Skip to content

release_3_0_5
Compare
Choose a tag to compare
@arr2036 arr2036 released this 17 Dec 23:01
· 35173 commits to master since this release
release_3_0_5
8bc2d13

Feature improvements

  • Large update to Huawei dictionary.
  • Added dictionary.rfc7155
  • Regular expressions like /%{User-Name}/ are now parsed
    and validated when the server starts.
  • All configuration items which are dynamically expanded
    are now parsed and validated when the server starts.
  • %{expr:...} expressions can now do bit shifting and more.
    See raddb/mods-available/expr.
  • The detail file reader can now track packets which have
    had replies, so they are never re-transmitted. See
    raddb/sites-available/buffered-sql, the "track" config item.
  • CoA and Disconnect packets can now be sent to a specific
    home server by setting control:Packet-Dst-IP-Address and
    (optionally) control:Packet-Dst-Port.
  • Allow CoA and Disconnect packets to be read from the
    detail file.
  • Allow LDAP to specify arbitrary attributes for dynamic
    clients.
  • Convert all unused attributes in the control: list to config
    pairs in dynamic clients. This allows arbitrary client
    attributes to be set for dynamic clients too.
  • rlm_couchbase now supports bulk loading of clients on startup
    in a similar way to rlm_ldap. Contributed by Aaron Hurt.
  • Allow one level of backslashes (finally). See radiusd.conf,
    "correct_escapes" setting.
  • Rename dictionary.redback to dictionary.ericsson.ab
  • Add --disable-openssl-version-check option to configure.
    So vendors can disable the check. Patch from
    Nikolai Kondrashov.
  • Do context-specific indenting in debug messages. This makes
    the debug output easier to read.
  • Make configuration a separate RPM, just like for Debian.
  • better decoding of unknown VSAs
  • When supported by OpenSSL, allow TLS 1.1 and TLS 1.2
    in EAP methods.
  • Allow multiple new connections to be spawned simultaneously
    in the connection pool, to cope with spikes in traffic.
  • Document retry_delay in connection pools.
  • Allow checksimul in rlm_couchbase.
  • Use kqueue on systems which support it. This allows for
    better scaling when using many sockets.

Bug Fixes

  • Parse list qualifiers in generic LDAP 'valuepair_attribute'
    attributes correctly.
  • Fix issue where prefix length would be ignored for dynamic
    or static clients if the address matched INADDR_ANY
    (0.0.0.0).
  • Allow null user object filter in rlm_ldap, it's valid to
    specify a complete object DN and use the base scope.
  • Don't SEGV if a received attribute value in a JSON structure
    is null, or a value can't be stringified.
  • Don't assert if the server returns a JSON content-type and
    the server hasn't been built with support for JSON.
    Closes #808.
  • Set CURLOPT_NOSIGNAL to prevent curl from handling signals
    and causing a longjmp error when the server was running with
    threads.
  • Allow tabs after attribute names in the "users" file.
    Closes #796.
  • Free unknown DICT_ATTRs. Closes #795
  • Handle unknown attributes in the conditions and "update"
    sections. e.g. Attr-1.2.3.4 = foo.
  • Use correct array size for MS-CHAP new password.
  • In rlm_rest, check for older versions of libraries at start
    time, rather than when a packet comes in.
  • Don't call detach on parse error in rlm_perl. Closes #802.
  • Integer fixes for big-endian systems. Closes #803.
  • Don't optimize %{Packet-Src-IP-Address}. Closes #804.
  • dhcpclient loads dictionaries correclty. Closes #805.
  • double quotes are no longer escaped in single-quoted
    strings. e.g. 'foo "hello" bar'.
  • Fixes for proxying to virtual servers broke the detail file
    reader. Now they both work.
  • Typos and fixes from Nikolai Kondrashov.
  • Fixes to OpenSSL version checks, for cross-platform issues.
  • cppcheck fixes from Herwin Weststrate.
  • Fix build for OSX Yosemite
  • Merge DHCP sub-options. Closes #812.
  • Fix decoding of Starent attributes.
  • When a module asks for a connection, don't return idle
    connections.
  • LDAP connection timeouts will now retry, instead of failing.
  • Prevent race conditions between fork and wait for child.
    Patch from James Rouzier.
  • Fix triggers for connection pools. Patches from
    Nikolai Kondrashov.
  • Fix SEGV when comparing non string type check items.
  • Build with newer versions of libmysqlclient.
  • make the %{escape:} and %{unescape:} xlat functions UTF8
    safe.
  • Don't escape UTF8 chars in SQL query strings.
  • Fix issue in cached LDAP group comparisons, which caused
    checks to sometimes fail.
  • Fix use after free issue in unlang switch evaluation.
  • Respect operators in rlm_cache when merging into the current
    request.
  • Update Cache-Entry-Hits each time rlm_cache is called.
  • Produce WARN messages if SQL queries are empty strings.
  • Fix invalid assertion when proxying CoA requests.
  • Allow empty strings in "case" statements. Closes #836.
  • Normalize escaping for string expansions. i.e. don't do
    double escaping in rare situations.
  • Normalize LDAP escaping. LDAP servers have multiple ways
    to escape things, so the data has to be normalized before
    we can compare two LDAP DNs.
  • Don't go to high debug level if we're proxying inner EAP
    as EAP. Closes #839.
  • Fix rlm_rest state handling. Closes #835.
Assets 2
Loading