From ee871b84af24b185010d68d89b886a2bbdefcd32 Mon Sep 17 00:00:00 2001 From: Sam hartman Date: Fri, 28 Mar 2014 10:21:34 +0000 Subject: [PATCH] Include sources needed by RPM packages --- rpm-sources/freeradius-imacros.patch | 13 + rpm-sources/freeradius-ippool-tr.patch | 96 +++++ rpm-sources/freeradius-logrotate | 59 +++ rpm-sources/freeradius-mysql-schema.patch | 24 ++ rpm-sources/freeradius-pam-conf | 6 + rpm-sources/freeradius-perl.patch | 19 + rpm-sources/freeradius-postgres-sql.patch | 10 + rpm-sources/freeradius-radiusd-init | 113 ++++++ rpm-sources/freeradius-redhat-config.patch | 45 +++ rpm-sources/freeradius-rlm_attr_filter-fix.patch | 138 +++++++ rpm-sources/freeradius-rlm_pap-overflow.patch | 48 +++ rpm-sources/freeradius-rlm_sql_sqlite-v2api.patch | 445 ++++++++++++++++++++++ rpm-sources/freeradius-tmpfiles.conf | 1 + 13 files changed, 1017 insertions(+) create mode 100644 rpm-sources/freeradius-imacros.patch create mode 100644 rpm-sources/freeradius-ippool-tr.patch create mode 100644 rpm-sources/freeradius-logrotate create mode 100644 rpm-sources/freeradius-mysql-schema.patch create mode 100644 rpm-sources/freeradius-pam-conf create mode 100644 rpm-sources/freeradius-perl.patch create mode 100644 rpm-sources/freeradius-postgres-sql.patch create mode 100644 rpm-sources/freeradius-radiusd-init create mode 100644 rpm-sources/freeradius-redhat-config.patch create mode 100644 rpm-sources/freeradius-rlm_attr_filter-fix.patch create mode 100644 rpm-sources/freeradius-rlm_pap-overflow.patch create mode 100644 rpm-sources/freeradius-rlm_sql_sqlite-v2api.patch create mode 100644 rpm-sources/freeradius-tmpfiles.conf diff --git a/rpm-sources/freeradius-imacros.patch b/rpm-sources/freeradius-imacros.patch new file mode 100644 index 0000000..baedebd --- /dev/null +++ b/rpm-sources/freeradius-imacros.patch @@ -0,0 +1,13 @@ +diff -r -u freeradius-server-3.0.1.bak/Make.inc.in freeradius-server-3.0.1/Make.inc.in +--- freeradius-server-3.0.1.bak/Make.inc.in 2014-01-17 11:20:48.599733053 -0500 ++++ freeradius-server-3.0.1/Make.inc.in 2014-01-17 14:37:33.739853796 -0500 +@@ -47,7 +47,7 @@ + + CC = @CC@ + RANLIB = @RANLIB@ +-IMACROS = -imacros ${top_srcdir}/src/freeradius-devel/build.h -imacros ${top_srcdir}/src/freeradius-devel/autoconf.h -imacros ${top_srcdir}/src/freeradius-devel/features.h ++IMACROS = -include ${top_srcdir}/src/freeradius-devel/build.h -include ${top_srcdir}/src/freeradius-devel/autoconf.h -include ${top_srcdir}/src/freeradius-devel/features.h + INCLUDE = -I${top_srcdir} -I${top_srcdir}/src + CFLAGS = $(IMACROS) $(INCLUDE) -std=c99 -fno-strict-aliasing @CFLAGS@ + CPPFLAGS = @CPPFLAGS@ +Only in freeradius-server-3.0.1: Make.inc.in~ diff --git a/rpm-sources/freeradius-ippool-tr.patch b/rpm-sources/freeradius-ippool-tr.patch new file mode 100644 index 0000000..04434e4 --- /dev/null +++ b/rpm-sources/freeradius-ippool-tr.patch @@ -0,0 +1,96 @@ +Index: freeradius-server/raddb/mods-available/ippool +=================================================================== +--- freeradius-server.orig/raddb/mods-available/ippool ++++ freeradius-server/raddb/mods-available/ippool +@@ -22,54 +22,45 @@ + # DEFAULT Group == teachers, Pool-Name := "teachers" + # DEFAULT Group == other, Pool-Name := "DEFAULT" + # +-# ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST ********* +-# ********* THEN ERASE THE DB FILES ********* ++# Note: If you change the range parameters you must then erase the ++# db files. + # + ippool main_pool { ++ # The main db file used to allocate addresses. ++ filename = ${db_dir}/db.ippool + +- # range-start,range-stop: +- # The start and end ip addresses for this pool. ++ # The start and end ip addresses for this pool. + range_start = 192.0.2.1 + range_stop = 192.0.2.254 + +- # netmask: +- # The network mask used for this pool. ++ # The network mask used for this pool. + netmask = 255.255.255.0 + +- # cache_size: +- # The gdbm cache size for the db files. Should +- # be equal to the number of ip's available in +- # the ip pool ++ # The gdbm cache size for the db files. Should ++ # be equal to the number of ip's available in ++ # the ip pool + cache_size = 800 + +- # session-db: +- # The main db file used to allocate addresses. +- session_db = ${db_dir}/db.ippool +- +- # ip-index: +- # Helper db index file used in multilink ++ # Helper db index file used in multilink + ip_index = ${db_dir}/db.ipindex + +- # override: +- # If set, the Framed-IP-Address already in the +- # reply (if any) will be discarded, and replaced +- # with a Framed-IP-Address assigned here. ++ # If set, the Framed-IP-Address already in the ++ # reply (if any) will be discarded, and replaced ++ # ith a Framed-IP-Address assigned here. + override = no + +- # maximum-timeout: +- # Specifies the maximum time in seconds that an +- # entry may be active. If set to zero, means +- # "no timeout". The default value is 0 ++ # Specifies the maximum time in seconds that an ++ # entry may be active. If set to zero, means ++ # "no timeout". The default value is 0 + maximum_timeout = 0 + +- # key: +- # The key to use for the session database (which +- # holds the allocated ip's) normally it should +- # just be the nas ip/port (which is the default). ++ # The key to use for the session database (which ++ # holds the allocated ip's) normally it should ++ # just be the nas ip/port (which is the default). + # +- # If your NAS sends the same value of NAS-Port +- # all requests, the key should be based on some +- # other attribute that is in ALL requests, AND +- # is unique to each machine needing an IP address. +- #key = "%{NAS-IP-Address} %{NAS-Port}" ++ # If your NAS sends the same value of NAS-Port ++ # all requests, the key should be based on some ++ # other attribute that is in ALL requests, AND ++ # is unique to each machine needing an IP address. ++# key = "%{NAS-IP-Address} %{NAS-Port}" + } +Index: freeradius-server/src/lib/valuepair.c +=================================================================== +--- freeradius-server.orig/src/lib/valuepair.c ++++ freeradius-server/src/lib/valuepair.c +@@ -109,6 +109,8 @@ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, D + vp->op = T_OP_EQ; + vp->type = VT_NONE; + ++ vp->length = da->flags.length; ++ + talloc_set_destructor(vp, _pairfree); + + return vp; diff --git a/rpm-sources/freeradius-logrotate b/rpm-sources/freeradius-logrotate new file mode 100644 index 0000000..ec19fd3 --- /dev/null +++ b/rpm-sources/freeradius-logrotate @@ -0,0 +1,59 @@ +# You can use this to rotate the /var/log/radius/* files, simply copy +# it to /etc/logrotate.d/radiusd + +# There are different detail-rotating strategies you can use. One is +# to write to a single detail file per IP and use the rotate config +# below. Another is to write to a daily detail file per IP with: +# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail +# (or similar) in radiusd.conf, without rotation. If you go with the +# second technique, you will need another cron job that removes old +# detail files. You do not need to comment out the below for method #2. +/var/log/radius/radacct/*/detail { + monthly + rotate 4 + nocreate + missingok + compress +} + +/var/log/radius/checkrad.log { + monthly + rotate 4 + create + missingok + compress +} + +/var/log/radius/radius.log { + monthly + rotate 4 + create + missingok + compress + postrotate + /sbin/service radiusd reload + endscript +} + +/var/log/radius/radutmp { + monthly + rotate 4 + create + compress + missingok +} + +/var/log/radius/radwtmp { + monthly + rotate 4 + create + compress + missingok +} +/var/log/radius/sqltrace.sql { + monthly + rotate 4 + create + compress + missingok +} diff --git a/rpm-sources/freeradius-mysql-schema.patch b/rpm-sources/freeradius-mysql-schema.patch new file mode 100644 index 0000000..755920d --- /dev/null +++ b/rpm-sources/freeradius-mysql-schema.patch @@ -0,0 +1,24 @@ +From 30d0f2e9351d40663898c46b3a2fb5dfbefdc6bc Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Tue, 21 Jan 2014 14:41:03 -0500 +Subject: [PATCH] Unsigned comes after "int" + +--- + raddb/mods-config/sql/main/mysql/schema.sql | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/raddb/mods-config/sql/main/mysql/schema.sql b/raddb/mods-config/sql/main/mysql/schema.sql +index 60d97ec..c5185be 100644 +--- a/raddb/mods-config/sql/main/mysql/schema.sql ++++ b/raddb/mods-config/sql/main/mysql/schema.sql +@@ -28,7 +28,7 @@ CREATE TABLE radacct ( + acctupdatetime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctinterval int(12) default NULL, +- acctsessiontime unsigned int(12) default NULL, ++ acctsessiontime int(12) unsigned default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, +-- +1.8.5.1 diff --git a/rpm-sources/freeradius-pam-conf b/rpm-sources/freeradius-pam-conf new file mode 100644 index 0000000..090c4a5 --- /dev/null +++ b/rpm-sources/freeradius-pam-conf @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include password-auth +account required pam_nologin.so +account include password-auth +password include password-auth +session include password-auth diff --git a/rpm-sources/freeradius-perl.patch b/rpm-sources/freeradius-perl.patch new file mode 100644 index 0000000..11fdaf8 --- /dev/null +++ b/rpm-sources/freeradius-perl.patch @@ -0,0 +1,19 @@ +commit 57d0db0e1dfa3fc25d0bfc146fec1c89a446a9ea +Author: Alan T. DeKok +Date: Wed Jan 22 15:11:33 2014 -0500 + + Use size out output buffer, not size of output pointer + +diff --git a/src/lib/print.c b/src/lib/print.c +index a6e5391..5bc5e02 100644 +--- a/src/lib/print.c ++++ b/src/lib/print.c +@@ -266,7 +266,7 @@ size_t vp_prints_value(char *out, size_t outlen, VALUE_PAIR const *vp, int8_t qu + return strlen(out); + } + +- return fr_print_string(vp->vp_strvalue, vp->length, out, sizeof(out)); ++ return fr_print_string(vp->vp_strvalue, vp->length, out, outlen); + + case PW_TYPE_INTEGER: + if (vp->da->flags.has_tag) { diff --git a/rpm-sources/freeradius-postgres-sql.patch b/rpm-sources/freeradius-postgres-sql.patch new file mode 100644 index 0000000..33235b7 --- /dev/null +++ b/rpm-sources/freeradius-postgres-sql.patch @@ -0,0 +1,10 @@ +--- freeradius-server-3.0.0.orig/raddb/mods-config/sql/main/postgresql/setup.sql 2013-10-07 15:49:47.000000000 -0400 ++++ freeradius-server-3.0.0/raddb/mods-config/sql/main/postgresql/setup.sql 2013-12-13 12:58:38.261559789 -0500 +@@ -29,4 +29,7 @@ + * The server can write to the accounting and post-auth logging table. + */ + GRANT SELECT, INSERT, UPDATE on radacct TO radius; ++GRANT SELECT, USAGE on radacct_radacctid_seq TO radius; ++ + GRANT SELECT, INSERT, UPDATE on radpostauth TO radius; ++GRANT SELECT, USAGE on radpostauth_id_seq TO radius; diff --git a/rpm-sources/freeradius-radiusd-init b/rpm-sources/freeradius-radiusd-init new file mode 100644 index 0000000..977a51f --- /dev/null +++ b/rpm-sources/freeradius-radiusd-init @@ -0,0 +1,113 @@ +#!/bin/sh +# +# radiusd Start/Stop the FreeRADIUS daemon +# +# chkconfig: - 88 10 +# description: Extensible, configurable, high performance RADIUS server. + +### BEGIN INIT INFO +# Provides: radiusd +# Required-Start: $network +# Required-Stop: +# Default-Start: +# Default-Stop: +# Should-Start: $time $syslog mysql ldap postgresql samba krb5-kdc +# Should-Stop: +# Short-Description: FreeRADIUS server +# Description: Extensible, configurable, high performance RADIUS server. +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +prog=radiusd + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +exec=${exec:=/usr/sbin/$prog} +config_dir=${config_dir:=/etc/raddb} +config=${config:=$config_dir/radiusd.conf} +pidfile=${pidfile:=/var/run/$prog/$prog.pid} +lockfile=${lockfile:=/var/lock/subsys/radiusd} + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon --pidfile $pidfile $exec -d $config_dir + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + # radiusd may not be capable of a 100% configuration reload depending + # on which loadable modules are in use, if sending the server a + # HUP is not sufficient then use restart here instead. However, we + # prefer by default to use HUP since it's what is usually desired. + # + # restart + + kill -HUP `pidofproc -p $pidfile $prog` +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status -p $pidfile $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/rpm-sources/freeradius-redhat-config.patch b/rpm-sources/freeradius-redhat-config.patch new file mode 100644 index 0000000..aecc4d8 --- /dev/null +++ b/rpm-sources/freeradius-redhat-config.patch @@ -0,0 +1,45 @@ +diff -r -u freeradius-server-3.0.0.orig/raddb/mods-available/eap freeradius-server-3.0.0/raddb/mods-available/eap +--- freeradius-server-3.0.0.orig/raddb/mods-available/eap 2013-10-07 15:49:47.000000000 -0400 ++++ freeradius-server-3.0.0/raddb/mods-available/eap 2013-11-26 17:48:56.081183431 -0500 +@@ -435,7 +435,7 @@ + # + # You should also delete all of the files + # in the directory when the server starts. +- # tmpdir = /tmp/radiusd ++ # tmpdir = /var/run/radiusd/tmp + + # The command used to verify the client cert. + # We recommend using the OpenSSL command-line +@@ -449,7 +449,7 @@ + # in PEM format. This file is automatically + # deleted by the server when the command + # returns. +- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" ++ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" + } + + # +diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-3.0.0/raddb/radiusd.conf.in +--- freeradius-server-3.0.0.orig/raddb/radiusd.conf.in 2013-10-07 15:49:47.000000000 -0400 ++++ freeradius-server-3.0.0/raddb/radiusd.conf.in 2013-11-26 17:24:52.263467793 -0500 +@@ -71,8 +71,7 @@ + cadir = ${confdir}/certs + run_dir = ${localstatedir}/run/${name} + +-# Should likely be ${localstatedir}/lib/radiusd +-db_dir = ${raddbdir} ++db_dir = ${localstatedir}/lib/radiusd + + # + # libdir: Where to find the rlm_* modules. +@@ -376,8 +375,8 @@ + # member. This can allow for some finer-grained access + # controls. + # +-# user = radius +-# group = radius ++ user = radiusd ++ group = radiusd + + # Core dumps are a bad thing. This should only be set to + # 'yes' if you're debugging a problem with the server. diff --git a/rpm-sources/freeradius-rlm_attr_filter-fix.patch b/rpm-sources/freeradius-rlm_attr_filter-fix.patch new file mode 100644 index 0000000..ffa0636 --- /dev/null +++ b/rpm-sources/freeradius-rlm_attr_filter-fix.patch @@ -0,0 +1,138 @@ +From a23188a41197069a396886b477bd4463ce6c5365 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Wed, 12 Mar 2014 21:41:26 +0000 +Subject: [PATCH] Compare da not just attribute number (fix clashing vendor and RFC space attributes) + +--- + src/modules/rlm_attr_filter/rlm_attr_filter.c | 4 ++-- + src/modules/rlm_attr_filter/rlm_attr_filter.c | 43 ++++++++++++++++----------- + 2 files changed, 27 insertions(+), 20 deletions(-) + +diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c +index e153cd1..1f72d6c 100644 +--- a/src/modules/rlm_attr_filter/rlm_attr_filter.c ++++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c +@@ -268,8 +268,8 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P + continue; + } + +- if (input_item->da->attr == check_item->da->attr) { +- check_pair(check_item, input_item, &pass, &fail); ++ if (input_item->da == check_item->da) { ++ check_pair(request, check_item, input_item, &pass, &fail); + } + } + +diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c +index 1f72d6c..19b5b45 100644 +--- a/src/modules/rlm_attr_filter/rlm_attr_filter.c ++++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c +@@ -57,24 +57,34 @@ + { NULL, -1, 0, NULL, NULL } + }; + +-static void check_pair(VALUE_PAIR *check_item, VALUE_PAIR *reply_item, +- int *pass, int *fail) ++static void check_pair(REQUEST *request, VALUE_PAIR *check_item, VALUE_PAIR *reply_item, int *pass, int *fail) + { + int compare; + + if (check_item->op == T_OP_SET) return; + + compare = paircmp(check_item, reply_item); ++ if (compare < 0) { ++ REDEBUG("Comparison failed: %s", fr_strerror()); ++ } ++ + if (compare == 1) { + ++*(pass); + } else { + ++*(fail); + } + ++ if (RDEBUG_ENABLED3) { ++ char rule[1024], pair[1024]; ++ ++ vp_prints(rule, sizeof(rule), check_item); ++ vp_prints(pair, sizeof(pair), reply_item); ++ RDEBUG3("%s %s %s", pair, compare == 1 ? "allowed by" : "disallowed by", rule); ++ } ++ + return; + } + +- + static int attr_filter_getfile(TALLOC_CTX *ctx, char const *filename, PAIR_LIST **pair_list) + { + vp_cursor_t cursor; +@@ -216,8 +226,7 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P + fall_through = 1; + continue; + } +- else if (!check_item->da->vendor && +- check_item->da->attr == PW_RELAX_FILTER) { ++ else if (!check_item->da->vendor && check_item->da->attr == PW_RELAX_FILTER) { + relax_filter = check_item->vp_integer; + continue; + } +@@ -247,20 +256,17 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P + for (input_item = paircursor(&input, &packet->vps); + input_item; + input_item = pairnext(&input)) { +- /* reset the pass,fail vars for each reply item */ +- pass = fail = 0; ++ pass = fail = 0; /* reset the pass,fail vars for each reply item */ + + /* +- * reset the check_item pointer to +- * beginning of the list ++ * Reset the check_item pointer to beginning of the list + */ + for (check_item = pairfirst(&check); + check_item; + check_item = pairnext(&check)) { + /* +- * Vendor-Specific is special, and +- * matches any VSA if the comparison +- * is always true. ++ * Vendor-Specific is special, and matches any VSA if the ++ * comparison is always true. + */ + if ((check_item->da->attr == PW_VENDOR_SPECIFIC) && (input_item->da->vendor != 0) && + (check_item->op == T_OP_CMP_TRUE)) { +@@ -273,14 +279,15 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P + } + } + ++ RDEBUG3("Attribute \"%s\" allowed by %i rules, disallowed by %i rules", ++ input_item->da->name, pass, fail); + /* +- * Only move attribute if it passed all rules, +- * or if the config says we should copy unmatched +- * attributes ('relaxed' mode). ++ * Only move attribute if it passed all rules, or if the config says we ++ * should copy unmatched attributes ('relaxed' mode). + */ + if (fail == 0 && (pass > 0 || relax_filter)) { + if (!pass) { +- RDEBUG3("Attribute (%s) allowed by relaxed mode", input_item->da->name); ++ RDEBUG3("Attribute \"%s\" allowed by relaxed mode", input_item->da->name); + } + vp = paircopyvp(packet, input_item); + if (!vp) { +@@ -355,11 +362,11 @@ static rlm_rcode_t attr_filter_common(void *instance, REQUEST *request, RADIUS_P + mod_instantiate, /* instantiation */ + NULL, /* detach */ + { +- NULL, /* authentication */ ++ NULL, /* authentication */ + mod_authorize, /* authorization */ + mod_preacct, /* pre-acct */ + mod_accounting, /* accounting */ +- NULL, /* checksimul */ ++ NULL, /* checksimul */ + #ifdef WITH_PROXY + mod_pre_proxy, /* pre-proxy */ + mod_post_proxy, /* post-proxy */ +-- +1.8.5.5 diff --git a/rpm-sources/freeradius-rlm_pap-overflow.patch b/rpm-sources/freeradius-rlm_pap-overflow.patch new file mode 100644 index 0000000..f37c33c --- /dev/null +++ b/rpm-sources/freeradius-rlm_pap-overflow.patch @@ -0,0 +1,48 @@ +From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Thu, 13 Feb 2014 13:49:54 +0000 +Subject: [PATCH 1/1] Fix potential crash with SSHA and salts > 44bytes + +--- + src/modules/rlm_pap/rlm_pap.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c +index 689acf0..1bf6d4e 100644 +--- a/src/modules/rlm_pap/rlm_pap.c ++++ b/src/modules/rlm_pap/rlm_pap.c +@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) + static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + { + +- uint8_t buffer[64]; ++ uint8_t buffer[256]; + + if (min_length >= sizeof(buffer)) return; /* paranoia */ + +@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + */ + if (vp->length >= (2 * min_length)) { + size_t decoded; +- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1); ++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer)); + if (decoded == (vp->length >> 1)) { +- RDEBUG2("Normalizing %s from hex encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + sizeof(buffer)); + if (decoded < 0) return; + if (decoded >= (ssize_t) min_length) { +- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +-- +1.8.5.3 + diff --git a/rpm-sources/freeradius-rlm_sql_sqlite-v2api.patch b/rpm-sources/freeradius-rlm_sql_sqlite-v2api.patch new file mode 100644 index 0000000..6b18034 --- /dev/null +++ b/rpm-sources/freeradius-rlm_sql_sqlite-v2api.patch @@ -0,0 +1,445 @@ +From b1b895b2cdc9563398d873023c535763540722ee Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Tue, 4 Feb 2014 17:51:51 +0000 +Subject: [PATCH] Do proper checks for each individual sqlite_v2 function + +--- + .../rlm_sql/drivers/rlm_sql_sqlite/config.h.in | 13 +- + .../rlm_sql/drivers/rlm_sql_sqlite/configure | 249 +++++++-------------- + .../rlm_sql/drivers/rlm_sql_sqlite/configure.ac | 14 +- + .../drivers/rlm_sql_sqlite/rlm_sql_sqlite.c | 35 ++- + 4 files changed, 125 insertions(+), 186 deletions(-) + +diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in +index 59abf27..f8a686f 100644 +--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in ++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/config.h.in +@@ -1,7 +1,16 @@ + /* config.h.in. Generated from configure.ac by autoheader. */ + +-/* Define if the SQLite library has v2 API functions */ +-#undef HAVE_SQLITE_V2_API ++/* Define to 1 if you have the `sqlite3_create_function_v2' function. */ ++#undef HAVE_SQLITE3_CREATE_FUNCTION_V2 ++ ++/* Define to 1 if you have the `sqlite3_errstr' function. */ ++#undef HAVE_SQLITE3_ERRSTR ++ ++/* Define to 1 if you have the `sqlite3_open_v2' function. */ ++#undef HAVE_SQLITE3_OPEN_V2 ++ ++/* Define to 1 if you have the `sqlite3_prepare_v2' function. */ ++#undef HAVE_SQLITE3_PREPARE_V2 + + /* Define to the address where bug reports for this package should be sent. */ + #undef PACKAGE_BUGREPORT +diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure +index 8a603af..8c22bb4 100755 +--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure ++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure +@@ -1432,6 +1432,73 @@ fi + as_fn_set_status $ac_retval + + } # ac_fn_c_try_link ++ ++# ac_fn_c_check_func LINENO FUNC VAR ++# ---------------------------------- ++# Tests whether FUNC exists, setting the cache variable VAR accordingly ++ac_fn_c_check_func () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 ++$as_echo_n "checking for $2... " >&6; } ++if eval \${$3+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++/* Define $2 to an innocuous variant, in case declares $2. ++ For example, HP-UX 11i declares gettimeofday. */ ++#define $2 innocuous_$2 ++ ++/* System header to define __stub macros and hopefully few prototypes, ++ which can conflict with char $2 (); below. ++ Prefer to if __STDC__ is defined, since ++ exists even on freestanding compilers. */ ++ ++#ifdef __STDC__ ++# include ++#else ++# include ++#endif ++ ++#undef $2 ++ ++/* Override any GCC internal prototype to avoid an error. ++ Use char because int might match the return type of a GCC ++ builtin and then its argument prototype would still apply. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++char $2 (); ++/* The GNU C library defines this for functions which it implements ++ to always fail with ENOSYS. Some functions are actually named ++ something starting with __ and the normal name is an alias. */ ++#if defined __stub_$2 || defined __stub___$2 ++choke me ++#endif ++ ++int ++main () ++{ ++return $2 (); ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO"; then : ++ eval "$3=yes" ++else ++ eval "$3=no" ++fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++fi ++eval ac_res=\$$3 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ ++} # ac_fn_c_check_func + cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. +@@ -2804,184 +2871,30 @@ if test "x$smart_lib" != "x"; then + SMART_LIBS="$smart_lib $SMART_LIBS" + fi + ++ LDFLAGS="$SMART_LIBS" + if test "x$ac_cv_lib_sqlite3_sqlite3_open" != "xyes" + then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sqlite libraries not found. Use --with-sqlite-lib-dir=." >&5 + $as_echo "$as_me: WARNING: Sqlite libraries not found. Use --with-sqlite-lib-dir=." >&2;} + fail="$fail libsqlite3" + else +- +- +-sm_lib_safe=`echo "sqlite3" | sed 'y%./+-%__p_%'` +-sm_func_safe=`echo "sqlite3_open_v2" | sed 'y%./+-%__p_%'` +- +-old_LIBS="$LIBS" +-smart_lib= +-smart_lib_dir= +- +-if test "x$smart_try_dir" != "x"; then +- for try in $smart_try_dir; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3 in $try" >&5 +-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3 in $try... " >&6; } +- LIBS="-L$try -lsqlite3 $old_LIBS -Wl,-rpath,$try" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char sqlite3_open_v2(); +-int +-main () +-{ +-sqlite3_open_v2() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-L$try -lsqlite3 -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" +-fi +- +-if test "x$smart_lib" = "x"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3" >&5 +-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3... " >&6; } +- LIBS="-lsqlite3 $old_LIBS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char sqlite3_open_v2(); +-int +-main () +-{ +-sqlite3_open_v2() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lsqlite3" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- LIBS="$old_LIBS" +-fi +- +-if test "x$smart_lib" = "x"; then +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libsqlite3${libltdl_cv_shlibext} +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libsqlite3.a +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- for try in $smart_lib_dir /usr/local/lib /opt/lib; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3_open_v2 in -lsqlite3 in $try" >&5 +-$as_echo_n "checking for sqlite3_open_v2 in -lsqlite3 in $try... " >&6; } +- LIBS="-L$try -lsqlite3 $old_LIBS -Wl,-rpath,$try" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char sqlite3_open_v2(); +-int +-main () +-{ +-sqlite3_open_v2() +- ; +- return 0; +-} ++ for ac_func in \ ++ sqlite3_prepare_v2 \ ++ sqlite3_open_v2 \ ++ sqlite3_create_function_v2 \ ++ sqlite3_errstr \ ++ ++do : ++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lsqlite3 -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" + fi ++done + +-if test "x$smart_lib" != "x"; then +- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" +-fi +- +- if test "x$ac_cv_lib_sqlite3_sqlite3_open_v2" == "xyes" +- then +- +-$as_echo "#define HAVE_SQLITE_V2_API 1" >>confdefs.h +- +- fi + fi + + +diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac +index 94ab603..601214a 100644 +--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac ++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/configure.ac +@@ -73,16 +73,20 @@ if test x$with_[]modname != xno; then + dnl try to link to libsqlite3 + smart_try_dir="$sqlite_lib_dir" + FR_SMART_CHECK_LIB(sqlite3, sqlite3_open) ++ dnl # Ensure we use the library we just found the rest of the checks ++ LDFLAGS="$SMART_LIBS" + if test "x$ac_cv_lib_sqlite3_sqlite3_open" != "xyes" + then + AC_MSG_WARN([Sqlite libraries not found. Use --with-sqlite-lib-dir=.]) + fail="$fail libsqlite3" + else +- FR_SMART_CHECK_LIB(sqlite3, sqlite3_open_v2) +- if test "x$ac_cv_lib_sqlite3_sqlite3_open_v2" == "xyes" +- then +- AC_DEFINE(HAVE_SQLITE_V2_API, [1], [Define if the SQLite library has v2 API functions]) +- fi ++ dnl # Add any v2 variants here ++ AC_CHECK_FUNCS(\ ++ sqlite3_prepare_v2 \ ++ sqlite3_open_v2 \ ++ sqlite3_create_function_v2 \ ++ sqlite3_errstr \ ++ ) + fi + + dnl ############################################################ +diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c +index ba516e0..15dc737 100644 +--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c ++++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c +@@ -94,7 +94,7 @@ static int sql_check_error(sqlite3 *db) + } + } + +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_OPEN_V2 + static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename) + { + ssize_t len; +@@ -196,7 +196,11 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename) + + *q = '\0'; + +- (void) sqlite3_prepare_v2(db, s, len, &statement, &z_tail); ++#ifdef HAVE_SQLITE3_PREPARE_V2 ++ (void) sqlite3_prepare_v2(db, s, len, &statement, &z_tail); ++#else ++ (void) sqlite3_prepare(db, s, len, &>statement, &z_tail); ++#endif + if (sql_check_error(db)) { + talloc_free(buffer); + return -1; +@@ -249,7 +253,7 @@ static int mod_instantiate(CONF_SECTION *conf, rlm_sql_config_t *config) + } + + if (driver->bootstrap && !exists) { +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_OPEN_V2 + int status; + int ret; + char *p; +@@ -280,8 +284,13 @@ static int mod_instantiate(CONF_SECTION *conf, rlm_sql_config_t *config) + + status = sqlite3_open_v2(driver->filename, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, NULL); + if (!db) { +- ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database, error " +- "code (%u)", status); ++#ifdef HAVE_SQLITE3_ERRSTR ++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database: %s", ++ sqlite3_errstr(status)); ++#else ++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database, got code (%i)", ++ status); ++#endif + + goto unlink; + } +@@ -359,14 +368,18 @@ static sql_rcode_t sql_socket_init(rlm_sql_handle_t *handle, rlm_sql_config_t *c + + INFO("rlm_sql_sqlite: Opening SQLite database \"%s\"", driver->filename); + +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_OPEN_V2 + status = sqlite3_open_v2(driver->filename, &(conn->db), SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, NULL); + #else + status = sqlite3_open(driver->filename, &(conn->db)); + #endif + if (!conn->db) { +- ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database error code (%u)", +- status); ++#ifdef HAVE_SQLITE3_ERRSTR ++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite: %s", sqlite3_errstr(status)); ++#else ++ ERROR("rlm_sql_sqlite: Failed creating opening/creating SQLite database error code (%i)", ++ status); ++#endif + + return -1; + } +@@ -384,7 +397,7 @@ static sql_rcode_t sql_socket_init(rlm_sql_handle_t *handle, rlm_sql_config_t *c + return -1; + } + +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_CREATE_FUNCTION_V2 + status = sqlite3_create_function_v2(conn->db, "GREATEST", -1, SQLITE_ANY, NULL, + _sql_greatest, NULL, NULL, NULL); + #else +@@ -403,7 +416,7 @@ static sql_rcode_t sql_select_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_con + rlm_sql_sqlite_conn_t *conn = handle->conn; + char const *z_tail; + +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_PREPARE_V2 + (void) sqlite3_prepare_v2(conn->db, query, strlen(query), &conn->statement, &z_tail); + #else + (void) sqlite3_prepare(conn->db, query, strlen(query), &conn->statement, &z_tail); +@@ -421,7 +434,7 @@ static sql_rcode_t sql_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t * + rlm_sql_sqlite_conn_t *conn = handle->conn; + char const *z_tail; + +-#ifdef HAVE_SQLITE_V2_API ++#ifdef HAVE_SQLITE3_PREPARE_V2 + status = sqlite3_prepare_v2(conn->db, query, strlen(query), &conn->statement, &z_tail); + #else + status = sqlite3_prepare(conn->db, query, strlen(query), &conn->statement, &z_tail); +-- +1.8.5.1 + diff --git a/rpm-sources/freeradius-tmpfiles.conf b/rpm-sources/freeradius-tmpfiles.conf new file mode 100644 index 0000000..ead7a2f --- /dev/null +++ b/rpm-sources/freeradius-tmpfiles.conf @@ -0,0 +1 @@ +D /var/run/radiusd 0710 radiusd radiusd - -- 2.1.4