cmiller [Thu, 13 Sep 2001 02:19:21 +0000 (02:19 +0000)]
debian: bah! dpkg-deb doesn't forgive spaces at end of conffile list lines.
cmiller [Thu, 13 Sep 2001 02:09:05 +0000 (02:09 +0000)]
debian: list some post-build conffiles.
cmiller [Thu, 13 Sep 2001 01:32:59 +0000 (01:32 +0000)]
debian: changes for upload to archive. (I wish this were 0.3!)
cmiller [Wed, 12 Sep 2001 23:24:28 +0000 (23:24 +0000)]
It's unfortunate that IBM's and Berkeley's DB2 have the same name. Ah, the
Bad Old Days of Unix.
Autoconfized the sql db2 module, and cleaned up the source code's indentions.
cmiller [Wed, 12 Sep 2001 22:42:12 +0000 (22:42 +0000)]
Style changes, not code changes.
cmiller [Wed, 12 Sep 2001 22:39:17 +0000 (22:39 +0000)]
No longer pretend that we print out autoconf info at runtime. This would
be nice, but writing an automatic way is Hard and manually doing it would be
abandoned.
aland [Wed, 12 Sep 2001 15:09:42 +0000 (15:09 +0000)]
If we're NOT in debug mode, then do NOT write debugging messages
to the log file!
Based on input from Nick Davis <ndavis@iexposure.com>
aland [Tue, 11 Sep 2001 21:33:16 +0000 (21:33 +0000)]
Declare a function before it's used.
Patch from Raghu <raghud@hereuare.com>
aland [Mon, 10 Sep 2001 21:53:16 +0000 (21:53 +0000)]
Updated PGROOT tests, to hopefully work on Solaris. Based on
comments from "John Padula" <john_padula@aviancommunications.com>
aland [Mon, 10 Sep 2001 21:14:57 +0000 (21:14 +0000)]
Patch from Raghu <raghud@hereuare.com>
Allow Message-Authenticator and EAP-Message attributes to be
passed in Access-Reject packets.
aland [Sat, 8 Sep 2001 21:10:46 +0000 (21:10 +0000)]
Corrected the text for ':=' and '+=', as noted by
Andrei Koulik <agk@sci-nnov.ru>
aland [Sat, 8 Sep 2001 19:18:08 +0000 (19:18 +0000)]
For non-threaded code, set 'req->finished = TRUE' when the
child process exits.
aland [Sat, 8 Sep 2001 17:09:39 +0000 (17:09 +0000)]
Modified patch from "Ivan F. Martinez" <ml@ivanfm.com>
When you try to use {request:Attribute} or {reply:attribute}
the routine enters an infinite loop. This patch fixes the problem.
aland [Sat, 8 Sep 2001 17:05:49 +0000 (17:05 +0000)]
Make the spec files agree with the standard installation.
Patch from "Ivan F. Martinez" <ml@ivanfm.com>
aland [Thu, 6 Sep 2001 20:10:59 +0000 (20:10 +0000)]
Included ifdef'd out code for testing
aland [Thu, 6 Sep 2001 18:19:20 +0000 (18:19 +0000)]
removed WITH_DBM from the code, as if it's ever done again, it
will be done with a module.
aland [Thu, 6 Sep 2001 16:14:43 +0000 (16:14 +0000)]
Use correct enum values for returned token types, not hard-coded
numbers
bug noted by Spike Ilacqua <spike@indra.com>
aland [Thu, 6 Sep 2001 16:06:25 +0000 (16:06 +0000)]
changed uses of malloc() to rad_malloc(), which never fails.
This removes a lot of error checking code.
Re-formatted the code, to get rid of excessive indentation
aland [Thu, 6 Sep 2001 14:14:08 +0000 (14:14 +0000)]
Additional defines for OSFC2 / OSFSIA authentication
aland [Thu, 6 Sep 2001 13:54:19 +0000 (13:54 +0000)]
Fix bug number 104 (hopefully). I don't have access to a machine
with OSFC2, or OSFSIA, so I can't test the patches.
cmiller [Wed, 5 Sep 2001 22:58:10 +0000 (22:58 +0000)]
Changed confusing wording in 'proxy' comment.
aland [Wed, 5 Sep 2001 21:11:44 +0000 (21:11 +0000)]
Enable Access-Challenge to work, and pass through the server when
proxying.
Patch from Raghu <raghud@hereuare.com>
aland [Wed, 5 Sep 2001 18:51:24 +0000 (18:51 +0000)]
Message-Autheticator is calculated and inserted in the packet
before the Response Authenticator is *calculated*.
Message-Authenticator is reinitialized after verification,
for proper *Request/Response Authenticator* verification.
Reinitialize Authenticator, for consistency in resending.
Patch from Raghu <raghud@hereuare.com>
aland [Wed, 5 Sep 2001 17:20:09 +0000 (17:20 +0000)]
Added drivers for IBM DB2, which has been tested against
DB2 UDB V7.1
The driver uses DB2's CLI interface so the DB2 client libraries
have to be installed to compile and use the driver.
Code from Joerg Wendland <wendland@scan-plus.de>
cmiller [Sat, 1 Sep 2001 00:07:36 +0000 (00:07 +0000)]
Removed silly reference to init.d for Debian. It's part of the package.
aland [Wed, 29 Aug 2001 15:00:05 +0000 (15:00 +0000)]
Added 'original' packet to rad_send(), so that it can calculate
the Message-Authenticator properly for Access-Accept packets,
which depend on the Access-Request authentication vector.
Updated the rest of the code to call rad_send() with the original
packet, where possible.
aland [Tue, 28 Aug 2001 22:59:33 +0000 (22:59 +0000)]
When sending a packet, ensure that the authentication vector
from the packet sent on the wire is copied to the vector entry
in the RADIUS_PACKET data structure. This allows us to later use
that vector for verification.
Re-arranged the verification code, so that the Message-Authenticator
(if present) is verified prior to the authentication vector. This
allows the Message-Authenticator verification code to set the
contents of the attribute to zeros, which is what their contents
are when the authentication vector is calculated.
Calculate the Accounting-Response authentication vector, in
exactly the same was for the Authentication-Accept and
Authentication-Reject vectors
aland [Tue, 28 Aug 2001 20:27:52 +0000 (20:27 +0000)]
Removed the Add-Port-To-IP-Address attribute. It's handled
another way now.
Correct bug which prevented it from adding the port.
Bug found by "John Padula" <john_padula@aviancommunications.com>
aland [Tue, 28 Aug 2001 20:13:37 +0000 (20:13 +0000)]
Don't smash the contents of ascend binary strings.
Patch from Michael Chernyakhovsky <magmike@mail.ru>
aland [Tue, 28 Aug 2001 20:01:47 +0000 (20:01 +0000)]
Changed the tokens from being define's to enums. This allows
us to more easily check for all tokens in a 'switch' statement,
and results in stronger typing of variables.
aland [Tue, 28 Aug 2001 19:54:46 +0000 (19:54 +0000)]
Update the length of the password, when sending multiple packets
aland [Tue, 28 Aug 2001 16:40:50 +0000 (16:40 +0000)]
Added EAP auth-type, and cleaned up some stuff
aland [Tue, 28 Aug 2001 16:17:23 +0000 (16:17 +0000)]
When validating the packet, look for EAP-Message. If we see it
and we do NOT see a Message-Authenticator, then it's a malformed
packet, and we discard it.
RFC 2869, section 5.13
aland [Tue, 28 Aug 2001 16:11:27 +0000 (16:11 +0000)]
Renamed string type nas port id
aland [Tue, 28 Aug 2001 16:02:00 +0000 (16:02 +0000)]
Added definitions for attributes from RFC 2869
aland [Mon, 27 Aug 2001 20:19:43 +0000 (20:19 +0000)]
When sending a packet, calculate the Message-Authenticator.
When receiving a packet, verify the Message-Authenticator.
aland [Mon, 27 Aug 2001 20:18:10 +0000 (20:18 +0000)]
Corrected typo: use memcpy, not memset
aland [Mon, 27 Aug 2001 20:12:03 +0000 (20:12 +0000)]
Added 'const' to more parameters.
aland [Mon, 27 Aug 2001 18:14:22 +0000 (18:14 +0000)]
Final patches to get Exec-Program to work, too.
Based on input from Michael Chernyakhovsky <magmike@mail.ru>
aland [Mon, 27 Aug 2001 17:53:41 +0000 (17:53 +0000)]
Updated for latest set of patches
aland [Mon, 27 Aug 2001 17:52:23 +0000 (17:52 +0000)]
Initialize variables properly.
Patch from Andriy I Pilipenko <bamby@marka.net.ua>, to close
bug #143
aland [Mon, 27 Aug 2001 17:48:36 +0000 (17:48 +0000)]
Rename the 'init' script to 'radiusd', instead of 'radiusd.init'
Patch from Christian Vogel <chris@amor.iksys.de>
aland [Mon, 27 Aug 2001 17:46:47 +0000 (17:46 +0000)]
Added GNU license and copyright.
Corrected typo
aland [Mon, 27 Aug 2001 17:42:57 +0000 (17:42 +0000)]
Added GNU license, copyright, and pointer to web page
aland [Mon, 27 Aug 2001 17:40:56 +0000 (17:40 +0000)]
Do more sanity checks on incoming attributes in rad_recv()
cparker [Sat, 25 Aug 2001 00:08:29 +0000 (00:08 +0000)]
updated module type to be 'RLM_TYPE_THREAD_USAFE' due to the use of
getusershell(), which is not thread safe
aland [Fri, 24 Aug 2001 18:28:38 +0000 (18:28 +0000)]
Use the 'test' program properly, with command-line arguments.
Bug found by Robert Haskins <rhaskins@ziplink.net>
aland [Thu, 23 Aug 2001 19:30:07 +0000 (19:30 +0000)]
when updating the ut_name utmp entry, do NOT always smash a trailing
zero on the name. The field is fixed width, so it's OK to have
an 8-character username, without a trailing 0.
Bug found by Michael Chernyakhovsky <magmike@mail.ru>
cparker [Thu, 23 Aug 2001 15:05:46 +0000 (15:05 +0000)]
corrected 'u_int8_t' to be 'uint8_t' -cparker
aland [Wed, 22 Aug 2001 19:41:22 +0000 (19:41 +0000)]
If there was an error forking the program, free the strdup'd
exec_program string.
aland [Wed, 22 Aug 2001 17:31:55 +0000 (17:31 +0000)]
Hmm.. let's create logdir && radacctdir on installation, too.
That avoids problems where the default config doesn't work.
aland [Mon, 20 Aug 2001 22:42:38 +0000 (22:42 +0000)]
cleaned up the code, and added more log / debug messages to
rad_check_password.
aland [Fri, 17 Aug 2001 19:45:25 +0000 (19:45 +0000)]
Change instances of 'assert' to 'rad_assert', so that it can
log the error to the standard radius log files.
Patch from Vesselin Atanasov <vesselin@bgnet.bg>
aland [Fri, 17 Aug 2001 19:04:55 +0000 (19:04 +0000)]
Patch to fix segv from Tomas Heredia <tomas@intermediasp.com>
sql_num_fields may return -1 in case of error, so the freeing
loop could cause a seg fault.
aland [Fri, 17 Aug 2001 18:02:59 +0000 (18:02 +0000)]
When sending multiple packets with the same attributes, ensure
that the CHAP-Password attribute is encoded properly, too.
Bug noted by Peter Shin <Peter.Shin@team.ozemail.com.au>
aland [Fri, 17 Aug 2001 14:10:51 +0000 (14:10 +0000)]
We're radiusd, not httpd
aland [Fri, 17 Aug 2001 13:57:37 +0000 (13:57 +0000)]
Corrected speling mistake. :)
aland [Thu, 16 Aug 2001 15:07:22 +0000 (15:07 +0000)]
Added 0.3 pre-release changes
aland [Thu, 16 Aug 2001 15:06:16 +0000 (15:06 +0000)]
Run Exec-Program, or Exec-Program-Wait when we first receive
an accounting packet.
Note that the executed script can add items like Proxy-To-Realm!
Bug found by Michael Chernyakhovsky <magmike@mail.ru>
aland [Thu, 16 Aug 2001 15:01:12 +0000 (15:01 +0000)]
When processing the acct_users file, actually *keep* the reply
pairs, instead of throwing them away.
aland [Wed, 15 Aug 2001 20:45:33 +0000 (20:45 +0000)]
Give functions a return code, even if the last thing they do is call
exit()
aland [Wed, 15 Aug 2001 20:44:44 +0000 (20:44 +0000)]
Updated to NOT leak small amount of memory when the server
first initializes.
pam [Wed, 15 Aug 2001 12:04:41 +0000 (12:04 +0000)]
Small optimization: we don't need get ldap_errno via ldap_get_option() call unless ldap_result() failed.
aland [Tue, 14 Aug 2001 18:48:19 +0000 (18:48 +0000)]
When doing proxying synchronously, we still need to update
the proxy_next_try time, so that we know not to wake up too
early.
Patch from Raghu <raghud@hereuare.com>
aland [Mon, 13 Aug 2001 20:41:59 +0000 (20:41 +0000)]
As posted to the list by Chris Boyd <CBoyd@apogeetelecom.com>
aland [Mon, 13 Aug 2001 20:32:30 +0000 (20:32 +0000)]
Log invalid user for proxy authentication rejects, too.
Bug found by VISP Systems Administration <help@visp.net>
aland [Mon, 13 Aug 2001 14:14:33 +0000 (14:14 +0000)]
If we're logging a message before the logger has been initialized,
dump them to the console, too.
Patch from Vesselin Atanasov <vesselin@bgnet.bg>
aland [Thu, 9 Aug 2001 15:07:32 +0000 (15:07 +0000)]
Minor re-arrangements to Expiration. Attribute 21 is deprecated,
and no longer used, so Expiration is now an internal server attribute.
Registered the handler for expiration at init time, so that we
can check for it when a packet comes in.
Bug noted by Leon Dorfman <leon_dorfman@yahoo.com>. This should
fix bug #141.
aland [Wed, 8 Aug 2001 19:15:51 +0000 (19:15 +0000)]
Checks for ut_xtime. If it doesn't exist, try to define it as
something which may exist.
This change (hopefully) fixes bug #125
aland [Wed, 8 Aug 2001 17:50:55 +0000 (17:50 +0000)]
Use THEMAX instead of MAX, as THEMAX is defined locally, and
MAX may not be.
Bug found by Gerard.Gobillard@alcatel.fr
aland [Wed, 8 Aug 2001 17:32:34 +0000 (17:32 +0000)]
Corrected tpye, and SNMP configuration bug, first noticed by
"Norman Brandinger" <norm@goes.com> on Jun 6.
aland [Wed, 8 Aug 2001 17:21:15 +0000 (17:21 +0000)]
Removed ifdef's around ascend secret stuff. It works.
This closes bug #132
aland [Tue, 7 Aug 2001 21:20:46 +0000 (21:20 +0000)]
Decode the ascend send/receive secrets in rad_decode(), too.
aland [Tue, 7 Aug 2001 20:54:35 +0000 (20:54 +0000)]
Preliminary hack for sending Ascend-Send-Secret attribute.
It really needs work to be robust, and is currently ifdef'd out.
aland [Tue, 7 Aug 2001 20:32:03 +0000 (20:32 +0000)]
Allow reading the shared secret from a file, to make it more secret.
Based on a patch from eravin@panix.com
aland [Tue, 7 Aug 2001 15:22:07 +0000 (15:22 +0000)]
deleted references to HAVE_THREAD_POOL. We now assume that ANY
thread capability means that we're using thread pools.
Deleted old non-pooled thread code, as it was really problematic.
aland [Tue, 7 Aug 2001 15:17:39 +0000 (15:17 +0000)]
Made 'WITH_THREAD_POOL=yes' the default, and removed the configure
optiont to disable thread pools.
Now, if you have threads, you have thread pools. This gets rid of
lots of yucky problems.
aland [Thu, 2 Aug 2001 18:20:48 +0000 (18:20 +0000)]
On accounting, if NO proxy packet, do preacct, acct, and then
if configured to proxy the packet, stop. Otherwise, reply.
On proxy reply packet, don't do any of preacct or acct. Simply
reply to the NAS
aland [Thu, 2 Aug 2001 15:21:14 +0000 (15:21 +0000)]
Hmm... let's bump up the version number (sigh)
aland [Tue, 31 Jul 2001 17:35:03 +0000 (17:35 +0000)]
Patch from rob <rob@work.gb.com> to avoid freeing memory too early
aland [Mon, 30 Jul 2001 20:20:39 +0000 (20:20 +0000)]
Patch for Cisco L2TP tunnels, from Paul Khavkine <paul@colba.net>
aland [Mon, 30 Jul 2001 20:12:11 +0000 (20:12 +0000)]
Deleted references to Cistron, updated in preparation for the 0.2.0
release.
cmiller [Mon, 30 Jul 2001 00:01:59 +0000 (00:01 +0000)]
debian: use debhelper compat 3
debian: remove freerad from shadow group properly, when purging
aland [Sat, 28 Jul 2001 17:59:39 +0000 (17:59 +0000)]
configure with-rlm-krb5-lib/include-dir
aland [Sat, 28 Jul 2001 17:57:41 +0000 (17:57 +0000)]
Corrected typo
aland [Sat, 28 Jul 2001 17:51:11 +0000 (17:51 +0000)]
Added configure options 'with-rlm-FOO-include/lib-dir', so that
lower-level rlm_FOO modules can be configured via the top-level
configuration file. Note that actually configuring rlm-FOO doesn't
do anything. The options are here just to serve as place holders
and documentation for how to configure the lower-level modules.
Note also that few of the lower-level modules look for those
configure options. Adding them is the next step.
aland [Sat, 28 Jul 2001 17:41:51 +0000 (17:41 +0000)]
make thread pools the default, and other minor changes to
support this.
aland [Sat, 28 Jul 2001 17:30:02 +0000 (17:30 +0000)]
Added options 'with-rlm-ldap-lib-dir' and 'with-rlm-ldap-include-dir'
configure directives
aland [Sat, 28 Jul 2001 17:27:42 +0000 (17:27 +0000)]
Added 'reconfig' target so that the configure scripts can be
regenerated via make
aland [Sat, 28 Jul 2001 17:23:22 +0000 (17:23 +0000)]
Added ability to specify addition directories to look via
'smart_try_dir'. It's a bit of a hack...
cparker [Sat, 28 Jul 2001 00:52:00 +0000 (00:52 +0000)]
Updated to use rad_check_return to correctly return RLM_MODULE_REJECT when
Auth-Type = Reject is set in 'authorize' section.
cparker [Sat, 28 Jul 2001 00:50:40 +0000 (00:50 +0000)]
Updated to include prototype for new function in auth.c:rad_check_return
cparker [Sat, 28 Jul 2001 00:42:15 +0000 (00:42 +0000)]
Added new function to 'auth.c' called 'rad_check_return'. This is for use
by modules to check the 'config/check items' for Auth-Type = Reject and
return RLM_MODULE_REJECT instead of RLM_MODULE_UPDATED
aland [Thu, 26 Jul 2001 19:10:19 +0000 (19:10 +0000)]
Preliminary EAP patch from Raghu <raghud@hereuare.com>, step 1
aland [Wed, 25 Jul 2001 18:07:01 +0000 (18:07 +0000)]
Patch based on one from Matthew Sayler <sayler@speedsite.com.
If we're using syslog, it would help to include <syslog.h>
aland [Tue, 24 Jul 2001 16:04:13 +0000 (16:04 +0000)]
Patch from Steve Langasek <vorlon@netexpress.net>.
Kick PAM into shape, so that the radius entries are sent to the
radius configuration, when using syslog. PAM likes to re-do
openlog() with a different facility, which is not a nice thing
to do to people.
aland [Mon, 23 Jul 2001 20:31:38 +0000 (20:31 +0000)]
Update child thread code, so that it minimizes the possible
race conditions.
Note that this code really should go away, as the thread pool
code works, is faster, and has fewer issues.
aland [Fri, 20 Jul 2001 14:28:58 +0000 (14:28 +0000)]
Patch from David Kerry <davidk@navahonetworks.com>
cmiller [Wed, 18 Jul 2001 14:53:14 +0000 (14:53 +0000)]
Parser should be able to handle zero-length strings as values in
assignments. It can't, right now.
pam [Tue, 17 Jul 2001 09:17:00 +0000 (09:17 +0000)]
Quiten one compiler warning