aland [Tue, 10 May 2005 20:21:47 +0000 (20:21 +0000)]
keep it up to date
fcusack [Tue, 10 May 2005 08:16:32 +0000 (08:16 +0000)]
Make cardops layer a true object layer! Re-implement cryptocard
as a cardops object.
aland [Mon, 9 May 2005 21:18:54 +0000 (21:18 +0000)]
By default, try to prevent v4 to v6 mapping
aland [Mon, 9 May 2005 21:11:31 +0000 (21:11 +0000)]
Don't allow * for IPv6, we have :: for it instead
fcusack [Sun, 8 May 2005 00:32:13 +0000 (00:32 +0000)]
compiler boo-boos
fcusack [Sun, 8 May 2005 00:23:42 +0000 (00:23 +0000)]
Simplify!
- don't check for user existence; cardops layer will do that
- don't use PW_X99_FAST as challenge sentinel, just use State presence
- remove some "can't happen" code; it REALLY can't happen now
fcusack [Sun, 8 May 2005 00:12:40 +0000 (00:12 +0000)]
minor logging tweaks
fcusack [Sat, 7 May 2005 23:21:11 +0000 (23:21 +0000)]
When deciding if we should protect the State attribute (ie, the
challenge) with an hmac, instead of using card async capability
as a determinant, use server configuration (allow_async setting).
This allows us to remove all X99_CF card feature #defines from x99.h,
giving us a cleaner cardops layer.
aland [Fri, 6 May 2005 22:28:29 +0000 (22:28 +0000)]
Many attribute types can't have "encrypt" flags, so don't bother
checking those
aland [Fri, 6 May 2005 22:27:31 +0000 (22:27 +0000)]
Add support for IPv6prefix type
aland [Fri, 6 May 2005 21:01:32 +0000 (21:01 +0000)]
call freeaddrinfo, so we don't leak memory
aland [Fri, 6 May 2005 01:06:30 +0000 (01:06 +0000)]
Check for problems, rather than assertions
fcusack [Thu, 5 May 2005 23:19:38 +0000 (23:19 +0000)]
import cardops layer from pam_x99_auth
aland [Thu, 5 May 2005 21:36:25 +0000 (21:36 +0000)]
Allow for IPv6, and correct a typo
aland [Thu, 5 May 2005 21:28:31 +0000 (21:28 +0000)]
Include autoconf.h, too
aland [Thu, 5 May 2005 18:27:51 +0000 (18:27 +0000)]
Got rid of more "static" variables, and in the process also enabled
the server to listen on IPv6 via the command-line.
The old "bind_address" directive is left as IPv4-only, for backwards
compatibility.
fcusack [Thu, 5 May 2005 06:17:45 +0000 (06:17 +0000)]
Update comments re: radius State replay attack suppression.
fcusack [Thu, 5 May 2005 05:49:11 +0000 (05:49 +0000)]
improve ewindow2 docs, remove extraneous (and incorrect) copyright text
fcusack [Thu, 5 May 2005 05:39:33 +0000 (05:39 +0000)]
change x99_token_t.name to const char *, for main/conffile.c#1.115
fcusack [Thu, 5 May 2005 05:27:12 +0000 (05:27 +0000)]
fix #includes problems introduced with some recent commit
fcusack [Thu, 5 May 2005 05:18:00 +0000 (05:18 +0000)]
update TG-24-1999 (X9.9 withdrawal) URL
aland [Wed, 4 May 2005 22:09:23 +0000 (22:09 +0000)]
Allow IPv6 for clients, too.
Note that we don't properly handle IPv6/prefix yet. That's for
another commit
aland [Wed, 4 May 2005 22:08:01 +0000 (22:08 +0000)]
Prototypes for functions in main/listen.c
aland [Wed, 4 May 2005 21:59:42 +0000 (21:59 +0000)]
make ip_hton() [our host to IP address wrapper] call getaddrinfo,
which is hopefully threadsafe on most systems (yes, NetBSD is bad).
This simplifies the code here, and allows it to support multiple
address families automagically.
aland [Wed, 4 May 2005 21:57:36 +0000 (21:57 +0000)]
If we get a bare IPv6 address, it has two or more ':', so don't
get excited over ':', and assume it's "host:port", if we see two
':'
aland [Wed, 4 May 2005 21:53:53 +0000 (21:53 +0000)]
Corrected typo in #ifdef
aland [Wed, 4 May 2005 21:47:40 +0000 (21:47 +0000)]
Look for "struct sockaddr_in6", too
aland [Tue, 3 May 2005 22:29:53 +0000 (22:29 +0000)]
Moved socket code from radiusd.c & mainconfig.c to new file listen.c
We now have per-socket callback functions to turn a socket which
has data ready into a REQUEST* and RAD_REQUEST_FUNP, which means
that we can have per-socket callbacks.
i.e. the code is MUCH cleaner, data driven, and it should now
be pretty easy to have per-socket clients.
aland [Tue, 3 May 2005 21:04:28 +0000 (21:04 +0000)]
Add entry for new per-socket receive function.
aland [Tue, 3 May 2005 18:50:56 +0000 (18:50 +0000)]
Delete last fix, it was wrong.
If Y->Left==NIL && Y->Right=X==NIL, then don't set X->Parent=Y->Parent
instead, keep track of the parent explicitly, and pass it to the
deletefixup routine
aland [Tue, 3 May 2005 17:32:20 +0000 (17:32 +0000)]
Set AF
aland [Tue, 3 May 2005 17:30:13 +0000 (17:30 +0000)]
Call normal functions to turn host/ip into struct
aland [Tue, 3 May 2005 17:04:55 +0000 (17:04 +0000)]
Include proper headers
mgriego [Thu, 28 Apr 2005 15:43:52 +0000 (15:43 +0000)]
Added a section in proccess_groups to allow for no check pairs found. In
this scenario, the user wants to match everyone, like in the users file,
so we go ahead and add any reply pairs for that group to the list.
aland [Thu, 28 Apr 2005 13:54:12 +0000 (13:54 +0000)]
Don't call read_radius_conf, which means that we don't need as many
objects included into the program. It links, so it should run.
Hmm... the common code in radrelay & radsqlrelay could probably
be moved to a common file, like "detail.c", to read the detail
file & drop the entries into a common data structure. At that
point, radrelay & radsqlrelay should become much smaller...
aland [Thu, 28 Apr 2005 13:46:42 +0000 (13:46 +0000)]
make radlog_stdout = 0, so that memset will make logs go to
the right place
aland [Thu, 28 Apr 2005 13:44:50 +0000 (13:44 +0000)]
clear out mainconfig, too
aland [Thu, 28 Apr 2005 13:41:08 +0000 (13:41 +0000)]
radrelay doesn't need read_radius_conf, it needs conf_read(),
which means that stacks of files which would otherwise be included
can be deleted.
Also, don't free values returned from cf_section_value_find(),
they're pointers to entries in the configuration section, and not
malloc'd strings (so far as the caller is concerned)
aland [Wed, 27 Apr 2005 21:51:47 +0000 (21:51 +0000)]
Moved support for Client-IP-Address to xlat.c, where we already
have Packet-Src-IP-Address.
Added Packet-{Src,Dst}-IPv6-address, too
aland [Wed, 27 Apr 2005 17:44:14 +0000 (17:44 +0000)]
Fixed typo
aland [Wed, 27 Apr 2005 16:18:24 +0000 (16:18 +0000)]
Bug fixes for code which implements unavailable functions
aland [Wed, 27 Apr 2005 15:05:59 +0000 (15:05 +0000)]
One more RFC describing standards
aland [Wed, 27 Apr 2005 14:58:55 +0000 (14:58 +0000)]
Don't complain about passwords if the request is going to
be proxied
aland [Wed, 27 Apr 2005 14:55:52 +0000 (14:55 +0000)]
If we're asked to delete the tree root, then delete it, without
trying to set (NIL)-Parent.
Caught on Interix, with 'const' Sentinel now. It's wild that
this wasn't caught before
aland [Wed, 27 Apr 2005 10:59:35 +0000 (10:59 +0000)]
include autoconf.h
aland [Wed, 27 Apr 2005 10:57:06 +0000 (10:57 +0000)]
More libradius.h fixes
aland [Wed, 27 Apr 2005 10:51:10 +0000 (10:51 +0000)]
Make it build on non-IPv6-aware systems.
Note that we now depend on HAVE_STRUCT_SOCKADDR_IN6, which I'll
have to add to "configure", once I have access to a real machine
aland [Wed, 27 Apr 2005 10:40:21 +0000 (10:40 +0000)]
Remove libradius.h from the top of the standard header list.
It's not necessary
aland [Wed, 27 Apr 2005 10:28:34 +0000 (10:28 +0000)]
Don't include libradius.h right after autoconf.h, it's already
included in radiusd.h, which we already include
in mainconfig.c, use new #ifdef HAVE_STRUCT_SOCKADDR_IN6, which
we have yet to define. This makes it build on non-IPv6 systems.
modcall.c, include autoconf.h, which we didn't include before
aland [Wed, 27 Apr 2005 10:14:47 +0000 (10:14 +0000)]
Don't include libradius.h, we're including radiusd.h, which does
that for us
aland [Wed, 27 Apr 2005 10:14:14 +0000 (10:14 +0000)]
include missing.h BEFORE libradius.h
nbk [Tue, 26 Apr 2005 16:26:33 +0000 (16:26 +0000)]
Re-arrange the code in the sql_userparse() function.
This should catch more possible errors in the database and
allow to use the syntax Attribute:Tag, too. (it is possible
in rlm_files)
raghu [Mon, 25 Apr 2005 06:52:56 +0000 (06:52 +0000)]
Thread safe rentrant gethostby{name/addr} functions added.
aland [Sat, 23 Apr 2005 00:51:45 +0000 (00:51 +0000)]
cl->shortname may now be NULL
Also, restore old-style NAS stuff, erroneously deleted in r1.28
aland [Sat, 23 Apr 2005 00:51:16 +0000 (00:51 +0000)]
cl->nastype may now be NULL
aland [Sat, 23 Apr 2005 00:50:55 +0000 (00:50 +0000)]
cl->shortname may now be NULL
aland [Fri, 22 Apr 2005 23:42:41 +0000 (23:42 +0000)]
document that there are essentially no limits on the length of
the shared secret
aland [Fri, 22 Apr 2005 23:38:02 +0000 (23:38 +0000)]
remove length restrictions on strings in RADCLIENT data structure
by making them malloc'd strings, and updating mainconfig to parse
them automagically via CONF_PARSER magic.
aland [Fri, 22 Apr 2005 23:20:41 +0000 (23:20 +0000)]
fix dumb error
aland [Fri, 22 Apr 2005 22:14:59 +0000 (22:14 +0000)]
clean up the parsing code a little more
aland [Fri, 22 Apr 2005 21:39:01 +0000 (21:39 +0000)]
Fix compiler warning.
Minor code re-format to match coding style
aland [Fri, 22 Apr 2005 21:36:12 +0000 (21:36 +0000)]
renamed queue mutex to make it clearer what's going on
aland [Fri, 22 Apr 2005 21:33:29 +0000 (21:33 +0000)]
re-align text
aland [Fri, 22 Apr 2005 21:26:23 +0000 (21:26 +0000)]
corrected typo in define
kkalev [Fri, 22 Apr 2005 13:21:31 +0000 (13:21 +0000)]
In lib/sql/attrmap.php3, only register variables once. Go through $show_attrs and set default attribute
mappings for any attribute that a mapping does not exist.
aland [Fri, 22 Apr 2005 00:50:26 +0000 (00:50 +0000)]
Added a bunch of 'const', and cf_pair_parse(), which should make
it a little easier for people who parse configuration entries
by hand.
aland [Thu, 21 Apr 2005 22:05:41 +0000 (22:05 +0000)]
one-character typo fix
aland [Thu, 21 Apr 2005 21:58:56 +0000 (21:58 +0000)]
allow IPv6 in listen{} sections.
aland [Thu, 21 Apr 2005 21:58:30 +0000 (21:58 +0000)]
Better debug/error messages
aland [Thu, 21 Apr 2005 17:31:41 +0000 (17:31 +0000)]
Preparations for IPv6 done.
aland [Thu, 21 Apr 2005 17:16:08 +0000 (17:16 +0000)]
look for struct addrinfo
aland [Thu, 21 Apr 2005 16:57:58 +0000 (16:57 +0000)]
Check for struct sockaddr_storage
aland [Thu, 21 Apr 2005 16:54:07 +0000 (16:54 +0000)]
Catch IPv6-mapped IPv4 address.
The server can now listen on IPv6 address ::1 (localhost), and
packets sent to 127.0.0.1 will be mapped into the IPv6 address
space, and the server should recognize them, even if only the
IPv4 address is listed in clients.conf
aland [Thu, 21 Apr 2005 16:51:39 +0000 (16:51 +0000)]
Define PW_NAS_IP6_ADDRESS and use it in rlm_preprocess
aland [Thu, 21 Apr 2005 16:40:43 +0000 (16:40 +0000)]
socklen_t is already defined in autoconf.h
raghu [Thu, 21 Apr 2005 02:31:01 +0000 (02:31 +0000)]
Protocol Independent wrapper function only for IPv4.
raghu [Thu, 21 Apr 2005 02:27:19 +0000 (02:27 +0000)]
Protocol independent functions for IPv4.
These are used only if they are not defined on the platform.
aland [Thu, 21 Apr 2005 01:10:32 +0000 (01:10 +0000)]
Minor fixes to make new rad_recfrom function return the correct
src/dst AF's for IPv6
aland [Thu, 21 Apr 2005 01:05:38 +0000 (01:05 +0000)]
Implement [ipv6add]:port
raghu [Thu, 21 Apr 2005 00:35:36 +0000 (00:35 +0000)]
More IPv6 stuff.
aland [Thu, 21 Apr 2005 00:18:02 +0000 (00:18 +0000)]
rad_listen_t now has lrad_ipaddr_t instead of uint32_t
Server has some more provisions for listening on IPv6 interfaces,
but it's not all there yet
aland [Wed, 20 Apr 2005 23:12:58 +0000 (23:12 +0000)]
Fixed debugging messages
aland [Wed, 20 Apr 2005 23:12:39 +0000 (23:12 +0000)]
Add -4 && -6 command line options, to force IPv6/IPv6.
radclient now sends RADIUS packets out IPv6 interfaces
aland [Wed, 20 Apr 2005 23:05:38 +0000 (23:05 +0000)]
Define Packet-Src/Dst-IPv6-Address
aland [Wed, 20 Apr 2005 22:51:58 +0000 (22:51 +0000)]
Changes to radclient which should (theoretically) support
IPv6
aland [Wed, 20 Apr 2005 22:31:50 +0000 (22:31 +0000)]
Don't do #ifdef AF_INET6, as it's always defined now
aland [Wed, 20 Apr 2005 22:27:30 +0000 (22:27 +0000)]
inet_pton && inet_ntop fixes
aland [Wed, 20 Apr 2005 20:15:30 +0000 (20:15 +0000)]
We now always have inet_ntop, even if it's our own implementation.
We always have AF_INET6, even if it's our own definition.
Our own inet_ntop now prints IPv4 and IPv6 in a dumb, but simple
format
aland [Wed, 20 Apr 2005 19:54:50 +0000 (19:54 +0000)]
Forgot from last commit
aland [Wed, 20 Apr 2005 19:54:27 +0000 (19:54 +0000)]
define struct in6_addr if it's not defined. This lets the server
implement IPv6 for packets it's handling, even if it can't listen
on IPv6 sockets natively
This change will probably break the build for the next little while,
until the #ifdef AF_INET6 stuff gets cleaned up...
aland [Wed, 20 Apr 2005 00:04:20 +0000 (00:04 +0000)]
If we have AF_INET6, use new API's to look up IPv6 addresses
in the configuration files
aland [Wed, 20 Apr 2005 00:01:23 +0000 (00:01 +0000)]
Use new API for hostname lookups
aland [Tue, 19 Apr 2005 23:55:41 +0000 (23:55 +0000)]
Do DNS lookups (or not) for IPv6 names, too
aland [Tue, 19 Apr 2005 23:50:39 +0000 (23:50 +0000)]
Call new functions to do DNS lookups
aland [Tue, 19 Apr 2005 23:42:47 +0000 (23:42 +0000)]
Look the server up with IPv6 aware code, too
aland [Tue, 19 Apr 2005 23:40:37 +0000 (23:40 +0000)]
Now builds with new IPv6 code.
Doesn't handle IPv6 clients, though. That can be fixed later.
aland [Tue, 19 Apr 2005 23:38:49 +0000 (23:38 +0000)]
Don't use ip_getaddr, use new ip_hton
aland [Tue, 19 Apr 2005 23:33:44 +0000 (23:33 +0000)]
check for getaddrinfo() && getnameinfo(), which both beat the
pants off of gethostbybname() & friends
raghu [Tue, 19 Apr 2005 22:07:41 +0000 (22:07 +0000)]
Initialize salen before calling getsockname
aland [Tue, 19 Apr 2005 21:31:37 +0000 (21:31 +0000)]
configure gets excited about $@, and tries to replace the @
with some intepreted string, which nukes the -L && -lradius
lines.