BSDRadius

BSDRadius 0.6.0 changelog

New features:

• RADIUS client is implemented and available togeather with BSDRadius.
  You can find it in tools directory (usually: /usr/local/share/bsdradius/tools/bsdradclient.py). There is also sample configuration file for RADIUS client: bsdradclient.conf. Configuration file contains parameters which will be sent to RADIUS server.
• There is new configuration paramter - "fast_accounting" - in SERVER section of main configuration file
  Now it is possible to switch on and off sending accounting accept message before actually processing it. This feature may dramatically speed up accounting message processing and avoid logging duplicate accounting requests. But it also increases the risk that you could lose accounting data if there's not enough place for logging request data on hard disk. The same could happen if BSDRadius is not allowed (due to filesystem permissions) to write the accounting message log file.
• It is possible to configure behavior of dump_packet server module.
  You can enable/disable logging of failed and unhandled authorization and accounting packets. Take a look at new configuration file: dump_packet.conf Usually it is located in /usr/local/etc/bsdradius directory. To log all received accounting or authorization packets add "dump_packet" to contents of "modules" parameter in AUTHORIZATION and/or ACCOUNTING sections in main configuration file.
• Added makeDigestAttributes() method to DigestAuth class in DigestAuth.py.
  This method takes locally stored digest attributes and prepares them for sending to RADIUS server. It is very useful for building digest aware RADIUS clients.
• Added RadClient class as abstraction layer to RADIUS server client.
  You can use this class for even more comfortable building of RADIUS server clients.

Bugfixes:

• DatabaseConnection class is almost completely thread safe.
  There are only two methods which are nearly impossible to be thread safe: getAffectedRowCount and getLastInsertId. These methods operate with results of previous query. It is impossible to to use internal locks here. Use your own locks around statements which use these methods.
• BSDRadius now checks if connection to database is still up when refreshing radius client data.
• Fixed small bug in mod_preprocess server module.
  It used to split all values which contain "=" symbols. Since "=" may appear in crypted attributes, checksums and other stuff there is list of attributes which will be skipped while fixing VSA's. Currently this list contains Request-Authenticator and User-Password.
• Mod_preprocess server module now uses %r instead of %s for printing attribute names and values. It is neccessary to avoid screwing terminal when printing some weird symbols from crypted attributes.
• Since psycodb acts weird when calling built-in method commit() we are forced to execute "COMMIT" query directly on server.
• Merged some changes from wiggy's (www.wiggy.net) pyrad 0.9
    - Fix wrong variable name in exception raised when encountering an overly long packet.
  http://code.wiggy.net/tracker/pyrad/ticket/4
    - Packet.CreateAuthenticator is now a static method.
  http://code.wiggy.net/tracker/pyrad/ticket/8
  
• Dump_packet server module now raises exception if it can not write to the file.

Other changes:

• DatabaseConnection has survived small refactoring. Now it is safer to reconnect when database connection dies.
• BsdRadiusServer.py also has been refactored a little. There's new class - BaseThread - which contains methods and attributes common to derived server thread classes: WorkingThread and ListenThread.
• Moved parseDatetime() from mod_sql.py to misc.py because others also may wish to use it.
• Renamed "config" to "radParsedConfig" in context of user and server modules.

Permalink

Content is © 2006, 2007, DATA TECH LABS
Design is © 2006, 2007, OSWD and DarkCenter