Alan T. DeKok [Mon, 28 Apr 2014 19:13:08 +0000 (15:13 -0400)]
Note recent changes
Arran Cudbard-Bell [Mon, 28 Apr 2014 11:31:42 +0000 (12:31 +0100)]
Add more ZTE attributes
Arran Cudbard-Bell [Sat, 26 Apr 2014 15:54:06 +0000 (16:54 +0100)]
Add partial ZTE dictionary
Alan T. DeKok [Sat, 26 Apr 2014 14:22:45 +0000 (10:22 -0400)]
Don't do counters for Status-Server. Fixes #612
Alan T. DeKok [Thu, 17 Apr 2014 14:35:46 +0000 (10:35 -0400)]
Typo. Fixes #591
Alan T. DeKok [Thu, 17 Apr 2014 13:58:41 +0000 (09:58 -0400)]
Set destination port for client replies from relay. Fixes #591
Alan T. DeKok [Wed, 16 Apr 2014 18:26:27 +0000 (14:26 -0400)]
Take max_sessions from max_requests.
It's a little high, but it means that a busy server will
automatically be able to handle more EAP sessions.
Otherwise, the server will start ignoring EAP sessions, or
discarding "old" ones that are still in process
Arran Cudbard-Bell [Mon, 14 Apr 2014 10:30:32 +0000 (06:30 -0400)]
Merge pull request #587 from aparadis/v2.x.x
Update rlm_ldap documentation (groupmembership_filter)
Alexandre Paradis [Mon, 14 Apr 2014 03:56:34 +0000 (22:56 -0500)]
Update rlm_ldap documentation (groupmembership_filter)
Replace member=%{Ldap-UserDn} with member=%{control:Ldap-UserDn} in the groupmembership_filter as per the default configuration.
Arran Cudbard-Bell [Sun, 13 Apr 2014 17:02:05 +0000 (13:02 -0400)]
Unsigned apparently needs to come after int...
Alan T. DeKok [Fri, 11 Apr 2014 18:35:40 +0000 (14:35 -0400)]
Be more stringent about waiting for child to die
Alan T. DeKok [Wed, 9 Apr 2014 21:47:05 +0000 (17:47 -0400)]
Just remove the session
Alan T. DeKok [Wed, 9 Apr 2014 20:29:21 +0000 (16:29 -0400)]
Note recent changes
Alan T. DeKok [Wed, 9 Apr 2014 15:54:42 +0000 (11:54 -0400)]
Check for invalid TLS handshake
If the system has a vulnerable version of OpenSSL, and the
admin has told us to allow it, we want to catch and stop
the problem.
Alan T. DeKok [Wed, 9 Apr 2014 14:47:42 +0000 (10:47 -0400)]
If we fail during tls handshake, don't send an EAP-Fail msg
Because tls_handshake_recv() says there's something wrong with
the TLS session. Therefore, we can't use it for anything
Arran Cudbard-Bell [Wed, 9 Apr 2014 12:27:53 +0000 (13:27 +0100)]
Revert "Patch for OpenSSL insanity"
This reverts commit
30a1e7c5e10743bd9753285d91eff6f0af8e09ca.
Arran Cudbard-Bell [Wed, 9 Apr 2014 12:27:07 +0000 (13:27 +0100)]
Remove ruby-lib-dir and ruby-include-dir, these should be specified by RbConfig - Closes #580
Alan T. DeKok [Tue, 8 Apr 2014 15:31:27 +0000 (11:31 -0400)]
Allow vulnerable OpenSSL for testing purposes
Alan T. DeKok [Tue, 8 Apr 2014 15:10:11 +0000 (11:10 -0400)]
Check for vulnerable OpenSSL versions
Alan T. DeKok [Tue, 8 Apr 2014 15:05:16 +0000 (11:05 -0400)]
Add "allow_vulnerable_openssl" configuration item.
Alan T. DeKok [Tue, 8 Apr 2014 14:49:22 +0000 (10:49 -0400)]
Note recent changes
Alan T. DeKok [Mon, 7 Apr 2014 22:02:10 +0000 (18:02 -0400)]
Patch for OpenSSL insanity
https://www.openssl.org/news/secadv_20140407.txt
Alan T. DeKok [Sun, 6 Apr 2014 01:36:52 +0000 (21:36 -0400)]
Limit zombie period start. Fixes #579
If we've received a packet in the last 1/4 zombie period, don't
go to zombie. If the last packet was earlier than that, set
the zombie period start to that time.
We don't set it to home->last_packet, because that could have
been minutes or hours in the past
Alan T. DeKok [Sat, 5 Apr 2014 17:02:47 +0000 (13:02 -0400)]
Mark zombie alive if it responses to status-server. Fixes #579
Alan T. DeKok [Fri, 4 Apr 2014 15:10:06 +0000 (11:10 -0400)]
Handle syslog, too
Alan T. DeKok [Fri, 4 Apr 2014 14:54:21 +0000 (10:54 -0400)]
Enumerate all of the possibilities for -l FOO and -x
Alan T. DeKok [Fri, 4 Apr 2014 14:23:01 +0000 (10:23 -0400)]
Note recent changes
Alan T. DeKok [Fri, 4 Apr 2014 14:17:11 +0000 (10:17 -0400)]
If log isn't stdout, ALWAYS set stdout to /dev/null
Alan T. DeKok [Fri, 4 Apr 2014 13:00:37 +0000 (09:00 -0400)]
Set the max # of SQL sockets to the max # of threads
Alan T. DeKok [Thu, 3 Apr 2014 13:45:51 +0000 (09:45 -0400)]
The character is unsigned. Fixes #578
Arran Cudbard-Bell [Mon, 31 Mar 2014 17:50:45 +0000 (18:50 +0100)]
Whitespace
Arran Cudbard-Bell [Mon, 31 Mar 2014 17:50:12 +0000 (18:50 +0100)]
have vp_prints_value pre-escape special chars in strings passed back to the xlat code
Arran Cudbard-Bell [Thu, 27 Mar 2014 19:17:00 +0000 (19:17 +0000)]
Swap defined(sun) for defined(__sun) which is apparently defined in more cases
Arran Cudbard-Bell [Thu, 27 Mar 2014 12:05:31 +0000 (12:05 +0000)]
Merge pull request #569 from alanbuxey/version
expose server version to slat and document
Alan Buxey [Thu, 27 Mar 2014 11:03:24 +0000 (11:03 +0000)]
expose server version to slat and document
Arran Cudbard-Bell [Thu, 27 Mar 2014 09:23:08 +0000 (09:23 +0000)]
Merge pull request #567 from alanbuxey/patch-1
Update dictionary.terena
Alan Buxey [Thu, 27 Mar 2014 09:22:29 +0000 (09:22 +0000)]
Update dictionary.terena
Arran Cudbard-Bell [Sun, 23 Mar 2014 21:34:21 +0000 (21:34 +0000)]
Add check for sig_t
Alan T. DeKok [Thu, 20 Mar 2014 13:38:55 +0000 (09:38 -0400)]
Roll version numbers
Alan T. DeKok [Wed, 19 Mar 2014 17:20:49 +0000 (13:20 -0400)]
Update for release date
Alan T. DeKok [Wed, 19 Mar 2014 17:17:37 +0000 (13:17 -0400)]
Update spec files for 2.2.4
Alan T. DeKok [Tue, 18 Mar 2014 19:28:20 +0000 (15:28 -0400)]
Fix for latest functionality of the format script
Alan T. DeKok [Mon, 17 Mar 2014 22:20:11 +0000 (18:20 -0400)]
If the request was unicast, the reply can be unicast, too
Alan T. DeKok [Mon, 17 Mar 2014 22:19:47 +0000 (18:19 -0400)]
Fix typo
Alan T. DeKok [Thu, 13 Mar 2014 17:41:40 +0000 (13:41 -0400)]
Fix typos
Alan T. DeKok [Thu, 13 Mar 2014 15:43:15 +0000 (11:43 -0400)]
Note recent changes
Alan T. DeKok [Thu, 13 Mar 2014 15:42:45 +0000 (11:42 -0400)]
Port DHCP fixes from v3.0.x
for giaddr address and port.
Alan T. DeKok [Thu, 13 Mar 2014 15:22:37 +0000 (11:22 -0400)]
Document src_ipaddr in more detail
Alan T. DeKok [Thu, 13 Mar 2014 15:18:08 +0000 (11:18 -0400)]
Set src IP on more situations.
If the admin set "ipaddr = *", and no "src_ipaddr = ...", then
we used to send packets from 0.0.0.0. That's wrong.
We now look for server identifier or server IP address.
If one of those is found, we use that as the source IP
Alan T. DeKok [Wed, 12 Mar 2014 22:06:04 +0000 (18:06 -0400)]
Fix typo
Alan T. DeKok [Wed, 12 Mar 2014 21:36:55 +0000 (17:36 -0400)]
Fix typos
Alan T. DeKok [Wed, 12 Mar 2014 15:03:15 +0000 (11:03 -0400)]
Update example text
Alan T. DeKok [Mon, 10 Mar 2014 18:36:03 +0000 (14:36 -0400)]
Note recent changes
Alan T. DeKok [Mon, 10 Mar 2014 18:34:27 +0000 (14:34 -0400)]
Update documentation for people who misunderstand it
Alan T. DeKok [Thu, 27 Feb 2014 16:12:55 +0000 (11:12 -0500)]
Allow module status to be forced to any module code
Arran Cudbard-Bell [Fri, 28 Feb 2014 10:04:36 +0000 (10:04 +0000)]
Remove branch status heading
Arran Cudbard-Bell [Thu, 20 Feb 2014 18:30:56 +0000 (18:30 +0000)]
Backport stderr/stdout fixes from v3.0.x
Alan T. DeKok [Wed, 19 Feb 2014 02:19:35 +0000 (21:19 -0500)]
Both name2's may be NULL
Alan T. DeKok [Tue, 18 Feb 2014 17:01:40 +0000 (12:01 -0500)]
Be more careful in name2_cmp
Alan T. DeKok [Tue, 18 Feb 2014 17:07:26 +0000 (12:07 -0500)]
back-port changes to sub_find_name2 from v3.0.x
Alan T. DeKok [Thu, 13 Feb 2014 14:29:35 +0000 (09:29 -0500)]
Increase buffer size. Use output buffer size as limit for hex2bin
Alan T. DeKok [Wed, 12 Feb 2014 17:01:21 +0000 (12:01 -0500)]
It's OK if dh_params are non-existent
Alan T. DeKok [Tue, 11 Feb 2014 15:13:27 +0000 (10:13 -0500)]
Cache CUI, too
Alan T. DeKok [Fri, 7 Feb 2014 16:53:16 +0000 (11:53 -0500)]
Spaces are good
Arran Cudbard-Bell [Wed, 29 Jan 2014 20:25:36 +0000 (20:25 +0000)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 28 Jan 2014 14:59:08 +0000 (14:59 +0000)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 28 Jan 2014 14:36:23 +0000 (14:36 +0000)]
Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and the socket were using is bound to a specific IP
FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY.
Arran Cudbard-Bell [Tue, 28 Jan 2014 14:35:49 +0000 (14:35 +0000)]
Whitespace
Alan T. DeKok [Mon, 27 Jan 2014 20:30:36 +0000 (15:30 -0500)]
request->proxy_reply may be NULL
Arran Cudbard-Bell [Mon, 27 Jan 2014 18:02:50 +0000 (18:02 +0000)]
Include signal.h
Arran Cudbard-Bell [Mon, 27 Jan 2014 17:47:55 +0000 (17:47 +0000)]
Backport panic_action
Seeing as were probably going to end up supporting v2.x.x for a while longer...
Arran Cudbard-Bell [Mon, 27 Jan 2014 17:39:14 +0000 (17:39 +0000)]
Whitespace
Arran Cudbard-Bell [Sun, 19 Jan 2014 09:13:44 +0000 (09:13 +0000)]
Add missing pipe
Arran Cudbard-Bell [Fri, 17 Jan 2014 16:33:53 +0000 (16:33 +0000)]
Fix typo (we don't want to fork twice)
Alan T. DeKok [Fri, 17 Jan 2014 15:43:15 +0000 (10:43 -0500)]
Note recent changes
Alan T. DeKok [Fri, 17 Jan 2014 15:27:57 +0000 (10:27 -0500)]
Fix typo.
Alan T. DeKok [Fri, 17 Jan 2014 14:35:51 +0000 (09:35 -0500)]
The "catch all" is -1, not < 0.
in v2, the attributes are still signed
Alan T. DeKok [Thu, 9 Jan 2014 15:27:37 +0000 (10:27 -0500)]
Note recent changes
Alan T. DeKok [Thu, 9 Jan 2014 15:24:47 +0000 (10:24 -0500)]
Patch to use --tag=CC. Fixes #497
Alan T. DeKok [Thu, 9 Jan 2014 13:29:50 +0000 (08:29 -0500)]
Session / delay times are unsigned int
Arran Cudbard-Bell [Thu, 9 Jan 2014 12:16:44 +0000 (12:16 +0000)]
Revert "Update ChangeLog" (github deleted lines at the end of the file)
This reverts commit
6e0b7bceb125b6b8a72cd08815f23db140685a23.
Arran Cudbard-Bell [Tue, 7 Jan 2014 20:15:37 +0000 (15:15 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Tue, 7 Jan 2014 20:11:57 +0000 (20:11 +0000)]
Report a non-zero exit status if after forking, the child encounters an error during the rest of server initialisation
Arran Cudbard-Bell [Tue, 7 Jan 2014 20:10:39 +0000 (20:10 +0000)]
whitespace
Arran Cudbard-Bell [Mon, 6 Jan 2014 15:06:36 +0000 (15:06 +0000)]
Disable proxy loopback check
We will never provide a side effects free alternative to proxy requests to another internal virtual server in the 2.1.x branch.
Arran Cudbard-Bell [Mon, 6 Jan 2014 15:05:42 +0000 (15:05 +0000)]
whitespace
Arran Cudbard-Bell [Mon, 16 Dec 2013 12:45:44 +0000 (12:45 +0000)]
bump version
Alan T. DeKok [Wed, 11 Dec 2013 20:10:12 +0000 (15:10 -0500)]
Ready for release
Alan T. DeKok [Fri, 6 Dec 2013 14:58:08 +0000 (09:58 -0500)]
If we can't decode the Password-With-Header, assume Cleartext-Password
Arran Cudbard-Bell [Mon, 2 Dec 2013 10:08:07 +0000 (05:08 -0500)]
Update ChangeLog
Arran Cudbard-Bell [Fri, 29 Nov 2013 21:28:48 +0000 (21:28 +0000)]
Allow zero length basedn strings
Arran Cudbard-Bell [Fri, 29 Nov 2013 21:26:34 +0000 (21:26 +0000)]
Whitespace fixes
Alan T. DeKok [Sun, 1 Dec 2013 13:58:24 +0000 (08:58 -0500)]
Note recent changes
Alan T. DeKok [Sun, 1 Dec 2013 13:56:16 +0000 (08:56 -0500)]
Don't re-initialize SSL
Alan T. DeKok [Sun, 1 Dec 2013 13:55:36 +0000 (08:55 -0500)]
Load error strings, too
Alan T. DeKok [Sun, 1 Dec 2013 13:53:56 +0000 (08:53 -0500)]
Initialize SSL library as soon as the server starts
Alan T. DeKok [Sat, 30 Nov 2013 14:57:05 +0000 (09:57 -0500)]
More checks and asserts for wait_for_child_to_die()
Alan T. DeKok [Sat, 30 Nov 2013 14:48:38 +0000 (09:48 -0500)]
Set REQUEST_DONE as the *last* thing in the child thread
Alan T. DeKok [Sat, 30 Nov 2013 14:39:21 +0000 (09:39 -0500)]
Skip code if we fail re-setting up the request
Alan T. DeKok [Sat, 30 Nov 2013 14:38:10 +0000 (09:38 -0500)]
Added assertion about child threads. This may help debugging
race conditions