Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 211 insertions, 0 deletions

diff --git a/raddb/mods-available/detail b/raddb/mods-available/detail
new file mode 100644
index 0000000..ccf65f9
--- /dev/null
+++ b/raddb/mods-available/detail
@@ -0,0 +1,109 @@
+# -*- text -*-
+#
+#  $Id$
+
+# Write a detailed log of all accounting records received.
+#
+detail {
+	#  Note that we do NOT use NAS-IP-Address here, as
+	#  that attribute MAY BE from the originating NAS, and
+	#  NOT from the proxy which actually sent us the
+	#  request.
+	#
+	#  The following line creates a new detail file for
+	#  every radius client (by IP address or hostname).
+	#  In addition, a new detail file is created every
+	#  day, so that the detail file doesn't have to go
+	#  through a 'log rotation'
+	#
+	#  If your detail files are large, you may also want to add
+	#  a ':%H' (see doc/configuration/variables.rst) to the end
+	#  of it, to create a new detail file every hour, e.g.:
+	#
+	#   ..../detail-%Y%m%d:%H
+	#
+	#  This will create a new detail file for every hour.
+	#
+	#  If you are reading detail files via the "listen" section
+	#  (e.g. as in raddb/sites-available/robust-proxy-accounting),
+	#  you MUST use a unique directory for each combination of a
+	#  detail file writer, and reader.  That is, there can only
+	#  be ONE "listen" section reading detail files from a
+	#  particular directory.
+	#
+	#  The configuration below puts the detail files into separate
+	#  directories for each client.  If you are reading the detail
+	#  files via the "listen" section, just use one directory.
+	#
+	#  e.g. filename = ${radacctdir}/reader1/detail-%Y%m%d
+	#
+	#  AND use a separate directory (reader2, reader3, etc.) for each
+	#  reader.
+	#
+	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
+
+	#
+	#  If you are using radrelay, delete the above line for "file",
+	#  and use this one instead:
+	#
+#	filename = ${radacctdir}/detail
+
+	#
+	#  Most file systems can handly nearly the full range of UTF-8
+	#  characters.  Ones that can deal with a limited range should
+	#  set this to "yes".
+	#
+	escape_filenames = no
+
+	#
+	#  The Unix-style permissions on the 'detail' file.
+	#
+	#  The detail file often contains secret or private
+	#  information about users.  So by keeping the file
+	#  permissions restrictive, we can prevent unwanted
+	#  people from seeing that information.
+	permissions = 0600
+
+	# The Unix group of the log file.
+	#
+	# The user that the server runs as must be in the specified
+	# system group otherwise this will fail to work.
+	#
+#	group = ${security.group}
+
+	#
+	#  Every entry in the detail file has a header which
+	#  is a timestamp.  By default, we use the ctime
+	#  format (see "man ctime" for details).
+	#
+	#  The header can be customised by editing this
+	#  string.  See "doc/configuration/variables.rst" for a
+	#  description of what can be put here.
+	#
+	header = "%t"
+
+	#
+	#  Uncomment this line if the detail file reader will be
+	#  reading this detail file.
+	#
+#	locking = yes
+
+	#
+	#  Log the Packet src/dst IP/port.  This is disabled by
+	#  default, as that information isn't used by many people.
+	#
+#	log_packet_header = yes
+
+	#
+	# Certain attributes such as User-Password may be
+	# "sensitive", so they should not be printed in the
+	# detail file.  This section lists the attributes
+	# that should be suppressed.
+	#
+	# The attributes should be listed one to a line.
+	#
+	#suppress {
+		# User-Password
+	#}
+
+}
diff --git a/raddb/mods-available/detail.example.com b/raddb/mods-available/detail.example.com
new file mode 100644
index 0000000..827cdf5
--- /dev/null
+++ b/raddb/mods-available/detail.example.com
@@ -0,0 +1,27 @@
+# -*- text -*-
+#
+#  Detail file writer, used in the following examples:
+#
+#	raddb/sites-available/robust-proxy-accounting
+#	raddb/sites-available/decoupled-accounting
+#
+#  Note that this module can write detail files that are read by
+#  only ONE "listen" section.  If you use BOTH of the examples
+#  above, you will need to define TWO "detail" modules.
+#
+#  e.g. detail1.example.com && detail2.example.com
+#
+#
+#  We write *multiple* detail files here.  They will be processed by
+#  the detail "listen" section in the order that they were created.
+#  The directory containing these files should NOT be used for any
+#  other purposes.  i.e. It should have NO other files in it.
+#
+#  Writing multiple detail enables the server to process the pieces
+#  in smaller chunks.  This helps in certain catastrophic corner cases.
+#
+#  $Id$
+#
+detail detail.example.com {
+	filename = ${radacctdir}/detail.example.com/detail-%Y%m%d:%H:%G
+}
diff --git a/raddb/mods-available/detail.log b/raddb/mods-available/detail.log
new file mode 100644
index 0000000..b91cf7c
--- /dev/null
+++ b/raddb/mods-available/detail.log
@@ -0,0 +1,75 @@
+# -*- text -*-
+#
+#  $Id$
+
+#
+#  More examples of doing detail logs.
+
+#
+#  Many people want to log authentication requests.
+#  Rather than modifying the server core to print out more
+#  messages, we can use a different instance of the 'detail'
+#  module, to log the authentication requests to a file.
+#
+#  You will also need to un-comment the 'auth_log' line
+#  in the 'authorize' section, below.
+#
+detail auth_log {
+	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
+
+	#
+	#  This MUST be 0600, otherwise anyone can read
+	#  the users passwords!
+	permissions = 0600
+
+	# You may also strip out passwords completely
+	suppress {
+		User-Password
+	}
+}
+
+#
+#  This module logs authentication reply packets sent
+#  to a NAS.  Both Access-Accept and Access-Reject packets
+#  are logged.
+#
+#  You will also need to un-comment the 'reply_log' line
+#  in the 'post-auth' section, below.
+#
+detail reply_log {
+	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
+
+	permissions = 0600
+}
+
+#
+#  This module logs packets proxied to a home server.
+#
+#  You will also need to un-comment the 'pre_proxy_log' line
+#  in the 'pre-proxy' section, below.
+#
+detail pre_proxy_log {
+	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d
+
+	#
+	#  This MUST be 0600, otherwise anyone can read
+	#  the users passwords!
+	permissions = 0600
+
+	# You may also strip out passwords completely
+	#suppress {
+		# User-Password
+	#}
+}
+
+#
+#  This module logs response packets from a home server.
+#
+#  You will also need to un-comment the 'post_proxy_log' line
+#  in the 'post-proxy' section, below.
+#
+detail post_proxy_log {
+	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d
+
+	permissions = 0600
+}