Alan T. DeKok [Wed, 8 Sep 2010 06:05:50 +0000 (08:05 +0200)]
Added missing check for lookup
Alan T. DeKok [Tue, 7 Sep 2010 20:37:41 +0000 (22:37 +0200)]
Made warning messages more consistent
Alan T. DeKok [Tue, 7 Sep 2010 20:36:35 +0000 (22:36 +0200)]
Regularized error messages
Alan T. DeKok [Tue, 7 Sep 2010 20:36:04 +0000 (22:36 +0200)]
Remove port 1814 from the default pcap filter. It isn't necessary
Alan T. DeKok [Tue, 7 Sep 2010 20:20:55 +0000 (22:20 +0200)]
Fix escaping rules. Closes bug #46
Alan T. DeKok [Tue, 7 Sep 2010 15:17:43 +0000 (17:17 +0200)]
Log issuer, not root cert.
Also only create attributes for the client && issuing certificate.
Alan T. DeKok [Tue, 7 Sep 2010 15:07:13 +0000 (17:07 +0200)]
Minor fixes as suggested by Michael Ross
- fix typo in Expiraton
- sprintf of serial was using the start of the buffer, and not the pointer
- use names for array references, rather than hard-coded numbers
- correct reference to issuer/subject
Alan T. DeKok [Mon, 6 Sep 2010 07:45:13 +0000 (09:45 +0200)]
Added support for {nthash} for compatibility with radiator
Alan T. DeKok [Fri, 3 Sep 2010 10:44:11 +0000 (12:44 +0200)]
Added ability to verify client certificates
Disabled in the default build.
Alan T. DeKok [Thu, 2 Sep 2010 15:48:40 +0000 (17:48 +0200)]
Remove \n from log messages
Alan T. DeKok [Thu, 2 Sep 2010 12:57:52 +0000 (14:57 +0200)]
Create Module-Failure-Message for *all* callback errors
Alan T. DeKok [Thu, 2 Sep 2010 12:53:44 +0000 (14:53 +0200)]
Fixed typo
Alan T. DeKok [Fri, 3 Sep 2010 08:17:55 +0000 (10:17 +0200)]
Removed test user
Alan T. DeKok [Wed, 1 Sep 2010 15:10:22 +0000 (17:10 +0200)]
Add /usr/lib to search path, to avoid warning messages on build
Alan T. DeKok [Wed, 1 Sep 2010 09:13:46 +0000 (11:13 +0200)]
Change default raddebug timeout to 60s
Alan T. DeKok [Tue, 31 Aug 2010 11:21:03 +0000 (13:21 +0200)]
Just published
Alan T. DeKok [Mon, 30 Aug 2010 14:55:00 +0000 (16:55 +0200)]
Fixed typo
Alan T. DeKok [Mon, 30 Aug 2010 13:18:48 +0000 (15:18 +0200)]
Catch LDAP constraint violation
closed bug #18
Alan T. DeKok [Mon, 30 Aug 2010 10:59:59 +0000 (12:59 +0200)]
Updated from bug #102
Alan T. DeKok [Fri, 27 Aug 2010 14:42:50 +0000 (16:42 +0200)]
Include DHCP test client.
It's not built by default, and it's not installed. But some may
find it useful for testing.
Alan T. DeKok [Fri, 27 Aug 2010 13:20:19 +0000 (15:20 +0200)]
Made module error / warning messages consistent
Alan T. DeKok [Fri, 27 Aug 2010 13:07:33 +0000 (15:07 +0200)]
Added new attribute. Closes bug #101
Alan T. DeKok [Fri, 27 Aug 2010 13:04:16 +0000 (15:04 +0200)]
Added empty opendirectory module
Alan T. DeKok [Fri, 27 Aug 2010 10:48:14 +0000 (12:48 +0200)]
Create new mutex for Access-Challenge debug code.
This prevents the recursive mutex problem on some platforms.
Alan T. DeKok [Thu, 26 Aug 2010 14:52:59 +0000 (16:52 +0200)]
Added more documentation for dynamic clients
Alan T. DeKok [Thu, 26 Aug 2010 14:47:13 +0000 (16:47 +0200)]
Fix typos
Alan T. DeKok [Thu, 26 Aug 2010 14:31:16 +0000 (16:31 +0200)]
Ensure WITHOUT flags are set if they're not being used
Alan T. DeKok [Thu, 26 Aug 2010 14:30:56 +0000 (16:30 +0200)]
Updated copyright date and build options
Alan T. DeKok [Thu, 26 Aug 2010 10:54:55 +0000 (12:54 +0200)]
Updated documentation
Alan T. DeKok [Tue, 24 Aug 2010 13:01:00 +0000 (15:01 +0200)]
Added support for EAP-MD5, using radeapclient.
Alan T. DeKok [Wed, 25 Aug 2010 12:11:39 +0000 (14:11 +0200)]
Add warning message about packets being too long
Conflicts:
src/lib/radius.c
Alan T. DeKok [Wed, 18 Aug 2010 15:42:30 +0000 (17:42 +0200)]
Added support for TLS-Cert-* and TLS-Client-Cert-* attributes
This has been needed for a long time. They only work for methods
which use a client certificate, but it's a start.
Alan T. DeKok [Thu, 12 Aug 2010 13:59:29 +0000 (15:59 +0200)]
Mkae sure we show EAP-Message in the debug output
Alan T. DeKok [Tue, 10 Aug 2010 06:13:32 +0000 (08:13 +0200)]
Added indexes to IP Pool table
Alan T. DeKok [Mon, 9 Aug 2010 19:50:45 +0000 (21:50 +0200)]
Use pairmake() which is in libradius, not radius_pairmake()
Alan T. DeKok [Mon, 9 Aug 2010 13:10:48 +0000 (15:10 +0200)]
Add Cached-Session-Policy attribute.
This can be placed into the cache in the first EAP session, and
grabbed from the cache on subsequet packets.
Alan T. DeKok [Mon, 9 Aug 2010 12:04:13 +0000 (14:04 +0200)]
Print out WARNING if EAP session did not finish.
This functionality has been sorely needed for some time. It works
ONLY in debugging mode. It prints out a warning if the handler still
exists when the request packet is cleaned up.
Alan T. DeKok [Mon, 9 Aug 2010 09:36:03 +0000 (11:36 +0200)]
Slightly lower impact way of cleaning up old sessions
Alan T. DeKok [Mon, 9 Aug 2010 09:33:36 +0000 (11:33 +0200)]
More errors to Module-Failure-Message
Alan T. DeKok [Sat, 7 Aug 2010 21:04:19 +0000 (23:04 +0200)]
Added ability to write to pcap file
Alan T. DeKok [Sat, 7 Aug 2010 20:30:52 +0000 (22:30 +0200)]
Do more checking of command-line arguments
Alan T. DeKok [Sat, 7 Aug 2010 07:48:24 +0000 (09:48 +0200)]
Fixes for 2.2 API
Alan T. DeKok [Sat, 7 Aug 2010 07:36:36 +0000 (09:36 +0200)]
Added example of "second_files" module, with documentation
Alan T. DeKok [Fri, 6 Aug 2010 15:48:44 +0000 (17:48 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:26:56 +0000 (17:26 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:24:54 +0000 (17:24 +0200)]
Regularize error messages
Alan T. DeKok [Fri, 6 Aug 2010 15:17:32 +0000 (17:17 +0200)]
Regularize warning messages
Alan T. DeKok [Fri, 6 Aug 2010 15:13:31 +0000 (17:13 +0200)]
Regularized warning messages
Alan T. DeKok [Fri, 6 Aug 2010 12:59:54 +0000 (14:59 +0200)]
Added check for lt_dladvise_init
This helps solve loading issues when libraries depend on other libraries
Alan T. DeKok [Sat, 7 Aug 2010 07:43:01 +0000 (09:43 +0200)]
Fix for 2.2 API
Alan T. DeKok [Fri, 6 Aug 2010 12:36:04 +0000 (14:36 +0200)]
Added Packet-Transmit-Counter for retransmits.
Closes bug #13
Alan T. DeKok [Fri, 6 Aug 2010 08:23:07 +0000 (10:23 +0200)]
Back out some recent changes
While it's nice to know which part of the server is processing
something (by hacking request->module), it clutters the debug output
a fair bit.
Alan T. DeKok [Wed, 4 Aug 2010 12:17:37 +0000 (14:17 +0200)]
Be less agressive about marking home servers as zombie.
Instead of marking them as zombie as soon as ONE packet doesn't
receive a response, mark then as zombie when we have received NO
responses for (zombie_period / 4)
Alan T. DeKok [Wed, 4 Aug 2010 13:29:48 +0000 (15:29 +0200)]
Alan T. DeKok [Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)]
Notes on SHOULD set "require_message_authenticator"
Alan T. DeKok [Wed, 4 Aug 2010 08:13:10 +0000 (10:13 +0200)]
Set "component" and "module" to more descriptive values
So that when something goes wrong, we know where / why
Alan T. DeKok [Tue, 3 Aug 2010 15:25:27 +0000 (17:25 +0200)]
Enabled "digest" in the default configuration.
Now that the "digest" module is more forgiving, it's probably best
to allow it here.
Alan T. DeKok [Tue, 3 Aug 2010 12:37:36 +0000 (14:37 +0200)]
Be moe forgiving about the Digest attributes.
In the "authorize" section, check if the attributes exist, and are
properly formatted. If not, return NOOP. If so, decode them,
and set Auth-Type := digest
If they don't list "digest" in "authorize", decode the attributes
in the "authenticate" section, too.
Alan T. DeKok [Tue, 3 Aug 2010 09:41:24 +0000 (11:41 +0200)]
Added -t option
This lets people use radtest for CHAP and MS-CHAP authentication,
without worrying too much about the internals of what's going on.y
Alan T. DeKok [Mon, 2 Aug 2010 14:54:07 +0000 (16:54 +0200)]
Added more notes on FreeBSD with multiple LANs
Alan T. DeKok [Mon, 2 Aug 2010 14:34:15 +0000 (16:34 +0200)]
Removed extraneous fprintf
Alan T. DeKok [Mon, 2 Aug 2010 13:54:46 +0000 (15:54 +0200)]
Manual merge of
aec08bce7f
Better handle a "known" attribute with invalid length
If we receive an "integer" attribute with length "10", don't
leave the name as "Foo-Bar". Instead, make it clear that the
attribute is unknown, and print it as "Attr-%d"
Alan T. DeKok [Mon, 2 Aug 2010 06:41:34 +0000 (08:41 +0200)]
strcpy to a NULL pointer is bad.
Closes bug #98
Alan T. DeKok [Sun, 1 Aug 2010 07:29:59 +0000 (09:29 +0200)]
Notes on binding to interfaces for DHCP
Alan T. DeKok [Sat, 31 Jul 2010 06:57:10 +0000 (08:57 +0200)]
More descriptive error messages.
If the thread pool queue is full, or if the packets are stuck in it for
a long time, it's usually because someone has a DB with 10 million rows
and no index. Or, they're running long-lived queries against a MyISAM
database. Either way, there's little that the RADIUS server can do
to fix it.
When that happens, produce a descriptive error message suggesting
that they focus the blame in the right place.
Alan T. DeKok [Fri, 30 Jul 2010 13:27:00 +0000 (15:27 +0200)]
Added attributes from recent RFCs
Alan T. DeKok [Fri, 30 Jul 2010 12:43:49 +0000 (14:43 +0200)]
API fixes for 2.2.0
Alan T. DeKok [Thu, 29 Jul 2010 15:24:42 +0000 (17:24 +0200)]
Check sockets against home servers for proxy loops
This only works when using -C. It only prints messages with -XC
Alan T. DeKok [Thu, 29 Jul 2010 12:29:04 +0000 (14:29 +0200)]
Fix typos n default configution. Closes bug #11
Alan T. DeKok [Thu, 29 Jul 2010 12:21:06 +0000 (14:21 +0200)]
Updates as from jlockie
Alan T. DeKok [Thu, 29 Jul 2010 12:12:15 +0000 (14:12 +0200)]
Renamed in preparation for RST
Alan T. DeKok [Thu, 29 Jul 2010 12:08:15 +0000 (14:08 +0200)]
Added real DESC fields.
Patch from Turbo Fredriksson
Alan T. DeKok [Thu, 29 Jul 2010 12:03:31 +0000 (14:03 +0200)]
Update Oracle Autoconf scripts. Closes bug #57
Alan T. DeKok [Thu, 29 Jul 2010 07:45:11 +0000 (09:45 +0200)]
Put SSL errors into Module-Failure-Message
Alan T. DeKok [Tue, 27 Jul 2010 10:24:55 +0000 (12:24 +0200)]
Fix for 2.2.0 API
Alan T. DeKok [Tue, 27 Jul 2010 06:48:34 +0000 (08:48 +0200)]
Fixed typo
Alan T. DeKok [Mon, 26 Jul 2010 16:09:11 +0000 (18:09 +0200)]
Use MS-CHAP-User-Name in MS-CHAP module.
If available, we prefer it to User-Name. If it's NOT the same
(case-insensitive) as User-Name, we reject the request.
Closes bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:03:35 +0000 (17:03 +0200)]
Create MS-CHAP-User-Name, which is taken from the MS-CHAP packet.
Taken from bug #17
Alan T. DeKok [Mon, 26 Jul 2010 15:02:04 +0000 (17:02 +0200)]
Fix changes pulled from v2.1.x for new API
Alan T. DeKok [Mon, 26 Jul 2010 14:59:27 +0000 (16:59 +0200)]
Better fix for unlinking control sockets
Alan T. DeKok [Mon, 26 Jul 2010 14:53:00 +0000 (16:53 +0200)]
Revert "Delete control socket when the server exits."
This reverts commit
061916989a6328f5d725d4085d58adfc49d5940c.
Alan T. DeKok [Mon, 26 Jul 2010 14:50:50 +0000 (16:50 +0200)]
Be more careful freeing memory in detail reader
Alan T. DeKok [Mon, 26 Jul 2010 11:30:56 +0000 (13:30 +0200)]
Delete control socket when the server exits.
This prevents permission errors
Alan T. DeKok [Thu, 22 Jul 2010 13:41:19 +0000 (15:41 +0200)]
Added CLIENT_MULTI_STATEMENTS
Closes bug #94
Alan T. DeKok [Wed, 21 Jul 2010 12:32:06 +0000 (14:32 +0200)]
Updated as per Cisco web site.
Closes #92
Alan T. DeKok [Wed, 21 Jul 2010 12:25:30 +0000 (14:25 +0200)]
Allow for spaces to be escaped in exec program.
Closes #93
Alan T. DeKok [Wed, 21 Jul 2010 12:16:54 +0000 (14:16 +0200)]
Fix parameters passed by Novell code in post-auth.
The "close connection" function takes an "ldap inst" variable,
not a pointer to a list of connections (sigh)
Alan T. DeKok [Wed, 21 Jul 2010 10:08:54 +0000 (12:08 +0200)]
Add undocumented keepalive configuration
Alan T. DeKok [Tue, 20 Jul 2010 15:27:05 +0000 (17:27 +0200)]
Use new format for the attributes
Alan T. DeKok [Tue, 20 Jul 2010 14:29:13 +0000 (16:29 +0200)]
Print all decoded TLVs, not just the first one.
Alan T. DeKok [Mon, 19 Jul 2010 21:52:39 +0000 (23:52 +0200)]
Use correct return code
Alan T. DeKok [Mon, 19 Jul 2010 21:48:32 +0000 (23:48 +0200)]
Fixed a few bugs using tests posted to the list.
for discover, add the following to the reply:
DHCP-Agent-Circuit-Id = 0x000401e30420
DHCP-Agent-Remote-Id = 0x000600FFFFFFFF00
Both server && client code crash.
Alan T. DeKok [Mon, 19 Jul 2010 19:49:38 +0000 (21:49 +0200)]
Don't "originate" CoA requests if the packet is a CoA request.
Instead, the user should *proxy* the CoA request.
Alan T. DeKok [Mon, 19 Jul 2010 19:31:47 +0000 (21:31 +0200)]
MPPE Key deriviation documentation
Alan T. DeKok [Mon, 19 Jul 2010 18:14:39 +0000 (20:14 +0200)]
Updated documentation
Alan T. DeKok [Mon, 19 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Updated Password-With-Header handling to make it more robust.
* Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
This will automatically convert more passwords.
* Updated rlm_pap to decode Password-With-Header, if it was base64
encoded, and to treat the contents as potentially binary data.
Alan T. DeKok [Fri, 16 Jul 2010 15:30:24 +0000 (17:30 +0200)]
Fix long-standing memory leak as found by Jerry Nichols
bob Cleartext-Password := "hello"
Tunnel-Server-Endpoint := 1.2.3.4,
Tunnel-Server-Endpoint := 1.2.3.5,
Tunnel-Type := 3,
Tunnel-Server-Endpoint := 1.2.3.2,
Tunnel-Medium-Type := 1,
Tunnel-Server-Endpoint := 1.2.3.1
Where there are multiple copies of
the same attribute with a := operator in the 'from' list, and the only
operators in the 'from' list are :=, then all the repeated attributes
after the first and before the last non-repeated attribute are lost. In
the example above that would result in the VALUE_PAIRS :
Tunnel-Server-Endpoint := 1.2.3.5
Tunnel-Server-Endpoint := 1.2.3.2
being orphaned.
Alan T. DeKok [Thu, 15 Jul 2010 08:39:56 +0000 (10:39 +0200)]
More documentation
Alan T. DeKok [Fri, 9 Jul 2010 10:21:16 +0000 (12:21 +0200)]
Re-enabled Exec-Program and Exec-Program-Wait for accounting packets
It's just too useful to live without
Alan T. DeKok [Fri, 9 Jul 2010 08:27:36 +0000 (10:27 +0200)]
Updated documentation