Alan T. DeKok [Fri, 6 Mar 2009 01:56:57 +0000 (02:56 +0100)]
Hackery to delete dynamic clients.
Rather than freeing them, we put them onto a queue (in the client_free
routine). We then periodically check the queue to see if we need
to flush it...
Alan T. DeKok [Thu, 5 Mar 2009 16:10:30 +0000 (17:10 +0100)]
Note reject changes
Alan T. DeKok [Thu, 5 Mar 2009 14:55:26 +0000 (15:55 +0100)]
Don't double free memory on response to ping
Alan T. DeKok [Wed, 4 Mar 2009 12:52:35 +0000 (13:52 +0100)]
Simplified use of syslog options
Patch from Hermann Lauer
Alan T. DeKok [Wed, 4 Mar 2009 12:38:03 +0000 (13:38 +0100)]
Cleaned up code based on report of crash.
Added additional notes on coa
moved "check for reply" in received_proxy_response to earlier,
as it shouldn't be done later.
Simplified check for CoA divorce. This is the code that crashed
(still no idea why), but the new code should do the intended checks,
without the un-intended side effects
Alan T. DeKok [Wed, 4 Mar 2009 11:55:42 +0000 (12:55 +0100)]
Free CoA only if it doesn't have an event associated with it
Alan T. DeKok [Mon, 2 Mar 2009 09:31:16 +0000 (10:31 +0100)]
Keep track of total responses for clients, too
Alan T. DeKok [Mon, 2 Mar 2009 09:25:44 +0000 (10:25 +0100)]
Clarify help on stats
Alan T. DeKok [Sun, 1 Mar 2009 07:41:22 +0000 (08:41 +0100)]
Fixed typo
Alan T. DeKok [Sun, 1 Mar 2009 07:40:10 +0000 (08:40 +0100)]
Re-write documentation for people who don't read it
Alan T. DeKok [Sat, 28 Feb 2009 08:33:29 +0000 (09:33 +0100)]
Mark data to be freed
Alan T. DeKok [Sat, 28 Feb 2009 08:30:28 +0000 (09:30 +0100)]
Allow injection of packets via radmin
inject to auth 127.0.0.1 1812
inject from 127.0.0.1
inject file input output
Allows you to test policies by injecting packets as if they came
from a particular client. This should ONLY be used in debugging mode.
Alan T. DeKok [Thu, 26 Feb 2009 16:55:23 +0000 (17:55 +0100)]
Point to correct buffer
Alan T. DeKok [Thu, 26 Feb 2009 15:15:34 +0000 (16:15 +0100)]
Export packet code table
Chris Moules [Thu, 19 Feb 2009 15:38:43 +0000 (15:38 +0000)]
Update debian patch for changes to radiusd.conf logic.
Alan T. DeKok [Thu, 19 Feb 2009 14:48:04 +0000 (15:48 +0100)]
Added constraint
Noted by Sebastian Heil
Alan T. DeKok [Thu, 19 Feb 2009 14:20:21 +0000 (15:20 +0100)]
Differentiate "no result" from "too many results"
Chris Moules [Wed, 18 Feb 2009 12:48:52 +0000 (12:48 +0000)]
Patch so that the "allocate-find" ippool lookup will match "expiry_time" when is NULL. This is its default state, so unless otherwise set, you will never get a IP from the pool.
Chris Moules [Wed, 18 Feb 2009 12:44:38 +0000 (12:44 +0000)]
Fix typo in MySQL ippool.conf and revert change from privous patch that modified one too many statements with "IS NULL" => "= NULL". One of these was in a WHERE clause where the "IS NULL" syntax is correct and needed.
Chris Moules [Tue, 17 Feb 2009 14:19:20 +0000 (14:19 +0000)]
Fix typo
Alan T. DeKok [Tue, 17 Feb 2009 13:14:18 +0000 (14:14 +0100)]
Fixed debug message. Noted by Dave Anderson.
Alan T. DeKok [Tue, 17 Feb 2009 13:13:07 +0000 (14:13 +0100)]
WiMAX needs OpenSSL for proper functionality
Alan T. DeKok [Tue, 17 Feb 2009 13:11:31 +0000 (14:11 +0100)]
Remove broken macro.
C preprocessor directives aren't allowed in macros
Alan T. DeKok [Tue, 17 Feb 2009 13:09:30 +0000 (14:09 +0100)]
This was moved earlier
Alan T. DeKok [Tue, 17 Feb 2009 13:07:32 +0000 (14:07 +0100)]
Answer vmps reconfirmation request
Patch from Hermann Lauer.
Alan T. DeKok [Tue, 17 Feb 2009 13:06:59 +0000 (14:06 +0100)]
Sample logrotate script
Alan T. DeKok [Sun, 15 Feb 2009 11:05:55 +0000 (12:05 +0100)]
Added sample commands
Alan T. DeKok [Sun, 15 Feb 2009 10:49:36 +0000 (11:49 +0100)]
Added "help -r"
This prints *all* of the available help
Alan T. DeKok [Sun, 15 Feb 2009 10:31:23 +0000 (11:31 +0100)]
Set Accounting-Response in post-proxy fail
Alan T. DeKok [Sun, 15 Feb 2009 08:29:45 +0000 (09:29 +0100)]
Allow the detail poll interval to be configurable
Alan T. DeKok [Sun, 15 Feb 2009 08:04:10 +0000 (09:04 +0100)]
More documentation
Alan T. DeKok [Sun, 15 Feb 2009 08:00:28 +0000 (09:00 +0100)]
Documentation for raddebug
Alan T. DeKok [Sun, 15 Feb 2009 07:44:38 +0000 (08:44 +0100)]
Minor cleanups
Added -d and usage
Alan T. DeKok [Fri, 13 Feb 2009 20:49:22 +0000 (21:49 +0100)]
Command to print debugging from a running server.
Very useful!
Alan T. DeKok [Fri, 13 Feb 2009 15:08:27 +0000 (16:08 +0100)]
Fix handling of "debug file [filename]"
Make filename optional, which means "no debug file".
Re-arrange how we handle the pointers, to avoid threading issues
Alan T. DeKok [Fri, 13 Feb 2009 15:06:07 +0000 (16:06 +0100)]
Suppress LF's if there's no output
Alan T. DeKok [Fri, 13 Feb 2009 14:08:14 +0000 (15:08 +0100)]
Change detail polling interval from 1s to 10s
This lowers the noise in debugging mode. It shouldn't affect performance.
Alan T. DeKok [Wed, 11 Feb 2009 17:39:21 +0000 (18:39 +0100)]
Fixed typo
Alan T. DeKok [Tue, 10 Feb 2009 08:48:17 +0000 (09:48 +0100)]
More instructions on DHCP
Alan T. DeKok [Tue, 10 Feb 2009 08:08:13 +0000 (09:08 +0100)]
Moved otp.conf to modules/otp
Alan T. DeKok [Thu, 5 Feb 2009 15:22:10 +0000 (16:22 +0100)]
Add "require message authenticator" config to home servers
Alan T. DeKok [Thu, 5 Feb 2009 15:11:06 +0000 (16:11 +0100)]
Move "allocate request->proxy" to home_server_ldb
In preparation for other work
Alan T. DeKok [Thu, 5 Feb 2009 11:05:38 +0000 (12:05 +0100)]
Moved checks for detail to home_server_ldb
Rather than proxying to a home server, and THEN deciding it
wasn't a good idea, we simply skip that home server during
the process of trying to find one.
Alan T. DeKok [Tue, 3 Feb 2009 14:15:03 +0000 (15:15 +0100)]
Corrected typo. Noted by Chris Moules
Alan T. DeKok [Tue, 3 Feb 2009 13:39:41 +0000 (14:39 +0100)]
Fixed name
Alan T. DeKok [Tue, 3 Feb 2009 13:33:53 +0000 (14:33 +0100)]
Note issue as reported in bug #622
Alan T. DeKok [Tue, 3 Feb 2009 13:33:29 +0000 (14:33 +0100)]
Free insthandle if there's no detach function
Alan T. DeKok [Tue, 3 Feb 2009 13:32:23 +0000 (14:32 +0100)]
Corrected typo
Alan T. DeKok [Tue, 3 Feb 2009 13:22:03 +0000 (14:22 +0100)]
Cleaned up source code && updated "configure"
Alan T. DeKok [Tue, 3 Feb 2009 10:26:34 +0000 (11:26 +0100)]
New module as supplied by Siemens
Alan T. DeKok [Tue, 3 Feb 2009 09:54:32 +0000 (10:54 +0100)]
Revert "Change default hash function to SHA1. MD5 is broken."
This reverts commit
340f01028f6f2dc8fa18336c9448f2787fc8de0f.
However, many versions of OpenSSL don't include SHA support,
so doing this would break the default install. <sigh>
Alan T. DeKok [Mon, 2 Feb 2009 10:24:51 +0000 (11:24 +0100)]
Note recent changes
Alan T. DeKok [Mon, 2 Feb 2009 09:47:40 +0000 (10:47 +0100)]
Expose more functions
Based on a patch from Chris Moules
Alan T. DeKok [Mon, 2 Feb 2009 09:31:04 +0000 (10:31 +0100)]
Load anonymous pools by type, not hard-coded to CoA
Alan T. DeKok [Sun, 1 Feb 2009 18:13:37 +0000 (19:13 +0100)]
Updated copyright date
Alan T. DeKok [Sun, 1 Feb 2009 18:13:06 +0000 (19:13 +0100)]
Updates for 2009
Alan T. DeKok [Fri, 30 Jan 2009 10:24:11 +0000 (11:24 +0100)]
Added UNUSED
Alan T. DeKok [Fri, 30 Jan 2009 10:23:13 +0000 (11:23 +0100)]
Save string for regexes
Alan T. DeKok [Fri, 30 Jan 2009 10:20:32 +0000 (11:20 +0100)]
Simplified patch from b4c873
Arnaud Ebalard [Fri, 30 Jan 2009 10:16:37 +0000 (11:16 +0100)]
Fix broken EAP-TLS (bug introduced 2008/08/24 by
b51a3a82)
Thu, 29 Jan 2009 16:31:10 +0100
To: aland <aland@deployingradius.com>
CC: Axel Tillequin <axel.tillequin@eads.net>, FreeRadius developers mailing list <freeradius-devel@lists.freeradius.org>
Hi,
As explained in previous mails of the thread, FreeRadius EAP-TLS support
is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished
messages are not sent). Bisecting the issue led me here:
commit
b51a3a82edb797f5d0a2758bd1a38359d6f66803
Author: Alan T. DeKok <aland@freeradius.org>
Date: Sun Aug 24 10:04:55 2008 +0200
Clean up debug && log messages
AFAICT, the test that prevented eaptls_ack_handler() to return
EAPTLS_SUCCESS *before* flushing remaining local messages
(i.e. returning EAPTLS_REQUEST so that they be sent to the peer to
complete the TLS handshake) was removed in that commit.
The patch below is against current git tree. With Axel, we tested the
fix with 2.1.3: it corrects the issue.
Cheers,
a+
Signed-off-by: Arnaud Ebalard <arno@natisbad.org>
Tested-by: Axel Tillequin <axel.tillequin@gmail.com>
Alan T. DeKok [Fri, 30 Jan 2009 10:13:48 +0000 (11:13 +0100)]
Corrected typo
Alan T. DeKok [Thu, 29 Jan 2009 11:54:00 +0000 (12:54 +0100)]
Chop ethernet frame to 253 rather than rejecting the packet
Alan T. DeKok [Wed, 28 Jan 2009 15:25:21 +0000 (16:25 +0100)]
Corrected typo
Alan T. DeKok [Wed, 28 Jan 2009 13:59:42 +0000 (14:59 +0100)]
Corrected MySQL syntax to = NULL
Alan T. DeKok [Tue, 27 Jan 2009 09:14:02 +0000 (10:14 +0100)]
Added freeswitch dictionary
Alan T. DeKok [Wed, 21 Jan 2009 13:32:29 +0000 (14:32 +0100)]
Look for setuid, too
Alan T. DeKok [Wed, 21 Jan 2009 10:13:24 +0000 (11:13 +0100)]
If we're at EOF, the socket will never be ready
So check for EOF in more places
Alan T. DeKok [Mon, 19 Jan 2009 15:15:08 +0000 (16:15 +0100)]
Notes on MySQL
Alan T. DeKok [Mon, 19 Jan 2009 13:51:19 +0000 (14:51 +0100)]
Try to work around transactional issues...
Alan T. DeKok [Mon, 19 Jan 2009 12:41:34 +0000 (13:41 +0100)]
Clean up CoA origination to not depend on CoA
This makes the patch a little cleaner
Alan T. DeKok [Sun, 18 Jan 2009 16:16:10 +0000 (17:16 +0100)]
Removed extraneous line
Alan T. DeKok [Sun, 18 Jan 2009 15:13:13 +0000 (16:13 +0100)]
CoA is in request->proxy, not request->packet
Alan T. DeKok [Tue, 13 Jan 2009 13:01:14 +0000 (14:01 +0100)]
Note restrictions on detail file usage
Alan T. DeKok [Mon, 12 Jan 2009 13:32:10 +0000 (14:32 +0100)]
Commented out SQL modules by default.
Unlike the EAP module, they need *additional* things to be configured
before they will work. So you can't just build the server with SQL
support, and then start it. You need to edit sql.conf, etc.
In the interest of making the server start quickly in debugging mode,
the SQL module configurations are now commented out.
Alan T. DeKok [Mon, 12 Jan 2009 09:14:12 +0000 (10:14 +0100)]
Change default hash function to SHA1. MD5 is broken.
Alan T. DeKok [Mon, 12 Jan 2009 09:13:14 +0000 (10:13 +0100)]
More updates
Alan T. DeKok [Mon, 12 Jan 2009 09:12:05 +0000 (10:12 +0100)]
run_dir depends on ${name}, too
Alan T. DeKok [Wed, 7 Jan 2009 09:51:34 +0000 (10:51 +0100)]
Added notes on using "screen"
Alan T. DeKok [Tue, 6 Jan 2009 11:09:30 +0000 (12:09 +0100)]
Check for setuid, and use those checks
Alan T. DeKok [Tue, 6 Jan 2009 11:02:34 +0000 (12:02 +0100)]
Updated build to use (or not) self-pipes
If we're on platforms that don't support pipes, OR on platforms
that don't have threads, don't use self pipes.
Alan T. DeKok [Fri, 28 Nov 2008 10:42:59 +0000 (11:42 +0100)]
Limit the maximum number of queries over one SQL socket.
Similar to the "lifetime" change. If there are issues such as DB
memory leaks per client socket, then it is a good idea to periodically
close the client sockets.
Alan T. DeKok [Fri, 28 Nov 2008 10:00:25 +0000 (11:00 +0100)]
Add "lifetime" to SQL sockets.
After "lifetime" seconds, an open connection is closed. This can help
address issues such as firewalls that time out open connections...
Alan T. DeKok [Fri, 2 Jan 2009 18:43:53 +0000 (19:43 +0100)]
Corrected typo
Alan T. DeKok [Fri, 2 Jan 2009 15:23:03 +0000 (16:23 +0100)]
Enable the server to originate CoA-Request && Disconnect-Request
This is a fairly large change in the server, but is protected
by WITH_COA, so you can build without it, if you want to do that.
Alan T. DeKok [Thu, 1 Jan 2009 09:31:23 +0000 (10:31 +0100)]
Added "make cert" commands to bootstrap file
This helps it work when people don't have "make" installed
Alan T. DeKok [Thu, 18 Dec 2008 09:38:31 +0000 (10:38 +0100)]
Added WiMAX-MN-NAI and other server-side attributes
These were inexplicably left out.
Alan T. DeKok [Tue, 16 Dec 2008 15:24:25 +0000 (16:24 +0100)]
Simplified detail file polling
Moved loop over listeners to using the event API. This removes one
function, and simplifies the code.
Alan T. DeKok [Mon, 15 Dec 2008 10:57:54 +0000 (11:57 +0100)]
Removed dead code.
Closes Coverity #2
Alan T. DeKok [Mon, 15 Dec 2008 10:55:08 +0000 (11:55 +0100)]
If input pairs is NULL, return NOOP
Closes Coverity #6
Alan T. DeKok [Mon, 15 Dec 2008 10:49:09 +0000 (11:49 +0100)]
Free memory on error && exit.
Closes Coverity #16
Alan T. DeKok [Mon, 15 Dec 2008 10:43:15 +0000 (11:43 +0100)]
Removed dead code.
Closes Coverity #56
Alan T. DeKok [Mon, 15 Dec 2008 10:41:51 +0000 (11:41 +0100)]
If it's not a known option, it's an error.
Closes Coverity #57
Alan T. DeKok [Mon, 15 Dec 2008 10:39:31 +0000 (11:39 +0100)]
Suppress trailing NULs properly.
Closes Coverity #58
Alan T. DeKok [Mon, 15 Dec 2008 10:35:32 +0000 (11:35 +0100)]
Check tag values, too.
When comparing attributes, both tag AND value have to match
for the attributes to compare as equal.
Closes Coverity #59
Alan T. DeKok [Mon, 15 Dec 2008 10:32:52 +0000 (11:32 +0100)]
pairparsevalue() cannot be passed a NULL value.
Closes Coverity #62
Alan T. DeKok [Sun, 14 Dec 2008 22:02:21 +0000 (23:02 +0100)]
Remove dead code
Fixes Coverity #60
Alan T. DeKok [Sun, 14 Dec 2008 09:40:43 +0000 (10:40 +0100)]
Prepare for 2.1.4
Alan T. DeKok [Sun, 14 Dec 2008 09:31:17 +0000 (10:31 +0100)]
Change where we do suid up/down.
If the server starts as root, but it supposed to run as another
user, we want to *temporarily* drop permissions very early. Then,
when binding to privileged sockets, we re-gain permissions.
Once all of the sockets are open, we drop them permanently.
However, if we suid up for *all* sockets, then the control socket
will be created as root, rather than as the unprivileged user.
To fix that, we put suid up/down just around the 2 calls that
need it.
Alan T. DeKok [Sun, 14 Dec 2008 08:48:03 +0000 (09:48 +0100)]
Work around issue in gmake.
We were using PWD, and expecting it to be the current directory.
But apparently that's not how gmake works. We have to call
$(shell pwd) instead.
Alan T. DeKok [Sat, 13 Dec 2008 08:44:51 +0000 (09:44 +0100)]
One more check for parse error
If the statement didn't have a condition check, it's a parse error.
e.g.
()
(!)
(cond || )
(cond && )