diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2005-10-16 08:47:36 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2005-10-16 08:47:36 +0000 |
| commit | b795897f1ee591bc327f367c1b89b5ace549f653 (patch) | |
| tree | d1e04d0ffc9a1204f3f010d19801054dd2289f2a /net-dialup/freeradius | |
| parent | remove old rc (diff) | |
| download | gentoo-2-b795897f1ee591bc327f367c1b89b5ace549f653.tar.gz gentoo-2-b795897f1ee591bc327f367c1b89b5ace549f653.tar.bz2 gentoo-2-b795897f1ee591bc327f367c1b89b5ace549f653.zip | |
Remove old test version. Change init script for working with user-defined user/group (#108866). Add support for hashed User-Password under control of the frxp useflag (#109003)
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-dialup/freeradius')
| -rw-r--r-- | net-dialup/freeradius/ChangeLog | 12 | ||||
| -rw-r--r-- | net-dialup/freeradius/Manifest | 18 | ||||
| -rw-r--r-- | net-dialup/freeradius/files/digest-freeradius-1.0.4 | 1 | ||||
| -rw-r--r-- | net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 | 1 | ||||
| -rw-r--r-- | net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch | 36 | ||||
| -rw-r--r-- | net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch | 85 | ||||
| -rw-r--r-- | net-dialup/freeradius/files/radius.init | 23 | ||||
| -rw-r--r-- | net-dialup/freeradius/freeradius-1.0.5-r1.ebuild (renamed from net-dialup/freeradius/freeradius-1.0.4.ebuild) | 24 |
8 files changed, 130 insertions, 70 deletions
diff --git a/net-dialup/freeradius/ChangeLog b/net-dialup/freeradius/ChangeLog index a44a5f2057ac..bc823673417c 100644 --- a/net-dialup/freeradius/ChangeLog +++ b/net-dialup/freeradius/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-dialup/freeradius # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/ChangeLog,v 1.39 2005/10/13 05:06:01 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/ChangeLog,v 1.40 2005/10/16 08:47:36 mrness Exp $ + +*freeradius-1.0.5-r1 (16 Oct 2005) + + 16 Oct 2005; Alin Nastac <mrness@gentoo.org> + -files/freeradius-1.0.4-whole-archive-gentoo.patch, + +files/freeradius-1.0.5-user-password-ha1.patch, files/radius.init, + -freeradius-1.0.4.ebuild, +freeradius-1.0.5-r1.ebuild: + Remove old test version. Change init script for working with user-defined + user/group (#108866). Add support for hashed User-Password under control of + the frxp useflag (#109003). 04 Oct 2005; Alin Nastac <mrness@gentoo.org> -files/freeradius-1.0.2-sql-escape.patch, diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest index 7da1f212a3e0..61bbd1153b61 100644 --- a/net-dialup/freeradius/Manifest +++ b/net-dialup/freeradius/Manifest @@ -1,20 +1,10 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 f055029dafa93f7ab0755613209bb8fd freeradius-1.0.4.ebuild 3752 +MD5 76fd9d91f510220cffc5b09c2e00fea2 freeradius-1.0.5-r1.ebuild 4054 MD5 0e071e8f111351294241c694bdbf5b93 freeradius-1.0.5.ebuild 3760 MD5 884c386132a0eac5f125e631d752a2da ChangeLog 6182 MD5 1542bf76e28581e9d6bcfdc75e46f33d metadata.xml 252 -MD5 6b0efd384f551fab6b82794e91dbb4d5 files/freeradius-1.0.4-whole-archive-gentoo.patch 1728 MD5 fc6693f3df5a0694610110287a28568a files/radius.conf 129 -MD5 67947827b3450296502c3160cda1fca0 files/radius.init 1170 +MD5 458420b883ec7022d9e3b4e349b92990 files/radius.init 1650 +MD5 2d8c394126e7b211f44d26a4ff420f7d files/digest-freeradius-1.0.5-r1 69 MD5 6509371cc5a50915f90a413dc54b2c10 files/freeradius-1.0.5-whole-archive-gentoo.patch 1728 -MD5 9351bc95733a1a1a2535bb4e27927014 files/digest-freeradius-1.0.4 69 MD5 2d8c394126e7b211f44d26a4ff420f7d files/digest-freeradius-1.0.5 69 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDTetMNSP4Vda7IdsRAtO3AJ9vQFcI0CmLfTVi0EYgOi/HStnGMgCfSFSj -fdK5TbqRdEGkLxWBsDSIMLE= -=XrGE ------END PGP SIGNATURE----- +MD5 c3e4d6c32ce5eb29575abfdcdfddf418 files/freeradius-1.0.5-user-password-ha1.patch 2242 diff --git a/net-dialup/freeradius/files/digest-freeradius-1.0.4 b/net-dialup/freeradius/files/digest-freeradius-1.0.4 deleted file mode 100644 index c062c016f1e2..000000000000 --- a/net-dialup/freeradius/files/digest-freeradius-1.0.4 +++ /dev/null @@ -1 +0,0 @@ -MD5 edb5c3af6fabeff7b8e1131b6fa33e24 freeradius-1.0.4.tar.gz 2209057 diff --git a/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 b/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 new file mode 100644 index 000000000000..00bf51d754b4 --- /dev/null +++ b/net-dialup/freeradius/files/digest-freeradius-1.0.5-r1 @@ -0,0 +1 @@ +MD5 00d06fc31e3b8279f6456d25401c81cb freeradius-1.0.5.tar.gz 2294225 diff --git a/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch b/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch deleted file mode 100644 index a91911b67b57..000000000000 --- a/net-dialup/freeradius/files/freeradius-1.0.4-whole-archive-gentoo.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -Nru freeradius-1.0.2.orig/aclocal.m4 freeradius-1.0.2/aclocal.m4 ---- freeradius-1.0.2.orig/aclocal.m4 2005-02-13 03:03:20.000000000 +0200 -+++ freeradius-1.0.2/aclocal.m4 2005-03-02 08:37:42.301666608 +0200 -@@ -1421,7 +1421,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi -diff -Nru freeradius-1.0.2.orig/configure freeradius-1.0.2/configure ---- freeradius-1.0.2.orig/configure 2005-03-02 08:32:15.000000000 +0200 -+++ freeradius-1.0.2/configure 2005-03-02 08:37:58.710172136 +0200 -@@ -3511,7 +3511,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi -diff -Nru freeradius-1.0.2.orig/ltconfig freeradius-1.0.2/ltconfig ---- freeradius-1.0.2.orig/ltconfig 2003-06-24 14:03:39.000000000 +0300 -+++ freeradius-1.0.2/ltconfig 2005-03-02 08:38:21.478710792 +0200 -@@ -1246,7 +1246,7 @@ - *) - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then -- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' -+ whole_archive_flag_spec="$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= - fi diff --git a/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch b/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch new file mode 100644 index 000000000000..c3ef8859c644 --- /dev/null +++ b/net-dialup/freeradius/files/freeradius-1.0.5-user-password-ha1.patch @@ -0,0 +1,85 @@ +diff -aurN freeradius-1.0.5/src/modules/rlm_digest/rlm_digest.c freeradius-1.0.5-new/src/modules/rlm_digest/rlm_digest.c +--- freeradius-1.0.5/src/modules/rlm_digest/rlm_digest.c 2004-05-15 16:57:41.000000000 +0200 ++++ freeradius-1.0.5-new/src/modules/rlm_digest/rlm_digest.c 2005-10-09 02:06:06.000000000 +0200 +@@ -35,6 +35,42 @@ + + static const char rcsid[] = "$Id: freeradius-1.0.5-user-password-ha1.patch,v 1.1 2005/10/16 08:47:36 mrness Exp $"; + ++typedef struct { ++ int enc_mode; ++} digest_instance; ++ ++static CONF_PARSER module_config[] = { ++ {"enc_mode", PW_TYPE_BOOLEAN, offsetof(digest_instance,enc_mode), NULL, "no"}, ++ {NULL, -1, 0, NULL, NULL} ++}; ++ ++static int ++digest_instantiate(CONF_SECTION * conf, void **instance) ++{ ++ digest_instance *inst; ++ ++ inst = rad_malloc(sizeof *inst); ++ if (!inst) { ++ return -1; ++ } ++ memset(inst, 0, sizeof(*inst)); ++ ++ if (cf_section_parse(conf, inst, module_config) < 0) { ++ free(inst); ++ return -1; ++ } ++#ifndef NDEBUG ++ if (inst->enc_mode) { ++ DEBUG("Encrypting mode set. User-Password field must contain H(A1)"); ++ } ++#endif ++ *instance = inst; ++ ++ ++ return 0; ++ ++} ++ + static int digest_authorize(void *instance, REQUEST *request) + { + VALUE_PAIR *vp; +@@ -188,6 +224,7 @@ + uint8_t hash[16]; /* MD5 output */ + VALUE_PAIR *vp; + VALUE_PAIR *qop, *nonce; ++ digest_instance *inst = instance; + + /* + * We require access to the plain-text password. +@@ -347,6 +384,21 @@ + */ + librad_md5_calc(&hash[0], &a1[0], a1_len); + ++ /* ++ * If enc_mode is on, User-Password must contain ++ * H(A1) itself. Overwrite hash then. ++ */ ++ if (inst->enc_mode) { ++ DEBUG("User-Password must contain H(A1) , e.g H(username:realm:password)"); ++ vp = pairfind(request->config_items, PW_PASSWORD); ++ if (!vp) { ++ DEBUG("ERROR: No User-Password: Cannot perform Digest authentication"); ++ return RLM_MODULE_INVALID; ++ } ++ ++ hex2bin(&hash[0], &vp->strvalue[0]); ++ } ++ + for (i = 0; i < 16; i++) { + sprintf(&kd[i * 2], "%02x", hash[i]); + } +@@ -491,7 +543,7 @@ + "DIGEST", + 0, /* type */ + NULL, /* initialization */ +- NULL, /* instantiation */ ++ digest_instantiate, /* instantiation */ + { + digest_authenticate, /* authentication */ + digest_authorize, /* authorization */ diff --git a/net-dialup/freeradius/files/radius.init b/net-dialup/freeradius/files/radius.init index b8e69350c459..2caafc372f73 100644 --- a/net-dialup/freeradius/files/radius.init +++ b/net-dialup/freeradius/files/radius.init @@ -18,21 +18,26 @@ checkconfig() { return 1 fi - if [ -z "`grep radiusd /etc/passwd`" ] || [ -z "`grep radiusd /etc/group`" ]; then - eerror "radiusd user missing!" + RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` + RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` + if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then + eerror "${RADIUSD_USER} user missing!" return 1 fi - - if [ ! -f radius.log ]; then - touch radius.log && chown radiusd:radiusd radius.log \ - || return 1 + if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then + eerror "${RADIUSD_GROUP} group missing!" + return 1 fi - - return 0 + + #radius.log is created before privileges drop; we need to set proper permissions on it + [ -f radius.log ] || touch radius.log || return 1 + + chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . && \ + chmod -R u+rwX,g+rX . || return 1 } start() { - cd /var/log/radius #set the location of log files + cd /var/log/radius #set the location of log files, including startup.log created by check-radiusd-config # Comment out the following line to get faster startups checkconfig || return 1 diff --git a/net-dialup/freeradius/freeradius-1.0.4.ebuild b/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild index 027a4f401f26..ccf34df65639 100644 --- a/net-dialup/freeradius/freeradius-1.0.4.ebuild +++ b/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-1.0.4.ebuild,v 1.4 2005/10/13 05:06:01 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dialup/freeradius/freeradius-1.0.5-r1.ebuild,v 1.1 2005/10/16 08:47:36 mrness Exp $ inherit eutils @@ -8,7 +8,7 @@ DESCRIPTION="highly configurable free RADIUS server" SRC_URI="ftp://ftp.freeradius.org/pub/radius/${P}.tar.gz" HOMEPAGE="http://www.freeradius.org/" -KEYWORDS="~x86 ~amd64 ~ppc ~sparc" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" LICENSE="GPL-2" SLOT="0" IUSE="edirectory frascend frnothreads frxp kerberos ldap mysql pam postgres snmp ssl udpfromto" @@ -32,23 +32,29 @@ pkg_setup() { if use edirectory && ! use ldap ; then eerror "Cannot add integration with Novell's eDirectory without having LDAP support!" eerror "Either you select ldap USE flag or remove edirectory" - die + die "edirectory needs ldap" fi enewgroup radiusd enewuser radiusd -1 -1 /var/log/radius radiusd } src_unpack() { - unpack ${P}.tar.gz - cd ${S} + unpack ${A} epatch ${FILESDIR}/${P}-whole-archive-gentoo.patch - - export WANT_AUTOCONF=2.1 - autoconf + if use frxp; then + #(bug #109003) This patch allows you to store the hash value of the + #username:realm:password string instead of the clear text password. + #It can be found here : + # http://bugs.freeradius.org/show_bug.cgi?id=287 + epatch ${FILESDIR}/${P}-user-password-ha1.patch + fi } src_compile() { +# export WANT_AUTOCONF=2.1 + autoconf + local myconf=" \ `use_with snmp` \ `use_with frascend ascend-binary` \ @@ -99,7 +105,7 @@ src_install() { dodir /etc/raddb diropts -m0750 -o radiusd -g radiusd dodir /var/log/radius - dodir /var/log/radius/radacct + keepdir /var/log/radius/radacct dodir /var/run/radiusd diropts |