Alan T. DeKok [Mon, 4 Jan 2010 16:50:22 +0000 (17:50 +0100)]
Reset ping variables in home server when marking it zombie
This should only affect situations when a home server doesn't respond
to normal packets, but does respond to "ping" packets.
Alan T. DeKok [Tue, 22 Dec 2009 12:01:43 +0000 (13:01 +0100)]
Prepare for 2.1.8, by re-naming version of master to 2.4.0
Alan T. DeKok [Mon, 21 Dec 2009 11:07:08 +0000 (12:07 +0100)]
Add OpenSSL license exception
Alan T. DeKok [Mon, 21 Dec 2009 09:46:20 +0000 (10:46 +0100)]
Make integers unsigned 32-bit, rather than signed
Alan T. DeKok [Sat, 19 Dec 2009 08:33:20 +0000 (09:33 +0100)]
Move DHCP options to "octets" type
Alan T. DeKok [Fri, 18 Dec 2009 13:08:32 +0000 (14:08 +0100)]
Simplify stats code, and keep track of dropped versus bad authenticators
Alan T. DeKok [Fri, 18 Dec 2009 12:52:50 +0000 (13:52 +0100)]
Make "dropped packet" message debugging
This is so that we don't spam the logs wih a DoS when we get lots
of packets with a bad signature
Alan T. DeKok [Fri, 18 Dec 2009 11:31:38 +0000 (12:31 +0100)]
Added notes on SQL && packets with zero session time
Alan T. DeKok [Thu, 17 Dec 2009 10:42:03 +0000 (11:42 +0100)]
Alan T. DeKok [Thu, 17 Dec 2009 10:28:12 +0000 (11:28 +0100)]
Removed unnecessary debug message
Alan T. DeKok [Thu, 17 Dec 2009 08:35:35 +0000 (09:35 +0100)]
Simplified use of llvm checker
Alan T. DeKok [Tue, 15 Dec 2009 15:01:20 +0000 (16:01 +0100)]
Ensure that len > 0
Alan T. DeKok [Tue, 15 Dec 2009 13:23:47 +0000 (14:23 +0100)]
Catch possible NULL pointer on editing attribute list
Alan T. DeKok [Tue, 15 Dec 2009 13:17:52 +0000 (14:17 +0100)]
Catch situations where COA may be NULL
Alan T. DeKok [Tue, 15 Dec 2009 10:52:03 +0000 (11:52 +0100)]
If we have "user=foo", and we're ALREADY running as that user, ignore it.
This prevents us from complaining when "initgroups" is run as non-root
Alan T. DeKok [Thu, 10 Dec 2009 10:41:55 +0000 (11:41 +0100)]
Fix CVE-2009-3736
Alan T. DeKok [Wed, 9 Dec 2009 14:48:30 +0000 (15:48 +0100)]
Template code to use lt_dladvise()
The libtool people have discovered that it's useful to allow
*additional* features from linking. Like allowing libraries to
link to libraries. Using this magic API allows FreeRADIUS to load
the Perl module, which in turn loads other modules, which in turn
load dynamic libraries. Right now, it complains because of
limitations in libltdl.
We COULD do these checks in 2.1.8, but that involves either adding
configure checks, OR upgrading our version of libltdl. We don't want
to do either.
Alan T. DeKok [Tue, 8 Dec 2009 15:31:02 +0000 (16:31 +0100)]
Add datarootdir from bug #51
Alan T. DeKok [Tue, 8 Dec 2009 13:00:53 +0000 (14:00 +0100)]
Handle case where Acct-Session-Time might not exist
Alan T. DeKok [Mon, 7 Dec 2009 12:53:14 +0000 (13:53 +0100)]
Add %{Attribute-Name#}
This prints the numerical value, rather than the decoded time/VALUE
Alan T. DeKok [Mon, 7 Dec 2009 12:24:14 +0000 (13:24 +0100)]
Added notes on use of FreeRADIUS-Acct-Session-Start-Time
Alan T. DeKok [Mon, 7 Dec 2009 12:20:12 +0000 (13:20 +0100)]
Added synthetic session start time attribute
Alan T. DeKok [Mon, 7 Dec 2009 09:38:51 +0000 (10:38 +0100)]
Make more errors non-fatal
Alan T. DeKok [Sun, 6 Dec 2009 16:02:08 +0000 (17:02 +0100)]
Added sample ntlm_auth module
Alan T. DeKok [Sun, 6 Dec 2009 12:54:14 +0000 (13:54 +0100)]
Use case insensitive comparison. Closes #36
Alan T. DeKok [Sun, 6 Dec 2009 12:51:01 +0000 (13:51 +0100)]
Portability fixes, as noted by bug #33
Alan T. DeKok [Sun, 6 Dec 2009 12:48:14 +0000 (13:48 +0100)]
IP pools require a transactional back-end
So we used InnoDB
Alan T. DeKok [Sun, 6 Dec 2009 12:43:59 +0000 (13:43 +0100)]
Remove notes on unsupported configuration items
Alan T. DeKok [Sun, 6 Dec 2009 12:39:00 +0000 (13:39 +0100)]
Be more specific about which detail files we suppress
Don't write packets back to the same detail file, but allow them
to be written to different detail files
Alan T. DeKok [Sun, 6 Dec 2009 12:37:13 +0000 (13:37 +0100)]
Removed re-definition of detail structure
Alan T. DeKok [Sun, 6 Dec 2009 12:36:28 +0000 (13:36 +0100)]
Moved detail structure defs to a public header file
Alan T. DeKok [Sat, 5 Dec 2009 14:58:19 +0000 (15:58 +0100)]
Fix code so that corner cases of %{%{foo}:-%{bar}} work
The previous code was odd... this code is simpler, and works.
Alan T. DeKok [Sat, 5 Dec 2009 14:54:08 +0000 (15:54 +0100)]
Re-set FP after closing it
Alan T. DeKok [Thu, 3 Dec 2009 09:25:33 +0000 (10:25 +0100)]
Sign client certs with CA rather than server cert
Alan T. DeKok [Wed, 2 Dec 2009 11:16:57 +0000 (12:16 +0100)]
Use intermediate buffer for error messages.
This prevents the messages from getting mangled
Alan T. DeKok [Wed, 2 Dec 2009 10:37:33 +0000 (11:37 +0100)]
Removed erroneous 'break'
Alan T. DeKok [Wed, 2 Dec 2009 07:51:27 +0000 (08:51 +0100)]
Fixed string copying in sub variable.
Apparently the only reason this worked before is that no one used it.
The decode_attribute() function did the string copying itself,
and therefore avoided this.
Alan T. DeKok [Tue, 1 Dec 2009 09:49:18 +0000 (10:49 +0100)]
Fixed typo
Alan T. DeKok [Tue, 1 Dec 2009 09:21:48 +0000 (10:21 +0100)]
Simplify use of fr_event_now
Alan T. DeKok [Mon, 30 Nov 2009 16:07:22 +0000 (17:07 +0100)]
Fix build problem
Alan T. DeKok [Mon, 30 Nov 2009 12:58:49 +0000 (13:58 +0100)]
Print out more useful debugging messages
Rather than
rlm_ldap: ...
do
[foo] ...
Which prints out the instance name in a slightly better format
Alan T. DeKok [Mon, 30 Nov 2009 09:05:37 +0000 (10:05 +0100)]
Cleanups and simplifications.
The FD_SET is now calculated in the event_loop() function,
making it harder to get it wrong.
fr_event_now() ALWAYS returns a time, calling gettimeofday()
if necessary
Alan T. DeKok [Mon, 30 Nov 2009 08:14:27 +0000 (09:14 +0100)]
Clean up "dead" child if there's no thread associated with the request
Alan T. DeKok [Sun, 29 Nov 2009 15:07:23 +0000 (16:07 +0100)]
Clean up state machine.
This error happens when "max_request_time" is set VERY low.
i.e. lower than "response_window". (12s versus 30s).
The current logic for enforcing the various timers is pretty bad. There
is one timer per request, and it bounces around between the different
requirements. At the time it was written, it seemed simpler than trying
to manage 3-4 simultaneous timers per request.
When the request is proxied, the timer being applied is for
"response_window". BUT by the time that expires, the "max_request_time"
has expired. The code *does* notice that it has expired. BUT it doesn't
notice that there's no child thread processing the request. So it waits
for the child thread to exit... forever.
At some point, a timer overflows, and it dies.
There are a few changes to make:
1) check for "no child" in this situation, and clean up the request rather
than waiting forever.
2) cap the timer to 5 minutes (this can still happen, for example, when a
bad DB locks a thread for hours at a time).
3) don't overflow when adding timer values.
Alan T. DeKok [Fri, 27 Nov 2009 14:58:58 +0000 (15:58 +0100)]
L_INFO, "PROXY:... --> L_PROXY, "...
Simplifies and regularizes the log messages
Alan T. DeKok [Fri, 27 Nov 2009 12:01:06 +0000 (13:01 +0100)]
Fix typo
Alan T. DeKok [Fri, 27 Nov 2009 11:07:25 +0000 (12:07 +0100)]
Initialize timers for Status-Server
For some weird reason they weren't initialized in debugging mode,
so we force it here. This WAS tested to work... so I have no idea
why it stopped.
We also ignore Status-Server packets when marking home_servers as
alive. That way, the ping_check will work properly...
Alan T. DeKok [Fri, 27 Nov 2009 10:53:29 +0000 (11:53 +0100)]
Use new home_server_find API
Alan T. DeKok [Fri, 27 Nov 2009 10:47:56 +0000 (11:47 +0100)]
Add tcp/udp to CLI for home_servers
Alan T. DeKok [Thu, 26 Nov 2009 18:10:44 +0000 (19:10 +0100)]
Remove erroneous handling of option 82
Alan T. DeKok [Thu, 26 Nov 2009 17:16:00 +0000 (18:16 +0100)]
Change some DEBUG to radlog
So that interesting state changes / internal events will get
logged
Alan T. DeKok [Thu, 26 Nov 2009 13:24:30 +0000 (14:24 +0100)]
Log more messages, rather than just doing debug with them
Alan T. DeKok [Sun, 22 Nov 2009 15:56:14 +0000 (16:56 +0100)]
Print names for unsupported eap types
Alan T. DeKok [Sun, 22 Nov 2009 15:47:29 +0000 (16:47 +0100)]
More warnings
Modifying the values of a virtual attribute is a bad idea.
Alan T. DeKok [Sun, 22 Nov 2009 15:35:20 +0000 (16:35 +0100)]
Check for NULL
Alan T. DeKok [Sun, 22 Nov 2009 08:26:51 +0000 (09:26 +0100)]
Fixed typo
Alan T. DeKok [Sun, 22 Nov 2009 08:18:16 +0000 (09:18 +0100)]
As posted to the list
Alan T. DeKok [Sun, 22 Nov 2009 08:16:22 +0000 (09:16 +0100)]
Move definition so that it doesn't cause issues
Use the RFC definitions for the name
Alan T. DeKok [Sun, 22 Nov 2009 08:12:15 +0000 (09:12 +0100)]
Revert "errormsg may be NULL"
This reverts commit
45877bf44b02d418b6fb263a39e5de07ced58b6e.
It doesn't fix the problem, and it seems to cause issues for
other people
Alan T. DeKok [Wed, 18 Nov 2009 17:34:17 +0000 (18:34 +0100)]
As posted to the list
Alan T. DeKok [Tue, 17 Nov 2009 10:19:17 +0000 (11:19 +0100)]
Move user/group/chroot/core to bootstrap config
It adds some extra stuff when starting in debug mode as root, but it
also means that "allow_core_dumps" works again.
Alan T. DeKok [Sat, 14 Nov 2009 09:29:40 +0000 (10:29 +0100)]
Make templates work again
Alan T. DeKok [Fri, 13 Nov 2009 13:15:51 +0000 (14:15 +0100)]
Allow !* to work
The code to delete all attributes (as documented in unlang) was
previously added in evaluate.c. But the parser hadn't been updated,
so it was impossible to actually use that functionality.
Alan T. DeKok [Thu, 12 Nov 2009 15:19:25 +0000 (16:19 +0100)]
Print commands from radmin when in debug mode
Alan T. DeKok [Thu, 12 Nov 2009 11:25:03 +0000 (12:25 +0100)]
Fix WiMAX encoding bug introduced in
326a68b90a1a
Alan T. DeKok [Fri, 6 Nov 2009 13:16:42 +0000 (08:16 -0500)]
As posted to the list
Alan T. DeKok [Tue, 3 Nov 2009 21:40:03 +0000 (16:40 -0500)]
From bug #45
Alan T. DeKok [Wed, 28 Oct 2009 13:44:38 +0000 (09:44 -0400)]
errormsg may be NULL
Alan T. DeKok [Fri, 23 Oct 2009 09:37:44 +0000 (11:37 +0200)]
As posted to the list
Alan T. DeKok [Wed, 21 Oct 2009 13:15:28 +0000 (15:15 +0200)]
Removed recursive mutexes.
Some systems don't support recursive mutexes. Instead, they hang.
So... we've got to re-write the code so that it doesn't depend on
recursive mutexes.
Alan T. DeKok [Tue, 20 Oct 2009 14:28:58 +0000 (16:28 +0200)]
Conf for debugging
Alan T. DeKok [Tue, 20 Oct 2009 14:07:18 +0000 (16:07 +0200)]
Fix openssl checks
Alan T. DeKok [Tue, 20 Oct 2009 13:05:05 +0000 (15:05 +0200)]
Check src_port, not dst_port
Alan T. DeKok [Tue, 20 Oct 2009 13:03:54 +0000 (15:03 +0200)]
Always initialize proto
Alan T. DeKok [Tue, 20 Oct 2009 13:03:20 +0000 (15:03 +0200)]
Initialize proto for old-style realms
Alan T. DeKok [Tue, 20 Oct 2009 12:53:38 +0000 (14:53 +0200)]
Initialize via attr
Alan T. DeKok [Tue, 20 Oct 2009 10:14:36 +0000 (12:14 +0200)]
Retry if there was no response to the packet.
Alan T. DeKok [Sun, 18 Oct 2009 15:19:22 +0000 (17:19 +0200)]
Print env vars in parent, not child
Alan T. DeKok [Sun, 18 Oct 2009 11:47:06 +0000 (13:47 +0200)]
Changed stop packet msg to debug rather than error
Alan T. DeKok [Sun, 18 Oct 2009 07:04:36 +0000 (09:04 +0200)]
Define names
Alan T. DeKok [Fri, 16 Oct 2009 16:53:49 +0000 (18:53 +0200)]
Call detach only if function exists
Alan T. DeKok [Tue, 13 Oct 2009 10:53:49 +0000 (12:53 +0200)]
Write the PID file as late as possible
i.e. after checking the config, and after opening any sockets
Alan T. DeKok [Tue, 13 Oct 2009 10:52:12 +0000 (12:52 +0200)]
Fix typo
Alexander Clouter [Sat, 10 Oct 2009 12:25:29 +0000 (13:25 +0100)]
fix debian/rules to honour CFLAGS
Fixed up debian/rules to allow CFLAGS to be honoured.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Mon, 12 Oct 2009 11:56:49 +0000 (13:56 +0200)]
Fix typo
Alan T. DeKok [Mon, 12 Oct 2009 11:17:26 +0000 (13:17 +0200)]
Don't use source IP for EAP packets.
We control State, so it should be unique, too
Alan T. DeKok [Mon, 12 Oct 2009 11:14:09 +0000 (13:14 +0200)]
Make client/port/key-balance more like fail-over
Previously, they would default to load-balancing across all
found servers. Now they don't. This makes keyed-balance proxying
more robust with EAP
Alan T. DeKok [Mon, 12 Oct 2009 10:14:09 +0000 (12:14 +0200)]
Return rather than use the same ptr twice
Alan T. DeKok [Tue, 6 Oct 2009 09:28:36 +0000 (11:28 +0200)]
Forgot to include this...
Alan T. DeKok [Tue, 6 Oct 2009 08:21:45 +0000 (10:21 +0200)]
Ensure that there is a cleanup event for proxied packets
If there was no reply, clean up, reject, etc. the request.
This doesn't matter so much for normal clients, as they will retransmit
and cause the old request to be deleted from the request hash.
But detail requests have random ports (for other reasons), so
they won't be cleaned up by new packets. Therefore, we need to clean
them up...
Alan T. DeKok [Tue, 6 Oct 2009 08:21:17 +0000 (10:21 +0200)]
Added more debugging messages
Alan T. DeKok [Tue, 6 Oct 2009 06:48:02 +0000 (08:48 +0200)]
Mark home server dead if it doesn't respond to pings
Alan T. DeKok [Mon, 5 Oct 2009 15:32:39 +0000 (17:32 +0200)]
Check for undefined types, too
Alan T. DeKok [Mon, 5 Oct 2009 15:12:33 +0000 (17:12 +0200)]
Set broadcast && reuseaddr before binding to socket
Alan T. DeKok [Sun, 4 Oct 2009 16:12:12 +0000 (18:12 +0200)]
Simplify the code
Alan T. DeKok [Sat, 3 Oct 2009 18:07:53 +0000 (20:07 +0200)]
More detailed debugging for detail
Alan T. DeKok [Sat, 3 Oct 2009 18:07:22 +0000 (20:07 +0200)]
Be more restrictive on bad input
Addresses bug #27
Alan T. DeKok [Sat, 3 Oct 2009 17:58:17 +0000 (19:58 +0200)]
Start simplifying the code that encodes attributes
Alan T. DeKok [Fri, 2 Oct 2009 08:52:44 +0000 (10:52 +0200)]
Fix passwords to have even length
Alan T. DeKok [Thu, 1 Oct 2009 13:07:51 +0000 (15:07 +0200)]
Increase max_sessions