bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[packages] freeradius2: update to version 2.1.12

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@30465 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
hauke 2012-02-12 08:31:02 +00:00
parent 42489ea6b6
commit 2c91feb833
4 changed files with 76 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
net/freeradius2/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius2
PKG_VERSION:=2.1.10
PKG_RELEASE:=3
PKG_VERSION:=2.1.12
PKG_RELEASE:=1
PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/
PKG_MD5SUM:=8ea2bd39460a06212decf2c14fdf3fb8
PKG_MD5SUM:=862d3a2c11011e61890ba84fa636ed8c
PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
PKG_FIXUP:=libtool
@ -366,6 +366,25 @@ CONFIGURE_ARGS+= \
--without-rlm_opendirectory \
--without-rlm_wimax \
--without-rlm_ruby \
--without-rlm_caching \
--without-rlm_redis \
--without-rlm_rediswho \
--without-rlm_soh \
--without-rlm_sim \
--without-rlm_replicate \
--without-rlm_protocol_filter \
--without-rlm_policy \
--without-rlm_linelog \
--without-rlm_jradius \
--without-rlm_fastusers \
--without-rlm_eap_leap \
--without-rlm_dynamic_clients \
--without-rlm_digest \
--without-rlm_cram \
--without-rlm_copy_packet \
--without-rlm_acct_unique \
--without-rlm_acctlog
PKG_DICTIONARIES:= \
freeradius freeradius.internal \

10
net/freeradius2/patches/001-fix-makefile.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/Make.inc.in
+++ b/Make.inc.in
@@ -5,6 +5,7 @@
#
# Location of files.
+SHELL = @SHELL@
prefix = @prefix@
exec_prefix = @exec_prefix@
sysconfdir = @sysconfdir@

88
net/freeradius2/patches/002-config.patch
View File

@ -1,6 +1,6 @@
--- a/raddb/dictionary.in
+++ b/raddb/dictionary.in
@@ -11,7 +11,7 @@
@@ -23,7 +23,7 @@
#
# The filename given here should be an absolute path.
#
@ -80,16 +80,16 @@
# Check the Certificate Revocation List
#
@@ -271,7 +271,7 @@
# configuration. It is here ONLY to make
# initial deployments easier.
@@ -281,7 +281,7 @@
# for the server to print out an error message,
# and refuse to start.
#
- make_cert_command = "${certdir}/bootstrap"
+ # make_cert_command = "${certdir}/bootstrap"
#
# Session resumption / fast reauthentication
@@ -299,7 +299,7 @@
# Elliptical cryptography configuration
@@ -316,7 +316,7 @@
# You probably also want "use_tunneled_reply = yes"
# when using fast session resumption.
#
@ -98,7 +98,7 @@
#
# Enable it. The default is "no".
# Deleting the entire "cache" subsection
@@ -315,14 +315,14 @@
@@ -332,14 +332,14 @@
# enable resumption for just one user
# by setting the above attribute to "yes".
#
@ -115,7 +115,7 @@
#
# The maximum number of entries in the
@@ -331,8 +331,8 @@
@@ -348,8 +348,8 @@
# This could be set to the number of users
# who are logged in... which can be a LOT.
#
@ -126,7 +126,7 @@
#
# As of version 2.1.10, client certificates can be
@@ -394,7 +394,7 @@
@@ -449,7 +449,7 @@
#
# in the control items for a request.
#
@ -135,7 +135,7 @@
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
@@ -402,7 +402,7 @@
@@ -457,7 +457,7 @@
# If the request does not contain an EAP
# conversation, then this configuration entry
# is ignored.
@ -144,7 +144,7 @@
# The tunneled authentication request does
# not usually contain useful attributes
@@ -418,7 +418,7 @@
@@ -473,7 +473,7 @@
# is copied to the tunneled request.
#
# allowed values: {no, yes}
@ -153,7 +153,7 @@
# The reply attributes sent to the NAS are
# usually based on the name of the user
@@ -431,7 +431,7 @@
@@ -486,7 +486,7 @@
# the tunneled request.
#
# allowed values: {no, yes}
@ -162,7 +162,7 @@
#
# The inner tunneled request can be sent
@@ -443,13 +443,13 @@
@@ -498,13 +498,13 @@
# the virtual server that processed the
# outer requests.
#
@ -178,7 +178,7 @@
##################################################
#
@@ -518,14 +518,14 @@
@@ -573,14 +573,14 @@
# the PEAP module also has these configuration
# items, which are the same as for TTLS.
@ -196,16 +196,16 @@
#
# The inner tunneled request can be sent
@@ -537,7 +537,8 @@
@@ -592,7 +592,8 @@
# the virtual server that processed the
# outer requests.
#
- virtual_server = "inner-tunnel"
+ # virtual_server = "inner-tunnel"
+ EAP-TLS-Require-Client-Cert = no
}
#
# This option enables support for MS-SoH
# see doc/SoH.txt for more info.
--- a/raddb/modules/counter
+++ b/raddb/modules/counter
@@ -69,7 +69,7 @@
@ -219,9 +219,9 @@
reset = daily
--- a/raddb/modules/pap
+++ b/raddb/modules/pap
@@ -14,5 +14,5 @@
# with the correct value. It will also automatically handle
# Base-64 encoded data, hex strings, and binary data.
@@ -18,5 +18,5 @@
#
# http://www.openldap.org/faq/data/cache/347.html
pap {
- auto_header = no
+ auto_header = yes
@ -288,7 +288,7 @@
# CLIENTS CONFIGURATION
@@ -722,7 +722,7 @@ instantiate {
@@ -739,7 +739,7 @@ instantiate {
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
@ -297,7 +297,7 @@
#
# The expression module doesn't do authorization,
@@ -735,15 +735,15 @@ instantiate {
@@ -752,15 +752,15 @@ instantiate {
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
@ -316,7 +316,7 @@
# subsections here can be thought of as "virtual" modules.
#
@@ -767,7 +767,7 @@ instantiate {
@@ -784,7 +784,7 @@ instantiate {
# to multiple times.
#
######################################################################
@ -325,7 +325,7 @@
######################################################################
#
@@ -777,9 +777,9 @@ $INCLUDE policy.conf
@@ -794,9 +794,9 @@ $INCLUDE policy.conf
# match the regular expression: /[a-zA-Z0-9_.]+/
#
# It allows you to define new virtual servers simply by placing
@ -337,7 +337,7 @@
######################################################################
#
@@ -787,7 +787,7 @@ $INCLUDE sites-enabled/
@@ -804,7 +804,7 @@ $INCLUDE sites-enabled/
# "authenticate {}", "accounting {}", have been moved to the
# the file:
#
@ -348,7 +348,7 @@
# configuration as in version 1.0.x and 1.1.x. The default
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -67,7 +67,7 @@ authorize {
@@ -85,7 +85,7 @@ authorize {
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
@ -357,7 +357,7 @@
#
# If you want to have a log of authentication requests,
@@ -78,7 +78,7 @@ authorize {
@@ -96,7 +96,7 @@ authorize {
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
@ -366,7 +366,7 @@
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -86,13 +86,13 @@ authorize {
@@ -104,13 +104,13 @@ authorize {
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
@ -382,7 +382,7 @@
#
# The WiMAX specification says that the Calling-Station-Id
@@ -115,7 +115,7 @@ authorize {
@@ -133,7 +133,7 @@ authorize {
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
@ -391,7 +391,7 @@
# ntdomain
#
@@ -177,8 +177,8 @@ authorize {
@@ -195,8 +195,8 @@ authorize {
# Use the checkval module
# checkval
@ -402,7 +402,7 @@
#
# If no other module has claimed responsibility for
@@ -259,7 +259,7 @@ authenticate {
@@ -277,7 +277,7 @@ authenticate {
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
@ -411,7 +411,7 @@
#
# Pluggable Authentication Modules.
@@ -276,7 +276,7 @@ authenticate {
@@ -294,7 +294,7 @@ authenticate {
# be used for authentication ONLY for compatibility with legacy
# FreeRADIUS configurations.
#
@ -420,7 +420,7 @@
# Uncomment it if you want to use ldap for authentication
#
@@ -312,8 +312,8 @@ authenticate {
@@ -330,8 +330,8 @@ authenticate {
#
# Pre-accounting. Decide which accounting type to use.
#
@ -431,7 +431,7 @@
#
# Session start times are *implied* in RADIUS.
@@ -336,7 +336,7 @@ preacct {
@@ -354,7 +354,7 @@ preacct {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
@ -440,7 +440,7 @@
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -346,13 +346,13 @@ preacct {
@@ -364,13 +364,13 @@ preacct {
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
@ -457,7 +457,7 @@
#
# Accounting. Log the accounting data.
@@ -362,7 +362,7 @@ accounting {
@@ -380,7 +380,7 @@ accounting {
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
@ -466,7 +466,7 @@
# daily
# Update the wtmp file
@@ -414,7 +414,7 @@ accounting {
@@ -432,7 +432,7 @@ accounting {
exec
# Filter attributes from the accounting response.
@ -475,7 +475,7 @@
#
# See "Autz-Type Status-Server" for how this works.
@@ -440,7 +440,7 @@ session {
@@ -458,7 +458,7 @@ session {
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
@ -484,7 +484,7 @@
# Get an address from the IP Pool.
# main_pool
@@ -470,7 +470,7 @@ post-auth {
@@ -488,7 +488,7 @@ post-auth {
# ldap
# For Exec-Program and Exec-Program-Wait
@ -493,7 +493,7 @@
#
# Calculate the various WiMAX keys. In order for this to work,
@@ -540,12 +540,12 @@ post-auth {
@@ -558,12 +558,12 @@ post-auth {
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module configuration
#
@ -511,7 +511,7 @@
#
# When the server decides to proxy a request to a home server,
@@ -555,7 +555,7 @@ post-auth {
@@ -573,7 +573,7 @@ post-auth {
#
# Only a few modules currently have this method.
#
@ -520,7 +520,7 @@
# attr_rewrite
# Uncomment the following line if you want to change attributes
@@ -571,14 +571,14 @@ pre-proxy {
@@ -589,14 +589,14 @@ pre-proxy {
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
# pre_proxy_log
@ -537,7 +537,7 @@
# If you want to have a log of replies from a home server,
# un-comment the following line, and the 'detail post_proxy_log'
@@ -602,7 +602,7 @@ post-proxy {
@@ -620,7 +620,7 @@ post-proxy {
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
@ -546,7 +546,7 @@
#
# If the server tries to proxy a request and fails, then the
@@ -624,5 +624,5 @@ post-proxy {
@@ -642,5 +642,5 @@ post-proxy {
# Post-Proxy-Type Fail {
# detail
# }

14
net/freeradius2/patches/009-sql_sqlite_c.patch
View File

@ -1,14 +0,0 @@
--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/sql_sqlite.c
+++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/sql_sqlite.c
@@ -138,10 +138,7 @@ static int sql_query(SQLSOCK * sqlsocket
static int sql_select_query(SQLSOCK *sqlsocket, SQL_CONFIG *config,
char *querystr)
{
- if (strstr(querystr, "nas") != NULL)
- return sql_query(sqlsocket, config, querystr);
-
- return 0;
+ return sql_query(sqlsocket, config, querystr);
}