--- /dev/null
+diff -r -u freeradius-server-3.0.1.bak/Make.inc.in freeradius-server-3.0.1/Make.inc.in\r
+--- freeradius-server-3.0.1.bak/Make.inc.in 2014-01-17 11:20:48.599733053 -0500\r
++++ freeradius-server-3.0.1/Make.inc.in 2014-01-17 14:37:33.739853796 -0500\r
+@@ -47,7 +47,7 @@\r
+ \r
+ CC = @CC@\r
+ RANLIB = @RANLIB@\r
+-IMACROS = -imacros ${top_srcdir}/src/freeradius-devel/build.h -imacros ${top_srcdir}/src/freeradius-devel/autoconf.h -imacros ${top_srcdir}/src/freeradius-devel/features.h\r
++IMACROS = -include ${top_srcdir}/src/freeradius-devel/build.h -include ${top_srcdir}/src/freeradius-devel/autoconf.h -include ${top_srcdir}/src/freeradius-devel/features.h\r
+ INCLUDE = -I${top_srcdir} -I${top_srcdir}/src\r
+ CFLAGS = $(IMACROS) $(INCLUDE) -std=c99 -fno-strict-aliasing @CFLAGS@\r
+ CPPFLAGS = @CPPFLAGS@\r
+Only in freeradius-server-3.0.1: Make.inc.in~\r
--- /dev/null
+Index: freeradius-server/raddb/mods-available/ippool
+===================================================================
+--- freeradius-server.orig/raddb/mods-available/ippool
++++ freeradius-server/raddb/mods-available/ippool
+@@ -22,54 +22,45 @@
+ # DEFAULT Group == teachers, Pool-Name := "teachers"
+ # DEFAULT Group == other, Pool-Name := "DEFAULT"
+ #
+-# ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST *********
+-# ********* THEN ERASE THE DB FILES *********
++# Note: If you change the range parameters you must then erase the
++# db files.
+ #
+ ippool main_pool {
++ # The main db file used to allocate addresses.
++ filename = ${db_dir}/db.ippool
+
+- # range-start,range-stop:
+- # The start and end ip addresses for this pool.
++ # The start and end ip addresses for this pool.
+ range_start = 192.0.2.1
+ range_stop = 192.0.2.254
+
+- # netmask:
+- # The network mask used for this pool.
++ # The network mask used for this pool.
+ netmask = 255.255.255.0
+
+- # cache_size:
+- # The gdbm cache size for the db files. Should
+- # be equal to the number of ip's available in
+- # the ip pool
++ # The gdbm cache size for the db files. Should
++ # be equal to the number of ip's available in
++ # the ip pool
+ cache_size = 800
+
+- # session-db:
+- # The main db file used to allocate addresses.
+- session_db = ${db_dir}/db.ippool
+-
+- # ip-index:
+- # Helper db index file used in multilink
++ # Helper db index file used in multilink
+ ip_index = ${db_dir}/db.ipindex
+
+- # override:
+- # If set, the Framed-IP-Address already in the
+- # reply (if any) will be discarded, and replaced
+- # with a Framed-IP-Address assigned here.
++ # If set, the Framed-IP-Address already in the
++ # reply (if any) will be discarded, and replaced
++ # ith a Framed-IP-Address assigned here.
+ override = no
+
+- # maximum-timeout:
+- # Specifies the maximum time in seconds that an
+- # entry may be active. If set to zero, means
+- # "no timeout". The default value is 0
++ # Specifies the maximum time in seconds that an
++ # entry may be active. If set to zero, means
++ # "no timeout". The default value is 0
+ maximum_timeout = 0
+
+- # key:
+- # The key to use for the session database (which
+- # holds the allocated ip's) normally it should
+- # just be the nas ip/port (which is the default).
++ # The key to use for the session database (which
++ # holds the allocated ip's) normally it should
++ # just be the nas ip/port (which is the default).
+ #
+- # If your NAS sends the same value of NAS-Port
+- # all requests, the key should be based on some
+- # other attribute that is in ALL requests, AND
+- # is unique to each machine needing an IP address.
+- #key = "%{NAS-IP-Address} %{NAS-Port}"
++ # If your NAS sends the same value of NAS-Port
++ # all requests, the key should be based on some
++ # other attribute that is in ALL requests, AND
++ # is unique to each machine needing an IP address.
++# key = "%{NAS-IP-Address} %{NAS-Port}"
+ }
+Index: freeradius-server/src/lib/valuepair.c
+===================================================================
+--- freeradius-server.orig/src/lib/valuepair.c
++++ freeradius-server/src/lib/valuepair.c
+@@ -109,6 +109,8 @@ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, D
+ vp->op = T_OP_EQ;
+ vp->type = VT_NONE;
+
++ vp->length = da->flags.length;
++
+ talloc_set_destructor(vp, _pairfree);
+
+ return vp;
--- /dev/null
+# You can use this to rotate the /var/log/radius/* files, simply copy
+# it to /etc/logrotate.d/radiusd
+
+# There are different detail-rotating strategies you can use. One is
+# to write to a single detail file per IP and use the rotate config
+# below. Another is to write to a daily detail file per IP with:
+# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
+# (or similar) in radiusd.conf, without rotation. If you go with the
+# second technique, you will need another cron job that removes old
+# detail files. You do not need to comment out the below for method #2.
+/var/log/radius/radacct/*/detail {
+ monthly
+ rotate 4
+ nocreate
+ missingok
+ compress
+}
+
+/var/log/radius/checkrad.log {
+ monthly
+ rotate 4
+ create
+ missingok
+ compress
+}
+
+/var/log/radius/radius.log {
+ monthly
+ rotate 4
+ create
+ missingok
+ compress
+ postrotate
+ /sbin/service radiusd reload
+ endscript
+}
+
+/var/log/radius/radutmp {
+ monthly
+ rotate 4
+ create
+ compress
+ missingok
+}
+
+/var/log/radius/radwtmp {
+ monthly
+ rotate 4
+ create
+ compress
+ missingok
+}
+/var/log/radius/sqltrace.sql {
+ monthly
+ rotate 4
+ create
+ compress
+ missingok
+}
--- /dev/null
+From 30d0f2e9351d40663898c46b3a2fb5dfbefdc6bc Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Tue, 21 Jan 2014 14:41:03 -0500
+Subject: [PATCH] Unsigned comes after "int"
+
+---
+ raddb/mods-config/sql/main/mysql/schema.sql | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/raddb/mods-config/sql/main/mysql/schema.sql b/raddb/mods-config/sql/main/mysql/schema.sql
+index 60d97ec..c5185be 100644
+--- a/raddb/mods-config/sql/main/mysql/schema.sql
++++ b/raddb/mods-config/sql/main/mysql/schema.sql
+@@ -28,7 +28,7 @@ CREATE TABLE radacct (
+ acctupdatetime datetime NULL default NULL,
+ acctstoptime datetime NULL default NULL,
+ acctinterval int(12) default NULL,
+- acctsessiontime unsigned int(12) default NULL,
++ acctsessiontime int(12) unsigned default NULL,
+ acctauthentic varchar(32) default NULL,
+ connectinfo_start varchar(50) default NULL,
+ connectinfo_stop varchar(50) default NULL,
+--
+1.8.5.1
--- /dev/null
+#%PAM-1.0
+auth include password-auth
+account required pam_nologin.so
+account include password-auth
+password include password-auth
+session include password-auth
--- /dev/null
+commit 57d0db0e1dfa3fc25d0bfc146fec1c89a446a9ea\r
+Author: Alan T. DeKok <aland@freeradius.org>\r
+Date: Wed Jan 22 15:11:33 2014 -0500\r
+\r
+ Use size out output buffer, not size of output pointer\r
+\r
+diff --git a/src/lib/print.c b/src/lib/print.c\r
+index a6e5391..5bc5e02 100644\r
+--- a/src/lib/print.c\r
++++ b/src/lib/print.c\r
+@@ -266,7 +266,7 @@ size_t vp_prints_value(char *out, size_t outlen, VALUE_PAIR const *vp, int8_t qu\r
+ return strlen(out);\r
+ }\r
+ \r
+- return fr_print_string(vp->vp_strvalue, vp->length, out, sizeof(out));\r
++ return fr_print_string(vp->vp_strvalue, vp->length, out, outlen);\r
+ \r
+ case PW_TYPE_INTEGER:\r
+ if (vp->da->flags.has_tag) {\r
--- /dev/null
+--- freeradius-server-3.0.0.orig/raddb/mods-config/sql/main/postgresql/setup.sql 2013-10-07 15:49:47.000000000 -0400
++++ freeradius-server-3.0.0/raddb/mods-config/sql/main/postgresql/setup.sql 2013-12-13 12:58:38.261559789 -0500
+@@ -29,4 +29,7 @@
+ * The server can write to the accounting and post-auth logging table.
+ */
+ GRANT SELECT, INSERT, UPDATE on radacct TO radius;
++GRANT SELECT, USAGE on radacct_radacctid_seq TO radius;
++
+ GRANT SELECT, INSERT, UPDATE on radpostauth TO radius;
++GRANT SELECT, USAGE on radpostauth_id_seq TO radius;
--- /dev/null
+#!/bin/sh
+#
+# radiusd Start/Stop the FreeRADIUS daemon
+#
+# chkconfig: - 88 10
+# description: Extensible, configurable, high performance RADIUS server.
+
+### BEGIN INIT INFO
+# Provides: radiusd
+# Required-Start: $network
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Should-Start: $time $syslog mysql ldap postgresql samba krb5-kdc
+# Should-Stop:
+# Short-Description: FreeRADIUS server
+# Description: Extensible, configurable, high performance RADIUS server.
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+prog=radiusd
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+exec=${exec:=/usr/sbin/$prog}
+config_dir=${config_dir:=/etc/raddb}
+config=${config:=$config_dir/radiusd.conf}
+pidfile=${pidfile:=/var/run/$prog/$prog.pid}
+lockfile=${lockfile:=/var/lock/subsys/radiusd}
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon --pidfile $pidfile $exec -d $config_dir
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc -p $pidfile $prog
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ # radiusd may not be capable of a 100% configuration reload depending
+ # on which loadable modules are in use, if sending the server a
+ # HUP is not sufficient then use restart here instead. However, we
+ # prefer by default to use HUP since it's what is usually desired.
+ #
+ # restart
+
+ kill -HUP `pidofproc -p $pidfile $prog`
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ # run checks to determine if the service is running or use generic status
+ status -p $pidfile $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ rh_status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ rh_status
+ ;;
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
--- /dev/null
+diff -r -u freeradius-server-3.0.0.orig/raddb/mods-available/eap freeradius-server-3.0.0/raddb/mods-available/eap\r
+--- freeradius-server-3.0.0.orig/raddb/mods-available/eap 2013-10-07 15:49:47.000000000 -0400\r
++++ freeradius-server-3.0.0/raddb/mods-available/eap 2013-11-26 17:48:56.081183431 -0500\r
+@@ -435,7 +435,7 @@\r
+ #\r
+ # You should also delete all of the files\r
+ # in the directory when the server starts.\r
+- # tmpdir = /tmp/radiusd\r
++ # tmpdir = /var/run/radiusd/tmp\r
+\r
+ # The command used to verify the client cert.\r
+ # We recommend using the OpenSSL command-line\r
+@@ -449,7 +449,7 @@\r
+ # in PEM format. This file is automatically\r
+ # deleted by the server when the command\r
+ # returns.\r
+- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"\r
++ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"\r
+ }\r
+\r
+ #\r
+diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-3.0.0/raddb/radiusd.conf.in\r
+--- freeradius-server-3.0.0.orig/raddb/radiusd.conf.in 2013-10-07 15:49:47.000000000 -0400\r
++++ freeradius-server-3.0.0/raddb/radiusd.conf.in 2013-11-26 17:24:52.263467793 -0500\r
+@@ -71,8 +71,7 @@\r
+ cadir = ${confdir}/certs\r
+ run_dir = ${localstatedir}/run/${name}\r
+\r
+-# Should likely be ${localstatedir}/lib/radiusd\r
+-db_dir = ${raddbdir}\r
++db_dir = ${localstatedir}/lib/radiusd\r
+\r
+ #\r
+ # libdir: Where to find the rlm_* modules.\r
+@@ -376,8 +375,8 @@\r
+ # member. This can allow for some finer-grained access\r
+ # controls.\r
+ #\r
+-# user = radius\r
+-# group = radius\r
++ user = radiusd\r
++ group = radiusd\r
+\r
+ # Core dumps are a bad thing. This should only be set to\r
+ # 'yes' if you're debugging a problem with the server.\r
--- /dev/null
+From a23188a41197069a396886b477bd4463ce6c5365 Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Wed, 12 Mar 2014 21:41:26 +0000
+Subject: [PATCH] Compare da not just attribute number (fix clashing vendor and RFC space attributes)
+
+---
+ src/modules/rlm_attr_filter/rlm_attr_filter.c | 4 ++--
+ src/modules/rlm_attr_filter/rlm_attr_filter.c | 43 ++++++++++++++++-----------
+ 2 files changed, 27 insertions(+), 20 deletions(-)
+
+diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c
+index e153cd1..1f72d6c 100644
+--- a/src/modules/rlm_attr_filter/rlm_attr_filter.c
++++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c
+@@ -268,8 +268,8 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P
+ continue;
+ }
+
+- if (input_item->da->attr == check_item->da->attr) {
+- check_pair(check_item, input_item, &pass, &fail);
++ if (input_item->da == check_item->da) {
++ check_pair(request, check_item, input_item, &pass, &fail);
+ }
+ }
+
+diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c
+index 1f72d6c..19b5b45 100644
+--- a/src/modules/rlm_attr_filter/rlm_attr_filter.c
++++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c
+@@ -57,24 +57,34 @@
+ { NULL, -1, 0, NULL, NULL }
+ };
+
+-static void check_pair(VALUE_PAIR *check_item, VALUE_PAIR *reply_item,
+- int *pass, int *fail)
++static void check_pair(REQUEST *request, VALUE_PAIR *check_item, VALUE_PAIR *reply_item, int *pass, int *fail)
+ {
+ int compare;
+
+ if (check_item->op == T_OP_SET) return;
+
+ compare = paircmp(check_item, reply_item);
++ if (compare < 0) {
++ REDEBUG("Comparison failed: %s", fr_strerror());
++ }
++
+ if (compare == 1) {
+ ++*(pass);
+ } else {
+ ++*(fail);
+ }
+
++ if (RDEBUG_ENABLED3) {
++ char rule[1024], pair[1024];
++
++ vp_prints(rule, sizeof(rule), check_item);
++ vp_prints(pair, sizeof(pair), reply_item);
++ RDEBUG3("%s %s %s", pair, compare == 1 ? "allowed by" : "disallowed by", rule);
++ }
++
+ return;
+ }
+
+-
+ static int attr_filter_getfile(TALLOC_CTX *ctx, char const *filename, PAIR_LIST **pair_list)
+ {
+ vp_cursor_t cursor;
+@@ -216,8 +226,7 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P
+ fall_through = 1;
+ continue;
+ }
+- else if (!check_item->da->vendor &&
+- check_item->da->attr == PW_RELAX_FILTER) {
++ else if (!check_item->da->vendor && check_item->da->attr == PW_RELAX_FILTER) {
+ relax_filter = check_item->vp_integer;
+ continue;
+ }
+@@ -247,20 +256,17 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P
+ for (input_item = paircursor(&input, &packet->vps);
+ input_item;
+ input_item = pairnext(&input)) {
+- /* reset the pass,fail vars for each reply item */
+- pass = fail = 0;
++ pass = fail = 0; /* reset the pass,fail vars for each reply item */
+
+ /*
+- * reset the check_item pointer to
+- * beginning of the list
++ * Reset the check_item pointer to beginning of the list
+ */
+ for (check_item = pairfirst(&check);
+ check_item;
+ check_item = pairnext(&check)) {
+ /*
+- * Vendor-Specific is special, and
+- * matches any VSA if the comparison
+- * is always true.
++ * Vendor-Specific is special, and matches any VSA if the
++ * comparison is always true.
+ */
+ if ((check_item->da->attr == PW_VENDOR_SPECIFIC) && (input_item->da->vendor != 0) &&
+ (check_item->op == T_OP_CMP_TRUE)) {
+@@ -273,14 +279,15 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P
+ }
+ }
+
++ RDEBUG3("Attribute \"%s\" allowed by %i rules, disallowed by %i rules",
++ input_item->da->name, pass, fail);
+ /*
+- * Only move attribute if it passed all rules,
+- * or if the config says we should copy unmatched
+- * attributes ('relaxed' mode).
++ * Only move attribute if it passed all rules, or if the config says we
++ * should copy unmatched attributes ('relaxed' mode).
+ */
+ if (fail == 0 && (pass > 0 || relax_filter)) {
+ if (!pass) {
+- RDEBUG3("Attribute (%s) allowed by relaxed mode", input_item->da->name);
++ RDEBUG3("Attribute \"%s\" allowed by relaxed mode", input_item->da->name);
+ }
+ vp = paircopyvp(packet, input_item);
+ if (!vp) {
+@@ -355,11 +362,11 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P
+ mod_instantiate, /* instantiation */
+ NULL, /* detach */
+ {
+- NULL, /* authentication */
++ NULL, /* authentication */
+ mod_authorize, /* authorization */
+ mod_preacct, /* pre-acct */
+ mod_accounting, /* accounting */
+- NULL, /* checksimul */
++ NULL, /* checksimul */
+ #ifdef WITH_PROXY
+ mod_pre_proxy, /* pre-proxy */
+ mod_post_proxy, /* post-proxy */
+--
+1.8.5.5
--- /dev/null
+From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001\r
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>\r
+Date: Thu, 13 Feb 2014 13:49:54 +0000\r
+Subject: [PATCH 1/1] Fix potential crash with SSHA and salts > 44bytes\r
+\r
+---\r
+ src/modules/rlm_pap/rlm_pap.c | 10 ++++++----\r
+ 1 file changed, 6 insertions(+), 4 deletions(-)\r
+\r
+diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c\r
+index 689acf0..1bf6d4e 100644\r
+--- a/src/modules/rlm_pap/rlm_pap.c\r
++++ b/src/modules/rlm_pap/rlm_pap.c\r
+@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)\r
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)\r
+ {\r
+ \r
+- uint8_t buffer[64];\r
++ uint8_t buffer[256];\r
+ \r
+ if (min_length >= sizeof(buffer)) return; /* paranoia */\r
+ \r
+@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)\r
+ */\r
+ if (vp->length >= (2 * min_length)) {\r
+ size_t decoded;\r
+- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);\r
++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));\r
+ if (decoded == (vp->length >> 1)) {\r
+- RDEBUG2("Normalizing %s from hex encoding", vp->da->name);\r
++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",\r
++ vp->da->name, vp->length, decoded);\r
+ pairmemcpy(vp, buffer, decoded);\r
+ return;\r
+ }\r
+@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)\r
+ sizeof(buffer));\r
+ if (decoded < 0) return;\r
+ if (decoded >= (ssize_t) min_length) {\r
+- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name);\r
++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",\r
++ vp->da->name, vp->length, decoded);\r
+ pairmemcpy(vp, buffer, decoded);\r
+ return;\r
+ }\r
+-- \r
+1.8.5.3\r
+\r
--- /dev/null
+From b1b895b2cdc9563398d873023c535763540722ee Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Tue, 4 Feb 2014 17:51:51 +0000
+Subject: [PATCH] Do proper checks for each individual sqlite_v2 function
+
+---
+ .../rlm_sql/drivers/rlm_sql_sqlite/config.h.in | 13 +-
+ .../rlm_sql/drivers/rlm_sql_sqlite/configure | 249 +++++++--------------
+ .../rlm_sql/drivers/rlm_sql_sqlite/configure.ac | 14 +-
+ .../drivers/rlm_sql_sqlite/rlm_sql_sqlite.c | 35 ++-
+ 4 files changed, 125 insertions(+), 186 deletions(-)
+
+diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in
+index 59abf27..f8a686f 100644
+--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in
++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in
+@@ -1,7 +1,16 @@
+ /* config.h.in. Generated from configure.ac by autoheader. */
+
+-/* Define if the SQLite library has v2 API functions */
+-#undef HAVE_SQLITE_V2_API
++/* Define to 1 if you have the `sqlite3_create_function_v2' function. */
++#undef HAVE_SQLITE3_CREATE_FUNCTION_V2
++
++/* Define to 1 if you have the `sqlite3_errstr' function. */
++#undef HAVE_SQLITE3_ERRSTR
++
++/* Define to 1 if you have the `sqlite3_open_v2' function. */
++#undef HAVE_SQLITE3_OPEN_V2
++
++/* Define to 1 if you have the `sqlite3_prepare_v2' function. */
++#undef HAVE_SQLITE3_PREPARE_V2
+
+ /* Define to the address where bug reports for this package should be sent. */
+ #undef PACKAGE_BUGREPORT
+diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure
+index 8a603af..8c22bb4 100755
+--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure
++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure
+@@ -1432,6 +1432,73 @@ fi
+ as_fn_set_status $ac_retval
+
+ } # ac_fn_c_try_link
++
++# ac_fn_c_check_func LINENO FUNC VAR
++# ----------------------------------
++# Tests whether FUNC exists, setting the cache variable VAR accordingly
++ac_fn_c_check_func ()
++{
++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
++$as_echo_n "checking for $2... " >&6; }
++if eval \${$3+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
++ For example, HP-UX 11i <limits.h> declares gettimeofday. */
++#define $2 innocuous_$2
++
++/* System header to define __stub macros and hopefully few prototypes,
++ which can conflict with char $2 (); below.
++ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
++ <limits.h> exists even on freestanding compilers. */
++
++#ifdef __STDC__
++# include <limits.h>
++#else
++# include <assert.h>
++#endif
++
++#undef $2
++
++/* Override any GCC internal prototype to avoid an error.
++ Use char because int might match the return type of a GCC
++ builtin and then its argument prototype would still apply. */
++#ifdef __cplusplus
++extern "C"
++#endif
++char $2 ();
++/* The GNU C library defines this for functions which it implements
++ to always fail with ENOSYS. Some functions are actually named
++ something starting with __ and the normal name is an alias. */
++#if defined __stub_$2 || defined __stub___$2
++choke me
++#endif
++
++int
++main ()
++{
++return $2 ();
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++ eval "$3=yes"
++else
++ eval "$3=no"
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++fi
++eval ac_res=\$$3
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
++$as_echo "$ac_res" >&6; }
++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
++
++} # ac_fn_c_check_func
+ cat >config.log <<_ACEOF
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+@@ -2804,184 +2871,30 @@ if test "x$smart_lib" != "x"; then
+ SMART_LIBS="$smart_lib $SMART_LIBS"
+ fi
+
++ LDFLAGS="$SMART_LIBS"
+ if test "x$ac_cv_lib_sqlite3_sqlite3_open" != "xyes"
+ then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sqlite libraries not found. Use --with-sqlite-lib-dir=<path>." >&5
+ $as_echo "$as_me: WARNING: Sqlite libraries not found. Use --with-sqlite-lib-dir=<path>." >&2;}
+ fail="$fail libsqlite3"
+ else
+-
+-
+-sm_lib_safe=`echo "sqlite3" | sed 'y%./+-%__p_%'`
+-sm_func_safe=`echo "sqlite3_open_v2" | sed 'y%./+-%__p_%'`
+-
+-old_LIBS="$LIBS"
+-smart_lib=
+-smart_lib_dir=
+-
+-if test "x$smart_try_dir" != "x"; then
+- for try in $smart_try_dir; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3 in $try" >&5
+-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3 in $try... " >&6; }
+- LIBS="-L$try -lsqlite3 $old_LIBS -Wl,-rpath,$try"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char sqlite3_open_v2();
+-int
+-main ()
+-{
+-sqlite3_open_v2()
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+-
+- smart_lib="-L$try -lsqlite3 -Wl,-rpath,$try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- done
+- LIBS="$old_LIBS"
+-fi
+-
+-if test "x$smart_lib" = "x"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3" >&5
+-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3... " >&6; }
+- LIBS="-lsqlite3 $old_LIBS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char sqlite3_open_v2();
+-int
+-main ()
+-{
+-sqlite3_open_v2()
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+-
+- smart_lib="-lsqlite3"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- LIBS="$old_LIBS"
+-fi
+-
+-if test "x$smart_lib" = "x"; then
+-
+-
+-if test "x$LOCATE" != "x"; then
+- DIRS=
+- file=libsqlite3${libltdl_cv_shlibext}
+-
+- for x in `${LOCATE} $file 2>/dev/null`; do
+- base=`echo $x | sed "s%/${file}%%"`
+- if test "x$x" = "x$base"; then
+- continue;
+- fi
+-
+- dir=`${DIRNAME} $x 2>/dev/null`
+- exclude=`echo ${dir} | ${GREP} /home`
+- if test "x$exclude" != "x"; then
+- continue
+- fi
+-
+- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
+- if test "x$already" = "x"; then
+- DIRS="$DIRS $dir"
+- fi
+- done
+-fi
+-
+-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
+-
+-
+-
+-if test "x$LOCATE" != "x"; then
+- DIRS=
+- file=libsqlite3.a
+-
+- for x in `${LOCATE} $file 2>/dev/null`; do
+- base=`echo $x | sed "s%/${file}%%"`
+- if test "x$x" = "x$base"; then
+- continue;
+- fi
+-
+- dir=`${DIRNAME} $x 2>/dev/null`
+- exclude=`echo ${dir} | ${GREP} /home`
+- if test "x$exclude" != "x"; then
+- continue
+- fi
+-
+- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
+- if test "x$already" = "x"; then
+- DIRS="$DIRS $dir"
+- fi
+- done
+-fi
+-
+-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
+-
+-
+- for try in $smart_lib_dir /usr/local/lib /opt/lib; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3 in $try" >&5
+-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3 in $try... " >&6; }
+- LIBS="-L$try -lsqlite3 $old_LIBS -Wl,-rpath,$try"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char sqlite3_open_v2();
+-int
+-main ()
+-{
+-sqlite3_open_v2()
+- ;
+- return 0;
+-}
++ for ac_func in \
++ sqlite3_prepare_v2 \
++ sqlite3_open_v2 \
++ sqlite3_create_function_v2 \
++ sqlite3_errstr \
++
++do :
++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
++ cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+ _ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+
+- smart_lib="-L$try -lsqlite3 -Wl,-rpath,$try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- done
+- LIBS="$old_LIBS"
+ fi
++done
+
+-if test "x$smart_lib" != "x"; then
+- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
+- LIBS="$smart_lib $old_LIBS"
+- SMART_LIBS="$smart_lib $SMART_LIBS"
+-fi
+-
+- if test "x$ac_cv_lib_sqlite3_sqlite3_open_v2" == "xyes"
+- then
+-
+-$as_echo "#define HAVE_SQLITE_V2_API 1" >>confdefs.h
+-
+- fi
+ fi
+
+
+diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac
+index 94ab603..601214a 100644
+--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac
++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac
+@@ -73,16 +73,20 @@ if test x$with_[]modname != xno; then
+ dnl try to link to libsqlite3
+ smart_try_dir="$sqlite_lib_dir"
+ FR_SMART_CHECK_LIB(sqlite3, sqlite3_open)
++ dnl # Ensure we use the library we just found the rest of the checks
++ LDFLAGS="$SMART_LIBS"
+ if test "x$ac_cv_lib_sqlite3_sqlite3_open" != "xyes"
+ then
+ AC_MSG_WARN([Sqlite libraries not found. Use --with-sqlite-lib-dir=<path>.])
+ fail="$fail libsqlite3"
+ else
+- FR_SMART_CHECK_LIB(sqlite3, sqlite3_open_v2)
+- if test "x$ac_cv_lib_sqlite3_sqlite3_open_v2" == "xyes"
+- then
+- AC_DEFINE(HAVE_SQLITE_V2_API, [1], [Define if the SQLite library has v2 API functions])
+- fi
++ dnl # Add any v2 variants here
++ AC_CHECK_FUNCS(\
++ sqlite3_prepare_v2 \
++ sqlite3_open_v2 \
++ sqlite3_create_function_v2 \
++ sqlite3_errstr \
++ )
+ fi
+
+ dnl ############################################################
+diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
+index ba516e0..15dc737 100644
+--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
+@@ -94,7 +94,7 @@ static int sql_check_error(sqlite3 *db)
+ }
+ }
+
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_OPEN_V2
+ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
+ {
+ ssize_t len;
+@@ -196,7 +196,11 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
+
+ *q = '\0';
+
+- (void) sqlite3_prepare_v2(db, s, len, &statement, &z_tail);
++#ifdef HAVE_SQLITE3_PREPARE_V2
++ (void) sqlite3_prepare_v2(db, s, len, &statement, &z_tail);
++#else
++ (void) sqlite3_prepare(db, s, len, &>statement, &z_tail);
++#endif
+ if (sql_check_error(db)) {
+ talloc_free(buffer);
+ return -1;
+@@ -249,7 +253,7 @@ static int mod_instantiate(CONF_SECTION *conf, rlm_sql_config_t *config)
+ }
+
+ if (driver->bootstrap && !exists) {
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_OPEN_V2
+ int status;
+ int ret;
+ char *p;
+@@ -280,8 +284,13 @@ static int mod_instantiate(CONF_SECTION *conf, rlm_sql_config_t *config)
+
+ status = sqlite3_open_v2(driver->filename, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, NULL);
+ if (!db) {
+- ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database, error "
+- "code (%u)", status);
++#ifdef HAVE_SQLITE3_ERRSTR
++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database: %s",
++ sqlite3_errstr(status));
++#else
++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database, got code (%i)",
++ status);
++#endif
+
+ goto unlink;
+ }
+@@ -359,14 +368,18 @@ static sql_rcode_t sql_socket_init(rlm_sql_handle_t *handle, rlm_sql_config_t *c
+
+ INFO("rlm_sql_sqlite: Opening SQLite database \"%s\"", driver->filename);
+
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_OPEN_V2
+ status = sqlite3_open_v2(driver->filename, &(conn->db), SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, NULL);
+ #else
+ status = sqlite3_open(driver->filename, &(conn->db));
+ #endif
+ if (!conn->db) {
+- ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database error code (%u)",
+- status);
++#ifdef HAVE_SQLITE3_ERRSTR
++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite: %s", sqlite3_errstr(status));
++#else
++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database error code (%i)",
++ status);
++#endif
+
+ return -1;
+ }
+@@ -384,7 +397,7 @@ static sql_rcode_t sql_socket_init(rlm_sql_handle_t *handle, rlm_sql_config_t *c
+ return -1;
+ }
+
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_CREATE_FUNCTION_V2
+ status = sqlite3_create_function_v2(conn->db, "GREATEST", -1, SQLITE_ANY, NULL,
+ _sql_greatest, NULL, NULL, NULL);
+ #else
+@@ -403,7 +416,7 @@ static sql_rcode_t sql_select_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_con
+ rlm_sql_sqlite_conn_t *conn = handle->conn;
+ char const *z_tail;
+
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_PREPARE_V2
+ (void) sqlite3_prepare_v2(conn->db, query, strlen(query), &conn->statement, &z_tail);
+ #else
+ (void) sqlite3_prepare(conn->db, query, strlen(query), &conn->statement, &z_tail);
+@@ -421,7 +434,7 @@ static sql_rcode_t sql_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t *
+ rlm_sql_sqlite_conn_t *conn = handle->conn;
+ char const *z_tail;
+
+-#ifdef HAVE_SQLITE_V2_API
++#ifdef HAVE_SQLITE3_PREPARE_V2
+ status = sqlite3_prepare_v2(conn->db, query, strlen(query), &conn->statement, &z_tail);
+ #else
+ status = sqlite3_prepare(conn->db, query, strlen(query), &conn->statement, &z_tail);
+--
+1.8.5.1
+
--- /dev/null
+D /var/run/radiusd 0710 radiusd radiusd -