Nikos Mavrogiannopoulos
efe61fa48e
radius: added safety checks in the parsing of Framed-IPv6-Prefix
2015-01-06 10:58:05 +01:00
Nikos Mavrogiannopoulos
a530330873
radius: use separate types for ipv4 and ipv6
2015-01-06 10:56:24 +01:00
Nikos Mavrogiannopoulos
e042e3edf9
configure: set seccomp as enabled by default
2015-01-06 10:38:09 +01:00
Nikos Mavrogiannopoulos
b097d8a3ff
radius: handle Framed-IPv6-Prefix as routes to add
2015-01-01 01:22:32 +02:00
Nikos Mavrogiannopoulos
a1abcdbeae
Allow prefixes in specifying the IPv4 network
2014-12-30 17:22:02 +02:00
Nikos Mavrogiannopoulos
674a690301
Disable route and DNS assignment in IPv6 for non-openconnect clients
...
That is because anyconnect clients can handle the assignment
of an IPv6 address, but cannot handle routes or DNS in IPv6.
So we disable IPv6 after an IP is assigned.
2014-12-30 14:14:22 +02:00
Nikos Mavrogiannopoulos
effc095f46
dockerfile: added missing haproxy
2014-12-29 20:22:07 +02:00
Nikos Mavrogiannopoulos
8de4a47e62
doc update
2014-12-29 20:18:01 +02:00
Nikos Mavrogiannopoulos
50f2fb88f6
simplify the input of IPv6 networks
...
The prefix is specified as part of the network.
2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos
90b0ac7932
radius: added support for Framed-IPv6-Prefix
2014-12-29 20:00:45 +02:00
Nikos Mavrogiannopoulos
73726d13a3
print IPv6 netmask only when in non-full mode
...
Also use the network address if available to print netmask.
2014-12-29 19:42:00 +02:00
Nikos Mavrogiannopoulos
27b9e91eb8
bail out if use-seccomp is set to true but there is no seccomp capability
2014-12-29 14:22:45 +02:00
Nikos Mavrogiannopoulos
c821a578a4
tests: enabled nuttcp when running in Fedora
2014-12-29 14:22:32 +02:00
Nikos Mavrogiannopoulos
e2192d546c
full-test, unix-test: modified to operate in Fedora as well
...
That also enables a check for ping in the IPv6 address.
2014-12-29 14:19:05 +02:00
Nikos Mavrogiannopoulos
3edc36c137
Added protobuf-c dependency
2014-12-29 12:03:00 +02:00
Nikos Mavrogiannopoulos
ecb59fdf3e
tests: separated the address ranges on full and unix tests and added IPv6 addresses
2014-12-29 11:56:32 +02:00
Nikos Mavrogiannopoulos
02734d8f54
send the Netmask when an IPv6 Address is assigned
2014-12-29 11:47:39 +02:00
Nikos Mavrogiannopoulos
0b47b5fb8f
IPv6 fixes in ip-lease
...
Issue discovered and fixed by sskaje.
2014-12-29 11:39:52 +02:00
Nikos Mavrogiannopoulos
0f1599a64a
use libsystemd instead of systemd-daemon
2014-12-28 09:57:06 +02:00
Nikos Mavrogiannopoulos
660311d74d
enable IPv6 in Anyconnect clients, and send the prefix
2014-12-28 09:55:35 +02:00
Nikos Mavrogiannopoulos
620c40fba3
doc update
2014-12-27 21:37:31 +02:00
Nikos Mavrogiannopoulos
33c45d73e0
doc update
2014-12-27 11:19:10 +02:00
Nikos Mavrogiannopoulos
071a8ae05f
Do print error when pam_authenticate or pam_acct_mgmt fail
2014-12-27 11:17:41 +02:00
Nikos Mavrogiannopoulos
496f563686
doc update
2014-12-27 11:11:06 +02:00
Nikos Mavrogiannopoulos
b38a1bb39a
override the default ipv6_prefix only if ipv6_prefix is set
2014-12-26 20:23:12 +02:00
Nikos Mavrogiannopoulos
80459cfbd5
the default strings will enforce PFS
2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos
6d331584c1
radius: optimize "parse" of route
2014-12-14 20:55:04 +01:00
Nikos Mavrogiannopoulos
4cf2797afc
radius: use Framed-Route and Framed-IPv6-Route
...
That is read and if format is the expected, they are forwarded to client.
2014-12-14 20:37:50 +01:00
Nikos Mavrogiannopoulos
3bbee0b069
more strlcpy() related changes
2014-12-14 20:12:08 +01:00
Nikos Mavrogiannopoulos
9fc8568107
ensure that stats are only updated if they increase
...
That is, transferred bytes will not decrease in an update
due to miscommunication between main and workers.
2014-12-14 20:00:33 +01:00
Nikos Mavrogiannopoulos
07e01d06b5
use strlcpy() instead of snprintf() where it make sense
...
That should reduce wasted cycles.
2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
853f7876cd
radius: increase the info sent during accounting requests
...
Based on suggestions by Niels Peen. That adds:
Calling-Station-Id in auth message, and Service-Type,
Framed-Protocol, Framed-IP-Address, Acct-Authentic,
NAS-Port-Type, Acct-Session-Time in acct messages.
2014-12-14 15:03:59 +01:00
Nikos Mavrogiannopoulos
113ae94f13
removed unused option
2014-12-14 14:06:03 +01:00
Nikos Mavrogiannopoulos
d5a975d5e6
removed redundant checks
2014-12-14 07:30:14 +01:00
Nikos Mavrogiannopoulos
64637b9f78
check for a suitable freeradius-client
2014-12-13 22:26:51 +01:00
Nikos Mavrogiannopoulos
640211d8ea
simplify radius usage
2014-12-13 22:23:44 +01:00
Nikos Mavrogiannopoulos
173301744c
updated radius documentation
2014-12-13 22:22:28 +01:00
Nikos Mavrogiannopoulos
a32c5db859
Added README.radius
2014-12-11 12:09:56 +01:00
Nikos Mavrogiannopoulos
b18eeb7d74
first set amod and then use it
...
That fixes a crash with PAM module on startup.
Reported by Ismail Donmez.
2014-12-11 11:58:23 +01:00
Nikos Mavrogiannopoulos
6989b6a0c4
do not utilize radius symbols if radius is disabled
...
Reported by Ismail Donmez
2014-12-11 05:37:16 +01:00
Nikos Mavrogiannopoulos
209937e7b1
bumped version
2014-12-11 05:27:42 +01:00
Nikos Mavrogiannopoulos
27cf16b5f9
doc update
2014-12-10 20:01:45 +01:00
Nikos Mavrogiannopoulos
816663fab1
Merge branch 'radius'
...
That merges all the changes needed for radius support.
2014-12-10 19:59:36 +01:00
Nikos Mavrogiannopoulos
3307793e34
test-unix: correct copy of file
2014-12-10 19:55:12 +01:00
Nikos Mavrogiannopoulos
1f2726feb7
bumped version
2014-12-10 19:33:22 +01:00
Nikos Mavrogiannopoulos
065753bd57
undid ed5b177691
...
It is not currently possible to reload only a part of the
configuration. If the back-end module changes, the server will
bail out instead.
2014-12-10 15:28:14 +01:00
Nikos Mavrogiannopoulos
c15a7befbb
sec-mod: always reply on open-session cmd
2014-12-10 15:10:25 +01:00
Nikos Mavrogiannopoulos
c8a2666fa7
avoid crash when no auth module is in use
2014-12-10 14:15:37 +01:00
Nikos Mavrogiannopoulos
0551338a7a
sec-mod: preparations for thread safety
2014-12-10 14:10:17 +01:00
Nikos Mavrogiannopoulos
54e6450807
sec-mod: separated request serving from main loop
2014-12-10 13:30:56 +01:00
