(RADIATOR) Radiator 3.0 released
Mike McCauley
mikem at open.com.au
Mon Mar 25 21:45:53 CST 2002
We are pleased to announce the release of Radiator version 3.0
Version 3.0 contains many signicant architectural and performance features,
support for our new Radar real-time monitoring and graphing package,
new statistics logging and gathering modules and many other new features.
As usual, the new version is available free of charge to current
licensees from
http://www.open.com.au/radiator/downloads/Radiator-3.0.tgz
and
http://www.open.com.au/radiator/downloads/Radiator-3.0-1.noarch.rpm
and to current evaluators from
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-3.0.tgz
and
http://www.open.com.au/radiator/downloads/Radiator-Demo-3.0-1.noarch.rpm
An extract from the history file is attached
-----------------------------
Revision 3.0 (25/3/02) Significant architectural changes, new
features, Radar 1.0 compatibility
Significant architectural changes to support remote monitoring,
introspection, remote debugging, remote tracing, local and remote
stats gathering, improve performance, simplify some code, remove
duplicated code etc.
Any clause may now have any number of private <Log xxx> clauses, which
will be used to log errors and messages originating from within that
clause before being logged by any global loggers. Can also use 'Log
identifier' to refer to an already existing <Log xxxx> clause from
within any other clause.
Improved and expanded statistics gathering mechanisms. Many more
statistics are collected, including average response time for the
server as a whole and for each Client, Realm, Handler, AuthBy and
Host.
Added new statistics logging clauses that will log various server and
'per-clause' statistics with StatsLog FILE and StatsLog SQL.
Example configuration in goodies/statslog.cfg. Example tables for
StatsLog SQL in goodies/*.sql.
New Monitor class permits an (authenticated) TCP connection to the
server allowing telnet and specialised clients to inspect, alter, and
collect statistics and tracing etc.
Improved support for tagged tunnel attributes. Can now have things
like: Tunnel-Type=1:L2F and Tunnel-Password=2:1234. Tagged attribues
that dont use the n:value syntax default to a tag of 0.
New module AuthBy POP3 allows authentication from a POP3 server,
includes APOP support. PAP only.
On Unix, you can now control the effective user ID and group ID that
the server runs as with the new User and Group parameters.
New type of special formatting character %{Eval:expression} is
replaced by the value of the perl expression.
Merges latest Livingston attributes into dictionary, and converted
latest Ascend dictionary to dictionary.ascend2
New type for AcctColumnDef in AuthBy SQL. inet_aton formats a dotted
quad IP address as an unsigned 32 bit integer. Contributed by Benoit
Grange (b.grange at libertysurf.fr) and Jerome Fleury
(jerome.fleury at freesbee.net). Thanks.
Client, Realm, Handler, and AuthBy clauses now all support a
PacketTrace parameter that can turn up the trace level for packets
passing 'through' that clause.
Added discussion of how to use "daemontools"
(http://cr.yp.to/daemontools.html) with Radiator to
goodies/highavail.txt. Contributed by
"Mariano Absatz" (radiator at lists.com.ar).
Additional features in AuthSQLRADUS.pm, permits customisation of the
columns returned from HostSelect, including per-host
RewriteUsername. Contributed by Steve Roderick . Thanks Steve.
In AuthLog SQL SuccessQuery and FailureQuery did not quote the reason
string. %1 is now quoted and escaped. Caution: Existing users of
AuthLogSQL will need to remove any quotes from around %1.
Added KarlNet VSA'a to dictionary.
Parameter values in configuration file now permit escaped octal characters.
Testing with DBD::CSV. OK with octal character patch described
above. Added goodies/dbd-csv.txt discussion of how to configure
Radiator to use a DBD::CSV database.
Added documentation for Handler HandleAscendAccessEventRequest.
Fixed a problem with handlerResult not handling
HandleAscendAccessEventRequest correctly.
Select::remove_file now takes extra args to indicate whether its read,
write or exception callbacks to remove.
Performance improvements in Select::select.
Sample profiling code in ddprof.pm, contributed by Damir Dzeko
. Thanks Damir. In SessSQL sub delete, $session_id and
$framed_ip_address were not passed to format_special. Found and fixed
by Damir Dzeko . Thanks Damir.
radiusd in daemon mode now no longer attempts to detach from the
controlling terminal: not portably supported on most platforms.
New global parameter ForkClosesFDs makes radiusd close file
descriptors 3 to 20 inclusive in the child after a Fork. This fixes a
problem with some versions of Oracle where the connection to the
database would be lost after a Fork with the message ORA-03113:
end-of-file on communication channel (DBD ERROR: OCIStmtExecute).
Error message for 'Unknown keyword ....' was incorrect. Found and
fixed by Stephen Frede (Stephen.Frede at optus.com.au). Thanks Stephen.
Fixed CPU hog problem when proxying with AuthBy RADIUS, with
Synchronous and there was a network error. Found and fixed by Damir
Dzeko . Thanks Damir.
In AddressAllocator SQL, a new Step parameter for AddressPool allows
the step size between consecutive addresses to be controlled,
permitting the allocation of subnets as well as host
addresses. Suggested by "Jes?ús M D?íaz" (jesus.diaz at ono-sp.com).
Added long discussion about how Cisco VOIP and accounting works with
examples, contributed by Simon Hackett to goodies/voip.txt
Calling convention for the constructor for a number of classes changed
to come into line with all other constructors. Affects Log::addModule,
ClientListSQL, Client, Handler, LogGeneric, Realm etc. AuthBy* is
unaffected.
Removed many redundant 'new' constructors.
Rationalised many 'sub object' config handlers. Uniform argument
standards, streamlined code etc.
Simplified and streamlined package initialisation in all packages for
load-time performance improvement.
All loggers can now receive logs of packet dumps, independent of the
the global logging level.
As previously indicated, UseHint as an alias for UseAddressHint and
Dynamic as an alias for DynamicReply in AuthGeneric are now now longer
supported.
Most classes now have all their configurable keywords defined in a
ConfigKeywords hash. You can stil override sub keyword if you need
specialised keyword handling. Simplifies and speeds up object
initialisation. Legacy classes that still use the sub keyword
interface are unaffected.
Fixed a problem with the NoBindBeforeOp parameter. Test was round the
wrong way. Found by Christophe Wolfhugel
(wolf at oleane.net). Thanks Christophe.
In AuthBy ADSI, GroupBindString and GroupUserBindString did not have
access to special characters from the current packet.
AcceptIfMissing is now a generic AuthBy parameter, available in most
AuthBy clauses.
Added documentation for IgnoreErrors in AuthBy PORTLIMITCHECK.
In AuthBy DYNADDRESS, the parameter Allocator has been renamed
AddressAllocator for consistency. Allocator is still supported, but
support will be removed in the future.
When searching for a Handler to use, Realms are not now
re-considered. Realms are only considered one. Previously they were
re-considered when the Handlers were considered. This meakes it easier
and faster to mix Realms and Handlers. No changes should be required
to configuration files.
Rationalised away many sub object and sub keyword functions, removing
much duplicated and similar code.
Configurable now automatically tries to load an object for any
subclause found in a clause: you can now invent and create your own
clause types and packages without changing a single line of standard
code.
The current reply packet is now always available as $p->{rp}.
All internal APIs changed so that $rp is not passed as an
argument. External APIs such as handle_request are unchanged.
format_special now does not need $rp passed to it: its deduced from
$p->{rp}.
Significant performance improvements in format_special for special
character formatting.
CAUTION: APIs for Handler::handlerResult and Client::replyTo changed.
DefineGlobalVar and DefineFormattedGlobalVar can now have embedded
spaces. Contributed by r.c.w.besseling at kpn.com. Thanks Ruud.
Fixed a problem when proxying requests that already contain an
Acct-Delay-Time: the delay time in the proxied request now takes into
account the delay time in the originally received request. Found and
fixed by Nuno Nunes (nfn at isp.novis.pt). Thanks Nuno.
Fixed a problem with 0 source mask and dest mask in Ascend binary
filters. Found and fixed by Inglesant Philip
(Philip.Inglesant at netscalibur.co.uk). Thanks Philip.
Workaround for broken Breezecom VSA's, where the VSA length is
incorrectly set by Breezecom to 2, irrespective of the actual length.
Also added some generic names for Breezecom VSAs to dictionary.
AuthBy RADMIN now has configurable queries IncrementBadloginsQuery and
ClearBadloginsQuery.
Fixed some problems with secure mode in radacct.cgi, reported by
various people.
If SocketQueueLength was set, the socket length was set for both auth
and accounting sockets, even if only one was created. Reported by
hill at world.evansville.net. Thanks Jamie.
Added Colubris-AVPAIR VSA to dictionary. Sent by "Tito Macapinlac"
(titom at aebc.com). Thanks Tito.
radpwtst now takes an optional trace level to the -trace flag. If you
just use -trace, you get effectively trace level 4. -trace 5 gets hex
packet dumps of incoming and outgoing packets.
Can now have DefaultReply, FramedGroup, StripFromReply, AllowInReply,
AddToReply, AddToReplyIfNotExist and DynamicReply parameters for
Client, Realm and Handler, as well as AuthBy. Also optionally
supported by ClientListSQL.
AuthLog FILE now creates the path to the log file if necessary.
RPM package now includes all dictionaries in the doc area.
Improved error reporting in SNMP module.
NAS support has been separated out into a module per NAS-type, in
Radius/Nas/*.pm. This makes it easier to add suport for new NAS types
and to submit new NAS type modules for distribution. get_port moved
from Radius to Util for consistency.
AuthBy GROUP now honours DefaultSimultaneousUse.
AuthBy LDAP2 now supports Version and Deref parameters. Suggested by
Eli Tovbeyn (eli at xpert.com). Thanks Eli.
Changes to Radiator.spec so that RPM files will be compatible with
SuSE Linux and similar. Suggested by Alfredo Sola
(alfredo at intelideas.com) Thanks Alfredo.
Changed the order of replacement of special characters in
format_special. Previously, %0, %1 etc were replaced first, but this
would cause problems of any of the replaced values had % special chars
in them. %0, %1 etc are now done after the spoecial chars, but before
GlobalVar etc. Reported by David Miller
(dmiller at newportnet.com). Thanks David.
Fixed a bug in AuthBy RODOPI that prevented AcctSQLStatement being
changed.
AuthBy RADMIN now permits a validfrom time of 0 to mean the beginning
of time, and a validto time of 0 to mean the end of time.
In AuthBy DYNADDRESS, if the PoolHint resolves to an empty string, no
address will be allocated. This way you can let the NAS allocate
addresses for some users.
AuthBy RODOPI now quotes usernames, protecting it from problems where
a username is the same as an SQL keyword. Reported by
"Hector Lopez" (hlopez at caribe.net)
In AuthBy NISPLUS, the Query now has the username being authenticated
available as %0. %n will be phased out in a future revision.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list