From f9d095e754682ac9a5c632e80304fdc9d1cd0691 Mon Sep 17 00:00:00 2001 From: nico Date: Sun, 19 Jun 2005 07:27:40 +0000 Subject: Update to new upstream release (v1.0.4) git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1273 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/freeradius/Makefile | 4 +- .../patches/freeradius-1.0.2-config.patch | 309 -------------------- .../patches/freeradius-1.0.4-config.patch | 311 +++++++++++++++++++++ 3 files changed, 313 insertions(+), 311 deletions(-) delete mode 100644 package/freeradius/patches/freeradius-1.0.2-config.patch create mode 100644 package/freeradius/patches/freeradius-1.0.4-config.patch (limited to 'package/freeradius') diff --git a/package/freeradius/Makefile b/package/freeradius/Makefile index b9ea12715..55798727b 100644 --- a/package/freeradius/Makefile +++ b/package/freeradius/Makefile @@ -3,9 +3,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius -PKG_VERSION:=1.0.3 +PKG_VERSION:=1.0.4 PKG_RELEASE:=1 -PKG_MD5SUM:=7fe6732fa69ff4351f51d69212e89bb6 +PKG_MD5SUM:=edb5c3af6fabeff7b8e1131b6fa33e24 PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/radius/ \ http://freeradius.portal-to-web.de/ \ diff --git a/package/freeradius/patches/freeradius-1.0.2-config.patch b/package/freeradius/patches/freeradius-1.0.2-config.patch deleted file mode 100644 index e75d2efd6..000000000 --- a/package/freeradius/patches/freeradius-1.0.2-config.patch +++ /dev/null @@ -1,309 +0,0 @@ -diff -ruN freeradius-1.0.2-orig/raddb/eap.conf freeradius-1.0.2-2/raddb/eap.conf ---- freeradius-1.0.2-orig/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200 -+++ freeradius-1.0.2-2/raddb/eap.conf 2005-03-13 23:05:13.000000000 +0100 -@@ -72,8 +72,8 @@ - # User-Password, or the NT-Password attributes. - # 'System' authentication is impossible with LEAP. - # -- leap { -- } -+# leap { -+# } - - # Generic Token Card. - # -@@ -86,7 +86,7 @@ - # the users password will go over the wire in plain-text, - # for anyone to see. - # -- gtc { -+# gtc { - # The default challenge, which many clients - # ignore.. - #challenge = "Password: " -@@ -103,8 +103,8 @@ - # configured for the request, and do the - # authentication itself. - # -- auth_type = PAP -- } -+# auth_type = PAP -+# } - - ## EAP-TLS - # -@@ -272,7 +272,7 @@ - # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not - # currently support. - # -- mschapv2 { -- } -+# mschapv2 { -+# } - } - -diff -ruN freeradius-1.0.2-orig/raddb/radiusd.conf.in freeradius-1.0.2-2/raddb/radiusd.conf.in ---- freeradius-1.0.2-orig/raddb/radiusd.conf.in 2005-02-07 20:52:05.000000000 +0100 -+++ freeradius-1.0.2-2/raddb/radiusd.conf.in 2005-03-13 23:05:13.000000000 +0100 -@@ -31,13 +31,13 @@ - - # Location of config and logfiles. - confdir = ${raddbdir} --run_dir = ${localstatedir}/run/radiusd -+run_dir = ${localstatedir}/run - - # - # The logging messages for the server are appended to the - # tail of this file. - # --log_file = ${logdir}/radius.log -+log_file = ${localstatedir}/log/radiusd.log - - # - # libdir: Where to find the rlm_* modules. -@@ -353,7 +353,7 @@ - nospace_pass = no - - # The program to execute to do concurrency checks. --checkrad = ${sbindir}/checkrad -+#checkrad = ${sbindir}/checkrad - - # SECURITY CONFIGURATION - # -@@ -425,8 +425,8 @@ - # - # allowed values: {no, yes} - # --proxy_requests = yes --$INCLUDE ${confdir}/proxy.conf -+proxy_requests = no -+#$INCLUDE ${confdir}/proxy.conf - - - # CLIENTS CONFIGURATION -@@ -454,7 +454,7 @@ - # 'snmp' attribute to 'yes' - # - snmp = no --$INCLUDE ${confdir}/snmp.conf -+#$INCLUDE ${confdir}/snmp.conf - - - # THREAD POOL CONFIGURATION -@@ -657,7 +657,7 @@ - # For all EAP related authentications. - # Now in another file, because it is very large. - # --$INCLUDE ${confdir}/eap.conf -+# $INCLUDE ${confdir}/eap.conf - - # Microsoft CHAP authentication - # -@@ -1034,7 +1034,7 @@ - # - files { - usersfile = ${confdir}/users -- acctusersfile = ${confdir}/acct_users -+# acctusersfile = ${confdir}/acct_users - - # If you want to use the old Cistron 'users' file - # with FreeRADIUS, you should change the next line -@@ -1167,7 +1167,7 @@ - # For MS-SQL, use: ${confdir}/mssql.conf - # For Oracle, use: ${confdir}/oraclesql.conf - # -- $INCLUDE ${confdir}/sql.conf -+# $INCLUDE ${confdir}/sql.conf - - - # For Cisco VoIP specific accounting with Postgresql, -@@ -1535,7 +1535,7 @@ - # The entire command line (and output) must fit into 253 bytes. - # - # e.g. Framed-Pool = `%{exec:/bin/echo foo}` -- exec -+# exec - - # - # The expression module doesn't do authorization, -@@ -1548,7 +1548,7 @@ - # listed in any other section. See 'doc/rlm_expr' for - # more information. - # -- expr -+# expr - - # - # We add the counter module here so that it registers -@@ -1575,7 +1575,7 @@ - # 'raddb/huntgroups' files. - # - # It also adds the %{Client-IP-Address} attribute to the request. -- preprocess -+# preprocess - - # - # If you want to have a log of authentication requests, -@@ -1588,7 +1588,7 @@ - # - # The chap module will set 'Auth-Type := CHAP' if we are - # handling a CHAP request and Auth-Type has not already been set -- chap -+# chap - - # - # If the users are logging in with an MS-CHAP-Challenge -@@ -1596,7 +1596,7 @@ - # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' - # to the request, which will cause the server to then use - # the mschap module for authentication. -- mschap -+# mschap - - # - # If you have a Cisco SIP server authenticating against -@@ -1616,7 +1616,7 @@ - # Otherwise, when the first style of realm doesn't match, - # the other styles won't be checked. - # -- suffix -+# suffix - # ntdomain - - # -@@ -1625,11 +1625,11 @@ - # - # It also sets the EAP-Type attribute in the request - # attribute list to the EAP type from the packet. -- eap -+# eap - - # - # Read the 'users' file -- files -+# files - - # - # Look in an SQL database. The schema of the database -@@ -1683,24 +1683,24 @@ - # PAP authentication, when a back-end database listed - # in the 'authorize' section supplies a password. The - # password can be clear-text, or encrypted. -- Auth-Type PAP { -- pap -- } -+# Auth-Type PAP { -+# pap -+# } - - # - # Most people want CHAP authentication - # A back-end database listed in the 'authorize' section - # MUST supply a CLEAR TEXT password. Encrypted passwords - # won't work. -- Auth-Type CHAP { -- chap -- } -+# Auth-Type CHAP { -+# chap -+# } - - # - # MSCHAP authentication. -- Auth-Type MS-CHAP { -- mschap -- } -+# Auth-Type MS-CHAP { -+# mschap -+# } - - # - # If you have a Cisco SIP server authenticating against -@@ -1718,7 +1718,7 @@ - # containing CHAP-Password attributes CANNOT be authenticated - # against /etc/passwd! See the FAQ for details. - # -- unix -+# unix - - # Uncomment it if you want to use ldap for authentication - # -@@ -1731,7 +1731,7 @@ - - # - # Allow EAP authentication. -- eap -+# eap - } - - -@@ -1739,12 +1739,12 @@ - # Pre-accounting. Decide which accounting type to use. - # - preacct { -- preprocess -+# preprocess - - # - # Ensure that we have a semi-unique identifier for every - # request, and many NAS boxes are broken. -- acct_unique -+# acct_unique - - # - # Look for IPASS-style 'realm/', and if not found, look for -@@ -1754,12 +1754,12 @@ - # Accounting requests are generally proxied to the same - # home server as authentication requests. - # IPASS -- suffix -+# suffix - # ntdomain - - # - # Read the 'acct_users' file -- files -+# files - } - - # -@@ -1770,20 +1770,20 @@ - # Create a 'detail'ed log of the packets. - # Note that accounting requests which are proxied - # are also logged in the detail file. -- detail -+# detail - # daily - - # Update the wtmp file - # - # If you don't use "radlast", you can delete this line. -- unix -+# unix - - # - # For Simultaneous-Use tracking. - # - # Due to packet losses in the network, the data here - # may be incorrect. There is little we can do about it. -- radutmp -+# radutmp - # sradutmp - - # Return an address to the IP Pool when we see a stop record. -@@ -1806,7 +1806,7 @@ - # or rlm_sql module can handle this. - # The rlm_sql module is *much* faster - session { -- radutmp -+# radutmp - - # - # See "Simultaneous Use Checking Querie" in sql.conf -@@ -1900,5 +1900,5 @@ - # hidden inside of the EAP packet, and the end server will - # reject the EAP request. - # -- eap -+# eap - } diff --git a/package/freeradius/patches/freeradius-1.0.4-config.patch b/package/freeradius/patches/freeradius-1.0.4-config.patch new file mode 100644 index 000000000..a1c9c5198 --- /dev/null +++ b/package/freeradius/patches/freeradius-1.0.4-config.patch @@ -0,0 +1,311 @@ +diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf +--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200 ++++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200 +@@ -72,8 +72,8 @@ + # User-Password, or the NT-Password attributes. + # 'System' authentication is impossible with LEAP. + # +- leap { +- } ++# leap { ++# } + + # Generic Token Card. + # +@@ -86,7 +86,7 @@ + # the users password will go over the wire in plain-text, + # for anyone to see. + # +- gtc { ++# gtc { + # The default challenge, which many clients + # ignore.. + #challenge = "Password: " +@@ -103,8 +103,8 @@ + # configured for the request, and do the + # authentication itself. + # +- auth_type = PAP +- } ++# auth_type = PAP ++# } + + ## EAP-TLS + # +@@ -272,7 +272,7 @@ + # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not + # currently support. + # +- mschapv2 { +- } ++# mschapv2 { ++# } + } + +diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in +--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200 ++++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200 +@@ -31,13 +31,13 @@ + + # Location of config and logfiles. + confdir = ${raddbdir} +-run_dir = ${localstatedir}/run/radiusd ++run_dir = ${localstatedir}/run + + # + # The logging messages for the server are appended to the + # tail of this file. + # +-log_file = ${logdir}/radius.log ++log_file = ${localstatedir}/log/radiusd.log + + # + # libdir: Where to find the rlm_* modules. +@@ -353,7 +353,7 @@ + nospace_pass = no + + # The program to execute to do concurrency checks. +-checkrad = ${sbindir}/checkrad ++#checkrad = ${sbindir}/checkrad + + # SECURITY CONFIGURATION + # +@@ -425,8 +425,8 @@ + # + # allowed values: {no, yes} + # +-proxy_requests = yes +-$INCLUDE ${confdir}/proxy.conf ++proxy_requests = no ++#$INCLUDE ${confdir}/proxy.conf + + + # CLIENTS CONFIGURATION +@@ -454,7 +454,7 @@ + # 'snmp' attribute to 'yes' + # + snmp = no +-$INCLUDE ${confdir}/snmp.conf ++#$INCLUDE ${confdir}/snmp.conf + + + # THREAD POOL CONFIGURATION +@@ -657,7 +657,7 @@ + # For all EAP related authentications. + # Now in another file, because it is very large. + # +-$INCLUDE ${confdir}/eap.conf ++# $INCLUDE ${confdir}/eap.conf + + # Microsoft CHAP authentication + # +@@ -1034,8 +1034,8 @@ + # + files { + usersfile = ${confdir}/users +- acctusersfile = ${confdir}/acct_users +- preproxy_usersfile = ${confdir}/preproxy_users ++# acctusersfile = ${confdir}/acct_users ++# preproxy_usersfile = ${confdir}/preproxy_users + + # If you want to use the old Cistron 'users' file + # with FreeRADIUS, you should change the next line +@@ -1168,7 +1168,7 @@ + # For MS-SQL, use: ${confdir}/mssql.conf + # For Oracle, use: ${confdir}/oraclesql.conf + # +- $INCLUDE ${confdir}/sql.conf ++# $INCLUDE ${confdir}/sql.conf + + + # For Cisco VoIP specific accounting with Postgresql, +@@ -1536,7 +1536,7 @@ + # The entire command line (and output) must fit into 253 bytes. + # + # e.g. Framed-Pool = `%{exec:/bin/echo foo}` +- exec ++# exec + + # + # The expression module doesn't do authorization, +@@ -1549,7 +1549,7 @@ + # listed in any other section. See 'doc/rlm_expr' for + # more information. + # +- expr ++# expr + + # + # We add the counter module here so that it registers +@@ -1576,7 +1576,7 @@ + # 'raddb/huntgroups' files. + # + # It also adds the %{Client-IP-Address} attribute to the request. +- preprocess ++# preprocess + + # + # If you want to have a log of authentication requests, +@@ -1589,7 +1589,7 @@ + # + # The chap module will set 'Auth-Type := CHAP' if we are + # handling a CHAP request and Auth-Type has not already been set +- chap ++# chap + + # + # If the users are logging in with an MS-CHAP-Challenge +@@ -1597,7 +1597,7 @@ + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' + # to the request, which will cause the server to then use + # the mschap module for authentication. +- mschap ++# mschap + + # + # If you have a Cisco SIP server authenticating against +@@ -1617,7 +1617,7 @@ + # Otherwise, when the first style of realm doesn't match, + # the other styles won't be checked. + # +- suffix ++# suffix + # ntdomain + + # +@@ -1626,11 +1626,11 @@ + # + # It also sets the EAP-Type attribute in the request + # attribute list to the EAP type from the packet. +- eap ++# eap + + # + # Read the 'users' file +- files ++# files + + # + # Look in an SQL database. The schema of the database +@@ -1684,24 +1684,24 @@ + # PAP authentication, when a back-end database listed + # in the 'authorize' section supplies a password. The + # password can be clear-text, or encrypted. +- Auth-Type PAP { +- pap +- } ++# Auth-Type PAP { ++# pap ++# } + + # + # Most people want CHAP authentication + # A back-end database listed in the 'authorize' section + # MUST supply a CLEAR TEXT password. Encrypted passwords + # won't work. +- Auth-Type CHAP { +- chap +- } ++# Auth-Type CHAP { ++# chap ++# } + + # + # MSCHAP authentication. +- Auth-Type MS-CHAP { +- mschap +- } ++# Auth-Type MS-CHAP { ++# mschap ++# } + + # + # If you have a Cisco SIP server authenticating against +@@ -1719,7 +1719,7 @@ + # containing CHAP-Password attributes CANNOT be authenticated + # against /etc/passwd! See the FAQ for details. + # +- unix ++# unix + + # Uncomment it if you want to use ldap for authentication + # +@@ -1732,7 +1732,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + +@@ -1740,12 +1740,12 @@ + # Pre-accounting. Decide which accounting type to use. + # + preacct { +- preprocess ++# preprocess + + # + # Ensure that we have a semi-unique identifier for every + # request, and many NAS boxes are broken. +- acct_unique ++# acct_unique + + # + # Look for IPASS-style 'realm/', and if not found, look for +@@ -1755,12 +1755,12 @@ + # Accounting requests are generally proxied to the same + # home server as authentication requests. + # IPASS +- suffix ++# suffix + # ntdomain + + # + # Read the 'acct_users' file +- files ++# files + } + + # +@@ -1771,20 +1771,20 @@ + # Create a 'detail'ed log of the packets. + # Note that accounting requests which are proxied + # are also logged in the detail file. +- detail ++# detail + # daily + + # Update the wtmp file + # + # If you don't use "radlast", you can delete this line. +- unix ++# unix + + # + # For Simultaneous-Use tracking. + # + # Due to packet losses in the network, the data here + # may be incorrect. There is little we can do about it. +- radutmp ++# radutmp + # sradutmp + + # Return an address to the IP Pool when we see a stop record. +@@ -1807,7 +1807,7 @@ + # or rlm_sql module can handle this. + # The rlm_sql module is *much* faster + session { +- radutmp ++# radutmp + + # + # See "Simultaneous Use Checking Querie" in sql.conf +@@ -1904,5 +1904,5 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + } -- cgit v1.2.3