Alan T. DeKok [Thu, 26 Aug 2010 14:47:13 +0000 (16:47 +0200)]
Fix typos
Alan T. DeKok [Thu, 26 Aug 2010 14:31:16 +0000 (16:31 +0200)]
Ensure WITHOUT flags are set if they're not being used
Alan T. DeKok [Thu, 26 Aug 2010 14:30:56 +0000 (16:30 +0200)]
Updated copyright date and build options
Alan T. DeKok [Thu, 26 Aug 2010 10:54:55 +0000 (12:54 +0200)]
Updated documentation
Alan T. DeKok [Tue, 24 Aug 2010 13:01:00 +0000 (15:01 +0200)]
Added support for EAP-MD5, using radeapclient.
Alan T. DeKok [Wed, 25 Aug 2010 12:11:39 +0000 (14:11 +0200)]
Add warning message about packets being too long
Conflicts:
src/lib/radius.c
Alan T. DeKok [Wed, 18 Aug 2010 15:42:30 +0000 (17:42 +0200)]
Added support for TLS-Cert-* and TLS-Client-Cert-* attributes
This has been needed for a long time. They only work for methods
which use a client certificate, but it's a start.
Alan T. DeKok [Thu, 12 Aug 2010 13:59:29 +0000 (15:59 +0200)]
Mkae sure we show EAP-Message in the debug output
Alan T. DeKok [Tue, 10 Aug 2010 06:13:32 +0000 (08:13 +0200)]
Added indexes to IP Pool table
Alan T. DeKok [Mon, 9 Aug 2010 19:50:45 +0000 (21:50 +0200)]
Use pairmake() which is in libradius, not radius_pairmake()
Alan T. DeKok [Mon, 9 Aug 2010 13:10:48 +0000 (15:10 +0200)]
Add Cached-Session-Policy attribute.
This can be placed into the cache in the first EAP session, and
grabbed from the cache on subsequet packets.
Alan T. DeKok [Mon, 9 Aug 2010 12:04:13 +0000 (14:04 +0200)]
Print out WARNING if EAP session did not finish.
This functionality has been sorely needed for some time. It works
ONLY in debugging mode. It prints out a warning if the handler still
exists when the request packet is cleaned up.
Alan T. DeKok [Mon, 9 Aug 2010 09:36:03 +0000 (11:36 +0200)]
Slightly lower impact way of cleaning up old sessions
Alan T. DeKok [Mon, 9 Aug 2010 09:33:36 +0000 (11:33 +0200)]
More errors to Module-Failure-Message
Alan T. DeKok [Sat, 7 Aug 2010 21:04:19 +0000 (23:04 +0200)]
Added ability to write to pcap file
Alan T. DeKok [Sat, 7 Aug 2010 20:30:52 +0000 (22:30 +0200)]
Do more checking of command-line arguments
Alan T. DeKok [Sat, 7 Aug 2010 07:48:24 +0000 (09:48 +0200)]
Fixes for 2.2 API
Alan T. DeKok [Sat, 7 Aug 2010 07:36:36 +0000 (09:36 +0200)]
Added example of "second_files" module, with documentation
Alan T. DeKok [Fri, 6 Aug 2010 15:48:44 +0000 (17:48 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:26:56 +0000 (17:26 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:24:54 +0000 (17:24 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:17:32 +0000 (17:17 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:13:31 +0000 (17:13 +0200)]
Regularized warning messages
Alan T. DeKok [Fri, 6 Aug 2010 12:59:54 +0000 (14:59 +0200)]
Added check for lt_dladvise_init
This helps solve loading issues when libraries depend on other libraries
Alan T. DeKok [Sat, 7 Aug 2010 07:43:01 +0000 (09:43 +0200)]
Fix for 2.2 API
Alan T. DeKok [Fri, 6 Aug 2010 12:36:04 +0000 (14:36 +0200)]
Added Packet-Transmit-Counter for retransmits.
Closes bug #13
Alan T. DeKok [Fri, 6 Aug 2010 08:23:07 +0000 (10:23 +0200)]
Back out some recent changes
While it's nice to know which part of the server is processing
something (by hacking request->module), it clutters the debug output
a fair bit.
Alan T. DeKok [Wed, 4 Aug 2010 12:17:37 +0000 (14:17 +0200)]
Be less agressive about marking home servers as zombie.
Instead of marking them as zombie as soon as ONE packet doesn't
receive a response, mark then as zombie when we have received NO
responses for (zombie_period / 4)
Alan T. DeKok [Wed, 4 Aug 2010 13:29:48 +0000 (15:29 +0200)]
Alan T. DeKok [Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)]
Notes on SHOULD set "require_message_authenticator"
Alan T. DeKok [Wed, 4 Aug 2010 08:13:10 +0000 (10:13 +0200)]
Set "component" and "module" to more descriptive values
So that when something goes wrong, we know where / why
Alan T. DeKok [Tue, 3 Aug 2010 15:25:27 +0000 (17:25 +0200)]
Enabled "digest" in the default configuration.
Now that the "digest" module is more forgiving, it's probably best
to allow it here.
Alan T. DeKok [Tue, 3 Aug 2010 12:37:36 +0000 (14:37 +0200)]
Be moe forgiving about the Digest attributes.
In the "authorize" section, check if the attributes exist, and are
properly formatted. If not, return NOOP. If so, decode them,
and set Auth-Type := digest
If they don't list "digest" in "authorize", decode the attributes
in the "authenticate" section, too.
Alan T. DeKok [Tue, 3 Aug 2010 09:41:24 +0000 (11:41 +0200)]
Added -t option
This lets people use radtest for CHAP and MS-CHAP authentication,
without worrying too much about the internals of what's going on.y
Alan T. DeKok [Mon, 2 Aug 2010 14:54:07 +0000 (16:54 +0200)]
Added more notes on FreeBSD with multiple LANs
Alan T. DeKok [Mon, 2 Aug 2010 14:34:15 +0000 (16:34 +0200)]
Removed extraneous fprintf
Alan T. DeKok [Mon, 2 Aug 2010 13:54:46 +0000 (15:54 +0200)]
Manual merge of
aec08bce7f
Better handle a "known" attribute with invalid length
If we receive an "integer" attribute with length "10", don't
leave the name as "Foo-Bar". Instead, make it clear that the
attribute is unknown, and print it as "Attr-%d"
Alan T. DeKok [Mon, 2 Aug 2010 06:41:34 +0000 (08:41 +0200)]
strcpy to a NULL pointer is bad.
Closes bug #98
Alan T. DeKok [Sun, 1 Aug 2010 07:29:59 +0000 (09:29 +0200)]
Notes on binding to interfaces for DHCP
Alan T. DeKok [Sat, 31 Jul 2010 06:57:10 +0000 (08:57 +0200)]
More descriptive error messages.
If the thread pool queue is full, or if the packets are stuck in it for
a long time, it's usually because someone has a DB with 10 million rows
and no index. Or, they're running long-lived queries against a MyISAM
database. Either way, there's little that the RADIUS server can do
to fix it.
When that happens, produce a descriptive error message suggesting
that they focus the blame in the right place.
Alan T. DeKok [Fri, 30 Jul 2010 13:27:00 +0000 (15:27 +0200)]
Added attributes from recent RFCs
Alan T. DeKok [Fri, 30 Jul 2010 12:43:49 +0000 (14:43 +0200)]
API fixes for 2.2.0
Alan T. DeKok [Thu, 29 Jul 2010 15:24:42 +0000 (17:24 +0200)]
Check sockets against home servers for proxy loops
This only works when using -C. It only prints messages with -XC
Alan T. DeKok [Thu, 29 Jul 2010 12:29:04 +0000 (14:29 +0200)]
Fix typos n default configution. Closes bug #11
Alan T. DeKok [Thu, 29 Jul 2010 12:21:06 +0000 (14:21 +0200)]
Updates as from jlockie
Alan T. DeKok [Thu, 29 Jul 2010 12:12:15 +0000 (14:12 +0200)]
Renamed in preparation for RST
Alan T. DeKok [Thu, 29 Jul 2010 12:08:15 +0000 (14:08 +0200)]
Added real DESC fields.
Patch from Turbo Fredriksson
Alan T. DeKok [Thu, 29 Jul 2010 12:03:31 +0000 (14:03 +0200)]
Update Oracle Autoconf scripts. Closes bug #57
Alan T. DeKok [Thu, 29 Jul 2010 07:45:11 +0000 (09:45 +0200)]
Put SSL errors into Module-Failure-Message
Alan T. DeKok [Tue, 27 Jul 2010 10:24:55 +0000 (12:24 +0200)]
Fix for 2.2.0 API
Alan T. DeKok [Tue, 27 Jul 2010 06:48:34 +0000 (08:48 +0200)]
Fixed typo
Alan T. DeKok [Mon, 26 Jul 2010 16:09:11 +0000 (18:09 +0200)]
Use MS-CHAP-User-Name in MS-CHAP module.
If available, we prefer it to User-Name. If it's NOT the same
(case-insensitive) as User-Name, we reject the request.
Closes bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:03:35 +0000 (17:03 +0200)]
Create MS-CHAP-User-Name, which is taken from the MS-CHAP packet.
Taken from bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:02:04 +0000 (17:02 +0200)]
Fix changes pulled from v2.1.x for new API
Alan T. DeKok [Mon, 26 Jul 2010 14:59:27 +0000 (16:59 +0200)]
Better fix for unlinking control sockets
Alan T. DeKok [Mon, 26 Jul 2010 14:53:00 +0000 (16:53 +0200)]
Revert "Delete control socket when the server exits."
This reverts commit
061916989a6328f5d725d4085d58adfc49d5940c.
Alan T. DeKok [Mon, 26 Jul 2010 14:50:50 +0000 (16:50 +0200)]
Be more careful freeing memory in detail reader
Alan T. DeKok [Mon, 26 Jul 2010 11:30:56 +0000 (13:30 +0200)]
Delete control socket when the server exits.
This prevents permission errors
Alan T. DeKok [Thu, 22 Jul 2010 13:41:19 +0000 (15:41 +0200)]
Added CLIENT_MULTI_STATEMENTS
Closes bug #94
Alan T. DeKok [Wed, 21 Jul 2010 12:32:06 +0000 (14:32 +0200)]
Updated as per Cisco web site.
Closes #92
Alan T. DeKok [Wed, 21 Jul 2010 12:25:30 +0000 (14:25 +0200)]
Allow for spaces to be escaped in exec program.
Closes #93
Alan T. DeKok [Wed, 21 Jul 2010 12:16:54 +0000 (14:16 +0200)]
Fix parameters passed by Novell code in post-auth.
The "close connection" function takes an "ldap inst" variable,
not a pointer to a list of connections (sigh)
Alan T. DeKok [Wed, 21 Jul 2010 10:08:54 +0000 (12:08 +0200)]
Add undocumented keepalive configuration
Alan T. DeKok [Tue, 20 Jul 2010 15:27:05 +0000 (17:27 +0200)]
Use new format for the attributes
Alan T. DeKok [Tue, 20 Jul 2010 14:29:13 +0000 (16:29 +0200)]
Print all decoded TLVs, not just the first one.
Alan T. DeKok [Mon, 19 Jul 2010 21:52:39 +0000 (23:52 +0200)]
Use correct return code
Alan T. DeKok [Mon, 19 Jul 2010 21:48:32 +0000 (23:48 +0200)]
Fixed a few bugs using tests posted to the list.
for discover, add the following to the reply:
DHCP-Agent-Circuit-Id = 0x000401e30420
DHCP-Agent-Remote-Id = 0x000600FFFFFFFF00
Both server && client code crash.
Alan T. DeKok [Mon, 19 Jul 2010 19:49:38 +0000 (21:49 +0200)]
Don't "originate" CoA requests if the packet is a CoA request.
Instead, the user should *proxy* the CoA request.
Alan T. DeKok [Mon, 19 Jul 2010 19:31:47 +0000 (21:31 +0200)]
MPPE Key deriviation documentation
Alan T. DeKok [Mon, 19 Jul 2010 18:14:39 +0000 (20:14 +0200)]
Updated documentation
Alan T. DeKok [Mon, 19 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Updated Password-With-Header handling to make it more robust.
* Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
This will automatically convert more passwords.
* Updated rlm_pap to decode Password-With-Header, if it was base64
encoded, and to treat the contents as potentially binary data.
Alan T. DeKok [Fri, 16 Jul 2010 15:30:24 +0000 (17:30 +0200)]
Fix long-standing memory leak as found by Jerry Nichols
bob Cleartext-Password := "hello"
Tunnel-Server-Endpoint := 1.2.3.4,
Tunnel-Server-Endpoint := 1.2.3.5,
Tunnel-Type := 3,
Tunnel-Server-Endpoint := 1.2.3.2,
Tunnel-Medium-Type := 1,
Tunnel-Server-Endpoint := 1.2.3.1
Where there are multiple copies of
the same attribute with a := operator in the 'from' list, and the only
operators in the 'from' list are :=, then all the repeated attributes
after the first and before the last non-repeated attribute are lost. In
the example above that would result in the VALUE_PAIRS :
Tunnel-Server-Endpoint := 1.2.3.5
Tunnel-Server-Endpoint := 1.2.3.2
being orphaned.
Alan T. DeKok [Thu, 15 Jul 2010 08:39:56 +0000 (10:39 +0200)]
More documentation
Alan T. DeKok [Fri, 9 Jul 2010 10:21:16 +0000 (12:21 +0200)]
Re-enabled Exec-Program and Exec-Program-Wait for accounting packets
It's just too useful to live without
Alan T. DeKok [Fri, 9 Jul 2010 08:27:36 +0000 (10:27 +0200)]
Updated documentation
Alan T. DeKok [Thu, 15 Jul 2010 12:13:17 +0000 (14:13 +0200)]
Updates to use new octets[#] code, and added VALUEs for some attributes
Alan T. DeKok [Thu, 15 Jul 2010 09:48:56 +0000 (11:48 +0200)]
Allow 'octet' attributes to have a fixed length.
This is currently only for a few old attributes (ARAP-*), but the
same framework is leveraged for other attributes, too. e.g. int, ipaddr
Alan T. DeKok [Thu, 15 Jul 2010 09:30:01 +0000 (11:30 +0200)]
Fix arguments to paircreate
Alan T. DeKok [Thu, 8 Jul 2010 13:44:13 +0000 (15:44 +0200)]
errorcode may be NULL. Ignore it if so.
Closes bug #39
Alan T. DeKok [Thu, 8 Jul 2010 13:28:45 +0000 (15:28 +0200)]
Certificates do not depend on index / serial
Closes bug #64
Alan T. DeKok [Thu, 8 Jul 2010 11:06:15 +0000 (13:06 +0200)]
Pack DHCP-BootFilename into header
Alan T. DeKok [Wed, 7 Jul 2010 19:14:21 +0000 (21:14 +0200)]
Added Motorola WimMAX dictionary
Alan T. DeKok [Wed, 7 Jul 2010 11:51:03 +0000 (13:51 +0200)]
Re-worked PEAP state machine to be clearer
Alan T. DeKok [Wed, 7 Jul 2010 11:33:05 +0000 (13:33 +0200)]
Moved eappeap_identity to its own function.
Alan T. DeKok [Wed, 7 Jul 2010 11:30:39 +0000 (13:30 +0200)]
Changed multiple "if" statements to switch.
Alan T. DeKok [Wed, 7 Jul 2010 14:50:47 +0000 (16:50 +0200)]
Patches for EAP-FAST as posted to the list 2010-01-19
by Maja Wolniewicz
Alan T. DeKok [Tue, 6 Jul 2010 08:30:58 +0000 (10:30 +0200)]
Enable passwd in coa send/recv
Alan T. DeKok [Tue, 6 Jul 2010 08:30:11 +0000 (10:30 +0200)]
Map all types of attrs, not just int/string
Alan T. DeKok [Mon, 5 Jul 2010 09:00:26 +0000 (11:00 +0200)]
Return on error
Alan T. DeKok [Mon, 5 Jul 2010 09:00:11 +0000 (11:00 +0200)]
Note that "password_attribute" is deprecated
Alan T. DeKok [Mon, 5 Jul 2010 08:50:21 +0000 (10:50 +0200)]
Removed "password_header" configuration
Alan T. DeKok [Mon, 5 Jul 2010 08:49:10 +0000 (10:49 +0200)]
Remove "auto_header" flag.
Alan T. DeKok [Fri, 2 Jul 2010 08:22:50 +0000 (10:22 +0200)]
Handle detail files differently.
Alan T. DeKok [Thu, 1 Jul 2010 13:43:10 +0000 (15:43 +0200)]
Don't use libltdl if we're using dlopen()
Alan T. DeKok [Thu, 1 Jul 2010 13:09:08 +0000 (15:09 +0200)]
More provisions for dlopen'ing self.
Alan T. DeKok [Thu, 1 Jul 2010 13:08:38 +0000 (15:08 +0200)]
Remove restrictions on TLVs must be WiMAX. It's not in 2.1.x
Alan T. DeKok [Thu, 1 Jul 2010 12:54:22 +0000 (14:54 +0200)]
Provisions for RTLD_SELF, when all of the modules are statically linked in
Alan T. DeKok [Thu, 1 Jul 2010 10:47:25 +0000 (12:47 +0200)]
Allow exec in recv/send coa sections
Alan T. DeKok [Wed, 30 Jun 2010 19:58:27 +0000 (21:58 +0200)]
Do not delete "old" requests until they are free.
If the request is in the queue for 30+ seconds, do NOT delete it.
Instead, mark it as "STOP PROCESSING", and do "wait_for_child_to_die",
which waits for a child thread to pick it up, and acknowledge that it's
done. Once it's marked done, we can finally clean it up.
This may be the underlying issue behind bug #35
Alan T. DeKok [Wed, 30 Jun 2010 14:17:55 +0000 (16:17 +0200)]
Change default lifetime for dynamic clients from 1d to 1h