rpms/freeradius
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixing bugs in RHEL6 rebase, applying fixes here as well

Browse Source 
resolves: bug#700870 freeradius not compiled with --with-udpfromto
resolves: bug#753764 shadow password expiration does not work
resolves: bug#712803 radtest script is not working with eap-md5 option
resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
This commit is contained in:
John Dennis 2012-02-28 14:06:15 -05:00
parent 2e5155583e
commit 75432c6005
4 changed files with 224 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
freeradius-postgres-sql.patch Normal file
View File

@ -0,0 +1,11 @@
diff -r -u freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql
--- freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql 2012-02-28 13:16:36.329403383 -0500
@@ -28,5 +28,5 @@
/*
* The server can write to the accounting and post-auth logging table.
*/
-GRANT ALL on radius.radacct TO radius;
-GRANT ALL on radius.radpostauth TO radius;
+GRANT ALL on radacct TO radius;
+GRANT ALL on radpostauth TO radius;

158
freeradius-radeapclient-ipv6.patch Normal file
View File

@ -0,0 +1,158 @@
diff -r -u freeradius-server-2.1.12.orig/man/man1/radeapclient.1 freeradius-server-2.1.12.work/man/man1/radeapclient.1
--- freeradius-server-2.1.12.orig/man/man1/radeapclient.1 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/man/man1/radeapclient.1 2012-02-28 11:11:46.023456307 -0500
@@ -3,6 +3,8 @@
radeapclient - send EAP packets to a RADIUS server, calculate responses
.SH SYNOPSIS
.B radeapclient
+.RB [ \-4 ]
+.RB [ \-6 ]
.RB [ \-c
.IR count ]
.RB [ \-d
@@ -27,7 +29,7 @@
\fBradeapclient\fP is a radius client program. It can send arbitrary radius
packets to a radius server, then shows the reply. Radeapclient differs from
radclient in that if there is an EAP-MD5 challenge, then it will be responded
-to.
+to.
.PP
\fBradeapclient\fP is otherwise identical to \fBradclient\fP.
.PP
@@ -36,11 +38,15 @@
.PP
.PP
The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an
-MD5 challenge.
+MD5 challenge.
.PP
No other EAP types are currently supported.
.SH OPTIONS
+.IP \-4
+Use IPv4 (default)
+.IP \-6
+Use IPv6
.IP \-c\ \fIcount\fP
Send each packet \fIcount\fP times.
.IP \-d\ \fIraddb\fP
@@ -82,7 +88,7 @@
echo 'EAP-Type-Identity = "bob";
echo 'Message-Authenticator = 0x00';
echo 'NAS-Port = 0' ) >req.txt
-
+
radeapclient -x localhost auth testing123 <req.txt
.fi
.sp
diff -r -u freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c
--- freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c 2012-02-28 11:44:34.011174367 -0500
@@ -90,6 +90,8 @@
fprintf(stderr, " -s Print out summary information of auth results.\n");
fprintf(stderr, " -v Show program version information.\n");
fprintf(stderr, " -x Debugging mode.\n");
+ fprintf(stderr, " -4 Use IPv4 address of server\n");
+ fprintf(stderr, " -6 Use IPv6 address of server.\n");
exit(1);
}
@@ -169,7 +171,7 @@
ip = &packet->dst_ipaddr;
port = packet->dst_port;
}
-
+
/*
* Client-specific debugging re-prints the input
* packet into the client log.
@@ -975,15 +977,22 @@
FILE *fp;
int count = 1;
int id;
+ int force_af = AF_UNSPEC;
id = ((int)getpid() & 0xff);
fr_debug_flag = 0;
radlog_dest = RADLOG_STDERR;
- while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
+ while ((c = getopt(argc, argv, "46c:d:f:hi:qst:r:S:xXv")) != EOF)
{
switch(c) {
+ case '4':
+ force_af = AF_INET;
+ break;
+ case '6':
+ force_af = AF_INET6;
+ break;
case 'c':
if (!isdigit((int) *optarg))
usage();
@@ -1106,11 +1115,45 @@
req->id = id;
/*
- * Strip port from hostname if needed.
+ * Resolve hostname.
*/
- if ((p = strchr(argv[1], ':')) != NULL) {
- *p++ = 0;
- port = atoi(p);
+ if (force_af == AF_UNSPEC) force_af = AF_INET;
+ req->dst_ipaddr.af = force_af;
+ if (strcmp(argv[1], "-") != 0) {
+ const char *hostname = argv[1];
+ const char *portname = argv[1];
+ char buffer[256];
+
+ if (*argv[1] == '[') { /* IPv6 URL encoded */
+ p = strchr(argv[1], ']');
+ if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
+ usage();
+ }
+
+ memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
+ buffer[p - argv[1] - 1] = '\0';
+
+ hostname = buffer;
+ portname = p + 1;
+
+ }
+ p = strchr(portname, ':');
+ if (p && (strchr(p + 1, ':') == NULL)) {
+ *p = '\0';
+ portname = p + 1;
+ } else {
+ portname = NULL;
+ }
+
+ if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
+ fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
+ exit(1);
+ }
+
+ /*
+ * Strip port from hostname if needed.
+ */
+ if (portname) port = atoi(portname);
}
/*
@@ -1143,15 +1186,7 @@
} else {
usage();
}
-
- /*
- * Resolve hostname.
- */
req->dst_port = port;
- if (ip_hton(argv[1], AF_INET, &req->dst_ipaddr) < 0) {
- fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
- exit(1);
- }
/*
* Add the secret.

39
freeradius-unix-passwd-expire.patch Normal file
View File

@ -0,0 +1,39 @@
--- freeradius-server-2.1.12.orig/src/modules/rlm_unix/rlm_unix.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius/freeradius-server/src/modules/rlm_unix/rlm_unix.c 2012-02-27 15:10:19.782821614 -0500
@@ -274,9 +274,17 @@
/*
* Check if password has expired.
*/
+ if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
+ (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
+ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+ return RLM_MODULE_REJECT;
+ }
+ /*
+ * Check if account has expired.
+ */
if (spwd && spwd->sp_expire > 0 &&
(request->timestamp / 86400) > spwd->sp_expire) {
- radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+ radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
return RLM_MODULE_REJECT;
}
#endif
@@ -363,7 +371,7 @@
if (fr_crypt_check((char *) request->password->vp_strvalue,
(char *) vp->vp_strvalue) != 0) {
radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
- request->username->vp_strvalue);
+ request->password->vp_strvalue);
return RLM_MODULE_REJECT;
}
#endif /* OSFFIA */
@@ -440,7 +448,7 @@
* Which type is this.
*/
if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
- radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
+ RDEBUG("no Accounting-Status-Type attribute in request.");
return RLM_MODULE_NOOP;
}
status = vp->vp_integer;

17
freeradius.spec
View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server Summary: High-performance and highly configurable free RADIUS server
Name: freeradius Name: freeradius
Version: 2.1.12 Version: 2.1.12
Release: 5%{?dist} Release: 6%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.freeradius.org/ URL: http://www.freeradius.org/
@ -15,6 +15,9 @@ Source104: %{name}-tmpfiles.conf
Patch1: freeradius-cert-config.patch Patch1: freeradius-cert-config.patch
Patch2: freeradius-radtest.patch Patch2: freeradius-radtest.patch
Patch3: freeradius-man.patch Patch3: freeradius-man.patch
Patch4: freeradius-unix-passwd-expire.patch
Patch5: freeradius-radeapclient-ipv6.patch
Patch6: freeradius-postgres-sql.patch
Obsoletes: freeradius-devel Obsoletes: freeradius-devel
Obsoletes: freeradius-libs Obsoletes: freeradius-libs
@ -148,6 +151,10 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%patch1 -p1 -b .cert-config %patch1 -p1 -b .cert-config
%patch2 -p1 -b .radtest %patch2 -p1 -b .radtest
%patch3 -p1 -b .man %patch3 -p1 -b .man
%patch4 -p1 -b unix-passwd-expire
%patch5 -p1 -b radeapclient-ipv6
%patch6 -p1 -b postgres-sql
# Some source files mistakenly have execute permissions set # Some source files mistakenly have execute permissions set
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} + find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
@ -162,6 +169,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
--libdir=%{_libdir}/freeradius \ --libdir=%{_libdir}/freeradius \
--with-system-libtool \ --with-system-libtool \
--disable-ltdl-install \ --disable-ltdl-install \
--with-udpfromto \
--with-gnu-ld \ --with-gnu-ld \
--with-threads \ --with-threads \
--with-thread-pool \ --with-thread-pool \
@ -590,6 +598,13 @@ exit 0
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog %changelog
* Tue Feb 28 2012 John Dennis <jdennis@redhat.com> - 2.1.12-6
Fixing bugs in RHEL6 rebase, applying fixes here as well
resolves: bug#700870 freeradius not compiled with --with-udpfromto
resolves: bug#753764 shadow password expiration does not work
resolves: bug#712803 radtest script is not working with eap-md5 option
resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
* Tue Feb 7 2012 John Dennis <jdennis@redhat.com> - 2.1.12-5 * Tue Feb 7 2012 John Dennis <jdennis@redhat.com> - 2.1.12-5
- resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled - resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled
- resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly - resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly