update freeradius to new upstream release (v1.0.5) (closes: #190)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2936 3c298f89-4303-0410-b956-a3cf2f4a3e73
2025-04-21 12:27:27 +03:00 · 2006-01-12 15:17:35 +00:00
parent ca2745c281
commit b6547d17bc
8 changed files with 2433 additions and 5548 deletions
--- a/package/freeradius/patches/02-freeradius-1.0.4-config.patch
+++ b/package/freeradius/patches/02-freeradius-1.0.4-config.patch
@@ -0,0 +1,311 @@
+diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
+--- freeradius-1.0.4-old/raddb/eap.conf	2004-04-15 20:34:41.000000000 +0200
+++ freeradius-1.0.4-new/raddb/eap.conf	2005-06-18 18:53:06.000000000 +0200
+@@ -72,8 +72,8 @@
+ 		#  User-Password, or the NT-Password attributes.
+ 		#  'System' authentication is impossible with LEAP.
+ 		#
+-		leap {
+-		}
+#		leap {
+#		}
+ 
+ 		#  Generic Token Card.
+ 		#  
+@@ -86,7 +86,7 @@
+ 		#  the users password will go over the wire in plain-text,
+ 		#  for anyone to see.
+ 		#
+-		gtc {
+#		gtc {
+ 			#  The default challenge, which many clients
+ 			#  ignore..
+ 			#challenge = "Password: "
+@@ -103,8 +103,8 @@
+ 			#  configured for the request, and do the
+ 			#  authentication itself.
+ 			#
+-			auth_type = PAP
+-		}
+#			auth_type = PAP
+#		}
+ 
+ 		## EAP-TLS
+ 		#
+@@ -272,7 +272,7 @@
+ 		#  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+ 		#  currently support.
+ 		#
+-		mschapv2 {
+-		}
+#		mschapv2 {
+#		}
+ 	}
+ 
+diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
+--- freeradius-1.0.4-old/raddb/radiusd.conf.in	2005-06-12 00:20:40.000000000 +0200
+++ freeradius-1.0.4-new/raddb/radiusd.conf.in	2005-06-18 18:53:32.000000000 +0200
+@@ -31,13 +31,13 @@
+ 
+ #  Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
+run_dir = ${localstatedir}/run
+ 
+ #
+ #  The logging messages for the server are appended to the
+ #  tail of this file.
+ #
+-log_file = ${logdir}/radius.log
+log_file = ${localstatedir}/log/radiusd.log
+ 
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+ 
+ #  The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
+#checkrad = ${sbindir}/checkrad
+ 
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ #  allowed values: {no, yes}
+ #
+-proxy_requests  = yes
+-$INCLUDE  ${confdir}/proxy.conf
+proxy_requests  = no
+#$INCLUDE  ${confdir}/proxy.conf
+ 
+ 
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ #  'snmp' attribute to 'yes'
+ #
+ snmp	= no
+-$INCLUDE  ${confdir}/snmp.conf
+#$INCLUDE  ${confdir}/snmp.conf
+ 
+ 
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+ 	#  For all EAP related authentications.
+ 	#  Now in another file, because it is very large.
+ 	#
+-$INCLUDE ${confdir}/eap.conf
+#	$INCLUDE ${confdir}/eap.conf
+ 
+ 	# Microsoft CHAP authentication
+ 	#
+@@ -1034,8 +1034,8 @@
+ 	#
+ 	files {
+ 		usersfile = ${confdir}/users
+-		acctusersfile = ${confdir}/acct_users
+-		preproxy_usersfile = ${confdir}/preproxy_users
+#		acctusersfile = ${confdir}/acct_users
+#		preproxy_usersfile = ${confdir}/preproxy_users
+ 
+ 		#  If you want to use the old Cistron 'users' file
+ 		#  with FreeRADIUS, you should change the next line
+@@ -1168,7 +1168,7 @@
+ 	#  For MS-SQL, use:	 	${confdir}/mssql.conf
+ 	#  For Oracle, use:	 	${confdir}/oraclesql.conf
+ 	#
+-	$INCLUDE  ${confdir}/sql.conf
+#	$INCLUDE  ${confdir}/sql.conf
+ 
+ 
+ 	#  For Cisco VoIP specific accounting with Postgresql,
+@@ -1536,7 +1536,7 @@
+ 	#  The entire command line (and output) must fit into 253 bytes.
+ 	#
+ 	#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+-	exec
+#	exec
+ 
+ 	#
+ 	#  The expression module doesn't do authorization,
+@@ -1549,7 +1549,7 @@
+ 	#  listed in any other section.  See 'doc/rlm_expr' for
+ 	#  more information.
+ 	#
+-	expr
+#	expr
+ 
+ 	#
+ 	# We add the counter module here so that it registers
+@@ -1576,7 +1576,7 @@
+ 	#  'raddb/huntgroups' files.
+ 	#
+ 	#  It also adds the %{Client-IP-Address} attribute to the request.
+-	preprocess
+#	preprocess
+ 
+ 	#
+ 	#  If you want to have a log of authentication requests,
+@@ -1589,7 +1589,7 @@
+ 	#
+ 	#  The chap module will set 'Auth-Type := CHAP' if we are
+ 	#  handling a CHAP request and Auth-Type has not already been set
+-	chap
+#	chap
+ 
+ 	#
+ 	#  If the users are logging in with an MS-CHAP-Challenge
+@@ -1597,7 +1597,7 @@
+ 	#  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ 	#  to the request, which will cause the server to then use
+ 	#  the mschap module for authentication.
+-	mschap
+#	mschap
+ 
+ 	#
+ 	#  If you have a Cisco SIP server authenticating against
+@@ -1617,7 +1617,7 @@
+ 	#  Otherwise, when the first style of realm doesn't match,
+ 	#  the other styles won't be checked.
+ 	#
+-	suffix
+#	suffix
+ #	ntdomain
+ 
+ 	#
+@@ -1626,11 +1626,11 @@
+ 	#
+ 	#  It also sets the EAP-Type attribute in the request
+ 	#  attribute list to the EAP type from the packet.
+-	eap
+#	eap
+ 
+ 	#
+ 	#  Read the 'users' file
+-	files
+#	files
+ 
+ 	#
+ 	#  Look in an SQL database.  The schema of the database
+@@ -1684,24 +1684,24 @@
+ 	#  PAP authentication, when a back-end database listed
+ 	#  in the 'authorize' section supplies a password.  The
+ 	#  password can be clear-text, or encrypted.
+-	Auth-Type PAP {
+-		pap
+-	}
+#	Auth-Type PAP {
+#		pap
+#	}
+ 
+ 	#
+ 	#  Most people want CHAP authentication
+ 	#  A back-end database listed in the 'authorize' section
+ 	#  MUST supply a CLEAR TEXT password.  Encrypted passwords
+ 	#  won't work.
+-	Auth-Type CHAP {
+-		chap
+-	}
+#	Auth-Type CHAP {
+#		chap
+#	}
+ 
+ 	#
+ 	#  MSCHAP authentication.
+-	Auth-Type MS-CHAP {
+-		mschap
+-	}
+#	Auth-Type MS-CHAP {
+#		mschap
+#	}
+ 
+ 	#
+ 	#  If you have a Cisco SIP server authenticating against
+@@ -1719,7 +1719,7 @@
+ 	#  containing CHAP-Password attributes CANNOT be authenticated
+ 	#  against /etc/passwd!  See the FAQ for details.
+ 	#  
+-	unix
+#	unix
+ 
+ 	# Uncomment it if you want to use ldap for authentication
+ 	#
+@@ -1732,7 +1732,7 @@
+ 
+ 	#
+ 	#  Allow EAP authentication.
+-	eap
+#	eap
+ }
+ 
+ 
+@@ -1740,12 +1740,12 @@
+ #  Pre-accounting.  Decide which accounting type to use.
+ #
+ preacct {
+-	preprocess
+#	preprocess
+ 
+ 	#
+ 	#  Ensure that we have a semi-unique identifier for every
+ 	#  request, and many NAS boxes are broken.
+-	acct_unique
+#	acct_unique
+ 
+ 	#
+ 	#  Look for IPASS-style 'realm/', and if not found, look for
+@@ -1755,12 +1755,12 @@
+ 	#  Accounting requests are generally proxied to the same
+ 	#  home server as authentication requests.
+ #	IPASS
+-	suffix
+#	suffix
+ #	ntdomain
+ 
+ 	#
+ 	#  Read the 'acct_users' file
+-	files
+#	files
+ }
+ 
+ #
+@@ -1771,20 +1771,20 @@
+ 	#  Create a 'detail'ed log of the packets.
+ 	#  Note that accounting requests which are proxied
+ 	#  are also logged in the detail file.
+-	detail
+#	detail
+ #	daily
+ 
+ 	#  Update the wtmp file
+ 	#
+ 	#  If you don't use "radlast", you can delete this line.
+-	unix
+#	unix
+ 
+ 	#
+ 	#  For Simultaneous-Use tracking.
+ 	#
+ 	#  Due to packet losses in the network, the data here
+ 	#  may be incorrect.  There is little we can do about it.
+-	radutmp
+#	radutmp
+ #	sradutmp
+ 
+ 	#  Return an address to the IP Pool when we see a stop record.
+@@ -1807,7 +1807,7 @@
+ #  or rlm_sql module can handle this.
+ #  The rlm_sql module is *much* faster
+ session {
+-	radutmp
+#	radutmp
+ 
+ 	#
+ 	#  See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1904,5 +1904,5 @@
+ 	#  hidden inside of the EAP packet, and the end server will
+ 	#  reject the EAP request.
+ 	#
+-	eap
+#	eap
+ }