pnixon [Tue, 3 Oct 2006 15:38:04 +0000 (15:38 +0000)]
radiusd is currently crashing for us in threaded mode (especially with proxied requests) so setting the startup scripts to single threaded until the problem is solved
pnixon [Tue, 3 Oct 2006 15:21:58 +0000 (15:21 +0000)]
Add acctlog config section
pnixon [Tue, 3 Oct 2006 14:03:08 +0000 (14:03 +0000)]
Add new module to do configurable logging of accounting packets to radiusd.log
pnixon [Tue, 3 Oct 2006 13:04:13 +0000 (13:04 +0000)]
Add config options for configurable logging
pnixon [Tue, 3 Oct 2006 10:59:06 +0000 (10:59 +0000)]
so that we dont leak on a HUP
pnixon [Tue, 3 Oct 2006 07:26:37 +0000 (07:26 +0000)]
New patch for configurable logging
pnixon [Tue, 3 Oct 2006 07:25:31 +0000 (07:25 +0000)]
Rollback this patch.
pnixon [Tue, 3 Oct 2006 06:48:20 +0000 (06:48 +0000)]
Logging update
aland [Mon, 2 Oct 2006 23:53:38 +0000 (23:53 +0000)]
Perl script (hokey as heck) to minimize the number of includes
that we have in C files.
It finds duplicate includes, and prints them out for user verification.
It optionally will also go through & nuke the duplicates
pnixon [Mon, 2 Oct 2006 09:45:00 +0000 (09:45 +0000)]
RFC 2865: The String field is one or more octets. The NAS may limit the maximum length of the User-Name but the ability to handle at least 63 octets is recommended.
mgriego [Sat, 30 Sep 2006 22:21:56 +0000 (22:21 +0000)]
Sleep for 1 second if the child hasn't returned yet before starting the
next iteration of the loop.
fcusack [Sat, 30 Sep 2006 01:38:56 +0000 (01:38 +0000)]
another state->radstate fix
fcusack [Sat, 30 Sep 2006 01:36:54 +0000 (01:36 +0000)]
s/bad state/bad radstate/ to be clear that it's not token state
pnixon [Fri, 29 Sep 2006 16:12:11 +0000 (16:12 +0000)]
Rename to symlink to avoid problems with startproc
aland [Thu, 28 Sep 2006 16:32:19 +0000 (16:32 +0000)]
Added a few more 16-bit vsa's
Added note that 16-bit Ascend VSA's are really Lucent ones
aland [Thu, 28 Sep 2006 16:25:32 +0000 (16:25 +0000)]
Set component and module when processing a request, and unset
them when done a component section.
pnixon [Thu, 28 Sep 2006 10:03:57 +0000 (10:03 +0000)]
Update paths to new doc/examples dir
aland [Wed, 27 Sep 2006 17:03:38 +0000 (17:03 +0000)]
Call proxy_listener->send, not listener->send
mgriego [Wed, 27 Sep 2006 14:15:56 +0000 (14:15 +0000)]
Fix a race condition when running in threaded mode. request->finished was
not being checked for requests that are non-duplicatable (ie accounting
requests). This was leading to a race condition where the list cleanup
code might get to the request before the responder was done processing it,
subsequently leading to an assertion failure on line 508.
pnixon [Fri, 22 Sep 2006 12:26:20 +0000 (12:26 +0000)]
Rename table for consistency
pnixon [Fri, 22 Sep 2006 11:59:16 +0000 (11:59 +0000)]
Kill this stupid check for NULL username.
aland [Thu, 21 Sep 2006 23:29:41 +0000 (23:29 +0000)]
Fix it more
aland [Thu, 21 Sep 2006 23:17:41 +0000 (23:17 +0000)]
Added rfc4590 to the the list
aland [Thu, 21 Sep 2006 23:17:02 +0000 (23:17 +0000)]
Added for Digest authentication
aland [Thu, 21 Sep 2006 23:16:48 +0000 (23:16 +0000)]
Be a little politer about what we print
pnixon [Thu, 21 Sep 2006 10:55:31 +0000 (10:55 +0000)]
Change %{P} to %{check:Pool-Name} to improve query readability
pnixon [Thu, 21 Sep 2006 09:21:55 +0000 (09:21 +0000)]
Remove mutexes and log Called/Calling-Station-Id when handing out IPs
pnixon [Wed, 20 Sep 2006 22:33:40 +0000 (22:33 +0000)]
Some additional docs
mgriego [Wed, 20 Sep 2006 03:09:36 +0000 (03:09 +0000)]
If we're using syslog, we have to parse the log {} section of the config
before trying to reference it for the syslog_facility. In addition, check
to make sure syslog_facility isn't NULL before using it to compare to avoid
a crash condition.
pnixon [Tue, 19 Sep 2006 17:54:36 +0000 (17:54 +0000)]
add sqlippool.conf
aland [Mon, 18 Sep 2006 17:47:10 +0000 (17:47 +0000)]
Calculate reply digest for Disconnect && CoA packets, too
aland [Mon, 18 Sep 2006 17:43:47 +0000 (17:43 +0000)]
Update the list of RFC's we handle, and update the creation
scripts to work a little better
pnixon [Mon, 18 Sep 2006 10:30:46 +0000 (10:30 +0000)]
Update to check the error codes properly so we only reconnect on errors that actually require a reconnect.
pnixon [Mon, 18 Sep 2006 10:28:49 +0000 (10:28 +0000)]
Add radippool
pnixon [Fri, 15 Sep 2006 15:05:10 +0000 (15:05 +0000)]
Fix service name
aland [Thu, 14 Sep 2006 17:52:46 +0000 (17:52 +0000)]
Reverted the change from 1.36 -> 1.37.
The operators are only for hacks like the "users" file, which
have a severely limited policy engine. With Perl, the script has
much more flexibility to decide which attributes to re-write,
which ones to delete, and which ones to leave alone. As a result,
the operators are unnecessary, and don't belong
aland [Thu, 14 Sep 2006 17:43:43 +0000 (17:43 +0000)]
Commited a fix for bug #390
aland [Thu, 14 Sep 2006 17:41:34 +0000 (17:41 +0000)]
Reverted change 1.38 -> 1.39. pairmove() uses operators, which
is unnecessary here. The Perl code can decide which attributes
should be in which lists, so the operators are entirely unnecessary.
In addition, pairmove() may leave attributes in the source list,
so the code in 1.39 has a memory leak, because it doesn't call
pairfree.
A fix for bug #390 will be committed separately.
aland [Thu, 14 Sep 2006 16:32:30 +0000 (16:32 +0000)]
Don't NULL self->request until after we're done using it
aland [Wed, 13 Sep 2006 18:55:23 +0000 (18:55 +0000)]
When walking over a section, handle the case of CONF_DATA
existing
pnixon [Wed, 13 Sep 2006 12:49:37 +0000 (12:49 +0000)]
Major cleanup of the queries (To match what we are running in production)
bjordanov [Wed, 13 Sep 2006 08:36:53 +0000 (08:36 +0000)]
Fixed bug id #390 Removed pairfree and Updated to use pairmove.
aland [Mon, 11 Sep 2006 21:54:56 +0000 (21:54 +0000)]
get rid of race condition on proxying by moving the rad_send()
to inside of the mutex lock in threads.c
aland [Mon, 11 Sep 2006 19:22:28 +0000 (19:22 +0000)]
abstract IP address comparisons
nbk [Mon, 11 Sep 2006 10:46:03 +0000 (10:46 +0000)]
We need to explicitly tell RPM to package the documentation, even
though the files are in the standard location. That fixes the error
"Installed (but unpackaged) file(s) found"
Patch from Sandworm <sandworm@mepd.hush.com>
pnixon [Sun, 10 Sep 2006 17:21:51 +0000 (17:21 +0000)]
Add a dictionary for patton
pnixon [Wed, 6 Sep 2006 22:43:08 +0000 (22:43 +0000)]
Initial Start script for radrelay
aland [Wed, 6 Sep 2006 16:25:26 +0000 (16:25 +0000)]
Pick a proxy port for radrelay
aland [Tue, 5 Sep 2006 21:39:24 +0000 (21:39 +0000)]
Don't call cf_section_read() recursively. Instead, leverage the
fact that each section has a parent pointer to do it iteratively,
which means that we can catch more cases of mismatched braces
aland [Tue, 5 Sep 2006 19:45:16 +0000 (19:45 +0000)]
Catch more cases of start section without end, and end section
without start in the same file.
aland [Tue, 5 Sep 2006 19:43:07 +0000 (19:43 +0000)]
'X' means 'print output to stdout'
aland [Tue, 5 Sep 2006 17:42:10 +0000 (17:42 +0000)]
Separate reading of a file from $INCLUDEing a file.
This makes the code a little easier to understand...
aland [Tue, 5 Sep 2006 17:41:01 +0000 (17:41 +0000)]
Cleartext-Password is a "known good" password, too
pnixon [Mon, 4 Sep 2006 15:29:40 +0000 (15:29 +0000)]
Port module to new API (To stop it core dumping) and remove some other cruft
nbk [Sat, 2 Sep 2006 11:17:16 +0000 (11:17 +0000)]
Rework the /var/run on tmpfs patch and print an error if for some
reason /var/run is not writable.
pnixon [Sat, 2 Sep 2006 10:53:17 +0000 (10:53 +0000)]
Minor doc cleanups
aland [Fri, 1 Sep 2006 23:05:22 +0000 (23:05 +0000)]
All components and indices for module calling are now in a hash
table, which means that we can put it into 'struct mainconfig',
and handle HUP's better!
pnixon [Fri, 1 Sep 2006 22:55:52 +0000 (22:55 +0000)]
It might be a good idea to actually INSTALL the new sql directory I created last night.
aland [Fri, 1 Sep 2006 22:48:35 +0000 (22:48 +0000)]
Move the module lists to hash tables, which are simpler, and should
help with later fixes
aland [Fri, 1 Sep 2006 22:28:39 +0000 (22:28 +0000)]
cf_section_read() is called from two places:
1: recursively for a new section
2: recursively for $INCLUDE
In the second case, the things read from $INCLUDE must go
into the current section... hence some pretty bad hacks to get
that to work.
It was always broken... but the recent changes to sql/sql*.conf
highlighted it
nbk [Fri, 1 Sep 2006 20:02:36 +0000 (20:02 +0000)]
If the Makefile installs into /usr/share/doc/freeradius-%{version},
and the %doc directives use relative [to build dir] paths, the
Makefile-installed docs are removed. This is a quirk of rpm %doc
behavior. In order to preserve the Makefile-installed docs, we
have to install docs in the %install section rather than use %doc
in the %files section.
pnixon [Thu, 31 Aug 2006 22:21:12 +0000 (22:21 +0000)]
Minor updates following reorganisation of the sql config files
pnixon [Thu, 31 Aug 2006 22:10:39 +0000 (22:10 +0000)]
Reorganisation of the SQL config files. Hold onto your hat.
nbk [Thu, 31 Aug 2006 13:49:30 +0000 (13:49 +0000)]
Add LSB init script headers and a patch to allow /var/run to
be a tmpfs.
bjordanov [Wed, 30 Aug 2006 11:00:05 +0000 (11:00 +0000)]
New Future: Modify the operator for VP
For example to change Operator for Framed-MTU use code like that.
$hash{'Framed-MTU'} = "100";
$hash{'Operator'} = "==";
$RAD_REPLY{'Framed-MTU'} = \%hash;
aland [Mon, 28 Aug 2006 17:13:00 +0000 (17:13 +0000)]
Over-write existing vp's with new ones.
This means that the Perl module works more like the other modules,
which have absolute power over the VP's, and less like the "users"
file, which updates the VP's via operators, etc
aland [Fri, 25 Aug 2006 18:55:22 +0000 (18:55 +0000)]
Added link to page with certificate requirements
aland [Fri, 25 Aug 2006 18:49:39 +0000 (18:49 +0000)]
Added warnings about MS interoperability
aland [Thu, 24 Aug 2006 23:50:13 +0000 (23:50 +0000)]
Corrected comment
aland [Thu, 24 Aug 2006 23:49:47 +0000 (23:49 +0000)]
In pairmove(), do NOT blindly move all of the attributes over if
*to == NULL. We still have to pay attention to the operators.
If the operators are comparison ones, then do NOT move them to
the "*to" list, as they're not needed.
aland [Thu, 24 Aug 2006 23:27:20 +0000 (23:27 +0000)]
Don't copy User-Password to Cleartext-Password, if the User-Password
already exists.
aland [Thu, 24 Aug 2006 18:57:01 +0000 (18:57 +0000)]
If debugging, set output to stdout.
Print server version on startup
update text for reloading configuration files
aland [Wed, 23 Aug 2006 20:37:14 +0000 (20:37 +0000)]
Until we read radiusd.conf, all errors should go to stderr.
Once we read radiusd.conf, we've initialized the logging
destination, and all errors should go there.
aland [Tue, 22 Aug 2006 23:02:15 +0000 (23:02 +0000)]
Be a little more paranoid about initialization.
aland [Tue, 22 Aug 2006 18:19:56 +0000 (18:19 +0000)]
Allow empty check lines.
This closes bug #380.
aland [Tue, 22 Aug 2006 16:20:26 +0000 (16:20 +0000)]
Be a little more aggressive about shrinking the TLS fragment
size when given a Framed-MTU.
This closes bug #383.
aland [Tue, 22 Aug 2006 16:08:49 +0000 (16:08 +0000)]
Free more entries in the config.
This closes bug #385
nbk [Mon, 21 Aug 2006 09:47:48 +0000 (09:47 +0000)]
Install new files hash.h and packet.h too and remove "freeradius-devel"
from the #include directives in the copy to be found in the destination
directory. An external program could now use the FreeRADIUS libradius
with a #include <freeradius/libradius.h>
aland [Fri, 18 Aug 2006 16:23:22 +0000 (16:23 +0000)]
Pulled from branch_1_1
pnixon [Fri, 18 Aug 2006 13:27:50 +0000 (13:27 +0000)]
added a couple of extra services that should start b4 radiusd
pnixon [Fri, 18 Aug 2006 13:23:57 +0000 (13:23 +0000)]
Add LSB compatible init info
pnixon [Fri, 18 Aug 2006 12:24:09 +0000 (12:24 +0000)]
update to start AFTER db backends
nbk [Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)]
The patch in the downstream Debian package to run radclient with
a non-privileged user removes the permissions again on upgrade.
Instead, we always leave the file /etc/freeradius/dictionary with
the default permissions.
nbk [Fri, 18 Aug 2006 11:57:53 +0000 (11:57 +0000)]
The patch in the downstream Debian package to run radclient with
a non-privileged user removes the permissions again on upgrade.
Instead, we always leave the file /etc/freeradius/dictionary with
the default permissions.
pnixon [Fri, 18 Aug 2006 10:50:30 +0000 (10:50 +0000)]
Add X-Ascend-Session-Svr-Key so Packet of Disconnect works
pnixon [Fri, 18 Aug 2006 10:22:36 +0000 (10:22 +0000)]
Add XAscendSessionSvrKey to allow Packet of Disconnect
aland [Fri, 18 Aug 2006 00:08:37 +0000 (00:08 +0000)]
Use correct catch for lines that are too long\18
aland [Thu, 17 Aug 2006 23:49:26 +0000 (23:49 +0000)]
Don't free cs if it was uninitialized
aland [Thu, 17 Aug 2006 21:41:00 +0000 (21:41 +0000)]
Pulled from branch_1_1. Untested!
Didn't pull doc/examples/postgresql.sql
pnixon [Thu, 17 Aug 2006 14:20:52 +0000 (14:20 +0000)]
make the field names match the rest of FreeRADIUS
pnixon [Thu, 17 Aug 2006 14:09:26 +0000 (14:09 +0000)]
Clean up radippool to make its style closer to the rest of FreeRADIUS
nbk [Thu, 17 Aug 2006 12:20:41 +0000 (12:20 +0000)]
Add Oracle to the list of supported drivers.
Thanks to Alexander Serkin <als@cell.ru>
nbk [Thu, 17 Aug 2006 12:20:19 +0000 (12:20 +0000)]
Add Oracle to the list of supported drivers.
Thanks to Alexander Serkin <als@cell.ru>
pnixon [Thu, 17 Aug 2006 12:13:24 +0000 (12:13 +0000)]
Sync a few changes from cvs head
nbk [Wed, 16 Aug 2006 21:43:18 +0000 (21:43 +0000)]
Regenerate radpaths.h if a later run of ./configure has rewritten
build-radpaths-h. This prevents from using the pathnames of the
previous build, which won't work if the configure options were
different.
nbk [Wed, 16 Aug 2006 21:42:30 +0000 (21:42 +0000)]
Regenerate radpaths.h if a later run of ./configure has rewritten
build-radpaths-h. This prevents from using the pathnames of the
previous build, which won't work if the configure options were
different.
aland [Wed, 16 Aug 2006 20:04:33 +0000 (20:04 +0000)]
Verify Access-Challenge, too. Bug found by Mitaine Yoann
aland [Wed, 16 Aug 2006 20:03:35 +0000 (20:03 +0000)]
Verify Access-Challenge, too. That's a dumb bug, found by
Mitaine Yoann
pnixon [Wed, 16 Aug 2006 17:42:25 +0000 (17:42 +0000)]
Some initial sqlippool documentation and schema update
pnixon [Wed, 16 Aug 2006 17:06:49 +0000 (17:06 +0000)]
Major updates to module to make it standalone. It no longer needs to know what the ip pool config is at startup, infact it no longer cares as each query is check against the table so new pools can be added, deleted and extended on the fly without a reload.