aland [Mon, 5 Apr 2004 21:12:48 +0000 (21:12 +0000)]
Document $(R)
aland [Mon, 5 Apr 2004 21:02:17 +0000 (21:02 +0000)]
If the request queue is too large, complain, and discard the
new request.
If the request queue is full, double it in size.
aland [Mon, 5 Apr 2004 21:00:34 +0000 (21:00 +0000)]
The REQUEST is in the 'req' variable, not in 'request'
aland [Mon, 5 Apr 2004 18:52:37 +0000 (18:52 +0000)]
NOT match is NOT zero.
Thanks to Malcom Caldwell
pnixon [Sun, 4 Apr 2004 23:33:55 +0000 (23:33 +0000)]
Add 7 new Juniper attributes
kkalev [Sat, 3 Apr 2004 21:35:17 +0000 (21:35 +0000)]
Add ldap_userdn as a configuration directive. If set we use that for
user DN's (variables supported) instead of performing and ldap search for
each user. That can be somewhat faster.
kkalev [Sat, 3 Apr 2004 20:42:29 +0000 (20:42 +0000)]
* Sort the servers list in failed_logins,user_stats,stats
* Add the /bin postgresql compatibility patch from Guy Fraser
kkalev [Sat, 3 Apr 2004 20:28:12 +0000 (20:28 +0000)]
Add a few comments on the user of the Ldap-UserDN attribute
aland [Fri, 26 Mar 2004 19:18:17 +0000 (19:18 +0000)]
Documented %{0} etc.
aland [Fri, 26 Mar 2004 16:16:11 +0000 (16:16 +0000)]
Allow only 0..8.
When we have a new match, delete all references to old matches.
If we didn't have a match, don't reference the rxmatch array,
and delete all references to old matches
aland [Thu, 25 Mar 2004 21:22:28 +0000 (21:22 +0000)]
We now have man pages
aland [Thu, 25 Mar 2004 21:11:57 +0000 (21:11 +0000)]
We now have man pages
aland [Thu, 25 Mar 2004 19:25:37 +0000 (19:25 +0000)]
We now have man pages
aland [Thu, 25 Mar 2004 19:23:03 +0000 (19:23 +0000)]
We now have a man page
aland [Thu, 25 Mar 2004 19:17:30 +0000 (19:17 +0000)]
We now have man pages
aland [Thu, 25 Mar 2004 19:14:36 +0000 (19:14 +0000)]
More updates
aland [Thu, 25 Mar 2004 19:08:04 +0000 (19:08 +0000)]
We now have a man page. Updates should go there
aland [Thu, 25 Mar 2004 19:07:31 +0000 (19:07 +0000)]
A bit of updates
aland [Thu, 25 Mar 2004 18:01:13 +0000 (18:01 +0000)]
Interix requires -D_ALL_SOURCE, for reasons known only to them.
aland [Thu, 25 Mar 2004 17:13:40 +0000 (17:13 +0000)]
Updates
aland [Thu, 25 Mar 2004 17:05:55 +0000 (17:05 +0000)]
Made rbtree code handling for proxying request live.
Chris Brotsos says that it's slower, but ~8 seconds over 50K
requests, which is negligible.
Having proper locking allows us to handle ID's on proxy packets
better.
aland [Thu, 25 Mar 2004 15:23:49 +0000 (15:23 +0000)]
Corrected typos, where 'test -f' didn't match 'echo'
phampson [Thu, 25 Mar 2004 11:38:35 +0000 (11:38 +0000)]
Document -v option.
phampson [Thu, 25 Mar 2004 11:31:17 +0000 (11:31 +0000)]
Add accounting_update_query_alt to rlm_sql, to catch lost start packets
earlier than the eventual stop packet.
pnixon [Thu, 25 Mar 2004 08:49:05 +0000 (08:49 +0000)]
Some new Cisco VASs
pnixon [Thu, 25 Mar 2004 08:22:26 +0000 (08:22 +0000)]
Add new VSAs for CISCO SIP PROXY SERVER as defined at cisco.com/en/US/products/sw/voicesw/ps2157/products_administration_guide_chapter09186a00800c7944.html
aland [Thu, 25 Mar 2004 03:28:47 +0000 (03:28 +0000)]
Install eap.conf, too
aland [Wed, 24 Mar 2004 18:09:36 +0000 (18:09 +0000)]
Better linking of sub-modules, and added support for static
linking of SQL sub-modules
aland [Wed, 24 Mar 2004 18:06:28 +0000 (18:06 +0000)]
Added extra LCRYPT, for systems which have problems linking
otherwise (hello Interix)
pnixon [Wed, 24 Mar 2004 14:50:33 +0000 (14:50 +0000)]
update strip_dot function to return NULL if it receives a blank string
pnixon [Wed, 24 Mar 2004 13:56:28 +0000 (13:56 +0000)]
Change H323DisconnectCause from VARCHAR(2) to VARCHAR(20) because CSPS sends cause names instead of cause codes.
aland [Tue, 23 Mar 2004 22:19:31 +0000 (22:19 +0000)]
For '=~', add the matching sub-strings to the request, as %{0},
%{1}, %{2}, etc.
aland [Tue, 23 Mar 2004 22:14:24 +0000 (22:14 +0000)]
Preliminary support for xlat's of regex results: %{1}, %{2}, etc.
aland [Tue, 23 Mar 2004 22:08:37 +0000 (22:08 +0000)]
Include prototype for rl_add_proxy
mcr [Fri, 19 Mar 2004 02:22:16 +0000 (02:22 +0000)]
signed/unsigned fixes.
also put () around one expression, since it looks like it
was not meant to be default precedence.
mcr [Fri, 19 Mar 2004 02:21:08 +0000 (02:21 +0000)]
as a result of incrementing the EAP-id each time, the
cryptographic results have changed.
mcr [Fri, 19 Mar 2004 02:20:35 +0000 (02:20 +0000)]
increment the EAP-id on each stage of the transaction.
pnixon [Thu, 18 Mar 2004 21:04:43 +0000 (21:04 +0000)]
Add alternate index as a comment to support stupid cisco SIP softswitches
pnixon [Thu, 18 Mar 2004 21:03:55 +0000 (21:03 +0000)]
Fix spelling error
pnixon [Thu, 18 Mar 2004 21:03:14 +0000 (21:03 +0000)]
update ID tag
pnixon [Thu, 18 Mar 2004 20:26:00 +0000 (20:26 +0000)]
Update the documentation to make it easier to understand. Include info about VSA configs on Cisco
pnixon [Thu, 18 Mar 2004 18:27:36 +0000 (18:27 +0000)]
Change config name from "sql" to "pgsql-voip" to allow loading alongside an existing sql config
aland [Thu, 18 Mar 2004 15:56:50 +0000 (15:56 +0000)]
Don't de-reference proxy when asked to look at proxy reply, and
vice-versa
aland [Thu, 18 Mar 2004 15:39:13 +0000 (15:39 +0000)]
No proxy packet or proxy reply, don't do anything
pnixon [Thu, 18 Mar 2004 14:37:02 +0000 (14:37 +0000)]
Change all CalledID and CallingID fields to VARCHAR(80) to support Cisco CSPS (SIP Softswitch) which has stupidly long strings in the form of "sip:
001212223304@csps.domain.com>;tag=
5963C650-1BD". WooHoo.. We now support SIP billing as well as H323 :-)
pnixon [Thu, 18 Mar 2004 14:30:36 +0000 (14:30 +0000)]
Change CiscoNASPort from BOOL to Varchar(1) to fix compatibility problems
pnixon [Thu, 18 Mar 2004 13:00:18 +0000 (13:00 +0000)]
Changed StopTelephony column h323RemoteAddress from BOOL to INET to fix compatibility problems between tables
pnixon [Wed, 17 Mar 2004 21:24:26 +0000 (21:24 +0000)]
Update to SuSE build files to include files in /etc/raddb/certs/
aland [Tue, 16 Mar 2004 15:54:57 +0000 (15:54 +0000)]
Removed unnecessary character
aland [Tue, 16 Mar 2004 15:30:15 +0000 (15:30 +0000)]
Flush the buffer after writing to it
mgriego [Tue, 16 Mar 2004 15:16:14 +0000 (15:16 +0000)]
Check return value from registered xlat functions. If return value is 0,
treat the attribute as not found.
aland [Mon, 15 Mar 2004 19:17:43 +0000 (19:17 +0000)]
If input ends in one or more blank lines, don't get excited.
Patch from Chris Mikkelson
aland [Mon, 15 Mar 2004 19:10:47 +0000 (19:10 +0000)]
Moved EAP section to its own configuration file, as it was
getting large
cparker [Mon, 15 Mar 2004 01:27:11 +0000 (01:27 +0000)]
Added two realm module configure options. Ignore_default and
ignore_null. Boolean values that can be set to yes to cause the
specific module instance to not return a match on DEFAULT or NULL
realms respectively. This allows mutliple realm modules to coexist
with DEFAULT and NULL entries in 'raddb/proxy.conf' much nicer.
Updated man page, and radiusd.conf with examples.
cparker [Sun, 14 Mar 2004 01:25:10 +0000 (01:25 +0000)]
More man pages for commonly used modules.
aland [Fri, 12 Mar 2004 21:33:37 +0000 (21:33 +0000)]
A little better way of dealing with DICT_VALUEs that are defined
out of order
aland [Fri, 12 Mar 2004 19:06:56 +0000 (19:06 +0000)]
Get rid of "long" types. They're not needed.
aland [Fri, 12 Mar 2004 18:23:14 +0000 (18:23 +0000)]
Don't bother fixing these things up incorrectly
aland [Fri, 12 Mar 2004 16:35:48 +0000 (16:35 +0000)]
Look for post-proxy for tunneled session, and do it, if configured
aland [Fri, 12 Mar 2004 16:31:22 +0000 (16:31 +0000)]
Added instance, so that we can control with_ntdomain_hack,
for proxying EAP-MS-CHAP-V2 as MSCHAP-V2.
The wonderful Windows clients send User-Name = "DOMAIN\\user",
but calculate the MS-CHAP response based on "user", so they lie
to us. WTF were those people thinking?
aland [Fri, 12 Mar 2004 16:19:50 +0000 (16:19 +0000)]
After we've called MS-CHAP for authentication, delete the MPPE
keys from the response.
Handle proxying of EAP-MS-CHAP-V2 as MS-CHAP-V2
aland [Fri, 12 Mar 2004 16:14:53 +0000 (16:14 +0000)]
If the tunneled EAP session returned early because the server
is acting as a protocol translator for proxying (EAP-FOO to FOO),
then remember what's going on for later.
aland [Fri, 12 Mar 2004 16:12:53 +0000 (16:12 +0000)]
Minor formatting
aland [Fri, 12 Mar 2004 16:12:35 +0000 (16:12 +0000)]
A little prettier printing for -Xx
aland [Wed, 10 Mar 2004 20:29:20 +0000 (20:29 +0000)]
Padding is "NOT unaligned data", not "aligned data"
kkalev [Wed, 10 Mar 2004 14:29:32 +0000 (14:29 +0000)]
Add a force directive in log_badlogins. If uncommented it will force inserts even if there are
sql errors. That can help in case there is one sql query which stops the whole failed logins
logging system from working
aland [Tue, 9 Mar 2004 16:01:13 +0000 (16:01 +0000)]
Added attributes as posted to the list today
aland [Mon, 8 Mar 2004 22:04:36 +0000 (22:04 +0000)]
Export rad_postauth()
aland [Mon, 8 Mar 2004 21:51:30 +0000 (21:51 +0000)]
Added submodule tunnel callback
aland [Mon, 8 Mar 2004 21:51:03 +0000 (21:51 +0000)]
Expose rad_postauth
aland [Mon, 8 Mar 2004 21:47:57 +0000 (21:47 +0000)]
-X means debug_flag +=2.
This lets "-xX" set it to 3, rather than 2
aland [Mon, 8 Mar 2004 21:47:06 +0000 (21:47 +0000)]
Added 'const', for paranoia
aland [Mon, 8 Mar 2004 21:45:12 +0000 (21:45 +0000)]
More updates
aland [Mon, 8 Mar 2004 19:11:08 +0000 (19:11 +0000)]
If this VP isn't a LEAP thing, go to the next one.
This prevents an infinite loop.
aland [Fri, 5 Mar 2004 20:45:26 +0000 (20:45 +0000)]
Catch people who type 1 character hex strings
aland [Fri, 5 Mar 2004 17:51:17 +0000 (17:51 +0000)]
eapttls_process() was sometimes returning PW_FOO, and sometimes
returning RLM_MODULE_FOO. That's bad.
The code has now been fixed to be consistent.
aland [Fri, 5 Mar 2004 17:33:31 +0000 (17:33 +0000)]
If we've found openssl/ssl.h, then set -I$OPENSSL_INCLUDE
Patch from Rok Papez
aland [Thu, 4 Mar 2004 16:19:25 +0000 (16:19 +0000)]
Added docs for cisco_accounting_username_bug
aland [Thu, 4 Mar 2004 16:06:40 +0000 (16:06 +0000)]
Nope... Panther doesn't like this, either.
aland [Wed, 3 Mar 2004 19:52:36 +0000 (19:52 +0000)]
Explicitly link to -lradius, to get functions defined there, for
platforms like Mac OSX, which can't figure out that since radiusd
is linked to -lradius, and radiusd is also linked to rlm_mschap,
then it shouldn't be rocket science to have rlm_mschap use
the symbols from -lradius.
Instead, it forces you to link rlm_mschap against -lradius. Weird.
aland [Wed, 3 Mar 2004 19:50:50 +0000 (19:50 +0000)]
The encryption of the MPPE keys is done by tunnel_pwencode,
so we don't do it here, and we don't need to pass "secret" or
"request" to the gen keys function
aland [Wed, 3 Mar 2004 16:58:40 +0000 (16:58 +0000)]
added gtc{} to eap{}
aland [Wed, 3 Mar 2004 15:56:57 +0000 (15:56 +0000)]
Added another debug message about which section it's processing
mgriego [Tue, 2 Mar 2004 23:57:40 +0000 (23:57 +0000)]
Added cisco_accouting_username_bug to the rlm_eap_t.
mgriego [Tue, 2 Mar 2004 23:48:01 +0000 (23:48 +0000)]
Must have a semicolon at the end of the line.
mgriego [Tue, 2 Mar 2004 23:43:19 +0000 (23:43 +0000)]
Make 'radiusd -s' not daemonize like the man page says it won't.
aland [Tue, 2 Mar 2004 22:33:55 +0000 (22:33 +0000)]
Print out a warning message for groups which are empty.
aland [Tue, 2 Mar 2004 18:57:34 +0000 (18:57 +0000)]
Re-arrange send_one_packet, based on comments from Nicolas Baradakis
aland [Tue, 2 Mar 2004 18:52:53 +0000 (18:52 +0000)]
Got rid of radsend_walk function, and moved the code to the
main-line
aland [Tue, 2 Mar 2004 18:52:24 +0000 (18:52 +0000)]
Be less annoying about messages.
If a block is empty, and we didn't pick a particular type to call,
then don't complain.
aland [Tue, 2 Mar 2004 18:37:16 +0000 (18:37 +0000)]
Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given a
User-Name attribute in an Access-Accept, it copies one more byte
than it should.
So we work around it by configurably adding an extra zero byte.
Based on a patch from rok.papez
aland [Tue, 2 Mar 2004 18:20:11 +0000 (18:20 +0000)]
When proxying synchronously, if retry_delay * retry_count
is exceeded, then mark the realm dead, even if we didn't send
that many retries.
Patch from Chris Brotsos
aland [Tue, 2 Mar 2004 17:19:44 +0000 (17:19 +0000)]
Clean up the code a little more.
Print out more error messages.
In diameter2vp, check for data_len == length BEFORE padding length,
just like in diamater_verify. This will fix problems with broken
clients which don't pad.
kkalev [Tue, 2 Mar 2004 13:27:35 +0000 (13:27 +0000)]
In log_badlogins add a newline after every sql query so that the resulting file can be editable
kkalev [Sun, 29 Feb 2004 13:55:08 +0000 (13:55 +0000)]
If we are passed an empty password log a module failure message not an error message
kkalev [Sun, 29 Feb 2004 13:52:50 +0000 (13:52 +0000)]
Also be able to use Crypt-Password attribute.
If we are passed an empty password create a module failure message and fail
not just log an error message
kkalev [Sun, 29 Feb 2004 13:35:16 +0000 (13:35 +0000)]
Also update radiusd.conf
kkalev [Sun, 29 Feb 2004 13:33:17 +0000 (13:33 +0000)]
Add a timestamp and a timeout attribute in ippool_info. When we assign an ip we set timestamp
to request->timestamp and timeout to %{Session-Timeout:-0}. When we search for a free entry
we check if timeout has expired. If it has then we free the entry. We also add a maximum
timeout configuration directive. If it is non zero then we also use that one to free entries.
kkalev [Sun, 29 Feb 2004 13:06:57 +0000 (13:06 +0000)]
Replace user with username in postauth table. Patch by Guy Fraser
kkalev [Sun, 29 Feb 2004 12:16:17 +0000 (12:16 +0000)]
* Add a patch from Neil McCalden to not put spaces in the -p argument to the mysql binary.
* Fix a bug in conf/config.php3. Patch from Neil McCalden