From 655cbba530c54e68226a0de0822c4ee2d58849c6f9d8a759ecf0836a047add07 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 1 Feb 2008 03:33:23 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + freeradius-server-2.0.1-conf_read.patch | 12 + freeradius-server-2.0.1-dialup_admin.patch | 170 +++++ freeradius-server-2.0.1-ltdl.patch | 45 ++ freeradius-server-2.0.1-rcradiusd.patch | 22 + freeradius-server-2.0.1-strncat.patch | 38 + freeradius-server-2.0.1.tar.bz2 | 3 + freeradius-server.changes | 629 ++++++++++++++++ freeradius-server.spec | 787 +++++++++++++++++++++ radadmin.pdf | 3 + radqkstart.pdf | 3 + ready | 0 13 files changed, 1736 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 freeradius-server-2.0.1-conf_read.patch create mode 100644 freeradius-server-2.0.1-dialup_admin.patch create mode 100644 freeradius-server-2.0.1-ltdl.patch create mode 100644 freeradius-server-2.0.1-rcradiusd.patch create mode 100644 freeradius-server-2.0.1-strncat.patch create mode 100644 freeradius-server-2.0.1.tar.bz2 create mode 100644 freeradius-server.changes create mode 100644 freeradius-server.spec create mode 100644 radadmin.pdf create mode 100644 radqkstart.pdf create mode 100644 ready diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/freeradius-server-2.0.1-conf_read.patch b/freeradius-server-2.0.1-conf_read.patch new file mode 100644 index 0000000..0729ba1 --- /dev/null +++ b/freeradius-server-2.0.1-conf_read.patch @@ -0,0 +1,12 @@ +--- src/modules/rlm_protocol_filter/rlm_protocol_filter.c ++++ src/modules/rlm_protocol_filter/rlm_protocol_filter.c +@@ -100,8 +100,7 @@ + return -1; + } + +- inst->cs = conf_read("rlm_protocol_filter", 0, +- inst->filename, NULL); ++ inst->cs = cf_file_read(inst->filename); + if (!inst->cs) { + filter_detach(inst); + return -1; diff --git a/freeradius-server-2.0.1-dialup_admin.patch b/freeradius-server-2.0.1-dialup_admin.patch new file mode 100644 index 0000000..b0e2664 --- /dev/null +++ b/freeradius-server-2.0.1-dialup_admin.patch @@ -0,0 +1,170 @@ +--- dialup_admin/bin/backup_radacct ++++ dialup_admin/bin/backup_radacct +@@ -1,7 +1,7 @@ + #!/usr/bin/perl + use POSIX; + +-$conf=shift||'/data/local/dialupadmin/conf/admin.conf'; ++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; + $back_days = 80; + $backup_directory = "/logs/radiusd/accounting"; + +@@ -48,4 +48,4 @@ + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); + $command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' $backup_directory/$date3" if ($sql_type eq 'sqlrelay'); + `$comm`; +-`/usr/local/bin/gzip -9 $backup_directory/$date3`; ++`/usr/bin/gzip -9 $backup_directory/$date3`; +--- dialup_admin/bin/clean_radacct ++++ dialup_admin/bin/clean_radacct +@@ -6,7 +6,7 @@ + # + use POSIX; + +-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; ++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; + $back_days = 35; + + +--- dialup_admin/bin/clearsession ++++ dialup_admin/bin/clearsession +@@ -49,8 +49,8 @@ + } + if ($nastype eq 'cisco' && $type eq 'snmp'){ + +- $SNMPGET="/usr/local/bin/snmpget"; +- $SNMPSET="/usr/local/bin/snmpset"; ++ $SNMPGET="/usr/bin/snmpget"; ++ $SNMPSET="/usr/bin/snmpset"; + + die "Could not find snmpwalk binary. Please make sure that the \$SNMPGET variable points to the right location\n" if (! -x $SNMPGET); + die "Could not find snmpset binary. Please make sure that the \$SNMPSET variable points to the right location\n" if (! -x $SNMPSET); +--- dialup_admin/bin/dialup_admin.cron ++++ dialup_admin/bin/dialup_admin.cron +@@ -1,4 +1,4 @@ +-1 0 * * * /usr/local/dialup_admin/bin/tot_stats >/dev/null 2>&1 +-5 0 * * * /usr/local/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1 +-10 0 1 * * /usr/local/dialup_admin/bin/truncate_radacct >/dev/null 2>&1 +-15 0 1 * * /usr/local/dialup_admin/bin/clean_radacct >/dev/null 2>&1 ++1 0 * * * /usr/share/dialup_admin/bin/tot_stats >/dev/null 2>&1 ++5 0 * * * /usr/share/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1 ++10 0 1 * * /usr/share/dialup_admin/bin/truncate_radacct >/dev/null 2>&1 ++15 0 1 * * /usr/share/dialup_admin/bin/clean_radacct >/dev/null 2>&1 +--- dialup_admin/bin/log_badlogins ++++ dialup_admin/bin/log_badlogins +@@ -17,7 +17,7 @@ + $|=1; + + $file=shift||'none'; +-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; ++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; + $all_file=shift||'no'; + # + # Uncomment to force inserts even if there are sql errors. That can +--- dialup_admin/bin/monthly_tot_stats ++++ dialup_admin/bin/monthly_tot_stats +@@ -8,7 +8,7 @@ + # Works only with mysql and postgresql + # + +-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; ++$conf=shift||'/usr/sharel/dialup_admin/conf/admin.conf'; + + + open CONF, "<$conf" +--- dialup_admin/bin/showmodem ++++ dialup_admin/bin/showmodem +@@ -7,7 +7,7 @@ + $comm=shift || "public"; + $type=shift|| "xml"; + +-$conf='/usr/local/dialup_admin/conf/admin.conf'; ++$conf='/usr/share/dialup_admin/conf/admin.conf'; + open CONF, "<$conf" + or die "Could not open configuration file\n"; + while(){ +--- dialup_admin/bin/snmpfinger ++++ dialup_admin/bin/snmpfinger +@@ -6,7 +6,7 @@ + $comm=shift || 'public'; + $type=shift || 'cisco'; + +-$conf='/usr/local/dialup_admin/conf/admin.conf'; ++$conf='/usr/share/dialup_admin/conf/admin.conf'; + open CONF, "<$conf" + or die "Could not open configuration file\n"; + while(){ +--- dialup_admin/bin/tot_stats ++++ dialup_admin/bin/tot_stats +@@ -7,7 +7,7 @@ + # Works with mysql and postgresql + # + +-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; ++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; + + + open CONF, "<$conf" +--- dialup_admin/bin/truncate_radacct ++++ dialup_admin/bin/truncate_radacct +@@ -6,7 +6,7 @@ + # + use POSIX; + +-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; ++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; + $back_days = 90; + + +--- dialup_admin/conf/admin.conf ++++ dialup_admin/conf/admin.conf +@@ -19,11 +19,11 @@ + # + # The directory where dialupadmin is installed + # +-general_base_dir: /usr/local/dialup_admin ++general_base_dir: /usr/share/dialup_admin + # + # The base directory of the freeradius radius installation + # +-general_radiusd_base_dir: /usr/local/radiusd ++general_radiusd_base_dir: / + general_domain: company.com + # + # Set it to yes to use sessions and cache the various mappings +@@ -66,8 +66,8 @@ + general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb + general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap + # Need to fix admin.conf file parser +-#general_clients_conf: %{general_raddb_dir}/clients.conf +-general_clients_conf: /usr/local/etc/raddb/clients.conf ++general_clients_conf: %{general_raddb_dir}/clients.conf ++#general_clients_conf: /usr/local/etc/raddb/clients.conf + general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap + general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs + general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap +@@ -260,7 +260,7 @@ + # This variable is used by the scripts in the bin folder + # It should contain the path to the sql binary used to run + # sql commands (mysql, psql, oracle and sqlrelay are only supported for now) +-sql_command: /usr/local/bin/mysql ++sql_command: /usr/bin/mysql + #sql_command: /usr/bin/psql + #sql_command: /usr/bin/sqlplus + # +@@ -269,12 +269,12 @@ + # used to run snmp commands. + # (ucd = UCD-Snmp and net = Net-Snmp are only supported for now) + general_snmp_type: net +-general_snmpwalk_command: /usr/local/bin/snmpwalk +-general_snmpget_command: /usr/local/bin/snmpget ++general_snmpwalk_command: /usr/bin/snmpwalk ++general_snmpget_command: /usr/bin/snmpget + # + # Uncomment to enable sql debug + # +-sql_debug: true ++#sql_debug: true + # + # If set to yes then the HTTP credentials (http authentication) + # will be used to connect to the sql server instead of sql_username diff --git a/freeradius-server-2.0.1-ltdl.patch b/freeradius-server-2.0.1-ltdl.patch new file mode 100644 index 0000000..aaa6954 --- /dev/null +++ b/freeradius-server-2.0.1-ltdl.patch @@ -0,0 +1,45 @@ +--- src/main/modules.c ++++ src/main/modules.c +@@ -202,7 +202,11 @@ + /* + * Keep the handle around so we can dlclose() it. + */ +- handle = lt_dlopenext(module_name); ++ char *tmp = malloc(strlen(module_name) + 4); ++ strcpy(tmp, module_name); ++ strcat(tmp, ".so"); ++ handle = lt_dlopenext(tmp); ++ free(tmp); + if (handle == NULL) { + cf_log_err(cf_sectiontoitem(cs), + "Failed to link to module '%s': %s\n", +--- src/modules/rlm_eap/eap.c ++++ src/modules/rlm_eap/eap.c +@@ -83,7 +83,11 @@ + snprintf(buffer, sizeof(buffer), "rlm_eap_%s", eaptype_name); + + /* Link the loaded EAP-Type */ +- handle = lt_dlopenext(buffer); ++ char *tmp = malloc(strlen(buffer) + 4); ++ strcpy(tmp, buffer); ++ strcat(tmp, ".so"); ++ handle = lt_dlopenext(tmp); ++ free(tmp); + if (handle == NULL) { + radlog(L_ERR, "rlm_eap: Failed to link EAP-Type/%s: %s", + eaptype_name, lt_dlerror()); +--- src/modules/rlm_sql/rlm_sql.c ++++ src/modules/rlm_sql/rlm_sql.c +@@ -820,7 +820,11 @@ + return -1; + } + +- inst->handle = lt_dlopenext(inst->config->sql_driver); ++ char *tmp = malloc(strlen(inst->config->sql_driver) + 4); ++ strcpy(tmp, inst->config->sql_driver); ++ strcat(tmp, ".so"); ++ inst->handle = lt_dlopenext(tmp); ++ free(tmp); + if (inst->handle == NULL) { + radlog(L_ERR, "rlm_sql (%s): Could not link driver %s: %s", + inst->config->xlat_name, inst->config->sql_driver, diff --git a/freeradius-server-2.0.1-rcradiusd.patch b/freeradius-server-2.0.1-rcradiusd.patch new file mode 100644 index 0000000..bccae91 --- /dev/null +++ b/freeradius-server-2.0.1-rcradiusd.patch @@ -0,0 +1,22 @@ +--- suse/rcradius-relayd ++++ suse/rcradius-relayd +@@ -12,7 +12,7 @@ + # + ### BEGIN INIT INFO + # Provides: radius-relayd +-# Required-Start: $network $syslog $remotefs ++# Required-Start: $network $syslog $remote_fs + # Required-Stop: + # Default-Start: 3 5 + # Default-Stop: 0 1 2 6 +--- suse/rcradiusd ++++ suse/rcradiusd +@@ -12,7 +12,7 @@ + # + ### BEGIN INIT INFO + # Provides: radiusd +-# Required-Start: $network $syslog $remotefs ++# Required-Start: $network $syslog $remote_fs + # Required-Stop: + # Default-Start: 3 5 + # Default-Stop: 0 1 2 6 diff --git a/freeradius-server-2.0.1-strncat.patch b/freeradius-server-2.0.1-strncat.patch new file mode 100644 index 0000000..57850d8 --- /dev/null +++ b/freeradius-server-2.0.1-strncat.patch @@ -0,0 +1,38 @@ +--- src/modules/rlm_sim_files/rlm_sim_files.c ++++ src/modules/rlm_sim_files/rlm_sim_files.c +@@ -163,7 +163,7 @@ + if(f) + { + imsi[0]='\0'; +- strncat(imsi, f, sizeof(imsi)); ++ strncat(imsi, f, sizeof(imsi)-1); + fieldcount++; + } + +@@ -177,7 +177,7 @@ + if(f) + { + chal[2]='\0'; +- strncat(chal+2, f, sizeof(chal)-2); ++ strncat(chal+2, f, sizeof(chal)-3); + fieldcount++; + } + +@@ -185,7 +185,7 @@ + if(f) + { + sres[2]='\0'; +- strncat(sres+2, f, sizeof(sres)-2); ++ strncat(sres+2, f, sizeof(sres)-3); + fieldcount++; + } + +@@ -193,7 +193,7 @@ + if(f) + { + kc[2]='\0'; +- strncat(kc+2, f, sizeof(kc)-2); ++ strncat(kc+2, f, sizeof(kc)-3); + fieldcount++; + } + diff --git a/freeradius-server-2.0.1.tar.bz2 b/freeradius-server-2.0.1.tar.bz2 new file mode 100644 index 0000000..6d3c5f9 --- /dev/null +++ b/freeradius-server-2.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d5e1cd96762cc2091d64198bc50d03690f94dfd4d96b36a042dda1490b8143df +size 2270018 diff --git a/freeradius-server.changes b/freeradius-server.changes new file mode 100644 index 0000000..7586c64 --- /dev/null +++ b/freeradius-server.changes @@ -0,0 +1,629 @@ +------------------------------------------------------------------- +Tue Jan 29 14:33:35 CET 2008 - prusnak@suse.cz + +- replace obsoleted call to conf_read with cf_file_read (conf_read.patch) +- split off -doc subpackage + +------------------------------------------------------------------- +Thu Jan 24 16:39:37 CET 2008 - prusnak@suse.cz + +- fix strncat usage (strncat.patch) + +------------------------------------------------------------------- +Tue Jan 22 16:23:12 CET 2008 - prusnak@suse.cz + +- updated to 2.0.1 + * improve unlang + * update acct_module + * fix parsing of syslog logging + * minor fixes over 2.0.0 + +------------------------------------------------------------------- +Tue Jan 22 13:58:25 CET 2008 - prusnak@suse.cz + +- renamed to freeradius-server (to follow upstream change) +- updated to 2.0.0: + o Feature improvements + * Debugging mode is much clearer and easier to read. + * A new policy language makes many configurations trivial. + See "man unlang" for a complete description. + * Virtual servers are now supported. This permits clear separation + of policies. See raddb/sites-available/README + * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work". + See raddb/certs/README for details. + * Proxying is much more configurable than before. + See proxy.conf for documentation on pools, and new config items. + * Full support for IPv6. + * Much more complete support for the RADIUS SNMP MIBs. + * HUP now works. Only some modules are re-loaded, + and the server configuation is *not* reloaded. + * "check config" option now works. See "man radiusd" + * radrelay functionality is now included in the server core. + See raddb/sites-available/copy-acct-to-home-server + * VMPS support. It is minimal, but functional. + * Cleaned up internal API's and names, including library names. + o Bug fixes + * Many. +- removed obsolete patch: + * type_punning.patch + +------------------------------------------------------------------- +Tue Dec 4 18:08:41 CET 2007 - prusnak@suse.cz + +- remove openldap2 from BuildRequires + +------------------------------------------------------------------- +Tue Nov 6 13:16:58 CET 2007 - prusnak@suse.cz + +- updated to 1.1.7 + Feature Improvements + * Updated LDAP documentation. + * Added note on DH parameters in eap.conf, and debugging messages + which complain if DH is used, but not configured properly. + * Updated the Mikrotik dictionary. Added a note that the sample + dictionary they supply is broken. + * Output more information on blocked threads, which should help + narrow down which modules is causing the problem. + * Added more eDirectory support. + * rlm_ldap now prints out attributes in the standard format + * Enabled server-side handling of procedures in MySQL + Bug Fixes + * Added NT-Hash support for mschap_xlat. + * Corrected documentation to point to correct location of files. + * Checks for more recent FreeBSD versions. + * uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes. + * Use correct value for authentication name in rlm_mschap. + * Fix over-ride for usernames when use_tunneled_reply = yes. + +------------------------------------------------------------------- +Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de + +- Update to 1.1.6. Changes since 1.1.3: + Feature improvements + * Added dictionary.rfc4372 (Chargeable User Identity) + * Added dictionary.rfc4675 (VLAN and Priority) + * Added dictionary.rfc4679 (ADSL Forum) + NOTE some name differences from the RFC, due to dictionary.redback + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Added more dictionaries + * Dictionary files now MUST NOT be globally writable. + * Configuration files now MUST NOT be globally readable, + or globally writable. + * Be more aggressive about freeing memory on clean exit. + This helps track down run-time leaks. + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Major enhancements to rlm_pap, that make "encryption_scheme" + a thing of the past. See "man rlm_pap" for details. + * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use + work-arounds that enable Windows Vista clients to work. + * Added preliminary code to support Firebird. + Use at your own risk! + * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more + platforms. + * Add a new "reply-name" directive in rlm_sqlcounter to define the + name of the reply attribute. + * Added more dictionaries and attributes + * Print ntlm_auth failure reason in Module-Failure-Message + * radsqlrelay is able to get the DB password from a file instead + of command line. + + Bug fixes + * Corrected typo in rlm_pap.c + * Corrected typo in src/main/auth.c + * Suppress SSL error messages if error is zero. + * Don't complain about "Error in read client certificate A" + if we expect to read it in the next packet. Fix based on patch + by Dan Lukes. + * Corrected nearly 30 bugs found by Coverity + See also http://scan.coverity.com + * Don't die on HUP. Instead leak memory (sorry). After a few + hundred HUP's, the server will have leaked a few megabytes of + memory, and you should probably re-start it. It's ugly, but + better than dying. + * Corrected a few double free's + * Corrected typo in radrelay, which prevented it from working + * Made Firebird module build + * Fixed bug in PostgreSQL module that caused server crash. + * Fixed bug in SQL module that could cause server to crash. + * Corrected base64 decoding in rlm_pap + * Don't retransmit accounting packets. The NAS should do this. + * Handle Client-Error in EAP-SIM. + * Port OpenSSL locking fixes from CVS head. This makes PEAP + more stable on some systems. + * Require Message-Authenticator in Status-Server packets + * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868 + * Be more aggressibe about freeing memory on clean exit. + This isn't strictly a bug fix, but it makes it easier to + find memory leaks + * Increase buffer size for dynamic expansion, which allows + longer SQL qeuries. + * Use correct line number when there's a parse error in one + of the configuration sections. + * Terminate SSL sessions in EAP on error, rather than continuing + in some cases. + * Increase buffer size to allow parsing of long octet strings + * Fix string termination on xlat in rlm_perl + * Fix a parse error in the digest module, where malformed + digest requests would result in the user being accepted. Oops... + * VALUEs can only be defined for 'integer', to catch mistakes + with setting VALUEs for type 'string'. + * Better parsing of VALUE names, so that values starting with + a digit work correctly. + * Check return from malloc. + * Fix a double free() in rlm_eap_tls.c + * Check return code of malloc() during initialization. + * Fix a corner case where the proxy port isn't set either in + radiusd.conf or in proxy.conf. + +------------------------------------------------------------------- +Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de + +- add gdbm-devel BuildRequires + +------------------------------------------------------------------- +Sun Feb 11 18:33:47 CET 2007 - ro@suse.de + +- one oversight in last change, build tested + +------------------------------------------------------------------- +Sun Feb 11 12:00:25 CET 2007 - ro@suse.de + +- fix build as non-root + +------------------------------------------------------------------- +Mon Sep 4 11:18:59 CEST 2006 - kukuk@suse.de + +- Make sure that pam_nologin.so will always be executed. + +------------------------------------------------------------------- +Wed Aug 23 20:34:55 CEST 2006 - stark@suse.de + +- update to version 1.1.3 + * autoconf updates + * More dictionary updates + * Security and portability fixes to rlm_otp + * Miscellaneous bug fixes + +------------------------------------------------------------------- +Mon Jun 5 22:31:04 CEST 2006 - stark@suse.de + +- update to version 1.1.2 + * Allow tagged VSA's for Juniper. + * Allow Ascend "abinary" format to be specified as octets, + (e.g. Ascend-Data-Filter = 0x010203...) + * Added "cipher_list" configuration to the EAP-TLS module. + See "eap.conf" and "man 1 cipher" for details. + * Added "check_cert_issuer" configuration to the EAP-TLS module. + See "eap.conf" for details. + * Added "suppress" configuration entry to rlm_detail, + to suppress certain attributes (e.g. User-Password). + * Write SSL errors to log file, rather than stderr. + * Allow a core dump on uid change on Linux + * Bugfixes + +------------------------------------------------------------------- +Wed May 24 15:58:41 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de + +- fixed an error on x86_64 machines when reading dictionaries + (#161503) +- make "use_tunneled_reply" work properly for PEAP + +------------------------------------------------------------------- +Mon Mar 27 14:32:09 CEST 2006 - ro@suse.de + +- also use fPIC on s390* + +------------------------------------------------------------------- +Thu Mar 23 20:39:02 CET 2006 - stark@suse.de + +- fixed validation issue with the EAP-MSCHAPv2 module (#160249) + +------------------------------------------------------------------- +Wed Jan 25 21:36:01 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 20 18:19:32 CET 2006 - stark@suse.de + +- fixed directory permissions (#141153) + +------------------------------------------------------------------- +Thu Jan 19 01:23:36 CET 2006 - ro@suse.de + +- changed php requires to generic ones (for php5) + +------------------------------------------------------------------- +Sat Jan 14 16:40:53 CET 2006 - stark@suse.de + +- use --with-udpfromto useful for systems with multiple addresses + +------------------------------------------------------------------- +Thu Jan 12 22:48:30 CET 2006 - stark@suse.de + +- update to version 1.1.0 + +------------------------------------------------------------------- +Wed Jan 11 16:03:44 CET 2006 - stark@suse.de + +- adding stack-protector to CFLAGS +- don't package *.la files for now (#141207) + +------------------------------------------------------------------- +Wed Dec 21 10:14:01 CET 2005 - stark@suse.de + +- fixed realloc() in rlm_pam + +------------------------------------------------------------------- +Tue Nov 15 21:49:18 CET 2005 - stark@suse.de + +- moved dialup_admin to subpackage and integrate it into + Apache 2 configuration + +------------------------------------------------------------------- +Mon Sep 26 01:35:29 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de + +- update to version 1.0.5 +- updated eDirectory integration documentation + +------------------------------------------------------------------- +Fri Sep 23 01:38:53 CEST 2005 - ro@suse.de + +- fix build-dir references in .la files + +------------------------------------------------------------------- +Tue Aug 30 12:50:30 CEST 2005 - stark@suse.de + +- fixed some issues from security audit (#104195) + (is already upstream for 1.0.5 release) + +------------------------------------------------------------------- +Mon Aug 15 19:34:18 CEST 2005 - stark@suse.de + +- fix mysql creation script (#104752) + +------------------------------------------------------------------- +Sat Jun 18 19:37:56 CEST 2005 - stark@suse.de + +- update to version 1.0.4 + +------------------------------------------------------------------- +Sun Jun 5 00:36:51 CEST 2005 - stark@suse.de + +- update to version 1.0.3 +- link radiusd with -pie + +------------------------------------------------------------------- +Mon Apr 11 11:29:05 CEST 2005 - stark@suse.de + +- start daemon correctly (#75979) +- fixed packaging on x86-64 (#75979) + +------------------------------------------------------------------- +Wed Mar 2 07:19:27 CET 2005 - stark@suse.de + +- com_err.h patch not needed anymore +- modified spec-file to work with older distributions + +------------------------------------------------------------------- +Fri Feb 18 11:05:35 CET 2005 - stark@suse.de + +- enabled eDirectory support and added documentation + +------------------------------------------------------------------- +Thu Feb 17 08:34:12 CET 2005 - stark@suse.de + +- update to 1.0.2 + +------------------------------------------------------------------- +Sat Nov 27 13:44:09 CET 2004 - stark@suse.de + +- fixed installation of radeapclient (#48549) + +------------------------------------------------------------------- +Sat Nov 20 12:57:22 CET 2004 - stark@suse.de + +- don't use heimdal for distributions newer than 9.2 + +------------------------------------------------------------------- +Mon Nov 15 14:53:25 CET 2004 - kukuk@suse.de + +- Use common-* PAM configuration + +------------------------------------------------------------------- +Sat Oct 23 20:53:51 CEST 2004 - stark@suse.de + +- update to version 1.0.1 +- moved *.la files to devel package + +------------------------------------------------------------------- +Sat Aug 28 13:33:35 CEST 2004 - stark@suse.de + +- modify logrotate config (#44436) + +------------------------------------------------------------------- +Tue Aug 17 23:55:38 CEST 2004 - sndirsch@suse.de + +- fixed syntax error (Typo?) in init script + +------------------------------------------------------------------- +Fri Aug 13 07:10:34 CEST 2004 - stark@suse.de + +- added some sample scripts to documentation + +------------------------------------------------------------------- +Tue Aug 10 09:35:03 CEST 2004 - stark@suse.de + +- update to 1.0.0 + +------------------------------------------------------------------- +Thu Jun 24 00:03:59 CEST 2004 - ro@suse.de + +- update to 1.0.0pre3 (version set as 0.9.9) + +------------------------------------------------------------------- +Thu Feb 5 13:36:54 CET 2004 - stark@suse.de + +- disabled rlm_sql_iodbc and enabled rlm_sql_unixodb + +------------------------------------------------------------------- +Fri Jan 16 13:38:13 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Mon Jan 12 10:26:25 CET 2004 - adrian@suse.de + +- add %defattr + +------------------------------------------------------------------- +Fri Nov 28 06:56:46 CET 2003 - stark@suse.de + +- security update to 0.9.3 + * Fix a remote DoS and possible exploit due to mis-handling + of tagged attributes, and Tunnel-Password attribute. + +------------------------------------------------------------------- +Thu Oct 16 09:02:57 CEST 2003 - stark@suse.de + +- update to 0.9.2 + (see /usr/share/doc/packages/freeradius/ChangeLog) + +------------------------------------------------------------------- +Fri Aug 1 16:02:14 CEST 2003 - ro@suse.de + +- fix include path for com_err.h + +------------------------------------------------------------------- +Thu Jul 31 06:18:03 CEST 2003 - stark@suse.de + +- use stop/restart macros + +------------------------------------------------------------------- +Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de + +- use special user for running radiusd +- modify default configuration to work without changes + (Auth-Type = Local) +- added README.SuSE explaining about radiusd user + +------------------------------------------------------------------- +Mon Jul 21 08:56:54 CEST 2003 - stark@suse.de + +- update to 0.9.0 +- build against libiodbc to enable iodbc module + +------------------------------------------------------------------- +Wed Jun 4 19:47:02 CEST 2003 - schwab@suse.de + +- Add db-devel to neededforbuild. +- Don't use system libtool. +- Fix use of sort. +- Avoid running autoconf. + +------------------------------------------------------------------- +Tue Apr 15 23:46:08 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Mon Mar 3 18:20:50 CET 2003 - kukuk@suse.de + +- removed %ghost stuff from filelist + +------------------------------------------------------------------- +Fri Feb 7 13:31:05 CET 2003 - kukuk@suse.de + +- Use pam_unix2.so instead of pam_unix.so + +------------------------------------------------------------------- +Wed Jan 15 15:53:21 CET 2003 - ro@suse.de + +- use sasl2 + +------------------------------------------------------------------- +Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz + +- fixed multi-line string literals + +------------------------------------------------------------------- +Thu Dec 12 10:28:13 CET 2002 - stark@suse.de + +- update to 0.8.1 + * minor bugfixes + +------------------------------------------------------------------- +Mon Dec 2 07:20:10 CET 2002 - stark@suse.de + +- removed radwatch from package + +------------------------------------------------------------------- +Tue Nov 19 08:33:36 CET 2002 - stark@suse.de + +- update to 0.8 + * Support for Status-Server packets + * Fixed memory leak when proxying + * Round-robin load balancing when proxying + * Many bug fixes + * (/usr/share/doc/packages/ChangeLog) +- moved modules to /usr/lib/freeradius + +------------------------------------------------------------------- +Mon Aug 19 00:06:38 CEST 2002 - ro@suse.de + +- don't overwrite README's with each other + +------------------------------------------------------------------- +Fri Aug 16 09:06:03 CEST 2002 - stark@suse.de + +- added PreReq (Bug #17838) + +------------------------------------------------------------------- +Thu Jun 20 01:06:41 CEST 2002 - ro@suse.de + +- hack ltconfig for ppc64 + +------------------------------------------------------------------- +Mon Apr 8 11:11:56 CEST 2002 - stark@suse.de + +- fixed packaging on 64bit platforms +- added logrotate config +- added some sample scripts to doc-dir + +------------------------------------------------------------------- +Fri Mar 22 15:01:10 CET 2002 - stark@suse.de + +- update to 0.5 + * MS-CHAP and MS-CHAPv2 MPPE support, + * EAP/MD5 and experimental EAP/TLS, + * Experimental PHP web administration interface, + * Fixes for *BSD, + * Configurable database queries, executed per packet + (e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}), + * Fix logic bug which would cause occasional server crashes, + * Server-side quenching of DoS attacks, + * Experimental Python module, + * Aptis, Quintum, and Foundry dictionaries, + * Limited support for IPv6. + +------------------------------------------------------------------- +Mon Feb 25 16:19:26 CET 2002 - stark@suse.de + +- moved *.la back to main-package as it is needed for + dynamic loading of modules + +------------------------------------------------------------------- +Mon Feb 25 07:44:11 CET 2002 - stark@suse.de + +- added patch to work with heimdal-krb5 +- moved *.so to -devel package + +------------------------------------------------------------------- +Fri Feb 8 14:24:51 CET 2002 - stark@suse.de + +- deactivated kerberos support + (seems to be not compatible with heimdal :-() + +------------------------------------------------------------------- +Thu Feb 7 13:27:47 CET 2002 - stark@suse.de + +- changed heimdal libdir + +------------------------------------------------------------------- +Thu Dec 13 07:33:45 CET 2001 - stark@suse.de + +- update to 0.4 +- better use of fillup_and_insserv + +------------------------------------------------------------------- +Mon Dec 3 11:42:15 CET 2001 - stark@suse.de + +- don't use START_RADIUSD anymore +- make use of new fillup_and_insserv macro + +------------------------------------------------------------------- +Fri Oct 12 07:03:07 CEST 2001 - stark@suse.de + +- update to version 0.3 +- packed source-archive as bz2 +- branched package -> devel + +------------------------------------------------------------------- +Fri Aug 3 07:53:54 CEST 2001 - stark@suse.de + +- removed use of watcher-script +- removed config-check (-C) in init script + (it's not supported in freeradius) + +------------------------------------------------------------------- +Thu Aug 2 12:22:00 CEST 2001 - stark@suse.de + +- status fix in init script +- renamed pam-configfile: radius -> radiusd + +------------------------------------------------------------------- +Wed Aug 1 09:57:53 CEST 2001 - stark@suse.de + +- updated to 0.2 + +------------------------------------------------------------------- +Thu Jul 26 10:06:01 CEST 2001 - kukuk@suse.de + +- Fix needed for build + +------------------------------------------------------------------- +Tue Jul 10 15:05:52 CEST 2001 - stark@suse.de + +- added %{suse_update_config} + +------------------------------------------------------------------- +Sat Jun 23 20:52:07 CEST 2001 - schwab@suse.de + +- Fix preprocessor directives inside macro arguments. + +------------------------------------------------------------------- +Mon Jun 18 07:58:08 CEST 2001 - stark@suse.de + +- removed absolute paths from pam-config + +------------------------------------------------------------------- +Wed May 23 13:32:20 CEST 2001 - stark@suse.de + +- first official beta-version 0.1 + +------------------------------------------------------------------- +Wed Mar 21 13:11:34 CET 2001 - stark@suse.de + +- new snapshot 20010321 (pre-BETA) +- replaced start- and killproc to avoid problems with Kernel 2.4 + using the radwatch shell-script +- added built of LDAP and MySQL modules + +------------------------------------------------------------------- +Mon Jan 29 09:58:23 CET 2001 - stark@suse.de + +- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay + +------------------------------------------------------------------- +Mon Jan 15 10:52:42 CET 2001 - stark@suse.de + +- new snapshot 20010115 +- initial BETA package (sources are ALPHA!) + +------------------------------------------------------------------- +Thu Jan 4 13:32:26 CET 2001 - stark@suse.de + +- CVS snapshot 20010104 + diff --git a/freeradius-server.spec b/freeradius-server.spec new file mode 100644 index 0000000..88dfe4c --- /dev/null +++ b/freeradius-server.spec @@ -0,0 +1,787 @@ +# +# spec file for package freeradius-server (Version 2.0.1) +# +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +Name: freeradius-server +Version: 2.0.1 +Release: 2 +License: GPL v2 only; LGPL v2.1 only +Group: Productivity/Networking/Radius/Servers +Provides: radiusd +Provides: freeradius = %{version} +Obsoletes: freeradius < %{version} +Conflicts: radiusd-livingston radiusd-cistron icradius +Url: http://www.freeradius.org/ +Summary: Very Highly Configurable Radius Server +Source0: %{name}-%{version}.tar.bz2 +Source1: radqkstart.pdf +Source2: radadmin.pdf +Patch0: %{name}-%{version}-ltdl.patch +Patch1: %{name}-%{version}-dialup_admin.patch +Patch2: %{name}-%{version}-rcradiusd.patch +Patch3: %{name}-%{version}-strncat.patch +Patch4: %{name}-%{version}-conf_read.patch +PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd +PreReq: perl +PreReq: %insserv_prereq %fillup_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%define _oracle_support 0 +%define apxs2 apxs2-prefork +%define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) +Requires: %{name}-libs = %{version} +Requires: python +BuildRequires: db-devel e2fsprogs-devel gcc-c++ gdbm-devel gettext-devel glibc-devel libtool ncurses-devel +BuildRequires: libpcap net-snmp-devel openldap2-devel openssl-devel pam-devel perl postgresql-devel +BuildRequires: python-devel sed unixODBC-devel zlib-devel +BuildRequires: apache2-devel bind-libs cyrus-sasl-devel krb5-devel libapr1-devel libcom_err libmysqlclient-devel + +%description +The FreeRADIUS server has a number of features found in other servers +and additional features not found in any other server. The server's +features are: + +* Support for RFC and VSA attributes + +* Additional server configuration attributes + +* Selection of a particular configuration + +* Authentication methods + +* Accounting methods + + + +Authors: +-------- + Miquel van Smoorenburg + Alan DeKok + Mike Machado + Alan Curry + various other people + +%if %_oracle_support == 1 + +%package oracle +BuildRequires: oracle-instantclient-basic oracle-instantclient-devel +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS Oracle database support +Requires: oracle-instantclient-basic +Requires: %{name}-libs = %{version} +Requires: %{name} = %{version} + +%description oracle +The FreeRADIUS server has a number of features found in other servers, +and additional features not found in any other server. Rather than +doing a feature by feature comparison, we will simply list the features +of the server, and let you decide if they satisfy your needs. + +Support for RFC and VSA Attributes Additional server configuration +attributes Selecting a particular configuration Authentication methods +%endif + +%package libs +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS shared library + +%description libs +The FreeRADIUS shared library + + + +Authors: +-------- + Miquel van Smoorenburg + Alan DeKok + Mike Machado + Alan Curry + various other people + +%package utils +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS Clients +Requires: %{name}-libs = %{version} + +%description utils +The FreeRADIUS server has a number of features found in other servers +and additional features not found in any other server. The server's +features are: + +* Support for RFC and VSA attributes + +* Additional server configuration attributes + +* Selection of a particular configuration + +* Authentication methods + +* Accounting methods + + + +Authors: +-------- + Miquel van Smoorenburg + Alan DeKok + Mike Machado + Alan Curry + various other people + +%package dialupadmin +Group: Productivity/Networking/Radius/Servers +Summary: Web management for FreeRADIUS +Requires: http_daemon mod_php_any php +Requires: php-ldap php-mysql perl-DateManip +Requires: php-pgsql php-session + +%description dialupadmin +Dialup Admin supports users either in SQL (MySQL or PostgreSQL are +supported) or in LDAP. Apart from the web pages, it also includes a +number of scripts to make the administrator's life a lot easier. + + + +Authors: +-------- + Kostas Kalevras + Basilis Pappas + Panagiotis Christias + Thanasis Duitsis + +%package devel +Group: Development/Libraries/C and C++ +Summary: FreeRADIUS Development Files (static libs) +Requires: %{name}-libs = %{version} + +%description devel +These are the static libraries for the FreeRADIUS package. + + + +Authors: +-------- + Miquel van Smoorenburg + Alan DeKok + Mike Machado + Alan Curry + various other people + +%package doc +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS Documentation +Requires: %{name} + +%description doc +FreeRADIUS Documentation + + + +Authors: +-------- + Miquel van Smoorenburg + Alan DeKok + Mike Machado + Alan Curry + various other people + +%prep +%setup -q +%patch0 +%patch1 +%patch2 +%patch3 +%patch4 +mkdir novell +cp -f %{SOURCE1} %{SOURCE2} novell/ + +%build +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fstack-protector" +%ifarch x86_64 ppc ppc64 s390 s390x +export CFLAGS="$CFLAGS -fPIC -DPIC" +%endif +export LDFLAGS="-pie" +%configure \ + --libdir=%{_libdir}/freeradius \ + --disable-ltdl-install \ + --enable-strict-dependencies \ + --with-edir \ + --with-experimental-modules \ + --with-gnu-ld \ + --with-system-libtool \ + --with-udpfromto \ + --without-rlm_eap_ikev2 \ + --with-rlm-krb5-lib-dir=%{_libdir} \ + --without-rlm_opendirectory \ + --without-rlm_sql_db2 \ + --without-rlm_sql_firebird \ + --without-rlm_sql_iodbc \ +%if %{_oracle_support} == 1 + --with-rlm_sql_oracle \ + --with-oracle-lib-dir=%{_libdir}/oracle/10.1.0.3/client/lib/ +%else + --without-rlm_sql_oracle +%endif +# no parallel build possible +make + +%install +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/radiusd +make install R=$RPM_BUILD_ROOT INSTALLSTRIP= +# modify default configuration +RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb +perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf +perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf +perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radrelay.conf +perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radrelay.conf +/sbin/ldconfig -n $RPM_BUILD_ROOT%{_libdir}/freeradius +# logs +touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radutmp +touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radius.log +# SuSE +install -d $RPM_BUILD_ROOT%{_sysconfdir}/pam.d +install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -m 644 suse/radiusd-pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/radiusd +install -m 644 suse/radiusd-logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/radiusd +install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/init.d +install -m 744 suse/rcradiusd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius +ln -sf ../..%{_sysconfdir}/init.d/freeradius $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius +cp $RPM_BUILD_ROOT%{_sbindir}/radiusd $RPM_BUILD_ROOT%{_sbindir}/radrelay +install -m 744 suse/rcradius-relayd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius-relay +ln -sf ../..%{_sysconfdir}/init.d/freeradius-relay $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius-relay +mv -v doc/README doc/README.doc +# install dialup_admin +DIALUPADMIN=$RPM_BUILD_ROOT%{_datadir}/dialup_admin +mkdir -p $DIALUPADMIN +cp -r dialup_admin/* $RPM_BUILD_ROOT%{_datadir}/dialup_admin +# apache2 config +install -d -m 755 $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d +install -m 644 suse/admin-httpd.conf $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d/radius.conf +# remove unneeded stuff +rm -rf doc/00-OLD +rm -f $RPM_BUILD_ROOT%{_sbindir}/rc.radiusd +rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/freeradius* +rm -rf $RPM_BUILD_ROOT%{_libdir}/freeradius/*.la +rm -f $RPM_BUILD_ROOT%{_datadir}/dialup_admin/Makefile +rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/Makefile +rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/examples/Makefile + +%pre +%{_sbindir}/groupadd -r radiusd 2> /dev/null || : +%{_sbindir}/useradd -r -g radiusd -s /bin/false -c "Radius daemon" -d \ + %{_localstatedir}/lib/radiusd radiusd 2> /dev/null || : + +%post +%{fillup_and_insserv -s freeradius START_RADIUSD } + +%preun +%stop_on_removal freeradius + +%postun +%restart_on_update freeradius +%insserv_cleanup + +%clean +rm -rf $RPM_BUILD_ROOT + +%files doc +%defattr(-,root,root) +%doc doc/* + +%files +%defattr(-,root,root) +# doc +%doc suse/README.SuSE +%doc COPYRIGHT CREDITS LICENSE README doc/ChangeLog +#%doc scripts/create-users.pl scripts/CA.* scripts/certs.sh +#%doc scripts/users2mysql.pl scripts/xpextensions +#%doc scripts/cryptpasswd scripts/exec-program-wait scripts/radiusd2ldif.pl +# SuSE +%{_sysconfdir}/init.d/freeradius +%{_sysconfdir}/init.d/freeradius-relay +%config %{_sysconfdir}/pam.d/radiusd +%config %{_sysconfdir}/logrotate.d/radiusd +%{_sbindir}/rcfreeradius +%{_sbindir}/rcfreeradius-relay +%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd +# configs +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb +%defattr(-,root,radiusd) +%config(noreplace) %{_sysconfdir}/raddb/dictionary +%config(noreplace) %{_sysconfdir}/raddb/acct_users +%config(noreplace) %{_sysconfdir}/raddb/attrs +%config(noreplace) %{_sysconfdir}/raddb/attrs.access_reject +%config(noreplace) %{_sysconfdir}/raddb/attrs.accounting_response +%config(noreplace) %{_sysconfdir}/raddb/attrs.pre-proxy +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/clients.conf +%config(noreplace) %{_sysconfdir}/raddb/hints +%config(noreplace) %{_sysconfdir}/raddb/huntgroups +%config(noreplace) %{_sysconfdir}/raddb/ldap.attrmap +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sqlippool.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/preproxy_users +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/proxy.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/radiusd.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/snmp.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql.conf +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mssql +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mysql +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/oracle +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/postgresql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.sql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/users +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/experimental.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/otp.conf +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/certs +%{_sysconfdir}/raddb/certs/Makefile +%{_sysconfdir}/raddb/certs/README +%{_sysconfdir}/raddb/certs/xpextensions +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf +%attr(750,root,radiusd) %{_sysconfdir}/raddb/certs/bootstrap +%attr(750,root,radiusd) %config %{_sysconfdir}/raddb/sites-available/example +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available +%attr(640,root,radiusd) %{_sysconfdir}/raddb/sites-available/* +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-enabled +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-enabled/* +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/eap.conf +%attr(640,root,radiusd) %{_sysconfdir}/raddb/example.pl +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.conf +%{_sysconfdir}/raddb/policy.txt +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/templates.conf +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/run/radiusd/ +# binaries +%defattr(-,root,root) +%{_sbindir}/check-radiusd-config +%{_sbindir}/checkrad +%{_sbindir}/radiusd +%{_sbindir}/radrelay +%{_sbindir}/radwatch +# man-pages +%doc %{_mandir}/man1/* +%doc %{_mandir}/man5/* +%doc %{_mandir}/man8/* +# dictionaries +%attr(755,root,root) %dir %{_datadir}/freeradius +%{_datadir}/freeradius/* +# logs +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/ +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/radacct/ +%attr(644,radiusd,radiusd) %{_localstatedir}/log/radius/radutmp +%config(noreplace) %attr(600,radiusd,radiusd) /var/log/radius/radius.log +# RADIUS Loadable Modules +%attr(755,root,root) %dir %{_libdir}/freeradius +%attr(755,root,root) %{_libdir}/freeradius/rlm_*.so* + +%files utils +%defattr(-,root,root) +%{_bindir}/* + +%files libs +# RADIUS shared libs +%attr(755,root,root) %dir %{_libdir}/freeradius +%attr(755,root,root) %{_libdir}/freeradius/lib*.so* +%if %{_oracle_support} == 1 + +%files oracle +%defattr(-,root,root) +%attr(755,root,root) %dir %{_libdir}/freeradius +%attr(755,root,root) %{_libdir}/freeradius/rlm_sql_oracle*.so* +%endif + +%files dialupadmin +%defattr(-,root,root) +%dir %{_datadir}/dialup_admin/ +%{_datadir}/dialup_admin/bin/ +%{_datadir}/dialup_admin/doc/ +%{_datadir}/dialup_admin/htdocs/ +%{_datadir}/dialup_admin/html/ +%{_datadir}/dialup_admin/lib/ +%{_datadir}/dialup_admin/sql/ +%dir %{_datadir}/dialup_admin/conf/ +%config(noreplace) %{_datadir}/dialup_admin/conf/* +%config(noreplace) %{apache2_sysconfdir}/conf.d/radius.conf +%{_datadir}/dialup_admin/Changelog +%{_datadir}/dialup_admin/README + +%files devel +%defattr(-,root,root) +%attr(644,root,root) %{_libdir}/freeradius/*.a +#%attr(644,root,root) %{_libdir}/freeradius/*.la +%dir %attr(755,root,root) %{_includedir}/freeradius +%attr(644,root,root) %{_includedir}/freeradius/*.h + +%changelog +* Tue Jan 29 2008 prusnak@suse.cz +- replace obsoleted call to conf_read with cf_file_read (conf_read.patch) +- split off -doc subpackage +* Thu Jan 24 2008 prusnak@suse.cz +- fix strncat usage (strncat.patch) +* Tue Jan 22 2008 prusnak@suse.cz +- updated to 2.0.1 + * improve unlang + * update acct_module + * fix parsing of syslog logging + * minor fixes over 2.0.0 +* Tue Jan 22 2008 prusnak@suse.cz +- renamed to freeradius-server (to follow upstream change) +- updated to 2.0.0: + o Feature improvements + * Debugging mode is much clearer and easier to read. + * A new policy language makes many configurations trivial. + See "man unlang" for a complete description. + * Virtual servers are now supported. This permits clear separation + of policies. See raddb/sites-available/README + * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work". + See raddb/certs/README for details. + * Proxying is much more configurable than before. + See proxy.conf for documentation on pools, and new config items. + * Full support for IPv6. + * Much more complete support for the RADIUS SNMP MIBs. + * HUP now works. Only some modules are re-loaded, + and the server configuation is *not* reloaded. + * "check config" option now works. See "man radiusd" + * radrelay functionality is now included in the server core. + See raddb/sites-available/copy-acct-to-home-server + * VMPS support. It is minimal, but functional. + * Cleaned up internal API's and names, including library names. + o Bug fixes + * Many. +- removed obsolete patch: + * type_punning.patch +* Tue Dec 04 2007 prusnak@suse.cz +- remove openldap2 from BuildRequires +* Tue Nov 06 2007 prusnak@suse.cz +- updated to 1.1.7 + Feature Improvements + * Updated LDAP documentation. + * Added note on DH parameters in eap.conf, and debugging messages + which complain if DH is used, but not configured properly. + * Updated the Mikrotik dictionary. Added a note that the sample + dictionary they supply is broken. + * Output more information on blocked threads, which should help + narrow down which modules is causing the problem. + * Added more eDirectory support. + * rlm_ldap now prints out attributes in the standard format + * Enabled server-side handling of procedures in MySQL + Bug Fixes + * Added NT-Hash support for mschap_xlat. + * Corrected documentation to point to correct location of files. + * Checks for more recent FreeBSD versions. + * uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes. + * Use correct value for authentication name in rlm_mschap. + * Fix over-ride for usernames when use_tunneled_reply = yes. +* Fri Apr 20 2007 pth@suse.de +- Update to 1.1.6. Changes since 1.1.3: + Feature improvements + * Added dictionary.rfc4372 (Chargeable User Identity) + * Added dictionary.rfc4675 (VLAN and Priority) + * Added dictionary.rfc4679 (ADSL Forum) + NOTE some name differences from the RFC, due to dictionary.redback + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Added more dictionaries + * Dictionary files now MUST NOT be globally writable. + * Configuration files now MUST NOT be globally readable, + or globally writable. + * Be more aggressive about freeing memory on clean exit. + This helps track down run-time leaks. + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Major enhancements to rlm_pap, that make "encryption_scheme" + a thing of the past. See "man rlm_pap" for details. + * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use + work-arounds that enable Windows Vista clients to work. + * Added preliminary code to support Firebird. + Use at your own risk! + * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more + platforms. + * Add a new "reply-name" directive in rlm_sqlcounter to define the + name of the reply attribute. + * Added more dictionaries and attributes + * Print ntlm_auth failure reason in Module-Failure-Message + * radsqlrelay is able to get the DB password from a file instead + of command line. + Bug fixes + * Corrected typo in rlm_pap.c + * Corrected typo in src/main/auth.c + * Suppress SSL error messages if error is zero. + * Don't complain about "Error in read client certificate A" + if we expect to read it in the next packet. Fix based on patch + by Dan Lukes. + * Corrected nearly 30 bugs found by Coverity + See also http://scan.coverity.com + * Don't die on HUP. Instead leak memory (sorry). After a few + hundred HUP's, the server will have leaked a few megabytes of + memory, and you should probably re-start it. It's ugly, but + better than dying. + * Corrected a few double free's + * Corrected typo in radrelay, which prevented it from working + * Made Firebird module build + * Fixed bug in PostgreSQL module that caused server crash. + * Fixed bug in SQL module that could cause server to crash. + * Corrected base64 decoding in rlm_pap + * Don't retransmit accounting packets. The NAS should do this. + * Handle Client-Error in EAP-SIM. + * Port OpenSSL locking fixes from CVS head. This makes PEAP + more stable on some systems. + * Require Message-Authenticator in Status-Server packets + * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868 + * Be more aggressibe about freeing memory on clean exit. + This isn't strictly a bug fix, but it makes it easier to + find memory leaks + * Increase buffer size for dynamic expansion, which allows + longer SQL qeuries. + * Use correct line number when there's a parse error in one + of the configuration sections. + * Terminate SSL sessions in EAP on error, rather than continuing + in some cases. + * Increase buffer size to allow parsing of long octet strings + * Fix string termination on xlat in rlm_perl + * Fix a parse error in the digest module, where malformed + digest requests would result in the user being accepted. Oops... + * VALUEs can only be defined for 'integer', to catch mistakes + with setting VALUEs for type 'string'. + * Better parsing of VALUE names, so that values starting with + a digit work correctly. + * Check return from malloc. + * Fix a double free() in rlm_eap_tls.c + * Check return code of malloc() during initialization. + * Fix a corner case where the proxy port isn't set either in + radiusd.conf or in proxy.conf. +* Mon Mar 26 2007 rguenther@suse.de +- add gdbm-devel BuildRequires +* Sun Feb 11 2007 ro@suse.de +- one oversight in last change, build tested +* Sun Feb 11 2007 ro@suse.de +- fix build as non-root +* Mon Sep 04 2006 kukuk@suse.de +- Make sure that pam_nologin.so will always be executed. +* Wed Aug 23 2006 stark@suse.de +- update to version 1.1.3 + * autoconf updates + * More dictionary updates + * Security and portability fixes to rlm_otp + * Miscellaneous bug fixes +* Mon Jun 05 2006 stark@suse.de +- update to version 1.1.2 + * Allow tagged VSA's for Juniper. + * Allow Ascend "abinary" format to be specified as octets, + (e.g. Ascend-Data-Filter = 0x010203...) + * Added "cipher_list" configuration to the EAP-TLS module. + See "eap.conf" and "man 1 cipher" for details. + * Added "check_cert_issuer" configuration to the EAP-TLS module. + See "eap.conf" for details. + * Added "suppress" configuration entry to rlm_detail, + to suppress certain attributes (e.g. User-Password). + * Write SSL errors to log file, rather than stderr. + * Allow a core dump on uid change on Linux + * Bugfixes +* Wed May 24 2006 schwab@suse.de +- Don't strip binaries. +* Tue Mar 28 2006 stark@suse.de +- fixed an error on x86_64 machines when reading dictionaries + (#161503) +- make "use_tunneled_reply" work properly for PEAP +* Mon Mar 27 2006 ro@suse.de +- also use fPIC on s390* +* Thu Mar 23 2006 stark@suse.de +- fixed validation issue with the EAP-MSCHAPv2 module (#160249) +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 20 2006 stark@suse.de +- fixed directory permissions (#141153) +* Thu Jan 19 2006 ro@suse.de +- changed php requires to generic ones (for php5) +* Sat Jan 14 2006 stark@suse.de +- use --with-udpfromto useful for systems with multiple addresses +* Thu Jan 12 2006 stark@suse.de +- update to version 1.1.0 +* Wed Jan 11 2006 stark@suse.de +- adding stack-protector to CFLAGS +- don't package *.la files for now (#141207) +* Wed Dec 21 2005 stark@suse.de +- fixed realloc() in rlm_pam +* Tue Nov 15 2005 stark@suse.de +- moved dialup_admin to subpackage and integrate it into + Apache 2 configuration +* Mon Sep 26 2005 ro@suse.de +- added LDAP_DEPRECATED to CFLAGS +* Fri Sep 23 2005 stark@suse.de +- update to version 1.0.5 +- updated eDirectory integration documentation +* Fri Sep 23 2005 ro@suse.de +- fix build-dir references in .la files +* Tue Aug 30 2005 stark@suse.de +- fixed some issues from security audit (#104195) + (is already upstream for 1.0.5 release) +* Mon Aug 15 2005 stark@suse.de +- fix mysql creation script (#104752) +* Sat Jun 18 2005 stark@suse.de +- update to version 1.0.4 +* Sun Jun 05 2005 stark@suse.de +- update to version 1.0.3 +- link radiusd with -pie +* Mon Apr 11 2005 stark@suse.de +- start daemon correctly (#75979) +- fixed packaging on x86-64 (#75979) +* Wed Mar 02 2005 stark@suse.de +- com_err.h patch not needed anymore +- modified spec-file to work with older distributions +* Fri Feb 18 2005 stark@suse.de +- enabled eDirectory support and added documentation +* Thu Feb 17 2005 stark@suse.de +- update to 1.0.2 +* Sat Nov 27 2004 stark@suse.de +- fixed installation of radeapclient (#48549) +* Sat Nov 20 2004 stark@suse.de +- don't use heimdal for distributions newer than 9.2 +* Mon Nov 15 2004 kukuk@suse.de +- Use common-* PAM configuration +* Sat Oct 23 2004 stark@suse.de +- update to version 1.0.1 +- moved *.la files to devel package +* Sat Aug 28 2004 stark@suse.de +- modify logrotate config (#44436) +* Wed Aug 18 2004 sndirsch@suse.de +- fixed syntax error (Typo?) in init script +* Fri Aug 13 2004 stark@suse.de +- added some sample scripts to documentation +* Tue Aug 10 2004 stark@suse.de +- update to 1.0.0 +* Thu Jun 24 2004 ro@suse.de +- update to 1.0.0pre3 (version set as 0.9.9) +* Thu Feb 05 2004 stark@suse.de +- disabled rlm_sql_iodbc and enabled rlm_sql_unixodb +* Fri Jan 16 2004 kukuk@suse.de +- Add pam-devel to neededforbuild +* Mon Jan 12 2004 adrian@suse.de +- add %%defattr +* Fri Nov 28 2003 stark@suse.de +- security update to 0.9.3 + * Fix a remote DoS and possible exploit due to mis-handling + of tagged attributes, and Tunnel-Password attribute. +* Thu Oct 16 2003 stark@suse.de +- update to 0.9.2 + (see /usr/share/doc/packages/freeradius/ChangeLog) +* Fri Aug 01 2003 ro@suse.de +- fix include path for com_err.h +* Thu Jul 31 2003 stark@suse.de +- use stop/restart macros +* Wed Jul 23 2003 stark@suse.de +- use special user for running radiusd +- modify default configuration to work without changes + (Auth-Type = Local) +- added README.SuSE explaining about radiusd user +* Mon Jul 21 2003 stark@suse.de +- update to 0.9.0 +- build against libiodbc to enable iodbc module +* Wed Jun 04 2003 schwab@suse.de +- Add db-devel to neededforbuild. +- Don't use system libtool. +- Fix use of sort. +- Avoid running autoconf. +* Wed Apr 16 2003 ro@suse.de +- fixed neededforbuild +* Mon Mar 03 2003 kukuk@suse.de +- removed %%ghost stuff from filelist +* Fri Feb 07 2003 kukuk@suse.de +- Use pam_unix2.so instead of pam_unix.so +* Wed Jan 15 2003 ro@suse.de +- use sasl2 +* Tue Jan 14 2003 nadvornik@suse.cz +- fixed multi-line string literals +* Thu Dec 12 2002 stark@suse.de +- update to 0.8.1 + * minor bugfixes +* Mon Dec 02 2002 stark@suse.de +- removed radwatch from package +* Tue Nov 19 2002 stark@suse.de +- update to 0.8 + * Support for Status-Server packets + * Fixed memory leak when proxying + * Round-robin load balancing when proxying + * Many bug fixes + * (/usr/share/doc/packages/ChangeLog) +- moved modules to /usr/lib/freeradius +* Mon Aug 19 2002 ro@suse.de +- don't overwrite README's with each other +* Fri Aug 16 2002 stark@suse.de +- added PreReq (Bug #17838) +* Thu Jun 20 2002 ro@suse.de +- hack ltconfig for ppc64 +* Mon Apr 08 2002 stark@suse.de +- fixed packaging on 64bit platforms +- added logrotate config +- added some sample scripts to doc-dir +* Fri Mar 22 2002 stark@suse.de +- update to 0.5 + * MS-CHAP and MS-CHAPv2 MPPE support, + * EAP/MD5 and experimental EAP/TLS, + * Experimental PHP web administration interface, + * Fixes for *BSD, + * Configurable database queries, executed per packet + (e.g. %%{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%%u}), + * Fix logic bug which would cause occasional server crashes, + * Server-side quenching of DoS attacks, + * Experimental Python module, + * Aptis, Quintum, and Foundry dictionaries, + * Limited support for IPv6. +* Mon Feb 25 2002 stark@suse.de +- moved *.la back to main-package as it is needed for + dynamic loading of modules +* Mon Feb 25 2002 stark@suse.de +- added patch to work with heimdal-krb5 +- moved *.so to -devel package +* Fri Feb 08 2002 stark@suse.de +- deactivated kerberos support + (seems to be not compatible with heimdal :-() +* Thu Feb 07 2002 stark@suse.de +- changed heimdal libdir +* Thu Dec 13 2001 stark@suse.de +- update to 0.4 +- better use of fillup_and_insserv +* Mon Dec 03 2001 stark@suse.de +- don't use START_RADIUSD anymore +- make use of new fillup_and_insserv macro +* Fri Oct 12 2001 stark@suse.de +- update to version 0.3 +- packed source-archive as bz2 +- branched package -> devel +* Fri Aug 03 2001 stark@suse.de +- removed use of watcher-script +- removed config-check (-C) in init script + (it's not supported in freeradius) +* Thu Aug 02 2001 stark@suse.de +- status fix in init script +- renamed pam-configfile: radius -> radiusd +* Wed Aug 01 2001 stark@suse.de +- updated to 0.2 +* Thu Jul 26 2001 kukuk@suse.de +- Fix needed for build +* Tue Jul 10 2001 stark@suse.de +- added %%{suse_update_config} +* Sat Jun 23 2001 schwab@suse.de +- Fix preprocessor directives inside macro arguments. +* Mon Jun 18 2001 stark@suse.de +- removed absolute paths from pam-config +* Wed May 23 2001 stark@suse.de +- first official beta-version 0.1 +* Wed Mar 21 2001 stark@suse.de +- new snapshot 20010321 (pre-BETA) +- replaced start- and killproc to avoid problems with Kernel 2.4 + using the radwatch shell-script +- added built of LDAP and MySQL modules +* Mon Jan 29 2001 stark@suse.de +- %%files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay +* Mon Jan 15 2001 stark@suse.de +- new snapshot 20010115 +- initial BETA package (sources are ALPHA!) +* Thu Jan 04 2001 stark@suse.de +- CVS snapshot 20010104 diff --git a/radadmin.pdf b/radadmin.pdf new file mode 100644 index 0000000..8049c04 --- /dev/null +++ b/radadmin.pdf @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e1abcf10cd89bc4f314bf537a2e1ddb071d471db3f4cdc67966998fe722d6d45 +size 647389 diff --git a/radqkstart.pdf b/radqkstart.pdf new file mode 100644 index 0000000..d4cca55 --- /dev/null +++ b/radqkstart.pdf @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0cfd1329edbae1296bd1250f52bc569da0cf277b84b21cc80b4528179e5f7745 +size 207020 diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4