Messages from modules were leaked. Call imsg_free() for them.

Don't abort the query when it is requesting to the next module.

Don't abort the query when a duplicated query is received. Also tweak
the log message.

Make some functions "static".

Decrypt "Password" attribute always before passing the packet to
modules. Also, don't assume the authenticator of the packet from the
module that has no secret is valid.

Move radius_attr_{,un}hide() to radius_subr.c.

Add "authentication-filter". Add new 2 imsg types so that
authentication modules can request the next authentication and the
next authentication can receive the result of the previous and modify
the

Add "authentication-filter". Add new 2 imsg types so that
authentication modules can request the next authentication and the
next authentication can receive the result of the previous and modify
the result.

show more ...

Add "radiusd" field to struct radius_query.

Use calloc(3) instead of malloc(3). "accounting" is used without
initialization. Also don't check request authenticator for other than
Accounting-Request.

Fix memory leaks, a use after free, accessing outside the region
introduced by recent commits. Found by malloc(3).

Add radiusd_ipcp(8). A module which provides IP configuration through
RADIUS Access-Accept messages and manages IP address pool through
RADIUS accounting messages.

Add support for RADIUS accounting.

Stop scheduling an I/O event by the timer when the imsg_buf has the data
larger than the imsg header. It prevented the receiver from receiving the
following parts of the message.

Exit with an error code when error or module die.
CVS ----------------------------------------------------------------------

Set SO_REUSEADDR for the listening socket. This makes radiusd(8)
can bind both on an interface address and a wildcard address.

Call daemon(3) before parse_config() since parse_config() of radiusd(8)
starts some sub processes and parent-child relationship with them must
be kept. But we want to show config error on stderr, so

Call daemon(3) before parse_config() since parse_config() of radiusd(8)
starts some sub processes and parent-child relationship with them must
be kept. But we want to show config error on stderr, so keep stdio
files open and close them after parse_config().

show more ...

Don't receive decoration when not requested.

Show config error when -n

Add missing size check.

avoid use after free of q
found by smatch, ok miod@ deraadt@

Refactor some functions to prepare accounting support.

Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.

Fix radiusd(8) to fixup MPPE-{Send,Recv}-Key and Tunnel-Password
attributes of the response properly.

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_sta

Add request or response decoration feature which is used through the
radiusd module interface. This makes additional modules can modify
RADIUS request or response messages. Also add new "radius_standard"
module which uses this new feature, provides some generic features
like "strip-atmark-realm" which removes the realm part from the
User-Name attribute. from IIJ.

show more ...

Refuse an incomplete config, an authentication block which doesn't
have authentication module. The code doesn't expect this.