Alan T. DeKok [Mon, 20 Jun 2011 14:57:14 +0000 (16:57 +0200)]
Don't go too far ahead
if (..){
is OK. The previous code skipped over the curly brace, assuming
that it was there... the code to check for syntax errors assumed
that the curly brace was not skipped over. This change fixes
that conflict
Alan T. DeKok [Mon, 20 Jun 2011 10:58:09 +0000 (12:58 +0200)]
Made the date today
Alan T. DeKok [Sat, 18 Jun 2011 08:48:02 +0000 (10:48 +0200)]
Note changes for version 2.1.11
Alan T. DeKok [Thu, 16 Jun 2011 10:53:37 +0000 (12:53 +0200)]
Be more stringent about unexpected text
Alan T. DeKok [Wed, 15 Jun 2011 09:39:54 +0000 (11:39 +0200)]
Releases don't get replied to
Alan T. DeKok [Wed, 15 Jun 2011 08:49:58 +0000 (10:49 +0200)]
Document "max_outstanding" for home servers
Alan T. DeKok [Tue, 14 Jun 2011 06:10:28 +0000 (08:10 +0200)]
Allow policies by section
authorize {
foo
}
will look for first:
policy {
foo.authorize {
...
}
}
and then
policy {
foo {
...
}
}
This allows section-specific overrides for policies and modules.
Alan T. DeKok [Mon, 13 Jun 2011 09:31:47 +0000 (11:31 +0200)]
Allow policies to refer to modules of the same name
policy {
files {
files
...
}
}
Means that you can over-ride the behavior of the "files" module,
and add anything else you need.
Alan T. DeKok [Sun, 12 Jun 2011 04:41:57 +0000 (06:41 +0200)]
New modules && configs for v2.1.11
Alan T. DeKok [Fri, 10 Jun 2011 13:16:16 +0000 (15:16 +0200)]
Fix data types
Alan T. DeKok [Tue, 7 Jun 2011 09:18:44 +0000 (11:18 +0200)]
Fix typo. Closes bug #150
Alan T. DeKok [Sun, 5 Jun 2011 16:15:05 +0000 (18:15 +0200)]
Note existence of "inner-tunnel"
So that people remember to edit it, too
Alan T. DeKok [Tue, 31 May 2011 19:21:23 +0000 (21:21 +0200)]
Added MS-CHAP-V2
Alan T. DeKok [Tue, 31 May 2011 18:39:42 +0000 (20:39 +0200)]
Last set of vp_print fixes
Alan T. DeKok [Tue, 31 May 2011 11:20:12 +0000 (13:20 +0200)]
Move \t into vp_print, just like the last commit
Alan T. DeKok [Tue, 31 May 2011 07:32:20 +0000 (09:32 +0200)]
vp_print should add a "\n" to the end
All callers already do this, so it's best to move that code
into vp_print
Alan T. DeKok [Mon, 30 May 2011 15:14:18 +0000 (17:14 +0200)]
Revert most of the "checked_write" code.
It apparently caused crashes on some machines. This code
reverts (mostly) back to the original code which worked, but
it should also notice when the disk is full, and return FAIL
Alan T. DeKok [Fri, 27 May 2011 12:49:17 +0000 (14:49 +0200)]
Document the "locking" configuration item
Alan T. DeKok [Fri, 27 May 2011 08:47:09 +0000 (10:47 +0200)]
Make home server coa config match raddb/proxy.conf
Alan T. DeKok [Thu, 26 May 2011 11:59:10 +0000 (13:59 +0200)]
Bump buffer size for regex matches
Alan T. DeKok [Thu, 26 May 2011 08:54:25 +0000 (10:54 +0200)]
Terminate string when using %{Attribute-Name[*]}
Alan T. DeKok [Wed, 25 May 2011 12:42:34 +0000 (14:42 +0200)]
Handle CHAP-Challenge
Alan T. DeKok [Wed, 25 May 2011 10:31:25 +0000 (12:31 +0200)]
Use rlm_redis CFLAGS and LDFLAGS
This lets the module build
Alan T. DeKok [Wed, 25 May 2011 09:46:14 +0000 (11:46 +0200)]
Replicate is now stable
Alan T. DeKok [Wed, 25 May 2011 09:46:06 +0000 (11:46 +0200)]
Mark "replicate" as stable
Alan T. DeKok [Wed, 25 May 2011 09:43:35 +0000 (11:43 +0200)]
Ensure AF for src IP matches AF for dst IP
Alan T. DeKok [Wed, 25 May 2011 09:43:12 +0000 (11:43 +0200)]
Make it build && work.
Apparently infinite loops are bad. Who knew?
Alan T. DeKok [Wed, 25 May 2011 08:52:35 +0000 (10:52 +0200)]
Make errors more prominent
Alan T. DeKok [Wed, 25 May 2011 08:49:28 +0000 (10:49 +0200)]
Note recent changes
Alan T. DeKok [Wed, 25 May 2011 08:21:41 +0000 (10:21 +0200)]
Initial version of rlm_replicate
Allows replication of packets (send without response),
to multiple destinations.
Alan T. DeKok [Tue, 24 May 2011 12:35:40 +0000 (14:35 +0200)]
This attribute is string. Closes #160
Alexander Clouter [Mon, 23 May 2011 10:43:04 +0000 (11:43 +0100)]
debian/patches/dialupadmin-help.diff wrong filename
'dpkg-buildpackage -b -us -uc -rfakeroot' grumbles as the following file
no longer exists. The patch fixes things, but it might be worth
'resync'ing as the large upstream Debian resync was Dec 2009 (
5ed6809a).
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Mon, 23 May 2011 10:15:09 +0000 (12:15 +0200)]
Set limits on string/octet attributes
Alan T. DeKok [Wed, 18 May 2011 11:22:18 +0000 (13:22 +0200)]
Cleaned up the "checked write" code a fair bit
Alan T. DeKok [Mon, 16 May 2011 11:42:54 +0000 (13:42 +0200)]
Configure checks for deprecated functionality
Alan T. DeKok [Mon, 16 May 2011 11:30:20 +0000 (13:30 +0200)]
Added deprecated functionality as compile-time option
Alan T. DeKok [Fri, 13 May 2011 14:58:16 +0000 (16:58 +0200)]
Support outer.control in dynamic xlat
Alan T. DeKok [Wed, 11 May 2011 19:07:34 +0000 (21:07 +0200)]
Now that log_packet_header is documented, make sure it works
Alan T. DeKok [Wed, 11 May 2011 15:41:29 +0000 (17:41 +0200)]
Updated documentation and samples
Handle IPv6 in detail filename.
Document "log_packet_header"
Alan T. DeKok [Wed, 11 May 2011 08:55:56 +0000 (10:55 +0200)]
Handle node deletions when walking over the tree.
The current node may be deleted, so we cache the left/right
pointers where necessary, and use the cached versions instead
of de-referencing the current node again.
Alan T. DeKok [Tue, 10 May 2011 08:45:54 +0000 (10:45 +0200)]
If accounting start/interim/stop doesn't do anything, return NOOP
If num_affected_rows == 0, return NOOP
Alan T. DeKok [Mon, 9 May 2011 17:37:46 +0000 (19:37 +0200)]
Fix typo
If we're making a directory, make sure it's from the '/',
and not from the whole filename.
Alan T. DeKok [Mon, 9 May 2011 11:16:04 +0000 (13:16 +0200)]
Call fnmatch only if the packet was read from the detail file.
And re-arranged the logic to make sense.
If the packet was read from the detail file AND will be written back
to the same directory (glob match), then do NOOP.
Otherwise, just go make the directory
Alexander Clouter [Mon, 9 May 2011 10:15:16 +0000 (11:15 +0100)]
fix lower->tolower typo in policy.conf
git commit
abc96955 contains a typo that this patch fixes. As the
module 'lower' does not exist calling this policy always results in a
reject.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Alan T. DeKok [Fri, 6 May 2011 14:49:32 +0000 (16:49 +0200)]
Define _GNU_SOURCE before checking for structures
On Linux, useful features that are industry standard are
"protected" by requiring -D_GNU_SOURCE. Why would you want
your users to *use* the features of libc?
Alan T. DeKok [Fri, 6 May 2011 12:32:12 +0000 (14:32 +0200)]
Add EAP tests to automated test suite
Alan T. DeKok [Wed, 4 May 2011 11:50:46 +0000 (13:50 +0200)]
Move proxy ID handler to RB trees instead of hashes
This is apparently the root cause behind bug #35. It's not
clear why the hash table has that problem, but making this change
fixes it.
Alan T. DeKok [Wed, 4 May 2011 11:42:25 +0000 (13:42 +0200)]
Change assert to run-time check
Alan T. DeKok [Tue, 3 May 2011 07:23:41 +0000 (09:23 +0200)]
Don't decode attributes if there's no secret
This is really a bug in the caller, but it's a reasonable
change to make.
Alan T. DeKok [Mon, 2 May 2011 12:47:16 +0000 (14:47 +0200)]
Use built-in "offsetof"
Look for "stddef.h", and if found, include it in the various
configure checks. Also use it at run time.
Alan T. DeKok [Thu, 28 Apr 2011 09:09:45 +0000 (11:09 +0200)]
pairmake may return NULL if the dictionaries are broken.
The code should check for this, and behave gracefully
Alan T. DeKok [Thu, 28 Apr 2011 09:07:07 +0000 (11:07 +0200)]
Fix typo in attribute name
Alan T. DeKok [Wed, 27 Apr 2011 07:41:08 +0000 (09:41 +0200)]
Load the default virtual server before any others
This avoids user surprise
Alan T. DeKok [Thu, 21 Apr 2011 07:00:09 +0000 (09:00 +0200)]
Mark the module as HUP-safe
Alan T. DeKok [Fri, 15 Apr 2011 13:28:57 +0000 (15:28 +0200)]
Make proxy inner tunnel MS-CHAP work again
Alan T. DeKok [Sun, 10 Apr 2011 14:28:27 +0000 (16:28 +0200)]
Fix arguments to pairmove2
Alan T. DeKok [Sun, 10 Apr 2011 06:02:05 +0000 (08:02 +0200)]
Don't set "EAP Failure" when sending error message back
Alan T. DeKok [Fri, 8 Apr 2011 11:04:25 +0000 (13:04 +0200)]
The file may be closed when there are no VPs
Alan T. DeKok [Fri, 8 Apr 2011 07:36:49 +0000 (09:36 +0200)]
Make error sending configurable
Alan T. DeKok [Thu, 7 Apr 2011 14:29:20 +0000 (16:29 +0200)]
Handle failures
Alan T. DeKok [Thu, 7 Apr 2011 14:18:27 +0000 (16:18 +0200)]
Add allow_retry and retry_msg functionality
Based on a patch from John Hayward.
Setting "allow_retry=0" and "retry_msg = hello" seems to help
with EAP-MSCHAPv2 and cached passwords...
Alan T. DeKok [Thu, 7 Apr 2011 14:11:58 +0000 (16:11 +0200)]
Allow MS-CHAP-Error in Access-Reject
Alan T. DeKok [Thu, 7 Apr 2011 07:44:26 +0000 (09:44 +0200)]
Don't over-write a fail code with a success code.
Closes bug #152
Alan T. DeKok [Tue, 5 Apr 2011 14:56:33 +0000 (16:56 +0200)]
Add -4 and -6 options
These force NAS-IP-Address or NAS-IPv6-Address
Alan T. DeKok [Tue, 29 Mar 2011 13:53:01 +0000 (15:53 +0200)]
Fix handling of "-l stdout"
Alan T. DeKok [Fri, 25 Mar 2011 12:53:10 +0000 (13:53 +0100)]
Correct debug log for internal proxied requests
Alan T. DeKok [Fri, 25 Mar 2011 09:21:07 +0000 (10:21 +0100)]
Fix generation of autoheader, and re-build it
Alan T. DeKok [Fri, 25 Mar 2011 09:14:57 +0000 (10:14 +0100)]
Fix typo in last commit
Alan T. DeKok [Fri, 25 Mar 2011 09:09:33 +0000 (10:09 +0100)]
Re-build more on reconfig
John Dennis [Thu, 24 Mar 2011 15:59:37 +0000 (11:59 -0400)]
Fix autogen.sh
The script is invoked with -e which causes the script to exit
immediately if a subshell command enclosed in parentheses
has a non-zero exit status. The command
grep "^AC_CONFIG_HEADER" configure.in > /dev/null
returns non-zero for many of the subdirs which causes the autogen.sh
script to immediately exit. In fact it exits on the very first
subdirectory (src/modules/rlm_sql) prematurely aborting the entire
operation.
Alan T. DeKok [Wed, 23 Mar 2011 07:59:22 +0000 (08:59 +0100)]
Move illegal attributes around
And enable the Motorola VSA dictionary
Alan T. DeKok [Wed, 23 Mar 2011 07:41:38 +0000 (08:41 +0100)]
Remove trailing whitespace
Alan T. DeKok [Wed, 23 Mar 2011 07:41:21 +0000 (08:41 +0100)]
More Canopy attributes as posted to the list
Alan T. DeKok [Wed, 23 Mar 2011 07:40:21 +0000 (08:40 +0100)]
Fix typos
Alan T. DeKok [Sun, 20 Mar 2011 07:11:05 +0000 (08:11 +0100)]
Clearer warnings about unsupported operators
Alan T. DeKok [Sun, 20 Mar 2011 07:10:47 +0000 (08:10 +0100)]
Expose API to get token names
Alan T. DeKok [Sat, 19 Mar 2011 15:16:12 +0000 (16:16 +0100)]
How RADIUS should be done.
Alan T. DeKok [Wed, 16 Mar 2011 10:26:04 +0000 (11:26 +0100)]
Expose rad_print_hex, and use it in radsniff
Alan T. DeKok [Tue, 15 Mar 2011 16:23:22 +0000 (17:23 +0100)]
Fix compilation errors
Alan T. DeKok [Tue, 15 Mar 2011 14:30:37 +0000 (15:30 +0100)]
Id is unsigned for printing
Alan T. DeKok [Tue, 15 Mar 2011 10:27:47 +0000 (11:27 +0100)]
Fix build error
Alan T. DeKok [Tue, 15 Mar 2011 09:19:10 +0000 (10:19 +0100)]
Updated as per latest spec
Alan T. DeKok [Tue, 15 Mar 2011 09:11:22 +0000 (10:11 +0100)]
Fixed for latest rev
Alan T. DeKok [Tue, 15 Mar 2011 08:45:11 +0000 (09:45 +0100)]
If select() returns an error, show it to the user.
Helps to address bug #149
However, the underlying issue still isn't fixed. It isn't clear
why select() returns an error. An alternate solution might be
to simply re-do all of the FD_SET stuff, in the hope that
the cached version was wrong.
Alan T. DeKok [Tue, 15 Mar 2011 08:34:54 +0000 (09:34 +0100)]
Note bad configuration
The sqlcounter module does it's own expansion. This doesn't
seem to work.
Alan T. DeKok [Mon, 14 Mar 2011 13:15:21 +0000 (14:15 +0100)]
Updated command list
radmin -e "help -r" | perl -ne 's/^(.*) - /\n/;$foo = $1; $foo =~ s/\ /\\ /g;print ".IP ", $foo;print;' > foo
Alan T. DeKok [Mon, 14 Mar 2011 13:06:17 +0000 (14:06 +0100)]
Notes changes for 2.1.11
Alan T. DeKok [Mon, 14 Mar 2011 13:01:28 +0000 (14:01 +0100)]
Check pre-condictions
"inject file" requires "inject to" and "inject from"
Alan T. DeKok [Mon, 14 Mar 2011 11:04:56 +0000 (12:04 +0100)]
If the source address is INADDR_ANY, don't use udpfromto
It breaks various systems. Closes bug #148
Alan T. DeKok [Mon, 14 Mar 2011 11:02:57 +0000 (12:02 +0100)]
Expose fr_inaddr_any
Alan T. DeKok [Mon, 14 Mar 2011 09:25:45 +0000 (10:25 +0100)]
Moved USR/ascend illegal dictionaries back to share/
raddb/dictionary is *not* changed on an upgrade, so removing those
dictionaries from share/dictionary means that they might be
surprisingly removed from the local configuration, and break things.
That would be bad.
Alan T. DeKok [Sun, 13 Mar 2011 17:50:54 +0000 (18:50 +0100)]
Revert "Fix typos and regenerate for 2.1.11"
This reverts commit
2d0c5fa94938f727b4f37fb7399b777437171eeb.
Alan T. DeKok [Sun, 13 Mar 2011 09:12:11 +0000 (10:12 +0100)]
Complain about duplicate virtual servers, too
Alan T. DeKok [Sun, 13 Mar 2011 09:02:33 +0000 (10:02 +0100)]
Look for duplicate module definitions.
Doing an O(N^2) search over the modules{} section. If the same module
is defined twice, print an error detailing *both* locations where it
occurs, and exit.
This helps prevent broken configurations by disallowing the server
from loading two conflicting module definitions
Alan T. DeKok [Sun, 13 Mar 2011 09:02:06 +0000 (10:02 +0100)]
Added cf_section_find_name2() API
This lets us find the next section by name1 and name2
Alan T. DeKok [Fri, 11 Mar 2011 09:49:43 +0000 (10:49 +0100)]
Added dictionary from Moonshot project
Alan T. DeKok [Sat, 5 Mar 2011 07:07:14 +0000 (08:07 +0100)]
Hack to let developers catch bad dictionaries
uses fprintf to print warning messages when the attributes are
illegally defined in the IANA standard space
Alan T. DeKok [Sat, 5 Mar 2011 06:55:14 +0000 (07:55 +0100)]
Move references to illegal dictionaries to raddb/dictionary
The main dictionary files should NOT be edited. Ever. So placing
the "illegal" attributes in a file which can be edited is a good idea.
Alan T. DeKok [Sat, 5 Mar 2011 06:50:37 +0000 (07:50 +0100)]
Added license text
Alan T. DeKok [Sat, 5 Mar 2011 06:48:17 +0000 (07:48 +0100)]
Fix typo