diff options
author | zi <zi@FreeBSD.org> | 2014-03-29 23:36:20 +0800 |
---|---|---|
committer | zi <zi@FreeBSD.org> | 2014-03-29 23:36:20 +0800 |
commit | 926d36a1bdbc37c04228f0731254866c24e0a366 (patch) | |
tree | 0bf03231301941610a4f887d9b4a4d6ab0193620 /net | |
parent | f26b92546b3370297e095ac82630b198e145cd77 (diff) | |
download | freebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.tar.gz freebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.tar.zst freebsd-ports-gnome-926d36a1bdbc37c04228f0731254866c24e0a366.zip |
- Update to 3.0.2
Diffstat (limited to 'net')
-rw-r--r-- | net/freeradius3/Makefile | 24 | ||||
-rw-r--r-- | net/freeradius3/distinfo | 4 | ||||
-rw-r--r-- | net/freeradius3/files/dictionary.cisco.asa | 369 | ||||
-rw-r--r-- | net/freeradius3/files/patch-rlm_krb5 | 1083 | ||||
-rw-r--r-- | net/freeradius3/files/patch-src__lib__udpfromto.c | 11 | ||||
-rw-r--r-- | net/freeradius3/files/patch-src__lib__valuepair.c | 11 | ||||
-rw-r--r-- | net/freeradius3/files/patch-udpfromtofix | 61 | ||||
-rw-r--r-- | net/freeradius3/pkg-plist | 16 |
8 files changed, 49 insertions, 1530 deletions
diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index 4b3e860a5207..c47afeca1663 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= freeradius -DISTVERSION= 3.0.1 -PORTREVISION= 2 +DISTVERSION= 3.0.2 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ @@ -18,8 +17,8 @@ COMMENT= A free RADIUS server implementation LICENSE= GPLv2 -LIB_DEPENDS= gdbm:${PORTSDIR}/databases/gdbm \ - talloc:${PORTSDIR}/devel/talloc +LIB_DEPENDS= libgdbm.so:${PORTSDIR}/databases/gdbm \ + libtalloc.so:${PORTSDIR}/devel/talloc LOGDIR?= /var/log KRB5_CONFIG?= /usr/bin/krb5-config --libs @@ -84,11 +83,11 @@ ${UNIQUENAME}_SET+= KERBEROS .if ${PORT_OPTIONS:MKERBEROS} .if ${PORT_OPTIONS:MHEIMDAL} .if ${PORT_OPTIONS:MHEIMDAL_PORT} -LIB_DEPENDS+= krb5:${PORTSDIR}/security/heimdal +LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/heimdal .endif CONFIGURE_ARGS+=--enable-heimdal-krb5 --enable-pthread-support .else -LIB_DEPENDS+= krb5:${PORTSDIR}/security/krb5 +LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/krb5 .endif CONFIGURE_ARGS+=--with-rlm_krb5 .if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) @@ -147,7 +146,7 @@ PLIST_SUB+= PGSQL="@comment " .if ${PORT_OPTIONS:MUNIXODBC} CONFIGURE_ARGS+=--with-rlm_sql_unixodbc PLIST_SUB+= UNIXODBC="" -LIB_DEPENDS+= odbc:${PORTSDIR}/databases/unixODBC +LIB_DEPENDS+= libodbc.so:${PORTSDIR}/databases/unixODBC .else CONFIGURE_ARGS+=--without-rlm_sql_unixodbc PLIST_SUB+= UNIXODBC="@comment " @@ -202,7 +201,7 @@ EXPM= yes .endif .if ${PORT_OPTIONS:MREDIS} -LIB_DEPENDS+= hiredis:${PORTSDIR}/databases/hiredis +LIB_DEPENDS+= libhiredis.so:${PORTSDIR}/databases/hiredis CONFIGURE_ARGS+=--with-rlm_redis --with-rlm_rediswho PLIST_SUB+= RLMREDIS="" .else @@ -217,8 +216,8 @@ EXPM= yes .if ${PORT_OPTIONS:MREST} IGNORE= requires devel/json-c to be updated to 0.11 to build with RESTful support -LIB_DEPENDS+= json:${PORTSDIR}/devel/json-c \ - curl:${PORTSDIR}/ftp/curl +LIB_DEPENDS+= libjson.so:${PORTSDIR}/devel/json-c \ + libcurl.so:${PORTSDIR}/ftp/curl CONFIGURE_ARGS+=--with-rlm_rest \ --with-libcurl=${LOCALBASE} \ --with-jsonc-lib-dir=${LOCALBASE}/lib \ @@ -235,7 +234,7 @@ EXPM= yes .endif .if ${PORT_OPTIONS:MFREETDS} -LIB_DEPENDS+= tds:${PORTSDIR}/databases/freetds +LIB_DEPENDS+= libtds.so:${PORTSDIR}/databases/freetds CONFIGURE_ARGS+=--with-rlm_freetds PLIST_SUB+= RLMFREETDS="" .else @@ -249,7 +248,7 @@ EXPM= yes .endif .if ${PORT_OPTIONS:MIDN} -LIB_DEPENDS+= idn:${PORTSDIR}/dns/libidn +LIB_DEPENDS+= libidn.so:${PORTSDIR}/dns/libidn CONFIGURE_ARGS+=--with-rlm_idn PLIST_SUB+= RLMIDN="" .else @@ -395,7 +394,6 @@ pre-install: PRE-INSTALL post-install: - @${INSTALL_DATA} ${FILESDIR}/dictionary.cisco.asa ${DATADIR} # If ${PREFIX}/etc/raddb isn't a directory (or a symlink), make a copy # of ${EXAMPLESDIR}/raddb as ${PREFIX}/etc/raddb, then bootstrap the # certificates diff --git a/net/freeradius3/distinfo b/net/freeradius3/distinfo index a52bbe998abd..7192053fc2fd 100644 --- a/net/freeradius3/distinfo +++ b/net/freeradius3/distinfo @@ -1,2 +1,2 @@ -SHA256 (freeradius-server-3.0.1.tar.bz2) = bde926077fa520c71d2861cd1cc9abf5a3ce866e05f35ed5188a057c37fc002d -SIZE (freeradius-server-3.0.1.tar.bz2) = 2635534 +SHA256 (freeradius-server-3.0.2.tar.bz2) = 20dc8d1ca9de9ed70ff63369aeec9100ca0ed9630d9d42f707bc3293cd259329 +SIZE (freeradius-server-3.0.2.tar.bz2) = 2657652 diff --git a/net/freeradius3/files/dictionary.cisco.asa b/net/freeradius3/files/dictionary.cisco.asa deleted file mode 100644 index 493179a693b0..000000000000 --- a/net/freeradius3/files/dictionary.cisco.asa +++ /dev/null @@ -1,369 +0,0 @@ -# -*- text -*- -# Copyright (C) 2013 The FreeRADIUS Server project and contributors -# -# Cisco Adaptative Security Appliance (ASA) Dictionary -# -# http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ref_extserver.html#wp1802187 -# -# $Id$ -# - -VENDOR Cisco-ASA 3076 - -BEGIN-VENDOR Cisco-ASA - -ATTRIBUTE ASA-Simultaneous-Logins 2 integer -ATTRIBUTE ASA-Primary-DNS 5 string -ATTRIBUTE ASA-Secondary-DNS 6 string -ATTRIBUTE ASA-Primary-WINS 7 string -ATTRIBUTE ASA-Secondary-WINS 8 string -ATTRIBUTE ASA-SEP-Card-Assignment 9 integer -ATTRIBUTE ASA-Tunneling-Protocols 11 integer -ATTRIBUTE ASA-IPsec-Sec-Association 12 string -ATTRIBUTE ASA-IPsec-Authentication 13 integer -ATTRIBUTE ASA-Banner1 15 string -ATTRIBUTE ASA-IPsec-Allow-Passwd-Store 16 integer -ATTRIBUTE ASA-Use-Client-Address 17 integer -ATTRIBUTE ASA-PPTP-Encryption 20 integer -ATTRIBUTE ASA-L2TP-Encryption 21 integer -ATTRIBUTE ASA-Group-Policy 25 string -ATTRIBUTE ASA-IPsec-Split-Tunnel-List 27 string -ATTRIBUTE ASA-IPsec-Default-Domain 28 string -ATTRIBUTE ASA-IPsec-Split-DNS-Names 29 string -ATTRIBUTE ASA-IPsec-Tunnel-Type 30 integer -ATTRIBUTE ASA-IPsec-Mode-Config 31 integer -ATTRIBUTE ASA-IPsec-Over-UDP 34 integer -ATTRIBUTE ASA-IPsec-Over-UDP-Port 35 integer -ATTRIBUTE ASA-Banner2 36 string -ATTRIBUTE ASA-PPTP-MPPC-Compression 37 integer -ATTRIBUTE ASA-L2TP-MPPC-Compression 38 integer -ATTRIBUTE ASA-IPsec-IP-Compression 39 integer -ATTRIBUTE ASA-IPsec-IKE-Peer-ID-Check 40 integer -ATTRIBUTE ASA-IKE-Keep-Alives 41 integer -ATTRIBUTE ASA-IPsec-Auth-On-Rekey 42 integer -ATTRIBUTE ASA-Required-Client-Firewall-Vendor-Code 45 integer -ATTRIBUTE ASA-Required-Client-Firewall-Product-Code 46 integer -ATTRIBUTE ASA-Required-Client-Firewall-Description 47 string -ATTRIBUTE ASA-Require-HW-Client-Auth 48 integer -ATTRIBUTE ASA-Required-Individual-User-Auth 49 integer -ATTRIBUTE ASA-Authenticated-User-Idle-Timeout 50 integer -ATTRIBUTE ASA-Cisco-IP-Phone-Bypass 51 integer -ATTRIBUTE ASA-IPsec-Split-Tunneling-Policy 55 integer -ATTRIBUTE ASA-IPsec-Required-Client-Firewall-Capability 56 integer -ATTRIBUTE ASA-IPsec-Client-Firewall-Filter-Name 57 string -ATTRIBUTE ASA-IPsec-Client-Firewall-Filter-Optional 58 integer -ATTRIBUTE ASA-IPsec-Backup-Servers 59 integer -ATTRIBUTE ASA-IPsec-Backup-Server-List 60 string -ATTRIBUTE ASA-DHCP-Network-Scope 61 string -ATTRIBUTE ASA-Intercept-DHCP-Configure-Msg 62 integer -ATTRIBUTE ASA-MS-Client-Subnet-Mask 63 integer -ATTRIBUTE ASA-Allow-Network-Extension-Mode 64 integer -ATTRIBUTE ASA-Authorization-Type 65 integer -ATTRIBUTE ASA-Authorization-Required 66 integer -ATTRIBUTE ASA-Authorization-DN-Field 67 string -ATTRIBUTE ASA-Authorization-DN-Field 67 string -ATTRIBUTE ASA-IKE-KeepAlive-Confidence-Interval 68 integer -ATTRIBUTE ASA-WebVPN-Content-Filter-Parameters 69 integer -ATTRIBUTE ASA-WebVPN-HTML-Filter 69 integer -ATTRIBUTE ASA-WebVPN-URL-List 71 string -ATTRIBUTE ASA-WebVPN-Port-Forwarding-List 72 string -ATTRIBUTE ASA-WebVPN-Access-List 73 string -ATTRIBUTE ASA-WebVPNACL 73 string -ATTRIBUTE ASA-WebVPN-HTTP-Proxy-IP-Address 74 string -ATTRIBUTE ASA-Cisco-LEAP-Bypass 75 integer -ATTRIBUTE ASA-WebVPN-Default-Homepage 76 string -ATTRIBUTE ASA-Client-Type-Version-Limiting 77 string -ATTRIBUTE ASA-WebVPN-Group-based-HTTP/HTTPS-Proxy-Exception-List 78 string -ATTRIBUTE ASA-WebVPN-Port-Forwarding-Name 79 string -ATTRIBUTE ASA-IE-Proxy-Server 80 string -ATTRIBUTE ASA-IE-Proxy-Server-Policy 81 integer -ATTRIBUTE ASA-IE-Proxy-Exception-List 82 string -ATTRIBUTE ASA-IE-Proxy-Bypass-Local 83 integer -ATTRIBUTE ASA-IKE-Keepalive-Retry-Interval 84 integer -ATTRIBUTE ASA-Tunnel-Group-Lock 85 string -ATTRIBUTE ASA-Access-List-Inbound 86 string -ATTRIBUTE ASA-Access-List-Outbound 87 string -ATTRIBUTE ASA-Perfect-Forward-Secrecy-Enable 88 integer -ATTRIBUTE ASA-NAC-Enable 89 integer -ATTRIBUTE ASA-NAC-Status-Query-Timer 90 integer -ATTRIBUTE ASA-NAC-Revalidation-Timer 91 integer -ATTRIBUTE ASA-NAC-Default-ACL 92 string -ATTRIBUTE ASA-WebVPN-URL-Entry-Enable 93 integer -ATTRIBUTE ASA-WebVPN-File-Access-Enable 94 integer -ATTRIBUTE ASA-WebVPN-File-Server-Entry-Enable 95 integer -ATTRIBUTE ASA-WebVPN-File-Server-Browsing-Enable 96 integer -ATTRIBUTE ASA-WebVPN-Port-Forwarding-Enable 97 integer -ATTRIBUTE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable 98 integer -ATTRIBUTE ASA-WebVPN-Port-Forwarding-HTTP-Proxy 99 integer -ATTRIBUTE ASA-WebVPN-Citrix-Metaframe-Enable 101 integer -ATTRIBUTE ASA-WebVPN-Apply-ACL 102 integer -ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Enable 103 integer -ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Required 104 integer -ATTRIBUTE ASA-WebVPN-SSL-VPN-Client-Keep-Installation 105 integer -ATTRIBUTE ASA-SVC-Keepalive 107 integer -ATTRIBUTE ASA-WebVPN-SVC-Keepalive-Frequency 107 integer -ATTRIBUTE ASA-SVC-DPD-Interval-Client 108 integer -ATTRIBUTE ASA-WebVPN-SVC-Client-DPD-Frequency 108 integer -ATTRIBUTE ASA-SVC-DPD-Interval-Gateway 109 integer -ATTRIBUTE ASA-WebVPN-SVC-Gateway-DPD-Frequency 109 integer -ATTRIBUTE ASA-SVC-Rekey-Time 110 integer -ATTRIBUTE ASA-WebVPN-SVC-Rekey-Time 110 integer -ATTRIBUTE ASA-WebVPN-SVC-Rekey-Method 111 integer -ATTRIBUTE ASA-WebVPN-SVC-Compression 112 integer -ATTRIBUTE ASA-WebVPN-Customization 113 string -ATTRIBUTE ASA-WebVPN-SSO-Server-Name 114 string -ATTRIBUTE ASA-WebVPN-Deny-Message 116 string -ATTRIBUTE ASA-WebVPN-HTTP-Compression 120 integer -ATTRIBUTE ASA-WebVPN-Keepalive-Ignore 121 integer -ATTRIBUTE ASA-Extended-Authentication-On-Rekey 122 integer -ATTRIBUTE ASA-SVC-DTLS 123 integer -ATTRIBUTE ASA-WebVPN-SVC-DTLS-Enable 123 integer -ATTRIBUTE ASA-WebVPN-Auto-HTTP-Signon 124 string -ATTRIBUTE ASA-SVC-MTU 125 integer -ATTRIBUTE ASA-WebVPN-SVC-DTLS-MTU 125 integer -ATTRIBUTE ASA-WebVPN-Hidden-Shares 126 integer -ATTRIBUTE ASA-SVC-Modules 127 string -ATTRIBUTE ASA-SVC-Profiles 128 string -ATTRIBUTE ASA-SVC-Ask 131 integer -ATTRIBUTE ASA-SVC-Ask-Timeout 132 integer -ATTRIBUTE ASA-IE-Proxy-PAC-URL 133 string -ATTRIBUTE ASA-Strip-Realm 135 integer -ATTRIBUTE ASA-Smart-Tunnel 136 string -ATTRIBUTE ASA-WebVPN-Smart-Tunnel 136 string -ATTRIBUTE ASA-WebVPN-ActiveX-Relay 137 integer -ATTRIBUTE ASA-Smart-Tunnel-Auto 138 integer -ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Auto-Start 138 integer -ATTRIBUTE ASA-Smart-Tunnel-Auto-Signon-Enable 139 string -ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Auto-Sign-On 139 string -ATTRIBUTE ASA-VLAN 140 integer -ATTRIBUTE ASA-NAC-Settings 141 string -ATTRIBUTE ASA-Member-Of 145 string -ATTRIBUTE ASA-TunnelGroupName 146 string -ATTRIBUTE ASA-WebVPN-Idle-Timeout-Alert-Interval 148 integer -ATTRIBUTE ASA-WebVPN-Session-Timeout-Alert-Interval 149 integer -ATTRIBUTE ASA-ClientType 150 integer -ATTRIBUTE ASA-SessionType 151 integer -ATTRIBUTE ASA-SessionSubtype 152 integer -ATTRIBUTE ASA-WebVPN-Download_Max-Size 157 integer -ATTRIBUTE ASA-WebVPN-Upload-Max-Size 158 integer -ATTRIBUTE ASA-WebVPN-Post-Max-Size 159 integer -ATTRIBUTE ASA-WebVPN-User-Storage 160 string -ATTRIBUTE ASA-WebVPN-Storage-Objects 161 string -ATTRIBUTE ASA-WebVPN-Storage-Key 162 string -ATTRIBUTE ASA-WebVPN-VDI 163 string -ATTRIBUTE ASA-Address-Pools 217 string -ATTRIBUTE ASA-IPv6-Address-Pools 218 string -ATTRIBUTE ASA-IPv6-VPN-Filter 219 string -ATTRIBUTE ASA-Privilege-Level 220 integer -ATTRIBUTE ASA-WebVPN-UNIX-User-ID 221 integer -ATTRIBUTE ASA-WebVPN-UNIX-Group-ID 222 integer -ATTRIBUTE ASA-WebVPN-Macro-Substitution-Value1 223 string -ATTRIBUTE ASA-WebVPN-Macro-Substitution-Value2 224 string -ATTRIBUTE ASA-WebVPNSmart-Card-Removal-Disconnect 225 integer -ATTRIBUTE ASA-WebVPN-Smart-Tunnel-Tunnel-Policy 227 string -ATTRIBUTE ASA-WebVPN-Home-Page-Use-Smart-Tunnel 228 integer - -VALUE ASA-Authorization-Required No 0 -VALUE ASA-Authorization-Required Yes 1 - -VALUE ASA-Authorization-Type None 0 -VALUE ASA-Authorization-Type Radius 1 -VALUE ASA-Authorization-Type LDAP 2 - -VALUE ASA-Cisco-IP-Phone-Bypass Disabled 0 -VALUE ASA-Cisco-IP-Phone-Bypass Enabled 1 - -VALUE ASA-Cisco-LEAP-Bypass Disabled 0 -VALUE ASA-Cisco-LEAP-Bypass Enabled 1 - -VALUE ASA-ClientType Cisco-VPN-Client-IKEv1 1 -VALUE ASA-ClientType AnyConnect-Client-SSL-VPN 2 -VALUE ASA-ClientType Clientless-SSL-VPN 3 -VALUE ASA-ClientType Cut-Through-Proxy 4 -VALUE ASA-ClientType L2TP/IPsec-SSL-VPN 5 -VALUE ASA-ClientType AnyConnect-Client-IPSec-VPN-IKEv2 6 - -VALUE ASA-Extended-Authentication-On-Rekey Disabled 0 -VALUE ASA-Extended-Authentication-On-Rekey Enabled 1 - -VALUE ASA-IE-Proxy-Bypass-Local None 0 -VALUE ASA-IE-Proxy-Bypass-Local Local 1 - -VALUE ASA-IE-Proxy-Server-Policy No-Modify 1 -VALUE ASA-IE-Proxy-Server-Policy No-Proxy 2 -VALUE ASA-IE-Proxy-Server-Policy Auto-detect 3 -VALUE ASA-IE-Proxy-Server-Policy Use-Concentrator-Setting 4 - -VALUE ASA-IKE-Keep-Alives Disabled 0 -VALUE ASA-IKE-Keep-Alives Enabled 1 - -VALUE ASA-Allow-Network-Extension-Mode Disabled 0 -VALUE ASA-Allow-Network-Extension-Mode Enabled 1 - -VALUE ASA-Intercept-DHCP-Configure-Msg Disabled 0 -VALUE ASA-Intercept-DHCP-Configure-Msg Enabled 1 - -VALUE ASA-IPsec-Allow-Passwd-Store Disabled 0 -VALUE ASA-IPsec-Allow-Passwd-Store Enabled 1 - -VALUE ASA-IPsec-Authentication None 0 -VALUE ASA-IPsec-Authentication RADIUS 1 -VALUE ASA-IPsec-Authentication LDAP-Authorization-only 2 -VALUE ASA-IPsec-Authentication NT-Domain 3 -VALUE ASA-IPsec-Authentication SDI 4 -VALUE ASA-IPsec-Authentication Internal 5 -VALUE ASA-IPsec-Authentication RADIUS-with-Expiry 6 -VALUE ASA-IPsec-Authentication Kerberos/Active-Directory 7 - -VALUE ASA-IPsec-Auth-On-Rekey Disabled 0 -VALUE ASA-IPsec-Auth-On-Rekey Enabled 1 - -VALUE ASA-IPsec-Backup-Servers Use-Client-Configured-List 1 -VALUE ASA-IPsec-Backup-Servers Disable-and-clear-client-list 2 -VALUE ASA-IPsec-Backup-Servers Use-Backup-Server-List 3 - -VALUE ASA-IPsec-Client-Firewall-Filter-Optional Required 0 -VALUE ASA-IPsec-Client-Firewall-Filter-Optional Optional 1 - -VALUE ASA-IPsec-IKE-Peer-ID-Check Required 1 -VALUE ASA-IPsec-IKE-Peer-ID-Check If-Supported-By-Peer-Certificate 2 -VALUE ASA-IPsec-IKE-Peer-ID-Check Do-Not-Check 3 - -VALUE ASA-IPsec-IP-Compression Disabled 0 -VALUE ASA-IPsec-IP-Compression Enabled 1 - -VALUE ASA-IPsec-Mode-Config Disabled 0 -VALUE ASA-IPsec-Mode-Config Enabled 1 - -VALUE ASA-IPsec-Over-UDP Disabled 0 -VALUE ASA-IPsec-Over-UDP Enabled 1 - -VALUE ASA-IPsec-Required-Client-Firewall-Capability None 0 -VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-Remotely-Defined 1 -VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-Pushed 2 -VALUE ASA-IPsec-Required-Client-Firewall-Capability Policy-from-Server 4 - -VALUE ASA-IPsec-Split-Tunneling-Policy No-Split-Tunneling 0 -VALUE ASA-IPsec-Split-Tunneling-Policy Split-Tunneling 1 -VALUE ASA-IPsec-Split-Tunneling-Policy Local-LAN-Permitted 2 - -VALUE ASA-IPsec-Tunnel-Type LAN-to-LAN 1 -VALUE ASA-IPsec-Tunnel-Type Remote-Access 2 - -VALUE ASA-L2TP-MPPC-Compression Disabled 0 -VALUE ASA-L2TP-MPPC-Compression Enabled 1 - -VALUE ASA-NAC-Enable No 0 -VALUE ASA-NAC-Enable Yes 1 - -VALUE ASA-Perfect-Forward-Secrecy-Enable No 0 -VALUE ASA-Perfect-Forward-Secrecy-Enable Yes 1 - -VALUE ASA-PPTP-MPPC-Compression Disabled 0 -VALUE ASA-PPTP-MPPC-Compression Enabled 1 - -VALUE ASA-Required-Client-Firewall-Vendor-Code Cisco-CIC 1 -VALUE ASA-Required-Client-Firewall-Vendor-Code Zone-Labs 2 -VALUE ASA-Required-Client-Firewall-Vendor-Code NetworkICE 3 -VALUE ASA-Required-Client-Firewall-Vendor-Code Sygate 4 -VALUE ASA-Required-Client-Firewall-Vendor-Code Cisco-IPSA 5 - -VALUE ASA-Required-Individual-User-Auth Disabled 0 -VALUE ASA-Required-Individual-User-Auth Enabled 1 - -VALUE ASA-Require-HW-Client-Auth Disabled 0 -VALUE ASA-Require-HW-Client-Auth Enabled 1 - -VALUE ASA-SessionSubtype None 0 -VALUE ASA-SessionSubtype Clientless 1 -VALUE ASA-SessionSubtype Client 2 -VALUE ASA-SessionSubtype Client-Only 3 - -VALUE ASA-SessionType None 0 -VALUE ASA-SessionType AnyConnect-Client-SSL-VPN 1 -VALUE ASA-SessionType AnyConnect-Client-IPSec-VPN/IKEv2 2 -VALUE ASA-SessionType Clientless-SSL-VPN 3 -VALUE ASA-SessionType Clientless-Email-Proxy 4 -VALUE ASA-SessionType Cisco-VPN-Client/IKEv1 5 -VALUE ASA-SessionType IKEv1-LAN-to-LAN 6 -VALUE ASA-SessionType IKEv2-LAN-to-LAN 7 -VALUE ASA-SessionType VPN-Load-Balancing 8 - -VALUE ASA-Smart-Tunnel-Auto Disabled 0 -VALUE ASA-Smart-Tunnel-Auto Enabled 1 -VALUE ASA-Smart-Tunnel-Auto AutoStart 2 - -VALUE ASA-Strip-Realm Disabled 0 -VALUE ASA-Strip-Realm Enabled 1 - -VALUE ASA-SVC-Ask Disabled 0 -VALUE ASA-SVC-Ask Enabled 1 -VALUE ASA-SVC-Ask Enable-Default-Service 3 -VALUE ASA-SVC-Ask Enable-Default-Clientless 5 - -VALUE ASA-SVC-DTLS FALSE 0 -VALUE ASA-SVC-DTLS TRUE 1 - -VALUE ASA-Use-Client-Address Disabled 0 -VALUE ASA-Use-Client-Address Enabled 1 - -VALUE ASA-WebVPN-Apply-ACL Disabled 0 -VALUE ASA-WebVPN-Apply-ACL Enabled 1 - -VALUE ASA-WebVPN-Citrix-Metaframe-Enable Disabled 0 -VALUE ASA-WebVPN-Citrix-Metaframe-Enable Enabled 1 - -VALUE ASA-WebVPN-File-Access-Enable Disabled 0 -VALUE ASA-WebVPN-File-Access-Enable Enabled 1 - -VALUE ASA-WebVPN-File-Server-Browsing-Enable Disabled 0 -VALUE ASA-WebVPN-File-Server-Browsing-Enable Enabled 1 - -VALUE ASA-WebVPN-File-Server-Entry-Enable Disabled 0 -VALUE ASA-WebVPN-File-Server-Entry-Enable Enabled 1 - -VALUE ASA-WebVPN-Hidden-Shares None 0 -VALUE ASA-WebVPN-Hidden-Shares Visible 1 - -VALUE ASA-WebVPN-HTTP-Compression Off 0 -VALUE ASA-WebVPN-HTTP-Compression Deflate-Compression 1 - -VALUE ASA-WebVPN-Port-Forwarding-Enable Disabled 0 -VALUE ASA-WebVPN-Port-Forwarding-Enable Enabled 1 - -VALUE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Disabled 0 -VALUE ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Enabled 1 - -VALUE ASA-WebVPN-Port-Forwarding-HTTP-Proxy Disabled 0 -VALUE ASA-WebVPN-Port-Forwarding-HTTP-Proxy Enabled 1 - -VALUE ASA-WebVPNSmart-Card-Removal-Disconnect Disabled 0 -VALUE ASA-WebVPNSmart-Card-Removal-Disconnect Enabled 1 - -VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start Disabled 0 -VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start Enabled 1 -VALUE ASA-WebVPN-Smart-Tunnel-Auto-Start AutoStart 2 - -VALUE ASA-WebVPN-SSL-VPN-Client-Enable Disabled 0 -VALUE ASA-WebVPN-SSL-VPN-Client-Enable Enabled 1 - -VALUE ASA-WebVPN-SSL-VPN-Client-Keep-Installation Disabled 0 -VALUE ASA-WebVPN-SSL-VPN-Client-Keep-Installation Enabled 1 - -VALUE ASA-WebVPN-SSL-VPN-Client-Required Disabled 0 -VALUE ASA-WebVPN-SSL-VPN-Client-Required Enabled 1 - -VALUE ASA-WebVPN-SVC-DTLS-Enable Disabled 0 -VALUE ASA-WebVPN-SVC-DTLS-Enable Enabled 1 - -VALUE ASA-WebVPN-SVC-Rekey-Method Off 0 -VALUE ASA-WebVPN-SVC-Rekey-Method SSL 1 -VALUE ASA-WebVPN-SVC-Rekey-Method New-Tunnel 2 - -VALUE ASA-WebVPN-SVC-Compression Off 0 -VALUE ASA-WebVPN-SVC-Compression Deflate-Compression 1 - -VALUE ASA-WebVPN-URL-Entry-Enable Disabled 0 -VALUE ASA-WebVPN-URL-Entry-Enable Enabled 1 - -END-VENDOR Cisco-ASA diff --git a/net/freeradius3/files/patch-rlm_krb5 b/net/freeradius3/files/patch-rlm_krb5 deleted file mode 100644 index ee61b51122e4..000000000000 --- a/net/freeradius3/files/patch-rlm_krb5 +++ /dev/null @@ -1,1083 +0,0 @@ ---- ./src/modules/rlm_krb5/configure.orig 2014-01-13 20:13:56.000000000 -0500 -+++ ./src/modules/rlm_krb5/configure 2014-02-05 08:27:14.000000000 -0500 -@@ -1468,6 +1468,73 @@ - - } # ac_fn_c_try_link - -+# ac_fn_c_check_func LINENO FUNC VAR -+# ---------------------------------- -+# Tests whether FUNC exists, setting the cache variable VAR accordingly -+ac_fn_c_check_func () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -+$as_echo_n "checking for $2... " >&6; } -+if eval \${$3+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+/* Define $2 to an innocuous variant, in case <limits.h> declares $2. -+ For example, HP-UX 11i <limits.h> declares gettimeofday. */ -+#define $2 innocuous_$2 -+ -+/* System header to define __stub macros and hopefully few prototypes, -+ which can conflict with char $2 (); below. -+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since -+ <limits.h> exists even on freestanding compilers. */ -+ -+#ifdef __STDC__ -+# include <limits.h> -+#else -+# include <assert.h> -+#endif -+ -+#undef $2 -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char $2 (); -+/* The GNU C library defines this for functions which it implements -+ to always fail with ENOSYS. Some functions are actually named -+ something starting with __ and the normal name is an alias. */ -+#if defined __stub_$2 || defined __stub___$2 -+choke me -+#endif -+ -+int -+main () -+{ -+return $2 (); -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ eval "$3=yes" -+else -+ eval "$3=no" -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+fi -+eval ac_res=\$$3 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -+ -+} # ac_fn_c_check_func -+ - # ac_fn_c_try_run LINENO - # ---------------------- - # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -@@ -2856,10 +2923,10 @@ - if test "$krb5_config" != 'not-found'; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5 - $as_echo_n "checking krb5-config CFLAGS... " >&6; } -- SMART_CFLAGS=$($krb5_config --cflags) -- SMART_CFLAGS=$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g') -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5 --$as_echo "${SMART_CFLAGS}" >&6; } -+ SMART_CPPFLAGS=$($krb5_config --cflags) -+ SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g') -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5 -+$as_echo "\"$SMART_CPPFLAGS\"" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5 - $as_echo_n "checking krb5-config LDFLAGS... " >&6; } -@@ -2900,7 +2967,7 @@ - - - ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'` --old_CFLAGS="$CFLAGS" -+old_CPPFLAGS="$CPPFLAGS" - smart_include= - smart_include_dir= - -@@ -2908,7 +2975,7 @@ - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 - $as_echo_n "checking for krb5.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -2937,7 +3004,7 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" = "x"; then -@@ -3003,7 +3070,7 @@ - for try in $smart_include_dir /usr/local/include /opt/include; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 - $as_echo_n "checking for krb5.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -3032,13 +3099,13 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" != "x"; then - eval "ac_cv_header_$ac_safe=yes" -- CFLAGS="$old_CFLAGS $smart_include" -- SMART_CFLAGS="$SMART_CFLAGS $smart_include" -+ CPPFLAGS="$smart_include $old_CPPFLAGS" -+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" - fi - - if test "$ac_cv_header_krb5_h" != "yes"; then -@@ -3053,14 +3120,17 @@ - sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 - $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } -- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lk5crypto $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_encrypt_data(); -@@ -3074,7 +3144,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" -+ smart_lib="-lk5crypto" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3087,6 +3158,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -3178,7 +3250,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 - $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } -- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lk5crypto $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_encrypt_data(); -@@ -3192,7 +3265,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" -+ smart_lib="-lk5crypto" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3205,12 +3279,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then -@@ -3224,14 +3299,17 @@ - sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 - $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } -- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lcrypto $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char DH_new(); -@@ -3245,7 +3323,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" -+ smart_lib="-lcrypto" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3258,6 +3337,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -3349,7 +3429,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 - $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } -- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lcrypto $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char DH_new(); -@@ -3363,7 +3444,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" -+ smart_lib="-lcrypto" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3376,12 +3458,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_crypto_DH_new" = xyes; then -@@ -3400,14 +3483,17 @@ - sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 - $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } -- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lcom_err $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char set_com_err_hook(); -@@ -3421,7 +3507,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" -+ smart_lib="-lcom_err" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3434,6 +3521,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -3525,7 +3613,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 - $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } -- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lcom_err $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char set_com_err_hook(); -@@ -3539,7 +3628,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" -+ smart_lib="-lcom_err" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3552,12 +3642,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then -@@ -3571,14 +3662,17 @@ - sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_verify_user_opt(); -@@ -3592,7 +3686,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3605,6 +3700,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -3696,7 +3792,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_verify_user_opt(); -@@ -3710,7 +3807,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3723,12 +3821,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then -@@ -3742,14 +3841,17 @@ - sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_get_init_creds_password(); -@@ -3763,7 +3865,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3776,6 +3879,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -3867,7 +3971,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_get_init_creds_password(); -@@ -3881,7 +3986,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3894,12 +4000,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then -@@ -3910,7 +4017,29 @@ - fi - - LDFLAGS="${LDFLAGS} ${SMART_LIBS}" -- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" -+ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" -+ -+ for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message -+do : -+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -+if eval test \"x\$"$as_ac_var"\" = x"yes"; then : -+ cat >>confdefs.h <<_ACEOF -+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -+_ACEOF -+ -+fi -+done -+ -+ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" -+ fi -+ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" -+ fi -+ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" -+ fi - - if test "$krb5threadsafe" != "no"; then - krb5threadsafe= -@@ -3921,14 +4050,17 @@ - sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'` - - old_LIBS="$LIBS" -+old_CPPFLAGS="$CPPFLAGS" - smart_lib= -+smart_ldflags= - smart_lib_dir= - - if test "x$smart_try_dir" != "x"; then - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_is_thread_safe(); -@@ -3942,7 +4074,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -3955,6 +4088,7 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" = "x"; then -@@ -4046,7 +4180,8 @@ - for try in $smart_lib_dir /usr/local/lib /opt/lib; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 - $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } -- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" -+ LIBS="-lkrb5 $old_LIBS" -+ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - extern char krb5_is_thread_safe(); -@@ -4060,7 +4195,8 @@ - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : - -- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" -+ smart_lib="-lkrb5" -+ smart_ldflags="-L$try -Wl,-rpath,$try" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } - break -@@ -4073,12 +4209,13 @@ - conftest$ac_exeext conftest.$ac_ext - done - LIBS="$old_LIBS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_lib" != "x"; then - eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_lib $old_LIBS" -- SMART_LIBS="$smart_lib $SMART_LIBS" -+ LIBS="$smart_ldflags $smart_lib $old_LIBS" -+ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" - fi - - if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then -@@ -4118,7 +4255,7 @@ - - - ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'` --old_CFLAGS="$CFLAGS" -+old_CPPFLAGS="$CPPFLAGS" - smart_include= - smart_include_dir= - -@@ -4126,7 +4263,7 @@ - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 - $as_echo_n "checking for com_err.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -4155,7 +4292,7 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" = "x"; then -@@ -4221,7 +4358,7 @@ - for try in $smart_include_dir /usr/local/include /opt/include; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 - $as_echo_n "checking for com_err.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -4250,20 +4387,20 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" != "x"; then - eval "ac_cv_header_$ac_safe=yes" -- CFLAGS="$old_CFLAGS $smart_include" -- SMART_CFLAGS="$SMART_CFLAGS $smart_include" -+ CPPFLAGS="$smart_include $old_CPPFLAGS" -+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" - fi - - if test "$ac_cv_header_com_err_h" != "yes"; then - - - ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'` --old_CFLAGS="$CFLAGS" -+old_CPPFLAGS="$CPPFLAGS" - smart_include= - smart_include_dir= - -@@ -4271,7 +4408,7 @@ - for try in $smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 - $as_echo_n "checking for et/com_err.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -4300,7 +4437,7 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" = "x"; then -@@ -4366,7 +4503,7 @@ - for try in $smart_include_dir /usr/local/include /opt/include; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 - $as_echo_n "checking for et/com_err.h in $try... " >&6; } -- CFLAGS="$old_CFLAGS -isystem $try" -+ CPPFLAGS="-isystem $try $old_CPPFLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -4395,13 +4532,13 @@ - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -- CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - fi - - if test "x$smart_include" != "x"; then - eval "ac_cv_header_$ac_safe=yes" -- CFLAGS="$old_CFLAGS $smart_include" -- SMART_CFLAGS="$SMART_CFLAGS $smart_include" -+ CPPFLAGS="$smart_include $old_CPPFLAGS" -+ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" - fi - - if test "$ac_cv_header_et_com_err_h" != "yes"; then -@@ -4431,8 +4568,8 @@ - fi - fi - --mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" --mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" -+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" -+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" - - - ---- ./src/modules/rlm_krb5/configure.ac.orig 2014-01-13 20:13:56.000000000 -0500 -+++ ./src/modules/rlm_krb5/configure.ac 2014-02-05 08:27:14.000000000 -0500 -@@ -31,9 +31,9 @@ - dnl # - if test "$krb5_config" != 'not-found'; then - AC_MSG_CHECKING([krb5-config CFLAGS]) -- SMART_CFLAGS=$($krb5_config --cflags) -- SMART_CFLAGS=[$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')] -- AC_MSG_RESULT(${SMART_CFLAGS}) -+ SMART_CPPFLAGS=$($krb5_config --cflags) -+ SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')] -+ AC_MSG_RESULT("$SMART_CPPFLAGS") - - AC_MSG_CHECKING([krb5-config LDFLAGS]) - SMART_LIBS=$($krb5_config --libs) -@@ -111,7 +111,21 @@ - dnl # Need to ensure the test program(s) link against the right library - dnl # - LDFLAGS="${LDFLAGS} ${SMART_LIBS}" -- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" -+ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" -+ -+ dnl # -+ dnl # Check how to free things returned by krb5_get_error_message -+ dnl # -+ AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message]) -+ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" -+ fi -+ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" -+ fi -+ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then -+ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" -+ fi - - dnl # - dnl # Only check if version checks have not found kerberos to be thread unsafe -@@ -160,8 +174,8 @@ - fi - fi - --mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" --mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" -+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" -+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" - - AC_SUBST(mod_ldflags) - AC_SUBST(mod_cflags) ---- ./src/modules/rlm_krb5/krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 -+++ ./src/modules/rlm_krb5/krb5.c 2014-02-05 08:27:22.000000000 -0500 -@@ -15,19 +15,19 @@ - */ - - /** -- * $Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $ -+ * $Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $ - * @file krb5.h - * @brief Context management functions for rlm_krb5 - * - * @copyright 2013 The FreeRADIUS server project - * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org> - */ --RCSID("$Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $") -+RCSID("$Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $") - - #include <freeradius-devel/radiusd.h> - #include "krb5.h" - --#ifdef HEIMDAL_KRB5 -+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE - # define KRB5_STRERROR_BUFSIZE (2048) - - fr_thread_local_setup(char *, krb5_error_buffer) /* macro */ -@@ -60,7 +60,7 @@ - - ret = fr_thread_local_set(krb5_error_buffer, buffer); - if (ret != 0) { -- ERROR("Failed setting up TLS for krb5 error buffer: %s", fr_syserror(ret)); -+ ERROR("Failed setting up TLS for krb5 error buffer: %s", strerror(ret)); - free(buffer); - return NULL; - } -@@ -69,7 +69,18 @@ - msg = krb5_get_error_message(context, code); - if (msg) { - strlcpy(buffer, msg, KRB5_STRERROR_BUFSIZE); -+#ifdef HAVE_KRB5_FREE_ERROR_MESSAGE - krb5_free_error_message(context, msg); -+#elif defined(HAVE_KRB5_FREE_ERROR_STRING) -+ { -+ char *free; -+ -+ memcpy(&free, &msg, sizeof(free)); -+ krb5_free_error_string(context, free); -+ } -+#else -+# error "No way to free error strings, missing krb5_free_error_message() and krb5_free_error_string()" -+#endif - } else { - strlcpy(buffer, "Unknown error", KRB5_STRERROR_BUFSIZE); - } -@@ -102,6 +113,13 @@ - if (conn->keytab) { - krb5_kt_close(conn->context, conn->keytab); - } -+ -+#ifdef HEIMDAL_KRB5 -+ if (conn->ccache) { -+ krb5_cc_destroy(conn->context, conn->ccache); -+ } -+#endif -+ - return 0; - } - -@@ -140,14 +158,13 @@ - } - - #ifdef HEIMDAL_KRB5 -- /* -- * Setup krb5_verify_user options -- * -- * Not entirely sure this is necessary, but as we use context -- * to get the cache handle, we probably do have to do this with -- * the cloned context. -- */ -- krb5_cc_default(conn->context, &conn->ccache); -+ ret = krb5_cc_new_unique(conn->context, "MEMORY", NULL, &conn->ccache); -+ if (ret) { -+ ERROR("rlm_krb5 (%s): Credential cache creation failed: %s", inst->xlat_name, -+ rlm_krb5_error(conn->context, ret)); -+ -+ return NULL; -+ } - - krb5_verify_opt_init(&conn->options); - krb5_verify_opt_set_ccache(&conn->options, conn->ccache); ---- ./src/modules/rlm_krb5/krb5.h.orig 2014-01-13 20:13:56.000000000 -0500 -+++ ./src/modules/rlm_krb5/krb5.h 2014-02-05 08:27:14.000000000 -0500 -@@ -15,14 +15,14 @@ - */ - - /** -- * $Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $ -+ * $Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $ - * @file krb5.h - * @brief types and function signatures for rlm_krb5. - * - * @copyright 2013 The FreeRADIUS server project - * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org> - */ --RCSIDH(krb5_h, "$Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $") -+RCSIDH(krb5_h, "$Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $") - - #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H) - # undef KRB5_IS_THREAD_SAFE -@@ -79,7 +79,7 @@ - * MIT Kerberos uses comm_err, so the macro just expands to a call - * to error_message. - */ --#ifndef HEIMDAL_KRB5 -+#ifndef HAVE_KRB5_GET_ERROR_MESSAGE - # ifdef ET_COMM_ERR - # include <et/com_err.h> - # else ---- ./src/modules/rlm_krb5/rlm_krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 -+++ ./src/modules/rlm_krb5/rlm_krb5.c 2014-02-05 08:27:14.000000000 -0500 -@@ -15,7 +15,7 @@ - */ - - /** -- * $Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $ -+ * $Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $ - * @file rlm_krb5.c - * @brief Authenticate users, retrieving their TGT from a Kerberos V5 TDC. - * -@@ -24,7 +24,7 @@ - * @copyright 2000 Nathan Neulinger <nneul@umr.edu> - * @copyright 2000 Alan DeKok <aland@ox.org> - */ --RCSID("$Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $") -+RCSID("$Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $") - - #include <freeradius-devel/radiusd.h> - #include <freeradius-devel/modules.h> -@@ -82,15 +82,33 @@ - DEBUG("Using MIT Kerberos library"); - #endif - --#ifndef KRB5_IS_THREAD_SAFE -+ - if (!krb5_is_thread_safe()) { -- DEBUGI("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled"); -+/* -+ * rlm_krb5 was built as threadsafe -+ */ -+#ifdef KRB5_IS_THREAD_SAFE -+ ERROR("Build time libkrb5 was threadsafe, but run time library claims not to be"); -+ ERROR("Modify runtime linker path (LD_LIBRARY_PATH on most systems), to prefer threadsafe libkrb5"); -+ return -1; -+/* -+ * rlm_krb5 was not built as threadsafe -+ */ -+#else -+ WDEBUG("libkrb5 is not threadsafe, recompile it with thread support enabled (" -+# ifdef HEIMDAL_KRB5 -+ "--enable-pthread-support" -+# else -+ "--disable-thread-support=no" -+# endif -+ ")"); - WDEBUG("rlm_krb5 will run in single threaded mode, performance may be degraded"); - } else { - WDEBUG("Build time libkrb5 was not threadsafe, but run time library claims to be"); - WDEBUG("Reconfigure and recompile rlm_krb5 to enable thread support"); -- } - #endif -+ } -+ - inst->xlat_name = cf_section_name2(conf); - if (!inst->xlat_name) { - inst->xlat_name = cf_section_name1(conf); -@@ -277,6 +295,40 @@ - return RLM_MODULE_OK; - } - -+/** Log error message and return appropriate rcode -+ * -+ * Translate kerberos error codes into return codes. -+ * @param request Current request. -+ * @param ret code from kerberos. -+ * @param conn used in the last operation. -+ */ -+static rlm_rcode_t krb5_process_error(REQUEST *request, rlm_krb5_handle_t *conn, int ret) -+{ -+ rad_assert(ret != 0); -+ rad_assert(conn); /* Silences warnings */ -+ -+ switch (ret) { -+ case KRB5_LIBOS_BADPWDMATCH: -+ case KRB5KRB_AP_ERR_BAD_INTEGRITY: -+ REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -+ return RLM_MODULE_REJECT; -+ -+ case KRB5KDC_ERR_KEY_EXP: -+ case KRB5KDC_ERR_CLIENT_REVOKED: -+ case KRB5KDC_ERR_SERVICE_REVOKED: -+ REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -+ return RLM_MODULE_USERLOCK; -+ -+ case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: -+ RDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -+ return RLM_MODULE_NOTFOUND; -+ -+ default: -+ REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -+ return RLM_MODULE_FAIL; -+ } -+} -+ - #ifdef HEIMDAL_KRB5 - - /* -@@ -316,34 +368,10 @@ - */ - ret = krb5_verify_user_opt(conn->context, client, request->password->vp_strvalue, &conn->options); - if (ret) { -- switch (ret) { -- case KRB5_LIBOS_BADPWDMATCH: -- case KRB5KRB_AP_ERR_BAD_INTEGRITY: -- REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_REJECT; -- break; -- -- case KRB5KDC_ERR_KEY_EXP: -- case KRB5KDC_ERR_CLIENT_REVOKED: -- case KRB5KDC_ERR_SERVICE_REVOKED: -- REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_USERLOCK; -- break; -- -- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: -- RDEBUG("User not found: %s (%i)", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_NOTFOUND; -- -- default: -- REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_FAIL; -- break; -- } -- -- goto cleanup; -+ rcode = krb5_process_error(request, conn, ret); - } - -- cleanup: -+cleanup: - if (client) { - krb5_free_principal(conn->context, client); - } -@@ -401,45 +429,20 @@ - * Retrieve the TGT from the TGS/KDC and check we can decrypt it. - */ - memcpy(&password, &request->password->vp_strvalue, sizeof(password)); -+ RDEBUG("Retrieving and decrypting TGT"); - ret = krb5_get_init_creds_password(conn->context, &init_creds, client, password, - NULL, NULL, 0, NULL, inst->gic_options); - if (ret) { -- error: -- switch (ret) { -- case KRB5_LIBOS_BADPWDMATCH: -- case KRB5KRB_AP_ERR_BAD_INTEGRITY: -- REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_REJECT; -- break; -- -- case KRB5KDC_ERR_KEY_EXP: -- case KRB5KDC_ERR_CLIENT_REVOKED: -- case KRB5KDC_ERR_SERVICE_REVOKED: -- REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_USERLOCK; -- break; -- -- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: -- REDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_NOTFOUND; -- break; -- -- default: -- REDEBUG("Error retrieving or verifying credentials (%i): %s", ret, -- rlm_krb5_error(conn->context, ret)); -- rcode = RLM_MODULE_FAIL; -- break; -- } -- -- goto cleanup; -+ rcode = krb5_process_error(request, conn, ret); - } - -- RDEBUG("Successfully retrieved and decrypted TGT"); -- -+ RDEBUG("Attempting to authenticate against service principal"); - ret = krb5_verify_init_creds(conn->context, &init_creds, inst->server, conn->keytab, NULL, inst->vic_options); -- if (ret) goto error; -+ if (ret) { -+ rcode = krb5_process_error(request, conn, ret); -+ } - -- cleanup: -+cleanup: - if (client) { - krb5_free_principal(conn->context, client); - } diff --git a/net/freeradius3/files/patch-src__lib__udpfromto.c b/net/freeradius3/files/patch-src__lib__udpfromto.c new file mode 100644 index 000000000000..f145db90dfdf --- /dev/null +++ b/net/freeradius3/files/patch-src__lib__udpfromto.c @@ -0,0 +1,11 @@ +--- ./src/lib/udpfromto.c.orig 2014-03-21 08:27:25.000000000 -0400 ++++ ./src/lib/udpfromto.c 2014-03-29 09:59:57.000000000 -0400 +@@ -316,7 +316,7 @@ + break; + + case AF_INET6: +- if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr))) { ++ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) { + from = NULL; + } + break; diff --git a/net/freeradius3/files/patch-src__lib__valuepair.c b/net/freeradius3/files/patch-src__lib__valuepair.c new file mode 100644 index 000000000000..45a070df4363 --- /dev/null +++ b/net/freeradius3/files/patch-src__lib__valuepair.c @@ -0,0 +1,11 @@ +--- ./src/lib/valuepair.c.orig 2014-03-29 10:01:05.000000000 -0400 ++++ ./src/lib/valuepair.c 2014-03-29 10:01:14.000000000 -0400 +@@ -2331,7 +2331,7 @@ + */ + int paircmp_op(VALUE_PAIR const *one, FR_TOKEN op, VALUE_PAIR const *two) + { +- int compare; ++ int compare = 0; + + VERIFY_VP(one); + VERIFY_VP(two); diff --git a/net/freeradius3/files/patch-udpfromtofix b/net/freeradius3/files/patch-udpfromtofix deleted file mode 100644 index 4511fee3c705..000000000000 --- a/net/freeradius3/files/patch-udpfromtofix +++ /dev/null @@ -1,61 +0,0 @@ -From d51c75c1ce24dbbb1045b1e72a3c89729ca91016 Mon Sep 17 00:00:00 2001 -From: Arran Cudbard-Bell <a.cudbardb@freeradius.org> -Date: Tue, 28 Jan 2014 14:25:19 +0000 -Subject: [PATCH] Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and - the socket were using is bound to a specific IP - -FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY. ---- - src/lib/udpfromto.c | 31 ++++++++++++++++++++++++++++++- - 1 file changed, 30 insertions(+), 1 deletion(-) - -diff --git a/src/lib/udpfromto.c b/src/lib/udpfromto.c -index 680e354..b022136 100644 ---- src/lib/udpfromto.c -+++ src/lib/udpfromto.c -@@ -292,12 +292,41 @@ int sendfromto(int s, void *buf, size_t len, int flags, - struct iovec iov; - char cbuf[256]; - --#if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) -+#ifdef __FreeBSD__ -+ /* -+ * FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, -+ * and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used -+ * with a socket which is bound to something other than -+ * INADDR_ANY -+ */ -+ struct sockaddr bound; -+ socklen_t bound_len = sizeof(bound); -+ -+ if (getsockname(s, &bound, &bound_len) < 0) { -+ return -1; -+ } -+ -+ switch (bound.sa_family) { -+ case AF_INET: -+ if (((struct sockaddr_in *) &bound)->sin_addr.s_addr != INADDR_ANY) { -+ from = NULL; -+ } -+ break; -+ -+ case AF_INET6: -+ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) { -+ from = NULL; -+ } -+ break; -+ } -+#else -+# if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) - /* - * If the sendmsg() flags aren't defined, fall back to - * using sendto(). - */ - from = NULL; -+# endif - #endif - - /* --- -1.8.5.1 - diff --git a/net/freeradius3/pkg-plist b/net/freeradius3/pkg-plist index 90a2f7111b4b..ee4be94e69f5 100644 --- a/net/freeradius3/pkg-plist +++ b/net/freeradius3/pkg-plist @@ -218,6 +218,9 @@ bin/smbencrypt %%LIBDIR%%/rlm_unix.a %%LIBDIR%%/rlm_unix.la %%LIBDIR%%/rlm_unix.so +%%LIBDIR%%/rlm_unpack.a +%%LIBDIR%%/rlm_unpack.la +%%LIBDIR%%/rlm_unpack.so %%LIBDIR%%/rlm_utf8.a %%LIBDIR%%/rlm_utf8.la %%LIBDIR%%/rlm_utf8.so @@ -398,6 +401,7 @@ include/freeradius/udpfromto.h %%DATADIR%%/dictionary.3gpp2 %%DATADIR%%/dictionary.acc %%DATADIR%%/dictionary.acme +%%DATADIR%%/dictionary.actelis %%DATADIR%%/dictionary.aerohive %%DATADIR%%/dictionary.airespace %%DATADIR%%/dictionary.alcatel @@ -419,6 +423,7 @@ include/freeradius/udpfromto.h %%DATADIR%%/dictionary.audiocodes %%DATADIR%%/dictionary.bay %%DATADIR%%/dictionary.bintec +%%DATADIR%%/dictionary.bluecoat %%DATADIR%%/dictionary.bristol %%DATADIR%%/dictionary.broadsoft %%DATADIR%%/dictionary.bskyb @@ -447,6 +452,7 @@ include/freeradius/udpfromto.h %%DATADIR%%/dictionary.ericsson %%DATADIR%%/dictionary.erx %%DATADIR%%/dictionary.extreme +%%DATADIR%%/dictionary.equallogic %%DATADIR%%/dictionary.f5 %%DATADIR%%/dictionary.fdxtended %%DATADIR%%/dictionary.fortinet @@ -602,12 +608,15 @@ include/freeradius/udpfromto.h %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/queries.conf %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/schema.sql %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf +%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf +%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf +%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/queries.conf %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/schema.sql -%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/msqlippool.txt %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/queries.conf %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/schema.sql +%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/procedures.sql %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/queries.conf %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/schema.sql %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/sqlite/queries.conf @@ -721,6 +730,7 @@ include/freeradius/udpfromto.h %%EXAMPLESDIR%%/raddb/mods-available/ntlm_auth %%EXAMPLESDIR%%/raddb/mods-available/realm %%EXAMPLESDIR%%/raddb/mods-available/unix +%%EXAMPLESDIR%%/raddb/mods-available/unpack %%EXAMPLESDIR%%/raddb/mods-available/cui %%EXAMPLESDIR%%/raddb/mods-available/idn %%EXAMPLESDIR%%/raddb/mods-available/expiration @@ -752,6 +762,7 @@ include/freeradius/udpfromto.h %%EXAMPLESDIR%%/raddb/mods-enabled/soh %%EXAMPLESDIR%%/raddb/mods-enabled/sradutmp %%EXAMPLESDIR%%/raddb/mods-enabled/unix +%%EXAMPLESDIR%%/raddb/mods-enabled/unpack %%EXAMPLESDIR%%/raddb/mods-enabled/utf8 %%EXAMPLESDIR%%/raddb/policy.d/accounting %%EXAMPLESDIR%%/raddb/policy.d/canonicalization @@ -791,6 +802,7 @@ include/freeradius/udpfromto.h %%EXAMPLESDIR%%/raddb/dictionary %%EXAMPLESDIR%%/raddb/templates.conf %%EXAMPLESDIR%%/raddb/experimental.conf +%%EXAMPLESDIR%%/raddb/panic.gdb %%EXAMPLESDIR%%/raddb/proxy.conf %%EXAMPLESDIR%%/raddb/radiusd.conf %%EXAMPLESDIR%%/raddb/huntgroups @@ -818,6 +830,7 @@ include/freeradius/udpfromto.h @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql +@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite @@ -829,7 +842,6 @@ include/freeradius/udpfromto.h @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter/sqlite @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql -@dirrm %%EXAMPLESDIR%%/raddb/mods-config/python @dirrm %%EXAMPLESDIR%%/raddb/mods-config/preprocess @dirrm %%EXAMPLESDIR%%/raddb/mods-config/perl @dirrm %%EXAMPLESDIR%%/raddb/mods-config/files |