--- radsecproxy-1.3.1.orig/debian/changelog +++ radsecproxy-1.3.1/debian/changelog @@ -0,0 +1,13 @@ +radsecproxy (1.3.1-1) unstable; urgency=low + + * New upstream release. + * Bump Standards-Version to 3.8.2, no changed needed. + * Build-Depend on debhelper >= 7.0.50 because of the use of overrides in dh. + + -- Faidon Liambotis Wed, 05 Aug 2009 12:49:20 +0300 + +radsecproxy (1.3-1) unstable; urgency=low + + * Initial release. (Closes: #532481) + + -- Faidon Liambotis Tue, 16 Jun 2009 05:13:48 +0300 --- radsecproxy-1.3.1.orig/debian/compat +++ radsecproxy-1.3.1/debian/compat @@ -0,0 +1 @@ +7 --- radsecproxy-1.3.1.orig/debian/radsecproxy.conf +++ radsecproxy-1.3.1/debian/radsecproxy.conf @@ -0,0 +1,135 @@ +# Master config file for radsecproxy + +# First you may define any global options, these are: +# +# You can optionally specify addresses and ports to listen on +# Multiple statements can be used for multiple ports/addresses +#ListenUDP *:1814 +#listenUDP localhost +#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812 +#listenTLS 10.10.10.10:2084 +#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 +#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 + +# To specify a certain address/port for UDP/TLS requests you can use e.g. +#SourceUDP 127.0.0.1:33000 +#SourceTCP *:33000 +#SourceTLS *:33001 +#SourceDTLS *:33001 + +# Optional log level. 3 is default, 1 is less, 4 is more +#LogLevel 3 +# Optional LogDestinatinon, else stderr used for logging +# Logging to file +#LogDestination file:///tmp/rp.log +# Or logging with Syslog. LOG_DAEMON used if facility not specified +# The supported facilities are LOG_DAEMON, LOG_MAIL, LOG_USER and +# LOG_LOCAL0, ..., LOG_LOCAL7 +#LogDestination x-syslog:/// +#LogDestination x-syslog:///log_local2 + +# There is an option for doing some simple loop prevention +#LoopPrevention on +# Add TTL attribute with value 20 if not present (prevents endless loops) +#addTTL 20 + +# If we have TLS clients or servers we must define at least one tls block. +# You can name them whatever you like and then reference them by name when +# specifying clients or servers later. There are however three special names +# "default", "defaultclient" and "defaultserver". If no name is defined for +# a client, the "defaultclient" block will be used if it exists, if not the +# "default" will be used. For a server, "defaultserver" followed by "default" +# will be checked. +# +# The simplest configuration you can do is: +#tls default { + # You must specify at least one of CACertificateFile or CACertificatePath + # for TLS to work. We always verify peer certificate (client and server) + # CACertificateFile /etc/ssl/certs/ca-certificates.crt + # CACertificatePath /etc/ssl/certs + + # You must specify the below for TLS, we always present our certificate + # CertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + # CertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + # Optionally specify password if key is encrypted (not very secure) + # CertificateKeyPassword "follow the white rabbit" + # + # Optionally enable CRL checking + # CRLCheck on + # Optionally specify how long CAs and CRLs are cached, default forever + # CacheExpiry 3600 + # + # Optionally require that peer certs have one of the specified policyOIDs + # policyoid 1.2.3 # this option can be used multiple times + # policyoid 1.3.4 +#} + +# If you want one cert for all clients and another for all servers, use +# defaultclient and defaultserver instead of default. If we wanted some +# particular server to use something else you could specify a block +# "tls myserver" and then reference that for that server. If you always +# name the tls block in the client/server config you don't need a default + +# Now we configure clients, servers and realms. Note that these and +# also the lines above may be in any order, except that a realm +# can only be configured to use a server that is previously configured. + +# A realm can be a literal domain name, * which matches all, or a +# regexp. A regexp is specified by the character prefix / +# For regexp we do case insensitive matching of the entire username string. +# The matching of realms is done in the order they are specified, using the +# first match found. Some examples are +# "@example\.com$", "\.com$", ".*" and "^[a-z].*@example\.com$". +# To treat local users separately you might try first specifying "@" +# and after that "*". + +# Configure a rewrite block if you want to add/remove/modify attributes +#rewrite example { +# removeAttribute 5 +# removeVendorAttribute 99:100 +# addAttribute 4 attribute%20value +# modifyAttribute 1:/^(.*)@local$/$1@example.com/ +#} + +# An example client +#client 2001:db8::1 { +# # type can be one of tcp, udp, tls, dtls +# type udp +# # secret is optional for TLS/DTLS +# secret secret +# # Might do rewriting of incoming messages using rewrite block example +# rewriteIn example +# # Can also do rewriting of outgoing messages +# rewriteOut example +# # if also want to use this server for accounting, specify +# accountingServer 127.0.0.1 +# # statusserver is optional, can be on or off. Off is default +# StatusServer on +#} + +# Equivalent to example.com +#realm /@example\.com$ { +# server 2001:db8::1 +#} + +# One can define a realm without servers, the proxy will then reject +# and requests matching this. Optionally one can specify ReplyMessage +# attribute to be included in the reject message. One can also use +# AccountingResponse option to specify that the proxy should send such. +#realm /\.com$ { +#} +# +#realm /^anonymous$ { +# replymessage "No Access" +# AccountingResponse On +#} + +# example config for localhost, rejecting all users +client 127.0.0.1 { + type udp + secret testing123 +} + +realm * { + replymessage "User unknown" +} --- radsecproxy-1.3.1.orig/debian/examples +++ radsecproxy-1.3.1/debian/examples @@ -0,0 +1,2 @@ +radsecproxy.conf-example +radsec-dynsrv.sh --- radsecproxy-1.3.1.orig/debian/docs +++ radsecproxy-1.3.1/debian/docs @@ -0,0 +1 @@ +README --- radsecproxy-1.3.1.orig/debian/control +++ radsecproxy-1.3.1/debian/control @@ -0,0 +1,19 @@ +Source: radsecproxy +Section: net +Priority: optional +Maintainer: Faidon Liambotis +Build-Depends: debhelper (>= 7.0.50), autotools-dev, libssl-dev +Standards-Version: 3.8.2 +Homepage: http://software.uninett.no/radsecproxy/ + +Package: radsecproxy +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Provides: radius-server +Description: RADIUS protocol proxy supporting RadSec + A generic RADIUS proxy that in addition to usual RADIUS UDP transport also + supports TLS (RadSec). It aims to be flexible while at the same time small in + size and memory footprint, efficient and easy to configure. + . + It can be useful as a proxy on site boundaries or in other complex RADIUS + routing topologies. It supports both IPv4 and IPv6. --- radsecproxy-1.3.1.orig/debian/rules +++ radsecproxy-1.3.1/debian/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 + +%: + dh $@ + +override_dh_auto_install: + dh_auto_install + # remove the example config with the wrong filename + # and install a prepared config that works by default + rm -f debian/radsecproxy/etc/radsecproxy.conf-example + cp debian/radsecproxy.conf debian/radsecproxy/etc/radsecproxy.conf --- radsecproxy-1.3.1.orig/debian/watch +++ radsecproxy-1.3.1/debian/watch @@ -0,0 +1,5 @@ +# Compulsory line, this is a version 3 file +version=3 + +opts="uversionmangle=s/-(alpha|beta)/~$1/" \ +http://software.uninett.no/radsecproxy/index.php?page=download radsecproxy-(.*)\.tar\.gz --- radsecproxy-1.3.1.orig/debian/init.d +++ radsecproxy-1.3.1/debian/init.d @@ -0,0 +1,68 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: radsecproxy +# Required-Start: $network +# Required-Stop: +# Should-Start: $time +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: RADIUS proxy +# Description: RADIUS protocol proxy supporting RadSec +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/radsecproxy +NAME="radsecproxy" +DESC="RadSec proxy" +PIDFILE=/var/run/$NAME.pid + +. /lib/lsb/init-functions + +test -x $DAEMON || exit 0 + +DAEMON_OPTS="-i $PIDFILE" + +case "$1" in + start) + if pidofproc -p $PIDFILE $DAEMON > /dev/null; then + log_failure_msg "Starting $DESC (already started)" + exit 0 + fi + if ! $DAEMON -p $DAEMON_OPTS 2> /dev/null; then + log_failure_msg "Checking $DESC config syntax" + exit 1 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $DAEMON_OPTS + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --exec $DAEMON + case "$?" in + 0) log_end_msg 0 ;; + 1) log_progress_msg "(already stopped)" + log_end_msg 0 ;; + *) log_end_msg 1 ;; + esac + ;; + force-reload|restart) + if ! $DAEMON -p $DAEMON_OPTS 2> /dev/null; then + log_failure_msg "Checking $DESC config syntax" + exit 1 + fi + $0 stop + $0 start + ;; + status) + status_of_proc -p $PIDFILE $BIN $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: ${0} {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac --- radsecproxy-1.3.1.orig/debian/copyright +++ radsecproxy-1.3.1/debian/copyright @@ -0,0 +1,60 @@ +This package was debianized by Faidon Liambotis on +Sun, 14 Jun 2009 23:17:51 +0300 + +It was downloaded from: http://software.uninett.no/radsecproxy/ + +Upstream Author: Stig Venaas +Copyright: + Copyright (C) 2006-2009 Stig Venaas + Copyright (c) 2006-2009, UNINETT AS + +The Debian packaging is: + Copyright (C) 2009 Faidon Liambotis + +License: + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Alternatively, you can use the following BSD-like license: + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with distribution. + * Neither the name of the UNINETT AS nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY UNINETT AS ``AS IS'' AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL UNINETT AS BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Please note that for the purpose of this distribution, only the BSD license +applies. This is due to the fact that this package is linking against the +OpenSSL library, which has conflicting terms with the GNU GPL and thus would +render the combined binaries as undistributable. The BSD license has no such +problems and hence this work can be legally distributed. --- radsecproxy-1.3.1.orig/debian/lintian-overrides +++ radsecproxy-1.3.1/debian/lintian-overrides @@ -0,0 +1 @@ +radsecproxy: possible-gpl-code-linked-with-openssl