diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile index 6dc9145672dd..40e34955e490 100644 --- a/net/freeradius2/Makefile +++ b/net/freeradius2/Makefile @@ -6,7 +6,7 @@ # PORTNAME= freeradius -DISTVERSION= 2.0.1 +DISTVERSION= 2.0.3 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ @@ -40,7 +40,8 @@ CFLAGS+= -I${LOCALBASE}/include -L${LOCALBASE}/lib PLIST_SUB= PORTVERSION=${DISTVERSION} -OPTIONS= KERBEROS "With Kerberos support" off \ +OPTIONS= USER "Run as user freeradius, group freeradius" on \ + KERBEROS "With Kerberos support" off \ HEIMDAL "With Heimdal Kerberos support" off \ LDAP "With LDAP database support" off \ MYSQL "With MySQL database support" off \ @@ -54,6 +55,10 @@ OPTIONS= KERBEROS "With Kerberos support" off \ # Default requirements for rc script _REQUIRE= NETWORKING SERVERS +# User and group to use if USER is set +USER= freeradius +GROUP= freeradius + CONFIGURE_ARGS= --quiet \ --prefix=${PREFIX} \ --localstatedir=/var \ @@ -80,6 +85,7 @@ CONFIGURE_ARGS+=--with-rlm-python-lib-dir=${PYTHON_LIBDIR} \ --without-rlm_sql_db2 \ --without-rlm_sql_iodbc \ --without-rlm_sql_oracle \ + --without-rlm_sql_sqlite \ --without-rlm_sql_sybase \ --without-rlm_sql_unixodbc \ --with-vmps @@ -88,6 +94,41 @@ CONFIGURE_ARGS+=--with-rlm-python-lib-dir=${PYTHON_LIBDIR} \ CONFIGURE_ARGS+= --with-pic .endif +# Credentials for WITH_USER are RADIUS_USER, RADIUS_UID, RADIUS_GECOS, +# RADIUS_HOME, RADIUS_SHELL, RADIUS_GROUP and RADIUS_GID. + +# Parse ${PORTSDIR}/UIDs and GIDs for the defaults +USER!= ${GREP} -E '^${USER}:' ${PORTSDIR}/UIDs | \ + ${SED} -Ee 's/^([^:]*):([^:]*):([^:]*):([^:]*):([^:]*):([^:]*):([^:]*)$$/USER="\1" UID="\3" GECOS="\5" HOME="\6" SHELL="\7"/' +GROUP!= ${GREP} -E '^${GROUP}:' ${PORTSDIR}/GIDs | \ + ${SED} -Ee 's/^([^:]*):([^:]*):([^:]*):$$/GROUP="\1" GID="\3"/' + +# Apply the defaults where necessary +RADIUS_USER?= ${USER:MUSER*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_UID?= ${USER:MUID*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_GECOS?= ${USER:MGECOS*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_HOME?= ${USER:MHOME*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_SHELL?= ${USER:MSHELL*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_GROUP?= ${GROUP:MGROUP*:C/^[^=]*=\"([^\"]*)\"$/\1/} +RADIUS_GID?= ${GROUP:MGID*:C/^[^=]*=\"([^\"]*)\"$/\1/} + +SUB_LIST+= USER="${RADIUS_USER}" \ + UID="${RADIUS_UID}" \ + GECOS="${RADIUS_GECOS}" \ + HOME="${RADIUS_HOME}" \ + SHELL="${RADIUS_SHELL}" \ + GROUP="${RADIUS_GROUP}" \ + GID="${RADIUS_GID}" \ + RADDB_WORK="${WRKSRC}/raddb" \ + RADDB="${PREFIX}/etc/raddb" \ + LOGDIR="${LOGDIR}" +SUB_FILES+= pkg-install pkg-deinstall +.ifdef(WITH_USER) +SUB_LIST+= RUN_AS_USER="yes" +.else +SUB_LIST+= RUN_AS_USER="no" +.endif + .if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS) WITH_KERBEROS= yes .endif @@ -226,6 +267,11 @@ pre-configure: && ${AUTOCONF} -I ${WRKSRC} @cd ${WRKSRC}/src/modules/rlm_python && ${AUTOCONF} -I ${WRKSRC} +pre-install: +# Run pkg-install PRE-INSTALL + @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \ + PRE-INSTALL + post-install: # Create (if necessary) ${PREFIX}/etc/raddb and subdirectories using # ${EXAMPLESDIR}/raddb as the model layout @@ -247,5 +293,8 @@ post-install: # Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx # (FreeRADIUS will probably complain if this is not done) @${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb +# Run pkg-install POST-INSTALL + @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \ + POST-INSTALL .include diff --git a/net/freeradius2/distinfo b/net/freeradius2/distinfo index 9c1cb1575633..182c142c5df7 100644 --- a/net/freeradius2/distinfo +++ b/net/freeradius2/distinfo @@ -1,3 +1,3 @@ -MD5 (freeradius-server-2.0.1.tar.bz2) = 670810d0ee7e80999fcd753cfdcecdb4 -SHA256 (freeradius-server-2.0.1.tar.bz2) = d5e1cd96762cc2091d64198bc50d03690f94dfd4d96b36a042dda1490b8143df -SIZE (freeradius-server-2.0.1.tar.bz2) = 2270018 +MD5 (freeradius-server-2.0.3.tar.bz2) = 3cd647f40880dee8693f2e74ab5416e9 +SHA256 (freeradius-server-2.0.3.tar.bz2) = 3184e9be6d88df3cdf72a08a7e00222c17bc360289ecf14219df9c81d68d7f79 +SIZE (freeradius-server-2.0.3.tar.bz2) = 2298963 diff --git a/net/freeradius2/files/patch-pthread b/net/freeradius2/files/patch-pthread index 32c5e7d4e4e4..66d9904cbf04 100644 --- a/net/freeradius2/files/patch-pthread +++ b/net/freeradius2/files/patch-pthread @@ -108,9 +108,9 @@ fi if test "x$mysql_with_threads" = "xyes"; then ---- src/modules/rlm_python/configure.in Thu May 15 15:52:02 2003 -+++ src/modules/rlm_python/configure.in Thu Aug 2 12:43:47 2007 -@@ -84,6 +84,44 @@ +--- src/modules/rlm_python/configure.in Mon May 14 23:27:21 2007 ++++ src/modules/rlm_python/configure.in Tue Mar 18 13:52:32 2008 +@@ -85,6 +85,34 @@ FR_SMART_CHECK_LIB(python${PY_VERSION}, Py_Initialize) LIBS=$old_LIBS @@ -118,10 +118,7 @@ +dnl # in case libpython is threaded + + if test "x$smart_lib" = "x"; then -+ AC_MSG_NOTICE([Checking to see if libpython may be threaded.]) -+ dnl pthread stuff is usually in -lpthread -+ dnl or in -lc_r, on *BSD -+ dnl FreeBSD uses -pthread ++ AC_MSG_NOTICE([Checking to see if libpython needs -pthread.]) + libpython_with_threads="yes" + case "$host" in + *-freebsd*) @@ -133,13 +130,6 @@ + fi + ;; + *) -+ AC_CHECK_LIB(pthread, pthread_create, -+ [ LIBS="-lpthread $LIBS" ], -+ AC_CHECK_LIB(c_r, pthread_create, -+ [ LIBS="-lc_r $LIBS" ], -+ [ libpython_with_threads="no" ] -+ ) -+ ) + ;; + esac + diff --git a/net/freeradius2/files/patch-sites-available b/net/freeradius2/files/patch-sites-available new file mode 100644 index 000000000000..4215da5c549c --- /dev/null +++ b/net/freeradius2/files/patch-sites-available @@ -0,0 +1,31 @@ +--- raddb/Makefile Tue Feb 26 09:32:29 2008 ++++ raddb/Makefile Tue Mar 18 13:13:41 2008 +@@ -1,7 +1,7 @@ + # + # Makefile + # +-# Version: $Id: Makefile,v 1.37 2008/02/26 09:32:29 aland Exp $ ++# Version: $Id: Makefile,v 1.38 2008/03/18 06:33:03 aland Exp $ + # + + include ../Make.inc +@@ -13,9 +13,7 @@ + attrs.pre-proxy clients.conf dictionary eap.conf templates.conf \ + experimental.conf hints huntgroups ldap.attrmap otp.conf \ + policy.txt preproxy_users proxy.conf radiusd.conf \ +- snmp.conf sql.conf sqlippool.conf users policy.conf \ +- sites-available/default sites-available/example \ +- sites-available/README ++ snmp.conf sql.conf sqlippool.conf users policy.conf + + # + # This target is here for local debugging +@@ -33,7 +31,7 @@ + $(INSTALL) -d -m 750 $(R)$(raddbdir)/sites-available + $(INSTALL) -d -m 750 $(R)$(raddbdir)/sites-enabled + @echo "Creating/updating files in $(R)$(raddbdir)"; \ +- for i in $(FILES); do \ ++ for i in $(FILES) `ls sites-available/* | sed 's/CVS//'`; do \ + [ ! -f $(R)$(raddbdir)/$$i ] && $(INSTALL) -m 640 $$i $(R)$(raddbdir)/$$i; \ + if [ "`find $$i -newer $(R)$(raddbdir)/$$i`" ]; then \ + echo "** $(R)$(raddbdir)/$$i"; \ diff --git a/net/freeradius2/files/pkg-deinstall.in b/net/freeradius2/files/pkg-deinstall.in new file mode 100644 index 000000000000..97b1e007ba9d --- /dev/null +++ b/net/freeradius2/files/pkg-deinstall.in @@ -0,0 +1,32 @@ +#!/bin/sh +# $FreeBSD$ + +if [ %%RUN_AS_USER%% != "yes" ]; then exit 0; fi + +case $2 in + POST-DEINSTALL) + cat </dev/null 2>&1 ; then + echo "===> Using existing group $group" + else + if pw groupadd -n $group -g $gid ; then + echo "===> Created group $group" + else + cat <<-EOERRORMSG +*** Failed to create group $group. + +Please add user $user and group $group +manually with the following commands: + + pw groupadd -n $group -g $gid + pw useradd -n $user -u $uid -g $group -c "$gecos" \\ + -d $home -s $shell -h - + +and retry installing this package. +EOERRORMSG + exit 1 + fi + fi + +} + + +create_user() { + local user uid group gid gecos home shell + + user=$1 + uid=$2 + group=$3 + gid=$4 + gecos=$5 + home=$6 + shell=$7 + + if pw user show -n $user >/dev/null 2>&1 ; then + echo "===> Using existing user $user" + else + if pw useradd -n $user -u $uid -g $group -c "$gecos" \ + -d $home -s $shell -h - ; then + echo "===> Created user $user" + else + cat <<-EOERRORMSG +*** Failed to create user $user. + +Please add user $user manually with the following command: + + pw useradd -n $user -u $uid -g $group -c "$gecos" \\ + -d $home -s $shell -h - + +and retry installing this package. +EOERRORMSG + exit 1 + fi + fi +} + + +if [ ${radius_run_as_user} != "yes" ]; then exit 0; fi + +case $2 in + PRE-INSTALL) + # Create the radius user and group if they do not already exist + create_group $radius_user $radius_uid $radius_group $radius_gid \ + "$radius_gecos" $radius_home $radius_shell + create_user $radius_user $radius_uid $radius_group $radius_gid \ + "$radius_gecos" $radius_home $radius_shell + + # Fix the user and group in raddb/radiusd.conf + echo "===> Setting user and group in radiusd.conf" + for file in ${radius_raddb_work}/radiusd.conf ${radius_raddb}/radiusd.conf; do + if [ -f ${file} ]; then + if ! sed -Ee "s/^[[:space:]#](user[[:space:]]*=[[:space:]]*).*$/\1${radius_user}/" \ + -e "s/^[[:space:]#](group[[:space:]]*=[[:space:]]*).*$/\1${radius_group}/" \ + -i .orig ${file}; then + echo "Failed to patch ${file}." + exit 1 + fi + if [ -f ${file}.orig ]; then + if ! rm ${file}.orig; then + echo "Failed to delete backup file ${file}.orig." + exit 1 + fi + fi + fi + done + + ;; + + POST-INSTALL) + # Change ownership of directories + for dir in $radius_raddb $radius_logdir/radacct \ + /var/run/radiusd ; do + if [ -d $dir ] || [ -L $dir ]; then + echo "===> Adjusting ownership of directory ${dir}" + if ! chown -HR $radius_user:$radius_group $dir; then + echo "Failed to adjust ownership of ${dir}." + exit 1 + fi + fi + done + + for file in $radius_logdir/radius.log $radius_logdir/radutmp \ + $radius_logdir/radwtmp; do + if [ -f $file ]; then + echo "===> Adjusting ownership of ${file}" + if ! chown $radius_user:$radius_group $file; then + echo "Failed to adjust ownership of ${file}." + exit 1 + fi + fi + done + + ;; +esac + + +# Emacs variables + +# Local Variables: +# mode: sh +# sh-basic-offset: 4 +# sh-indent-comment: nil +# End: diff --git a/net/freeradius2/files/radiusd.sh.in b/net/freeradius2/files/radiusd.sh.in index a29083d64fab..9ef0556b3716 100644 --- a/net/freeradius2/files/radiusd.sh.in +++ b/net/freeradius2/files/radiusd.sh.in @@ -1,9 +1,10 @@ #!/bin/sh - +# +# $FreeBSD$ +# # PROVIDE: radiusd # REQUIRE: %%REQUIRE%% # KEYWORD: shutdown - # # Add the following lines to /etc/rc.conf to enable radiusd: # diff --git a/net/freeradius2/pkg-plist b/net/freeradius2/pkg-plist index 74552443568d..8f08490a0578 100644 --- a/net/freeradius2/pkg-plist +++ b/net/freeradius2/pkg-plist @@ -48,9 +48,15 @@ bin/smbencrypt %%EXAMPLESDIR%%/raddb/proxy.conf %%EXAMPLESDIR%%/raddb/radiusd.conf %%EXAMPLESDIR%%/raddb/sites-available/README +%%EXAMPLESDIR%%/raddb/sites-available/buffered-sql +%%EXAMPLESDIR%%/raddb/sites-available/copy-acct-to-home-server %%EXAMPLESDIR%%/raddb/sites-available/default %%EXAMPLESDIR%%/raddb/sites-available/example +%%EXAMPLESDIR%%/raddb/sites-available/inner-tunnel +%%EXAMPLESDIR%%/raddb/sites-available/proxy-inner-tunnel +%%EXAMPLESDIR%%/raddb/sites-available/vmps %%EXAMPLESDIR%%/raddb/sites-enabled/default +%%EXAMPLESDIR%%/raddb/sites-enabled/inner-tunnel %%EXAMPLESDIR%%/raddb/snmp.conf %%EXAMPLESDIR%%/raddb/sql.conf %%EXAMPLESDIR%%/raddb/sql/mssql/dialup.conf @@ -485,6 +491,7 @@ include/freeradius/vqp.h %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc4818.txt %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc4849.txt %%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5080.txt +%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5176.txt %%PORTDOCS%%%%DOCSDIR%%/rlm_dbm %%PORTDOCS%%%%DOCSDIR%%/rlm_eap %%PORTDOCS%%%%DOCSDIR%%/rlm_expiration @@ -596,6 +603,7 @@ include/freeradius/vqp.h %%DATADIR%%/dictionary.rfc4679 %%DATADIR%%/dictionary.rfc4818 %%DATADIR%%/dictionary.rfc4849 +%%DATADIR%%/dictionary.rfc5176 %%DATADIR%%/dictionary.riverstone %%DATADIR%%/dictionary.roaringpenguin %%DATADIR%%/dictionary.shasta @@ -622,7 +630,7 @@ include/freeradius/vqp.h %%DATADIR%%/dictionary.xylan %%DATADIR%%/dictionary.zyxel @dirrm %%DATADIR%% -@exec mkdir -p /var/log/raddb -@exec chmod -R og= /var/log/raddb +@exec if [ ! -d /var/log/radacct ]; then mkdir -p /var/log/radacct; chmod -R go= /var/log/radacct; fi +@exec for i in /var/log/radius.log /var/log/radutmp /var/log/radwtmp; do if [ ! -f ${i} ]; then touch ${i}; chmod go= ${i}; fi; done @exec mkdir -p /var/run/radiusd @unexec rm -fr /var/run/radiusd