diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest index 493814626..9f52e883b 100644 --- a/net-dialup/freeradius/Manifest +++ b/net-dialup/freeradius/Manifest @@ -1,30 +1,20 @@ AUX clients_wpe.conf 390 SHA256 ecc817541c5f49ef6a2ddaf87f5f87b760776375a4239aaa618d48b36e4c2497 SHA512 faf5c788187851cc74415fb790afd6cc753ceb3d9e7d838e022212e78d205ca5f7251389ee5aff5f40fa8141cd2a8dd2dc62fc9088a356fd7ed636923493151d WHIRLPOOL bb21e49aced897cea608d43ea9218ef0868c30150b330b7bd5c881ebf1473cce89ea5f5412b8dd8331ffb22cd4a4e562f5e639adf8bb7cc897273e53765cbeee AUX eap_wpe.conf 5594 SHA256 2ab71bc501bf0f9b1e09e3a97db23c291672b3ae01f15beb4be2b71ceedc4111 SHA512 abd21acba79497803e00d4cad6cc7ff0ac643b70cad42ee6b7bc9a9f0a7a54e6eb958d5d723e3927af908c1d26c78d2d249ec349445a15f5a498e52e6f1ecf51 WHIRLPOOL 4c2a6d7b636e8df65f3c7f3abd623dd05ecd198278d640908b4b95ccc8aedd0d7a719409b73acd1893937a2da54082957643856b32c2e04d06e44ab347bec0f7 -AUX freeradius-2.1.10-ipv6.patch 453 SHA256 15a227b1a9cb213763170e7f030bb30521af26ae1920a4acf51499a6628d492d SHA512 73c6ec69b830c9a9c58d93ef6d8764062938ef9757c4bb3063302b66ef456592f5e100acdfc302a0dc076d0c20eca63a176eabed1ba86ebc50be43db0dd9626d WHIRLPOOL 37bc461bb794d6f3b6be47805e46ee72e16f273455afc8b1fb0ec981b5914a787b48ec6773f728e8bcc08426dccf43855ef7f7447b72ba21b3efb24b8be7fde9 -AUX freeradius-2.1.10-pkglibdir.patch 2551 SHA256 19e366a1eba9423185c5a7139f3affd0100a46ac94f5993f84a54cc77251bafc SHA512 4f2f813078aa6d08d0a576886cb5410d6152924c571726cfb965c87af880cbe52f9e8b7acc83ad78b00194c76ee444291d55a2c51a2e26c59336232b9e97f1e8 WHIRLPOOL 4c18d8530ac64ebfdc1ab70bc2bdc918d6692ac1b456890cd0727a312f2a65d7f49ac9ef07262b78cf1650078cfbd540034e1195566ca611c51d8879afbe53f6 -AUX freeradius-2.1.10-qafixes.patch 56665 SHA256 10f8875ed0ca90b6075513030b9ce3cff62386c361ba7d494ca778f438fcf096 SHA512 1def6f12f31983ef5965a21e1fca5b1af2a111d2e956c3ae4a1ff4928499783c9b6fc51224e05450dd8d41a99609fcc72a9fa4a0490ba33b4ab989fd36de354d WHIRLPOOL 9b229750607a0c4bc2b011ebbdf0e2694d7c868f5fbf2bdb6ac0d4da25a0921d05b2a6a615ae5abce7a39dd57a3bf754fc22da697406e122ee77d3683d7e46f6 -AUX freeradius-2.1.10-ssl.patch 582 SHA256 8ba257bea3504f1b800185af49ca0fe2a3f9bf65f0699c73e39f02e712467cef SHA512 b461158b05c404af87aa0c461e3d301780b9f5f1be935304258da51384d47024af0761ee14fe00c285f6586466484cee35c2d08089b0cef47b97bee58a66e6f0 WHIRLPOOL 82c759651b60bbfcec654404479e39494e33a297d0e76759564b2e15a6b5f51294be4e291f583765b319db27678b3912a76b0138ef70d23524bda255ddd23274 -AUX freeradius-2.1.10-versionless-la-files.patch 2404 SHA256 8668376594966a6440df8a720560602ac290cedf45bce3b23d38b5a8a685c1db SHA512 c90a241c848974736fa0ab761741a47b53d0b518e2640ddbf6147834763e870b72e56fd8e40077de56074f7f925212e4b8a4eda33f0b1b5557b3d7e2217081ee WHIRLPOOL fc75bce59bde62c19cd196fcf814fb98df7fc10b3298a422e03e7aa071be2a0c9ab488ae1590b3ba33c5304951edf6445d9177602e7ba1025535ab8bb934aaf2 AUX freeradius-2.1.11-wpe.patch 13697 SHA256 f56257eea5b228c096e781f6aded15f969bc6f7079a53fb73538988593c20649 SHA512 9fc717eaa66ddd60f5454c13e38b949e9649dd1f83e702c9ed8efef54e9b1a5df7077a9ea3e7afa7d17a640336bf0e3f108f4b25a67402cfc534e5029337dba2 WHIRLPOOL 02d645ad864c9c1afc5d1a1d716fa34548ae92c8d24e88c19ecccb703c168f1438b897d7057eefa7f15cfc8bafd6196f144bcbccf65ceafe6d73c74a868e548a AUX freeradius-2.1.12-pkglibdir.patch 2555 SHA256 e0b0444d2ecd30518ad00df3d8744ae64adf6bab640bae977b31e0220614b5dd SHA512 4c9681fd5f6f843eb01346b273b34896412b37d6fe7cc4e6e563ebc8e919369da0f753e52fc23ba50ba58e06ba4ef5b8bb351d478972526c377b8c7900d5105a WHIRLPOOL a42ddbac304429dc013bcf174fcd5cb9d16c181d72557ba0efaea2aee3af9023ce799c5c1d8d8c0c4cc0d19bb39c03c2fb9e38d5fa00c6d881183127dc50dd2c AUX freeradius-2.1.12-qafixes.patch 3716 SHA256 f50a79b94f87a06330c95a77018e32e3ddff290d3b56a1260a637d8283476580 SHA512 76130b3afcd5e11492e04f60a1e8a5a4f5cc37f594640b36194b48eb6a514cfd3d142a6f67eb171ff69a9e02ada877f5fe0302f589724a3bdd5e04bec8fbbb9c WHIRLPOOL 4d5352d88e262acd7ab17c06b75aaafbc00a24eab4b51fdfad735c0d17bb818cd74dbffa26289965ec0ebe69cefc7d269516575995cf1dc6f236cf53ed5f485a AUX freeradius-2.1.12-ssl.patch 583 SHA256 e7a348ad24de18f5299c2d0544d6a8ed25913a00955c2bdb108d763163b38fab SHA512 aed2dbe6207d23069910dbb330af560e61cc36bb7827552af8ec2560101255ac5ffbd9c2817e964024ea6a6517fd415fc5d3e9c4c0c12282dcdf4adfafdd8727 WHIRLPOOL 32bb834f4585769326a254642c2cad1b254e8659659889010407f26483bf747aafffd77a788556d5ad1678ff4c8ebf560cd9801ad8ce11c3f7c070bde984a930 AUX freeradius-2.1.12-versionless-la-files.patch 2408 SHA256 edf8a85096492b36e9c1c1e48aea733d5134c44c789621dce948c36227549e74 SHA512 e0b465985538f9a3de2b8254e0d8e177fa6a8d4b2e483b44618f9e0fbc03b068eb61638c00e22e6be22fda3e2b74212c9e7dde223b1621836b6bea2aa9a5c616 WHIRLPOOL e223943de35b9d8b068eb6c84b2832a04613a467bbcb0fa7925aa4adfe506cd3bc30fe0acc4b546be549d88468a1d8e8139b9b4d25a5c3e27de7202ca9eef3e6 -AUX freeradius-2.1.7-nothreads.patch 514 SHA256 cad3e87971a5824d8f17fa462d7a9b0fe317261704eeebffdc404c4d41f2787a SHA512 3cc884e4469c5b9ddf551e915c1f009c17866f4647d8e090ba5928efcfae89031fbb6edde128c541faf4bc5e123847544974a514d3661d82514b91ee43729bed WHIRLPOOL 62dfb7003d87dfdc52aa92a35411e30b60877b406c5ec6975d5a74ba766635018cd1bc68892c5343bb839cce39bf68c3c26d5fc9a14d10b987edf344b351c8e7 -AUX freeradius-2.1.7-pkglibdir.patch 2547 SHA256 bd7c15f0c66e80ed07bb98a731217c5260e30d628b7305849d57c907f860b1c1 SHA512 7e12d5d3d1b05cba21ce5efb82d51d9e9d66fc34410c2b1a551f03c2bcdb882be7f59d28ed98181817657f6243ca4a69224717b59fc5fcb80ffe808f458fb34c WHIRLPOOL a20b474b2e8a828dd50fd5133bac446a375046626453e201e3b45c28dfc558695fc92d2ef184c8b34cc3285ecc81dc3c4483ab915c25754a8965df3c3a8289c5 -AUX freeradius-2.1.7-qafixes.patch 3686 SHA256 f0b3fc440636eeb33cc42a36d3ff344c816db55a8295bdbe816d00d4214eb1ec SHA512 5111fae1db42eb635ecdf7d4692b1295de37462a917b29d82914376df0cbeee320ba190b90bdd5585227717b2225d42bbf88dbe922ea97a207d6fcca51f7c910 WHIRLPOOL 67dc28916afc994259e6a817ce1e7ede58a7e212c08ebecfdd86fb345d77568531827f61a876979cc707138a7b323d5bcb2ffb85a5b49fd173fc8e3a028dfc84 -AUX freeradius-2.1.7-ssl.patch 577 SHA256 a7a3ed31fd470c23035f79a5b6252e163dde430a5d9dbcad5cf75bbd34b78672 SHA512 1e08950d504fa04d89c640f453da43c74072c55fb46d94e618a3afa05437051a44c8a17bc6f7e6d9a435f6a7a54727507292526cbf8ef33c40297808e4ca4a04 WHIRLPOOL 2dd491dbee00e38eac55a846c10572fecda25e0e700f515d20d7f6cb9581f5f1e1d26243af711fe37f2b850937b666ab26e1ca4c3ff636ae0edb2a9a01a3bda8 -AUX freeradius-2.1.7-versionless-la-files.patch 1747 SHA256 4e60188f1a2cd63b6dc775dbc8d09afd93e94b43431f7a930fed86399dd4883b SHA512 1be152682c6617a7683c8f3a016160f35de45aa116280b508f7f6c40b33c96d2480a3d7eda01b1a96d7d8781804c6ebd05d594be8831fd65f3b90d5f780452b3 WHIRLPOOL 934d1da163a87139e1a6b17ca57370114408efe1b59f1801acf32eb29f145fa509c031e38753f32aabe4b68412d51384abcb9cb5cbd502820b6d11283b239e85 -AUX freeradius-2.1.7-wpe.patch 32096 SHA256 34ae76dd578ce3a497e93a7479336b2ce6eeb13be204590b8015e060bed3ef8c SHA512 82e80802beaf1021cb74b1f20d4b8c888398794a6acb8c879236ea58dff55a6df405446a3822bb81b3a1950641d795ad2c7f65d0fb72647d47c74010e8b69232 WHIRLPOOL b44a07e1a3cef83cf62dd27dc408d40de0d50ea96e7f1ed12e2d8d65e2d453eb3f42461711e7a7959e9b132eb058390bd7eb8fa22cc31f0fc0ff67bcc0ab4616 -AUX freeradius-CVE-2012-3547.patch 591 SHA256 43a9ecfe1b536dd2d0a05460d42ca3d29e200e2413a4d36c96940e051f751014 SHA512 90c4d423f359eccc13d1054040eaacead56bf5ba5d8236c9523d5d97276243b00d39806c9c8386af12409fa5893d502a3b3d3e3d47bb6e334dce0ad0e3d24d79 WHIRLPOOL 921232d374f400671f27bc915a75f6de961692778dac645fb026643620773369b81a9a4f2a5f381b239d5c40e29dac5f5212d6d614b4419b17c17a3331bc3fc7 +AUX freeradius-2.1.12-wpe.patch 14500 SHA256 0d0f8e7ac76b0e17603d677bb94588a07111f778809ef66583423c5d0852167f SHA512 5c5a6839eed1004d436c9d42a7a3a595e86e4832bbe952e8001d6dd5686b2ed311484f845841c18e7dd258c611b5ada1a11816516ad1fa8ab51d1231d12586e3 WHIRLPOOL 76bb59224b705994249874029cf0709334aac05054a4898af026e341002aff17745072c832e3b6363d278db210b0addfa7bf4fdb59ad99f00772790703929817 AUX radius.conf 129 SHA256 2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 SHA512 e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b WHIRLPOOL c409c0a928e01045f1a60aab7e24ba2ef1645a94ac120cddc6a05b39b0b2dd0e79e50bb40d68ff9ec31aa8d1173c4f2d6f626376eda7d07fc47fc491d8f2bbcf +AUX radius.conf-r3 345 SHA256 992331df42b77fe2b38fc6d715cfe0bc8d0d874fdcbbd510c9c99c85a77e6285 SHA512 353cb99bdb1c055b1590d34a4e148852de2b46f0c6292c88d1aad8c69eaaee6006e249eca79cd28dcd7690721f2ab65524f39c9015e714b10c439d343b7bf307 WHIRLPOOL 2f947c9728c7134cd8068933dd1784bfd1c39f15fa1d76f6e1c0d38087093399fe53a2a4e17b81413eb497f162ed69f19cd44129f34baa19ca2a347eaef6f9d9 AUX radius.init-r1 1575 SHA256 5f20b72e4b627442313818cbe3c31cadfdc747fad18cacdafe58de62812eea41 SHA512 25c9cec70befd126bc5d324e802ecdf2ad940478edab55cb4384f0392690cade2fa2735c1eb18d990616c3d506b470c9007292192baf7a11ffe67b79c2e6df3b WHIRLPOOL 62e0b177a62b5248494f39baedd7ed65b6b8c10d2b872bd11a0c075b8d55069e890e4c92816b8fb6a4f6abc1234eea3235f1cb4a465ad59099f6f9fdd799a0d3 AUX radius.init-r2 1358 SHA256 8a3d7d571985aef8c16c19a8b57bb7e1e2c7cf5dcfb24da421ce4bd241c5a001 SHA512 21265b729f1080a59805ac186280a4ad2cc2a26d56636b1969197ebbdf0a0fd471da31805ca9ce1e18693e90522a610ff95ec743a39f3a2b73e33ac3ee19a0da WHIRLPOOL 1b6fc4b3d55f6e69c04ea837510737e98744165f516b3bd582ee598221988dd8704e8f66781c9fa9c46d18cbb69b1c89afc79f2b48e047fb07fa592c8419c0c1 +AUX radius.init-r3 766 SHA256 de9ec9dffa5eaccd40668ea85fff5c655000539582d1e78c96069b0cd071c813 SHA512 4f0257eadf642041b2dd762c8e175be82e2844362ebe0806cc9c78b074143ef1cd5dea2b644241f7b5b88a7d80e860720d39dd6d428d9c8de756ca071a1ca2fb WHIRLPOOL 42782b5912d3374dac703e9cbb37361eb4e737a6cb33121a249811c4955954f5e8523da1ac6ffcac4bd0cc90585056c47a9b2a5dde7ca1dcea21fb8e6fe506df AUX users_wpe 99 SHA256 922a318e7f66b3b52b4a1cc53d765ff116567f010d9ce4784b4ae009fe97ca73 SHA512 8d533b6a4d3a2622ae5f2d768946840ddd49001cc0d34cb571da6123232d1987abcd3cb39a05e0ac20e680b7d9b910586532c39a9ef1af677bade856d2201fe0 WHIRLPOOL 2c2b1c27c7a8407c264425756ea386d56f8be647993ec86e26f892c97b87b7c4770651c4aa7032cfd6834d34d9f5ca708affb759d3e9e671b4a4e0f679448c64 -DIST freeradius-server-2.1.11.tar.gz 4219356 SHA256 274ef96aa528d8b759f2fa06f2ba49ecbe1612e99fdedbb7016b557804b16b85 +DIST freeradius-2.2.0-patches-4.tar.xz 3140 SHA256 9fd7b6f7e1501d63a073e6279b20eb6d8154e7898d81c85a5c548543ab33c1af SHA512 38ebd65d9ad8ce8f513f2f5c7fd9ff43b81cf468038a49f9eb7f4a54d13783e88866c3031e7abc0fc8b65d2aec4f347efa358b9e7e2aadb2d15567ce7e125d1d WHIRLPOOL a532444f6bfebe260a6b4bf43157fa1624ce9920a86635172ac94e0f757263904bac6ca6a472e12df73e32a8d25d6f7b094272bd743d13c566f23bfcbff6df27 DIST freeradius-server-2.1.12.tar.gz 4257106 SHA256 e597567c81ddbee385df8f076162c868ee6db5bf446c45ace94078c0c7d53805 SHA512 543ca20faa5ab2c45d7e0c9627c2860ac6eb2d1e3e920beffad612bb4a50a3ae65fe8f20a385541bca75ba05575091168de22c9c245f6869ecd5c862e6686189 WHIRLPOOL 88b8584fc8f27cfca99ec4a51ac77b653d0fa258aa80ccdd5d928893ec7a43c9c3db6a4e4716cc16d8da7dbbae64272862adba8ba3ba0558f1819996db42e5be DIST freeradius-server-2.2.0.tar.gz 4289865 SHA256 ac22eefe7bd7c1c2b4de28613e628fd3e9ccae08a00a103e5f75aac0927bf009 SHA512 8652d27a292c3a8627c13b0bf12b829d3f2c50d82ed85eb342d1ec5c84ceabf8963907d50464a5907d2934f1b069a491411b1d5129efaaecefe4a30251b2b607 WHIRLPOOL 9f7dc926da7a33bfb425cb668bc9cf940a7a2dafa2a73ba8847a15f0d725476fdb4afc41963426ade9175709007f6f72892c3e9cd33d82c6601f57b873f92471 -EBUILD freeradius-2.1.11-r1.ebuild 4821 SHA256 24df33d5700ce135f6392aef7e2182ae70ea8753cb22834affdace0d4d226b84 SHA512 4336a20ada2194bb76cfa28ae94122b920739ba0650e0143b49020545971a3e22236b9b0cc07d8938282d31d059de40daf64dab28f6870222fb44cdec5d1fcc4 WHIRLPOOL 4123b6548e91c1ecf452072e9883b1efbd9b5fcd404748d09c5bacf51e9bae9f5b2b9b4eeb2d1657a25c292c5af3594c6d0ee521e1109158133b3e87dbc20e90 EBUILD freeradius-2.1.12-r1.ebuild 5010 SHA256 8403de3b937bf12436018207aee10d8004590c6aa5ccdcb01ae1297b17a10161 SHA512 042a2b6226fcc5a18be6dd51f36b0a530393769edb33c4290dcbc267730e418518c8d9c73d45b1f2db52b3a65c12361bb60f3a0b9f98ceb1e054e20c26f646e7 WHIRLPOOL 4f374cab928bc51fb319c319f63c6278d9d0cea0a320a57ca5eef260550da0a6651a9c99ef5471bf04f90b01d03228251769470e87bcb791e21587487ead5da6 -EBUILD freeradius-2.1.12.ebuild 4962 SHA256 4abb54a259e598782061354bdbd30289f20cb0a52d4748943e435052a8d65302 SHA512 c226f3956214b4b910afac46fc5276166681d7861b2a194bc51fb21f7fb9870666f70bbd602513720a0f27cc0de474235701516763e3d816cc5a5a1cb40cb55f WHIRLPOOL 1fb59344c6b9fe6fed82be8703400f459bd56220bf78174492078fa150ca217cb6899f35703c91de302f60ab9bea173af10180c59b39392abe7ef7374301ab9d +EBUILD freeradius-2.2.0-r1.ebuild 5419 SHA256 49a42d632e3aff5e722a347ff9213ffde4e6b42bd94435ab6219d23eb001b17f SHA512 c012b7a9820106c913af222c8ff929da85c563b5ceb050c8bcfd03a316fb32f0955d3a7753172e2589b5d96f0df93c60feb41c3bb8dae8aa0a337132ba953151 WHIRLPOOL 71381cd43a20eb01224638a513348e821dc7fe2ee487d14711fceb7c3ae7aec61d6bfd08fc4931ab8a1e353d4e9e4ba5609b4b86fc8c85d8f19bc6ad1d00aa25 EBUILD freeradius-2.2.0.ebuild 5016 SHA256 f00c09d7a97504f40836ac225f399d7ccb550a0a4c7ec8d56d2ca520e101f2b6 SHA512 bf2893460db3676ec12f2405544bf6fc68f488df73ac2d7a7bc31c802bf367a86579cfc4632befa5597600dbe4a1dad2333b24b661babe9e6faa6abae695fd91 WHIRLPOOL c87907ce9cc0df6e6105cfea5f60c9407f78c198325616f3a43042cdb9cfdc1c24725103b3e61499fc3e7032f13a53dc9bfdc91dbca542547f4a7231e89c3047 diff --git a/net-dialup/freeradius/files/freeradius-2.1.10-ipv6.patch b/net-dialup/freeradius/files/freeradius-2.1.10-ipv6.patch deleted file mode 100644 index 3a0b04411..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.10-ipv6.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -aur freeradius-server-2.1.10.orig/src/lib/udpfromto.c freeradius-server-2.1.10/src/lib/udpfromto.c ---- freeradius-server-2.1.10.orig/src/lib/udpfromto.c 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/lib/udpfromto.c 2011-02-09 22:41:46.000000000 +0100 -@@ -87,7 +87,7 @@ - * This should actually be standard IPv6 - */ - proto = IPPROTO_IPV6; -- flag = IPV6_PKTINFO; -+ flag = IPV6_2292PKTINFO; - #endif - #endif - } else { diff --git a/net-dialup/freeradius/files/freeradius-2.1.10-pkglibdir.patch b/net-dialup/freeradius/files/freeradius-2.1.10-pkglibdir.patch deleted file mode 100644 index 294b60452..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.10-pkglibdir.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -Naur freeradius-server-2.1.10.orig/Make.inc.in freeradius-server-2.1.10/Make.inc.in ---- freeradius-server-2.1.10.orig/Make.inc.in 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/Make.inc.in 2011-02-09 17:51:46.000000000 +0100 -@@ -10,6 +10,7 @@ - sysconfdir = @sysconfdir@ - localstatedir = @localstatedir@ - libdir = @libdir@ -+pkglibdir = @libdir@/freeradius - bindir = @bindir@ - sbindir = @sbindir@ - docdir = @docdir@ -diff -Naur freeradius-server-2.1.10.orig/raddb/radiusd.conf.in freeradius-server-2.1.10/raddb/radiusd.conf.in ---- freeradius-server-2.1.10.orig/raddb/radiusd.conf.in 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/raddb/radiusd.conf.in 2011-02-09 17:51:57.000000000 +0100 -@@ -103,7 +103,7 @@ - # make - # make install - # --libdir = @libdir@ -+libdir = @libdir@/freeradius - - # pidfile: Where to place the PID of the RADIUS server. - # -diff -Naur freeradius-server-2.1.10.orig/src/modules/Makefile freeradius-server-2.1.10/src/modules/Makefile ---- freeradius-server-2.1.10.orig/src/modules/Makefile 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/Makefile 2011-02-09 17:52:11.000000000 +0100 -@@ -12,7 +12,7 @@ - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - install: -- $(INSTALL) -d -m 755 $(R)$(libdir) -+ $(INSTALL) -d -m 755 $(R)$(pkglibdir) - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - clean: -diff -Naur freeradius-server-2.1.10.orig/src/modules/rules.mak freeradius-server-2.1.10/src/modules/rules.mak ---- freeradius-server-2.1.10.orig/src/modules/rules.mak 2011-02-09 17:50:58.000000000 +0100 -+++ freeradius-server-2.1.10/src/modules/rules.mak 2011-02-09 17:52:53.000000000 +0100 -@@ -123,7 +123,7 @@ - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ - -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \ -- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) -+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) - - ####################################################################### - # -@@ -164,11 +164,11 @@ - # Do any module-specific installation. - # - # If there isn't a TARGET defined, then don't do anything. --# Otherwise, install the libraries into $(libdir) -+# Otherwise, install the libraries into $(pkglibdir) - # - install: - @[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL) - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ -- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \ - fi diff --git a/net-dialup/freeradius/files/freeradius-2.1.10-qafixes.patch b/net-dialup/freeradius/files/freeradius-2.1.10-qafixes.patch deleted file mode 100644 index f9d8b2629..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.10-qafixes.patch +++ /dev/null @@ -1,2018 +0,0 @@ -diff -Naur freeradius-server-2.1.10.orig/configure.in freeradius-server-2.1.10/configure.in ---- freeradius-server-2.1.10.orig/configure.in 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/configure.in 2011-02-09 17:42:53.000000000 +0100 -@@ -556,7 +556,19 @@ - ], - [ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ]) - --AC_LIB_READLINE -+AC_CHECK_LIB(readline, readline, -+ [ LIBREADLINE="-lreadline" -+ AC_DEFINE(HAVE_LIBREADLINE, 1, -+ [Define to 1 if you have a readline compatible library.]) -+ AC_DEFINE(HAVE_READLINE_READLINE_H, 1, -+ [Define to 1 if you have the header file.]) -+ AC_DEFINE(HAVE_READLINE_HISTORY, 1, -+ [Define if your readline library has \`add_history']) -+ AC_DEFINE(HAVE_READLINE_HISTORY_H, 1, -+ [Define to 1 if you have the header file.]) -+ ], -+ [ LIBREADLINE="" ]) -+AC_SUBST(LIBREADLINE) - - dnl ############################################################# - dnl # -diff -Naur freeradius-server-2.1.10.orig/configure.in.orig freeradius-server-2.1.10/configure.in.orig ---- freeradius-server-2.1.10.orig/configure.in.orig 1970-01-01 01:00:00.000000000 +0100 -+++ freeradius-server-2.1.10/configure.in.orig 2010-09-28 13:03:56.000000000 +0200 -@@ -0,0 +1,1204 @@ -+dnl ############################################################# -+dnl # -+dnl # For information about autoconf, see: -+dnl # -+dnl # http://www.gnu.org/software/autoconf/ -+dnl # -+dnl # The recommended order is: -+dnl # -+dnl # AC_INIT(file) -+dnl # 0. checks for compiler, libtool, and command line options -+dnl # 1. checks for programs -+dnl # 2. checks for libraries -+dnl # 3. checks for header files -+dnl # 4. checks for typedefs -+dnl # 5. checks for structures and functions -+dnl # 6. checks for compiler characteristics -+dnl # 7. checks for library functions -+dnl # 8. checks for system services -+dnl # AC_OUTPUT([file...]) -+dnl # -+dnl ############################################################# -+ -+AC_PREREQ([2.59]) -+export CFLAGS LIBS LDFLAGS CPPFLAGS -+AC_INIT(src/main/radiusd.c) -+AC_CONFIG_HEADER(src/include/autoconf.h) -+AC_REVISION($Revision: 1.1 $)dnl -+ -+dnl # The version of the software -+RADIUSD_VERSION=`cat VERSION` -+RADIUSD_MAJOR_VERSION=`cat VERSION | sed 's/\..*//'` -+RADIUSD_MINOR_VERSION=`cat VERSION | sed 's/^2\.//'` -+PACKAGE=freeradius -+ -+dnl ############################################################# -+dnl # -+dnl # 0. Checks for compiler, libtool, and command line options. -+dnl # -+dnl ############################################################# -+ -+dnl Check for GNU cc -+AC_PROG_CC -+AC_PROG_CXX -+ -+dnl # -+dnl # check for AIX, to allow us to use some BSD functions -+dnl # must be before macros that call the compiler. -+dnl # -+AC_AIX -+ -+AC_PROG_GCC_TRADITIONAL -+AC_PROG_CC_SUNPRO -+AC_PROG_RANLIB -+ -+dnl Compile in large (2G+) file support. -+AC_SYS_LARGEFILE -+ -+dnl # check for system bytesex -+dnl # AC_DEFINES WORDS_BIGENDIAN -+AC_C_BIGENDIAN -+ -+dnl Find GNU Make. -+AC_CHECK_PROG(GMAKE, gmake, yes, no) -+if test $GMAKE = no; then -+ AC_PATH_PROG(MAKE, make, /usr/local/bin/make) -+else -+ AC_PATH_PROG(MAKE, gmake, /usr/local/gnu/bin/make) -+fi -+makever=`$ac_cv_path_MAKE --version 2>&1 | grep "GNU Make"` -+if test -z "$makever"; then -+ AC_MSG_ERROR(GNU Make is not installed. Please download and install it -+ from ftp://prep.ai.mit.edu/pub/gnu/make/ before continuing.) -+fi -+ -+AC_ARG_WITH(system-libltdl, -+[ --with-system-libltdl Use the libltdl installed in your system (default=use our own)], -+[ -+LIBLTDL="-lltdl" -+INCLTDL= -+LTDL_SUBDIRS= -+], -+[ -+dnl If libltdl isn't installable, set it to be installable. -+[test x"$enable_ltdl_install" = x && enable_ltdl_install=yes] -+AC_LIBLTDL_INSTALLABLE -+ -+dnl tell Makefile to build ltdl if needed -+if test x"$enable_ltdl_install" = x"yes"; then -+ LTDL_SUBDIRS=libltdl -+fi -+]) -+AC_SUBST(LTDL_SUBDIRS) -+ -+dnl use system-wide libtool, if it exists -+AC_ARG_WITH(system-libtool, -+[ --with-system-libtool Use the libtool installed in your system (default=use our own)], -+[ AC_PATH_PROG(LIBTOOL, libtool,,$PATH:/usr/local/bin) ], -+[ -+ LIBTOOL="`pwd`/libtool" -+ AC_SUBST(LIBTOOL) -+ dnl ensure that we're looking for dlopen -+ AC_LIBTOOL_DLOPEN -+ -+ dnl Figure out how to build shared libraries -+ AC_PROG_LIBTOOL -+]) -+ -+ -+dnl Put this in later, when all distributed modules use autoconf. -+dnl AC_ARG_WITH(disablemodulefoo, -+dnl [ --without-rlm_foo Disables module compilation. Module list:] -+dnl esyscmd([find src/modules -type d -name rlm_\* -print |\ -+dnl sed -e 's%src/modules/.*/% (sub)- %; s%.*/%- %' |\ -+dnl awk '{print " "$0}'])) -+ -+AC_ARG_ENABLE(strict-dependencies, -+[ --enable-strict-dependencies Fail configure on lack of module dependancy.]) -+ -+dnl extra argument: --with-docdir -+docdir='${datadir}/doc/freeradius' -+AC_MSG_CHECKING(docdir) -+AC_ARG_WITH(docdir, -+[ --with-docdir=DIR Directory for documentation [DATADIR/doc/freeradius] ], -+[ case "$withval" in -+ no) -+ docdir=no -+ ;; -+ yes) -+ ;; -+ [[\\/$]]* | ?:[[\\/]]* ) -+ docdir="$withval" -+ ;; -+ *) -+ AC_MSG_ERROR([expected an absolute directory name for --with-docdir: $withval]) -+ ;; -+ esac ] -+) -+AC_SUBST(docdir) -+AC_MSG_RESULT($docdir) -+if test "x$docdir" = xno; then -+ AC_MSG_WARN(Documentation files will NOT be installed.) -+fi -+ -+dnl extra argument: --with-logdir -+logdir='${localstatedir}/log/radius' -+AC_MSG_CHECKING(logdir) -+AC_ARG_WITH(logdir, -+[ --with-logdir=DIR Directory for logfiles [LOCALSTATEDIR/log/radius] ], -+[ case "$withval" in -+ no) -+ AC_MSG_ERROR(Need logdir) -+ ;; -+ yes) -+ ;; -+ [[\\/$]]* | ?:[[\\/]]* ) -+ logdir="$withval" -+ ;; -+ *) -+ AC_MSG_ERROR([expected an absolute directory name for --with-logdir: $withval]) -+ ;; -+ esac ] -+) -+AC_SUBST(logdir) -+AC_MSG_RESULT($logdir) -+ -+dnl extra argument: --with-radacctdir -+radacctdir='${logdir}/radacct' -+AC_MSG_CHECKING(radacctdir) -+AC_ARG_WITH(radacctdir, -+[ --with-radacctdir=DIR Directory for detail files [LOGDIR/radacct] ], -+[ case "$withval" in -+ no) -+ AC_MSG_ERROR(Need radacctdir) -+ ;; -+ yes) -+ ;; -+ [[\\/$]]* | ?:[[\\/]]* ) -+ radacctdir="$withval" -+ ;; -+ *) -+ AC_MSG_ERROR([expected an absolute directory name for --with-radacctdir: $withval]) -+ ;; -+ esac ] -+) -+AC_SUBST(radacctdir) -+AC_MSG_RESULT($radacctdir) -+ -+dnl extra argument: --with-raddbdir -+raddbdir='${sysconfdir}/raddb' -+AC_MSG_CHECKING(raddbdir) -+AC_ARG_WITH(raddbdir, -+[ --with-raddbdir=DIR Directory for config files [SYSCONFDIR/raddb] ], -+[ case "$withval" in -+ no) -+ AC_MSG_ERROR(Need raddbdir) -+ ;; -+ yes) -+ ;; -+ [[\\/$]]* | ?:[[\\/]]* ) -+ raddbdir="$withval" -+ ;; -+ *) -+ AC_MSG_ERROR([expected an absolute directory name for --with-raddbdir: $withval]) -+ ;; -+ esac ] -+) -+AC_SUBST(raddbdir) -+AC_MSG_RESULT($raddbdir) -+ -+dnl extra argument: --with-ascend-binary -+ASCEND_BINARY=yes -+AC_ARG_WITH(ascend-binary, -+[ --with-ascend-binary Include support for Ascend binary filter attributes (default=yes)], -+[ case "$withval" in -+ yes) -+ ;; -+ *) -+ ASCEND_BINARY="" -+ esac ] -+) -+if test "X$ASCEND_BINARY" = "Xyes"; then -+ AC_DEFINE(ASCEND_BINARY, [], [Include support for Ascend binary filter attributes]) -+fi -+ -+dnl extra argument: --with-threads -+WITH_THREADS=yes -+AC_ARG_WITH(threads, -+[ --with-threads Use threads, if available. (default=yes) ], -+[ case "$withval" in -+ yes) -+ ;; -+ *) -+ WITH_THREADS="" -+ esac ] -+) -+ -+dnl extra argument: --with-vmps -+WITH_VMPS=yes -+AC_ARG_WITH(vmps, -+[ --with-vmps Compile in VMPS support. (default=yes)], -+[ case "$withval" in -+ yes) -+ ;; -+ *) -+ WITH_VMPS=no -+ esac ] -+) -+if test "x$WITH_VMPS" = "xyes"; then -+ AC_DEFINE(WITH_VMPS, [1], [define if you want VMPS support]) -+fi -+ -+dnl extra argument: --with-dhcp -+AC_ARG_WITH(dhcp, -+[ --with-dhcp Compile in DHCP support. (default=no)], -+[ case "$withval" in -+ yes) -+ AC_DEFINE(WITH_DHCP, [1], [Include experimental support for DHCP]) -+ ;; -+ *) -+ ;; -+ esac ] -+) -+ -+ -+dnl # -+dnl # Allow the user to specify a list of modules to be linked -+dnl # statically to the server. -+dnl # -+STATIC_MODULES= -+AC_ARG_WITH(static_modules, -+[ --with-static-modules=QUOTED-MODULE-LIST],[ -+ for i in $withval; do -+ STATIC_MODULES="$STATIC_MODULES -dlpreopen ../modules/rlm_$i/rlm_$i.la" -+ done -+]) -+ -+MODULES= -+AC_ARG_WITH(modules, -+[ --with-modules=QUOTED-MODULE-LIST],[ -+ for i in $withval; do -+ MODULES="$MODULES $i" -+ done -+]) -+ -+dnl # -+dnl # Enable developer C compiler warnings -+dnl # -+AC_ARG_ENABLE(developer, -+[ --enable-developer Enables features of interest to developers.], -+[ case "$enableval" in -+ no) -+ developer=no -+ ;; -+ *) -+ developer=yes -+ esac ] -+) -+ -+if test "x$developer" != "xno" -a -d $srcdir/CVS; then -+ dnl turn on the developer flag when taken from a CVS checkout (not a release) -+ developer="yes" -+fi -+ -+if test "x$developer" != "xno" -a -d $srcdir/.git; then -+ dnl turn on the developer flag when taken from a git checkout (not a release) -+ developer="yes" -+fi -+ -+dnl extra argument: --with-experimental-modules -+EXPERIMENTAL= -+AC_ARG_WITH(experimental-modules, -+[ --with-experimental-modules Use experimental and unstable modules. (default=no) ], -+[ case "$withval" in -+ yes) -+ EXPERIMENTAL=yes -+ ;; -+ *) -+ esac ] -+) -+ -+dnl extra argument: --with-openssl -+WITH_OPENSSL=yes -+AC_ARG_WITH(openssl, -+[ --with-openssl Use OpenSSL. (default=yes)], -+[ case "$withval" in -+ no) -+ WITH_OPENSSL=no -+ ;; -+ *) -+ WITH_OPENSSL=yes -+ ;; -+ esac ] -+) -+ -+dnl # -+dnl # extra argument: --with-openssl-includes=dir -+dnl # -+OPENSSL_INCLUDE_DIR= -+AC_ARG_WITH(openssl-includes, -+[ --with-openssl-includes=DIR Directory to look for OpenSSL include files], -+[ case "$withval" in -+ *) OPENSSL_INCLUDE_DIR="$withval" -+ ;; -+ esac ] -+) -+ -+dnl # -+dnl # extra argument: --with-openssl-libraries=dir -+dnl # -+OPENSSL_LIB_DIR= -+AC_ARG_WITH(openssl-libraries, -+[ --with-openssl-libraries=DIR Directory to look for OpenSSL library files], -+[ case "$withval" in -+ *) OPENSSL_LIB_DIR="$withval" -+ ;; -+ esac ] -+) -+ -+dnl # -+dnl # These next two arguments don't actually do anything. They're -+dnl # place holders so that the top-level configure script can tell -+dnl # the user how to configure lower-level modules -+dnl # -+ -+dnl # -+dnl # extra argument: --with-rlm-FOO-lib-dir -+dnl # -+AC_ARG_WITH(rlm-FOO-lib-dir, -+[ --with-rlm-FOO-lib-dir=DIR Directory to look for library files used by module FOO], -+[ case "$withval" in -+ *) -+ ;; -+ esac ] -+) -+ -+dnl # -+dnl # extra argument: --with-rlm-FOO-include-dir -+dnl # -+AC_ARG_WITH(rlm-FOO-include-dir, -+[ --with-rlm-FOO-include-dir=DIR Directory to look for include files used by module FOO], -+[ case "$withval" in -+ *) -+ ;; -+ esac ] -+) -+ -+dnl See what include-style is used by the make program. -+dnl AC_MSG_CHECKING(include style for make) -+dnl echo "include /dev/null" > testmake.$$ -+dnl echo "all:" >> testmake.$$ -+dnl make -f testmake.$$ >/dev/null 2>&1 -+dnl if test $? = 0 -+dnl then -+dnl INCLUDE=include -+dnl IQUOTE= -+dnl else -+dnl INCLUDE=.include -+dnl IQUOTE='"' -+dnl fi -+dnl rm -f testmake.$$ -+dnl AC_MSG_RESULT(" $INCLUDE") -+dnl AC_SUBST(INCLUDE) -+dnl AC_SUBST(IQUOTE) -+ -+dnl extra argument: --with-udpfromto -+WITH_UDPFROMTO=no -+AC_ARG_WITH(udpfromto, -+[ --with-udpfromto Compile in UDPFROMTO support. (default=no)], -+[ case "$withval" in -+ yes) -+ WITH_UDPFROMTO=yes -+ ;; -+ *) -+ WITH_UDPFROMTO=no -+ esac ] -+) -+ -+if test "x$WITH_UDPFROMTO" = "xyes"; then -+ AC_DEFINE(WITH_UDPFROMTO, [], [define if you want udpfromto]) -+fi -+ -+dnl ############################################################# -+dnl # -+dnl # 1. Checks for programs -+dnl # -+dnl ############################################################# -+ -+CHECKRAD=checkrad.pl -+AC_PATH_PROG(PERL, perl, /usr/local/bin/perl) -+if test "x$ac_cv_path_PERL" = "x"; then -+ AC_MSG_WARN(perl not found - Simultaneous-Use and checkrad.pl may not work) -+fi -+AC_PATH_PROG(SNMPGET, snmpget) -+if test "x$ac_cv_path_SNMPGET" = "x"; then -+ AC_MSG_WARN(snmpget not found - Simultaneous-Use and checkrad.pl may not work) -+fi -+ -+AC_PATH_PROG(SNMPWALK, snmpwalk) -+if test "x$ac_cv_path_SNMPWALK" = "x"; then -+ AC_MSG_WARN(snmpwalk not found - Simultaneous-Use and checkrad.pl may not work) -+fi -+ -+AC_PATH_PROG(RUSERS, rusers, /usr/bin/rusers) -+ -+dnl FIXME This is truly gross. -+missing_dir=`cd $ac_aux_dir && pwd` -+AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) -+AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) -+AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) -+ -+AC_PATH_PROG(LOCATE,locate) -+AC_PATH_PROG(DIRNAME,dirname) -+AC_PATH_PROG(GREP,grep) -+ -+dnl ############################################################# -+dnl # -+dnl # 2. Checks for libraries -+dnl # -+dnl ############################################################# -+ -+dnl If using pthreads, check for -lpthread (posix) or -lc_r (*BSD) -+old_CFLAGS=$CFLAGS -+if test "x$WITH_THREADS" = "xyes"; then -+ if test $ac_cv_prog_suncc = "yes"; then -+ CFLAGS="$CFLAGS -mt" -+ fi -+ -+ AC_CHECK_HEADERS(pthread.h, [], [ WITH_THREADS="no" ]) -+ -+dnl # -+dnl # pthread stuff is usually in -lpthread -+dnl # or in -lc_r, on *BSD -+dnl # -+dnl # On Some systems, we need extra pre-processor flags, to get them to -+dnl # to do the threading properly. -+dnl # -+ AC_CHECK_LIB(pthread, pthread_create, -+ [ CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS" -+ LIBS="$LIBS -lpthread" ], -+ AC_CHECK_LIB(c_r, pthread_create, -+ [ CFLAGS="$CFLAGS -pthread -D_THREAD_SAFE" ], -+ [ WITH_THREADS="no" ] -+ ) -+ ) -+fi -+ -+dnl # -+dnl # If we have NO pthread libraries, remove any knowledge of threads. -+dnl # -+if test "x$WITH_THREADS" != "xyes"; then -+ CFLAGS=$old_CFLAGS -+ ac_cv_header_pthread_h="no" -+ WITH_THREADS=no -+else -+ dnl # -+ dnl # We need sem_init() and friends, as they're the friendliest -+ dnl # semaphore functions for threading. -+ dnl # -+ dnl # HP/UX requires linking with librt, too, to get the sem_* symbols. -+ dnl # Some systems have them in -lsem -+ dnl # Solaris has them in -lposix4 -+ dnl # NetBSD has them in -lsemaphore -+ -+ AC_SEARCH_LIBS(sem_init, pthread sem posix4 rt semaphore, -+ [], -+ [AC_MSG_ERROR(-lsem not found. You may want to download it from ftp://ftp.to.gd-es.com/pub/BSDI/libsem.tar.bz2 or ftp://ftp.freeradius.org/pub/radius/contrib/libsem.tar.gz)] -+ ) -+fi -+ -+dnl Check if we need -lsocket -+AC_CHECK_LIB(socket, getsockname) -+ -+dnl Check for -lresolv -+dnl This library may be needed later. -+AC_CHECK_LIB(resolv, inet_aton) -+ -+dnl Check if we need -lnsl. Usually if we want to -+dnl link against -lsocket we need to include -lnsl as well. -+AC_CHECK_LIB(nsl, inet_ntoa) -+ -+dnl Check for OpenSSL libraries. -+OPENSSL_LIBS= -+if test "x$WITH_OPENSSL" = xyes; then -+ old_LIBS=$LIBS -+ old_LDFLAGS="$LDFLAGS" -+ if test "x$OPENSSL_LIB_DIR" != "x"; then -+ LDFLAGS="$LDFLAGS -L$OPENSSL_LIB_DIR" -+ fi -+ AC_CHECK_LIB(crypto, DH_new, -+ [ -+ LIBS="-lcrypto $LIBS" -+ AC_DEFINE(HAVE_LIBCRYPTO, 1, -+ [Define to 1 if you have the `crypto' library (-lcrypto).]) -+ AC_CHECK_LIB(ssl, SSL_new, -+ [ -+ AC_DEFINE(HAVE_LIBSSL, 1, -+ [Define to 1 if you have the `ssl' library (-lssl).]) -+ if test "x$OPENSSL_LIB_DIR" != "x"; then -+ OPENSSL_LIBS="-L$OPENSSL_LIB_DIR" -+ fi -+ OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" -+ ], []) -+ ], []) -+ LIBS=$old_LIBS -+ LDFLAGS="$old_LDFLAGS" -+fi -+ -+AC_CHECK_LIB(ws2_32, htonl) -+ -+dnl Check the pcap library for the RADIUS sniffer. -+PCAP_LIBS= -+AC_CHECK_LIB(pcap, pcap_open_live, -+ [ PCAP_LIBS="-lpcap" -+ AC_DEFINE(HAVE_LIBPCAP, 1, -+ [Define to 1 if you have the `pcap' library (-lpcap).]) -+ ], -+ [ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ]) -+ -+AC_LIB_READLINE -+ -+dnl ############################################################# -+dnl # -+dnl # 3. Checks for header files -+dnl # -+dnl ############################################################# -+ -+dnl # -+dnl # Interix requires us to set -D_ALL_SOURCE, otherwise -+dnl # getopt will be #included, but won't link. -+dnl # -+dnl # -+case "$host" in -+*-interix*) -+ CFLAGS="$CFLAGS -D_ALL_SOURCE" -+ ;; -+*-darwin*) -+ CFLAGS="$CFLAGS -DDARWIN" -+ LIBS="-framework DirectoryService $LIBS" -+ ;; -+esac -+ -+AC_HEADER_DIRENT -+AC_HEADER_STDC -+AC_HEADER_TIME -+AC_HEADER_SYS_WAIT -+ -+AC_CHECK_HEADERS( \ -+ unistd.h \ -+ crypt.h \ -+ errno.h \ -+ resource.h \ -+ sys/resource.h \ -+ getopt.h \ -+ malloc.h \ -+ utmp.h \ -+ utmpx.h \ -+ signal.h \ -+ sys/select.h \ -+ syslog.h \ -+ inttypes.h \ -+ stdint.h \ -+ stdio.h \ -+ netdb.h \ -+ semaphore.h \ -+ arpa/inet.h \ -+ netinet/in.h \ -+ sys/types.h \ -+ sys/socket.h \ -+ winsock.h \ -+ sys/time.h \ -+ sys/wait.h \ -+ sys/security.h \ -+ fcntl.h \ -+ sys/fcntl.h \ -+ sys/prctl.h \ -+ sys/un.h \ -+ glob.h \ -+ prot.h \ -+ pwd.h \ -+ grp.h \ -+ sia.h \ -+ siad.h -+) -+ -+dnl FreeBSD requires sys/socket.h before net/if.h -+AC_CHECK_HEADERS(net/if.h, [], [], -+[#ifdef HAVE_SYS_SOCKET_H -+# include -+# endif -+]) -+ -+REGEX=no -+AC_CHECK_HEADER(regex.h, AC_DEFINE(HAVE_REGEX_H, [], [define this if we have the header file])) -+if test "x$ac_cv_header_regex_h" = "xyes"; then -+ REGEX_EXTENDED=no -+ REGEX=yes -+ AC_EGREP_CPP(yes, -+ [#include -+ #ifdef REG_EXTENDED -+ yes -+ #endif -+ ], [AC_DEFINE(HAVE_REG_EXTENDED, [], [define this if we have REG_EXTENDED (from )]) REGEX_EXTENDED=yes]) -+fi -+AC_SUBST(REGEX) -+AC_SUBST(REGEX_EXTENDED) -+ -+dnl # -+dnl # other checks which require headers -+dnl # -+if test "x$ac_cv_header_sys_security_h" = "xyes" && test "x$ac_cv_header_prot_h" = "xyes" -+then -+ AC_DEFINE(OSFC2, [], [define if you have OSFC2 authentication]) -+fi -+ -+if test "x$ac_cv_header_sia_h" = "xyes" && test "x$ac_cv_header_siad_h" = "xyes" -+then -+ AC_DEFINE(OSFSIA, [], [define if you have OSFSIA authentication]) -+fi -+ -+dnl Check for OpenSSL includes. -+OPENSSL_INCLUDE="-DNO_OPENSSL" -+if test "x$WITH_OPENSSL" = xyes; then -+ if test "x$OPENSSL_LIBS" = "x"; then -+ AC_MSG_NOTICE([skipping test for openssl/ssl.h]) -+ else -+ old_CPPFLAGS=$CPPFLAGS -+ if test "x$OPENSSL_INCLUDE_DIR" != "x"; then -+ CPPFLAGS="$CPPFLAGS -I$OPENSSL_INCLUDE_DIR" -+ fi -+ dnl # stupid RedHat shit -+ CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_KRB5" -+ AC_CHECK_HEADERS( \ -+ openssl/ssl.h \ -+ openssl/crypto.h \ -+ openssl/err.h \ -+ openssl/evp.h \ -+ openssl/engine.h, -+ [], -+ OPENSSL_LIBS= -+ ) -+ if test "x$OPENSSL_LIBS" != "x"; then -+ AC_MSG_CHECKING([for OpenSSL version >= 0.9.7]) -+ AC_EGREP_CPP(yes, -+ [#include -+ #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) -+ yes -+ #endif -+ ], goodssl="yes") -+ if test "x$goodssl" != "xyes"; then -+ AC_MSG_RESULT(no) -+ OPENSSL_LIBS= -+ else -+ AC_MSG_RESULT(yes) -+ if test "x$OPENSSL_INCLUDE_DIR" != "x"; then -+ OPENSSL_INCLUDE="-I$OPENSSL_INCLUDE_DIR -DOPENSSL_NO_KRB5" -+ else -+ OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5" -+ fi -+ fi -+ fi -+ CPPFLAGS=$old_CPPFLAGS -+ fi -+fi -+AC_SUBST(OPENSSL_INCLUDE) -+AC_SUBST(OPENSSL_LIBS) -+export OPENSSL_LIBS -+ -+dnl Check the pcap includes for the RADIUS sniffer. -+if test "x$PCAP_LIBS" = x; then -+ AC_MSG_NOTICE([skipping test for pcap.h.]) -+else -+ AC_CHECK_HEADER(pcap.h, -+ AC_DEFINE(HAVE_PCAP_H, 1, -+ [Define to 1 if you have the header file.]), -+ [ PCAP_LIBS= -+ AC_MSG_WARN([pcap.h not found, silently disabling the RADIUS sniffer.]) -+ ]) -+fi -+AC_SUBST(PCAP_LIBS) -+ -+dnl ############################################################# -+dnl # -+dnl # 4. Checks for typedefs -+dnl # -+dnl ############################################################# -+ -+dnl # -+dnl # Ensure that these are defined -+dnl # -+AC_TYPE_OFF_T -+AC_TYPE_PID_T -+AC_TYPE_SIZE_T -+AC_TYPE_UID_T -+ -+dnl check for socklen_t -+FR_CHECK_TYPE_INCLUDE([ -+#ifdef HAVE_SYS_TYPES_H -+#include -+#endif -+#ifdef HAVE_SYS_SOCKET_H -+#include -+#endif -+],socklen_t, int, [socklen_t is generally 'int' on systems which don't use it]) -+ -+dnl check for uint8_t -+FR_CHECK_TYPE_INCLUDE([ -+#ifdef HAVE_INTTYPES_H -+#include -+#endif -+#ifdef HAVE_STDINT_H -+#include -+#endif -+],uint8_t, unsigned char, [uint8_t should be the canonical 'octet' for network traffic]) -+ -+dnl check for uint16_t -+FR_CHECK_TYPE_INCLUDE([ -+#ifdef HAVE_INTTYPES_H -+#include -+#endif -+#ifdef HAVE_STDINT_H -+#include -+#endif -+],uint16_t, unsigned short, [uint16_t should be the canonical '2 octets' for network traffic]) -+ -+dnl check for uint32_t -+FR_CHECK_TYPE_INCLUDE([ -+#ifdef HAVE_INTTYPES_H -+#include -+#endif -+#ifdef HAVE_STDINT_H -+#include -+#endif -+],uint32_t, unsigned int, [uint32_t should be the canonical 'network integer]) -+ -+AC_CHECK_TYPE(struct in6_addr, AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, [IPv6 address structure]), [], [ -+#ifdef HAVE_NETINET_IN_H -+#include -+#endif -+]) -+ -+AC_CHECK_TYPE(struct sockaddr_storage, AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, [Generic socket addresses]), [], [ -+#ifdef HAVE_NETINET_IN_H -+#include -+#endif -+#ifdef HAVE_SYS_SOCKET_H -+#include -+#endif -+]) -+ -+AC_CHECK_TYPE(struct sockaddr_in6, AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, [IPv6 socket addresses]), [], [ -+#ifdef HAVE_NETINET_IN_H -+#include -+#endif -+]) -+ -+AC_CHECK_TYPE(struct addrinfo, AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [Generic DNS lookups]), [], [ -+#ifdef HAVE_SYS_TYPES_H -+#include -+#endif -+#ifdef HAVE_SYS_SOCKET_H -+#include -+#endif -+#ifdef HAVE_NETDB_H -+#include -+#endif -+]) -+ -+dnl ############################################################# -+dnl # -+dnl # 5. Checks for structures and functions -+dnl # -+dnl ############################################################# -+AC_CHECK_FUNCS( \ -+ getopt_long \ -+ lockf \ -+ strsignal \ -+ sigaction \ -+ sigprocmask \ -+ pthread_sigmask \ -+ snprintf \ -+ vsnprintf \ -+ setsid \ -+ strncasecmp \ -+ strcasecmp \ -+ localtime_r \ -+ ctime_r \ -+ gmtime_r \ -+ strsep \ -+ inet_aton \ -+ inet_pton \ -+ inet_ntop \ -+ setlinebuf \ -+ setvbuf \ -+ getusershell \ -+ initgroups \ -+ getaddrinfo \ -+ getnameinfo \ -+ closefrom \ -+ gettimeofday \ -+ getpeereid \ -+ setuid \ -+ setresuid \ -+ getresuid \ -+ strlcat \ -+ strlcpy -+) -+RADIUSD_NEED_DECLARATIONS( \ -+ crypt \ -+ strncasecmp \ -+ strcasecmp \ -+ inet_aton \ -+ setlinebuf \ -+ getusershell \ -+ endusershell -+) -+ -+AC_TYPE_SIGNAL -+ -+dnl # check if we have utmpx.h -+dnl # if so, check if struct utmpx has entry ut_xtime -+dnl # if not, set it to define ut_xtime == ut_tv.tv_sec -+if test "x$ac_cv_header_utmpx_h" = "xyes" -+then -+ FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct utmpx], ut_xtime) -+ if test "x$ac_cv_type_struct_utmpx_has_ut_xtime" = "x" -+ then -+ AC_DEFINE(ut_xtime,ut_tv.tv_sec, [define to something if you don't have ut_xtime in struct utmpx]) -+ fi -+fi -+ -+dnl # struct ip_pktinfo -+FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct in_pktinfo], ipi_addr) -+if test "x$ac_cv_type_struct_in_pktinfo_has_ipi_addr" = "xyes" -+then -+ AC_DEFINE(HAVE_IP_PKTINFO, [], [define if you have IP_PKTINFO (Linux)]) -+fi -+ -+dnl # struct in6_pktinfo -+FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct in6_pktinfo], ipi6_addr) -+if test "x$ac_cv_type_struct_in6_pktinfo_has_ipi6_addr" = "xyes" -+then -+ AC_DEFINE(HAVE_IN6_PKTINFO, [], [define if you have IN6_PKTINFO (Linux)]) -+fi -+ -+dnl ############################################################# -+dnl # -+dnl # 6. Checks for compiler characteristics -+dnl # -+dnl ############################################################# -+ -+dnl # -+dnl # Ensure that these are defined -+dnl # -+AC_C_CONST -+ -+dnl # -+dnl # See if this is OS/2 -+dnl # -+AC_MSG_CHECKING(type of OS) -+OS=`uname -s` -+AC_MSG_RESULT($OS) -+if test "$OS" = "OS/2"; then -+ LIBPREFIX= -+else -+ LIBPREFIX=lib -+fi -+AC_SUBST(LIBPREFIX) -+ -+dnl # -+dnl # Set Default CFLAGS -+dnl # -+if test "x$GCC" = "xyes"; then -+ CFLAGS="$CFLAGS -Wall -D_GNU_SOURCE" -+fi -+ -+AC_MSG_CHECKING(for developer gcc flags) -+if test "x$developer" = "xyes" -a "x$GCC" = "xyes"; then -+ devflags="-g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef" -+ CFLAGS="$CFLAGS $devflags" -+ INSTALLSTRIP="" -+ AC_MSG_RESULT(yes. Using $devflags) -+else -+ devflags="" -+ CFLAGS="$CFLAGS -DNDEBUG" -+ INSTALLSTRIP="" -+ AC_MSG_RESULT(no.) -+fi -+ -+FR_TLS -+ -+dnl ############################################################# -+dnl # -+dnl # 7. Checks for library functions -+dnl # -+dnl ############################################################# -+ -+old_LIBS="$LIBS" -+LIBS="$LIBS $LIBLTDL" -+AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function])) -+LIBS="$old_LIBS" -+ -+dnl Check for libcrypt -+dnl We use crypt(3) which may be in libc, or in libcrypt (eg FreeBSD) -+AC_CHECK_LIB(crypt, crypt, -+ CRYPTLIB="-lcrypt" -+) -+if test "$CRYPTLIB" != ""; then -+ AC_DEFINE(HAVE_CRYPT, [], [Do we have the crypt function]) -+else -+ AC_CHECK_FUNC(crypt, AC_DEFINE(HAVE_CRYPT, [], [Do we have the crypt function])) -+fi -+ -+dnl Check for libcipher -+AC_CHECK_LIB(cipher, setkey, -+ CRYPTLIB="${CRYPTLIB} -lcipher" -+) -+AC_SUBST(CRYPTLIB) -+ -+dnl Check the style of gethostbyaddr, in order of preference -+dnl GNU (_r eight args) -+AC_DEFINE(GNUSTYLE, [1], [GNU-Style get*byaddr_r]) -+dnl SYSV (_r six args) -+AC_DEFINE(SYSVSTYLE, [2], [SYSV-Style get*byaddr_r]) -+dnl BSD (three args, may not be thread safe) -+AC_DEFINE(BSDSTYLE, [3], [BSD-Style get*byaddr_r]) -+dnl Tru64 has BSD version, but it is thread safe -+dnl http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN3/1739____.HTM -+dnl We need #stdio.h to define NULL on FreeBSD (at least) -+gethostbyaddrrstyle="" -+AC_MSG_CHECKING([gethostbyaddr_r() syntax]) -+case "$host" in -+*-freebsd*) -+dnl With FreeBSD, check if there's a prototype for gethostbyaddr_r. -+dnl Some versions (FreeBSD 5.1?) have a symbol but no prototype - so we -+dnl override this test to BSDSTYLE. FreeBSD 6.2 and up have proper GNU -+dnl style support. -+ AC_CHECK_DECLS([gethostbyaddr_r], [], [ -+ AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE, -+ [style of gethostbyaddr_r functions ]) -+ gethostbyaddrrstyle=BSD -+ AC_MSG_WARN([FreeBSD overridden to BSD-style]) -+ ], [ -+#ifdef HAVE_NETDB_H -+#include -+#endif -+]) -+ ;; -+esac -+if test "x$gethostbyaddrrstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL, NULL) ], [ -+ AC_DEFINE(GETHOSTBYADDRRSTYLE, GNUSTYLE, [style of gethostbyaddr_r functions ]) -+ gethostbyaddrrstyle=GNU -+]) -+fi -+if test "x$gethostbyaddrrstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL) ] , [ -+ AC_DEFINE(GETHOSTBYADDRRSTYLE, SYSVSTYLE, [style of gethostbyaddr_r functions ]) -+ gethostbyaddrrstyle=SYSV -+ ]) -+fi -+if test "x$gethostbyaddrrstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyaddr(NULL, 0, 0) ], [ -+ AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE, [style of gethostbyaddr_r functions ]) -+ gethostbyaddrrstyle=BSD -+ ]) -+fi -+ -+if test "x$gethostbyaddrrstyle" = "x"; then -+ AC_MSG_RESULT([none! It must not exist, here.]) -+else -+ AC_MSG_RESULT([${gethostbyaddrrstyle}-style]) -+fi -+ -+if test "x$gethostbyaddrrstyle" = "xBSD"; then -+ AC_MSG_WARN([ ****** BSD-style gethostbyaddr might NOT be thread-safe! ****** ]) -+fi -+ -+dnl Check the style of gethostbyname, in order of preference -+dnl GNU (_r seven args) -+dnl SYSV (_r five args) -+dnl BSD (two args, may not be thread safe) -+dnl Tru64 has BSD version, but it _is_ thread safe -+dnl http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN3/1946____.HTM -+dnl We need #stdio.h to define NULL on FreeBSD (at least) -+gethostbynamerstyle="" -+AC_MSG_CHECKING([gethostbyname_r() syntax]) -+AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL) ], [ -+ AC_DEFINE(GETHOSTBYNAMERSTYLE, GNUSTYLE, [style of gethostbyname_r functions ]) -+ gethostbynamerstyle=GNU -+]) -+if test "x$gethostbynamerstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyname_r(NULL, NULL, NULL, 0, NULL) ] , [ -+ AC_DEFINE(GETHOSTBYNAMERSTYLE, SYSVSTYLE, [style of gethostbyname_r functions ]) -+ gethostbynamerstyle=SYSV -+ ]) -+fi -+if test "x$gethostbynamerstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+#include -+], [ gethostbyname(NULL) ], [ -+ AC_DEFINE(GETHOSTBYNAMERSTYLE, BSDSTYLE, [style of gethostbyname_r functions ]) -+ gethostbynamerstyle=BSD -+ ]) -+fi -+ -+if test "x$gethostbynamerstyle" = "x"; then -+ AC_MSG_RESULT([none! It must not exist, here.]) -+else -+ AC_MSG_RESULT([${gethostbynamerstyle}-style]) -+fi -+ -+if test "x$gethostbynamerstyle" = "xBSD"; then -+ AC_MSG_WARN([ ****** BSD-style gethostbyname might NOT be thread-safe! ****** ]) -+fi -+ -+dnl check for non-posix solaris ctime_r (extra buflen int arg) -+AC_DEFINE(POSIXSTYLE, [1], [Posix-Style ctime_r]) -+AC_DEFINE(SOLARISSTYLE, [2], [Solaris-Style ctime_r]) -+ctimerstyle="" -+AC_MSG_CHECKING([ctime_r() syntax]) -+AC_TRY_LINK([ -+#include -+], [ ctime_r(NULL, NULL, 0) ], [ -+ AC_DEFINE(CTIMERSTYLE, SOLARISSTYLE, [style of ctime_r function]) -+ ctimerstyle="SOLARIS" -+]) -+if test "x$ctimerstyle" = "x"; then -+ AC_TRY_LINK([ -+#include -+], [ ctime_r(NULL, NULL) ], [ -+ AC_DEFINE(CTIMERSTYLE, POSIXSTYLE, [style of ctime_r function]) -+ ctimerstyle="POSIX" -+ ]) -+fi -+ -+if test "x$ctimerstyle" = "x"; then -+ AC_MSG_RESULT([none! It must not exist, here.]) -+else -+ AC_MSG_RESULT([${ctimerstyle}-style]) -+fi -+ -+AC_SUBST(HOSTINFO, $host) -+ -+dnl ############################################################# -+dnl # -+dnl # 8. Checks for system services -+dnl # -+dnl ############################################################# -+ -+dnl # -+dnl # Figure out where libtool is located, -+dnl # -+top_builddir=`pwd` -+export top_builddir -+AC_MSG_RESULT([top_builddir=$top_builddir]) -+dnl # AC_SUBST(top_builddir) -+AC_SUBST(LIBLTDL) -+AC_SUBST(INCLTDL) -+ -+dnl import libtool stuff -+ -+dnl ############################################################# -+dnl # -+dnl # Configure in any module directories. -+dnl # -+dnl ############################################################# -+ -+mysubdirs="$LIBLTDLPATH" -+if test "x$EXPERIMENTAL" = "xyes"; then -+ bar=`ls -1 "${srcdir}"/src/modules/rlm_*/configure | sed 's%/configure%%'` -+ dnl # get rid of LF's. -+ mysubdirs=`echo $mysubdirs $bar` -+else -+ dnl # -+ dnl # Find 'configure' in ONLY the stable modules -+ dnl # -+ for bar in `cat "${srcdir}"/src/modules/stable`; do -+ if test -f "${srcdir}"/src/modules/$bar/configure; then -+ mysubdirs="$mysubdirs src/modules/$bar" -+ fi -+ done -+fi -+ -+dnl ############################################################ -+dnl # make modules by list -+dnl ############################################################# -+if test "x$EXPERIMENTAL" = "xyes"; then -+ for foo in `ls -1 "${srcdir}"/src/modules | grep rlm_`; do -+ MODULES="$MODULES $foo" -+ done -+else -+ dnl # -+ dnl # make ONLY the stable modules -+ dnl # -+ for foo in `cat "${srcdir}"/src/modules/stable`; do -+ MODULES="$MODULES $foo" -+ done -+fi -+ -+dnl # -+dnl # Don't change the variable name here. Autoconf goes bonkers -+dnl # if you do. -+dnl # -+AC_CONFIG_SUBDIRS($LTDL_SUBDIRS $mysubdirs) -+AC_SUBST(MODULES) -+ -+dnl ############################################################# -+dnl # -+dnl # And finally, output the results. -+dnl # -+dnl ############################################################# -+ -+AC_CONFIG_COMMANDS([stamp-h], [echo timestamp > src/include/stamp-h]) -+AC_CONFIG_COMMANDS([build-radpaths-h], [(cd ./src/include && /bin/sh ./build-radpaths-h)]) -+AC_CONFIG_COMMANDS([main-chmod], [(cd ./src/main && chmod +x checkrad.pl radlast radtest)]) -+AC_CONFIG_COMMANDS([scripts-chmod], [(cd ./scripts && chmod +x rc.radiusd radwatch radiusd.cron.daily radiusd.cron.monthly cryptpasswd)]) -+ -+dnl # -+dnl # Substitute whatever libraries we found to be necessary -+dnl # -+AC_SUBST(LIBS) -+AC_SUBST(INSTALLSTRIP) -+ -+USE_SHARED_LIBS=$enable_shared -+AC_SUBST(USE_SHARED_LIBS) -+USE_STATIC_LIBS=$enable_static -+AC_SUBST(USE_STATIC_LIBS) -+AC_SUBST(STATIC_MODULES) -+AC_SUBST(RADIUSD_MAJOR_VERSION) -+AC_SUBST(RADIUSD_MINOR_VERSION) -+AC_SUBST(RADIUSD_VERSION) -+ -+AC_OUTPUT(\ -+ ./Make.inc \ -+ ./src/include/build-radpaths-h \ -+ ./src/main/Makefile \ -+ ./src/main/checkrad.pl \ -+ ./src/main/radlast \ -+ ./src/main/radtest \ -+ ./scripts/rc.radiusd \ -+ ./scripts/radwatch \ -+ ./scripts/radiusd.cron.daily \ -+ ./scripts/radiusd.cron.monthly \ -+ ./scripts/cryptpasswd \ -+ ./raddb/dictionary \ -+ ./raddb/radrelay.conf \ -+ ./raddb/radiusd.conf -+) -diff -Naur freeradius-server-2.1.10.orig/src/include/radiusd.h freeradius-server-2.1.10/src/include/radiusd.h ---- freeradius-server-2.1.10.orig/src/include/radiusd.h 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/include/radiusd.h 2011-02-09 17:42:53.000000000 +0100 -@@ -645,6 +645,7 @@ - void event_new_fd(rad_listen_t *listener); - - /* evaluate.c */ -+int radius_get_vp(REQUEST *request, const char *name, VALUE_PAIR **vp_p); - int radius_evaluate_condition(REQUEST *request, int modreturn, int depth, - const char **ptr, int evaluate_it, int *presult); - int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs, -diff -Naur freeradius-server-2.1.10.orig/src/include/radiusd.h.orig freeradius-server-2.1.10/src/include/radiusd.h.orig ---- freeradius-server-2.1.10.orig/src/include/radiusd.h.orig 1970-01-01 01:00:00.000000000 +0100 -+++ freeradius-server-2.1.10/src/include/radiusd.h.orig 2010-09-28 13:03:56.000000000 +0200 -@@ -0,0 +1,653 @@ -+#ifndef RADIUSD_H -+#define RADIUSD_H -+/* -+ * radiusd.h Structures, prototypes and global variables -+ * for the FreeRADIUS server. -+ * -+ * Version: $Id: freeradius-2.1.10-qafixes.patch,v 1.1 2011/05/26 15:31:45 hwoarang Exp $ -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA -+ * -+ * Copyright 1999,2000,2002,2003,2004,2005,2006,2007,2008 The FreeRADIUS server project -+ * -+ */ -+ -+#include -+RCSIDH(radiusd_h, "$Id: freeradius-2.1.10-qafixes.patch,v 1.1 2011/05/26 15:31:45 hwoarang Exp $") -+ -+#include -+#include -+#include -+#include -+#include -+ -+typedef struct auth_req REQUEST; -+ -+#ifdef HAVE_PTHREAD_H -+#include -+#endif -+ -+#ifndef NDEBUG -+#define REQUEST_MAGIC (0xdeadbeef) -+#endif -+ -+/* -+ * New defines for minimizing the size of the server, to strip -+ * out functionality. In order to ensure that people don't have -+ * to re-run "configure", after "cvs update", we play some -+ * special games with the defines. i.e. any top-level "configure" -+ * option should set both WITH_FOO and WITHOUT_FOO. After a few -+ * weeks, the WITHOUT_FOO can be deleted from the configure script. -+ */ -+#ifndef WITHOUT_PROXY -+#define WITH_PROXY (1) -+#endif -+ -+#ifndef WITHOUT_DETAIL -+#define WITH_DETAIL (1) -+#endif -+ -+#ifndef WITHOUT_SESSION_MGMT -+#define WITH_SESSION_MGMT (1) -+#endif -+ -+#ifndef WITHOUT_UNLANG -+#define WITH_UNLANG (1) -+#endif -+ -+#ifndef WITHOUT_ACCOUNTING -+#define WITH_ACCOUNTING (1) -+#else -+#ifdef WITH_SESSION_MGMT -+#error WITH_SESSION_MGMT is defined, but WITH_ACCOUNTING is not. Session management requires accounting. -+#endif -+#ifdef WITH_DETAIL -+#error WITH_DETAIL is defined, but WITH_ACCOUNTING is not. Detail file reading requires accounting. -+#endif -+#endif -+ -+#ifndef WITHOUT_DYNAMIC_CLIENTS -+#define WITH_DYNAMIC_CLIENTS (1) -+#endif -+ -+#ifndef WITHOUT_STATS -+#define WITH_STATS -+#endif -+ -+#ifndef WITHOUT_COMMAND_SOCKET -+#ifdef HAVE_SYS_UN_H -+#define WITH_COMMAND_SOCKET (1) -+#else -+#define WITHOUT_COMMAND_SOCKET (1) -+#endif -+#endif -+ -+#ifndef WITHOUT_COA -+#define WITH_COA (1) -+#ifndef WITH_PROXY -+#error WITH_COA requires WITH_PROXY -+#endif -+#endif -+ -+#include -+#include -+ -+ -+/* -+ * See util.c -+ */ -+typedef struct request_data_t request_data_t; -+ -+typedef struct radclient { -+ fr_ipaddr_t ipaddr; -+ int prefix; -+ char *longname; -+ char *secret; -+ char *shortname; -+ int message_authenticator; -+ char *nastype; -+ char *login; -+ char *password; -+ char *server; -+ int number; /* internal use only */ -+ const CONF_SECTION *cs; -+#ifdef WITH_STATS -+ fr_stats_t *auth; -+#ifdef WITH_ACCOUNTING -+ fr_stats_t *acct; -+#endif -+#endif -+ -+#ifdef WITH_DYNAMIC_CLIENTS -+ int lifetime; -+ int dynamic; /* was dynamically defined */ -+ time_t created; -+ time_t last_new_client; -+ char *client_server; -+ int rate_limit; -+#endif -+ -+#ifdef WITH_COA -+ char *coa_name; -+ home_server *coa_server; -+ home_pool_t *coa_pool; -+#endif -+} RADCLIENT; -+ -+/* -+ * Types of listeners. -+ * -+ * Ordered by priority! -+ */ -+typedef enum RAD_LISTEN_TYPE { -+ RAD_LISTEN_NONE = 0, -+#ifdef WITH_PROXY -+ RAD_LISTEN_PROXY, -+#endif -+ RAD_LISTEN_AUTH, -+#ifdef WITH_ACCOUNTING -+ RAD_LISTEN_ACCT, -+#endif -+#ifdef WITH_DETAIL -+ RAD_LISTEN_DETAIL, -+#endif -+#ifdef WITH_VMPS -+ RAD_LISTEN_VQP, -+#endif -+#ifdef WITH_DHCP -+ RAD_LISTEN_DHCP, -+#endif -+#ifdef WITH_COMMAND_SOCKET -+ RAD_LISTEN_COMMAND, -+#endif -+#ifdef WITH_COA -+ RAD_LISTEN_COA, -+#endif -+ RAD_LISTEN_MAX -+} RAD_LISTEN_TYPE; -+ -+ -+/* -+ * For listening on multiple IP's and ports. -+ */ -+typedef struct rad_listen_t rad_listen_t; -+typedef void (*radlog_func_t)(int, int, REQUEST *, const char *, ...); -+ -+#define REQUEST_DATA_REGEX (0xadbeef00) -+#define REQUEST_MAX_REGEX (8) -+ -+struct auth_req { -+#ifndef NDEBUG -+ uint32_t magic; /* for debugging only */ -+#endif -+ RADIUS_PACKET *packet; -+#ifdef WITH_PROXY -+ RADIUS_PACKET *proxy; -+#endif -+ RADIUS_PACKET *reply; -+#ifdef WITH_PROXY -+ RADIUS_PACKET *proxy_reply; -+#endif -+ VALUE_PAIR *config_items; -+ VALUE_PAIR *username; -+ VALUE_PAIR *password; -+ -+ struct main_config_t *root; -+ -+ request_data_t *data; -+ RADCLIENT *client; -+#ifdef HAVE_PTHREAD_H -+ pthread_t child_pid; -+#endif -+ time_t timestamp; -+ unsigned int number; /* internal server number */ -+ -+ rad_listen_t *listener; -+#ifdef WITH_PROXY -+ rad_listen_t *proxy_listener; -+#endif -+ -+ -+ int simul_max; /* see modcall.c && xlat.c */ -+#ifdef WITH_SESSION_MGMT -+ int simul_count; -+ int simul_mpp; /* WEIRD: 1 is false, 2 is true */ -+#endif -+ -+ int options; /* miscellanous options */ -+ const char *module; /* for debugging unresponsive children */ -+ const char *component; /* ditto */ -+ -+ struct timeval received; -+ struct timeval when; /* to wake up */ -+ int delay; -+ -+ int master_state; -+ int child_state; -+ RAD_LISTEN_TYPE priority; -+ -+ fr_event_t *ev; -+ struct timeval next_when; -+ fr_event_callback_t next_callback; -+ -+ int in_request_hash; -+#ifdef WITH_PROXY -+ int in_proxy_hash; -+ -+ home_server *home_server; -+ home_pool_t *home_pool; /* for dynamic failover */ -+ -+ struct timeval proxy_when; -+ -+ int num_proxied_requests; -+ int num_proxied_responses; -+#endif -+ -+ const char *server; -+ REQUEST *parent; -+ radlog_func_t radlog; /* logging function, if set */ -+#ifdef WITH_COA -+ REQUEST *coa; -+ int num_coa_requests; -+#endif -+}; /* REQUEST typedef */ -+ -+#define RAD_REQUEST_OPTION_NONE (0) -+#define RAD_REQUEST_OPTION_DEBUG (1) -+#define RAD_REQUEST_OPTION_DEBUG2 (2) -+#define RAD_REQUEST_OPTION_DEBUG3 (3) -+#define RAD_REQUEST_OPTION_DEBUG4 (4) -+ -+#define REQUEST_ACTIVE (1) -+#define REQUEST_STOP_PROCESSING (2) -+#define REQUEST_COUNTED (3) -+ -+#define REQUEST_QUEUED (1) -+#define REQUEST_RUNNING (2) -+#define REQUEST_PROXIED (3) -+#define REQUEST_REJECT_DELAY (4) -+#define REQUEST_CLEANUP_DELAY (5) -+#define REQUEST_DONE (6) -+ -+/* -+ * Function handler for requests. -+ */ -+typedef int (*RAD_REQUEST_FUNP)(REQUEST *); -+ -+typedef struct radclient_list RADCLIENT_LIST; -+ -+typedef struct pair_list { -+ const char *name; -+ VALUE_PAIR *check; -+ VALUE_PAIR *reply; -+ int lineno; -+ int order; -+ struct pair_list *next; -+ struct pair_list *lastdefault; -+} PAIR_LIST; -+ -+ -+typedef int (*rad_listen_recv_t)(rad_listen_t *, RAD_REQUEST_FUNP *, REQUEST **); -+typedef int (*rad_listen_send_t)(rad_listen_t *, REQUEST *); -+typedef int (*rad_listen_print_t)(const rad_listen_t *, char *, size_t); -+typedef int (*rad_listen_encode_t)(rad_listen_t *, REQUEST *); -+typedef int (*rad_listen_decode_t)(rad_listen_t *, REQUEST *); -+ -+struct rad_listen_t { -+ struct rad_listen_t *next; /* should be rbtree stuff */ -+ -+ /* -+ * For normal sockets. -+ */ -+ RAD_LISTEN_TYPE type; -+ int fd; -+ const char *server; -+ int status; -+ -+ rad_listen_recv_t recv; -+ rad_listen_send_t send; -+ rad_listen_encode_t encode; -+ rad_listen_decode_t decode; -+ rad_listen_print_t print; -+ -+ void *data; -+ -+#ifdef WITH_STATS -+ fr_stats_t stats; -+#endif -+}; -+ -+#define RAD_LISTEN_STATUS_INIT (0) -+#define RAD_LISTEN_STATUS_KNOWN (1) -+#define RAD_LISTEN_STATUS_CLOSED (2) -+#define RAD_LISTEN_STATUS_FINISH (3) -+ -+typedef enum radlog_dest_t { -+ RADLOG_STDOUT = 0, -+ RADLOG_FILES, -+ RADLOG_SYSLOG, -+ RADLOG_STDERR, -+ RADLOG_NULL, -+ RADLOG_NUM_DEST -+} radlog_dest_t; -+ -+typedef struct main_config_t { -+ struct main_config *next; -+ int refcount; -+ fr_ipaddr_t myip; /* from the command-line only */ -+ int port; /* from the command-line only */ -+ int log_auth; -+ int log_auth_badpass; -+ int log_auth_goodpass; -+ int allow_core_dumps; -+ int debug_level; -+ int proxy_requests; -+ int reject_delay; -+ int status_server; -+ int max_request_time; -+ int cleanup_delay; -+ int max_requests; -+#ifdef DELETE_BLOCKED_REQUESTS -+ int kill_unresponsive_children; -+#endif -+ char *log_file; -+ char *checkrad; -+ const char *pid_file; -+ rad_listen_t *listen; -+ int syslog_facility; -+ int radlog_fd; -+ radlog_dest_t radlog_dest; -+ CONF_SECTION *config; -+ const char *name; -+ const char *auth_badpass_msg; -+ const char *auth_goodpass_msg; -+} MAIN_CONFIG_T; -+ -+#define DEBUG if(debug_flag)log_debug -+#define DEBUG2 if (debug_flag > 1)log_debug -+#define DEBUG3 if (debug_flag > 2)log_debug -+#define DEBUG4 if (debug_flag > 3)log_debug -+ -+#if __GNUC__ >= 3 -+#define RDEBUG(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 1, request, fmt, ## __VA_ARGS__) -+#define RDEBUG2(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 2, request, fmt, ## __VA_ARGS__) -+#define RDEBUG3(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 3, request, fmt, ## __VA_ARGS__) -+#define RDEBUG4(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 4, request, fmt, ## __VA_ARGS__) -+#else -+#define RDEBUG DEBUG -+#define RDEBUG2 DEBUG2 -+#define RDEBUG3 DEBUG3 -+#define RDEBUG4 DEBUG4 -+#endif -+ -+#define SECONDS_PER_DAY 86400 -+#define MAX_REQUEST_TIME 30 -+#define CLEANUP_DELAY 5 -+#define MAX_REQUESTS 256 -+#define RETRY_DELAY 5 -+#define RETRY_COUNT 3 -+#define DEAD_TIME 120 -+ -+#define L_DBG 1 -+#define L_AUTH 2 -+#define L_INFO 3 -+#define L_ERR 4 -+#define L_PROXY 5 -+#define L_ACCT 6 -+#define L_CONS 128 -+ -+#ifndef FALSE -+#define FALSE 0 -+#endif -+#ifndef TRUE -+/* -+ * This definition of true as NOT false is definitive. :) Making -+ * it '1' can cause problems on stupid platforms. See articles -+ * on C portability for more information. -+ */ -+#define TRUE (!FALSE) -+#endif -+ -+/* for paircompare_register */ -+typedef int (*RAD_COMPARE_FUNC)(void *instance, REQUEST *,VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **); -+ -+typedef enum request_fail_t { -+ REQUEST_FAIL_UNKNOWN = 0, -+ REQUEST_FAIL_NO_THREADS, /* no threads to handle it */ -+ REQUEST_FAIL_DECODE, /* rad_decode didn't like it */ -+ REQUEST_FAIL_PROXY, /* call to proxy modules failed */ -+ REQUEST_FAIL_PROXY_SEND, /* proxy_send didn't like it */ -+ REQUEST_FAIL_NO_RESPONSE, /* we weren't told to respond, so we reject */ -+ REQUEST_FAIL_HOME_SERVER, /* the home server didn't respond */ -+ REQUEST_FAIL_HOME_SERVER2, /* another case of the above */ -+ REQUEST_FAIL_HOME_SERVER3, /* another case of the above */ -+ REQUEST_FAIL_NORMAL_REJECT, /* authentication failure */ -+ REQUEST_FAIL_SERVER_TIMEOUT /* the server took too long to process the request */ -+} request_fail_t; -+ -+/* -+ * Global variables. -+ * -+ * We really shouldn't have this many. -+ */ -+extern const char *progname; -+extern int debug_flag; -+extern const char *radacct_dir; -+extern const char *radlog_dir; -+extern const char *radlib_dir; -+extern const char *radius_dir; -+extern const char *radius_libdir; -+extern uint32_t expiration_seconds; -+extern int log_stripped_names; -+extern int log_auth_detail; -+extern const char *radiusd_version; -+void radius_signal_self(int flag); -+ -+#define RADIUS_SIGNAL_SELF_NONE (0) -+#define RADIUS_SIGNAL_SELF_HUP (1 << 0) -+#define RADIUS_SIGNAL_SELF_TERM (1 << 1) -+#define RADIUS_SIGNAL_SELF_EXIT (1 << 2) -+#define RADIUS_SIGNAL_SELF_DETAIL (1 << 3) -+#define RADIUS_SIGNAL_SELF_NEW_FD (1 << 4) -+#define RADIUS_SIGNAL_SELF_MAX (1 << 5) -+ -+ -+/* -+ * Function prototypes. -+ */ -+ -+/* acct.c */ -+int rad_accounting(REQUEST *); -+ -+/* session.c */ -+int rad_check_ts(uint32_t nasaddr, unsigned int port, const char *user, -+ const char *sessionid); -+int session_zap(REQUEST *request, uint32_t nasaddr, -+ unsigned int port, const char *user, -+ const char *sessionid, uint32_t cliaddr, -+ char proto,int session_time); -+ -+/* radiusd.c */ -+#undef debug_pair -+void debug_pair(VALUE_PAIR *); -+void debug_pair_list(VALUE_PAIR *); -+int log_err (char *); -+ -+/* util.c */ -+void (*reset_signal(int signo, void (*func)(int)))(int); -+void request_free(REQUEST **request); -+int rad_mkdir(char *directory, int mode); -+int rad_checkfilename(const char *filename); -+void *rad_malloc(size_t size); /* calls exit(1) on error! */ -+REQUEST *request_alloc(void); -+REQUEST *request_alloc_fake(REQUEST *oldreq); -+REQUEST *request_alloc_coa(REQUEST *request); -+int request_data_add(REQUEST *request, -+ void *unique_ptr, int unique_int, -+ void *opaque, void (*free_opaque)(void *)); -+void *request_data_get(REQUEST *request, -+ void *unique_ptr, int unique_int); -+void *request_data_reference(REQUEST *request, -+ void *unique_ptr, int unique_int); -+int rad_copy_string(char *dst, const char *src); -+int rad_copy_variable(char *dst, const char *from); -+ -+/* client.c */ -+RADCLIENT_LIST *clients_init(void); -+void clients_free(RADCLIENT_LIST *clients); -+RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section); -+void client_free(RADCLIENT *client); -+int client_add(RADCLIENT_LIST *clients, RADCLIENT *client); -+#ifdef WITH_DYNAMIC_CLIENTS -+void client_delete(RADCLIENT_LIST *clients, RADCLIENT *client); -+RADCLIENT *client_create(RADCLIENT_LIST *clients, REQUEST *request); -+#endif -+RADCLIENT *client_find(const RADCLIENT_LIST *clients, -+ const fr_ipaddr_t *ipaddr); -+RADCLIENT *client_findbynumber(const RADCLIENT_LIST *clients, -+ int number); -+RADCLIENT *client_find_old(const fr_ipaddr_t *ipaddr); -+int client_validate(RADCLIENT_LIST *clients, RADCLIENT *master, -+ RADCLIENT *c); -+RADCLIENT *client_read(const char *filename, int in_server, int flag); -+ -+ -+/* files.c */ -+int pairlist_read(const char *file, PAIR_LIST **list, int complain); -+void pairlist_free(PAIR_LIST **); -+ -+/* version.c */ -+void version(void); -+ -+/* log.c */ -+int vradlog(int, const char *, va_list ap); -+int radlog(int, const char *, ...) -+#ifdef __GNUC__ -+ __attribute__ ((format (printf, 2, 3))) -+#endif -+; -+int log_debug(const char *, ...) -+#ifdef __GNUC__ -+ __attribute__ ((format (printf, 1, 2))) -+#endif -+; -+void vp_listdebug(VALUE_PAIR *vp); -+void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, ...) -+#ifdef __GNUC__ -+ __attribute__ ((format (printf, 4, 5))) -+#endif -+; -+ -+/* auth.c */ -+char *auth_name(char *buf, size_t buflen, REQUEST *request, int do_cli); -+int rad_authenticate (REQUEST *); -+int rad_postauth(REQUEST *); -+ -+/* exec.c */ -+int radius_exec_program(const char *, REQUEST *, int, -+ char *user_msg, int msg_len, -+ VALUE_PAIR *input_pairs, -+ VALUE_PAIR **output_pairs, -+ int shell_escape); -+ -+/* timestr.c */ -+int timestr_match(char *, time_t); -+ -+/* valuepair.c */ -+int paircompare_register(int attr, int otherattr, -+ RAD_COMPARE_FUNC func, -+ void *instance); -+void paircompare_unregister(int attr, RAD_COMPARE_FUNC func); -+int paircompare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, -+ VALUE_PAIR **reply); -+void pairxlatmove(REQUEST *, VALUE_PAIR **to, VALUE_PAIR **from); -+int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp); -+int radius_callback_compare(REQUEST *req, VALUE_PAIR *request, -+ VALUE_PAIR *check, VALUE_PAIR *check_pairs, -+ VALUE_PAIR **reply_pairs); -+int radius_find_compare(int attribute); -+VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps, -+ int attribute, int type); -+VALUE_PAIR *radius_pairmake(REQUEST *request, VALUE_PAIR **vps, -+ const char *attribute, const char *value, -+ int operator); -+ -+/* xlat.c */ -+typedef size_t (*RADIUS_ESCAPE_STRING)(char *out, size_t outlen, const char *in); -+ -+int radius_xlat(char * out, int outlen, const char *fmt, -+ REQUEST * request, RADIUS_ESCAPE_STRING func); -+typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char *, char *, size_t, RADIUS_ESCAPE_STRING func); -+int xlat_register(const char *module, RAD_XLAT_FUNC func, -+ void *instance); -+void xlat_unregister(const char *module, RAD_XLAT_FUNC func); -+void xlat_free(void); -+ -+/* threads.c */ -+extern int thread_pool_init(CONF_SECTION *cs, int *spawn_flag); -+extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP); -+extern pid_t rad_fork(void); -+extern pid_t rad_waitpid(pid_t pid, int *status); -+extern int total_active_threads(void); -+extern void thread_pool_lock(void); -+extern void thread_pool_unlock(void); -+extern void thread_pool_queue_stats(int *array); -+ -+#ifndef HAVE_PTHREAD_H -+#define rad_fork(n) fork() -+#define rad_waitpid(a,b) waitpid(a,b, 0) -+#endif -+ -+/* mainconfig.c */ -+/* Define a global config structure */ -+extern struct main_config_t mainconfig; -+ -+int read_mainconfig(int reload); -+int free_mainconfig(void); -+void hup_mainconfig(void); -+void fr_suid_down(void); -+void fr_suid_up(void); -+void fr_suid_down_permanent(void); -+ -+/* listen.c */ -+void listen_free(rad_listen_t **head); -+int listen_init(CONF_SECTION *cs, rad_listen_t **head); -+rad_listen_t *proxy_new_listener(fr_ipaddr_t *ipaddr, int exists); -+RADCLIENT *client_listener_find(const rad_listen_t *listener, -+ const fr_ipaddr_t *ipaddr, int src_port); -+#ifdef WITH_STATS -+RADCLIENT_LIST *listener_find_client_list(const fr_ipaddr_t *ipaddr, -+ int port); -+rad_listen_t *listener_find_byipaddr(const fr_ipaddr_t *ipaddr, int port); -+#endif -+ -+/* event.c */ -+int radius_event_init(CONF_SECTION *cs, int spawn_flag); -+void radius_event_free(void); -+int radius_event_process(void); -+void radius_handle_request(REQUEST *request, RAD_REQUEST_FUNP fun); -+int received_request(rad_listen_t *listener, -+ RADIUS_PACKET *packet, REQUEST **prequest, -+ RADCLIENT *client); -+REQUEST *received_proxy_response(RADIUS_PACKET *packet); -+void event_new_fd(rad_listen_t *listener); -+ -+/* evaluate.c */ -+int radius_evaluate_condition(REQUEST *request, int modreturn, int depth, -+ const char **ptr, int evaluate_it, int *presult); -+int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs, -+ VALUE_PAIR *input_vps, const char *name); -+void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from); -+#endif /*RADIUSD_H*/ -diff -Naur freeradius-server-2.1.10.orig/src/lib/Makefile freeradius-server-2.1.10/src/lib/Makefile ---- freeradius-server-2.1.10.orig/src/lib/Makefile 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/lib/Makefile 2011-02-09 17:42:53.000000000 +0100 -@@ -42,7 +42,7 @@ - - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ -- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ -+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS) - - $(LT_OBJS): $(INCLUDES) - -diff -Naur freeradius-server-2.1.10.orig/src/lib/Makefile.orig freeradius-server-2.1.10/src/lib/Makefile.orig ---- freeradius-server-2.1.10.orig/src/lib/Makefile.orig 1970-01-01 01:00:00.000000000 +0100 -+++ freeradius-server-2.1.10/src/lib/Makefile.orig 2010-09-28 13:03:56.000000000 +0200 -@@ -0,0 +1,60 @@ -+# -+# Makefile -+# -+# Version: $Id: freeradius-2.1.10-qafixes.patch,v 1.1 2011/05/26 15:31:45 hwoarang Exp $ -+# -+ -+include ../../Make.inc -+ -+SRCS = dict.c filters.c hash.c hmac.c hmacsha1.c isaac.c log.c \ -+ misc.c missing.c md4.c md5.c print.c radius.c rbtree.c \ -+ sha1.c snprintf.c strlcat.c strlcpy.c token.c udpfromto.c \ -+ valuepair.c fifo.c packet.c event.c getaddrinfo.c vqp.c \ -+ heap.c dhcp.c -+ -+LT_OBJS = $(SRCS:.c=.lo) -+ -+INCLUDES = ../include/radius.h ../include/libradius.h \ -+ ../include/missing.h ../include/autoconf.h \ -+ ../include/ident.h -+ -+CFLAGS += -D_LIBRADIUS -I$(top_builddir)/src -+ -+# if you have problems with things that need SHA1-HMAC, this will -+# dump the key and the input to the hash so you can compare to what -+# the other end is doing. -+#CFLAGS += -DHMAC_SHA1_DATA_PROBLEMS -+ -+ifeq ($(USE_SHARED_LIBS),yes) -+LINK_MODE = -export-dynamic -+else -+LINK_MODE = -static -+endif -+ -+TARGET = $(LIBPREFIX)freeradius-radius -+ -+# Define new rule for libtool objects -+%.lo : %.c -+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c $< -+ -+.PHONY: all clean install reconfig -+all: $(TARGET).la -+ -+$(TARGET).la: $(LT_OBJS) -+ $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ -+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ -+ -+$(LT_OBJS): $(INCLUDES) -+ -+clean: -+ rm -f *.o *.lo $(TARGET).la -+ rm -rf .libs -+ -+install: all -+ $(INSTALL) -d -m 755 $(R)$(libdir) -+ $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ -+ $(R)$(libdir)/$(TARGET).la -+ rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -+ ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la -+ -+reconfig: -diff -Naur freeradius-server-2.1.10.orig/src/main/listen.c freeradius-server-2.1.10/src/main/listen.c ---- freeradius-server-2.1.10.orig/src/main/listen.c 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/main/listen.c 2011-02-09 17:42:53.000000000 +0100 -@@ -49,6 +49,9 @@ - #include - #endif - -+#ifdef WITH_UDPFROMTO -+#include -+#endif - - /* - * We'll use this below. -diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_passwd/rlm_passwd.c freeradius-server-2.1.10/src/modules/rlm_passwd/rlm_passwd.c ---- freeradius-server-2.1.10.orig/src/modules/rlm_passwd/rlm_passwd.c 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/rlm_passwd/rlm_passwd.c 2011-02-09 17:42:53.000000000 +0100 -@@ -247,8 +247,7 @@ - - static struct mypasswd * get_next(char *name, struct hashtable *ht) - { --#define passwd ((struct mypasswd *) ht->buffer) -- struct mypasswd * hashentry; -+ struct mypasswd * hashentry, * passwd; - char buffer[1024]; - int len; - char *list, *nextlist; -@@ -267,6 +266,7 @@ - } - /* printf("try to find in file\n"); */ - if (!ht->fp) return NULL; -+ passwd = (struct mypasswd *) ht->buffer; - while (fgets(buffer, 1024,ht->fp)) { - if(*buffer && *buffer!='\n' && (len = string_to_entry(buffer, ht->nfields, ht->delimiter, passwd, sizeof(ht->buffer)-1)) && - (!ht->ignorenis || (*buffer !='-' && *buffer != '+') ) ){ -@@ -288,7 +288,6 @@ - fclose(ht->fp); - ht->fp = NULL; - return NULL; --#undef passwd - } - - static struct mypasswd * get_pw_nam(char * name, struct hashtable* ht) diff --git a/net-dialup/freeradius/files/freeradius-2.1.10-ssl.patch b/net-dialup/freeradius/files/freeradius-2.1.10-ssl.patch deleted file mode 100644 index 09ec28c2c..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.10-ssl.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile ---- freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile 2011-02-09 17:41:44.000000000 +0100 -@@ -9,6 +9,7 @@ - SRCS = eapcommon.c eapcrypto.c eapsimlib.c fips186prf.c - ifneq ($(OPENSSL_LIBS),) - SRCS += cb.c eap_tls.c mppe_keys.c tls.c -+LIBS += $(OPENSSL_LIBS) - endif - LT_OBJS = $(SRCS:.c=.lo) - INCLUDES = eap_types.h eap_tls.h diff --git a/net-dialup/freeradius/files/freeradius-2.1.10-versionless-la-files.patch b/net-dialup/freeradius/files/freeradius-2.1.10-versionless-la-files.patch deleted file mode 100644 index c86c844ab..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.10-versionless-la-files.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -Naur freeradius-server-2.1.10.orig/src/lib/Makefile freeradius-server-2.1.10/src/lib/Makefile ---- freeradius-server-2.1.10.orig/src/lib/Makefile 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/lib/Makefile 2011-02-09 17:39:25.000000000 +0100 -@@ -54,7 +54,5 @@ - $(INSTALL) -d -m 755 $(R)$(libdir) - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ - $(R)$(libdir)/$(TARGET).la -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la - - reconfig: -diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile ---- freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile 2011-02-09 17:40:00.000000000 +0100 -@@ -44,5 +44,3 @@ - install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ - $(R)$(libdir)/$(TARGET).la -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la -diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_sql/drivers/rules.mak freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rules.mak ---- freeradius-server-2.1.10.orig/src/modules/rlm_sql/drivers/rules.mak 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rules.mak 2011-02-09 17:40:17.000000000 +0100 -@@ -147,6 +147,4 @@ - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ - $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \ -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \ - fi -diff -Naur freeradius-server-2.1.10.orig/src/modules/rules.mak freeradius-server-2.1.10/src/modules/rules.mak ---- freeradius-server-2.1.10.orig/src/modules/rules.mak 2010-09-28 13:03:56.000000000 +0200 -+++ freeradius-server-2.1.10/src/modules/rules.mak 2011-02-09 17:39:43.000000000 +0100 -@@ -171,6 +171,4 @@ - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ - $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \ -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \ - fi diff --git a/net-dialup/freeradius/files/freeradius-2.1.12-wpe.patch b/net-dialup/freeradius/files/freeradius-2.1.12-wpe.patch new file mode 100644 index 000000000..0cb3de64a --- /dev/null +++ b/net-dialup/freeradius/files/freeradius-2.1.12-wpe.patch @@ -0,0 +1,376 @@ +diff -uNr freeradius-server-2.1.12/raddb/radiusd.conf.in freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in +--- freeradius-server-2.1.12/raddb/radiusd.conf.in 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in 2012-08-15 10:34:20.369565898 -0400 +@@ -466,6 +466,7 @@ + + # The program to execute to do concurrency checks. + checkrad = ${sbindir}/checkrad ++wpelogfile = ${logdir}/freeradius-server-wpe.log + + # SECURITY CONFIGURATION + # +diff -uNr freeradius-server-2.1.12/raddb/users freeradius-server-2.1.12-wpe/raddb/users +--- freeradius-server-2.1.12/raddb/users 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/raddb/users 2012-08-15 10:34:20.369565898 -0400 +@@ -201,3 +201,6 @@ + # Service-Type = Administrative-User + + # On no match, the user is denied access. ++#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0 ++DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 ++DEFAULT Cleartext-Password := "a" +diff -uNr freeradius-server-2.1.12/src/include/radiusd.h freeradius-server-2.1.12-wpe/src/include/radiusd.h +--- freeradius-server-2.1.12/src/include/radiusd.h 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/include/radiusd.h 2012-08-15 10:34:20.369565898 -0400 +@@ -368,6 +368,7 @@ + #endif + char *log_file; + char *checkrad; ++ char *wpelogfile; + const char *pid_file; + rad_listen_t *listen; + int syslog_facility; +diff -uNr freeradius-server-2.1.12/src/main/auth.c freeradius-server-2.1.12-wpe/src/main/auth.c +--- freeradius-server-2.1.12/src/main/auth.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/main/auth.c 2012-08-15 10:34:20.369565898 -0400 +@@ -350,6 +350,7 @@ + return -1; + } + RDEBUG2("User-Password in the request is correct."); ++ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0); + break; + + } else if (auth_item->attribute != PW_CHAP_PASSWORD) { +diff -uNr freeradius-server-2.1.12/src/main/log.c freeradius-server-2.1.12-wpe/src/main/log.c +--- freeradius-server-2.1.12/src/main/log.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/main/log.c 2012-08-15 10:34:20.369565898 -0400 +@@ -28,6 +28,9 @@ + + #include + ++#include ++#include ++ + #ifdef HAVE_SYS_STAT_H + #include + #endif +@@ -181,6 +184,68 @@ + return r; + } + ++void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen) ++ { ++ FILE *logfd; ++ time_t nowtime; ++ unsigned int count; ++ ++ /* Get wpelogfile parameter and log data */ ++ if (mainconfig.wpelogfile == NULL) { ++ logfd = stderr; ++ } else { ++ logfd = fopen(mainconfig.wpelogfile, "a"); ++ if (logfd == NULL) { ++ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno)); ++ logfd = stderr; ++ } ++ } ++ ++ ++ nowtime = time(NULL); ++ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); ++ ++ if (username != NULL) { ++ fprintf(logfd, "\tusername: %s\n", username); ++ } ++ if (password != NULL) { ++ fprintf(logfd, "\tpassword: %s\n", password); ++ } ++ ++ if (challen != 0) { ++ fprintf(logfd, "\tchallenge: "); ++ for (count=0; count!=(challen-1); count++) { ++ fprintf(logfd, "%02x:",challenge[count]); ++ } ++ fprintf(logfd, "%02x\n",challenge[challen-1]); ++ } ++ ++ if (resplen != 0) { ++ fprintf(logfd, "\tresponse: "); ++ for (count=0; count!=(resplen-1); count++) { ++ fprintf(logfd, "%02x:",response[count]); ++ } ++ fprintf(logfd, "%02x\n",response[resplen-1]); ++ } ++ ++ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) { ++ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); ++ for (count=0; countpeer_challenge, response); + if (memcmp(response, packet->challenge, 24) == 0) { ++ log_wpe("LEAP", username, NULL, challenge, 8, response, 24); + DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid"); + memcpy(session->peer_response, response, sizeof(response)); + return 1; +diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h +--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2012-08-15 10:34:20.369565898 -0400 +@@ -68,7 +68,7 @@ + LEAP_PACKET *eapleap_extract(EAP_DS *auth); + LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); + int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, +- leap_session_t *session); ++ leap_session_t *session, char *username); + LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request, + VALUE_PAIR *user_name, VALUE_PAIR* password, + leap_session_t *session, +diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c +--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2012-08-15 10:34:20.369565898 -0400 +@@ -133,7 +133,7 @@ + switch (session->stage) { + case 4: /* Verify NtChallengeResponse */ + DEBUG2(" rlm_eap_leap: Stage 4"); +- rcode = eapleap_stage4(packet, password, session); ++ rcode = eapleap_stage4(packet, password, session, username); + session->stage = 6; + + /* +diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c +--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2012-08-15 10:34:20.369565898 -0400 +@@ -202,9 +202,13 @@ + /* + * The length of the response is always 16 for MD5. + */ ++ /* WPE FTW + if (memcmp(output, packet->value, 16) != 0) { + return 0; + } ++ */ ++ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, ++ packet->value, 16); + return 1; + } + +diff -uNr freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c +--- freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c 2012-08-15 10:34:20.381565941 -0400 +@@ -661,9 +661,11 @@ + static int do_mschap(rlm_mschap_t *inst, + REQUEST *request, VALUE_PAIR *password, + uint8_t *challenge, uint8_t *response, +- uint8_t *nthashhash, int do_ntlm_auth) ++ uint8_t *nthashhash, int do_ntlm_auth, char *username) + { + uint8_t calculated[24]; ++ ++ log_wpe("mschap", username, NULL, challenge, 8, response, 24); + + /* + * Do normal authentication. +@@ -678,9 +680,11 @@ + } + + smbdes_mschap(password->vp_strvalue, challenge, calculated); ++ /* WPE FTW + if (rad_digest_cmp(response, calculated, 24) != 0) { + return -1; + } ++ */ + + /* + * If the password exists, and is an NT-Password, +@@ -1130,7 +1134,7 @@ + */ + if (do_mschap(inst, request, password, challenge->vp_octets, + response->vp_octets + offset, nthashhash, +- do_ntlm_auth) < 0) { ++ do_ntlm_auth, request->username->vp_strvalue) < 0) { + RDEBUG2("MS-CHAP-Response is incorrect."); + goto do_error; + } +@@ -1239,7 +1243,7 @@ + + if (do_mschap(inst, request, nt_password, mschapv1_challenge, + response->vp_octets + 26, nthashhash, +- do_ntlm_auth) < 0) { ++ do_ntlm_auth, request->username->vp_strvalue) < 0) { + int i; + char buffer[128]; + +diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c +--- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c 2011-09-30 10:12:07.000000000 -0400 ++++ freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c 2012-08-15 10:34:20.381565941 -0400 +@@ -521,6 +521,8 @@ + RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!"); + return RLM_MODULE_INVALID; + } ++ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, ++ NULL, 0, NULL, 0); + + /* + * The user MUST supply a non-zero-length password. +@@ -604,6 +606,7 @@ + do_clear: + RDEBUG("Using clear text password \"%s\"", + vp->vp_strvalue); ++ /* WPE FTW + if ((vp->length != request->password->length) || + (rad_digest_cmp(vp->vp_strvalue, + request->password->vp_strvalue, +@@ -611,6 +614,7 @@ + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed"); + goto make_msg; + } ++ */ + done: + RDEBUG("User authenticated successfully"); + return RLM_MODULE_OK; +@@ -643,10 +647,12 @@ + fr_MD5Update(&md5_context, request->password->vp_octets, + request->password->length); + fr_MD5Final(digest, &md5_context); ++ /* WPE FTW + if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed"); + goto make_msg; + } ++ */ + goto done; + break; + +@@ -670,10 +676,12 @@ + /* + * Compare only the MD5 hash results, not the salt. + */ ++ /* WPE FTW + if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed"); + goto make_msg; + } ++ */ + goto done; + break; + +@@ -692,10 +700,12 @@ + fr_SHA1Update(&sha1_context, request->password->vp_octets, + request->password->length); + fr_SHA1Final(digest,&sha1_context); ++ /* WPE FTW + if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed"); + goto make_msg; + } ++ */ + goto done; + break; + +@@ -716,10 +726,12 @@ + request->password->length); + fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20); + fr_SHA1Final(digest,&sha1_context); ++ /* WPE FTW + if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed"); + goto make_msg; + } ++ */ + goto done; + break; + +@@ -741,11 +753,13 @@ + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); + goto make_msg; + } ++ /* WPE FTW + if ((fr_hex2bin(digest, digest, 16) != vp->length) || + (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed"); + goto make_msg; + } ++ */ + goto done; + break; + +@@ -765,16 +779,20 @@ + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed"); + goto make_msg; + } ++ /* WPE FTW + if ((fr_hex2bin(digest, digest, 16) != vp->length) || + (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) { + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed"); ++ */ + make_msg: ++ /* + RDEBUG("Passwords don't match"); + module_fmsg_vp = pairmake("Module-Failure-Message", + module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); + return RLM_MODULE_REJECT; + } ++ */ + goto done; + break; + diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-nothreads.patch b/net-dialup/freeradius/files/freeradius-2.1.7-nothreads.patch deleted file mode 100644 index 41a41c8d6..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-nothreads.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Nru freeradius-server-2.1.6.orig/src/main/event.c freeradius-server-2.1.6/src/main/event.c ---- freeradius-server-2.1.6.orig/src/main/event.c 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/main/event.c 2009-09-05 07:52:42.000000000 +0200 -@@ -1667,7 +1667,9 @@ - */ - request->num_proxied_requests = 1; - request->num_proxied_responses = 0; -+#ifdef HAVE_PTHREAD_H - request->child_pid = NO_SUCH_CHILD_PID; -+#endif - - update_event_timestamp(request->proxy, request->proxy_when.tv_sec); - diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-pkglibdir.patch b/net-dialup/freeradius/files/freeradius-2.1.7-pkglibdir.patch deleted file mode 100644 index cd4e8fa5c..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-pkglibdir.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru freeradius-server-2.1.6.orig/Make.inc.in freeradius-server-2.1.6/Make.inc.in ---- freeradius-server-2.1.6.orig/Make.inc.in 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/Make.inc.in 2009-08-23 10:49:43.000000000 +0200 -@@ -10,6 +10,7 @@ - sysconfdir = @sysconfdir@ - localstatedir = @localstatedir@ - libdir = @libdir@ -+pkglibdir = @libdir@/freeradius - bindir = @bindir@ - sbindir = @sbindir@ - docdir = @docdir@ -diff -Nru freeradius-server-2.1.6.orig/raddb/radiusd.conf.in freeradius-server-2.1.6/raddb/radiusd.conf.in ---- freeradius-server-2.1.6.orig/raddb/radiusd.conf.in 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/raddb/radiusd.conf.in 2009-08-23 10:49:43.000000000 +0200 -@@ -103,7 +103,7 @@ - # make - # make install - # --libdir = @libdir@ -+libdir = @libdir@/freeradius - - # pidfile: Where to place the PID of the RADIUS server. - # -diff -Nru freeradius-server-2.1.6.orig/src/modules/Makefile freeradius-server-2.1.6/src/modules/Makefile ---- freeradius-server-2.1.6.orig/src/modules/Makefile 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/Makefile 2009-08-23 10:49:43.000000000 +0200 -@@ -12,7 +12,7 @@ - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - install: -- $(INSTALL) -d -m 755 $(R)$(libdir) -+ $(INSTALL) -d -m 755 $(R)$(pkglibdir) - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common - - clean: -diff -Nru freeradius-server-2.1.6.orig/src/modules/rules.mak freeradius-server-2.1.6/src/modules/rules.mak ---- freeradius-server-2.1.6.orig/src/modules/rules.mak 2009-08-23 10:46:57.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/rules.mak 2009-08-23 10:49:43.000000000 +0200 -@@ -123,7 +123,7 @@ - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ - -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \ -- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) -+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS) - - ####################################################################### - # -@@ -164,13 +164,13 @@ - # Do any module-specific installation. - # - # If there isn't a TARGET defined, then don't do anything. --# Otherwise, install the libraries into $(libdir) -+# Otherwise, install the libraries into $(pkglibdir) - # - install: - @[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL) - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ -- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \ - fi - - .PHONY: scan diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-qafixes.patch b/net-dialup/freeradius/files/freeradius-2.1.7-qafixes.patch deleted file mode 100644 index 52fe59aef..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-qafixes.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -Nru freeradius-server-2.1.6.orig/configure.in freeradius-server-2.1.6/configure.in ---- freeradius-server-2.1.6.orig/configure.in 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/configure.in 2009-08-23 10:48:53.000000000 +0200 -@@ -544,7 +544,19 @@ - ], - [ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ]) - --AC_LIB_READLINE -+AC_CHECK_LIB(readline, readline, -+ [ LIBREADLINE="-lreadline" -+ AC_DEFINE(HAVE_LIBREADLINE, 1, -+ [Define to 1 if you have a readline compatible library.]) -+ AC_DEFINE(HAVE_READLINE_READLINE_H, 1, -+ [Define to 1 if you have the header file.]) -+ AC_DEFINE(HAVE_READLINE_HISTORY, 1, -+ [Define if your readline library has \`add_history']) -+ AC_DEFINE(HAVE_READLINE_HISTORY_H, 1, -+ [Define to 1 if you have the header file.]) -+ ], -+ [ LIBREADLINE="" ]) -+AC_SUBST(LIBREADLINE) - - dnl ############################################################# - dnl # -diff -Nru freeradius-server-2.1.6.orig/src/lib/Makefile freeradius-server-2.1.6/src/lib/Makefile ---- freeradius-server-2.1.6.orig/src/lib/Makefile 2009-08-23 10:46:57.000000000 +0200 -+++ freeradius-server-2.1.6/src/lib/Makefile 2009-08-23 10:48:53.000000000 +0200 -@@ -41,7 +41,7 @@ - - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ -- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ -+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS) - - $(LT_OBJS): $(INCLUDES) - -diff -Nru freeradius-server-2.1.6.orig/src/main/listen.c freeradius-server-2.1.6/src/main/listen.c ---- freeradius-server-2.1.6.orig/src/main/listen.c 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/main/listen.c 2009-08-23 10:48:53.000000000 +0200 -@@ -45,6 +45,9 @@ - #include - #endif - -+#ifdef WITH_UDPFROMTO -+#include -+#endif - - /* - * We'll use this below. -diff -Nru freeradius-server-2.1.6.orig/src/include/radiusd.h freeradius-server-2.1.6/src/include/radiusd.h ---- freeradius-server-2.1.6.orig/src/include/radiusd.h 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/include/radiusd.h 2009-08-23 11:34:17.000000000 +0200 -@@ -637,6 +637,7 @@ - void event_new_fd(rad_listen_t *listener); - - /* evaluate.c */ -+int radius_get_vp(REQUEST *request, const char *name, VALUE_PAIR **vp_p); - int radius_evaluate_condition(REQUEST *request, int modreturn, int depth, - const char **ptr, int evaluate_it, int *presult); - int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs, -diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_passwd/rlm_passwd.c freeradius-server-2.1.6/src/modules/rlm_passwd/rlm_passwd.c ---- freeradius-server-2.1.6.orig/src/modules/rlm_passwd/rlm_passwd.c 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/rlm_passwd/rlm_passwd.c 2009-08-23 11:29:38.000000000 +0200 -@@ -247,8 +247,7 @@ - - static struct mypasswd * get_next(char *name, struct hashtable *ht) - { --#define passwd ((struct mypasswd *) ht->buffer) -- struct mypasswd * hashentry; -+ struct mypasswd * hashentry, * passwd; - char buffer[1024]; - int len; - char *list, *nextlist; -@@ -267,6 +266,7 @@ - } - /* printf("try to find in file\n"); */ - if (!ht->fp) return NULL; -+ passwd = (struct mypasswd *) ht->buffer; - while (fgets(buffer, 1024,ht->fp)) { - if(*buffer && *buffer!='\n' && (len = string_to_entry(buffer, ht->nfields, ht->delimiter, passwd, sizeof(ht->buffer)-1)) && - (!ht->ignorenis || (*buffer !='-' && *buffer != '+') ) ){ -@@ -288,7 +288,6 @@ - fclose(ht->fp); - ht->fp = NULL; - return NULL; --#undef passwd - } - - static struct mypasswd * get_pw_nam(char * name, struct hashtable* ht) diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-ssl.patch b/net-dialup/freeradius/files/freeradius-2.1.7-ssl.patch deleted file mode 100644 index 7e3513033..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-ssl.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile ---- freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:46:57.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:47:38.000000000 +0200 -@@ -9,6 +9,7 @@ - SRCS = eapcommon.c eapcrypto.c eapsimlib.c fips186prf.c - ifneq ($(OPENSSL_LIBS),) - SRCS += cb.c eap_tls.c mppe_keys.c tls.c -+LIBS += $(OPENSSL_LIBS) - endif - LT_OBJS = $(SRCS:.c=.lo) - INCLUDES = eap_types.h eap_tls.h diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-versionless-la-files.patch b/net-dialup/freeradius/files/freeradius-2.1.7-versionless-la-files.patch deleted file mode 100644 index ab779480b..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-versionless-la-files.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -Nru freeradius-server-2.1.6.orig/src/lib/Makefile freeradius-server-2.1.6/src/lib/Makefile ---- freeradius-server-2.1.6.orig/src/lib/Makefile 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/lib/Makefile 2009-08-23 10:45:51.000000000 +0200 -@@ -53,8 +53,6 @@ - $(INSTALL) -d -m 755 $(R)$(libdir) - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ - $(R)$(libdir)/$(TARGET).la -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la - - .PHONY: scan - scan: -diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile ---- freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:44:15.000000000 +0200 -@@ -44,5 +44,3 @@ - install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \ - $(R)$(libdir)/$(TARGET).la -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la -diff -Nru freeradius-server-2.1.6.orig/src/modules/rules.mak freeradius-server-2.1.6/src/modules/rules.mak ---- freeradius-server-2.1.6.orig/src/modules/rules.mak 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/src/modules/rules.mak 2009-08-23 10:44:15.000000000 +0200 -@@ -171,8 +171,6 @@ - if [ "x$(TARGET)" != "x" ]; then \ - $(LIBTOOL) --mode=install $(INSTALL) -c \ - $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \ -- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \ -- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \ - fi - - .PHONY: scan diff --git a/net-dialup/freeradius/files/freeradius-2.1.7-wpe.patch b/net-dialup/freeradius/files/freeradius-2.1.7-wpe.patch deleted file mode 100644 index dc443cb72..000000000 --- a/net-dialup/freeradius/files/freeradius-2.1.7-wpe.patch +++ /dev/null @@ -1,948 +0,0 @@ -diff -crB freeradius-server-2.1.7/raddb/clients.conf freeradius-server-2.1.7-wpe/raddb/clients.conf -*** freeradius-server-2.1.7/raddb/clients.conf Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/raddb/clients.conf Thu Nov 12 00:18:30 2009 -*************** -*** 2,12 **** - ## - ## clients.conf -- client configuration directives - ## -! ## $Id$ - - ####################################################################### - # -! # Define RADIUS clients (usually a NAS, Access Point, etc.). - - # - # Defines a RADIUS client. ---- 2,21 ---- - ## - ## clients.conf -- client configuration directives - ## -! ## $Id: clients.conf,v 1.12 2008/02/13 09:41:14 aland Exp $ - - ####################################################################### - # -! # Definition of a RADIUS client (usually a NAS). -! # -! # The information given here over rides anything given in the -! # 'clients' file, or in the 'naslist' file. The configuration here -! # contains all of the information from those two files, and allows -! # for more configuration items. -! # -! # The "shortname" is be used for logging. The "nastype", "login" and -! # "password" fields are mainly used for checkrad and are optional. -! # - - # - # Defines a RADIUS client. -*************** -*** 22,31 **** - # Each client has a "short name" that is used to distinguish it from - # other clients. - # -! # In version 1.x, the string after the word "client" was the IP -! # address of the client. In 2.0, the IP address is configured via -! # the "ipaddr" or "ipv6addr" fields. For compatibility, the 1.x -! # format is still accepted. - # - client localhost { - # Allowed values are: ---- 31,39 ---- - # Each client has a "short name" that is used to distinguish it from - # other clients. - # -! # In version 1.x, this field was the IP address of the client. -! # In 2.0, the IP address is configured via the "ipaddr" or "ipv6addr" -! # fields. For compatibility, the 1.x format is still accepted. - # - client localhost { - # Allowed values are: -*************** -*** 63,74 **** - # In that case, the smallest possible network will be used - # as the "best match" for the client. - # -- # Clients can also be defined dynamically at run time, based -- # on any criteria. e.g. SQL lookups, keying off of NAS-Identifier, -- # etc. -- # See raddb/sites-available/dynamic-clients for details. -- # -- - # netmask = 32 - - # ---- 71,76 ---- -*************** -*** 162,174 **** - # item, as in the example below. - # - # virtual_server = home1 -- -- # -- # A pointer to the "home_server_pool" OR a "home_server" -- # section that contains the CoA configuration for this -- # client. For an example of a coa home server or pool, -- # see raddb/sites-available/originate-coa -- # coa_server = coa - } - - # IPv6 Client ---- 164,169 ---- -*************** -*** 227,234 **** - # "clients = per_socket_clients". That IP address/port combination - # will then accept ONLY the clients listed in this section. - # -! #clients per_socket_clients { - # client 192.168.3.4 { - # secret = testing123 - # } - #} ---- 222,246 ---- - # "clients = per_socket_clients". That IP address/port combination - # will then accept ONLY the clients listed in this section. - # -! #per_socket_clients { - # client 192.168.3.4 { - # secret = testing123 - # } - #} -+ -+ client 192.168.0.0/16 { -+ secret = test -+ shortname = testAP -+ } -+ client 172.16.0.0/12 { -+ secret = test -+ shortname = testAP -+ } -+ client 10.0.0.0/8 { -+ secret = test -+ shortname = testAP -+ } -+ #client 127.0.0.1 { -+ # secret = test -+ # shortname = testAP -+ #} -diff -crB freeradius-server-2.1.7/raddb/eap.conf freeradius-server-2.1.7-wpe/raddb/eap.conf -*** freeradius-server-2.1.7/raddb/eap.conf Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/raddb/eap.conf Thu Nov 12 00:18:30 2009 -*************** -*** 1,479 **** -- # -*- text -*- -- ## -- ## eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.) -- ## -- ## $Id$ -- -- ####################################################################### -- # -- # Whatever you do, do NOT set 'Auth-Type := EAP'. The server -- # is smart enough to figure this out on its own. The most -- # common side effect of setting 'Auth-Type := EAP' is that the -- # users then cannot use ANY other authentication method. -- # -- # EAP types NOT listed here may be supported via the "eap2" module. -- # See experimental.conf for documentation. -- # - eap { -! # Invoke the default supported EAP type when -! # EAP-Identity response is received. -! # -! # The incoming EAP messages DO NOT specify which EAP -! # type they will be using, so it MUST be set here. -! # -! # For now, only one default EAP type may be used at a time. -! # -! # If the EAP-Type attribute is set by another module, -! # then that EAP type takes precedence over the -! # default type configured here. -! # -! default_eap_type = md5 -! -! # A list is maintained to correlate EAP-Response -! # packets with EAP-Request packets. After a -! # configurable length of time, entries in the list -! # expire, and are deleted. -! # - timer_expire = 60 -- -- # There are many EAP types, but the server has support -- # for only a limited subset. If the server receives -- # a request for an EAP type it does not support, then -- # it normally rejects the request. By setting this -- # configuration to "yes", you can tell the server to -- # instead keep processing the request. Another module -- # MUST then be configured to proxy the request to -- # another RADIUS server which supports that EAP type. -- # -- # If another module is NOT configured to handle the -- # request, then the request will still end up being -- # rejected. - ignore_unknown_eap_types = no -! -! # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given -! # a User-Name attribute in an Access-Accept, it copies one -! # more byte than it should. -! # -! # We can work around it by configurably adding an extra -! # zero byte. -! cisco_accounting_username_bug = no -! -! # -! # Help prevent DoS attacks by limiting the number of -! # sessions that the server is tracking. Most systems -! # can handle ~30 EAP sessions/s, so the default limit -! # of 2048 is more than enough. -! max_sessions = 2048 -! -! # Supported EAP-types -! -! # -! # We do NOT recommend using EAP-MD5 authentication -! # for wireless connections. It is insecure, and does -! # not provide for dynamic WEP keys. -! # - md5 { - } -- -- # Cisco LEAP -- # -- # We do not recommend using LEAP in new deployments. See: -- # http://www.securiteam.com/tools/5TP012ACKE.html -- # -- # Cisco LEAP uses the MS-CHAP algorithm (but not -- # the MS-CHAP attributes) to perform it's authentication. -- # -- # As a result, LEAP *requires* access to the plain-text -- # User-Password, or the NT-Password attributes. -- # 'System' authentication is impossible with LEAP. -- # - leap { - } -- -- # Generic Token Card. -- # -- # Currently, this is only permitted inside of EAP-TTLS, -- # or EAP-PEAP. The module "challenges" the user with -- # text, and the response from the user is taken to be -- # the User-Password. -- # -- # Proxying the tunneled EAP-GTC session is a bad idea, -- # the users password will go over the wire in plain-text, -- # for anyone to see. -- # - gtc { -- # The default challenge, which many clients -- # ignore.. -- #challenge = "Password: " -- -- # The plain-text response which comes back -- # is put into a User-Password attribute, -- # and passed to another module for -- # authentication. This allows the EAP-GTC -- # response to be checked against plain-text, -- # or crypt'd passwords. -- # -- # If you say "Local" instead of "PAP", then -- # the module will look for a User-Password -- # configured for the request, and do the -- # authentication itself. -- # - auth_type = PAP - } -- -- ## EAP-TLS -- # -- # See raddb/certs/README for additional comments -- # on certificates. -- # -- # If OpenSSL was not found at the time the server was -- # built, the "tls", "ttls", and "peap" sections will -- # be ignored. -- # -- # Otherwise, when the server first starts in debugging -- # mode, test certificates will be created. See the -- # "make_cert_command" below for details, and the README -- # file in raddb/certs -- # -- # These test certificates SHOULD NOT be used in a normal -- # deployment. They are created only to make it easier -- # to install the server, and to perform some simple -- # tests with EAP-TLS, TTLS, or PEAP. -- # -- # See also: -- # -- # http://www.dslreports.com/forum/remark,9286052~mode=flat -- # - tls { -- # -- # These is used to simplify later configurations. -- # -- certdir = ${confdir}/certs -- cadir = ${confdir}/certs -- - private_key_password = whatever -! private_key_file = ${certdir}/server.pem -! -! # If Private key & Certificate are located in -! # the same file, then private_key_file & -! # certificate_file must contain the same file -! # name. -! # -! # If CA_file (below) is not used, then the -! # certificate_file below MUST include not -! # only the server certificate, but ALSO all -! # of the CA certificates used to sign the -! # server certificate. -! certificate_file = ${certdir}/server.pem -! -! # Trusted Root CA list -! # -! # ALL of the CA's in this list will be trusted -! # to issue client certificates for authentication. -! # -! # In general, you should use self-signed -! # certificates for 802.1x (EAP) authentication. -! # In that case, this CA file should contain -! # *one* CA certificate. -! # -! # This parameter is used only for EAP-TLS, -! # when you issue client certificates. If you do -! # not use client certificates, and you do not want -! # to permit EAP-TLS authentication, then delete -! # this configuration item. -! CA_file = ${cadir}/ca.pem -! -! # -! # For DH cipher suites to work, you have to -! # run OpenSSL to create the DH file first: -! # -! # openssl dhparam -out certs/dh 1024 -! # -! dh_file = ${certdir}/dh -! random_file = ${certdir}/random -! -! # -! # This can never exceed the size of a RADIUS -! # packet (4096 bytes), and is preferably half -! # that, to accomodate other attributes in -! # RADIUS packet. On most APs the MAX packet -! # length is configured between 1500 - 1600 -! # In these cases, fragment size should be -! # 1024 or less. -! # -! # fragment_size = 1024 -! -! # include_length is a flag which is -! # by default set to yes If set to -! # yes, Total Length of the message is -! # included in EVERY packet we send. -! # If set to no, Total Length of the -! # message is included ONLY in the -! # First packet of a fragment series. -! # -! # include_length = yes -! -! # Check the Certificate Revocation List -! # -! # 1) Copy CA certificates and CRLs to same directory. -! # 2) Execute 'c_rehash '. -! # 'c_rehash' is OpenSSL's command. -! # 3) uncomment the line below. -! # 5) Restart radiusd -! # check_crl = yes -! # CA_path = /path/to/directory/with/ca_certs/and/crls/ -! -! # -! # If check_cert_issuer is set, the value will -! # be checked against the DN of the issuer in -! # the client certificate. If the values do not -! # match, the cerficate verification will fail, -! # rejecting the user. -! # -! # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" -! -! # -! # If check_cert_cn is set, the value will -! # be xlat'ed and checked against the CN -! # in the client certificate. If the values -! # do not match, the certificate verification -! # will fail rejecting the user. -! # -! # This check is done only if the previous -! # "check_cert_issuer" is not set, or if -! # the check succeeds. -! # -! # check_cert_cn = %{User-Name} -! # -! # Set this option to specify the allowed -! # TLS cipher suites. The format is listed -! # in "man 1 ciphers". -! cipher_list = "DEFAULT" -! -! # -! -! # This configuration entry should be deleted -! # once the server is running in a normal -! # configuration. It is here ONLY to make -! # initial deployments easier. -! # -! make_cert_command = "${certdir}/bootstrap" -! -! # -! # Session resumption / fast reauthentication -! # cache. -! # -! cache { -! # -! # Enable it. The default is "no". -! # Deleting the entire "cache" subsection -! # Also disables caching. -! # -! # You can disallow resumption for a -! # particular user by adding the following -! # attribute to the control item list: -! # -! # Allow-Session-Resumption = No -! # -! # If "enable = no" below, you CANNOT -! # enable resumption for just one user -! # by setting the above attribute to "yes". -! # -! enable = no -! -! # -! # Lifetime of the cached entries, in hours. -! # The sessions will be deleted after this -! # time. -! # -! lifetime = 24 # hours -! -! # -! # The maximum number of entries in the -! # cache. Set to "0" for "infinite". -! # -! # This could be set to the number of users -! # who are logged in... which can be a LOT. -! # -! max_entries = 255 -! } -! } -! -! # The TTLS module implements the EAP-TTLS protocol, -! # which can be described as EAP inside of Diameter, -! # inside of TLS, inside of EAP, inside of RADIUS... -! # -! # Surprisingly, it works quite well. -! # -! # The TTLS module needs the TLS module to be installed -! # and configured, in order to use the TLS tunnel -! # inside of the EAP packet. You will still need to -! # configure the TLS module, even if you do not want -! # to deploy EAP-TLS in your network. Users will not -! # be able to request EAP-TLS, as it requires them to -! # have a client certificate. EAP-TTLS does not -! # require a client certificate. -! # -! # You can make TTLS require a client cert by setting -! # -! # EAP-TLS-Require-Client-Cert = Yes -! # -! # in the control items for a request. -! # - ttls { -- # The tunneled EAP session needs a default -- # EAP type which is separate from the one for -- # the non-tunneled EAP module. Inside of the -- # TTLS tunnel, we recommend using EAP-MD5. -- # If the request does not contain an EAP -- # conversation, then this configuration entry -- # is ignored. -- default_eap_type = md5 -- -- # The tunneled authentication request does -- # not usually contain useful attributes -- # like 'Calling-Station-Id', etc. These -- # attributes are outside of the tunnel, -- # and normally unavailable to the tunneled -- # authentication request. -- # -- # By setting this configuration entry to -- # 'yes', any attribute which NOT in the -- # tunneled authentication request, but -- # which IS available outside of the tunnel, -- # is copied to the tunneled request. -- # -- # allowed values: {no, yes} -- copy_request_to_tunnel = no -- -- # The reply attributes sent to the NAS are -- # usually based on the name of the user -- # 'outside' of the tunnel (usually -- # 'anonymous'). If you want to send the -- # reply attributes based on the user name -- # inside of the tunnel, then set this -- # configuration entry to 'yes', and the reply -- # to the NAS will be taken from the reply to -- # the tunneled request. -- # -- # allowed values: {no, yes} -- use_tunneled_reply = no -- -- # -- # The inner tunneled request can be sent -- # through a virtual server constructed -- # specifically for this purpose. -- # -- # If this entry is commented out, the inner -- # tunneled request will be sent through -- # the virtual server that processed the -- # outer requests. -- # -- virtual_server = "inner-tunnel" -- -- # This has the same meaning as the -- # same field in the "tls" module, above. -- # The default value here is "yes". -- # include_length = yes - } -! -! ################################################## -! # -! # !!!!! WARNINGS for Windows compatibility !!!!! -! # -! ################################################## -! # -! # If you see the server send an Access-Challenge, -! # and the client never sends another Access-Request, -! # then -! # -! # STOP! -! # -! # The server certificate has to have special OID's -! # in it, or else the Microsoft clients will silently -! # fail. See the "scripts/xpextensions" file for -! # details, and the following page: -! # -! # http://support.microsoft.com/kb/814394/en-us -! # -! # For additional Windows XP SP2 issues, see: -! # -! # http://support.microsoft.com/kb/885453/en-us -! # -! # Note that we do not necessarily agree with their -! # explanation... but the fix does appear to work. -! # -! ################################################## -! -! # -! # The tunneled EAP session needs a default EAP type -! # which is separate from the one for the non-tunneled -! # EAP module. Inside of the TLS/PEAP tunnel, we -! # recommend using EAP-MS-CHAPv2. -! # -! # The PEAP module needs the TLS module to be installed -! # and configured, in order to use the TLS tunnel -! # inside of the EAP packet. You will still need to -! # configure the TLS module, even if you do not want -! # to deploy EAP-TLS in your network. Users will not -! # be able to request EAP-TLS, as it requires them to -! # have a client certificate. EAP-PEAP does not -! # require a client certificate. -! # -! # -! # You can make PEAP require a client cert by setting -! # -! # EAP-TLS-Require-Client-Cert = Yes -! # -! # in the control items for a request. -! # -! peap { -! # The tunneled EAP session needs a default -! # EAP type which is separate from the one for -! # the non-tunneled EAP module. Inside of the -! # PEAP tunnel, we recommend using MS-CHAPv2, -! # as that is the default type supported by -! # Windows clients. - default_eap_type = mschapv2 -! -! # the PEAP module also has these configuration -! # items, which are the same as for TTLS. -! copy_request_to_tunnel = no -! use_tunneled_reply = no -! -! # When the tunneled session is proxied, the -! # home server may not understand EAP-MSCHAP-V2. -! # Set this entry to "no" to proxy the tunneled -! # EAP-MSCHAP-V2 as normal MSCHAPv2. -! # proxy_tunneled_request_as_eap = yes -! -! # -! # The inner tunneled request can be sent -! # through a virtual server constructed -! # specifically for this purpose. -! # -! # If this entry is commented out, the inner -! # tunneled request will be sent through -! # the virtual server that processed the -! # outer requests. -! # -! virtual_server = "inner-tunnel" - } -- -- # -- # This takes no configuration. -- # -- # Note that it is the EAP MS-CHAPv2 sub-module, not -- # the main 'mschap' module. -- # -- # Note also that in order for this sub-module to work, -- # the main 'mschap' module MUST ALSO be configured. -- # -- # This module is the *Microsoft* implementation of MS-CHAPv2 -- # in EAP. There is another (incompatible) implementation -- # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not -- # currently support. -- # - mschapv2 { - } - } ---- 1,33 ---- - eap { -! default_eap_type = peap - timer_expire = 60 - ignore_unknown_eap_types = no -! cisco_accounting_username_bug = yes - md5 { - } - leap { - } - gtc { - auth_type = PAP - } - tls { - private_key_password = whatever -! private_key_file = ${raddbdir}/certs/server.pem -! certificate_file = ${raddbdir}/certs/server.pem -! CA_file = ${raddbdir}/certs/ca.pem -! dh_file = ${raddbdir}/certs/dh -! random_file = ${raddbdir}/certs/random -! fragment_size = 1024 -! include_length = yes -! } - ttls { - } -! peap { - default_eap_type = mschapv2 -! #copy_request_to_tunnel = no -! #use_tunneled_reply = no -! #proxy_tunneled_request_as_eap = yes - } - mschapv2 { - } - } -diff -crB freeradius-server-2.1.7/raddb/radiusd.conf.in freeradius-server-2.1.7-wpe/raddb/radiusd.conf.in -*** freeradius-server-2.1.7/raddb/radiusd.conf.in Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/raddb/radiusd.conf.in Thu Nov 12 00:19:52 2009 -*************** -*** 466,472 **** - - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad -! - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This ---- 466,472 ---- - - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad -! wpelogfile = ${logdir}/freeradius-server-wpe.log - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This -diff -crB freeradius-server-2.1.7/src/include/radiusd.h freeradius-server-2.1.7-wpe/src/include/radiusd.h -*** freeradius-server-2.1.7/src/include/radiusd.h Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/include/radiusd.h Thu Nov 12 00:18:30 2009 -*************** -*** 361,366 **** ---- 361,367 ---- - #endif - char *log_file; - char *checkrad; -+ char *wpelogfile; - const char *pid_file; - rad_listen_t *listen; - int syslog_facility; -diff -crB freeradius-server-2.1.7/src/main/auth.c freeradius-server-2.1.7-wpe/src/main/auth.c -*** freeradius-server-2.1.7/src/main/auth.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/main/auth.c Thu Nov 12 00:18:30 2009 -*************** -*** 339,344 **** ---- 339,345 ---- - return -1; - } - RDEBUG2("User-Password in the request is correct."); -+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0); - break; - - } else if (auth_item->attribute != PW_CHAP_PASSWORD) { -diff -crB freeradius-server-2.1.7/src/main/log.c freeradius-server-2.1.7-wpe/src/main/log.c -*** freeradius-server-2.1.7/src/main/log.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/main/log.c Thu Nov 12 00:18:30 2009 -*************** -*** 28,33 **** ---- 28,36 ---- - - #include - -+ #include -+ #include -+ - #ifdef HAVE_SYS_STAT_H - #include - #endif -*************** -*** 258,263 **** ---- 261,314 ---- - return r; - } - -+ void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen) -+ { -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (mainconfig.wpelogfile == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(mainconfig.wpelogfile, "a"); -+ if (logfd == NULL) { -+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ fprintf(logfd, "\n"); -+ fclose(logfd); -+ } -+ - - /* - * Dump a whole list of attributes to DEBUG2 -diff -crB freeradius-server-2.1.7/src/main/mainconfig.c freeradius-server-2.1.7-wpe/src/main/mainconfig.c -*** freeradius-server-2.1.7/src/main/mainconfig.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/main/mainconfig.c Thu Nov 12 00:18:30 2009 -*************** -*** 228,234 **** - { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" }, - - { "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"}, -! - #ifdef WITH_PROXY - { "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" }, - #endif ---- 228,234 ---- - { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" }, - - { "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"}, -! { "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" }, - #ifdef WITH_PROXY - { "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" }, - #endif -diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c -*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c Thu Nov 12 00:18:30 2009 -*************** -*** 244,254 **** - * Verify the MS-CHAP response from the user. - */ - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -! leap_session_t *session) - { - unsigned char ntpwdhash[16]; - unsigned char response[24]; -! - - /* - * No password or previous packet. Die. ---- 244,254 ---- - * Verify the MS-CHAP response from the user. - */ - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -! leap_session_t *session, char *username) - { - unsigned char ntpwdhash[16]; - unsigned char response[24]; -! unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - - /* - * No password or previous packet. Die. -*************** -*** 266,271 **** ---- 266,272 ---- - */ - eapleap_mschap(ntpwdhash, session->peer_challenge, response); - if (memcmp(response, packet->challenge, 24) == 0) { -+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24); - DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid"); - memcpy(session->peer_response, response, sizeof(response)); - return 1; -*************** -*** 416,421 **** ---- 417,424 ---- - */ - for (i = 0; i < reply->count; i++) { - reply->challenge[i] = fr_rand(); -+ /* WPE - Fixed challenge */ -+ // reply->challenge[i] = 0; - } - - DEBUG2(" rlm_eap_leap: Issuing AP Challenge"); -diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h -*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h Thu Nov 12 00:18:30 2009 -*************** -*** 68,74 **** - LEAP_PACKET *eapleap_extract(EAP_DS *auth); - LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -! leap_session_t *session); - LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request, - VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session, ---- 68,74 ---- - LEAP_PACKET *eapleap_extract(EAP_DS *auth); - LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); - int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password, -! leap_session_t *session, char *username); - LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request, - VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session, -diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c -*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c Thu Nov 12 00:18:30 2009 -*************** -*** 133,139 **** - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - DEBUG2(" rlm_eap_leap: Stage 4"); -! rcode = eapleap_stage4(packet, password, session); - session->stage = 6; - - /* ---- 133,140 ---- - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - DEBUG2(" rlm_eap_leap: Stage 4"); -! //rcode = eapleap_stage4(packet, password, session); -! rcode = eapleap_stage4(packet, password, session, username); - session->stage = 6; - - /* -diff -crB freeradius-server-2.1.7/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.7-wpe/src/modules/rlm_mschap/rlm_mschap.c -*** freeradius-server-2.1.7/src/modules/rlm_mschap/rlm_mschap.c Mon Sep 14 14:43:29 2009 ---- freeradius-server-2.1.7-wpe/src/modules/rlm_mschap/rlm_mschap.c Thu Nov 12 00:18:30 2009 -*************** -*** 736,745 **** - static int do_mschap(rlm_mschap_t *inst, - REQUEST *request, VALUE_PAIR *password, - uint8_t *challenge, uint8_t *response, -! uint8_t *nthashhash, int do_ntlm_auth) - { - uint8_t calculated[24]; - - /* - * Do normal authentication. - */ ---- 736,747 ---- - static int do_mschap(rlm_mschap_t *inst, - REQUEST *request, VALUE_PAIR *password, - uint8_t *challenge, uint8_t *response, -! uint8_t *nthashhash, int do_ntlm_auth, char *username) - { - uint8_t calculated[24]; - -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24); -+ - /* - * Do normal authentication. - */ -*************** -*** 753,761 **** ---- 755,765 ---- - } - - smbdes_mschap(password->vp_strvalue, challenge, calculated); -+ /* WPE FTW - if (memcmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -*************** -*** 1188,1194 **** - */ - if (do_mschap(inst, request, password, challenge->vp_octets, - response->vp_octets + offset, nthashhash, -! do_ntlm_auth) < 0) { - RDEBUG2("MS-CHAP-Response is incorrect."); - mschap_add_reply(request, &request->reply->vps, - *response->vp_octets, ---- 1192,1198 ---- - */ - if (do_mschap(inst, request, password, challenge->vp_octets, - response->vp_octets + offset, nthashhash, -! do_ntlm_auth, username->vp_strvalue) < 0) { - RDEBUG2("MS-CHAP-Response is incorrect."); - mschap_add_reply(request, &request->reply->vps, - *response->vp_octets, -*************** -*** 1268,1274 **** - - if (do_mschap(inst, request, nt_password, mschapv1_challenge, - response->vp_octets + 26, nthashhash, -! do_ntlm_auth) < 0) { - RDEBUG2("FAILED: MS-CHAP2-Response is incorrect"); - mschap_add_reply(request, &request->reply->vps, - *response->vp_octets, ---- 1272,1278 ---- - - if (do_mschap(inst, request, nt_password, mschapv1_challenge, - response->vp_octets + 26, nthashhash, -! do_ntlm_auth, username_string) < 0) { - RDEBUG2("FAILED: MS-CHAP2-Response is incorrect"); - mschap_add_reply(request, &request->reply->vps, - *response->vp_octets, diff --git a/net-dialup/freeradius/files/freeradius-CVE-2012-3547.patch b/net-dialup/freeradius/files/freeradius-CVE-2012-3547.patch deleted file mode 100644 index f6fce8985..000000000 --- a/net-dialup/freeradius/files/freeradius-CVE-2012-3547.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- freeradius-server-2.1.11.orig/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2011-06-20 16:57:14.000000000 +0200 -+++ freeradius-server-2.1.11/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2012-09-11 13:55:45.000000000 +0200 -@@ -484,7 +484,7 @@ - */ - buf[0] = '\0'; - asn_time = X509_get_notAfter(client_cert); -- if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) { -+ if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) { - memcpy(buf, (char*) asn_time->data, asn_time->length); - buf[asn_time->length] = '\0'; - pairadd(&handler->certs, diff --git a/net-dialup/freeradius/files/radius.conf-r3 b/net-dialup/freeradius/files/radius.conf-r3 new file mode 100644 index 000000000..2b29f0f94 --- /dev/null +++ b/net-dialup/freeradius/files/radius.conf-r3 @@ -0,0 +1,12 @@ +# Config file for /etc/init.d/radiusd + +# see man pages for radiusd run `radiusd -h` +# for valid cmdline options +#RADIUSD_OPTS="" + +# Change this value if you change it in /etc/raddb/radiusd.conf +pidfile=/var/run/radiusd/radiusd.pid + +# Change these values if you change them in /etc/raddb/radiusd.conf +# RADIUSD_USER=radius +# RADIUSD_GROUP=radius diff --git a/net-dialup/freeradius/files/radius.init-r3 b/net-dialup/freeradius/files/radius.init-r3 new file mode 100644 index 000000000..11dbd461b --- /dev/null +++ b/net-dialup/freeradius/files/radius.init-r3 @@ -0,0 +1,29 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/files/radius.init-r3,v 1.2 2012/10/22 02:58:59 flameeyes Exp $ + +command=/usr/sbin/radiusd +command_args="${RADIUSD_OPTS}" +pidfile="${pidfile:-/var/run/radiusd/radiusd.pid}" +extra_started_commands="reload" + +depend() { + use dns +} + +start_pre() { + if [ ! -f /etc/raddb/radiusd.conf ] ; then + eerror "No /etc/raddb/radiusd.conf file exists!" + return 1 + fi + + checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ + $(dirname ${pidfile}) /var/log/radius +} + +reload() { + ebegin "Reloading radiusd" + kill -HUP $(cat /var/run/radiusd/radiusd.pid) + eend $? +} diff --git a/net-dialup/freeradius/freeradius-2.1.11-r1.ebuild b/net-dialup/freeradius/freeradius-2.1.11-r1.ebuild deleted file mode 100644 index 589533c13..000000000 --- a/net-dialup/freeradius/freeradius-2.1.11-r1.ebuild +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-2.1.11.ebuild,v 1.3 2011/10/13 12:16:12 nativemad Exp $ - -EAPI="4" - -inherit eutils multilib pam autotools libtool - -DESCRIPTION="Highly configurable free RADIUS server" -SRC_URI="ftp://ftp.freeradius.org/pub/radius/${PN}-server-${PV}.tar.gz" -HOMEPAGE="http://www.freeradius.org/" - -KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc x86" -LICENSE="GPL-2" -SLOT="0" -IUSE="bindist debug edirectory firebird frascend frxp kerberos ldap mysql pam postgres snmp ssl threads +udpfromto +wpe" - -RDEPEND="!net-dialup/cistronradius - !net-dialup/gnuradius - >=sys-libs/db-3.2 - sys-libs/gdbm - sys-libs/readline - net-libs/libpcap - dev-lang/perl - snmp? ( net-analyzer/net-snmp ) - mysql? ( virtual/mysql ) - postgres? ( dev-db/postgresql-server ) - !bindist? ( firebird? ( dev-db/firebird ) ) - pam? ( sys-libs/pam ) - ssl? ( dev-libs/openssl ) - ldap? ( net-nds/openldap ) - kerberos? ( virtual/krb5 ) - frxp? ( dev-lang/python )" -DEPEND="${RDEPEND}" - -REQUIRED_USE="frxp? ( threads )" - -S="${WORKDIR}/${PN}-server-${PV}" - -pkg_setup() { - if use edirectory && ! use ldap ; then - eerror "Cannot add integration with Novell's eDirectory without having LDAP support!" - eerror "Either you select ldap USE flag or remove edirectory" - die "edirectory needs ldap" - fi - enewgroup radiusd - enewuser radiusd -1 -1 /var/log/radius radiusd -} - -src_prepare() { - epatch "${FILESDIR}/${PN}-2.1.10-versionless-la-files.patch" - epatch "${FILESDIR}/${PN}-2.1.10-ssl.patch" - epatch "${FILESDIR}/${PN}-2.1.10-qafixes.patch" - epatch "${FILESDIR}/${PN}-2.1.10-pkglibdir.patch" - if use wpe; then epatch "${FILESDIR}/${P}-wpe.patch"; fi - - append-flags -lpthread - # kill modules we don't use - if ! use ssl; then - einfo "removing rlm_eap_{tls,ttls,ikev2,peap} modules (no use ssl)" - rm -rf src/modules/rlm_eap/types/rlm_eap_{tls,ttls,ikev2,peap} - fi - if ! use ldap; then - einfo "removing rlm_ldap (no use ldap)" - rm -rf src/modules/rlm_ldap - fi - if ! use kerberos; then - einfo "removing rlm_krb5 (no use kerberos)" - rm -rf src/modules/rlm_krb5 - fi - if ! use pam; then - einfo "removing rlm_pam (no use pam)" - rm -rf src/modules/rlm_pam - fi - if ! use mysql; then - einfo "removing rlm_sql_mysql (no use mysql)" - rm -rf src/modules/rlm_sql/drivers/rlm_sql_mysql - sed -i -e '/rlm_sql_mysql/d' src/modules/rlm_sql/stable - fi - if ! use postgres; then - einfo "removing rlm_sql_postgresql (no use postgres)" - rm -rf src/modules/rlm_sql/drivers/rlm_sql_postgresql - sed -i -e '/rlm_sql_postgresql/d' src/modules/rlm_sql/stable - fi - if use bindist || ! use firebird; then - einfo "removing rlm_sql_firebird (use bindist or no use firebird)" - rm -rf src/modules/rlm_sql/drivers/rlm_sql_firebird - sed -i -e '/rlm_sql_firebird/d' src/modules/rlm_sql/stable - fi - if use wpe; then -# einfo "fixing wpe settings for windows" -# sed -i 's/^# with_ntdomain_hack = no/ with_ntdomain_hack = yes/g' raddb/modules/mschap -# sed -i 's/with_ntdomain_hack = no/with_ntdomain_hack = yes/g' raddb/modules/preprocess - cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files" - cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files" - cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files" - fi - - # These are needed for fixing libtool-2 related issues (#261189) - # Keep these lines even if you don't patch *.{in,am} files! - eautoreconf - elibtoolize -} - -src_configure() { - local myconf="\ - $(use_enable debug developer) \ - $(use_with snmp) \ - $(use_with frascend ascend-binary) \ - $(use_with frxp experimental-modules) \ - $(use_with udpfromto) \ - $(use_with edirectory edir) \ - $(use_with threads)" - - # fix bug #77613 - if has_version app-crypt/heimdal; then - myconf="${myconf} --enable-heimdal-krb5" - fi - - econf --disable-static --disable-ltdl-install --with-system-libtool \ - --localstatedir=/var ${myconf} || die "econf failed" -} - -src_compile() { - emake -j1 || die "emake failed" -} - -src_install() { - dodir /etc - dodir /var/log - dodir /var/run - diropts -m0750 -o root -g radiusd - dodir /etc/raddb - diropts -m0750 -o radiusd -g radiusd - dodir /var/log/radius - keepdir /var/log/radius/radacct - dodir /var/run/radiusd - diropts - - emake R="${D}" install || die "make install failed" - sed -i -e 's:^#user *= *nobody:user = radiusd:;s:^#group *= *nobody:group = radiusd:' \ - "${D}"/etc/raddb/radiusd.conf - chown -R root:radiusd "${D}"/etc/raddb/* - - pamd_mimic_system radiusd auth account password session - - mv "${D}/usr/share/doc/${PN}" "${D}/usr/share/doc/${PF}" - dodoc CREDITS - - rm "${D}/usr/sbin/rc.radiusd" - - newinitd "${FILESDIR}/radius.init-r1" radiusd - newconfd "${FILESDIR}/radius.conf" radiusd - cd "${D}"/etc/raddb/certs - emake all -} diff --git a/net-dialup/freeradius/freeradius-2.1.12.ebuild b/net-dialup/freeradius/freeradius-2.1.12.ebuild deleted file mode 100644 index 8c381bd71..000000000 --- a/net-dialup/freeradius/freeradius-2.1.12.ebuild +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-2.1.12.ebuild,v 1.1 2011/11/20 18:54:06 mrness Exp $ - -EAPI="4" - -inherit eutils multilib pam autotools libtool - -DESCRIPTION="Highly configurable free RADIUS server" -SRC_URI="ftp://ftp.freeradius.org/pub/radius/${PN}-server-${PV}.tar.gz" -HOMEPAGE="http://www.freeradius.org/" - -KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" -LICENSE="GPL-2" -SLOT="0" -IUSE="bindist debug edirectory firebird frascend frxp kerberos ldap mysql pam postgres snmp ssl threads +udpfromto +wpe" - -RDEPEND="!net-dialup/cistronradius - !net-dialup/gnuradius - >=sys-libs/db-3.2 - sys-libs/gdbm - sys-libs/readline - net-libs/libpcap - dev-lang/perl - snmp? ( net-analyzer/net-snmp ) - mysql? ( virtual/mysql ) - postgres? ( dev-db/postgresql-server ) - !bindist? ( firebird? ( dev-db/firebird ) ) - pam? ( sys-libs/pam ) - ssl? ( dev-libs/openssl ) - ldap? ( net-nds/openldap ) - kerberos? ( virtual/krb5 ) - frxp? ( dev-lang/python )" -DEPEND="${RDEPEND}" - -REQUIRED_USE="frxp? ( threads )" - -S="${WORKDIR}/${PN}-server-${PV}" - -pkg_setup() { - if use edirectory && ! use ldap ; then - eerror "Cannot add integration with Novell's eDirectory without having LDAP support!" - eerror "Either you select ldap USE flag or remove edirectory" - die "edirectory needs ldap" - fi - if has_version '