- Update to 2.0.3

- Create own user and group
- Fix and update patches

PR:		ports/122097
Submitted by:	David Wood <david@wood2.org.uk> (maintainer)

net/freeradius2/Makefile

@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	freeradius
-DISTVERSION=	2.0.1
+DISTVERSION=	2.0.3
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
 		ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -40,7 +40,8 @@ CFLAGS+=	-I${LOCALBASE}/include -L${LOCALBASE}/lib
 
 PLIST_SUB=	PORTVERSION=${DISTVERSION}
 
-OPTIONS=	KERBEROS	"With Kerberos support" off \
+OPTIONS=	USER		"Run as user freeradius, group freeradius" on \
+		KERBEROS	"With Kerberos support" off \
 		HEIMDAL		"With Heimdal Kerberos support" off \
 		LDAP		"With LDAP database support" off \
 		MYSQL		"With MySQL database support" off \
@@ -54,6 +55,10 @@ OPTIONS=	KERBEROS	"With Kerberos support" off \
 # Default requirements for rc script
 _REQUIRE=	NETWORKING SERVERS
 
+# User and group to use if USER is set
+USER=	freeradius
+GROUP=	freeradius
+
 CONFIGURE_ARGS=	--quiet \
 		--prefix=${PREFIX} \
 		--localstatedir=/var \
@@ -80,6 +85,7 @@ CONFIGURE_ARGS+=--with-rlm-python-lib-dir=${PYTHON_LIBDIR} \
 		--without-rlm_sql_db2 \
 		--without-rlm_sql_iodbc \
 		--without-rlm_sql_oracle \
+		--without-rlm_sql_sqlite \
 		--without-rlm_sql_sybase \
 		--without-rlm_sql_unixodbc \
 		--with-vmps
@@ -88,6 +94,41 @@ CONFIGURE_ARGS+=--with-rlm-python-lib-dir=${PYTHON_LIBDIR} \
 CONFIGURE_ARGS+=	--with-pic
 .endif
 
+# Credentials for WITH_USER are RADIUS_USER, RADIUS_UID, RADIUS_GECOS,
+# RADIUS_HOME, RADIUS_SHELL, RADIUS_GROUP and RADIUS_GID.
+
+# Parse ${PORTSDIR}/UIDs and GIDs for the defaults
+USER!=	${GREP} -E '^${USER}:' ${PORTSDIR}/UIDs | \
+		${SED} -Ee 's/^([^:]*):([^:]*):([^:]*):([^:]*):([^:]*):([^:]*):([^:]*)$$/USER="\1" UID="\3" GECOS="\5" HOME="\6" SHELL="\7"/'
+GROUP!=	${GREP} -E '^${GROUP}:' ${PORTSDIR}/GIDs | \
+		${SED} -Ee 's/^([^:]*):([^:]*):([^:]*):$$/GROUP="\1" GID="\3"/'
+
+# Apply the defaults where necessary
+RADIUS_USER?=	${USER:MUSER*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_UID?=	${USER:MUID*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_GECOS?=	${USER:MGECOS*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_HOME?=	${USER:MHOME*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_SHELL?=	${USER:MSHELL*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_GROUP?=	${GROUP:MGROUP*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+RADIUS_GID?=	${GROUP:MGID*:C/^[^=]*=\"([^\"]*)\"$/\1/}
+
+SUB_LIST+=	USER="${RADIUS_USER}" \
+		UID="${RADIUS_UID}" \
+		GECOS="${RADIUS_GECOS}" \
+		HOME="${RADIUS_HOME}" \
+		SHELL="${RADIUS_SHELL}" \
+		GROUP="${RADIUS_GROUP}" \
+		GID="${RADIUS_GID}" \
+		RADDB_WORK="${WRKSRC}/raddb" \
+		RADDB="${PREFIX}/etc/raddb" \
+		LOGDIR="${LOGDIR}"
+SUB_FILES+=	pkg-install pkg-deinstall
+.ifdef(WITH_USER)
+SUB_LIST+=	RUN_AS_USER="yes"
+.else
+SUB_LIST+=	RUN_AS_USER="no"
+.endif
+
 .if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS)
 WITH_KERBEROS=	yes
 .endif
@@ -226,6 +267,11 @@ pre-configure:
 		&& ${AUTOCONF} -I ${WRKSRC}
 	@cd ${WRKSRC}/src/modules/rlm_python && ${AUTOCONF} -I ${WRKSRC}
 
+pre-install:
+# Run pkg-install PRE-INSTALL
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \
+		PRE-INSTALL
+
 post-install:
 # Create (if necessary) ${PREFIX}/etc/raddb and subdirectories using
 # ${EXAMPLESDIR}/raddb as the model layout
@@ -247,5 +293,8 @@ post-install:
 # Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx
 # (FreeRADIUS will probably complain if this is not done)
 	@${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb
+# Run pkg-install POST-INSTALL
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \
+		POST-INSTALL
 
 .include <bsd.port.post.mk>

net/freeradius2/distinfo

@@ -1,3 +1,3 @@
-MD5 (freeradius-server-2.0.1.tar.bz2) = 670810d0ee7e80999fcd753cfdcecdb4
-SHA256 (freeradius-server-2.0.1.tar.bz2) = d5e1cd96762cc2091d64198bc50d03690f94dfd4d96b36a042dda1490b8143df
-SIZE (freeradius-server-2.0.1.tar.bz2) = 2270018
+MD5 (freeradius-server-2.0.3.tar.bz2) = 3cd647f40880dee8693f2e74ab5416e9
+SHA256 (freeradius-server-2.0.3.tar.bz2) = 3184e9be6d88df3cdf72a08a7e00222c17bc360289ecf14219df9c81d68d7f79
+SIZE (freeradius-server-2.0.3.tar.bz2) = 2298963

net/freeradius2/files/patch-pthread

@@ -108,9 +108,9 @@
      fi
  
      if test "x$mysql_with_threads" = "xyes"; then
---- src/modules/rlm_python/configure.in	Thu May 15 15:52:02 2003
-+++ src/modules/rlm_python/configure.in	Thu Aug  2 12:43:47 2007
-@@ -84,6 +84,44 @@
+--- src/modules/rlm_python/configure.in	Mon May 14 23:27:21 2007
++++ src/modules/rlm_python/configure.in	Tue Mar 18 13:52:32 2008
+@@ -85,6 +85,34 @@
  		FR_SMART_CHECK_LIB(python${PY_VERSION}, Py_Initialize)
  		LIBS=$old_LIBS
  
@@ -118,10 +118,7 @@
 +dnl # in case libpython is threaded
 +
 +		if test "x$smart_lib" = "x"; then
-+		    AC_MSG_NOTICE([Checking to see if libpython may be threaded.])
-+		    dnl pthread stuff is usually in -lpthread
-+		    dnl or in -lc_r, on *BSD
-+		    dnl FreeBSD uses -pthread
++		    AC_MSG_NOTICE([Checking to see if libpython needs -pthread.])
 +		    libpython_with_threads="yes"
 +		    case "$host" in
 +		    *-freebsd*)
@@ -133,13 +130,6 @@
 +		        fi
 +		    ;;
 +		    *)
-+		        AC_CHECK_LIB(pthread, pthread_create,
-+				     [ LIBS="-lpthread $LIBS" ],
-+				     AC_CHECK_LIB(c_r, pthread_create,
-+					          [ LIBS="-lc_r $LIBS" ],
-+					          [ libpython_with_threads="no" ]
-+					          )
-+				     )
 +		    ;;
 +		    esac
 +

net/freeradius2/files/patch-sites-available

@@ -0,0 +1,31 @@
+--- raddb/Makefile	Tue Feb 26 09:32:29 2008
++++ raddb/Makefile	Tue Mar 18 13:13:41 2008
+@@ -1,7 +1,7 @@
+ #
+ # Makefile
+ #
+-# Version:      $Id: Makefile,v 1.37 2008/02/26 09:32:29 aland Exp $
++# Version:      $Id: Makefile,v 1.38 2008/03/18 06:33:03 aland Exp $
+ #
+ 
+ include ../Make.inc
+@@ -13,9 +13,7 @@
+ 	attrs.pre-proxy clients.conf dictionary eap.conf templates.conf	\
+ 	experimental.conf hints huntgroups ldap.attrmap otp.conf	\
+ 	policy.txt preproxy_users proxy.conf radiusd.conf		\
+-	snmp.conf sql.conf sqlippool.conf users	policy.conf	\
+-	sites-available/default sites-available/example \
+-	sites-available/README
++	snmp.conf sql.conf sqlippool.conf users	policy.conf
+ 
+ #
+ #	This target is here for local debugging
+@@ -33,7 +31,7 @@
+ 	$(INSTALL) -d -m 750	$(R)$(raddbdir)/sites-available
+ 	$(INSTALL) -d -m 750	$(R)$(raddbdir)/sites-enabled
+ 	@echo "Creating/updating files in $(R)$(raddbdir)"; \
+-	for i in $(FILES); do \
++	for i in $(FILES) `ls sites-available/* | sed 's/CVS//'`; do \
+ 		[ ! -f $(R)$(raddbdir)/$$i ] && $(INSTALL) -m 640 $$i $(R)$(raddbdir)/$$i; \
+ 		if [ "`find $$i -newer $(R)$(raddbdir)/$$i`" ]; then \
+ 			echo "** $(R)$(raddbdir)/$$i"; \

net/freeradius2/files/pkg-deinstall.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+# $FreeBSD$
+
+if [ %%RUN_AS_USER%% != "yes" ]; then exit 0; fi
+
+case $2 in
+    POST-DEINSTALL)
+	cat <<EOMSG
+
+If you are not upgrading and don't intend to use
+FreeRADIUS any more then you may wish to delete
+the %%GROUP%% group, which can be done with the
+following command:
+
+    # pw groupdel %%GROUP%%
+
+You may also wish to delete the %%USER%% user,
+which can be done with the following command:
+
+    # pw userdel %%USER%%
+EOMSG
+        ;;
+esac
+
+
+# Emacs variables
+
+# Local Variables:
+# mode: sh
+# sh-basic-offset: 4
+# sh-indent-comment: nil
+# End:

net/freeradius2/files/pkg-install.in

@@ -0,0 +1,158 @@
+#!/bin/sh
+# $FreeBSD$
+
+PATH=/usr/sbin:/usr/bin:/bin ; export PATH
+
+radius_user="%%USER%%"
+radius_uid="%%UID%%"
+radius_gecos="%%GECOS%%"
+radius_home="%%HOME%%"
+radius_shell="%%SHELL%%"
+
+radius_group="%%GROUP%%"
+radius_gid="%%GID%%"
+
+radius_raddb_work="%%RADDB_WORK%%"
+radius_raddb="%%RADDB%%"
+radius_logdir="%%LOGDIR%%"
+
+radius_run_as_user="%%RUN_AS_USER%%"
+
+
+create_group() {
+    local user uid group gid gecos home shell
+
+    user=$1
+    uid=$2
+    group=$3
+    gid=$4
+    gecos=$5
+    home=$6
+    shell=$7
+
+
+    if pw group show -n $group >/dev/null 2>&1 ; then
+        echo "===> Using existing group $group"
+    else
+        if pw groupadd -n $group -g $gid ; then
+            echo "===> Created group $group"
+        else
+            cat <<-EOERRORMSG
+*** Failed to create group $group.
+
+Please add user $user and group $group
+manually with the following commands:
+
+    pw groupadd -n $group -g $gid
+    pw useradd -n $user -u $uid -g $group -c "$gecos" \\
+        -d $home -s $shell -h -
+
+and retry installing this package.
+EOERRORMSG
+            exit 1
+        fi
+    fi
+
+}
+
+
+create_user() {
+    local user uid group gid gecos home shell
+
+    user=$1
+    uid=$2
+    group=$3
+    gid=$4
+    gecos=$5
+    home=$6
+    shell=$7
+
+    if pw user show -n $user >/dev/null 2>&1 ; then
+        echo "===> Using existing user $user"
+    else
+        if pw useradd -n $user -u $uid -g $group -c "$gecos" \
+            -d $home -s $shell -h - ; then
+            echo "===> Created user $user"
+        else
+            cat <<-EOERRORMSG
+*** Failed to create user $user.
+
+Please add user $user manually with the following command:
+
+    pw useradd -n $user -u $uid -g $group -c "$gecos" \\
+       -d $home -s $shell -h -
+
+and retry installing this package.
+EOERRORMSG
+            exit 1
+        fi
+    fi
+}
+
+
+if [ ${radius_run_as_user} != "yes" ]; then exit 0; fi
+
+case $2 in
+    PRE-INSTALL)
+        # Create the radius user and group if they do not already exist
+        create_group $radius_user $radius_uid $radius_group $radius_gid \
+                     "$radius_gecos" $radius_home $radius_shell
+        create_user  $radius_user $radius_uid $radius_group $radius_gid \
+                     "$radius_gecos" $radius_home $radius_shell
+
+        # Fix the user and group in raddb/radiusd.conf
+	echo "===> Setting user and group in radiusd.conf"
+	for file in ${radius_raddb_work}/radiusd.conf ${radius_raddb}/radiusd.conf; do
+	    if [ -f ${file} ]; then
+		if ! sed -Ee "s/^[[:space:]#](user[[:space:]]*=[[:space:]]*).*$/\1${radius_user}/" \
+		    -e "s/^[[:space:]#](group[[:space:]]*=[[:space:]]*).*$/\1${radius_group}/" \
+		    -i .orig ${file}; then
+		    echo "Failed to patch ${file}."
+		    exit 1
+		fi
+		if [ -f ${file}.orig ]; then
+                    if ! rm ${file}.orig; then
+			echo "Failed to delete backup file ${file}.orig."
+			exit 1
+		    fi
+                fi
+	    fi
+	done
+
+        ;;
+
+    POST-INSTALL)
+        # Change ownership of directories
+	for dir in $radius_raddb $radius_logdir/radacct \
+	    /var/run/radiusd ; do
+	    if [ -d $dir ] || [ -L $dir ]; then
+		echo "===> Adjusting ownership of directory ${dir}"
+		if ! chown -HR $radius_user:$radius_group $dir; then
+		    echo "Failed to adjust ownership of ${dir}."
+		    exit 1
+		fi
+	    fi
+	done
+
+	for file in $radius_logdir/radius.log $radius_logdir/radutmp \
+	    $radius_logdir/radwtmp; do
+	    if [ -f $file ]; then
+		echo "===> Adjusting ownership of ${file}"
+		if ! chown $radius_user:$radius_group $file; then
+		    echo "Failed to adjust ownership of ${file}."
+		    exit 1
+		fi
+	    fi
+	done
+
+        ;;
+esac
+
+
+# Emacs variables
+
+# Local Variables:
+# mode: sh
+# sh-basic-offset: 4
+# sh-indent-comment: nil
+# End:

net/freeradius2/files/radiusd.sh.in

@@ -1,9 +1,10 @@
 #!/bin/sh
-
+#
+# $FreeBSD$
+#
 # PROVIDE: radiusd
 # REQUIRE: %%REQUIRE%%
 # KEYWORD: shutdown
-
 #
 # Add the following lines to /etc/rc.conf to enable radiusd:
 #

net/freeradius2/pkg-plist

@@ -48,9 +48,15 @@ bin/smbencrypt
 %%EXAMPLESDIR%%/raddb/proxy.conf
 %%EXAMPLESDIR%%/raddb/radiusd.conf
 %%EXAMPLESDIR%%/raddb/sites-available/README
+%%EXAMPLESDIR%%/raddb/sites-available/buffered-sql
+%%EXAMPLESDIR%%/raddb/sites-available/copy-acct-to-home-server
 %%EXAMPLESDIR%%/raddb/sites-available/default
 %%EXAMPLESDIR%%/raddb/sites-available/example
+%%EXAMPLESDIR%%/raddb/sites-available/inner-tunnel
+%%EXAMPLESDIR%%/raddb/sites-available/proxy-inner-tunnel
+%%EXAMPLESDIR%%/raddb/sites-available/vmps
 %%EXAMPLESDIR%%/raddb/sites-enabled/default
+%%EXAMPLESDIR%%/raddb/sites-enabled/inner-tunnel
 %%EXAMPLESDIR%%/raddb/snmp.conf
 %%EXAMPLESDIR%%/raddb/sql.conf
 %%EXAMPLESDIR%%/raddb/sql/mssql/dialup.conf
@@ -485,6 +491,7 @@ include/freeradius/vqp.h
 %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc4818.txt
 %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc4849.txt
 %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5080.txt
+%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5176.txt
 %%PORTDOCS%%%%DOCSDIR%%/rlm_dbm
 %%PORTDOCS%%%%DOCSDIR%%/rlm_eap
 %%PORTDOCS%%%%DOCSDIR%%/rlm_expiration
@@ -596,6 +603,7 @@ include/freeradius/vqp.h
 %%DATADIR%%/dictionary.rfc4679
 %%DATADIR%%/dictionary.rfc4818
 %%DATADIR%%/dictionary.rfc4849
+%%DATADIR%%/dictionary.rfc5176
 %%DATADIR%%/dictionary.riverstone
 %%DATADIR%%/dictionary.roaringpenguin
 %%DATADIR%%/dictionary.shasta
@@ -622,7 +630,7 @@ include/freeradius/vqp.h
 %%DATADIR%%/dictionary.xylan
 %%DATADIR%%/dictionary.zyxel
 @dirrm %%DATADIR%%
-@exec mkdir -p /var/log/raddb
-@exec chmod -R og= /var/log/raddb
+@exec if [ ! -d /var/log/radacct ]; then mkdir -p /var/log/radacct; chmod -R go= /var/log/radacct; fi
+@exec for i in /var/log/radius.log /var/log/radutmp /var/log/radwtmp; do if [ ! -f ${i} ]; then touch ${i}; chmod go= ${i}; fi; done
 @exec mkdir -p /var/run/radiusd
 @unexec rm -fr /var/run/radiusd