-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathChangelog
633 lines (627 loc) · 39.4 KB
/
Changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
Ver X.XX:
* add comparison operators "!=" and "not like" to Accounting
* replace ereg -> preg_match, ereg_replace -> preg_replace, split -> preg_split for PHP5.3 compatibility
* fix LIMIT not working when using MySQL
* add configuration item "timezone" to make PHP 5.1+ happy
Ver 1.80:
* Remove snmp_clearsession. It is replaced by clearsession which supports both snmp and telnet
methods of removing a user from an access server. Add corresponding configuration directives
general_sessionclear_method and nasXX_sessionclear_method
* Create a new function da_sql_limit() and use that to pass LIMIT arguments to the database layer
since the syntax is different between db vendors
* Rename the badusers date field to incidentdate to avoid reserved words in databases. Bug found by
Peter Nixon
* Count online users correctly (through a separate query) in user_finger.
* Use the correct max results variable in lib/*/find.php3
* In time2strclock also show days if applicable
* In lib/sql/attrmap.php3, only register variables once. Go through $show_attrs and set default attribute
mappings for any attribute that a mapping does not exist.
* Change the order of OID's used in snmpfinger for cisco NASes
Ver 1.78:
* Add a snmp_clearsession which can disconnect a user by using the Cisco AAA Session MIB
* Add a configuration directive general_sessionclear_bin
* Add a session disconnect button in the 'clear open sessions' page
* Also clear sessions from the sql extra servers in the 'clear open sessions' page
* In bin/snmpfinger also accept @,. in the username
* If we are stripping realms, then if needed strip them from the data returned by snmpfinger in
user_finger.php3
* Add a header with the page encoding before sending any page (header added in config.php3)
This closes Bug #153
* Fix a problem when reading username.mappings
* If date calculation fails, abort
* Add a backup_radacct script
* Add an sqlrelay functions file. The user_admin page does not currently work. Looking into it.
* Add sqlrelay support in the scripts. Add a sqlrelay_query script to run sqlrelay commands
* Update password_check to work with all password attributes and use the configuration directives
* Add more documentation for per user counter limit attributes (daily/weekly/monthly limits)
* Make all counter limits default to none so that people don't get confused
* In clear_opensessions depending on sql type use either IS NULL or = 0 in the DELETE statement.
We need to find a cleaner solution to this. This closes bug#175
* Log somewhat more verbose error messages when the sql_command binary is not found in the bin scripts
* Make nasXX_finger_type actually work since the place where nas information was stored was changed a
long time ago. Bug noted by Nick Bright
* In user_finger only set LD_LIBRARY_PATH once, not each time we call snmpfinger
* Add support for usrhiper in snmpfinger. Patch from Nick Bright
* urlencode() all occurrences of the $login variable when used in url's. Bug noted by Dag Landau
* Show the correct nas type in nas_admin. Bug noted by Nick Bright
* Correctly calculate the nas ip in lib/sql/nas_list.php3. Add a check_ip() function in lib/functions.php3
Bug noted by Nick Bright
* Correctly check nas validity in nas_admin.php3. Bug noted by Nick Bright
* Don't use $num in stats.php3, change it to $stats_num
Ver 1.75:
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
* Move a few elements in the CSS file from the body tag. Suggestion by Gary McKinney
* Update FAQ about using php with no sql support.
* Allow the user to select between viewing FAQ,HOWTO or README in the help page.
* Use $_SERVER instead of $HTTP_SERVER_VARS
* Add a drop down menu with existing groups in group_new.php3
* Check for sql in show_groups.php3
* In lib/sql/group_info.php3 if $login is not set, find available groups and place them in
$existing_groups along with a count of users per group. Use the functionality in group_new.php3
and show_groups.php3
* Update TODO
* Add the style sheet in the content.html
* Enlarge the width for the left frame
* Make show_groups and the drop down menu in group_new work
* Use lower cased row names in badusers page
* Wrong foreach in show_groups and group_new.
* Fix operator escaping in lib/sql/change_attrs.php3
* In user_state also take into account any open sessions when calculating daily/weekly usage.
Add two more lines in the output stating the number of current open sessions and the time used.
* Move a few header() calls after including config.php3 so that we have access to the relevant
variables.
* Make pagesize 'all' work again. Bug found by apellido jr., wilfredo p.
* Make 'Add NAS' function in the nas admin page more easily accessible
* Fix a small bug in user_admin.php3 found by Joerg Staedele
* Fix a small typo in the userinfo mysql schema. Found by Evert Meulie
* Fix bug #136, bugs found by Pawel Foremski
* Small type in login_time_create, close bug #141
* In config.php3 remove whitespaces from $login. Don't remove '-'
* Add lib/sql/group_change.php3 to add and delete a user from groups
* Add a new directive sql_show_all_groups. If set to true then in user edit page we show all available
groups with the ones the user is a member of highlighted. The administrator can then directly
change user group membership by changing membership in this group list.
* On group creation, if member list is empty report that, not that the group was created.
* In the show groups page, note that we only show groups with members
* In lib/sql/group_info.php3 only unset variables if we need to. In lib/sql/defaults.php3 don't run for groups
only for users
* Fix Bug #167
Ver 1.72:
* Move the xlat function to a separate file in lib/xlat.php3
* Add a lib/sql/nas_list.php3 to also get the nas list from sql (naslist.conf still works)
* add realms nasdb and nasadmin in username.mappings. nasadmin is used to signify if the
user is allowed to use the nas_admin page. nasdb is used to shorten the nas list to only
a few specific entries. That way administrator responsible for a few access servers will
only be able to administer those access servers and not see the rest of the nas list.
* Add username searching in the find page as suggested by joram agten
* Don't use nas_list in nas_admin
* Add postgresql specific sql schema by apellido jr., wilfredo p. Move each sql schema to a
separate directory (mysql and postgresql)
* Change is_int to is_numeric. This closes Bug #90
* Escape special characters in the sql password. This closes bug #96
* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can
have different mappings for each administrator.
* Use require_once instead of require when including xlat.php3
* Add debug statements in sql connect functions
* Add a missing.php3 file with functions that may be missing from the PHP version used. Include it
if a function is missing. Currently only array_change_key_case() is included
* Set general_restrict_nasadmin_access to no by default. It causes confusion.
* Set the general_username_mappings_file variable
* Fix a small error in lib/sql/find.php3. This closes bug #103
* Add a small note in the FAQ about checking for sql/ldap driver availability in PHP if the user get's
a blank white page back.
Ver 1.70.3:
* Test for unset variable, rather than empty variable in clean_radacct,
monthly_tot_stats and truncate_radacct.
Ver 1.70.2:
* Fix redirects in dialup-admin pages on servers with register_globals
turned off.
* HTTP form fields will always fail is_int, use in_numeric instead.
Ver 1.70.1:
* Report correct data transfer statistics for users.
* Lower-case sql column names to match creation scripts.
* Fix creation of empty groups.
* Put quote around usernames in HTML output.
* Properly notice when we've got a blank password to SQL.
Ver 1.70:
* Add the /bin postgresql compatibility patch from Guy Fraser
* Add ldap_userdn as a configuration directive. If set we use that for
user DN's (variables supported) instead of performing and ldap search for
each user. That can be somewhat faster.
* Add a check_user_passwd() and a get_user_dn() functions in lib/ldap/functions.php3
* Add general_restrict_badusers_access directive. If set to yes we only allow each administrator
access to their own entries in the badusers table
* Add a username.mappings table. We are able to map each administrator username to additional queries
on the accounting and user settings tables.
* Add an sql_accounting_extra_query directive. If set this query is included in all
queries to the accounting tables.
Combined with admin username mappings we are able to easily restrict access on specific accounting data
to each administrator.
* Escape bad characters in the $login variable
* Add a da_sql_escape_string function. We use that for every element we pass to sql queries in order to
protect ourselves from sql injection.
* Use the ldap_userdn directive where applicable in the functions.php3 file
* Add an sql_xlat function
* Add a nas administration page for sql based clients
* Fix small bugs in accounting.php3 and user_stats.php3. Add nas_admin.php3 to the buttons page
* Add da_sql_escape_string for all relevant variables in lib/sql files
* Keep the nas list in a separate array $nas_list. Update various pages to use that one now.
* Make nas_list actually work
* Also allow for '-' to exist in a nas name in bin/log_badlogins
Ver 1.68:
* Huge PostgreSQL compatibility patch by Guy Fraser <[email protected]>
* Also support the Crypt-Password attribute in lib/sql/password_check.php3. Patch by Guy Fraser <[email protected]>
* Small fix in user_finger.php3
* Add the ability to erase rows from the badusers table
* In log_badlogins for multiple logins if it is a mppp attempt, log it
* Add a message when adding a user in the badusers table
* Close sql connections in add_badusers.php3
* Add a patch from Neil McCalden to not put spaces in the -p argument to the mysql binary.
* Fix a bug in conf/config.php3. Patch from Neil McCalden
* In log_badlogins add a newline after every sql query so that the resulting file can be editable
* Add a force directive in log_badlogins. If uncommented it will force inserts even if there are
sql errors. That can help in case there is one sql query which stops the whole failed logins
logging system from working
* Sort the servers list in failed_logins,user_stats,stats
Ver 1.65:
* Add a captions.conf file with a few configurable captions for now
* Move the nas list to a separate file called naslist.conf
* Add the ability to include configuration files in admin.conf
* Add a page for clearing open sessions from the database called clear_opensessions.php3. Add it in the
user toolbar
* Move the userinfo page of user_admin to a separate file so that it can be easily changed to
fit per installation needs
* Add a conf/accounting.attrs allowing the customization of the attributes in the user_accounting,
user_finger and failed_logins pages
* Add a directive to determine if the administrator will be able to change the user password from
the user edit page
* Call mysql_escape_string before running the sql query
* Use the sql_connect_timeout for the mysql driver
* Add a help page for the badusers table
* Also take the Session-Timeout in consideration when calcualting the remaining time in user_admin.php3
* Add regex matching in log_badlogins and don't expect the callerid to always be in numeric format
* Small html corrections in user_toolbar.html.php3
* Add a HOWTO from Paris Stamatopoulos
* create a doc directory and move the documentation files there
* Add a note about the HOWTO in the README file
* Add a few help pages for the nomadix radius attributes by Ulrich Walcher
* Update the HOWTO with instructions about the ldap configuration directives and the scripts in the bin folder
* Update the AUTHORS file
* Check for the binaries used (mysql/snmpwalk) in the scripts in the bin folder before using them
* Update the HOWTO file
* Use the general_domain variable from the admin.conf file in log_badlogins instead of a new one
* Add a sql_command directive in admin.conf containing the path to the mysql binary. That can be used by the
scripts in the bin folder instead of setting a variable in each script
* Add a general_nas_type and a per nas type directive and pass that to snmpfinger. Updated snmpfinger to also
support lucent equipment apart from cisco
* Update the HOWTO file with a few comments on the general_nas_type directive
* Use the User-Password attribute instead of Password in user_test.php3
Ver 1.63:
* Do an eval on the attribute description strings in the user_edit page. That will allow the login-time creation
page to work properly.
* Add a login-time creation page which will allow the administrator to create the login-time string through a gui
instead of writing it directly in UUCP format.
* Call lib/{ldap,sql}/user_info in user_info before displaying any information about the user
* Add a configuration directive general_charset. Add a language meta tag in all pages
* Use sql_extra_servers directive when adding users in the badusers table. Add a da_sql_host_connect() function
to connect to a specific sql host
* Fix a typo in lib/sql/attrmap.php3
* Add an entry in the FAQ about the Dialup-Access attribute
* Add an entry in the FAQ about duplicate personal attributes in the user_admin page
* Only show the personal attributes in the New User page if we have ldap or we are using the userinfo table in sql
* Add a per nas finger_type directive
* Update the TODO file
* Add an entry in the FAQ about adding .php3 handling
* Add a few installation notes
* Fix a problem with user_stats.php3
* Update the README file with notes about the scripts present in the bin folder
* Add a <?php tag instead of a <?. Bug noted by Isam Ishaq <[email protected]>
* Add support for regexp and like operators in accounting report generator
* Limit the split() to 2 elements in lib/defaults.php3
* Create a AcctUniqueId before adding a row in radacct in log_badlogins.
* Use Max-Monthly-Session not Max-Weekly-Session for the monthly limit
* When checking the weekly limit check first that $remaining is numeric before doing any comparisons
* Add a usage_summary parameter in user_finger. If it is passed then we only output a text like:
"Online: <num> Free: <num>" which can be used in outside pages
* Use $config[sql_usergroup_table] in show_groups.php3
* Add a config directive general_stats_use_totacct. If set we use the totacct table in the stats page instead of
radacct
* Small change in user_accounting.php3
* Escape " in login_time create page before parsing the login-time string
* Add Service-Type in user_edit.attrs
* In user_finger page if $user is NULL then set it to
* Add 3 more help pages from Stadler Karel <[email protected]> for Service-Type,Framed-Protocol and Filter-ID
* Make all scripts use the mysql binary instead of DBI and make the sql password even if it is empty
* Make log_badlogins work with usernames containing spaces
* Only delete sessions which are not open in truncate_radacct. Bug noted by Evren Yurtesen <[email protected]>
* Add a user input tag in user_stats.php3
* Change AcctStopTime = '0' with AcctStopTime IS NULL
* Add a few more attribute help pages from Ulrich Walcher <[email protected]>
* Also check for $server != '' in stats.php3. Bug noted by Ulrich Walcher <[email protected]>
* Consider the account locked either if Dialup-Access == FALSE or if it is not set at all
* Calculate weekly used time correctly (from Sunday 00:00:00)
* Allow for defining the ldap_filter used when searching for a user. The filter supports dynamic variables
like %u (username) and %U (username provided though http auth)
* Add a configuration directive counter_monthly_calculate_usage to calculate the monthly usage time. Calculate
it in user_admin if monthly_limit != 'none' or if this directive is set.
Based on a report by "apellido jr., wilfredo p"
* Add more comments in the admin.conf file
* Show correct calculation of the montlhy usage time.
* Don't show an account as locked if Dialup-Access does not exist and the mapping corresponds to 'none' attribute
* Make clean_radacct and truncate_radacct work correctly
* Fix a small bug in bytes2str. It will now also show GBs if appropriate
* Add an entry about the failed_logins page
* Update the help page for the lock message attribute
* Update the badusers page to also use the general_accounting_info_order directive
Ver 1.62:
* Remove one sql query from user_admin which was not needed.
* Instead of a query like "LIKE 'YYYY-MM-DD%'" use "AcctStopTime >= 'YYYY-MM-DD 00:00:00 AND AcctStopTime
<= 'YYYY-MM-DD 23:59:59'" which will allow us to use sql indexes better.
* Add a few comments in bin/clean_radacct
* Add a new script bin/truncate_radacct which will delete all sessions from the radacct table which
are older than a configurable number of days
* Fix a typo in sql.attrmap. Fix by Evren Yurtesen <[email protected]>
* Work even when register_globals if off. Suggestion from Evren Yurtesen <[email protected]>
Also add an entry in the FAQ about that.
* We don't need ORDER BY GroupName in show_groups.php3 since we have GROUP BY
* Use CISCO-POP-MGMT-MIB in snmpfinger instead of CISCO-CALL-HISTORY-MIB. Thanks to
Evren Yurtesen <[email protected]> for the suggestion.
* Remember a few things in the user_test page. Also add another configuration file directive
general_radius_server_auth_proto specifying the default authentication protocol of the radius
server (pap or chap).
* Replace single quotes with double quotes in log_badlogins
* Add a missing <?php tag. Bug noted by Simon Burns <[email protected]>
* Add sql_use_http_credentials configuration directive to connect to the sql database using the http user
credentials (that way there can be more than one administrator usernames, each with different privileges
on the sql database).
* Add more error messages when interacting with the SQL database
* Add sql_connect_timeout and sql_extra_servers configuration directives to be used by the log_badlogins script
* In log_badlogins create a separate sql input file for each sql server and append sql commands to it. If the
sql command succeeds we delete the corresponding input file. That way if an sql server is down we store the
accounting info in the input file and then send it all when it comes back up.
* Add a directive sql_debug. Add debugging statements in the sql library
* Add a directive ldap_debug. Add debugging statements in the ldap library
* Add debug statements in the pg driver
* In debug, output the sql queries in italic. Refer to enabling debugging in the FAQ
* Don't include user_info.php3 in the user_test page.
* Make things a little bit more simple in lib/ldap/change_attrs.php3
* Fix a small bug in lib/ldap/create_user.php3. Unset the mod array before adding any values to it.
* Fix a small problem with debugging
* Do a write lock in radacct before truncating it in truncate_radacct
* In user_new show a select box with all the available groups. Based on an idea by Karel Stadler (kstadler)
* Add a column Admin in the badusers table which will contain the administrator username if that is available
* Add two new tables totacct and mtotacct containing per user aggregated statistics for each day and month
respectively. Also add two corresponding scripts in the bin folder, tot_stats and monthly_tot_stats. Lastly,
create a new page, user_stats.php3 which will show the top users in connections or connections duration based
on the data in the totacct table.
* Add a few comments in the tot_stats and monthly_tot_stats scripts
* Add support for ! in usernames in log_badlogins
* Call gethostbyaddr with an @ in front to suppress error messages
* Also add support for @ in usernames in log_badlogins
Ver 1.61:
* Add a string encoder for greek
* If general_decode_normal_attributes is set then encode attributes in lib/ldap/change_info. In the near future
language specific user attributes will be added in the change info and new user pages. Remove comments from
admin.conf about the change info page not working if this directive is used.
* When spliting cn in lib/ldap/create_user.php3 limit the split to 2 new elements not 3.
* Fix a few bugs in log_badlogins
* Fix a parse error in failed_logins.php3
* Fix a bug in lib/defaults.php3 which did not allow the default.vals file to be used correctly
* Include password.php3 in lib/ldap/password_check.php3
* When searching a user in ldap through the find page only try to find the users which have a uid attribute (username)
* Allow selecting a specific access server in the failed logins page
* In the user admin page use AcctStartTime not AcctStopTime when calculating usage for the last 7 days
* Also show server:port in the user test page (so that it shows when used for server checks)
* Now the create user page should work with sql
* Make the default general_lib_type sql instead of ldap
Ver 1.60:
* Use require_once when including lib/functions.php3 in lib/sql
* In the buttons toolbar Edit User should not be clickable.
* Add an arrow gif in htdocs/images to be used in the buttons page when adding multiple finger pages
* In snmpfinger also consider '-' as a valid character for a username
* Add support for realm in username and allow for realm striping in the web pages and in log_badlogins
* Add a few more comments in the admin.conf
* Update the FAQ with an entry about the Online Users page not showing anything.
* Update the FAQ with an entry about sessions.
* Allow the user to add extra attributes in the test user page
* Add a few comments in log_badlogins, support auth logs containing the password, work nice when the client
is localhost, add an option to scan the whole radius.log and add failed logins in the sql database (can be
used for initialization).
* html fixes in accounting.php3
* Fix a problem in user_accounting when NASIPAddress is not set.
* Use CISCO-AAA-SESSION-MIB in snmpfinger
* In lib/ldap/functions.php3 only ask for the cn attribute in ldap_search not the whole entry. That should make
user_finger a lot faster when the user database is in ldap
* In lib/functions.php3 pass a second argument to date2timediv with the current time. user_finger calls that
function for each online user so we now don't need to do a lot of calls to time() but only one. That should make
user_finger somewhat faster.
* Fix a small issue with the general_accounting_info_order
* Fix a problem in failed_logins when NASIPAddress is not set.
* Allow for multiple regular profile attributes in a user entry.
* Allow for normal ldap user attributes to be utf8 encoded instead of ascii. Changing attribute values through
user_info will not work in that case.
* Fix a small bug in lib/ldap/defaults.php3. We should not be using $i in a for() loop but a new variable
* Add a comment in admin.conf about ldap server failover
* Map a specific username to the directory manager if we are using ldap and http authentication
Ver 1.59:
* Small html fixes in user_edit.php3 and password.php3
* Show number of failed logins in the last 7 days in the user admin page
* Show date in the user/server test page
* In config.php3 include a relative admin.conf file not an absolute
* Add an entry in the FAQ about php magic quotes
* Escape double quotes in attribute values in the user edit page
* Fix a bug in lib/sql/change_passwd.php3 when not using operators.
Bug report from Sheldon Fougere <[email protected]>
* Add the caller id in the connection status attributes in the show user page
* Allow for multiple default values. Also add a generic flag in ldap attrmap. If it exists then the
attribute is generic and user values *do not* overwrite default values. The operators in the generic
attribute can be used for that. The same is very difficult to implement for sql, so for now user
values overwrite default values in sql (user edit page).
A lot of code and a lot of files where changed so there may be bugs somewhere.
* In the user edit page print a message under the User Password field about if it exists or not. Update
the user_info.php3 lib files to check for it.
* In lib/ldap/defaults.php3 Dialup-Access should not be added in the default_vals. It is not inherited.
* If we are editing a group show a comment that in the radiusd sql module the group tables are evaluated
after the user tables. As a result user values should in general overwrite default values.
* Add support for the default_user_profile of the sql module in lib/sql/defaults.php3
* In sql.attrmap User-Password should map to User-Password, not Password
* If an sql attribute is not contained in sql, assume that it has the same name as in dialup_admin and that
it is a reply item. Add a comment for that in conf/sql.attrmap.
* Change the way radius attributes are read from the sql database. The change should make things somewhat
faster. Create a reverse mapping from radius attributes to dialup_admin attributes.
* Add a configuration directive called ldap_use_http_credentials. If it is set to yes then we try to
connect to the ldap server with the username/password given in http authentication, not those contained
in admin.conf. That way multiple admins with different permissions on the ldap tree can work on a single
dialup_admin.
* With the same logic we allow for multiple buttons html pages. We now create a folder html/buttons which
by default contains a folder default. If the user logs in with http authentication then we try
to open the file html/buttons/<username>/buttons.html.php3. If we can't we open
html/buttons/default/buttons.html.php3. That way we can create muiltiple views of say the online users
page based on which admin requests the page.
* Call config.php3 before outputing any html.
* Add sessions in order to cache the various mappings. Add a corresponding configuration directive
general_use_session. Also add a session cache destroy page.
* Also cache the admin.conf if use_session is set to 1 in config.php3
* Fix a few bugs
* Remove the auto password generator from the user edit page. It has no meaning since the password is not
shown
* In lib/sql/defaults.php3 instead of doing a select for each group the user belongs to, do one select with
a where in () caluse.
* Also cache the default.vals file.
* Update documentation
* Only connect and bind to the ldap server if we haven't done that before.
* Remove previous change. It was causing problems
* In the user test page ignore comments from the auth.request file
* Add a new config directive, ldap_write_server. If it is set then when we update the directory we try to
connect to that one instead of the ldap_server. That way we can read from the fast read-only replicas and
write to a slower master.
* Fix a few more bugs
* Add a failed logins page, to show the most recent failed logins.
* Fix a bug in the failed logins page
* Change use of AcctStartTime with AcctStopTime in failed_logins.php3 to match that in user_admin
* Fix a bug with failed logins in user_admin.
* Add the failed logins page in the buttons page
* Add a missing WHERE UserName = '$login' in the UPDATE statement in lib/sql/change_info.php3. Patch by
Eddie Bindt <[email protected]>
Ver 1.55:
* Update the FAQ about missing attributes from the user/group edit pages and add a few comments
in the configuration files
* Add support for the Expiration attribute. Add it in the sql attribute map, in user_edit.attrs and
check for it in user_admin
* Add a few more keys in the userinfo and badusers tables.
* Fix a problem with lib/sql/defaults.php3 where the first character in the default value when using
operators was set to the opeator
* Add a user find page. User can be searched based on the full name, department or RADIUS attribute.
The radius attribute should be included in the _user_ profile, not in a group/regular/default profile.
* Add support for the user ldap regular profile attribute in user_edit.attrs
* Fix a stupid bug in accounting.php3. We should not use the show_attrs array.
Ver 1.54:
* Add attributes for the sql group tables in admin.conf. Now SQL group support should really work!
Ver 1.53:
* html fixes in show_groups.php3
* When reporting sql errors also print the output of da_sql_error
* When updating ldap user information don't do an update if the new attribute value
is '-' (default value)
* Comment out Reply-Message in conf/user_edit.attrs since in sql it maps to the same attribute as
the lock message
Ver 1.52:
* Add Reply-Message in conf/user_edit.attrs so that it appears in the user/group edit pages
* Allow the administrator to specify a group in the New User page. Update lib/sql/create_user.php3 to add
the user to the specified group
* Call user_info.php3 and defaults.php3 in user_new.php3 after creating a user
* Only run if $login is not NULL in lib/sql/defaults.php3
* In group admin add a button to administer the selected user which will redirect the administrator to the
corresponding user_admin page
* Add a show_groups.php3 to show all active user groups
Ver 1.51:
* Only call user_info.php3 in user_new.php3 when we are creating a user
* Fix a bug with personal information attributes in user_new.php3
Ver 1.50:
* Add support for groups in SQL. Added several new files and modified a few more.
* Default values in SQL are now extracted from the group membership. Added a lib/sql/defaults.php3 file.
As a result the default operator is not '=' anymore but whatever we find in the group check and reply tables.
* In lib/sql/user_info.php3 set user_exists in more than one places.
* Add support for the '=*' and '!*' operators
* Added a HELP_WANTED file describing what are the major things missing which people could contribute.
* Updated TODO
* Added a help page for the Session Timeout and Idle Timeout attributes.
* The new group page should only be available if the general library type is sql.
* Fix a small bug in lib/sql/create_user.php3 where work and home phone were stored in the wrong fields.
* Set personal information attributes in lib/sql/user_info.php3 to default values.
* Add a page to change the user's personal information. Changed the user toolbar and added htdocs/user_info.php3
along with lib/{sql,ldap}/change_info.php3
* Print a message if we can't connect to the ldap server in lib/ldap/user_info.php3
* Use a textarea for new members in group_admin.php3 and group_new.php3. Update lib/sql/create_group.php3 and
lib/sql/group_admin.php3
* Set a few more personal information attributes to defaults in lib/sql/user_info.php3
* Fix a typo for department
* Set personal information attributes to defaults in lib/ldap/user_info.php3
* Have adddress and home address in user personal info
* Set $user_info in lib/{ldap,sql}/user_info.php3 and only if the user exists and has personal info
* Show language attributes only if general_prefered_lang is not 'en'
Ver 1.30:
* Add limit of results returned in accounting.php3
* Fix a bug in time2strclock() in lib/functions.php3. Seconds ammount more than 9 would not show.
Bug noted by Timophey <[email protected]>
* Reaarange a few things in user_admin. Put Subscription Analysis first and 'Account Status' second. Make a
few things bold.
* Change log_badlogins to use the mysql binary instead of the DBI module. That way we don't have any
dependencies and we don't need to bother with connection maintainance (dead mysql connections etc).
* html fixes in user_finger.php3
* Fix a bug in lib/add_badusers.php3 which did not allow inserts in the badusers table.
* Make lib/ldap/password_check.php3 behave properly when it is passed a null password
* Allow for daily/weekly/monthly limits to be set to none and show correct results in the show user page
* Fix a small bug in user_admin.php3.
* Pass the whole password as salt in da_encrypt() in password_check.php3
* Refresh the online users page every 50 secs. Patch by Alexandre Strube <[email protected]>
* Check if the last logged in server and client ip are valid before calling gethostbyaddr
* If the same attribute appears more than once in the user edit page then show a count of the number of
occurences next to the attribute name
* Add a server argument to user_finger.php3. If it is set then the page will only show the logged in users
in that access server instead of all of them. Update the README with documentation for that fact.
Ver 1.29:
* Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and
radaclient).
* Add general_finger_type directive to determine if we will use snmpfinger in user_finger.php3
* Fix a bug in config.php3 when we have a directive containing ':'
* Fix a bug in lib/ldap/change_attrs.php3 that did not allow changing more than one value of a
multivalued attribute simultaneously.
* Added selection of ordering in user_accounting.php3. Now it can be either ascending (older records
first) or descending (most recent records first). Added a corresponding configuration directive.
* Added operator support in sql. The eq(=),set(:=) and add(+=) operators are supported. Added an
sql_use_operators configuration directive. Hope everything works.
* Fixed a bug in sql/change_attrs which did not allow multi valued attributes in sql.
* unset item_vals before adding info in ldap and sql user_info files.
* Add support for the rest of the operators. Created the lib/operators.php3 file containing helper functions
* Fix a small bug in log_badlogins. The nas domain should be a variable not hard coded.
* Fix a bug in lib/sql/delete_user.php3. Call da_sql_query with the correct arguments
Ver 1.28:
* Make user_delete.php3 print something when a user is deleted
* Cache nas hostname lookups in user_accounting
Ver 1.27:
* Allow for variable expansion in the configuration file. Something like:
general_base_dir: /usr/local/dialup_admin
general_default_file: %{general_base_dir}/conf/default.vals
* Small changes in the README file
* A few corrections in the sql drivers
* Enlarged the textboxes in the user_edit page
* Created a folder help
* Added a help page for:
o Login-Time
o Simultaneous-Use
o Dialup-Access
o Framed-Compression
o Port-Limit
o Lock Message
o Framed-IP-Address
Ver 1.26:
* A few bugfixes for the general sql code (typo mistakes mostly)
Ver 1.25:
* Deleted a mysql_close from lib/mysql/create_user since we now have persistent sql connections
* Removed the select_db() from accounting.php3 since it is not needed
* A lot of html changes in accounting.php3
* Changed the sql code to be modular. Now under lib we don't have a mysql directory but a sql directory
with a directory drivers which contains the database specific functions. As a result all calls to mysql*
functions where changed to call da_sql* functions. Right now mysql should work and postgresql *may* work
It is not tested though. Hopefully things will come back to being stable in a few days.
* Added sql_port and sql_type configuration file directives
Ver 1.20:
* Fixed a bug in lib/ldap/change_attrs. When we modify an attribute do an ldap_mod_del($mod) and then a
ldap_mod_add($add_r)
* In accounting.php3 show the attribute description instead of the attribute name.
Ver 1.19:
* In lib/ldap/check_password.php3 don't do a user search but use the already available user DN
* Remove the language support from the get_user_info() functions. They are only used in the user_finger page
* In user_state show weekly usage for the week starting from sunday 00:00, not for the last 7 days
* Show upload/download when connected or for the last time the user connected
* Fixed a few minor problems with the help and about pages
Ver 1.18:
* Fixed a small problem with total upload,download numbers in user_admin
* Fixed a major problem in the accounting report generator when adding an attribute check. Now it
should be all OK.
* Fixed a small bug in lib/mysql/functions.php3. Bug found be [email protected]
Ver 1.17:
* Fixed a few more problems in the mysql code
* Updated README
* the help page now prints the README file. It also has a common layout with the other pages
* Changed the about page to have a common look with the other pages.
Ver 1.16:
* Fixed a few typing mistakes in mysql.attrmap
* If the corresponding attribute name (in ldap or mysql) is 'none' then do not
edit/add it. Based on a bug report by [email protected]
* Fixed a few errors in lib/attrshow.php3
Ver 1.15:
* Added user test page. It will use radclient to send a radius access-request
to the radius server and check the response. This page is also used to check
that the radius server is working fine. Added user_test.php3 and a few config
file parameters.
* Support for multi valued attributes.
* Changed cleartext encryption name from none to clear
* Renamed the general_sql_row_limit configuration directive to sql_row_limit
Ver 1.12:
* Added an FAQ
* Small changes in html code
* Small changes in the README file
* Fixed a small problem in delete_user from ldap
* Removed the Base64 encode since it was causing problems
Ver 1.11:
* Changed all ldap_bind() to use the ldap bind DN and password. Should have been
the default behaviour
* Do a Base64 encode in ldap/change_password.php3 before sending the password to
the ldap server
* Added support for module messages in log_badlogins and user_accounting
* Updated documentation
Ver 1.10:
* Added support for users in mysql database. All bugs are welcome. To activate
just use mysql as library_type
* Added support for salt in crypt.php3
* Added userinfo table to keep information for users (Name,Phone etc). Added two
corresponding values in admin.conf
* Added mysql.attrmap for mysql support
* Added TODO
* Added persistent connections for mysql (mysql_pconnect())
Ver 1.00:
* Added password change facility in user_edit. Support for multiple
password encryption methods
* Added user deletion page user_delete.php3 with corresponding ldap lib code
* Moved the second user_info.php3 include in user_edit to the correct location. Also
used isset instead of == ''
* Moved the action toolbar (show,edit,accounting...) into a separate html file
* Added the nas model in user_finger.php3
Ver 0.99.8:
* Added the caller id in the finger facility
* Changed the start date in the badusers file to 0000
* Added the out of quota message in user_admin
* fixed a few problems with the html code in user_admin.php3
* calculate account status in user_admin for the last week only
* Change font color to red if used time > corresponding limit (weekly or daily)
* Added the user_stats.php3. It can be used by outside pages to get a quick
overview of the status of the user. It will return the following fields
separated by new lines:
account_status(active or inactive),lock message,weekly limit,daily limit,
weekly used,weekly connections,daily used,daily connections
* fixed a bug in the subscription analysis in user_admin.php3
* calculate weekly used from sunday 00:00:00 when the counters reset
* added clean_radacct which will clean radacct entries which have been open
for more than a day. It will not do any harm even if it is incorrect since
when rlm_sql runs if the update operation fails then it will fall back to
insert (see sql.conf)
* added log_badlogins. It will continuously read the radius.log file and log
to the radacct table all login incorrect and multiple logins with a
corresponding acctterminatecause. user_accounting.php3 is already prepared
for this (it will show those entries in red)
* fix a small bug with null values in change_vals.php3 of the ldap lib
Ver 0.99:
* Added the badusers table
* Added the default and regular profile from ldap for user_edit
* Added the snmpfinger in the finger facility so that it will not
relly on the sql database.
* Added the new user facility
* Added support for the Lock Message facility
* Various bug fixes and enhancements
Ver 0.31:
* Added the @ sign in the {mysql,ldap}_{open,close} functions so that
they don't show error messages
* Changed double quotes with single quotes where applicable for performance
reasons