From e9103962d4b572ad0edcd32510cf4412111af56c Mon Sep 17 00:00:00 2001 From: adrianp Date: Sun, 5 Feb 2006 15:34:08 +0000 Subject: Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam. --- net/freeradius/Makefile | 18 ++++++------ net/freeradius/PLIST | 62 +++++++++++++++++++++++++++++++++-------- net/freeradius/distinfo | 11 ++++---- net/freeradius/options.mk | 3 +- net/freeradius/patches/patch-aa | 13 +++++++++ net/freeradius/patches/patch-ab | 9 ++++++ net/freeradius/patches/patch-ak | 35 ----------------------- 7 files changed, 89 insertions(+), 62 deletions(-) create mode 100644 net/freeradius/patches/patch-aa create mode 100644 net/freeradius/patches/patch-ab delete mode 100644 net/freeradius/patches/patch-ak diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile index ae2b3c20462..b13df41babe 100644 --- a/net/freeradius/Makefile +++ b/net/freeradius/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.41 2006/01/08 18:35:11 xtraeme Exp $ +# $NetBSD: Makefile,v 1.42 2006/02/05 15:34:08 adrianp Exp $ -DISTNAME= freeradius-1.0.5 -PKGREVISION= 3 +DISTNAME= freeradius-1.1.0 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ ftp://ftp.Awfulhak.org/pub/radius/ @@ -45,14 +44,13 @@ CONFIGURE_ARGS+= --without-rlm_sql_unixodbc SUBST_CLASSES+= make SUBST_STAGE.make= post-patch -SUBST_FILES.make= src/modules/rlm_ldap/Makefile.in \ - src/modules/rlm_mschap/Makefile \ +SUBST_FILES.make= src/modules/rlm_mschap/Makefile \ src/modules/rlm_sql/drivers/rlm_sql_postgresql/Makefile.in SUBST_SED.make= -e "s|RLM_LDFLAGS =|RLM_LDFLAGS = \ -L../../../src/lib/.libs/ -lradius|g" \ -e "s|RLM_SQL_LIBS =|RLM_SQL_LIBS = \ -L${PREFIX}/lib|g" -SUBST_MESSAGE.make= "Fixing Makefiles." +SUBST_MESSAGE.make= Fixing Makefiles. .include "options.mk" @@ -73,9 +71,9 @@ EGFILES= acct_users attrs certs/demoCA/index.txt.old \ certs/root.pem clients clients.conf dictionary.in eap.conf \ experimental.conf hints huntgroups ldap.attrmap mssql.conf \ naslist naspasswd oraclesql.conf pgsql-voip.conf \ - postgresql.conf preproxy_users proxy.conf radiusd.conf.in \ - realms snmp.conf sql.conf users x99.conf x99passwd.sample \ - radiusd.conf dictionary + postgresql.conf preproxy_users proxy.conf \ + realms snmp.conf sql.conf users radiusd.conf dictionary \ + otp.conf otppasswd.sample .for f in ${EGFILES} CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} @@ -83,6 +81,7 @@ CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} .include "../../security/openssl/buildlink3.mk" .include "../../devel/libltdl/buildlink3.mk" +.include "../../net/net-snmp/buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" .if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "none" @@ -117,6 +116,7 @@ post-install: .for f in ${EGFILES} ${INSTALL_DATA} ${WRKSRC}/raddb/${f} ${EGDIR}/${f} .endfor + ${INSTALL_SCRIPT} ${WRKSRC}/src/modules/rlm_perl/example.pl ${EGDIR} @${MKDIR} ${PKG_SYSCONFDIR}/certs @${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA cd ${WRKSRC} && ${FIND} . -name .libs | ${XARGS} ${RM} -rf diff --git a/net/freeradius/PLIST b/net/freeradius/PLIST index 57eb56bb3dd..e41639298f5 100644 --- a/net/freeradius/PLIST +++ b/net/freeradius/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.12 2005/09/11 12:57:34 adrianp Exp $ +@comment $NetBSD: PLIST,v 1.13 2006/02/05 15:34:08 adrianp Exp $ bin/radclient bin/radeapclient bin/radlast @@ -132,6 +132,11 @@ lib/rlm_ns_mta_md5-${PKGVERSION}.so lib/rlm_ns_mta_md5.a lib/rlm_ns_mta_md5.la lib/rlm_ns_mta_md5.so +lib/rlm_otp-${PKGVERSION}.la +lib/rlm_otp-${PKGVERSION}.so +lib/rlm_otp.a +lib/rlm_otp.la +lib/rlm_otp.so lib/rlm_pap-${PKGVERSION}.la lib/rlm_pap-${PKGVERSION}.so lib/rlm_pap.a @@ -162,16 +167,21 @@ lib/rlm_sql-${PKGVERSION}.so lib/rlm_sql.a lib/rlm_sql.la lib/rlm_sql.so +lib/rlm_sql_log-${PKGVERSION}.la +lib/rlm_sql_log-${PKGVERSION}.so +lib/rlm_sql_log.a +lib/rlm_sql_log.la +lib/rlm_sql_log.so +lib/rlm_sqlcounter-${PKGVERSION}.la +lib/rlm_sqlcounter-${PKGVERSION}.so +lib/rlm_sqlcounter.a +lib/rlm_sqlcounter.la +lib/rlm_sqlcounter.so lib/rlm_unix-${PKGVERSION}.la lib/rlm_unix-${PKGVERSION}.so lib/rlm_unix.a lib/rlm_unix.la lib/rlm_unix.so -lib/rlm_x99_token-${PKGVERSION}.la -lib/rlm_x99_token-${PKGVERSION}.so -lib/rlm_x99_token.a -lib/rlm_x99_token.la -lib/rlm_x99_token.so man/man1/radclient.1 man/man1/radeapclient.1 man/man1/radlast.1 @@ -233,6 +243,7 @@ share/doc/${PKGNAME}/cisco share/doc/${PKGNAME}/coding-methods.txt share/doc/${PKGNAME}/configurable_failover share/doc/${PKGNAME}/duplicate-users +share/doc/${PKGNAME}/load-balance.txt share/doc/${PKGNAME}/module_interface share/doc/${PKGNAME}/performance-testing share/doc/${PKGNAME}/processing_users_file @@ -282,13 +293,13 @@ share/doc/${PKGNAME}/rlm_eap share/doc/${PKGNAME}/rlm_fastusers share/doc/${PKGNAME}/rlm_krb5 share/doc/${PKGNAME}/rlm_ldap +share/doc/${PKGNAME}/rlm_otp share/doc/${PKGNAME}/rlm_pam share/doc/${PKGNAME}/rlm_passwd share/doc/${PKGNAME}/rlm_python share/doc/${PKGNAME}/rlm_sim_triplets share/doc/${PKGNAME}/rlm_sql share/doc/${PKGNAME}/rlm_sqlcounter -share/doc/${PKGNAME}/rlm_x99_token share/doc/${PKGNAME}/supervise-radiusd.txt share/doc/${PKGNAME}/tuning_guide share/doc/${PKGNAME}/variables.txt @@ -318,6 +329,7 @@ share/examples/freeradius/clients.conf share/examples/freeradius/dictionary share/examples/freeradius/dictionary.in share/examples/freeradius/eap.conf +share/examples/freeradius/example.pl share/examples/freeradius/experimental.conf share/examples/freeradius/hints share/examples/freeradius/huntgroups @@ -326,32 +338,35 @@ share/examples/freeradius/mssql.conf share/examples/freeradius/naslist share/examples/freeradius/naspasswd share/examples/freeradius/oraclesql.conf +share/examples/freeradius/otp.conf +share/examples/freeradius/otppasswd.sample share/examples/freeradius/pgsql-voip.conf share/examples/freeradius/postgresql.conf share/examples/freeradius/preproxy_users share/examples/freeradius/proxy.conf share/examples/freeradius/radiusd.conf -share/examples/freeradius/radiusd.conf.in share/examples/freeradius/realms share/examples/freeradius/snmp.conf share/examples/freeradius/sql.conf share/examples/freeradius/users -share/examples/freeradius/x99.conf -share/examples/freeradius/x99passwd.sample share/examples/rc.d/radiusd share/freeradius/dictionary share/freeradius/dictionary.3com share/freeradius/dictionary.3gpp share/freeradius/dictionary.3gpp2 share/freeradius/dictionary.acc +share/freeradius/dictionary.airespace share/freeradius/dictionary.alcatel share/freeradius/dictionary.alteon share/freeradius/dictionary.altiga share/freeradius/dictionary.aptis +share/freeradius/dictionary.aruba share/freeradius/dictionary.ascend +share/freeradius/dictionary.avaya share/freeradius/dictionary.bay share/freeradius/dictionary.bintec share/freeradius/dictionary.bristol +share/freeradius/dictionary.cablelabs share/freeradius/dictionary.cabletron share/freeradius/dictionary.cisco share/freeradius/dictionary.cisco.bbsm @@ -360,42 +375,67 @@ share/freeradius/dictionary.cisco.vpn5000 share/freeradius/dictionary.colubris share/freeradius/dictionary.columbia_university share/freeradius/dictionary.compat +share/freeradius/dictionary.cosine +share/freeradius/dictionary.digest +share/freeradius/dictionary.epygi +share/freeradius/dictionary.ericsson share/freeradius/dictionary.erx share/freeradius/dictionary.extreme +share/freeradius/dictionary.fortinet share/freeradius/dictionary.foundry share/freeradius/dictionary.freeradius +share/freeradius/dictionary.freeradius.internal share/freeradius/dictionary.gandalf share/freeradius/dictionary.garderos share/freeradius/dictionary.gemtek +share/freeradius/dictionary.ipunplugged +share/freeradius/dictionary.issanni share/freeradius/dictionary.itk share/freeradius/dictionary.juniper share/freeradius/dictionary.karlnet share/freeradius/dictionary.livingston share/freeradius/dictionary.localweb +share/freeradius/dictionary.lucent share/freeradius/dictionary.merit share/freeradius/dictionary.microsoft share/freeradius/dictionary.mikrotik +share/freeradius/dictionary.motorola share/freeradius/dictionary.navini share/freeradius/dictionary.netscreen share/freeradius/dictionary.nokia share/freeradius/dictionary.nomadix +share/freeradius/dictionary.ntua +share/freeradius/dictionary.packeteer share/freeradius/dictionary.propel share/freeradius/dictionary.quintum share/freeradius/dictionary.redback share/freeradius/dictionary.redcreek +share/freeradius/dictionary.rfc2865 +share/freeradius/dictionary.rfc2866 +share/freeradius/dictionary.rfc2867 +share/freeradius/dictionary.rfc2868 +share/freeradius/dictionary.rfc2869 +share/freeradius/dictionary.rfc3162 +share/freeradius/dictionary.rfc3576 +share/freeradius/dictionary.rfc3580 +share/freeradius/dictionary.roaringpenguin share/freeradius/dictionary.shasta share/freeradius/dictionary.shiva share/freeradius/dictionary.sonicwall share/freeradius/dictionary.springtide +share/freeradius/dictionary.starent +share/freeradius/dictionary.t_systems_nova share/freeradius/dictionary.telebit share/freeradius/dictionary.trapeze -share/freeradius/dictionary.tunnel share/freeradius/dictionary.unix share/freeradius/dictionary.usr share/freeradius/dictionary.valemount share/freeradius/dictionary.versanet +share/freeradius/dictionary.waverider share/freeradius/dictionary.wispr share/freeradius/dictionary.xedia +share/freeradius/dictionary.xylan +share/freeradius/dictionary.zyxel @dirrm share/freeradius @dirrm share/examples/freeradius/certs/demoCA @dirrm share/examples/freeradius/certs diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo index d9cf9c7c755..af3c85c1eb0 100644 --- a/net/freeradius/distinfo +++ b/net/freeradius/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.17 2005/09/20 18:46:32 adrianp Exp $ +$NetBSD: distinfo,v 1.18 2006/02/05 15:34:08 adrianp Exp $ -SHA1 (freeradius-1.0.5.tar.gz) = 6d69629c9686a31bf6548972f3daf6f89451da37 -RMD160 (freeradius-1.0.5.tar.gz) = 8e8cd3937216c3c18dcfc3a217a43a00e3f81258 -Size (freeradius-1.0.5.tar.gz) = 2294225 bytes +SHA1 (freeradius-1.1.0.tar.gz) = 060454b4350f08145dfe987483c571fe7aad0dd6 +RMD160 (freeradius-1.1.0.tar.gz) = 7b8972640fa71291a949e3abee07d10d8c4608d8 +Size (freeradius-1.1.0.tar.gz) = 2351660 bytes +SHA1 (patch-aa) = 5a5f791cb5d501a43948ddd94f8589f7cf000cb0 +SHA1 (patch-ab) = bf14479ad89bfa1e967aea923529da0a8a97f3cd SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773 SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36 SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e -SHA1 (patch-ak) = 55e4405c714cc78fd4ecab963b6750440402a157 diff --git a/net/freeradius/options.mk b/net/freeradius/options.mk index 11d81602e6c..54acd760549 100644 --- a/net/freeradius/options.mk +++ b/net/freeradius/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.6 2005/08/31 18:32:47 tv Exp $ +# $NetBSD: options.mk,v 1.7 2006/02/05 15:34:08 adrianp Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.freeradius @@ -70,7 +70,6 @@ CONFIGURE_ARGS+= --without-rlm_sql_mysql ### ### .if !empty(PKG_OPTIONS:Msnmp) -. include "../../net/net-snmp/buildlink3.mk" CONFIGURE_ARGS+= --with-snmp .else CONFIGURE_ARGS+= --without-snmp diff --git a/net/freeradius/patches/patch-aa b/net/freeradius/patches/patch-aa new file mode 100644 index 00000000000..691a9eae2bc --- /dev/null +++ b/net/freeradius/patches/patch-aa @@ -0,0 +1,13 @@ +$NetBSD: patch-aa,v 1.3 2006/02/05 15:34:09 adrianp Exp $ + +--- src/modules/rlm_otp/otp_state.c.orig 2006-01-10 14:33:16.000000000 +0000 ++++ src/modules/rlm_otp/otp_state.c +@@ -35,7 +35,7 @@ + #include + #include + #include +-#if defined(__linux__) || defined(__APPLE__) ++#if defined(__linux__) || defined(__APPLE__) || defined(__NetBSD__) + #include + #endif + diff --git a/net/freeradius/patches/patch-ab b/net/freeradius/patches/patch-ab new file mode 100644 index 00000000000..5bc9d5b6e1e --- /dev/null +++ b/net/freeradius/patches/patch-ab @@ -0,0 +1,9 @@ +$NetBSD: patch-ab,v 1.4 2006/02/05 15:34:09 adrianp Exp $ + +--- src/modules/rlm_perl/Makefile.in.orig 2003-03-18 19:08:40.000000000 +0000 ++++ src/modules/rlm_perl/Makefile.in +@@ -13,4 +13,3 @@ $(STATIC_OBJS): $(HEADERS) + $(DYNAMIC_OBJS): $(HEADERS) + + install-scripts: +- $(INSTALL) -m 755 example.pl $(R)$(raddbdir) diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak deleted file mode 100644 index 91b8c241265..00000000000 --- a/net/freeradius/patches/patch-ak +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-ak,v 1.5 2005/09/20 18:46:32 adrianp Exp $ - ---- src/modules/rlm_sql/rlm_sql.c.orig 2005/08/31 12:49:52 1.131.2.4 -+++ src/modules/rlm_sql/rlm_sql.c 2005/09/17 13:03:31 1.131.2.5 -@@ -910,8 +910,9 @@ static int rlm_sql_accounting(void *inst - if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE)) != NULL) { - acctstatustype = pair->lvalue; - } else { -- radius_xlat(logstr, sizeof(logstr), "rlm_sql: packet has no account status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, sql_escape_func); -- radlog(L_ERR, logstr); -+ radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL); -+ radlog(L_ERR, "rlm_sql (%s) in sql_accounting: %s", -+ inst->config->xlat_name, logstr); - return RLM_MODULE_INVALID; - } - -@@ -1077,12 +1078,12 @@ static int rlm_sql_accounting(void *inst - if ((pair = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME)) != NULL) - acctsessiontime = pair->lvalue; - -- if (acctsessiontime <= 0) { -- radius_xlat(logstr, sizeof(logstr), "rlm_sql: Stop packet with zero session length. (user '%{User-Name}', nas '%{NAS-IP-Address}')", request, sql_escape_func); -- radlog(L_ERR, logstr); -- sql_release_socket(inst, sqlsocket); -- ret = RLM_MODULE_NOOP; -- } -+ if (acctsessiontime <= 0) { -+ radius_xlat(logstr, sizeof(logstr), "stop packet with zero session length. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL); -+ radlog(L_ERR, "rlm_sql (%s) in sql_accounting: %s", inst->config->xlat_name, logstr); -+ sql_release_socket(inst, sqlsocket); -+ ret = RLM_MODULE_NOOP; -+ } - #endif - - radius_xlat(querystr, sizeof(querystr), inst->config->accounting_stop_query_alt, request, sql_escape_func); -- cgit v1.2.3