aland [Mon, 21 Feb 2000 23:33:21 +0000 (23:33 +0000)]
New files which are used by libtool from REAL cross-platform
building.
Contributed by Alex Kiernan <alexk@demon.net>, and gradually
being introduced into the mainstream.
aland [Wed, 16 Feb 2000 17:11:19 +0000 (17:11 +0000)]
updated for what's done, and what still needs doing.
aland [Wed, 16 Feb 2000 15:40:51 +0000 (15:40 +0000)]
corrected typo, as pointed out by Greg Dickson <witchy@netserv.net.au>
aland [Fri, 11 Feb 2000 18:04:07 +0000 (18:04 +0000)]
added more template entries. They're commented out so they don't
confuse people, but they're included in the standard 'users' file
so that there will be fewer FAQ questions to the list.
aland [Thu, 10 Feb 2000 22:43:45 +0000 (22:43 +0000)]
cleaned up, and added "Realm" attribute to the request->packet->vps
aland [Thu, 10 Feb 2000 22:26:26 +0000 (22:26 +0000)]
updates for proxy retries
aland [Sat, 5 Feb 2000 15:33:14 +0000 (15:33 +0000)]
added functionality for Proxy-To-Realm and Replicate-To-Realm,
as posted to the list by ALan Curry.
aland [Fri, 4 Feb 2000 15:03:27 +0000 (15:03 +0000)]
'install' rules now creates directories, too.
aland [Fri, 4 Feb 2000 15:02:02 +0000 (15:02 +0000)]
added necessary defines for the 'pre-accounting' entry in the
'module_t' structure. Modified the modules to include an entry
for these structures. Added other defines, as necessary.
It currently builds, but it does NOT actually do any Proxy-To
or Replicate-To, or pre-accounting. That will come in the
next CVS commit.
aland [Fri, 4 Feb 2000 14:48:17 +0000 (14:48 +0000)]
new files for Proxy-To and Replicate-To support, by Alan Curry.
aland [Wed, 2 Feb 2000 18:10:28 +0000 (18:10 +0000)]
add explicit cf_pair_add() function.
don't allow the USER to have sections or pair names beginning
with '_', but allow the *server* to do so. This allows the server
to keep track of configuration items which it doesn't want to
tell the user about.
aland [Wed, 2 Feb 2000 18:06:07 +0000 (18:06 +0000)]
corrected typo
aland [Wed, 2 Feb 2000 18:05:26 +0000 (18:05 +0000)]
updated for new username && password in REQUEST structure
aland [Wed, 2 Feb 2000 15:05:15 +0000 (15:05 +0000)]
only print out host names if UT_HOSTSIZE is defined.
aland [Wed, 2 Feb 2000 15:01:40 +0000 (15:01 +0000)]
removed gcc-specific compiler flags.
aland [Wed, 2 Feb 2000 14:59:51 +0000 (14:59 +0000)]
don't use BASH extensions in a /bin/sh script.
aland [Wed, 2 Feb 2000 14:58:39 +0000 (14:58 +0000)]
added NSLLIB and SOCKETLIB for Solaris, as suggested by
Alex Kiernan <alexk@demon.net>
aland [Wed, 2 Feb 2000 14:57:12 +0000 (14:57 +0000)]
removed non-ANSI trailing commas from 'enum' declarations.
Pointed out by Alex Kiernan <alexk@demon.net>
aland [Wed, 2 Feb 2000 14:55:50 +0000 (14:55 +0000)]
removed bogus check, as pointed out by Alan Curry.
aland [Wed, 2 Feb 2000 14:34:15 +0000 (14:34 +0000)]
change 'cd $dir;foo' to 'cd $dir && foo', as suggested by
"Alan Curry" <pacman-radius@cqc.com>. The second version stops
on errors, while the first version doesn't.
aland [Tue, 1 Feb 2000 16:47:03 +0000 (16:47 +0000)]
regularized configuration names to:
cf_*
cf_section_*
cf_pair_*
Re-ordered function parameters so the the CONF_SECTION structure
is placed *first* in the list of parameters.
Added lots of 'const' everywhere to ensure we don't smash
input string pointers.
aland [Tue, 1 Feb 2000 16:10:23 +0000 (16:10 +0000)]
minor updates so name && password aren't passed explicitely.
aland [Mon, 31 Jan 2000 18:04:29 +0000 (18:04 +0000)]
updates for new request->username
aland [Mon, 31 Jan 2000 18:00:48 +0000 (18:00 +0000)]
updated for new request->username
aland [Mon, 31 Jan 2000 17:51:20 +0000 (17:51 +0000)]
include/radiusd.h
removed char username[], and rename VP *name to VP*username
include/modules.h
removed explicit references to username && password from
function prototypes & structure definitions.
main/radiusd.c
removed unused variable.
main/auth.c
clean ups.
modules/rlm_preprocess
modules/rlm_pam
modules/rlm_unix
Use request->username && request->password, instead of being
passed char* pointers.
aland [Mon, 31 Jan 2000 17:37:47 +0000 (17:37 +0000)]
Ensure that the modules get re-built if the server header files
change.
aland [Mon, 31 Jan 2000 17:22:56 +0000 (17:22 +0000)]
look for the canonical User-Name in the User-Name attribute,
not in request->username.
aland [Mon, 31 Jan 2000 17:22:06 +0000 (17:22 +0000)]
include/radiusd.h
removed prototype for rad_mangle()
main/radiusd.c
removed call to rad_mangle()
log error if there is no User-Name in the request.
main/auth.c
removed rad_mangle() entirely.
modules/rlm_preprocess/rlm_preprocess.c
moved rad_mangle() here.
fixed bug in accounting
jgolov [Sun, 30 Jan 2000 08:05:52 +0000 (08:05 +0000)]
Added basic ldap module config
jgolov [Sun, 30 Jan 2000 08:05:27 +0000 (08:05 +0000)]
Changed rlm_ldap to use conffile instead of raddb/ldapserver file
jgolov [Sat, 29 Jan 2000 10:48:53 +0000 (10:48 +0000)]
*** empty log message ***
jgolov [Sat, 29 Jan 2000 10:48:30 +0000 (10:48 +0000)]
conffile.c was written by Jesper Nielsen <jln@wol.dk>
jgolov [Sat, 29 Jan 2000 10:39:15 +0000 (10:39 +0000)]
Added radius.conf to raddb/
aland [Sat, 29 Jan 2000 00:02:56 +0000 (00:02 +0000)]
This is the first step at getting rid of passing a 'const char *name'
around to all of the modules. The theory is that from now on,
the 'request->name->strvalue' will be the canonical name, as changed
by an authorization module (e.g. hint bob.slip -> bob).
So a later authorization module can use the stripped user-name
of a previous authorization module. This makes life easier...
This means that the 'User-Name' attribute in the request is
ALWAYS the attribute as sent over by the user. The servers internal
idea of the value of the user name is really the Stripped-User-Name.
We will later get rid of the 'char username[]' element in the
REQUEST structure, too.
modules/rlm_preprocess:
Don't smash User-Name when stripping, but create a
Stripped-User-Name attribute instead, and add it to the request.
main/auth.c:
Prefer a Stripped-User-Name attribute for the name to
the User-Name.
include/radiusd.h:
added 'VALUE_PAIR *name' element to REQUEST structure, as interim
measure in getting rid of 'username[]'
modules/rlm_files:
ignore whatever is passed into 'char *name' for authorization,
and use request->name->strvalue, which MAY have gotten smashed
to a Stripped-User-Name attribute by a previous authorization
module.
aland [Fri, 28 Jan 2000 23:39:34 +0000 (23:39 +0000)]
removed PAM handling, and added operator initialization in paircreate()
aland [Tue, 25 Jan 2000 15:07:01 +0000 (15:07 +0000)]
i do NOT smash the operators to '=' in paircmp(). Instead, leave
them as they are, and let rlm_files take care of smashing them,
AFTER the VALUE_PAIR list has been copied from the original.
We need to smash the '==' and ':=' operators to '+=', so that
when rlm_files calls pairmove(), then pairmove() WILL move the VP
items to the check_pairs list, no matter what the check operator
has been set to.
aland [Mon, 24 Jan 2000 16:54:46 +0000 (16:54 +0000)]
changes to make it build on OpenBSD, as suggested by
Mike Wiacek <mike@allvirtual.com>
aland [Thu, 20 Jan 2000 23:04:39 +0000 (23:04 +0000)]
did 'strdup(valstr)' in filterBinary function, so the strtok()
function wouldn't over-write the valstr in place.
This code REALLY needs to be re-written. It's horrible.
aland [Thu, 20 Jan 2000 16:13:04 +0000 (16:13 +0000)]
Added Acct-Session-Start-Time attribute. This will hopefully
give us a better method of generating a unique
Acct-Unique-Session-Id attribute, which should be better &
more unique than the undependable Acct-Session-Id that most NAS
vendors generate.
aland [Tue, 18 Jan 2000 20:27:26 +0000 (20:27 +0000)]
added 'prev' entry to REQUEST structure, so that we can delete
entries in the middle of the list and continue processing it.
added check before calling rad_recv(): if the packet code is too
high, then drop it immediately without parsing it. This is another
paranoid attempt to minimize denial of service attacks.
re-wrote rad_check_list() to process ALL of the requests, even if
the current one is a duplicate, and has been deleted.
This change will make it easier to add checks later for re-sending
proxy requests, and handling proxy replies.
aland [Fri, 14 Jan 2000 18:54:14 +0000 (18:54 +0000)]
actually get the data on MSG_PEEK, as some stupid kernels
don't fill in the sockaddr structure if we peek 0 bytes.
pointed out by Dean Anderson <dean@av8.com>
mmachado [Fri, 14 Jan 2000 06:38:00 +0000 (06:38 +0000)]
Actually working on the module again! :)
aland [Thu, 13 Jan 2000 21:14:44 +0000 (21:14 +0000)]
the server now peeks at the request to see if it knows
the client. If not, it complains, and tosses the request
without doing any work.
aland [Thu, 13 Jan 2000 16:21:50 +0000 (16:21 +0000)]
yet another typo in usage()
aland [Thu, 13 Jan 2000 16:21:15 +0000 (16:21 +0000)]
corrected typo (whoops!)
aland [Thu, 13 Jan 2000 16:20:37 +0000 (16:20 +0000)]
yes, let's add '-h', too.
aland [Thu, 13 Jan 2000 16:17:09 +0000 (16:17 +0000)]
added -X option for users who INSIST on not reading any bloody
documentation.
Added actual help text to be printed out for 'usage' documentation.
Moved a number of variables to using TRUE/FALSE, instead of 0/1
aland [Mon, 10 Jan 2000 21:47:55 +0000 (21:47 +0000)]
use the ':=' operator for Auth-Type, if it wasn't already
defined. DON'T use '=', as that's deprecated.
aland [Fri, 7 Jan 2000 15:30:46 +0000 (15:30 +0000)]
updated with web page
aland [Fri, 7 Jan 2000 15:03:34 +0000 (15:03 +0000)]
fixed bug, as pointed out by kota <kota@at.com.ua>
aland [Thu, 6 Jan 2000 18:14:00 +0000 (18:14 +0000)]
added option '--with-threads' to allow people to NOT specify
threading.
miquels [Tue, 4 Jan 2000 00:06:30 +0000 (00:06 +0000)]
* Acend channels per line default should be 23, not 1
miquels [Mon, 3 Jan 2000 23:44:42 +0000 (23:44 +0000)]
* Updated checkrad.pl.in
* Added SNMPWALK to configure.in
aland [Mon, 3 Jan 2000 21:14:20 +0000 (21:14 +0000)]
configure.in pthread.h and libpthread
configure
Make.inc.in define PTHREADLIB
src/:
include/autoconf.h.in define HAVE_PTHREAD_H
include/radiusd.h define child_pid_t for forking/threading
main/Makefile use PTHREADLIB for linking.
main/radiusd.c place-holders for using new threading code.
It doesn't actually do threading yet, but
some of the skeleton is there.
aland [Mon, 3 Jan 2000 21:12:46 +0000 (21:12 +0000)]
removed the accounting process entirely (yay!)
aland [Mon, 3 Jan 2000 15:40:27 +0000 (15:40 +0000)]
updated for function/library ordering, as suggested by
Steve Ames <steve@virtual-voodoo.com>
aland [Mon, 3 Jan 2000 15:38:33 +0000 (15:38 +0000)]
fixed possible problem with Ascend configuration, as
suggested by Steve Ames <steve@virtual-voodoo.com>
aland [Thu, 23 Dec 1999 21:20:16 +0000 (21:20 +0000)]
add '-n' option to the server, which REQUIRES all IP addresses
to be given numerically, and NOT by host name.
Added support in library to NOT call any 'gethostbyFOO' functions
if we have DNS turned off.
Added complaints in 'files.c' to error out if we fail to look
up a host name.
aland [Wed, 22 Dec 1999 18:08:53 +0000 (18:08 +0000)]
renamed radrespond() to rad_process, and created new rad_respond().
auth.c and acct.c now do NOT reply to the request themselves,
but instead simply call build_reply(), and exit.
Then in the main server, the NEW rad_respond() checks
the element request->reply, and does the reply itself.
The idea is that this change will make the server even more
configurable, by having one central point of control for replies,
proxies, and replication.
aland [Wed, 22 Dec 1999 17:07:59 +0000 (17:07 +0000)]
corrected access bug which would deny access if there were
no huntgroups
more nonsense code to shut up the compiler
aland [Wed, 22 Dec 1999 16:44:17 +0000 (16:44 +0000)]
we don't need the username hack functions any more
(not that they were ever used by anything)
aland [Wed, 22 Dec 1999 16:43:39 +0000 (16:43 +0000)]
defined Proxy-To-Realm and Replicate-To-Realm attributes.
aland [Tue, 21 Dec 1999 16:14:25 +0000 (16:14 +0000)]
fixed bugs, as pointed out by kota <kota@at.com.ua>
aland [Fri, 17 Dec 1999 21:13:37 +0000 (21:13 +0000)]
updated operators in check-item lines for new '==' and ':='
definitions
aland [Fri, 17 Dec 1999 19:35:28 +0000 (19:35 +0000)]
do NOT close proxyfd in the accounting child, as it still
needs to send proxied accounting requests.
However, we ONLY need to listen to proxy replies in the main
server. The accounting server SHOULD NOT look for proxy replies,
or we'll have two processes doing a recv() on the same FD.
aland [Fri, 17 Dec 1999 19:34:16 +0000 (19:34 +0000)]
fixed bug as pointed out by Alan Curry
aland [Fri, 17 Dec 1999 18:59:36 +0000 (18:59 +0000)]
defined Packet-Type, added values for it, and made a #define.
aland [Fri, 17 Dec 1999 16:40:01 +0000 (16:40 +0000)]
include/radiusd.h new global variables proxy_port and proxyfd
main/auth.c removed unused variables
main/radiusd.c added proxyfd handling
more error messages on packets to wrong ports
main/proxy.c proxy messages get sent out the proxy fd.
aland [Fri, 17 Dec 1999 16:11:07 +0000 (16:11 +0000)]
removed many explicit 'case PW_FOO' in paircmp(), and replaced
them with a check for the ':=' operator in check items.
Added support for '==' in check items, and made it complain
about '=', to force people to convert their users files.
aland [Thu, 16 Dec 1999 22:44:35 +0000 (22:44 +0000)]
define '==' as a token
aland [Thu, 16 Dec 1999 19:32:11 +0000 (19:32 +0000)]
moved auth.c to use new rad_chap_encode function
miscellaneous moves of #define's, and additional comments.
aland [Thu, 16 Dec 1999 18:06:05 +0000 (18:06 +0000)]
wrote rad_chap_encode() function in lib/radius.c, and put
a prototype into libradius.h
Also made outgoing packets automagically encode the CHAP password,
under the assumption that it's given in clear text.
added additional logging in main/auth.c, so that when logging,
it will print the string "CHAP-Password" as the users password,
and not a NULL string.
auth.c currently does NOT call rad_chap_encode to authenticate
the user. That can be added later...
aland [Tue, 14 Dec 1999 21:42:28 +0000 (21:42 +0000)]
preliminary support for logging to syslog via '-l syslog'.
It's not perfect, as you can't specify the logging facility, but
it does seem to work.
aland [Tue, 14 Dec 1999 16:49:16 +0000 (16:49 +0000)]
implemented No-Such-Attribute: magic server configuration
attribute which matches if there is NO such attribute in
the request. The attribute which is looked up is in
the string value of the No-Such-Attribute attribute.
aland [Tue, 14 Dec 1999 16:01:07 +0000 (16:01 +0000)]
define the request->password element, and have it get initialized
in auth.c. Nothing currently uses it, but they can....
aland [Tue, 14 Dec 1999 15:49:49 +0000 (15:49 +0000)]
added more 'static's
accdias [Tue, 14 Dec 1999 04:49:46 +0000 (04:49 +0000)]
Alan,
I have commited the changes I made on checkrad.pl of Cistron package into
freeradius tree. I have defined a variable @SNMWALK@ in checkrad.pl.in
but I didn't dare to mess with the 'configure' script. Too many lines
with 'configure: ####' to renum and I don't know how to do it
automagically.
Antonio Dias
aland [Tue, 7 Dec 1999 20:42:35 +0000 (20:42 +0000)]
merge of alpha code from Alan Curry. It doesn't build as part of
the system, but at least the code is in CVS, so the diff's are
smaller.
jgolov [Thu, 2 Dec 1999 16:58:19 +0000 (16:58 +0000)]
Removed some useless debugging in proxy.c
jgolov [Thu, 2 Dec 1999 16:57:33 +0000 (16:57 +0000)]
Added trusted tag to proxy_receive
jgolov [Thu, 2 Dec 1999 16:56:30 +0000 (16:56 +0000)]
Added check for trusted attribute in raddb/realms
jgolov [Thu, 2 Dec 1999 16:55:44 +0000 (16:55 +0000)]
Added trusted int to struct realm.
jgolov [Sun, 28 Nov 1999 09:43:57 +0000 (09:43 +0000)]
Fixed a misplaced quote and path to LDAP stuff.
jgolov [Sun, 28 Nov 1999 09:42:48 +0000 (09:42 +0000)]
Many updates from Adrian Pavlykevych <pam@polynet.lviv.ua>
Changes rlm_ldap_pass to rlm_ldap_authenticate
Added rlm_ldap_authorize function
Added experimental (?) ldap caching
aland [Thu, 25 Nov 1999 18:44:29 +0000 (18:44 +0000)]
updates for FreeBSD, based on suggestions by
Adrian Pavlykevych <pam@polynet.lviv.ua>
aland [Thu, 25 Nov 1999 15:03:00 +0000 (15:03 +0000)]
renamed to PAM_AUTH_ATTR
aland [Wed, 24 Nov 1999 18:17:39 +0000 (18:17 +0000)]
when doing a pair copy, ignore operators =~ > >= < <=.
Hmm... this is really a hack, because the main/valuepair.c
paircmp() function doesn't smash the operator to '=' once it's
finished with the comparison.
Should it smash? I think so... rlm_files makes a copy of the
check item list before passing it to paircmp(), so it can be
smashed.
aland [Wed, 24 Nov 1999 18:10:53 +0000 (18:10 +0000)]
if there's no range for NAS-Port-Id, then just do a normal
comparison.
aland [Wed, 24 Nov 1999 17:36:13 +0000 (17:36 +0000)]
use on-stack 'pam_conv' data structure, and define our own
structure for use with 'appdata_ptr', so that we don't have nasty
STATIC variables hanging around. (Which wasn't safe for threading)
aland [Wed, 24 Nov 1999 17:17:29 +0000 (17:17 +0000)]
Add in support for a Pam-Auth attribute, now that the REQUEST
structure has a config_items VALUE_PAIR list.
it still could use some more fixes... Auth-Type = Pam and
Auth-Type = PAM are different... Pam-Auth should be defined at
initialization time, even if it isn't in the dictionary, etc.
aland [Wed, 24 Nov 1999 17:09:57 +0000 (17:09 +0000)]
minor changes to stop compiler warnings.
in authenticate function, changed all references from user_check
to request->config_items. This allows the server config items
to be carried along with the REQUEST structure.
We'll make some changes later to removed the explicit passing
of the config items to the authorization functions.
aland [Wed, 24 Nov 1999 17:02:19 +0000 (17:02 +0000)]
check the time against when we received the reply, NOT now
(which may me milliseconds or seconds later, depending on system load)
various minor hacks to shut up compiler warnings
aland [Wed, 24 Nov 1999 16:56:11 +0000 (16:56 +0000)]
include/radiusd.h added 'config_items' to the REQUEST structure.
main/util.c request_free updates to free config_items
main/radiusd.c initialize config_items to NULL.
jcarneal [Tue, 23 Nov 1999 16:22:40 +0000 (16:22 +0000)]
Fix small 'oops'...#include <errno.h>
aland [Mon, 22 Nov 1999 15:23:20 +0000 (15:23 +0000)]
more text in examples
jgolov [Sat, 20 Nov 1999 09:01:30 +0000 (09:01 +0000)]
Changed return values to RLM_AUTH_*
jgolov [Sat, 20 Nov 1999 09:00:51 +0000 (09:00 +0000)]
Added an additional checkconfig to possibly detect ldap libs that don't need -lber
miquels [Fri, 19 Nov 1999 14:25:01 +0000 (14:25 +0000)]
* Checkrad update for USR
jgolov [Fri, 19 Nov 1999 03:18:01 +0000 (03:18 +0000)]
*** empty log message ***
jgolov [Thu, 18 Nov 1999 20:19:08 +0000 (20:19 +0000)]
Added support for detecting the mozilla sdk and lber