commit d2746ec6d4156347bb06a5236fbe76b00039e00b Author: Adrian Schröter Date: Mon Dec 18 17:11:38 2023 +0100 Sync from SUSE:ALP:Source:Standard:1.0 freeradius-client revision 3f222fca5405eb19ba299d385e6797d4 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..c527f01 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,17 @@ +In combination with package freeradius-server you can test this +freeradius-client package in a simple configuration. + +cp /usr/share/doc/packages/freeradius-client/login.radius/login.example /usr/sbin/login.radius +chmod +x /usr/sbin/login.radius + +You then have to change /etc/raddb/{clients,users} and +/etc/radiusclient/servers - just remove the '#' from the +corresponding lines. + +Start radiusd (insserv radiusd and then execute rcradiusd start). + +Afterwards you may install radlogin on e.g. /dev/tty8 and login +using a local user name. You are transferred to localhost via telnet - +not very interesting, but accounting is already enabled in /var/radacct. + +have fun, tmg diff --git a/freeradius-client-1.1.7.tar.gz b/freeradius-client-1.1.7.tar.gz new file mode 100644 index 0000000..626c6ff --- /dev/null +++ b/freeradius-client-1.1.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eada2861b8f4928e3ac6b5bbfe11e92cd6cdcacfce40cae1085e77c1b6add0e9 +size 433141 diff --git a/freeradius-client-missing_size_t_definition.patch b/freeradius-client-missing_size_t_definition.patch new file mode 100644 index 0000000..6bb2022 --- /dev/null +++ b/freeradius-client-missing_size_t_definition.patch @@ -0,0 +1,12 @@ +diff --git a/lib/rc-md5.h b/lib/rc-md5.h +index a30f16d..dcde619 100644 +--- a/lib/rc-md5.h ++++ b/lib/rc-md5.h +@@ -10,6 +10,7 @@ + #define _RC_MD5_H + + #include "config.h" ++#include + + #ifdef HAVE_NETTLE + diff --git a/freeradius-client.changes b/freeradius-client.changes new file mode 100644 index 0000000..a66b9ad --- /dev/null +++ b/freeradius-client.changes @@ -0,0 +1,80 @@ +------------------------------------------------------------------- +Mon Nov 6 16:05:23 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Thu Apr 23 15:13:18 UTC 2015 - vcizek@suse.com + +- update to 1.1.7: + * Allow "configure --with-nettle" to use nettle MD5 implementation. Patch from Nikos Mavrogiannopoulos. + * Clean up generation of random numbers. Patch from Nikos Mavrogiannopoulos. + * Update BSD license as permitted by Christos Zoulas. + * Define PW_MAX_MSG_SIZE for maximum message sice. Patch from Nikos Mavrogiannopoulos. + * Allow the dictionary file parser to understand BEGIN-VENDOR / END-VENDOR as with FreeRADIUS server. Patch from Nikos Mavrogiannopoulos. + * Added support for IPv6. Patch from Nikos Mavrogiannopoulos. + * Don't crash if a config option is unset. Patch from Nikos Mavrogiannopoulos. + * Fix encoding of "date" attributes. Patch from Christian Schoch. + * Build fixes from Sven Neuhaus, Ghennadi Procopciuc, Daniel Pocock, and gureedo. + * Fix memory leaks. Patches from Alex Massover, William King, gureedo, and FreeSWITCH. + * Fixes to retry algorithm. Patch from Lewis Adam. + * Zero out secret fields. Patch from Scott Neugroschl. + * Update the dictionaries. Patches from Bogdan-Andrei Iancu and gureedo. + * Make the library thread-safe. Based on a patch from Alex Massover. + * Made rc_avpair_log thread-safe by using a buffer supplied by the caller. Patch from Alex Massover. + * Removed lock file for sequence number. It isn't needed. + * Use poll() where possible to avoid issues with FD_SETSIZE. Patch from Alfred E. Heggestad. + * Set Acct-Delay-Time in Accounting-Request packets. Patch from Alfred E. Heggestad. +- add freeradius-client-missing_size_t_definition.patch to fix + build on 13.2 + +------------------------------------------------------------------- +Tue Dec 6 11:47:34 UTC 2011 - coolo@suse.com + +- BAD2c is not a license + +------------------------------------------------------------------- +Sat Oct 1 05:39:07 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Tue Feb 17 10:33:00 CET 2009 - prusnak@suse.cz + +- fix garbled login.example file [bnc#469682] + +------------------------------------------------------------------- +Wed Mar 19 17:03:39 CET 2008 - prusnak@suse.cz + +- updated to 1.1.6 + o Added dead_time functionality / configuration + o Merge in fixes and enhancements from 'radiusclient-ng' + o Improved functionality for embedded operation + - In use in FreeSWITCH and OpenSER projects + o Wrap gethostby*() family of calls with threadsafe variants + o Change UINT4 to uint32_t, int to size_t, etc. + o Fixed wrong usage of strncat function in several places +- dropped obsoleted patches: + * return.patch (included in update) + * strncat.patch (included in update) + +------------------------------------------------------------------- +Wed Mar 5 20:42:30 CET 2008 - crrodriguez@suse.de + +- fix build in BETA +- disable static libraries + +------------------------------------------------------------------- +Wed Nov 7 15:36:06 CET 2007 - prusnak@suse.cz + +- change %{version}-%{release} to %{version} in Requires tag + +------------------------------------------------------------------- +Thu Mar 8 11:05:42 CET 2007 - prusnak@suse.cz + +- created package from BuildService + * project: network:aaa + * package: freeradius-client + * version: 1.1.5 + diff --git a/freeradius-client.spec b/freeradius-client.spec new file mode 100644 index 0000000..73ccdcf --- /dev/null +++ b/freeradius-client.spec @@ -0,0 +1,112 @@ +# +# spec file for package freeradius-client +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: freeradius-client +Version: 1.1.7 +Release: 0 +Summary: FreeRADIUS Client Software +License: BSD-2-Clause +Group: Productivity/Networking/Radius/Clients +URL: http://www.freeradius.org/freeradius-client/ +Source: ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.gz +Source1: README.SUSE +Source2: login.example +Patch0: freeradius-client-missing_size_t_definition.patch +BuildRequires: libnettle-devel +BuildRequires: libtool +BuildRequires: pkg-config +Obsoletes: radiusclient +Obsoletes: radiusclient-ng +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +A portable, easy-to-use and standard compliant library suitable for +developing free and commercial software that need support for a RADIUS +protocol (RFCs 2128 and 2139). + +%package libs +Summary: Shared library of FreeRADIUS Client +Group: Productivity/Networking/Radius/Clients + +%description libs +The package contains the shared library of FreeRADIUS Client + +%package devel +Summary: Header files, libraries and development documentation for freeradius-client +Group: Productivity/Networking/Radius/Clients +Requires: %{name}-libs = %{version} +Requires: glibc-devel + +%description devel +This package contains the header files, static libraries and +development documentation for freeradius-client. You need to install +freeradius-client-devel if you want to develop applications using +freeradius-client. + +%prep +%setup -q +%patch0 -p1 +find -type d -name CVS -print | xargs rm -rf +cp %{SOURCE1} . +cp %{SOURCE2} login.radius + +%build +autoreconf -fiv +%configure \ + --localstatedir=%{_localstatedir}/lib \ + --enable-shadow \ + --with-nettle \ + --with-secure-path \ + --disable-static \ + --with-pic +make %{?_smp_mflags} + +%install +make "DESTDIR=$RPM_BUILD_ROOT" install +rm -f %{buildroot}/%{_sbindir}/login.radius +rm -f login.radius/Makefile* +rm -f login.radius/migs/Makefile* +find %{buildroot} -type f -name "*.la" -delete -print + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%files +%defattr(-, root, root) +%doc BUGS COPYRIGHT README.radexample doc/ChangeLog doc/instop.html doc/login.example +%doc login.radius README.SUSE +%dir %{_sysconfdir}/radiusclient +%{_sysconfdir}/radiusclient/dictionary +%{_sysconfdir}/radiusclient/dictionary.* +%config(noreplace) %{_sysconfdir}/radiusclient/radiusclient.conf +%config(noreplace) %{_sysconfdir}/radiusclient/issue +%config(noreplace) %{_sysconfdir}/radiusclient/port-id-map +%config(noreplace) %{_sysconfdir}/radiusclient/servers +%{_sbindir}/* + +%files libs +%defattr(-, root, root) +%{_libdir}/*.so.* + +%files devel +%defattr(-, root, root) +%{_libdir}/*.so +%{_includedir}/*.h + +%changelog diff --git a/login.example b/login.example new file mode 100644 index 0000000..7d662bb --- /dev/null +++ b/login.example @@ -0,0 +1,244 @@ +#!/usr/bin/perl +# +# Sample login-Script for use with radlogin +# +# Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. +# +# please send bugfixes or comments to feedback@suse.de. +# +# derived partly from login.radius/migs/login.radius +# currently does not do anything useful - for testing purposes only +# It only sets up Accounting for a simple Rlogin-User +# +# You can install this is /usr/sbin/login.radius for testing with +# radlogin + +use strict; + +# Programs and files. +my $prog_radacct = "/usr/bin/radacct"; +my $prog_rlogin = "/usr/bin/rlogin"; +my $prog_telnet = "/usr/bin/telnet"; +my $prog_tcpclear = "/usr/bin/telnet -e ''"; +my $prog_tty = "/usr/bin/tty"; +my $prog_who = "/usr/bin/who"; + +my $debug = 1; + +my $path_radiusclient_map = "/etc/radclient/port-id-map"; + +my $login_host = "0.0.0.0"; + +############################################################################# + +# Main program. + +print "Starting.\n" if ($debug); + +# Run 'who am i' to determine the current port. +my $port = `$prog_tty`; +chomp ($port); + +# Translate port numbers to numbers for RADIUS. +# This translation is done again by radacct, but it may be useful here. +# Remove if CPU time is a problem. + +my ($portid, $line); +open (H, $path_radiusclient_map); +while (($line = ) && (!$portid)) +{ + my @info = split (/\s+/, $line); + $portid = $info[1] if ($info[0] eq $port); +} +close (H); + +if ($debug) +{ + # Print out all the RADIUS variables. + my @el = grep (/^RADIUS/, keys (%ENV)); + my $e; + foreach $e (@el) + { + print "$e = " . $ENV{$e} . "\n"; + } +} + +# If the service type is Framed, then give them PPP. +# SLIP is not implemented (and will probably never be). +my $username = $ENV{"RADIUS_USER_NAME"}; + +# Generate a "unique" string for the session ID. +my $sessionid = "$$" . time (); + +if ($ENV{"RADIUS_SERVICE_TYPE"} =~ /Login/) +{ + # Warning: This code has not been tested as well as the PPP version, + # as of now (19961107). + + # Determine what host to connect to. + if (($ENV{"RADIUS_LOGIN_IP_HOST"} eq "0.0.0.0") || + !defined ($ENV{"RADIUS_LOGIN_IP_HOST"})) + { + die ("login_host not defined"); + } + elsif ($ENV{"RADIUS_LOGIN_IP_HOST"} eq "255.255.255.255") + { + # The user should be able to choose. Prompt the user. + print "Host to connect to? "; + $login_host = ; + chomp ($login_host); + } + else + { + # Use what's specified by the RADIUS server. + $login_host = $ENV{"RADIUS_LOGIN_IP_HOST"}; + } + + # Log into a host. Default to telnet. Do the accounting + # now, since the target of the login wouldn't know how to + # account for it. + + # Time. + my $timestart = time (); + my $login_service = $ENV{"RADIUS_LOGIN_SERVICE"}; + + # What protocol are we running? + my ($prog_run, $login_port); + + if ($login_service eq "Rlogin") + { + $prog_run = $prog_rlogin; + } + elsif ($login_service eq "Telnet") + { + $prog_run = $prog_telnet; + $login_port = $ENV{"RADIUS_LOGIN_PORT"}; + } + elsif ($login_service eq "TCP-Clear") + { + $prog_run = $prog_tcpclear; + $login_port = $ENV{"RADIUS_LOGIN_PORT"}; + } else { + die "unkown login_service $login_service\n"; + } + + # Start accounting. Send the record. + open (H, "| $prog_radacct") || die ("Cannot run $prog_radacct"); + + my $cmd = + "Acct-Session-ID = \"$sessionid\"\n" . + "User-Name = \"$username\"\n" . + "Acct-Status-Type = Start\n" . + "Acct-Authentic = RADIUS\n" . + "Service-Type = Login-User\n" . + "Login-Service = " . $login_service . "\n" . + "Login-IP-Host = $login_host\n"; + print H $cmd; + close (H); + + # Store the user information into portinfo. We need to + # manually fork, since we have to know the PID of the program. + + my $pid = fork (); + if ($pid == 0) + { + # Child. Run the program. + # print "Connecting to $login_host:\n"; + my $cmd = "$prog_run $login_host $login_port"; + print "Running $cmd\n" if ($debug); + exec ("$cmd"); + } + else + { + # Parent. + $login_host = $ENV{"RADIUS_LOGIN_IP_HOST"}; + } + + # Log into a host. Default to telnet. Do the accounting + # now, since the target of the login wouldn't know how to + # account for it. + + # Time. + my $timestart = time (); + my $login_service = $ENV{"RADIUS_LOGIN_SERVICE"}; + + # What protocol are we running? + my ($prog_run, $login_port); + + if ($login_service eq "Rlogin") + { + $prog_run = $prog_rlogin; + } + elsif ($login_service eq "Telnet") + { + $prog_run = $prog_telnet; + $login_port = $ENV{"RADIUS_LOGIN_PORT"}; + } + elsif ($login_service eq "TCP-Clear") + { + $prog_run = $prog_tcpclear; + $login_port = $ENV{"RADIUS_LOGIN_PORT"}; + } else { + die "unkown login_service $login_service\n"; + } + + # Start accounting. Send the record. + open (H, "| $prog_radacct") || die ("Cannot run $prog_radacct"); + + my $cmd = + "Acct-Session-ID = \"$sessionid\"\n" . + "User-Name = \"$username\"\n" . + "Acct-Status-Type = Start\n" . + "Acct-Authentic = RADIUS\n" . + "Service-Type = Login-User\n" . + "Login-Service = " . $login_service . "\n" . + "Login-IP-Host = $login_host\n"; + print H $cmd; + close (H); + + # Store the user information into portinfo. We need to + # manually fork, since we have to know the PID of the program. + + my $pid = fork (); + if ($pid == 0) + { + # Child. Run the program. + # print "Connecting to $login_host:\n"; + my $cmd = "$prog_run $login_host $login_port"; + print "Running $cmd\n" if ($debug); + exec ("$cmd"); + } + else + { + # Parent. + # Create the portinfo record, which needs the pid of the program + # to kill. + # The IP address is all zero, as it is not applicable here. + # Store the time now, and the Session-Timeout. + + # Wait for the session to finish. + waitpid ($pid, 0); + } + # Stop. Send the record. + open (H, "| $prog_radacct") || die ("Cannot run $prog_radacct"); + + my $timespent = time () - $timestart; + + my $cmd = + "Acct-Session-ID = \"$sessionid\"\n" . + "User-Name = \"$username\"\n" . + "Acct-Status-Type = Stop\n" . + "Acct-Authentic = RADIUS\n" . + "Service-Type = Login-User\n" . + "Login-Service = " . $login_service . "\n" . + "Login-IP-Host = $login_host\n" . + "Acct-Session-Time = $timespent\n"; + + print H $cmd; + close (H); +} else { + my $r = $ENV{"RADIUS_SERVICE_TYP"}; + print "Unhandled Service-Type $r\n"; +} + +### END ####