aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorzi <zi@FreeBSD.org>2014-03-29 23:36:20 +0800
committerzi <zi@FreeBSD.org>2014-03-29 23:36:20 +0800
commit926d36a1bdbc37c04228f0731254866c24e0a366 (patch)
tree0bf03231301941610a4f887d9b4a4d6ab0193620 /net
parentf26b92546b3370297e095ac82630b198e145cd77 (diff)
downloadfreebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.tar.gz
freebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.tar.zst
freebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.zip
- Update to 3.0.2
Diffstat (limited to 'net')
-rw-r--r--net/freeradius3/Makefile24
-rw-r--r--net/freeradius3/distinfo4
-rw-r--r--net/freeradius3/files/dictionary.cisco.asa369
-rw-r--r--net/freeradius3/files/patch-rlm_krb51083
-rw-r--r--net/freeradius3/files/patch-src__lib__udpfromto.c11
-rw-r--r--net/freeradius3/files/patch-src__lib__valuepair.c11
-rw-r--r--net/freeradius3/files/patch-udpfromtofix61
-rw-r--r--net/freeradius3/pkg-plist16
8 files changed, 49 insertions, 1530 deletions
diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 4b3e860a5207..c47afeca1663 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= freeradius
-DISTVERSION= 3.0.1
-PORTREVISION= 2
+DISTVERSION= 3.0.2
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -18,8 +17,8 @@ COMMENT= A free RADIUS server implementation
LICENSE= GPLv2
-LIB_DEPENDS= gdbm:${PORTSDIR}/databases/gdbm \
- talloc:${PORTSDIR}/devel/talloc
+LIB_DEPENDS= libgdbm.so:${PORTSDIR}/databases/gdbm \
+ libtalloc.so:${PORTSDIR}/devel/talloc
LOGDIR?= /var/log
KRB5_CONFIG?= /usr/bin/krb5-config --libs
@@ -84,11 +83,11 @@ ${UNIQUENAME}_SET+= KERBEROS
.if ${PORT_OPTIONS:MKERBEROS}
.if ${PORT_OPTIONS:MHEIMDAL}
.if ${PORT_OPTIONS:MHEIMDAL_PORT}
-LIB_DEPENDS+= krb5:${PORTSDIR}/security/heimdal
+LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/heimdal
.endif
CONFIGURE_ARGS+=--enable-heimdal-krb5 --enable-pthread-support
.else
-LIB_DEPENDS+= krb5:${PORTSDIR}/security/krb5
+LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/krb5
.endif
CONFIGURE_ARGS+=--with-rlm_krb5
.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT)
@@ -147,7 +146,7 @@ PLIST_SUB+= PGSQL="@comment "
.if ${PORT_OPTIONS:MUNIXODBC}
CONFIGURE_ARGS+=--with-rlm_sql_unixodbc
PLIST_SUB+= UNIXODBC=""
-LIB_DEPENDS+= odbc:${PORTSDIR}/databases/unixODBC
+LIB_DEPENDS+= libodbc.so:${PORTSDIR}/databases/unixODBC
.else
CONFIGURE_ARGS+=--without-rlm_sql_unixodbc
PLIST_SUB+= UNIXODBC="@comment "
@@ -202,7 +201,7 @@ EXPM= yes
.endif
.if ${PORT_OPTIONS:MREDIS}
-LIB_DEPENDS+= hiredis:${PORTSDIR}/databases/hiredis
+LIB_DEPENDS+= libhiredis.so:${PORTSDIR}/databases/hiredis
CONFIGURE_ARGS+=--with-rlm_redis --with-rlm_rediswho
PLIST_SUB+= RLMREDIS=""
.else
@@ -217,8 +216,8 @@ EXPM= yes
.if ${PORT_OPTIONS:MREST}
IGNORE= requires devel/json-c to be updated to 0.11 to build with RESTful support
-LIB_DEPENDS+= json:${PORTSDIR}/devel/json-c \
- curl:${PORTSDIR}/ftp/curl
+LIB_DEPENDS+= libjson.so:${PORTSDIR}/devel/json-c \
+ libcurl.so:${PORTSDIR}/ftp/curl
CONFIGURE_ARGS+=--with-rlm_rest \
--with-libcurl=${LOCALBASE} \
--with-jsonc-lib-dir=${LOCALBASE}/lib \
@@ -235,7 +234,7 @@ EXPM= yes
.endif
.if ${PORT_OPTIONS:MFREETDS}
-LIB_DEPENDS+= tds:${PORTSDIR}/databases/freetds
+LIB_DEPENDS+= libtds.so:${PORTSDIR}/databases/freetds
CONFIGURE_ARGS+=--with-rlm_freetds
PLIST_SUB+= RLMFREETDS=""
.else
@@ -249,7 +248,7 @@ EXPM= yes
.endif
.if ${PORT_OPTIONS:MIDN}
-LIB_DEPENDS+= idn:${PORTSDIR}/dns/libidn
+LIB_DEPENDS+= libidn.so:${PORTSDIR}/dns/libidn
CONFIGURE_ARGS+=--with-rlm_idn
PLIST_SUB+= RLMIDN=""
.else
@@ -395,7 +394,6 @@ pre-install:
PRE-INSTALL
post-install:
- @${INSTALL_DATA} ${FILESDIR}/dictionary.cisco.asa ${DATADIR}
# If ${PREFIX}/etc/raddb isn't a directory (or a symlink), make a copy
# of ${EXAMPLESDIR}/raddb as ${PREFIX}/etc/raddb, then bootstrap the
# certificates
diff --git a/net/freeradius3/distinfo b/net/freeradius3/distinfo
index a52bbe998abd..7192053fc2fd 100644
--- a/net/freeradius3/distinfo
+++ b/net/freeradius3/distinfo
@@ -1,2 +1,2 @@
-SHA256 (freeradius-server-3.0.1.tar.bz2) = bde926077fa520c71d2861cd1cc9abf5a3ce866e05f35ed5188a057c37fc002d
-SIZE (freeradius-server-3.0.1.tar.bz2) = 2635534
+SHA256 (freeradius-server-3.0.2.tar.bz2) = 20dc8d1ca9de9ed70ff63369aeec9100ca0ed9630d9d42f707bc3293cd259329
+SIZE (freeradius-server-3.0.2.tar.bz2) = 2657652
diff --git a/net/freeradius3/files/dictionary.cisco.asa b/net/freeradius3/files/dictionary.cisco.asa
deleted file mode 100644
index 493179a693b0..000000000000
--- a/net/freeradius3/files/dictionary.cisco.asa
+++ /dev/null
@@ -1,369 +0,0 @@
-# -*- text -*-
-# Copyright (C) 2013 The FreeRADIUS Server project and contributors
-#
-# Cisco Adaptative Security Appliance (ASA) Dictionary
-#
-# http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ref_extserver.html#wp1802187
-#
-# $Id$
-#
-
-VENDOR Cisco-ASA 3076
-
-BEGIN-VENDOR Cisco-ASA
-
-ATTRIBUTE ASA-Simultaneous-Logins 2 integer
-ATTRIBUTE ASA-Primary-DNS 5 string
-ATTRIBUTE ASA-Secondary-DNS 6 string
-ATTRIBUTE ASA-Primary-WINS 7 string
-ATTRIBUTE ASA-Secondary-WINS 8 string
-ATTRIBUTE ASA-SEP-Card-Assignment 9 integer
-ATTRIBUTE ASA-Tunneling-Protocols 11 integer
-ATTRIBUTE ASA-IPsec-Sec-Association 12 string
-ATTRIBUTE ASA-IPsec-Authentication 13 integer
-ATTRIBUTE ASA-Banner1 15 string
-ATTRIBUTE ASA-IPsec-Allow-Passwd-Store 16 integer
-ATTRIBUTE ASA-Use-Client-Address 17 integer
-ATTRIBUTE ASA-PPTP-Encryption 20 integer
-ATTRIBUTE ASA-L2TP-Encryption 21 integer
-ATTRIBUTE ASA-Group-Policy 25 string
-ATTRIBUTE ASA-IPsec-Split-Tunnel-List 27 string
-ATTRIBUTE ASA-IPsec-Default-Domain 28 string
-ATTRIBUTE ASA-IPsec-Split-DNS-Names 29 string
-ATTRIBUTE ASA-IPsec-Tunnel-Type 30 integer
-ATTRIBUTE ASA-IPsec-Mode-Config 31 integer
-ATTRIBUTE ASA-IPsec-Over-UDP 34 integer
-ATTRIBUTE ASA-IPsec-Over-UDP-Port 35 integer
-ATTRIBUTE ASA-Banner2 36 string
-ATTRIBUTE ASA-PPTP-MPPC-Compression 37 integer
-ATTRIBUTE ASA-L2TP-MPPC-Compression 38 integer
-ATTRIBUTE ASA-IPsec-IP-Compression 39 integer
-ATTRIBUTE ASA-IPsec-IKE-Peer-ID-Check 40 integer
-ATTRIBUTE ASA-IKE-Keep-Alives 41 integer
-ATTRIBUTE ASA-IPsec-Auth-On-Rekey 42 integer
-ATTRIBUTE ASA-Required-Client-Firewall-Vendor-Code 45 integer
-ATTRIBUTE ASA-Required-Client-Firewall-Product-Code 46 integer
-ATTRIBUTE ASA-Required-Client-Firewall-Description 47 string
-ATTRIBUTE ASA-Require-HW-Client-Auth 48 integer
-ATTRIBUTE ASA-Required-Individual-User-Auth 49 integer
-ATTRIBUTE ASA-Authenticated-User-Idle-Timeout 50 integer
-ATTRIBUTE ASA-Cisco-IP-Phone-Bypass 51 integer
-ATTRIBUTE ASA-IPsec-Split-Tunneling-Policy 55 integer
-ATTRIBUTE ASA-IPsec-Required-Client-Firewall-Capability 56 integer
-ATTRIBUTE ASA-IPsec-Client-Firewall-Filter-Name 57 string
-ATTRIBUTE ASA-IPsec-Client-Firewall-Filter-Optional 58 integer
-ATTRIBUTE ASA-IPsec-Backup-Servers 59 integer
-ATTRIBUTE ASA-IPsec-Backup-Server-List 60 string
-ATTRIBUTE ASA-DHCP-Network-Scope 61 string
-ATTRIBUTE ASA-Intercept-DHCP-Configure-Msg 62 integer
-ATTRIBUTE ASA-MS-Client-Subnet-Mask 63 integer
-ATTRIBUTE ASA-Allow-Network-Extension-Mode 64 integer
-ATTRIBUTE ASA-Authorization-Type 65 integer
-ATTRIBUTE ASA-Authorization-Required 66 integer
-ATTRIBUTE ASA-Authorization-DN-Field 67 string
-ATTRIBUTE ASA-Authorization-DN-Field 67 string
-ATTRIBUTE ASA-IKE-KeepAlive-Confidence-Interval 68 integer
-ATTRIBUTE ASA-WebVPN-Content-Filter-Parameters 69 integer
-ATTRIBUTE ASA-WebVPN-HTML-Filter 69 integer
-ATTRIBUTE ASA-WebVPN-URL-List 71 string
-ATTRIBUTE ASA-WebVPN-Port-Forwarding-List 72 string
-ATTRIBUTE ASA-WebVPN-Access-List 73 string
-ATTRIBUTE ASA-WebVPNACL 73 string
-ATTRIBUTE ASA-WebVPN-HTTP-Proxy-IP-Address 74 string
-ATTRIBUTE ASA-Cisco-LEAP-Bypass 75 integer
-ATTRIBUTE ASA-WebVPN-Default-Homepage 76 string
-ATTRIBUTE ASA-Client-Type-Version-Limiting 77 string
-ATTRIBUTE ASA-WebVPN-Group-based-HTTP/HTTPS-Proxy-Exception-List 78 string
-ATTRIBUTE ASA-WebVPN-Port-Forwarding-Name 79 string
-ATTRIBUTE ASA-IE-Proxy-Server 80 string
-ATTRIBUTE ASA-IE-Proxy-Server-Policy 81 integer
-ATTRIBUTE ASA-IE-Proxy-Exception-List 82 string
-ATTRIBUTE ASA-IE-Proxy-Bypass-Local 83 integer
-ATTRIBUTE ASA-IKE-Keepalive-Retry-Interval 84 integer
-ATTRIBUTE ASA-Tunnel-Group-Lock 85 string
-ATTRIBUTE ASA-Access-List-Inbound 86 string
-ATTRIBUTE ASA-Access-List-Outbound 87 string
-ATTRIBUTE ASA-Perfect-Forward-Secrecy-Enable 88 integer
-ATTRIBUTE ASA-NAC-Enable 89 integer
-ATTRIBUTE ASA-NAC-Status-Query-Timer 90 integer
-ATTRIBUTE ASA-NAC-Revalidation-Timer 91 integer
-ATTRIBUTE ASA-NAC-Default-ACL 92 string
-ATTRIBUTE ASA-WebVPN-URL-Entry-Enable 93 integer
-ATTRIBUTE ASA-WebVPN-File-Access-Enable 94 integer
-ATTRIBUTE ASA-WebVPN-File-Server-Entry-Enable 95 integer
-ATTRIBUTE ASA-WebVPN-File-Server-Browsing-Enable 96 integer
-ATTRIBUTE ASA-WebVPN-Port-Forwarding-Enable 97 integer
-ATTRIBUTE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable 98 integer
-ATTRIBUTE ASA-WebVPN-Port-Forwarding-HTTP-Proxy 99 integer
-ATTRIBUTE ASA-WebVPN-Citrix-Metaframe-Enable 101 integer
-ATTRIBUTE ASA-WebVPN-Apply-ACL 102 integer
-ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Enable 103 integer
-ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Required 104 integer
-ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Keep-Installation 105 integer
-ATTRIBUTE ASA-SVC-Keepalive 107 integer
-ATTRIBUTE ASA-WebVPN-SVC-Keepalive-Frequency 107 integer
-ATTRIBUTE ASA-SVC-DPD-Interval-Client 108 integer
-ATTRIBUTE ASA-WebVPN-SVC-Client-DPD-Frequency 108 integer
-ATTRIBUTE ASA-SVC-DPD-Interval-Gateway 109 integer
-ATTRIBUTE ASA-WebVPN-SVC-Gateway-DPD-Frequency 109 integer
-ATTRIBUTE ASA-SVC-Rekey-Time 110 integer
-ATTRIBUTE ASA-WebVPN-SVC-Rekey-Time 110 integer
-ATTRIBUTE ASA-WebVPN-SVC-Rekey-Method 111 integer
-ATTRIBUTE ASA-WebVPN-SVC-Compression 112 integer
-ATTRIBUTE ASA-WebVPN-Customization 113 string
-ATTRIBUTE ASA-WebVPN-SSO-Server-Name 114 string
-ATTRIBUTE ASA-WebVPN-Deny-Message 116 string
-ATTRIBUTE ASA-WebVPN-HTTP-Compression 120 integer
-ATTRIBUTE ASA-WebVPN-Keepalive-Ignore 121 integer
-ATTRIBUTE ASA-Extended-Authentication-On-Rekey 122 integer
-ATTRIBUTE ASA-SVC-DTLS 123 integer
-ATTRIBUTE ASA-WebVPN-SVC-DTLS-Enable 123 integer
-ATTRIBUTE ASA-WebVPN-Auto-HTTP-Signon 124 string
-ATTRIBUTE ASA-SVC-MTU 125 integer
-ATTRIBUTE ASA-WebVPN-SVC-DTLS-MTU 125 integer
-ATTRIBUTE ASA-WebVPN-Hidden-Shares 126 integer
-ATTRIBUTE ASA-SVC-Modules 127 string
-ATTRIBUTE ASA-SVC-Profiles 128 string
-ATTRIBUTE ASA-SVC-Ask 131 integer
-ATTRIBUTE ASA-SVC-Ask-Timeout 132 integer
-ATTRIBUTE ASA-IE-Proxy-PAC-URL 133 string
-ATTRIBUTE ASA-Strip-Realm 135 integer
-ATTRIBUTE ASA-Smart-Tunnel 136 string
-ATTRIBUTE ASA-WebVPN-Smart-Tunnel 136 string
-ATTRIBUTE ASA-WebVPN-ActiveX-Relay 137 integer
-ATTRIBUTE ASA-Smart-Tunnel-Auto 138 integer
-ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Auto-Start 138 integer
-ATTRIBUTE ASA-Smart-Tunnel-Auto-Signon-Enable 139 string
-ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Auto-Sign-On 139 string
-ATTRIBUTE ASA-VLAN 140 integer
-ATTRIBUTE ASA-NAC-Settings 141 string
-ATTRIBUTE ASA-Member-Of 145 string
-ATTRIBUTE ASA-TunnelGroupName 146 string
-ATTRIBUTE ASA-WebVPN-Idle-Timeout-Alert-Interval 148 integer
-ATTRIBUTE ASA-WebVPN-Session-Timeout-Alert-Interval 149 integer
-ATTRIBUTE ASA-ClientType 150 integer
-ATTRIBUTE ASA-SessionType 151 integer
-ATTRIBUTE ASA-SessionSubtype 152 integer
-ATTRIBUTE ASA-WebVPN-Download_Max-Size 157 integer
-ATTRIBUTE ASA-WebVPN-Upload-Max-Size 158 integer
-ATTRIBUTE ASA-WebVPN-Post-Max-Size 159 integer
-ATTRIBUTE ASA-WebVPN-User-Storage 160 string
-ATTRIBUTE ASA-WebVPN-Storage-Objects 161 string
-ATTRIBUTE ASA-WebVPN-Storage-Key 162 string
-ATTRIBUTE ASA-WebVPN-VDI 163 string
-ATTRIBUTE ASA-Address-Pools 217 string
-ATTRIBUTE ASA-IPv6-Address-Pools 218 string
-ATTRIBUTE ASA-IPv6-VPN-Filter 219 string
-ATTRIBUTE ASA-Privilege-Level 220 integer
-ATTRIBUTE ASA-WebVPN-UNIX-User-ID 221 integer
-ATTRIBUTE ASA-WebVPN-UNIX-Group-ID 222 integer
-ATTRIBUTE ASA-WebVPN-Macro-Substitution-Value1 223 string
-ATTRIBUTE ASA-WebVPN-Macro-Substitution-Value2 224 string
-ATTRIBUTE ASA-WebVPNSmart-Card-Removal-Disconnect 225 integer
-ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Tunnel-Policy 227 string
-ATTRIBUTE ASA-WebVPN-Home-Page-Use-Smart-Tunnel 228 integer
-
-VALUE ASA-Authorization-Required No 0
-VALUE ASA-Authorization-Required Yes 1
-
-VALUE ASA-Authorization-Type None 0
-VALUE ASA-Authorization-Type Radius 1
-VALUE ASA-Authorization-Type LDAP 2
-
-VALUE ASA-Cisco-IP-Phone-Bypass Disabled 0
-VALUE ASA-Cisco-IP-Phone-Bypass Enabled 1
-
-VALUE ASA-Cisco-LEAP-Bypass Disabled 0
-VALUE ASA-Cisco-LEAP-Bypass Enabled 1
-
-VALUE ASA-ClientType Cisco-VPN-Client-IKEv1 1
-VALUE ASA-ClientType AnyConnect-Client-SSL-VPN 2
-VALUE ASA-ClientType Clientless-SSL-VPN 3
-VALUE ASA-ClientType Cut-Through-Proxy 4
-VALUE ASA-ClientType L2TP/IPsec-SSL-VPN 5
-VALUE ASA-ClientType AnyConnect-Client-IPSec-VPN-IKEv2 6
-
-VALUE ASA-Extended-Authentication-On-Rekey Disabled 0
-VALUE ASA-Extended-Authentication-On-Rekey Enabled 1
-
-VALUE ASA-IE-Proxy-Bypass-Local None 0
-VALUE ASA-IE-Proxy-Bypass-Local Local 1
-
-VALUE ASA-IE-Proxy-Server-Policy No-Modify 1
-VALUE ASA-IE-Proxy-Server-Policy No-Proxy 2
-VALUE ASA-IE-Proxy-Server-Policy Auto-detect 3
-VALUE ASA-IE-Proxy-Server-Policy Use-Concentrator-Setting 4
-
-VALUE ASA-IKE-Keep-Alives Disabled 0
-VALUE ASA-IKE-Keep-Alives Enabled 1
-
-VALUE ASA-Allow-Network-Extension-Mode Disabled 0
-VALUE ASA-Allow-Network-Extension-Mode Enabled 1
-
-VALUE ASA-Intercept-DHCP-Configure-Msg Disabled 0
-VALUE ASA-Intercept-DHCP-Configure-Msg Enabled 1
-
-VALUE ASA-IPsec-Allow-Passwd-Store Disabled 0
-VALUE ASA-IPsec-Allow-Passwd-Store Enabled 1
-
-VALUE ASA-IPsec-Authentication None 0
-VALUE ASA-IPsec-Authentication RADIUS 1
-VALUE ASA-IPsec-Authentication LDAP-Authorization-only 2
-VALUE ASA-IPsec-Authentication NT-Domain 3
-VALUE ASA-IPsec-Authentication SDI 4
-VALUE ASA-IPsec-Authentication Internal 5
-VALUE ASA-IPsec-Authentication RADIUS-with-Expiry 6
-VALUE ASA-IPsec-Authentication Kerberos/Active-Directory 7
-
-VALUE ASA-IPsec-Auth-On-Rekey Disabled 0
-VALUE ASA-IPsec-Auth-On-Rekey Enabled 1
-
-VALUE ASA-IPsec-Backup-Servers Use-Client-Configured-List 1
-VALUE ASA-IPsec-Backup-Servers Disable-and-clear-client-list 2
-VALUE ASA-IPsec-Backup-Servers Use-Backup-Server-List 3
-
-VALUE ASA-IPsec-Client-Firewall-Filter-Optional Required 0
-VALUE ASA-IPsec-Client-Firewall-Filter-Optional Optional 1
-
-VALUE ASA-IPsec-IKE-Peer-ID-Check Required 1
-VALUE ASA-IPsec-IKE-Peer-ID-Check If-Supported-By-Peer-Certificate 2
-VALUE ASA-IPsec-IKE-Peer-ID-Check Do-Not-Check 3
-
-VALUE ASA-IPsec-IP-Compression Disabled 0
-VALUE ASA-IPsec-IP-Compression Enabled 1
-
-VALUE ASA-IPsec-Mode-Config Disabled 0
-VALUE ASA-IPsec-Mode-Config Enabled 1
-
-VALUE ASA-IPsec-Over-UDP Disabled 0
-VALUE ASA-IPsec-Over-UDP Enabled 1
-
-VALUE ASA-IPsec-Required-Client-Firewall-Capability None 0
-VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-Remotely-Defined 1
-VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-Pushed 2
-VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-from-Server 4
-
-VALUE ASA-IPsec-Split-Tunneling-Policy No-Split-Tunneling 0
-VALUE ASA-IPsec-Split-Tunneling-Policy Split-Tunneling 1
-VALUE ASA-IPsec-Split-Tunneling-Policy Local-LAN-Permitted 2
-
-VALUE ASA-IPsec-Tunnel-Type LAN-to-LAN 1
-VALUE ASA-IPsec-Tunnel-Type Remote-Access 2
-
-VALUE ASA-L2TP-MPPC-Compression Disabled 0
-VALUE ASA-L2TP-MPPC-Compression Enabled 1
-
-VALUE ASA-NAC-Enable No 0
-VALUE ASA-NAC-Enable Yes 1
-
-VALUE ASA-Perfect-Forward-Secrecy-Enable No 0
-VALUE ASA-Perfect-Forward-Secrecy-Enable Yes 1
-
-VALUE ASA-PPTP-MPPC-Compression Disabled 0
-VALUE ASA-PPTP-MPPC-Compression Enabled 1
-
-VALUE ASA-Required-Client-Firewall-Vendor-Code Cisco-CIC 1
-VALUE ASA-Required-Client-Firewall-Vendor-Code Zone-Labs 2
-VALUE ASA-Required-Client-Firewall-Vendor-Code NetworkICE 3
-VALUE ASA-Required-Client-Firewall-Vendor-Code Sygate 4
-VALUE ASA-Required-Client-Firewall-Vendor-Code Cisco-IPSA 5
-
-VALUE ASA-Required-Individual-User-Auth Disabled 0
-VALUE ASA-Required-Individual-User-Auth Enabled 1
-
-VALUE ASA-Require-HW-Client-Auth Disabled 0
-VALUE ASA-Require-HW-Client-Auth Enabled 1
-
-VALUE ASA-SessionSubtype None 0
-VALUE ASA-SessionSubtype Clientless 1
-VALUE ASA-SessionSubtype Client 2
-VALUE ASA-SessionSubtype Client-Only 3
-
-VALUE ASA-SessionType None 0
-VALUE ASA-SessionType AnyConnect-Client-SSL-VPN 1
-VALUE ASA-SessionType AnyConnect-Client-IPSec-VPN/IKEv2 2
-VALUE ASA-SessionType Clientless-SSL-VPN 3
-VALUE ASA-SessionType Clientless-Email-Proxy 4
-VALUE ASA-SessionType Cisco-VPN-Client/IKEv1 5
-VALUE ASA-SessionType IKEv1-LAN-to-LAN 6
-VALUE ASA-SessionType IKEv2-LAN-to-LAN 7
-VALUE ASA-SessionType VPN-Load-Balancing 8
-
-VALUE ASA-Smart-Tunnel-Auto Disabled 0
-VALUE ASA-Smart-Tunnel-Auto Enabled 1
-VALUE ASA-Smart-Tunnel-Auto AutoStart 2
-
-VALUE ASA-Strip-Realm Disabled 0
-VALUE ASA-Strip-Realm Enabled 1
-
-VALUE ASA-SVC-Ask Disabled 0
-VALUE ASA-SVC-Ask Enabled 1
-VALUE ASA-SVC-Ask Enable-Default-Service 3
-VALUE ASA-SVC-Ask Enable-Default-Clientless 5
-
-VALUE ASA-SVC-DTLS FALSE 0
-VALUE ASA-SVC-DTLS TRUE 1
-
-VALUE ASA-Use-Client-Address Disabled 0
-VALUE ASA-Use-Client-Address Enabled 1
-
-VALUE ASA-WebVPN-Apply-ACL Disabled 0
-VALUE ASA-WebVPN-Apply-ACL Enabled 1
-
-VALUE ASA-WebVPN-Citrix-Metaframe-Enable Disabled 0
-VALUE ASA-WebVPN-Citrix-Metaframe-Enable Enabled 1
-
-VALUE ASA-WebVPN-File-Access-Enable Disabled 0
-VALUE ASA-WebVPN-File-Access-Enable Enabled 1
-
-VALUE ASA-WebVPN-File-Server-Browsing-Enable Disabled 0
-VALUE ASA-WebVPN-File-Server-Browsing-Enable Enabled 1
-
-VALUE ASA-WebVPN-File-Server-Entry-Enable Disabled 0
-VALUE ASA-WebVPN-File-Server-Entry-Enable Enabled 1
-
-VALUE ASA-WebVPN-Hidden-Shares None 0
-VALUE ASA-WebVPN-Hidden-Shares Visible 1
-
-VALUE ASA-WebVPN-HTTP-Compression Off 0
-VALUE ASA-WebVPN-HTTP-Compression Deflate-Compression 1
-
-VALUE ASA-WebVPN-Port-Forwarding-Enable Disabled 0
-VALUE ASA-WebVPN-Port-Forwarding-Enable Enabled 1
-
-VALUE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Disabled 0
-VALUE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Enabled 1
-
-VALUE ASA-WebVPN-Port-Forwarding-HTTP-Proxy Disabled 0
-VALUE ASA-WebVPN-Port-Forwarding-HTTP-Proxy Enabled 1
-
-VALUE ASA-WebVPNSmart-Card-Removal-Disconnect Disabled 0
-VALUE ASA-WebVPNSmart-Card-Removal-Disconnect Enabled 1
-
-VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start Disabled 0
-VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start Enabled 1
-VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start AutoStart 2
-
-VALUE ASA-WebVPN-SSL-VPN-Client-Enable Disabled 0
-VALUE ASA-WebVPN-SSL-VPN-Client-Enable Enabled 1
-
-VALUE ASA-WebVPN-SSL-VPN-Client-Keep-Installation Disabled 0
-VALUE ASA-WebVPN-SSL-VPN-Client-Keep-Installation Enabled 1
-
-VALUE ASA-WebVPN-SSL-VPN-Client-Required Disabled 0
-VALUE ASA-WebVPN-SSL-VPN-Client-Required Enabled 1
-
-VALUE ASA-WebVPN-SVC-DTLS-Enable Disabled 0
-VALUE ASA-WebVPN-SVC-DTLS-Enable Enabled 1
-
-VALUE ASA-WebVPN-SVC-Rekey-Method Off 0
-VALUE ASA-WebVPN-SVC-Rekey-Method SSL 1
-VALUE ASA-WebVPN-SVC-Rekey-Method New-Tunnel 2
-
-VALUE ASA-WebVPN-SVC-Compression Off 0
-VALUE ASA-WebVPN-SVC-Compression Deflate-Compression 1
-
-VALUE ASA-WebVPN-URL-Entry-Enable Disabled 0
-VALUE ASA-WebVPN-URL-Entry-Enable Enabled 1
-
-END-VENDOR Cisco-ASA
diff --git a/net/freeradius3/files/patch-rlm_krb5 b/net/freeradius3/files/patch-rlm_krb5
deleted file mode 100644
index ee61b51122e4..000000000000
--- a/net/freeradius3/files/patch-rlm_krb5
+++ /dev/null
@@ -1,1083 +0,0 @@
---- ./src/modules/rlm_krb5/configure.orig 2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/configure 2014-02-05 08:27:14.000000000 -0500
-@@ -1468,6 +1468,73 @@
-
- } # ac_fn_c_try_link
-
-+# ac_fn_c_check_func LINENO FUNC VAR
-+# ----------------------------------
-+# Tests whether FUNC exists, setting the cache variable VAR accordingly
-+ac_fn_c_check_func ()
-+{
-+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-+$as_echo_n "checking for $2... " >&6; }
-+if eval \${$3+:} false; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
-+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
-+#define $2 innocuous_$2
-+
-+/* System header to define __stub macros and hopefully few prototypes,
-+ which can conflict with char $2 (); below.
-+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-+ <limits.h> exists even on freestanding compilers. */
-+
-+#ifdef __STDC__
-+# include <limits.h>
-+#else
-+# include <assert.h>
-+#endif
-+
-+#undef $2
-+
-+/* Override any GCC internal prototype to avoid an error.
-+ Use char because int might match the return type of a GCC
-+ builtin and then its argument prototype would still apply. */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char $2 ();
-+/* The GNU C library defines this for functions which it implements
-+ to always fail with ENOSYS. Some functions are actually named
-+ something starting with __ and the normal name is an alias. */
-+#if defined __stub_$2 || defined __stub___$2
-+choke me
-+#endif
-+
-+int
-+main ()
-+{
-+return $2 ();
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+ eval "$3=yes"
-+else
-+ eval "$3=no"
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+fi
-+eval ac_res=\$$3
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-+$as_echo "$ac_res" >&6; }
-+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-+
-+} # ac_fn_c_check_func
-+
- # ac_fn_c_try_run LINENO
- # ----------------------
- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-@@ -2856,10 +2923,10 @@
- if test "$krb5_config" != 'not-found'; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5
- $as_echo_n "checking krb5-config CFLAGS... " >&6; }
-- SMART_CFLAGS=$($krb5_config --cflags)
-- SMART_CFLAGS=$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5
--$as_echo "${SMART_CFLAGS}" >&6; }
-+ SMART_CPPFLAGS=$($krb5_config --cflags)
-+ SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5
-+$as_echo "\"$SMART_CPPFLAGS\"" >&6; }
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5
- $as_echo_n "checking krb5-config LDFLAGS... " >&6; }
-@@ -2900,7 +2967,7 @@
-
-
- ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
-
-@@ -2908,7 +2975,7 @@
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
- $as_echo_n "checking for krb5.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -2937,7 +3004,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-@@ -3003,7 +3070,7 @@
- for try in $smart_include_dir /usr/local/include /opt/include; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
- $as_echo_n "checking for krb5.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -3032,13 +3099,13 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
- eval "ac_cv_header_$ac_safe=yes"
-- CFLAGS="$old_CFLAGS $smart_include"
-- SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+ CPPFLAGS="$smart_include $old_CPPFLAGS"
-+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- if test "$ac_cv_header_krb5_h" != "yes"; then
-@@ -3053,14 +3120,17 @@
- sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
- $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lk5crypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_encrypt_data();
-@@ -3074,7 +3144,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try"
-+ smart_lib="-lk5crypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3087,6 +3158,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -3178,7 +3250,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
- $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
-- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lk5crypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_encrypt_data();
-@@ -3192,7 +3265,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try"
-+ smart_lib="-lk5crypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3205,12 +3279,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-@@ -3224,14 +3299,17 @@
- sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
- $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
-- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lcrypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char DH_new();
-@@ -3245,7 +3323,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lcrypto -Wl,-rpath,$try"
-+ smart_lib="-lcrypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3258,6 +3337,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -3349,7 +3429,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
- $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
-- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lcrypto $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char DH_new();
-@@ -3363,7 +3444,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lcrypto -Wl,-rpath,$try"
-+ smart_lib="-lcrypto"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3376,12 +3458,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-@@ -3400,14 +3483,17 @@
- sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
- $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lcom_err $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char set_com_err_hook();
-@@ -3421,7 +3507,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lcom_err -Wl,-rpath,$try"
-+ smart_lib="-lcom_err"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3434,6 +3521,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -3525,7 +3613,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
- $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
-- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lcom_err $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char set_com_err_hook();
-@@ -3539,7 +3628,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lcom_err -Wl,-rpath,$try"
-+ smart_lib="-lcom_err"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3552,12 +3642,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-@@ -3571,14 +3662,17 @@
- sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_verify_user_opt();
-@@ -3592,7 +3686,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3605,6 +3700,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -3696,7 +3792,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_verify_user_opt();
-@@ -3710,7 +3807,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3723,12 +3821,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
-@@ -3742,14 +3841,17 @@
- sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_get_init_creds_password();
-@@ -3763,7 +3865,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3776,6 +3879,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -3867,7 +3971,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_get_init_creds_password();
-@@ -3881,7 +3986,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3894,12 +4000,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-@@ -3910,7 +4017,29 @@
- fi
-
- LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-- CFLAGS="${CFLAGS} ${SMART_CFLAGS}"
-+ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+ for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message
-+do :
-+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-+ cat >>confdefs.h <<_ACEOF
-+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-+_ACEOF
-+
-+fi
-+done
-+
-+ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE"
-+ fi
-+ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE"
-+ fi
-+ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING"
-+ fi
-
- if test "$krb5threadsafe" != "no"; then
- krb5threadsafe=
-@@ -3921,14 +4050,17 @@
- sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'`
-
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
-
- if test "x$smart_try_dir" != "x"; then
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_is_thread_safe();
-@@ -3942,7 +4074,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -3955,6 +4088,7 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" = "x"; then
-@@ -4046,7 +4180,8 @@
- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
-- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+ LIBS="-lkrb5 $old_LIBS"
-+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- extern char krb5_is_thread_safe();
-@@ -4060,7 +4195,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
-
-- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+ smart_lib="-lkrb5"
-+ smart_ldflags="-L$try -Wl,-rpath,$try"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- break
-@@ -4073,12 +4209,13 @@
- conftest$ac_exeext conftest.$ac_ext
- done
- LIBS="$old_LIBS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_lib" != "x"; then
- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_lib $old_LIBS"
-- SMART_LIBS="$smart_lib $SMART_LIBS"
-+ LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
-
- if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
-@@ -4118,7 +4255,7 @@
-
-
- ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
-
-@@ -4126,7 +4263,7 @@
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
- $as_echo_n "checking for com_err.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -4155,7 +4292,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-@@ -4221,7 +4358,7 @@
- for try in $smart_include_dir /usr/local/include /opt/include; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
- $as_echo_n "checking for com_err.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -4250,20 +4387,20 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
- eval "ac_cv_header_$ac_safe=yes"
-- CFLAGS="$old_CFLAGS $smart_include"
-- SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+ CPPFLAGS="$smart_include $old_CPPFLAGS"
-+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- if test "$ac_cv_header_com_err_h" != "yes"; then
-
-
- ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
-
-@@ -4271,7 +4408,7 @@
- for try in $smart_try_dir; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
- $as_echo_n "checking for et/com_err.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -4300,7 +4437,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" = "x"; then
-@@ -4366,7 +4503,7 @@
- for try in $smart_include_dir /usr/local/include /opt/include; do
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
- $as_echo_n "checking for et/com_err.h in $try... " >&6; }
-- CFLAGS="$old_CFLAGS -isystem $try"
-+ CPPFLAGS="-isystem $try $old_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -4395,13 +4532,13 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-- CFLAGS="$old_CFLAGS"
-+ CPPFLAGS="$old_CPPFLAGS"
- fi
-
- if test "x$smart_include" != "x"; then
- eval "ac_cv_header_$ac_safe=yes"
-- CFLAGS="$old_CFLAGS $smart_include"
-- SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+ CPPFLAGS="$smart_include $old_CPPFLAGS"
-+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
-
- if test "$ac_cv_header_et_com_err_h" != "yes"; then
-@@ -4431,8 +4568,8 @@
- fi
- fi
-
--mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
--mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
-+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
-+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
-
-
-
---- ./src/modules/rlm_krb5/configure.ac.orig 2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/configure.ac 2014-02-05 08:27:14.000000000 -0500
-@@ -31,9 +31,9 @@
- dnl #
- if test "$krb5_config" != 'not-found'; then
- AC_MSG_CHECKING([krb5-config CFLAGS])
-- SMART_CFLAGS=$($krb5_config --cflags)
-- SMART_CFLAGS=[$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')]
-- AC_MSG_RESULT(${SMART_CFLAGS})
-+ SMART_CPPFLAGS=$($krb5_config --cflags)
-+ SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')]
-+ AC_MSG_RESULT("$SMART_CPPFLAGS")
-
- AC_MSG_CHECKING([krb5-config LDFLAGS])
- SMART_LIBS=$($krb5_config --libs)
-@@ -111,7 +111,21 @@
- dnl # Need to ensure the test program(s) link against the right library
- dnl #
- LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
-- CFLAGS="${CFLAGS} ${SMART_CFLAGS}"
-+ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+ dnl #
-+ dnl # Check how to free things returned by krb5_get_error_message
-+ dnl #
-+ AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message])
-+ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE"
-+ fi
-+ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE"
-+ fi
-+ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then
-+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING"
-+ fi
-
- dnl #
- dnl # Only check if version checks have not found kerberos to be thread unsafe
-@@ -160,8 +174,8 @@
- fi
- fi
-
--mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
--mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
-+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
-+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
-
- AC_SUBST(mod_ldflags)
- AC_SUBST(mod_cflags)
---- ./src/modules/rlm_krb5/krb5.c.orig 2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/krb5.c 2014-02-05 08:27:22.000000000 -0500
-@@ -15,19 +15,19 @@
- */
-
- /**
-- * $Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $
-+ * $Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $
- * @file krb5.h
- * @brief Context management functions for rlm_krb5
- *
- * @copyright 2013 The FreeRADIUS server project
- * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
- */
--RCSID("$Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $")
-+RCSID("$Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $")
-
- #include <freeradius-devel/radiusd.h>
- #include "krb5.h"
-
--#ifdef HEIMDAL_KRB5
-+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
- # define KRB5_STRERROR_BUFSIZE (2048)
-
- fr_thread_local_setup(char *, krb5_error_buffer) /* macro */
-@@ -60,7 +60,7 @@
-
- ret = fr_thread_local_set(krb5_error_buffer, buffer);
- if (ret != 0) {
-- ERROR("Failed setting up TLS for krb5 error buffer: %s", fr_syserror(ret));
-+ ERROR("Failed setting up TLS for krb5 error buffer: %s", strerror(ret));
- free(buffer);
- return NULL;
- }
-@@ -69,7 +69,18 @@
- msg = krb5_get_error_message(context, code);
- if (msg) {
- strlcpy(buffer, msg, KRB5_STRERROR_BUFSIZE);
-+#ifdef HAVE_KRB5_FREE_ERROR_MESSAGE
- krb5_free_error_message(context, msg);
-+#elif defined(HAVE_KRB5_FREE_ERROR_STRING)
-+ {
-+ char *free;
-+
-+ memcpy(&free, &msg, sizeof(free));
-+ krb5_free_error_string(context, free);
-+ }
-+#else
-+# error "No way to free error strings, missing krb5_free_error_message() and krb5_free_error_string()"
-+#endif
- } else {
- strlcpy(buffer, "Unknown error", KRB5_STRERROR_BUFSIZE);
- }
-@@ -102,6 +113,13 @@
- if (conn->keytab) {
- krb5_kt_close(conn->context, conn->keytab);
- }
-+
-+#ifdef HEIMDAL_KRB5
-+ if (conn->ccache) {
-+ krb5_cc_destroy(conn->context, conn->ccache);
-+ }
-+#endif
-+
- return 0;
- }
-
-@@ -140,14 +158,13 @@
- }
-
- #ifdef HEIMDAL_KRB5
-- /*
-- * Setup krb5_verify_user options
-- *
-- * Not entirely sure this is necessary, but as we use context
-- * to get the cache handle, we probably do have to do this with
-- * the cloned context.
-- */
-- krb5_cc_default(conn->context, &conn->ccache);
-+ ret = krb5_cc_new_unique(conn->context, "MEMORY", NULL, &conn->ccache);
-+ if (ret) {
-+ ERROR("rlm_krb5 (%s): Credential cache creation failed: %s", inst->xlat_name,
-+ rlm_krb5_error(conn->context, ret));
-+
-+ return NULL;
-+ }
-
- krb5_verify_opt_init(&conn->options);
- krb5_verify_opt_set_ccache(&conn->options, conn->ccache);
---- ./src/modules/rlm_krb5/krb5.h.orig 2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/krb5.h 2014-02-05 08:27:14.000000000 -0500
-@@ -15,14 +15,14 @@
- */
-
- /**
-- * $Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $
-+ * $Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $
- * @file krb5.h
- * @brief types and function signatures for rlm_krb5.
- *
- * @copyright 2013 The FreeRADIUS server project
- * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
- */
--RCSIDH(krb5_h, "$Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $")
-+RCSIDH(krb5_h, "$Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $")
-
- #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H)
- # undef KRB5_IS_THREAD_SAFE
-@@ -79,7 +79,7 @@
- * MIT Kerberos uses comm_err, so the macro just expands to a call
- * to error_message.
- */
--#ifndef HEIMDAL_KRB5
-+#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
- # ifdef ET_COMM_ERR
- # include <et/com_err.h>
- # else
---- ./src/modules/rlm_krb5/rlm_krb5.c.orig 2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/rlm_krb5.c 2014-02-05 08:27:14.000000000 -0500
-@@ -15,7 +15,7 @@
- */
-
- /**
-- * $Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $
-+ * $Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $
- * @file rlm_krb5.c
- * @brief Authenticate users, retrieving their TGT from a Kerberos V5 TDC.
- *
-@@ -24,7 +24,7 @@
- * @copyright 2000 Nathan Neulinger <nneul@umr.edu>
- * @copyright 2000 Alan DeKok <aland@ox.org>
- */
--RCSID("$Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $")
-+RCSID("$Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $")
-
- #include <freeradius-devel/radiusd.h>
- #include <freeradius-devel/modules.h>
-@@ -82,15 +82,33 @@
- DEBUG("Using MIT Kerberos library");
- #endif
-
--#ifndef KRB5_IS_THREAD_SAFE
-+
- if (!krb5_is_thread_safe()) {
-- DEBUGI("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled");
-+/*
-+ * rlm_krb5 was built as threadsafe
-+ */
-+#ifdef KRB5_IS_THREAD_SAFE
-+ ERROR("Build time libkrb5 was threadsafe, but run time library claims not to be");
-+ ERROR("Modify runtime linker path (LD_LIBRARY_PATH on most systems), to prefer threadsafe libkrb5");
-+ return -1;
-+/*
-+ * rlm_krb5 was not built as threadsafe
-+ */
-+#else
-+ WDEBUG("libkrb5 is not threadsafe, recompile it with thread support enabled ("
-+# ifdef HEIMDAL_KRB5
-+ "--enable-pthread-support"
-+# else
-+ "--disable-thread-support=no"
-+# endif
-+ ")");
- WDEBUG("rlm_krb5 will run in single threaded mode, performance may be degraded");
- } else {
- WDEBUG("Build time libkrb5 was not threadsafe, but run time library claims to be");
- WDEBUG("Reconfigure and recompile rlm_krb5 to enable thread support");
-- }
- #endif
-+ }
-+
- inst->xlat_name = cf_section_name2(conf);
- if (!inst->xlat_name) {
- inst->xlat_name = cf_section_name1(conf);
-@@ -277,6 +295,40 @@
- return RLM_MODULE_OK;
- }
-
-+/** Log error message and return appropriate rcode
-+ *
-+ * Translate kerberos error codes into return codes.
-+ * @param request Current request.
-+ * @param ret code from kerberos.
-+ * @param conn used in the last operation.
-+ */
-+static rlm_rcode_t krb5_process_error(REQUEST *request, rlm_krb5_handle_t *conn, int ret)
-+{
-+ rad_assert(ret != 0);
-+ rad_assert(conn); /* Silences warnings */
-+
-+ switch (ret) {
-+ case KRB5_LIBOS_BADPWDMATCH:
-+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-+ REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+ return RLM_MODULE_REJECT;
-+
-+ case KRB5KDC_ERR_KEY_EXP:
-+ case KRB5KDC_ERR_CLIENT_REVOKED:
-+ case KRB5KDC_ERR_SERVICE_REVOKED:
-+ REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+ return RLM_MODULE_USERLOCK;
-+
-+ case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-+ RDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+ return RLM_MODULE_NOTFOUND;
-+
-+ default:
-+ REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+ return RLM_MODULE_FAIL;
-+ }
-+}
-+
- #ifdef HEIMDAL_KRB5
-
- /*
-@@ -316,34 +368,10 @@
- */
- ret = krb5_verify_user_opt(conn->context, client, request->password->vp_strvalue, &conn->options);
- if (ret) {
-- switch (ret) {
-- case KRB5_LIBOS_BADPWDMATCH:
-- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-- REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_REJECT;
-- break;
--
-- case KRB5KDC_ERR_KEY_EXP:
-- case KRB5KDC_ERR_CLIENT_REVOKED:
-- case KRB5KDC_ERR_SERVICE_REVOKED:
-- REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_USERLOCK;
-- break;
--
-- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-- RDEBUG("User not found: %s (%i)", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_NOTFOUND;
--
-- default:
-- REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_FAIL;
-- break;
-- }
--
-- goto cleanup;
-+ rcode = krb5_process_error(request, conn, ret);
- }
-
-- cleanup:
-+cleanup:
- if (client) {
- krb5_free_principal(conn->context, client);
- }
-@@ -401,45 +429,20 @@
- * Retrieve the TGT from the TGS/KDC and check we can decrypt it.
- */
- memcpy(&password, &request->password->vp_strvalue, sizeof(password));
-+ RDEBUG("Retrieving and decrypting TGT");
- ret = krb5_get_init_creds_password(conn->context, &init_creds, client, password,
- NULL, NULL, 0, NULL, inst->gic_options);
- if (ret) {
-- error:
-- switch (ret) {
-- case KRB5_LIBOS_BADPWDMATCH:
-- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-- REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_REJECT;
-- break;
--
-- case KRB5KDC_ERR_KEY_EXP:
-- case KRB5KDC_ERR_CLIENT_REVOKED:
-- case KRB5KDC_ERR_SERVICE_REVOKED:
-- REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_USERLOCK;
-- break;
--
-- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-- REDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_NOTFOUND;
-- break;
--
-- default:
-- REDEBUG("Error retrieving or verifying credentials (%i): %s", ret,
-- rlm_krb5_error(conn->context, ret));
-- rcode = RLM_MODULE_FAIL;
-- break;
-- }
--
-- goto cleanup;
-+ rcode = krb5_process_error(request, conn, ret);
- }
-
-- RDEBUG("Successfully retrieved and decrypted TGT");
--
-+ RDEBUG("Attempting to authenticate against service principal");
- ret = krb5_verify_init_creds(conn->context, &init_creds, inst->server, conn->keytab, NULL, inst->vic_options);
-- if (ret) goto error;
-+ if (ret) {
-+ rcode = krb5_process_error(request, conn, ret);
-+ }
-
-- cleanup:
-+cleanup:
- if (client) {
- krb5_free_principal(conn->context, client);
- }
diff --git a/net/freeradius3/files/patch-src__lib__udpfromto.c b/net/freeradius3/files/patch-src__lib__udpfromto.c
new file mode 100644
index 000000000000..f145db90dfdf
--- /dev/null
+++ b/net/freeradius3/files/patch-src__lib__udpfromto.c
@@ -0,0 +1,11 @@
+--- ./src/lib/udpfromto.c.orig 2014-03-21 08:27:25.000000000 -0400
++++ ./src/lib/udpfromto.c 2014-03-29 09:59:57.000000000 -0400
+@@ -316,7 +316,7 @@
+ break;
+
+ case AF_INET6:
+- if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr))) {
++ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) {
+ from = NULL;
+ }
+ break;
diff --git a/net/freeradius3/files/patch-src__lib__valuepair.c b/net/freeradius3/files/patch-src__lib__valuepair.c
new file mode 100644
index 000000000000..45a070df4363
--- /dev/null
+++ b/net/freeradius3/files/patch-src__lib__valuepair.c
@@ -0,0 +1,11 @@
+--- ./src/lib/valuepair.c.orig 2014-03-29 10:01:05.000000000 -0400
++++ ./src/lib/valuepair.c 2014-03-29 10:01:14.000000000 -0400
+@@ -2331,7 +2331,7 @@
+ */
+ int paircmp_op(VALUE_PAIR const *one, FR_TOKEN op, VALUE_PAIR const *two)
+ {
+- int compare;
++ int compare = 0;
+
+ VERIFY_VP(one);
+ VERIFY_VP(two);
diff --git a/net/freeradius3/files/patch-udpfromtofix b/net/freeradius3/files/patch-udpfromtofix
deleted file mode 100644
index 4511fee3c705..000000000000
--- a/net/freeradius3/files/patch-udpfromtofix
+++ /dev/null
@@ -1,61 +0,0 @@
-From d51c75c1ce24dbbb1045b1e72a3c89729ca91016 Mon Sep 17 00:00:00 2001
-From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
-Date: Tue, 28 Jan 2014 14:25:19 +0000
-Subject: [PATCH] Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and
- the socket were using is bound to a specific IP
-
-FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY.
----
- src/lib/udpfromto.c | 31 ++++++++++++++++++++++++++++++-
- 1 file changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/udpfromto.c b/src/lib/udpfromto.c
-index 680e354..b022136 100644
---- src/lib/udpfromto.c
-+++ src/lib/udpfromto.c
-@@ -292,12 +292,41 @@ int sendfromto(int s, void *buf, size_t len, int flags,
- struct iovec iov;
- char cbuf[256];
-
--#if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO)
-+#ifdef __FreeBSD__
-+ /*
-+ * FreeBSD is extra pedantic about the use of IP_SENDSRCADDR,
-+ * and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used
-+ * with a socket which is bound to something other than
-+ * INADDR_ANY
-+ */
-+ struct sockaddr bound;
-+ socklen_t bound_len = sizeof(bound);
-+
-+ if (getsockname(s, &bound, &bound_len) < 0) {
-+ return -1;
-+ }
-+
-+ switch (bound.sa_family) {
-+ case AF_INET:
-+ if (((struct sockaddr_in *) &bound)->sin_addr.s_addr != INADDR_ANY) {
-+ from = NULL;
-+ }
-+ break;
-+
-+ case AF_INET6:
-+ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) {
-+ from = NULL;
-+ }
-+ break;
-+ }
-+#else
-+# if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO)
- /*
- * If the sendmsg() flags aren't defined, fall back to
- * using sendto().
- */
- from = NULL;
-+# endif
- #endif
-
- /*
---
-1.8.5.1
-
diff --git a/net/freeradius3/pkg-plist b/net/freeradius3/pkg-plist
index 90a2f7111b4b..ee4be94e69f5 100644
--- a/net/freeradius3/pkg-plist
+++ b/net/freeradius3/pkg-plist
@@ -218,6 +218,9 @@ bin/smbencrypt
%%LIBDIR%%/rlm_unix.a
%%LIBDIR%%/rlm_unix.la
%%LIBDIR%%/rlm_unix.so
+%%LIBDIR%%/rlm_unpack.a
+%%LIBDIR%%/rlm_unpack.la
+%%LIBDIR%%/rlm_unpack.so
%%LIBDIR%%/rlm_utf8.a
%%LIBDIR%%/rlm_utf8.la
%%LIBDIR%%/rlm_utf8.so
@@ -398,6 +401,7 @@ include/freeradius/udpfromto.h
%%DATADIR%%/dictionary.3gpp2
%%DATADIR%%/dictionary.acc
%%DATADIR%%/dictionary.acme
+%%DATADIR%%/dictionary.actelis
%%DATADIR%%/dictionary.aerohive
%%DATADIR%%/dictionary.airespace
%%DATADIR%%/dictionary.alcatel
@@ -419,6 +423,7 @@ include/freeradius/udpfromto.h
%%DATADIR%%/dictionary.audiocodes
%%DATADIR%%/dictionary.bay
%%DATADIR%%/dictionary.bintec
+%%DATADIR%%/dictionary.bluecoat
%%DATADIR%%/dictionary.bristol
%%DATADIR%%/dictionary.broadsoft
%%DATADIR%%/dictionary.bskyb
@@ -447,6 +452,7 @@ include/freeradius/udpfromto.h
%%DATADIR%%/dictionary.ericsson
%%DATADIR%%/dictionary.erx
%%DATADIR%%/dictionary.extreme
+%%DATADIR%%/dictionary.equallogic
%%DATADIR%%/dictionary.f5
%%DATADIR%%/dictionary.fdxtended
%%DATADIR%%/dictionary.fortinet
@@ -602,12 +608,15 @@ include/freeradius/udpfromto.h
%%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/queries.conf
%%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/schema.sql
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/queries.conf
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/schema.sql
-%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/msqlippool.txt
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/queries.conf
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/schema.sql
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/procedures.sql
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/queries.conf
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/schema.sql
%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/sqlite/queries.conf
@@ -721,6 +730,7 @@ include/freeradius/udpfromto.h
%%EXAMPLESDIR%%/raddb/mods-available/ntlm_auth
%%EXAMPLESDIR%%/raddb/mods-available/realm
%%EXAMPLESDIR%%/raddb/mods-available/unix
+%%EXAMPLESDIR%%/raddb/mods-available/unpack
%%EXAMPLESDIR%%/raddb/mods-available/cui
%%EXAMPLESDIR%%/raddb/mods-available/idn
%%EXAMPLESDIR%%/raddb/mods-available/expiration
@@ -752,6 +762,7 @@ include/freeradius/udpfromto.h
%%EXAMPLESDIR%%/raddb/mods-enabled/soh
%%EXAMPLESDIR%%/raddb/mods-enabled/sradutmp
%%EXAMPLESDIR%%/raddb/mods-enabled/unix
+%%EXAMPLESDIR%%/raddb/mods-enabled/unpack
%%EXAMPLESDIR%%/raddb/mods-enabled/utf8
%%EXAMPLESDIR%%/raddb/policy.d/accounting
%%EXAMPLESDIR%%/raddb/policy.d/canonicalization
@@ -791,6 +802,7 @@ include/freeradius/udpfromto.h
%%EXAMPLESDIR%%/raddb/dictionary
%%EXAMPLESDIR%%/raddb/templates.conf
%%EXAMPLESDIR%%/raddb/experimental.conf
+%%EXAMPLESDIR%%/raddb/panic.gdb
%%EXAMPLESDIR%%/raddb/proxy.conf
%%EXAMPLESDIR%%/raddb/radiusd.conf
%%EXAMPLESDIR%%/raddb/huntgroups
@@ -818,6 +830,7 @@ include/freeradius/udpfromto.h
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql
+@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite
@@ -829,7 +842,6 @@ include/freeradius/udpfromto.h
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter/sqlite
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql
-@dirrm %%EXAMPLESDIR%%/raddb/mods-config/python
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/preprocess
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/perl
@dirrm %%EXAMPLESDIR%%/raddb/mods-config/files