!1 Init freeradius-client project

From: @jxy_git
Reviewed-by: @small_leek
Signed-off-by:

dictionary

@@ -0,0 +1,306 @@
+#
+# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
+#
+#	This file contains dictionary translations for parsing
+#	requests and generating responses.  All transactions are
+#	composed of Attribute/Value Pairs.  The value of each attribute
+#	is specified as one of 4 data types.  Valid data types are:
+#
+#	string - 0-253 octets
+#	ipaddr - 4 octets in network byte order
+#	integer - 32 bit value in big endian order (high byte first)
+#	date - 32 bit value in big endian order - seconds since
+#					00:00:00 GMT,  Jan.  1,  1970
+#
+#	Enumerated values are stored in the user file with dictionary
+#	VALUE translations for easy administration.
+#
+#	Example:
+#
+#	ATTRIBUTE	  VALUE
+#	---------------   -----
+#	Framed-Protocol = PPP
+#	7		= 1	(integer encoding)
+#
+
+#
+#	Following are the proper new names. Use these.
+#
+ATTRIBUTE	User-Name		1	string
+ATTRIBUTE	Password		2	string
+ATTRIBUTE	CHAP-Password		3	string
+ATTRIBUTE	NAS-IP-Address		4	ipaddr
+ATTRIBUTE	NAS-Port-Id		5	integer
+ATTRIBUTE	Service-Type		6	integer
+ATTRIBUTE	Framed-Protocol		7	integer
+ATTRIBUTE	Framed-IP-Address	8	ipaddr
+ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
+ATTRIBUTE	Framed-Routing		10	integer
+ATTRIBUTE	Filter-Id		11	string
+ATTRIBUTE	Framed-MTU		12	integer
+ATTRIBUTE	Framed-Compression	13	integer
+ATTRIBUTE	Login-IP-Host		14	ipaddr
+ATTRIBUTE	Login-Service		15	integer
+ATTRIBUTE	Login-TCP-Port		16	integer
+ATTRIBUTE	Reply-Message		18	string
+ATTRIBUTE	Callback-Number		19	string
+ATTRIBUTE	Callback-Id		20	string
+ATTRIBUTE	Framed-Route		22	string
+ATTRIBUTE	Framed-IPX-Network	23	ipaddr
+ATTRIBUTE	State			24	string
+ATTRIBUTE	Class			25	string
+ATTRIBUTE	Vendor-Specific		26	string
+ATTRIBUTE	Session-Timeout		27	integer
+ATTRIBUTE	Idle-Timeout		28	integer
+ATTRIBUTE	Termination-Action	29	integer
+ATTRIBUTE	Called-Station-Id	30	string
+ATTRIBUTE	Calling-Station-Id	31	string
+ATTRIBUTE	NAS-Identifier		32	string
+ATTRIBUTE	Proxy-State		33	string
+ATTRIBUTE	Login-LAT-Service	34	string
+ATTRIBUTE	Login-LAT-Node		35	string
+ATTRIBUTE	Login-LAT-Group		36	string
+ATTRIBUTE	Framed-AppleTalk-Link	37	integer
+ATTRIBUTE	Framed-AppleTalk-Network	38	integer
+ATTRIBUTE	Framed-AppleTalk-Zone	39	string
+ATTRIBUTE	Acct-Status-Type	40	integer
+ATTRIBUTE	Acct-Delay-Time		41	integer
+ATTRIBUTE	Acct-Input-Octets	42	integer
+ATTRIBUTE	Acct-Output-Octets	43	integer
+ATTRIBUTE	Acct-Session-Id		44	string
+ATTRIBUTE	Acct-Authentic		45	integer
+ATTRIBUTE	Acct-Session-Time	46	integer
+ATTRIBUTE	Acct-Input-Packets	47	integer
+ATTRIBUTE	Acct-Output-Packets	48	integer
+ATTRIBUTE	Acct-Terminate-Cause	49	integer
+ATTRIBUTE	Acct-Multi-Session-Id	50	string
+ATTRIBUTE	Acct-Link-Count		51	integer
+ATTRIBUTE	Acct-Input-Gigawords	52	integer
+ATTRIBUTE	Acct-Output-Gigawords	53	integer
+ATTRIBUTE	Event-Timestamp		55	integer
+ATTRIBUTE	Egress-VLANID		56	string
+ATTRIBUTE	Ingress-Filters		57	integer
+ATTRIBUTE	Egress-VLAN-Name	58	string
+ATTRIBUTE	User-Priority-Table	59	string
+ATTRIBUTE	CHAP-Challenge		60	string
+ATTRIBUTE	NAS-Port-Type		61	integer
+ATTRIBUTE	Port-Limit		62	integer
+ATTRIBUTE	Login-LAT-Port		63	integer
+ATTRIBUTE	Tunnel-Type		64	string
+ATTRIBUTE	Tunnel-Medium-Type	65	string
+ATTRIBUTE	Tunnel-Client-Endpoint	66	string
+ATTRIBUTE	Tunnel-Server-Endpoint	67	string
+ATTRIBUTE	Acct-Tunnel-Connection	68	string
+ATTRIBUTE	Tunnel-Password		69	string
+ATTRIBUTE	ARAP-Password		70	string
+ATTRIBUTE	ARAP-Features		71	string
+ATTRIBUTE	ARAP-Zone-Access	72	integer
+ATTRIBUTE	ARAP-Security		73	integer
+ATTRIBUTE	ARAP-Security-Data	74	string
+ATTRIBUTE	Password-Retry		75	integer
+ATTRIBUTE	Prompt			76	integer
+ATTRIBUTE	Connect-Info		77	string
+ATTRIBUTE	Configuration-Token	78	string
+ATTRIBUTE	EAP-Message		79	string
+ATTRIBUTE	Message-Authenticator	80	string
+ATTRIBUTE	Tunnel-Private-Group-ID	81	string
+ATTRIBUTE	Tunnel-Assignment-ID	82	string
+ATTRIBUTE	Tunnel-Preference	83	string
+ATTRIBUTE	ARAP-Challenge-Response	84	string
+ATTRIBUTE	Acct-Interim-Interval	85	integer
+ATTRIBUTE	Acct-Tunnel-Packets-Lost	86	integer
+ATTRIBUTE	NAS-Port-Id-String	87	string
+ATTRIBUTE	Framed-Pool		88	string
+ATTRIBUTE	Chargeable-User-Identity	89	string
+ATTRIBUTE	Tunnel-Client-Auth-ID	90	string
+ATTRIBUTE	Tunnel-Server-Auth-ID	91	string
+ATTRIBUTE	NAS-Filter-Rule		92	string
+ATTRIBUTE	Originating-Line-Info	94	string
+ATTRIBUTE	NAS-IPv6-Address	95	ipv6addr
+ATTRIBUTE	Framed-Interface-Id	96	string
+ATTRIBUTE	Framed-IPv6-Prefix	97	ipv6prefix
+ATTRIBUTE	Login-IPv6-Host		98	ipv6addr
+ATTRIBUTE	Framed-IPv6-Route	99	string
+ATTRIBUTE	Framed-IPv6-Pool	100	string
+ATTRIBUTE	Error-Cause		101	integer
+ATTRIBUTE	EAP-Key-Name		102	string
+
+#
+#	RFC6911 IPv6 attributes
+#
+ATTRIBUTE       Delegated-IPv6-Prefix   123     ipv6prefix
+ATTRIBUTE	Framed-IPv6-Address	168	ipv6addr
+ATTRIBUTE	DNS-Server-IPv6-Address	169	ipv6addr
+ATTRIBUTE	Route-IPv6-Information	170	ipv6prefix
+
+#
+#	Experimental Non Protocol Attributes used by Cistron-Radiusd
+#
+ATTRIBUTE	Huntgroup-Name		221	string
+ATTRIBUTE	User-Category		1029	string
+ATTRIBUTE	Group-Name		1030	string
+ATTRIBUTE	Simultaneous-Use	1034	integer
+ATTRIBUTE	Strip-User-Name		1035	integer
+ATTRIBUTE	Fall-Through		1036	integer
+ATTRIBUTE	Add-Port-To-IP-Address	1037	integer
+ATTRIBUTE	Exec-Program		1038	string
+ATTRIBUTE	Exec-Program-Wait	1039	string
+ATTRIBUTE	Hint			1040	string
+
+#
+#	Non-Protocol Attributes
+#	These attributes are used internally by the server
+#
+ATTRIBUTE	Expiration		  21	date
+ATTRIBUTE	Auth-Type		1000	integer
+ATTRIBUTE	Menu			1001	string
+ATTRIBUTE	Termination-Menu	1002	string
+ATTRIBUTE	Prefix			1003	string
+ATTRIBUTE	Suffix			1004	string
+ATTRIBUTE	Group			1005	string
+ATTRIBUTE	Crypt-Password		1006	string
+ATTRIBUTE	Connect-Rate		1007	integer
+
+#
+#	Integer Translations
+#
+
+#	User Types
+
+VALUE		Service-Type		Login-User		1
+VALUE		Service-Type		Framed-User		2
+VALUE		Service-Type		Callback-Login-User	3
+VALUE		Service-Type		Callback-Framed-User	4
+VALUE		Service-Type		Outbound-User		5
+VALUE		Service-Type		Administrative-User	6
+VALUE		Service-Type		NAS-Prompt-User		7
+VALUE		Service-Type		Authenticate-Only	8
+VALUE		Service-Type		Callback-NAS-Prompt	9
+VALUE		Service-Type		Call-Check		10
+VALUE		Service-Type		Callback-Administrative	11
+
+#	Framed Protocols
+
+VALUE		Framed-Protocol		PPP			1
+VALUE		Framed-Protocol		SLIP			2
+VALUE		Framed-Protocol		ARAP			3
+VALUE		Framed-Protocol		GANDALF-SLMLP		4
+VALUE		Framed-Protocol		XYLOGICS-IPX-SLIP	5
+VALUE		Framed-Protocol		X75			6
+
+#	Framed Routing Values
+
+VALUE		Framed-Routing		None			0
+VALUE		Framed-Routing		Broadcast		1
+VALUE		Framed-Routing		Listen			2
+VALUE		Framed-Routing		Broadcast-Listen	3
+
+#	Framed Compression Types
+
+VALUE		Framed-Compression	None			0
+VALUE		Framed-Compression	Van-Jacobson-TCP-IP	1
+VALUE		Framed-Compression	IPX-Header		2
+VALUE		Framed-Compression	Stac-LZS		3
+
+#	Login Services
+
+VALUE		Login-Service		Telnet			0
+VALUE		Login-Service		Rlogin			1
+VALUE		Login-Service		TCP-Clear		2
+VALUE		Login-Service		PortMaster		3
+VALUE		Login-Service		LAT			4
+VALUE		Login-Service		X.25-PAD		5
+VALUE		Login-Service		X.25-T3POS		6
+VALUE		Login-Service		TCP-Clear-Quiet		8
+
+#	Status Types
+
+VALUE		Acct-Status-Type	Start			1
+VALUE		Acct-Status-Type	Stop			2
+VALUE		Acct-Status-Type	Alive			3
+VALUE		Acct-Status-Type	Accounting-On		7
+VALUE		Acct-Status-Type	Accounting-Off		8
+
+#	Authentication Types
+
+VALUE		Acct-Authentic		RADIUS			1
+VALUE		Acct-Authentic		Local			2
+VALUE		Acct-Authentic		Remote			3
+
+#	Termination Options
+
+VALUE		Termination-Action	Default			0
+VALUE		Termination-Action	RADIUS-Request		1
+
+#	NAS Port Types, available in 3.3.1 and later
+
+VALUE		NAS-Port-Type		Async			0
+VALUE		NAS-Port-Type		Sync			1
+VALUE		NAS-Port-Type		ISDN			2
+VALUE		NAS-Port-Type		ISDN-V120		3
+VALUE		NAS-Port-Type		ISDN-V110		4
+VALUE		NAS-Port-Type		Virtual			5
+VALUE		NAS-Port-Type		PIAFS			6
+VALUE		NAS-Port-Type		HDLC-Clear-Channel	7
+VALUE		NAS-Port-Type		X.25			8
+VALUE		NAS-Port-Type		X.75			9
+VALUE		NAS-Port-Type		G.3-Fax			10
+VALUE		NAS-Port-Type		SDSL			11
+VALUE		NAS-Port-Type		ADSL-CAP		12
+VALUE		NAS-Port-Type		ADSL-DMT		13
+VALUE		NAS-Port-Type		IDSL			14
+VALUE		NAS-Port-Type		Ethernet		15
+
+#	Acct Terminate Causes, available in 3.3.2 and later
+
+VALUE           Acct-Terminate-Cause    User-Request            1
+VALUE           Acct-Terminate-Cause    Lost-Carrier            2
+VALUE           Acct-Terminate-Cause    Lost-Service            3
+VALUE           Acct-Terminate-Cause    Idle-Timeout            4
+VALUE           Acct-Terminate-Cause    Session-Timeout         5
+VALUE           Acct-Terminate-Cause    Admin-Reset             6
+VALUE           Acct-Terminate-Cause    Admin-Reboot            7
+VALUE           Acct-Terminate-Cause    Port-Error              8
+VALUE           Acct-Terminate-Cause    NAS-Error               9
+VALUE           Acct-Terminate-Cause    NAS-Request             10
+VALUE           Acct-Terminate-Cause    NAS-Reboot              11
+VALUE           Acct-Terminate-Cause    Port-Unneeded           12
+VALUE           Acct-Terminate-Cause    Port-Preempted          13
+VALUE           Acct-Terminate-Cause    Port-Suspended          14
+VALUE           Acct-Terminate-Cause    Service-Unavailable     15
+VALUE           Acct-Terminate-Cause    Callback                16
+VALUE           Acct-Terminate-Cause    User-Error              17
+VALUE           Acct-Terminate-Cause    Host-Request            18
+
+#
+#	Non-Protocol Integer Translations
+#
+
+VALUE		Auth-Type		Local			0
+VALUE		Auth-Type		System			1
+VALUE		Auth-Type		SecurID			2
+VALUE		Auth-Type		Crypt-Local		3
+VALUE		Auth-Type		Reject			4
+
+#
+#	Cistron extensions
+#
+VALUE		Auth-Type		Pam			253
+VALUE		Auth-Type		Accept			254
+
+#
+#	Experimental Non-Protocol Integer Translations for Cistron-Radiusd
+#
+VALUE		Fall-Through		No			0
+VALUE		Fall-Through		Yes			1
+VALUE		Add-Port-To-IP-Address	No			0
+VALUE		Add-Port-To-IP-Address	Yes			1
+
+#
+#	Configuration Values
+#	uncomment these two lines to turn account expiration on
+#
+
+#VALUE		Server-Config		Password-Expiration	30
+#VALUE		Server-Config		Password-Warning	5
+

freeradius-client-1.1.7-ipv6-attr-fix.patch

@@ -0,0 +1,32 @@
+From 3bea3b05583fb4d14521475503c9ee2d3b632987 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 2 Mar 2015 12:08:51 +0100
+Subject: [PATCH] when sending IPv6 attributes use the correct length
+
+---
+ lib/sendserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/sendserver.c b/lib/sendserver.c
+index 1fdcff2..30ce5de 100644
+--- a/lib/sendserver.c
++++ b/lib/sendserver.c
+@@ -150,6 +150,7 @@ static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth)
+ 
+ 		    case PW_TYPE_IPV6ADDR:
+ 			length = 16;
++			*buf++ = length + 2;
+ 			if (vsa_length_ptr != NULL) *vsa_length_ptr += length + 2;
+ 			memcpy (buf, vp->strvalue, (size_t) length);
+ 			buf += length;
+@@ -158,6 +159,7 @@ static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth)
+ 
+ 		    case PW_TYPE_IPV6PREFIX:
+ 			length = vp->lvalue;
++			*buf++ = length + 2;
+ 			if (vsa_length_ptr != NULL) *vsa_length_ptr += length + 2;
+ 			memcpy (buf, vp->strvalue, (size_t) length);
+ 			buf += length;
+-- 
+2.1.0
+

freeradius-client-1.1.7-size_t.patch

@@ -0,0 +1,12 @@
+diff --git a/lib/rc-md5.h b/lib/rc-md5.h
+index a30f16d..dcde619 100644
+--- a/lib/rc-md5.h
++++ b/lib/rc-md5.h
+@@ -10,6 +10,7 @@
+ #define _RC_MD5_H
+ 
+ #include "config.h"
++#include <stdlib.h>
+ 
+ #ifdef HAVE_NETTLE
+ 

freeradius-client.spec

@@ -0,0 +1,99 @@
+Name:    freeradius-client
+Summary: RADIUS protocol client library
+Version: 1.1.7
+Release: 1
+License: BSD and MIT
+URL:     http://freeradius.org/freeradius-client
+
+Source0: https://github.com/FreeRADIUS/freeradius-client/archive/release_1_1_7.tar.gz
+Source1: radiusclient.conf
+Source2: dictionary
+Patch1:  freeradius-client-1.1.7-size_t.patch
+Patch2:  freeradius-client-1.1.7-ipv6-attr-fix.patch
+
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: nettle-devel >= 2.7.1
+
+%description
+FreeRADIUS Client is a library for writing RADIUS Clients.
+The library lets you develop a RADIUS-aware application in less than
+50 lines of C code. 
+
+%package devel
+Summary:       Development files for freeradius-client
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+Development files for freeradius-client.
+
+%package utils
+Summary:       Utility programs for freeradius-client
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+# freeradius-client supersedes radiusclient-ng
+Obsoletes:     radiusclient-ng-utils
+
+%description utils
+FreeRADIUS Client is a framework and library for writing RADIUS Clients.
+This package includes radius client test utilities such as,
+radiusclient, radexample, radstatus, radembedded and radacct.
+
+%prep
+%autosetup -p1
+rm -f lib/md5.c
+sed -i -e 's|sys_lib_dlsearch_path_spec="[^"]\+|& %{_libdir}|g' configure
+
+%build
+
+%configure --disable-static --disable-rpath --with-nettle
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=%{buildroot} install
+rm -f %{buildroot}%{_libdir}/*.la
+rm -f %{buildroot}%{_sbindir}/login.radius
+
+mkdir -p %{buildroot}%{_datadir}/radiusclient
+mv %{buildroot}%{_sysconfdir}/radiusclient/dictionary.* %{buildroot}%{_datadir}/radiusclient/
+cp %{SOURCE1} %{buildroot}%{_sysconfdir}/radiusclient/
+cp %{SOURCE2} %{buildroot}%{_sysconfdir}/radiusclient/
+cp %{SOURCE2} %{buildroot}%{_datadir}/radiusclient/dictionary
+
+%ldconfig_scriptlets
+
+%files
+%doc README.rst README.radexample BUGS doc/ChangeLog
+
+%dir %{_sysconfdir}/radiusclient
+%config(noreplace) %{_sysconfdir}/radiusclient/issue
+%config(noreplace) %{_sysconfdir}/radiusclient/port-id-map
+%config(noreplace) %{_sysconfdir}/radiusclient/radiusclient.conf
+%config(noreplace) %{_sysconfdir}/radiusclient/servers
+%config(noreplace) %{_sysconfdir}/radiusclient/dictionary
+
+%{_libdir}/libfreeradius-client.so.*
+
+%dir %{_datadir}/radiusclient/
+%{_datadir}/radiusclient/dictionary.ascend
+%{_datadir}/radiusclient/dictionary.compat
+%{_datadir}/radiusclient/dictionary.merit
+%{_datadir}/radiusclient/dictionary.sip
+%{_datadir}/radiusclient/dictionary
+
+%files devel
+
+%{_includedir}/freeradius-client.h
+%{_libdir}/libfreeradius-client.so
+
+%files utils
+
+%{_sbindir}/radacct
+%{_sbindir}/radiusclient
+%{_sbindir}/radstatus
+%{_sbindir}/radlogin
+%{_sbindir}/radexample
+%{_sbindir}/radembedded
+
+%changelog
+* Thu Nov 26 2020 jiangxinyu <jiangxinyu@kylinos.cn> - 1.1.7-1
+- Init freeradius-client project

freeradius-client.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: FreeRADIUS/freeradius-client
+tag_prefix: ^release
+separator: "_"

radiusclient.conf

@@ -0,0 +1,92 @@
+# General settings
+
+# specify which authentication comes first respectively which
+# authentication is used. possible values are: "radius" and "local".
+# if you specify "radius,local" then the RADIUS server is asked
+# first then the local one. if only one keyword is specified only
+# this server is asked.
+auth_order	radius,local
+
+# maximum login tries a user has
+login_tries	4
+
+# timeout for all login tries
+# if this time is exceeded the user is kicked out
+login_timeout	60
+
+# name of the nologin file which when it exists disables logins.
+# it may be extended by the ttyname which will result in
+# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
+# logins on /dev/ttyS2)
+nologin /etc/nologin
+
+# name of the issue file. it's only display when no username is passed
+# on the radlogin command line
+issue	/etc/radiusclient/issue
+
+# RADIUS settings
+
+# RADIUS server to use for authentication requests. this config
+# item can appear more then one time. if multiple servers are
+# defined they are tried in a round robin fashion if one
+# server is not answering.
+# optionally you can specify a the port number on which is remote
+# RADIUS listens separated by a colon from the hostname. if
+# no port is specified /etc/services is consulted of the radius
+# service. if this fails also a compiled in default is used.
+authserver 	localhost
+
+# RADIUS server to use for accouting requests. All that I
+# said for authserver applies, too. 
+#
+acctserver 	localhost
+
+# file holding shared secrets used for the communication
+# between the RADIUS client and server
+servers		/etc/radiusclient/servers
+
+# dictionary of allowed attributes and values
+# just like in the normal RADIUS distributions
+dictionary 	/usr/share/radiusclient/dictionary
+
+# program to call for a RADIUS authenticated login
+login_radius	/usr/sbin/login.radius
+
+# file which holds sequence number for communication with the
+# RADIUS server
+seqfile		/var/run/radius.seq
+
+# file which specifies mapping between ttyname and NAS-Port attribute
+mapfile		/etc/radiusclient/port-id-map
+
+# default authentication realm to append to all usernames if no
+# realm was explicitly specified by the user
+# the radiusd directly form Livingston doesnt use any realms, so leave
+# it blank then
+default_realm
+
+# time to wait for a reply from the RADIUS server
+radius_timeout	10
+
+# resend request this many times before trying the next server
+radius_retries	3
+
+# The length of time in seconds that we skip a nonresponsive RADIUS
+# server for transaction requests.  Server(s) being in the "dead" state
+# are tried only after all other non-dead servers have been tried and
+# failed or timeouted.  The deadtime interval starts when the server
+# does not respond to an authentication/accounting request transmissions. 
+# When the interval expires, the "dead" server would be re-tried again,
+# and if it's still down then it will be considered "dead" for another
+# such interval and so on. This option is no-op if there is only one
+# server in the list. Set to 0 in order to disable the feature.
+radius_deadtime	0
+
+# local address from which radius packets have to be sent
+bindaddr *
+
+# LOCAL settings
+
+# program to execute for local login
+# it must support the -f flag for preauthenticated login
+login_local	/bin/login