Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
-Version: 3.0.3
+Version: 3.0.14
Release: 1%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
Source103: freeradius-pam-conf
Source104: freeradius-tmpfiles.conf
-Patch1: freeradius-redhat-config.patch
-Patch2: freeradius-postgres-sql.patch
-
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
BuildRequires: ykclient-devel
%endif
-Requires: openssl
+# Moonshot Dependencies
+BuildRequires: trust_router-devel
+Requires: trust_router-libs
+
+Requires: openssl >= 1.0.1e-16.el6_5.7
Requires(pre): shadow-utils glibc-common
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.
+%package abfab
+Group: System Environment/Daemons
+Summary: FreeRADIUS ABFAb Configuration
+Requires: %{name} = %{version}-%{release}
+Requires: freeradius-sqlite
+
+%description abfab
+This package provides configuration required by an ABFAB (RFC 7055)
+identity provider or RP proxy.
+
%package doc
Group: Documentation
Summary: FreeRADIUS documentation
%description postgresql
This plugin provides the postgresql support for the FreeRADIUS server project.
+%package rest
+Summary: REST support for freeradius
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+BuildRequires: libcurl-devel
+BuildRequires: json-c-devel
+
+%description rest
+This plugin provides the REST support for the FreeRADIUS server project.
+
%package sqlite
Summary: SQLite support for freeradius
Group: System Environment/Daemons
%setup -q -n %{dist_base}
# Note: We explicitly do not make patch backup files because 'make install'
# mistakenly includes the backup files, especially problematic for raddb config files.
-%patch1 -p1
-%patch2 -p1
%build
# Force compile/link options, extra security for network facing daemon
--with-unixodbc-lib-dir=%{_libdir} \
--with-rlm-dbm-lib-dir=%{_libdir} \
--with-rlm-krb5-include-dir=/usr/kerberos/include \
+ --without-rlm_couchbase \
--without-rlm_eap_ikev2 \
+ --without-rlm_example \
+ --without-rlm_idn \
+ --without-rlm_smsotp \
+ --without-rlm_sqlhpwippool \
--without-rlm_sql_iodbc \
--without-rlm_sql_firebird \
--without-rlm_sql_db2 \
- --without-rlm_sql_oracle
+ --without-rlm_sql_oracle
make
%install
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
make install R=$RPM_BUILD_ROOT
+for foo in abfab-tr-idp abfab-tls channel_bindings ; do
+ test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled/$foo || ln -s ../sites-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled
+ done
+for foo in abfab_psk_sql ; do
+ test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled/$foo || ln -s ../mods-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled
+ done
# logs
mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random
+
rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/radeapclient.1
rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_unixodbc.so
chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_postgresql.so
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/couchbase
+
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/eap.orig
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool-dhcp/oracle
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
+
# remove unsupported config files
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
-
# install doc files omitted by standard install
for f in COPYRIGHT CREDITS INSTALL.rst README.rst VERSION; do
cp $f $RPM_BUILD_ROOT/%{docdir}
%dir %attr(755,root,radiusd) /etc/raddb
%defattr(-,root,radiusd)
/etc/raddb/README.rst
-/etc/raddb/panic.gdb
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/panic.gdb
+
%attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
/etc/raddb/certs/README
%config(noreplace) /etc/raddb/certs/xpextensions
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/passwords.mk
%attr(750,root,radiusd) /etc/raddb/certs/bootstrap
# mods-config
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/unbound
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/unbound/default.conf
# sites-available
%dir %attr(750,root,radiusd) /etc/raddb/sites-available
/etc/raddb/sites-available/README
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tr-idp
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tls
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/challenge
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/channel_bindings
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/soh
# sites-enabled
# symlink: /etc/raddb/sites-enabled/xxx -> ../sites-available/xxx
%dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/channel_bindings
%config(missingok) /etc/raddb/sites-enabled/inner-tunnel
%config(missingok) /etc/raddb/sites-enabled/default
# mods-available
%dir %attr(750,root,radiusd) /etc/raddb/mods-available
/etc/raddb/mods-available/README.rst
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/abfab_psk_sql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/always
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/attr_filter
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_eap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap
+#%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/couchbase
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/date
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/logintime
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mac2ip
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mac2vlan
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/moonshot-targeted-ids
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/moonshot_custom_linelog
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mschap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ntlm_auth
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/opendirectory
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/redis
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rediswho
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/replicate
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smbpasswd
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smsotp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
%config(missingok) /etc/raddb/mods-enabled/attr_filter
%config(missingok) /etc/raddb/mods-enabled/cache_eap
%config(missingok) /etc/raddb/mods-enabled/chap
+%config(missingok) /etc/raddb/mods-enabled/date
%config(missingok) /etc/raddb/mods-enabled/detail
%config(missingok) /etc/raddb/mods-enabled/detail.log
%config(missingok) /etc/raddb/mods-enabled/dhcp
# policy
%dir %attr(750,root,radiusd) /etc/raddb/policy.d
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/abfab-tr
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/canonicalization
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/control
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/cui
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/debug
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/dhcp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/moonshot-targeted-ids
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/operator-name
%{_libdir}/freeradius/rlm_always.so
%{_libdir}/freeradius/rlm_attr_filter.so
%{_libdir}/freeradius/rlm_cache.so
+%{_libdir}/freeradius/rlm_cache_rbtree.so
+%{_libdir}/freeradius/rlm_cache_memcached.so
%{_libdir}/freeradius/rlm_chap.so
%{_libdir}/freeradius/rlm_counter.so
%{_libdir}/freeradius/rlm_cram.so
%{_libdir}/freeradius/rlm_digest.so
%{_libdir}/freeradius/rlm_dynamic_clients.so
%{_libdir}/freeradius/rlm_eap.so
+%{_libdir}/freeradius/rlm_eap_fast.so
%{_libdir}/freeradius/rlm_eap_gtc.so
%{_libdir}/freeradius/rlm_eap_leap.so
%{_libdir}/freeradius/rlm_eap_md5.so
%{_libdir}/freeradius/rlm_radutmp.so
%{_libdir}/freeradius/rlm_realm.so
%{_libdir}/freeradius/rlm_replicate.so
-%{_libdir}/freeradius/rlm_rest.so
%{_libdir}/freeradius/rlm_soh.so
%{_libdir}/freeradius/rlm_sometimes.so
%{_libdir}/freeradius/rlm_sql.so
%{_libdir}/freeradius/rlm_sqlcounter.so
%{_libdir}/freeradius/rlm_sqlippool.so
%{_libdir}/freeradius/rlm_sql_null.so
+%{_libdir}/freeradius/rlm_test.so
%{_libdir}/freeradius/rlm_unix.so
%{_libdir}/freeradius/rlm_unpack.so
%{_libdir}/freeradius/rlm_utf8.so
%doc %{_mandir}/man8/radmin.8.gz
%doc %{_mandir}/man8/radrelay.8.gz
+%files abfab
+%dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/abfab-tr-idp
+%config(missingok) /etc/raddb/sites-enabled/abfab-tls
+%dir %attr(750,root,radiusd) /etc/raddb/mods-enabled
+%config(missingok) /etc/raddb/mods-enabled/abfab_psk_sql
+
+
%files doc
%doc %{docdir}/
%doc %{_mandir}/man1/radwho.1.gz
%doc %{_mandir}/man1/radzap.1.gz
%doc %{_mandir}/man1/smbencrypt.1.gz
+%doc %{_mandir}/man1/dhcpclient.1.gz
+%doc %{_mandir}/man1/rad_counter.1.gz
%doc %{_mandir}/man5/checkrad.5.gz
-#%doc %{_mandir}/man8/radconf2xml.8.gz
%doc %{_mandir}/man8/radcrypt.8.gz
%doc %{_mandir}/man8/radsniff.8.gz
%doc %{_mandir}/man8/radsqlrelay.8.gz
%files python
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/python
/etc/raddb/mods-config/python/example.py*
+/etc/raddb/mods-config/python/radiusd.py*
%{_libdir}/freeradius/rlm_python.so
%files mysql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
-
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/queries.conf
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/ndb/schema.sql
/etc/raddb/mods-config/sql/main/ndb/README
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/mysql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/mysql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/mysql/schema.sql
+
%{_libdir}/freeradius/rlm_sql_mysql.so
%files postgresql
%{_libdir}/freeradius/rlm_sql_postgresql.so
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/postgresql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/postgresql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/postgresql/schema.sql
+
+
%files sqlite
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/sqlite
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/sqlite/schema.sql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/schema.sql
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/sqlite
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/sqlite/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/sqlite/schema.sql
+
+
%{_libdir}/freeradius/rlm_sql_sqlite.so
%files ldap
%{_libdir}/freeradius/rlm_ldap.so
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap
+%files rest
+%{_libdir}/freeradius/rlm_rest.so
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
+
%files unixODBC
%{_libdir}/freeradius/rlm_sql_unixodbc.so
%changelog
-* Fri Mar 21 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.2-1
-- Upgrade to upstream 3.0.2 release, full config compatible with 3.0.0.
- This is a roll-up of all upstream bugs fixes found in 3.0.0-3.0.1
+* Thu Jul 10 2014 Stefan Paetow <stefan.paetow@ja.net> - 3.0.4-1
+- Upgrade to upstream 3.0.4 release, configuration compatible with 3.0.1.
+- Backported to CentOS 6.5
+
+* Wed May 14 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.3-1
+- Upgrade to upstream 3.0.3 release.
+ See upstream ChangeLog for details (in freeradius-doc subpackage).
+- Minor configuration parsing change: "Double-escaping of characters in Perl,
+ and octal characters has been fixed. If your configuration has text like
+ "\\000", you will need to remove one backslash."
+- Additionally includes post-release fixes for:
+ * case-insensitive matching in compiled regular expressions not working,
+ * upstream issue #634 "3.0.3 SIGSEGV on config parse",
+ * upstream issue #635 "3.0.x - rlm_perl - strings are still
+ escaped when passed to perl from FreeRADIUS",
+ * upstream issue #639 "foreach may cause ABORT".
+- Fixes bugs 1097266 1070447
+
+* Wed May 7 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.2-1
+- Upgrade to upstream 3.0.2 release, configuration compatible with 3.0.1.
See upstream ChangeLog for details (in freeradius-doc subpackage)
-
-* Tue Mar 4 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-4
-- Inclusion of a SQLite 3 patch to unbreak SQLite support in FreeRADIUS 3.0.1
-
-* Tue Mar 4 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-4
-- Backported to CentOS 6.4
+- Fixes bugs 1058884 1061408 1070447 1079500
* Mon Feb 24 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.1-4
- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap