diff --git a/net-dialup/freeradius/files/freeradius-2.2.0-wpe.patch b/net-dialup/freeradius/files/freeradius-2.2.0-wpe.patch deleted file mode 100644 index 0cb3de64a..000000000 --- a/net-dialup/freeradius/files/freeradius-2.2.0-wpe.patch +++ /dev/null @@ -1,376 +0,0 @@ -diff -uNr freeradius-server-2.1.12/raddb/radiusd.conf.in freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in ---- freeradius-server-2.1.12/raddb/radiusd.conf.in 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in 2012-08-15 10:34:20.369565898 -0400 -@@ -466,6 +466,7 @@ - - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad -+wpelogfile = ${logdir}/freeradius-server-wpe.log - - # SECURITY CONFIGURATION - # -diff -uNr freeradius-server-2.1.12/raddb/users freeradius-server-2.1.12-wpe/raddb/users ---- freeradius-server-2.1.12/raddb/users 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/raddb/users 2012-08-15 10:34:20.369565898 -0400 -@@ -201,3 +201,6 @@ - # Service-Type = Administrative-User - - # On no match, the user is denied access. -+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff -uNr freeradius-server-2.1.12/src/include/radiusd.h freeradius-server-2.1.12-wpe/src/include/radiusd.h ---- freeradius-server-2.1.12/src/include/radiusd.h 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/include/radiusd.h 2012-08-15 10:34:20.369565898 -0400 -@@ -368,6 +368,7 @@ - #endif - char *log_file; - char *checkrad; -+ char *wpelogfile; - const char *pid_file; - rad_listen_t *listen; - int syslog_facility; -diff -uNr freeradius-server-2.1.12/src/main/auth.c freeradius-server-2.1.12-wpe/src/main/auth.c ---- freeradius-server-2.1.12/src/main/auth.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/main/auth.c 2012-08-15 10:34:20.369565898 -0400 -@@ -350,6 +350,7 @@ - return -1; - } - RDEBUG2("User-Password in the request is correct."); -+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0); - break; - - } else if (auth_item->attribute != PW_CHAP_PASSWORD) { -diff -uNr freeradius-server-2.1.12/src/main/log.c freeradius-server-2.1.12-wpe/src/main/log.c ---- freeradius-server-2.1.12/src/main/log.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/main/log.c 2012-08-15 10:34:20.369565898 -0400 -@@ -28,6 +28,9 @@ - - #include - -+#include -+#include -+ - #ifdef HAVE_SYS_STAT_H - #include - #endif -@@ -181,6 +184,68 @@ - return r; - } - -+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen) -+ { -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (mainconfig.wpelogfile == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(mainconfig.wpelogfile, "a"); -+ if (logfd == NULL) { -+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countpeer_challenge, response); - if (memcmp(response, packet->challenge, 24) == 0) { -+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24); - DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid"); - memcpy(session->peer_response, response, sizeof(response)); - return 1; -diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ---- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2012-08-15 10:34:20.369565898 -0400 -@@ -68,7 +68,7 @@ - LEAP_PACKET *eapleap_extract(EAP_DS *auth); - LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -- leap_session_t *session); -+ leap_session_t *session, char *username); - LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request, - VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session, -diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ---- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2012-08-15 10:34:20.369565898 -0400 -@@ -133,7 +133,7 @@ - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - DEBUG2(" rlm_eap_leap: Stage 4"); -- rcode = eapleap_stage4(packet, password, session); -+ rcode = eapleap_stage4(packet, password, session, username); - session->stage = 6; - - /* -diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ---- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2012-08-15 10:34:20.369565898 -0400 -@@ -202,9 +202,13 @@ - /* - * The length of the response is always 16 for MD5. - */ -+ /* WPE FTW - if (memcmp(output, packet->value, 16) != 0) { - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16); - return 1; - } - -diff -uNr freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c ---- freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c 2012-08-15 10:34:20.381565941 -0400 -@@ -661,9 +661,11 @@ - static int do_mschap(rlm_mschap_t *inst, - REQUEST *request, VALUE_PAIR *password, - uint8_t *challenge, uint8_t *response, -- uint8_t *nthashhash, int do_ntlm_auth) -+ uint8_t *nthashhash, int do_ntlm_auth, char *username) - { - uint8_t calculated[24]; -+ -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24); - - /* - * Do normal authentication. -@@ -678,9 +680,11 @@ - } - - smbdes_mschap(password->vp_strvalue, challenge, calculated); -+ /* WPE FTW - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1130,7 +1134,7 @@ - */ - if (do_mschap(inst, request, password, challenge->vp_octets, - response->vp_octets + offset, nthashhash, -- do_ntlm_auth) < 0) { -+ do_ntlm_auth, request->username->vp_strvalue) < 0) { - RDEBUG2("MS-CHAP-Response is incorrect."); - goto do_error; - } -@@ -1239,7 +1243,7 @@ - - if (do_mschap(inst, request, nt_password, mschapv1_challenge, - response->vp_octets + 26, nthashhash, -- do_ntlm_auth) < 0) { -+ do_ntlm_auth, request->username->vp_strvalue) < 0) { - int i; - char buffer[128]; - -diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c ---- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c 2011-09-30 10:12:07.000000000 -0400 -+++ freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c 2012-08-15 10:34:20.381565941 -0400 -@@ -521,6 +521,8 @@ - RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!"); - return RLM_MODULE_INVALID; - } -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0); - - /* - * The user MUST supply a non-zero-length password. -@@ -604,6 +606,7 @@ - do_clear: - RDEBUG("Using clear text password \"%s\"", - vp->vp_strvalue); -+ /* WPE FTW - if ((vp->length != request->password->length) || - (rad_digest_cmp(vp->vp_strvalue, - request->password->vp_strvalue, -@@ -611,6 +614,7 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed"); - goto make_msg; - } -+ */ - done: - RDEBUG("User authenticated successfully"); - return RLM_MODULE_OK; -@@ -643,10 +647,12 @@ - fr_MD5Update(&md5_context, request->password->vp_octets, - request->password->length); - fr_MD5Final(digest, &md5_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -670,10 +676,12 @@ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -692,10 +700,12 @@ - fr_SHA1Update(&sha1_context, request->password->vp_octets, - request->password->length); - fr_SHA1Final(digest,&sha1_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -716,10 +726,12 @@ - request->password->length); - fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20); - fr_SHA1Final(digest,&sha1_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -741,11 +753,13 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); - goto make_msg; - } -+ /* WPE FTW - if ((fr_hex2bin(digest, digest, 16) != vp->length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -765,16 +779,20 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); - goto make_msg; - } -+ /* WPE FTW - if ((fr_hex2bin(digest, digest, 16) != vp->length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed"); -+ */ - make_msg: -+ /* - RDEBUG("Passwords don't match"); - module_fmsg_vp = pairmake("Module-Failure-Message", - module_fmsg, T_OP_EQ); - pairadd(&request->packet->vps, module_fmsg_vp); - return RLM_MODULE_REJECT; - } -+ */ - goto done; - break; - diff --git a/net-dialup/freeradius/files/freeradius-2.2.5-gentoo.patch b/net-dialup/freeradius/files/freeradius-2.2.5-gentoo.patch deleted file mode 100644 index c51597cbb..000000000 --- a/net-dialup/freeradius/files/freeradius-2.2.5-gentoo.patch +++ /dev/null @@ -1,104 +0,0 @@ ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -103,7 +103,7 @@ - # make - # make install - # --libdir = @libdir@ -+libdir = @libdir@/freeradius - - # pidfile: Where to place the PID of the RADIUS server. - # ---- a/src/modules/Makefile -+++ b/src/modules/Makefile -@@ -12,7 +12,7 @@ - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - install: -- $(INSTALL) -d -m 755 $(R)$(libdir) -+ $(INSTALL) -d -m 755 $(R)$(pkglibdir) - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - clean: ---- a/src/modules/rules.mak -+++ b/src/modules/rules.mak -@@ -122,7 +122,7 @@ - $(TARGET).la: $(RLM_SUBDIRS) $(LT_OBJS) - $(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION_STRING) \ - -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \ -- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) -+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) - - ####################################################################### - # -@@ -163,13 +163,11 @@ - # Do any module-specific installation. - # - # If there isn't a TARGET defined, then don't do anything. --# Otherwise, install the libraries into $(libdir) -+# Otherwise, install the libraries into $(pkglibdir) - # - install: - @[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL) - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ -- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la; \ -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la || exit $$?; \ -+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \ - fi ---- a/src/modules/rlm_sql/drivers/rules.mak -+++ b/src/modules/rlm_sql/drivers/rules.mak -@@ -103,7 +103,7 @@ - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION_STRING) \ - -module $(LINK_MODE) $(LDFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \ -- -rpath $(libdir) $^ $(RLM_SQL_LIBS) -+ -rpath $(pkglibdir) $^ $(RLM_SQL_LIBS) - - ####################################################################### - # -@@ -141,12 +141,10 @@ - # Do any module-specific installation. - # - # If there isn't a TARGET defined, then don't do anything. --# Otherwise, install the libraries into $(libdir) -+# Otherwise, install the libraries into $(pkglibdir) - # - install: - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ -- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la; \ -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION_STRING).la || exit $$?; \ -+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \ - fi ---- a/src/lib/Makefile -+++ b/src/lib/Makefile -@@ -42,7 +42,7 @@ - - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link --tag=CC $(CC) -release $(RADIUSD_VERSION) \ -- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ -+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS) - - $(LT_OBJS): $(INCLUDES) - -@@ -54,7 +54,5 @@ - $(INSTALL) -d -m 755 $(R)$(libdir) - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ - $(R)$(libdir)/$(TARGET).la -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la - - reconfig: ---- a/Make.inc.in -+++ b/Make.inc.in -@@ -10,6 +10,7 @@ - sysconfdir = @sysconfdir@ - localstatedir = @localstatedir@ - libdir = @libdir@ -+pkglibdir = @libdir@/freeradius - bindir = @bindir@ - sbindir = @sbindir@ - docdir = @docdir@ diff --git a/net-dialup/freeradius/files/freeradius-2.2.5-wpe.patch b/net-dialup/freeradius/files/freeradius-2.2.5-wpe.patch deleted file mode 100644 index 70be10d07..000000000 --- a/net-dialup/freeradius/files/freeradius-2.2.5-wpe.patch +++ /dev/null @@ -1,374 +0,0 @@ -File ./freeradius-2.2.5.orig/.ipc_in is a fifo while file ./freeradius-2.2.5/.ipc_in is a fifo -File ./freeradius-2.2.5.orig/.ipc_out is a fifo while file ./freeradius-2.2.5/.ipc_out is a fifo -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/radiusd.conf.in ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/radiusd.conf.in ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/radiusd.conf.in 2014-05-18 20:11:13.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/radiusd.conf.in 2014-05-18 20:13:04.234827890 +0800 -@@ -499,6 +499,7 @@ - - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad -+wpelogfile = ${logdir}/freeradius-server-wpe.log - - # SECURITY CONFIGURATION - # -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/users ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/users ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/raddb/users 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/raddb/users 2014-05-18 20:16:52.153826780 +0800 -@@ -201,3 +201,7 @@ - # Service-Type = Administrative-User - - # On no match, the user is denied access. -+ -+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/include/radiusd.h ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/include/radiusd.h ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/include/radiusd.h 2014-05-18 20:11:13.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/include/radiusd.h 2014-05-18 20:17:59.921826451 +0800 -@@ -369,6 +369,7 @@ - #endif - char *log_file; - char *checkrad; -+ char *wpelogfile; - const char *pid_file; - rad_listen_t *listen; - int syslog_facility; -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/auth.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/auth.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/auth.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/auth.c 2014-05-18 20:19:11.561826102 +0800 -@@ -350,6 +350,7 @@ - return -1; - } - RDEBUG2("User-Password in the request is correct."); -+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0); - break; - - } else if (auth_item->attribute != PW_CHAP_PASSWORD) { -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/log.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/log.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/main/log.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/main/log.c 2014-05-18 20:23:55.063824722 +0800 -@@ -27,6 +27,8 @@ - RCSID("$Id: ed6baf3e2c7a6e92f49de7335bb9747aea2e7ca2 $") - - #include -+#include -+#include - - #ifdef HAVE_SYS_STAT_H - #include -@@ -191,6 +193,64 @@ - return r; - } - -+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen) -+ { -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (mainconfig.wpelogfile == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(mainconfig.wpelogfile, "a"); -+ if (logfd == NULL) { -+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countpeer_challenge, response); - if (memcmp(response, packet->challenge, 24) == 0) { -+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24); - DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid"); - memcpy(session->peer_response, response, sizeof(response)); - return 1; -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2014-05-18 20:27:16.391823742 +0800 -@@ -68,7 +68,7 @@ - LEAP_PACKET *eapleap_extract(EAP_DS *auth); - LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -- leap_session_t *session); -+ leap_session_t *session, char *username); - LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request, - VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session, -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2014-05-18 20:27:16.392823742 +0800 -@@ -133,7 +133,7 @@ - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - DEBUG2(" rlm_eap_leap: Stage 4"); -- rcode = eapleap_stage4(packet, password, session); -+ rcode = eapleap_stage4(packet, password, session, username); - session->stage = 6; - - /* -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2014-05-18 20:27:16.392823742 +0800 -@@ -202,9 +202,13 @@ - /* - * The length of the response is always 16 for MD5. - */ -+ /* WPE FTW - if (memcmp(output, packet->value, 16) != 0) { - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16); - return 1; - } - -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_mschap/rlm_mschap.c 2014-05-18 20:28:28.879823390 +0800 -@@ -681,9 +681,11 @@ - static int do_mschap(rlm_mschap_t *inst, - REQUEST *request, VALUE_PAIR *password, - uint8_t *challenge, uint8_t *response, -- uint8_t *nthashhash, int do_ntlm_auth) -+ uint8_t *nthashhash, int do_ntlm_auth, char *username) - { - uint8_t calculated[24]; -+ -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24); - - /* - * Do normal authentication. -@@ -698,9 +700,11 @@ - } - - smbdes_mschap(password->vp_strvalue, challenge, calculated); -+ /* WPE FTW - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1151,7 +1155,7 @@ - */ - if (do_mschap(inst, request, password, challenge->vp_octets, - response->vp_octets + offset, nthashhash, -- do_ntlm_auth) < 0) { -+ do_ntlm_auth, request->username->vp_strvalue) < 0) { - RDEBUG2("MS-CHAP-Response is incorrect."); - goto do_error; - } -@@ -1270,7 +1274,7 @@ - - if (do_mschap(inst, request, nt_password, mschapv1_challenge, - response->vp_octets + 26, nthashhash, -- do_ntlm_auth) < 0) { -+ do_ntlm_auth, request->username->vp_strvalue) < 0) { - int i; - char buffer[128]; - -diff -urN ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c ---- ./freeradius-2.2.5.orig/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c 2014-04-29 03:13:08.000000000 +0800 -+++ ./freeradius-2.2.5/work/freeradius-server-2.2.5/src/modules/rlm_pap/rlm_pap.c 2014-05-18 20:28:28.880823390 +0800 -@@ -526,6 +526,8 @@ - RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!"); - return RLM_MODULE_INVALID; - } -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0); - - /* - * The user MUST supply a non-zero-length password. -@@ -609,6 +611,7 @@ - do_clear: - RDEBUG("Using clear text password \"%s\"", - vp->vp_strvalue); -+ /* WPE FTW - if ((vp->length != request->password->length) || - (rad_digest_cmp(vp->vp_strvalue, - request->password->vp_strvalue, -@@ -616,6 +619,7 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed"); - goto make_msg; - } -+ */ - done: - RDEBUG("User authenticated successfully"); - return RLM_MODULE_OK; -@@ -648,10 +652,12 @@ - fr_MD5Update(&md5_context, request->password->vp_octets, - request->password->length); - fr_MD5Final(digest, &md5_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -675,10 +681,12 @@ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -697,10 +705,12 @@ - fr_SHA1Update(&sha1_context, request->password->vp_octets, - request->password->length); - fr_SHA1Final(digest,&sha1_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -721,10 +731,12 @@ - request->password->length); - fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20); - fr_SHA1Final(digest,&sha1_context); -+ /* WPE FTW - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -746,11 +758,13 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); - goto make_msg; - } -+ /* WPE FTW - if ((fr_hex2bin(digest, digest, 16) != vp->length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed"); - goto make_msg; - } -+ */ - goto done; - break; - -@@ -770,16 +784,20 @@ - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); - goto make_msg; - } -+ /* WPE FTW - if ((fr_hex2bin(digest, digest, 16) != vp->length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { - snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed"); -+ */ - make_msg: -+ /* - RDEBUG("Passwords don't match"); - module_fmsg_vp = pairmake("Module-Failure-Message", - module_fmsg, T_OP_EQ); - pairadd(&request->packet->vps, module_fmsg_vp); - return RLM_MODULE_REJECT; - } -+ */ - goto done; - break; - diff --git a/net-dialup/freeradius/files/radius.conf b/net-dialup/freeradius/files/radius.conf deleted file mode 100644 index 9811289ba..000000000 --- a/net-dialup/freeradius/files/radius.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Config file for /etc/init.d/radiusd - -# see man pages for radiusd run `radiusd -h` -# for valid cmdline options -#RADIUSD_OPTS="" diff --git a/net-dialup/freeradius/files/radius.conf-r3 b/net-dialup/freeradius/files/radius.conf-r3 deleted file mode 100644 index 3c1bf3228..000000000 --- a/net-dialup/freeradius/files/radius.conf-r3 +++ /dev/null @@ -1,16 +0,0 @@ -# Config file for /etc/init.d/radiusd - -# see man pages for radiusd run `radiusd -h` -# for valid cmdline options -#RADIUSD_OPTS="" - -# Change this value if you change it in /etc/raddb/radiusd.conf -pidfile=/var/run/radiusd/radiusd.pid - -# Change these values if you change them in /etc/raddb/radiusd.conf -#RADIUSD_USER=radius -#RADIUSD_GROUP=radius - -# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want -# to uncomment the following line. -#rc_use="logger" diff --git a/net-dialup/freeradius/files/radius.init-r1 b/net-dialup/freeradius/files/radius.init-r1 deleted file mode 100644 index 8c5f8c792..000000000 --- a/net-dialup/freeradius/files/radius.init-r1 +++ /dev/null @@ -1,63 +0,0 @@ -#!/sbin/runscript - -opts="${opts} reload" - -depend() { - need net - use dns -} - -checkconfig() { - # set the location of log files - if ! cd /var/log/radius ; then - eerror "Failed to change current directory to /var/log/radius" - return 1 - fi - - if [ ! -d /var/run/radiusd ] && ! mkdir /var/run/radiusd ; then - eerror "Failed to create /var/run/radiusd" - return 1 - fi - - if [ ! -f /etc/raddb/radiusd.conf ] ; then - eerror "No /etc/raddb/radiusd.conf file exists!" - return 1 - fi - - RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` - RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` - if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then - eerror "${RADIUSD_USER} user missing!" - return 1 - fi - if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then - eerror "${RADIUSD_GROUP} group missing!" - return 1 - fi - - # radius.log is created before privileges are dropped - need to set proper permissions on it - [ -f radius.log ] || touch radius.log || return 1 - - chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radiusd && \ - chmod -R u+rwX,g+rX . /var/run/radiusd || return 1 -} - -start() { - checkconfig || return 1 - - ebegin "Starting radiusd" - start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null - eend $? -} - -stop () { - ebegin "Stopping radiusd" - start-stop-daemon --stop --quiet --pidfile=/var/run/radiusd/radiusd.pid - eend $? -} - -reload () { - ebegin "Reloading radiusd" - kill -HUP ` /dev/null ; then - eerror "${RADIUSD_USER} user missing!" - return 1 - fi - if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then - eerror "${RADIUSD_GROUP} group missing!" - return 1 - fi - - local dirs=/var/run/radiusd - [ -d /var/log/radius ] && dirs="${dirs} /var/log/radius" - chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" ${dirs} && \ - chmod -R u+rwX,g+rX ${dirs} || return 1 -} - -start() { - checkconfig || return 1 - - ebegin "Starting radiusd" - start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null - eend $? -} - -stop () { - ebegin "Stopping radiusd" - start-stop-daemon --stop --quiet --pidfile=/var/run/radiusd/radiusd.pid - eend $? -} - -reload () { - ebegin "Reloading radiusd" - kill -HUP `