aland [Tue, 30 Jan 2007 15:46:57 +0000 (15:46 +0000)]
List include files as being OK to install
aland [Tue, 30 Jan 2007 13:10:02 +0000 (13:10 +0000)]
Don't allow globally readable or writeable configuration files.
aland [Tue, 30 Jan 2007 13:02:05 +0000 (13:02 +0000)]
Don't allow globally writable dictionaries. This allows any
user to control the behavior of the server.
aland [Sun, 28 Jan 2007 08:09:18 +0000 (08:09 +0000)]
As posted to the list
pnixon [Sat, 27 Jan 2007 15:09:58 +0000 (15:09 +0000)]
Add version line and allow code to be executed from the command line
aland [Fri, 26 Jan 2007 09:57:14 +0000 (09:57 +0000)]
use fork() where we don't need to wait.
We don't need the argument to rad_fork() any more.
Always call waitpid(), even if no one called rad_fork(), because
someone might have called fork()
aland [Fri, 26 Jan 2007 09:39:19 +0000 (09:39 +0000)]
Use strlcpy rather than strncpy, and use the size of the output
buffer rather than the size of the input buffer.
aland [Wed, 24 Jan 2007 12:38:25 +0000 (12:38 +0000)]
Pull fix from 1.1 branch
pnixon [Tue, 23 Jan 2007 16:26:06 +0000 (16:26 +0000)]
Clean up the comments a little
pnixon [Tue, 23 Jan 2007 02:00:06 +0000 (02:00 +0000)]
Update comments to correctly reflect which detail files contain User Passwords and additionally add an example "suppress" statement to each.
pnixon [Mon, 22 Jan 2007 16:51:27 +0000 (16:51 +0000)]
fix 2 minor typos in the comments
pnixon [Wed, 10 Jan 2007 16:06:42 +0000 (16:06 +0000)]
teach sqlippool to report if it allocated and IP or not via return code. Closed bug 414
pnixon [Tue, 9 Jan 2007 01:58:18 +0000 (01:58 +0000)]
Fix Bug 413 sqlippool_query1 freeing results too early
Cleanup a bunch of other rubbish including a memory leak in sql_postgresql.c
pnixon [Mon, 8 Jan 2007 19:19:49 +0000 (19:19 +0000)]
Someone added attrs.access_reject and attrs.accounting_response to radiusd.conf but forgot to add them to the Makefile creating a broken install.
pnixon [Mon, 8 Jan 2007 16:14:53 +0000 (16:14 +0000)]
in case of a non-SQL_DOWN fatal error that occurs on the postgresql database server the function incorrectly returns 0 instead of -1
pnixon [Fri, 5 Jan 2007 15:27:21 +0000 (15:27 +0000)]
Add X-Ascend-Session-Svr-Key to table to allow Packet of Disconnects
pnixon [Tue, 2 Jan 2007 12:34:30 +0000 (12:34 +0000)]
Fixed incorrect spelling of "occurred" in 2 places
nbk [Thu, 14 Dec 2006 14:20:36 +0000 (14:20 +0000)]
Include "autoconf.h" before testing the macro WITH_SNMP.
nbk [Thu, 14 Dec 2006 14:20:01 +0000 (14:20 +0000)]
Include "autoconf.h" before testing the macro WITH_UDPFROMTO.
pnixon [Wed, 13 Dec 2006 13:33:34 +0000 (13:33 +0000)]
Fix list address
aland [Tue, 12 Dec 2006 19:56:48 +0000 (19:56 +0000)]
Fix stupid bug. rad_send() takes secret as second argument,
listener->send takes REQUEST*
pnixon [Tue, 12 Dec 2006 16:15:06 +0000 (16:15 +0000)]
Minor formatting cleanups.
pnixon [Tue, 12 Dec 2006 16:03:38 +0000 (16:03 +0000)]
Code is a bit clearer this way. Functionality should not change.
pnixon [Tue, 12 Dec 2006 12:08:48 +0000 (12:08 +0000)]
Fix syntax typo
pnixon [Tue, 12 Dec 2006 11:51:44 +0000 (11:51 +0000)]
Fix a STUPID memory leak introduced by yours truely..
bjordanov [Mon, 4 Dec 2006 08:49:38 +0000 (08:49 +0000)]
Added new hash RAD_CONFIG
aland [Wed, 29 Nov 2006 23:01:11 +0000 (23:01 +0000)]
Workarounds for Vista
aland [Tue, 28 Nov 2006 19:08:41 +0000 (19:08 +0000)]
If less than 4 bytes are read, tell the caller that 0 bytes were read
If the MSG_PEEK'd length says that the packet is less than
the RADIUS header length, tell the caller that 0 bytes were read.
If the MSG_PEEK'd length says that the packet is more than the
allowed RFC maximum of 4k, tell the caller that more than 4K was
read, but do NOT allocate memory for the packet.
rad_recv() takes care of catching these cases, and returns a
descriptive error to the caller.
In all 3 cases, recvmsg() is called to read a few bytes of data
from the packet. The kernel takes care of deciding that the packet
was read, and discards the rest of the data.
aland [Tue, 28 Nov 2006 18:24:02 +0000 (18:24 +0000)]
Updated names so that upper/lower case matches. Patch from
Daniel Larsson
aland [Mon, 27 Nov 2006 18:52:51 +0000 (18:52 +0000)]
VALUEs can only be defined for BYTE, SHORT, and INTEGER
aland [Mon, 27 Nov 2006 18:43:06 +0000 (18:43 +0000)]
Simplify parsing of byte/short/string, based on a patch by
Krzysztof Oledzki
aland [Sun, 26 Nov 2006 19:48:57 +0000 (19:48 +0000)]
pull fixes from branch_1_1
aland [Sun, 26 Nov 2006 19:48:10 +0000 (19:48 +0000)]
ATTRIBUTEs of type STRING shouldn't have VALUEs
aland [Sun, 26 Nov 2006 19:44:55 +0000 (19:44 +0000)]
Correct definitions for stats, from
http://www.juniper.net/techpubs/software/erx/junose60/unisphere6-0.dct
aland [Sun, 26 Nov 2006 19:29:19 +0000 (19:29 +0000)]
Include dictionary.sofaware
aland [Sun, 26 Nov 2006 18:21:42 +0000 (18:21 +0000)]
From branch_1_1
aland [Sun, 26 Nov 2006 18:21:02 +0000 (18:21 +0000)]
As posted to the list by Jacques Bourdeau
aland [Fri, 24 Nov 2006 14:54:39 +0000 (14:54 +0000)]
Add MS-MPPE-*, as suggested by Stefan Winter
aland [Wed, 22 Nov 2006 22:48:43 +0000 (22:48 +0000)]
Remove rfc_clean function
aland [Wed, 22 Nov 2006 21:48:35 +0000 (21:48 +0000)]
Filter the contents of Access-Reject and Accounting-Response packets,
to enforce RFC compliance.
aland [Wed, 22 Nov 2006 21:44:19 +0000 (21:44 +0000)]
Added 'key' field, so that we can later get rid of the rfc_clean()
function.
Added a bit of a wildcard for to handle 'Vendor-Specific =* ANY'
aland [Wed, 22 Nov 2006 21:37:12 +0000 (21:37 +0000)]
Move buffer to enclosing block, so we don't point to a buffer
on the stack which may be invalid
aland [Wed, 22 Nov 2006 17:00:34 +0000 (17:00 +0000)]
Pull fix from branch_1_1, so proxied EAP replies work
aland [Wed, 22 Nov 2006 17:00:01 +0000 (17:00 +0000)]
Permit EAP-Message and State from the home server, so that
EAP works. Bug noted by Stefan Winter
nbk [Mon, 20 Nov 2006 13:45:25 +0000 (13:45 +0000)]
Update the types that were mistakenly inversed. (closes: #401)
Thanks to Andrea Scharfe <schmedi@gmail.com>
nbk [Mon, 20 Nov 2006 13:44:46 +0000 (13:44 +0000)]
Update the types that were mistakenly inversed. (closes: #401)
Thanks to Andrea Scharfe <schmedi@gmail.com>
nbk [Sun, 19 Nov 2006 18:46:31 +0000 (18:46 +0000)]
Pull from CVS head:
Patch to allow /var/run to be a tmpfs.
nbk [Sun, 19 Nov 2006 18:25:40 +0000 (18:25 +0000)]
Update for 1.1.4
nbk [Sat, 18 Nov 2006 15:43:45 +0000 (15:43 +0000)]
Update for 1.1.4.
nbk [Sat, 18 Nov 2006 15:03:39 +0000 (15:03 +0000)]
Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
Bug reported by Tomas Martisius <tomas@puga.vdu.lt>
See http://bugs.debian.org/388024
nbk [Sat, 18 Nov 2006 14:45:17 +0000 (14:45 +0000)]
Pull from CVS head:
Add a new "reply-name" directive to choose the attribute which will
contain the remaining value for the counter in the reply packet when
the user is successfully authorized. (closes: #403)
nbk [Sat, 18 Nov 2006 14:27:23 +0000 (14:27 +0000)]
Update the sqlcounter_detach() function and always free memory
on errors.
nbk [Sat, 18 Nov 2006 13:05:08 +0000 (13:05 +0000)]
Pull from CVS head:
Add a new "-f" option to read the password from a file,
instead of command line. (closes: #395)
nbk [Sat, 18 Nov 2006 12:58:34 +0000 (12:58 +0000)]
Pull from CVS head:
Add a new "-f" option to read the password from a file,
instead of command line. (closes: #395)
aland [Fri, 17 Nov 2006 00:01:43 +0000 (00:01 +0000)]
Corrected typo
aland [Fri, 17 Nov 2006 00:01:18 +0000 (00:01 +0000)]
Corrected typo
aland [Thu, 16 Nov 2006 23:59:32 +0000 (23:59 +0000)]
Move action2str to where it needs to be.
Add comment at the start of modcall(), saying what it does.
If we have a module action of RETURN or REJECT at "unroll" in
modcall(), don't fall through to the next check. Instead, jump
forward to do_return, which stops processing this group
aland [Thu, 16 Nov 2006 00:50:53 +0000 (00:50 +0000)]
More attributes, from bug #408
aland [Thu, 16 Nov 2006 00:50:23 +0000 (00:50 +0000)]
More attributes, from bug #408
aland [Thu, 16 Nov 2006 00:47:49 +0000 (00:47 +0000)]
Check return code of malloc
aland [Thu, 16 Nov 2006 00:47:36 +0000 (00:47 +0000)]
Check return code of malloc
aland [Thu, 16 Nov 2006 00:45:23 +0000 (00:45 +0000)]
Check return code of malloc in testing code
aland [Thu, 16 Nov 2006 00:44:56 +0000 (00:44 +0000)]
Check return code of malloc in testing code
aland [Wed, 15 Nov 2006 18:52:03 +0000 (18:52 +0000)]
Corrected typos.
aland [Wed, 15 Nov 2006 17:35:20 +0000 (17:35 +0000)]
Corrected typo
fcusack [Tue, 14 Nov 2006 21:21:43 +0000 (21:21 +0000)]
use new RCSID macro to prevent Id keyword from being optimized out
fcusack [Tue, 14 Nov 2006 21:01:08 +0000 (21:01 +0000)]
remove Makefile since there is no code here
pnixon [Tue, 14 Nov 2006 00:35:20 +0000 (00:35 +0000)]
Implement draft-schulzrinne-sipping-radius-accounting-00.txt
pnixon [Mon, 13 Nov 2006 23:57:31 +0000 (23:57 +0000)]
dictionary.digest should actually be dictionary.rfc4590
pnixon [Mon, 13 Nov 2006 17:08:13 +0000 (17:08 +0000)]
Incorrect attribute name as reported by "Duane Cox"
fcusack [Sun, 12 Nov 2006 22:14:03 +0000 (22:14 +0000)]
regenerate
pnixon [Sun, 12 Nov 2006 20:09:37 +0000 (20:09 +0000)]
Incorrect attribute name as reported by "Duane Cox"
nbk [Sun, 5 Nov 2006 19:59:50 +0000 (19:59 +0000)]
It isn't very useful to filter attributes in the incoming request,
nothing will happen as any unexpected attribute will not be checked
during authorize.
Moreover the current attr_filter_authorize() function behave
differently than in previous releases of FreeRADIUS, because it
used to run in the deprecated post_proxy_authorize mode only.
Therefore it's certainly less error-prone to remove a long time
ago deprecated function, instead of changing its behaviour.
nbk [Sun, 5 Nov 2006 19:56:39 +0000 (19:56 +0000)]
Document the new "reply-name" directive.
nbk [Sun, 5 Nov 2006 19:55:11 +0000 (19:55 +0000)]
Change "return-attribute" to "reply-name" for consistency with
rlm_sqlcounter. There is no backward compatibility problem because
this directive doesn't exist in any release yet.
nbk [Sun, 5 Nov 2006 19:54:24 +0000 (19:54 +0000)]
Add a new "reply-name" directive to choose the attribute which will
contain the remaining value for the counter in the reply packet
when the user is successfully authorized. (closes: #403)
Thanks to Jonathan De Graeve <jonathan@imelda.be>
nbk [Sun, 5 Nov 2006 15:35:08 +0000 (15:35 +0000)]
Add "post-auth" to the list of valid sections for this module.
nbk [Sat, 4 Nov 2006 12:58:14 +0000 (12:58 +0000)]
Add a new "-f" option to read the password from a file,
instead of command line. (closes: #395)
Thanks to Jakub Wartak <vnull@pcnet.com.pl>
pnixon [Fri, 3 Nov 2006 08:32:46 +0000 (08:32 +0000)]
comment syntax fix
pnixon [Fri, 3 Nov 2006 08:32:05 +0000 (08:32 +0000)]
doc update
pnixon [Fri, 3 Nov 2006 08:18:46 +0000 (08:18 +0000)]
Set a default value
pnixon [Tue, 31 Oct 2006 15:00:10 +0000 (15:00 +0000)]
All tables should start with "rad"
pnixon [Tue, 31 Oct 2006 14:38:42 +0000 (14:38 +0000)]
This was a BUG. Acct-Delay-Time can be subtracted from the time of arrival on the server to find the approximate time of the event generating this Accounting-Request. I must NOT be subtracted from the Session-Time!
aland [Thu, 26 Oct 2006 17:13:04 +0000 (17:13 +0000)]
Removed double free. This fixes bug #404
aland [Thu, 26 Oct 2006 17:12:49 +0000 (17:12 +0000)]
Removed double free. This fixes bug #404
fcusack [Tue, 24 Oct 2006 05:36:08 +0000 (05:36 +0000)]
import from HEAD
add new header ident.h
fcusack [Tue, 24 Oct 2006 05:33:01 +0000 (05:33 +0000)]
add new header ident.h
fcusack [Tue, 24 Oct 2006 05:15:45 +0000 (05:15 +0000)]
import from HEAD
prevent rcsid from being optimized out
fcusack [Tue, 24 Oct 2006 04:45:13 +0000 (04:45 +0000)]
import from HEAD:
s/bad state/bad radstate/ to be clear that it's not token state
fcusack [Tue, 24 Oct 2006 04:40:58 +0000 (04:40 +0000)]
import from HEAD:
remove trailing "\n" from some radlog() calls
fcusack [Tue, 24 Oct 2006 04:38:04 +0000 (04:38 +0000)]
import from HEAD:
otp_putfd(): add disconnect arg, to allow just mutex release, avoiding
fd leak in radiusd and otpd
otp_verify(): otp_putfd(fdp, 0) on successful return, otp_putfd(fdp, 1)
on 2 error return cases that we missed
fcusack [Tue, 24 Oct 2006 04:34:24 +0000 (04:34 +0000)]
typo
fcusack [Tue, 24 Oct 2006 04:33:53 +0000 (04:33 +0000)]
no longer used
fcusack [Tue, 24 Oct 2006 04:20:54 +0000 (04:20 +0000)]
document rlm_otp fd leak fix
fcusack [Tue, 24 Oct 2006 04:02:37 +0000 (04:02 +0000)]
otp_putfd(): add disconnect arg, to allow just mutex release, avoiding
fd leak in radiusd and otpd
otp_verify(): otp_putfd(fdp, 0) on successful return, otp_putfd(fdp, 1)
on 2 error return cases that we missed
fcusack [Tue, 24 Oct 2006 03:19:06 +0000 (03:19 +0000)]
remove trailing "\n"s from some radlog() calls
aland [Fri, 20 Oct 2006 18:41:11 +0000 (18:41 +0000)]
fix stdarg.h
pnixon [Fri, 20 Oct 2006 15:14:03 +0000 (15:14 +0000)]
Cleanup
fcusack [Fri, 20 Oct 2006 05:12:08 +0000 (05:12 +0000)]
file ident.h was added on branch branch_1_1 on 2006-10-24 05:15:45 +0000
fcusack [Fri, 20 Oct 2006 05:12:07 +0000 (05:12 +0000)]
prevent rcsid from being optimized out