Alan T. DeKok [Fri, 9 Oct 2009 12:05:09 +0000 (14:05 +0200)]
dded the rest of the insane attributes
Alan T. DeKok [Fri, 9 Oct 2009 09:59:26 +0000 (11:59 +0200)]
Fix VSA tunnel encryption. Allow sub-TLVs to be encrypted
Alan T. DeKok [Fri, 9 Oct 2009 09:23:51 +0000 (11:23 +0200)]
Defined a whack more attributes.
OMFG. They nest TLVs 4 deep! What the FUCK is up with that?
Alan T. DeKok [Fri, 9 Oct 2009 08:17:56 +0000 (10:17 +0200)]
Renamed evil function to be less evil
Alan T. DeKok [Fri, 9 Oct 2009 08:16:12 +0000 (10:16 +0200)]
Decode 3-level TLVs
Alan T. DeKok [Thu, 8 Oct 2009 15:41:55 +0000 (17:41 +0200)]
Now properly handles continuation without memcmp && memmove
Alan T. DeKok [Thu, 8 Oct 2009 13:50:16 +0000 (15:50 +0200)]
Now packing WiMAX TLVs, too
Alan T. DeKok [Thu, 8 Oct 2009 13:41:11 +0000 (15:41 +0200)]
Added support for non-TLV WiMAX VSAs
Alan T. DeKok [Thu, 8 Oct 2009 13:20:46 +0000 (15:20 +0200)]
First stab at rewrite of vp2attr.
This makes the code MUCH clearer, with fewer intermediate variables.
It also removes the WiMAX functionality entirely, but that will
be re-added later.
Alan T. DeKok [Thu, 8 Oct 2009 12:55:51 +0000 (14:55 +0200)]
Simplify RFC format attributes
Alan T. DeKok [Thu, 8 Oct 2009 10:37:25 +0000 (12:37 +0200)]
Start separating encoding of data from headers
Alan T. DeKok [Thu, 8 Oct 2009 08:37:08 +0000 (10:37 +0200)]
Fix typo, add more insane TLVs
Alan T. DeKok [Thu, 8 Oct 2009 08:36:47 +0000 (10:36 +0200)]
New macro
Alan T. DeKok [Thu, 8 Oct 2009 08:24:21 +0000 (10:24 +0200)]
Add support for THREE layers of TLVs
We can't yet encode/decode them, but holy shit...
Alan T. DeKok [Wed, 7 Oct 2009 13:02:27 +0000 (15:02 +0200)]
Start of adding new attributes
Alan T. DeKok [Tue, 6 Oct 2009 15:46:35 +0000 (17:46 +0200)]
Don't do memcmp, it's stupid.
Do even more sanity checks on concatenated attributes, so that
we do the minimum necessary
Alan T. DeKok [Tue, 6 Oct 2009 15:33:34 +0000 (17:33 +0200)]
Enforce order on WiMAX VSAs, just like original code
Alan T. DeKok [Tue, 6 Oct 2009 15:18:57 +0000 (17:18 +0200)]
Abstract wimax insanity on encoding into another function
Alan T. DeKok [Tue, 6 Oct 2009 13:15:20 +0000 (15:15 +0200)]
Decode attributes properly
Alan T. DeKok [Tue, 6 Oct 2009 13:10:42 +0000 (15:10 +0200)]
We seem to have the encoding down pat.
We really need to duplicate rad_vp2attr() and hack the shit out of it
for ONLY WiMAX attributes
The code also does NOT decode attributes properly...
Alan T. DeKok [Tue, 6 Oct 2009 13:00:19 +0000 (15:00 +0200)]
Simplify handling of TLVs by post-facto corrections
Alan T. DeKok [Tue, 6 Oct 2009 12:38:23 +0000 (14:38 +0200)]
Be more stringent about encoding TLVs
Alan T. DeKok [Tue, 6 Oct 2009 12:37:42 +0000 (14:37 +0200)]
Enforce WiMAX continuations.
Other vendors are not allowed to have them.
Alan T. DeKok [Tue, 6 Oct 2009 12:26:09 +0000 (14:26 +0200)]
Removed WiMAX continuation hacks.
It now encodes sub-TLVs (sort of). The code is simpler, too...
Alan T. DeKok [Tue, 6 Oct 2009 12:10:45 +0000 (14:10 +0200)]
vp2attr now takes an explicit buffer size
Alan T. DeKok [Tue, 6 Oct 2009 11:06:56 +0000 (13:06 +0200)]
Add mask to vp2tlv
Alan T. DeKok [Tue, 6 Oct 2009 10:48:55 +0000 (12:48 +0200)]
Fake dictionary. Not for public use!
Alan T. DeKok [Mon, 5 Oct 2009 13:41:50 +0000 (15:41 +0200)]
Fixed typo.
We now can decode disgusting shit evil nasty WiMAX nested shit fucking
retarded gangenous TLVs
Alan T. DeKok [Mon, 5 Oct 2009 13:34:46 +0000 (15:34 +0200)]
Allow nested TLVs to be read from the dictionary.
Did I mention I hate WiMAX?
Alan T. DeKok [Mon, 5 Oct 2009 13:34:15 +0000 (15:34 +0200)]
First hack to get second level TLVs working
Alan T. DeKok [Mon, 5 Oct 2009 12:34:01 +0000 (14:34 +0200)]
Reset vendorcode AFTER creating attribute
Alan T. DeKok [Mon, 5 Oct 2009 11:58:27 +0000 (13:58 +0200)]
Fix WiMAX encoding
Alan T. DeKok [Mon, 5 Oct 2009 11:54:34 +0000 (13:54 +0200)]
Fixed comparisons to be correct
Alan T. DeKok [Mon, 5 Oct 2009 11:54:16 +0000 (13:54 +0200)]
Fixes to build
Alan T. DeKok [Mon, 5 Oct 2009 10:32:36 +0000 (12:32 +0200)]
Miracle of miracles... it seems to work
Alan T. DeKok [Mon, 5 Oct 2009 10:04:35 +0000 (12:04 +0200)]
All of the modules now build.
No idea if they work or not...
Alan T. DeKok [Mon, 5 Oct 2009 09:24:56 +0000 (11:24 +0200)]
Many more changes to get it to build.
We're not done yet!
Alan T. DeKok [Mon, 5 Oct 2009 08:58:22 +0000 (10:58 +0200)]
Automatic search and replace for pairfind.
This should catch MOST of the usages of it.
perl -pi -e 's/pairfind\((.*?),(\s*)PW_(.*?)(\s*)\)/pairfind\($1,$2PW_$3, 0$4\)/gm' `find src/main src/modules -name "*.c" -print`
Alan T. DeKok [Mon, 5 Oct 2009 08:51:16 +0000 (10:51 +0200)]
Moved API to (attr, vendor), instead of just attr
Fixed libradius.h, and src/lib.
Updated some modules to call dict_addattr() according to new API
Alan T. DeKok [Mon, 31 May 2010 08:13:38 +0000 (10:13 +0200)]
Print out more request numbers
Alan T. DeKok [Mon, 31 May 2010 06:16:55 +0000 (08:16 +0200)]
Make schema more in line with the schema for other SQL servers
Alan T. DeKok [Sat, 29 May 2010 09:34:57 +0000 (11:34 +0200)]
Print out DHCP attributes sent / received
Alan T. DeKok [Sat, 29 May 2010 09:26:56 +0000 (11:26 +0200)]
Fix endless loop when there are multiple DHCP options
Alan T. DeKok [Mon, 24 May 2010 18:20:06 +0000 (20:20 +0200)]
Set line buf on stdout/err when logs go there
This makes log messages appear more quickly.
Alan T. DeKok [Mon, 24 May 2010 05:35:31 +0000 (07:35 +0200)]
If an integer is surrounded by whitespace, it's still an integer
Alan T. DeKok [Thu, 20 May 2010 15:40:32 +0000 (17:40 +0200)]
Fix template documentation
Alan T. DeKok [Thu, 20 May 2010 13:25:51 +0000 (15:25 +0200)]
No longer needed
Alan T. DeKok [Thu, 20 May 2010 13:25:22 +0000 (15:25 +0200)]
Do cert configuration stuff
Taken from Redhat
Alan T. DeKok [Wed, 19 May 2010 14:47:03 +0000 (16:47 +0200)]
Sync with upstream
Alan T. DeKok [Wed, 19 May 2010 14:27:04 +0000 (16:27 +0200)]
Note module return codes
Alan T. DeKok [Wed, 19 May 2010 13:16:53 +0000 (15:16 +0200)]
Pull change from RedHat devel
Alan T. DeKok [Wed, 19 May 2010 13:14:53 +0000 (15:14 +0200)]
Source files shouldn't have the executable bit set.
Alan T. DeKok [Wed, 19 May 2010 13:08:16 +0000 (15:08 +0200)]
As supplied by RedHat.
These files are direct copies of the upstream RedHat files, and should
work better on most RedHat systems
Alan T. DeKok [Wed, 19 May 2010 12:55:26 +0000 (14:55 +0200)]
Print out section name for empty sections
Alan T. DeKok [Fri, 7 May 2010 09:18:14 +0000 (11:18 +0200)]
Note example of SQL in post-auth reject, too
Alan T. DeKok [Fri, 7 May 2010 08:07:25 +0000 (10:07 +0200)]
Added server field to NAS table, and updated docs to match
Alan T. DeKok [Fri, 7 May 2010 07:34:20 +0000 (09:34 +0200)]
Made connected / disconnected messages into informational
If the module complains when it can't connect, it should also make
a not when it *can* connect, too.
Alan T. DeKok [Fri, 7 May 2010 07:18:21 +0000 (09:18 +0200)]
Change %{Acct-}*x -> %{%{Acct-}:-0}*x
This allows the calculation to proceed correctly when the attribute
doesn't exist. This change was made for other databases, and seems
to have been missed for Oracle
Alan T. DeKok [Thu, 6 May 2010 12:41:51 +0000 (14:41 +0200)]
Don't use msqlippool by default
Alan T. DeKok [Tue, 4 May 2010 12:36:42 +0000 (14:36 +0200)]
Enable core dumps after suid_down
Alan T. DeKok [Tue, 4 May 2010 09:30:50 +0000 (11:30 +0200)]
Treat bad records as EOF.
This helps when the disk is full, and rlm_detail writes a partial record.
Alan T. DeKok [Fri, 30 Apr 2010 07:58:13 +0000 (09:58 +0200)]
Note Samba bug
Alan T. DeKok [Fri, 30 Apr 2010 05:46:30 +0000 (07:46 +0200)]
Use pairadd() properly.
Alan T. DeKok [Thu, 29 Apr 2010 08:26:47 +0000 (10:26 +0200)]
Document more proxy functionality
If the NAS doesn't retransmit, we don't either.
Alan T. DeKok [Thu, 29 Apr 2010 08:25:47 +0000 (10:25 +0200)]
More debugging messages
So that the user knows when a socket is closed due to lifetime or max_queries
Alan T. DeKok [Thu, 29 Apr 2010 08:25:12 +0000 (10:25 +0200)]
Removed unnecessary fflush()
Alan T. DeKok [Thu, 29 Apr 2010 08:24:56 +0000 (10:24 +0200)]
Regenerated after last change
Alan T. DeKok [Thu, 29 Apr 2010 08:16:59 +0000 (10:16 +0200)]
Ignore autoconf files
Hopefully for 2.2.0, we can start getting rid of that horrible
system
Alan T. DeKok [Thu, 29 Apr 2010 05:53:18 +0000 (07:53 +0200)]
Added dependency on libssl-dev.
It already depends on many, many other packages. Nearly everyone wants
to use EAP, so let's add it to the default build.
Alan T. DeKok [Wed, 28 Apr 2010 14:52:05 +0000 (16:52 +0200)]
Add sub-options to Option 82
Alan T. DeKok [Wed, 28 Apr 2010 14:50:13 +0000 (16:50 +0200)]
Large code cleanups.
Fix error messages (no fprintf)
Enable option 82 sub-options
Allow it to originate DHCP packets, too
Alan T. DeKok [Wed, 28 Apr 2010 11:47:35 +0000 (13:47 +0200)]
Make dhcp_socket_t structure fall in line with listen_socket_t
Alan T. DeKok [Wed, 28 Apr 2010 11:39:46 +0000 (13:39 +0200)]
Fixed typo
Alan T. DeKok [Wed, 28 Apr 2010 09:01:14 +0000 (11:01 +0200)]
Use readline only if we have the header files
Otherwise people install libreadline, and then the compile stage
fails because there's no header files
Alan T. DeKok [Tue, 27 Apr 2010 16:53:17 +0000 (18:53 +0200)]
Fix error message for people who don't understand it
Alan T. DeKok [Tue, 27 Apr 2010 09:02:54 +0000 (11:02 +0200)]
Corrected documentation
Alan T. DeKok [Tue, 27 Apr 2010 07:47:38 +0000 (09:47 +0200)]
Try to fix link issues, as posted to the list
Alan T. DeKok [Tue, 27 Apr 2010 07:46:37 +0000 (09:46 +0200)]
Use rebind_proc only if args==3
This means that systems which have args != 3 will still build
Alan T. DeKok [Mon, 26 Apr 2010 15:24:41 +0000 (17:24 +0200)]
Work around for bug #35.
The packet is apparently getting freed when the request structure is still
in the list. Since it's hard to tell when / why this is happening,
the short-term fix is to work around it.
It's better to leak memory slowly than to crash quickly.
Alan T. DeKok [Mon, 26 Apr 2010 17:56:54 +0000 (19:56 +0200)]
Remove from proxy hash after packet has been verified
This avoids some esoteric conditions where an attacker who can monitor
the RADIUS packet stream could cause the server to sometimes forget
about packets that it proxied.
Also cleaned up other issues related to counters (home/listener) when
proxying.
Alan T. DeKok [Mon, 26 Apr 2010 13:38:30 +0000 (15:38 +0200)]
Added prototype
Alan T. DeKok [Mon, 26 Apr 2010 13:32:29 +0000 (15:32 +0200)]
More WITH_PROXY fixes
Alan T. DeKok [Wed, 21 Apr 2010 06:57:29 +0000 (08:57 +0200)]
Attributes for "cisco vsa hack" don't need to be string
Alan T. DeKok [Wed, 21 Apr 2010 06:56:54 +0000 (08:56 +0200)]
Better error messages for missing brace
Alan T. DeKok [Wed, 21 Apr 2010 06:55:00 +0000 (08:55 +0200)]
Allow to build without pthreads
Alan T. DeKok [Mon, 26 Apr 2010 13:57:40 +0000 (15:57 +0200)]
Fix build error
Alan T. DeKok [Wed, 21 Apr 2010 06:52:56 +0000 (08:52 +0200)]
Print out helpful error if a realm regex can't be parsed
Alan T. DeKok [Wed, 21 Apr 2010 06:52:21 +0000 (08:52 +0200)]
Prefer IPv4.
Alan T. DeKok [Wed, 21 Apr 2010 06:51:58 +0000 (08:51 +0200)]
Added WITH_PROXY to allow it to build without proxying
Alan T. DeKok [Fri, 16 Apr 2010 14:12:01 +0000 (16:12 +0200)]
Don't block when doing 'exec wait', and reading from pipe.
If the child is slow, then reading from the pipe will block until
the child exits. This will happen even if we intend later to wait
only 10 seconds for the child pid.
The solution is to call select() on the pipe. After 10 seconds,
if no progress has been made: kill -TERM the child, close the pipe,
and clean up the child PID.
Alan T. DeKok [Wed, 14 Apr 2010 03:00:39 +0000 (05:00 +0200)]
append tunneled reply, rather than moving it
This means that the operators are ignored, and any proxied
packet (with operators '=' for multiple VSAs of the same name) will
get handled properly.
Alan T. DeKok [Wed, 14 Apr 2010 02:59:26 +0000 (04:59 +0200)]
Fix node comparison on delete
This could be the cause of bug #35.
Alan T. DeKok [Tue, 13 Apr 2010 13:16:10 +0000 (15:16 +0200)]
Fixed typo. This should help divorce CoA from normal packets.
The previous fix worked, but this one is the real source of the bug
Alan T. DeKok [Mon, 12 Apr 2010 09:36:52 +0000 (11:36 +0200)]
Print out hex for invalid data in PEAP tunnel.
This helps debug issues.
Also change the "had sent TLV failure" message to a LONG set of
instructions for people who can't be bothered reading the debug output.
Alan T. DeKok [Fri, 9 Apr 2010 14:53:03 +0000 (16:53 +0200)]
Make request->number unsigned
So that we don't print negative numbers
Alan T. DeKok [Fri, 9 Apr 2010 10:17:36 +0000 (12:17 +0200)]
Ensure correct build order
include -> lib -> modules -> main
Alan T. DeKok [Thu, 8 Apr 2010 07:59:55 +0000 (09:59 +0200)]
Make subdirs before modules
Fixes "cannot build from clean directory" problem after switching to
the new method of using "make" for recursing into subdirs
Alan T. DeKok [Tue, 6 Apr 2010 23:59:57 +0000 (01:59 +0200)]
Add missing 'break' to escape '%' properly.
Alan T. DeKok [Tue, 6 Apr 2010 23:58:00 +0000 (01:58 +0200)]
On DHCP Discover fail, don't send a NAK
Instead, just don't respond
Alan T. DeKok [Wed, 31 Mar 2010 14:19:28 +0000 (16:19 +0200)]
Catch corner case of update disconnect in post-auth
If we proxy packets, we don't want to send disconnect, too