pnixon [Sun, 20 Mar 2005 17:07:25 +0000 (17:07 +0000)]
Add native oracle support (Using the PHP OCI8 driver) to dialupadmin
pnixon [Sun, 20 Mar 2005 17:05:54 +0000 (17:05 +0000)]
Change from DATE to TIMESTAMP WITH TIMEZONE for to fields. (What use is a CDR that only has a date and no time???)
pnixon [Sun, 20 Mar 2005 17:04:21 +0000 (17:04 +0000)]
Add an extra trigger to make dialupadmin work
nbk [Sat, 19 Mar 2005 22:09:48 +0000 (22:09 +0000)]
When rewriting a attribute of type INTEGER or IPADDR, it is wrong
to change the strvalue only. Instead we call the pairparsevalue()
function which handles all possible types for an attribute.
pnixon [Sat, 19 Mar 2005 19:08:07 +0000 (19:08 +0000)]
hopefully final table schema
pnixon [Sat, 19 Mar 2005 18:47:27 +0000 (18:47 +0000)]
Fix datatype
pnixon [Sat, 19 Mar 2005 17:43:55 +0000 (17:43 +0000)]
pg_exec() has been replaced with pg_query()
pnixon [Fri, 18 Mar 2005 22:29:57 +0000 (22:29 +0000)]
totacct for Oracle
pnixon [Fri, 18 Mar 2005 22:25:10 +0000 (22:25 +0000)]
mtotacct for Oracle
pnixon [Fri, 18 Mar 2005 22:13:58 +0000 (22:13 +0000)]
badusers for oracle
pnixon [Fri, 18 Mar 2005 18:46:00 +0000 (18:46 +0000)]
userinfo.sql for oracle
phampson [Fri, 18 Mar 2005 15:05:36 +0000 (15:05 +0000)]
Fix inversion of test, so the mutex is initialised once instead of nunce.
Thanks to Manuel Menal (via Debian Bug #300219)
kkalev [Fri, 18 Mar 2005 14:12:59 +0000 (14:12 +0000)]
Don't use $num in stats.php3, change it to $stats_num
kkalev [Fri, 18 Mar 2005 14:01:45 +0000 (14:01 +0000)]
check_ip() should now work in nas_admin.php3. Only require lib/functions.php3 once
in stats.php3
phampson [Thu, 17 Mar 2005 13:44:31 +0000 (13:44 +0000)]
Allow checkrad to be called successfully with ports > 9999999 without
trashing memory.
Spotted and initial patch by Eddie Stassen
nbk [Thu, 17 Mar 2005 12:33:25 +0000 (12:33 +0000)]
Move inclusion of SNMP header files to smux.h since it's only
included by the files that need to talk SNMP
nbk [Thu, 17 Mar 2005 12:32:35 +0000 (12:32 +0000)]
Any file which includes smux.h can't compile without the SNMP
header files
nbk [Wed, 16 Mar 2005 23:21:17 +0000 (23:21 +0000)]
When building radrelay, remove options which confuse the linker
Problem reported by Jakub Wartak <vnulllists@pcnet.com.pl>
kkalev [Wed, 16 Mar 2005 09:39:26 +0000 (09:39 +0000)]
Revert back to using postgresql specific functions. dbx functions should be changed
to also use a dabatase subtype and perform any database specific functions themselves.
nbk [Tue, 15 Mar 2005 17:34:27 +0000 (17:34 +0000)]
Regroup the code which handles "new_attribute = yes" in one
single block
pnixon [Tue, 15 Mar 2005 17:05:59 +0000 (17:05 +0000)]
Add Oracle (rlm_sql_oracle) support as an option extra package as well and properly package dialup_admin
pnixon [Tue, 15 Mar 2005 17:01:43 +0000 (17:01 +0000)]
A first stab at using DBX for database abstraction. Works with Postgres currently.
pnixon [Tue, 15 Mar 2005 13:54:58 +0000 (13:54 +0000)]
First cut at making a working DBX driver.
kkalev [Tue, 15 Mar 2005 13:24:51 +0000 (13:24 +0000)]
Remove snmp_clearsession. It is replaced by clearsession which supports both snmp and telnet
methods of removing a user from an access server. Add corresponding configuration directives
general_sessionclear_method and nasXX_sessionclear_method
aland [Mon, 14 Mar 2005 18:08:35 +0000 (18:08 +0000)]
Make the header for the detail file configurable.
aland [Mon, 14 Mar 2005 18:05:30 +0000 (18:05 +0000)]
ctime puts a \n in the string, which we don't want
kkalev [Mon, 14 Mar 2005 11:57:34 +0000 (11:57 +0000)]
Correctly check nas validity in nas_admin.php3. Bug noted by Nick Bright
kkalev [Mon, 14 Mar 2005 11:51:32 +0000 (11:51 +0000)]
* Show the correct nas type in nas_admin. Bug noted by Nick Bright
* Correctly calculate the nas ip in lib/sql/nas_list.php3. Add a check_ip() function in lib/functions.php3
Bug noted by Nick Bright
nbk [Mon, 14 Mar 2005 10:01:51 +0000 (10:01 +0000)]
Pulled from Debian bug #292170:
Make init script return 1 if reloading kills the server
kkalev [Sun, 13 Mar 2005 15:52:35 +0000 (15:52 +0000)]
urlencode() all occurrences of the $login variable when used in url's. Bug noted by Dag Landau
bjordanov [Sat, 12 Mar 2005 09:35:53 +0000 (09:35 +0000)]
Adds a check if first call to strtok returns NULL in perl_xlat (closes: #218)
aland [Thu, 10 Mar 2005 20:52:18 +0000 (20:52 +0000)]
Separate attribute/module name parsing from module parameter
parsing, and do bounds checks.
This fixes bug #216
aland [Thu, 10 Mar 2005 19:19:54 +0000 (19:19 +0000)]
Moved inclusion of SNMP header files from global include files
to radius_snmp.h
Re-arranged a few things so that the server builds.
This is because net-snmp/net-snmp-config.h includes net-snmp's
"autoconf.h" file, which defines HAVE_PTHREAD_H, among many, many
other things! That's a VERY bad thing to do to people.
kkalev [Thu, 10 Mar 2005 19:07:44 +0000 (19:07 +0000)]
Add support for usrhiper in snmpfinger. Patch from Nick Bright
aland [Thu, 10 Mar 2005 18:57:55 +0000 (18:57 +0000)]
one-line #define to not use pthread functions when building
without threads
kkalev [Wed, 9 Mar 2005 21:53:48 +0000 (21:53 +0000)]
* Make nasXX_finger_type actually work since the place where nas information was stored was changed a
long time ago. Bug noted by Nick Bright
* In user_finger only set LD_LIBRARY_PATH once, not each time we call snmpfinger
kkalev [Wed, 9 Mar 2005 15:19:56 +0000 (15:19 +0000)]
Add a dictionary from NTUA (National Technical University of Athens) with
the UserLogon class of attributes. Used by the pGina RADIUS plugin (and
hopefully more in the future).
pnixon [Tue, 8 Mar 2005 16:35:45 +0000 (16:35 +0000)]
Actually include the dictionary.. Idiot..
pnixon [Tue, 8 Mar 2005 16:34:19 +0000 (16:34 +0000)]
fix syntax error
bjordanov [Tue, 8 Mar 2005 09:30:16 +0000 (09:30 +0000)]
New hashes added %RAD_REQUEST_PROXY (filled with vps from request->proxy->vps )
and %RAD_REQUEST_PROXY_REPLY ( filled with vps from request->proxy_reply->vps)
%RAD_REQUEST_PROXY is read-only, %RAD_REQUEST_PROXY_REPLY is read-write
(closes: #215)
bjordanov [Mon, 7 Mar 2005 11:52:06 +0000 (11:52 +0000)]
When defined USE_ITHREADS and called perl_xlat an perl interpetator is not
released on exit so after few requests the thread pool will not contain a free
interpetators. (closes: #179)
bjordanov [Mon, 7 Mar 2005 11:19:21 +0000 (11:19 +0000)]
Fixes problem with SIGHUP, multiple instances,
ithreads pool and locking problem. (closes: #111)
phampson [Sat, 5 Mar 2005 03:59:14 +0000 (03:59 +0000)]
"Usable", not "useable"
pnixon [Fri, 4 Mar 2005 14:49:08 +0000 (14:49 +0000)]
New dictionay thanks to Zydrunas Sablinskas
kkalev [Fri, 4 Mar 2005 14:30:24 +0000 (14:30 +0000)]
Add a dictionary from Epygi (epygi.com) hardware
aland [Thu, 3 Mar 2005 20:32:57 +0000 (20:32 +0000)]
chown radius.log, if we've written to it as root.root, before
we switch users.
This fixes bug #210
aland [Thu, 3 Mar 2005 20:13:19 +0000 (20:13 +0000)]
Remember CPPFLAGS, too.
This should close bug #201
aland [Thu, 3 Mar 2005 20:02:17 +0000 (20:02 +0000)]
close outfd outside of the loop, not while we're trying to lock
it.
Patch from Igor K, bug #130
aland [Thu, 3 Mar 2005 02:23:33 +0000 (02:23 +0000)]
Updated for changes
aland [Wed, 2 Mar 2005 23:18:42 +0000 (23:18 +0000)]
Re-enable '-i ipaddr' and '-p port'.
If they're used, then they over-ride everything in radiusd.conf
kkalev [Wed, 2 Mar 2005 13:20:40 +0000 (13:20 +0000)]
Log somewhat more verbose error messages when the sql_command binary is not found in the bin scripts
pnixon [Tue, 1 Mar 2005 16:15:57 +0000 (16:15 +0000)]
Info about FreeRADIUS on SUSE
pnixon [Tue, 1 Mar 2005 14:03:56 +0000 (14:03 +0000)]
You can integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 onwards to allow wireless authentication for eDirectory users.
pnixon [Tue, 1 Mar 2005 12:52:43 +0000 (12:52 +0000)]
new PAM config in upcomming SUSE 9.3Pro
pnixon [Tue, 1 Mar 2005 12:07:49 +0000 (12:07 +0000)]
Major cleanups to bring in sync with SUSE 9.2 Professional and to run as user radiusd instead of root
aland [Tue, 1 Mar 2005 01:47:39 +0000 (01:47 +0000)]
More/better error messages.
Don't allow quoted strings as conf-section names.
aland [Mon, 28 Feb 2005 23:54:13 +0000 (23:54 +0000)]
When $INCLUDE'ing files, cf_item_add may be called with a list
of items. If so, add all children to the parent trees.
We don't have to touch the child trees, because they aren't changed.
aland [Mon, 28 Feb 2005 22:47:17 +0000 (22:47 +0000)]
When reading files in a directory, be a little more restrictive.
We allow alpha-numeric, '.' and '_'. Anything else is ignored.
aland [Mon, 28 Feb 2005 22:32:13 +0000 (22:32 +0000)]
Moved copy_string && copy_var from exec.c to util.c, as public
functions, so that others may use them.
(mostly) copied "split into argv" code from exec.c into xlat_config,
to avoid injection attacks. i.e. "split into argv, and then xlat",
rather than "xlat, and then split into argv".
This also allows the use of "." in section/pair names.
aland [Mon, 28 Feb 2005 19:50:47 +0000 (19:50 +0000)]
Use rbtrees for CONF_SECTIONS, with hacks to make instance names
work...
aland [Mon, 28 Feb 2005 19:49:25 +0000 (19:49 +0000)]
Minor fix to xlat config
aland [Mon, 28 Feb 2005 18:45:31 +0000 (18:45 +0000)]
Put CONF_PAIRs into an rbtree. This doesn't make much difference
for most systems, but for large ones, it can help.
This also means that more memory is being used in the server,
but not a whole lot.
Next, putting sections into an rbtree.
aland [Mon, 28 Feb 2005 18:24:29 +0000 (18:24 +0000)]
Allow %{config: section[name2][item]}
kkalev [Mon, 28 Feb 2005 12:02:53 +0000 (12:02 +0000)]
Add the safe-characters directive in mssql.conf also
kkalev [Fri, 25 Feb 2005 23:51:11 +0000 (23:51 +0000)]
Don't set DEFAULT '0' for the nas table
nbk [Fri, 25 Feb 2005 00:59:56 +0000 (00:59 +0000)]
Remove the locks on the <detail> file and handle the case
where the last line is not complete
nbk [Tue, 22 Feb 2005 15:59:39 +0000 (15:59 +0000)]
Execute modules in {Pre,Post}-Proxy-Type stanzas (closes: #199)
nbk [Tue, 22 Feb 2005 15:58:53 +0000 (15:58 +0000)]
Prototype change for module_post_proxy()
nbk [Tue, 22 Feb 2005 15:58:30 +0000 (15:58 +0000)]
Prototype changes for module_{pre,post}_proxy()
nbk [Mon, 21 Feb 2005 15:02:26 +0000 (15:02 +0000)]
Re-arrange the states in the loop() function to prevent
radsqlrelay from duplicating accounting packets. Now the
transition is STATE_RUN -> STATE_BACKLOG -> STATE_CLOSE
(closes: #206)
nbk [Sun, 20 Feb 2005 18:53:35 +0000 (18:53 +0000)]
Build radsqlrelay, too.
kkalev [Sat, 19 Feb 2005 12:02:34 +0000 (12:02 +0000)]
In clear_opensessions depending on sql type use either IS NULL or = 0 in the DELETE statement.
We need to find a cleaner solution to this. This closes bug#175
kkalev [Sat, 19 Feb 2005 11:53:40 +0000 (11:53 +0000)]
Change ConnectInfo_{start,stop} to be varchar(50). This closes Bug#204
kkalev [Sat, 19 Feb 2005 11:45:11 +0000 (11:45 +0000)]
Add a patch from Thor Spruyt for setting the nas client query in the configuration file
This closes bug#201
kkalev [Sat, 19 Feb 2005 01:08:44 +0000 (01:08 +0000)]
* Add more documentation for per user counter limit attributes (daily/weekly/monthly limits)
* Make all counter limits default to none so that people don't get confused
kkalev [Sat, 19 Feb 2005 00:58:05 +0000 (00:58 +0000)]
Update password_check to work with all password attributes and use the configuration directives
aland [Fri, 18 Feb 2005 21:34:59 +0000 (21:34 +0000)]
re-arranged pap_authorize so that it will clean up base64 & hex
password attributes, so that other modules may use them.
This allows (for example) LDAP to store NT passwords base64-encoded,
with a header of {nt}. The LDAP module will add an attribute
NT-Password, with the value as base64-encoded. The PAP module
will base64-decode it during the "authorize" phase, so that the
mschap module can use the 16-byte NT hash during the authentication
phase.
aland [Fri, 18 Feb 2005 21:23:07 +0000 (21:23 +0000)]
Added auto-header discovery
{clear} User-Password
{cleartext} User-Password
{md5} MD5-Password
{smd5} SMD5-Password
{sha} SHA-Password
{ssha} SSHA-Password
{nt} NT-Password
The passwords are added "as-is", and require RLM_PAP to fix them...
aland [Fri, 18 Feb 2005 21:03:09 +0000 (21:03 +0000)]
Re-formatting of code, normalize whitespace around function args,
reduce the number of indents in some places
aland [Fri, 18 Feb 2005 18:06:56 +0000 (18:06 +0000)]
Updated docs for new behavior
aland [Fri, 18 Feb 2005 18:03:43 +0000 (18:03 +0000)]
new pap authorize function, which looks for hashed/encrypted
passwords in config items, and sets Auth-Type := PAP.
Updated radiusd.conf to add "unix" and "pap" to "authorize",
for more auto-discovery.
Updated "users" to NOT Set Auth-Type at ALL. This makes
auto-discovery work much better...
aland [Fri, 18 Feb 2005 01:14:37 +0000 (01:14 +0000)]
Support base64 encoding, via auto-discovery.
i.e. if it decodes to a base64 string of the right length, then
it's a base64 string.
This works with SMD5-Password := "l/ValIKmwbbPbodg+YNCS32Cz3M="
which is the same "testpassword" as the previous CVS commit.
aland [Fri, 18 Feb 2005 00:12:58 +0000 (00:12 +0000)]
Document SMD5 && SSHA passwords, too
aland [Fri, 18 Feb 2005 00:12:02 +0000 (00:12 +0000)]
Whoops... delete base64 stuff which was there by accident
aland [Fri, 18 Feb 2005 00:11:22 +0000 (00:11 +0000)]
These new attributes are of type "octets", not "string"
aland [Fri, 18 Feb 2005 00:11:06 +0000 (00:11 +0000)]
deleted hex2bin && bin2hex.
Added support for SMD5-Password & SSHA-Password.
SMD5-Password := 0x97f55a9482a6c1b6cf6e8760f983424b7d82cf73
SSHA-Password := 0x3b7fc2a325b3a841db199bb9f653fd8e05d6b1e4edbf63b5
User-Password := "testpassword"
aland [Thu, 17 Feb 2005 20:42:25 +0000 (20:42 +0000)]
unused headers
aland [Thu, 17 Feb 2005 20:41:55 +0000 (20:41 +0000)]
Add OSFFIA stuff back in. It looks like it's not used, so it
shouldn't hurt anything.
aland [Thu, 17 Feb 2005 20:35:36 +0000 (20:35 +0000)]
Updated documentation for rlm_unix
aland [Thu, 17 Feb 2005 20:35:04 +0000 (20:35 +0000)]
Removed all references to caching from the module. It's no longer
needed or useful.
kkalev [Thu, 17 Feb 2005 13:06:49 +0000 (13:06 +0000)]
Commit a patch from Andrea Gabellini. This should close bug#128
aland [Wed, 16 Feb 2005 18:54:52 +0000 (18:54 +0000)]
reap children in a child thread, not in the main server thread.
This minimizes locks
aland [Wed, 16 Feb 2005 18:50:29 +0000 (18:50 +0000)]
re-write of handling SIGCHLD.
delete sigchld handler. It's too hard to coordinate getting the
child pid & status from the thread that caught the signal to the
thread that (maybe) is waiting for it.
Instead, don't save child pid's if we've been told someone will
be waiting for it. They will call waitpid() and clean up the zombie.
DO save child pid's if the caller isn't going to wait. Someone
needs to call waitpid() on the EXACT PID number, to avoid grabbing
a PID that an "exec wait" thread is waiting for.
create new function: reap_children(), and scatter calls to it
in a number of places. This ensures that any child will have
waitpid() called quickly, and will be reaped.
aland [Wed, 16 Feb 2005 01:36:35 +0000 (01:36 +0000)]
removed external declaration of rad_savepid. This is a Good Thing.
Moved the function in threads.c, and declared it "static"
aland [Wed, 16 Feb 2005 01:31:19 +0000 (01:31 +0000)]
cat request_process.c | tr -d \\r > foo;mv foo request_process.c
aland [Wed, 16 Feb 2005 01:23:55 +0000 (01:23 +0000)]
Remove serious limits on the length of names in DICT_VALUE.
It's now 128, but can easily be bumped up.
aland [Wed, 16 Feb 2005 01:13:39 +0000 (01:13 +0000)]
Removed restrictions on vendor name length. (realistically)
It's now 1024, which should be large enough for most people.
aland [Tue, 15 Feb 2005 23:48:47 +0000 (23:48 +0000)]
Document new "virtual" modules
aland [Tue, 15 Feb 2005 23:43:47 +0000 (23:43 +0000)]
Make the "compile module" code actually return, rather than call
exit(). This means that we have a "stack" of errors to print if
something goes wrong, so we can track what referred to the item
making the problem.
Allow redundant{} etc. sections to have second names,
and use those names for printing.
Allow subsections in "instantiate", and use those subsections
as "virtual" modules, so that you don't have to copy blocks
of text, if the same kind of redundancy/fail-over is done in
multiple places.
This fixes bug #181
These subsections will later allow us to use the subsection names
in xlat's. e.g.
redundant magic_ldap {
ldap1
ldap2
}
... %{magic_ldap: query...}, which will fail-over from ldap1 to ldap2
aland [Tue, 15 Feb 2005 19:16:17 +0000 (19:16 +0000)]
Less code, less work