diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-05-14 09:54:19 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2015-05-14 09:54:19 +0000 |
| commit | 3a4970a7977f234a3cd37b7fe926735f09d546d1 (patch) | |
| tree | d7e7333fd49839edc972d10fdcb35e6cc7def409 /main/freeradius | |
| parent | b2944c548dfed2a611d26e4c45b5454efc413854 (diff) | |
| download | aports-3a4970a7977f234a3cd37b7fe926735f09d546d1.tar.bz2 aports-3a4970a7977f234a3cd37b7fe926735f09d546d1.tar.xz | |
main/freeradius: nuke freeradius2 and replace it with new stable branch freeradius 3.0.x
Diffstat (limited to 'main/freeradius')
| -rw-r--r-- | main/freeradius/0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch | 288 | ||||
| -rw-r--r-- | main/freeradius/0001-use-threadsafe-rad_getgrnam.patch | 39 | ||||
| -rw-r--r-- | main/freeradius/APKBUILD | 340 | ||||
| -rw-r--r-- | main/freeradius/disable-cert-generation.patch | 27 | ||||
| -rw-r--r-- | main/freeradius/fix-tls-test.patch | 51 | ||||
| -rw-r--r-- | main/freeradius/freeradius-305-default-config.patch | 88 | ||||
| -rw-r--r-- | main/freeradius/freeradius.initd | 67 | ||||
| -rw-r--r-- | main/freeradius/musl-fix-headers.patch | 10 |
8 files changed, 311 insertions, 599 deletions
diff --git a/main/freeradius/0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch b/main/freeradius/0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch deleted file mode 100644 index 8c6ba176c8..0000000000 --- a/main/freeradius/0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch +++ /dev/null @@ -1,288 +0,0 @@ -From aa269e0e41e4c4c3213149069d8083b27967a192 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Mon, 1 Sep 2014 16:38:59 +0200 -Subject: [PATCH] Use threadsafe wrapper for getpwnam/getgrnam - -Even if rlm_unix is marked as RLM_TYPE_THREAD_UNSAFE, it runs in a -separate thread than the main thread. Both main thread and rlm_unix -uses thread unsafe getpwnam/getgrnam which causes segfault when under -stress. - -We create a thread safe wrapper for those that uses TLS. - -ref #767 ---- - src/include/radiusd.h | 5 + - src/main/command.c | 6 +- - src/main/util.c | 144 ++++++++++++++++++++++ - src/modules/rlm_opendirectory/rlm_opendirectory.c | 6 +- - src/modules/rlm_unix/rlm_unix.c | 6 +- - 5 files changed, 158 insertions(+), 9 deletions(-) - -diff --git a/src/include/radiusd.h b/src/include/radiusd.h -index 2bf5173..6936305 100644 ---- a/src/include/radiusd.h -+++ b/src/include/radiusd.h -@@ -39,6 +39,9 @@ typedef struct auth_req REQUEST; - #include <pthread.h> - #endif - -+#include <pwd.h> -+#include <grp.h> -+ - #ifndef NDEBUG - #define REQUEST_MAGIC (0xdeadbeef) - #endif -@@ -506,6 +509,8 @@ int rad_copy_variable(char *dst, const char *from); - int rad_expand_xlat(REQUEST *request, const char *cmd, - int max_argc, const char *argv[], int can_fail, - size_t argv_buflen, char *argv_buf); -+struct passwd *rad_getpwnam(const char *name); -+struct group *rad_getgrnam(const char *name); - - /* client.c */ - RADCLIENT_LIST *clients_init(void); -diff --git a/src/main/command.c b/src/main/command.c -index bce7e9a..4debd2b 100644 ---- a/src/main/command.c -+++ b/src/main/command.c -@@ -1975,8 +1975,8 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this) - #if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED) - if (sock->uid_name) { - struct passwd *pw; -- -- pw = getpwnam(sock->uid_name); -+ -+ pw = rad_getpwnam(sock->uid_name); - if (!pw) { - radlog(L_ERR, "Failed getting uid for %s: %s", - sock->uid_name, strerror(errno)); -@@ -1991,7 +1991,7 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this) - if (sock->gid_name) { - struct group *gr; - -- gr = getgrnam(sock->gid_name); -+ gr = rad_getgrnam(sock->gid_name); - if (!gr) { - radlog(L_ERR, "Failed getting gid for %s: %s", - sock->gid_name, strerror(errno)); -diff --git a/src/main/util.c b/src/main/util.c -index aebaff0..9ec96bb 100644 ---- a/src/main/util.c -+++ b/src/main/util.c -@@ -31,6 +31,21 @@ RCSID("$Id$") - - #include <sys/stat.h> - #include <fcntl.h> -+#include <unistd.h> -+#include <pwd.h> -+#include <grp.h> -+ -+struct pwgrnam_buffer { -+ struct passwd pwd; -+ char *pwbuffer; -+ int pwsize; -+ -+ struct group grp; -+ char *grbuffer; -+ int grsize; -+}; -+ -+fr_thread_local_setup(struct pwgrnam_buffer *, fr_pwgrnam_buffer); /* macro */ - - /* - * The signal() function in Solaris 2.5.1 sets SA_NODEFER in -@@ -778,3 +793,132 @@ int rad_expand_xlat(REQUEST *request, const char *cmd, - return argc; - } - -+/* -+ * Explicitly cleanup the memory allocated to the pwgrnam -+ * buffer. -+ */ -+static void _fr_pwgrnam_free(void *arg) -+{ -+ struct pwgrnam_buffer *p = (struct pwgrnam_buffer *)arg; -+ free(p->pwbuffer); -+ free(p->grbuffer); -+ free(p); -+} -+ -+/* -+ * Allocate buffers for our getpwnam/getgrnam wrappers. -+ */ -+static struct pwgrnam_buffer *init_pwgrnam_buffer(void) { -+ struct pwgrnam_buffer *p; -+ int ret; -+ -+ p = fr_thread_local_init(fr_pwgrnam_buffer, _fr_pwgrnam_free); -+ if (p) -+ return p; -+ -+ p = malloc(sizeof(struct pwgrnam_buffer)); -+ if (!p) { -+ fr_perror("Failed allocating pwnam/grnam buffer"); -+ return NULL; -+ } -+ -+#ifdef _SC_GETPW_R_SIZE_MAX -+ p->pwsize = sysconf(_SC_GETPW_R_SIZE_MAX); -+ if (p->pwsize <= 0) -+#endif -+ p->pwsize = 16384; -+ -+#ifdef _SC_GETGR_R_SIZE_MAX -+ p->grsize = sysconf(_SC_GETGR_R_SIZE_MAX); -+ if (p->grsize <= 0) -+#endif -+ p->grsize = 16384; -+ -+ p->pwbuffer = malloc(p->pwsize); -+ if (!p->pwbuffer) { -+ fr_perror("Failed allocating pwnam buffer"); -+ free(p); -+ return NULL; -+ } -+ -+ p->grbuffer = malloc(p->grsize); -+ if (!p->grbuffer) { -+ fr_perror("Failed allocating grnam buffer"); -+ free(p->pwbuffer); -+ free(p); -+ return NULL; -+ } -+ -+ ret = fr_thread_local_set(fr_pwgrnam_buffer, p); -+ if (ret != 0) { -+ fr_perror("Failed setting up TLS for pwnam buffer: %s", fr_syserror(ret)); -+ _fr_pwgrnam_free(p); -+ return NULL; -+ } -+ -+ return p; -+} -+ -+/** Wrapper around getpwnam, search user database for a name -+ * -+ * getpwnam is not threadsafe so provide a thread-safe variant that -+ * uses TLS. -+ * -+ * @param name then username to search for -+ * @return NULL on error or not found, else pointer to thread local struct passwd buffer -+ */ -+struct passwd *rad_getpwnam(const char *name) -+{ -+ struct pwgrnam_buffer *p; -+ struct passwd *result; -+ int ret; -+ -+ p = init_pwgrnam_buffer(); -+ if (!p) -+ return NULL; -+ -+ while ((ret = getpwnam_r(name, &p->pwd, p->pwbuffer, p->pwsize, &result)) == ERANGE) { -+ char *tmp = realloc(p->pwbuffer, p->pwsize * 2); -+ if (!tmp) { -+ fr_perror("Failed reallocating pwnam buffer"); -+ return NULL; -+ } -+ p->pwsize *= 2; -+ p->pwbuffer = tmp; -+ } -+ if (ret < 0 || result == NULL) -+ return NULL; -+ return result; -+} -+ -+/** Wrapper around getgrnam, search group database for a name -+ * -+ * getgrnam is not threadsafe so provide a thread-safe variant that -+ * uses TLS. -+ * -+ * @param name the name to search for -+ * @return NULL on error or not found, else pointer to thread local struct group buffer -+ */ -+struct group *rad_getgrnam(const char *name) -+{ -+ struct pwgrnam_buffer *p; -+ struct group *result; -+ int ret; -+ -+ p = init_pwgrnam_buffer(); -+ if (!p) -+ return NULL; -+ -+ while ((ret = getgrnam_r(name, &p->grp, p->grbuffer, p->grsize, &result)) == ERANGE) { -+ char *tmp = realloc(p->grbuffer, p->grsize * 2); -+ if (!tmp) { -+ fr_perror("Failed reallocating pwnam buffer"); -+ return NULL; -+ } -+ p->grsize *= 2; -+ p->grbuffer = tmp; -+ } -+ if (ret < 0 || result == NULL) -+ return NULL; -+ return result; -+} -diff --git a/src/modules/rlm_opendirectory/rlm_opendirectory.c b/src/modules/rlm_opendirectory/rlm_opendirectory.c -index a160b81..0cacadf 100644 ---- a/src/modules/rlm_opendirectory/rlm_opendirectory.c -+++ b/src/modules/rlm_opendirectory/rlm_opendirectory.c -@@ -352,7 +352,7 @@ static int od_authorize(UNUSED void *instance, REQUEST *request) - - /* resolve SACL */ - uuid_clear(guid_sacl); -- groupdata = getgrnam(kRadiusSACLName); -+ groupdata = rad_getgrnam(kRadiusSACLName); - if (groupdata != NULL) { - err = mbr_gid_to_uuid(groupdata->gr_gid, guid_sacl); - if (err != 0) { -@@ -377,7 +377,7 @@ static int od_authorize(UNUSED void *instance, REQUEST *request) - */ - if (uuid_parse(rad_client->community, guid_nasgroup) != 0) { - /* attempt to resolve the name */ -- groupdata = getgrnam(rad_client->community); -+ groupdata = rad_getgrnam(rad_client->community); - if (groupdata == NULL) { - radlog(L_AUTH, "rlm_opendirectory: The group \"%s\" does not exist on this system.", rad_client->community); - return RLM_MODULE_FAIL; -@@ -418,7 +418,7 @@ static int od_authorize(UNUSED void *instance, REQUEST *request) - name = (char *)request->username->vp_strvalue; - rad_assert(name != NULL); - -- userdata = getpwnam(name); -+ userdata = rad_getpwnam(name); - if (userdata != NULL) { - err = mbr_uid_to_uuid(userdata->pw_uid, uuid); - if (err != 0) -diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c -index 9caab7a..661e3d7 100644 ---- a/src/modules/rlm_unix/rlm_unix.c -+++ b/src/modules/rlm_unix/rlm_unix.c -@@ -93,11 +93,11 @@ static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, - return -1; - } - -- pwd = getpwnam(req->username->vp_strvalue); -+ pwd = rad_getpwnam(req->username->vp_strvalue); - if (pwd == NULL) - return -1; - -- grp = getgrnam(check->vp_strvalue); -+ grp = rad_getgrnam(check->vp_strvalue); - if (grp == NULL) - return -1; - -@@ -211,7 +211,7 @@ static int unix_getpw(UNUSED void *instance, REQUEST *request, - return RLM_MODULE_USERLOCK; - } - #else /* OSFC2 */ -- if ((pwd = getpwnam(name)) == NULL) { -+ if ((pwd = rad_getpwnam(name)) == NULL) { - return RLM_MODULE_NOTFOUND; - } - encrypted_pass = pwd->pw_passwd; --- -2.1.0 - diff --git a/main/freeradius/0001-use-threadsafe-rad_getgrnam.patch b/main/freeradius/0001-use-threadsafe-rad_getgrnam.patch deleted file mode 100644 index 5743f8eaf1..0000000000 --- a/main/freeradius/0001-use-threadsafe-rad_getgrnam.patch +++ /dev/null @@ -1,39 +0,0 @@ -From db0fa142e8796a74711f3046b94836125e543e20 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 1 Jan 2015 17:08:29 +0100 -Subject: [PATCH] use threadsafe rad_getgrnam - ---- - src/modules/rlm_detail/rlm_detail.c | 2 +- - src/modules/rlm_linelog/rlm_linelog.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/modules/rlm_detail/rlm_detail.c b/src/modules/rlm_detail/rlm_detail.c -index 712a9d0..01dab6a 100644 ---- a/src/modules/rlm_detail/rlm_detail.c -+++ b/src/modules/rlm_detail/rlm_detail.c -@@ -341,7 +341,7 @@ static int do_detail(void *instance, REQUEST *request, RADIUS_PACKET *packet, - if (inst->group != NULL) { - gid = strtol(inst->group, &endptr, 10); - if (*endptr != '\0') { -- grp = getgrnam(inst->group); -+ grp = rad_getgrnam(inst->group); - if (grp == NULL) { - RDEBUG2("rlm_detail: Unable to find system group \"%s\"", inst->group); - goto skip_group; -diff --git a/src/modules/rlm_linelog/rlm_linelog.c b/src/modules/rlm_linelog/rlm_linelog.c -index 16b553c..192ea6d 100644 ---- a/src/modules/rlm_linelog/rlm_linelog.c -+++ b/src/modules/rlm_linelog/rlm_linelog.c -@@ -305,7 +305,7 @@ static int do_linelog(void *instance, REQUEST *request) - if (inst->group != NULL) { - gid = strtol(inst->group, &endptr, 10); - if (*endptr != '\0') { -- grp = getgrnam(inst->group); -+ grp = rad_getgrnam(inst->group); - if (grp == NULL) { - RDEBUG2("Unable to find system group \"%s\"", inst->group); - goto skip_group; --- -2.2.1 - diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index 1ba52452d1..bb26830039 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -1,33 +1,43 @@ +# Contributor: Vladyslav Frolov <frolvlad@gmail.com> # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=freeradius -pkgver=2.2.6 +_realname=freeradius +pkgver=3.0.8 pkgrel=1 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" license="GPL" -depends="freeradius-radclient freeradius-lib" +depends="freeradius3-lib" makedepends="openssl-dev mariadb-dev postgresql-dev gdbm-dev readline-dev - bash libtool autoconf automake perl-dev python-dev openldap-dev - unixodbc-dev linux-pam-dev sqlite-dev linux-headers" + bash libtool autoconf automake perl-dev python-dev openldap-dev krb5-dev + unixodbc-dev linux-pam-dev sqlite-dev talloc-dev libpcap-dev + linux-headers" pkggroups="radius" pkgusers="radius" -install="freeradius.pre-install" +install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dev $pkgname-dbg $pkgname-ldap $pkgname-lib - $pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl + $pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite - $pkgname-unixodbc $pkgname-pam $pkgname-webif $pkgname-webif-doc" -source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz - 0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch - 0001-use-threadsafe-rad_getgrnam.patch - fix-tls-test.patch - freeradius.confd - freeradius.initd + $pkgname-unixodbc $pkgname-pam $pkgname-eap $pkgname-krb5 $pkgname-dbg" +source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz + $pkgname.confd + $pkgname.initd + + musl-fix-headers.patch + disable-cert-generation.patch + freeradius-305-default-config.patch " +conflict="freeradius freeradius-lib freeradius-radclient" + +_builddir="$srcdir"/$_realname-server-$pkgver -_builddir="$srcdir"/$pkgname-server-$pkgver +radconfdir="/etc/raddb" +radmodsdir="$radconfdir/mods-available" +radlibdir="/usr/lib/freeradius" +radmodsconfdir="$radconfdir/mods-config" prepare() { cd "$_builddir" @@ -40,24 +50,8 @@ prepare() { esac done update_config_sub || return 1 - - # we dont have libnsl - sed -i 's/nsl, //g' configure.in || return 1 - - # Fix compilation with heimdal >= 1.3.1 - sed -i 's/ -DKRB5_DEPRECATED//' src/modules/rlm_krb5/Makefile.in \ - || return 1 - - # Fix default config - sed -i 's%run_dir = .*%run_dir = \$\{localstatedir\}/run/radius%' \ - raddb/radiusd.conf.in || return 1 - # disable directive that pulls in freeradius-mysql package - sed -i 's%$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf%#$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf%' \ - raddb/modules/dhcp_sqlippool || return 1 - - rm -f libtool.m4 - libtoolize --force -c || return 1 - aclocal && ./autogen.sh || return 1 + # remove certs generation + # rm -rf raddb/certs || return 1 } build() { @@ -70,196 +64,210 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info \ --localstatedir=/var \ - --libdir=/usr/lib/freeradius \ - --disable-static \ - --enable-shared \ - --disable-ltdl-install \ + --datarootdir=/usr/share \ + --libdir="$radlibdir" \ + --with-logdir=/var/log/radius \ + --with-radacctdir=/var/log/radius/radacct \ --with-system-libtool \ --with-system-libltdl \ + --with-shared-libs \ --with-udpfromto \ - --with-experimental-modules \ - --with-rlm_sql_sqlite \ - --without-rlm_sql_oracle \ + --with-rlm_sql_sqlite \ + --with-rlm_sql_postgresql \ + --with-rlm_sql_mysql \ + --with-rlm_krb5 \ + --without-rlm_eap_tnc \ + --without-rlm_eap_ikev2 \ --without-rlm_sql_iodbc \ - --without-rlm_sql_firebird \ - --without-rlm_sql_db2 \ - --without-rlm_ruby \ - --without-rlm_rediswho \ - --without-rlm_redis \ - --without-rlm_krb5 \ + --without-rlm_sql_oracle \ + --without-rlm_yubikey \ + --without-rlm_ykclient \ || return 1 - # * workaround parallel build issue - # * add -lssl to fix: - # radiusd: symbol 'SSL_set_ex_data': can't resolve symbol in lib - # '/usr/lib/freeradius/libfreeradius-eap-2.1.10.so'. - make LDFLAGS="$LDFLAGS -lssl" LIBTOOL="$PWD/libtool" || return 1 + make -j1 LDFLAGS="$LDFLAGS -lssl" || return 1 } package() { cd "$_builddir" - install -d -m0750 -o root -g radius "$pkgdir"/etc/raddb - install -d -m0750 -o radius -g radius "$pkgdir"/var/run/radius - install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius - install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius/radacct + install -d -m0750 -o root -g radius \ + "${pkgdir}"${radconfdir} || return 1 + install -d -m0750 -o radius -g radius \ + "$pkgdir"/var/run/radius || return 1 + install -d -m0750 -o radius -g radius \ + "$pkgdir"/var/log/radius || return 1 + install -d -m0750 -o radius -g radius \ + "$pkgdir"/var/log/radius/radacct || return 1 - make -j1 R="$pkgdir" LIBTOOL="$PWD/libtool" install + make -j1 R="$pkgdir" install || return 1 chown -R root:radius "$pkgdir"/etc/raddb/* - rm -f "$pkgdir/usr/sbin/rc.radiusd" - install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/radiusd - install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/radiusd - install -m644 -D scripts/logrotate.freeradius \ - "$pkgdir"/etc/logrotate.d/$pkgname - find $pkgdir -iname *.la -delete + rm -f "$pkgdir"/usr/sbin/rc.radiusd + install -m755 -D "$srcdir"/$pkgname.initd \ + "$pkgdir"/etc/init.d/radiusd || return 1 + install -m644 -D "$srcdir"/$pkgname.confd \ + "$pkgdir"/etc/conf.d/radiusd || return 1 + #Install misses to create this + mkdir -p "${pkgdir}"${radmodsconfdir}/sql/ippool-dhcp/postgresql + find "$pkgdir" -iname *.la -delete +} + +_mvdb() { + for dir in ippool-dhcp ippool counter main cui; do + mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/$dir + mv "${pkgdir}"${radmodsconfdir}/sql/$dir/$1 \ + "${subpkgdir}"${radmodsconfdir}/sql/$dir || return 1 + done + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_sql_${1}.so "${subpkgdir}"${radlibdir} \ + || return 1 +} + +eap() { + depends="freeradius3" + pkgdesc="EAP module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_eap*.so "${subpkgdir}"${radlibdir} \ + || return 1 + mkdir -p "${subpkgdir}"${radmodsdir} + mv "${pkgdir}"${radmodsdir}/eap "${subpkgdir}"${radmodsdir} || return 1 + mkdir -p "${subpkgdir}"${radconfdir} + mv "${pkgdir}"${radconfdir}/certs "${subpkgdir}"${radconfdir} || return 1 } ldap() { - depends="freeradius" - mkdir -p $subpkgdir/etc/raddb - mv $pkgdir/etc/raddb/ldap.attrmap $subpkgdir/etc/raddb || return 1 - mkdir -p $subpkgdir/etc/raddb/modules - mv $pkgdir/etc/raddb/modules/ldap $subpkgdir/etc/raddb/modules \ + depends="freeradius3" + pkgdesc="LDAP module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_ldap* "${subpkgdir}"${radlibdir} \ || return 1 - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_ldap* $subpkgdir/usr/lib/freeradius \ +} + +krb5() { + depends="freeradius3" + pkgdesc="Kerberos module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_krb5* "${subpkgdir}"${radlibdir} \ || return 1 } lib() { - replaces="freeradius" depends="" - mkdir -p $subpkgdir/usr/lib/freeradius $subpkgdir/etc/raddb \ - $subpkgdir/usr/share || return 1 - mv $pkgdir/usr/lib/freeradius/libfreeradius-*.so \ - $subpkgdir/usr/lib/freeradius || return 1 - mv $pkgdir/etc/raddb/dictionary $subpkgdir/etc/raddb/dictionary \ - || return 1 - mv $pkgdir/usr/share/freeradius $subpkgdir/usr/share/freeradius \ + pkgdesc="Freeradius shared libraries" + mkdir -p "${subpkgdir}"${radlibdir} "${subpkgdir}"${radconfdir} \ + "$subpkgdir"/usr/share/freeradius || return 1 + mv "${pkgdir}"${radlibdir}/libfreeradius-*.so \ + "${subpkgdir}"${radlibdir} || return 1 + mv "${pkgdir}"/usr/share/freeradius/* \ + "${subpkgdir}"/usr/share/freeradius || return 1 +} + +sql() { + depends="freeradius3" + pkgdesc="SQL module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + for lib in sql sqlippool sql_null sqlcounter; do + mv "${pkgdir}"${radlibdir}/rlm_${lib}.so \ + "${subpkgdir}"${radlibdir} || return 1 + done + mkdir -p "${subpkgdir}"${radconfdir}/sites-available + mv "${pkgdir}"${radconfdir}/sites-available/buffered-sql \ + "${subpkgdir}"${radconfdir}/sites-available || return 1 + mkdir -p "${subpkgdir}"${radmodsdir} + mv "${pkgdir}"${radmodsdir}/*sql* "${subpkgdir}"${radmodsdir} \ || return 1 } mysql() { - depends="freeradius" - mkdir -p $subpkgdir/etc/raddb/sql - mv $pkgdir/etc/raddb/sql/mysql $subpkgdir/etc/raddb/sql || return 1 - mv $pkgdir/etc/raddb/sql/ndb $subpkgdir/etc/raddb/sql || return 1 - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_sql_mysql* \ - $subpkgdir/usr/lib/freeradius || return 1 + depends="freeradius3-sql" + pkgdesc="MySQL module for FreeRADIUS server" + _mvdb mysql || return 1 } mssql() { - depends="freeradius" + depends="freeradius3-sql" + pkgdesc="MSSQL module for FreeRADIUS server" arch="noarch" - mkdir -p $subpkgdir/etc/raddb/sql - mv $pkgdir/etc/raddb/sql/mssql $subpkgdir/etc/raddb/sql || return 1 -} - -oracle() { - depends="freeradius" - arch="noarch" - mkdir -p $subpkgdir/etc/raddb/sql - mv $pkgdir/etc/raddb/sql/oracle $subpkgdir/etc/raddb/sql || return 1 + mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/main + mv "${pkgdir}"${radmodsconfdir}/sql/main/mssql \ + "${subpkgdir}"${radmodsconfdir}/sql/main || return 1 } perl() { - depends="freeradius perl" - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_perl* $subpkgdir/usr/lib/freeradius \ + depends="freeradius3 perl" + pkgdesc="Perl module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_perl* "${subpkgdir}"${radlibdir} \ || return 1 - mkdir -p $subpkgdir/usr/bin - mv $pkgdir/usr/sbin/checkrad $subpkgdir/usr/bin/checkrad || return 1 - mkdir -p $subpkgdir/etc/raddb/modules - mv $pkgdir/etc/raddb/modules/perl $subpkgdir/etc/raddb/modules/perl \ + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/sbin/checkrad "$subpkgdir"/usr/bin/checkrad \ || return 1 + mkdir -p "${subpkgdir}"${radconfdir}/mods-available + mv "${pkgdir}"${radconfdir}/mods-available/perl \ + "${subpkgdir}"${radconfdir}/mods-available/perl || return 1 } postgresql() { - depends="freeradius" - mkdir -p $subpkgdir/etc/raddb/sql - mv $pkgdir/etc/raddb/sql/postgresql $subpkgdir/etc/raddb/sql || return 1 - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_sql_postgresql* \ - $subpkgdir/usr/lib/freeradius || return 1 + depends="freeradius3-sql" + pkgdesc="PostgreSQL module for FreeRADIUS server" + _mvdb postgresql || return 1 } python() { - depends="freeradius python" - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_python* \ - $subpkgdir/usr/lib/freeradius || return 1 + depends="freeradius3 python" + pkgdesc="Python module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_python* "${subpkgdir}"${radlibdir} \ + || return 1 + for dir in $radmodsdir $radmodsconfdir; do + mkdir -p "${subpkgdir}"$dir + mv "${pkgdir}"$dir/python "${subpkgdir}"$dir || return 1 + done } radclient() { depends="" - mkdir -p $subpkgdir/usr/bin - mv $pkgdir/usr/bin/radclient $subpkgdir/usr/bin/radclient || return 1 + pkgdesc="Client for FreeRADIUS server" + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/radclient "$subpkgdir"/usr/bin/radclient \ + || return 1 } sqlite() { - depends="freeradius" - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_sql_sqlite* \ - $subpkgdir/usr/lib/freeradius || return 1 + depends="freeradius3-sql" + pkgdesc="SQLite module for FreeRADIUS server" + _mvdb sqlite || return 1 } unixodbc() { - depends="freeradius" - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_sql_unixodbc* \ - $subpkgdir/usr/lib/freeradius || return 1 + depends="freeradius3" + pkgdesc="ODBC module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_sql_unixodbc.so \ + "${subpkgdir}"${radlibdir} || return 1 } pam() { - depends="freeradius" - mkdir -p $subpkgdir/usr/lib/freeradius - mv $pkgdir/usr/lib/freeradius/rlm_pam* $subpkgdir/usr/lib/freeradius \ - || return 1 -} - -webif() { - depends="php" - pkgdesc="Dialupadmin interface for FreeRADIUS" - arch="noarch" - mkdir -p $subpkgdir/usr/share/webapps/dialupadmin - mkdir -p $subpkgdir/usr/share/doc/freeradius/dialupadmin - mkdir -p $subpkgdir/etc/raddb/dialupadmin - for dir in bin htdocs html lib sql; - do - mv $_builddir/dialup_admin/$dir \ - $subpkgdir/usr/share/webapps/dialupadmin || return 1 - done - mkdir -p $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin - mv $_builddir/dialup_admin/doc/* \ - $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin || return 1 - mv $_builddir/dialup_admin/README \ - $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin || return 1 - mv $_builddir/dialup_admin/conf/* $subpkgdir/etc/raddb/dialupadmin \ + depends="freeradius3" + pkgdesc="PAM module for FreeRADIUS server" + mkdir -p "${subpkgdir}"${radlibdir} + mv "${pkgdir}"${radlibdir}/rlm_pam* "${subpkgdir}"${radlibdir} \ || return 1 - for file in $(ls $subpkgdir/usr/share/webapps/dialupadmin/bin) - do - sed -i "s|/usr/local/dialup_admin/conf|/etc/raddb/dialupadmin|g" \ - $subpkgdir/usr/share/webapps/dialupadmin/bin/$file - sed -i "s|/data/local/dialupadmin/conf|/etc/raddb/dialupadmin|g" \ - $subpkgdir/usr/share/webapps/dialupadmin/bin/$file - done } -md5sums="3d1af22fccef74dbc06785ab1abdfd1f freeradius-server-2.2.6.tar.gz -f28735060b63d88875783817bcd95586 0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch -aa00c3ed02b53021113b2e145d312ee4 0001-use-threadsafe-rad_getgrnam.patch -b6bcdba16c65503be4265126cf4d2eee fix-tls-test.patch +md5sums="29a65ff73147ac19cbeb797a0e631c18 freeradius-server-3.0.8.tar.gz fc6693f3df5a0694610110287a28568a freeradius.confd -a623d0ad09b7cef0796be82c51086536 freeradius.initd" -sha256sums="f0941f4757ace0a46b9dec11245c9e5b3addbb93a45141179638e3687b56be13 freeradius-server-2.2.6.tar.gz -115ae559fc5c8a638c5ebb510cb58478df66ceeb61a6768584e592e4a1fbc9d4 0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch -8f2dd61e5f90c83198fa26f66bca54394b17cafbb8d2bbb97e948b4f55d1f071 0001-use-threadsafe-rad_getgrnam.patch -38455012b9fc322a7bfdec66e4f8aafeb679d0142eddfba31114aadfd8195b41 fix-tls-test.patch +e27f11a11fa167b5185d3e11de79d3bc freeradius.initd +d86558365a1deea4914ed139797805b0 musl-fix-headers.patch +ecd9ecfba4cf86a203de6faf8398c44a disable-cert-generation.patch +f8a7b00835f2108acc06af212cede16e freeradius-305-default-config.patch" +sha256sums="c27252d7a86ba252904612d9b1f90e846f3ef1f4afee6a748f5287b730e87e3a freeradius-server-3.0.8.tar.gz 2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius.confd -03c89204b9467416b87e4add70c6d12fe730e9444a54404c03f76d7f881ac458 freeradius.initd" -sha512sums="0b2dcefa8607ae88b9cb1f21aaaa7c43d553ea2951dc2163b297560a68729e09820b329e47872355020ac9a987bcebbf8e1e2616f75b1089b706bbd0e296e6fc freeradius-server-2.2.6.tar.gz -4fb99b6a0f22cb844382139d448e24cc1b698452e30c1b0f06674a6fbd21463bcece2f2f4121618f9c7c57c8eb882eee35511b4dcea6e2a0904e27e5f2a6a679 0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch -dfe522350a2d45bf81c362ee87c57021149f196d4d45b8567911a1bd74e6b11b5172042a36e02f651157854251c08e846330e5d862767427ad7850ac6eac4f96 0001-use-threadsafe-rad_getgrnam.patch -77ee33a3c2059fb07841255fefc577f4e04680f4a1968d320a17f1d2769ddb671c36639dadbba0a1b1faaa31b1fb0c900313c375a209e67c41d75ebf9bef9d8f fix-tls-test.patch +a5208f13420c28446b85dfc48cb9193a4651c994d15cc2c9b0bc43734c66e8f0 freeradius.initd +872aaebf86a663f819460d98924a9dc1f3e428facac6930dc98d1e442df1633f musl-fix-headers.patch +008fa3a4da7b3c01df238bf492a8ccda4077289c02c553a60ad8f4439ec136a2 disable-cert-generation.patch +02cad546ffaf3f9be531cb45b96c7fb31f83c717e40ece4ff28a73c86f921f33 freeradius-305-default-config.patch" +sha512sums="89aabc474e95226eeb5003feef40fbe240f28aa65c40e0566a9bec08991d95fab83826f3b14f416cf4d7d832a814912521cb3c83097c1a2ce5d3e3537ee3a732 freeradius-server-3.0.8.tar.gz e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius.confd -6377c6ec0d060c2006ab16e28c416d60b6e4897c4ecc4b321f5b281010aaffb06e80b10c45403d46cdfacb1b75046dc49986977e8072ffca5a2440f82ae1b28f freeradius.initd" +ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a7420246ca06bf0b93d0a6f23ec198f5e48647f9d25b40067e852a freeradius.initd +c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch +09b78c6baa992f82ab81c43aad6792536a4708d460170f0a373e242a5fafe8db10662dc7fcef99a966b828ed91fa7fe38567c961c938de9a447f1ee03aebb142 disable-cert-generation.patch +b69b899da6f80dbdb7422847536e37461315ba587a07fedc1eee28b96be7d16993b758ccd34e3a271ce2937d72c6ddff878aec61a3a4c0750deaaa959d10ed5e freeradius-305-default-config.patch" diff --git a/main/freeradius/disable-cert-generation.patch b/main/freeradius/disable-cert-generation.patch new file mode 100644 index 0000000000..69cc13b5c4 --- /dev/null +++ b/main/freeradius/disable-cert-generation.patch @@ -0,0 +1,27 @@ +--- a/raddb/all.mk ++++ b/raddb/all.mk +@@ -18,9 +18,6 @@ + LOCAL_CERT_FILES := Makefile README xpextensions \ + ca.cnf server.cnf client.cnf bootstrap + +-LOCAL_CERT_PRODUCTS := $(addprefix $(R)$(raddbdir)/certs/,ca.key ca.pem \ +- client.key client.pem server.key server.pem) +- + LEGACY_LINKS := $(addprefix $(R)$(raddbdir)/,users huntgroups hints) + + RADDB_DIRS := certs mods-available mods-enabled policy.d \ +@@ -113,14 +110,7 @@ + @[ -e $@ ] || ln -s $(patsubst $(R)$(raddbdir)/%,./%,$<) $@ + + ifeq ("$(PACKAGE)","") +-$(LOCAL_CERT_PRODUCTS): +- @echo BOOTSTRAP raddb/certs/ +- @$(MAKE) -C $(R)$(raddbdir)/certs/ + +-# Bootstrap is special +-$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS) +- @echo INSTALL $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) +- @$(INSTALL) -m 750 $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) $@ + else + $(R)$(raddbdir)/certs/bootstrap: + @echo INSTALL $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) diff --git a/main/freeradius/fix-tls-test.patch b/main/freeradius/fix-tls-test.patch deleted file mode 100644 index 237aec4a10..0000000000 --- a/main/freeradius/fix-tls-test.patch +++ /dev/null @@ -1,51 +0,0 @@ -TLS test is broken - -also include a hunk from - -diff --git a/acinclude.m4 b/acinclude.m4 -index 3fd2c89..07480d8 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -330,12 +330,21 @@ m4_pushdef([AC_OUTPUT], - # - AC_DEFUN([FR_TLS], - [ -- AC_MSG_CHECKING(for TLS) -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ static __thread int val; int main(int argc, char *argv[]) { return val = argc; } ]])],[have_tls=yes],[have_tls=no],[have_tls=no ]) -- AC_MSG_RESULT($have_tls) -- if test "$have_tls" = "yes"; then -- AC_DEFINE([HAVE_THREAD_TLS],[1],[Define if the compiler supports __thread]) -- fi -+ AC_MSG_CHECKING(for __thread support in compiler) -+ AC_RUN_IFELSE( -+ [AC_LANG_SOURCE( -+ [[ -+ static __thread int val; -+ int main(int argc, char **argv) { -+ val = 0; -+ return val; -+ } -+ ]]) -+ ],[have_tls=yes],[have_tls=no],[have_tls=no]) -+ AC_MSG_RESULT($have_tls) -+ if test "x$have_tls" = "xyes"; then -+ AC_DEFINE([HAVE_THREAD_TLS],[1],[Define if the compiler supports __thread]) -+ fi - ]) - - -diff --git a/confifgure.in b/configure.in -index 3fd2c89..07480d8 100644 ---- a/configure.in -+++ b/configure.in -@@ -547,6 +561,10 @@ else - ) - fi - -+if test "x$WITH_THREADS" = "xyes"; then -+ AC_DEFINE(WITH_THREADS, [1], [define if you want thread support]) -+fi -+ - dnl Check if we need -lsocket - AC_CHECK_LIB(dl, dlopen) - diff --git a/main/freeradius/freeradius-305-default-config.patch b/main/freeradius/freeradius-305-default-config.patch new file mode 100644 index 0000000000..ab04ad9994 --- /dev/null +++ b/main/freeradius/freeradius-305-default-config.patch @@ -0,0 +1,88 @@ +--- a/raddb/radiusd.conf.in ++++ b/raddb/radiusd.conf.in +@@ -436,8 +436,8 @@ + # member. This can allow for some finer-grained access + # controls. + # +-# user = radius +-# group = radius ++ user = radius ++ group = radius + + # Core dumps are a bad thing. This should only be set to + # 'yes' if you're debugging a problem with the server. +--- a/raddb/sites-available/default ++++ b/raddb/sites-available/default +@@ -343,9 +343,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Pull crypt'd passwords from /etc/passwd or /etc/shadow, +@@ -486,7 +486,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + + # + # The older configurations sent a number of attributes in +@@ -792,7 +792,7 @@ + # Insert EAP-Failure message if the request was + # rejected by policy instead of because of an + # authentication failure +- eap ++# eap + + # Remove reply message if the response contains an EAP-Message + remove_reply_message_if_eap +@@ -861,7 +861,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + + # + # If the server tries to proxy a request and fails, then the +--- a/raddb/sites-available/inner-tunnel ++++ b/raddb/sites-available/inner-tunnel +@@ -116,9 +116,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Read the 'users' file +@@ -227,7 +227,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + ###################################################################### +@@ -393,7 +393,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + } + + } # inner-tunnel server block diff --git a/main/freeradius/freeradius.initd b/main/freeradius/freeradius.initd index d8c91c1061..5412d2b31c 100644 --- a/main/freeradius/freeradius.initd +++ b/main/freeradius/freeradius.initd @@ -1,6 +1,14 @@ #!/sbin/openrc-run extra_started_commands="reload" +run_dir="/var/run/radiusd" +command="/usr/sbin/radiusd" +command_args="$RADIUSD_OPTS" +pidfile="$run_dir/radiusd.pid" +name="Freeradius" +conf="/etc/raddb/radiusd.conf" +user="$(grep -v '#' $conf | grep 'user =' | awk -F " = " '{ print $2 }')" +group="$(grep -v '#' $conf |grep 'group =' | awk -F " = " '{ print $2 }')" depend() { need net @@ -8,63 +16,12 @@ depend() { use dns } -checkconfig() { - #set the location of log files, including startup.log created by check-radiusd-config - if ! cd /var/log/radius ; then - eerror "Failed to change current directory to /var/log/radius" - return 1 - fi - - if [ ! -d /var/run/radius ] && ! mkdir /var/run/radius ; then - eerror "Failed to create /var/run/radius" - return 1 - fi - - if [ ! -f /etc/raddb/radiusd.conf ] ; then - eerror "No /etc/raddb/radiusd.conf file exists!" - return 1 - fi - - if [ "`/usr/sbin/radiusd -C >/dev/null 2>&1; echo $?`" != "0" ] ; then - eerror "Config not ok! (try /usr/sbin/radiusd -C )" - return 1 - fi - - RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` - RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3` - if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then - eerror "${RADIUSD_USER} user missing!" - return 1 - fi - if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then - eerror "${RADIUSD_GROUP} group missing!" - return 1 - fi - - #radius.log is created before privileges drop; we need to set proper permissions on it - [ -f radius.log ] || touch radius.log || return 1 - - chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radius && \ - chmod -R u+rwX,g+rX . /var/run/radius || return 1 -} - -start() { - checkconfig || return 1 - - ebegin "Starting radiusd" - start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null - eend $? -} - -stop () { - ebegin "Stopping radiusd" - start-stop-daemon --stop --quiet --pidfile /var/run/radius/radiusd.pid - eend $? +start_pre() { + checkpath --directory --owner ${user}:${group} --mode 0775 ${run_dir} } reload () { - ebegin "Reloading radiusd" - kill -HUP `cat /var/run/radius/radiusd.pid` + ebegin "Reloading $name" + kill -HUP `cat $pidfile` eend $? } - diff --git a/main/freeradius/musl-fix-headers.patch b/main/freeradius/musl-fix-headers.patch new file mode 100644 index 0000000000..cb8f5c0a71 --- /dev/null +++ b/main/freeradius/musl-fix-headers.patch @@ -0,0 +1,10 @@ +--- ./src/modules/rlm_sql/sql.c.orig ++++ ./src/modules/rlm_sql/sql.c +@@ -33,6 +33,7 @@ + #include <sys/stat.h> + + #include <ctype.h> ++#include <fcntl.h> + + #include "rlm_sql.h" + |