freeradius: Fix SMF initialisation.

Ensures the user/group are correctly substituted into the config file so that the daemon can run as root then drop privileges appropriately, as well as creating the rundir as necessary. Submitted by Jorge Schrauwen in NetBSD/pkgsrc#58. Bump PKGREVISION.
author: jperkin <jperkin@pkgsrc.org> 2020-04-16 15:49:30 +0000
committer: jperkin <jperkin@pkgsrc.org> 2020-04-16 15:49:30 +0000
commit: dc19dc98dc6b681e26e61bf62ed57665db0d8a38 (patch)
tree: 7ca7efed3c68a4c7cc6f57ece322613e18c95a30 /net/freeradius
parent: b6bca2f33d45961f0e9bbefac03e469a34133c7d (diff)
download: pkgsrc-dc19dc98dc6b681e26e61bf62ed57665db0d8a38.tar.gz
5 files changed, 57 insertions, 19 deletions
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile
index 3cfee077c5e..b7d11529b71 100644
--- a/net/freeradius/Makefile
+++ b/net/freeradius/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.106 2020/04/08 09:42:05 adam Exp $
+# $NetBSD: Makefile,v 1.107 2020/04/16 15:49:30 jperkin Exp $
 
 .include "Makefile.common"
 
 PKGNAME=	${DISTNAME:S/-server//}
+PKGREVISION=	1
 COMMENT=	Free RADIUS server implementation
 
 BUILD_DEFS+=		VARBASE
@@ -29,6 +30,7 @@ CONFIGURE_ARGS+=	--without-rlm_sql_postgresql
 CONFIGURE_ARGS+=	--without-rlm_sql_unixodbc
 
 RCD_SCRIPTS=		radiusd
+SMF_METHODS=		radiusd
 RADIUS_GROUP?=		radiusd
 RADIUS_USER?=		radiusd
 PKG_GROUPS=		${RADIUS_GROUP}
@@ -42,6 +44,12 @@ OWN_DIRS_PERMS+=	${VARBASE}/run/radiusd \
 
 PKG_SYSCONFSUBDIR=	raddb
 
+SUBST_CLASSES+=		secconf
+SUBST_STAGE.secconf=	post-configure
+SUBST_MESSAGE.secconf=	Substituting user and group in radiusd.conf
+SUBST_FILES.secconf=	raddb/radiusd.conf
+SUBST_VARS.secconf=	RADIUS_USER RADIUS_GROUP
+
 FILES_SUBST+=		RADIUS_USER=${RADIUS_USER} RADIUS_GROUP=${RADIUS_GROUP}
 MESSAGE_SUBST+=		BOOTSTRAP=${PKG_SYSCONFDIR}/certs/bootstrap
 
@@ -175,19 +183,19 @@ EGFILES=		certs/ca.cnf certs/client.cnf certs/inner-server.cnf \
 			users templates.conf trigger.conf
 
 EGDIRS=			certs mods-available mods-config mods-config/attr_filter mods-config/files \
-			mods-config/perl mods-config/preprocess mods-config/sql mods-config/sql/counter  \
-			mods-config/sql/counter/mysql mods-config/sql/counter/postgresql  \
-			mods-config/sql/counter/sqlite mods-config/sql/cui mods-config/sql/cui/mysql  \
-			mods-config/sql/cui/postgresql mods-config/sql/cui/sqlite mods-config/sql/ippool  \
-			mods-config/sql/ippool-dhcp mods-config/sql/ippool-dhcp/mysql  \
-			mods-config/sql/ippool-dhcp/oracle mods-config/sql/ippool-dhcp/sqlite  \
-			mods-config/sql/ippool/mysql mods-config/sql/ippool/oracle  \
-			mods-config/sql/ippool/postgresql mods-config/sql/ippool/sqlite  \
-			mods-config/sql/main mods-config/sql/main/mssql mods-config/sql/main/mysql  \
-			mods-config/sql/main/mysql/extras mods-config/sql/main/mysql/extras/wimax  \
-			mods-config/sql/main/ndb mods-config/sql/main/oracle  \
-			mods-config/sql/main/postgresql mods-config/sql/main/postgresql/extras  \
-			mods-config/sql/main/sqlite mods-config/unbound mods-enabled  \
+			mods-config/perl mods-config/preprocess mods-config/sql mods-config/sql/counter \
+			mods-config/sql/counter/mysql mods-config/sql/counter/postgresql \
+			mods-config/sql/counter/sqlite mods-config/sql/cui mods-config/sql/cui/mysql \
+			mods-config/sql/cui/postgresql mods-config/sql/cui/sqlite mods-config/sql/ippool \
+			mods-config/sql/ippool-dhcp mods-config/sql/ippool-dhcp/mysql \
+			mods-config/sql/ippool-dhcp/oracle mods-config/sql/ippool-dhcp/sqlite \
+			mods-config/sql/ippool/mysql mods-config/sql/ippool/oracle \
+			mods-config/sql/ippool/postgresql mods-config/sql/ippool/sqlite \
+			mods-config/sql/main mods-config/sql/main/mssql mods-config/sql/main/mysql \
+			mods-config/sql/main/mysql/extras mods-config/sql/main/mysql/extras/wimax \
+			mods-config/sql/main/ndb mods-config/sql/main/oracle \
+			mods-config/sql/main/postgresql mods-config/sql/main/postgresql/extras \
+			mods-config/sql/main/sqlite mods-config/unbound mods-enabled \
 			policy.d sites-available sites-enabled
 
 REPLACE_PERL+=		scripts/sql/radsqlrelay \
diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo
index 20f89963e0b..f9c076c0452 100644
--- a/net/freeradius/distinfo
+++ b/net/freeradius/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.40 2020/04/08 09:42:05 adam Exp $
+$NetBSD: distinfo,v 1.41 2020/04/16 15:49:30 jperkin Exp $
 
 SHA1 (freeradius-server-3.0.21.tar.bz2) = 3d90d63bf1452794cf9d0b04147745a254872c3f
 RMD160 (freeradius-server-3.0.21.tar.bz2) = 04a038b701f19d9c598e826a795a0cdaacd3768b
@@ -8,4 +8,5 @@ SHA1 (patch-ai) = e32ffd24b93e2cef2e72ef9a8ea59d49e1571dc0
 SHA1 (patch-configure.ac) = ffec1f851d23f560797c12eba5092f2940e4d662
 SHA1 (patch-main_command.c) = 1c79b29eb13df341906c710c8dd41860a27473dd
 SHA1 (patch-main_util.c) = e8814255c32c8469e81d62f2c7092e8d42744e85
+SHA1 (patch-raddb_radiusd.conf.in) = 353cbed35013777bf055a77cc610b50a637ae7b7
 SHA1 (patch-src_lib_udpfromto.c) = 2457f0a7223b1f3ef86d0af020290b26380e6319
diff --git a/net/freeradius/files/smf/manifest.xml b/net/freeradius/files/smf/manifest.xml
index 14d834d8b78..b5f020c86f7 100644
--- a/net/freeradius/files/smf/manifest.xml
+++ b/net/freeradius/files/smf/manifest.xml
@@ -19,10 +19,8 @@
     <dependency name='system-log' grouping='optional_all' restart_on='none' type='service'>
       <service_fmri value='svc:/system/system-log' />
     </dependency>
-    <method_context>
-      <method_credential user='@RADIUS_USER@' group='@RADIUS_GROUP@' />
-    </method_context>
-    <exec_method name='start' type='method' exec='@PREFIX@/sbin/radiusd' timeout_seconds='60' />
+    <method_context></method_context>
+    <exec_method name='start' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.radiusd@' timeout_seconds='60' />
     <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60' />
     <property_group name='startd' type='framework'>
       <propval name='ignore_error' type='astring' value='core,signal' />
diff --git a/net/freeradius/files/smf/radiusd.sh b/net/freeradius/files/smf/radiusd.sh
new file mode 100644
index 00000000000..39bde92d4d6
--- /dev/null
+++ b/net/freeradius/files/smf/radiusd.sh
@@ -0,0 +1,14 @@
+#!@SMF_METHOD_SHELL@
+#
+# $NetBSD: radiusd.sh,v 1.1 2020/04/16 15:49:30 jperkin Exp $
+#
+
+. /lib/svc/share/smf_include.sh
+
+if [ ! -d @VARBASE@/run/radiusd ]; then
+	@MKDIR@ @VARBASE@/run/radiusd
+	@CHMOD@ 0750 @VARBASE@/run/radiusd
+	@CHOWN@ @RADIUS_USER@:@RADIUS_GROUP@ @VARBASE@/run/radiusd
+fi
+
+@PREFIX@/sbin/radiusd "$@"
diff --git a/net/freeradius/patches/patch-raddb_radiusd.conf.in b/net/freeradius/patches/patch-raddb_radiusd.conf.in
new file mode 100644
index 00000000000..f7e9eb4b7e3
--- /dev/null
+++ b/net/freeradius/patches/patch-raddb_radiusd.conf.in
@@ -0,0 +1,17 @@
+$NetBSD: patch-raddb_radiusd.conf.in,v 1.1 2020/04/16 15:49:30 jperkin Exp $
+
+Update example radiusd.conf to include the correct user/group
+
+--- raddb/radiusd.conf.in.orig	2020-04-15 11:59:38.209113301 +0000
++++ raddb/radiusd.conf.in	2020-04-15 12:00:19.973538936 +0000
+@@ -501,8 +501,8 @@
+ 	#  member.  This can allow for some finer-grained access
+ 	#  controls.
+ 	#
+-#	user = radius
+-#	group = radius
++	user = @RADIUS_USER@
++	group = @RADIUS_GROUP@
+ 
+ 	#  Core dumps are a bad thing.  This should only be set to
+ 	#  'yes' if you're debugging a problem with the server.
author	jperkin <jperkin@pkgsrc.org>	2020-04-16 15:49:30 +0000
committer	jperkin <jperkin@pkgsrc.org>	2020-04-16 15:49:30 +0000
commit	dc19dc98dc6b681e26e61bf62ed57665db0d8a38 (patch)
tree	7ca7efed3c68a4c7cc6f57ece322613e18c95a30 /net/freeradius
parent	b6bca2f33d45961f0e9bbefac03e469a34133c7d (diff)
download	pkgsrc-dc19dc98dc6b681e26e61bf62ed57665db0d8a38.tar.gz