aland [Sun, 2 Dec 2007 15:48:14 +0000 (15:48 +0000)]
Call lt_dlexit() AFTER detach modules.
Call xlat_free() AFTER detach modules.
Move module instances to a tree, in preparation for getting rid
of cf_data (which should help with HUP)
aland [Sun, 2 Dec 2007 08:17:59 +0000 (08:17 +0000)]
Include file for prototypes
nbk [Sat, 1 Dec 2007 00:28:09 +0000 (00:28 +0000)]
Add an example of the option "sql_user_name" to the config of
module "rlm_sql_log" so the users can notice its existence.
aland [Wed, 28 Nov 2007 23:27:14 +0000 (23:27 +0000)]
Corrected typos
aland [Wed, 28 Nov 2007 22:50:19 +0000 (22:50 +0000)]
More OS portability issue
aland [Wed, 28 Nov 2007 22:43:16 +0000 (22:43 +0000)]
Corrected typo in name
added better #ifdef's around possibly used variables
aland [Wed, 28 Nov 2007 17:05:52 +0000 (17:05 +0000)]
Corrected typo
aland [Wed, 28 Nov 2007 12:32:10 +0000 (12:32 +0000)]
Define TNC-VLAN-{Access,Isolate}, and look for them in
rlm_eap_tnc
aland [Wed, 28 Nov 2007 12:27:56 +0000 (12:27 +0000)]
Use FreeRADIUS configuration files to set vlan_access and
vlan_isolate.
aland [Wed, 28 Nov 2007 12:27:26 +0000 (12:27 +0000)]
Use libtool for linking, rather than dlopen().
Clean up code a little.
aland [Tue, 27 Nov 2007 20:01:54 +0000 (20:01 +0000)]
If the client puts many types into a NAK, pick the first one
that we can agree on.
aland [Tue, 27 Nov 2007 19:44:11 +0000 (19:44 +0000)]
TNC can only be run inside of a tunneled method.
aland [Tue, 27 Nov 2007 16:01:53 +0000 (16:01 +0000)]
Changes to make EAP-TLS inside of EAP-TTLS at least partially
work.
aland [Tue, 27 Nov 2007 15:51:54 +0000 (15:51 +0000)]
Removed hack-y generate_state() and verify_state() functions.
There's no need for much of what they do, and the timer_expire
config item already takes care of expiring old attributes.
Added instance-specific random pool for EAP.
This also fixes a DoS issue where too many simultaneous calls
to fr_rand() could result in issues...
aland [Tue, 27 Nov 2007 15:17:19 +0000 (15:17 +0000)]
Convert radlog(L_INFO, ... to DEBUG2(... to avoid polluting
the logs
aland [Tue, 27 Nov 2007 15:05:25 +0000 (15:05 +0000)]
Cleaned up debugging
aland [Tue, 27 Nov 2007 14:44:36 +0000 (14:44 +0000)]
Changed radlog(L_INFO... to DEBUG2(... to avoid polluting the
log file with useless information
aland [Tue, 27 Nov 2007 14:40:49 +0000 (14:40 +0000)]
Made some functions static.
printf -> DEBUG2
some type changes for consistency
aland [Tue, 27 Nov 2007 13:37:53 +0000 (13:37 +0000)]
Re-assemble fragments properly for tunneled data
aland [Tue, 27 Nov 2007 10:16:09 +0000 (10:16 +0000)]
*Correctly* Re-assemble large amounts of data inside of the TLS
tunnel.
aland [Mon, 26 Nov 2007 17:31:16 +0000 (17:31 +0000)]
Removed UTF-8 text.
aland [Mon, 26 Nov 2007 17:29:04 +0000 (17:29 +0000)]
Minor edits to configure.in, and re-generated configure
aland [Mon, 26 Nov 2007 17:26:40 +0000 (17:26 +0000)]
This is auto-generated, and not needed
aland [Mon, 26 Nov 2007 17:26:22 +0000 (17:26 +0000)]
Added verbatim from the TNC project. This commit is done to
enable revision control tracking.
aland [Mon, 26 Nov 2007 17:20:37 +0000 (17:20 +0000)]
Corrected typo
aland [Mon, 26 Nov 2007 12:46:18 +0000 (12:46 +0000)]
More fixes for -Werror
aland [Mon, 26 Nov 2007 09:03:46 +0000 (09:03 +0000)]
More portability fixes
aland [Sun, 25 Nov 2007 14:20:02 +0000 (14:20 +0000)]
removed unnecessary line
aland [Sun, 25 Nov 2007 14:07:10 +0000 (14:07 +0000)]
More changes from previous commit
aland [Sun, 25 Nov 2007 14:02:07 +0000 (14:02 +0000)]
Many "unsigned char" to "uint8_t" and "int" to "size_t", so
that many things compile with -Werror
aland [Sun, 25 Nov 2007 13:56:10 +0000 (13:56 +0000)]
Rename libeap to libfreeradius-eap
aland [Sun, 25 Nov 2007 09:22:11 +0000 (09:22 +0000)]
Define functions
aland [Sun, 25 Nov 2007 07:59:31 +0000 (07:59 +0000)]
Fixed compiler warnings so it now builds with -Werror
aland [Sat, 24 Nov 2007 08:33:09 +0000 (08:33 +0000)]
More notes on what's new
aland [Sat, 24 Nov 2007 08:29:16 +0000 (08:29 +0000)]
Use new LIBRADIUS definition
Renamed libradius to libfreeradius-radius, to avoid conflicts
aland [Sat, 24 Nov 2007 08:28:43 +0000 (08:28 +0000)]
Define LIBRADIUS
aland [Sat, 24 Nov 2007 08:03:10 +0000 (08:03 +0000)]
Renamed libeap to libfreeradius-eap, which avoids conflict
with other systems.
perl -pi -e 's/libeap.la/\$\(LIBPREFIX\)freeradius-eap.la/g;' `cat files`
aland [Fri, 23 Nov 2007 16:28:34 +0000 (16:28 +0000)]
Be a little more forgiving about includes
aland [Fri, 23 Nov 2007 14:18:53 +0000 (14:18 +0000)]
Added definitions for more EAP types
aland [Fri, 23 Nov 2007 13:46:51 +0000 (13:46 +0000)]
More changes to make a common naming scheme. This breaks
patches from third party maintainers, but has to be done
before a final 2.0.
perl -pi -e 's/LRAD_/FR_/g;s/lrad_/fr_/g' `cat files`
aland [Fri, 23 Nov 2007 13:28:00 +0000 (13:28 +0000)]
permit -c to work
aland [Fri, 23 Nov 2007 13:17:22 +0000 (13:17 +0000)]
More search and replace changes to clean up the code.
perl -pi -e 's/librad_SHA1/SHA1/g;s/SHA1_CTX/fr_SHA1_CTX/g;s/SHA1Transform/fr_SHA1Transform/g;s/SHA1Init/fr_SHA1Init/g;s/SHA1Update/fr_SHA1Update/g;s/SHA1Final/fr_SHA1Final/g;s/SHA1FinalNoLen/fr_SHA1FinalNoLen/g;s/lrad_hmac_sha1/fr_hmac_sha1/g;' `cat files`
aland [Fri, 23 Nov 2007 12:58:06 +0000 (12:58 +0000)]
Avoid OpenSSL compilation issues
perl -pi -e 's/lrad_MD5_CTX/MD5_CTX/g;s/MD5_CTX/FR_MD5_CTX/g;s/lrad_MD5Init/MD5Init/g;s/lrad_MD5Update/MD5Update/g;s/lrad_MD5Transform/MD5Transform/g;s/lrad_MD5Final/MD5Final/g;s/librad_md5_calc/md5_calc/g;s/MD5Init/fr_MD5Init/g;s/MD5Update/fr_MD5Update/g;s/MD5Transform/fr_MD5Transform/g;s/MD5Final/fr_MD5Final/g;s/md5_calc/fr_md5_calc/g;'
`cat files`
aland [Fri, 23 Nov 2007 12:45:25 +0000 (12:45 +0000)]
Handle EAGAIN in recfrom, in preparation for non-blocking UDP
sockets
aland [Fri, 23 Nov 2007 12:38:26 +0000 (12:38 +0000)]
Renamed MD4* to fr_MD4*, in order to avoid issues with OpenSSL
aland [Fri, 23 Nov 2007 09:06:05 +0000 (09:06 +0000)]
On HUP, cache the old configuration for ~60s. After that time,
the old configuration is deleted.
This permits threads to keep using the old configuration for
a while.
aland [Fri, 23 Nov 2007 09:03:26 +0000 (09:03 +0000)]
Permit HUPs only every 5s. If someone tries to HUP it more
often than that, the HUP is ignored, and a log message is
sent.
aland [Thu, 22 Nov 2007 15:37:51 +0000 (15:37 +0000)]
Move to snprintf. Change to use vp_octets, which is unsigned
aland [Thu, 22 Nov 2007 13:23:43 +0000 (13:23 +0000)]
Track the number of round trips, and bail out on a connection
after too many trips.
aland [Thu, 22 Nov 2007 09:47:12 +0000 (09:47 +0000)]
Clean up code to call tls_handshake_send(), which deals with
fragmented data inside of the TLS tunnel.
It still doesn't work with PEAP/EAP-TLS, but that's now because
after the tunneled session is set up, the *outer* session sends
a bare ACK, where it really needs an ACK inside of the tunnel.
This means that it skips updating the internal list of
"known EAP sessions". When the next piece of data comes in,
it's EAP Id is one more than expected from the tunneled State,
and the code thinks there's something weird going on.
aland [Thu, 22 Nov 2007 09:43:20 +0000 (09:43 +0000)]
Prepare for session resumption patch.
Prepare for sending fragmented data inside of the TLS tunnel
for phase 2 (TTLS/PEAP)
aland [Thu, 22 Nov 2007 09:18:03 +0000 (09:18 +0000)]
Some changes to speed up dictionary initialization
- move to simple memory pool, which puts all attributes and
values close together in memory.
- cache vendor/attr when adding attr/value, to prevent extra
dictionary lookups. Most attributes are grouped by vendor,
and most values grouped by attribute, so caching the last one
makes a big difference
- re-order the checks for types and ATTRIBUTE/VALUE, so that
the ones which are used the most are checked for first.
The result is a significant reduction in the time taken to
start the server. It should also help a lot on any future
Windows port, where memory allocation is horrible, and
loading the dictionaries takes a noticable amount of time.
aland [Wed, 21 Nov 2007 09:58:05 +0000 (09:58 +0000)]
More sanity checks on fragment size, and account for EAP-TLS
headers, so that the maximum *EAP* fragment we send is exactly
"fragment_size", and not 10 bytes more.
aland [Wed, 21 Nov 2007 09:38:29 +0000 (09:38 +0000)]
Examples of using new module methods
aland [Wed, 21 Nov 2007 09:35:59 +0000 (09:35 +0000)]
Added pre/post-proxy sections, and postauth section.
Converted the rest of the code to use macros to define
common blocks. This simplifies the code and reduces errors.
aland [Wed, 21 Nov 2007 02:55:06 +0000 (02:55 +0000)]
Fixed incorrect commit
aland [Tue, 20 Nov 2007 15:06:25 +0000 (15:06 +0000)]
Pack more EAP data into VALUE_PAIR's, to allow inner EAP methods
that carry large amounts of data.
aland [Tue, 20 Nov 2007 08:12:38 +0000 (08:12 +0000)]
Permit TLS inside of PEAP/TTLS tunnels. It won't work, but it
won't crash the system, either. Maybe enbling it will let
someone debug the issues.
aland [Tue, 20 Nov 2007 03:08:05 +0000 (03:08 +0000)]
Handle multiple EAP-Messages inside of a PEAP tunnel.
aland [Sun, 18 Nov 2007 06:53:20 +0000 (06:53 +0000)]
Updates from:
http://support.3com.com/infodeli/tools/wireless/switches/3wxmug4-1.pdf
Include comments on typos in the original documentation
aland [Fri, 16 Nov 2007 15:20:23 +0000 (15:20 +0000)]
Move parse of CONF_SECTION -> RADCLIENT into it's own function
aland [Fri, 16 Nov 2007 09:08:24 +0000 (09:08 +0000)]
Write our own sscanf for %i, which is ~30 lines long, and saves
10% on startup times. It's not a lot, but every little bit
counts...
pnixon [Thu, 15 Nov 2007 20:21:03 +0000 (20:21 +0000)]
This function hasn't been used for 4 years now, so its probably safe to remove it.
aland [Wed, 14 Nov 2007 09:06:28 +0000 (09:06 +0000)]
New script to print out attributes ordered by type, and
which RFC they are defined in.
aland [Wed, 14 Nov 2007 09:00:24 +0000 (09:00 +0000)]
Added one attribute defined in a Diameter RFC.
aland [Tue, 13 Nov 2007 10:41:17 +0000 (10:41 +0000)]
marked more modules HUP-safe
aland [Tue, 13 Nov 2007 09:54:42 +0000 (09:54 +0000)]
Point to the correct directories.
Move the Voip schema to be located next to the voip
configuration that uses it, just like the other examples
aland [Tue, 13 Nov 2007 06:57:38 +0000 (06:57 +0000)]
Remove unneeded lines
aland [Tue, 13 Nov 2007 06:46:01 +0000 (06:46 +0000)]
Fix includes and handling of directories.
Patch from Patrich Welche
aland [Mon, 12 Nov 2007 14:07:09 +0000 (14:07 +0000)]
Added HUP support. As it happens, it's also thread-safe.
All it does is re-initialize modules that are flagged as
"safe for HUP". Right now, only the "files" module is flagged
like this, but it's easy enough to flag other modules, too.
In the future, we may want to examine the ability to reload
policies, etc. This MAY be possible, if the policies are
contained in one file....
aland [Mon, 12 Nov 2007 06:16:56 +0000 (06:16 +0000)]
Mark more modules safe for -C
aland [Sun, 11 Nov 2007 22:11:51 +0000 (22:11 +0000)]
Mark more modules "safe for -C"
aland [Sun, 11 Nov 2007 22:05:29 +0000 (22:05 +0000)]
Mark more modules "safe for -C"
aland [Sun, 11 Nov 2007 22:01:59 +0000 (22:01 +0000)]
Added -C command-line option, documentation, debug messages,
and marked a number of modules as "safe for -C".
Note that sql, ldap, etc. are NOT "safe for -C".
aland [Sun, 11 Nov 2007 21:20:59 +0000 (21:20 +0000)]
Make cf_reference_item public, so it can be used in
%{config:...}
Made internal configuration code reference sub-sections by
instances, too. This allows ${foo.bar[baz]} references.
Added internal "confdir" directive in cf_file_read, which
adds "confdir" as the FIRST configuration item in "main".
This allows the rest of the configuration files and directives
to be tied to ${confdir}, meaning the server can be built
with one target directory, but still run out of another
aland [Sun, 11 Nov 2007 18:11:28 +0000 (18:11 +0000)]
Change raddbdir to confdir for consistency.
aland [Sat, 10 Nov 2007 09:36:25 +0000 (09:36 +0000)]
sprintf -> snprintf
aland [Sat, 10 Nov 2007 07:07:59 +0000 (07:07 +0000)]
More careful sanity checking on the values of attributes and
vendor Id's
aland [Sat, 10 Nov 2007 06:59:14 +0000 (06:59 +0000)]
If the EAP message in the Diameter AVP is larger than 253
octets, split it among multiple VALUE_PAIRs. This fixes a
previous FIXME.
aland [Sat, 10 Nov 2007 06:45:51 +0000 (06:45 +0000)]
Return EAPTLS_OK only if the SSL setup is finished, AND there's
no more data inside of the tunnel
nbk [Fri, 9 Nov 2007 23:49:49 +0000 (23:49 +0000)]
When s = cl->shortname we try to copy a string of arbitrary length
to a 64 bytes long buffer.
Bug found by Primoz Bratanic <primoz@slo-tech.com>
aland [Thu, 8 Nov 2007 16:26:06 +0000 (16:26 +0000)]
Call record_minus, not record_init() on handshake send, because
there may be data left in the clean_in buffer
aland [Wed, 7 Nov 2007 22:21:18 +0000 (22:21 +0000)]
We don't need or use librad_MD4* stuff
aland [Wed, 7 Nov 2007 22:13:42 +0000 (22:13 +0000)]
Don't strip executables. The people who need the disk space can
strip them by hand. Everyone else needs symbols to work around
RTLD_GLOBAL issues, OR to help with debugging
aland [Tue, 6 Nov 2007 21:55:40 +0000 (21:55 +0000)]
If there's no User-Name, ldap is a NOOP, not a failure
aland [Mon, 5 Nov 2007 23:26:26 +0000 (23:26 +0000)]
Catch some corner cases in wait_a_bit
aland [Mon, 5 Nov 2007 23:24:48 +0000 (23:24 +0000)]
Clarify code
aland [Mon, 5 Nov 2007 22:54:05 +0000 (22:54 +0000)]
Set el->now
aland [Mon, 5 Nov 2007 08:59:00 +0000 (08:59 +0000)]
Updated Schema
aland [Sat, 3 Nov 2007 00:14:54 +0000 (00:14 +0000)]
Point to MS's page
aland [Fri, 2 Nov 2007 23:57:40 +0000 (23:57 +0000)]
One more sample virtual server. At this rate, we'll have
something resembling "documentation" real soon now.
aland [Fri, 2 Nov 2007 23:57:12 +0000 (23:57 +0000)]
Deleted blank line
aland [Tue, 30 Oct 2007 13:32:47 +0000 (13:32 +0000)]
Many modules return FAIL. This means authentication failure,
not HANDLED
aland [Mon, 29 Oct 2007 12:28:59 +0000 (12:28 +0000)]
Remove unused header files
aland [Mon, 29 Oct 2007 09:41:22 +0000 (09:41 +0000)]
Re-arrange code into common functions
aland [Mon, 29 Oct 2007 09:33:15 +0000 (09:33 +0000)]
Use better function
aland [Mon, 29 Oct 2007 09:32:18 +0000 (09:32 +0000)]
More checks for functions on unsupported platforms
aland [Mon, 29 Oct 2007 07:32:10 +0000 (07:32 +0000)]
Build on systems without pthread (or --without-threads)
aland [Mon, 29 Oct 2007 07:20:21 +0000 (07:20 +0000)]
More #ifdef's for platforms that need them
aland [Mon, 29 Oct 2007 03:01:28 +0000 (03:01 +0000)]
Wrap include with #ifdef's