summaryrefslogtreecommitdiff
path: root/net/freeradius
diff options
context:
space:
mode:
authoradrianp <adrianp@pkgsrc.org>2006-08-10 10:55:51 +0000
committeradrianp <adrianp@pkgsrc.org>2006-08-10 10:55:51 +0000
commit8ea989d41f5668e7e714dcda47af927f6920f1ab (patch)
tree6fc7873d2d85c000a498e98c8413e393ab569770 /net/freeradius
parent37fcb1749eef07f50c8e346721093d0543bf2bb2 (diff)
downloadpkgsrc-8ea989d41f5668e7e714dcda47af927f6920f1ab.tar.gz
Default to running radiusd as a non-root user
bump to nb2
Diffstat (limited to 'net/freeradius')
-rw-r--r--net/freeradius/MESSAGE17
-rw-r--r--net/freeradius/Makefile61
-rw-r--r--net/freeradius/distinfo3
-rw-r--r--net/freeradius/files/radiusd.sh4
-rw-r--r--net/freeradius/patches/patch-ak15
5 files changed, 77 insertions, 23 deletions
diff --git a/net/freeradius/MESSAGE b/net/freeradius/MESSAGE
new file mode 100644
index 00000000000..b093491972f
--- /dev/null
+++ b/net/freeradius/MESSAGE
@@ -0,0 +1,17 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2006/08/10 10:55:52 adrianp Exp $
+
+Note to users who have been running radiusd as root before:
+
+As radiusd now runs unprivileged by default (as ${RADIUS_USER}:${RADIUS_GROUP}),
+you'll have to adapt some permissions:
+
+ ${CHOWN} -R ${RADIUS_USER}:${RADIUS_GROUP} ${VARBASE}/run/radiusd
+ ${CHOWN} -R ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}
+ ${FIND} ${PKG_SYSCONFDIR} -type d | ${XARGS} ${CHMOD} 0750
+ ${FIND} ${PKG_SYSCONFDIR} -type f | ${XARGS} ${CHMOD} 0640
+
+In addition to this the base logging directory has now been moved from
+${VARBASE}/log to ${VARBASE}/log/radiusd.
+
+===========================================================================
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile
index b0f88e92d82..cba4da2a278 100644
--- a/net/freeradius/Makefile
+++ b/net/freeradius/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2006/08/09 16:42:09 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2006/08/10 10:55:52 adrianp Exp $
DISTNAME= freeradius-${RADVER}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
ftp://ftp.Awfulhak.org/pub/radius/
@@ -15,18 +15,37 @@ COMMENT= Free RADIUS server implementation
CONFLICTS+= radiusd-cistron-[0-9]*
USE_TOOLS+= gmake perl:run
GNU_CONFIGURE= YES
+USE_LIBTOOL= YES
+USE_OLD_DES_API= YES
+
+BUILD_DEFS= VARBASE RADIUS_USER RADIUS_GROUP
PLIST_SRC= ${WRKDIR}/.PLIST_SRC
-FILES_SUBST+= ROOT_USER=${ROOT_USER:Q}
-FILES_SUBST+= ROOT_GROUP=${ROOT_GROUP:Q}
+FILES_SUBST+= RADIUS_USER=${RADIUS_USER:Q}
+FILES_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q}
PLIST_SUBST+= RADVER=${RADVER}
-USE_OLD_DES_API= YES
+MESSAGE_SUBST+= CHOWN=${CHOWN:Q} CHMOD=${CHMOD:Q} VARBASE=${VARBASE}
+MESSAGE_SUBST+= RADIUS_USER=${RADIUS_USER:Q} XARGS=${XARGS:Q}
+MESSAGE_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q} FIND=${FIND:Q}
+
+PKG_SYSCONFSUBDIR= raddb
+RCD_SCRIPTS= radiusd
+RADIUS_USER?= radius
+RADIUS_GROUP?= radius
+PKG_GROUPS= ${RADIUS_USER}
+PKG_USERS= ${RADIUS_USER}:${RADIUS_GROUP}
+OWN_DIRS_PERMS+= ${VARBASE}/run/radiusd \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd/radacct \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+
RADVER= 1.1.2
+EGDIR= ${PREFIX}/share/examples/freeradius
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
-USE_LIBTOOL= YES
-
-CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log
+CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log/radiusd
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q}
CONFIGURE_ARGS+= --disable-ltdl-install
@@ -37,6 +56,7 @@ CONFIGURE_ARGS+= --without-rlm_smb
CONFIGURE_ARGS+= --without-rlm_sql_iodbc
CONFIGURE_ARGS+= --without-rlm_sql_oracle
CONFIGURE_ARGS+= --without-rlm_sql_unixodbc
+CONFIGURE_ARGS+= --quiet
#CONFIGURE_ARGS+= --without-rlm_eap_peap
#CONFIGURE_ARGS+= --without-rlm_eap_sim
#CONFIGURE_ARGS+= --without-rlm_eap_tls
@@ -54,15 +74,14 @@ SUBST_SED.make+= -e "s|RLM_SQL_LIBS =|RLM_SQL_LIBS = \
-L${PREFIX}/lib|g"
SUBST_MESSAGE.make= Fixing Makefiles.
-.include "options.mk"
-
-RCD_SCRIPTS= radiusd
-
-OWN_DIRS= ${VARBASE}/run/radiusd
+SUBST_CLASSES+= config
+SUBST_STAGE.config= post-patch
+SUBST_FILES.config= raddb/radiusd.conf.in
+SUBST_SED.config= -e "s|@@RADIUS_USER@@|${RADIUS_USER}|g"
+SUBST_SED.config+= -e "s|@@RADIUS_GROUP@@|${RADIUS_GROUP}|g"
+SUBST_MESSAGE.config= Fixing configuration files.
-PKG_SYSCONFSUBDIR= raddb
-EGDIR= ${PREFIX}/share/examples/freeradius
-CONF_FILES_MODE= 0640
+.include "options.mk"
EGFILES= acct_users attrs certs/demoCA/index.txt.old \
certs/demoCA/cacert.pem certs/demoCA/index.txt \
@@ -79,7 +98,8 @@ EGFILES= acct_users attrs certs/demoCA/index.txt.old \
otp.conf otppasswd.sample
.for f in ${EGFILES}
-CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
+CONF_FILES_PERMS+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0640
.endfor
.include "../../security/openssl/buildlink3.mk"
@@ -101,9 +121,6 @@ SUBST_SED.make+= -e 's|@ldap_ldflags@|@ldap_ldflags@ \
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q}|g'
.endif
-.if ${OPSYS} == "DragonFly"
-.endif
-
.if ${MACHINE_ARCH} == "amd64"
CFLAGS+= -fPIC
.endif
@@ -121,5 +138,9 @@ post-install:
${INSTALL_SCRIPT} ${WRKSRC}/src/modules/rlm_perl/example.pl ${EGDIR}
${MKDIR} ${PKG_SYSCONFDIR}/certs
${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA
+ ${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs
+ ${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs/demoCA
+ ${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs
+ ${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs/demoCA
.include "../../mk/bsd.pkg.mk"
diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo
index 1c8558e37f0..060757dac1f 100644
--- a/net/freeradius/distinfo
+++ b/net/freeradius/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2006/07/14 22:10:01 adrianp Exp $
+$NetBSD: distinfo,v 1.22 2006/08/10 10:55:52 adrianp Exp $
SHA1 (freeradius-1.1.2.tar.gz) = 0636c1afb14fc22e78ecb83aeaf63150d515d73d
RMD160 (freeradius-1.1.2.tar.gz) = 3c0960bd30d29af9bab699ee7a38c22ec0472eb5
@@ -7,3 +7,4 @@ SHA1 (patch-ab) = 7a23eb75a9818b073263fd36cbf17b692fa19a9f
SHA1 (patch-ae) = cf3497723b15b8a61c5458f312697a2d4a147439
SHA1 (patch-ai) = 128c5984464241294b201384d43a287e9bcb147e
SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e
+SHA1 (patch-ak) = 7be986e3949a6f8368f7e01ba93521fac48eff7d
diff --git a/net/freeradius/files/radiusd.sh b/net/freeradius/files/radiusd.sh
index 5c2eadeacaf..cc14a98c709 100644
--- a/net/freeradius/files/radiusd.sh
+++ b/net/freeradius/files/radiusd.sh
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: radiusd.sh,v 1.5 2005/02/09 09:14:26 seb Exp $
+# $NetBSD: radiusd.sh,v 1.6 2006/08/10 10:55:51 adrianp Exp $
#
# PROVIDE: radiusd
# REQUIRE: network
@@ -22,7 +22,7 @@ radiusd_precmd()
if [ ! -d @VARBASE@/run/radiusd ]; then
@MKDIR@ @VARBASE@/run/radiusd
@CHMOD@ 0750 @VARBASE@/run/radiusd
- @CHOWN@ @ROOT_USER@:@ROOT_GROUP@ @VARBASE@/run/radiusd
+ @CHOWN@ @RADIUS_USER@:@RADIUS_GROUP@ @VARBASE@/run/radiusd
fi
}
diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak
new file mode 100644
index 00000000000..75214ae619a
--- /dev/null
+++ b/net/freeradius/patches/patch-ak
@@ -0,0 +1,15 @@
+$NetBSD: patch-ak,v 1.7 2006/08/10 10:55:52 adrianp Exp $
+
+--- raddb/radiusd.conf.in.orig 2006-04-20 19:40:29.000000000 +0100
++++ raddb/radiusd.conf.in
+@@ -106,8 +106,8 @@ pidfile = ${run_dir}/radiusd.pid
+ # that the debugging mode server is running as a user that can read the
+ # shadow info, and the user listed below can not.
+ #
+-#user = nobody
+-#group = nobody
++user = @@RADIUS_USER@@
++group = @@RADIUS_GROUP@@
+
+ # max_request_time: The maximum time (in seconds) to handle a request.
+ #