diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-11 14:52:08 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-11 14:52:28 +0000 |
commit | 6f4f306225501e795020085dc541522caf520b0c (patch) | |
tree | 079484b8a42646a68332de1e36925018685311f0 | |
parent | f8e89de0a10192799bed2c5de438dfce44fe1e8b (diff) | |
download | aports-6f4f306225501e795020085dc541522caf520b0c.tar.bz2 aports-6f4f306225501e795020085dc541522caf520b0c.tar.xz |
testing/freeradius3: new aport
-rw-r--r-- | testing/freeradius3/APKBUILD | 224 | ||||
-rw-r--r-- | testing/freeradius3/disable-cert-generation.patch | 34 | ||||
-rw-r--r-- | testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch | 48 | ||||
-rw-r--r-- | testing/freeradius3/freeradius3-301-default-config.patch | 88 | ||||
-rw-r--r-- | testing/freeradius3/freeradius3.confd | 5 | ||||
-rw-r--r-- | testing/freeradius3/freeradius3.initd | 27 | ||||
-rw-r--r-- | testing/freeradius3/freeradius3.pre-install | 6 |
7 files changed, 432 insertions, 0 deletions
diff --git a/testing/freeradius3/APKBUILD b/testing/freeradius3/APKBUILD new file mode 100644 index 0000000000..1f2e602c6e --- /dev/null +++ b/testing/freeradius3/APKBUILD @@ -0,0 +1,224 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> +pkgname=freeradius3 +_realname=freeradius +pkgver=3.0.1 +pkgrel=0 +pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" +url="http://freeradius.org/" +arch="all" +license="GPL" +depends="freeradius3-lib" +makedepends="openssl-dev mysql-dev postgresql-dev gdbm-dev readline-dev + bash libtool autoconf automake perl-dev python-dev openldap-dev + unixodbc-dev linux-pam-dev sqlite-dev talloc-dev libpcap-dev" +pkggroups="radius" +pkgusers="radius" +install="$pkgname.pre-install" +subpackages="$pkgname-doc $pkgname-dev $pkgname-dbg $pkgname-ldap $pkgname-lib + $pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl + $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite + $pkgname-unixodbc $pkgname-pam $pkgname-eap" +source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz + $pkgname.confd + $pkgname.initd + fix-potential-crash-with-SSHA-and-salts.patch + disable-cert-generation.patch + freeradius3-301-default-config.patch + " +conflict="freeradius freeradius-lib freeradius-radclient" + +_builddir="$srcdir"/$_realname-server-$pkgver + +radconfdir="/etc/raddb" +radmodsdir="$radconfdir/mods-available" +radlibdir="/usr/lib/freeradius" +radmodsconfdir="$radconfdir/mods-config" + +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) + msg "Applying $i" + patch -p1 -i "$srcdir"/$i || return 1 + ;; + esac + done + update_config_sub || return 1 +} + +build() { + cd "$_builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --datarootdir=/usr/share \ + --libdir="$radlibdir" \ + --with-logdir=/var/log/radius \ + --with-radacctdir=/var/log/radius/radacct \ + --with-system-libtool \ + --with-system-libltdl \ + --with-shared-libs \ + --with-udpfromto \ + --with-rlm_sql_sqlite \ + --with-rlm_sql_postgresql \ + --with-rlm_sql_mysql \ + --without-rlm_krb5 \ + --without-rlm_eap_tnc \ + --without-rlm_eap_ikev2 \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_oracle \ + --without-rlm_yubikey \ + --without-rlm_ykclient \ + || return 1 + + make LDFLAGS="$LDFLAGS -lssl" || return 1 +} + +package() { + cd "$_builddir" + install -d -m0750 -o root -g radius "${pkgdir}"${radconfdir} || exit 1 + install -d -m0750 -o radius -g radius "$pkgdir"/var/run/radius || exit 1 + install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius || exit 1 + install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius/radacct || exit 1 + + make R="$pkgdir" install + chown -R root:radius "$pkgdir"/etc/raddb/* + rm -f "$pkgdir"/usr/sbin/rc.radiusd + install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/radiusd || exit 1 + install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/radiusd || exit 1 + #Install misses to create this + mkdir -p "${pkgdir}"${radmodsconfdir}/sql/ippool-dhcp/postgresql + find "$pkgdir" -iname *.la -delete +} + +_mvdb() { + for dir in ippool-dhcp ippool counter main cui; do + mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/$dir + mv "${pkgdir}"${radmodsconfdir}/sql/$dir/$1 \ + "${subpkgdir}"${radmodsconfdir}/sql/$dir || exit 1 + done + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_sql_${1}.so "${subpkgdir}"${radlibdir} || exit 1 +} + +eap() { + depends="freeradius3" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_eap*.so "${subpkgdir}"${radlibdir} || exit 1 + mkdir -p "${subpkgdir}"${radmodsdir} + mv "${pkgdir}"${radmodsdir}/eap "${subpkgdir}"${radmodsdir} || exit 1 +} + +ldap() { + depends="freeradius3" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_ldap* "${subpkgdir}"${radlibdir} || exit 1 +} + +lib() { + depends="" + mkdir -p "${subpkgdir}"${radlibdir} "${subpkgdir}"${radconfdir} \ + "$subpkgdir"/usr/share || exit 1 + mv "${pkgdir}"${radlibdir}/libfreeradius-*.so \ + "${subpkgdir}"${radlibdir} || exit 1 +} + +sql() { + depends="freeradius3" + mkdir -p "${subpkgdir}"${radlibdir} + for lib in sql sqlippool sql_null sqlcounter; do + mv "${pkgdir}"${radlibdir}/rlm_${lib}.so "${subpkgdir}"${radlibdir} || exit 1 + done + mkdir -p "${subpkgdir}"${radconfdir}/sites-available + mv "${pkgdir}"${radconfdir}/sites-available/buffered-sql \ + "${subpkgdir}"${radconfdir}/sites-available || exit 1 + mkdir -p "${subpkgdir}"${radmodsdir} + mv "${pkgdir}"${radmodsdir}/*sql* "${subpkgdir}"${radmodsdir} || exit 1 +} + +mysql() { + depends="freeradius3-sql" + _mvdb mysql || exit 1 +} + +mssql() { + depends="freeradius3-sql" + arch="noarch" + mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/main + mv "${pkgdir}"${radmodsconfdir}/sql/main/mssql \ + "${subpkgdir}"${radmodsconfdir}/sql/main || exit 1 +} + +perl() { + depends="freeradius3 perl" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_perl* "${subpkgdir}"${radlibdir} || exit 1 + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/sbin/checkrad "$subpkgdir"/usr/bin/checkrad || exit 1 + mkdir -p "${subpkgdir}"${radconfdir}/mods-available + mv "${pkgdir}"${radconfdir}/mods-available/perl "${subpkgdir}"${radconfdir}/mods-available/perl || exit 1 +} + +postgresql() { + depends="freeradius3-sql" + _mvdb postgresql || exit 1 +} + +python() { + depends="freeradius3 python" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_python* "${subpkgdir}"${radlibdir} || exit 1 + for dir in $radmodsdir $radmodsconfdir; do + mkdir -p "${subpkgdir}"$dir + mv "${pkgdir}"$dir/python "${subpkgdir}"$dir || exit 1 + done +} + +radclient() { + depends="" + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/radclient "$subpkgdir"/usr/bin/radclient || exit 1 +} + +sqlite() { + depends="freeradius3-sql" + _mvdb sqlite || exit 1 +} + +unixodbc() { + depends="freeradius3" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_sql_unixodbc.so "${subpkgdir}"${radlibdir} || exit 1 +} + +pam() { + depends="freeradius3" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_pam* "${subpkgdir}"${radlibdir} || exit 1 +} + +md5sums="552f375530252c4567ee11c1b23bbbe9 freeradius-server-3.0.1.tar.gz +fc6693f3df5a0694610110287a28568a freeradius3.confd +3a50b7f233e74daf3f87da63b3e9579d freeradius3.initd +4780cb9da2b16b0db51d95ce30e7c4a6 fix-potential-crash-with-SSHA-and-salts.patch +8696554123f7ee87b44f1fa5dc699dd1 disable-cert-generation.patch +53b74f75456427a27df9f3489706ae3e freeradius3-301-default-config.patch" +sha256sums="caba74385d574fe5257f9479e59a882e7adfa02c756693451fd2e99e69a0af42 freeradius-server-3.0.1.tar.gz +2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius3.confd +e173cce3b8a4c2ed4d1fdd58fff8ec21e9166f011ec052f5f4c01712493e72b3 freeradius3.initd +fc317518af37a09ac5ac7bba27b50e599bd90b2c772f75f57c00de56dbbd0f70 fix-potential-crash-with-SSHA-and-salts.patch +8d9b48a56b8638412249c05749725dbd230568d3b7c3eecc97bb46f1815f5b3d disable-cert-generation.patch +472279b7831ea85a9d0a2237af8ee0c3235d01c53c08c6152633e6699f6c7990 freeradius3-301-default-config.patch" +sha512sums="09bdce706ad839f9eba2407ad4d9770777655f33b0d40b07d80ca727b52ae49f1b6b15a5e66d088a1a5288fad46e94830552e7d6dc6e5e0833a743e862297c22 freeradius-server-3.0.1.tar.gz +e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius3.confd +b29bf9090a2be7af77a3e104346a23024baf78a343e7f2fd6f6ddb02c223ac66d9b77c80d02b2cb26cbef2e64cb59c46462bb54b063b862e5a3a61c72653a63d freeradius3.initd +429e50d18b5657e07ac4fcdd9d00c3936f04b7e60d9785aae4cdb8c3cecc81fc7e3fc3fc3152fea1c475cead7ecf42e81d63d69677ee912833a8c4069e3fe793 fix-potential-crash-with-SSHA-and-salts.patch +d46c94ec7245dbcdcb6fe321956b305eedf5481f2d533556c6fe127318dadc1dbe25be2bf694adef2160ea02e8fa138371300eae264e854bc658d73f1c135867 disable-cert-generation.patch +459e47b74c4340edecd544bdb5e0b0720975c2aa7697d2237044812b7d42adb2818d1846b20af77f330972f77ae10f584c8767409202f3e39b2654ee31fd96ab freeradius3-301-default-config.patch" diff --git a/testing/freeradius3/disable-cert-generation.patch b/testing/freeradius3/disable-cert-generation.patch new file mode 100644 index 0000000000..771787dc30 --- /dev/null +++ b/testing/freeradius3/disable-cert-generation.patch @@ -0,0 +1,34 @@ +--- a/Makefile ++++ b/Makefile +@@ -28,7 +28,6 @@ + # Run "radiusd -C", looking for errors. + # + $(BUILD_DIR)/tests/radiusd-c: ${BUILD_DIR}/bin/radiusd | build.raddb +- @$(MAKE) -C raddb/certs + @if ! ./build/make/jlibtool --mode=execute ./build/bin/radiusd -XCMd ./raddb -n debug -D ./share > $(BUILD_DIR)/tests/radiusd.config.log 2>&1; then \ + cat $(BUILD_DIR)/tests/radiusd.config.log; \ + echo "FAIL: radiusd -C"; \ +@@ -205,13 +204,6 @@ + .PHONY: TAGS + TAGS: + etags `find src -type f -name '*.[ch]' -print` > $@ +- +-# +-# Make test certificates. +-# +-.PHONY: certs +-certs: +- @cd raddb/certs && $(MAKE) + + ###################################################################### + # +--- a/raddb/all.mk ++++ b/raddb/all.mk +@@ -114,7 +114,6 @@ + + $(LOCAL_CERT_PRODUCTS): + @echo BOOTSTRAP raddb/certs/ +- @$(MAKE) -C $(R)$(raddbdir)/certs/ + + # Bootstrap is special + $(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS) diff --git a/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch new file mode 100644 index 0000000000..29c1a27f2a --- /dev/null +++ b/testing/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch @@ -0,0 +1,48 @@ +From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell <a.cudbardb@freeradius.org> +Date: Thu, 13 Feb 2014 13:49:54 +0000 +Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes + +--- + src/modules/rlm_pap/rlm_pap.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c +index 689acf0..1bf6d4e 100644 +--- a/src/modules/rlm_pap/rlm_pap.c ++++ b/src/modules/rlm_pap/rlm_pap.c +@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) + static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + { + +- uint8_t buffer[64]; ++ uint8_t buffer[256]; + + if (min_length >= sizeof(buffer)) return; /* paranoia */ + +@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + */ + if (vp->length >= (2 * min_length)) { + size_t decoded; +- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1); ++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer)); + if (decoded == (vp->length >> 1)) { +- RDEBUG2("Normalizing %s from hex encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + sizeof(buffer)); + if (decoded < 0) return; + if (decoded >= (ssize_t) min_length) { +- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +-- +1.8.5.5 + diff --git a/testing/freeradius3/freeradius3-301-default-config.patch b/testing/freeradius3/freeradius3-301-default-config.patch new file mode 100644 index 0000000000..6308879327 --- /dev/null +++ b/testing/freeradius3/freeradius3-301-default-config.patch @@ -0,0 +1,88 @@ +--- a/raddb/radiusd.conf.in ++++ b/raddb/radiusd.conf.in +@@ -376,8 +376,8 @@ + # member. This can allow for some finer-grained access + # controls. + # +-# user = radius +-# group = radius ++ user = radius ++ group = radius + + # Core dumps are a bad thing. This should only be set to + # 'yes' if you're debugging a problem with the server. +--- a/raddb/sites-available/default ++++ b/raddb/sites-available/default +@@ -314,9 +314,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Pull crypt'd passwords from /etc/passwd or /etc/shadow, +@@ -457,7 +457,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + + # + # The older configurations sent a number of attributes in +@@ -748,7 +748,7 @@ + # Insert EAP-Failure message if the request was + # rejected by policy instead of because of an + # authentication failure +- eap ++# eap + + # Remove reply message if the response contains an EAP-Message + remove_reply_message_if_eap +@@ -817,7 +817,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + + # + # If the server tries to proxy a request and fails, then the +--- a/raddb/sites-available/inner-tunnel ++++ b/raddb/sites-available/inner-tunnel +@@ -116,9 +116,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Read the 'users' file +@@ -227,7 +227,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + ###################################################################### +@@ -380,7 +380,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + + # + # If the server tries to proxy a request and fails, then the diff --git a/testing/freeradius3/freeradius3.confd b/testing/freeradius3/freeradius3.confd new file mode 100644 index 0000000000..9811289ba4 --- /dev/null +++ b/testing/freeradius3/freeradius3.confd @@ -0,0 +1,5 @@ +# Config file for /etc/init.d/radiusd + +# see man pages for radiusd run `radiusd -h` +# for valid cmdline options +#RADIUSD_OPTS="" diff --git a/testing/freeradius3/freeradius3.initd b/testing/freeradius3/freeradius3.initd new file mode 100644 index 0000000000..251f34ff0a --- /dev/null +++ b/testing/freeradius3/freeradius3.initd @@ -0,0 +1,27 @@ +#!/sbin/runscript + +extra_started_commands="reload" +run_dir="/var/run/radiusd" +command="/usr/sbin/radiusd" +command_args="$RADIUSD_OPTS" +pidfile="$run_dir/radiusd.pid" +name="Freeradius" +conf="/etc/raddb/radiusd.conf" +user="$(grep -v '#' $conf | grep 'user =' | awk -F " = " '{ print $2 }')" +group="$(grep -v '#' $conf |grep 'group =' | awk -F " = " '{ print $2 }')" + +depend() { + need net + after firewall + use dns +} + +start_pre() { + checkpath --directory --owner ${user}:${group} --mode 0775 ${run_dir} +} + +reload () { + ebegin "Reloading $name" + kill -HUP `cat $pidfile` + eend $? +} diff --git a/testing/freeradius3/freeradius3.pre-install b/testing/freeradius3/freeradius3.pre-install new file mode 100644 index 0000000000..30ff04814e --- /dev/null +++ b/testing/freeradius3/freeradius3.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup radius 2>/dev/null +adduser -S -G radius -h /var/log/radius -s /sbin/nologin -D radius 2>/dev/null +exit 0 + |