· Changed how the socket is created so that the given time out argument applies to the socket connection as well as read time outs.
· It was possible for the PRNG to be available but uninitialized in some circumstances. This has been fixed.
· If a reply packet is corrupt a ClientReceiveException is thrown. This occurs when the secret keys mismatch. It used to rely on the incoming message's status information but that could be corrupted to false positive.
· Examples are now self contained and do not need a classpath set up. It is still optional to use the external classpath by editing the .bat and .sh files in the example directory.
· SecureRandom, as used by the TACACS client, could consume the /dev/random contents on some Linux systems. A new PRNG uses the MersenneTwister seeded with SecureRandom and a counter and run through SHA1 has replaced calling SecureRandom. It reseeds itself requently. time to time.
· Replaced the larger ByteIterator class with a smaller, more efficient one. Also replaced the BitArray class with a more complete version.
· There was an error in the debugging output of unecoded packets that caused a NullPointerException. This has been fixed.
· The AttributeList class was not adding attributes correctly to two tables which may have caused some problems (no problems reported). It was reported that the source code had the inconsistency so it's fixed.
· Cosmetic change - the PacketHeader.toString() would report a single session as multi-session. Now it explicitly indicates whether the packet is a single connect or multi-session.
· There was a problem in Continue packets where the data size was misrepresented. This has been corrected. It resulted in corrupt packets being sent if the data length was over 15 bytes. This could affect either the user name or the password in ASCII authentication. No other authentication methods are affected.
· Fixed a bug where accounting and authorization packets could be considered corrupt when they were perfectly correct.
· The debug packet display shows both the plain text and encrypted versions of the packet.
· Corrupt packets (likely due to bad encodings by mismatched secrets) are detected.
· More complete checking of the header information to assist debugging.
· Fixed a display problem in Continue packets.
· New example clients have been added that illustrate ARAP, MSCHAP, PAP, CHAP, and ASCII authentication methods as well as authorization and accounting.
· Fixed a problem with ARAP. It was not creating the DES key properly.
· The AVPair class did not understand that an attribute may have an empty value. This has been fixed.
· Sun's crypto provider does not provide the MD4 message digest. Other code has been provided to overcome this omission on Sun's part. This affected MSCHAP authentication - it would throw a null pointer exception.
· Fixed a problem that caused the faulty contruction of the jar and source files that resulted in the demo random number generator being included instead of the SecureRandom version. V 1.07 Feb 14, 2005
· Removed specific BouncyCastle crypto functions. Now the default provider is used. This changed how the MD4 and MD5 digests are created. BouncyCastle provides a much faster MD5/MD4 than the default algthough for a client is is probably not that important. DES encryption is now accessed from the default crypto provider as well.
· The mschap.java class has been renamed to MSChap and the construct is public.
· The TACACSClient method authenticationContinue() has been fixed to use the correct flags (TAC_PLUS_CONTINUE_FLAG_ABORT and TAC_PLUS_CONTINUE_FLAG_OK). The CONTINUE / REPLY protocol works better now.
· Some cosmetic changes inside to make better use of constants.
· Changed the DES crypto to use the SUN crypto package. Some methods that didn't formerly throw the TACACException now do. Please recomplile your code with the new jar file to find these methods.
· Internal changes to some private and protected methods to allow for debugging display of packets.
· When debugging is enabled using the TACACSClient.setDebugging() method request and reply packet unencrypted contents are be displayed.
· Fixed an error in decoding the different authentication replies - two messages were picked up where only one was present. The getAdminMessage() method has been removed.
· Added missing Authorization STATUS contstants, like TAC_PLUS_AUTHOR_STATUS_FAIL.
· Improved the examples/modserver/ModAttributes example.
· Changes the name of TACACSSession.encrypt(boolean encrypt) to TACACSSession.enableEncryption(boolean enable) so it matches the same method used in the TACACSClient.
· The global settings of the header flags weren't sent to the TACACSSession when it was created. This is fixed. Now global settings will initially apply to the session.
· Removed the list of legal attributes from AuthenticationAttributes and AuthorizationAttributes. The AttributeList class replaces both.
· Fixed a problem with authorization attributes not being returned.
· Initial coding.