Alan T. DeKok [Wed, 30 Dec 2009 15:44:35 +0000 (16:44 +0100)]
Update date
Alan T. DeKok [Wed, 30 Dec 2009 13:06:04 +0000 (14:06 +0100)]
Updated
Alan T. DeKok [Wed, 30 Dec 2009 13:05:12 +0000 (14:05 +0100)]
Update checks for debian
Alan T. DeKok [Mon, 21 Dec 2009 13:39:24 +0000 (14:39 +0100)]
Remove patches no longer in use
Alan T. DeKok [Mon, 21 Dec 2009 13:16:45 +0000 (14:16 +0100)]
Fixed debian bug
Alan T. DeKok [Mon, 21 Dec 2009 13:15:48 +0000 (14:15 +0100)]
Fixed typo
Alan T. DeKok [Mon, 21 Dec 2009 12:53:13 +0000 (13:53 +0100)]
Sync with Debian to enable SSL
Alan T. DeKok [Mon, 21 Dec 2009 11:07:08 +0000 (12:07 +0100)]
Add OpenSSL license exception
Alan T. DeKok [Mon, 21 Dec 2009 09:49:50 +0000 (10:49 +0100)]
Synced with upstream debian
Alan T. DeKok [Mon, 21 Dec 2009 09:46:20 +0000 (10:46 +0100)]
Make integers unsigned 32-bit, rather than signed
Alan T. DeKok [Sat, 19 Dec 2009 08:33:20 +0000 (09:33 +0100)]
Move DHCP options to "octets" type
Alan T. DeKok [Fri, 18 Dec 2009 13:08:32 +0000 (14:08 +0100)]
Simplify stats code, and keep track of dropped versus bad authenticators
Alan T. DeKok [Fri, 18 Dec 2009 12:52:50 +0000 (13:52 +0100)]
Make "dropped packet" message debugging
This is so that we don't spam the logs wih a DoS when we get lots
of packets with a bad signature
Alan T. DeKok [Fri, 18 Dec 2009 11:31:38 +0000 (12:31 +0100)]
Added notes on SQL && packets with zero session time
Alan T. DeKok [Thu, 17 Dec 2009 10:42:03 +0000 (11:42 +0100)]
Alan T. DeKok [Thu, 17 Dec 2009 10:28:12 +0000 (11:28 +0100)]
Removed unnecessary debug message
Alan T. DeKok [Thu, 17 Dec 2009 08:35:35 +0000 (09:35 +0100)]
Simplified use of llvm checker
Alan T. DeKok [Tue, 15 Dec 2009 15:01:20 +0000 (16:01 +0100)]
Ensure that len > 0
Alan T. DeKok [Tue, 15 Dec 2009 13:29:49 +0000 (14:29 +0100)]
Initialize value
Alan T. DeKok [Tue, 15 Dec 2009 13:23:47 +0000 (14:23 +0100)]
Catch possible NULL pointer on editing attribute list
Alan T. DeKok [Tue, 15 Dec 2009 13:17:52 +0000 (14:17 +0100)]
Catch situations where COA may be NULL
Alan T. DeKok [Tue, 15 Dec 2009 10:52:03 +0000 (11:52 +0100)]
If we have "user=foo", and we're ALREADY running as that user, ignore it.
This prevents us from complaining when "initgroups" is run as non-root
Alan T. DeKok [Fri, 11 Dec 2009 13:51:48 +0000 (14:51 +0100)]
Notes for 2.1.8
aland [Fri, 11 Dec 2009 13:48:45 +0000 (14:48 +0100)]
Fix weird issue where it would stop proxying packets.
If you had 4 servers, 1 of which was up and 3 down, it would
mark the 3 servers "dead", and then *erroneosly* mark the "live"
server as dead, too.
The symptom was that the home server would respond, but the proxy
would never see the response. With some test configs from Bjorn Mork,
this was tracked down to
b5b1ffbc7. Since the "stable" branch didn't
have this problem, the solution was to revert packet_list_alloc()
to the pre-b5b... code, and then apply selective changes from the
"stable" branch
Alan T. DeKok [Thu, 10 Dec 2009 10:38:39 +0000 (11:38 +0100)]
Fix CVE-2009-3736
Alan T. DeKok [Wed, 9 Dec 2009 14:48:30 +0000 (15:48 +0100)]
Template code to use lt_dladvise()
The libtool people have discovered that it's useful to allow
*additional* features from linking. Like allowing libraries to
link to libraries. Using this magic API allows FreeRADIUS to load
the Perl module, which in turn loads other modules, which in turn
load dynamic libraries. Right now, it complains because of
limitations in libltdl.
We COULD do these checks in 2.1.8, but that involves either adding
configure checks, OR upgrading our version of libltdl. We don't want
to do either.
Alan T. DeKok [Tue, 8 Dec 2009 15:31:02 +0000 (16:31 +0100)]
Add datarootdir from bug #51
Alan T. DeKok [Tue, 8 Dec 2009 13:00:53 +0000 (14:00 +0100)]
Handle case where Acct-Session-Time might not exist
Alan T. DeKok [Mon, 7 Dec 2009 12:53:14 +0000 (13:53 +0100)]
Add %{Attribute-Name#}
This prints the numerical value, rather than the decoded time/VALUE
Alan T. DeKok [Mon, 7 Dec 2009 12:24:14 +0000 (13:24 +0100)]
Added notes on use of FreeRADIUS-Acct-Session-Start-Time
Alan T. DeKok [Mon, 7 Dec 2009 12:20:12 +0000 (13:20 +0100)]
Added synthetic session start time attribute
Alan T. DeKok [Sun, 6 Dec 2009 21:04:24 +0000 (22:04 +0100)]
Cleanly handle "32 proxy sockets open" error condition
Alan T. DeKok [Sun, 6 Dec 2009 21:01:09 +0000 (22:01 +0100)]
Use "0" for later proxy sockets, rather than looping through 64k ports
This avoids a loop over 64K socket() calls when there are too many FDs open
Alan T. DeKok [Sun, 6 Dec 2009 16:02:08 +0000 (17:02 +0100)]
Added sample ntlm_auth module
Alan T. DeKok [Sun, 6 Dec 2009 15:59:07 +0000 (16:59 +0100)]
Fixed before 2.1.8
Alan T. DeKok [Sun, 6 Dec 2009 12:54:14 +0000 (13:54 +0100)]
Use case insensitive comparison. Closes #36
Alan T. DeKok [Sun, 6 Dec 2009 12:51:01 +0000 (13:51 +0100)]
Portability fixes, as noted by bug #33
Alan T. DeKok [Sun, 6 Dec 2009 12:48:14 +0000 (13:48 +0100)]
IP pools require a transactional back-end
So we used InnoDB
Alan T. DeKok [Sun, 6 Dec 2009 12:43:59 +0000 (13:43 +0100)]
Remove notes on unsupported configuration items
Alan T. DeKok [Sun, 6 Dec 2009 12:39:00 +0000 (13:39 +0100)]
Be more specific about which detail files we suppress
Don't write packets back to the same detail file, but allow them
to be written to different detail files
Alan T. DeKok [Sun, 6 Dec 2009 12:37:13 +0000 (13:37 +0100)]
Removed re-definition of detail structure
Alan T. DeKok [Sun, 6 Dec 2009 12:36:28 +0000 (13:36 +0100)]
Moved detail structure defs to a public header file
Alan T. DeKok [Sat, 5 Dec 2009 14:58:19 +0000 (15:58 +0100)]
Fix code so that corner cases of %{%{foo}:-%{bar}} work
The previous code was odd... this code is simpler, and works.
Alan T. DeKok [Sat, 5 Dec 2009 14:54:08 +0000 (15:54 +0100)]
Re-set FP after closing it
Alan T. DeKok [Sat, 5 Dec 2009 14:57:20 +0000 (15:57 +0100)]
Build from v2.1.x branch instead of stable
Alan T. DeKok [Fri, 4 Dec 2009 13:46:04 +0000 (14:46 +0100)]
Enable new dictionaries
Alan T. DeKok [Fri, 4 Dec 2009 13:41:43 +0000 (14:41 +0100)]
Enable Unix (Proftpd) dictionary
Alan T. DeKok [Thu, 3 Dec 2009 09:25:33 +0000 (10:25 +0100)]
Sign client certs with CA rather than server cert
Alan T. DeKok [Wed, 2 Dec 2009 11:16:57 +0000 (12:16 +0100)]
Use intermediate buffer for error messages.
This prevents the messages from getting mangled
Alan T. DeKok [Wed, 2 Dec 2009 10:56:24 +0000 (11:56 +0100)]
Note recent changes
Alan T. DeKok [Wed, 2 Dec 2009 10:55:03 +0000 (11:55 +0100)]
Revert "Moved illegal attributes to the new dictionary"
This reverts commit
4ba2853439bba32f979009fcc04b48a829bf83d4.
While these dictionaries are unfortunate, making this change
in a point release is likely a bad idea.
Alan T. DeKok [Wed, 2 Dec 2009 10:54:23 +0000 (11:54 +0100)]
Revert "Moved Ascends illegal attributes to their own file"
This reverts commit
0241615ea5e98a13c92c266daab356e057d6a27d.
While these dictionaries are unfortunate, making this change
in a point release is likely a bad idea.
Alan T. DeKok [Wed, 2 Dec 2009 10:37:33 +0000 (11:37 +0100)]
Removed erroneous 'break'
Alan T. DeKok [Wed, 2 Dec 2009 07:51:27 +0000 (08:51 +0100)]
Fixed string copying in sub variable.
Apparently the only reason this worked before is that no one used it.
The decode_attribute() function did the string copying itself,
and therefore avoided this.
Alan T. DeKok [Tue, 1 Dec 2009 09:49:18 +0000 (10:49 +0100)]
Fixed typo
Alan T. DeKok [Mon, 30 Nov 2009 16:07:22 +0000 (17:07 +0100)]
Fix build problem
Alan T. DeKok [Mon, 30 Nov 2009 12:58:49 +0000 (13:58 +0100)]
Print out more useful debugging messages
Rather than
rlm_ldap: ...
do
[foo] ...
Which prints out the instance name in a slightly better format
Alan T. DeKok [Mon, 30 Nov 2009 09:05:37 +0000 (10:05 +0100)]
Cleanups and simplifications.
The FD_SET is now calculated in the event_loop() function,
making it harder to get it wrong.
fr_event_now() ALWAYS returns a time, calling gettimeofday()
if necessary
Alan T. DeKok [Mon, 30 Nov 2009 08:14:27 +0000 (09:14 +0100)]
Clean up "dead" child if there's no thread associated with the request
Alan T. DeKok [Sun, 29 Nov 2009 15:07:23 +0000 (16:07 +0100)]
Clean up state machine.
This error happens when "max_request_time" is set VERY low.
i.e. lower than "response_window". (12s versus 30s).
The current logic for enforcing the various timers is pretty bad. There
is one timer per request, and it bounces around between the different
requirements. At the time it was written, it seemed simpler than trying
to manage 3-4 simultaneous timers per request.
When the request is proxied, the timer being applied is for
"response_window". BUT by the time that expires, the "max_request_time"
has expired. The code *does* notice that it has expired. BUT it doesn't
notice that there's no child thread processing the request. So it waits
for the child thread to exit... forever.
At some point, a timer overflows, and it dies.
There are a few changes to make:
1) check for "no child" in this situation, and clean up the request rather
than waiting forever.
2) cap the timer to 5 minutes (this can still happen, for example, when a
bad DB locks a thread for hours at a time).
3) don't overflow when adding timer values.
Alan T. DeKok [Fri, 27 Nov 2009 14:58:58 +0000 (15:58 +0100)]
L_INFO, "PROXY:... --> L_PROXY, "...
Simplifies and regularizes the log messages
Alan T. DeKok [Fri, 27 Nov 2009 12:01:06 +0000 (13:01 +0100)]
Fix typo
Alan T. DeKok [Fri, 27 Nov 2009 11:07:25 +0000 (12:07 +0100)]
Initialize timers for Status-Server
For some weird reason they weren't initialized in debugging mode,
so we force it here. This WAS tested to work... so I have no idea
why it stopped.
We also ignore Status-Server packets when marking home_servers as
alive. That way, the ping_check will work properly...
Alan T. DeKok [Fri, 27 Nov 2009 07:48:16 +0000 (08:48 +0100)]
Alan T. DeKok [Thu, 26 Nov 2009 18:10:44 +0000 (19:10 +0100)]
Remove erroneous handling of option 82
Alan T. DeKok [Sun, 22 Nov 2009 15:56:14 +0000 (16:56 +0100)]
Print names for unsupported eap types
Alan T. DeKok [Sun, 22 Nov 2009 15:47:29 +0000 (16:47 +0100)]
More warnings
Modifying the values of a virtual attribute is a bad idea.
Alan T. DeKok [Sun, 22 Nov 2009 15:35:20 +0000 (16:35 +0100)]
Check for NULL
Alan T. DeKok [Sun, 22 Nov 2009 08:26:51 +0000 (09:26 +0100)]
Fixed typo
Alan T. DeKok [Sun, 22 Nov 2009 08:18:16 +0000 (09:18 +0100)]
As posted to the list
Alan T. DeKok [Sun, 22 Nov 2009 08:16:22 +0000 (09:16 +0100)]
Move definition so that it doesn't cause issues
Use the RFC definitions for the name
Alan T. DeKok [Sun, 22 Nov 2009 08:12:15 +0000 (09:12 +0100)]
Revert "errormsg may be NULL"
This reverts commit
45877bf44b02d418b6fb263a39e5de07ced58b6e.
It doesn't fix the problem, and it seems to cause issues for
other people
Alan T. DeKok [Wed, 18 Nov 2009 17:34:17 +0000 (18:34 +0100)]
As posted to the list
Alan T. DeKok [Tue, 17 Nov 2009 10:19:17 +0000 (11:19 +0100)]
Move user/group/chroot/core to bootstrap config
It adds some extra stuff when starting in debug mode as root, but it
also means that "allow_core_dumps" works again.
Alan T. DeKok [Sun, 22 Nov 2009 15:16:15 +0000 (16:16 +0100)]
Notes for v2.1.8
Alan T. DeKok [Sat, 14 Nov 2009 09:29:40 +0000 (10:29 +0100)]
Make templates work again
Alan T. DeKok [Fri, 13 Nov 2009 13:15:51 +0000 (14:15 +0100)]
Allow !* to work
The code to delete all attributes (as documented in unlang) was
previously added in evaluate.c. But the parser hadn't been updated,
so it was impossible to actually use that functionality.
Alan T. DeKok [Thu, 12 Nov 2009 15:19:25 +0000 (16:19 +0100)]
Print commands from radmin when in debug mode
Alan T. DeKok [Thu, 12 Nov 2009 11:25:03 +0000 (12:25 +0100)]
Fix WiMAX encoding bug introduced in
326a68b90a1a
Alan T. DeKok [Fri, 6 Nov 2009 13:16:42 +0000 (08:16 -0500)]
As posted to the list
Alan T. DeKok [Tue, 3 Nov 2009 21:40:03 +0000 (16:40 -0500)]
From bug #45
Alan T. DeKok [Fri, 30 Oct 2009 00:35:53 +0000 (20:35 -0400)]
Removed recursive mutexes
Alan T. DeKok [Fri, 23 Oct 2009 09:37:44 +0000 (11:37 +0200)]
As posted to the list
Alan T. DeKok [Wed, 28 Oct 2009 13:44:38 +0000 (09:44 -0400)]
errormsg may be NULL
Alan T. DeKok [Fri, 30 Oct 2009 00:29:26 +0000 (20:29 -0400)]
If the port is already used, try another.
Alan T. DeKok [Sat, 3 Oct 2009 17:58:17 +0000 (19:58 +0200)]
Start simplifying the code that encodes attributes
Alan T. DeKok [Wed, 16 Sep 2009 15:14:55 +0000 (17:14 +0200)]
Bump to version 2.1.8
Alan T. DeKok [Tue, 20 Oct 2009 14:28:58 +0000 (16:28 +0200)]
Conf for debugging
Alan T. DeKok [Tue, 20 Oct 2009 14:07:18 +0000 (16:07 +0200)]
Fix openssl checks
Alan T. DeKok [Tue, 20 Oct 2009 10:14:36 +0000 (12:14 +0200)]
Retry if there was no response to the packet.
Alan T. DeKok [Sun, 18 Oct 2009 15:19:22 +0000 (17:19 +0200)]
Print env vars in parent, not child
Alan T. DeKok [Sun, 18 Oct 2009 11:47:06 +0000 (13:47 +0200)]
Changed stop packet msg to debug rather than error
Alan T. DeKok [Sun, 18 Oct 2009 07:04:36 +0000 (09:04 +0200)]
Define names
Alan T. DeKok [Fri, 16 Oct 2009 16:53:49 +0000 (18:53 +0200)]
Call detach only if function exists
Alan T. DeKok [Thu, 15 Oct 2009 09:23:30 +0000 (11:23 +0200)]
As posted to the list
Alan T. DeKok [Thu, 15 Oct 2009 08:08:40 +0000 (10:08 +0200)]
Fixed typo
Alan T. DeKok [Wed, 14 Oct 2009 12:09:41 +0000 (14:09 +0200)]
Fix to prevent compiler optimizations
from bug #30
Alan T. DeKok [Tue, 13 Oct 2009 10:53:49 +0000 (12:53 +0200)]
Write the PID file as late as possible
i.e. after checking the config, and after opening any sockets
Alan T. DeKok [Tue, 13 Oct 2009 10:52:12 +0000 (12:52 +0200)]
Fix typo
Alexander Clouter [Sat, 10 Oct 2009 12:25:29 +0000 (13:25 +0100)]
fix debian/rules to honour CFLAGS
Fixed up debian/rules to allow CFLAGS to be honoured.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>