aland [Fri, 20 Apr 2007 14:08:44 +0000 (14:08 +0000)]
Can't remove lvalue completely until we've audited the code
for all locations that assume they can write data to vp_strvalue
of an integer/date/ipaddr type
aland [Fri, 20 Apr 2007 13:19:27 +0000 (13:19 +0000)]
IPv6 is now supported
aland [Fri, 20 Apr 2007 11:59:10 +0000 (11:59 +0000)]
Note warnings if there's no DH, and how to fix it.
aland [Fri, 20 Apr 2007 11:48:40 +0000 (11:48 +0000)]
Note command to create DH file
aland [Fri, 20 Apr 2007 09:26:00 +0000 (09:26 +0000)]
Removed the "verified" field from RADIUS_PACKET, as we no longer
accept old-style accounting packets
aland [Fri, 20 Apr 2007 09:21:41 +0000 (09:21 +0000)]
RADCLIENT is not const, as it gets updated for SNMP stats
aland [Fri, 20 Apr 2007 08:48:54 +0000 (08:48 +0000)]
Added rad_recv_header() function, which calls MSG_PEEK on the
socket to get the header, and the source IP. This allows us
to perform some basic sanity checks, like "known client" before
we allocate memory for the packet.
This slows the server down slightly for normal cases, but can
greatly improve its robustness to DoS attacks. As of now, it
logs *nothing* and allocates *no* memory on a DoS, so it should
be able to deal with them pretty well.
The rad_recv_header() function also returns the size of the packet
(taken from the header), which can permit us in the future to
minimize the number of memory allocations we make.
aland [Fri, 20 Apr 2007 08:43:21 +0000 (08:43 +0000)]
Removed "lvalue" from the VALUE_PAIR structure. This will break
many third-party modules.
However, it enables us to pass the VALUE_PAIR_DATA structure
around, and do comparisons on it, which should permit greater
flexibility in the configuration.
aland [Fri, 20 Apr 2007 08:41:28 +0000 (08:41 +0000)]
run "can_handle_new_request" on all packets, not just ones
which are completely new (i.e. for which there is no request
in the request hash)
Update "received_retransmit" to handle duplicate accounting packets.
These should NOT happen, but the code now handles them.
aland [Thu, 19 Apr 2007 15:36:14 +0000 (15:36 +0000)]
more lvalue to vp_* changes
aland [Thu, 19 Apr 2007 15:32:09 +0000 (15:32 +0000)]
More lvalue to vp_integer changes
aland [Thu, 19 Apr 2007 15:30:54 +0000 (15:30 +0000)]
vp->lvalue to vp->vp_integer changes
aland [Thu, 19 Apr 2007 10:26:58 +0000 (10:26 +0000)]
Use brackets
aland [Thu, 19 Apr 2007 08:46:49 +0000 (08:46 +0000)]
cf_data_add() sends us a static string. cf_data_add_internal()
sends us a dynamically allocated string
aland [Thu, 19 Apr 2007 08:37:13 +0000 (08:37 +0000)]
Set tree_num to NULL after freeing it
aland [Thu, 19 Apr 2007 08:26:31 +0000 (08:26 +0000)]
If free'ing mainconfig.clients, set it to NULL.
If allocating a client and mainconfig.clients is NULL, allocate
mainconfig.clients
aland [Wed, 18 Apr 2007 15:08:09 +0000 (15:08 +0000)]
Catch clients added by rlm_sql
aland [Wed, 18 Apr 2007 13:57:42 +0000 (13:57 +0000)]
Move components to tree rather than hash, which is slightly
faster
aland [Wed, 18 Apr 2007 13:29:30 +0000 (13:29 +0000)]
Be more careful about not doing SNMP stats if its not enabled
aland [Wed, 18 Apr 2007 13:24:13 +0000 (13:24 +0000)]
Squeeze a few more cycles out of the event handler via a helper
function in rbtree.c
aland [Wed, 18 Apr 2007 11:43:41 +0000 (11:43 +0000)]
Cache DICT_VALUE for inst->name, so we don't call pairparsevalue
on every packet
aland [Wed, 18 Apr 2007 11:32:59 +0000 (11:32 +0000)]
Cache the base 256 attributes again, as they're looked up
a lot.
aland [Wed, 18 Apr 2007 11:08:38 +0000 (11:08 +0000)]
New function to return rbnode_t * when a node is inserted.
When deleting nodes, do NOT move Node->Data from one to another,
as the caller may be pointing to Node.
Cache rbnode_t* in lrad_event_t, which speeds up deletions
enormously.
aland [Wed, 18 Apr 2007 10:57:30 +0000 (10:57 +0000)]
Move event free to before free_mainconfig, as it needs the
listeners for SNMP stuff.
aland [Wed, 18 Apr 2007 10:03:29 +0000 (10:03 +0000)]
Now that we're caching request->ev, ensure it's updated and/or
NULL'd when we run an event, delete an event, or insert a new
event.
Also put a macro around the calls to inserting events in event.c,
so that changes to the API can be done more easily. It also makes
the code easier to understand, too
aland [Wed, 18 Apr 2007 09:50:45 +0000 (09:50 +0000)]
lvalue -> vp_integer
aland [Tue, 17 Apr 2007 16:08:00 +0000 (16:08 +0000)]
Corrected typo. Found by Kevin Bonner
aland [Tue, 17 Apr 2007 16:04:33 +0000 (16:04 +0000)]
Clean up event stuff... add event ptr to request && home server,
which removes one tree lookup
aland [Tue, 17 Apr 2007 14:09:25 +0000 (14:09 +0000)]
It's not a conflicting request if the old request is done.
aland [Tue, 17 Apr 2007 13:34:07 +0000 (13:34 +0000)]
Moved more common "create VALUE_PAIR" code to one function.
aland [Tue, 17 Apr 2007 13:14:50 +0000 (13:14 +0000)]
Rename vp->lvalue to vp->vp_*, as appropriate.
Only the EAP module is left. Once that's done, we can remove
vp->lvalue
aland [Tue, 17 Apr 2007 12:17:30 +0000 (12:17 +0000)]
Define SHA1-Password, as the documentation references it.
aland [Tue, 17 Apr 2007 09:22:36 +0000 (09:22 +0000)]
Remember per-listener clients in the "tree by number", too,
so that when we walk over the clients via SNMP, we return
statistics for them, too
Note that on HUP, all of the client statistics are currently lost.
aland [Tue, 17 Apr 2007 09:21:08 +0000 (09:21 +0000)]
removed unused variable
aland [Tue, 17 Apr 2007 09:05:27 +0000 (09:05 +0000)]
Reduce the verbosity of SNMP when in debug level 2
aland [Tue, 17 Apr 2007 08:36:57 +0000 (08:36 +0000)]
Remove array of old configs on HUP
Fix underlying problem where clients were free'd twice
aland [Tue, 17 Apr 2007 08:35:13 +0000 (08:35 +0000)]
Remember the tree of clients by number.
aland [Tue, 17 Apr 2007 07:58:50 +0000 (07:58 +0000)]
More replace vp->lvalue with vp->vp_*
aland [Tue, 17 Apr 2007 07:52:44 +0000 (07:52 +0000)]
Replace vp->lvalue with vp->vp_*, in preparation for more
sweeping changes
aland [Tue, 17 Apr 2007 07:47:03 +0000 (07:47 +0000)]
When done, return the last result.
Hmm... we should probably short-circuit the checks
aland [Tue, 17 Apr 2007 07:45:43 +0000 (07:45 +0000)]
C files depend on libradius.h, too
aland [Mon, 16 Apr 2007 14:36:21 +0000 (14:36 +0000)]
Don't skip over SMUX registration on HUP
aland [Mon, 16 Apr 2007 12:15:37 +0000 (12:15 +0000)]
Allow HUPs to work from debugging mode, and to NOT turn off
the debug output.
Keep track of the last N configurations, and delay freeing them
until absolutely necessary.
aland [Mon, 16 Apr 2007 12:10:56 +0000 (12:10 +0000)]
Don't do SNMP counters for detail file
aland [Mon, 16 Apr 2007 11:53:00 +0000 (11:53 +0000)]
Try to keep SNMP going on HUP.
Based on a patch from bug #150
nbk [Mon, 16 Apr 2007 10:54:19 +0000 (10:54 +0000)]
Link libradius to radsniff, too.
nbk [Mon, 16 Apr 2007 09:54:17 +0000 (09:54 +0000)]
Declare a prototype for xlat_free().
nbk [Mon, 16 Apr 2007 09:47:59 +0000 (09:47 +0000)]
Remove dead link from the documentation. (closes: #444)
Thanks to Thor Spruyt <thor.spruyt@pandora.be>
aland [Mon, 16 Apr 2007 09:46:15 +0000 (09:46 +0000)]
Move libradius to link BEFORE the other libraries, as it may
pull in symbols from those other libraries
aland [Mon, 16 Apr 2007 09:14:48 +0000 (09:14 +0000)]
Allow non-regex matches to work, too
aland [Mon, 16 Apr 2007 09:06:03 +0000 (09:06 +0000)]
Added pair compare's for packet src/dst IP, src/dst port,
server identity, and a number of other useful things.
Cleaned up the pair compare stuff a little, so that the callbacks
are separate from the simple comparisons, and the callbacks can
create VP's, and call "compare VP" function.
This means that you can now do regex matches on almost anything,
too...
aland [Mon, 16 Apr 2007 07:55:00 +0000 (07:55 +0000)]
Add check for gettimeofday
nbk [Mon, 16 Apr 2007 07:53:08 +0000 (07:53 +0000)]
Include missing header "udpfromto.h".
aland [Sat, 14 Apr 2007 21:07:01 +0000 (21:07 +0000)]
Update timers when moving request from one home server to
another.
Preliminary test code (commented out) for perhaps doing
automatic weighting of home servers, by keeping track of RTT and
RTO
aland [Sat, 14 Apr 2007 21:05:32 +0000 (21:05 +0000)]
revert earlier change
aland [Sat, 14 Apr 2007 20:37:26 +0000 (20:37 +0000)]
Ensure reset_signal returns something (not that the caller
actually uses that value...)
aland [Sat, 14 Apr 2007 20:36:55 +0000 (20:36 +0000)]
Take care of more missing functions
aland [Sat, 14 Apr 2007 20:32:06 +0000 (20:32 +0000)]
When building without pthreads, call correct function
aland [Sat, 14 Apr 2007 18:00:05 +0000 (18:00 +0000)]
open is a function, not a variable name
aland [Sat, 14 Apr 2007 17:57:04 +0000 (17:57 +0000)]
Define gettimeofday() for systems that don't have it
aland [Sat, 14 Apr 2007 17:50:08 +0000 (17:50 +0000)]
Clean up header files
aland [Sat, 14 Apr 2007 17:22:19 +0000 (17:22 +0000)]
Clean up header files
aland [Sat, 14 Apr 2007 16:57:13 +0000 (16:57 +0000)]
Don't build the module if there's no regex.h
aland [Sat, 14 Apr 2007 12:33:51 +0000 (12:33 +0000)]
Check for more #ifdef's
aland [Sat, 14 Apr 2007 12:33:26 +0000 (12:33 +0000)]
Added more header files && libraries
removed gethostname() function, which is only used by rlm_smb,
which no one should be using
aland [Sat, 14 Apr 2007 11:57:20 +0000 (11:57 +0000)]
Check for pwd.h && grp.h, and don't build rlm_unix if they're
not found
aland [Sat, 14 Apr 2007 11:45:31 +0000 (11:45 +0000)]
We don't need pwd.h or grp.h
aland [Sat, 14 Apr 2007 11:42:39 +0000 (11:42 +0000)]
Include getaddrinfo, too
aland [Sat, 14 Apr 2007 11:40:36 +0000 (11:40 +0000)]
Corrected typos, etc. so it builds
aland [Sat, 14 Apr 2007 11:24:02 +0000 (11:24 +0000)]
Removed unused label
aland [Sat, 14 Apr 2007 01:26:11 +0000 (01:26 +0000)]
Third argument to strlcpy is size of output buffer, not length
of string to be copied
aland [Fri, 13 Apr 2007 10:47:24 +0000 (10:47 +0000)]
Clean up some header files
aland [Fri, 13 Apr 2007 10:35:28 +0000 (10:35 +0000)]
Clean up header files
aland [Thu, 12 Apr 2007 10:05:28 +0000 (10:05 +0000)]
Don't re-initialize SNMP on HUP.
aland [Thu, 12 Apr 2007 09:55:24 +0000 (09:55 +0000)]
It's OK if we can't create a Post-Auth-Type = Reject.
It probably means that the user didn't define one.
aland [Thu, 12 Apr 2007 07:45:55 +0000 (07:45 +0000)]
Use new lrad_ipaddr_cmp() function
aland [Wed, 11 Apr 2007 13:55:53 +0000 (13:55 +0000)]
move lrad_ipaddr_cmp() from packet.c to misc.c, make it public,
and make others use it
aland [Wed, 11 Apr 2007 13:55:07 +0000 (13:55 +0000)]
pairfree(&vp) on parse error.
This fixes Coverity bug #32
aland [Wed, 11 Apr 2007 12:47:07 +0000 (12:47 +0000)]
Update more SNMP counters after double-checking them.
Don't proxy if we find Auth-Type := Reject
aland [Wed, 11 Apr 2007 12:46:21 +0000 (12:46 +0000)]
Note new SNMP support
aland [Wed, 11 Apr 2007 12:45:52 +0000 (12:45 +0000)]
Don't return c->ipaddr, it's a struct. Return c->ipaddr.ipaddr.ip4addr,
OR NULL if it's an IPv6 client.
Double-check more return codes
aland [Wed, 11 Apr 2007 08:50:48 +0000 (08:50 +0000)]
removed rad_postauth_reject(), and multiple references to it in
auth.c
Added code in request_post_handler to call rad_postauth() for
Access-Reject packets. We now have one place in the code where
the "Post-Auth-Type = Reject" functionality is called, and less
code
aland [Wed, 11 Apr 2007 08:47:28 +0000 (08:47 +0000)]
Quench reject_delay to be no less than zero
aland [Wed, 11 Apr 2007 05:04:33 +0000 (05:04 +0000)]
Allow cleanup_delay() to be called with REQUEST_DONE, too.
In cleanup_delay(), call wait_for_proxy_id_to_expire only if
the request is in the proxy hash. If the request has been
proxied and we suddenly find there's no home servers, we will
have request->proxy, but it won't be in the proxy hash.
In wait_a_bit() call cleanup_delay() when the request is marked
REQUEST_DONE, to avoid memory leaks.
When switching a proxied request from a dead home server to a
live one, call wait_a_bit() after request_post_handler (which
is what normally happens) to ensure that REJECT_DELAY, etc.
get properly handled.
aland [Tue, 10 Apr 2007 14:58:52 +0000 (14:58 +0000)]
Set no such child PID for reject/cleanup requests
aland [Tue, 10 Apr 2007 14:21:23 +0000 (14:21 +0000)]
Keep SNMP statistics for packets we receive from clients, too.
This should make the server somewhat more useful in some situations.
TO DO
- update to new RFC's with IPv6 support
- add client MIBs for proxied packets
- double-check that counters meet "issues & fixes" text
aland [Tue, 10 Apr 2007 13:36:06 +0000 (13:36 +0000)]
Remember the new home server
Set proxy->data to NULL after free'ing it
aland [Tue, 10 Apr 2007 13:11:01 +0000 (13:11 +0000)]
Moved SNMP socket handling to listen.c, in preparation for
priority queues of sockets.
i.e. we may decide to completely ignore SNMP requests if there
is a pending queue of authentication requests.
aland [Tue, 10 Apr 2007 11:30:27 +0000 (11:30 +0000)]
make ':-' work again
aland [Tue, 10 Apr 2007 10:39:04 +0000 (10:39 +0000)]
cleaned up debug messages
aland [Tue, 10 Apr 2007 10:27:13 +0000 (10:27 +0000)]
Update the copyright years
aland [Tue, 10 Apr 2007 10:22:14 +0000 (10:22 +0000)]
rad_panic never returns
In cleanup_delay, remove any pending events.
Otherwise, pending events would be called for a
free'd REQUEST
moved check for zombie home server to separate function
home_server_ldb now takes realm name && pool, not REALM.
This lets us send an outstanding request to a different
home server for the same realm, when we receive a retransmit,
and discover that the realm has (or should have been)
marked dead.
This functionality should minimize the number of requests
that don't get responses.
aland [Tue, 10 Apr 2007 08:00:47 +0000 (08:00 +0000)]
*** empty log message ***
aland [Mon, 9 Apr 2007 23:26:27 +0000 (23:26 +0000)]
use sizeof()
aland [Sun, 8 Apr 2007 14:18:01 +0000 (14:18 +0000)]
Added RFC 4679 dictionary
aland [Sun, 8 Apr 2007 14:04:54 +0000 (14:04 +0000)]
Added DSL forum informational RFC
aland [Sun, 8 Apr 2007 14:04:11 +0000 (14:04 +0000)]
Pulled new RFC's from IETF.org
aland [Sun, 8 Apr 2007 07:14:57 +0000 (07:14 +0000)]
Add more LDAP escaping rules from RFC 2253
aland [Sun, 8 Apr 2007 06:31:58 +0000 (06:31 +0000)]
Corrected typo
This fixes bug #440
aland [Sun, 8 Apr 2007 06:29:16 +0000 (06:29 +0000)]
Use memcmp, rather than doing the comparison by hand.
This fixes bug #438