Skip to content

release_3_0_7
Compare
Choose a tag to compare
@arr2036 arr2036 released this 19 Feb 17:27
· 35173 commits to master since this release
release_3_0_7
8282a15

Feature improvements

  • Allow coa home_servers to be derived from client
    sections if a coa_server section is provided.
  • Automatically determine the correct port if no port is
    provided for a home server.
  • Allow foreach to operate over lists.
  • Add compile time features to ${feature.*} and versions
    of core libraries to ${version.*}. Feature and version
    names match output of radiud -xv. %v is now deprecated.
  • Add support for PATCH method in rlm_rest.
  • Validate more module xlats on startup, and warn if an
    xlat expansion is found in a double quoted config item
    which will not be expanded.
  • Add support for sub-second timeouts in rlm_rest.
  • Add support for connection timeouts in rlm_rest.
  • Add %{jsonquote:<str>}xlat to escape strings for insertion
    into json documents.
  • Add %{ldapquote:<str>} xlat to escape strings for insertion
    into ldap DNs.
  • Add %{explode:&ref <char>}, splits value of &ref on
    <char> and creates new &ref type attributes with the
    fragments.
  • Allow rlm_ldap to use attribute references for base_dn and
    filter config items. The attribute references are not
    escaped, allowing DNs and filters to be created dynamically.
  • Add %{nexttime:[<int>]h|d|w|y} to calculate the number of
    seconds before the next <int>hour(s), day(s), week(s),
    or year(s).
  • Allow the left side of update sections to be xlat expansions.
    The result of the expansion is then used to reference the
    attribute to be modified.
  • Added %{lpad:&Attribute-Name 7 x} and rpad. These produce
    fixed-width output strings, with padding to the left (lpad)
    or the right (rpad).
  • For some SQL drivers (MySQL, sqlite) distinguish between
    constraints violations (on insert), invalid queries, and
    server errors, and return noop, invalid, and error respectively.
  • Call SHOW WARNINGS in the MySQL driver and write them to
    the request log, if libmysqlclient indicates warnings are
    available on the server.
  • Forbid the creation of Vendor-Specific for non-standard
    VSAs. Use Attr-26 = 0x... instead.
  • Make dhcpclient work with raw sockets and various other
    improvements - Contributed by nchaigne
  • Add support for SSHA2 - Contributed by PDD.
  • Add perle dictionary - Contributed by Hachmer
  • Modernise init scripts for RHEL, SUSE and Debian.
  • radmin now tracks the return code of commands, and exits
    with status "1" if any command failed to execute.
  • radmin now sends error messages from the server to
    stderr, instead of to stdout.
  • radmin now looks for sockets matching it's UID and GID,
    rather than just always using the first one it finds.
  • radmin can how delete clients which are tied to a listener.
  • Moved RADIUS attribute definitions to src/include/rfc*.h
  • Move to talloc pools for requests. For in-memory tests
    (default config, 'users' file), performance increases by 30%.
  • In rlm_ldap allow sasl_mech to be specified for admin and
    user binds. Only non-interactive mechs (like EXTERNAL)
    are currently supported.
  • Remove support for ephemeral RSA keys. They were "export only",
    and should not be used by anyone.
  • Syntax errors in the "users" file now produce better
    error messages.

Bug fixes

  • Fix issues parsing LDAP hostnames with non-standard ports.
  • Fix issues with realms containing regular expressions.
  • Allow unary negation before parantheses in rlm_expr.
  • Fix infinite loop in kevent event loop code. Issue only
    presented on FreeBSD.
  • Be more careful to define Auth-Types before loading modules.
  • Link libfreeradius-radius against OpenSSL too, to avoid
    multi-version symbols in SSL libraries.
  • When rlm_ldap rebinds a connection, it should use bind
    credentials from the module that created the connection
    pool, not credentials from the module referencing it.
  • Empty server config pairs should be allowed in rlm_ldap
    instances that reference another module's connection pool.
  • Mark rlm_always as huppable, so its rcode can be changed
    via radmin (allows policy toggles).
  • Emit warnings when ignoring user configured pool values.
  • Fix issue that would cause radclient to complain
    intermittently about differing numbers of filters and
    requests.
  • Fix cosmetic issues in connection pool logging, that made
    it appear as if the same connection was being opened
    multiple times.
  • Fix threadsafety issues in SQL drivers, where a static
    buffer was used to store error messages.
  • Log RERROR, RWARN, RINFO to the global log if request
    logging is not enabled.
  • Link to libldap instead of libldap_r. libldap_r
    is not supported for use by projects outside of OpenLDAP.
  • Set connection timeout correctly in rlm_sql_mysql.
  • Build with older versions of libcurl, and use CFLAGS from
    curl-config.
  • Honour Packet-Src-Port and Packet-Src-IP-address in radclient.
  • Initialise ldapai_info_version field, so libldap will report
    its vendor and version.
  • Fix log rotation scripts by using the copyrotate option.
  • Fix issue that caused opening control sockets to always
    fail on non-Linux systems, if a user or group was set.
  • Save Session-State after proxying.
  • Additional fixes for reading CoA/DM requests from detail
    files.
  • Create dynamic clients if the dynamic clients virtual server
    returns ok or updated. Emit useful messages for other codes.
  • Compile bare "authorize" statements, and issue errors saying
    using them isn't a good idea.
Assets 2
Loading