[RADIATOR-ANNOUNCE] Radiator Version 4.3 released

[Mike McCauley]

We are pleased to announce the release of Radiator version 4.3

This version contains some significant new modules, such as support for RSA
Authentication Manager 7.1 and a number of bug fixes.

As usual, the new version is available to current licensees from:
http://www.open.com.au/radiator/downloads/

and to current evaluators from:
http://www.open.com.au/radiator/demo-downloads

Licensees with expired access contracts can renew at:
http://www.open.com.au/renewal.html

An extract from the history file
http://www.open.com.au/radiator/history.html is below:

Revision 4.3 (2008-07-17) New modules and bug fixes 

Added new AuthBy RSAAM module that supports RSA Authentication Manager 7.1 and
later. Supports PAP, GTC, OTP, PEAP-GTC, TTLS-PAP etc. Supports all AM
authentication methods, including traditional SecurID tokens, static
passwords, OnDemand passwords delivered by SMS or email, security questions
etc. Runs on all platforms supported by Radiator. Requires SOAP::Lite and
prerequisites for SSL, including Crypt::SSLeay or
IO::Socket::SSL+Net::SSLeay. Sample configuration files included.

Added support for LocalAddress and LocalPort to AuthBy RADSEC. Suggested by
Jan Tomasek.

AuthBy RADSEC now does case-insensitive matches between the RadSec server
certificate DNS name and the target server Host name. Previously, matches were
case-sensitive. Suggested by Jan Tomasek.

Fixed a number of problems with handling integer64 type, especially when salt
encoded

Added support for Quote format to format_special, allowing SQL database
specific quoting to be used in any configurable parameter in any SQL based
module. The new format %{Quote:somestring} will be replaced by the string
quoted in the correct format for the SQL database in use. For example when
used with a mysql database, %{Quote:somestring} would be replaced by
'somestring'.

Added new AuthBy HANDLER module. This clause allows requests to be redirected
to a Handler based on the Handler's Identifier. Sample configuration file
authhandler.cfg included.

Fixed a problem where Radiator would crash if PidFile specified a non-existant
directory.

Added a number of HP VSAs to the dictionary. Also BATM-privilege-group Guests
was incorrectly given as 5 instead of 15. Adjusted typed of
WiMAX-Hotline-Indicator and WiMAX-Hotline-Profile-ID to string a per NWG docs.

Fixed a problem with Monitor and ServerDIAMETER clauses which could cause a
crash if the Clients parameter is specified and a request is received from an
address not named in that Clients parameter.

Added new Configurable function format_ctime that returns the local time
formatted to include microseconds if the object or SererConfig has
LogMicroseconds set. Used by Log FILE, Monitor, ServerConfig, ServerHTTP.

Added and corrected a number of Redback VSAs from data provided by Redback.

Fixed problems with dictionary tag-based encrypting of named integer
attributes such as RB-LI-Action and others. Required some restructuring of
unpackRadiusAttrs/decode_attrs and removal of encode_attrs. Reported by Ian
Forster.

Fixed a problem with encrypting long strings: the resulting encryption was
wrapped with added newlines. Reported by Dan Cachola.

Fixed a problem where DefineGlobalVar and DefineFormattedGlobalVar
configuration parameters were not saved correctly by the Server HTTP web
console.

Improvements to ability of Ldap connections with HoldServerConnection to
detect disconnection by the server or a firewall. Patch contributed by Bjoern
A. Zeeb.

Added new parameter PageNotFoundHook to Server HTTP. If a page is requested
but not found in the set of built-in pages PageNotFoundHook is called to try
to handle the request. PageNotFoundHook is passed the requested URI and a
reference to the ServerHTTP connection. If it can handle the request, it
returns an array of ($httpcode, $content, @headers). Requested by Marijke
Vandecappelle.

Moved the location of PreClientHook call to the very beginning of the Client
handle_request, so that decoded and decrypted attributes are available to
PreClientHooks. Now, PreClientHook will _not_ be called if there is no
matching Client clause. Also, within PreClientHook, the $->{Client} member
will now be set to the Client clause handling the request, which may be
helpful in some PreClientHooks.

Improved compatibility with some EAP-TTLS clients that previously would have
required EAPTTLS_NoAckRequired. Reported by Ian Forster.

TLS/TTLS/PEAP/RadSec and other SSL users will now use any built-in OpenSSL
crypto engines provided the installed Net::SSLeay supports
ENGINE_load_builtin_engines and Net::SSLeay::ENGINE_register_all_complete (ie
1.33_01 and later). 'pkcs11' will be set as the default engine provided it
exists.

Compatibility with new OSC-IMC TNC collector in latest version of
libtnc. Format of OS_DETAIL message and other changed.

Improved behaviour of TTLS in the unlikely case that openssl resumes the wrong
session. Suggested by Belmont Cheung.

Improvements to AuthBy SAFEWORD. The new parameter GroupReply maps SafeWord
ActionData group names into sets of reply items. Added examples to sample
config file. Suggested by Johan Frid.

Fixed a problem where a Monitor port that was not correctly closed would not
destroy the Monitor, permitting messages to continue to be buffered and
causing memory exhaustion. Reported by Thomas Schlottke.

Backed out changes to RADIUS socket opening introduced in 4.2: RADIUS socket
was opened with SO_REUSEADDR, to prevent socket reopening issues on FreeBSD,
but this results in always being able to bind to an existing socket on some
platforms. Reported by Steve Rogers.

Added support for Client CIDR address specifications. Can now have <Client
203.63.154.0/24>. Also mermits CIDR specifications and MAC: addresses in the
IdenticalClients parameter.

Added a number of Nortel and Juniper VSAs to dictionary. Contributed by Ronald
van der Pol.

Fixed a problem where runt EAP-Messages could cause a confusing but useless
Access-Accept. Reported by Tom Rixom.

Added OSC-Provider-Identifier and OSC-Environment-Identifier to dictionary.

AuthBy RADMIN now supports AuthSelectParam for improved performance and alsop
supports bind variables for UserAttrQuery and ServiceAttrQuery. Altered sample
config to show how to use it.

Changed the name of Expiration attribute (21) to Ascend-PW-Expiration to
prevent collisions with the Expiration check item. Also changed the type to
string to be compatible with other RADIUS servers.

Fixed a problem with incorrect results for %u and %w and %W if a global
RewriteUsername was used.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco etc 
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.