diff --git a/freeradius-connection-fall-through-to-global-module-triggers.patch b/freeradius-connection-fall-through-to-global-module-triggers.patch new file mode 100644 index 0000000..a2c1156 --- /dev/null +++ b/freeradius-connection-fall-through-to-global-module-triggers.patch @@ -0,0 +1,280 @@ +From 132992fe92d53d62499d8c4672feafe210efc573 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Fri, 24 Oct 2014 14:37:11 +0300 +Subject: [PATCH 4/4] connection: Fall through to global module triggers + +Make module connection pool triggers use global module trigger +configuration, if there is no "trigger" section in the pool section. + +Use fully-qualified module-specific trigger names for module-specific +connection pools in connection.c. + +E.g. trigger "modules.ldap.open", instead of just "open" for pools +initialized with fr_connection_pool_module_init, being passed "ldap" +config section. + +Send triggers even if the pool has no "trigger" section. + +This makes exec_trigger fall through to global module triggers, if the +pool configuration doesn't have the "trigger" section. +--- + src/include/connection.h | 3 +- + src/main/connection.c | 81 ++++++++++++++++++++++++++++++------------------ + 2 files changed, 53 insertions(+), 31 deletions(-) + +diff --git a/src/include/connection.h b/src/include/connection.h +index e3752d5..eaf44e8 100644 +--- a/src/include/connection.h ++++ b/src/include/connection.h +@@ -81,7 +81,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, + void *opaque, + fr_connection_create_t c, + fr_connection_alive_t a, +- char const *prefix); ++ char const *log_prefix, ++ char const *trigger_prefix); + void fr_connection_pool_delete(fr_connection_pool_t *pool); + + void *fr_connection_get(fr_connection_pool_t *pool); +diff --git a/src/main/connection.c b/src/main/connection.c +index 5f0c8f6..aec4f9d 100644 +--- a/src/main/connection.c ++++ b/src/main/connection.c +@@ -110,10 +110,6 @@ struct fr_connection_pool_t { + uint32_t idle_timeout; //!< How long a connection can be idle + //!< before being closed. + +- bool trigger; //!< If true execute connection triggers +- //!< associated with the connection +- //!< pool. +- + bool spread; //!< If true requests will be spread + //!< across all connections, instead of + //!< re-using the most recently used +@@ -158,6 +154,11 @@ struct fr_connection_pool_t { + //!< messages created by the connection + //!< pool code. + ++ char const *trigger_prefix; //!< Prefix to prepend to ++ //!< names of all triggers ++ //!< fired by the connection ++ //!< pool code. ++ + fr_connection_create_t create; //!< Function used to create new + //!< connections. + fr_connection_alive_t alive; //!< Function used to check status +@@ -271,6 +272,20 @@ static void fr_connection_link_tail(fr_connection_pool_t *pool, + } + } + ++/** Send a connection pool trigger. ++ * ++ * @param[in] pool to send trigger for. ++ * @param[in] name_suffix trigger name suffix. ++ */ ++static void fr_connection_exec_trigger(fr_connection_pool_t *pool, ++ char const *name_suffix) ++{ ++ char name[64]; ++ rad_assert(pool != NULL); ++ rad_assert(name_suffix != NULL); ++ snprintf(name, sizeof(name), "%s%s", pool->trigger_prefix, name_suffix); ++ exec_trigger(NULL, pool->cs, name, true); ++} + + /** Spawns a new connection + * +@@ -403,7 +418,7 @@ static fr_connection_t *fr_connection_spawn(fr_connection_pool_t *pool, + + pthread_mutex_unlock(&pool->mutex); + +- if (pool->trigger) exec_trigger(NULL, pool->cs, "open", true); ++ fr_connection_exec_trigger(pool, "open"); + + return this; + } +@@ -436,7 +451,7 @@ static void fr_connection_close(fr_connection_pool_t *pool, + pool->active--; + } + +- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true); ++ fr_connection_exec_trigger(pool, "close"); + + fr_connection_unlink(pool, this); + rad_assert(pool->num > 0); +@@ -542,7 +557,7 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool) + fr_connection_close(pool, this); + } + +- if (pool->trigger) exec_trigger(NULL, pool->cs, "stop", true); ++ fr_connection_exec_trigger(pool, "stop"); + + rad_assert(pool->head == NULL); + rad_assert(pool->tail == NULL); +@@ -559,33 +574,36 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool) + * @param[in] opaque data pointer to pass to callbacks. + * @param[in] c Callback to create new connections. + * @param[in] a Callback to check the status of connections. +- * @param[in] prefix override, if NULL will be set automatically from the module CONF_SECTION. ++ * @param[in] log_prefix override, if NULL will be set automatically from the module CONF_SECTION. + * @return A new connection pool or NULL on error. + */ + fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + void *opaque, + fr_connection_create_t c, + fr_connection_alive_t a, +- char const *prefix) ++ char const *log_prefix) + { + CONF_SECTION *cs, *mycs; + char buff[128]; ++ char trigger_prefix[64]; + + fr_connection_pool_t *pool; ++ char const *cs_name1, *cs_name2; + + int ret; + + #define CONNECTION_POOL_CF_KEY "connection_pool" + #define parent_name(_x) cf_section_name(cf_item_parent(cf_sectiontoitem(_x))) + +- if (!prefix) { +- char const *cs_name1, *cs_name2; +- cs_name1 = cf_section_name1(module); +- cs_name2 = cf_section_name2(module); +- if (!cs_name2) cs_name2 = cs_name1; ++ cs_name1 = cf_section_name1(module); ++ cs_name2 = cf_section_name2(module); ++ if (!cs_name2) cs_name2 = cs_name1; ++ ++ snprintf(trigger_prefix, sizeof(trigger_prefix), "modules.%s.", cs_name1); + ++ if (!log_prefix) { + snprintf(buff, sizeof(buff), "rlm_%s (%s)", cs_name1, cs_name2); +- prefix = buff; ++ log_prefix = buff; + } + + /* +@@ -597,11 +615,11 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + return NULL; + + case 1: +- DEBUG4("%s: Using pool section from \"%s\"", prefix, parent_name(cs)); ++ DEBUG4("%s: Using pool section from \"%s\"", log_prefix, parent_name(cs)); + break; + + case 0: +- DEBUG4("%s: Using local pool section", prefix); ++ DEBUG4("%s: Using local pool section", log_prefix); + break; + } + +@@ -610,7 +628,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + */ + mycs = cf_section_sub_find(module, "pool"); + if (!mycs) { +- DEBUG4("%s: Adding pool section to \"%s\" to store pool references", prefix, ++ DEBUG4("%s: Adding pool section to \"%s\" to store pool references", log_prefix, + cf_section_name(module)); + + mycs = cf_section_alloc(module, "pool", NULL); +@@ -622,7 +640,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + * Use our own local pool. + */ + if (!cs) { +- DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", prefix, ++ DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", log_prefix, + parent_name(cs), parent_name(mycs)); + cs = mycs; + } +@@ -636,16 +654,16 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + */ + pool = cf_data_find(cs, CONNECTION_POOL_CF_KEY); + if (!pool) { +- DEBUG4("%s: No pool reference found in \"%s.pool\"", prefix, parent_name(cs)); +- pool = fr_connection_pool_init(module, cs, opaque, c, a, prefix); ++ DEBUG4("%s: No pool reference found in \"%s.pool\"", log_prefix, parent_name(cs)); ++ pool = fr_connection_pool_init(module, cs, opaque, c, a, log_prefix, trigger_prefix); + if (!pool) return NULL; + +- DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", prefix, pool, parent_name(cs)); ++ DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", log_prefix, pool, parent_name(cs)); + cf_data_add(cs, CONNECTION_POOL_CF_KEY, pool, NULL); + return pool; + } + +- DEBUG4("%s: Found pool reference %p in \"%s.pool\"", prefix, pool, parent_name(cs)); ++ DEBUG4("%s: Found pool reference %p in \"%s.pool\"", log_prefix, pool, parent_name(cs)); + + /* + * We're reusing pool data add it to our local config +@@ -653,7 +671,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + * re-use a pool through this module. + */ + if (mycs != cs) { +- DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", prefix, pool, ++ DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", log_prefix, pool, + parent_name(cs), parent_name(mycs)); + cf_data_add(mycs, CONNECTION_POOL_CF_KEY, pool, NULL); + } +@@ -676,7 +694,8 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, + * @param[in] opaque data pointer to pass to callbacks. + * @param[in] c Callback to create new connections. + * @param[in] a Callback to check the status of connections. +- * @param[in] prefix to prepend to all log messages. ++ * @param[in] log_prefix prefix to prepend to all log messages. ++ * @param[in] trigger_prefix prefix to prepend to all trigger names. + * @return A new connection pool or NULL on error. + */ + fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, +@@ -684,7 +703,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, + void *opaque, + fr_connection_create_t c, + fr_connection_alive_t a, +- char const *prefix) ++ char const *log_prefix, ++ char const *trigger_prefix) + { + uint32_t i; + fr_connection_pool_t *pool; +@@ -720,7 +740,9 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, + + pool->head = pool->tail = NULL; + +- pool->log_prefix = prefix ? talloc_typed_strdup(pool, prefix) : "core"; ++ pool->log_prefix = log_prefix ? talloc_typed_strdup(pool, log_prefix) : "core"; ++ pool->trigger_prefix = trigger_prefix ? ++ talloc_typed_strdup(pool, trigger_prefix) : ""; + + #ifdef HAVE_PTHREAD_H + pthread_mutex_init(&pool->mutex, NULL); +@@ -729,7 +751,6 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, + DEBUG("%s: Initialising connection pool", pool->log_prefix); + + if (cf_section_parse(cs, pool, connection_config) < 0) goto error; +- if (cf_section_sub_find(cs, "trigger")) pool->trigger = true; + + /* + * Some simple limits +@@ -780,7 +801,7 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, + } + } + +- if (pool->trigger) exec_trigger(NULL, pool->cs, "start", true); ++ fr_connection_exec_trigger(pool, "start"); + + return pool; + } +@@ -1222,7 +1243,7 @@ void *fr_connection_reconnect(fr_connection_pool_t *pool, void *conn) + return NULL; + } + +- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true); ++ fr_connection_exec_trigger(pool, "close"); + this->connection = new_conn; + pthread_mutex_unlock(&pool->mutex); + +-- +2.1.1 + diff --git a/freeradius-exec-dont-assume-request-presence-when-logging.patch b/freeradius-exec-dont-assume-request-presence-when-logging.patch new file mode 100644 index 0000000..2c0ee52 --- /dev/null +++ b/freeradius-exec-dont-assume-request-presence-when-logging.patch @@ -0,0 +1,139 @@ +From 13c5c908548c29ab30ae2e274a5d2baa96eadae4 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Wed, 15 Oct 2014 20:03:11 +0300 +Subject: [PATCH 1/4] exec: Don't assume request presence when logging + +Use DEBUG* macros for logging, instead of RDEBUG* macros in +radius_start_program and radius_readfrom_program as these are not +guaranteed to be invoked with a valid request. + +For example, not from most of the exec_trigger invocations. +--- + src/include/radiusd.h | 2 +- + src/main/exec.c | 22 +++++++++++----------- + src/modules/rlm_mschap/rlm_mschap.c | 2 +- + 3 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/src/include/radiusd.h b/src/include/radiusd.h +index 21d510b..ebe3a21 100644 +--- a/src/include/radiusd.h ++++ b/src/include/radiusd.h +@@ -606,7 +606,7 @@ int rad_virtual_server(REQUEST *); + pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + int *input_fd, int *output_fd, + VALUE_PAIR *input_pairs, bool shell_escape); +-int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, ++int radius_readfrom_program(int fd, pid_t pid, int timeout, + char *answer, int left); + int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape, + char *user_msg, size_t msg_len, int timeout, +diff --git a/src/main/exec.c b/src/main/exec.c +index b421053..1188d0a 100644 +--- a/src/main/exec.c ++++ b/src/main/exec.c +@@ -103,16 +103,16 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + + argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf); + if (argc <= 0) { +- RDEBUG("invalid command line '%s'.", cmd); ++ DEBUG("invalid command line '%s'.", cmd); + return -1; + } + + + #ifndef NDEBUG + if (debug_flag > 2) { +- RDEBUG3("executing cmd %s", cmd); ++ DEBUG3("executing cmd %s", cmd); + for (i = 0; i < argc; i++) { +- RDEBUG3("\t[%d] %s", i, argv[i]); ++ DEBUG3("\t[%d] %s", i, argv[i]); + } + } + #endif +@@ -124,13 +124,13 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + if (exec_wait) { + if (input_fd) { + if (pipe(to_child) != 0) { +- RDEBUG("Couldn't open pipe to child: %s", fr_syserror(errno)); ++ DEBUG("Couldn't open pipe to child: %s", fr_syserror(errno)); + return -1; + } + } + if (output_fd) { + if (pipe(from_child) != 0) { +- RDEBUG("Couldn't open pipe from child: %s", fr_syserror(errno)); ++ DEBUG("Couldn't open pipe from child: %s", fr_syserror(errno)); + /* safe because these either need closing or are == -1 */ + close(to_child[0]); + close(to_child[1]); +@@ -206,7 +206,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + */ + devnull = open("/dev/null", O_RDWR); + if (devnull < 0) { +- RDEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno)); ++ DEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno)); + + /* + * Where the status code is interpreted as a module rcode +@@ -287,7 +287,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + * Parent process. + */ + if (pid < 0) { +- RDEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno)); ++ DEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno)); + if (exec_wait) { + /* safe because these either need closing or are == -1 */ + close(to_child[0]); +@@ -320,7 +320,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + return pid; + #else + if (exec_wait) { +- RDEBUG("Wait is not supported"); ++ DEBUG("Wait is not supported"); + return -1; + } + +@@ -366,7 +366,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, + * @param left length of buffer. + * @return -1 on error, or length of output. + */ +-int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, ++int radius_readfrom_program(int fd, pid_t pid, int timeout, + char *answer, int left) + { + int done = 0; +@@ -422,7 +422,7 @@ int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, + rcode = select(fd + 1, &fds, NULL, NULL, &wake); + if (rcode == 0) { + too_long: +- RDEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid); ++ DEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid); + kill(pid, SIGTERM); + close(fd); /* should give SIGPIPE to child, too */ + +@@ -536,7 +536,7 @@ int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool + } + + #ifndef __MINGW32__ +- len = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer)); ++ len = radius_readfrom_program(from_child, pid, timeout, answer, sizeof(answer)); + if (len < 0) { + /* + * Failure - radius_readfrom_program will +diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c +index 0101ddf..03f94a9 100644 +--- a/src/modules/rlm_mschap/rlm_mschap.c ++++ b/src/modules/rlm_mschap/rlm_mschap.c +@@ -794,7 +794,7 @@ static int CC_HINT(nonnull (1, 2, 4, 5)) do_mschap_cpw(rlm_mschap_t *inst, + /* + * Read from the child + */ +- len = radius_readfrom_program(request, from_child, pid, 10, buf, sizeof(buf)); ++ len = radius_readfrom_program(from_child, pid, 10, buf, sizeof(buf)); + if (len < 0) { + /* radius_readfrom_program will have closed from_child for us */ + REDEBUG("Failure reading from child"); +-- +2.1.1 + diff --git a/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch b/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch new file mode 100644 index 0000000..daefbb4 --- /dev/null +++ b/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch @@ -0,0 +1,59 @@ +From b5b92669c32b50b2f96a3ae53d4222d6cb3d1287 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Tue, 28 Oct 2014 15:57:56 +0200 +Subject: [PATCH 1/1] Ignore SIGTERM when firing stop and signal.term + +Move firing "server.stop" and "server.signal.term" triggers beyond +setting SIGTERM action to SIG_IGN in main(). + +This way handler commands for these triggers don't receive SIGTERM with +the rest of the process group and don't possibly terminate before doing +their work. E.g. snmptrap manages to send the notifications. +--- + src/main/process.c | 1 - + src/main/radiusd.c | 10 ++++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/main/process.c b/src/main/process.c +index 7e1a51e..f427205 100644 +--- a/src/main/process.c ++++ b/src/main/process.c +@@ -4536,7 +4536,6 @@ static void handle_signal_self(int flag) + fr_event_loop_exit(el, 1); + } else { + INFO("Signalled to terminate"); +- exec_trigger(NULL, NULL, "server.signal.term", true); + fr_event_loop_exit(el, 2); + } + +diff --git a/src/main/radiusd.c b/src/main/radiusd.c +index 620d7d4..86c7013 100644 +--- a/src/main/radiusd.c ++++ b/src/main/radiusd.c +@@ -592,8 +592,6 @@ int main(int argc, char *argv[]) + INFO("Exiting normally"); + } + +- exec_trigger(NULL, NULL, "server.stop", false); +- + /* + * Ignore the TERM signal: we're + * about to die. +@@ -601,6 +599,14 @@ int main(int argc, char *argv[]) + signal(SIGTERM, SIG_IGN); + + /* ++ * Fire signal and stop triggers after ignoring SIGTERM, so handlers are ++ * not killed with the rest of the process group, below. ++ */ ++ if (status == 2) ++ exec_trigger(NULL, NULL, "server.signal.term", true); ++ exec_trigger(NULL, NULL, "server.stop", false); ++ ++ /* + * Send a TERM signal to all + * associated processes + * (including us, which gets +-- +2.1.1 + diff --git a/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch b/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch new file mode 100644 index 0000000..99592c4 --- /dev/null +++ b/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch @@ -0,0 +1,30 @@ +From e37dbd2dd0f20ff255ddc934296afa67e59695c6 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Thu, 16 Oct 2014 13:48:32 +0300 +Subject: [PATCH 2/4] raddb: Remove extra apostrophe from trigger.conf + +Remove a spurious apostrophe from trigger.conf's trigger.modules.args. + +This fixes module triggers, otherwise producing this error: + + rad_expand_xlat: Invalid string passed as argument +--- + raddb/trigger.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/raddb/trigger.conf b/raddb/trigger.conf +index aa846c3..b80089c 100644 +--- a/raddb/trigger.conf ++++ b/raddb/trigger.conf +@@ -194,7 +194,7 @@ trigger { + # "trigger" subsection in the module configuration. + modules { + # Common arguments +- args = "radiusdModuleName s ldap' radiusdModuleInstance s ''" ++ args = "radiusdModuleName s ldap radiusdModuleInstance s ''" + + # The files module + files { +-- +2.1.1 + diff --git a/freeradius-raddb-update-triggers-in-trigger.conf.patch b/freeradius-raddb-update-triggers-in-trigger.conf.patch new file mode 100644 index 0000000..58bd9bc --- /dev/null +++ b/freeradius-raddb-update-triggers-in-trigger.conf.patch @@ -0,0 +1,70 @@ +From 7162088ec80add0e83d1073b67001546be3d0d8d Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Thu, 23 Oct 2014 13:56:46 +0300 +Subject: [PATCH 1/1] raddb: Update triggers in trigger.conf + +Update trigger.conf's available triggers and comments to correspond to +actual code. +--- + raddb/trigger.conf | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) + +diff --git a/raddb/trigger.conf b/raddb/trigger.conf +index 44f9f36..413a182 100644 +--- a/raddb/trigger.conf ++++ b/raddb/trigger.conf +@@ -222,11 +222,8 @@ trigger { + # A connection to the DB has been closed + close = "${snmptrap}::serverModuleConnectionDown ${args}" + +- # Failed to open a new connection to the DB +- fail = "${snmptrap}::serverModuleConnectionFail ${args}" +- +- # There are no DB handles available. +- none = "${snmptrap}::serverModuleConnectionNone ${args}" ++ # The module has been HUP'd via radmin ++ hup = "${snmptrap}::serverModuleHup ${args}" + } + + # The SQL module +@@ -243,12 +240,13 @@ trigger { + # Failed to open a new connection to the DB + fail = "${snmptrap}::serverModuleConnectionFail ${args}" + +- # There are no DB handles available. +- none = "${snmptrap}::serverModuleConnectionNone ${args}" ++ # The module has been HUP'd via radmin ++ hup = "${snmptrap}::serverModuleHup ${args}" + } + +- # You can use the same opn / close / fail / none triggers for +- # any module which uses the "pool" directive. ++ # You can also use connection pool's start/stop/open/close triggers ++ # for any module which uses the "pool" section, here and under ++ # pool.trigger in module configuration. + } + } + +@@ -267,10 +265,9 @@ trigger { + # home_server_pool.fallback + # home_server_pool.normal + # modules.*.hup +-# modules.ldap.fail ++# modules.ldap.timeout + # modules.sql.close + # modules.sql.fail +-# modules.sql.none + # modules.sql.open + # server.client.add + # server.max_requests +@@ -278,3 +275,7 @@ trigger { + # server.signal.term + # server.start + # server.stop ++# server.thread.max_threads ++# server.thread.start ++# server.thread.stop ++# server.thread.unresponsive +-- +2.1.1 + diff --git a/freeradius-raddb-use-appropriate-module-names-in-traps.patch b/freeradius-raddb-use-appropriate-module-names-in-traps.patch new file mode 100644 index 0000000..0455dbb --- /dev/null +++ b/freeradius-raddb-use-appropriate-module-names-in-traps.patch @@ -0,0 +1,83 @@ +From 039f85dfe9a09478c9581b87113e73e2205abd53 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Thu, 16 Oct 2014 13:59:51 +0300 +Subject: [PATCH 3/4] raddb: Use appropriate module names in traps + +Specify appropriate module names for all module traps in trigger.conf, +instead of using "ldap" for all. +--- + raddb/trigger.conf | 29 +++++++++++++++++++---------- + 1 file changed, 19 insertions(+), 10 deletions(-) + +diff --git a/raddb/trigger.conf b/raddb/trigger.conf +index b80089c..44f9f36 100644 +--- a/raddb/trigger.conf ++++ b/raddb/trigger.conf +@@ -194,12 +194,15 @@ trigger { + # "trigger" subsection in the module configuration. + modules { + # Common arguments +- args = "radiusdModuleName s ldap radiusdModuleInstance s ''" ++ args = "radiusdModuleInstance s ''" + + # The files module + files { ++ # Common arguments ++ args = "radiusdModuleName s files ${..args}" ++ + # The module has been HUP'd via radmin +- hup = "${snmptrap}::serverModuleHup ${..args}" ++ hup = "${snmptrap}::serverModuleHup ${args}" + + # Note that "hup" can be used for every module + # which can be HUP'd via radmin +@@ -210,32 +213,38 @@ trigger { + # an LDAP connection ofr every "bind as user". Be aware that + # this will likely produce a lot of triggers. + ldap { ++ # Common arguments ++ args = "radiusdModuleName s ldap ${..args}" ++ + # A new connection to the DB has been opened +- open = "${snmptrap}::serverModuleConnectionUp ${..args}" ++ open = "${snmptrap}::serverModuleConnectionUp ${args}" + + # A connection to the DB has been closed +- close = "${snmptrap}::serverModuleConnectionDown ${..args}" ++ close = "${snmptrap}::serverModuleConnectionDown ${args}" + + # Failed to open a new connection to the DB +- fail = "${snmptrap}::serverModuleConnectionFail ${..args}" ++ fail = "${snmptrap}::serverModuleConnectionFail ${args}" + + # There are no DB handles available. +- none = "${snmptrap}::serverModuleConnectionNone ${..args}" ++ none = "${snmptrap}::serverModuleConnectionNone ${args}" + } + + # The SQL module + sql { ++ # Common arguments ++ args = "radiusdModuleName s sql ${..args}" ++ + # A new connection to the DB has been opened +- open = "${snmptrap}::serverModuleConnectionUp ${..args}" ++ open = "${snmptrap}::serverModuleConnectionUp ${args}" + + # A connection to the DB has been closed +- close = "${snmptrap}::serverModuleConnectionDown ${..args}" ++ close = "${snmptrap}::serverModuleConnectionDown ${args}" + + # Failed to open a new connection to the DB +- fail = "${snmptrap}::serverModuleConnectionFail ${..args}" ++ fail = "${snmptrap}::serverModuleConnectionFail ${args}" + + # There are no DB handles available. +- none = "${snmptrap}::serverModuleConnectionNone ${..args}" ++ none = "${snmptrap}::serverModuleConnectionNone ${args}" + } + + # You can use the same opn / close / fail / none triggers for +-- +2.1.1 + diff --git a/freeradius.spec b/freeradius.spec index 18a80d3..b753403 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -33,6 +33,12 @@ Patch9: freeradius-dont-swap-uint128-printing-on-be.patch Patch10: freeradius-fix-dhcp-dictionary-loading.patch Patch11: freeradius-mention-eap-md5-in-radtest-synopsis.patch Patch12: freeradius-add-P-option-to-radtest-synopsis.patch +Patch13: freeradius-exec-dont-assume-request-presence-when-logging.patch +Patch14: freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch +Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch +Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch +Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch +Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -201,6 +207,12 @@ This plugin provides the unixODBC support for the FreeRADIUS server project. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 %build # Force compile/link options, extra security for network facing daemon