Alan T. DeKok [Tue, 18 Nov 2014 19:56:52 +0000 (14:56 -0500)]
Bump version number here, too
Alan T. DeKok [Tue, 18 Nov 2014 19:55:43 +0000 (14:55 -0500)]
We should have bumped to 2.2.6 a while ago
Alan T. DeKok [Tue, 18 Nov 2014 19:54:59 +0000 (14:54 -0500)]
Note for 2.2.6
Alan T. DeKok [Tue, 18 Nov 2014 16:03:25 +0000 (11:03 -0500)]
Acct-Session-Time doesn't have to exist
Alan T. DeKok [Sun, 16 Nov 2014 15:03:32 +0000 (10:03 -0500)]
Note recent changes
Alan T. DeKok [Sun, 16 Nov 2014 15:02:20 +0000 (10:02 -0500)]
Make tlsv1.2 and tlsv1.2 conditional on having them
Alan T. DeKok [Sun, 16 Nov 2014 14:42:49 +0000 (09:42 -0500)]
Allow for selective disabling of TLSv1.1 and TLSv1.2
Arran Cudbard-Bell [Tue, 11 Nov 2014 19:18:43 +0000 (14:18 -0500)]
Backport udpfromto IPv6 fixes from v3.0.x
Arran Cudbard-Bell [Tue, 11 Nov 2014 19:16:52 +0000 (14:16 -0500)]
Remove xcodebuild stuff, it's not required
Alan T. DeKok [Tue, 4 Nov 2014 12:48:08 +0000 (07:48 -0500)]
Note TLS 1.1 and 1.2
Alan T. DeKok [Mon, 3 Nov 2014 19:36:25 +0000 (14:36 -0500)]
Allow TLS 1.1 and 1.2
Alan T. DeKok [Mon, 3 Nov 2014 18:57:48 +0000 (13:57 -0500)]
Note recent changes
Alan T. DeKok [Mon, 3 Nov 2014 16:45:27 +0000 (11:45 -0500)]
Allow all UTF-8 characters
Alan T. DeKok [Wed, 29 Oct 2014 15:12:26 +0000 (11:12 -0400)]
Note recent changes
Alan T. DeKok [Wed, 29 Oct 2014 15:12:08 +0000 (11:12 -0400)]
Time zone is 2 octets, not "integer"
Alan DeKok [Tue, 28 Oct 2014 21:40:52 +0000 (17:40 -0400)]
Merge pull request #824 from jrouzierinverse/v2.x.x
Lock thread_pool.wait_mutex before forking to avoid a race condition bet...
James Rouzier [Tue, 28 Oct 2014 21:13:43 +0000 (17:13 -0400)]
Lock thread_pool.wait_mutex before forking to avoid a race condition between rad_fork, rad_waitpid and reap_children.
There is a race condition that can occur under high load where a child is reaped before being added to the waiters list.
Alan T. DeKok [Sun, 26 Oct 2014 13:57:48 +0000 (09:57 -0400)]
Do OCSP checks only if we got issuer_cert. Closes #756
Alan T. DeKok [Tue, 7 Oct 2014 14:37:27 +0000 (10:37 -0400)]
Move to SHA256. SHA1 is deprecated
Alan T. DeKok [Sun, 21 Sep 2014 20:29:07 +0000 (16:29 -0400)]
Don't use DHCP-Server-IP-Address for source IP
use Packet-Src-IP-Address instead.
And don't use server identifier for SIADDR
Alan T. DeKok [Mon, 8 Sep 2014 15:28:42 +0000 (11:28 -0400)]
Find the SUB section, not the NEXT one
Arran Cudbard-Bell [Thu, 4 Sep 2014 18:33:23 +0000 (14:33 -0400)]
Merge pull request #777 from matsimon/f5-dictionary
F5 dictionary
Alan T. DeKok [Sun, 31 Aug 2014 13:50:05 +0000 (09:50 -0400)]
Added dictionary for RFC 7268
Arran Cudbard-Bell [Thu, 12 Dec 2013 18:18:57 +0000 (10:18 -0800)]
Merge pull request #489 from spaetow/master
Adding RFC7055 (ABFAB/Moonshot RFC)
Alan T. DeKok [Sun, 7 Sep 2014 03:00:44 +0000 (23:00 -0400)]
Run format.pl
Alan T. DeKok [Sun, 31 Aug 2014 12:49:27 +0000 (08:49 -0400)]
Enable new dictionaries and fix minor issues
Mathieu Simon [Sun, 31 Aug 2014 08:36:06 +0000 (10:36 +0200)]
dictionary.trapeze: Add attribute
- Trapeze-Audit seems to be a accounting-only value that
contains logging data for audit as the attribute says.
- Since MSS software still seems to be developed by Juniper
add a Juniper reference and remove the mail address as the
domain redirects to Juniper.com these days.
Mathieu Simon [Sun, 31 Aug 2014 09:28:27 +0000 (11:28 +0200)]
Add 3 attributes to the Bay dict. (Nortel/Avaya)
Found in the Avaya AAA for ERS and ES Technical Configuration
Guide from 2010 as publicly available at Avaya.
Some attributes have been changed by Avaya but left unchanged here
to not break existing installations.
Mathieu Simon [Sun, 11 May 2014 20:46:38 +0000 (22:46 +0200)]
dictionary.altiga: Fix small typo & space-to-tab
Try unifying mixed usage of spaces and tabs (later seems more common)
then pass with the formatter.
Mathieu Simon [Sun, 9 Feb 2014 09:55:56 +0000 (10:55 +0100)]
Add newly found attribute to dictionary.telebit
Found in: Cisco Prime Access Registrar 6.0.1 Users Guide
Chapter: RADIUS Attributes.
Telebit has been bought quite some time ago, that's why
the references come from Cisco.
Mathieu Simon [Sun, 31 Aug 2014 09:07:46 +0000 (11:07 +0200)]
Add Ruckus dictionary
Compiled out of a Ruckus user guides and tech notes
publicly available on the Ruckus website.
Mathieu Simon [Sun, 11 May 2014 20:44:26 +0000 (22:44 +0200)]
Add Compatible Systems dictionary
Add Compatible Systems Corp. dictionary as found in the
Cisco Prime Access Registrar 6.1 User Guide.
Includes historical note about Compatible Systems's acquisition
in case someone is (still) looking for documentation.
Alan T. DeKok [Fri, 29 Aug 2014 16:15:31 +0000 (12:15 -0400)]
As posted to the list
Conflicts:
share/dictionary.bluecoat
Alan T. DeKok [Wed, 3 Sep 2014 15:02:28 +0000 (11:02 -0400)]
Free output bio, too
Alan T. DeKok [Wed, 3 Sep 2014 14:52:54 +0000 (10:52 -0400)]
Print debug messages only in debug mode. Closes #779
Alan T. DeKok [Tue, 2 Sep 2014 21:17:18 +0000 (17:17 -0400)]
note recent changes
Alan T. DeKok [Tue, 2 Sep 2014 21:12:58 +0000 (17:12 -0400)]
in client_add() add to a virtual server is first argument is NULL
Alan T. DeKok [Fri, 29 Aug 2014 16:15:31 +0000 (12:15 -0400)]
As posted to the list
Alan T. DeKok [Fri, 22 Aug 2014 11:40:29 +0000 (07:40 -0400)]
Note recent changes
Alan T. DeKok [Fri, 22 Aug 2014 10:51:06 +0000 (06:51 -0400)]
Move checks for "sig_t" to AC_CHECK_TYPE. Fixes #765
Alan T. DeKok [Fri, 15 Aug 2014 12:59:49 +0000 (14:59 +0200)]
Be more descriptive in complaints
Alan T. DeKok [Thu, 14 Aug 2014 08:29:54 +0000 (10:29 +0200)]
Allow for enforcement in post-auth
Which is really where they should be
Alan T. DeKok [Sat, 9 Aug 2014 17:04:12 +0000 (19:04 +0200)]
Print names for packet types
Arran Cudbard-Bell [Tue, 29 Jul 2014 15:39:02 +0000 (11:39 -0400)]
Merge pull request #747 from simonflood/patch-1
Update radiusd-logrotate
Simon Flood [Tue, 29 Jul 2014 15:37:59 +0000 (16:37 +0100)]
Update radiusd-logrotate
Added endscript on logrotate
Arran Cudbard-Bell [Mon, 21 Jul 2014 10:57:12 +0000 (06:57 -0400)]
Merge pull request #738 from sylphlin/v2.x.x
Add the gigawords calculation for MSSQL in accounting stop SQL clause
root [Mon, 21 Jul 2014 06:25:03 +0000 (06:25 +0000)]
Add the gigawords calculation for MSSQL in accounting stop SQL clause
Alan T. DeKok [Mon, 7 Jul 2014 16:09:28 +0000 (12:09 -0400)]
As posted to the list
Alan T. DeKok [Mon, 7 Jul 2014 16:07:34 +0000 (12:07 -0400)]
whitespace
Arran Cudbard-Bell [Tue, 17 Jun 2014 09:09:24 +0000 (10:09 +0100)]
Relax libssl checks
Alan T. DeKok [Sat, 14 Jun 2014 13:28:15 +0000 (09:28 -0400)]
Don't use strtok. Closes #689
Port perl_xlat() from v3.
Arran Cudbard-Bell [Fri, 13 Jun 2014 10:48:11 +0000 (11:48 +0100)]
Merge pull request #685 from sylphlin/v2.x.x
Add the missing postauth query for mssql
Sylph Lin [Fri, 13 Jun 2014 10:18:29 +0000 (10:18 +0000)]
Add postauth_query for mssql
Arran Cudbard-Bell [Fri, 13 Jun 2014 08:12:08 +0000 (09:12 +0100)]
Update ChangeLog
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:08:44 +0000 (15:08 +0100)]
Don't stop parsing on padding options
Arran Cudbard-Bell [Wed, 11 Jun 2014 14:08:25 +0000 (15:08 +0100)]
Whitespace
Alan T. DeKok [Tue, 10 Jun 2014 15:41:50 +0000 (11:41 -0400)]
Make redundant-load-balance work again.
Arran Cudbard-Bell [Tue, 10 Jun 2014 09:11:42 +0000 (10:11 +0100)]
Fix potential read into uninitialised memory and/or data corruption in rlm_pap normify() when normifying octets type attributes
Alan T. DeKok [Mon, 2 Jun 2014 14:34:40 +0000 (10:34 -0400)]
sites-available/ is also config no-replace
Arran Cudbard-Bell [Mon, 26 May 2014 13:47:06 +0000 (14:47 +0100)]
Merge pull request #661 from fajarnugraha/v2.x.x-suse-
20140526
V2.x.x suse specfile build fix
Fajar A. Nugraha [Mon, 26 May 2014 13:30:19 +0000 (20:30 +0700)]
suse: fixes for dialupadmin package
Fajar A. Nugraha [Mon, 26 May 2014 11:47:42 +0000 (18:47 +0700)]
suse: add raddb/panic.gdb to %files
Arran Cudbard-Bell [Fri, 23 May 2014 14:05:05 +0000 (15:05 +0100)]
Merge pull request #655 from fajarnugraha/v2.x.x-redhat-
20140523
V2.x.x redhat
20140523
Fajar A. Nugraha [Fri, 23 May 2014 12:50:28 +0000 (19:50 +0700)]
redhat: add raddb/panic.gdb to %files
Alan T. DeKok [Wed, 21 May 2014 14:28:46 +0000 (10:28 -0400)]
Add "show module status"
Arran Cudbard-Bell [Sat, 17 May 2014 12:09:52 +0000 (13:09 +0100)]
Merge pull request #642 from alanbuxey/patch-2
comment out the mixed case
Alan Buxey [Sat, 17 May 2014 12:08:58 +0000 (13:08 +0100)]
comment out the mixed case
same patch as in HEAD and MASTER - stops policies that should help sites from causing issues.
Alan T. DeKok [Thu, 15 May 2014 13:45:54 +0000 (09:45 -0400)]
Added new dictionary
Alan T. DeKok [Tue, 13 May 2014 15:59:09 +0000 (11:59 -0400)]
Put last commit into correct place
Alan T. DeKok [Tue, 13 May 2014 15:49:38 +0000 (11:49 -0400)]
Note component and module for unfinished request
Alan T. DeKok [Tue, 13 May 2014 15:45:29 +0000 (11:45 -0400)]
Be more specific about reasons for discard
Alan T. DeKok [Mon, 28 Apr 2014 19:13:08 +0000 (15:13 -0400)]
Note recent changes
Arran Cudbard-Bell [Mon, 28 Apr 2014 11:31:42 +0000 (12:31 +0100)]
Add more ZTE attributes
Arran Cudbard-Bell [Sat, 26 Apr 2014 15:54:06 +0000 (16:54 +0100)]
Add partial ZTE dictionary
Alan T. DeKok [Sat, 26 Apr 2014 14:22:45 +0000 (10:22 -0400)]
Don't do counters for Status-Server. Fixes #612
Alan T. DeKok [Thu, 17 Apr 2014 14:35:46 +0000 (10:35 -0400)]
Typo. Fixes #591
Alan T. DeKok [Thu, 17 Apr 2014 13:58:41 +0000 (09:58 -0400)]
Set destination port for client replies from relay. Fixes #591
Alan T. DeKok [Wed, 16 Apr 2014 18:26:27 +0000 (14:26 -0400)]
Take max_sessions from max_requests.
It's a little high, but it means that a busy server will
automatically be able to handle more EAP sessions.
Otherwise, the server will start ignoring EAP sessions, or
discarding "old" ones that are still in process
Arran Cudbard-Bell [Mon, 14 Apr 2014 10:30:32 +0000 (06:30 -0400)]
Merge pull request #587 from aparadis/v2.x.x
Update rlm_ldap documentation (groupmembership_filter)
Alexandre Paradis [Mon, 14 Apr 2014 03:56:34 +0000 (22:56 -0500)]
Update rlm_ldap documentation (groupmembership_filter)
Replace member=%{Ldap-UserDn} with member=%{control:Ldap-UserDn} in the groupmembership_filter as per the default configuration.
Arran Cudbard-Bell [Sun, 13 Apr 2014 17:02:05 +0000 (13:02 -0400)]
Unsigned apparently needs to come after int...
Alan T. DeKok [Fri, 11 Apr 2014 18:35:40 +0000 (14:35 -0400)]
Be more stringent about waiting for child to die
Alan T. DeKok [Wed, 9 Apr 2014 21:47:05 +0000 (17:47 -0400)]
Just remove the session
Alan T. DeKok [Wed, 9 Apr 2014 20:29:21 +0000 (16:29 -0400)]
Note recent changes
Alan T. DeKok [Wed, 9 Apr 2014 15:54:42 +0000 (11:54 -0400)]
Check for invalid TLS handshake
If the system has a vulnerable version of OpenSSL, and the
admin has told us to allow it, we want to catch and stop
the problem.
Alan T. DeKok [Wed, 9 Apr 2014 14:47:42 +0000 (10:47 -0400)]
If we fail during tls handshake, don't send an EAP-Fail msg
Because tls_handshake_recv() says there's something wrong with
the TLS session. Therefore, we can't use it for anything
Arran Cudbard-Bell [Wed, 9 Apr 2014 12:27:53 +0000 (13:27 +0100)]
Revert "Patch for OpenSSL insanity"
This reverts commit
30a1e7c5e10743bd9753285d91eff6f0af8e09ca.
Arran Cudbard-Bell [Wed, 9 Apr 2014 12:27:07 +0000 (13:27 +0100)]
Remove ruby-lib-dir and ruby-include-dir, these should be specified by RbConfig - Closes #580
Alan T. DeKok [Tue, 8 Apr 2014 15:31:27 +0000 (11:31 -0400)]
Allow vulnerable OpenSSL for testing purposes
Alan T. DeKok [Tue, 8 Apr 2014 15:10:11 +0000 (11:10 -0400)]
Check for vulnerable OpenSSL versions
Alan T. DeKok [Tue, 8 Apr 2014 15:05:16 +0000 (11:05 -0400)]
Add "allow_vulnerable_openssl" configuration item.
Alan T. DeKok [Tue, 8 Apr 2014 14:49:22 +0000 (10:49 -0400)]
Note recent changes
Alan T. DeKok [Mon, 7 Apr 2014 22:02:10 +0000 (18:02 -0400)]
Patch for OpenSSL insanity
https://www.openssl.org/news/secadv_20140407.txt
Alan T. DeKok [Sun, 6 Apr 2014 01:36:52 +0000 (21:36 -0400)]
Limit zombie period start. Fixes #579
If we've received a packet in the last 1/4 zombie period, don't
go to zombie. If the last packet was earlier than that, set
the zombie period start to that time.
We don't set it to home->last_packet, because that could have
been minutes or hours in the past
Alan T. DeKok [Sat, 5 Apr 2014 17:02:47 +0000 (13:02 -0400)]
Mark zombie alive if it responses to status-server. Fixes #579
Alan T. DeKok [Fri, 4 Apr 2014 15:10:06 +0000 (11:10 -0400)]
Handle syslog, too
Alan T. DeKok [Fri, 4 Apr 2014 14:54:21 +0000 (10:54 -0400)]
Enumerate all of the possibilities for -l FOO and -x
Alan T. DeKok [Fri, 4 Apr 2014 14:23:01 +0000 (10:23 -0400)]
Note recent changes
Alan T. DeKok [Fri, 4 Apr 2014 14:17:11 +0000 (10:17 -0400)]
If log isn't stdout, ALWAYS set stdout to /dev/null
Alan T. DeKok [Fri, 4 Apr 2014 13:00:37 +0000 (09:00 -0400)]
Set the max # of SQL sockets to the max # of threads