fcusack [Sat, 1 Jul 2006 00:14:58 +0000 (00:14 +0000)]
import from branch_1_1:
fix (reverse) selection of challenge and response vp's
fcusack [Sat, 1 Jul 2006 00:12:19 +0000 (00:12 +0000)]
fix (reverse) selection of challenge and response vp's
nbk [Thu, 29 Jun 2006 10:21:31 +0000 (10:21 +0000)]
This dpatch is not needed anymore since version 1.1.3 uses libtool 1.5
nbk [Thu, 29 Jun 2006 09:57:18 +0000 (09:57 +0000)]
Delete 13_a_libtool14_to_call_your_own.dpatch
since version 1.1.3 uses libtool 1.5
aland [Wed, 28 Jun 2006 00:01:39 +0000 (00:01 +0000)]
When we get a new packet, IF the old one is not currently being
processed by a thread, AND we're waiting for a proxy reply, then
we can discard the old request, as the NAS will never care about it.
When we receive the reply from the home server (if any), we'll ignore
it.
Also, don't be smart (i.e. stupid) about re-using "curreq". The
code leaked memory by trying to re-use it, without calling
request_alloc()
aland [Tue, 27 Jun 2006 23:53:38 +0000 (23:53 +0000)]
Don't retransmit accounting packets, the NAS should do that
aland [Tue, 27 Jun 2006 23:31:38 +0000 (23:31 +0000)]
Move to new packet list for main request handler, too. This
simplifies the code slightly.
Next, move back to a global for the packet list, and get rid
of per-socket lists, and much of the nonsense in listen.c
aland [Tue, 27 Jun 2006 23:29:47 +0000 (23:29 +0000)]
Corrected typo
aland [Tue, 27 Jun 2006 22:37:37 +0000 (22:37 +0000)]
Clean up API for packet list stuff, and a minor bug.
Update radclient for new API.
Update request_list.c to use new packet list code for proxying
packets. It's tested with radclient, it means that the
server now shares more code with radclient, and it's less code
in the server.
aland [Mon, 26 Jun 2006 22:57:30 +0000 (22:57 +0000)]
Updated after re-running with new autoconf
aland [Mon, 26 Jun 2006 22:54:06 +0000 (22:54 +0000)]
Use -I rather than -l with autoconf
Redo autoheader only if config.h.in exists
nbk [Mon, 26 Jun 2006 11:59:25 +0000 (11:59 +0000)]
Regenerate from configure.in 1.2 using autoconf 2.59.
fcusack [Fri, 23 Jun 2006 04:57:51 +0000 (04:57 +0000)]
note libltdl patch
fcusack [Fri, 23 Jun 2006 04:55:50 +0000 (04:55 +0000)]
try_dlopen() has a bug: it sometimes returns a handle if a dependency
library can't be loaded. It also returns an error status, however
lt_dlopenext() doesn't handle this well and returns the invalid handle.
This causes a segfault instead of a graceful exit. Update ltdl to
give an error telling the user to report the problem, so that we can
try to reproduce it and report to the libtool folks. We could just
leave ltdl unpatched; FR will exit either way.
fcusack [Fri, 23 Jun 2006 04:31:58 +0000 (04:31 +0000)]
update libtool and libltdl to 1.5.22, and improve the integration
by not requiring source modification (except for one change to
ltdl.c [for a bug] to follow)
nbk [Thu, 22 Jun 2006 08:46:00 +0000 (08:46 +0000)]
Test for unset variable, rather than empty variable in
clean_radacct, monthly_tot_stats and truncate_radacct.
http://bugs.debian.org/374053
Thanks to Rudy Godoy <rudy@kernel-panik.org> and Stephen
Gran <sgran@debian.org>.
aland [Wed, 21 Jun 2006 21:32:49 +0000 (21:32 +0000)]
Cleaned up fork code (again) so that when a module exec's a program,
we don't create zombie children.
Updated exec.c to wait 10s for a child response, and die if it
didn't respond in that time
aland [Fri, 16 Jun 2006 23:39:31 +0000 (23:39 +0000)]
Added "hash" back to RADIUS_PACKET, for speed.
Added new "packet list" implementation, which keeps track of
RADIUS_PACKET's across multiple sockets. Update radclient to use
it, which simplifies much of the radclient code.
The idea is that eventually the server, or any implementation that
needs to keep track of incoming/outgoing packets will use the
packet list code, which is simple, fast, and extensible.
With luck, we should be able to replace the horrid code in
request_list.c, which does all sorts of evil things on proxying.
We can also replace the bloated nightmare that listen.c has
become.
aland [Fri, 16 Jun 2006 19:09:49 +0000 (19:09 +0000)]
file dictionary.walabi was added on branch branch_1_1 on 2006-07-26 23:00:20 +0000
aland [Fri, 16 Jun 2006 19:09:49 +0000 (19:09 +0000)]
As found on the net
aland [Thu, 15 Jun 2006 21:47:14 +0000 (21:47 +0000)]
Port update hash code (using hash && compare callbacks) from the
head.
aland [Wed, 14 Jun 2006 23:31:30 +0000 (23:31 +0000)]
Document "if", "else", and "elsif" in modules sections.
aland [Wed, 14 Jun 2006 23:30:58 +0000 (23:30 +0000)]
else and elsif can't be used in load-balance sections, as we
would pick the "else" without the "if"..
aland [Wed, 14 Jun 2006 22:12:07 +0000 (22:12 +0000)]
Bump the stack max to 32
aland [Wed, 14 Jun 2006 17:40:54 +0000 (17:40 +0000)]
Indent lines in debug mode after "modcall:", so we can see what's
going on.
Add lineno to modcallable struct, it may be useful later.
Add group name to dump_tree stuff.
Add support for "if", "elsif", and "else" to modules!
We can now do things like:
users
if notfound {
ldap
}
elsif updated {
foo
}
else {
eap
}
This allows multiple branches in the module calling code, where
previously it allowed only "next module", or "return".
pnixon [Wed, 14 Jun 2006 15:16:39 +0000 (15:16 +0000)]
Shell-User should be Administrative-User these days
aland [Tue, 13 Jun 2006 18:19:15 +0000 (18:19 +0000)]
When returning, set return code
aland [Mon, 12 Jun 2006 23:56:24 +0000 (23:56 +0000)]
Call modules iteratively, rather than recursively.
This cleans up duplicate code that was in modcall.c, and means
that it's more likely we can put proxy into a module in the
authenticate section, in order to have it part of configurable
failover.
It also means that the "proxy EAP-MSCHAPv2 as MS-CHAPv2" and related
work will become easier, as we don't have to walk back up the entire
stack. Instead, we can just keep the "modcall stack" associated
with the request, and continue where we left off.
nbk [Mon, 12 Jun 2006 15:04:27 +0000 (15:04 +0000)]
Don't use a "config.h" file when it's not needed.
nbk [Mon, 12 Jun 2006 15:04:14 +0000 (15:04 +0000)]
Don't use a "config.h" file when it's not needed.
nbk [Mon, 12 Jun 2006 14:54:18 +0000 (14:54 +0000)]
Get only the mandatory variables from configure.
nbk [Mon, 12 Jun 2006 14:54:08 +0000 (14:54 +0000)]
Get only the mandatory variables from configure.
aland [Thu, 8 Jun 2006 19:42:13 +0000 (19:42 +0000)]
If no source IP, or AF_UNSPEC, use sendto(). This works around
the bug also fixed in 1.36/1.37 of src/main/listen.c.
pnixon [Wed, 7 Jun 2006 17:20:52 +0000 (17:20 +0000)]
minor gramatical fix
aland [Mon, 5 Jun 2006 17:30:37 +0000 (17:30 +0000)]
Include riverstone. We're up to 90+ dictionaries, 3k+ ATTRIBUTEs,
and 5k+ VALUEs.
aland [Mon, 5 Jun 2006 17:28:19 +0000 (17:28 +0000)]
file dictionary.riverstone was added on branch branch_1_1 on 2006-07-26 23:00:20 +0000
aland [Mon, 5 Jun 2006 17:28:19 +0000 (17:28 +0000)]
As found on the net, with edits
pnixon [Mon, 5 Jun 2006 16:55:21 +0000 (16:55 +0000)]
Added link to general documentation on Cisco RADIUS configuration
fcusack [Fri, 2 Jun 2006 16:58:14 +0000 (16:58 +0000)]
add 1.1.3 fixes
nbk [Fri, 2 Jun 2006 15:20:50 +0000 (15:20 +0000)]
Regenerate from configure.in using autoheader 2.13.
fcusack [Thu, 1 Jun 2006 19:02:16 +0000 (19:02 +0000)]
import from HEAD:
update rlm_otp implementation to talk to otpd instead of
doing the otp work directly
fcusack [Thu, 1 Jun 2006 16:15:07 +0000 (16:15 +0000)]
file otp_pw_valid.h was added on branch branch_1_1 on 2006-06-01 19:02:21 +0000
fcusack [Thu, 1 Jun 2006 16:15:06 +0000 (16:15 +0000)]
file otp_pw_valid.c was added on branch branch_1_1 on 2006-06-01 19:02:21 +0000
fcusack [Thu, 1 Jun 2006 16:15:06 +0000 (16:15 +0000)]
file otp_mppe.h was added on branch branch_1_1 on 2006-06-01 19:02:21 +0000
fcusack [Thu, 1 Jun 2006 16:15:06 +0000 (16:15 +0000)]
file otp_mppe.c was added on branch branch_1_1 on 2006-06-01 19:02:20 +0000
fcusack [Thu, 1 Jun 2006 16:15:04 +0000 (16:15 +0000)]
file extern.h was added on branch branch_1_1 on 2006-06-01 19:02:18 +0000
fcusack [Thu, 1 Jun 2006 16:15:02 +0000 (16:15 +0000)]
update rlm_otp implementation to talk to otpd instead of
doing the otp work directly
aland [Tue, 30 May 2006 22:11:18 +0000 (22:11 +0000)]
Make hash table have comparison callback, it's needed.
Update dict.c, request_list.c, rlm_files.c, and rlm_detail.c
to use updated API.
Move hash definitions to src/include/hash.h.
Add src/lib/packet.c, to have more code re-use between various
programs that need to send more than one RADIUS packet.
Updated listener code in radiusd && radclient to use new packet
routines. It's not complete yet, but the amount of duplicate
code is going down, and what's left is getting easier to understand.
aland [Tue, 30 May 2006 17:04:59 +0000 (17:04 +0000)]
Update docs on how it works
aland [Tue, 30 May 2006 17:03:46 +0000 (17:03 +0000)]
More descriptive error message
aland [Tue, 30 May 2006 16:58:13 +0000 (16:58 +0000)]
Note conflicts with digest dictionary
aland [Tue, 30 May 2006 16:57:55 +0000 (16:57 +0000)]
Add pointer to updated specs
aland [Sat, 27 May 2006 00:17:22 +0000 (00:17 +0000)]
Be a little smarter about allowing VALUE names that start
with digits. It turns out there's a bunch of these in the
dictionaries that haven't yet been caught, so being smarter
here helps a lot.
nbk [Thu, 25 May 2006 16:24:40 +0000 (16:24 +0000)]
The variable $? in "make" is different from $? in "bash",
therefore we need to write "exit $$?" in a Makefile.
nbk [Thu, 25 May 2006 16:24:21 +0000 (16:24 +0000)]
The variable $? in "make" is different from $? in "bash",
therefore we need to write "exit $$?" in a Makefile.
aland [Wed, 24 May 2006 16:34:12 +0000 (16:34 +0000)]
Latest set of changes
aland [Wed, 24 May 2006 16:31:43 +0000 (16:31 +0000)]
Pull fix from the head
aland [Wed, 24 May 2006 16:31:21 +0000 (16:31 +0000)]
Be smarter about returning error codes, so that SQL can re-connect.
Patch from bug #341, which closes the bug.
nbk [Sun, 21 May 2006 18:11:32 +0000 (18:11 +0000)]
Update the dpatch against 1.1.2.
nbk [Sun, 21 May 2006 17:35:25 +0000 (17:35 +0000)]
Regenerate from configure.in 1.198.2.15.2.7 using autoconf 2.13.
nbk [Sun, 21 May 2006 17:32:52 +0000 (17:32 +0000)]
Update version number, in preparation for 1.1.2 release.
nbk [Sun, 21 May 2006 16:20:58 +0000 (16:20 +0000)]
Regenerate from configure.in 1.5.4.1 using autoconf 2.13.
nbk [Sun, 21 May 2006 16:20:28 +0000 (16:20 +0000)]
Regenerate from configure.in 1.9.4.1 using autoconf 2.13.
nbk [Sun, 21 May 2006 16:20:00 +0000 (16:20 +0000)]
Regenerate from configure.in 1.2.4.1 using autoconf 2.13.
nbk [Sun, 21 May 2006 16:18:04 +0000 (16:18 +0000)]
Pull from CVS head:
Get OPENSSL_LIBS from the top-level "configure" script.
bjordanov [Sun, 21 May 2006 10:39:32 +0000 (10:39 +0000)]
Make %RAD_REQUEST read-write
nbk [Sat, 20 May 2006 12:44:37 +0000 (12:44 +0000)]
Drop unused config entries.
nbk [Sat, 20 May 2006 12:44:28 +0000 (12:44 +0000)]
Drop unused config entries.
nbk [Sat, 20 May 2006 12:19:12 +0000 (12:19 +0000)]
Latest set of changes.
aland [Fri, 19 May 2006 16:21:44 +0000 (16:21 +0000)]
Pull tagged VSA fix from the head
aland [Fri, 19 May 2006 16:20:04 +0000 (16:20 +0000)]
Allow tagged VSA's, because Juniper uses them.
This closes bug #367 & #368
aland [Fri, 19 May 2006 16:12:40 +0000 (16:12 +0000)]
document Proxy-To-Realm
aland [Fri, 19 May 2006 16:09:51 +0000 (16:09 +0000)]
Update with more docs on machine authentication & magic attributes
nbk [Fri, 19 May 2006 14:24:37 +0000 (14:24 +0000)]
Don't use the option -static anymore when linking radeapclient.
nbk [Fri, 19 May 2006 14:24:19 +0000 (14:24 +0000)]
Don't use the option -static anymore when linking radeapclient.
nbk [Fri, 19 May 2006 14:22:23 +0000 (14:22 +0000)]
Define a function log_debug() which is an unresolved symbol
in libeap. (closes: #350)
nbk [Fri, 19 May 2006 14:21:58 +0000 (14:21 +0000)]
Define a function log_debug() which is an unresolved symbol
in libeap. (closes: #350)
nbk [Fri, 19 May 2006 14:19:14 +0000 (14:19 +0000)]
Don't use rad_assert in libeap, it's a server-only function.
nbk [Fri, 19 May 2006 14:19:07 +0000 (14:19 +0000)]
Don't use rad_assert in libeap, it's a server-only function.
aland [Tue, 16 May 2006 18:27:08 +0000 (18:27 +0000)]
Drop changes that are in 1.1.x
aland [Tue, 16 May 2006 18:26:53 +0000 (18:26 +0000)]
Note changes
aland [Tue, 16 May 2006 18:26:06 +0000 (18:26 +0000)]
If the packet fails verification, silently drop it.
This is done by exporting rad_verify, and making people use it.
aland [Thu, 11 May 2006 16:48:21 +0000 (16:48 +0000)]
Be a little more careful about returning DICT_VALUEs
This closes bug #364
aland [Thu, 11 May 2006 16:25:10 +0000 (16:25 +0000)]
Be a little more careful about returning DICT_VALUEs
This closes bug #364
fcusack [Wed, 10 May 2006 19:51:24 +0000 (19:51 +0000)]
fix the supposed typo which wasn't a typo:
fcusack [Wed, 10 May 2006 19:47:13 +0000 (19:47 +0000)]
fix compiler warnings (and one typo)
fcusack [Wed, 10 May 2006 19:03:00 +0000 (19:03 +0000)]
udpate comments re: thread_pool.active_threads and locking
aland [Wed, 10 May 2006 16:53:15 +0000 (16:53 +0000)]
Pull Asterix dictionary from the head
aland [Wed, 10 May 2006 16:52:08 +0000 (16:52 +0000)]
For Asterix, as found on the net
aland [Wed, 10 May 2006 16:52:08 +0000 (16:52 +0000)]
file dictionary.digium was added on branch branch_1_1 on 2006-05-10 16:53:15 +0000
fcusack [Wed, 10 May 2006 06:40:54 +0000 (06:40 +0000)]
delete_thread(): clarify thread exit comments
aland [Tue, 9 May 2006 23:14:33 +0000 (23:14 +0000)]
Updates
aland [Tue, 9 May 2006 20:59:55 +0000 (20:59 +0000)]
Fix linked list code for EAP handlers.
aland [Tue, 9 May 2006 20:59:23 +0000 (20:59 +0000)]
Fix linked list code for EAP handlers.
pnixon [Tue, 9 May 2006 11:47:10 +0000 (11:47 +0000)]
Add Called/Calling StationId
fcusack [Tue, 9 May 2006 08:13:03 +0000 (08:13 +0000)]
import from HEAD:
update cardops keystring2keyblock method to take a card_info_t *
instead of some of its fields
fcusack [Tue, 9 May 2006 08:08:23 +0000 (08:08 +0000)]
update cardops keystring2keyblock method to take a card_info_t *
instead of some of its fields
aland [Mon, 8 May 2006 23:45:49 +0000 (23:45 +0000)]
Initialize flags.
aland [Mon, 8 May 2006 23:45:02 +0000 (23:45 +0000)]
Initialize flags.
pnixon [Sun, 7 May 2006 21:37:23 +0000 (21:37 +0000)]
This index modification makes accounting_update_query and accounting_stop_query several orders of magnitude faster at the expense of slowing down accounting_start_query a bit which overall makes the postgresql backend 200-300 times faster when using the defaul queries and schema with a "reasonable" amount of data.