fcusack [Wed, 23 May 2007 22:08:38 +0000 (22:08 +0000)]
import from branch_1_1:
Should use (sizeof(array)/sizeof(array[0]) for looping over
the entries
This fixes Coverity bug #12
fcusack [Wed, 23 May 2007 21:20:00 +0000 (21:20 +0000)]
import from HEAD:
update otp_request_t to v2
fcusack [Wed, 23 May 2007 21:18:56 +0000 (21:18 +0000)]
quiet Coverity (fixes Coverity bug #11)
fcusack [Wed, 23 May 2007 21:04:09 +0000 (21:04 +0000)]
regenerate from configure.in#1.1.2.6
fcusack [Wed, 23 May 2007 21:03:45 +0000 (21:03 +0000)]
import from HEAD:
don't need -Wno-cast-qual anymore
fcusack [Wed, 23 May 2007 21:00:35 +0000 (21:00 +0000)]
otp_detach(): remove unused var
fcusack [Wed, 23 May 2007 20:45:44 +0000 (20:45 +0000)]
update otp_request_t to v2
fcusack [Wed, 23 May 2007 20:37:04 +0000 (20:37 +0000)]
update otp_request_t to v2
fcusack [Wed, 23 May 2007 20:29:24 +0000 (20:29 +0000)]
regenerate from configure.in#1.5
fcusack [Wed, 23 May 2007 20:28:54 +0000 (20:28 +0000)]
don't need -Wno-cast-qual anymore
aland [Mon, 21 May 2007 09:23:27 +0000 (09:23 +0000)]
Clarified text
aland [Wed, 16 May 2007 15:54:26 +0000 (15:54 +0000)]
Apparently it returns T_EOL sometimes...
aland [Wed, 16 May 2007 12:21:46 +0000 (12:21 +0000)]
Fix return code. Clarify code for parsing configuration files
aland [Wed, 16 May 2007 10:23:29 +0000 (10:23 +0000)]
Corrected documentation
aland [Wed, 16 May 2007 10:06:36 +0000 (10:06 +0000)]
Added one attribute, and the RFC that defines it
aland [Wed, 16 May 2007 08:56:58 +0000 (08:56 +0000)]
Document "auth+acct"
aland [Wed, 16 May 2007 08:48:17 +0000 (08:48 +0000)]
Permit "pool" in realms, to point to pools of all "auth+acct"
home servers
aland [Wed, 16 May 2007 08:42:55 +0000 (08:42 +0000)]
More sanity checks.
Allow home servers to be of type "auth+acct", where acct port
is the given port + 1.
aland [Wed, 16 May 2007 08:07:20 +0000 (08:07 +0000)]
Add one more type missed on previous commit
aland [Wed, 16 May 2007 08:01:50 +0000 (08:01 +0000)]
Separate pools and home servers by type.
aland [Wed, 16 May 2007 07:51:24 +0000 (07:51 +0000)]
Be a little more rigorous in the parser.
This fixes Coverity bug #48
aland [Wed, 16 May 2007 07:49:49 +0000 (07:49 +0000)]
Be a little more rigorous when parsing
This fixes Coverity bug #48
aland [Wed, 16 May 2007 07:44:18 +0000 (07:44 +0000)]
Remove unused variables.
This fixes Coverity bugs #50, 51, 52, and 53
aland [Wed, 16 May 2007 07:41:37 +0000 (07:41 +0000)]
Check return codes.
This fixes Coverity bug #49
aland [Wed, 16 May 2007 07:40:41 +0000 (07:40 +0000)]
Check return value.
This fixes Coverity bug #49
aland [Tue, 15 May 2007 15:32:08 +0000 (15:32 +0000)]
Print out copyright statement when starting in debugging mode.
aland [Tue, 15 May 2007 14:25:53 +0000 (14:25 +0000)]
Added Azaire VSA's
aland [Tue, 15 May 2007 12:48:04 +0000 (12:48 +0000)]
Call it -pre1, as -pre0 has been around forever
aland [Tue, 15 May 2007 12:46:36 +0000 (12:46 +0000)]
Enable udpfromto by default. It's tested, and solves a lot of
problems.
aland [Tue, 15 May 2007 12:41:53 +0000 (12:41 +0000)]
Relax checks a little
aland [Tue, 15 May 2007 10:23:03 +0000 (10:23 +0000)]
Port fix for Coverity bug #13 from 1.1.x
aland [Tue, 15 May 2007 10:20:04 +0000 (10:20 +0000)]
Port fix for Coverity bug #22 from 1.1.x
aland [Tue, 15 May 2007 10:18:03 +0000 (10:18 +0000)]
Port fix for Coverity bug #23 from 1.1.x
aland [Tue, 15 May 2007 10:17:23 +0000 (10:17 +0000)]
Port fix for Coverity bug #25 from 1.1.x
aland [Tue, 15 May 2007 10:14:54 +0000 (10:14 +0000)]
Port fix for Coverity bug #27 from 1.1.x
aland [Tue, 15 May 2007 10:10:35 +0000 (10:10 +0000)]
Port fix for Coverity bug #37 from 1.1.x
aland [Tue, 15 May 2007 10:09:20 +0000 (10:09 +0000)]
Port fix for Coverity bug #38 from 1.1.x
aland [Tue, 15 May 2007 10:06:28 +0000 (10:06 +0000)]
Port fix for Coverity bug #29 from 1.1.x
aland [Tue, 15 May 2007 10:04:50 +0000 (10:04 +0000)]
Port fix for Coverity bug #33 from 1.1.x
aland [Tue, 15 May 2007 10:03:12 +0000 (10:03 +0000)]
Port fix for Coverity bug #41 from 1.1.x
aland [Tue, 15 May 2007 10:02:19 +0000 (10:02 +0000)]
Port fix for Coverity bug #40 from 1.1.x
aland [Tue, 15 May 2007 09:58:25 +0000 (09:58 +0000)]
Pull fix for Coverity bug #15 from 1.1.x
aland [Tue, 15 May 2007 09:56:26 +0000 (09:56 +0000)]
Pull suppression of "error in read client cert A" from 1.1.x
aland [Tue, 15 May 2007 09:53:24 +0000 (09:53 +0000)]
Free "fake" on error.
This fixes Coverity bug #43
aland [Tue, 15 May 2007 09:52:38 +0000 (09:52 +0000)]
Free "fake" on parse error.
This fixes Coverity bug #44
aland [Tue, 15 May 2007 09:52:13 +0000 (09:52 +0000)]
Free "fake" on parse error.
This fixes Coverity bug #45
aland [Tue, 15 May 2007 09:50:51 +0000 (09:50 +0000)]
Free "fake" on parse error.
This fixes Coverity bug #43
aland [Tue, 15 May 2007 09:50:34 +0000 (09:50 +0000)]
Free "fake" on parse error.
This fixes Coverity bug #44
aland [Tue, 15 May 2007 09:50:17 +0000 (09:50 +0000)]
Free "fake" on parse error.
This fixes Coverity bug #45
nbk [Mon, 14 May 2007 22:26:57 +0000 (22:26 +0000)]
Delete trailing whitespace.
aland [Mon, 14 May 2007 11:17:32 +0000 (11:17 +0000)]
Add new load balancing method "client-port-balance"
This method should be removed when we have state tracking of EAP
proxies in a module
aland [Mon, 14 May 2007 09:56:57 +0000 (09:56 +0000)]
In preparation for 2.0-pre0
aland [Mon, 14 May 2007 09:43:44 +0000 (09:43 +0000)]
Update copyright dates
aland [Mon, 14 May 2007 09:42:51 +0000 (09:42 +0000)]
Use "currently_outstanding" metric for load-balance. i.e. we choose
the home server with the lowest "currently_outstanding" number.
If there are multiple home servers with the same number, randomly
choose among them.
This means that when a home server is dead and doesn't respond,
the requests will immediately be load-balanced to any live servers
aland [Mon, 14 May 2007 07:54:58 +0000 (07:54 +0000)]
Made language more consistent.
When a home server first responds, decrement the
"currently_outstanding" counter. This counter tracks the requests
being processed by the home server, NOT the number of retransmits
pnixon [Sun, 13 May 2007 22:00:28 +0000 (22:00 +0000)]
Add Novell's eDir OTP patch to branch_1_1 also (previously committed to cvs)
pnixon [Sun, 13 May 2007 21:41:42 +0000 (21:41 +0000)]
Add eDirectory Token / NMAS support thanks to Peter Lambrechtsen and Vinayak Hegde from Novell
aland [Fri, 11 May 2007 09:34:00 +0000 (09:34 +0000)]
Use RTT && load_factor to prevent detail file reading from
overloading the system.
aland [Fri, 11 May 2007 09:02:52 +0000 (09:02 +0000)]
Pull xlat for NT-Hash and LM-Hash from CVS head
aland [Fri, 11 May 2007 08:58:19 +0000 (08:58 +0000)]
Use strncasecmp, not strcasecmp
aland [Fri, 11 May 2007 08:49:31 +0000 (08:49 +0000)]
For old-style realms, make pools by realm name, not server name
aland [Fri, 11 May 2007 08:39:57 +0000 (08:39 +0000)]
Cleaned up debug messages.
Old-style "accthost" goes into acct_pool, not auth_pool
aland [Thu, 10 May 2007 08:17:05 +0000 (08:17 +0000)]
Now that we have the "self signal" function, there's no need
to block signals in the child threads
pnixon [Wed, 9 May 2007 16:12:42 +0000 (16:12 +0000)]
Fix typo
pnixon [Wed, 9 May 2007 15:18:53 +0000 (15:18 +0000)]
Fixed small typo in dict
aland [Wed, 9 May 2007 13:54:42 +0000 (13:54 +0000)]
Don't try to install older SQL configs. They've been moved
to the "sql" directory
aland [Wed, 9 May 2007 13:41:35 +0000 (13:41 +0000)]
Re-parent the SNMP MIBs to use our own OID, rather than gnome's
OID. Gnome also seems to be using 3317 rather than 3319, which
is what IANA says was assigned to them.
aland [Wed, 9 May 2007 13:16:00 +0000 (13:16 +0000)]
struct timeval->tv_sec may not be time_t on MAC OS, 64-bit.
i.e. struct timeval->tv_sec is 64-bit, and localtime_t() etc
take a 32-bit pointer.
If we need to remove "request->timestamp" in the future, we can
update the calls to localtime_r(), etc. to use an intermediate
variable, to avoid 32/64-bit issues.
aland [Wed, 9 May 2007 13:09:21 +0000 (13:09 +0000)]
Initialize timestamp from received
aland [Wed, 9 May 2007 12:22:46 +0000 (12:22 +0000)]
print out attributes in a more standard method
aland [Tue, 8 May 2007 14:00:06 +0000 (14:00 +0000)]
We're copying ranges of bytes fed to us from a regex parse.
We need to use memcpy, not strlcpy.
pnixon [Tue, 8 May 2007 07:00:35 +0000 (07:00 +0000)]
Split queries into dialect specific files and add mysql support
aland [Mon, 7 May 2007 17:31:25 +0000 (17:31 +0000)]
use new signal stuff
pnixon [Fri, 4 May 2007 14:59:51 +0000 (14:59 +0000)]
oops.. no need for the same column name twice..
aland [Fri, 4 May 2007 13:00:15 +0000 (13:00 +0000)]
Be more forgiving about corner cases
aland [Fri, 4 May 2007 12:43:51 +0000 (12:43 +0000)]
When adding a non-detail REQUEST to the queue, mark detail
reading as not possible.
When a thread finishes a request, AND the queues are empty,
mark detail reading as possible.
aland [Fri, 4 May 2007 12:42:38 +0000 (12:42 +0000)]
Cleanup up detail file handling a little. Fixed a memory
leak (how did that get in again?). It seems to work...
aland [Fri, 4 May 2007 11:57:08 +0000 (11:57 +0000)]
Do more initialization
aland [Fri, 4 May 2007 09:18:08 +0000 (09:18 +0000)]
Added a self-pipe as per Emile's ideas at:
http://www.xs4all.nl/~evbergen/unix-signals.html
We don't need to handle more than 2-3 signals, so it all fits
into one byte.
Also added "detail" flag, so we can later add feedback from the
child threads. If there are no queued requests, AND there's at
least one thread waiting for something to do, THEN it's OK to read
from the detail file.
aland [Fri, 4 May 2007 09:06:15 +0000 (09:06 +0000)]
more sanity checks, and clarify the code
aland [Fri, 4 May 2007 08:18:13 +0000 (08:18 +0000)]
Suppress writes to the detail file if the request was read from
a detail file.
In post-proxy, if there's no proxy reply, we must be in a
Post-Proxy-Type = Fail section, so run the accounting section
aland [Thu, 3 May 2007 12:47:38 +0000 (12:47 +0000)]
Re-arrange parsing order so that home servers aren't nested
in server pools, and server pools aren't nested in realms.
This makes debugging output easier to read.
aland [Thu, 3 May 2007 09:32:12 +0000 (09:32 +0000)]
Copy outer src/dst IP/port to inner tunnel, so Packet-Src-IP-Address
etc. can work
aland [Thu, 3 May 2007 09:31:38 +0000 (09:31 +0000)]
Make "-c" work
aland [Thu, 3 May 2007 09:17:31 +0000 (09:17 +0000)]
Add section start/stop debug output.
aland [Thu, 3 May 2007 09:03:16 +0000 (09:03 +0000)]
Standardized format for debugging output, after a few trials
of different methods. The new output is cleaner, less noisy,
and it's more obvious what's going on.
aland [Thu, 3 May 2007 08:29:27 +0000 (08:29 +0000)]
More readable debug output
aland [Thu, 3 May 2007 08:02:04 +0000 (08:02 +0000)]
Reformatted debugging output to make it easier to read.
aland [Thu, 3 May 2007 08:01:38 +0000 (08:01 +0000)]
Reformatted debug output to make it easier to read
aland [Wed, 2 May 2007 13:32:36 +0000 (13:32 +0000)]
Don't complain about no "known good" passwords for EAP-TLS, TTLS,
and PEAP.
aland [Wed, 2 May 2007 13:25:42 +0000 (13:25 +0000)]
Add more documentation to the LDAP module.
Note "ok = return" for EAP, to avoid the round trips of TTLS and
PEAP.
aland [Wed, 2 May 2007 13:19:01 +0000 (13:19 +0000)]
In the authorize stage, return OK if we see TTLS or PEAP, which
means that the administrator can use configurable failover to skip
whole chunks of LDAP lookups, etc. if the outer tunnel setup
is going on
aland [Mon, 30 Apr 2007 07:55:09 +0000 (07:55 +0000)]
updated documentation
aland [Mon, 30 Apr 2007 07:49:37 +0000 (07:49 +0000)]
Discard packets from unknown clients
aland [Mon, 30 Apr 2007 07:45:08 +0000 (07:45 +0000)]
New function to discard a RADIUS packet.
aland [Sun, 29 Apr 2007 11:32:56 +0000 (11:32 +0000)]
Print out error when something goes wrong
aland [Thu, 26 Apr 2007 13:46:30 +0000 (13:46 +0000)]
Switch over "code", not "packet->code"
aland [Thu, 26 Apr 2007 07:16:13 +0000 (07:16 +0000)]
Fixed typo
aland [Wed, 25 Apr 2007 14:19:26 +0000 (14:19 +0000)]
Forgot to include this earlier...
aland [Wed, 25 Apr 2007 13:25:30 +0000 (13:25 +0000)]
Remember to install the bootstrap file, too