cmiller [Tue, 9 Apr 2002 16:12:01 +0000 (16:12 +0000)]
Fixed up section.
aland [Tue, 9 Apr 2002 14:54:10 +0000 (14:54 +0000)]
This is the list of stable modules. It should be ONE directory
name per line, no comments, and NO other text.
cmiller [Mon, 8 Apr 2002 23:38:12 +0000 (23:38 +0000)]
Moved warning message out of necessary condition.
cmiller [Mon, 8 Apr 2002 23:36:10 +0000 (23:36 +0000)]
Preparing for 0.5+cvs20020408 release.
aland [Mon, 8 Apr 2002 16:33:26 +0000 (16:33 +0000)]
Configure script for IP Pool module
aland [Mon, 8 Apr 2002 16:28:05 +0000 (16:28 +0000)]
Updated use of $1 and $2 in AC_SMART_CHECK_LIB() to work properly
cparker [Thu, 28 Mar 2002 16:32:47 +0000 (16:32 +0000)]
Added check for 'Realm' attribute in request->vps. If this has
been added, we've already proxied the request and should not do
so again. ( Bug noted by "Justin Ainsworth" <jda@sunset.net> )
kkalev [Wed, 27 Mar 2002 22:33:34 +0000 (22:33 +0000)]
Make counter and ippool modules thread safe since we now do file level locking
before reads/writes
kkalev [Wed, 27 Mar 2002 22:28:11 +0000 (22:28 +0000)]
Fix a small mistake
kkalev [Wed, 27 Mar 2002 22:21:00 +0000 (22:21 +0000)]
Add comments and a few authtype's in the authenticate/authorize sections
kkalev [Wed, 27 Mar 2002 10:16:52 +0000 (10:16 +0000)]
Add the server side ip pools module along with corresponding configuration section
in radiusd.conf
raghu [Wed, 27 Mar 2002 05:00:30 +0000 (05:00 +0000)]
Support for multiple certificate types with more configurable options.
raghu [Wed, 27 Mar 2002 04:43:12 +0000 (04:43 +0000)]
Code Cleanup
raghu [Wed, 27 Mar 2002 04:38:47 +0000 (04:38 +0000)]
Code Cleanup and new header inclusion.
raghu [Wed, 27 Mar 2002 04:35:20 +0000 (04:35 +0000)]
A new file to localize the structures/interfaces.
aland [Tue, 26 Mar 2002 21:43:16 +0000 (21:43 +0000)]
Added --with-rlm-dbm-lib-dir and --with-rlm-dbm-include-dir
aland [Tue, 26 Mar 2002 15:37:35 +0000 (15:37 +0000)]
Added debugging statements, so that we can see just what the heck
the module is doing.
aland [Mon, 25 Mar 2002 18:19:54 +0000 (18:19 +0000)]
Fixed defines for a number of 'int' to 'uint16_t', as they're
poked at with ntohs() or htons(). On x86, you can pass 'int' to
these, and get away with it. On other platforms, you can't.
fcusack [Mon, 25 Mar 2002 11:09:56 +0000 (11:09 +0000)]
reset the length and padding before encoding the ms-chapv2 recv key
aland [Thu, 21 Mar 2002 21:25:22 +0000 (21:25 +0000)]
Added 'how EAP works', as posted to the list.
aland [Wed, 20 Mar 2002 16:48:41 +0000 (16:48 +0000)]
Removed references to 'nas_name2', and "NAS" in log/error messages.
cparker [Wed, 20 Mar 2002 00:00:57 +0000 (00:00 +0000)]
Fixed bug that caused Ascend-Data-Filter and other binary attributes
to be truncated. ( strNcpy does not work well on binary data ).
aland [Mon, 18 Mar 2002 16:27:23 +0000 (16:27 +0000)]
Increased the visibility of the warning messages when doing
'make install'
aland [Mon, 18 Mar 2002 16:14:23 +0000 (16:14 +0000)]
Include string.h, to avoid compiler warnings
kkalev [Mon, 18 Mar 2002 10:35:09 +0000 (10:35 +0000)]
Fixed a bug where the ldap server will kill the idle connections from the ldap
connection pool. We now check if ldap_search returns LDAP_SERVER_DOWN and try to
reconnect if it does. Bug noted by Dan Perik <dan_perik-work@ntm.org.pg>
fcusack [Fri, 15 Mar 2002 00:02:03 +0000 (00:02 +0000)]
reformat for 80 cols
fcusack [Thu, 14 Mar 2002 23:52:57 +0000 (23:52 +0000)]
Test for openssl/des.h instead of -lcrypto. Apparently, some
systems' libcrypto is not openssl's, or they don't install
the headers in the standard location.
aland [Thu, 14 Mar 2002 22:18:21 +0000 (22:18 +0000)]
Added foundry dictionary, from Thomas Keitel
aland [Thu, 14 Mar 2002 20:58:24 +0000 (20:58 +0000)]
Added note that accounting packets get processed through 'acct_users'
aland [Thu, 14 Mar 2002 18:47:06 +0000 (18:47 +0000)]
Updated unix config with notes about FreeBSD.
cparker [Thu, 14 Mar 2002 16:49:53 +0000 (16:49 +0000)]
o Corrected bug in fall-through logic, so that Fall-Throuh = No
is correctly handled.
aland [Wed, 13 Mar 2002 16:48:39 +0000 (16:48 +0000)]
If GETHOSTBYADDRRSTYLE isn't defined, then don't compare it to
anything.
aland [Wed, 13 Mar 2002 15:54:07 +0000 (15:54 +0000)]
Added short note on EAP/TLS, from Adam <adam@cfar.umd.edu>
aland [Mon, 11 Mar 2002 20:39:20 +0000 (20:39 +0000)]
Corrected typo in last commit
aland [Mon, 11 Mar 2002 19:54:21 +0000 (19:54 +0000)]
Set 'request->child_pid' while processing the request.
aland [Mon, 11 Mar 2002 18:50:06 +0000 (18:50 +0000)]
Update help messages for 'radclient' to say how to specify a port
Patch from bj@zuto.de (Rainer Clasen)
aland [Mon, 11 Mar 2002 18:47:08 +0000 (18:47 +0000)]
Updated for latest set of changes.
aland [Mon, 11 Mar 2002 18:38:15 +0000 (18:38 +0000)]
Updated for latest set of changes.
aland [Mon, 11 Mar 2002 18:35:10 +0000 (18:35 +0000)]
Added sample PostgreSQL queries, from Igor Chen
aland [Mon, 11 Mar 2002 18:34:43 +0000 (18:34 +0000)]
Slight change to comments.
Show how to use Stripped-User-Name, if it's there, else User-Name,
else "none"
aland [Mon, 11 Mar 2002 18:26:35 +0000 (18:26 +0000)]
Updated pointer to documentation
aland [Mon, 11 Mar 2002 16:42:41 +0000 (16:42 +0000)]
Bump up the number of fd's we close
kkalev [Sun, 10 Mar 2002 13:46:12 +0000 (13:46 +0000)]
Update Changelog
kkalev [Sun, 10 Mar 2002 12:54:54 +0000 (12:54 +0000)]
fix a bug in da_sql_query.
Bug noted by Peter Santiago <peter.santiago@psinergybbs.com>
aland [Fri, 8 Mar 2002 19:17:04 +0000 (19:17 +0000)]
Added 'op' field back, and increased 'value' size to 253
aland [Fri, 8 Mar 2002 16:35:26 +0000 (16:35 +0000)]
Use maxfd+1 for select
aland [Thu, 7 Mar 2002 18:11:20 +0000 (18:11 +0000)]
Delay sending the proxied packet until after we've done things
to the request data structure.
There may be a race condition, where the reply comes while we're
accessing the structure, and two threads access it at the same time.
This change doesn't *prevent* the problem, it just makes it a lot
less likely to happen.
aland [Thu, 7 Mar 2002 18:09:51 +0000 (18:09 +0000)]
Fix a logic bug in refresh_request(). If the request hasn't
reached it's "max_request_time", AND there's still a thread
poking at it, THEN don't bother doing ANY kind of refreshing of it,
as that will result in huge confusion, while two threads access
the same data structure!
Added a few more asserts, to catch possible race conditions
as early as possible. If there's a problem, then the assert
should fire, instead of the code continuing, and killing itself
at some other random location.
kkalev [Thu, 7 Mar 2002 01:06:27 +0000 (01:06 +0000)]
Added tuning guide
aland [Wed, 6 Mar 2002 21:15:37 +0000 (21:15 +0000)]
Changed the default ports to 1812/1813, as most everyone should
be using them now.
aland [Wed, 6 Mar 2002 21:14:28 +0000 (21:14 +0000)]
Corrected typo, as note by Eduardo Roldan <eroldan@multitel.com.uy>
cmiller [Wed, 6 Mar 2002 20:46:09 +0000 (20:46 +0000)]
Added python module as seperate package.
cmiller [Wed, 6 Mar 2002 20:23:37 +0000 (20:23 +0000)]
Recompiled configure script.
cmiller [Wed, 6 Mar 2002 18:34:54 +0000 (18:34 +0000)]
Tried to get python detection working properly. It may be close, but the
test for whether libpython${whatever} has Py_Initialize() is UGLY. I hope
someone cleans that up.
aland [Wed, 6 Mar 2002 17:55:39 +0000 (17:55 +0000)]
When updating the head of a list, update the *real* head, and
not the local pointer to the head, which is thrown away when
the function returns.
Patch from Lutz Donnerhacke <lutz@iks-jena.de>
aland [Wed, 6 Mar 2002 17:49:36 +0000 (17:49 +0000)]
Make authentication reject messages more consistent.
Don't return bad IP address if we're doing '1.2.3.4+', and the
request doesn't have a NAS port to add.
aland [Wed, 6 Mar 2002 17:35:53 +0000 (17:35 +0000)]
Updated schema with more restrictions on field values, from
Thomas Huehn <huehn@eozaen.net>
aland [Wed, 6 Mar 2002 16:36:09 +0000 (16:36 +0000)]
Don't use a hard-coded '32' for the select over the auth, acct,
and proxy FD's. The modules are configured *before* these FD's
are opened, so there may be more than 32 FD's in use.
Instead, we have to dynamically figure out what the maximum FD
is from the set we're selecting over, and use that value.
Bug found by Cvetan Ivanov <zezo@spnet.net>
cmiller [Wed, 6 Mar 2002 16:02:24 +0000 (16:02 +0000)]
Added tests to detect the style of gethostbyaddr_r() function, and use it.
It knows of GNU and SYSV, atm.
aland [Tue, 5 Mar 2002 23:14:25 +0000 (23:14 +0000)]
Aptis (Nortel CVX 1800?) dictionary, found on the net, and edited
for FreeRADIUS.
aland [Tue, 5 Mar 2002 15:44:38 +0000 (15:44 +0000)]
Changed attribute type, so says "ju bin" <binju@online.sz.js.cn>
aland [Tue, 5 Mar 2002 15:41:55 +0000 (15:41 +0000)]
Removed SQL from authenticate section. They're no longer needed.
aland [Tue, 5 Mar 2002 15:21:27 +0000 (15:21 +0000)]
Removed checks for gethostbyFOO_r(), until such time as we can
do intelligent checks.
aland [Mon, 4 Mar 2002 21:14:44 +0000 (21:14 +0000)]
Added attributes from RFC 3162.
Some are of type 'octets', when they should really be of type 'IPv6',
but that isn't a serious problem for now.
kkalev [Sat, 2 Mar 2002 16:13:48 +0000 (16:13 +0000)]
o Add support for Autz-Type attribute. We can now create autztype sections in
radiusd.conf.
o Add sql_xlat. Only SELECTS are supported right now
o Move sql_release socket in a few places were it wasn't needed
o Remove sql_authenticate function. We still use the authenticate_query directive
to extract the user password. The work should now be done by the pap/chap modules.
o Do a pairfree of check_tmp and reply_tmp if paircmp fails
in sql_authorize
ramoore [Sat, 2 Mar 2002 06:49:55 +0000 (06:49 +0000)]
Update the print_abinary function to show 'est' when the established bit is set.
ramoore [Sat, 2 Mar 2002 05:50:43 +0000 (05:50 +0000)]
Prevent nas_name functions from calling client_name.
Add nas_name3 function that can return a dotted quad when
NAS name is not known.
Update radwho to use nas_name3 function
ramoore [Sat, 2 Mar 2002 03:31:37 +0000 (03:31 +0000)]
This patch changes the return code within the CISCO_ACCOUNTING_HACK from FAIL to NOOP.
If a FAIL is returned, freeradius does not sent an ACK to the NAS that sent the stop
packet, so it just keeps resending. NOOP is more appropriate.
fcusack [Fri, 1 Mar 2002 16:57:18 +0000 (16:57 +0000)]
Remove GPL text; sha1.c is in the public domain.
fcusack [Fri, 1 Mar 2002 16:53:23 +0000 (16:53 +0000)]
reload now just sends -HUP
raghu [Thu, 28 Feb 2002 21:44:29 +0000 (21:44 +0000)]
TLS_Message_Length is made configurable
aland [Wed, 27 Feb 2002 15:32:07 +0000 (15:32 +0000)]
Minor fixups
from bj@zuto.de (Rainer Clasen)
aland [Tue, 26 Feb 2002 21:46:17 +0000 (21:46 +0000)]
If both 'authhost' and 'accthost' in a realm are LOCAL, then we
don't need a shared secret.
Bug noted by "Vector" <cistron@itpsg.com>
aland [Tue, 26 Feb 2002 19:22:24 +0000 (19:22 +0000)]
If fgetspnam() returns NULL, then it means that the shadow password
entry does NOT exist.
This probably fixes the bug where non-cached passwords don't work...
raghu [Tue, 26 Feb 2002 00:57:30 +0000 (00:57 +0000)]
More debugging statements
raghu [Tue, 26 Feb 2002 00:56:35 +0000 (00:56 +0000)]
Made Length field configurable.
Now Total length can be included in every packet or
only in the first fragment of the message.
Initial patch provided by Adam <adam@cfar.umd.edu>.
aland [Mon, 25 Feb 2002 22:44:09 +0000 (22:44 +0000)]
Check for gethostbyFOO_r(), and use them, if they exist.
aland [Mon, 25 Feb 2002 22:34:27 +0000 (22:34 +0000)]
Use gmtime_r by default, so that we're thread-safe.
aland [Mon, 25 Feb 2002 18:47:55 +0000 (18:47 +0000)]
<grumble> work around variations in gdbm from version to version.
For gdbm pre version 1.8, we can't use NOLOCK, as it doesn't exist.
This means that the DB file is *always* locked, and NO ONE ELSE can
get access to it ANYTIME.
aland [Mon, 25 Feb 2002 18:44:36 +0000 (18:44 +0000)]
Check if gdbm has gdbm_fdesc
aland [Mon, 25 Feb 2002 17:19:40 +0000 (17:19 +0000)]
Removed use of internal autoconf variable which is set to patently
absurd value.
aland [Mon, 25 Feb 2002 16:19:20 +0000 (16:19 +0000)]
Added new file describing the variables as defined by the server.
Added some more text in the configuration file, describing the
difference between ${foo} and %{foo}
aland [Mon, 25 Feb 2002 16:02:50 +0000 (16:02 +0000)]
Removed text describing variables and variable substitution
aland [Mon, 25 Feb 2002 16:02:23 +0000 (16:02 +0000)]
Added %{proxy-reply:Attribute-Name} for xlat
aland [Mon, 25 Feb 2002 15:51:43 +0000 (15:51 +0000)]
Updated comments on sql_user_name
aland [Mon, 25 Feb 2002 15:40:26 +0000 (15:40 +0000)]
Corrected typo in function name
aland [Fri, 22 Feb 2002 16:02:28 +0000 (16:02 +0000)]
Open the DB unlocked, and do file locking ourselves using the
new functions.
aland [Fri, 22 Feb 2002 15:53:05 +0000 (15:53 +0000)]
Call new rad_lockfd() function, instead of having ifdef in the
code for lockf/flock.
Remove *horrid* cast of a 'FILE*' to 'int', to "convert" a FILE*
into an integer file descriptor. This just won't work. fileno()
is what we want.
aland [Fri, 22 Feb 2002 15:40:54 +0000 (15:40 +0000)]
Use new library file lock/unlock functions
aland [Fri, 22 Feb 2002 15:37:18 +0000 (15:37 +0000)]
removed copies of file locking code.
Use new rad_lockfd() and rad_unlockfd() functions.
aland [Fri, 22 Feb 2002 15:36:27 +0000 (15:36 +0000)]
New functions: rad_lockfd() and rad_unlockfd(), to get rid of
duplication of file locking code.
aland [Thu, 21 Feb 2002 22:46:40 +0000 (22:46 +0000)]
Don't use a global 'acctfd'
As a result, update 'session_zap' to take an fd as an argument.
Update radutmp to use 'request->packet->fd', instead of the global
acctfd
aland [Thu, 21 Feb 2002 20:36:34 +0000 (20:36 +0000)]
Enable passwd caching by default.
Add a note that turning caching off may cause problems.
aland [Thu, 21 Feb 2002 19:11:01 +0000 (19:11 +0000)]
If we match a huntgroup, then add an attribute saying that
to the request. This is so it can be used && examined later.
Based on a patch from Simon Allard <simon.allard@staff.ihug.co.nz>
aland [Thu, 21 Feb 2002 16:23:47 +0000 (16:23 +0000)]
Patch to PostgreSQL schema for operators.
From Igor Chen <cron@office.lintec.com.ua>
kkalev [Thu, 21 Feb 2002 00:04:11 +0000 (00:04 +0000)]
Update documentation
kkalev [Thu, 21 Feb 2002 00:03:03 +0000 (00:03 +0000)]
Remove the auth_type directive. Change the ldap caching default to no (ldap_cache_timeout = 0)
aland [Wed, 20 Feb 2002 21:35:36 +0000 (21:35 +0000)]
Clear more fields of the request when deleting it, and if
debugging, mark up the secret so that it's easier to tell that
the request has been deleted.
aland [Wed, 20 Feb 2002 16:42:14 +0000 (16:42 +0000)]
Added patch for heimdal code, from
"Kevin C. Miller" <kevinm@andrew.cmu.edu>
Added note that this is NOT configurable, as the patch deletes
existing functionality, and replaces it with different code.
This kind of non-configurable code which removes existing, tested,
and working code is not very polite.
aland [Wed, 20 Feb 2002 16:22:15 +0000 (16:22 +0000)]
postgresql's 'PQcmdTuples' used in function 'affected_rows'
doesn't returns number of affected rows for SELECT statement, but
returns empty string. Use PQntuples(), instead.
Patch from Andrew Kukhta <andy@wubn.net>