From 041912e57c889bcb50961ce94cb9124a7ada97f8 Mon Sep 17 00:00:00 2001
From: Jakub Bogusz <qboosh@pld-linux.org>
Date: Fri, 28 Nov 2003 20:45:55 +0000
Subject: [PATCH] - updated to 0.9.3 (fixes DoS vulnerability in
 "Tunnel-Password" attr handling) - added rlm_smb-overflow patch for buffer
 overflow in rlm_smb module - added ac patch to fix some ac/lt issues and
 allow rebuild ac

Changed files:
    freeradius-ac.patch -> 1.1
    freeradius-rlm_smb-overflow.patch -> 1.1
    freeradius.spec -> 1.29
---
 freeradius-ac.patch               | 327 ++++++++++++++++++++++++++++++
 freeradius-rlm_smb-overflow.patch |  18 ++
 freeradius.spec                   |  47 ++++-
 3 files changed, 385 insertions(+), 7 deletions(-)
 create mode 100644 freeradius-ac.patch
 create mode 100644 freeradius-rlm_smb-overflow.patch

diff --git a/freeradius-ac.patch b/freeradius-ac.patch
new file mode 100644
index 0000000..34de56c
--- /dev/null
+++ b/freeradius-ac.patch
@@ -0,0 +1,327 @@
+--- freeradius-0.9.3/configure.in.orig	2003-11-20 21:15:47.000000000 +0100
++++ freeradius-0.9.3/configure.in	2003-11-27 22:11:37.079670416 +0100
+@@ -68,20 +68,8 @@
+ dnl libltdl is installable
+ AC_LIBLTDL_INSTALLABLE
+ 
+-dnl use system-wide libtool, if it exists
+-AC_ARG_WITH(system-libtool, 
+-[  --with-system-libtool              try to use libtool installed in your system [default=use our own]],
+-[ AC_PATH_PROG(LIBTOOL, libtool,,$PATH:/usr/local/bin) ],
+-[
+-  LIBTOOL="`pwd`/libtool"
+-  AC_SUBST(LIBTOOL)
+-  dnl ensure that we're looking for dlopen
+-  AC_LIBTOOL_DLOPEN
+-
+-  dnl Figure out how to build shared libraries
+-  AC_PROG_LIBTOOL
+-])
+-
++AC_PROG_LIBTOOL
++AC_LIBTOOL_DLOPEN
+ 
+ dnl Put this in later, when all distributed modules use autoconf.
+ dnl AC_ARG_WITH(disablemodulefoo,
+@@ -388,15 +376,15 @@
+ fi
+ 
+ dnl Check if we need -lsocket
+-AC_CHECK_LIB(socket, getsockname)
++AC_SEARCH_LIBS(getsockname, socket)
+ 
+ dnl Check for -lresolv
+ dnl This library may be needed later.
+-AC_CHECK_LIB(resolv, inet_aton)
++AC_SEARCH_LIBS(inet_aton, resolv)
+ 
+ dnl Check if we need -lnsl. Usually if we want to
+ dnl link against -lsocket we need to include -lnsl as well.
+-AC_CHECK_LIB(nsl, inet_ntoa)
++AC_SEARCH_LIBS(inet_ntoa, nsl)
+ 
+ dnl #############################################################
+ dnl #
+@@ -889,7 +878,7 @@
+ AC_SUBST(RADIUSD_VERSION)
+ export CFLAGS LIBS
+ 
+-AC_OUTPUT(\
++AC_CONFIG_FILES(\
+ 	./Make.inc \
+ 	./src/include/build-radpaths-h \
+ 	./src/main/Makefile \
+@@ -906,14 +895,15 @@
+ 	./raddb/radiusd.conf
+ )
+ 
+-AC_OUTPUT_COMMANDS([echo timestamp > src/include/stamp-h])
+-AC_OUTPUT_COMMANDS([(cd ./src/include && /bin/sh ./build-radpaths-h)])
+-AC_OUTPUT_COMMANDS([(cd ./src/main   && chmod +x checkrad.pl radlast radtest)])
+-AC_OUTPUT_COMMANDS([(cd ./scripts    && chmod +x rc.radiusd radwatch check-radiusd-config radiusd.cron.daily radiusd.cron.monthly cryptpasswd)])
+-AC_OUTPUT_COMMANDS([
++AC_CONFIG_COMMANDS(c1,[echo timestamp > src/include/stamp-h])
++AC_CONFIG_COMMANDS(c2,[(cd ./src/include && /bin/sh ./build-radpaths-h)])
++AC_CONFIG_COMMANDS(c3,[(cd ./src/main   && chmod +x checkrad.pl radlast radtest)])
++AC_CONFIG_COMMANDS(c4,[(cd ./scripts    && chmod +x rc.radiusd radwatch check-radiusd-config radiusd.cron.daily radiusd.cron.monthly cryptpasswd)])
++AC_CONFIG_COMMANDS(c5,[
+ cat >> src/include/autoconf.h <<EOF
+ 
+ #define HOSTINFO	"$host"
+ #define RADIUSD_VERSION "$RADIUSD_VERSION"
+ EOF
+ ],host=$host)
++AC_OUTPUT
+--- freeradius-0.9.3/src/modules/rlm_ippool/configure.in.orig	1970-01-01 01:00:00.000000000 +0100
++++ freeradius-0.9.3/src/modules/rlm_ippool/configure.in	2003-11-27 22:33:07.000000000 +0100
+@@ -0,0 +1,72 @@
++AC_INIT(rlm_ippool.c)
++AC_REVISION($Revision$)
++AC_DEFUN(modname,[rlm_ippool])
++
++if test x$with_[]modname != xno; then
++
++	AC_PROG_CC
++	AC_PROG_CPP
++
++	AC_SMART_CHECK_INCLUDE(gdbm.h)
++	AC_SMART_CHECK_LIB(gdbm, gdbm_open)
++	if test "x$ac_cv_lib_gdbm_gdbm_open" != "xyes"; then
++		fail="$fail libgdbm"
++	fi
++
++	if test "x$fail" = "x"; then
++		AC_MSG_CHECKING(to see GDBM_SYNC status)
++		AC_EGREP_CPP(found-gdbm-sync, [
++#include <gdbm.h>
++#ifdef GDBM_SYNC
++	found-gdbm-sync!
++#else
++	not found.  this version must use sync by default.
++#endif
++			], [
++			AC_DEFINE(NEED_GDBM_SYNC, yes) 
++			AC_MSG_RESULT(needs it.)
++			], [
++			AC_MSG_RESULT(SYNCs by default.)
++			]
++		)
++	fi
++
++	old_LIBS=$LIBS
++	LIBS="$LIBS $SMART_LIBS"
++	AC_CHECK_FUNC(gdbm_fdesc)
++	if test "x$ac_cv_func_gdbm_fdesc" = "xyes";
++	then
++		AC_DEFINE(HAVE_GDBM_FDESC)
++	fi
++	LIBS=$old_LIBS
++
++	targetname=modname
++else
++	targetname=
++	echo \*\*\* module modname is disabled.
++fi
++
++if test x"$fail" != x""; then
++	if test x"${enable_strict_dependencies}" = x"yes"; then
++		AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.])
++	else
++		AC_MSG_WARN([silently not building ]modname[.])
++		AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.]); 
++		targetname=""
++	fi
++fi
++
++if test x"$targetname" != x""; then
++	ippool_utils="rlm_ippool_tool"
++	ippool_install="rlm_ippool_install"
++fi
++
++ippool_ldflags=$SMART_LIBS
++ippool_cflags=$SMART_CFLAGS
++AC_SUBST(ippool_ldflags)
++AC_SUBST(ippool_cflags)
++AC_SUBST(targetname)
++AC_SUBST(ippool_utils)
++AC_SUBST(ippool_install)
++AC_CONFIG_HEADER(config.h)
++AC_OUTPUT(Makefile)
+--- freeradius-0.9.3/Make.inc.in.orig	2003-01-27 19:21:28.000000000 +0100
++++ freeradius-0.9.3/Make.inc.in	2003-11-27 22:57:52.773700784 +0100
+@@ -49,7 +49,7 @@
+ RADIR		= ${radacctdir}
+ 
+ LIBLTDL		= @LIBLTDL@
+-LIBLTDLPATH	= @LIBLTDLPATH@
++LIBLTDLPATH	=
+ INCLTDL		= @INCLTDL@
+ 
+ USE_SHARED_LIBS	= @USE_SHARED_LIBS@
+--- freeradius-0.9.3/src/lib/Makefile.orig	2003-11-28 20:18:57.678459104 +0100
++++ freeradius-0.9.3/src/lib/Makefile	2003-11-28 20:20:25.055175824 +0100
+@@ -33,8 +33,8 @@
+ 
+ 
+ $(TARGET).a: $(STATIC_OBJS)
+-	$(LIBTOOL) --mode=link $(LD) \
+-	-module -static $(CFLAGS) $^ -o $@ 
++	$(LIBTOOL) --mode=link $(CC) \
++	-avoid-version -static $(CFLAGS) $^ -o $@ 
+ 
+ 
+ ifneq ($(USE_SHARED_LIBS),yes)
+@@ -43,7 +43,7 @@
+ 
+ $(TARGET).la: $(DYNAMIC_OBJS)
+ 	$(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
+-	-module $(LINK_MODE) $(CFLAGS) -o $@ -rpath $(libdir) $^ 
++	-avoid-version $(LINK_MODE) $(CFLAGS) -o $@ -rpath $(libdir) $^ -lcrypt
+ 
+ static: $(TARGET).a
+ 
+--- freeradius-0.9.3/src/modules/rules.mak.orig	2003-07-09 17:19:53.000000000 +0200
++++ freeradius-0.9.3/src/modules/rules.mak	2003-11-27 23:54:25.378946392 +0100
+@@ -69,7 +69,7 @@
+ #
+ #######################################################################
+ $(TARGET).a: $(STATIC_OBJS)
+-	$(LIBTOOL) --mode=link $(LD) \
++	$(LIBTOOL) --mode=link $(CC) \
+ 	-module -static $(CFLAGS) $(RLM_CFLAGS) $^ -o $@ 
+ 
+ #
+--- freeradius-0.9.3/src/modules/rlm_dbm/Makefile.in.orig	2001-10-26 18:59:38.000000000 +0200
++++ freeradius-0.9.3/src/modules/rlm_dbm/Makefile.in	2003-11-28 19:54:12.484242944 +0100
+@@ -8,10 +8,10 @@
+ 
+ include ../rules.mak
+ 
+-rlm_dbm_parser: rlm_dbm_parser.o ../../lib/libradius.a
++rlm_dbm_parser: rlm_dbm_parser.o ../../lib/libradius.la
+ 	$(LIBTOOL) --mode=link $(CC) $^ $(LIBS) $(RLM_LIBS) -o $@
+ 
+-rlm_dbm_cat: rlm_dbm_cat.o ../../lib/libradius.a
++rlm_dbm_cat: rlm_dbm_cat.o ../../lib/libradius.la
+ 	$(LIBTOOL) --mode=link $(CC) $^ $(LIBS) $(RLM_LIBS) -o $@
+ 
+ #
+--- freeradius-0.9.3/src/modules/rlm_mschap/Makefile.orig	2003-03-26 23:58:09.000000000 +0100
++++ freeradius-0.9.3/src/modules/rlm_mschap/Makefile	2003-11-28 19:55:21.097812096 +0100
+@@ -13,8 +13,8 @@
+ $(DYNAMIC_OBJS): $(HEADERS)
+ 
+ smbencrypt: smbencrypt.o $(HEADERS)
+-	$(CC) -I../../include $(LDFLAGS) -o smbencrypt smbencrypt.o ../../lib/libradius.a
++	$(LIBTOOL) --mode=link $(CC) -I../../include $(LDFLAGS) -o smbencrypt smbencrypt.o ../../lib/libradius.la
+ 
+ smbencrypt-install:
+ 	$(INSTALL) -d -m 755 $(R)$(bindir)
+-	$(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir)
++	$(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir)
+--- freeradius-0.9.3/src/modules/rlm_sql/drivers/rules.mak.orig	2003-06-05 22:16:54.000000000 +0200
++++ freeradius-0.9.3/src/modules/rlm_sql/drivers/rules.mak	2003-11-28 20:31:56.277094120 +0100
+@@ -67,7 +67,7 @@
+ #
+ #######################################################################
+ $(TARGET).a: $(STATIC_OBJS)
+-	$(LIBTOOL) --mode=link $(LD) -module -static $(CFLAGS) $(RLM_SQL_CFLAGS) $^ -o $@ 
++	$(LIBTOOL) --mode=link $(CC) -module -static $(CFLAGS) $(RLM_SQL_CFLAGS) $^ -o $@ 
+ 
+ #
+ #  If the module is in the list of static modules, then the "dynamic"
+--- freeradius-0.9.3/src/main/Makefile.in.orig	2003-05-01 20:57:23.000000000 +0200
++++ freeradius-0.9.3/src/main/Makefile.in	2003-11-28 21:00:46.608043832 +0100
+@@ -12,7 +12,7 @@
+ 
+ CFLAGS		+= -I../include $(SNMP_INCLUDE) 
+ LDFLAGS		+= -L../lib
+-LIBS		+= -lradius $(SNMP_LIBS)
++LIBS		+= ../lib/libradius.la $(SNMP_LIBS)
+ MODULE_LIBS	= $(STATIC_MODULES)
+ MODULE_OBJS	=
+ VFLAGS		= -DRADIUSD_MAJOR_VERSION=$(RADIUSD_MAJOR_VERSION)
+@@ -30,7 +30,7 @@
+ 
+ all:	$(BINARIES)
+ 
+-radiusd: $(SERVER_OBJS) ../lib/libradius.a $(MODULE_OBJS)
++radiusd: $(SERVER_OBJS) ../lib/libradius.la $(MODULE_OBJS)
+ 	$(LIBTOOL) --mode=link $(CC) -export-dynamic -dlopen self \
+ 		$(CFLAGS) $(LDFLAGS) -o $@ \
+ 		$(SERVER_OBJS) $(LCRYPT) $(LIBS) \
+@@ -102,14 +102,14 @@
+ radius_snmp.o: radius_snmp.c $(INCLUDES)
+ 	$(CC) $(CFLAGS) -o radius_snmp.o -c radius_snmp.c
+ 
+-radclient: radclient.o ../lib/libradius.a
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o radclient radclient.o $(LIBS)
++radclient: radclient.o ../lib/libradius.la
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o radclient radclient.o $(LIBS)
+ 
+ radclient.o: radclient.c $(INCLUDES)
+ 	$(CC) $(CFLAGS) -c radclient.c
+ 
+-radrelay: radrelay.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o ../lib/libradius.a
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o radrelay radrelay.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o $(LIBS)
++radrelay: radrelay.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o ../lib/libradius.la
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o radrelay radrelay.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o $(LIBS)
+ 
+ radrelay.o: radrelay.c $(INCLUDES)
+ 	$(CC) $(CFLAGS) -c radrelay.c
+@@ -118,24 +118,24 @@
+ 	$(CC) $(CFLAGS) -c radwho.c
+ 
+ radwho: radwho.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o
+-	$(CC) $(LDFLAGS) -o radwho radwho.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o $(LIBS)
++	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o radwho radwho.o mainconfig.o util.o nas.o client.o log.o conffile.o files.o xlat.o $(LIBS)
+ 
+ radzap.o: radzap.c $(INCLUDES)
+ 	$(CC) $(CFLAGS) -c radzap.c
+ 
+ radzap: radzap.o mainconfig.o util.o nas.o log.o client.o conffile.o files.o xlat.o
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o radzap radzap.o mainconfig.o util.o nas.o log.o client.o conffile.o files.o xlat.o $(LIBS)
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o radzap radzap.o mainconfig.o util.o nas.o log.o client.o conffile.o files.o xlat.o $(LIBS)
+ 
+ clean:
+ 	rm -rf *.o *.so *~ $(BINARIES) .libs
+ 
+ install:
+ 	$(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) radiusd	$(R)$(sbindir)
+-	$(INSTALL) -m 755 $(INSTALLSTRIP) radwho		$(R)$(bindir)
+-	$(INSTALL) -m 755 $(INSTALLSTRIP) radzap		$(R)$(bindir)
++	$(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) radwho		$(R)$(bindir)
++	$(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) radzap		$(R)$(bindir)
+ 	$(INSTALL) -m 755    radlast		$(R)$(bindir)
+-	$(INSTALL) -m 755    radclient		$(R)$(bindir)
+-	$(INSTALL) -m 755    radrelay		$(R)$(bindir)
++	$(LIBTOOL) --mode=install $(INSTALL) -m 755    radclient		$(R)$(bindir)
++	$(LIBTOOL) --mode=install $(INSTALL) -m 755    radrelay		$(R)$(bindir)
+ 	$(INSTALL) -m 755    radtest 		$(R)$(bindir)
+ 	$(INSTALL) -d -m 755			$(R)$(logdir)
+ 	$(INSTALL) -d -m 755			$(R)$(radacctdir)
+--- freeradius-0.9.3/Make.inc.in.orig	2003-11-27 22:58:15.000000000 +0100
++++ freeradius-0.9.3/Make.inc.in	2003-11-27 23:07:23.083000592 +0100
+@@ -18,8 +18,8 @@
+ logdir		= @logdir@
+ raddbdir	= @raddbdir@
+ radacctdir	= @radacctdir@
+-top_builddir	= @top_builddir@
+-top_srcdir	= @top_srcdir@
++top_builddir	= @xxx_top_builddir@
++top_srcdir	= @top_srcdir@
+ 
+ MAKE		= @MAKE@
+ CC		= @CC@
+--- freeradius-0.9.3/configure.in.orig	2003-11-27 22:58:15.000000000 +0100
++++ freeradius-0.9.3/configure.in	2003-11-27 23:08:10.301822240 +0100
+@@ -795,7 +795,8 @@
+ top_builddir=`pwd`
+ export top_builddir
+ AC_MSG_RESULT([top_builddir=$top_builddir])
+-AC_SUBST(top_builddir)
++xxx_top_builddir="$top_builddir"
++AC_SUBST(xxx_top_builddir)
+ AC_SUBST(LIBLTDL)
+ AC_SUBST(INCLTDL)
+ 
diff --git a/freeradius-rlm_smb-overflow.patch b/freeradius-rlm_smb-overflow.patch
new file mode 100644
index 0000000..4b824d7
--- /dev/null
+++ b/freeradius-rlm_smb-overflow.patch
@@ -0,0 +1,18 @@
+Fix for S-Quadra Advisory #2003-11-26
+(http://www.s-quadra.com/advisories/Adv-20031126.txt)
+taken from freeradius CVS - change with comment:
+
+ RADIUS attributes can be up to ~256 bytes long.
+ This is the pam_smb vulnerability from a while ago...
+
+--- freeradius-0.9.3/src/modules/rlm_smb/smblib.c.orig	2002-08-06 18:50:33.000000000 +0200
++++ freeradius-0.9.3/src/modules/rlm_smb/smblib.c	2003-11-28 20:38:18.699957008 +0100
+@@ -316,7 +316,7 @@
+ 
+ { struct RFCNB_Pkt *pkt;
+   int param_len, i, pkt_len, pass_len,a;
+-  char *p, pword[128];
++  char *p, pword[256];
+ 
+   /* First we need a packet etc ... but we need to know what protocol has  */
+   /* been negotiated to figure out if we can do it and what SMB format to  */
diff --git a/freeradius.spec b/freeradius.spec
index 7ba232e..31c3294 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -7,18 +7,24 @@
 Summary:	High-performance and highly configurable RADIUS server
 Summary(pl):	Szybki i wysoce konfigurowalny serwer RADIUS
 Name:		freeradius
-Version:	0.9.2
+Version:	0.9.3
 Release:	0.1
 License:	GPL
 Group:		Networking/Daemons
 Source0:	ftp://ftp.freeradius.org/pub/radius/%{name}-%{version}.tar.gz
-# Source0-md5:	b5e8cc41f112633b594de944f3e956b5
+# Source0-md5:	36f33d9dd305a2c9f1089c30a9fff0b8
 Source1:	%{name}.logrotate
 Source2:	%{name}.init
 Source3:	%{name}.pam
+Patch0:		%{name}-ac.patch
+Patch1:		%{name}-rlm_smb-overflow.patch
 URL:		http://www.freeradius.org/
-#BuildRequires:	gdbm-devel
+BuildRequires:	autoconf
+BuildRequires:	automake
+BuildRequires:	cyrus-sasl-devel
+BuildRequires:	gdbm-devel
 BuildRequires:	libltdl-devel
+BuildRequires:	libtool
 BuildRequires:	mysql-devel
 BuildRequires:	openldap-devel
 BuildRequires:	openssl-devel >= 0.9.7c
@@ -54,12 +60,34 @@ bardziej podatny na konfiguracj
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 
-%build
-touch src/modules/rlm_eap/types/rlm_eap_tls/config.h
+tail +3614 aclocal.m4 > acinclude.m4
 
-%configure2_13 \
-	--with-system-libtool \
+%build
+maindir="$(pwd)"
+for d in rlm_attr_rewrite rlm_checkval rlm_counter rlm_dbm \
+	rlm_eap/types/rlm_eap_{md5,tls} rlm_eap rlm_example \
+	rlm_ippool rlm_krb5 rlm_ldap rlm_pam rlm_perl rlm_python \
+	rlm_radutmp rlm_smb \
+	rlm_sql/drivers/rlm_sql_{db2,iodbc,mysql,oracle,postgresql,unixodbc} \
+	rlm_sql rlm_sqlcounter \
+	rlm_unix rlm_x99_token ; do
+	cd src/modules/${d}
+	%{__aclocal} -I ${maindir}
+	%{__autoconf}
+	if [ -f config.h.in ]; then
+		%{__autoheader}
+	fi
+	cd ${maindir}
+done
+#touch src/modules/rlm_eap/types/rlm_eap_tls/config.h
+%{__libtoolize}
+%{__aclocal}
+%{__autoconf}
+%{__autoheader}
+%configure \
 	--enable-strict-dependencies \
 	--with-logdir=%{_var}/log/freeradius \
 	--with-experimental-modules \
@@ -89,6 +117,10 @@ install %{SOURCE1}	$RPM_BUILD_ROOT/etc/logrotate.d/%{name}
 install %{SOURCE2}	$RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
 install %{SOURCE3}	$RPM_BUILD_ROOT/etc/pam.d/radius
 
+# remove useless static modules and library
+# rlm*.la are used (lt_dlopen)
+rm -f $RPM_BUILD_ROOT%{_libdir}/{*.a,libradius.la}
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -130,6 +162,7 @@ fi
 %attr(755,root,root) %{_sbindir}/*
 %attr(755,root,root) %{_libdir}/*.so
 %{_libdir}/*.la
+%{_datadir}/freeradius
 
 %dir %{_sysconfdir}/raddb
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/raddb/*
-- 
2.44.0