Codebase list freeradius / 34897b2
Updated version 3.0.14+dfsg from 'upstream/3.0.14+dfsg' with Debian dir 6051b95c17389fbed327933140a5cdcc92a1cabc Michael Stapelberg 6 years ago
177 changed file(s) with 8098 addition(s) and 1802 deletion(s). Raw diff Collapse all Expand all
+7
-0
Makefile less more
1010 # The default rule is "all".
1111 #
1212 all:
13
14 #
15 # Catch people who try to use BSD make
16 #
17 ifeq "0" "1"
18 .error GNU Make is required to build FreeRADIUS
19 endif
1320
1421 $(if $(wildcard Make.inc),,$(error Missing 'Make.inc' Run './configure [options]' and retry))
1522
+1
-1
VERSION less more
0 3.0.12
0 3.0.14
+25
-11
configure less more
86648664
86658665
86668666 for ac_header in \
8667 openssl/asn1.h \
8668 openssl/conf.h \
86678669 openssl/crypto.h \
86688670 openssl/err.h \
86698671 openssl/evp.h \
8672 openssl/hmac.h \
86708673 openssl/md5.h \
86718674 openssl/md4.h \
86728675 openssl/sha.h \
87788781 conftest.$ac_objext conftest.beam conftest.$ac_ext
87798782 fi
87808783
8784 for ac_func in \
8785 SSL_get_client_random \
8786 SSL_get_server_random \
8787 SSL_SESSION_get_master_key \
8788 HMAC_CTX_new \
8789 HMAC_CTX_free \
8790 ASN1_STRING_get0_data \
8791 CONF_modules_load_file \
8792 CRYPTO_set_id_callback \
8793 CRYPTO_set_locking_callback
8794
8795 do :
8796 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
8797 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
8798 if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
8799 cat >>confdefs.h <<_ACEOF
8800 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
8801 _ACEOF
8802
8803 fi
8804 done
8805
87818806 CPPFLAGS="$old_CPPFLAGS"
87828807 fi
87838808
87868811
87878812
87888813 export OPENSSL_LIBS OPENSSL_LDFLAGS OPENSSL_CPPFLAGS
8789 for ac_func in SSL_get_client_random
8790 do :
8791 ac_fn_c_check_func "$LINENO" "SSL_get_client_random" "ac_cv_func_SSL_get_client_random"
8792 if test "x$ac_cv_func_SSL_get_client_random" = xyes; then :
8793 cat >>confdefs.h <<_ACEOF
8794 #define HAVE_SSL_GET_CLIENT_RANDOM 1
8795 _ACEOF
8796 SSL_get_server_random
8797 fi
8798 done
8799
88008814 fi
88018815
88028816 if test "x$PCAP_LIBS" = x; then
+17
-1
configure.ac less more
11031103 AC_DEFINE(HAVE_OPENSSL_SSL_H, 1, [Define to 1 if you have the <openssl/ssl.h> header file.])
11041104
11051105 AC_CHECK_HEADERS( \
1106 openssl/asn1.h \
1107 openssl/conf.h \
11061108 openssl/crypto.h \
11071109 openssl/err.h \
11081110 openssl/evp.h \
1111 openssl/hmac.h \
11091112 openssl/md5.h \
11101113 openssl/md4.h \
11111114 openssl/sha.h \
11731176 AC_MSG_RESULT([cross-compiling (assuming yes)])
11741177 ]
11751178 )
1179 dnl #
1180 dnl # Check if the new HMAC_CTX interface is defined
1181 dnl #
1182 AC_CHECK_FUNCS( \
1183 SSL_get_client_random \
1184 SSL_get_server_random \
1185 SSL_SESSION_get_master_key \
1186 HMAC_CTX_new \
1187 HMAC_CTX_free \
1188 ASN1_STRING_get0_data \
1189 CONF_modules_load_file \
1190 CRYPTO_set_id_callback \
1191 CRYPTO_set_locking_callback
1192 )
11761193 CPPFLAGS="$old_CPPFLAGS"
11771194 fi
11781195
11811198 AC_SUBST(OPENSSL_LDFLAGS)
11821199 AC_SUBST(OPENSSL_CPPFLAGS)
11831200 export OPENSSL_LIBS OPENSSL_LDFLAGS OPENSSL_CPPFLAGS
1184 AC_CHECK_FUNCS(SSL_get_client_random,SSL_get_server_random)
11851201 fi
11861202
11871203 dnl #
+132
-3
doc/ChangeLog less more
0 FreeRADIUS 3.0.14 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
1 Feature improvements
2 * Enforce TLS client certificate expiration on
3 session resumption, and Session-Timeout.
4 See CVE-2017-9148.
5 * Updated dictionary.cisco.vpn3000, dictionary.patton
6 * Added dictionary.dellemc
7 * Lowered the log output for failed PEAP sessions.
8 * ALlow utc in rlm_date. Patch from
9 Peter Lambrechtsen.
10 * The internal OpenSSL session cache has been
11 disabled. Please see mods-available/eap
12 * Update detail reader documentation.
13 Patch from Matthew Newton. Fixes #1973.
14 * Make outgoing RadSec connections non-blocking.
15 * Add SQL backing to Moonshot-*-TargetedId
16 generation. Patch from Stefan Paetow.
17
18 Bug fixes
19 * radtest uses Cleartext-Password for EAP, not
20 User-Password.
21 * Update documentation for mods-enabled/ linking.
22 * Enhanced checks for moonshot salt. Fixes #1933.
23 * Allow session resumption for RadSec connections.
24 Fixes #1936.
25 * Update "huntgroups" file to note that port ranges
26 are not supported.
27 * Fix OpenSSL permissions issues on default key files.
28 Fixes #1941.
29 * Certificates are not required when PSK is used.
30 * Allow SubjectAltName as first extension in cert.
31 Fixes #1946.
32 * Fixed talloc issue with TLS session resumption.
33 Fixes #1980.
34 * "&Attr-26 := 0x01" now produces useful error messages.
35 * Handle connection error in rlm_ldap_cacheable_groupobj.
36 Fixes #1951.
37 * Fix endian issues in DHCP.
38 * Multiple minor fixes for Coverity complaints.
39 * Handle unexpected regex. Fixes #1959.
40 * Fix minor issues in dictionaries.
41 * Fix typos and grammar. Patches from Alan Buxey.
42 * Fix erroneous VP creation in rlm_preproces.
43 * Fix MIB. Patch from Jeff Gehlbach.
44 * Trust router updates from Alejandro Perez.
45 * Allow build with LibreSSL. Fixes #1989
46 * Use correct packet for channel bindings. Fixes #1990.
47 * Many fixes found by PVS-Studio. Thanks to PVS-Studio
48 for giving us a test license. Please see the git commit
49 history for more information.
50 * Fix incorrect length check in EAP-PWD. This may
51 be exploitable.
52
53 FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
54 Feature improvements
55 * Add dictionary.rfc7930. Note that we do not implement
56 the RFC.
57 * Added 'cipher_server_preference' to mods-available/eap
58 Patch from #1797.
59 * OpenSSL 1.1.0 compatibility fixes.
60 * rlm_perl: radiusd::xlat to evaluate xlat string
61 within perl script
62 * Allow authentication retry in winbind. Patch from
63 Herwin Weststrate. See raddb/mods-available/mschap.
64 * Added "recv-coa" method to rlm_rest. It behaves the
65 same as "authorize".
66 * Document Trust Router tr_port option. Patch from
67 Stefan Paetow.
68 * Update elasticsearch/logstash examples so that they work
69 with elastic stack v5. Patch from Matthew Newton.
70 * Print information about packets, replies, and contents
71 in the detail file reader.
72 * Update abfab-tr policy. Pull request #1893
73 from Stefan Paetow.
74 * Reject packets which contain User-Password and
75 EAP-Message.
76 * Add example for filtering Access-Challenge.
77 See sites-enabled/default.
78 * Pull symlink fixes from v4.0.x. Fixes #1859.
79 * Add systemd reload. Not everything is reloaded, but
80 some is. Fixes #1662.
81 * Better documentation for listen "ipaddr". Fixes #1921
82 * Add dictionary.cnergee, updated dictionary.nomadix.
83 * radclient no longer needs -x to print statistics with -s.
84
85 Bug fixes
86 * Minor typos. Fixes #1763
87 * Fix typo in RPM build. Closes #1767.
88 * rlm_mschap check for password expiry only
89 if password was correct. Fixes #1762.
90 * Update debian build.
91 * update rlm_counter "man" page. Fixes #1775.
92 * Remove erroneous assert. Fixes #1778.
93 * fix mschap password change test. Fixes #1792.
94 * Cleanup config file on data remove. Fixes #1795.
95 * passwd module returns "notfound" if not found.
96 * Check for old OpenSSL, and don't build rlm_eap_fast
97 if it necessary. Fixes #1803
98 * Cleanup memory better after ldap version query.
99 Patch from Aleksey Katargin.
100 * Rename lt_* functions to avoid linker issues with
101 libtool. Fixes #1277
102 * Many miscellaneous fixes and typos.
103 * Allow long strings in %{%{foo} bar:-%{baz} blah".
104 Fixes #1866
105 * Fix filtering operators, along with more documentation and
106 more tests for them.
107 * Fix OpenSSL fixes. Fixes #1876.
108 * Finish SQL select queries even when SELECT returns no rows.
109 Fixes #1879.
110 * Set Module-Failure-Message for more EAP errors.
111 * Correct typo in dictionary.rfc5580. Fixes #1882
112 * Remove obselete systemd syslog.target.
113 * Client-Port-Balance load-balancing now uses client port.
114 * Radrelay examples fixed from Alex Clouter.
115 * Update systemd target. Pull request #1896.
116 * Trim starting whitespace in xlat strings.
117 * Get MySQL result lengths using normal API.
118 * suid down after fchown(). Fixes #1914.
119 * Fix cases of comparing pointer to NUL character. Fixes #1915.
120 * OpenSSL v1.1 fixes. Pull request #1921.
121 * Better Handle v4/v6 host names. Pull request #1919.
122 * Remove "Auth-Type = System" from docs and examples.
123 * Don't crash on malformed %{home_server}. Fixes #1922
124 * fix erroneous use of talloc destructor in rlm_eap
125 * Issue trigger modules.sql.fail. Fixes #1923
126 * Document python_path gotcha's. Fixes #1845
127 * dlopen() the specific version of Python. Fixes #1592
128
0129 FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
1130 Feature improvements
2131 * Add support for =~ and !~ in update sections.
23152 * Minor abfab and moonshot additions.
24153 * Pass CFLAGS through from environment in RPM builds.
25154 Allows more custom builds.
26 * Build with Heimdal in addtion to libkrb5.
155 * Build with Heimdal in addition to libkrb5.
27156
28157 Bug fixes
29158 * Use correct typedef for older versions of sqlite.
30159 * Update mssql schema to add priority
31 * don't complain on /dev/urandom in ldap
32 * fix == operator in update sections
160 * Don't complain on /dev/urandom in ldap
161 * Fix == operator in update sections
33162 * Don't create DHCP strings with many trailing zeros.
34163 Patch from Nicolas C. Fixes #1526.
35164 * Allow MS-CHAP change passwords instead of complaining
+22
-24
doc/schemas/logstash/README less more
44 easiest way to query the logs, find out when a client connected or disconnected,
55 or view the top ten clients logging into the system over the last six hours?
66
7 The logstash/elasticsearch/kibana stack is designed and built to do just that.
8 elasticsearch is a search engine; logstash is commonly used to feed data in,
9 and kibana the web interface to query the logs in near real time.
7 The elastic stack is designed and built to do just that. elasticsearch is a
8 search engine; logstash is commonly used to feed data in, and kibana the web
9 interface to query the logs in near real time.
1010
11 Installing the ELK stack is beyond the scope of this document, but can be done
11 Installing the elastic stack is beyond the scope of this document, but can be done
1212 in a short amount of time by any competent sysadmin. Then comes getting the
1313 logs in.
1414
4141 tab-delimited key-value pairs out. Some additional data is then extracted
4242 from certain key attributes.
4343
44 The file will need to be edited at least to set the input method: for
45 experimentation the given input (stdin) may be used. If logstash is running on
46 the RADIUS server then 'file' input may be appropriate, otherwise a different
47 input such as log-courier or logstash-forwarder may be better to get the data
48 over the network to the logstash server.
44 The logstash config will need to be edited at least to set the input method:
45 for experimentation the given input (file) may be used. If logstash is running
46 on the RADIUS server itself then this example input may be appropriate,
47 otherwise a different input such as log-courier or filebeat may be better to
48 get the data over the network to logstash.
4949
5050 It would be best to use an input method that can join the multiple lines of
5151 the detail file together and feed them to logstash as a single entry, rather
52 than using the logstash multiline filter.
52 than using the logstash multiline codec.
5353
5454 log-courier.conf
5555
5757
5858 kibana4-dashboard.json
5959
60 Basic RADIUS dashboard for Kibana4.
60 Basic RADIUS dashboard for Kibana 4 and Kibana 5.
6161
6262 To import the dashboard first create a new index called "radius-*" in
6363 Settings/Indices. Then go to Kibana's Settings page, "Objects" and "Import".
6464 Once imported open the "RADIUS detail" dashboard.
65
66 kibana3-dashboard.json
67
68 Basic RADIUS dashboard for Kibana3. To import the dashboard go to Load,
69 Advanced and "Choose File".
7065
7166
7267 Example usage
7368 -------------
7469
7570 Install mapping (only needs to be done once):
76 $ ./radius-mapping.sh
7771
78 Feed a detail file in:
79 $ /path/to/logstash -f logstash-radius.conf < acct-detail
72 $ ./radius-mapping.sh
73
74 Edit logstash-radius.conf to point to the correct file, then feed a detail file
75 in:
76
77 # /usr/share/logstash/bin/logstash --path.settings=/etc/logstash -f logstash-radius.conf
8078
8179
8280 See also
8886 following software versions (note that elasticsearch 2.x may not yet
8987 work with this config).
9088
91 elasticsearch 1.7.4
92 logstash 1.4.5
93 kibana 4.1.2
94 kibana 3.1.0
89 elasticsearch 5.1.2
90 logstash 5.1.2
91 kibana 5.1.2
92 kibana 4.1.11
9593
9694 Matthew Newton
97 January 2016
95 January 2017
9896
+0
-476
doc/schemas/logstash/kibana3-dashboard.json less more
0 {
1 "title": "RADIUS detail",
2 "services": {
3 "query": {
4 "list": {
5 "0": {
6 "query": "*",
7 "alias": "",
8 "color": "#584477",
9 "id": 0,
10 "pin": false,
11 "type": "lucene",
12 "enable": true
13 },
14 "1": {
15 "id": 1,
16 "type": "lucene",
17 "query": "Acct-Status-Type:Start",
18 "alias": "Accounting Start",
19 "color": "#629E51",
20 "pin": false,
21 "enable": true
22 },
23 "2": {
24 "id": 2,
25 "color": "#6ED0E0",
26 "alias": "",
27 "pin": false,
28 "type": "lucene",
29 "enable": true,
30 "query": "Acct-Status-Type:Interim-Update"
31 },
32 "3": {
33 "id": 3,
34 "color": "#BF1B00",
35 "alias": "",
36 "pin": false,
37 "type": "lucene",
38 "enable": true,
39 "query": "Acct-Status-Type:Stop"
40 }
41 },
42 "ids": [
43 0,
44 1,
45 2,
46 3
47 ]
48 },
49 "filter": {
50 "list": {
51 "0": {
52 "type": "time",
53 "field": "@timestamp",
54 "from": "now-7d",
55 "to": "now",
56 "mandate": "must",
57 "active": true,
58 "alias": "",
59 "id": 0
60 }
61 },
62 "ids": [
63 0
64 ]
65 }
66 },
67 "rows": [
68 {
69 "title": "Time series",
70 "height": "200px",
71 "editable": true,
72 "collapse": false,
73 "collapsable": true,
74 "panels": [
75 {
76 "span": 9,
77 "editable": true,
78 "type": "histogram",
79 "loadingEditor": false,
80 "mode": "count",
81 "time_field": "@timestamp",
82 "value_field": null,
83 "x-axis": true,
84 "y-axis": true,
85 "scale": 1,
86 "y_format": "none",
87 "grid": {
88 "max": null,
89 "min": 0
90 },
91 "queries": {
92 "mode": "selected",
93 "ids": [
94 1,
95 2,
96 3
97 ]
98 },
99 "annotate": {
100 "enable": false,
101 "query": "*",
102 "size": 20,
103 "field": "_type",
104 "sort": [
105 "_score",
106 "desc"
107 ]
108 },
109 "auto_int": true,
110 "resolution": 100,
111 "interval": "1h",
112 "intervals": [
113 "auto",
114 "1s",
115 "1m",
116 "5m",
117 "10m",
118 "30m",
119 "1h",
120 "3h",
121 "12h",
122 "1d",
123 "1w",
124 "1y"
125 ],
126 "lines": false,
127 "fill": 0,
128 "linewidth": 3,
129 "points": false,
130 "pointradius": 5,
131 "bars": true,
132 "stack": true,
133 "spyable": true,
134 "zoomlinks": true,
135 "options": true,
136 "legend": true,
137 "show_query": true,
138 "interactive": true,
139 "legend_counts": true,
140 "timezone": "browser",
141 "percentage": false,
142 "zerofill": true,
143 "derivative": false,
144 "tooltip": {
145 "value_type": "cumulative",
146 "query_as_alias": true
147 },
148 "title": "RADIUS Accounting data"
149 },
150 {
151 "error": false,
152 "span": 3,
153 "editable": true,
154 "type": "terms",
155 "loadingEditor": false,
156 "field": "NAS-Identifier",
157 "exclude": [],
158 "missing": false,
159 "other": false,
160 "size": 20,
161 "order": "count",
162 "style": {
163 "font-size": "10pt"
164 },
165 "donut": false,
166 "tilt": false,
167 "labels": true,
168 "arrangement": "horizontal",
169 "chart": "pie",
170 "counter_pos": "above",
171 "spyable": true,
172 "queries": {
173 "mode": "selected",
174 "ids": [
175 1
176 ]
177 },
178 "tmode": "terms",
179 "tstat": "total",
180 "valuefield": "",
181 "title": "Sessions by NAS"
182 }
183 ],
184 "notice": false
185 },
186 {
187 "title": "Graphs",
188 "height": "200px",
189 "editable": true,
190 "collapse": false,
191 "collapsable": true,
192 "panels": [
193 {
194 "error": false,
195 "span": 3,
196 "editable": true,
197 "type": "terms",
198 "loadingEditor": false,
199 "field": "Calling-Station-Id",
200 "exclude": [],
201 "missing": false,
202 "other": false,
203 "size": 10,
204 "order": "count",
205 "style": {
206 "font-size": "10pt"
207 },
208 "donut": false,
209 "tilt": false,
210 "labels": true,
211 "arrangement": "horizontal",
212 "chart": "table",
213 "counter_pos": "above",
214 "spyable": true,
215 "queries": {
216 "mode": "selected",
217 "ids": [
218 1
219 ]
220 },
221 "tmode": "terms",
222 "tstat": "total",
223 "valuefield": "",
224 "title": "Top Calling-Station-Id"
225 },
226 {
227 "error": false,
228 "span": 3,
229 "editable": true,
230 "type": "terms",
231 "loadingEditor": false,
232 "field": "Called-Station-Id",
233 "exclude": [],
234 "missing": false,
235 "other": false,
236 "size": 10,
237 "order": "count",
238 "style": {
239 "font-size": "10pt"
240 },
241 "donut": false,
242 "tilt": false,
243 "labels": true,
244 "arrangement": "horizontal",
245 "chart": "table",
246 "counter_pos": "above",
247 "spyable": true,
248 "queries": {
249 "mode": "selected",
250 "ids": [
251 1
252 ]
253 },
254 "tmode": "terms",
255 "tstat": "total",
256 "valuefield": "",
257 "title": "TopN Called-Station-Id"
258 },
259 {
260 "error": false,
261 "span": 3,
262 "editable": true,
263 "type": "terms",
264 "loadingEditor": false,
265 "field": "User-Name",
266 "exclude": [],
267 "missing": false,
268 "other": false,
269 "size": 10,
270 "order": "max",
271 "style": {
272 "font-size": "10pt"
273 },
274 "donut": false,
275 "tilt": false,
276 "labels": true,
277 "arrangement": "horizontal",
278 "chart": "table",
279 "counter_pos": "above",
280 "spyable": true,
281 "queries": {
282 "mode": "all",
283 "ids": [
284 0,
285 1,
286 2,
287 3
288 ]
289 },
290 "tmode": "terms_stats",
291 "tstat": "max",
292 "valuefield": "Acct-Output-Octets_long",
293 "title": "TopN data Output"
294 },
295 {
296 "error": false,
297 "span": 3,
298 "editable": true,
299 "type": "terms",
300 "loadingEditor": false,
301 "field": "User-Name",
302 "exclude": [],
303 "missing": false,
304 "other": false,
305 "size": 10,
306 "order": "max",
307 "style": {
308 "font-size": "10pt"
309 },
310 "donut": false,
311 "tilt": false,
312 "labels": true,
313 "arrangement": "horizontal",
314 "chart": "table",
315 "counter_pos": "above",
316 "spyable": true,
317 "queries": {
318 "mode": "all",
319 "ids": [
320 0,
321 1,
322 2,
323 3
324 ]
325 },
326 "tmode": "terms_stats",
327 "tstat": "max",
328 "valuefield": "Acct-Input-Octets_long",
329 "title": "TopN Data Input"
330 }
331 ],
332 "notice": false
333 },
334 {
335 "title": "Table",
336 "height": "150px",
337 "editable": true,
338 "collapse": false,
339 "collapsable": true,
340 "panels": [
341 {
342 "error": false,
343 "span": 12,
344 "editable": true,
345 "type": "table",
346 "loadingEditor": false,
347 "size": 100,
348 "pages": 5,
349 "offset": 0,
350 "sort": [
351 "@timestamp",
352 "asc"
353 ],
354 "overflow": "min-height",
355 "fields": [
356 "timestamp",
357 "User-Name",
358 "Calling-Station-Id",
359 "Called-Station-Id",
360 "Framed-IP-Address",
361 "NAS-Identifier"
362 ],
363 "highlight": [],
364 "sortable": true,
365 "header": true,
366 "paging": true,
367 "field_list": false,
368 "all_fields": false,
369 "trimFactor": 500,
370 "localTime": false,
371 "timeField": "@timestamp",
372 "spyable": true,
373 "queries": {
374 "mode": "all",
375 "ids": [
376 0,
377 1,
378 2,
379 3
380 ]
381 },
382 "style": {
383 "font-size": "9pt"
384 },
385 "normTimes": true,
386 "title": "RADIUS data"
387 }
388 ],
389 "notice": false
390 }
391 ],
392 "editable": true,
393 "failover": false,
394 "index": {
395 "interval": "day",
396 "pattern": "[radius-]YYYY.MM.DD",
397 "default": "[radius-]YYYY.MM.DD",
398 "warm_fields": false
399 },
400 "style": "dark",
401 "panel_hints": true,
402 "pulldowns": [
403 {
404 "type": "query",
405 "collapse": true,
406 "notice": false,
407 "enable": true,
408 "query": "*",
409 "pinned": true,
410 "history": [
411 "Acct-Status-Type:Stop",
412 "Acct-Status-Type:Interim-Update",
413 "Acct-Status-Type:Start",
414 "*"
415 ],
416 "remember": 10
417 },
418 {
419 "type": "filtering",
420 "collapse": true,
421 "notice": true,
422 "enable": true
423 }
424 ],
425 "nav": [
426 {
427 "type": "timepicker",
428 "collapse": false,
429 "notice": false,
430 "enable": true,
431 "status": "Stable",
432 "time_options": [
433 "5m",
434 "15m",
435 "1h",
436 "6h",
437 "12h",
438 "24h",
439 "2d",
440 "7d",
441 "30d"
442 ],
443 "refresh_intervals": [
444 "5s",
445 "10s",
446 "30s",
447 "1m",
448 "5m",
449 "15m",
450 "30m",
451 "1h",
452 "2h",
453 "1d"
454 ],
455 "timefield": "@timestamp",
456 "now": true,
457 "filter_id": 0
458 }
459 ],
460 "loader": {
461 "save_gist": false,
462 "save_elasticsearch": true,
463 "save_local": true,
464 "save_default": true,
465 "save_temp": true,
466 "save_temp_ttl_enable": true,
467 "save_temp_ttl": "30d",
468 "load_gist": false,
469 "load_elasticsearch": true,
470 "load_elasticsearch_size": 20,
471 "load_local": false,
472 "hide": false
473 },
474 "refresh": false
475 }
+24
-24
doc/schemas/logstash/kibana4-dashboard.json less more
00 [
1 {
2 "_id": "RADIUS-data",
3 "_type": "search",
4 "_source": {
5 "title": "RADIUS data",
6 "description": "",
7 "hits": 0,
8 "columns": [
9 "User-Name",
10 "Calling-Station-Id",
11 "Called-Station-Id",
12 "Framed-IP-Address",
13 "NAS-Identifier"
14 ],
15 "sort": [
16 "@timestamp",
17 "desc"
18 ],
19 "version": 1,
20 "kibanaSavedObjectMeta": {
21 "searchSourceJSON": "{\"index\":\"radius-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
22 }
23 }
24 },
125 {
226 "_id": "RADIUS-detail",
327 "_type": "dashboard",
3660 "version": 1,
3761 "kibanaSavedObjectMeta": {
3862 "searchSourceJSON": "{\"index\":\"radius-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"radius-*\",\"key\":\"Acct-Status-Type\",\"value\":\"Start\",\"disabled\":false},\"query\":{\"match\":{\"Acct-Status-Type\":{\"query\":\"Start\",\"type\":\"phrase\"}}}}]}"
39 }
40 }
41 },
42 {
43 "_id": "RADIUS-data",
44 "_type": "search",
45 "_source": {
46 "title": "RADIUS data",
47 "description": "",
48 "hits": 0,
49 "columns": [
50 "User-Name",
51 "Calling-Station-Id",
52 "Called-Station-Id",
53 "Framed-IP-Address",
54 "NAS-Identifier"
55 ],
56 "sort": [
57 "@timestamp",
58 "desc"
59 ],
60 "version": 1,
61 "kibanaSavedObjectMeta": {
62 "searchSourceJSON": "{\"index\":\"radius-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
6363 }
6464 }
6565 },
+10
-9
doc/schemas/logstash/log-courier.conf less more
00 # Example log-courier configuration file for RADIUS detail files.
1 #
2 # This has been tested with log-courier version 2.0.4
13 #
24 {
35 "general": {
46 "persist directory": "/var/lib/log-courier",
57 "log syslog": true,
6 "log stdout": false,
7 "admin listen address": "unix:/var/run/log-courier/admin.socket"
8 "log stdout": false
89 },
910
1011 "network": {
1112 "transport": "tcp",
12 "reconnect": 10,
1313
1414 # Servers to connect to.
1515 #
4343 # logstash configuration. Logstash can then also be run
4444 # with multiple workers (using -w).
4545 #
46 "codec": {
47 "name": "multiline",
48 "pattern": "^[A-Z\t]",
49 "negate": false,
50 "what": "next"
51 }
46 "codecs": [
47 {
48 "name": "multiline",
49 "patterns": [ "^[A-Z\t]" ],
50 "what": "next"
51 }
52 ]
5253 }
5354 ]
5455 }
+70
-36
doc/schemas/logstash/logstash-radius.conf less more
00 # logstash configuration to process RADIUS detail files
11 #
22 # Matthew Newton
3 # January 2016
3 # January 2017
4 #
5 # This config has been tested with logstash version 5.1.2.
46 #
57 # RADIUS "detail" files are textual representations of the RADIUS
68 # packets, and are written to disk by e.g. FreeRADIUS. They look
2123
2224
2325
24 # Example input - read data from a file. This can be useful for
25 # testing, but usually not so much for live service. For example,
26 # to read in a detail file with this input you could use:
27 #
28 # /opt/logstash/bin/logstash -v -f logstash-radius.conf < detailfile
26 # Example input - read data from a file. For example, to read in a
27 # detail file with this input you could use:
28 #
29 # # /usr/share/logstash/bin/logstash --path.settings=/etc/logstash -f logstash-radius.conf
30 #
2931
3032 input {
31 stdin {
33 file {
34 path => "/path/to/radius/detail/file"
35
36 # Note when testing that logstash will remember where
37 # it got to and continue from there.
38 start_position => "beginning"
39
40 # Set the type, for below.
3241 type => radiusdetail
42
43 # It is preferable to use a log feeder that can join
44 # multiple lines together, rather than using multiline
45 # here. For an example, see the log-courier
46 # configuration in this directory.
47
48 # If you didn't read the above, go back and read it again.
49
50 # If that is not possible you may be able to use the
51 # following section. Note that if you are using the
52 # "stdin" input, the file is chunked into 16k blobs,
53 # so every 16k a detail record is likely to be chopped
54 # in half. If you are using the "file" input (as in this
55 # example), the blank links between records are not
56 # passed through so the regex here has to be aware of
57 # that. Basically, do multiline as early as possible
58 # in your log feeder client not here and you'll avoid
59 # most issues that are likely to come up.
60
61 codec => multiline {
62 pattern => "^\t"
63 negate => false
64 what => "previous"
65 }
66
67 # If you really want to use the "stdin" input, this
68 # will work better, but be aware of the comments
69 # above.
70
71 #codec => multiline {
72 # pattern => "^[A-Z\t]"
73 # negate => false
74 # what => "next"
75 #}
3376 }
3477 }
3578
3679 # Moving into production will likely need something more reliable.
3780 # There are many input methods, an example here using log-courier
3881 # (which supports client-site multiline processing and does not
39 # lose log events if logstash is restarted).
82 # lose log events if logstash is restarted). You could also
83 # investigate e.g. filebeat from Elastic.
4084
4185 # input {
4286 # courier {
4387 # port => 5140
4488 # transport => "tcp"
89 #
90 # # Don't set the type here, as it's set in the
91 # # log-courier config instead.
92 # #type => radiusdetail
4593 # }
4694 # }
4795
54102 filter {
55103
56104 if [type] == "radiusdetail" {
57
58 # If you are using a log feeder that can join
59 # multiple lines together then that is preferrable
60 # to using multiline here, because this can not be
61 # used with threaded logstash (i.e. -w<n> at
62 # startup).
63
64 # In that case you should comment out the following
65 # section. For example, see the log-courier
66 # configuration configuration in this directory.
67
68 multiline {
69 pattern => "^[A-Z\t]"
70 negate => false
71 what => "next"
72 }
73105
74106 # Pull off the timestamp at the start of the
75107 # detail record. Note there may be additional data
90122 # Split the attributes and values into fields.
91123 # This is the bulk of processing that adds all of
92124 # the RADIUS attributes as elasticsearch fields.
125
126 # Note issue https://github.com/logstash-plugins/logstash-filter-kv/issues/10
127 # currently means that all spaces will be stripped
128 # from all fields. If this is a problem, adjust the
129 # trim setting.
93130
94131 kv {
95132 field_split => "\n"
162199 # possible to make sure all MAC addresses look the
163200 # same, which has obvious benefits.
164201 #
165 # https://github.com/mcnewton/elk/blob/master/logstash-filters/sanitize_mac.rb
202 # https://github.com/mcnewton/logstash-filter-sanitize_mac
166203
167204 # sanitize_mac {
168205 # match => {
169206 # "Called-Station-Id_mac" => "Called-Station-Id_mac"
170207 # "Calling-Station-Id_mac" => "Calling-Station-Id_mac"
171208 # }
172 # separator => ":"
209 # separator => "-"
173210 # fixcase => "lower"
174211 # }
175212
181218
182219 if ([Acct-Input-Octets]) {
183220 ruby {
184 code => "event['Acct-Input-Octets_long'] =
185 event['Acct-Input-Octets'].to_i + ( event['Acct-Input-Gigawords'] ? (event['Acct-Input-Gigawords'].to_i * (2**32)) : 0)"
221 code => "event.set('Acct-Input-Octets_long', event.get('Acct-Input-Octets').to_i +
222 (event.get('Acct-Input-Gigawords') ? (event.get('Acct-Input-Gigawords').to_i * (2**32)) : 0))"
186223 }
187224 }
188225
189226 if ([Acct-Output-Octets]) {
190227 ruby {
191 code => "event['Acct-Output-Octets_long'] =
192 event['Acct-Output-Octets'].to_i + ( event['Acct-Output-Gigawords'] ? (event['Acct-Output-Gigawords'].to_i * (2**32)) : 0)"
228 code => "event.set('Acct-Output-Octets_long', event.get('Acct-Output-Octets').to_i +
229 (event.get('Acct-Output-Gigawords') ? (event.get('Acct-Output-Gigawords').to_i * (2**32)) : 0))"
193230 }
194231 }
195232
198235
199236
200237
201 # Output data to the local elasticsearch cluster (called
202 # "elasticsearch") using type "detail" in index "radius-DATE".
238 # Output data to the local elasticsearch cluster
239 # using type "detail" in index "radius-DATE".
203240
204241 output {
205242 if [type] == "radiusdetail" {
206243 elasticsearch {
207 host => localhost
208 protocol => http
209 cluster => elasticsearch
210 index_type => "detail"
244 document_type => "detail"
211245 index => "radius-%{+YYYY.MM.dd}"
212246 flush_size => 1000
213247 }
+14
-18
doc/schemas/logstash/radius-mapping.sh less more
00 #! /bin/sh
11
2 # Create a template mapping for RADIUS data
2 # Create an elasticsearch template mapping for RADIUS data
33 # Matthew Newton
44 # April 2015
55
66 # This should be run on an elasticsearch node. Alternatively,
77 # adjust the curl URI below.
8
9 # This version has been tested on elasticsearch 5.1.2
810
911 # The template will be called "radius", and will apply to all
1012 # indices prefixed with "radius-" that contain data type "detail".
1416 #
1517 # Acct-Input- or Acct-Output- attributes are numbers;
1618 # Acct-Session-Time is a number;
17 # Everything else is a string.
19 # Everything else is a keyword, which is a non-analysed string.
1820
1921 # Additionally, the supplied logstash config will try and extract
2022 # MAC addresses, IP addresses and ports from the data. These are
4042 "detail":{
4143
4244 "properties": {
43 "@timestamp": { "format": "dateOptionalTime", "type": "date" },
44 "@version": { "type" : "string" },
45 "message": { "type" : "string" },
46 "Acct-Session-Time": { "type" : "long", "doc_values": true },
47 "offset": { "type" : "long", "doc_values": true }
45 "@timestamp": { "format" : "date_optional_time", "type" : "date" },
46 "@version": { "type" : "keyword" },
47 "message": { "type" : "text" },
48 "Acct-Session-Time": { "type" : "long" },
49 "offset": { "type" : "long" }
4850 },
4951
5052 "dynamic_templates": [
5355 "match_pattern": "regex",
5456 "match": "^Acct-(Input|Output)-.*$",
5557 "mapping": {
56 "type": "long",
57 "doc_values": true
58 "type": "long"
5859 }
5960 }
6061 },
6263 { "ipv4_address": {
6364 "path_match": "*_ip",
6465 "mapping": {
65 "type": "ip",
66 "doc_values": true
66 "type": "ip"
6767 }
6868 }
6969 },
7171 { "network_port": {
7272 "path_match": "*_port",
7373 "mapping": {
74 "type": "integer",
75 "doc_values": true
74 "type": "integer"
7675 }
7776 }
7877 },
8079 { "long_number": {
8180 "path_match": "*_long",
8281 "mapping": {
83 "type": "integer",
84 "doc_values": true
82 "type": "long"
8583 }
8684 }
8785 },
8987 { "no_analyze_strings": {
9088 "match": "*",
9189 "mapping": {
92 "type": "string",
93 "index": "not_analyzed",
94 "doc_values": true
90 "type": "keyword"
9591 }
9692 }
9793 }
+1
-2
man/man1/rad_counter.1 less more
1414 .RB [ \--reset
1515 .IR number]
1616 .RB [ \--help ]
17 .RB [ \--
18 .IR(hours|minutes|seconds) ]
17 .RB [ \-\-hours | \-\-minutes | \-\-seconds ]
1918
2019 .SH DESCRIPTION
2120 \fBrad_counter\fP is a tool that can query and maintain FreeRADIUS rlm_counter DB files.
+10
-1
man/man1/radclient.1 less more
0 .TH RADCLIENT 1 "28 March 2014" "" "FreeRADIUS Daemon"
0 .TH RADCLIENT 1 "28 February 2017" "" "FreeRADIUS Daemon"
11 .SH NAME
22 radclient - send packets to a RADIUS server, show reply
33 .SH SYNOPSIS
124124 service is not found in \fI/etc/services\fP, 1813 and 1812 are used
125125 respectively.
126126
127 If a host name is specified, then radclient will do a DNS lookup, and
128 use the A record to find the IP address of the RADIUS server. If
129 there is no A record, then radclient will look for an AAAA record. If
130 there is no AAAA record, an error will be produced.
131
132 IPv6 addresses may be specified by surrounding it in square brackets.
133 For example, [2002:c000:0201:0:0:0:0:0], or with a port,
134 [2002:c000:0201:0:0:0:0:0]:18120.
135
127136 The RADIUS attributes read by \fIradclient\fP can contain the special
128137 attribute \fBPacket-Dst-IP-Address\fP. If this attribute exists, then
129138 that IP address is where the packet is sent, and the \fBserver\fP
+1
-2
man/man5/rlm_unix.5 less more
1818 The module also provides FreeRADIUS an interface into a radwtmp file
1919 (used by "radlast") when added to the accounting section.
2020 .PP
21 The \fIrlm_unix\fP module does provides the functionality for
22 "Auth-Type = System". The module should be listed in the
21 The \fIrlm_unix\fP module should be listed in the
2322 "authenticate" section. Please see the default \fIradiusd.conf\fP
2423 shipped with the server for an example of the correct usage of this
2524 module.
+17
-7
man/man5/unlang.5 less more
99 .RE
1010 .sp
1111 ..
12 .TH unlang 5 "05 February 2016" "" "FreeRADIUS Processing un-language"
12 .TH unlang 5 "02 January 2016" "" "FreeRADIUS Processing un-language"
1313 .SH NAME
1414 unlang \- FreeRADIUS Processing un\-language
1515 .SH DESCRIPTION
289289
290290 Load-balance sections can contain only a list of modules, and cannot
291291 contain keywords that perform conditional operations (if, else, etc)
292 or update an attribute list.
292 or update an attribute list. Please see raddb/radiusd.conf
293 "instantiate" section for more configuration examples.
293294
294295 .DS
295296 redundant-load-balance {
759760
760761 Note that this operator is very different than the '=' operator listed
761762 above!
763 .IP !=
764 Keep all attributes with matching name, and value not equal to the
765 given one.
766 .IP <
767 Keep all attributes having values less than the value
768 given here. Any larger value is replaced by the value given here. If
769 no attribute exists, it is added with the value given here, as with
770 "+=".
762771 .IP <=
763772 Keep all attributes having values less than, or equal to, the value
764773 given here. Any larger value is replaced by the value given here. If
765774 no attribute exists, it is added with the value given here, as with
766775 "+=".
767
768 This operator is valid only for attributes of integer type.
776 .IP >
777 Keep all attributes having values greater than the value
778 given here. Any smaller value is replaced by the value given here. If
779 no attribute exists, it is added with the value given here, as with
780 "+=".
769781 .IP >=
770782 Keep all attributes having values greater than, or equal to, the value
771 given here. Any larger value is replaced by the value given here. If
783 given here. Any smaller value is replaced by the value given here. If
772784 no attribute exists, it is added with the value given here, as with
773785 "+=".
774
775 This operator is valid only for attributes of integer type.
776786 .IP !*
777787 Delete all occurances of the named attribute, no matter what the
778788 value.
+0
-12
man/man5/users.5 less more
168168 .RE
169169
170170 .DS
171 DEFAULT Auth-Type = System
172 .br
173 Fall-Through = Yes
174
175 .DE
176 .RS
177 For all users reaching this entry, perform authentication against the
178 system, unless Auth-Type has already been set. Also, process any
179 following entries which may match.
180 .RE
181
182 .DS
183171 DEFAULT Service-Type == Framed-User, Framed-Protocol == PPP
184172 .br
185173 Service-Type = Framed-User,
+4
-0
man/man8/raddebug.8 less more
66 .IR condition ]
77 .RB [ \-d
88 .IR config_directory ]
9 .RB [ \-n
10 .IR name ]
911 .RB [ \-i
1012 .IR ipv4-address ]
1113 .RB [ \-I
7072 .IP "\-d \fIconfig directory\fP"
7173 The radius configuration directory, usually /etc/raddb. See the
7274 \fIradmin\fP manual page for more description of this option.
75 .IP "\-n \fImname\fP"
76 Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP.
7377 .IP \-I\ \fIipv6-address\fP
7478 Show debug output for the client having the given IPv6 address. This
7579 option is equivalent to using:
+6
-2
mibs/FREERADIUS-MGMT-MIB.mib less more
44 OBJECT-IDENTITY
55 FROM SNMPv2-SMI
66 freeRadiusMgmt
7 FROM FREERADIUS-SMI;
7 FROM FREERADIUS-SMI
8 SnmpAdminString
9 FROM SNMP-FRAMEWORK-MIB;
810
911 freeradiusObjects MODULE-IDENTITY
1012 LAST-UPDATED "200712170000Z"
2426 "Generic objects used by notification MIBs"
2527 ::= { freeRadiusMgmt 1 }
2628
27 radiusObject OBJECT-IDENTITY
29 radiusObject OBJECT-TYPE
30 SYNTAX SnmpAdminString
31 MAX-ACCESS accessible-for-notify
2832 STATUS current
2933 DESCRIPTION
3034 "A generic object"
+2
-2
raddb/README.rst less more
7575
7676 Modules can be enabled by creating a soft link. For module ``foo``, do::
7777
78 $ cd raddb
79 $ ln -s mods-available/foo mods-enabled/foo
78 $ cd raddb/mods-enabled
79 $ ln -s ../mods-available/foo
8080
8181 To create "local" versions of the modules, we suggest copying the file
8282 instead. This leaves the original file (with documentation) in the
+9
-1
raddb/all.mk less more
1717 LOCAL_CERT_FILES := Makefile README xpextensions \
1818 ca.cnf server.cnf client.cnf bootstrap
1919
20 #
21 # We don't create the installed certs if we're building a package,
22 # OR if OpenSSL is not available.
23 #
24 ifeq "$(PACKAGE)" ""
25 ifneq "$(OPENSSL_LIBS)" ""
2026 LOCAL_CERT_PRODUCTS := $(addprefix $(R)$(raddbdir)/certs/,ca.key ca.pem \
2127 client.key client.pem server.key server.pem)
28 endif
29 endif
2230
2331 LEGACY_LINKS := $(addprefix $(R)$(raddbdir)/,users huntgroups hints)
2432
111119 @[ -e $@ ] || echo LN-S $(patsubst $(R)$(raddbdir)/%,raddb/%,$@)
112120 @[ -e $@ ] || ln -s $(patsubst $(R)$(raddbdir)/%,./%,$<) $@
113121
114 ifeq ("$(PACKAGE)","")
122 ifneq "$(LOCAL_CERT_PRODUCTS)" ""
115123 $(LOCAL_CERT_PRODUCTS):
116124 @echo BOOTSTRAP raddb/certs/
117125 @$(MAKE) -C $(R)$(raddbdir)/certs/
+23
-15
raddb/certs/Makefile less more
99 ######################################################################
1010
1111 DH_KEY_SIZE = 2048
12 OPENSSL = openssl
1213
1314 #
1415 # Set the passwords
4849 #
4950 ######################################################################
5051 dh:
51 openssl gendh -out dh -2 $(DH_KEY_SIZE)
52 $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
5253
5354 ######################################################################
5455 #
5859 ca.key ca.pem: ca.cnf
5960 @[ -f index.txt ] || $(MAKE) index.txt
6061 @[ -f serial ] || $(MAKE) serial
61 openssl req -new -x509 -keyout ca.key -out ca.pem \
62 $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
6263 -days $(CA_DEFAULT_DAYS) -config ./ca.cnf
64 chmod g+r ca.key
6365
6466 ca.der: ca.pem
65 openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
67 $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
6668
6769 ######################################################################
6870 #
7072 #
7173 ######################################################################
7274 server.csr server.key: server.cnf
73 openssl req -new -out server.csr -keyout server.key -config ./server.cnf
75 $(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf
76 chmod g+r server.key
7477
7578 server.crt: server.csr ca.key ca.pem
76 openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
79 $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
7780
7881 server.p12: server.crt
79 openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
82 $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
83 chmod g+r server.p12
8084
8185 server.pem: server.p12
82 openssl pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
86 $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
87 chmod g+r server.pem
8388
8489 .PHONY: server.vrfy
8590 server.vrfy: ca.pem
86 @openssl verify -CAfile ca.pem server.pem
91 @$(OPENSSL) verify -CAfile ca.pem server.pem
8792
8893 ######################################################################
8994 #
9297 #
9398 ######################################################################
9499 client.csr client.key: client.cnf
95 openssl req -new -out client.csr -keyout client.key -config ./client.cnf
100 $(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf
101 chmod g+r client.key
96102
97103 client.crt: client.csr ca.pem ca.key
98 openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
104 $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
99105
100106 client.p12: client.crt
101 openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
107 $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
108 chmod g+r client.p12
102109
103110 client.pem: client.p12
104 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
111 $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
112 chmod g+r client.pem
105113 cp client.pem $(USER_NAME).pem
106114
107115 .PHONY: client.vrfy
108116 client.vrfy: ca.pem client.pem
109117 c_rehash .
110 openssl verify -CApath . client.pem
118 $(OPENSSL) verify -CApath . client.pem
111119
112120 ######################################################################
113121 #
121129 @echo '01' > serial
122130
123131 print:
124 openssl x509 -text -in server.crt
132 $(OPENSSL) x509 -text -in server.crt
125133
126134 printca:
127 openssl x509 -text -in ca.pem
135 $(OPENSSL) x509 -text -in ca.pem
128136
129137 clean:
130138 @rm -f *~ *old client.csr client.key client.crt client.p12 client.pem
+2
-2
raddb/mods-available/README.rst less more
00 Modules in Version 3
11 ====================
22
3 As of Version 3, all of the modules have been places in the
3 As of Version 3, all of the modules have been placed in the
44 "mods-available/" directory. This practice follows that used by other
55 servers such as Nginx, Apache, etc. The "modules" directory should
66 not be used.
5757 Ignoring module (see raddb/mods-available/README.rst)
5858
5959 Then you are in the right place. Most of the time this message can be
60 ignored. The message can be fixed by find the references to "-module"
60 ignored. The message can be fixed by finding the references to "-module"
6161 in the virtual server, and deleting them.
6262
6363 Another way to fix it is to configure the module, as described above.
+0
-9
raddb/mods-available/cache less more
6161 #
6262 # This value should be between 10 and 86400.
6363 ttl = 10
64
65 # You can flush the cache via
66 #
67 # radmin -e "set module config cache epoch 123456789"
68 #
69 # Where last value is a 32-bit Unix timestamp. Cache entries older
70 # than this are expired, as new entries added.
71 #
72 # You should never set the "epoch" configuration item in this file.
7364
7465 # If yes the following attributes will be added to the request:
7566 # * &request:Cache-Entry-Hits - The number of times this entry
+5
-0
raddb/mods-available/date less more
1010 #
1111 date {
1212 format = "%b %e %Y %H:%M:%S %Z"
13
14 # Use UTC instead of local time.
15 #
16 # default = no
17 # utc = yes
1318 }
+15
-10
raddb/mods-available/eap less more
324324 #
325325 cipher_list = "DEFAULT"
326326
327 # If enabled, OpenSSL will use server cipher list
328 # (possibly defined by cipher_list option above)
329 # for choosing right cipher suite rather than
330 # using client-specified list which is OpenSSl default
331 # behavior. Having it set to yes is a current best practice
332 # for TLS
333 cipher_server_preference = no
334
327335 # Work-arounds for OpenSSL nonsense
328336 # OpenSSL 1.0.1f and 1.0.1g do not calculate
329337 # the EAP keys correctly. The fix is to upgrade
373381 # Enable it. The default is "no". Deleting the entire "cache"
374382 # subsection also disables caching.
375383 #
384 # As of version 3.0.14, the session cache requires the use
385 # of the "name" and "persist_dir" configuration items, below.
386 #
387 # The internal OpenSSL session cache has been permanently
388 # disabled.
389 #
376390 # You can disallow resumption for a particular user by adding the
377391 # following attribute to the control item list:
378392 #
381395 # If "enable = no" below, you CANNOT enable resumption for just one
382396 # user by setting the above attribute to "yes".
383397 #
384 enable = yes
398 enable = no
385399
386400 #
387401 # Lifetime of the cached entries, in hours. The sessions will be
388402 # deleted/invalidated after this time.
389403 #
390404 lifetime = 24 # hours
391
392 #
393 # The maximum number of entries in the
394 # cache. Set to "0" for "infinite".
395 #
396 # This could be set to the number of users
397 # who are logged in... which can be a LOT.
398 #
399 max_entries = 255
400405
401406 #
402407 # Internal "name" of the session cache. Used to
+57
-0
raddb/mods-available/moonshot-targeted-ids less more
0 # -*- text -*-
1 #
2 # $Id$
3
4 #
5 # Write Moonshot-*-TargetedId (MSTID) to the database.
6 #
7 # Schema raddb/sql/moonshot-targeted-ids/<DB>/schema.sql
8 # Queries raddb/sql/moonshot-targeted-ids/<DB>/queries.conf
9 #
10 sql moonshot_tid_sql {
11
12 # The dialect of SQL you want to use, this should usually match
13 # the driver below.
14 #
15 # If you're using rlm_sql_null, then it should be the type of
16 # database the logged queries are going to be executed against.
17 dialect = "sqlite"
18
19 # The sub-module to use to execute queries. This should match
20 # the database you're attempting to connect to.
21 #
22 # There are MSTID queries available for:
23 # * rlm_sql_mysql
24 # * rlm_sql_postgresql
25 # * rlm_sql_sqlite
26 # * rlm_sql_null (log queries to disk)
27 #
28 driver = "rlm_sql_${dialect}"
29
30 sqlite {
31 filename = ${radacctdir}/moonshot-targeted-ids.sqlite
32 bootstrap = ${modconfdir}/${..:name}/moonshot-targeted-ids/sqlite/schema.sql
33 }
34
35 # Write MSTID queries to a logfile. Useful for debugging.
36 # logfile = ${logdir}/moonshot-targeted-id-log.sql
37
38 pool {
39 start = 5
40 min = 4
41 max = 10
42 spare = 3
43 uses = 0
44 lifetime = 0
45 idle_timeout = 60
46 }
47
48 # If you adjust the table name here, you must also modify the table name in
49 # the moonshot_get_targeted_id.post-auth policy in policy.d/moonshot-targeted-ids
50 # and the schema.sql files in the mods-config/sql/moonshot-targeted-ids tree.
51 #
52 moonshot_tid_table = "moonshot_targeted_ids"
53 sql_user_name = "%{User-Name}"
54
55 $INCLUDE ${modconfdir}/${.:name}/moonshot-targeted-ids/${dialect}/queries.conf
56 }
+9
-0
raddb/mods-available/mschap less more
7676 #
7777 # winbind_username = "%{mschap:User-Name}"
7878 # winbind_domain = "%{mschap:NT-Domain}"
79
80 # When using single sign-on with a winbind connection and the
81 # client uses a different casing for the username than the
82 # casing is according to the backend, reauth may fail because
83 # of some Windows internals. This switch tries to find the
84 # user in the correct casing in the backend, and retry
85 # authentication with that username.
86 #
87 # winbind_retry_with_normalised_username = no
7988
8089 #
8190 # Information for the winbind connection pool. The configuration
+0
-2
raddb/mods-available/otp less more
88 # It works in conjunction with otpd, which implements token
99 # management and OTP verification functions; and lsmd or gsmd,
1010 # which implements synchronous state management functions.
11 # otpd, lsmd and gsmd are available from TRI-D Systems:
12 # <http://www.tri-dsystems.com/>
1311
1412 # You must list this module in BOTH the authorize and authenticate
1513 # sections in order to use it.
+8
-0
raddb/mods-available/python less more
66 # a function defined, it will return NOOP.
77 #
88 python {
9 # Path to the python modules
10 #
11 # Note that due to limitations on Python, this configuration
12 # item is GLOBAL TO THE SERVER. That is, you cannot have two
13 # instances of the python module, each with a different path.
14 #
15 # python_path="/path/to/python/files:/another_path/to/python_files/"
16
917 module = example
1018
1119 mod_instantiate = ${.module}
+1
-0
raddb/mods-available/realm less more
3232 # for a trust-router. For all other realms,
3333 # they are ignored.
3434 # trust_router = "localhost"
35 # tr_port = 12309
3536 # rp_realm = "painless-security.com"
3637 # default_community = "apc.moonshot.ja.net"
3738 }
+2
-0
raddb/mods-config/attr_filter/pre-proxy less more
5959 NAS-IP-Address =* ANY,
6060 NAS-Identifier =* ANY,
6161 Operator-Name =* ANY,
62 Calling-Station-Id =* ANY,
63 Chargeable-User-Identity =* ANY,
6264 Proxy-State =* ANY
+8
-4
raddb/mods-config/files/accounting less more
88 # Realm, the Huntgroup-Name or any combinaison of the attribute/value
99 # pairs contained in an accounting packet.
1010 #
11 #DEFAULT Realm == "foo.net", Acct-Type := sql_log.foo
11 # You will need to add an "Acct-Type foo {...}" subsection to the
12 # main "accounting" section in order for these sample configurations
13 # to work.
1214 #
13 #DEFAULT Huntgroup-Name == "wifi", Acct-Type := sql_log.wifi
15 #DEFAULT Realm == "foo.net", Acct-Type := foo
1416 #
15 #DEFAULT Client-IP-Address == 10.0.0.1, Acct-Type := sql_log.other
17 #DEFAULT Huntgroup-Name == "wifi", Acct-Type := wifi
1618 #
17 #DEFAULT Acct-Status-Type == Start, Acct-Type := sql_log.start
19 #DEFAULT Client-IP-Address == 10.0.0.1, Acct-Type := other
20 #
21 #DEFAULT Acct-Status-Type == Start, Acct-Type := start
1822
1923 # Replace the User-Name with the Stripped-User-Name, if it exists.
2024 #
+6
-1
raddb/mods-config/perl/example.pl less more
125125 return RLM_MODULE_REJECT;
126126 } else {
127127 # Accept user and set some attribute
128 $RAD_REPLY{'h323-credit-amount'} = "100";
128 if (&radiusd::xlat("%{client:group}") eq 'UltraAllInclusive') {
129 # User called from NAS with unlim plan set, set higher limits
130 $RAD_REPLY{'h323-credit-amount'} = "1000000";
131 } else {
132 $RAD_REPLY{'h323-credit-amount'} = "100";
133 }
129134 return RLM_MODULE_OK;
130135 }
131136 }
+8
-11
raddb/mods-config/preprocess/huntgroups less more
00 #
11 # huntgroups This file defines the `huntgroups' that you have. A
22 # huntgroup is defined by specifying the IP address of
3 # the NAS and possibly a port range. Port can be identified
4 # as just one port, or a range (from-to), and multiple ports
5 # or ranges of ports must be separated by a comma. For
6 # example: 1,2,3-8
3 # the NAS and possibly a port.
74 #
85 # Matching is done while RADIUS scans the user file; if it
9 # includes the selection criterium "Huntgroup-Name == XXX"
6 # includes the selection criteria "Huntgroup-Name == XXX"
107 # the huntgroup is looked up in this file to see if it
118 # matches. There can be multiple definitions of the same
129 # huntgroup; the first one that matches will be used.
3128 #delft NAS-IP-Address == 198.51.100.5
3229
3330 #
34 # Ports 0-7 on the first terminal server in Alphen are connected to
31 # Port 0 on the first terminal server in Alphen are connected to
3532 # a huntgroup that is for business users only. Note that only one
3633 # of the username or groupname has to match to get access (OR/OR).
3734 #
3835 # Note that this huntgroup is a subset of the "alphen" huntgroup.
3936 #
40 #business NAS-IP-Address == 198.51.100.5, NAS-Port-Id == 0-7
41 # User-Name = rogerl,
42 # User-Name = henks,
43 # Group = business,
44 # Group = staff
37 #business NAS-IP-Address == 198.51.100.5, NAS-Port-Id == 0
38 # User-Name == rogerl,
39 # User-Name == henks,
40 # Group == business,
41 # Group == staff
4542
+15
-0
raddb/mods-config/sql/moonshot-targeted-ids/mysql/queries.conf less more
0 # -*- text -*-
1 #
2 # moonshot-targeted-ids/mysql/queries.conf -- Queries to update a MySQL Moonshot-Targeted-Ids table.
3 #
4 # $Id$
5
6 post-auth {
7 # Query to store the Moonshot-*-TargetedId
8 query = "\
9 INSERT IGNORE INTO ${..moonshot_tid_table} \
10 (gss_acceptor, namespace, username, targeted_id) \
11 VALUES \
12 ('%{control:Moonshot-MSTID-GSS-Acceptor}', '%{control:Moonshot-MSTID-Namespace}', \
13 '%{tolower:%{User-Name}}', '%{control:Moonshot-MSTID-TargetedId}')"
14 }
+8
-0
raddb/mods-config/sql/moonshot-targeted-ids/mysql/schema.sql less more
0 CREATE TABLE `moonshot_targeted_ids` (
1 `gss_acceptor` varchar(254) NOT NULL default '',
2 `namespace` varchar(36) NOT NULL default '',
3 `username` varchar(64) NOT NULL default '',
4 `targeted_id` varchar(128) NOT NULL default '',
5 `creationdate` timestamp NOT NULL default CURRENT_TIMESTAMP,
6 PRIMARY KEY (`username`,`gss_acceptor`,`namespace`)
7 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+15
-0
raddb/mods-config/sql/moonshot-targeted-ids/postgresql/queries.conf less more
0 # -*- text -*-
1 #
2 # moonshot-targeted-ids/postgresql/queries.conf -- Queries to update a PostgreSQL Moonshot-*-Targeted-Ids table.
3 #
4 # $Id$
5
6 post-auth {
7 # Query to store the Moonshot-*-TargetedId
8 query = "\
9 INSERT INTO ${..moonshot_tid_table} \
10 (gss_acceptor, namespace, username, targeted_id) \
11 VALUES \
12 ('%{control:Moonshot-MSTID-GSS-Acceptor}', '%{control:Moonshot-MSTID-Namespace}', \
13 '%{tolower:%{User-Name}}', '%{control:Moonshot-MSTID-TargetedId}')"
14 }
+8
-0
raddb/mods-config/sql/moonshot-targeted-ids/postgresql/schema.sql less more
0 CREATE TABLE moonshot_targeted_ids (
1 gss_acceptor varchar(254) NOT NULL DEFAULT '',
2 namespace varchar(36) NOT NULL DEFAULT '',
3 username varchar(64) NOT NULL DEFAULT '',
4 targeted_id varchar(128) NOT NULL DEFAULT '',
5 creationdate TIMESTAMP with time zone NOT NULL default 'now()',
6 PRIMARY KEY (username, gss_acceptor, namespace)
7 );
+15
-0
raddb/mods-config/sql/moonshot-targeted-ids/sqlite/queries.conf less more
0 # -*- text -*-
1 #
2 # moonshot-targeted-ids/sqlite/queries.conf -- Queries to update a sqlite Moonshot-*-Targeted-Ids table.
3 #
4 # $Id$
5
6 post-auth {
7 # Query to store the Moonshot-*-TargetedId
8 query = "\
9 INSERT INTO ${..moonshot_tid_table} \
10 (gss_acceptor, namespace, username, targeted_id) \
11 VALUES \
12 ('%{control:Moonshot-MSTID-GSS-Acceptor}', '%{control:Moonshot-MSTID-Namespace}', \
13 '%{tolower:%{User-Name}}', '%{control:Moonshot-MSTID-TargetedId}')"
14 }
+8
-0
raddb/mods-config/sql/moonshot-targeted-ids/sqlite/schema.sql less more
0 CREATE TABLE `moonshot_targeted_ids` (
1 `gss_acceptor` varchar(254) NOT NULL default '',
2 `namespace` varchar(36) NOT NULL default '',
3 `username` varchar(64) NOT NULL default '',
4 `targeted_id` varchar(128) NOT NULL default '',
5 `creationdate` timestamp NOT NULL default CURRENT_TIMESTAMP,
6 PRIMARY KEY (`username`,`gss_acceptor`,`namespace`)
7 );
+26
-9
raddb/policy.d/abfab-tr less more
2323 }
2424
2525 abfab_client_check {
26 # check that the acceptor host name is correct
27 if ("%{client:gss_acceptor_host_name}" && &gss-acceptor-host-name) {
28 if ("%{client:gss_acceptor_host_name}" != "%{gss-acceptor-host-name}") {
29 update reply {
30 Reply-Message = "GSS-Acceptor-Host-Name incorrect"
31 }
32 reject
26 # check that GSS-Acceptor-Host-Name is correct
27 if ("%{client:gss_acceptor_host_name}") {
28 if (&request:GSS-Acceptor-Host-Name) {
29 if (&request:GSS-Acceptor-Host-Name != "%{client:gss_acceptor_host_name}") {
30 update reply {
31 Reply-Message = "GSS-Acceptor-Host-Name incorrect"
32 }
33 reject
34 }
35 }
36 else {
37 # set GSS-Acceptor-Host-Name if it is not set by the mechanism
38 # but it is defined in the client configuration
39 update request {
40 GSS-Acceptor-Host-Name = "%{client:gss_acceptor_host_name}"
41 }
3342 }
3443 }
3544
36 # set trust-router-coi attribute from the client configuration
45 # set Trust-Router-COI attribute from the client configuration
3746 if ("%{client:trust_router_coi}") {
3847 update request {
3948 Trust-Router-COI := "%{client:trust_router_coi}"
4049 }
4150 }
4251
43 # set gss-acceptor-realm-name attribute from the client configuration
52 # set GSS-Acceptor-Realm-Name attribute from the client configuration
4453 if ("%{client:gss_acceptor_realm_name}") {
4554 update request {
4655 GSS-Acceptor-Realm-Name := "%{client:gss_acceptor_realm_name}"
4756 }
4857 }
58
59 # set GSS-Acceptor-Service-Name attribute from the client configuration
60 if ("%{client:gss_acceptor_service_name}") {
61 update request {
62 GSS-Acceptor-Service-Name = "%{client:gss_acceptor_service_name}"
63 }
64 }
65
4966 }
5067
5168 # A policy which is used to validate channel-bindings.
+1
-1
raddb/policy.d/accounting less more
3232 # wireless environment).
3333 #
3434 update request {
35 Tmp-String-9 := "${policy.class_value_prefix}"
35 &Tmp-String-9 := "${policy.class_value_prefix}"
3636 }
3737
3838 if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && \
+189
-31
raddb/policy.d/moonshot-targeted-ids less more
77 # Moonshot-Host-TargetedId (138)
88 # Moonshot-Realm-TargetedId (139)
99 # Moonshot-TR-COI-TargetedId (140)
10 # Moonshot-MSTID-GSS-Acceptor (141)
11 # Moonshot-MSTID-Namespace (142)
12 # Moonshot-MSTID-TargetedId (143)
1013 #
1114 # These attributes should also be listed in the attr_filter policies
1215 # post-proxy and pre-proxy when you use attribute filtering:
2124 # dictionary attacks, therefore should be chosen as a "random"
2225 # string and kept secret.
2326 #
24 targeted_id_salt = "changeme"
27 # If you use special characters %, { and }, escape them with a \ first
28 #
29 targeted_id_salt = 'changeme'
30
2531 #
2632 # Moonshot namespaces
2733 # These namespaces are used for UUID generation.
2834 # They should not be changed by implementors
2935 #
30 moonshot_host_namespace = "a574a04e-b7ff-4850-aa24-a8599c7de1c6"
31 moonshot_realm_namespace = "dea5f26d-a013-4444-977d-d09fc990d2e6"
32 moonshot_coi_namespace = "145d7e7e-7d54-43ee-bbcb-3c6ad9428247"
33
34 # This policy generates a host-specific targeted ID
36 moonshot_host_namespace = 'a574a04e-b7ff-4850-aa24-a8599c7de1c6'
37 moonshot_realm_namespace = 'dea5f26d-a013-4444-977d-d09fc990d2e6'
38 moonshot_coi_namespace = '145d7e7e-7d54-43ee-bbcb-3c6ad9428247'
39
40
41 # This policy generates a host-specific TargetedId
3542 #
3643 moonshot_host_tid.post-auth {
37 # generate a UUID for Moonshot-Host-TargetedId
38 # targeted id = (uuid -v 5 [namespace] [username][salt][RP host name])@[IdP realm name]
44 # retrieve or generate a UUID for Moonshot-Host-TargetedId
3945 if (&outer.request:GSS-Acceptor-Host-Name) {
40 if ("%{echo:/usr/bin/uuid -v 5 ${policy.moonshot_host_namespace} %{tolower:%{User-Name}}${policy.targeted_id_salt}%{tolower:%{outer.request:GSS-Acceptor-Host-Name}}}" =~ /^([^ ]+)([ ]*)$/) {
46 # prep some variables (used regardless of SQL backing or not!)
47 update control {
48 Moonshot-MSTID-GSS-Acceptor := "%{tolower:%{outer.request:GSS-Acceptor-Host-Name}}"
49 Moonshot-MSTID-Namespace := "${policy.moonshot_host_namespace}"
50 }
51
52 # if you want to use SQL-based backing, remove the comment from
53 # this line. You also have to configure and enable the
54 # moonshot-targeted-ids sql module in mods-enabled.
55 #
56 # moonshot_get_targeted_id
57
58 # generate a UUID for Moonshot-Host-TargetedId
59 if (!&control:Moonshot-MSTID-TargetedId) {
60 # generate the TID
61 moonshot_make_targeted_id
62
63 # if you want to store your TargetedId in SQL-based backing,
64 # remove the comment from this line. You also have to configure
65 # and enable the moonshot-targeted-ids sql module in mods-enabled.
66 #
67 # moonshot_tid_sql
68 }
69
70 # set the actual TargetedId in the session-state list
71 if (&control:Moonshot-MSTID-TargetedId) {
4172 update outer.session-state {
42 Moonshot-Host-TargetedId := "%{1}@%{tolower:%{request:Realm}}"
43 }
44 }
45 }
46 }
47 # This policy generates a realm-specific targeted ID
73 Moonshot-Host-TargetedId := &control:Moonshot-MSTID-TargetedId
74 }
75 update control {
76 Moonshot-MSTID-TargetedId !* ANY
77 }
78 }
79 }
80 }
81
82 # This policy generates a realm-specific TargetedId
4883 #
4984 moonshot_realm_tid.post-auth {
50 # generate a UUID for Moonshot-Realm-TargetedId
51 # targeted id = (uuid -v 5 [namespace] [username][salt][RP realm name])@[IdP realm name]
85 # retrieve or generate a UUID for Moonshot-Realm-TargetedId
5286 if (&outer.request:GSS-Acceptor-Realm-Name) {
53 if ("%{echo:/usr/bin/uuid -v 5 ${policy.moonshot_realm_namespace} %{tolower:%{User-Name}}${policy.targeted_id_salt}%{tolower:%{outer.request:GSS-Acceptor-Realm-Name}}}" =~ /^([^ ]+)([ ]*)$/) {
87 # prep some variables (used regardless of SQL backing or not!)
88 update control {
89 Moonshot-MSTID-GSS-Acceptor := "%{tolower:%{outer.request:GSS-Acceptor-Realm-Name}}"
90 Moonshot-MSTID-Namespace := "${policy.moonshot_realm_namespace}"
91 }
92
93 # if you want to use SQL-based backing, remove the comment from
94 # this line. You also have to configure and enable the
95 # moonshot-targeted-ids sql module in mods-enabled.
96 #
97 # moonshot_get_targeted_id
98
99 # generate a UUID for Moonshot-Realm-TargetedId
100 if (!&control:Moonshot-MSTID-TargetedId) {
101 # generate the TID
102 moonshot_make_targeted_id
103
104 # if you want to store your TargetedId in SQL-based backing,
105 # remove the comment from this line. You also have to configure
106 # and enable the moonshot-targeted-ids sql module in mods-enabled.
107 #
108 # moonshot_tid_sql
109 }
110
111 # set the actual TargetedId in the session-state list
112 if (&control:Moonshot-MSTID-TargetedId) {
54113 update outer.session-state {
55 Moonshot-Realm-TargetedId := "%{1}@%{tolower:%{request:Realm}}"
56 }
57 }
58 }
59 }
114 Moonshot-Realm-TargetedId := &control:Moonshot-MSTID-TargetedId
115 }
116 update control {
117 Moonshot-MSTID-TargetedId !* ANY
118 }
119 }
120 }
121 }
122
60123 # This policy generates a COI-specific targeted ID
61124 #
62125 moonshot_coi_tid.post-auth {
63 # generate a UUID for Moonshot-TR-COI-TargetedId
64 # targeted id = (uuid -v 5 [namespace] [username][salt][RP COI name])@[IdP realm name]
126 # retrieve or generate a UUID for Moonshot-TR-COI-TargetedId
65127 if (&outer.request:Trust-Router-COI) {
66 if ("%{echo:/usr/bin/uuid -v 5 ${policy.moonshot_coi_namespace} %{tolower:%{User-Name}}${policy.targeted_id_salt}%{tolower:%{outer.request:Trust-Router-COI}}}" =~ /^([^ ]+)([ ]*)$/) {
128 # prep some variables (used regardless of SQL backing or not!)
129 update control {
130 Moonshot-MSTID-GSS-Acceptor := "%{tolower:%{outer.request:Trust-Router-COI}}"
131 Moonshot-MSTID-Namespace := "${policy.moonshot_coi_namespace}"
132 }
133
134 # if you want to use SQL-based backing, remove the comment from
135 # this line. You also have to configure and enable the
136 # moonshot-targeted-ids sql module in mods-enabled.
137 #
138 # moonshot_get_targeted_id
139
140 # generate a UUID for Moonshot-TR-COI-TargetedId
141 if (!&control:Moonshot-MSTID-TargetedId) {
142 # generate the TID
143 moonshot_make_targeted_id
144
145 # if you want to store your TargetedId in SQL-based backing,
146 # remove the comment from this line. You also have to configure
147 # and enable the moonshot-targeted-ids sql module in mods-enabled.
148 #
149 # moonshot_tid_sql
150 }
151
152 # set the actual TargetedId in the session-state list
153 if (&control:Moonshot-MSTID-TargetedId) {
67154 update outer.session-state {
68 Moonshot-TR-COI-TargetedId := "%{1}@%{tolower:%{request:Realm}}"
69 }
70 }
71 }
72 }
155 Moonshot-TR-COI-TargetedId := &control:Moonshot-MSTID-TargetedId
156 }
157 update control {
158 Moonshot-MSTID-TargetedId !* ANY
159 }
160 }
161 }
162 }
163
164 # This is the generic generation policy. It requires moonshot_host_tid, moonshot_realm_tid, or moonshot_coi_tid to set variables
165 #
166 moonshot_make_targeted_id.post-auth {
167 # uses variables set in the control list
168 #
169 if (&control:Moonshot-MSTID-Namespace && &control:Moonshot-MSTID-GSS-Acceptor) {
170 # targeted id = (uuid -v 5 [namespace] [username][salt][GSS acceptor value])@[IdP realm name]
171 #
172 if ("%{echo:/usr/bin/uuid -v 5 %{control:Moonshot-MSTID-Namespace} %{tolower:%{User-Name}}${policy.targeted_id_salt}%{control:Moonshot-MSTID-GSS-Acceptor}}" =~ /^([^ ]+)([ ]*)$/) {
173 update control {
174 Moonshot-MSTID-TargetedId := "%{1}@%{tolower:%{request:Realm}}"
175 }
176 if (&control:Moonshot-MSTID-TargetedId =~ /([\%\{\}]+)/) {
177 update control {
178 Moonshot-MSTID-TargetedId !* ANY
179 }
180 update outer.session-state {
181 Module-Failure-Message = 'Invalid TargetedId generated, check your targeted_id_salt!'
182 }
183 reject
184 }
185 }
186 else {
187 # we simply return the 'echo' error message as the Module-Failure-Message, usually a lack of 'uuid'
188 reject
189 }
190 }
191 else {
192 # Our variables were not set, so we'll throw an error because there's no point in continuing!
193 update outer.session-state {
194 Module-Failure-Message = 'Required variables for moonshot_make_targeted_id not set!'
195 }
196 reject
197 }
198 }
199
200 # This is the generic retrieval policy. It requires moonshot_host_tid, moonshot_realm_tid, or moonshot_coi_tid to set variables
201 #
202 moonshot_get_targeted_id.post-auth {
203 # uses variables set in the control list
204 #
205 if (&control:Moonshot-MSTID-Namespace && &control:Moonshot-MSTID-GSS-Acceptor) {
206 # retrieve the TargetedId
207 #
208 update control {
209 Moonshot-MSTID-TargetedId := "%{moonshot_tid_sql:\
210 SELECT targeted_id FROM moonshot_targeted_ids \
211 WHERE gss_acceptor = '%{control:Moonshot-MSTID-GSS-Acceptor}' \
212 AND namespace = '%{control:Moonshot-MSTID-Namespace}' \
213 AND username = '%{tolower:%{User-Name}}'}"
214 }
215
216 # if the value is empty, there's no point in setting it and delete it from the control list!
217 if (&control:Moonshot-MSTID-TargetedId == '') {
218 update control {
219 Moonshot-MSTID-TargetedId !* ANY
220 }
221 }
222 }
223 else {
224 # Our variables were not set, so we'll throw an error because there's no point in continuing!
225 update outer.session-state {
226 Module-Failure-Message = 'Required variables for moonshot_get_targeted_id not set!'
227 }
228 reject
229 }
230 }
+29
-25
raddb/radrelay.conf.in less more
7272
7373 # reject_delay && status_server don't apply when we are
7474 # only reading accounting packets from the detail file
75
76 @openssl_version_check_config@
7577 }
7678
7779 #
7880 # If you need more modules, add them here.
7981 #
8082 modules {
81 $INCLUDE ${confdir}/modules/always
83 $INCLUDE ${confdir}/mods-enabled/always
8284 }
8385
8486 #
134136 acct_pool = radrelay
135137 }
136138
137 #
138 # Read the detail file.
139 #
140 listen {
141 type = detail
139 server radrelay {
140 #
141 # Read the detail file.
142 #
143 listen {
144 type = detail
145
146 #
147 # The filename here should be the same as the one used by the
148 # main radiusd program. It writes the file using the "detail"
149 # module (see raddb/modules/detail).
150 #
151 filename = ${radacctdir}/detail
152 load_factor = 90
153 }
142154
143155 #
144 # The filename here should be the same as the one used by the
145 # main radiusd program. It writes the file using the "detail"
146 # module (see raddb/modules/detail).
156 # See also raddb/sites-available/copy-acct-to-home-server
157 # for additional description.
147158 #
148 filename = ${radacctdir}/detail
149 load_factor = 90
150 }
151
152 #
153 # See also raddb/sites-available/copy-acct-to-home-server
154 # for additional description.
155 #
156 preacct {
157 #
158 # Proxy the packet using the given realm.
159 # Note that we do not use the realm for anything else such
160 # as prefix/suffix stripping or comparisons.
161 #
162 update control {
163 Proxy-To-Realm := "radrelay"
159 preacct {
160 #
161 # Proxy the packet using the given realm.
162 # Note that we do not use the realm for anything else such
163 # as prefix/suffix stripping or comparisons.
164 #
165 update control {
166 Proxy-To-Realm := "radrelay"
167 }
164168 }
165169 }
+2
-1
raddb/sites-available/abfab-tls less more
2323 cache {
2424 enable = no
2525 lifetime = 24 # hours
26 max_entries = 255
26 name = "abfab-tls"
27 # persist_dir = ${logdir}/abfab-tls
2728 }
2829
2930 require_client_cert = yes
+0
-6
raddb/sites-available/abfab-tr-idp less more
7878 #
7979 # See "Authentication Logging Queries" in sql.conf
8080 -sql
81
82 #
83 # Instead of sending the query to the SQL server,
84 # write it into a log file.
85 #
86 # sql_log
8781
8882 #
8983 # Un-comment the following if you want to modify the user's object
+23
-0
raddb/sites-available/buffered-sql less more
4242 # The location where the detail file is located.
4343 # This should be on local disk, and NOT on an NFS
4444 # mounted location!
45 #
46 # On most systems, this should support file globbing
47 # e.g. "${radacctdir}/detail-*:*"
48 # This lets you write many smaller detail files as in
49 # the example in radiusd.conf: ".../detail-%Y%m%d:%H"
50 # Writing many small files is often better than writing
51 # one large file. File globbing also means that with
52 # a common naming scheme for detail files, then you can
53 # have many detail file writers, and only one reader.
54 #
4555 filename = "${radacctdir}/detail-*"
4656
4757 #
7787 # wake up, and poll for it every N seconds.
7888 #
7989 # Useful range of values: 1 to 60
90 #
8091 poll_interval = 1
8192
8293 #
8697 # home server responds.
8798 #
8899 # Useful range of values: 5 to 30
100 #
89101 retry_interval = 30
90102
91103 #
97109 # have already been processed. The default is "no".
98110 #
99111 # track = yes
112
113 #
114 # In some circumstances it may be desirable for the
115 # server to start up, process a detail file, and
116 # immediately quit. To do this enable the "one_shot"
117 # option below.
118 #
119 # Do not enable this for normal server operation. The
120 # default is "no".
121 #
122 # one_shot = no
100123 }
101124
102125 #
+6
-0
raddb/sites-available/copy-acct-to-home-server less more
2727 server copy-acct-to-home-server {
2828 listen {
2929 type = detail
30
31 #
32 # See sites-available/buffered-sql for more details on
33 # all the options available for the detail reader.
34 #
3035
3136 ######################################################
3237 #
6267 # one large file. File globbing also means that with
6368 # a common naming scheme for detail files, then you can
6469 # have many detail file writers, and only one reader.
70 #
6571 filename = ${radacctdir}/detail
6672
6773 #
+0
-6
raddb/sites-available/decoupled-accounting less more
118118 # See "Accounting queries" in sql.conf
119119 # sql
120120
121 #
122 # Instead of sending the query to the SQL server,
123 # write it into a log file.
124 #
125 # sql_log
126
127121 # Cisco VoIP specific bulk accounting
128122 # pgsql-voip
129123
+48
-27
raddb/sites-available/default less more
8484 # proxy listeners are automatically created.
8585
8686 # ipaddr/ipv4addr/ipv6addr - IP address on which to listen.
87 # Out of several options the first one will be used.
88 #
89 # Allowed values are:
90 # IPv4 address (e.g. 1.2.3.4, for ipv4addr/ipaddr)
91 # IPv6 address (e.g. 2001:db8::1, for ipv6addr/ipaddr)
92 # hostname (radius.example.com,
93 # A record for ipv4addr,
94 # AAAA record for ipv6addr,
95 # A or AAAA record for ipaddr)
96 # wildcard (*)
87 # If multiple ones are listed, only the first one will
88 # be used, and the others will be ignored.
89 #
90 # The configuration options accept the following syntax:
91 #
92 # ipv4addr - IPv4 address (e.g.192.0.2.3)
93 # - wildcard (i.e. *)
94 # - hostname (radius.example.com)
95 # Only the A record for the host name is used.
96 # If there is no A record, an error is returned,
97 # and the server fails to start.
98 #
99 # ipv6addr - IPv6 address (e.g. 2001:db8::1)
100 # - wildcard (i.e. *)
101 # - hostname (radius.example.com)
102 # Only the AAAA record for the host name is used.
103 # If there is no AAAA record, an error is returned,
104 # and the server fails to start.
105 #
106 # ipaddr - IPv4 address as above
107 # - IPv6 address as above
108 # - wildcard (i.e. *), which means IPv4 wildcard.
109 # - hostname
110 # If there is only one A or AAAA record returned
111 # for the host name, it is used.
112 # If multiple A or AAAA records are returned
113 # for the host name, only the first one is used.
114 # If both A and AAAA records are returned
115 # for the host name, only the A record is used.
97116 #
98117 # ipv4addr = *
99118 # ipv6addr = *
346365 # It also sets the EAP-Type attribute in the request
347366 # attribute list to the EAP type from the packet.
348367 #
349 # The EAP module returns "ok" if it is not yet ready to
350 # authenticate the user. The configuration below checks for
351 # that code, and stops processing the "authorize" section if
352 # so.
368 # The EAP module returns "ok" or "updated" if it is not yet ready
369 # to authenticate the user. The configuration below checks for
370 # "ok", and stops processing the "authorize" section if so.
353371 #
354372 # Any LDAP and/or SQL servers will not be queried for the
355373 # initial set of packets that go back and forth to set up
356374 # TTLS or PEAP.
357375 #
376 # The "updated" check is commented out for compatibility with
377 # previous versions of this configuration, but you may wish to
378 # uncomment it as well; this will further reduce the number of
379 # LDAP and/or SQL queries for TTLS or PEAP.
380 #
358381 eap {
359382 ok = return
383 # updated = return
360384 }
361385
362386 #
552576 #
553577
554578 # update request {
555 # FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
579 # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
556580 # }
557581
558582
628652 # ok
629653 # }
630654
631 #
632 # Instead of sending the query to the SQL server,
633 # write it into a log file.
634 #
635 # sql_log
636
637655 # Cisco VoIP specific bulk accounting
638656 # pgsql-voip
639657
711729 #
712730 # See "Authentication Logging Queries" in mods-available/sql
713731 -sql
714
715 #
716 # Instead of sending the query to the SQL server,
717 # write it into a log file.
718 #
719 # sql_log
720732
721733 #
722734 # Un-comment the following if you want to modify the user's object
826838 # Remove reply message if the response contains an EAP-Message
827839 remove_reply_message_if_eap
828840 }
841
842 #
843 # Filter access challenges.
844 #
845 Post-Auth-Type Challenge {
846 # remove_reply_message_if_eap
847 # attr_filter.access_challenge.post-auth
848 }
849
829850 }
830851
831852 #
+37
-31
raddb/sites-available/inner-tunnel less more
301301 -sql
302302
303303 #
304 # Instead of sending the query to the SQL server,
305 # write it into a log file.
306 #
307 # sql_log
308
309 #
310304 # Un-comment the following if you have set
311305 # 'edir_account_policy_check = yes' in the ldap module sub-section of
312306 # the 'modules' section.
316310
317311 #
318312 # Un-comment the following if you want to generate Moonshot (ABFAB) TargetedIds
319 # IMPORTANT: This requires the UUID package to be installed!
313 #
314 # IMPORTANT: This requires the UUID package to be installed, and a targeted_id_salt
315 # to be configured.
316 #
317 # This functionality also supports SQL backing. To use this functionality, enable
318 # and configure the moonshot-targeted-ids SQL module in the mods-enabled directory.
319 # Then remove the comments from the appropriate lines in each of the below
320 # policies in the policy.d/moonshot-targeted-ids file.
320321 #
321322 # moonshot_host_tid
322323 # moonshot_realm_tid
323324 # moonshot_coi_tid
324325
325326 #
326 # Instead of "use_tunneled_reply", uncomment the
327 # next two "update" blocks.
328 #
329 # update {
330 # &outer.session-state: += &reply:
331 # }
332
333 #
334 # These attributes are for the inner session only.
335 # They MUST NOT be sent in the outer reply.
336 #
337 # If you uncomment the previous block and leave
338 # this one commented out, WiFi WILL NOT WORK,
339 # because the client will get two MS-MPPE-keys
340 #
341 # update outer.session-state {
342 # MS-MPPE-Encryption-Policy !* ANY
343 # MS-MPPE-Encryption-Types !* ANY
344 # MS-MPPE-Send-Key !* ANY
345 # MS-MPPE-Recv-Key !* ANY
346 # Message-Authenticator !* ANY
347 # EAP-Message !* ANY
348 # Proxy-State !* ANY
349 # }
327 # Instead of "use_tunneled_reply", change this "if (0)" to an
328 # "if (1)".
329 #
330 if (0) {
331 #
332 # These attributes are for the inner-tunnel only,
333 # and MUST NOT be copied to the outer reply.
334 #
335 update reply {
336 User-Name !* ANY
337 Message-Authenticator !* ANY
338 EAP-Message !* ANY
339 Proxy-State !* ANY
340 MS-MPPE-Encryption-Types !* ANY
341 MS-MPPE-Encryption-Policy !* ANY
342 MS-MPPE-Send-Key !* ANY
343 MS-MPPE-Recv-Key !* ANY
344 }
345
346 #
347 # Copy the inner reply attributes to the outer
348 # session-state list. The post-auth policy will take
349 # care of copying the outer session-state list to the
350 # outer reply.
351 #
352 update {
353 &outer.session-state: += &reply:
354 }
355 }
350356
351357 #
352358 # Access-Reject packets are sent through the REJECT sub-section of the
+15
-9
raddb/sites-available/tls less more
198198 # in "man 1 ciphers".
199199 cipher_list = "DEFAULT"
200200
201 # If enabled, OpenSSL will use server cipher list
202 # (possibly defined by cipher_list option above)
203 # for choosing right cipher suite rather than
204 # using client-specified list which is OpenSSl default
205 # behavior. Having it set to yes is a current best practice
206 # for TLS
207 cipher_server_preference = no
208
201209 #
202210 # Session resumption / fast reauthentication
203211 # cache.
230238 # Deleting the entire "cache" subsection
231239 # Also disables caching.
232240 #
241 #
242 # As of version 3.0.14, the session cache requires the use
243 # of the "name" and "persist_dir" configuration items, below.
244 #
245 # The internal OpenSSL session cache has been permanently
246 # disabled.
247 #
233248 # You can disallow resumption for a
234249 # particular user by adding the following
235250 # attribute to the control item list:
248263 # time.
249264 #
250265 lifetime = 24 # hours
251
252 #
253 # The maximum number of entries in the
254 # cache. Set to "0" for "infinite".
255 #
256 # This could be set to the number of users
257 # who are logged in... which can be a LOT.
258 #
259 max_entries = 255
260266
261267 #
262268 # Internal "name" of the session cache.
+0
-7
redhat/freeradius-logrotate less more
2424 }
2525
2626 #
27 # Session database modules
28 #
29 /var/log/radius/radutmp /var/log/radius/radwtmp {
30 nocreate
31 }
32
33 #
3427 # SQL log files
3528 #
3629 /var/log/radius/sqllog.sql {
+8
-2
redhat/freeradius.spec less more
2525
2626 Summary: High-performance and highly configurable free RADIUS server
2727 Name: freeradius
28 Version: 3.0.12
28 Version: 3.0.14
2929 Release: 2%{?dist}
3030 License: GPLv2+ and LGPLv2+
3131 Group: System Environment/Daemons
664664 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/*
665665 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/ndb
666666 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/ndb/*
667 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/mysql
668 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/mysql/*
667669 # postgres
668670 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/postgresql
669671 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/*
673675 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/postgresql/*
674676 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/postgresql
675677 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/*
678 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/postgresql
679 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/postgresql/*
676680 # sqlite
677681 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/sqlite
678682 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/*
685689 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/sqlite/*
686690 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
687691 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/*
692 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids/sqlite
693 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/moonshot-targeted-ids/sqlite/*
688694 # ruby
689695 %if %{?_with_rlm_ruby:1}%{!?_with_rlm_ruby:0}
690696 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/ruby
713719 # man-pages
714720 %doc %{_mandir}/man1/dhcpclient.1.gz
715721 %doc %{_mandir}/man1/radclient.1.gz
716 %doc %{_mandir}/man1/radcounter.1.gz
722 %doc %{_mandir}/man1/rad_counter.1.gz
717723 %doc %{_mandir}/man1/radeapclient.1.gz
718724 %doc %{_mandir}/man1/radlast.1.gz
719725 %doc %{_mandir}/man1/radtest.1.gz
+3
-1
redhat/radiusd.service less more
00 [Unit]
11 Description=FreeRADIUS multi-protocol policy server
2 After=syslog.target network.target
2 After=network.target
33 Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
44
55 [Service]
1010 ExecStart=/usr/sbin/radiusd $FREERADIUS_OPTIONS -m
1111 Restart=on-failure
1212 RestartSec=5
13 ExecReload=/usr/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout
14 ExecReload=/bin/kill -HUP $MAINPID
1315
1416 [Install]
1517 WantedBy=multi-user.target
+0
-7
scripts/logrotate/freeradius less more
2828 }
2929
3030 #
31 # Session database modules
32 #
33 /var/log/radius/radutmp /var/log/radius/radwtmp {
34 nocreate
35 }
36
37 #
3831 # SQL log files
3932 #
4033 /var/log/radius/sqllog.sql {
+4
-2
scripts/raddebug less more
2828 #
2929
3030 usage() {
31 printf "Usage: %s: [-c condition] [-d directory] [-D dictdir] [-i client-ip-address] [-I client-ipv6-address] [-f socket_file] [-t timeout] [-u user]\n" $(basename $0) >&2
31 printf "Usage: %s: [-c condition] [-d directory] [-n name] [-D dictdir] [-i client-ip-address] [-I client-ipv6-address] [-f socket_file] [-t timeout] [-u user]\n" $(basename $0) >&2
3232 exit 2
3333 }
3434
3535 extra=
3636 condition=1
3737 timeout=60
38 while getopts 'd:D:c:i:I:f:t:u:' OPTION
38 while getopts 'd:n:D:c:i:I:f:t:u:' OPTION
3939 do
4040 case $OPTION in
4141 c) condition="$OPTARG"
4242 ;;
4343 d) extra="$extra -d $OPTARG"
44 ;;
45 n) extra="$extra -n $OPTARG"
4446 ;;
4547 D) extra="$extra -D $OPTARG"
4648 ;;
+4
-0
share/dictionary less more
113113 $INCLUDE dictionary.rfc7155
114114 $INCLUDE dictionary.rfc7268
115115 $INCLUDE dictionary.rfc7499
116 $INCLUDE dictionary.rfc7930
116117
117118 #
118119 # Mostly values which have been allocated by IANA under
169170 $INCLUDE dictionary.cisco.bbsm
170171 $INCLUDE dictionary.citrix
171172 $INCLUDE dictionary.clavister
173 $INCLUDE dictionary.cnergee
172174 $INCLUDE dictionary.colubris
173175 $INCLUDE dictionary.compatible
174176 $INCLUDE dictionary.cosine
175177 $INCLUDE dictionary.dante
178 $INCLUDE dictionary.dellemc
176179 $INCLUDE dictionary.dlink
177180 $INCLUDE dictionary.digium
178181 $INCLUDE dictionary.dragonwave
215218 $INCLUDE dictionary.meraki
216219 $INCLUDE dictionary.merit
217220 $INCLUDE dictionary.meru
221 $INCLUDE dictionary.microsemi
218222 $INCLUDE dictionary.microsoft
219223 $INCLUDE dictionary.mikrotik
220224 $INCLUDE dictionary.motorola
+6
-6
share/dictionary.3gpp less more
5454 ATTRIBUTE 3GPP-Allocate-IP-Type 27 byte
5555
5656 VALUE 3GPP-RAT-Type UTRAN 1
57 VALUE 3GPP-RAT-TYPE GERAN 2
58 VALUE 3GPP-RAT-TYPE WLAN 3
59 VALUE 3GPP-RAT-TYPE GAN 4
60 VALUE 3GPP-RAT-TYPE HSPA-Evolution 5
61 VALUE 3GPP-RAT-TYPE EUTRAN 6
62 VALUE 3GPP-RAT-TYPE Virtual 7
57 VALUE 3GPP-RAT-Type GERAN 2
58 VALUE 3GPP-RAT-Type WLAN 3
59 VALUE 3GPP-RAT-Type GAN 4
60 VALUE 3GPP-RAT-Type HSPA-Evolution 5
61 VALUE 3GPP-RAT-Type EUTRAN 6
62 VALUE 3GPP-RAT-Type Virtual 7
6363 VALUE 3GPP-RAT-Type IEEE-802.16e 101
6464 VALUE 3GPP-RAT-Type 3GPP2-eHRPD 102
6565 VALUE 3GPP-RAT-Type 3GPP2-HRPD 103
+28
-1
share/dictionary.cisco.vpn3000 less more
00 # -*- text -*-
1 # Copyright (C) 2015 The FreeRADIUS Server project and contributors
1 # Copyright (C) 2017 The FreeRADIUS Server project and contributors
22 #
33 # Cisco VPN 3000 Concentrator Dictionary
44 #
8383 ATTRIBUTE CVPN3000-LEAP-Bypass 75 integer
8484 ATTRIBUTE CVPN3000-WebVPN-Exchange-NETBIOS-name 78 string
8585 ATTRIBUTE CVPN3000-Port-Forwarding-Name 79 string
86 ATTRIBUTE CVPN3000-IE-Proxy-Server 80 string
87 ATTRIBUTE CVPN3000-IE-Proxy-Server-Policy 81 integer
88 ATTRIBUTE CVPN3000-IE-Proxy-Exception-List 82 string
89 ATTRIBUTE CVPN3000-IE-Proxy-Bypass-Local 83 integer
90 ATTRIBUTE CVPN3000-IKE-Keepalive-Retry-Interval 84 integer
91 ATTRIBUTE CVPN3000-Tunnel-Group-Lock 85 string
92 ATTRIBUTE Cisco-VPN3000-Access-List-Inbound 86 string
93 ATTRIBUTE Cisco-VPN3000-Access-List-Outbound 87 string
94 ATTRIBUTE Cisco-VPN3000-Perfect-Forward-Secrecy-Enable 88 integer
95 ATTRIBUTE Cisco-VPN3000-NAC-Enable 89 integer
96 ATTRIBUTE Cisco-VPN3000-NAC-Status-Query-Timer 90 integer
97 ATTRIBUTE Cisco-VPN3000-NAC-Revalidation-Timer 91 integer
98 ATTRIBUTE Cisco-VPN3000-NAC-Default-ACL 92 integer
99 ATTRIBUTE Cisco-VPN3000-WebVPN-URL-Entry-Enable 93 integer
100 ATTRIBUTE Cisco-VPN3000-WebVPN-File-Access-Enable 94 integer
101 ATTRIBUTE Cisco-VPN3000-WebVPN-File-Server-Entry-Enable 95 integer
102 ATTRIBUTE Cisco-VPN3000-WebVPN-File-Server-Browsing-Enable 96 integer
103 ATTRIBUTE Cisco-VPN3000-WebVPN-Port-Forwarding-Enable 97 integer
104 ATTRIBUTE Cisco-VPN3000-WebVPN-Outlook-Exchange-Proxy-Enable 98 integer
105 ATTRIBUTE Cisco-VPN3000-WebVPN-Outlook-Exchange-Proxy-Enable 99 integer
106 ATTRIBUTE Cisco-VPN3000-WebVPN-Auto-Applet-Download-Enable 100 integer
107 ATTRIBUTE Cisco-VPN3000-WebVPN-Citrix-MetaFrame-Enable 101 integer
108 ATTRIBUTE Cisco-VPN3000-WebVPN-Apply-ACL 102 integer
109 ATTRIBUTE Cisco-VPN3000-WebVPN-SSL-VPN-Client-Enable 103 integer
110 ATTRIBUTE Cisco-VPN3000-WebVPN-SSL-VPN-Client-Required 104 integer
111 ATTRIBUTE Cisco-VPN3000-WebVPN-SSL-VPN-Client-Keep-Installation 105 integer
112
86113 ATTRIBUTE CVPN3000-Partition-Primary-DHCP 128 ipaddr
87114 ATTRIBUTE CVPN3000-Partition-Secondary-DHCP 129 ipaddr
88115 ATTRIBUTE CVPN3000-Partition-Premise-Router 131 ipaddr
+45
-0
share/dictionary.cnergee less more
0 # -*- text -*-
1 # Copyright (C) 2017 The Cnergee Access Server project
2 #
3 # dictionary.cnergee
4 #
5
6 VENDOR Cnergee 49426
7
8 BEGIN-VENDOR Cnergee
9
10 ATTRIBUTE BELRAS-Up-Speed-Limit 1 integer
11 ATTRIBUTE BELRAS-Down-Speed-Limit 2 integer
12 ATTRIBUTE BELRAS-Qos-Speed 3 integer
13 ATTRIBUTE BELRAS-User 4 string
14 ATTRIBUTE BELRAS-DHCP-Router-IP-Address 5 ipaddr
15 ATTRIBUTE BELRAS-DHCP-Mask 6 integer
16 ATTRIBUTE BELRAS-Redirect 7 integer
17 ATTRIBUTE BELRAS-redirect-Pool 8 integer
18 ATTRIBUTE BELRAS-DHCP-Option82 9 octets
19 ATTRIBUTE BELRAS-Session-Octets-Limit 10 integer
20 ATTRIBUTE BELRAS-Octets-Direction 11 integer
21 ATTRIBUTE BELRAS-AKAMAI-Speed 12 integer
22 ATTRIBUTE BELRAS-CACHE-Speed 13 integer
23 ATTRIBUTE BELRAS-CacheFly-Speed 14 integer
24 ATTRIBUTE BELRAS-GGC-Speed 15 integer
25 ATTRIBUTE BELRAS-GOOGLE-Speed 16 integer
26 ATTRIBUTE BELRAS-Incapsula-Speed 17 integer
27 ATTRIBUTE BELRAS-LIMELIGHT-Speed 18 integer
28 ATTRIBUTE BELRAS-OTHERS-Speed 19 integer
29 ATTRIBUTE BELRAS-REDIFF-Speed 20 integer
30 ATTRIBUTE BELRAS-TORRENT-Speed 21 integer
31 ATTRIBUTE BELRAS-BELCACHE-Speed 22 integer
32 ATTRIBUTE BELRAS-DHCP-Lease-Time 23 integer
33
34 VALUE BELRAS-redirect-Pool Deleted 1
35 VALUE BELRAS-redirect-Pool Disabled 2
36 VALUE BELRAS-redirect-Pool Disputes 3
37 VALUE BELRAS-redirect-Pool Expired 4
38 VALUE BELRAS-redirect-Pool Unknown 5
39 VALUE BELRAS-redirect-Pool Exhausted 6
40 VALUE BELRAS-redirect-Pool WrongMAC 7
41 VALUE BELRAS-redirect-Pool VLANmismatch 8
42
43 END-VENDOR Cnergee
44
+18
-0
share/dictionary.dellemc less more
0 # -*- text -*-
1 # Copyright (C) 2017 The FreeRADIUS Server project and contributors
2 #
3 # Dell Inc.
4 #
5 # DellEMC-AVpair Attribute-Value Pair.
6 # DellEMC-Group-Name The Linux primary group name associated with the user.
7 # This must be an existing group in /etc/groups.
8
9 VENDOR DellEMC 674
10
11 BEGIN-VENDOR DellEMC
12
13 ATTRIBUTE DellEMC-AVpair 1 string
14 ATTRIBUTE DellEMC-Group-Name 2 string
15
16 END-VENDOR DellEMC
17
+2
-2
share/dictionary.dhcp less more
331331 ATTRIBUTE DHCP-Ethernet-Interface 130 octets
332332 ATTRIBUTE DHCP-Vendor-Discrimination-Str 130 octets
333333 ATTRIBUTE DHCP-Remote-Stats-Svr-IP-Address 131 octets
334 ATTRIBUTE DHCP-IEEE-802.1P-VLAN-ID 132 octets
335 ATTRIBUTE DHCP-IEEE-802.1Q-L2-Priority 133 octets
334 ATTRIBUTE DHCP-IEEE-802.1Q-VLAN-ID 132 octets
335 ATTRIBUTE DHCP-IEEE-802.1P-L2-Priority 133 octets
336336 ATTRIBUTE DHCP-Diffserv-Code-Point 134 octets
337337 ATTRIBUTE DHCP-HTTP-Proxy 135 octets
338338
+2
-2
share/dictionary.erx less more
5858 ATTRIBUTE ERX-Secondary-Dns 5 ipaddr
5959 ATTRIBUTE ERX-Primary-Wins 6 ipaddr
6060 ATTRIBUTE ERX-Secondary-Wins 7 ipaddr
61 ATTRIBUTE ERX-Tunnel-Virtual-Router 8 string
62 ATTRIBUTE ERX-Tunnel-Password 9 string
61 ATTRIBUTE ERX-Tunnel-Virtual-Router 8 string has_tag
62 ATTRIBUTE ERX-Tunnel-Password 9 string has_tag
6363 ATTRIBUTE ERX-Ingress-Policy-Name 10 string
6464 ATTRIBUTE ERX-Egress-Policy-Name 11 string
6565 ATTRIBUTE ERX-Ingress-Statistics 12 integer
+11
-0
share/dictionary.freeradius.internal less more
544544 VALUE TLS-OCSP-Cert-Valid yes 1
545545 VALUE TLS-OCSP-Cert-Valid no 0
546546
547 ATTRIBUTE TLS-Cache-Filename 1946 string
548
547549 #
548550 # Range: 1940-2099
549551 # Free
740742 VALUE EAP-Type Notification 2
741743 VALUE EAP-Type NAK 3
742744 VALUE EAP-Type MD5-Challenge 4
745 VALUE EAP-Type EAP-MD5 4
743746 VALUE EAP-Type MD5 4
744747 VALUE EAP-Type One-Time-Password 5
745748 VALUE EAP-Type OTP 5
746749 VALUE EAP-Type Generic-Token-Card 6
750 VALUE EAP-Type EAP-GTC 6
747751 VALUE EAP-Type GTC 6
748752 VALUE EAP-Type RSA-Public-Key 9
749753 VALUE EAP-Type DSS-Unilateral 10
750754 VALUE EAP-Type KEA 11
751755 VALUE EAP-Type KEA-Validate 12
756 VALUE EAP-Type EAP-TLS 13
752757 VALUE EAP-Type TLS 13
753758 VALUE EAP-Type Defender-Token 14
754759 VALUE EAP-Type RSA-SecurID-EAP 15
756761 VALUE EAP-Type Cisco-LEAP 17
757762 VALUE EAP-Type LEAP 17
758763 VALUE EAP-Type Nokia-IP-Smart-Card 18
764 VALUE EAP-Type EAP-SIM 18
759765 VALUE EAP-Type SIM 18
760766 VALUE EAP-Type SRP-SHA1 19
761767 # 20 is unassigned
768 VALUE EAP-Type EAP-TTLS 21
762769 VALUE EAP-Type TTLS 21
763770 VALUE EAP-Type Remote-Access-Service 22
771 VALUE EAP-Type EAP-AKA 23
764772 VALUE EAP-Type AKA 23
765773 VALUE EAP-Type 3Com-Wireless 24
766774 VALUE EAP-Type PEAP 25
782790 VALUE EAP-Type DeviceConnect-EAP 40
783791 VALUE EAP-Type SPEKE 41
784792 VALUE EAP-Type MOBAC 42
793 VALUE EAP-Type EAP-FAST 43
785794 VALUE EAP-Type FAST 43
786795 VALUE EAP-Type Zonelabs 44
787796 VALUE EAP-Type Link 45
788797 VALUE EAP-Type PAX 46
789798 VALUE EAP-Type PSK 47
790799 VALUE EAP-Type SAKE 48
800 VALUE EAP-Type EAP-IKEv2 49
791801 VALUE EAP-Type IKEv2 49
792802 VALUE EAP-Type AKA2 50
793803 VALUE EAP-Type GPSK 51
797807 #
798808 # And this is what most people mean by MS-CHAPv2
799809 #
810 VALUE EAP-Type EAP-MSCHAPv2 26
800811 VALUE EAP-Type MSCHAPv2 26
801812
802813 #
+22
-0
share/dictionary.microsemi less more
0 # -*- text -*-
1 #
2 # dictionary.microsemi
3 #
4 # As posted to the list by Simon Butcher <simon.butcher@microsemi.com>
5 #
6 # Version: $Id$
7 #
8
9 VENDOR Microsemi 40676
10
11 BEGIN-VENDOR Microsemi
12
13 ATTRIBUTE Microsemi-User-Full-Name 1 string
14 ATTRIBUTE Microsemi-User-Name 2 string
15 ATTRIBUTE Microsemi-User-Initials 3 string
16 ATTRIBUTE Microsemi-User-Email 4 string
17 ATTRIBUTE Microsemi-User-Group 5 string
18 ATTRIBUTE Microsemi-Fallback-User-Group 6 string
19 ATTRIBUTE Microsemi-Network-Element-Group 7 string
20
21 END-VENDOR Microsemi
+3
-0
share/dictionary.nomadix less more
1919 ATTRIBUTE Nomadix-Net-VLAN 11 integer
2020 ATTRIBUTE Nomadix-Config-URL 12 string
2121 ATTRIBUTE Nomadix-Goodbye-URL 13 string
22 ATTRIBUTE Nomadix-Qos-Policy 14 string
23 ATTRIBUTE Nomadix-SMTP-Redirect 17 integer
24 ATTRIBUTE Nomadix-Centralized-Mgmt 18 string
2225 ATTRIBUTE Nomadix-Group-Policy-Id 19 integer
2326 ATTRIBUTE Nomadix-Group-Bw-Max-Up 20 integer
2427 ATTRIBUTE Nomadix-Group-Bw-Max-Down 21 integer
+11
-0
share/dictionary.patton less more
1313
1414 BEGIN-VENDOR Patton
1515
16 ATTRIBUTE Patton-Protocol 16 string
1617 ATTRIBUTE Patton-Setup-Time 32 string
1718 ATTRIBUTE Patton-Connect-Time 33 string
1819 ATTRIBUTE Patton-Disconnect-Time 34 string
2324 ATTRIBUTE Patton-Called-Numbering-Plan 50 string
2425 ATTRIBUTE Patton-Called-Type-Of-Number 51 string
2526 ATTRIBUTE Patton-Called-Name 52 string
27 ATTRIBUTE Patton-Called-Station-Id 53 string
2628 ATTRIBUTE Patton-Called-Rx-Octets 64 integer
2729 ATTRIBUTE Patton-Called-Tx-Octets 65 integer
2830 ATTRIBUTE Patton-Called-Rx-Packets 66 integer
3234 ATTRIBUTE Patton-Called-Rx-Jitter 70 integer
3335 ATTRIBUTE Patton-Called-Tx-Jitter 71 integer
3436 ATTRIBUTE Patton-Called-Codec 72 string
37 ATTRIBUTE Patton-Called-Remote-Ip 73 integer
38 ATTRIBUTE Patton-Called-Remote-Udp-Port 74 integer
39 ATTRIBUTE Patton-Called-Local-Udp-Port 75 integer
40 ATTRIBUTE Patton-Called-Qos 76 integer
3541 ATTRIBUTE Patton-Called-MOS 77 integer
3642 ATTRIBUTE Patton-Called-Round-Trip-Time 78 integer
3743 ATTRIBUTE Patton-Calling-Unique-Id 80 string
4147 ATTRIBUTE Patton-Calling-Presentation-Indicator 88 string
4248 ATTRIBUTE Patton-Calling-Screening-Indicator 89 string
4349 ATTRIBUTE Patton-Calling-Name 84 string
50 ATTRIBUTE Patton-Calling-Station-Id 85 string
4451 ATTRIBUTE Patton-Calling-Rx-Octets 96 integer
4552 ATTRIBUTE Patton-Calling-Tx-Octets 97 integer
4653 ATTRIBUTE Patton-Calling-Rx-Packets 98 integer
5057 ATTRIBUTE Patton-Calling-Rx-Jitter 102 integer
5158 ATTRIBUTE Patton-Calling-Tx-Jitter 103 integer
5259 ATTRIBUTE Patton-Calling-Codec 104 string
60 ATTRIBUTE Patton-Calling-Remote-Ip 105 integer
61 ATTRIBUTE Patton-Calling-Remote-Udp-Port 106 integer
62 ATTRIBUTE Patton-Calling-Local-Udp-Port 107 integer
63 ATTRIBUTE Patton-Calling-Qos 108 integer
5364 ATTRIBUTE Patton-Calling-MOS 109 integer
5465 ATTRIBUTE Patton-Calling-Round-Trip-Time 110 integer
5566
+2
-2
share/dictionary.rfc5580 less more
2727 # Really a bit-packed field
2828 #
2929 ATTRIBUTE Location-Capable 131 integer
30 VALUE Location-Capable Civix-Location 1
30 VALUE Location-Capable Civic-Location 1
3131 VALUE Location-Capable Geo-Location 2
3232 VALUE Location-Capable Users-Location 4
3333 VALUE Location-Capable NAS-Location 8
3434
3535 ATTRIBUTE Requested-Location-Info 132 integer
36 VALUE Requested-Location-Info Civix-Location 1
36 VALUE Requested-Location-Info Civic-Location 1
3737 VALUE Requested-Location-Info Geo-Location 2
3838 VALUE Requested-Location-Info Users-Location 4
3939 VALUE Requested-Location-Info NAS-Location 8
+9
-0
share/dictionary.rfc7930 less more
0 # -*- text -*-
1 # Copyright (C) 2015 The FreeRADIUS Server project and contributors
2 #
3 # Attributes and values defined in RFC 7930
4 # http://www.ietf.org/rfc/rfc7930.txt
5 #
6
7 ATTRIBUTE Response-Length 241.3 integer
8 ATTRIBUTE Original-Packet-Code 241.4 integer
+3
-0
share/dictionary.ukerna less more
2020 ATTRIBUTE Moonshot-Host-TargetedId 138 string
2121 ATTRIBUTE Moonshot-Realm-TargetedId 139 string
2222 ATTRIBUTE Moonshot-TR-COI-TargetedId 140 string
23 ATTRIBUTE Moonshot-MSTID-GSS-Acceptor 141 string
24 ATTRIBUTE Moonshot-MSTID-Namespace 142 string
25 ATTRIBUTE Moonshot-MSTID-TargetedId 143 string
2326
2427 END-VENDOR UKERNA
+1
-0
share/dictionary.zte less more
4444 ATTRIBUTE ZTE-TCP-Limit-Mode 96 integer
4545 ATTRIBUTE ZTE-IGMP-Service-Profile-Num 97 integer
4646 ATTRIBUTE ZTE-PPP-Sservice-Type 101 integer
47 ATTRIBUTE ZTE-SW-Privilege 104 integer
4748 ATTRIBUTE ZTE-Access-Domain 151 string
4849 ATTRIBUTE ZTE-VPN-ID 190 string
4950
+1
-0
src/.gitignore less more
00 freeradius-devel
1 util
+1
-0
src/include/.gitignore less more
1313
1414 # Headers from v3.1.x
1515 freeradius.snmp.h
16 util
1617
1718 # Build scripts
1819 build-radpaths-h
+33
-0
src/include/autoconf.h.in less more
3131 /* Define to 1 if you have the <arpa/inet.h> header file. */
3232 #undef HAVE_ARPA_INET_H
3333
34 /* Define to 1 if you have the `ASN1_STRING_get0_data' function. */
35 #undef HAVE_ASN1_STRING_GET0_DATA
36
3437 /* Define if your compiler supports the __bounded__ attribute (usually OpenBSD
3538 gcc). */
3639 #undef HAVE_ATTRIBUTE_BOUNDED
6265 /* Define to 1 if you have the `collectdclient' library (-lcollectdclient). */
6366 #undef HAVE_COLLECTDC_H
6467
68 /* Define to 1 if you have the `CONF_modules_load_file' function. */
69 #undef HAVE_CONF_MODULES_LOAD_FILE
70
6571 /* Do we have the crypt function */
6672 #undef HAVE_CRYPT
73
74 /* Define to 1 if you have the `CRYPTO_set_id_callback' function. */
75 #undef HAVE_CRYPTO_SET_ID_CALLBACK
76
77 /* Define to 1 if you have the `CRYPTO_set_locking_callback' function. */
78 #undef HAVE_CRYPTO_SET_LOCKING_CALLBACK
6779
6880 /* Define to 1 if you have the <crypt.h> header file. */
6981 #undef HAVE_CRYPT_H
151163 /* Define to 1 if you have the <history.h> header file. */
152164 #undef HAVE_HISTORY_H
153165
166 /* Define to 1 if you have the `HMAC_CTX_free' function. */
167 #undef HAVE_HMAC_CTX_FREE
168
169 /* Define to 1 if you have the `HMAC_CTX_new' function. */
170 #undef HAVE_HMAC_CTX_NEW
171
154172 /* Define if the function (or macro) htonll exists. */
155173 #undef HAVE_HTONLL
156174
247265 /* Define to 1 if you have the `openat' function. */
248266 #undef HAVE_OPENAT
249267
268 /* Define to 1 if you have the <openssl/asn1.h> header file. */
269 #undef HAVE_OPENSSL_ASN1_H
270
271 /* Define to 1 if you have the <openssl/conf.h> header file. */
272 #undef HAVE_OPENSSL_CONF_H
273
250274 /* Define to 1 if you have the <openssl/crypto.h> header file. */
251275 #undef HAVE_OPENSSL_CRYPTO_H
252276
259283 /* Define to 1 if you have the <openssl/evp.h> header file. */
260284 #undef HAVE_OPENSSL_EVP_H
261285
286 /* Define to 1 if you have the <openssl/hmac.h> header file. */
287 #undef HAVE_OPENSSL_HMAC_H
288
262289 /* Define to 1 if you have the <openssl/md4.h> header file. */
263290 #undef HAVE_OPENSSL_MD4_H
264291
372399
373400 /* Define to 1 if you have the `SSL_get_client_random' function. */
374401 #undef HAVE_SSL_GET_CLIENT_RANDOM
402
403 /* Define to 1 if you have the `SSL_get_server_random' function. */
404 #undef HAVE_SSL_GET_SERVER_RANDOM
405
406 /* Define to 1 if you have the `SSL_SESSION_get_master_key' function. */
407 #undef HAVE_SSL_SESSION_GET_MASTER_KEY
375408
376409 /* Define to 1 if you have the <stdbool.h> header file. */
377410 #undef HAVE_STDBOOL_H
+1
-0
src/include/libradius.h less more
417417 DECODE_FAIL_ATTRIBUTE_UNDERFLOW,
418418 DECODE_FAIL_TOO_MANY_ATTRIBUTES,
419419 DECODE_FAIL_MA_MISSING,
420 DECODE_FAIL_TOO_MANY_AUTH,
420421 DECODE_FAIL_MAX
421422 } decode_fail_t;
422423
+69
-0
src/include/missing-h less more
8080 # else
8181 # include <time.h>
8282 # endif
83 #endif
84
85 #ifdef HAVE_OPENSSL_SSL_H
86 # include <openssl/ssl.h>
87 #endif
88
89 #ifdef HAVE_OPENSSL_HMAC_H
90 # include <openssl/hmac.h>
91 #endif
92
93 #ifdef HAVE_OPENSSL_ASN1_H
94 # include <openssl/asn1.h>
95 #endif
96
97 #ifdef HAVE_OPENSSL_CONF_H
98 # include <openssl/conf.h>
8399 #endif
84100
85101 /*
435451 typedef void(*sig_t)(int);
436452 #endif
437453
454 #ifdef HAVE_OPENSSL_HMAC_H
455 # ifndef HAVE_HMAC_CTX_NEW
456 HMAC_CTX *HMAC_CTX_new(void);
457 # endif
458 # ifndef HAVE_HMAC_CTX_FREE
459 void HMAC_CTX_free(HMAC_CTX *ctx);
460 # endif
461 #endif
462
463 #ifdef HAVE_OPENSSL_ASN1_H
464 # ifndef HAVE_ASN1_STRING_GET0_DATA
465 static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
466 {
467 /*
468 * Trick the compiler into not issuing the warning on qualifier stripping.
469 * We know that ASN1_STRING_data doesn't change x, and we're casting
470 * the return value back to const immediately, so it's OK.
471 */
472 union {
473 const ASN1_STRING *c;
474 ASN1_STRING *nc;
475 } const_strip = {.c = x};
476 return ASN1_STRING_data(const_strip.nc);
477 }
478 # endif
479 #endif
480
481 #ifdef HAVE_OPENSSL_CONF_H
482 # ifndef HAVE_CONF_MODULES_LOAD_FILE
483 static inline int CONF_modules_load_file(const char *filename,
484 const char *appname,
485 unsigned long flags)
486 {
487 (void)filename;
488 (void)flags;
489 return OPENSSL_config(appname);
490 }
491 # endif
492 #endif
493
438494 #ifdef __cplusplus
439495 }
496 #endif
497
498 #ifdef HAVE_OPENSSL_SSL_H
499 # ifndef HAVE_SSL_GET_CLIENT_RANDOM
500 size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen);
501 # endif
502 # ifndef HAVE_SSL_GET_SERVER_RANDOM
503 size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen);
504 # endif
505 # ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
506 size_t SSL_SESSION_get_master_key(const SSL_SESSION *s,
507 unsigned char *out, size_t outlen);
508 # endif
440509 #endif
441510
442511 /*
+6
-6
src/include/modpriv.h less more
1717 extern "C" {
1818 #endif
1919
20 typedef void *lt_dlhandle;
20 typedef void *fr_dlhandle;
2121
22 lt_dlhandle lt_dlopenext(char const *name);
23 void *lt_dlsym(lt_dlhandle handle, char const *symbol);
24 int lt_dlclose(lt_dlhandle handle);
25 char const *lt_dlerror(void);
22 fr_dlhandle fr_dlopenext(char const *name);
23 void *fr_dlsym(fr_dlhandle handle, char const *symbol);
24 int fr_dlclose(fr_dlhandle handle);
25 char const *fr_dlerror(void);
2626
2727 /*
2828 * Keep track of which modules we've loaded.
3030 typedef struct module_entry_t {
3131 char name[MAX_STRING_LEN];
3232 module_t const *module;
33 lt_dlhandle handle;
33 fr_dlhandle handle;
3434 } module_entry_t;
3535
3636 typedef struct fr_module_hup_t fr_module_hup_t;
+3
-0
src/include/tls-h less more
136136 unsigned int (*record_minus)(record_t *buf, void *ptr, unsigned int size);
137137
138138 bool invalid_hb_used; //!< Whether heartbleed attack was detected.
139 bool connected; //!< whether the outgoing socket is connected
139140
140141 /*
141142 * Framed-MTU attribute in RADIUS, if present, can also be used to set this
307308 tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, int fd);
308309 fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
309310 fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
311 fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx);
310312 SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client);
311313 int tls_handshake_recv(REQUEST *, tls_session_t *ssn);
312314 int tls_handshake_send(REQUEST *, tls_session_t *ssn);
363365 bool allow_expired_crl;
364366 char const *check_cert_cn;
365367 char const *cipher_list;
368 bool cipher_server_preference;
366369 char const *check_cert_issuer;
367370
368371 bool session_cache_enable;
+4
-4
src/lib/cbuff.c less more
103103 void fr_cbuff_rp_insert(fr_cbuff_t *cbuff, void *obj)
104104 {
105105 #ifdef HAVE_PTHREAD_H
106 if (cbuff->lock) PTHREAD_MUTEX_LOCK(cbuff);
106 PTHREAD_MUTEX_LOCK(cbuff);
107107 #endif
108108
109109 if (cbuff->elem[cbuff->in]) {
120120 }
121121
122122 #ifdef HAVE_PTHREAD_H
123 if (cbuff->lock) PTHREAD_MUTEX_UNLOCK(cbuff);
123 PTHREAD_MUTEX_UNLOCK(cbuff);
124124 #endif
125125 }
126126
135135 void *obj = NULL;
136136
137137 #ifdef HAVE_PTHREAD_H
138 if (cbuff->lock) PTHREAD_MUTEX_LOCK(cbuff);
138 PTHREAD_MUTEX_LOCK(cbuff);
139139 #endif
140140
141141 /* Buffer is empty */
146146
147147 done:
148148 #ifdef HAVE_PTHREAD_H
149 if (cbuff->lock) PTHREAD_MUTEX_UNLOCK(cbuff);
149 PTHREAD_MUTEX_UNLOCK(cbuff);
150150 #endif
151151 return obj;
152152 }
+8
-0
src/lib/event.c less more
401401
402402 #else /* HAVE_KQUEUE */
403403
404 /*
405 * select() has limits.
406 */
407 if (fd > FD_SETSIZE) {
408 fprintf(stderr, "FD is larger than FD_SETSIZE");
409 return 0;
410 }
411
404412 for (i = 0; i <= el->max_readers; i++) {
405413 /*
406414 * Be fail-safe on multiple inserts.
+16
-12
src/lib/misc.c less more
301301 }
302302
303303
304 /** Parse an IPv4 address or IPv4 prefix in presentation format (and others)
304 /**
305 * Parse an IPv4 address, IPv4 prefix in presentation format (and others), or
306 * a hostname.
305307 *
306308 * @param out Where to write the ip address value.
307 * @param value to parse, may be dotted quad [+ prefix], or integer, or octal number, or '*' (INADDR_ANY).
309 * @param value to parse, may be dotted quad [+ prefix], or integer, or octal number, or '*' (INADDR_ANY), or a hostname.
308310 * @param inlen Length of value, if value is \0 terminated inlen may be -1.
309311 * @param resolve If true and value doesn't look like an IP address, try and resolve value as a hostname.
310312 * @param fallback to IPv6 resolution if no A records can be found.
316318 unsigned int mask;
317319 char *eptr;
318320
319 /* Dotted quad + / + [0-9]{1,2} */
320 char buffer[INET_ADDRSTRLEN + 3];
321 /* Dotted quad + / + [0-9]{1,2} or a hostname (RFC1035 2.3.4 Size limits) */
322 char buffer[256];
321323
322324 /*
323325 * Copy to intermediary buffer if we were given a length
399401 return 0;
400402 }
401403
402 /** Parse an IPv6 address or IPv6 prefix in presentation format (and others)
404 /**
405 * Parse an IPv6 address or IPv6 prefix in presentation format (and others),
406 * or a hostname.
403407 *
404408 * @param out Where to write the ip address value.
405409 * @param value to parse.
414418 unsigned int prefix;
415419 char *eptr;
416420
417 /* IPv6 + / + [0-9]{1,3} */
418 char buffer[INET6_ADDRSTRLEN + 4];
421 /* IPv6 + / + [0-9]{1,3} or a hostname (RFC1035 2.3.4 Size limits) */
422 char buffer[256];
419423
420424 /*
421425 * Copy to intermediary buffer if we were given a length
621625 * input length indicates there are more than 5 chars
622626 * after the ':' then there's an issue.
623627 */
624 if (inlen > ((q + sizeof(buffer)) - value)) {
628 if (len > (size_t) ((q + sizeof(buffer)) - value)) {
625629 error:
626630 fr_strerror_printf("IP string contains trailing garbage after port delimiter");
627631 return -1;
18661870 */
18671871 int fr_get_time(char const *date_str, time_t *date)
18681872 {
1869 int i;
1873 int i, j;
18701874 time_t t;
18711875 struct tm *tm, s_tm;
18721876 char buf[64];
19231927 f[0] = f[i];
19241928 f[i] = p;
19251929
1926 for (i = 0; i < 12; i++) {
1927 if (strncasecmp(months[i], f[0], 3) == 0) {
1928 tm->tm_mon = i;
1930 for (j = 0; j < 12; j++) {
1931 if (strncasecmp(months[j], f[0], 3) == 0) {
1932 tm->tm_mon = j;
19291933 break;
19301934 }
19311935 }
+62
-0
src/lib/missing.c less more
314314 }
315315 #endif
316316
317 #ifdef HAVE_OPENSSL_HMAC_H
318 # ifndef HAVE_HMAC_CTX_NEW
319 HMAC_CTX *HMAC_CTX_new(void)
320 {
321 HMAC_CTX *ctx;
322 ctx = OPENSSL_malloc(sizeof(*ctx));
323 if (!ctx) return NULL;
324
325 memset(ctx, 0, sizeof(*ctx));
326 HMAC_CTX_init(ctx);
327 return ctx;
328 }
329 # endif
330 # ifndef HAVE_HMAC_CTX_FREE
331 void HMAC_CTX_free(HMAC_CTX *ctx)
332 {
333 if (ctx == NULL) {
334 return;
335 }
336 HMAC_CTX_cleanup(ctx);
337 OPENSSL_free(ctx);
338 }
339 # endif
340 #endif
341
342 #ifdef HAVE_OPENSSL_SSL_H
343 # ifndef HAVE_SSL_GET_CLIENT_RANDOM
344 size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen)
345 {
346 if (!outlen) return sizeof(s->s3->client_random);
347
348 if (outlen > sizeof(s->s3->client_random)) outlen = sizeof(s->s3->client_random);
349
350 memcpy(out, s->s3->client_random, outlen);
351 return outlen;
352 }
353 # endif
354 # ifndef HAVE_SSL_GET_SERVER_RANDOM
355 size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen)
356 {
357 if (!outlen) return sizeof(s->s3->server_random);
358
359 if (outlen > sizeof(s->s3->server_random)) outlen = sizeof(s->s3->server_random);
360
361 memcpy(out, s->s3->server_random, outlen);
362 return outlen;
363 }
364 # endif
365 # ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
366 size_t SSL_SESSION_get_master_key(const SSL_SESSION *s,
367 unsigned char *out, size_t outlen)
368 {
369 if (!outlen) return s->master_key_length;
370
371 if (outlen > (size_t)s->master_key_length) outlen = (size_t)s->master_key_length;
372
373 memcpy(out, s->master_key, outlen);
374 return outlen;
375 }
376 # endif
377 #endif
378
317379 /** Call talloc strdup, setting the type on the new chunk correctly
318380 *
319381 * For some bizarre reason the talloc string functions don't set the
+2
-2
src/lib/print.c less more
568568 break;
569569
570570 case '\n':
571 *out++ = 'b';
571 *out++ = 'n';
572572 freespace--;
573573 break;
574574
582582 freespace--;
583583 break;
584584 default:
585 len = snprintf(out, freespace, "u%04X", *q);
585 len = snprintf(out, freespace, "u%04X", (uint8_t) *q);
586586 if (is_truncated(len, freespace)) return (outlen - freespace) + len;
587587 out += len;
588588 freespace -= len;
+19
-1
src/lib/radius.c less more
16051605 /*
16061606 * Message-Authenticator is hard-coded.
16071607 */
1608 if (!vp->da->vendor && (vp->da->attr == PW_MESSAGE_AUTHENTICATOR)) {
1608 if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) {
16091609 if (room < 18) return -1;
16101610
16111611 ptr[0] = PW_MESSAGE_AUTHENTICATOR;
23432343 bool seen_ma = false;
23442344 uint32_t num_attributes;
23452345 decode_fail_t failure = DECODE_FAIL_NONE;
2346 bool eap = false;
2347 bool non_eap = false;
23462348
23472349 /*
23482350 * Check for packets smaller than the packet header.
25482550 */
25492551 case PW_EAP_MESSAGE:
25502552 require_ma = true;
2553 eap = true;
2554 break;
2555
2556 case PW_USER_PASSWORD:
2557 case PW_CHAP_PASSWORD:
2558 case PW_ARAP_PASSWORD:
2559 non_eap = true;
25512560 break;
25522561
25532562 case PW_MESSAGE_AUTHENTICATOR:
26222631 &packet->src_ipaddr.ipaddr,
26232632 host_ipaddr, sizeof(host_ipaddr)));
26242633 failure = DECODE_FAIL_MA_MISSING;
2634 goto finish;
2635 }
2636
2637 if (eap && non_eap) {
2638 FR_DEBUG_STRERROR_PRINTF("Bad packet from host %s: Packet contains EAP-Message and non-EAP authentication attribute",
2639 inet_ntop(packet->src_ipaddr.af,
2640 &packet->src_ipaddr.ipaddr,
2641 host_ipaddr, sizeof(host_ipaddr)));
2642 failure = DECODE_FAIL_TOO_MANY_AUTH;
26252643 goto finish;
26262644 }
26272645
+2
-1
src/lib/value.c less more
634634 return -1;
635635 }
636636
637 bin = fr_hex2bin((uint8_t *) &dst->filter, ret, src + 2, len);
637 bin = fr_hex2bin((uint8_t *) &dst->filter, ret, src + 2, len - 2);
638638 if (bin < ret) {
639639 memset(((uint8_t *) &dst->filter) + bin, 0, ret - bin);
640640 }
15291529 p[1] = 'x';
15301530
15311531 fr_bin2hex(p + 2, data->octets, inlen);
1532 p[2 + (inlen * 2)] = '\0';
15321533 break;
15331534
15341535 case PW_TYPE_DATE:
+2
-1
src/main/auth.c less more
196196 * Warn if more than one Auth-Type was found, because only the last
197197 * one found will actually be used.
198198 */
199 if ((auth_type_count > 1) && (rad_debug_lvl)) {
199 if ((auth_type_count > 1) && (rad_debug_lvl) && request->username) {
200200 RERROR("Warning: Found %d auth-types on request for user '%s'",
201201 auth_type_count, request->username->vp_strvalue);
202202 }
331331 if (request->reply->code != PW_CODE_ACCESS_REJECT) {
332332 RDEBUG("Using Post-Auth-Type Reject");
333333
334 request->reply->code = PW_CODE_ACCESS_REJECT;
334335 process_post_auth(PW_POST_AUTH_TYPE_REJECT, request);
335336 }
336337
+8
-7
src/main/command.c less more
344344 */
345345 static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
346346 {
347 int dir_fd = -1, path_fd = -1, sock_fd = -1, parent_fd = -1;
347 int dir_fd = -1, sock_fd = -1, parent_fd = -1;
348348 char const *name;
349349 char *buff = NULL, *dir = NULL, *p;
350350
391391 fr_strerror_printf("Failed determining parent directory");
392392 error:
393393 talloc_free(dir);
394 close(dir_fd);
395 close(path_fd);
394 if (sock_fd >= 0) close(sock_fd);
395 if (dir_fd >= 0) close(dir_fd);
396 if (parent_fd >= 0) close(parent_fd);
396397 return -1;
397398 }
398399
458459 if (ret < 0) {
459460 fr_strerror_printf("Failed changing ownership of control socket directory: %s",
460461 fr_syserror(errno));
461 return -1;
462 goto error;
462463 }
463464 /*
464465 * Control socket dir already exists, but we still need to
526527 if (client_fd >= 0) {
527528 fr_strerror_printf("Control socket '%s' is already in use", path);
528529 close(client_fd);
529 return -1;
530 goto error;
530531 }
531532 }
532533
675676 if (uid != (uid_t)-1) rad_seuid(euid);
676677 if (gid != (gid_t)-1) rad_segid(egid);
677678
678 close(dir_fd);
679 close(path_fd);
679 if (dir_fd >= 0) close(dir_fd);
680 if (parent_fd >= 0) close(parent_fd);
680681
681682 return sock_fd;
682683 }
+18
-3
src/main/conffile.c less more
13921392 CONF_PAIR *cp = NULL;
13931393 fr_ipaddr_t *ipaddr;
13941394 char buffer[8192];
1395 CONF_ITEM *c_item = &cs->item;
1395 CONF_ITEM *c_item;
13961396
13971397 if (!cs) return -1;
1398
1399 c_item = &cs->item;
13981400
13991401 deprecated = (type & PW_TYPE_DEPRECATED);
14001402 required = (type & PW_TYPE_REQUIRED);
14731475
14741476 if (!value) {
14751477 if (required) {
1476 is_required:
14771478 cf_log_err(c_item, "Configuration item \"%s\" must have a value", name);
14781479
14791480 return -1;
16191620 }
16201621 }
16211622
1622 if (required && !value) goto is_required;
16231623 if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
16241624
16251625 if (attribute) {
36233623 {
36243624 CONF_DATA mycd;
36253625 CONF_DATA *cd;
3626 CONF_ITEM *ci, *it;
36263627 void *data;
36273628
36283629 if (!cs || !name) return NULL;
36363637 cd = rbtree_finddata(cs->data_tree, &mycd);
36373638 if (!cd) return NULL;
36383639
3640 ci = cf_data_to_item(cd);
3641 if (cs->children == ci) {
3642 cs->children = ci->next;
3643 if (cs->tail == ci) cs->tail = NULL;
3644 } else {
3645 for (it = cs->children; it; it = it->next) {
3646 if (it->next == ci) {
3647 it->next = ci->next;
3648 if (cs->tail == ci) cs->tail = it;
3649 break;
3650 }
3651 }
3652 }
3653
36393654 talloc_set_destructor(cd, NULL); /* Disarm the destructor */
36403655 rbtree_deletebydata(cs->data_tree, &mycd);
36413656
+7
-10
src/main/connection.c less more
642642 * have fewer than "min". When that happens, open more
643643 * connections to enforce "min".
644644 */
645 if ((pool->num + pool->pending) <= pool->min) {
645 if ((pool->num + pool->pending) < pool->min) {
646646 spawn = pool->min - (pool->num + pool->pending);
647647 extra = 0;
648
649 INFO("Need %i more connections to reach min connections (%i)", spawn, pool->min);
648650
649651 /*
650652 * If we're about to create more than "max",
665667 * AND we don't have enough idle connections.
666668 * Open some more.
667669 */
668 } else if (idle <= pool->spare) {
670 } else if (idle < pool->spare) {
669671 /*
670672 * Not enough spare connections. Spawn a few.
671673 * But cap the pool size at "max"
676678 if ((pool->num + pool->pending + spawn) > pool->max) {
677679 spawn = pool->max - (pool->num + pool->pending);
678680 }
681
682 INFO("Need %i more connections to reach %i spares", spawn, pool->spare);
679683
680684 /*
681685 * min < num < max
711715 * a connection. Avoids spurious log messages.
712716 */
713717 if (spawn) {
714 INFO("%s: Need %i more connections to reach %i spares",
715 pool->log_prefix, spawn, pool->spare);
716718 pthread_mutex_unlock(&pool->mutex);
717719 fr_connection_spawn(pool, now, false); /* ignore return code */
718720 pthread_mutex_lock(&pool->mutex);
820822 */
821823 if (!spawn) return NULL;
822824
823 /*
824 * We don't have a connection. Try to open a new one.
825 */
826 rad_assert(pool->active == pool->num);
827
828825 if (pool->num == pool->max) {
829826 bool complain = false;
830827
837834 }
838835
839836 pthread_mutex_unlock(&pool->mutex);
840
837
841838 if (!RATE_LIMIT_ENABLED || complain) {
842839 ERROR("%s: No connections available and at max connection limit", pool->log_prefix);
843840 }
+186
-156
src/main/detail.c less more
8484 } else {
8585 int rtt;
8686 struct timeval now;
87
88 RDEBUG("detail (%s): Done %s packet.", data->name, fr_packet_codes[request->packet->code]);
89
8790 /*
8891 * We call gettimeofday a lot. But it should be OK,
8992 * because there's nothing else to do.
332335 vp_cursor_t cursor;
333336
334337 DEBUG2("detail (%s): Read packet from %s", data->name, data->filename_work);
335
336338 for (vp = fr_cursor_init(&cursor, &packet->vps);
337339 vp;
338340 vp = fr_cursor_next(&cursor)) {
382384 rcode = read(data->master_pipe[0], &packet, sizeof(packet));
383385 if (rcode <= 0) return rcode;
384386
387 rad_assert(packet != NULL);
388
385389 if (DEBUG_ENABLED2) {
386390 VALUE_PAIR *vp;
387391 vp_cursor_t cursor;
393397 debug_pair(vp);
394398 }
395399 }
396 rad_assert(packet != NULL);
397400
398401 switch (packet->code) {
399402 case PW_CODE_ACCOUNTING_REQUEST:
430433
431434 static RADIUS_PACKET *detail_poll(rad_listen_t *listener)
432435 {
436 int y;
433437 char key[256], op[8], value[1024];
434438 vp_cursor_t cursor;
435439 VALUE_PAIR *vp;
550554 /*
551555 * Else go read something.
552556 */
553 break;
557 if (!fgets(buffer, sizeof(buffer), data->fp)) {
558 DEBUG("detail (%s): Failed reading header from file - %s",
559 data->name, data->filename_work);
560 goto cleanup;
561 }
562
563 /*
564 * Badly formatted file: delete it.
565 */
566 if (!strchr(buffer, '\n')) {
567 DEBUG("detail (%s): Invalid line without trailing LF - %s", data->name, buffer);
568 goto cleanup;
569 }
570
571 if (!sscanf(buffer, "%*s %*s %*d %*d:%*d:%*d %d", &y)) {
572 DEBUG("detail (%s): Failed reading detail file header in line - %s", data->name, buffer);
573 goto cleanup;
574 }
575
576 data->state = STATE_READING;
577 /* FALL-THROUGH */
578
554579
555580 /*
556581 * Read more value-pair's, unless we're
558583 * we have.
559584 */
560585 case STATE_READING:
561 if (data->fp && !feof(data->fp)) break;
562 data->state = STATE_QUEUED;
563
564 /* FALL-THROUGH */
586 rad_assert(data->fp != NULL);
587
588 fr_cursor_init(&cursor, &data->vps);
589
590 /*
591 * Read a header, OR a value-pair.
592 */
593 while (fgets(buffer, sizeof(buffer), data->fp)) {
594 data->last_offset = data->offset;
595 data->offset = ftell(data->fp); /* for statistics */
596
597 /*
598 * Badly formatted file: delete it.
599 */
600 if (!strchr(buffer, '\n')) {
601 WARN("detail (%s): Skipping line without trailing LF - %s", data->name, buffer);
602 fr_pair_list_free(&data->vps);
603 goto cleanup;
604 }
605
606 /*
607 * We're reading VP's, and got a blank line.
608 * That indicates the end of an entry. Queue the
609 * packet.
610 */
611 if (buffer[0] == '\n') {
612 data->state = STATE_QUEUED;
613 data->tries = 0;
614 data->packets++;
615 goto alloc_packet;
616 }
617
618 /*
619 * We have a full "attribute = value" line.
620 * If it doesn't look reasonable, skip it.
621 *
622 * FIXME: print an error for badly formatted attributes?
623 */
624 if (sscanf(buffer, "%255s %7s %1023s", key, op, value) != 3) {
625 DEBUG("detail (%s): Skipping badly formatted line - %s", data->name, buffer);
626 continue;
627 }
628
629 /*
630 * Should be =, :=, +=, ...
631 */
632 if (!strchr(op, '=')) {
633 DEBUG("detail (%s): Skipping line without operator - %s", data->name, buffer);
634 continue;
635 }
636
637 /*
638 * Skip non-protocol attributes.
639 */
640 if (!strcasecmp(key, "Request-Authenticator")) continue;
641
642 /*
643 * Set the original client IP address, based on
644 * what's in the detail file.
645 *
646 * Hmm... we don't set the server IP address.
647 * or port. Oh well.
648 */
649 if (!strcasecmp(key, "Client-IP-Address")) {
650 data->client_ip.af = AF_INET;
651 if (ip_hton(&data->client_ip, AF_INET, value, false) < 0) {
652 DEBUG("detail (%s): Failed parsing Client-IP-Address", data->name);
653 fr_pair_list_free(&data->vps);
654 goto cleanup;
655 }
656 continue;
657 }
658
659 /*
660 * The original time at which we received the
661 * packet. We need this to properly calculate
662 * Acct-Delay-Time.
663 */
664 if (!strcasecmp(key, "Timestamp")) {
665 data->timestamp = atoi(value);
666 data->timestamp_offset = data->last_offset;
667
668 vp = fr_pair_afrom_num(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0);
669 if (vp) {
670 vp->vp_date = (uint32_t) data->timestamp;
671 vp->type = VT_DATA;
672 fr_cursor_insert(&cursor, vp);
673 }
674 continue;
675 }
676
677 if (!strcasecmp(key, "Donestamp")) {
678 data->timestamp = atoi(value);
679 data->done_entry = true;
680 continue;
681 }
682
683 DEBUG3("detail (%s): Trying to read VP from line - %s", data->name, buffer);
684
685 /*
686 * Read one VP.
687 *
688 * FIXME: do we want to check for non-protocol
689 * attributes like radsqlrelay does?
690 */
691 vp = NULL;
692 if ((fr_pair_list_afrom_str(data, buffer, &vp) > 0) &&
693 (vp != NULL)) {
694 fr_cursor_merge(&cursor, vp);
695 } else {
696 DEBUG("detail (%s): Failed reading VP from line - %s", data->name, buffer);
697 goto cleanup;
698 }
699 }
700
701 /*
702 * The writer doesn't check that the
703 * record was completely written. If the
704 * disk is full, this can result in a
705 * truncated record which has no trailing
706 * blank line. When that happens, it's a
707 * bad record, and we ignore it.
708 */
709 if (feof(data->fp)) {
710 DEBUG("detail (%s): Truncated record: treating it as EOF for detail file %s",
711 data->name, data->filename_work);
712 fr_pair_list_free(&data->vps);
713 goto cleanup;
714 }
715
716 /*
717 * Some kind of non-eof error.
718 *
719 * FIXME: Leave the file in-place, and warn the
720 * administrator?
721 */
722 DEBUG("detail (%s): Unknown error, deleting detail file %s",
723 data->name, data->filename_work);
724 goto cleanup;
565725
566726 case STATE_QUEUED:
567727 goto alloc_packet;
597757 rad_assert(data->fp != NULL);
598758
599759 if (fseek(data->fp, data->timestamp_offset, SEEK_SET) < 0) {
600 WARN("detail (%s): Failed seeking to timestamp offset: %s",
760 DEBUG("detail (%s): Failed seeking to timestamp offset: %s",
601761 data->name, fr_syserror(errno));
602762 } else if (fwrite("\tDone", 1, 5, data->fp) < 5) {
603 WARN("detail (%s): Failed marking request as done: %s",
763 DEBUG("detail (%s): Failed marking request as done: %s",
604764 data->name, fr_syserror(errno));
605765 } else if (fflush(data->fp) != 0) {
606 WARN("detail (%s): Failed flushing marked detail file to disk: %s",
766 DEBUG("detail (%s): Failed flushing marked detail file to disk: %s",
607767 data->name, fr_syserror(errno));
608768 }
609769
610770 if (fseek(data->fp, data->offset, SEEK_SET) < 0) {
611 WARN("detail (%s): Failed seeking to next detail request: %s",
771 DEBUG("detail (%s): Failed seeking to next detail request: %s",
612772 data->name, fr_syserror(errno));
613773 }
614774 }
617777 data->state = STATE_HEADER;
618778 goto do_header;
619779 }
620
621 fr_cursor_init(&cursor, &data->vps);
622
623 /*
624 * Read a header, OR a value-pair.
625 */
626 while (fgets(buffer, sizeof(buffer), data->fp)) {
627 data->last_offset = data->offset;
628 data->offset = ftell(data->fp); /* for statistics */
629
630 /*
631 * Badly formatted file: delete it.
632 *
633 * FIXME: Maybe flag an error?
634 */
635 if (!strchr(buffer, '\n')) {
636 fr_pair_list_free(&data->vps);
637 goto cleanup;
638 }
639
640 /*
641 * We're reading VP's, and got a blank line.
642 * Queue the packet.
643 */
644 if ((data->state == STATE_READING) &&
645 (buffer[0] == '\n')) {
646 data->state = STATE_QUEUED;
647 break;
648 }
649
650 /*
651 * Look for date/time header, and read VP's if
652 * found. If not, keep reading lines until we
653 * find one.
654 */
655 if (data->state == STATE_HEADER) {
656 int y;
657
658 if (sscanf(buffer, "%*s %*s %*d %*d:%*d:%*d %d", &y)) {
659 data->state = STATE_READING;
660 }
661 continue;
662 }
663
664 /*
665 * We have a full "attribute = value" line.
666 * If it doesn't look reasonable, skip it.
667 *
668 * FIXME: print an error for badly formatted attributes?
669 */
670 if (sscanf(buffer, "%255s %7s %1023s", key, op, value) != 3) {
671 WARN("detail (%s): Skipping badly formatted line %s", data->name, buffer);
672 continue;
673 }
674
675 /*
676 * Should be =, :=, +=, ...
677 */
678 if (!strchr(op, '=')) continue;
679
680 /*
681 * Skip non-protocol attributes.
682 */
683 if (!strcasecmp(key, "Request-Authenticator")) continue;
684
685 /*
686 * Set the original client IP address, based on
687 * what's in the detail file.
688 *
689 * Hmm... we don't set the server IP address.
690 * or port. Oh well.
691 */
692 if (!strcasecmp(key, "Client-IP-Address")) {
693 data->client_ip.af = AF_INET;
694 if (ip_hton(&data->client_ip, AF_INET, value, false) < 0) {
695 ERROR("detail (%s): Failed parsing Client-IP-Address", data->name);
696
697 fr_pair_list_free(&data->vps);
698 goto cleanup;
699 }
700 continue;
701 }
702
703 /*
704 * The original time at which we received the
705 * packet. We need this to properly calculate
706 * Acct-Delay-Time.
707 */
708 if (!strcasecmp(key, "Timestamp")) {
709 data->timestamp = atoi(value);
710 data->timestamp_offset = data->last_offset;
711
712 vp = fr_pair_afrom_num(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0);
713 if (vp) {
714 vp->vp_date = (uint32_t) data->timestamp;
715 vp->type = VT_DATA;
716 fr_cursor_insert(&cursor, vp);
717 }
718 continue;
719 }
720
721 if (!strcasecmp(key, "Donestamp")) {
722 data->timestamp = atoi(value);
723 data->done_entry = true;
724 continue;
725 }
726
727 /*
728 * Read one VP.
729 *
730 * FIXME: do we want to check for non-protocol
731 * attributes like radsqlrelay does?
732 */
733 vp = NULL;
734 if ((fr_pair_list_afrom_str(data, buffer, &vp) > 0) &&
735 (vp != NULL)) {
736 fr_cursor_merge(&cursor, vp);
737 }
738 }
739
740 /*
741 * Some kind of error.
742 *
743 * FIXME: Leave the file in-place, and warn the
744 * administrator?
745 */
746 if (ferror(data->fp)) goto cleanup;
747
748 data->tries = 0;
749 data->packets++;
750780
751781 /*
752782 * Process the packet.
762792 data->tries++;
763793
764794 /*
765 * The writer doesn't check that the record was
766 * completely written. If the disk is full, this can
767 * result in a truncated record. When that happens,
768 * treat it as EOF.
769 */
770 if (data->state != STATE_QUEUED) {
771 ERROR("detail (%s): Truncated record: treating it as EOF for detail file %s",
772 data->name, data->filename_work);
773 fr_pair_list_free(&data->vps);
774 goto cleanup;
775 }
776
777 /*
778795 * We're done reading the file, but we didn't read
779796 * anything. Clean up, and don't return anything.
780797 */
781798 if (!data->vps) {
799 WARN("detail (%s): Read empty packet from file %s",
800 data->name, data->filename_work);
782801 data->state = STATE_HEADER;
783 if (!data->fp || feof(data->fp)) goto cleanup;
784802 return NULL;
785803 }
786804
10231041 /*
10241042 * Overloaded to return "should we fix delay times"
10251043 */
1026 int detail_decode(UNUSED rad_listen_t *this, UNUSED REQUEST *request)
1044 int detail_decode(rad_listen_t *this, REQUEST *request)
10271045 {
10281046 #ifdef WITH_DETAIL_THREAD
1047 listen_detail_t *data = this->data;
1048
1049 RDEBUG("Received %s from detail file %s",
1050 fr_packet_codes[request->packet->code], data->filename_work);
1051
1052 rdebug_pair_list(L_DBG_LVL_1, request, request->packet->vps, "\t");
1053
10291054 return 0;
10301055 #else
10311056 listen_detail_t *data = this->data;
1057
1058 RDEBUG("Received %s from detail file %s",
1059 fr_packet_codes[request->packet->code], data->filename_work);
1060
1061 rdebug_pair_list(L_DBG_LVL_1, request, request->packet->vps, "\t");
10321062
10331063 return data->signal;
10341064 #endif
+2
-6
src/main/evaluate.c less more
9898 * The VPT *doesn't* have a "bare word" type,
9999 * which arguably it should.
100100 */
101 rcode = (vpt->name != '\0');
101 rcode = (*vpt->name != '\0');
102102 break;
103103
104104 case TMPL_TYPE_ATTR:
163163 regmatch_t rxmatch[REQUEST_MAX_REGEX + 1]; /* +1 for %{0} (whole match) capture group */
164164 size_t nmatch = sizeof(rxmatch) / sizeof(regmatch_t);
165165
166 rad_assert(lhs_type == PW_TYPE_STRING);
167 rad_assert(lhs != NULL);
166 if (!lhs || (lhs_type != PW_TYPE_STRING)) return -1;
168167
169168 EVAL_DEBUG("CMP WITH REGEX %s %s",
170169 map->rhs->tmpl_iflag ? "CASE INSENSITIVE" : "CASE SENSITIVE",
362361 case '[': /* we don't list close braces */
363362 case '{':
364363 case '(':
365 if (outlen < 3) goto done;
366
367364 *(p++) = '\\';
368365 outlen--;
369366 /* FALL-THROUGH */
375372 }
376373 }
377374
378 done:
379375 *(p++) = '\0';
380376 return p - out;
381377 }
+2
-1
src/main/exec.c less more
8585 VALUE_PAIR *input_pairs, bool shell_escape)
8686 {
8787 #ifndef __MINGW32__
88 char *p;
8988 VALUE_PAIR *vp;
9089 int n;
9190 int to_child[2] = {-1, -1};
168167 */
169168 snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
170169 if (shell_escape) {
170 char *p;
171
171172 for (p = buffer; *p != '='; p++) {
172173 if (*p == '-') {
173174 *p = '_';
+1
-1
src/main/exfile.c less more
293293 * Try to lock it. If we can't lock it, it's because
294294 * some reader has re-named the file to "foo.work" and
295295 * locked it. So, we close the current file, re-open it,
296 * and try again/
296 * and try again.
297297 */
298298 if (ef->locking) {
299299 for (tries = 0; tries < MAX_TRY_LOCK; tries++) {
+9
-32
src/main/listen.c less more
13241324 fr_strerror());
13251325 return -1;
13261326 }
1327
1328 if (request->reply->data_len > (MAX_PACKET_LEN - 100)) {
1329 RWARN("Packet is large, and possibly truncated - %zd vs max %d",
1330 request->reply->data_len, MAX_PACKET_LEN);
1331 }
1332
13331327 return 0;
13341328 }
13351329
13681362 RERROR("Failed sending reply: %s",
13691363 fr_strerror());
13701364 return -1;
1371 }
1372
1373 if (request->reply->data_len > (MAX_PACKET_LEN - 100)) {
1374 RWARN("Packet is large, and possibly truncated - %zd vs max %d",
1375 request->reply->data_len, MAX_PACKET_LEN);
13761365 }
13771366
13781367 return 0;
13951384 RERROR("Failed sending proxied request: %s",
13961385 fr_strerror());
13971386 return -1;
1398 }
1399
1400 if (request->proxy->data_len > (MAX_PACKET_LEN - 100)) {
1401 RWARN("Packet is large, and possibly truncated - %zd vs max %d",
1402 request->proxy->data_len, MAX_PACKET_LEN);
14031387 }
14041388
14051389 return 0;
21142098 }
21152099
21162100 if (request->reply->data_len > (MAX_PACKET_LEN - 100)) {
2117 RWARN("Packet is large, and possibly truncated - %zd vs max %d",
2101 RWDEBUG("Packet is large, and possibly truncated - %zd vs max %d",
21182102 request->reply->data_len, MAX_PACKET_LEN);
21192103 }
21202104
21732157 }
21742158
21752159 if (request->proxy->data_len > (MAX_PACKET_LEN - 100)) {
2176 RWARN("Packet is large, and possibly truncated - %zd vs max %d",
2160 RWDEBUG("Packet is large, and possibly truncated - %zd vs max %d",
21772161 request->proxy->data_len, MAX_PACKET_LEN);
21782162 }
21792163
26382622 #ifdef WITH_TCP
26392623 if (sock->proto == IPPROTO_TCP) {
26402624 /*
2641 * If there are hard-coded worker threads, OR
2642 * it's a TLS connection, it's blocking.
2625 * Woker threads are blocking.
26432626 *
26442627 * Otherwise, they're non-blocking.
26452628 */
2646 if (!this->workers
2647 #ifdef WITH_PROXY
2648 #ifdef WITH_TLS
2649 && (this->type == RAD_LISTEN_PROXY) && !this->tls
2650 #endif
2651 #endif
2652 ) {
2629 if (!this->workers) {
26532630 if (fr_nonblock(this->fd) < 0) {
26542631 close(this->fd);
26552632 ERROR("Failed setting non-blocking on socket: %s",
29352912 { NULL, 0 },
29362913 };
29372914
2938 static int _free_proto_handle(lt_dlhandle *handle)
2915 static int _free_proto_handle(fr_dlhandle *handle)
29392916 {
29402917 dlclose(*handle);
29412918 return 0;
29482925 rad_listen_t *this;
29492926 CONF_PAIR *cp;
29502927 char const *value;
2951 lt_dlhandle handle;
2928 fr_dlhandle handle;
29522929 CONF_SECTION *server_cs;
29532930 char buffer[32];
29542931
29672944 }
29682945
29692946 snprintf(buffer, sizeof(buffer), "proto_%s", value);
2970 handle = lt_dlopenext(buffer);
2947 handle = fr_dlopenext(buffer);
29712948 if (handle) {
29722949 fr_protocol_t *proto;
2973 lt_dlhandle *marker;
2950 fr_dlhandle *marker;
29742951
29752952 proto = dlsym(handle, buffer);
29762953 if (!proto) {
29892966 /*
29902967 * Ensure handle gets closed if config section gets freed
29912968 */
2992 marker = talloc(cs, lt_dlhandle);
2969 marker = talloc(cs, fr_dlhandle);
29932970 *marker = handle;
29942971 talloc_set_destructor(marker, _free_proto_handle);
29952972
+9
-9
src/main/mainconfig.c less more
642642 }
643643
644644 /*
645 * Once we're done with all of the privileged work,
646 * permanently change the UID.
647 */
648 if (do_suid) {
649 rad_suid_set_down_uid(server_uid);
650 rad_suid_down();
651 }
652
653 /*
654645 * If we don't already have a log file open, open one
655646 * now. We may not have been logging anything yet. The
656647 * server normally starts up fairly quietly.
681672 main_config.name, main_config.log_file, fr_syserror(errno));
682673 return 0;
683674 }
675 }
676
677 /*
678 * Once we're done with all of the privileged work,
679 * permanently change the UID.
680 */
681 if (do_suid) {
682 rad_suid_set_down_uid(server_uid);
683 rad_suid_down();
684684 }
685685
686686 /*
+57
-2
src/main/map.c less more
13671367 for (b = fr_cursor_first(&src_list);
13681368 b;
13691369 b = fr_cursor_next(&src_list)) {
1370 found = false;
1371
13701372 for (a = fr_cursor_current(&dst_list);
13711373 a;
13721374 a = fr_cursor_next(&dst_list)) {
13761378 if (cmp > 0) break;
13771379 else if (cmp < 0) continue;
13781380
1381 /*
1382 * The LHS exists. We need to
1383 * limit it's value based on the
1384 * operator, and on the value of
1385 * the RHS.
1386 */
13791387 cmp = (value_data_cmp_op(map->op, a->da->type, &a->data, a->vp_length, b->da->type, &b->data, b->vp_length) == 0);
1380 if (cmp != 0) {
1388 if (cmp == 1) switch (map->op) {
1389
1390 /*
1391 * Keep only matching attributes.
1392 */
1393 default:
1394 case T_OP_REG_NE:
1395 case T_OP_NE:
1396 case T_OP_REG_EQ:
1397 case T_OP_CMP_EQ:
13811398 a = fr_cursor_remove(&dst_list);
13821399 talloc_free(a);
1400 break;
1401
1402 /*
1403 * Keep matching
1404 * attribute, and enforce
1405 * matching values.
1406 */
1407 case T_OP_GE:
1408 case T_OP_GT:
1409 case T_OP_LE:
1410 case T_OP_LT:
1411 DEBUG_OVERWRITE(a, b);
1412 (void) value_data_copy(a, &a->data, a->da->type,
1413 &b->data, b->vp_length);
1414 found = true;
1415 break;
13831416 }
13841417 }
1385 if (!a) break; /* end of the list */
1418
1419 /*
1420 * End of the dst list.
1421 */
1422 if (!a) {
1423 if (found) break;
1424
1425 switch (map->op) {
1426 default:
1427 break;
1428
1429 /*
1430 * It wasn't found. Insert it with the given value.
1431 */
1432 case T_OP_GE:
1433 case T_OP_GT:
1434 case T_OP_LE:
1435 case T_OP_LT:
1436 (void) fr_cursor_insert(&dst_list, fr_pair_copy(parent, b));
1437 break;
1438 }
1439 break;
1440 }
13861441 }
13871442 fr_pair_list_free(&head);
13881443 }
+11
-6
src/main/modcall.c less more
16631663
16641664 if (!map_cast_from_hex(map, T_BARE_WORD, vpt->name)) {
16651665 map->rhs = vpt;
1666 cf_log_err(map->ci, "%s", fr_strerror());
1666 cf_log_err(map->ci, "Cannot parse RHS hex as the data type of the attribute %s", map->lhs->tmpl_da->name);
16671667 return -1;
16681668 }
16691669 talloc_free(vpt);
16831683 da = dict_attrbytype(map->lhs->tmpl_da->attr, map->lhs->tmpl_da->vendor,
16841684 map->rhs->tmpl_data_type);
16851685 if (!da) {
1686 fr_strerror_printf("Cannot find %s variant of attribute \"%s\"",
1687 fr_int2str(dict_attr_types, map->rhs->tmpl_data_type,
1688 "<INVALID>"), map->lhs->tmpl_da->name);
1686 cf_log_err(map->ci, "Cannot find %s variant of attribute \"%s\"",
1687 fr_int2str(dict_attr_types, map->rhs->tmpl_data_type,
1688 "<INVALID>"), map->lhs->tmpl_da->name);
16891689 return -1;
16901690 }
16911691 map->lhs->tmpl_da = da;
20942094 memcpy(csingle->actions, defaultactions[component][GROUPTYPE_SIMPLE],
20952095 sizeof(csingle->actions));
20962096
2097 mx->xlat_name = strdup(fmt);
2097 mx->xlat_name = talloc_strdup(mx, fmt);
2098 if (!mx->xlat_name) {
2099 talloc_free(mx);
2100 return NULL;
2101 }
2102
20982103 if (fmt[0] != '%') {
20992104 char *p;
21002105 mx->exec = true;
33233328
33243329 if (!map_cast_from_hex(map, T_BARE_WORD, vpt->name)) {
33253330 map->rhs = vpt;
3326 cf_log_err(map->ci, "%s", fr_strerror());
3331 cf_log_err(map->ci, "Cannot parse RHS hex as the data type of the attribute %s", map->lhs->tmpl_da->name);
33273332 return -1;
33283333 }
33293334 talloc_free(vpt);
+10
-9
src/main/modules.c less more
154154 return 0;
155155 }
156156
157 lt_dlhandle lt_dlopenext(char const *name)
157 fr_dlhandle fr_dlopenext(char const *name)
158158 {
159159 int flags = RTLD_NOW;
160160 void *handle;
272272 return handle;
273273 }
274274
275 void *lt_dlsym(lt_dlhandle handle, char const *symbol)
275 void *fr_dlsym(fr_dlhandle handle, char const *symbol)
276276 {
277277 return dlsym(handle, symbol);
278278 }
279279
280 int lt_dlclose(lt_dlhandle handle)
280 int fr_dlclose(fr_dlhandle handle)
281281 {
282282 if (!handle) return 0;
283283
284284 return dlclose(handle);
285285 }
286286
287 char const *lt_dlerror(void)
287 char const *fr_dlerror(void)
288288 {
289289 return dlerror();
290290 }
515515 /*
516516 * Keep the handle around so we can dlclose() it.
517517 */
518 handle = lt_dlopenext(module_name);
518 handle = fr_dlopenext(module_name);
519519 if (!handle) {
520520 cf_log_err_cs(cs, "Failed to link to module '%s': %s", module_name, fr_strerror());
521521 return NULL;
577577 */
578578 if (node->entry->module->inst_size) {
579579 *handle = talloc_zero_array(node, uint8_t, node->entry->module->inst_size);
580 rad_assert(handle);
580 rad_assert(*handle);
581581
582582 talloc_set_name(*handle, "rlm_%s_t",
583583 node->entry->module->name ? node->entry->module->name : "config");
12471247
12481248 static int load_byserver(CONF_SECTION *cs)
12491249 {
1250 rlm_components_t comp, found;
1250 rlm_components_t comp;
1251 bool found;
12511252 char const *name = cf_section_name2(cs);
12521253 rbtree_t *components;
12531254 virtual_server_t *server = NULL;
12851286 * Loop over all of the known components, finding their
12861287 * configuration section, and loading it.
12871288 */
1288 found = 0;
1289 found = false;
12891290 for (comp = 0; comp < MOD_COUNT; ++comp) {
12901291 CONF_SECTION *subcs;
12911292
13451346
13461347 server->subcs[comp] = subcs;
13471348
1348 found = 1;
1349 found = true;
13491350 } /* loop over components */
13501351
13511352 /*
+2
-0
src/main/pair.c less more
7777
7878 char *expr = NULL, *value = NULL;
7979 char const *expr_p, *value_p;
80
81 if (!vp) return -2;
8082
8183 if (check->da->type == PW_TYPE_STRING) {
8284 expr_p = check->vp_strvalue;
+13
-5
src/main/process.c less more
414414 if (!packet) return;
415415 if (!RDEBUG_ENABLED) return;
416416
417 #ifdef WITH_DETAIL
418 /*
419 * Don't print IP addresses for detail files.
420 */
421 if (request->listener &&
422 (request->listener->type == RAD_LISTEN_DETAIL)) return;
423
424 #endif
417425 /*
418426 * Client-specific debugging re-prints the input
419427 * packet into the client log.
476484 {
477485 VERIFY_REQUEST(request);
478486
487 rad_assert(request->home_server != NULL);
488
479489 if (request->client) {
480490 /*
481491 * The client hasn't set the response window. Return
491501 }
492502 }
493503
494 rad_assert(request->home_server != NULL);
495504 return &request->home_server->response_window;
496505 }
497506
21132122 }
21142123
21152124 #ifdef WITH_TCP
2116 rad_assert(request->proxy_listener != NULL);
2117 request->proxy_listener->count--;
2125 if (request->proxy_listener) {
2126 request->proxy_listener->count--;
2127 }
21182128 #endif
21192129 request->proxy_listener = NULL;
21202130
25602570
25612571 #ifdef WITH_ACCOUNTING
25622572 case PW_CODE_ACCOUNTING_REQUEST:
2563 proxy_acct_stats.last_packet = packet->timestamp.tv_sec;
2564
25652573 request->proxy_listener->stats.total_responses++;
25662574 proxy_acct_stats.last_packet = packet->timestamp.tv_sec;
25672575 break;
+19
-15
src/main/radclient.c less more
976976 return -1;
977977 }
978978
979 fr_packet_header_print(fr_log_fp, request->packet, false);
980 if (fr_debug_lvl > 0) vp_printlist(fr_log_fp, request->packet->vps);
979 if (fr_log_fp) {
980 fr_packet_header_print(fr_log_fp, request->packet, false);
981 if (fr_debug_lvl > 0) vp_printlist(fr_log_fp, request->packet->vps);
982 }
981983
982984 return 0;
983985 }
10861088 goto packet_done;
10871089 }
10881090
1089 fr_packet_header_print(fr_log_fp, request->reply, true);
1090 if (fr_debug_lvl > 0) vp_printlist(fr_log_fp, request->reply->vps);
1091 if (fr_log_fp) {
1092 fr_packet_header_print(fr_log_fp, request->reply, true);
1093 if (fr_debug_lvl > 0) vp_printlist(fr_log_fp, request->reply->vps);
1094 }
10911095
10921096 /*
10931097 * Increment counters...
16201624 dict_free();
16211625
16221626 if (do_summary) {
1623 DEBUG("Packet summary:\n"
1624 "\tAccepted : %" PRIu64 "\n"
1625 "\tRejected : %" PRIu64 "\n"
1626 "\tLost : %" PRIu64 "\n"
1627 "\tPassed filter : %" PRIu64 "\n"
1628 "\tFailed filter : %" PRIu64,
1629 stats.accepted,
1630 stats.rejected,
1631 stats.lost,
1632 stats.passed,
1633 stats.failed
1627 printf("Packet summary:\n"
1628 "\tAccepted : %" PRIu64 "\n"
1629 "\tRejected : %" PRIu64 "\n"
1630 "\tLost : %" PRIu64 "\n"
1631 "\tPassed filter : %" PRIu64 "\n"
1632 "\tFailed filter : %" PRIu64 "\n",
1633 stats.accepted,
1634 stats.rejected,
1635 stats.lost,
1636 stats.passed,
1637 stats.failed
16341638 );
16351639 }
16361640
+2
-1
src/main/radmin.c less more
3939
4040 #ifdef HAVE_LIBREADLINE
4141
42 # include <stdio.h>
4243 #if defined(HAVE_READLINE_READLINE_H)
4344 # include <readline/readline.h>
4445 # define USE_READLINE (1)
602603
603604 if (!quiet) {
604605 printf("%s - FreeRADIUS Server administration tool.\n", radmin_version);
605 printf("Copyright (C) 2008-2016 The FreeRADIUS server project and contributors.\n");
606 printf("Copyright (C) 2008-2017 The FreeRADIUS server project and contributors.\n");
606607 printf("There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n");
607608 printf("PARTICULAR PURPOSE.\n");
608609 printf("You may redistribute copies of FreeRADIUS under the terms of the\n");
+1
-1
src/main/radtest.in less more
8080 PASSWORD="MS-CHAP-Password"
8181 ;;
8282 eap-md5)
83 PASSWORD="User-Password"
83 PASSWORD="Cleartext-Password"
8484 if [ ! -x "$radeapclient" ]
8585 then
8686 echo "radtest: No 'radeapclient' program was found. Cannot perform EAP-MD5." >&1
+29
-8
src/main/realms.c less more
191191 }
192192
193193
194 static size_t CC_HINT(nonnull) xlat_cs(CONF_SECTION *cs, char const *fmt, char *out, size_t outlen)
194 static size_t xlat_cs(CONF_SECTION *cs, char const *fmt, char *out, size_t outlen)
195195 {
196196 char const *value = NULL;
197
198 if (!fmt) {
199 DEBUG("No configuration item requested. Ignoring.");
200
201 *out = '\0';
202 return 0;
203 }
197204
198205 /*
199206 * Instance name
223230 /*
224231 * Xlat for %{home_server:foo}
225232 */
226 static ssize_t CC_HINT(nonnull) xlat_home_server(UNUSED void *instance, REQUEST *request,
227 char const *fmt, char *out, size_t outlen)
233 static ssize_t xlat_home_server(UNUSED void *instance, REQUEST *request,
234 char const *fmt, char *out, size_t outlen)
228235 {
229236 if (!request->home_server) {
230237 RWDEBUG("No home_server associated with this request");
238
239 *out = '\0';
240 return 0;
241 }
242
243 if (!fmt) {
244 RWDEBUG("No configuration item requested. Ignoring.");
231245
232246 *out = '\0';
233247 return 0;
265279 /*
266280 * Xlat for %{home_server_pool:foo}
267281 */
268 static ssize_t CC_HINT(nonnull) xlat_server_pool(UNUSED void *instance, REQUEST *request,
269 char const *fmt, char *out, size_t outlen)
282 static ssize_t xlat_server_pool(UNUSED void *instance, REQUEST *request,
283 char const *fmt, char *out, size_t outlen)
270284 {
271285 if (!request->home_pool) {
272286 RWDEBUG("No home_pool associated with this request");
287
288 *out = '\0';
289 return 0;
290 }
291
292 if (!fmt) {
293 RWDEBUG("No configuration item requested. Ignoring.");
273294
274295 *out = '\0';
275296 return 0;
11341155 }
11351156
11361157 this->next = NULL;
1137 this->when = now + 60;
1158 this->when = now + 300;
11381159 this->pool = pool;
11391160 pthread_mutex_unlock(&pool_free_mutex);
11401161 }
24422463 hash = 0;
24432464 break;
24442465 }
2445 fr_hash_update(&request->packet->src_port,
2446 sizeof(request->packet->src_port), hash);
2466 hash = fr_hash_update(&request->packet->src_port,
2467 sizeof(request->packet->src_port), hash);
24472468 start = hash % pool->num_home_servers;
24482469 break;
24492470
+0
-1
src/main/state.c less more
478478
479479 PTHREAD_MUTEX_UNLOCK(&state->mutex);
480480
481 rad_assert(request->state == NULL);
482481 VERIFY_REQUEST(request);
483482 return true;
484483 }
+17
-1
src/main/threads.c less more
221221
222222 static pthread_mutex_t *ssl_mutexes = NULL;
223223
224 #ifdef HAVE_CRYPTO_SET_ID_CALLBACK
224225 static unsigned long ssl_id_function(void)
225226 {
226227 unsigned long ret;
234235
235236 return ret;
236237 }
237
238 #endif
239
240 #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
238241 static void ssl_locking_function(int mode, int n, UNUSED char const *file, UNUSED int line)
239242 {
240243 if (mode & CRYPTO_LOCK) {
243246 pthread_mutex_unlock(&(ssl_mutexes[n]));
244247 }
245248 }
249 #endif
246250
247251 static int setup_ssl_mutexes(void)
248252 {
258262 pthread_mutex_init(&(ssl_mutexes[i]), NULL);
259263 }
260264
265 #ifdef HAVE_CRYPTO_SET_ID_CALLBACK
261266 CRYPTO_set_id_callback(ssl_id_function);
267 #endif
268 #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
262269 CRYPTO_set_locking_callback(ssl_locking_function);
270 #endif
263271
264272 return 1;
265273 }
717725 * must remove the thread's error queue before
718726 * exiting to prevent memory leaks.
719727 */
728 #if OPENSSL_VERSION_NUMBER < 0x10000000L
720729 ERR_remove_state(0);
730 #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
731 ERR_remove_thread_state(NULL);
732 #endif
721733 #endif
722734
723735 pthread_mutex_lock(&thread_pool.queue_mutex);
11001112 * We're no longer threaded. Remove the mutexes and free
11011113 * the memory.
11021114 */
1115 #ifdef HAVE_CRYPTO_SET_ID_CALLBACK
11031116 CRYPTO_set_id_callback(NULL);
1117 #endif
1118 #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
11041119 CRYPTO_set_locking_callback(NULL);
1120 #endif
11051121
11061122 free(ssl_mutexes);
11071123 #endif
+255
-67
src/main/tls.c less more
504504 talloc_set_destructor(ssn, _tls_session_free);
505505
506506 ssn->ctx = conf->ctx;
507 ssn->mtu = conf->fragment_size;
507508
508509 SSL_CTX_set_mode(ssn->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY);
509510
536537 SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_SSN, (void *)ssn);
537538 SSL_set_fd(ssn->ssl, fd);
538539 ret = SSL_connect(ssn->ssl);
540
541 if (ret < 0) {
542 switch (SSL_get_error(ssn->ssl, ret)) {
543 default:
544 break;
545
546
547
548 case SSL_ERROR_WANT_READ:
549 case SSL_ERROR_WANT_WRITE:
550 ssn->connected = false;
551 return ssn;
552 }
553 }
554
539555 if (ret <= 0) {
540556 tls_error_io_log(NULL, ssn, ret, "Failed in " STRINGIFY(__FUNCTION__) " (SSL_connect)");
541557 talloc_free(ssn);
543559 return NULL;
544560 }
545561
546 ssn->mtu = conf->fragment_size;
547
562 ssn->connected = true;
548563 return ssn;
549564 }
550565
822837
823838 static void session_close(tls_session_t *ssn)
824839 {
825 SSL_set_quiet_shutdown(ssn->ssl, 1);
826 SSL_shutdown(ssn->ssl);
827
828840 if (ssn->ssl) {
841 SSL_set_quiet_shutdown(ssn->ssl, 1);
842 SSL_shutdown(ssn->ssl);
843
829844 SSL_free(ssn->ssl);
830845 ssn->ssl = NULL;
831846 }
11881203 { "allow_expired_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, allow_expired_crl), NULL },
11891204 { "check_cert_cn", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_cn), NULL },
11901205 { "cipher_list", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, cipher_list), NULL },
1206 { "cipher_server_preference", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, cipher_server_preference), NULL },
11911207 { "check_cert_issuer", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_issuer), NULL },
11921208 { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, require_client_cert), NULL },
11931209
13581374 blob_len = i2d_SSL_SESSION(sess, NULL);
13591375 if (blob_len < 1) {
13601376 /* something went wrong */
1361 RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
1377 if (request) RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
13621378 return 0;
13631379 }
1364
13651380
13661381 /* Do not convert to TALLOC - Thread safety */
13671382 /* alloc and convert to ASN.1 */
13741389 p = sess_blob;
13751390 rv = i2d_SSL_SESSION(sess, &p);
13761391 if (rv != blob_len) {
1377 RWDEBUG("Session serialisation failed");
1392 if (request) RWDEBUG("Session serialisation failed");
13781393 goto error;
13791394 }
13801395
13811396 /* open output file */
13821397 snprintf(filename, sizeof(filename), "%s%c%s.asn1",
13831398 conf->session_cache_path, FR_DIR_SEP, buffer);
1384 fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600);
1399 fd = open(filename, O_RDWR|O_CREAT|O_EXCL, S_IWUSR);
13851400 if (fd < 0) {
1386 RERROR("Session serialisation failed, failed opening session file %s: %s",
1387 filename, fr_syserror(errno));
1401 if (request) RERROR("Session serialisation failed, failed opening session file %s: %s",
1402 filename, fr_syserror(errno));
13881403 goto error;
1404 }
1405
1406 /*
1407 * Set the filename to be temporarily write-only.
1408 */
1409 if (request) {
1410 VALUE_PAIR *vp;
1411
1412 vp = fr_pair_afrom_num(request->state_ctx, PW_TLS_CACHE_FILENAME, 0);
1413 if (vp) {
1414 fr_pair_value_strcpy(vp, filename);
1415 fr_pair_add(&request->state, vp);
1416 }
13891417 }
13901418
13911419 todo = blob_len;
13931421 while (todo > 0) {
13941422 rv = write(fd, p, todo);
13951423 if (rv < 1) {
1396 RWDEBUG("Failed writing session: %s", fr_syserror(errno));
1424 if (request) RWDEBUG("Failed writing session: %s", fr_syserror(errno));
13971425 close(fd);
13981426 goto error;
13991427 }
14011429 todo -= rv;
14021430 }
14031431 close(fd);
1404 RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
1432 if (request) RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
14051433 }
14061434
14071435 error:
14101438 return 0;
14111439 }
14121440
1441 /** Convert OpenSSL's ASN1_TIME to an epoch time
1442 *
1443 * @param[out] out Where to write the time_t.
1444 * @param[in] asn1 The ASN1_TIME to convert.
1445 * @return
1446 * - 0 success.
1447 * - -1 on failure.
1448 */
1449 static int ocsp_asn1time_to_epoch(time_t *out, char const *asn1)
1450 {
1451 struct tm t;
1452 char const *p = asn1, *end = p + strlen(p);
1453
1454 memset(&t, 0, sizeof(t));
1455
1456 if ((end - p) <= 12) {
1457 if ((end - p) < 2) {
1458 fr_strerror_printf("ASN1 date string too short, expected 2 additional bytes, got %zu bytes",
1459 end - p);
1460 return -1;
1461 }
1462
1463 t.tm_year = (*(p++) - '0') * 10;
1464 t.tm_year += (*(p++) - '0');
1465 if (t.tm_year < 70) t.tm_year += 100;
1466 } else {
1467 t.tm_year = (*(p++) - '0') * 1000;
1468 t.tm_year += (*(p++) - '0') * 100;
1469 t.tm_year += (*(p++) - '0') * 10;
1470 t.tm_year += (*(p++) - '0');
1471 t.tm_year -= 1900;
1472 }
1473
1474 if ((end - p) < 10) {
1475 fr_strerror_printf("ASN1 string too short, expected 10 additional bytes, got %zu bytes",
1476 end - p);
1477 return -1;
1478 }
1479
1480 t.tm_mon = (*(p++) - '0') * 10;
1481 t.tm_mon += (*(p++) - '0') - 1; // -1 since January is 0 not 1.
1482 t.tm_mday = (*(p++) - '0') * 10;
1483 t.tm_mday += (*(p++) - '0');
1484 t.tm_hour = (*(p++) - '0') * 10;
1485 t.tm_hour += (*(p++) - '0');
1486 t.tm_min = (*(p++) - '0') * 10;
1487 t.tm_min += (*(p++) - '0');
1488 t.tm_sec = (*(p++) - '0') * 10;
1489 t.tm_sec += (*(p++) - '0');
1490
1491 /* Apparently OpenSSL converts all timestamps to UTC? Maybe? */
1492 *out = timegm(&t);
1493 return 0;
1494 }
1495
1496 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
14131497 static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
1498 #else
1499 static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
1500 #endif
14141501 {
14151502 size_t size;
14161503 char buffer[2 * MAX_SESSION_SIZE + 1];
14521539
14531540 struct stat st;
14541541 VALUE_PAIR *vps = NULL;
1455
1456 /* read in the cached VPs from the .vps file */
1457 snprintf(filename, sizeof(filename), "%s%c%s.vps",
1458 conf->session_cache_path, FR_DIR_SEP, buffer);
1459 rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
1460 if (rv < 0) {
1461 /* not safe to un-persist a session w/o VPs */
1462 RWDEBUG("Failed loading persisted VPs for session %s", buffer);
1463 goto err;
1464 }
1542 VALUE_PAIR *vp;
14651543
14661544 /* load the actual SSL session */
14671545 snprintf(filename, sizeof(filename), "%s%c%s.asn1", conf->session_cache_path, FR_DIR_SEP, buffer);
14681546 fd = open(filename, O_RDONLY);
14691547 if (fd < 0) {
14701548 RWDEBUG("No persisted session file %s: %s", filename, fr_syserror(errno));
1471 goto err;
1549 goto error;
14721550 }
14731551
14741552 rv = fstat(fd, &st);
14751553 if (rv < 0) {
14761554 RWDEBUG("Failed stating persisted session file %s: %s", filename, fr_syserror(errno));
14771555 close(fd);
1478 goto err;
1556 goto error;
14791557 }
14801558
14811559 sess_data = talloc_array(NULL, unsigned char, st.st_size);
14821560 if (!sess_data) {
14831561 RWDEBUG("Failed allocating buffer for persisted session (%d bytes)", (int) st.st_size);
14841562 close(fd);
1485 goto err;
1563 goto error;
14861564 }
14871565
14881566 q = sess_data;
14921570 if (rv < 1) {
14931571 RWDEBUG("Failed reading persisted session: %s", fr_syserror(errno));
14941572 close(fd);
1495 goto err;
1573 goto error;
14961574 }
14971575 todo -= rv;
14981576 q += rv;
15151593 sess = d2i_SSL_SESSION(NULL, o, st.st_size);
15161594 if (!sess) {
15171595 RWDEBUG("Failed loading persisted session: %s", ERR_error_string(ERR_get_error(), NULL));
1518 goto err;
1596 goto error;
1597 }
1598
1599 /* read in the cached VPs from the .vps file */
1600 snprintf(filename, sizeof(filename), "%s%c%s.vps",
1601 conf->session_cache_path, FR_DIR_SEP, buffer);
1602 rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
1603 if (rv < 0) {
1604 /* not safe to un-persist a session w/o VPs */
1605 RWDEBUG("Failed loading persisted VPs for session %s", buffer);
1606 SSL_SESSION_free(sess);
1607 goto error;
1608 }
1609
1610 /*
1611 * Enforce client certificate expiration.
1612 */
1613 vp = fr_pair_find_by_num(pairlist->reply, PW_TLS_CLIENT_CERT_EXPIRATION, 0, TAG_ANY);
1614 if (vp) {
1615 time_t expires;
1616
1617 if (ocsp_asn1time_to_epoch(&expires, vp->vp_strvalue) < 0) {
1618 RDEBUG2("Failed getting certificate expiration, removing cache entry for session %s", buffer);
1619 SSL_SESSION_free(sess);
1620 goto error;
1621 }
1622
1623 if (expires <= request->timestamp) {
1624 RDEBUG2("Certificate has expired, removing cache entry for session %s", buffer);
1625 SSL_SESSION_free(sess);
1626 goto error;
1627 }
1628
1629 /*
1630 * Account for Session-Timeout, if it's available.
1631 */
1632 vp = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
1633 if (vp) {
1634 if ((request->timestamp + vp->vp_integer) > expires) {
1635 vp->vp_integer = expires - request->timestamp;
1636 RWDEBUG2("Updating Session-Timeout to %u, due to impending certificate expiration",
1637 vp->vp_integer);
1638 }
1639 }
15191640 }
15201641
15211642 /* move the cached VPs into the session */
15251646 RWDEBUG("Successfully restored session %s", buffer);
15261647 rdebug_pair_list(L_DBG_LVL_2, request, vps, "reply:");
15271648 }
1528 err:
1649 error:
15291650 if (sess_data) talloc_free(sess_data);
15301651 if (pairlist) pairlist_free(&pairlist);
15311652
19092030 char cn_str[1024];
19102031 char buf[64];
19112032 X509 *client_cert;
1912 X509_CINF *client_inf;
2033 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
2034 const STACK_OF(X509_EXTENSION) *ext_list;
2035 #else
19132036 STACK_OF(X509_EXTENSION) *ext_list;
2037 #endif
19142038 SSL *ssl;
19152039 int err, depth, lookup, loc;
19162040 fr_tls_server_conf_t *conf;
20152139 rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
20162140 }
20172141
2018 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer,
2142 X509_NAME_oneline(X509_get_issuer_name(client_cert), issuer,
20192143 sizeof(issuer));
20202144 issuer[sizeof(issuer) - 1] = '\0';
20212145 if (certs && identity && (lookup <= 1) && issuer[0]) {
20372161 /*
20382162 * Get the RFC822 Subject Alternative Name
20392163 */
2040 loc = X509_get_ext_by_NID(client_cert, NID_subject_alt_name, 0);
2164 loc = X509_get_ext_by_NID(client_cert, NID_subject_alt_name, -1);
20412165 if (certs && (lookup <= 1) && (loc >= 0)) {
20422166 X509_EXTENSION *ext = NULL;
20432167 GENERAL_NAMES *names = NULL;
20522176 #ifdef GEN_EMAIL
20532177 case GEN_EMAIL:
20542178 vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_EMAIL][lookup],
2055 (char *) ASN1_STRING_data(name->d.rfc822Name), T_OP_SET);
2179 (char const *) ASN1_STRING_get0_data(name->d.rfc822Name), T_OP_SET);
20562180 rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
20572181 break;
20582182 #endif /* GEN_EMAIL */
20592183 #ifdef GEN_DNS
20602184 case GEN_DNS:
20612185 vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_DNS][lookup],
2062 (char *) ASN1_STRING_data(name->d.dNSName), T_OP_SET);
2186 (char const *) ASN1_STRING_get0_data(name->d.dNSName), T_OP_SET);
20632187 rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
20642188 break;
20652189 #endif /* GEN_DNS */
20702194 /* we've got a UPN - Must be ASN1-encoded UTF8 string */
20712195 if (name->d.otherName->value->type == V_ASN1_UTF8STRING) {
20722196 vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_UPN][lookup],
2073 (char *) ASN1_STRING_data(name->d.otherName->value->value.utf8string), T_OP_SET);
2197 (char const *) ASN1_STRING_get0_data(name->d.otherName->value->value.utf8string), T_OP_SET);
20742198 rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
20752199 break;
20762200 } else {
21082232 }
21092233
21102234 if (lookup == 0) {
2235 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
2236 ext_list = X509_get0_extensions(client_cert);
2237 #else
2238 X509_CINF *client_inf;
21112239 client_inf = client_cert->cert_info;
21122240 ext_list = client_inf->extensions;
2241 #endif
21132242 } else {
21142243 ext_list = NULL;
21152244 }
21692298
21702299 REXDENT();
21712300
2172 switch (ctx->error) {
2301 switch (X509_STORE_CTX_get_error(ctx)) {
21732302 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
21742303 RERROR("issuer=%s", issuer);
21752304 break;
23122441 true, true, EXEC_TIMEOUT) != 0) {
23132442 AUTH(LOG_PREFIX ": Certificate CN (%s) fails external verification!", common_name);
23142443 my_ok = 0;
2315 } else {
2444
2445 } else if (request) {
23162446 RDEBUG("Client certificate CN %s passed external validation", common_name);
23172447 }
23182448
24172547 * is using the session
24182548 */
24192549 static void sess_free_vps(UNUSED void *parent, void *data_ptr,
2420 UNUSED CRYPTO_EX_DATA *ad, UNUSED int idx,
2421 UNUSED long argl, UNUSED void *argp)
2422 {
2423 VALUE_PAIR *vp = data_ptr;
2424 if (!vp) return;
2425
2426 DEBUG2(LOG_PREFIX ": Freeing cached session VPs");
2427
2428 fr_pair_list_free(&vp);
2550 UNUSED CRYPTO_EX_DATA *ad, UNUSED int idx,
2551 UNUSED long argl, UNUSED void *argp)
2552 {
2553 VALUE_PAIR *vp = data_ptr;
2554 if (!vp) return;
2555
2556 DEBUG2(LOG_PREFIX ": Freeing cached session VPs");
2557
2558 fr_pair_list_free(&vp);
24292559 }
24302560
24312561 static void sess_free_certs(UNUSED void *parent, void *data_ptr,
2432 UNUSED CRYPTO_EX_DATA *ad, UNUSED int idx,
2433 UNUSED long argl, UNUSED void *argp)
2434 {
2435 VALUE_PAIR **certs = data_ptr;
2436 if (!certs) return;
2437
2438 DEBUG2(LOG_PREFIX ": Freeing cached session Certificates");
2439
2440 fr_pair_list_free(certs);
2562 UNUSED CRYPTO_EX_DATA *ad, UNUSED int idx,
2563 UNUSED long argl, UNUSED void *argp)
2564 {
2565 VALUE_PAIR **certs = data_ptr;
2566 if (!certs) return;
2567
2568 DEBUG2(LOG_PREFIX ": Freeing cached session Certificates");
2569
2570 fr_pair_list_free(certs);
24412571 }
24422572
24432573 /** Add all the default ciphers and message digests reate our context.
24502580 SSL_load_error_strings(); /* readable error messages (examples show call before library_init) */
24512581 SSL_library_init(); /* initialize library */
24522582 OpenSSL_add_all_algorithms(); /* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */
2453 OPENSSL_config(NULL);
2583 CONF_modules_load_file(NULL, NULL, 0);
24542584
24552585 /*
24562586 * Initialize the index for the certificates.
25122642 */
25132643 void tls_global_cleanup(void)
25142644 {
2645 #if OPENSSL_VERSION_NUMBER < 0x10000000L
25152646 ERR_remove_state(0);
2647 #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
2648 ERR_remove_thread_state(NULL);
2649 #endif
25162650 ENGINE_cleanup();
25172651 CONF_modules_unload(1);
25182652 ERR_free_strings();
28042938 */
28052939 ctx_options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
28062940
2941 if (conf->cipher_server_preference) {
2942 /*
2943 * SSL_OP_CIPHER_SERVER_PREFERENCE to follow best practice
2944 * of nowday's TLS: do not allow poorly-selected ciphers from
2945 * client to take preference
2946 */
2947 ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
2948 }
2949
28072950 SSL_CTX_set_options(ctx, ctx_options);
28082951
28092952 /*
29283071 }
29293072
29303073 /*
2931 * Cache it, and DON'T auto-clear it.
3074 * Cache it, DON'T auto-clear it, and disable the internal OpenSSL session cache.
29323075 */
2933 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
3076 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR | SSL_SESS_CACHE_NO_INTERNAL);
29343077
29353078 SSL_CTX_set_session_id_context(ctx,
29363079 (unsigned char *) conf->session_context_id,
29763119 return 0;
29773120 }
29783121
2979 static fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx)
3122 fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx)
29803123 {
29813124 fr_tls_server_conf_t *conf;
29823125
30183161 */
30193162 if (conf->fragment_size < 100) conf->fragment_size = 100;
30203163
3021 if (!conf->private_key_file) {
3022 ERROR(LOG_PREFIX ": TLS Server requires a private key file");
3023 goto error;
3024 }
3025
3026 if (!conf->certificate_file) {
3027 ERROR(LOG_PREFIX ": TLS Server requires a certificate file");
3028 goto error;
3164 /*
3165 * Only check for certificate things if we don't have a
3166 * PSK query.
3167 */
3168 if (conf->psk_identity) {
3169 if (conf->private_key_file) {
3170 WARN(LOG_PREFIX ": Ignoring private key file due to psk_identity being used");
3171 }
3172
3173 if (conf->certificate_file) {
3174 WARN(LOG_PREFIX ": Ignoring certificate file due to psk_identity being used");
3175 }
3176
3177 } else {
3178 if (!conf->private_key_file) {
3179 ERROR(LOG_PREFIX ": TLS Server requires a private key file");
3180 goto error;
3181 }
3182
3183 if (!conf->certificate_file) {
3184 ERROR(LOG_PREFIX ": TLS Server requires a certificate file");
3185 goto error;
3186 }
30293187 }
30303188
30313189 /*
31293287
31303288 return conf;
31313289 }
3290
31323291
31333292 int tls_success(tls_session_t *ssn, REQUEST *request)
31343293 {
32073366 * Save the certs in the packet, so that we can see them.
32083367 */
32093368 fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
3369
3370 vp = fr_pair_find_by_num(request->packet->vps, PW_TLS_CLIENT_CERT_EXPIRATION, 0, TAG_ANY);
3371 if (vp) {
3372 time_t expires;
3373
3374 if (ocsp_asn1time_to_epoch(&expires, vp->vp_strvalue) < 0) {
3375 RDEBUG2("Failed getting certificate expiration, removing cache entry for session %s", buffer);
3376 SSL_CTX_remove_session(ssn->ctx, ssn->ssl_session);
3377 return -1;
3378 }
3379
3380 if (expires <= request->timestamp) {
3381 RDEBUG2("Certificate has expired, removing cache entry for session %s", buffer);
3382 SSL_CTX_remove_session(ssn->ctx, ssn->ssl_session);
3383 return -1;
3384 }
3385
3386 /*
3387 * Account for Session-Timeout, if it's available.
3388 */
3389 vp = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
3390 if (vp) {
3391 if ((request->timestamp + vp->vp_integer) > expires) {
3392 vp->vp_integer = expires - request->timestamp;
3393 RWDEBUG2("Updating Session-Timeout to %u, due to impending certificate expiration",
3394 vp->vp_integer);
3395 }
3396 }
3397 }
32103398 }
32113399
32123400 if (vps) {
+55
-2
src/main/tls_listen.c less more
156156 rad_assert(sock->packet != NULL);
157157 request->packet = talloc_steal(request, sock->packet);
158158
159 request->component = "<core>";
160159 request->component = "<tls-connect>";
161160
162161 request->reply = rad_alloc(request, false);
174173
175174 SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request);
176175 SSL_set_ex_data(sock->ssn->ssl, fr_tls_ex_index_certs, (void *) &sock->certs);
177 SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, sock->parent);
176 SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, NULL);
178177
179178 doing_init = true;
180179 }
479478 return 0;
480479 }
481480
481 static int try_connect(tls_session_t *ssn)
482 {
483 int ret;
484 ret = SSL_connect(ssn->ssl);
485 if (ret < 0) {
486 switch (SSL_get_error(ssn->ssl, ret)) {
487 default:
488 break;
489
490
491
492 case SSL_ERROR_WANT_READ:
493 case SSL_ERROR_WANT_WRITE:
494 ssn->connected = false;
495 return 0;
496 }
497 }
498
499 if (ret <= 0) {
500 tls_error_io_log(NULL, ssn, ret, "Failed in " STRINGIFY(__FUNCTION__) " (SSL_connect)");
501 talloc_free(ssn);
502
503 return -1;
504 }
505
506 return 1;
507 }
508
482509
483510 #ifdef WITH_PROXY
484511 /*
500527 uint8_t *data;
501528 listen_socket_t *sock = listener->data;
502529
530 if (!sock->ssn->connected) {
531 rcode = try_connect(sock->ssn);
532 if (rcode == 0) return 0;
533
534 if (rcode < 0) {
535 SSL_shutdown(sock->ssn->ssl);
536 return -1;
537 }
538
539 sock->ssn->connected = true;
540 }
541
503542 /*
504543 * Get the maximum size of data to receive.
505544 */
693732 request);
694733 }
695734
735 if (!sock->ssn->connected) {
736 PTHREAD_MUTEX_LOCK(&sock->mutex);
737 rcode = try_connect(sock->ssn);
738 PTHREAD_MUTEX_UNLOCK(&sock->mutex);
739 if (rcode == 0) return 0;
740
741 if (rcode < 0) {
742 SSL_shutdown(sock->ssn->ssl);
743 return -1;
744 }
745
746 sock->ssn->connected = true;
747 }
748
696749 DEBUG3("Proxy is writing %u bytes to SSL",
697750 (unsigned int) request->proxy->data_len);
698751 PTHREAD_MUTEX_LOCK(&sock->mutex);
+1
-1
src/main/version.c less more
576576 DEBUG2(" ");
577577 }
578578 INFO("FreeRADIUS Version " RADIUSD_VERSION_STRING);
579 INFO("Copyright (C) 1999-2016 The FreeRADIUS server project and contributors");
579 INFO("Copyright (C) 1999-2017 The FreeRADIUS server project and contributors");
580580 INFO("There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A");
581581 INFO("PARTICULAR PURPOSE");
582582 INFO("You may redistribute copies of FreeRADIUS under the terms of the");
+48
-22
src/main/xlat.c less more
16221622 #endif
16231623
16241624 case XLAT_ALTERNATE:
1625 DEBUG("%.*sif {", lvl, xlat_tabs);
1625 DEBUG("%.*sXLAT-IF {", lvl, xlat_tabs);
16261626 xlat_tokenize_debug(node->child, lvl + 1);
16271627 DEBUG("%.*s}", lvl, xlat_tabs);
1628 DEBUG("%.*selse {", lvl, xlat_tabs);
1628 DEBUG("%.*sXLAT-ELSE {", lvl, xlat_tabs);
16291629 xlat_tokenize_debug(node->alternate, lvl + 1);
16301630 DEBUG("%.*s}", lvl, xlat_tabs);
16311631 break;
17861786 * much faster.
17871787 */
17881788 tokens = talloc_typed_strdup(request, fmt);
1789 if (!tokens) return -1;
1789 if (!tokens) {
1790 error = "Out of memory";
1791 return -1;
1792 }
17901793
17911794 slen = xlat_tokenize_literal(request, tokens, head, false, &error);
17921795
18051808 */
18061809 if (slen < 0) {
18071810 talloc_free(tokens);
1808 rad_assert(error != NULL);
1811
1812 if (!error) error = "Unknown error";
18091813
18101814 REMARKER(fmt, -slen, error);
18111815 return slen;
21162120 * Don't escape this.
21172121 */
21182122 case XLAT_LITERAL:
2119 XLAT_DEBUG("xlat_aprint LITERAL");
2123 XLAT_DEBUG("%.*sxlat_aprint LITERAL", lvl, xlat_spaces);
21202124 return talloc_typed_strdup(ctx, node->fmt);
21212125
21222126 /*
21282132 size_t freespace = 256;
21292133 struct tm ts;
21302134 time_t when;
2131
2132 XLAT_DEBUG("xlat_aprint PERCENT");
2135 int usec;
2136
2137 XLAT_DEBUG("%.*sxlat_aprint PERCENT", lvl, xlat_spaces);
21332138
21342139 str = talloc_array(ctx, char, freespace); /* @todo do better allocation */
21352140 p = node->fmt;
21362141
21372142 when = request->timestamp;
2143 usec = 0;
21382144 if (request->packet) {
21392145 when = request->packet->timestamp.tv_sec;
2146 usec = request->packet->timestamp.tv_usec;
21402147 }
21412148
21422149 switch (*p) {
21982205
21992206 case 'T': /* request timestamp */
22002207 if (!localtime_r(&when, &ts)) goto error;
2201 strftime(str, freespace, "%Y-%m-%d-%H.%M.%S.000000", &ts);
2208 nl = str + strftime(str, freespace, "%Y-%m-%d-%H.%M.%S", &ts);
2209 rad_assert(((str + freespace) - nl) >= 8);
2210 snprintf(nl, (str + freespace) - nl, ".%06d", usec);
22022211 break;
22032212
22042213 case 'Y': /* request year */
22242233 break;
22252234
22262235 case XLAT_ATTRIBUTE:
2227 XLAT_DEBUG("xlat_aprint ATTRIBUTE");
2236 XLAT_DEBUG("%.*sxlat_aprint ATTRIBUTE", lvl, xlat_spaces);
22282237
22292238 /*
22302239 * Some attributes are virtual <sigh>
22312240 */
22322241 str = xlat_getvp(ctx, request, &node->attr, escape ? false : true, true);
22332242 if (str) {
2234 XLAT_DEBUG("EXPAND attr %s", node->attr.tmpl_da->name);
2235 XLAT_DEBUG(" ---> %s", str);
2243 XLAT_DEBUG("%.*sEXPAND attr %s", lvl, xlat_spaces, node->attr.tmpl_da->name);
2244 XLAT_DEBUG("%.*s ---> %s", lvl ,xlat_spaces, str);
22362245 }
22372246 break;
22382247
23262335
23272336 #ifdef HAVE_REGEX
23282337 case XLAT_REGEX:
2329 XLAT_DEBUG("xlat_aprint REGEX");
2338 XLAT_DEBUG("%.*sxlat_aprint REGEX", lvl, xlat_spaces);
23302339 if (regex_request_to_sub(ctx, &str, request, node->attr.tmpl_num) < 0) return NULL;
23312340
23322341 break;
23332342 #endif
23342343
23352344 case XLAT_ALTERNATE:
2336 XLAT_DEBUG("xlat_aprint ALTERNATE");
2345 XLAT_DEBUG("%.*sxlat_aprint ALTERNATE", lvl, xlat_spaces);
23372346 rad_assert(node->child != NULL);
23382347 rad_assert(node->alternate != NULL);
23392348
2340 str = xlat_aprint(ctx, request, node->child, escape, escape_ctx, lvl);
2341 if (str) {
2342 XLAT_DEBUG("ALTERNATE got string: %s", str);
2343 break;
2344 }
2345
2346 XLAT_DEBUG("ALTERNATE going to alternate");
2347 str = xlat_aprint(ctx, request, node->alternate, escape, escape_ctx, lvl);
2349 /*
2350 * If there are no "next" nodes, call ourselves
2351 * recursively, which is fast.
2352 *
2353 * If there are "next" nodes, call xlat_process()
2354 * which does a ton more work.
2355 */
2356 if (!node->next) {
2357 str = xlat_aprint(ctx, request, node->child, escape, escape_ctx, lvl);
2358 if (str) {
2359 XLAT_DEBUG("%.*sALTERNATE got first string: %s", lvl, xlat_spaces, str);
2360 } else {
2361 str = xlat_aprint(ctx, request, node->alternate, escape, escape_ctx, lvl);
2362 XLAT_DEBUG("%.*sALTERNATE got alternate string %s", lvl, xlat_spaces, str);
2363 }
2364 } else {
2365
2366 if (xlat_process(&str, request, node->child, escape, escape_ctx) > 0) {
2367 XLAT_DEBUG("%.*sALTERNATE got first string: %s", lvl, xlat_spaces, str);
2368 } else {
2369 (void) xlat_process(&str, request, node->alternate, escape, escape_ctx);
2370 XLAT_DEBUG("%.*sALTERNATE got alternate string %s", lvl, xlat_spaces, str);
2371 }
2372 }
23482373 break;
2349
23502374 }
23512375
23522376 /*
26122636
26132637 ssize_t radius_axlat(char **out, REQUEST *request, char const *fmt, xlat_escape_t escape, void *ctx)
26142638 {
2639 *out = NULL;
26152640 return xlat_expand(out, 0, request, fmt, escape, ctx);
26162641 }
26172642
26182643 ssize_t radius_axlat_struct(char **out, REQUEST *request, xlat_exp_t const *xlat, xlat_escape_t escape, void *ctx)
26192644 {
2645 *out = NULL;
26202646 return xlat_expand_struct(out, 0, request, xlat, escape, ctx);
26212647 }
+1
-0
src/modules/.gitignore less more
00 rlm_json
11 rlm_winbind
2 rlm_sigtran
23 *_ext
+4
-1
src/modules/proto_dhcp/dhcp.c less more
0
01 /*
12 * dhcp.c Functions to send/receive dhcp packets.
23 *
11541155 * DHCP-Message-Type is first, for simplicity.
11551156 */
11561157 if ((my_a->da->attr == PW_DHCP_MESSAGE_TYPE) && (my_b->da->attr != PW_DHCP_MESSAGE_TYPE)) return -1;
1158 if ((my_a->da->attr != PW_DHCP_MESSAGE_TYPE) && (my_b->da->attr == PW_DHCP_MESSAGE_TYPE)) return +1;
11571159
11581160 /*
11591161 * Relay-Agent is last
11601162 */
1161 if ((my_a->da->attr == PW_DHCP_OPTION_82) && (my_b->da->attr != PW_DHCP_OPTION_82)) return 1;
1163 if ((my_a->da->attr == PW_DHCP_OPTION_82) && (my_b->da->attr != PW_DHCP_OPTION_82)) return +1;
1164 if ((my_a->da->attr != PW_DHCP_OPTION_82) && (my_b->da->attr == PW_DHCP_OPTION_82)) return -1;
11621165
11631166 if (my_a->da->attr < my_b->da->attr) return -1;
11641167 if (my_a->da->attr > my_b->da->attr) return 1;
+9
-9
src/modules/proto_dhcp/dhcpd.c less more
104104 }
105105 vp = fr_pair_find_by_num(request->packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Hop-Count */
106106 rad_assert(vp != NULL);
107 if (vp->vp_integer > maxhops) {
107 if (vp->vp_byte > maxhops) {
108108 DEBUG("DHCP: Number of hops is greater than %d: not relaying\n", maxhops);
109109 return 1;
110110 } else {
111 /* Increment hop count */
112 vp->vp_integer++;
111 /* Increment hop count */
112 vp->vp_byte++;
113113 }
114114
115115 sock = request->listener->data;
300300
301301 vp = fr_pair_find_by_num(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
302302 if (vp) {
303 DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_integer);
303 DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_byte);
304304 DEBUG("Trying sub-section dhcp %s {...}",
305305 dv ? dv->name : "<unknown>");
306 rcode = process_post_auth(vp->vp_integer, request);
306 rcode = process_post_auth(vp->vp_byte, request);
307307 } else {
308308 DEBUG("DHCP: Failed to find DHCP-Message-Type in packet!");
309309 rcode = RLM_MODULE_FAIL;
311311
312312 vp = fr_pair_find_by_num(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
313313 if (vp) {
314 request->reply->code = vp->vp_integer;
314 request->reply->code = vp->vp_byte;
315315 if ((request->reply->code != 0) &&
316316 (request->reply->code < PW_DHCP_OFFSET)) {
317317 request->reply->code += PW_DHCP_OFFSET;
365365 }
366366
367367 /* BOOTREPLY received on port 67 (i.e. from a server) */
368 if (vp->vp_integer == 2) {
368 if (vp->vp_byte == 2) {
369369 return dhcprelay_process_server_reply(request);
370370 }
371371
375375 }
376376
377377 /* else it's a packet from a client, without relaying */
378 rad_assert(vp->vp_integer == 1); /* BOOTREQUEST */
378 rad_assert(vp->vp_byte == 1); /* BOOTREQUEST */
379379
380380 sock = request->listener->data;
381381
413413
414414 vp = fr_pair_find_by_num(request->reply->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
415415 rad_assert(vp != NULL);
416 vp->vp_integer = 2; /* BOOTREPLY */
416 vp->vp_byte = 2; /* BOOTREPLY */
417417
418418 /*
419419 * Allow NAKs to be delayed for a short period of time.
+1
-1
src/modules/rlm_cache/rlm_cache.c less more
711711 /*
712712 * Load the appropriate driver for our database
713713 */
714 inst->handle = lt_dlopenext(inst->driver_name);
714 inst->handle = fr_dlopenext(inst->driver_name);
715715 if (!inst->handle) {
716716 cf_log_err_cs(conf, "Could not link driver %s: %s", inst->driver_name, dlerror());
717717 cf_log_err_cs(conf, "Make sure it (and all its dependent libraries!) are in the search path"
+14
-3
src/modules/rlm_date/rlm_date.c less more
3131 typedef struct rlm_date_t {
3232 char const *xlat_name;
3333 char const *fmt;
34 bool utc;
3435 } rlm_date_t;
3536
3637 static const CONF_PARSER module_config[] = {
3738 { "format", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_date_t, fmt), "%b %e %Y %H:%M:%S %Z" },
39 { "utc", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_date_t, utc), "no" },
3840 CONF_PARSER_TERMINATOR
3941 };
4042
4547 time_t date = 0;
4648 struct tm tminfo;
4749 VALUE_PAIR *vp;
50
51 memset(&tminfo, 0, sizeof(tminfo));
4852
4953 if ((radius_get_vp(&vp, request, fmt) < 0) || !vp) {
5054 *out = '\0';
6670 date = (time_t) vp->vp_integer;
6771
6872 encode:
69 if (localtime_r(&date, &tminfo) == NULL) {
70 REDEBUG("Failed converting time string to localtime");
71 goto error;
73 if (!inst->utc) {
74 if (localtime_r(&date, &tminfo) == NULL) {
75 REDEBUG("Failed converting time string to localtime");
76 goto error;
77 }
78 } else {
79 if (gmtime_r(&date, &tminfo) == NULL) {
80 REDEBUG("Failed converting time string to gmtime");
81 goto error;
82 }
7283 }
7384 return strftime(out, outlen, inst->fmt, &tminfo);
7485
+6
-1
src/modules/rlm_detail/rlm_detail.c less more
223223 VALUE_PAIR *vp;
224224 char timestamp[256];
225225
226 if (!packet->vps) {
227 RWDEBUG("Skipping empty packet");
228 return 0;
229 }
230
226231 if (radius_xlat(timestamp, sizeof(timestamp), request, inst->header, NULL, NULL) < 0) {
227232 return -1;
228233 }
420425 * Flush everything
421426 */
422427 fclose(outfp);
423 exfile_unlock(inst->ef, outfd); /* do NOT close outfp */
428 exfile_unlock(inst->ef, outfd); /* do NOT close outfd */
424429
425430 /*
426431 * And everything is fine.
+1
-1
src/modules/rlm_eap/eap.c less more
124124 /*
125125 * Link the loaded EAP-Type
126126 */
127 method->handle = lt_dlopenext(mod_name);
127 method->handle = fr_dlopenext(mod_name);
128128 if (!method->handle) {
129129 ERROR("rlm_eap (%s): Failed to link %s: %s", inst->xlat_name, mod_name, fr_strerror());
130130
+6
-8
src/modules/rlm_eap/libeap/eap_chbind.c less more
206206 fake->server = "channel_bindings";
207207 fake->packet->code = PW_CODE_ACCESS_REQUEST;
208208
209 rcode = rad_virtual_server(fake);
210
211 switch (rcode) {
209 switch (rad_virtual_server(fake)) {
212210 /* If rad_authenticate succeeded, build a reply */
213211 case RLM_MODULE_OK:
214212 case RLM_MODULE_HANDLED:
279277 return packet;
280278 }
281279
282 VALUE_PAIR *eap_chbind_packet2vp(REQUEST *request, chbind_packet_t *packet)
280 VALUE_PAIR *eap_chbind_packet2vp(RADIUS_PACKET *packet, chbind_packet_t *chbind)
283281 {
284282 VALUE_PAIR *vp;
285283
286 if (!packet) return NULL; /* don't produce garbage */
287
288 vp = fr_pair_afrom_num(request->packet, PW_UKERNA_CHBIND, VENDORPEC_UKERNA);
284 if (!chbind) return NULL; /* don't produce garbage */
285
286 vp = fr_pair_afrom_num(packet, VENDORPEC_UKERNA, PW_UKERNA_CHBIND);
289287 if (!vp) return NULL;
290 fr_pair_value_memcpy(vp, (uint8_t *) packet, talloc_array_length((uint8_t *)packet));
288 fr_pair_value_memcpy(vp, (uint8_t *) chbind, talloc_array_length((uint8_t *)chbind));
291289
292290 return vp;
293291 }
+1
-1
src/modules/rlm_eap/libeap/eap_chbind.h less more
5757 /* Channel binding function prototypes */
5858 PW_CODE chbind_process(REQUEST *request, CHBIND_REQ *chbind_req);
5959
60 VALUE_PAIR *eap_chbind_packet2vp(REQUEST *request, chbind_packet_t *packet);
60 VALUE_PAIR *eap_chbind_packet2vp(RADIUS_PACKET *packet, chbind_packet_t *chbind);
6161 chbind_packet_t *eap_chbind_vp2packet(TALLOC_CTX *ctx, VALUE_PAIR *vps);
6262
6363 #endif /*_EAP_CHBIND_H*/
+9
-7
src/modules/rlm_eap/libeap/eap_tls.c less more
324324 if (prev_eap_ds && prev_eap_ds->response)
325325 eaptls_prev = (eaptls_packet_t *)prev_eap_ds->response->type.data;
326326
327 /*
328 * First output the flags (for debugging)
329 */
330 RDEBUG3("Peer sent flags %c%c%c",
331 TLS_START(eaptls_packet->flags) ? 'S' : '-',
332 TLS_MORE_FRAGMENTS(eaptls_packet->flags) ? 'M' : '-',
333 TLS_LENGTH_INCLUDED(eaptls_packet->flags) ? 'L' : '-');
327 if (eaptls_packet) {
328 /*
329 * First output the flags (for debugging)
330 */
331 RDEBUG3("Peer sent flags %c%c%c",
332 TLS_START(eaptls_packet->flags) ? 'S' : '-',
333 TLS_MORE_FRAGMENTS(eaptls_packet->flags) ? 'M' : '-',
334 TLS_LENGTH_INCLUDED(eaptls_packet->flags) ? 'L' : '-');
335 }
334336
335337 /*
336338 * check for ACK
+0
-1
src/modules/rlm_eap/libeap/eap_tls.h less more
6161 int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull);
6262
6363
64 /* MPPE key generation */
6564 void T_PRF(unsigned char const *secret, unsigned int secret_len, char const *prf_label, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned int out_len) CC_HINT(nonnull(1,3,6));
6665 void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label);
6766 void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
+35
-38
src/modules/rlm_eap/libeap/mppe_keys.c less more
3636 unsigned char const *seed, unsigned int seed_len,
3737 unsigned char *out, unsigned int out_len)
3838 {
39 HMAC_CTX ctx_a, ctx_out;
39 HMAC_CTX *ctx_a, *ctx_out;
4040 unsigned char a[HMAC_MAX_MD_CBLOCK];
4141 unsigned int size;
4242
43 HMAC_CTX_init(&ctx_a);
44 HMAC_CTX_init(&ctx_out);
43 ctx_a = HMAC_CTX_new();
44 ctx_out = HMAC_CTX_new();
4545 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
46 HMAC_CTX_set_flags(&ctx_a, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
47 HMAC_CTX_set_flags(&ctx_out, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
46 HMAC_CTX_set_flags(ctx_a, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
47 HMAC_CTX_set_flags(ctx_out, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
4848 #endif
49 HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL);
50 HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL);
51
52 size = HMAC_size(&ctx_out);
49 HMAC_Init_ex(ctx_a, secret, secret_len, evp_md, NULL);
50 HMAC_Init_ex(ctx_out, secret, secret_len, evp_md, NULL);
51
52 size = HMAC_size(ctx_out);
5353
5454 /* Calculate A(1) */
55 HMAC_Update(&ctx_a, seed, seed_len);
56 HMAC_Final(&ctx_a, a, NULL);
55 HMAC_Update(ctx_a, seed, seed_len);
56 HMAC_Final(ctx_a, a, NULL);
5757
5858 while (1) {
5959 /* Calculate next part of output */
60 HMAC_Update(&ctx_out, a, size);
61 HMAC_Update(&ctx_out, seed, seed_len);
60 HMAC_Update(ctx_out, a, size);
61 HMAC_Update(ctx_out, seed, seed_len);
6262
6363 /* Check if last part */
6464 if (out_len < size) {
65 HMAC_Final(&ctx_out, a, NULL);
65 HMAC_Final(ctx_out, a, NULL);
6666 memcpy(out, a, out_len);
6767 break;
6868 }
6969
7070 /* Place digest in output buffer */
71 HMAC_Final(&ctx_out, out, NULL);
72 HMAC_Init_ex(&ctx_out, NULL, 0, NULL, NULL);
71 HMAC_Final(ctx_out, out, NULL);
72 HMAC_Init_ex(ctx_out, NULL, 0, NULL, NULL);
7373 out += size;
7474 out_len -= size;
7575
7676 /* Calculate next A(i) */
77 HMAC_Init_ex(&ctx_a, NULL, 0, NULL, NULL);
78 HMAC_Update(&ctx_a, a, size);
79 HMAC_Final(&ctx_a, a, NULL);
80 }
81
82 HMAC_CTX_cleanup(&ctx_a);
83 HMAC_CTX_cleanup(&ctx_out);
77 HMAC_Init_ex(ctx_a, NULL, 0, NULL, NULL);
78 HMAC_Update(ctx_a, a, size);
79 HMAC_Final(ctx_a, a, NULL);
80 }
81
82 HMAC_CTX_free(ctx_a);
83 HMAC_CTX_free(ctx_out);
8484 memset(a, 0, sizeof(a));
8585 }
8686
242242
243243 p[0] = header & 0xff;
244244
245 #ifdef HAVE_SSL_GET_CLIENT_RANDOM
246245 SSL_get_client_random(s, p + 1, SSL3_RANDOM_SIZE);
247246 SSL_get_server_random(s, p + 1 + SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE);
248 #else
249 memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE);
250 memcpy(p + 1 + SSL3_RANDOM_SIZE,
251 s->s3->server_random, SSL3_RANDOM_SIZE);
252 #endif
247
253248 vp->vp_octets = p;
254249 fr_pair_add(&packet->vps, vp);
255250 }
259254 */
260255 void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label)
261256 {
257 uint8_t *p;
258 size_t len, master_key_len;
262259 uint8_t seed[128 + 2*SSL3_RANDOM_SIZE];
263 uint8_t *p = seed;
264 size_t len;
260 uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
265261
266262 len = strlen(prf_label);
267263 if (len > 128) len = 128;
268264
265 p = seed;
269266 memcpy(p, prf_label, len);
270267 p += len;
271 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
268 SSL_get_server_random(s, p, SSL3_RANDOM_SIZE);
272269 p += SSL3_RANDOM_SIZE;
273 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
270 SSL_get_client_random(s, p, SSL3_RANDOM_SIZE);
274271 p += SSL3_RANDOM_SIZE;
275272
276 PRF(s->session->master_key, s->session->master_key_length,
277 seed, p - seed, buffer, scratch, size);
278 }
279
280
273 master_key_len = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, sizeof(master_key));
274 PRF(master_key, master_key_len, seed, p - seed, buffer, scratch, size);
275 }
276
277
+2
-6
src/modules/rlm_eap/mem.c less more
8888
8989 handler->opaque = NULL;
9090 handler->free_opaque = NULL;
91
92 if (handler->certs) fr_pair_list_free(&handler->certs);
9391
9492 /*
9593 * Give helpful debug messages if:
110108 WARN("!! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility !!");
111109 WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
112110 }
113
114 talloc_free(handler);
115111
116112 return 0;
117113 }
435431 * Might not have been there.
436432 */
437433 if (!handler) {
438 ERROR("rlm_eap (%s): No EAP session matching state "
434 RERROR("rlm_eap (%s): No EAP session matching state "
439435 "0x%02x%02x%02x%02x%02x%02x%02x%02x",
440436 inst->xlat_name,
441437 state->vp_octets[0], state->vp_octets[1],
446442 }
447443
448444 if (handler->trips >= 50) {
449 ERROR("rlm_eap (%s): Aborting! More than 50 roundtrips "
445 RERROR("rlm_eap (%s): Aborting! More than 50 roundtrips "
450446 "made in session with state "
451447 "0x%02x%02x%02x%02x%02x%02x%02x%02x",
452448 inst->xlat_name,
+1
-0
src/modules/rlm_eap/radeapclient.c less more
467467 /*
468468 * Keep a copy of the the password attribute.
469469 */
470 case PW_CLEARTEXT_PASSWORD:
470471 case PW_USER_PASSWORD:
471472 case PW_CHAP_PASSWORD:
472473 case PW_MS_CHAP_PASSWORD:
+36
-3
src/modules/rlm_eap/rlm_eap.c less more
2929
3030 #include "rlm_eap.h"
3131
32 #include <sys/stat.h>
33
3234 static const CONF_PARSER module_config[] = {
3335 { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_t, default_method_name), "md5" },
3436 { "timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_t, timer_limit), "60" },
405407 }
406408
407409 } else {
410 /*
411 * Enable the cached entry on success.
412 */
413 if (handler->eap_ds->request->code == PW_EAP_SUCCESS) {
414 VALUE_PAIR *vp;
415
416 vp = fr_pair_find_by_num(request->state, PW_TLS_CACHE_FILENAME, 0, TAG_ANY);
417 if (vp) (void) chmod(vp->vp_strvalue, S_IRUSR | S_IWUSR);
418 }
419
420 /*
421 * Disable the cached entry on failure.
422 */
423 if (handler->eap_ds->request->code == PW_EAP_FAILURE) {
424 VALUE_PAIR *vp;
425
426 vp = fr_pair_find_by_num(request->state, PW_TLS_CACHE_FILENAME, 0, TAG_ANY);
427 if (vp) (void) unlink(vp->vp_strvalue);
428 }
429
408430 RDEBUG2("Freeing handler");
409431 /* handler is not required any more, free it now */
410432 talloc_free(handler);
430452
431453 /*
432454 * Cisco AP1230 has a bug and needs a zero
433 * terminated string in Access-Accept.
455 * terminated string in Access-Accept. This
456 * means it requires 2 trailing zeros. One to
457 * send in the RADIUS packet, and the other to
458 * convince the rest of the server that
459 * vp->vp_strvalue is still a NUL-terminated C
460 * string.
434461 */
435462 if (inst->mod_accounting_username_bug) {
436463 char const *old = vp->vp_strvalue;
437 char *new = talloc_zero_array(vp, char, vp->vp_length + 1);
464 char *new;
465
466 vp->vp_length++; /* account for an additional zero */
467
468 new = talloc_array(vp, char, vp->vp_length + 1);
438469
439470 memcpy(new, old, vp->vp_length);
471 new[vp->length] = '\0';
472 new[vp->length + 1] = '\0';
440473 vp->vp_strvalue = new;
441 vp->vp_length++;
442474
443475 rad_const_free(old);
476 VERIFY_VP(vp);
444477 }
445478 }
446479
+1
-1
src/modules/rlm_eap/rlm_eap.h less more
3535 typedef struct eap_module {
3636 char const *name;
3737 rlm_eap_module_t *type;
38 lt_dlhandle handle;
38 fr_dlhandle handle;
3939 CONF_SECTION *cs;
4040 void *instance;
4141 } eap_module_t;
+0
-10
src/modules/rlm_eap/types/rlm_eap_fast/all.mk less more
0 TARGETNAME := rlm_eap_fast
1
2 ifneq "$(OPENSSL_LIBS)" ""
3 TARGET := $(TARGETNAME).a
4 endif
5
6 SOURCES := $(TARGETNAME).c eap_fast.c eap_fast_crypto.c
7
8 SRC_INCDIRS := ${top_srcdir}/src/modules/rlm_eap/ ${top_srcdir}/src/modules/rlm_eap/libeap/
9 TGT_PREREQS := libfreeradius-eap.a
+10
-0
src/modules/rlm_eap/types/rlm_eap_fast/all.mk.in less more
0 TARGETNAME := @targetname@
1
2 ifneq "$(OPENSSL_LIBS)" ""
3 TARGET := $(TARGETNAME).a
4 endif
5
6 SOURCES := $(TARGETNAME).c eap_fast.c eap_fast_crypto.c
7
8 SRC_INCDIRS := ${top_srcdir}/src/modules/rlm_eap/ ${top_srcdir}/src/modules/rlm_eap/libeap/
9 TGT_PREREQS := libfreeradius-eap.a
+4550
-0
src/modules/rlm_eap/types/rlm_eap_fast/configure less more
0 #! /bin/sh
1 # From configure.ac Revision.
2 # Guess values for system-dependent variables and create Makefiles.
3 # Generated by GNU Autoconf 2.69.
4 #
5 #
6 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
7 #
8 #
9 # This configure script is free software; the Free Software Foundation
10 # gives unlimited permission to copy, distribute and modify it.
11 ## -------------------- ##
12 ## M4sh Initialization. ##
13 ## -------------------- ##
14
15 # Be more Bourne compatible
16 DUALCASE=1; export DUALCASE # for MKS sh
17 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
18 emulate sh
19 NULLCMD=:
20 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
21 # is contrary to our usage. Disable this feature.
22 alias -g '${1+"$@"}'='"$@"'
23 setopt NO_GLOB_SUBST
24 else
25 case `(set -o) 2>/dev/null` in #(
26 *posix*) :
27 set -o posix ;; #(
28 *) :
29 ;;
30 esac
31 fi
32
33
34 as_nl='
35 '
36 export as_nl
37 # Printing a long string crashes Solaris 7 /usr/bin/printf.
38 as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
39 as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
40 as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
41 # Prefer a ksh shell builtin over an external printf program on Solaris,
42 # but without wasting forks for bash or zsh.
43 if test -z "$BASH_VERSION$ZSH_VERSION" \
44 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
45 as_echo='print -r --'
46 as_echo_n='print -rn --'
47 elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
48 as_echo='printf %s\n'
49 as_echo_n='printf %s'
50 else
51 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
52 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
53 as_echo_n='/usr/ucb/echo -n'
54 else
55 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
56 as_echo_n_body='eval
57 arg=$1;
58 case $arg in #(
59 *"$as_nl"*)
60 expr "X$arg" : "X\\(.*\\)$as_nl";
61 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
62 esac;
63 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
64 '
65 export as_echo_n_body
66 as_echo_n='sh -c $as_echo_n_body as_echo'
67 fi
68 export as_echo_body
69 as_echo='sh -c $as_echo_body as_echo'
70 fi
71
72 # The user is always right.
73 if test "${PATH_SEPARATOR+set}" != set; then
74 PATH_SEPARATOR=:
75 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
76 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
77 PATH_SEPARATOR=';'
78 }
79 fi
80
81
82 # IFS
83 # We need space, tab and new line, in precisely that order. Quoting is
84 # there to prevent editors from complaining about space-tab.
85 # (If _AS_PATH_WALK were called with IFS unset, it would disable word
86 # splitting by setting IFS to empty value.)
87 IFS=" "" $as_nl"
88
89 # Find who we are. Look in the path if we contain no directory separator.
90 as_myself=
91 case $0 in #((
92 *[\\/]* ) as_myself=$0 ;;
93 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
94 for as_dir in $PATH
95 do
96 IFS=$as_save_IFS
97 test -z "$as_dir" && as_dir=.
98 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
99 done
100 IFS=$as_save_IFS
101
102 ;;
103 esac
104 # We did not find ourselves, most probably we were run as `sh COMMAND'
105 # in which case we are not to be found in the path.
106 if test "x$as_myself" = x; then
107 as_myself=$0
108 fi
109 if test ! -f "$as_myself"; then
110 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
111 exit 1
112 fi
113
114 # Unset variables that we do not need and which cause bugs (e.g. in
115 # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
116 # suppresses any "Segmentation fault" message there. '((' could
117 # trigger a bug in pdksh 5.2.14.
118 for as_var in BASH_ENV ENV MAIL MAILPATH
119 do eval test x\${$as_var+set} = xset \
120 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
121 done
122 PS1='$ '
123 PS2='> '
124 PS4='+ '
125
126 # NLS nuisances.
127 LC_ALL=C
128 export LC_ALL
129 LANGUAGE=C
130 export LANGUAGE
131
132 # CDPATH.
133 (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
134
135 # Use a proper internal environment variable to ensure we don't fall
136 # into an infinite loop, continuously re-executing ourselves.
137 if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
138 _as_can_reexec=no; export _as_can_reexec;
139 # We cannot yet assume a decent shell, so we have to provide a
140 # neutralization value for shells without unset; and this also
141 # works around shells that cannot unset nonexistent variables.
142 # Preserve -v and -x to the replacement shell.
143 BASH_ENV=/dev/null
144 ENV=/dev/null
145 (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
146 case $- in # ((((
147 *v*x* | *x*v* ) as_opts=-vx ;;
148 *v* ) as_opts=-v ;;
149 *x* ) as_opts=-x ;;
150 * ) as_opts= ;;
151 esac
152 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
153 # Admittedly, this is quite paranoid, since all the known shells bail
154 # out after a failed `exec'.
155 $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
156 as_fn_exit 255
157 fi
158 # We don't want this to propagate to other subprocesses.
159 { _as_can_reexec=; unset _as_can_reexec;}
160 if test "x$CONFIG_SHELL" = x; then
161 as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
162 emulate sh
163 NULLCMD=:
164 # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
165 # is contrary to our usage. Disable this feature.
166 alias -g '\${1+\"\$@\"}'='\"\$@\"'
167 setopt NO_GLOB_SUBST
168 else
169 case \`(set -o) 2>/dev/null\` in #(
170 *posix*) :
171 set -o posix ;; #(
172 *) :
173 ;;
174 esac
175 fi
176 "
177 as_required="as_fn_return () { (exit \$1); }
178 as_fn_success () { as_fn_return 0; }
179 as_fn_failure () { as_fn_return 1; }
180 as_fn_ret_success () { return 0; }
181 as_fn_ret_failure () { return 1; }
182
183 exitcode=0
184 as_fn_success || { exitcode=1; echo as_fn_success failed.; }
185 as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
186 as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
187 as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
188 if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
189
190 else
191 exitcode=1; echo positional parameters were not saved.
192 fi
193 test x\$exitcode = x0 || exit 1
194 test -x / || exit 1"
195 as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
196 as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
197 eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
198 test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
199 test \$(( 1 + 1 )) = 2 || exit 1"
200 if (eval "$as_required") 2>/dev/null; then :
201 as_have_required=yes
202 else
203 as_have_required=no
204 fi
205 if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
206
207 else
208 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
209 as_found=false
210 for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
211 do
212 IFS=$as_save_IFS
213 test -z "$as_dir" && as_dir=.
214 as_found=:
215 case $as_dir in #(
216 /*)
217 for as_base in sh bash ksh sh5; do
218 # Try only shells that exist, to save several forks.
219 as_shell=$as_dir/$as_base
220 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
221 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
222 CONFIG_SHELL=$as_shell as_have_required=yes
223 if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
224 break 2
225 fi
226 fi
227 done;;
228 esac
229 as_found=false
230 done
231 $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
232 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
233 CONFIG_SHELL=$SHELL as_have_required=yes
234 fi; }
235 IFS=$as_save_IFS
236
237
238 if test "x$CONFIG_SHELL" != x; then :
239 export CONFIG_SHELL
240 # We cannot yet assume a decent shell, so we have to provide a
241 # neutralization value for shells without unset; and this also
242 # works around shells that cannot unset nonexistent variables.
243 # Preserve -v and -x to the replacement shell.
244 BASH_ENV=/dev/null
245 ENV=/dev/null
246 (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
247 case $- in # ((((
248 *v*x* | *x*v* ) as_opts=-vx ;;
249 *v* ) as_opts=-v ;;
250 *x* ) as_opts=-x ;;
251 * ) as_opts= ;;
252 esac
253 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
254 # Admittedly, this is quite paranoid, since all the known shells bail
255 # out after a failed `exec'.
256 $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
257 exit 255
258 fi
259
260 if test x$as_have_required = xno; then :
261 $as_echo "$0: This script requires a shell more modern than all"
262 $as_echo "$0: the shells that I found on your system."
263 if test x${ZSH_VERSION+set} = xset ; then
264 $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
265 $as_echo "$0: be upgraded to zsh 4.3.4 or later."
266 else
267 $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
268 $0: including any error possibly output before this
269 $0: message. Then install a modern shell, or manually run
270 $0: the script under such a shell if you do have one."
271 fi
272 exit 1
273 fi
274 fi
275 fi
276 SHELL=${CONFIG_SHELL-/bin/sh}
277 export SHELL
278 # Unset more variables known to interfere with behavior of common tools.
279 CLICOLOR_FORCE= GREP_OPTIONS=
280 unset CLICOLOR_FORCE GREP_OPTIONS
281
282 ## --------------------- ##
283 ## M4sh Shell Functions. ##
284 ## --------------------- ##
285 # as_fn_unset VAR
286 # ---------------
287 # Portably unset VAR.
288 as_fn_unset ()
289 {
290 { eval $1=; unset $1;}
291 }
292 as_unset=as_fn_unset
293
294 # as_fn_set_status STATUS
295 # -----------------------
296 # Set $? to STATUS, without forking.
297 as_fn_set_status ()
298 {
299 return $1
300 } # as_fn_set_status
301
302 # as_fn_exit STATUS
303 # -----------------
304 # Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
305 as_fn_exit ()
306 {
307 set +e
308 as_fn_set_status $1
309 exit $1
310 } # as_fn_exit
311
312 # as_fn_mkdir_p
313 # -------------
314 # Create "$as_dir" as a directory, including parents if necessary.
315 as_fn_mkdir_p ()
316 {
317
318 case $as_dir in #(
319 -*) as_dir=./$as_dir;;
320 esac
321 test -d "$as_dir" || eval $as_mkdir_p || {
322 as_dirs=
323 while :; do
324 case $as_dir in #(
325 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
326 *) as_qdir=$as_dir;;
327 esac
328 as_dirs="'$as_qdir' $as_dirs"
329 as_dir=`$as_dirname -- "$as_dir" ||
330 $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
331 X"$as_dir" : 'X\(//\)[^/]' \| \
332 X"$as_dir" : 'X\(//\)$' \| \
333 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
334 $as_echo X"$as_dir" |
335 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
336 s//\1/
337 q
338 }
339 /^X\(\/\/\)[^/].*/{
340 s//\1/
341 q
342 }
343 /^X\(\/\/\)$/{
344 s//\1/
345 q
346 }
347 /^X\(\/\).*/{
348 s//\1/
349 q
350 }
351 s/.*/./; q'`
352 test -d "$as_dir" && break
353 done
354 test -z "$as_dirs" || eval "mkdir $as_dirs"
355 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
356
357
358 } # as_fn_mkdir_p
359
360 # as_fn_executable_p FILE
361 # -----------------------
362 # Test if FILE is an executable regular file.
363 as_fn_executable_p ()
364 {
365 test -f "$1" && test -x "$1"
366 } # as_fn_executable_p
367 # as_fn_append VAR VALUE
368 # ----------------------
369 # Append the text in VALUE to the end of the definition contained in VAR. Take
370 # advantage of any shell optimizations that allow amortized linear growth over
371 # repeated appends, instead of the typical quadratic growth present in naive
372 # implementations.
373 if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
374 eval 'as_fn_append ()
375 {
376 eval $1+=\$2
377 }'
378 else
379 as_fn_append ()
380 {
381 eval $1=\$$1\$2
382 }
383 fi # as_fn_append
384
385 # as_fn_arith ARG...
386 # ------------------
387 # Perform arithmetic evaluation on the ARGs, and store the result in the
388 # global $as_val. Take advantage of shells that can avoid forks. The arguments
389 # must be portable across $(()) and expr.
390 if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
391 eval 'as_fn_arith ()
392 {
393 as_val=$(( $* ))
394 }'
395 else
396 as_fn_arith ()
397 {
398 as_val=`expr "$@" || test $? -eq 1`
399 }
400 fi # as_fn_arith
401
402
403 # as_fn_error STATUS ERROR [LINENO LOG_FD]
404 # ----------------------------------------
405 # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
406 # provided, also output the error to LOG_FD, referencing LINENO. Then exit the
407 # script with STATUS, using 1 if that was 0.
408 as_fn_error ()
409 {
410 as_status=$1; test $as_status -eq 0 && as_status=1
411 if test "$4"; then
412 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
413 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
414 fi
415 $as_echo "$as_me: error: $2" >&2
416 as_fn_exit $as_status
417 } # as_fn_error
418
419 if expr a : '\(a\)' >/dev/null 2>&1 &&
420 test "X`expr 00001 : '.*\(...\)'`" = X001; then
421 as_expr=expr
422 else
423 as_expr=false
424 fi
425
426 if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
427 as_basename=basename
428 else
429 as_basename=false
430 fi
431
432 if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
433 as_dirname=dirname
434 else
435 as_dirname=false
436 fi
437
438 as_me=`$as_basename -- "$0" ||
439 $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
440 X"$0" : 'X\(//\)$' \| \
441 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
442 $as_echo X/"$0" |
443 sed '/^.*\/\([^/][^/]*\)\/*$/{
444 s//\1/
445 q
446 }
447 /^X\/\(\/\/\)$/{
448 s//\1/
449 q
450 }
451 /^X\/\(\/\).*/{
452 s//\1/
453 q
454 }
455 s/.*/./; q'`
456
457 # Avoid depending upon Character Ranges.
458 as_cr_letters='abcdefghijklmnopqrstuvwxyz'
459 as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
460 as_cr_Letters=$as_cr_letters$as_cr_LETTERS
461 as_cr_digits='0123456789'
462 as_cr_alnum=$as_cr_Letters$as_cr_digits
463
464
465 as_lineno_1=$LINENO as_lineno_1a=$LINENO
466 as_lineno_2=$LINENO as_lineno_2a=$LINENO
467 eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
468 test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
469 # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
470 sed -n '
471 p
472 /[$]LINENO/=
473 ' <$as_myself |
474 sed '
475 s/[$]LINENO.*/&-/
476 t lineno
477 b
478 :lineno
479 N
480 :loop
481 s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
482 t loop
483 s/-\n.*//
484 ' >$as_me.lineno &&
485 chmod +x "$as_me.lineno" ||
486 { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
487
488 # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
489 # already done that, so ensure we don't try to do so again and fall
490 # in an infinite loop. This has already happened in practice.
491 _as_can_reexec=no; export _as_can_reexec
492 # Don't try to exec as it changes $[0], causing all sort of problems
493 # (the dirname of $[0] is not the place where we might find the
494 # original and so on. Autoconf is especially sensitive to this).
495 . "./$as_me.lineno"
496 # Exit status is that of the last command.
497 exit
498 }
499
500 ECHO_C= ECHO_N= ECHO_T=
501 case `echo -n x` in #(((((
502 -n*)
503 case `echo 'xy\c'` in
504 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
505 xy) ECHO_C='\c';;
506 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
507 ECHO_T=' ';;
508 esac;;
509 *)
510 ECHO_N='-n';;
511 esac
512
513 rm -f conf$$ conf$$.exe conf$$.file
514 if test -d conf$$.dir; then
515 rm -f conf$$.dir/conf$$.file
516 else
517 rm -f conf$$.dir
518 mkdir conf$$.dir 2>/dev/null
519 fi
520 if (echo >conf$$.file) 2>/dev/null; then
521 if ln -s conf$$.file conf$$ 2>/dev/null; then
522 as_ln_s='ln -s'
523 # ... but there are two gotchas:
524 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
525 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
526 # In both cases, we have to default to `cp -pR'.
527 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
528 as_ln_s='cp -pR'
529 elif ln conf$$.file conf$$ 2>/dev/null; then
530 as_ln_s=ln
531 else
532 as_ln_s='cp -pR'
533 fi
534 else
535 as_ln_s='cp -pR'
536 fi
537 rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
538 rmdir conf$$.dir 2>/dev/null
539
540 if mkdir -p . 2>/dev/null; then
541 as_mkdir_p='mkdir -p "$as_dir"'
542 else
543 test -d ./-p && rmdir ./-p
544 as_mkdir_p=false
545 fi
546
547 as_test_x='test -x'
548 as_executable_p=as_fn_executable_p
549
550 # Sed expression to map a string onto a valid CPP name.
551 as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
552
553 # Sed expression to map a string onto a valid variable name.
554 as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
555
556
557 test -n "$DJDIR" || exec 7<&0 </dev/null
558 exec 6>&1
559
560 # Name of the host.
561 # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
562 # so uname gets run too.
563 ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
564
565 #
566 # Initializations.
567 #
568 ac_default_prefix=/usr/local
569 ac_clean_files=
570 ac_config_libobj_dir=.
571 LIBOBJS=
572 cross_compiling=no
573 subdirs=
574 MFLAGS=
575 MAKEFLAGS=
576
577 # Identity of this package.
578 PACKAGE_NAME=
579 PACKAGE_TARNAME=
580 PACKAGE_VERSION=
581 PACKAGE_STRING=
582 PACKAGE_BUGREPORT=
583 PACKAGE_URL=
584
585 ac_unique_file="rlm_eap_fast.c"
586 ac_subst_vars='LTLIBOBJS
587 LIBOBJS
588 targetname
589 mod_cflags
590 mod_ldflags
591 EGREP
592 GREP
593 CPP
594 OBJEXT
595 EXEEXT
596 ac_ct_CC
597 CPPFLAGS
598 LDFLAGS
599 CFLAGS
600 CC
601 target_alias
602 host_alias
603 build_alias
604 LIBS
605 ECHO_T
606 ECHO_N
607 ECHO_C
608 DEFS
609 mandir
610 localedir
611 libdir
612 psdir
613 pdfdir
614 dvidir
615 htmldir
616 infodir
617 docdir
618 oldincludedir
619 includedir
620 localstatedir
621 sharedstatedir
622 sysconfdir
623 datadir
624 datarootdir
625 libexecdir
626 sbindir
627 bindir
628 program_transform_name
629 prefix
630 exec_prefix
631 PACKAGE_URL
632 PACKAGE_BUGREPORT
633 PACKAGE_STRING
634 PACKAGE_VERSION
635 PACKAGE_TARNAME
636 PACKAGE_NAME
637 PATH_SEPARATOR
638 SHELL'
639 ac_subst_files=''
640 ac_user_opts='
641 enable_option_checking
642 with_openssl_lib_dir
643 with_openssl_include_dir
644 '
645 ac_precious_vars='build_alias
646 host_alias
647 target_alias
648 CC
649 CFLAGS
650 LDFLAGS
651 LIBS
652 CPPFLAGS
653 CPP'
654
655
656 # Initialize some variables set by options.
657 ac_init_help=
658 ac_init_version=false
659 ac_unrecognized_opts=
660 ac_unrecognized_sep=
661 # The variables have the same names as the options, with
662 # dashes changed to underlines.
663 cache_file=/dev/null
664 exec_prefix=NONE
665 no_create=
666 no_recursion=
667 prefix=NONE
668 program_prefix=NONE
669 program_suffix=NONE
670 program_transform_name=s,x,x,
671 silent=
672 site=
673 srcdir=
674 verbose=
675 x_includes=NONE
676 x_libraries=NONE
677
678 # Installation directory options.
679 # These are left unexpanded so users can "make install exec_prefix=/foo"
680 # and all the variables that are supposed to be based on exec_prefix
681 # by default will actually change.
682 # Use braces instead of parens because sh, perl, etc. also accept them.
683 # (The list follows the same order as the GNU Coding Standards.)
684 bindir='${exec_prefix}/bin'
685 sbindir='${exec_prefix}/sbin'
686 libexecdir='${exec_prefix}/libexec'
687 datarootdir='${prefix}/share'
688 datadir='${datarootdir}'
689 sysconfdir='${prefix}/etc'
690 sharedstatedir='${prefix}/com'
691 localstatedir='${prefix}/var'
692 includedir='${prefix}/include'
693 oldincludedir='/usr/include'
694 docdir='${datarootdir}/doc/${PACKAGE}'
695 infodir='${datarootdir}/info'
696 htmldir='${docdir}'
697 dvidir='${docdir}'
698 pdfdir='${docdir}'
699 psdir='${docdir}'
700 libdir='${exec_prefix}/lib'
701 localedir='${datarootdir}/locale'
702 mandir='${datarootdir}/man'
703
704 ac_prev=
705 ac_dashdash=
706 for ac_option
707 do
708 # If the previous option needs an argument, assign it.
709 if test -n "$ac_prev"; then
710 eval $ac_prev=\$ac_option
711 ac_prev=
712 continue
713 fi
714
715 case $ac_option in
716 *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
717 *=) ac_optarg= ;;
718 *) ac_optarg=yes ;;
719 esac
720
721 # Accept the important Cygnus configure options, so we can diagnose typos.
722
723 case $ac_dashdash$ac_option in
724 --)
725 ac_dashdash=yes ;;
726
727 -bindir | --bindir | --bindi | --bind | --bin | --bi)
728 ac_prev=bindir ;;
729 -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
730 bindir=$ac_optarg ;;
731
732 -build | --build | --buil | --bui | --bu)
733 ac_prev=build_alias ;;
734 -build=* | --build=* | --buil=* | --bui=* | --bu=*)
735 build_alias=$ac_optarg ;;
736
737 -cache-file | --cache-file | --cache-fil | --cache-fi \
738 | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
739 ac_prev=cache_file ;;
740 -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
741 | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
742 cache_file=$ac_optarg ;;
743
744 --config-cache | -C)
745 cache_file=config.cache ;;
746
747 -datadir | --datadir | --datadi | --datad)
748 ac_prev=datadir ;;
749 -datadir=* | --datadir=* | --datadi=* | --datad=*)
750 datadir=$ac_optarg ;;
751
752 -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
753 | --dataroo | --dataro | --datar)
754 ac_prev=datarootdir ;;
755 -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
756 | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
757 datarootdir=$ac_optarg ;;
758
759 -disable-* | --disable-*)
760 ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
761 # Reject names that are not valid shell variable names.
762 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
763 as_fn_error $? "invalid feature name: $ac_useropt"
764 ac_useropt_orig=$ac_useropt
765 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
766 case $ac_user_opts in
767 *"
768 "enable_$ac_useropt"
769 "*) ;;
770 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
771 ac_unrecognized_sep=', ';;
772 esac
773 eval enable_$ac_useropt=no ;;
774
775 -docdir | --docdir | --docdi | --doc | --do)
776 ac_prev=docdir ;;
777 -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
778 docdir=$ac_optarg ;;
779
780 -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
781 ac_prev=dvidir ;;
782 -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
783 dvidir=$ac_optarg ;;
784
785 -enable-* | --enable-*)
786 ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
787 # Reject names that are not valid shell variable names.
788 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
789 as_fn_error $? "invalid feature name: $ac_useropt"
790 ac_useropt_orig=$ac_useropt
791 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
792 case $ac_user_opts in
793 *"
794 "enable_$ac_useropt"
795 "*) ;;
796 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
797 ac_unrecognized_sep=', ';;
798 esac
799 eval enable_$ac_useropt=\$ac_optarg ;;
800
801 -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
802 | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
803 | --exec | --exe | --ex)
804 ac_prev=exec_prefix ;;
805 -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
806 | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
807 | --exec=* | --exe=* | --ex=*)
808 exec_prefix=$ac_optarg ;;
809
810 -gas | --gas | --ga | --g)
811 # Obsolete; use --with-gas.
812 with_gas=yes ;;
813
814 -help | --help | --hel | --he | -h)
815 ac_init_help=long ;;
816 -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
817 ac_init_help=recursive ;;
818 -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
819 ac_init_help=short ;;
820
821 -host | --host | --hos | --ho)
822 ac_prev=host_alias ;;
823 -host=* | --host=* | --hos=* | --ho=*)
824 host_alias=$ac_optarg ;;
825
826 -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
827 ac_prev=htmldir ;;
828 -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
829 | --ht=*)
830 htmldir=$ac_optarg ;;
831
832 -includedir | --includedir | --includedi | --included | --include \
833 | --includ | --inclu | --incl | --inc)
834 ac_prev=includedir ;;
835 -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
836 | --includ=* | --inclu=* | --incl=* | --inc=*)
837 includedir=$ac_optarg ;;
838
839 -infodir | --infodir | --infodi | --infod | --info | --inf)
840 ac_prev=infodir ;;
841 -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
842 infodir=$ac_optarg ;;
843
844 -libdir | --libdir | --libdi | --libd)
845 ac_prev=libdir ;;
846 -libdir=* | --libdir=* | --libdi=* | --libd=*)
847 libdir=$ac_optarg ;;
848
849 -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
850 | --libexe | --libex | --libe)
851 ac_prev=libexecdir ;;
852 -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
853 | --libexe=* | --libex=* | --libe=*)
854 libexecdir=$ac_optarg ;;
855
856 -localedir | --localedir | --localedi | --localed | --locale)
857 ac_prev=localedir ;;
858 -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
859 localedir=$ac_optarg ;;
860
861 -localstatedir | --localstatedir | --localstatedi | --localstated \
862 | --localstate | --localstat | --localsta | --localst | --locals)
863 ac_prev=localstatedir ;;
864 -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
865 | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
866 localstatedir=$ac_optarg ;;
867
868 -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
869 ac_prev=mandir ;;
870 -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
871 mandir=$ac_optarg ;;
872
873 -nfp | --nfp | --nf)
874 # Obsolete; use --without-fp.
875 with_fp=no ;;
876
877 -no-create | --no-create | --no-creat | --no-crea | --no-cre \
878 | --no-cr | --no-c | -n)
879 no_create=yes ;;
880
881 -no-recursion | --no-recursion | --no-recursio | --no-recursi \
882 | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
883 no_recursion=yes ;;
884
885 -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
886 | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
887 | --oldin | --oldi | --old | --ol | --o)
888 ac_prev=oldincludedir ;;
889 -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
890 | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
891 | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
892 oldincludedir=$ac_optarg ;;
893
894 -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
895 ac_prev=prefix ;;
896 -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
897 prefix=$ac_optarg ;;
898
899 -program-prefix | --program-prefix | --program-prefi | --program-pref \
900 | --program-pre | --program-pr | --program-p)
901 ac_prev=program_prefix ;;
902 -program-prefix=* | --program-prefix=* | --program-prefi=* \
903 | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
904 program_prefix=$ac_optarg ;;
905
906 -program-suffix | --program-suffix | --program-suffi | --program-suff \
907 | --program-suf | --program-su | --program-s)
908 ac_prev=program_suffix ;;
909 -program-suffix=* | --program-suffix=* | --program-suffi=* \
910 | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
911 program_suffix=$ac_optarg ;;
912
913 -program-transform-name | --program-transform-name \
914 | --program-transform-nam | --program-transform-na \
915 | --program-transform-n | --program-transform- \
916 | --program-transform | --program-transfor \
917 | --program-transfo | --program-transf \
918 | --program-trans | --program-tran \
919 | --progr-tra | --program-tr | --program-t)
920 ac_prev=program_transform_name ;;
921 -program-transform-name=* | --program-transform-name=* \
922 | --program-transform-nam=* | --program-transform-na=* \
923 | --program-transform-n=* | --program-transform-=* \
924 | --program-transform=* | --program-transfor=* \
925 | --program-transfo=* | --program-transf=* \
926 | --program-trans=* | --program-tran=* \
927 | --progr-tra=* | --program-tr=* | --program-t=*)
928 program_transform_name=$ac_optarg ;;
929
930 -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
931 ac_prev=pdfdir ;;
932 -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
933 pdfdir=$ac_optarg ;;
934
935 -psdir | --psdir | --psdi | --psd | --ps)
936 ac_prev=psdir ;;
937 -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
938 psdir=$ac_optarg ;;
939
940 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
941 | -silent | --silent | --silen | --sile | --sil)
942 silent=yes ;;
943
944 -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
945 ac_prev=sbindir ;;
946 -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
947 | --sbi=* | --sb=*)
948 sbindir=$ac_optarg ;;
949
950 -sharedstatedir | --sharedstatedir | --sharedstatedi \
951 | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
952 | --sharedst | --shareds | --shared | --share | --shar \
953 | --sha | --sh)
954 ac_prev=sharedstatedir ;;
955 -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
956 | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
957 | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
958 | --sha=* | --sh=*)
959 sharedstatedir=$ac_optarg ;;
960
961 -site | --site | --sit)
962 ac_prev=site ;;
963 -site=* | --site=* | --sit=*)
964 site=$ac_optarg ;;
965
966 -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
967 ac_prev=srcdir ;;
968 -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
969 srcdir=$ac_optarg ;;
970
971 -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
972 | --syscon | --sysco | --sysc | --sys | --sy)
973 ac_prev=sysconfdir ;;
974 -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
975 | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
976 sysconfdir=$ac_optarg ;;
977
978 -target | --target | --targe | --targ | --tar | --ta | --t)
979 ac_prev=target_alias ;;
980 -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
981 target_alias=$ac_optarg ;;
982
983 -v | -verbose | --verbose | --verbos | --verbo | --verb)
984 verbose=yes ;;
985
986 -version | --version | --versio | --versi | --vers | -V)
987 ac_init_version=: ;;
988
989 -with-* | --with-*)
990 ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
991 # Reject names that are not valid shell variable names.
992 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
993 as_fn_error $? "invalid package name: $ac_useropt"
994 ac_useropt_orig=$ac_useropt
995 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
996 case $ac_user_opts in
997 *"
998 "with_$ac_useropt"
999 "*) ;;
1000 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
1001 ac_unrecognized_sep=', ';;
1002 esac
1003 eval with_$ac_useropt=\$ac_optarg ;;
1004
1005 -without-* | --without-*)
1006 ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
1007 # Reject names that are not valid shell variable names.
1008 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1009 as_fn_error $? "invalid package name: $ac_useropt"
1010 ac_useropt_orig=$ac_useropt
1011 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1012 case $ac_user_opts in
1013 *"
1014 "with_$ac_useropt"
1015 "*) ;;
1016 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
1017 ac_unrecognized_sep=', ';;
1018 esac
1019 eval with_$ac_useropt=no ;;
1020
1021 --x)
1022 # Obsolete; use --with-x.
1023 with_x=yes ;;
1024
1025 -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
1026 | --x-incl | --x-inc | --x-in | --x-i)
1027 ac_prev=x_includes ;;
1028 -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
1029 | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
1030 x_includes=$ac_optarg ;;
1031
1032 -x-libraries | --x-libraries | --x-librarie | --x-librari \
1033 | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
1034 ac_prev=x_libraries ;;
1035 -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
1036 | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
1037 x_libraries=$ac_optarg ;;
1038
1039 -*) as_fn_error $? "unrecognized option: \`$ac_option'
1040 Try \`$0 --help' for more information"
1041 ;;
1042
1043 *=*)
1044 ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
1045 # Reject names that are not valid shell variable names.
1046 case $ac_envvar in #(
1047 '' | [0-9]* | *[!_$as_cr_alnum]* )
1048 as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
1049 esac
1050 eval $ac_envvar=\$ac_optarg
1051 export $ac_envvar ;;
1052
1053 *)
1054 # FIXME: should be removed in autoconf 3.0.
1055 $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
1056 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
1057 $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
1058 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
1059 ;;
1060
1061 esac
1062 done
1063
1064 if test -n "$ac_prev"; then
1065 ac_option=--`echo $ac_prev | sed 's/_/-/g'`
1066 as_fn_error $? "missing argument to $ac_option"
1067 fi
1068
1069 if test -n "$ac_unrecognized_opts"; then
1070 case $enable_option_checking in
1071 no) ;;
1072 fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
1073 *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
1074 esac
1075 fi
1076
1077 # Check all directory arguments for consistency.
1078 for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
1079 datadir sysconfdir sharedstatedir localstatedir includedir \
1080 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
1081 libdir localedir mandir
1082 do
1083 eval ac_val=\$$ac_var
1084 # Remove trailing slashes.
1085 case $ac_val in
1086 */ )
1087 ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
1088 eval $ac_var=\$ac_val;;
1089 esac
1090 # Be sure to have absolute directory names.
1091 case $ac_val in
1092 [\\/$]* | ?:[\\/]* ) continue;;
1093 NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
1094 esac
1095 as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
1096 done
1097
1098 # There might be people who depend on the old broken behavior: `$host'
1099 # used to hold the argument of --host etc.
1100 # FIXME: To remove some day.
1101 build=$build_alias
1102 host=$host_alias
1103 target=$target_alias
1104
1105 # FIXME: To remove some day.
1106 if test "x$host_alias" != x; then
1107 if test "x$build_alias" = x; then
1108 cross_compiling=maybe
1109 elif test "x$build_alias" != "x$host_alias"; then
1110 cross_compiling=yes
1111 fi
1112 fi
1113
1114 ac_tool_prefix=
1115 test -n "$host_alias" && ac_tool_prefix=$host_alias-
1116
1117 test "$silent" = yes && exec 6>/dev/null
1118
1119
1120 ac_pwd=`pwd` && test -n "$ac_pwd" &&
1121 ac_ls_di=`ls -di .` &&
1122 ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
1123 as_fn_error $? "working directory cannot be determined"
1124 test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
1125 as_fn_error $? "pwd does not report name of working directory"
1126
1127
1128 # Find the source files, if location was not specified.
1129 if test -z "$srcdir"; then
1130 ac_srcdir_defaulted=yes
1131 # Try the directory containing this script, then the parent directory.
1132 ac_confdir=`$as_dirname -- "$as_myself" ||
1133 $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1134 X"$as_myself" : 'X\(//\)[^/]' \| \
1135 X"$as_myself" : 'X\(//\)$' \| \
1136 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
1137 $as_echo X"$as_myself" |
1138 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
1139 s//\1/
1140 q
1141 }
1142 /^X\(\/\/\)[^/].*/{
1143 s//\1/
1144 q
1145 }
1146 /^X\(\/\/\)$/{
1147 s//\1/
1148 q
1149 }
1150 /^X\(\/\).*/{
1151 s//\1/
1152 q
1153 }
1154 s/.*/./; q'`
1155 srcdir=$ac_confdir
1156 if test ! -r "$srcdir/$ac_unique_file"; then
1157 srcdir=..
1158 fi
1159 else
1160 ac_srcdir_defaulted=no
1161 fi
1162 if test ! -r "$srcdir/$ac_unique_file"; then
1163 test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
1164 as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
1165 fi
1166 ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
1167 ac_abs_confdir=`(
1168 cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
1169 pwd)`
1170 # When building in place, set srcdir=.
1171 if test "$ac_abs_confdir" = "$ac_pwd"; then
1172 srcdir=.
1173 fi
1174 # Remove unnecessary trailing slashes from srcdir.
1175 # Double slashes in file names in object file debugging info
1176 # mess up M-x gdb in Emacs.
1177 case $srcdir in
1178 */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
1179 esac
1180 for ac_var in $ac_precious_vars; do
1181 eval ac_env_${ac_var}_set=\${${ac_var}+set}
1182 eval ac_env_${ac_var}_value=\$${ac_var}
1183 eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
1184 eval ac_cv_env_${ac_var}_value=\$${ac_var}
1185 done
1186
1187 #
1188 # Report the --help message.
1189 #
1190 if test "$ac_init_help" = "long"; then
1191 # Omit some internal or obsolete options to make the list less imposing.
1192 # This message is too long to be a string in the A/UX 3.1 sh.
1193 cat <<_ACEOF
1194 \`configure' configures this package to adapt to many kinds of systems.
1195
1196 Usage: $0 [OPTION]... [VAR=VALUE]...
1197
1198 To assign environment variables (e.g., CC, CFLAGS...), specify them as
1199 VAR=VALUE. See below for descriptions of some of the useful variables.
1200
1201 Defaults for the options are specified in brackets.
1202
1203 Configuration:
1204 -h, --help display this help and exit
1205 --help=short display options specific to this package
1206 --help=recursive display the short help of all the included packages
1207 -V, --version display version information and exit
1208 -q, --quiet, --silent do not print \`checking ...' messages
1209 --cache-file=FILE cache test results in FILE [disabled]
1210 -C, --config-cache alias for \`--cache-file=config.cache'
1211 -n, --no-create do not create output files
1212 --srcdir=DIR find the sources in DIR [configure dir or \`..']
1213
1214 Installation directories:
1215 --prefix=PREFIX install architecture-independent files in PREFIX
1216 [$ac_default_prefix]
1217 --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
1218 [PREFIX]
1219
1220 By default, \`make install' will install all the files in
1221 \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
1222 an installation prefix other than \`$ac_default_prefix' using \`--prefix',
1223 for instance \`--prefix=\$HOME'.
1224
1225 For better control, use the options below.
1226
1227 Fine tuning of the installation directories:
1228 --bindir=DIR user executables [EPREFIX/bin]
1229 --sbindir=DIR system admin executables [EPREFIX/sbin]
1230 --libexecdir=DIR program executables [EPREFIX/libexec]
1231 --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
1232 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
1233 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
1234 --libdir=DIR object code libraries [EPREFIX/lib]
1235 --includedir=DIR C header files [PREFIX/include]
1236 --oldincludedir=DIR C header files for non-gcc [/usr/include]
1237 --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
1238 --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
1239 --infodir=DIR info documentation [DATAROOTDIR/info]
1240 --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
1241 --mandir=DIR man documentation [DATAROOTDIR/man]
1242 --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
1243 --htmldir=DIR html documentation [DOCDIR]
1244 --dvidir=DIR dvi documentation [DOCDIR]
1245 --pdfdir=DIR pdf documentation [DOCDIR]
1246 --psdir=DIR ps documentation [DOCDIR]
1247 _ACEOF
1248
1249 cat <<\_ACEOF
1250 _ACEOF
1251 fi
1252
1253 if test -n "$ac_init_help"; then
1254
1255 cat <<\_ACEOF
1256
1257 Optional Packages:
1258 --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
1259 --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
1260 --with-openssl-lib-dir=DIR directory for LDAP library files
1261 --with-openssl-include-dir=DIR directory for LDAP include files
1262
1263 Some influential environment variables:
1264 CC C compiler command
1265 CFLAGS C compiler flags
1266 LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
1267 nonstandard directory <lib dir>
1268 LIBS libraries to pass to the linker, e.g. -l<library>
1269 CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
1270 you have headers in a nonstandard directory <include dir>
1271 CPP C preprocessor
1272
1273 Use these variables to override the choices made by `configure' or to help
1274 it to find libraries and programs with nonstandard names/locations.
1275
1276 Report bugs to the package provider.
1277 _ACEOF
1278 ac_status=$?
1279 fi
1280
1281 if test "$ac_init_help" = "recursive"; then
1282 # If there are subdirs, report their specific --help.
1283 for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
1284 test -d "$ac_dir" ||
1285 { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
1286 continue
1287 ac_builddir=.
1288
1289 case "$ac_dir" in
1290 .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
1291 *)
1292 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
1293 # A ".." for each directory in $ac_dir_suffix.
1294 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
1295 case $ac_top_builddir_sub in
1296 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
1297 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
1298 esac ;;
1299 esac
1300 ac_abs_top_builddir=$ac_pwd
1301 ac_abs_builddir=$ac_pwd$ac_dir_suffix
1302 # for backward compatibility:
1303 ac_top_builddir=$ac_top_build_prefix
1304
1305 case $srcdir in
1306 .) # We are building in place.
1307 ac_srcdir=.
1308 ac_top_srcdir=$ac_top_builddir_sub
1309 ac_abs_top_srcdir=$ac_pwd ;;
1310 [\\/]* | ?:[\\/]* ) # Absolute name.
1311 ac_srcdir=$srcdir$ac_dir_suffix;
1312 ac_top_srcdir=$srcdir
1313 ac_abs_top_srcdir=$srcdir ;;
1314 *) # Relative name.
1315 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
1316 ac_top_srcdir=$ac_top_build_prefix$srcdir
1317 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
1318 esac
1319 ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
1320
1321 cd "$ac_dir" || { ac_status=$?; continue; }
1322 # Check for guested configure.
1323 if test -f "$ac_srcdir/configure.gnu"; then
1324 echo &&
1325 $SHELL "$ac_srcdir/configure.gnu" --help=recursive
1326 elif test -f "$ac_srcdir/configure"; then
1327 echo &&
1328 $SHELL "$ac_srcdir/configure" --help=recursive
1329 else
1330 $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
1331 fi || ac_status=$?
1332 cd "$ac_pwd" || { ac_status=$?; break; }
1333 done
1334 fi
1335
1336 test -n "$ac_init_help" && exit $ac_status
1337 if $ac_init_version; then
1338 cat <<\_ACEOF
1339 configure
1340 generated by GNU Autoconf 2.69
1341
1342 Copyright (C) 2012 Free Software Foundation, Inc.
1343 This configure script is free software; the Free Software Foundation
1344 gives unlimited permission to copy, distribute and modify it.
1345 _ACEOF
1346 exit
1347 fi
1348
1349 ## ------------------------ ##
1350 ## Autoconf initialization. ##
1351 ## ------------------------ ##
1352
1353 # ac_fn_c_try_compile LINENO
1354 # --------------------------
1355 # Try to compile conftest.$ac_ext, and return whether this succeeded.
1356 ac_fn_c_try_compile ()
1357 {
1358 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1359 rm -f conftest.$ac_objext
1360 if { { ac_try="$ac_compile"
1361 case "(($ac_try" in
1362 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1363 *) ac_try_echo=$ac_try;;
1364 esac
1365 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1366 $as_echo "$ac_try_echo"; } >&5
1367 (eval "$ac_compile") 2>conftest.err
1368 ac_status=$?
1369 if test -s conftest.err; then
1370 grep -v '^ *+' conftest.err >conftest.er1
1371 cat conftest.er1 >&5
1372 mv -f conftest.er1 conftest.err
1373 fi
1374 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1375 test $ac_status = 0; } && {
1376 test -z "$ac_c_werror_flag" ||
1377 test ! -s conftest.err
1378 } && test -s conftest.$ac_objext; then :
1379 ac_retval=0
1380 else
1381 $as_echo "$as_me: failed program was:" >&5
1382 sed 's/^/| /' conftest.$ac_ext >&5
1383
1384 ac_retval=1
1385 fi
1386 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1387 as_fn_set_status $ac_retval
1388
1389 } # ac_fn_c_try_compile
1390
1391 # ac_fn_c_try_link LINENO
1392 # -----------------------
1393 # Try to link conftest.$ac_ext, and return whether this succeeded.
1394 ac_fn_c_try_link ()
1395 {
1396 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1397 rm -f conftest.$ac_objext conftest$ac_exeext
1398 if { { ac_try="$ac_link"
1399 case "(($ac_try" in
1400 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1401 *) ac_try_echo=$ac_try;;
1402 esac
1403 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1404 $as_echo "$ac_try_echo"; } >&5
1405 (eval "$ac_link") 2>conftest.err
1406 ac_status=$?
1407 if test -s conftest.err; then
1408 grep -v '^ *+' conftest.err >conftest.er1
1409 cat conftest.er1 >&5
1410 mv -f conftest.er1 conftest.err
1411 fi
1412 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1413 test $ac_status = 0; } && {
1414 test -z "$ac_c_werror_flag" ||
1415 test ! -s conftest.err
1416 } && test -s conftest$ac_exeext && {
1417 test "$cross_compiling" = yes ||
1418 test -x conftest$ac_exeext
1419 }; then :
1420 ac_retval=0
1421 else
1422 $as_echo "$as_me: failed program was:" >&5
1423 sed 's/^/| /' conftest.$ac_ext >&5
1424
1425 ac_retval=1
1426 fi
1427 # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
1428 # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
1429 # interfere with the next link command; also delete a directory that is
1430 # left behind by Apple's compiler. We do this before executing the actions.
1431 rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1432 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1433 as_fn_set_status $ac_retval
1434
1435 } # ac_fn_c_try_link
1436
1437 # ac_fn_c_try_cpp LINENO
1438 # ----------------------
1439 # Try to preprocess conftest.$ac_ext, and return whether this succeeded.
1440 ac_fn_c_try_cpp ()
1441 {
1442 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1443 if { { ac_try="$ac_cpp conftest.$ac_ext"
1444 case "(($ac_try" in
1445 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1446 *) ac_try_echo=$ac_try;;
1447 esac
1448 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1449 $as_echo "$ac_try_echo"; } >&5
1450 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
1451 ac_status=$?
1452 if test -s conftest.err; then
1453 grep -v '^ *+' conftest.err >conftest.er1
1454 cat conftest.er1 >&5
1455 mv -f conftest.er1 conftest.err
1456 fi
1457 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1458 test $ac_status = 0; } > conftest.i && {
1459 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
1460 test ! -s conftest.err
1461 }; then :
1462 ac_retval=0
1463 else
1464 $as_echo "$as_me: failed program was:" >&5
1465 sed 's/^/| /' conftest.$ac_ext >&5
1466
1467 ac_retval=1
1468 fi
1469 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1470 as_fn_set_status $ac_retval
1471
1472 } # ac_fn_c_try_cpp
1473 cat >config.log <<_ACEOF
1474 This file contains any messages produced by compilers while
1475 running configure, to aid debugging if configure makes a mistake.
1476
1477 It was created by $as_me, which was
1478 generated by GNU Autoconf 2.69. Invocation command line was
1479
1480 $ $0 $@
1481
1482 _ACEOF
1483 exec 5>>config.log
1484 {
1485 cat <<_ASUNAME
1486 ## --------- ##
1487 ## Platform. ##
1488 ## --------- ##
1489
1490 hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
1491 uname -m = `(uname -m) 2>/dev/null || echo unknown`
1492 uname -r = `(uname -r) 2>/dev/null || echo unknown`
1493 uname -s = `(uname -s) 2>/dev/null || echo unknown`
1494 uname -v = `(uname -v) 2>/dev/null || echo unknown`
1495
1496 /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
1497 /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
1498
1499 /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
1500 /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
1501 /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
1502 /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
1503 /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
1504 /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
1505 /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
1506
1507 _ASUNAME
1508
1509 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1510 for as_dir in $PATH
1511 do
1512 IFS=$as_save_IFS
1513 test -z "$as_dir" && as_dir=.
1514 $as_echo "PATH: $as_dir"
1515 done
1516 IFS=$as_save_IFS
1517
1518 } >&5
1519
1520 cat >&5 <<_ACEOF
1521
1522
1523 ## ----------- ##
1524 ## Core tests. ##
1525 ## ----------- ##
1526
1527 _ACEOF
1528
1529
1530 # Keep a trace of the command line.
1531 # Strip out --no-create and --no-recursion so they do not pile up.
1532 # Strip out --silent because we don't want to record it for future runs.
1533 # Also quote any args containing shell meta-characters.
1534 # Make two passes to allow for proper duplicate-argument suppression.
1535 ac_configure_args=
1536 ac_configure_args0=
1537 ac_configure_args1=
1538 ac_must_keep_next=false
1539 for ac_pass in 1 2
1540 do
1541 for ac_arg
1542 do
1543 case $ac_arg in
1544 -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
1545 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
1546 | -silent | --silent | --silen | --sile | --sil)
1547 continue ;;
1548 *\'*)
1549 ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
1550 esac
1551 case $ac_pass in
1552 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
1553 2)
1554 as_fn_append ac_configure_args1 " '$ac_arg'"
1555 if test $ac_must_keep_next = true; then
1556 ac_must_keep_next=false # Got value, back to normal.
1557 else
1558 case $ac_arg in
1559 *=* | --config-cache | -C | -disable-* | --disable-* \
1560 | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
1561 | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
1562 | -with-* | --with-* | -without-* | --without-* | --x)
1563 case "$ac_configure_args0 " in
1564 "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
1565 esac
1566 ;;
1567 -* ) ac_must_keep_next=true ;;
1568 esac
1569 fi
1570 as_fn_append ac_configure_args " '$ac_arg'"
1571 ;;
1572 esac
1573 done
1574 done
1575 { ac_configure_args0=; unset ac_configure_args0;}
1576 { ac_configure_args1=; unset ac_configure_args1;}
1577
1578 # When interrupted or exit'd, cleanup temporary files, and complete
1579 # config.log. We remove comments because anyway the quotes in there
1580 # would cause problems or look ugly.
1581 # WARNING: Use '\'' to represent an apostrophe within the trap.
1582 # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
1583 trap 'exit_status=$?
1584 # Save into config.log some information that might help in debugging.
1585 {
1586 echo
1587
1588 $as_echo "## ---------------- ##
1589 ## Cache variables. ##
1590 ## ---------------- ##"
1591 echo
1592 # The following way of writing the cache mishandles newlines in values,
1593 (
1594 for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
1595 eval ac_val=\$$ac_var
1596 case $ac_val in #(
1597 *${as_nl}*)
1598 case $ac_var in #(
1599 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
1600 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
1601 esac
1602 case $ac_var in #(
1603 _ | IFS | as_nl) ;; #(
1604 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
1605 *) { eval $ac_var=; unset $ac_var;} ;;
1606 esac ;;
1607 esac
1608 done
1609 (set) 2>&1 |
1610 case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
1611 *${as_nl}ac_space=\ *)
1612 sed -n \
1613 "s/'\''/'\''\\\\'\'''\''/g;
1614 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
1615 ;; #(
1616 *)
1617 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
1618 ;;
1619 esac |
1620 sort
1621 )
1622 echo
1623
1624 $as_echo "## ----------------- ##
1625 ## Output variables. ##
1626 ## ----------------- ##"
1627 echo
1628 for ac_var in $ac_subst_vars
1629 do
1630 eval ac_val=\$$ac_var
1631 case $ac_val in
1632 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
1633 esac
1634 $as_echo "$ac_var='\''$ac_val'\''"
1635 done | sort
1636 echo
1637
1638 if test -n "$ac_subst_files"; then
1639 $as_echo "## ------------------- ##
1640 ## File substitutions. ##
1641 ## ------------------- ##"
1642 echo
1643 for ac_var in $ac_subst_files
1644 do
1645 eval ac_val=\$$ac_var
1646 case $ac_val in
1647 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
1648 esac
1649 $as_echo "$ac_var='\''$ac_val'\''"
1650 done | sort
1651 echo
1652 fi
1653
1654 if test -s confdefs.h; then
1655 $as_echo "## ----------- ##
1656 ## confdefs.h. ##
1657 ## ----------- ##"
1658 echo
1659 cat confdefs.h
1660 echo
1661 fi
1662 test "$ac_signal" != 0 &&
1663 $as_echo "$as_me: caught signal $ac_signal"
1664 $as_echo "$as_me: exit $exit_status"
1665 } >&5
1666 rm -f core *.core core.conftest.* &&
1667 rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
1668 exit $exit_status
1669 ' 0
1670 for ac_signal in 1 2 13 15; do
1671 trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
1672 done
1673 ac_signal=0
1674
1675 # confdefs.h avoids OS command line length limits that DEFS can exceed.
1676 rm -f -r conftest* confdefs.h
1677
1678 $as_echo "/* confdefs.h */" > confdefs.h
1679
1680 # Predefined preprocessor variables.
1681
1682 cat >>confdefs.h <<_ACEOF
1683 #define PACKAGE_NAME "$PACKAGE_NAME"
1684 _ACEOF
1685
1686 cat >>confdefs.h <<_ACEOF
1687 #define PACKAGE_TARNAME "$PACKAGE_TARNAME"
1688 _ACEOF
1689
1690 cat >>confdefs.h <<_ACEOF
1691 #define PACKAGE_VERSION "$PACKAGE_VERSION"
1692 _ACEOF
1693
1694 cat >>confdefs.h <<_ACEOF
1695 #define PACKAGE_STRING "$PACKAGE_STRING"
1696 _ACEOF
1697
1698 cat >>confdefs.h <<_ACEOF
1699 #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
1700 _ACEOF
1701
1702 cat >>confdefs.h <<_ACEOF
1703 #define PACKAGE_URL "$PACKAGE_URL"
1704 _ACEOF
1705
1706
1707 # Let the site file select an alternate cache file if it wants to.
1708 # Prefer an explicitly selected file to automatically selected ones.
1709 ac_site_file1=NONE
1710 ac_site_file2=NONE
1711 if test -n "$CONFIG_SITE"; then
1712 # We do not want a PATH search for config.site.
1713 case $CONFIG_SITE in #((
1714 -*) ac_site_file1=./$CONFIG_SITE;;
1715 */*) ac_site_file1=$CONFIG_SITE;;
1716 *) ac_site_file1=./$CONFIG_SITE;;
1717 esac
1718 elif test "x$prefix" != xNONE; then
1719 ac_site_file1=$prefix/share/config.site
1720 ac_site_file2=$prefix/etc/config.site
1721 else
1722 ac_site_file1=$ac_default_prefix/share/config.site
1723 ac_site_file2=$ac_default_prefix/etc/config.site
1724 fi
1725 for ac_site_file in "$ac_site_file1" "$ac_site_file2"
1726 do
1727 test "x$ac_site_file" = xNONE && continue
1728 if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
1729 { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
1730 $as_echo "$as_me: loading site script $ac_site_file" >&6;}
1731 sed 's/^/| /' "$ac_site_file" >&5
1732 . "$ac_site_file" \
1733 || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
1734 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
1735 as_fn_error $? "failed to load site script $ac_site_file
1736 See \`config.log' for more details" "$LINENO" 5; }
1737 fi
1738 done
1739
1740 if test -r "$cache_file"; then
1741 # Some versions of bash will fail to source /dev/null (special files
1742 # actually), so we avoid doing that. DJGPP emulates it as a regular file.
1743 if test /dev/null != "$cache_file" && test -f "$cache_file"; then
1744 { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
1745 $as_echo "$as_me: loading cache $cache_file" >&6;}
1746 case $cache_file in
1747 [\\/]* | ?:[\\/]* ) . "$cache_file";;
1748 *) . "./$cache_file";;
1749 esac
1750 fi
1751 else
1752 { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
1753 $as_echo "$as_me: creating cache $cache_file" >&6;}
1754 >$cache_file
1755 fi
1756
1757 # Check that the precious variables saved in the cache have kept the same
1758 # value.
1759 ac_cache_corrupted=false
1760 for ac_var in $ac_precious_vars; do
1761 eval ac_old_set=\$ac_cv_env_${ac_var}_set
1762 eval ac_new_set=\$ac_env_${ac_var}_set
1763 eval ac_old_val=\$ac_cv_env_${ac_var}_value
1764 eval ac_new_val=\$ac_env_${ac_var}_value
1765 case $ac_old_set,$ac_new_set in
1766 set,)
1767 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
1768 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
1769 ac_cache_corrupted=: ;;
1770 ,set)
1771 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
1772 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
1773 ac_cache_corrupted=: ;;
1774 ,);;
1775 *)
1776 if test "x$ac_old_val" != "x$ac_new_val"; then
1777 # differences in whitespace do not lead to failure.
1778 ac_old_val_w=`echo x $ac_old_val`
1779 ac_new_val_w=`echo x $ac_new_val`
1780 if test "$ac_old_val_w" != "$ac_new_val_w"; then
1781 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
1782 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
1783 ac_cache_corrupted=:
1784 else
1785 { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
1786 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
1787 eval $ac_var=\$ac_old_val
1788 fi
1789 { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
1790 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
1791 { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
1792 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
1793 fi;;
1794 esac
1795 # Pass precious variables to config.status.
1796 if test "$ac_new_set" = set; then
1797 case $ac_new_val in
1798 *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
1799 *) ac_arg=$ac_var=$ac_new_val ;;
1800 esac
1801 case " $ac_configure_args " in
1802 *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
1803 *) as_fn_append ac_configure_args " '$ac_arg'" ;;
1804 esac
1805 fi
1806 done
1807 if $ac_cache_corrupted; then
1808 { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
1809 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
1810 { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
1811 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
1812 as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
1813 fi
1814 ## -------------------- ##
1815 ## Main body of script. ##
1816 ## -------------------- ##
1817
1818 ac_ext=c
1819 ac_cpp='$CPP $CPPFLAGS'
1820 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
1821 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
1822 ac_compiler_gnu=$ac_cv_c_compiler_gnu
1823
1824
1825
1826
1827
1828 mod_ldflags=
1829 mod_cflags=
1830
1831 if test x$with_rlm_eap_fast != xno; then
1832
1833 openssl_lib_dir=
1834
1835 # Check whether --with-openssl-lib-dir was given.
1836 if test "${with_openssl_lib_dir+set}" = set; then :
1837 withval=$with_openssl_lib_dir; case "$withval" in
1838 no)
1839 as_fn_error $? "Need openssl-lib-dir" "$LINENO" 5
1840 ;;
1841 yes)
1842 ;;
1843 *)
1844 openssl_lib_dir="$withval"
1845 ;;
1846 esac
1847
1848 fi
1849
1850
1851 openssl_include_dir=
1852
1853 # Check whether --with-openssl-include-dir was given.
1854 if test "${with_openssl_include_dir+set}" = set; then :
1855 withval=$with_openssl_include_dir; case "$withval" in
1856 no)
1857 as_fn_error $? "Need openssl-include-dir" "$LINENO" 5
1858 ;;
1859 yes)
1860 ;;
1861 *)
1862 openssl_include_dir="$withval"
1863 ;;
1864 esac
1865
1866 fi
1867
1868
1869
1870 smart_try_dir=$openssl_include_dir
1871 ac_ext=c
1872 ac_cpp='$CPP $CPPFLAGS'
1873 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
1874 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
1875 ac_compiler_gnu=$ac_cv_c_compiler_gnu
1876 if test -n "$ac_tool_prefix"; then
1877 # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
1878 set dummy ${ac_tool_prefix}gcc; ac_word=$2
1879 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
1880 $as_echo_n "checking for $ac_word... " >&6; }
1881 if ${ac_cv_prog_CC+:} false; then :
1882 $as_echo_n "(cached) " >&6
1883 else
1884 if test -n "$CC"; then
1885 ac_cv_prog_CC="$CC" # Let the user override the test.
1886 else
1887 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1888 for as_dir in $PATH
1889 do
1890 IFS=$as_save_IFS
1891 test -z "$as_dir" && as_dir=.
1892 for ac_exec_ext in '' $ac_executable_extensions; do
1893 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
1894 ac_cv_prog_CC="${ac_tool_prefix}gcc"
1895 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
1896 break 2
1897 fi
1898 done
1899 done
1900 IFS=$as_save_IFS
1901
1902 fi
1903 fi
1904 CC=$ac_cv_prog_CC
1905 if test -n "$CC"; then
1906 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
1907 $as_echo "$CC" >&6; }
1908 else
1909 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
1910 $as_echo "no" >&6; }
1911 fi
1912
1913
1914 fi
1915 if test -z "$ac_cv_prog_CC"; then
1916 ac_ct_CC=$CC
1917 # Extract the first word of "gcc", so it can be a program name with args.
1918 set dummy gcc; ac_word=$2
1919 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
1920 $as_echo_n "checking for $ac_word... " >&6; }
1921 if ${ac_cv_prog_ac_ct_CC+:} false; then :
1922 $as_echo_n "(cached) " >&6
1923 else
1924 if test -n "$ac_ct_CC"; then
1925 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
1926 else
1927 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1928 for as_dir in $PATH
1929 do
1930 IFS=$as_save_IFS
1931 test -z "$as_dir" && as_dir=.
1932 for ac_exec_ext in '' $ac_executable_extensions; do
1933 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
1934 ac_cv_prog_ac_ct_CC="gcc"
1935 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
1936 break 2
1937 fi
1938 done
1939 done
1940 IFS=$as_save_IFS
1941
1942 fi
1943 fi
1944 ac_ct_CC=$ac_cv_prog_ac_ct_CC
1945 if test -n "$ac_ct_CC"; then
1946 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
1947 $as_echo "$ac_ct_CC" >&6; }
1948 else
1949 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
1950 $as_echo "no" >&6; }
1951 fi
1952
1953 if test "x$ac_ct_CC" = x; then
1954 CC=""
1955 else
1956 case $cross_compiling:$ac_tool_warned in
1957 yes:)
1958 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
1959 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
1960 ac_tool_warned=yes ;;
1961 esac
1962 CC=$ac_ct_CC
1963 fi
1964 else
1965 CC="$ac_cv_prog_CC"
1966 fi
1967
1968 if test -z "$CC"; then
1969 if test -n "$ac_tool_prefix"; then
1970 # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
1971 set dummy ${ac_tool_prefix}cc; ac_word=$2
1972 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
1973 $as_echo_n "checking for $ac_word... " >&6; }
1974 if ${ac_cv_prog_CC+:} false; then :
1975 $as_echo_n "(cached) " >&6
1976 else
1977 if test -n "$CC"; then
1978 ac_cv_prog_CC="$CC" # Let the user override the test.
1979 else
1980 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1981 for as_dir in $PATH
1982 do
1983 IFS=$as_save_IFS
1984 test -z "$as_dir" && as_dir=.
1985 for ac_exec_ext in '' $ac_executable_extensions; do
1986 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
1987 ac_cv_prog_CC="${ac_tool_prefix}cc"
1988 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
1989 break 2
1990 fi
1991 done
1992 done
1993 IFS=$as_save_IFS
1994
1995 fi
1996 fi
1997 CC=$ac_cv_prog_CC
1998 if test -n "$CC"; then
1999 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2000 $as_echo "$CC" >&6; }
2001 else
2002 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2003 $as_echo "no" >&6; }
2004 fi
2005
2006
2007 fi
2008 fi
2009 if test -z "$CC"; then
2010 # Extract the first word of "cc", so it can be a program name with args.
2011 set dummy cc; ac_word=$2
2012 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2013 $as_echo_n "checking for $ac_word... " >&6; }
2014 if ${ac_cv_prog_CC+:} false; then :
2015 $as_echo_n "(cached) " >&6
2016 else
2017 if test -n "$CC"; then
2018 ac_cv_prog_CC="$CC" # Let the user override the test.
2019 else
2020 ac_prog_rejected=no
2021 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2022 for as_dir in $PATH
2023 do
2024 IFS=$as_save_IFS
2025 test -z "$as_dir" && as_dir=.
2026 for ac_exec_ext in '' $ac_executable_extensions; do
2027 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2028 if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
2029 ac_prog_rejected=yes
2030 continue
2031 fi
2032 ac_cv_prog_CC="cc"
2033 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2034 break 2
2035 fi
2036 done
2037 done
2038 IFS=$as_save_IFS
2039
2040 if test $ac_prog_rejected = yes; then
2041 # We found a bogon in the path, so make sure we never use it.
2042 set dummy $ac_cv_prog_CC
2043 shift
2044 if test $# != 0; then
2045 # We chose a different compiler from the bogus one.
2046 # However, it has the same basename, so the bogon will be chosen
2047 # first if we set CC to just the basename; use the full file name.
2048 shift
2049 ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
2050 fi
2051 fi
2052 fi
2053 fi
2054 CC=$ac_cv_prog_CC
2055 if test -n "$CC"; then
2056 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2057 $as_echo "$CC" >&6; }
2058 else
2059 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2060 $as_echo "no" >&6; }
2061 fi
2062
2063
2064 fi
2065 if test -z "$CC"; then
2066 if test -n "$ac_tool_prefix"; then
2067 for ac_prog in cl.exe
2068 do
2069 # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
2070 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
2071 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2072 $as_echo_n "checking for $ac_word... " >&6; }
2073 if ${ac_cv_prog_CC+:} false; then :
2074 $as_echo_n "(cached) " >&6
2075 else
2076 if test -n "$CC"; then
2077 ac_cv_prog_CC="$CC" # Let the user override the test.
2078 else
2079 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2080 for as_dir in $PATH
2081 do
2082 IFS=$as_save_IFS
2083 test -z "$as_dir" && as_dir=.
2084 for ac_exec_ext in '' $ac_executable_extensions; do
2085 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2086 ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
2087 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2088 break 2
2089 fi
2090 done
2091 done
2092 IFS=$as_save_IFS
2093
2094 fi
2095 fi
2096 CC=$ac_cv_prog_CC
2097 if test -n "$CC"; then
2098 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2099 $as_echo "$CC" >&6; }
2100 else
2101 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2102 $as_echo "no" >&6; }
2103 fi
2104
2105
2106 test -n "$CC" && break
2107 done
2108 fi
2109 if test -z "$CC"; then
2110 ac_ct_CC=$CC
2111 for ac_prog in cl.exe
2112 do
2113 # Extract the first word of "$ac_prog", so it can be a program name with args.
2114 set dummy $ac_prog; ac_word=$2
2115 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2116 $as_echo_n "checking for $ac_word... " >&6; }
2117 if ${ac_cv_prog_ac_ct_CC+:} false; then :
2118 $as_echo_n "(cached) " >&6
2119 else
2120 if test -n "$ac_ct_CC"; then
2121 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
2122 else
2123 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2124 for as_dir in $PATH
2125 do
2126 IFS=$as_save_IFS
2127 test -z "$as_dir" && as_dir=.
2128 for ac_exec_ext in '' $ac_executable_extensions; do
2129 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2130 ac_cv_prog_ac_ct_CC="$ac_prog"
2131 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2132 break 2
2133 fi
2134 done
2135 done
2136 IFS=$as_save_IFS
2137
2138 fi
2139 fi
2140 ac_ct_CC=$ac_cv_prog_ac_ct_CC
2141 if test -n "$ac_ct_CC"; then
2142 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
2143 $as_echo "$ac_ct_CC" >&6; }
2144 else
2145 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2146 $as_echo "no" >&6; }
2147 fi
2148
2149
2150 test -n "$ac_ct_CC" && break
2151 done
2152
2153 if test "x$ac_ct_CC" = x; then
2154 CC=""
2155 else
2156 case $cross_compiling:$ac_tool_warned in
2157 yes:)
2158 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
2159 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
2160 ac_tool_warned=yes ;;
2161 esac
2162 CC=$ac_ct_CC
2163 fi
2164 fi
2165
2166 fi
2167
2168
2169 test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2170 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2171 as_fn_error $? "no acceptable C compiler found in \$PATH
2172 See \`config.log' for more details" "$LINENO" 5; }
2173
2174 # Provide some information about the compiler.
2175 $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
2176 set X $ac_compile
2177 ac_compiler=$2
2178 for ac_option in --version -v -V -qversion; do
2179 { { ac_try="$ac_compiler $ac_option >&5"
2180 case "(($ac_try" in
2181 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2182 *) ac_try_echo=$ac_try;;
2183 esac
2184 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2185 $as_echo "$ac_try_echo"; } >&5
2186 (eval "$ac_compiler $ac_option >&5") 2>conftest.err
2187 ac_status=$?
2188 if test -s conftest.err; then
2189 sed '10a\
2190 ... rest of stderr output deleted ...
2191 10q' conftest.err >conftest.er1
2192 cat conftest.er1 >&5
2193 fi
2194 rm -f conftest.er1 conftest.err
2195 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2196 test $ac_status = 0; }
2197 done
2198
2199 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2200 /* end confdefs.h. */
2201
2202 int
2203 main ()
2204 {
2205
2206 ;
2207 return 0;
2208 }
2209 _ACEOF
2210 ac_clean_files_save=$ac_clean_files
2211 ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
2212 # Try to create an executable without -o first, disregard a.out.
2213 # It will help us diagnose broken compilers, and finding out an intuition
2214 # of exeext.
2215 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
2216 $as_echo_n "checking whether the C compiler works... " >&6; }
2217 ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
2218
2219 # The possible output files:
2220 ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
2221
2222 ac_rmfiles=
2223 for ac_file in $ac_files
2224 do
2225 case $ac_file in
2226 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
2227 * ) ac_rmfiles="$ac_rmfiles $ac_file";;
2228 esac
2229 done
2230 rm -f $ac_rmfiles
2231
2232 if { { ac_try="$ac_link_default"
2233 case "(($ac_try" in
2234 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2235 *) ac_try_echo=$ac_try;;
2236 esac
2237 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2238 $as_echo "$ac_try_echo"; } >&5
2239 (eval "$ac_link_default") 2>&5
2240 ac_status=$?
2241 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2242 test $ac_status = 0; }; then :
2243 # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
2244 # So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
2245 # in a Makefile. We should not override ac_cv_exeext if it was cached,
2246 # so that the user can short-circuit this test for compilers unknown to
2247 # Autoconf.
2248 for ac_file in $ac_files ''
2249 do
2250 test -f "$ac_file" || continue
2251 case $ac_file in
2252 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
2253 ;;
2254 [ab].out )
2255 # We found the default executable, but exeext='' is most
2256 # certainly right.
2257 break;;
2258 *.* )
2259 if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
2260 then :; else
2261 ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
2262 fi
2263 # We set ac_cv_exeext here because the later test for it is not
2264 # safe: cross compilers may not add the suffix if given an `-o'
2265 # argument, so we may need to know it at that point already.
2266 # Even if this section looks crufty: it has the advantage of
2267 # actually working.
2268 break;;
2269 * )
2270 break;;
2271 esac
2272 done
2273 test "$ac_cv_exeext" = no && ac_cv_exeext=
2274
2275 else
2276 ac_file=''
2277 fi
2278 if test -z "$ac_file"; then :
2279 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2280 $as_echo "no" >&6; }
2281 $as_echo "$as_me: failed program was:" >&5
2282 sed 's/^/| /' conftest.$ac_ext >&5
2283
2284 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2285 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2286 as_fn_error 77 "C compiler cannot create executables
2287 See \`config.log' for more details" "$LINENO" 5; }
2288 else
2289 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2290 $as_echo "yes" >&6; }
2291 fi
2292 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
2293 $as_echo_n "checking for C compiler default output file name... " >&6; }
2294 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
2295 $as_echo "$ac_file" >&6; }
2296 ac_exeext=$ac_cv_exeext
2297
2298 rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
2299 ac_clean_files=$ac_clean_files_save
2300 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
2301 $as_echo_n "checking for suffix of executables... " >&6; }
2302 if { { ac_try="$ac_link"
2303 case "(($ac_try" in
2304 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2305 *) ac_try_echo=$ac_try;;
2306 esac
2307 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2308 $as_echo "$ac_try_echo"; } >&5
2309 (eval "$ac_link") 2>&5
2310 ac_status=$?
2311 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2312 test $ac_status = 0; }; then :
2313 # If both `conftest.exe' and `conftest' are `present' (well, observable)
2314 # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
2315 # work properly (i.e., refer to `conftest.exe'), while it won't with
2316 # `rm'.
2317 for ac_file in conftest.exe conftest conftest.*; do
2318 test -f "$ac_file" || continue
2319 case $ac_file in
2320 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
2321 *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
2322 break;;
2323 * ) break;;
2324 esac
2325 done
2326 else
2327 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2328 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2329 as_fn_error $? "cannot compute suffix of executables: cannot compile and link
2330 See \`config.log' for more details" "$LINENO" 5; }
2331 fi
2332 rm -f conftest conftest$ac_cv_exeext
2333 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
2334 $as_echo "$ac_cv_exeext" >&6; }
2335
2336 rm -f conftest.$ac_ext
2337 EXEEXT=$ac_cv_exeext
2338 ac_exeext=$EXEEXT
2339 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2340 /* end confdefs.h. */
2341 #include <stdio.h>
2342 int
2343 main ()
2344 {
2345 FILE *f = fopen ("conftest.out", "w");
2346 return ferror (f) || fclose (f) != 0;
2347
2348 ;
2349 return 0;
2350 }
2351 _ACEOF
2352 ac_clean_files="$ac_clean_files conftest.out"
2353 # Check that the compiler produces executables we can run. If not, either
2354 # the compiler is broken, or we cross compile.
2355 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
2356 $as_echo_n "checking whether we are cross compiling... " >&6; }
2357 if test "$cross_compiling" != yes; then
2358 { { ac_try="$ac_link"
2359 case "(($ac_try" in
2360 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2361 *) ac_try_echo=$ac_try;;
2362 esac
2363 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2364 $as_echo "$ac_try_echo"; } >&5
2365 (eval "$ac_link") 2>&5
2366 ac_status=$?
2367 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2368 test $ac_status = 0; }
2369 if { ac_try='./conftest$ac_cv_exeext'
2370 { { case "(($ac_try" in
2371 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2372 *) ac_try_echo=$ac_try;;
2373 esac
2374 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2375 $as_echo "$ac_try_echo"; } >&5
2376 (eval "$ac_try") 2>&5
2377 ac_status=$?
2378 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2379 test $ac_status = 0; }; }; then
2380 cross_compiling=no
2381 else
2382 if test "$cross_compiling" = maybe; then
2383 cross_compiling=yes
2384 else
2385 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2386 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2387 as_fn_error $? "cannot run C compiled programs.
2388 If you meant to cross compile, use \`--host'.
2389 See \`config.log' for more details" "$LINENO" 5; }
2390 fi
2391 fi
2392 fi
2393 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
2394 $as_echo "$cross_compiling" >&6; }
2395
2396 rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
2397 ac_clean_files=$ac_clean_files_save
2398 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
2399 $as_echo_n "checking for suffix of object files... " >&6; }
2400 if ${ac_cv_objext+:} false; then :
2401 $as_echo_n "(cached) " >&6
2402 else
2403 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2404 /* end confdefs.h. */
2405
2406 int
2407 main ()
2408 {
2409
2410 ;
2411 return 0;
2412 }
2413 _ACEOF
2414 rm -f conftest.o conftest.obj
2415 if { { ac_try="$ac_compile"
2416 case "(($ac_try" in
2417 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2418 *) ac_try_echo=$ac_try;;
2419 esac
2420 eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2421 $as_echo "$ac_try_echo"; } >&5
2422 (eval "$ac_compile") 2>&5
2423 ac_status=$?
2424 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2425 test $ac_status = 0; }; then :
2426 for ac_file in conftest.o conftest.obj conftest.*; do
2427 test -f "$ac_file" || continue;
2428 case $ac_file in
2429 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
2430 *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
2431 break;;
2432 esac
2433 done
2434 else
2435 $as_echo "$as_me: failed program was:" >&5
2436 sed 's/^/| /' conftest.$ac_ext >&5
2437
2438 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2439 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2440 as_fn_error $? "cannot compute suffix of object files: cannot compile
2441 See \`config.log' for more details" "$LINENO" 5; }
2442 fi
2443 rm -f conftest.$ac_cv_objext conftest.$ac_ext
2444 fi
2445 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
2446 $as_echo "$ac_cv_objext" >&6; }
2447 OBJEXT=$ac_cv_objext
2448 ac_objext=$OBJEXT
2449 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
2450 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
2451 if ${ac_cv_c_compiler_gnu+:} false; then :
2452 $as_echo_n "(cached) " >&6
2453 else
2454 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2455 /* end confdefs.h. */
2456
2457 int
2458 main ()
2459 {
2460 #ifndef __GNUC__
2461 choke me
2462 #endif
2463
2464 ;
2465 return 0;
2466 }
2467 _ACEOF
2468 if ac_fn_c_try_compile "$LINENO"; then :
2469 ac_compiler_gnu=yes
2470 else
2471 ac_compiler_gnu=no
2472 fi
2473 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2474 ac_cv_c_compiler_gnu=$ac_compiler_gnu
2475
2476 fi
2477 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
2478 $as_echo "$ac_cv_c_compiler_gnu" >&6; }
2479 if test $ac_compiler_gnu = yes; then
2480 GCC=yes
2481 else
2482 GCC=
2483 fi
2484 ac_test_CFLAGS=${CFLAGS+set}
2485 ac_save_CFLAGS=$CFLAGS
2486 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
2487 $as_echo_n "checking whether $CC accepts -g... " >&6; }
2488 if ${ac_cv_prog_cc_g+:} false; then :
2489 $as_echo_n "(cached) " >&6
2490 else
2491 ac_save_c_werror_flag=$ac_c_werror_flag
2492 ac_c_werror_flag=yes
2493 ac_cv_prog_cc_g=no
2494 CFLAGS="-g"
2495 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2496 /* end confdefs.h. */
2497
2498 int
2499 main ()
2500 {
2501
2502 ;
2503 return 0;
2504 }
2505 _ACEOF
2506 if ac_fn_c_try_compile "$LINENO"; then :
2507 ac_cv_prog_cc_g=yes
2508 else
2509 CFLAGS=""
2510 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2511 /* end confdefs.h. */
2512
2513 int
2514 main ()
2515 {
2516
2517 ;
2518 return 0;
2519 }
2520 _ACEOF
2521 if ac_fn_c_try_compile "$LINENO"; then :
2522
2523 else
2524 ac_c_werror_flag=$ac_save_c_werror_flag
2525 CFLAGS="-g"
2526 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2527 /* end confdefs.h. */
2528
2529 int
2530 main ()
2531 {
2532
2533 ;
2534 return 0;
2535 }
2536 _ACEOF
2537 if ac_fn_c_try_compile "$LINENO"; then :
2538 ac_cv_prog_cc_g=yes
2539 fi
2540 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2541 fi
2542 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2543 fi
2544 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2545 ac_c_werror_flag=$ac_save_c_werror_flag
2546 fi
2547 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
2548 $as_echo "$ac_cv_prog_cc_g" >&6; }
2549 if test "$ac_test_CFLAGS" = set; then
2550 CFLAGS=$ac_save_CFLAGS
2551 elif test $ac_cv_prog_cc_g = yes; then
2552 if test "$GCC" = yes; then
2553 CFLAGS="-g -O2"
2554 else
2555 CFLAGS="-g"
2556 fi
2557 else
2558 if test "$GCC" = yes; then
2559 CFLAGS="-O2"
2560 else
2561 CFLAGS=
2562 fi
2563 fi
2564 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
2565 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
2566 if ${ac_cv_prog_cc_c89+:} false; then :
2567 $as_echo_n "(cached) " >&6
2568 else
2569 ac_cv_prog_cc_c89=no
2570 ac_save_CC=$CC
2571 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2572 /* end confdefs.h. */
2573 #include <stdarg.h>
2574 #include <stdio.h>
2575 struct stat;
2576 /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
2577 struct buf { int x; };
2578 FILE * (*rcsopen) (struct buf *, struct stat *, int);
2579 static char *e (p, i)
2580 char **p;
2581 int i;
2582 {
2583 return p[i];
2584 }
2585 static char *f (char * (*g) (char **, int), char **p, ...)
2586 {
2587 char *s;
2588 va_list v;
2589 va_start (v,p);
2590 s = g (p, va_arg (v,int));
2591 va_end (v);
2592 return s;
2593 }
2594
2595 /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
2596 function prototypes and stuff, but not '\xHH' hex character constants.
2597 These don't provoke an error unfortunately, instead are silently treated
2598 as 'x'. The following induces an error, until -std is added to get
2599 proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
2600 array size at least. It's necessary to write '\x00'==0 to get something
2601 that's true only with -std. */
2602 int osf4_cc_array ['\x00' == 0 ? 1 : -1];
2603
2604 /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
2605 inside strings and character constants. */
2606 #define FOO(x) 'x'
2607 int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
2608
2609 int test (int i, double x);
2610 struct s1 {int (*f) (int a);};
2611 struct s2 {int (*f) (double a);};
2612 int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
2613 int argc;
2614 char **argv;
2615 int
2616 main ()
2617 {
2618 return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
2619 ;
2620 return 0;
2621 }
2622 _ACEOF
2623 for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
2624 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
2625 do
2626 CC="$ac_save_CC $ac_arg"
2627 if ac_fn_c_try_compile "$LINENO"; then :
2628 ac_cv_prog_cc_c89=$ac_arg
2629 fi
2630 rm -f core conftest.err conftest.$ac_objext
2631 test "x$ac_cv_prog_cc_c89" != "xno" && break
2632 done
2633 rm -f conftest.$ac_ext
2634 CC=$ac_save_CC
2635
2636 fi
2637 # AC_CACHE_VAL
2638 case "x$ac_cv_prog_cc_c89" in
2639 x)
2640 { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
2641 $as_echo "none needed" >&6; } ;;
2642 xno)
2643 { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
2644 $as_echo "unsupported" >&6; } ;;
2645 *)
2646 CC="$CC $ac_cv_prog_cc_c89"
2647 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
2648 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
2649 esac
2650 if test "x$ac_cv_prog_cc_c89" != xno; then :
2651
2652 fi
2653
2654 ac_ext=c
2655 ac_cpp='$CPP $CPPFLAGS'
2656 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2657 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2658 ac_compiler_gnu=$ac_cv_c_compiler_gnu
2659
2660
2661
2662
2663 ac_safe=`echo "openssl/ec.h" | sed 'y%./+-%__pm%'`
2664 old_CPPFLAGS="$CPPFLAGS"
2665 smart_include=
2666 smart_include_dir="/usr/local/include /opt/include"
2667
2668 _smart_try_dir=
2669 _smart_include_dir=
2670
2671 for _prefix in $smart_prefix ""; do
2672 for _dir in $smart_try_dir; do
2673 _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
2674 done
2675
2676 for _dir in $smart_include_dir; do
2677 _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
2678 done
2679 done
2680
2681 if test "x$_smart_try_dir" != "x"; then
2682 for try in $_smart_try_dir; do
2683 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
2684 $as_echo_n "checking for openssl/ec.h in $try... " >&6; }
2685 CPPFLAGS="-isystem $try $old_CPPFLAGS"
2686 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2687 /* end confdefs.h. */
2688
2689 #include <openssl/ec.h>
2690 int
2691 main ()
2692 {
2693 int a = 1;
2694 ;
2695 return 0;
2696 }
2697 _ACEOF
2698 if ac_fn_c_try_compile "$LINENO"; then :
2699
2700 smart_include="-isystem $try"
2701 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2702 $as_echo "yes" >&6; }
2703 break
2704
2705 else
2706
2707 smart_include=
2708 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2709 $as_echo "no" >&6; }
2710
2711 fi
2712 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2713 done
2714 CPPFLAGS="$old_CPPFLAGS"
2715 fi
2716
2717 if test "x$smart_include" = "x"; then
2718 for _prefix in $smart_prefix; do
2719 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ec.h" >&5
2720 $as_echo_n "checking for ${_prefix}/openssl/ec.h... " >&6; }
2721
2722 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2723 /* end confdefs.h. */
2724
2725 #include <openssl/ec.h>
2726 int
2727 main ()
2728 {
2729 int a = 1;
2730 ;
2731 return 0;
2732 }
2733 _ACEOF
2734 if ac_fn_c_try_compile "$LINENO"; then :
2735
2736 smart_include="-isystem ${_prefix}/"
2737 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2738 $as_echo "yes" >&6; }
2739 break
2740
2741 else
2742
2743 smart_include=
2744 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2745 $as_echo "no" >&6; }
2746
2747 fi
2748 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2749 done
2750 fi
2751
2752 if test "x$smart_include" = "x"; then
2753 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h" >&5
2754 $as_echo_n "checking for openssl/ec.h... " >&6; }
2755
2756 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2757 /* end confdefs.h. */
2758
2759 #include <openssl/ec.h>
2760 int
2761 main ()
2762 {
2763 int a = 1;
2764 ;
2765 return 0;
2766 }
2767 _ACEOF
2768 if ac_fn_c_try_compile "$LINENO"; then :
2769
2770 smart_include=" "
2771 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2772 $as_echo "yes" >&6; }
2773 break
2774
2775 else
2776
2777 smart_include=
2778 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2779 $as_echo "no" >&6; }
2780
2781 fi
2782 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2783 fi
2784
2785 if test "x$smart_include" = "x"; then
2786
2787 for prefix in $smart_prefix; do
2788
2789
2790 if test "x$LOCATE" != "x"; then
2791 DIRS=
2792 file="${_prefix}/${1}"
2793
2794 for x in `${LOCATE} $file 2>/dev/null`; do
2795 base=`echo $x | sed "s%/${file}%%"`
2796 if test "x$x" = "x$base"; then
2797 continue;
2798 fi
2799
2800 dir=`${DIRNAME} $x 2>/dev/null`
2801 exclude=`echo ${dir} | ${GREP} /home`
2802 if test "x$exclude" != "x"; then
2803 continue
2804 fi
2805
2806 already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
2807 if test "x$already" = "x"; then
2808 DIRS="$DIRS $dir"
2809 fi
2810 done
2811 fi
2812
2813 eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
2814
2815 done
2816
2817
2818 if test "x$LOCATE" != "x"; then
2819 DIRS=
2820 file=openssl/ec.h
2821
2822 for x in `${LOCATE} $file 2>/dev/null`; do
2823 base=`echo $x | sed "s%/${file}%%"`
2824 if test "x$x" = "x$base"; then
2825 continue;
2826 fi
2827
2828 dir=`${DIRNAME} $x 2>/dev/null`
2829 exclude=`echo ${dir} | ${GREP} /home`
2830 if test "x$exclude" != "x"; then
2831 continue
2832 fi
2833
2834 already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}`
2835 if test "x$already" = "x"; then
2836 DIRS="$DIRS $dir"
2837 fi
2838 done
2839 fi
2840
2841 eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\""
2842
2843
2844 for try in $_smart_include_dir; do
2845 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
2846 $as_echo_n "checking for openssl/ec.h in $try... " >&6; }
2847 CPPFLAGS="-isystem $try $old_CPPFLAGS"
2848 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2849 /* end confdefs.h. */
2850
2851 #include <openssl/ec.h>
2852 int
2853 main ()
2854 {
2855 int a = 1;
2856 ;
2857 return 0;
2858 }
2859 _ACEOF
2860 if ac_fn_c_try_compile "$LINENO"; then :
2861
2862 smart_include="-isystem $try"
2863 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2864 $as_echo "yes" >&6; }
2865 break
2866
2867 else
2868
2869 smart_include=
2870 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2871 $as_echo "no" >&6; }
2872
2873 fi
2874 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2875 done
2876 CPPFLAGS="$old_CPPFLAGS"
2877 fi
2878
2879 if test "x$smart_include" != "x"; then
2880 eval "ac_cv_header_$ac_safe=yes"
2881 CPPFLAGS="$smart_include $old_CPPFLAGS"
2882 SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
2883 fi
2884
2885 smart_prefix=
2886
2887 if test "$ac_cv_header_openssl_ec_h" != "yes"; then
2888 fail="$fail openssl/ec.h"
2889 fi
2890
2891 smart_try_dir=$openssl_lib_dir
2892
2893
2894 sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
2895 sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'`
2896
2897 old_LIBS="$LIBS"
2898 old_CPPFLAGS="$CPPFLAGS"
2899 smart_lib=
2900 smart_ldflags=
2901 smart_lib_dir=
2902
2903 if test "x$smart_try_dir" != "x"; then
2904 for try in $smart_try_dir; do
2905 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
2906 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
2907 LIBS="-lcrypto $old_LIBS"
2908 CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
2909 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2910 /* end confdefs.h. */
2911 extern char EVP_CIPHER_CTX_new();
2912 int
2913 main ()
2914 {
2915 EVP_CIPHER_CTX_new()
2916 ;
2917 return 0;
2918 }
2919 _ACEOF
2920 if ac_fn_c_try_link "$LINENO"; then :
2921
2922 smart_lib="-lcrypto"
2923 smart_ldflags="-L$try -Wl,-rpath,$try"
2924 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2925 $as_echo "yes" >&6; }
2926 break
2927
2928 else
2929 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2930 $as_echo "no" >&6; }
2931 fi
2932 rm -f core conftest.err conftest.$ac_objext \
2933 conftest$ac_exeext conftest.$ac_ext
2934 done
2935 LIBS="$old_LIBS"
2936 CPPFLAGS="$old_CPPFLAGS"
2937 fi
2938
2939 if test "x$smart_lib" = "x"; then
2940 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5
2941 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; }
2942 LIBS="-lcrypto $old_LIBS"
2943 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2944 /* end confdefs.h. */
2945 extern char EVP_CIPHER_CTX_new();
2946 int
2947 main ()
2948 {
2949 EVP_CIPHER_CTX_new()
2950 ;
2951 return 0;
2952 }
2953 _ACEOF
2954 if ac_fn_c_try_link "$LINENO"; then :
2955
2956 smart_lib="-lcrypto"
2957 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2958 $as_echo "yes" >&6; }
2959
2960 else
2961 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2962 $as_echo "no" >&6; }
2963 fi
2964 rm -f core conftest.err conftest.$ac_objext \
2965 conftest$ac_exeext conftest.$ac_ext
2966 LIBS="$old_LIBS"
2967 fi
2968
2969 if test "x$smart_lib" = "x"; then
2970
2971
2972 if test "x$LOCATE" != "x"; then
2973 DIRS=
2974 file=libcrypto${libltdl_cv_shlibext}
2975
2976 for x in `${LOCATE} $file 2>/dev/null`; do
2977 base=`echo $x | sed "s%/${file}%%"`
2978 if test "x$x" = "x$base"; then
2979 continue;
2980 fi
2981
2982 dir=`${DIRNAME} $x 2>/dev/null`
2983 exclude=`echo ${dir} | ${GREP} /home`
2984 if test "x$exclude" != "x"; then
2985 continue
2986 fi
2987
2988 already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
2989 if test "x$already" = "x"; then
2990 DIRS="$DIRS $dir"
2991 fi
2992 done
2993 fi
2994
2995 eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
2996
2997
2998
2999 if test "x$LOCATE" != "x"; then
3000 DIRS=
3001 file=libcrypto.a
3002
3003 for x in `${LOCATE} $file 2>/dev/null`; do
3004 base=`echo $x | sed "s%/${file}%%"`
3005 if test "x$x" = "x$base"; then
3006 continue;
3007 fi
3008
3009 dir=`${DIRNAME} $x 2>/dev/null`
3010 exclude=`echo ${dir} | ${GREP} /home`
3011 if test "x$exclude" != "x"; then
3012 continue
3013 fi
3014
3015 already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}`
3016 if test "x$already" = "x"; then
3017 DIRS="$DIRS $dir"
3018 fi
3019 done
3020 fi
3021
3022 eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\""
3023
3024
3025 for try in $smart_lib_dir /usr/local/lib /opt/lib; do
3026 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
3027 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
3028 LIBS="-lcrypto $old_LIBS"
3029 CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
3030 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3031 /* end confdefs.h. */
3032 extern char EVP_CIPHER_CTX_new();
3033 int
3034 main ()
3035 {
3036 EVP_CIPHER_CTX_new()
3037 ;
3038 return 0;
3039 }
3040 _ACEOF
3041 if ac_fn_c_try_link "$LINENO"; then :
3042
3043 smart_lib="-lcrypto"
3044 smart_ldflags="-L$try -Wl,-rpath,$try"
3045 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3046 $as_echo "yes" >&6; }
3047 break
3048
3049 else
3050 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3051 $as_echo "no" >&6; }
3052 fi
3053 rm -f core conftest.err conftest.$ac_objext \
3054 conftest$ac_exeext conftest.$ac_ext
3055 done
3056 LIBS="$old_LIBS"
3057 CPPFLAGS="$old_CPPFLAGS"
3058 fi
3059
3060 if test "x$smart_lib" != "x"; then
3061 eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
3062 LIBS="$smart_ldflags $smart_lib $old_LIBS"
3063 SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
3064 fi
3065
3066 if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
3067 fail="libssl"
3068 fi
3069
3070 ac_ext=c
3071 ac_cpp='$CPP $CPPFLAGS'
3072 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3073 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3074 ac_compiler_gnu=$ac_cv_c_compiler_gnu
3075 { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
3076 $as_echo_n "checking how to run the C preprocessor... " >&6; }
3077 # On Suns, sometimes $CPP names a directory.
3078 if test -n "$CPP" && test -d "$CPP"; then
3079 CPP=
3080 fi
3081 if test -z "$CPP"; then
3082 if ${ac_cv_prog_CPP+:} false; then :
3083 $as_echo_n "(cached) " >&6
3084 else
3085 # Double quotes because CPP needs to be expanded
3086 for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
3087 do
3088 ac_preproc_ok=false
3089 for ac_c_preproc_warn_flag in '' yes
3090 do
3091 # Use a header file that comes with gcc, so configuring glibc
3092 # with a fresh cross-compiler works.
3093 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3094 # <limits.h> exists even on freestanding compilers.
3095 # On the NeXT, cc -E runs the code through the compiler's parser,
3096 # not just through cpp. "Syntax error" is here to catch this case.
3097 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3098 /* end confdefs.h. */
3099 #ifdef __STDC__
3100 # include <limits.h>
3101 #else
3102 # include <assert.h>
3103 #endif
3104 Syntax error
3105 _ACEOF
3106 if ac_fn_c_try_cpp "$LINENO"; then :
3107
3108 else
3109 # Broken: fails on valid input.
3110 continue
3111 fi
3112 rm -f conftest.err conftest.i conftest.$ac_ext
3113
3114 # OK, works on sane cases. Now check whether nonexistent headers
3115 # can be detected and how.
3116 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3117 /* end confdefs.h. */
3118 #include <ac_nonexistent.h>
3119 _ACEOF
3120 if ac_fn_c_try_cpp "$LINENO"; then :
3121 # Broken: success on invalid input.
3122 continue
3123 else
3124 # Passes both tests.
3125 ac_preproc_ok=:
3126 break
3127 fi
3128 rm -f conftest.err conftest.i conftest.$ac_ext
3129
3130 done
3131 # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3132 rm -f conftest.i conftest.err conftest.$ac_ext
3133 if $ac_preproc_ok; then :
3134 break
3135 fi
3136
3137 done
3138 ac_cv_prog_CPP=$CPP
3139
3140 fi
3141 CPP=$ac_cv_prog_CPP
3142 else
3143 ac_cv_prog_CPP=$CPP
3144 fi
3145 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
3146 $as_echo "$CPP" >&6; }
3147 ac_preproc_ok=false
3148 for ac_c_preproc_warn_flag in '' yes
3149 do
3150 # Use a header file that comes with gcc, so configuring glibc
3151 # with a fresh cross-compiler works.
3152 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3153 # <limits.h> exists even on freestanding compilers.
3154 # On the NeXT, cc -E runs the code through the compiler's parser,
3155 # not just through cpp. "Syntax error" is here to catch this case.
3156 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3157 /* end confdefs.h. */
3158 #ifdef __STDC__
3159 # include <limits.h>
3160 #else
3161 # include <assert.h>
3162 #endif
3163 Syntax error
3164 _ACEOF
3165 if ac_fn_c_try_cpp "$LINENO"; then :
3166
3167 else
3168 # Broken: fails on valid input.
3169 continue
3170 fi
3171 rm -f conftest.err conftest.i conftest.$ac_ext
3172
3173 # OK, works on sane cases. Now check whether nonexistent headers
3174 # can be detected and how.
3175 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3176 /* end confdefs.h. */
3177 #include <ac_nonexistent.h>
3178 _ACEOF
3179 if ac_fn_c_try_cpp "$LINENO"; then :
3180 # Broken: success on invalid input.
3181 continue
3182 else
3183 # Passes both tests.
3184 ac_preproc_ok=:
3185 break
3186 fi
3187 rm -f conftest.err conftest.i conftest.$ac_ext
3188
3189 done
3190 # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3191 rm -f conftest.i conftest.err conftest.$ac_ext
3192 if $ac_preproc_ok; then :
3193
3194 else
3195 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3196 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3197 as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
3198 See \`config.log' for more details" "$LINENO" 5; }
3199 fi
3200
3201 ac_ext=c
3202 ac_cpp='$CPP $CPPFLAGS'
3203 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3204 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3205 ac_compiler_gnu=$ac_cv_c_compiler_gnu
3206
3207
3208 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
3209 $as_echo_n "checking for grep that handles long lines and -e... " >&6; }
3210 if ${ac_cv_path_GREP+:} false; then :
3211 $as_echo_n "(cached) " >&6
3212 else
3213 if test -z "$GREP"; then
3214 ac_path_GREP_found=false
3215 # Loop through the user's path and test for each of PROGNAME-LIST
3216 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3217 for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3218 do
3219 IFS=$as_save_IFS
3220 test -z "$as_dir" && as_dir=.
3221 for ac_prog in grep ggrep; do
3222 for ac_exec_ext in '' $ac_executable_extensions; do
3223 ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
3224 as_fn_executable_p "$ac_path_GREP" || continue
3225 # Check for GNU ac_path_GREP and select it if it is found.
3226 # Check for GNU $ac_path_GREP
3227 case `"$ac_path_GREP" --version 2>&1` in
3228 *GNU*)
3229 ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
3230 *)
3231 ac_count=0
3232 $as_echo_n 0123456789 >"conftest.in"
3233 while :
3234 do
3235 cat "conftest.in" "conftest.in" >"conftest.tmp"
3236 mv "conftest.tmp" "conftest.in"
3237 cp "conftest.in" "conftest.nl"
3238 $as_echo 'GREP' >> "conftest.nl"
3239 "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3240 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3241 as_fn_arith $ac_count + 1 && ac_count=$as_val
3242 if test $ac_count -gt ${ac_path_GREP_max-0}; then
3243 # Best one so far, save it but keep looking for a better one
3244 ac_cv_path_GREP="$ac_path_GREP"
3245 ac_path_GREP_max=$ac_count
3246 fi
3247 # 10*(2^10) chars as input seems more than enough
3248 test $ac_count -gt 10 && break
3249 done
3250 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3251 esac
3252
3253 $ac_path_GREP_found && break 3
3254 done
3255 done
3256 done
3257 IFS=$as_save_IFS
3258 if test -z "$ac_cv_path_GREP"; then
3259 as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3260 fi
3261 else
3262 ac_cv_path_GREP=$GREP
3263 fi
3264
3265 fi
3266 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
3267 $as_echo "$ac_cv_path_GREP" >&6; }
3268 GREP="$ac_cv_path_GREP"
3269
3270
3271 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
3272 $as_echo_n "checking for egrep... " >&6; }
3273 if ${ac_cv_path_EGREP+:} false; then :
3274 $as_echo_n "(cached) " >&6
3275 else
3276 if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
3277 then ac_cv_path_EGREP="$GREP -E"
3278 else
3279 if test -z "$EGREP"; then
3280 ac_path_EGREP_found=false
3281 # Loop through the user's path and test for each of PROGNAME-LIST
3282 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3283 for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3284 do
3285 IFS=$as_save_IFS
3286 test -z "$as_dir" && as_dir=.
3287 for ac_prog in egrep; do
3288 for ac_exec_ext in '' $ac_executable_extensions; do
3289 ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
3290 as_fn_executable_p "$ac_path_EGREP" || continue
3291 # Check for GNU ac_path_EGREP and select it if it is found.
3292 # Check for GNU $ac_path_EGREP
3293 case `"$ac_path_EGREP" --version 2>&1` in
3294 *GNU*)
3295 ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
3296 *)
3297 ac_count=0
3298 $as_echo_n 0123456789 >"conftest.in"
3299 while :
3300 do
3301 cat "conftest.in" "conftest.in" >"conftest.tmp"
3302 mv "conftest.tmp" "conftest.in"
3303 cp "conftest.in" "conftest.nl"
3304 $as_echo 'EGREP' >> "conftest.nl"
3305 "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3306 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3307 as_fn_arith $ac_count + 1 && ac_count=$as_val
3308 if test $ac_count -gt ${ac_path_EGREP_max-0}; then
3309 # Best one so far, save it but keep looking for a better one
3310 ac_cv_path_EGREP="$ac_path_EGREP"
3311 ac_path_EGREP_max=$ac_count
3312 fi
3313 # 10*(2^10) chars as input seems more than enough
3314 test $ac_count -gt 10 && break
3315 done
3316 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3317 esac
3318
3319 $ac_path_EGREP_found && break 3
3320 done
3321 done
3322 done
3323 IFS=$as_save_IFS
3324 if test -z "$ac_cv_path_EGREP"; then
3325 as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3326 fi
3327 else
3328 ac_cv_path_EGREP=$EGREP
3329 fi
3330
3331 fi
3332 fi
3333 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
3334 $as_echo "$ac_cv_path_EGREP" >&6; }
3335 EGREP="$ac_cv_path_EGREP"
3336
3337
3338 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3339 /* end confdefs.h. */
3340 #include <openssl/crypto.h>
3341 #if (OPENSSL_VERSION_NUMBER >= 0x01000100fL)
3342 yes
3343 #endif
3344
3345 _ACEOF
3346 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
3347 $EGREP "yes" >/dev/null 2>&1; then :
3348
3349 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.0.1a" >&5
3350 $as_echo_n "checking for OpenSSL version >= 1.0.1a... " >&6; }
3351 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3352 $as_echo "yes" >&6; }
3353
3354 else
3355
3356 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.0.1a" >&5
3357 $as_echo_n "checking for OpenSSL version >= 1.0.1a... " >&6; }
3358 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3359 $as_echo "no" >&6; }
3360 fail="openssl>1.0.1"
3361
3362
3363 fi
3364 rm -f conftest*
3365
3366
3367 targetname=rlm_eap_fast
3368 else
3369 targetname=
3370 echo \*\*\* module rlm_eap_fast is disabled.
3371 fi
3372
3373 if test x"$fail" != x""; then
3374 if test x"${enable_strict_dependencies}" = x"yes"; then
3375 as_fn_error $? "set --without-rlm_eap_fast to disable it explicitly." "$LINENO" 5
3376 else
3377 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_fast." >&5
3378 $as_echo "$as_me: WARNING: silently not building rlm_eap_fast." >&2;}
3379 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_fast requires: $fail." >&5
3380 $as_echo "$as_me: WARNING: FAILURE: rlm_eap_fast requires: $fail." >&2;}
3381 targetname=""
3382 fi
3383 fi
3384
3385
3386
3387
3388
3389 unset ac_cv_env_LIBS_set
3390 unset ac_cv_env_LIBS_value
3391
3392 ac_config_files="$ac_config_files all.mk"
3393
3394 cat >confcache <<\_ACEOF
3395 # This file is a shell script that caches the results of configure
3396 # tests run on this system so they can be shared between configure
3397 # scripts and configure runs, see configure's option --config-cache.
3398 # It is not useful on other systems. If it contains results you don't
3399 # want to keep, you may remove or edit it.
3400 #
3401 # config.status only pays attention to the cache file if you give it
3402 # the --recheck option to rerun configure.
3403 #
3404 # `ac_cv_env_foo' variables (set or unset) will be overridden when
3405 # loading this file, other *unset* `ac_cv_foo' will be assigned the
3406 # following values.
3407
3408 _ACEOF
3409
3410 # The following way of writing the cache mishandles newlines in values,
3411 # but we know of no workaround that is simple, portable, and efficient.
3412 # So, we kill variables containing newlines.
3413 # Ultrix sh set writes to stderr and can't be redirected directly,
3414 # and sets the high bit in the cache file unless we assign to the vars.
3415 (
3416 for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
3417 eval ac_val=\$$ac_var
3418 case $ac_val in #(
3419 *${as_nl}*)
3420 case $ac_var in #(
3421 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
3422 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
3423 esac
3424 case $ac_var in #(
3425 _ | IFS | as_nl) ;; #(
3426 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
3427 *) { eval $ac_var=; unset $ac_var;} ;;
3428 esac ;;
3429 esac
3430 done
3431
3432 (set) 2>&1 |
3433 case $as_nl`(ac_space=' '; set) 2>&1` in #(
3434 *${as_nl}ac_space=\ *)
3435 # `set' does not quote correctly, so add quotes: double-quote
3436 # substitution turns \\\\ into \\, and sed turns \\ into \.
3437 sed -n \
3438 "s/'/'\\\\''/g;
3439 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
3440 ;; #(
3441 *)
3442 # `set' quotes correctly as required by POSIX, so do not add quotes.
3443 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
3444 ;;
3445 esac |
3446 sort
3447 ) |
3448 sed '
3449 /^ac_cv_env_/b end
3450 t clear
3451 :clear
3452 s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
3453 t end
3454 s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
3455 :end' >>confcache
3456 if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
3457 if test -w "$cache_file"; then
3458 if test "x$cache_file" != "x/dev/null"; then
3459 { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
3460 $as_echo "$as_me: updating cache $cache_file" >&6;}
3461 if test ! -f "$cache_file" || test -h "$cache_file"; then
3462 cat confcache >"$cache_file"
3463 else
3464 case $cache_file in #(
3465 */* | ?:*)
3466 mv -f confcache "$cache_file"$$ &&
3467 mv -f "$cache_file"$$ "$cache_file" ;; #(
3468 *)
3469 mv -f confcache "$cache_file" ;;
3470 esac
3471 fi
3472 fi
3473 else
3474 { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
3475 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
3476 fi
3477 fi
3478 rm -f confcache
3479
3480 test "x$prefix" = xNONE && prefix=$ac_default_prefix
3481 # Let make expand exec_prefix.
3482 test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
3483
3484 # Transform confdefs.h into DEFS.
3485 # Protect against shell expansion while executing Makefile rules.
3486 # Protect against Makefile macro expansion.
3487 #
3488 # If the first sed substitution is executed (which looks for macros that
3489 # take arguments), then branch to the quote section. Otherwise,
3490 # look for a macro that doesn't take arguments.
3491 ac_script='
3492 :mline
3493 /\\$/{
3494 N
3495 s,\\\n,,
3496 b mline
3497 }
3498 t clear
3499 :clear
3500 s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
3501 t quote
3502 s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
3503 t quote
3504 b any
3505 :quote
3506 s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
3507 s/\[/\\&/g
3508 s/\]/\\&/g
3509 s/\$/$$/g
3510 H
3511 :any
3512 ${
3513 g
3514 s/^\n//
3515 s/\n/ /g
3516 p
3517 }
3518 '
3519 DEFS=`sed -n "$ac_script" confdefs.h`
3520
3521
3522 ac_libobjs=
3523 ac_ltlibobjs=
3524 U=
3525 for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
3526 # 1. Remove the extension, and $U if already installed.
3527 ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
3528 ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
3529 # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
3530 # will be set to the directory where LIBOBJS objects are built.
3531 as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
3532 as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
3533 done
3534 LIBOBJS=$ac_libobjs
3535
3536 LTLIBOBJS=$ac_ltlibobjs
3537
3538
3539
3540 : "${CONFIG_STATUS=./config.status}"
3541 ac_write_fail=0
3542 ac_clean_files_save=$ac_clean_files
3543 ac_clean_files="$ac_clean_files $CONFIG_STATUS"
3544 { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
3545 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
3546 as_write_fail=0
3547 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
3548 #! $SHELL
3549 # Generated by $as_me.
3550 # Run this file to recreate the current configuration.
3551 # Compiler output produced by configure, useful for debugging
3552 # configure, is in config.log if it exists.
3553
3554 debug=false
3555 ac_cs_recheck=false
3556 ac_cs_silent=false
3557
3558 SHELL=\${CONFIG_SHELL-$SHELL}
3559 export SHELL
3560 _ASEOF
3561 cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
3562 ## -------------------- ##
3563 ## M4sh Initialization. ##
3564 ## -------------------- ##
3565
3566 # Be more Bourne compatible
3567 DUALCASE=1; export DUALCASE # for MKS sh
3568 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
3569 emulate sh
3570 NULLCMD=:
3571 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
3572 # is contrary to our usage. Disable this feature.
3573 alias -g '${1+"$@"}'='"$@"'
3574 setopt NO_GLOB_SUBST
3575 else
3576 case `(set -o) 2>/dev/null` in #(
3577 *posix*) :
3578 set -o posix ;; #(
3579 *) :
3580 ;;
3581 esac
3582 fi
3583
3584
3585 as_nl='
3586 '
3587 export as_nl
3588 # Printing a long string crashes Solaris 7 /usr/bin/printf.
3589 as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
3590 as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
3591 as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
3592 # Prefer a ksh shell builtin over an external printf program on Solaris,
3593 # but without wasting forks for bash or zsh.
3594 if test -z "$BASH_VERSION$ZSH_VERSION" \
3595 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
3596 as_echo='print -r --'
3597 as_echo_n='print -rn --'
3598 elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
3599 as_echo='printf %s\n'
3600 as_echo_n='printf %s'
3601 else
3602 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
3603 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
3604 as_echo_n='/usr/ucb/echo -n'
3605 else
3606 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
3607 as_echo_n_body='eval
3608 arg=$1;
3609 case $arg in #(
3610 *"$as_nl"*)
3611 expr "X$arg" : "X\\(.*\\)$as_nl";
3612 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
3613 esac;
3614 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
3615 '
3616 export as_echo_n_body
3617 as_echo_n='sh -c $as_echo_n_body as_echo'
3618 fi
3619 export as_echo_body
3620 as_echo='sh -c $as_echo_body as_echo'
3621 fi
3622
3623 # The user is always right.
3624 if test "${PATH_SEPARATOR+set}" != set; then
3625 PATH_SEPARATOR=:
3626 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
3627 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
3628 PATH_SEPARATOR=';'
3629 }
3630 fi
3631
3632
3633 # IFS
3634 # We need space, tab and new line, in precisely that order. Quoting is
3635 # there to prevent editors from complaining about space-tab.
3636 # (If _AS_PATH_WALK were called with IFS unset, it would disable word
3637 # splitting by setting IFS to empty value.)
3638 IFS=" "" $as_nl"
3639
3640 # Find who we are. Look in the path if we contain no directory separator.
3641 as_myself=
3642 case $0 in #((
3643 *[\\/]* ) as_myself=$0 ;;
3644 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3645 for as_dir in $PATH
3646 do
3647 IFS=$as_save_IFS
3648 test -z "$as_dir" && as_dir=.
3649 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
3650 done
3651 IFS=$as_save_IFS
3652
3653 ;;
3654 esac
3655 # We did not find ourselves, most probably we were run as `sh COMMAND'
3656 # in which case we are not to be found in the path.
3657 if test "x$as_myself" = x; then
3658 as_myself=$0
3659 fi
3660 if test ! -f "$as_myself"; then
3661 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
3662 exit 1
3663 fi
3664
3665 # Unset variables that we do not need and which cause bugs (e.g. in
3666 # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
3667 # suppresses any "Segmentation fault" message there. '((' could
3668 # trigger a bug in pdksh 5.2.14.
3669 for as_var in BASH_ENV ENV MAIL MAILPATH
3670 do eval test x\${$as_var+set} = xset \
3671 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
3672 done
3673 PS1='$ '
3674 PS2='> '
3675 PS4='+ '
3676
3677 # NLS nuisances.
3678 LC_ALL=C
3679 export LC_ALL
3680 LANGUAGE=C
3681 export LANGUAGE
3682
3683 # CDPATH.
3684 (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
3685
3686
3687 # as_fn_error STATUS ERROR [LINENO LOG_FD]
3688 # ----------------------------------------
3689 # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
3690 # provided, also output the error to LOG_FD, referencing LINENO. Then exit the
3691 # script with STATUS, using 1 if that was 0.
3692 as_fn_error ()
3693 {
3694 as_status=$1; test $as_status -eq 0 && as_status=1
3695 if test "$4"; then
3696 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
3697 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
3698 fi
3699 $as_echo "$as_me: error: $2" >&2
3700 as_fn_exit $as_status
3701 } # as_fn_error
3702
3703
3704 # as_fn_set_status STATUS
3705 # -----------------------
3706 # Set $? to STATUS, without forking.
3707 as_fn_set_status ()
3708 {
3709 return $1
3710 } # as_fn_set_status
3711
3712 # as_fn_exit STATUS
3713 # -----------------
3714 # Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
3715 as_fn_exit ()
3716 {
3717 set +e
3718 as_fn_set_status $1
3719 exit $1
3720 } # as_fn_exit
3721
3722 # as_fn_unset VAR
3723 # ---------------
3724 # Portably unset VAR.
3725 as_fn_unset ()
3726 {
3727 { eval $1=; unset $1;}
3728 }
3729 as_unset=as_fn_unset
3730 # as_fn_append VAR VALUE
3731 # ----------------------
3732 # Append the text in VALUE to the end of the definition contained in VAR. Take
3733 # advantage of any shell optimizations that allow amortized linear growth over
3734 # repeated appends, instead of the typical quadratic growth present in naive
3735 # implementations.
3736 if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
3737 eval 'as_fn_append ()
3738 {
3739 eval $1+=\$2
3740 }'
3741 else
3742 as_fn_append ()
3743 {
3744 eval $1=\$$1\$2
3745 }
3746 fi # as_fn_append
3747
3748 # as_fn_arith ARG...
3749 # ------------------
3750 # Perform arithmetic evaluation on the ARGs, and store the result in the
3751 # global $as_val. Take advantage of shells that can avoid forks. The arguments
3752 # must be portable across $(()) and expr.
3753 if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
3754 eval 'as_fn_arith ()
3755 {
3756 as_val=$(( $* ))
3757 }'
3758 else
3759 as_fn_arith ()
3760 {
3761 as_val=`expr "$@" || test $? -eq 1`
3762 }
3763 fi # as_fn_arith
3764
3765
3766 if expr a : '\(a\)' >/dev/null 2>&1 &&
3767 test "X`expr 00001 : '.*\(...\)'`" = X001; then
3768 as_expr=expr
3769 else
3770 as_expr=false
3771 fi
3772
3773 if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
3774 as_basename=basename
3775 else
3776 as_basename=false
3777 fi
3778
3779 if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
3780 as_dirname=dirname
3781 else
3782 as_dirname=false
3783 fi
3784
3785 as_me=`$as_basename -- "$0" ||
3786 $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
3787 X"$0" : 'X\(//\)$' \| \
3788 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
3789 $as_echo X/"$0" |
3790 sed '/^.*\/\([^/][^/]*\)\/*$/{
3791 s//\1/
3792 q
3793 }
3794 /^X\/\(\/\/\)$/{
3795 s//\1/
3796 q
3797 }
3798 /^X\/\(\/\).*/{
3799 s//\1/
3800 q
3801 }
3802 s/.*/./; q'`
3803
3804 # Avoid depending upon Character Ranges.
3805 as_cr_letters='abcdefghijklmnopqrstuvwxyz'
3806 as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
3807 as_cr_Letters=$as_cr_letters$as_cr_LETTERS
3808 as_cr_digits='0123456789'
3809 as_cr_alnum=$as_cr_Letters$as_cr_digits
3810
3811 ECHO_C= ECHO_N= ECHO_T=
3812 case `echo -n x` in #(((((
3813 -n*)
3814 case `echo 'xy\c'` in
3815 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
3816 xy) ECHO_C='\c';;
3817 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
3818 ECHO_T=' ';;
3819 esac;;
3820 *)
3821 ECHO_N='-n';;
3822 esac
3823
3824 rm -f conf$$ conf$$.exe conf$$.file
3825 if test -d conf$$.dir; then
3826 rm -f conf$$.dir/conf$$.file
3827 else
3828 rm -f conf$$.dir
3829 mkdir conf$$.dir 2>/dev/null
3830 fi
3831 if (echo >conf$$.file) 2>/dev/null; then
3832 if ln -s conf$$.file conf$$ 2>/dev/null; then
3833 as_ln_s='ln -s'
3834 # ... but there are two gotchas:
3835 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
3836 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
3837 # In both cases, we have to default to `cp -pR'.
3838 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
3839 as_ln_s='cp -pR'
3840 elif ln conf$$.file conf$$ 2>/dev/null; then
3841 as_ln_s=ln
3842 else
3843 as_ln_s='cp -pR'
3844 fi
3845 else
3846 as_ln_s='cp -pR'
3847 fi
3848 rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
3849 rmdir conf$$.dir 2>/dev/null
3850
3851
3852 # as_fn_mkdir_p
3853 # -------------
3854 # Create "$as_dir" as a directory, including parents if necessary.
3855 as_fn_mkdir_p ()
3856 {
3857
3858 case $as_dir in #(
3859 -*) as_dir=./$as_dir;;
3860 esac
3861 test -d "$as_dir" || eval $as_mkdir_p || {
3862 as_dirs=
3863 while :; do
3864 case $as_dir in #(
3865 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
3866 *) as_qdir=$as_dir;;
3867 esac
3868 as_dirs="'$as_qdir' $as_dirs"
3869 as_dir=`$as_dirname -- "$as_dir" ||
3870 $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
3871 X"$as_dir" : 'X\(//\)[^/]' \| \
3872 X"$as_dir" : 'X\(//\)$' \| \
3873 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
3874 $as_echo X"$as_dir" |
3875 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
3876 s//\1/
3877 q
3878 }
3879 /^X\(\/\/\)[^/].*/{
3880 s//\1/
3881 q
3882 }
3883 /^X\(\/\/\)$/{
3884 s//\1/
3885 q
3886 }
3887 /^X\(\/\).*/{
3888 s//\1/
3889 q
3890 }
3891 s/.*/./; q'`
3892 test -d "$as_dir" && break
3893 done
3894 test -z "$as_dirs" || eval "mkdir $as_dirs"
3895 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
3896
3897
3898 } # as_fn_mkdir_p
3899 if mkdir -p . 2>/dev/null; then
3900 as_mkdir_p='mkdir -p "$as_dir"'
3901 else
3902 test -d ./-p && rmdir ./-p
3903 as_mkdir_p=false
3904 fi
3905
3906
3907 # as_fn_executable_p FILE
3908 # -----------------------
3909 # Test if FILE is an executable regular file.
3910 as_fn_executable_p ()
3911 {
3912 test -f "$1" && test -x "$1"
3913 } # as_fn_executable_p
3914 as_test_x='test -x'
3915 as_executable_p=as_fn_executable_p
3916
3917 # Sed expression to map a string onto a valid CPP name.
3918 as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
3919
3920 # Sed expression to map a string onto a valid variable name.
3921 as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
3922
3923
3924 exec 6>&1
3925 ## ----------------------------------- ##
3926 ## Main body of $CONFIG_STATUS script. ##
3927 ## ----------------------------------- ##
3928 _ASEOF
3929 test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
3930
3931 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
3932 # Save the log message, to keep $0 and so on meaningful, and to
3933 # report actual input values of CONFIG_FILES etc. instead of their
3934 # values after options handling.
3935 ac_log="
3936 This file was extended by $as_me, which was
3937 generated by GNU Autoconf 2.69. Invocation command line was
3938
3939 CONFIG_FILES = $CONFIG_FILES
3940 CONFIG_HEADERS = $CONFIG_HEADERS
3941 CONFIG_LINKS = $CONFIG_LINKS
3942 CONFIG_COMMANDS = $CONFIG_COMMANDS
3943 $ $0 $@
3944
3945 on `(hostname || uname -n) 2>/dev/null | sed 1q`
3946 "
3947
3948 _ACEOF
3949
3950 case $ac_config_files in *"
3951 "*) set x $ac_config_files; shift; ac_config_files=$*;;
3952 esac
3953
3954
3955
3956 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
3957 # Files that config.status was made for.
3958 config_files="$ac_config_files"
3959
3960 _ACEOF
3961
3962 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
3963 ac_cs_usage="\
3964 \`$as_me' instantiates files and other configuration actions
3965 from templates according to the current configuration. Unless the files
3966 and actions are specified as TAGs, all are instantiated by default.
3967
3968 Usage: $0 [OPTION]... [TAG]...
3969
3970 -h, --help print this help, then exit
3971 -V, --version print version number and configuration settings, then exit
3972 --config print configuration, then exit
3973 -q, --quiet, --silent
3974 do not print progress messages
3975 -d, --debug don't remove temporary files
3976 --recheck update $as_me by reconfiguring in the same conditions
3977 --file=FILE[:TEMPLATE]
3978 instantiate the configuration file FILE
3979
3980 Configuration files:
3981 $config_files
3982
3983 Report bugs to the package provider."
3984
3985 _ACEOF
3986 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
3987 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
3988 ac_cs_version="\\
3989 config.status
3990 configured by $0, generated by GNU Autoconf 2.69,
3991 with options \\"\$ac_cs_config\\"
3992
3993 Copyright (C) 2012 Free Software Foundation, Inc.
3994 This config.status script is free software; the Free Software Foundation
3995 gives unlimited permission to copy, distribute and modify it."
3996
3997 ac_pwd='$ac_pwd'
3998 srcdir='$srcdir'
3999 test -n "\$AWK" || AWK=awk
4000 _ACEOF
4001
4002 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4003 # The default lists apply if the user does not specify any file.
4004 ac_need_defaults=:
4005 while test $# != 0
4006 do
4007 case $1 in
4008 --*=?*)
4009 ac_option=`expr "X$1" : 'X\([^=]*\)='`
4010 ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
4011 ac_shift=:
4012 ;;
4013 --*=)
4014 ac_option=`expr "X$1" : 'X\([^=]*\)='`
4015 ac_optarg=
4016 ac_shift=:
4017 ;;
4018 *)
4019 ac_option=$1
4020 ac_optarg=$2
4021 ac_shift=shift
4022 ;;
4023 esac
4024
4025 case $ac_option in
4026 # Handling of the options.
4027 -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
4028 ac_cs_recheck=: ;;
4029 --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
4030 $as_echo "$ac_cs_version"; exit ;;
4031 --config | --confi | --conf | --con | --co | --c )
4032 $as_echo "$ac_cs_config"; exit ;;
4033 --debug | --debu | --deb | --de | --d | -d )
4034 debug=: ;;
4035 --file | --fil | --fi | --f )
4036 $ac_shift
4037 case $ac_optarg in
4038 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
4039 '') as_fn_error $? "missing file argument" ;;
4040 esac
4041 as_fn_append CONFIG_FILES " '$ac_optarg'"
4042 ac_need_defaults=false;;
4043 --he | --h | --help | --hel | -h )
4044 $as_echo "$ac_cs_usage"; exit ;;
4045 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
4046 | -silent | --silent | --silen | --sile | --sil | --si | --s)
4047 ac_cs_silent=: ;;
4048
4049 # This is an error.
4050 -*) as_fn_error $? "unrecognized option: \`$1'
4051 Try \`$0 --help' for more information." ;;
4052
4053 *) as_fn_append ac_config_targets " $1"
4054 ac_need_defaults=false ;;
4055
4056 esac
4057 shift
4058 done
4059
4060 ac_configure_extra_args=
4061
4062 if $ac_cs_silent; then
4063 exec 6>/dev/null
4064 ac_configure_extra_args="$ac_configure_extra_args --silent"
4065 fi
4066
4067 _ACEOF
4068 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4069 if \$ac_cs_recheck; then
4070 set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
4071 shift
4072 \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
4073 CONFIG_SHELL='$SHELL'
4074 export CONFIG_SHELL
4075 exec "\$@"
4076 fi
4077
4078 _ACEOF
4079 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4080 exec 5>>config.log
4081 {
4082 echo
4083 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
4084 ## Running $as_me. ##
4085 _ASBOX
4086 $as_echo "$ac_log"
4087 } >&5
4088
4089 _ACEOF
4090 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4091 _ACEOF
4092
4093 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4094
4095 # Handling of arguments.
4096 for ac_config_target in $ac_config_targets
4097 do
4098 case $ac_config_target in
4099 "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;;
4100
4101 *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
4102 esac
4103 done
4104
4105
4106 # If the user did not use the arguments to specify the items to instantiate,
4107 # then the envvar interface is used. Set only those that are not.
4108 # We use the long form for the default assignment because of an extremely
4109 # bizarre bug on SunOS 4.1.3.
4110 if $ac_need_defaults; then
4111 test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
4112 fi
4113
4114 # Have a temporary directory for convenience. Make it in the build tree
4115 # simply because there is no reason against having it here, and in addition,
4116 # creating and moving files from /tmp can sometimes cause problems.
4117 # Hook for its removal unless debugging.
4118 # Note that there is a small window in which the directory will not be cleaned:
4119 # after its creation but before its name has been assigned to `$tmp'.
4120 $debug ||
4121 {
4122 tmp= ac_tmp=
4123 trap 'exit_status=$?
4124 : "${ac_tmp:=$tmp}"
4125 { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
4126 ' 0
4127 trap 'as_fn_exit 1' 1 2 13 15
4128 }
4129 # Create a (secure) tmp directory for tmp files.
4130
4131 {
4132 tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
4133 test -d "$tmp"
4134 } ||
4135 {
4136 tmp=./conf$$-$RANDOM
4137 (umask 077 && mkdir "$tmp")
4138 } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
4139 ac_tmp=$tmp
4140
4141 # Set up the scripts for CONFIG_FILES section.
4142 # No need to generate them if there are no CONFIG_FILES.
4143 # This happens for instance with `./config.status config.h'.
4144 if test -n "$CONFIG_FILES"; then
4145
4146
4147 ac_cr=`echo X | tr X '\015'`
4148 # On cygwin, bash can eat \r inside `` if the user requested igncr.
4149 # But we know of no other shell where ac_cr would be empty at this
4150 # point, so we can use a bashism as a fallback.
4151 if test "x$ac_cr" = x; then
4152 eval ac_cr=\$\'\\r\'
4153 fi
4154 ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
4155 if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
4156 ac_cs_awk_cr='\\r'
4157 else
4158 ac_cs_awk_cr=$ac_cr
4159 fi
4160
4161 echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
4162 _ACEOF
4163
4164
4165 {
4166 echo "cat >conf$$subs.awk <<_ACEOF" &&
4167 echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
4168 echo "_ACEOF"
4169 } >conf$$subs.sh ||
4170 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
4171 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
4172 ac_delim='%!_!# '
4173 for ac_last_try in false false false false false :; do
4174 . ./conf$$subs.sh ||
4175 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
4176
4177 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
4178 if test $ac_delim_n = $ac_delim_num; then
4179 break
4180 elif $ac_last_try; then
4181 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
4182 else
4183 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
4184 fi
4185 done
4186 rm -f conf$$subs.sh
4187
4188 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4189 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
4190 _ACEOF
4191 sed -n '
4192 h
4193 s/^/S["/; s/!.*/"]=/
4194 p
4195 g
4196 s/^[^!]*!//
4197 :repl
4198 t repl
4199 s/'"$ac_delim"'$//
4200 t delim
4201 :nl
4202 h
4203 s/\(.\{148\}\)..*/\1/
4204 t more1
4205 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
4206 p
4207 n
4208 b repl
4209 :more1
4210 s/["\\]/\\&/g; s/^/"/; s/$/"\\/
4211 p
4212 g
4213 s/.\{148\}//
4214 t nl
4215 :delim
4216 h
4217 s/\(.\{148\}\)..*/\1/
4218 t more2
4219 s/["\\]/\\&/g; s/^/"/; s/$/"/
4220 p
4221 b
4222 :more2
4223 s/["\\]/\\&/g; s/^/"/; s/$/"\\/
4224 p
4225 g
4226 s/.\{148\}//
4227 t delim
4228 ' <conf$$subs.awk | sed '
4229 /^[^""]/{
4230 N
4231 s/\n//
4232 }
4233 ' >>$CONFIG_STATUS || ac_write_fail=1
4234 rm -f conf$$subs.awk
4235 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4236 _ACAWK
4237 cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
4238 for (key in S) S_is_set[key] = 1
4239 FS = ""
4240
4241 }
4242 {
4243 line = $ 0
4244 nfields = split(line, field, "@")
4245 substed = 0
4246 len = length(field[1])
4247 for (i = 2; i < nfields; i++) {
4248 key = field[i]
4249 keylen = length(key)
4250 if (S_is_set[key]) {
4251 value = S[key]
4252 line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
4253 len += length(value) + length(field[++i])
4254 substed = 1
4255 } else
4256 len += 1 + keylen
4257 }
4258
4259 print line
4260 }
4261
4262 _ACAWK
4263 _ACEOF
4264 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4265 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
4266 sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
4267 else
4268 cat
4269 fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
4270 || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
4271 _ACEOF
4272
4273 # VPATH may cause trouble with some makes, so we remove sole $(srcdir),
4274 # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
4275 # trailing colons and then remove the whole line if VPATH becomes empty
4276 # (actually we leave an empty line to preserve line numbers).
4277 if test "x$srcdir" = x.; then
4278 ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
4279 h
4280 s///
4281 s/^/:/
4282 s/[ ]*$/:/
4283 s/:\$(srcdir):/:/g
4284 s/:\${srcdir}:/:/g
4285 s/:@srcdir@:/:/g
4286 s/^:*//
4287 s/:*$//
4288 x
4289 s/\(=[ ]*\).*/\1/
4290 G
4291 s/\n//
4292 s/^[^=]*=[ ]*$//
4293 }'
4294 fi
4295
4296 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4297 fi # test -n "$CONFIG_FILES"
4298
4299
4300 eval set X " :F $CONFIG_FILES "
4301 shift
4302 for ac_tag
4303 do
4304 case $ac_tag in
4305 :[FHLC]) ac_mode=$ac_tag; continue;;
4306 esac
4307 case $ac_mode$ac_tag in
4308 :[FHL]*:*);;
4309 :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
4310 :[FH]-) ac_tag=-:-;;
4311 :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
4312 esac
4313 ac_save_IFS=$IFS
4314 IFS=:
4315 set x $ac_tag
4316 IFS=$ac_save_IFS
4317 shift
4318 ac_file=$1
4319 shift
4320
4321 case $ac_mode in
4322 :L) ac_source=$1;;
4323 :[FH])
4324 ac_file_inputs=
4325 for ac_f
4326 do
4327 case $ac_f in
4328 -) ac_f="$ac_tmp/stdin";;
4329 *) # Look for the file first in the build tree, then in the source tree
4330 # (if the path is not absolute). The absolute path cannot be DOS-style,
4331 # because $ac_f cannot contain `:'.
4332 test -f "$ac_f" ||
4333 case $ac_f in
4334 [\\/$]*) false;;
4335 *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
4336 esac ||
4337 as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
4338 esac
4339 case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
4340 as_fn_append ac_file_inputs " '$ac_f'"
4341 done
4342
4343 # Let's still pretend it is `configure' which instantiates (i.e., don't
4344 # use $as_me), people would be surprised to read:
4345 # /* config.h. Generated by config.status. */
4346 configure_input='Generated from '`
4347 $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
4348 `' by configure.'
4349 if test x"$ac_file" != x-; then
4350 configure_input="$ac_file. $configure_input"
4351 { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
4352 $as_echo "$as_me: creating $ac_file" >&6;}
4353 fi
4354 # Neutralize special characters interpreted by sed in replacement strings.
4355 case $configure_input in #(
4356 *\&* | *\|* | *\\* )
4357 ac_sed_conf_input=`$as_echo "$configure_input" |
4358 sed 's/[\\\\&|]/\\\\&/g'`;; #(
4359 *) ac_sed_conf_input=$configure_input;;
4360 esac
4361
4362 case $ac_tag in
4363 *:-:* | *:-) cat >"$ac_tmp/stdin" \
4364 || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
4365 esac
4366 ;;
4367 esac
4368
4369 ac_dir=`$as_dirname -- "$ac_file" ||
4370 $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
4371 X"$ac_file" : 'X\(//\)[^/]' \| \
4372 X"$ac_file" : 'X\(//\)$' \| \
4373 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
4374 $as_echo X"$ac_file" |
4375 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
4376 s//\1/
4377 q
4378 }
4379 /^X\(\/\/\)[^/].*/{
4380 s//\1/
4381 q
4382 }
4383 /^X\(\/\/\)$/{
4384 s//\1/
4385 q
4386 }
4387 /^X\(\/\).*/{
4388 s//\1/
4389 q
4390 }
4391 s/.*/./; q'`
4392 as_dir="$ac_dir"; as_fn_mkdir_p
4393 ac_builddir=.
4394
4395 case "$ac_dir" in
4396 .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
4397 *)
4398 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
4399 # A ".." for each directory in $ac_dir_suffix.
4400 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
4401 case $ac_top_builddir_sub in
4402 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
4403 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
4404 esac ;;
4405 esac
4406 ac_abs_top_builddir=$ac_pwd
4407 ac_abs_builddir=$ac_pwd$ac_dir_suffix
4408 # for backward compatibility:
4409 ac_top_builddir=$ac_top_build_prefix
4410
4411 case $srcdir in
4412 .) # We are building in place.
4413 ac_srcdir=.
4414 ac_top_srcdir=$ac_top_builddir_sub
4415 ac_abs_top_srcdir=$ac_pwd ;;
4416 [\\/]* | ?:[\\/]* ) # Absolute name.
4417 ac_srcdir=$srcdir$ac_dir_suffix;
4418 ac_top_srcdir=$srcdir
4419 ac_abs_top_srcdir=$srcdir ;;
4420 *) # Relative name.
4421 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
4422 ac_top_srcdir=$ac_top_build_prefix$srcdir
4423 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
4424 esac
4425 ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
4426
4427
4428 case $ac_mode in
4429 :F)
4430 #
4431 # CONFIG_FILE
4432 #
4433
4434 _ACEOF
4435
4436 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4437 # If the template does not know about datarootdir, expand it.
4438 # FIXME: This hack should be removed a few years after 2.60.
4439 ac_datarootdir_hack=; ac_datarootdir_seen=
4440 ac_sed_dataroot='
4441 /datarootdir/ {
4442 p
4443 q
4444 }
4445 /@datadir@/p
4446 /@docdir@/p
4447 /@infodir@/p
4448 /@localedir@/p
4449 /@mandir@/p'
4450 case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
4451 *datarootdir*) ac_datarootdir_seen=yes;;
4452 *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
4453 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
4454 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
4455 _ACEOF
4456 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4457 ac_datarootdir_hack='
4458 s&@datadir@&$datadir&g
4459 s&@docdir@&$docdir&g
4460 s&@infodir@&$infodir&g
4461 s&@localedir@&$localedir&g
4462 s&@mandir@&$mandir&g
4463 s&\\\${datarootdir}&$datarootdir&g' ;;
4464 esac
4465 _ACEOF
4466
4467 # Neutralize VPATH when `$srcdir' = `.'.
4468 # Shell code in configure.ac might set extrasub.
4469 # FIXME: do we really want to maintain this feature?
4470 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4471 ac_sed_extra="$ac_vpsub
4472 $extrasub
4473 _ACEOF
4474 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4475 :t
4476 /@[a-zA-Z_][a-zA-Z_0-9]*@/!b
4477 s|@configure_input@|$ac_sed_conf_input|;t t
4478 s&@top_builddir@&$ac_top_builddir_sub&;t t
4479 s&@top_build_prefix@&$ac_top_build_prefix&;t t
4480 s&@srcdir@&$ac_srcdir&;t t
4481 s&@abs_srcdir@&$ac_abs_srcdir&;t t
4482 s&@top_srcdir@&$ac_top_srcdir&;t t
4483 s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
4484 s&@builddir@&$ac_builddir&;t t
4485 s&@abs_builddir@&$ac_abs_builddir&;t t
4486 s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
4487 $ac_datarootdir_hack
4488 "
4489 eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
4490 >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
4491
4492 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
4493 { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
4494 { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
4495 "$ac_tmp/out"`; test -z "$ac_out"; } &&
4496 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
4497 which seems to be undefined. Please make sure it is defined" >&5
4498 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
4499 which seems to be undefined. Please make sure it is defined" >&2;}
4500
4501 rm -f "$ac_tmp/stdin"
4502 case $ac_file in
4503 -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
4504 *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
4505 esac \
4506 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
4507 ;;
4508
4509
4510
4511 esac
4512
4513 done # for ac_tag
4514
4515
4516 as_fn_exit 0
4517 _ACEOF
4518 ac_clean_files=$ac_clean_files_save
4519
4520 test $ac_write_fail = 0 ||
4521 as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
4522
4523
4524 # configure is writing to config.log, and then calls config.status.
4525 # config.status does its own redirection, appending to config.log.
4526 # Unfortunately, on DOS this fails, as config.log is still kept open
4527 # by configure, so config.status won't be able to write to it; its
4528 # output is simply discarded. So we exec the FD to /dev/null,
4529 # effectively closing config.log, so it can be properly (re)opened and
4530 # appended to by config.status. When coming back to configure, we
4531 # need to make the FD available again.
4532 if test "$no_create" != yes; then
4533 ac_cs_success=:
4534 ac_config_status_args=
4535 test "$silent" = yes &&
4536 ac_config_status_args="$ac_config_status_args --quiet"
4537 exec 5>/dev/null
4538 $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
4539 exec 5>>config.log
4540 # Use ||, not &&, to avoid exiting from the if with $? = 1, which
4541 # would make configure fail if this is the last instruction.
4542 $ac_cs_success || as_fn_exit 1
4543 fi
4544 if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
4545 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
4546 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
4547 fi
4548
4549
+104
-0
src/modules/rlm_eap/types/rlm_eap_fast/configure.ac less more
0 #
1 # Autoconf input file.
2 #
3 # Version: $Id$
4 #
5
6 AC_PREREQ([2.53])
7 AC_INIT(rlm_eap_fast.c)
8 AC_REVISION($Revision$)
9 AC_DEFUN(modname,[rlm_eap_fast])
10
11 mod_ldflags=
12 mod_cflags=
13
14 if test x$with_[]modname != xno; then
15
16 dnl ############################################################
17 dnl # Check for command line options
18 dnl ############################################################
19 dnl extra argument: --with-openssl-lib-dir
20 openssl_lib_dir=
21 AC_ARG_WITH(openssl-lib-dir,
22 [ --with-openssl-lib-dir=DIR directory for LDAP library files []],
23 [ case "$withval" in
24 no)
25 AC_MSG_ERROR(Need openssl-lib-dir)
26 ;;
27 yes)
28 ;;
29 *)
30 openssl_lib_dir="$withval"
31 ;;
32 esac ]
33 )
34
35 dnl extra argument: --with-openssl-include-dir
36 openssl_include_dir=
37 AC_ARG_WITH(openssl-include-dir,
38 [ --with-openssl-include-dir=DIR directory for LDAP include files []],
39 [ case "$withval" in
40 no)
41 AC_MSG_ERROR(Need openssl-include-dir)
42 ;;
43 yes)
44 ;;
45 *)
46 openssl_include_dir="$withval"
47 ;;
48 esac ]
49 )
50
51 dnl ############################################################
52 dnl # Check for header files
53 dnl ############################################################
54
55 smart_try_dir=$openssl_include_dir
56 FR_SMART_CHECK_INCLUDE(openssl/ec.h)
57 if test "$ac_cv_header_openssl_ec_h" != "yes"; then
58 fail="$fail openssl/ec.h"
59 fi
60
61 smart_try_dir=$openssl_lib_dir
62 FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new)
63 if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
64 fail="libssl"
65 fi
66
67 AC_EGREP_CPP(yes,
68 [#include <openssl/crypto.h>
69 #if (OPENSSL_VERSION_NUMBER >= 0x01000100fL)
70 yes
71 #endif
72 ],
73 [
74 AC_MSG_CHECKING([for OpenSSL version >= 1.0.1a])
75 AC_MSG_RESULT(yes)
76 ],
77 [
78 AC_MSG_CHECKING([for OpenSSL version >= 1.0.1a])
79 AC_MSG_RESULT(no)
80 fail="openssl>1.0.1"
81 ]
82 )
83
84 targetname=modname
85 else
86 targetname=
87 echo \*\*\* module modname is disabled.
88 fi
89
90 if test x"$fail" != x""; then
91 if test x"${enable_strict_dependencies}" = x"yes"; then
92 AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.])
93 else
94 AC_MSG_WARN([silently not building ]modname[.])
95 AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.])
96 targetname=""
97 fi
98 fi
99
100 AC_SUBST(mod_ldflags)
101 AC_SUBST(mod_cflags)
102 AC_SUBST(targetname)
103 AC_OUTPUT(all.mk)
+3
-7
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c less more
950950 if (t->stage == AUTHENTICATION) { /* FIXME do this only for MSCHAPv2 */
951951 VALUE_PAIR *tvp;
952952
953 RWDEBUG2("AUTHENTICATION");
954 vp = fr_pair_make(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
955 vp->vp_integer = t->default_method;
956 RWDEBUG2("AUTHENTICATION");
953 RDEBUG2("AUTHENTICATION");
954 vp = fr_pair_make(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
955 vp->vp_integer = t->default_method;
957956
958957 /*
959958 * RFC 5422 section 3.2.3 - Authenticating Using EAP-FAST-MSCHAPv2
12351234
12361235 eap_fast_append_result(tls_session, code);
12371236
1238 if (code == PW_CODE_ACCESS_REJECT)
1239 break;
1240
12411237 if (t->pac.send) {
12421238 RDEBUG("Peer requires new PAC");
12431239 eap_fast_send_pac_tunnel(request, tls_session);
+8
-2
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c less more
184184 }
185185
186186 // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()
187 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
187188 static int _session_secret(SSL *s, void *secret, int *secret_len,
188189 UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
189190 UNUSED SSL_CIPHER **cipher, void *arg)
191 #else
192 static int _session_secret(SSL *s, void *secret, int *secret_len,
193 UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
194 UNUSED const SSL_CIPHER **cipher, void *arg)
195 #endif
190196 {
191197 // FIXME enforce non-anon cipher
192198
205211 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
206212 eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
207213 #else
208 uint8_t const client_random[SSL3_RANDOM_SIZE];
209 uint8_t const server_random[SSL3_RANDOM_SIZE];
214 uint8_t client_random[SSL3_RANDOM_SIZE];
215 uint8_t server_random[SSL3_RANDOM_SIZE];
210216
211217 SSL_get_client_random(s, client_random, sizeof(client_random));
212218 SSL_get_server_random(s, server_random, sizeof(server_random));
+44
-26
src/modules/rlm_eap/types/rlm_eap_peap/peap.c less more
206206 * Verify the tunneled EAP message.
207207 */
208208 static int eapmessage_verify(REQUEST *request,
209 uint8_t const *data, unsigned int data_len)
209 uint8_t const *data, unsigned int data_len, int peap_version)
210210 {
211211 eap_packet_raw_t const *eap_packet = (eap_packet_raw_t const *) data;
212212 eap_type_t eap_method;
213
214 /*
215 * Hack for now.
216 */
217 if (peap_version == 1) return 1;
213218
214219 /*
215220 * No data, OR only 1 byte of EAP type.
240245 RDEBUG2("Received EAP-TLV response");
241246 return 1;
242247 }
243 RDEBUG2("Got something weird");
248 RDEBUG2("Received unexpected EAP-Response, rejecting the session.");
244249 break;
245250
246251
263268 */
264269 static VALUE_PAIR *eap2vp(UNUSED REQUEST *request, RADIUS_PACKET *packet,
265270 EAP_DS *eap_ds,
266 uint8_t const *data, size_t data_len)
271 uint8_t const *data, size_t data_len, int peap_version)
267272 {
268273 size_t total;
269274 uint8_t *p;
280285 total = data_len;
281286 if (total > 249) total = 249;
282287
283 /*
284 * Hand-build an EAP packet from the crap in PEAP version 0.
285 */
286 vp->vp_length = EAP_HEADER_LEN + total;
287 vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
288
289 p[0] = PW_EAP_RESPONSE;
290 p[1] = eap_ds->response->id;
291 p[2] = (data_len + EAP_HEADER_LEN) >> 8;
292 p[3] = (data_len + EAP_HEADER_LEN) & 0xff;
293
294 memcpy(p + EAP_HEADER_LEN, data, total);
288 if (peap_version == 0) {
289 /*
290 * Hand-build an EAP packet from the crap in PEAP version 0.
291 */
292 vp->vp_length = EAP_HEADER_LEN + total;
293 vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
294
295 p[0] = PW_EAP_RESPONSE;
296 p[1] = eap_ds->response->id;
297 p[2] = (data_len + EAP_HEADER_LEN) >> 8;
298 p[3] = (data_len + EAP_HEADER_LEN) & 0xff;
299
300 memcpy(p + EAP_HEADER_LEN, data, total);
301
302 } else { /* peapv1 */
303 vp->vp_length = total;
304 vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
305 memcpy(p, data, total);
306 }
295307
296308 fr_cursor_init(&cursor, &head);
297309 fr_cursor_insert(&cursor, vp);
322334 rad_assert(vp != NULL);
323335 VALUE_PAIR *this;
324336 vp_cursor_t cursor;
337 size_t header = EAP_HEADER_LEN;
338
339 if (tls_session->peap_flag > 0) header = 0;
325340
326341 /*
327342 * Skip the id, code, and length. Just write the EAP
329344 */
330345 #ifndef NDEBUG
331346 if ((rad_debug_lvl > 2) && fr_log_fp) {
332 size_t i, total, start = EAP_HEADER_LEN;
347 size_t i, total, start = header;
333348 total = 0;
334349
335350 for (this = fr_cursor_init(&cursor, &vp); this; this = fr_cursor_next(&cursor)) {
359374 * Send the EAP data in the first attribute, WITHOUT the
360375 * header.
361376 */
362 (tls_session->record_plus)(&tls_session->clean_in, vp->vp_octets + EAP_HEADER_LEN, vp->vp_length - EAP_HEADER_LEN);
377 (tls_session->record_plus)(&tls_session->clean_in, vp->vp_octets + header, vp->vp_length - header);
363378
364379 /*
365380 * Send the rest of the EAP data, but skipping the first VP.
729744 rlm_rcode_t rcode = RLM_MODULE_REJECT;
730745 uint8_t const *data;
731746 unsigned int data_len;
747 size_t header = 0;
732748
733749 REQUEST *request = handler->request;
734750 EAP_DS *eap_ds = handler->eap_ds;
744760 RDEBUG2("PEAP state %s", peap_state(t));
745761
746762 if ((t->status != PEAP_STATUS_TUNNEL_ESTABLISHED) &&
747 !eapmessage_verify(request, data, data_len)) {
763 !eapmessage_verify(request, data, data_len, tls_session->peap_flag)) {
748764 REDEBUG("Tunneled data is invalid");
749765 if (rad_debug_lvl > 2) print_tunneled_data(data, data_len);
750766 return RLM_MODULE_REJECT;
751767 }
768
769 if (tls_session->peap_flag > 0) header = EAP_HEADER_LEN;
752770
753771 switch (t->status) {
754772 case PEAP_STATUS_TUNNEL_ESTABLISHED:
777795
778796 case PEAP_STATUS_INNER_IDENTITY_REQ_SENT:
779797 /* we're expecting an identity response */
780 if (data[0] != PW_EAP_IDENTITY) {
798 if (data[header] != PW_EAP_IDENTITY) {
781799 REDEBUG("Expected EAP-Identity, got something else");
782800 return RLM_MODULE_REJECT;
783801 }
788806 t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
789807 rad_assert(t->username != NULL);
790808
791 fr_pair_value_bstrncpy(t->username, data + 1, data_len - 1);
809 fr_pair_value_bstrncpy(t->username, data + header + 1, data_len - header - 1);
792810
793811 RDEBUG("Got inner identity '%s'", t->username->vp_strvalue);
794812 if (t->soh) {
803821 case PEAP_STATUS_WAIT_FOR_SOH_RESPONSE:
804822 fake = request_alloc_fake(request);
805823 rad_assert(!fake->packet->vps);
806 eapsoh_verify(fake, fake->packet, data, data_len);
824 eapsoh_verify(fake, fake->packet, data + header, data_len - header);
807825 setup_fake_request(request, fake, t);
808826
809827 if (t->soh_virtual_server) {
841859 * If we authenticated the user, then it's OK.
842860 */
843861 case PEAP_STATUS_SENT_TLV_SUCCESS:
844 if (eappeap_check_tlv(request, data, data_len)) {
862 if (eappeap_check_tlv(request, data + header, data_len - header)) {
845863 RDEBUG2("Success");
846864 return RLM_MODULE_OK;
847865 }
875893 */
876894 case PEAP_STATUS_SENT_TLV_FAILURE:
877895 RINDENT();
878 RIDEBUG("The users session was previously rejected: returning reject (again.)");
896 REDEBUG("The users session was previously rejected: returning reject (again.)");
879897 RIDEBUG("This means you need to read the PREVIOUS messages in the debug output");
880898 RIDEBUG("to find out the reason why the user was rejected");
881899 RIDEBUG("Look for \"reject\" or \"fail\". Those earlier messages will tell you");
936954
937955 case PEAP_STATUS_PHASE2:
938956 fake->packet->vps = eap2vp(request, fake->packet,
939 eap_ds, data, data_len);
957 eap_ds, data, data_len, tls_session->peap_flag);
940958 if (!fake->packet->vps) {
941959 talloc_free(fake);
942960 RDEBUG2("Unable to convert tunneled EAP packet to internal server data structures");
961979 * so we add one here, by pulling it out of the
962980 * EAP-Identity packet.
963981 */
964 if ((data[0] == PW_EAP_IDENTITY) && (data_len > 1)) {
982 if ((data[header] == PW_EAP_IDENTITY) && (data_len > (1 + header))) {
965983 t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
966984 rad_assert(t->username != NULL);
967985
968 fr_pair_value_bstrncpy(t->username, data + 1, data_len - 1);
986 fr_pair_value_bstrncpy(t->username, data + header + 1, data_len - header - 1);
969987
970988 RDEBUG2("Got tunneled identity of %s", t->username->vp_strvalue);
971989
+7
-0
src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c less more
259259 */
260260 if (!tls_session->opaque) {
261261 peap = tls_session->opaque = peap_alloc(tls_session, inst);
262 }
263
264 /*
265 * Negotiate PEAP versions down.
266 */
267 if ((handler->eap_ds->response->type.data[0] & 0x03) < tls_session->peap_flag) {
268 tls_session->peap_flag = handler->eap_ds->response->type.data[0] & 0x03;
262269 }
263270
264271 status = eaptls_process(handler);
+14
-14
src/modules/rlm_eap/types/rlm_eap_pwd/configure less more
29162916
29172917
29182918 sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
2919 sm_func_safe=`echo "EVP_cleanup" | sed 'y%./+-%__p_%'`
2919 sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'`
29202920
29212921 old_LIBS="$LIBS"
29222922 old_CPPFLAGS="$CPPFLAGS"
29262926
29272927 if test "x$smart_try_dir" != "x"; then
29282928 for try in $smart_try_dir; do
2929 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_cleanup in -lcrypto in $try" >&5
2930 $as_echo_n "checking for EVP_cleanup in -lcrypto in $try... " >&6; }
2929 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
2930 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
29312931 LIBS="-lcrypto $old_LIBS"
29322932 CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
29332933 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
29342934 /* end confdefs.h. */
2935 extern char EVP_cleanup();
2935 extern char EVP_CIPHER_CTX_new();
29362936 int
29372937 main ()
29382938 {
2939 EVP_cleanup()
2939 EVP_CIPHER_CTX_new()
29402940 ;
29412941 return 0;
29422942 }
29612961 fi
29622962
29632963 if test "x$smart_lib" = "x"; then
2964 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_cleanup in -lcrypto" >&5
2965 $as_echo_n "checking for EVP_cleanup in -lcrypto... " >&6; }
2964 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5
2965 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; }
29662966 LIBS="-lcrypto $old_LIBS"
29672967 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
29682968 /* end confdefs.h. */
2969 extern char EVP_cleanup();
2969 extern char EVP_CIPHER_CTX_new();
29702970 int
29712971 main ()
29722972 {
2973 EVP_cleanup()
2973 EVP_CIPHER_CTX_new()
29742974 ;
29752975 return 0;
29762976 }
30473047
30483048
30493049 for try in $smart_lib_dir /usr/local/lib /opt/lib; do
3050 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_cleanup in -lcrypto in $try" >&5
3051 $as_echo_n "checking for EVP_cleanup in -lcrypto in $try... " >&6; }
3050 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
3051 $as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
30523052 LIBS="-lcrypto $old_LIBS"
30533053 CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
30543054 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
30553055 /* end confdefs.h. */
3056 extern char EVP_cleanup();
3056 extern char EVP_CIPHER_CTX_new();
30573057 int
30583058 main ()
30593059 {
3060 EVP_cleanup()
3060 EVP_CIPHER_CTX_new()
30613061 ;
30623062 return 0;
30633063 }
30873087 SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
30883088 fi
30893089
3090 if test "x$ac_cv_lib_crypto_EVP_cleanup" != "xyes"; then
3090 if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
30913091 fail="libssl"
30923092 else
30933093 for ac_func in EVP_sha256
+2
-2
src/modules/rlm_eap/types/rlm_eap_pwd/configure.ac less more
5959 fi
6060
6161 smart_try_dir=$openssl_lib_dir
62 FR_SMART_CHECK_LIB(crypto, EVP_cleanup)
63 if test "x$ac_cv_lib_crypto_EVP_cleanup" != "xyes"; then
62 FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new)
63 if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
6464 fail="libssl"
6565 else
6666 AC_CHECK_FUNCS(EVP_sha256)
+118
-73
src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c less more
4444 uint8_t allzero[SHA256_DIGEST_LENGTH];
4545
4646 memset(allzero, 0, SHA256_DIGEST_LENGTH);
47 HMAC_Init(ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256());
47
48 HMAC_Init_ex(ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);
4849 }
4950
5051 static void H_Update(HMAC_CTX *ctx, uint8_t const *data, int len)
5758 unsigned int mdlen = SHA256_DIGEST_LENGTH;
5859
5960 HMAC_Final(ctx, digest, &mdlen);
60 HMAC_CTX_cleanup(ctx);
6161 }
6262
6363 /* a counter-based KDF based on NIST SP800-108 */
64 static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, uint8_t *result, int resultbitlen)
65 {
66 HMAC_CTX hctx;
64 static int eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, uint8_t *result, int resultbitlen)
65 {
66 HMAC_CTX *hctx = NULL;
6767 uint8_t digest[SHA256_DIGEST_LENGTH];
6868 uint16_t i, ctr, L;
6969 int resultbytelen, len = 0;
7070 unsigned int mdlen = SHA256_DIGEST_LENGTH;
7171 uint8_t mask = 0xff;
7272
73 hctx = HMAC_CTX_new();
74 if (hctx == NULL) {
75 DEBUG("failed allocating HMAC context");
76 return -1;
77 }
7378 resultbytelen = (resultbitlen + 7)/8;
7479 ctr = 0;
7580 L = htons(resultbitlen);
7681 while (len < resultbytelen) {
7782 ctr++; i = htons(ctr);
78 HMAC_Init(&hctx, key, keylen, EVP_sha256());
83 HMAC_Init_ex(hctx, key, keylen, EVP_sha256(), NULL);
7984 if (ctr > 1) {
80 HMAC_Update(&hctx, digest, mdlen);
81 }
82 HMAC_Update(&hctx, (uint8_t *) &i, sizeof(uint16_t));
83 HMAC_Update(&hctx, (uint8_t const *)label, labellen);
84 HMAC_Update(&hctx, (uint8_t *) &L, sizeof(uint16_t));
85 HMAC_Final(&hctx, digest, &mdlen);
85 HMAC_Update(hctx, digest, mdlen);
86 }
87 HMAC_Update(hctx, (uint8_t *) &i, sizeof(uint16_t));
88 HMAC_Update(hctx, (uint8_t const *)label, labellen);
89 HMAC_Update(hctx, (uint8_t *) &L, sizeof(uint16_t));
90 HMAC_Final(hctx, digest, &mdlen);
8691 if ((len + (int) mdlen) > resultbytelen) {
8792 memcpy(result + len, digest, resultbytelen - len);
8893 } else {
8994 memcpy(result + len, digest, mdlen);
9095 }
9196 len += mdlen;
92 HMAC_CTX_cleanup(&hctx);
93 }
97 }
98 HMAC_CTX_free(hctx);
9499
95100 /* since we're expanding to a bit length, mask off the excess */
96101 if (resultbitlen % 8) {
97102 mask <<= (8 - (resultbitlen % 8));
98103 result[resultbytelen - 1] &= mask;
99104 }
105
106 return 0;
100107 }
101108
102109 int compute_password_element (pwd_session_t *session, uint16_t grp_num,
106113 uint32_t *token)
107114 {
108115 BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
109 HMAC_CTX ctx;
116 HMAC_CTX *ctx = NULL;
110117 uint8_t pwe_digest[SHA256_DIGEST_LENGTH], *prfbuf = NULL, ctr;
111118 int nid, is_odd, primebitlen, primebytelen, ret = 0;
119
120 ctx = HMAC_CTX_new();
121 if (ctx == NULL) {
122 DEBUG("failed allocating HMAC context");
123 goto fail;
124 }
112125
113126 switch (grp_num) { /* from IANA registry for IKE D-H groups */
114127 case 19:
189202 * pwd-seed = H(token | peer-id | server-id | password |
190203 * counter)
191204 */
192 H_Init(&ctx);
193 H_Update(&ctx, (uint8_t *)token, sizeof(*token));
194 H_Update(&ctx, (uint8_t const *)id_peer, id_peer_len);
195 H_Update(&ctx, (uint8_t const *)id_server, id_server_len);
196 H_Update(&ctx, (uint8_t const *)password, password_len);
197 H_Update(&ctx, (uint8_t *)&ctr, sizeof(ctr));
198 H_Final(&ctx, pwe_digest);
205 H_Init(ctx);
206 H_Update(ctx, (uint8_t *)token, sizeof(*token));
207 H_Update(ctx, (uint8_t const *)id_peer, id_peer_len);
208 H_Update(ctx, (uint8_t const *)id_server, id_server_len);
209 H_Update(ctx, (uint8_t const *)password, password_len);
210 H_Update(ctx, (uint8_t *)&ctr, sizeof(ctr));
211 H_Final(ctx, pwe_digest);
199212
200213 BN_bin2bn(pwe_digest, SHA256_DIGEST_LENGTH, rnd);
201 eap_pwd_kdf(pwe_digest, SHA256_DIGEST_LENGTH, "EAP-pwd Hunting And Pecking",
202 strlen("EAP-pwd Hunting And Pecking"), prfbuf, primebitlen);
214 if (eap_pwd_kdf(pwe_digest, SHA256_DIGEST_LENGTH, "EAP-pwd Hunting And Pecking",
215 strlen("EAP-pwd Hunting And Pecking"), prfbuf, primebitlen) != 0) {
216 DEBUG("key derivation function failed");
217 goto fail;
218 }
203219
204220 BN_bin2bn(prfbuf, primebytelen, x_candidate);
205221 /*
265281 BN_clear_free(x_candidate);
266282 BN_clear_free(rnd);
267283 talloc_free(prfbuf);
284 HMAC_CTX_free(ctx);
268285
269286 return ret;
270287 }
419436 int compute_server_confirm (pwd_session_t *session, uint8_t *out, BN_CTX *bnctx)
420437 {
421438 BIGNUM *x = NULL, *y = NULL;
422 HMAC_CTX ctx;
439 HMAC_CTX *ctx = NULL;
423440 uint8_t *cruft = NULL;
424441 int offset, req = -1;
442
443 ctx = HMAC_CTX_new();
444 if (ctx == NULL) {
445 DEBUG2("pwd: unable to allocate HMAC context!");
446 goto finish;
447 }
425448
426449 /*
427450 * Each component of the cruft will be at most as big as the prime
436459 * commit is H(k | server_element | server_scalar | peer_element |
437460 * peer_scalar | ciphersuite)
438461 */
439 H_Init(&ctx);
462 H_Init(ctx);
440463
441464 /*
442465 * Zero the memory each time because this is mod prime math and some
446469 */
447470 offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);
448471 BN_bn2bin(session->k, cruft + offset);
449 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
472 H_Update(ctx, cruft, BN_num_bytes(session->prime));
450473
451474 /*
452475 * next is server element: x, y
458481 memset(cruft, 0, BN_num_bytes(session->prime));
459482 offset = BN_num_bytes(session->prime) - BN_num_bytes(x);
460483 BN_bn2bin(x, cruft + offset);
461 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
484 H_Update(ctx, cruft, BN_num_bytes(session->prime));
462485
463486 memset(cruft, 0, BN_num_bytes(session->prime));
464487 offset = BN_num_bytes(session->prime) - BN_num_bytes(y);
465488 BN_bn2bin(y, cruft + offset);
466 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
489 H_Update(ctx, cruft, BN_num_bytes(session->prime));
467490
468491 /*
469492 * and server scalar
471494 memset(cruft, 0, BN_num_bytes(session->prime));
472495 offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);
473496 BN_bn2bin(session->my_scalar, cruft + offset);
474 H_Update(&ctx, cruft, BN_num_bytes(session->order));
497 H_Update(ctx, cruft, BN_num_bytes(session->order));
475498
476499 /*
477500 * next is peer element: x, y
484507 memset(cruft, 0, BN_num_bytes(session->prime));
485508 offset = BN_num_bytes(session->prime) - BN_num_bytes(x);
486509 BN_bn2bin(x, cruft + offset);
487 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
510 H_Update(ctx, cruft, BN_num_bytes(session->prime));
488511
489512 memset(cruft, 0, BN_num_bytes(session->prime));
490513 offset = BN_num_bytes(session->prime) - BN_num_bytes(y);
491514 BN_bn2bin(y, cruft + offset);
492 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
515 H_Update(ctx, cruft, BN_num_bytes(session->prime));
493516
494517 /*
495518 * and peer scalar
497520 memset(cruft, 0, BN_num_bytes(session->prime));
498521 offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);
499522 BN_bn2bin(session->peer_scalar, cruft + offset);
500 H_Update(&ctx, cruft, BN_num_bytes(session->order));
523 H_Update(ctx, cruft, BN_num_bytes(session->order));
501524
502525 /*
503526 * finally, ciphersuite
504527 */
505 H_Update(&ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
506
507 H_Final(&ctx, out);
528 H_Update(ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
529
530 H_Final(ctx, out);
508531
509532 req = 0;
510533 finish:
511534 talloc_free(cruft);
512535 BN_free(x);
513536 BN_free(y);
537 HMAC_CTX_free(ctx);
514538
515539 return req;
516540 }
518542 int compute_peer_confirm (pwd_session_t *session, uint8_t *out, BN_CTX *bnctx)
519543 {
520544 BIGNUM *x = NULL, *y = NULL;
521 HMAC_CTX ctx;
545 HMAC_CTX *ctx = NULL;
522546 uint8_t *cruft = NULL;
523547 int offset, req = -1;
548
549 ctx = HMAC_CTX_new();
550 if (ctx == NULL) {
551 DEBUG2("pwd: unable to allocate HMAC context!");
552 goto finish;
553 }
524554
525555 /*
526556 * Each component of the cruft will be at most as big as the prime
535565 * commit is H(k | server_element | server_scalar | peer_element |
536566 * peer_scalar | ciphersuite)
537567 */
538 H_Init(&ctx);
568 H_Init(ctx);
539569
540570 /*
541571 * Zero the memory each time because this is mod prime math and some
545575 */
546576 offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);
547577 BN_bn2bin(session->k, cruft + offset);
548 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
578 H_Update(ctx, cruft, BN_num_bytes(session->prime));
549579
550580 /*
551581 * then peer element: x, y
558588 memset(cruft, 0, BN_num_bytes(session->prime));
559589 offset = BN_num_bytes(session->prime) - BN_num_bytes(x);
560590 BN_bn2bin(x, cruft + offset);
561 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
591 H_Update(ctx, cruft, BN_num_bytes(session->prime));
562592
563593 memset(cruft, 0, BN_num_bytes(session->prime));
564594 offset = BN_num_bytes(session->prime) - BN_num_bytes(y);
565595 BN_bn2bin(y, cruft + offset);
566 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
596 H_Update(ctx, cruft, BN_num_bytes(session->prime));
567597
568598 /*
569599 * and peer scalar
571601 memset(cruft, 0, BN_num_bytes(session->prime));
572602 offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);
573603 BN_bn2bin(session->peer_scalar, cruft + offset);
574 H_Update(&ctx, cruft, BN_num_bytes(session->order));
604 H_Update(ctx, cruft, BN_num_bytes(session->order));
575605
576606 /*
577607 * then server element: x, y
583613 memset(cruft, 0, BN_num_bytes(session->prime));
584614 offset = BN_num_bytes(session->prime) - BN_num_bytes(x);
585615 BN_bn2bin(x, cruft + offset);
586 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
616 H_Update(ctx, cruft, BN_num_bytes(session->prime));
587617
588618 memset(cruft, 0, BN_num_bytes(session->prime));
589619 offset = BN_num_bytes(session->prime) - BN_num_bytes(y);
590620 BN_bn2bin(y, cruft + offset);
591 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
621 H_Update(ctx, cruft, BN_num_bytes(session->prime));
592622
593623 /*
594624 * and server scalar
596626 memset(cruft, 0, BN_num_bytes(session->prime));
597627 offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);
598628 BN_bn2bin(session->my_scalar, cruft + offset);
599 H_Update(&ctx, cruft, BN_num_bytes(session->order));
629 H_Update(ctx, cruft, BN_num_bytes(session->order));
600630
601631 /*
602632 * finally, ciphersuite
603633 */
604 H_Update(&ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
605
606 H_Final(&ctx, out);
634 H_Update(ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
635
636 H_Final(ctx, out);
607637
608638 req = 0;
609639 finish:
610640 talloc_free(cruft);
611641 BN_free(x);
612642 BN_free(y);
643 HMAC_CTX_free(ctx);
613644
614645 return req;
615646 }
616647
617648 int compute_keys (pwd_session_t *session, uint8_t *peer_confirm, uint8_t *msk, uint8_t *emsk)
618649 {
619 HMAC_CTX ctx;
620 uint8_t mk[SHA256_DIGEST_LENGTH], *cruft;
650 HMAC_CTX *ctx = NULL;
651 uint8_t mk[SHA256_DIGEST_LENGTH], *cruft = NULL;
621652 uint8_t session_id[SHA256_DIGEST_LENGTH + 1];
622653 uint8_t msk_emsk[128]; /* 64 each */
623 int offset;
654 int offset, ret = -1;
655
656 ctx = HMAC_CTX_new();
657 if (ctx == NULL) {
658 DEBUG2("pwd: unable to allocate HMAC context!");
659 goto finish;
660 }
624661
625662 if ((cruft = talloc_array(session, uint8_t, BN_num_bytes(session->prime))) == NULL) {
626663 DEBUG2("pwd: unable to allocate space to compute keys");
627 return -1;
664 goto finish;
628665 }
629666
630667 /*
632669 * scal_s)
633670 */
634671 session_id[0] = PW_EAP_PWD;
635 H_Init(&ctx);
636 H_Update(&ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
672 H_Init(ctx);
673 H_Update(ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
637674 offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);
638675 memset(cruft, 0, BN_num_bytes(session->prime));
639676 BN_bn2bin(session->peer_scalar, cruft + offset);
640 H_Update(&ctx, cruft, BN_num_bytes(session->order));
677 H_Update(ctx, cruft, BN_num_bytes(session->order));
641678 offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);
642679 memset(cruft, 0, BN_num_bytes(session->prime));
643680 BN_bn2bin(session->my_scalar, cruft + offset);
644 H_Update(&ctx, cruft, BN_num_bytes(session->order));
645 H_Final(&ctx, (uint8_t *)&session_id[1]);
681 H_Update(ctx, cruft, BN_num_bytes(session->order));
682 H_Final(ctx, (uint8_t *)&session_id[1]);
646683
647684 /* then compute MK = H(k | commit-peer | commit-server) */
648 H_Init(&ctx);
685 H_Init(ctx);
649686
650687 memset(cruft, 0, BN_num_bytes(session->prime));
651688 offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);
652689 BN_bn2bin(session->k, cruft + offset);
653 H_Update(&ctx, cruft, BN_num_bytes(session->prime));
654
655 H_Update(&ctx, peer_confirm, SHA256_DIGEST_LENGTH);
656
657 H_Update(&ctx, session->my_confirm, SHA256_DIGEST_LENGTH);
658
659 H_Final(&ctx, mk);
690 H_Update(ctx, cruft, BN_num_bytes(session->prime));
691
692 H_Update(ctx, peer_confirm, SHA256_DIGEST_LENGTH);
693
694 H_Update(ctx, session->my_confirm, SHA256_DIGEST_LENGTH);
695
696 H_Final(ctx, mk);
660697
661698 /* stretch the mk with the session-id to get MSK | EMSK */
662 eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id,
663 SHA256_DIGEST_LENGTH + 1, msk_emsk, 1024); /* it's bits, ((64 + 64) * 8) */
699 if (eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id,
700 SHA256_DIGEST_LENGTH + 1, msk_emsk,
701 /* it's bits, ((64 + 64) * 8) */
702 1024) != 0) {
703 DEBUG("key derivation function failed");
704 goto finish;
705 }
664706
665707 memcpy(msk, msk_emsk, 64);
666708 memcpy(emsk, msk_emsk + 64, 64);
667709
710 ret = 0;
711 finish:
668712 talloc_free(cruft);
669 return 0;
670 }
671
672
673
674
713 HMAC_CTX_free(ctx);
714 return ret;
715 }
716
717
718
719
+2
-2
src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c less more
385385 }
386386
387387 packet = (pwd_id_packet_t *) in;
388 if (in_len < sizeof(packet)) {
389 RDEBUG("Packet is too small (%zd < %zd).", in_len, sizeof(packet));
388 if (in_len < sizeof(*packet)) {
389 RDEBUG("Packet is too small (%zd < %zd).", in_len, sizeof(*packet));
390390 return 0;
391391 }
392392
+1
-1
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c less more
11821182 if (req->response) {
11831183 RDEBUG("sending chbind response");
11841184 fr_pair_add(&fake->reply->vps,
1185 eap_chbind_packet2vp(fake, req->response));
1185 eap_chbind_packet2vp(fake->reply, req->response));
11861186 } else {
11871187 RDEBUG("no chbind response");
11881188 }
+1
-1
src/modules/rlm_expr/paircmp.c less more
216216 /*
217217 * Will do the xlat for us
218218 */
219 return radius_compare_vps(request, check, NULL);
219 return radius_compare_vps(request, check, req);
220220 }
221221
222222 static int generic_attrs[] = {
+2
-0
src/modules/rlm_ldap/groups.c less more
460460
461461 case LDAP_PROC_NO_RESULT:
462462 RDEBUG2("No cacheable group memberships found in group objects");
463 goto finish;
463464
464465 default:
466 rcode = RLM_MODULE_FAIL;
465467 goto finish;
466468 }
467469
+1
-1
src/modules/rlm_ldap/ldap.c less more
11731173 ldap_memfree(dn);
11741174 }
11751175 REXDENT();
1176 *rcode = RLM_MODULE_FAIL;
1176 *rcode = RLM_MODULE_INVALID;
11771177 goto finish;
11781178 }
11791179 }
+9
-1
src/modules/rlm_ldap/rlm_ldap.c less more
669669
670670 ldap_errno = ldap_get_option(NULL, LDAP_OPT_API_INFO, &info);
671671 if (ldap_errno == LDAP_OPT_SUCCESS) {
672 int i;
673
672674 /*
673675 * Don't generate warnings if the compile type vendor name
674676 * is found within the link time vendor name.
690692 INFO("rlm_ldap: libldap vendor: %s, version: %i", info.ldapai_vendor_name,
691693 info.ldapai_vendor_version);
692694
695 if (info.ldapai_extensions != NULL ) {
696 for ( i = 0; info.ldapai_extensions[i] != NULL; i++) {
697 ldap_memfree(info.ldapai_extensions[i]);
698 }
699 ldap_memfree(info.ldapai_extensions);
700 }
693701 ldap_memfree(info.ldapai_vendor_name);
694 ldap_memfree(info.ldapai_extensions);
695702 } else {
696703 DEBUG("rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO "
697704 "returned: %i", ldap_errno);
838845 /*
839846 * Now iterate over all the 'server' config items
840847 */
848 if (!inst->server) inst->server = talloc_strdup(inst, "");
841849 for (cp = cf_pair_find(conf, "server");
842850 cp;
843851 cp = cf_pair_find_next(conf, cp, "server")) {
+2
-1
src/modules/rlm_ldap/sasl.c less more
168168 if (((request && RDEBUG_ENABLED3) || DEBUG_ENABLED3) && result) {
169169 struct berval *srv_cred;
170170
171 if (ldap_parse_sasl_bind_result(conn->handle, result, &srv_cred, 0) == 0) {
171 if ((ldap_parse_sasl_bind_result(conn->handle, result, &srv_cred, 0) == LDAP_SUCCESS) &&
172 (srv_cred != NULL)) {
172173 char *escaped;
173174
174175 escaped = fr_aprints(request, srv_cred->bv_val, srv_cred->bv_len, '\0');
+77
-4
src/modules/rlm_mschap/auth_wbclient.c less more
3434
3535 #define NT_LENGTH 24
3636
37 /** Use Winbind to normalise a username
38 *
39 * @param[in] tctx The talloc context where the result is parented from
40 * @param[in] ctx The winbind context
41 * @param[in] dom_name The domain of the user
42 * @param[in] name The username (without the domain) to be normalised
43 * @return The username with the casing according to the Winbind remote server,
44 * or NULL if the username could not be found.
45 */
46 static char *wbclient_normalise_username(TALLOC_CTX *tctx, struct wbcContext *ctx, char const *dom_name, char const *name)
47 {
48 struct wbcDomainSid sid;
49 enum wbcSidType name_type;
50 wbcErr err;
51 char *res_domain = NULL;
52 char *res_name = NULL;
53 char *res = NULL;
54
55 /* Step 1: Convert a name to a sid */
56 err = wbcCtxLookupName(ctx, dom_name, name, &sid, &name_type);
57 if (!WBC_ERROR_IS_OK(err))
58 return NULL;
59
60 /* Step 2: Convert the sid back to a name */
61 err = wbcCtxLookupSid(ctx, &sid, &res_domain, &res_name, &name_type);
62 if (!WBC_ERROR_IS_OK(err))
63 return NULL;
64
65 MEM(res = talloc_strdup(tctx, res_name));
66
67 wbcFreeMemory(res_domain);
68 wbcFreeMemory(res_name);
69
70 return res;
71 }
72
3773 /*
3874 * Check NTLM authentication direct to winbind via
3975 * Samba's libwbclient library
4884 uint8_t nthashhash[NT_DIGEST_LENGTH])
4985 {
5086 int rcode = -1;
51 struct wbcContext *wb_ctx;
87 struct wbcContext *wb_ctx = NULL;
5288 struct wbcAuthUserParams authparams;
5389 wbcErr err;
5490 int len;
123159
124160 err = wbcCtxAuthenticateUserEx(wb_ctx, &authparams, &info, &error);
125161
162 if (err == WBC_ERR_AUTH_ERROR && inst->wb_retry_with_normalised_username) {
163 VALUE_PAIR *vp_response, *vp_challenge;
164 char *normalised_username = wbclient_normalise_username(request, wb_ctx, authparams.domain_name, authparams.account_name);
165 if (normalised_username) {
166 RDEBUG2("Starting retry, normalised username %s to %s", authparams.account_name, normalised_username);
167 if (strcmp(authparams.account_name, normalised_username) != 0) {
168 authparams.account_name = normalised_username;
169
170 /* Set PW_MS_CHAP_USER_NAME */
171 if (!fr_pair_make(request->packet, &request->packet->vps, "MS-CHAP-User-Name", normalised_username, T_OP_SET)) {
172 RERROR("Failed creating MS-CHAP-User-Name");
173 goto normalised_username_retry_failure;
174 }
175
176 RDEBUG2("retrying authentication request user='%s' domain='%s'", authparams.account_name,
177 authparams.domain_name);
178
179 /* Recalculate hash */
180 if (!(vp_challenge = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY))) {
181 RERROR("Unable to get MS-CHAP-Challenge");
182 goto normalised_username_retry_failure;
183 }
184 if (!(vp_response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY))) {
185 RERROR("Unable to get MS-CHAP2-Response");
186 goto normalised_username_retry_failure;
187 }
188 mschap_challenge_hash(vp_response->vp_octets + 2,
189 vp_challenge->vp_octets,
190 normalised_username,
191 authparams.password.response.challenge);
192
193 err = wbcCtxAuthenticateUserEx(wb_ctx, &authparams, &info, &error);
194 }
195 normalised_username_retry_failure:
196 talloc_free(normalised_username);
197 }
198 }
199
126200 fr_connection_release(inst->wb_pool, wb_ctx);
127
128201
129202 /*
130203 * Try and give some useful feedback on what happened. There are only
154227 /*
155228 * The password needs to be changed, so set rcode appropriately.
156229 */
157 if (error->nt_status & NT_STATUS_PASSWORD_EXPIRED ||
158 error->nt_status & NT_STATUS_PASSWORD_MUST_CHANGE) {
230 if (error->nt_status == NT_STATUS_PASSWORD_EXPIRED ||
231 error->nt_status == NT_STATUS_PASSWORD_MUST_CHANGE) {
159232 rcode = -648;
160233 }
161234
+18
-5
src/modules/rlm_mschap/rlm_mschap.c less more
435435 char const *p;
436436
437437 p = fmt + 8; /* 7 is the length of 'NT-Hash' */
438 if ((p == '\0') || (outlen <= 32))
438 if ((*p == '\0') || (outlen <= 32))
439439 return 0;
440440
441441 while (isspace(*p)) p++;
458458 char const *p;
459459
460460 p = fmt + 8; /* 7 is the length of 'LM-Hash' */
461 if ((p == '\0') || (outlen <= 32))
461 if ((*p == '\0') || (outlen <= 32))
462462 return 0;
463463
464464 while (isspace(*p)) p++;
559559 { "retry_msg", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_mschap_t, retry_msg), NULL },
560560 { "winbind_username", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_username), NULL },
561561 { "winbind_domain", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_TMPL, rlm_mschap_t, wb_domain), NULL },
562 { "winbind_retry_with_normalised_username", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, wb_retry_with_normalised_username), "no" },
562563 #ifdef __APPLE__
563564 { "use_open_directory", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_mschap_t, open_directory), "yes" },
564565 #endif
12121213 return -1;
12131214 }
12141215 break;
1215 }
1216 }
12161217
12171218 #ifdef WITH_AUTH_WINBIND
12181219 /*
14041405 char *p;
14051406
14061407 if ((mschap_result == -648) ||
1407 (smb_ctrl && ((smb_ctrl->vp_integer & ACB_PW_EXPIRED) != 0))) {
1408 ((mschap_result == 0) &&
1409 (smb_ctrl && ((smb_ctrl->vp_integer & ACB_PW_EXPIRED) != 0)))) {
14081410 REDEBUG("Password has expired. User should retry authentication");
14091411 error = 648;
14101412
14681470 break;
14691471
14701472 default:
1471 rad_assert(0);
1473 return RLM_MODULE_FAIL;
14721474 }
14731475 mschap_add_reply(request, ident, "MS-CHAP-Error", buffer, strlen(buffer));
14741476
19691971 mschap_result, mschap_version, smb_ctrl);
19701972 if (rcode != RLM_MODULE_OK) return rcode;
19711973
1974 #ifdef WITH_AUTH_WINBIND
1975 if (inst->wb_retry_with_normalised_username) {
1976 if ((response_name = fr_pair_find_by_num(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY))) {
1977 if (strcmp(username_string, response_name->vp_strvalue)) {
1978 RDEBUG2("Changing username %s to %s", username_string, response_name->vp_strvalue);
1979 username_string = response_name->vp_strvalue;
1980 }
1981 }
1982 }
1983 #endif
1984
19721985 mschap_auth_response(username_string, /* without the domain */
19731986 nthashhash, /* nt-hash-hash */
19741987 response->vp_octets + 26, /* peer response */
+1
-0
src/modules/rlm_mschap/rlm_mschap.h less more
3838 vp_tmpl_t *wb_username;
3939 vp_tmpl_t *wb_domain;
4040 fr_connection_pool_t *wb_pool;
41 bool wb_retry_with_normalised_username;
4142 #ifdef __APPLE__
4243 bool open_directory;
4344 #endif
+8
-7
src/modules/rlm_otp/otp_radstate.c less more
109109 size_t clen,
110110 int32_t flags, int32_t when, uint8_t const key[16])
111111 {
112 HMAC_CTX hmac_ctx;
112 HMAC_CTX *hmac_ctx;
113113 uint8_t hmac[MD5_DIGEST_LENGTH];
114114 char *p;
115115
119119 * having to collect the data to be signed into one
120120 * contiguous piece.
121121 */
122 HMAC_Init(&hmac_ctx, key, sizeof(key[0]) * 16, EVP_md5());
123 HMAC_Update(&hmac_ctx, (uint8_t const *) challenge, clen);
124 HMAC_Update(&hmac_ctx, (uint8_t *) &flags, 4);
125 HMAC_Update(&hmac_ctx, (uint8_t *) &when, 4);
126 HMAC_Final(&hmac_ctx, hmac, NULL);
127 HMAC_cleanup(&hmac_ctx);
122 hmac_ctx = HMAC_CTX_new();
123 HMAC_Init_ex(hmac_ctx, key, sizeof(key[0]) * 16, EVP_md5(), NULL);
124 HMAC_Update(hmac_ctx, (uint8_t const *) challenge, clen);
125 HMAC_Update(hmac_ctx, (uint8_t *) &flags, 4);
126 HMAC_Update(hmac_ctx, (uint8_t *) &when, 4);
127 HMAC_Final(hmac_ctx, hmac, NULL);
128 HMAC_CTX_free(hmac_ctx);
128129
129130 /*
130131 * Generate the state.
+9
-3
src/modules/rlm_passwd/rlm_passwd.c less more
133133 int i;
134134
135135 if (!ht) return;
136 for (i = 0; i < ht->tablesize; i++)
137 if (ht->table[i])
138 destroy_password(ht->table[i]);
139136 if (ht->table) {
137 for (i = 0; i < ht->tablesize; i++) {
138 if (ht->table[i])
139 destroy_password(ht->table[i]);
140 }
140141 free(ht->table);
141142 ht->table = NULL;
142143 }
541542 VALUE_PAIR *key, *i;
542543 struct mypasswd * pw, *last_found;
543544 vp_cursor_t cursor;
545 int found = 0;
544546
545547 key = fr_pair_find_by_da(request->packet->vps, inst->keyattr, TAG_ANY);
546548 if (!key) {
563565 addresult(request->packet, inst, request, &request->packet->vps, pw, 2, "request_items");
564566 } while ((pw = get_next(buffer, inst->ht, &last_found)));
565567
568 found++;
569
566570 if (!inst->allow_multiple) {
567571 break;
568572 }
569573 }
574
575 if (!found) return RLM_MODULE_NOTFOUND;
570576
571577 return RLM_MODULE_OK;
572578
+61
-5
src/modules/rlm_perl/rlm_perl.c less more
296296 XSRETURN_NO;
297297 }
298298
299 /*
300 * This is a wraper for radius_axlat
301 * Now users are able to get data that is accessible only via xlat
302 * e.g. %{client:...}
303 * Call syntax is radiusd::xlat(string), string will be handled the
304 * same way it is described in EXPANSIONS section of man unlang
305 */
306 static XS(XS_radiusd_xlat)
307 {
308 dXSARGS;
309 char *in_str;
310 char *expanded;
311 ssize_t slen;
312 SV *rad_requestp_sv;
313 REQUEST *request;
314
315 if (items != 1) croak("Usage: radiusd::xlat(string)");
316
317 rad_requestp_sv = get_sv("RAD___REQUESTP", 0);
318 if (rad_requestp_sv == NULL) croak("Can not evalue xlat, RAD___REQUESTP is not set!");
319
320 request = INT2PTR(REQUEST *, SvIV(rad_requestp_sv));
321
322 in_str = (char *) SvPV(ST(0), PL_na);
323 expanded = NULL;
324 slen = radius_axlat(&expanded, request, in_str, NULL, NULL);
325
326 if (slen < 0) {
327 REDEBUG("Error parsing xlat '%s'", in_str);
328 XSRETURN_UNDEF;
329 }
330
331
332 XST_mPV(0, expanded);
333 talloc_free(expanded);
334 XSRETURN(1);
335 }
336
299337 static void xs_init(pTHX)
300338 {
301339 char const *file = __FILE__;
304342 newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
305343
306344 newXS("radiusd::radlog",XS_radiusd_radlog, "rlm_perl");
345 newXS("radiusd::xlat",XS_radiusd_xlat, "rlm_perl");
307346 }
308347
309348 /*
699738 VALUE_PAIR *vp;
700739 STRLEN len;
701740
702 VERIFY_LIST(*vps);
703
704741 if (!SvOK(sv)) {
705 fail:
706 REDEBUG("Failed to create pair &%s:%s %s $%s{'%s'} -> '%s'", list_name, key,
742 REDEBUG("Internal failure creating pair &%s:%s %s $%s{'%s'} -> '%s'", list_name, key,
707743 fr_int2str(fr_tokens, op, "<INVALID>"), hash_name, key, (val ? val : "undef"));
708744 return;
709745 }
746
710747 val = SvPV(sv, len);
711748 vp = fr_pair_make(ctx, vps, key, NULL, op);
712 if (!vp) goto fail;
749 if (!vp) {
750 fail:
751 REDEBUG("Failed to create pair - %s", fr_strerror());
752 REDEBUG(" &%s:%s %s $%s{'%s'} -> '%s'", list_name, key,
753 fr_int2str(fr_tokens, op, "<INVALID>"), hash_name, key, (val ? val : "undef"));
754 return;
755 }
713756
714757 switch (vp->da->type) {
715758 case PW_TYPE_STRING:
751794 pairadd_sv(ctx, request, vps, key, res_sv, T_OP_EQ, hash_name, list_name);
752795 }
753796 }
797
798 if (*vps) VERIFY_LIST(*vps);
754799 }
755800
756801 /*
775820 HV *rad_request_proxy_hv;
776821 HV *rad_request_proxy_reply_hv;
777822 #endif
823 SV *rad_requestp_sv;
778824
779825 /*
780826 * Radius has told us to call this function, but none
809855 rad_config_hv = get_hv("RAD_CONFIG", 1);
810856 rad_request_hv = get_hv("RAD_REQUEST", 1);
811857 rad_state_hv = get_hv("RAD_STATE", 1);
858 rad_requestp_sv = get_sv("RAD___REQUESTP", 1);
812859
813860 perl_store_vps(request->packet, request, &request->packet->vps, rad_request_hv, "RAD_REQUEST", "request");
814861 perl_store_vps(request->reply, request, &request->reply->vps, rad_reply_hv, "RAD_REPLY", "reply");
834881 hv_undef(rad_request_proxy_reply_hv);
835882 }
836883 #endif
884
885 /*
886 * Store pointer to request structure globally so xlat works
887 * We mark it read-only for interpreter so end users will not be
888 * in posession to change it and crash radiusd with bogus pointer
889 */
890 SvREADONLY_off(rad_requestp_sv);
891 sv_setiv(rad_requestp_sv, PTR2IV(request));
892 SvREADONLY_on(rad_requestp_sv);
837893
838894 PUSHMARK(SP);
839895 /*
+22
-0
src/modules/rlm_python/config.h.in less more
0 /* config.h.in. Generated from configure.ac by autoheader. */
1
2 /* Define to 1 if you have the `dl_iterate_phdr' function. */
3 #undef HAVE_DL_ITERATE_PHDR
4
5 /* Define to the address where bug reports for this package should be sent. */
6 #undef PACKAGE_BUGREPORT
7
8 /* Define to the full name of this package. */
9 #undef PACKAGE_NAME
10
11 /* Define to the full name and version of this package. */
12 #undef PACKAGE_STRING
13
14 /* Define to the one symbol short name of this package. */
15 #undef PACKAGE_TARNAME
16
17 /* Define to the home page for this package. */
18 #undef PACKAGE_URL
19
20 /* Define to the version of this package. */
21 #undef PACKAGE_VERSION
+239
-41
src/modules/rlm_python/configure less more
14701470 as_fn_set_status $ac_retval
14711471
14721472 } # ac_fn_c_try_link
1473
1474 # ac_fn_c_check_func LINENO FUNC VAR
1475 # ----------------------------------
1476 # Tests whether FUNC exists, setting the cache variable VAR accordingly
1477 ac_fn_c_check_func ()
1478 {
1479 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1480 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1481 $as_echo_n "checking for $2... " >&6; }
1482 if eval \${$3+:} false; then :
1483 $as_echo_n "(cached) " >&6
1484 else
1485 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1486 /* end confdefs.h. */
1487 /* Define $2 to an innocuous variant, in case <limits.h> declares $2.
1488 For example, HP-UX 11i <limits.h> declares gettimeofday. */
1489 #define $2 innocuous_$2
1490
1491 /* System header to define __stub macros and hopefully few prototypes,
1492 which can conflict with char $2 (); below.
1493 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
1494 <limits.h> exists even on freestanding compilers. */
1495
1496 #ifdef __STDC__
1497 # include <limits.h>
1498 #else
1499 # include <assert.h>
1500 #endif
1501
1502 #undef $2
1503
1504 /* Override any GCC internal prototype to avoid an error.
1505 Use char because int might match the return type of a GCC
1506 builtin and then its argument prototype would still apply. */
1507 #ifdef __cplusplus
1508 extern "C"
1509 #endif
1510 char $2 ();
1511 /* The GNU C library defines this for functions which it implements
1512 to always fail with ENOSYS. Some functions are actually named
1513 something starting with __ and the normal name is an alias. */
1514 #if defined __stub_$2 || defined __stub___$2
1515 choke me
1516 #endif
1517
1518 int
1519 main ()
1520 {
1521 return $2 ();
1522 ;
1523 return 0;
1524 }
1525 _ACEOF
1526 if ac_fn_c_try_link "$LINENO"; then :
1527 eval "$3=yes"
1528 else
1529 eval "$3=no"
1530 fi
1531 rm -f core conftest.err conftest.$ac_objext \
1532 conftest$ac_exeext conftest.$ac_ext
1533 fi
1534 eval ac_res=\$$3
1535 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1536 $as_echo "$ac_res" >&6; }
1537 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1538
1539 } # ac_fn_c_check_func
14731540 cat >config.log <<_ACEOF
14741541 This file contains any messages produced by compilers while
14751542 running configure, to aid debugging if configure makes a mistake.
34993566 fi
35003567 fi
35013568 fi
3569
3570 for ac_func in dl_iterate_phdr
3571 do :
3572 ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr"
3573 if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then :
3574 cat >>confdefs.h <<_ACEOF
3575 #define HAVE_DL_ITERATE_PHDR 1
3576 _ACEOF
3577
3578 fi
3579 done
3580
35023581 else
35033582 targetname=
35043583 echo \*\*\* module rlm_python is disabled.
35153594 targetname=""
35163595 fi
35173596 fi
3597
3598 ac_config_headers="$ac_config_headers config.h"
35183599
35193600
35203601
36153696 # Let make expand exec_prefix.
36163697 test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
36173698
3618 # Transform confdefs.h into DEFS.
3619 # Protect against shell expansion while executing Makefile rules.
3620 # Protect against Makefile macro expansion.
3621 #
3622 # If the first sed substitution is executed (which looks for macros that
3623 # take arguments), then branch to the quote section. Otherwise,
3624 # look for a macro that doesn't take arguments.
3625 ac_script='
3626 :mline
3627 /\\$/{
3628 N
3629 s,\\\n,,
3630 b mline
3631 }
3632 t clear
3633 :clear
3634 s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
3635 t quote
3636 s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
3637 t quote
3638 b any
3639 :quote
3640 s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
3641 s/\[/\\&/g
3642 s/\]/\\&/g
3643 s/\$/$$/g
3644 H
3645 :any
3646 ${
3647 g
3648 s/^\n//
3649 s/\n/ /g
3650 p
3651 }
3652 '
3653 DEFS=`sed -n "$ac_script" confdefs.h`
3654
3699 DEFS=-DHAVE_CONFIG_H
36553700
36563701 ac_libobjs=
36573702 ac_ltlibobjs=
40854130 "*) set x $ac_config_files; shift; ac_config_files=$*;;
40864131 esac
40874132
4133 case $ac_config_headers in *"
4134 "*) set x $ac_config_headers; shift; ac_config_headers=$*;;
4135 esac
40884136
40894137
40904138 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
40914139 # Files that config.status was made for.
40924140 config_files="$ac_config_files"
4141 config_headers="$ac_config_headers"
40934142
40944143 _ACEOF
40954144
41104159 --recheck update $as_me by reconfiguring in the same conditions
41114160 --file=FILE[:TEMPLATE]
41124161 instantiate the configuration file FILE
4162 --header=FILE[:TEMPLATE]
4163 instantiate the configuration header FILE
41134164
41144165 Configuration files:
41154166 $config_files
4167
4168 Configuration headers:
4169 $config_headers
41164170
41174171 Report bugs to the package provider."
41184172
41744228 esac
41754229 as_fn_append CONFIG_FILES " '$ac_optarg'"
41764230 ac_need_defaults=false;;
4177 --he | --h | --help | --hel | -h )
4231 --header | --heade | --head | --hea )
4232 $ac_shift
4233 case $ac_optarg in
4234 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
4235 esac
4236 as_fn_append CONFIG_HEADERS " '$ac_optarg'"
4237 ac_need_defaults=false;;
4238 --he | --h)
4239 # Conflict between --help and --header
4240 as_fn_error $? "ambiguous option: \`$1'
4241 Try \`$0 --help' for more information.";;
4242 --help | --hel | -h )
41784243 $as_echo "$ac_cs_usage"; exit ;;
41794244 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
41804245 | -silent | --silent | --silen | --sile | --sil | --si | --s)
42304295 for ac_config_target in $ac_config_targets
42314296 do
42324297 case $ac_config_target in
4298 "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
42334299 "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;;
42344300
42354301 *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
42434309 # bizarre bug on SunOS 4.1.3.
42444310 if $ac_need_defaults; then
42454311 test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
4312 test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
42464313 fi
42474314
42484315 # Have a temporary directory for convenience. Make it in the build tree
44304497 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
44314498 fi # test -n "$CONFIG_FILES"
44324499
4433
4434 eval set X " :F $CONFIG_FILES "
4500 # Set up the scripts for CONFIG_HEADERS section.
4501 # No need to generate them if there are no CONFIG_HEADERS.
4502 # This happens for instance with `./config.status Makefile'.
4503 if test -n "$CONFIG_HEADERS"; then
4504 cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
4505 BEGIN {
4506 _ACEOF
4507
4508 # Transform confdefs.h into an awk script `defines.awk', embedded as
4509 # here-document in config.status, that substitutes the proper values into
4510 # config.h.in to produce config.h.
4511
4512 # Create a delimiter string that does not exist in confdefs.h, to ease
4513 # handling of long lines.
4514 ac_delim='%!_!# '
4515 for ac_last_try in false false :; do
4516 ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
4517 if test -z "$ac_tt"; then
4518 break
4519 elif $ac_last_try; then
4520 as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
4521 else
4522 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
4523 fi
4524 done
4525
4526 # For the awk script, D is an array of macro values keyed by name,
4527 # likewise P contains macro parameters if any. Preserve backslash
4528 # newline sequences.
4529
4530 ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
4531 sed -n '
4532 s/.\{148\}/&'"$ac_delim"'/g
4533 t rset
4534 :rset
4535 s/^[ ]*#[ ]*define[ ][ ]*/ /
4536 t def
4537 d
4538 :def
4539 s/\\$//
4540 t bsnl
4541 s/["\\]/\\&/g
4542 s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
4543 D["\1"]=" \3"/p
4544 s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
4545 d
4546 :bsnl
4547 s/["\\]/\\&/g
4548 s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
4549 D["\1"]=" \3\\\\\\n"\\/p
4550 t cont
4551 s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
4552 t cont
4553 d
4554 :cont
4555 n
4556 s/.\{148\}/&'"$ac_delim"'/g
4557 t clear
4558 :clear
4559 s/\\$//
4560 t bsnlc
4561 s/["\\]/\\&/g; s/^/"/; s/$/"/p
4562 d
4563 :bsnlc
4564 s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
4565 b cont
4566 ' <confdefs.h | sed '
4567 s/'"$ac_delim"'/"\\\
4568 "/g' >>$CONFIG_STATUS || ac_write_fail=1
4569
4570 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4571 for (key in D) D_is_set[key] = 1
4572 FS = ""
4573 }
4574 /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
4575 line = \$ 0
4576 split(line, arg, " ")
4577 if (arg[1] == "#") {
4578 defundef = arg[2]
4579 mac1 = arg[3]
4580 } else {
4581 defundef = substr(arg[1], 2)
4582 mac1 = arg[2]
4583 }
4584 split(mac1, mac2, "(") #)
4585 macro = mac2[1]
4586 prefix = substr(line, 1, index(line, defundef) - 1)
4587 if (D_is_set[macro]) {
4588 # Preserve the white space surrounding the "#".
4589 print prefix "define", macro P[macro] D[macro]
4590 next
4591 } else {
4592 # Replace #undef with comments. This is necessary, for example,
4593 # in the case of _POSIX_SOURCE, which is predefined and required
4594 # on some systems where configure will not decide to define it.
4595 if (defundef == "undef") {
4596 print "/*", prefix defundef, macro, "*/"
4597 next
4598 }
4599 }
4600 }
4601 { print }
4602 _ACAWK
4603 _ACEOF
4604 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4605 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
4606 fi # test -n "$CONFIG_HEADERS"
4607
4608
4609 eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
44354610 shift
44364611 for ac_tag
44374612 do
46394814 esac \
46404815 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
46414816 ;;
4642
4817 :H)
4818 #
4819 # CONFIG_HEADER
4820 #
4821 if test x"$ac_file" != x-; then
4822 {
4823 $as_echo "/* $configure_input */" \
4824 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
4825 } >"$ac_tmp/config.h" \
4826 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
4827 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
4828 { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
4829 $as_echo "$as_me: $ac_file is unchanged" >&6;}
4830 else
4831 rm -f "$ac_file"
4832 mv "$ac_tmp/config.h" "$ac_file" \
4833 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
4834 fi
4835 else
4836 $as_echo "/* $configure_input */" \
4837 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
4838 || as_fn_error $? "could not create -" "$LINENO" 5
4839 fi
4840 ;;
46434841
46444842
46454843 esac
+3
-0
src/modules/rlm_python/configure.ac less more
125125 fi
126126 fi
127127 fi
128
129 AC_CHECK_FUNCS([dl_iterate_phdr])
128130 else
129131 targetname=
130132 echo \*\*\* module modname is disabled.
140142 fi
141143 fi
142144
145 AC_CONFIG_HEADER(config.h)
143146 AC_SUBST(mod_ldflags)
144147 AC_SUBST(mod_cflags)
145148 AC_SUBST(targetname)
+71
-3
src/modules/rlm_python/rlm_python.c less more
2828
2929 #define LOG_PREFIX "rlm_python - "
3030
31 #include "config.h"
3132 #include <freeradius-devel/radiusd.h>
3233 #include <freeradius-devel/modules.h>
3334 #include <freeradius-devel/rad_assert.h>
3435
3536 #include <Python.h>
3637 #include <dlfcn.h>
38 #ifdef HAVE_DL_ITERATE_PHDR
39 #include <link.h>
40 #endif
41
42 #define LIBPYTHON_LINKER_NAME \
43 "libpython" STRINGIFY(PY_MAJOR_VERSION) "." STRINGIFY(PY_MINOR_VERSION) ".so"
3744
3845 static uint32_t python_instances = 0;
3946 static void *python_dlhandle;
767774 DEBUG("%*s}", indent_section, " ");
768775 }
769776
777 #ifdef HAVE_DL_ITERATE_PHDR
778 static int dlopen_libpython_cb(struct dl_phdr_info *info,
779 UNUSED size_t size, void *data)
780 {
781 const char *pattern = "/" LIBPYTHON_LINKER_NAME;
782 char **ppath = (char **)data;
783
784 if (strstr(info->dlpi_name, pattern) != NULL) {
785 if (*ppath != NULL) {
786 talloc_free(*ppath);
787 *ppath = NULL;
788 return EEXIST;
789 } else {
790 *ppath = talloc_strdup(NULL, info->dlpi_name);
791 if (*ppath == NULL) {
792 return errno;
793 }
794 }
795 }
796 return 0;
797 }
798
799 /* Dlopen the already linked libpython */
800 static void *dlopen_libpython(int flags)
801 {
802 char *path = NULL;
803 int rc;
804 void *handle;
805
806 /* Find the linked libpython path */
807 rc = dl_iterate_phdr(dlopen_libpython_cb, &path);
808 if (rc != 0) {
809 WARN("Failed searching for libpython "
810 "among linked libraries: %s", strerror(rc));
811 return NULL;
812 } else if (path == NULL) {
813 WARN("Libpython is not found among linked libraries");
814 return NULL;
815 }
816
817 /* Dlopen the found library */
818 handle = dlopen(path, flags);
819 if (handle == NULL) {
820 WARN("Failed loading %s: %s", path, dlerror());
821 }
822 talloc_free(path);
823 return handle;
824 }
825 #else /* ! HAVE_DL_ITERATE_PHDR */
826 /* Dlopen libpython by its linker name (bare soname) */
827 static void *dlopen_libpython(int flags)
828 {
829 const char *name = LIBPYTHON_LINKER_NAME;
830 void *handle;
831 handle = dlopen(name, flags);
832 if (handle == NULL) {
833 WARN("Failed loading %s: %s", name, dlerror());
834 }
835 return handle;
836 }
837 #endif /* ! HAVE_DL_ITERATE_PHDR */
838
770839 /** Initialises a separate python interpreter for this module instance
771840 *
772841 */
780849 if (python_instances == 0) {
781850 INFO("Python version: %s", Py_GetVersion());
782851
783 python_dlhandle = dlopen("libpython" STRINGIFY(PY_MAJOR_VERSION) "." STRINGIFY(PY_MINOR_VERSION) ".so",
784 RTLD_NOW | RTLD_GLOBAL);
785 if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table: %s", dlerror());
852 python_dlhandle = dlopen_libpython(RTLD_NOW | RTLD_GLOBAL);
853 if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table");
786854
787855 #if PY_VERSION_HEX > 0x03050000
788856 {
+7
-10
src/modules/rlm_realm/trustrouter.c less more
6969 char *hexbuf = NULL;
7070 DH *aaa_server_dh;
7171
72 tls = talloc_zero( hs, fr_tls_server_conf_t);
72 tls = tls_server_conf_alloc(hs);
7373 if (!tls) return NULL;
7474
7575 aaa_server_dh = tid_srvr_get_dh(server);
180180 hs->secret = talloc_strdup(hs, "radsec");
181181 hs->response_window.tv_sec = 30;
182182 hs->last_packet_recv = time(NULL);
183
183 /*
184 * We want sockets using these servers to close as soon as possible,
185 * to make sure that whenever a pool is replaced, sockets using old ones
186 * will not last long (hopefully less than 300s).
187 */
188 hs->limit.idle_timeout = 5;
184189 hs->tls = construct_tls(inst, hs, blk);
185190 if (!hs->tls) goto error;
186191
320325 }
321326
322327 /*
323 * This server has received a packet in the last
324 * 5 minutes. It doesn't need an update.
325 */
326 if ((now - server->last_packet_recv) < 300) {
327 return false;
328 }
329
330 /*
331328 * If we've opened in the last 10 minutes, then
332329 * open rather than update.
333330 */
+3
-0
src/modules/rlm_rest/rest.h less more
160160 rlm_rest_section_t checksimul; //!< Configuration specific to simultaneous session
161161 //!< checking.
162162 rlm_rest_section_t post_auth; //!< Configuration specific to Post-auth
163 #ifdef WITH_COA
164 rlm_rest_section_t recv_coa; //!< Configuration specific to recv-coa
165 #endif
163166 } rlm_rest_t;
164167
165168 /*
+101
-3
src/modules/rlm_rest/rlm_rest.c less more
173173 break;
174174
175175 case '\n':
176 *out++ = 'b';
176 *out++ = 'n';
177177 freespace--;
178178 break;
179179
188188 break;
189189
190190 default:
191 len = snprintf(out, freespace, "u%04X", *p);
191 len = snprintf(out, freespace, "u%04X", (uint8_t) *p);
192192 if (is_truncated(len, freespace)) return (outlen - freespace) + len;
193193 out += len;
194194 freespace -= len;
651651 return rcode;
652652 }
653653
654 #ifdef WITH_COA
655 /*
656 * Create the set of attribute-value pairs to check and reply
657 * with for this user from the database.
658 */
659 static rlm_rcode_t CC_HINT(nonnull) mod_recv_coa(void *instance, REQUEST *request)
660 {
661 rlm_rest_t *inst = instance;
662 rlm_rest_section_t *section = &inst->recv_coa;
663
664 void *handle;
665 int hcode;
666 int rcode = RLM_MODULE_OK;
667 int ret;
668
669 if (!section->name) return RLM_MODULE_NOOP;
670
671 handle = fr_connection_get(inst->pool);
672 if (!handle) return RLM_MODULE_FAIL;
673
674 ret = rlm_rest_perform(instance, section, handle, request, NULL, NULL);
675 if (ret < 0) {
676 rcode = RLM_MODULE_FAIL;
677 goto finish;
678 }
679
680 hcode = rest_get_handle_code(handle);
681 switch (hcode) {
682 case 404:
683 case 410:
684 rcode = RLM_MODULE_NOTFOUND;
685 break;
686
687 case 403:
688 rcode = RLM_MODULE_USERLOCK;
689 break;
690
691 case 401:
692 /*
693 * Attempt to parse content if there was any.
694 */
695 ret = rest_response_decode(inst, section, request, handle);
696 if (ret < 0) {
697 rcode = RLM_MODULE_FAIL;
698 break;
699 }
700
701 rcode = RLM_MODULE_REJECT;
702 break;
703
704 case 204:
705 rcode = RLM_MODULE_OK;
706 break;
707
708 default:
709 /*
710 * Attempt to parse content if there was any.
711 */
712 if ((hcode >= 200) && (hcode < 300)) {
713 ret = rest_response_decode(inst, section, request, handle);
714 if (ret < 0) rcode = RLM_MODULE_FAIL;
715 else if (ret == 0) rcode = RLM_MODULE_OK;
716 else rcode = RLM_MODULE_UPDATED;
717 break;
718 } else if (hcode < 500) {
719 rcode = RLM_MODULE_INVALID;
720 } else {
721 rcode = RLM_MODULE_FAIL;
722 }
723 }
724
725 finish:
726 switch (rcode) {
727 case RLM_MODULE_INVALID:
728 case RLM_MODULE_FAIL:
729 case RLM_MODULE_USERLOCK:
730 rest_response_error(request, handle);
731 break;
732
733 default:
734 break;
735 }
736
737 rlm_rest_cleanup(instance, section, handle);
738
739 fr_connection_release(inst->pool, handle);
740
741 return rcode;
742 }
743 #endif
744
654745 static int parse_sub_section(CONF_SECTION *parent, rlm_rest_section_t *config, rlm_components_t comp)
655746 {
656747 CONF_SECTION *cs;
822913 (parse_sub_section(conf, &inst->authorize, MOD_AUTHORIZE) < 0) ||
823914 (parse_sub_section(conf, &inst->authenticate, MOD_AUTHENTICATE) < 0) ||
824915 (parse_sub_section(conf, &inst->accounting, MOD_ACCOUNTING) < 0) ||
916
917 #ifdef WITH_COA
918 (parse_sub_section(conf, &inst->recv_coa, MOD_RECV_COA) < 0) ||
919 #endif
825920
826921 /* @todo add behaviour for checksimul */
827922 /* (parse_sub_section(conf, &inst->checksimul, MOD_SESSION) < 0) || */
884979 [MOD_AUTHENTICATE] = mod_authenticate,
885980 [MOD_AUTHORIZE] = mod_authorize,
886981 [MOD_ACCOUNTING] = mod_accounting,
887 [MOD_POST_AUTH] = mod_post_auth
982 [MOD_POST_AUTH] = mod_post_auth,
983 #ifdef WITH_COA
984 [MOD_RECV_COA] = mod_recv_coa
985 #endif
888986 },
889987 };
+7
-13
src/modules/rlm_sql/drivers/rlm_sql_db2/rlm_sql_db2.c less more
188188 memset(retval, 0, c*sizeof(char*)+1);
189189
190190 /* advance cursor */
191 if(SQLFetch(conn->stmt) == SQL_NO_DATA_FOUND) {
191 if (SQLFetch(conn->stmt) == SQL_NO_DATA_FOUND) {
192192 handle->row = NULL;
193 goto error;
194 }
195
196 for(i = 0; i < c; i++) {
193 for (i = 0; i < c; i++) free(retval[i]);
194 free(retval);
195 return RLM_SQL_NO_MORE_ROWS;
196 }
197
198 for (i = 0; i < c; i++) {
197199 /* get column length */
198200 SQLColAttribute(conn->stmt, i+1, SQL_DESC_DISPLAY_SIZE, NULL, 0, NULL, &len);
199201
208210
209211 handle->row = retval;
210212 return RLM_SQL_OK;
211
212 error:
213 for(i = 0; i < c; i++) {
214 free(retval[i]);
215 }
216 free(retval);
217
218 return RLM_SQL_ERROR;
219213 }
220214
221215 static sql_rcode_t sql_free_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t *config)
+2
-2
src/modules/rlm_sql/drivers/rlm_sql_firebird/rlm_sql_firebird.c less more
215215 if (conn->statement_type != isc_info_sql_stmt_exec_procedure) {
216216 res = fb_fetch(conn);
217217 if (res == 100) {
218 return 0;
218 return RLM_SQL_NO_MORE_ROWS;
219219 }
220220
221221 if (res) {
224224 return RLM_SQL_ERROR;
225225 }
226226 } else {
227 conn->statement_type=0;
227 conn->statement_type = 0;
228228 }
229229
230230 fb_store_row(conn);
+1
-1
src/modules/rlm_sql/drivers/rlm_sql_freetds/rlm_sql_freetds.c less more
584584 return RLM_SQL_RECONNECT;
585585
586586 case CS_END_DATA:
587 return RLM_SQL_OK;
587 return RLM_SQL_NO_MORE_ROWS;
588588
589589 case CS_SUCCEED:
590590 handle->row = conn->results;
+4
-3
src/modules/rlm_sql/drivers/rlm_sql_iodbc/rlm_sql_iodbc.c less more
239239
240240 handle->row = NULL;
241241
242 if((rc = SQLFetch(conn->stmt)) == SQL_NO_DATA_FOUND) {
243 return 0;
244 }
242 rc = SQLFetch(conn->stmt);
243 if (rc == SQL_NO_DATA_FOUND) return RLM_SQL_NO_MORE_ROWS;
244
245245 /* XXX Check rc for database down, if so, return RLM_SQL_RECONNECT */
246246
247247 handle->row = conn->row;
258258 conn->row = NULL;
259259
260260 SQLFreeStmt(conn->stmt, SQL_DROP);
261 conn->stmt = NULL;
261262
262263 return 0;
263264 }
+29
-9
src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c less more
6565 MYSQL db;
6666 MYSQL *sock;
6767 MYSQL_RES *result;
68 rlm_sql_row_t row;
6968 } rlm_sql_mysql_conn_t;
7069
7170 typedef struct rlm_sql_mysql_config {
368367 }
369368
370369 retry_store_result:
371 if (!(conn->result = mysql_store_result(conn->sock))) {
370 conn->result = mysql_store_result(conn->sock);
371 if (!conn->result) {
372372 rcode = sql_check_error(conn->sock, 0);
373373 if (rcode != RLM_SQL_OK) return rcode;
374374 #if (MYSQL_VERSION_ID >= 40100)
377377 /* there are more results */
378378 goto retry_store_result;
379379 } else if (ret > 0) return sql_check_error(NULL, ret);
380 /* ret == -1 signals no more results */
380381 #endif
381382 }
382383 return RLM_SQL_OK;
465466
466467 static sql_rcode_t sql_fetch_row(rlm_sql_handle_t *handle, rlm_sql_config_t *config)
467468 {
468 rlm_sql_mysql_conn_t *conn = handle->conn;
469 sql_rcode_t rcode;
470 int ret;
469 rlm_sql_mysql_conn_t *conn = handle->conn;
470 sql_rcode_t rcode;
471 MYSQL_ROW row;
472 int ret;
473 unsigned int num_fields, i;
474 unsigned long *field_lens;
471475
472476 /*
473477 * Check pointer before de-referencing it.
476480 return RLM_SQL_RECONNECT;
477481 }
478482
483 TALLOC_FREE(handle->row); /* Clear previous row set */
484
479485 retry_fetch_row:
480 handle->row = mysql_fetch_row(conn->result);
481 if (!handle->row) {
486 row = mysql_fetch_row(conn->result);
487 if (!row) {
482488 rcode = sql_check_error(conn->sock, 0);
483489 if (rcode != RLM_SQL_OK) return rcode;
484490
492498 goto retry_fetch_row;
493499 }
494500 } else if (ret > 0) return sql_check_error(NULL, ret);
495 #endif
496 }
501 /* If ret is -1 then there are no more rows */
502 #endif
503 return RLM_SQL_NO_MORE_ROWS;
504 }
505
506 num_fields = mysql_num_fields(conn->result);
507 if (!num_fields) return RLM_SQL_NO_MORE_ROWS;
508
509 field_lens = mysql_fetch_lengths(conn->result);
510
511 MEM(handle->row = talloc_zero_array(handle, char *, num_fields + 1));
512 for (i = 0; i < num_fields; i++) {
513 MEM(handle->row[i] = talloc_bstrndup(handle->row, row[i], field_lens[i]));
514 }
515
497516 return RLM_SQL_OK;
498517 }
499518
505524 mysql_free_result(conn->result);
506525 conn->result = NULL;
507526 }
527 TALLOC_FREE(handle->row);
508528
509529 return RLM_SQL_OK;
510530 }
+1
-1
src/modules/rlm_sql/drivers/rlm_sql_null/rlm_sql_null.c less more
6363 {
6464 handle->row = NULL;
6565
66 return 0;
66 return RLM_SQL_NO_MORE_ROWS;
6767 }
6868
6969 static sql_rcode_t sql_free_result(UNUSED rlm_sql_handle_t * handle, UNUSED rlm_sql_config_t *config)
+1
-1
src/modules/rlm_sql/drivers/rlm_sql_oracle/rlm_sql_oracle.c less more
446446 if (status == OCI_NO_DATA) {
447447 handle->row = 0;
448448
449 return RLM_SQL_OK;
449 return RLM_SQL_NO_MORE_ROWS;
450450 }
451451
452452 if (status == OCI_ERROR) {
+6
-5
src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c less more
413413
414414 handle->row = NULL;
415415
416 if (conn->cur_row >= PQntuples(conn->result))
417 return 0;
416 if (conn->cur_row >= PQntuples(conn->result)) return RLM_SQL_NO_MORE_ROWS;
418417
419418 free_result_row(conn);
420419
430429 }
431430 conn->cur_row++;
432431 handle->row = conn->row;
433 }
434
435 return 0;
432 } else {
433 return RLM_SQL_NO_MORE_ROWS;
434 }
435
436 return RLM_SQL_OK;
436437 }
437438
438439 static int sql_num_fields(rlm_sql_handle_t * handle, UNUSED rlm_sql_config_t *config)
+4
-8
src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c less more
677677 /*
678678 * No more rows to process (were done)
679679 */
680 if (status == SQLITE_DONE) {
681 return 1;
682 }
680 if (status == SQLITE_DONE) return RLM_SQL_NO_MORE_ROWS;
683681
684682 /*
685683 * We only need to do this once per result set, because
731729 }
732730 }
733731
734 return 0;
732 return RLM_SQL_OK;
735733 }
736734
737735 static sql_rcode_t sql_free_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t *config)
753751 * It's just the last error that occurred processing the
754752 * statement.
755753 */
756 return 0;
754 return RLM_SQL_OK;
757755 }
758756
759757 /** Retrieves any errors associated with the connection handle
794792 {
795793 rlm_sql_sqlite_conn_t *conn = handle->conn;
796794
797 if (conn->db) {
798 return sqlite3_changes(conn->db);
799 }
795 if (conn->db) return sqlite3_changes(conn->db);
800796
801797 return -1;
802798 }
+2
-4
src/modules/rlm_sql/drivers/rlm_sql_unixodbc/rlm_sql_unixodbc.c less more
227227 handle->row = NULL;
228228
229229 err_handle = SQLFetch(conn->stmt);
230 if(err_handle == SQL_NO_DATA_FOUND) {
231 return 0;
232 }
230 if (err_handle == SQL_NO_DATA_FOUND) return RLM_SQL_NO_MORE_ROWS;
233231
234232 if ((state = sql_check_error(err_handle, handle, config))) return state;
235233
236234 handle->row = conn->row;
237 return 0;
235 return RLM_SQL_OK;
238236 }
239237
240238 static sql_rcode_t sql_finish_select_query(rlm_sql_handle_t * handle, rlm_sql_config_t *config)
+90
-16
src/modules/rlm_sql/rlm_sql.c less more
153153 sql_rcode_t rcode;
154154 ssize_t ret = 0;
155155 size_t len = 0;
156 char const *p;
156157
157158 /*
158159 * Add SQL-User-Name attribute just in case it is needed
167168 rlm_sql_query_log(inst, request, NULL, query);
168169
169170 /*
171 * Trim whitespace for the prefix check
172 */
173 for (p = query; is_whitespace(p); p++);
174
175 /*
170176 * If the query starts with any of the following prefixes,
171177 * then return the number of rows affected
172178 */
173 if ((strncasecmp(query, "insert", 6) == 0) ||
174 (strncasecmp(query, "update", 6) == 0) ||
175 (strncasecmp(query, "delete", 6) == 0)) {
179 if ((strncasecmp(p, "insert", 6) == 0) ||
180 (strncasecmp(p, "update", 6) == 0) ||
181 (strncasecmp(p, "delete", 6) == 0)) {
176182 int numaffected;
177183 char buffer[21]; /* 64bit max is 20 decimal chars + null byte */
178184
188194 numaffected = (inst->module->sql_affected_rows)(handle, inst->config);
189195 if (numaffected < 1) {
190196 RDEBUG("SQL query affected no rows");
197 (inst->module->sql_finish_query)(handle, inst->config);
191198
192199 goto finish;
193200 }
224231 if (rcode != RLM_SQL_OK) goto query_error;
225232
226233 rcode = rlm_sql_fetch_row(inst, request, &handle);
227 if (rcode) goto query_error;
234 if (rcode < 0) {
235 (inst->module->sql_finish_select_query)(handle, inst->config);
236 goto query_error;
237 }
228238
229239 row = handle->row;
230240 if (!row) {
281291
282292 if (rlm_sql_select_query(inst, NULL, &handle, inst->config->client_query) != RLM_SQL_OK) return -1;
283293
284 while ((rlm_sql_fetch_row(inst, NULL, &handle) == 0) && (row = handle->row)) {
294 while ((rlm_sql_fetch_row(inst, NULL, &handle) == RLM_SQL_OK) && (row = handle->row)) {
295 int num_rows;
285296 char *server = NULL;
297
286298 i++;
299
300 num_rows = (inst->module->sql_num_fields)(handle, inst->config);
301 if (num_rows < 5) {
302 WARN("SELECT returned too few rows. Please do not edit 'client_query'");
303 continue;
304 }
287305
288306 /*
289307 * The return data for each row MUST be in the following order:
312330 continue;
313331 }
314332
315 if (((inst->module->sql_num_fields)(handle, inst->config) > 5) && (row[5] != NULL) && *row[5]) {
333 if ((num_rows > 5) && (row[5] != NULL) && *row[5]) {
316334 server = row[5];
317335 }
318336
497515
498516 fr_pair_value_strsteal(vp, expanded);
499517 RDEBUG2("SQL-User-Name set to '%s'", vp->vp_strvalue);
500 vp->op = T_OP_SET;
518 vp->op = T_OP_SET;
501519
502520 /*
503521 * Delete any existing SQL-User-Name, and replace it with ours.
534552 talloc_free(expanded);
535553 if (ret != RLM_SQL_OK) return -1;
536554
537 while (rlm_sql_fetch_row(inst, request, handle) == 0) {
555 while (rlm_sql_fetch_row(inst, request, handle) == RLM_SQL_OK) {
538556 row = (*handle)->row;
539557 if (!row)
540558 break;
567585
568586 /*
569587 * sql groupcmp function. That way we can do group comparisons (in the users file for example)
570 * with the group memberships reciding in sql
588 * with the group memberships residing in sql
571589 * The group membership query should only return one element which is the username. The returned
572590 * username will then be checked with the passed check string.
573591 */
842860 *
843861 * We need this to check if the sql_fields callback is provided.
844862 */
845 inst->handle = lt_dlopenext(inst->config->sql_driver_name);
863 inst->handle = fr_dlopenext(inst->config->sql_driver_name);
846864 if (!inst->handle) {
847865 ERROR("Could not link driver %s: %s", inst->config->sql_driver_name, fr_strerror());
848866 ERROR("Make sure it (and all its dependent libraries!) are in the search path of your system's ld");
897915 xlat_register(inst->name, sql_xlat, sql_escape_func, inst);
898916
899917 return 0;
918 }
919
920
921 static void *mod_conn_create(TALLOC_CTX *ctx, void *instance)
922 {
923 int rcode;
924 rlm_sql_t *inst = instance;
925 rlm_sql_handle_t *handle;
926
927 /*
928 * Connections cannot be alloced from the inst or
929 * pool contexts due to threading issues.
930 */
931 handle = talloc_zero(ctx, rlm_sql_handle_t);
932 if (!handle) return NULL;
933
934 handle->log_ctx = talloc_pool(handle, 2048);
935 if (!handle->log_ctx) {
936 talloc_free(handle);
937 return NULL;
938 }
939
940 /*
941 * Handle requires a pointer to the SQL inst so the
942 * destructor has access to the module configuration.
943 */
944 handle->inst = inst;
945
946 rcode = (inst->module->sql_socket_init)(handle, inst->config);
947 if (rcode != 0) {
948 fail:
949 exec_trigger(NULL, inst->cs, "modules.sql.fail", true);
950
951 /*
952 * Destroy any half opened connections.
953 */
954 talloc_free(handle);
955 return NULL;
956 }
957
958 if (inst->config->connect_query) {
959 if (rlm_sql_select_query(inst, NULL, &handle, inst->config->connect_query) != RLM_SQL_OK) goto fail;
960 (inst->module->sql_finish_select_query)(handle, inst->config);
961 }
962
963 return handle;
900964 }
901965
902966
11691233 }
11701234
11711235 /*
1172 * Neither group checks or profiles will work without
1236 * Neither group checks nor profiles will work without
11731237 * a group membership query.
11741238 */
11751239 if (!inst->config->groupmemb_query) goto release;
12621326 }
12631327
12641328 /*
1265 * At this point the key (user) hasn't be found in the check table, the reply table
1329 * At this point the key (user) hasn't been found in the check table, the reply table
12661330 * or the group mapping table, and there was no matching profile.
12671331 */
12681332 release:
13981462 case RLM_SQL_ERROR:
13991463 /*
14001464 * If we get RLM_SQL_RECONNECT it means all connections in the pool
1401 * were exhausted, and we couldn't create a new connection,
1465 * were exhausted and we couldn't create a new connection,
14021466 * so we do not need to call fr_connection_release.
14031467 */
14041468 case RLM_SQL_RECONNECT:
14301494 (inst->module->sql_finish_query)(handle, inst->config);
14311495 RDEBUG("%i record(s) updated", numaffected);
14321496
1433 if (numaffected > 0) break; /* A query succeeded, were done! */
1497 if (numaffected > 0) break; /* A query succeeded, we're done! */
14341498 next:
14351499 /*
14361500 * We assume all entries with the same name form a redundant
15891653 call_num = vp->vp_strvalue;
15901654 }
15911655
1592 while (rlm_sql_fetch_row(inst, request, &handle) == 0) {
1656 while (rlm_sql_fetch_row(inst, request, &handle) == RLM_SQL_OK) {
1657 int num_rows;
1658
15931659 row = handle->row;
15941660 if (!row) {
15951661 break;
1662 }
1663
1664 num_rows = (inst->module->sql_num_fields)(handle, inst->config);
1665 if (num_rows < 8) {
1666 RDEBUG("Too few rows returned. Please do not edit 'simul_verify_query'");
1667 rcode = RLM_MODULE_FAIL;
1668
1669 goto finish;
15961670 }
15971671
15981672 if (!row[2]){
16351709 else if (strcmp(row[7], "SLIP") == 0)
16361710 proto = 'S';
16371711 }
1638 if (row[8])
1712 if ((num_rows > 8) && row[8])
16391713 sess_time = atoi(row[8]);
16401714 session_zap(request, nas_addr, nas_port,
16411715 row[2], row[1], framed_addr,
+8
-8
src/modules/rlm_sql/rlm_sql.h less more
4141
4242 /* SQL Errors */
4343 typedef enum {
44 RLM_SQL_QUERY_INVALID = -3, //!< Query syntax error
45 RLM_SQL_ERROR = -2, //!< General connection/server error
46 RLM_SQL_OK = 0, //!< Success
47 RLM_SQL_RECONNECT = 1, //!< Stale connection, should reconnect
48 RLM_SQL_ALT_QUERY = 2 //!< Key constraint violation
44 RLM_SQL_QUERY_INVALID = -3, //!< Query syntax error.
45 RLM_SQL_ERROR = -2, //!< General connection/server error.
46 RLM_SQL_OK = 0, //!< Success.
47 RLM_SQL_RECONNECT = 1, //!< Stale connection, should reconnect.
48 RLM_SQL_ALT_QUERY, //!< Key constraint violation, use an alternative query.
49 RLM_SQL_NO_MORE_ROWS, //!< No more rows available
4950 } sql_rcode_t;
5051
5152 typedef enum {
52 FALL_THROUGH_DEFAULT = 0,
53 FALL_THROUGH_NO = 0,
5354 FALL_THROUGH_YES,
54 FALL_THROUGH_NO
55 FALL_THROUGH_DEFAULT,
5556 } sql_fall_through_t;
5657
5758
240241 struct sql_grouplist *next;
241242 } rlm_sql_grouplist_t;
242243
243 void *mod_conn_create(TALLOC_CTX *ctx, void *instance);
244244 int sql_fr_pair_list_afrom_str(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **first_pair, rlm_sql_row_t row);
245245 int sql_read_realms(rlm_sql_handle_t *handle);
246246 int sql_getvpdata(TALLOC_CTX *ctx, rlm_sql_t *inst, REQUEST *request, rlm_sql_handle_t **handle, VALUE_PAIR **pair, char const *query);
+2
-44
src/modules/rlm_sql/sql.c less more
4848 { "server error", RLM_SQL_ERROR },
4949 { "query invalid", RLM_SQL_QUERY_INVALID },
5050 { "no connection", RLM_SQL_RECONNECT },
51 { "no more rows", RLM_SQL_NO_MORE_ROWS },
5152 { NULL, 0 }
5253 };
5354
54
55 void *mod_conn_create(TALLOC_CTX *ctx, void *instance)
56 {
57 int rcode;
58 rlm_sql_t *inst = instance;
59 rlm_sql_handle_t *handle;
60
61 /*
62 * Connections cannot be alloced from the inst or
63 * pool contexts due to threading issues.
64 */
65 handle = talloc_zero(ctx, rlm_sql_handle_t);
66 if (!handle) return NULL;
67
68 handle->log_ctx = talloc_pool(handle, 2048);
69 if (!handle->log_ctx) {
70 talloc_free(handle);
71 return NULL;
72 }
73
74 /*
75 * Handle requires a pointer to the SQL inst so the
76 * destructor has access to the module configuration.
77 */
78 handle->inst = inst;
79
80 rcode = (inst->module->sql_socket_init)(handle, inst->config);
81 if (rcode != 0) {
82 fail:
83 /*
84 * Destroy any half opened connections.
85 */
86 talloc_free(handle);
87 return NULL;
88 }
89
90 if (inst->config->connect_query) {
91 if (rlm_sql_select_query(inst, NULL, &handle, inst->config->connect_query) != RLM_SQL_OK) goto fail;
92 (inst->module->sql_finish_select_query)(handle, inst->config);
93 }
94
95 return handle;
96 }
9755
9856 /*************************************************************************
9957 *
488446 rcode = rlm_sql_select_query(inst, request, handle, query);
489447 if (rcode != RLM_SQL_OK) return -1; /* error handled by rlm_sql_select_query */
490448
491 while (rlm_sql_fetch_row(inst, request, handle) == 0) {
449 while (rlm_sql_fetch_row(inst, request, handle) == RLM_SQL_OK) {
492450 row = (*handle)->row;
493451 if (!row) break;
494452 if (sql_fr_pair_list_afrom_str(ctx, request, pair, row) != 0) {
+92
-73
src/modules/rlm_sqlcounter/rlm_sqlcounter.c less more
102102 CONF_PARSER_TERMINATOR
103103 };
104104
105 static int find_next_reset(rlm_sqlcounter_t *inst, time_t timeval)
105 static int find_next_reset(rlm_sqlcounter_t *inst, REQUEST *request, time_t timeval)
106106 {
107107 int ret = 0;
108108 size_t len;
110110 char last = '\0';
111111 struct tm *tm, s_tm;
112112 char sCurrentTime[40], sNextTime[40];
113
114 tm = localtime_r(&timeval, &s_tm);
115 tm->tm_sec = tm->tm_min = 0;
116
117 rad_assert(inst->reset != NULL);
118
119 /*
120 * Reset every N hours, days, weeks, months.
121 */
122 if (isdigit((int) inst->reset[0])){
123 len = strlen(inst->reset);
124 if (len == 0) return -1;
125
126 last = inst->reset[len - 1];
127 if (!isalpha((int) last)) {
128 last = 'd';
129 }
130
131 num = atoi(inst->reset);
132 DEBUG("rlm_sqlcounter: num=%d, last=%c",num,last);
133 }
134
135 if (strcmp(inst->reset, "hourly") == 0 || last == 'h') {
136 /*
137 * Round up to the next nearest hour.
138 */
139 tm->tm_hour += num;
140 inst->reset_time = mktime(tm);
141
142 } else if (strcmp(inst->reset, "daily") == 0 || last == 'd') {
143 /*
144 * Round up to the next nearest day.
145 */
146 tm->tm_hour = 0;
147 tm->tm_mday += num;
148 inst->reset_time = mktime(tm);
149
150 } else if (strcmp(inst->reset, "weekly") == 0 || last == 'w') {
151 /*
152 * Round up to the next nearest week.
153 */
154 tm->tm_hour = 0;
155 tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
156 inst->reset_time = mktime(tm);
157
158 } else if (strcmp(inst->reset, "monthly") == 0 || last == 'm') {
159 tm->tm_hour = 0;
160 tm->tm_mday = 1;
161 tm->tm_mon += num;
162 inst->reset_time = mktime(tm);
163
164 } else if (strcmp(inst->reset, "never") == 0) {
165 inst->reset_time = 0;
166
167 } else {
168 return -1;
169 }
170
171 if (!request || (rad_debug_lvl < 2)) return ret;
172
173 len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
174 if (len == 0) *sCurrentTime = '\0';
175
176 len = strftime(sNextTime, sizeof(sNextTime),"%Y-%m-%d %H:%M:%S",tm);
177 if (len == 0) *sNextTime = '\0';
178 RDEBUG2("rlm_sqlcounter: Current Time: %" PRId64 " [%s], Next reset %" PRId64 " [%s]",
179 (int64_t) timeval, sCurrentTime, (int64_t) inst->reset_time, sNextTime);
180
181 return ret;
182 }
183
184
185 /* I don't believe that this routine handles Daylight Saving Time adjustments
186 properly. Any suggestions?
187 */
188
189 static int find_prev_reset(rlm_sqlcounter_t *inst, time_t timeval)
190 {
191 int ret = 0;
192 size_t len;
193 unsigned int num = 1;
194 char last = '\0';
195 struct tm *tm, s_tm;
196 char sCurrentTime[40], sPrevTime[40];
113197
114198 tm = localtime_r(&timeval, &s_tm);
115199 len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
130214 }
131215 if (strcmp(inst->reset, "hourly") == 0 || last == 'h') {
132216 /*
133 * Round up to the next nearest hour.
134 */
135 tm->tm_hour += num;
136 inst->reset_time = mktime(tm);
137 } else if (strcmp(inst->reset, "daily") == 0 || last == 'd') {
138 /*
139 * Round up to the next nearest day.
140 */
141 tm->tm_hour = 0;
142 tm->tm_mday += num;
143 inst->reset_time = mktime(tm);
144 } else if (strcmp(inst->reset, "weekly") == 0 || last == 'w') {
145 /*
146 * Round up to the next nearest week.
147 */
148 tm->tm_hour = 0;
149 tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
150 inst->reset_time = mktime(tm);
151 } else if (strcmp(inst->reset, "monthly") == 0 || last == 'm') {
152 tm->tm_hour = 0;
153 tm->tm_mday = 1;
154 tm->tm_mon += num;
155 inst->reset_time = mktime(tm);
156 } else if (strcmp(inst->reset, "never") == 0) {
157 inst->reset_time = 0;
158 } else {
159 return -1;
160 }
161
162 len = strftime(sNextTime, sizeof(sNextTime),"%Y-%m-%d %H:%M:%S",tm);
163 if (len == 0) *sNextTime = '\0';
164 DEBUG2("rlm_sqlcounter: Current Time: %" PRId64 " [%s], Next reset %" PRId64 " [%s]",
165 (int64_t) timeval, sCurrentTime, (int64_t) inst->reset_time, sNextTime);
166
167 return ret;
168 }
169
170
171 /* I don't believe that this routine handles Daylight Saving Time adjustments
172 properly. Any suggestions?
173 */
174
175 static int find_prev_reset(rlm_sqlcounter_t *inst, time_t timeval)
176 {
177 int ret = 0;
178 size_t len;
179 unsigned int num = 1;
180 char last = '\0';
181 struct tm *tm, s_tm;
182 char sCurrentTime[40], sPrevTime[40];
183
184 tm = localtime_r(&timeval, &s_tm);
185 len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
186 if (len == 0) *sCurrentTime = '\0';
187 tm->tm_sec = tm->tm_min = 0;
188
189 rad_assert(inst->reset != NULL);
190
191 if (isdigit((int) inst->reset[0])){
192 len = strlen(inst->reset);
193 if (len == 0)
194 return -1;
195 last = inst->reset[len - 1];
196 if (!isalpha((int) last))
197 last = 'd';
198 num = atoi(inst->reset);
199 DEBUG("rlm_sqlcounter: num=%d, last=%c",num,last);
200 }
201 if (strcmp(inst->reset, "hourly") == 0 || last == 'h') {
202 /*
203217 * Round down to the prev nearest hour.
204218 */
205219 tm->tm_hour -= num - 1;
206220 inst->last_reset = mktime(tm);
221
207222 } else if (strcmp(inst->reset, "daily") == 0 || last == 'd') {
208223 /*
209224 * Round down to the prev nearest day.
211226 tm->tm_hour = 0;
212227 tm->tm_mday -= num - 1;
213228 inst->last_reset = mktime(tm);
229
214230 } else if (strcmp(inst->reset, "weekly") == 0 || last == 'w') {
215231 /*
216232 * Round down to the prev nearest week.
218234 tm->tm_hour = 0;
219235 tm->tm_mday -= tm->tm_wday +(7*(num-1));
220236 inst->last_reset = mktime(tm);
237
221238 } else if (strcmp(inst->reset, "monthly") == 0 || last == 'm') {
222239 tm->tm_hour = 0;
223240 tm->tm_mday = 1;
224241 tm->tm_mon -= num - 1;
225242 inst->last_reset = mktime(tm);
243
226244 } else if (strcmp(inst->reset, "never") == 0) {
227245 inst->reset_time = 0;
246
228247 } else {
229248 return -1;
230249 }
462481 now = time(NULL);
463482 inst->reset_time = 0;
464483
465 if (find_next_reset(inst, now) == -1) {
484 if (find_next_reset(inst, NULL, now) < 0) {
466485 cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
467486 return -1;
468487 }
510529 * Re-set the next time and prev_time for this counters range
511530 */
512531 inst->last_reset = inst->reset_time;
513 find_next_reset(inst,request->timestamp);
532 find_next_reset(inst, request, request->timestamp);
514533 }
515534
516535 /*
+41
-42
src/modules/rlm_wimax/rlm_wimax.c less more
2626 #include <freeradius-devel/radiusd.h>
2727 #include <freeradius-devel/modules.h>
2828
29 /*
30 * FIXME: Add check for this header to configure.ac
31 */
29 #ifdef HAVE_OPENSSL_HMAC_H
3230 #include <openssl/hmac.h>
31 #endif
3332
3433 /*
3534 * FIXME: Fix the build system to create definitions from names.
121120 rlm_wimax_t *inst = instance;
122121 VALUE_PAIR *msk, *emsk, *vp;
123122 VALUE_PAIR *mn_nai, *ip, *fa_rk;
124 HMAC_CTX hmac;
123 HMAC_CTX *hmac;
125124 unsigned int rk1_len, rk2_len, rk_len;
126125 uint32_t mip_spi;
127126 uint8_t usage_data[24];
160159 /*
161160 * MIP-RK-1 = HMAC-SSHA256(EMSK, usage-data | 0x01)
162161 */
163 HMAC_CTX_init(&hmac);
164 HMAC_Init_ex(&hmac, emsk->vp_octets, emsk->vp_length, EVP_sha256(), NULL);
165
166 HMAC_Update(&hmac, &usage_data[0], sizeof(usage_data));
167 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
162 hmac = HMAC_CTX_new();
163 HMAC_Init_ex(hmac, emsk->vp_octets, emsk->vp_length, EVP_sha256(), NULL);
164
165 HMAC_Update(hmac, &usage_data[0], sizeof(usage_data));
166 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
168167
169168 /*
170169 * MIP-RK-2 = HMAC-SSHA256(EMSK, MIP-RK-1 | usage-data | 0x01)
171170 */
172 HMAC_Init_ex(&hmac, emsk->vp_octets, emsk->vp_length, EVP_sha256(), NULL);
173
174 HMAC_Update(&hmac, (uint8_t const *) &mip_rk_1, rk1_len);
175 HMAC_Update(&hmac, &usage_data[0], sizeof(usage_data));
176 HMAC_Final(&hmac, &mip_rk_2[0], &rk2_len);
171 HMAC_Init_ex(hmac, emsk->vp_octets, emsk->vp_length, EVP_sha256(), NULL);
172
173 HMAC_Update(hmac, (uint8_t const *) &mip_rk_1, rk1_len);
174 HMAC_Update(hmac, &usage_data[0], sizeof(usage_data));
175 HMAC_Final(hmac, &mip_rk_2[0], &rk2_len);
177176
178177 memcpy(mip_rk, mip_rk_1, rk1_len);
179178 memcpy(mip_rk + rk1_len, mip_rk_2, rk2_len);
182181 /*
183182 * MIP-SPI = HMAC-SSHA256(MIP-RK, "SPI CMIP PMIP");
184183 */
185 HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha256(), NULL);
186
187 HMAC_Update(&hmac, (uint8_t const *) "SPI CMIP PMIP", 12);
188 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
184 HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha256(), NULL);
185
186 HMAC_Update(hmac, (uint8_t const *) "SPI CMIP PMIP", 12);
187 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
189188
190189 /*
191190 * Take the 4 most significant octets.
245244 * MN-HA-PMIP4 =
246245 * H(MIP-RK, "PMIP4 MN HA" | HA-IPv4 | MN-NAI);
247246 */
248 HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
249
250 HMAC_Update(&hmac, (uint8_t const *) "PMIP4 MN HA", 11);
251 HMAC_Update(&hmac, (uint8_t const *) &ip->vp_ipaddr, 4);
252 HMAC_Update(&hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
253 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
247 HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha1(), NULL);
248
249 HMAC_Update(hmac, (uint8_t const *) "PMIP4 MN HA", 11);
250 HMAC_Update(hmac, (uint8_t const *) &ip->vp_ipaddr, 4);
251 HMAC_Update(hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
252 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
254253
255254 /*
256255 * Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key
295294 * MN-HA-CMIP4 =
296295 * H(MIP-RK, "CMIP4 MN HA" | HA-IPv4 | MN-NAI);
297296 */
298 HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
299
300 HMAC_Update(&hmac, (uint8_t const *) "CMIP4 MN HA", 11);
301 HMAC_Update(&hmac, (uint8_t const *) &ip->vp_ipaddr, 4);
302 HMAC_Update(&hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
303 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
297 HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha1(), NULL);
298
299 HMAC_Update(hmac, (uint8_t const *) "CMIP4 MN HA", 11);
300 HMAC_Update(hmac, (uint8_t const *) &ip->vp_ipaddr, 4);
301 HMAC_Update(hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
302 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
304303
305304 /*
306305 * Put MN-HA-CMIP4 into WiMAX-MN-hHA-MIP4-Key
345344 * MN-HA-CMIP6 =
346345 * H(MIP-RK, "CMIP6 MN HA" | HA-IPv6 | MN-NAI);
347346 */
348 HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
349
350 HMAC_Update(&hmac, (uint8_t const *) "CMIP6 MN HA", 11);
351 HMAC_Update(&hmac, (uint8_t const *) &ip->vp_ipv6addr, 16);
352 HMAC_Update(&hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
353 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
347 HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha1(), NULL);
348
349 HMAC_Update(hmac, (uint8_t const *) "CMIP6 MN HA", 11);
350 HMAC_Update(hmac, (uint8_t const *) &ip->vp_ipv6addr, 16);
351 HMAC_Update(hmac, (uint8_t const *) &mn_nai->vp_strvalue, mn_nai->vp_length);
352 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
354353
355354 /*
356355 * Put MN-HA-CMIP6 into WiMAX-MN-hHA-MIP6-Key
392391 */
393392 fa_rk = fr_pair_find_by_num(request->reply->vps, 14, VENDORPEC_WIMAX, TAG_ANY);
394393 if (fa_rk && (fa_rk->vp_length <= 1)) {
395 HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
396
397 HMAC_Update(&hmac, (uint8_t const *) "FA-RK", 5);
398
399 HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
394 HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha1(), NULL);
395
396 HMAC_Update(hmac, (uint8_t const *) "FA-RK", 5);
397
398 HMAC_Final(hmac, &mip_rk_1[0], &rk1_len);
400399
401400 fr_pair_value_memcpy(fa_rk, &mip_rk_1[0], rk1_len);
402401 }
450449 /*
451450 * Wipe the context of all sensitive information.
452451 */
453 HMAC_CTX_cleanup(&hmac);
452 HMAC_CTX_free(hmac);
454453
455454 return RLM_MODULE_UPDATED;
456455 }
+22
-0
src/tests/keywords/switch-nodefault less more
0 #
1 # User-Name is "bob", and a switch statement
2 # with no "default" should not crash the server.
3 #
4 switch &User-Name {
5 case "doug" {
6 update reply {
7 Filter-Id := "doug"
8 }
9 }
10 }
11
12 if (&reply:Filter-Id) {
13 update reply {
14 Filter-Id := "fail 1"
15 }
16 }
17 else {
18 update reply {
19 Filter-Id := "filter"
20 }
21 }
+26
-3
src/tests/keywords/update-operator less more
00 #
11 # PRE: update
2 #
3
4 #
5 # Set it.
26 #
37 update request {
48 NAS-Port := 1000
59 }
610
711 #
8 # Filtering
12 # Enforce it.
913 #
1014 update request {
1115 NAS-Port == 1000
1721 }
1822 }
1923
24 #
25 # Enforce to new lower value.
26 #
2027 update request {
2128 NAS-Port <= 500
2229 }
2330
2431 if (NAS-Port != 500) {
2532 update reply {
26 Filter-Id += "fail 2"
33 Filter-Id += "fail 2 - expected 500, got %{NAS-Port}"
2734 }
2835 }
2936
37 #
38 # Enforce to new higher value
39 #
3040 update request {
3141 NAS-Port >= 2000
3242 }
3343
3444 if (NAS-Port != 2000) {
3545 update reply {
36 Filter-Id += "fail 3"
46 Filter-Id += "fail 3 - expected 2000, got %{NAS-Port}"
47 }
48 }
49
50 #
51 # Enforce value which previously didn't exist.
52 #
53 update request {
54 Idle-Timeout >= 14400
55 }
56
57 if (&request:Idle-Timeout != 14400) {
58 update reply {
59 Filter-Id += "fail Idle-Timeout >= 14400"
3760 }
3861 }
3962
+1
-1
suse/freeradius.spec less more
00 Name: freeradius-server
1 Version: 3.0.12
1 Version: 3.0.14
22 Release: 0
33 License: GPLv2 ; LGPLv2.1
44 Group: Productivity/Networking/Radius/Servers
+0
-8
suse/radiusd-logrotate less more
2727 }
2828
2929 #
30 # Session database modules
31 #
32 /var/log/radius/radutmp /var/log/radius/radwtmp {
33 nocreate
34 size=+2048k
35 }
36
37 #
3830 # SQL log files
3931 #
4032 /var/log/radius/sqllog.sql {