Sam Hartman [Fri, 3 Feb 2012 19:09:23 +0000 (14:09 -0500)]
chbind: sample virtual server
this is a sample channel binding virtual server for
draft-ietf-abfab-gss-eap. It's not complete but is intended to be
sufficient to start testing.
Kevin [Fri, 3 Feb 2012 13:15:10 +0000 (08:15 -0500)]
Eap channel binding support code
Alan T. DeKok [Tue, 31 Jan 2012 10:51:30 +0000 (11:51 +0100)]
Don't link in sites-enabled/tls
It confuses too many people
Alan T. DeKok [Tue, 31 Jan 2012 09:55:11 +0000 (10:55 +0100)]
Add documentation
Alan T. DeKok [Tue, 31 Jan 2012 09:25:25 +0000 (10:25 +0100)]
First pass at cablelabs nonsense
It doesn't do anything. But we've at least recorded the structures
necessary for full decoding
Alan T. DeKok [Mon, 30 Jan 2012 19:05:33 +0000 (20:05 +0100)]
Use unused variable
Alan T. DeKok [Mon, 30 Jan 2012 19:03:46 +0000 (20:03 +0100)]
Parantheses to avoid compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 19:03:05 +0000 (20:03 +0100)]
Add "const" for compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 19:02:05 +0000 (20:02 +0100)]
Fix compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 18:58:34 +0000 (19:58 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:55:05 +0000 (19:55 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:50:27 +0000 (19:50 +0100)]
deal with unused arguments
Alan T. DeKok [Mon, 30 Jan 2012 18:49:54 +0000 (19:49 +0100)]
Change data type to avoid compiler warnings
Alan T. DeKok [Sun, 29 Jan 2012 11:14:51 +0000 (12:14 +0100)]
Enable DHCP by default
Alan T. DeKok [Fri, 27 Jan 2012 09:48:40 +0000 (10:48 +0100)]
A bit better fix. Not done yet
Alan T. DeKok [Fri, 27 Jan 2012 09:35:09 +0000 (10:35 +0100)]
Correctly determine TARGET
Don't just blindly append a ".a" to it
Alan T. DeKok [Fri, 27 Jan 2012 09:29:48 +0000 (10:29 +0100)]
Correct references to record_plus/minus()
Alan T. DeKok [Fri, 27 Jan 2012 09:26:04 +0000 (10:26 +0100)]
Move dump_hex() function to tls_listen.c
Alan T. DeKok [Fri, 27 Jan 2012 08:00:31 +0000 (09:00 +0100)]
Add in missing C file again
Alan T. DeKok [Fri, 27 Jan 2012 07:59:05 +0000 (08:59 +0100)]
FIx typos
Alan T. DeKok [Fri, 27 Jan 2012 07:53:20 +0000 (08:53 +0100)]
Add missing file
Alan T. DeKok [Thu, 26 Jan 2012 15:06:02 +0000 (16:06 +0100)]
Move server-specific code to tls_listen.c
This lets us build radeapclient, which can do EAP-MD5,
or EAP-TLS if OpenSSL is enabled
Alan T. DeKok [Thu, 26 Jan 2012 09:28:39 +0000 (10:28 +0100)]
Add radsniff to configure scripts
Alan T. DeKok [Thu, 26 Jan 2012 09:01:05 +0000 (10:01 +0100)]
Made ECHO a macro
so that doing "ECHO=true" means the ONLY output becomes errors
from the compiler.
Alan T. DeKok [Thu, 26 Jan 2012 08:54:21 +0000 (09:54 +0100)]
Fix typo
Alan T. DeKok [Wed, 25 Jan 2012 17:02:50 +0000 (18:02 +0100)]
Start integrating new build system with "configure"
Have the "all.mk" files generated by "configure".
Alan T. DeKok [Tue, 24 Jan 2012 14:55:30 +0000 (15:55 +0100)]
Put quotes around string
Alan T. DeKok [Wed, 25 Jan 2012 13:44:14 +0000 (14:44 +0100)]
Use non-zero timeout in pcap_open_live
http://www.tcpdump.org/pcap.html says:
to_ms is the read time out in milliseconds (a value of 0 means
no time out; on at least some platforms, this means that you may
wait until a sufficient number of packets arrive before seeing
any packets, so you should use a non-zero timeout)
Nice..
Alan T. DeKok [Wed, 25 Jan 2012 13:34:53 +0000 (14:34 +0100)]
New build rules for radsniff
Alan T. DeKok [Wed, 25 Jan 2012 10:53:29 +0000 (11:53 +0100)]
Remove "hash" from RADIUS_PACKET
It's no longer needed. Various support functions are
also removed.
Alan T. DeKok [Wed, 25 Jan 2012 10:52:23 +0000 (11:52 +0100)]
Correctly calculate dependencies
FIRST filter absolute path -> ${top_srcdir}
THEN filter absolute path -> ${BUILDDIR}
THEN delete all other absolute paths.
They're not part of our build!
Alan DeKok [Tue, 24 Jan 2012 18:59:16 +0000 (10:59 -0800)]
Merge pull request #45 from mcnewton/build-tidy
Couple of minor build tidyness issues
Alan T. DeKok [Tue, 24 Jan 2012 14:31:23 +0000 (15:31 +0100)]
Fix typo. "post-auth", not "postauth"
Alan T. DeKok [Tue, 24 Jan 2012 14:24:53 +0000 (15:24 +0100)]
Fix rules for installing header files
Alan T. DeKok [Tue, 24 Jan 2012 14:13:42 +0000 (15:13 +0100)]
Link to the crypt libraries if necessary
Alan T. DeKok [Tue, 24 Jan 2012 14:10:54 +0000 (15:10 +0100)]
Don't build radeapclient.
It requires the TLS code from src/main, which in turn requires
much of the server core. People should use eapol_test instead.
Alan T. DeKok [Tue, 24 Jan 2012 12:17:58 +0000 (13:17 +0100)]
One last build rule
CFLAGS points to -Isrc, instead of -I$(BUILDDIR)/make/include
Alan T. DeKok [Tue, 24 Jan 2012 10:37:12 +0000 (11:37 +0100)]
Print out correct install target
Alan T. DeKok [Tue, 24 Jan 2012 10:09:43 +0000 (11:09 +0100)]
Use $(LIBS) for TGT_LDLIBS
Which automatically gets -lpthread if needed, and the Max OSX
directory services flags
Alan T. DeKok [Tue, 24 Jan 2012 10:09:18 +0000 (11:09 +0100)]
Don't delete blank lines from dependency fixer.
It breaks on Linux
Alan T. DeKok [Tue, 24 Jan 2012 08:57:06 +0000 (09:57 +0100)]
add_rpath is static
Matthew Newton [Mon, 23 Jan 2012 20:27:53 +0000 (20:27 +0000)]
Tidy src/modules/rlm_wimax/Makefile
Matthew Newton [Mon, 23 Jan 2012 20:16:14 +0000 (20:16 +0000)]
Fix up debian package after modules -> mods-available move
Alan T. DeKok [Mon, 23 Jan 2012 20:10:01 +0000 (21:10 +0100)]
OCSP_REQ_CTX is only in newer versions of OpenSSL
Alan T. DeKok [Mon, 23 Jan 2012 17:16:51 +0000 (18:16 +0100)]
Use the new build framework
By editing Make.inc, and adding "BOILER=yes" to the end.
It's not automatically enabled, because we don't want it to
break peoples systems.
The result is MUCH faster build times. "make" from the top
level takes ~0.2s, instead of 7 seconds.
Alan T. DeKok [Mon, 23 Jan 2012 17:15:57 +0000 (18:15 +0100)]
A libtool-style wrapper.
Faster, and portable. For more, see:
https://github.com/alandekok/jlibtool
Alan T. DeKok [Mon, 23 Jan 2012 17:11:20 +0000 (18:11 +0100)]
Support new build system
After 10+ years, recursive make should be left behind.
This new framework is taken from:
https://github.com/dmoulding/boilermake
with some changes by myself. The basic framework is ~500 lines
of GNU Makefile code. Adding libtool-style wrappers and install
frameworks is another ~500 LoC. The result is that we now
have a build system which all developers should use.
Each individual Makefile is small, simple, etc. Dependencies
are automatically calculated and tracked, so the developer
doesn't have to worry.
The minor downside is that you can't do "cd X;make". This is
a GOOD thing, because Make now handles all dependencies. i.e.
building in a subdirectory should NEVER be necessary.
All output goes into the "build" directory, which is a bit of
a change.
Matthew Newton [Mon, 23 Jan 2012 12:48:49 +0000 (13:48 +0100)]
Add OCSP softfail option
Manual pull of commit
5fedd50c4af05164a
Matthew Newton [Mon, 23 Jan 2012 12:45:50 +0000 (13:45 +0100)]
Add OCSP timeout option
Manual pull of commit
07a4b30f181
Alan T. DeKok [Fri, 20 Jan 2012 12:37:16 +0000 (13:37 +0100)]
Fix typo
Alan T. DeKok [Fri, 20 Jan 2012 12:37:41 +0000 (13:37 +0100)]
Move to the correct place
Fajar A. Nugraha [Fri, 20 Jan 2012 12:30:43 +0000 (13:30 +0100)]
Use the RADIUS SQL IP Pool module to allocate addresses for DHCP
This commit adds MySQL-specific queries for DHCP in ippool-dhcp.conf,
a sample configuration for the sqlippool module in dhcp_sqlippool,
examples of using it in sites-available/dhcp,
and "glue" policies in policy.conf
John Dennis [Fri, 13 Jan 2012 17:45:14 +0000 (12:45 -0500)]
Fix typo in name of rlm_dbm_parser man page
It was rlm_dbm_parse but should be rlm_dbm_parser to match the
executable name. Also fix name in man page.
Alan T. DeKok [Mon, 16 Jan 2012 20:39:47 +0000 (21:39 +0100)]
Fix location of label to avoid compiler warnings
Matthew Newton [Wed, 11 Jan 2012 12:29:02 +0000 (12:29 +0000)]
Add new 'group' option to rlm_linelog
Allows the group to be set when updating linelogs, rather
than being fixed as the group of the running daemon.
Matthew Newton [Wed, 11 Jan 2012 12:33:03 +0000 (12:33 +0000)]
Unix group setting for detail log files
Patch to allow the group to be set when updating detail logs, rather
than being limited to just the group of the running daemon.
Alan T. DeKok [Sun, 15 Jan 2012 07:15:13 +0000 (08:15 +0100)]
Added attributes for RFC 5447
Alan DeKok [Sun, 15 Jan 2012 08:12:28 +0000 (00:12 -0800)]
Merge pull request #39 from mcnewton/patch-master-ocsp-nonce
Add option to be able to disable nonce in OCSP request (master branch)
Matthew Newton [Thu, 12 Jan 2012 16:53:29 +0000 (16:53 +0000)]
Add option to be able to disable nonce in OCSP request
Some OCSP responders cannot cope with an OCSP request if nonce
is used so this gives a way to allow freeradius to work with them.
Alan T. DeKok [Thu, 12 Jan 2012 14:22:24 +0000 (15:22 +0100)]
Add provisional support for TLS-PSK methods
If used, then certificate-based configuration is not permitted.
This code is untested. eapol_test doesn't support PSK config,
and I haven't bothered doing a "proxy radsec using TLS-PSK" test.
Alan T. DeKok [Thu, 12 Jan 2012 07:57:47 +0000 (08:57 +0100)]
Updates to last patch
Fix compiler warnings.
Code formatting.
Divide external timeout by 3 to account for 3x retries hard-coded
into MySQL
Brian De Wolf [Thu, 12 Jan 2012 07:53:28 +0000 (08:53 +0100)]
Add support for query timeouts
Due to internal MySQL retries, the actual timeout is 3x
the configured value.
Matthew Newton [Wed, 11 Jan 2012 15:40:52 +0000 (15:40 +0000)]
Add /etc/default/freeradius to debian package
This gives an easy way to supply options to the daemon when
starting it using the init.d script.
Alan T. DeKok [Thu, 12 Jan 2012 07:59:31 +0000 (08:59 +0100)]
Use correct path for DHCP dictionary
Alan T. DeKok [Thu, 12 Jan 2012 10:29:06 +0000 (11:29 +0100)]
Note recent changes
Alan DeKok [Thu, 12 Jan 2012 10:28:44 +0000 (02:28 -0800)]
Merge pull request #37 from fajarnugraha/debian-build-fix
Debian build fix
Fajar A. Nugraha [Thu, 12 Jan 2012 08:10:41 +0000 (15:10 +0700)]
Adjust rlm_sql.libs.diff to match commit
cb021d7b
Commit
cb021d7b changed src/modules/rlm_sqlippool/Makefile.in to
fix libltdl issue. This commit adjust
debian/patches/rlm_sql.libs.diff to match that
Fajar A. Nugraha [Thu, 12 Jan 2012 08:06:24 +0000 (15:06 +0700)]
Adjust sql_modules.diff to match commit c9b024c
Commit c9b024c Moved modules/* to mods-available/*. This commit
adjust sql_modules.diff to match that.
Alan T. DeKok [Thu, 12 Jan 2012 07:46:19 +0000 (08:46 +0100)]
Use INCLTDL in CFLAGS
Alan T. DeKok [Wed, 11 Jan 2012 15:20:25 +0000 (16:20 +0100)]
Install the README, too
Alan T. DeKok [Wed, 11 Jan 2012 15:19:57 +0000 (16:19 +0100)]
Final fix for system libltdl (or not)
Alan T. DeKok [Wed, 11 Jan 2012 15:01:46 +0000 (16:01 +0100)]
Added file which was missed, and not previously committed
Alan T. DeKok [Wed, 11 Jan 2012 12:41:46 +0000 (13:41 +0100)]
Note changes for 3.0
Alan T. DeKok [Wed, 11 Jan 2012 12:27:55 +0000 (13:27 +0100)]
Moved modules/* to mods-available/*
This should help solve issues related to various files
being in modules/ when they're not supposed to be there
Alan T. DeKok [Tue, 10 Jan 2012 12:04:58 +0000 (13:04 +0100)]
Add mods-available/enabled
based on sites-available/enabled template
Alan T. DeKok [Tue, 10 Jan 2012 12:03:10 +0000 (13:03 +0100)]
Removed eap.conf and sql.conf
They're not in raddb/ any more
Alan T. DeKok [Tue, 10 Jan 2012 12:02:09 +0000 (13:02 +0100)]
Made modules/* wildcard
for config(noreplace). This simplifies the configuriation
Alan T. DeKok [Tue, 10 Jan 2012 11:35:48 +0000 (12:35 +0100)]
Added mods-enabled/ directory
To simplify issues with installing new modules
Alan T. DeKok [Tue, 10 Jan 2012 11:00:36 +0000 (12:00 +0100)]
Simpler method to install sites-enabled
By using loops rather than hard-coded values
Alan T. DeKok [Mon, 9 Jan 2012 09:50:50 +0000 (10:50 +0100)]
Always use buffer
Alan T. DeKok [Fri, 6 Jan 2012 13:54:56 +0000 (14:54 +0100)]
"username" and "password" cannot be non-empty for status_check=request
Because some people misconfigure the server.
Alan T. DeKok [Sun, 1 Jan 2012 15:23:33 +0000 (10:23 -0500)]
Fix compiler warnings
Alan T. DeKok [Fri, 30 Dec 2011 15:06:00 +0000 (10:06 -0500)]
Manual pull of
2561c375bc
Add EXEEXT to places so that it builds on systems which require it.
Alan T. DeKok [Thu, 29 Dec 2011 22:50:18 +0000 (17:50 -0500)]
Use correct method of recursing into subdirs
Since commit
0347cacfe0f470353, we have a better way of recursing
into subdirs. Having an explicit test for $(RLM_SUBDIRS), and
then manually recursing into them is wrong. It causes modules
like rlm_eap to be built twice.
Instead, remove the test for $(RLM_SUBDIRS), and make
$(TARGET).la depend on $(RLM_SUBDIRS)
Alan T. DeKok [Mon, 26 Dec 2011 20:52:57 +0000 (15:52 -0500)]
Portability fixes for Mingw33
Alan T. DeKok [Mon, 26 Dec 2011 17:40:09 +0000 (12:40 -0500)]
Fix erroneous use of printf options
Alan T. DeKok [Mon, 26 Dec 2011 17:39:53 +0000 (12:39 -0500)]
Remove compiler warning
Alan T. DeKok [Mon, 26 Dec 2011 17:37:38 +0000 (12:37 -0500)]
Add and document -F radutmp_file
Alan T. DeKok [Sat, 24 Dec 2011 16:56:46 +0000 (11:56 -0500)]
Fix compile warnings
Alan T. DeKok [Sat, 24 Dec 2011 15:04:08 +0000 (10:04 -0500)]
Remove compiler warnings
Alan T. DeKok [Sat, 24 Dec 2011 14:57:43 +0000 (09:57 -0500)]
Include header file for mach_task_self
Alan T. DeKok [Sat, 24 Dec 2011 14:56:45 +0000 (09:56 -0500)]
Fix compiler warnings
Alan T. DeKok [Sat, 24 Dec 2011 14:53:35 +0000 (09:53 -0500)]
Include header file for prototypes
Alan T. DeKok [Sat, 24 Dec 2011 14:43:12 +0000 (09:43 -0500)]
Casts to remove compiler warnings
Alan T. DeKok [Fri, 23 Dec 2011 14:34:39 +0000 (09:34 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:23 +0000 (09:26 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:23 +0000 (09:26 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:09 +0000 (09:26 -0500)]
Remove unused variable
Alan T. DeKok [Fri, 23 Dec 2011 14:15:53 +0000 (09:15 -0500)]
Added new method to get name of enum from values
This is simpler than having duplicate code throughout the
source.
Alan T. DeKok [Tue, 20 Dec 2011 14:38:22 +0000 (09:38 -0500)]
Initialize authentication vector.
Otherwise proxied packets can have a zero authentication
vector.