pkgsrc/net/freeradius/Makefile

147 lines
4.9 KiB
Makefile
Raw Normal View History

# $NetBSD: Makefile,v 1.53 2006/08/10 10:55:52 adrianp Exp $
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org> for putting this package together. Closes PR pkg/20013. I had originally requested this package even though we already had the Cistern RADIUS package because some terminal servers won't work with one or the other of these packages. This increases the number of terminal servers that can work with NetBSD. from the DESCR file: All code in this server was written from scratch. The server is mostly compatible with livingston radiusd-2.01 (no menus or s/key support though) but with more feautures, such as: o Can limit max. number of simultaneous logins on a per-user basis! o Multiple DEFAULT entries, that can optionally fall-through. o In fact, every entry can fall-through o Deny/permit access based on huntgroup users dials into o Set certain parameters (such as static IP address) based on huntgroup o Extra "hints" file that can select SLIP/PPP/rlogin based on username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc). o Can execute an external program when user has authenticated (for example to run a sendmail queue). o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files o Can act as a proxy server, relaying requests to a remote server o Supports Vendor-Specific attributes o No good documentation at all, just like the original radiusd 1.16! Then of course for general RADIUS questions, especially if you are using Livingston / Lucent RABU equipment, there is the portmaster-radius mailing list. Send mail to portmaster-radius-request@livingston.com to find out how to subscribe.
2003-02-27 09:51:00 +01:00
DISTNAME= freeradius-${RADVER}
PKGREVISION= 2
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org> for putting this package together. Closes PR pkg/20013. I had originally requested this package even though we already had the Cistern RADIUS package because some terminal servers won't work with one or the other of these packages. This increases the number of terminal servers that can work with NetBSD. from the DESCR file: All code in this server was written from scratch. The server is mostly compatible with livingston radiusd-2.01 (no menus or s/key support though) but with more feautures, such as: o Can limit max. number of simultaneous logins on a per-user basis! o Multiple DEFAULT entries, that can optionally fall-through. o In fact, every entry can fall-through o Deny/permit access based on huntgroup users dials into o Set certain parameters (such as static IP address) based on huntgroup o Extra "hints" file that can select SLIP/PPP/rlogin based on username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc). o Can execute an external program when user has authenticated (for example to run a sendmail queue). o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files o Can act as a proxy server, relaying requests to a remote server o Supports Vendor-Specific attributes o No good documentation at all, just like the original radiusd 1.16! Then of course for general RADIUS questions, especially if you are using Livingston / Lucent RABU equipment, there is the portmaster-radius mailing list. Send mail to portmaster-radius-request@livingston.com to find out how to subscribe.
2003-02-27 09:51:00 +01:00
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
ftp://ftp.Awfulhak.org/pub/radius/
2005-03-02 22:50:18 +01:00
MAINTAINER= adrianp@NetBSD.org
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org> for putting this package together. Closes PR pkg/20013. I had originally requested this package even though we already had the Cistern RADIUS package because some terminal servers won't work with one or the other of these packages. This increases the number of terminal servers that can work with NetBSD. from the DESCR file: All code in this server was written from scratch. The server is mostly compatible with livingston radiusd-2.01 (no menus or s/key support though) but with more feautures, such as: o Can limit max. number of simultaneous logins on a per-user basis! o Multiple DEFAULT entries, that can optionally fall-through. o In fact, every entry can fall-through o Deny/permit access based on huntgroup users dials into o Set certain parameters (such as static IP address) based on huntgroup o Extra "hints" file that can select SLIP/PPP/rlogin based on username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc). o Can execute an external program when user has authenticated (for example to run a sendmail queue). o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files o Can act as a proxy server, relaying requests to a remote server o Supports Vendor-Specific attributes o No good documentation at all, just like the original radiusd 1.16! Then of course for general RADIUS questions, especially if you are using Livingston / Lucent RABU equipment, there is the portmaster-radius mailing list. Send mail to portmaster-radius-request@livingston.com to find out how to subscribe.
2003-02-27 09:51:00 +01:00
HOMEPAGE= http://www.freeradius.org/
COMMENT= Free RADIUS server implementation
.include "../../mk/bsd.prefs.mk"
CONFLICTS+= radiusd-cistron-[0-9]*
USE_TOOLS+= gmake perl:run
GNU_CONFIGURE= YES
USE_LIBTOOL= YES
USE_OLD_DES_API= YES
BUILD_DEFS= VARBASE RADIUS_USER RADIUS_GROUP
PLIST_SRC= ${WRKDIR}/.PLIST_SRC
FILES_SUBST+= RADIUS_USER=${RADIUS_USER:Q}
FILES_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q}
PLIST_SUBST+= RADVER=${RADVER}
MESSAGE_SUBST+= CHOWN=${CHOWN:Q} CHMOD=${CHMOD:Q} VARBASE=${VARBASE}
MESSAGE_SUBST+= RADIUS_USER=${RADIUS_USER:Q} XARGS=${XARGS:Q}
MESSAGE_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q} FIND=${FIND:Q}
PKG_SYSCONFSUBDIR= raddb
RCD_SCRIPTS= radiusd
RADIUS_USER?= radius
RADIUS_GROUP?= radius
PKG_GROUPS= ${RADIUS_USER}
PKG_USERS= ${RADIUS_USER}:${RADIUS_GROUP}
OWN_DIRS_PERMS+= ${VARBASE}/run/radiusd \
${RADIUS_USER} ${RADIUS_GROUP} 0750
OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd \
${RADIUS_USER} ${RADIUS_GROUP} 0750
OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd/radacct \
${RADIUS_USER} ${RADIUS_GROUP} 0750
RADVER= 1.1.2
EGDIR= ${PREFIX}/share/examples/freeradius
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log/radiusd
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q}
CONFIGURE_ARGS+= --disable-ltdl-install
CONFIGURE_ARGS+= --with-ltdl-lib=${PREFIX}/lib
CONFIGURE_ARGS+= --with-ltdl-include=${PREFIX}/include
2004-01-30 22:44:39 +01:00
CONFIGURE_ARGS+= --without-rlm_ippool
CONFIGURE_ARGS+= --without-rlm_smb
CONFIGURE_ARGS+= --without-rlm_sql_iodbc
CONFIGURE_ARGS+= --without-rlm_sql_oracle
CONFIGURE_ARGS+= --without-rlm_sql_unixodbc
CONFIGURE_ARGS+= --quiet
#CONFIGURE_ARGS+= --without-rlm_eap_peap
#CONFIGURE_ARGS+= --without-rlm_eap_sim
#CONFIGURE_ARGS+= --without-rlm_eap_tls
#CONFIGURE_ARGS+= --without-rlm_eap_ttls
REPLACE_PERL= scripts/radsqlrelay
SUBST_CLASSES= make
SUBST_STAGE.make= post-patch
Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
SUBST_FILES.make= src/modules/rlm_mschap/Makefile \
src/modules/rlm_sql/drivers/rlm_sql_postgresql/Makefile.in
SUBST_SED.make= -e "s|RLM_LDFLAGS =|RLM_LDFLAGS = \
-L../../../src/lib/.libs/ -lradius|g"
SUBST_SED.make+= -e "s|RLM_SQL_LIBS =|RLM_SQL_LIBS = \
-L${PREFIX}/lib|g"
Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
SUBST_MESSAGE.make= Fixing Makefiles.
SUBST_CLASSES+= config
SUBST_STAGE.config= post-patch
SUBST_FILES.config= raddb/radiusd.conf.in
SUBST_SED.config= -e "s|@@RADIUS_USER@@|${RADIUS_USER}|g"
SUBST_SED.config+= -e "s|@@RADIUS_GROUP@@|${RADIUS_GROUP}|g"
SUBST_MESSAGE.config= Fixing configuration files.
.include "options.mk"
EGFILES= acct_users attrs certs/demoCA/index.txt.old \
certs/demoCA/cacert.pem certs/demoCA/index.txt \
certs/demoCA/serial.old certs/demoCA/serial \
certs/newcert.pem certs/README certs/dh \
certs/cert-clt.der certs/cert-clt.p12 certs/cert-clt.pem \
certs/cert-srv.der certs/cert-srv.p12 certs/cert-srv.pem \
certs/newreq.pem certs/random certs/root.der certs/root.p12 \
certs/root.pem clients clients.conf dictionary.in eap.conf \
experimental.conf hints huntgroups ldap.attrmap mssql.conf \
naslist naspasswd oraclesql.conf pgsql-voip.conf \
Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
postgresql.conf preproxy_users proxy.conf \
realms snmp.conf sql.conf users radiusd.conf dictionary \
otp.conf otppasswd.sample
.for f in ${EGFILES}
CONF_FILES_PERMS+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} \
${RADIUS_USER} ${RADIUS_GROUP} 0640
.endfor
.include "../../security/openssl/buildlink3.mk"
.include "../../devel/libltdl/buildlink3.mk"
2004-05-08 09:37:40 +02:00
.include "../../mk/pthread.buildlink3.mk"
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "none"
CONFIGURE_ARGS+= --without-threads
.endif
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "pth"
.include "../../devel/pthread-sem/buildlink3.mk"
SUBST_SED.make+= -e 's|@ldap_ldflags@|@ldap_ldflags@ \
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q} -lsemaphore|g'
.endif
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "native"
SUBST_SED.make+= -e 's|@ldap_ldflags@|@ldap_ldflags@ \
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q}|g'
.endif
.if ${MACHINE_ARCH} == "amd64"
CFLAGS+= -fPIC
.endif
post-build:
${CP} ${PKGDIR}/PLIST ${WRKDIR}/.PLIST_SRC
post-install:
${INSTALL_DATA_DIR} ${EGDIR}
${INSTALL_DATA_DIR} ${EGDIR}/certs
${INSTALL_DATA_DIR} ${EGDIR}/certs/demoCA
.for f in ${EGFILES}
${INSTALL_DATA} ${WRKSRC}/raddb/${f} ${EGDIR}/${f}
.endfor
Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
${INSTALL_SCRIPT} ${WRKSRC}/src/modules/rlm_perl/example.pl ${EGDIR}
${MKDIR} ${PKG_SYSCONFDIR}/certs
${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA
${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs
${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs/demoCA
${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs
${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs/demoCA
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org> for putting this package together. Closes PR pkg/20013. I had originally requested this package even though we already had the Cistern RADIUS package because some terminal servers won't work with one or the other of these packages. This increases the number of terminal servers that can work with NetBSD. from the DESCR file: All code in this server was written from scratch. The server is mostly compatible with livingston radiusd-2.01 (no menus or s/key support though) but with more feautures, such as: o Can limit max. number of simultaneous logins on a per-user basis! o Multiple DEFAULT entries, that can optionally fall-through. o In fact, every entry can fall-through o Deny/permit access based on huntgroup users dials into o Set certain parameters (such as static IP address) based on huntgroup o Extra "hints" file that can select SLIP/PPP/rlogin based on username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc). o Can execute an external program when user has authenticated (for example to run a sendmail queue). o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files o Can act as a proxy server, relaying requests to a remote server o Supports Vendor-Specific attributes o No good documentation at all, just like the original radiusd 1.16! Then of course for general RADIUS questions, especially if you are using Livingston / Lucent RABU equipment, there is the portmaster-radius mailing list. Send mail to portmaster-radius-request@livingston.com to find out how to subscribe.
2003-02-27 09:51:00 +01:00
.include "../../mk/bsd.pkg.mk"