Import freeradius2

Also bump to version 2.2.5 and add myself as maintainer.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle 2014-06-13 16:16:14 +02:00
parent 1f5741a773
commit 0238c3c231
8 changed files with 5572 additions and 0 deletions

14
net/freeradius2/Config.in Normal file
View File

@ -0,0 +1,14 @@
# FreeRADIUS avanced configuration
choice
prompt "SSL library"
default FREERADIUS_OPENSSL
depends on PACKAGE_freeradius2-common
config FREERADIUS_NOSSL
bool "No SSL support"
config FREERADIUS_OPENSSL
bool "OpenSSL"
endchoice

632
net/freeradius2/Makefile Normal file
View File

@ -0,0 +1,632 @@
#
# Copyright (C) 2008-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius2
PKG_VERSION:=2.2.5
PKG_RELEASE:=1
PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/
PKG_MD5SUM:=40535bace507d7a3134c3d858f3cbc5a
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
PKG_FIXUP:=autoreconf
PKG_CONFIG_DEPENDS := \
FREERADIUS_OPENSSL \
FREERADIUS_NOSSL
include $(INCLUDE_DIR)/package.mk
define Package/freeradius2/config
source "$(SOURCE)/Config.in"
endef
define Package/freeradius2/Default
SECTION:=net
CATEGORY:=Network
URL:=http://freeradius.org/
SUBMENU:=FreeRADIUS (version 2)
endef
define Package/freeradius2
$(call Package/freeradius2/Default)
DEPENDS:=+libltdl +libreadline +freeradius2-common
TITLE:=A flexible RADIUS server (version 2)
endef
define Package/freeradius2/conffiles
/etc/freeradius2/clients.conf
/etc/freeradius2/radiusd.conf
/etc/freeradius2/sites/default
endef
define Package/freeradius2-democerts
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Demo certificates to test the server
endef
define Package/freeradius2-common
$(call Package/freeradius2/Default)
TITLE:=common files
DEPENDS:=+libpthread +FREERADIUS_OPENSSL:libopenssl
endef
define Package/freeradius2-mod-chap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=CHAP module
endef
define Package/freeradius2-mod-chap/conffiles
/etc/freeradius2/modules/chap
endef
define Package/freeradius2-mod-detail
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Detailed accounting module
endef
define Package/freeradius2-mod-detail/conffiles
/etc/freeradius2/modules/detail
endef
define Package/freeradius2-mod-eap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Base EAP module
endef
define Package/freeradius2-mod-eap/conffiles
/etc/freeradius2/eap.conf
endef
define Package/freeradius2-mod-eap-gtc
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap
TITLE:=EAP/GTC module
endef
define Package/freeradius2-mod-eap-md5
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap
TITLE:=EAP/MD5 module
endef
define Package/freeradius2-mod-eap-mschapv2
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap +freeradius2-mod-mschap
TITLE:=EAP/MS-CHAPv2 module
endef
define Package/freeradius2-mod-eap-peap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap @FREERADIUS_OPENSSL
TITLE:=EAP/PEAP module
endef
define Package/freeradius2-mod-eap-tls
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap @FREERADIUS_OPENSSL
TITLE:=EAP/TLS module
endef
define Package/freeradius2-mod-eap-ttls
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-eap-tls
TITLE:=EAP/TTLS module
endef
define Package/freeradius2-mod-exec
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=EXEC module
endef
define Package/freeradius2-mod-exec/conffiles
/etc/freeradius2/modules/exec
endef
define Package/freeradius2-mod-expiration
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Expiration module
endef
define Package/freeradius2-mod-expiration/conffiles
/etc/freeradius2/modules/expiration
endef
define Package/freeradius2-mod-always
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Always module
endef
define Package/freeradius2-mod-always/conffiles
/etc/freeradius2/modules/always
endef
define Package/freeradius2-mod-expr
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=EXPR module
endef
define Package/freeradius2-mod-expr/conffiles
/etc/freeradius2/modules/expr
endef
define Package/freeradius2-mod-attr-filter
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=ATTR filter module
endef
define Package/freeradius2-mod-attr-filter/conffiles
/etc/freeradius2/modules/attr_filter
/etc/freeradius2/attrs
/etc/freeradius2/attrs.access_reject
/etc/freeradius2/attrs.accounting_response
/etc/freeradius2/attrs.pre-proxy
endef
define Package/freeradius2-mod-attr-rewrite
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=ATTR rewrite module
endef
define Package/freeradius2-mod-attr-rewrite/conffiles
/etc/freeradius2/modules/attr_rewrite
endef
define Package/freeradius2-mod-files
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Module using local files for authorization
endef
define Package/freeradius2-mod-files/conffiles
/etc/freeradius2/acct_users
/etc/freeradius2/preproxy_users
/etc/freeradius2/users
/etc/freeradius2/modules/files
endef
define Package/freeradius2-mod-passwd
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Rlm passwd module
endef
define Package/freeradius2-mod-passwd/conffiles
/etc/freeradius2/modules/passwd
endef
define Package/freeradius2-mod-ldap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2 +PACKAGE_freeradius2-mod-ldap:libopenldap
TITLE:=LDAP module
endef
define Package/freeradius2-mod-ldap/conffiles
/etc/freeradius2/ldap.attrmap
/etc/freeradius2/modules/ldap
endef
define Package/freeradius2-mod-logintime
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Logintime module
endef
define Package/freeradius2-mod-logintime/conffiles
/etc/freeradius2/modules/logintime
endef
define Package/freeradius2-mod-mschap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=MS-CHAP and MS-CHAPv2 module
endef
define Package/freeradius2-mod-mschap/conffiles
/etc/freeradius2/modules/mschap
endef
define Package/freeradius2-mod-pap
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=PAP module
endef
define Package/freeradius2-mod-pap/conffiles
/etc/freeradius2/modules/pap
endef
define Package/freeradius2-mod-preprocess
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Request pre-processing module
endef
define Package/freeradius2-mod-preprocess/conffiles
/etc/freeradius2/hints
/etc/freeradius2/huntgroups
/etc/freeradius2/modules/preprocess
endef
define Package/freeradius2-mod-realm
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Realms handling module
endef
define Package/freeradius2-mod-realm/conffiles
/etc/freeradius2/proxy.conf
/etc/freeradius2/modules/realm
endef
define Package/freeradius2-mod-sql
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Base SQL module
endef
define Package/freeradius2-mod-sql/conffiles
/etc/freeradius2/sql.conf
endef
define Package/freeradius2-mod-sql-mysql
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-sql \
+PACKAGE_freeradius2-mod-sql-mysql:libmysqlclient-r
TITLE:=MySQL module
endef
define Package/freeradius2-mod-sql-pgsql
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-sql \
+PACKAGE_freeradius2-mod-sql-pgsql:libpq
TITLE:=PostgreSQL module
endef
define Package/freeradius2-mod-sql-sqlite
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-sql \
+PACKAGE_freeradius2-mod-sql-sqlite:libsqlite3
TITLE:=SQLite module
endef
define Package/freeradius2-mod-sqlcounter
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2-mod-sql
TITLE:=Generic SQL Counter module
endef
define Package/freeradius2-mod-radutmp
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=Radius UTMP module
endef
define Package/freeradius2-mod-radutmp/conffiles
/etc/freeradius2/modules/radutmp
/etc/freeradius2/modules/sradutmp
endef
define Package/freeradius2-utils
$(call Package/freeradius2/Default)
DEPENDS:=+freeradius2-common
TITLE:=Misc. client utilities
endef
define Package/freeradius2-mod-sqllog
$(call Package/freeradius2/Default)
DEPENDS:=freeradius2
TITLE:=SQL Logging module
endef
CONFIGURE_ARGS+= \
--libdir=/usr/lib/freeradius2 \
--libexecdir=/usr/lib/freeradius2 \
--enable-shared \
--disable-static \
--disable-developer \
--with-threads \
$(if $(CONFIG_FREERADIUS_OPENSSL),--with,--without)-openssl \
$(if $(CONFIG_FREERADIUS_OPENSSL),--with-openssl-includes="$(STAGING_DIR)/usr/include",) \
$(if $(CONFIG_FREERADIUS_OPENSSL),--with-openssl-libraries="$(STAGING_DIR)/usr/lib",) \
--with-system-libtool \
--with-system-libltdl \
--enable-strict-dependencies \
--with-raddbdir=/etc/freeradius2 \
--with-radacctdir=/var/db/radacct \
--with-logdir=/var/log \
--without-edir \
--without-snmp \
--without-rlm_checkval \
--without-rlm_dbm \
--without-rlm_counter \
--with-rlm_expr \
--with-rlm_eap \
--without-rlm_eap_sim \
--without-rlm_example \
--without-rlm_ippool \
--without-rlm_krb5 \
--without-rlm_otp \
--without-rlm_smsotp \
--without-rlm_pam \
--without-rlm_perl \
--without-rlm_python \
--without-rlm_smb \
--with-rlm_sql \
--with-rlm_sqlcounter \
--without-rlm_sqlhpwippool \
--without-rlm_sqlippool \
--without-rlm_sql_db2 \
--without-rlm_sql_firebird \
--without-rlm_sql_freetds \
--without-rlm_sql_iodbc \
--without-rlm_sql_oracle \
--without-rlm_sql_sybase \
--without-rlm_sql_unixodbc \
--without-rlm_sql_log \
--without-rlm_unix \
--without-rlm_eap_tnc \
--without-rlm_eap_ikev2 \
--without-rlm_opendirectory \
--without-rlm_wimax \
--without-rlm_ruby \
--without-rlm_caching \
--without-rlm_redis \
--without-rlm_rediswho \
--without-rlm_soh \
--without-rlm_sim \
--without-rlm_replicate \
--without-rlm_protocol_filter \
--without-rlm_policy \
--without-rlm_linelog \
--without-rlm_jradius \
--without-rlm_fastusers \
--without-rlm_eap_leap \
--without-rlm_dynamic_clients \
--without-rlm_digest \
--without-rlm_cram \
--without-rlm_copy_packet \
--without-rlm_acct_unique \
--without-rlm_acctlog
PKG_DICTIONARIES:= \
freeradius freeradius.internal \
rfc2865 rfc2866 rfc2867 rfc2868 rfc2869 rfc3162 rfc3576 rfc3580 \
rfc4372 rfc4675 rfc4679 \
microsoft \
wispr \
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-ldap),)
CONFIGURE_ARGS+= \
--with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \
--with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib"
CONFIGURE_LIBS+= -lcrypto -lssl
else
CONFIGURE_ARGS+= --without-rlm_ldap
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-mysql),)
CONFIGURE_ARGS+= \
--with-mysql-include-dir="$(STAGING_DIR)/usr/include" \
--with-mysql-lib-dir="$(STAGING_DIR)/usr/lib/mysql"
CONFIGURE_LIBS+= -lz
CONFIGURE_VARS+= ac_cv_lib_mysqlclient_r_mysql_init=yes
else
CONFIGURE_ARGS+= --without-rlm_sql_mysql
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-pgsql),)
CONFIGURE_ARGS+= \
--with-rlm_sql_postgresql-include-dir="$(STAGING_DIR)/usr/include" \
--with-rlm_sql_postgresql-lib-dir="$(STAGING_DIR)/usr/lib"
else
CONFIGURE_ARGS+= --without-rlm_sql_postgresql
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sqllog),)
CONFIGURE_ARGS+= \
--with-rlm_sql_log \
--with-experimental-modules \
else
CONFIGURE_ARGS+= --without-rlm_sql_log
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-sqlite),)
CONFIGURE_ARGS+= \
--with-rlm_sql_sqlite \
--with-experimental-modules \
--with-sqlite-include-dir="$(STAGING_DIR)/usr/include" \
--with-sqlite-lib-dir="$(STAGING_DIR)/usr/lib"
else
CONFIGURE_ARGS+= --without-rlm_sql_sqlite
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-peap),)
CONFIGURE_ARGS+= \
--with-rlm_eap_peap \
--with-rlm_eap_peap-include-dir="$(STAGING_DIR)/usr/include" \
--with-rlm_eap_peap-lib-dir="$(STAGING_DIR)/usr/lib"
CONFIGURE_LIBS+= -lcrypto -lssl
else
CONFIGURE_ARGS+= --without-rlm_eap_peap
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-tls),)
CONFIGURE_ARGS+= \
--with-rlm_eap_tls \
--with-rlm_eap_tls-include-dir="$(STAGING_DIR)/usr/include" \
--with-rlm_eap_tls-lib-dir="$(STAGING_DIR)/usr/lib"
CONFIGURE_LIBS+= -lcrypto -lssl
else
CONFIGURE_ARGS+= --without-rlm_eap_tls
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-ttls),)
CONFIGURE_ARGS+= \
--with-rlm_eap_ttls \
--with-rlm_eap_ttls-include-dir="$(STAGING_DIR)/usr/include" \
--with-rlm_eap_ttls-lib-dir="$(STAGING_DIR)/usr/lib"
CONFIGURE_LIBS+= -lcrypto -lssl
else
CONFIGURE_ARGS+= --without-rlm_eap_ttls
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-attr-rewrite),)
CONFIGURE_ARGS+= --with-rlm_attr-rewrite
else
CONFIGURE_ARGS+= --without-rlm_attr-rewrite
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-radutmp),)
CONFIGURE_ARGS+= --with-rlm_radutmp
else
CONFIGURE_ARGS+= --without-rlm_radutmp
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-logintime),)
CONFIGURE_ARGS+= --with-rlm_logintime
else
CONFIGURE_ARGS+= --without-rlm_logintime
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-expiration),)
CONFIGURE_ARGS+= --with-rlm_expiration
else
CONFIGURE_ARGS+= --without-rlm_expiration
endif
ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-always),)
CONFIGURE_ARGS+= --with-rlm_always
else
CONFIGURE_ARGS+= --without-rlm_always
endif
CONFIGURE_VARS+= \
LDFLAGS="$$$$LDFLAGS" \
LIBS="$(CONFIGURE_LIBS)" \
MYSQL_CONFIG="no" \
ac_cv_lib_readline=no \
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
R="$(PKG_INSTALL_DIR)" \
INSTALLSTRIP="" \
all certs install
endef
define Package/freeradius2-common/install
$(INSTALL_DIR) $(1)/etc/freeradius2
chmod 771 $(1)/etc/freeradius2
$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/dictionary $(1)/etc/freeradius2/ ; \
$(INSTALL_DIR) $(1)/usr/lib/freeradius2
$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/libfreeradius-radius{,-*}.so $(1)/usr/lib/freeradius2
$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/libfreeradius-eap{,-*}.so $(1)/usr/lib/freeradius2
$(INSTALL_DIR) $(1)/usr/share/freeradius2
$(CP) $(PKG_INSTALL_DIR)/usr/share/freeradius/dictionary $(1)/usr/share/freeradius2/
$(SED) "s,^\(\$$$$INCLUDE\),#\1,g" $(1)/usr/share/freeradius2/dictionary
for f in $(PKG_DICTIONARIES); do \
$(CP) $(PKG_INSTALL_DIR)/usr/share/freeradius/dictionary.$$$${f} $(1)/usr/share/freeradius2/ ; \
$(SED) "s,^#\(\$$$$INCLUDE dictionary\.$$$${f}\),\1,g" $(1)/usr/share/freeradius2/dictionary ; \
done
endef
define Package/freeradius2/install
$(INSTALL_DIR) $(1)/etc/freeradius2/modules
$(INSTALL_DIR) $(1)/etc/freeradius2/sites
for f in clients.conf radiusd.conf policy.conf; do \
$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/$$$${f} $(1)/etc/freeradius2/ ; \
done
$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/sites-available/default $(1)/etc/freeradius2/sites/default
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/radiusd $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/radiusd.init $(1)/etc/init.d/radiusd
endef
define Package/freeradius2-democerts/install
$(INSTALL_DIR) $(1)/etc/freeradius2/certs
$(CP) \
$(PKG_BUILD_DIR)/raddb/certs/ca.pem \
$(PKG_BUILD_DIR)/raddb/certs/dh \
$(PKG_BUILD_DIR)/raddb/certs/random \
$(PKG_BUILD_DIR)/raddb/certs/server.pem \
$(1)/etc/freeradius2/certs/
endef
define Package/freeradius2-utils/install
$(INSTALL_DIR) $(1)/usr/bin
for f in radclient radeapclient radwho; do \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/$$$${f} $(1)/usr/bin/ ; \
done
endef
define BuildPlugin
define Package/$(1)/install
[ -z "$(2)" ] || $(INSTALL_DIR) $$(1)/usr/lib/freeradius2
for m in $(2); do \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/$$$$$$$${m}{,-*}.so $$(1)/usr/lib/freeradius2 ; \
done
[ -z "$(3)" ] || $(INSTALL_DIR) $$(1)/etc/freeradius2
[ -z "$(4)" ] || $(INSTALL_DIR) $$(1)/etc/freeradius2/$(4)
for f in $(3); do \
$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/$$$$$$$${f} $$(1)/etc/freeradius2/$$$$$$$${f} ; \
done
endef
$$(eval $$(call BuildPackage,$(1)))
endef
$(eval $(call BuildPackage,freeradius2))
$(eval $(call BuildPackage,freeradius2-common))
$(eval $(call BuildPackage,freeradius2-democerts))
$(eval $(call BuildPlugin,freeradius2-mod-chap,rlm_chap,modules/chap,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-detail,rlm_detail,modules/detail,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-eap,rlm_eap,eap.conf))
$(eval $(call BuildPlugin,freeradius2-mod-eap-gtc,rlm_eap_gtc,))
$(eval $(call BuildPlugin,freeradius2-mod-eap-md5,rlm_eap_md5,))
$(eval $(call BuildPlugin,freeradius2-mod-eap-mschapv2,rlm_eap_mschapv2,))
$(eval $(call BuildPlugin,freeradius2-mod-eap-peap,rlm_eap_peap,))
$(eval $(call BuildPlugin,freeradius2-mod-eap-tls,rlm_eap_tls,))
$(eval $(call BuildPlugin,freeradius2-mod-eap-ttls,rlm_eap_ttls,))
$(eval $(call BuildPlugin,freeradius2-mod-exec,rlm_exec,modules/exec modules/echo ,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-attr-rewrite,rlm_attr_rewrite,modules/attr_rewrite,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-files,rlm_files,acct_users preproxy_users users modules/files,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-passwd,rlm_passwd,modules/passwd,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-ldap,rlm_ldap,ldap.attrmap modules/ldap,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-mschap,rlm_mschap,modules/mschap,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-pap,rlm_pap,modules/pap,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-preprocess,rlm_preprocess,hints huntgroups modules/preprocess,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-realm,rlm_realm,proxy.conf modules/realm modules/inner-eap,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-sql,rlm_sql,sql.conf,))
$(eval $(call BuildPlugin,freeradius2-mod-sql-mysql,rlm_sql_mysql,))
$(eval $(call BuildPlugin,freeradius2-mod-sql-pgsql,rlm_sql_postgresql,))
$(eval $(call BuildPlugin,freeradius2-mod-sql-sqlite,rlm_sql_sqlite,))
$(eval $(call BuildPlugin,freeradius2-mod-sqlcounter,rlm_sqlcounter,))
$(eval $(call BuildPlugin,freeradius2-mod-sqllog,rlm_sql_log,))
$(eval $(call BuildPlugin,freeradius2-mod-radutmp,rlm_radutmp,modules/radutmp modules/sradutmp,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-logintime,rlm_logintime,modules/logintime,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-expr,rlm_expr,modules/expr,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-attr-filter,rlm_attr_filter,modules/attr_filter attrs attrs.access_reject attrs.accounting_response attrs.pre-proxy,modules,,))
$(eval $(call BuildPlugin,freeradius2-mod-expiration,rlm_expiration,modules/expiration,modules,))
$(eval $(call BuildPlugin,freeradius2-mod-always,rlm_always,modules/always,modules,))
$(eval $(call BuildPackage,freeradius2-utils))

View File

@ -0,0 +1,22 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=50
DEFAULT=/etc/default/radiusd
LOG_D=/var/log
RUN_D=/var/run
PID_F=$RUN_D/radiusd.pid
RADACCT_D=/var/db/radacct
IPADDR=$(ifconfig br-lan | sed -n 's/.*dr:\(.*\)Bc.*/\1/p')
start() {
[ -f $DEFAULT ] && . $DEFAULT
mkdir -p $LOG_D
mkdir -p $RUN_D
mkdir -p $RADACCT_D
radiusd -i $IPADDR -p 1812,1813 $OPTIONS
}
stop() {
[ -f $PID_F ] && kill $(cat $PID_F)
}

View File

@ -0,0 +1,10 @@
--- a/Make.inc.in
+++ b/Make.inc.in
@@ -5,6 +5,7 @@
#
# Location of files.
+SHELL = @SHELL@
prefix = @prefix@
exec_prefix = @exec_prefix@
sysconfdir = @sysconfdir@

View File

@ -0,0 +1,588 @@
--- a/raddb/dictionary.in
+++ b/raddb/dictionary.in
@@ -11,7 +11,7 @@
#
# The filename given here should be an absolute path.
#
-$INCLUDE @prefix@/share/freeradius/dictionary
+$INCLUDE @prefix@/share/freeradius2/dictionary
#
# Place additional attributes or $INCLUDEs here. They will
--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -27,7 +27,7 @@
# then that EAP type takes precedence over the
# default type configured here.
#
- default_eap_type = md5
+ default_eap_type = peap
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
@@ -72,8 +72,8 @@
# for wireless connections. It is insecure, and does
# not provide for dynamic WEP keys.
#
- md5 {
- }
+# md5 {
+# }
# Cisco LEAP
#
@@ -87,8 +87,8 @@
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
- leap {
- }
+# leap {
+# }
# Generic Token Card.
#
@@ -101,7 +101,7 @@
# the users password will go over the wire in plain-text,
# for anyone to see.
#
- gtc {
+# gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
@@ -118,8 +118,8 @@
# configured for the request, and do the
# authentication itself.
#
- auth_type = PAP
- }
+# auth_type = PAP
+# }
## EAP-TLS
#
@@ -215,7 +215,7 @@
# In these cases, fragment size should be
# 1024 or less.
#
- # fragment_size = 1024
+ fragment_size = 1024
# include_length is a flag which is
# by default set to yes If set to
@@ -225,7 +225,7 @@
# message is included ONLY in the
# First packet of a fragment series.
#
- # include_length = yes
+ include_length = yes
# Check the Certificate Revocation List
#
@@ -297,7 +297,7 @@
# for the server to print out an error message,
# and refuse to start.
#
- make_cert_command = "${certdir}/bootstrap"
+ # make_cert_command = "${certdir}/bootstrap"
#
# Elliptical cryptography configuration
@@ -332,7 +332,7 @@
# You probably also want "use_tunneled_reply = yes"
# when using fast session resumption.
#
- cache {
+ # cache {
#
# Enable it. The default is "no".
# Deleting the entire "cache" subsection
@@ -348,14 +348,14 @@
# enable resumption for just one user
# by setting the above attribute to "yes".
#
- enable = no
+ # enable = no
#
# Lifetime of the cached entries, in hours.
# The sessions will be deleted after this
# time.
#
- lifetime = 24 # hours
+ # lifetime = 24 # hours
#
# The maximum number of entries in the
@@ -364,8 +364,8 @@
# This could be set to the number of users
# who are logged in... which can be a LOT.
#
- max_entries = 255
- }
+ # max_entries = 255
+ # }
#
# As of version 2.1.10, client certificates can be
@@ -503,7 +503,7 @@
#
# in the control items for a request.
#
- ttls {
+# ttls {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
@@ -511,7 +511,7 @@
# If the request does not contain an EAP
# conversation, then this configuration entry
# is ignored.
- default_eap_type = md5
+# default_eap_type = mschapv2
# The tunneled authentication request does
# not usually contain useful attributes
@@ -527,7 +527,7 @@
# is copied to the tunneled request.
#
# allowed values: {no, yes}
- copy_request_to_tunnel = no
+# copy_request_to_tunnel = yes
# The reply attributes sent to the NAS are
# usually based on the name of the user
@@ -540,7 +540,7 @@
# the tunneled request.
#
# allowed values: {no, yes}
- use_tunneled_reply = no
+# use_tunneled_reply = no
#
# The inner tunneled request can be sent
@@ -552,13 +552,13 @@
# the virtual server that processed the
# outer requests.
#
- virtual_server = "inner-tunnel"
+# virtual_server = "inner-tunnel"
# This has the same meaning as the
# same field in the "tls" module, above.
# The default value here is "yes".
# include_length = yes
- }
+# }
##################################################
#
@@ -627,14 +627,14 @@
# the PEAP module also has these configuration
# items, which are the same as for TTLS.
- copy_request_to_tunnel = no
- use_tunneled_reply = no
+ copy_request_to_tunnel = yes
+ use_tunneled_reply = yes
# When the tunneled session is proxied, the
# home server may not understand EAP-MSCHAP-V2.
# Set this entry to "no" to proxy the tunneled
# EAP-MSCHAP-V2 as normal MSCHAPv2.
- # proxy_tunneled_request_as_eap = yes
+ proxy_tunneled_request_as_eap = no
#
# The inner tunneled request can be sent
@@ -646,7 +646,8 @@
# the virtual server that processed the
# outer requests.
#
- virtual_server = "inner-tunnel"
+ # virtual_server = "inner-tunnel"
+ EAP-TLS-Require-Client-Cert = no
# This option enables support for MS-SoH
# see doc/SoH.txt for more info.
--- a/raddb/modules/counter
+++ b/raddb/modules/counter
@@ -69,7 +69,7 @@
# 'check-name' attribute.
#
counter daily {
- filename = ${db_dir}/db.daily
+ filename = ${radacctdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
--- a/raddb/modules/pap
+++ b/raddb/modules/pap
@@ -18,5 +18,5 @@
#
# http://www.openldap.org/faq/data/cache/347.html
pap {
- auto_header = no
+ auto_header = yes
}
--- a/raddb/modules/radutmp
+++ b/raddb/modules/radutmp
@@ -12,7 +12,7 @@ radutmp {
# Where the file is stored. It's not a log file,
# so it doesn't need rotating.
#
- filename = ${logdir}/radutmp
+ filename = ${radacctdir}/radutmp
# The field in the packet to key on for the
# 'user' name, If you have other fields which you want
--- a/raddb/modules/sradutmp
+++ b/raddb/modules/sradutmp
@@ -10,7 +10,7 @@
# then name "sradutmp" to identify it later in the "accounting"
# section.
radutmp sradutmp {
- filename = ${logdir}/sradutmp
+ filename = ${radacctdir}/sradutmp
perm = 0644
callerid = "no"
}
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -66,7 +66,7 @@ name = radiusd
# Location of config and logfiles.
confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/${name}
+run_dir = ${localstatedir}/run
# Should likely be ${localstatedir}/lib/radiusd
db_dir = ${raddbdir}
@@ -323,7 +323,7 @@ listen {
# If your system does not support this feature, you will
# get an error if you try to use it.
#
-# interface = eth0
+ interface = br-lan
# Per-socket lists of clients. This is a very useful feature.
#
@@ -350,7 +350,7 @@ listen {
# ipv6addr = ::
port = 0
type = acct
-# interface = eth0
+ interface = br-lan
# clients = per_socket_clients
}
@@ -584,8 +584,8 @@ security {
#
# allowed values: {no, yes}
#
-proxy_requests = yes
-$INCLUDE proxy.conf
+proxy_requests = no
+#$INCLUDE proxy.conf
# CLIENTS CONFIGURATION
@@ -782,7 +782,7 @@ instantiate {
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
- exec
+# exec
#
# The expression module doesn't do authorization,
@@ -799,15 +799,15 @@ instantiate {
# other xlat functions such as md5, sha1 and lc.
#
# We do not recommend removing it's listing here.
- expr
+# expr
#
# We add the counter module here so that it registers
# the check-name attribute before any module which sets
# it
# daily
- expiration
- logintime
+# expiration
+# logintime
# subsections here can be thought of as "virtual" modules.
#
@@ -831,7 +831,7 @@ instantiate {
# to multiple times.
#
######################################################################
-$INCLUDE policy.conf
+#$INCLUDE policy.conf
######################################################################
#
@@ -841,9 +841,9 @@ $INCLUDE policy.conf
# match the regular expression: /[a-zA-Z0-9_.]+/
#
# It allows you to define new virtual servers simply by placing
-# a file into the raddb/sites-enabled/ directory.
+# a file into the /etc/freeradius2/sites/ directory.
#
-$INCLUDE sites-enabled/
+$INCLUDE sites/
######################################################################
#
@@ -851,7 +851,7 @@ $INCLUDE sites-enabled/
# "authenticate {}", "accounting {}", have been moved to the
# the file:
#
-# raddb/sites-available/default
+# /etc/freeradius2/sites/default
#
# This is the "default" virtual server that has the same
# configuration as in version 1.0.x and 1.1.x. The default
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -85,7 +85,7 @@ authorize {
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
- preprocess
+# preprocess
#
# If you want to have a log of authentication requests,
@@ -96,7 +96,7 @@ authorize {
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
- chap
+# chap
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -104,13 +104,13 @@ authorize {
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
- mschap
+# mschap
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
- digest
+# digest
#
# The WiMAX specification says that the Calling-Station-Id
@@ -133,7 +133,7 @@ authorize {
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
- suffix
+# suffix
# ntdomain
#
@@ -195,8 +195,8 @@ authorize {
# Use the checkval module
# checkval
- expiration
- logintime
+# expiration
+# logintime
#
# If no other module has claimed responsibility for
@@ -277,7 +277,7 @@ authenticate {
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
- digest
+# digest
#
# Pluggable Authentication Modules.
@@ -294,7 +294,7 @@ authenticate {
# be used for authentication ONLY for compatibility with legacy
# FreeRADIUS configurations.
#
- unix
+# unix
# Uncomment it if you want to use ldap for authentication
#
@@ -330,8 +330,8 @@ authenticate {
#
# Pre-accounting. Decide which accounting type to use.
#
-preacct {
- preprocess
+#preacct {
+# preprocess
#
# Session start times are *implied* in RADIUS.
@@ -354,7 +354,7 @@ preacct {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
- acct_unique
+# acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -364,13 +364,13 @@ preacct {
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
- suffix
+# suffix
# ntdomain
#
# Read the 'acct_users' file
- files
-}
+# files
+#}
#
# Accounting. Log the accounting data.
@@ -380,7 +380,7 @@ accounting {
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
- detail
+# detail
# daily
# Update the wtmp file
@@ -432,7 +432,7 @@ accounting {
exec
# Filter attributes from the accounting response.
- attr_filter.accounting_response
+ #attr_filter.accounting_response
#
# See "Autz-Type Status-Server" for how this works.
@@ -458,7 +458,7 @@ session {
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
-post-auth {
+#post-auth {
# Get an address from the IP Pool.
# main_pool
@@ -488,7 +488,7 @@ post-auth {
# ldap
# For Exec-Program and Exec-Program-Wait
- exec
+# exec
#
# Calculate the various WiMAX keys. In order for this to work,
@@ -572,12 +572,12 @@ post-auth {
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module configuration
#
- Post-Auth-Type REJECT {
- # log failed authentications in SQL, too.
+# Post-Auth-Type REJECT {
+# # log failed authentications in SQL, too.
# sql
- attr_filter.access_reject
- }
-}
+# attr_filter.access_reject
+# }
+#}
#
# When the server decides to proxy a request to a home server,
@@ -587,7 +587,7 @@ post-auth {
#
# Only a few modules currently have this method.
#
-pre-proxy {
+#pre-proxy {
# attr_rewrite
# Uncomment the following line if you want to change attributes
@@ -603,14 +603,14 @@ pre-proxy {
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
# pre_proxy_log
-}
+#}
#
# When the server receives a reply to a request it proxied
# to a home server, the request may be massaged here, in the
# post-proxy stage.
#
-post-proxy {
+#post-proxy {
# If you want to have a log of replies from a home server,
# un-comment the following line, and the 'detail post_proxy_log'
@@ -634,7 +634,7 @@ post-proxy {
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
#
# If the server tries to proxy a request and fails, then the
@@ -656,5 +656,5 @@ post-proxy {
# Post-Proxy-Type Fail {
# detail
# }
-}
+#}
--- a/raddb/users
+++ b/raddb/users
@@ -169,22 +169,22 @@
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
-DEFAULT Framed-Protocol == PPP
- Framed-Protocol = PPP,
- Framed-Compression = Van-Jacobson-TCP-IP
+#DEFAULT Framed-Protocol == PPP
+# Framed-Protocol = PPP,
+# Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
-DEFAULT Hint == "CSLIP"
- Framed-Protocol = SLIP,
- Framed-Compression = Van-Jacobson-TCP-IP
+#DEFAULT Hint == "CSLIP"
+# Framed-Protocol = SLIP,
+# Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
-DEFAULT Hint == "SLIP"
- Framed-Protocol = SLIP
+#DEFAULT Hint == "SLIP"
+# Framed-Protocol = SLIP
#
# Last default: rlogin to our main server.

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,15 @@
--- a/src/modules/rules.mak
+++ b/src/modules/rules.mak
@@ -63,10 +63,10 @@ $(LT_OBJS): $(SERVER_HEADERS)
#
#######################################################################
%.lo: %.c
- $(LIBTOOL) --mode=compile --tag=CC $(CC) $(CFLAGS) $(RLM_CFLAGS) -c $<
+ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(CFLAGS) $(CPPFLAGS) $(RLM_CFLAGS) -c $<
%.lo: %.cpp
- $(LIBTOOL) --mode=compile --tag=CXX $(CXX) $(CFLAGS) $(RLM_CFLAGS) -c $<
+ $(LIBTOOL) --mode=compile --tag=CXX $(CXX) $(CFLAGS) $(CPPFLAGS) $(RLM_CFLAGS) -c $<
ifneq ($(TARGET),)
#######################################################################

View File

@ -0,0 +1,38 @@
--- a/configure.in
+++ b/configure.in
@@ -832,35 +832,6 @@ if test "x$WITH_OPENSSL" = xyes; then
OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5"
fi
- dnl #
- dnl # Now check that the header versions match the library
- dnl #
- AC_MSG_CHECKING([OpenSSL library and header version consistency])
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM(
- [[
- #include <stdio.h>
- #include <openssl/opensslv.h>
- #include <openssl/crypto.h>
- ]],
- [[
- if (SSLeay() == OPENSSL_VERSION_NUMBER) {
- return 0;
- } else {
- printf("library: %lx header: %lx... ", (unsigned long) SSLeay(), (unsigned long) OPENSSL_VERSION_NUMBER);
- return 1;
- }
- ]]
- )],
- [
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- AC_MSG_FAILURE([OpenSSL library version does not match header version])
- ]
- )
-
if test "x$OPENSSL_LIBS" = x; then
LIBS=$old_LIBS
LDFLAGS="$old_LDFLAGS"