-.TH CLIENTS 5 "16 March 2001"
+.TH CLIENTS 5 "22 August 2002"
.SH NAME
-clients \- RADIUS clients file
+clients \- FreeRADIUS configuration file.
.SH DESCRIPTION
-The \fIclients\fP file resides in the radius database directory,
-by default \fI/etc/raddb\fP. Its use is depreciated in favour of
-\fIclients.conf\fP.
-
-Every line starting with a hash sign
-.RB (' # ')
-is treated as comment and ignored.
-.PP
-Each line of the file contains two white-space delimited fields.
-.IP client hostname
-The RADIUS clients hostname. This may be a plain hostname, or a
-dotted-quad IP address.
-.IP secret
-This is the so-called "shared secret" that is held between a RADIUS
-server and client. It is used to encrypt passwords in RADIUS packets,
-and also for authentication. You need to configure the same secret
-on the client (terminal server) as in this file.
-.PP
-The
-.I clients
-file is read by \fBradiusd\fP on startup only.
-.SH FILES
-.I /etc/raddb/clients
+This configuration file is no longer used by the server, and will not
+be read by the server. See the "scripts/clients.pl" program for a way
+to migrate this file to the new format.
.SH "SEE ALSO"
-.BR radiusd (8),
.BR clients.conf (5)
-.BR naslist (5)
/*
- * Read the clients file.
- */
-int read_clients_file(RADCLIENT_LIST *clients, const char *file)
-{
- FILE *fp;
- RADCLIENT *c;
- char buffer[256];
- char hostnm[256];
- char secret[256];
- char shortnm[256];
- int prefix = 0;
- int lineno = 0;
- char *p;
- int got_clients = FALSE;
-
- if ((fp = fopen(file, "r")) == NULL) {
- /* The clients file is no longer required. All configuration
- information is read from radiusd.conf and friends. If
- clients exists it will be used, but if it doesn't no harm
- done. */
- return 0;
- }
-
- while(fgets(buffer, 256, fp) != NULL) {
- lineno++;
- if (!feof(fp) && (strchr(buffer, '\n') == NULL)) {
- radlog(L_ERR, "%s[%d]: line too long", file, lineno);
- return -1;
- }
-
- /*
- * Skip whitespace.
- */
- p = buffer;
- while (*p &&
- ((*p == ' ') || (*p == '\t')))
- p++;
-
- /*
- * Skip comments and blank lines.
- */
- if ((*p == '#') || (*p == '\n') || (*p == '\r'))
- continue;
-
- if (!getword(&p, hostnm, sizeof(hostnm)) ||
- !getword(&p, secret, sizeof(secret))) {
- radlog(L_ERR, "%s[%d]: unexpected end of line",
- file, lineno);
- return -1;
- }
-
- (void)getword(&p, shortnm, sizeof(shortnm));
-
- /*
- * Look for a mask in the hostname
- */
- p = strchr(hostnm, '/');
-
- if (p) {
- *p = '\0';
- p++;
-
- prefix = atoi(p);
- if ((prefix < 0) || (prefix > 128)) {
- radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.",
- file, lineno, p);
- return -1;
- }
- }
-
- /*
- * It should be OK now, let's create the buffer.
- */
- got_clients = TRUE;
- c = rad_malloc(sizeof(RADCLIENT));
- memset(c, 0, sizeof(*c));
-
- if (ip_hton(hostnm, AF_UNSPEC, &c->ipaddr) < 0) {
- radlog(L_CONS|L_ERR, "%s[%d]: Failed to look up hostname %s",
- file, lineno, hostnm);
- return -1;
- }
- c->prefix = prefix;
- c->secret = strdup(secret);
- c->shortname = strdup(shortnm);
-
- switch (c->ipaddr.af) {
- NAS *nas;
- case AF_INET :
- if ((prefix < 0) || (prefix > 32)) {
- radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.",
- file, lineno, p);
- return -1;
- }
-
- if (prefix) {
- hostnm[strlen(hostnm)] = '/';
- /* Long Name includes prefix too */
- c->longname = strdup(hostnm);
- } else {
-
- /*
- * Only do DNS lookups for machines. Just print
- * the network as the long name.
- */
- ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
- c->longname = strdup(buffer);
-
- }
- /*
- * Pull information over from the NAS.
- */
- nas = nas_find(c->ipaddr.ipaddr.ip4addr.s_addr);
- if (nas) {
- /*
- * No short name in the
- * 'clients' file, try
- * copying one over from
- * the 'naslist' file.
- */
- if (!c->shortname) {
- c->shortname = strdup(nas->shortname);
- }
-
- /*
- * Copy the nastype over, too.
- */
- c->nastype = strdup(nas->nastype);
- }
- break;
-
- case AF_INET6 :
- if (prefix) {
- hostnm[strlen(hostnm)] = '/';
- c->longname = strdup(hostnm);
- } else {
-
- /*
- * Only do DNS lookups for machines. Just print
- * the network as the long name.
- */
- ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
- c->longname = strdup(buffer);
- }
- /* TODO: NAS info as in IPv4 above */
- break;
- default :
- break;
- }
-
- /*
- * Failed to add the client: ignore the error
- * and continue.
- */
- if (!client_add(clients, c)) {
- client_free(c);
- }
- }
- fclose(fp);
-
- if (got_clients) {
- radlog(L_INFO, "Using deprecated clients file. Support for this will go away soon.");
- }
-
- return 0;
-}
-
-
-/*
* Find the name of a client (prefer short name).
*/
const char *client_name(const RADCLIENT_LIST *clients,