@@ -1,4 +1,4 @@
-From 38cbab566143b9e002ee24a1f08a52ec74186eca Mon Sep 17 00:00:00 2001
+From 7ac812c9ba377ba7c40348ea757086c5c01c04df Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Wed, 5 Aug 2020 07:23:11 +0000
Subject: [PATCH] raddb/certs/Makefile: fix the occasional verification failure
@@ -25,11 +25,11 @@ Upstream-Status: Pending
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
- raddb/certs/Makefile | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
+ raddb/certs/Makefile | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
-index cae939668e..52ae65755f 100644
+index a2f49f72c9..88874309f7 100644
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
@@ -63,7 +63,7 @@ index cae939668e..52ae65755f 100644
rm ca-crl.pem
######################################################################
-@@ -88,18 +88,18 @@ ca.crl: ca.pem
+@@ -88,21 +88,21 @@ ca.crl: ca.pem
#
######################################################################
server.csr server.key: server.cnf
@@ -79,13 +79,17 @@ index cae939668e..52ae65755f 100644
+ @[ -f server.p12 ] || $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r server.p12
+ server.der: server.pem
+- $(OPENSSL) x509 -inform PEM -outform DER -in server.pem -out server.der
++ @[ -f server.der ] || $(OPENSSL) x509 -inform PEM -outform DER -in server.pem -out server.der
+
server.pem: server.p12
- $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+ @[ -f server.pem ] || $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r server.pem
.PHONY: server.vrfy
-@@ -113,19 +113,19 @@ server.vrfy: ca.pem
+@@ -116,19 +116,19 @@ server.vrfy: ca.pem
#
######################################################################
client.csr client.key: client.cnf
@@ -108,7 +112,7 @@ index cae939668e..52ae65755f 100644
chmod g+r client.pem
cp client.pem $(USER_NAME).pem
-@@ -140,18 +140,18 @@ client.vrfy: ca.pem client.pem
+@@ -143,18 +143,18 @@ client.vrfy: ca.pem client.pem
#
######################################################################
inner-server.csr inner-server.key: inner-server.cnf
@@ -132,5 +136,5 @@ index cae939668e..52ae65755f 100644
.PHONY: inner-server.vrfy
--
-2.25.1
+2.34.1
deleted file mode 100644
@@ -1,33 +0,0 @@
-From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001
-From: Liu Yiding <liuyd.fnst@fujitsu.com>
-Date: Sat, 20 Sep 2025 06:50:17 +0000
-Subject: [PATCH] Fix Service start error
-
-change "fips=no" to "-fips"
-based on discussions with the OpenSSL developers in
-https://github.com/FreeRADIUS/freeradius-server/issues/5631
-
-Upstream-Status: Backport
-https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315
-
-Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
----
- src/main/tls.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/main/tls.c b/src/main/tls.c
-index 2a348eb9bb..02a4c24f70 100644
---- a/src/main/tls.c
-+++ b/src/main/tls.c
-@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
- CONF_modules_load_file(NULL, NULL, 0);
-
- #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- EVP_set_default_properties(NULL, "fips=no");
-+ EVP_set_default_properties(NULL, "-fips");
- #endif
-
- /*
-2.43.0
-
new file mode 100644
@@ -0,0 +1,175 @@
+From 82d874c638c80fbbf1eca7c51aca095fbbf40024 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 27 Oct 2025 06:31:22 -0400
+Subject: [PATCH] update license
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/82d874c638c80fbbf1eca7c51aca095fbbf40024]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/modules/rlm_dpsk/rlm_dpsk.c | 25 +++++++---------
+ .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 29 +++++++------------
+ .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 29 +++++++------------
+ .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 29 +++++++------------
+ 4 files changed, 44 insertions(+), 68 deletions(-)
+
+diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c
+index 4b818d08a5..aa07415540 100644
+--- a/src/modules/rlm_dpsk/rlm_dpsk.c
++++ b/src/modules/rlm_dpsk/rlm_dpsk.c
+@@ -1,20 +1,17 @@
+ /*
+- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ /**
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
+index 20646c5ba1..33512788c2 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
+@@ -1,24 +1,17 @@
+ /*
+- * eap_teap.c contains the interfaces that are called from the main handler
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * Version: $Id$
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ RCSID("$Id$")
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
+index 59f7835a26..69f4b1ebba 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
+@@ -1,24 +1,17 @@
+ /*
+- * eap_teap.h
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * Version: $Id$
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+ #ifndef _EAP_TEAP_H
+ #define _EAP_TEAP_H
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
+index fcf9717257..13c709b287 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
++++ b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
+@@ -1,24 +1,17 @@
+ /*
+- * rlm_eap_teap.c contains the interfaces that are called from eap
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * Version: $Id$
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ RCSID("$Id$")
+--
+2.43.0
+
deleted file mode 100644
@@ -1,8491 +0,0 @@
-From c8c36d7bd8aad1dae6a1e6eb8dd8429b837ea035 Mon Sep 17 00:00:00 2001
-From: Libo Chen <libo.chen.cn@windriver.com>
-Date: Fri, 24 Oct 2025 12:12:10 +0800
-Subject: [PATCH] freeradius: Remove files which have license issues
-
-remove the following files which have the following license:
-
-Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
-
-This software may not be redistributed in any form without the prior
-written consent of Network RADIUS.
-
-src/modules/rlm_dpsk/rlm_dpsk.c
-src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
-src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
-src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
-src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
-src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
-
-Upstream-Status: Pending
-
-Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
----
- src/modules/rlm_dpsk/all.mk | 10 -
- src/modules/rlm_dpsk/rlm_dpsk.c | 955 ----
- .../rlm_eap/types/rlm_eap_teap/.gitignore | 1 -
- .../rlm_eap/types/rlm_eap_teap/all.mk.in | 12 -
- .../rlm_eap/types/rlm_eap_teap/configure | 4512 -----------------
- .../rlm_eap/types/rlm_eap_teap/configure.ac | 86 -
- .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 1817 -------
- .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 176 -
- .../types/rlm_eap_teap/eap_teap_crypto.c | 198 -
- .../types/rlm_eap_teap/eap_teap_crypto.h | 39 -
- .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 569 ---
- 11 files changed, 8375 deletions(-)
- delete mode 100644 src/modules/rlm_dpsk/all.mk
- delete mode 100644 src/modules/rlm_dpsk/rlm_dpsk.c
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
- delete mode 100755 src/modules/rlm_eap/types/rlm_eap_teap/configure
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
- delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
-
-diff --git a/src/modules/rlm_dpsk/all.mk b/src/modules/rlm_dpsk/all.mk
-deleted file mode 100644
-index 8da247565b..0000000000
---- a/src/modules/rlm_dpsk/all.mk
-+++ /dev/null
-@@ -1,10 +0,0 @@
--TARGETNAME := rlm_dpsk
--
--ifneq "$(OPENSSL_LIBS)" ""
--TARGET := $(TARGETNAME).a
--endif
--
--SOURCES := $(TARGETNAME).c
--
--SRC_CFLAGS :=
--TGT_LDLIBS :=
-diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c
-deleted file mode 100644
-index 35773056b3..0000000000
---- a/src/modules/rlm_dpsk/rlm_dpsk.c
-+++ /dev/null
-@@ -1,955 +0,0 @@
--/*
-- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--/**
-- * $Id$
-- * @file rlm_dpsk.c
-- * @brief Dynamic PSK for WiFi
-- *
-- * @copyright 2023 Network RADIUS SAS (legal@networkradius.com)
-- */
--RCSID("$Id$")
--
--#include <freeradius-devel/radiusd.h>
--#include <freeradius-devel/modules.h>
--#include <freeradius-devel/dlist.h>
--#include <freeradius-devel/rad_assert.h>
--
--#include <openssl/ssl.h>
--#include <openssl/evp.h>
--#include <openssl/hmac.h>
--
--#include <ctype.h>
--
--#define PW_FREERADIUS_8021X_ANONCE (1)
--#define PW_FREERADIUS_8021X_EAPOL_KEY_MSG (2)
--
--#define VENDORPEC_FREERADIUS_EVS5 ((((uint32_t) 245) << 24) | VENDORPEC_FREERADIUS)
--
--#define VENDORPEC_RUCKUS (25053)
--#define PW_RUCKUS_BSSID (14)
--#define PW_RUCKUS_DPSK_PARAMS (152)
--
--//#define PW_RUCKUS_DPSK_CIPHER (PW_RUCKUS_DPSK_PARAMS | (2 << 8))
--#define PW_RUCKUS_DPSK_ANONCE (PW_RUCKUS_DPSK_PARAMS | (3 << 8))
--#define PW_RUCKUS_DPSK_EAPOL_KEY_FRAME (PW_RUCKUS_DPSK_PARAMS | (4 << 8))
--
--
--/*
-- Header: 02030075
--
-- descriptor 02
-- information 010a
-- length 0010
-- replay counter 000000000000001
-- snonce c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b
-- IV 0000000000000000000000000000000
-- rsc 0000000000000000
-- reserved 0000000000000000
-- mic 35cddcedad0dfb6a12a2eca55c17c323
-- data length 0016
-- data 30140100000fac040100000fac040100000fac028c00
--
-- 30
-- 14 length of data
-- 01 ...
--*/
--
--typedef struct eapol_key_frame_t {
-- uint8_t descriptor; // message number 2
-- uint16_t information; //
-- uint16_t length; // always 0010, for 16 octers
-- uint8_t replay_counter[8]; // usually "1"
-- uint8_t nonce[32]; // random token
-- uint8_t iv[16]; // zeroes
-- uint8_t rsc[8]; // zeros
-- uint8_t reserved[8]; // zeroes
-- uint8_t mic[16]; // calculated data
-- uint16_t data_len; // various other things we don't need.
--// uint8_t data[];
--} CC_HINT(__packed__) eapol_key_frame_t;
--
--typedef struct eapol_attr_t {
-- uint8_t header[4]; // 02030075
-- eapol_key_frame_t frame;
--} CC_HINT(__packed__) eapol_attr_t;
--
--#ifdef HAVE_PTHREAD_H
--#define PTHREAD_MUTEX_LOCK pthread_mutex_lock
--#define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock
--#else
--#define PTHREAD_MUTEX_LOCK(_x)
--#define PTHREAD_MUTEX_UNLOCK(_x)
--#endif
--
--typedef struct rlm_dpsk_s rlm_dpsk_t;
--
--typedef struct {
-- uint8_t mac[6];
-- uint8_t pmk[32];
--
-- uint8_t *ssid;
-- size_t ssid_len;
--
-- char *identity;
-- size_t identity_len;
--
-- uint8_t *psk;
-- size_t psk_len;
-- time_t expires;
--
-- fr_dlist_t dlist;
-- rlm_dpsk_t *inst;
--} rlm_dpsk_cache_t;
--
--struct rlm_dpsk_s {
-- char const *xlat_name;
-- bool ruckus;
-- bool dynamic;
--
-- rbtree_t *cache;
--
-- uint32_t cache_size;
-- uint32_t cache_lifetime;
--
-- char const *filename;
--
--#ifdef HAVE_PTHREAD_H
-- pthread_mutex_t mutex;
--#endif
-- fr_dlist_t head;
--
-- DICT_ATTR const *ssid;
-- DICT_ATTR const *anonce;
-- DICT_ATTR const *frame;
--};
--
--static const CONF_PARSER module_config[] = {
-- { "ruckus", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_dpsk_t, ruckus), "no" },
--
-- { "cache_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_size), "0" },
-- { "cache_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_lifetime), "0" },
--
-- { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_dpsk_t, filename), NULL },
--
-- CONF_PARSER_TERMINATOR
--};
--
--
--static inline CC_HINT(nonnull) rlm_dpsk_cache_t *fr_dlist_head(fr_dlist_t const *head)
--{
-- if (head->prev == head) return NULL;
--
-- return (rlm_dpsk_cache_t *) (((uintptr_t) head->next) - offsetof(rlm_dpsk_cache_t, dlist));
--}
--
--static void rdebug_hex(REQUEST *request, char const *prefix, uint8_t const *data, int len)
--{
-- int i;
-- char buffer[2048]; /* large enough for largest len */
--
-- /*
-- * Leave a trailing space, we don't really care about that.
-- */
-- for (i = 0; i < len; i++) {
-- snprintf(buffer + i * 2, sizeof(buffer) - i * 2, "%02x", data[i]);
-- }
--
-- RDEBUG("%s %s", prefix, buffer);
--}
--#define RDEBUG_HEX if (rad_debug_lvl >= 3) rdebug_hex
--
--#if 0
--/*
-- * Find the Ruckus attributes, and convert to FreeRADIUS ones.
-- *
-- * Also check the WPA2 cipher. We need AES + HMAC-SHA1.
-- */
--static bool normalize(rlm_dpsk_t *inst, REQUEST *request)
--{
-- VALUE_PAIR *bssid, *cipher, *anonce, *key_msg, *vp;
--
-- if (!inst->ruckus) return false;
--
-- bssid = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_BSSID, VENDORPEC_RUCKUS, TAG_ANY);
-- if (!bssid) return false;
--
-- cipher = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_CIPHER, VENDORPEC_RUCKUS, TAG_ANY);
-- if (!cipher) return false;
--
-- if (cipher->vp_byte != 4) {
-- RDEBUG("Found Ruckus-DPSK-Cipher != 4, which means that we cannot do DPSK");
-- return false;
-- }
--
-- anonce = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS, TAG_ANY);
-- if (!anonce) return false;
--
-- key_msg = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS, TAG_ANY);
-- if (!key_msg) return false;
--
-- MEM(vp = fr_pair_afrom_da(request->packet, anonce->da));
-- fr_pair_value_memcpy(vp, anonce->vp_octets, anonce->vp_length);
-- fr_pair_add(&request->packet->vps, vp);
--
-- MEM(vp = fr_pair_afrom_da(request->packet, key_msg->da));
-- fr_pair_value_memcpy(vp, key_msg->vp_octets, key_msg->vp_length);
-- fr_pair_add(&request->packet->vps, vp);
--
-- return false;
--}
--#endif
--
--/*
-- * mod_authorize() - authorize user if we can authenticate
-- * it later. Add Auth-Type attribute if present in module
-- * configuration (usually Auth-Type must be "DPSK")
-- */
--static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void * instance, REQUEST *request)
--{
-- rlm_dpsk_t *inst = instance;
--
-- if (!fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY) &&
-- !fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY)) {
-- return RLM_MODULE_NOOP;
-- }
--
-- if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
-- RWDEBUG2("Auth-Type already set. Not setting to %s", inst->xlat_name);
-- return RLM_MODULE_NOOP;
-- }
--
-- RDEBUG2("Found %s. Setting 'Auth-Type = %s'", inst->frame->name, inst->xlat_name);
--
-- /*
-- * Set Auth-Type to MS-CHAP. The authentication code
-- * will take care of turning cleartext passwords into
-- * NT/LM passwords.
-- */
-- if (!pair_make_config("Auth-Type", inst->xlat_name, T_OP_EQ)) {
-- return RLM_MODULE_FAIL;
-- }
--
-- return RLM_MODULE_OK;
--}
--
--static rlm_dpsk_cache_t *dpsk_cache_find(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac)
--{
-- rlm_dpsk_cache_t *entry, my_entry;
--
-- memcpy(my_entry.mac, mac, sizeof(my_entry.mac));
-- memcpy(&my_entry.ssid, &ssid->vp_octets, sizeof(my_entry.ssid)); /* const issues */
-- my_entry.ssid_len = ssid->vp_length;
--
-- entry = rbtree_finddata(inst->cache, &my_entry);
-- if (entry) {
-- if (entry->expires > request->timestamp) {
-- RDEBUG3("Cache entry found");
-- memcpy(buffer, entry->pmk, buflen);
-- return entry;
-- }
--
-- RDEBUG3("Cache entry has expired");
-- rbtree_deletebydata(inst->cache, entry);
-- }
--
-- return NULL;
--}
--
--
--static int generate_pmk(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac, char const *psk, size_t psk_len)
--{
-- VALUE_PAIR *vp;
--
-- fr_assert(buflen == 32);
--
-- if (!ssid) {
-- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
-- if (!ssid) {
-- RDEBUG("No %s in the request", inst->ssid->name);
-- return 0;
-- }
-- }
--
-- /*
-- * No provided PSK. Try to look it up in the cache. If
-- * it isn't there, find it in the config items.
-- */
-- if (!psk) {
-- if (inst->cache && mac) {
-- rlm_dpsk_cache_t *entry;
--
-- entry = dpsk_cache_find(request, inst, buffer, buflen, ssid, mac);
-- if (entry) {
-- memcpy(buffer, entry->pmk, buflen);
-- return 1;
-- }
-- RDEBUG3("Cache entry not found");
-- } /* else no caching */
--
-- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
-- if (!vp) {
-- RDEBUG("No &config:Pre-Shared-Key");
-- return 0;
-- }
--
-- psk = vp->vp_strvalue;
-- psk_len = vp->vp_length;
-- }
--
-- if (PKCS5_PBKDF2_HMAC_SHA1((const char *) psk, psk_len, (const unsigned char *) ssid->vp_strvalue, ssid->vp_length, 4096, buflen, buffer) == 0) {
-- RDEBUG("Failed calling OpenSSL to calculate the PMK");
-- return 0;
-- }
--
-- return 1;
--}
--
--/*
-- * Verify the DPSK information.
-- */
--static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *request)
--{
-- rlm_dpsk_t *inst = instance;
-- VALUE_PAIR *anonce, *key_msg, *ssid, *vp;
-- rlm_dpsk_cache_t *entry;
-- int lineno = 0;
-- size_t len, psk_len;
-- unsigned int digest_len, mic_len;
-- eapol_attr_t const *eapol;
-- eapol_attr_t *zeroed;
-- FILE *fp = NULL;
-- char const *psk_identity = NULL, *psk;
-- uint8_t *p;
-- uint8_t const *snonce, *ap_mac;
-- uint8_t const *min_mac, *max_mac;
-- uint8_t const *min_nonce, *max_nonce;
-- uint8_t pmk[32];
-- uint8_t s_mac[6], message[sizeof("Pairwise key expansion") + 6 + 6 + 32 + 32 + 1], frame[128];
-- uint8_t digest[EVP_MAX_MD_SIZE], mic[EVP_MAX_MD_SIZE];
-- char token_identity[256];
--
-- /*
-- * Search for the information in a bunch of attributes.
-- */
-- anonce = fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY);
-- if (!anonce) {
-- RDEBUG("No FreeRADIUS-802.1X-Anonce in the request");
-- return RLM_MODULE_NOOP;
-- }
--
-- if (anonce->vp_length != 32) {
-- RDEBUG("%s has incorrect length (%zu, not 32)", inst->anonce->name, anonce->vp_length);
-- return RLM_MODULE_NOOP;
-- }
--
-- key_msg = fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY);
-- if (!key_msg) {
-- RDEBUG("No %s in the request", inst->frame->name);
-- return RLM_MODULE_NOOP;
-- }
--
-- if (key_msg->vp_length < sizeof(*eapol)) {
-- RDEBUG("%s has incorrect length (%zu < %zu)", inst->frame->name, key_msg->vp_length, sizeof(*eapol));
-- return RLM_MODULE_NOOP;
-- }
--
-- if (key_msg->vp_length > sizeof(frame)) {
-- RDEBUG("%s has incorrect length (%zu > %zu)", inst->frame->name, key_msg->vp_length, sizeof(frame));
-- return RLM_MODULE_NOOP;
-- }
--
-- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
-- if (!ssid) {
-- RDEBUG("No %s in the request", inst->ssid->name);
-- return 0;
-- }
--
-- /*
-- * Get supplicant MAC address.
-- */
-- vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
-- if (!vp) {
-- RDEBUG("No &User-Name");
-- return RLM_MODULE_NOOP;
-- }
--
-- len = fr_hex2bin(s_mac, sizeof(s_mac), vp->vp_strvalue, vp->vp_length);
-- if (len != 6) {
-- RDEBUG("&User-Name is not a recognizable hex MAC address");
-- return RLM_MODULE_NOOP;
-- }
--
-- /*
-- * In case we're not reading from a file.
-- */
-- vp = fr_pair_find_by_num(request->config, PW_PSK_IDENTITY, 0, TAG_ANY);
-- if (vp) psk_identity = vp->vp_strvalue;
--
-- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
-- if (vp) {
-- psk = vp->vp_strvalue;
-- psk_len = vp->vp_length;
-- } else {
-- psk = NULL;
-- psk_len = 0;
-- }
--
-- /*
-- * Get the AP MAC address.
-- */
-- vp = fr_pair_find_by_num(request->packet->vps, PW_CALLED_STATION_MAC, 0, TAG_ANY);
-- if (!vp) {
-- RDEBUG("No &Called-Station-MAC");
-- return RLM_MODULE_NOOP;
-- }
--
-- if (vp->length != 6) {
-- RDEBUG("&Called-Station-MAC is not a recognizable MAC address");
-- return RLM_MODULE_NOOP;
-- }
--
-- ap_mac = vp->vp_octets;
--
-- /*
-- * Sort the MACs
-- */
-- if (memcmp(s_mac, ap_mac, 6) <= 0) {
-- min_mac = s_mac;
-- max_mac = ap_mac;
-- } else {
-- min_mac = ap_mac;
-- max_mac = s_mac;
-- }
--
-- eapol = (eapol_attr_t const *) key_msg->vp_octets;
--
-- /*
-- * Get supplicant nonce and AP nonce.
-- *
-- * Then sort the nonces.
-- */
-- snonce = key_msg->vp_octets + 17;
-- if (memcmp(snonce, anonce->vp_octets, 32) <= 0) {
-- min_nonce = snonce;
-- max_nonce = anonce->vp_octets;
-- } else {
-- min_nonce = anonce->vp_octets;
-- max_nonce = snonce;
-- }
--
-- /*
-- * Create the base message which we will hash.
-- */
-- memcpy(message, "Pairwise key expansion", sizeof("Pairwise key expansion")); /* including trailing NUL */
-- p = &message[sizeof("Pairwise key expansion")];
--
-- memcpy(p, min_mac, 6);
-- memcpy(p + 6, max_mac, 6);
-- p += 12;
--
-- memcpy(p, min_nonce, 32);
-- memcpy(p + 32, max_nonce, 32);
-- p += 64;
-- *p = '\0';
-- fr_assert(sizeof(message) == (p + 1 - message));
--
-- if (inst->filename && !psk) {
-- FR_TOKEN token;
-- char const *q, *filename;
-- char token_psk[256];
-- char token_mac[256];
-- char buffer[1024];
-- char filename_buffer[1024];
--
-- /*
-- * If there's a cached entry, we don't read the file.
-- */
-- entry = dpsk_cache_find(request, inst, pmk, sizeof(pmk), ssid, s_mac);
-- if (entry) {
-- psk_identity = entry->identity;
-- goto make_digest;
-- }
--
-- if (!inst->dynamic) {
-- filename = inst->filename;
-- } else {
-- if (radius_xlat(filename_buffer, sizeof(filename_buffer),
-- request, inst->filename, NULL, NULL) < 0) {
-- return RLM_MODULE_FAIL;
-- }
--
-- filename = filename_buffer;
-- }
--
-- RDEBUG3("Looking for PSK in file %s", filename);
--
-- fp = fopen(filename, "r");
-- if (!fp) {
-- REDEBUG("Failed opening %s - %s", filename, fr_syserror(errno));
-- return RLM_MODULE_FAIL;
-- }
--
--get_next_psk:
-- q = fgets(buffer, sizeof(buffer), fp);
-- if (!q) {
-- RDEBUG("Failed to find matching key in %s", filename);
-- fail:
-- fclose(fp);
-- return RLM_MODULE_FAIL;
-- }
--
-- /*
-- * Split the line on commas, paying attention to double quotes.
-- */
-- token = getstring(&q, token_identity, sizeof(token_identity), true);
-- if (token == T_INVALID) {
-- RDEBUG("%s[%d] Failed parsing identity", filename, lineno);
-- goto fail;
-- }
--
-- if (*q != ',') {
-- RDEBUG("%s[%d] Failed to find ',' after identity", filename, lineno);
-- goto fail;
-- }
-- q++;
--
-- token = getstring(&q, token_psk, sizeof(token_psk), true);
-- if (token == T_INVALID) {
-- RDEBUG("%s[%d] Failed parsing PSK", filename, lineno);
-- goto fail;
-- }
--
-- if (*q == ',') {
-- q++;
--
-- token = getstring(&q, token_mac, sizeof(token_mac), true);
-- if (token == T_INVALID) {
-- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
-- goto fail;
-- }
--
-- /*
-- * See if the MAC matches. If not, skip
-- * this entry. That's a basic negative cache.
-- */
-- if ((strlen(token_mac) != 12) ||
-- (fr_hex2bin((uint8_t *) token_mac, 6, token_mac, 12) != 12)) {
-- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
-- goto fail;
-- }
--
-- if (memcmp(s_mac, token_mac, 6) != 0) {
-- psk_identity = NULL;
-- goto get_next_psk;
-- }
--
-- /*
-- * Close the file so that we don't check any other entries.
-- */
-- MEM(vp = fr_pair_afrom_num(request, PW_PRE_SHARED_KEY, 0));
-- fr_pair_value_bstrncpy(vp, token_psk, strlen(token_psk));
--
-- fr_pair_add(&request->config, vp);
-- fclose(fp);
-- fp = NULL;
--
-- RDEBUG3("Found matching MAC");
-- }
--
-- /*
-- * Generate the PMK using the SSID, this MAC, and the PSK we just read.
-- */
-- RDEBUG3("%s[%d] Trying PSK %s", filename, lineno, token_psk);
-- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, token_psk, strlen(token_psk)) == 0) {
-- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
-- return RLM_MODULE_NOOP;
-- }
--
-- /*
-- * Remember which identity we had
-- */
-- psk_identity = token_identity;
-- goto make_digest;
-- }
--
-- /*
-- * Use the PMK if it already exists. Otherwise calculate it from the PSK.
-- */
-- vp = fr_pair_find_by_num(request->config, PW_PAIRWISE_MASTER_KEY, 0, TAG_ANY);
-- if (!vp) {
-- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, psk, psk_len) == 0) {
-- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
-- fr_assert(!fp);
-- return RLM_MODULE_NOOP;
-- }
--
-- } else if (vp->vp_length != sizeof(pmk)) {
-- RDEBUG("Pairwise-Master-Key has incorrect length (%zu != %zu)", vp->vp_length, sizeof(pmk));
-- fr_assert(!fp);
-- return RLM_MODULE_NOOP;
--
-- } else {
-- memcpy(pmk, vp->vp_octets, sizeof(pmk));
-- }
--
-- /*
-- * HMAC = HMAC_SHA1(pmk, message);
-- *
-- * We need the first 16 octets of this.
-- */
--make_digest:
-- digest_len = sizeof(digest);
-- HMAC(EVP_sha1(), pmk, sizeof(pmk), message, sizeof(message), digest, &digest_len);
--
-- RDEBUG_HEX(request, "message:", message, sizeof(message));
-- RDEBUG_HEX(request, "pmk :", pmk, sizeof(pmk));
-- RDEBUG_HEX(request, "kck :", digest, 16);
--
-- /*
-- * Create the frame with the middle field zero, and hash it with the KCK digest we calculated from the key expansion.
-- */
-- memcpy(frame, key_msg->vp_octets, key_msg->vp_length);
-- zeroed = (eapol_attr_t *) &frame[0];
-- memset(&zeroed->frame.mic[0], 0, 16);
--
-- RDEBUG_HEX(request, "zeroed:", frame, key_msg->vp_length);
--
-- mic_len = sizeof(mic);
-- HMAC(EVP_sha1(), digest, 16, frame, key_msg->vp_length, mic, &mic_len);
--
-- /*
-- * Do the MICs match?
-- */
-- if (memcmp(&eapol->frame.mic[0], mic, 16) != 0) {
-- if (fp) {
-- psk_identity = NULL;
-- goto get_next_psk;
-- }
--
-- RDEBUG_HEX(request, "calculated mic:", mic, 16);
-- RDEBUG_HEX(request, "packet mic :", &eapol->frame.mic[0], 16);
-- return RLM_MODULE_FAIL;
-- }
--
-- /*
-- * It matches. Close the input file if necessary.
-- */
-- if (fp) fclose(fp);
--
-- /*
-- * Extend the lifetime of the cache entry, or add the
-- * cache entry if necessary.
-- */
-- if (inst->cache) {
-- rlm_dpsk_cache_t my_entry;
--
-- /*
-- * Find the entry (again), and update the expiry time.
-- *
-- * Create the entry if neessary.
-- */
-- memcpy(my_entry.mac, s_mac, sizeof(my_entry.mac));
--
-- vp = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
-- if (!vp) goto save_psk; /* should never really happen, but just to be safe */
--
-- memcpy(&my_entry.ssid, &vp->vp_octets, sizeof(my_entry.ssid)); /* const issues */
-- my_entry.ssid_len = vp->vp_length;
--
-- entry = rbtree_finddata(inst->cache, &my_entry);
-- if (!entry) {
-- /*
-- * Too many entries in the cache. Delete the oldest one.
-- */
-- if (rbtree_num_elements(inst->cache) > inst->cache_size) {
-- PTHREAD_MUTEX_LOCK(&inst->mutex);
-- entry = fr_dlist_head(&inst->head);
-- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
--
-- rbtree_deletebydata(inst->cache, entry);
-- }
--
-- MEM(entry = talloc_zero(NULL, rlm_dpsk_cache_t));
--
-- memcpy(entry->mac, s_mac, sizeof(entry->mac));
-- memcpy(entry->pmk, pmk, sizeof(entry->pmk));
--
-- fr_dlist_entry_init(&entry->dlist);
-- entry->inst = inst;
--
-- /*
-- * Save the variable-length SSID.
-- */
-- MEM(entry->ssid = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
-- entry->ssid_len = vp->vp_length;
--
-- /*
-- * Save the PSK. If we just have the
-- * PMK, then we can still cache that.
-- */
-- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
-- if (vp) {
-- MEM(entry->psk = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
-- entry->psk_len = vp->vp_length;
-- }
--
-- /*
-- * Save the identity.
-- */
-- if (psk_identity) {
-- MEM(entry->identity = talloc_memdup(entry, psk_identity, strlen(psk_identity)));
-- entry->identity_len = strlen(psk_identity);
-- }
--
-- /*
-- * Cache it.
-- */
-- if (!rbtree_insert(inst->cache, entry)) {
-- talloc_free(entry);
-- goto save_found_psk;
-- }
-- RDEBUG3("Cache entry saved");
-- }
-- entry->expires = request->timestamp + inst->cache_lifetime;
--
-- PTHREAD_MUTEX_LOCK(&inst->mutex);
-- fr_dlist_entry_unlink(&entry->dlist);
-- fr_dlist_insert_tail(&inst->head, &entry->dlist);
-- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
--
-- /*
-- * Add the PSK to the reply items, if it was cached.
-- */
-- if (entry->psk) {
-- MEM(vp = fr_pair_afrom_num(request->reply, PW_PRE_SHARED_KEY, 0));
-- fr_pair_value_bstrncpy(vp, entry->psk, entry->psk_len);
--
-- fr_pair_add(&request->reply->vps, vp);
-- }
--
-- goto save_psk_identity;
-- }
--
-- /*
-- * Save a copy of the found PSK in the reply;
-- */
--save_psk:
-- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
--
--save_found_psk:
-- if (!vp) return RLM_MODULE_OK;
--
-- fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
--
--save_psk_identity:
-- /*
-- * Save which identity matched.
-- */
-- if (psk_identity) {
-- MEM(vp = fr_pair_afrom_num(request->reply, PW_PSK_IDENTITY, 0));
-- fr_pair_value_bstrncpy(vp, psk_identity, strlen(psk_identity));
--
-- fr_pair_add(&request->reply->vps, vp);
-- }
--
-- return RLM_MODULE_OK;
--}
--
--/*
-- * Generate the PMK from SSID and Pre-Shared-Key
-- */
--static ssize_t dpsk_xlat(void *instance, REQUEST *request,
-- char const *fmt, char *out, size_t outlen)
--{
-- rlm_dpsk_t *inst = instance;
-- char const *p, *ssid, *psk;
-- size_t ssid_len, psk_len;
-- uint8_t buffer[32];
--
-- /*
-- * Prefer xlat arguments. But if they don't exist, use the attributes.
-- */
-- p = fmt;
-- while (isspace((uint8_t) *p)) p++;
--
-- if (!*p) {
-- if (generate_pmk(request, inst, buffer, sizeof(buffer), NULL, NULL, NULL, 0) == 0) {
-- RDEBUG("No &request:Called-Station-SSID or &config:Pre-Shared-Key found");
-- return 0;
-- }
-- } else {
-- ssid = p;
--
-- while (*p && !isspace((uint8_t) *p)) p++;
--
-- ssid_len = p - ssid;
--
-- if (!*p) {
-- REDEBUG("Found SSID, but no PSK");
-- return 0;
-- }
--
-- psk = p;
--
-- while (*p && !isspace((uint8_t) *p)) p++;
--
-- psk_len = p - psk;
--
-- if (PKCS5_PBKDF2_HMAC_SHA1(psk, psk_len, (const unsigned char *) ssid, ssid_len, 4096, sizeof(buffer), buffer) == 0) {
-- RDEBUG("Failed calling OpenSSL to calculate the PMK");
-- return 0;
-- }
-- }
--
-- if (outlen < sizeof(buffer) * 2 + 1) {
-- REDEBUG("Output buffer is too small for PMK");
-- return 0;
-- }
--
-- return fr_bin2hex(out, buffer, 32);
--}
--
--static int mod_bootstrap(CONF_SECTION *conf, void *instance)
--{
-- char const *name;
-- rlm_dpsk_t *inst = instance;
--
-- /*
-- * Create the dynamic translation.
-- */
-- name = cf_section_name2(conf);
-- if (!name) name = cf_section_name1(conf);
-- inst->xlat_name = name;
-- xlat_register(inst->xlat_name, dpsk_xlat, NULL, inst);
--
-- if (inst->ruckus) {
-- inst->ssid = dict_attrbyvalue(PW_RUCKUS_BSSID, VENDORPEC_RUCKUS);
-- inst->anonce = dict_attrbyvalue(PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS);
-- inst->frame = dict_attrbyvalue(PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS);
-- } else {
-- inst->ssid = dict_attrbyvalue(PW_CALLED_STATION_SSID, 0);
-- inst->anonce = dict_attrbyvalue(PW_FREERADIUS_8021X_ANONCE, VENDORPEC_FREERADIUS_EVS5);
-- inst->frame = dict_attrbyvalue(PW_FREERADIUS_8021X_EAPOL_KEY_MSG, VENDORPEC_FREERADIUS_EVS5);
-- }
--
-- if (!inst->ssid || !inst->anonce || !inst->frame) {
-- cf_log_err_cs(conf, "Failed to find attributes in the dictionary. Please do not edit the default dictionaries!");
-- return -1;
-- }
--
-- inst->dynamic = inst->filename && (strchr(inst->filename, '%') != NULL);
--
-- return 0;
--}
--
--static int cmp_cache_entry(void const *one, void const *two)
--{
-- rlm_dpsk_cache_t const *a = (rlm_dpsk_cache_t const *) one;
-- rlm_dpsk_cache_t const *b = (rlm_dpsk_cache_t const *) two;
-- int rcode;
--
-- rcode = memcmp(a->mac, b->mac, sizeof(a->mac));
-- if (rcode != 0) return rcode;
--
-- if (a->ssid_len < b->ssid_len) return -1;
-- if (a->ssid_len > b->ssid_len) return +1;
--
-- return memcmp(a->ssid, b->ssid, a->ssid_len);
--}
--
--static void free_cache_entry(void *data)
--{
-- rlm_dpsk_cache_t *entry = (rlm_dpsk_cache_t *) data;
--
-- PTHREAD_MUTEX_LOCK(&entry->inst->mutex);
-- fr_dlist_entry_unlink(&entry->dlist);
-- PTHREAD_MUTEX_UNLOCK(&entry->inst->mutex);
--
-- talloc_free(entry);
--}
--
--static int mod_instantiate(CONF_SECTION *conf, void *instance)
--{
-- rlm_dpsk_t *inst = instance;
--
-- if (!inst->cache_size) return 0;
--
-- FR_INTEGER_BOUND_CHECK("cache_size", inst->cache_size, <=, ((uint32_t) 1) << 16);
--
-- if (!inst->cache_size) return 0;
--
-- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, <=, (7 * 86400));
-- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, >=, 3600);
--
-- inst->cache = rbtree_create(inst, cmp_cache_entry, free_cache_entry, RBTREE_FLAG_LOCK);
-- if (!inst->cache) {
-- cf_log_err_cs(conf, "Failed creating internal cache");
-- return -1;
-- }
--
-- fr_dlist_entry_init(&inst->head);
--#ifdef HAVE_PTHREAD_H
-- if (pthread_mutex_init(&inst->mutex, NULL) < 0) {
-- cf_log_err_cs(conf, "Failed creating mutex");
-- return -1;
-- }
--#endif
--
-- return 0;
--}
--
--#ifdef HAVE_PTHREAD_H
--static int mod_detach(void *instance)
--{
-- rlm_dpsk_t *inst = instance;
--
-- if (!inst->cache_size) return 0;
--
-- pthread_mutex_destroy(&inst->mutex);
-- return 0;
--}
--#endif
--
--/*
-- * The module name should be the only globally exported symbol.
-- * That is, everything else should be 'static'.
-- *
-- * If the module needs to temporarily modify it's instantiation
-- * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
-- * The server will then take care of ensuring that the module
-- * is single-threaded.
-- */
--extern module_t rlm_dpsk;
--module_t rlm_dpsk = {
-- .magic = RLM_MODULE_INIT,
-- .name = "dpsk",
-- .type = RLM_TYPE_THREAD_SAFE,
-- .inst_size = sizeof(rlm_dpsk_t),
-- .config = module_config,
-- .bootstrap = mod_bootstrap,
-- .instantiate = mod_instantiate,
--#ifdef HAVE_PTHREAD_H
-- .detach = mod_detach,
--#endif
-- .methods = {
-- [MOD_AUTHORIZE] = mod_authorize,
-- [MOD_AUTHENTICATE] = mod_authenticate,
-- },
--};
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore b/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
-deleted file mode 100644
-index 01a5daa3cc..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
-+++ /dev/null
-@@ -1 +0,0 @@
--all.mk
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in b/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
-deleted file mode 100644
-index dfdcd71fd3..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
-+++ /dev/null
-@@ -1,12 +0,0 @@
--TARGETNAME := @targetname@
--
--ifneq "$(OPENSSL_LIBS)" ""
--ifneq "$(TARGETNAME)" ""
--TARGET := $(TARGETNAME).a
--endif
--endif
--
--SOURCES := $(TARGETNAME).c eap_teap.c eap_teap_crypto.c
--
--SRC_INCDIRS := ../../ ../../libeap/
--TGT_PREREQS := libfreeradius-eap.a
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure b/src/modules/rlm_eap/types/rlm_eap_teap/configure
-deleted file mode 100755
-index e37094d80c..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/configure
-+++ /dev/null
-@@ -1,4512 +0,0 @@
--#! /bin/sh
--# From configure.ac Revision.
--# Guess values for system-dependent variables and create Makefiles.
--# Generated by GNU Autoconf 2.69.
--#
--#
--# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
--#
--#
--# This configure script is free software; the Free Software Foundation
--# gives unlimited permission to copy, distribute and modify it.
--## -------------------- ##
--## M4sh Initialization. ##
--## -------------------- ##
--
--# Be more Bourne compatible
--DUALCASE=1; export DUALCASE # for MKS sh
--if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
-- emulate sh
-- NULLCMD=:
-- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
-- # is contrary to our usage. Disable this feature.
-- alias -g '${1+"$@"}'='"$@"'
-- setopt NO_GLOB_SUBST
--else
-- case `(set -o) 2>/dev/null` in #(
-- *posix*) :
-- set -o posix ;; #(
-- *) :
-- ;;
--esac
--fi
--
--
--as_nl='
--'
--export as_nl
--# Printing a long string crashes Solaris 7 /usr/bin/printf.
--as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
--# Prefer a ksh shell builtin over an external printf program on Solaris,
--# but without wasting forks for bash or zsh.
--if test -z "$BASH_VERSION$ZSH_VERSION" \
-- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='print -r --'
-- as_echo_n='print -rn --'
--elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='printf %s\n'
-- as_echo_n='printf %s'
--else
-- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
-- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
-- as_echo_n='/usr/ucb/echo -n'
-- else
-- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
-- as_echo_n_body='eval
-- arg=$1;
-- case $arg in #(
-- *"$as_nl"*)
-- expr "X$arg" : "X\\(.*\\)$as_nl";
-- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
-- esac;
-- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
-- '
-- export as_echo_n_body
-- as_echo_n='sh -c $as_echo_n_body as_echo'
-- fi
-- export as_echo_body
-- as_echo='sh -c $as_echo_body as_echo'
--fi
--
--# The user is always right.
--if test "${PATH_SEPARATOR+set}" != set; then
-- PATH_SEPARATOR=:
-- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
-- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
-- PATH_SEPARATOR=';'
-- }
--fi
--
--
--# IFS
--# We need space, tab and new line, in precisely that order. Quoting is
--# there to prevent editors from complaining about space-tab.
--# (If _AS_PATH_WALK were called with IFS unset, it would disable word
--# splitting by setting IFS to empty value.)
--IFS=" "" $as_nl"
--
--# Find who we are. Look in the path if we contain no directory separator.
--as_myself=
--case $0 in #((
-- *[\\/]* ) as_myself=$0 ;;
-- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-- done
--IFS=$as_save_IFS
--
-- ;;
--esac
--# We did not find ourselves, most probably we were run as `sh COMMAND'
--# in which case we are not to be found in the path.
--if test "x$as_myself" = x; then
-- as_myself=$0
--fi
--if test ! -f "$as_myself"; then
-- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-- exit 1
--fi
--
--# Unset variables that we do not need and which cause bugs (e.g. in
--# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
--# suppresses any "Segmentation fault" message there. '((' could
--# trigger a bug in pdksh 5.2.14.
--for as_var in BASH_ENV ENV MAIL MAILPATH
--do eval test x\${$as_var+set} = xset \
-- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
--done
--PS1='$ '
--PS2='> '
--PS4='+ '
--
--# NLS nuisances.
--LC_ALL=C
--export LC_ALL
--LANGUAGE=C
--export LANGUAGE
--
--# CDPATH.
--(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
--
--# Use a proper internal environment variable to ensure we don't fall
-- # into an infinite loop, continuously re-executing ourselves.
-- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
-- _as_can_reexec=no; export _as_can_reexec;
-- # We cannot yet assume a decent shell, so we have to provide a
--# neutralization value for shells without unset; and this also
--# works around shells that cannot unset nonexistent variables.
--# Preserve -v and -x to the replacement shell.
--BASH_ENV=/dev/null
--ENV=/dev/null
--(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
--case $- in # ((((
-- *v*x* | *x*v* ) as_opts=-vx ;;
-- *v* ) as_opts=-v ;;
-- *x* ) as_opts=-x ;;
-- * ) as_opts= ;;
--esac
--exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
--# Admittedly, this is quite paranoid, since all the known shells bail
--# out after a failed `exec'.
--$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
--as_fn_exit 255
-- fi
-- # We don't want this to propagate to other subprocesses.
-- { _as_can_reexec=; unset _as_can_reexec;}
--if test "x$CONFIG_SHELL" = x; then
-- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
-- emulate sh
-- NULLCMD=:
-- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
-- # is contrary to our usage. Disable this feature.
-- alias -g '\${1+\"\$@\"}'='\"\$@\"'
-- setopt NO_GLOB_SUBST
--else
-- case \`(set -o) 2>/dev/null\` in #(
-- *posix*) :
-- set -o posix ;; #(
-- *) :
-- ;;
--esac
--fi
--"
-- as_required="as_fn_return () { (exit \$1); }
--as_fn_success () { as_fn_return 0; }
--as_fn_failure () { as_fn_return 1; }
--as_fn_ret_success () { return 0; }
--as_fn_ret_failure () { return 1; }
--
--exitcode=0
--as_fn_success || { exitcode=1; echo as_fn_success failed.; }
--as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
--as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
--as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
--if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
--
--else
-- exitcode=1; echo positional parameters were not saved.
--fi
--test x\$exitcode = x0 || exit 1
--test -x / || exit 1"
-- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
-- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
-- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
-- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
--test \$(( 1 + 1 )) = 2 || exit 1"
-- if (eval "$as_required") 2>/dev/null; then :
-- as_have_required=yes
--else
-- as_have_required=no
--fi
-- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
--
--else
-- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--as_found=false
--for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- as_found=:
-- case $as_dir in #(
-- /*)
-- for as_base in sh bash ksh sh5; do
-- # Try only shells that exist, to save several forks.
-- as_shell=$as_dir/$as_base
-- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
-- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
-- CONFIG_SHELL=$as_shell as_have_required=yes
-- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
-- break 2
--fi
--fi
-- done;;
-- esac
-- as_found=false
--done
--$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
-- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
-- CONFIG_SHELL=$SHELL as_have_required=yes
--fi; }
--IFS=$as_save_IFS
--
--
-- if test "x$CONFIG_SHELL" != x; then :
-- export CONFIG_SHELL
-- # We cannot yet assume a decent shell, so we have to provide a
--# neutralization value for shells without unset; and this also
--# works around shells that cannot unset nonexistent variables.
--# Preserve -v and -x to the replacement shell.
--BASH_ENV=/dev/null
--ENV=/dev/null
--(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
--case $- in # ((((
-- *v*x* | *x*v* ) as_opts=-vx ;;
-- *v* ) as_opts=-v ;;
-- *x* ) as_opts=-x ;;
-- * ) as_opts= ;;
--esac
--exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
--# Admittedly, this is quite paranoid, since all the known shells bail
--# out after a failed `exec'.
--$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
--exit 255
--fi
--
-- if test x$as_have_required = xno; then :
-- $as_echo "$0: This script requires a shell more modern than all"
-- $as_echo "$0: the shells that I found on your system."
-- if test x${ZSH_VERSION+set} = xset ; then
-- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
-- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
-- else
-- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
--$0: including any error possibly output before this
--$0: message. Then install a modern shell, or manually run
--$0: the script under such a shell if you do have one."
-- fi
-- exit 1
--fi
--fi
--fi
--SHELL=${CONFIG_SHELL-/bin/sh}
--export SHELL
--# Unset more variables known to interfere with behavior of common tools.
--CLICOLOR_FORCE= GREP_OPTIONS=
--unset CLICOLOR_FORCE GREP_OPTIONS
--
--## --------------------- ##
--## M4sh Shell Functions. ##
--## --------------------- ##
--# as_fn_unset VAR
--# ---------------
--# Portably unset VAR.
--as_fn_unset ()
--{
-- { eval $1=; unset $1;}
--}
--as_unset=as_fn_unset
--
--# as_fn_set_status STATUS
--# -----------------------
--# Set $? to STATUS, without forking.
--as_fn_set_status ()
--{
-- return $1
--} # as_fn_set_status
--
--# as_fn_exit STATUS
--# -----------------
--# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
--as_fn_exit ()
--{
-- set +e
-- as_fn_set_status $1
-- exit $1
--} # as_fn_exit
--
--# as_fn_mkdir_p
--# -------------
--# Create "$as_dir" as a directory, including parents if necessary.
--as_fn_mkdir_p ()
--{
--
-- case $as_dir in #(
-- -*) as_dir=./$as_dir;;
-- esac
-- test -d "$as_dir" || eval $as_mkdir_p || {
-- as_dirs=
-- while :; do
-- case $as_dir in #(
-- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
-- *) as_qdir=$as_dir;;
-- esac
-- as_dirs="'$as_qdir' $as_dirs"
-- as_dir=`$as_dirname -- "$as_dir" ||
--$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$as_dir" : 'X\(//\)[^/]' \| \
-- X"$as_dir" : 'X\(//\)$' \| \
-- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_dir" |
-- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)[^/].*/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
-- test -d "$as_dir" && break
-- done
-- test -z "$as_dirs" || eval "mkdir $as_dirs"
-- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
--
--
--} # as_fn_mkdir_p
--
--# as_fn_executable_p FILE
--# -----------------------
--# Test if FILE is an executable regular file.
--as_fn_executable_p ()
--{
-- test -f "$1" && test -x "$1"
--} # as_fn_executable_p
--# as_fn_append VAR VALUE
--# ----------------------
--# Append the text in VALUE to the end of the definition contained in VAR. Take
--# advantage of any shell optimizations that allow amortized linear growth over
--# repeated appends, instead of the typical quadratic growth present in naive
--# implementations.
--if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
-- eval 'as_fn_append ()
-- {
-- eval $1+=\$2
-- }'
--else
-- as_fn_append ()
-- {
-- eval $1=\$$1\$2
-- }
--fi # as_fn_append
--
--# as_fn_arith ARG...
--# ------------------
--# Perform arithmetic evaluation on the ARGs, and store the result in the
--# global $as_val. Take advantage of shells that can avoid forks. The arguments
--# must be portable across $(()) and expr.
--if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
-- eval 'as_fn_arith ()
-- {
-- as_val=$(( $* ))
-- }'
--else
-- as_fn_arith ()
-- {
-- as_val=`expr "$@" || test $? -eq 1`
-- }
--fi # as_fn_arith
--
--
--# as_fn_error STATUS ERROR [LINENO LOG_FD]
--# ----------------------------------------
--# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
--# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
--# script with STATUS, using 1 if that was 0.
--as_fn_error ()
--{
-- as_status=$1; test $as_status -eq 0 && as_status=1
-- if test "$4"; then
-- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
-- fi
-- $as_echo "$as_me: error: $2" >&2
-- as_fn_exit $as_status
--} # as_fn_error
--
--if expr a : '\(a\)' >/dev/null 2>&1 &&
-- test "X`expr 00001 : '.*\(...\)'`" = X001; then
-- as_expr=expr
--else
-- as_expr=false
--fi
--
--if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
-- as_basename=basename
--else
-- as_basename=false
--fi
--
--if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
-- as_dirname=dirname
--else
-- as_dirname=false
--fi
--
--as_me=`$as_basename -- "$0" ||
--$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-- X"$0" : 'X\(//\)$' \| \
-- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X/"$0" |
-- sed '/^.*\/\([^/][^/]*\)\/*$/{
-- s//\1/
-- q
-- }
-- /^X\/\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\/\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
--
--# Avoid depending upon Character Ranges.
--as_cr_letters='abcdefghijklmnopqrstuvwxyz'
--as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
--as_cr_Letters=$as_cr_letters$as_cr_LETTERS
--as_cr_digits='0123456789'
--as_cr_alnum=$as_cr_Letters$as_cr_digits
--
--
-- as_lineno_1=$LINENO as_lineno_1a=$LINENO
-- as_lineno_2=$LINENO as_lineno_2a=$LINENO
-- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
-- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
-- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
-- sed -n '
-- p
-- /[$]LINENO/=
-- ' <$as_myself |
-- sed '
-- s/[$]LINENO.*/&-/
-- t lineno
-- b
-- :lineno
-- N
-- :loop
-- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
-- t loop
-- s/-\n.*//
-- ' >$as_me.lineno &&
-- chmod +x "$as_me.lineno" ||
-- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
--
-- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
-- # already done that, so ensure we don't try to do so again and fall
-- # in an infinite loop. This has already happened in practice.
-- _as_can_reexec=no; export _as_can_reexec
-- # Don't try to exec as it changes $[0], causing all sort of problems
-- # (the dirname of $[0] is not the place where we might find the
-- # original and so on. Autoconf is especially sensitive to this).
-- . "./$as_me.lineno"
-- # Exit status is that of the last command.
-- exit
--}
--
--ECHO_C= ECHO_N= ECHO_T=
--case `echo -n x` in #(((((
---n*)
-- case `echo 'xy\c'` in
-- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
-- xy) ECHO_C='\c';;
-- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
-- ECHO_T=' ';;
-- esac;;
--*)
-- ECHO_N='-n';;
--esac
--
--rm -f conf$$ conf$$.exe conf$$.file
--if test -d conf$$.dir; then
-- rm -f conf$$.dir/conf$$.file
--else
-- rm -f conf$$.dir
-- mkdir conf$$.dir 2>/dev/null
--fi
--if (echo >conf$$.file) 2>/dev/null; then
-- if ln -s conf$$.file conf$$ 2>/dev/null; then
-- as_ln_s='ln -s'
-- # ... but there are two gotchas:
-- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-- # In both cases, we have to default to `cp -pR'.
-- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-- as_ln_s='cp -pR'
-- elif ln conf$$.file conf$$ 2>/dev/null; then
-- as_ln_s=ln
-- else
-- as_ln_s='cp -pR'
-- fi
--else
-- as_ln_s='cp -pR'
--fi
--rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
--rmdir conf$$.dir 2>/dev/null
--
--if mkdir -p . 2>/dev/null; then
-- as_mkdir_p='mkdir -p "$as_dir"'
--else
-- test -d ./-p && rmdir ./-p
-- as_mkdir_p=false
--fi
--
--as_test_x='test -x'
--as_executable_p=as_fn_executable_p
--
--# Sed expression to map a string onto a valid CPP name.
--as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
--
--# Sed expression to map a string onto a valid variable name.
--as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
--
--
--test -n "$DJDIR" || exec 7<&0 </dev/null
--exec 6>&1
--
--# Name of the host.
--# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
--# so uname gets run too.
--ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
--
--#
--# Initializations.
--#
--ac_default_prefix=/usr/local
--ac_clean_files=
--ac_config_libobj_dir=.
--LIBOBJS=
--cross_compiling=no
--subdirs=
--MFLAGS=
--MAKEFLAGS=
--
--# Identity of this package.
--PACKAGE_NAME=
--PACKAGE_TARNAME=
--PACKAGE_VERSION=
--PACKAGE_STRING=
--PACKAGE_BUGREPORT=
--PACKAGE_URL=
--
--ac_unique_file="rlm_eap_teap.c"
--ac_subst_vars='LTLIBOBJS
--LIBOBJS
--mod_cflags
--mod_ldflags
--targetname
--EGREP
--GREP
--CPP
--OBJEXT
--EXEEXT
--ac_ct_CC
--CPPFLAGS
--LDFLAGS
--CFLAGS
--CC
--target_alias
--host_alias
--build_alias
--LIBS
--ECHO_T
--ECHO_N
--ECHO_C
--DEFS
--mandir
--localedir
--libdir
--psdir
--pdfdir
--dvidir
--htmldir
--infodir
--docdir
--oldincludedir
--includedir
--runstatedir
--localstatedir
--sharedstatedir
--sysconfdir
--datadir
--datarootdir
--libexecdir
--sbindir
--bindir
--program_transform_name
--prefix
--exec_prefix
--PACKAGE_URL
--PACKAGE_BUGREPORT
--PACKAGE_STRING
--PACKAGE_VERSION
--PACKAGE_TARNAME
--PACKAGE_NAME
--PATH_SEPARATOR
--SHELL'
--ac_subst_files=''
--ac_user_opts='
--enable_option_checking
--with_rlm_eap_teap
--with_openssl_lib_dir
--with_openssl_include_dir
--'
-- ac_precious_vars='build_alias
--host_alias
--target_alias
--CC
--CFLAGS
--LDFLAGS
--LIBS
--CPPFLAGS
--CPP'
--
--
--# Initialize some variables set by options.
--ac_init_help=
--ac_init_version=false
--ac_unrecognized_opts=
--ac_unrecognized_sep=
--# The variables have the same names as the options, with
--# dashes changed to underlines.
--cache_file=/dev/null
--exec_prefix=NONE
--no_create=
--no_recursion=
--prefix=NONE
--program_prefix=NONE
--program_suffix=NONE
--program_transform_name=s,x,x,
--silent=
--site=
--srcdir=
--verbose=
--x_includes=NONE
--x_libraries=NONE
--
--# Installation directory options.
--# These are left unexpanded so users can "make install exec_prefix=/foo"
--# and all the variables that are supposed to be based on exec_prefix
--# by default will actually change.
--# Use braces instead of parens because sh, perl, etc. also accept them.
--# (The list follows the same order as the GNU Coding Standards.)
--bindir='${exec_prefix}/bin'
--sbindir='${exec_prefix}/sbin'
--libexecdir='${exec_prefix}/libexec'
--datarootdir='${prefix}/share'
--datadir='${datarootdir}'
--sysconfdir='${prefix}/etc'
--sharedstatedir='${prefix}/com'
--localstatedir='${prefix}/var'
--runstatedir='${localstatedir}/run'
--includedir='${prefix}/include'
--oldincludedir='/usr/include'
--docdir='${datarootdir}/doc/${PACKAGE}'
--infodir='${datarootdir}/info'
--htmldir='${docdir}'
--dvidir='${docdir}'
--pdfdir='${docdir}'
--psdir='${docdir}'
--libdir='${exec_prefix}/lib'
--localedir='${datarootdir}/locale'
--mandir='${datarootdir}/man'
--
--ac_prev=
--ac_dashdash=
--for ac_option
--do
-- # If the previous option needs an argument, assign it.
-- if test -n "$ac_prev"; then
-- eval $ac_prev=\$ac_option
-- ac_prev=
-- continue
-- fi
--
-- case $ac_option in
-- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
-- *=) ac_optarg= ;;
-- *) ac_optarg=yes ;;
-- esac
--
-- # Accept the important Cygnus configure options, so we can diagnose typos.
--
-- case $ac_dashdash$ac_option in
-- --)
-- ac_dashdash=yes ;;
--
-- -bindir | --bindir | --bindi | --bind | --bin | --bi)
-- ac_prev=bindir ;;
-- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
-- bindir=$ac_optarg ;;
--
-- -build | --build | --buil | --bui | --bu)
-- ac_prev=build_alias ;;
-- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
-- build_alias=$ac_optarg ;;
--
-- -cache-file | --cache-file | --cache-fil | --cache-fi \
-- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
-- ac_prev=cache_file ;;
-- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
-- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
-- cache_file=$ac_optarg ;;
--
-- --config-cache | -C)
-- cache_file=config.cache ;;
--
-- -datadir | --datadir | --datadi | --datad)
-- ac_prev=datadir ;;
-- -datadir=* | --datadir=* | --datadi=* | --datad=*)
-- datadir=$ac_optarg ;;
--
-- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
-- | --dataroo | --dataro | --datar)
-- ac_prev=datarootdir ;;
-- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
-- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
-- datarootdir=$ac_optarg ;;
--
-- -disable-* | --disable-*)
-- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
-- # Reject names that are not valid shell variable names.
-- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid feature name: $ac_useropt"
-- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-- case $ac_user_opts in
-- *"
--"enable_$ac_useropt"
--"*) ;;
-- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
-- ac_unrecognized_sep=', ';;
-- esac
-- eval enable_$ac_useropt=no ;;
--
-- -docdir | --docdir | --docdi | --doc | --do)
-- ac_prev=docdir ;;
-- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
-- docdir=$ac_optarg ;;
--
-- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
-- ac_prev=dvidir ;;
-- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
-- dvidir=$ac_optarg ;;
--
-- -enable-* | --enable-*)
-- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
-- # Reject names that are not valid shell variable names.
-- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid feature name: $ac_useropt"
-- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-- case $ac_user_opts in
-- *"
--"enable_$ac_useropt"
--"*) ;;
-- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
-- ac_unrecognized_sep=', ';;
-- esac
-- eval enable_$ac_useropt=\$ac_optarg ;;
--
-- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
-- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
-- | --exec | --exe | --ex)
-- ac_prev=exec_prefix ;;
-- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
-- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
-- | --exec=* | --exe=* | --ex=*)
-- exec_prefix=$ac_optarg ;;
--
-- -gas | --gas | --ga | --g)
-- # Obsolete; use --with-gas.
-- with_gas=yes ;;
--
-- -help | --help | --hel | --he | -h)
-- ac_init_help=long ;;
-- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
-- ac_init_help=recursive ;;
-- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
-- ac_init_help=short ;;
--
-- -host | --host | --hos | --ho)
-- ac_prev=host_alias ;;
-- -host=* | --host=* | --hos=* | --ho=*)
-- host_alias=$ac_optarg ;;
--
-- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
-- ac_prev=htmldir ;;
-- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
-- | --ht=*)
-- htmldir=$ac_optarg ;;
--
-- -includedir | --includedir | --includedi | --included | --include \
-- | --includ | --inclu | --incl | --inc)
-- ac_prev=includedir ;;
-- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
-- | --includ=* | --inclu=* | --incl=* | --inc=*)
-- includedir=$ac_optarg ;;
--
-- -infodir | --infodir | --infodi | --infod | --info | --inf)
-- ac_prev=infodir ;;
-- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
-- infodir=$ac_optarg ;;
--
-- -libdir | --libdir | --libdi | --libd)
-- ac_prev=libdir ;;
-- -libdir=* | --libdir=* | --libdi=* | --libd=*)
-- libdir=$ac_optarg ;;
--
-- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
-- | --libexe | --libex | --libe)
-- ac_prev=libexecdir ;;
-- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
-- | --libexe=* | --libex=* | --libe=*)
-- libexecdir=$ac_optarg ;;
--
-- -localedir | --localedir | --localedi | --localed | --locale)
-- ac_prev=localedir ;;
-- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
-- localedir=$ac_optarg ;;
--
-- -localstatedir | --localstatedir | --localstatedi | --localstated \
-- | --localstate | --localstat | --localsta | --localst | --locals)
-- ac_prev=localstatedir ;;
-- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
-- localstatedir=$ac_optarg ;;
--
-- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
-- ac_prev=mandir ;;
-- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
-- mandir=$ac_optarg ;;
--
-- -nfp | --nfp | --nf)
-- # Obsolete; use --without-fp.
-- with_fp=no ;;
--
-- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-- | --no-cr | --no-c | -n)
-- no_create=yes ;;
--
-- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-- no_recursion=yes ;;
--
-- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
-- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
-- | --oldin | --oldi | --old | --ol | --o)
-- ac_prev=oldincludedir ;;
-- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
-- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
-- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
-- oldincludedir=$ac_optarg ;;
--
-- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-- ac_prev=prefix ;;
-- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-- prefix=$ac_optarg ;;
--
-- -program-prefix | --program-prefix | --program-prefi | --program-pref \
-- | --program-pre | --program-pr | --program-p)
-- ac_prev=program_prefix ;;
-- -program-prefix=* | --program-prefix=* | --program-prefi=* \
-- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
-- program_prefix=$ac_optarg ;;
--
-- -program-suffix | --program-suffix | --program-suffi | --program-suff \
-- | --program-suf | --program-su | --program-s)
-- ac_prev=program_suffix ;;
-- -program-suffix=* | --program-suffix=* | --program-suffi=* \
-- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
-- program_suffix=$ac_optarg ;;
--
-- -program-transform-name | --program-transform-name \
-- | --program-transform-nam | --program-transform-na \
-- | --program-transform-n | --program-transform- \
-- | --program-transform | --program-transfor \
-- | --program-transfo | --program-transf \
-- | --program-trans | --program-tran \
-- | --progr-tra | --program-tr | --program-t)
-- ac_prev=program_transform_name ;;
-- -program-transform-name=* | --program-transform-name=* \
-- | --program-transform-nam=* | --program-transform-na=* \
-- | --program-transform-n=* | --program-transform-=* \
-- | --program-transform=* | --program-transfor=* \
-- | --program-transfo=* | --program-transf=* \
-- | --program-trans=* | --program-tran=* \
-- | --progr-tra=* | --program-tr=* | --program-t=*)
-- program_transform_name=$ac_optarg ;;
--
-- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
-- ac_prev=pdfdir ;;
-- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
-- pdfdir=$ac_optarg ;;
--
-- -psdir | --psdir | --psdi | --psd | --ps)
-- ac_prev=psdir ;;
-- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
-- psdir=$ac_optarg ;;
--
-- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-- | -silent | --silent | --silen | --sile | --sil)
-- silent=yes ;;
--
-- -runstatedir | --runstatedir | --runstatedi | --runstated \
-- | --runstate | --runstat | --runsta | --runst | --runs \
-- | --run | --ru | --r)
-- ac_prev=runstatedir ;;
-- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-- | --run=* | --ru=* | --r=*)
-- runstatedir=$ac_optarg ;;
--
-- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
-- ac_prev=sbindir ;;
-- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-- | --sbi=* | --sb=*)
-- sbindir=$ac_optarg ;;
--
-- -sharedstatedir | --sharedstatedir | --sharedstatedi \
-- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
-- | --sharedst | --shareds | --shared | --share | --shar \
-- | --sha | --sh)
-- ac_prev=sharedstatedir ;;
-- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
-- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
-- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
-- | --sha=* | --sh=*)
-- sharedstatedir=$ac_optarg ;;
--
-- -site | --site | --sit)
-- ac_prev=site ;;
-- -site=* | --site=* | --sit=*)
-- site=$ac_optarg ;;
--
-- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
-- ac_prev=srcdir ;;
-- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-- srcdir=$ac_optarg ;;
--
-- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
-- | --syscon | --sysco | --sysc | --sys | --sy)
-- ac_prev=sysconfdir ;;
-- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
-- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
-- sysconfdir=$ac_optarg ;;
--
-- -target | --target | --targe | --targ | --tar | --ta | --t)
-- ac_prev=target_alias ;;
-- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
-- target_alias=$ac_optarg ;;
--
-- -v | -verbose | --verbose | --verbos | --verbo | --verb)
-- verbose=yes ;;
--
-- -version | --version | --versio | --versi | --vers | -V)
-- ac_init_version=: ;;
--
-- -with-* | --with-*)
-- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
-- # Reject names that are not valid shell variable names.
-- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid package name: $ac_useropt"
-- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-- case $ac_user_opts in
-- *"
--"with_$ac_useropt"
--"*) ;;
-- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
-- ac_unrecognized_sep=', ';;
-- esac
-- eval with_$ac_useropt=\$ac_optarg ;;
--
-- -without-* | --without-*)
-- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
-- # Reject names that are not valid shell variable names.
-- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-- as_fn_error $? "invalid package name: $ac_useropt"
-- ac_useropt_orig=$ac_useropt
-- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
-- case $ac_user_opts in
-- *"
--"with_$ac_useropt"
--"*) ;;
-- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
-- ac_unrecognized_sep=', ';;
-- esac
-- eval with_$ac_useropt=no ;;
--
-- --x)
-- # Obsolete; use --with-x.
-- with_x=yes ;;
--
-- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
-- | --x-incl | --x-inc | --x-in | --x-i)
-- ac_prev=x_includes ;;
-- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
-- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
-- x_includes=$ac_optarg ;;
--
-- -x-libraries | --x-libraries | --x-librarie | --x-librari \
-- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
-- ac_prev=x_libraries ;;
-- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
-- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
-- x_libraries=$ac_optarg ;;
--
-- -*) as_fn_error $? "unrecognized option: \`$ac_option'
--Try \`$0 --help' for more information"
-- ;;
--
-- *=*)
-- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
-- # Reject names that are not valid shell variable names.
-- case $ac_envvar in #(
-- '' | [0-9]* | *[!_$as_cr_alnum]* )
-- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
-- esac
-- eval $ac_envvar=\$ac_optarg
-- export $ac_envvar ;;
--
-- *)
-- # FIXME: should be removed in autoconf 3.0.
-- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
-- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
-- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
-- ;;
--
-- esac
--done
--
--if test -n "$ac_prev"; then
-- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
-- as_fn_error $? "missing argument to $ac_option"
--fi
--
--if test -n "$ac_unrecognized_opts"; then
-- case $enable_option_checking in
-- no) ;;
-- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
-- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
-- esac
--fi
--
--# Check all directory arguments for consistency.
--for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
-- datadir sysconfdir sharedstatedir localstatedir includedir \
-- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-- libdir localedir mandir runstatedir
--do
-- eval ac_val=\$$ac_var
-- # Remove trailing slashes.
-- case $ac_val in
-- */ )
-- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
-- eval $ac_var=\$ac_val;;
-- esac
-- # Be sure to have absolute directory names.
-- case $ac_val in
-- [\\/$]* | ?:[\\/]* ) continue;;
-- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
-- esac
-- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
--done
--
--# There might be people who depend on the old broken behavior: `$host'
--# used to hold the argument of --host etc.
--# FIXME: To remove some day.
--build=$build_alias
--host=$host_alias
--target=$target_alias
--
--# FIXME: To remove some day.
--if test "x$host_alias" != x; then
-- if test "x$build_alias" = x; then
-- cross_compiling=maybe
-- elif test "x$build_alias" != "x$host_alias"; then
-- cross_compiling=yes
-- fi
--fi
--
--ac_tool_prefix=
--test -n "$host_alias" && ac_tool_prefix=$host_alias-
--
--test "$silent" = yes && exec 6>/dev/null
--
--
--ac_pwd=`pwd` && test -n "$ac_pwd" &&
--ac_ls_di=`ls -di .` &&
--ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
-- as_fn_error $? "working directory cannot be determined"
--test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
-- as_fn_error $? "pwd does not report name of working directory"
--
--
--# Find the source files, if location was not specified.
--if test -z "$srcdir"; then
-- ac_srcdir_defaulted=yes
-- # Try the directory containing this script, then the parent directory.
-- ac_confdir=`$as_dirname -- "$as_myself" ||
--$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$as_myself" : 'X\(//\)[^/]' \| \
-- X"$as_myself" : 'X\(//\)$' \| \
-- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_myself" |
-- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)[^/].*/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
-- srcdir=$ac_confdir
-- if test ! -r "$srcdir/$ac_unique_file"; then
-- srcdir=..
-- fi
--else
-- ac_srcdir_defaulted=no
--fi
--if test ! -r "$srcdir/$ac_unique_file"; then
-- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
-- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
--fi
--ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
--ac_abs_confdir=`(
-- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
-- pwd)`
--# When building in place, set srcdir=.
--if test "$ac_abs_confdir" = "$ac_pwd"; then
-- srcdir=.
--fi
--# Remove unnecessary trailing slashes from srcdir.
--# Double slashes in file names in object file debugging info
--# mess up M-x gdb in Emacs.
--case $srcdir in
--*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
--esac
--for ac_var in $ac_precious_vars; do
-- eval ac_env_${ac_var}_set=\${${ac_var}+set}
-- eval ac_env_${ac_var}_value=\$${ac_var}
-- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
-- eval ac_cv_env_${ac_var}_value=\$${ac_var}
--done
--
--#
--# Report the --help message.
--#
--if test "$ac_init_help" = "long"; then
-- # Omit some internal or obsolete options to make the list less imposing.
-- # This message is too long to be a string in the A/UX 3.1 sh.
-- cat <<_ACEOF
--\`configure' configures this package to adapt to many kinds of systems.
--
--Usage: $0 [OPTION]... [VAR=VALUE]...
--
--To assign environment variables (e.g., CC, CFLAGS...), specify them as
--VAR=VALUE. See below for descriptions of some of the useful variables.
--
--Defaults for the options are specified in brackets.
--
--Configuration:
-- -h, --help display this help and exit
-- --help=short display options specific to this package
-- --help=recursive display the short help of all the included packages
-- -V, --version display version information and exit
-- -q, --quiet, --silent do not print \`checking ...' messages
-- --cache-file=FILE cache test results in FILE [disabled]
-- -C, --config-cache alias for \`--cache-file=config.cache'
-- -n, --no-create do not create output files
-- --srcdir=DIR find the sources in DIR [configure dir or \`..']
--
--Installation directories:
-- --prefix=PREFIX install architecture-independent files in PREFIX
-- [$ac_default_prefix]
-- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
-- [PREFIX]
--
--By default, \`make install' will install all the files in
--\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
--an installation prefix other than \`$ac_default_prefix' using \`--prefix',
--for instance \`--prefix=\$HOME'.
--
--For better control, use the options below.
--
--Fine tuning of the installation directories:
-- --bindir=DIR user executables [EPREFIX/bin]
-- --sbindir=DIR system admin executables [EPREFIX/sbin]
-- --libexecdir=DIR program executables [EPREFIX/libexec]
-- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
-- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
-- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
-- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
-- --libdir=DIR object code libraries [EPREFIX/lib]
-- --includedir=DIR C header files [PREFIX/include]
-- --oldincludedir=DIR C header files for non-gcc [/usr/include]
-- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
-- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
-- --infodir=DIR info documentation [DATAROOTDIR/info]
-- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
-- --mandir=DIR man documentation [DATAROOTDIR/man]
-- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
-- --htmldir=DIR html documentation [DOCDIR]
-- --dvidir=DIR dvi documentation [DOCDIR]
-- --pdfdir=DIR pdf documentation [DOCDIR]
-- --psdir=DIR ps documentation [DOCDIR]
--_ACEOF
--
-- cat <<\_ACEOF
--_ACEOF
--fi
--
--if test -n "$ac_init_help"; then
--
-- cat <<\_ACEOF
--
--Optional Packages:
-- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
-- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
-- --without-rlm_eap_teap build without rlm_eap_teap
-- --with-openssl-lib-dir=DIR
-- directory for LDAP library files
-- -with-openssl-include-dir=DIR
-- directory for LDAP include files
--
--Some influential environment variables:
-- CC C compiler command
-- CFLAGS C compiler flags
-- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
-- nonstandard directory <lib dir>
-- LIBS libraries to pass to the linker, e.g. -l<library>
-- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
-- you have headers in a nonstandard directory <include dir>
-- CPP C preprocessor
--
--Use these variables to override the choices made by `configure' or to help
--it to find libraries and programs with nonstandard names/locations.
--
--Report bugs to the package provider.
--_ACEOF
--ac_status=$?
--fi
--
--if test "$ac_init_help" = "recursive"; then
-- # If there are subdirs, report their specific --help.
-- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
-- test -d "$ac_dir" ||
-- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
-- continue
-- ac_builddir=.
--
--case "$ac_dir" in
--.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
--*)
-- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
-- # A ".." for each directory in $ac_dir_suffix.
-- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
-- case $ac_top_builddir_sub in
-- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
-- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-- esac ;;
--esac
--ac_abs_top_builddir=$ac_pwd
--ac_abs_builddir=$ac_pwd$ac_dir_suffix
--# for backward compatibility:
--ac_top_builddir=$ac_top_build_prefix
--
--case $srcdir in
-- .) # We are building in place.
-- ac_srcdir=.
-- ac_top_srcdir=$ac_top_builddir_sub
-- ac_abs_top_srcdir=$ac_pwd ;;
-- [\\/]* | ?:[\\/]* ) # Absolute name.
-- ac_srcdir=$srcdir$ac_dir_suffix;
-- ac_top_srcdir=$srcdir
-- ac_abs_top_srcdir=$srcdir ;;
-- *) # Relative name.
-- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
-- ac_top_srcdir=$ac_top_build_prefix$srcdir
-- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
--esac
--ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
--
-- cd "$ac_dir" || { ac_status=$?; continue; }
-- # Check for guested configure.
-- if test -f "$ac_srcdir/configure.gnu"; then
-- echo &&
-- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
-- elif test -f "$ac_srcdir/configure"; then
-- echo &&
-- $SHELL "$ac_srcdir/configure" --help=recursive
-- else
-- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-- fi || ac_status=$?
-- cd "$ac_pwd" || { ac_status=$?; break; }
-- done
--fi
--
--test -n "$ac_init_help" && exit $ac_status
--if $ac_init_version; then
-- cat <<\_ACEOF
--configure
--generated by GNU Autoconf 2.69
--
--Copyright (C) 2012 Free Software Foundation, Inc.
--This configure script is free software; the Free Software Foundation
--gives unlimited permission to copy, distribute and modify it.
--_ACEOF
-- exit
--fi
--
--## ------------------------ ##
--## Autoconf initialization. ##
--## ------------------------ ##
--
--echo
--echo Running tests for rlm_eap_teap
--echo
--
--
--# ac_fn_c_try_compile LINENO
--# --------------------------
--# Try to compile conftest.$ac_ext, and return whether this succeeded.
--ac_fn_c_try_compile ()
--{
-- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- rm -f conftest.$ac_objext
-- if { { ac_try="$ac_compile"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_compile") 2>conftest.err
-- ac_status=$?
-- if test -s conftest.err; then
-- grep -v '^ *+' conftest.err >conftest.er1
-- cat conftest.er1 >&5
-- mv -f conftest.er1 conftest.err
-- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; } && {
-- test -z "$ac_c_werror_flag" ||
-- test ! -s conftest.err
-- } && test -s conftest.$ac_objext; then :
-- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
-- ac_retval=1
--fi
-- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-- as_fn_set_status $ac_retval
--
--} # ac_fn_c_try_compile
--
--# ac_fn_c_try_link LINENO
--# -----------------------
--# Try to link conftest.$ac_ext, and return whether this succeeded.
--ac_fn_c_try_link ()
--{
-- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- rm -f conftest.$ac_objext conftest$ac_exeext
-- if { { ac_try="$ac_link"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_link") 2>conftest.err
-- ac_status=$?
-- if test -s conftest.err; then
-- grep -v '^ *+' conftest.err >conftest.er1
-- cat conftest.er1 >&5
-- mv -f conftest.er1 conftest.err
-- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; } && {
-- test -z "$ac_c_werror_flag" ||
-- test ! -s conftest.err
-- } && test -s conftest$ac_exeext && {
-- test "$cross_compiling" = yes ||
-- test -x conftest$ac_exeext
-- }; then :
-- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
-- ac_retval=1
--fi
-- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
-- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
-- # interfere with the next link command; also delete a directory that is
-- # left behind by Apple's compiler. We do this before executing the actions.
-- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
-- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-- as_fn_set_status $ac_retval
--
--} # ac_fn_c_try_link
--
--# ac_fn_c_try_cpp LINENO
--# ----------------------
--# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
--ac_fn_c_try_cpp ()
--{
-- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- if { { ac_try="$ac_cpp conftest.$ac_ext"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
-- ac_status=$?
-- if test -s conftest.err; then
-- grep -v '^ *+' conftest.err >conftest.er1
-- cat conftest.er1 >&5
-- mv -f conftest.er1 conftest.err
-- fi
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; } > conftest.i && {
-- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-- test ! -s conftest.err
-- }; then :
-- ac_retval=0
--else
-- $as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
-- ac_retval=1
--fi
-- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-- as_fn_set_status $ac_retval
--
--} # ac_fn_c_try_cpp
--cat >config.log <<_ACEOF
--This file contains any messages produced by compilers while
--running configure, to aid debugging if configure makes a mistake.
--
--It was created by $as_me, which was
--generated by GNU Autoconf 2.69. Invocation command line was
--
-- $ $0 $@
--
--_ACEOF
--exec 5>>config.log
--{
--cat <<_ASUNAME
--## --------- ##
--## Platform. ##
--## --------- ##
--
--hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
--uname -m = `(uname -m) 2>/dev/null || echo unknown`
--uname -r = `(uname -r) 2>/dev/null || echo unknown`
--uname -s = `(uname -s) 2>/dev/null || echo unknown`
--uname -v = `(uname -v) 2>/dev/null || echo unknown`
--
--/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
--/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
--
--/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
--/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
--/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
--/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
--/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
--/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
--/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
--
--_ASUNAME
--
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- $as_echo "PATH: $as_dir"
-- done
--IFS=$as_save_IFS
--
--} >&5
--
--cat >&5 <<_ACEOF
--
--
--## ----------- ##
--## Core tests. ##
--## ----------- ##
--
--_ACEOF
--
--
--# Keep a trace of the command line.
--# Strip out --no-create and --no-recursion so they do not pile up.
--# Strip out --silent because we don't want to record it for future runs.
--# Also quote any args containing shell meta-characters.
--# Make two passes to allow for proper duplicate-argument suppression.
--ac_configure_args=
--ac_configure_args0=
--ac_configure_args1=
--ac_must_keep_next=false
--for ac_pass in 1 2
--do
-- for ac_arg
-- do
-- case $ac_arg in
-- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
-- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-- | -silent | --silent | --silen | --sile | --sil)
-- continue ;;
-- *\'*)
-- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-- esac
-- case $ac_pass in
-- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
-- 2)
-- as_fn_append ac_configure_args1 " '$ac_arg'"
-- if test $ac_must_keep_next = true; then
-- ac_must_keep_next=false # Got value, back to normal.
-- else
-- case $ac_arg in
-- *=* | --config-cache | -C | -disable-* | --disable-* \
-- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
-- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
-- | -with-* | --with-* | -without-* | --without-* | --x)
-- case "$ac_configure_args0 " in
-- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
-- esac
-- ;;
-- -* ) ac_must_keep_next=true ;;
-- esac
-- fi
-- as_fn_append ac_configure_args " '$ac_arg'"
-- ;;
-- esac
-- done
--done
--{ ac_configure_args0=; unset ac_configure_args0;}
--{ ac_configure_args1=; unset ac_configure_args1;}
--
--# When interrupted or exit'd, cleanup temporary files, and complete
--# config.log. We remove comments because anyway the quotes in there
--# would cause problems or look ugly.
--# WARNING: Use '\'' to represent an apostrophe within the trap.
--# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
--trap 'exit_status=$?
-- # Save into config.log some information that might help in debugging.
-- {
-- echo
--
-- $as_echo "## ---------------- ##
--## Cache variables. ##
--## ---------------- ##"
-- echo
-- # The following way of writing the cache mishandles newlines in values,
--(
-- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
-- eval ac_val=\$$ac_var
-- case $ac_val in #(
-- *${as_nl}*)
-- case $ac_var in #(
-- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
--$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
-- esac
-- case $ac_var in #(
-- _ | IFS | as_nl) ;; #(
-- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
-- *) { eval $ac_var=; unset $ac_var;} ;;
-- esac ;;
-- esac
-- done
-- (set) 2>&1 |
-- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
-- *${as_nl}ac_space=\ *)
-- sed -n \
-- "s/'\''/'\''\\\\'\'''\''/g;
-- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
-- ;; #(
-- *)
-- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
-- ;;
-- esac |
-- sort
--)
-- echo
--
-- $as_echo "## ----------------- ##
--## Output variables. ##
--## ----------------- ##"
-- echo
-- for ac_var in $ac_subst_vars
-- do
-- eval ac_val=\$$ac_var
-- case $ac_val in
-- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-- esac
-- $as_echo "$ac_var='\''$ac_val'\''"
-- done | sort
-- echo
--
-- if test -n "$ac_subst_files"; then
-- $as_echo "## ------------------- ##
--## File substitutions. ##
--## ------------------- ##"
-- echo
-- for ac_var in $ac_subst_files
-- do
-- eval ac_val=\$$ac_var
-- case $ac_val in
-- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-- esac
-- $as_echo "$ac_var='\''$ac_val'\''"
-- done | sort
-- echo
-- fi
--
-- if test -s confdefs.h; then
-- $as_echo "## ----------- ##
--## confdefs.h. ##
--## ----------- ##"
-- echo
-- cat confdefs.h
-- echo
-- fi
-- test "$ac_signal" != 0 &&
-- $as_echo "$as_me: caught signal $ac_signal"
-- $as_echo "$as_me: exit $exit_status"
-- } >&5
-- rm -f core *.core core.conftest.* &&
-- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
-- exit $exit_status
--' 0
--for ac_signal in 1 2 13 15; do
-- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
--done
--ac_signal=0
--
--# confdefs.h avoids OS command line length limits that DEFS can exceed.
--rm -f -r conftest* confdefs.h
--
--$as_echo "/* confdefs.h */" > confdefs.h
--
--# Predefined preprocessor variables.
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_NAME "$PACKAGE_NAME"
--_ACEOF
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
--_ACEOF
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_VERSION "$PACKAGE_VERSION"
--_ACEOF
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_STRING "$PACKAGE_STRING"
--_ACEOF
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
--_ACEOF
--
--cat >>confdefs.h <<_ACEOF
--#define PACKAGE_URL "$PACKAGE_URL"
--_ACEOF
--
--
--# Let the site file select an alternate cache file if it wants to.
--# Prefer an explicitly selected file to automatically selected ones.
--ac_site_file1=NONE
--ac_site_file2=NONE
--if test -n "$CONFIG_SITE"; then
-- # We do not want a PATH search for config.site.
-- case $CONFIG_SITE in #((
-- -*) ac_site_file1=./$CONFIG_SITE;;
-- */*) ac_site_file1=$CONFIG_SITE;;
-- *) ac_site_file1=./$CONFIG_SITE;;
-- esac
--elif test "x$prefix" != xNONE; then
-- ac_site_file1=$prefix/share/config.site
-- ac_site_file2=$prefix/etc/config.site
--else
-- ac_site_file1=$ac_default_prefix/share/config.site
-- ac_site_file2=$ac_default_prefix/etc/config.site
--fi
--for ac_site_file in "$ac_site_file1" "$ac_site_file2"
--do
-- test "x$ac_site_file" = xNONE && continue
-- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
--$as_echo "$as_me: loading site script $ac_site_file" >&6;}
-- sed 's/^/| /' "$ac_site_file" >&5
-- . "$ac_site_file" \
-- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "failed to load site script $ac_site_file
--See \`config.log' for more details" "$LINENO" 5; }
-- fi
--done
--
--if test -r "$cache_file"; then
-- # Some versions of bash will fail to source /dev/null (special files
-- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
-- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
--$as_echo "$as_me: loading cache $cache_file" >&6;}
-- case $cache_file in
-- [\\/]* | ?:[\\/]* ) . "$cache_file";;
-- *) . "./$cache_file";;
-- esac
-- fi
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
--$as_echo "$as_me: creating cache $cache_file" >&6;}
-- >$cache_file
--fi
--
--# Check that the precious variables saved in the cache have kept the same
--# value.
--ac_cache_corrupted=false
--for ac_var in $ac_precious_vars; do
-- eval ac_old_set=\$ac_cv_env_${ac_var}_set
-- eval ac_new_set=\$ac_env_${ac_var}_set
-- eval ac_old_val=\$ac_cv_env_${ac_var}_value
-- eval ac_new_val=\$ac_env_${ac_var}_value
-- case $ac_old_set,$ac_new_set in
-- set,)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
--$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
-- ac_cache_corrupted=: ;;
-- ,set)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
--$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
-- ac_cache_corrupted=: ;;
-- ,);;
-- *)
-- if test "x$ac_old_val" != "x$ac_new_val"; then
-- # differences in whitespace do not lead to failure.
-- ac_old_val_w=`echo x $ac_old_val`
-- ac_new_val_w=`echo x $ac_new_val`
-- if test "$ac_old_val_w" != "$ac_new_val_w"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
--$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-- ac_cache_corrupted=:
-- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
--$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
-- eval $ac_var=\$ac_old_val
-- fi
-- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
--$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
--$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
-- fi;;
-- esac
-- # Pass precious variables to config.status.
-- if test "$ac_new_set" = set; then
-- case $ac_new_val in
-- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
-- *) ac_arg=$ac_var=$ac_new_val ;;
-- esac
-- case " $ac_configure_args " in
-- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
-- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
-- esac
-- fi
--done
--if $ac_cache_corrupted; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
--$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
--fi
--## -------------------- ##
--## Main body of script. ##
--## -------------------- ##
--
--ac_ext=c
--ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
--ac_compiler_gnu=$ac_cv_c_compiler_gnu
--
--
--
--
--
--
--
--
--
--# Check whether --with-rlm_eap_teap was given.
--if test "${with_rlm_eap_teap+set}" = set; then :
-- withval=$with_rlm_eap_teap;
--fi
--
--
--
--mod_ldflags=
--mod_cflags=
--
--
--fail=
--fr_status=
--fr_features=
--: > "config.report"
--: > "config.report.tmp"
--
--
--
--if test x"$with_rlm_eap_teap" != xno; then
--
--
--openssl_lib_dir=
--
--# Check whether --with-openssl-lib-dir was given.
--if test "${with_openssl_lib_dir+set}" = set; then :
-- withval=$with_openssl_lib_dir; case "$withval" in
-- no)
-- as_fn_error $? "Need openssl-lib-dir" "$LINENO" 5
-- ;;
-- yes)
-- ;;
-- *)
-- openssl_lib_dir="$withval"
-- ;;
-- esac
--fi
--
--
--openssl_include_dir=
--
--# Check whether --with-openssl-include-dir was given.
--if test "${with_openssl_include_dir+set}" = set; then :
-- withval=$with_openssl_include_dir; case "$withval" in
-- no)
-- as_fn_error $? "Need openssl-include-dir" "$LINENO" 5
-- ;;
-- yes)
-- ;;
-- *)
-- openssl_include_dir="$withval"
-- ;;
-- esac
--fi
--
--
--
--smart_try_dir=$openssl_include_dir
--ac_ext=c
--ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
--ac_compiler_gnu=$ac_cv_c_compiler_gnu
--if test -n "$ac_tool_prefix"; then
-- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
--set dummy ${ac_tool_prefix}gcc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$CC"; then
-- ac_cv_prog_CC="$CC" # Let the user override the test.
--else
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_prog_CC="${ac_tool_prefix}gcc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--fi
--fi
--CC=$ac_cv_prog_CC
--if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
--
--fi
--if test -z "$ac_cv_prog_CC"; then
-- ac_ct_CC=$CC
-- # Extract the first word of "gcc", so it can be a program name with args.
--set dummy gcc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_ac_ct_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$ac_ct_CC"; then
-- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
--else
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_prog_ac_ct_CC="gcc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--fi
--fi
--ac_ct_CC=$ac_cv_prog_ac_ct_CC
--if test -n "$ac_ct_CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
--$as_echo "$ac_ct_CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
-- if test "x$ac_ct_CC" = x; then
-- CC=""
-- else
-- case $cross_compiling:$ac_tool_warned in
--yes:)
--{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
--$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
--ac_tool_warned=yes ;;
--esac
-- CC=$ac_ct_CC
-- fi
--else
-- CC="$ac_cv_prog_CC"
--fi
--
--if test -z "$CC"; then
-- if test -n "$ac_tool_prefix"; then
-- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
--set dummy ${ac_tool_prefix}cc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$CC"; then
-- ac_cv_prog_CC="$CC" # Let the user override the test.
--else
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_prog_CC="${ac_tool_prefix}cc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--fi
--fi
--CC=$ac_cv_prog_CC
--if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
--
-- fi
--fi
--if test -z "$CC"; then
-- # Extract the first word of "cc", so it can be a program name with args.
--set dummy cc; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$CC"; then
-- ac_cv_prog_CC="$CC" # Let the user override the test.
--else
-- ac_prog_rejected=no
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-- ac_prog_rejected=yes
-- continue
-- fi
-- ac_cv_prog_CC="cc"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--if test $ac_prog_rejected = yes; then
-- # We found a bogon in the path, so make sure we never use it.
-- set dummy $ac_cv_prog_CC
-- shift
-- if test $# != 0; then
-- # We chose a different compiler from the bogus one.
-- # However, it has the same basename, so the bogon will be chosen
-- # first if we set CC to just the basename; use the full file name.
-- shift
-- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
-- fi
--fi
--fi
--fi
--CC=$ac_cv_prog_CC
--if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
--
--fi
--if test -z "$CC"; then
-- if test -n "$ac_tool_prefix"; then
-- for ac_prog in cl.exe
-- do
-- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
--set dummy $ac_tool_prefix$ac_prog; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$CC"; then
-- ac_cv_prog_CC="$CC" # Let the user override the test.
--else
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--fi
--fi
--CC=$ac_cv_prog_CC
--if test -n "$CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
--$as_echo "$CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
--
-- test -n "$CC" && break
-- done
--fi
--if test -z "$CC"; then
-- ac_ct_CC=$CC
-- for ac_prog in cl.exe
--do
-- # Extract the first word of "$ac_prog", so it can be a program name with args.
--set dummy $ac_prog; ac_word=$2
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
--$as_echo_n "checking for $ac_word... " >&6; }
--if ${ac_cv_prog_ac_ct_CC+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -n "$ac_ct_CC"; then
-- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
--else
--as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-- ac_cv_prog_ac_ct_CC="$ac_prog"
-- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-- break 2
-- fi
--done
-- done
--IFS=$as_save_IFS
--
--fi
--fi
--ac_ct_CC=$ac_cv_prog_ac_ct_CC
--if test -n "$ac_ct_CC"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
--$as_echo "$ac_ct_CC" >&6; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--
--
-- test -n "$ac_ct_CC" && break
--done
--
-- if test "x$ac_ct_CC" = x; then
-- CC=""
-- else
-- case $cross_compiling:$ac_tool_warned in
--yes:)
--{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
--$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
--ac_tool_warned=yes ;;
--esac
-- CC=$ac_ct_CC
-- fi
--fi
--
--fi
--
--
--test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "no acceptable C compiler found in \$PATH
--See \`config.log' for more details" "$LINENO" 5; }
--
--# Provide some information about the compiler.
--$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
--set X $ac_compile
--ac_compiler=$2
--for ac_option in --version -v -V -qversion; do
-- { { ac_try="$ac_compiler $ac_option >&5"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
-- ac_status=$?
-- if test -s conftest.err; then
-- sed '10a\
--... rest of stderr output deleted ...
-- 10q' conftest.err >conftest.er1
-- cat conftest.er1 >&5
-- fi
-- rm -f conftest.er1 conftest.err
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }
--done
--
--cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--
-- ;
-- return 0;
--}
--_ACEOF
--ac_clean_files_save=$ac_clean_files
--ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
--# Try to create an executable without -o first, disregard a.out.
--# It will help us diagnose broken compilers, and finding out an intuition
--# of exeext.
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
--$as_echo_n "checking whether the C compiler works... " >&6; }
--ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
--
--# The possible output files:
--ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
--
--ac_rmfiles=
--for ac_file in $ac_files
--do
-- case $ac_file in
-- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
-- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
-- esac
--done
--rm -f $ac_rmfiles
--
--if { { ac_try="$ac_link_default"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_link_default") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
--# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
--# in a Makefile. We should not override ac_cv_exeext if it was cached,
--# so that the user can short-circuit this test for compilers unknown to
--# Autoconf.
--for ac_file in $ac_files ''
--do
-- test -f "$ac_file" || continue
-- case $ac_file in
-- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
-- ;;
-- [ab].out )
-- # We found the default executable, but exeext='' is most
-- # certainly right.
-- break;;
-- *.* )
-- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
-- then :; else
-- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-- fi
-- # We set ac_cv_exeext here because the later test for it is not
-- # safe: cross compilers may not add the suffix if given an `-o'
-- # argument, so we may need to know it at that point already.
-- # Even if this section looks crufty: it has the advantage of
-- # actually working.
-- break;;
-- * )
-- break;;
-- esac
--done
--test "$ac_cv_exeext" = no && ac_cv_exeext=
--
--else
-- ac_file=''
--fi
--if test -z "$ac_file"; then :
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--$as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error 77 "C compiler cannot create executables
--See \`config.log' for more details" "$LINENO" 5; }
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
--$as_echo_n "checking for C compiler default output file name... " >&6; }
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
--$as_echo "$ac_file" >&6; }
--ac_exeext=$ac_cv_exeext
--
--rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
--ac_clean_files=$ac_clean_files_save
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
--$as_echo_n "checking for suffix of executables... " >&6; }
--if { { ac_try="$ac_link"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_link") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-- # If both `conftest.exe' and `conftest' are `present' (well, observable)
--# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
--# work properly (i.e., refer to `conftest.exe'), while it won't with
--# `rm'.
--for ac_file in conftest.exe conftest conftest.*; do
-- test -f "$ac_file" || continue
-- case $ac_file in
-- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
-- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-- break;;
-- * ) break;;
-- esac
--done
--else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot compute suffix of executables: cannot compile and link
--See \`config.log' for more details" "$LINENO" 5; }
--fi
--rm -f conftest conftest$ac_cv_exeext
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
--$as_echo "$ac_cv_exeext" >&6; }
--
--rm -f conftest.$ac_ext
--EXEEXT=$ac_cv_exeext
--ac_exeext=$EXEEXT
--cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#include <stdio.h>
--int
--main ()
--{
--FILE *f = fopen ("conftest.out", "w");
-- return ferror (f) || fclose (f) != 0;
--
-- ;
-- return 0;
--}
--_ACEOF
--ac_clean_files="$ac_clean_files conftest.out"
--# Check that the compiler produces executables we can run. If not, either
--# the compiler is broken, or we cross compile.
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
--$as_echo_n "checking whether we are cross compiling... " >&6; }
--if test "$cross_compiling" != yes; then
-- { { ac_try="$ac_link"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_link") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }
-- if { ac_try='./conftest$ac_cv_exeext'
-- { { case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_try") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; }; then
-- cross_compiling=no
-- else
-- if test "$cross_compiling" = maybe; then
-- cross_compiling=yes
-- else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot run C compiled programs.
--If you meant to cross compile, use \`--host'.
--See \`config.log' for more details" "$LINENO" 5; }
-- fi
-- fi
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
--$as_echo "$cross_compiling" >&6; }
--
--rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
--ac_clean_files=$ac_clean_files_save
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
--$as_echo_n "checking for suffix of object files... " >&6; }
--if ${ac_cv_objext+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--
-- ;
-- return 0;
--}
--_ACEOF
--rm -f conftest.o conftest.obj
--if { { ac_try="$ac_compile"
--case "(($ac_try" in
-- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-- *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
--$as_echo "$ac_try_echo"; } >&5
-- (eval "$ac_compile") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then :
-- for ac_file in conftest.o conftest.obj conftest.*; do
-- test -f "$ac_file" || continue;
-- case $ac_file in
-- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
-- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
-- break;;
-- esac
--done
--else
-- $as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot compute suffix of object files: cannot compile
--See \`config.log' for more details" "$LINENO" 5; }
--fi
--rm -f conftest.$ac_cv_objext conftest.$ac_ext
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
--$as_echo "$ac_cv_objext" >&6; }
--OBJEXT=$ac_cv_objext
--ac_objext=$OBJEXT
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
--$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
--if ${ac_cv_c_compiler_gnu+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--#ifndef __GNUC__
-- choke me
--#endif
--
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-- ac_compiler_gnu=yes
--else
-- ac_compiler_gnu=no
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
--ac_cv_c_compiler_gnu=$ac_compiler_gnu
--
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
--$as_echo "$ac_cv_c_compiler_gnu" >&6; }
--if test $ac_compiler_gnu = yes; then
-- GCC=yes
--else
-- GCC=
--fi
--ac_test_CFLAGS=${CFLAGS+set}
--ac_save_CFLAGS=$CFLAGS
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
--$as_echo_n "checking whether $CC accepts -g... " >&6; }
--if ${ac_cv_prog_cc_g+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- ac_save_c_werror_flag=$ac_c_werror_flag
-- ac_c_werror_flag=yes
-- ac_cv_prog_cc_g=no
-- CFLAGS="-g"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-- ac_cv_prog_cc_g=yes
--else
-- CFLAGS=""
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
--
--else
-- ac_c_werror_flag=$ac_save_c_werror_flag
-- CFLAGS="-g"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
--int
--main ()
--{
--
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
-- ac_cv_prog_cc_g=yes
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- ac_c_werror_flag=$ac_save_c_werror_flag
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
--$as_echo "$ac_cv_prog_cc_g" >&6; }
--if test "$ac_test_CFLAGS" = set; then
-- CFLAGS=$ac_save_CFLAGS
--elif test $ac_cv_prog_cc_g = yes; then
-- if test "$GCC" = yes; then
-- CFLAGS="-g -O2"
-- else
-- CFLAGS="-g"
-- fi
--else
-- if test "$GCC" = yes; then
-- CFLAGS="-O2"
-- else
-- CFLAGS=
-- fi
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
--$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
--if ${ac_cv_prog_cc_c89+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- ac_cv_prog_cc_c89=no
--ac_save_CC=$CC
--cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#include <stdarg.h>
--#include <stdio.h>
--struct stat;
--/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
--struct buf { int x; };
--FILE * (*rcsopen) (struct buf *, struct stat *, int);
--static char *e (p, i)
-- char **p;
-- int i;
--{
-- return p[i];
--}
--static char *f (char * (*g) (char **, int), char **p, ...)
--{
-- char *s;
-- va_list v;
-- va_start (v,p);
-- s = g (p, va_arg (v,int));
-- va_end (v);
-- return s;
--}
--
--/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
-- function prototypes and stuff, but not '\xHH' hex character constants.
-- These don't provoke an error unfortunately, instead are silently treated
-- as 'x'. The following induces an error, until -std is added to get
-- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
-- array size at least. It's necessary to write '\x00'==0 to get something
-- that's true only with -std. */
--int osf4_cc_array ['\x00' == 0 ? 1 : -1];
--
--/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
-- inside strings and character constants. */
--#define FOO(x) 'x'
--int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
--
--int test (int i, double x);
--struct s1 {int (*f) (int a);};
--struct s2 {int (*f) (double a);};
--int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
--int argc;
--char **argv;
--int
--main ()
--{
--return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
-- ;
-- return 0;
--}
--_ACEOF
--for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
-- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
--do
-- CC="$ac_save_CC $ac_arg"
-- if ac_fn_c_try_compile "$LINENO"; then :
-- ac_cv_prog_cc_c89=$ac_arg
--fi
--rm -f core conftest.err conftest.$ac_objext
-- test "x$ac_cv_prog_cc_c89" != "xno" && break
--done
--rm -f conftest.$ac_ext
--CC=$ac_save_CC
--
--fi
--# AC_CACHE_VAL
--case "x$ac_cv_prog_cc_c89" in
-- x)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
--$as_echo "none needed" >&6; } ;;
-- xno)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
--$as_echo "unsupported" >&6; } ;;
-- *)
-- CC="$CC $ac_cv_prog_cc_c89"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
--$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
--esac
--if test "x$ac_cv_prog_cc_c89" != xno; then :
--
--fi
--
--ac_ext=c
--ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
--ac_compiler_gnu=$ac_cv_c_compiler_gnu
--
--
--
--
--ac_safe=`echo "openssl/ec.h" | sed 'y%./+-%__pm%'`
--old_CPPFLAGS="$CPPFLAGS"
--smart_include=
--smart_include_dir="/usr/local/include /opt/include"
--
--_smart_try_dir=
--_smart_include_dir=
--
--for _prefix in $smart_prefix ""; do
-- for _dir in $smart_try_dir; do
-- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
-- done
--
-- for _dir in $smart_include_dir; do
-- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
-- done
--done
--
--if test "x$_smart_try_dir" != "x"; then
-- for try in $_smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
--$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
-- #include <openssl/ec.h>
--int
--main ()
--{
--int a = 1;
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
--
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
--
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
--fi
--
--if test "x$smart_include" = "x"; then
-- for _prefix in $smart_prefix; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ec.h" >&5
--$as_echo_n "checking for ${_prefix}/openssl/ec.h... " >&6; }
--
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
-- #include <openssl/ec.h>
--int
--main ()
--{
--int a = 1;
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
--
-- smart_include="-isystem ${_prefix}/"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
--
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
--fi
--
--if test "x$smart_include" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h" >&5
--$as_echo_n "checking for openssl/ec.h... " >&6; }
--
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
-- #include <openssl/ec.h>
--int
--main ()
--{
--int a = 1;
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
--
-- smart_include=" "
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
--
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
--fi
--
--if test "x$smart_include" = "x"; then
--
-- for try in $_smart_include_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
--$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
-- CPPFLAGS="-isystem $try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--
-- #include <openssl/ec.h>
--int
--main ()
--{
--int a = 1;
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_compile "$LINENO"; then :
--
-- smart_include="-isystem $try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
--
-- smart_include=
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--fi
--rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-- done
-- CPPFLAGS="$old_CPPFLAGS"
--fi
--
--if test "x$smart_include" != "x"; then
-- eval "ac_cv_header_$ac_safe=yes"
-- CPPFLAGS="$smart_include $old_CPPFLAGS"
-- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
--fi
--
--smart_prefix=
--
--if test "$ac_cv_header_openssl_ec_h" != "yes"; then
--
--fail="$fail openssl/ec.h"
--
--fi
--
--smart_try_dir=$openssl_lib_dir
--
--
--sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
--sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'`
--
--old_LIBS="$LIBS"
--old_CPPFLAGS="$CPPFLAGS"
--smart_lib=
--smart_ldflags=
--smart_lib_dir=
--
--if test "x$smart_try_dir" != "x"; then
-- for try in $smart_try_dir; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
--$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--extern char EVP_CIPHER_CTX_new();
--int
--main ()
--{
--EVP_CIPHER_CTX_new()
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--rm -f core conftest.err conftest.$ac_objext \
-- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
--fi
--
--if test "x$smart_lib" = "x"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5
--$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--extern char EVP_CIPHER_CTX_new();
--int
--main ()
--{
--EVP_CIPHER_CTX_new()
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--rm -f core conftest.err conftest.$ac_objext \
-- conftest$ac_exeext conftest.$ac_ext
-- LIBS="$old_LIBS"
--fi
--
--if test "x$smart_lib" = "x"; then
-- for try in /usr/local/lib /opt/lib; do
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
--$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
-- LIBS="-lcrypto $old_LIBS"
-- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--extern char EVP_CIPHER_CTX_new();
--int
--main ()
--{
--EVP_CIPHER_CTX_new()
-- ;
-- return 0;
--}
--_ACEOF
--if ac_fn_c_try_link "$LINENO"; then :
--
-- smart_lib="-lcrypto"
-- smart_ldflags="-L$try -Wl,-rpath,$try"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- break
--
--else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--fi
--rm -f core conftest.err conftest.$ac_objext \
-- conftest$ac_exeext conftest.$ac_ext
-- done
-- LIBS="$old_LIBS"
-- CPPFLAGS="$old_CPPFLAGS"
--fi
--
--if test "x$smart_lib" != "x"; then
-- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-- LIBS="$smart_ldflags $smart_lib $old_LIBS"
-- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
--fi
--
--if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
--
--fail="$fail libssl"
--
--fi
--
--ac_ext=c
--ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
--ac_compiler_gnu=$ac_cv_c_compiler_gnu
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
--$as_echo_n "checking how to run the C preprocessor... " >&6; }
--# On Suns, sometimes $CPP names a directory.
--if test -n "$CPP" && test -d "$CPP"; then
-- CPP=
--fi
--if test -z "$CPP"; then
-- if ${ac_cv_prog_CPP+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- # Double quotes because CPP needs to be expanded
-- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
-- do
-- ac_preproc_ok=false
--for ac_c_preproc_warn_flag in '' yes
--do
-- # Use a header file that comes with gcc, so configuring glibc
-- # with a fresh cross-compiler works.
-- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-- # <limits.h> exists even on freestanding compilers.
-- # On the NeXT, cc -E runs the code through the compiler's parser,
-- # not just through cpp. "Syntax error" is here to catch this case.
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#ifdef __STDC__
--# include <limits.h>
--#else
--# include <assert.h>
--#endif
-- Syntax error
--_ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
--
--else
-- # Broken: fails on valid input.
--continue
--fi
--rm -f conftest.err conftest.i conftest.$ac_ext
--
-- # OK, works on sane cases. Now check whether nonexistent headers
-- # can be detected and how.
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#include <ac_nonexistent.h>
--_ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-- # Broken: success on invalid input.
--continue
--else
-- # Passes both tests.
--ac_preproc_ok=:
--break
--fi
--rm -f conftest.err conftest.i conftest.$ac_ext
--
--done
--# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
--rm -f conftest.i conftest.err conftest.$ac_ext
--if $ac_preproc_ok; then :
-- break
--fi
--
-- done
-- ac_cv_prog_CPP=$CPP
--
--fi
-- CPP=$ac_cv_prog_CPP
--else
-- ac_cv_prog_CPP=$CPP
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
--$as_echo "$CPP" >&6; }
--ac_preproc_ok=false
--for ac_c_preproc_warn_flag in '' yes
--do
-- # Use a header file that comes with gcc, so configuring glibc
-- # with a fresh cross-compiler works.
-- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-- # <limits.h> exists even on freestanding compilers.
-- # On the NeXT, cc -E runs the code through the compiler's parser,
-- # not just through cpp. "Syntax error" is here to catch this case.
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#ifdef __STDC__
--# include <limits.h>
--#else
--# include <assert.h>
--#endif
-- Syntax error
--_ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
--
--else
-- # Broken: fails on valid input.
--continue
--fi
--rm -f conftest.err conftest.i conftest.$ac_ext
--
-- # OK, works on sane cases. Now check whether nonexistent headers
-- # can be detected and how.
-- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#include <ac_nonexistent.h>
--_ACEOF
--if ac_fn_c_try_cpp "$LINENO"; then :
-- # Broken: success on invalid input.
--continue
--else
-- # Passes both tests.
--ac_preproc_ok=:
--break
--fi
--rm -f conftest.err conftest.i conftest.$ac_ext
--
--done
--# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
--rm -f conftest.i conftest.err conftest.$ac_ext
--if $ac_preproc_ok; then :
--
--else
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
--See \`config.log' for more details" "$LINENO" 5; }
--fi
--
--ac_ext=c
--ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
--ac_compiler_gnu=$ac_cv_c_compiler_gnu
--
--
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
--$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
--if ${ac_cv_path_GREP+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if test -z "$GREP"; then
-- ac_path_GREP_found=false
-- # Loop through the user's path and test for each of PROGNAME-LIST
-- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_prog in grep ggrep; do
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
-- as_fn_executable_p "$ac_path_GREP" || continue
--# Check for GNU ac_path_GREP and select it if it is found.
-- # Check for GNU $ac_path_GREP
--case `"$ac_path_GREP" --version 2>&1` in
--*GNU*)
-- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
--*)
-- ac_count=0
-- $as_echo_n 0123456789 >"conftest.in"
-- while :
-- do
-- cat "conftest.in" "conftest.in" >"conftest.tmp"
-- mv "conftest.tmp" "conftest.in"
-- cp "conftest.in" "conftest.nl"
-- $as_echo 'GREP' >> "conftest.nl"
-- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-- as_fn_arith $ac_count + 1 && ac_count=$as_val
-- if test $ac_count -gt ${ac_path_GREP_max-0}; then
-- # Best one so far, save it but keep looking for a better one
-- ac_cv_path_GREP="$ac_path_GREP"
-- ac_path_GREP_max=$ac_count
-- fi
-- # 10*(2^10) chars as input seems more than enough
-- test $ac_count -gt 10 && break
-- done
-- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
--esac
--
-- $ac_path_GREP_found && break 3
-- done
-- done
-- done
--IFS=$as_save_IFS
-- if test -z "$ac_cv_path_GREP"; then
-- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
-- fi
--else
-- ac_cv_path_GREP=$GREP
--fi
--
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
--$as_echo "$ac_cv_path_GREP" >&6; }
-- GREP="$ac_cv_path_GREP"
--
--
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
--$as_echo_n "checking for egrep... " >&6; }
--if ${ac_cv_path_EGREP+:} false; then :
-- $as_echo_n "(cached) " >&6
--else
-- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
-- then ac_cv_path_EGREP="$GREP -E"
-- else
-- if test -z "$EGREP"; then
-- ac_path_EGREP_found=false
-- # Loop through the user's path and test for each of PROGNAME-LIST
-- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- for ac_prog in egrep; do
-- for ac_exec_ext in '' $ac_executable_extensions; do
-- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
-- as_fn_executable_p "$ac_path_EGREP" || continue
--# Check for GNU ac_path_EGREP and select it if it is found.
-- # Check for GNU $ac_path_EGREP
--case `"$ac_path_EGREP" --version 2>&1` in
--*GNU*)
-- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
--*)
-- ac_count=0
-- $as_echo_n 0123456789 >"conftest.in"
-- while :
-- do
-- cat "conftest.in" "conftest.in" >"conftest.tmp"
-- mv "conftest.tmp" "conftest.in"
-- cp "conftest.in" "conftest.nl"
-- $as_echo 'EGREP' >> "conftest.nl"
-- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-- as_fn_arith $ac_count + 1 && ac_count=$as_val
-- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
-- # Best one so far, save it but keep looking for a better one
-- ac_cv_path_EGREP="$ac_path_EGREP"
-- ac_path_EGREP_max=$ac_count
-- fi
-- # 10*(2^10) chars as input seems more than enough
-- test $ac_count -gt 10 && break
-- done
-- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
--esac
--
-- $ac_path_EGREP_found && break 3
-- done
-- done
-- done
--IFS=$as_save_IFS
-- if test -z "$ac_cv_path_EGREP"; then
-- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
-- fi
--else
-- ac_cv_path_EGREP=$EGREP
--fi
--
-- fi
--fi
--{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
--$as_echo "$ac_cv_path_EGREP" >&6; }
-- EGREP="$ac_cv_path_EGREP"
--
--
--cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--/* end confdefs.h. */
--#include <openssl/crypto.h>
-- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-- yes
-- #endif
--
--_ACEOF
--if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-- $EGREP "yes" >/dev/null 2>&1; then :
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
--$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
--
--else
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
--$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--fail="$fail OpenSSL>=1.1.1"
--
--
--
--fi
--rm -f conftest*
--
--
--
-- targetname=rlm_eap_teap
--else
-- targetname=
-- echo \*\*\* module rlm_eap_teap is disabled.
--
--
--fr_status="disabled"
--
--fi
--
--if test x"$fail" != x""; then
-- targetname=""
--
--
-- if test x"${enable_strict_dependencies}" = x"yes"; then
-- as_fn_error $? "set --without-rlm_eap_teap to disable it explicitly." "$LINENO" 5
-- else
--
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_teap." >&5
--$as_echo "$as_me: WARNING: silently not building rlm_eap_teap." >&2;}
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&5
--$as_echo "$as_me: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&2;};
-- fail="$(echo $fail)"
--
--
--fr_status="skipping (requires $fail)"
--
-- fr_features=
--
-- fi
--
--else
--
--
--fr_status="OK"
--
--fi
--
--if test x"$fr_features" = x""; then
-- $as_echo "$fr_status" > "config.report"
--else
-- $as_echo_n "$fr_status ... " > "config.report"
-- cat "config.report.tmp" >> "config.report"
--fi
--
--rm "config.report.tmp"
--
--
--
--
--
--
--
--ac_config_files="$ac_config_files all.mk"
--
--cat >confcache <<\_ACEOF
--# This file is a shell script that caches the results of configure
--# tests run on this system so they can be shared between configure
--# scripts and configure runs, see configure's option --config-cache.
--# It is not useful on other systems. If it contains results you don't
--# want to keep, you may remove or edit it.
--#
--# config.status only pays attention to the cache file if you give it
--# the --recheck option to rerun configure.
--#
--# `ac_cv_env_foo' variables (set or unset) will be overridden when
--# loading this file, other *unset* `ac_cv_foo' will be assigned the
--# following values.
--
--_ACEOF
--
--# The following way of writing the cache mishandles newlines in values,
--# but we know of no workaround that is simple, portable, and efficient.
--# So, we kill variables containing newlines.
--# Ultrix sh set writes to stderr and can't be redirected directly,
--# and sets the high bit in the cache file unless we assign to the vars.
--(
-- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
-- eval ac_val=\$$ac_var
-- case $ac_val in #(
-- *${as_nl}*)
-- case $ac_var in #(
-- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
--$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
-- esac
-- case $ac_var in #(
-- _ | IFS | as_nl) ;; #(
-- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
-- *) { eval $ac_var=; unset $ac_var;} ;;
-- esac ;;
-- esac
-- done
--
-- (set) 2>&1 |
-- case $as_nl`(ac_space=' '; set) 2>&1` in #(
-- *${as_nl}ac_space=\ *)
-- # `set' does not quote correctly, so add quotes: double-quote
-- # substitution turns \\\\ into \\, and sed turns \\ into \.
-- sed -n \
-- "s/'/'\\\\''/g;
-- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
-- ;; #(
-- *)
-- # `set' quotes correctly as required by POSIX, so do not add quotes.
-- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
-- ;;
-- esac |
-- sort
--) |
-- sed '
-- /^ac_cv_env_/b end
-- t clear
-- :clear
-- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-- t end
-- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
-- :end' >>confcache
--if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
-- if test -w "$cache_file"; then
-- if test "x$cache_file" != "x/dev/null"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
--$as_echo "$as_me: updating cache $cache_file" >&6;}
-- if test ! -f "$cache_file" || test -h "$cache_file"; then
-- cat confcache >"$cache_file"
-- else
-- case $cache_file in #(
-- */* | ?:*)
-- mv -f confcache "$cache_file"$$ &&
-- mv -f "$cache_file"$$ "$cache_file" ;; #(
-- *)
-- mv -f confcache "$cache_file" ;;
-- esac
-- fi
-- fi
-- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
--$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
-- fi
--fi
--rm -f confcache
--
--test "x$prefix" = xNONE && prefix=$ac_default_prefix
--# Let make expand exec_prefix.
--test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
--
--# Transform confdefs.h into DEFS.
--# Protect against shell expansion while executing Makefile rules.
--# Protect against Makefile macro expansion.
--#
--# If the first sed substitution is executed (which looks for macros that
--# take arguments), then branch to the quote section. Otherwise,
--# look for a macro that doesn't take arguments.
--ac_script='
--:mline
--/\\$/{
-- N
-- s,\\\n,,
-- b mline
--}
--t clear
--:clear
--s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
--t quote
--s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
--t quote
--b any
--:quote
--s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
--s/\[/\\&/g
--s/\]/\\&/g
--s/\$/$$/g
--H
--:any
--${
-- g
-- s/^\n//
-- s/\n/ /g
-- p
--}
--'
--DEFS=`sed -n "$ac_script" confdefs.h`
--
--
--ac_libobjs=
--ac_ltlibobjs=
--U=
--for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
-- # 1. Remove the extension, and $U if already installed.
-- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
-- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
-- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
-- # will be set to the directory where LIBOBJS objects are built.
-- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
-- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
--done
--LIBOBJS=$ac_libobjs
--
--LTLIBOBJS=$ac_ltlibobjs
--
--
--
--: "${CONFIG_STATUS=./config.status}"
--ac_write_fail=0
--ac_clean_files_save=$ac_clean_files
--ac_clean_files="$ac_clean_files $CONFIG_STATUS"
--{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
--$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
--as_write_fail=0
--cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
--#! $SHELL
--# Generated by $as_me.
--# Run this file to recreate the current configuration.
--# Compiler output produced by configure, useful for debugging
--# configure, is in config.log if it exists.
--
--debug=false
--ac_cs_recheck=false
--ac_cs_silent=false
--
--SHELL=\${CONFIG_SHELL-$SHELL}
--export SHELL
--_ASEOF
--cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
--## -------------------- ##
--## M4sh Initialization. ##
--## -------------------- ##
--
--# Be more Bourne compatible
--DUALCASE=1; export DUALCASE # for MKS sh
--if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
-- emulate sh
-- NULLCMD=:
-- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
-- # is contrary to our usage. Disable this feature.
-- alias -g '${1+"$@"}'='"$@"'
-- setopt NO_GLOB_SUBST
--else
-- case `(set -o) 2>/dev/null` in #(
-- *posix*) :
-- set -o posix ;; #(
-- *) :
-- ;;
--esac
--fi
--
--
--as_nl='
--'
--export as_nl
--# Printing a long string crashes Solaris 7 /usr/bin/printf.
--as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
--as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
--# Prefer a ksh shell builtin over an external printf program on Solaris,
--# but without wasting forks for bash or zsh.
--if test -z "$BASH_VERSION$ZSH_VERSION" \
-- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='print -r --'
-- as_echo_n='print -rn --'
--elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
-- as_echo='printf %s\n'
-- as_echo_n='printf %s'
--else
-- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
-- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
-- as_echo_n='/usr/ucb/echo -n'
-- else
-- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
-- as_echo_n_body='eval
-- arg=$1;
-- case $arg in #(
-- *"$as_nl"*)
-- expr "X$arg" : "X\\(.*\\)$as_nl";
-- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
-- esac;
-- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
-- '
-- export as_echo_n_body
-- as_echo_n='sh -c $as_echo_n_body as_echo'
-- fi
-- export as_echo_body
-- as_echo='sh -c $as_echo_body as_echo'
--fi
--
--# The user is always right.
--if test "${PATH_SEPARATOR+set}" != set; then
-- PATH_SEPARATOR=:
-- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
-- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
-- PATH_SEPARATOR=';'
-- }
--fi
--
--
--# IFS
--# We need space, tab and new line, in precisely that order. Quoting is
--# there to prevent editors from complaining about space-tab.
--# (If _AS_PATH_WALK were called with IFS unset, it would disable word
--# splitting by setting IFS to empty value.)
--IFS=" "" $as_nl"
--
--# Find who we are. Look in the path if we contain no directory separator.
--as_myself=
--case $0 in #((
-- *[\\/]* ) as_myself=$0 ;;
-- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
--for as_dir in $PATH
--do
-- IFS=$as_save_IFS
-- test -z "$as_dir" && as_dir=.
-- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-- done
--IFS=$as_save_IFS
--
-- ;;
--esac
--# We did not find ourselves, most probably we were run as `sh COMMAND'
--# in which case we are not to be found in the path.
--if test "x$as_myself" = x; then
-- as_myself=$0
--fi
--if test ! -f "$as_myself"; then
-- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-- exit 1
--fi
--
--# Unset variables that we do not need and which cause bugs (e.g. in
--# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
--# suppresses any "Segmentation fault" message there. '((' could
--# trigger a bug in pdksh 5.2.14.
--for as_var in BASH_ENV ENV MAIL MAILPATH
--do eval test x\${$as_var+set} = xset \
-- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
--done
--PS1='$ '
--PS2='> '
--PS4='+ '
--
--# NLS nuisances.
--LC_ALL=C
--export LC_ALL
--LANGUAGE=C
--export LANGUAGE
--
--# CDPATH.
--(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
--
--
--# as_fn_error STATUS ERROR [LINENO LOG_FD]
--# ----------------------------------------
--# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
--# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
--# script with STATUS, using 1 if that was 0.
--as_fn_error ()
--{
-- as_status=$1; test $as_status -eq 0 && as_status=1
-- if test "$4"; then
-- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
-- fi
-- $as_echo "$as_me: error: $2" >&2
-- as_fn_exit $as_status
--} # as_fn_error
--
--
--# as_fn_set_status STATUS
--# -----------------------
--# Set $? to STATUS, without forking.
--as_fn_set_status ()
--{
-- return $1
--} # as_fn_set_status
--
--# as_fn_exit STATUS
--# -----------------
--# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
--as_fn_exit ()
--{
-- set +e
-- as_fn_set_status $1
-- exit $1
--} # as_fn_exit
--
--# as_fn_unset VAR
--# ---------------
--# Portably unset VAR.
--as_fn_unset ()
--{
-- { eval $1=; unset $1;}
--}
--as_unset=as_fn_unset
--# as_fn_append VAR VALUE
--# ----------------------
--# Append the text in VALUE to the end of the definition contained in VAR. Take
--# advantage of any shell optimizations that allow amortized linear growth over
--# repeated appends, instead of the typical quadratic growth present in naive
--# implementations.
--if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
-- eval 'as_fn_append ()
-- {
-- eval $1+=\$2
-- }'
--else
-- as_fn_append ()
-- {
-- eval $1=\$$1\$2
-- }
--fi # as_fn_append
--
--# as_fn_arith ARG...
--# ------------------
--# Perform arithmetic evaluation on the ARGs, and store the result in the
--# global $as_val. Take advantage of shells that can avoid forks. The arguments
--# must be portable across $(()) and expr.
--if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
-- eval 'as_fn_arith ()
-- {
-- as_val=$(( $* ))
-- }'
--else
-- as_fn_arith ()
-- {
-- as_val=`expr "$@" || test $? -eq 1`
-- }
--fi # as_fn_arith
--
--
--if expr a : '\(a\)' >/dev/null 2>&1 &&
-- test "X`expr 00001 : '.*\(...\)'`" = X001; then
-- as_expr=expr
--else
-- as_expr=false
--fi
--
--if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
-- as_basename=basename
--else
-- as_basename=false
--fi
--
--if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
-- as_dirname=dirname
--else
-- as_dirname=false
--fi
--
--as_me=`$as_basename -- "$0" ||
--$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-- X"$0" : 'X\(//\)$' \| \
-- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X/"$0" |
-- sed '/^.*\/\([^/][^/]*\)\/*$/{
-- s//\1/
-- q
-- }
-- /^X\/\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\/\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
--
--# Avoid depending upon Character Ranges.
--as_cr_letters='abcdefghijklmnopqrstuvwxyz'
--as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
--as_cr_Letters=$as_cr_letters$as_cr_LETTERS
--as_cr_digits='0123456789'
--as_cr_alnum=$as_cr_Letters$as_cr_digits
--
--ECHO_C= ECHO_N= ECHO_T=
--case `echo -n x` in #(((((
---n*)
-- case `echo 'xy\c'` in
-- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
-- xy) ECHO_C='\c';;
-- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
-- ECHO_T=' ';;
-- esac;;
--*)
-- ECHO_N='-n';;
--esac
--
--rm -f conf$$ conf$$.exe conf$$.file
--if test -d conf$$.dir; then
-- rm -f conf$$.dir/conf$$.file
--else
-- rm -f conf$$.dir
-- mkdir conf$$.dir 2>/dev/null
--fi
--if (echo >conf$$.file) 2>/dev/null; then
-- if ln -s conf$$.file conf$$ 2>/dev/null; then
-- as_ln_s='ln -s'
-- # ... but there are two gotchas:
-- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-- # In both cases, we have to default to `cp -pR'.
-- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-- as_ln_s='cp -pR'
-- elif ln conf$$.file conf$$ 2>/dev/null; then
-- as_ln_s=ln
-- else
-- as_ln_s='cp -pR'
-- fi
--else
-- as_ln_s='cp -pR'
--fi
--rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
--rmdir conf$$.dir 2>/dev/null
--
--
--# as_fn_mkdir_p
--# -------------
--# Create "$as_dir" as a directory, including parents if necessary.
--as_fn_mkdir_p ()
--{
--
-- case $as_dir in #(
-- -*) as_dir=./$as_dir;;
-- esac
-- test -d "$as_dir" || eval $as_mkdir_p || {
-- as_dirs=
-- while :; do
-- case $as_dir in #(
-- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
-- *) as_qdir=$as_dir;;
-- esac
-- as_dirs="'$as_qdir' $as_dirs"
-- as_dir=`$as_dirname -- "$as_dir" ||
--$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$as_dir" : 'X\(//\)[^/]' \| \
-- X"$as_dir" : 'X\(//\)$' \| \
-- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$as_dir" |
-- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)[^/].*/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
-- test -d "$as_dir" && break
-- done
-- test -z "$as_dirs" || eval "mkdir $as_dirs"
-- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
--
--
--} # as_fn_mkdir_p
--if mkdir -p . 2>/dev/null; then
-- as_mkdir_p='mkdir -p "$as_dir"'
--else
-- test -d ./-p && rmdir ./-p
-- as_mkdir_p=false
--fi
--
--
--# as_fn_executable_p FILE
--# -----------------------
--# Test if FILE is an executable regular file.
--as_fn_executable_p ()
--{
-- test -f "$1" && test -x "$1"
--} # as_fn_executable_p
--as_test_x='test -x'
--as_executable_p=as_fn_executable_p
--
--# Sed expression to map a string onto a valid CPP name.
--as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
--
--# Sed expression to map a string onto a valid variable name.
--as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
--
--
--exec 6>&1
--## ----------------------------------- ##
--## Main body of $CONFIG_STATUS script. ##
--## ----------------------------------- ##
--_ASEOF
--test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--# Save the log message, to keep $0 and so on meaningful, and to
--# report actual input values of CONFIG_FILES etc. instead of their
--# values after options handling.
--ac_log="
--This file was extended by $as_me, which was
--generated by GNU Autoconf 2.69. Invocation command line was
--
-- CONFIG_FILES = $CONFIG_FILES
-- CONFIG_HEADERS = $CONFIG_HEADERS
-- CONFIG_LINKS = $CONFIG_LINKS
-- CONFIG_COMMANDS = $CONFIG_COMMANDS
-- $ $0 $@
--
--on `(hostname || uname -n) 2>/dev/null | sed 1q`
--"
--
--_ACEOF
--
--case $ac_config_files in *"
--"*) set x $ac_config_files; shift; ac_config_files=$*;;
--esac
--
--
--
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--# Files that config.status was made for.
--config_files="$ac_config_files"
--
--_ACEOF
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--ac_cs_usage="\
--\`$as_me' instantiates files and other configuration actions
--from templates according to the current configuration. Unless the files
--and actions are specified as TAGs, all are instantiated by default.
--
--Usage: $0 [OPTION]... [TAG]...
--
-- -h, --help print this help, then exit
-- -V, --version print version number and configuration settings, then exit
-- --config print configuration, then exit
-- -q, --quiet, --silent
-- do not print progress messages
-- -d, --debug don't remove temporary files
-- --recheck update $as_me by reconfiguring in the same conditions
-- --file=FILE[:TEMPLATE]
-- instantiate the configuration file FILE
--
--Configuration files:
--$config_files
--
--Report bugs to the package provider."
--
--_ACEOF
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
--ac_cs_version="\\
--config.status
--configured by $0, generated by GNU Autoconf 2.69,
-- with options \\"\$ac_cs_config\\"
--
--Copyright (C) 2012 Free Software Foundation, Inc.
--This config.status script is free software; the Free Software Foundation
--gives unlimited permission to copy, distribute and modify it."
--
--ac_pwd='$ac_pwd'
--srcdir='$srcdir'
--test -n "\$AWK" || AWK=awk
--_ACEOF
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--# The default lists apply if the user does not specify any file.
--ac_need_defaults=:
--while test $# != 0
--do
-- case $1 in
-- --*=?*)
-- ac_option=`expr "X$1" : 'X\([^=]*\)='`
-- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
-- ac_shift=:
-- ;;
-- --*=)
-- ac_option=`expr "X$1" : 'X\([^=]*\)='`
-- ac_optarg=
-- ac_shift=:
-- ;;
-- *)
-- ac_option=$1
-- ac_optarg=$2
-- ac_shift=shift
-- ;;
-- esac
--
-- case $ac_option in
-- # Handling of the options.
-- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-- ac_cs_recheck=: ;;
-- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
-- $as_echo "$ac_cs_version"; exit ;;
-- --config | --confi | --conf | --con | --co | --c )
-- $as_echo "$ac_cs_config"; exit ;;
-- --debug | --debu | --deb | --de | --d | -d )
-- debug=: ;;
-- --file | --fil | --fi | --f )
-- $ac_shift
-- case $ac_optarg in
-- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
-- '') as_fn_error $? "missing file argument" ;;
-- esac
-- as_fn_append CONFIG_FILES " '$ac_optarg'"
-- ac_need_defaults=false;;
-- --he | --h | --help | --hel | -h )
-- $as_echo "$ac_cs_usage"; exit ;;
-- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-- | -silent | --silent | --silen | --sile | --sil | --si | --s)
-- ac_cs_silent=: ;;
--
-- # This is an error.
-- -*) as_fn_error $? "unrecognized option: \`$1'
--Try \`$0 --help' for more information." ;;
--
-- *) as_fn_append ac_config_targets " $1"
-- ac_need_defaults=false ;;
--
-- esac
-- shift
--done
--
--ac_configure_extra_args=
--
--if $ac_cs_silent; then
-- exec 6>/dev/null
-- ac_configure_extra_args="$ac_configure_extra_args --silent"
--fi
--
--_ACEOF
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--if \$ac_cs_recheck; then
-- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-- shift
-- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
-- CONFIG_SHELL='$SHELL'
-- export CONFIG_SHELL
-- exec "\$@"
--fi
--
--_ACEOF
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--exec 5>>config.log
--{
-- echo
-- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
--## Running $as_me. ##
--_ASBOX
-- $as_echo "$ac_log"
--} >&5
--
--_ACEOF
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--_ACEOF
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--
--# Handling of arguments.
--for ac_config_target in $ac_config_targets
--do
-- case $ac_config_target in
-- "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;;
--
-- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
-- esac
--done
--
--
--# If the user did not use the arguments to specify the items to instantiate,
--# then the envvar interface is used. Set only those that are not.
--# We use the long form for the default assignment because of an extremely
--# bizarre bug on SunOS 4.1.3.
--if $ac_need_defaults; then
-- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
--fi
--
--# Have a temporary directory for convenience. Make it in the build tree
--# simply because there is no reason against having it here, and in addition,
--# creating and moving files from /tmp can sometimes cause problems.
--# Hook for its removal unless debugging.
--# Note that there is a small window in which the directory will not be cleaned:
--# after its creation but before its name has been assigned to `$tmp'.
--$debug ||
--{
-- tmp= ac_tmp=
-- trap 'exit_status=$?
-- : "${ac_tmp:=$tmp}"
-- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
--' 0
-- trap 'as_fn_exit 1' 1 2 13 15
--}
--# Create a (secure) tmp directory for tmp files.
--
--{
-- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
-- test -d "$tmp"
--} ||
--{
-- tmp=./conf$$-$RANDOM
-- (umask 077 && mkdir "$tmp")
--} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
--ac_tmp=$tmp
--
--# Set up the scripts for CONFIG_FILES section.
--# No need to generate them if there are no CONFIG_FILES.
--# This happens for instance with `./config.status config.h'.
--if test -n "$CONFIG_FILES"; then
--
--
--ac_cr=`echo X | tr X '\015'`
--# On cygwin, bash can eat \r inside `` if the user requested igncr.
--# But we know of no other shell where ac_cr would be empty at this
--# point, so we can use a bashism as a fallback.
--if test "x$ac_cr" = x; then
-- eval ac_cr=\$\'\\r\'
--fi
--ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
--if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
-- ac_cs_awk_cr='\\r'
--else
-- ac_cs_awk_cr=$ac_cr
--fi
--
--echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
--_ACEOF
--
--
--{
-- echo "cat >conf$$subs.awk <<_ACEOF" &&
-- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
-- echo "_ACEOF"
--} >conf$$subs.sh ||
-- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
--ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
--ac_delim='%!_!# '
--for ac_last_try in false false false false false :; do
-- . ./conf$$subs.sh ||
-- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
--
-- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
-- if test $ac_delim_n = $ac_delim_num; then
-- break
-- elif $ac_last_try; then
-- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-- else
-- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
-- fi
--done
--rm -f conf$$subs.sh
--
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
--_ACEOF
--sed -n '
--h
--s/^/S["/; s/!.*/"]=/
--p
--g
--s/^[^!]*!//
--:repl
--t repl
--s/'"$ac_delim"'$//
--t delim
--:nl
--h
--s/\(.\{148\}\)..*/\1/
--t more1
--s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
--p
--n
--b repl
--:more1
--s/["\\]/\\&/g; s/^/"/; s/$/"\\/
--p
--g
--s/.\{148\}//
--t nl
--:delim
--h
--s/\(.\{148\}\)..*/\1/
--t more2
--s/["\\]/\\&/g; s/^/"/; s/$/"/
--p
--b
--:more2
--s/["\\]/\\&/g; s/^/"/; s/$/"\\/
--p
--g
--s/.\{148\}//
--t delim
--' <conf$$subs.awk | sed '
--/^[^""]/{
-- N
-- s/\n//
--}
--' >>$CONFIG_STATUS || ac_write_fail=1
--rm -f conf$$subs.awk
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--_ACAWK
--cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
-- for (key in S) S_is_set[key] = 1
-- FS = "�"
--
--}
--{
-- line = $ 0
-- nfields = split(line, field, "@")
-- substed = 0
-- len = length(field[1])
-- for (i = 2; i < nfields; i++) {
-- key = field[i]
-- keylen = length(key)
-- if (S_is_set[key]) {
-- value = S[key]
-- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
-- len += length(value) + length(field[++i])
-- substed = 1
-- } else
-- len += 1 + keylen
-- }
--
-- print line
--}
--
--_ACAWK
--_ACEOF
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
-- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
--else
-- cat
--fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
-- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
--_ACEOF
--
--# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
--# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
--# trailing colons and then remove the whole line if VPATH becomes empty
--# (actually we leave an empty line to preserve line numbers).
--if test "x$srcdir" = x.; then
-- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
--h
--s///
--s/^/:/
--s/[ ]*$/:/
--s/:\$(srcdir):/:/g
--s/:\${srcdir}:/:/g
--s/:@srcdir@:/:/g
--s/^:*//
--s/:*$//
--x
--s/\(=[ ]*\).*/\1/
--G
--s/\n//
--s/^[^=]*=[ ]*$//
--}'
--fi
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--fi # test -n "$CONFIG_FILES"
--
--
--eval set X " :F $CONFIG_FILES "
--shift
--for ac_tag
--do
-- case $ac_tag in
-- :[FHLC]) ac_mode=$ac_tag; continue;;
-- esac
-- case $ac_mode$ac_tag in
-- :[FHL]*:*);;
-- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
-- :[FH]-) ac_tag=-:-;;
-- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
-- esac
-- ac_save_IFS=$IFS
-- IFS=:
-- set x $ac_tag
-- IFS=$ac_save_IFS
-- shift
-- ac_file=$1
-- shift
--
-- case $ac_mode in
-- :L) ac_source=$1;;
-- :[FH])
-- ac_file_inputs=
-- for ac_f
-- do
-- case $ac_f in
-- -) ac_f="$ac_tmp/stdin";;
-- *) # Look for the file first in the build tree, then in the source tree
-- # (if the path is not absolute). The absolute path cannot be DOS-style,
-- # because $ac_f cannot contain `:'.
-- test -f "$ac_f" ||
-- case $ac_f in
-- [\\/$]*) false;;
-- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
-- esac ||
-- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
-- esac
-- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
-- as_fn_append ac_file_inputs " '$ac_f'"
-- done
--
-- # Let's still pretend it is `configure' which instantiates (i.e., don't
-- # use $as_me), people would be surprised to read:
-- # /* config.h. Generated by config.status. */
-- configure_input='Generated from '`
-- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
-- `' by configure.'
-- if test x"$ac_file" != x-; then
-- configure_input="$ac_file. $configure_input"
-- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
--$as_echo "$as_me: creating $ac_file" >&6;}
-- fi
-- # Neutralize special characters interpreted by sed in replacement strings.
-- case $configure_input in #(
-- *\&* | *\|* | *\\* )
-- ac_sed_conf_input=`$as_echo "$configure_input" |
-- sed 's/[\\\\&|]/\\\\&/g'`;; #(
-- *) ac_sed_conf_input=$configure_input;;
-- esac
--
-- case $ac_tag in
-- *:-:* | *:-) cat >"$ac_tmp/stdin" \
-- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
-- esac
-- ;;
-- esac
--
-- ac_dir=`$as_dirname -- "$ac_file" ||
--$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-- X"$ac_file" : 'X\(//\)[^/]' \| \
-- X"$ac_file" : 'X\(//\)$' \| \
-- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
--$as_echo X"$ac_file" |
-- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)[^/].*/{
-- s//\1/
-- q
-- }
-- /^X\(\/\/\)$/{
-- s//\1/
-- q
-- }
-- /^X\(\/\).*/{
-- s//\1/
-- q
-- }
-- s/.*/./; q'`
-- as_dir="$ac_dir"; as_fn_mkdir_p
-- ac_builddir=.
--
--case "$ac_dir" in
--.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
--*)
-- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
-- # A ".." for each directory in $ac_dir_suffix.
-- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
-- case $ac_top_builddir_sub in
-- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
-- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-- esac ;;
--esac
--ac_abs_top_builddir=$ac_pwd
--ac_abs_builddir=$ac_pwd$ac_dir_suffix
--# for backward compatibility:
--ac_top_builddir=$ac_top_build_prefix
--
--case $srcdir in
-- .) # We are building in place.
-- ac_srcdir=.
-- ac_top_srcdir=$ac_top_builddir_sub
-- ac_abs_top_srcdir=$ac_pwd ;;
-- [\\/]* | ?:[\\/]* ) # Absolute name.
-- ac_srcdir=$srcdir$ac_dir_suffix;
-- ac_top_srcdir=$srcdir
-- ac_abs_top_srcdir=$srcdir ;;
-- *) # Relative name.
-- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
-- ac_top_srcdir=$ac_top_build_prefix$srcdir
-- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
--esac
--ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
--
--
-- case $ac_mode in
-- :F)
-- #
-- # CONFIG_FILE
-- #
--
--_ACEOF
--
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--# If the template does not know about datarootdir, expand it.
--# FIXME: This hack should be removed a few years after 2.60.
--ac_datarootdir_hack=; ac_datarootdir_seen=
--ac_sed_dataroot='
--/datarootdir/ {
-- p
-- q
--}
--/@datadir@/p
--/@docdir@/p
--/@infodir@/p
--/@localedir@/p
--/@mandir@/p'
--case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
--*datarootdir*) ac_datarootdir_seen=yes;;
--*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
--$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
--_ACEOF
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-- ac_datarootdir_hack='
-- s&@datadir@&$datadir&g
-- s&@docdir@&$docdir&g
-- s&@infodir@&$infodir&g
-- s&@localedir@&$localedir&g
-- s&@mandir@&$mandir&g
-- s&\\\${datarootdir}&$datarootdir&g' ;;
--esac
--_ACEOF
--
--# Neutralize VPATH when `$srcdir' = `.'.
--# Shell code in configure.ac might set extrasub.
--# FIXME: do we really want to maintain this feature?
--cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
--ac_sed_extra="$ac_vpsub
--$extrasub
--_ACEOF
--cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
--:t
--/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
--s|@configure_input@|$ac_sed_conf_input|;t t
--s&@top_builddir@&$ac_top_builddir_sub&;t t
--s&@top_build_prefix@&$ac_top_build_prefix&;t t
--s&@srcdir@&$ac_srcdir&;t t
--s&@abs_srcdir@&$ac_abs_srcdir&;t t
--s&@top_srcdir@&$ac_top_srcdir&;t t
--s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
--s&@builddir@&$ac_builddir&;t t
--s&@abs_builddir@&$ac_abs_builddir&;t t
--s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
--$ac_datarootdir_hack
--"
--eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
-- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
--
--test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
-- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
-- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
-- "$ac_tmp/out"`; test -z "$ac_out"; } &&
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
--which seems to be undefined. Please make sure it is defined" >&5
--$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
--which seems to be undefined. Please make sure it is defined" >&2;}
--
-- rm -f "$ac_tmp/stdin"
-- case $ac_file in
-- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
-- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
-- esac \
-- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-- ;;
--
--
--
-- esac
--
--done # for ac_tag
--
--
--as_fn_exit 0
--_ACEOF
--ac_clean_files=$ac_clean_files_save
--
--test $ac_write_fail = 0 ||
-- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
--
--
--# configure is writing to config.log, and then calls config.status.
--# config.status does its own redirection, appending to config.log.
--# Unfortunately, on DOS this fails, as config.log is still kept open
--# by configure, so config.status won't be able to write to it; its
--# output is simply discarded. So we exec the FD to /dev/null,
--# effectively closing config.log, so it can be properly (re)opened and
--# appended to by config.status. When coming back to configure, we
--# need to make the FD available again.
--if test "$no_create" != yes; then
-- ac_cs_success=:
-- ac_config_status_args=
-- test "$silent" = yes &&
-- ac_config_status_args="$ac_config_status_args --quiet"
-- exec 5>/dev/null
-- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
-- exec 5>>config.log
-- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
-- # would make configure fail if this is the last instruction.
-- $ac_cs_success || as_fn_exit 1
--fi
--if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
--$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
--fi
--
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac b/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
-deleted file mode 100644
-index 6247f4c8aa..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
-+++ /dev/null
-@@ -1,86 +0,0 @@
--AC_PREREQ([2.69])
--AC_INIT
--AC_CONFIG_SRCDIR([rlm_eap_teap.c])
--AC_REVISION($Revision$)
--FR_INIT_MODULE([rlm_eap_teap])
--
--mod_ldflags=
--mod_cflags=
--
--FR_MODULE_START_TESTS
--
--dnl ############################################################
--dnl # Check for command line options
--dnl ############################################################
--dnl extra argument: --with-openssl-lib-dir
--openssl_lib_dir=
--AC_ARG_WITH(openssl-lib-dir,
-- [AS_HELP_STRING([--with-openssl-lib-dir=DIR],
-- [directory for LDAP library files])],
-- [case "$withval" in
-- no)
-- AC_MSG_ERROR(Need openssl-lib-dir)
-- ;;
-- yes)
-- ;;
-- *)
-- openssl_lib_dir="$withval"
-- ;;
-- esac])
--
--dnl extra argument: --with-openssl-include-dir
--openssl_include_dir=
--AC_ARG_WITH(openssl-include-dir,
-- [AS_HELP_STRING([-with-openssl-include-dir=DIR],
-- [directory for LDAP include files])],
-- [case "$withval" in
-- no)
-- AC_MSG_ERROR(Need openssl-include-dir)
-- ;;
-- yes)
-- ;;
-- *)
-- openssl_include_dir="$withval"
-- ;;
-- esac])
--
--dnl ############################################################
--dnl # Check for header files
--dnl ############################################################
--
--smart_try_dir=$openssl_include_dir
--FR_SMART_CHECK_INCLUDE(openssl/ec.h)
--if test "$ac_cv_header_openssl_ec_h" != "yes"; then
-- FR_MODULE_FAIL([openssl/ec.h])
--fi
--
--smart_try_dir=$openssl_lib_dir
--FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new)
--if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
-- FR_MODULE_FAIL([libssl])
--fi
--
--AC_EGREP_CPP(yes,
-- [#include <openssl/crypto.h>
-- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-- yes
-- #endif
-- ],
-- [
-- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
-- AC_MSG_RESULT(yes)
-- ],
-- [
-- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
-- AC_MSG_RESULT(no)
-- FR_MODULE_FAIL([OpenSSL>=1.1.1])
-- ]
--)
--
--FR_MODULE_END_TESTS
--
--AC_SUBST(mod_ldflags)
--AC_SUBST(mod_cflags)
--
--AC_CONFIG_FILES([all.mk])
--AC_OUTPUT
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
-deleted file mode 100644
-index 8e372c69f3..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
-+++ /dev/null
-@@ -1,1817 +0,0 @@
--/*
-- * eap_teap.c contains the interfaces that are called from the main handler
-- *
-- * Version: $Id$
-- *
-- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--RCSID("$Id$")
--
--#include "eap_teap.h"
--#include "eap_teap_crypto.h"
--#include <freeradius-devel/sha1.h>
--#include <openssl/ssl.h>
--#include <openssl/rand.h>
--
--#define EAPTLS_MPPE_KEY_LEN 32
--
--#define RDEBUGHEX(_label, _data, _length) \
--if (fr_debug_lvl > 2) {\
-- char __buf[8192];\
-- for (size_t i = 0; (i < (size_t) _length) && (3*i < sizeof(__buf)); i++) {\
-- sprintf(&__buf[3*i], " %02x", (uint8_t)(_data)[i]);\
-- }\
-- RDEBUG2("%s - hexdump(len=%zu):%s", _label, (size_t)_length, __buf);\
--} while (0)
--
--#define RANDFILL(x) do { rad_assert(sizeof(x) % sizeof(uint32_t) == 0); for (size_t i = 0; i < sizeof(x); i += sizeof(uint32_t)) *((uint32_t *)&x[i]) = fr_rand(); } while(0)
--#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
--#define MIN(a,b) (((a)>(b)) ? (b) : (a))
--
--struct crypto_binding_buffer {
-- uint16_t tlv_type;
-- uint16_t length;
-- eap_tlv_crypto_binding_tlv_t binding;
-- uint8_t eap_type;
-- uint8_t outer_tlvs[1];
--} CC_HINT(__packed__);
--#define CRYPTO_BINDING_BUFFER_INIT(_cbb) \
--do {\
-- _cbb->tlv_type = htons(EAP_TEAP_TLV_MANDATORY | EAP_TEAP_TLV_CRYPTO_BINDING);\
-- _cbb->length = htons(sizeof(struct eap_tlv_crypto_binding_tlv_t));\
-- _cbb->eap_type = PW_EAP_TEAP;\
--} while (0)
--
--static struct teap_imck_t imck_zeros = { };
--
--/**
-- * RFC 7170 EAP-TEAP Authentication Phase 1: Key Derivations
-- */
--static void eap_teap_init_keys(REQUEST *request, tls_session_t *tls_session)
--{
-- teap_tunnel_t *t = tls_session->opaque;
--
-- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
-- const int md_type = EVP_MD_type(md);
--
-- RDEBUG3("Phase 2: Using MAC %s (%d)", OBJ_nid2sn(md_type), md_type);
--
-- RDEBUG3("Phase 2: Deriving keys");
--
-- rad_assert(t->received_version > -1);
-- rad_assert(t->imckc == 0);
--
-- /* S-IMCK[0] = session_key_seed (RFC7170, Section 5.1) */
-- eaptls_gen_keys_only(request, tls_session->ssl, "EXPORTER: teap session key seed", NULL, 0, t->imck_msk.simck, sizeof(t->imck_msk.simck));
-- memcpy(t->imck_emsk.simck, t->imck_msk.simck, sizeof(t->imck_msk.simck));
-- RDEBUGHEX("Phase 2: S-IMCK[0]", t->imck_msk.simck, sizeof(t->imck_msk.simck));
--}
--
--/**
-- * RFC 7170 EAP-TEAP Intermediate Compound Key Derivations - Section 5.2
-- */
--/**
-- * RFC 7170 - Intermediate Compound Key Derivations
-- */
--static void eap_teap_derive_imck(REQUEST *request, tls_session_t *tls_session,
-- uint8_t *msk, size_t msklen,
-- uint8_t *emsk, size_t emsklen)
--{
-- teap_tunnel_t *t = tls_session->opaque;
--
-- t->imckc++;
-- RDEBUG2("Phase 2: Calculating ICMK for round (j = %d)", t->imckc);
--
-- uint8_t imsk_msk[EAP_TEAP_IMSK_LEN] = {0};
-- uint8_t imsk_emsk[EAP_TEAP_IMSK_LEN + 32]; // +32 for EMSK overflow
-- struct teap_imck_t imck_msk, imck_emsk;
--
-- uint8_t imck_label[27] = "Inner Methods Compound Keys"; // width trims trailing \0
-- struct iovec imck_seed[2] = {
-- { (void *)imck_label, sizeof(imck_label) },
-- { NULL, EAP_TEAP_IMSK_LEN }
-- };
--
-- if (msklen) {
-- memcpy(imsk_msk, msk, MIN(msklen, EAP_TEAP_IMSK_LEN));
-- RDEBUGHEX("Phase 2: IMSK from MSK", imsk_msk, EAP_TEAP_IMSK_LEN);
-- } else {
-- RDEBUGHEX("Phase 2: IMSK Zero", imsk_msk, EAP_TEAP_IMSK_LEN);
-- }
-- imck_seed[1].iov_base = imsk_msk;
-- TLS_PRF(tls_session->ssl,
-- t->imck_msk.simck, sizeof(t->imck_msk.simck),
-- imck_seed, ARRAY_SIZE(imck_seed),
-- (uint8_t *)&imck_msk, sizeof(imck_msk));
--
-- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
-- RDEBUGHEX("Phase 2: MSK S-IMCK[j]", imck_msk.simck, sizeof(imck_msk.simck));
-- RDEBUGHEX("Phase 2: MSK CMK[j]", imck_msk.cmk, sizeof(imck_msk.cmk));
--
-- if (emsklen) {
-- uint8_t emsk_label[20] = "TEAPbindkey@ietf.org";
-- uint8_t null[1] = {0};
-- uint8_t length[2] = {0,64}; /* length of 64 bytes in two bytes in network order */
-- struct iovec emsk_seed[] = {
-- { (void *)emsk_label, sizeof(emsk_label) },
-- { (void *)null, sizeof(null) },
-- { (void *)length, sizeof(length) }
-- };
--
-- /*
-- * IMSK[j] = First 32 octets of TLS-PRF(
-- * EMSK[j],
-- * "TEAPbindkey@ietf.org",
-- * 0x00 | 0x00 | 0x40)
-- */
-- TLS_PRF(tls_session->ssl,
-- emsk, emsklen,
-- emsk_seed, ARRAY_SIZE(emsk_seed),
-- imsk_emsk, sizeof(imsk_emsk));
--
-- RDEBUGHEX("Phase 2: IMSK from EMSK", imsk_emsk, EAP_TEAP_IMSK_LEN);
--
-- /*
-- * IMCK[j] = the first 60 octets of TLS-PRF(S-IMCK[j-1],
-- * "Inner Methods Compound Keys",
-- * IMSK[j])
-- */
-- imck_seed[1].iov_base = imsk_emsk;
-- TLS_PRF(tls_session->ssl,
-- t->imck_emsk.simck, sizeof(t->imck_emsk.simck),
-- imck_seed, ARRAY_SIZE(imck_seed),
-- (uint8_t *)&imck_emsk, sizeof(imck_emsk));
--
-- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
-- RDEBUGHEX("Phase 2: EMSK S-IMCK[j]", imck_emsk.simck, sizeof(imck_emsk.simck));
-- RDEBUGHEX("Phase 2: EMSK CMK[j]", imck_emsk.cmk, sizeof(imck_emsk.cmk));
--
-- memcpy(&t->imck_emsk, &imck_emsk, sizeof(imck_emsk));
-- }
--
-- memcpy(&t->imck_msk, &imck_msk, sizeof(imck_msk));
--}
--
--static void eap_teap_tlv_append(tls_session_t *tls_session, int tlv, bool mandatory, int length, const void *data)
--{
-- uint16_t hdr[2];
--
-- hdr[0] = htons(tlv | (mandatory ? EAP_TEAP_TLV_MANDATORY : 0));
-- hdr[1] = htons(length);
--
-- tls_session->record_plus(&tls_session->clean_in, &hdr, 4);
-- tls_session->record_plus(&tls_session->clean_in, data, length);
--}
--
--static void eap_teap_send_error(tls_session_t *tls_session, int error)
--{
-- uint32_t value;
-- value = htonl(error);
--
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_ERROR, true, sizeof(value), &value);
--}
--
--static void eap_teap_append_identity_type(tls_session_t *tls_session, int value)
--{
-- uint16_t identity;
-- identity = htons(value);
-- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
--
-- fr_assert(value != 0);
-- fr_assert(value <= 2);
--
-- /*
-- * If we send this, it's required.
-- */
-- t->auths[value].required = true;
-- t->auths[value].sent = true;
--
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_IDENTITY_TYPE, false, sizeof(identity), &identity);
--}
--
--static void eap_teap_append_result(REQUEST *request, tls_session_t *tls_session, PW_CODE code)
--{
-- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
--
-- int type = (t->result_final)
-- ? EAP_TEAP_TLV_RESULT
-- : EAP_TEAP_TLV_INTERMED_RESULT;
--
-- char const *name = (t->result_final) ? "Result" : "Intermediate-Result";
--
-- uint16_t state = (code == PW_CODE_ACCESS_REJECT)
-- ? EAP_TEAP_TLV_RESULT_FAILURE
-- : EAP_TEAP_TLV_RESULT_SUCCESS;
-- state = htons(state);
--
-- char const *state_name = (code == PW_CODE_ACCESS_REJECT) ? "Failure" : "Success";
--
-- RDEBUG("Phase 2: %s = %s", name, state_name);
--
-- eap_teap_tlv_append(tls_session, type, true, sizeof(state), &state);
--}
--
--static void eap_teap_append_eap_identity_request(REQUEST *request, tls_session_t *tls_session, eap_handler_t *eap_session)
--{
-- eap_packet_raw_t eap_packet;
--
-- RDEBUG("Phase 2: Sending EAP-Identity");
--
-- eap_packet.code = PW_EAP_REQUEST;
-- eap_packet.id = eap_session->eap_ds->response->id + 1;
-- eap_packet.length[0] = 0;
-- eap_packet.length[1] = EAP_HEADER_LEN + 1;
-- eap_packet.data[0] = PW_EAP_IDENTITY;
--
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, sizeof(eap_packet), &eap_packet);
--}
--
--/*
-- * RFC7170 and the consequences of EID5768, EID5770 and EID5775 makes the path forward unclear,
-- * so just do what hostapd does...which the IETF probably agree with anyway:
-- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
-- */
--static void eap_teap_append_crypto_binding(REQUEST *request, tls_session_t *tls_session,
-- uint8_t *msk, size_t msklen,
-- uint8_t *emsk, size_t emsklen)
--{
-- teap_tunnel_t *t = tls_session->opaque;
-- uint8_t mac_msk[EVP_MAX_MD_SIZE], mac_emsk[EVP_MAX_MD_SIZE];
-- unsigned int maclen = EVP_MAX_MD_SIZE;
-- uint8_t *buf;
-- size_t olen, buflen;
-- struct crypto_binding_buffer *cbb;
-- uint8_t *outer_tlvs;
--
-- RDEBUG("Phase 2: Sending Cryptobinding");
--
-- eap_teap_derive_imck(request, tls_session, msk, msklen, emsk, emsklen);
--
-- t->imck_emsk_available = emsklen > 0;
--
-- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
-- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
--
-- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
--
-- buf = talloc_zero_array(request, uint8_t, buflen);
-- rad_assert(buf != NULL);
--
-- cbb = (struct crypto_binding_buffer *)buf;
--
-- CRYPTO_BINDING_BUFFER_INIT(cbb);
-- cbb->binding.version = EAP_TEAP_VERSION;
-- cbb->binding.received_version = t->received_version;
--
-- cbb->binding.subtype = ((emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) << 4) | EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
--
-- rad_assert(sizeof(cbb->binding.nonce) % sizeof(uint32_t) == 0);
-- RANDFILL(cbb->binding.nonce);
-- cbb->binding.nonce[sizeof(cbb->binding.nonce) - 1] &= ~0x01; /* RFC 7170, Section 4.2.13 */
--
-- outer_tlvs = &cbb->outer_tlvs[0];
--
-- if (tls_session->outer_tlvs_octets_server) {
-- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
--
-- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
-- outer_tlvs += len;
-- }
--
-- if (tls_session->outer_tlvs_octets_peer) {
-- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
--
-- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
-- }
--
-- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
--
-- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
-- HMAC(md, &t->imck_msk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_msk, &maclen);
-- if (t->imck_emsk_available) {
-- HMAC(md, &t->imck_emsk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_emsk, &maclen);
-- }
-- memcpy(cbb->binding.msk_compound_mac, &mac_msk, sizeof(cbb->binding.msk_compound_mac));
-- if (t->imck_emsk_available) {
-- memcpy(cbb->binding.emsk_compound_mac, &mac_emsk, sizeof(cbb->binding.emsk_compound_mac));
-- }
--
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_CRYPTO_BINDING, true, sizeof(cbb->binding), (uint8_t *)&cbb->binding);
--}
--
--static int eap_teap_verify(REQUEST *request, tls_session_t *tls_session, uint8_t const *data, unsigned int data_len)
--{
-- uint16_t attr;
-- uint16_t length;
-- unsigned int remaining = data_len;
-- int total = 0;
-- int num[EAP_TEAP_TLV_MAX] = {0};
-- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
-- uint32_t present = 0;
-- uint32_t error = 0;
-- uint16_t status = 0;
--
-- rad_assert(sizeof(present) * 8 > EAP_TEAP_TLV_MAX);
--
-- while (remaining > 0) {
-- if (remaining < 4) {
-- REDEBUG("Phase 2: Data is too small (%u) to contain a TLV header", remaining);
-- return 0;
-- }
--
-- memcpy(&attr, data, sizeof(attr));
-- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
--
-- switch (attr) {
-- case EAP_TEAP_TLV_RESULT:
-- case EAP_TEAP_TLV_NAK:
-- case EAP_TEAP_TLV_ERROR:
-- case EAP_TEAP_TLV_VENDOR_SPECIFIC:
-- case EAP_TEAP_TLV_EAP_PAYLOAD:
-- case EAP_TEAP_TLV_INTERMED_RESULT:
-- case EAP_TEAP_TLV_CRYPTO_BINDING:
-- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
-- num[attr]++;
-- present |= 1 << attr;
--
-- if (num[EAP_TEAP_TLV_EAP_PAYLOAD] > 1) {
-- REDEBUG("Phase 2: Too many EAP-Payload TLVs");
--unexpected:
-- for (int i = 0; i < EAP_TEAP_TLV_MAX; i++) {
-- DICT_ATTR const *da;
--
-- if (!(present & (1 << i))) continue;
--
-- da = dict_attrbyvalue((i << 8) | PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
-- if (da) {
-- RDEBUG("Phase 2: - attribute %s is present", da->name);
-- } else {
-- RDEBUG("Phase 2: - attribute %d is present", i);
-- }
-- }
-- eap_teap_send_error(tls_session, EAP_TEAP_ERR_UNEXPECTED_TLV);
-- return 0;
-- }
--
-- if (num[EAP_TEAP_TLV_INTERMED_RESULT] > 1) {
-- REDEBUG("Phase 2: Too many Intermediate-Result TLVs");
-- goto unexpected;
-- }
-- break;
-- default:
-- if ((data[0] & 0x80) != 0) {
-- REDEBUG("Phase 2: Unknown mandatory TLV %02x", attr);
-- goto unexpected;
-- }
--
-- num[0]++;
-- }
--
-- total++;
--
-- memcpy(&length, data + 2, sizeof(length));
-- length = ntohs(length);
--
-- data += 4;
-- remaining -= 4;
--
-- if (length > remaining) {
-- REDEBUG2("Phase 2: TLV %u is longer than room remaining in the packet (%u > %u).", attr,
-- length, remaining);
-- return 0;
-- }
--
-- /*
-- * If the rest of the TLVs are larger than
-- * this attribute, continue.
-- *
-- * Otherwise, if the attribute over-flows the end
-- * of the TLCs, die.
-- */
-- if (remaining < length) {
-- REDEBUG2("Phase 2: TLV overflows packet.");
-- return 0;
-- }
--
-- if (attr == EAP_TEAP_TLV_ERROR) {
-- if (length != 4) goto fail_length;
-- error = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
-- }
--
-- /*
-- * If there's an error, we bail out of the
-- * authentication process before allocating
-- * memory.
-- */
-- if ((attr == EAP_TEAP_TLV_INTERMED_RESULT) || (attr == EAP_TEAP_TLV_RESULT)) {
-- if (length != 2) {
-- fail_length:
-- REDEBUG("Phase 2: TLV %u is too short. Expected 2, got %d.", attr, length);
-- return 0;
-- }
--
-- status = (data[0] << 8) | data[1];
-- if (status == 0) goto unknown_value;
-- }
--
-- /*
-- * 1 octet length + User-Name
-- * 1 octet length + User-Password
-- */
-- if (attr == EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP) {
-- uint8_t const *p = data;
-- uint16_t vlen = length;
--
-- if (vlen <= 2) {
-- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is too short. Expected >2, got %d.", vlen);
-- return 0;
-- }
--
-- /*
-- * Can't be zero. We must have MORE than "1 octet length + User-Name"
-- */
-- if (!p[0] || ((p[0] + 1) >= vlen)) {
-- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. User-Name field has bad lenth %u", p[0]);
-- return 0;
-- }
--
-- vlen -= p[0] + 1;
-- if (!vlen) {
-- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field is missing");
-- return 0;
-- }
--
-- p += p[0] + 1;
-- if (!p[0] || (p[0] >= vlen)) {
-- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field has bad lenth %u", p[0]);
-- return 0;
-- }
-- }
--
-- if (attr == EAP_TEAP_TLV_IDENTITY_TYPE) {
-- if (length != 2) goto fail_length;
--
-- if ((data[0] != 0) || (data[1] == 0) || (data[1] > 2)) {
-- REDEBUG("Phase 2: Identity-Type TLV contains invalid value %02x%02x",
-- data[0], data[1]);
-- return 0;
-- }
-- }
--
-- /*
-- * Check the size of Crypto-Binding TLV, and the TEAP version.
-- */
-- if (attr == EAP_TEAP_TLV_CRYPTO_BINDING) {
-- if (length != sizeof(eap_tlv_crypto_binding_tlv_t)) {
-- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect length %u", length);
-- return 0;
-- }
--
-- if (data[1] != EAP_TEAP_VERSION) {
-- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect version %u", data[1]);
-- return 0;
-- }
-- }
--
-- /*
-- * remaining > length, continue.
-- */
-- remaining -= length;
-- data += length;
-- }
--
-- /*
-- * Check status if we have it.
-- */
-- if (status) {
-- if (status == EAP_TEAP_TLV_RESULT_FAILURE) {
-- if (!error) {
-- REDEBUG("Phase 2: Received Result from peer which indicates failure with error %u. Rejecting request.", error);
-- } else {
-- REDEBUG("Phase 2: Received Result from peer which indicates failure. Rejecting request.");
-- }
-- return 0;
-- }
--
-- if (status != EAP_TEAP_TLV_RESULT_SUCCESS) {
-- unknown_value:
-- REDEBUG("Phase 2: Received Result from peer with unknown value %u. Rejecting request.", status);
-- goto unexpected;
-- }
-- }
--
-- /*
-- * Check if the peer mixed & matched TLVs.
-- */
-- if ((num[EAP_TEAP_TLV_NAK] > 0) && (num[EAP_TEAP_TLV_NAK] != total)) {
-- REDEBUG("Phase 2: NAK TLV was sent along with non-NAK TLVs. Rejecting request.");
-- goto unexpected;
-- }
--
-- /*
-- * RFC7170 EID5844 says we can have Intermediate-Result and Result TLVs all in one
-- */
--
-- /*
-- * Check mandatory or not mandatory TLVs.
-- */
-- switch (t->stage) {
-- case TLS_SESSION_HANDSHAKE:
-- if (present) {
-- REDEBUG("Phase 2: Unexpected TLVs in TLS Session Handshake stage");
-- goto unexpected;
-- }
-- break;
-- case AUTHENTICATION:
-- if (present & ~((1 << EAP_TEAP_TLV_EAP_PAYLOAD) | (1 << EAP_TEAP_TLV_CRYPTO_BINDING) | (1 << EAP_TEAP_TLV_INTERMED_RESULT) | (1 << EAP_TEAP_TLV_RESULT) | (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP))) {
-- REDEBUG("Phase 2: Unexpected TLVs in authentication stage");
-- goto unexpected;
-- }
--
-- /*
-- * A password request must yield a password response.
-- */
-- if (t->sent_basic_password && ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
-- REDEBUG("Phase 2: Sent Basic-Password-Auth-Req but reply does not contain Basic-Password-Auth-Resp");
-- goto unexpected;
-- }
--
-- /*
-- * If we have Identity-Type, the packet must also
-- * contain either EAP-Payload or
-- * Basic-Password-Auth-Resp.
-- */
-- if (((present & (1 << EAP_TEAP_TLV_IDENTITY_TYPE)) != 0) &&
-- ((present & (1 << EAP_TEAP_TLV_EAP_PAYLOAD)) == 0) &&
-- ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
-- REDEBUG("Phase 2: Received Identity-Type without EAP-Payload or Basic-Password-Auth-Resp");
-- goto unexpected;
-- }
--
-- break;
-- case PROVISIONING:
-- if (present & ~(1 << EAP_TEAP_TLV_RESULT)) {
-- REDEBUG("Phase 2: Unexpected TLVs in provisioning stage");
-- goto unexpected;
-- }
-- break;
-- case COMPLETE:
-- if (present) {
-- REDEBUG("Phase 2: Unexpected TLVs in complete stage");
-- goto unexpected;
-- }
-- break;
-- default:
-- REDEBUG("Phase 2: Internal error, invalid stage %d", t->stage);
-- return 0;
-- }
--
-- /*
-- * We got this far. It looks OK.
-- */
-- return 1;
--}
--
--static ssize_t eap_teap_decode_vp(TALLOC_CTX *request, DICT_ATTR const *parent,
-- uint8_t const *data, size_t const attr_len, VALUE_PAIR **out)
--{
-- int8_t tag = TAG_NONE;
-- VALUE_PAIR *vp;
-- uint8_t const *p = data;
--
-- /*
-- * FIXME: Attrlen can be larger than 253 for extended attrs!
-- */
-- if (!parent || !out ) {
-- RERROR("eap_teap_decode_vp: Invalid arguments");
-- return -1;
-- }
--
-- /*
-- * Silently ignore zero-length attributes.
-- */
-- if (attr_len == 0) return 0;
--
-- /*
-- * And now that we've verified the basic type
-- * information, decode the actual p.
-- */
-- vp = fr_pair_afrom_da(request, parent);
-- if (!vp) return -1;
--
-- vp->vp_length = attr_len;
-- vp->tag = tag;
--
-- switch (parent->type) {
-- case PW_TYPE_STRING:
-- fr_pair_value_bstrncpy(vp, p, attr_len);
-- break;
--
-- case PW_TYPE_OCTETS:
-- fr_pair_value_memcpy(vp, p, attr_len);
-- break;
--
-- case PW_TYPE_ABINARY:
-- if (vp->vp_length > sizeof(vp->vp_filter)) {
-- vp->vp_length = sizeof(vp->vp_filter);
-- }
-- memcpy(vp->vp_filter, p, vp->vp_length);
-- break;
--
-- case PW_TYPE_BYTE:
-- vp->vp_byte = p[0];
-- break;
--
-- case PW_TYPE_SHORT:
-- vp->vp_short = (p[0] << 8) | p[1];
-- break;
--
-- case PW_TYPE_INTEGER:
-- case PW_TYPE_SIGNED: /* overloaded with vp_integer */
-- memcpy(&vp->vp_integer, p, 4);
-- vp->vp_integer = ntohl(vp->vp_integer);
-- break;
--
-- case PW_TYPE_INTEGER64:
-- memcpy(&vp->vp_integer64, p, 8);
-- vp->vp_integer64 = ntohll(vp->vp_integer64);
-- break;
--
-- case PW_TYPE_DATE:
-- memcpy(&vp->vp_date, p, 4);
-- vp->vp_date = ntohl(vp->vp_date);
-- break;
--
-- case PW_TYPE_ETHERNET:
-- memcpy(vp->vp_ether, p, 6);
-- break;
--
-- case PW_TYPE_IPV4_ADDR:
-- memcpy(&vp->vp_ipaddr, p, 4);
-- break;
--
-- case PW_TYPE_IFID:
-- memcpy(vp->vp_ifid, p, 8);
-- break;
--
-- case PW_TYPE_IPV6_ADDR:
-- memcpy(&vp->vp_ipv6addr, p, 16);
-- break;
--
-- case PW_TYPE_IPV6_PREFIX:
-- /*
-- * FIXME: double-check that
-- * (vp->vp_octets[1] >> 3) matches vp->vp_length + 2
-- */
-- memcpy(vp->vp_ipv6prefix, p, vp->vp_length);
-- if (vp->vp_length < 18) {
-- memset(((uint8_t *)vp->vp_ipv6prefix) + vp->vp_length, 0,
-- 18 - vp->vp_length);
-- }
-- break;
--
-- case PW_TYPE_IPV4_PREFIX:
-- /* FIXME: do the same double-check as for IPv6Prefix */
-- memcpy(vp->vp_ipv4prefix, p, vp->vp_length);
--
-- /*
-- * /32 means "keep all bits". Otherwise, mask
-- * them out.
-- */
-- if ((p[1] & 0x3f) > 32) {
-- uint32_t addr, mask;
--
-- memcpy(&addr, vp->vp_octets + 2, sizeof(addr));
-- mask = 1;
-- mask <<= (32 - (p[1] & 0x3f));
-- mask--;
-- mask = ~mask;
-- mask = htonl(mask);
-- addr &= mask;
-- memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr));
-- }
-- break;
--
-- default:
-- RERROR("eap_teap_decode_vp: type %d Internal sanity check %d ", parent->type, __LINE__);
-- fr_pair_list_free(&vp);
-- return -1;
-- }
--
-- vp->type = VT_DATA;
-- *out = vp;
-- return attr_len;
--}
--
--
--VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, SSL *ssl, uint8_t const *data, size_t data_len,
-- DICT_ATTR const *teap_da, vp_cursor_t *out)
--{
-- uint16_t attr;
-- uint16_t length;
-- size_t data_left = data_len;
-- VALUE_PAIR *first = NULL;
-- VALUE_PAIR *vp = NULL;
-- DICT_ATTR const *da;
--
-- if (!teap_da)
-- teap_da = dict_attrbyvalue(PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
-- rad_assert(teap_da != NULL);
--
-- if (!out) {
-- out = talloc(request, vp_cursor_t);
-- rad_assert(out != NULL);
-- fr_cursor_init(out, &first);
-- }
--
-- /*
-- * Decode the TLVs
-- */
-- while (data_left > 0) {
-- ssize_t decoded;
--
-- /* FIXME do something with mandatory */
--
-- memcpy(&attr, data, sizeof(attr));
-- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
--
-- memcpy(&length, data + 2, sizeof(length));
-- length = ntohs(length);
--
-- data += 4;
-- data_left -= 4;
--
-- /*
-- * Look up the TLV.
-- *
-- * For now, if it doesn't exist, ignore it.
-- */
-- da = dict_attrbyparent(teap_da, attr, teap_da->vendor);
-- if (!da) {
-- RDEBUG3("Phase 2: Skipping unknown attribute %u", attr);
-- goto next_attr;
-- }
-- if (da->type == PW_TYPE_TLV) {
-- eap_teap_teap2vp(request, ssl, data, length, da, out);
-- goto next_attr;
-- }
-- decoded = eap_teap_decode_vp(request, da, data, length, &vp);
-- if (decoded < 0) {
-- REDEBUG3("Phase 2: Failed decoding %s: %s", da->name, fr_strerror());
-- goto next_attr;
-- }
--
-- fr_cursor_merge(out, vp);
--
-- next_attr:
-- while (fr_cursor_next(out)) {
-- /* nothing */
-- }
--
-- data += length;
-- data_left -= length;
-- }
--
-- /*
-- * We got this far. It looks OK.
-- */
-- return first;
--}
--
--
--static void eapteap_copy_request_to_tunnel(REQUEST *request, REQUEST *fake) {
-- VALUE_PAIR *copy, *vp;
-- vp_cursor_t cursor;
--
-- for (vp = fr_cursor_init(&cursor, &request->packet->vps);
-- vp;
-- vp = fr_cursor_next(&cursor)) {
-- /*
-- * The attribute is a server-side thingy,
-- * don't copy it.
-- */
-- if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) {
-- continue;
-- }
--
-- /*
-- * The outside attribute is already in the
-- * tunnel, don't copy it.
-- *
-- * This works for BOTH attributes which
-- * are originally in the tunneled request,
-- * AND attributes which are copied there
-- * from below.
-- */
-- if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue;
--
-- /*
-- * Some attributes are handled specially.
-- */
-- if (!vp->da->vendor) switch (vp->da->attr) {
-- /*
-- * NEVER copy Message-Authenticator,
-- * EAP-Message, or State. They're
-- * only for outside of the tunnel.
-- */
-- case PW_USER_NAME:
-- case PW_USER_PASSWORD:
-- case PW_CHAP_PASSWORD:
-- case PW_CHAP_CHALLENGE:
-- case PW_PROXY_STATE:
-- case PW_MESSAGE_AUTHENTICATOR:
-- case PW_EAP_MESSAGE:
-- case PW_STATE:
-- continue;
--
-- /*
-- * By default, copy it over.
-- */
-- default:
-- break;
-- }
--
-- /*
-- * Don't copy from the head, we've already
-- * checked it.
-- */
-- copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
-- fr_pair_add(&fake->packet->vps, copy);
-- }
--}
--
--static const char *stage_name[] = {
-- "TLS session handshake",
-- "Authentication",
-- "Provisioning",
-- "Complete"
--};
--
--/*
-- * Use a reply packet to determine what to do.
-- */
--static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_handler_t *eap_session,
-- tls_session_t *tls_session,
-- REQUEST *request, RADIUS_PACKET *reply)
--{
-- rlm_rcode_t rcode = RLM_MODULE_REJECT;
-- VALUE_PAIR *vp;
-- vp_cursor_t cursor;
-- uint8_t msk[2 * CHAP_VALUE_LENGTH] = {0}, emsk[2 * EAPTLS_MPPE_KEY_LEN] = {0};
-- size_t msklen = 0, emsklen = 0;
-- bool doing_eap;
--
-- teap_tunnel_t *t = tls_session->opaque;
--
-- rad_assert(eap_session->request == request);
--
-- RDEBUG("Phase 2: Stage %s", stage_name[t->stage]);
--
-- /*
-- * If the response packet was Access-Accept, then
-- * we're OK. If not, die horribly.
-- *
-- * FIXME: EAP-Messages can only start with 'identity',
-- * NOT 'eap start', so we should check for that....
-- */
-- switch (reply->code) {
-- case PW_CODE_ACCESS_ACCEPT:
-- RDEBUG("Phase 2: Got tunneled Access-Accept");
--
-- for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) {
-- if (vp->da->attr == PW_EAP_EMSK) {
-- // FIXME check if we should be generating an emsk from MPPE keys below
-- emsklen = MIN(vp->vp_length, sizeof(emsk));
-- memcpy(emsk, vp->vp_octets, emsklen);
-- break;
-- }
--
-- if (vp->da->vendor != VENDORPEC_MICROSOFT) continue;
--
-- /* like for EAP-FAST, the keying material is used reversed */
-- switch (vp->da->attr) {
-- case PW_MSCHAP_MPPE_SEND_KEY:
-- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN) {
-- /* do not set emsklen here so not to blat EAP-EMSK */
-- // emsklen = sizeof(emsk);
-- memcpy(emsk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
-- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
-- msklen = sizeof(msk);
-- memcpy(msk, vp->vp_octets, CHAP_VALUE_LENGTH);
-- } else {
-- wrong_length:
-- REDEBUG("Phase 2: Found %s with incorrect length. Expected %u or %u, got %zu",
-- vp->da->name, CHAP_VALUE_LENGTH, EAPTLS_MPPE_KEY_LEN, vp->vp_length);
-- return RLM_MODULE_INVALID;
-- }
--
-- RDEBUGHEX("Phase 2: MSCHAP-MPPE-SEND-KEY [low MSK]", vp->vp_octets, vp->length);
-- break;
--
-- case PW_MSCHAP_MPPE_RECV_KEY:
-- /* only do this if there is no EAP-EMSK */
-- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN && emsklen == 0) {
-- msklen = sizeof(msk);
-- memcpy(msk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
-- emsklen = sizeof(emsk);
-- memcpy(&emsk[EAPTLS_MPPE_KEY_LEN], vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
-- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
-- msklen = sizeof(msk);
-- memcpy(&msk[CHAP_VALUE_LENGTH], vp->vp_octets, CHAP_VALUE_LENGTH);
-- } else {
-- goto wrong_length;
-- }
--
-- RDEBUGHEX("Phase 2: MSCHAP-MPPE-RECV-KEY [high MSK]", vp->vp_octets, vp->vp_length);
-- break;
--
-- case PW_MSCHAP2_SUCCESS:
-- RDEBUG("Phase 2: Got %s, tunneling it to the client in a challenge", vp->da->name);
-- if (t->use_tunneled_reply) {
-- t->authenticated = true;
-- /*
-- * Clean up the tunneled reply.
-- */
-- fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
--
-- /*
-- * Delete MPPE keys & encryption policy. We don't
-- * want these here.
-- */
-- fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
--
-- fr_pair_list_free(&t->accept_vps); /* for proxying MS-CHAP2 */
-- fr_pair_list_mcopy_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
-- rad_assert(!reply->vps);
-- }
-- break;
--
-- default:
-- break;
-- }
-- }
--
-- if (t->use_tunneled_reply) {
-- /*
-- * Clean up the tunneled reply.
-- */
-- fr_pair_delete_by_num(&reply->vps, PW_EAP_EMSK, 0, TAG_ANY);
-- fr_pair_delete_by_num(&reply->vps, PW_EAP_SESSION_ID, 0, TAG_ANY);
-- }
--
-- eap_teap_append_result(request, tls_session, reply->code);
-- eap_teap_append_crypto_binding(request, tls_session, msk, msklen, emsk, emsklen);
--
-- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (vp) {
-- RDEBUG("Phase 2: Continuing with Identity-Type = %s",
-- (vp->vp_short == 1) ? "User" : "Machine");
--
-- /* RFC3748, Section 2.1 - does not explictly tell us to but we need to eat the EAP-Success */
-- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
--
-- /* new identity */
-- talloc_free(t->username);
-- t->username = NULL;
--
-- if (t->num_identities == 2) {
-- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
-- goto fail;
-- }
--
-- t->identity_types[t->num_identities++] = vp->vp_short;
--
-- /* RFC7170, Appendix C.6 */
-- eap_teap_append_identity_type(tls_session, vp->vp_short);
--
-- if (t->default_method || t->eap_method[vp->vp_short]) {
-- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
-- }
--
-- if (!t->auto_chain) goto challenge;
--
-- if (!(t->default_method || t->eap_method[vp->vp_short])) {
-- RDEBUG("Phase 2: No %s EAP methods configured - assuming password",
-- (vp->vp_short == 1) ? "User" : "Machine");
--
-- vp = fr_pair_afrom_num(reply, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS);
-- if (vp) {
-- fr_pair_add(&reply->vps, vp);
-- } else {
-- RERROR("Failed adding attribute &reply:FreeRADIUS-EAP-TEAP-Basic-Password-Auth-Req");
-- goto fail;
-- }
-- }
--
-- /*
-- * Delete the &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type
-- * which we found.
-- *
-- * If there are more than one, then the
-- * next round will pick up the next one.
-- */
-- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
-- (vp->vp_short == 1) ? "User" : "Machine");
-- fr_pair_delete(&request->state, vp);
--
-- /*
-- * Always challenge, as we're sending EAP-Identity.
-- */
-- goto challenge;
-- }
--
-- if (t->auths[1].required && !t->auths[1].received) {
-- REDEBUG("Phase 2: We required Identity-Type = User, but we did not see it - rejecting the session");
-- goto fail;
-- }
--
-- if (t->auths[2].required && !t->auths[2].received) {
-- REDEBUG("Phase 2: We required Identity-Type = Machine, but we did not see it - rejecting the session");
-- goto fail;
-- }
--
-- RDEBUG("Phase 2: All inner authentications have succeeded");
--
-- t->result_final = true;
-- t->sent_basic_password = false;
-- eap_teap_append_result(request, tls_session, reply->code);
--
-- tls_session->authentication_success = true;
-- rcode = RLM_MODULE_OK;
--
-- break;
--
-- case PW_CODE_ACCESS_REJECT:
-- RDEBUG("Phase 2: Got tunneled Access-Reject");
--
-- fail:
-- eap_teap_append_result(request, tls_session, PW_CODE_ACCESS_REJECT);
-- rcode = RLM_MODULE_REJECT;
-- break;
--
-- /*
-- * Handle Access-Challenge, but only if we
-- * send tunneled reply data. This is because
-- * an Access-Challenge means that we MUST tunnel
-- * a Reply-Message to the client.
-- */
-- case PW_CODE_ACCESS_CHALLENGE:
-- RDEBUG("Phase 2: Got tunneled Access-Challenge");
--challenge:
-- /*
-- * Keep the State attribute, if necessary.
-- *
-- * Get rid of the old State, too.
-- */
-- fr_pair_list_free(&t->state);
-- fr_pair_list_mcopy_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
--
-- t->sent_basic_password = false;
-- doing_eap = false;
--
-- /*
-- * Copy the EAP-Message back to the tunnel. Note
-- * that there can only be one EAP-Message
-- * attribute. The RADIUS encoder takes care of
-- * splitting it into multiple chunks in a RADIUS
-- * packet.
-- *
-- * For TEAP, we can only send one EAP-Payload TLV
-- * in a packet.
-- */
-- vp = fr_pair_find_by_num(reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
-- if (vp) {
-- doing_eap = true;
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, vp->vp_length, vp->vp_octets);
-- }
--
-- /*
-- * When chaining, we 'goto challenge' and can use
-- * that to now signal back to unlang that a
-- * method has completed and we can now move to
-- * the next
-- */
-- rcode = reply->code == PW_CODE_ACCESS_CHALLENGE ? RLM_MODULE_HANDLED : RLM_MODULE_OK;
--
-- if (!doing_eap) {
-- vp = fr_pair_find_by_num(reply->vps, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (!vp) {
-- RWDEBUG("Phase 2: Not configured to use EAP or passwords. Authentication will likely fail.");
-- break;
-- }
--
-- t->sent_basic_password = true;
--
-- RDEBUG("Phase 2: Sending Basic-Password-Auth-Req");
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, vp->vp_length, vp->vp_strvalue);
-- }
--
-- break;
--
-- default:
-- RDEBUG("Phase 2: Unknown RADIUS packet type %d: rejecting tunneled user", reply->code);
-- rcode = RLM_MODULE_INVALID;
-- break;
-- }
--
--
-- return rcode;
--}
--
--static PW_CODE eap_teap_phase2(REQUEST *request, eap_handler_t *eap_session,
-- tls_session_t *tls_session, REQUEST *fake)
--{
-- PW_CODE code = PW_CODE_ACCESS_REJECT;
-- rlm_rcode_t rcode;
-- VALUE_PAIR *vp;
-- teap_tunnel_t *t;
-- int eap_method = 0;
--
-- RDEBUG3("Phase 2: Processing received EAP Payload");
--
-- t = (teap_tunnel_t *) tls_session->opaque;
--
-- RDEBUG("Phase 2: Got tunneled request");
-- rdebug_pair_list(L_DBG_LVL_1, request, fake->packet->vps, NULL);
--
-- /*
-- * Tell the request that it's a fake one.
-- */
-- fr_pair_make(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
--
-- /*
-- * No User-Name in the stored data, look for
-- * an EAP-Identity, and pull it out of there.
-- */
-- if (!t->username) {
-- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
-- if (vp &&
-- (vp->vp_length >= EAP_HEADER_LEN + 2) &&
-- (vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
-- (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) &&
-- (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) {
-- /*
-- * Create & remember a User-Name
-- */
-- t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
-- rad_assert(t->username != NULL);
--
-- fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
--
-- RDEBUG("Phase 2: Got tunneled identity of %s", t->username->vp_strvalue);
--
-- } else if (!fake->username) {
-- /*
-- * Don't reject the request outright,
-- * as it's permitted to do EAP without
-- * user-name.
-- */
-- RWDEBUG2("Phase 2: No EAP-Identity found to start EAP conversation");
-- }
-- } /* else there WAS a t->username */
--
-- if (t->username && !fake->username) {
-- vp = fr_pair_list_copy(fake->packet, t->username);
-- fr_pair_add(&fake->packet->vps, vp);
-- fake->username = vp;
-- }
--
-- /*
-- * Add the State attribute, too, if it exists.
-- */
-- if (t->state) {
-- vp = fr_pair_list_copy(fake->packet, t->state);
-- if (vp) fr_pair_add(&fake->packet->vps, vp);
-- }
--
-- if (t->stage == AUTHENTICATION) {
-- VALUE_PAIR *tvp;
--
-- eap_method = t->default_method;
--
-- RDEBUG2("Phase 2: Authentication");
--
-- /*
-- * See which method we're doing. If we're told to do a particular kind of identity
-- * check, AND there's not any EAP-Type already set, THEN do it.
-- */
-- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (vp) {
-- VALUE_PAIR *teap_type;
--
-- t->auths[vp->vp_short].received++;
--
-- /*
-- * User auth. Prefer:
-- * * values set by the admin for this session.
-- * * otherwise configured in the TEAP module
-- * * otherwise default_eap_type
-- * * otherwise ???
-- */
-- if (vp->vp_short == 1) {
-- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_USER, 0, TAG_ANY);
-- if (teap_type) {
-- eap_method = teap_type->vp_integer;
--
-- RDEBUG("Phase 2: Setting User EAP-Type = %s from &config:TEAP-Type-User",
-- eap_type2name(eap_method));
--
-- } else if (t->eap_method[vp->vp_short]) {
-- eap_method = t->eap_method[vp->vp_short];
--
-- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration user_eap_type",
-- eap_type2name(eap_method));
--
-- } else if (eap_method) {
-- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration default_eap_type",
-- eap_type2name(eap_method));
--
-- } else if (fake->password) {
-- RDEBUG("Phase 2: User is not doing EAP, but instead is doing User-Password authentication");
--
-- } else {
-- RWDEBUG("Phase 2: Not setting User EAP-Type");
-- }
-- }
--
-- if (vp->vp_short == 2) {
-- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_MACHINE, 0, TAG_ANY);
-- if (teap_type) {
-- eap_method = teap_type->vp_integer;
--
-- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from &config:TEAP-Type-Machine",
-- eap_type2name(eap_method));
--
-- } else if (t->eap_method[vp->vp_short]) {
-- eap_method = t->eap_method[vp->vp_short];
--
-- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from TEAP configuration machine_eap_type",
-- eap_type2name(eap_method));
--
-- } else if (eap_method) {
-- RDEBUG("Phase 2: Using Machine EAP-Type = %s from TEAP configuration default_eap_type",
-- eap_type2name(eap_method));
--
-- } else if (fake->password) {
-- RDEBUG("Phase 2: Machine is not doing EAP, but instead is doing User-Password authentication");
--
-- } else {
-- RWDEBUG("Phase 2: Not setting Machine EAP-Type");
-- }
-- }
-- }
--
-- if (eap_method) {
-- /*
-- * RFC 7170 - Authenticating Using EAP-TEAP-MSCHAPv2
-- */
-- if (eap_method == PW_EAP_MSCHAPV2 && t->mode == EAP_TEAP_PROVISIONING_ANON) {
-- tvp = fr_pair_afrom_num(fake, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT);
-- //fr_pair_value_memcpy(tvp, t->keyblock->server_challenge, CHAP_VALUE_LENGTH);
-- fr_pair_add(&fake->config, tvp);
--
-- tvp = fr_pair_afrom_num(fake, PW_MS_CHAP_PEER_CHALLENGE, 0);
-- //fr_pair_value_memcpy(tvp, t->keyblock->client_challenge, CHAP_VALUE_LENGTH);
-- fr_pair_add(&fake->config, tvp);
-- }
--
-- /*
-- * Set the configuration to force a particular EAP-Type.
-- */
-- RDEBUG("Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = %s", eap_type2name(eap_method));
-- vp = fr_pair_afrom_num(fake, PW_EAP_TYPE, 0);
-- if (vp) {
-- fr_pair_add(&fake->config, vp);
-- vp->vp_integer = eap_method;
-- }
--
-- } else if (!fake->password) {
-- RWDEBUG("Phase 2: No explicit EAP-Type set.");
-- } else {
-- /* else it's User-Password authentication */
-- }
-- }
--
-- if (t->copy_request_to_tunnel) {
-- eapteap_copy_request_to_tunnel(request, fake);
-- }
--
-- if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
-- fake->server = vp->vp_strvalue;
--
-- } else if (t->virtual_server) {
-- fake->server = t->virtual_server;
--
-- } /* else fake->server == request->server */
--
-- /*
-- * Call authentication recursively, which will
-- * do PAP, CHAP, MS-CHAP, etc.
-- */
-- rad_virtual_server(fake);
--
-- /*
-- * Decide what to do with the reply.
-- */
-- switch (fake->reply->code) {
-- case 0:
-- vp = fr_pair_find_by_num(fake->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
-- if (vp && (vp->vp_integer == PW_CODE_ACCESS_CHALLENGE)) {
-- fake->reply->code = PW_CODE_ACCESS_CHALLENGE;
-- goto do_reply;
-- }
--
-- RDEBUG("Phase 2: No tunneled reply was found, rejecting the user.");
-- code = PW_CODE_ACCESS_REJECT;
-- break;
--
-- default:
-- do_reply:
-- /*
-- * Returns RLM_MODULE_FOO, and we want to return PW_FOO
-- */
-- rcode = process_reply(eap_session, tls_session, request, fake->reply);
-- switch (rcode) {
-- case RLM_MODULE_REJECT:
-- code = PW_CODE_ACCESS_REJECT;
-- break;
--
-- case RLM_MODULE_HANDLED:
-- code = PW_CODE_ACCESS_CHALLENGE;
-- break;
--
-- case RLM_MODULE_OK:
-- code = PW_CODE_ACCESS_ACCEPT;
-- break;
--
-- default:
-- code = PW_CODE_ACCESS_REJECT;
-- break;
-- }
-- break;
-- }
--
-- return code;
--}
--
--static PW_CODE eap_teap_crypto_binding(REQUEST *request, UNUSED eap_handler_t *eap_session,
-- tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t const *binding)
--{
-- teap_tunnel_t *t = tls_session->opaque;
-- uint8_t *buf;
-- size_t olen, buflen;
-- struct crypto_binding_buffer *cbb;
-- uint8_t mac[EVP_MAX_MD_SIZE];
-- unsigned int maclen = sizeof(mac);
-- unsigned int flags;
-- struct teap_imck_t *imck = NULL;
-- uint8_t *outer_tlvs;
--
-- /*
-- * @todo - put crypto binding calculations into a common function,
-- */
-- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
-- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
--
-- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
--
-- buf = talloc_zero_array(request, uint8_t, buflen);
-- rad_assert(buf != NULL);
--
-- cbb = (struct crypto_binding_buffer *)buf;
--
-- /*
-- * binding->version is what they are using.
-- * binding->received_version is what they got from us.
-- */
-- if (binding->version != t->received_version || binding->received_version != EAP_TEAP_VERSION) {
-- RDEBUG2("Phase 2: Crypto-Binding TLV version mis-match (possible downgrade attack!)");
-- RDEBUG2("Phase 2: Expected client to send %d, got %d. We sent %d, they echoed back %d",
-- t->received_version, binding->version,
-- EAP_TEAP_VERSION, binding->received_version);
-- return PW_CODE_ACCESS_REJECT;
-- }
-- if ((binding->subtype & 0xf) != EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE) {
-- RDEBUG2("Phase 2: Crypto-Binding TLV contains unexpected response");
-- return PW_CODE_ACCESS_REJECT;
-- }
-- flags = binding->subtype >> 4;
--
-- CRYPTO_BINDING_BUFFER_INIT(cbb);
-- memcpy(&cbb->binding, binding, sizeof(cbb->binding) - sizeof(cbb->binding.emsk_compound_mac) - sizeof(cbb->binding.msk_compound_mac));
--
-- outer_tlvs = &cbb->outer_tlvs[0];
--
-- if (tls_session->outer_tlvs_octets_server) {
-- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
--
-- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
-- outer_tlvs += len;
-- }
--
-- if (tls_session->outer_tlvs_octets_peer) {
-- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
--
-- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
-- }
--
-- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
--
-- /*
-- * we carry forward the S-IMCK[j] based on what we verified for session key generation
-- *
-- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
-- * https://github.com/emu-wg/teap-errata/pull/13
-- */
-- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
--
-- /*
-- * We verify cryptobinding MSK and EMSK, but we prefer
-- * EMSK for the later IMCK deriviation.
-- */
-- if ((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) != 0) {
-- HMAC(md, &t->imck_msk.cmk, sizeof(t->imck_msk.cmk), buf, buflen, mac, &maclen);
-- if (memcmp(binding->msk_compound_mac, mac, sizeof(binding->msk_compound_mac))) {
-- RDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match");
-- return PW_CODE_ACCESS_REJECT;
-- }
-- imck = &t->imck_msk;
-- }
--
-- if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && t->imck_emsk_available) {
-- HMAC(md, &t->imck_emsk.cmk, sizeof(t->imck_emsk.cmk), buf, buflen, mac, &maclen);
-- if (memcmp(binding->emsk_compound_mac, mac, sizeof(binding->emsk_compound_mac))) {
-- RDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match");
-- return PW_CODE_ACCESS_REJECT;
-- }
--
-- RDEBUG3("Phase 2: Using all EMSK for ICMK");
-- imck = &t->imck_emsk;
--
-- } else if (imck) {
-- RDEBUG3("Phase 2: Using all MSK for ICMK");
--
-- } else {
-- RDEBUG3("Phase 2: Using all zeroes for ICMK");
-- imck = &imck_zeros;
-- }
--
-- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
-- RDEBUGHEX("Phase 2: S-IMCK[j]", imck->simck, sizeof(imck->simck));
--
-- uint8_t mk_msk_label[31] = "Session Key Generating Function";
--
-- struct iovec mk_msk_seed[1] = {
-- { (void *)mk_msk_label, sizeof(mk_msk_label) }
-- };
-- TLS_PRF(tls_session->ssl,
-- imck->simck, sizeof(imck->simck),
-- mk_msk_seed, ARRAY_SIZE(mk_msk_seed),
-- (uint8_t *)&t->msk, sizeof(t->msk));
-- RDEBUGHEX("Phase 2: Derived key (MSK)", t->msk, sizeof(t->msk));
--
-- uint8_t mk_emsk_label[40] = "Extended Session Key Generating Function";
-- struct iovec mk_emsk_seed[1] = {
-- { (void *)mk_emsk_label, sizeof(mk_emsk_label) }
-- };
-- TLS_PRF(tls_session->ssl,
-- imck->simck, sizeof(imck->simck),
-- mk_emsk_seed, ARRAY_SIZE(mk_emsk_seed),
-- (uint8_t *)&t->emsk, sizeof(t->emsk));
-- RDEBUGHEX("Phase 2: Derived key (EMSK)", t->emsk, sizeof(t->emsk));
--
-- return PW_CODE_ACCESS_ACCEPT;
--}
--
--
--static PW_CODE eap_teap_process_tlvs(REQUEST *request, eap_handler_t *eap_session,
-- tls_session_t *tls_session, VALUE_PAIR *teap_vps)
--{
-- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
-- VALUE_PAIR *vp, *copy;
-- vp_cursor_t cursor;
-- PW_CODE code = PW_CODE_ACCESS_ACCEPT;
-- uint8_t const *p;
-- bool gotintermedresult = false, gotresult = false, gotcryptobinding = false;
-- REQUEST *fake;
--
-- /*
-- * Allocate a fake REQUEST structure.
-- */
-- fake = request_alloc_fake(request);
-- rad_assert(!fake->packet->vps);
--
-- fake->eap_inner_tunnel = true;
--
-- for (vp = fr_cursor_init(&cursor, &teap_vps); vp; vp = fr_cursor_next(&cursor)) {
-- char *value;
-- DICT_ATTR const *parent_da = NULL;
-- VALUE_PAIR *vp_config;
--
-- parent_da = dict_parent(vp->da->attr, vp->da->vendor);
-- if (parent_da == NULL || vp->da->vendor != VENDORPEC_FREERADIUS ||
-- ((vp->da->attr & 0xff) != PW_FREERADIUS_EAP_TEAP_TLV)) {
-- continue;
-- }
--
-- switch (parent_da->attr) {
-- case PW_FREERADIUS_EAP_TEAP_TLV:
-- switch (vp->da->attr >> 8) {
-- case EAP_TEAP_TLV_IDENTITY_TYPE:
-- vp_config = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (vp_config && (vp_config->vp_short != vp->vp_short)) {
-- RWDEBUG("We requested &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %s",
-- (vp_config->vp_short == 1) ? "User" : "Machine");
-- RWDEBUG("But the supplicant returned FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %u",
-- vp->vp_short);
-- RWDEBUG("Authentication will likely fail.");
-- }
--
-- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
-- break;
--
-- /*
-- * Copy EAP-Payload to EAP-Message
-- */
-- case EAP_TEAP_TLV_EAP_PAYLOAD:
-- copy = fr_pair_afrom_num(fake->packet, PW_EAP_MESSAGE, 0);
-- fr_pair_value_memcpy(copy, vp->vp_octets, vp->vp_length);
-- fr_pair_add(&fake->packet->vps, copy);
-- break;
--
-- /*
-- * We copy the full attribute, even if the administrator
-- * isn't ever going to use it. The existence of the attribute
-- * is a signal that we have a password response, and not an EAP-Message.
-- */
-- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
-- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
--
-- p = vp->vp_octets;
--
-- copy = fr_pair_afrom_num(fake->packet, PW_USER_NAME, 0);
-- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
-- fr_pair_add(&fake->packet->vps, copy);
-- fake->username = copy;
--
-- p += p[0] + 1;
--
-- copy = fr_pair_afrom_num(fake->packet, PW_USER_PASSWORD, 0);
-- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
-- fr_pair_add(&fake->packet->vps, copy);
-- fake->password = copy;
-- break;
--
-- /*
-- * The rest of the TEAP
-- * attributes are signalling, and
-- * aren't needed by the inner-tunnel virtual server.
-- */
-- case EAP_TEAP_TLV_RESULT:
-- gotresult = true;
-- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
-- REDEBUG("Phase 2: Peer sent Result = Failure - rejecting the session");
-- code = PW_CODE_ACCESS_REJECT;
-- }
-- break;
--
-- case EAP_TEAP_TLV_INTERMED_RESULT:
-- gotintermedresult = true;
-- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
-- REDEBUG("Phase 2: Peer sent Intermediate-Result = Failure - rejecting the session");
-- code = PW_CODE_ACCESS_REJECT;
-- }
-- break;
--
-- case EAP_TEAP_TLV_CRYPTO_BINDING:
-- gotcryptobinding = true;
--
-- code = eap_teap_crypto_binding(request, eap_session, tls_session,
-- (eap_tlv_crypto_binding_tlv_t const *)vp->vp_octets);
-- break;
--
-- default:
-- value = vp_aprints_value(request->packet, vp, '"');
-- RDEBUG2("Ignoring unknown attribute %s", value);
-- talloc_free(value);
-- }
-- break;
--
-- default:
-- value = vp_aprints(request->packet, vp, '"');
-- RDEBUG2("Ignoring TEAP TLV %s", value);
-- talloc_free(value);
-- }
--
-- if (code == PW_CODE_ACCESS_REJECT) {
-- talloc_free(fake);
-- return PW_CODE_ACCESS_REJECT;
-- }
-- }
--
-- /*
-- * Move to the provisioning stage only if we have a final result.
-- */
-- if ((t->stage == AUTHENTICATION) && t->result_final) {
-- if (gotcryptobinding && gotintermedresult) t->stage = PROVISIONING;
-- /* rollback if we have an EAP sequence (chaining) */
-- if (t->stage == PROVISIONING && !gotresult && vp) t->stage = AUTHENTICATION;
-- }
--
-- if (t->stage == PROVISIONING) {
-- if (gotcryptobinding && gotresult) t->stage = COMPLETE;
-- }
--
-- if (t->stage == COMPLETE) {
-- if (!gotcryptobinding) {
-- RWDEBUG("Phase 2: Peer did not send Crypto-Binding - rejecting");
-- talloc_free(fake);
-- return PW_CODE_ACCESS_REJECT;
-- }
--
-- if (!gotresult) {
-- RWDEBUG("Phase 2: Peer did not send Result - rejecting");
-- talloc_free(fake);
-- return PW_CODE_ACCESS_REJECT;
-- }
--
-- } else {
-- code = eap_teap_phase2(request, eap_session, tls_session, fake);
-- }
--
-- talloc_free(fake);
-- return code;
--}
--
--
--static void print_tunneled_data(uint8_t const *data, size_t data_len)
--{
-- size_t i;
--
-- DEBUG2(" TEAP tunnel data total %zu", data_len);
--
-- if ((rad_debug_lvl > 2) && fr_log_fp) {
-- for (i = 0; i < data_len; i++) {
-- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TEAP tunnel data in %02x: ", (int) i);
--
-- fprintf(fr_log_fp, "%02x ", data[i]);
--
-- if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
-- }
-- if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n");
-- }
--}
--
--
--/*
-- * Process the inner tunnel data
-- */
--PW_CODE eap_teap_process(eap_handler_t *eap_session, tls_session_t *tls_session)
--{
-- PW_CODE code;
-- VALUE_PAIR *teap_vps, *vp;
-- uint8_t const *data;
-- size_t data_len;
-- teap_tunnel_t *t;
-- REQUEST *request = eap_session->request;
--
-- /*
-- * Just look at the buffer directly, without doing
-- * record_to_buff.
-- */
-- data_len = tls_session->clean_out.used;
-- tls_session->clean_out.used = 0;
-- data = tls_session->clean_out.data;
--
-- t = (teap_tunnel_t *) tls_session->opaque;
--
-- if (rad_debug_lvl > 2) print_tunneled_data(data, data_len);
--
-- /*
-- * See if the tunneled data is well formed.
-- */
-- if (!eap_teap_verify(request, tls_session, data, data_len)) return PW_CODE_ACCESS_REJECT;
--
-- if (t->stage == TLS_SESSION_HANDSHAKE) {
-- rad_assert(t->mode == EAP_TEAP_UNKNOWN);
--
-- char buf[256];
-- if (strstr(SSL_CIPHER_description(SSL_get_current_cipher(tls_session->ssl),
-- buf, sizeof(buf)), "Au=None")) {
-- /* FIXME enforce MSCHAPv2 - RFC 7170 */
-- RDEBUG2("Phase 2: Using anonymous provisioning");
-- t->mode = EAP_TEAP_PROVISIONING_ANON;
-- } else {
-- if (SSL_session_reused(tls_session->ssl)) {
-- RDEBUG("Phase 2: Outer session was resumed");
-- t->mode = EAP_TEAP_NORMAL_AUTH;
-- } else {
-- RDEBUG2("Phase 2: Using authenticated provisioning");
-- t->mode = EAP_TEAP_PROVISIONING_AUTH;
-- }
-- }
--
-- eap_teap_init_keys(request, tls_session);
--
--
-- /* RFC7170, Appendix C.6 */
-- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (vp) {
-- RDEBUG("Phase 2: Sending Identity-Type = %s", (vp->vp_short == 1) ? "User" : "Machine");
-- eap_teap_append_identity_type(tls_session, vp->vp_short);
--
-- if (t->num_identities == 2) {
-- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
-- goto fail;
-- }
--
-- t->identity_types[t->num_identities++] = vp->vp_short;
--
-- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
-- (vp->vp_short == 1) ? "User" : "Machine");
-- fr_pair_delete(&request->state, vp);
-- }
--
-- /*
-- * We always start off with an EAP-Identity-Request.
-- */
-- if (t->default_method || (vp && t->eap_method[vp->vp_short])) {
-- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
-- } else {
-- RDEBUG("Phase 2: No %s EAP method configured - sending Basic-Password-Auth-Req = \"\"",
-- !vp ? "" : (vp->vp_short == 1) ? "User" : "Machine");
-- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, 0, "");
-- }
--
-- t->stage = AUTHENTICATION;
--
-- tls_handshake_send(request, tls_session);
--
-- return PW_CODE_ACCESS_CHALLENGE;
-- }
--
-- teap_vps = eap_teap_teap2vp(request, tls_session->ssl, data, data_len, NULL, NULL);
--
-- RDEBUG("Phase 2: Got Tunneled TEAP TLVs");
-- rdebug_pair_list(L_DBG_LVL_1, request, teap_vps, NULL);
--
-- code = eap_teap_process_tlvs(request, eap_session, tls_session, teap_vps);
--
-- fr_pair_list_free(&teap_vps);
--
-- if (code == PW_CODE_ACCESS_REJECT) return PW_CODE_ACCESS_REJECT;
--
-- switch (t->stage) {
-- case AUTHENTICATION:
-- code = PW_CODE_ACCESS_CHALLENGE;
-- break;
--
-- case PROVISIONING:
-- if (!t->result_final) {
-- t->result_final = true;
-- eap_teap_append_result(request, tls_session, code);
-- }
-- /* FALL-THROUGH */
--
-- case COMPLETE:
-- /*
-- * TEAP wants to use it's own MSK, so boo to eap_tls_gen_mppe_keys()
-- */
-- eap_add_reply(request, "MS-MPPE-Recv-Key", t->msk, EAPTLS_MPPE_KEY_LEN);
-- eap_add_reply(request, "MS-MPPE-Send-Key", &t->msk[EAPTLS_MPPE_KEY_LEN], EAPTLS_MPPE_KEY_LEN);
-- eap_add_reply(request, "EAP-MSK", t->msk, sizeof(t->msk));
-- eap_add_reply(request, "EAP-EMSK", t->emsk, sizeof(t->emsk));
--
-- break;
--
-- default:
-- RERROR("Internal sanity check failed in EAP-TEAP at %d", t->stage);
-- fail:
-- code = PW_CODE_ACCESS_REJECT;
-- }
--
-- tls_handshake_send(request, tls_session);
--
-- return code;
--}
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
-deleted file mode 100644
-index 59f7835a26..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
-+++ /dev/null
-@@ -1,176 +0,0 @@
--/*
-- * eap_teap.h
-- *
-- * Version: $Id$
-- *
-- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--#ifndef _EAP_TEAP_H
--#define _EAP_TEAP_H
--
--RCSIDH(eap_teap_h, "$Id$")
--
--#include "eap_tls.h"
--
--#define EAP_TEAP_VERSION 1
--
--#define EAP_TEAP_MSK_LEN 64
--#define EAP_TEAP_EMSK_LEN 64
--#define EAP_TEAP_IMSK_LEN 32
--#define EAP_TEAP_SKS_LEN 40
--#define EAP_TEAP_SIMCK_LEN 40
--#define EAP_TEAP_CMK_LEN 20
--
--#define EAP_TEAP_TLV_MANDATORY 0x8000
--#define EAP_TEAP_TLV_TYPE 0x3fff
--
--#define EAP_TEAP_ERR_TUNNEL_COMPROMISED 2001
--#define EAP_TEAP_ERR_UNEXPECTED_TLV 2002
--
--/* intermediate result values also match */
--#define EAP_TEAP_TLV_RESULT_SUCCESS 1
--#define EAP_TEAP_TLV_RESULT_FAILURE 2
--
--#define EAP_TEAP_IDENTITY_TYPE_USER 1
--#define EAP_TEAP_IDENTITY_TYPE_MACHINE 2
--
--#define PW_EAP_TEAP_TLV_IDENTITY_TYPE (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_IDENTITY_TYPE << 8))
--#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ << 8))
--#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP << 8))
--
--typedef enum eap_teap_stage_t {
-- TLS_SESSION_HANDSHAKE = 0,
-- AUTHENTICATION,
-- PROVISIONING,
-- COMPLETE
--} eap_teap_stage_t;
--
--typedef enum eap_teap_auth_type {
-- EAP_TEAP_UNKNOWN = 0,
-- EAP_TEAP_PROVISIONING_ANON,
-- EAP_TEAP_PROVISIONING_AUTH,
-- EAP_TEAP_NORMAL_AUTH
--} eap_teap_auth_type_t;
--
--/* RFC 7170, Section 4.2.13 - Crypto-Binding TLV */
--typedef struct eap_tlv_crypto_binding_tlv_t {
-- uint8_t reserved;
-- uint8_t version;
-- uint8_t received_version;
-- uint8_t subtype; /* Flags[4b] and Sub-Type[4b] */
-- uint8_t nonce[32];
-- uint8_t emsk_compound_mac[20];
-- uint8_t msk_compound_mac[20];
--} CC_HINT(__packed__) eap_tlv_crypto_binding_tlv_t;
--
--typedef enum eap_teap_tlv_type_t {
-- EAP_TEAP_TLV_RESERVED_0 = 0, // 0
-- EAP_TEAP_TLV_AUTHORITY, // 1
-- EAP_TEAP_TLV_IDENTITY_TYPE, // 2
-- EAP_TEAP_TLV_RESULT, // 3
-- EAP_TEAP_TLV_NAK, // 4
-- EAP_TEAP_TLV_ERROR, // 5
-- EAP_TEAP_TLV_CHANNEL_BINDING, // 6
-- EAP_TEAP_TLV_VENDOR_SPECIFIC, // 7
-- EAP_TEAP_TLV_REQUEST_ACTION, // 8
-- EAP_TEAP_TLV_EAP_PAYLOAD, // 9
-- EAP_TEAP_TLV_INTERMED_RESULT, // 10
-- EAP_TEAP_TLV_PAC, // 11
-- EAP_TEAP_TLV_CRYPTO_BINDING, // 12
-- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, // 13
-- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP, // 14
-- EAP_TEAP_TLV_PKCS7, // 15
-- EAP_TEAP_TLV_PKCS10, // 16
-- EAP_TEAP_TLV_TRUSTED_ROOT, // 17
-- EAP_TEAP_TLV_MAX
--} eap_teap_tlv_type_t;
--
--typedef enum eap_teap_tlv_crypto_binding_tlv_flags_t {
-- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK = 1, // 1
-- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK, // 2
-- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH // 3
--} eap_teap_tlv_crypto_binding_tlv_flags_t;
--
--typedef enum eap_teap_tlv_crypto_binding_tlv_subtype_t {
-- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST = 0, // 0
-- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE // 1
--} eap_teap_tlv_crypto_binding_tlv_subtype_t;
--
--typedef struct teap_imck_t {
-- uint8_t simck[EAP_TEAP_SIMCK_LEN];
-- uint8_t cmk[EAP_TEAP_CMK_LEN];
--} CC_HINT(__packed__) teap_imck_t;
--
--typedef struct {
-- bool required;
-- bool sent;
-- uint8_t received;
--} teap_auth_t;
--
--typedef struct teap_tunnel_t {
-- VALUE_PAIR *username;
-- VALUE_PAIR *state;
-- VALUE_PAIR *accept_vps;
-- bool copy_request_to_tunnel;
-- bool use_tunneled_reply;
--
-- bool authenticated;
-- int received_version;
--
-- int mode;
-- eap_teap_stage_t stage;
--
-- int num_identities;
-- uint16_t identity_types[2];
--
-- teap_auth_t auths[3]; /* so we can index by Identity-Type */
--
-- int imckc;
-- bool imck_emsk_available;
-- struct teap_imck_t imck_msk;
-- struct teap_imck_t imck_emsk;
--
-- uint8_t msk[EAP_TEAP_MSK_LEN];
-- uint8_t emsk[EAP_TEAP_EMSK_LEN];
--
-- int default_method;
-- int eap_method[3];
--
-- bool result_final;
-- bool auto_chain; //!< do we automatically chain identities
-- bool sent_basic_password;
--
--#ifdef WITH_PROXY
-- bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated
-- //!< protocol.
--#endif
-- char const *virtual_server;
--} teap_tunnel_t;
--
--/*
-- * Process the TEAP portion of an EAP-TEAP request.
-- */
--PW_CODE eap_teap_process(eap_handler_t *handler, tls_session_t *tls_session) CC_HINT(nonnull);
--
--/*
-- * A bunch of EAP-TEAP helper functions.
-- */
--VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, UNUSED SSL *ssl, uint8_t const *data,
-- size_t data_len, DICT_ATTR const *teap_da, vp_cursor_t *out);
--
--#endif /* _EAP_TEAP_H */
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
-deleted file mode 100644
-index 17f49f9dfc..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
-+++ /dev/null
-@@ -1,198 +0,0 @@
--/*
-- * teap-crypto.c Cryptographic functions for EAP-TEAP.
-- *
-- * Version: $Id$
-- *
-- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--RCSID("$Id$")
--USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
--
--#include <stdio.h>
--#include <freeradius-devel/libradius.h>
--
--#include <openssl/evp.h>
--#include <openssl/aes.h>
--#include <openssl/err.h>
--
--#include "eap_teap_crypto.h"
--
--# define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log
--
--static void debug_errors(void)
--{
-- unsigned long errCode;
--
-- while((errCode = ERR_get_error())) {
-- char *err = ERR_error_string(errCode, NULL);
-- DEBUG("EAP-TEAP error in OpenSSL - %s", err);
-- }
--}
--
--// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
--int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
-- uint8_t const *aad, size_t aad_len,
-- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
-- uint8_t *tag)
--{
-- EVP_CIPHER_CTX *ctx;
--
-- int len;
--
-- int ciphertext_len;
--
--
-- /* Create and initialise the context */
-- if (!(ctx = EVP_CIPHER_CTX_new())) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Initialise the encryption operation. */
-- if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Set IV length if default 12 bytes (96 bits) is not appropriate */
-- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Initialise key and IV */
-- if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Provide any AAD data. This can be called zero or more times as
-- * required
-- */
-- if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Provide the message to be encrypted, and obtain the encrypted output.
-- * EVP_EncryptUpdate can be called multiple times if necessary
-- */
-- if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
-- debug_errors();
-- return -1;
-- };
-- ciphertext_len = len;
--
-- /* Finalise the encryption. Normally ciphertext bytes may be written at
-- * this stage, but this does not occur in GCM mode
-- */
-- if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
-- debug_errors();
-- return -1;
-- };
-- ciphertext_len += len;
--
-- /* Get the tag */
-- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Clean up */
-- EVP_CIPHER_CTX_free(ctx);
--
-- return ciphertext_len;
--}
--
--int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
-- uint8_t const *aad, size_t aad_len,
-- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext)
--{
-- EVP_CIPHER_CTX *ctx;
-- int len;
-- int plaintext_len;
-- int ret;
--
-- /* Create and initialise the context */
-- if (!(ctx = EVP_CIPHER_CTX_new())) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Initialise the decryption operation. */
-- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Set IV length. Not necessary if this is 12 bytes (96 bits) */
-- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Initialise key and IV */
-- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Provide any AAD data. This can be called zero or more times as
-- * required
-- */
-- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) {
-- debug_errors();
-- return -1;
-- };
--
-- /* Provide the message to be decrypted, and obtain the plaintext output.
-- * EVP_DecryptUpdate can be called multiple times if necessary
-- */
-- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
-- debug_errors();
-- return -1;
-- };
-- plaintext_len = len;
--
-- {
-- unsigned char *tmp;
--
-- memcpy(&tmp, &tag, sizeof(tmp));
--
-- /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
-- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) {
-- debug_errors();
-- return -1;
-- };
-- }
--
-- /* Finalise the decryption. A positive return value indicates success,
-- * anything else is a failure - the plaintext is not trustworthy.
-- */
-- ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
--
-- /* Clean up */
-- EVP_CIPHER_CTX_free(ctx);
--
-- if (ret < 0) return -1;
--
-- /* Success */
-- plaintext_len += len;
-- return plaintext_len;
--}
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
-deleted file mode 100644
-index b02f2b9083..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
-+++ /dev/null
-@@ -1,39 +0,0 @@
--/*
-- * eap_teap_crypto.h
-- *
-- * Version: $Id$
-- *
-- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--#ifndef _EAP_TEAP_CRYPTO_H
--#define _EAP_TEAP_CRYPTO_H
--
--RCSIDH(eap_teap_crypto_h, "$Id$")
--
--
--int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
-- uint8_t const *aad, size_t aad_len,
-- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
-- uint8_t *tag);
--
--int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
-- uint8_t const *aad, size_t aad_len,
-- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext);
--
--#endif /* _EAP_TEAP_CRYPTO_H */
-diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
-deleted file mode 100644
-index f2e2cc3d40..0000000000
---- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
-+++ /dev/null
-@@ -1,569 +0,0 @@
--/*
-- * rlm_eap_teap.c contains the interfaces that are called from eap
-- *
-- * Version: $Id$
-- *
-- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
-- *
-- * This software may not be redistributed in any form without the prior
-- * written consent of Network RADIUS.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--RCSID("$Id$")
--USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
--
--#include "eap_teap.h"
--
--typedef struct rlm_eap_teap_t {
-- /*
-- * TLS configuration
-- */
-- char const *tls_conf_name;
-- fr_tls_server_conf_t *tls_conf;
--
-- /*
-- * Default tunneled EAP type
-- */
-- char const *default_method_name;
-- int default_method;
--
-- /*
-- * User tunneled EAP type
-- */
-- char const *user_method_name;
--
-- /*
-- * Machine tunneled EAP type
-- */
-- char const *machine_method_name;
--
-- int eap_method[3];
--
--
-- /*
-- * Use the reply attributes from the tunneled session in
-- * the non-tunneled reply to the client.
-- */
-- bool use_tunneled_reply;
--
-- /*
-- * Use SOME of the request attributes from outside of the
-- * tunneled session in the tunneled request
-- */
-- bool copy_request_to_tunnel;
--
-- /*
-- * Do we do require a client cert?
-- */
-- bool req_client_cert;
--
-- char const *authority_identity;
--
-- uint16_t identity_type[2];
--
-- char const *identity_type_name;
--
-- /*
-- * Virtual server for inner tunnel session.
-- */
-- char const *virtual_server;
--} rlm_eap_teap_t;
--
--
--static CONF_PARSER module_config[] = {
-- { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, tls_conf_name), NULL },
-- { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, default_method_name), .dflt = "" },
-- { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, copy_request_to_tunnel), "no" },
-- { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, use_tunneled_reply), "no" },
-- { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, req_client_cert), "no" },
-- { "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_teap_t, authority_identity), NULL },
-- { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, virtual_server), NULL },
-- { "identity_types", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, identity_type_name), NULL },
--
-- { "user_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, user_method_name), .dflt = "" },
-- { "machine_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, machine_method_name), .dflt = "" },
-- CONF_PARSER_TERMINATOR
--};
--
--static const bool allowed[PW_EAP_MAX_TYPES] = {
-- [PW_EAP_SIM] = true,
-- [PW_EAP_TLS] = true,
-- [PW_EAP_MSCHAPV2] = true,
-- [PW_EAP_PWD] = true,
--};
--
--/*
-- * Attach the module.
-- */
--static int mod_instantiate(CONF_SECTION *cs, void **instance)
--{
-- rlm_eap_teap_t *inst;
--
-- *instance = inst = talloc_zero(cs, rlm_eap_teap_t);
-- if (!inst) return -1;
--
-- /*
-- * Parse the configuration attributes.
-- */
-- if (cf_section_parse(cs, inst, module_config) < 0) {
-- return -1;
-- }
--
-- if (!inst->virtual_server) {
-- ERROR("rlm_eap_teap: A 'virtual_server' MUST be defined for security");
-- return -1;
-- }
--
-- /*
-- * Convert the name to an integer, to make it easier to
-- * handle.
-- */
-- if (inst->default_method_name && *inst->default_method_name) {
-- inst->default_method = eap_name2type(inst->default_method_name);
-- if (inst->default_method < 0) {
-- ERROR("rlm_eap_teap: Unknown EAP type %s",
-- inst->default_method_name);
-- return -1;
-- }
-- }
--
-- /*
-- * @todo - allow a special value like 'basic-password', which
-- * means that we propose the Basic-Password-Auth-Req TLV during Phase 2.
-- *
-- * @todo - and then also track the username across
-- * multiple rounds, including some kind of State which
-- * can be used to signal where we are in the negotiation
-- * process.
-- */
-- if (inst->user_method_name && *inst->user_method_name) {
-- int method = eap_name2type(inst->user_method_name);
--
-- if (method < 0) {
-- ERROR("rlm_eap_teap: Unknown User EAP type %s",
-- inst->user_method_name);
-- return -1;
-- }
--
-- if (!allowed[method]) {
-- ERROR("rlm_eap_teap: Invalid User EAP type %s",
-- inst->user_method_name);
-- return -1;
-- }
--
-- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_USER] = method;
-- }
--
-- if (inst->machine_method_name && *inst->machine_method_name) {
-- int method;
--
-- method = eap_name2type(inst->machine_method_name);
-- if (method < 0) {
-- ERROR("rlm_eap_teap: Unknown Machine EAP type %s",
-- inst->machine_method_name);
-- return -1;
-- }
--
-- if (!allowed[method]) {
-- ERROR("rlm_eap_teap: Invalid Machine EAP type %s",
-- inst->machine_method_name);
-- return -1;
-- }
--
-- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_MACHINE] = method;
-- }
--
-- /*
-- * Read tls configuration, either from group given by 'tls'
-- * option, or from the eap-tls configuration.
-- */
-- inst->tls_conf = eaptls_conf_parse(cs, "tls");
--
-- if (!inst->tls_conf) {
-- ERROR("rlm_eap_teap: Failed initializing SSL context");
-- return -1;
-- }
--
-- /*
-- * Parse default identities
-- */
-- if (inst->identity_type_name) {
-- char const *p;
-- int i;
--
-- p = inst->identity_type_name;
-- i = 0;
--
-- while (*p) {
-- while (isspace((uint8_t) *p)) p++;
--
-- if (strncasecmp(p, "user", 4) == 0) {
-- inst->identity_type[i] = 1;
-- p += 4;
--
-- } else if (strncasecmp(p, "machine", 7) == 0) {
-- inst->identity_type[i] = 2;
-- p += 7;
--
-- } else {
-- invalid_identity:
-- cf_log_err_cs(cs, "Invalid value in identity_types = '%s' at %s",
-- inst->identity_type_name, p);
-- return -1;
-- }
--
-- i++;
--
-- while (isspace((uint8_t) *p)) p++;
--
-- /*
-- * We only support two things.
-- */
-- if ((i == 2) && *p) goto invalid_identity;
--
-- if (!*p) break;
--
-- if (*p != ',') goto invalid_identity;
--
-- p++;
-- }
-- }
--
-- return 0;
--}
--
--/*
-- * Allocate the TEAP per-session data
-- */
--static teap_tunnel_t *teap_alloc(TALLOC_CTX *ctx, rlm_eap_teap_t *inst)
--{
-- teap_tunnel_t *t;
--
-- t = talloc_zero(ctx, teap_tunnel_t);
--
-- t->received_version = -1;
-- t->default_method = inst->default_method;
-- memcpy(&t->eap_method, &inst->eap_method, sizeof(t->eap_method));
-- t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
-- t->use_tunneled_reply = inst->use_tunneled_reply;
-- t->virtual_server = inst->virtual_server;
-- return t;
--}
--
--
--/*
-- * Send an initial eap-tls request to the peer, using the libeap functions.
-- */
--static int mod_session_init(void *type_arg, eap_handler_t *handler)
--{
-- int status;
-- tls_session_t *ssn;
-- rlm_eap_teap_t *inst;
-- VALUE_PAIR *vp;
-- bool client_cert;
-- REQUEST *request = handler->request;
--
-- inst = type_arg;
--
-- handler->tls = true;
--
-- if (request->parent) {
-- RWDEBUG("----------------------------------------------------------------------");
-- RWDEBUG("You have configured TEAP to run inside of TEAP. THIS WILL NOT WORK.");
-- RWDEBUG("Supported inner methods for TEAP are EAP-TLS, EAP-MSCHAPv2, and PAP.");
-- RWDEBUG("Other methods may work, but are not actively supported.");
-- RWDEBUG("----------------------------------------------------------------------");
-- }
--
-- /*
-- * Check if we need a client certificate.
-- */
--
-- /*
-- * EAP-TLS-Require-Client-Cert attribute will override
-- * the require_client_cert configuration option.
-- */
-- vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
-- if (vp) {
-- client_cert = vp->vp_integer ? true : false;
-- } else {
-- client_cert = inst->req_client_cert;
-- }
--
-- /*
-- * Disallow TLS 1.3 for now.
-- */
-- ssn = eaptls_session(handler, inst->tls_conf, client_cert, false);
-- if (!ssn) {
-- return 0;
-- }
--
-- handler->opaque = ((void *)ssn);
--
-- /*
-- * As TEAP is a unique special snowflake and wants to use its
-- * own rolling MSK for MPPE we we set the label to NULL so in that
-- * eaptls_gen_mppe_keys() is NOT called in eaptls_success.
-- */
-- ssn->label = NULL;
--
-- /*
-- * Really just protocol version.
-- */
-- ssn->peap_flag = EAP_TEAP_VERSION;
--
-- /*
-- * hostapd's wpa_supplicant gets upset if we include all the
-- * S+L+O flags but is happy with S+O (TLS payload is zero bytes
-- * for S anyway) - FIXME not true for early-data TLSv1.3!
-- */
-- ssn->length_flag = false;
--
-- vp = fr_pair_make(ssn, NULL, "FreeRADIUS-EAP-TEAP-Authority-ID", inst->authority_identity, T_OP_EQ);
-- fr_pair_add(&ssn->outer_tlvs_server, vp);
--
-- /*
-- * Be nice about identity types.
-- */
-- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
-- if (vp) {
-- RDEBUG("Found &session-state:FreeRADIUS-EAP-TEAP-Identity-Type, not setting from configuration");
--
-- } else if (!inst->identity_type[0]) {
-- RWDEBUG("No &session-state:FreeRADIUS-EAP-TEAP-Identity-Type was found.");
-- RWDEBUG("No 'identity_types' was set in the configuration. TEAP will likely not work.");
--
-- } else {
-- teap_tunnel_t *t;
--
-- fr_assert(ssn->opaque == NULL);
--
-- ssn->opaque = teap_alloc(ssn, inst);
-- t = (teap_tunnel_t *) ssn->opaque;
--
-- /*
-- * We automatically add &session-state:FreeRADIUS-EAP-TEAP-Identity-Type
-- * to control the flow.
-- */
-- t->auto_chain = true;
--
-- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_SET);
-- if (vp) {
-- vp->vp_short = inst->identity_type[0];
-- RDEBUG("Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = %s",
-- (vp->vp_short == 1) ? "User" : "Machine");
--
-- t->auths[vp->vp_short].required = true;
-- }
--
-- if (inst->identity_type[1]) {
-- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_ADD);
-- if (vp) {
-- vp->vp_short = inst->identity_type[1];
-- RDEBUG("Followed by &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
-- (vp->vp_short == 1) ? "User" : "Machine");
--
-- t->auths[vp->vp_short].required = true;
-- }
-- }
-- }
--
-- /*
-- * TLS session initialization is over. Now handle TLS
-- * related handshaking or application data.
-- */
-- status = eaptls_request(handler->eap_ds, ssn, true);
-- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
-- REDEBUG("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
-- } else {
-- RDEBUG3("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
-- }
-- if (status == 0) return 0;
--
-- /*
-- * The next stage to process the packet.
-- */
-- handler->stage = PROCESS;
--
-- return 1;
--}
--
--
--/*
-- * Do authentication, by letting EAP-TLS do most of the work.
-- */
--static int mod_process(void *arg, eap_handler_t *handler)
--{
-- int rcode;
-- int ret = 0;
-- fr_tls_status_t status;
-- rlm_eap_teap_t *inst = (rlm_eap_teap_t *) arg;
-- tls_session_t *tls_session = (tls_session_t *) handler->opaque;
-- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
-- REQUEST *request = handler->request;
--
-- RDEBUG2("Authenticate");
--
-- /*
-- * Process TLS layer until done.
-- */
-- status = eaptls_process(handler);
-- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
-- REDEBUG("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
-- } else {
-- RDEBUG3("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
-- }
--
-- /*
-- * Make request available to any SSL callbacks
-- */
-- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request);
-- switch (status) {
-- /*
-- * EAP-TLS handshake was successful, tell the
-- * client to keep talking.
-- *
-- * If this was EAP-TLS, we would just return
-- * an EAP-TLS-Success packet here.
-- */
-- case FR_TLS_SUCCESS:
-- if (SSL_session_reused(tls_session->ssl)) {
-- RDEBUG("Skipping Phase2 due to session resumption");
-- goto do_keys;
-- }
--
-- if (t && t->authenticated) {
-- if (t->accept_vps) {
-- RDEBUG2("Using saved attributes from the original Access-Accept");
-- rdebug_pair_list(L_DBG_LVL_2, request, t->accept_vps, NULL);
-- fr_pair_list_mcopy_by_num(handler->request->reply,
-- &handler->request->reply->vps,
-- &t->accept_vps, 0, 0, TAG_ANY);
-- } else if (t->use_tunneled_reply) {
-- RDEBUG2("No saved attributes in the original Access-Accept");
-- }
--
-- do_keys:
-- /*
-- * Success: Automatically return MPPE keys.
-- */
-- ret = eaptls_success(handler, 0);
-- goto done;
-- }
-- goto phase2;
--
-- /*
-- * The TLS code is still working on the TLS
-- * exchange, and it's a valid TLS request.
-- * do nothing.
-- */
-- case FR_TLS_HANDLED:
-- ret = 1;
-- goto done;
--
-- /*
-- * Handshake is done, proceed with decoding tunneled
-- * data.
-- */
-- case FR_TLS_OK:
-- break;
--
-- /*
-- * Anything else: fail.
-- */
-- default:
-- ret = 0;
-- goto done;
-- }
--
--phase2:
-- /*
-- * Session is established, proceed with decoding
-- * tunneled data.
-- */
-- RDEBUG2("Session established. Proceeding to decode tunneled attributes");
--
-- /*
-- * We may need TEAP data associated with the session, so
-- * allocate it here, if it wasn't already alloacted.
-- */
-- if (!tls_session->opaque) {
-- tls_session->opaque = teap_alloc(tls_session, inst);
-- t = (teap_tunnel_t *) tls_session->opaque;
-- }
--
-- if (t->received_version < 0) {
-- t->received_version = handler->eap_ds->response->type.data[0] & 0x07;
--
-- /*
-- * We only support TEAPv1.
-- */
-- if (t->received_version != EAP_TEAP_VERSION) {
-- RDEBUG("Invalid TEAP version received. Expected 1, got %u", t->received_version);
-- goto fail;
-- }
-- }
--
-- /*
-- * Process the TEAP portion of the request.
-- */
-- rcode = eap_teap_process(handler, tls_session);
-- switch (rcode) {
-- case PW_CODE_ACCESS_REJECT:
-- fail:
-- eaptls_fail(handler, 0);
-- ret = 0;
-- goto done;
--
-- /*
-- * Access-Challenge, continue tunneled conversation.
-- */
-- case PW_CODE_ACCESS_CHALLENGE:
-- eaptls_request(handler->eap_ds, tls_session, false);
-- ret = 1;
-- goto done;
--
-- /*
-- * Success: Automatically return MPPE keys.
-- */
-- case PW_CODE_ACCESS_ACCEPT:
-- goto do_keys;
--
-- default:
-- break;
-- }
--
-- /*
-- * Something we don't understand: Reject it.
-- */
-- eaptls_fail(handler, 0);
--
--done:
-- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL);
--
-- return ret;
--}
--
--/*
-- * The module name should be the only globally exported symbol.
-- * That is, everything else should be 'static'.
-- */
--extern rlm_eap_module_t rlm_eap_teap;
--rlm_eap_module_t rlm_eap_teap = {
-- .name = "eap_teap",
-- .instantiate = mod_instantiate, /* Create new submodule instance */
-- .session_init = mod_session_init, /* Initialise a new EAP session */
-- .process = mod_process /* Process next round of EAP method */
--};
-2.34.1
-
new file mode 100644
@@ -0,0 +1,52 @@
+From a46e81a7764b57983ce6724524f745a06222dc0a Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Tue, 28 Oct 2025 11:33:44 -0400
+Subject: [PATCH] update license
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/a46e81a7764b57983ce6724524f745a06222dc0a]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ .../rlm_proxy_rate_limit.c | 25 ++++++++-----------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c b/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c
+index 744b14a448..a855273784 100644
+--- a/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c
++++ b/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c
+@@ -1,20 +1,17 @@
+ /*
+- * Copyright (C) 2024 Network RADIUS SAS (legal@networkradius.com)
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ /**
+--
+2.43.0
+
new file mode 100644
@@ -0,0 +1,101 @@
+From d00440f3290871aef667f80e15f256c64f9b7cd6 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Wed, 29 Oct 2025 09:45:17 -0400
+Subject: [PATCH] update license
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/d00440f3290871aef667f80e15f256c64f9b7cd6]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ .../types/rlm_eap_teap/eap_teap_crypto.c | 30 +++++++------------
+ .../types/rlm_eap_teap/eap_teap_crypto.h | 30 +++++++------------
+ 2 files changed, 22 insertions(+), 38 deletions(-)
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
+index 17f49f9dfc..aaa74837a9 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
+@@ -1,26 +1,18 @@
+ /*
+- * teap-crypto.c Cryptographic functions for EAP-TEAP.
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * Version: $Id$
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+-
+ RCSID("$Id$")
+ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
+index b02f2b9083..f9403dcf93 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
+@@ -1,26 +1,18 @@
+ /*
+- * eap_teap_crypto.h
++ * This program is is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or (at
++ * your option) any later version.
+ *
+- * Version: $Id$
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+-
+ #ifndef _EAP_TEAP_CRYPTO_H
+ #define _EAP_TEAP_CRYPTO_H
+
+--
+2.43.0
+
similarity index 97%
rename from meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
rename to meta-networking/recipes-connectivity/freeradius/freeradius_3.2.8.bb
@@ -37,13 +37,14 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
file://0015-bootstrap-check-commands-of-openssl-exist.patch \
file://0016-version.c-don-t-print-build-flags.patch \
file://0017-Add-acinclude.m4-to-include-required-macros.patch \
- file://0018-Fix-Service-start-error.patch \
- file://0019-freeradius-Remove-files-which-have-license-issues.patch \
+ file://0018-update-license-1.patch \
+ file://0019-update-license-2.patch \
+ file://0020-update-license-3.patch \
"
raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
-SRCREV = "694a97dddbdd26423504afe7c530e8e1502b7354"
+SRCREV = "032be31bb52646171099617928ec1703335bcf73"
UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)"
@@ -84,7 +85,6 @@ EXTRA_OECONF = " --enable-strict-dependencies \
--without-rlm_securid \
--without-rlm_unbound \
--without-rlm_python \
- --without-rlm_eap_teap \
ac_cv_path_PERL=${bindir}/perl \
ax_cv_cc_builtin_choose_expr=no \
ax_cv_cc_builtin_types_compatible_p=no \
@@ -113,6 +113,7 @@ PACKAGECONFIG[ruby] = "--with-rlm_ruby,--without-rlm_ruby,ruby"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl"
PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast"
PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd"
+PACKAGECONFIG[kafka] = "--with-rlm_kafka, --without-rlm_kafka, librdkafka"
inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header
ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_8 * Add PACKAGECONFIG[kafka] * Drop backport patch 0018-Fix-Service-start-error.patch * Refresh 0013-raddb-certs-Makefile-fix-the-occasional-verification.patch * Drop 0019-freeradius-Remove-files-which-have-license-issues.patch and backport upstream patches to fix license issue[1]. [1] https://github.com/FreeRADIUS/freeradius-server/issues/5664 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- ...file-fix-the-occasional-verification.patch | 20 +- .../files/0018-Fix-Service-start-error.patch | 33 - .../files/0018-update-license-1.patch | 175 + ...move-files-which-have-license-issues.patch | 8491 ----------------- .../files/0019-update-license-2.patch | 52 + .../files/0020-update-license-3.patch | 101 + ...reeradius_3.2.7.bb => freeradius_3.2.8.bb} | 9 +- 7 files changed, 345 insertions(+), 8536 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-update-license-1.patch delete mode 100644 meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0019-update-license-2.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0020-update-license-3.patch rename meta-networking/recipes-connectivity/freeradius/{freeradius_3.2.7.bb => freeradius_3.2.8.bb} (97%)