Alan T. DeKok [Thu, 24 Sep 2009 15:28:56 +0000 (17:28 +0200)]
Jumbo patch to clean up socket handling
The transport protocol code is now more merged, and the "fr_tcp_radius_t"
structure and API are deleted. The resulting code is simpler and smaller.
Cleaned up how the listeners and even handlers deal with sockets.
The proxy sockets are now pushed into the proxy packet list, and are
not used in the main listener list.
The proxy packet list now deals with src/dst, and not just destination.
Alan T. DeKok [Thu, 24 Sep 2009 15:12:53 +0000 (17:12 +0200)]
Changed order of code to avoid race conditions
Alan T. DeKok [Thu, 24 Sep 2009 15:12:33 +0000 (17:12 +0200)]
Ensure that cached SSL sessions have data
Alan T. DeKok [Thu, 17 Sep 2009 10:03:36 +0000 (12:03 +0200)]
Fix arguments to client_find
Alan T. DeKok [Wed, 16 Sep 2009 15:14:55 +0000 (17:14 +0200)]
Bump to version 2.1.8
Dante [Wed, 16 Sep 2009 12:12:47 +0000 (14:12 +0200)]
More plumbing to get the server to listen on TCP sockets.
The last two functions are in a separate patch to make the merge easier.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 12:06:17 +0000 (14:06 +0200)]
More plumbing to get to home servers via TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 11:57:40 +0000 (13:57 +0200)]
Free tcp structure, too
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 10:24:44 +0000 (12:24 +0200)]
Allow outgoing TCP connections to home servers.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Wed, 16 Sep 2009 10:17:34 +0000 (12:17 +0200)]
Add scaffolding for proxy listeners.
The functions exist, but aren't called by anyone.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:11:47 +0000 (23:11 +0200)]
More ifdef's and assertions for checkign TCP != UDP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:08:29 +0000 (23:08 +0200)]
Track the number of outstanding packets on a TCP connection.
This allows us to free the connection when all packets are
accounted for, and the connection is to be marked "closed"
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 21:03:21 +0000 (23:03 +0200)]
Stop processing packets when the socket is closed.
If the socket from the client, or to the proxy is closed,
then handle that situation.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:57:53 +0000 (17:57 +0200)]
Document TCP options for clients and home servers.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:46:15 +0000 (17:46 +0200)]
Allow radclient to send/receive RADIUS over TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:44:34 +0000 (17:44 +0200)]
Allow the packet API to auto-discover TCP
It will now call the udp/tcp "receive packet" function
as appropriate, so that the callers do not need to be changed
in order to handle TCP.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:43:17 +0000 (17:43 +0200)]
Allow clients to use TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:34:34 +0000 (17:34 +0200)]
Allow home servers to use TCP
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:33:49 +0000 (17:33 +0200)]
Allow TCP code to build if WITH_TCP is defined
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Dante [Tue, 15 Sep 2009 15:17:40 +0000 (17:17 +0200)]
Header file and protocol handler for RADIUS over TCP
This is the first step to getting full support for RADIUS
over TCP into the server.
Signed-off-by: Alan T. DeKok <aland@freeradius.org>
Alan T. DeKok [Mon, 14 Sep 2009 14:43:29 +0000 (16:43 +0200)]
Update change logs before 2.1.7
Alan T. DeKok [Mon, 14 Sep 2009 12:29:23 +0000 (14:29 +0200)]
Print out a little more information
Alan T. DeKok [Mon, 14 Sep 2009 12:26:15 +0000 (14:26 +0200)]
Move "set state" to before log message
To avoid race conditions... though I'm not sure why this would
happen
Alan T. DeKok [Sun, 13 Sep 2009 15:07:22 +0000 (17:07 +0200)]
As posted to the list.
It isn't made live yet, because we have no idea if it works or not
Alan T. DeKok [Sun, 13 Sep 2009 14:01:51 +0000 (16:01 +0200)]
Removed redundant code
Alan T. DeKok [Fri, 11 Sep 2009 15:14:09 +0000 (17:14 +0200)]
Make a better name
Alan T. DeKok [Fri, 11 Sep 2009 15:12:06 +0000 (17:12 +0200)]
Wrap crap with more crap
Alan T. DeKok [Thu, 10 Sep 2009 13:16:40 +0000 (15:16 +0200)]
More updates
Alan T. DeKok [Thu, 10 Sep 2009 13:02:39 +0000 (15:02 +0200)]
Added sample configs for MySQL cluster
Alan T. DeKok [Wed, 9 Sep 2009 14:27:16 +0000 (16:27 +0200)]
Update to new syntax
Alan T. DeKok [Wed, 9 Sep 2009 12:12:35 +0000 (14:12 +0200)]
Check value of Fall-Through, too
Alan T. DeKok [Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)]
Be less forgiving about the allowed operators.
If they're not a "foo = bar" type of operator, then return
an error
Alan T. DeKok [Mon, 7 Sep 2009 05:49:34 +0000 (07:49 +0200)]
Wrap header file in protective #ifdef
Alan T. DeKok [Mon, 7 Sep 2009 05:48:57 +0000 (07:48 +0200)]
No need to include modules.h twice
Alan T. DeKok [Sun, 6 Sep 2009 13:58:59 +0000 (15:58 +0200)]
Check for the proper number of arguments to rebind
Alan T. DeKok [Sat, 5 Sep 2009 16:26:08 +0000 (18:26 +0200)]
Replace references to <ltdl.h> with <freeradius-devel/modpriv.h>
As part of our grand plan to better the world by ridding it of libltdl.
Alan T. DeKok [Sat, 5 Sep 2009 16:24:57 +0000 (18:24 +0200)]
First stab at removing libltdl.
The code is protected by preprocessor directives so that it doesn't
affect the release. But it's a good first step to removing insanity.
Alan T. DeKok [Sat, 5 Sep 2009 16:17:26 +0000 (18:17 +0200)]
First stab at removing libltdl.
The code is protected by preprocessor directives so that it doesn't
affect the release. But it's a good first step to removing insanity.
Alan T. DeKok [Sat, 5 Sep 2009 15:54:43 +0000 (17:54 +0200)]
Reference $(INCLTDL) instead of fixed link
This means that all of the system builds with the same version
of libltdl, either the local OR the system one
Alan T. DeKok [Sat, 5 Sep 2009 15:37:31 +0000 (17:37 +0200)]
Work around insane retarded libtool && libltdl issues.
Alan T. DeKok [Fri, 4 Sep 2009 09:00:04 +0000 (11:00 +0200)]
Added --with-system-libltdl
To avoid horrible libtool && libltld incompatibilities
Alan T. DeKok [Thu, 3 Sep 2009 13:33:09 +0000 (15:33 +0200)]
As posted to the list
Alan T. DeKok [Thu, 3 Sep 2009 13:31:42 +0000 (15:31 +0200)]
Fix values as note on list
and
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml
Alan T. DeKok [Wed, 2 Sep 2009 12:00:21 +0000 (14:00 +0200)]
Remove reference to cui.conf which isn't added yet
Alan T. DeKok [Wed, 2 Sep 2009 08:59:20 +0000 (10:59 +0200)]
Lots of notes prior to 2.1.7
Alan T. DeKok [Tue, 1 Sep 2009 12:49:39 +0000 (14:49 +0200)]
Set DF flag for packets from the server, too
Alan T. DeKok [Sat, 29 Aug 2009 08:54:25 +0000 (10:54 +0200)]
Return 0 if no counter exists
root [Mon, 24 Aug 2009 10:44:47 +0000 (11:44 +0100)]
Signed-off-by: root <root@pclinux-ccalmb.lut.ac.uk>
fixed example ntlm_auth command so that it doesnt throw up unlang warning message
Alan T. DeKok [Sat, 29 Aug 2009 08:44:54 +0000 (10:44 +0200)]
Added comments and simplified code
Alan T. DeKok [Fri, 21 Aug 2009 09:29:21 +0000 (11:29 +0200)]
As posted to the list
Alan T. DeKok [Thu, 20 Aug 2009 08:52:44 +0000 (10:52 +0200)]
Allow 100% to mean "read as fast as possible"
Alan T. DeKok [Thu, 20 Aug 2009 07:08:32 +0000 (09:08 +0200)]
Packet may not exist, so check for that, too
Alan T. DeKok [Wed, 19 Aug 2009 07:04:26 +0000 (09:04 +0200)]
Minor updates
Alan T. DeKok [Wed, 19 Aug 2009 06:58:47 +0000 (08:58 +0200)]
Disallow NULL for regex comparisons
Alan T. DeKok [Tue, 18 Aug 2009 15:23:49 +0000 (17:23 +0200)]
Fix more typos
Alan T. DeKok [Tue, 18 Aug 2009 10:07:40 +0000 (12:07 +0200)]
Fixed typo
Alan T. DeKok [Tue, 18 Aug 2009 08:31:43 +0000 (10:31 +0200)]
Turn off the DF bit.
Alan T. DeKok [Tue, 18 Aug 2009 07:47:19 +0000 (09:47 +0200)]
Fix args to printfy
Alan T. DeKok [Mon, 17 Aug 2009 12:25:57 +0000 (14:25 +0200)]
Add notes on SHA1 versus MD5
Alan T. DeKok [Mon, 17 Aug 2009 10:14:01 +0000 (12:14 +0200)]
Allow "no response" to DHCPy
Alan T. DeKok [Mon, 17 Aug 2009 06:53:47 +0000 (08:53 +0200)]
Catch non-fatal race conditions
Alan T. DeKok [Sat, 15 Aug 2009 05:45:05 +0000 (07:45 +0200)]
Fix typo in last commit
Alan T. DeKok [Fri, 14 Aug 2009 12:53:24 +0000 (14:53 +0200)]
Chave the hash comparison algorithm to avoid timing attacks
Alan T. DeKok [Thu, 13 Aug 2009 08:06:03 +0000 (10:06 +0200)]
Internal functions should be static
Alan T. DeKok [Thu, 13 Aug 2009 08:03:27 +0000 (10:03 +0200)]
Added query_timeout parameter. For now, it does nothing.
It is therefore not documented, either.
Alan T. DeKok [Thu, 13 Aug 2009 08:01:42 +0000 (10:01 +0200)]
Alpha version from Gabriel Blanchard
Alan T. DeKok [Wed, 12 Aug 2009 15:14:28 +0000 (17:14 +0200)]
Fix minor issue
Alan T. DeKok [Wed, 12 Aug 2009 12:15:58 +0000 (14:15 +0200)]
Look up home servers by type, too.
Alan T. DeKok [Wed, 12 Aug 2009 09:12:49 +0000 (11:12 +0200)]
Remove final restrictions on attributes > 32767
Alan T. DeKok [Wed, 12 Aug 2009 08:48:12 +0000 (10:48 +0200)]
Move restrictions on vendor ID from 32767 to 65535
Now that "attr" is stored as an unsigned integer.
Based on a patch from Rafael Ugolini
Alan T. DeKok [Wed, 12 Aug 2009 08:22:23 +0000 (10:22 +0200)]
Moved prototypes to a better place
Alan T. DeKok [Wed, 12 Aug 2009 08:10:45 +0000 (10:10 +0200)]
Move "attr" to unsigned int
So that we don't have to worry about whether or not the high bit is set
Alan T. DeKok [Wed, 12 Aug 2009 05:46:21 +0000 (07:46 +0200)]
Add "const" and remove compiler warningsy
Alan T. DeKok [Tue, 11 Aug 2009 12:35:29 +0000 (14:35 +0200)]
Make code consistent with examples.
Fixes bug #10
Alan T. DeKok [Mon, 10 Aug 2009 17:14:39 +0000 (19:14 +0200)]
request may be NULL
Alan T. DeKok [Mon, 10 Aug 2009 10:17:11 +0000 (12:17 +0200)]
RFC 5580 and dictionary
Alan T. DeKok [Sun, 9 Aug 2009 15:26:41 +0000 (17:26 +0200)]
Cache module lists for VMPS and DHCP
Alan T. DeKok [Wed, 5 Aug 2009 13:36:21 +0000 (15:36 +0200)]
Remove wrong documentation
Alan T. DeKok [Mon, 3 Aug 2009 09:35:27 +0000 (11:35 +0200)]
Use more fields in the query.
These are the same fields used for the other queries, so it makes
sense to use them here
Based on a patch from Chris Moules.
Alan T. DeKok [Mon, 3 Aug 2009 09:27:12 +0000 (11:27 +0200)]
Allow home_server_pools to exist without realms
via a pretty bad hack. The previous code assumed that the home
servers were all loaded, which wasn't true. This fix is temporary,
and should be replaced by one that:
1 loads all home servers
2 loads all home_server_pools
3 loads all realms
Right now, it loads the realms, and uses those to bootstrap the
pools and servers. This is arguably wrong.
Boian Jordanov [Wed, 29 Jul 2009 07:56:54 +0000 (10:56 +0300)]
Moved pthread keys to the "perl_inst" struct. Keys are allocated
per thread, and not via pthread_once.
Alan T. DeKok [Wed, 29 Jul 2009 15:32:23 +0000 (17:32 +0200)]
As posted to bug #7
Alan T. DeKok [Wed, 29 Jul 2009 15:30:20 +0000 (17:30 +0200)]
Log reasons for failure.
Closes bug #8
Alan T. DeKok [Mon, 27 Jul 2009 08:04:44 +0000 (10:04 +0200)]
Move chown to place where it checks for log file existence
Alan T. DeKok [Mon, 27 Jul 2009 07:56:48 +0000 (09:56 +0200)]
Don't increment total_requests for proxied packets
This causes double counting. Instead, only touch outstanding_requests
which is protected by the proxy mutex
Alan T. DeKok [Mon, 27 Jul 2009 07:50:55 +0000 (09:50 +0200)]
Set state to RUNNING when proxying fails
Alan T. DeKok [Mon, 27 Jul 2009 07:34:48 +0000 (09:34 +0200)]
Make %l work
Alan T. DeKok [Mon, 27 Jul 2009 07:33:33 +0000 (09:33 +0200)]
Fix use of memset.
This closes bug #6
Alan T. DeKok [Fri, 17 Jul 2009 14:07:33 +0000 (16:07 +0200)]
suid down earlier, ensure log files have correct ownership
Alan T. DeKok [Fri, 17 Jul 2009 12:45:15 +0000 (14:45 +0200)]
Move zombie checks to later so other rules apply, too
Alan T. DeKok [Fri, 17 Jul 2009 12:33:23 +0000 (14:33 +0200)]
Allow requests to fail over to live servers earlier
Alan T. DeKok [Wed, 15 Jul 2009 13:37:54 +0000 (15:37 +0200)]
Added wildcard to sub-dirs
So that you can delete directories you don't need after configure
Alan T. DeKok [Wed, 15 Jul 2009 10:04:54 +0000 (12:04 +0200)]
Fix typo
Alan T. DeKok [Wed, 15 Jul 2009 09:04:47 +0000 (11:04 +0200)]
Better handle variable that isn't in the module instance
This kind of thing should be discouraged...
Alan T. DeKok [Mon, 13 Jul 2009 14:23:06 +0000 (16:23 +0200)]
Allow response_window && zombie_period to be smaller.
Accept values outside of the recommended range.
Also when proxying, skip home servers that are marked zombie.
They're not responding, so for *new* requests, we treat them
like they're dead
Alan T. DeKok [Thu, 9 Jul 2009 13:00:06 +0000 (15:00 +0200)]
Fix for newer versions of MySQL
Alan T. DeKok [Thu, 9 Jul 2009 08:46:14 +0000 (10:46 +0200)]
Use postgresl style comments
Based on patch from Wickert Akkerman
Alan T. DeKok [Wed, 8 Jul 2009 06:46:33 +0000 (08:46 +0200)]
Fix typos
Alan T. DeKok [Wed, 8 Jul 2009 06:44:29 +0000 (08:44 +0200)]
Fix for newer versions of MySQL
Alan T. DeKok [Mon, 6 Jul 2009 08:18:23 +0000 (10:18 +0200)]
Added sample radrelay.conf