kkalev [Fri, 15 Oct 2004 10:42:16 +0000 (10:42 +0000)]
Small type in login_time_create, close bug #141
aland [Tue, 12 Oct 2004 17:46:38 +0000 (17:46 +0000)]
s/T_INVALID/T_OP_INVALID/
This should make bug #91 easier to fix.
pnixon [Thu, 7 Oct 2004 18:26:37 +0000 (18:26 +0000)]
Support Quintum VSA's in the same manner as Cisco VSA's (They are compatible)
aland [Tue, 5 Oct 2004 14:40:54 +0000 (14:40 +0000)]
Removed extraneous bracket
aland [Tue, 5 Oct 2004 14:37:01 +0000 (14:37 +0000)]
Use mutexes only if we have pthread.h
Don't set "Auth-Type = LDAP" if the packet doesn't contain a
User-Password attribute. That screws up too many people.
aland [Tue, 5 Oct 2004 14:14:31 +0000 (14:14 +0000)]
Use new samba scheme, in addition to old one
aland [Mon, 4 Oct 2004 15:25:36 +0000 (15:25 +0000)]
Build pton/ntop if the functions exist, AND AF_INET6 exists
pnixon [Fri, 1 Oct 2004 13:10:34 +0000 (13:10 +0000)]
Update all mentions of h323confid to callid to match previous schema changes
aland [Wed, 29 Sep 2004 20:49:13 +0000 (20:49 +0000)]
If we're told to log passwords, and there's no User-Password,
print the Auth-Type in the log message, so as not to confuse
people who expect to see a password
aland [Wed, 29 Sep 2004 15:58:20 +0000 (15:58 +0000)]
May have failed to read a VP.
Bug & patch by Kevin Bonner
kkalev [Wed, 29 Sep 2004 08:20:02 +0000 (08:20 +0000)]
In sql_set_user in the radius_xlat don't call the escape function. The
resulting string will be escaped in the queries xlat so we don't need
to escape it twice (it will make things wrong if we have an escape candidate
character in the username).
Patch from Oliver Graf
aland [Mon, 27 Sep 2004 16:33:27 +0000 (16:33 +0000)]
Remember that we initialized the pool
aland [Fri, 24 Sep 2004 14:59:10 +0000 (14:59 +0000)]
Declaring zero-sized arrays is bad
kkalev [Fri, 24 Sep 2004 12:32:29 +0000 (12:32 +0000)]
Add a small documentation file about expiration
aland [Thu, 23 Sep 2004 17:44:40 +0000 (17:44 +0000)]
Added a few more "magic" server-side expansions:
%{<packet>:Packet-Src-IP-Address}, Dst-IP-address, Src-Port, Dst-Port
aland [Wed, 22 Sep 2004 20:23:35 +0000 (20:23 +0000)]
Include the new VALUEs
aland [Wed, 22 Sep 2004 20:18:56 +0000 (20:18 +0000)]
Moved label to a point where it made sense
aland [Wed, 22 Sep 2004 20:03:45 +0000 (20:03 +0000)]
Moved the X-Ascend attributes to the bottom of the file, and
added a number of VALUE's for them, based on the VSA VALUES.
Also included a script to re-generate the X-Ascend-Foo VALUEs,
so that they don't be edited by hand.
aland [Wed, 22 Sep 2004 19:38:25 +0000 (19:38 +0000)]
Removed duplicate VALUE names
aland [Wed, 22 Sep 2004 15:22:09 +0000 (15:22 +0000)]
Include code to make udpfromto work.
This closes bug #137
aland [Tue, 21 Sep 2004 14:30:24 +0000 (14:30 +0000)]
strlen doesn't return 'char', so don't put it into a 'char'
variable.
Bug found by Jouni Malinen
pnixon [Sun, 19 Sep 2004 23:07:32 +0000 (23:07 +0000)]
Bring the sample VIEWs and FUNCTIONs inline with the current table structure
aland [Fri, 17 Sep 2004 21:49:57 +0000 (21:49 +0000)]
Rearranged the code to do:
split into argv, expand argv
rather than
expand strings, split into argv
This removes an "argv insertion" vulnerability, where someone
could log in with a username like "foo bar", and get "foo" and "bar"
passed to the executed program as two separate argv's, rather
than one as "foo bar'.
Also, handling of double & single quotes has been added.
This should fix bug #89.
Also, don't call pipe() until after we've verified the arguments to
the function, etc. This means that we won't leak file descriptors.
3APA3A [Fri, 17 Sep 2004 08:20:45 +0000 (08:20 +0000)]
! fixed: MS-CHAP MPPE key is not generated if authenticated with ntlm_auth
kkalev [Thu, 16 Sep 2004 21:12:21 +0000 (21:12 +0000)]
Fix bug #136, bugs found by Pawel Foremski
aland [Thu, 16 Sep 2004 15:12:46 +0000 (15:12 +0000)]
Experimental file to replace rlm_radutmp.c, if it works.
It uses trees & multiple data structures to avoid reading radutmp,
if at all possible. This means that the server uses more memory,
but can run faster with large radutmps.
Tested in simple scenarios, but not in complicated ones.
kkalev [Mon, 13 Sep 2004 09:37:17 +0000 (09:37 +0000)]
Fix a small typo in the userinfo mysql schema. Found by Evert Meulie
mgriego [Fri, 10 Sep 2004 21:34:33 +0000 (21:34 +0000)]
Use T_INVALID since T_OP_INVALID isn't defined. Also, gettoken returns to
operator, not token.
aland [Fri, 10 Sep 2004 19:20:45 +0000 (19:20 +0000)]
Document optional operator.
aland [Fri, 10 Sep 2004 19:15:08 +0000 (19:15 +0000)]
Allow ldap.attrmap to have an extra field, which defines the
operator to use. If the ldap entry doesn't contain an operator,
then the default here will be used.
It's not perfect, but it allows ":=" and "+=" for attributes
with multiple values.
aland [Fri, 10 Sep 2004 19:02:32 +0000 (19:02 +0000)]
Deleted log in the comments, "cvs log" may be used instead.
Whitespace changes, to format the module more like the rest
of the server
aland [Fri, 10 Sep 2004 15:06:27 +0000 (15:06 +0000)]
One last fix for the fix.
kkalev [Fri, 10 Sep 2004 15:04:18 +0000 (15:04 +0000)]
Comment out the access_attr configuration directive by default. That will
make configuring AD server a bit easier.
aland [Fri, 10 Sep 2004 14:50:26 +0000 (14:50 +0000)]
Perform the duplicate check BEFORE adding the attribute to
the list of base attributes.
Updated the duplicate check, to allow duplicate names & numbers,
but different flags/types, while still disallowing duplicate names
with different numbers.
aland [Thu, 9 Sep 2004 14:25:58 +0000 (14:25 +0000)]
Define a macro for max regex matches, so we don't have typos.
Bug found by "Mitchell, Michael"
aland [Wed, 8 Sep 2004 21:36:28 +0000 (21:36 +0000)]
Removed DOS characters
aland [Tue, 7 Sep 2004 16:04:07 +0000 (16:04 +0000)]
Added rbtree_deletebydata()
Added context to user callback for rbtree_walk()
kkalev [Tue, 7 Sep 2004 11:42:21 +0000 (11:42 +0000)]
Fix a small bug in user_admin.php3 found by Joerg Staedele
phampson [Sat, 4 Sep 2004 07:07:46 +0000 (07:07 +0000)]
Silently drop packets with a bad Message-Authenticator, as per RFC3579
phampson [Sat, 4 Sep 2004 07:07:07 +0000 (07:07 +0000)]
Add a Message-Authenticator to the sample, so that a bad secret will cause
rejection, not acceptance.
aland [Fri, 3 Sep 2004 17:43:31 +0000 (17:43 +0000)]
Updates from Guy
aland [Fri, 3 Sep 2004 17:43:13 +0000 (17:43 +0000)]
Added debug message to explain what people are doing wrong
in more descriptive terms...
kkalev [Thu, 2 Sep 2004 16:28:50 +0000 (16:28 +0000)]
Make 'Add NAS' function in the nas admin page more easily accessible
kkalev [Thu, 2 Sep 2004 15:21:40 +0000 (15:21 +0000)]
Store the LDAP-UserDN attribute in the check item list not in the incoming request
kkalev [Thu, 2 Sep 2004 12:02:54 +0000 (12:02 +0000)]
Make pagesize 'all' work again. Bug found by apellido jr., wilfredo p.
phampson [Thu, 2 Sep 2004 06:44:17 +0000 (06:44 +0000)]
Put in a Debian upstream version that is actually created than
anything that'll appear out of the release_1_0 branch.
This is a temporary measure until we have '~' support in dpkg.
(ie Sarge goes stable)
mgriego [Wed, 1 Sep 2004 01:17:34 +0000 (01:17 +0000)]
Call openlog on the first syslog()'d message to set the syslog facility.
mgriego [Tue, 31 Aug 2004 22:32:49 +0000 (22:32 +0000)]
New SQL methodology: SELECT the grouplist, then iterate over the list
grabbing each group's attributes individually and doing a paircmp on each
group instead of shoving them all together and doing a single paircmp
on the entire list of group attributes.
mgriego [Tue, 31 Aug 2004 22:30:24 +0000 (22:30 +0000)]
New MySQL schema for use with new rlm_sql methodology.
mgriego [Tue, 31 Aug 2004 22:29:42 +0000 (22:29 +0000)]
New options and queries for MySQL and the new rlm_sql methodology
mgriego [Tue, 31 Aug 2004 22:28:40 +0000 (22:28 +0000)]
New docs for the new rlm_sql way of doing things.
mgriego [Tue, 31 Aug 2004 21:44:14 +0000 (21:44 +0000)]
If we're not done with the handshake, don't return an EAPTLS_SUCCESS.
aland [Tue, 31 Aug 2004 21:25:55 +0000 (21:25 +0000)]
Updated with changes from 1.0.0, and new changes since then
aland [Tue, 31 Aug 2004 19:24:48 +0000 (19:24 +0000)]
Put the eap sessions into a tree, so that looking them up is
very fast, and no longer O(n) in the number of sessions.
aland [Tue, 31 Aug 2004 18:45:00 +0000 (18:45 +0000)]
Removed extraneous -shared
aland [Mon, 30 Aug 2004 15:34:34 +0000 (15:34 +0000)]
Corrected typo, as found by Kostas Zorbadelos.
pnixon [Sat, 28 Aug 2004 10:26:45 +0000 (10:26 +0000)]
nasty bug that causes new files created by logrotate to have the wrong permissions if radiusd runs as anything by the root user
aland [Fri, 27 Aug 2004 21:38:59 +0000 (21:38 +0000)]
When returning after failed to decrypt attributes, free the pair
we just allocated.
This fixes a memory leak.
aland [Fri, 27 Aug 2004 21:21:37 +0000 (21:21 +0000)]
After running valgrind to get errors, clean up the source, and
discover problems with the dictionaries (sigh)
dict.c now allows duplicate VALUE definitions, so long as both the
name and value are the same. If they differ, it complains.
Given the new complaints, we've also updated the dictionaries.
aland [Fri, 27 Aug 2004 20:30:05 +0000 (20:30 +0000)]
Cleanup request list, if asked
aland [Fri, 27 Aug 2004 18:56:55 +0000 (18:56 +0000)]
Include commented-out code which can be used to debug memory usage
and allocation
aland [Fri, 27 Aug 2004 18:52:28 +0000 (18:52 +0000)]
xlat_free() function, for memory debugging
aland [Fri, 27 Aug 2004 18:46:10 +0000 (18:46 +0000)]
Export dict_free()
When creating the tree of values by name, tell the tree code
that we call "free", to get rid of the entries in it, so we don't
have leaks when calling dict_free()
aland [Fri, 27 Aug 2004 18:22:07 +0000 (18:22 +0000)]
Removed unnecessary xfree, and all references to it
aland [Fri, 27 Aug 2004 15:34:35 +0000 (15:34 +0000)]
Fix compiler warnings.
aland [Thu, 26 Aug 2004 21:43:24 +0000 (21:43 +0000)]
Don't permit retards to enter strange values in the dictionaries
aland [Thu, 26 Aug 2004 21:22:38 +0000 (21:22 +0000)]
USR style attributes have to have at least 8 octets of
vendor data.
Once again, a bug found by a retard.
aland [Thu, 26 Aug 2004 20:52:57 +0000 (20:52 +0000)]
Fix remote crash, as given in a report by a retard who didn't bother
contacting us before publishing vulnerabilities.
He shall remain nameless.
The short summary is that Ascend-Send-Secret, like Tunnel-Password,
requires an "original" packet to decode the attribute. The check
was added for Tunnel-Password, but not Ascend-Send-Secret
aland [Thu, 26 Aug 2004 20:47:50 +0000 (20:47 +0000)]
Add 'test'
aland [Mon, 23 Aug 2004 18:10:05 +0000 (18:10 +0000)]
Updates as posted to the list today
aland [Wed, 18 Aug 2004 20:58:11 +0000 (20:58 +0000)]
If we're printing to a string for xlat's, don't bother escaping
characters, as the user-specified escape function will do that
for us
aland [Wed, 18 Aug 2004 20:31:34 +0000 (20:31 +0000)]
Change include order to get rid of compiler warnings
phampson [Wed, 18 Aug 2004 03:39:26 +0000 (03:39 +0000)]
Gender-neutralise sentence by removing personal pronoun.
phampson [Wed, 18 Aug 2004 03:38:58 +0000 (03:38 +0000)]
Correct manpage section in TH entry.
phampson [Wed, 18 Aug 2004 03:33:15 +0000 (03:33 +0000)]
Regenerate using autoconf 2.59 from configure.in after:
EAP/SIM doesn't depend on OpenSSL. All crypto's done in libeap, and that
all appears to be using SHA1 from libradius anyway.
phampson [Wed, 18 Aug 2004 03:30:09 +0000 (03:30 +0000)]
EAP/SIM doesn't depend on OpenSSL. All crypto's done in libeap, and that
all appears to be using SHA1 from libradius anyway.
aland [Tue, 17 Aug 2004 18:38:44 +0000 (18:38 +0000)]
Don't use bzero
kkalev [Sat, 14 Aug 2004 15:41:50 +0000 (15:41 +0000)]
Move a few header() calls after including config.php3 so that we have access to the relevant
variables.
aland [Fri, 13 Aug 2004 18:33:16 +0000 (18:33 +0000)]
Implemented a module to permit/deny requests based on attributes.
It's different from rlm_attr_filter, in that it doesn't add
attributes to the packet, it just filters requests.
kkalev [Wed, 11 Aug 2004 12:01:35 +0000 (12:01 +0000)]
In rlm_mschap always register the mschap xlat. If we have multiple module
instances then we also register an xlat for each instance.
We add 2 new xlats:
%{mschap: NT-Hash <password>}, %{mschap: LM-Hash <password>}
which returned the corresponding encrypted hash. The rlm_pap module has
been updated to use them in order to also provide support for NT/LM
encryption schemes.
Update radiusd.conf with the 2 new encryption scheme options for rlm_pap
kkalev [Tue, 10 Aug 2004 12:40:05 +0000 (12:40 +0000)]
Move a few paircompare functions for specific attributes from the server core
(src/main/valuepair.c) to the rlm_expr module (we could probably just create
another module, but rlm_expr can do also). That way we keep the server core
as small as possible.
kkalev [Mon, 9 Aug 2004 15:37:46 +0000 (15:37 +0000)]
In user_state also take into account any open sessions when calculating daily/weekly usage.
Add two more lines in the output stating the number of current open sessions and the time used.
kkalev [Mon, 9 Aug 2004 15:31:57 +0000 (15:31 +0000)]
More updates
kkalev [Mon, 9 Aug 2004 15:31:05 +0000 (15:31 +0000)]
Move the Login-Time,Current-Time,Expiration attribute handling to separate
modules, rlm_logintime and rlm_expiration. Move timestr.c to rlm_logintime.
Update makefiles and radiusd.conf
aland [Mon, 9 Aug 2004 13:36:33 +0000 (13:36 +0000)]
Updated debug message, in the hope that a little more text would make
people READ it.
aland [Sun, 8 Aug 2004 18:59:22 +0000 (18:59 +0000)]
Deleted authenticate_query
kkalev [Sat, 31 Jul 2004 07:30:57 +0000 (07:30 +0000)]
Fix operator escaping in lib/sql/change_attrs.php3
kkalev [Sat, 31 Jul 2004 06:57:11 +0000 (06:57 +0000)]
Wrong foreach in show_groups and group_new.
kkalev [Fri, 30 Jul 2004 13:58:15 +0000 (13:58 +0000)]
Add a help screen. The administrator can now also reset the counters.
pnixon [Thu, 29 Jul 2004 15:01:46 +0000 (15:01 +0000)]
Some stupid NASes (Cisco CSPS and Ericsson GGSN to name a couple) do not send AcctSessionTime in Stop packets
aland [Tue, 27 Jul 2004 21:53:00 +0000 (21:53 +0000)]
So says the contact at trapeze
kkalev [Tue, 27 Jul 2004 16:36:15 +0000 (16:36 +0000)]
Update the Authors file
kkalev [Tue, 27 Jul 2004 16:29:25 +0000 (16:29 +0000)]
Use lower cased row names in badusers page
kkalev [Tue, 27 Jul 2004 11:33:41 +0000 (11:33 +0000)]
* Add the style sheet in the content.html
* Enlarge the width for the left frame
* Make show_groups and the drop down menu in group_new work
kkalev [Tue, 27 Jul 2004 04:27:08 +0000 (04:27 +0000)]
Small fix to show_groups.php3
kkalev [Mon, 26 Jul 2004 21:13:06 +0000 (21:13 +0000)]
* Add a drop down menu with existing groups in group_new.php3
* Check for sql in show_groups.php3
* In lib/sql/group_info.php3 if $login is not set, find available groups and place them in
$existing_groups along with a count of users per group. Use the functionality in group_new.php3
and show_groups.php3
* Update TODO
kkalev [Mon, 26 Jul 2004 20:37:38 +0000 (20:37 +0000)]
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
* Move a few elements in the CSS file from the body tag. Suggestion by Gary McKinney
* Update FAQ about using php with no sql support.
* Allow the user to select between viewing FAQ,HOWTO or README in the help page.
* Use $_SERVER instead of $HTTP_SERVER_VARS
kkalev [Fri, 23 Jul 2004 08:29:37 +0000 (08:29 +0000)]
Add nas_table definition. Add readclients directive in postgresql.conf
aland [Thu, 15 Jul 2004 15:04:17 +0000 (15:04 +0000)]
We now have a man page
mgriego [Wed, 14 Jul 2004 20:55:20 +0000 (20:55 +0000)]
Fixed incorrect offset calculations when creating the %{1}, %{2}... entries.