869 lines
32 KiB
RPMSpec
869 lines
32 KiB
RPMSpec
#
|
|
# spec file for package freeradius-server (Version 2.0.3)
|
|
#
|
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
# This file and all modifications and additions to the pristine
|
|
# package are under the same license as the package itself.
|
|
#
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
|
|
Name: freeradius-server
|
|
Version: 2.0.3
|
|
Release: 20
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Provides: radiusd
|
|
Provides: freeradius = %{version}
|
|
Obsoletes: freeradius < %{version}
|
|
Conflicts: radiusd-livingston radiusd-cistron icradius
|
|
Url: http://www.freeradius.org/
|
|
Summary: Very Highly Configurable Radius Server
|
|
Source: %{name}-%{version}.tar.bz2
|
|
Patch0: %{name}-%{version}-ltdl.patch
|
|
Patch1: %{name}-%{version}-dialup_admin.patch
|
|
Patch2: %{name}-%{version}-rcradiusd.patch
|
|
Patch3: %{name}-%{version}-raddb.patch
|
|
Patch4: %{name}-%{version}-codecleanup.patch
|
|
Patch5: %{name}-%{version}-event-fifo-threads.patch
|
|
PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd
|
|
PreReq: perl
|
|
PreReq: %insserv_prereq %fillup_prereq
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
%define _oracle_support 0
|
|
%define apxs2 apxs2-prefork
|
|
%define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR)
|
|
Requires: %{name}-libs = %{version}
|
|
Requires: python perl
|
|
BuildRequires: db-devel e2fsprogs-devel gcc-c++ gdbm-devel gettext-devel glibc-devel libtool ncurses-devel
|
|
BuildRequires: libpcap-devel net-snmp-devel openldap2-devel openssl-devel pam-devel perl postgresql-devel
|
|
BuildRequires: python-devel sed sqlite3-devel unixODBC-devel zlib-devel
|
|
BuildRequires: apache2-devel bind-libs cyrus-sasl-devel krb5-devel libapr1-devel libcom_err libmysqlclient-devel
|
|
|
|
%description
|
|
The FreeRADIUS server has a number of features found in other servers
|
|
and additional features not found in any other server. The server's
|
|
features are:
|
|
|
|
* Support for RFC and VSA attributes
|
|
|
|
* Additional server configuration attributes
|
|
|
|
* Selection of a particular configuration
|
|
|
|
* Authentication methods
|
|
|
|
* Accounting methods
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Miquel van Smoorenburg <miquels@cistron.nl>
|
|
Alan DeKok <aland@ox.org>
|
|
Mike Machado <mike@innercite.com>
|
|
Alan Curry
|
|
various other people
|
|
|
|
%if %_oracle_support == 1
|
|
|
|
%package oracle
|
|
|
|
BuildRequires: oracle-instantclient-basic oracle-instantclient-devel
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Summary: FreeRADIUS Oracle database support
|
|
Requires: oracle-instantclient-basic
|
|
Requires: %{name}-libs = %{version}
|
|
Requires: %{name} = %{version}
|
|
|
|
%description oracle
|
|
The FreeRADIUS server has a number of features found in other servers,
|
|
and additional features not found in any other server. Rather than
|
|
doing a feature by feature comparison, we will simply list the features
|
|
of the server, and let you decide if they satisfy your needs.
|
|
|
|
Support for RFC and VSA Attributes Additional server configuration
|
|
attributes Selecting a particular configuration Authentication methods
|
|
%endif
|
|
|
|
%package libs
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Summary: FreeRADIUS shared library
|
|
|
|
%description libs
|
|
The FreeRADIUS shared library
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Miquel van Smoorenburg <miquels@cistron.nl>
|
|
Alan DeKok <aland@ox.org>
|
|
Mike Machado <mike@innercite.com>
|
|
Alan Curry
|
|
various other people
|
|
|
|
%package utils
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Summary: FreeRADIUS Clients
|
|
Requires: %{name}-libs = %{version}
|
|
|
|
%description utils
|
|
The FreeRADIUS server has a number of features found in other servers
|
|
and additional features not found in any other server. The server's
|
|
features are:
|
|
|
|
* Support for RFC and VSA attributes
|
|
|
|
* Additional server configuration attributes
|
|
|
|
* Selection of a particular configuration
|
|
|
|
* Authentication methods
|
|
|
|
* Accounting methods
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Miquel van Smoorenburg <miquels@cistron.nl>
|
|
Alan DeKok <aland@ox.org>
|
|
Mike Machado <mike@innercite.com>
|
|
Alan Curry
|
|
various other people
|
|
|
|
%package dialupadmin
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Summary: Web management for FreeRADIUS
|
|
Requires: http_daemon mod_php_any php
|
|
Requires: php-ldap php-mysql perl-DateManip
|
|
Requires: php-pgsql php-session
|
|
|
|
%description dialupadmin
|
|
Dialup Admin supports users either in SQL (MySQL or PostgreSQL are
|
|
supported) or in LDAP. Apart from the web pages, it also includes a
|
|
number of scripts to make the administrator's life a lot easier.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Kostas Kalevras <kkalev at noc.ntua.gr>
|
|
Basilis Pappas <vpappas at noc.ntua.gr>
|
|
Panagiotis Christias <christia at noc.ntua.gr>
|
|
Thanasis Duitsis <aduitsis at noc.ntua.gr>
|
|
|
|
%package devel
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Development/Libraries/C and C++
|
|
Summary: FreeRADIUS Development Files (static libs)
|
|
Requires: %{name}-libs = %{version}
|
|
|
|
%description devel
|
|
These are the static libraries for the FreeRADIUS package.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Miquel van Smoorenburg <miquels@cistron.nl>
|
|
Alan DeKok <aland@ox.org>
|
|
Mike Machado <mike@innercite.com>
|
|
Alan Curry
|
|
various other people
|
|
|
|
%package doc
|
|
License: GPL v2 only; LGPL v2.1 only
|
|
Group: Productivity/Networking/Radius/Servers
|
|
Summary: FreeRADIUS Documentation
|
|
Requires: %{name}
|
|
|
|
%description doc
|
|
This package contains FreeRADIUS Documentation
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Miquel van Smoorenburg <miquels@cistron.nl>
|
|
Alan DeKok <aland@ox.org>
|
|
Mike Machado <mike@innercite.com>
|
|
Alan Curry
|
|
various other people
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch0
|
|
%patch1
|
|
%patch2
|
|
%patch3
|
|
%patch4
|
|
%patch5
|
|
|
|
%build
|
|
#export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fstack-protector"
|
|
export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED -fstack-protector"
|
|
%ifarch x86_64 ppc ppc64 s390 s390x
|
|
export CFLAGS="$CFLAGS -fPIC -DPIC"
|
|
%endif
|
|
export LDFLAGS="-pie"
|
|
%configure \
|
|
--libdir=%{_libdir}/freeradius \
|
|
--disable-ltdl-install \
|
|
--enable-strict-dependencies \
|
|
--with-edir \
|
|
--with-experimental-modules \
|
|
--with-gnu-ld \
|
|
--with-system-libtool \
|
|
--with-udpfromto \
|
|
--without-rlm_eap_ikev2 \
|
|
--with-rlm-krb5-lib-dir=%{_libdir} \
|
|
--without-rlm_opendirectory \
|
|
--without-rlm_sql_db2 \
|
|
--without-rlm_sql_firebird \
|
|
--without-rlm_sql_iodbc \
|
|
%if %{_oracle_support} == 1
|
|
--with-rlm_sql_oracle \
|
|
--with-oracle-lib-dir=%{_libdir}/oracle/10.1.0.3/client/lib/
|
|
%else
|
|
--without-rlm_sql_oracle
|
|
%endif
|
|
# no parallel build possible
|
|
make
|
|
|
|
%install
|
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/radiusd
|
|
make install R=$RPM_BUILD_ROOT INSTALLSTRIP=
|
|
# modify default configuration
|
|
RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb
|
|
perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf
|
|
perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
|
|
perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radrelay.conf
|
|
perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radrelay.conf
|
|
/sbin/ldconfig -n $RPM_BUILD_ROOT%{_libdir}/freeradius
|
|
# logs
|
|
touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radutmp
|
|
touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radius.log
|
|
# SuSE
|
|
install -d $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
|
|
install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
|
|
install -m 644 suse/radiusd-pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/radiusd
|
|
install -m 644 suse/radiusd-logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/radiusd
|
|
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/init.d
|
|
install -m 744 suse/rcradiusd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius
|
|
ln -sf ../..%{_sysconfdir}/init.d/freeradius $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius
|
|
cp $RPM_BUILD_ROOT%{_sbindir}/radiusd $RPM_BUILD_ROOT%{_sbindir}/radrelay
|
|
install -m 744 suse/rcradius-relayd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius-relay
|
|
ln -sf ../..%{_sysconfdir}/init.d/freeradius-relay $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius-relay
|
|
mv -v doc/README doc/README.doc
|
|
# install dialup_admin
|
|
DIALUPADMIN=$RPM_BUILD_ROOT%{_datadir}/dialup_admin
|
|
mkdir -p $DIALUPADMIN
|
|
cp -r dialup_admin/* $RPM_BUILD_ROOT%{_datadir}/dialup_admin
|
|
# apache2 config
|
|
install -d -m 755 $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d
|
|
install -m 644 suse/admin-httpd.conf $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d/radius.conf
|
|
# remove unneeded stuff
|
|
rm -rf doc/00-OLD
|
|
rm -f $RPM_BUILD_ROOT%{_sbindir}/rc.radiusd
|
|
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/freeradius*
|
|
rm -rf $RPM_BUILD_ROOT%{_libdir}/freeradius/*.la
|
|
rm -f $RPM_BUILD_ROOT%{_datadir}/dialup_admin/Makefile
|
|
rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/Makefile
|
|
rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/examples/Makefile
|
|
|
|
%pre
|
|
%{_sbindir}/groupadd -r radiusd 2> /dev/null || :
|
|
%{_sbindir}/useradd -r -g radiusd -s /bin/false -c "Radius daemon" -d \
|
|
%{_localstatedir}/lib/radiusd radiusd 2> /dev/null || :
|
|
|
|
%post
|
|
%{fillup_and_insserv -s freeradius START_RADIUSD }
|
|
|
|
%preun
|
|
%stop_on_removal freeradius
|
|
|
|
%postun
|
|
%restart_on_update freeradius
|
|
%insserv_cleanup
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files doc
|
|
%defattr(-,root,root)
|
|
%doc doc/*
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
# doc
|
|
%doc suse/README.SuSE
|
|
%doc COPYRIGHT CREDITS LICENSE README doc/ChangeLog
|
|
#%doc scripts/create-users.pl scripts/CA.* scripts/certs.sh
|
|
#%doc scripts/users2mysql.pl scripts/xpextensions
|
|
#%doc scripts/cryptpasswd scripts/exec-program-wait scripts/radiusd2ldif.pl
|
|
# SuSE
|
|
%{_sysconfdir}/init.d/freeradius
|
|
%{_sysconfdir}/init.d/freeradius-relay
|
|
%config %{_sysconfdir}/pam.d/radiusd
|
|
%config %{_sysconfdir}/logrotate.d/radiusd
|
|
%{_sbindir}/rcfreeradius
|
|
%{_sbindir}/rcfreeradius-relay
|
|
%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
|
|
# configs
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb
|
|
%defattr(-,root,radiusd)
|
|
%config(noreplace) %{_sysconfdir}/raddb/dictionary
|
|
%config(noreplace) %{_sysconfdir}/raddb/acct_users
|
|
%config(noreplace) %{_sysconfdir}/raddb/attrs
|
|
%config(noreplace) %{_sysconfdir}/raddb/attrs.access_reject
|
|
%config(noreplace) %{_sysconfdir}/raddb/attrs.accounting_response
|
|
%config(noreplace) %{_sysconfdir}/raddb/attrs.pre-proxy
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/clients.conf
|
|
%config(noreplace) %{_sysconfdir}/raddb/hints
|
|
%config(noreplace) %{_sysconfdir}/raddb/huntgroups
|
|
%config(noreplace) %{_sysconfdir}/raddb/ldap.attrmap
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sqlippool.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/preproxy_users
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/proxy.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/radiusd.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/snmp.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql.conf
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mssql
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mysql
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/oracle
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/postgresql
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.sql
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/users
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/experimental.conf
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/otp.conf
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/certs
|
|
%{_sysconfdir}/raddb/certs/Makefile
|
|
%{_sysconfdir}/raddb/certs/README
|
|
%{_sysconfdir}/raddb/certs/xpextensions
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf
|
|
%attr(750,root,radiusd) %{_sysconfdir}/raddb/certs/bootstrap
|
|
%attr(750,root,radiusd) %config %{_sysconfdir}/raddb/sites-available/example
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available
|
|
%attr(640,root,radiusd) %{_sysconfdir}/raddb/sites-available/*
|
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-enabled
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-enabled/*
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/eap.conf
|
|
%attr(640,root,radiusd) %{_sysconfdir}/raddb/example.pl
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.conf
|
|
%{_sysconfdir}/raddb/policy.txt
|
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/templates.conf
|
|
%attr(700,radiusd,radiusd) %dir %{_localstatedir}/run/radiusd/
|
|
# binaries
|
|
%defattr(-,root,root)
|
|
%{_sbindir}/check-radiusd-config
|
|
%{_sbindir}/checkrad
|
|
%{_sbindir}/radiusd
|
|
%{_sbindir}/radrelay
|
|
%{_sbindir}/radwatch
|
|
# man-pages
|
|
%doc %{_mandir}/man1/*
|
|
%doc %{_mandir}/man5/*
|
|
%doc %{_mandir}/man8/*
|
|
# dictionaries
|
|
%attr(755,root,root) %dir %{_datadir}/freeradius
|
|
%{_datadir}/freeradius/*
|
|
# logs
|
|
%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/
|
|
%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/radacct/
|
|
%attr(644,radiusd,radiusd) %{_localstatedir}/log/radius/radutmp
|
|
%config(noreplace) %attr(600,radiusd,radiusd) /var/log/radius/radius.log
|
|
# RADIUS Loadable Modules
|
|
%attr(755,root,root) %dir %{_libdir}/freeradius
|
|
%attr(755,root,root) %{_libdir}/freeradius/rlm_*.so*
|
|
|
|
%files utils
|
|
%defattr(-,root,root)
|
|
%{_bindir}/*
|
|
|
|
%files libs
|
|
# RADIUS shared libs
|
|
%attr(755,root,root) %dir %{_libdir}/freeradius
|
|
%attr(755,root,root) %{_libdir}/freeradius/lib*.so*
|
|
%if %{_oracle_support} == 1
|
|
|
|
%files oracle
|
|
%defattr(-,root,root)
|
|
%attr(755,root,root) %dir %{_libdir}/freeradius
|
|
%attr(755,root,root) %{_libdir}/freeradius/rlm_sql_oracle*.so*
|
|
%endif
|
|
|
|
%files dialupadmin
|
|
%defattr(-,root,root)
|
|
%dir %{_datadir}/dialup_admin/
|
|
%{_datadir}/dialup_admin/bin/
|
|
%{_datadir}/dialup_admin/doc/
|
|
%{_datadir}/dialup_admin/htdocs/
|
|
%{_datadir}/dialup_admin/html/
|
|
%{_datadir}/dialup_admin/lib/
|
|
%{_datadir}/dialup_admin/sql/
|
|
%dir %{_datadir}/dialup_admin/conf/
|
|
%config(noreplace) %{_datadir}/dialup_admin/conf/*
|
|
%config(noreplace) %{apache2_sysconfdir}/conf.d/radius.conf
|
|
%{_datadir}/dialup_admin/Changelog
|
|
%{_datadir}/dialup_admin/README
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%attr(644,root,root) %{_libdir}/freeradius/*.a
|
|
#%attr(644,root,root) %{_libdir}/freeradius/*.la
|
|
%dir %attr(755,root,root) %{_includedir}/freeradius
|
|
%attr(644,root,root) %{_includedir}/freeradius/*.h
|
|
|
|
%changelog
|
|
* Tue May 13 2008 prusnak@suse.cz
|
|
- fix crashes in events, fifo and threads (event-fifo-threads.patch)
|
|
* Mon May 05 2008 pth@suse.de
|
|
- Fix coding errors that made the package fail to build.
|
|
* Wed Mar 19 2008 prusnak@suse.cz
|
|
- updated to 2.0.3
|
|
Feature improvements
|
|
* Updated raddb/certs/ca.cnf with extensions to allow ca.der
|
|
to be imported as a CA on Symbian and Windows Mobile devices.
|
|
Closes bug #524
|
|
* Enable multiple matches in "hints" via Fall-Through = Yes.
|
|
Closes bug #477
|
|
* Added preliminary SQLite driver, contibuted by Apple.
|
|
Untested, with no sample configuration. This address bug #470.
|
|
* Updated logging sub-system so that log messages from libfreeradius
|
|
can go to the log file, and not stdout.
|
|
* Added dictionary.rfc5176
|
|
* EAP module now checks for instance name, and uses that for
|
|
authentication. This avoids the need to set Auth-Type when
|
|
there are multiple instances of the EAP module.
|
|
* Added Module-Return-Code attribute, which contains the value
|
|
returned by the previous module (ok/fail/update/etc.)
|
|
Bug fixes
|
|
* Corrected typos in rlm_dbm. Closes bugs #521 and #522.
|
|
* Detail file "listen" sections now work much better.
|
|
* Don't allow old "log_*" to over-ride new format. Closes bug #525
|
|
* Initialize allocated memory in Oracle SQL driver. This fixes
|
|
occasional crashes on some systems. Closes bug #518
|
|
* Call correct function in rlm_protocol_filter. This enables the
|
|
module to build. Closes bug #512.
|
|
* Added deprecated flag to build for rlm_krb5. This allows it to
|
|
run on 64-bit systems. Closes bug #491
|
|
* Corrected error message when parsing invalid configurations
|
|
so it doesn't crash. Closes bug #527
|
|
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
|
|
* Handle $INCLUDE's in "instantiate" section. Closes #528.
|
|
* Format updates to "man" pages from Stephen Gran.
|
|
- updated to 2.0.2
|
|
Feature improvements
|
|
* Added notes on how to debug the server in radiusd.conf
|
|
* Moved all "log_*" in radiusd.conf to log{} section.
|
|
The old configurations are still accepted, though.
|
|
* Added ca.der target in raddb/certs/Makefile. This is
|
|
needed for importing CA certs into Windows.
|
|
* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
|
|
This is available only debug builds. It can be used
|
|
to create invalid packets! Use it with care.
|
|
* Permit "unlang" policies inside of Auth-Type{} sub-sections
|
|
of the authenticate{} section. This makes some policies easier
|
|
to implement.
|
|
* "listen" sections can now have "type = proxy". This lets you
|
|
control which IP is used for sending proxied requests.
|
|
* Added note on SSL performance to raddb/certs/README
|
|
Bug fixes
|
|
* Fixed reading of "detail" files.
|
|
* Allow inner EAP tunneled sessions to be proxied.
|
|
* Corrected MySQL schemas
|
|
* syslog now works in log{} section.
|
|
* Corrected typo in raddb/certs/client.cnf
|
|
* Updated raddb/sites-available/proxy-inner-tunnel to
|
|
permit authentication to work.
|
|
* Ignore zero-length attributes in received packets.
|
|
* Correct memcpy when dealing with unknown attributes.
|
|
* Corrected debugging messages in attr_rewrite.
|
|
* Corrected generation of State attribute in EAP. This
|
|
fixes the "failed to remember handler" issues.
|
|
* Fall back to DEFAULT realm if no realm was found.
|
|
Based on a patch from Vincent Magnin.
|
|
* Updated example raddb/sites-available/proxy-inner-tunnel
|
|
* Corrected behavior of attr_filter to match documentation.
|
|
This is NOT backwards compatible with previous versions!
|
|
See "man rlm_attr_filter" for details.
|
|
- dropped patches:
|
|
* conf_read.patch (included in update)
|
|
* strncat.patch (obsoleted by update)
|
|
* Tue Jan 29 2008 prusnak@suse.cz
|
|
- replace obsoleted call to conf_read with cf_file_read (conf_read.patch)
|
|
- split off -doc subpackage
|
|
* Thu Jan 24 2008 prusnak@suse.cz
|
|
- fix strncat usage (strncat.patch)
|
|
* Tue Jan 22 2008 prusnak@suse.cz
|
|
- updated to 2.0.1
|
|
* improve unlang
|
|
* update acct_module
|
|
* fix parsing of syslog logging
|
|
* minor fixes over 2.0.0
|
|
* Tue Jan 22 2008 prusnak@suse.cz
|
|
- renamed to freeradius-server (to follow upstream change)
|
|
- updated to 2.0.0:
|
|
o Feature improvements
|
|
* Debugging mode is much clearer and easier to read.
|
|
* A new policy language makes many configurations trivial.
|
|
See "man unlang" for a complete description.
|
|
* Virtual servers are now supported. This permits clear separation
|
|
of policies. See raddb/sites-available/README
|
|
* EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
|
|
See raddb/certs/README for details.
|
|
* Proxying is much more configurable than before.
|
|
See proxy.conf for documentation on pools, and new config items.
|
|
* Full support for IPv6.
|
|
* Much more complete support for the RADIUS SNMP MIBs.
|
|
* HUP now works. Only some modules are re-loaded,
|
|
and the server configuation is *not* reloaded.
|
|
* "check config" option now works. See "man radiusd"
|
|
* radrelay functionality is now included in the server core.
|
|
See raddb/sites-available/copy-acct-to-home-server
|
|
* VMPS support. It is minimal, but functional.
|
|
* Cleaned up internal API's and names, including library names.
|
|
o Bug fixes
|
|
* Many.
|
|
- removed obsolete patch:
|
|
* type_punning.patch
|
|
* Tue Dec 04 2007 prusnak@suse.cz
|
|
- remove openldap2 from BuildRequires
|
|
* Tue Nov 06 2007 prusnak@suse.cz
|
|
- updated to 1.1.7
|
|
Feature Improvements
|
|
* Updated LDAP documentation.
|
|
* Added note on DH parameters in eap.conf, and debugging messages
|
|
which complain if DH is used, but not configured properly.
|
|
* Updated the Mikrotik dictionary. Added a note that the sample
|
|
dictionary they supply is broken.
|
|
* Output more information on blocked threads, which should help
|
|
narrow down which modules is causing the problem.
|
|
* Added more eDirectory support.
|
|
* rlm_ldap now prints out attributes in the standard format
|
|
* Enabled server-side handling of procedures in MySQL
|
|
Bug Fixes
|
|
* Added NT-Hash support for mschap_xlat.
|
|
* Corrected documentation to point to correct location of files.
|
|
* Checks for more recent FreeBSD versions.
|
|
* uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes.
|
|
* Use correct value for authentication name in rlm_mschap.
|
|
* Fix over-ride for usernames when use_tunneled_reply = yes.
|
|
* Fri Apr 20 2007 pth@suse.de
|
|
- Update to 1.1.6. Changes since 1.1.3:
|
|
Feature improvements
|
|
* Added dictionary.rfc4372 (Chargeable User Identity)
|
|
* Added dictionary.rfc4675 (VLAN and Priority)
|
|
* Added dictionary.rfc4679 (ADSL Forum)
|
|
NOTE some name differences from the RFC, due to dictionary.redback
|
|
* Updated rlm_python to something usable
|
|
* Added experimental sql "HPW" IPPools.
|
|
* Added more dictionaries
|
|
* Dictionary files now MUST NOT be globally writable.
|
|
* Configuration files now MUST NOT be globally readable,
|
|
or globally writable.
|
|
* Be more aggressive about freeing memory on clean exit.
|
|
This helps track down run-time leaks.
|
|
* Updated rlm_python to something usable
|
|
* Added experimental sql "HPW" IPPools.
|
|
* Major enhancements to rlm_pap, that make "encryption_scheme"
|
|
a thing of the past. See "man rlm_pap" for details.
|
|
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
|
|
work-arounds that enable Windows Vista clients to work.
|
|
* Added preliminary code to support Firebird.
|
|
Use at your own risk!
|
|
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
|
|
platforms.
|
|
* Add a new "reply-name" directive in rlm_sqlcounter to define the
|
|
name of the reply attribute.
|
|
* Added more dictionaries and attributes
|
|
* Print ntlm_auth failure reason in Module-Failure-Message
|
|
* radsqlrelay is able to get the DB password from a file instead
|
|
of command line.
|
|
Bug fixes
|
|
* Corrected typo in rlm_pap.c
|
|
* Corrected typo in src/main/auth.c
|
|
* Suppress SSL error messages if error is zero.
|
|
* Don't complain about "Error in read client certificate A"
|
|
if we expect to read it in the next packet. Fix based on patch
|
|
by Dan Lukes.
|
|
* Corrected nearly 30 bugs found by Coverity
|
|
See also http://scan.coverity.com
|
|
* Don't die on HUP. Instead leak memory (sorry). After a few
|
|
hundred HUP's, the server will have leaked a few megabytes of
|
|
memory, and you should probably re-start it. It's ugly, but
|
|
better than dying.
|
|
* Corrected a few double free's
|
|
* Corrected typo in radrelay, which prevented it from working
|
|
* Made Firebird module build
|
|
* Fixed bug in PostgreSQL module that caused server crash.
|
|
* Fixed bug in SQL module that could cause server to crash.
|
|
* Corrected base64 decoding in rlm_pap
|
|
* Don't retransmit accounting packets. The NAS should do this.
|
|
* Handle Client-Error in EAP-SIM.
|
|
* Port OpenSSL locking fixes from CVS head. This makes PEAP
|
|
more stable on some systems.
|
|
* Require Message-Authenticator in Status-Server packets
|
|
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
|
|
* Be more aggressibe about freeing memory on clean exit.
|
|
This isn't strictly a bug fix, but it makes it easier to
|
|
find memory leaks
|
|
* Increase buffer size for dynamic expansion, which allows
|
|
longer SQL qeuries.
|
|
* Use correct line number when there's a parse error in one
|
|
of the configuration sections.
|
|
* Terminate SSL sessions in EAP on error, rather than continuing
|
|
in some cases.
|
|
* Increase buffer size to allow parsing of long octet strings
|
|
* Fix string termination on xlat in rlm_perl
|
|
* Fix a parse error in the digest module, where malformed
|
|
digest requests would result in the user being accepted. Oops...
|
|
* VALUEs can only be defined for 'integer', to catch mistakes
|
|
with setting VALUEs for type 'string'.
|
|
* Better parsing of VALUE names, so that values starting with
|
|
a digit work correctly.
|
|
* Check return from malloc.
|
|
* Fix a double free() in rlm_eap_tls.c
|
|
* Check return code of malloc() during initialization.
|
|
* Fix a corner case where the proxy port isn't set either in
|
|
radiusd.conf or in proxy.conf.
|
|
* Mon Mar 26 2007 rguenther@suse.de
|
|
- add gdbm-devel BuildRequires
|
|
* Sun Feb 11 2007 ro@suse.de
|
|
- one oversight in last change, build tested
|
|
* Sun Feb 11 2007 ro@suse.de
|
|
- fix build as non-root
|
|
* Mon Sep 04 2006 kukuk@suse.de
|
|
- Make sure that pam_nologin.so will always be executed.
|
|
* Wed Aug 23 2006 stark@suse.de
|
|
- update to version 1.1.3
|
|
* autoconf updates
|
|
* More dictionary updates
|
|
* Security and portability fixes to rlm_otp
|
|
* Miscellaneous bug fixes
|
|
* Tue Jun 06 2006 stark@suse.de
|
|
- update to version 1.1.2
|
|
* Allow tagged VSA's for Juniper.
|
|
* Allow Ascend "abinary" format to be specified as octets,
|
|
(e.g. Ascend-Data-Filter = 0x010203...)
|
|
* Added "cipher_list" configuration to the EAP-TLS module.
|
|
See "eap.conf" and "man 1 cipher" for details.
|
|
* Added "check_cert_issuer" configuration to the EAP-TLS module.
|
|
See "eap.conf" for details.
|
|
* Added "suppress" configuration entry to rlm_detail,
|
|
to suppress certain attributes (e.g. User-Password).
|
|
* Write SSL errors to log file, rather than stderr.
|
|
* Allow a core dump on uid change on Linux
|
|
* Bugfixes
|
|
* Wed May 24 2006 schwab@suse.de
|
|
- Don't strip binaries.
|
|
* Tue Mar 28 2006 stark@suse.de
|
|
- fixed an error on x86_64 machines when reading dictionaries
|
|
(#161503)
|
|
- make "use_tunneled_reply" work properly for PEAP
|
|
* Mon Mar 27 2006 ro@suse.de
|
|
- also use fPIC on s390*
|
|
* Thu Mar 23 2006 stark@suse.de
|
|
- fixed validation issue with the EAP-MSCHAPv2 module (#160249)
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Fri Jan 20 2006 stark@suse.de
|
|
- fixed directory permissions (#141153)
|
|
* Thu Jan 19 2006 ro@suse.de
|
|
- changed php requires to generic ones (for php5)
|
|
* Sat Jan 14 2006 stark@suse.de
|
|
- use --with-udpfromto useful for systems with multiple addresses
|
|
* Fri Jan 13 2006 stark@suse.de
|
|
- update to version 1.1.0
|
|
* Wed Jan 11 2006 stark@suse.de
|
|
- adding stack-protector to CFLAGS
|
|
- don't package *.la files for now (#141207)
|
|
* Wed Dec 21 2005 stark@suse.de
|
|
- fixed realloc() in rlm_pam
|
|
* Tue Nov 15 2005 stark@suse.de
|
|
- moved dialup_admin to subpackage and integrate it into
|
|
Apache 2 configuration
|
|
* Mon Sep 26 2005 ro@suse.de
|
|
- added LDAP_DEPRECATED to CFLAGS
|
|
* Fri Sep 23 2005 stark@suse.de
|
|
- update to version 1.0.5
|
|
- updated eDirectory integration documentation
|
|
* Fri Sep 23 2005 ro@suse.de
|
|
- fix build-dir references in .la files
|
|
* Tue Aug 30 2005 stark@suse.de
|
|
- fixed some issues from security audit (#104195)
|
|
(is already upstream for 1.0.5 release)
|
|
* Mon Aug 15 2005 stark@suse.de
|
|
- fix mysql creation script (#104752)
|
|
* Sat Jun 18 2005 stark@suse.de
|
|
- update to version 1.0.4
|
|
* Sun Jun 05 2005 stark@suse.de
|
|
- update to version 1.0.3
|
|
- link radiusd with -pie
|
|
* Mon Apr 11 2005 stark@suse.de
|
|
- start daemon correctly (#75979)
|
|
- fixed packaging on x86-64 (#75979)
|
|
* Wed Mar 02 2005 stark@suse.de
|
|
- com_err.h patch not needed anymore
|
|
- modified spec-file to work with older distributions
|
|
* Fri Feb 18 2005 stark@suse.de
|
|
- enabled eDirectory support and added documentation
|
|
* Thu Feb 17 2005 stark@suse.de
|
|
- update to 1.0.2
|
|
* Sat Nov 27 2004 stark@suse.de
|
|
- fixed installation of radeapclient (#48549)
|
|
* Sat Nov 20 2004 stark@suse.de
|
|
- don't use heimdal for distributions newer than 9.2
|
|
* Mon Nov 15 2004 kukuk@suse.de
|
|
- Use common-* PAM configuration
|
|
* Sat Oct 23 2004 stark@suse.de
|
|
- update to version 1.0.1
|
|
- moved *.la files to devel package
|
|
* Sat Aug 28 2004 stark@suse.de
|
|
- modify logrotate config (#44436)
|
|
* Wed Aug 18 2004 sndirsch@suse.de
|
|
- fixed syntax error (Typo?) in init script
|
|
* Fri Aug 13 2004 stark@suse.de
|
|
- added some sample scripts to documentation
|
|
* Tue Aug 10 2004 stark@suse.de
|
|
- update to 1.0.0
|
|
* Thu Jun 24 2004 ro@suse.de
|
|
- update to 1.0.0pre3 (version set as 0.9.9)
|
|
* Thu Feb 05 2004 stark@suse.de
|
|
- disabled rlm_sql_iodbc and enabled rlm_sql_unixodb
|
|
* Fri Jan 16 2004 kukuk@suse.de
|
|
- Add pam-devel to neededforbuild
|
|
* Mon Jan 12 2004 adrian@suse.de
|
|
- add %%defattr
|
|
* Fri Nov 28 2003 stark@suse.de
|
|
- security update to 0.9.3
|
|
* Fix a remote DoS and possible exploit due to mis-handling
|
|
of tagged attributes, and Tunnel-Password attribute.
|
|
* Thu Oct 16 2003 stark@suse.de
|
|
- update to 0.9.2
|
|
(see /usr/share/doc/packages/freeradius/ChangeLog)
|
|
* Fri Aug 01 2003 ro@suse.de
|
|
- fix include path for com_err.h
|
|
* Thu Jul 31 2003 stark@suse.de
|
|
- use stop/restart macros
|
|
* Wed Jul 23 2003 stark@suse.de
|
|
- use special user for running radiusd
|
|
- modify default configuration to work without changes
|
|
(Auth-Type = Local)
|
|
- added README.SuSE explaining about radiusd user
|
|
* Mon Jul 21 2003 stark@suse.de
|
|
- update to 0.9.0
|
|
- build against libiodbc to enable iodbc module
|
|
* Wed Jun 04 2003 schwab@suse.de
|
|
- Add db-devel to neededforbuild.
|
|
- Don't use system libtool.
|
|
- Fix use of sort.
|
|
- Avoid running autoconf.
|
|
* Wed Apr 16 2003 ro@suse.de
|
|
- fixed neededforbuild
|
|
* Mon Mar 03 2003 kukuk@suse.de
|
|
- removed %%ghost stuff from filelist
|
|
* Fri Feb 07 2003 kukuk@suse.de
|
|
- Use pam_unix2.so instead of pam_unix.so
|
|
* Wed Jan 15 2003 ro@suse.de
|
|
- use sasl2
|
|
* Tue Jan 14 2003 nadvornik@suse.cz
|
|
- fixed multi-line string literals
|
|
* Thu Dec 12 2002 stark@suse.de
|
|
- update to 0.8.1
|
|
* minor bugfixes
|
|
* Mon Dec 02 2002 stark@suse.de
|
|
- removed radwatch from package
|
|
* Tue Nov 19 2002 stark@suse.de
|
|
- update to 0.8
|
|
* Support for Status-Server packets
|
|
* Fixed memory leak when proxying
|
|
* Round-robin load balancing when proxying
|
|
* Many bug fixes
|
|
* (/usr/share/doc/packages/ChangeLog)
|
|
- moved modules to /usr/lib/freeradius
|
|
* Mon Aug 19 2002 ro@suse.de
|
|
- don't overwrite README's with each other
|
|
* Fri Aug 16 2002 stark@suse.de
|
|
- added PreReq (Bug #17838)
|
|
* Thu Jun 20 2002 ro@suse.de
|
|
- hack ltconfig for ppc64
|
|
* Mon Apr 08 2002 stark@suse.de
|
|
- fixed packaging on 64bit platforms
|
|
- added logrotate config
|
|
- added some sample scripts to doc-dir
|
|
* Fri Mar 22 2002 stark@suse.de
|
|
- update to 0.5
|
|
* MS-CHAP and MS-CHAPv2 MPPE support,
|
|
* EAP/MD5 and experimental EAP/TLS,
|
|
* Experimental PHP web administration interface,
|
|
* Fixes for *BSD,
|
|
* Configurable database queries, executed per packet
|
|
(e.g. %%{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%%u}),
|
|
* Fix logic bug which would cause occasional server crashes,
|
|
* Server-side quenching of DoS attacks,
|
|
* Experimental Python module,
|
|
* Aptis, Quintum, and Foundry dictionaries,
|
|
* Limited support for IPv6.
|
|
* Mon Feb 25 2002 stark@suse.de
|
|
- moved *.la back to main-package as it is needed for
|
|
dynamic loading of modules
|
|
* Mon Feb 25 2002 stark@suse.de
|
|
- added patch to work with heimdal-krb5
|
|
- moved *.so to -devel package
|
|
* Fri Feb 08 2002 stark@suse.de
|
|
- deactivated kerberos support
|
|
(seems to be not compatible with heimdal :-()
|
|
* Thu Feb 07 2002 stark@suse.de
|
|
- changed heimdal libdir
|
|
* Thu Dec 13 2001 stark@suse.de
|
|
- update to 0.4
|
|
- better use of fillup_and_insserv
|
|
* Mon Dec 03 2001 stark@suse.de
|
|
- don't use START_RADIUSD anymore
|
|
- make use of new fillup_and_insserv macro
|
|
* Fri Oct 12 2001 stark@suse.de
|
|
- update to version 0.3
|
|
- packed source-archive as bz2
|
|
- branched package -> devel
|
|
* Fri Aug 03 2001 stark@suse.de
|
|
- removed use of watcher-script
|
|
- removed config-check (-C) in init script
|
|
(it's not supported in freeradius)
|
|
* Thu Aug 02 2001 stark@suse.de
|
|
- status fix in init script
|
|
- renamed pam-configfile: radius -> radiusd
|
|
* Wed Aug 01 2001 stark@suse.de
|
|
- updated to 0.2
|
|
* Thu Jul 26 2001 kukuk@suse.de
|
|
- Fix needed for build
|
|
* Tue Jul 10 2001 stark@suse.de
|
|
- added %%{suse_update_config}
|
|
* Sat Jun 23 2001 schwab@suse.de
|
|
- Fix preprocessor directives inside macro arguments.
|
|
* Mon Jun 18 2001 stark@suse.de
|
|
- removed absolute paths from pam-config
|
|
* Wed May 23 2001 stark@suse.de
|
|
- first official beta-version 0.1
|
|
* Wed Mar 21 2001 stark@suse.de
|
|
- new snapshot 20010321 (pre-BETA)
|
|
- replaced start- and killproc to avoid problems with Kernel 2.4
|
|
using the radwatch shell-script
|
|
- added built of LDAP and MySQL modules
|
|
* Mon Jan 29 2001 stark@suse.de
|
|
- %%files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
|
|
* Mon Jan 15 2001 stark@suse.de
|
|
- new snapshot 20010115
|
|
- initial BETA package (sources are ALPHA!)
|
|
* Thu Jan 04 2001 stark@suse.de
|
|
- CVS snapshot 20010104
|