Fixing bugs in RHEL6 rebase, applying fixes here as well

resolves: bug#700870 freeradius not compiled with --with-udpfromto resolves: bug#753764 shadow password expiration does not work resolves: bug#712803 radtest script is not working with eap-md5 option resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
2012-02-28 14:06:15 -05:00 · 2012-02-28 14:06:15 -05:00 · 75432c6005
commit 75432c6005
parent 2e5155583e
4 changed files with 224 additions and 1 deletions
--- a/freeradius-postgres-sql.patch
+++ b/freeradius-postgres-sql.patch
@ -0,0 +1,11 @@
+diff -r -u freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql
+--- freeradius-server-2.1.12.orig/raddb/sql/postgresql/admin.sql	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/raddb/sql/postgresql/admin.sql	2012-02-28 13:16:36.329403383 -0500
+@@ -28,5 +28,5 @@
+ /*
+  * The server can write to the accounting and post-auth logging table.
+  */
+-GRANT ALL on radius.radacct TO radius;
+-GRANT ALL on radius.radpostauth TO radius;
+GRANT ALL on radacct TO radius;
+GRANT ALL on radpostauth TO radius;
--- a/freeradius-radeapclient-ipv6.patch
+++ b/freeradius-radeapclient-ipv6.patch
@ -0,0 +1,158 @@
+diff -r -u freeradius-server-2.1.12.orig/man/man1/radeapclient.1 freeradius-server-2.1.12.work/man/man1/radeapclient.1
+--- freeradius-server-2.1.12.orig/man/man1/radeapclient.1	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/man/man1/radeapclient.1	2012-02-28 11:11:46.023456307 -0500
+@@ -3,6 +3,8 @@
+ radeapclient - send EAP packets to a RADIUS server, calculate responses
+ .SH SYNOPSIS
+ .B radeapclient
+.RB [ \-4 ]
+.RB [ \-6 ]
+ .RB [ \-c
+ .IR count ]
+ .RB [ \-d
+@@ -27,7 +29,7 @@
+ \fBradeapclient\fP is a radius client program. It can send arbitrary radius
+ packets to a radius server, then shows the reply. Radeapclient differs from
+ radclient in that if there is an EAP-MD5 challenge, then it will be responded
+-to. 
+to.
+ .PP
+ \fBradeapclient\fP is otherwise identical to \fBradclient\fP.
+ .PP
+@@ -36,11 +38,15 @@
+ .PP
+ .PP
+ The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an
+-MD5 challenge. 
+MD5 challenge.
+ .PP
+ No other EAP types are currently supported.
+ 
+ .SH OPTIONS
+.IP \-4
+Use IPv4 (default)
+.IP \-6
+Use IPv6
+ .IP \-c\ \fIcount\fP
+ Send each packet \fIcount\fP times.
+ .IP \-d\ \fIraddb\fP
+@@ -82,7 +88,7 @@
+   echo 'EAP-Type-Identity = "bob";
+   echo 'Message-Authenticator = 0x00';
+   echo 'NAS-Port = 0' ) >req.txt
+-  
+
+ radeapclient -x localhost auth testing123 <req.txt
+ .fi
+ .sp
+diff -r -u freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c
+--- freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c	2012-02-28 11:44:34.011174367 -0500
+@@ -90,6 +90,8 @@
+ 	fprintf(stderr, "  -s          Print out summary information of auth results.\n");
+ 	fprintf(stderr, "  -v          Show program version information.\n");
+ 	fprintf(stderr, "  -x          Debugging mode.\n");
+	fprintf(stderr, "  -4          Use IPv4 address of server\n");
+	fprintf(stderr, "  -6          Use IPv6 address of server.\n");
+ 
+ 	exit(1);
+ }
+@@ -169,7 +171,7 @@
+ 		ip = &packet->dst_ipaddr;
+ 		port = packet->dst_port;
+ 	}
+-	
+
+ 	/*
+ 	 *	Client-specific debugging re-prints the input
+ 	 *	packet into the client log.
+@@ -975,15 +977,22 @@
+ 	FILE *fp;
+ 	int count = 1;
+ 	int id;
+	int force_af = AF_UNSPEC;
+ 
+ 	id = ((int)getpid() & 0xff);
+ 	fr_debug_flag = 0;
+ 
+ 	radlog_dest = RADLOG_STDERR;
+ 
+-	while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
+	while ((c = getopt(argc, argv, "46c:d:f:hi:qst:r:S:xXv")) != EOF)
+ 	{
+ 		switch(c) {
+		case '4':
+			force_af = AF_INET;
+			break;
+		case '6':
+			force_af = AF_INET6;
+			break;
+ 		case 'c':
+ 			if (!isdigit((int) *optarg))
+ 				usage();
+@@ -1106,11 +1115,45 @@
+ 	req->id = id;
+ 
+ 	/*
+-	 *	Strip port from hostname if needed.
+	 *	Resolve hostname.
+ 	 */
+-	if ((p = strchr(argv[1], ':')) != NULL) {
+-		*p++ = 0;
+-		port = atoi(p);
+	if (force_af == AF_UNSPEC) force_af = AF_INET;
+	req->dst_ipaddr.af = force_af;
+	if (strcmp(argv[1], "-") != 0) {
+		const char *hostname = argv[1];
+		const char *portname = argv[1];
+		char buffer[256];
+
+		if (*argv[1] == '[') { /* IPv6 URL encoded */
+			p = strchr(argv[1], ']');
+			if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
+				usage();
+			}
+
+			memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
+			buffer[p - argv[1] - 1] = '\0';
+
+			hostname = buffer;
+			portname = p + 1;
+
+		}
+		p = strchr(portname, ':');
+		if (p && (strchr(p + 1, ':') == NULL)) {
+			*p = '\0';
+			portname = p + 1;
+		} else {
+			portname = NULL;
+		}
+
+		if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
+			fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
+			exit(1);
+		}
+
+		/*
+		 *	Strip port from hostname if needed.
+		 */
+		if (portname) port = atoi(portname);
+ 	}
+ 
+ 	/*
+@@ -1143,15 +1186,7 @@
+ 	} else {
+ 		usage();
+ 	}
+-
+-	/*
+-	 *	Resolve hostname.
+-	 */
+ 	req->dst_port = port;
+-	if (ip_hton(argv[1], AF_INET, &req->dst_ipaddr) < 0) {
+-		fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
+-		exit(1);
+-	}
+ 
+ 	/*
+ 	 *	Add the secret.
--- a/freeradius-unix-passwd-expire.patch
+++ b/freeradius-unix-passwd-expire.patch
@ -0,0 +1,39 @@
+--- freeradius-server-2.1.12.orig/src/modules/rlm_unix/rlm_unix.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius/freeradius-server/src/modules/rlm_unix/rlm_unix.c	2012-02-27 15:10:19.782821614 -0500
+@@ -274,9 +274,17 @@
+ 	/*
+ 	 *      Check if password has expired.
+ 	 */
+	if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
+	    (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
+		radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+		return RLM_MODULE_REJECT;
+	}
+	/*
+	 *      Check if account has expired.
+	 */
+ 	if (spwd && spwd->sp_expire > 0 &&
+ 	    (request->timestamp / 86400) > spwd->sp_expire) {
+-		radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+		radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
+ 		return RLM_MODULE_REJECT;
+ 	}
+ #endif
+@@ -363,7 +371,7 @@
+ 	if (fr_crypt_check((char *) request->password->vp_strvalue,
+ 			     (char *) vp->vp_strvalue) != 0) {
+ 		radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
+-			       request->username->vp_strvalue);
+			       request->password->vp_strvalue);
+ 		return RLM_MODULE_REJECT;
+ 	}
+ #endif /* OSFFIA */
+@@ -440,7 +448,7 @@
+ 	 *	Which type is this.
+ 	 */
+ 	if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
+-		radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
+		RDEBUG("no Accounting-Status-Type attribute in request.");
+ 		return RLM_MODULE_NOOP;
+ 	}
+ 	status = vp->vp_integer;
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 2.1.12
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@ -15,6 +15,9 @@ Source104: %{name}-tmpfiles.conf
 Patch1: freeradius-cert-config.patch
 Patch2: freeradius-radtest.patch
 Patch3: freeradius-man.patch
+Patch4: freeradius-unix-passwd-expire.patch
+Patch5: freeradius-radeapclient-ipv6.patch
+Patch6: freeradius-postgres-sql.patch

 Obsoletes: freeradius-devel
 Obsoletes: freeradius-libs
@ -148,6 +151,10 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch1 -p1 -b .cert-config
 %patch2 -p1 -b .radtest
 %patch3 -p1 -b .man
+%patch4 -p1 -b unix-passwd-expire
+%patch5 -p1 -b radeapclient-ipv6
+%patch6 -p1 -b postgres-sql
+
 # Some source files mistakenly have execute permissions set
 find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +

@ -162,6 +169,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
        --libdir=%{_libdir}/freeradius \
        --with-system-libtool \
        --disable-ltdl-install \
+        --with-udpfromto \
        --with-gnu-ld \
        --with-threads \
        --with-thread-pool \
@ -590,6 +598,13 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so

 %changelog
+* Tue Feb 28 2012 John Dennis <jdennis@redhat.com> - 2.1.12-6
+  Fixing bugs in RHEL6 rebase, applying fixes here as well
+  resolves: bug#700870 freeradius not compiled with --with-udpfromto
+  resolves: bug#753764 shadow password expiration does not work
+  resolves: bug#712803 radtest script is not working with eap-md5 option
+  resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
+
 * Tue Feb  7 2012 John Dennis <jdennis@redhat.com> - 2.1.12-5
 - resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled
 - resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly