Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
-Version: 3.0.1
-Release: moonshot4%{?dist}
+Version: 3.0.10
+Release: 0%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
%global dist_base freeradius-server
-
-Source0: freeradius-server.tar.gz
+#Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2
+Source0: %{dist_base}.tar.gz
Source100: freeradius-radiusd-init
Source102: freeradius-logrotate
Source103: freeradius-pam-conf
Source104: freeradius-tmpfiles.conf
Patch1: freeradius-redhat-config.patch
-Patch2: freeradius-postgres-sql.patch
-Patch3: freeradius-ippool-tr.patch
-Patch4: freeradius-imacros.patch
-Patch5: freeradius-mysql-schema.patch
-Patch6: freeradius-perl.patch
-Patch7: freeradius-rlm_pap-overflow.patch
-# These patches are temporary - fixing SQLite V2 API and attr_filter issues
-Patch8: freeradius-rlm_sql_sqlite-v2api.patch
-Patch9: freeradius-rlm_attr_filter-fix.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
BuildRequires: autoconf
BuildRequires: gdbm-devel
+BuildRequires: chrpath
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: libpcap-devel
BuildRequires: libtalloc-devel
BuildRequires: pcre-devel
-BuildRequires: trust_router-devel >= 1.2
%if ! 0%{?rhel}
BuildRequires: libyubikey-devel
BuildRequires: ykclient-devel
%endif
-Requires: openssl trust_router
+# Moonshot Dependencies
+BuildRequires: trust_router-devel
+Requires: trust_router-libs
+
+Requires: openssl >= 1.0.1e-16.el6_5.7
Requires(pre): shadow-utils glibc-common
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
%description
-FreeRADIUS + Moonshot extensions
-
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server. While FreeRADIUS started as a variant of the
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.
+%package abfab
+Group: System Environment/Daemons
+Summary: FreeRADIUS ABFAb Configuration
+Requires: %{name} = %{version}-%{release}
+Requires: freeradius-sqlite
+
+%description abfab
+This package provides configuration required by an ABFAB (RFC 7055)
+identity provider or RP proxy.
+
%package doc
Group: Documentation
Summary: FreeRADIUS documentation
%description postgresql
This plugin provides the postgresql support for the FreeRADIUS server project.
+%package rest
+Summary: REST support for freeradius
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+BuildRequires: libcurl-devel
+BuildRequires: json-c-devel
+
+%description rest
+This plugin provides the REST support for the FreeRADIUS server project.
+
%package sqlite
Summary: SQLite support for freeradius
Group: System Environment/Daemons
# Note: We explicitly do not make patch backup files because 'make install'
# mistakenly includes the backup files, especially problematic for raddb config files.
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
%build
# Force compile/link options, extra security for network facing daemon
--with-unixodbc-lib-dir=%{_libdir} \
--with-rlm-dbm-lib-dir=%{_libdir} \
--with-rlm-krb5-include-dir=/usr/kerberos/include \
+ --without-rlm_couchbase \
--without-rlm_eap_ikev2 \
+ --without-rlm_example \
+ --without-rlm_idn \
+ --without-rlm_smsotp \
+ --without-rlm_sqlhpwippool \
--without-rlm_sql_iodbc \
--without-rlm_sql_firebird \
--without-rlm_sql_db2 \
- --without-rlm_sql_oracle \
- --without-rlm_example
+ --without-rlm_sql_oracle
make
%install
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
make install R=$RPM_BUILD_ROOT
+for foo in abfab-tr-idp abfab-tls channel_bindings ; do
+ test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled/$foo || ln -s ../sites-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled
+ done
+for foo in abfab_psk_sql ; do
+ test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled/$foo || ln -s ../mods-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled
+ done
# logs
mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random
+
rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/radeapclient.1
rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a
rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
+chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_unixodbc.so
+chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_postgresql.so
+
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/couchbase
+
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/eap.orig
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool-dhcp/oracle
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
# remove unsupported config files
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
-
# install doc files omitted by standard install
for f in COPYRIGHT CREDITS INSTALL.rst README.rst VERSION; do
cp $f $RPM_BUILD_ROOT/%{docdir}
%dir %attr(755,root,radiusd) /etc/raddb
%defattr(-,root,radiusd)
/etc/raddb/README.rst
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/panic.gdb
+
%attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
/etc/raddb/certs/README
%config(noreplace) /etc/raddb/certs/xpextensions
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/passwords.mk
%attr(750,root,radiusd) /etc/raddb/certs/bootstrap
# mods-config
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/unbound
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/unbound/default.conf
+
# sites-available
%dir %attr(750,root,radiusd) /etc/raddb/sites-available
/etc/raddb/sites-available/README
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tr-idp
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tls
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/challenge
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/channel_bindings
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/soh
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/example
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/inner-tunnel
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/chbind
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/check-eap-tls
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/status
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp.relay
# sites-enabled
# symlink: /etc/raddb/sites-enabled/xxx -> ../sites-available/xxx
%dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/channel_bindings
%config(missingok) /etc/raddb/sites-enabled/inner-tunnel
%config(missingok) /etc/raddb/sites-enabled/default
# mods-available
%dir %attr(750,root,radiusd) /etc/raddb/mods-available
/etc/raddb/mods-available/README.rst
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/abfab_psk_sql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/always
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/attr_filter
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_eap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap
+#%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/couchbase
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/date
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/redis
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rediswho
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/replicate
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smbpasswd
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smsotp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unpack
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unbound
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
%config(missingok) /etc/raddb/mods-enabled/soh
%config(missingok) /etc/raddb/mods-enabled/sradutmp
%config(missingok) /etc/raddb/mods-enabled/unix
+%config(missingok) /etc/raddb/mods-enabled/unpack
%config(missingok) /etc/raddb/mods-enabled/utf8
# policy
%dir %attr(750,root,radiusd) /etc/raddb/policy.d
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/abfab-tr
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/accounting
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/canonicalization
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/control
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/cui
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/debug
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/dhcp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter
%{_libdir}/freeradius/rlm_always.so
%{_libdir}/freeradius/rlm_attr_filter.so
%{_libdir}/freeradius/rlm_cache.so
+%{_libdir}/freeradius/rlm_cache_rbtree.so
+%{_libdir}/freeradius/rlm_cache_memcached.so
%{_libdir}/freeradius/rlm_chap.so
%{_libdir}/freeradius/rlm_counter.so
%{_libdir}/freeradius/rlm_cram.so
%{_libdir}/freeradius/rlm_expiration.so
%{_libdir}/freeradius/rlm_expr.so
%{_libdir}/freeradius/rlm_files.so
-%{_libdir}/freeradius/rlm_idn.so
%{_libdir}/freeradius/rlm_ippool.so
%{_libdir}/freeradius/rlm_linelog.so
%{_libdir}/freeradius/rlm_logintime.so
%{_libdir}/freeradius/rlm_preprocess.so
%{_libdir}/freeradius/rlm_radutmp.so
%{_libdir}/freeradius/rlm_realm.so
-%{_libdir}/freeradius/rlm_rest.so
%{_libdir}/freeradius/rlm_replicate.so
-%{_libdir}/freeradius/rlm_smsotp.so
%{_libdir}/freeradius/rlm_soh.so
%{_libdir}/freeradius/rlm_sometimes.so
%{_libdir}/freeradius/rlm_sql.so
%{_libdir}/freeradius/rlm_sqlcounter.so
-%{_libdir}/freeradius/rlm_sqlhpwippool.so
%{_libdir}/freeradius/rlm_sqlippool.so
%{_libdir}/freeradius/rlm_sql_null.so
+%{_libdir}/freeradius/rlm_test.so
%{_libdir}/freeradius/rlm_unix.so
+%{_libdir}/freeradius/rlm_unpack.so
%{_libdir}/freeradius/rlm_utf8.so
%{_libdir}/freeradius/rlm_wimax.so
%{_libdir}/freeradius/rlm_yubikey.so
%doc %{_mandir}/man8/radmin.8.gz
%doc %{_mandir}/man8/radrelay.8.gz
+%files abfab
+%dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/abfab-tr-idp
+%config(missingok) /etc/raddb/sites-enabled/abfab-tls
+%dir %attr(750,root,radiusd) /etc/raddb/mods-enabled
+%config(missingok) /etc/raddb/mods-enabled/abfab_psk_sql
+
+
%files doc
%doc %{docdir}/
%doc %{_mandir}/man1/radzap.1.gz
%doc %{_mandir}/man1/smbencrypt.1.gz
%doc %{_mandir}/man5/checkrad.5.gz
-%doc %{_mandir}/man8/radconf2xml.8.gz
%doc %{_mandir}/man8/radcrypt.8.gz
%doc %{_mandir}/man8/radsniff.8.gz
%doc %{_mandir}/man8/radsqlrelay.8.gz
%files python
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/python
/etc/raddb/mods-config/python/example.py*
+/etc/raddb/mods-config/python/radiusd.py*
%{_libdir}/freeradius/rlm_python.so
%files mysql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
-
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/queries.conf
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf
%{_libdir}/freeradius/rlm_ldap.so
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap
+%files rest
+%{_libdir}/freeradius/rlm_rest.so
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
+
%files unixODBC
%{_libdir}/freeradius/rlm_sql_unixodbc.so
%changelog
-* Thu Mar 13 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-5
-- Inclusion of a patch to fix a comparison bug in rlm_attr_filter
-
-* Tue Mar 4 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-4
-- Inclusion of a SQLite 3 patch to unbreak SQLite support in FreeRADIUS 3.0.1
-- Backported to CentOS 6.4
-- Integration of Moonshot Trust Router v1.0.1 with FreeRADIUS
+* Thu Jul 10 2014 Stefan Paetow <stefan.paetow@ja.net> - 3.0.4-1
+- Upgrade to upstream 3.0.4 release, configuration compatible with 3.0.1.
+- Backported to CentOS 6.5
+
+* Wed May 14 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.3-1
+- Upgrade to upstream 3.0.3 release.
+ See upstream ChangeLog for details (in freeradius-doc subpackage).
+- Minor configuration parsing change: "Double-escaping of characters in Perl,
+ and octal characters has been fixed. If your configuration has text like
+ "\\000", you will need to remove one backslash."
+- Additionally includes post-release fixes for:
+ * case-insensitive matching in compiled regular expressions not working,
+ * upstream issue #634 "3.0.3 SIGSEGV on config parse",
+ * upstream issue #635 "3.0.x - rlm_perl - strings are still
+ escaped when passed to perl from FreeRADIUS",
+ * upstream issue #639 "foreach may cause ABORT".
+- Fixes bugs 1097266 1070447
+
+* Wed May 7 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.2-1
+- Upgrade to upstream 3.0.2 release, configuration compatible with 3.0.1.
+ See upstream ChangeLog for details (in freeradius-doc subpackage)
+- Fixes bugs 1058884 1061408 1070447 1079500
* Mon Feb 24 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.1-4
- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap
projects / freeradius.git / blobdiff