[freeradius] Fix triggers
Nikolai Kondrashov
nkondras at fedoraproject.org
Mon Jan 19 17:00:04 UTC 2015
commit d3ba0255017a6453f1d1486ad31fdf16f9b5dd6e
Author: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
Date: Wed Oct 29 14:18:12 2014 +0200
Fix triggers
Resolves: Bug#1110407
Resolves: Bug#1110414
Resolves: Bug#1110186
Resolves: Bug#1109164
...on-fall-through-to-global-module-triggers.patch | 280 ++++++++++++++++++++
...dont-assume-request-presence-when-logging.patch | 139 ++++++++++
...-SIGTERM-when-firing-stop-and-signal.term.patch | 59 ++++
...remove-extra-apostrophe-from-trigger.conf.patch | 30 ++
...ius-raddb-update-triggers-in-trigger.conf.patch | 70 +++++
...ddb-use-appropriate-module-names-in-traps.patch | 83 ++++++
freeradius.spec | 12 +
7 files changed, 673 insertions(+), 0 deletions(-)
---
diff --git a/freeradius-connection-fall-through-to-global-module-triggers.patch b/freeradius-connection-fall-through-to-global-module-triggers.patch
new file mode 100644
index 0000000..a2c1156
--- /dev/null
+++ b/freeradius-connection-fall-through-to-global-module-triggers.patch
@@ -0,0 +1,280 @@
+From 132992fe92d53d62499d8c4672feafe210efc573 Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Fri, 24 Oct 2014 14:37:11 +0300
+Subject: [PATCH 4/4] connection: Fall through to global module triggers
+
+Make module connection pool triggers use global module trigger
+configuration, if there is no "trigger" section in the pool section.
+
+Use fully-qualified module-specific trigger names for module-specific
+connection pools in connection.c.
+
+E.g. trigger "modules.ldap.open", instead of just "open" for pools
+initialized with fr_connection_pool_module_init, being passed "ldap"
+config section.
+
+Send triggers even if the pool has no "trigger" section.
+
+This makes exec_trigger fall through to global module triggers, if the
+pool configuration doesn't have the "trigger" section.
+---
+ src/include/connection.h | 3 +-
+ src/main/connection.c | 81 ++++++++++++++++++++++++++++++------------------
+ 2 files changed, 53 insertions(+), 31 deletions(-)
+
+diff --git a/src/include/connection.h b/src/include/connection.h
+index e3752d5..eaf44e8 100644
+--- a/src/include/connection.h
++++ b/src/include/connection.h
+@@ -81,7 +81,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+ void *opaque,
+ fr_connection_create_t c,
+ fr_connection_alive_t a,
+- char const *prefix);
++ char const *log_prefix,
++ char const *trigger_prefix);
+ void fr_connection_pool_delete(fr_connection_pool_t *pool);
+
+ void *fr_connection_get(fr_connection_pool_t *pool);
+diff --git a/src/main/connection.c b/src/main/connection.c
+index 5f0c8f6..aec4f9d 100644
+--- a/src/main/connection.c
++++ b/src/main/connection.c
+@@ -110,10 +110,6 @@ struct fr_connection_pool_t {
+ uint32_t idle_timeout; //!< How long a connection can be idle
+ //!< before being closed.
+
+- bool trigger; //!< If true execute connection triggers
+- //!< associated with the connection
+- //!< pool.
+-
+ bool spread; //!< If true requests will be spread
+ //!< across all connections, instead of
+ //!< re-using the most recently used
+@@ -158,6 +154,11 @@ struct fr_connection_pool_t {
+ //!< messages created by the connection
+ //!< pool code.
+
++ char const *trigger_prefix; //!< Prefix to prepend to
++ //!< names of all triggers
++ //!< fired by the connection
++ //!< pool code.
++
+ fr_connection_create_t create; //!< Function used to create new
+ //!< connections.
+ fr_connection_alive_t alive; //!< Function used to check status
+@@ -271,6 +272,20 @@ static void fr_connection_link_tail(fr_connection_pool_t *pool,
+ }
+ }
+
++/** Send a connection pool trigger.
++ *
++ * @param[in] pool to send trigger for.
++ * @param[in] name_suffix trigger name suffix.
++ */
++static void fr_connection_exec_trigger(fr_connection_pool_t *pool,
++ char const *name_suffix)
++{
++ char name[64];
++ rad_assert(pool != NULL);
++ rad_assert(name_suffix != NULL);
++ snprintf(name, sizeof(name), "%s%s", pool->trigger_prefix, name_suffix);
++ exec_trigger(NULL, pool->cs, name, true);
++}
+
+ /** Spawns a new connection
+ *
+@@ -403,7 +418,7 @@ static fr_connection_t *fr_connection_spawn(fr_connection_pool_t *pool,
+
+ pthread_mutex_unlock(&pool->mutex);
+
+- if (pool->trigger) exec_trigger(NULL, pool->cs, "open", true);
++ fr_connection_exec_trigger(pool, "open");
+
+ return this;
+ }
+@@ -436,7 +451,7 @@ static void fr_connection_close(fr_connection_pool_t *pool,
+ pool->active--;
+ }
+
+- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true);
++ fr_connection_exec_trigger(pool, "close");
+
+ fr_connection_unlink(pool, this);
+ rad_assert(pool->num > 0);
+@@ -542,7 +557,7 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool)
+ fr_connection_close(pool, this);
+ }
+
+- if (pool->trigger) exec_trigger(NULL, pool->cs, "stop", true);
++ fr_connection_exec_trigger(pool, "stop");
+
+ rad_assert(pool->head == NULL);
+ rad_assert(pool->tail == NULL);
+@@ -559,33 +574,36 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool)
+ * @param[in] opaque data pointer to pass to callbacks.
+ * @param[in] c Callback to create new connections.
+ * @param[in] a Callback to check the status of connections.
+- * @param[in] prefix override, if NULL will be set automatically from the module CONF_SECTION.
++ * @param[in] log_prefix override, if NULL will be set automatically from the module CONF_SECTION.
+ * @return A new connection pool or NULL on error.
+ */
+ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ void *opaque,
+ fr_connection_create_t c,
+ fr_connection_alive_t a,
+- char const *prefix)
++ char const *log_prefix)
+ {
+ CONF_SECTION *cs, *mycs;
+ char buff[128];
++ char trigger_prefix[64];
+
+ fr_connection_pool_t *pool;
++ char const *cs_name1, *cs_name2;
+
+ int ret;
+
+ #define CONNECTION_POOL_CF_KEY "connection_pool"
+ #define parent_name(_x) cf_section_name(cf_item_parent(cf_sectiontoitem(_x)))
+
+- if (!prefix) {
+- char const *cs_name1, *cs_name2;
+- cs_name1 = cf_section_name1(module);
+- cs_name2 = cf_section_name2(module);
+- if (!cs_name2) cs_name2 = cs_name1;
++ cs_name1 = cf_section_name1(module);
++ cs_name2 = cf_section_name2(module);
++ if (!cs_name2) cs_name2 = cs_name1;
++
++ snprintf(trigger_prefix, sizeof(trigger_prefix), "modules.%s.", cs_name1);
+
++ if (!log_prefix) {
+ snprintf(buff, sizeof(buff), "rlm_%s (%s)", cs_name1, cs_name2);
+- prefix = buff;
++ log_prefix = buff;
+ }
+
+ /*
+@@ -597,11 +615,11 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ return NULL;
+
+ case 1:
+- DEBUG4("%s: Using pool section from \"%s\"", prefix, parent_name(cs));
++ DEBUG4("%s: Using pool section from \"%s\"", log_prefix, parent_name(cs));
+ break;
+
+ case 0:
+- DEBUG4("%s: Using local pool section", prefix);
++ DEBUG4("%s: Using local pool section", log_prefix);
+ break;
+ }
+
+@@ -610,7 +628,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ */
+ mycs = cf_section_sub_find(module, "pool");
+ if (!mycs) {
+- DEBUG4("%s: Adding pool section to \"%s\" to store pool references", prefix,
++ DEBUG4("%s: Adding pool section to \"%s\" to store pool references", log_prefix,
+ cf_section_name(module));
+
+ mycs = cf_section_alloc(module, "pool", NULL);
+@@ -622,7 +640,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ * Use our own local pool.
+ */
+ if (!cs) {
+- DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", prefix,
++ DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", log_prefix,
+ parent_name(cs), parent_name(mycs));
+ cs = mycs;
+ }
+@@ -636,16 +654,16 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ */
+ pool = cf_data_find(cs, CONNECTION_POOL_CF_KEY);
+ if (!pool) {
+- DEBUG4("%s: No pool reference found in \"%s.pool\"", prefix, parent_name(cs));
+- pool = fr_connection_pool_init(module, cs, opaque, c, a, prefix);
++ DEBUG4("%s: No pool reference found in \"%s.pool\"", log_prefix, parent_name(cs));
++ pool = fr_connection_pool_init(module, cs, opaque, c, a, log_prefix, trigger_prefix);
+ if (!pool) return NULL;
+
+- DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", prefix, pool, parent_name(cs));
++ DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", log_prefix, pool, parent_name(cs));
+ cf_data_add(cs, CONNECTION_POOL_CF_KEY, pool, NULL);
+ return pool;
+ }
+
+- DEBUG4("%s: Found pool reference %p in \"%s.pool\"", prefix, pool, parent_name(cs));
++ DEBUG4("%s: Found pool reference %p in \"%s.pool\"", log_prefix, pool, parent_name(cs));
+
+ /*
+ * We're reusing pool data add it to our local config
+@@ -653,7 +671,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ * re-use a pool through this module.
+ */
+ if (mycs != cs) {
+- DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", prefix, pool,
++ DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", log_prefix, pool,
+ parent_name(cs), parent_name(mycs));
+ cf_data_add(mycs, CONNECTION_POOL_CF_KEY, pool, NULL);
+ }
+@@ -676,7 +694,8 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module,
+ * @param[in] opaque data pointer to pass to callbacks.
+ * @param[in] c Callback to create new connections.
+ * @param[in] a Callback to check the status of connections.
+- * @param[in] prefix to prepend to all log messages.
++ * @param[in] log_prefix prefix to prepend to all log messages.
++ * @param[in] trigger_prefix prefix to prepend to all trigger names.
+ * @return A new connection pool or NULL on error.
+ */
+ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+@@ -684,7 +703,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+ void *opaque,
+ fr_connection_create_t c,
+ fr_connection_alive_t a,
+- char const *prefix)
++ char const *log_prefix,
++ char const *trigger_prefix)
+ {
+ uint32_t i;
+ fr_connection_pool_t *pool;
+@@ -720,7 +740,9 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+
+ pool->head = pool->tail = NULL;
+
+- pool->log_prefix = prefix ? talloc_typed_strdup(pool, prefix) : "core";
++ pool->log_prefix = log_prefix ? talloc_typed_strdup(pool, log_prefix) : "core";
++ pool->trigger_prefix = trigger_prefix ?
++ talloc_typed_strdup(pool, trigger_prefix) : "";
+
+ #ifdef HAVE_PTHREAD_H
+ pthread_mutex_init(&pool->mutex, NULL);
+@@ -729,7 +751,6 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+ DEBUG("%s: Initialising connection pool", pool->log_prefix);
+
+ if (cf_section_parse(cs, pool, connection_config) < 0) goto error;
+- if (cf_section_sub_find(cs, "trigger")) pool->trigger = true;
+
+ /*
+ * Some simple limits
+@@ -780,7 +801,7 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent,
+ }
+ }
+
+- if (pool->trigger) exec_trigger(NULL, pool->cs, "start", true);
++ fr_connection_exec_trigger(pool, "start");
+
+ return pool;
+ }
+@@ -1222,7 +1243,7 @@ void *fr_connection_reconnect(fr_connection_pool_t *pool, void *conn)
+ return NULL;
+ }
+
+- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true);
++ fr_connection_exec_trigger(pool, "close");
+ this->connection = new_conn;
+ pthread_mutex_unlock(&pool->mutex);
+
+--
+2.1.1
+
diff --git a/freeradius-exec-dont-assume-request-presence-when-logging.patch b/freeradius-exec-dont-assume-request-presence-when-logging.patch
new file mode 100644
index 0000000..2c0ee52
--- /dev/null
+++ b/freeradius-exec-dont-assume-request-presence-when-logging.patch
@@ -0,0 +1,139 @@
+From 13c5c908548c29ab30ae2e274a5d2baa96eadae4 Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Wed, 15 Oct 2014 20:03:11 +0300
+Subject: [PATCH 1/4] exec: Don't assume request presence when logging
+
+Use DEBUG* macros for logging, instead of RDEBUG* macros in
+radius_start_program and radius_readfrom_program as these are not
+guaranteed to be invoked with a valid request.
+
+For example, not from most of the exec_trigger invocations.
+---
+ src/include/radiusd.h | 2 +-
+ src/main/exec.c | 22 +++++++++++-----------
+ src/modules/rlm_mschap/rlm_mschap.c | 2 +-
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/src/include/radiusd.h b/src/include/radiusd.h
+index 21d510b..ebe3a21 100644
+--- a/src/include/radiusd.h
++++ b/src/include/radiusd.h
+@@ -606,7 +606,7 @@ int rad_virtual_server(REQUEST *);
+ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ int *input_fd, int *output_fd,
+ VALUE_PAIR *input_pairs, bool shell_escape);
+-int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
++int radius_readfrom_program(int fd, pid_t pid, int timeout,
+ char *answer, int left);
+ int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
+ char *user_msg, size_t msg_len, int timeout,
+diff --git a/src/main/exec.c b/src/main/exec.c
+index b421053..1188d0a 100644
+--- a/src/main/exec.c
++++ b/src/main/exec.c
+@@ -103,16 +103,16 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+
+ argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf);
+ if (argc <= 0) {
+- RDEBUG("invalid command line '%s'.", cmd);
++ DEBUG("invalid command line '%s'.", cmd);
+ return -1;
+ }
+
+
+ #ifndef NDEBUG
+ if (debug_flag > 2) {
+- RDEBUG3("executing cmd %s", cmd);
++ DEBUG3("executing cmd %s", cmd);
+ for (i = 0; i < argc; i++) {
+- RDEBUG3("\t[%d] %s", i, argv[i]);
++ DEBUG3("\t[%d] %s", i, argv[i]);
+ }
+ }
+ #endif
+@@ -124,13 +124,13 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ if (exec_wait) {
+ if (input_fd) {
+ if (pipe(to_child) != 0) {
+- RDEBUG("Couldn't open pipe to child: %s", fr_syserror(errno));
++ DEBUG("Couldn't open pipe to child: %s", fr_syserror(errno));
+ return -1;
+ }
+ }
+ if (output_fd) {
+ if (pipe(from_child) != 0) {
+- RDEBUG("Couldn't open pipe from child: %s", fr_syserror(errno));
++ DEBUG("Couldn't open pipe from child: %s", fr_syserror(errno));
+ /* safe because these either need closing or are == -1 */
+ close(to_child[0]);
+ close(to_child[1]);
+@@ -206,7 +206,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ */
+ devnull = open("/dev/null", O_RDWR);
+ if (devnull < 0) {
+- RDEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno));
++ DEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno));
+
+ /*
+ * Where the status code is interpreted as a module rcode
+@@ -287,7 +287,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ * Parent process.
+ */
+ if (pid < 0) {
+- RDEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno));
++ DEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno));
+ if (exec_wait) {
+ /* safe because these either need closing or are == -1 */
+ close(to_child[0]);
+@@ -320,7 +320,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ return pid;
+ #else
+ if (exec_wait) {
+- RDEBUG("Wait is not supported");
++ DEBUG("Wait is not supported");
+ return -1;
+ }
+
+@@ -366,7 +366,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
+ * @param left length of buffer.
+ * @return -1 on error, or length of output.
+ */
+-int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
++int radius_readfrom_program(int fd, pid_t pid, int timeout,
+ char *answer, int left)
+ {
+ int done = 0;
+@@ -422,7 +422,7 @@ int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
+ rcode = select(fd + 1, &fds, NULL, NULL, &wake);
+ if (rcode == 0) {
+ too_long:
+- RDEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid);
++ DEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid);
+ kill(pid, SIGTERM);
+ close(fd); /* should give SIGPIPE to child, too */
+
+@@ -536,7 +536,7 @@ int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool
+ }
+
+ #ifndef __MINGW32__
+- len = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer));
++ len = radius_readfrom_program(from_child, pid, timeout, answer, sizeof(answer));
+ if (len < 0) {
+ /*
+ * Failure - radius_readfrom_program will
+diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
+index 0101ddf..03f94a9 100644
+--- a/src/modules/rlm_mschap/rlm_mschap.c
++++ b/src/modules/rlm_mschap/rlm_mschap.c
+@@ -794,7 +794,7 @@ static int CC_HINT(nonnull (1, 2, 4, 5)) do_mschap_cpw(rlm_mschap_t *inst,
+ /*
+ * Read from the child
+ */
+- len = radius_readfrom_program(request, from_child, pid, 10, buf, sizeof(buf));
++ len = radius_readfrom_program(from_child, pid, 10, buf, sizeof(buf));
+ if (len < 0) {
+ /* radius_readfrom_program will have closed from_child for us */
+ REDEBUG("Failure reading from child");
+--
+2.1.1
+
diff --git a/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch b/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
new file mode 100644
index 0000000..daefbb4
--- /dev/null
+++ b/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
@@ -0,0 +1,59 @@
+From b5b92669c32b50b2f96a3ae53d4222d6cb3d1287 Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Tue, 28 Oct 2014 15:57:56 +0200
+Subject: [PATCH 1/1] Ignore SIGTERM when firing stop and signal.term
+
+Move firing "server.stop" and "server.signal.term" triggers beyond
+setting SIGTERM action to SIG_IGN in main().
+
+This way handler commands for these triggers don't receive SIGTERM with
+the rest of the process group and don't possibly terminate before doing
+their work. E.g. snmptrap manages to send the notifications.
+---
+ src/main/process.c | 1 -
+ src/main/radiusd.c | 10 ++++++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/main/process.c b/src/main/process.c
+index 7e1a51e..f427205 100644
+--- a/src/main/process.c
++++ b/src/main/process.c
+@@ -4536,7 +4536,6 @@ static void handle_signal_self(int flag)
+ fr_event_loop_exit(el, 1);
+ } else {
+ INFO("Signalled to terminate");
+- exec_trigger(NULL, NULL, "server.signal.term", true);
+ fr_event_loop_exit(el, 2);
+ }
+
+diff --git a/src/main/radiusd.c b/src/main/radiusd.c
+index 620d7d4..86c7013 100644
+--- a/src/main/radiusd.c
++++ b/src/main/radiusd.c
+@@ -592,8 +592,6 @@ int main(int argc, char *argv[])
+ INFO("Exiting normally");
+ }
+
+- exec_trigger(NULL, NULL, "server.stop", false);
+-
+ /*
+ * Ignore the TERM signal: we're
+ * about to die.
+@@ -601,6 +599,14 @@ int main(int argc, char *argv[])
+ signal(SIGTERM, SIG_IGN);
+
+ /*
++ * Fire signal and stop triggers after ignoring SIGTERM, so handlers are
++ * not killed with the rest of the process group, below.
++ */
++ if (status == 2)
++ exec_trigger(NULL, NULL, "server.signal.term", true);
++ exec_trigger(NULL, NULL, "server.stop", false);
++
++ /*
+ * Send a TERM signal to all
+ * associated processes
+ * (including us, which gets
+--
+2.1.1
+
diff --git a/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch b/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch
new file mode 100644
index 0000000..99592c4
--- /dev/null
+++ b/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch
@@ -0,0 +1,30 @@
+From e37dbd2dd0f20ff255ddc934296afa67e59695c6 Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Thu, 16 Oct 2014 13:48:32 +0300
+Subject: [PATCH 2/4] raddb: Remove extra apostrophe from trigger.conf
+
+Remove a spurious apostrophe from trigger.conf's trigger.modules.args.
+
+This fixes module triggers, otherwise producing this error:
+
+ rad_expand_xlat: Invalid string passed as argument
+---
+ raddb/trigger.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/raddb/trigger.conf b/raddb/trigger.conf
+index aa846c3..b80089c 100644
+--- a/raddb/trigger.conf
++++ b/raddb/trigger.conf
+@@ -194,7 +194,7 @@ trigger {
+ # "trigger" subsection in the module configuration.
+ modules {
+ # Common arguments
+- args = "radiusdModuleName s ldap' radiusdModuleInstance s ''"
++ args = "radiusdModuleName s ldap radiusdModuleInstance s ''"
+
+ # The files module
+ files {
+--
+2.1.1
+
diff --git a/freeradius-raddb-update-triggers-in-trigger.conf.patch b/freeradius-raddb-update-triggers-in-trigger.conf.patch
new file mode 100644
index 0000000..58bd9bc
--- /dev/null
+++ b/freeradius-raddb-update-triggers-in-trigger.conf.patch
@@ -0,0 +1,70 @@
+From 7162088ec80add0e83d1073b67001546be3d0d8d Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Thu, 23 Oct 2014 13:56:46 +0300
+Subject: [PATCH 1/1] raddb: Update triggers in trigger.conf
+
+Update trigger.conf's available triggers and comments to correspond to
+actual code.
+---
+ raddb/trigger.conf | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/raddb/trigger.conf b/raddb/trigger.conf
+index 44f9f36..413a182 100644
+--- a/raddb/trigger.conf
++++ b/raddb/trigger.conf
+@@ -222,11 +222,8 @@ trigger {
+ # A connection to the DB has been closed
+ close = "${snmptrap}::serverModuleConnectionDown ${args}"
+
+- # Failed to open a new connection to the DB
+- fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+-
+- # There are no DB handles available.
+- none = "${snmptrap}::serverModuleConnectionNone ${args}"
++ # The module has been HUP'd via radmin
++ hup = "${snmptrap}::serverModuleHup ${args}"
+ }
+
+ # The SQL module
+@@ -243,12 +240,13 @@ trigger {
+ # Failed to open a new connection to the DB
+ fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+
+- # There are no DB handles available.
+- none = "${snmptrap}::serverModuleConnectionNone ${args}"
++ # The module has been HUP'd via radmin
++ hup = "${snmptrap}::serverModuleHup ${args}"
+ }
+
+- # You can use the same opn / close / fail / none triggers for
+- # any module which uses the "pool" directive.
++ # You can also use connection pool's start/stop/open/close triggers
++ # for any module which uses the "pool" section, here and under
++ # pool.trigger in module configuration.
+ }
+ }
+
+@@ -267,10 +265,9 @@ trigger {
+ # home_server_pool.fallback
+ # home_server_pool.normal
+ # modules.*.hup
+-# modules.ldap.fail
++# modules.ldap.timeout
+ # modules.sql.close
+ # modules.sql.fail
+-# modules.sql.none
+ # modules.sql.open
+ # server.client.add
+ # server.max_requests
+@@ -278,3 +275,7 @@ trigger {
+ # server.signal.term
+ # server.start
+ # server.stop
++# server.thread.max_threads
++# server.thread.start
++# server.thread.stop
++# server.thread.unresponsive
+--
+2.1.1
+
diff --git a/freeradius-raddb-use-appropriate-module-names-in-traps.patch b/freeradius-raddb-use-appropriate-module-names-in-traps.patch
new file mode 100644
index 0000000..0455dbb
--- /dev/null
+++ b/freeradius-raddb-use-appropriate-module-names-in-traps.patch
@@ -0,0 +1,83 @@
+From 039f85dfe9a09478c9581b87113e73e2205abd53 Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
+Date: Thu, 16 Oct 2014 13:59:51 +0300
+Subject: [PATCH 3/4] raddb: Use appropriate module names in traps
+
+Specify appropriate module names for all module traps in trigger.conf,
+instead of using "ldap" for all.
+---
+ raddb/trigger.conf | 29 +++++++++++++++++++----------
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/raddb/trigger.conf b/raddb/trigger.conf
+index b80089c..44f9f36 100644
+--- a/raddb/trigger.conf
++++ b/raddb/trigger.conf
+@@ -194,12 +194,15 @@ trigger {
+ # "trigger" subsection in the module configuration.
+ modules {
+ # Common arguments
+- args = "radiusdModuleName s ldap radiusdModuleInstance s ''"
++ args = "radiusdModuleInstance s ''"
+
+ # The files module
+ files {
++ # Common arguments
++ args = "radiusdModuleName s files ${..args}"
++
+ # The module has been HUP'd via radmin
+- hup = "${snmptrap}::serverModuleHup ${..args}"
++ hup = "${snmptrap}::serverModuleHup ${args}"
+
+ # Note that "hup" can be used for every module
+ # which can be HUP'd via radmin
+@@ -210,32 +213,38 @@ trigger {
+ # an LDAP connection ofr every "bind as user". Be aware that
+ # this will likely produce a lot of triggers.
+ ldap {
++ # Common arguments
++ args = "radiusdModuleName s ldap ${..args}"
++
+ # A new connection to the DB has been opened
+- open = "${snmptrap}::serverModuleConnectionUp ${..args}"
++ open = "${snmptrap}::serverModuleConnectionUp ${args}"
+
+ # A connection to the DB has been closed
+- close = "${snmptrap}::serverModuleConnectionDown ${..args}"
++ close = "${snmptrap}::serverModuleConnectionDown ${args}"
+
+ # Failed to open a new connection to the DB
+- fail = "${snmptrap}::serverModuleConnectionFail ${..args}"
++ fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+
+ # There are no DB handles available.
+- none = "${snmptrap}::serverModuleConnectionNone ${..args}"
++ none = "${snmptrap}::serverModuleConnectionNone ${args}"
+ }
+
+ # The SQL module
+ sql {
++ # Common arguments
++ args = "radiusdModuleName s sql ${..args}"
++
+ # A new connection to the DB has been opened
+- open = "${snmptrap}::serverModuleConnectionUp ${..args}"
++ open = "${snmptrap}::serverModuleConnectionUp ${args}"
+
+ # A connection to the DB has been closed
+- close = "${snmptrap}::serverModuleConnectionDown ${..args}"
++ close = "${snmptrap}::serverModuleConnectionDown ${args}"
+
+ # Failed to open a new connection to the DB
+- fail = "${snmptrap}::serverModuleConnectionFail ${..args}"
++ fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+
+ # There are no DB handles available.
+- none = "${snmptrap}::serverModuleConnectionNone ${..args}"
++ none = "${snmptrap}::serverModuleConnectionNone ${args}"
+ }
+
+ # You can use the same opn / close / fail / none triggers for
+--
+2.1.1
+
diff --git a/freeradius.spec b/freeradius.spec
index 18a80d3..b753403 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -33,6 +33,12 @@ Patch9: freeradius-dont-swap-uint128-printing-on-be.patch
Patch10: freeradius-fix-dhcp-dictionary-loading.patch
Patch11: freeradius-mention-eap-md5-in-radtest-synopsis.patch
Patch12: freeradius-add-P-option-to-radtest-synopsis.patch
+Patch13: freeradius-exec-dont-assume-request-presence-when-logging.patch
+Patch14: freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch
+Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch
+Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch
+Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch
+Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@@ -201,6 +207,12 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
%build
# Force compile/link options, extra security for network facing daemon
More information about the scm-commits
mailing list