Import FreeBSD's libradius as of 2005/02/20, plus minor tweaks to build

o nNetBSD and a Makefile for NetBSD.

lib/libradius/Makefile

@@ -0,0 +1,22 @@
+# $NetBSD: Makefile,v 1.1.1.1 2005/02/19 23:56:30 manu Exp $
+
+USE_SHLIBDIR=	yes
+NOLINT=         # To be fixed later
+
+.include <bsd.own.mk>
+
+LIB=	libradius
+CFLAGS+=-g
+CPPFLAGS+=	-I.
+
+.if (${MKCRYPTO} != "no")
+CPPFLAGS+=	-DWITH_SSL
+.endif
+
+SRCS=	radlib.c
+
+MAN=	libradius.3 radius.conf.5
+
+CLEANFILES+= libradius.cat3 radius.conf.cat5 radlib.d 
+
+.include <bsd.lib.mk>

lib/libradius/libradius.3

@@ -0,0 +1,556 @@
+.\" Copyright 1998 Juniper Networks, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: /repoman/r/ncvs/src/lib/libradius/libradius.3,v 1.17 2004/04/27 15:00:29 ru Exp $
+.\" $NetBSD: libradius.3,v 1.1.1.1 2005/02/19 23:56:31 manu Exp $
+.\"
+.Dd April 27, 2004
+.Dt LIBRADIUS 3
+.Os
+.Sh NAME
+.Nm libradius
+.Nd RADIUS client library
+.Sh SYNOPSIS
+.In radlib.h
+.Ft "struct rad_handle *"
+.Fn rad_acct_open "void"
+.Ft int
+.Fn rad_add_server "struct rad_handle *h" "const char *host" "int port" "const char *secret" "int timeout" "int max_tries"
+.Ft "struct rad_handle *"
+.Fn rad_auth_open "void"
+.Ft void
+.Fn rad_close "struct rad_handle *h"
+.Ft int
+.Fn rad_config "struct rad_handle *h" "const char *file"
+.Ft int
+.Fn rad_continue_send_request "struct rad_handle *h" "int selected" "int *fd" "struct timeval *tv"
+.Ft int
+.Fn rad_create_request "struct rad_handle *h" "int code"
+.Ft "struct in_addr"
+.Fn rad_cvt_addr "const void *data"
+.Ft u_int32_t
+.Fn rad_cvt_int "const void *data"
+.Ft char *
+.Fn rad_cvt_string "const void *data" "size_t len"
+.Ft int
+.Fn rad_get_attr "struct rad_handle *h" "const void **data" "size_t *len"
+.Ft int
+.Fn rad_get_vendor_attr "u_int32_t *vendor" "const void **data" "size_t *len"
+.Ft int
+.Fn rad_init_send_request "struct rad_handle *h" "int *fd" "struct timeval *tv"
+.Ft int
+.Fn rad_put_addr "struct rad_handle *h" "int type" "struct in_addr addr"
+.Ft int
+.Fn rad_put_attr "struct rad_handle *h" "int type" "const void *data" "size_t len"
+.Ft int
+.Fn rad_put_int "struct rad_handle *h" "int type" "u_int32_t value"
+.Ft int
+.Fn rad_put_string "struct rad_handle *h" "int type" "const char *str"
+.Ft int
+.Fn rad_put_message_authentic "struct rad_handle *h"
+.Ft int
+.Fn rad_put_vendor_addr "struct rad_handle *h" "int vendor" "int type" "struct in_addr addr"
+.Ft int
+.Fn rad_put_vendor_attr "struct rad_handle *h" "int vendor" "int type" "const void *data" "size_t len"
+.Ft int
+.Fn rad_put_vendor_int "struct rad_handle *h" "int vendor" "int type" "u_int32_t value"
+.Ft int
+.Fn rad_put_vendor_string "struct rad_handle *h" "int vendor" "int type" "const char *str"
+.Ft ssize_t
+.Fn rad_request_authenticator "struct rad_handle *h" "char *buf" "size_t len"
+.Ft int
+.Fn rad_send_request "struct rad_handle *h"
+.Ft "const char *"
+.Fn rad_server_secret "struct rad_handle *h"
+.Ft u_char *
+.Fn rad_demangle "struct rad_handle *h" "const void *mangled" "size_t mlen"
+.Ft u_char *
+.Fn rad_demangle_mppe_key "struct rad_handle *h" "const void *mangled" "size_t mlen" "size_t *len"
+.Ft "const char *"
+.Fn rad_strerror "struct rad_handle *h"
+.Sh DESCRIPTION
+The
+.Nm
+library implements the client side of the Remote Authentication Dial
+In User Service (RADIUS).
+RADIUS, defined in RFCs 2865 and 2866,
+allows clients to perform authentication and accounting by means of
+network requests to remote servers.
+.Ss Initialization
+To use the library, an application must first call
+.Fn rad_auth_open
+or
+.Fn rad_acct_open
+to obtain a
+.Vt "struct rad_handle *" ,
+which provides the context for subsequent operations.
+The former function is used for RADIUS authentication and the
+latter is used for RADIUS accounting.
+Calls to
+.Fn rad_auth_open
+and
+.Fn rad_acct_open
+always succeed unless insufficient virtual memory is available.
+If
+the necessary memory cannot be allocated, the functions return
+.Dv NULL .
+For compatibility with earlier versions of this library,
+.Fn rad_open
+is provided as a synonym for
+.Fn rad_auth_open .
+.Pp
+Before issuing any RADIUS requests, the library must be made aware
+of the servers it can contact.
+The easiest way to configure the
+library is to call
+.Fn rad_config .
+.Fn rad_config
+causes the library to read a configuration file whose format is
+described in
+.Xr radius.conf 5 .
+The pathname of the configuration file is passed as the
+.Fa file
+argument to
+.Fn rad_config .
+This argument may also be given as
+.Dv NULL ,
+in which case the standard configuration file
+.Pa /etc/radius.conf
+is used.
+.Fn rad_config
+returns 0 on success, or \-1 if an error occurs.
+.Pp
+The library can also be configured programmatically by calls to
+.Fn rad_add_server .
+The
+.Fa host
+parameter specifies the server host, either as a fully qualified
+domain name or as a dotted-quad IP address in text form.
+The
+.Fa port
+parameter specifies the UDP port to contact on the server.
+If
+.Fa port
+is given as 0, the library looks up the
+.Ql radius/udp
+or
+.Ql radacct/udp
+service in the network
+.Xr services 5
+database, and uses the port found
+there.
+If no entry is found, the library uses the standard RADIUS
+ports, 1812 for authentication and 1813 for accounting.
+The shared secret for the server host is passed to the
+.Fa secret
+parameter.
+It may be any
+.Dv NUL Ns -terminated
+string of bytes.
+The RADIUS protocol
+ignores all but the leading 128 bytes of the shared secret.
+The timeout for receiving replies from the server is passed to the
+.Fa timeout
+parameter, in units of seconds.
+The maximum number of repeated
+requests to make before giving up is passed into the
+.Fa max_tries
+parameter.
+.Fn rad_add_server
+returns 0 on success, or \-1 if an error occurs.
+.Pp
+.Fn rad_add_server
+may be called multiple times, and it may be used together with
+.Fn rad_config .
+At most 10 servers may be specified.
+When multiple servers are given, they are tried in round-robin
+fashion until a valid response is received, or until each server's
+.Fa max_tries
+limit has been reached.
+.Ss Creating a RADIUS Request
+A RADIUS request consists of a code specifying the kind of request,
+and zero or more attributes which provide additional information.
+To
+begin constructing a new request, call
+.Fn rad_create_request .
+In addition to the usual
+.Vt "struct rad_handle *" ,
+this function takes a
+.Fa code
+parameter which specifies the type of the request.
+Most often this
+will be
+.Dv RAD_ACCESS_REQUEST .
+.Fn rad_create_request
+returns 0 on success, or \-1 on if an error occurs.
+.Pp
+After the request has been created with
+.Fn rad_create_request ,
+attributes can be attached to it.
+This is done through calls to
+.Fn rad_put_addr ,
+.Fn rad_put_int ,
+and
+.Fn rad_put_string .
+Each accepts a
+.Fa type
+parameter identifying the attribute, and a value which may be
+an Internet address, an integer, or a
+.Dv NUL Ns -terminated
+string,
+respectively.
+Alternatively,
+.Fn rad_put_vendor_addr ,
+.Fn rad_put_vendor_int
+or
+.Fn rad_put_vendor_string
+may be used to specify vendor specific attributes.
+Vendor specific
+definitions may be found in
+.In radlib_vs.h
+.Pp
+The library also provides a function
+.Fn rad_put_attr
+which can be used to supply a raw, uninterpreted attribute.
+The
+.Fa data
+argument points to an array of bytes, and the
+.Fa len
+argument specifies its length.
+.Pp
+It is possible adding the Message-Authenticator to the request.
+This is an HMAC-MD5 hash of the entire Access-Request packet (see RFC 3579).
+This attribute must be present in any packet that includes an EAP-Message
+attribute.
+It can be added by using the
+.Fn rad_put_message_authentic
+function.
+The
+.Nm
+library
+calculates the HMAC-MD5 hash implicitly before sending the request.
+If the Message-Authenticator was found inside the response packet,
+then the packet is silently dropped, if the validation failed.
+In order to get this feature, the library should be compiled with
+OpenSSL support.
+.Pp
+The
+.Fn rad_put_X
+functions return 0 on success, or \-1 if an error occurs.
+.Ss Sending the Request and Receiving the Response
+After the RADIUS request has been constructed, it is sent either by means of
+.Fn rad_send_request
+or by a combination of calls to
+.Fn rad_init_send_request
+and
+.Fn rad_continue_send_request .
+.Pp
+The
+.Fn rad_send_request
+function sends the request and waits for a valid reply,
+retrying the defined servers in round-robin fashion as necessary.
+If a valid response is received,
+.Fn rad_send_request
+returns the RADIUS code which specifies the type of the response.
+This will typically be
+.Dv RAD_ACCESS_ACCEPT ,
+.Dv RAD_ACCESS_REJECT ,
+or
+.Dv RAD_ACCESS_CHALLENGE .
+If no valid response is received,
+.Fn rad_send_request
+returns \-1.
+.Pp
+As an alternative, if you do not wish to block waiting for a response,
+.Fn rad_init_send_request
+and
+.Fn rad_continue_send_request
+may be used instead.
+If a reply is received from the RADIUS server or a
+timeout occurs, these functions return a value as described for
+.Fn rad_send_request .
+Otherwise, a value of zero is returned and the values pointed to by
+.Fa fd
+and
+.Fa tv
+are set to the descriptor and timeout that should be passed to
+.Xr select 2 .
+.Pp
+.Fn rad_init_send_request
+must be called first, followed by repeated calls to
+.Fn rad_continue_send_request
+as long as a return value of zero is given.
+Between each call, the application should call
+.Xr select 2 ,
+passing
+.Fa *fd
+as a read descriptor and timing out after the interval specified by
+.Fa tv .
+When
+.Xr select 2
+returns,
+.Fn rad_continue_send_request
+should be called with
+.Fa selected
+set to a non-zero value if
+.Xr select 2
+indicated that the descriptor is readable.
+.Pp
+Like RADIUS requests, each response may contain zero or more
+attributes.
+After a response has been received successfully by
+.Fn rad_send_request
+or
+.Fn rad_continue_send_request ,
+its attributes can be extracted one by one using
+.Fn rad_get_attr .
+Each time
+.Fn rad_get_attr
+is called, it gets the next attribute from the current response, and
+stores a pointer to the data and the length of the data via the
+reference parameters
+.Fa data
+and
+.Fa len ,
+respectively.
+Note that the data resides in the response itself,
+and must not be modified.
+A successful call to
+.Fn rad_get_attr
+returns the RADIUS attribute type.
+If no more attributes remain in the current response,
+.Fn rad_get_attr
+returns 0.
+If an error such as a malformed attribute is detected, \-1 is
+returned.
+.Pp
+If
+.Fn rad_get_attr
+returns
+.Dv RAD_VENDOR_SPECIFIC ,
+.Fn rad_get_vendor_attr
+may be called to determine the vendor.
+The vendor specific RADIUS attribute type is returned.
+The reference parameters
+.Fa data
+and
+.Fa len
+(as returned from
+.Fn rad_get_attr )
+are passed to
+.Fn rad_get_vendor_attr ,
+and are adjusted to point to the vendor specific attribute data.
+.Pp
+The common types of attributes can be decoded using
+.Fn rad_cvt_addr ,
+.Fn rad_cvt_int ,
+and
+.Fn rad_cvt_string .
+These functions accept a pointer to the attribute data, which should
+have been obtained using
+.Fn rad_get_attr
+and optionally
+.Fn rad_get_vendor_attr .
+In the case of
+.Fn rad_cvt_string ,
+the length
+.Fa len
+must also be given.
+These functions interpret the attribute as an
+Internet address, an integer, or a string, respectively, and return
+its value.
+.Fn rad_cvt_string
+returns its value as a
+.Dv NUL Ns -terminated
+string in dynamically
+allocated memory.
+The application should free the string using
+.Xr free 3
+when it is no longer needed.
+.Pp
+If insufficient virtual memory is available,
+.Fn rad_cvt_string
+returns
+.Dv NULL .
+.Fn rad_cvt_addr
+and
+.Fn rad_cvt_int
+cannot fail.
+.Pp
+The
+.Fn rad_request_authenticator
+function may be used to obtain the Request-Authenticator attribute value
+associated with the current RADIUS server according to the supplied
+rad_handle.
+The target buffer
+.Fa buf
+of length
+.Fa len
+must be supplied and should be at least 16 bytes.
+The return value is the number of bytes written to
+.Fa buf
+or \-1 to indicate that
+.Fa len
+was not large enough.
+.Pp
+The
+.Fn rad_server_secret
+returns the secret shared with the current RADIUS server according to the
+supplied rad_handle.
+.Pp
+The
+.Fn rad_demangle
+function demangles attributes containing passwords and MS-CHAPv1 MPPE-Keys.
+The return value is
+.Dv NULL
+on failure, or the plaintext attribute.
+This value should be freed using
+.Xr free 3
+when it is no longer needed.
+.Pp
+The
+.Fn rad_demangle_mppe_key
+function demangles the send- and recv-keys when using MPPE (see RFC 2548).
+The return value is
+.Dv NULL
+on failure, or the plaintext attribute.
+This value should be freed using
+.Xr free 3
+when it is no longer needed.
+.Ss Obtaining Error Messages
+Those functions which accept a
+.Vt "struct rad_handle *"
+argument record an error message if they fail.
+The error message
+can be retrieved by calling
+.Fn rad_strerror .
+The message text is overwritten on each new error for the given
+.Vt "struct rad_handle *" .
+Thus the message must be copied if it is to be preserved through
+subsequent library calls using the same handle.
+.Ss Cleanup
+To free the resources used by the RADIUS library, call
+.Fn rad_close .
+.Sh RETURN VALUES
+The following functions return a non-negative value on success.
+If
+they detect an error, they return \-1 and record an error message
+which can be retrieved using
+.Fn rad_strerror .
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Fn rad_add_server
+.It
+.Fn rad_config
+.It
+.Fn rad_create_request
+.It
+.Fn rad_get_attr
+.It
+.Fn rad_put_addr
+.It
+.Fn rad_put_attr
+.It
+.Fn rad_put_int
+.It
+.Fn rad_put_string
+.It
+.Fn rad_put_message_authentic
+.It
+.Fn rad_init_send_request
+.It
+.Fn rad_continue_send_request
+.It
+.Fn rad_send_request
+.El
+.Pp
+The following functions return a
+.No non- Ns Dv NULL
+pointer on success.
+If they are unable to allocate sufficient
+virtual memory, they return
+.Dv NULL ,
+without recording an error message.
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Fn rad_acct_open
+.It
+.Fn rad_auth_open
+.It
+.Fn rad_cvt_string
+.El
+.Pp
+The following functions return a
+.No non- Ns Dv NULL
+pointer on success.
+If they fail, they return
+.Dv NULL ,
+with recording an error message.
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Fn rad_demangle
+.It
+.Fn rad_demangle_mppe_key
+.El
+.Sh FILES
+.Bl -tag -width indent
+.It Pa /etc/radius.conf
+.El
+.Sh SEE ALSO
+.Xr radius.conf 5
+.Rs
+.%A "C. Rigney, et al"
+.%T "Remote Authentication Dial In User Service (RADIUS)"
+.%O "RFC 2865"
+.Re
+.Rs
+.%A "C. Rigney"
+.%T "RADIUS Accounting"
+.%O "RFC 2866"
+.Re
+.Rs
+.%A G. Zorn
+.%T "Microsoft Vendor-specific RADIUS attributes"
+.%O RFC 2548
+.Re
+.Rs
+.%A C. Rigney, et al
+.%T "RADIUS extensions"
+.%O RFC 2869
+.Re
+.Sh AUTHORS
+.An -nosplit
+This software was originally written by
+.An John Polstra ,
+and donated to the
+.Fx
+project by Juniper Networks, Inc.
+.An Oleg Semyonov
+subsequently added the ability to perform RADIUS
+accounting.
+Later additions and changes by
+.An Michael Bretterklieber .

lib/libradius/radius.conf.5

@@ -0,0 +1,186 @@
+.\" Copyright 1998 Juniper Networks, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radius.conf.5,v 1.8 2004/07/02 23:52:18 ru Exp $
+.\" $NetBSD: radius.conf.5,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $
+.\"
+.Dd October 30, 1999
+.Dt RADIUS.CONF 5
+.Os
+.Sh NAME
+.Nm radius.conf
+.Nd RADIUS client configuration file
+.Sh SYNOPSIS
+.Pa /etc/radius.conf
+.Sh DESCRIPTION
+.Nm
+contains the information necessary to configure the RADIUS client
+library.
+It is parsed by
+.Xr rad_config 3 .
+The file contains one or more lines of text, each describing a
+single RADIUS server which will be used by the library.
+Leading
+white space is ignored, as are empty lines and lines containing
+only comments.
+.Pp
+A RADIUS server is described by three to five fields on a line:
+.Pp
+.Bl -item -offset indent -compact
+.It
+Service type
+.It
+Server host
+.It
+Shared secret
+.It
+Timeout
+.It
+Retries
+.El
+.Pp
+The fields are separated by white space.
+The
+.Ql #
+character at the beginning of a field begins a comment, which extends
+to the end of the line.
+A field may be enclosed in double quotes,
+in which case it may contain white space and/or begin with the
+.Ql #
+character.
+Within a quoted string, the double quote character can
+be represented by
+.Ql \e\&" ,
+and the backslash can be represented by
+.Ql \e\e .
+No other escape sequences are supported.
+.Pp
+.Pp
+The first field gives the service type, either
+.Ql auth
+for RADIUS authentication or
+.Ql acct
+for RADIUS accounting.
+If a single server provides both services, two
+lines are required in the file.
+Earlier versions of this file did
+not include a service type.
+For backward compatibility, if the first
+field is not
+.Ql auth
+or
+.Ql acct
+the library behaves as if
+.Ql auth
+were specified, and interprets the fields in the line as if they
+were fields two through five.
+.Pp
+The second field specifies
+the server host, either as a fully qualified domain name or as a
+dotted-quad IP address.
+The host may optionally be followed by a
+.Ql \&:
+and a numeric port number, without intervening white space.
+If the
+port specification is omitted, it defaults to the
+.Ql radius
+or
+.Ql radacct
+service in the
+.Pa /etc/services
+file for service types
+.Ql auth
+and
+.Ql acct ,
+respectively.
+If no such entry is present, the standard ports 1812 and 1813 are
+used.
+.Pp
+The third field contains the shared secret, which should be known
+only to the client and server hosts.
+It is an arbitrary string of
+characters, though it must be enclosed in double quotes if it
+contains white space.
+The shared secret may be
+any length, but the RADIUS protocol uses only the first 128
+characters.
+N.B., some popular RADIUS servers have bugs which
+prevent them from working properly with secrets longer than 16
+characters.
+.Pp
+The fourth field contains a decimal integer specifying the timeout in
+seconds for receiving a valid reply from the server.
+If this field
+is omitted, it defaults to 3 seconds.
+.Pp
+The fifth field contains a decimal integer specifying the maximum
+number of attempts that will be made to authenticate with the server
+before giving up.
+If omitted, it defaults to 3 attempts.
+Note,
+this is the total number of attempts and not the number of retries.
+.Pp
+Up to 10 RADIUS servers may be specified for each service type.
+The servers are tried in
+round-robin fashion, until a valid response is received or the
+maximum number of tries has been reached for all servers.
+.Pp
+The standard location for this file is
+.Pa /etc/radius.conf .
+But an alternate pathname may be specified in the call to
+.Xr rad_config 3 .
+Since the file contains sensitive information in the form of the
+shared secrets, it should not be readable except by root.
+.Sh FILES
+.Pa /etc/radius.conf
+.Sh EXAMPLES
+.Bd -literal
+# A simple entry using all the defaults:
+acct  radius1.domain.com  OurLittleSecret
+
+# A server still using the obsolete RADIUS port, with increased
+# timeout and maximum tries:
+auth  auth.domain.com:1645  "I can't see you"  5  4
+
+# A server specified by its IP address:
+auth  192.168.27.81  $X*#..38947ax-+=
+.Ed
+.Sh SEE ALSO
+.Xr libradius 3
+.Rs
+.%A C. Rigney, et al
+.%T "Remote Authentication Dial In User Service (RADIUS)"
+.%O RFC 2138
+.Re
+.Rs
+.%A C. Rigney
+.%T RADIUS Accounting
+.%O RFC 2139
+.Re
+.Sh AUTHORS
+This documentation was written by
+.An John Polstra ,
+and donated to the
+.Fx
+project by Juniper Networks, Inc.

lib/libradius/radlib.h

@@ -0,0 +1,222 @@
+/* $NetBSD: radlib.h,v 1.1.1.1 2005/02/19 23:56:35 manu Exp $ */
+
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib.h,v 1.7 2004/04/27 15:00:29 ru Exp $
+ */
+
+#ifndef _RADLIB_H_
+#define _RADLIB_H_
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+/* Limits */
+#define RAD_MAX_ATTR_LEN		253
+
+/* Message types */
+#define RAD_ACCESS_REQUEST		1
+#define RAD_ACCESS_ACCEPT		2
+#define RAD_ACCESS_REJECT		3
+#define RAD_ACCOUNTING_REQUEST		4
+#define RAD_ACCOUNTING_RESPONSE		5
+#define RAD_ACCESS_CHALLENGE		11
+
+/* Attribute types and values */
+#define RAD_USER_NAME			1	/* String */
+#define RAD_USER_PASSWORD		2	/* String */
+#define RAD_CHAP_PASSWORD		3	/* String */
+#define RAD_NAS_IP_ADDRESS		4	/* IP address */
+#define RAD_NAS_PORT			5	/* Integer */
+#define RAD_SERVICE_TYPE		6	/* Integer */
+	#define RAD_LOGIN			1
+	#define RAD_FRAMED			2
+	#define RAD_CALLBACK_LOGIN		3
+	#define RAD_CALLBACK_FRAMED		4
+	#define RAD_OUTBOUND			5
+	#define RAD_ADMINISTRATIVE		6
+	#define RAD_NAS_PROMPT			7
+	#define RAD_AUTHENTICATE_ONLY		8
+	#define RAD_CALLBACK_NAS_PROMPT		9
+#define RAD_FRAMED_PROTOCOL		7	/* Integer */
+	#define RAD_PPP				1
+	#define RAD_SLIP			2
+	#define RAD_ARAP			3	/* Appletalk */
+	#define RAD_GANDALF			4
+	#define RAD_XYLOGICS			5
+#define RAD_FRAMED_IP_ADDRESS		8	/* IP address */
+#define RAD_FRAMED_IP_NETMASK		9	/* IP address */
+#define RAD_FRAMED_ROUTING		10	/* Integer */
+#define RAD_FILTER_ID			11	/* String */
+#define RAD_FRAMED_MTU			12	/* Integer */
+#define RAD_FRAMED_COMPRESSION		13	/* Integer */
+	#define RAD_COMP_NONE			0
+	#define RAD_COMP_VJ			1
+	#define RAD_COMP_IPXHDR			2
+#define RAD_LOGIN_IP_HOST		14	/* IP address */
+#define RAD_LOGIN_SERVICE		15	/* Integer */
+#define RAD_LOGIN_TCP_PORT		16	/* Integer */
+     /* unassiged			17 */
+#define RAD_REPLY_MESSAGE		18	/* String */
+#define RAD_CALLBACK_NUMBER		19	/* String */
+#define RAD_CALLBACK_ID			20	/* String */
+     /* unassiged			21 */
+#define RAD_FRAMED_ROUTE		22	/* String */
+#define RAD_FRAMED_IPX_NETWORK		23	/* IP address */
+#define RAD_STATE			24	/* String */
+#define RAD_CLASS			25	/* Integer */
+#define RAD_VENDOR_SPECIFIC		26	/* Integer */
+#define RAD_SESSION_TIMEOUT		27	/* Integer */
+#define RAD_IDLE_TIMEOUT		28	/* Integer */
+#define RAD_TERMINATION_ACTION		29	/* Integer */
+#define RAD_CALLED_STATION_ID		30	/* String */
+#define RAD_CALLING_STATION_ID		31	/* String */
+#define RAD_NAS_IDENTIFIER		32	/* Integer */
+#define RAD_PROXY_STATE			33	/* Integer */
+#define RAD_LOGIN_LAT_SERVICE		34	/* Integer */
+#define RAD_LOGIN_LAT_NODE		35	/* Integer */
+#define RAD_LOGIN_LAT_GROUP		36	/* Integer */
+#define RAD_FRAMED_APPLETALK_LINK	37	/* Integer */
+#define RAD_FRAMED_APPLETALK_NETWORK	38	/* Integer */
+#define RAD_FRAMED_APPLETALK_ZONE	39	/* Integer */
+     /* reserved for accounting		40-59 */
+#define RAD_ACCT_INPUT_GIGAWORDS	52
+#define RAD_ACCT_OUTPUT_GIGAWORDS	53
+
+#define RAD_CHAP_CHALLENGE		60	/* String */
+#define RAD_NAS_PORT_TYPE		61	/* Integer */
+	#define RAD_ASYNC			0
+	#define RAD_SYNC			1
+	#define RAD_ISDN_SYNC			2
+	#define RAD_ISDN_ASYNC_V120		3
+	#define RAD_ISDN_ASYNC_V110		4
+	#define RAD_VIRTUAL			5
+	#define RAD_PIAFS			6
+	#define RAD_HDLC_CLEAR_CHANNEL		7
+	#define RAD_X_25			8
+	#define RAD_X_75			9
+	#define RAD_G_3_FAX			10
+	#define RAD_SDSL			11
+	#define RAD_ADSL_CAP			12
+	#define RAD_ADSL_DMT			13
+	#define RAD_IDSL			14
+	#define RAD_ETHERNET			15
+	#define RAD_XDSL			16
+	#define RAD_CABLE			17
+	#define RAD_WIRELESS_OTHER		18
+	#define RAD_WIRELESS_IEEE_802_11	19
+#define RAD_PORT_LIMIT			62	/* Integer */
+#define RAD_LOGIN_LAT_PORT		63	/* Integer */
+#define RAD_CONNECT_INFO		77	/* String */
+#define RAD_EAP_MESSAGE			79	/* Octets */
+#define RAD_MESSAGE_AUTHENTIC		80	/* Octets */
+#define RAD_ACCT_INTERIM_INTERVAL	85	/* Integer */
+#define RAD_NAS_IPV6_ADDRESS		95	/* IPv6 address */
+#define RAD_FRAMED_INTERFACE_ID		96	/* 8 octets */
+#define RAD_FRAMED_IPV6_PREFIX		97	/* Octets */
+#define RAD_LOGIN_IPV6_HOST		98	/* IPv6 address */
+#define RAD_FRAMED_IPV6_ROUTE		99	/* String */
+#define RAD_FRAMED_IPV6_POOL		100	/* String */
+
+/* Accounting attribute types and values */
+#define RAD_ACCT_STATUS_TYPE		40	/* Integer */
+	#define RAD_START			1
+	#define RAD_STOP			2
+	#define RAD_UPDATE			3
+	#define RAD_ACCOUNTING_ON		7
+	#define RAD_ACCOUNTING_OFF		8
+#define RAD_ACCT_DELAY_TIME		41	/* Integer */
+#define RAD_ACCT_INPUT_OCTETS		42	/* Integer */
+#define RAD_ACCT_OUTPUT_OCTETS		43	/* Integer */
+#define RAD_ACCT_SESSION_ID		44	/* String */
+#define RAD_ACCT_AUTHENTIC		45	/* Integer */
+	#define RAD_AUTH_RADIUS			1
+	#define RAD_AUTH_LOCAL			2
+	#define RAD_AUTH_REMOTE			3
+#define RAD_ACCT_SESSION_TIME		46	/* Integer */
+#define RAD_ACCT_INPUT_PACKETS		47	/* Integer */
+#define RAD_ACCT_OUTPUT_PACKETS		48	/* Integer */
+#define RAD_ACCT_TERMINATE_CAUSE	49	/* Integer */
+        #define RAD_TERM_USER_REQUEST		1
+        #define RAD_TERM_LOST_CARRIER		2
+        #define RAD_TERM_LOST_SERVICE		3
+        #define RAD_TERM_IDLE_TIMEOUT		4
+        #define RAD_TERM_SESSION_TIMEOUT	5
+        #define RAD_TERM_ADMIN_RESET		6
+        #define RAD_TERM_ADMIN_REBOOT		7
+        #define RAD_TERM_PORT_ERROR		8
+        #define RAD_TERM_NAS_ERROR		9
+        #define RAD_TERM_NAS_REQUEST		10
+        #define RAD_TERM_NAS_REBOOT		11
+        #define RAD_TERM_PORT_UNNEEDED		12
+        #define RAD_TERM_PORT_PREEMPTED		13
+        #define RAD_TERM_PORT_SUSPENDED		14
+        #define RAD_TERM_SERVICE_UNAVAILABLE    15
+        #define RAD_TERM_CALLBACK		16
+        #define RAD_TERM_USER_ERROR		17
+        #define RAD_TERM_HOST_REQUEST		18
+#define	RAD_ACCT_MULTI_SESSION_ID	50	/* String */
+#define	RAD_ACCT_LINK_COUNT		51	/* Integer */
+
+struct rad_handle;
+struct timeval;
+
+__BEGIN_DECLS
+struct rad_handle	*rad_acct_open(void);
+int			 rad_add_server(struct rad_handle *,
+			    const char *, int, const char *, int, int);
+struct rad_handle	*rad_auth_open(void);
+void			 rad_close(struct rad_handle *);
+int			 rad_config(struct rad_handle *, const char *);
+int			 rad_continue_send_request(struct rad_handle *, int,
+			    int *, struct timeval *);
+int			 rad_create_request(struct rad_handle *, int);
+struct in_addr		 rad_cvt_addr(const void *);
+u_int32_t		 rad_cvt_int(const void *);
+char			*rad_cvt_string(const void *, size_t);
+int			 rad_get_attr(struct rad_handle *, const void **,
+			    size_t *);
+int			 rad_init_send_request(struct rad_handle *, int *,
+			    struct timeval *);
+struct rad_handle	*rad_open(void);  /* Deprecated, == rad_auth_open */
+int			 rad_put_addr(struct rad_handle *, int, struct in_addr);
+int			 rad_put_attr(struct rad_handle *, int,
+			    const void *, size_t);
+int			 rad_put_int(struct rad_handle *, int, u_int32_t);
+int			 rad_put_string(struct rad_handle *, int,
+			    const char *);
+int			 rad_put_message_authentic(struct rad_handle *);
+ssize_t			 rad_request_authenticator(struct rad_handle *, char *,
+			    size_t);
+int			 rad_send_request(struct rad_handle *);
+const char		*rad_server_secret(struct rad_handle *);
+const char		*rad_strerror(struct rad_handle *);
+u_char			*rad_demangle(struct rad_handle *, const void *,
+			    size_t);
+
+__END_DECLS
+
+#endif /* _RADLIB_H_ */

lib/libradius/radlib_private.h

@@ -0,0 +1,105 @@
+/* $NetBSD: radlib_private.h,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $ */
+
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib_private.h,v 1.6 2004/04/27 15:00:29 ru Exp $
+ */
+
+#ifndef RADLIB_PRIVATE_H
+#define RADLIB_PRIVATE_H
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+#include "radlib.h"
+#include "radlib_vs.h"
+
+/* Handle types */
+#define RADIUS_AUTH		0   /* RADIUS authentication, default */
+#define RADIUS_ACCT		1   /* RADIUS accounting */
+
+/* Defaults */
+#define MAXTRIES		3
+#define PATH_RADIUS_CONF	"/etc/radius.conf"
+#define RADIUS_PORT		1812
+#define RADACCT_PORT		1813
+#define TIMEOUT			3	/* In seconds */
+
+/* Limits */
+#define ERRSIZE		128		/* Maximum error message length */
+#define MAXCONFLINE	1024		/* Maximum config file line length */
+#define MAXSERVERS	10		/* Maximum number of servers to try */
+#define MSGSIZE		4096		/* Maximum RADIUS message */
+#define PASSSIZE	128		/* Maximum significant password chars */
+
+/* Positions of fields in RADIUS messages */
+#define POS_CODE	0		/* Message code */
+#define POS_IDENT	1		/* Identifier */
+#define POS_LENGTH	2		/* Message length */
+#define POS_AUTH	4		/* Authenticator */
+#define LEN_AUTH	16		/* Length of authenticator */
+#define POS_ATTRS	20		/* Start of attributes */
+
+struct rad_server {
+	struct sockaddr_in addr;	/* Address of server */
+	char		*secret;	/* Shared secret */
+	int		 timeout;	/* Timeout in seconds */
+	int		 max_tries;	/* Number of tries before giving up */
+	int		 num_tries;	/* Number of tries so far */
+};
+
+struct rad_handle {
+	int		 fd;		/* Socket file descriptor */
+	struct rad_server servers[MAXSERVERS];	/* Servers to contact */
+	int		 num_servers;	/* Number of valid server entries */
+	int		 ident;		/* Current identifier value */
+	char		 errmsg[ERRSIZE];	/* Most recent error message */
+	unsigned char	 request[MSGSIZE];	/* Request to send */
+	char	 	 request_created; /* rad_create_request() called? */
+	int		 req_len;	/* Length of request */
+	char		 pass[PASSSIZE];	/* Cleartext password */
+	size_t		 pass_len;	/* Length of cleartext password */
+	int		 pass_pos;	/* Position of scrambled password */
+	char	 	 chap_pass;	/* Have we got a CHAP_PASSWORD ? */
+	int		 authentic_pos;	/* Position of message authenticator */
+	char		 eap_msg;	/* Are we an EAP Proxy? */
+	unsigned char	 response[MSGSIZE];	/* Response received */
+	size_t		 resp_len;	/* Length of response */
+	int		 resp_pos;	/* Current position scanning attrs */
+	int		 total_tries;	/* How many requests we'll send */
+	int		 try;		/* How many requests we've sent */
+	int		 srv;		/* Server number we did last */
+	int		 type;		/* Handle type */
+};
+
+struct vendor_attribute {
+	u_int32_t vendor_value;
+	u_char attrib_type;
+	u_char attrib_len;
+	u_char attrib_data[1];
+};
+
+#endif

lib/libradius/radlib_vs.h

@@ -0,0 +1,86 @@
+/* $NetBSD: radlib_vs.h,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $ */
+
+/*-
+ * Copyright (c) 2002 Brian Somers <brian@Awfulhak.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib_vs.h,v 1.3 2004/04/27 15:00:29 ru Exp $
+ */
+
+#ifndef _RADLIB_VS_H_
+#define _RADLIB_VS_H_
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+#define	RAD_VENDOR_MICROSOFT	311		/* rfc2548 */
+	#define	RAD_MICROSOFT_MS_CHAP_RESPONSE			1
+	#define	RAD_MICROSOFT_MS_CHAP_ERROR			2
+	#define	RAD_MICROSOFT_MS_CHAP_PW_1			3
+	#define	RAD_MICROSOFT_MS_CHAP_PW_2			4
+	#define	RAD_MICROSOFT_MS_CHAP_LM_ENC_PW			5
+	#define	RAD_MICROSOFT_MS_CHAP_NT_ENC_PW			6
+	#define	RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY		7
+	#define	RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES		8
+	#define	RAD_MICROSOFT_MS_RAS_VENDOR			9
+	#define	RAD_MICROSOFT_MS_CHAP_DOMAIN			10
+	#define	RAD_MICROSOFT_MS_CHAP_CHALLENGE			11
+	#define	RAD_MICROSOFT_MS_CHAP_MPPE_KEYS			12
+	#define	RAD_MICROSOFT_MS_BAP_USAGE			13
+	#define	RAD_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD	14
+	#define	RAD_MICROSOFT_MS_LINK_DROP_TIME_LIMIT		15
+	#define	RAD_MICROSOFT_MS_MPPE_SEND_KEY			16
+	#define	RAD_MICROSOFT_MS_MPPE_RECV_KEY			17
+	#define	RAD_MICROSOFT_MS_RAS_VERSION			18
+	#define	RAD_MICROSOFT_MS_OLD_ARAP_PASSWORD		19
+	#define	RAD_MICROSOFT_MS_NEW_ARAP_PASSWORD		20
+	#define	RAD_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON	21
+	#define	RAD_MICROSOFT_MS_FILTER				22
+	#define	RAD_MICROSOFT_MS_ACCT_AUTH_TYPE			23
+	#define	RAD_MICROSOFT_MS_ACCT_EAP_TYPE			24
+	#define	RAD_MICROSOFT_MS_CHAP2_RESPONSE			25
+	#define	RAD_MICROSOFT_MS_CHAP2_SUCCESS			26
+	#define	RAD_MICROSOFT_MS_CHAP2_PW			27
+	#define	RAD_MICROSOFT_MS_PRIMARY_DNS_SERVER		28
+	#define	RAD_MICROSOFT_MS_SECONDARY_DNS_SERVER		29
+	#define	RAD_MICROSOFT_MS_PRIMARY_NBNS_SERVER		30
+	#define	RAD_MICROSOFT_MS_SECONDARY_NBNS_SERVER		31
+	#define	RAD_MICROSOFT_MS_ARAP_CHALLENGE			33
+
+#define SALT_LEN    2
+
+struct rad_handle;
+
+__BEGIN_DECLS
+int	 rad_get_vendor_attr(u_int32_t *, const void **, size_t *);
+int	 rad_put_vendor_addr(struct rad_handle *, int, int, struct in_addr);
+int	 rad_put_vendor_attr(struct rad_handle *, int, int, const void *,
+	    size_t);
+int	 rad_put_vendor_int(struct rad_handle *, int, int, u_int32_t);
+int	 rad_put_vendor_string(struct rad_handle *, int, int, const char *);
+u_char	*rad_demangle_mppe_key(struct rad_handle *, const void *, size_t,
+	    size_t *);
+__END_DECLS
+
+#endif /* _RADLIB_VS_H_ */

lib/libradius/shlib_version

@@ -0,0 +1,5 @@
+#	$NetBSD: shlib_version,v 1.1.1.1 2005/02/19 23:56:36 manu Exp $
+#	Remember to update distrib/sets/lists/base/shl.* when changing
+#
+major=0
+minor=0