-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/ca.cnf 2011-09-07 10:28:28.000000000 -0400
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
preserve = no
policy = policy_match
-Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/client.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/client.cnf 2011-09-07 10:28:28.000000000 -0400
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
preserve = no
policy = policy_match
-Only in freeradius-server-2.1.8/raddb/certs: client.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/server.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/server.cnf 2011-09-07 10:28:28.000000000 -0400
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
preserve = no
policy = policy_match
-Only in freeradius-server-2.1.8/raddb/certs: server.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf
---- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500
-@@ -251,15 +251,6 @@
- cipher_list = "DEFAULT"
-
+diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf
+--- freeradius-server-2.1.12.orig/raddb/eap.conf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/eap.conf 2011-09-07 10:28:28.000000000 -0400
+@@ -281,7 +281,11 @@
+ # for the server to print out an error message,
+ # and refuse to start.
#
--
-- # This configuration entry should be deleted
-- # once the server is running in a normal
-- # configuration. It is here ONLY to make
-- # initial deployments easier.
-- #
- make_cert_command = "${certdir}/bootstrap"
--
-- #
- # Session resumption / fast reauthentication
- # cache.
++ # Redhat RPM's run the bootstrap certificate creation
++ # as part of the RPM install (not upgrade), therefore
++ # the make_cert_command is commented out.
++ #
++ #make_cert_command = "${certdir}/bootstrap"
+
#
-Only in freeradius-server-2.1.8/raddb: eap.conf~
+ # Elliptical cryptography configuration
+Only in freeradius-server-2.1.12/raddb: eap.conf.orig
create
missingok
compress
+ postrotate
+ /sbin/service radiusd reload
+ endscript
}
/var/log/radius/radutmp {
compress
missingok
}
-
-lastrotate
- kill -HUP `cat /var/run/radiusd/radiusd.pid`
-endscript
--- /dev/null
+From 12bbe0c8289260f7db62e010a5e7168ce7bc5644 Mon Sep 17 00:00:00 2001
+From: John Dennis <jdennis@redhat.com>
+Date: Fri, 13 Jan 2012 12:45:14 -0500
+Subject: [PATCH] Fix typo in name of rlm_dbm_parser man page
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+It was rlm_dbm_parse but should be rlm_dbm_parser to match the
+executable name. Also fix name in man page.
+---
+ src/modules/rlm_dbm/Makefile.in | 2 +-
+ src/modules/rlm_dbm/rlm_dbm_parse.8 | 109 ----------------------------------
+ src/modules/rlm_dbm/rlm_dbm_parser.8 | 109 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 110 insertions(+), 110 deletions(-)
+ delete mode 100644 src/modules/rlm_dbm/rlm_dbm_parse.8
+ create mode 100644 src/modules/rlm_dbm/rlm_dbm_parser.8
+
+diff --git a/src/modules/rlm_dbm/Makefile.in b/src/modules/rlm_dbm/Makefile.in
+index f970538..cd537ec 100644
+--- a/src/modules/rlm_dbm/Makefile.in
++++ b/src/modules/rlm_dbm/Makefile.in
+@@ -29,4 +29,4 @@ rlm_dbm_install: rlm_dbm_cat rlm_dbm_parser
+ $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) \
+ rlm_dbm_parser$(EXEEXT) $(R)$(bindir)
+ $(INSTALL) -m 644 rlm_dbm_cat.8 $(R)$(mandir)/man8
+- $(INSTALL) -m 644 rlm_dbm_parse.8 $(R)$(mandir)/man8
++ $(INSTALL) -m 644 rlm_dbm_parser.8 $(R)$(mandir)/man8
+diff --git a/src/modules/rlm_dbm/rlm_dbm_parse.8 b/src/modules/rlm_dbm/rlm_dbm_parse.8
+deleted file mode 100644
+index 51dd1fc..0000000
+--- a/src/modules/rlm_dbm/rlm_dbm_parse.8
++++ /dev/null
+@@ -1,109 +0,0 @@
+-.TH RLM_DBM_PARSE 8
+-.SH NAME
+-rlm_dbm_parse - transforms simple syntax into rlm_dbm format
+-.SH SYNOPSIS
+-.B rlm_dbm_parse
+-.RB [ \-c ]
+-.RB [ \-d
+-.IR raddb ]
+-.RB [ \-i
+-.IR inputfile ]
+-.RB [ \-o
+-.IR outputfile ]
+-.RB [ \-x ]
+-.RB [ \-v ]
+-.RB [ \-q ]
+-[\fIusername ...\fP]
+-
+-.SH DESCRIPTION
+-\fBrlm_dbm_parse\fP reads a file of the syntax defined below, and writes
+-a database file usable by rlm_dbm or edits current database.
+-.PP
+-
+-.SH INPUT FORMAT
+-
+-\fIrlm_dbm_parse\fP reads a format similar to the one used by the files
+-module. In incomplete RFC2234 ABNF, it looks like this:
+-
+-.nf
+-entries = *entry
+-entry = identifier TAB definition
+-identifier = username / group-name
+-username = +PCHAR
+-groupname = +PCHAR
+-definition = (check-item ",")* LF ( *( reply-item ",") / ";" ) LF
+-check-item = AS IN FILES
+-reply-item = AS IN FILES
+-* need definition of username and groupname
+-.fi
+-
+-As an example, these are the standard files definitions (files module).
+-
+-.nf
+-DEFAULT Service-Type == Framed-User
+- Framed-IP-Address = 255.255.255.254,
+- Framed-MTU = 576,
+- Service-Type = Framed-User,
+- Fall-Through = Yes
+-
+-#except who call from number 555-666
+-DEFAULT Auth-Type := Reject,Service-Type ==Framed-User,
+- Calling-Station-ID == "555-666"
+-
+-#or call number 555-667
+-DEFAULT Auth-Type := Reject,Service-Type ==Framed-User,
+- Calling-Station-ID == "555-667"
+-.fi
+-
+-To be a valid rlm_dbm input file, it should look like this:
+-
+-.nf
+-DEFAULT Service-Type == Framed-User # (1)
+- Framed-IP-Address = 255.255.255.254, # comma, list cont'd
+- Framed-MTU = 576,
+- Service-Type = Framed-User,
+- Fall-Through = Yes # \\n, end of list
+- Auth-Type := Reject,Service-Type ==Framed-User, # (2)
+- Calling-Station-ID == "555-666"
+- ; # ;, no reply items
+- Auth-Type := Reject,Service-Type ==Framed-User, # (3)
+- Calling-Station-ID == "555-667"
+- ; # ditto
+-.fi
+-
+-This user (the DEFAULT user) contains three entries, 1, 2 and 3. The
+-first entry has a list of reply items, terminated by a reply item
+-without a trailing comma. Entries 2 and 3 has empty reply lists, as
+-indicated by the semicolon. This is necessary to separate an empty
+-line (which is ignored) from the empty list.
+-Definition Fall-Through = Yes used in order to say module to check next
+-record. By default Fall-Through = Yes.
+-
+-.SH OPTIONS
+-
+-.IP \-d\ \fIraddb\fP
+-Use \fIraddb\fP as the radiusd configuration directory.
+-.IP \-i\ \fIinputfile\fP
+-Use \fIfile\fP as the input file. If not defined then use standard input.
+-.IP \-o\ \fIoutputfile\fP
+-Use \fIfile\fP as the output file.
+-.IP \-c
+-Create a new database (empty output file before writing)
+-.IP \-x
+-Enable debug mode. Multiple x flags increase debug level.
+-.IP \-q
+-Do not print statistics (quiet).
+-.IP \-v
+-Print the version and exit.
+-.IP \-r
+-Remove a username or group name from the database.
+-
+-.SH SEE ALSO
+-radiusd(8)
+-.SH AUTHORS
+-.TP
+-Author:
+-Andrei Koulik <rlm_dbm@agk.nnov.ru>
+-.TP
+-Documentation:
+-Bjørn Nordbø <bn@nextra.com>
+diff --git a/src/modules/rlm_dbm/rlm_dbm_parser.8 b/src/modules/rlm_dbm/rlm_dbm_parser.8
+new file mode 100644
+index 0000000..94137da
+--- /dev/null
++++ b/src/modules/rlm_dbm/rlm_dbm_parser.8
+@@ -0,0 +1,109 @@
++.TH RLM_DBM_PARSER 8
++.SH NAME
++rlm_dbm_parser - transforms simple syntax into rlm_dbm format
++.SH SYNOPSIS
++.B rlm_dbm_parser
++.RB [ \-c ]
++.RB [ \-d
++.IR raddb ]
++.RB [ \-i
++.IR inputfile ]
++.RB [ \-o
++.IR outputfile ]
++.RB [ \-x ]
++.RB [ \-v ]
++.RB [ \-q ]
++[\fIusername ...\fP]
++
++.SH DESCRIPTION
++\fBrlm_dbm_parser\fP reads a file of the syntax defined below, and writes
++a database file usable by rlm_dbm or edits current database.
++.PP
++
++.SH INPUT FORMAT
++
++\fIrlm_dbm_parser\fP reads a format similar to the one used by the files
++module. In incomplete RFC2234 ABNF, it looks like this:
++
++.nf
++entries = *entry
++entry = identifier TAB definition
++identifier = username / group-name
++username = +PCHAR
++groupname = +PCHAR
++definition = (check-item ",")* LF ( *( reply-item ",") / ";" ) LF
++check-item = AS IN FILES
++reply-item = AS IN FILES
++* need definition of username and groupname
++.fi
++
++As an example, these are the standard files definitions (files module).
++
++.nf
++DEFAULT Service-Type == Framed-User
++ Framed-IP-Address = 255.255.255.254,
++ Framed-MTU = 576,
++ Service-Type = Framed-User,
++ Fall-Through = Yes
++
++#except who call from number 555-666
++DEFAULT Auth-Type := Reject,Service-Type ==Framed-User,
++ Calling-Station-ID == "555-666"
++
++#or call number 555-667
++DEFAULT Auth-Type := Reject,Service-Type ==Framed-User,
++ Calling-Station-ID == "555-667"
++.fi
++
++To be a valid rlm_dbm input file, it should look like this:
++
++.nf
++DEFAULT Service-Type == Framed-User # (1)
++ Framed-IP-Address = 255.255.255.254, # comma, list cont'd
++ Framed-MTU = 576,
++ Service-Type = Framed-User,
++ Fall-Through = Yes # \\n, end of list
++ Auth-Type := Reject,Service-Type ==Framed-User, # (2)
++ Calling-Station-ID == "555-666"
++ ; # ;, no reply items
++ Auth-Type := Reject,Service-Type ==Framed-User, # (3)
++ Calling-Station-ID == "555-667"
++ ; # ditto
++.fi
++
++This user (the DEFAULT user) contains three entries, 1, 2 and 3. The
++first entry has a list of reply items, terminated by a reply item
++without a trailing comma. Entries 2 and 3 has empty reply lists, as
++indicated by the semicolon. This is necessary to separate an empty
++line (which is ignored) from the empty list.
++Definition Fall-Through = Yes used in order to say module to check next
++record. By default Fall-Through = Yes.
++
++.SH OPTIONS
++
++.IP \-d\ \fIraddb\fP
++Use \fIraddb\fP as the radiusd configuration directory.
++.IP \-i\ \fIinputfile\fP
++Use \fIfile\fP as the input file. If not defined then use standard input.
++.IP \-o\ \fIoutputfile\fP
++Use \fIfile\fP as the output file.
++.IP \-c
++Create a new database (empty output file before writing)
++.IP \-x
++Enable debug mode. Multiple x flags increase debug level.
++.IP \-q
++Do not print statistics (quiet).
++.IP \-v
++Print the version and exit.
++.IP \-r
++Remove a username or group name from the database.
++
++.SH SEE ALSO
++radiusd(8)
++.SH AUTHORS
++.TP
++Author:
++Andrei Koulik <rlm_dbm@agk.nnov.ru>
++.TP
++Documentation:
++Bjørn Nordbø <bn@nextra.com>
+--
+1.7.7.5
+
--- /dev/null
+commit ecb3cd1dbedb764ab98532dae5e0b5bfc9571b00
+Author: Alan T. DeKok <aland@freeradius.org>
+Date: Thu Dec 1 14:21:03 2011 +0100
+
+ Perl clone should be called sequentially, not in parallel.
+
+ Adding a mutex fixes this.
+
+ Patch from Eike Dehling
+
+diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c
+index 5c82e89..4682ba5 100644
+--- a/src/modules/rlm_perl/rlm_perl.c
++++ b/src/modules/rlm_perl/rlm_perl.c
+@@ -77,6 +77,8 @@ typedef struct perl_inst {
+ char *perl_flags;
+ PerlInterpreter *perl;
+ pthread_key_t *thread_key;
++
++ pthread_mutex_t clone_mutex;
+ } PERL_INST;
+ /*
+ * A mapping of configuration file names to internal variables.
+@@ -434,6 +436,8 @@ static int perl_instantiate(CONF_SECTION *conf, void **instance)
+ */
+
+ #ifdef USE_ITHREADS
++ pthread_mutex_init(&inst->clone_mutex, NULL);
++
+ inst->thread_key = rad_malloc(sizeof(*inst->thread_key));
+ memset(inst->thread_key,0,sizeof(*inst->thread_key));
+
+@@ -656,8 +660,10 @@ static int rlmperl_call(void *instance, REQUEST *request, char *function_name)
+ HV *rad_request_hv;
+ HV *rad_request_proxy_hv;
+ HV *rad_request_proxy_reply_hv;
+-
++
+ #ifdef USE_ITHREADS
++ pthread_mutex_lock(&inst->clone_mutex);
++
+ PerlInterpreter *interp;
+
+ interp = rlm_perl_clone(inst->perl,inst->thread_key);
+@@ -665,9 +671,12 @@ static int rlmperl_call(void *instance, REQUEST *request, char *function_name)
+ dTHXa(interp);
+ PERL_SET_CONTEXT(interp);
+ }
++
++ pthread_mutex_unlock(&inst->clone_mutex);
+ #else
+ PERL_SET_CONTEXT(inst->perl);
+ #endif
++
+ {
+ dSP;
+
+@@ -974,6 +983,7 @@ static int perl_detach(void *instance)
+
+ #ifdef USE_ITHREADS
+ rlm_perl_destruct(inst->perl);
++ pthread_mutex_destroy(&inst->clone_mutex);
+ #else
+ perl_destruct(inst->perl);
+ perl_free(inst->perl);
--- /dev/null
+diff -r -u freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql
+--- freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql 2011-09-30 10:12:07.000000000 -0400
++++ freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql 2012-02-28 13:16:36.329403383 -0500
+@@ -28,5 +28,5 @@
+ /*
+ * The server can write to the accounting and post-auth logging table.
+ */
+-GRANT ALL on radius.radacct TO radius;
+-GRANT ALL on radius.radpostauth TO radius;
++GRANT ALL on radacct TO radius;
++GRANT ALL on radpostauth TO radius;
--- /dev/null
+diff -r -u freeradius-server-2.1.12.orig/man/man1/radeapclient.1 freeradius-server-2.1.12.work/man/man1/radeapclient.1
+--- freeradius-server-2.1.12.orig/man/man1/radeapclient.1 2011-09-30 10:12:07.000000000 -0400
++++ freeradius-server-2.1.12.work/man/man1/radeapclient.1 2012-02-28 11:11:46.023456307 -0500
+@@ -3,6 +3,8 @@
+ radeapclient - send EAP packets to a RADIUS server, calculate responses
+ .SH SYNOPSIS
+ .B radeapclient
++.RB [ \-4 ]
++.RB [ \-6 ]
+ .RB [ \-c
+ .IR count ]
+ .RB [ \-d
+@@ -27,7 +29,7 @@
+ \fBradeapclient\fP is a radius client program. It can send arbitrary radius
+ packets to a radius server, then shows the reply. Radeapclient differs from
+ radclient in that if there is an EAP-MD5 challenge, then it will be responded
+-to.
++to.
+ .PP
+ \fBradeapclient\fP is otherwise identical to \fBradclient\fP.
+ .PP
+@@ -36,11 +38,15 @@
+ .PP
+ .PP
+ The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an
+-MD5 challenge.
++MD5 challenge.
+ .PP
+ No other EAP types are currently supported.
+
+ .SH OPTIONS
++.IP \-4
++Use IPv4 (default)
++.IP \-6
++Use IPv6
+ .IP \-c\ \fIcount\fP
+ Send each packet \fIcount\fP times.
+ .IP \-d\ \fIraddb\fP
+@@ -82,7 +88,7 @@
+ echo 'EAP-Type-Identity = "bob";
+ echo 'Message-Authenticator = 0x00';
+ echo 'NAS-Port = 0' ) >req.txt
+-
++
+ radeapclient -x localhost auth testing123 <req.txt
+ .fi
+ .sp
+diff -r -u freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c
+--- freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c 2011-09-30 10:12:07.000000000 -0400
++++ freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c 2012-02-28 11:44:34.011174367 -0500
+@@ -90,6 +90,8 @@
+ fprintf(stderr, " -s Print out summary information of auth results.\n");
+ fprintf(stderr, " -v Show program version information.\n");
+ fprintf(stderr, " -x Debugging mode.\n");
++ fprintf(stderr, " -4 Use IPv4 address of server\n");
++ fprintf(stderr, " -6 Use IPv6 address of server.\n");
+
+ exit(1);
+ }
+@@ -169,7 +171,7 @@
+ ip = &packet->dst_ipaddr;
+ port = packet->dst_port;
+ }
+-
++
+ /*
+ * Client-specific debugging re-prints the input
+ * packet into the client log.
+@@ -975,15 +977,22 @@
+ FILE *fp;
+ int count = 1;
+ int id;
++ int force_af = AF_UNSPEC;
+
+ id = ((int)getpid() & 0xff);
+ fr_debug_flag = 0;
+
+ radlog_dest = RADLOG_STDERR;
+
+- while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
++ while ((c = getopt(argc, argv, "46c:d:f:hi:qst:r:S:xXv")) != EOF)
+ {
+ switch(c) {
++ case '4':
++ force_af = AF_INET;
++ break;
++ case '6':
++ force_af = AF_INET6;
++ break;
+ case 'c':
+ if (!isdigit((int) *optarg))
+ usage();
+@@ -1106,11 +1115,45 @@
+ req->id = id;
+
+ /*
+- * Strip port from hostname if needed.
++ * Resolve hostname.
+ */
+- if ((p = strchr(argv[1], ':')) != NULL) {
+- *p++ = 0;
+- port = atoi(p);
++ if (force_af == AF_UNSPEC) force_af = AF_INET;
++ req->dst_ipaddr.af = force_af;
++ if (strcmp(argv[1], "-") != 0) {
++ const char *hostname = argv[1];
++ const char *portname = argv[1];
++ char buffer[256];
++
++ if (*argv[1] == '[') { /* IPv6 URL encoded */
++ p = strchr(argv[1], ']');
++ if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
++ usage();
++ }
++
++ memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
++ buffer[p - argv[1] - 1] = '\0';
++
++ hostname = buffer;
++ portname = p + 1;
++
++ }
++ p = strchr(portname, ':');
++ if (p && (strchr(p + 1, ':') == NULL)) {
++ *p = '\0';
++ portname = p + 1;
++ } else {
++ portname = NULL;
++ }
++
++ if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
++ fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
++ exit(1);
++ }
++
++ /*
++ * Strip port from hostname if needed.
++ */
++ if (portname) port = atoi(portname);
+ }
+
+ /*
+@@ -1143,15 +1186,7 @@
+ } else {
+ usage();
+ }
+-
+- /*
+- * Resolve hostname.
+- */
+ req->dst_port = port;
+- if (ip_hton(argv[1], AF_INET, &req->dst_ipaddr) < 0) {
+- fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
+- exit(1);
+- }
+
+ /*
+ * Add the secret.
--- /dev/null
+diff -u -r freeradius-server-2.1.12.orig/src/main/radtest.in freeradius-server-2.1.12/src/main/radtest.in
+--- freeradius-server-2.1.12.orig/src/main/radtest.in 2011-09-30 10:12:07.000000000 -0400
++++ freeradius-server-2.1.12/src/main/radtest.in 2012-01-05 15:51:56.877585514 -0500
+@@ -121,7 +121,7 @@
+ echo "EAP-Code = Response"
+ echo "EAP-Type-Identity = \"$1\""
+ fi
+- if [ "$6" ]
++ if [ ! -z "$6" ] && [[ $6 =~ ^[0-9]+$ ]] && [ $6 -gt 0 ]
+ then
+ echo "Framed-Protocol = PPP"
+ fi
+Only in freeradius-server-2.1.12/src/main: radtest.in~
--- /dev/null
+--- freeradius-server-2.1.12.orig/src/modules/rlm_unix/rlm_unix.c 2011-09-30 10:12:07.000000000 -0400
++++ freeradius/freeradius-server/src/modules/rlm_unix/rlm_unix.c 2012-02-27 15:10:19.782821614 -0500
+@@ -274,9 +274,17 @@
+ /*
+ * Check if password has expired.
+ */
++ if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
++ (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
++ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
++ return RLM_MODULE_REJECT;
++ }
++ /*
++ * Check if account has expired.
++ */
+ if (spwd && spwd->sp_expire > 0 &&
+ (request->timestamp / 86400) > spwd->sp_expire) {
+- radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
++ radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
+ return RLM_MODULE_REJECT;
+ }
+ #endif
+@@ -363,7 +371,7 @@
+ if (fr_crypt_check((char *) request->password->vp_strvalue,
+ (char *) vp->vp_strvalue) != 0) {
+ radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
+- request->username->vp_strvalue);
++ request->password->vp_strvalue);
+ return RLM_MODULE_REJECT;
+ }
+ #endif /* OSFFIA */
+@@ -440,7 +448,7 @@
+ * Which type is this.
+ */
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
+- radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
++ RDEBUG("no Accounting-Status-Type attribute in request.");
+ return RLM_MODULE_NOOP;
+ }
+ status = vp->vp_integer;
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
-Version: 2.2.0
-Release: 1%{?dist}
+Version: 2.1.12
+Release: 3%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
Source103: freeradius-pam-conf
Patch1: freeradius-cert-config.patch
+Patch2: freeradius-radtest.patch
+Patch3: freeradius-man.patch
+Patch4: freeradius-unix-passwd-expire.patch
+Patch5: freeradius-radeapclient-ipv6.patch
+Patch6: freeradius-postgres-sql.patch
+Patch7: freeradius-perl.patch
Obsoletes: freeradius-devel
Obsoletes: freeradius-libs
%prep
%setup -q -n freeradius-server-%{version}
%patch1 -p1 -b .cert-config
+%patch2 -p1 -b .radtest
+%patch3 -p1 -b .man
+%patch4 -p1 -b unix-passwd-expire
+%patch5 -p1 -b radeapclient-ipv6
+%patch6 -p1 -b postgres-sql
+%patch7 -p1 -b perl
+
# Some source files mistakenly have execute permissions set
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
--libdir=%{_libdir}/freeradius \
--with-system-libtool \
--disable-ltdl-install \
+ --with-udpfromto \
--with-gnu-ld \
--with-threads \
--with-thread-pool \
perl -pi -e 's:sys_lib_search_path_spec=.*:sys_lib_search_path_spec="/lib64 /usr/lib64 /usr/local/lib64":' libtool
%endif
-make
+make LINK_MODE=-pie
%install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/var/run/radiusd
-mkdir -p $RPM_BUILD_ROOT/var/lib/radiusd
+mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
# fix for bad libtool bug - can not rebuild dependent libs and bins
#FIXME export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}
make install R=$RPM_BUILD_ROOT
install -D -m 644 %{SOURCE102} $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/radiusd
install -D -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd
+mkdir -p %{buildroot}%{_localstatedir}/run/
+install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/
+
# remove unneeded stuff
rm -rf doc/00-OLD
rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
rm -rf $RPM_BUILD_ROOT/%{_datadir}/dialup_admin/lib/sql/oracle
rm -rf $RPM_BUILD_ROOT/%{_datadir}/dialup_admin/lib/sql/drivers/oracle
-# remove header files, we don't ship a devel package and the
+# remove header files, we don't ship a devel package and the
# headers have multilib conflicts
rm -rf $RPM_BUILD_ROOT/%{_includedir}
EOF
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
# Make sure our user/group is present prior to any package or subpackage installation
%pre
-getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd
+getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd > /dev/null 2>&1
getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd -u 95 -c "radiusd user" -s /sbin/nologin radiusd > /dev/null 2>&1
exit 0
%post
-if [ $1 = 1 ]; then
+if [ $1 -eq 1 ]; then # install
/sbin/chkconfig --add radiusd
if [ ! -e /etc/raddb/certs/server.pem ]; then
- /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' > /dev/null 2>&1 || :
+ /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' > /dev/null 2>&1
fi
fi
+exit 0
%preun
-if [ $1 = 0 ]; then
+if [ $1 -eq 0 ]; then # uninstall
/sbin/service radiusd stop > /dev/null 2>&1
/sbin/chkconfig --del radiusd
fi
+exit 0
%postun
-if [ $1 -ge 1 ]; then
- /sbin/service radiusd condrestart >/dev/null 2>&1 || :
+if [ $1 -ge 1 ]; then # upgrade
+ /sbin/service radiusd condrestart >/dev/null 2>&1
fi
-
+if [ $1 -eq 0 ]; then # uninstall
+ getent passwd radiusd >/dev/null && /usr/sbin/userdel radiusd > /dev/null 2>&1
+ getent group radiusd >/dev/null && /usr/sbin/groupdel radiusd > /dev/null 2>&1
+fi
+exit 0
%files
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/pam.d/radiusd
%config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
%{initddir}/radiusd
-%dir %attr(755,radiusd,radiusd) /var/lib/radiusd
+%dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd
+%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
# configs
%dir %attr(755,root,radiusd) /etc/raddb
%defattr(-,root,radiusd)
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sradutmp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/unix
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/wimax
-%dir %attr(755,radiusd,radiusd) /var/run/radiusd/
# binaries
%defattr(-,root,root)
/usr/sbin/checkrad
%{_libdir}/freeradius/rlm_wimax-%{version}.so
%files utils
-%defattr(-,root,root)
/usr/bin/*
# man-pages
%doc %{_mandir}/man1/radclient.1.gz
%doc %{_mandir}/man1/radtest.1.gz
%doc %{_mandir}/man1/radwho.1.gz
%doc %{_mandir}/man1/radzap.1.gz
+%doc %{_mandir}/man1/smbencrypt.1.gz
+%doc %{_mandir}/man5/checkrad.5.gz
+%doc %{_mandir}/man8/radconf2xml.8.gz
+%doc %{_mandir}/man8/radcrypt.8.gz
+%doc %{_mandir}/man8/radsniff.8.gz
%doc %{_mandir}/man8/radsqlrelay.8.gz
+%doc %{_mandir}/man8/rlm_dbm_cat.8.gz
+%doc %{_mandir}/man8/rlm_dbm_parser.8.gz
%doc %{_mandir}/man8/rlm_ippool_tool.8.gz
%files krb5
-%defattr(-,root,root)
%{_libdir}/freeradius/rlm_krb5.so
%{_libdir}/freeradius/rlm_krb5-%{version}.so
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/krb5
%files perl
-%defattr(-,root,root)
%{_libdir}/freeradius/rlm_perl.so
%{_libdir}/freeradius/rlm_perl-%{version}.so
%files python
-%defattr(-,root,root)
%{_libdir}/freeradius/rlm_python.so
%{_libdir}/freeradius/rlm_python-%{version}.so
%files mysql
-%defattr(-,root,root)
%dir %attr(750,root,radiusd) /etc/raddb/sql/mysql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/mysql/*
%dir %attr(750,root,radiusd) /etc/raddb/sql/ndb
%{_libdir}/freeradius/rlm_sql_mysql-%{version}.so
%files postgresql
-%defattr(-,root,root)
%dir %attr(750,root,radiusd) /etc/raddb/sql/postgresql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/postgresql/*
%{_libdir}/freeradius/rlm_sql_postgresql.so
%{_libdir}/freeradius/rlm_sql_postgresql-%{version}.so
%files ldap
-%defattr(-,root,root)
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/ldap.attrmap
%{_libdir}/freeradius/rlm_ldap.so
%{_libdir}/freeradius/rlm_ldap-%{version}.so
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/ldap
%files unixODBC
-%defattr(-,root,root)
%{_libdir}/freeradius/rlm_sql_unixodbc.so
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog
-* Wed Sep 22 2010 John Dennis <jdennis@redhat.com> - 2.1.10-1
-- upgrade to latest upstream release
+* Tue Apr 10 2012 John Dennis <jdennis@redhat.com> - 2.1.12-2
+- resolves: bug#810605 Segfault with freeradius-perl threading
+
+* Mon Feb 27 2012 John Dennis <jdennis@redhat.com> - 2.1.12-1
+- Upgrade to latest upstream release: 2.1.12
+ resolves: bug#736878 Rebase to latest upstream
+ resolves: bug#705723 logrotate script does not reload running daemon
+ resolves: bug#787116 radtest PPPhint option not parsed correctly
+ resolves: bug#700870 freeradius not compiled with --with-udpfromto
+ resolves: bug#753764 shadow password expiration does not work
+ resolves: bug#712803 radtest script is not working with eap-md5 option
+ resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
+
+* Thu Mar 24 2011 John Dennis <jdennis@redhat.com> - 2.1.10-5
+- Resolves: #689045 Using rlm_perl cause radiusd failed to start
+ Fix configure typo which caused lt_dladvise_* functions to be skipped.
+ run autogen.sh because HAVE_LT_DLADVISE_INIT isn't in src/main/autogen.h
+ Implemented by: freeradius-lt-dladvise.patch
+
+* Wed Feb 23 2011 John Dennis <jdennis@redhat.com> - 2.1.10-4
+- Resolves: #599528 - make radtest IPv6 compatible
+
+* Wed Jan 12 2011 John Dennis <jdennis@redhat.com> - 2.1.10-3
+- Resolves: #644100, Rebase to current release
+- Fix 666589 - removing freeradius from system does not delete the user "radiusd"
+ fix scriptlet argument testing, simplify always exiting with zero
+
+* Tue Oct 19 2010 John Dennis <jdennis@redhat.com> - 2.1.10-1
+- Upgrade to latest upstream release
Feature improvements
* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1
* Add Module-Failure-Message for mschap module (ntlm_auth)
* made rlm_sql_sqlite database configurable. Use "filename"
in sql{} section.
- * Added %{tolower: ...string ... }, which returns the lowercase
- version of the string.
+ * Added %%{tolower: ...string ... }, which returns the lowercase
+ version of the string. Also added %%{toupper: ... } for uppercase.
Bug fixes
* Fix endless loop when there are multiple sub-options for
* Fix hang on startup when multiple home servers were defined
with "src_ipaddr" field.
* Fix 32/64 bit issue in rlm_ldap. Closes bug #105.
- * If the first "listen" section uses 127.0.0.1, don't use that
- as the source IP for proxying. It won't work.
+ * If the first "listen" section defines 127.0.0.1, don't use that
+ as a source IP for proxying. It won't work.
* When Proxy-To-Realm is set to a non-existent realm, the EAP module
should handle the request, rather than expecting it to be proxied.
* Fix IPv4 issues with udpfromto. Closes bug #110.
* Multiple calls to ber_printf seem to work better. Closes #106.
* Fix "unlang" so that "attribute not found" is treated as a "false"
comparison, rather than a syntax error in the configuration.
+ * Fix issue with "Group" attribute.
+* Fri Sep 3 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.1.9-3
+- Resolves: bug #629951
+ override LINK_MODE at compile-time to add -pie to linker flags, so that
+ radiusd will be built as a PIE
-* Sat Jul 31 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 2.1.9-3
-- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
-
-* Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 2.1.9-2
-- Mass rebuild with perl-5.12.0
+* Thu Jun 10 2010 John Dennis <jdennis@redhat.com> - 2.1.9-2
+- Resolves: bug #599521
+ use DNS to resolve NAS-IPv6-Address attribute
* Mon May 24 2010 John Dennis <jdennis@redhat.com> - 2.1.9-1
- update to latest upstream, mainly bug fix release
+- Resolves: bug #584101
Feature improvements
* Add radmin command "stats detail <file>" to see what
is going on inside of a detail file reader.
* Allow spaces when parsing integer values. This helps people who
put "too much" into an SQL value field.
+* Thu Apr 8 2010 John Dennis <jdennis@redhat.com> - 2.1.8-3
+- Resolves: bug #539466
+
* Thu Jan 7 2010 John Dennis <jdennis@redhat.com> - 2.1.8-2
-- resolves: bug #526559 initial install should run bootstrap to create certificates
+- bug #526559 initial install should run bootstrap to create certificates
running radiusd in debug mode to generate inital temporary certificates
is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial
rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file
-- resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation
+- bug #528493 use sha1 algorithm instead of md5 during cert generation
the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files
were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months
- rebuild against perl 5.10.1
* Thu Dec 3 2009 John Dennis <jdennis@redhat.com> - 2.1.7-3
-- resolves: bug #522111 non-conformant initscript
+- bug #522111 non-conformant initscript
also change permission of /var/run/radiusd from 0700 to 0755
so that "service radiusd status" can be run as non-root
+++ /dev/null
-# You can use this to rotate the /var/log/radius/* files, simply copy
-# it to /etc/logrotate.d/radiusd
-
-# There are different detail-rotating strategies you can use. One is
-# to write to a single detail file per IP and use the rotate config
-# below. Another is to write to a daily detail file per IP with:
-# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
-# (or similar) in radiusd.conf, without rotation. If you go with the
-# second technique, you will need another cron job that removes old
-# detail files. You do not need to comment out the below for method #2.
-/var/log/radius/radacct/*/detail {
- monthly
- rotate 4
- nocreate
- missingok
- compress
-}
-
-/var/log/radius/checkrad.log {
- monthly
- rotate 4
- create
- missingok
- compress
-}
-
-/var/log/radius/radius.log {
- monthly
- rotate 4
- create
- missingok
- compress
-}
-
-/var/log/radius/radutmp {
- monthly
- rotate 4
- create
- compress
- missingok
-}
-
-/var/log/radius/radwtmp {
- monthly
- rotate 4
- create
- compress
- missingok
-}
-/var/log/radius/sqltrace.sql {
- monthly
- rotate 4
- create
- compress
- missingok
-}
+++ /dev/null
-#%PAM-1.0
-auth required /lib/security/pam_unix_auth.so shadow nullok
-auth required /lib/security/pam_nologin.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password required /lib/security/pam_unix_password.so shadow nullok use_authtok
-session required /lib/security/pam_unix_session.so
projects / thirdparty / freeradius-server.git / commitdiff
