aland [Sat, 24 Nov 2007 08:28:43 +0000 (08:28 +0000)]
Define LIBRADIUS
aland [Sat, 24 Nov 2007 08:03:10 +0000 (08:03 +0000)]
Renamed libeap to libfreeradius-eap, which avoids conflict
with other systems.
perl -pi -e 's/libeap.la/\$\(LIBPREFIX\)freeradius-eap.la/g;' `cat files`
aland [Fri, 23 Nov 2007 16:28:34 +0000 (16:28 +0000)]
Be a little more forgiving about includes
aland [Fri, 23 Nov 2007 14:18:53 +0000 (14:18 +0000)]
Added definitions for more EAP types
aland [Fri, 23 Nov 2007 13:46:51 +0000 (13:46 +0000)]
More changes to make a common naming scheme. This breaks
patches from third party maintainers, but has to be done
before a final 2.0.
perl -pi -e 's/LRAD_/FR_/g;s/lrad_/fr_/g' `cat files`
aland [Fri, 23 Nov 2007 13:28:00 +0000 (13:28 +0000)]
permit -c to work
aland [Fri, 23 Nov 2007 13:17:22 +0000 (13:17 +0000)]
More search and replace changes to clean up the code.
perl -pi -e 's/librad_SHA1/SHA1/g;s/SHA1_CTX/fr_SHA1_CTX/g;s/SHA1Transform/fr_SHA1Transform/g;s/SHA1Init/fr_SHA1Init/g;s/SHA1Update/fr_SHA1Update/g;s/SHA1Final/fr_SHA1Final/g;s/SHA1FinalNoLen/fr_SHA1FinalNoLen/g;s/lrad_hmac_sha1/fr_hmac_sha1/g;' `cat files`
aland [Fri, 23 Nov 2007 12:58:06 +0000 (12:58 +0000)]
Avoid OpenSSL compilation issues
perl -pi -e 's/lrad_MD5_CTX/MD5_CTX/g;s/MD5_CTX/FR_MD5_CTX/g;s/lrad_MD5Init/MD5Init/g;s/lrad_MD5Update/MD5Update/g;s/lrad_MD5Transform/MD5Transform/g;s/lrad_MD5Final/MD5Final/g;s/librad_md5_calc/md5_calc/g;s/MD5Init/fr_MD5Init/g;s/MD5Update/fr_MD5Update/g;s/MD5Transform/fr_MD5Transform/g;s/MD5Final/fr_MD5Final/g;s/md5_calc/fr_md5_calc/g;'
`cat files`
aland [Fri, 23 Nov 2007 12:45:25 +0000 (12:45 +0000)]
Handle EAGAIN in recfrom, in preparation for non-blocking UDP
sockets
aland [Fri, 23 Nov 2007 12:38:26 +0000 (12:38 +0000)]
Renamed MD4* to fr_MD4*, in order to avoid issues with OpenSSL
aland [Fri, 23 Nov 2007 09:06:05 +0000 (09:06 +0000)]
On HUP, cache the old configuration for ~60s. After that time,
the old configuration is deleted.
This permits threads to keep using the old configuration for
a while.
aland [Fri, 23 Nov 2007 09:03:26 +0000 (09:03 +0000)]
Permit HUPs only every 5s. If someone tries to HUP it more
often than that, the HUP is ignored, and a log message is
sent.
aland [Thu, 22 Nov 2007 15:37:51 +0000 (15:37 +0000)]
Move to snprintf. Change to use vp_octets, which is unsigned
aland [Thu, 22 Nov 2007 13:23:43 +0000 (13:23 +0000)]
Track the number of round trips, and bail out on a connection
after too many trips.
aland [Thu, 22 Nov 2007 09:47:12 +0000 (09:47 +0000)]
Clean up code to call tls_handshake_send(), which deals with
fragmented data inside of the TLS tunnel.
It still doesn't work with PEAP/EAP-TLS, but that's now because
after the tunneled session is set up, the *outer* session sends
a bare ACK, where it really needs an ACK inside of the tunnel.
This means that it skips updating the internal list of
"known EAP sessions". When the next piece of data comes in,
it's EAP Id is one more than expected from the tunneled State,
and the code thinks there's something weird going on.
aland [Thu, 22 Nov 2007 09:43:20 +0000 (09:43 +0000)]
Prepare for session resumption patch.
Prepare for sending fragmented data inside of the TLS tunnel
for phase 2 (TTLS/PEAP)
aland [Thu, 22 Nov 2007 09:18:03 +0000 (09:18 +0000)]
Some changes to speed up dictionary initialization
- move to simple memory pool, which puts all attributes and
values close together in memory.
- cache vendor/attr when adding attr/value, to prevent extra
dictionary lookups. Most attributes are grouped by vendor,
and most values grouped by attribute, so caching the last one
makes a big difference
- re-order the checks for types and ATTRIBUTE/VALUE, so that
the ones which are used the most are checked for first.
The result is a significant reduction in the time taken to
start the server. It should also help a lot on any future
Windows port, where memory allocation is horrible, and
loading the dictionaries takes a noticable amount of time.
aland [Wed, 21 Nov 2007 09:58:05 +0000 (09:58 +0000)]
More sanity checks on fragment size, and account for EAP-TLS
headers, so that the maximum *EAP* fragment we send is exactly
"fragment_size", and not 10 bytes more.
aland [Wed, 21 Nov 2007 09:38:29 +0000 (09:38 +0000)]
Examples of using new module methods
aland [Wed, 21 Nov 2007 09:35:59 +0000 (09:35 +0000)]
Added pre/post-proxy sections, and postauth section.
Converted the rest of the code to use macros to define
common blocks. This simplifies the code and reduces errors.
aland [Wed, 21 Nov 2007 02:55:06 +0000 (02:55 +0000)]
Fixed incorrect commit
aland [Tue, 20 Nov 2007 15:06:25 +0000 (15:06 +0000)]
Pack more EAP data into VALUE_PAIR's, to allow inner EAP methods
that carry large amounts of data.
aland [Tue, 20 Nov 2007 08:12:38 +0000 (08:12 +0000)]
Permit TLS inside of PEAP/TTLS tunnels. It won't work, but it
won't crash the system, either. Maybe enbling it will let
someone debug the issues.
aland [Tue, 20 Nov 2007 03:08:05 +0000 (03:08 +0000)]
Handle multiple EAP-Messages inside of a PEAP tunnel.
aland [Sun, 18 Nov 2007 06:53:20 +0000 (06:53 +0000)]
Updates from:
http://support.3com.com/infodeli/tools/wireless/switches/3wxmug4-1.pdf
Include comments on typos in the original documentation
aland [Fri, 16 Nov 2007 15:20:23 +0000 (15:20 +0000)]
Move parse of CONF_SECTION -> RADCLIENT into it's own function
aland [Fri, 16 Nov 2007 09:08:24 +0000 (09:08 +0000)]
Write our own sscanf for %i, which is ~30 lines long, and saves
10% on startup times. It's not a lot, but every little bit
counts...
pnixon [Thu, 15 Nov 2007 20:21:03 +0000 (20:21 +0000)]
This function hasn't been used for 4 years now, so its probably safe to remove it.
aland [Wed, 14 Nov 2007 09:06:28 +0000 (09:06 +0000)]
New script to print out attributes ordered by type, and
which RFC they are defined in.
aland [Wed, 14 Nov 2007 09:00:24 +0000 (09:00 +0000)]
Added one attribute defined in a Diameter RFC.
aland [Tue, 13 Nov 2007 10:41:17 +0000 (10:41 +0000)]
marked more modules HUP-safe
aland [Tue, 13 Nov 2007 09:54:42 +0000 (09:54 +0000)]
Point to the correct directories.
Move the Voip schema to be located next to the voip
configuration that uses it, just like the other examples
aland [Tue, 13 Nov 2007 06:57:38 +0000 (06:57 +0000)]
Remove unneeded lines
aland [Tue, 13 Nov 2007 06:46:01 +0000 (06:46 +0000)]
Fix includes and handling of directories.
Patch from Patrich Welche
aland [Mon, 12 Nov 2007 14:07:09 +0000 (14:07 +0000)]
Added HUP support. As it happens, it's also thread-safe.
All it does is re-initialize modules that are flagged as
"safe for HUP". Right now, only the "files" module is flagged
like this, but it's easy enough to flag other modules, too.
In the future, we may want to examine the ability to reload
policies, etc. This MAY be possible, if the policies are
contained in one file....
aland [Mon, 12 Nov 2007 06:16:56 +0000 (06:16 +0000)]
Mark more modules safe for -C
aland [Sun, 11 Nov 2007 22:11:51 +0000 (22:11 +0000)]
Mark more modules "safe for -C"
aland [Sun, 11 Nov 2007 22:05:29 +0000 (22:05 +0000)]
Mark more modules "safe for -C"
aland [Sun, 11 Nov 2007 22:01:59 +0000 (22:01 +0000)]
Added -C command-line option, documentation, debug messages,
and marked a number of modules as "safe for -C".
Note that sql, ldap, etc. are NOT "safe for -C".
aland [Sun, 11 Nov 2007 21:20:59 +0000 (21:20 +0000)]
Make cf_reference_item public, so it can be used in
%{config:...}
Made internal configuration code reference sub-sections by
instances, too. This allows ${foo.bar[baz]} references.
Added internal "confdir" directive in cf_file_read, which
adds "confdir" as the FIRST configuration item in "main".
This allows the rest of the configuration files and directives
to be tied to ${confdir}, meaning the server can be built
with one target directory, but still run out of another
aland [Sun, 11 Nov 2007 18:11:28 +0000 (18:11 +0000)]
Change raddbdir to confdir for consistency.
aland [Sat, 10 Nov 2007 09:36:25 +0000 (09:36 +0000)]
sprintf -> snprintf
aland [Sat, 10 Nov 2007 07:07:59 +0000 (07:07 +0000)]
More careful sanity checking on the values of attributes and
vendor Id's
aland [Sat, 10 Nov 2007 06:59:14 +0000 (06:59 +0000)]
If the EAP message in the Diameter AVP is larger than 253
octets, split it among multiple VALUE_PAIRs. This fixes a
previous FIXME.
aland [Sat, 10 Nov 2007 06:45:51 +0000 (06:45 +0000)]
Return EAPTLS_OK only if the SSL setup is finished, AND there's
no more data inside of the tunnel
nbk [Fri, 9 Nov 2007 23:49:49 +0000 (23:49 +0000)]
When s = cl->shortname we try to copy a string of arbitrary length
to a 64 bytes long buffer.
Bug found by Primoz Bratanic <primoz@slo-tech.com>
aland [Thu, 8 Nov 2007 16:26:06 +0000 (16:26 +0000)]
Call record_minus, not record_init() on handshake send, because
there may be data left in the clean_in buffer
aland [Wed, 7 Nov 2007 22:21:18 +0000 (22:21 +0000)]
We don't need or use librad_MD4* stuff
aland [Wed, 7 Nov 2007 22:13:42 +0000 (22:13 +0000)]
Don't strip executables. The people who need the disk space can
strip them by hand. Everyone else needs symbols to work around
RTLD_GLOBAL issues, OR to help with debugging
aland [Tue, 6 Nov 2007 21:55:40 +0000 (21:55 +0000)]
If there's no User-Name, ldap is a NOOP, not a failure
aland [Mon, 5 Nov 2007 23:26:26 +0000 (23:26 +0000)]
Catch some corner cases in wait_a_bit
aland [Mon, 5 Nov 2007 23:24:48 +0000 (23:24 +0000)]
Clarify code
aland [Mon, 5 Nov 2007 22:54:05 +0000 (22:54 +0000)]
Set el->now
aland [Mon, 5 Nov 2007 08:59:00 +0000 (08:59 +0000)]
Updated Schema
aland [Sat, 3 Nov 2007 00:14:54 +0000 (00:14 +0000)]
Point to MS's page
aland [Fri, 2 Nov 2007 23:57:40 +0000 (23:57 +0000)]
One more sample virtual server. At this rate, we'll have
something resembling "documentation" real soon now.
aland [Fri, 2 Nov 2007 23:57:12 +0000 (23:57 +0000)]
Deleted blank line
aland [Tue, 30 Oct 2007 13:32:47 +0000 (13:32 +0000)]
Many modules return FAIL. This means authentication failure,
not HANDLED
aland [Mon, 29 Oct 2007 12:28:59 +0000 (12:28 +0000)]
Remove unused header files
aland [Mon, 29 Oct 2007 09:41:22 +0000 (09:41 +0000)]
Re-arrange code into common functions
aland [Mon, 29 Oct 2007 09:33:15 +0000 (09:33 +0000)]
Use better function
aland [Mon, 29 Oct 2007 09:32:18 +0000 (09:32 +0000)]
More checks for functions on unsupported platforms
aland [Mon, 29 Oct 2007 07:32:10 +0000 (07:32 +0000)]
Build on systems without pthread (or --without-threads)
aland [Mon, 29 Oct 2007 07:20:21 +0000 (07:20 +0000)]
More #ifdef's for platforms that need them
aland [Mon, 29 Oct 2007 03:01:28 +0000 (03:01 +0000)]
Wrap include with #ifdef's
aland [Mon, 29 Oct 2007 02:50:07 +0000 (02:50 +0000)]
lockf portability
aland [Wed, 24 Oct 2007 11:04:29 +0000 (11:04 +0000)]
Call OpenSSL_add_all_algorithms()
We still need to call EVP_cleanup() on clean exit, but who's
counting?
aland [Wed, 24 Oct 2007 11:00:23 +0000 (11:00 +0000)]
Look for <openssl/evp.h>, for OpenSSL_add_all_algorithms()
aland [Wed, 24 Oct 2007 07:29:12 +0000 (07:29 +0000)]
Corrected typo
aland [Tue, 23 Oct 2007 13:41:23 +0000 (13:41 +0000)]
Remove Auth-Type example
aland [Tue, 23 Oct 2007 13:06:45 +0000 (13:06 +0000)]
Corrected name
aland [Tue, 23 Oct 2007 07:57:31 +0000 (07:57 +0000)]
Notes on requiring a client certificate
aland [Tue, 23 Oct 2007 04:18:01 +0000 (04:18 +0000)]
Now that we have virtual servers, we don't need vmpsd.conf
aland [Tue, 23 Oct 2007 04:16:12 +0000 (04:16 +0000)]
Updated
aland [Tue, 23 Oct 2007 04:14:19 +0000 (04:14 +0000)]
Copied VMPS stuff to a virtual server
aland [Tue, 23 Oct 2007 04:06:26 +0000 (04:06 +0000)]
Update date
aland [Tue, 23 Oct 2007 04:06:02 +0000 (04:06 +0000)]
We no longer need radrelay.conf, as we have virtual servers.
aland [Tue, 23 Oct 2007 04:03:33 +0000 (04:03 +0000)]
Now that we have virtual servers, we don't need radrelay.conf
any more
aland [Tue, 23 Oct 2007 03:53:18 +0000 (03:53 +0000)]
More samples of using radrelay functionality in 2.0
aland [Mon, 22 Oct 2007 14:48:15 +0000 (14:48 +0000)]
detail file is in ${radacctdir}, not ${confdir}
aland [Mon, 22 Oct 2007 13:09:14 +0000 (13:09 +0000)]
Changed
$INCLUDE ${confdir}/foo
to
$INCLUDE foo
which should be simpler...
aland [Mon, 22 Oct 2007 13:05:04 +0000 (13:05 +0000)]
Allow "local" filenames. e.g.
$INCLUDE foo.conf
is relative to the file that started all of this off. This
change should remove much of the "$INCLUDE ${confdir}/foo",
and make it "$INCLUDE foo", which is more robust in light
of "-d radius_dir" not entirely working...
aland [Mon, 22 Oct 2007 09:30:40 +0000 (09:30 +0000)]
Corrected typos
aland [Mon, 22 Oct 2007 08:40:47 +0000 (08:40 +0000)]
radius_pairmake(), to mirror radius_paircreate().
This is in preparation for eventually using memory pools for
VALUE_PAIR's, which should save at least 10% of CPU time, from
valgrind stats.
aland [Mon, 22 Oct 2007 08:26:59 +0000 (08:26 +0000)]
It's now 2.0.0-beta.
We won't have any more pre-releases before 2.0, and I'm not
going to do major code hacking. I think we're almost done.
aland [Mon, 22 Oct 2007 02:50:45 +0000 (02:50 +0000)]
For authentication logging, log if the request came from an
inner/outer tunnel session
aland [Sun, 21 Oct 2007 06:47:00 +0000 (06:47 +0000)]
Try to open the log file (and complain on error) ONLY if
the log file destination is "files"
aland [Thu, 18 Oct 2007 16:15:51 +0000 (16:15 +0000)]
Check for NULL
aland [Thu, 18 Oct 2007 14:31:59 +0000 (14:31 +0000)]
Document outer.request and outer.reply
aland [Thu, 18 Oct 2007 14:12:49 +0000 (14:12 +0000)]
Allow "update" sections to update outer request, config, and
reply directly. This should simplify many configurations
aland [Thu, 18 Oct 2007 14:11:24 +0000 (14:11 +0000)]
Add %{outer.request:Attribute-Name} and
%{outer.reply:Attribute-Name}
This should make it easier to handle tunneled EAP types
aland [Thu, 18 Oct 2007 12:27:05 +0000 (12:27 +0000)]
Parse clients from the main config section, which initializes
things so that clients can be read from SQL
aland [Thu, 18 Oct 2007 11:59:29 +0000 (11:59 +0000)]
Made a fake client for each detail file
aland [Thu, 18 Oct 2007 11:59:03 +0000 (11:59 +0000)]
Check SNMP pointers, too. Increment accounting counters, rather
than auth counters for accounting packets
aland [Thu, 18 Oct 2007 11:06:41 +0000 (11:06 +0000)]
t may be NULL. This fixes bug #488
aland [Thu, 18 Oct 2007 09:32:37 +0000 (09:32 +0000)]
Removed -pie, as it's a GCC-ism, and isn't necessarily portable.
If it's needed, it can be added via configure checks, etc.
aland [Tue, 16 Oct 2007 15:24:01 +0000 (15:24 +0000)]
Reference mainconfig again
aland [Tue, 16 Oct 2007 11:50:24 +0000 (11:50 +0000)]
Print "Ready to process requests" at L_INFO when starting,
and after a HUP
aland [Tue, 16 Oct 2007 11:49:50 +0000 (11:49 +0000)]
Print that core dumps are enabled
aland [Tue, 16 Oct 2007 09:31:47 +0000 (09:31 +0000)]
Reformatted and clarified text