main/freeradius3: backported from edge

(cherry picked from commit a286ee9c925bd1ae64378020f0fb6af1372ca69d)
author: Leonardo Arena <rnalrd@alpinelinux.org> 2014-07-15 09:29:14 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2014-07-15 13:59:07 +0000
commit: b6dcbeb82068ae92f20137b4b1983d0e07502060 (patch)
tree: 9e9b247bd27bd2f27c2f8c7447009f30adca50c7 /main
parent: ab2455dfa1bf09b214ebad2e89a1cac68a82eecf (diff)
download: aports-b6dcbeb82068ae92f20137b4b1983d0e07502060.tar.bz2
aports-b6dcbeb82068ae92f20137b4b1983d0e07502060.tar.xz
9 files changed, 541 insertions, 0 deletions
diff --git a/main/freeradius3/APKBUILD b/main/freeradius3/APKBUILD
new file mode 100644
index 0000000000..708bc0b1bc
--- /dev/null
+++ b/main/freeradius3/APKBUILD
@@ -0,0 +1,252 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+pkgname=freeradius3
+_realname=freeradius
+pkgver=3.0.3
+pkgrel=4
+pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
+url="http://freeradius.org/"
+arch="all"
+license="GPL"
+depends="freeradius3-lib"
+makedepends="openssl-dev mysql-dev postgresql-dev gdbm-dev readline-dev
+	bash libtool autoconf automake perl-dev python-dev openldap-dev
+	unixodbc-dev linux-pam-dev sqlite-dev talloc-dev libpcap-dev"
+pkggroups="radius"
+pkgusers="radius"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib
+	$pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl
+	$pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite
+	$pkgname-unixodbc $pkgname-pam $pkgname-eap"
+source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
+	$pkgname.confd
+	$pkgname.initd
+	freeradius3-301-default-config.patch
+	disable-cert-generation.patch
+	freeradius3-303-main-log-include.patch
+	musl-fix-headers.patch
+	"
+conflict="freeradius freeradius-lib freeradius-radclient"
+
+_builddir="$srcdir"/$_realname-server-$pkgver
+
+radconfdir="/etc/raddb"
+radmodsdir="$radconfdir/mods-available"
+radlibdir="/usr/lib/freeradius"
+radmodsconfdir="$radconfdir/mods-config"
+
+prepare() {
+	cd "$_builddir"
+        for i in $source; do
+                case $i in
+                *.patch)
+                        msg "Applying $i"
+                        patch -p1 -i "$srcdir"/$i || return 1
+                        ;;
+                esac
+        done
+	update_config_sub || return 1
+	# remove certs generation
+	# rm -rf raddb/certs || return 1
+}
+
+build() {
+	cd "$_builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--datarootdir=/usr/share \
+		--libdir="$radlibdir" \
+		--with-logdir=/var/log/radius \
+		--with-radacctdir=/var/log/radius/radacct \
+		--with-system-libtool \
+		--with-system-libltdl \
+		--with-shared-libs \
+		--with-udpfromto \
+                --with-rlm_sql_sqlite \
+                --with-rlm_sql_postgresql \
+                --with-rlm_sql_mysql \
+		--without-rlm_krb5 \
+		--without-rlm_eap_tnc \
+		--without-rlm_eap_ikev2 \
+		--without-rlm_sql_iodbc \
+		--without-rlm_sql_oracle \
+		--without-rlm_yubikey \
+		--without-rlm_ykclient \
+		|| return 1
+
+	make -j1 LDFLAGS="$LDFLAGS -lssl -lm" || return 1
+}
+
+package() {
+	cd "$_builddir"
+	install -d -m0750 -o root -g radius \
+		"${pkgdir}"${radconfdir} || return 1
+	install -d -m0750 -o radius -g radius \
+		"$pkgdir"/var/run/radius || return 1
+	install -d -m0750 -o radius -g radius \
+		"$pkgdir"/var/log/radius || return 1
+	install -d -m0750 -o radius -g radius \
+		"$pkgdir"/var/log/radius/radacct || return 1
+
+	make -j1 R="$pkgdir" install || return 1
+	chown -R root:radius "$pkgdir"/etc/raddb/*
+	rm -f "$pkgdir"/usr/sbin/rc.radiusd
+	install -m755 -D "$srcdir"/$pkgname.initd \
+		"$pkgdir"/etc/init.d/radiusd || return 1
+	install -m644 -D "$srcdir"/$pkgname.confd \
+		"$pkgdir"/etc/conf.d/radiusd || return 1
+	#Install misses to create this
+	mkdir -p "${pkgdir}"${radmodsconfdir}/sql/ippool-dhcp/postgresql
+	find "$pkgdir" -iname *.la -delete
+}
+
+_mvdb() {
+	for dir in ippool-dhcp ippool counter main cui; do
+		mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/$dir
+		mv "${pkgdir}"${radmodsconfdir}/sql/$dir/$1 \
+		 "${subpkgdir}"${radmodsconfdir}/sql/$dir || return 1
+	done
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_sql_${1}.so "${subpkgdir}"${radlibdir} \
+		|| return 1
+}
+
+eap() {
+	depends="freeradius3"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_eap*.so "${subpkgdir}"${radlibdir} \
+		|| return 1
+	mkdir -p "${subpkgdir}"${radmodsdir}
+	mv "${pkgdir}"${radmodsdir}/eap "${subpkgdir}"${radmodsdir} || return 1
+	mkdir -p "${subpkgdir}"${radconfdir}
+	mv "${pkgdir}"${radconfdir}/certs "${subpkgdir}"${radconfdir} || return 1
+}
+
+ldap() {
+	depends="freeradius3"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_ldap* "${subpkgdir}"${radlibdir} \
+		|| return 1
+}
+
+lib() {
+	depends=""
+	mkdir -p "${subpkgdir}"${radlibdir} "${subpkgdir}"${radconfdir} \
+	 "$subpkgdir"/usr/share/freeradius || return 1
+	mv "${pkgdir}"${radlibdir}/libfreeradius-*.so \
+	 "${subpkgdir}"${radlibdir} || return 1
+	cp "$_builddir"/share/* \
+	 "${subpkgdir}"/usr/share/freeradius || return 1
+}
+
+sql() {
+	depends="freeradius3"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	for lib in sql sqlippool sql_null sqlcounter; do
+		mv "${pkgdir}"${radlibdir}/rlm_${lib}.so \
+			"${subpkgdir}"${radlibdir} || return 1
+	done
+	mkdir -p "${subpkgdir}"${radconfdir}/sites-available
+	mv "${pkgdir}"${radconfdir}/sites-available/buffered-sql \
+	 "${subpkgdir}"${radconfdir}/sites-available || return 1
+	mkdir -p "${subpkgdir}"${radmodsdir}
+	mv "${pkgdir}"${radmodsdir}/*sql* "${subpkgdir}"${radmodsdir} \
+		|| return 1
+}
+
+mysql() {
+	depends="freeradius3-sql"
+	_mvdb mysql || return 1
+}
+
+mssql() {
+	depends="freeradius3-sql"
+	arch="noarch"
+	mkdir -p "${subpkgdir}"${radmodsconfdir}/sql/main
+	mv "${pkgdir}"${radmodsconfdir}/sql/main/mssql \
+	 "${subpkgdir}"${radmodsconfdir}/sql/main || return 1
+}
+
+perl() {
+	depends="freeradius3 perl"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_perl* "${subpkgdir}"${radlibdir} \
+		|| return 1
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/sbin/checkrad "$subpkgdir"/usr/bin/checkrad \
+		|| return 1
+	mkdir -p "${subpkgdir}"${radconfdir}/mods-available
+	mv "${pkgdir}"${radconfdir}/mods-available/perl \
+		"${subpkgdir}"${radconfdir}/mods-available/perl || return 1
+}
+
+postgresql() {
+	depends="freeradius3-sql"
+	_mvdb postgresql || return 1
+}
+
+python() {
+	depends="freeradius3 python"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_python* "${subpkgdir}"${radlibdir} \
+		|| return 1
+	for dir in $radmodsdir $radmodsconfdir; do
+		mkdir -p "${subpkgdir}"$dir
+		mv "${pkgdir}"$dir/python "${subpkgdir}"$dir || return 1
+	done
+}
+
+radclient() {
+	depends=""
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/radclient "$subpkgdir"/usr/bin/radclient \
+		|| return 1
+}
+
+sqlite() {
+	depends="freeradius3-sql"
+	_mvdb sqlite || return 1
+}
+
+unixodbc() {
+	depends="freeradius3"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_sql_unixodbc.so \
+		"${subpkgdir}"${radlibdir} || return 1
+}
+
+pam() {
+	depends="freeradius3"
+	mkdir -p "${subpkgdir}"${radlibdir}
+	mv "${pkgdir}"${radlibdir}/rlm_pam* "${subpkgdir}"${radlibdir} \
+		|| return 1
+}
+
+md5sums="f031cdf90b94957b05a12468c95172d9  freeradius-server-3.0.3.tar.gz
+fc6693f3df5a0694610110287a28568a  freeradius3.confd
+3a50b7f233e74daf3f87da63b3e9579d  freeradius3.initd
+d332a0c1fcbab07f50461ae887279df2  freeradius3-301-default-config.patch
+7097584dba2b344caf5c32475bf8da16  disable-cert-generation.patch
+b3f62ccbba7aab3e7c009767372d71ed  freeradius3-303-main-log-include.patch
+d86558365a1deea4914ed139797805b0  musl-fix-headers.patch"
+sha256sums="57e9932e5401670d0f0000080b942aee2cd6ca80422f76acd21f13a4be46335e  freeradius-server-3.0.3.tar.gz
+2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292  freeradius3.confd
+e173cce3b8a4c2ed4d1fdd58fff8ec21e9166f011ec052f5f4c01712493e72b3  freeradius3.initd
+edde20a808ad4c589d456ccf9e693a8ee9922e75366b1187994f0b982e856021  freeradius3-301-default-config.patch
+a72a0454f047bbbf258ffa90bd496e48cdfd95bc03a3863ab01750382ce566e3  disable-cert-generation.patch
+37b3a67a9fe5a34d82fd6274b95732298561f19a0e7c81faf5ad0bf9a8f7874a  freeradius3-303-main-log-include.patch
+872aaebf86a663f819460d98924a9dc1f3e428facac6930dc98d1e442df1633f  musl-fix-headers.patch"
+sha512sums="a4fbb0a19f5946182c0cac6d62270db378674e48350c7c3b8f7d8a2a1b16c95c9b205af8d7ed22009b6392d4ab7cb251694d2593a39d9e4efc8eec9ff736bd01  freeradius-server-3.0.3.tar.gz
+e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b  freeradius3.confd
+b29bf9090a2be7af77a3e104346a23024baf78a343e7f2fd6f6ddb02c223ac66d9b77c80d02b2cb26cbef2e64cb59c46462bb54b063b862e5a3a61c72653a63d  freeradius3.initd
+f32ca8fbd0d082f962c5e42c78742f7b099d2e518ee246003a7860c6d69bad745dcad974b2fb98f8e51ddecb78222f88bc778dd2f33efdb02b3f8e4298ea3e79  freeradius3-301-default-config.patch
+d027627ac302c39de9342f5f97d2b44752e33d0def311aa5e140e9365b6a501cd5e4f311b1751d5efa3aa63666f07fc58bc222f95bba0a478a7828c6aea07770  disable-cert-generation.patch
+1bf8587bfbf6109cfe8b34ffb4e3100d1d06be24678d9358c0cccc84e84e277822c01117bd4a038b11da35fcb86110588f5bd54177cbd632036977db3a53376d  freeradius3-303-main-log-include.patch
+c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d  musl-fix-headers.patch"
diff --git a/main/freeradius3/disable-cert-generation.patch b/main/freeradius3/disable-cert-generation.patch
new file mode 100644
index 0000000000..3606c911cd
--- /dev/null
+++ b/main/freeradius3/disable-cert-generation.patch
@@ -0,0 +1,52 @@
+--- a/Makefile
++++ b/Makefile
+@@ -40,7 +40,6 @@
+ # Only redirect STDOUT, which should contain details of why the test failed.
+ # Don't molest STDERR as this may be used to receive output from a debugger.
+ $(BUILD_DIR)/tests/radiusd-c: raddb/test.conf ${BUILD_DIR}/bin/radiusd | build.raddb
+-	@$(MAKE) -C raddb/certs
+ 	@printf "radiusd -C... "
+ 	@if ! ./build/make/jlibtool --mode=execute ./build/bin/radiusd -XCMd ./raddb -D ./share -n test > $(BUILD_DIR)/tests/radiusd.config.log; then \
+ 		@rm -f raddb/test.conf; \
+@@ -224,13 +223,6 @@
+ .PHONY: TAGS
+ TAGS:
+ 	etags `find src -type f -name '*.[ch]' -print` > $@
+-
+-#
+-#  Make test certificates.
+-#
+-.PHONY: certs
+-certs:
+-	@$(MAKE) -C raddb/certs
+ 
+ ######################################################################
+ #
+--- a/raddb/all.mk
++++ b/raddb/all.mk
+@@ -18,9 +18,6 @@
+ LOCAL_CERT_FILES :=	Makefile README xpextensions \
+ 			ca.cnf server.cnf client.cnf bootstrap
+ 
+-LOCAL_CERT_PRODUCTS :=	$(addprefix $(R)$(raddbdir)/certs/,ca.key ca.pem \
+-			client.key client.pem server.key server.pem)
+-
+ LEGACY_LINKS :=		$(addprefix $(R)$(raddbdir)/,users huntgroups hints)
+ 
+ RADDB_DIRS :=		certs mods-available mods-enabled policy.d \
+@@ -111,15 +108,6 @@
+ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize
+ 	@[ -e $@ ] || echo LN-S $(patsubst $(R)$(raddbdir)/%,raddb/%,$@)
+ 	@[ -e $@ ] || ln -s $(patsubst $(R)$(raddbdir)/%,./%,$<) $@
+-
+-$(LOCAL_CERT_PRODUCTS):
+-	@echo BOOTSTRAP raddb/certs/
+-	@$(MAKE) -C $(R)$(raddbdir)/certs/
+-
+-# Bootstrap is special
+-$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
+-	@echo INSTALL $(patsubst $(R)$(raddbdir)/%,raddb/%,$@)
+-	@$(INSTALL) -m 750 $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) $@
+ 
+ #  List directories before the file targets.
+ #  It's not clear why GNU Make doesn't deal well with this.
diff --git a/main/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch b/main/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch
new file mode 100644
index 0000000000..29c1a27f2a
--- /dev/null
+++ b/main/freeradius3/fix-potential-crash-with-SSHA-and-salts.patch
@@ -0,0 +1,48 @@
+From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Thu, 13 Feb 2014 13:49:54 +0000
+Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes
+
+---
+ src/modules/rlm_pap/rlm_pap.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
+index 689acf0..1bf6d4e 100644
+--- a/src/modules/rlm_pap/rlm_pap.c
++++ b/src/modules/rlm_pap/rlm_pap.c
+@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ {
+ 
+-	uint8_t buffer[64];
++	uint8_t buffer[256];
+ 
+ 	if (min_length >= sizeof(buffer)) return; /* paranoia */
+ 
+@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ 	 */
+ 	if (vp->length >= (2 * min_length)) {
+ 		size_t decoded;
+-		decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);
++		decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
+ 		if (decoded == (vp->length >> 1)) {
+-			RDEBUG2("Normalizing %s from hex encoding", vp->da->name);
++			RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
++				vp->da->name, vp->length, decoded);
+ 			pairmemcpy(vp, buffer, decoded);
+ 			return;
+ 		}
+@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ 					   sizeof(buffer));
+ 		if (decoded < 0) return;
+ 		if (decoded >= (ssize_t) min_length) {
+-			RDEBUG2("Normalizing %s from base64 encoding", vp->da->name);
++			RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",
++				vp->da->name, vp->length, decoded);
+ 			pairmemcpy(vp, buffer, decoded);
+ 			return;
+ 		}
+-- 
+1.8.5.5
+
diff --git a/main/freeradius3/freeradius3-301-default-config.patch b/main/freeradius3/freeradius3-301-default-config.patch
new file mode 100644
index 0000000000..dc30a6d436
--- /dev/null
+++ b/main/freeradius3/freeradius3-301-default-config.patch
@@ -0,0 +1,130 @@
+--- a/raddb/policy.d/accounting
++++ b/raddb/policy.d/accounting
+@@ -34,7 +34,7 @@
+ 	#
+ 	if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
+ 		update request {
+-			Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
++			&Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
+ 		}
+ 	}
+ 
+@@ -46,7 +46,7 @@
+ 	#
+ 	else {
+ 		update request {
+-			Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
++			&Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
+ 		 }
+ 	}
+ }
+@@ -65,8 +65,8 @@
+ #
+ acct_counters64.preacct {
+ 	update request {
+-		Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
+-		Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
++		&Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
++		&Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
+ 	}
+ }
+ 
+--- a/raddb/policy.d/eap
++++ b/raddb/policy.d/eap
+@@ -76,7 +76,7 @@
+ remove_reply_message_if_eap {
+ 	if(reply:EAP-Message && reply:Reply-Message) {
+ 		update reply {
+-			Reply-Message !* ANY
++			&Reply-Message !* ANY
+ 		}
+ 	}
+ 	else {
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -415,8 +415,8 @@
+ 	#  member.  This can allow for some finer-grained access
+ 	#  controls.
+ 	#
+-#	user = radius
+-#	group = radius
++	user = radius
++	group = radius
+ 
+ 	#  Core dumps are a bad thing.  This should only be set to
+ 	#  'yes' if you're debugging a problem with the server.
+--- a/raddb/sites-available/default
++++ b/raddb/sites-available/default
+@@ -314,9 +314,9 @@
+ 	#  for the many packets that go back and forth to set up TTLS
+ 	#  or PEAP.  The load on those servers will therefore be reduced.
+ 	#
+-	eap {
+-		ok = return
+-	}
++#	eap {
++#		ok = return
++#	}
+ 
+ 	#
+ 	#  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
+@@ -457,7 +457,7 @@
+ 
+ 	#
+ 	#  Allow EAP authentication.
+-	eap
++#	eap
+ 
+ 	#
+ 	#  The older configurations sent a number of attributes in
+@@ -748,7 +748,7 @@
+ 		# Insert EAP-Failure message if the request was
+ 		# rejected by policy instead of because of an
+ 		# authentication failure
+-		eap
++#		eap
+ 
+ 		#  Remove reply message if the response contains an EAP-Message
+ 		remove_reply_message_if_eap
+@@ -817,7 +817,7 @@
+ 	#  hidden inside of the EAP packet, and the end server will
+ 	#  reject the EAP request.
+ 	#
+-	eap
++#	eap
+ 
+ 	#
+ 	#  If the server tries to proxy a request and fails, then the
+--- a/raddb/sites-available/inner-tunnel
++++ b/raddb/sites-available/inner-tunnel
+@@ -116,9 +116,9 @@
+ 	#  for the many packets that go back and forth to set up TTLS
+ 	#  or PEAP.  The load on those servers will therefore be reduced.
+ 	#
+-	eap {
+-		ok = return
+-	}
++#	eap {
++#		ok = return
++#	}
+ 
+ 	#
+ 	#  Read the 'users' file
+@@ -227,7 +227,7 @@
+ 
+ 	#
+ 	#  Allow EAP authentication.
+-	eap
++#	eap
+ }
+ 
+ ######################################################################
+@@ -380,7 +380,7 @@
+ 	#  hidden inside of the EAP packet, and the end server will
+ 	#  reject the EAP request.
+ 	#
+-	eap
++#	eap
+ 
+ 	#
+ 	#  If the server tries to proxy a request and fails, then the
diff --git a/main/freeradius3/freeradius3-303-main-log-include.patch b/main/freeradius3/freeradius3-303-main-log-include.patch
new file mode 100644
index 0000000000..3f84eb639f
--- /dev/null
+++ b/main/freeradius3/freeradius3-303-main-log-include.patch
@@ -0,0 +1,11 @@
+--- a/src/main/log.c
++++ b/src/main/log.c
+@@ -42,6 +42,8 @@
+ #include <pthread.h>
+ #endif
+ 
++#include <fcntl.h>
++
+ bool rate_limit = true;
+ 
+ /*
diff --git a/main/freeradius3/freeradius3.confd b/main/freeradius3/freeradius3.confd
new file mode 100644
index 0000000000..9811289ba4
--- /dev/null
+++ b/main/freeradius3/freeradius3.confd
@@ -0,0 +1,5 @@
+# Config file for /etc/init.d/radiusd
+
+# see man pages for radiusd run `radiusd -h`
+# for valid cmdline options
+#RADIUSD_OPTS=""
diff --git a/main/freeradius3/freeradius3.initd b/main/freeradius3/freeradius3.initd
new file mode 100644
index 0000000000..251f34ff0a
--- /dev/null
+++ b/main/freeradius3/freeradius3.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+
+extra_started_commands="reload"
+run_dir="/var/run/radiusd"
+command="/usr/sbin/radiusd"
+command_args="$RADIUSD_OPTS"
+pidfile="$run_dir/radiusd.pid"
+name="Freeradius"
+conf="/etc/raddb/radiusd.conf"
+user="$(grep -v '#' $conf | grep 'user =' | awk -F " = " '{ print $2 }')"
+group="$(grep -v '#' $conf |grep 'group =' | awk -F " = " '{ print $2 }')"
+
+depend() {
+	need net
+	after firewall
+	use dns
+}
+
+start_pre() {
+	checkpath --directory --owner ${user}:${group} --mode 0775 ${run_dir}
+}
+
+reload () {
+	ebegin "Reloading $name"
+	kill -HUP `cat $pidfile`
+	eend $?
+}
diff --git a/main/freeradius3/freeradius3.pre-install b/main/freeradius3/freeradius3.pre-install
new file mode 100644
index 0000000000..30ff04814e
--- /dev/null
+++ b/main/freeradius3/freeradius3.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup radius 2>/dev/null
+adduser -S -G radius -h /var/log/radius -s /sbin/nologin -D radius 2>/dev/null
+exit 0
+
diff --git a/main/freeradius3/musl-fix-headers.patch b/main/freeradius3/musl-fix-headers.patch
new file mode 100644
index 0000000000..cb8f5c0a71
--- /dev/null
+++ b/main/freeradius3/musl-fix-headers.patch
@@ -0,0 +1,10 @@
+--- ./src/modules/rlm_sql/sql.c.orig
++++ ./src/modules/rlm_sql/sql.c
+@@ -33,6 +33,7 @@
+ #include	<sys/stat.h>
+ 
+ #include	<ctype.h>
++#include	<fcntl.h>
+ 
+ #include	"rlm_sql.h"
+
author	Leonardo Arena <rnalrd@alpinelinux.org>	2014-07-15 09:29:14 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2014-07-15 13:59:07 +0000
commit	b6dcbeb82068ae92f20137b4b1983d0e07502060 (patch)
tree	9e9b247bd27bd2f27c2f8c7447009f30adca50c7 /main
parent	ab2455dfa1bf09b214ebad2e89a1cac68a82eecf (diff)
download	aports-b6dcbeb82068ae92f20137b4b1983d0e07502060.tar.bz2 aports-b6dcbeb82068ae92f20137b4b1983d0e07502060.tar.xz