Alan T. DeKok [Wed, 21 Jan 2009 13:32:29 +0000 (14:32 +0100)]
Look for setuid, too
Alan T. DeKok [Wed, 21 Jan 2009 10:13:24 +0000 (11:13 +0100)]
If we're at EOF, the socket will never be ready
So check for EOF in more places
Alan T. DeKok [Mon, 19 Jan 2009 15:15:08 +0000 (16:15 +0100)]
Notes on MySQL
Alan T. DeKok [Mon, 19 Jan 2009 13:51:19 +0000 (14:51 +0100)]
Try to work around transactional issues...
Alan T. DeKok [Mon, 19 Jan 2009 12:41:34 +0000 (13:41 +0100)]
Clean up CoA origination to not depend on CoA
This makes the patch a little cleaner
Alan T. DeKok [Sun, 18 Jan 2009 16:16:10 +0000 (17:16 +0100)]
Removed extraneous line
Alan T. DeKok [Sun, 18 Jan 2009 15:13:13 +0000 (16:13 +0100)]
CoA is in request->proxy, not request->packet
Alan T. DeKok [Tue, 13 Jan 2009 13:01:14 +0000 (14:01 +0100)]
Note restrictions on detail file usage
Alan T. DeKok [Mon, 12 Jan 2009 13:32:10 +0000 (14:32 +0100)]
Commented out SQL modules by default.
Unlike the EAP module, they need *additional* things to be configured
before they will work. So you can't just build the server with SQL
support, and then start it. You need to edit sql.conf, etc.
In the interest of making the server start quickly in debugging mode,
the SQL module configurations are now commented out.
Alan T. DeKok [Mon, 12 Jan 2009 09:14:12 +0000 (10:14 +0100)]
Change default hash function to SHA1. MD5 is broken.
Alan T. DeKok [Mon, 12 Jan 2009 09:13:14 +0000 (10:13 +0100)]
More updates
Alan T. DeKok [Mon, 12 Jan 2009 09:12:05 +0000 (10:12 +0100)]
run_dir depends on ${name}, too
Alan T. DeKok [Wed, 7 Jan 2009 09:51:34 +0000 (10:51 +0100)]
Added notes on using "screen"
Alan T. DeKok [Tue, 6 Jan 2009 11:09:30 +0000 (12:09 +0100)]
Check for setuid, and use those checks
Alan T. DeKok [Tue, 6 Jan 2009 11:02:34 +0000 (12:02 +0100)]
Updated build to use (or not) self-pipes
If we're on platforms that don't support pipes, OR on platforms
that don't have threads, don't use self pipes.
Alan T. DeKok [Fri, 28 Nov 2008 10:42:59 +0000 (11:42 +0100)]
Limit the maximum number of queries over one SQL socket.
Similar to the "lifetime" change. If there are issues such as DB
memory leaks per client socket, then it is a good idea to periodically
close the client sockets.
Alan T. DeKok [Fri, 28 Nov 2008 10:00:25 +0000 (11:00 +0100)]
Add "lifetime" to SQL sockets.
After "lifetime" seconds, an open connection is closed. This can help
address issues such as firewalls that time out open connections...
Alan T. DeKok [Fri, 2 Jan 2009 18:43:53 +0000 (19:43 +0100)]
Corrected typo
Alan T. DeKok [Fri, 2 Jan 2009 15:23:03 +0000 (16:23 +0100)]
Enable the server to originate CoA-Request && Disconnect-Request
This is a fairly large change in the server, but is protected
by WITH_COA, so you can build without it, if you want to do that.
Alan T. DeKok [Thu, 1 Jan 2009 09:31:23 +0000 (10:31 +0100)]
Added "make cert" commands to bootstrap file
This helps it work when people don't have "make" installed
Alan T. DeKok [Thu, 18 Dec 2008 09:38:31 +0000 (10:38 +0100)]
Added WiMAX-MN-NAI and other server-side attributes
These were inexplicably left out.
Alan T. DeKok [Tue, 16 Dec 2008 15:24:25 +0000 (16:24 +0100)]
Simplified detail file polling
Moved loop over listeners to using the event API. This removes one
function, and simplifies the code.
Alan T. DeKok [Mon, 15 Dec 2008 10:57:54 +0000 (11:57 +0100)]
Removed dead code.
Closes Coverity #2
Alan T. DeKok [Mon, 15 Dec 2008 10:55:08 +0000 (11:55 +0100)]
If input pairs is NULL, return NOOP
Closes Coverity #6
Alan T. DeKok [Mon, 15 Dec 2008 10:49:09 +0000 (11:49 +0100)]
Free memory on error && exit.
Closes Coverity #16
Alan T. DeKok [Mon, 15 Dec 2008 10:43:15 +0000 (11:43 +0100)]
Removed dead code.
Closes Coverity #56
Alan T. DeKok [Mon, 15 Dec 2008 10:41:51 +0000 (11:41 +0100)]
If it's not a known option, it's an error.
Closes Coverity #57
Alan T. DeKok [Mon, 15 Dec 2008 10:39:31 +0000 (11:39 +0100)]
Suppress trailing NULs properly.
Closes Coverity #58
Alan T. DeKok [Mon, 15 Dec 2008 10:35:32 +0000 (11:35 +0100)]
Check tag values, too.
When comparing attributes, both tag AND value have to match
for the attributes to compare as equal.
Closes Coverity #59
Alan T. DeKok [Mon, 15 Dec 2008 10:32:52 +0000 (11:32 +0100)]
pairparsevalue() cannot be passed a NULL value.
Closes Coverity #62
Alan T. DeKok [Sun, 14 Dec 2008 22:02:21 +0000 (23:02 +0100)]
Remove dead code
Fixes Coverity #60
Alan T. DeKok [Sun, 14 Dec 2008 09:40:43 +0000 (10:40 +0100)]
Prepare for 2.1.4
Alan T. DeKok [Sun, 14 Dec 2008 09:31:17 +0000 (10:31 +0100)]
Change where we do suid up/down.
If the server starts as root, but it supposed to run as another
user, we want to *temporarily* drop permissions very early. Then,
when binding to privileged sockets, we re-gain permissions.
Once all of the sockets are open, we drop them permanently.
However, if we suid up for *all* sockets, then the control socket
will be created as root, rather than as the unprivileged user.
To fix that, we put suid up/down just around the 2 calls that
need it.
Alan T. DeKok [Sun, 14 Dec 2008 08:48:03 +0000 (09:48 +0100)]
Work around issue in gmake.
We were using PWD, and expecting it to be the current directory.
But apparently that's not how gmake works. We have to call
$(shell pwd) instead.
Alan T. DeKok [Sat, 13 Dec 2008 08:44:51 +0000 (09:44 +0100)]
One more check for parse error
If the statement didn't have a condition check, it's a parse error.
e.g.
()
(!)
(cond || )
(cond && )
Alan T. DeKok [Fri, 12 Dec 2008 18:01:34 +0000 (19:01 +0100)]
Fix evaluation parser
It would previously *not* evaluate things properly if there were
nested conditions, because the logic was broken and weird.
This is simplified, with the result that it's easy to understand,
and works correctly.
Alan T. DeKok [Fri, 12 Dec 2008 14:50:59 +0000 (15:50 +0100)]
Minor updates
Alan T. DeKok [Fri, 12 Dec 2008 08:36:30 +0000 (09:36 +0100)]
Define SUN_LEN for systems that don't have it
Alan T. DeKok [Thu, 11 Dec 2008 18:23:13 +0000 (19:23 +0100)]
Don't leak new listeners
Alan T. DeKok [Thu, 11 Dec 2008 14:26:58 +0000 (15:26 +0100)]
Permit multiple "-e"
Alan T. DeKok [Thu, 11 Dec 2008 14:21:11 +0000 (15:21 +0100)]
Corrected typo
Alan T. DeKok [Thu, 11 Dec 2008 11:18:49 +0000 (12:18 +0100)]
Fix minor bug. Check correct ptr
Alan T. DeKok [Fri, 5 Dec 2008 16:37:56 +0000 (17:37 +0100)]
Note 2.1.3
Alan T. DeKok [Fri, 5 Dec 2008 16:35:48 +0000 (17:35 +0100)]
Note 2.1.3
Alan T. DeKok [Fri, 5 Dec 2008 16:33:40 +0000 (17:33 +0100)]
Check out STABLE branch for 2.1.x, not the MASTER branch
Alan T. DeKok [Fri, 5 Dec 2008 06:56:16 +0000 (07:56 +0100)]
TTLSv0 RFC
Alan T. DeKok [Thu, 4 Dec 2008 11:01:02 +0000 (12:01 +0100)]
We're now 2.1.3
Alan T. DeKok [Thu, 4 Dec 2008 09:50:29 +0000 (10:50 +0100)]
Note 2.1.2
Alan T. DeKok [Thu, 4 Dec 2008 09:47:01 +0000 (10:47 +0100)]
Update time for release 2.1.2
Alan T. DeKok [Thu, 4 Dec 2008 09:00:03 +0000 (10:00 +0100)]
Added Cisco TFTP server option 150. Closes #618
Alan T. DeKok [Wed, 3 Dec 2008 16:29:52 +0000 (17:29 +0100)]
Allow all ports to be used. Closes #559
Alan T. DeKok [Wed, 3 Dec 2008 16:27:03 +0000 (17:27 +0100)]
Corrected VSA types. Closes #617
Alan T. DeKok [Tue, 2 Dec 2008 10:28:03 +0000 (11:28 +0100)]
Sample module to expire user after first login
Alan T. DeKok [Tue, 2 Dec 2008 09:26:29 +0000 (10:26 +0100)]
Note RedHat build FAQ
Alan T. DeKok [Tue, 2 Dec 2008 09:14:57 +0000 (10:14 +0100)]
Note final changes
Alan T. DeKok [Tue, 2 Dec 2008 09:11:38 +0000 (10:11 +0100)]
Fix for CVE-2008-4474
Dialup-admin uses tmp files insecurely. Since it isn't running
in a default install, this shouldn't be a major problem.
Patch from bug #605
Alan T. DeKok [Tue, 2 Dec 2008 08:00:52 +0000 (09:00 +0100)]
Don't leak memory on error conditions.
Closes Coverity #74.
The program exits anyways on error conditions, but cleaning up
is usually good practice.
Alan T. DeKok [Tue, 2 Dec 2008 07:56:54 +0000 (08:56 +0100)]
Simplify handling of structs.
This closes Coverity #73.
Rather than fixing the problem of leaked memory, we avoid it
completely by avoiding practices that require complex code to
avoid leaking memory.
Alan T. DeKok [Mon, 1 Dec 2008 15:10:51 +0000 (16:10 +0100)]
Die if we failed to allocate memory
Closes Coverity #63
We don't need to check for "cs->section_tree" twice. Just check for it
once, and if we can't allocate it, die. Checking a second time is
pointless.
Alan T. DeKok [Mon, 1 Dec 2008 15:08:09 +0000 (16:08 +0100)]
"name" cannot be NULL
If it's NULL, we can't use it at all. The previous code used it if
it was NULL...
Closes Coverity #64
Alan T. DeKok [Mon, 1 Dec 2008 15:02:15 +0000 (16:02 +0100)]
log_file may be NULL
Closes Coverity #65
Alan T. DeKok [Mon, 1 Dec 2008 14:54:01 +0000 (15:54 +0100)]
Request may be NULL
Closes Coverity #66
Alan T. DeKok [Mon, 1 Dec 2008 13:44:25 +0000 (14:44 +0100)]
Set "found" to first server.
Closes Coverity #67
Alan T. DeKok [Mon, 1 Dec 2008 13:40:00 +0000 (14:40 +0100)]
secret is NULL for LOCAL realms.
Fixes Coverity #68
Alan T. DeKok [Mon, 1 Dec 2008 13:36:54 +0000 (14:36 +0100)]
virtual_server can't be NULL
If we see "virtual_server = " in a home_server_pool, it's an error.
If you want to refer to the default virtual server, don't include
a virtual_server configuration entry.
Alan T. DeKok [Mon, 1 Dec 2008 12:54:35 +0000 (13:54 +0100)]
One more check for NULL.
Closes Coverity #80. Not that we think it's likely...
Alan T. DeKok [Mon, 1 Dec 2008 12:19:29 +0000 (13:19 +0100)]
More memory initialization
Closes Coverity #83
Alan T. DeKok [Mon, 1 Dec 2008 09:50:29 +0000 (10:50 +0100)]
free structure on error.
Closes Coverity #76
Alan T. DeKok [Mon, 1 Dec 2008 09:50:01 +0000 (10:50 +0100)]
listen.lo depends on listen.c, too
Alan T. DeKok [Mon, 1 Dec 2008 09:47:31 +0000 (10:47 +0100)]
Free fake on unknown packet.
This fixes Coverity #77.
Alan T. DeKok [Mon, 1 Dec 2008 09:45:49 +0000 (10:45 +0100)]
Don't allocate structure twice.
This fixes Coverity #78
Alan T. DeKok [Mon, 1 Dec 2008 09:40:24 +0000 (10:40 +0100)]
Ensure there's room for a trailing 0
This address Coverity #70. I don't think it will ever happen
due to the way the strings are being handled, but it never hurts
to be safe...
Alan T. DeKok [Mon, 1 Dec 2008 09:37:21 +0000 (10:37 +0100)]
Assert that comp < count, not <= count
This fixes Coverity #72
Alan T. DeKok [Mon, 1 Dec 2008 09:33:41 +0000 (10:33 +0100)]
De-reference ptr after checking it.
This fixes Coverity #79
Alan T. DeKok [Mon, 1 Dec 2008 09:30:52 +0000 (10:30 +0100)]
Mark entry=NULL after free'ing it.
This closes Coverity issue #107. There was an odd case where
we could free an old entry, and then if there were no new entries
in the queues, de-reference the old entry again.
Alan T. DeKok [Thu, 27 Nov 2008 11:07:18 +0000 (12:07 +0100)]
Permanently switch UID only if we succeed in doing setuid
mainconfig.c does setuid to an unpriviledged user (temporarily).
We do setuid(0) back to bind to the sockets.
But before running anything else, we permanently switch uid's
back to the unpriviledged user. But only if the first suid was
done
Alan T. DeKok [Wed, 26 Nov 2008 15:44:29 +0000 (16:44 +0100)]
Correct the attribute numbers for client accounting stats
Alan T. DeKok [Wed, 26 Nov 2008 15:40:03 +0000 (16:40 +0100)]
Use "ln -s" rather than "cp" for in-tree operation
Libtool on some platforms creates directories in the ".libs" directory.
Using "ln -s" rather than "cp" means we don't care what the destination
file type is, and we don't have to create a cross-platform "cp -R"
Alan T. DeKok [Tue, 25 Nov 2008 15:41:21 +0000 (16:41 +0100)]
Increase the field size for Acct-Session-Id to 64.
This closes #540
Alan T. DeKok [Tue, 25 Nov 2008 15:31:29 +0000 (16:31 +0100)]
LDAP-UserDn is in "control", not "request"
Closes #596
Alan T. DeKok [Tue, 25 Nov 2008 15:42:52 +0000 (16:42 +0100)]
Note changes
Alan T. DeKok [Tue, 25 Nov 2008 15:24:52 +0000 (16:24 +0100)]
Note recent fixes
Alan T. DeKok [Tue, 25 Nov 2008 13:44:00 +0000 (14:44 +0100)]
Add EVP_sha256 for WiMAX certificates
OpenSSL apparently doesn't include the EVP_sha256 digest by default,
and the WiMAX certificates require SHA256 certificates. So... we
add it manually.
However, the EVP_sha256 cipher is defined only if OPENSSL_FIPS is
defined, meaning we have to write a "configure" script check for this.
Alan T. DeKok [Tue, 25 Nov 2008 10:38:13 +0000 (11:38 +0100)]
Set default days because OpenSSL people won't do it.
Alan T. DeKok [Tue, 25 Nov 2008 09:39:35 +0000 (10:39 +0100)]
Document listen "type = status" better.
Closes #580
Alan T. DeKok [Tue, 25 Nov 2008 09:38:59 +0000 (10:38 +0100)]
Do "rm -rf lib" on "make clean".
It has no git controlled files, so this is OK
Alan T. DeKok [Tue, 25 Nov 2008 09:38:01 +0000 (10:38 +0100)]
Include <ltdl.h>
The file calles lt_dlopen(), so we need to include <ltdl.h>
fro proper function prototyping.
Partially addresses bug #610
Alan T. DeKok [Tue, 18 Nov 2008 13:05:49 +0000 (05:05 -0800)]
Check return codes for more instances of regcomp
Alan T. DeKok [Tue, 18 Nov 2008 13:03:13 +0000 (05:03 -0800)]
Note recent fixes
Alan T. DeKok [Tue, 18 Nov 2008 12:58:26 +0000 (04:58 -0800)]
Check the return code of regcomp
Alan T. DeKok [Thu, 6 Nov 2008 20:49:24 +0000 (12:49 -0800)]
Pass copy of debug_condition pointer to evalute
In some cases, evaluate will update the pointer. We don't
want this for debug conditions.
Alan T. DeKok [Thu, 23 Oct 2008 08:41:15 +0000 (10:41 +0200)]
Use SUN_LEN here, too
Alan T. DeKok [Wed, 15 Oct 2008 13:38:56 +0000 (15:38 +0200)]
Re-run autoconf
Alan T. DeKok [Wed, 15 Oct 2008 13:38:13 +0000 (15:38 +0200)]
More updates
Alan T. DeKok [Wed, 15 Oct 2008 13:30:52 +0000 (15:30 +0200)]
Check for getresuid && setresuid
Alan T. DeKok [Wed, 15 Oct 2008 05:50:03 +0000 (07:50 +0200)]
Removed thread pool from Perl module.
Also moved configuration from experimental.conf to it's own module,
and removed configuration for thread pool
Alan T. DeKok [Mon, 13 Oct 2008 15:27:11 +0000 (17:27 +0200)]
It's not 2.1.1
Alan T. DeKok [Wed, 15 Oct 2008 13:25:46 +0000 (15:25 +0200)]
Don't add -lreadline to LIBS
Alan T. DeKok [Sun, 12 Oct 2008 07:37:16 +0000 (09:37 +0200)]
libreadline is a library, not a dependency
Alan T. DeKok [Wed, 15 Oct 2008 13:24:39 +0000 (15:24 +0200)]
note changes pulled from main