Matthew Newton [Sat, 3 Mar 2012 13:20:17 +0000 (13:20 +0000)]
Give rlm_eap_peap an initiate function and remove dependency on rlm_eap_tls
Alan T. DeKok [Sun, 4 Mar 2012 09:39:55 +0000 (10:39 +0100)]
emoved unnecessary variable
Matthew Newton [Fri, 2 Mar 2012 21:30:07 +0000 (21:30 +0000)]
Split eap_tls initiate function, move session handling code into libeap/eaptls.c
Matthew Newton [Sat, 3 Mar 2012 15:00:11 +0000 (15:00 +0000)]
Move rlm_eap_tls TLS-specific config into user-specified section (given by new tls= option)
Matthew Newton [Wed, 29 Feb 2012 08:23:35 +0000 (08:23 +0000)]
Cache result of parsing server/client tls configs, so we don't have to do it
repeatedly. This means tls_server_conf_free no longer needs to be called, as
it will be freed up automatically.
Alan T. DeKok [Sun, 4 Mar 2012 08:54:22 +0000 (09:54 +0100)]
Forgot to commit the new attribute for queue %
Alan T. DeKok [Sat, 3 Mar 2012 18:53:56 +0000 (19:53 +0100)]
PWD sample file
Alan T. DeKok [Sat, 3 Mar 2012 18:26:57 +0000 (19:26 +0100)]
Rely on pointer for malloc/free
which seems to remove "double free" error
Alan T. DeKok [Sat, 3 Mar 2012 08:20:49 +0000 (09:20 +0100)]
Set src_ipaddr for STATUS_SERVER packets
Alan T. DeKok [Tue, 28 Feb 2012 12:56:59 +0000 (13:56 +0100)]
Fix typo
Alan T. DeKok [Mon, 27 Feb 2012 09:35:58 +0000 (10:35 +0100)]
Configure scripts for EAP-PWD
Alan T. DeKok [Fri, 24 Feb 2012 12:57:15 +0000 (13:57 +0100)]
Document auto_limit_acct and max_pps
Alan T. DeKok [Thu, 23 Feb 2012 15:29:28 +0000 (16:29 +0100)]
Use correct structure for TLS fragment size
set ssn->offset, and use that in proxy_tls_recv
Alan T. DeKok [Thu, 23 Feb 2012 14:16:18 +0000 (15:16 +0100)]
Add queue parameters to accounting config items
If auto_limit_acct is set, then
FreeRADIUS-Queue-PPS-In
FreeRADIUS-Queue-PPS-Out
FreeRADIUS-Queue-Use-Percentage
are added to the control items for accounting packets.
This allows the administrator to create policies which kick in
only when the server is loaded.
Alan T. DeKok [Thu, 23 Feb 2012 14:10:06 +0000 (15:10 +0100)]
Start at 181, not 180
Alan T. DeKok [Thu, 23 Feb 2012 13:02:12 +0000 (14:02 +0100)]
Export Queue PPS in/out via the "status" interface
Alan T. DeKok [Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)]
Client certs are signed by the CA, not by the server
Alan T. DeKok [Wed, 22 Feb 2012 08:25:18 +0000 (09:25 +0100)]
Use names for logging parameters, and correct values
Alan T. DeKok [Thu, 23 Feb 2012 09:11:46 +0000 (10:11 +0100)]
Document fragment_size for RadSec
The comments about EAP and ethernet frames are no longer
relevant
Alan T. DeKok [Thu, 23 Feb 2012 09:04:23 +0000 (10:04 +0100)]
Set TLS receive buffer from fragment size
TLS over TCP can send 64K TLS packets. We need to be able to
handle that.
Alan T. DeKok [Thu, 23 Feb 2012 08:25:15 +0000 (09:25 +0100)]
Lower the impact of auto_limit_acct when it's disabled
Alan T. DeKok [Wed, 22 Feb 2012 16:19:48 +0000 (17:19 +0100)]
dded auto limiting for accounting packets.
If the thread queue is emptying more slowly than it's filling,
then start throwing away accounting packets.
Alan T. DeKok [Wed, 22 Feb 2012 15:43:30 +0000 (16:43 +0100)]
Moved PPS calculations to a utility function
Alan T. DeKok [Wed, 22 Feb 2012 15:37:26 +0000 (16:37 +0100)]
Conditional compilation. Curl might not have TLS
Alan T. DeKok [Wed, 22 Feb 2012 10:31:38 +0000 (11:31 +0100)]
Build EAP-PWD only if we're using OpenSSL
Arran Cudbard-Bell [Wed, 22 Feb 2012 09:37:17 +0000 (10:37 +0100)]
Fix content of demo http server
Arran Cudbard-Bell [Wed, 22 Feb 2012 08:53:32 +0000 (09:53 +0100)]
Merge branch 'master' of github.com:alandekok/freeradius-server
Arran Cudbard-Bell [Wed, 22 Feb 2012 08:53:19 +0000 (09:53 +0100)]
Move rest config to new mods-available directory
Alan T. DeKok [Wed, 22 Feb 2012 08:51:59 +0000 (09:51 +0100)]
Move to correct place
Alan T. DeKok [Wed, 22 Feb 2012 08:50:55 +0000 (09:50 +0100)]
Fix typo
Alan T. DeKok [Wed, 22 Feb 2012 08:38:46 +0000 (09:38 +0100)]
Note recent changes
Alan DeKok [Wed, 22 Feb 2012 08:37:49 +0000 (00:37 -0800)]
Merge pull request #50 from arr2036/rlm_rest
Add rlm_rest which does REST calls to an external HTTP server.
Alan T. DeKok [Wed, 22 Feb 2012 08:25:18 +0000 (09:25 +0100)]
Use names for logging parameters, and correct values
Alan T. DeKok [Tue, 21 Feb 2012 17:07:23 +0000 (18:07 +0100)]
Better fix for fixed point computations
So if rate_pps < 1000, we can still count it.
Alan T. DeKok [Tue, 21 Feb 2012 16:51:08 +0000 (17:51 +0100)]
Add rate limiting for network sockets
via "max_pps" in the "listen" section. It takes a count of the
packets received in the last second. If it's over max_pps, the
new packet is ignored. Otherwise, it's allowed.
We probably should instead have adaptive rate limiting based on
how many packets/s *finish* processing. But that's harder to do
for now.
Alan T. DeKok [Tue, 21 Feb 2012 13:54:08 +0000 (14:54 +0100)]
Added virtual server support
To make it simpler, and like the rest of the system
Alan T. DeKok [Tue, 21 Feb 2012 08:08:44 +0000 (09:08 +0100)]
Warn if we can't shut down modules cleanly
Alan T. DeKok [Tue, 21 Feb 2012 08:08:27 +0000 (09:08 +0100)]
Don't close connections that are in use.
Alan T. DeKok [Tue, 21 Feb 2012 07:57:49 +0000 (08:57 +0100)]
Try to use identity from SIM protocol, not EAP-Identity
Dan Harkins [Tue, 21 Feb 2012 08:15:53 +0000 (09:15 +0100)]
Sample configuration for EAP-PWD
Alan T. DeKok [Tue, 21 Feb 2012 08:13:53 +0000 (09:13 +0100)]
Make files so that EAP-PWD builds
Dan Harkins [Tue, 21 Feb 2012 08:12:24 +0000 (09:12 +0100)]
EAP-PWD Implementation
http://ietf.org/rfc/rfc5931.txt
Alan T. DeKok [Tue, 21 Feb 2012 08:10:42 +0000 (09:10 +0100)]
Define name and value for EAP-PWD
Arran Cudbard-Bell [Mon, 10 Oct 2011 18:20:44 +0000 (20:20 +0200)]
Initial commit of rlm_rest module
Add library independent streaming JSON generator
Add library independent streaming POST generator
Add support for parsing JSON and POST responses
Add support for parsing do_xlat and is_json flags in JSON responses
Add function to emulate CURLs multiple calls to the JSON generator when in stream mode, to allow transfer of data as a single contiguous block
Deduplicate truncation detection code.
Improvde consistancy of documentation.
Replace 1, 0 return codes with TRUE/FALSE macros.
Slightly better version of rest_uri_build
Add tables for auth types
Add a bunch of formatting fixes and extra options for SSL certs in curl
Alan T. DeKok [Fri, 17 Feb 2012 14:19:29 +0000 (15:19 +0100)]
Document MySQL character set issues
Patch from Stefan Winter
Alan T. DeKok [Fri, 17 Feb 2012 10:19:50 +0000 (11:19 +0100)]
New dictionary
Alan T. DeKok [Mon, 13 Feb 2012 19:59:29 +0000 (20:59 +0100)]
Added User-Role attribute
Alan T. DeKok [Fri, 17 Feb 2012 08:58:07 +0000 (09:58 +0100)]
New purewave dictionary
Alan T. DeKok [Mon, 13 Feb 2012 20:10:16 +0000 (21:10 +0100)]
Added provisions for "site local" dictionaries
Alan T. DeKok [Mon, 13 Feb 2012 16:02:14 +0000 (17:02 +0100)]
Change ports to not conflict with inner-tunnel
Alan T. DeKok [Mon, 13 Feb 2012 10:19:08 +0000 (11:19 +0100)]
Fix EAP-Type values
Noticed by Stefan Winter
Alan T. DeKok [Sat, 11 Feb 2012 09:07:11 +0000 (10:07 +0100)]
Directories need to be +x
Matthew Newton [Fri, 10 Feb 2012 00:51:07 +0000 (00:51 +0000)]
Add examples to EAP-TLS virtual server
Alan T. DeKok [Fri, 10 Feb 2012 10:37:22 +0000 (11:37 +0100)]
Save TLS-* attributes on session resumption
Manual pull from
d73fc3b75d
We could probably just save the certs in the ssl->session data,
just like the cached VPs. But that's more work...
Alan T. DeKok [Thu, 9 Feb 2012 12:28:31 +0000 (13:28 +0100)]
Automatically make directories
Alan T. DeKok [Thu, 9 Feb 2012 12:29:09 +0000 (13:29 +0100)]
Manual port of
ed8edcac2da6f1db
Create common name only if there's a subject
Alan T. DeKok [Wed, 8 Feb 2012 15:01:43 +0000 (16:01 +0100)]
strncpy is evil. Don't use it.
Alan T. DeKok [Thu, 9 Feb 2012 10:00:56 +0000 (11:00 +0100)]
src_ipaddr is needed for non-STATS builds
Alan T. DeKok [Wed, 8 Feb 2012 15:19:31 +0000 (16:19 +0100)]
Start of allowing multiple packets outstanding for detail file
configuration option "max_outstanding"
Each packet read has a unique counter
Alan T. DeKok [Wed, 8 Feb 2012 14:28:17 +0000 (15:28 +0100)]
Faster detail file reader.
If "delay = 0", go read another packet immediately.
Matthew Newton [Wed, 8 Feb 2012 10:51:44 +0000 (11:51 +0100)]
Add virtual-server option for EAP-TLS to allow certificate field checks
Normally attributes such as TLS-Client-Cert-Common-Name can be seen in
Post-Auth only, which is too late to act if the return to the client should
be changed. This code adds a virtual-server option to EAP-TLS to allow
these values to be examined, and the return status updated accordingly.
Alan T. DeKok [Wed, 8 Feb 2012 08:33:19 +0000 (09:33 +0100)]
Note recent changes
Alan T. DeKok [Wed, 8 Feb 2012 08:32:55 +0000 (09:32 +0100)]
Remove these modules from the new build system
Alan DeKok [Wed, 8 Feb 2012 08:30:47 +0000 (00:30 -0800)]
Merge pull request #48 from cmikk/abinary-fix
Print abinary values without delimiters, unless requested by caller.
Chris Mikkelson [Tue, 7 Feb 2012 21:40:13 +0000 (15:40 -0600)]
Print abinary values without delimiters, unless requested by caller.
Alan T. DeKok [Tue, 7 Feb 2012 19:58:52 +0000 (20:58 +0100)]
heck for account and password expiration
Alan T. DeKok [Tue, 7 Feb 2012 19:54:11 +0000 (20:54 +0100)]
Fix typos
Alan T. DeKok [Tue, 7 Feb 2012 09:30:48 +0000 (10:30 +0100)]
Move README to README.rst and fixes RST formatting
Matthew Newton [Mon, 6 Feb 2012 15:07:32 +0000 (16:07 +0100)]
Add "syslog_facility" to rlm_linelog
Document it. Export the facility name to integer table
from mainconfig.c
Alan T. DeKok [Mon, 6 Feb 2012 14:30:49 +0000 (15:30 +0100)]
Sync with upstream
Alan T. DeKok [Mon, 6 Feb 2012 14:08:38 +0000 (15:08 +0100)]
Add FreeRADIUS-specific output file
Alan T. DeKok [Mon, 6 Feb 2012 13:37:49 +0000 (14:37 +0100)]
Sync with original github project
Alan T. DeKok [Mon, 6 Feb 2012 10:44:29 +0000 (11:44 +0100)]
Fix typo in last commit
Alan T. DeKok [Mon, 6 Feb 2012 09:53:52 +0000 (10:53 +0100)]
Allow data2vp_any() to be called with packet==NULL
The packet is only used to decrypt certain attributes.
If there is no need to decrypt those attributes, then the
packet pointer isn't necessary.
Alan T. DeKok [Fri, 3 Feb 2012 09:45:50 +0000 (10:45 +0100)]
Note TLS-* attribute allocation
Alan T. DeKok [Tue, 31 Jan 2012 14:18:33 +0000 (15:18 +0100)]
Remove compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 14:13:40 +0000 (15:13 +0100)]
Get rid of compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 14:03:50 +0000 (15:03 +0100)]
Print out one value for --config=value
Alan T. DeKok [Tue, 31 Jan 2012 14:03:20 +0000 (15:03 +0100)]
CC jlibtool.c
to make it compatible with the rest of the build system
Alan T. DeKok [Tue, 31 Jan 2012 13:53:02 +0000 (14:53 +0100)]
Note errors if trying to build shared libs without -rpath
Alan T. DeKok [Tue, 31 Jan 2012 11:39:10 +0000 (12:39 +0100)]
Removed unused file
Alan T. DeKok [Tue, 31 Jan 2012 11:21:16 +0000 (12:21 +0100)]
Get rid of compiler warnings
Alan T. DeKok [Tue, 31 Jan 2012 11:18:35 +0000 (12:18 +0100)]
Added more compiler warning flags
for format string issues
Alan T. DeKok [Tue, 31 Jan 2012 11:16:38 +0000 (12:16 +0100)]
Fix compiler warnings
As part of the goal of getting the code to build cleanly,
without warnings
Alan T. DeKok [Tue, 31 Jan 2012 11:10:36 +0000 (12:10 +0100)]
Fix typo when using list
Alan T. DeKok [Tue, 31 Jan 2012 10:51:30 +0000 (11:51 +0100)]
Don't link in sites-enabled/tls
It confuses too many people
Alan T. DeKok [Tue, 31 Jan 2012 09:55:11 +0000 (10:55 +0100)]
Add documentation
Alan T. DeKok [Tue, 31 Jan 2012 09:25:25 +0000 (10:25 +0100)]
First pass at cablelabs nonsense
It doesn't do anything. But we've at least recorded the structures
necessary for full decoding
Alan T. DeKok [Mon, 30 Jan 2012 19:05:33 +0000 (20:05 +0100)]
Use unused variable
Alan T. DeKok [Mon, 30 Jan 2012 19:03:46 +0000 (20:03 +0100)]
Parantheses to avoid compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 19:03:05 +0000 (20:03 +0100)]
Add "const" for compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 19:02:05 +0000 (20:02 +0100)]
Fix compiler warnings
Alan T. DeKok [Mon, 30 Jan 2012 18:58:34 +0000 (19:58 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:55:05 +0000 (19:55 +0100)]
Fix compiler warning
Alan T. DeKok [Mon, 30 Jan 2012 18:50:27 +0000 (19:50 +0100)]
deal with unused arguments
Alan T. DeKok [Mon, 30 Jan 2012 18:49:54 +0000 (19:49 +0100)]
Change data type to avoid compiler warnings
Alan T. DeKok [Sun, 29 Jan 2012 11:14:51 +0000 (12:14 +0100)]
Enable DHCP by default
Alan T. DeKok [Fri, 27 Jan 2012 09:48:40 +0000 (10:48 +0100)]
A bit better fix. Not done yet
Alan T. DeKok [Fri, 27 Jan 2012 09:35:09 +0000 (10:35 +0100)]
Correctly determine TARGET
Don't just blindly append a ".a" to it
Alan T. DeKok [Fri, 27 Jan 2012 09:29:48 +0000 (10:29 +0100)]
Correct references to record_plus/minus()