diff options
author | martti <martti@pkgsrc.org> | 2003-12-16 19:19:41 +0000 |
---|---|---|
committer | martti <martti@pkgsrc.org> | 2003-12-16 19:19:41 +0000 |
commit | d5842c4f4747b2756964cf8207fe7e2cbb02440a (patch) | |
tree | 0244cd49584a656cb73b05bc1683c5d11c841bd3 /net | |
parent | 67deeb7ce1a2ef350e32119910948d757491cee4 (diff) | |
download | pkgsrc-d5842c4f4747b2756964cf8207fe7e2cbb02440a.tar.gz |
radiusd-cistron (1.6.7) cistron; urgency=medium
* Fix checkrad.pl::cisco_snmp and usrhiper_snmp so that communities
other than "public" can be used too.
* Error out on superflous command line args (optind >= argc)
* Encrypt CHAP-Password in radclient so that CHAP can be tested too
* Add "wildcard" option to realms - if you set this option, you can
match on the entire username using shell wildcards in the realms file.
* If the nastype in /etc/raddb/naslist is set to 'none' for a nas,
logins on that nas will have no simultaneous use restrictions imposed
and those logins will not count towards the total amount of logins.
* Removed 'raduse' and manpage.
* Can disable radutmp with "-u none" (likewise radwtmp with "-W none",
though we already had "-w" for that).
* Call checkrad with an extra argument, the framed IP address.
* Fix bug where $INCLUDEing a file without any records would
cause the rest of the original file to be ignored
* Support for 64-bit wide integers (integer8 type). If compiled with
gcc, users file can contain both hex and decimal 64-bit values,
and 64-bit values are printed in decimal. With other compilers
(no "long long" support) only hex 64-bit values are supported.
* Change "_" to "-" in dictionary.redback and change the 64 bits
values to integer8.
* Moved the dictionary files to /usr/local/share/radius. Now
only /etc/raddb/dictionary remains that $INCLUDES all the others.
For new installs only; existing installations won't be changed
* Make integer in the format string of sprintf(buf, "%03d:%.20s", ..) in
make_wtmp() unsigned (%u), otherwise the sprintf could in some cases
(negative NAS-Port, very long NAS-name) overrun the buffer by one
byte, overwriting the least significant byte of the return address
on the stack with a \0. Not sure if this is exploitable or not,
but it could be a security problem.
* Make sure ut.login (struct radutmp member) is treated everywhere
as a NON-zero terminated string.
* Make sure unsigned integers are used in all places using lvalues
(32 bits radius values), especially nas_port.
* radrelay: update id of packet when retransmitting.
* Print an error and free the request struct if we receive an unknown
packet type.
* rad_check_multi: if username/NAS/port match, don't count as dup.
Diffstat (limited to 'net')
-rw-r--r-- | net/radiusd-cistron/Makefile | 45 | ||||
-rw-r--r-- | net/radiusd-cistron/PLIST | 5 | ||||
-rw-r--r-- | net/radiusd-cistron/distinfo | 12 | ||||
-rw-r--r-- | net/radiusd-cistron/patches/patch-aa | 13 | ||||
-rw-r--r-- | net/radiusd-cistron/patches/patch-ab | 32 | ||||
-rw-r--r-- | net/radiusd-cistron/patches/patch-af | 35 |
6 files changed, 60 insertions, 82 deletions
diff --git a/net/radiusd-cistron/Makefile b/net/radiusd-cistron/Makefile index 4e974fcd9a5..d8bca8a0a67 100644 --- a/net/radiusd-cistron/Makefile +++ b/net/radiusd-cistron/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.10 2003/07/17 22:51:45 grant Exp $ +# $NetBSD: Makefile,v 1.11 2003/12/16 19:19:41 martti Exp $ -DISTNAME= radiusd-cistron-1.6.6 -PKGREVISION= 1 +DISTNAME= radiusd-cistron-1.6.7 CATEGORIES= net MASTER_SITES= ftp://ftp.cistron.nl/pub/people/miquels/radius/ \ ftp://ftp.freeradius.org/pub/radius/ @@ -10,7 +9,7 @@ MAINTAINER= tech-pkg@NetBSD.org HOMEPAGE= http://www.radius.cistron.nl/ COMMENT= RADIUS-compliant remote authentication and accouting server -CONFLICTS+= freeradius* +CONFLICTS+= freeradius-[0-9]* USE_BUILDLINK2= YES USE_PKGINSTALL= YES @@ -38,28 +37,20 @@ CONF_FILES+= ${EGDIR}/${cfile} ${PKG_SYSCONFDIR}/${cfile:S/.sample//} post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/ChangeLog ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.CVX ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.Y2K ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.cisco ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.pam ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.proxy ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.radrelay ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.simul ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.tunnel ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_DATA} ${WRKSRC}/doc/README.usersfile ${PREFIX}/share/doc/radiusd-cistron - ${INSTALL_MAN} ${WRKSRC}/doc/radclient.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/radlast.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/radtest.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/raduse.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/radwho.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/radzap.1 ${PREFIX}/man/man1 - ${INSTALL_MAN} ${WRKSRC}/doc/clients.5rad ${PREFIX}/man/man5 - ${INSTALL_MAN} ${WRKSRC}/doc/naslist.5rad ${PREFIX}/man/man5 - ${INSTALL_MAN} ${WRKSRC}/doc/radiusd.8 ${PREFIX}/man/man8 - ${INSTALL_MAN} ${WRKSRC}/doc/radrelay.8 ${PREFIX}/man/man8 - ${INSTALL_MAN} ${WRKSRC}/doc/radwatch.8 ${PREFIX}/man/man8 + ${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${PREFIX}/share/doc/radiusd-cistron/ +.for i in ChangeLog README README.CVX README.Y2K README.cisco \ + README.pam README.proxy README.radrelay README.simul \ + README.tunnel README.usersfile + ${INSTALL_DATA} ${WRKSRC}/doc/${i} ${PREFIX}/share/doc/radiusd-cistron/ +.endfor +.for i in radclient.1 radlast.1 radtest.1 radwho.1 radzap.1 + ${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man1/ +.endfor +.for i in clients.5rad naslist.5rad + ${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man5/ +.endfor +.for i in radiusd.8 radrelay.8 radwatch.8 + ${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man8/ +.endfor .include "../../mk/bsd.pkg.mk" diff --git a/net/radiusd-cistron/PLIST b/net/radiusd-cistron/PLIST index ba580b336f9..53c9d8fa16d 100644 --- a/net/radiusd-cistron/PLIST +++ b/net/radiusd-cistron/PLIST @@ -1,15 +1,13 @@ -@comment $NetBSD: PLIST,v 1.6 2003/05/01 18:35:46 jmmv Exp $ +@comment $NetBSD: PLIST,v 1.7 2003/12/16 19:19:41 martti Exp $ bin/radclient bin/radlast bin/radtest -bin/raduse bin/radwho bin/radzap etc/rc.d/radiusd man/man1/radclient.1 man/man1/radlast.1 man/man1/radtest.1 -man/man1/raduse.1 man/man1/radwho.1 man/man1/radzap.1 man/man5/clients.5rad @@ -43,6 +41,7 @@ share/examples/raddb/dictionary.erx share/examples/raddb/dictionary.livingston share/examples/raddb/dictionary.redback share/examples/raddb/dictionary.shiva +share/examples/raddb/dictionary.standard share/examples/raddb/dictionary.tunnel share/examples/raddb/dictionary.usr share/examples/raddb/dictionary.versanet diff --git a/net/radiusd-cistron/distinfo b/net/radiusd-cistron/distinfo index 0ebd84a013c..803a2753c4e 100644 --- a/net/radiusd-cistron/distinfo +++ b/net/radiusd-cistron/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.4 2003/05/01 18:35:46 jmmv Exp $ +$NetBSD: distinfo,v 1.5 2003/12/16 19:19:41 martti Exp $ -SHA1 (radiusd-cistron-1.6.6.tar.gz) = e043e2236f34ac613e8ab05d6ca907fd2c94d2f8 -Size (radiusd-cistron-1.6.6.tar.gz) = 194154 bytes -SHA1 (patch-aa) = 10dc2936e08b8a42a111968cf0e900c843354414 -SHA1 (patch-ab) = cbc69c5466873a8095152b1a3fa278169a8b02b2 +SHA1 (radiusd-cistron-1.6.7.tar.gz) = 54c6e08a0c82a8d16928c1410bf50f6a50ef7d99 +Size (radiusd-cistron-1.6.7.tar.gz) = 198927 bytes +SHA1 (patch-aa) = 53f331bde823f23a869c779df92a6e400a204746 +SHA1 (patch-ab) = a877e273f3d12228d4d0d6064115c5f55c044ad3 SHA1 (patch-ac) = 95053cdb7cc8a1672d32a953147074ea948e535b -SHA1 (patch-af) = 4d9721cb866c98be64b8aca8675e1f192bca74d2 +SHA1 (patch-af) = 7d2973054817eb8eae320a8a1a026f658e1cc70f diff --git a/net/radiusd-cistron/patches/patch-aa b/net/radiusd-cistron/patches/patch-aa index d67d87ef9e6..caf4d62b3c6 100644 --- a/net/radiusd-cistron/patches/patch-aa +++ b/net/radiusd-cistron/patches/patch-aa @@ -1,7 +1,7 @@ -$NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $ +$NetBSD: patch-aa,v 1.4 2003/12/16 19:19:41 martti Exp $ ---- src/Makefile.BSD.orig Fri Nov 9 17:03:23 2001 -+++ src/Makefile.BSD Thu Dec 20 10:46:40 2001 +--- src/Makefile.BSD.orig Thu Apr 10 13:38:23 2003 ++++ src/Makefile.BSD Tue Dec 16 20:15:35 2003 @@ -3,9 +3,8 @@ # # @@ -14,7 +14,7 @@ $NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $ LIBS = LCRYPT = -lcrypt -@@ -16,11 +15,11 @@ +@@ -16,12 +15,12 @@ #PAM = -DPAM #PAMLIB = -lpam @@ -25,8 +25,11 @@ $NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $ -BINDIR = /usr/local/bin -SBINDIR = /usr/local/sbin +-MANDIR = /usr/local/man +-SHAREDIR = /usr/local/share/radius +BINDIR = $(PREFIX)/bin +SBINDIR = $(PREFIX)/sbin - MANDIR = /usr/local/man ++MANDIR = $(PREFIX)/man ++SHAREDIR = $(PREFIX)/share/examples/raddb .include "Make.inc" diff --git a/net/radiusd-cistron/patches/patch-ab b/net/radiusd-cistron/patches/patch-ab index 7e0ea7e4313..84b53cfcae7 100644 --- a/net/radiusd-cistron/patches/patch-ab +++ b/net/radiusd-cistron/patches/patch-ab @@ -1,7 +1,7 @@ -$NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $ +$NetBSD: patch-ab,v 1.4 2003/12/16 19:19:41 martti Exp $ ---- src/Make.inc.orig Thu Dec 20 10:52:00 2001 -+++ src/Make.inc Thu Dec 20 10:52:06 2001 +--- src/Make.inc.orig Thu Apr 10 13:51:47 2003 ++++ src/Make.inc Tue Dec 16 20:10:28 2003 @@ -4,7 +4,7 @@ # # @@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $ SERVER_OBJS = radiusd.o files.o acct.o pam.o version.o proxy.o \ exec.o auth.o timestr.o cache.o readusers.o -@@ -118,8 +118,6 @@ +@@ -115,8 +115,6 @@ install: # Install the binaries @@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $ $(DINSTALL) $(RADIUS_DIR) $(INSTALL) -m 755 -s radiusd $(SBINDIR)/radiusd $(INSTALL) -m 755 -s radrelay $(SBINDIR)/radrelay -@@ -131,35 +129,12 @@ +@@ -127,23 +125,11 @@ $(INSTALL) -m 755 checkrad.pl $(SBINDIR)/checkrad $(INSTALL) -m 755 radlast $(BINDIR) $(INSTALL) -m 755 radtest $(BINDIR) @@ -36,26 +36,12 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $ - @if [ -d /etc/pam.d/ ] && [ ! -f /etc/pam.d/radius ]; then \ - $(INSTALL) -m 644 ../redhat/radiusd-pam /etc/pam.d/radius;\ - fi - # Install the config files + @# Install the config files @echo; echo "Creating/updating files in $(RADIUS_DIR)"; \ cd ../raddb; \ for i in [a-c]* [e-z]*; do \ - [ ! -f $(RADIUS_DIR)/$$i ] && cp $$i $(RADIUS_DIR)/$$i; \ + $(INSTALL) -m 444 $$i $(RADIUS_DIR)/$$i.sample; \ - done; \ - for i in dictionary*; do \ -- [ ! -f $(RADIUS_DIR)/$$i ] && cp $$i $(RADIUS_DIR)/$$i; \ -- if [ "`find $$i -newer $(RADIUS_DIR)/$$i`" ]; then \ -- echo "** $(RADIUS_DIR)/$$i"; \ -- nt=1; \ -- fi; \ -- done; \ -- if [ "$$nt" ]; then \ -- echo "** The samples in ../raddb are newer than these files";\ -- echo "** Please investigate and copy manually if appropriate";\ -- echo ;\ -- fi -- -- -+ $(INSTALL) -m 444 $$i $(RADIUS_DIR)/$$i; \ -+ done + done; true + @# Install the dictionary files + @sh dict-install.sh ../raddb $(RADIUS_DIR) $(SHAREDIR) diff --git a/net/radiusd-cistron/patches/patch-af b/net/radiusd-cistron/patches/patch-af index 89d520bc028..5fc2463ba93 100644 --- a/net/radiusd-cistron/patches/patch-af +++ b/net/radiusd-cistron/patches/patch-af @@ -1,7 +1,7 @@ -$NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ +$NetBSD: patch-af,v 1.3 2003/12/16 19:19:41 martti Exp $ ---- src/radwho.c.orig Mon May 7 22:33:45 2001 -+++ src/radwho.c Thu Dec 20 09:38:25 2001 +--- src/radwho.c.orig Wed Jul 2 12:39:03 2003 ++++ src/radwho.c Tue Dec 16 20:20:12 2003 @@ -20,6 +20,7 @@ #include <errno.h> #include <sys/stat.h> @@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ #include <time.h> #include <ctype.h> #include <netinet/in.h> -@@ -40,18 +41,21 @@ +@@ -40,18 +41,20 @@ * Header above output and format. */ char *hdr1 = @@ -21,24 +21,23 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ char *ufmt1r = "%s,%s,%s,%s,%s,%s,%s%s"; -char *rfmt1 = "%-10.10s %-17.17s %-5.5s %s%-3d %-9.9s %-9.9s %-.19s%s"; +char *rfmt1 = "%-16.16s %-17.17s %-5.5s %s%-3d %-9.9s %-9.9s %-.*s%s"; - char *rfmt1r = "%s,%s,%s,%s%d,%s,%s,%s%s"; -+#define FMT1_HOST_SIZE 13 + char *rfmt1r = "%s,%s,%s,%s%u,%s,%s,%s%s"; ++#define FMT1_HOST_SIZE 13 char *hdr2 = -"Login Port What When From Location"; -char *ufmt2 = "%-10.10s %-6.6d %-7.7s %-13.13s %-10.10s %-.16s%s"; +"Login Port What When From Location"; +char *ufmt2 = "%-16.16s %-6.6d %-7.7s %-13.13s %-10.10s %-.*s%s"; - char *ufmt2r = "%s,%d,%s,%s,%s,%s%s"; + char *ufmt2r = "%s,%u,%s,%s,%s,%s%s"; -char *rfmt2 = "%-10.10s %s%-5d %-6.6s %-13.13s %-10.10s %-.28s%s"; +char *rfmt2 = "%-16.16s %s%-5d %-6.6s %-13.13s %-10.10s %-.*s%s"; - char *rfmt2r = "%s,%s%d,%s,%s,%s,%s%s"; -+#define FMT2_HOST_SIZE 19 -+ + char *rfmt2r = "%s,%s%u,%s,%s,%s,%s%s"; ++#define FMT2_HOST_SIZE 19 char *eol = "\n"; NAS *naslist; -@@ -307,7 +311,8 @@ +@@ -307,7 +310,8 @@ return tmp; } if (strncmp(tty, "cu", 2) == 0) { @@ -48,7 +47,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ } return "??"; } -@@ -371,6 +376,8 @@ +@@ -371,6 +375,8 @@ */ int main(int argc, char **argv) { @@ -57,7 +56,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ FILE *fp; struct radutmp rt; struct utmp ut; -@@ -388,6 +395,11 @@ +@@ -389,6 +395,11 @@ char *p, *q, *portind; int c, portno; @@ -69,7 +68,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ while((c = getopt(argc, argv, "Dd:flhnsipcru:")) != EOF) switch(c) { case 'D': use_dns = 0; -@@ -485,14 +497,17 @@ +@@ -486,14 +497,17 @@ while(fread(&ut, sizeof(ut), 1, fp) == 1) { #ifdef USER_PROCESS if (ut.ut_user[0] && ut.ut_line[0] && @@ -92,7 +91,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ "shell", ttyshort(ut.ut_line), #ifdef __svr4__ -@@ -501,10 +516,11 @@ +@@ -502,10 +516,11 @@ dotime(ut.ut_time), #endif ut.ut_host, @@ -105,7 +104,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ ttyshort(ut.ut_line), "shell", #ifdef __svr4__ -@@ -513,6 +529,7 @@ +@@ -514,6 +529,7 @@ dotime(ut.ut_time), #endif ut.ut_host, @@ -113,7 +112,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ myname, eol); } } -@@ -557,6 +574,7 @@ +@@ -560,6 +576,7 @@ portind, portno, dotime(rt.time), nasname(ntohl(rt.nas_address)), @@ -121,7 +120,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $ hostname(rt.framed_address), eol); else printf((rawoutput == 0? rfmt2: rfmt2r), -@@ -565,6 +583,7 @@ +@@ -568,6 +585,7 @@ proto(rt.proto, rt.porttype), dotime(rt.time), nasname(ntohl(rt.nas_address)), |