over. This change fixes
that conflict
Alan T. DeKok [Mon, 20 Jun 2011 10:58:09 +0000 (12:58 +0200)]
Made the date today
Alan T. DeKok [Sat, 18 Jun 2011 08:48:02 +0000 (10:48 +0200)]
Note changes for version 2.1.11
Alan T. DeKok [Thu, 16 Jun 2011 10:53:37 +0000 (12:53 +0200)]
Be more stringent about unexpected text
Alan T. DeKok [Wed, 15 Jun 2011 09:39:54 +0000 (11:39 +0200)]
Releases don't get replied to
Alan T. DeKok [Wed, 15 Jun 2011 08:49:58 +0000 (10:49 +0200)]
Document "max_outstanding" for home servers
Alan T. DeKok [Tue, 14 Jun 2011 06:10:28 +0000 (08:10 +0200)]
Allow policies by section
authorize {
foo
}
will look for first:
policy {
foo.authorize {
...
}
}
and then
policy {
foo {
...
}
}
This allows section-specific overrides for policies and modules.
Alan T. DeKok [Mon, 13 Jun 2011 09:31:47 +0000 (11:31 +0200)]
Allow policies to refer to modules of the same name
policy {
files {
files
...
}
}
Means that you can over-ride the behavior of the "files" module,
and add anything else you need.
Alan T. DeKok [Sun, 12 Jun 2011 04:41:57 +0000 (06:41 +0200)]
New modules && configs for v2.1.11
Alan T. DeKok [Fri, 10 Jun 2011 13:16:16 +0000 (15:16 +0200)]
Fix data types
Alan T. DeKok [Tue, 7 Jun 2011 09:18:44 +0000 (11:18 +0200)]
Fix typo. Closes bug #150
Alan T. DeKok [Sun, 5 Jun 2011 16:15:05 +0000 (18:15 +0200)]
Note existence of "inner-tunnel"
So that people remember to edit it, too
Alan T. DeKok [Tue, 31 May 2011 19:21:23 +0000 (21:21 +0200)]
Added MS-CHAP-V2
Alan T. DeKok [Tue, 31 May 2011 18:39:42 +0000 (20:39 +0200)]
Last set of vp_print fixes
Alan T. DeKok [Tue, 31 May 2011 11:20:12 +0000 (13:20 +0200)]
Move \t into vp_print, just like the last commit
Alan T. DeKok [Tue, 31 May 2011 07:32:20 +0000 (09:32 +0200)]
vp_print should add a "\n" to the end
All callers already do this, so it's best to move that code
into vp_print
Alan T. DeKok [Mon, 30 May 2011 15:14:18 +0000 (17:14 +0200)]
Revert most of the "checked_write" code.
It apparently caused crashes on some machines. This code
reverts (mostly) back to the original code which worked, but
it should also notice when the disk is full, and return FAIL
Alan T. DeKok [Fri, 27 May 2011 12:49:17 +0000 (14:49 +0200)]
Document the "locking" configuration item
Alan T. DeKok [Fri, 27 May 2011 08:47:09 +0000 (10:47 +0200)]
Make home server coa config match raddb/proxy.conf
Alan T. DeKok [Thu, 26 May 2011 11:59:10 +0000 (13:59 +0200)]
Bump buffer size for regex matches
Alan T. DeKok [Thu, 26 May 2011 08:54:25 +0000 (10:54 +0200)]
Terminate string when using %{Attribute-Name[*]}
Alan T. DeKok [Wed, 25 May 2011 12:42:34 +0000 (14:42 +0200)]
Handle CHAP-Challenge
Alan T. DeKok [Wed, 25 May 2011 10:31:25 +0000 (12:31 +0200)]
Use rlm_redis CFLAGS and LDFLAGS
This lets the module build
Alan T. DeKok [Wed, 25 May 2011 09:46:14 +0000 (11:46 +0200)]
Replicate is now stable
Alan T. DeKok [Wed, 25 May 2011 09:46:06 +0000 (11:46 +0200)]
Mark "replicate" as stable
Alan T. DeKok [Wed, 25 May 2011 09:43:35 +0000 (11:43 +0200)]
Ensure AF for src IP matches AF for dst IP