diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest index df1da673b..b0ca97f73 100644 --- a/net-dialup/freeradius/Manifest +++ b/net-dialup/freeradius/Manifest @@ -1,2 +1 @@ -DIST freeradius-server-3.0.19.tar.gz 4886632 BLAKE2B 6e9b73eaa29344e4efca6ad19d8e86df8c625921441712b71cb54c2b0db78fc909748da42be837a9170fb6312be22f236956f0d2b169050a37ac8c4de143cc96 SHA512 8a914e2ad1fbeb4cf8c00aaf7eaa154ea17f70e4d58734716bfaf71b3ddef9f8f63a4d3217bdc07dfa776273e5bf090bc98f7bb16f5b565339ddc3b9c13e091f DIST freeradius-server-3.0.20.tar.gz 5002727 BLAKE2B f481ad22105694a4af3f0f0c1b4f6e395e8da0fe65274e32ebeed07e3c9b1869029e6ffbc655cfa41d5de2a1dcba54acee33a7a10d28bfbfce791b7ccd0fc57a SHA512 513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312 diff --git a/net-dialup/freeradius/files/freeradius-3.0.19-wpe.patch b/net-dialup/freeradius/files/freeradius-3.0.19-wpe.patch deleted file mode 100644 index 4af16f7bd..000000000 --- a/net-dialup/freeradius/files/freeradius-3.0.19-wpe.patch +++ /dev/null @@ -1,469 +0,0 @@ -diff -Nurp freeradius-server-3.0.18/raddb/mods-config/files/authorize freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize ---- freeradius-server-3.0.18/raddb/mods-config/files/authorize 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize 2019-02-26 14:02:54.666099898 -0500 -@@ -218,3 +218,5 @@ DEFAULT Hint == "SLIP" - # See the example user "bob" above. # - ######################################################### - -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff -Nurp freeradius-server-3.0.18/raddb/radiusd.conf.in freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in ---- freeradius-server-3.0.18/raddb/radiusd.conf.in 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in 2019-02-26 14:02:54.666099898 -0500 -@@ -382,6 +382,9 @@ log { - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad - -+# Wireless Pawn Edition log file -+wpelogfile = ${logdir}/freeradius-server-wpe.log -+ - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This -diff -Nurp freeradius-server-3.0.18/src/include/log.h freeradius-server-3.0.18-wpe/src/include/log.h ---- freeradius-server-3.0.18/src/include/log.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/include/log.h 2019-02-26 14:02:54.666099898 -0500 -@@ -72,6 +72,11 @@ typedef struct fr_log_t { - char const *debug_file; //!< Path to debug log file. - } fr_log_t; - -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename); -+ - typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap); - - extern FR_NAME_NUMBER const syslog_facility_table[]; -diff -Nurp freeradius-server-3.0.18/src/include/radiusd.h freeradius-server-3.0.18-wpe/src/include/radiusd.h ---- freeradius-server-3.0.18/src/include/radiusd.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/include/radiusd.h 2019-02-26 14:02:54.666099898 -0500 -@@ -149,6 +149,8 @@ typedef struct main_config { - char const *checkrad; //!< Script to use to determine if a user is already - //!< connected. - -+ char const *wpelogfile; //!< Wireless Pawn Edition log file path. -+ - rad_listen_t *listen; //!< Head of a linked list of listeners. - - -diff -Nurp freeradius-server-3.0.18/src/main/auth.c freeradius-server-3.0.18-wpe/src/main/auth.c ---- freeradius-server-3.0.18/src/main/auth.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/auth.c 2019-02-26 14:02:54.666099898 -0500 -@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, - } else { - fr_prints(clean_password, sizeof(clean_password), - request->password->vp_strvalue, request->password->vp_length, '\0'); -+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile); - } - } - -diff -Nurp freeradius-server-3.0.18/src/main/libfreeradius-server.mk freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk ---- freeradius-server-3.0.18/src/main/libfreeradius-server.mk 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk 2019-02-26 14:02:54.666099898 -0500 -@@ -14,6 +14,7 @@ SOURCES := conffile.c \ - pair.c \ - xlat.c - -+ - # This lets the linker determine which version of the SSLeay functions to use. - TGT_LDLIBS := $(OPENSSL_LIBS) - -diff -Nurp freeradius-server-3.0.18/src/main/log.c freeradius-server-3.0.18-wpe/src/main/log.c ---- freeradius-server-3.0.18/src/main/log.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/log.c 2019-02-26 14:02:54.666099898 -0500 -@@ -29,6 +29,7 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 - - #include - #include -+/*#include */ - - #ifdef HAVE_SYS_STAT_H - # include -@@ -46,6 +47,9 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 - #include - #endif - -+#include -+#include -+ - log_lvl_t rad_debug_lvl = 0; //!< Global debugging level - static bool rate_limit = true; //!< Whether repeated log entries should be rate limited - -@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig - - static char const spaces[] = " "; - -+/** Prints username, password or challenge/response -+ * -+ */ -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename) -+{ -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (logfilename == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(logfilename, "a"); -+ if (logfd == NULL) { -+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL -+ && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countpeer_challenge, response); - if (memcmp(response, packet->challenge, 24) == 0) { -+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); - RDEBUG2("NTChallengeResponse from AP is valid"); - memcpy(session->peer_response, response, sizeof(response)); - return 1; -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-26 14:02:54.670099870 -0500 -@@ -63,7 +63,7 @@ typedef struct leap_session_t { - int eapleap_compose(REQUEST *request, EAP_DS *auth, leap_packet_t *reply); - leap_packet_t *eapleap_extract(REQUEST *request, EAP_DS *eap_ds); - leap_packet_t *eapleap_initiate(REQUEST *request, EAP_DS *eap_ds, VALUE_PAIR *user_name); --int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session); -+int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session, char * username); - leap_packet_t *eapleap_stage6(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session); - -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -94,6 +94,7 @@ static int CC_HINT(nonnull) mod_process( - leap_session_t *session; - leap_packet_t *packet; - leap_packet_t *reply; -+ char *username; - VALUE_PAIR *password; - - if (!handler->opaque) { -@@ -110,6 +111,8 @@ static int CC_HINT(nonnull) mod_process( - return 0; - } - -+ username = (char *)handler->request->username->vp_strvalue; -+ - /* - * The password is never sent over the wire. - * Always get the configured password, for each user. -@@ -132,7 +135,7 @@ static int CC_HINT(nonnull) mod_process( - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - RDEBUG2("Stage 4"); -- rcode = eapleap_stage4(request, packet, password, session); -+ rcode = eapleap_stage4(request, packet, password, session, username); - session->stage = 6; - - /* -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-26 14:04:36.965168639 -0500 -@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA - /* - * The length of the response is always 16 for MD5. - */ -+ /* - if (rad_digest_cmp(digest, packet->value, 16) != 0) { - DEBUG("EAP-MD5 digests do not match."); - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16, main_config.wpelogfile); - - return 1; - } -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c ---- freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -1104,10 +1104,13 @@ ntlm_auth_err: - */ - static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, - uint8_t const *challenge, uint8_t const *response, -- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method) -+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, -+ const char *username) - { - uint8_t calculated[24]; - -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); -+ - memset(nthashhash, 0, NT_DIGEST_LENGTH); - - switch (method) { -@@ -1124,9 +1127,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 , - } - - smbdes_mschap(password->vp_octets, challenge, calculated); -+ /* - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1912,7 +1917,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - * Do the MS-CHAP authentication. - */ - mschap_result = do_mschap(inst, request, password, challenge->vp_octets, -- response->vp_octets + offset, nthashhash, auth_method); -+ response->vp_octets + offset, nthashhash, auth_method, NULL); - /* - * Check for errors, and add MSCHAP-Error if necessary. - */ -@@ -2029,7 +2034,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - - RDEBUG2("Client is using MS-CHAPv2"); - mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge, -- response->vp_octets + 26, nthashhash, auth_method); -+ response->vp_octets + 26, nthashhash, auth_method, username_string); - rcode = mschap_error(inst, request, *response->vp_octets, - mschap_result, mschap_version, smb_ctrl); - if (rcode != RLM_MODULE_OK) return rcode; -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c ---- freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -540,6 +540,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - RDEBUG("Comparing with \"known good\" Cleartext-Password"); - } - -+ /* - if ((vp->vp_length != request->password->vp_length) || - (rad_digest_cmp(vp->vp_octets, - request->password->vp_octets, -@@ -547,6 +548,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - REDEBUG("Cleartext password does not match \"known good\" password"); - return RLM_MODULE_REJECT; - } -+ */ - return RLM_MODULE_OK; - } - -@@ -585,12 +587,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_update(&md5_context, request->password->vp_octets, - request->password->vp_length); - fr_md5_final(digest, &md5_context); -- -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -- -+ */ - return RLM_MODULE_OK; - } - -@@ -619,10 +621,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - REDEBUG("SMD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -647,10 +651,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - request->password->vp_length); - fr_sha1_final(digest,&sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("SHA1 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -676,10 +682,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20); - fr_sha1_final(digest, &sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - REDEBUG("SSHA digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -740,10 +748,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */ - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -812,10 +822,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Only compare digest_len bytes, the rest is salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -849,10 +861,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - fr_md4_calc(digest, (uint8_t *) ucs2_password, len); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("NT digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -879,11 +893,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - return RLM_MODULE_FAIL; - } - -+ /* - if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) { - REDEBUG("LM digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -940,10 +956,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_final(buff, &md5_context); - } - -+ /* - if (rad_digest_cmp(digest, buff, 16) != 0) { - REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -967,6 +985,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - return RLM_MODULE_INVALID; - } - -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0, main_config.wpelogfile); -+ - /* - * The user MUST supply a non-zero-length password. - */ diff --git a/net-dialup/freeradius/freeradius-3.0.19-r1.ebuild b/net-dialup/freeradius/freeradius-3.0.19-r1.ebuild deleted file mode 100644 index c595e5015..000000000 --- a/net-dialup/freeradius/freeradius-3.0.19-r1.ebuild +++ /dev/null @@ -1,246 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python{2_7,3_{5,6,7}} ) -inherit autotools pam python-single-r1 systemd user - -MY_P="${PN}-server-${PV}" - -DESCRIPTION="Highly configurable free RADIUS server" -SRC_URI=" - ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz - ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz -" -HOMEPAGE="http://www.freeradius.org/" - -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -LICENSE="GPL-2" -SLOT="0" - -IUSE=" - debug firebird iodbc kerberos ldap libressl memcached mysql odbc oracle pam - pcap postgres python readline rest samba sqlite ssl redis +wpe -" -RESTRICT="test firebird? ( bindist )" - -# NOTE: Temporary freeradius doesn't support linking with mariadb client -# libs also if code is compliant, will be available in the next release. -# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html) -RDEPEND="!net-dialup/cistronradius - !net-dialup/gnuradius - dev-lang/perl:= - sys-libs/gdbm:= - sys-libs/talloc - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - pcap? ( net-libs/libpcap ) - memcached? ( dev-libs/libmemcached ) - mysql? ( dev-db/mysql-connector-c ) - postgres? ( dev-db/postgresql:= ) - firebird? ( dev-db/firebird ) - pam? ( sys-libs/pam ) - rest? ( dev-libs/json-c:= ) - samba? ( net-fs/samba ) - redis? ( dev-libs/hiredis:= ) - ssl? ( - !libressl? ( dev-libs/openssl:0=[-bindist] ) - libressl? ( dev-libs/libressl:0= ) - ) - ldap? ( net-nds/openldap ) - kerberos? ( virtual/krb5 ) - sqlite? ( dev-db/sqlite:3 ) - odbc? ( dev-db/unixODBC ) - iodbc? ( dev-db/libiodbc ) - oracle? ( dev-db/oracle-instantclient-basic )" -DEPEND="${RDEPEND}" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -S="${WORKDIR}/${MY_P}" - -pkg_setup() { - enewgroup radius - enewuser radius -1 -1 /var/log/radius radius - - if use python ; then - python-single-r1_pkg_setup - export PYTHONBIN="${EPYTHON}" - fi -} - -src_prepare() { - if use wpe; then - eapply "${FILESDIR}/${P}-wpe.patch" -# cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files" -# cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files" -# cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files" - fi - - # most of the configuration options do not appear as ./configure - # switches. Instead it identifies the directories that are available - # and run through them. These might check for the presence of - # various libraries, in which case they are not built. To avoid - # automagic dependencies, we just remove all the modules that we're - # not interested in using. - - use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; } - use ldap || { rm -r src/modules/rlm_ldap || die ; } - use kerberos || { rm -r src/modules/rlm_krb5 || die ; } - use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; } - use pam || { rm -r src/modules/rlm_pam || die ; } - use python || { rm -r src/modules/rlm_python || die ; } - use rest || { rm -r src/modules/rlm_rest || die ; } - use redis || { rm -r src/modules/rlm_redis{,who} || die ; } - # can't just nuke rlm_mschap because many modules rely on smbdes.h - use samba || { rm -r src/modules/rlm_mschap/{configure,*.mk} || die ; } - # Do not install ruby rlm module, bug #483108 - rm -r src/modules/rlm_ruby || die - - # these are all things we don't have in portage/I don't want to deal - # with myself - rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library - rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2 - rm -r src/modules/rlm_opendirectory || die # requires some membership.h - rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die - - # sql drivers that are not part of experimental are loaded from a - # file, so we have to remove them from the file itself when we - # remove them. - usesqldriver() { - local flag=$1 - local driver=rlm_sql_${2:-${flag}} - - if ! use ${flag}; then - rm -r src/modules/rlm_sql/drivers/${driver} || die - sed -i -e /${driver}/d src/modules/rlm_sql/stable || die - fi - } - - sed -i \ - -e 's:^#\tuser = :\tuser = :g' \ - -e 's:^#\tgroup = :\tgroup = :g' \ - -e 's:/var/run/radiusd:/run/radiusd:g' \ - -e '/^run_dir/s:${localstatedir}::g' \ - raddb/radiusd.conf.in || die - - # verbosity - # build shared libraries using jlibtool --shared - sed -i \ - -e '/$(LIBTOOL)/s|--quiet ||g' \ - -e 's:--mode=\(compile\|link\):& --shared:g' \ - Make.inc.in || die - - sed -i \ - -e 's|--silent ||g' \ - -e 's:--mode=\(compile\|link\):& --shared:g' \ - scripts/libtool.mk || die - - # crude measure to stop jlibtool from running ranlib and ar - sed -i \ - -e '/LIBRARIAN/s|".*"|"true"|g' \ - -e '/RANLIB/s|".*"|"true"|g' \ - scripts/jlibtool.c || die - - usesqldriver mysql - usesqldriver postgres postgresql - usesqldriver firebird - usesqldriver iodbc - usesqldriver odbc unixodbc - usesqldriver oracle - usesqldriver sqlite - - default - - eautoreconf -} - -src_configure() { - # do not try to enable static with static-libs; upstream is a - # massacre of libtool best practices so you also have to make sure - # to --enable-shared explicitly. - local myeconfargs=( - --enable-shared - --disable-static - --disable-ltdl-install - --with-system-libtool - --with-system-libltdl - --with-ascend-binary - --with-udpfromto - --with-dhcp - --with-iodbc-include-dir=/usr/include/iodbc - --with-experimental-modules - --with-docdir=/usr/share/doc/${PF} - --with-logdir=/var/log/radius - $(use_enable debug developer) - $(use_with ldap edir) - $(use_with ssl openssl) - ) - # fix bug #77613 - if has_version app-crypt/heimdal; then - myeconfargs+=( --enable-heimdal-krb5 ) - fi - - use readline || export ac_cv_lib_readline=no - use pcap || export ac_cv_lib_pcap_pcap_open_live=no - - econf "${myeconfargs[@]}" -} - -src_compile() { - # verbose, do not generate certificates - emake \ - Q='' ECHO=true \ - LOCAL_CERT_PRODUCTS='' -} - -src_install() { - dodir /etc - diropts -m0750 -o root -g radius - dodir /etc/raddb - diropts -m0750 -o radius -g radius - dodir /var/log/radius - keepdir /var/log/radius/radacct - diropts - - # verbose, do not install certificates - # Parallel install fails (#509498) - emake -j1 \ - Q='' ECHO=true \ - LOCAL_CERT_PRODUCTS='' \ - R="${D}" \ - install - - fowners -R root:radius /etc/raddb - fowners -R radius:radius /var/log/radius - - pamd_mimic_system radiusd auth account password session - - dodoc CREDITS - - rm "${ED}/usr/sbin/rc.radiusd" || die - - newinitd "${FILESDIR}/radius.init-r3" radiusd - newconfd "${FILESDIR}/radius.conf-r4" radiusd - - systemd_newtmpfilesd "${FILESDIR}"/freeradius.tmpfiles freeradius.conf - systemd_dounit "${FILESDIR}"/freeradius.service - - find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die -} - -pkg_config() { - if use ssl; then - cd "${ROOT}"/etc/raddb/certs || die - ./bootstrap || die "Error while running ./bootstrap script." - fowners -R root:radius "${ROOT}"/etc/raddb/certs - fi -} - -pkg_preinst() { - if ! has_version ${CATEGORY}/${PN} && use ssl; then - elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able" - elog "to start the radiusd service." - fi -}