Alan T. DeKok [Sun, 6 Nov 2011 09:52:51 +0000 (10:52 +0100)]
Don't unlock the mutex. We didn't lock it
Alan T. DeKok [Sun, 6 Nov 2011 09:21:52 +0000 (10:21 +0100)]
Initialize "last_used" when spawning a new connection
Arran Cudbard-Bell [Sun, 6 Nov 2011 01:17:29 +0000 (02:17 +0100)]
Add cleanup_delay configuration item with a default of five seconds
without this we always end up cleaning up start-spare connections
on the first few requests.
Arran Cudbard-Bell [Fri, 4 Nov 2011 16:12:13 +0000 (17:12 +0100)]
my_request should initially be set to request
Arran Cudbard-Bell [Fri, 4 Nov 2011 13:50:30 +0000 (06:50 -0700)]
Merge pull request #32 from arr2036/valuepair_lists
Add radius_get_vps function to find attribute list based on [outer.][<list>:]<attribute>
Arran Cudbard-Bell [Thu, 3 Nov 2011 16:19:51 +0000 (17:19 +0100)]
Add radius_get_vps function to find attribute list based on <list>:<attribute> attribute identifier format
Alan T. DeKok [Fri, 4 Nov 2011 11:54:52 +0000 (12:54 +0100)]
Turn assert into run-time check
Alan T. DeKok [Thu, 3 Nov 2011 11:26:06 +0000 (12:26 +0100)]
Fix typo
Arran Cudbard-Bell [Thu, 3 Nov 2011 13:08:45 +0000 (06:08 -0700)]
Merge pull request #31 from duchscherd/tamu
Add additional attributes and values for Netbotz Rack Access PX - HID.
Dave Duchscher [Wed, 2 Nov 2011 19:58:41 +0000 (14:58 -0500)]
Add additional attributes and values for Netbotz Rack Access PX - HID.
See: http://nam-en.apc.com/app/answers/detail/a_id/8570/~/how-do-i-configure-radius-authentication-for-my-card-reader-on-the-netbotz-rack
Alan T. DeKok [Tue, 1 Nov 2011 14:00:57 +0000 (15:00 +0100)]
Mkae it build on FreeBSD. Fixes bug #177
Arran Cudbard-Bell [Mon, 31 Oct 2011 10:31:06 +0000 (11:31 +0100)]
Add function to compare substrings to FR_NAME_NUMBER arrays
Arran Cudbard-Bell [Fri, 28 Oct 2011 14:20:51 +0000 (16:20 +0200)]
Make dict_attr_types available from libradius.h so we can do integer to string type conversions
Arran Cudbard-Bell [Fri, 28 Oct 2011 10:12:32 +0000 (12:12 +0200)]
Fix whitespace
Alan T. DeKok [Fri, 28 Oct 2011 09:33:41 +0000 (11:33 +0200)]
Set last_spawned time
Alan T. DeKok [Thu, 27 Oct 2011 07:37:10 +0000 (09:37 +0200)]
Make Session-Timeout the default
by using it in the data structure, rather than checking for it
in the code
Alan T. DeKok [Thu, 27 Oct 2011 07:24:29 +0000 (09:24 +0200)]
Clean upo logic See bug #181
If we're almost at the expiry time, add the next time period ONLY
if the reply is Session-Timeoout.
Alan T. DeKok [Wed, 26 Oct 2011 09:49:20 +0000 (11:49 +0200)]
Convert error messages to debug messages.
If a module returns NOOP, it's not an error
Arran Cudbard-Bell [Wed, 26 Oct 2011 14:57:29 +0000 (16:57 +0200)]
Properly account for trailing double quote when calculating free buffer space for string values
Arran Cudbard-Bell [Wed, 26 Oct 2011 09:44:35 +0000 (11:44 +0200)]
Check for possible value truncation when calling vp_prints_value
This should be fixed in future by performing the checks in vp_prints_value
Arran Cudbard-Bell [Wed, 26 Oct 2011 09:31:10 +0000 (11:31 +0200)]
Add temporary autoconf files to .gitignore
Alan T. DeKok [Wed, 26 Oct 2011 07:26:42 +0000 (09:26 +0200)]
Rearranged code to build with various compile options
WITHOUT_PROXY
WITHOUT_STATS
etc.
The server should build with any combination of the above options.
While they're not commonly used, they are useful. When most
functionality is disabled, the server produces a ~600K statically
linked binary with all of the most common modules.
This is suitable for embedded systems...
Alan T. DeKok [Tue, 25 Oct 2011 12:06:20 +0000 (14:06 +0200)]
Fix session id len
Manual merge of
c7a29290a788b3d1
Alan T. DeKok [Mon, 24 Oct 2011 11:53:27 +0000 (13:53 +0200)]
Only 'integer' and 'string' attributes can have tags
Arran Cudbard-Bell [Mon, 24 Oct 2011 11:20:39 +0000 (13:20 +0200)]
Add function to print VP values as JSON strings
Arran Cudbard-Bell [Tue, 25 Oct 2011 10:57:11 +0000 (12:57 +0200)]
Add .swp files to git ignore
Arran Cudbard-Bell [Tue, 25 Oct 2011 10:52:28 +0000 (12:52 +0200)]
Add loT files to .gitignore
Alan T. DeKok [Mon, 24 Oct 2011 09:52:36 +0000 (11:52 +0200)]
Restrict dictionary names to ones that make sense
No control characters, etc.
The old code allowed ANYTHING as dictionary names, which is bad.
Alan DeKok [Thu, 20 Oct 2011 21:33:59 +0000 (14:33 -0700)]
Merge pull request #26 from philmayers/fix-sess-cache
use the OpenSSL ex_data functions to allocate an index w/ free function t
Phil Mayers [Thu, 20 Oct 2011 20:52:54 +0000 (21:52 +0100)]
use the OpenSSL ex_data functions to allocate an index w/ free function to hold the cached VPs
Alan T. DeKok [Thu, 20 Oct 2011 12:24:09 +0000 (14:24 +0200)]
Tell OpenSSL that the data is gone
Alan T. DeKok [Wed, 19 Oct 2011 15:46:17 +0000 (17:46 +0200)]
Quiet compiler warning
Alan T. DeKok [Wed, 19 Oct 2011 15:43:28 +0000 (17:43 +0200)]
Initialize the structure
Alan T. DeKok [Wed, 19 Oct 2011 15:43:15 +0000 (17:43 +0200)]
Initialize all of the structure
Alan T. DeKok [Wed, 19 Oct 2011 15:39:45 +0000 (17:39 +0200)]
Free memory on error
Alan T. DeKok [Wed, 19 Oct 2011 15:38:56 +0000 (17:38 +0200)]
Free memory on instantiation error
Alan T. DeKok [Wed, 19 Oct 2011 15:37:16 +0000 (17:37 +0200)]
Free memory on error
Alan T. DeKok [Wed, 19 Oct 2011 15:35:56 +0000 (17:35 +0200)]
Close fp on error
Alan T. DeKok [Wed, 19 Oct 2011 15:34:01 +0000 (17:34 +0200)]
Call closedir() on error
Alan T. DeKok [Wed, 19 Oct 2011 15:26:36 +0000 (17:26 +0200)]
Catch case where User-Name may be > 250 octets
Alan T. DeKok [Wed, 19 Oct 2011 15:20:37 +0000 (17:20 +0200)]
Only "string" can have "encrypt=2"
Alan T. DeKok [Wed, 19 Oct 2011 15:08:58 +0000 (17:08 +0200)]
Add FALL-THROUGH for 'case' without 'break'
Alan T. DeKok [Wed, 19 Oct 2011 15:05:25 +0000 (17:05 +0200)]
Unlink file only if it exists
Alan T. DeKok [Wed, 19 Oct 2011 15:04:05 +0000 (17:04 +0200)]
Check auth_pool_name
Alan T. DeKok [Wed, 19 Oct 2011 15:02:06 +0000 (17:02 +0200)]
Add port if it's available
Alan T. DeKok [Wed, 19 Oct 2011 15:01:54 +0000 (17:01 +0200)]
Check passed parameter
Alan T. DeKok [Wed, 19 Oct 2011 14:59:52 +0000 (16:59 +0200)]
Error if there is no detail file listener
Alan T. DeKok [Wed, 19 Oct 2011 14:54:40 +0000 (16:54 +0200)]
Fix sizeof() checks found by coverity
Alan T. DeKok [Wed, 19 Oct 2011 12:04:47 +0000 (14:04 +0200)]
Clean up error message so it makes more sense
Alan T. DeKok [Wed, 19 Oct 2011 08:37:17 +0000 (10:37 +0200)]
Move "free cached VPs" to the correct location
They're freed when SSL says that the session is free'd.
Not when we think we're closing the session.
SSL might cache it.
Arran Cudbard-Bell [Tue, 18 Oct 2011 09:14:59 +0000 (11:14 +0200)]
Re-alphabetise one char expansions
Arran Cudbard-Bell [Tue, 18 Oct 2011 09:06:25 +0000 (02:06 -0700)]
Merge pull request #11 from amne/master
new var in xlat: %G request minute
Alan T. DeKok [Tue, 18 Oct 2011 06:37:21 +0000 (08:37 +0200)]
Switch to SHA1 for message digest
MD5 has been attacked. We shouldn't use it
Alan T. DeKok [Tue, 18 Oct 2011 06:37:05 +0000 (08:37 +0200)]
Update dependencies so that it works in more situations
Alan T. DeKok [Mon, 17 Oct 2011 19:49:08 +0000 (21:49 +0200)]
Release the mutex lock when trying to make a new connection
The DB might be down, and it could take a LONG time to open
a new connection. Instead of holding the mutex lock for long
periods of time, we set a flag saying "spawning", and release
the lock. This lets other threads access the connection pool,
to get open && active connections.
The result is that there are fewer situations where the server
blocks
Alan T. DeKok [Mon, 17 Oct 2011 19:22:09 +0000 (21:22 +0200)]
Add undocumented "lazy init" configuration.
This allows the connection pool to return on init,
even if it's unable to make any new connections. The result
is that the server can start even when the back-end DB is down.
That's nearly always a bad idea, but it's easy enough to do
with the new connection pool code.
Alan T. DeKok [Mon, 17 Oct 2011 19:18:56 +0000 (21:18 +0200)]
Clean up spare connections on release
This mirrors the "spawn new connections on get" functionality.
Also, remember when we last failed to connect. When that happens,
we continue to use existing connections, but we don't open new
connections for one second. This behavior ensures that incoming
requests will still be processed quickly, even when the back-end
database is down.
Alan T. DeKok [Mon, 17 Oct 2011 19:06:48 +0000 (21:06 +0200)]
Remove unused configuration parameters
Alan T. DeKok [Mon, 17 Oct 2011 16:38:23 +0000 (18:38 +0200)]
Alive isn't used. Don't require it
Alan T. DeKok [Mon, 17 Oct 2011 16:20:18 +0000 (18:20 +0200)]
Document new "pool" subsection
Alan T. DeKok [Mon, 17 Oct 2011 16:15:28 +0000 (18:15 +0200)]
Removed knowledge of sqlsocket->id
The drivers have no business using it
Arran Cudbard-Bell [Mon, 17 Oct 2011 15:41:55 +0000 (17:41 +0200)]
Make Class value more unique
Arran Cudbard-Bell [Mon, 17 Oct 2011 15:35:07 +0000 (17:35 +0200)]
Add one char expansion for RADIUS request ID
Alan T. DeKok [Mon, 17 Oct 2011 15:41:25 +0000 (17:41 +0200)]
Added F5 dictionary, as posted to the list
Alan T. DeKok [Mon, 17 Oct 2011 12:44:14 +0000 (14:44 +0200)]
Tie radrelay && detail writer together
So that people can read the documentation and examples
and have it work
Alan T. DeKok [Mon, 17 Oct 2011 14:40:50 +0000 (16:40 +0200)]
Hack to work around race condition
We may give up on a proxied packet (and set proxy_listener = NULL)
just as we're receiving a duplicate packet from the NAS. In that
case, we catch it, and do nothing
Alan T. DeKok [Mon, 17 Oct 2011 11:50:45 +0000 (13:50 +0200)]
Make vp_print_name return size_t
which makes more sense
Alan T. DeKok [Sun, 16 Oct 2011 03:03:34 +0000 (05:03 +0200)]
Fix weird issue where it wouldn't update Stripped-User-Name
suffix
update request {
Stripped-User-Name := "%{Stripped-User-Name}@bar.com"
}
would result in Stripped-User-Name being unchanged.
The code was the same as 2.1.x, which worked.
The new code has the benefit of working, and has one less pass
over the input list
Alan T. DeKok [Sun, 16 Oct 2011 02:32:40 +0000 (04:32 +0200)]
Use new connection pool API
Alan T. DeKok [Sun, 16 Oct 2011 02:21:32 +0000 (04:21 +0200)]
Correct logic in reconnect
Only complain once per second.
Return correct handle
Alan T. DeKok [Sun, 16 Oct 2011 02:13:17 +0000 (04:13 +0200)]
Whitespace && formatting
Arran Cudbard-Bell [Wed, 12 Oct 2011 14:24:28 +0000 (16:24 +0200)]
Assert should be false
Arran Cudbard-Bell [Tue, 11 Oct 2011 20:14:54 +0000 (22:14 +0200)]
Add even more logging, and use unambigous tense for existing messages
Arran Cudbard-Bell [Tue, 11 Oct 2011 15:37:26 +0000 (17:37 +0200)]
Only attempt to closed connections which are unused
Arran Cudbard-Bell [Tue, 11 Oct 2011 15:18:58 +0000 (17:18 +0200)]
Should return connection, not connection struct
Arran Cudbard-Bell [Tue, 11 Oct 2011 15:18:13 +0000 (17:18 +0200)]
Add log messages on connection reservation and release
Arran Cudbard-Bell [Tue, 11 Oct 2011 13:50:13 +0000 (15:50 +0200)]
Ignore libltdl makefile
Arran Cudbard-Bell [Tue, 11 Oct 2011 13:47:13 +0000 (06:47 -0700)]
Merge pull request #22 from arr2036/connection_api
Add additional logging to connection pool api
Arran Cudbard-Bell [Mon, 10 Oct 2011 19:39:02 +0000 (21:39 +0200)]
Add additional logging to connection pool api
Arran Cudbard-Bell [Tue, 11 Oct 2011 11:55:34 +0000 (13:55 +0200)]
Set last_used on spawn, else all connections are closed on the first get_connection call
Add counter, and give each connection a unique connection id
Arran Cudbard-Bell [Mon, 10 Oct 2011 22:17:37 +0000 (00:17 +0200)]
Need to check if the max_uses/lifetime/idle_timeout values > 0 (enabled) before enforcing them...
Alan T. DeKok [Mon, 10 Oct 2011 18:16:01 +0000 (20:16 +0200)]
Fixes to make FR use the local libltld
This helps to avoid stupid libtool issues
Alan T. DeKok [Mon, 10 Oct 2011 15:37:18 +0000 (17:37 +0200)]
More information in debug messages
Alan T. DeKok [Sun, 9 Oct 2011 16:15:00 +0000 (18:15 +0200)]
Use parent rather than cs if cs doesn't exist
Alan T. DeKok [Sun, 9 Oct 2011 11:59:34 +0000 (13:59 +0200)]
TLS private key password isn't required
Alan T. DeKok [Sat, 8 Oct 2011 07:15:01 +0000 (09:15 +0200)]
Clean up build to be less verbose
Rather than printing out 10+ lines of text for every C file that
is compiled, it now prints out one: "CC foo.c"
While this can hide some key information from the developer, it
also highlights compiler warnings.
We can later go through and add a developer-specific option
to turn on the old behavior. Probably by suppressing the "--quiet"
option to libtool
Alan T. DeKok [Fri, 7 Oct 2011 22:14:02 +0000 (00:14 +0200)]
Fix typo
compare type to RAD_LISTEN_DETAIL
Arran Cudbard-Bell [Fri, 7 Oct 2011 09:45:12 +0000 (11:45 +0200)]
Add a Message-Authenticator attribute to the response, if we added EAP-Message
Alan T. DeKok [Tue, 4 Oct 2011 14:20:42 +0000 (16:20 +0200)]
Added simple module to "clean" the request of non-UTF-8 data
Arran Cudbard-Bell [Mon, 3 Oct 2011 11:34:50 +0000 (04:34 -0700)]
Merge pull request #21 from alagoutte/master
Update RADIUS Dictionary Aruba
Alexis La Goutte [Mon, 3 Oct 2011 11:22:00 +0000 (13:22 +0200)]
Update RADIUS Dictionary Aruba
Peter Lemenkov [Fri, 30 Sep 2011 11:48:58 +0000 (15:48 +0400)]
Drop dead link
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Peter Lemenkov [Fri, 30 Sep 2011 11:48:10 +0000 (15:48 +0400)]
Now it's possible to include Zyxel's dictionary by default
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Peter Lemenkov [Fri, 30 Sep 2011 11:44:29 +0000 (15:44 +0400)]
Another one attribute
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Peter Lemenkov [Fri, 30 Sep 2011 11:44:02 +0000 (15:44 +0400)]
Proper VENDOR value for Zyxel
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Alan T. DeKok [Fri, 30 Sep 2011 11:22:23 +0000 (13:22 +0200)]
ECONNRESET and EWOULDBLOCK aren't portable
Wrap them in ifdef's
Alan T. DeKok [Thu, 29 Sep 2011 16:03:23 +0000 (18:03 +0200)]
Load "server {...}" sections properly
Alan T. DeKok [Thu, 29 Sep 2011 09:26:03 +0000 (11:26 +0200)]
Be more graceful if caller passes us a NULL ptr
Alan T. DeKok [Wed, 28 Sep 2011 11:15:46 +0000 (13:15 +0200)]
Distinguish virtual servers from physical ones
Alan T. DeKok [Wed, 28 Sep 2011 11:15:31 +0000 (13:15 +0200)]
Updated debug message