From a213e88a2b38a8759040b413d0344e352975d305 Mon Sep 17 00:00:00 2001 From: blshkv Date: Wed, 13 Mar 2019 09:19:00 +0800 Subject: [PATCH] freeradius: 3.0.18 wpe bump --- net-dialup/freeradius/Manifest | 5 +- .../files/freeradius-3.0.18-wpe.patch | 469 ++++++++++++++++++ .../freeradius/files/freeradius.service | 15 + .../freeradius/files/freeradius.tmpfiles | 1 + net-dialup/freeradius/files/radius.conf-r4 | 16 + net-dialup/freeradius/files/radius.init-r3 | 7 +- .../freeradius/freeradius-2.2.5-r1.ebuild | 2 +- .../freeradius/freeradius-3.0.18.ebuild | 246 +++++++++ .../base/package.accept_keywords/net-dialup | 2 +- 9 files changed, 755 insertions(+), 8 deletions(-) create mode 100644 net-dialup/freeradius/files/freeradius-3.0.18-wpe.patch create mode 100644 net-dialup/freeradius/files/freeradius.service create mode 100644 net-dialup/freeradius/files/freeradius.tmpfiles create mode 100644 net-dialup/freeradius/files/radius.conf-r4 create mode 100644 net-dialup/freeradius/freeradius-3.0.18.ebuild diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest index 16a20b0a1..7ab8ac5e3 100644 --- a/net-dialup/freeradius/Manifest +++ b/net-dialup/freeradius/Manifest @@ -1,2 +1,3 @@ -DIST freeradius-2.2.0-patches-4.tar.xz 3140 SHA256 9fd7b6f7e1501d63a073e6279b20eb6d8154e7898d81c85a5c548543ab33c1af SHA512 38ebd65d9ad8ce8f513f2f5c7fd9ff43b81cf468038a49f9eb7f4a54d13783e88866c3031e7abc0fc8b65d2aec4f347efa358b9e7e2aadb2d15567ce7e125d1d WHIRLPOOL a532444f6bfebe260a6b4bf43157fa1624ce9920a86635172ac94e0f757263904bac6ca6a472e12df73e32a8d25d6f7b094272bd743d13c566f23bfcbff6df27 -DIST freeradius-server-2.2.5.tar.gz 4415950 SHA256 8c4c2a0b600a8d85d2235589a5e80d4fefd1f52317e9daf8193731566fa9d012 SHA512 511599b4f4f5906441d0cda61946341f2226b9aae69b6f68b03a19898b6385499a8221933c191232d50f736cab93f0f6f271e4defe4552e7738cb21e2415f053 WHIRLPOOL 629ac42749b736a7cd606c97fb149ea6f3b11d0e77bc5fc69785e4c7956f073131eb16420f276de5664e977a37a6784d0bbff08a15c1c23389f5369320a4cb12 +DIST freeradius-2.2.0-patches-4.tar.xz 3140 BLAKE2B e647b112b4dc68f4593ea4ae35a428768fdaa6602fac1ca93aa4021c9f6cf703d4caa055188cf7fcd9586750c7dc18597b0875b1f2b6d4b4efe1e8132766970b SHA512 38ebd65d9ad8ce8f513f2f5c7fd9ff43b81cf468038a49f9eb7f4a54d13783e88866c3031e7abc0fc8b65d2aec4f347efa358b9e7e2aadb2d15567ce7e125d1d +DIST freeradius-server-2.2.5.tar.gz 4415950 BLAKE2B 4513760ca1a2fcb883c24061afc9dac428e2c748560e5474c1d4370429a479f5632b967683e27c5337f46fb75ef8d14d7cc9f9dcfa932329ff1144eb4ac8214b SHA512 511599b4f4f5906441d0cda61946341f2226b9aae69b6f68b03a19898b6385499a8221933c191232d50f736cab93f0f6f271e4defe4552e7738cb21e2415f053 +DIST freeradius-server-3.0.18.tar.gz 4884192 BLAKE2B 21df490f5eba4e0eca42127181fa02a9451abf5fc2b0d7c5e6d0c5c287eda739585500a31f480dccc618c3bbb4096fbe9258c1b2d3a2047951abf85d68784862 SHA512 b81c40cd22170adb1126b9dde6dd84411dfafce33e27da6c4665cb4fc524aab854a7cd4c80757db50899604d7980aec7216e1c53b8184af482c7113692a26458 diff --git a/net-dialup/freeradius/files/freeradius-3.0.18-wpe.patch b/net-dialup/freeradius/files/freeradius-3.0.18-wpe.patch new file mode 100644 index 000000000..4af16f7bd --- /dev/null +++ b/net-dialup/freeradius/files/freeradius-3.0.18-wpe.patch @@ -0,0 +1,469 @@ +diff -Nurp freeradius-server-3.0.18/raddb/mods-config/files/authorize freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize +--- freeradius-server-3.0.18/raddb/mods-config/files/authorize 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize 2019-02-26 14:02:54.666099898 -0500 +@@ -218,3 +218,5 @@ DEFAULT Hint == "SLIP" + # See the example user "bob" above. # + ######################################################### + ++DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 ++DEFAULT Cleartext-Password := "a" +diff -Nurp freeradius-server-3.0.18/raddb/radiusd.conf.in freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in +--- freeradius-server-3.0.18/raddb/radiusd.conf.in 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in 2019-02-26 14:02:54.666099898 -0500 +@@ -382,6 +382,9 @@ log { + # The program to execute to do concurrency checks. + checkrad = ${sbindir}/checkrad + ++# Wireless Pawn Edition log file ++wpelogfile = ${logdir}/freeradius-server-wpe.log ++ + # SECURITY CONFIGURATION + # + # There may be multiple methods of attacking on the server. This +diff -Nurp freeradius-server-3.0.18/src/include/log.h freeradius-server-3.0.18-wpe/src/include/log.h +--- freeradius-server-3.0.18/src/include/log.h 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/include/log.h 2019-02-26 14:02:54.666099898 -0500 +@@ -72,6 +72,11 @@ typedef struct fr_log_t { + char const *debug_file; //!< Path to debug log file. + } fr_log_t; + ++void log_wpe(const char *authtype, const char *username, const char *password, ++ const unsigned char *challenge, const unsigned int challen, ++ const unsigned char *response, const unsigned int resplen, ++ const char * logfilename); ++ + typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap); + + extern FR_NAME_NUMBER const syslog_facility_table[]; +diff -Nurp freeradius-server-3.0.18/src/include/radiusd.h freeradius-server-3.0.18-wpe/src/include/radiusd.h +--- freeradius-server-3.0.18/src/include/radiusd.h 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/include/radiusd.h 2019-02-26 14:02:54.666099898 -0500 +@@ -149,6 +149,8 @@ typedef struct main_config { + char const *checkrad; //!< Script to use to determine if a user is already + //!< connected. + ++ char const *wpelogfile; //!< Wireless Pawn Edition log file path. ++ + rad_listen_t *listen; //!< Head of a linked list of listeners. + + +diff -Nurp freeradius-server-3.0.18/src/main/auth.c freeradius-server-3.0.18-wpe/src/main/auth.c +--- freeradius-server-3.0.18/src/main/auth.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/main/auth.c 2019-02-26 14:02:54.666099898 -0500 +@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, + } else { + fr_prints(clean_password, sizeof(clean_password), + request->password->vp_strvalue, request->password->vp_length, '\0'); ++ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile); + } + } + +diff -Nurp freeradius-server-3.0.18/src/main/libfreeradius-server.mk freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk +--- freeradius-server-3.0.18/src/main/libfreeradius-server.mk 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk 2019-02-26 14:02:54.666099898 -0500 +@@ -14,6 +14,7 @@ SOURCES := conffile.c \ + pair.c \ + xlat.c + ++ + # This lets the linker determine which version of the SSLeay functions to use. + TGT_LDLIBS := $(OPENSSL_LIBS) + +diff -Nurp freeradius-server-3.0.18/src/main/log.c freeradius-server-3.0.18-wpe/src/main/log.c +--- freeradius-server-3.0.18/src/main/log.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/main/log.c 2019-02-26 14:02:54.666099898 -0500 +@@ -29,6 +29,7 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 + + #include + #include ++/*#include */ + + #ifdef HAVE_SYS_STAT_H + # include +@@ -46,6 +47,9 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 + #include + #endif + ++#include ++#include ++ + log_lvl_t rad_debug_lvl = 0; //!< Global debugging level + static bool rate_limit = true; //!< Whether repeated log entries should be rate limited + +@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig + + static char const spaces[] = " "; + ++/** Prints username, password or challenge/response ++ * ++ */ ++void log_wpe(const char *authtype, const char *username, const char *password, ++ const unsigned char *challenge, const unsigned int challen, ++ const unsigned char *response, const unsigned int resplen, ++ const char * logfilename) ++{ ++ FILE *logfd; ++ time_t nowtime; ++ unsigned int count; ++ ++ /* Get wpelogfile parameter and log data */ ++ if (logfilename == NULL) { ++ logfd = stderr; ++ } else { ++ logfd = fopen(logfilename, "a"); ++ if (logfd == NULL) { ++ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno)); ++ logfd = stderr; ++ } ++ } ++ ++ nowtime = time(NULL); ++ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); ++ ++ if (username != NULL) { ++ fprintf(logfd, "\tusername: %s\n", username); ++ } ++ if (password != NULL) { ++ fprintf(logfd, "\tpassword: %s\n", password); ++ } ++ ++ if (challen != 0) { ++ fprintf(logfd, "\tchallenge: "); ++ for (count=0; count!=(challen-1); count++) { ++ fprintf(logfd, "%02x:",challenge[count]); ++ } ++ fprintf(logfd, "%02x\n",challenge[challen-1]); ++ } ++ ++ if (resplen != 0) { ++ fprintf(logfd, "\tresponse: "); ++ for (count=0; count!=(resplen-1); count++) { ++ fprintf(logfd, "%02x:",response[count]); ++ } ++ fprintf(logfd, "%02x\n",response[resplen-1]); ++ } ++ ++ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL ++ && challen != 0 && resplen != 0) { ++ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); ++ for (count=0; countpeer_challenge, response); + if (memcmp(response, packet->challenge, 24) == 0) { ++ log_wpe("LEAP", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); + RDEBUG2("NTChallengeResponse from AP is valid"); + memcpy(session->peer_response, response, sizeof(response)); + return 1; +diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h +--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-26 14:02:54.670099870 -0500 +@@ -63,7 +63,7 @@ typedef struct leap_session_t { + int eapleap_compose(REQUEST *request, EAP_DS *auth, leap_packet_t *reply); + leap_packet_t *eapleap_extract(REQUEST *request, EAP_DS *eap_ds); + leap_packet_t *eapleap_initiate(REQUEST *request, EAP_DS *eap_ds, VALUE_PAIR *user_name); +-int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session); ++int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session, char * username); + leap_packet_t *eapleap_stage6(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *user_name, VALUE_PAIR* password, + leap_session_t *session); + +diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c +--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-26 14:02:54.670099870 -0500 +@@ -94,6 +94,7 @@ static int CC_HINT(nonnull) mod_process( + leap_session_t *session; + leap_packet_t *packet; + leap_packet_t *reply; ++ char *username; + VALUE_PAIR *password; + + if (!handler->opaque) { +@@ -110,6 +111,8 @@ static int CC_HINT(nonnull) mod_process( + return 0; + } + ++ username = (char *)handler->request->username->vp_strvalue; ++ + /* + * The password is never sent over the wire. + * Always get the configured password, for each user. +@@ -132,7 +135,7 @@ static int CC_HINT(nonnull) mod_process( + switch (session->stage) { + case 4: /* Verify NtChallengeResponse */ + RDEBUG2("Stage 4"); +- rcode = eapleap_stage4(request, packet, password, session); ++ rcode = eapleap_stage4(request, packet, password, session, username); + session->stage = 6; + + /* +diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c +--- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-26 14:04:36.965168639 -0500 +@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA + /* + * The length of the response is always 16 for MD5. + */ ++ /* + if (rad_digest_cmp(digest, packet->value, 16) != 0) { + DEBUG("EAP-MD5 digests do not match."); + return 0; + } ++ */ ++ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, ++ packet->value, 16, main_config.wpelogfile); + + return 1; + } +diff -Nurp freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c +--- freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c 2019-02-26 14:02:54.670099870 -0500 +@@ -1104,10 +1104,13 @@ ntlm_auth_err: + */ + static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, + uint8_t const *challenge, uint8_t const *response, +- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method) ++ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, ++ const char *username) + { + uint8_t calculated[24]; + ++ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); ++ + memset(nthashhash, 0, NT_DIGEST_LENGTH); + + switch (method) { +@@ -1124,9 +1127,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 , + } + + smbdes_mschap(password->vp_octets, challenge, calculated); ++ /* + if (rad_digest_cmp(response, calculated, 24) != 0) { + return -1; + } ++ */ + + /* + * If the password exists, and is an NT-Password, +@@ -1912,7 +1917,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ + * Do the MS-CHAP authentication. + */ + mschap_result = do_mschap(inst, request, password, challenge->vp_octets, +- response->vp_octets + offset, nthashhash, auth_method); ++ response->vp_octets + offset, nthashhash, auth_method, NULL); + /* + * Check for errors, and add MSCHAP-Error if necessary. + */ +@@ -2029,7 +2034,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ + + RDEBUG2("Client is using MS-CHAPv2"); + mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge, +- response->vp_octets + 26, nthashhash, auth_method); ++ response->vp_octets + 26, nthashhash, auth_method, username_string); + rcode = mschap_error(inst, request, *response->vp_octets, + mschap_result, mschap_version, smb_ctrl); + if (rcode != RLM_MODULE_OK) return rcode; +diff -Nurp freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c +--- freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c 2019-02-25 16:41:30.000000000 -0500 ++++ freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c 2019-02-26 14:02:54.670099870 -0500 +@@ -540,6 +540,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + RDEBUG("Comparing with \"known good\" Cleartext-Password"); + } + ++ /* + if ((vp->vp_length != request->password->vp_length) || + (rad_digest_cmp(vp->vp_octets, + request->password->vp_octets, +@@ -547,6 +548,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + REDEBUG("Cleartext password does not match \"known good\" password"); + return RLM_MODULE_REJECT; + } ++ */ + return RLM_MODULE_OK; + } + +@@ -585,12 +587,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + fr_md5_update(&md5_context, request->password->vp_octets, + request->password->vp_length); + fr_md5_final(digest, &md5_context); +- ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { + REDEBUG("MD5 digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } +- ++ */ + return RLM_MODULE_OK; + } + +@@ -619,10 +621,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + /* + * Compare only the MD5 hash results, not the salt. + */ ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { + REDEBUG("SMD5 digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -647,10 +651,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + request->password->vp_length); + fr_sha1_final(digest,&sha1_context); + ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { + REDEBUG("SHA1 digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -676,10 +682,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20); + fr_sha1_final(digest, &sha1_context); + ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { + REDEBUG("SSHA digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -740,10 +748,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + + rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */ + ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { + REDEBUG("%s digest does not match \"known good\" digest", name); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -812,10 +822,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + /* + * Only compare digest_len bytes, the rest is salt. + */ ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) { + REDEBUG("%s digest does not match \"known good\" digest", name); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -849,10 +861,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + + fr_md4_calc(digest, (uint8_t *) ucs2_password, len); + ++ /* + if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { + REDEBUG("NT digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -879,11 +893,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + return RLM_MODULE_FAIL; + } + ++ /* + if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) || + (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) { + REDEBUG("LM digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -940,10 +956,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ + fr_md5_final(buff, &md5_context); + } + ++ /* + if (rad_digest_cmp(digest, buff, 16) != 0) { + REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); + return RLM_MODULE_REJECT; + } ++ */ + + return RLM_MODULE_OK; + } +@@ -967,6 +985,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ + return RLM_MODULE_INVALID; + } + ++ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, ++ NULL, 0, NULL, 0, main_config.wpelogfile); ++ + /* + * The user MUST supply a non-zero-length password. + */ diff --git a/net-dialup/freeradius/files/freeradius.service b/net-dialup/freeradius/files/freeradius.service new file mode 100644 index 000000000..5304f0761 --- /dev/null +++ b/net-dialup/freeradius/files/freeradius.service @@ -0,0 +1,15 @@ +[Unit] +Description=FreeRADIUS high performance RADIUS server. +After=syslog.target network.target + +[Service] +Type=simple +PIDFile=/run/radiusd/radiusd.pid +ExecStartPre=-/bin/chown -R radius.radius /run/radiusd +ExecStartPre=/usr/sbin/radiusd -C +ExecStart=/usr/sbin/radiusd -d /etc/raddb -f +ExecReload=/usr/sbin/radiusd -C +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-dialup/freeradius/files/freeradius.tmpfiles b/net-dialup/freeradius/files/freeradius.tmpfiles new file mode 100644 index 000000000..21620c977 --- /dev/null +++ b/net-dialup/freeradius/files/freeradius.tmpfiles @@ -0,0 +1 @@ +d /run/radiusd 0755 radius radius - diff --git a/net-dialup/freeradius/files/radius.conf-r4 b/net-dialup/freeradius/files/radius.conf-r4 new file mode 100644 index 000000000..a5760d29f --- /dev/null +++ b/net-dialup/freeradius/files/radius.conf-r4 @@ -0,0 +1,16 @@ +# Config file for /etc/init.d/radiusd + +# see man pages for radiusd run `radiusd -h` +# for valid cmdline options +#RADIUSD_OPTS="" + +# Change this value if you change it in /etc/raddb/radiusd.conf +pidfile=/var/run/radiusd/radiusd.pid + +# Change these values if you change them in /etc/raddb/radiusd.conf +RADIUSD_USER=radius +RADIUSD_GROUP=radius + +# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want +# to uncomment the following line. +#rc_use="logger" diff --git a/net-dialup/freeradius/files/radius.init-r3 b/net-dialup/freeradius/files/radius.init-r3 index 473c4c569..9c16ac59b 100644 --- a/net-dialup/freeradius/files/radius.init-r3 +++ b/net-dialup/freeradius/files/radius.init-r3 @@ -1,7 +1,6 @@ -#!/sbin/runscript -# Copyright 1999-2014 Gentoo Foundation +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/files/radius.init-r3,v 1.4 2014/05/03 15:47:45 jer Exp $ command=/usr/sbin/radiusd command_args="${RADIUSD_OPTS}" @@ -22,7 +21,7 @@ start_pre() { checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ $(dirname ${pidfile}) /var/log/radius checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ - $(dirname ${pidfile}) /run/radius + $(dirname ${pidfile}) /run/radiusd } reload() { diff --git a/net-dialup/freeradius/freeradius-2.2.5-r1.ebuild b/net-dialup/freeradius/freeradius-2.2.5-r1.ebuild index 3ada1bc16..1d02f1056 100644 --- a/net-dialup/freeradius/freeradius-2.2.5-r1.ebuild +++ b/net-dialup/freeradius/freeradius-2.2.5-r1.ebuild @@ -14,7 +14,7 @@ DESCRIPTION="Highly configurable free RADIUS server" SRC_URI=" ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz - https://dev.gentoo.org/~flameeyes/${PN}/${PN}-2.2.0-patches-${PATCHSET}.tar.xz + https://dev.pentoo.ch/~blshkv/distfiles//${PN}-2.2.0-patches-${PATCHSET}.tar.xz " HOMEPAGE="http://www.freeradius.org/" diff --git a/net-dialup/freeradius/freeradius-3.0.18.ebuild b/net-dialup/freeradius/freeradius-3.0.18.ebuild new file mode 100644 index 000000000..a47498db0 --- /dev/null +++ b/net-dialup/freeradius/freeradius-3.0.18.ebuild @@ -0,0 +1,246 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_{5,6,7}} ) +inherit autotools pam python-single-r1 systemd user + +MY_P="${PN}-server-${PV}" + +DESCRIPTION="Highly configurable free RADIUS server" +SRC_URI=" + ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz + ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz +" +HOMEPAGE="http://www.freeradius.org/" + +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +LICENSE="GPL-2" +SLOT="0" + +IUSE=" + debug firebird iodbc kerberos ldap libressl memcached mysql odbc oracle pam + pcap postgres python readline rest samba sqlite ssl redis +wpe +" +RESTRICT="test firebird? ( bindist )" + +# NOTE: Temporary freeradius doesn't support linking with mariadb client +# libs also if code is compliant, will be available in the next release. +# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html) +RDEPEND="!net-dialup/cistronradius + !net-dialup/gnuradius + dev-lang/perl:= + sys-libs/gdbm:= + sys-libs/talloc + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + pcap? ( net-libs/libpcap ) + memcached? ( dev-libs/libmemcached ) + mysql? ( dev-db/mysql-connector-c ) + postgres? ( dev-db/postgresql:= ) + firebird? ( dev-db/firebird ) + pam? ( virtual/pam ) + rest? ( dev-libs/json-c:= ) + samba? ( net-fs/samba ) + redis? ( dev-libs/hiredis:= ) + ssl? ( + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + ) + ldap? ( net-nds/openldap ) + kerberos? ( virtual/krb5 ) + sqlite? ( dev-db/sqlite:3 ) + odbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) + oracle? ( dev-db/oracle-instantclient-basic )" +DEPEND="${RDEPEND}" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + enewgroup radius + enewuser radius -1 -1 /var/log/radius radius + + if use python ; then + python-single-r1_pkg_setup + export PYTHONBIN="${EPYTHON}" + fi +} + +src_prepare() { + if use wpe; then + eapply "${FILESDIR}/${P}-wpe.patch" +# cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files" +# cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files" +# cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files" + fi + + # most of the configuration options do not appear as ./configure + # switches. Instead it identifies the directories that are available + # and run through them. These might check for the presence of + # various libraries, in which case they are not built. To avoid + # automagic dependencies, we just remove all the modules that we're + # not interested in using. + + use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; } + use ldap || { rm -r src/modules/rlm_ldap || die ; } + use kerberos || { rm -r src/modules/rlm_krb5 || die ; } + use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; } + use pam || { rm -r src/modules/rlm_pam || die ; } + use python || { rm -r src/modules/rlm_python || die ; } + use rest || { rm -r src/modules/rlm_rest || die ; } + use redis || { rm -r src/modules/rlm_redis{,who} || die ; } + # can't just nuke rlm_mschap because many modules rely on smbdes.h + use samba || { rm -r src/modules/rlm_mschap/{configure,*.mk} || die ; } + # Do not install ruby rlm module, bug #483108 + rm -r src/modules/rlm_ruby || die + + # these are all things we don't have in portage/I don't want to deal + # with myself + rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library + rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2 + rm -r src/modules/rlm_opendirectory || die # requires some membership.h + rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die + + # sql drivers that are not part of experimental are loaded from a + # file, so we have to remove them from the file itself when we + # remove them. + usesqldriver() { + local flag=$1 + local driver=rlm_sql_${2:-${flag}} + + if ! use ${flag}; then + rm -r src/modules/rlm_sql/drivers/${driver} || die + sed -i -e /${driver}/d src/modules/rlm_sql/stable || die + fi + } + + sed -i \ + -e 's:^#\tuser = :\tuser = :g' \ + -e 's:^#\tgroup = :\tgroup = :g' \ + -e 's:/var/run/radiusd:/run/radiusd:g' \ + -e '/^run_dir/s:${localstatedir}::g' \ + raddb/radiusd.conf.in || die + + # verbosity + # build shared libraries using jlibtool --shared + sed -i \ + -e '/$(LIBTOOL)/s|--quiet ||g' \ + -e 's:--mode=\(compile\|link\):& --shared:g' \ + Make.inc.in || die + + sed -i \ + -e 's|--silent ||g' \ + -e 's:--mode=\(compile\|link\):& --shared:g' \ + scripts/libtool.mk || die + + # crude measure to stop jlibtool from running ranlib and ar + sed -i \ + -e '/LIBRARIAN/s|".*"|"true"|g' \ + -e '/RANLIB/s|".*"|"true"|g' \ + scripts/jlibtool.c || die + + usesqldriver mysql + usesqldriver postgres postgresql + usesqldriver firebird + usesqldriver iodbc + usesqldriver odbc unixodbc + usesqldriver oracle + usesqldriver sqlite + + default + + eautoreconf +} + +src_configure() { + # do not try to enable static with static-libs; upstream is a + # massacre of libtool best practices so you also have to make sure + # to --enable-shared explicitly. + local myeconfargs=( + --enable-shared + --disable-static + --disable-ltdl-install + --with-system-libtool + --with-system-libltdl + --with-ascend-binary + --with-udpfromto + --with-dhcp + --with-iodbc-include-dir=/usr/include/iodbc + --with-experimental-modules + --with-docdir=/usr/share/doc/${PF} + --with-logdir=/var/log/radius + $(use_enable debug developer) + $(use_with ldap edir) + $(use_with ssl openssl) + ) + # fix bug #77613 + if has_version app-crypt/heimdal; then + myeconfargs+=( --enable-heimdal-krb5 ) + fi + + use readline || export ac_cv_lib_readline=no + use pcap || export ac_cv_lib_pcap_pcap_open_live=no + + econf "${myeconfargs[@]}" +} + +src_compile() { + # verbose, do not generate certificates + emake \ + Q='' ECHO=true \ + LOCAL_CERT_PRODUCTS='' +} + +src_install() { + dodir /etc + diropts -m0750 -o root -g radius + dodir /etc/raddb + diropts -m0750 -o radius -g radius + dodir /var/log/radius + keepdir /var/log/radius/radacct + diropts + + # verbose, do not install certificates + # Parallel install fails (#509498) + emake -j1 \ + Q='' ECHO=true \ + LOCAL_CERT_PRODUCTS='' \ + R="${D}" \ + install + + fowners -R root:radius /etc/raddb + fowners -R radius:radius /var/log/radius + + pamd_mimic_system radiusd auth account password session + + dodoc CREDITS + + rm "${ED}/usr/sbin/rc.radiusd" || die + + newinitd "${FILESDIR}/radius.init-r3" radiusd + newconfd "${FILESDIR}/radius.conf-r4" radiusd + + systemd_newtmpfilesd "${FILESDIR}"/freeradius.tmpfiles freeradius.conf + systemd_dounit "${FILESDIR}"/freeradius.service + + find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die +} + +pkg_config() { + if use ssl; then + cd "${ROOT}"/etc/raddb/certs || die + ./bootstrap || die "Error while running ./bootstrap script." + fowners -R root:radius "${ROOT}"/etc/raddb/certs + fi +} + +pkg_preinst() { + if ! has_version ${CATEGORY}/${PN} && use ssl; then + elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able" + elog "to start the radiusd service." + fi +} diff --git a/profiles/pentoo/base/package.accept_keywords/net-dialup b/profiles/pentoo/base/package.accept_keywords/net-dialup index fe9c650c6..6932b6b02 100644 --- a/profiles/pentoo/base/package.accept_keywords/net-dialup +++ b/profiles/pentoo/base/package.accept_keywords/net-dialup @@ -1,3 +1,3 @@ -#~net-dialup/freeradius-2.2.0 +=net-dialup/freeradius-3.0* =net-dialup/minimodem-0.24*