Alan T. DeKok [Mon, 18 May 2009 11:12:30 +0000 (13:12 +0200)]
Fix '=='
Alan T. DeKok [Wed, 13 May 2009 06:52:09 +0000 (08:52 +0200)]
More typos
Alan T. DeKok [Wed, 13 May 2009 06:51:53 +0000 (08:51 +0200)]
Corrected typo in last commit
Alan T. DeKok [Tue, 12 May 2009 19:26:20 +0000 (21:26 +0200)]
Return from function
Alan T. DeKok [Tue, 12 May 2009 18:43:22 +0000 (20:43 +0200)]
Include rad_assert.h to define rad_assert
Alan T. DeKok [Tue, 12 May 2009 10:29:33 +0000 (12:29 +0200)]
Fixed typo
Alan T. DeKok [Tue, 12 May 2009 08:59:26 +0000 (10:59 +0200)]
Added notes on certificate compatibility
Alan T. DeKok [Tue, 12 May 2009 06:50:12 +0000 (08:50 +0200)]
Added policy up/down
Alan T. DeKok [Tue, 12 May 2009 06:38:20 +0000 (08:38 +0200)]
A number of fixes to make it work
- reset signal handlers to NULL just before any sleep, which
allows us to exit
- save our PID file along with radiusd.pid
- correct minor typos
- automatically figure out which arguments to pass to "tail"
Alan T. DeKok [Mon, 11 May 2009 15:07:44 +0000 (17:07 +0200)]
This corrects the typo (sigh)
Alan T. DeKok [Mon, 11 May 2009 13:59:10 +0000 (15:59 +0200)]
Corrected typo
Validate reply against packet, not against reply
Alan T. DeKok [Sun, 10 May 2009 17:33:32 +0000 (19:33 +0200)]
Moved verifiation of proxy responses to earlier in the packet handling
This slows down the main server thread a bit, but means that we
catch attackers earlier, i.e. before pushing a request to a
child thread.
Alan T. DeKok [Sun, 10 May 2009 17:26:57 +0000 (19:26 +0200)]
Added event wrapper around request_free
This function takes care of removing the request from the various
hashes && event lists
Alan T. DeKok [Sun, 10 May 2009 10:49:33 +0000 (12:49 +0200)]
Don't touch request after it was proxied
Alan T. DeKok [Fri, 8 May 2009 22:40:05 +0000 (00:40 +0200)]
Portability fixes
tail -n is in /usr/xpg4/bin on Solaris.
date +%s is *BSD && Linux, but not Solaris. Work around this for now...
Alan T. DeKok [Fri, 8 May 2009 15:17:26 +0000 (17:17 +0200)]
Fix radwatch for "wait" exit codes on Solaris
Alan T. DeKok [Fri, 8 May 2009 13:40:07 +0000 (15:40 +0200)]
Expose radius_get_vp, and make switch {} use it
This allows bare words to be used for switch statements. If the
statement is a bare word, the server looks for a VALUE_PAIR of that
name, and prints its value.
Alan T. DeKok [Fri, 8 May 2009 13:20:26 +0000 (15:20 +0200)]
Corrected typo
Alan T. DeKok [Fri, 8 May 2009 13:00:41 +0000 (15:00 +0200)]
More LLVM checks
Alan T. DeKok [Fri, 8 May 2009 12:49:39 +0000 (14:49 +0200)]
Minor changes in "remove from proxy hash"
This avoids esoteric race conditions that no one has seen in practice
Alan T. DeKok [Fri, 8 May 2009 11:05:46 +0000 (13:05 +0200)]
Catch invalid ACKs
Alan T. DeKok [Fri, 8 May 2009 10:53:02 +0000 (12:53 +0200)]
Fix issues found by LLVM checker.
These are mostly dead stores, etc.
Alan T. DeKok [Thu, 7 May 2009 10:14:26 +0000 (12:14 +0200)]
Added ability to send mail when something goes wrong
This is rate-limited to once per hour, and includes the last
portion of the log file.
Alan T. DeKok [Thu, 7 May 2009 09:52:41 +0000 (11:52 +0200)]
Fixed sleep to be in one location.
Alan T. DeKok [Thu, 7 May 2009 08:55:58 +0000 (10:55 +0200)]
Check before dereference
Alan T. DeKok [Thu, 7 May 2009 08:43:27 +0000 (10:43 +0200)]
Add option "include_length" for TTLS, too.
We've always set it to "yes" in the past, by inheriting the
value from the TLS configuration. In contrast, PEAP always sets it
to "no".
However... RFC 5281 says that we should set it to "no". Since the
previous code works with everyone, we don't want to change the
defaults. But we DO add the flag that allows it to be RFC compliant.y
Alan T. DeKok [Wed, 6 May 2009 15:01:40 +0000 (17:01 +0200)]
Initialize variables on all paths...
Alan T. DeKok [Wed, 6 May 2009 14:55:13 +0000 (16:55 +0200)]
Added ability to do "command ?"
this shows the help for the command.
Alan T. DeKok [Tue, 5 May 2009 19:30:38 +0000 (21:30 +0200)]
Update to do a LOT more checking, and to NOT send email.
Sending email is bad, as it wasn't rate limited. This new script
checks for a lot more conditions, including HUP and TERM sent
to the script itself.
Alan T. DeKok [Tue, 5 May 2009 12:51:12 +0000 (14:51 +0200)]
Exit with error on more signals
Alan T. DeKok [Tue, 5 May 2009 12:12:02 +0000 (14:12 +0200)]
Include more header files in the default install
Alan T. DeKok [Mon, 4 May 2009 14:14:47 +0000 (16:14 +0200)]
Fix double free on exit
Alan T. DeKok [Fri, 1 May 2009 16:32:39 +0000 (18:32 +0200)]
Don't mark pools for freeing twice
Alan T. DeKok [Wed, 29 Apr 2009 15:09:39 +0000 (17:09 +0200)]
Manually merge change from 52e7cf6
Don't force reject if the home server doesn't respond.
The main event handler already does this, so there's no need for
us to do it, too.
Alan T. DeKok [Wed, 29 Apr 2009 15:02:11 +0000 (17:02 +0200)]
When not responding, wait longer for cleanups.
wait max_request_time, not cleanup_delay to clean up packets
that we're not responding to. This means that we don't clean up
after 5s, and the re-process the packet.
Instead, we just look at the cached packet, and don't respond
Alan T. DeKok [Wed, 29 Apr 2009 15:04:43 +0000 (17:04 +0200)]
Fix last commit
Alan T. DeKok [Wed, 29 Apr 2009 12:34:13 +0000 (14:34 +0200)]
Cache modcallables for authorize, etc. for minor speed
Alan T. DeKok [Wed, 29 Apr 2009 11:31:03 +0000 (13:31 +0200)]
Return proper error code
Alan T. DeKok [Wed, 29 Apr 2009 11:26:58 +0000 (13:26 +0200)]
Print out more server {} around debugging messages
Alan T. DeKok [Wed, 29 Apr 2009 10:13:38 +0000 (12:13 +0200)]
Set free'd pointers to NULL
Alan T. DeKok [Thu, 23 Apr 2009 17:28:10 +0000 (19:28 +0200)]
Load ALL virtual servers on HUP, even if one fails
Alan T. DeKok [Thu, 23 Apr 2009 15:14:46 +0000 (17:14 +0200)]
Return 0 on error, not -1
Alan T. DeKok [Thu, 23 Apr 2009 14:41:35 +0000 (16:41 +0200)]
Include function that seems to have been missed before.
Alan T. DeKok [Thu, 23 Apr 2009 11:04:48 +0000 (13:04 +0200)]
Reload module configuration on HUP
Alan T. DeKok [Thu, 23 Apr 2009 11:03:15 +0000 (13:03 +0200)]
Whoops... server->name could be NULL
Alan T. DeKok [Thu, 23 Apr 2009 09:20:02 +0000 (11:20 +0200)]
Ensure we don't delete servers that are in use
Alan T. DeKok [Thu, 23 Apr 2009 09:00:10 +0000 (11:00 +0200)]
Allow virtual servers to be reloaded dynamically on HUP
Alan T. DeKok [Thu, 23 Apr 2009 08:20:24 +0000 (10:20 +0200)]
Created and use virtual_server_t structure
The module loading code is now abstracted to load and look for modules
ONLY by virtual server. Each virtual server has its own component
tree, that is not shared with any other virtual server.
The virtual servers themselves are now in a simple hash table, which
lets them be dynamically reloaded.
Alan T. DeKok [Thu, 23 Apr 2009 06:59:02 +0000 (08:59 +0200)]
Moved HUP code to mainconfig
Alan T. DeKok [Thu, 23 Apr 2009 05:07:20 +0000 (07:07 +0200)]
Allow administrators to force_check_config
Alan T. DeKok [Wed, 22 Apr 2009 12:42:13 +0000 (14:42 +0200)]
Don't lose tags
Alan T. DeKok [Wed, 22 Apr 2009 11:37:53 +0000 (13:37 +0200)]
Added tunnel attributes
Alan T. DeKok [Tue, 21 Apr 2009 15:07:46 +0000 (17:07 +0200)]
Added "control" as alias for "config.
Patch from Alexander Clouter
Alan T. DeKok [Tue, 21 Apr 2009 14:12:55 +0000 (16:12 +0200)]
Note where unlang can go, and where it can't go
Alan T. DeKok [Sat, 18 Apr 2009 06:41:06 +0000 (08:41 +0200)]
Removed LICENSE and re-generated "configure"
The main FreeRADIUS source has the same LICENSE, so it doesn't
need to be here, too.
The "configure" scripts in the server are all generated on the same
machine, using the same version of autoconf. That seems to ensure
that the autoconf magic is happy.
Antti [Fri, 17 Apr 2009 16:17:30 +0000 (19:17 +0300)]
Adding rlm_ruby module.
Alan T. DeKok [Fri, 17 Apr 2009 14:03:20 +0000 (16:03 +0200)]
More documentation for weird WiMAX stuff
Alan T. DeKok [Fri, 17 Apr 2009 13:57:28 +0000 (15:57 +0200)]
Added configuration to delete the MS-MPPE-*-Keys
Alan T. DeKok [Fri, 17 Apr 2009 13:12:30 +0000 (15:12 +0200)]
Allow operations OTHER than == to work for Packet-Src-IP-Address
... and associated virtual attributes.
The issue is that the paircompare_register'd functions return 0
for match, and 1 for didn't match. This is wrong. They should just
return the results of the comparison. And then radius_callback_compare
should check the results of the comparison against the operators,
to see if the CONDITION succeeded or failed.
Alan T. DeKok [Wed, 15 Apr 2009 17:49:31 +0000 (19:49 +0200)]
Don't leak FD's on empty values.
Patch from Stephan Jaeger
Alan T. DeKok [Wed, 15 Apr 2009 17:44:04 +0000 (19:44 +0200)]
Added infonet dictionary
Alan T. DeKok [Sat, 11 Apr 2009 08:01:21 +0000 (10:01 +0200)]
Document retry_interval
Alan T. DeKok [Sat, 11 Apr 2009 07:40:09 +0000 (09:40 +0200)]
Fixed detail file handler to not go crazy
In short, the detail timer events are now inserted with a
saved fr_event_t. This allows *existing* timer events to be deleted
when a new one is added. The previous code would *add* timer events
on top of the existing ones, causing geometric increases in the
number of polls per second.
Also, re-arranged the detail && listener code so that there's only
one location where the timer gets inserted, and only one location
where the delays get propogated from the detail to the event handlers
Conflicts:
src/main/event.c
src/modules/frs_detail/frs_detail.c
Alan T. DeKok [Fri, 10 Apr 2009 14:17:48 +0000 (16:17 +0200)]
Fixed double quote issue
Alan T. DeKok [Fri, 10 Apr 2009 14:12:18 +0000 (16:12 +0200)]
Make other balance types work
Alan T. DeKok [Thu, 9 Apr 2009 08:35:38 +0000 (10:35 +0200)]
Do recursive xlat
Alan T. DeKok [Wed, 8 Apr 2009 14:58:31 +0000 (16:58 +0200)]
Added md5 xlat
Alan T. DeKok [Wed, 8 Apr 2009 13:45:03 +0000 (15:45 +0200)]
Corrected typo
Alan T. DeKok [Wed, 8 Apr 2009 12:12:43 +0000 (14:12 +0200)]
Updates, as posted to the list
Alan T. DeKok [Sun, 5 Apr 2009 00:44:37 +0000 (02:44 +0200)]
Don't load pre/post-proxy sections if we're not proxying
Alan T. DeKok [Thu, 2 Apr 2009 11:45:51 +0000 (13:45 +0200)]
Added "rebind" option to re-authenticate on rebind
Also, change chase_referrals default to unset. This allows us
to use the OpenLDAP default, OR to force it on/off.
rebind is done only when chase_referrals is true, AND rebind is true
Alan T. DeKok [Thu, 2 Apr 2009 09:45:41 +0000 (11:45 +0200)]
Added chase_referrals option
Alan T. DeKok [Thu, 2 Apr 2009 09:21:03 +0000 (11:21 +0200)]
Note limitations with -n
Alan T. DeKok [Sun, 29 Mar 2009 20:52:15 +0000 (13:52 -0700)]
Add support for !* filtering.
All attributes will be deleted
Alan T. DeKok [Thu, 26 Mar 2009 22:07:17 +0000 (15:07 -0700)]
Allow fast clients to send packets, too
This is for performance testing. For speed, the server doesn't have
locks all over the place. However, this means that when it runs threaded,
the client can receive the response, and send a new one using the same
ID, before the child thread has a chance to update child_state.
This work-around lets everyone be happy
Alan T. DeKok [Wed, 25 Mar 2009 13:55:12 +0000 (06:55 -0700)]
Skip deleted attributes
Alan T. DeKok [Tue, 24 Mar 2009 19:18:58 +0000 (12:18 -0700)]
Documentation for WiMAX
Alan T. DeKok [Thu, 19 Mar 2009 15:40:48 +0000 (16:40 +0100)]
Ignore auto-generated files
Arran Cudbard-Bell [Tue, 17 Mar 2009 14:11:17 +0000 (14:11 +0000)]
Add support for insert, update, and delete statements in rlm_sql xlat
Alan T. DeKok [Wed, 18 Mar 2009 19:28:39 +0000 (20:28 +0100)]
exit with 0 only if we have a successful response
Alan T. DeKok [Tue, 17 Mar 2009 16:04:08 +0000 (17:04 +0100)]
Added API to allocate a reply packet from a request packet.
This simplifies the rest of the code, as it now doesn't have to
copy src/dst of packet to dst/src reply.
Alan T. DeKok [Mon, 16 Mar 2009 07:42:46 +0000 (08:42 +0100)]
Print more descriptive error messages
Alan T. DeKok [Sun, 15 Mar 2009 09:26:18 +0000 (10:26 +0100)]
Added a "do not respond" policy
Alan T. DeKok [Sat, 14 Mar 2009 17:19:02 +0000 (18:19 +0100)]
Cleaned up, based on a patch from Norbert Wegener.
Bjørn Mork [Wed, 11 Mar 2009 19:33:54 +0000 (20:33 +0100)]
Add a number of new VSAs and use ipv6addr type for two VSAs
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Alan T. DeKok [Fri, 13 Mar 2009 08:26:36 +0000 (09:26 +0100)]
If we have no response, don't send one on client retransmit
Alan T. DeKok [Wed, 11 Mar 2009 10:25:40 +0000 (11:25 +0100)]
Include more RFC dictionaries
Alan T. DeKok [Wed, 11 Mar 2009 03:09:48 +0000 (04:09 +0100)]
More VQP wrappers
Alan T. DeKok [Wed, 11 Mar 2009 02:41:30 +0000 (03:41 +0100)]
Don't use -1 for size_t
Noted by John Center
Alan T. DeKok [Wed, 11 Mar 2009 02:26:50 +0000 (03:26 +0100)]
Don't refer to local files
Alan T. DeKok [Tue, 10 Mar 2009 16:09:29 +0000 (17:09 +0100)]
Removed useless target
Alan T. DeKok [Tue, 10 Mar 2009 16:04:05 +0000 (17:04 +0100)]
Fix data types. Patch from John Dennis
Alan T. DeKok [Tue, 10 Mar 2009 16:03:20 +0000 (17:03 +0100)]
otp.conf is no longer here. It's in raddb/modules
Alan T. DeKok [Tue, 10 Mar 2009 16:03:09 +0000 (17:03 +0100)]
Fixed typo
Alan T. DeKok [Tue, 10 Mar 2009 11:31:05 +0000 (12:31 +0100)]
Automate more work
Alan T. DeKok [Tue, 10 Mar 2009 03:01:26 +0000 (04:01 +0100)]
Silently ignore duplicate clients
Alan T. DeKok [Tue, 10 Mar 2009 02:54:14 +0000 (03:54 +0100)]
Check for including the same file twice.
Alan T. DeKok [Mon, 9 Mar 2009 07:04:56 +0000 (08:04 +0100)]
Minor cleanups
Alan T. DeKok [Mon, 9 Mar 2009 07:04:18 +0000 (08:04 +0100)]
More explanations to help end users
Alan T. DeKok [Sun, 8 Mar 2009 11:20:14 +0000 (12:20 +0100)]
Pop it rather than just peeking it