From b795897f1ee591bc327f367c1b89b5ace549f653 Mon Sep 17 00:00:00 2001 From: Alin Năstac Date: Sun, 16 Oct 2005 08:47:36 +0000 Subject: Remove old test version. Change init script for working with user-defined user/group (#108866). Add support for hashed User-Password under control of the frxp useflag (#109003) (Portage version: 2.0.51.22-r3) --- net-dialup/freeradius/ChangeLog | 12 +- net-dialup/freeradius/Manifest | 18 +-- .../freeradius/files/digest-freeradius-1.0.4 | 1 - .../freeradius/files/digest-freeradius-1.0.5-r1 | 1 + .../freeradius-1.0.4-whole-archive-gentoo.patch | 36 ----- .../files/freeradius-1.0.5-user-password-ha1.patch | 85 ++++++++++++ net-dialup/freeradius/files/radius.init | 23 +-- net-dialup/freeradius/freeradius-1.0.4.ebuild | 148 -------------------- net-dialup/freeradius/freeradius-1.0.5-r1.ebuild | 154 +++++++++++++++++++++ 9 files changed, 269 insertions(+), 209 deletions(-) delete mode 100644 net-dialup/freeradius/files/digest-freeradius-1.0.4 create mode 100644 net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 delete mode 100644 net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch create mode 100644 net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch delete mode 100644 net-dialup/freeradius/freeradius-1.0.4.ebuild create mode 100644 net-dialup/freeradius/freeradius-1.0.5-r1.ebuild (limited to 'net-dialup/freeradius') diff --git a/net-dialup/freeradius/ChangeLog b/net-dialup/freeradius/ChangeLog index a44a5f2057ac..bc823673417c 100644 --- a/net-dialup/freeradius/ChangeLog +++ b/net-dialup/freeradius/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-dialup/freeradius # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/ChangeLog,v 1.39 2005/10/13 05:06:01 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/ChangeLog,v 1.40 2005/10/16 08:47:36 mrness Exp $ + +*freeradius-1.0.5-r1 (16 Oct 2005) + + 16 Oct 2005; Alin Nastac + -files/freeradius-1.0.4-whole-archive-gentoo.patch, + +files/freeradius-1.0.5-user-password-ha1.patch, files/radius.init, + -freeradius-1.0.4.ebuild, +freeradius-1.0.5-r1.ebuild: + Remove old test version. Change init script for working with user-defined + user/group (#108866). Add support for hashed User-Password under control of + the frxp useflag (#109003). 04 Oct 2005; Alin Nastac -files/freeradius-1.0.2-sql-escape.patch, diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest index 7da1f212a3e0..61bbd1153b61 100644 --- a/net-dialup/freeradius/Manifest +++ b/net-dialup/freeradius/Manifest @@ -1,20 +1,10 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 f055029dafa93f7ab0755613209bb8fd freeradius-1.0.4.ebuild 3752 +MD5 76fd9d91f510220cffc5b09c2e00fea2 freeradius-1.0.5-r1.ebuild 4054 MD5 0e071e8f111351294241c694bdbf5b93 freeradius-1.0.5.ebuild 3760 MD5 884c386132a0eac5f125e631d752a2da ChangeLog 6182 MD5 1542bf76e28581e9d6bcfdc75e46f33d metadata.xml 252 -MD5 6b0efd384f551fab6b82794e91dbb4d5 files/freeradius-1.0.4-whole-archive-gentoo.patch 1728 MD5 fc6693f3df5a0694610110287a28568a files/radius.conf 129 -MD5 67947827b3450296502c3160cda1fca0 files/radius.init 1170 +MD5 458420b883ec7022d9e3b4e349b92990 files/radius.init 1650 +MD5 2d8c394126e7b211f44d26a4ff420f7d files/digest-freeradius-1.0.5-r1 69 MD5 6509371cc5a50915f90a413dc54b2c10 files/freeradius-1.0.5-whole-archive-gentoo.patch 1728 -MD5 9351bc95733a1a1a2535bb4e27927014 files/digest-freeradius-1.0.4 69 MD5 2d8c394126e7b211f44d26a4ff420f7d files/digest-freeradius-1.0.5 69 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDTetMNSP4Vda7IdsRAtO3AJ9vQFcI0CmLfTVi0EYgOi/HStnGMgCfSFSj -fdK5TbqRdEGkLxWBsDSIMLE= -=XrGE ------END PGP SIGNATURE----- +MD5 c3e4d6c32ce5eb29575abfdcdfddf418 files/freeradius-1.0.5-user-password-ha1.patch 2242 diff --git a/net-dialup/freeradius/files/digest-freeradius-1.0.4 b/net-dialup/freeradius/files/digest-freeradius-1.0.4 deleted file mode 100644 index c062c016f1e2..000000000000 --- a/net-dialup/freeradius/files/digest-freeradius-1.0.4 +++ /dev/null @@ -1 +0,0 @@ -MD5 edb5c3af6fabeff7b8e1131b6fa33e24 freeradius-1.0.4.tar.gz 2209057 diff --git a/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 b/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 new file mode 100644 index 000000000000..00bf51d754b4 --- /dev/null +++ b/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 @@ -0,0 +1 @@ +MD5 00d06fc31e3b8279f6456d25401c81cb freeradius-1.0.5.tar.gz 2294225 diff --git a/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch b/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch deleted file mode 100644 index a91911b67b57..000000000000 --- a/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -Nru freeradius-1.0.2.orig/aclocal.m4 freeradius-1.0.2/aclocal.m4 ---- freeradius-1.0.2.orig/aclocal.m4 2005-02-13 03:03:20.000000000 +0200 -+++ freeradius-1.0.2/aclocal.m4 2005-03-02 08:37:42.301666608 +0200 -@@ -1421,7 +1421,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi -diff -Nru freeradius-1.0.2.orig/configure freeradius-1.0.2/configure ---- freeradius-1.0.2.orig/configure 2005-03-02 08:32:15.000000000 +0200 -+++ freeradius-1.0.2/configure 2005-03-02 08:37:58.710172136 +0200 -@@ -3511,7 +3511,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi -diff -Nru freeradius-1.0.2.orig/ltconfig freeradius-1.0.2/ltconfig ---- freeradius-1.0.2.orig/ltconfig 2003-06-24 14:03:39.000000000 +0300 -+++ freeradius-1.0.2/ltconfig 2005-03-02 08:38:21.478710792 +0200 -@@ -1246,7 +1246,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi diff --git a/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch b/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch new file mode 100644 index 000000000000..c3ef8859c644 --- /dev/null +++ b/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch @@ -0,0 +1,85 @@ +diff -aurN freeradius-1.0.5/src/modules/rlm_digest/rlm_digest.c freeradius-1.0.5-new/src/modules/rlm_digest/rlm_digest.c +--- freeradius-1.0.5/src/modules/rlm_digest/rlm_digest.c 2004-05-15 16:57:41.000000000 +0200 ++++ freeradius-1.0.5-new/src/modules/rlm_digest/rlm_digest.c 2005-10-09 02:06:06.000000000 +0200 +@@ -35,6 +35,42 @@ + + static const char rcsid[] = "$Id: freeradius-1.0.5-user-password-ha1.patch,v 1.1 2005/10/16 08:47:36 mrness Exp $"; + ++typedef struct { ++ int enc_mode; ++} digest_instance; ++ ++static CONF_PARSER module_config[] = { ++ {"enc_mode", PW_TYPE_BOOLEAN, offsetof(digest_instance,enc_mode), NULL, "no"}, ++ {NULL, -1, 0, NULL, NULL} ++}; ++ ++static int ++digest_instantiate(CONF_SECTION * conf, void **instance) ++{ ++ digest_instance *inst; ++ ++ inst = rad_malloc(sizeof *inst); ++ if (!inst) { ++ return -1; ++ } ++ memset(inst, 0, sizeof(*inst)); ++ ++ if (cf_section_parse(conf, inst, module_config) < 0) { ++ free(inst); ++ return -1; ++ } ++#ifndef NDEBUG ++ if (inst->enc_mode) { ++ DEBUG("Encrypting mode set. User-Password field must contain H(A1)"); ++ } ++#endif ++ *instance = inst; ++ ++ ++ return 0; ++ ++} ++ + static int digest_authorize(void *instance, REQUEST *request) + { + VALUE_PAIR *vp; +@@ -188,6 +224,7 @@ + uint8_t hash[16]; /* MD5 output */ + VALUE_PAIR *vp; + VALUE_PAIR *qop, *nonce; ++ digest_instance *inst = instance; + + /* + * We require access to the plain-text password. +@@ -347,6 +384,21 @@ + */ + librad_md5_calc(&hash[0], &a1[0], a1_len); + ++ /* ++ * If enc_mode is on, User-Password must contain ++ * H(A1) itself. Overwrite hash then. ++ */ ++ if (inst->enc_mode) { ++ DEBUG("User-Password must contain H(A1) , e.g H(username:realm:password)"); ++ vp = pairfind(request->config_items, PW_PASSWORD); ++ if (!vp) { ++ DEBUG("ERROR: No User-Password: Cannot perform Digest authentication"); ++ return RLM_MODULE_INVALID; ++ } ++ ++ hex2bin(&hash[0], &vp->strvalue[0]); ++ } ++ + for (i = 0; i < 16; i++) { + sprintf(&kd[i * 2], "%02x", hash[i]); + } +@@ -491,7 +543,7 @@ + "DIGEST", + 0, /* type */ + NULL, /* initialization */ +- NULL, /* instantiation */ ++ digest_instantiate, /* instantiation */ + { + digest_authenticate, /* authentication */ + digest_authorize, /* authorization */ diff --git a/net-dialup/freeradius/files/radius.init b/net-dialup/freeradius/files/radius.init index b8e69350c459..2caafc372f73 100644 --- a/net-dialup/freeradius/files/radius.init +++ b/net-dialup/freeradius/files/radius.init @@ -18,21 +18,26 @@ checkconfig() { return 1 fi - if [ -z "`grep radiusd /etc/passwd`" ] || [ -z "`grep radiusd /etc/group`" ]; then - eerror "radiusd user missing!" + RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` + RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` + if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then + eerror "${RADIUSD_USER} user missing!" return 1 fi - - if [ ! -f radius.log ]; then - touch radius.log && chown radiusd:radiusd radius.log \ - || return 1 + if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then + eerror "${RADIUSD_GROUP} group missing!" + return 1 fi - - return 0 + + #radius.log is created before privileges drop; we need to set proper permissions on it + [ -f radius.log ] || touch radius.log || return 1 + + chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . && \ + chmod -R u+rwX,g+rX . || return 1 } start() { - cd /var/log/radius #set the location of log files + cd /var/log/radius #set the location of log files, including startup.log created by check-radiusd-config # Comment out the following line to get faster startups checkconfig || return 1 diff --git a/net-dialup/freeradius/freeradius-1.0.4.ebuild b/net-dialup/freeradius/freeradius-1.0.4.ebuild deleted file mode 100644 index 027a4f401f26..000000000000 --- a/net-dialup/freeradius/freeradius-1.0.4.ebuild +++ /dev/null @@ -1,148 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-1.0.4.ebuild,v 1.4 2005/10/13 05:06:01 mrness Exp $ - -inherit eutils - -DESCRIPTION="highly configurable free RADIUS server" -SRC_URI="ftp://ftp.freeradius.org/pub/radius/${P}.tar.gz" -HOMEPAGE="http://www.freeradius.org/" - -KEYWORDS="~x86 ~amd64 ~ppc ~sparc" -LICENSE="GPL-2" -SLOT="0" -IUSE="edirectory frascend frnothreads frxp kerberos ldap mysql pam postgres snmp ssl udpfromto" - -DEPEND="!net-dialup/cistronradius - !net-dialup/gnuradius - virtual/libc - >=sys-libs/db-3.2 - sys-libs/gdbm - snmp? ( net-analyzer/net-snmp ) - mysql? ( dev-db/mysql ) - postgres? ( dev-db/postgresql ) - pam? ( sys-libs/pam ) - ssl? ( dev-libs/openssl ) - ldap? ( net-nds/openldap ) - kerberos? ( virtual/krb5 ) - frxp? ( dev-lang/python - dev-lang/perl )" - -pkg_setup() { - if use edirectory && ! use ldap ; then - eerror "Cannot add integration with Novell's eDirectory without having LDAP support!" - eerror "Either you select ldap USE flag or remove edirectory" - die - fi - enewgroup radiusd - enewuser radiusd -1 -1 /var/log/radius radiusd -} - -src_unpack() { - unpack ${P}.tar.gz - cd ${S} - - epatch ${FILESDIR}/${P}-whole-archive-gentoo.patch - - export WANT_AUTOCONF=2.1 - autoconf -} - -src_compile() { - local myconf=" \ - `use_with snmp` \ - `use_with frascend ascend-binary` \ - `use_with frxp experimental-modules` \ - `use_with udpfromto` \ - `use_with edirectory edir` " - - if useq frnothreads; then - myconf="${myconf} --without-threads" - fi - #fix bug #77613 - if has_version app-crypt/heimdal; then - myconf="${myconf} --enable-heimdal-krb5" - fi - - # kill modules we don't use - if ! use ssl; then - einfo "removing rlm_eap_tls and rlm_x99_token (no use ssl)" - rm -rf src/modules/rlm_eap/types/rlm_eap_tls src/modules/rlm_x99_token - fi - if ! use ldap; then - einfo "removing rlm_ldap (no use ldap)" - rm -rf src/modules/rlm_ldap - fi - if ! use kerberos; then - einfo "removing rlm_krb5 (no use kerberos)" - rm -rf src/modules/rlm_krb5 - fi - if ! use pam; then - einfo "removing rlm_pam (no use pam)" - rm -rf src/modules/rlm_pam - fi - - ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ - --mandir=/usr/share/man \ - --with-large-files --disable-ltdl-install --disable-static \ - ${myconf} || die - - make || die -} - -src_install() { - dodir /etc - dodir /var/log - dodir /var/run - pkg_preinst - diropts -m0750 -o root -g radiusd - dodir /etc/raddb - diropts -m0750 -o radiusd -g radiusd - dodir /var/log/radius - dodir /var/log/radius/radacct - dodir /var/run/radiusd - diropts - - make R=${D} install || die - dosed 's:^#user *= *nobody:user = radiusd:;s:^#group *= *nobody:group = radiusd:' \ - /etc/raddb/radiusd.conf - chown -R root:radiusd ${D}/etc/raddb/* - - [ -z "${PR}" ] || mv ${D}/usr/share/doc/${P} ${D}/usr/share/doc/${PF} - gzip -f -9 ${D}/usr/share/doc/${PF}/{rfc/*.txt,*} - dodoc CREDITS - #Copy SQL schemas to doc dir - docinto sql.schemas - dodoc src/modules/rlm_sql/drivers/rlm_sql_*/*.sql - - rm ${D}/usr/sbin/rc.radiusd - - exeinto /etc/init.d - newexe ${FILESDIR}/radius.init radiusd - - insinto /etc/conf.d - newins ${FILESDIR}/radius.conf radiusd -} - -pkg_preinst() { - enewgroup radiusd - enewuser radiusd -1 -1 /var/log/radius radiusd -} - -pkg_prerm() { - if [ -n "`${ROOT}/etc/init.d/radiusd status | grep start`" ]; then - ${ROOT}/etc/init.d/radiusd stop - fi -} - -pkg_postrm() { - if has_version ">${CATEGORY}/${PF}" || has_version "<${CATEGORY}/${PF}" ; then - ewarn "If radiusd service was running, it had been stopped!" - echo - ewarn "You should update the configuration files using etc-update" - ewarn "and start the radiusd service again by running:" - einfo " /etc/init.d/radiusd start" - - ebeep - fi -} diff --git a/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild b/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild new file mode 100644 index 000000000000..ccf34df65639 --- /dev/null +++ b/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild,v 1.1 2005/10/16 08:47:36 mrness Exp $ + +inherit eutils + +DESCRIPTION="highly configurable free RADIUS server" +SRC_URI="ftp://ftp.freeradius.org/pub/radius/${P}.tar.gz" +HOMEPAGE="http://www.freeradius.org/" + +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +LICENSE="GPL-2" +SLOT="0" +IUSE="edirectory frascend frnothreads frxp kerberos ldap mysql pam postgres snmp ssl udpfromto" + +DEPEND="!net-dialup/cistronradius + !net-dialup/gnuradius + virtual/libc + >=sys-libs/db-3.2 + sys-libs/gdbm + snmp? ( net-analyzer/net-snmp ) + mysql? ( dev-db/mysql ) + postgres? ( dev-db/postgresql ) + pam? ( sys-libs/pam ) + ssl? ( dev-libs/openssl ) + ldap? ( net-nds/openldap ) + kerberos? ( virtual/krb5 ) + frxp? ( dev-lang/python + dev-lang/perl )" + +pkg_setup() { + if use edirectory && ! use ldap ; then + eerror "Cannot add integration with Novell's eDirectory without having LDAP support!" + eerror "Either you select ldap USE flag or remove edirectory" + die "edirectory needs ldap" + fi + enewgroup radiusd + enewuser radiusd -1 -1 /var/log/radius radiusd +} + +src_unpack() { + unpack ${A} + + epatch ${FILESDIR}/${P}-whole-archive-gentoo.patch + if use frxp; then + #(bug #109003) This patch allows you to store the hash value of the + #username:realm:password string instead of the clear text password. + #It can be found here : + # http://bugs.freeradius.org/show_bug.cgi?id=287 + epatch ${FILESDIR}/${P}-user-password-ha1.patch + fi +} + +src_compile() { +# export WANT_AUTOCONF=2.1 + autoconf + + local myconf=" \ + `use_with snmp` \ + `use_with frascend ascend-binary` \ + `use_with frxp experimental-modules` \ + `use_with udpfromto` \ + `use_with edirectory edir` " + + if useq frnothreads; then + myconf="${myconf} --without-threads" + fi + #fix bug #77613 + if has_version app-crypt/heimdal; then + myconf="${myconf} --enable-heimdal-krb5" + fi + + # kill modules we don't use + if ! use ssl; then + einfo "removing rlm_eap_tls and rlm_x99_token (no use ssl)" + rm -rf src/modules/rlm_eap/types/rlm_eap_tls src/modules/rlm_x99_token + fi + if ! use ldap; then + einfo "removing rlm_ldap (no use ldap)" + rm -rf src/modules/rlm_ldap + fi + if ! use kerberos; then + einfo "removing rlm_krb5 (no use kerberos)" + rm -rf src/modules/rlm_krb5 + fi + if ! use pam; then + einfo "removing rlm_pam (no use pam)" + rm -rf src/modules/rlm_pam + fi + + ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --mandir=/usr/share/man \ + --with-large-files --disable-ltdl-install --disable-static \ + ${myconf} || die + + make || die +} + +src_install() { + dodir /etc + dodir /var/log + dodir /var/run + pkg_preinst + diropts -m0750 -o root -g radiusd + dodir /etc/raddb + diropts -m0750 -o radiusd -g radiusd + dodir /var/log/radius + keepdir /var/log/radius/radacct + dodir /var/run/radiusd + diropts + + make R=${D} install || die + dosed 's:^#user *= *nobody:user = radiusd:;s:^#group *= *nobody:group = radiusd:' \ + /etc/raddb/radiusd.conf + chown -R root:radiusd ${D}/etc/raddb/* + + [ -z "${PR}" ] || mv ${D}/usr/share/doc/${P} ${D}/usr/share/doc/${PF} + gzip -f -9 ${D}/usr/share/doc/${PF}/{rfc/*.txt,*} + dodoc CREDITS + #Copy SQL schemas to doc dir + docinto sql.schemas + dodoc src/modules/rlm_sql/drivers/rlm_sql_*/*.sql + + rm ${D}/usr/sbin/rc.radiusd + + exeinto /etc/init.d + newexe ${FILESDIR}/radius.init radiusd + + insinto /etc/conf.d + newins ${FILESDIR}/radius.conf radiusd +} + +pkg_preinst() { + enewgroup radiusd + enewuser radiusd -1 -1 /var/log/radius radiusd +} + +pkg_prerm() { + if [ -n "`${ROOT}/etc/init.d/radiusd status | grep start`" ]; then + ${ROOT}/etc/init.d/radiusd stop + fi +} + +pkg_postrm() { + if has_version ">${CATEGORY}/${PF}" || has_version "<${CATEGORY}/${PF}" ; then + ewarn "If radiusd service was running, it had been stopped!" + echo + ewarn "You should update the configuration files using etc-update" + ewarn "and start the radiusd service again by running:" + einfo " /etc/init.d/radiusd start" + + ebeep + fi +} -- cgit v1.2.3-65-gdbad