Matthew Newton [Mon, 23 Jan 2012 12:48:49 +0000 (13:48 +0100)]
Add OCSP softfail option
Manual pull of commit
5fedd50c4af05164a
Matthew Newton [Mon, 23 Jan 2012 12:45:50 +0000 (13:45 +0100)]
Add OCSP timeout option
Manual pull of commit
07a4b30f181
Alan T. DeKok [Fri, 20 Jan 2012 12:37:16 +0000 (13:37 +0100)]
Fix typo
Alan T. DeKok [Fri, 20 Jan 2012 12:37:41 +0000 (13:37 +0100)]
Move to the correct place
Fajar A. Nugraha [Fri, 20 Jan 2012 12:30:43 +0000 (13:30 +0100)]
Use the RADIUS SQL IP Pool module to allocate addresses for DHCP
This commit adds MySQL-specific queries for DHCP in ippool-dhcp.conf,
a sample configuration for the sqlippool module in dhcp_sqlippool,
examples of using it in sites-available/dhcp,
and "glue" policies in policy.conf
John Dennis [Fri, 13 Jan 2012 17:45:14 +0000 (12:45 -0500)]
Fix typo in name of rlm_dbm_parser man page
It was rlm_dbm_parse but should be rlm_dbm_parser to match the
executable name. Also fix name in man page.
Alan T. DeKok [Mon, 16 Jan 2012 20:39:47 +0000 (21:39 +0100)]
Fix location of label to avoid compiler warnings
Matthew Newton [Wed, 11 Jan 2012 12:29:02 +0000 (12:29 +0000)]
Add new 'group' option to rlm_linelog
Allows the group to be set when updating linelogs, rather
than being fixed as the group of the running daemon.
Matthew Newton [Wed, 11 Jan 2012 12:33:03 +0000 (12:33 +0000)]
Unix group setting for detail log files
Patch to allow the group to be set when updating detail logs, rather
than being limited to just the group of the running daemon.
Alan T. DeKok [Sun, 15 Jan 2012 07:15:13 +0000 (08:15 +0100)]
Added attributes for RFC 5447
Alan DeKok [Sun, 15 Jan 2012 08:12:28 +0000 (00:12 -0800)]
Merge pull request #39 from mcnewton/patch-master-ocsp-nonce
Add option to be able to disable nonce in OCSP request (master branch)
Matthew Newton [Thu, 12 Jan 2012 16:53:29 +0000 (16:53 +0000)]
Add option to be able to disable nonce in OCSP request
Some OCSP responders cannot cope with an OCSP request if nonce
is used so this gives a way to allow freeradius to work with them.
Alan T. DeKok [Thu, 12 Jan 2012 14:22:24 +0000 (15:22 +0100)]
Add provisional support for TLS-PSK methods
If used, then certificate-based configuration is not permitted.
This code is untested. eapol_test doesn't support PSK config,
and I haven't bothered doing a "proxy radsec using TLS-PSK" test.
Alan T. DeKok [Thu, 12 Jan 2012 07:57:47 +0000 (08:57 +0100)]
Updates to last patch
Fix compiler warnings.
Code formatting.
Divide external timeout by 3 to account for 3x retries hard-coded
into MySQL
Brian De Wolf [Thu, 12 Jan 2012 07:53:28 +0000 (08:53 +0100)]
Add support for query timeouts
Due to internal MySQL retries, the actual timeout is 3x
the configured value.
Matthew Newton [Wed, 11 Jan 2012 15:40:52 +0000 (15:40 +0000)]
Add /etc/default/freeradius to debian package
This gives an easy way to supply options to the daemon when
starting it using the init.d script.
Alan T. DeKok [Thu, 12 Jan 2012 07:59:31 +0000 (08:59 +0100)]
Use correct path for DHCP dictionary
Alan T. DeKok [Thu, 12 Jan 2012 10:29:06 +0000 (11:29 +0100)]
Note recent changes
Alan DeKok [Thu, 12 Jan 2012 10:28:44 +0000 (02:28 -0800)]
Merge pull request #37 from fajarnugraha/debian-build-fix
Debian build fix
Fajar A. Nugraha [Thu, 12 Jan 2012 08:10:41 +0000 (15:10 +0700)]
Adjust rlm_sql.libs.diff to match commit
cb021d7b
Commit
cb021d7b changed src/modules/rlm_sqlippool/Makefile.in to
fix libltdl issue. This commit adjust
debian/patches/rlm_sql.libs.diff to match that
Fajar A. Nugraha [Thu, 12 Jan 2012 08:06:24 +0000 (15:06 +0700)]
Adjust sql_modules.diff to match commit c9b024c
Commit c9b024c Moved modules/* to mods-available/*. This commit
adjust sql_modules.diff to match that.
Alan T. DeKok [Thu, 12 Jan 2012 07:46:19 +0000 (08:46 +0100)]
Use INCLTDL in CFLAGS
Alan T. DeKok [Wed, 11 Jan 2012 15:20:25 +0000 (16:20 +0100)]
Install the README, too
Alan T. DeKok [Wed, 11 Jan 2012 15:19:57 +0000 (16:19 +0100)]
Final fix for system libltdl (or not)
Alan T. DeKok [Wed, 11 Jan 2012 15:01:46 +0000 (16:01 +0100)]
Added file which was missed, and not previously committed
Alan T. DeKok [Wed, 11 Jan 2012 12:41:46 +0000 (13:41 +0100)]
Note changes for 3.0
Alan T. DeKok [Wed, 11 Jan 2012 12:27:55 +0000 (13:27 +0100)]
Moved modules/* to mods-available/*
This should help solve issues related to various files
being in modules/ when they're not supposed to be there
Alan T. DeKok [Tue, 10 Jan 2012 12:04:58 +0000 (13:04 +0100)]
Add mods-available/enabled
based on sites-available/enabled template
Alan T. DeKok [Tue, 10 Jan 2012 12:03:10 +0000 (13:03 +0100)]
Removed eap.conf and sql.conf
They're not in raddb/ any more
Alan T. DeKok [Tue, 10 Jan 2012 12:02:09 +0000 (13:02 +0100)]
Made modules/* wildcard
for config(noreplace). This simplifies the configuriation
Alan T. DeKok [Tue, 10 Jan 2012 11:35:48 +0000 (12:35 +0100)]
Added mods-enabled/ directory
To simplify issues with installing new modules
Alan T. DeKok [Tue, 10 Jan 2012 11:00:36 +0000 (12:00 +0100)]
Simpler method to install sites-enabled
By using loops rather than hard-coded values
Alan T. DeKok [Mon, 9 Jan 2012 09:50:50 +0000 (10:50 +0100)]
Always use buffer
Alan T. DeKok [Fri, 6 Jan 2012 13:54:56 +0000 (14:54 +0100)]
"username" and "password" cannot be non-empty for status_check=request
Because some people misconfigure the server.
Alan T. DeKok [Sun, 1 Jan 2012 15:23:33 +0000 (10:23 -0500)]
Fix compiler warnings
Alan T. DeKok [Fri, 30 Dec 2011 15:06:00 +0000 (10:06 -0500)]
Manual pull of
2561c375bc
Add EXEEXT to places so that it builds on systems which require it.
Alan T. DeKok [Thu, 29 Dec 2011 22:50:18 +0000 (17:50 -0500)]
Use correct method of recursing into subdirs
Since commit
0347cacfe0f470353, we have a better way of recursing
into subdirs. Having an explicit test for $(RLM_SUBDIRS), and
then manually recursing into them is wrong. It causes modules
like rlm_eap to be built twice.
Instead, remove the test for $(RLM_SUBDIRS), and make
$(TARGET).la depend on $(RLM_SUBDIRS)
Alan T. DeKok [Mon, 26 Dec 2011 20:52:57 +0000 (15:52 -0500)]
Portability fixes for Mingw33
Alan T. DeKok [Mon, 26 Dec 2011 17:40:09 +0000 (12:40 -0500)]
Fix erroneous use of printf options
Alan T. DeKok [Mon, 26 Dec 2011 17:39:53 +0000 (12:39 -0500)]
Remove compiler warning
Alan T. DeKok [Mon, 26 Dec 2011 17:37:38 +0000 (12:37 -0500)]
Add and document -F radutmp_file
Alan T. DeKok [Sat, 24 Dec 2011 16:56:46 +0000 (11:56 -0500)]
Fix compile warnings
Alan T. DeKok [Sat, 24 Dec 2011 15:04:08 +0000 (10:04 -0500)]
Remove compiler warnings
Alan T. DeKok [Sat, 24 Dec 2011 14:57:43 +0000 (09:57 -0500)]
Include header file for mach_task_self
Alan T. DeKok [Sat, 24 Dec 2011 14:56:45 +0000 (09:56 -0500)]
Fix compiler warnings
Alan T. DeKok [Sat, 24 Dec 2011 14:53:35 +0000 (09:53 -0500)]
Include header file for prototypes
Alan T. DeKok [Sat, 24 Dec 2011 14:43:12 +0000 (09:43 -0500)]
Casts to remove compiler warnings
Alan T. DeKok [Fri, 23 Dec 2011 14:34:39 +0000 (09:34 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:23 +0000 (09:26 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:23 +0000 (09:26 -0500)]
Use new dict_valnamebyattr function
Alan T. DeKok [Fri, 23 Dec 2011 14:26:09 +0000 (09:26 -0500)]
Remove unused variable
Alan T. DeKok [Fri, 23 Dec 2011 14:15:53 +0000 (09:15 -0500)]
Added new method to get name of enum from values
This is simpler than having duplicate code throughout the
source.
Alan T. DeKok [Tue, 20 Dec 2011 14:38:22 +0000 (09:38 -0500)]
Initialize authentication vector.
Otherwise proxied packets can have a zero authentication
vector.
Alan T. DeKok [Tue, 20 Dec 2011 13:14:40 +0000 (08:14 -0500)]
Note that "hashsize=0" is a bad idea
Alan T. DeKok [Mon, 19 Dec 2011 20:44:37 +0000 (15:44 -0500)]
Use "last_found" in a thread-safe manner
It's a thread-local variable, not a variable global to the
configuration.
Note also that much of the rest of the module is poor.
Re-reading the files for every packet is HORRIBLE. It causes
more threading issues.
Fixed-size hash tables are similarly poor practice.
Alan T. DeKok [Fri, 16 Dec 2011 18:40:22 +0000 (13:40 -0500)]
As posted to the list
Alan T. DeKok [Tue, 13 Dec 2011 20:07:07 +0000 (21:07 +0100)]
Account for EAP header and EAP-MSCHAPv2 opcode
Found by Matt Dayman.
Alan T. DeKok [Thu, 8 Dec 2011 13:48:55 +0000 (14:48 +0100)]
Added "log { use_utc = yes/no }" configuration
Alan T. DeKok [Sun, 4 Dec 2011 09:00:57 +0000 (10:00 +0100)]
More strlen fixes
Alan T. DeKok [Sun, 4 Dec 2011 08:59:50 +0000 (09:59 +0100)]
More strlen fixes
Alan T. DeKok [Sun, 4 Dec 2011 08:53:52 +0000 (09:53 +0100)]
Fixed bad strlen
Alan T. DeKok [Fri, 2 Dec 2011 16:53:11 +0000 (17:53 +0100)]
More strlen fixes
Alan T. DeKok [Fri, 2 Dec 2011 16:52:11 +0000 (17:52 +0100)]
Replace strlen with more efficient check
Alan T. DeKok [Fri, 2 Dec 2011 16:48:33 +0000 (17:48 +0100)]
Replace strlen with simpler check
Alan T. DeKok [Thu, 1 Dec 2011 13:21:03 +0000 (14:21 +0100)]
Perl clone should be called sequentially, not in parallel.
Adding a mutex fixes this.
Patch from Eike Dehling
Alan T. DeKok [Tue, 29 Nov 2011 19:40:39 +0000 (20:40 +0100)]
Print out real password, not username
Alan T. DeKok [Fri, 2 Dec 2011 16:43:33 +0000 (17:43 +0100)]
Added rad_calloc to mirror rad_malloc
Alan T. DeKok [Tue, 29 Nov 2011 14:15:31 +0000 (15:15 +0100)]
Move timers to macro
So that we can change them later with minimal pain.
And so it's obvious which things are state machine changes,
and which are other logic
Alan T. DeKok [Tue, 29 Nov 2011 11:15:52 +0000 (12:15 +0100)]
Clean up regex code
Convert it to use pairmake_xlat, which is better.
Better ifdef's for regex support.
boot-time check for invalid regular expressions
Alan T. DeKok [Tue, 29 Nov 2011 10:56:25 +0000 (11:56 +0100)]
Move do_xlat=1 code to pairmake_xlat()
This abstracts the xlat code (i.e. integer type needs string)
so that it's easier to fix it later.
Alan T. DeKok [Tue, 29 Nov 2011 10:47:13 +0000 (11:47 +0100)]
Add "tests" target
Alan T. DeKok [Tue, 29 Nov 2011 10:34:04 +0000 (11:34 +0100)]
Partial revert of
b14fc9d3d97811
It turns out that there is just too much code which
rewuires writing to vp->vp_strvalue. The regex comparisons,
xlat expansions, etc. all require the ability to write
strings to integer-type attributes.
We'll see if there's a better way to fix this in the future.
Alan T. DeKok [Tue, 29 Nov 2011 09:04:32 +0000 (10:04 +0100)]
Fixed mutex issues
Alan T. DeKok [Mon, 28 Nov 2011 19:24:21 +0000 (20:24 +0100)]
Fixed typo
Alan T. DeKok [Mon, 28 Nov 2011 17:50:04 +0000 (18:50 +0100)]
More lvalue -> vp_* changes
Alan T. DeKok [Mon, 28 Nov 2011 13:06:47 +0000 (14:06 +0100)]
Clarify names
Alan T. DeKok [Mon, 28 Nov 2011 12:59:34 +0000 (13:59 +0100)]
Wrap state machine functions in STATE_MACHINE_DECL
This makes it clearer which functions are for the state machine
and which aren't. It also lets us later change the state machine
by changing (ideally) only one macro.
Alan T. DeKok [Mon, 28 Nov 2011 12:44:46 +0000 (13:44 +0100)]
Better fix for previous debian bug
Alan T. DeKok [Mon, 28 Nov 2011 12:36:22 +0000 (13:36 +0100)]
nitialize data pointer before setting it
So that if there's an error setting it, we can free it without
the system blowing up.
Closes Debian bug #606450
Alan T. DeKok [Sun, 27 Nov 2011 09:03:43 +0000 (10:03 +0100)]
Remove old text
Because it confuses people who don't read eap.conf, or
the rest of the file.
Alan T. DeKok [Mon, 28 Nov 2011 11:18:50 +0000 (12:18 +0100)]
Added internal fr_connection_find()
To avoid duplicate code
Alan T. DeKok [Mon, 28 Nov 2011 10:45:04 +0000 (11:45 +0100)]
Minor reformatting
Alan T. DeKok [Mon, 28 Nov 2011 10:44:43 +0000 (11:44 +0100)]
Minor reformatting for 80-col widths
Alan T. DeKok [Sun, 27 Nov 2011 09:21:43 +0000 (10:21 +0100)]
Clean up examples
Alan T. DeKok [Sat, 26 Nov 2011 15:08:52 +0000 (16:08 +0100)]
Rearrange packet list code
yank no longer returns a pointer. No one was using it, so that
work was unnecessary.
Re-arrange the code in fr_packet_cmp() so that fewer comparisons
are necessary to disambiiguate packets.
Remove workaround for bug #35 in packet_entry_cmp(). It is
no longer necessary.
The result is a somewhat faster on in-memory performance tests.
But the callgrind output stil lshows large blocks of time
spent handling the packet lists. Those could be optimized
some more.
Alan T. DeKok [Fri, 25 Nov 2011 14:22:36 +0000 (15:22 +0100)]
Pass sizeof buffer to cf_expand_variables
Alan T. DeKok [Fri, 25 Nov 2011 12:04:53 +0000 (13:04 +0100)]
Updated version output
Moved compilation flags output from debug messages. It shouldn't
be there. Move it to version.c, and made it print out the
detailed list of supported functionality when using "-xv"
Alan T. DeKok [Thu, 24 Nov 2011 08:28:24 +0000 (09:28 +0100)]
More quiet builds
Alan T. DeKok [Thu, 24 Nov 2011 07:56:05 +0000 (08:56 +0100)]
Ignore local cache directory
Alan T. DeKok [Thu, 24 Nov 2011 07:55:15 +0000 (08:55 +0100)]
Ignore tar files, sig files, patches
Alan T. DeKok [Thu, 24 Nov 2011 07:53:32 +0000 (08:53 +0100)]
Ignore the doxygen _build directory
Alan T. DeKok [Wed, 23 Nov 2011 13:32:27 +0000 (14:32 +0100)]
Note removal of functionality
Alan T. DeKok [Wed, 23 Nov 2011 13:31:54 +0000 (14:31 +0100)]
Re-arrange structure to remove padding
This saves 8 bytes per VP on a 64-bit machine. That adds up...
Alan T. DeKok [Tue, 22 Nov 2011 17:29:31 +0000 (18:29 +0100)]
Now that no one uses lvalue, delete it.
This shrinks the size of the VALUE_PAIR structure by 256 bytes,
which is very nice.
Alan T. DeKok [Tue, 22 Nov 2011 17:29:06 +0000 (18:29 +0100)]
Don't use lvalue, use the correct struct name
In preparation for removing lvalue.
Alan T. DeKok [Tue, 22 Nov 2011 16:49:02 +0000 (17:49 +0100)]
Shrink the size of the VALUE_PAIR structure
Now that we're not writing strings to integer attributes,
we can dynamically change the size of the VALUE_PAIR.
It should be large enough to contain it's necessary fields,
and *only* enough of the VALUE_PAIR_DATA structure to contain
the type-specific data. This means we save 250 bytes
of memory for every integer / date / ipaddr VALUE_PAIR.
Alan T. DeKok [Tue, 22 Nov 2011 13:44:55 +0000 (14:44 +0100)]
Removed "addport" functionality.
It was always a terrible hack. There should be better ways
to do it, like actually tracking IP addresses.
Alan T. DeKok [Tue, 22 Nov 2011 13:39:38 +0000 (14:39 +0100)]
No need to sprintf "%s"
Use strlcpy instead
Alan T. DeKok [Tue, 22 Nov 2011 13:33:29 +0000 (14:33 +0100)]
No need to cast to IPv6
because we can reference the struct element directly.
Alan T. DeKok [Tue, 22 Nov 2011 09:46:16 +0000 (10:46 +0100)]
Manually pull rlm_securid from the v2.1.x branch
With minor changes for the 3.0 API