cparker [Wed, 4 Feb 2004 05:58:48 +0000 (05:58 +0000)]
Added additional config explanation.
cparker [Wed, 4 Feb 2004 05:43:12 +0000 (05:43 +0000)]
Adding additional docs
cparker [Wed, 4 Feb 2004 05:30:10 +0000 (05:30 +0000)]
Adding needed docs to prepare for 1.0 release.
aland [Tue, 3 Feb 2004 16:21:28 +0000 (16:21 +0000)]
inet_aton is more portable than inet_pton
Patch from Manuel Ricca
aland [Mon, 2 Feb 2004 19:15:51 +0000 (19:15 +0000)]
Whoops... that's a typo
aland [Fri, 30 Jan 2004 21:01:40 +0000 (21:01 +0000)]
Don't include libradius.h, radiusd.h includes it.
Include netinet/in.h BEFORE radiusd.h, as radiusd.h includes
missing.h, which tries to define INADDR_*
Don't reference pthread functions if we're not building in threaded
mode
mcr [Fri, 30 Jan 2004 20:39:58 +0000 (20:39 +0000)]
updated documentation slightly - to reflect that attributes may
safely change now.
mcr [Fri, 30 Jan 2004 20:35:33 +0000 (20:35 +0000)]
capture the RAND/SRES/Kc when we initialize the SIM
rather than later, when they may have changed.
mcr [Fri, 30 Jan 2004 20:09:41 +0000 (20:09 +0000)]
turn off extra debugging.
mcr [Fri, 30 Jan 2004 20:04:54 +0000 (20:04 +0000)]
added rcsid.
mcr [Fri, 30 Jan 2004 20:00:53 +0000 (20:00 +0000)]
documentation for rlm_sim_triplets.
mcr [Fri, 30 Jan 2004 19:40:33 +0000 (19:40 +0000)]
new test case for simtriplets.dat based example.
mcr [Fri, 30 Jan 2004 19:39:15 +0000 (19:39 +0000)]
describe this test case.
mcr [Fri, 30 Jan 2004 19:38:45 +0000 (19:38 +0000)]
new module to read triplets out of a file for EAP-SIM.
mcr [Fri, 30 Jan 2004 19:38:29 +0000 (19:38 +0000)]
added some debugging of why EAP-sim might not want to
handle the request - lacking RAND1 attribute.
mcr [Fri, 30 Jan 2004 19:38:00 +0000 (19:38 +0000)]
fixed minor typo in comment.
mcr [Fri, 30 Jan 2004 19:37:38 +0000 (19:37 +0000)]
added new option -X to turn on sha1_data_problems.
mcr [Fri, 30 Jan 2004 19:37:13 +0000 (19:37 +0000)]
to further aid in debugging, dump the resulting key as well
aland [Thu, 29 Jan 2004 16:42:43 +0000 (16:42 +0000)]
Use ==, not =
aland [Thu, 29 Jan 2004 16:32:57 +0000 (16:32 +0000)]
Generate proper dh. From Michael Brown
aland [Wed, 28 Jan 2004 20:27:17 +0000 (20:27 +0000)]
the problem arises from the the krb5_data packet struct which
is not initialized. If the check with krb5_kt_read_service_key fails,
a "goto cleanup" occurs, which attempts to free the memory
contained in "packet" if its data pointer is non-NULL.
In our case, the uninitialized packet contained garbage pointing into
kernel space, resulting in a seg fault on the subsequent free().
The fix is simply to memset the struct to zero at the beginning of the
function.
Patch from Jon Moore
aland [Wed, 28 Jan 2004 19:36:09 +0000 (19:36 +0000)]
Update with new comments
aland [Wed, 28 Jan 2004 19:30:29 +0000 (19:30 +0000)]
Deleted lots of special-purpose code to do prefix/suffix matching
in the "hints" file.
We now call the "paircmp" function, which does more, and is less
work for us.
The old "hints" file did prefix & suffix matching, and not much
else. The new "hints" file does all that, and lots more
aland [Wed, 28 Jan 2004 17:08:48 +0000 (17:08 +0000)]
Reserver room for the trailing NUL byte, too
aland [Wed, 28 Jan 2004 16:11:10 +0000 (16:11 +0000)]
Corrected typo
aland [Wed, 28 Jan 2004 16:04:18 +0000 (16:04 +0000)]
Having eap_type2name return a "static" buffer is a very bad idea.
It now gets passed a buffer, and returns either that, or a
'static const char *' pointer to the array of pre-defined names.
aland [Wed, 28 Jan 2004 15:38:40 +0000 (15:38 +0000)]
A slightly different way to build radeapclient, which makes
sure the "make clean" works, too
aland [Tue, 27 Jan 2004 16:08:33 +0000 (16:08 +0000)]
If we get unexpected tunneled data, print it out when doing -Xx
aland [Tue, 27 Jan 2004 16:07:21 +0000 (16:07 +0000)]
Minor cleanups to messages
phampson [Tue, 27 Jan 2004 15:31:56 +0000 (15:31 +0000)]
Fix return value of 1 from cp'ing certificates into installation due to trying
to cp a directory.
Thanks to Toni Mueller
phampson [Tue, 27 Jan 2004 14:02:20 +0000 (14:02 +0000)]
Fix missing make dependancy on radeapclient when installling.
Thanks to Toni Mueller
aland [Mon, 26 Jan 2004 20:36:22 +0000 (20:36 +0000)]
Install certs, too...
aland [Mon, 26 Jan 2004 19:11:48 +0000 (19:11 +0000)]
More and better text
aland [Mon, 26 Jan 2004 19:11:03 +0000 (19:11 +0000)]
More and better documentation in the comments
aland [Mon, 26 Jan 2004 19:10:23 +0000 (19:10 +0000)]
For laziness, add a test certificate directory, which is NOT
installed by default!
aland [Mon, 26 Jan 2004 17:06:31 +0000 (17:06 +0000)]
Use User-Name, not stripped-user-name.
The MS-CHAP response depends on the user name, as sent by the NAS,
so we would do well to use it as-is
aland [Fri, 23 Jan 2004 20:43:40 +0000 (20:43 +0000)]
Clean up instructions for latest snapshot
aland [Fri, 23 Jan 2004 20:42:06 +0000 (20:42 +0000)]
Properly initialize a variable
aland [Fri, 23 Jan 2004 20:12:59 +0000 (20:12 +0000)]
Some systems need -lcrypt for the client...
aland [Fri, 23 Jan 2004 17:22:33 +0000 (17:22 +0000)]
Don't use strncpy
aland [Fri, 23 Jan 2004 17:20:52 +0000 (17:20 +0000)]
Update cheesy strNcpy to NOT call strncpy, which zero-fills the
memory...
aland [Fri, 23 Jan 2004 17:11:11 +0000 (17:11 +0000)]
Enable rlm_exec by default
aland [Fri, 23 Jan 2004 17:10:47 +0000 (17:10 +0000)]
It's NAS-Port, not NAS-Port-Id
aland [Fri, 23 Jan 2004 17:08:43 +0000 (17:08 +0000)]
Added EXE extensions. This may help for Windows, which needs
(and adds) extensions when building executable programs
aland [Fri, 23 Jan 2004 17:06:25 +0000 (17:06 +0000)]
More examples of using inter-variable references in the
configuration file.
aland [Fri, 23 Jan 2004 17:04:28 +0000 (17:04 +0000)]
Define HAVE_OPENSSL_SSL_H, too
aland [Fri, 23 Jan 2004 17:03:16 +0000 (17:03 +0000)]
Point to new scripts for certificate creation, and to suggested
location for certificate directory
aland [Fri, 23 Jan 2004 17:02:31 +0000 (17:02 +0000)]
Add scripts to automatically generate test certificates.
aland [Thu, 22 Jan 2004 19:43:29 +0000 (19:43 +0000)]
corrected typo
aland [Thu, 22 Jan 2004 18:23:19 +0000 (18:23 +0000)]
More attempts to get MySQL working
aland [Thu, 22 Jan 2004 16:47:50 +0000 (16:47 +0000)]
Added big warnings about old & untested features
aland [Thu, 22 Jan 2004 16:30:38 +0000 (16:30 +0000)]
Fix typos
aland [Thu, 22 Jan 2004 16:30:19 +0000 (16:30 +0000)]
Update sample password
aland [Thu, 22 Jan 2004 15:35:28 +0000 (15:35 +0000)]
Install radeapclient, too
aland [Wed, 21 Jan 2004 20:52:42 +0000 (20:52 +0000)]
${module.submodule.item} now works properly
aland [Wed, 21 Jan 2004 20:35:11 +0000 (20:35 +0000)]
Enhanced configuration file variable expansion, hopefully
without breaking anything.
OLD: ${foo} means "foo in current section, OR foo in main section}
e.g. ${logdir}
NEW: ${foo} means the same as before
${.foo} means "foo in current section ONLY", just in case
there are name conflicts.
${..foo} means "foo in the section enclosing this section"
${main.module.submodule.foo} should be obvious...
For now, we need "main" in there, but a commit in the next few
days should remove that restriction...
mcr [Wed, 21 Jan 2004 00:39:55 +0000 (00:39 +0000)]
fixed "ChalX" to "RandX".
added Autz-Type:=, which is really needed for basic testing.
aland [Tue, 20 Jan 2004 16:31:02 +0000 (16:31 +0000)]
Look for stripped user name, then user name, in group cmp.
aland [Mon, 19 Jan 2004 19:09:45 +0000 (19:09 +0000)]
Use a better name for the SQL stuff.
Bug noted by Keith Yoder
aland [Mon, 19 Jan 2004 19:08:21 +0000 (19:08 +0000)]
Don't return "OK" until the TLV success packet was sent back.
Bug & patch noted by Mike Saywell
phampson [Sun, 18 Jan 2004 07:57:11 +0000 (07:57 +0000)]
Imported changes from downstream Debian packaging.
kkalev [Fri, 16 Jan 2004 14:47:29 +0000 (14:47 +0000)]
* Add a message when adding a user in the badusers table
* Close sql connections in add_badusers.php3
kkalev [Fri, 16 Jan 2004 13:50:06 +0000 (13:50 +0000)]
* Add the ability to erase rows from the badusers table
* In log_badlogins for multiple logins if it is a mppp attempt, log it
kkalev [Fri, 16 Jan 2004 13:20:20 +0000 (13:20 +0000)]
res should be int not unsigned
aland [Wed, 14 Jan 2004 16:32:28 +0000 (16:32 +0000)]
Updated text about how to use authentication
aland [Tue, 13 Jan 2004 20:03:18 +0000 (20:03 +0000)]
Look for mysql_config, and believe it, if it exists.
We *could* use mysql_config to set cflags & libs in this script,
and double-check that they work, but when I tried that, it always
failed, even though trying the same tests by hand worked. <sigh>
aland [Tue, 13 Jan 2004 17:05:36 +0000 (17:05 +0000)]
Move the "waitpid" code to after the check for error in select,
which means that we don't clobber errno.
Bug found by Robby Griffin
aland [Tue, 13 Jan 2004 16:07:01 +0000 (16:07 +0000)]
Stupid RedHat stuff. Their OpenSSL uses kerberos by default,
so packages which *don't* want to use Kerberos have to set
RedHat-specific magic, so that OpenSSL will work.
aland [Mon, 12 Jan 2004 21:07:26 +0000 (21:07 +0000)]
Make !* work.
patch from oe Maimon
aland [Mon, 12 Jan 2004 20:24:43 +0000 (20:24 +0000)]
Correct type of PID used in signal handler.
Patch from Andrew Belashov
aland [Mon, 12 Jan 2004 20:21:11 +0000 (20:21 +0000)]
Print timestamp as an unsigned long, which works a little better
on 64-bit systems.
Patch from Andrew Belashov
aland [Mon, 12 Jan 2004 20:18:33 +0000 (20:18 +0000)]
When printing 'size_t' numbers, we *really* should be using %zu.
The 'z' says "the following thing is a size_t"
The 'u' says "unsigned", as ssize_t exists
The problem is that we don't know how prevalent 'z' is. It's
in Linux, NetBSD, FreeBSD, and Solaris, so using it *should* be OK.
In the short term, it's easier to cast the functions returning
size_t to (int), SOLELY for purposes of printing. If the value
doesn't fit into an int, then only the debugging messages will
be wrong, as this change doesn't affect the code logic at all.
Patch from Andrew Belashov, tested on 64-bit sparc systems
aland [Mon, 12 Jan 2004 18:27:08 +0000 (18:27 +0000)]
Minor additional documentation
aland [Mon, 12 Jan 2004 18:23:57 +0000 (18:23 +0000)]
Cleaned up request handling logic. I'm not sure what I was
thinking before, but this makes sense.
aland [Mon, 12 Jan 2004 18:21:33 +0000 (18:21 +0000)]
Added a large amount of text, which walks through the configurable
fail-over in steps. I finally understand what it does...
aland [Mon, 12 Jan 2004 18:20:43 +0000 (18:20 +0000)]
Allow "redundant", "group", and "append" as section names,
even if they're not modules.
They're used by the configurable fail-over code (which has
apparently been broken in the CVS head for a while, due to the
lack of this patch)
aland [Mon, 12 Jan 2004 18:19:06 +0000 (18:19 +0000)]
Reserve priority zero for future use
aland [Mon, 12 Jan 2004 18:18:23 +0000 (18:18 +0000)]
Minor formatting to be pretty
aland [Mon, 12 Jan 2004 18:18:00 +0000 (18:18 +0000)]
Pass *all* VP's to the exec'd program, instead of leaving the
last one
aland [Mon, 12 Jan 2004 18:17:27 +0000 (18:17 +0000)]
FCNTL locks work across processes. For threads, we need an
additional mutex
aland [Mon, 12 Jan 2004 18:15:59 +0000 (18:15 +0000)]
Added comments about LD_LIBRARY_PATH, and pre-loading libraries,
so that local craziness with OpenSSL and MySQL may be worked around
aland [Mon, 12 Jan 2004 18:12:49 +0000 (18:12 +0000)]
Make unlimited login-time work.
patch from Dmitry Lebkov
aland [Mon, 12 Jan 2004 18:09:13 +0000 (18:09 +0000)]
From Dustin Doris
aland [Sat, 10 Jan 2004 15:50:40 +0000 (15:50 +0000)]
For Mikrotik routers
aland [Fri, 9 Jan 2004 21:05:24 +0000 (21:05 +0000)]
Added dictionary for 3gpp2
aland [Thu, 8 Jan 2004 17:03:54 +0000 (17:03 +0000)]
If there are no OpenSSL libraries, don't include them.
aland [Wed, 7 Jan 2004 20:38:51 +0000 (20:38 +0000)]
Look for openssl/rand.h, too.
aland [Wed, 7 Jan 2004 20:38:16 +0000 (20:38 +0000)]
Hoist OpenSSL checks from a number of different places into
the top-level configuration file. This now exports OPENSSL_INCLUDES
and OPENSSL_LIBS *only* if it decides that it likes what it finds.
This also adds Michael Griego's patch to check for OpenSSL version
greater than or equal to 0.9.7.
The various EAP types now have stupidly simply configuration scripts,
which just look for OPENSSL_INCLUDES and OPENSSL_LIBS, rather than
re-doing all of the header/lib checking themselves.
We've got to apply the same patch to LDAP & X99_Token, but they
still work..
aland [Wed, 7 Jan 2004 18:13:53 +0000 (18:13 +0000)]
A little cleaner check for identity & username.
Patch from Michael Griego.
Hmm... the new code looks fairly duplicate. We could factor
it into a function for less code...
aland [Wed, 7 Jan 2004 17:55:12 +0000 (17:55 +0000)]
Updated the debugging message to make a little more sense.
aland [Wed, 7 Jan 2004 17:07:41 +0000 (17:07 +0000)]
Add script which sets LD_LIBRARY_PATH, etc, so that OpenSSL
weirdness can be taken care of.
It should also work for MySQL...
aland [Wed, 7 Jan 2004 15:55:26 +0000 (15:55 +0000)]
When finding MS-CHAP attributes, do "Auth-Type = MSCHAP", rather
than ":=". This means it won't over-ride any previous setting
of auth-type "accept" or "reject"
aland [Mon, 5 Jan 2004 17:06:35 +0000 (17:06 +0000)]
Clean up the examples
aland [Mon, 5 Jan 2004 17:06:16 +0000 (17:06 +0000)]
More description of the dictionaries & how they work.
aland [Mon, 5 Jan 2004 17:05:46 +0000 (17:05 +0000)]
Minor updates to the text.
Don't talk about disabling it. We don't want the users to do that.
aland [Mon, 5 Jan 2004 17:05:09 +0000 (17:05 +0000)]
When we have a stop record, don't compare it to unused entries.
This means that if we get two duplicate stops, the second one will
cause the server to complain. Previously, the server *may* have
complained, but not necessarily...
aland [Mon, 5 Jan 2004 17:03:54 +0000 (17:03 +0000)]
Use NAS-Port, not NAS-Port-Id in acct_unique.
The module should really be fixed to use xlat's...
aland [Mon, 5 Jan 2004 17:03:18 +0000 (17:03 +0000)]
Removed text saying there is a restriction on the number of
load-balancing realms
aland [Mon, 5 Jan 2004 17:02:31 +0000 (17:02 +0000)]
Removed restriction that there be no more than 32 load-balancing
realms, by implementing a new algorithm, which walks the list once,
and picks 1 of N. (See the Camel Book)
aland [Mon, 5 Jan 2004 17:01:19 +0000 (17:01 +0000)]
Updated "readvp2" (only used by radclient) to be a little more
tolerant of its input, and to NOT leak memory if there was an
error reading the VP's