kkalev [Tue, 25 Mar 2003 01:15:07 +0000 (01:15 +0000)]
Add an extra configuration directive for the checkval module:
notfound-reject = yes|no
If set to yes and we dont find the item-name in the request then we send back a reject
aland [Mon, 24 Mar 2003 23:27:30 +0000 (23:27 +0000)]
Added note that LEAP now works
aland [Mon, 24 Mar 2003 23:21:13 +0000 (23:21 +0000)]
Added more entries from iana.org/assignments/radius-types
aland [Mon, 24 Mar 2003 21:54:22 +0000 (21:54 +0000)]
Whoops... Tunnel-Private-Group-Id is of type 'string'
Bug noted by Terry Green
kkalev [Mon, 24 Mar 2003 16:21:08 +0000 (16:21 +0000)]
If we don't find the item-name attribute in the request return NOTFOUND not NOOP
3APA3A [Mon, 24 Mar 2003 16:03:55 +0000 (16:03 +0000)]
+ cleartext password->NL/LM password code added to authentication routine
to prevent some users from misconfiguration.
pnixon [Fri, 21 Mar 2003 10:03:51 +0000 (10:03 +0000)]
Only connect to db if there is a detail file specified
aland [Fri, 21 Mar 2003 03:51:46 +0000 (03:51 +0000)]
Add a link to the IANA web page listing RADIUS types
aland [Fri, 21 Mar 2003 00:07:35 +0000 (00:07 +0000)]
Clean up old thread fork contexts...
aland [Thu, 20 Mar 2003 23:47:49 +0000 (23:47 +0000)]
Corrected typo.
Patch from Kristina Pfaff-Harris
aland [Thu, 20 Mar 2003 17:03:29 +0000 (17:03 +0000)]
Change Auth-Type := System to Auth-Type = System
This sets it for people who have't otherwise set it, but also
allows things like MSCHAP or EAP to work, too
aland [Thu, 20 Mar 2003 00:54:11 +0000 (00:54 +0000)]
Removed duplicate definitions of attributes
pnixon [Wed, 19 Mar 2003 18:14:54 +0000 (18:14 +0000)]
Remove a duplicate example VIEW
aland [Tue, 18 Mar 2003 22:22:29 +0000 (22:22 +0000)]
Handle Access-Challenges better
aland [Tue, 18 Mar 2003 19:08:40 +0000 (19:08 +0000)]
*** empty log message ***
aland [Tue, 18 Mar 2003 17:57:09 +0000 (17:57 +0000)]
Don't fall through from default to reject
aland [Tue, 18 Mar 2003 17:55:06 +0000 (17:55 +0000)]
More docs
aland [Tue, 18 Mar 2003 05:56:46 +0000 (05:56 +0000)]
More debug messages, more NAS_PORT_ID cleanups
aland [Tue, 18 Mar 2003 05:53:47 +0000 (05:53 +0000)]
More NAS_PORT_ID cleanups
aland [Tue, 18 Mar 2003 05:50:54 +0000 (05:50 +0000)]
Change use of NAS_PORT_ID for integer attribute to NAS_PORT,
now that NAS-Port-Id has been defined as type 'string' for years..
This is also known as "when people re-use names for something
else with a different meaning, it can take years to clean up
the mess"
aland [Tue, 18 Mar 2003 05:46:34 +0000 (05:46 +0000)]
Define NAS_PORT, now that we have NAS_PORT_ID_STRING
aland [Tue, 18 Mar 2003 05:42:52 +0000 (05:42 +0000)]
More debugging messages when calling checkrad, so it's easier
to figure out what's going on.
Don't kill() checkrad if it times out. For some insane reason
this often ends up killing the server.
aland [Mon, 17 Mar 2003 22:38:19 +0000 (22:38 +0000)]
Added more packet codes from RFC 2882
aland [Mon, 17 Mar 2003 21:51:24 +0000 (21:51 +0000)]
Deleted dead patch
aland [Mon, 17 Mar 2003 21:38:52 +0000 (21:38 +0000)]
Added more entries to the module data structure
aland [Mon, 17 Mar 2003 19:51:29 +0000 (19:51 +0000)]
Patch for Heimdall, from Kevin C Miller
aland [Mon, 17 Mar 2003 19:49:52 +0000 (19:49 +0000)]
Patch for Heimdall from Kevin C Miller
aland [Mon, 17 Mar 2003 18:21:05 +0000 (18:21 +0000)]
Chop packets on 253 data octets, not 252.
aland [Mon, 17 Mar 2003 18:12:45 +0000 (18:12 +0000)]
More docs & updates
aland [Mon, 17 Mar 2003 17:39:27 +0000 (17:39 +0000)]
Added notes about what modules are NOT supposed to do.
aland [Sun, 16 Mar 2003 04:21:37 +0000 (04:21 +0000)]
Removed duplication
aland [Sat, 15 Mar 2003 03:15:51 +0000 (03:15 +0000)]
Patch from Simon
aland [Sat, 15 Mar 2003 02:34:03 +0000 (02:34 +0000)]
Don't do strlen() on passwords. The caller gives us the length
of the passwords.
Bug found & patch by "Blinov A. Sergey"
aland [Sat, 15 Mar 2003 02:20:36 +0000 (02:20 +0000)]
'switch' is better than whacks of 'if's.
Updated warning message
kkalev [Wed, 12 Mar 2003 16:26:15 +0000 (16:26 +0000)]
Also add support for @ in usernames in log_badlogins
kkalev [Wed, 12 Mar 2003 15:57:57 +0000 (15:57 +0000)]
Call gethostbyaddr with an @ in front to suppress error messages
kkalev [Wed, 12 Mar 2003 14:44:28 +0000 (14:44 +0000)]
Add support for ! in usernames in log_badlogins
cparker [Tue, 11 Mar 2003 17:25:15 +0000 (17:25 +0000)]
Fix bug that prevented fastusers from falling-through if a DEFAULT entry
didn't have 'fall-through = yes' even if none of the check-items matched.
This now behaves the same as the 'rlm_files' method.
cparker [Tue, 11 Mar 2003 15:37:29 +0000 (15:37 +0000)]
Corrected typo in previous commit to fix SIGHUP handling.
kkalev [Mon, 10 Mar 2003 23:19:10 +0000 (23:19 +0000)]
Add an ldap_escape_func. Escape the * character from the filter so that we can avoid
the trivial DoS of username=*
cparker [Mon, 10 Mar 2003 22:55:06 +0000 (22:55 +0000)]
Patch to fix potential core-dump on race condition when SIGHUP is received
and a thread attempts to access the freed configuration pointers. This
checks for running threads, and sleeps(1) a maximum of 5 times ( allowing
~5 seconds for threads to finish ).
Final fix will be to read config into new datastruct and mutex lock a
copy from read to running config so that it is cleaner and faster on
config reloads.
kkalev [Mon, 10 Mar 2003 22:28:05 +0000 (22:28 +0000)]
Add a few installation notes
aland [Fri, 7 Mar 2003 22:36:23 +0000 (22:36 +0000)]
Added note about weirdness when proxying EAP
aland [Fri, 7 Mar 2003 18:52:18 +0000 (18:52 +0000)]
Need this entry in the data structure...
aland [Fri, 7 Mar 2003 17:05:12 +0000 (17:05 +0000)]
Last bit of changes to allow LEAP to work.
aland [Fri, 7 Mar 2003 16:46:39 +0000 (16:46 +0000)]
Pass a data structure to eap_compose() which includes the
packet from the NAS, so that it can make better decisions about
what to do.
This is in support for LEAP weirdness.
aland [Fri, 7 Mar 2003 16:43:25 +0000 (16:43 +0000)]
Moved function & made it 'static' to avoid polluting the global
name space.
aland [Thu, 6 Mar 2003 23:54:36 +0000 (23:54 +0000)]
Updated with latest magic:
Stage 4 is Access-Challenge, NOT Access-Accept
Stage 4 has EAP ID++, when it's NOT supposed to be incremented
for other EAP protocols.
LEAP is now verified to work (modulo code which hasn't yet been
checked in)
aland [Thu, 6 Mar 2003 18:25:09 +0000 (18:25 +0000)]
sizeof() on a pointer is NOT the length of the string it points to.
aland [Wed, 5 Mar 2003 23:00:50 +0000 (23:00 +0000)]
Removed unused variable
aland [Wed, 5 Mar 2003 22:57:37 +0000 (22:57 +0000)]
Copy State attribute from incoming request to reply in LEAP stage 4
aland [Wed, 5 Mar 2003 02:19:59 +0000 (02:19 +0000)]
Updated debug messages
aland [Wed, 5 Mar 2003 02:13:28 +0000 (02:13 +0000)]
Added pre-proxy and post-proxy examples.
Noted that LEAP is in EAP (even though it's in development,
and may not be stable)
aland [Wed, 5 Mar 2003 02:07:35 +0000 (02:07 +0000)]
Added a 'post-proxy' section, to re-write LEAP weirdness.
aland [Wed, 5 Mar 2003 02:00:44 +0000 (02:00 +0000)]
Minor change to allow more debug messages
aland [Tue, 4 Mar 2003 21:08:24 +0000 (21:08 +0000)]
Use real variables, instead of non-existent ones
aland [Tue, 4 Mar 2003 17:46:28 +0000 (17:46 +0000)]
Add docs on how LEAP works.
aland [Tue, 4 Mar 2003 17:42:20 +0000 (17:42 +0000)]
Added LEAP sub-module, which works in simple tests from packet
traces.
Untested with real-world samples, though.
aland [Tue, 4 Mar 2003 17:38:17 +0000 (17:38 +0000)]
Removed last traces of DES requirements from the module.
aland [Mon, 3 Mar 2003 20:58:58 +0000 (20:58 +0000)]
Added comparators for Packet-Type and Response-Packet-Type
These things should really be documented somewhere..
aland [Mon, 3 Mar 2003 20:58:27 +0000 (20:58 +0000)]
Defined Response-Packet-Type, so the post_auth section can
do comparisons on responses
aland [Mon, 3 Mar 2003 20:15:52 +0000 (20:15 +0000)]
Ignore lines which start with comments. This should make some
testing a little easier.
aland [Mon, 3 Mar 2003 20:14:03 +0000 (20:14 +0000)]
A slightly better way of getting a salt in tunnel_pwencode
aland [Mon, 3 Mar 2003 19:52:25 +0000 (19:52 +0000)]
Now that the library has CSPRNG, use that for random numbers,
instead of ugly hacks used before.
aland [Mon, 3 Mar 2003 19:48:06 +0000 (19:48 +0000)]
Removed DES from the MSCHAP module, and placed common code
into src/lib. This makes MSCHAP a bit more like PAP or CHAP, in
that the key support functions are in a standard place.
It also means that we don't ship a full DES encryptor/decryptor,
which should make weird U.S. laws happy.
aland [Mon, 3 Mar 2003 18:41:05 +0000 (18:41 +0000)]
Use DEBUG2 for messages instead of L_INFO, so that the log file
won't be filled up with low-information messages.
Don't do EAP at *all* if there's a Proxy-To-Realm attribute
Define LEAP type, and update EAP module to permit conversations
which LEAP will require.
aland [Mon, 3 Mar 2003 18:40:37 +0000 (18:40 +0000)]
Arg... corrected typos in last commit.
aland [Mon, 3 Mar 2003 18:38:04 +0000 (18:38 +0000)]
Use DEBUG2 for messages instead of L_INFO, so that the log file
won't be filled up with low-information messages.
aland [Mon, 3 Mar 2003 16:46:39 +0000 (16:46 +0000)]
EAP-Message should be of type 'octets' instead of 'string', as
that makes it much easier to decode in debugging mode.
kkalev [Sat, 1 Mar 2003 13:01:07 +0000 (13:01 +0000)]
Add an entry in the FAQ about adding .php3 handling
aland [Tue, 25 Feb 2003 19:10:08 +0000 (19:10 +0000)]
Made it more configurable.
Patch from Kristina Pfaff-Harris
aland [Tue, 25 Feb 2003 16:45:44 +0000 (16:45 +0000)]
Don't point to a README which doesn't exist
aland [Mon, 24 Feb 2003 18:14:10 +0000 (18:14 +0000)]
Allow back-slashes to 'continue' lines in the configuration files,
so that long lines may be split for readability.
Based on a patch by Ruslan A Dautkhanov
aland [Mon, 24 Feb 2003 17:30:10 +0000 (17:30 +0000)]
Added dictionary for Extreme Networks.
kkalev [Sat, 22 Feb 2003 16:07:32 +0000 (16:07 +0000)]
Also work in the accounting section
kkalev [Sat, 22 Feb 2003 09:32:13 +0000 (09:32 +0000)]
Add support for ldap_initialize. That way we can specify the server as an ldap url.
Based on ideas from Derrik Pates <dpates@dsdk12.net>
aland [Fri, 21 Feb 2003 19:39:51 +0000 (19:39 +0000)]
Lower the timeouts.
aland [Fri, 21 Feb 2003 19:01:04 +0000 (19:01 +0000)]
No one has touch this file in over 3 years (other than meaningless
whitespace changes). If it's not used, then it should be tossed.
aland [Fri, 21 Feb 2003 18:48:48 +0000 (18:48 +0000)]
Removed the code which created 'Auth-Type := Local', if there
was a Password, but no Auth-Type. The code in 'auth.c' already
does this.
Now that we support multiple authentication types, this code is
wrong, as the 'users' file may set a password which is used by
another authentication module.
cparker [Fri, 21 Feb 2003 16:24:22 +0000 (16:24 +0000)]
Updated to add new attributes used by Redback. Added entries that
use '-' vs. '_' since Redback has decided to change their docs.
The '_' entries remain at the end of the file for backwards
compatability.
pnixon [Thu, 20 Feb 2003 15:27:33 +0000 (15:27 +0000)]
Added support for bzip2 files and simplified the if statement.
Added stripping of quotes from h323-setup-time VSA
aland [Wed, 19 Feb 2003 20:25:19 +0000 (20:25 +0000)]
Don't call client_name() on proxy packets. Instead, call ip_ntoa(),
because home servers aren't really clients.
aland [Wed, 19 Feb 2003 17:00:11 +0000 (17:00 +0000)]
This module confuses too many people. It's gone.
cmiller [Wed, 19 Feb 2003 15:28:07 +0000 (15:28 +0000)]
More mask code. Identical, in fact.
TODO: Investigate code duplication in client.c and mainconfig.c
cmiller [Wed, 19 Feb 2003 15:19:57 +0000 (15:19 +0000)]
Clinet address masks may certainly be 0 bits long.
cmiller [Wed, 19 Feb 2003 15:10:20 +0000 (15:10 +0000)]
dictionary parsing failed miserably without "continue"s.
pnixon [Wed, 19 Feb 2003 13:10:41 +0000 (13:10 +0000)]
Remove Postgresql from TODO
aland [Tue, 18 Feb 2003 21:09:39 +0000 (21:09 +0000)]
List the 'stable' files, and build only those.
Patch from Kevin Bonner
kkalev [Mon, 17 Feb 2003 23:39:36 +0000 (23:39 +0000)]
Update the TODO file
aland [Mon, 17 Feb 2003 18:55:56 +0000 (18:55 +0000)]
If runnin in non-threaded, single-server mode, do waitpid()
after select() to get rid of any potential zombie children.
aland [Mon, 17 Feb 2003 16:53:49 +0000 (16:53 +0000)]
Look up the secret for the specified server, NOT for localhost.
Patch from Ivan F. Martinez
wichert [Mon, 17 Feb 2003 12:02:53 +0000 (12:02 +0000)]
Cleanup handling of directories and install dictionaries in the proper location
wichert [Mon, 17 Feb 2003 11:32:00 +0000 (11:32 +0000)]
Move lots of code outside my_dict_init into seperate functions
wichert [Mon, 17 Feb 2003 11:08:46 +0000 (11:08 +0000)]
Simply logic a (small) bit
wichert [Mon, 17 Feb 2003 11:02:27 +0000 (11:02 +0000)]
Remove support for ATTRIB_NMC and use ATTRIBUTE in the USR dictionary instead;
4-octet VSAs should be handled through vendor-flags instead.
aland [Fri, 14 Feb 2003 20:58:20 +0000 (20:58 +0000)]
removed more garbage functions
aland [Fri, 14 Feb 2003 20:39:19 +0000 (20:39 +0000)]
If the 'authorize' section has decided to reject the request,
then don't bother proxying it. Instead, log a debug message
saying that the proxy was cancelled.
aland [Fri, 14 Feb 2003 20:36:48 +0000 (20:36 +0000)]
Remove crap function from server core, and put it into
the only module which uses it.
wichert [Fri, 14 Feb 2003 20:21:07 +0000 (20:21 +0000)]
Fix very confusing comment
aland [Fri, 14 Feb 2003 19:13:22 +0000 (19:13 +0000)]
First step at getting rid of semaphores (nice as they are),
because they're non portable.
Based on a patch by Mark E. Jezioro