URGENT: o scan ALL modules, so that they use consistent names for structures and variables in their instantiation (rlm_foo_t *inst), and that they call rlm_foo_detach() if anything goes wrong, instead of just free()'ing 'inst'. The cf_parse_section().. code may have malloc'd memory, and that needs to be free'd, too. o Stop unloading modules on HUP so that we can have persistant handles/socketc/etc from module_init(). Alan D. and Alan C. had a good plan for when to load/reload modules on the list recently...I say run with that. o double-check Cistron 'compat' mode, so that all current users of Cistron can upgrade "out of the box" to FreeRADIUS MEDIUM PRIORITY o go through all of the code and reformat it, for project standards o go through all of the code, removing unnecessary #include's, and generating a standard include file order which will work across all platforms. o rad_malloc() fixes: child processes/threads ALWAYS kill themselves if malloc() fails. The main server process does a 'sleep' for N seconds, and tries again. After T tries, it gives up, and calls exit(). LOW PRIORITY: o Write better documentation o Manual pages for the daemon, utilities and conffiles (some done) o Fix all FIXME's in the source. o better SNMP statistics support, for the auth/acct servers, and for each client. WAIT UNTIL NEXT RELEASE: o UPDATE accounting requests aren't handled as in 1.5.4.3 for wtmp Is this a problem ? Need to fix in rlm_unix.c o New module: rlm_fastradwtmp. with a radutmp-style active session database to guarantee wtmp records are always written in matching pairs. Because radlast is slow. o replace the module_t method table with a set of register_* functions (so different instances of the same module can offer different methods) o enable server to run with child processes (This is a little more difficult than the threading changes) o switch all timers from time() to gettimeofday() so processing is less bursty o SNMP support for querying users who are on-line. o New module: rlm_nsupdate (dyndns). Because dynamic addresses are cruel. WILL NOT DO: o module initialization AFTER forking, not before. --- The modules should NOT be setting up any process-dependent --- information. o there should be a way that radius itself could rotate the wtmp file properly. It should write "logout" records for all users, move the file to wtmp.0, and create a new wtmp file with "login" records for all currently online users. --- This work is for an external process to do --- DONE: o IPv6 o proxy receive rbtree stuff o rlm_perl o "listen" directive o fix radwho to read modules{radutmp{filename = }} o Add 'initialize' list in modules, so explicitely give initialization order. o merge OSF/OSFIA patches from Cistron. o Fix DBM support: - Put DBM into its own module - Multiple defaults (done) - Fallthrough (hard for not DEFAULT entries) o modular radutmp and radwtmp, as per Alan Curry's old patches. o Fix multiple/conflicting VALUE names as pointed out on the list. e.g. 'Rlogin' has different values when used with different ATTRIBUTEs, o go through *.c and *.h, adding comments at the top with a copyright, and a GPL license. o Integrated Alan Curry's module failover patch. o add more support for new configuration files o Fixed potentially long locks on radutmp file by radcheck thread This means unlocking the file, forking checkrad, and then locking the file again. o get rlm_unix to work with multiple instances o partial split of rlm_files into rlm_fastusers and rlm_detail o enable server to run in threaded mode o rlm_realm module for COMPLETE control of proxying on any attribute o re-transmits of proxied packets o operator support in pairmove. o stripping Prefix/Suffix in accounting o new configuration file /etc/raddb/radius.conf o Radius proxy support. o Max-Simultaneous-Use parameter to avoid double logins. o Specify a program to be run on succesful login o Prefix/Suffix support o Change radutmp format to v2 (see radutmp.h) o move radutmp to /var/log ? o Compatibility with radius-2.0 o Support for pidfile o Configurable logging: both radutmp/radwtmp and details files o session_id is not numeric but an 8-byte (?) string ! o Detect reboot packet sent by portmaster and clear radutmp / wtmp o Seperate /etc/raddb/clients into public and private file (secret == secret!) Add ts-type field to clients file for checklogin.pl Better: return clients to old form (no shortname) and add a new file, "nas" or so. Matching on this file is done based on Nas-Ip-Address instead of the IP address of the sender. Better if there's a proxy in between. o Allow spaces in usernames (using " or \ to escape) o Return Proxy-State A/V pairs, in the right order. o retransmits from the terminal server get proxied with a new ID and random_vector. We should check for this! o Limit logins based on time/date (for example, Login-Hour = 8-18, Login-Day = 0-5 for business hours) o take out host-order IP addresses o Support Connect-Rate o have a config file (or section in radiusd.conf) that tells rlm_sql what the names of the tables and columns are instead of hardcoding them o split rlm_files into rlm_users, rlm_fastusers (in-memory hash), rlm_detail, they all should share as much code as possible though, not be big cut-and-paste jobs o fix the request list walking code, to scan each element no more than once per second.