diff --git a/dictionary b/dictionary new file mode 100644 index 0000000..73eb760 --- /dev/null +++ b/dictionary @@ -0,0 +1,306 @@ +# +# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl +# +# This file contains dictionary translations for parsing +# requests and generating responses. All transactions are +# composed of Attribute/Value Pairs. The value of each attribute +# is specified as one of 4 data types. Valid data types are: +# +# string - 0-253 octets +# ipaddr - 4 octets in network byte order +# integer - 32 bit value in big endian order (high byte first) +# date - 32 bit value in big endian order - seconds since +# 00:00:00 GMT, Jan. 1, 1970 +# +# Enumerated values are stored in the user file with dictionary +# VALUE translations for easy administration. +# +# Example: +# +# ATTRIBUTE VALUE +# --------------- ----- +# Framed-Protocol = PPP +# 7 = 1 (integer encoding) +# + +# +# Following are the proper new names. Use these. +# +ATTRIBUTE User-Name 1 string +ATTRIBUTE Password 2 string +ATTRIBUTE CHAP-Password 3 string +ATTRIBUTE NAS-IP-Address 4 ipaddr +ATTRIBUTE NAS-Port-Id 5 integer +ATTRIBUTE Service-Type 6 integer +ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipaddr +ATTRIBUTE Framed-IP-Netmask 9 ipaddr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipaddr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipaddr +ATTRIBUTE State 24 string +ATTRIBUTE Class 25 string +ATTRIBUTE Vendor-Specific 26 string +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Proxy-State 33 string +ATTRIBUTE Login-LAT-Service 34 string +ATTRIBUTE Login-LAT-Node 35 string +ATTRIBUTE Login-LAT-Group 36 string +ATTRIBUTE Framed-AppleTalk-Link 37 integer +ATTRIBUTE Framed-AppleTalk-Network 38 integer +ATTRIBUTE Framed-AppleTalk-Zone 39 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer +ATTRIBUTE Acct-Input-Octets 42 integer +ATTRIBUTE Acct-Output-Octets 43 integer +ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Acct-Multi-Session-Id 50 string +ATTRIBUTE Acct-Link-Count 51 integer +ATTRIBUTE Acct-Input-Gigawords 52 integer +ATTRIBUTE Acct-Output-Gigawords 53 integer +ATTRIBUTE Event-Timestamp 55 integer +ATTRIBUTE Egress-VLANID 56 string +ATTRIBUTE Ingress-Filters 57 integer +ATTRIBUTE Egress-VLAN-Name 58 string +ATTRIBUTE User-Priority-Table 59 string +ATTRIBUTE CHAP-Challenge 60 string +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Login-LAT-Port 63 integer +ATTRIBUTE Tunnel-Type 64 string +ATTRIBUTE Tunnel-Medium-Type 65 string +ATTRIBUTE Tunnel-Client-Endpoint 66 string +ATTRIBUTE Tunnel-Server-Endpoint 67 string +ATTRIBUTE Acct-Tunnel-Connection 68 string +ATTRIBUTE Tunnel-Password 69 string +ATTRIBUTE ARAP-Password 70 string +ATTRIBUTE ARAP-Features 71 string +ATTRIBUTE ARAP-Zone-Access 72 integer +ATTRIBUTE ARAP-Security 73 integer +ATTRIBUTE ARAP-Security-Data 74 string +ATTRIBUTE Password-Retry 75 integer +ATTRIBUTE Prompt 76 integer +ATTRIBUTE Connect-Info 77 string +ATTRIBUTE Configuration-Token 78 string +ATTRIBUTE EAP-Message 79 string +ATTRIBUTE Message-Authenticator 80 string +ATTRIBUTE Tunnel-Private-Group-ID 81 string +ATTRIBUTE Tunnel-Assignment-ID 82 string +ATTRIBUTE Tunnel-Preference 83 string +ATTRIBUTE ARAP-Challenge-Response 84 string +ATTRIBUTE Acct-Interim-Interval 85 integer +ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer +ATTRIBUTE NAS-Port-Id-String 87 string +ATTRIBUTE Framed-Pool 88 string +ATTRIBUTE Chargeable-User-Identity 89 string +ATTRIBUTE Tunnel-Client-Auth-ID 90 string +ATTRIBUTE Tunnel-Server-Auth-ID 91 string +ATTRIBUTE NAS-Filter-Rule 92 string +ATTRIBUTE Originating-Line-Info 94 string +ATTRIBUTE NAS-IPv6-Address 95 ipv6addr +ATTRIBUTE Framed-Interface-Id 96 string +ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix +ATTRIBUTE Login-IPv6-Host 98 ipv6addr +ATTRIBUTE Framed-IPv6-Route 99 string +ATTRIBUTE Framed-IPv6-Pool 100 string +ATTRIBUTE Error-Cause 101 integer +ATTRIBUTE EAP-Key-Name 102 string + +# +# RFC6911 IPv6 attributes +# +ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix +ATTRIBUTE Framed-IPv6-Address 168 ipv6addr +ATTRIBUTE DNS-Server-IPv6-Address 169 ipv6addr +ATTRIBUTE Route-IPv6-Information 170 ipv6prefix + +# +# Experimental Non Protocol Attributes used by Cistron-Radiusd +# +ATTRIBUTE Huntgroup-Name 221 string +ATTRIBUTE User-Category 1029 string +ATTRIBUTE Group-Name 1030 string +ATTRIBUTE Simultaneous-Use 1034 integer +ATTRIBUTE Strip-User-Name 1035 integer +ATTRIBUTE Fall-Through 1036 integer +ATTRIBUTE Add-Port-To-IP-Address 1037 integer +ATTRIBUTE Exec-Program 1038 string +ATTRIBUTE Exec-Program-Wait 1039 string +ATTRIBUTE Hint 1040 string + +# +# Non-Protocol Attributes +# These attributes are used internally by the server +# +ATTRIBUTE Expiration 21 date +ATTRIBUTE Auth-Type 1000 integer +ATTRIBUTE Menu 1001 string +ATTRIBUTE Termination-Menu 1002 string +ATTRIBUTE Prefix 1003 string +ATTRIBUTE Suffix 1004 string +ATTRIBUTE Group 1005 string +ATTRIBUTE Crypt-Password 1006 string +ATTRIBUTE Connect-Rate 1007 integer + +# +# Integer Translations +# + +# User Types + +VALUE Service-Type Login-User 1 +VALUE Service-Type Framed-User 2 +VALUE Service-Type Callback-Login-User 3 +VALUE Service-Type Callback-Framed-User 4 +VALUE Service-Type Outbound-User 5 +VALUE Service-Type Administrative-User 6 +VALUE Service-Type NAS-Prompt-User 7 +VALUE Service-Type Authenticate-Only 8 +VALUE Service-Type Callback-NAS-Prompt 9 +VALUE Service-Type Call-Check 10 +VALUE Service-Type Callback-Administrative 11 + +# Framed Protocols + +VALUE Framed-Protocol PPP 1 +VALUE Framed-Protocol SLIP 2 +VALUE Framed-Protocol ARAP 3 +VALUE Framed-Protocol GANDALF-SLMLP 4 +VALUE Framed-Protocol XYLOGICS-IPX-SLIP 5 +VALUE Framed-Protocol X75 6 + +# Framed Routing Values + +VALUE Framed-Routing None 0 +VALUE Framed-Routing Broadcast 1 +VALUE Framed-Routing Listen 2 +VALUE Framed-Routing Broadcast-Listen 3 + +# Framed Compression Types + +VALUE Framed-Compression None 0 +VALUE Framed-Compression Van-Jacobson-TCP-IP 1 +VALUE Framed-Compression IPX-Header 2 +VALUE Framed-Compression Stac-LZS 3 + +# Login Services + +VALUE Login-Service Telnet 0 +VALUE Login-Service Rlogin 1 +VALUE Login-Service TCP-Clear 2 +VALUE Login-Service PortMaster 3 +VALUE Login-Service LAT 4 +VALUE Login-Service X.25-PAD 5 +VALUE Login-Service X.25-T3POS 6 +VALUE Login-Service TCP-Clear-Quiet 8 + +# Status Types + +VALUE Acct-Status-Type Start 1 +VALUE Acct-Status-Type Stop 2 +VALUE Acct-Status-Type Alive 3 +VALUE Acct-Status-Type Accounting-On 7 +VALUE Acct-Status-Type Accounting-Off 8 + +# Authentication Types + +VALUE Acct-Authentic RADIUS 1 +VALUE Acct-Authentic Local 2 +VALUE Acct-Authentic Remote 3 + +# Termination Options + +VALUE Termination-Action Default 0 +VALUE Termination-Action RADIUS-Request 1 + +# NAS Port Types, available in 3.3.1 and later + +VALUE NAS-Port-Type Async 0 +VALUE NAS-Port-Type Sync 1 +VALUE NAS-Port-Type ISDN 2 +VALUE NAS-Port-Type ISDN-V120 3 +VALUE NAS-Port-Type ISDN-V110 4 +VALUE NAS-Port-Type Virtual 5 +VALUE NAS-Port-Type PIAFS 6 +VALUE NAS-Port-Type HDLC-Clear-Channel 7 +VALUE NAS-Port-Type X.25 8 +VALUE NAS-Port-Type X.75 9 +VALUE NAS-Port-Type G.3-Fax 10 +VALUE NAS-Port-Type SDSL 11 +VALUE NAS-Port-Type ADSL-CAP 12 +VALUE NAS-Port-Type ADSL-DMT 13 +VALUE NAS-Port-Type IDSL 14 +VALUE NAS-Port-Type Ethernet 15 + +# Acct Terminate Causes, available in 3.3.2 and later + +VALUE Acct-Terminate-Cause User-Request 1 +VALUE Acct-Terminate-Cause Lost-Carrier 2 +VALUE Acct-Terminate-Cause Lost-Service 3 +VALUE Acct-Terminate-Cause Idle-Timeout 4 +VALUE Acct-Terminate-Cause Session-Timeout 5 +VALUE Acct-Terminate-Cause Admin-Reset 6 +VALUE Acct-Terminate-Cause Admin-Reboot 7 +VALUE Acct-Terminate-Cause Port-Error 8 +VALUE Acct-Terminate-Cause NAS-Error 9 +VALUE Acct-Terminate-Cause NAS-Request 10 +VALUE Acct-Terminate-Cause NAS-Reboot 11 +VALUE Acct-Terminate-Cause Port-Unneeded 12 +VALUE Acct-Terminate-Cause Port-Preempted 13 +VALUE Acct-Terminate-Cause Port-Suspended 14 +VALUE Acct-Terminate-Cause Service-Unavailable 15 +VALUE Acct-Terminate-Cause Callback 16 +VALUE Acct-Terminate-Cause User-Error 17 +VALUE Acct-Terminate-Cause Host-Request 18 + +# +# Non-Protocol Integer Translations +# + +VALUE Auth-Type Local 0 +VALUE Auth-Type System 1 +VALUE Auth-Type SecurID 2 +VALUE Auth-Type Crypt-Local 3 +VALUE Auth-Type Reject 4 + +# +# Cistron extensions +# +VALUE Auth-Type Pam 253 +VALUE Auth-Type Accept 254 + +# +# Experimental Non-Protocol Integer Translations for Cistron-Radiusd +# +VALUE Fall-Through No 0 +VALUE Fall-Through Yes 1 +VALUE Add-Port-To-IP-Address No 0 +VALUE Add-Port-To-IP-Address Yes 1 + +# +# Configuration Values +# uncomment these two lines to turn account expiration on +# + +#VALUE Server-Config Password-Expiration 30 +#VALUE Server-Config Password-Warning 5 + diff --git a/freeradius-client-1.1.7-ipv6-attr-fix.patch b/freeradius-client-1.1.7-ipv6-attr-fix.patch new file mode 100644 index 0000000..1c2b636 --- /dev/null +++ b/freeradius-client-1.1.7-ipv6-attr-fix.patch @@ -0,0 +1,32 @@ +From 3bea3b05583fb4d14521475503c9ee2d3b632987 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Mon, 2 Mar 2015 12:08:51 +0100 +Subject: [PATCH] when sending IPv6 attributes use the correct length + +--- + lib/sendserver.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/sendserver.c b/lib/sendserver.c +index 1fdcff2..30ce5de 100644 +--- a/lib/sendserver.c ++++ b/lib/sendserver.c +@@ -150,6 +150,7 @@ static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth) + + case PW_TYPE_IPV6ADDR: + length = 16; ++ *buf++ = length + 2; + if (vsa_length_ptr != NULL) *vsa_length_ptr += length + 2; + memcpy (buf, vp->strvalue, (size_t) length); + buf += length; +@@ -158,6 +159,7 @@ static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth) + + case PW_TYPE_IPV6PREFIX: + length = vp->lvalue; ++ *buf++ = length + 2; + if (vsa_length_ptr != NULL) *vsa_length_ptr += length + 2; + memcpy (buf, vp->strvalue, (size_t) length); + buf += length; +-- +2.1.0 + diff --git a/freeradius-client-1.1.7-size_t.patch b/freeradius-client-1.1.7-size_t.patch new file mode 100644 index 0000000..6bb2022 --- /dev/null +++ b/freeradius-client-1.1.7-size_t.patch @@ -0,0 +1,12 @@ +diff --git a/lib/rc-md5.h b/lib/rc-md5.h +index a30f16d..dcde619 100644 +--- a/lib/rc-md5.h ++++ b/lib/rc-md5.h +@@ -10,6 +10,7 @@ + #define _RC_MD5_H + + #include "config.h" ++#include + + #ifdef HAVE_NETTLE + diff --git a/freeradius-client.spec b/freeradius-client.spec new file mode 100644 index 0000000..ddb8bd6 --- /dev/null +++ b/freeradius-client.spec @@ -0,0 +1,99 @@ +Name: freeradius-client +Summary: RADIUS protocol client library +Version: 1.1.7 +Release: 1 +License: BSD and MIT +URL: http://freeradius.org/freeradius-client + +Source0: https://github.com/FreeRADIUS/freeradius-client/archive/release_1_1_7.tar.gz +Source1: radiusclient.conf +Source2: dictionary +Patch1: freeradius-client-1.1.7-size_t.patch +Patch2: freeradius-client-1.1.7-ipv6-attr-fix.patch + +BuildRequires: gcc +BuildRequires: make +BuildRequires: nettle-devel >= 2.7.1 + +%description +FreeRADIUS Client is a library for writing RADIUS Clients. +The library lets you develop a RADIUS-aware application in less than +50 lines of C code. + +%package devel +Summary: Development files for freeradius-client +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Development files for freeradius-client. + +%package utils +Summary: Utility programs for freeradius-client +Requires: %{name}%{?_isa} = %{version}-%{release} +# freeradius-client supersedes radiusclient-ng +Obsoletes: radiusclient-ng-utils + +%description utils +FreeRADIUS Client is a framework and library for writing RADIUS Clients. +This package includes radius client test utilities such as, +radiusclient, radexample, radstatus, radembedded and radacct. + +%prep +%autosetup -p1 +rm -f lib/md5.c +sed -i -e 's|sys_lib_dlsearch_path_spec="[^"]\+|& %{_libdir}|g' configure + +%build + +%configure --disable-static --disable-rpath --with-nettle +make %{?_smp_mflags} + +%install +make DESTDIR=%{buildroot} install +rm -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}%{_sbindir}/login.radius + +mkdir -p %{buildroot}%{_datadir}/radiusclient +mv %{buildroot}%{_sysconfdir}/radiusclient/dictionary.* %{buildroot}%{_datadir}/radiusclient/ +cp %{SOURCE1} %{buildroot}%{_sysconfdir}/radiusclient/ +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/radiusclient/ +cp %{SOURCE2} %{buildroot}%{_datadir}/radiusclient/dictionary + +%ldconfig_scriptlets + +%files +%doc README.rst README.radexample BUGS doc/ChangeLog + +%dir %{_sysconfdir}/radiusclient +%config(noreplace) %{_sysconfdir}/radiusclient/issue +%config(noreplace) %{_sysconfdir}/radiusclient/port-id-map +%config(noreplace) %{_sysconfdir}/radiusclient/radiusclient.conf +%config(noreplace) %{_sysconfdir}/radiusclient/servers +%config(noreplace) %{_sysconfdir}/radiusclient/dictionary + +%{_libdir}/libfreeradius-client.so.* + +%dir %{_datadir}/radiusclient/ +%{_datadir}/radiusclient/dictionary.ascend +%{_datadir}/radiusclient/dictionary.compat +%{_datadir}/radiusclient/dictionary.merit +%{_datadir}/radiusclient/dictionary.sip +%{_datadir}/radiusclient/dictionary + +%files devel + +%{_includedir}/freeradius-client.h +%{_libdir}/libfreeradius-client.so + +%files utils + +%{_sbindir}/radacct +%{_sbindir}/radiusclient +%{_sbindir}/radstatus +%{_sbindir}/radlogin +%{_sbindir}/radexample +%{_sbindir}/radembedded + +%changelog +* Thu Nov 26 2020 jiangxinyu - 1.1.7-1 +- Init freeradius-client project diff --git a/freeradius-client.yaml b/freeradius-client.yaml new file mode 100644 index 0000000..2703d81 --- /dev/null +++ b/freeradius-client.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: FreeRADIUS/freeradius-client +tag_prefix: ^release +separator: "_" diff --git a/radiusclient.conf b/radiusclient.conf new file mode 100644 index 0000000..0f3d589 --- /dev/null +++ b/radiusclient.conf @@ -0,0 +1,92 @@ +# General settings + +# specify which authentication comes first respectively which +# authentication is used. possible values are: "radius" and "local". +# if you specify "radius,local" then the RADIUS server is asked +# first then the local one. if only one keyword is specified only +# this server is asked. +auth_order radius,local + +# maximum login tries a user has +login_tries 4 + +# timeout for all login tries +# if this time is exceeded the user is kicked out +login_timeout 60 + +# name of the nologin file which when it exists disables logins. +# it may be extended by the ttyname which will result in +# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable +# logins on /dev/ttyS2) +nologin /etc/nologin + +# name of the issue file. it's only display when no username is passed +# on the radlogin command line +issue /etc/radiusclient/issue + +# RADIUS settings + +# RADIUS server to use for authentication requests. this config +# item can appear more then one time. if multiple servers are +# defined they are tried in a round robin fashion if one +# server is not answering. +# optionally you can specify a the port number on which is remote +# RADIUS listens separated by a colon from the hostname. if +# no port is specified /etc/services is consulted of the radius +# service. if this fails also a compiled in default is used. +authserver localhost + +# RADIUS server to use for accouting requests. All that I +# said for authserver applies, too. +# +acctserver localhost + +# file holding shared secrets used for the communication +# between the RADIUS client and server +servers /etc/radiusclient/servers + +# dictionary of allowed attributes and values +# just like in the normal RADIUS distributions +dictionary /usr/share/radiusclient/dictionary + +# program to call for a RADIUS authenticated login +login_radius /usr/sbin/login.radius + +# file which holds sequence number for communication with the +# RADIUS server +seqfile /var/run/radius.seq + +# file which specifies mapping between ttyname and NAS-Port attribute +mapfile /etc/radiusclient/port-id-map + +# default authentication realm to append to all usernames if no +# realm was explicitly specified by the user +# the radiusd directly form Livingston doesnt use any realms, so leave +# it blank then +default_realm + +# time to wait for a reply from the RADIUS server +radius_timeout 10 + +# resend request this many times before trying the next server +radius_retries 3 + +# The length of time in seconds that we skip a nonresponsive RADIUS +# server for transaction requests. Server(s) being in the "dead" state +# are tried only after all other non-dead servers have been tried and +# failed or timeouted. The deadtime interval starts when the server +# does not respond to an authentication/accounting request transmissions. +# When the interval expires, the "dead" server would be re-tried again, +# and if it's still down then it will be considered "dead" for another +# such interval and so on. This option is no-op if there is only one +# server in the list. Set to 0 in order to disable the feature. +radius_deadtime 0 + +# local address from which radius packets have to be sent +bindaddr * + +# LOCAL settings + +# program to execute for local login +# it must support the -f flag for preauthenticated login +login_local /bin/login diff --git a/release_1_1_7.tar.gz b/release_1_1_7.tar.gz new file mode 100644 index 0000000..7b77f02 Binary files /dev/null and b/release_1_1_7.tar.gz differ