2003/04/03 - 0.9.6: - Added documentation for the client in tools/radclient/README - Added Cistron/FreeRADIUS-compatible radtest wrapper scripts in tools/radclient/radtest and -radaccttest - Changed default timeout in radclient to 5 seconds instead of 2 - Fixed typo in radclient.c that prevented replies to be correctly matched to requests - Added Acct-Status-Types from RFC 2869 (Tunneling) in dict.stdacct - Added Makefile.sol5gcc for Solaris 2.5.1; removes HAVE_VSNPRINTF - Removed unsupported -f (flood) option in radclient for now - Removed some outdated and redundant documentation files from doc/ 2003/02/25 - 0.9.5: - Added versatile radius client in tools/radclient; supports fully asynchronous operation, multiple target servers, the standard OpenRADIUS module interface, encoding of PAP and CHAP passwords, and much more. Can be used for trivial proxying purposes as well. - Fixed segfault when reading dictionary that occurred when an item referenced for adding constant value names is outside the default space. (from 0.9.4c) - Minor fixes for QNX4's Watcom C (which defaults to unsigned char). - Added a portable install script; installation now works hassle-free on Linux, NetBSD, FreeBSD, BSDI, SunOS 5, Solaris 7, Tru64 4.0, 5.1, and QNX 4. No longer overwrites existing configuration directories. - Complete rewrite of the build system, using a single-session make. At the cost of relying more heavily on GNU Make, rebuilds are now always correct, header dependencies are automatically generated and tracked without requiring things like 'make dep', and full builds are faster. (See the paper "Recursive Make Considered Harmful", by Peter Miller). Also fixes inconsistencies in various Make.conf.xxx files. - Changed default configuration directory from ...etc/raddb to ...etc/openradius. This makes it easier to keep it next to other servers and removes the suggestion that the files are compatible. - Ascfile module: multiline records are no longer delimited by blank lines; rather, a new record is started by any non-comment line whose first non-whitespace character is in column 0, for both single and multiline-record files. The distinction is gone, so the -s flag is not needed anymore either. (from Brian Candler ) - Added support for USR's NMC attributes in the dictionary; no actual attributes added yet though. - Fixed partially initialized sockaddr_in structure which caused bind errors on some platforms, particularly OS X. (from 0.9.4b) - Fixed wraparound error in ring buffer scanning functions which sometimes caused apparently random behaviour file compilation errors. (from 0.9.4a) 2002/06/25 - 0.9.4: - Put real, registered OIDs in distributed sample LDAP schema - Fixed CERT CA-2002-06 vulnerability #2 - Fixed conversion operators in language - A number of bugfixes and improvements in the behaviour language: * actually implemented the conversion from string to date; * date + int sets current type to date; * IP address + int sets current type to IP address; * 'and', 'or' synonyms for '&&', '||'; * divide by zero just aborts expression, instead of killing server * fixed '!' behaviour on strings; * made date conversions to/from strings use localtime() instead of gmtime(). Run the server with TZ set to UTC if you want the old behaviour. - Good cleanup of meta_buildtree() 2002/03/22 - 0.9.3: - Fix major bug in example behaviour files involving CHAP. It plainly didn't work at all. - Fixed bug in behaviour.sample-ldap-authbind, which would allow all non-PAP users in (that is, without checking any passwords). - Fix bug in dictionary that caused Accounting signature validation to fail. Corrected mix up of Acct-Authentic and Acct-Authenticator. - Included some test queries for PAP, CHAP and accounting for use with tools/radclient. - Changed server to use raddb as current directory for modules again, so that all configuration files are kept in one place. Modules' own configuration files are stored under raddb/modules now. Also fixes bug when using ASCII clients- and users files. 2002/03/20 - 0.9.2: - Added LDAP schema and ldif file with sample data; updated included example attribute mapping file; added proper example behaviour and configuration files for use with LDAP. - When (auto-)converting a decimal string attribute to a numeric one, and the string is not a valid number, we try to find lookup the value as a named constant for the string attribute. If found, that value is used instead. Handy for doing things like 'Framed-Protocol = str-Framed-Protocol', and allows to use constant names in LDAP different from our own. - Start modules using their own directory as cwd. This allows modules to operate without having absolute paths to their configuration files specified on their command lines. - Added elementary test command line client in tools/radclient. Reads list of ASCII A/V pairs on stdin (formatted as by ASCII modules) and displays pairs in response. Note that all attributes are sent as-is, including User-Password, and the response is not checked in any way, only displayed. Will add PAP/CHAP generator soon. - Plugged a couple of memory leaks; Mozilla's leaky tool doesn't show any now (thanks to dmelomed@devonitnet.com for pointing this out). - Fixed := operator bug that scribbled on memory when the instance assigned to was also referenced on right hand side. - Big makefile cleanup. Supports GNU Make only now. I've given in to the temptations of the slogan "don't bother with portable makefiles, use a portable make instead". Portable makefiles don't seem to be possible at all if you want to add text to variables (for making lists) and want to use a common settings file so you can call make in every subdirectory. - Added dictionary support for MS VSAs. - Merged fixes to make it run on Mac OS X, untested though. - Fixed (harmless) GCC warnings on LP64 platforms such as Alpha. 2001/12/08 - 0.9.1: - Added LDAP module. - Added some informational messages during server startup, to improve usefulness of '-d all', '-d misc -d recv' etc.; some other logging cleanups. - Prepended log lines with internal facility names. - Fixed bug caused by not emptying a channel's receive queue when its associated process dies. This caused the interface that the channel was associated with, not to recover gracefully from a subprocess restart. - Added some radius attributes to 'constants.h' to root and put it in the public domain, to facilitate module writing. - Put the Logger module (bourne shell script) in public domain as well. - BSD/SysV compatibility fixes: Made uint32_t / u_int32_t dependent on Make.conf setting; more Make.conf cleanups/fixes - Added more documentation for all modules. 2001/11/18 - 0.9: - Added a lot of language documentation. - Included the (bare) html files in the doc/html directory and generated the text files from that using lynx. The online docs are generated from them as well. - Some precedence table fixes in langcompile.c; moved 'hex', 'md5' together with other unary prefix operators (still lower because we have string-related ops always lower than integer ones); moved '.' just below lastof / firstof e.d. - Fixed minus handling for auto-radix numbers in meta_atoord; it used to require 0x-55 instead of -0x55. - Made 'statement' operators (interface calls, del, moveall etc). much more sane; they don't set the context to 'none' anymore so you can use them before closing a subexpression with ')'. They all leave something on the stack now. For del, delall and moveall, it's an int that reflects the number of pairs that were deleted resp. moved. - Removed the comma operator hack, which allowed it to be used in context 'none' as well, where it would emit a OP_NOP. Not needed anymore because no operator returns context 'none' anymore (except the comma operator itself, which only still exists as an unary postfix operator that emits OP_POP). - Made the pseudo-check items in dict.internal, that are likely to be returned by ascfile to be compared to request attributes rather than included in the actual reply, begin with a lowercase letter, so that you don't need to use REQ: all the time. Reflected that in example raddb/legacy/users as well. - Added unixpasswd module. Simple, but probably effective enough. - Also because of above, updated behaviour.sample and renamed to behaviour.sample-usersfile. Removed 'old', untested behaviour file. Kept configuration.old around, as it's slightly less misleading, although still just a more or less theoretic example, because most modules mentioned there still aren't written yet. Added DNS resolver example to it. Made behaviour.sample-unixpasswd the default one. - Fixed bug in config.c that caused behaviour file compilation errors to be ignored. - Makefile fixes in raddb/, modules/ and tools/. 2001/11/05 - v0.8: - Rirst public release. 2001/10/09 - v0.7: - First version that actually gets the name OpenRADIUS and a version number, as all of the core functionality is finally implemented.