diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 7dcfb220e85a6..bb86c8251790f 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -16,18 +16,19 @@ about: Used to report a defect in server source code, default configuration file See [here](https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/source/bugs.md) for debugging instructions and how to obtain backtraces. -# Defect -## How to reproduce the issue +## Defect + +### How to reproduce the issue A clear and concise list of steps describing how to describe the issue. - -## Output of ``[radiusd|freeradius] -X`` showing issue occurring + +### Output of ``[radiusd|freeradius] -X`` showing issue occurring _(you may need to run ``[radiusd|freeradius] -fxx -l stdout`` if using eg RADIUS with TLS)_ ```text COPY/PASTE OUTPUT HERE (WITHIN BACKTICKS). NO PASTEBIN (ET AL) LINKS! ``` -## Full backtrace from LLDB or GDB +### Full backtrace from LLDB or GDB ```text COPY/PASTE OUTPUT HERE (WITHIN BACKTICKS). NO PASTEBIN (ET AL) LINKS! diff --git a/.github/PULL_REQUEST_TEMPLATE/dictionary.md b/.github/PULL_REQUEST_TEMPLATE/dictionary.md index a955fc0414e35..ba4a971ccf032 100644 --- a/.github/PULL_REQUEST_TEMPLATE/dictionary.md +++ b/.github/PULL_REQUEST_TEMPLATE/dictionary.md @@ -3,87 +3,89 @@ name: Dictionary updates about: Used to submit changes for vendor dictionaries or standards dictionaries --- -For dictionary changes please open pull requests for both the `master` and `v3.0.x` branches -following the submission checklists below. +# Dictionary updates -*Note: The attribute referencing syntax in `master` has changed. When referencing nested -attributes such as VSAs or TLVs the complete path is used. The reference string -for the `Option-Request` attribute in the example below would be -`Vendor-Specific.CableLabs.Option-Request`. -This is why attribute prefixes are NOT used in the `master` branch.* +For dictionary changes please open pull requests for both the `master` and +`v3.0.x` branches following the submission checklists below. -# Submission checklist `master` branch +*Note: The attribute referencing syntax in `master` has changed. When +referencing nested attributes such as VSAs or TLVs the complete path is used. +The reference string for the `Option-Request` attribute in the example below +would be `Vendor-Specific.CableLabs.Option-Request`. This is why attribute +prefixes are NOT used in the `master` branch.* + +## Submission checklist `master` branch - [ ] Vendor prefix ***NOT*** added for `vendor` attributes **Good** ```text -VENDOR CableLabs 4491 -BEGIN-VENDOR CableLabs -ATTRIBUTE Option-Request 1 octets +VENDOR CableLabs 4491 +BEGIN-VENDOR CableLabs +ATTRIBUTE Option-Request 1 octets ``` **Bad** ```text -VENDOR CableLabs 4491 -BEGIN-VENDOR CableLabs -ATTRIBUTE CableLabs-Option-Request 1 octets +VENDOR CableLabs 4491 +BEGIN-VENDOR CableLabs +ATTRIBUTE CableLabs-Option-Request 1 octets ``` - [ ] Parent prefix ***NOT*** added for `tlv` attributes **Good** ```text -ATTRIBUTE DPSK-Params 153 tlv -ATTRIBUTE AKM-Suite .1 octets -ATTRIBUTE Cipher .2 byte -ATTRIBUTE Anonce .3 octets -ATTRIBUTE EAPOL-Key-Frame .4 octets +ATTRIBUTE DPSK-Params 153 tlv +ATTRIBUTE AKM-Suite .1 octets +ATTRIBUTE Cipher .2 byte +ATTRIBUTE Anonce .3 octets +ATTRIBUTE EAPOL-Key-Frame .4 octets ``` **Bad** ```text -ATTRIBUTE DPSK-Params 153 tlv -ATTRIBUTE DPSK-Params-AKM-Suite .1 octets -ATTRIBUTE DPSK-Params-Cipher .2 byte -ATTRIBUTE DPSK-Params-Anonce .3 octets -ATTRIBUTE DPSK-Params-EAPOL-Key-Frame .4 octets +ATTRIBUTE DPSK-Params 153 tlv +ATTRIBUTE DPSK-Params-AKM-Suite .1 octets +ATTRIBUTE DPSK-Params-Cipher .2 byte +ATTRIBUTE DPSK-Params-Anonce .3 octets +ATTRIBUTE DPSK-Params-EAPOL-Key-Frame .4 octets ``` - [ ] Dictionary tested by starting the server with the new dictionary loaded (`radiusd -C`). - [ ] Dictionary run through [format.pl](https://github.com/FreeRADIUS/freeradius-server/blob/master/scripts/dict/format.pl) (`scripts/dict/format.pl `). - [ ] **New dictionaries only** - Dictionary added to the include list in the top level `dictionary` file of the protocol dictionary. -# Submission checklist `v3.0.x` branch +## Submission checklist `v3.0.x` branch - [ ] Vendor prefix added for `vendor` attributes **Good** ```text -VENDOR CableLabs 4491 -BEGIN-VENDOR CableLabs -ATTRIBUTE CableLabs-Option-Request 1 octets +VENDOR CableLabs 4491 +BEGIN-VENDOR CableLabs +ATTRIBUTE CableLabs-Option-Request 1 octets ``` **Bad** ```text -VENDOR CableLabs 4491 -BEGIN-VENDOR CableLabs -ATTRIBUTE Option-Request 1 octets +VENDOR CableLabs 4491 +BEGIN-VENDOR CableLabs +ATTRIBUTE Option-Request 1 octets ``` - [ ] Parent prefix added for `tlv` attributes **Good** ```text -ATTRIBUTE DPSK-Params 153 tlv -ATTRIBUTE DPSK-Params-AKM-Suite .1 octets -ATTRIBUTE DPSK-Params-Cipher .2 byte -ATTRIBUTE DPSK-Params-Anonce .3 octets -ATTRIBUTE DPSK-Params-EAPOL-Key-Frame .4 octets +ATTRIBUTE DPSK-Params 153 tlv +ATTRIBUTE DPSK-Params-AKM-Suite .1 octets +ATTRIBUTE DPSK-Params-Cipher .2 byte +ATTRIBUTE DPSK-Params-Anonce .3 octets +ATTRIBUTE DPSK-Params-EAPOL-Key-Frame .4 octets ``` **Bad** ```text -ATTRIBUTE DPSK-Params 153 tlv -ATTRIBUTE AKM-Suite .1 octets -ATTRIBUTE Cipher .2 byte -ATTRIBUTE Anonce .3 octets -ATTRIBUTE EAPOL-Key-Frame .4 octets +ATTRIBUTE DPSK-Params 153 tlv +ATTRIBUTE AKM-Suite .1 octets +ATTRIBUTE Cipher .2 byte +ATTRIBUTE Anonce .3 octets +ATTRIBUTE EAPOL-Key-Frame .4 octets ``` - [ ] Dictionary tested by starting the server with the new dictionary loaded (`radiusd -C`). - [ ] Dictionary run through [format.pl](https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/share/format.pl) (`share/format.pl `). diff --git a/.github/contributing.md b/.github/contributing.md index 37c9b1c2e87d2..5fd2fb157fd2a 100644 --- a/.github/contributing.md +++ b/.github/contributing.md @@ -1,5 +1,6 @@ -Introduction -============ +# Contributing + +## Introduction The FreeRADIUS project wouldn't exist without contributions from a significant number of developers. @@ -13,8 +14,7 @@ be acted on and in a timely manner. If you choose to ignore these guidelines our response will be a link to this document. -GitHub Issue Tracker -==================== +## GitHub Issue Tracker The GitHub issue tracker is for non-security related defect reports, feature requests, and pull-requests ONLY. @@ -29,11 +29,10 @@ repositories. Security issues should be reported to security@freeradius.org especially if they can be remotely exploited. This ensures that patches can be developed before the exploit is made public. -Defect reporting -================ -Before reporting a defect -------------------------- +## Defect reporting + +### Before reporting a defect Verify it's still present in the Git HEAD. Checkout the appropriate branch for the version of the server you're working with, as listed [here](http://doc.freeradius.org), build the server and attempt @@ -47,9 +46,7 @@ Git HEAD. Do not report non-security defects for EOL branches (as listed on doc.freeradius.org), or old releases. Issues reported for these branches will be closed and locked. - -Contents of a defect report ---------------------------- +### Contents of a defect report See [doc/bugs](https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/source/bugs.md) for information on what to include, and how to obtain it. @@ -60,8 +57,7 @@ GitHub will automatically link your issue to other pre-existing issues when it e string. -Pull requests and coding standards -================================== +## Pull requests and coding standards If you're developing a new feature, module, or writing large amounts of code to fix a defect, contact a member of the FreeRADIUS development team first. For simpler one or two line fixes go ahead and @@ -83,15 +79,15 @@ If you're creating a new module you may wish to read the You may also wish to utilise the [doxygen site](http://doc.freeradius.org) to review code documentation. The doxygen site contains the complete reference of all API functions with doxygen headers as well -as structs and callback declarations. http://doc.freeradius.org is updated within one minute of each +as structs and callback declarations. is updated within one minute of each commit to the master branch of the freeradius-server repository. Finally, this file was written to be displayed automatically on the GitHub issue tracker, so Git/GitHub knowledge is assumed. If you're wondering what a pull-request is, this document may be of -some use http://wiki.freeradius.org/contributing/GitHub. +some use . -Continuous Integration Tests (CIT) -================================== + +## Continuous Integration Tests (CIT) If possible include test cases in your pull-requests. @@ -108,4 +104,3 @@ way to write new tests is to use the existing tests as examples. Tests are run via Travis for each pull-request, and on every commit by a developer with repository access. - diff --git a/.github/linters/.luacheckrc b/.github/linters/.luacheckrc new file mode 100644 index 0000000000000..0d107061e8b53 --- /dev/null +++ b/.github/linters/.luacheckrc @@ -0,0 +1,3 @@ +std = { + globals = {"fr","instantiate","detach","authorize","authenticate","post_auth","preacct","accounting","xlat","pairs","print","string","type"} +} diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 17798a4e42587..a8d868eb74030 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -9,7 +9,7 @@ on: jobs: lint: - name: Super-Linter. ${{ fromJSON('["Changes-only", "Full"]')[github.ref == 'refs/heads/linter'] }} + name: Super-Linter. ${{ fromJSON('["Changes-only", "Full"]')[github.ref == 'refs/heads/linter' || github.ref == 'refs/heads/ci-debug'] }} runs-on: ubuntu-latest steps: @@ -32,12 +32,17 @@ jobs: # jscpd: # Disable entirely # Has a hair trigger and isn't useful enough to warrant tuning +# +# sql-lint: +# Disable entirely +# Not suitable as a standalone linter # - name: Lint uses: github/super-linter@v3 env: DEFAULT_BRANCH: master GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - FILTER_REGEX_EXCLUDE: (.*/)?(configure|config\.sub|config\.guess|missing|install-sh|freeradius\.css|toc_focus\.js|asciidoc/sass/.*\.scss) - VALIDATE_ALL_CODEBASE: ${{ github.ref == 'refs/heads/linter' }} + FILTER_REGEX_EXCLUDE: (.*/)?(configure|config\.sub|config\.guess|missing|install-sh|freeradius\.css|toc_focus\.js|asciidoc/sass/.*\.scss|doc/templates/.*\.html|doc/doxygen/extra/.*\.html) + VALIDATE_ALL_CODEBASE: ${{ github.ref == 'refs/heads/linter' || github.ref == 'refs/heads/ci-debug' }} VALIDATE_JSCPD: false + VALIDATE_SQL: false diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 453aeb2a72a3d..994b79ad2cfbd 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -8,7 +8,7 @@ The GitHub issue tracker and mailing lists have a strict code of conduct. > Only technical discussion related to FreeRADIUS, the protocols it implements, and its dependencies > are permitted in GitHub communications and on the mailing list. -> +> > Please note that any off-topic discussion will result in a warning. Continued off topic discussion > will result in the individual being unsubscribed from the mailing lists and/or permanent > banishment from the GitHub repositories. @@ -18,7 +18,7 @@ it does not require participants to be explicitly "inclusive" or "accepting" of requires participants to be *blind* to non-technical subjects, as those subjects are explicitly off topic. The FreeRADIUS community is inclusive by virtue of not being exclusionary. -If you believe that the implicit biases of community members may affect how your contributions are +If you believe that the implicit biases of community members may affect how your contributions are evaluated, you are invited to anonymise your contributions. You will not be penalised for use of pseudonyms or anonymised identities when creating/signing patches, or posting on the mailing list(s). diff --git a/README.md b/README.md index f4096745199ee..a5b5eea6acc6a 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ of people, in sites ranging from 10 to 10 million+ users. Please see the [documentation](doc/) directory, which has full documentation for version 4. -Please also see https://freeradius.org and https://wiki.freeradius.org +Please also see and for additional documentation. ## Installation @@ -75,7 +75,7 @@ The debug output is explained in detail in the Many questions are answered on the Wiki: -https://wiki.freeradius.org + Read the configuration files. Many parts of the server are documented only with extensive comments in the configuration files. @@ -84,7 +84,7 @@ Search the mailing lists. For example, using Google, searching "site:lists.freeradius.org " will return results from the FreeRADIUS mailing lists. -https://freeradius.org/support/ + Instructions for what to post on the mailing list are [on the wiki](http://wiki.freeradius.org/list-help). Please note that we DO @@ -109,7 +109,7 @@ mailing lists first to determine whether it really is a defect or missing feature. Instructions for gathering data for defect reports can be found in -[here](doc/antora/modules/developers/pages/bugs.adoc) or on the +[here](doc/antora/modules/developers/pages/bugs.adoc) or on the [wiki](https://wiki.freeradius.org/project/bug-reports). Under no circumstances should the issue tracker be used for support diff --git a/doc/README.md b/doc/README.md index afd25da7ae763..2ceba6d56f3d9 100644 --- a/doc/README.md +++ b/doc/README.md @@ -15,7 +15,7 @@ If the local system has [Antora installed](https://docs.antora.org/antora/latest/install/install-antora/), then you can run: - $ make docsite + make docsite The output HTML is placed in the following location: @@ -24,14 +24,14 @@ The output HTML is placed in the following location: If Antora is not installed locally, it can usually be installed from `npm` (a command available once you install [Node.js](https://nodejs.org/)): - $ npm i -g @antora/cli@2.0 @antora/site-generator-default@2.0 + npm i -g @antora/cli@2.0 @antora/site-generator-default@2.0 ## Basic HTML If the local system has Asciidoctor and Pandoc installed, then it is possible to create simple HTML output via the following command: - $ make html + make html The build process will create one `html` file for every `adoc` file in this directory. Note that Antora uses a different syntax for diff --git a/doc/rfc/attributes.html b/doc/rfc/attributes.html index 8f15be2c3cff2..12f2e5f86f62c 100644 --- a/doc/rfc/attributes.html +++ b/doc/rfc/attributes.html @@ -1,5 +1,5 @@ - - + + @@ -7,241 +7,242 @@ -

RADIUS Attribute List

- -

A

- - - -

C

- - - -

D

- - - -

E

- - - -

F

- - - -

I

- - - -

K

- - - -

L

- - - -

M

- - - -

N

- - - -

P

- - - -

R

- - - -

S

- - - -

T

- - - -

U

- - - -

V

- - - +

RADIUS Attribute List

+ +

A

+ + + +

C

+ + + +

D

+ + + +

E

+ + + +

F

+ + + +

I

+ + + +

K

+ + + +

L

+ + + +

M

+ + + +

N

+ + + +

P

+ + + +

R

+ + + +

S

+ + + +

T

+ + + +

U

+ + + +

V

+ + + + diff --git a/doc/rfc/per-rfc.pl b/doc/rfc/per-rfc.pl index 150796f2cf76d..4bec00a173614 100755 --- a/doc/rfc/per-rfc.pl +++ b/doc/rfc/per-rfc.pl @@ -34,8 +34,8 @@ # Print out the HTML header # print OUTPUT < - + + @@ -49,17 +49,17 @@ foreach $key (sort keys %{$defs{$def}}) { if (substr($key,0,1) ne $letter) { - print OUTPUT "\n" if ($letter ne "@"); + print OUTPUT "\n" if ($letter ne "@"); $letter = substr($key,0,1); - print OUTPUT "\n

$letter

\n\n"; - print OUTPUT "
    \n"; + print OUTPUT "\n

    $letter

    \n\n"; + print OUTPUT "
      \n"; } - print OUTPUT "$key
      \n"; + print OUTPUT "$key
      \n"; } - print OUTPUT "
    \n"; - print OUTPUT "\n"; + print OUTPUT "
\n"; + print OUTPUT "\n"; close OUTPUT; } diff --git a/doc/rfc/rewrite.pl b/doc/rfc/rewrite.pl index 8ddd2f28c93fd..afd39c741fb89 100755 --- a/doc/rfc/rewrite.pl +++ b/doc/rfc/rewrite.pl @@ -30,15 +30,15 @@ # Print out the HTML header # print OUTPUT < - + + $ref.html -
+
 
 EOF
 
@@ -70,10 +70,10 @@
 	    if ($refs{$_[1]} ne "") {
 		$attribute = $_[1];
 
-		print OUTPUT "
$_
\n";
+		print OUTPUT "
$_
\n";
 
 	    } else {
-		print OUTPUT "
$_
\n";
+		print OUTPUT "
$_
\n";
 		$attribute = "zzzz";
 	    }
 	    next;
@@ -86,12 +86,12 @@
 	    (/^   Type/) ||
 	    (/^   Length/) ||
 	    (/^   Value/)) {
-	    print OUTPUT "$_\n";
+	    print OUTPUT "$_\n";
 	    next;
 	}
 
 	# Make the current attribute name bold
-	s/$attribute/$attribute<\/B>/g;
+	s/$attribute/$attribute<\/b>/g;
 
 	split;
 
@@ -103,9 +103,9 @@
 
 	    if ($refs{$word} ne "") {
 		if ($refs{$word} eq $ref) {
-		    s/$word/$word<\/A>/g;
+		    s/$word/$word<\/a>/g;
 		} else {
-		    s/$word/$word<\/A>/g;
+		    s/$word/$word<\/a>/g;
 		}
 	    }
 	}
@@ -113,8 +113,8 @@
 	print OUTPUT $_, "\n";
     }
 
-    print OUTPUT "
\n";
-    print OUTPUT "\n";
+    print OUTPUT "
\n"; + print OUTPUT "\n"; close OUTPUT; close FILE; } @@ -128,8 +128,8 @@ # Print out the HTML header # print OUTPUT < - + + @@ -137,23 +137,24 @@ -

RADIUS Attribute List

+

RADIUS Attribute List

EOF $letter = "@"; foreach $key (sort keys %refs) { if (substr($key,0,1) ne $letter) { - print OUTPUT "\n" if ($letter ne "@"); + print OUTPUT "\n" if ($letter ne "@"); $letter = substr($key,0,1); - print OUTPUT "\n

$letter

\n\n"; - print OUTPUT "\n"; -print OUTPUT "\n"; +print OUTPUT "\n"; +print OUTPUT "\n"; close OUTPUT; diff --git a/doc/rfc/update.sh b/doc/rfc/update.sh index e61909fe36f5f..208e080d8519b 100755 --- a/doc/rfc/update.sh +++ b/doc/rfc/update.sh @@ -4,14 +4,14 @@ # # cat >index.html < -Index of FreeRADIUS.org's RFC site - + +Index of FreeRADIUS.org's RFC site + -

Index of FreeRADIUS.org's RFC site

+

Index of FreeRADIUS.org's RFC site

-List of RADIUS attributes -

+List of RADIUS attributes +

EOF @@ -19,9 +19,9 @@ EOF # include the message, if any exists # if [ -e message ]; then - echo "

" >> index.html
+  echo "
" >> index.html
   cat .message >> index.html
-  echo "
" >> index.html
+  echo "
" >> index.html fi # @@ -33,15 +33,15 @@ EOF for x in rfc*.html;do y=`echo $x | sed 's/rfc//;s/\.html//'` - echo "RFC $y" >> index.html + echo "RFC $y" >> index.html if [ -e $x.gz ]; then - echo "(gzipped)" >> index.html + echo "(gzipped)" >> index.html fi y="attributes-rfc$y.html"; if [ -f $y ];then - echo "(attributes)" >> index.html + echo "(attributes)" >> index.html fi - echo "
" >> index.html + echo "
" >> index.html done cat >>index.html <$x" >> index.html + echo "$x" >> index.html if [ -e $x.gz ]; then - echo "(gzipped)" >> index.html + echo "(gzipped)" >> index.html fi - echo "
" >> index.html + echo "
" >> index.html fi done -echo "" >> index.html +echo "" >> index.html diff --git a/raddb/mods-config/sql/cui/postgresql/schema.sql b/raddb/mods-config/sql/cui/postgresql/schema.sql index bc4129770e89c..6a2cf3018024e 100644 --- a/raddb/mods-config/sql/cui/postgresql/schema.sql +++ b/raddb/mods-config/sql/cui/postgresql/schema.sql @@ -10,12 +10,11 @@ CREATE TABLE cui ( CONSTRAINT cui_pkey PRIMARY KEY (username, clientipaddress, callingstationid) ); -/* This is an old workaround for upsert which was needed prior PostgreSQL 9.5. - * It's incompatible with the currently used method (ON CONFLICT clause), so if - * you're updating an old database, you have to remove it: - * DROP RULE postauth_query ON cui; - -CREATE RULE postauth_query AS ON INSERT TO cui - WHERE EXISTS(SELECT 1 FROM cui WHERE (username, clientipaddress, callingstationid)=(NEW.username, NEW.clientipaddress, NEW.callingstationid)) - DO INSTEAD UPDATE cui SET lastaccounting ='-infinity'::timestamp with time zone, cui=NEW.cui WHERE (username, clientipaddress, callingstationid)=(NEW.username, NEW.clientipaddress, NEW.callingstationid); -*/ +-- This is an old workaround for upsert which was needed prior PostgreSQL 9.5. +-- It's incompatible with the currently used method (ON CONFLICT clause), so if +-- you're updating an old database, you have to remove it: +-- DROP RULE postauth_query ON cui; +-- +-- CREATE RULE postauth_query AS ON INSERT TO cui +-- WHERE EXISTS(SELECT 1 FROM cui WHERE (username, clientipaddress, callingstationid)=(NEW.username, NEW.clientipaddress, NEW.callingstationid)) +-- DO INSTEAD UPDATE cui SET lastaccounting ='-infinity'::timestamp with time zone, cui=NEW.cui WHERE (username, clientipaddress, callingstationid)=(NEW.username, NEW.clientipaddress, NEW.callingstationid); diff --git a/raddb/mods-config/sql/main/mssql/process-radacct.sql b/raddb/mods-config/sql/main/mssql/process-radacct.sql index a3a64451d5697..a20d20010b3df 100644 --- a/raddb/mods-config/sql/main/mssql/process-radacct.sql +++ b/raddb/mods-config/sql/main/mssql/process-radacct.sql @@ -1,8 +1,8 @@ -# -*- text -*- -# -# main/mssql/process-radacct.sql -- Schema extensions for processing radacct entries -# -# $Id$ +-- -*- text -*- +-- +-- main/mssql/process-radacct.sql -- Schema extensions for processing radacct entries +-- +-- $Id$ -- --------------------------------- -- - Per-user data usage over time - diff --git a/raddb/mods-config/sql/main/mssql/schema.sql b/raddb/mods-config/sql/main/mssql/schema.sql index 7930c9e66d1b4..c2ef5592c96c0 100644 --- a/raddb/mods-config/sql/main/mssql/schema.sql +++ b/raddb/mods-config/sql/main/mssql/schema.sql @@ -118,7 +118,7 @@ GO CREATE INDEX [NASIPAddress] ON [radacct]([NASIPAddress]) ON [PRIMARY] GO -/* For use by onoff */ +-- For use by onoff CREATE INDEX [RadacctBulkClose] ON [radacct]([NASIPAddress],[AcctStartTime]) WHERE [AcctStopTime] IS NULL ON [PRIMARY] GO diff --git a/raddb/mods-config/sql/main/mysql/process-radacct.sql b/raddb/mods-config/sql/main/mysql/process-radacct.sql index d0e77b93222af..c73b82b702703 100644 --- a/raddb/mods-config/sql/main/mysql/process-radacct.sql +++ b/raddb/mods-config/sql/main/mysql/process-radacct.sql @@ -1,8 +1,8 @@ -# -*- text -*- -# -# main/mysql/process-radacct.sql -- Schema extensions for processing radacct entries -# -# $Id$ +-- -*- text -*- +-- +-- main/mysql/process-radacct.sql -- Schema extensions for processing radacct entries +-- +-- $Id$ -- --------------------------------- -- - Per-user data usage over time - diff --git a/raddb/mods-config/sql/main/mysql/setup.sql b/raddb/mods-config/sql/main/mysql/setup.sql index e42c0d69204e4..6198ed795d0b5 100755 --- a/raddb/mods-config/sql/main/mysql/setup.sql +++ b/raddb/mods-config/sql/main/mysql/setup.sql @@ -1,23 +1,24 @@ -# -*- text -*- -## -## admin.sql -- MySQL commands for creating the RADIUS user. -## -## WARNING: You should change 'localhost' and 'radpass' -## to something else. Also update raddb/mods-available/sql -## with the new RADIUS password. -## -## $Id$ +-- -*- text -*- +-- +-- admin.sql -- MySQL commands for creating the RADIUS user. +-- +-- WARNING: You should change 'localhost' and 'radpass' +-- to something else. Also update raddb/mods-available/sql +-- with the new RADIUS password. +-- +-- $Id$ +-- -# -# Create default administrator for RADIUS -# +-- +-- Create default administrator for RADIUS +-- CREATE USER 'radius'@'localhost' IDENTIFIED BY 'radpass'; -# The server can read any table in SQL +-- The server can read any table in SQL GRANT SELECT ON radius.* TO 'radius'@'localhost'; -# The server can write to the accounting and post-auth logging table. -# -# i.e. +-- The server can write to the accounting and post-auth logging table. +-- +-- i.e. GRANT ALL on radius.radacct TO 'radius'@'localhost'; GRANT ALL on radius.radpostauth TO 'radius'@'localhost'; diff --git a/raddb/mods-config/sql/main/ndb/schema.sql b/raddb/mods-config/sql/main/ndb/schema.sql index d8113ad249399..03699a6918fe8 100644 --- a/raddb/mods-config/sql/main/ndb/schema.sql +++ b/raddb/mods-config/sql/main/ndb/schema.sql @@ -1,21 +1,21 @@ -########################################################################### -# $Id$ # -# # -# schema.sql rlm_sql - FreeRADIUS SQL Module # -# # -# Database schema for MySQL Cluster. # -# The only difference between this file and ../mysql/schema.sql # -# is the definition of the storage engine. # -# # -# To load: # -# mysql -uroot -prootpass radius < schema.sql # -# # -# Mike Machado # -########################################################################### -# -# Table structure for table 'radacct' -# +-- +-- $Id$ +-- +-- schema.sql rlm_sql - FreeRADIUS SQL Module +-- +-- Database schema for MySQL Cluster. +-- The only difference between this file and ../mysql/schema.sql +-- is the definition of the storage engine. +-- +-- To load: +-- mysql -uroot -prootpass radius < schema.sql +-- +-- Mike Machado +-- +-- +-- Table structure for table 'radacct' +-- CREATE TABLE radacct ( radacctid bigint(21) NOT NULL auto_increment, acctsessionid varchar(64) NOT NULL default '', @@ -63,10 +63,10 @@ CREATE TABLE radacct ( INDEX bulk_close (acctstoptime, nasipaddress, acctstarttime) ) ENGINE=ndbcluster; -# -# Table structure for table 'radcheck' -# +-- +-- Table structure for table 'radcheck' +-- CREATE TABLE radcheck ( id int(11) unsigned NOT NULL auto_increment, username varchar(64) NOT NULL default '', @@ -77,10 +77,10 @@ CREATE TABLE radcheck ( KEY username (username(32)) ) ENGINE=ndbcluster; -# -# Table structure for table 'radgroupcheck' -# +-- +-- Table structure for table 'radgroupcheck' +-- CREATE TABLE radgroupcheck ( id int(11) unsigned NOT NULL auto_increment, groupname varchar(64) NOT NULL default '', @@ -91,10 +91,10 @@ CREATE TABLE radgroupcheck ( KEY groupname (groupname(32)) ) ENGINE=ndbcluster; -# -# Table structure for table 'radgroupreply' -# +-- +-- Table structure for table 'radgroupreply' +-- CREATE TABLE radgroupreply ( id int(11) unsigned NOT NULL auto_increment, groupname varchar(64) NOT NULL default '', @@ -105,10 +105,10 @@ CREATE TABLE radgroupreply ( KEY groupname (groupname(32)) ) ENGINE=ndbcluster; -# -# Table structure for table 'radreply' -# +-- +-- Table structure for table 'radreply' +-- CREATE TABLE radreply ( id int(11) unsigned NOT NULL auto_increment, username varchar(64) NOT NULL default '', @@ -120,10 +120,9 @@ CREATE TABLE radreply ( ) ENGINE=ndbcluster; -# -# Table structure for table 'radusergroup' -# - +-- +-- Table structure for table 'radusergroup' +-- CREATE TABLE radusergroup ( username varchar(64) NOT NULL default '', groupname varchar(64) NOT NULL default '', @@ -131,10 +130,10 @@ CREATE TABLE radusergroup ( KEY username (username(32)) ) ENGINE=ndbcluster; -# -# Table structure for table 'radpostauth' -# +-- +-- Table structure for table 'radpostauth' +-- CREATE TABLE radpostauth ( id int(11) NOT NULL auto_increment, username varchar(64) NOT NULL default '', diff --git a/raddb/mods-config/sql/main/oracle/process-radacct.sql b/raddb/mods-config/sql/main/oracle/process-radacct.sql index 858d9464fa81f..0b9eafc6b8cf9 100644 --- a/raddb/mods-config/sql/main/oracle/process-radacct.sql +++ b/raddb/mods-config/sql/main/oracle/process-radacct.sql @@ -1,8 +1,8 @@ -# -*- text -*- -# -# main/oracle/process-radacct.sql -- Schema extensions for processing radacct entries -# -# $Id$ +-- -*- text -*- +-- +-- main/oracle/process-radacct.sql -- Schema extensions for processing radacct entries +-- +-- $Id$ -- --------------------------------- -- - Per-user data usage over time - diff --git a/raddb/mods-config/sql/main/oracle/schema.sql b/raddb/mods-config/sql/main/oracle/schema.sql index f93ed50e4eee4..1f6aa493a7253 100644 --- a/raddb/mods-config/sql/main/oracle/schema.sql +++ b/raddb/mods-config/sql/main/oracle/schema.sql @@ -1,16 +1,16 @@ -/* - * $Id$ - * - * Oracle schema for FreeRADIUS - * - * - * NOTE: Which columns are NULLable? - * Oracle has a non-standard "feature" in that it treats an empty string a NULL! - */ - -/* - * Table structure for table 'radacct' - */ +-- +-- $Id$ +-- +-- Oracle schema for FreeRADIUS +-- +-- +-- NOTE: Which columns are NULLable? +-- Oracle has a non-standard "feature" in that it treats an empty string a NULL! +-- + +-- +-- Table structure for table 'radacct' +-- CREATE TABLE radacct ( radacctid INT PRIMARY KEY, acctsessionid VARCHAR(96) NOT NULL, @@ -53,7 +53,9 @@ CREATE INDEX radacct_idx2 CREATE SEQUENCE radacct_seq START WITH 1 INCREMENT BY 1; -/* Trigger to emulate a serial # on the primary key */ +-- +-- Trigger to emulate a serial # on the primary key +-- CREATE OR REPLACE TRIGGER radacct_serialnumber BEFORE INSERT OR UPDATE OF radacctid ON radacct FOR EACH ROW @@ -64,9 +66,9 @@ CREATE OR REPLACE TRIGGER radacct_serialnumber END; / -/* - * Table structure for table 'radcheck' - */ +-- +-- Table structure for table 'radcheck' +-- CREATE TABLE radcheck ( id INT PRIMARY KEY, username VARCHAR(30) NOT NULL, @@ -76,7 +78,7 @@ CREATE TABLE radcheck ( ); CREATE SEQUENCE radcheck_seq START WITH 1 INCREMENT BY 1; -/* Trigger to emulate a serial # on the primary key */ +-- Trigger to emulate a serial # on the primary key CREATE OR REPLACE TRIGGER radcheck_serialnumber BEFORE INSERT OR UPDATE OF id ON radcheck FOR EACH ROW @@ -87,9 +89,9 @@ CREATE OR REPLACE TRIGGER radcheck_serialnumber END; / -/* - * Table structure for table 'radgroupcheck' - */ +-- +-- Table structure for table 'radgroupcheck' +-- CREATE TABLE radgroupcheck ( id INT PRIMARY KEY, groupname VARCHAR(20) UNIQUE NOT NULL, @@ -99,9 +101,9 @@ CREATE TABLE radgroupcheck ( ); CREATE SEQUENCE radgroupcheck_seq START WITH 1 INCREMENT BY 1; -/* - * Table structure for table 'radgroupreply' - */ +-- +-- Table structure for table 'radgroupreply' +-- CREATE TABLE radgroupreply ( id INT PRIMARY KEY, GroupName VARCHAR(20) UNIQUE NOT NULL, @@ -111,9 +113,9 @@ CREATE TABLE radgroupreply ( ); CREATE SEQUENCE radgroupreply_seq START WITH 1 INCREMENT BY 1; -/* - * Table structure for table 'radreply' - */ +-- +-- Table structure for table 'radreply' +-- CREATE TABLE radreply ( id INT PRIMARY KEY, UserName VARCHAR(30) NOT NULL, @@ -124,7 +126,9 @@ CREATE TABLE radreply ( CREATE INDEX radreply_idx1 ON radreply(UserName); CREATE SEQUENCE radreply_seq START WITH 1 INCREMENT BY 1; -/* Trigger to emulate a serial # on the primary key */ +-- +-- Trigger to emulate a serial # on the primary key +-- CREATE OR REPLACE TRIGGER radreply_serialnumber BEFORE INSERT OR UPDATE OF id ON radreply FOR EACH ROW @@ -135,9 +139,9 @@ CREATE OR REPLACE TRIGGER radreply_serialnumber END; / -/* - * Table structure for table 'radusergroup' - */ +-- +-- Table structure for table 'radusergroup' +-- CREATE TABLE radusergroup ( id INT PRIMARY KEY, UserName VARCHAR(30) UNIQUE NOT NULL, @@ -145,7 +149,9 @@ CREATE TABLE radusergroup ( ); CREATE SEQUENCE radusergroup_seq START WITH 1 INCREMENT BY 1; -/* Trigger to emulate a serial # on the primary key */ +-- +-- Trigger to emulate a serial # on the primary key +-- CREATE OR REPLACE TRIGGER radusergroup_serialnumber BEFORE INSERT OR UPDATE OF id ON radusergroup FOR EACH ROW @@ -157,9 +163,9 @@ CREATE OR REPLACE TRIGGER radusergroup_serialnumber / -/* - * Table structure for table 'realmgroup' - */ +-- +-- Table structure for table 'realmgroup' +-- CREATE TABLE realmgroup ( id INT PRIMARY KEY, RealmName VARCHAR(30) UNIQUE NOT NULL, @@ -219,9 +225,9 @@ CREATE OR REPLACE TRIGGER radpostauth_TRIG / -/* - * Table structure for table 'nas' - */ +-- +-- Table structure for table 'nas' +-- CREATE TABLE nas ( id INT PRIMARY KEY, nasname VARCHAR(128), diff --git a/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql b/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql index ec9731648e83c..ba28920c7d042 100644 --- a/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql +++ b/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql @@ -1,25 +1,25 @@ -/* - * $Id$ - * - * --- Peter Nixon [ codemonkey@peternixon.net ] - * - * This is a custom SQL schema for doing H323 and SIP VoIP accounting - * with FreeRadius and Cisco equipment. It is currently known to work - * with 3640, 5300 and 5350 series as well as CSPS (Cisco SIP Proxy - * Server). It will scale A LOT better than the default radius schema - * which is designed for simple dialup installations of FreeRadius. - * - * For this schema to work properly you MUST use - * raddb/sql/postgresql/voip-postpaid.conf rather than - * raddb/sql/postgresql/dialup.conf - * - * If you wish to do RADIUS Authentication using the same database, - * you MUST use use raddb/sql/postgresql/schema.sql as well as this schema. - */ - -/* - * Table structure for 'Start' tables - */ +-- +-- $Id$ +-- +-- --- Peter Nixon [ codemonkey@peternixon.net ] +-- +-- This is a custom SQL schema for doing H323 and SIP VoIP accounting +-- with FreeRadius and Cisco equipment. It is currently known to work +-- with 3640, 5300 and 5350 series as well as CSPS (Cisco SIP Proxy +-- Server). It will scale A LOT better than the default radius schema +-- which is designed for simple dialup installations of FreeRadius. +-- +-- For this schema to work properly you MUST use +-- raddb/sql/postgresql/voip-postpaid.conf rather than +-- raddb/sql/postgresql/dialup.conf +-- +-- If you wish to do RADIUS Authentication using the same database, +-- you MUST use use raddb/sql/postgresql/schema.sql as well as this schema. +-- + +-- +-- Table structure for 'Start' tables +-- CREATE TABLE StartVoIP ( RadAcctId BIGSERIAL PRIMARY KEY, @@ -60,9 +60,9 @@ create index starttelephonycombo on starttelephony (AcctTime, nasipaddress); -/* - * Table structure for 'Stop' tables - */ +-- +-- Table structure for 'Stop' tables +-- CREATE TABLE StopVoIP ( RadAcctId BIGSERIAL PRIMARY KEY, AcctTime TIMESTAMP with time zone NOT NULL, @@ -114,19 +114,19 @@ CREATE TABLE StopTelephony ( CallID VARCHAR(80) NOT NULL, processed BOOLEAN DEFAULT false ); + -- You can have more than one record that is identical except for CiscoNASPort if you have a dial peer hungroup -- configured for multiple PRIs. create UNIQUE index stoptelephonycombo on stoptelephony (AcctTime, nasipaddress, CallID, CiscoNASPort); -/* - * Table structure for 'gateways' - * - * This table should list the IP addresses, names and locations of all your gateways - * This can be used to make more useful reports. - * - * Note: This table should be removed in favour of using the "nas" table. - */ - +-- +-- Table structure for 'gateways' +-- +-- This table should list the IP addresses, names and locations of all your gateways +-- This can be used to make more useful reports. +-- +-- Note: This table should be removed in favour of using the "nas" table. +-- CREATE TABLE gateways ( gw_ip INET NOT NULL, gw_name VARCHAR(32) NOT NULL, @@ -134,26 +134,24 @@ CREATE TABLE gateways ( ); -/* - * Table structure for 'customers' - * - * This table should list your Customers names and company - * This can be used to make more useful reports. - */ - +-- +-- Table structure for 'customers' +-- +-- This table should list your Customers names and company +-- This can be used to make more useful reports. +-- CREATE TABLE customers ( cust_id SERIAL NOT NULL, company VARCHAR(32), customer VARCHAR(32) ); -/* - * Table structure for 'cust_gw' - * - * This table should list the IP addresses and Customer IDs of all your Customers gateways - * This can be used to make more useful reports. - */ - +-- +-- Table structure for 'cust_gw' +-- +-- This table should list the IP addresses and Customer IDs of all your Customers gateways +-- This can be used to make more useful reports. +-- CREATE TABLE cust_gw ( cust_gw INET PRIMARY KEY, cust_id INTEGER NOT NULL, @@ -169,25 +167,22 @@ CREATE VIEW customerip AS CREATE FUNCTION "plpgsql_call_handler" () RETURNS LANGUAGE_HANDLER AS '$libdir/plpgsql' LANGUAGE C; CREATE TRUSTED LANGUAGE "plpgsql" HANDLER "plpgsql_call_handler"; -/* - * Function 'strip_dot' - * removes "." from the start of cisco timestamps - * - * From the cisco website: - * "A timestamp that is preceded by an asterisk (*) or a dot (.) may not be accurate. - * An asterisk (*) means that after a gateway reboot, the gateway clock was not manually set - * and the gateway has not synchronized with an NTP server yet. A dot (.) means the gateway - * NTP has lost synchronization with an NTP server." - * - * We therefore do not bother to strip asterisks (*) from timestamps, as you NEED ntp setup - * unless you don't care about billing at all! - * - * * Example useage: - * insert into mytable values (strip_dot('.16:46:02.356 EET Wed Dec 11 2002')); - * - */ - - +-- +-- Function 'strip_dot' +-- removes "." from the start of cisco timestamps +-- +-- From the cisco website: +-- "A timestamp that is preceded by an asterisk (*) or a dot (.) may not be accurate. +-- An asterisk (*) means that after a gateway reboot, the gateway clock was not manually set +-- and the gateway has not synchronized with an NTP server yet. A dot (.) means the gateway +-- NTP has lost synchronization with an NTP server." +-- +-- We therefore do not bother to strip asterisks (*) from timestamps, as you NEED ntp setup +-- unless you don't care about billing at all! +-- +-- * Example useage: +-- insert into mytable values (strip_dot('.16:46:02.356 EET Wed Dec 11 2002')); +-- CREATE OR REPLACE FUNCTION strip_dot (VARCHAR) RETURNS TIMESTAMPTZ AS ' DECLARE original_timestamp ALIAS FOR $1; @@ -220,26 +215,21 @@ CREATE OR REPLACE FUNCTION pick_id (VARCHAR, VARCHAR) RETURNS VARCHAR AS ' ' LANGUAGE 'plpgsql'; - -/* - * Table structure for 'isdn_error_codes' table - * - * Taken from cisco.com this data can be JOINED against h323DisconnectCause to - * give human readable error reports. - * - */ - - +-- +-- Table structure for 'isdn_error_codes' table +-- +-- Taken from cisco.com this data can be JOINED against h323DisconnectCause to +-- give human readable error reports. +-- CREATE TABLE isdn_error_codes ( error_code VARCHAR(2) PRIMARY KEY, desc_short VARCHAR(90), desc_long TEXT ); -/* - * Data for 'isdn_error_codes' table - */ - +-- +-- Data for 'isdn_error_codes' table +-- INSERT INTO isdn_error_codes VALUES ('1', 'Unallocated (unassigned) number', 'The ISDN number was sent to the switch in the correct format; however, the number is not assigned to any destination equipment.'); INSERT INTO isdn_error_codes VALUES ('10', 'Normal call clearing', 'Normal call clearing has occurred.'); INSERT INTO isdn_error_codes VALUES ('11', 'User busy', 'The called system acknowledges the connection request but is unable to accept the call because all B channels are in use.'); @@ -292,4 +282,3 @@ INSERT INTO isdn_error_codes VALUES ('66', 'Recovery on timer expires', 'An erro INSERT INTO isdn_error_codes VALUES ('6F', 'Protocol error, unspecified', 'An unspecified D-channel error when no other standard cause applies.'); INSERT INTO isdn_error_codes VALUES ('7', 'Call awarded and being delivered in an established channel', 'The user is assigned an incoming call that is being connected to an already-established call channel.'); INSERT INTO isdn_error_codes VALUES ('7F', 'Internetworking, unspecified', 'An event occurred, but the network does not provide causes for the action that it takes. The precise problem is unknown.'); - diff --git a/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql b/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql index 37f42a0b13515..7919f635157e6 100644 --- a/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql +++ b/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql @@ -1,16 +1,14 @@ -/* - * $Id$ - * - * OPTIONAL Postgresql trigger for FreeRADIUS - * - * This trigger updates fills in the groupname field (which doesnt come in Accounting packets) - * by querying the radusergroup table. - * This makes it easier to do group summary reports, however note that it does add some extra - * database load to 50% of your SQL accounting queries. If you dont care about group summary - * reports then you dont need to install this. - * - */ - +-- +-- $Id$ +-- +-- OPTIONAL Postgresql trigger for FreeRADIUS +-- +-- This trigger updates fills in the groupname field (which doesnt come in Accounting packets) +-- by querying the radusergroup table. +-- This makes it easier to do group summary reports, however note that it does add some extra +-- database load to 50% of your SQL accounting queries. If you dont care about group summary +-- reports then you dont need to install this. +-- CREATE OR REPLACE FUNCTION upd_radgroups() RETURNS trigger AS' @@ -33,5 +31,3 @@ DROP TRIGGER upd_radgroups ON radacct; CREATE TRIGGER upd_radgroups AFTER INSERT ON radacct FOR EACH ROW EXECUTE PROCEDURE upd_radgroups(); - - diff --git a/raddb/mods-config/sql/main/postgresql/process-radacct.sql b/raddb/mods-config/sql/main/postgresql/process-radacct.sql index 19c79578329f5..238b54ae784c5 100644 --- a/raddb/mods-config/sql/main/postgresql/process-radacct.sql +++ b/raddb/mods-config/sql/main/postgresql/process-radacct.sql @@ -1,8 +1,8 @@ -# -*- text -*- -# -# main/postgresql/process-radacct.sql -- Schema extensions for processing radacct entries -# -# $Id$ +-- -*- text -*- +-- +-- main/postgresql/process-radacct.sql -- Schema extensions for processing radacct entries +-- +-- $Id$ -- --------------------------------- -- - Per-user data usage over time - diff --git a/raddb/mods-config/sql/main/postgresql/schema.sql b/raddb/mods-config/sql/main/postgresql/schema.sql index 7abd524d38e80..d518315fae082 100644 --- a/raddb/mods-config/sql/main/postgresql/schema.sql +++ b/raddb/mods-config/sql/main/postgresql/schema.sql @@ -1,18 +1,18 @@ -/* - * $Id$ - * - * Postgresql schema for FreeRADIUS - * - * All field lengths need checking as some are still suboptimal. -pnixon 2003-07-13 - * - */ +-- +-- $Id$ +-- +-- Postgresql schema for FreeRADIUS +-- +-- All field lengths need checking as some are still suboptimal. -pnixon 2003-07-13 +-- +-- -/* - * Table structure for table 'radacct' - * - * Note: Column type bigserial does not exist prior to Postgres 7.2 - * If you run an older version you need to change this to serial - */ +-- +-- Table structure for table 'radacct' +-- +-- Note: Column type bigserial does not exist prior to Postgres 7.2 +-- If you run an older version you need to change this to serial +-- CREATE TABLE radacct ( RadAcctId bigserial PRIMARY KEY, AcctSessionId text NOT NULL, @@ -70,9 +70,9 @@ CREATE INDEX radacct_start_user_idx ON radacct (AcctStartTime, UserName); -- and, optionally -- CREATE INDEX radacct_stop_user_idx ON radacct (acctStopTime, UserName); -/* - * Table structure for table 'radcheck' - */ +-- +-- Table structure for table 'radcheck' +-- CREATE TABLE radcheck ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -81,14 +81,14 @@ CREATE TABLE radcheck ( Value text NOT NULL DEFAULT '' ); create index radcheck_UserName on radcheck (UserName,Attribute); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radcheck_UserName_lower on radcheck (lower(UserName),Attribute); -/* - * Table structure for table 'radgroupcheck' - */ +-- +-- Table structure for table 'radgroupcheck' +-- CREATE TABLE radgroupcheck ( id serial PRIMARY KEY, GroupName text NOT NULL DEFAULT '', @@ -98,9 +98,9 @@ CREATE TABLE radgroupcheck ( ); create index radgroupcheck_GroupName on radgroupcheck (GroupName,Attribute); -/* - * Table structure for table 'radgroupreply' - */ +-- +-- Table structure for table 'radgroupreply' +-- CREATE TABLE radgroupreply ( id serial PRIMARY KEY, GroupName text NOT NULL DEFAULT '', @@ -110,9 +110,9 @@ CREATE TABLE radgroupreply ( ); create index radgroupreply_GroupName on radgroupreply (GroupName,Attribute); -/* - * Table structure for table 'radreply' - */ +-- +-- Table structure for table 'radreply' +-- CREATE TABLE radreply ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -121,14 +121,14 @@ CREATE TABLE radreply ( Value text NOT NULL DEFAULT '' ); create index radreply_UserName on radreply (UserName,Attribute); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radreply_UserName_lower on radreply (lower(UserName),Attribute); -/* - * Table structure for table 'radusergroup' - */ +-- +-- Table structure for table 'radusergroup' +-- CREATE TABLE radusergroup ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -136,15 +136,14 @@ CREATE TABLE radusergroup ( priority integer NOT NULL DEFAULT 0 ); create index radusergroup_UserName on radusergroup (UserName); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radusergroup_UserName_lower on radusergroup (lower(UserName)); -- -- Table structure for table 'radpostauth' -- - CREATE TABLE radpostauth ( id bigserial PRIMARY KEY, username text NOT NULL, @@ -155,9 +154,9 @@ CREATE TABLE radpostauth ( authdate timestamp with time zone NOT NULL default now() ); -/* - * Table structure for table 'nas' - */ +-- +-- Table structure for table 'nas' +-- CREATE TABLE nas ( id serial PRIMARY KEY, nasname text NOT NULL, diff --git a/raddb/mods-config/sql/main/postgresql/setup.sql b/raddb/mods-config/sql/main/postgresql/setup.sql index cfa38b054c4d0..1c55dca4ca694 100644 --- a/raddb/mods-config/sql/main/postgresql/setup.sql +++ b/raddb/mods-config/sql/main/postgresql/setup.sql @@ -1,24 +1,24 @@ -/* - * admin.sql -- PostgreSQL commands for creating the RADIUS user. - * - * WARNING: You should change 'localhost' and 'radpass' - * to something else. Also update raddb/mods-available/sql - * with the new RADIUS password. - * - * WARNING: This example file is untested. Use at your own risk. - * Please send any bug fixes to the mailing list. - * - * $Id$ - */ +-- +-- admin.sql -- PostgreSQL commands for creating the RADIUS user. +-- +-- WARNING: You should change 'localhost' and 'radpass' +-- to something else. Also update raddb/mods-available/sql +-- with the new RADIUS password. +-- +-- WARNING: This example file is untested. Use at your own risk. +-- Please send any bug fixes to the mailing list. +-- +-- $Id$ +-- -/* - * Create default administrator for RADIUS - */ +-- +-- Create default administrator for RADIUS +-- CREATE USER radius WITH PASSWORD 'radpass'; -/* - * The server can read any table in SQL - */ +-- +-- The server can read any table in SQL +-- GRANT SELECT ON radcheck TO radius; GRANT SELECT ON radreply TO radius; GRANT SELECT ON radgroupcheck TO radius; @@ -26,15 +26,15 @@ GRANT SELECT ON radgroupreply TO radius; GRANT SELECT ON radusergroup TO radius; GRANT SELECT ON nas TO radius; -/* - * The server can write to the accounting and post-auth logging table. - */ +-- +-- The server can write to the accounting and post-auth logging table. +-- GRANT SELECT, INSERT, UPDATE on radacct TO radius; GRANT SELECT, INSERT, UPDATE on radpostauth TO radius; -/* - * Grant permissions on sequences - */ +-- +-- Grant permissions on sequences +-- GRANT USAGE, SELECT ON SEQUENCE nas_id_seq TO radius; GRANT USAGE, SELECT ON SEQUENCE radacct_radacctid_seq TO radius; GRANT USAGE, SELECT ON SEQUENCE radcheck_id_seq TO radius; diff --git a/scripts/docker/README.md b/scripts/docker/README.md index 435e8e034175f..ad8c2fe34c771 100644 --- a/scripts/docker/README.md +++ b/scripts/docker/README.md @@ -12,14 +12,14 @@ team. Each directory has several dockerfiles: - - Dockerfile.deps will build an image which has full dependencies - installed, ready for building FreeRADIUS. +- Dockerfile.deps will build an image which has full dependencies + installed, ready for building FreeRADIUS. - - Dockerfile is based on Dockerfile.deps and will build the - FreeRADIUS source and run the server. +- Dockerfile is based on Dockerfile.deps and will build the + FreeRADIUS source and run the server. - - Dockerfile.jenkins is based on Dockerfile.deps and will - add components required for use in a jenkins build environment. +- Dockerfile.jenkins is based on Dockerfile.deps and will + add components required for use in a jenkins build environment. ## Getting started @@ -67,13 +67,13 @@ Building all these docker images can be done with the supplied script, for example: ```bash -$ ./dockerbuild build-centos7 +./dockerbuild build-centos7 ``` to build the server, and ```bash -$ ./dockerbuild -j build-centos7 +./dockerbuild -j build-centos7 ``` to build the jenkins image. @@ -144,7 +144,7 @@ for more details on docker networking. Here are the steps you would follow to debug FreeRADIUS on centos7. -``` +```bash cd scripts/docker/build-centos7 docker build -f Dockerfile.deps -t freeradius/centos7-deps . docker run --privileged -it freeradius/centos7-deps diff --git a/scripts/jenkins/README.md b/scripts/jenkins/README.md index 13291a97016d8..c3dc470379c80 100644 --- a/scripts/jenkins/README.md +++ b/scripts/jenkins/README.md @@ -1,6 +1,6 @@ -### Jenkins scripted build pipeline for FreeRADIUS +# Jenkins scripted build pipeline for FreeRADIUS -#### Summary +## Summary The Jenkinsfile in this directory is used to build packages for different Linux distributions. They are mostly here for the @@ -12,13 +12,13 @@ and uses [Docker](https://www.docker.com/) and the files in `scripts/docker/` directory to build packages for multiple distributions on one server. -#### Usage +## Usage To build these packages, you need the following software: * [Docker](https://www.docker.com/) * [Jenkins](https://jenkins.io/) with the following plugins: - * [Pipeline](https://plugins.jenkins.io/workflow-aggregator) - * [Docker Pipeline](https://plugins.jenkins.io/docker-workflow) + * [Pipeline](https://plugins.jenkins.io/workflow-aggregator) + * [Docker Pipeline](https://plugins.jenkins.io/docker-workflow) Once the software is installed, you should create a new Pipeline Item in Jenkins and [configure the job to run the @@ -29,19 +29,19 @@ The Jenkinsfile currently builds packages for the following platforms: * Ubuntu 16.04 (Xenial Xerus) * Ubuntu 18.04 (Bionic Beaver) * Debian 9 (Stretch) -* CentOS 7 +* CentOS 7 Once complete, the packages are available as artifacts and accessible from the job page by clicking the "Build Artifacts" link or by accessing the url: -* https://\/job/\/\/artifact +* `https://\/job/\/\/artifact` The packages can also be access from the last successful build on the project page, by clicking the "Last Successful Artifacts" link, or by going to the URL: -* https://\/job/\/lastSuccessfulBuild/artifact/ +* `https://\/job/\/lastSuccessfulBuild/artifact/` That page contains directories, which in turn contain packages for each of the Linux distributions. diff --git a/scripts/pcap2decode-proto.py b/scripts/pcap2decode-proto.py index bcf93dac312ae..fd1afca0234b9 100755 --- a/scripts/pcap2decode-proto.py +++ b/scripts/pcap2decode-proto.py @@ -11,8 +11,10 @@ # EXAMPLE: # # 1. wget https://github.com/the-tcpdump-group/tcpdump/raw/master/tests/dhcpv6-sip-server-d.pcap -# 2. ./scripts/pcap2decode-proto.py -p dhcpv6 -f ./dhcpv6-sip-server-d.pcap > src/tests/unit/protocols/dhcpv6/packet_sip-server-d.txt -# 3. build/make/jlibtool --quiet --mode=execute build/bin/local/unit_test_attribute -xx -D share/dictionary src/tests/unit/protocols/dhcpv6/packet_sip-server-d.txt +# 2. ./scripts/pcap2decode-proto.py -p dhcpv6 -f ./dhcpv6-sip-server-d.pcap \ +# > src/tests/unit/protocols/dhcpv6/packet_sip-server-d.txt +# 3. build/make/jlibtool --quiet --mode=execute build/bin/local/unit_test_attribute -xx -D share/dictionary \ +# src/tests/unit/protocols/dhcpv6/packet_sip-server-d.txt # # TODO: # @@ -21,144 +23,154 @@ # from __future__ import print_function + import argparse -import tempfile -import traceback -import sys import os import re +import sys +import tempfile +import traceback + +unit_attr = ( + "build/make/jlibtool --quiet --mode=execute " + "build/bin/local/unit_test_attribute -xx " + "-D share/dictionary " + "-d src/tests/unit" +) -unit_attr = "build/make/jlibtool --quiet --mode=execute " \ - "build/bin/local/unit_test_attribute -xx " \ - "-D share/dictionary " \ - "-d src/tests/unit" # print to stderr def eprint(*args, **kwargs): - print(*args, file=sys.stderr, **kwargs) + print(*args, file=sys.stderr, **kwargs) + try: - from scapy.all import * + from scapy.all import rdpcap except Exception as e: - eprint("** ERROR: We need the 'scapy' package. e.g: pip3 install scapy") - sys.exit(-1) + eprint("** ERROR: We need the 'scapy' package. e.g: pip3 install scapy") + eprint(e) + sys.exit(-1) + # It does like: unit_test_attribute ... /path/file.txt | sed '/got.*:/!d; s/.\{2\}/& /g; s/ $//g' def unit_lookup_payload2attrs(proto, payload): - # Generating lookup file - fp = tempfile.NamedTemporaryFile(mode = "w+", delete = False) - fp.write("# Using {}\n".format(fp.name)) - fp.write("proto {}\n".format(proto)) - fp.write("proto-dictionary {}\n".format(proto)) - fp.write("\n") - fp.write("decode-proto {}\n".format(payload)) - fp.write("match Packet-Type = 1\n") - fp.flush() - fp.close() - - # call the unit_test_attribute - cmd_unit = "{} {}".format(unit_attr, fp.name) - cmd_out = os.popen(cmd_unit).read() - os.remove(fp.name) - - match = re.search(r"(.\sgot\s+:)\s(.*)", cmd_out) - if not match: - eprint("# ERROR: We didn't find the 'got' token in: {}".format(cmd_out)) - return None - - return match.group(2) + # Generating lookup file + fp = tempfile.NamedTemporaryFile(mode="w+", delete=False) + fp.write("# Using {}\n".format(fp.name)) + fp.write("proto {}\n".format(proto)) + fp.write("proto-dictionary {}\n".format(proto)) + fp.write("\n") + fp.write("decode-proto {}\n".format(payload)) + fp.write("match Packet-Type = 1\n") + fp.flush() + fp.close() + + # call the unit_test_attribute + cmd_unit = "{} {}".format(unit_attr, fp.name) + cmd_out = os.popen(cmd_unit).read() + os.remove(fp.name) + + match = re.search(r"(.\sgot\s+:)\s(.*)", cmd_out) + if not match: + eprint("# ERROR: We didn't find the 'got' token in: {}".format(cmd_out)) + return None + + return match.group(2) + def load_args(): - parser = argparse.ArgumentParser( - description = "Convert .pcap file to FreeRADIUS unit_test_attribute(encode/decode) format. {almost, try}", - ) - parser.add_argument( - "-f", - dest = "pcap_file", - help = "pcap file to extract the dhcpv6 payload", - required = True - ) - parser.add_argument( - "-p", - dest = "decode_proto", - help = "Protocol to be used in: 'proto $proto' and 'proto-dictionary $proto'", - required = True - ) - parser.add_argument( - "-b", - dest = "both", - help = "Perform the lookup adding the 'encode-proto attrs' and 'decode_proto -'", - action='store_true' - ) - return parser.parse_args() + parser = argparse.ArgumentParser( + description="Convert .pcap file to FreeRADIUS unit_test_attribute(encode/decode) format. {almost, try}" + ) + parser.add_argument( + "-f", + dest="pcap_file", + help="pcap file to extract the dhcpv6 payload", + required=True, + ) + parser.add_argument( + "-p", + dest="decode_proto", + help="Protocol to be used in: 'proto $proto' and 'proto-dictionary $proto'", + required=True, + ) + parser.add_argument( + "-b", + dest="both", + help="Perform the lookup adding the 'encode-proto attrs' and 'decode_proto -'", + action="store_true", + ) + return parser.parse_args() + def _main(): - try: - args = load_args() - count_pkt = 0 - count_mat = 0 - pcap = rdpcap(args.pcap_file) - - print("# -*- text -*-") - print("# ATTENTION: It was generated automatically, be careful! :)") - print("# Based on {}".format(os.path.basename(args.pcap_file))) - print("#") - print("") - print("proto {}".format(args.decode_proto)) - print("proto-dictionary {}".format(args.decode_proto)) - print("") - count_mat += 2 - - for pkt in pcap: - # statements - count_pkt += 1 - print("#") - print("# {}.".format(count_pkt)) - print("#") - - # get the payload description, remove '#' and trim() spaces. - app = pkt.getlayer(3) - packet_desc = app.show(dump=True, indent=1).replace("#", "") - packet_desc = re.sub('^', "# ", packet_desc, flags=re.MULTILINE) - packet_desc = re.sub(' $', "", packet_desc, flags=re.MULTILINE) - print(packet_desc.strip()) - - # Convert the payload to hex separated by space. - payload = "" - for d in app.build(): - payload += "{:02x} ".format(d) - - # trim the left/right - payload = payload.strip() - - # lookup the attrs from the payload - attrs = unit_lookup_payload2attrs(args.decode_proto, payload) - if not attrs: - raise Exception("Error", "Problems to convert the payload to attrs") - - if args.both: - count_mat += 4 - print("encode-proto {}".format(attrs)) - print("match {}".format(payload)) - print("") - print("decode-proto -") - print("match {}".format(attrs)) - print("") - else: - count_mat += 2 - print("decode-proto {}".format(payload)) - print("match {}".format(attrs)) - print("") - - # append the 'count' - print("count") - print("match {}".format(count_mat)) - print("") - - except Exception as e: - eprint("** ERROR: Something wrong:\n {}\n".format(str(e))) - traceback.print_exc() - sys.exit(-1) + try: + args = load_args() + count_pkt = 0 + count_mat = 0 + pcap = rdpcap(args.pcap_file) + + print("# -*- text -*-") + print("# ATTENTION: It was generated automatically, be careful! :)") + print("# Based on {}".format(os.path.basename(args.pcap_file))) + print("#") + print("") + print("proto {}".format(args.decode_proto)) + print("proto-dictionary {}".format(args.decode_proto)) + print("") + count_mat += 2 + + for pkt in pcap: + # statements + count_pkt += 1 + print("#") + print("# {}.".format(count_pkt)) + print("#") + + # get the payload description, remove '#' and trim() spaces. + app = pkt.getlayer(3) + packet_desc = app.show(dump=True, indent=1).replace("#", "") + packet_desc = re.sub("^", "# ", packet_desc, flags=re.MULTILINE) + packet_desc = re.sub(" $", "", packet_desc, flags=re.MULTILINE) + print(packet_desc.strip()) + + # Convert the payload to hex separated by space. + payload = "" + for d in app.build(): + payload += "{:02x} ".format(d) + + # trim the left/right + payload = payload.strip() + + # lookup the attrs from the payload + attrs = unit_lookup_payload2attrs(args.decode_proto, payload) + if not attrs: + raise Exception("Error", "Problems to convert the payload to attrs") + + if args.both: + count_mat += 4 + print("encode-proto {}".format(attrs)) + print("match {}".format(payload)) + print("") + print("decode-proto -") + print("match {}".format(attrs)) + print("") + else: + count_mat += 2 + print("decode-proto {}".format(payload)) + print("match {}".format(attrs)) + print("") + + # append the 'count' + print("count") + print("match {}".format(count_mat)) + print("") + + except Exception as e: + eprint("** ERROR: Something wrong:\n {}\n".format(str(e))) + traceback.print_exc() + sys.exit(-1) + if __name__ == "__main__": - _main() + _main() diff --git a/scripts/solaris/README.md b/scripts/solaris/README.md index cc8afdeb660e1..f41a3f0826fb3 100644 --- a/scripts/solaris/README.md +++ b/scripts/solaris/README.md @@ -2,9 +2,9 @@ SMF is the Solaris version of upstart (or the reverse), it imports XML configuration file for services, and manages service dependencies. It will automatically restart daemons in they die, and provides a standard interface for checking the status of a service and administratively disabling/enabling it. -# Installation/configuration +## Installation/configuration -## Solaris 10 +### Solaris 10 Do the following as the root user ``sudo -s``. Copy the service management script ``svc-radius`` to ``/lib/srv/method/``: @@ -21,7 +21,8 @@ Copy the ``radius.xml`` manifest to ``/var/svc/manifest/network/``, and import i cp ./radius.xml /var/svc/manifest/network/ svccfg import /var/svc/manifest/network/radius.xml ``` -### Authorizing additional users + +#### Authorizing additional users First create an authorisation entry for the radius service: ```bash diff --git a/share/dictionary/README.md b/share/dictionary/README.md index 85ca0c8dddcf2..5e5de9f6d3e56 100644 --- a/share/dictionary/README.md +++ b/share/dictionary/README.md @@ -1,17 +1,17 @@ # Protocol Registry - git grep -h '^PROTOCOL' | sort -nk 3 + git grep -h '^PROTOCOL' | sort -nk 3 ## Current Protocols -PROTOCOL RADIUS 1 -PROTOCOL DHCPv4 2 -PROTOCOL DHCPv6 3 -PROTOCOL Ethernet 4 -PROTOCOL TACACS 5 -PROTOCOL VMPS 6 format=2 -PROTOCOL SNMP 7 format=4 -PROTOCOL ARP 8 -PROTOCOL EAP-SIM 101 -PROTOCOL EAP-AKA 102 -PROTOCOL Control 255 +PROTOCOL RADIUS 1 +PROTOCOL DHCPv4 2 +PROTOCOL DHCPv6 3 +PROTOCOL Ethernet 4 +PROTOCOL TACACS 5 +PROTOCOL VMPS 6 format=2 +PROTOCOL SNMP 7 format=4 +PROTOCOL ARP 8 +PROTOCOL EAP-SIM 101 +PROTOCOL EAP-AKA 102 +PROTOCOL Control 255 diff --git a/src/listen/tacacs/README.md b/src/listen/tacacs/README.md index 20254fe04feec..90778106a97c0 100644 --- a/src/listen/tacacs/README.md +++ b/src/listen/tacacs/README.md @@ -7,5 +7,5 @@ ## Summary Implements the TACACS+ protocol as described by: - * [draft-ietf-opsawg-tacacs](https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/?include_text=1) - * [draft-grant-tacacs-02 (1997)](https://tools.ietf.org/html/draft-grant-tacacs-02) +* [draft-ietf-opsawg-tacacs](https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/?include_text=1) +* [draft-grant-tacacs-02 (1997)](https://tools.ietf.org/html/draft-grant-tacacs-02) diff --git a/src/modules/proto_bfd/README.md b/src/modules/proto_bfd/README.md index 3908bc717ef8c..89d3a7a043606 100644 --- a/src/modules/proto_bfd/README.md +++ b/src/modules/proto_bfd/README.md @@ -5,7 +5,6 @@ ## Summary -Implements BiDirectional Forwarding Protocol (RFC 5880) - allowing the server to quickly detect if a link is up or down. +Implements BiDirectional Forwarding Protocol (RFC 5880) - allowing the server to quickly detect if a link is up or down. This module can be used to detect if a *peer* application is up or down and use the trigger module to execute certain functions when the link is started, goes up, down, or is administratively down. - diff --git a/src/modules/rlm_lua/example.lua b/src/modules/rlm_lua/example.lua index 97f430fa69399..32613a5bdae3f 100755 --- a/src/modules/rlm_lua/example.lua +++ b/src/modules/rlm_lua/example.lua @@ -1,8 +1,8 @@ -function tprint (tbl, indent) +local function tprint (tbl, indent) if not indent then indent = 0 end for k, v in tbl.pairs() do - formatting = string.rep(" ", indent) .. k .. ": " + local formatting = string.rep(" ", indent) .. k .. ": " if type(v) == "table" then print(formatting) tprint(v, indent+1) diff --git a/src/modules/rlm_mruby/example.rb b/src/modules/rlm_mruby/example.rb index 2a1ae66fe6779..a2feae7eaccf2 100644 --- a/src/modules/rlm_mruby/example.rb +++ b/src/modules/rlm_mruby/example.rb @@ -1,6 +1,9 @@ #This is example radius.rb script + +# frozen_string_literal: true + module Radiusd - def self.instantiate() + def self.instantiate radlog(L_DBG, "[mruby]Running ruby instantiate") return RLM_MODULE_OK end @@ -12,7 +15,6 @@ def self.authorize(request) radlog(L_ERR, "[mruby]Running ruby authorize") radlog(L_WARN, "Authorize: #{request.inspect}(#{request.class})") radlog(L_WARN, "Authorize: #{request.request.inspect}(#{request.request.class})") - reply = [["Framed-MTU", 1500]] control = [["Password.Cleartext", "hello"], ["Tmp-String-0", "!*", "ANY"]] return [RLM_MODULE_UPDATED, reply, control] diff --git a/src/modules/rlm_python/example.py b/src/modules/rlm_python/example.py index 8ff58f269253e..e3ab0c6fb3536 100644 --- a/src/modules/rlm_python/example.py +++ b/src/modules/rlm_python/example.py @@ -7,59 +7,69 @@ import freeradius + def instantiate(p): - print("*** instantiate ***") - print(p) - # return 0 for success or -1 for failure + print("*** instantiate ***") + print(p) + # return 0 for success or -1 for failure + def authorize(p): - print("*** authorize ***") - print("") - freeradius.log(freeradius.L_INFO, '*** log call in authorize ***') - print("") - print(p) - print("") - print(freeradius.config) - print("") - return freeradius.RLM_MODULE_OK + print("*** authorize ***") + print("") + freeradius.log(freeradius.L_INFO, "*** log call in authorize ***") + print("") + print(p) + print("") + print(freeradius.config) + print("") + return freeradius.RLM_MODULE_OK + def preacct(p): - print("*** preacct ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** preacct ***") + print(p) + return freeradius.RLM_MODULE_OK + def accounting(p): - print("*** accounting ***") - freeradius.log(freeradius.L_INFO, '*** log call in accounting (0) ***') - print("") - print(p) - return freeradius.RLM_MODULE_OK + print("*** accounting ***") + freeradius.log(freeradius.L_INFO, "*** log call in accounting (0) ***") + print("") + print(p) + return freeradius.RLM_MODULE_OK + def pre_proxy(p): - print("*** pre_proxy ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** pre_proxy ***") + print(p) + return freeradius.RLM_MODULE_OK + def post_proxy(p): - print("*** post_proxy ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** post_proxy ***") + print(p) + return freeradius.RLM_MODULE_OK + def post_auth(p): - print("*** post_auth ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** post_auth ***") + print(p) + return freeradius.RLM_MODULE_OK + def recv_coa(p): - print("*** recv_coa ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** recv_coa ***") + print(p) + return freeradius.RLM_MODULE_OK + def send_coa(p): - print("*** send_coa ***") - print(p) - return freeradius.RLM_MODULE_OK + print("*** send_coa ***") + print(p) + return freeradius.RLM_MODULE_OK + def detach(p): - print("*** goodbye from example.py ***") - return freeradius.RLM_MODULE_OK + print("*** goodbye from example.py ***") + return freeradius.RLM_MODULE_OK diff --git a/src/modules/rlm_python/prepaid.py b/src/modules/rlm_python/prepaid.py index 84c4fe5b91fad..fe9ec60c44ed9 100644 --- a/src/modules/rlm_python/prepaid.py +++ b/src/modules/rlm_python/prepaid.py @@ -23,222 +23,225 @@ import MySQLdb # Configuration -configDb = 'python' # Database name -configHost = 'localhost' # Database host -configUser = 'python' # Database user and password -configPasswd = 'python' +configDb = "python" # Database name +configHost = "localhost" # Database host +configUser = "python" # Database user and password +configPasswd = "python" # xxx Database # Globals dbHandle = None + def log(level, s): - """Log function.""" - freeradius.radlog(level, 'prepaid.py: ' + s) + """Log function.""" + freeradius.radlog(level, "prepaid.py: " + s) -def instantiate(p): - """Module Instantiation. 0 for success, -1 for failure. - p is a dummy variable here.""" - global dbHandle - try: - dbHandle = MySQLdb.connect(db=configDb, host=configHost, - user=configUser, passwd=configPasswd) +def instantiate(p): + """Module Instantiation. 0 for success, -1 for failure. p is a dummy variable here.""" + global dbHandle - except MySQLdb.OperationalError, e: - # Report the error and return -1 for failure. - # xxx A more advanced module would retry the database. - log(freeradius.L_ERR, str(e)) - return -1 + try: + dbHandle = MySQLdb.connect( + db=configDb, host=configHost, user=configUser, passwd=configPasswd + ) + except MySQLdb.OperationalError as e: + # Report the error and return -1 for failure. + # xxx A more advanced module would retry the database. + log(freeradius.L_ERR, str(e)) + return -1 - log(freeradius.L_INFO, 'db connection: ' + str(dbHandle)) + log(freeradius.L_INFO, "db connection: " + str(dbHandle)) - return 0 + return 0 def authorize(authData): - """Authorization and authentication are done in one step.""" - - # Extract the data we need. - userName = None - userPasswd = None - - for t in authData: - if t[0] == 'User-Name': - userName = t[1] - elif t[0] == 'Password': - userPasswd = t[1] - - # Build and log the SQL statement - # freeradius puts double quotes (") around the string representation of - # the RADIUS packet. - sql = 'select passwd, maxseconds from users where username = ' + userName - - log(freeradius.L_DBG, sql) - - # Get a cursor - # xxx Or should this be one cursor all throughout? - try: - dbCursor = dbHandle.cursor() - except MySQLdb.OperationalError, e: - log(freeradius.L_ERR, str(e)) - return freeradius.RLM_MODULE_FAIL - - # Execute the SQL statement - try: - dbCursor.execute(sql) - except MySQLdb.OperationalError, e: - log(freeradius.L_ERR, str(e)) - dbCursor.close() - return freeradius.RLM_MODULE_FAIL - - # Get the result. (passwd, maxseconds) - result = dbCursor.fetchone() - if not result: - # User not found - log(freeradius.L_INFO, 'user not found: ' + userName) + """Authorization and authentication are done in one step.""" + + # Extract the data we need. + userName = None + userPasswd = None + + for t in authData: + if t[0] == "User-Name": + userName = t[1] + elif t[0] == "Password": + userPasswd = t[1] + + # Build and log the SQL statement + # freeradius puts double quotes (") around the string representation of + # the RADIUS packet. + sql = "select passwd, maxseconds from users where username = " + userName + + log(freeradius.L_DBG, sql) + + # Get a cursor + # xxx Or should this be one cursor all throughout? + try: + dbCursor = dbHandle.cursor() + except MySQLdb.OperationalError as e: + log(freeradius.L_ERR, str(e)) + return freeradius.RLM_MODULE_FAIL + + # Execute the SQL statement + try: + dbCursor.execute(sql) + except MySQLdb.OperationalError as e: + log(freeradius.L_ERR, str(e)) + dbCursor.close() + return freeradius.RLM_MODULE_FAIL + + # Get the result. (passwd, maxseconds) + result = dbCursor.fetchone() + if not result: + # User not found + log(freeradius.L_INFO, "user not found: " + userName) + dbCursor.close() + return freeradius.RLM_MODULE_NOTFOUND + + # Compare passwords + # Ignore the quotes around userPasswd. + if result[0] != userPasswd[1:-1]: + log(freeradius.L_DBG, "user password mismatch: " + userName) + return freeradius.RLM_MODULE_REJECT + + maxSeconds = result[1] + + # Compute their session limit + + # Build and log the SQL statement + sql = "select sum(seconds) from sessions where username = " + userName + + log(freeradius.L_DBG, sql) + + # Execute the SQL statement + try: + dbCursor.execute(sql) + except MySQLdb.OperationalError as e: + log(freeradius.L_ERR, str(e)) + dbCursor.close() + return freeradius.RLM_MODULE_FAIL + + # Get the result. (sum,) + result = dbCursor.fetchone() + if (not result) or (not result[0]): + # No usage yet + secondsUsed = 0 + else: + secondsUsed = result[0] + + # Done with cursor dbCursor.close() - return freeradius.RLM_MODULE_NOTFOUND - # Compare passwords - # Ignore the quotes around userPasswd. - if result[0] != userPasswd[1:-1]: - log(freeradius.L_DBG, 'user password mismatch: ' + userName) - return freeradius.RLM_MODULE_REJECT + # Note that MySQL returns the result of SUM() as a float. + sessionTimeout = maxSeconds - int(secondsUsed) + + if sessionTimeout <= 0: + # No more time, reject outright + log(freeradius.L_INFO, "user out of time: " + userName) + return freeradius.RLM_MODULE_REJECT + + # Log the success + log(freeradius.L_DBG, "user accepted: %s, %d seconds" % (userName, sessionTimeout)) + + # We are adding to the RADIUS packet + # Note that the session timeout integer must be converted to string. + # We need to set an Auth-Type. + + return ( + freeradius.RLM_MODULE_UPDATED, + (("Session-Timeout", str(sessionTimeout)),), + (("Auth-Type", "python"),), + ) + # If you want to use different operators + # you can do + # return (freeradius.RLM_MODULE_UPDATED, + # ( + # ('Session-Timeout', ':=', str(sessionTimeout)), + # ('Some-other-option', '-=', Value'), + # ), + # ( + # ('Auth-Type', ':=', 'python'), + # ), + # ) - maxSeconds = result[1] - - # Compute their session limit - - # Build and log the SQL statement - sql = 'select sum(seconds) from sessions where username = ' + userName - - log(freeradius.L_DBG, sql) - - # Execute the SQL statement - try: - dbCursor.execute(sql) - except MySQLdb.OperationalError, e: - log(freeradius.L_ERR, str(e)) - dbCursor.close() - return freeradius.RLM_MODULE_FAIL - - # Get the result. (sum,) - result = dbCursor.fetchone() - if (not result) or (not result[0]): - # No usage yet - secondsUsed = 0 - else: - secondsUsed = result[0] - - # Done with cursor - dbCursor.close() - - # Note that MySQL returns the result of SUM() as a float. - sessionTimeout = maxSeconds - int(secondsUsed) - - if sessionTimeout <= 0: - # No more time, reject outright - log(freeradius.L_INFO, 'user out of time: ' + userName) - return freeradius.RLM_MODULE_REJECT - - # Log the success - log(freeradius.L_DBG, 'user accepted: %s, %d seconds' % - (userName, sessionTimeout)) - - # We are adding to the RADIUS packet - # Note that the session timeout integer must be converted to string. - # We need to set an Auth-Type. - - return (freeradius.RLM_MODULE_UPDATED, - (('Session-Timeout', str(sessionTimeout)),), - (('Auth-Type', 'python'),)) - # If you want to use different operators - # you can do - # return (freeradius.RLM_MODULE_UPDATED, - # ( - # ('Session-Timeout', ':=', str(sessionTimeout)), - # ('Some-other-option', '-=', Value'), - # ), - # ( - # ('Auth-Type', ':=', 'python'), - # ), - # ) def authenticate(p): - return freeradius.RLM_MODULE_OK + return freeradius.RLM_MODULE_OK def preacct(p): - return freeradius.RLM_MODULE_OK - - -def accounting(acctData): - """Accounting.""" - # Extract the data we need. - - userName = None - acctSessionTime = None - acctStatusType = None - - # xxx A dict would make this nice. - for t in acctData: - if t[0] == 'User-Name': - userName = t[1] - elif t[0] == 'Acct-Session-Time': - acctSessionTime = t[1] - elif t[0] == 'Acct-Status-Type': - acctStatusType = t[1] - - # We will not deal with Start for now. - # We may later, for simultaneous checks and the like. - if acctStatusType == 'Start': return freeradius.RLM_MODULE_OK - # Build and log the SQL statement - # freeradius puts double quotes (") around the string representation of - # the RADIUS packet. - # - # xxx This is simplistic as it does not record the time, etc. - # - sql = 'insert into sessions (username, seconds) values (%s, %d)' % \ - (userName, int(acctSessionTime)) - - log(freeradius.L_DBG, sql) - - # Get a cursor - # xxx Or should this be one cursor all throughout? - try: - dbCursor = dbHandle.cursor() - except MySQLdb.OperationalError, e: - log(freeradius.L_ERR, str(e)) - return freeradius.RLM_MODULE_FAIL - - # Execute the SQL statement - try: - dbCursor.execute(sql) - except MySQLdb.OperationalError, e: - log(freeradius.L_ERR, str(e)) - dbCursor.close() - return freeradius.RLM_MODULE_FAIL +def accounting(acctData): + """Accounting.""" + # Extract the data we need. + + userName = None + acctSessionTime = None + acctStatusType = None + + # xxx A dict would make this nice. + for t in acctData: + if t[0] == "User-Name": + userName = t[1] + elif t[0] == "Acct-Session-Time": + acctSessionTime = t[1] + elif t[0] == "Acct-Status-Type": + acctStatusType = t[1] + + # We will not deal with Start for now. + # We may later, for simultaneous checks and the like. + if acctStatusType == "Start": + return freeradius.RLM_MODULE_OK + + # Build and log the SQL statement + # freeradius puts double quotes (") around the string representation of + # the RADIUS packet. + # + # xxx This is simplistic as it does not record the time, etc. + # + sql = "insert into sessions (username, seconds) values (%s, %d)" % ( + userName, + int(acctSessionTime), + ) + + log(freeradius.L_DBG, sql) + + # Get a cursor + # xxx Or should this be one cursor all throughout? + try: + dbCursor = dbHandle.cursor() + except MySQLdb.OperationalError as e: + log(freeradius.L_ERR, str(e)) + return freeradius.RLM_MODULE_FAIL + + # Execute the SQL statement + try: + dbCursor.execute(sql) + except MySQLdb.OperationalError as e: + log(freeradius.L_ERR, str(e)) + dbCursor.close() + return freeradius.RLM_MODULE_FAIL - return freeradius.RLM_MODULE_OK + return freeradius.RLM_MODULE_OK def detach(): - """Detach and clean up.""" - # Shut down the database connection. - global dbHandle - log(freeradius.L_DBG, 'closing database handle: ' + str(dbHandle)) - dbHandle.close() - - return freeradius.RLM_MODULE_OK + """Detach and clean up.""" + # Shut down the database connection. + global dbHandle + log(freeradius.L_DBG, "closing database handle: " + str(dbHandle)) + dbHandle.close() + return freeradius.RLM_MODULE_OK # Test the modules -if __name__ == '__main__': - instantiate(None) - print authorize((('User-Name', '"map"'), ('User-Password', '"abc"'))) +if __name__ == "__main__": + instantiate(None) + print(authorize((("User-Name", '"map"'), ("User-Password", '"abc"')))) diff --git a/src/modules/rlm_radius/TODO.md b/src/modules/rlm_radius/TODO.md index 972e94f52c7f1..e3b8440bef863 100644 --- a/src/modules/rlm_radius/TODO.md +++ b/src/modules/rlm_radius/TODO.md @@ -5,7 +5,7 @@ After refactoring... * on read(), don't put connection into active state, as it may not be writable? - * or, just do it, and hope for the best... with the event loop handling it + * or, just do it, and hope for the best... with the event loop handling it ## RADIUS fixes @@ -27,7 +27,7 @@ We limit the number of connections, but not the number of proxied packets. This is because (for now), each connection can only proxy 256 packets... ## Status Checks - + * connection negotiation in Status-Server in proto_radius * some is there (Response-Length) * add more? Extended ID, etc. @@ -59,13 +59,15 @@ this whole thing is wrong... we end up signaling on every damned packet in real OK... fix the damned channel to use queue depth instead of ACKs which makes them less general, but better. The worker can NAK a packet, send a reply, or mark it ask discarded -DATA N -> W: (packet + queue 1, active) - -DATA N <- W (packet + queue is now 0, inactive) -DISCARD N <- W (no packet, queue is now 0, inactive) + DATA N -> W: (packet + queue 1, active) + + DATA N <- W (packet + queue is now 0, inactive) + + DISCARD N <- W (no packet, queue is now 0, inactive) + + SLEEPING N <- W (no packet, queue is 1, inactive) -SLEEPING N <- W (no packet, queue is 1, inactive) We also need an "must_signal" flag, for if the other end is sleeping... the network always sets it, I guess.. diff --git a/src/tests/keywords/README.md b/src/tests/keywords/README.md index 9745908ff8a75..666c5d82d522c 100644 --- a/src/tests/keywords/README.md +++ b/src/tests/keywords/README.md @@ -31,7 +31,7 @@ The entire test suite consists of two files: This allows many tests to be simplified, as all they need is a little bit of "unlang". -## How it works. +## How it works The input packet is passed into the unit test framework, through the unlang snippet in `foo`, and filtered through the reply filter in diff --git a/src/tests/modules/README.md b/src/tests/modules/README.md index 900dd80aeb8bc..1beb13184b979 100644 --- a/src/tests/modules/README.md +++ b/src/tests/modules/README.md @@ -2,9 +2,7 @@ To test module `foo`, create a directory `foo`, and put a file `all.mk` into it, e.g. -``` -foo/all.mk -``` + foo/all.mk All of the tests for the module should go here. The tests will be run *only* if the module is available, and has been built correctly on the system. diff --git a/src/tests/modules/lua/mod2.lua b/src/tests/modules/lua/mod2.lua index 6e6c00a8c8e16..8abfa41b3ea01 100644 --- a/src/tests/modules/lua/mod2.lua +++ b/src/tests/modules/lua/mod2.lua @@ -1,15 +1,15 @@ function authorize() - if not type(fr.rcode) == "table" then + if not type(fr.rcode) == "table" then print("error: The 'fr.rcode.{}' should be table") return fr.rcode.fail end - if not type(fr.log) == "table" then + if not type(fr.log) == "table" then print("error: The 'fr.log.{}' should be table") return fr.rcode.fail end - if not type(fr.request) == "table" then + if not type(fr.request) == "table" then print("error: The 'fr.request.{}' should be table") return fr.rcode.fail end diff --git a/src/tests/modules/python/mod_return_ok.py b/src/tests/modules/python/mod_return_ok.py index 8879e10b2bcbd..c0e1bdd278858 100644 --- a/src/tests/modules/python/mod_return_ok.py +++ b/src/tests/modules/python/mod_return_ok.py @@ -1,4 +1,5 @@ import freeradius + def authorize(p): return freeradius.RLM_MODULE_OK diff --git a/src/tests/modules/python/mod_shared_storage.py b/src/tests/modules/python/mod_shared_storage.py index 4b0e13975a1aa..2ea8d898fdfa3 100644 --- a/src/tests/modules/python/mod_shared_storage.py +++ b/src/tests/modules/python/mod_shared_storage.py @@ -1,10 +1,14 @@ import freeradius import shared + def authorize(p): - freeradius.log(freeradius.L_DBG, 'Python - shared_attribute=' + str(hasattr(shared, 'shared_attribute'))) - if not hasattr(shared, 'shared_attribute'): - setattr(shared, 'shared_attribute', True) - return freeradius.RLM_MODULE_NOOP - else: - return freeradius.RLM_MODULE_OK + freeradius.log( + freeradius.L_DBG, + "Python - shared_attribute=" + str(hasattr(shared, "shared_attribute")), + ) + if not hasattr(shared, "shared_attribute"): + setattr(shared, "shared_attribute", True) + return freeradius.RLM_MODULE_NOOP + else: + return freeradius.RLM_MODULE_OK diff --git a/src/tests/modules/python/mod_thread_local_storage.py b/src/tests/modules/python/mod_thread_local_storage.py index 3018e870c8c65..0f307ad1c50ee 100644 --- a/src/tests/modules/python/mod_thread_local_storage.py +++ b/src/tests/modules/python/mod_thread_local_storage.py @@ -1,12 +1,16 @@ -import freeradius import threading +import freeradius + local = threading.local() + def authorize(p): global local - freeradius.log(freeradius.L_DBG, 'Python - threading.local.tls()=' + str(hasattr(local, 'tls'))) - if hasattr(local, 'tls'): + freeradius.log( + freeradius.L_DBG, "Python - threading.local.tls()=" + str(hasattr(local, "tls")) + ) + if hasattr(local, "tls"): return freeradius.RLM_MODULE_OK else: local.tls = True diff --git a/src/tests/modules/python/mod_with_config.py b/src/tests/modules/python/mod_with_config.py index 91571f4366dd4..dd0de262cf9a8 100644 --- a/src/tests/modules/python/mod_with_config.py +++ b/src/tests/modules/python/mod_with_config.py @@ -1,7 +1,8 @@ import freeradius + def authorize(p): - if freeradius.config.get('a_param'): + if freeradius.config.get("a_param"): return freeradius.RLM_MODULE_OK return freeradius.RLM_MODULE_NOOP diff --git a/src/tests/modules/python/shared.py b/src/tests/modules/python/shared.py index 2ff281c87c83c..e06296930bc43 100644 --- a/src/tests/modules/python/shared.py +++ b/src/tests/modules/python/shared.py @@ -1 +1 @@ -dummy_attribute = 0 \ No newline at end of file +dummy_attribute = 0 diff --git a/src/tests/performance/README.md b/src/tests/performance/README.md index 48905d41d8646..893f961be04a3 100644 --- a/src/tests/performance/README.md +++ b/src/tests/performance/README.md @@ -5,14 +5,14 @@ These tests should be run manually for now. In one terminal window, start up the `ack` virtual server. This server just "acks" every request it gets. -``` +```bash ./run -n ack ``` In one terminal window, start up the `proxy` virtual server. This server just proxies every request it gets, to the `ack` server. -``` +```bash ./run -n proxy ``` @@ -23,13 +23,13 @@ And then send the `proxy` server packets. For less debug output, use the `quiet` script. This will run the server in the foreground, and log to `stdout`: -``` +```bash ./quiet -n ack ``` and -``` +```bash ./quiet -n proxy ``` @@ -37,7 +37,7 @@ and Run the stress tests: -``` +```bash ./stress ``` diff --git a/src/tests/salt-test-server/salt/postgres/schema.sql b/src/tests/salt-test-server/salt/postgres/schema.sql index c94ee9e547cd2..f3421f5ea5b7a 100644 --- a/src/tests/salt-test-server/salt/postgres/schema.sql +++ b/src/tests/salt-test-server/salt/postgres/schema.sql @@ -1,18 +1,17 @@ -/* - * $Id$ - * - * Postgresql schema for FreeRADIUS - * - * All field lengths need checking as some are still suboptimal. -pnixon 2003-07-13 - * - */ +-- +-- $Id$ +-- +-- Postgresql schema for FreeRADIUS +-- +-- All field lengths need checking as some are still suboptimal. -pnixon 2003-07-13 +-- -/* - * Table structure for table 'radacct' - * - * Note: Column type bigserial does not exist prior to Postgres 7.2 - * If you run an older version you need to change this to serial - */ +-- +-- Table structure for table 'radacct' +-- +-- Note: Column type bigserial does not exist prior to Postgres 7.2 +-- If you run an older version you need to change this to serial +-- CREATE TABLE radacct ( RadAcctId bigserial PRIMARY KEY, AcctSessionId text NOT NULL, @@ -60,30 +59,26 @@ CREATE INDEX radacct_start_user_idx ON radacct (AcctStartTime, UserName); -- and, optionally -- CREATE INDEX radacct_stop_user_idx ON radacct (acctStopTime, UserName); -/* - * There was WAAAY too many indexes previously. This combo index - * should take care of the most common searches. - * I have commented out all the old indexes, but left them in case - * someone wants them. I don't recomend anywone use them all at once - * as they will slow down your DB too much. - * - pnixon 2003-07-13 - */ - -/* - * create index radacct_UserName on radacct (UserName); - * create index radacct_AcctSessionId on radacct (AcctSessionId); - * create index radacct_AcctUniqueId on radacct (AcctUniqueId); - * create index radacct_FramedIPAddress on radacct (FramedIPAddress); - * create index radacct_NASIPAddress on radacct (NASIPAddress); - * create index radacct_AcctStartTime on radacct (AcctStartTime); - * create index radacct_AcctStopTime on radacct (AcctStopTime); -*/ - - +-- +-- There was WAAAY too many indexes previously. This combo index +-- should take care of the most common searches. +-- I have commented out all the old indexes, but left them in case +-- someone wants them. I don't recomend anywone use them all at once +-- as they will slow down your DB too much. +-- - pnixon 2003-07-13 +-- +-- create index radacct_UserName on radacct (UserName); +-- create index radacct_AcctSessionId on radacct (AcctSessionId); +-- create index radacct_AcctUniqueId on radacct (AcctUniqueId); +-- create index radacct_FramedIPAddress on radacct (FramedIPAddress); +-- create index radacct_NASIPAddress on radacct (NASIPAddress); +-- create index radacct_AcctStartTime on radacct (AcctStartTime); +-- create index radacct_AcctStopTime on radacct (AcctStopTime); +-- -/* - * Table structure for table 'radcheck' - */ +-- +-- Table structure for table 'radcheck' +-- CREATE TABLE radcheck ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -92,14 +87,14 @@ CREATE TABLE radcheck ( Value text NOT NULL DEFAULT '' ); create index radcheck_UserName on radcheck (UserName,Attribute); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radcheck_UserName_lower on radcheck (lower(UserName),Attribute); -/* - * Table structure for table 'radgroupcheck' - */ +-- +-- Table structure for table 'radgroupcheck' +-- CREATE TABLE radgroupcheck ( id serial PRIMARY KEY, GroupName text NOT NULL DEFAULT '', @@ -109,9 +104,9 @@ CREATE TABLE radgroupcheck ( ); create index radgroupcheck_GroupName on radgroupcheck (GroupName,Attribute); -/* - * Table structure for table 'radgroupreply' - */ +-- +-- Table structure for table 'radgroupreply' +-- CREATE TABLE radgroupreply ( id serial PRIMARY KEY, GroupName text NOT NULL DEFAULT '', @@ -121,9 +116,9 @@ CREATE TABLE radgroupreply ( ); create index radgroupreply_GroupName on radgroupreply (GroupName,Attribute); -/* - * Table structure for table 'radreply' - */ +-- +-- Table structure for table 'radreply' +-- CREATE TABLE radreply ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -132,14 +127,14 @@ CREATE TABLE radreply ( Value text NOT NULL DEFAULT '' ); create index radreply_UserName on radreply (UserName,Attribute); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radreply_UserName_lower on radreply (lower(UserName),Attribute); -/* - * Table structure for table 'radusergroup' - */ +-- +-- Table structure for table 'radusergroup' +-- CREATE TABLE radusergroup ( id serial PRIMARY KEY, UserName text NOT NULL DEFAULT '', @@ -147,15 +142,14 @@ CREATE TABLE radusergroup ( priority integer NOT NULL DEFAULT 0 ); create index radusergroup_UserName on radusergroup (UserName); -/* - * Use this index if you use case insensitive queries - */ +-- +-- Use this index if you use case insensitive queries +-- -- create index radusergroup_UserName_lower on radusergroup (lower(UserName)); -- -- Table structure for table 'radpostauth' -- - CREATE TABLE radpostauth ( id bigserial PRIMARY KEY, username text NOT NULL, @@ -166,9 +160,9 @@ CREATE TABLE radpostauth ( authdate timestamp with time zone NOT NULL default now() ); -/* - * Table structure for table 'nas' - */ +-- +-- Table structure for table 'nas' +-- CREATE TABLE nas ( id serial PRIMARY KEY, nasname text NOT NULL, diff --git a/src/tests/salt-test-server/salt/postgres/setup.sql b/src/tests/salt-test-server/salt/postgres/setup.sql index 6b41aa1538b56..b0b62e50c8466 100644 --- a/src/tests/salt-test-server/salt/postgres/setup.sql +++ b/src/tests/salt-test-server/salt/postgres/setup.sql @@ -1,21 +1,21 @@ -/* - * admin.sql -- PostgreSQL commands for creating the RADIUS user. - * - * WARNING: You should change 'localhost' and 'radpass' - * to something else. Also update raddb/sql.conf - * with the new RADIUS password. - * - * WARNING: This example file is untested. Use at your own risk. - * Please send any bug fixes to the mailing list. - * - * $Id$ - */ +-- +-- admin.sql -- PostgreSQL commands for creating the RADIUS user. +-- +-- WARNING: You should change 'localhost' and 'radpass' +-- to something else. Also update raddb/sql.conf +-- with the new RADIUS password. +-- +-- WARNING: This example file is untested. Use at your own risk. +-- Please send any bug fixes to the mailing list. +-- +-- $Id$ +-- -/* - * Create default administrator for RADIUS - */ +-- +-- Create default administrator for RADIUS +-- CREATE USER radius WITH PASSWORD 'radpass'; -/* radius user needs ti clean tables in test env */ +-- radius user needs ti clean tables in test env */ GRANT ALL ON ALL TABLES IN SCHEMA public TO radius; GRANT SELECT, USAGE ON ALL SEQUENCES IN schema public TO radius;