radiusd-cistron (1.6.7) cistron; urgency=medium

* Fix checkrad.pl::cisco_snmp and usrhiper_snmp so that communities other than "public" can be used too. * Error out on superflous command line args (optind >= argc) * Encrypt CHAP-Password in radclient so that CHAP can be tested too * Add "wildcard" option to realms - if you set this option, you can match on the entire username using shell wildcards in the realms file. * If the nastype in /etc/raddb/naslist is set to 'none' for a nas, logins on that nas will have no simultaneous use restrictions imposed and those logins will not count towards the total amount of logins. * Removed 'raduse' and manpage. * Can disable radutmp with "-u none" (likewise radwtmp with "-W none", though we already had "-w" for that). * Call checkrad with an extra argument, the framed IP address. * Fix bug where $INCLUDEing a file without any records would cause the rest of the original file to be ignored * Support for 64-bit wide integers (integer8 type). If compiled with gcc, users file can contain both hex and decimal 64-bit values, and 64-bit values are printed in decimal. With other compilers (no "long long" support) only hex 64-bit values are supported. * Change "_" to "-" in dictionary.redback and change the 64 bits values to integer8. * Moved the dictionary files to /usr/local/share/radius. Now only /etc/raddb/dictionary remains that $INCLUDES all the others. For new installs only; existing installations won't be changed * Make integer in the format string of sprintf(buf, "%03d:%.20s", ..) in make_wtmp() unsigned (%u), otherwise the sprintf could in some cases (negative NAS-Port, very long NAS-name) overrun the buffer by one byte, overwriting the least significant byte of the return address on the stack with a \0. Not sure if this is exploitable or not, but it could be a security problem. * Make sure ut.login (struct radutmp member) is treated everywhere as a NON-zero terminated string. * Make sure unsigned integers are used in all places using lvalues (32 bits radius values), especially nas_port. * radrelay: update id of packet when retransmitting. * Print an error and free the request struct if we receive an unknown packet type. * rad_check_multi: if username/NAS/port match, don't count as dup.
2003-12-16 19:19:41 +00:00 · 2003-12-16 19:19:41 +00:00 · 4694497b69
commit 4694497b69
parent fab270b3a7
6 changed files with 60 additions and 82 deletions
--- a/net/radiusd-cistron/Makefile
+++ b/net/radiusd-cistron/Makefile
@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.10 2003/07/17 22:51:45 grant Exp $
+# $NetBSD: Makefile,v 1.11 2003/12/16 19:19:41 martti Exp $

-DISTNAME=	radiusd-cistron-1.6.6
-PKGREVISION=	1
+DISTNAME=	radiusd-cistron-1.6.7
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.cistron.nl/pub/people/miquels/radius/ \
 		ftp://ftp.freeradius.org/pub/radius/
@ -10,7 +9,7 @@ MAINTAINER=	tech-pkg@NetBSD.org
 HOMEPAGE=	http://www.radius.cistron.nl/
 COMMENT=	RADIUS-compliant remote authentication and accouting server

-CONFLICTS+=	freeradius*
+CONFLICTS+=	freeradius-[0-9]*

 USE_BUILDLINK2=	YES
 USE_PKGINSTALL=	YES
@ -38,28 +37,20 @@ CONF_FILES+=	${EGDIR}/${cfile} ${PKG_SYSCONFDIR}/${cfile:S/.sample//}

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/ChangeLog ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.CVX ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.Y2K ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.cisco ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.pam ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.proxy ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.radrelay ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.simul ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.tunnel ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_DATA} ${WRKSRC}/doc/README.usersfile ${PREFIX}/share/doc/radiusd-cistron
-	${INSTALL_MAN} ${WRKSRC}/doc/radclient.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/radlast.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/radtest.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/raduse.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/radwho.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/radzap.1 ${PREFIX}/man/man1
-	${INSTALL_MAN} ${WRKSRC}/doc/clients.5rad ${PREFIX}/man/man5
-	${INSTALL_MAN} ${WRKSRC}/doc/naslist.5rad ${PREFIX}/man/man5
-	${INSTALL_MAN} ${WRKSRC}/doc/radiusd.8 ${PREFIX}/man/man8
-	${INSTALL_MAN} ${WRKSRC}/doc/radrelay.8 ${PREFIX}/man/man8
-	${INSTALL_MAN} ${WRKSRC}/doc/radwatch.8 ${PREFIX}/man/man8
+	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${PREFIX}/share/doc/radiusd-cistron/
+.for i in	ChangeLog README README.CVX README.Y2K README.cisco	\
+		README.pam README.proxy README.radrelay README.simul	\
+		README.tunnel README.usersfile
+	${INSTALL_DATA} ${WRKSRC}/doc/${i} ${PREFIX}/share/doc/radiusd-cistron/
+.endfor
+.for i in	radclient.1 radlast.1 radtest.1 radwho.1 radzap.1
+	${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man1/
+.endfor
+.for i in	clients.5rad naslist.5rad
+	${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man5/
+.endfor
+.for i in	radiusd.8 radrelay.8 radwatch.8
+	${INSTALL_MAN} ${WRKSRC}/doc/${i} ${PREFIX}/man/man8/
+.endfor

 .include "../../mk/bsd.pkg.mk"
--- a/net/radiusd-cistron/PLIST
+++ b/net/radiusd-cistron/PLIST
@ -1,15 +1,13 @@
-@comment $NetBSD: PLIST,v 1.6 2003/05/01 18:35:46 jmmv Exp $
+@comment $NetBSD: PLIST,v 1.7 2003/12/16 19:19:41 martti Exp $
 bin/radclient
 bin/radlast
 bin/radtest
-bin/raduse
 bin/radwho
 bin/radzap
 etc/rc.d/radiusd
 man/man1/radclient.1
 man/man1/radlast.1
 man/man1/radtest.1
-man/man1/raduse.1
 man/man1/radwho.1
 man/man1/radzap.1
 man/man5/clients.5rad
@ -43,6 +41,7 @@ share/examples/raddb/dictionary.erx
 share/examples/raddb/dictionary.livingston
 share/examples/raddb/dictionary.redback
 share/examples/raddb/dictionary.shiva
+share/examples/raddb/dictionary.standard
 share/examples/raddb/dictionary.tunnel
 share/examples/raddb/dictionary.usr
 share/examples/raddb/dictionary.versanet
--- a/net/radiusd-cistron/distinfo
+++ b/net/radiusd-cistron/distinfo
@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.4 2003/05/01 18:35:46 jmmv Exp $
+$NetBSD: distinfo,v 1.5 2003/12/16 19:19:41 martti Exp $

-SHA1 (radiusd-cistron-1.6.6.tar.gz) = e043e2236f34ac613e8ab05d6ca907fd2c94d2f8
-Size (radiusd-cistron-1.6.6.tar.gz) = 194154 bytes
-SHA1 (patch-aa) = 10dc2936e08b8a42a111968cf0e900c843354414
-SHA1 (patch-ab) = cbc69c5466873a8095152b1a3fa278169a8b02b2
+SHA1 (radiusd-cistron-1.6.7.tar.gz) = 54c6e08a0c82a8d16928c1410bf50f6a50ef7d99
+Size (radiusd-cistron-1.6.7.tar.gz) = 198927 bytes
+SHA1 (patch-aa) = 53f331bde823f23a869c779df92a6e400a204746
+SHA1 (patch-ab) = a877e273f3d12228d4d0d6064115c5f55c044ad3
 SHA1 (patch-ac) = 95053cdb7cc8a1672d32a953147074ea948e535b
-SHA1 (patch-af) = 4d9721cb866c98be64b8aca8675e1f192bca74d2
+SHA1 (patch-af) = 7d2973054817eb8eae320a8a1a026f658e1cc70f
--- a/net/radiusd-cistron/patches/patch-aa
+++ b/net/radiusd-cistron/patches/patch-aa
@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $
+$NetBSD: patch-aa,v 1.4 2003/12/16 19:19:41 martti Exp $

--- src/Makefile.BSD.orig	Fri Nov  9 17:03:23 2001
-+++ src/Makefile.BSD	Thu Dec 20 10:46:40 2001
+--- src/Makefile.BSD.orig	Thu Apr 10 13:38:23 2003
+++ src/Makefile.BSD	Tue Dec 16 20:15:35 2003
@@ -3,9 +3,8 @@
 #
 #
@ -14,7 +14,7 @@ $NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $
 LIBS	=
 LCRYPT	= -lcrypt
 
-@@ -16,11 +15,11 @@
+@@ -16,12 +15,12 @@
 #PAM	= -DPAM
 #PAMLIB	= -lpam
 
@ -25,8 +25,11 @@ $NetBSD: patch-aa,v 1.3 2003/05/01 18:35:47 jmmv Exp $
 
 -BINDIR  = /usr/local/bin
 -SBINDIR = /usr/local/sbin
+-MANDIR  = /usr/local/man
+-SHAREDIR = /usr/local/share/radius
 +BINDIR  = $(PREFIX)/bin
 +SBINDIR = $(PREFIX)/sbin
- MANDIR  = /usr/local/man
+MANDIR  = $(PREFIX)/man
+SHAREDIR = $(PREFIX)/share/examples/raddb
 
 .include "Make.inc"
--- a/net/radiusd-cistron/patches/patch-ab
+++ b/net/radiusd-cistron/patches/patch-ab
@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $
+$NetBSD: patch-ab,v 1.4 2003/12/16 19:19:41 martti Exp $

--- src/Make.inc.orig	Thu Dec 20 10:52:00 2001
-+++ src/Make.inc	Thu Dec 20 10:52:06 2001
+--- src/Make.inc.orig	Thu Apr 10 13:51:47 2003
+++ src/Make.inc	Tue Dec 16 20:10:28 2003
@@ -4,7 +4,7 @@
 #
 #
@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $
 
 SERVER_OBJS   = radiusd.o files.o acct.o pam.o version.o proxy.o \
 			exec.o auth.o timestr.o cache.o readusers.o
-@@ -118,8 +118,6 @@
+@@ -115,8 +115,6 @@
 
 install:
 	# Install the binaries
@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $
 	$(DINSTALL) $(RADIUS_DIR)
 	$(INSTALL) -m 755 -s radiusd  $(SBINDIR)/radiusd
 	$(INSTALL) -m 755 -s radrelay $(SBINDIR)/radrelay
-@@ -131,35 +129,12 @@
+@@ -127,23 +125,11 @@
 	$(INSTALL) -m 755    checkrad.pl $(SBINDIR)/checkrad
 	$(INSTALL) -m 755    radlast $(BINDIR)
 	$(INSTALL) -m 755    radtest $(BINDIR)
@ -36,26 +36,12 @@ $NetBSD: patch-ab,v 1.3 2003/05/01 18:35:47 jmmv Exp $
 -	@if [ -d /etc/pam.d/ ] && [ ! -f /etc/pam.d/radius ]; then \
 -		$(INSTALL) -m 644 ../redhat/radiusd-pam /etc/pam.d/radius;\
 -	fi
- 	# Install the config files
+ 	@# Install the config files
 	@echo; echo "Creating/updating files in $(RADIUS_DIR)"; \
 	cd ../raddb; \
 	for i in [a-c]* [e-z]*; do \
 -		[ ! -f $(RADIUS_DIR)/$$i ] && cp $$i $(RADIUS_DIR)/$$i; \
 +		$(INSTALL) -m 444 $$i $(RADIUS_DIR)/$$i.sample; \
- 	done; \
- 	for i in dictionary*; do \
-		[ ! -f $(RADIUS_DIR)/$$i ] && cp $$i $(RADIUS_DIR)/$$i; \
-		if [ "`find $$i -newer $(RADIUS_DIR)/$$i`" ]; then \
-			echo "** $(RADIUS_DIR)/$$i"; \
-			nt=1; \
-		fi; \
-	done; \
-	if [ "$$nt" ]; then \
-		echo "** The samples in ../raddb are newer than these files";\
-		echo "** Please investigate and copy manually if appropriate";\
-		echo ;\
-	fi
-
-
-+		$(INSTALL) -m 444 $$i $(RADIUS_DIR)/$$i; \
-+	done
+ 	done; true
+ 	@# Install the dictionary files
+ 	@sh dict-install.sh ../raddb $(RADIUS_DIR) $(SHAREDIR)
--- a/net/radiusd-cistron/patches/patch-af
+++ b/net/radiusd-cistron/patches/patch-af
@ -1,7 +1,7 @@
-$NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
+$NetBSD: patch-af,v 1.3 2003/12/16 19:19:41 martti Exp $

--- src/radwho.c.orig	Mon May  7 22:33:45 2001
-+++ src/radwho.c	Thu Dec 20 09:38:25 2001
+--- src/radwho.c.orig	Wed Jul  2 12:39:03 2003
+++ src/radwho.c	Tue Dec 16 20:20:12 2003
@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <sys/stat.h>
@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 #include <time.h>
 #include <ctype.h>
 #include <netinet/in.h>
-@@ -40,18 +41,21 @@
+@@ -40,18 +41,20 @@
  *	Header above output and format.
  */
 char *hdr1 = 
@ -21,24 +21,23 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 char *ufmt1r = "%s,%s,%s,%s,%s,%s,%s%s";
 -char *rfmt1 = "%-10.10s %-17.17s %-5.5s %s%-3d %-9.9s %-9.9s %-.19s%s";
 +char *rfmt1 = "%-16.16s %-17.17s %-5.5s %s%-3d %-9.9s %-9.9s %-.*s%s";
- char *rfmt1r = "%s,%s,%s,%s%d,%s,%s,%s%s";
-+#define FMT1_HOST_SIZE        13
+ char *rfmt1r = "%s,%s,%s,%s%u,%s,%s,%s%s";
+#define FMT1_HOST_SIZE	13
 
 char *hdr2 = 
 -"Login      Port    What   When          From       Location";
 -char *ufmt2 = "%-10.10s %-6.6d %-7.7s %-13.13s %-10.10s %-.16s%s";
 +"Login           Port    What   When          From       Location";
 +char *ufmt2 = "%-16.16s %-6.6d %-7.7s %-13.13s %-10.10s %-.*s%s";
- char *ufmt2r = "%s,%d,%s,%s,%s,%s%s";
+ char *ufmt2r = "%s,%u,%s,%s,%s,%s%s";
 -char *rfmt2 = "%-10.10s %s%-5d  %-6.6s %-13.13s %-10.10s %-.28s%s";
 +char *rfmt2 = "%-16.16s %s%-5d  %-6.6s %-13.13s %-10.10s %-.*s%s";
- char *rfmt2r = "%s,%s%d,%s,%s,%s,%s%s";
-+#define FMT2_HOST_SIZE        19
-+
+ char *rfmt2r = "%s,%s%u,%s,%s,%s,%s%s";
+#define FMT2_HOST_SIZE	19
 
 char *eol = "\n";
 NAS *naslist;
-@@ -307,7 +311,8 @@
+@@ -307,7 +310,8 @@
 		return tmp;
 	}
 	if (strncmp(tty, "cu", 2) == 0) {
@ -48,7 +47,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 	}
 	return "??";
 }
-@@ -371,6 +376,8 @@
+@@ -371,6 +375,8 @@
  */
 int main(int argc, char **argv)
 {
@ -57,7 +56,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 	FILE *fp;
 	struct radutmp rt;
 	struct utmp ut;
-@@ -388,6 +395,11 @@
+@@ -389,6 +395,11 @@
 	char *p, *q, *portind;
 	int c, portno;
 
@ -69,7 +68,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 	while((c = getopt(argc, argv, "Dd:flhnsipcru:")) != EOF) switch(c) {
 		case 'D':
 			use_dns = 0;
-@@ -485,14 +497,17 @@
+@@ -486,14 +497,17 @@
 		while(fread(&ut, sizeof(ut), 1, fp) == 1) {
 #ifdef USER_PROCESS
 			if (ut.ut_user[0] && ut.ut_line[0] &&
@ -92,7 +91,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 					"shell",
 					ttyshort(ut.ut_line),
 #ifdef __svr4__
-@@ -501,10 +516,11 @@
+@@ -502,10 +516,11 @@
 					dotime(ut.ut_time),
 #endif
 					ut.ut_host,
@ -105,7 +104,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 					ttyshort(ut.ut_line),
 					"shell",
 #ifdef __svr4__
-@@ -513,6 +529,7 @@
+@@ -514,6 +529,7 @@
 					dotime(ut.ut_time),
 #endif
 					ut.ut_host,
@ -113,7 +112,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 					myname, eol);
 			}
 		}
-@@ -557,6 +574,7 @@
+@@ -560,6 +576,7 @@
 				portind, portno,
 				dotime(rt.time),
 				nasname(ntohl(rt.nas_address)),
@ -121,7 +120,7 @@ $NetBSD: patch-af,v 1.2 2001/12/20 10:05:50 martti Exp $
 				hostname(rt.framed_address), eol);
 			else
 			    printf((rawoutput == 0? rfmt2: rfmt2r),
-@@ -565,6 +583,7 @@
+@@ -568,6 +585,7 @@
 				proto(rt.proto, rt.porttype),
 				dotime(rt.time),
 				nasname(ntohl(rt.nas_address)),