#
330449 |
|
05-Mar-2018 |
eadler |
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
169986 |
|
25-May-2007 |
novel |
Add a new option for ppp.conf: rad_port_id. It allows to change the way of what ppp submits to the RADIUS server as NAS-Port-Id. Possible options are: the PID of the process owning the corresponding interface, tun(4) interface number, interface index (as it would get returned by if_nametoindex(3)), or it's possible to keep the default behavior. Check the ppp(8) manual page for details.
PR: bin/112764 Submitted by: novel (myself) Reviewed by: flz Approved by: flz MFC after: 1 month
|
#
140905 |
|
27-Jan-2005 |
brian |
Add a radius_Flush() function that waits for the response (or timeout) to any pending RADIUS transaction. Use this before sending RAD_STOP RADIUS messages so that we definitely ``stop'' the session.
It was discovered that sometimes when the link timed out, we got lucky enough to have an un-ACK'd RADIUS accounting transaction in progress, resulting in the RAD_STOP message failing to send.
Original report found on: A russion news group Text translated by: glebius Tested by: Alexey Popov llp at iteranet dot com MFC after: 7 days
|
#
132273 |
|
16-Jul-2004 |
brian |
Support a ``set rad_alive N'' command to enable periodic RADIUS accounting information being sent to the RADIUS server.
Logging of RADIUS accounting information moves to a ``set log [+-]radius'' level, along with the RADIUS alive info, and the version number is bumped to 3.2 to reflect this.
Mostly submitted by: alx@sm.ukrtel.net (back in January) MFC after: 3 weeks
|
#
116990 |
|
28-Jun-2003 |
ume |
name union.
|
#
116622 |
|
20-Jun-2003 |
ume |
IPV6PREFIX is set when Framed-IPv6-Prefix is defined, You may want to pass the value to upper layer protocol such as DHCPv6 for prefix delegation.
MFC after: 1 week
|
#
116588 |
|
19-Jun-2003 |
ume |
Do RADIUS accounting on IPV6CP.
MFC after: 1 week
|
#
116587 |
|
19-Jun-2003 |
ume |
Oops, I put unused variable in my previous commit.
MFC after: 1 week
|
#
116586 |
|
19-Jun-2003 |
ume |
Install routes specified by Framed-IPv6-Route. Since the format of Framed-IPv6-Route is user defined, it follows Framed-IP-route.
MFC after: 1 week
|
#
98311 |
|
16-Jun-2002 |
brian |
Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the code path... after we've talked to any RADIUS servers involved, so that we haven't touched the data before it gets to the server.
Make it clearer in the code that this compensation is done by setting a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.
While we're here, don't bother passing the peer challenge into radius_Authenticate(). It's already part of the key we're passing in (this becomes obvious now that I've structured that data...).
This ``fix'' doesn't help to authenticate Win98/WinME users in my test environment as ports/net/freeradius seems to ignore the flag completely anyway, but it may help with other RADIUS servers.
|
#
98243 |
|
15-Jun-2002 |
brian |
Remove whitespace at the end of lines.
|
#
98132 |
|
11-Jun-2002 |
brian |
Understand the following Microsoft Vendor Specific RADIUS attributes:
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES RAD_MICROSOFT_MS_MPPE_RECV_KEY RAD_MICROSOFT_MS_MPPE_SEND_KEY
These attributes may be supplied by a RADIUS server when MSCHAPv2 is used to authenticate.
It *should* now be possible to build ppp with -DNODES and still support CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet smart enough to do that (building with -DNODES just looses these facilities).
Sponsored by: Monzoon
|
#
96730 |
|
16-May-2002 |
brian |
Handle MS-CHAPv2 authentication correctly via the RADIUS server (if it's configured). Handle internal failures in radius_Authenticate() correctly. Bump the ppp version number.
This doesn't yet work with MPPE. More will follow.
Sponsored by: Mozoon
|
#
96324 |
|
10-May-2002 |
brian |
Add support for MS-CHAP authentication via a RADIUS server. Add support for Reply-Message and MS-CHAP-Error.
Sponsored by: Monzoon
|
#
96153 |
|
07-May-2002 |
brian |
Understand the Session-Timeout RADIUS attribute Store the Filter-Id attribute (we don't do anything with it yet)
Submitted mostly by: andrew pavlov <and@kremenchug.net>
|
#
93767 |
|
04-Apr-2002 |
hosokawa |
Get tun P2P address from the local pool if RADIUS server returned 255.255.255.254 as client ipaddr.
Reviewed-By: freebsd-net mailing list
|
#
75071 |
|
01-Apr-2001 |
brian |
Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing us to send a bogus response to the radius server and end up failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
|
#
74001 |
|
08-Mar-2001 |
brian |
MAXPATHLEN -> PATH_MAX Don't assume MAXHOSTNAMELEN includes the NUL Correct a diagnostic Use "localhost" in our prompt instead of ""
|
#
65178 |
|
28-Aug-2000 |
brian |
Support radius accounting, and add a packet count to throughput statistics as a side effect.
Submitted by: Marcin Cieslak <saper@system.pl>
with some tweaks to RAD_ACCT_SESSION_ID and RAD_ACCT_MULTI_SESSION_ID generation by me.
|
#
58028 |
|
13-Mar-2000 |
brian |
To avoid namespace polution in NetBSD:
``struct descriptor'' -> ``struct fdescriptor''
|
#
50479 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
43693 |
|
06-Feb-1999 |
brian |
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial.
While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types.
NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
|
#
43313 |
|
27-Jan-1999 |
brian |
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support.
TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
|