aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2014-03-11 14:52:08 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2014-03-11 14:52:28 +0000
commit6f4f306225501e795020085dc541522caf520b0c (patch)
tree079484b8a42646a68332de1e36925018685311f0
parentf8e89de0a10192799bed2c5de438dfce44fe1e8b (diff)
downloadaports-6f4f306225501e795020085dc541522caf520b0c.tar.bz2
aports-6f4f306225501e795020085dc541522caf520b0c.tar.xz
testing/freeradius3: new aport
-rw-r--r--testing/freeradius3/APKBUILD224
-rw-r--r--testing/freeradius3/disable-cert-generation.patch34
-rw-r--r--testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch48
-rw-r--r--testing/freeradius3/freeradius3-301-default-config.patch88
-rw-r--r--testing/freeradius3/freeradius3.confd5
-rw-r--r--testing/freeradius3/freeradius3.initd27
-rw-r--r--testing/freeradius3/freeradius3.pre-install6
7 files changed, 432 insertions, 0 deletions
diff --git a/testing/freeradius3/APKBUILD b/testing/freeradius3/APKBUILD
new file mode 100644
index 0000000000..1f2e602c6e
--- /dev/null
+++ b/testing/freeradius3/APKBUILD
@@ -0,0 +1,224 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+pkgname=freeradius3
+_realname=freeradius
+pkgver=3.0.1
+pkgrel=0
+pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
+url="http://freeradius.org/"
+arch="all"
+license="GPL"
+depends="freeradius3-lib"
+makedepends="openssl-dev mysql-dev postgresql-dev gdbm-dev readline-dev
+ bash libtool autoconf automake perl-dev python-dev openldap-dev
+ unixodbc-dev linux-pam-dev sqlite-dev talloc-dev libpcap-dev"
+pkggroups="radius"
+pkgusers="radius"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-dbg $pkgname-ldap $pkgname-lib
+ $pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl
+ $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite
+ $pkgname-unixodbc $pkgname-pam $pkgname-eap"
+source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
+ $pkgname.confd
+ $pkgname.initd
+ fix-potential-crash-with-SSHA-and-salts.patch
+ disable-cert-generation.patch
+ freeradius3-301-default-config.patch
+ "
+conflict="freeradius freeradius-lib freeradius-radclient"
+
+_builddir="$srcdir"/$_realname-server-$pkgver
+
+radconfdir="/etc/raddb"
+radmodsdir="$radconfdir/mods-available"
+radlibdir="/usr/lib/freeradius"
+radmodsconfdir="$radconfdir/mods-config"
+
+prepare() {
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch)
+ msg "Applying $i"
+ patch -p1 -i "$srcdir"/$i || return 1
+ ;;
+ esac
+ done
+ update_config_sub || return 1
+}
+
+build() {
+ cd "$_builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --datarootdir=/usr/share \
+ --libdir="$radlibdir" \
+ --with-logdir=/var/log/radius \
+ --with-radacctdir=/var/log/radius/radacct \
+ --with-system-libtool \
+ --with-system-libltdl \
+ --with-shared-libs \
+ --with-udpfromto \
+ --with-rlm_sql_sqlite \
+ --with-rlm_sql_postgresql \
+ --with-rlm_sql_mysql \
+ --without-rlm_krb5 \
+ --without-rlm_eap_tnc \
+ --without-rlm_eap_ikev2 \
+ --without-rlm_sql_iodbc \
+ --without-rlm_sql_oracle \
+ --without-rlm_yubikey \
+ --without-rlm_ykclient \
+ || return 1
+
+ make LDFLAGS="$LDFLAGS -lssl" || return 1
+}
+
+package() {
+ cd "$_builddir"
+ install -d -m0750 -o root -g radius "${pkgdir}"${radconfdir} || exit 1
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/run/radius || exit 1
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius || exit 1
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius/radacct || exit 1
+
+ make R="$pkgdir" install
+ chown -R root:radius "$pkgdir"/etc/raddb/*
+ rm -f "$pkgdir"/usr/sbin/rc.radiusd
+ install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/radiusd || exit 1
+ install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/radiusd || exit 1
+ #Install misses to create this
+ mkdir -p "${pkgdir}"${radmodsconfdir}/sql/ippool-dhcp/postgresql
+ find "$pkgdir" -iname *.la -delete
+}
+
+_mvdb() {
+ for dir in ippool-dhcp ippool counter main cui; do
+ mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/$dir
+ mv "${pkgdir}"${radmodsconfdir}/sql/$dir/$1 \
+ "${subpkgdir}"${radmodsconfdir}/sql/$dir || exit 1
+ done
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_sql_${1}.so "${subpkgdir}"${radlibdir} || exit 1
+}
+
+eap() {
+ depends="freeradius3"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_eap*.so "${subpkgdir}"${radlibdir} || exit 1
+ mkdir -p "${subpkgdir}"${radmodsdir}
+ mv "${pkgdir}"${radmodsdir}/eap "${subpkgdir}"${radmodsdir} || exit 1
+}
+
+ldap() {
+ depends="freeradius3"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_ldap* "${subpkgdir}"${radlibdir} || exit 1
+}
+
+lib() {
+ depends=""
+ mkdir -p "${subpkgdir}"${radlibdir} "${subpkgdir}"${radconfdir} \
+ "$subpkgdir"/usr/share || exit 1
+ mv "${pkgdir}"${radlibdir}/libfreeradius-*.so \
+ "${subpkgdir}"${radlibdir} || exit 1
+}
+
+sql() {
+ depends="freeradius3"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ for lib in sql sqlippool sql_null sqlcounter; do
+ mv "${pkgdir}"${radlibdir}/rlm_${lib}.so "${subpkgdir}"${radlibdir} || exit 1
+ done
+ mkdir -p "${subpkgdir}"${radconfdir}/sites-available
+ mv "${pkgdir}"${radconfdir}/sites-available/buffered-sql \
+ "${subpkgdir}"${radconfdir}/sites-available || exit 1
+ mkdir -p "${subpkgdir}"${radmodsdir}
+ mv "${pkgdir}"${radmodsdir}/*sql* "${subpkgdir}"${radmodsdir} || exit 1
+}
+
+mysql() {
+ depends="freeradius3-sql"
+ _mvdb mysql || exit 1
+}
+
+mssql() {
+ depends="freeradius3-sql"
+ arch="noarch"
+ mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/main
+ mv "${pkgdir}"${radmodsconfdir}/sql/main/mssql \
+ "${subpkgdir}"${radmodsconfdir}/sql/main || exit 1
+}
+
+perl() {
+ depends="freeradius3 perl"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_perl* "${subpkgdir}"${radlibdir} || exit 1
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/sbin/checkrad "$subpkgdir"/usr/bin/checkrad || exit 1
+ mkdir -p "${subpkgdir}"${radconfdir}/mods-available
+ mv "${pkgdir}"${radconfdir}/mods-available/perl "${subpkgdir}"${radconfdir}/mods-available/perl || exit 1
+}
+
+postgresql() {
+ depends="freeradius3-sql"
+ _mvdb postgresql || exit 1
+}
+
+python() {
+ depends="freeradius3 python"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_python* "${subpkgdir}"${radlibdir} || exit 1
+ for dir in $radmodsdir $radmodsconfdir; do
+ mkdir -p "${subpkgdir}"$dir
+ mv "${pkgdir}"$dir/python "${subpkgdir}"$dir || exit 1
+ done
+}
+
+radclient() {
+ depends=""
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/radclient "$subpkgdir"/usr/bin/radclient || exit 1
+}
+
+sqlite() {
+ depends="freeradius3-sql"
+ _mvdb sqlite || exit 1
+}
+
+unixodbc() {
+ depends="freeradius3"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_sql_unixodbc.so "${subpkgdir}"${radlibdir} || exit 1
+}
+
+pam() {
+ depends="freeradius3"
+ mkdir -p "${subpkgdir}"${radlibdir}
+ mv "${pkgdir}"${radlibdir}/rlm_pam* "${subpkgdir}"${radlibdir} || exit 1
+}
+
+md5sums="552f375530252c4567ee11c1b23bbbe9 freeradius-server-3.0.1.tar.gz
+fc6693f3df5a0694610110287a28568a freeradius3.confd
+3a50b7f233e74daf3f87da63b3e9579d freeradius3.initd
+4780cb9da2b16b0db51d95ce30e7c4a6 fix-potential-crash-with-SSHA-and-salts.patch
+8696554123f7ee87b44f1fa5dc699dd1 disable-cert-generation.patch
+53b74f75456427a27df9f3489706ae3e freeradius3-301-default-config.patch"
+sha256sums="caba74385d574fe5257f9479e59a882e7adfa02c756693451fd2e99e69a0af42 freeradius-server-3.0.1.tar.gz
+2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius3.confd
+e173cce3b8a4c2ed4d1fdd58fff8ec21e9166f011ec052f5f4c01712493e72b3 freeradius3.initd
+fc317518af37a09ac5ac7bba27b50e599bd90b2c772f75f57c00de56dbbd0f70 fix-potential-crash-with-SSHA-and-salts.patch
+8d9b48a56b8638412249c05749725dbd230568d3b7c3eecc97bb46f1815f5b3d disable-cert-generation.patch
+472279b7831ea85a9d0a2237af8ee0c3235d01c53c08c6152633e6699f6c7990 freeradius3-301-default-config.patch"
+sha512sums="09bdce706ad839f9eba2407ad4d9770777655f33b0d40b07d80ca727b52ae49f1b6b15a5e66d088a1a5288fad46e94830552e7d6dc6e5e0833a743e862297c22 freeradius-server-3.0.1.tar.gz
+e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius3.confd
+b29bf9090a2be7af77a3e104346a23024baf78a343e7f2fd6f6ddb02c223ac66d9b77c80d02b2cb26cbef2e64cb59c46462bb54b063b862e5a3a61c72653a63d freeradius3.initd
+429e50d18b5657e07ac4fcdd9d00c3936f04b7e60d9785aae4cdb8c3cecc81fc7e3fc3fc3152fea1c475cead7ecf42e81d63d69677ee912833a8c4069e3fe793 fix-potential-crash-with-SSHA-and-salts.patch
+d46c94ec7245dbcdcb6fe321956b305eedf5481f2d533556c6fe127318dadc1dbe25be2bf694adef2160ea02e8fa138371300eae264e854bc658d73f1c135867 disable-cert-generation.patch
+459e47b74c4340edecd544bdb5e0b0720975c2aa7697d2237044812b7d42adb2818d1846b20af77f330972f77ae10f584c8767409202f3e39b2654ee31fd96ab freeradius3-301-default-config.patch"
diff --git a/testing/freeradius3/disable-cert-generation.patch b/testing/freeradius3/disable-cert-generation.patch
new file mode 100644
index 0000000000..771787dc30
--- /dev/null
+++ b/testing/freeradius3/disable-cert-generation.patch
@@ -0,0 +1,34 @@
+--- a/Makefile
++++ b/Makefile
+@@ -28,7 +28,6 @@
+ # Run "radiusd -C", looking for errors.
+ #
+ $(BUILD_DIR)/tests/radiusd-c: ${BUILD_DIR}/bin/radiusd | build.raddb
+- @$(MAKE) -C raddb/certs
+ @if ! ./build/make/jlibtool --mode=execute ./build/bin/radiusd -XCMd ./raddb -n debug -D ./share > $(BUILD_DIR)/tests/radiusd.config.log 2>&1; then \
+ cat $(BUILD_DIR)/tests/radiusd.config.log; \
+ echo "FAIL: radiusd -C"; \
+@@ -205,13 +204,6 @@
+ .PHONY: TAGS
+ TAGS:
+ etags `find src -type f -name '*.[ch]' -print` > $@
+-
+-#
+-# Make test certificates.
+-#
+-.PHONY: certs
+-certs:
+- @cd raddb/certs && $(MAKE)
+
+ ######################################################################
+ #
+--- a/raddb/all.mk
++++ b/raddb/all.mk
+@@ -114,7 +114,6 @@
+
+ $(LOCAL_CERT_PRODUCTS):
+ @echo BOOTSTRAP raddb/certs/
+- @$(MAKE) -C $(R)$(raddbdir)/certs/
+
+ # Bootstrap is special
+ $(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
diff --git a/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch
new file mode 100644
index 0000000000..29c1a27f2a
--- /dev/null
+++ b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch
@@ -0,0 +1,48 @@
+From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Thu, 13 Feb 2014 13:49:54 +0000
+Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes
+
+---
+ src/modules/rlm_pap/rlm_pap.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
+index 689acf0..1bf6d4e 100644
+--- a/src/modules/rlm_pap/rlm_pap.c
++++ b/src/modules/rlm_pap/rlm_pap.c
+@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ {
+
+- uint8_t buffer[64];
++ uint8_t buffer[256];
+
+ if (min_length >= sizeof(buffer)) return; /* paranoia */
+
+@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ */
+ if (vp->length >= (2 * min_length)) {
+ size_t decoded;
+- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);
++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
+ if (decoded == (vp->length >> 1)) {
+- RDEBUG2("Normalizing %s from hex encoding", vp->da->name);
++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
++ vp->da->name, vp->length, decoded);
+ pairmemcpy(vp, buffer, decoded);
+ return;
+ }
+@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ sizeof(buffer));
+ if (decoded < 0) return;
+ if (decoded >= (ssize_t) min_length) {
+- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name);
++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",
++ vp->da->name, vp->length, decoded);
+ pairmemcpy(vp, buffer, decoded);
+ return;
+ }
+--
+1.8.5.5
+
diff --git a/testing/freeradius3/freeradius3-301-default-config.patch b/testing/freeradius3/freeradius3-301-default-config.patch
new file mode 100644
index 0000000000..6308879327
--- /dev/null
+++ b/testing/freeradius3/freeradius3-301-default-config.patch
@@ -0,0 +1,88 @@
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -376,8 +376,8 @@
+ # member. This can allow for some finer-grained access
+ # controls.
+ #
+-# user = radius
+-# group = radius
++ user = radius
++ group = radius
+
+ # Core dumps are a bad thing. This should only be set to
+ # 'yes' if you're debugging a problem with the server.
+--- a/raddb/sites-available/default
++++ b/raddb/sites-available/default
+@@ -314,9 +314,9 @@
+ # for the many packets that go back and forth to set up TTLS
+ # or PEAP. The load on those servers will therefore be reduced.
+ #
+- eap {
+- ok = return
+- }
++# eap {
++# ok = return
++# }
+
+ #
+ # Pull crypt'd passwords from /etc/passwd or /etc/shadow,
+@@ -457,7 +457,7 @@
+
+ #
+ # Allow EAP authentication.
+- eap
++# eap
+
+ #
+ # The older configurations sent a number of attributes in
+@@ -748,7 +748,7 @@
+ # Insert EAP-Failure message if the request was
+ # rejected by policy instead of because of an
+ # authentication failure
+- eap
++# eap
+
+ # Remove reply message if the response contains an EAP-Message
+ remove_reply_message_if_eap
+@@ -817,7 +817,7 @@
+ # hidden inside of the EAP packet, and the end server will
+ # reject the EAP request.
+ #
+- eap
++# eap
+
+ #
+ # If the server tries to proxy a request and fails, then the
+--- a/raddb/sites-available/inner-tunnel
++++ b/raddb/sites-available/inner-tunnel
+@@ -116,9 +116,9 @@
+ # for the many packets that go back and forth to set up TTLS
+ # or PEAP. The load on those servers will therefore be reduced.
+ #
+- eap {
+- ok = return
+- }
++# eap {
++# ok = return
++# }
+
+ #
+ # Read the 'users' file
+@@ -227,7 +227,7 @@
+
+ #
+ # Allow EAP authentication.
+- eap
++# eap
+ }
+
+ ######################################################################
+@@ -380,7 +380,7 @@
+ # hidden inside of the EAP packet, and the end server will
+ # reject the EAP request.
+ #
+- eap
++# eap
+
+ #
+ # If the server tries to proxy a request and fails, then the
diff --git a/testing/freeradius3/freeradius3.confd b/testing/freeradius3/freeradius3.confd
new file mode 100644
index 0000000000..9811289ba4
--- /dev/null
+++ b/testing/freeradius3/freeradius3.confd
@@ -0,0 +1,5 @@
+# Config file for /etc/init.d/radiusd
+
+# see man pages for radiusd run `radiusd -h`
+# for valid cmdline options
+#RADIUSD_OPTS=""
diff --git a/testing/freeradius3/freeradius3.initd b/testing/freeradius3/freeradius3.initd
new file mode 100644
index 0000000000..251f34ff0a
--- /dev/null
+++ b/testing/freeradius3/freeradius3.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+
+extra_started_commands="reload"
+run_dir="/var/run/radiusd"
+command="/usr/sbin/radiusd"
+command_args="$RADIUSD_OPTS"
+pidfile="$run_dir/radiusd.pid"
+name="Freeradius"
+conf="/etc/raddb/radiusd.conf"
+user="$(grep -v '#' $conf | grep 'user =' | awk -F " = " '{ print $2 }')"
+group="$(grep -v '#' $conf |grep 'group =' | awk -F " = " '{ print $2 }')"
+
+depend() {
+ need net
+ after firewall
+ use dns
+}
+
+start_pre() {
+ checkpath --directory --owner ${user}:${group} --mode 0775 ${run_dir}
+}
+
+reload () {
+ ebegin "Reloading $name"
+ kill -HUP `cat $pidfile`
+ eend $?
+}
diff --git a/testing/freeradius3/freeradius3.pre-install b/testing/freeradius3/freeradius3.pre-install
new file mode 100644
index 0000000000..30ff04814e
--- /dev/null
+++ b/testing/freeradius3/freeradius3.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup radius 2>/dev/null
+adduser -S -G radius -h /var/log/radius -s /sbin/nologin -D radius 2>/dev/null
+exit 0
+