Update to new upstream release (v1.0.4)
authorNicolas Thill <nico@openwrt.org>
Sun, 19 Jun 2005 07:27:40 +0000 (07:27 +0000)
committerNicolas Thill <nico@openwrt.org>
Sun, 19 Jun 2005 07:27:40 +0000 (07:27 +0000)
SVN-Revision: 1273

openwrt/package/freeradius/Makefile
openwrt/package/freeradius/patches/freeradius-1.0.2-config.patch [deleted file]
openwrt/package/freeradius/patches/freeradius-1.0.4-config.patch [new file with mode: 0644]

index b9ea127151e256a7a46771e26546bf87deffa1ea..55798727be81fe9f4ba910156307b84f13e47ded 100644 (file)
@@ -3,9 +3,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.4
 PKG_RELEASE:=1
-PKG_MD5SUM:=7fe6732fa69ff4351f51d69212e89bb6
+PKG_MD5SUM:=edb5c3af6fabeff7b8e1131b6fa33e24
 
 PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/radius/ \
        http://freeradius.portal-to-web.de/ \
diff --git a/openwrt/package/freeradius/patches/freeradius-1.0.2-config.patch b/openwrt/package/freeradius/patches/freeradius-1.0.2-config.patch
deleted file mode 100644 (file)
index e75d2ef..0000000
+++ /dev/null
@@ -1,309 +0,0 @@
-diff -ruN freeradius-1.0.2-orig/raddb/eap.conf freeradius-1.0.2-2/raddb/eap.conf
---- freeradius-1.0.2-orig/raddb/eap.conf       2004-04-15 20:34:41.000000000 +0200
-+++ freeradius-1.0.2-2/raddb/eap.conf  2005-03-13 23:05:13.000000000 +0100
-@@ -72,8 +72,8 @@
-               #  User-Password, or the NT-Password attributes.
-               #  'System' authentication is impossible with LEAP.
-               #
--              leap {
--              }
-+#             leap {
-+#             }
-               #  Generic Token Card.
-               #  
-@@ -86,7 +86,7 @@
-               #  the users password will go over the wire in plain-text,
-               #  for anyone to see.
-               #
--              gtc {
-+#             gtc {
-                       #  The default challenge, which many clients
-                       #  ignore..
-                       #challenge = "Password: "
-@@ -103,8 +103,8 @@
-                       #  configured for the request, and do the
-                       #  authentication itself.
-                       #
--                      auth_type = PAP
--              }
-+#                     auth_type = PAP
-+#             }
-               ## EAP-TLS
-               #
-@@ -272,7 +272,7 @@
-               #  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
-               #  currently support.
-               #
--              mschapv2 {
--              }
-+#             mschapv2 {
-+#             }
-       }
-diff -ruN freeradius-1.0.2-orig/raddb/radiusd.conf.in freeradius-1.0.2-2/raddb/radiusd.conf.in
---- freeradius-1.0.2-orig/raddb/radiusd.conf.in        2005-02-07 20:52:05.000000000 +0100
-+++ freeradius-1.0.2-2/raddb/radiusd.conf.in   2005-03-13 23:05:13.000000000 +0100
-@@ -31,13 +31,13 @@
- #  Location of config and logfiles.
- confdir = ${raddbdir}
--run_dir = ${localstatedir}/run/radiusd
-+run_dir = ${localstatedir}/run
- #
- #  The logging messages for the server are appended to the
- #  tail of this file.
- #
--log_file = ${logdir}/radius.log
-+log_file = ${localstatedir}/log/radiusd.log
- #
- # libdir: Where to find the rlm_* modules.
-@@ -353,7 +353,7 @@
- nospace_pass = no
- #  The program to execute to do concurrency checks.
--checkrad = ${sbindir}/checkrad
-+#checkrad = ${sbindir}/checkrad
- # SECURITY CONFIGURATION
- #
-@@ -425,8 +425,8 @@
- #
- #  allowed values: {no, yes}
- #
--proxy_requests  = yes
--$INCLUDE  ${confdir}/proxy.conf
-+proxy_requests  = no
-+#$INCLUDE  ${confdir}/proxy.conf
- # CLIENTS CONFIGURATION
-@@ -454,7 +454,7 @@
- #  'snmp' attribute to 'yes'
- #
- snmp  = no
--$INCLUDE  ${confdir}/snmp.conf
-+#$INCLUDE  ${confdir}/snmp.conf
- # THREAD POOL CONFIGURATION
-@@ -657,7 +657,7 @@
-       #  For all EAP related authentications.
-       #  Now in another file, because it is very large.
-       #
--$INCLUDE ${confdir}/eap.conf
-+#     $INCLUDE ${confdir}/eap.conf
-       # Microsoft CHAP authentication
-       #
-@@ -1034,7 +1034,7 @@
-       #
-       files {
-               usersfile = ${confdir}/users
--              acctusersfile = ${confdir}/acct_users
-+#             acctusersfile = ${confdir}/acct_users
-               #  If you want to use the old Cistron 'users' file
-               #  with FreeRADIUS, you should change the next line
-@@ -1167,7 +1167,7 @@
-       #  For MS-SQL, use:             ${confdir}/mssql.conf
-       #  For Oracle, use:             ${confdir}/oraclesql.conf
-       #
--      $INCLUDE  ${confdir}/sql.conf
-+#     $INCLUDE  ${confdir}/sql.conf
-       #  For Cisco VoIP specific accounting with Postgresql,
-@@ -1535,7 +1535,7 @@
-       #  The entire command line (and output) must fit into 253 bytes.
-       #
-       #  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
--      exec
-+#     exec
-       #
-       #  The expression module doesn't do authorization,
-@@ -1548,7 +1548,7 @@
-       #  listed in any other section.  See 'doc/rlm_expr' for
-       #  more information.
-       #
--      expr
-+#     expr
-       #
-       # We add the counter module here so that it registers
-@@ -1575,7 +1575,7 @@
-       #  'raddb/huntgroups' files.
-       #
-       #  It also adds the %{Client-IP-Address} attribute to the request.
--      preprocess
-+#     preprocess
-       #
-       #  If you want to have a log of authentication requests,
-@@ -1588,7 +1588,7 @@
-       #
-       #  The chap module will set 'Auth-Type := CHAP' if we are
-       #  handling a CHAP request and Auth-Type has not already been set
--      chap
-+#     chap
-       #
-       #  If the users are logging in with an MS-CHAP-Challenge
-@@ -1596,7 +1596,7 @@
-       #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
-       #  to the request, which will cause the server to then use
-       #  the mschap module for authentication.
--      mschap
-+#     mschap
-       #
-       #  If you have a Cisco SIP server authenticating against
-@@ -1616,7 +1616,7 @@
-       #  Otherwise, when the first style of realm doesn't match,
-       #  the other styles won't be checked.
-       #
--      suffix
-+#     suffix
- #     ntdomain
-       #
-@@ -1625,11 +1625,11 @@
-       #
-       #  It also sets the EAP-Type attribute in the request
-       #  attribute list to the EAP type from the packet.
--      eap
-+#     eap
-       #
-       #  Read the 'users' file
--      files
-+#     files
-       #
-       #  Look in an SQL database.  The schema of the database
-@@ -1683,24 +1683,24 @@
-       #  PAP authentication, when a back-end database listed
-       #  in the 'authorize' section supplies a password.  The
-       #  password can be clear-text, or encrypted.
--      Auth-Type PAP {
--              pap
--      }
-+#     Auth-Type PAP {
-+#             pap
-+#     }
-       #
-       #  Most people want CHAP authentication
-       #  A back-end database listed in the 'authorize' section
-       #  MUST supply a CLEAR TEXT password.  Encrypted passwords
-       #  won't work.
--      Auth-Type CHAP {
--              chap
--      }
-+#     Auth-Type CHAP {
-+#             chap
-+#     }
-       #
-       #  MSCHAP authentication.
--      Auth-Type MS-CHAP {
--              mschap
--      }
-+#     Auth-Type MS-CHAP {
-+#             mschap
-+#     }
-       #
-       #  If you have a Cisco SIP server authenticating against
-@@ -1718,7 +1718,7 @@
-       #  containing CHAP-Password attributes CANNOT be authenticated
-       #  against /etc/passwd!  See the FAQ for details.
-       #  
--      unix
-+#     unix
-       # Uncomment it if you want to use ldap for authentication
-       #
-@@ -1731,7 +1731,7 @@
-       #
-       #  Allow EAP authentication.
--      eap
-+#     eap
- }
-@@ -1739,12 +1739,12 @@
- #  Pre-accounting.  Decide which accounting type to use.
- #
- preacct {
--      preprocess
-+#     preprocess
-       #
-       #  Ensure that we have a semi-unique identifier for every
-       #  request, and many NAS boxes are broken.
--      acct_unique
-+#     acct_unique
-       #
-       #  Look for IPASS-style 'realm/', and if not found, look for
-@@ -1754,12 +1754,12 @@
-       #  Accounting requests are generally proxied to the same
-       #  home server as authentication requests.
- #     IPASS
--      suffix
-+#     suffix
- #     ntdomain
-       #
-       #  Read the 'acct_users' file
--      files
-+#     files
- }
- #
-@@ -1770,20 +1770,20 @@
-       #  Create a 'detail'ed log of the packets.
-       #  Note that accounting requests which are proxied
-       #  are also logged in the detail file.
--      detail
-+#     detail
- #     daily
-       #  Update the wtmp file
-       #
-       #  If you don't use "radlast", you can delete this line.
--      unix
-+#     unix
-       #
-       #  For Simultaneous-Use tracking.
-       #
-       #  Due to packet losses in the network, the data here
-       #  may be incorrect.  There is little we can do about it.
--      radutmp
-+#     radutmp
- #     sradutmp
-       #  Return an address to the IP Pool when we see a stop record.
-@@ -1806,7 +1806,7 @@
- #  or rlm_sql module can handle this.
- #  The rlm_sql module is *much* faster
- session {
--      radutmp
-+#     radutmp
-       #
-       #  See "Simultaneous Use Checking Querie" in sql.conf
-@@ -1900,5 +1900,5 @@
-       #  hidden inside of the EAP packet, and the end server will
-       #  reject the EAP request.
-       #
--      eap
-+#     eap
- }
diff --git a/openwrt/package/freeradius/patches/freeradius-1.0.4-config.patch b/openwrt/package/freeradius/patches/freeradius-1.0.4-config.patch
new file mode 100644 (file)
index 0000000..a1c9c51
--- /dev/null
@@ -0,0 +1,311 @@
+diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
+--- freeradius-1.0.4-old/raddb/eap.conf        2004-04-15 20:34:41.000000000 +0200
++++ freeradius-1.0.4-new/raddb/eap.conf        2005-06-18 18:53:06.000000000 +0200
+@@ -72,8 +72,8 @@
+               #  User-Password, or the NT-Password attributes.
+               #  'System' authentication is impossible with LEAP.
+               #
+-              leap {
+-              }
++#             leap {
++#             }
+               #  Generic Token Card.
+               #  
+@@ -86,7 +86,7 @@
+               #  the users password will go over the wire in plain-text,
+               #  for anyone to see.
+               #
+-              gtc {
++#             gtc {
+                       #  The default challenge, which many clients
+                       #  ignore..
+                       #challenge = "Password: "
+@@ -103,8 +103,8 @@
+                       #  configured for the request, and do the
+                       #  authentication itself.
+                       #
+-                      auth_type = PAP
+-              }
++#                     auth_type = PAP
++#             }
+               ## EAP-TLS
+               #
+@@ -272,7 +272,7 @@
+               #  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+               #  currently support.
+               #
+-              mschapv2 {
+-              }
++#             mschapv2 {
++#             }
+       }
+diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
+--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
++++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
+@@ -31,13 +31,13 @@
+ #  Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
++run_dir = ${localstatedir}/run
+ #
+ #  The logging messages for the server are appended to the
+ #  tail of this file.
+ #
+-log_file = ${logdir}/radius.log
++log_file = ${localstatedir}/log/radiusd.log
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+ #  The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
++#checkrad = ${sbindir}/checkrad
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ #  allowed values: {no, yes}
+ #
+-proxy_requests  = yes
+-$INCLUDE  ${confdir}/proxy.conf
++proxy_requests  = no
++#$INCLUDE  ${confdir}/proxy.conf
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ #  'snmp' attribute to 'yes'
+ #
+ snmp  = no
+-$INCLUDE  ${confdir}/snmp.conf
++#$INCLUDE  ${confdir}/snmp.conf
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+       #  For all EAP related authentications.
+       #  Now in another file, because it is very large.
+       #
+-$INCLUDE ${confdir}/eap.conf
++#     $INCLUDE ${confdir}/eap.conf
+       # Microsoft CHAP authentication
+       #
+@@ -1034,8 +1034,8 @@
+       #
+       files {
+               usersfile = ${confdir}/users
+-              acctusersfile = ${confdir}/acct_users
+-              preproxy_usersfile = ${confdir}/preproxy_users
++#             acctusersfile = ${confdir}/acct_users
++#             preproxy_usersfile = ${confdir}/preproxy_users
+               #  If you want to use the old Cistron 'users' file
+               #  with FreeRADIUS, you should change the next line
+@@ -1168,7 +1168,7 @@
+       #  For MS-SQL, use:             ${confdir}/mssql.conf
+       #  For Oracle, use:             ${confdir}/oraclesql.conf
+       #
+-      $INCLUDE  ${confdir}/sql.conf
++#     $INCLUDE  ${confdir}/sql.conf
+       #  For Cisco VoIP specific accounting with Postgresql,
+@@ -1536,7 +1536,7 @@
+       #  The entire command line (and output) must fit into 253 bytes.
+       #
+       #  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+-      exec
++#     exec
+       #
+       #  The expression module doesn't do authorization,
+@@ -1549,7 +1549,7 @@
+       #  listed in any other section.  See 'doc/rlm_expr' for
+       #  more information.
+       #
+-      expr
++#     expr
+       #
+       # We add the counter module here so that it registers
+@@ -1576,7 +1576,7 @@
+       #  'raddb/huntgroups' files.
+       #
+       #  It also adds the %{Client-IP-Address} attribute to the request.
+-      preprocess
++#     preprocess
+       #
+       #  If you want to have a log of authentication requests,
+@@ -1589,7 +1589,7 @@
+       #
+       #  The chap module will set 'Auth-Type := CHAP' if we are
+       #  handling a CHAP request and Auth-Type has not already been set
+-      chap
++#     chap
+       #
+       #  If the users are logging in with an MS-CHAP-Challenge
+@@ -1597,7 +1597,7 @@
+       #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+       #  to the request, which will cause the server to then use
+       #  the mschap module for authentication.
+-      mschap
++#     mschap
+       #
+       #  If you have a Cisco SIP server authenticating against
+@@ -1617,7 +1617,7 @@
+       #  Otherwise, when the first style of realm doesn't match,
+       #  the other styles won't be checked.
+       #
+-      suffix
++#     suffix
+ #     ntdomain
+       #
+@@ -1626,11 +1626,11 @@
+       #
+       #  It also sets the EAP-Type attribute in the request
+       #  attribute list to the EAP type from the packet.
+-      eap
++#     eap
+       #
+       #  Read the 'users' file
+-      files
++#     files
+       #
+       #  Look in an SQL database.  The schema of the database
+@@ -1684,24 +1684,24 @@
+       #  PAP authentication, when a back-end database listed
+       #  in the 'authorize' section supplies a password.  The
+       #  password can be clear-text, or encrypted.
+-      Auth-Type PAP {
+-              pap
+-      }
++#     Auth-Type PAP {
++#             pap
++#     }
+       #
+       #  Most people want CHAP authentication
+       #  A back-end database listed in the 'authorize' section
+       #  MUST supply a CLEAR TEXT password.  Encrypted passwords
+       #  won't work.
+-      Auth-Type CHAP {
+-              chap
+-      }
++#     Auth-Type CHAP {
++#             chap
++#     }
+       #
+       #  MSCHAP authentication.
+-      Auth-Type MS-CHAP {
+-              mschap
+-      }
++#     Auth-Type MS-CHAP {
++#             mschap
++#     }
+       #
+       #  If you have a Cisco SIP server authenticating against
+@@ -1719,7 +1719,7 @@
+       #  containing CHAP-Password attributes CANNOT be authenticated
+       #  against /etc/passwd!  See the FAQ for details.
+       #  
+-      unix
++#     unix
+       # Uncomment it if you want to use ldap for authentication
+       #
+@@ -1732,7 +1732,7 @@
+       #
+       #  Allow EAP authentication.
+-      eap
++#     eap
+ }
+@@ -1740,12 +1740,12 @@
+ #  Pre-accounting.  Decide which accounting type to use.
+ #
+ preacct {
+-      preprocess
++#     preprocess
+       #
+       #  Ensure that we have a semi-unique identifier for every
+       #  request, and many NAS boxes are broken.
+-      acct_unique
++#     acct_unique
+       #
+       #  Look for IPASS-style 'realm/', and if not found, look for
+@@ -1755,12 +1755,12 @@
+       #  Accounting requests are generally proxied to the same
+       #  home server as authentication requests.
+ #     IPASS
+-      suffix
++#     suffix
+ #     ntdomain
+       #
+       #  Read the 'acct_users' file
+-      files
++#     files
+ }
+ #
+@@ -1771,20 +1771,20 @@
+       #  Create a 'detail'ed log of the packets.
+       #  Note that accounting requests which are proxied
+       #  are also logged in the detail file.
+-      detail
++#     detail
+ #     daily
+       #  Update the wtmp file
+       #
+       #  If you don't use "radlast", you can delete this line.
+-      unix
++#     unix
+       #
+       #  For Simultaneous-Use tracking.
+       #
+       #  Due to packet losses in the network, the data here
+       #  may be incorrect.  There is little we can do about it.
+-      radutmp
++#     radutmp
+ #     sradutmp
+       #  Return an address to the IP Pool when we see a stop record.
+@@ -1807,7 +1807,7 @@
+ #  or rlm_sql module can handle this.
+ #  The rlm_sql module is *much* faster
+ session {
+-      radutmp
++#     radutmp
+       #
+       #  See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1904,5 +1904,5 @@
+       #  hidden inside of the EAP packet, and the end server will
+       #  reject the EAP request.
+       #
+-      eap
++#     eap
+ }