Alan T. DeKok [Fri, 5 Sep 2008 13:27:57 +0000 (15:27 +0200)]
Stupid debian date stuff
Alan T. DeKok [Fri, 5 Sep 2008 11:20:58 +0000 (13:20 +0200)]
Updated dates
Alan T. DeKok [Fri, 5 Sep 2008 05:18:09 +0000 (07:18 +0200)]
Corrected typo
Alan T. DeKok [Thu, 4 Sep 2008 14:12:46 +0000 (16:12 +0200)]
Note 2.1.0
Alan T. DeKok [Thu, 4 Sep 2008 14:08:16 +0000 (16:08 +0200)]
Too many cool things to make it 2.0.6
Alan T. DeKok [Thu, 4 Sep 2008 12:26:29 +0000 (14:26 +0200)]
Set more sockets to KNOWN
Alan T. DeKok [Thu, 4 Sep 2008 12:10:53 +0000 (14:10 +0200)]
More messages && printing
Alan T. DeKok [Thu, 4 Sep 2008 12:10:28 +0000 (14:10 +0200)]
Move HUP code to per-module, not global
This allows an infinite number of HUP's, and also multiple hups
for one module.
Alan T. DeKok [Thu, 4 Sep 2008 12:00:16 +0000 (14:00 +0200)]
Initialize sockaddr_un
Alan T. DeKok [Thu, 4 Sep 2008 09:53:40 +0000 (11:53 +0200)]
Use new API for find_module_instance
Alan T. DeKok [Thu, 4 Sep 2008 09:10:29 +0000 (11:10 +0200)]
Document radmin
Alan T. DeKok [Thu, 4 Sep 2008 09:01:45 +0000 (11:01 +0200)]
-lreadline && getpeereid checks
Alan T. DeKok [Thu, 4 Sep 2008 08:54:50 +0000 (10:54 +0200)]
Document radmin
Alan T. DeKok [Thu, 4 Sep 2008 08:47:58 +0000 (10:47 +0200)]
Build radmin by default
Alan T. DeKok [Thu, 4 Sep 2008 08:47:43 +0000 (10:47 +0200)]
r/w socket magic && version number
Alan T. DeKok [Thu, 4 Sep 2008 08:36:18 +0000 (10:36 +0200)]
Added uid/gid checking
Alan T. DeKok [Thu, 4 Sep 2008 08:35:03 +0000 (10:35 +0200)]
Leverage configure checks && use select
Alan T. DeKok [Thu, 4 Sep 2008 06:57:51 +0000 (08:57 +0200)]
More ifdef's for conditional builds
Alan T. DeKok [Thu, 4 Sep 2008 06:40:59 +0000 (08:40 +0200)]
Look for new header files
Alan T. DeKok [Wed, 3 Sep 2008 14:00:14 +0000 (16:00 +0200)]
Wrappers around listen types
Alan T. DeKok [Wed, 3 Sep 2008 10:17:35 +0000 (12:17 +0200)]
Set default socket address && usage
Alan T. DeKok [Wed, 3 Sep 2008 10:12:18 +0000 (12:12 +0200)]
Added example of control socket
Alan T. DeKok [Wed, 3 Sep 2008 10:03:09 +0000 (12:03 +0200)]
Add dynamic clients module
Alan T. DeKok [Wed, 3 Sep 2008 10:02:49 +0000 (12:02 +0200)]
Add radmin tool.
Alan T. DeKok [Wed, 3 Sep 2008 10:01:41 +0000 (12:01 +0200)]
New command sockets.
Alan T. DeKok [Wed, 3 Sep 2008 10:00:15 +0000 (12:00 +0200)]
event_fd_delete API
Alan T. DeKok [Wed, 3 Sep 2008 09:57:19 +0000 (11:57 +0200)]
New module-specific HUP, and find without linking
Alan T. DeKok [Wed, 3 Sep 2008 09:55:45 +0000 (11:55 +0200)]
New API's to update CONF_PAIRs, and get CONF_PARSERS
Alan T. DeKok [Wed, 3 Sep 2008 09:12:41 +0000 (11:12 +0200)]
Handle changed / deleted fd's a bit better
Alan T. DeKok [Mon, 1 Sep 2008 09:06:49 +0000 (11:06 +0200)]
Sample for TTLS/EAP-MSCHAPv2
Alan T. DeKok [Mon, 1 Sep 2008 09:05:51 +0000 (11:05 +0200)]
leverage rlm_dynamic_clients
Alan T. DeKok [Mon, 1 Sep 2008 09:05:02 +0000 (11:05 +0200)]
Dynamic clients can read files from a directory
i.e. create a dynamic client 192.168.0.0/16, and point
it to a directory. When the server starts, it will read ALL
of the files in that directory, and try to add them as clients.
Later, the rlm_dynamic_clients module can re-read them...
Alan T. DeKok [Mon, 1 Sep 2008 09:03:37 +0000 (11:03 +0200)]
Module to read dynamic clients from files
Alan T. DeKok [Sun, 31 Aug 2008 16:01:40 +0000 (18:01 +0200)]
Add forgotten line. Closes #585
Alan T. DeKok [Fri, 29 Aug 2008 18:41:40 +0000 (20:41 +0200)]
Use functions from libfreeradius
Otherwise radeapclient won't build, because we don't (yet)
have a libfreeradius-server
Alan T. DeKok [Fri, 29 Aug 2008 12:53:26 +0000 (14:53 +0200)]
Mark session as resumed
Alan T. DeKok [Thu, 28 Aug 2008 15:37:51 +0000 (17:37 +0200)]
As posted to the list.
Alan T. DeKok [Thu, 28 Aug 2008 14:14:33 +0000 (16:14 +0200)]
Check return code of regcomp. Closes #583
Alan T. DeKok [Thu, 28 Aug 2008 12:28:35 +0000 (14:28 +0200)]
Corrected typo.
Alan T. DeKok [Wed, 27 Aug 2008 14:40:36 +0000 (16:40 +0200)]
Fix compiler warnings
Alan T. DeKok [Wed, 27 Aug 2008 14:37:58 +0000 (16:37 +0200)]
Load CA's only if CA file or CA path are set
Closes bug #477
Alan T. DeKok [Wed, 27 Aug 2008 08:59:04 +0000 (10:59 +0200)]
Add sample inner-eap method
Alan T. DeKok [Wed, 27 Aug 2008 01:07:22 +0000 (03:07 +0200)]
Added EAP RFC
Stephen Gran [Mon, 25 Aug 2008 13:18:19 +0000 (14:18 +0100)]
Fix unsafe use of tmpfile. Signed-off-by: Stephen Gran <steve@lobefin.net>
Alan T. DeKok [Tue, 26 Aug 2008 13:27:23 +0000 (15:27 +0200)]
Check for __thread
For thread-local storage.
Alan T. DeKok [Tue, 26 Aug 2008 13:15:22 +0000 (15:15 +0200)]
Use thread-local storage for log messages
We try to use __thread where possible... it's better.
Alan T. DeKok [Tue, 26 Aug 2008 09:16:37 +0000 (11:16 +0200)]
fr_strerror -> fr_strerror()
This is in preparation for (perhaps) making the logging
functions thread-safe.
Alan T. DeKok [Tue, 26 Aug 2008 08:34:55 +0000 (10:34 +0200)]
Rename librad_* to fr_*
perl -pi -e "s/librad_debug/fr_debug_flag/g;s/librad_log/fr_strerror_printf/g;s/librad_dodns/fr_dns_lookups/g;s/librad_perror/fr_perror/g;s/librad_max_attributes/fr_max_attributes/g;s/librad_safeprint/fr_print_string/g;s/librad_errstr/fr_strerror/g;"
Alan T. DeKok [Tue, 26 Aug 2008 08:25:34 +0000 (10:25 +0200)]
Note more changes
Alan T. DeKok [Mon, 25 Aug 2008 21:28:49 +0000 (23:28 +0200)]
Complain on references to things like "prefix ="
i.e. check for cp->value == NULL, rather than core dumping
Alan T. DeKok [Mon, 25 Aug 2008 09:26:42 +0000 (11:26 +0200)]
Left this out earlier.
Alan T. DeKok [Mon, 25 Aug 2008 09:19:22 +0000 (11:19 +0200)]
Cache is off by default. Document attribute
Alan T. DeKok [Mon, 25 Aug 2008 09:17:10 +0000 (11:17 +0200)]
Enforce session cache enable.
If the cache is disabled, then delete the current entry from
the list of cached sessions.
Also check for new Allow-Session-Resumption attribute.
If set to zero, then disallow it for this session, too
Alan T. DeKok [Mon, 25 Aug 2008 08:34:28 +0000 (10:34 +0200)]
Finish Session Resumption patch - cache User-Name
It just caches User-Name right now, and doesn't do much else.
But it's slightly better than it was before.
Alan T. DeKok [Sun, 24 Aug 2008 08:35:30 +0000 (10:35 +0200)]
PEAP & TTLS support for session resumption.
It works (sort of). it doesn't cache the original inner username,
so the user name in the reply is wrong (i.e. anonymous). It SHOULD
cache a lot more things, like CUI. This list could also be
configurable.
It also needs to run the resumption stuff through a virtual server
again, to see if the user is still authorized.
OR, have an attribute that's added to the request to mark it as
session resumption, and then any post-auth policy can key off of that,
and do more stuff
Alan T. DeKok [Sat, 23 Aug 2008 15:10:23 +0000 (17:10 +0200)]
Document TLS session cache
Alan T. DeKok [Sun, 24 Aug 2008 08:07:28 +0000 (10:07 +0200)]
First draft of session resumption.
It doesn't work, as TLS/PEAP/TTLS have to updated to handle
session resumption. But the basics are there.
Alan T. DeKok [Sun, 24 Aug 2008 08:04:55 +0000 (10:04 +0200)]
Clean up debug && log messages
Alan T. DeKok [Sat, 23 Aug 2008 19:56:16 +0000 (21:56 +0200)]
Added VALUEs taken from the PDF
Alan T. DeKok [Sun, 24 Aug 2008 07:02:41 +0000 (09:02 +0200)]
Automatically calculate MPPE keys
This involves
adding prf_label to tls_session_t
setting it in eaptls_initiate (depending on EAP type)
deleting references to gen_mppe_keys() from individual methods
making eaptls_success take HANDLER
passing HANDLER to eaptls_success
generating MPPE keys in eaptls_success
Also made eaptls_fail take HANDLER
and delete cached sessions (if any) on fail
This means that the EAP methods don't have to delete any sessions.
They just call fail, and it Does the Right Thing
Alan T. DeKok [Sat, 23 Aug 2008 12:01:53 +0000 (14:01 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 24 Aug 2008 06:58:20 +0000 (08:58 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sat, 23 Aug 2008 06:15:02 +0000 (08:15 +0200)]
Generate ephemeral RSA keys
Alan T. DeKok [Sat, 23 Aug 2008 05:53:11 +0000 (07:53 +0200)]
Pull SSL handshake code into libeap
Alan T. DeKok [Sat, 23 Aug 2008 19:42:08 +0000 (21:42 +0200)]
Close pipe FD's on failed fork
Alan T. DeKok [Sat, 23 Aug 2008 20:18:04 +0000 (22:18 +0200)]
Clear OpenSSL Error queue for the current thread
Alan T. DeKok [Sun, 24 Aug 2008 06:38:22 +0000 (08:38 +0200)]
Regular expressions are compiled at run-time, not compile time
Alan T. DeKok [Sun, 24 Aug 2008 06:21:51 +0000 (08:21 +0200)]
Print out filter, not optarg
Alan T. DeKok [Thu, 21 Aug 2008 08:29:27 +0000 (10:29 +0200)]
WiMAX tests
Alan T. DeKok [Thu, 21 Aug 2008 08:23:47 +0000 (10:23 +0200)]
Make WiMAX dictionary "live"
Alan T. DeKok [Thu, 21 Aug 2008 08:23:35 +0000 (10:23 +0200)]
Pack/unpack WiMAX attributes into RADIUS packets
Alan T. DeKok [Thu, 21 Aug 2008 08:22:58 +0000 (10:22 +0200)]
Read combo-ip, signed, and tlv types from dictionaries
Alan T. DeKok [Thu, 21 Aug 2008 08:22:22 +0000 (10:22 +0200)]
Parse, process, and free signed, combo-ip, and tlv types
Alan T. DeKok [Thu, 21 Aug 2008 08:21:25 +0000 (10:21 +0200)]
Print signed and TLV types
Alan T. DeKok [Thu, 21 Aug 2008 08:20:51 +0000 (10:20 +0200)]
Define COMBO IP, Signed, and TLV types
Alan T. DeKok [Thu, 21 Aug 2008 08:19:52 +0000 (10:19 +0200)]
Pretty-print VSA's a little better
Alan T. DeKok [Thu, 21 Aug 2008 08:19:15 +0000 (10:19 +0200)]
WiMAX dictionary.
Not included because the server doesn't yet understand it
Alan T. DeKok [Thu, 21 Aug 2008 08:18:37 +0000 (10:18 +0200)]
Simple module to fix WiMAX Calling-Station-Id
Alan T. DeKok [Thu, 21 Aug 2008 07:55:57 +0000 (09:55 +0200)]
Don't double-escape strings in pairread()
If 'value' is a double-quoted string, then gettoken() already
escaped \n -> 0x0a. Calling pairmake() with value does the
escaping again, which is wrong. Try this with:
DEFAULT
Filter-Id := "foo\nbar\\n"
gettoken() converts the first \n to 0x0a, and the \\ to \.
pairmake() then converts the last \n to 0x0a, leaving 2 0x0a's
in the string, rather than on 0x0a, and another \n.
I've also added handlers in pairread() for single quoted strings,
which didn't previously exist.
Alan T. DeKok [Thu, 21 Aug 2008 06:33:35 +0000 (08:33 +0200)]
Removed comments about NAS-Identifier. They're wrong
Alan T. DeKok [Wed, 20 Aug 2008 15:12:34 +0000 (17:12 +0200)]
Add VENDOR line, too
Alan T. DeKok [Wed, 20 Aug 2008 15:12:21 +0000 (17:12 +0200)]
Define vendor (oops)
Alan T. DeKok [Tue, 19 Aug 2008 16:50:43 +0000 (18:50 +0200)]
As posted to the list
Alan T. DeKok [Tue, 19 Aug 2008 16:44:49 +0000 (18:44 +0200)]
Script to convert funk to fr dictionaries
Alan T. DeKok [Tue, 19 Aug 2008 12:10:54 +0000 (14:10 +0200)]
Un-document %{exec:foo}, as the documentation was wrong
Alan T. DeKok [Mon, 18 Aug 2008 06:50:39 +0000 (08:50 +0200)]
Cleaned up debug messages
Alan T. DeKok [Mon, 18 Aug 2008 06:50:25 +0000 (08:50 +0200)]
Added radlog_request function
Alan T. DeKok [Mon, 18 Aug 2008 06:39:36 +0000 (08:39 +0200)]
Cleaned up && clarified debugging messages
Alan T. DeKok [Mon, 18 Aug 2008 06:39:12 +0000 (08:39 +0200)]
Minor changes to debug messages
Alan T. DeKok [Sun, 17 Aug 2008 16:20:12 +0000 (18:20 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 16:12:45 +0000 (18:12 +0200)]
Minor optimization
Alan T. DeKok [Sun, 17 Aug 2008 16:12:13 +0000 (18:12 +0200)]
Note dynamic clients on NAS-Identifier
Alan T. DeKok [Sun, 17 Aug 2008 16:11:49 +0000 (18:11 +0200)]
Document recent changes
Alan T. DeKok [Sun, 17 Aug 2008 16:11:36 +0000 (18:11 +0200)]
Build process uses git now, not CVS
Alan T. DeKok [Sun, 17 Aug 2008 08:17:50 +0000 (10:17 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 08:16:28 +0000 (10:16 +0200)]
DEBUG -> RDEBUG
Alan T. DeKok [Sun, 17 Aug 2008 08:10:44 +0000 (10:10 +0200)]
DEBUG -> RDEBUG, and related changes
Alan T. DeKok [Sun, 17 Aug 2008 07:50:06 +0000 (09:50 +0200)]
Use new debugging functions (RDEBUG, radlog_request)
Alan T. DeKok [Sun, 17 Aug 2008 07:45:28 +0000 (09:45 +0200)]
We don't use pthread functions, so delete them.
Alan T. DeKok [Sun, 17 Aug 2008 06:53:21 +0000 (08:53 +0200)]
DEBUG -> RDEBUG