aland [Thu, 2 Jun 2005 01:25:36 +0000 (01:25 +0000)]
Add more copyright statements
aland [Wed, 1 Jun 2005 22:59:55 +0000 (22:59 +0000)]
Don't log endless informational messages.
aland [Wed, 1 Jun 2005 22:57:41 +0000 (22:57 +0000)]
Update pointers for proxy types. Whoops...
aland [Tue, 31 May 2005 18:59:14 +0000 (18:59 +0000)]
Move net/if.h
aland [Tue, 31 May 2005 18:48:16 +0000 (18:48 +0000)]
Updates, reformatting, etc
aland [Tue, 31 May 2005 18:39:09 +0000 (18:39 +0000)]
Add re-transmits of accounting packets back in, that was deleted
a few days ago.
Hmm... we still don't update the accounting Id, which is bad, but
no one has ever complained.
aland [Tue, 31 May 2005 17:34:47 +0000 (17:34 +0000)]
Don't send Proxy-State from home server in reply, when we're
the proxy.
Bug found by Fabien Marotte.
nbk [Mon, 30 May 2005 15:10:51 +0000 (15:10 +0000)]
This Perl script tails a SQL logfile and forwards the queries
to a database server.
nbk [Mon, 30 May 2005 13:20:17 +0000 (13:20 +0000)]
Man page for module rlm_sql_log
nbk [Mon, 30 May 2005 13:19:50 +0000 (13:19 +0000)]
Generated from configure.in revison 1.1 using autoconf 2.59
nbk [Mon, 30 May 2005 13:17:55 +0000 (13:17 +0000)]
File necessary to build the module
nbk [Mon, 30 May 2005 13:17:27 +0000 (13:17 +0000)]
This module appends the SQL queries in a log file which is
read later by the radsqlrelay program
aland [Sat, 28 May 2005 00:15:27 +0000 (00:15 +0000)]
More fixes to refresh_request.
FIXME: add accounting retries?
aland [Fri, 27 May 2005 23:55:05 +0000 (23:55 +0000)]
Afte rre-config
aland [Fri, 27 May 2005 23:51:10 +0000 (23:51 +0000)]
re-autogen
aland [Fri, 27 May 2005 23:14:16 +0000 (23:14 +0000)]
See "man radrelay.conf"
aland [Fri, 27 May 2005 23:13:33 +0000 (23:13 +0000)]
Document radrelay.conf
aland [Fri, 27 May 2005 21:20:17 +0000 (21:20 +0000)]
Rename structure elements for sanity
aland [Fri, 27 May 2005 21:19:57 +0000 (21:19 +0000)]
Moved per-type data for rad_listen_t to dynamically allocated
structure.
aland [Fri, 27 May 2005 20:36:16 +0000 (20:36 +0000)]
Expose rad_encode() and rad_sign()
Expose lrad_hash_update()
aland [Fri, 27 May 2005 19:01:19 +0000 (19:01 +0000)]
Added simple, fast, non-cryptographic hash function
aland [Fri, 27 May 2005 00:38:38 +0000 (00:38 +0000)]
clean up ifdef's and too many variables
aland [Fri, 27 May 2005 00:34:09 +0000 (00:34 +0000)]
Update rad_sendto && rad_recvfrom, to not call udpfromto for IPv6
sockets, as the code doesn't currently support it.
Also, fail a little more gracefully in certain situations
aland [Fri, 27 May 2005 00:33:13 +0000 (00:33 +0000)]
set recv/send/update for "bind_address", too
aland [Fri, 27 May 2005 00:04:14 +0000 (00:04 +0000)]
Break rad_send() into rad_encode(), rad_sign(), and plain sending
of packets.
This is so that accounting re-transmits can encode the packet data
once, update Acct-Delay-Time, and then re-sign the packet with
the updated ID field.
aland [Thu, 26 May 2005 23:20:00 +0000 (23:20 +0000)]
detail'd packets have a random vector.
max_outstanding defaults to 100.
aland [Thu, 26 May 2005 21:26:29 +0000 (21:26 +0000)]
Fix offset for xlat_config
aland [Thu, 26 May 2005 20:47:10 +0000 (20:47 +0000)]
Make new request_list_t structure, and return it from rl_init(),
and pass it back to rl_* functions. (Except for proxies)
Cleaned up refresh_request() code, so that it doesn't do it's own
retransmits for proxied packets. This makes the code MUCH cleaner.
The code in listen.c should be updated, so that when accounting
packets are proxied, Acct-Delay-Time is updated.
New "update" function in rad_listen_t, so that once a second,
the server calls the "update" function for each listener, which
further cleans up the request_list handling. Much less code,
and what's left is easier to understand.
So each listener has it's own request_list_t, which is nice,
and enables them to be handled later by individual threads.
Non-synchronous proxy retransmits are disabled, and removed
from proxy.conf. Accounting packets aren't handled well
for proxying, though. We'll need a separate "retransmit" timer
for them...
aland [Thu, 26 May 2005 16:34:13 +0000 (16:34 +0000)]
More work to get rid of "static" variables.
Rename the module_list_t structure to module_entry_t, and attach
it via cf_data_add to the "modules" section. It works under HUP,
and it means that there are fewer static variables, and that
it's easier to clean up the HUP handling later.
aland [Thu, 26 May 2005 16:25:51 +0000 (16:25 +0000)]
cf_data_add calls cf_item_add.
cf_item_add has minor cleanups.
data is now inserted at the end of the children list, which means
it takes more time to fix it, but now the order is better. See
next commit to modules.c
aland [Thu, 26 May 2005 16:04:00 +0000 (16:04 +0000)]
complain about naslist only if we read data from it
aland [Thu, 26 May 2005 15:58:10 +0000 (15:58 +0000)]
A bit better method for seeing if addresses are equal
fcusack [Thu, 26 May 2005 06:05:33 +0000 (06:05 +0000)]
generated from configure.in#1.1
fcusack [Thu, 26 May 2005 05:58:21 +0000 (05:58 +0000)]
rename from x99 to otp to reflect broader scope
aland [Thu, 26 May 2005 00:57:52 +0000 (00:57 +0000)]
delete testing stuff
aland [Thu, 26 May 2005 00:32:10 +0000 (00:32 +0000)]
add radrelay.conf.in
create radrelay.conf at configure time
install radrelay.conf
We haven't re-generated "configure", that can be done later.
aland [Wed, 25 May 2005 23:43:01 +0000 (23:43 +0000)]
Ignore RADIUS clients by keying off of the listeners, not
the name of mainconfig.radiusd_conf
aland [Wed, 25 May 2005 23:38:39 +0000 (23:38 +0000)]
Set "name", via '-n'
aland [Tue, 24 May 2005 23:54:16 +0000 (23:54 +0000)]
For accounting requests which came from a detail listener, don't
proxy it TO the IP which it came from.
aland [Tue, 24 May 2005 22:23:31 +0000 (22:23 +0000)]
Look for, and set, timestamp & client IP, so that we work more like
rad*relay.
Now all we need to do is write sample conf files, and hack other code
so that it doesn't relay packets back to where they came from..
aland [Tue, 24 May 2005 20:45:57 +0000 (20:45 +0000)]
One more 'const'
aland [Tue, 24 May 2005 20:42:52 +0000 (20:42 +0000)]
One more "const", to get "size modcall.o" to zero for data/bss
aland [Tue, 24 May 2005 19:04:35 +0000 (19:04 +0000)]
Updated cf_section_sub_find_name2 to be a little smarter, and to
better support modules.c & modcall.c, which try to look modules
up by name1 or name2.
New function cf_data_find & cf_data_add, where other code can add
named data to be "associated" with a particular configuration section.
Updated modules.c so that the module_instance_t structure is stored
via cf_data_add(), rather than in a static pointer. This means
that it now gets automagically free'd when the configuration
section gets freed, which simplifies out lives.
It also means that the whole "reread conf files" may become easier,
as we can now read a new configuration file, do a 'diff' with the
old one, and potentially move the module instance data from the
old to the new, and therefore NOT shutdown & restart all of the
modules on a HUP.
aland [Mon, 23 May 2005 18:09:38 +0000 (18:09 +0000)]
Enabled "bind to device" functionality.
This is so you can listen on '::' or '*', but on multiple interfaces.
e.g.
listen {
ipaddr = *
device = eth0
...
}
listen {
ipaddr = *
device = eth1
}
fcusack [Mon, 23 May 2005 07:44:42 +0000 (07:44 +0000)]
re-add rlm_x99_token; no problems were found. Maybe openssl config
changes in the main configure script fixed it.
aland [Fri, 20 May 2005 01:36:18 +0000 (01:36 +0000)]
Abstracted listen parse/free/send/recv into callbacks, which
simplifies the code a lot, and organizes it better.
Hopefully we should now be able to create listeners of proxy
type, too..
nbk [Wed, 18 May 2005 12:21:43 +0000 (12:21 +0000)]
Add a test in sql_escape_func() to check buffer bound when
input character needs escaping.
Bug found by Primoz Bratanic <primoz@slo-tech.com>
aland [Tue, 17 May 2005 02:22:49 +0000 (02:22 +0000)]
left over from last commit
aland [Tue, 17 May 2005 01:57:16 +0000 (01:57 +0000)]
Add name for "radiusd.conf" to mainconfig, so that the server
personality of "radrelay" can load "radrelay.conf" from the same
directory.
Use it everywhere necessary.
For modules, more suppress loading module sections that aren't
necessary.
For listen, if we're reading detail & proxying is on, and there's
no IP address, use INADDR_ANY. They can set the IP address on the
command-line if they so care...
aland [Tue, 17 May 2005 01:38:05 +0000 (01:38 +0000)]
remove bad message
aland [Mon, 16 May 2005 17:27:35 +0000 (17:27 +0000)]
Don't even bother looking for "authorize", etc., if we're not
going to be receiving Access-Request packets..
aland [Fri, 13 May 2005 23:03:34 +0000 (23:03 +0000)]
Include "identity" in the listen{} section, so that you can do
things like:
DEFAULT Server-Identity == "foo", Proxy-To-Realm := foo.com
i.e. handle the requests differently, based on which socket
they came in on. It's like Packet-Dst-IP-Address, but independent
of IPv4/IPv6 concerns, and you can have multiple sockets with
the same identity.
aland [Fri, 13 May 2005 22:44:37 +0000 (22:44 +0000)]
Note that RFC 3748 allows multiple EAP types in the NAK, even
if 99.999% of all clients only send one.
aland [Fri, 13 May 2005 20:32:58 +0000 (20:32 +0000)]
Debug information.
Try to open the detail file after closing detail.work
aland [Fri, 13 May 2005 20:24:49 +0000 (20:24 +0000)]
Make auth/acct_socket_send into different functions. Have the
rest of the code ALWAYS call listen->send() to send a reply.
the listen->send() function now takes care of quenching, or
delaying the response to the client. This means that it can
do things like manage detail slots for accounting packets which
get dropped, and delayed reject all in one place.
nbk [Fri, 13 May 2005 18:29:37 +0000 (18:29 +0000)]
Replace code which doesn't compile anymore in generate_sql_clients()
with code stolen in generate_clients() from src/main/mainconfig.c
raghu [Fri, 13 May 2005 17:34:51 +0000 (17:34 +0000)]
Added inet_pton6() (Got the code from internet) and rewrote ip_ntoh().
raghu [Fri, 13 May 2005 17:29:24 +0000 (17:29 +0000)]
Use more generic sockaddr_storage structure instead of sockaddr structure.
raghu [Fri, 13 May 2005 17:24:30 +0000 (17:24 +0000)]
Open the socket() for the right (IPv4/IPv6) family.
nbk [Fri, 13 May 2005 17:03:38 +0000 (17:03 +0000)]
Use the new locking algorithm from Alan and Miquel.
open()
trylock()
fail = close, goto open (with counter /and msleep/)
fstat()
if (st.nlink == 0) close, goto open
nbk [Fri, 13 May 2005 16:07:47 +0000 (16:07 +0000)]
Include autoconf.h, too
aland [Fri, 13 May 2005 00:12:00 +0000 (00:12 +0000)]
-Wformat-nonliteral
aland [Fri, 13 May 2005 00:10:05 +0000 (00:10 +0000)]
Type check fixes.
aland [Thu, 12 May 2005 23:26:32 +0000 (23:26 +0000)]
Open the detail.work, or detail file (if possible) as soon as
we create the listener. This lets us read stored detail files
with minimal external prodding
aland [Thu, 12 May 2005 23:17:35 +0000 (23:17 +0000)]
Implemented a "max_outstanding" directive for detail listeners.
If it's set, don't unlink() the file until all outstanding
requests have been processed
fcusack [Thu, 12 May 2005 23:02:28 +0000 (23:02 +0000)]
trivial comment updates
aland [Thu, 12 May 2005 22:52:58 +0000 (22:52 +0000)]
use rad_listen_t here, too.
aland [Thu, 12 May 2005 22:52:27 +0000 (22:52 +0000)]
Multiple integrated patches:
1) add 2 rad_listen_t's to REQUEST, for packet & proxy packet
2) add send() function to rad_listen_t
3) remove all knowledge of rad_send from server core
4) add rad_send() to rad_listen_t send() functions, for per-type
sending. This makes the detail listener work a little better
5) add rad_listen_t knowledge to request_list.c, for proxying
of requests, so that it can set request->proxy_listener
6) move "waking up in %d seconds", etc. from request_list.c
to radiusd.c, in preparation for having per-listen request
lists.
7) have server print out that it's listening on the detail file,
and add some fixes so it doesn't lock or die if we're using
detail listening
raghu [Thu, 12 May 2005 22:22:48 +0000 (22:22 +0000)]
IPv4 prefix must be compared on network byte order
Fixed by adding htonl() comparison
raghu [Thu, 12 May 2005 17:34:50 +0000 (17:34 +0000)]
Bind to the specified IP address and Port if
Packet-Src-IPAddress/Packet-Src-IPv6Address & Packet-Src-Port attributes
are defined.
aland [Thu, 12 May 2005 16:51:43 +0000 (16:51 +0000)]
First pass at have a "listen" directive for reading the detail file:
listen {
type = detail
file = ${logdir}/blah/detail
}
It requires sending an initial RADIUS packet to get it to start
reading the detail file, and the locking algorithm is the
new one as posted by Miquel, not the old one. So don't try
running this in a "live" system as yet.
But it works.
aland [Thu, 12 May 2005 16:36:24 +0000 (16:36 +0000)]
make max_queue_size configurable, in preparation for integrating
rad*relay functionality into the server.
aland [Wed, 11 May 2005 23:29:28 +0000 (23:29 +0000)]
Removed most everything from the main "dictionary" file, and
moved the attributes & values into per-RFC dictionaries.
This makes them a little more difficult to find (for those who care,
they can use "grep'), but they are now a lot easier to manage,
as we know exactly which file defines what attribute and value,
based on reading the RFC's.
As new RFC's come out, we can add more dictionaries.
All of the server's "internal" non-protocol attributes & values
are now in dictionary.freeradius.internal.
fcusack [Wed, 11 May 2005 18:06:21 +0000 (18:06 +0000)]
improvements so that all relevant targets are made in SUBDIRS also
raghu [Wed, 11 May 2005 02:23:16 +0000 (02:23 +0000)]
IPv6 enabled clients configuration and prefix rules are added
raghu [Wed, 11 May 2005 02:01:17 +0000 (02:01 +0000)]
Netmask is replaced with Prefix that can be used for both v4 & v6.
raghu [Wed, 11 May 2005 01:59:33 +0000 (01:59 +0000)]
IPv6 clients can now be configured, listened and responded by the server
aland [Tue, 10 May 2005 20:21:47 +0000 (20:21 +0000)]
keep it up to date
fcusack [Tue, 10 May 2005 08:16:32 +0000 (08:16 +0000)]
Make cardops layer a true object layer! Re-implement cryptocard
as a cardops object.
aland [Mon, 9 May 2005 21:18:54 +0000 (21:18 +0000)]
By default, try to prevent v4 to v6 mapping
aland [Mon, 9 May 2005 21:11:31 +0000 (21:11 +0000)]
Don't allow * for IPv6, we have :: for it instead
fcusack [Sun, 8 May 2005 00:32:13 +0000 (00:32 +0000)]
compiler boo-boos
fcusack [Sun, 8 May 2005 00:23:42 +0000 (00:23 +0000)]
Simplify!
- don't check for user existence; cardops layer will do that
- don't use PW_X99_FAST as challenge sentinel, just use State presence
- remove some "can't happen" code; it REALLY can't happen now
fcusack [Sun, 8 May 2005 00:12:40 +0000 (00:12 +0000)]
minor logging tweaks
fcusack [Sat, 7 May 2005 23:21:11 +0000 (23:21 +0000)]
When deciding if we should protect the State attribute (ie, the
challenge) with an hmac, instead of using card async capability
as a determinant, use server configuration (allow_async setting).
This allows us to remove all X99_CF card feature #defines from x99.h,
giving us a cleaner cardops layer.
aland [Fri, 6 May 2005 22:28:29 +0000 (22:28 +0000)]
Many attribute types can't have "encrypt" flags, so don't bother
checking those
aland [Fri, 6 May 2005 22:27:31 +0000 (22:27 +0000)]
Add support for IPv6prefix type
aland [Fri, 6 May 2005 21:01:32 +0000 (21:01 +0000)]
call freeaddrinfo, so we don't leak memory
aland [Fri, 6 May 2005 01:06:30 +0000 (01:06 +0000)]
Check for problems, rather than assertions
fcusack [Thu, 5 May 2005 23:19:38 +0000 (23:19 +0000)]
import cardops layer from pam_x99_auth
aland [Thu, 5 May 2005 21:36:25 +0000 (21:36 +0000)]
Allow for IPv6, and correct a typo
aland [Thu, 5 May 2005 21:28:31 +0000 (21:28 +0000)]
Include autoconf.h, too
aland [Thu, 5 May 2005 18:27:51 +0000 (18:27 +0000)]
Got rid of more "static" variables, and in the process also enabled
the server to listen on IPv6 via the command-line.
The old "bind_address" directive is left as IPv4-only, for backwards
compatibility.
fcusack [Thu, 5 May 2005 06:17:45 +0000 (06:17 +0000)]
Update comments re: radius State replay attack suppression.
fcusack [Thu, 5 May 2005 05:49:11 +0000 (05:49 +0000)]
improve ewindow2 docs, remove extraneous (and incorrect) copyright text
fcusack [Thu, 5 May 2005 05:39:33 +0000 (05:39 +0000)]
change x99_token_t.name to const char *, for main/conffile.c#1.115
fcusack [Thu, 5 May 2005 05:27:12 +0000 (05:27 +0000)]
fix #includes problems introduced with some recent commit
fcusack [Thu, 5 May 2005 05:18:00 +0000 (05:18 +0000)]
update TG-24-1999 (X9.9 withdrawal) URL
aland [Wed, 4 May 2005 22:09:23 +0000 (22:09 +0000)]
Allow IPv6 for clients, too.
Note that we don't properly handle IPv6/prefix yet. That's for
another commit
aland [Wed, 4 May 2005 22:08:01 +0000 (22:08 +0000)]
Prototypes for functions in main/listen.c