aland [Mon, 31 May 2004 18:29:23 +0000 (18:29 +0000)]
Move fix from the head to the branch
phampson [Mon, 31 May 2004 14:20:35 +0000 (14:20 +0000)]
Regenerate autoconf for pre1 release.
phampson [Mon, 31 May 2004 14:15:27 +0000 (14:15 +0000)]
That's pre1, dammit.
phampson [Mon, 31 May 2004 13:38:01 +0000 (13:38 +0000)]
Pull downstream Debian changelog.
phampson [Mon, 31 May 2004 13:25:23 +0000 (13:25 +0000)]
I said pre1, not pre0.
phampson [Mon, 31 May 2004 13:24:41 +0000 (13:24 +0000)]
Preparation for 1.0.0-pre1 release
3APA3A [Mon, 31 May 2004 10:16:56 +0000 (10:16 +0000)]
! ignoreempty configuration option added
3APA3A [Mon, 31 May 2004 10:14:05 +0000 (10:14 +0000)]
! ignoreempty configuration option added to avoid addition of empty values
phampson [Sun, 30 May 2004 04:06:10 +0000 (04:06 +0000)]
Finish fixing rlm_eap_ttls' usage of rlm_eap_tls
aland [Fri, 28 May 2004 21:45:07 +0000 (21:45 +0000)]
use Stripped-User-Name for proxied packets, independent of whether
request->proxy existed, or not
aland [Fri, 28 May 2004 17:07:07 +0000 (17:07 +0000)]
Include foundry dictionary in main dictionary
New Foundry attributes, as posted to the list by Dave Mussulman
aland [Fri, 28 May 2004 17:00:35 +0000 (17:00 +0000)]
Changed "unsigned long" to "uint32_t", which is portable.
Changes "unsigned char" to "uint8_t", which is portable.
Removed a "static" buffer in sha1.c, which was unnecessary, and
would break threading.
phampson [Fri, 28 May 2004 16:17:48 +0000 (16:17 +0000)]
Attempt to fix library loading for non-RTLD_GLOBAL libltdl
aland [Fri, 28 May 2004 15:00:04 +0000 (15:00 +0000)]
If new proxy FD's were allocated without the current destination
knowing, then update the destinations knowledge of Fd's, if it
runs out of Id's to use.
This code is in preference to allocating a new proxy Fd.
aland [Fri, 28 May 2004 14:42:26 +0000 (14:42 +0000)]
Get rid of "proxyfd", and use the new rad_listen_t structure.
Allocate more than one proxy FD, when the first one has all Id's
used. It isn't currently perfect, but it will do.
phampson [Fri, 28 May 2004 12:43:16 +0000 (12:43 +0000)]
Replaced GPL'd snprintf.c in libradius with LGPL'd snprintf.[ch] from
http://savannah.gnu.org/cgi-bin/viewcvs/mailutils/mailutils/lib/snprintf.c?rev=1.4
http://savannah.gnu.org/cgi-bin/viewcvs/mailutils/mailutils/lib/snprintf.h?rev=1.4
The final step in FreeRADIUS bug #21.
phampson [Fri, 28 May 2004 07:25:41 +0000 (07:25 +0000)]
Move (GPL'd) smbdes.c into the (GPL'd) modules that require it:
rlm_mschap
rlm_eap_leap
and out of the (LGPL'd) libradius.
Another brick in the wall that is FreeRADIUS bug 21
phampson [Fri, 28 May 2004 07:20:14 +0000 (07:20 +0000)]
Move (GPL'd) smbdes.c into the (GPL'd) modules that require it:
rlm_mschap
rlm_eap_leap
and out of the (LGPL'd) libradius.
Another brick in the wall that is FreeRADIUS bug 21
phampson [Fri, 28 May 2004 06:27:52 +0000 (06:27 +0000)]
Public domain version of MD4 algorithm, from OpenBSD archives.
Also correct the source URL in the md5 files.
Another brick in the wall for FreeRADIUS bug #21.
phampson [Fri, 28 May 2004 04:56:36 +0000 (04:56 +0000)]
Open source MD5 implementation by Colin Plumb
Fetched from: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/crypto/md5.[ch]
Another brick in the wall that is FreeRADIUS Bug 21.
mgriego [Thu, 27 May 2004 22:10:17 +0000 (22:10 +0000)]
Return my_ok in case we changed the outcome of the verification routine.
Also fix compiler warnings about incompatible pointer types on the
SSL_get_ex_data calls.
aland [Thu, 27 May 2004 17:06:07 +0000 (17:06 +0000)]
It's ipaddr, not string.
By Travis Rayhons, dordt.edu
aland [Tue, 25 May 2004 19:08:48 +0000 (19:08 +0000)]
Update debug messages
aland [Tue, 25 May 2004 18:35:32 +0000 (18:35 +0000)]
Only call xlat on quoted strings, and not on strings where
the first and last characters happen to be identical
phampson [Tue, 25 May 2004 06:56:43 +0000 (06:56 +0000)]
SQL-Xlat support, avoid unneccessary stringcopy when checking results.
Also xlat's config items.
aland [Fri, 21 May 2004 14:57:19 +0000 (14:57 +0000)]
A little more backwards compatibility
aland [Fri, 21 May 2004 14:40:39 +0000 (14:40 +0000)]
If the User-Password has zero length, encrypt 16 bytes of zero.
Bug #68
aland [Wed, 19 May 2004 19:40:11 +0000 (19:40 +0000)]
Corrected typo
aland [Wed, 19 May 2004 18:03:43 +0000 (18:03 +0000)]
Made "live" new code to allocate packet Id's on a per-destination
ip/port pair. It also keeps track of outstanding duplicate proxied
requests, and doesn't re-use Id's until the request is timed out,
or until it's seen all of the replies.
This should work well in most cases, but may have issues in some
boundary conditions (e.g. when the NAS re-uses an Id before we've
seen all of the replies from the home server.)
To fix those problems, we've got to do a little more work to keep
track of "replies from the home server which we can ignore"
phampson [Tue, 18 May 2004 00:09:59 +0000 (00:09 +0000)]
Fix lost-start Alive accounting packet handling.
A failed UPDATE is not an error, so check if we affected anything instead.
phampson [Mon, 17 May 2004 14:07:22 +0000 (14:07 +0000)]
Rebuild configure from configure.in 1.198
phampson [Mon, 17 May 2004 14:06:13 +0000 (14:06 +0000)]
Update configure.in to check for initgroups()
phampson [Mon, 17 May 2004 13:41:27 +0000 (13:41 +0000)]
= is not a safe character, it is the escape character.
Thanks to Fabian Ritzmann
aland [Mon, 17 May 2004 09:52:05 +0000 (09:52 +0000)]
Don't declare variables in code. They got at the top of the function.
aland [Mon, 17 May 2004 07:48:33 +0000 (07:48 +0000)]
"Password" attribute is encrypted, too
aland [Sun, 16 May 2004 18:31:01 +0000 (18:31 +0000)]
Deleted unwanted fprintf
Include arpa/inet.h, so that htonl and friends work. This was
causing *weird* bugs under SFU. We should probably move netinet/in.h
and arpa/inet.h inclusion to include/radiusd.h, as many files
already use them
aland [Sun, 16 May 2004 12:53:19 +0000 (12:53 +0000)]
Not all systems have initgroups.
Don't use C++ style comments
mgriego [Sat, 15 May 2004 20:09:37 +0000 (20:09 +0000)]
Don't exit() on error in check_for_realm.
mgriego [Sat, 15 May 2004 15:50:26 +0000 (15:50 +0000)]
Don't exit() on failure in instantiate function, let the core handle
exiting. Just return -1 on any failure.
mgriego [Sat, 15 May 2004 15:30:13 +0000 (15:30 +0000)]
Don't exit() from failures in the module, return RLM_MODULE_FAIL.
mgriego [Sat, 15 May 2004 15:09:44 +0000 (15:09 +0000)]
Don't exit() if buildhash fails, return RLM_MODULE_FAIL.
mgriego [Sat, 15 May 2004 14:57:41 +0000 (14:57 +0000)]
Don't exit() on memory alloc failure, return RLM_MODULE_FAIL instead.
mgriego [Sat, 15 May 2004 14:51:26 +0000 (14:51 +0000)]
Don't exit() on module failure, return RLM_MODULE_FAIL
aland [Fri, 14 May 2004 14:23:04 +0000 (14:23 +0000)]
When deleting a request, do NOT clean up the proxy tree & Id
allocation if we've seen a reply from the homer server.
The code which deals with the reply from the home server already
takes care of doing this.
If we do it again, then we delete *live* proxied requests, which
are unrelated to the older one we're deleting.
Bug found by Stephan Jaeger
aland [Fri, 14 May 2004 11:57:32 +0000 (11:57 +0000)]
Well, duh. Insert the entry into the tree after allocating it
aland [Fri, 14 May 2004 08:51:32 +0000 (08:51 +0000)]
More debugging messages for new proxy ID allocation
aland [Fri, 14 May 2004 08:47:12 +0000 (08:47 +0000)]
Moved rl_add_proxy from radiusd.c to proxy.c, so we can
allocate Id's, and insert the request into the proxy queue, before
it's sent to the home server
aland [Fri, 14 May 2004 08:37:08 +0000 (08:37 +0000)]
Initialize the mutex if we have pthread.h
aland [Fri, 14 May 2004 08:34:44 +0000 (08:34 +0000)]
When over-writing data, free old data (if necessary), before
replacing it
mgriego [Thu, 13 May 2004 20:56:54 +0000 (20:56 +0000)]
Also xlat attributes from hints file added to the request list.
pnixon [Thu, 13 May 2004 20:27:50 +0000 (20:27 +0000)]
Add new function and change schema to support Cisco CSPS
pnixon [Thu, 13 May 2004 20:10:15 +0000 (20:10 +0000)]
Move src/billing/pgsql-voip.conf to raddb/pgsql-voip.conf and add sample config and comments to radiusd.conf
phampson [Wed, 12 May 2004 14:43:37 +0000 (14:43 +0000)]
Fix type in changelog: microtek => mikrotik
Support xlating backquoted reply values in rlm_sql, like in rlm_files
FreeRADIUS bug #59
aland [Wed, 12 May 2004 06:26:45 +0000 (06:26 +0000)]
Removed extraneous exit(0)
Bug #63
aland [Mon, 10 May 2004 15:07:57 +0000 (15:07 +0000)]
Updates from Joe Levy at SonicWall
aland [Mon, 10 May 2004 14:05:11 +0000 (14:05 +0000)]
It's an instance of the SQL module
phampson [Sat, 8 May 2004 18:43:46 +0000 (18:43 +0000)]
Rebuild configure against configure.in 1.197
phampson [Sat, 8 May 2004 18:42:55 +0000 (18:42 +0000)]
Correctly identify system OpenSSL in top-level configure
This doesn't appear to be being used at the moment though.
aland [Sat, 8 May 2004 14:32:13 +0000 (14:32 +0000)]
As found on the net, with edits to make it more compatible with
FreeRADIUS
aland [Fri, 7 May 2004 19:37:57 +0000 (19:37 +0000)]
If the queue of requests to process gets too large, it's a log
message, not a debug message
aland [Fri, 7 May 2004 19:31:35 +0000 (19:31 +0000)]
New (not compiled) code to allocate RADIUS Id's for proxied packets,
on a per-destination ip/port pair.
This code is untested, and should be tested before it's put into
wider circulation.
Right now, it only handles 256 entries per ip/port pair, and we
probably should fix that. But doing so involves allocating more
proxy sockets on the server, which starts becoming problematic.
aland [Fri, 7 May 2004 19:07:16 +0000 (19:07 +0000)]
Use sockfd to manage trees for proxied packets, too
aland [Thu, 6 May 2004 14:37:21 +0000 (14:37 +0000)]
Don't de-reference a pointer which may be NULL.
On error, return error codes.
aland [Wed, 5 May 2004 16:20:40 +0000 (16:20 +0000)]
re-arranged the code in eap_start.
It now checks eap_msg->length before de-referencing its contents.
EAP-Message lengths of 0 or 2 are considered to be EAP-Starts.
(Zero wasn't permitted before)
EAP-Packets of less than 5 bytes are discarded.
aland [Mon, 3 May 2004 20:47:28 +0000 (20:47 +0000)]
Added sample "ntdomain" realm.
Hmm... we can probably get rid of the "ignore_default" and "ignore_null"
configuration entries by using configurable module fail-over.
This would be preferable to the existing solution, I think.
aland [Mon, 3 May 2004 20:34:40 +0000 (20:34 +0000)]
Documented Post-Auth-Type of REJECT
aland [Mon, 3 May 2004 18:02:52 +0000 (18:02 +0000)]
Corrected xlat of "Challenge", to use the "with_ntdomain_hack"
directive properly.
phampson [Mon, 3 May 2004 12:30:05 +0000 (12:30 +0000)]
Don't barf if initgroups fails with EPERM:
If we're -HUPing, we should have done this already.
If we don't have sufficient permissions, setuid will catch this.
Thanks again to Robby Griffin
FreeRADIUS Bug #55, http://bugs.freeradius.org/show_bug.cgi?id=55
kkalev [Mon, 3 May 2004 12:15:09 +0000 (12:15 +0000)]
Also allow for '-' to exist in a nas name in bin/log_badlogins
kkalev [Mon, 3 May 2004 10:51:26 +0000 (10:51 +0000)]
Return NOTFOUND if we don't find a free address in the pool. Return FAIL when we
get an out of memory error.
kkalev [Sun, 2 May 2004 12:57:33 +0000 (12:57 +0000)]
Add backreferences in rlm_attr_rewrite stolen from the corresponding
factionality in the server core.
This closes bug#48
phampson [Sat, 1 May 2004 11:31:36 +0000 (11:31 +0000)]
Document what the unimplemented function is.
phampson [Sat, 1 May 2004 11:17:27 +0000 (11:17 +0000)]
Use initgroups to enable supplementary groups for switched-to user.
Thanks to Robby Griffin
phampson [Sat, 1 May 2004 09:32:14 +0000 (09:32 +0000)]
Add support for Microtek NASs via SNMP to checkrad.pl
Improve support for Microtek NASs via telnet in checkrad.pl
Patch by Evren Yurtesen (http://bugs.freeradius.org/show_bug.cgi?id=45)
aland [Fri, 30 Apr 2004 18:32:06 +0000 (18:32 +0000)]
Don't destroy attributes which may already be in a RADIUS_PACKET
If a tag is zero, then it's valid, too, and should be skipped
aland [Fri, 30 Apr 2004 18:23:08 +0000 (18:23 +0000)]
Re-arranged, and sanity checked the attributes.
Documented which ranges are used for what, and why, so we don't
have duplicated attributes again.
kkalev [Fri, 30 Apr 2004 07:54:56 +0000 (07:54 +0000)]
Small change to ldap_get_conn to fix problems on some platforms
aland [Thu, 29 Apr 2004 18:55:15 +0000 (18:55 +0000)]
Re-run autoconf, from latest configure.in changes
phampson [Thu, 29 Apr 2004 11:08:40 +0000 (11:08 +0000)]
Fix invalid mySQL DATE_SUB usage.
kkalev [Wed, 28 Apr 2004 22:14:22 +0000 (22:14 +0000)]
Fix bug #28
kkalev [Wed, 28 Apr 2004 22:04:03 +0000 (22:04 +0000)]
Add a patch from Nicolas Baradakis
(http://lists.cistron.nl/archives/freeradius-devel/2004/01/frm00084.html)
to put Chap-Password in the pass field in the postauth query for chap logins.
This closes bug #41
kkalev [Wed, 28 Apr 2004 21:57:38 +0000 (21:57 +0000)]
Update sql.conf with the safe-characters directive
kkalev [Wed, 28 Apr 2004 21:55:16 +0000 (21:55 +0000)]
Add a safe-characters configuration directive containing the safe characters
list used by sql_escape_string
kkalev [Wed, 28 Apr 2004 21:28:37 +0000 (21:28 +0000)]
Add a comment about keeping the database in memory mapped filesystems/files
kkalev [Wed, 28 Apr 2004 21:22:40 +0000 (21:22 +0000)]
Add a one line patch from Martin Seine
(http://lists.cistron.nl/pipermail/freeradius-devel/2004-March/006897.html)
Keep the number of retransmissions for each outstanding request.
If we do a retransmission we set the retransmit time by the formula:
if (r->retrans_num > 20)
r->retrans = now + 70;
else
r->retrans = now + 3 + (3 * r->retrans_num);
The above can help if the radius server is just overloaded and can't respond quickly enough
to the requests. Even if it is down, sending packets every 70secs instead of 3secs is
generally a good idea.
aland [Wed, 28 Apr 2004 14:56:18 +0000 (14:56 +0000)]
Corrected overloading of '1023' attribute. It would help if the
dictionaries were organized neatly...
aland [Mon, 26 Apr 2004 15:46:29 +0000 (15:46 +0000)]
For ProFTPd
aland [Mon, 26 Apr 2004 14:22:41 +0000 (14:22 +0000)]
On unknown EAP code, smash it, and replace it with EAP-Failure
aland [Fri, 23 Apr 2004 19:50:29 +0000 (19:50 +0000)]
Replaced an assertion with a run-time check, and error
aland [Fri, 23 Apr 2004 19:08:22 +0000 (19:08 +0000)]
Deleted c++ comments
aland [Thu, 22 Apr 2004 15:22:31 +0000 (15:22 +0000)]
Documented ntlm_auth
aland [Thu, 22 Apr 2004 15:17:04 +0000 (15:17 +0000)]
Updated for latest changes
aland [Thu, 22 Apr 2004 14:29:42 +0000 (14:29 +0000)]
When copying an attribute, copy ALL of it, not just some.
It was throwing away the "flags" information from VALUE_PAIR
Bug found by "Holger Steppke"
kkalev [Thu, 22 Apr 2004 07:18:24 +0000 (07:18 +0000)]
Make nas_list actually work
phampson [Wed, 21 Apr 2004 15:34:25 +0000 (15:34 +0000)]
Debian: Further freeradius-dialupadmin improvements.
kkalev [Wed, 21 Apr 2004 13:31:53 +0000 (13:31 +0000)]
Update a log message
phampson [Wed, 21 Apr 2004 00:24:12 +0000 (00:24 +0000)]
Debian: Further freeradius-dialupadmin improvements.
kkalev [Tue, 20 Apr 2004 13:14:18 +0000 (13:14 +0000)]
Keep the nas list in a separate array $nas_list. Update various pages to use that one now.
aland [Mon, 19 Apr 2004 20:21:19 +0000 (20:21 +0000)]
Call post-auth after receiving an Access-Accept for the tunneled
session, which was proxied to another server
aland [Mon, 19 Apr 2004 20:15:30 +0000 (20:15 +0000)]
Correct the fix for checking MS-length.
Bug #60
projects / freeradius.git / log