cmiller [Tue, 9 Oct 2001 22:23:36 +0000 (22:23 +0000)]
debian: incremented changelog version number. ready for release.
aland [Tue, 9 Oct 2001 19:27:49 +0000 (19:27 +0000)]
Added note about which RFC it implements, and where that RFC
may be found.
hartwick [Tue, 9 Oct 2001 17:58:20 +0000 (17:58 +0000)]
* Remove some test code that was causing log files to grow large
aland [Tue, 9 Oct 2001 17:16:55 +0000 (17:16 +0000)]
Set the log directory to NULL initially, so we don't attempt to
free() it later.
Patch from Eddie Stassen <eddies@saix.net>
aland [Tue, 9 Oct 2001 17:06:07 +0000 (17:06 +0000)]
Fixed leak / core dump.
Bug found by "victor" <victor@fadata.bg>
aland [Tue, 9 Oct 2001 16:59:17 +0000 (16:59 +0000)]
Patch from Kostas Kalevras <kkalev@noc.ntua.gr> to free memory,
instead of leaking it.
aland [Tue, 9 Oct 2001 16:55:16 +0000 (16:55 +0000)]
A "LOCAL" realm means that it doesn't have to appear in the 'clients'
file, it doesn't have an IP address, or shared secret, or auth/acct
ports.
Functionality change requested by Philippe Levan <levan@epix.net>
aland [Wed, 3 Oct 2001 15:45:38 +0000 (15:45 +0000)]
Added more text on using 'gdb' to track down core dumps.
cparker [Tue, 2 Oct 2001 13:52:34 +0000 (13:52 +0000)]
Updated examples to follow correct syntax for 'users' file check-items.
hartwick [Mon, 1 Oct 2001 18:22:51 +0000 (18:22 +0000)]
Allow for specifying the path to the group file. Make use of
fgetpwnam() and fgetgrnam() which is suboptimal, but is only used
when not running with the cache enabled.
Update the unix_buildpwcache() function to take the group_file as
an argument and cache based on that.
aland [Fri, 28 Sep 2001 20:07:37 +0000 (20:07 +0000)]
look for ldap_init(), not ldap_initialize() in the configure script.
Corrected typo which prevented it from finding the ldap_init...()
function in libldap. It was checking if it was in libdap_r...
Problem noted by Matthew Schumacher <matt.s@aptalaska.net>
aland [Fri, 28 Sep 2001 19:47:10 +0000 (19:47 +0000)]
Removed unused, and commented out, references to sql_escape_string.
aland [Fri, 28 Sep 2001 14:04:29 +0000 (14:04 +0000)]
Added cryptpasswd command, to create/check encrypted passwords.
by miquels@cistron-office.nl (Miquel van Smoorenburg)
pam [Fri, 28 Sep 2001 11:17:00 +0000 (11:17 +0000)]
LDAP module has internal default value for filter
aland [Wed, 26 Sep 2001 17:18:28 +0000 (17:18 +0000)]
Latest set of changes
aland [Wed, 26 Sep 2001 15:53:30 +0000 (15:53 +0000)]
Changed relative $(R) to $(RLM_DIR), to avoid conflicts with
top-level $(R).
Noted by "Atanas Prejdarov" <prejdarov@netel.bg>
aland [Wed, 26 Sep 2001 14:53:49 +0000 (14:53 +0000)]
Added "secret" top-level configuration item "debug_level".
This is so that you can start the server in daemon mode, with
no debugging flags (as now). You then add a line 'debug_level = 2',
and send a HUP signal to the server. The massive amounts of
debugging information are then sent to the log file.
When you want debugging off, you set 'debug_level = 0', and HUP
the server again.
This feature should make it easier to find problems in live
servers, without taking them off line.
aland [Wed, 26 Sep 2001 14:33:27 +0000 (14:33 +0000)]
Look for radiusd.conf, not clients.
Bug noted by Frank Cusack <fcusack@fcusack.com>
aland [Mon, 24 Sep 2001 15:45:51 +0000 (15:45 +0000)]
Updated tests for SNMP libraries, to not do too much work.
aland [Sat, 22 Sep 2001 15:11:17 +0000 (15:11 +0000)]
Make PAM work by checking for dlopen() in libdl, not dl_open(),
which doesn't exist.
aland [Fri, 21 Sep 2001 20:41:39 +0000 (20:41 +0000)]
When trapping a signal, don't SIGKILL children on a SIGTERM,
SIGTERM them, instead. This allows Exec-Program scripts to
catch the signal, and finish processing, instead of dying.
Bug noted by Michael Chernyakhovsky <magmike@mail.ru>
aland [Fri, 21 Sep 2001 16:13:30 +0000 (16:13 +0000)]
Removed limits on length of username.
That is, the limits aren't hard-coded to 20 any more, but are
set to MAX_STRING_LEN, which is the maximum allowed length of the
user name in the RADIUS packet.
Bug noted by "Gonzalez B., Fernando" <fgonzalez@manquehue.cl>
aland [Thu, 20 Sep 2001 18:25:07 +0000 (18:25 +0000)]
Made the 'Message-Authenticator' attribute be of type 'octets'.
This makes it prettier to look at when reading the debug output.
Nothing else changes.
aland [Thu, 20 Sep 2001 18:22:38 +0000 (18:22 +0000)]
When finding a realm by IP address, if we find it, then
we mark it as active.
This allows 'dead' realms to be immediately resurrected when
they start sending replies.
aland [Thu, 20 Sep 2001 18:16:39 +0000 (18:16 +0000)]
updated realm_find to do fail-overs on the DEFAULT realm, too.
aland [Thu, 20 Sep 2001 18:09:36 +0000 (18:09 +0000)]
Made proxy.conf take priority over the 'realms' file, not the
other way around.
Made the realms take priority in the order listed in the configuration
files, from top to bottom. This makes fail-over more reasonable.
Added example configuration for 'dead_time', along with text
describing what it is, and how it works.
Added example config for a fail-over proxy realm.
aland [Thu, 20 Sep 2001 15:50:32 +0000 (15:50 +0000)]
Updated notes on the SQL schema
aland [Thu, 20 Sep 2001 15:50:01 +0000 (15:50 +0000)]
Added notes on the SQL schema
aland [Thu, 20 Sep 2001 14:20:05 +0000 (14:20 +0000)]
Added text saying RUN IN DEBUG MODE IF YOU HAVE PROBLEMS.
In an ideal world, this might cut down the number of questions
on the list, which are already answered in debugging error and/or
warning messages.
aland [Wed, 19 Sep 2001 14:31:13 +0000 (14:31 +0000)]
Updated for latest set of changes
aland [Wed, 19 Sep 2001 14:20:27 +0000 (14:20 +0000)]
Configurable fail-over on multiple proxy hosts.
Patch from Eddie Stassen <eddies@saix.net>, based on a patch
from spirn@21cn.com.
aland [Mon, 17 Sep 2001 19:25:43 +0000 (19:25 +0000)]
If the admin doesn't specify how to authenticate the user,
then we log a debugging message saying so, and reject the user.
aland [Mon, 17 Sep 2001 19:14:22 +0000 (19:14 +0000)]
Made user/group root default, to get around problems with shadow
password files.
Added text suggesting that the server run as nobody, if anyone
cares to read it.
Added more text describing how authentication works, so that
people can read it, and be enlightened.
aland [Mon, 17 Sep 2001 16:15:35 +0000 (16:15 +0000)]
Added $(R) to the prefix of paths, so that lower-level make files
can set R, and then include this rules.mak, without it complaining.
cmiller [Mon, 17 Sep 2001 15:43:21 +0000 (15:43 +0000)]
debian: removed old mysql-6 build dep, as -10 is in sid.
aland [Sun, 16 Sep 2001 13:30:50 +0000 (13:30 +0000)]
Add text on getting Ascend NAS to work properly, by using VSA's.
As posted to the list by cparker@starnetusa.net
mmachado [Sat, 15 Sep 2001 07:27:17 +0000 (07:27 +0000)]
Updated README
aland [Thu, 13 Sep 2001 20:18:43 +0000 (20:18 +0000)]
There appear to be problems with conflicting authentication
packets when proxying synchronously. For now, the work-around
is to make proxying non-synchronous by default.
based on input from VISP Systems Administration <support@visp.net>
aland [Thu, 13 Sep 2001 20:13:18 +0000 (20:13 +0000)]
Change the order of statement execution when instantiating modules.
The advantages of this change are:
1 - It allows modules to load the dictionary, especially in cases
where the basic dictionary is present in the *database*, and
not in *files*.
2 - It also ensures consistency in the statement execution *order*.
Patch from Raghu <raghud@hereuare.com>
cmiller [Thu, 13 Sep 2001 02:19:21 +0000 (02:19 +0000)]
debian: bah! dpkg-deb doesn't forgive spaces at end of conffile list lines.
cmiller [Thu, 13 Sep 2001 02:09:05 +0000 (02:09 +0000)]
debian: list some post-build conffiles.
cmiller [Thu, 13 Sep 2001 01:32:59 +0000 (01:32 +0000)]
debian: changes for upload to archive. (I wish this were 0.3!)
cmiller [Wed, 12 Sep 2001 23:24:28 +0000 (23:24 +0000)]
It's unfortunate that IBM's and Berkeley's DB2 have the same name. Ah, the
Bad Old Days of Unix.
Autoconfized the sql db2 module, and cleaned up the source code's indentions.
cmiller [Wed, 12 Sep 2001 22:42:12 +0000 (22:42 +0000)]
Style changes, not code changes.
cmiller [Wed, 12 Sep 2001 22:39:17 +0000 (22:39 +0000)]
No longer pretend that we print out autoconf info at runtime. This would
be nice, but writing an automatic way is Hard and manually doing it would be
abandoned.
aland [Wed, 12 Sep 2001 15:09:42 +0000 (15:09 +0000)]
If we're NOT in debug mode, then do NOT write debugging messages
to the log file!
Based on input from Nick Davis <ndavis@iexposure.com>
aland [Tue, 11 Sep 2001 21:33:16 +0000 (21:33 +0000)]
Declare a function before it's used.
Patch from Raghu <raghud@hereuare.com>
aland [Mon, 10 Sep 2001 21:53:16 +0000 (21:53 +0000)]
Updated PGROOT tests, to hopefully work on Solaris. Based on
comments from "John Padula" <john_padula@aviancommunications.com>
aland [Mon, 10 Sep 2001 21:14:57 +0000 (21:14 +0000)]
Patch from Raghu <raghud@hereuare.com>
Allow Message-Authenticator and EAP-Message attributes to be
passed in Access-Reject packets.
aland [Sat, 8 Sep 2001 21:10:46 +0000 (21:10 +0000)]
Corrected the text for ':=' and '+=', as noted by
Andrei Koulik <agk@sci-nnov.ru>
aland [Sat, 8 Sep 2001 19:18:08 +0000 (19:18 +0000)]
For non-threaded code, set 'req->finished = TRUE' when the
child process exits.
aland [Sat, 8 Sep 2001 17:09:39 +0000 (17:09 +0000)]
Modified patch from "Ivan F. Martinez" <ml@ivanfm.com>
When you try to use {request:Attribute} or {reply:attribute}
the routine enters an infinite loop. This patch fixes the problem.
aland [Sat, 8 Sep 2001 17:05:49 +0000 (17:05 +0000)]
Make the spec files agree with the standard installation.
Patch from "Ivan F. Martinez" <ml@ivanfm.com>
aland [Thu, 6 Sep 2001 20:10:59 +0000 (20:10 +0000)]
Included ifdef'd out code for testing
aland [Thu, 6 Sep 2001 18:19:20 +0000 (18:19 +0000)]
removed WITH_DBM from the code, as if it's ever done again, it
will be done with a module.
aland [Thu, 6 Sep 2001 16:14:43 +0000 (16:14 +0000)]
Use correct enum values for returned token types, not hard-coded
numbers
bug noted by Spike Ilacqua <spike@indra.com>
aland [Thu, 6 Sep 2001 16:06:25 +0000 (16:06 +0000)]
changed uses of malloc() to rad_malloc(), which never fails.
This removes a lot of error checking code.
Re-formatted the code, to get rid of excessive indentation
aland [Thu, 6 Sep 2001 14:14:08 +0000 (14:14 +0000)]
Additional defines for OSFC2 / OSFSIA authentication
aland [Thu, 6 Sep 2001 13:54:19 +0000 (13:54 +0000)]
Fix bug number 104 (hopefully). I don't have access to a machine
with OSFC2, or OSFSIA, so I can't test the patches.
cmiller [Wed, 5 Sep 2001 22:58:10 +0000 (22:58 +0000)]
Changed confusing wording in 'proxy' comment.
aland [Wed, 5 Sep 2001 21:11:44 +0000 (21:11 +0000)]
Enable Access-Challenge to work, and pass through the server when
proxying.
Patch from Raghu <raghud@hereuare.com>
aland [Wed, 5 Sep 2001 18:51:24 +0000 (18:51 +0000)]
Message-Autheticator is calculated and inserted in the packet
before the Response Authenticator is *calculated*.
Message-Authenticator is reinitialized after verification,
for proper *Request/Response Authenticator* verification.
Reinitialize Authenticator, for consistency in resending.
Patch from Raghu <raghud@hereuare.com>
aland [Wed, 5 Sep 2001 17:20:09 +0000 (17:20 +0000)]
Added drivers for IBM DB2, which has been tested against
DB2 UDB V7.1
The driver uses DB2's CLI interface so the DB2 client libraries
have to be installed to compile and use the driver.
Code from Joerg Wendland <wendland@scan-plus.de>
cmiller [Sat, 1 Sep 2001 00:07:36 +0000 (00:07 +0000)]
Removed silly reference to init.d for Debian. It's part of the package.
aland [Wed, 29 Aug 2001 15:00:05 +0000 (15:00 +0000)]
Added 'original' packet to rad_send(), so that it can calculate
the Message-Authenticator properly for Access-Accept packets,
which depend on the Access-Request authentication vector.
Updated the rest of the code to call rad_send() with the original
packet, where possible.
aland [Tue, 28 Aug 2001 22:59:33 +0000 (22:59 +0000)]
When sending a packet, ensure that the authentication vector
from the packet sent on the wire is copied to the vector entry
in the RADIUS_PACKET data structure. This allows us to later use
that vector for verification.
Re-arranged the verification code, so that the Message-Authenticator
(if present) is verified prior to the authentication vector. This
allows the Message-Authenticator verification code to set the
contents of the attribute to zeros, which is what their contents
are when the authentication vector is calculated.
Calculate the Accounting-Response authentication vector, in
exactly the same was for the Authentication-Accept and
Authentication-Reject vectors
aland [Tue, 28 Aug 2001 20:27:52 +0000 (20:27 +0000)]
Removed the Add-Port-To-IP-Address attribute. It's handled
another way now.
Correct bug which prevented it from adding the port.
Bug found by "John Padula" <john_padula@aviancommunications.com>
aland [Tue, 28 Aug 2001 20:13:37 +0000 (20:13 +0000)]
Don't smash the contents of ascend binary strings.
Patch from Michael Chernyakhovsky <magmike@mail.ru>
aland [Tue, 28 Aug 2001 20:01:47 +0000 (20:01 +0000)]
Changed the tokens from being define's to enums. This allows
us to more easily check for all tokens in a 'switch' statement,
and results in stronger typing of variables.
aland [Tue, 28 Aug 2001 19:54:46 +0000 (19:54 +0000)]
Update the length of the password, when sending multiple packets
aland [Tue, 28 Aug 2001 16:40:50 +0000 (16:40 +0000)]
Added EAP auth-type, and cleaned up some stuff
aland [Tue, 28 Aug 2001 16:17:23 +0000 (16:17 +0000)]
When validating the packet, look for EAP-Message. If we see it
and we do NOT see a Message-Authenticator, then it's a malformed
packet, and we discard it.
RFC 2869, section 5.13
aland [Tue, 28 Aug 2001 16:11:27 +0000 (16:11 +0000)]
Renamed string type nas port id
aland [Tue, 28 Aug 2001 16:02:00 +0000 (16:02 +0000)]
Added definitions for attributes from RFC 2869
aland [Mon, 27 Aug 2001 20:19:43 +0000 (20:19 +0000)]
When sending a packet, calculate the Message-Authenticator.
When receiving a packet, verify the Message-Authenticator.
aland [Mon, 27 Aug 2001 20:18:10 +0000 (20:18 +0000)]
Corrected typo: use memcpy, not memset
aland [Mon, 27 Aug 2001 20:12:03 +0000 (20:12 +0000)]
Added 'const' to more parameters.
aland [Mon, 27 Aug 2001 18:14:22 +0000 (18:14 +0000)]
Final patches to get Exec-Program to work, too.
Based on input from Michael Chernyakhovsky <magmike@mail.ru>
aland [Mon, 27 Aug 2001 17:53:41 +0000 (17:53 +0000)]
Updated for latest set of patches
aland [Mon, 27 Aug 2001 17:52:23 +0000 (17:52 +0000)]
Initialize variables properly.
Patch from Andriy I Pilipenko <bamby@marka.net.ua>, to close
bug #143
aland [Mon, 27 Aug 2001 17:48:36 +0000 (17:48 +0000)]
Rename the 'init' script to 'radiusd', instead of 'radiusd.init'
Patch from Christian Vogel <chris@amor.iksys.de>
aland [Mon, 27 Aug 2001 17:46:47 +0000 (17:46 +0000)]
Added GNU license and copyright.
Corrected typo
aland [Mon, 27 Aug 2001 17:42:57 +0000 (17:42 +0000)]
Added GNU license, copyright, and pointer to web page
aland [Mon, 27 Aug 2001 17:40:56 +0000 (17:40 +0000)]
Do more sanity checks on incoming attributes in rad_recv()
cparker [Sat, 25 Aug 2001 00:08:29 +0000 (00:08 +0000)]
updated module type to be 'RLM_TYPE_THREAD_USAFE' due to the use of
getusershell(), which is not thread safe
aland [Fri, 24 Aug 2001 18:28:38 +0000 (18:28 +0000)]
Use the 'test' program properly, with command-line arguments.
Bug found by Robert Haskins <rhaskins@ziplink.net>
aland [Thu, 23 Aug 2001 19:30:07 +0000 (19:30 +0000)]
when updating the ut_name utmp entry, do NOT always smash a trailing
zero on the name. The field is fixed width, so it's OK to have
an 8-character username, without a trailing 0.
Bug found by Michael Chernyakhovsky <magmike@mail.ru>
cparker [Thu, 23 Aug 2001 15:05:46 +0000 (15:05 +0000)]
corrected 'u_int8_t' to be 'uint8_t' -cparker
aland [Wed, 22 Aug 2001 19:41:22 +0000 (19:41 +0000)]
If there was an error forking the program, free the strdup'd
exec_program string.
aland [Wed, 22 Aug 2001 17:31:55 +0000 (17:31 +0000)]
Hmm.. let's create logdir && radacctdir on installation, too.
That avoids problems where the default config doesn't work.
aland [Mon, 20 Aug 2001 22:42:38 +0000 (22:42 +0000)]
cleaned up the code, and added more log / debug messages to
rad_check_password.
aland [Fri, 17 Aug 2001 19:45:25 +0000 (19:45 +0000)]
Change instances of 'assert' to 'rad_assert', so that it can
log the error to the standard radius log files.
Patch from Vesselin Atanasov <vesselin@bgnet.bg>
aland [Fri, 17 Aug 2001 19:04:55 +0000 (19:04 +0000)]
Patch to fix segv from Tomas Heredia <tomas@intermediasp.com>
sql_num_fields may return -1 in case of error, so the freeing
loop could cause a seg fault.
aland [Fri, 17 Aug 2001 18:02:59 +0000 (18:02 +0000)]
When sending multiple packets with the same attributes, ensure
that the CHAP-Password attribute is encoded properly, too.
Bug noted by Peter Shin <Peter.Shin@team.ozemail.com.au>
aland [Fri, 17 Aug 2001 14:10:51 +0000 (14:10 +0000)]
We're radiusd, not httpd
aland [Fri, 17 Aug 2001 13:57:37 +0000 (13:57 +0000)]
Corrected speling mistake. :)
aland [Thu, 16 Aug 2001 15:07:22 +0000 (15:07 +0000)]
Added 0.3 pre-release changes
aland [Thu, 16 Aug 2001 15:06:16 +0000 (15:06 +0000)]
Run Exec-Program, or Exec-Program-Wait when we first receive
an accounting packet.
Note that the executed script can add items like Proxy-To-Realm!
Bug found by Michael Chernyakhovsky <magmike@mail.ru>
aland [Thu, 16 Aug 2001 15:01:12 +0000 (15:01 +0000)]
When processing the acct_users file, actually *keep* the reply
pairs, instead of throwing them away.
aland [Wed, 15 Aug 2001 20:45:33 +0000 (20:45 +0000)]
Give functions a return code, even if the last thing they do is call
exit()