radiusd-cistron (1.6.4) cistron; urgency=low

  * Added '-w' switch to turn off radwtmp logging
  * If -a arg ends in '/', don't use accounting subdirs, just one detail file
  * Extra keywords for realms: noauth noacct
  * Add support for DEFAULT entry in naslist file.
  * Updated README and README.simul
  * Added '-C' switch that just checks the configuration
  * Added '-D' switch that turns off DNS queries
  * Fixed several memory leaks esp. in the proxy code (bryanm@peanuts.is.co.za)
  * Fixed a double free() exposed by above fix.
  * If we're proxying to a realm, add the 'Realm' attribute to the
    request, with the value of the realm.
  * Up max. attribute length to 253, as per the RFC
  * Fix vendor-specific print routine in attrprint.c to work when
    one attribute contains multiple VSAs.
  * Increase the buffer size of the log function, so that the
    Exec-Program-Wait logging doesn't cause the child process to silently
    die.
  * Fix check for expired account in shadow file ( >0 --> >=0 )
  * Alan updated README.proxy, Miquel added some more text
  * Added 'trusted' option for the realms file
  * Cleaned up unix_pass(), added sp_lstchg/sp_max logic for Solaris

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Wed, 30 Aug 2000 12:10:49 +0200

radiusd-cistron (1.6.3) cistron; urgency=low

  * When storing the last 8 bytes of session ID in radutmp, ignore
    the trailing \0 that Ascend likes to add (Antonio Dias)
  * Fix port ranges so that they actually work (reported by Silvester Erdeg)
  * Alignment fixes in output of radwho (esp. for portnumbers > 999)
  * HPUX fixes
  * "make install" now also populates /etc/raddb
  * AIX fixes: Makefile.aix, and a few minor tweaks. (Ewan Leith)
  * debug output now prints IP addresses in dot notation instead of hex
  * Added radtest to install target
  * BSDi fixes: Makefile.BSDi Brandon Lee Poyner <poyner@staff.necanet.net>
  * When NOT moving duplicate attributes into the reply, say so, when in
    debugging mode. (-xx)
  * More sanity checking and error messages when parsing the 'users' file.
	
 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sun,  2 Apr 2000 17:50:23 +0200

radiusd-cistron (1.6.2) cistron; urgency=low

  * Fixed "nostrip" option in realms file (Blaz Zupan)
  * Fixed /RADIUSD/ANY/SHELL compare in auth.c
  * Write "reject" to radius.log in auth.c if login incorrect due
    to Auth-Type = Reject (Brandon Lee Poyner)
  * Fixed bug in proxy.c which would leak memory if the end server
    never replied to the accounting request.
    (Timo Kokkonen <tjko@cc.jyu.fi>)

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fir, 21 Jan 2000 10:34:14 +0100

radiusd-cistron (1.6.1) cistron; urgency=high

  * Fix all strcpy(), strcat(), sprintf() and sccanf() calls
    for buffer overflows.
  * Built in compatibility mode for 1.5.4.3 dictionaries
  * If /etc/shells support is compiled in, putting /RADIUSD/ANY/SHELL in
    /etc/shells disables shell checking (like /SENDMAIL/ANY/SHELL).
  * Updated doc/README, added paragraph about FreeRadius
  * Updated sanity check:
    - print correct filename
    - do not complain about VSAs
  * Updated version.c ;)
  * initialize pair->strvalue whenever possible
  * initialize username[0] in files.c, paircmp(), and only copy data into
    it when we're *sure* the attribute is a User-Name.
  * more entries in dictionary.usr, from
    Brandon Lee Poyner <poyner@staff.necanet.net>
  * corrected more logging of NAS name/info in auth.c (Brandon)
  * Added "hints" option for the realms file
  * Changed the presufcmp() function to only work on the left side
    (actual username) part of a username@realm request.
  * Updated username-length comment in sample users file
  * Updated options comment in sample realms file
  * Updated TODO/todo, deleted some old files in TODO/

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue, 19 Oct 1999 23:09:57 +0200

radiusd-cistron (1.6.0) cistron; urgency=low

  * fixed proxying code.  Accounting packets now handle Proxy-State
  * added configuration for /etc/shells support.
  * allowed operator support for huntgroups
  * moved dictionary items around to allow complaints about check
    items in the reply-item list.
	
 -- Alan DeKok <aland@ox.org>  Wed Sep  8 09:50:07 EDT 1999

radiusd-cistron (1.5.4.3) cistron; urgency=low

  * fixed getopt()
  * new functions in checkrad
  * versanet dictionary
  * Release version.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sun, 25 Jul 1999 12:16:05 +0200

radiusd-cistron (1.5.4.3-beta18) experimental; urgency=low

  * Fix the always stripping of realms
  * Add port number to radius.log
  * Add phone number to radius.log when logging failed logins
  * Add -i option (bind to IP address)
  * Change return value for 'other' in checkrad.pl to '1'
  * Add password-file caching patch from Jeff Carneal <jeff@apex.net>
  * Fix broken auth_type_fixup - Bryan Mawhinney <bryanm@is.co.za>

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 14 May 1999 16:08:56 +0200

radiusd-cistron (1.5.4.3-beta17) experimental; urgency=low

  * Added NULL realm based on an idea by
    Bastiaan Bakker <Bastiaan.Bakker@lifeline.nl>
  * Changes for proxying:
    - detect duplicate requests, resend it with the same ID and vector
      to the remote radius server
    - Change proxy-state A/V pair to a 4-byte string without embedded
      zeros in it, so as not to confuse broken radius servers.
  * Add casting to (off_t) to lseek offset arg in radzap
  * Add checking of pw->expire for FreeBSD
  * Add radutmp location caching: Bryan Mawhinney <bryanm@is.co.za>
  * Now handles multiple attributes in one Vendor-Specific attribute

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue, 27 Apr 1999 14:51:08 +0200

radiusd-cistron (1.5.4.3-beta16) experimental; urgency=low

  * Added SPECIALIX_JETSTREAM_HACK to work around a bug in
    Specialix Jetstream 8500 24 port firmware.
  * Added Alan DeKok's cistron-beta15-operator.patch as found on
    ftp://ftp.striker.ottawa.on.ca/pub/radius/
  * Added Login-Time check value, see doc/README
  * Rewrote checkrad.pl:
    - subroutines to read naspasswd and check Net::Telnet
    - add possibility to use SNMP_Session perl module instead of snmpget

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 26 Mar 1999 15:31:57 +0100

radiusd-cistron (1.5.4.3-beta15) experimental; urgency=low

  * Added a DEFAULT realm to /etc/raddb/realms (no idea if this is useful..)
  * Added LOCAL proxyserver (means none) to /etc/raddb/realms
  * Added "nostrip" option to /etc/raddb/realms
  * Changed "-p" option to "-S"; "-p <port>" now allows you to specify
    the port(s) radiusd listens on.
  * Fix auth.c:rad_check_password(). auth_item must be present.
  * Fixed radwho - secured popen(). This could be a BIG SECURITY HOLE
    when you run radwho as your finger daemon - esp. if it runs as root!!!

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Thu, 21 Jan 1999 17:58:06 +0100

radiusd-cistron (1.5.4.3-beta14) experimental; urgency=low

  * Fix buffer size in proxy.c from 0104 to 1024 :)
  * On lines with a Password = "bla" line without Auth-Type, add
    Auth-Type = Local implicitly while parsing the users file
  * Fix CHAP for both local authentication and proxying (I hope..)
  * Now Exec-Program-Wait tries to parse output of the program as
    A/V pairs. Those are added to the reply. Mostly based on the
    patch from "The light in the dark" <sijaiko@netplus.bg>

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat, 19 Dec 1998 17:45:15 +0100

radiusd-cistron (1.5.4.3-beta12) experimental; urgency=low

  * Don't store radutmp/radwtmp info for admin logins, or
    for leased lines going up/down
  * Integrated latest version of checkrad from www.mdi.ca
  * Instead of storing only the first part of acct-session-id in radutmp,
    store the last part since that is more specific.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat, 28 Nov 1998 17:07:31 +0100

radiusd-cistron (1.5.4.3-beta11) experimental; urgency=low

  * Fix crash in proxy_cleanup()
  * Some more SIGCHLD fixes.
  * Fix $(PAM) in Make.inc for files.c

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue, 17 Nov 1998 12:09:46 +0100

radiusd-cistron (1.5.4.3-beta10) experimental; urgency=low

  * Fixed some compilation warnings that showed up on certain platforms
  * Removed rogue USR debugging message
  * Hopefully fixed passwd problem with Ascend and proxy
  * Fixed problems with bogus trailing attributes when receiving
    vendor-specific attributes.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue, 10 Nov 1998 00:04:33 +0100

radiusd-cistron (1.5.4.3-beta9) experimental; urgency=low

  * The USR Vendor-Specific stuff should actually work now
  * USR dictionary included

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat,  7 Nov 1998 16:30:55 +0100

radiusd-cistron (1.5.4.3-beta8) experimental; urgency=low

  * Fix for Solaris 2.5.1 and signal() in SIGCHLD handler.
  * Fix "suppress trailing zero" code in attrprint.c
  * Fixed vendor-specific attributes which I broke in beta7
  * Fixed radwtmp code which I broke in beta6

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri,  6 Nov 1998 19:29:47 +0100

radiusd-cistron (1.5.4.3-beta7) experimental; urgency=low

  * Make sure that send_buffer and recv_buffer are properly aligned
    by declaring them as an array of ints. Needed for Solaris/Sparc.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue,  3 Nov 1998 16:22:00 +0100

radiusd-cistron (1.5.4.3-beta6) experimental; urgency=low

  * Hack in support for accounting "alive" packets.
  * Support for USR vendor specific attributes.
  * Moved ASCEND_PORT_HACK so that it doesn't change the port number
    internally for Authentication packets.
  * Removed some "no username" complaints as this can happen with
    initial Start record (usually an "Alive" packet update comes later)
  * Add $(PAM) to auth.o rule in Make.inc
  * Added Redhat stuff from Mauricio Andrade <mandrade@mma.com.br>

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue,  3 Nov 1998 15:55:40 +0100

radiusd-cistron (1.5.4.3-beta5) experimental; urgency=low

  * Add $(LIBS) to radzap link stage
  * In attrprint.c, suppress the printing of the trailing zero Ascend
    gear likes to send (noted by Kris Hunt <suid@chilli.net.au>)
  * In checkrad.pl:livingston_snmp() make snmpget output matching regexps
    more general to work with more versions of snmpget
  * Fix for usrhyper from "James R. Pooton" <james@digisys.net>

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat, 17 Oct 1998 17:42:48 +0200

radiusd-cistron (1.5.4.3-beta4) experimental; urgency=low

  * Add Pam-Auth attribute (Chris Dent)
  * Fixes in files.c by Alan DeKok for pair_move2() and empty reply pairs.
  * Fix in radiusd.c rad_spawn_child() by Alan DeKok to check for duplicate
    packets in a much better way (compare both ID and vector).
  * Put some functoins in their own file: auth.c, exec.c
  * First cut at proxy support in proxy.c
  * Use new VALUE_PAIR->length everywhere, at least for strvalues.
  * Added vendor-specific attributes, format as in Livingston Radius 2.1

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Thu,  8 Oct 1998 21:20:49 +0200

radiusd-cistron (1.5.4.3-beta3) experimental; urgency=low

  * Include new checkrad.pl from Shilo Costa. See also
    http://www.mdi.ca/sysadmin/cistron/
    Net::Telnet based code by Alexis C. Villalon.
  * Fix documentation bug checklogin -> checkrad
  * Now a failed Exec-Program-Wait will really deny access
  * Added patches from Don Greer, see
    http://www.austintx.com/~dgreer/cistron-ascend/
  * Fix sp_expire check for shadow passwd (thanks to Alan Madill)
  * Patches from Blaz Zupan <blaz@amis.net> for FreeBSD
  * Folded all four reply-functions into one
  * Hopefully now Prefix = "P", Group = "group" works properly
  * Fix uue()
  * Fix dbm support (Blaz)
  * Fix signal handler so that children do not kill accounting process.
  * Now reloads config files on-the-fly after SIGHUP
  * Added "-A" flag to write a "detail.auth" file.
  * Make messages in radius.log more consistent
  * Fix Denial-Of-Service problem - crashing radius with illegal packets

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat,  4 Jul 1998 15:06:55 +0200

radiusd-cistron (1.5.4.2) experimental; urgency=low

  * Turn off SIGCHLD handler and use waitpid() in rad_check_ts()
    On some OSes the wait() for the checkrad script failed.
  * Fix Auth-Type = Crypted-Local
  * Store porttype in radutmp (backwards compatible)
  * Fix shadow passwords.
  * Check expiration date for shadow passwords.
  * Add %s (Connect-Info) to string en/de coder

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Mon,  5 Jan 1998 14:22:28 +0100

radiusd-cistron (1.5.4.1) experimental; urgency=low

  * Fixed radwho.c
  * Fixed acct.c to calculate the right accounting response digest
  * In acct.c, check the accounting request digest.
  * Added PAM suppport

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat, 22 Nov 1997 16:43:18 +0100

radiusd-cistron (1.5.4) experimental; urgency=low

  * Now compiles with glibc too
  * Try to detect if TS only sends logout records and don't complain
  * Started implementing double login checks through external programs
    (see checkrad.pl script).
  * Delete most A/V pairs from reply if Callback-Id is seen
    (I'm not sure if this is actually OK, but we'll see...)
  * Fix rc.radiusd script and radwatch to use pid files instead of killall
  * Set timeout of 5 seconds on rad_getpwnam cache.
  * Heiko Schlittermann <heiko@lotte.sax.de> provided diffs for:
    - Added check for return code of the Exec-Program-Wait call and use
      this as additional criterium if access is permitted or denied.
    - Install cron.daily script too
    - Removed race condition concerning handling for SIGCHLD
    - Added feature: external program called via Exec-Program-Wait may
      return up to 127 characters via its STDOUT.  These characters
      are to form an user message if the request is rejected.
  * Add $INCLUDE directive for "dictionary" file.
  * Seperated "clients" file into "clients" and "naslist" files.
  * Allow spaces in usernames, using " " or `\ '
  * Fixed wild pointer in radzap()
  * Default for radwo-as-finger is to not show the fullname (privacy)
  * Implement reliable double-login detection!
  * Fix lockf (oops - I used it completely in the wrong way!)
  * Fix rad_check_muli to use read() correctly
  * Make stdout linebuffered if debug_flag (-x) is set.
  * Fix Group/Group-Name check for huntgroups file. Found thanks to
    Christian Oyarzun <oyarzun@marley.wilmington.net>.
  * Removed CISTRON_COMPAT code. If you really need it, you can turn it
    on by adding a Port-Message with % escape sequences in the users file.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Tue, 21 Oct 1997 16:01:47 +0200

radiusd-cistron (1.5.3.pre4-4) experimental; urgency=low

  * Fixed Prefix/Suffix stuff in hints file.
  * Extra consistency check for ComOS reboot records. Sometimes Ascends send
    bogus records that look a lot like them..
    Noted by Jens Glaser <jens@regio.net>
  * Add -p flag to getopt() call
  * Fix sample users file (User-Message -> Port-Message)
  * If Password = is set (and not "UNIX"), Auth-Type is always Local
  * Do not strip everything after a space from the username.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sat, 19 Jul 1997 14:34:10 +0200

radiusd-cistron (1.5.3.pre4-3) experimental; urgency=low

  * Add Timestamp record to radius accounting records
  * Also strip NT domain from logfiles if NT_DOMAIN_HACK is defined
  * Add -p flag to log stripped names into the "details" file.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 4 Jul 1997 10:29:26 +0200

radiusd-cistron (1.5.3.pre4-2) experimental; urgency=low

  * Added some manual pages.
  * Fixed Prefix/Suffix support
  * Commented out example config files
  * Added debian package files.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 27 Jun 1997 20:49:31 +0200

radiusd-cistron (1.5.3.pre4-1) experimental; urgency=low

  * Upgraded dictionary to radius-2.01
  * Added support for Crypt-Password
  * Cleaned up code in radiusd.c
  * Added Exec-Program-Wait
  * Added Prefix/Suffix support
  * Changed "hints" syntax to resemble "users" more closely
    Added extra attribute "Hint" that can be set in the "hints" file
  * Added $INCLUDE directive for users/hints/huntgroups file
  * DBM "users" file doesn't work at the moment!!

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 20 Jun 1997 15:26:29 +0200

radiusd-cistron (1.5.3) cistron; urgency=low

  * Exec-Program actually works now.
  * Somehow no longer core dumps :)

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Mon, 5 May 1997 10:32:17 +0200

radiusd-cistron (1.5.2) cistron; urgency=high

  * Fix radiusd.c to actually _check_ for a password when Auth-Type = System.
    It just let anyone in :( (it did work with Password = "UNIX" though).
  * Fix sample users file (Callback-No -> Callback-Number)
  * Start of Exec-Program support (not finished).
  * Better Simultaneous-Use checking

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Wed, 19 Feb 1997 12:26:56 +0100

radiusd-cistron (1.5.1) cistron; urgency=low

  * Fixed radzap to allow both "Sport" and plain "port".
  * acct.c now checks portmaster reboot records (already did that, but it
    seems that a PM3 sends buggy records).

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Mon, 10 Feb 1997 16:33:38 +0100

radiusd-cistron (1.5) cistron; urgency=low

  * ANSIfied code, changed comment style
  * Renamed users.c to files.c. Now pre-reads all config files.
  * DBM support works now
  * Added new logging routines
  * Changed utmp format, added better checks
  * Moved utmp to /var/log
  * Now supports both wtmp file and RADIUS style logging
  * Added Simultaneous-Use support.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Fri, 7 Feb 1997 17:56:11 +0100

radiusd-cistron (1.4) cistron; urgency=low

  * Started using ChangeLog
  * Ported to Solaris, FreeBSD in addition to Linux.

 -- Miquel van Smoorenburg <miquels@cistron.nl>  Wed, 02 Oct 1996 12:27:39 +0200

