Skip to content

release_3_0_6
Compare
Choose a tag to compare
@arr2036 arr2036 released this 17 Dec 23:02
· 35173 commits to master since this release
release_3_0_6
add9d95

Feature improvements

  • radmin / raddebug conditional errors are printed
    to the output, instead of being discarded.
  • raddebug will exit if condition set with -c was invalid.
  • radmin auto-reconnects if the connection to the server
    has gone away.
  • rlm_cache now has submodule support. See
    raddb/mods-available/cache
  • New memcached driver for rlm_cache. See
    raddb/mods-available/cache
  • Add support for &Attribute-Name[*] in conditions.
    See "man unlang" for details.
  • Add &Attribute-Name[n] which gets the last instance
    of an attribute e.g. Module-Failure-Message[n].
  • Allow for redundant string expansions. See the
    "instantiate" section of radiusd.conf.
  • When checking IP addresses in conditions, make the
    right side be parsed as an IP prefix.
  • Support JIT compilation of compiled regular expressions
    when built with libpcre.
  • Support named capture groups with "%{regex:}"
    when built with libpcre.
  • Increase regular expression capture groups from 8 to 32.
  • Emit error markers for badly formed regular expressions.
  • Allow 'm' flag to enable multiline mode in regular
    expressions.
  • Support limited implicit attribute conversion in update
    sections.
  • Support casting between IPv6 and IPv4 where the IPv6
    address has the v4/v6 mapping prefix (::ffff:).

Bug fixes

  • PEAP works again. As does proxying EAP-MSCHAPv2
    from inside of a PEAP tunnel.
  • "group" is allowed inside of "instantiate" sections.
  • update disconnect {} with
    disconnect:Packet-Dst-IP-Address now works correctly.
  • Regular expression comparisons of non string attributes
    are now disallowed in the files module. Previously
    they would silently fail or produce undefined behaviour.
  • Fix parsing of old regular expressions. Closes #842
  • Fix off by one error in ascend filters. Closes #843.
  • Handle NT-Hash in rlm_pap. This allows passwords to
    have backslashes in them.
  • Fix infinite loop on "Fall-Through = yes" when
    processing SQL groups.
  • Correct the check of SQL query return code.
  • Run "Post-Auth-Type Reject" if the request was rejected
    in post-auth
  • Write "Login OK" only if the post-auth section passed.
  • Create TLS-Cert-* certificates, even when EAP session
    caching is disabled.
  • Finalize the "correct_escapes" with many more tests.
  • Move to the new OpenLDAP libldap API, fixes more issues
    with binary values.
  • Fix potential memory corruption in rlm_ldap if start
    connections were set to 0, and the server was running
    in threaded mode. The fix is a workaround for an issue
    in libldap and was suggested by Howard Chu.
  • Give parse errors on "%{...", without the closing brace.
  • Allow spaces in certificate passwords for build rules
    in raddb/certs//
  • Make all regular expression evaluation binary safe.
    Where that's not possible, emit an error if the pattern
    or subject contains an embedded null byte.
  • Fix various issues around masking IPv6 addresses.
Assets 2
Loading