From patchwork Wed Oct 29 15:31:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 73300 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22A5ECCF9EB for ; Wed, 29 Oct 2025 15:31:49 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web01.8625.1761751898381306728 for ; Wed, 29 Oct 2025 08:31:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=qS5IgG8n; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=33978d3554=yi.zhao@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 59T5obIL2017179 for ; Wed, 29 Oct 2025 15:31:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=cc:content-transfer-encoding:content-type:date:from :message-id:mime-version:subject:to; s=PPS06212021; bh=hYkJCjQip ToF4LtqhRRPWQVrIe+oXX4/M2kiGu4r4W0=; b=qS5IgG8nrj20M6XPBO328Ulc5 KvxOVjtrVDOCS9bn93lezmfRTeRDI0PHfZCUq0rjB32vLwXDo6Ro9GQ8hIG1XVfk leH9/KTupTSo9AEX9apgbcmqToJ1ExgxO0RzsxYJmBwKs6I3uTelqC330nm7qEjZ qUkqyekit/NnyQAQCoZf9ydk4qKlDPuUukUJYVnYCnvXqt6lPbti9qxRlLuGjAX4 g5DhOtDCy0am6h2Djwq7+57cz8JLwH6alfHVRpVTQlJl1ioE81W/WvQ8xi6dMTn4 w+0LmFubtSsR1DgqR099XcryY0ARtMYYPOs40lgOjfw5CKpD3cOJ5g1WQcAnQ== Received: from byapr05cu005.outbound.protection.outlook.com (mail-westusazon11010029.outbound.protection.outlook.com [52.101.85.29]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4a348bh06u-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Wed, 29 Oct 2025 15:31:36 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=E5qqXt66lGtJXUA2Eq8apY3t88nG7XHfHTkBDTWn5nYWEVrBmGakDLxFq5P59gyF1y/nS+Eq8+LZvHd0r48QQye9Xakk2FV9JeG6vntHbo/NrxrluW3Gqf3STupKHA+jqsjm4MKs9r0HiH82kWmoUp0l19L55+nStucsOk+bzmRGXYllkOAbDESdZb0x5n2Z3KoWmK5Y3wls//5zBlOTa1iZF7VqYwIfk3etu3DS52EZPznujWUWNsPMI/zBxYeaS+eF8gDj1nCIucLgoHIuSBCzwNHEoUCvRb+1wTr7JUMzfuh2ifaLgB7+Bpk0U+GaTVXsXupKh+CyWQTD9P0HeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hYkJCjQipToF4LtqhRRPWQVrIe+oXX4/M2kiGu4r4W0=; b=LCdX2cDScm2q2OYulIfA2jISzdFNkS4Cxq6TAbuXUasFMMAmwRwmxuDcFtHsxUmFcPwCFXoBvgFouRix6wnwB34H0NoBHtZxwPOu20dtGKDgzOWDXwirqKrj8ISjV6H+/7gksUboGCFujLXRYBAXRZGM7jY4vQh/GV3eaMGfMJq4U0hjJhP5cqq8MArxONh7wT4eE5QJMbAZIAtlYkWNPbrzWmkiLfm+wu9cRDTmDf5VdwyESPvycDnEyL6G9PHjNBLjcrWMROJTg2QuoeV/lXZMcr0Mr3C+c3oKMSsC8Ur1Zac5ptZ3QxXe0P1NrmkO0RG4VoNf7InjrXkgsS8TVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by SA1PR11MB8349.namprd11.prod.outlook.com (2603:10b6:806:383::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.13; Wed, 29 Oct 2025 15:31:30 +0000 Received: from DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad%3]) with mapi id 15.20.9275.013; Wed, 29 Oct 2025 15:31:30 +0000 From: Yi Zhao To: openembedded-devel@lists.openembedded.org Cc: libo.chen.cn@windriver.com Subject: [meta-networking][PATCH] freeradius: upgrade 3.2.7 -> 3.2.8 Date: Wed, 29 Oct 2025 23:31:12 +0800 Message-Id: <20251029153112.764459-1-yi.zhao@windriver.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: TYWPR01CA0047.jpnprd01.prod.outlook.com (2603:1096:400:17f::12) To DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|SA1PR11MB8349:EE_ X-MS-Office365-Filtering-Correlation-Id: 1a4671e2-be12-48b8-1f67-08de170039fe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|366016|1800799024|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: IrLgzqni2zjCOvsVytFwC3dDa7oAXfLytea8zmoDbX8BsbJ2nW/jD7khG89g4nUAO6nU8FEWqbSBP6wM0vcJj9kXjxyS2bzyLynyptUBbrv692YGtoqw6vVNpUSEWD7i2JwiToF+kPg9zywYEwOr/MjgWPyv7FhishI2VM87LfGCtQcHVxAa5nbU4xq8JlPnu2ReTCjoKy1RC9KYeLwvBv43r0yxLW7UaaX4yxiTlcvWwCzMLGK/6Y+XypPpKJYJIv+Pn1+pQPF7tzlb9QPuJx1xuo6GIgKqMTQ9C0klotsZ1KtIWRp/b6QgMIX20YbE4Z9zThKO/+uwHz8/yYOEEv7PMKFIJ/50pDpU5EBnadqDDy5TLweFXPdkK7XWAUqZu/zRVoZgCfcfT5XDJ79rfNZXQAmQoWARuyMWXtklJVCUslBsCChhViFXBlzriH4/ZnYi64ar2wVcmLiJ0nFbjbAd/YS8Vb8Im0Kh1Nlgp2gTGPGZdHPNLeSyv4zcryT7JUFgdNvf5INZZ6MYCiLWABz3M2PIvsMdY3ep6L3upCXCxEMfqhCEyIev/g/+z3Odb9zZTH8XQD3ROAu8mzEQQ3KIKG8LeIhnNPrXzuo09N5tbG2Khcz9o9MIfGRyAPHUsnB6Bn2iF3rZZTBV72jhCSTBQhKKLj1zD2Jq8voFIfJk1OcRKRrBCHkwKqx1hfVoJq1uy0PJdwpjSpXQHAcLqLnhqnpoBNL+eCsZYPbTkXrAf9TEYvcnb8yNP54AZZLCzhv1OmHdDjUjkkGtve3mr7N+Mqv7PO2DYbLcnJrlkCfEa19vEVF8uZjZjZH8REoPqxM9fBAYOBw4Y/e/8z2MzLMgCcN5DbcIeI8hvFQ+tP9n84wBiEsv8Y9S6XAlDndgnIoLlju5d14RWki9/PycoXhLCNhxnPTI4twH3ulgFjz3yBHlEmLxL4ErFYZBsD6wj2JKOAJ40FZLcOOoD/3riyaq2E/gQ//ethDY4v5llpSSrlErUB22zKUppXj9p+P6zvoYHlAiL06yBIwG81WGQ7E1TAUbcXYZwk28gZUswOX1256XAYyR8t1nG20aQTqemysqkHiQZJh6ej9dDLWpQEErphXuMpIANDRkSDq2qxkwkh/Rc8jgdS0lAV7WVpMcpyWAjqyIKRXl54D5m694DfdnzjCaURfBm4p8f9fIZo+Vd69NXRxuFNXA/1AdyxQ7YbAh6rBrmaa9Uda0VdgXV6LZUgRyKE5gi1hjGaOqRByPEOuUsMM1wTQJqfRADRxDSzH7bjAQnQwBqoUI3F7cjSlEtX8l4phoumlF4cjW4YqY8Gm4SGEx6WVLMTcTmy1MVMCy350W7JZT+tZetAi+jesaTwXURVqQ6G4PeCD1/J1rWzE5hwYfy+m48gHtAZ7/O6pdSEQIe3kR4yCFfbdMgYltcdIYgNxKLzxIjkeiR5OZu7UKO/+wKcAj3VYFBC7pT9hwyOsMlDvEgfsnCTUua+Z/vNh8qrQjyyPaSMuAlAagt74TF/iYu9qLeDmXIzs2D3yD9UDeUbXKsVbuGNaLqA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(366016)(1800799024)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 05DhUiqIRlDyF7LFwuvFBcTLcO/x2KXLnfUb0/bG9TJhNstD5YyUAPNfffMdk/nwSiyciBskuUf2y/lMW94elE5wmSvjrwvvOhqA70Bt1phQpi1duKBY0cWNLoDCnw/1ismfelO8rcTEMVKh8kdwr7LvfXJDgAoHZUEXhX2DFVq1vOE0QDpX4xQz8RhUs8mWpeAIQH3sSEgmrW7nlHvsEcG5eQjI51KGRxI6jOMsV6HbOiFQ+x4qGjJjmpcstOrpdS00UCkMQtRrZzYM7RBQOYx4hBh7BSmh7n89oTlqD92GMJaDYlcpUgCCkgPUb9RE9nvRj+TJEsZkRtRniRzlwTfVWUogn/D75QzuI34kXz5gCP7kMz2BOyqUyEvTmOHBQhWiOUSNGcjEirQVxy0jfkYNjWm2kU0o4gWJuOTtlibVDC6AniSjfERrl1+O9dkW0wz6QnAM4C7fxaF96D/AEw/RhweBMMsaR2bTzJ+HdxUtBLjw1x40rl4Fn/jhxYwemIq374/XzqSGWhxaC1guDljK4KLZOFPRv38TGWnH/822K+Ov41hIOKvr+W7y5JzpWNT2rNnl86U8umTHbI2f/UcMBNrOhYk1WJPwA52CDrwVXR3bMTDeGbjXwwOGQkhJNjmYvUenbMqZt3mDW8Q6UPE55MUCgpgMWxSO7ScbJcdSIbYdUWPsJQy0J1ZFmRzde23TpHKYKwSnoCGcgb5wRDiW5/cAeGd55AHR/49uLakwXLDUUjM3z+39/pycZnUMTw74WfhmItl4K70CopCsh33QZiz2266jU6U52ZjNW/NEEMLz+Pr6NmioYhcCMY/ReqJk+Q/ZwCUIGCJ4AIX0GPVJCoe6FrJeAeDCNjGcbvDlH6C2eUdIZ1ni3tK4QMgchz/1W4ZbYKYh09KsWZ+jPSZIzCwEokT9dezK5CXJihuS03FdpwuV19l2sQBwHK1AmKeL0sIUswjnTzVTfVxXXLPMRRXSvqpm2bwHo6zc4SCTzHWCWgS8q/c0U7FgiP1DFxXJRjFAcLAg6EWRZ0d3M57J9MuiKQ15U1zeGs6bHQxi3qwiV4l+HqEAmf2HeyqKT1kI05ZHig6UoD9aH4WdyzctwXL+/fBrgzjawsBr7ySqf9wxziBmBAIpY9to6hESx6snA+qS9RX9SlK64ju6+9MNYQGA50f9kKRTQ88Ba9rljxeZLGyv5A1yh/hwxm3oXPKRF5KORVeeNgL91OXpXcRx9+2rP7OsSsdqzoDdHqHU+NPuH9Ib/a2pP6+522QqiNInhdyvRU/oXxo6PWVl2E3wjiGOdT+nqSSUk9OA3WXaBJYeQoRo2wx7m4S6Iso0QvBrVzAK4RzJ8v35Z6ZYHgyLvOIFlmCTRygkU1fFD9iaO9eQa6HYnLOCotkfx2+Mluao7npz0CWHHiLJNz/1JIKxw0odGZOwY6/j84AQnKiX23rqMUadefylUqSBynmrtV0JegrmxFd+LE4EfDJIGF/O+ZezQH8OhPRb9AdaZORVeLZFN0TaiD+b8wJIaS7i/oseufQ5XdqO3yKx7MfTG8oTmNYJOj1sngu0grdPtFxRnZIQvlg4NhTPIioedlKd X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a4671e2-be12-48b8-1f67-08de170039fe X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2025 15:31:29.7160 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZxGutZDUFBIoRs70J6baNeRmjylOyx1Cs8CEflBEkZxnOJT4wl9AEx9QB8TjfkOkAOgznBEw/jpE9UcnX6RzrA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8349 X-Proofpoint-ORIG-GUID: 8PSArtOAQMKPCBhZ-jYnOhfBNsvN76wr X-Proofpoint-GUID: 8PSArtOAQMKPCBhZ-jYnOhfBNsvN76wr X-Authority-Analysis: v=2.4 cv=UrRu9uwB c=1 sm=1 tr=0 ts=69023359 cx=c_pps a=wUQTFLLo3/oASVCpA6ZfNQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=NEAV23lmAAAA:8 a=48vgC7mUAAAA:8 a=Ntg_Zx-WAAAA:8 a=t7CeM3EgAAAA:8 a=omOdbC7AAAAA:8 a=FcTRRU_JAAAA:8 a=07Z4HDr4AAAA:8 a=mDV3o1hIAAAA:8 a=p1CNQN_dAAAA:8 a=DDrbVf-cYL5ediAWGAUA:9 a=urDlI_Dnn96BA8jB:21 a=3ZKOabzyN94A:10 a=RUfouJl5KNV7104ufCm4:22 a=FdTzh2GWekK77mhwV6Dw:22 a=24chkg8mTlgNITX-x-SQ:22 a=9HVVtDUExptghyUDL4SE:22 a=zElt8iOCMTxcIE1qDC9U:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI5MDEyMSBTYWx0ZWRfX3c0S3ltBPkri bnllsQR1sSivH6BZXwwcl92k+yhUl1LiNcf3xAZk554y2fEJXMPL+Mser9j7cSzm1gInNuCu87a R9APdVbT4EWH1kAiMfA21XihX+aKocBGUIMy2pYf1d3yyQAODnjGm4MTsBx5RBUYvjbIL+Dsz3v bPNIWHeJBOF822lJ6bfR5PWBwXSXiQYqqsasbfoqS3xPOuFREDk8XhHThEKYGmWLwQ5nT2daipK +Lh8xZo0L2qXZViVWa70KPPzjE+jBKEt/s8ej9TPu8SVD3ogWfrvru/cy56/9mtwA+KmEwM5ehd 4qZcy2r5JlQo4YEJPFtjwmqnUYMHmJn1U82I+dQecMHP1SGZaWQ2klzghDy5g1FKlaXI25abRzO S1omHyJiE07ehvq4qP5cvuiy2elgiA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-10-29_06,2025-10-29_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 impostorscore=0 priorityscore=1501 clxscore=1015 bulkscore=0 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510240001 definitions=main-2510290121 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 15:31:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121158 ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_8 * Add PACKAGECONFIG[kafka] * Drop backport patch 0018-Fix-Service-start-error.patch * Refresh 0013-raddb-certs-Makefile-fix-the-occasional-verification.patch * Drop 0019-freeradius-Remove-files-which-have-license-issues.patch and backport upstream patches to fix license issue[1]. [1] https://github.com/FreeRADIUS/freeradius-server/issues/5664 Signed-off-by: Yi Zhao --- ...file-fix-the-occasional-verification.patch | 20 +- .../files/0018-Fix-Service-start-error.patch | 33 - .../files/0018-update-license-1.patch | 175 + ...move-files-which-have-license-issues.patch | 8491 ----------------- .../files/0019-update-license-2.patch | 52 + .../files/0020-update-license-3.patch | 101 + ...reeradius_3.2.7.bb => freeradius_3.2.8.bb} | 9 +- 7 files changed, 345 insertions(+), 8536 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-update-license-1.patch delete mode 100644 meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0019-update-license-2.patch create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0020-update-license-3.patch rename meta-networking/recipes-connectivity/freeradius/{freeradius_3.2.7.bb => freeradius_3.2.8.bb} (97%) diff --git a/meta-networking/recipes-connectivity/freeradius/files/0013-raddb-certs-Makefile-fix-the-occasional-verification.patch b/meta-networking/recipes-connectivity/freeradius/files/0013-raddb-certs-Makefile-fix-the-occasional-verification.patch index cf05efef30..63150fa9db 100644 --- a/meta-networking/recipes-connectivity/freeradius/files/0013-raddb-certs-Makefile-fix-the-occasional-verification.patch +++ b/meta-networking/recipes-connectivity/freeradius/files/0013-raddb-certs-Makefile-fix-the-occasional-verification.patch @@ -1,4 +1,4 @@ -From 38cbab566143b9e002ee24a1f08a52ec74186eca Mon Sep 17 00:00:00 2001 +From 7ac812c9ba377ba7c40348ea757086c5c01c04df Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Wed, 5 Aug 2020 07:23:11 +0000 Subject: [PATCH] raddb/certs/Makefile: fix the occasional verification failure @@ -25,11 +25,11 @@ Upstream-Status: Pending Signed-off-by: Mingli Yu --- - raddb/certs/Makefile | 30 +++++++++++++++--------------- - 1 file changed, 15 insertions(+), 15 deletions(-) + raddb/certs/Makefile | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile -index cae939668e..52ae65755f 100644 +index a2f49f72c9..88874309f7 100644 --- a/raddb/certs/Makefile +++ b/raddb/certs/Makefile @@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf @@ -63,7 +63,7 @@ index cae939668e..52ae65755f 100644 rm ca-crl.pem ###################################################################### -@@ -88,18 +88,18 @@ ca.crl: ca.pem +@@ -88,21 +88,21 @@ ca.crl: ca.pem # ###################################################################### server.csr server.key: server.cnf @@ -79,13 +79,17 @@ index cae939668e..52ae65755f 100644 + @[ -f server.p12 ] || $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) chmod g+r server.p12 + server.der: server.pem +- $(OPENSSL) x509 -inform PEM -outform DER -in server.pem -out server.der ++ @[ -f server.der ] || $(OPENSSL) x509 -inform PEM -outform DER -in server.pem -out server.der + server.pem: server.p12 - $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) + @[ -f server.pem ] || $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) chmod g+r server.pem .PHONY: server.vrfy -@@ -113,19 +113,19 @@ server.vrfy: ca.pem +@@ -116,19 +116,19 @@ server.vrfy: ca.pem # ###################################################################### client.csr client.key: client.cnf @@ -108,7 +112,7 @@ index cae939668e..52ae65755f 100644 chmod g+r client.pem cp client.pem $(USER_NAME).pem -@@ -140,18 +140,18 @@ client.vrfy: ca.pem client.pem +@@ -143,18 +143,18 @@ client.vrfy: ca.pem client.pem # ###################################################################### inner-server.csr inner-server.key: inner-server.cnf @@ -132,5 +136,5 @@ index cae939668e..52ae65755f 100644 .PHONY: inner-server.vrfy -- -2.25.1 +2.34.1 diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch deleted file mode 100644 index f1ec181bc1..0000000000 --- a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001 -From: Liu Yiding -Date: Sat, 20 Sep 2025 06:50:17 +0000 -Subject: [PATCH] Fix Service start error - -change "fips=no" to "-fips" -based on discussions with the OpenSSL developers in -https://github.com/FreeRADIUS/freeradius-server/issues/5631 - -Upstream-Status: Backport -https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315 - -Signed-off-by: Liu Yiding ---- - src/main/tls.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/main/tls.c b/src/main/tls.c -index 2a348eb9bb..02a4c24f70 100644 ---- a/src/main/tls.c -+++ b/src/main/tls.c -@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check) - CONF_modules_load_file(NULL, NULL, 0); - - #if OPENSSL_VERSION_NUMBER >= 0x30000000L -- EVP_set_default_properties(NULL, "fips=no"); -+ EVP_set_default_properties(NULL, "-fips"); - #endif - - /* --- -2.43.0 - diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-update-license-1.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-update-license-1.patch new file mode 100644 index 0000000000..8647c389ab --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0018-update-license-1.patch @@ -0,0 +1,175 @@ +From 82d874c638c80fbbf1eca7c51aca095fbbf40024 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Mon, 27 Oct 2025 06:31:22 -0400 +Subject: [PATCH] update license + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/82d874c638c80fbbf1eca7c51aca095fbbf40024] + +Signed-off-by: Yi Zhao +--- + src/modules/rlm_dpsk/rlm_dpsk.c | 25 +++++++--------- + .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 29 +++++++------------ + .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 29 +++++++------------ + .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 29 +++++++------------ + 4 files changed, 44 insertions(+), 68 deletions(-) + +diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c +index 4b818d08a5..aa07415540 100644 +--- a/src/modules/rlm_dpsk/rlm_dpsk.c ++++ b/src/modules/rlm_dpsk/rlm_dpsk.c +@@ -1,20 +1,17 @@ + /* +- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com) ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + + /** +diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c +index 20646c5ba1..33512788c2 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c ++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c +@@ -1,24 +1,17 @@ + /* +- * eap_teap.c contains the interfaces that are called from the main handler ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * Version: $Id$ ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * Copyright (C) 2022 Network RADIUS SARL +- * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + + RCSID("$Id$") +diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h +index 59f7835a26..69f4b1ebba 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h ++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h +@@ -1,24 +1,17 @@ + /* +- * eap_teap.h ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * Version: $Id$ ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * Copyright (C) 2022 Network RADIUS SARL +- * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + #ifndef _EAP_TEAP_H + #define _EAP_TEAP_H +diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c +index fcf9717257..13c709b287 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c ++++ b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c +@@ -1,24 +1,17 @@ + /* +- * rlm_eap_teap.c contains the interfaces that are called from eap ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * Version: $Id$ ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * Copyright (C) 2022 Network RADIUS SARL +- * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + + RCSID("$Id$") +-- +2.43.0 + diff --git a/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch b/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch deleted file mode 100644 index 50fa25e406..0000000000 --- a/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch +++ /dev/null @@ -1,8491 +0,0 @@ -From c8c36d7bd8aad1dae6a1e6eb8dd8429b837ea035 Mon Sep 17 00:00:00 2001 -From: Libo Chen -Date: Fri, 24 Oct 2025 12:12:10 +0800 -Subject: [PATCH] freeradius: Remove files which have license issues - -remove the following files which have the following license: - -Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com) - -This software may not be redistributed in any form without the prior -written consent of Network RADIUS. - -src/modules/rlm_dpsk/rlm_dpsk.c -src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h -src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c -src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c -src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h -src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c - -Upstream-Status: Pending - -Signed-off-by: Libo Chen ---- - src/modules/rlm_dpsk/all.mk | 10 - - src/modules/rlm_dpsk/rlm_dpsk.c | 955 ---- - .../rlm_eap/types/rlm_eap_teap/.gitignore | 1 - - .../rlm_eap/types/rlm_eap_teap/all.mk.in | 12 - - .../rlm_eap/types/rlm_eap_teap/configure | 4512 ----------------- - .../rlm_eap/types/rlm_eap_teap/configure.ac | 86 - - .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 1817 ------- - .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 176 - - .../types/rlm_eap_teap/eap_teap_crypto.c | 198 - - .../types/rlm_eap_teap/eap_teap_crypto.h | 39 - - .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 569 --- - 11 files changed, 8375 deletions(-) - delete mode 100644 src/modules/rlm_dpsk/all.mk - delete mode 100644 src/modules/rlm_dpsk/rlm_dpsk.c - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/.gitignore - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in - delete mode 100755 src/modules/rlm_eap/types/rlm_eap_teap/configure - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/configure.ac - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h - delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c - -diff --git a/src/modules/rlm_dpsk/all.mk b/src/modules/rlm_dpsk/all.mk -deleted file mode 100644 -index 8da247565b..0000000000 ---- a/src/modules/rlm_dpsk/all.mk -+++ /dev/null -@@ -1,10 +0,0 @@ --TARGETNAME := rlm_dpsk -- --ifneq "$(OPENSSL_LIBS)" "" --TARGET := $(TARGETNAME).a --endif -- --SOURCES := $(TARGETNAME).c -- --SRC_CFLAGS := --TGT_LDLIBS := -diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c -deleted file mode 100644 -index 35773056b3..0000000000 ---- a/src/modules/rlm_dpsk/rlm_dpsk.c -+++ /dev/null -@@ -1,955 +0,0 @@ --/* -- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com) -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --/** -- * $Id$ -- * @file rlm_dpsk.c -- * @brief Dynamic PSK for WiFi -- * -- * @copyright 2023 Network RADIUS SAS (legal@networkradius.com) -- */ --RCSID("$Id$") -- --#include --#include --#include --#include -- --#include --#include --#include -- --#include -- --#define PW_FREERADIUS_8021X_ANONCE (1) --#define PW_FREERADIUS_8021X_EAPOL_KEY_MSG (2) -- --#define VENDORPEC_FREERADIUS_EVS5 ((((uint32_t) 245) << 24) | VENDORPEC_FREERADIUS) -- --#define VENDORPEC_RUCKUS (25053) --#define PW_RUCKUS_BSSID (14) --#define PW_RUCKUS_DPSK_PARAMS (152) -- --//#define PW_RUCKUS_DPSK_CIPHER (PW_RUCKUS_DPSK_PARAMS | (2 << 8)) --#define PW_RUCKUS_DPSK_ANONCE (PW_RUCKUS_DPSK_PARAMS | (3 << 8)) --#define PW_RUCKUS_DPSK_EAPOL_KEY_FRAME (PW_RUCKUS_DPSK_PARAMS | (4 << 8)) -- -- --/* -- Header: 02030075 -- -- descriptor 02 -- information 010a -- length 0010 -- replay counter 000000000000001 -- snonce c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b -- IV 0000000000000000000000000000000 -- rsc 0000000000000000 -- reserved 0000000000000000 -- mic 35cddcedad0dfb6a12a2eca55c17c323 -- data length 0016 -- data 30140100000fac040100000fac040100000fac028c00 -- -- 30 -- 14 length of data -- 01 ... --*/ -- --typedef struct eapol_key_frame_t { -- uint8_t descriptor; // message number 2 -- uint16_t information; // -- uint16_t length; // always 0010, for 16 octers -- uint8_t replay_counter[8]; // usually "1" -- uint8_t nonce[32]; // random token -- uint8_t iv[16]; // zeroes -- uint8_t rsc[8]; // zeros -- uint8_t reserved[8]; // zeroes -- uint8_t mic[16]; // calculated data -- uint16_t data_len; // various other things we don't need. --// uint8_t data[]; --} CC_HINT(__packed__) eapol_key_frame_t; -- --typedef struct eapol_attr_t { -- uint8_t header[4]; // 02030075 -- eapol_key_frame_t frame; --} CC_HINT(__packed__) eapol_attr_t; -- --#ifdef HAVE_PTHREAD_H --#define PTHREAD_MUTEX_LOCK pthread_mutex_lock --#define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock --#else --#define PTHREAD_MUTEX_LOCK(_x) --#define PTHREAD_MUTEX_UNLOCK(_x) --#endif -- --typedef struct rlm_dpsk_s rlm_dpsk_t; -- --typedef struct { -- uint8_t mac[6]; -- uint8_t pmk[32]; -- -- uint8_t *ssid; -- size_t ssid_len; -- -- char *identity; -- size_t identity_len; -- -- uint8_t *psk; -- size_t psk_len; -- time_t expires; -- -- fr_dlist_t dlist; -- rlm_dpsk_t *inst; --} rlm_dpsk_cache_t; -- --struct rlm_dpsk_s { -- char const *xlat_name; -- bool ruckus; -- bool dynamic; -- -- rbtree_t *cache; -- -- uint32_t cache_size; -- uint32_t cache_lifetime; -- -- char const *filename; -- --#ifdef HAVE_PTHREAD_H -- pthread_mutex_t mutex; --#endif -- fr_dlist_t head; -- -- DICT_ATTR const *ssid; -- DICT_ATTR const *anonce; -- DICT_ATTR const *frame; --}; -- --static const CONF_PARSER module_config[] = { -- { "ruckus", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_dpsk_t, ruckus), "no" }, -- -- { "cache_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_size), "0" }, -- { "cache_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_lifetime), "0" }, -- -- { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_dpsk_t, filename), NULL }, -- -- CONF_PARSER_TERMINATOR --}; -- -- --static inline CC_HINT(nonnull) rlm_dpsk_cache_t *fr_dlist_head(fr_dlist_t const *head) --{ -- if (head->prev == head) return NULL; -- -- return (rlm_dpsk_cache_t *) (((uintptr_t) head->next) - offsetof(rlm_dpsk_cache_t, dlist)); --} -- --static void rdebug_hex(REQUEST *request, char const *prefix, uint8_t const *data, int len) --{ -- int i; -- char buffer[2048]; /* large enough for largest len */ -- -- /* -- * Leave a trailing space, we don't really care about that. -- */ -- for (i = 0; i < len; i++) { -- snprintf(buffer + i * 2, sizeof(buffer) - i * 2, "%02x", data[i]); -- } -- -- RDEBUG("%s %s", prefix, buffer); --} --#define RDEBUG_HEX if (rad_debug_lvl >= 3) rdebug_hex -- --#if 0 --/* -- * Find the Ruckus attributes, and convert to FreeRADIUS ones. -- * -- * Also check the WPA2 cipher. We need AES + HMAC-SHA1. -- */ --static bool normalize(rlm_dpsk_t *inst, REQUEST *request) --{ -- VALUE_PAIR *bssid, *cipher, *anonce, *key_msg, *vp; -- -- if (!inst->ruckus) return false; -- -- bssid = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_BSSID, VENDORPEC_RUCKUS, TAG_ANY); -- if (!bssid) return false; -- -- cipher = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_CIPHER, VENDORPEC_RUCKUS, TAG_ANY); -- if (!cipher) return false; -- -- if (cipher->vp_byte != 4) { -- RDEBUG("Found Ruckus-DPSK-Cipher != 4, which means that we cannot do DPSK"); -- return false; -- } -- -- anonce = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS, TAG_ANY); -- if (!anonce) return false; -- -- key_msg = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS, TAG_ANY); -- if (!key_msg) return false; -- -- MEM(vp = fr_pair_afrom_da(request->packet, anonce->da)); -- fr_pair_value_memcpy(vp, anonce->vp_octets, anonce->vp_length); -- fr_pair_add(&request->packet->vps, vp); -- -- MEM(vp = fr_pair_afrom_da(request->packet, key_msg->da)); -- fr_pair_value_memcpy(vp, key_msg->vp_octets, key_msg->vp_length); -- fr_pair_add(&request->packet->vps, vp); -- -- return false; --} --#endif -- --/* -- * mod_authorize() - authorize user if we can authenticate -- * it later. Add Auth-Type attribute if present in module -- * configuration (usually Auth-Type must be "DPSK") -- */ --static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void * instance, REQUEST *request) --{ -- rlm_dpsk_t *inst = instance; -- -- if (!fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY) && -- !fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY)) { -- return RLM_MODULE_NOOP; -- } -- -- if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) { -- RWDEBUG2("Auth-Type already set. Not setting to %s", inst->xlat_name); -- return RLM_MODULE_NOOP; -- } -- -- RDEBUG2("Found %s. Setting 'Auth-Type = %s'", inst->frame->name, inst->xlat_name); -- -- /* -- * Set Auth-Type to MS-CHAP. The authentication code -- * will take care of turning cleartext passwords into -- * NT/LM passwords. -- */ -- if (!pair_make_config("Auth-Type", inst->xlat_name, T_OP_EQ)) { -- return RLM_MODULE_FAIL; -- } -- -- return RLM_MODULE_OK; --} -- --static rlm_dpsk_cache_t *dpsk_cache_find(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac) --{ -- rlm_dpsk_cache_t *entry, my_entry; -- -- memcpy(my_entry.mac, mac, sizeof(my_entry.mac)); -- memcpy(&my_entry.ssid, &ssid->vp_octets, sizeof(my_entry.ssid)); /* const issues */ -- my_entry.ssid_len = ssid->vp_length; -- -- entry = rbtree_finddata(inst->cache, &my_entry); -- if (entry) { -- if (entry->expires > request->timestamp) { -- RDEBUG3("Cache entry found"); -- memcpy(buffer, entry->pmk, buflen); -- return entry; -- } -- -- RDEBUG3("Cache entry has expired"); -- rbtree_deletebydata(inst->cache, entry); -- } -- -- return NULL; --} -- -- --static int generate_pmk(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac, char const *psk, size_t psk_len) --{ -- VALUE_PAIR *vp; -- -- fr_assert(buflen == 32); -- -- if (!ssid) { -- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY); -- if (!ssid) { -- RDEBUG("No %s in the request", inst->ssid->name); -- return 0; -- } -- } -- -- /* -- * No provided PSK. Try to look it up in the cache. If -- * it isn't there, find it in the config items. -- */ -- if (!psk) { -- if (inst->cache && mac) { -- rlm_dpsk_cache_t *entry; -- -- entry = dpsk_cache_find(request, inst, buffer, buflen, ssid, mac); -- if (entry) { -- memcpy(buffer, entry->pmk, buflen); -- return 1; -- } -- RDEBUG3("Cache entry not found"); -- } /* else no caching */ -- -- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY); -- if (!vp) { -- RDEBUG("No &config:Pre-Shared-Key"); -- return 0; -- } -- -- psk = vp->vp_strvalue; -- psk_len = vp->vp_length; -- } -- -- if (PKCS5_PBKDF2_HMAC_SHA1((const char *) psk, psk_len, (const unsigned char *) ssid->vp_strvalue, ssid->vp_length, 4096, buflen, buffer) == 0) { -- RDEBUG("Failed calling OpenSSL to calculate the PMK"); -- return 0; -- } -- -- return 1; --} -- --/* -- * Verify the DPSK information. -- */ --static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *request) --{ -- rlm_dpsk_t *inst = instance; -- VALUE_PAIR *anonce, *key_msg, *ssid, *vp; -- rlm_dpsk_cache_t *entry; -- int lineno = 0; -- size_t len, psk_len; -- unsigned int digest_len, mic_len; -- eapol_attr_t const *eapol; -- eapol_attr_t *zeroed; -- FILE *fp = NULL; -- char const *psk_identity = NULL, *psk; -- uint8_t *p; -- uint8_t const *snonce, *ap_mac; -- uint8_t const *min_mac, *max_mac; -- uint8_t const *min_nonce, *max_nonce; -- uint8_t pmk[32]; -- uint8_t s_mac[6], message[sizeof("Pairwise key expansion") + 6 + 6 + 32 + 32 + 1], frame[128]; -- uint8_t digest[EVP_MAX_MD_SIZE], mic[EVP_MAX_MD_SIZE]; -- char token_identity[256]; -- -- /* -- * Search for the information in a bunch of attributes. -- */ -- anonce = fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY); -- if (!anonce) { -- RDEBUG("No FreeRADIUS-802.1X-Anonce in the request"); -- return RLM_MODULE_NOOP; -- } -- -- if (anonce->vp_length != 32) { -- RDEBUG("%s has incorrect length (%zu, not 32)", inst->anonce->name, anonce->vp_length); -- return RLM_MODULE_NOOP; -- } -- -- key_msg = fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY); -- if (!key_msg) { -- RDEBUG("No %s in the request", inst->frame->name); -- return RLM_MODULE_NOOP; -- } -- -- if (key_msg->vp_length < sizeof(*eapol)) { -- RDEBUG("%s has incorrect length (%zu < %zu)", inst->frame->name, key_msg->vp_length, sizeof(*eapol)); -- return RLM_MODULE_NOOP; -- } -- -- if (key_msg->vp_length > sizeof(frame)) { -- RDEBUG("%s has incorrect length (%zu > %zu)", inst->frame->name, key_msg->vp_length, sizeof(frame)); -- return RLM_MODULE_NOOP; -- } -- -- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY); -- if (!ssid) { -- RDEBUG("No %s in the request", inst->ssid->name); -- return 0; -- } -- -- /* -- * Get supplicant MAC address. -- */ -- vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); -- if (!vp) { -- RDEBUG("No &User-Name"); -- return RLM_MODULE_NOOP; -- } -- -- len = fr_hex2bin(s_mac, sizeof(s_mac), vp->vp_strvalue, vp->vp_length); -- if (len != 6) { -- RDEBUG("&User-Name is not a recognizable hex MAC address"); -- return RLM_MODULE_NOOP; -- } -- -- /* -- * In case we're not reading from a file. -- */ -- vp = fr_pair_find_by_num(request->config, PW_PSK_IDENTITY, 0, TAG_ANY); -- if (vp) psk_identity = vp->vp_strvalue; -- -- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY); -- if (vp) { -- psk = vp->vp_strvalue; -- psk_len = vp->vp_length; -- } else { -- psk = NULL; -- psk_len = 0; -- } -- -- /* -- * Get the AP MAC address. -- */ -- vp = fr_pair_find_by_num(request->packet->vps, PW_CALLED_STATION_MAC, 0, TAG_ANY); -- if (!vp) { -- RDEBUG("No &Called-Station-MAC"); -- return RLM_MODULE_NOOP; -- } -- -- if (vp->length != 6) { -- RDEBUG("&Called-Station-MAC is not a recognizable MAC address"); -- return RLM_MODULE_NOOP; -- } -- -- ap_mac = vp->vp_octets; -- -- /* -- * Sort the MACs -- */ -- if (memcmp(s_mac, ap_mac, 6) <= 0) { -- min_mac = s_mac; -- max_mac = ap_mac; -- } else { -- min_mac = ap_mac; -- max_mac = s_mac; -- } -- -- eapol = (eapol_attr_t const *) key_msg->vp_octets; -- -- /* -- * Get supplicant nonce and AP nonce. -- * -- * Then sort the nonces. -- */ -- snonce = key_msg->vp_octets + 17; -- if (memcmp(snonce, anonce->vp_octets, 32) <= 0) { -- min_nonce = snonce; -- max_nonce = anonce->vp_octets; -- } else { -- min_nonce = anonce->vp_octets; -- max_nonce = snonce; -- } -- -- /* -- * Create the base message which we will hash. -- */ -- memcpy(message, "Pairwise key expansion", sizeof("Pairwise key expansion")); /* including trailing NUL */ -- p = &message[sizeof("Pairwise key expansion")]; -- -- memcpy(p, min_mac, 6); -- memcpy(p + 6, max_mac, 6); -- p += 12; -- -- memcpy(p, min_nonce, 32); -- memcpy(p + 32, max_nonce, 32); -- p += 64; -- *p = '\0'; -- fr_assert(sizeof(message) == (p + 1 - message)); -- -- if (inst->filename && !psk) { -- FR_TOKEN token; -- char const *q, *filename; -- char token_psk[256]; -- char token_mac[256]; -- char buffer[1024]; -- char filename_buffer[1024]; -- -- /* -- * If there's a cached entry, we don't read the file. -- */ -- entry = dpsk_cache_find(request, inst, pmk, sizeof(pmk), ssid, s_mac); -- if (entry) { -- psk_identity = entry->identity; -- goto make_digest; -- } -- -- if (!inst->dynamic) { -- filename = inst->filename; -- } else { -- if (radius_xlat(filename_buffer, sizeof(filename_buffer), -- request, inst->filename, NULL, NULL) < 0) { -- return RLM_MODULE_FAIL; -- } -- -- filename = filename_buffer; -- } -- -- RDEBUG3("Looking for PSK in file %s", filename); -- -- fp = fopen(filename, "r"); -- if (!fp) { -- REDEBUG("Failed opening %s - %s", filename, fr_syserror(errno)); -- return RLM_MODULE_FAIL; -- } -- --get_next_psk: -- q = fgets(buffer, sizeof(buffer), fp); -- if (!q) { -- RDEBUG("Failed to find matching key in %s", filename); -- fail: -- fclose(fp); -- return RLM_MODULE_FAIL; -- } -- -- /* -- * Split the line on commas, paying attention to double quotes. -- */ -- token = getstring(&q, token_identity, sizeof(token_identity), true); -- if (token == T_INVALID) { -- RDEBUG("%s[%d] Failed parsing identity", filename, lineno); -- goto fail; -- } -- -- if (*q != ',') { -- RDEBUG("%s[%d] Failed to find ',' after identity", filename, lineno); -- goto fail; -- } -- q++; -- -- token = getstring(&q, token_psk, sizeof(token_psk), true); -- if (token == T_INVALID) { -- RDEBUG("%s[%d] Failed parsing PSK", filename, lineno); -- goto fail; -- } -- -- if (*q == ',') { -- q++; -- -- token = getstring(&q, token_mac, sizeof(token_mac), true); -- if (token == T_INVALID) { -- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno); -- goto fail; -- } -- -- /* -- * See if the MAC matches. If not, skip -- * this entry. That's a basic negative cache. -- */ -- if ((strlen(token_mac) != 12) || -- (fr_hex2bin((uint8_t *) token_mac, 6, token_mac, 12) != 12)) { -- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno); -- goto fail; -- } -- -- if (memcmp(s_mac, token_mac, 6) != 0) { -- psk_identity = NULL; -- goto get_next_psk; -- } -- -- /* -- * Close the file so that we don't check any other entries. -- */ -- MEM(vp = fr_pair_afrom_num(request, PW_PRE_SHARED_KEY, 0)); -- fr_pair_value_bstrncpy(vp, token_psk, strlen(token_psk)); -- -- fr_pair_add(&request->config, vp); -- fclose(fp); -- fp = NULL; -- -- RDEBUG3("Found matching MAC"); -- } -- -- /* -- * Generate the PMK using the SSID, this MAC, and the PSK we just read. -- */ -- RDEBUG3("%s[%d] Trying PSK %s", filename, lineno, token_psk); -- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, token_psk, strlen(token_psk)) == 0) { -- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found"); -- return RLM_MODULE_NOOP; -- } -- -- /* -- * Remember which identity we had -- */ -- psk_identity = token_identity; -- goto make_digest; -- } -- -- /* -- * Use the PMK if it already exists. Otherwise calculate it from the PSK. -- */ -- vp = fr_pair_find_by_num(request->config, PW_PAIRWISE_MASTER_KEY, 0, TAG_ANY); -- if (!vp) { -- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, psk, psk_len) == 0) { -- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found"); -- fr_assert(!fp); -- return RLM_MODULE_NOOP; -- } -- -- } else if (vp->vp_length != sizeof(pmk)) { -- RDEBUG("Pairwise-Master-Key has incorrect length (%zu != %zu)", vp->vp_length, sizeof(pmk)); -- fr_assert(!fp); -- return RLM_MODULE_NOOP; -- -- } else { -- memcpy(pmk, vp->vp_octets, sizeof(pmk)); -- } -- -- /* -- * HMAC = HMAC_SHA1(pmk, message); -- * -- * We need the first 16 octets of this. -- */ --make_digest: -- digest_len = sizeof(digest); -- HMAC(EVP_sha1(), pmk, sizeof(pmk), message, sizeof(message), digest, &digest_len); -- -- RDEBUG_HEX(request, "message:", message, sizeof(message)); -- RDEBUG_HEX(request, "pmk :", pmk, sizeof(pmk)); -- RDEBUG_HEX(request, "kck :", digest, 16); -- -- /* -- * Create the frame with the middle field zero, and hash it with the KCK digest we calculated from the key expansion. -- */ -- memcpy(frame, key_msg->vp_octets, key_msg->vp_length); -- zeroed = (eapol_attr_t *) &frame[0]; -- memset(&zeroed->frame.mic[0], 0, 16); -- -- RDEBUG_HEX(request, "zeroed:", frame, key_msg->vp_length); -- -- mic_len = sizeof(mic); -- HMAC(EVP_sha1(), digest, 16, frame, key_msg->vp_length, mic, &mic_len); -- -- /* -- * Do the MICs match? -- */ -- if (memcmp(&eapol->frame.mic[0], mic, 16) != 0) { -- if (fp) { -- psk_identity = NULL; -- goto get_next_psk; -- } -- -- RDEBUG_HEX(request, "calculated mic:", mic, 16); -- RDEBUG_HEX(request, "packet mic :", &eapol->frame.mic[0], 16); -- return RLM_MODULE_FAIL; -- } -- -- /* -- * It matches. Close the input file if necessary. -- */ -- if (fp) fclose(fp); -- -- /* -- * Extend the lifetime of the cache entry, or add the -- * cache entry if necessary. -- */ -- if (inst->cache) { -- rlm_dpsk_cache_t my_entry; -- -- /* -- * Find the entry (again), and update the expiry time. -- * -- * Create the entry if neessary. -- */ -- memcpy(my_entry.mac, s_mac, sizeof(my_entry.mac)); -- -- vp = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY); -- if (!vp) goto save_psk; /* should never really happen, but just to be safe */ -- -- memcpy(&my_entry.ssid, &vp->vp_octets, sizeof(my_entry.ssid)); /* const issues */ -- my_entry.ssid_len = vp->vp_length; -- -- entry = rbtree_finddata(inst->cache, &my_entry); -- if (!entry) { -- /* -- * Too many entries in the cache. Delete the oldest one. -- */ -- if (rbtree_num_elements(inst->cache) > inst->cache_size) { -- PTHREAD_MUTEX_LOCK(&inst->mutex); -- entry = fr_dlist_head(&inst->head); -- PTHREAD_MUTEX_UNLOCK(&inst->mutex); -- -- rbtree_deletebydata(inst->cache, entry); -- } -- -- MEM(entry = talloc_zero(NULL, rlm_dpsk_cache_t)); -- -- memcpy(entry->mac, s_mac, sizeof(entry->mac)); -- memcpy(entry->pmk, pmk, sizeof(entry->pmk)); -- -- fr_dlist_entry_init(&entry->dlist); -- entry->inst = inst; -- -- /* -- * Save the variable-length SSID. -- */ -- MEM(entry->ssid = talloc_memdup(entry, vp->vp_octets, vp->vp_length)); -- entry->ssid_len = vp->vp_length; -- -- /* -- * Save the PSK. If we just have the -- * PMK, then we can still cache that. -- */ -- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY); -- if (vp) { -- MEM(entry->psk = talloc_memdup(entry, vp->vp_octets, vp->vp_length)); -- entry->psk_len = vp->vp_length; -- } -- -- /* -- * Save the identity. -- */ -- if (psk_identity) { -- MEM(entry->identity = talloc_memdup(entry, psk_identity, strlen(psk_identity))); -- entry->identity_len = strlen(psk_identity); -- } -- -- /* -- * Cache it. -- */ -- if (!rbtree_insert(inst->cache, entry)) { -- talloc_free(entry); -- goto save_found_psk; -- } -- RDEBUG3("Cache entry saved"); -- } -- entry->expires = request->timestamp + inst->cache_lifetime; -- -- PTHREAD_MUTEX_LOCK(&inst->mutex); -- fr_dlist_entry_unlink(&entry->dlist); -- fr_dlist_insert_tail(&inst->head, &entry->dlist); -- PTHREAD_MUTEX_UNLOCK(&inst->mutex); -- -- /* -- * Add the PSK to the reply items, if it was cached. -- */ -- if (entry->psk) { -- MEM(vp = fr_pair_afrom_num(request->reply, PW_PRE_SHARED_KEY, 0)); -- fr_pair_value_bstrncpy(vp, entry->psk, entry->psk_len); -- -- fr_pair_add(&request->reply->vps, vp); -- } -- -- goto save_psk_identity; -- } -- -- /* -- * Save a copy of the found PSK in the reply; -- */ --save_psk: -- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY); -- --save_found_psk: -- if (!vp) return RLM_MODULE_OK; -- -- fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp)); -- --save_psk_identity: -- /* -- * Save which identity matched. -- */ -- if (psk_identity) { -- MEM(vp = fr_pair_afrom_num(request->reply, PW_PSK_IDENTITY, 0)); -- fr_pair_value_bstrncpy(vp, psk_identity, strlen(psk_identity)); -- -- fr_pair_add(&request->reply->vps, vp); -- } -- -- return RLM_MODULE_OK; --} -- --/* -- * Generate the PMK from SSID and Pre-Shared-Key -- */ --static ssize_t dpsk_xlat(void *instance, REQUEST *request, -- char const *fmt, char *out, size_t outlen) --{ -- rlm_dpsk_t *inst = instance; -- char const *p, *ssid, *psk; -- size_t ssid_len, psk_len; -- uint8_t buffer[32]; -- -- /* -- * Prefer xlat arguments. But if they don't exist, use the attributes. -- */ -- p = fmt; -- while (isspace((uint8_t) *p)) p++; -- -- if (!*p) { -- if (generate_pmk(request, inst, buffer, sizeof(buffer), NULL, NULL, NULL, 0) == 0) { -- RDEBUG("No &request:Called-Station-SSID or &config:Pre-Shared-Key found"); -- return 0; -- } -- } else { -- ssid = p; -- -- while (*p && !isspace((uint8_t) *p)) p++; -- -- ssid_len = p - ssid; -- -- if (!*p) { -- REDEBUG("Found SSID, but no PSK"); -- return 0; -- } -- -- psk = p; -- -- while (*p && !isspace((uint8_t) *p)) p++; -- -- psk_len = p - psk; -- -- if (PKCS5_PBKDF2_HMAC_SHA1(psk, psk_len, (const unsigned char *) ssid, ssid_len, 4096, sizeof(buffer), buffer) == 0) { -- RDEBUG("Failed calling OpenSSL to calculate the PMK"); -- return 0; -- } -- } -- -- if (outlen < sizeof(buffer) * 2 + 1) { -- REDEBUG("Output buffer is too small for PMK"); -- return 0; -- } -- -- return fr_bin2hex(out, buffer, 32); --} -- --static int mod_bootstrap(CONF_SECTION *conf, void *instance) --{ -- char const *name; -- rlm_dpsk_t *inst = instance; -- -- /* -- * Create the dynamic translation. -- */ -- name = cf_section_name2(conf); -- if (!name) name = cf_section_name1(conf); -- inst->xlat_name = name; -- xlat_register(inst->xlat_name, dpsk_xlat, NULL, inst); -- -- if (inst->ruckus) { -- inst->ssid = dict_attrbyvalue(PW_RUCKUS_BSSID, VENDORPEC_RUCKUS); -- inst->anonce = dict_attrbyvalue(PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS); -- inst->frame = dict_attrbyvalue(PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS); -- } else { -- inst->ssid = dict_attrbyvalue(PW_CALLED_STATION_SSID, 0); -- inst->anonce = dict_attrbyvalue(PW_FREERADIUS_8021X_ANONCE, VENDORPEC_FREERADIUS_EVS5); -- inst->frame = dict_attrbyvalue(PW_FREERADIUS_8021X_EAPOL_KEY_MSG, VENDORPEC_FREERADIUS_EVS5); -- } -- -- if (!inst->ssid || !inst->anonce || !inst->frame) { -- cf_log_err_cs(conf, "Failed to find attributes in the dictionary. Please do not edit the default dictionaries!"); -- return -1; -- } -- -- inst->dynamic = inst->filename && (strchr(inst->filename, '%') != NULL); -- -- return 0; --} -- --static int cmp_cache_entry(void const *one, void const *two) --{ -- rlm_dpsk_cache_t const *a = (rlm_dpsk_cache_t const *) one; -- rlm_dpsk_cache_t const *b = (rlm_dpsk_cache_t const *) two; -- int rcode; -- -- rcode = memcmp(a->mac, b->mac, sizeof(a->mac)); -- if (rcode != 0) return rcode; -- -- if (a->ssid_len < b->ssid_len) return -1; -- if (a->ssid_len > b->ssid_len) return +1; -- -- return memcmp(a->ssid, b->ssid, a->ssid_len); --} -- --static void free_cache_entry(void *data) --{ -- rlm_dpsk_cache_t *entry = (rlm_dpsk_cache_t *) data; -- -- PTHREAD_MUTEX_LOCK(&entry->inst->mutex); -- fr_dlist_entry_unlink(&entry->dlist); -- PTHREAD_MUTEX_UNLOCK(&entry->inst->mutex); -- -- talloc_free(entry); --} -- --static int mod_instantiate(CONF_SECTION *conf, void *instance) --{ -- rlm_dpsk_t *inst = instance; -- -- if (!inst->cache_size) return 0; -- -- FR_INTEGER_BOUND_CHECK("cache_size", inst->cache_size, <=, ((uint32_t) 1) << 16); -- -- if (!inst->cache_size) return 0; -- -- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, <=, (7 * 86400)); -- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, >=, 3600); -- -- inst->cache = rbtree_create(inst, cmp_cache_entry, free_cache_entry, RBTREE_FLAG_LOCK); -- if (!inst->cache) { -- cf_log_err_cs(conf, "Failed creating internal cache"); -- return -1; -- } -- -- fr_dlist_entry_init(&inst->head); --#ifdef HAVE_PTHREAD_H -- if (pthread_mutex_init(&inst->mutex, NULL) < 0) { -- cf_log_err_cs(conf, "Failed creating mutex"); -- return -1; -- } --#endif -- -- return 0; --} -- --#ifdef HAVE_PTHREAD_H --static int mod_detach(void *instance) --{ -- rlm_dpsk_t *inst = instance; -- -- if (!inst->cache_size) return 0; -- -- pthread_mutex_destroy(&inst->mutex); -- return 0; --} --#endif -- --/* -- * The module name should be the only globally exported symbol. -- * That is, everything else should be 'static'. -- * -- * If the module needs to temporarily modify it's instantiation -- * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE. -- * The server will then take care of ensuring that the module -- * is single-threaded. -- */ --extern module_t rlm_dpsk; --module_t rlm_dpsk = { -- .magic = RLM_MODULE_INIT, -- .name = "dpsk", -- .type = RLM_TYPE_THREAD_SAFE, -- .inst_size = sizeof(rlm_dpsk_t), -- .config = module_config, -- .bootstrap = mod_bootstrap, -- .instantiate = mod_instantiate, --#ifdef HAVE_PTHREAD_H -- .detach = mod_detach, --#endif -- .methods = { -- [MOD_AUTHORIZE] = mod_authorize, -- [MOD_AUTHENTICATE] = mod_authenticate, -- }, --}; -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore b/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore -deleted file mode 100644 -index 01a5daa3cc..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore -+++ /dev/null -@@ -1 +0,0 @@ --all.mk -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in b/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in -deleted file mode 100644 -index dfdcd71fd3..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in -+++ /dev/null -@@ -1,12 +0,0 @@ --TARGETNAME := @targetname@ -- --ifneq "$(OPENSSL_LIBS)" "" --ifneq "$(TARGETNAME)" "" --TARGET := $(TARGETNAME).a --endif --endif -- --SOURCES := $(TARGETNAME).c eap_teap.c eap_teap_crypto.c -- --SRC_INCDIRS := ../../ ../../libeap/ --TGT_PREREQS := libfreeradius-eap.a -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure b/src/modules/rlm_eap/types/rlm_eap_teap/configure -deleted file mode 100755 -index e37094d80c..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/configure -+++ /dev/null -@@ -1,4512 +0,0 @@ --#! /bin/sh --# From configure.ac Revision. --# Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.69. --# --# --# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. --# --# --# This configure script is free software; the Free Software Foundation --# gives unlimited permission to copy, distribute and modify it. --## -------------------- ## --## M4sh Initialization. ## --## -------------------- ## -- --# Be more Bourne compatible --DUALCASE=1; export DUALCASE # for MKS sh --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : -- emulate sh -- NULLCMD=: -- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which -- # is contrary to our usage. Disable this feature. -- alias -g '${1+"$@"}'='"$@"' -- setopt NO_GLOB_SUBST --else -- case `(set -o) 2>/dev/null` in #( -- *posix*) : -- set -o posix ;; #( -- *) : -- ;; --esac --fi -- -- --as_nl=' --' --export as_nl --# Printing a long string crashes Solaris 7 /usr/bin/printf. --as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo --as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo --# Prefer a ksh shell builtin over an external printf program on Solaris, --# but without wasting forks for bash or zsh. --if test -z "$BASH_VERSION$ZSH_VERSION" \ -- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then -- as_echo='print -r --' -- as_echo_n='print -rn --' --elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then -- as_echo='printf %s\n' -- as_echo_n='printf %s' --else -- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then -- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' -- as_echo_n='/usr/ucb/echo -n' -- else -- as_echo_body='eval expr "X$1" : "X\\(.*\\)"' -- as_echo_n_body='eval -- arg=$1; -- case $arg in #( -- *"$as_nl"*) -- expr "X$arg" : "X\\(.*\\)$as_nl"; -- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; -- esac; -- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" -- ' -- export as_echo_n_body -- as_echo_n='sh -c $as_echo_n_body as_echo' -- fi -- export as_echo_body -- as_echo='sh -c $as_echo_body as_echo' --fi -- --# The user is always right. --if test "${PATH_SEPARATOR+set}" != set; then -- PATH_SEPARATOR=: -- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { -- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || -- PATH_SEPARATOR=';' -- } --fi -- -- --# IFS --# We need space, tab and new line, in precisely that order. Quoting is --# there to prevent editors from complaining about space-tab. --# (If _AS_PATH_WALK were called with IFS unset, it would disable word --# splitting by setting IFS to empty value.) --IFS=" "" $as_nl" -- --# Find who we are. Look in the path if we contain no directory separator. --as_myself= --case $0 in #(( -- *[\\/]* ) as_myself=$0 ;; -- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -- done --IFS=$as_save_IFS -- -- ;; --esac --# We did not find ourselves, most probably we were run as `sh COMMAND' --# in which case we are not to be found in the path. --if test "x$as_myself" = x; then -- as_myself=$0 --fi --if test ! -f "$as_myself"; then -- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -- exit 1 --fi -- --# Unset variables that we do not need and which cause bugs (e.g. in --# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" --# suppresses any "Segmentation fault" message there. '((' could --# trigger a bug in pdksh 5.2.14. --for as_var in BASH_ENV ENV MAIL MAILPATH --do eval test x\${$as_var+set} = xset \ -- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : --done --PS1='$ ' --PS2='> ' --PS4='+ ' -- --# NLS nuisances. --LC_ALL=C --export LC_ALL --LANGUAGE=C --export LANGUAGE -- --# CDPATH. --(unset CDPATH) >/dev/null 2>&1 && unset CDPATH -- --# Use a proper internal environment variable to ensure we don't fall -- # into an infinite loop, continuously re-executing ourselves. -- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then -- _as_can_reexec=no; export _as_can_reexec; -- # We cannot yet assume a decent shell, so we have to provide a --# neutralization value for shells without unset; and this also --# works around shells that cannot unset nonexistent variables. --# Preserve -v and -x to the replacement shell. --BASH_ENV=/dev/null --ENV=/dev/null --(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV --case $- in # (((( -- *v*x* | *x*v* ) as_opts=-vx ;; -- *v* ) as_opts=-v ;; -- *x* ) as_opts=-x ;; -- * ) as_opts= ;; --esac --exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} --# Admittedly, this is quite paranoid, since all the known shells bail --# out after a failed `exec'. --$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 --as_fn_exit 255 -- fi -- # We don't want this to propagate to other subprocesses. -- { _as_can_reexec=; unset _as_can_reexec;} --if test "x$CONFIG_SHELL" = x; then -- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : -- emulate sh -- NULLCMD=: -- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which -- # is contrary to our usage. Disable this feature. -- alias -g '\${1+\"\$@\"}'='\"\$@\"' -- setopt NO_GLOB_SUBST --else -- case \`(set -o) 2>/dev/null\` in #( -- *posix*) : -- set -o posix ;; #( -- *) : -- ;; --esac --fi --" -- as_required="as_fn_return () { (exit \$1); } --as_fn_success () { as_fn_return 0; } --as_fn_failure () { as_fn_return 1; } --as_fn_ret_success () { return 0; } --as_fn_ret_failure () { return 1; } -- --exitcode=0 --as_fn_success || { exitcode=1; echo as_fn_success failed.; } --as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } --as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } --as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } --if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : -- --else -- exitcode=1; echo positional parameters were not saved. --fi --test x\$exitcode = x0 || exit 1 --test -x / || exit 1" -- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO -- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO -- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && -- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 --test \$(( 1 + 1 )) = 2 || exit 1" -- if (eval "$as_required") 2>/dev/null; then : -- as_have_required=yes --else -- as_have_required=no --fi -- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : -- --else -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --as_found=false --for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- as_found=: -- case $as_dir in #( -- /*) -- for as_base in sh bash ksh sh5; do -- # Try only shells that exist, to save several forks. -- as_shell=$as_dir/$as_base -- if { test -f "$as_shell" || test -f "$as_shell.exe"; } && -- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : -- CONFIG_SHELL=$as_shell as_have_required=yes -- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : -- break 2 --fi --fi -- done;; -- esac -- as_found=false --done --$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && -- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : -- CONFIG_SHELL=$SHELL as_have_required=yes --fi; } --IFS=$as_save_IFS -- -- -- if test "x$CONFIG_SHELL" != x; then : -- export CONFIG_SHELL -- # We cannot yet assume a decent shell, so we have to provide a --# neutralization value for shells without unset; and this also --# works around shells that cannot unset nonexistent variables. --# Preserve -v and -x to the replacement shell. --BASH_ENV=/dev/null --ENV=/dev/null --(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV --case $- in # (((( -- *v*x* | *x*v* ) as_opts=-vx ;; -- *v* ) as_opts=-v ;; -- *x* ) as_opts=-x ;; -- * ) as_opts= ;; --esac --exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} --# Admittedly, this is quite paranoid, since all the known shells bail --# out after a failed `exec'. --$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 --exit 255 --fi -- -- if test x$as_have_required = xno; then : -- $as_echo "$0: This script requires a shell more modern than all" -- $as_echo "$0: the shells that I found on your system." -- if test x${ZSH_VERSION+set} = xset ; then -- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" -- $as_echo "$0: be upgraded to zsh 4.3.4 or later." -- else -- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, --$0: including any error possibly output before this --$0: message. Then install a modern shell, or manually run --$0: the script under such a shell if you do have one." -- fi -- exit 1 --fi --fi --fi --SHELL=${CONFIG_SHELL-/bin/sh} --export SHELL --# Unset more variables known to interfere with behavior of common tools. --CLICOLOR_FORCE= GREP_OPTIONS= --unset CLICOLOR_FORCE GREP_OPTIONS -- --## --------------------- ## --## M4sh Shell Functions. ## --## --------------------- ## --# as_fn_unset VAR --# --------------- --# Portably unset VAR. --as_fn_unset () --{ -- { eval $1=; unset $1;} --} --as_unset=as_fn_unset -- --# as_fn_set_status STATUS --# ----------------------- --# Set $? to STATUS, without forking. --as_fn_set_status () --{ -- return $1 --} # as_fn_set_status -- --# as_fn_exit STATUS --# ----------------- --# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. --as_fn_exit () --{ -- set +e -- as_fn_set_status $1 -- exit $1 --} # as_fn_exit -- --# as_fn_mkdir_p --# ------------- --# Create "$as_dir" as a directory, including parents if necessary. --as_fn_mkdir_p () --{ -- -- case $as_dir in #( -- -*) as_dir=./$as_dir;; -- esac -- test -d "$as_dir" || eval $as_mkdir_p || { -- as_dirs= -- while :; do -- case $as_dir in #( -- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( -- *) as_qdir=$as_dir;; -- esac -- as_dirs="'$as_qdir' $as_dirs" -- as_dir=`$as_dirname -- "$as_dir" || --$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$as_dir" : 'X\(//\)[^/]' \| \ -- X"$as_dir" : 'X\(//\)$' \| \ -- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$as_dir" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- test -d "$as_dir" && break -- done -- test -z "$as_dirs" || eval "mkdir $as_dirs" -- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" -- -- --} # as_fn_mkdir_p -- --# as_fn_executable_p FILE --# ----------------------- --# Test if FILE is an executable regular file. --as_fn_executable_p () --{ -- test -f "$1" && test -x "$1" --} # as_fn_executable_p --# as_fn_append VAR VALUE --# ---------------------- --# Append the text in VALUE to the end of the definition contained in VAR. Take --# advantage of any shell optimizations that allow amortized linear growth over --# repeated appends, instead of the typical quadratic growth present in naive --# implementations. --if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : -- eval 'as_fn_append () -- { -- eval $1+=\$2 -- }' --else -- as_fn_append () -- { -- eval $1=\$$1\$2 -- } --fi # as_fn_append -- --# as_fn_arith ARG... --# ------------------ --# Perform arithmetic evaluation on the ARGs, and store the result in the --# global $as_val. Take advantage of shells that can avoid forks. The arguments --# must be portable across $(()) and expr. --if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : -- eval 'as_fn_arith () -- { -- as_val=$(( $* )) -- }' --else -- as_fn_arith () -- { -- as_val=`expr "$@" || test $? -eq 1` -- } --fi # as_fn_arith -- -- --# as_fn_error STATUS ERROR [LINENO LOG_FD] --# ---------------------------------------- --# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are --# provided, also output the error to LOG_FD, referencing LINENO. Then exit the --# script with STATUS, using 1 if that was 0. --as_fn_error () --{ -- as_status=$1; test $as_status -eq 0 && as_status=1 -- if test "$4"; then -- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 -- fi -- $as_echo "$as_me: error: $2" >&2 -- as_fn_exit $as_status --} # as_fn_error -- --if expr a : '\(a\)' >/dev/null 2>&1 && -- test "X`expr 00001 : '.*\(...\)'`" = X001; then -- as_expr=expr --else -- as_expr=false --fi -- --if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then -- as_basename=basename --else -- as_basename=false --fi -- --if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -- as_dirname=dirname --else -- as_dirname=false --fi -- --as_me=`$as_basename -- "$0" || --$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -- X"$0" : 'X\(//\)$' \| \ -- X"$0" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X/"$0" | -- sed '/^.*\/\([^/][^/]*\)\/*$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- --# Avoid depending upon Character Ranges. --as_cr_letters='abcdefghijklmnopqrstuvwxyz' --as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' --as_cr_Letters=$as_cr_letters$as_cr_LETTERS --as_cr_digits='0123456789' --as_cr_alnum=$as_cr_Letters$as_cr_digits -- -- -- as_lineno_1=$LINENO as_lineno_1a=$LINENO -- as_lineno_2=$LINENO as_lineno_2a=$LINENO -- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && -- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { -- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) -- sed -n ' -- p -- /[$]LINENO/= -- ' <$as_myself | -- sed ' -- s/[$]LINENO.*/&-/ -- t lineno -- b -- :lineno -- N -- :loop -- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ -- t loop -- s/-\n.*// -- ' >$as_me.lineno && -- chmod +x "$as_me.lineno" || -- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } -- -- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have -- # already done that, so ensure we don't try to do so again and fall -- # in an infinite loop. This has already happened in practice. -- _as_can_reexec=no; export _as_can_reexec -- # Don't try to exec as it changes $[0], causing all sort of problems -- # (the dirname of $[0] is not the place where we might find the -- # original and so on. Autoconf is especially sensitive to this). -- . "./$as_me.lineno" -- # Exit status is that of the last command. -- exit --} -- --ECHO_C= ECHO_N= ECHO_T= --case `echo -n x` in #((((( ---n*) -- case `echo 'xy\c'` in -- *c*) ECHO_T=' ';; # ECHO_T is single tab character. -- xy) ECHO_C='\c';; -- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null -- ECHO_T=' ';; -- esac;; --*) -- ECHO_N='-n';; --esac -- --rm -f conf$$ conf$$.exe conf$$.file --if test -d conf$$.dir; then -- rm -f conf$$.dir/conf$$.file --else -- rm -f conf$$.dir -- mkdir conf$$.dir 2>/dev/null --fi --if (echo >conf$$.file) 2>/dev/null; then -- if ln -s conf$$.file conf$$ 2>/dev/null; then -- as_ln_s='ln -s' -- # ... but there are two gotchas: -- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -- # In both cases, we have to default to `cp -pR'. -- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -- as_ln_s='cp -pR' -- elif ln conf$$.file conf$$ 2>/dev/null; then -- as_ln_s=ln -- else -- as_ln_s='cp -pR' -- fi --else -- as_ln_s='cp -pR' --fi --rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file --rmdir conf$$.dir 2>/dev/null -- --if mkdir -p . 2>/dev/null; then -- as_mkdir_p='mkdir -p "$as_dir"' --else -- test -d ./-p && rmdir ./-p -- as_mkdir_p=false --fi -- --as_test_x='test -x' --as_executable_p=as_fn_executable_p -- --# Sed expression to map a string onto a valid CPP name. --as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" -- --# Sed expression to map a string onto a valid variable name. --as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" -- -- --test -n "$DJDIR" || exec 7<&0 &1 -- --# Name of the host. --# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, --# so uname gets run too. --ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` -- --# --# Initializations. --# --ac_default_prefix=/usr/local --ac_clean_files= --ac_config_libobj_dir=. --LIBOBJS= --cross_compiling=no --subdirs= --MFLAGS= --MAKEFLAGS= -- --# Identity of this package. --PACKAGE_NAME= --PACKAGE_TARNAME= --PACKAGE_VERSION= --PACKAGE_STRING= --PACKAGE_BUGREPORT= --PACKAGE_URL= -- --ac_unique_file="rlm_eap_teap.c" --ac_subst_vars='LTLIBOBJS --LIBOBJS --mod_cflags --mod_ldflags --targetname --EGREP --GREP --CPP --OBJEXT --EXEEXT --ac_ct_CC --CPPFLAGS --LDFLAGS --CFLAGS --CC --target_alias --host_alias --build_alias --LIBS --ECHO_T --ECHO_N --ECHO_C --DEFS --mandir --localedir --libdir --psdir --pdfdir --dvidir --htmldir --infodir --docdir --oldincludedir --includedir --runstatedir --localstatedir --sharedstatedir --sysconfdir --datadir --datarootdir --libexecdir --sbindir --bindir --program_transform_name --prefix --exec_prefix --PACKAGE_URL --PACKAGE_BUGREPORT --PACKAGE_STRING --PACKAGE_VERSION --PACKAGE_TARNAME --PACKAGE_NAME --PATH_SEPARATOR --SHELL' --ac_subst_files='' --ac_user_opts=' --enable_option_checking --with_rlm_eap_teap --with_openssl_lib_dir --with_openssl_include_dir --' -- ac_precious_vars='build_alias --host_alias --target_alias --CC --CFLAGS --LDFLAGS --LIBS --CPPFLAGS --CPP' -- -- --# Initialize some variables set by options. --ac_init_help= --ac_init_version=false --ac_unrecognized_opts= --ac_unrecognized_sep= --# The variables have the same names as the options, with --# dashes changed to underlines. --cache_file=/dev/null --exec_prefix=NONE --no_create= --no_recursion= --prefix=NONE --program_prefix=NONE --program_suffix=NONE --program_transform_name=s,x,x, --silent= --site= --srcdir= --verbose= --x_includes=NONE --x_libraries=NONE -- --# Installation directory options. --# These are left unexpanded so users can "make install exec_prefix=/foo" --# and all the variables that are supposed to be based on exec_prefix --# by default will actually change. --# Use braces instead of parens because sh, perl, etc. also accept them. --# (The list follows the same order as the GNU Coding Standards.) --bindir='${exec_prefix}/bin' --sbindir='${exec_prefix}/sbin' --libexecdir='${exec_prefix}/libexec' --datarootdir='${prefix}/share' --datadir='${datarootdir}' --sysconfdir='${prefix}/etc' --sharedstatedir='${prefix}/com' --localstatedir='${prefix}/var' --runstatedir='${localstatedir}/run' --includedir='${prefix}/include' --oldincludedir='/usr/include' --docdir='${datarootdir}/doc/${PACKAGE}' --infodir='${datarootdir}/info' --htmldir='${docdir}' --dvidir='${docdir}' --pdfdir='${docdir}' --psdir='${docdir}' --libdir='${exec_prefix}/lib' --localedir='${datarootdir}/locale' --mandir='${datarootdir}/man' -- --ac_prev= --ac_dashdash= --for ac_option --do -- # If the previous option needs an argument, assign it. -- if test -n "$ac_prev"; then -- eval $ac_prev=\$ac_option -- ac_prev= -- continue -- fi -- -- case $ac_option in -- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; -- *=) ac_optarg= ;; -- *) ac_optarg=yes ;; -- esac -- -- # Accept the important Cygnus configure options, so we can diagnose typos. -- -- case $ac_dashdash$ac_option in -- --) -- ac_dashdash=yes ;; -- -- -bindir | --bindir | --bindi | --bind | --bin | --bi) -- ac_prev=bindir ;; -- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) -- bindir=$ac_optarg ;; -- -- -build | --build | --buil | --bui | --bu) -- ac_prev=build_alias ;; -- -build=* | --build=* | --buil=* | --bui=* | --bu=*) -- build_alias=$ac_optarg ;; -- -- -cache-file | --cache-file | --cache-fil | --cache-fi \ -- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) -- ac_prev=cache_file ;; -- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ -- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) -- cache_file=$ac_optarg ;; -- -- --config-cache | -C) -- cache_file=config.cache ;; -- -- -datadir | --datadir | --datadi | --datad) -- ac_prev=datadir ;; -- -datadir=* | --datadir=* | --datadi=* | --datad=*) -- datadir=$ac_optarg ;; -- -- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ -- | --dataroo | --dataro | --datar) -- ac_prev=datarootdir ;; -- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ -- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) -- datarootdir=$ac_optarg ;; -- -- -disable-* | --disable-*) -- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` -- # Reject names that are not valid shell variable names. -- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -- as_fn_error $? "invalid feature name: $ac_useropt" -- ac_useropt_orig=$ac_useropt -- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -- case $ac_user_opts in -- *" --"enable_$ac_useropt" --"*) ;; -- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" -- ac_unrecognized_sep=', ';; -- esac -- eval enable_$ac_useropt=no ;; -- -- -docdir | --docdir | --docdi | --doc | --do) -- ac_prev=docdir ;; -- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) -- docdir=$ac_optarg ;; -- -- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) -- ac_prev=dvidir ;; -- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) -- dvidir=$ac_optarg ;; -- -- -enable-* | --enable-*) -- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` -- # Reject names that are not valid shell variable names. -- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -- as_fn_error $? "invalid feature name: $ac_useropt" -- ac_useropt_orig=$ac_useropt -- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -- case $ac_user_opts in -- *" --"enable_$ac_useropt" --"*) ;; -- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" -- ac_unrecognized_sep=', ';; -- esac -- eval enable_$ac_useropt=\$ac_optarg ;; -- -- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ -- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ -- | --exec | --exe | --ex) -- ac_prev=exec_prefix ;; -- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ -- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ -- | --exec=* | --exe=* | --ex=*) -- exec_prefix=$ac_optarg ;; -- -- -gas | --gas | --ga | --g) -- # Obsolete; use --with-gas. -- with_gas=yes ;; -- -- -help | --help | --hel | --he | -h) -- ac_init_help=long ;; -- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) -- ac_init_help=recursive ;; -- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) -- ac_init_help=short ;; -- -- -host | --host | --hos | --ho) -- ac_prev=host_alias ;; -- -host=* | --host=* | --hos=* | --ho=*) -- host_alias=$ac_optarg ;; -- -- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) -- ac_prev=htmldir ;; -- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ -- | --ht=*) -- htmldir=$ac_optarg ;; -- -- -includedir | --includedir | --includedi | --included | --include \ -- | --includ | --inclu | --incl | --inc) -- ac_prev=includedir ;; -- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ -- | --includ=* | --inclu=* | --incl=* | --inc=*) -- includedir=$ac_optarg ;; -- -- -infodir | --infodir | --infodi | --infod | --info | --inf) -- ac_prev=infodir ;; -- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) -- infodir=$ac_optarg ;; -- -- -libdir | --libdir | --libdi | --libd) -- ac_prev=libdir ;; -- -libdir=* | --libdir=* | --libdi=* | --libd=*) -- libdir=$ac_optarg ;; -- -- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ -- | --libexe | --libex | --libe) -- ac_prev=libexecdir ;; -- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ -- | --libexe=* | --libex=* | --libe=*) -- libexecdir=$ac_optarg ;; -- -- -localedir | --localedir | --localedi | --localed | --locale) -- ac_prev=localedir ;; -- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) -- localedir=$ac_optarg ;; -- -- -localstatedir | --localstatedir | --localstatedi | --localstated \ -- | --localstate | --localstat | --localsta | --localst | --locals) -- ac_prev=localstatedir ;; -- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ -- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) -- localstatedir=$ac_optarg ;; -- -- -mandir | --mandir | --mandi | --mand | --man | --ma | --m) -- ac_prev=mandir ;; -- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) -- mandir=$ac_optarg ;; -- -- -nfp | --nfp | --nf) -- # Obsolete; use --without-fp. -- with_fp=no ;; -- -- -no-create | --no-create | --no-creat | --no-crea | --no-cre \ -- | --no-cr | --no-c | -n) -- no_create=yes ;; -- -- -no-recursion | --no-recursion | --no-recursio | --no-recursi \ -- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) -- no_recursion=yes ;; -- -- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ -- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ -- | --oldin | --oldi | --old | --ol | --o) -- ac_prev=oldincludedir ;; -- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ -- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ -- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) -- oldincludedir=$ac_optarg ;; -- -- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) -- ac_prev=prefix ;; -- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) -- prefix=$ac_optarg ;; -- -- -program-prefix | --program-prefix | --program-prefi | --program-pref \ -- | --program-pre | --program-pr | --program-p) -- ac_prev=program_prefix ;; -- -program-prefix=* | --program-prefix=* | --program-prefi=* \ -- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) -- program_prefix=$ac_optarg ;; -- -- -program-suffix | --program-suffix | --program-suffi | --program-suff \ -- | --program-suf | --program-su | --program-s) -- ac_prev=program_suffix ;; -- -program-suffix=* | --program-suffix=* | --program-suffi=* \ -- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) -- program_suffix=$ac_optarg ;; -- -- -program-transform-name | --program-transform-name \ -- | --program-transform-nam | --program-transform-na \ -- | --program-transform-n | --program-transform- \ -- | --program-transform | --program-transfor \ -- | --program-transfo | --program-transf \ -- | --program-trans | --program-tran \ -- | --progr-tra | --program-tr | --program-t) -- ac_prev=program_transform_name ;; -- -program-transform-name=* | --program-transform-name=* \ -- | --program-transform-nam=* | --program-transform-na=* \ -- | --program-transform-n=* | --program-transform-=* \ -- | --program-transform=* | --program-transfor=* \ -- | --program-transfo=* | --program-transf=* \ -- | --program-trans=* | --program-tran=* \ -- | --progr-tra=* | --program-tr=* | --program-t=*) -- program_transform_name=$ac_optarg ;; -- -- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) -- ac_prev=pdfdir ;; -- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) -- pdfdir=$ac_optarg ;; -- -- -psdir | --psdir | --psdi | --psd | --ps) -- ac_prev=psdir ;; -- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) -- psdir=$ac_optarg ;; -- -- -q | -quiet | --quiet | --quie | --qui | --qu | --q \ -- | -silent | --silent | --silen | --sile | --sil) -- silent=yes ;; -- -- -runstatedir | --runstatedir | --runstatedi | --runstated \ -- | --runstate | --runstat | --runsta | --runst | --runs \ -- | --run | --ru | --r) -- ac_prev=runstatedir ;; -- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ -- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ -- | --run=* | --ru=* | --r=*) -- runstatedir=$ac_optarg ;; -- -- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) -- ac_prev=sbindir ;; -- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ -- | --sbi=* | --sb=*) -- sbindir=$ac_optarg ;; -- -- -sharedstatedir | --sharedstatedir | --sharedstatedi \ -- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ -- | --sharedst | --shareds | --shared | --share | --shar \ -- | --sha | --sh) -- ac_prev=sharedstatedir ;; -- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ -- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ -- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ -- | --sha=* | --sh=*) -- sharedstatedir=$ac_optarg ;; -- -- -site | --site | --sit) -- ac_prev=site ;; -- -site=* | --site=* | --sit=*) -- site=$ac_optarg ;; -- -- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) -- ac_prev=srcdir ;; -- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) -- srcdir=$ac_optarg ;; -- -- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ -- | --syscon | --sysco | --sysc | --sys | --sy) -- ac_prev=sysconfdir ;; -- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ -- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) -- sysconfdir=$ac_optarg ;; -- -- -target | --target | --targe | --targ | --tar | --ta | --t) -- ac_prev=target_alias ;; -- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) -- target_alias=$ac_optarg ;; -- -- -v | -verbose | --verbose | --verbos | --verbo | --verb) -- verbose=yes ;; -- -- -version | --version | --versio | --versi | --vers | -V) -- ac_init_version=: ;; -- -- -with-* | --with-*) -- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` -- # Reject names that are not valid shell variable names. -- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -- as_fn_error $? "invalid package name: $ac_useropt" -- ac_useropt_orig=$ac_useropt -- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -- case $ac_user_opts in -- *" --"with_$ac_useropt" --"*) ;; -- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" -- ac_unrecognized_sep=', ';; -- esac -- eval with_$ac_useropt=\$ac_optarg ;; -- -- -without-* | --without-*) -- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` -- # Reject names that are not valid shell variable names. -- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -- as_fn_error $? "invalid package name: $ac_useropt" -- ac_useropt_orig=$ac_useropt -- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -- case $ac_user_opts in -- *" --"with_$ac_useropt" --"*) ;; -- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" -- ac_unrecognized_sep=', ';; -- esac -- eval with_$ac_useropt=no ;; -- -- --x) -- # Obsolete; use --with-x. -- with_x=yes ;; -- -- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ -- | --x-incl | --x-inc | --x-in | --x-i) -- ac_prev=x_includes ;; -- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ -- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) -- x_includes=$ac_optarg ;; -- -- -x-libraries | --x-libraries | --x-librarie | --x-librari \ -- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) -- ac_prev=x_libraries ;; -- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ -- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) -- x_libraries=$ac_optarg ;; -- -- -*) as_fn_error $? "unrecognized option: \`$ac_option' --Try \`$0 --help' for more information" -- ;; -- -- *=*) -- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` -- # Reject names that are not valid shell variable names. -- case $ac_envvar in #( -- '' | [0-9]* | *[!_$as_cr_alnum]* ) -- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; -- esac -- eval $ac_envvar=\$ac_optarg -- export $ac_envvar ;; -- -- *) -- # FIXME: should be removed in autoconf 3.0. -- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 -- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && -- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 -- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" -- ;; -- -- esac --done -- --if test -n "$ac_prev"; then -- ac_option=--`echo $ac_prev | sed 's/_/-/g'` -- as_fn_error $? "missing argument to $ac_option" --fi -- --if test -n "$ac_unrecognized_opts"; then -- case $enable_option_checking in -- no) ;; -- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; -- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; -- esac --fi -- --# Check all directory arguments for consistency. --for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ -- datadir sysconfdir sharedstatedir localstatedir includedir \ -- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ -- libdir localedir mandir runstatedir --do -- eval ac_val=\$$ac_var -- # Remove trailing slashes. -- case $ac_val in -- */ ) -- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` -- eval $ac_var=\$ac_val;; -- esac -- # Be sure to have absolute directory names. -- case $ac_val in -- [\\/$]* | ?:[\\/]* ) continue;; -- NONE | '' ) case $ac_var in *prefix ) continue;; esac;; -- esac -- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" --done -- --# There might be people who depend on the old broken behavior: `$host' --# used to hold the argument of --host etc. --# FIXME: To remove some day. --build=$build_alias --host=$host_alias --target=$target_alias -- --# FIXME: To remove some day. --if test "x$host_alias" != x; then -- if test "x$build_alias" = x; then -- cross_compiling=maybe -- elif test "x$build_alias" != "x$host_alias"; then -- cross_compiling=yes -- fi --fi -- --ac_tool_prefix= --test -n "$host_alias" && ac_tool_prefix=$host_alias- -- --test "$silent" = yes && exec 6>/dev/null -- -- --ac_pwd=`pwd` && test -n "$ac_pwd" && --ac_ls_di=`ls -di .` && --ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || -- as_fn_error $? "working directory cannot be determined" --test "X$ac_ls_di" = "X$ac_pwd_ls_di" || -- as_fn_error $? "pwd does not report name of working directory" -- -- --# Find the source files, if location was not specified. --if test -z "$srcdir"; then -- ac_srcdir_defaulted=yes -- # Try the directory containing this script, then the parent directory. -- ac_confdir=`$as_dirname -- "$as_myself" || --$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$as_myself" : 'X\(//\)[^/]' \| \ -- X"$as_myself" : 'X\(//\)$' \| \ -- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$as_myself" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- srcdir=$ac_confdir -- if test ! -r "$srcdir/$ac_unique_file"; then -- srcdir=.. -- fi --else -- ac_srcdir_defaulted=no --fi --if test ! -r "$srcdir/$ac_unique_file"; then -- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." -- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" --fi --ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" --ac_abs_confdir=`( -- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" -- pwd)` --# When building in place, set srcdir=. --if test "$ac_abs_confdir" = "$ac_pwd"; then -- srcdir=. --fi --# Remove unnecessary trailing slashes from srcdir. --# Double slashes in file names in object file debugging info --# mess up M-x gdb in Emacs. --case $srcdir in --*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; --esac --for ac_var in $ac_precious_vars; do -- eval ac_env_${ac_var}_set=\${${ac_var}+set} -- eval ac_env_${ac_var}_value=\$${ac_var} -- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} -- eval ac_cv_env_${ac_var}_value=\$${ac_var} --done -- --# --# Report the --help message. --# --if test "$ac_init_help" = "long"; then -- # Omit some internal or obsolete options to make the list less imposing. -- # This message is too long to be a string in the A/UX 3.1 sh. -- cat <<_ACEOF --\`configure' configures this package to adapt to many kinds of systems. -- --Usage: $0 [OPTION]... [VAR=VALUE]... -- --To assign environment variables (e.g., CC, CFLAGS...), specify them as --VAR=VALUE. See below for descriptions of some of the useful variables. -- --Defaults for the options are specified in brackets. -- --Configuration: -- -h, --help display this help and exit -- --help=short display options specific to this package -- --help=recursive display the short help of all the included packages -- -V, --version display version information and exit -- -q, --quiet, --silent do not print \`checking ...' messages -- --cache-file=FILE cache test results in FILE [disabled] -- -C, --config-cache alias for \`--cache-file=config.cache' -- -n, --no-create do not create output files -- --srcdir=DIR find the sources in DIR [configure dir or \`..'] -- --Installation directories: -- --prefix=PREFIX install architecture-independent files in PREFIX -- [$ac_default_prefix] -- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX -- [PREFIX] -- --By default, \`make install' will install all the files in --\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify --an installation prefix other than \`$ac_default_prefix' using \`--prefix', --for instance \`--prefix=\$HOME'. -- --For better control, use the options below. -- --Fine tuning of the installation directories: -- --bindir=DIR user executables [EPREFIX/bin] -- --sbindir=DIR system admin executables [EPREFIX/sbin] -- --libexecdir=DIR program executables [EPREFIX/libexec] -- --sysconfdir=DIR read-only single-machine data [PREFIX/etc] -- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] -- --localstatedir=DIR modifiable single-machine data [PREFIX/var] -- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] -- --libdir=DIR object code libraries [EPREFIX/lib] -- --includedir=DIR C header files [PREFIX/include] -- --oldincludedir=DIR C header files for non-gcc [/usr/include] -- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] -- --datadir=DIR read-only architecture-independent data [DATAROOTDIR] -- --infodir=DIR info documentation [DATAROOTDIR/info] -- --localedir=DIR locale-dependent data [DATAROOTDIR/locale] -- --mandir=DIR man documentation [DATAROOTDIR/man] -- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] -- --htmldir=DIR html documentation [DOCDIR] -- --dvidir=DIR dvi documentation [DOCDIR] -- --pdfdir=DIR pdf documentation [DOCDIR] -- --psdir=DIR ps documentation [DOCDIR] --_ACEOF -- -- cat <<\_ACEOF --_ACEOF --fi -- --if test -n "$ac_init_help"; then -- -- cat <<\_ACEOF -- --Optional Packages: -- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] -- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) -- --without-rlm_eap_teap build without rlm_eap_teap -- --with-openssl-lib-dir=DIR -- directory for LDAP library files -- -with-openssl-include-dir=DIR -- directory for LDAP include files -- --Some influential environment variables: -- CC C compiler command -- CFLAGS C compiler flags -- LDFLAGS linker flags, e.g. -L if you have libraries in a -- nonstandard directory -- LIBS libraries to pass to the linker, e.g. -l -- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if -- you have headers in a nonstandard directory -- CPP C preprocessor -- --Use these variables to override the choices made by `configure' or to help --it to find libraries and programs with nonstandard names/locations. -- --Report bugs to the package provider. --_ACEOF --ac_status=$? --fi -- --if test "$ac_init_help" = "recursive"; then -- # If there are subdirs, report their specific --help. -- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue -- test -d "$ac_dir" || -- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || -- continue -- ac_builddir=. -- --case "$ac_dir" in --.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; --*) -- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` -- # A ".." for each directory in $ac_dir_suffix. -- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` -- case $ac_top_builddir_sub in -- "") ac_top_builddir_sub=. ac_top_build_prefix= ;; -- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; -- esac ;; --esac --ac_abs_top_builddir=$ac_pwd --ac_abs_builddir=$ac_pwd$ac_dir_suffix --# for backward compatibility: --ac_top_builddir=$ac_top_build_prefix -- --case $srcdir in -- .) # We are building in place. -- ac_srcdir=. -- ac_top_srcdir=$ac_top_builddir_sub -- ac_abs_top_srcdir=$ac_pwd ;; -- [\\/]* | ?:[\\/]* ) # Absolute name. -- ac_srcdir=$srcdir$ac_dir_suffix; -- ac_top_srcdir=$srcdir -- ac_abs_top_srcdir=$srcdir ;; -- *) # Relative name. -- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix -- ac_top_srcdir=$ac_top_build_prefix$srcdir -- ac_abs_top_srcdir=$ac_pwd/$srcdir ;; --esac --ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix -- -- cd "$ac_dir" || { ac_status=$?; continue; } -- # Check for guested configure. -- if test -f "$ac_srcdir/configure.gnu"; then -- echo && -- $SHELL "$ac_srcdir/configure.gnu" --help=recursive -- elif test -f "$ac_srcdir/configure"; then -- echo && -- $SHELL "$ac_srcdir/configure" --help=recursive -- else -- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 -- fi || ac_status=$? -- cd "$ac_pwd" || { ac_status=$?; break; } -- done --fi -- --test -n "$ac_init_help" && exit $ac_status --if $ac_init_version; then -- cat <<\_ACEOF --configure --generated by GNU Autoconf 2.69 -- --Copyright (C) 2012 Free Software Foundation, Inc. --This configure script is free software; the Free Software Foundation --gives unlimited permission to copy, distribute and modify it. --_ACEOF -- exit --fi -- --## ------------------------ ## --## Autoconf initialization. ## --## ------------------------ ## -- --echo --echo Running tests for rlm_eap_teap --echo -- -- --# ac_fn_c_try_compile LINENO --# -------------------------- --# Try to compile conftest.$ac_ext, and return whether this succeeded. --ac_fn_c_try_compile () --{ -- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- rm -f conftest.$ac_objext -- if { { ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_compile") 2>conftest.err -- ac_status=$? -- if test -s conftest.err; then -- grep -v '^ *+' conftest.err >conftest.er1 -- cat conftest.er1 >&5 -- mv -f conftest.er1 conftest.err -- fi -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then : -- ac_retval=0 --else -- $as_echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- ac_retval=1 --fi -- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -- as_fn_set_status $ac_retval -- --} # ac_fn_c_try_compile -- --# ac_fn_c_try_link LINENO --# ----------------------- --# Try to link conftest.$ac_ext, and return whether this succeeded. --ac_fn_c_try_link () --{ -- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- rm -f conftest.$ac_objext conftest$ac_exeext -- if { { ac_try="$ac_link" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_link") 2>conftest.err -- ac_status=$? -- if test -s conftest.err; then -- grep -v '^ *+' conftest.err >conftest.er1 -- cat conftest.er1 >&5 -- mv -f conftest.er1 conftest.err -- fi -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest$ac_exeext && { -- test "$cross_compiling" = yes || -- test -x conftest$ac_exeext -- }; then : -- ac_retval=0 --else -- $as_echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- ac_retval=1 --fi -- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information -- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would -- # interfere with the next link command; also delete a directory that is -- # left behind by Apple's compiler. We do this before executing the actions. -- rm -rf conftest.dSYM conftest_ipa8_conftest.oo -- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -- as_fn_set_status $ac_retval -- --} # ac_fn_c_try_link -- --# ac_fn_c_try_cpp LINENO --# ---------------------- --# Try to preprocess conftest.$ac_ext, and return whether this succeeded. --ac_fn_c_try_cpp () --{ -- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- if { { ac_try="$ac_cpp conftest.$ac_ext" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err -- ac_status=$? -- if test -s conftest.err; then -- grep -v '^ *+' conftest.err >conftest.er1 -- cat conftest.er1 >&5 -- mv -f conftest.er1 conftest.err -- fi -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; } > conftest.i && { -- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || -- test ! -s conftest.err -- }; then : -- ac_retval=0 --else -- $as_echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- ac_retval=1 --fi -- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -- as_fn_set_status $ac_retval -- --} # ac_fn_c_try_cpp --cat >config.log <<_ACEOF --This file contains any messages produced by compilers while --running configure, to aid debugging if configure makes a mistake. -- --It was created by $as_me, which was --generated by GNU Autoconf 2.69. Invocation command line was -- -- $ $0 $@ -- --_ACEOF --exec 5>>config.log --{ --cat <<_ASUNAME --## --------- ## --## Platform. ## --## --------- ## -- --hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` --uname -m = `(uname -m) 2>/dev/null || echo unknown` --uname -r = `(uname -r) 2>/dev/null || echo unknown` --uname -s = `(uname -s) 2>/dev/null || echo unknown` --uname -v = `(uname -v) 2>/dev/null || echo unknown` -- --/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` --/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` -- --/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` --/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` --/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` --/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` --/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` --/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` --/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` -- --_ASUNAME -- --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- $as_echo "PATH: $as_dir" -- done --IFS=$as_save_IFS -- --} >&5 -- --cat >&5 <<_ACEOF -- -- --## ----------- ## --## Core tests. ## --## ----------- ## -- --_ACEOF -- -- --# Keep a trace of the command line. --# Strip out --no-create and --no-recursion so they do not pile up. --# Strip out --silent because we don't want to record it for future runs. --# Also quote any args containing shell meta-characters. --# Make two passes to allow for proper duplicate-argument suppression. --ac_configure_args= --ac_configure_args0= --ac_configure_args1= --ac_must_keep_next=false --for ac_pass in 1 2 --do -- for ac_arg -- do -- case $ac_arg in -- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -- -q | -quiet | --quiet | --quie | --qui | --qu | --q \ -- | -silent | --silent | --silen | --sile | --sil) -- continue ;; -- *\'*) -- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; -- esac -- case $ac_pass in -- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; -- 2) -- as_fn_append ac_configure_args1 " '$ac_arg'" -- if test $ac_must_keep_next = true; then -- ac_must_keep_next=false # Got value, back to normal. -- else -- case $ac_arg in -- *=* | --config-cache | -C | -disable-* | --disable-* \ -- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ -- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ -- | -with-* | --with-* | -without-* | --without-* | --x) -- case "$ac_configure_args0 " in -- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; -- esac -- ;; -- -* ) ac_must_keep_next=true ;; -- esac -- fi -- as_fn_append ac_configure_args " '$ac_arg'" -- ;; -- esac -- done --done --{ ac_configure_args0=; unset ac_configure_args0;} --{ ac_configure_args1=; unset ac_configure_args1;} -- --# When interrupted or exit'd, cleanup temporary files, and complete --# config.log. We remove comments because anyway the quotes in there --# would cause problems or look ugly. --# WARNING: Use '\'' to represent an apostrophe within the trap. --# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. --trap 'exit_status=$? -- # Save into config.log some information that might help in debugging. -- { -- echo -- -- $as_echo "## ---------------- ## --## Cache variables. ## --## ---------------- ##" -- echo -- # The following way of writing the cache mishandles newlines in values, --( -- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do -- eval ac_val=\$$ac_var -- case $ac_val in #( -- *${as_nl}*) -- case $ac_var in #( -- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 --$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; -- esac -- case $ac_var in #( -- _ | IFS | as_nl) ;; #( -- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( -- *) { eval $ac_var=; unset $ac_var;} ;; -- esac ;; -- esac -- done -- (set) 2>&1 | -- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( -- *${as_nl}ac_space=\ *) -- sed -n \ -- "s/'\''/'\''\\\\'\'''\''/g; -- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" -- ;; #( -- *) -- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" -- ;; -- esac | -- sort --) -- echo -- -- $as_echo "## ----------------- ## --## Output variables. ## --## ----------------- ##" -- echo -- for ac_var in $ac_subst_vars -- do -- eval ac_val=\$$ac_var -- case $ac_val in -- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; -- esac -- $as_echo "$ac_var='\''$ac_val'\''" -- done | sort -- echo -- -- if test -n "$ac_subst_files"; then -- $as_echo "## ------------------- ## --## File substitutions. ## --## ------------------- ##" -- echo -- for ac_var in $ac_subst_files -- do -- eval ac_val=\$$ac_var -- case $ac_val in -- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; -- esac -- $as_echo "$ac_var='\''$ac_val'\''" -- done | sort -- echo -- fi -- -- if test -s confdefs.h; then -- $as_echo "## ----------- ## --## confdefs.h. ## --## ----------- ##" -- echo -- cat confdefs.h -- echo -- fi -- test "$ac_signal" != 0 && -- $as_echo "$as_me: caught signal $ac_signal" -- $as_echo "$as_me: exit $exit_status" -- } >&5 -- rm -f core *.core core.conftest.* && -- rm -f -r conftest* confdefs* conf$$* $ac_clean_files && -- exit $exit_status --' 0 --for ac_signal in 1 2 13 15; do -- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal --done --ac_signal=0 -- --# confdefs.h avoids OS command line length limits that DEFS can exceed. --rm -f -r conftest* confdefs.h -- --$as_echo "/* confdefs.h */" > confdefs.h -- --# Predefined preprocessor variables. -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_NAME "$PACKAGE_NAME" --_ACEOF -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_TARNAME "$PACKAGE_TARNAME" --_ACEOF -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_VERSION "$PACKAGE_VERSION" --_ACEOF -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_STRING "$PACKAGE_STRING" --_ACEOF -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" --_ACEOF -- --cat >>confdefs.h <<_ACEOF --#define PACKAGE_URL "$PACKAGE_URL" --_ACEOF -- -- --# Let the site file select an alternate cache file if it wants to. --# Prefer an explicitly selected file to automatically selected ones. --ac_site_file1=NONE --ac_site_file2=NONE --if test -n "$CONFIG_SITE"; then -- # We do not want a PATH search for config.site. -- case $CONFIG_SITE in #(( -- -*) ac_site_file1=./$CONFIG_SITE;; -- */*) ac_site_file1=$CONFIG_SITE;; -- *) ac_site_file1=./$CONFIG_SITE;; -- esac --elif test "x$prefix" != xNONE; then -- ac_site_file1=$prefix/share/config.site -- ac_site_file2=$prefix/etc/config.site --else -- ac_site_file1=$ac_default_prefix/share/config.site -- ac_site_file2=$ac_default_prefix/etc/config.site --fi --for ac_site_file in "$ac_site_file1" "$ac_site_file2" --do -- test "x$ac_site_file" = xNONE && continue -- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 --$as_echo "$as_me: loading site script $ac_site_file" >&6;} -- sed 's/^/| /' "$ac_site_file" >&5 -- . "$ac_site_file" \ -- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "failed to load site script $ac_site_file --See \`config.log' for more details" "$LINENO" 5; } -- fi --done -- --if test -r "$cache_file"; then -- # Some versions of bash will fail to source /dev/null (special files -- # actually), so we avoid doing that. DJGPP emulates it as a regular file. -- if test /dev/null != "$cache_file" && test -f "$cache_file"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 --$as_echo "$as_me: loading cache $cache_file" >&6;} -- case $cache_file in -- [\\/]* | ?:[\\/]* ) . "$cache_file";; -- *) . "./$cache_file";; -- esac -- fi --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 --$as_echo "$as_me: creating cache $cache_file" >&6;} -- >$cache_file --fi -- --# Check that the precious variables saved in the cache have kept the same --# value. --ac_cache_corrupted=false --for ac_var in $ac_precious_vars; do -- eval ac_old_set=\$ac_cv_env_${ac_var}_set -- eval ac_new_set=\$ac_env_${ac_var}_set -- eval ac_old_val=\$ac_cv_env_${ac_var}_value -- eval ac_new_val=\$ac_env_${ac_var}_value -- case $ac_old_set,$ac_new_set in -- set,) -- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 --$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} -- ac_cache_corrupted=: ;; -- ,set) -- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 --$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} -- ac_cache_corrupted=: ;; -- ,);; -- *) -- if test "x$ac_old_val" != "x$ac_new_val"; then -- # differences in whitespace do not lead to failure. -- ac_old_val_w=`echo x $ac_old_val` -- ac_new_val_w=`echo x $ac_new_val` -- if test "$ac_old_val_w" != "$ac_new_val_w"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 --$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} -- ac_cache_corrupted=: -- else -- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 --$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} -- eval $ac_var=\$ac_old_val -- fi -- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 --$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} -- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 --$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} -- fi;; -- esac -- # Pass precious variables to config.status. -- if test "$ac_new_set" = set; then -- case $ac_new_val in -- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; -- *) ac_arg=$ac_var=$ac_new_val ;; -- esac -- case " $ac_configure_args " in -- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. -- *) as_fn_append ac_configure_args " '$ac_arg'" ;; -- esac -- fi --done --if $ac_cache_corrupted; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 --$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} -- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 --fi --## -------------------- ## --## Main body of script. ## --## -------------------- ## -- --ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu -- -- -- -- -- -- -- -- -- --# Check whether --with-rlm_eap_teap was given. --if test "${with_rlm_eap_teap+set}" = set; then : -- withval=$with_rlm_eap_teap; --fi -- -- -- --mod_ldflags= --mod_cflags= -- -- --fail= --fr_status= --fr_features= --: > "config.report" --: > "config.report.tmp" -- -- -- --if test x"$with_rlm_eap_teap" != xno; then -- -- --openssl_lib_dir= -- --# Check whether --with-openssl-lib-dir was given. --if test "${with_openssl_lib_dir+set}" = set; then : -- withval=$with_openssl_lib_dir; case "$withval" in -- no) -- as_fn_error $? "Need openssl-lib-dir" "$LINENO" 5 -- ;; -- yes) -- ;; -- *) -- openssl_lib_dir="$withval" -- ;; -- esac --fi -- -- --openssl_include_dir= -- --# Check whether --with-openssl-include-dir was given. --if test "${with_openssl_include_dir+set}" = set; then : -- withval=$with_openssl_include_dir; case "$withval" in -- no) -- as_fn_error $? "Need openssl-include-dir" "$LINENO" 5 -- ;; -- yes) -- ;; -- *) -- openssl_include_dir="$withval" -- ;; -- esac --fi -- -- -- --smart_try_dir=$openssl_include_dir --ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu --if test -n "$ac_tool_prefix"; then -- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. --set dummy ${ac_tool_prefix}gcc; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$CC"; then -- ac_cv_prog_CC="$CC" # Let the user override the test. --else --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_prog_CC="${ac_tool_prefix}gcc" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --fi --fi --CC=$ac_cv_prog_CC --if test -n "$CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 --$as_echo "$CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- --fi --if test -z "$ac_cv_prog_CC"; then -- ac_ct_CC=$CC -- # Extract the first word of "gcc", so it can be a program name with args. --set dummy gcc; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_ac_ct_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$ac_ct_CC"; then -- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. --else --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_prog_ac_ct_CC="gcc" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --fi --fi --ac_ct_CC=$ac_cv_prog_ac_ct_CC --if test -n "$ac_ct_CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 --$as_echo "$ac_ct_CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- if test "x$ac_ct_CC" = x; then -- CC="" -- else -- case $cross_compiling:$ac_tool_warned in --yes:) --{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 --$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} --ac_tool_warned=yes ;; --esac -- CC=$ac_ct_CC -- fi --else -- CC="$ac_cv_prog_CC" --fi -- --if test -z "$CC"; then -- if test -n "$ac_tool_prefix"; then -- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. --set dummy ${ac_tool_prefix}cc; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$CC"; then -- ac_cv_prog_CC="$CC" # Let the user override the test. --else --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_prog_CC="${ac_tool_prefix}cc" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --fi --fi --CC=$ac_cv_prog_CC --if test -n "$CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 --$as_echo "$CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- -- fi --fi --if test -z "$CC"; then -- # Extract the first word of "cc", so it can be a program name with args. --set dummy cc; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$CC"; then -- ac_cv_prog_CC="$CC" # Let the user override the test. --else -- ac_prog_rejected=no --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then -- ac_prog_rejected=yes -- continue -- fi -- ac_cv_prog_CC="cc" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --if test $ac_prog_rejected = yes; then -- # We found a bogon in the path, so make sure we never use it. -- set dummy $ac_cv_prog_CC -- shift -- if test $# != 0; then -- # We chose a different compiler from the bogus one. -- # However, it has the same basename, so the bogon will be chosen -- # first if we set CC to just the basename; use the full file name. -- shift -- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" -- fi --fi --fi --fi --CC=$ac_cv_prog_CC --if test -n "$CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 --$as_echo "$CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- --fi --if test -z "$CC"; then -- if test -n "$ac_tool_prefix"; then -- for ac_prog in cl.exe -- do -- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. --set dummy $ac_tool_prefix$ac_prog; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$CC"; then -- ac_cv_prog_CC="$CC" # Let the user override the test. --else --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_prog_CC="$ac_tool_prefix$ac_prog" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --fi --fi --CC=$ac_cv_prog_CC --if test -n "$CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 --$as_echo "$CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- -- test -n "$CC" && break -- done --fi --if test -z "$CC"; then -- ac_ct_CC=$CC -- for ac_prog in cl.exe --do -- # Extract the first word of "$ac_prog", so it can be a program name with args. --set dummy $ac_prog; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_prog_ac_ct_CC+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -n "$ac_ct_CC"; then -- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. --else --as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_prog_ac_ct_CC="$ac_prog" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- --fi --fi --ac_ct_CC=$ac_cv_prog_ac_ct_CC --if test -n "$ac_ct_CC"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 --$as_echo "$ac_ct_CC" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- -- test -n "$ac_ct_CC" && break --done -- -- if test "x$ac_ct_CC" = x; then -- CC="" -- else -- case $cross_compiling:$ac_tool_warned in --yes:) --{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 --$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} --ac_tool_warned=yes ;; --esac -- CC=$ac_ct_CC -- fi --fi -- --fi -- -- --test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "no acceptable C compiler found in \$PATH --See \`config.log' for more details" "$LINENO" 5; } -- --# Provide some information about the compiler. --$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 --set X $ac_compile --ac_compiler=$2 --for ac_option in --version -v -V -qversion; do -- { { ac_try="$ac_compiler $ac_option >&5" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_compiler $ac_option >&5") 2>conftest.err -- ac_status=$? -- if test -s conftest.err; then -- sed '10a\ --... rest of stderr output deleted ... -- 10q' conftest.err >conftest.er1 -- cat conftest.er1 >&5 -- fi -- rm -f conftest.er1 conftest.err -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; } --done -- --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ -- -- ; -- return 0; --} --_ACEOF --ac_clean_files_save=$ac_clean_files --ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" --# Try to create an executable without -o first, disregard a.out. --# It will help us diagnose broken compilers, and finding out an intuition --# of exeext. --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 --$as_echo_n "checking whether the C compiler works... " >&6; } --ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` -- --# The possible output files: --ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" -- --ac_rmfiles= --for ac_file in $ac_files --do -- case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; -- * ) ac_rmfiles="$ac_rmfiles $ac_file";; -- esac --done --rm -f $ac_rmfiles -- --if { { ac_try="$ac_link_default" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_link_default") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; then : -- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. --# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' --# in a Makefile. We should not override ac_cv_exeext if it was cached, --# so that the user can short-circuit this test for compilers unknown to --# Autoconf. --for ac_file in $ac_files '' --do -- test -f "$ac_file" || continue -- case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) -- ;; -- [ab].out ) -- # We found the default executable, but exeext='' is most -- # certainly right. -- break;; -- *.* ) -- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; -- then :; else -- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` -- fi -- # We set ac_cv_exeext here because the later test for it is not -- # safe: cross compilers may not add the suffix if given an `-o' -- # argument, so we may need to know it at that point already. -- # Even if this section looks crufty: it has the advantage of -- # actually working. -- break;; -- * ) -- break;; -- esac --done --test "$ac_cv_exeext" = no && ac_cv_exeext= -- --else -- ac_file='' --fi --if test -z "$ac_file"; then : -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --$as_echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- --{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error 77 "C compiler cannot create executables --See \`config.log' for more details" "$LINENO" 5; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 --$as_echo_n "checking for C compiler default output file name... " >&6; } --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 --$as_echo "$ac_file" >&6; } --ac_exeext=$ac_cv_exeext -- --rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out --ac_clean_files=$ac_clean_files_save --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 --$as_echo_n "checking for suffix of executables... " >&6; } --if { { ac_try="$ac_link" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_link") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; then : -- # If both `conftest.exe' and `conftest' are `present' (well, observable) --# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will --# work properly (i.e., refer to `conftest.exe'), while it won't with --# `rm'. --for ac_file in conftest.exe conftest conftest.*; do -- test -f "$ac_file" || continue -- case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; -- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` -- break;; -- * ) break;; -- esac --done --else -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "cannot compute suffix of executables: cannot compile and link --See \`config.log' for more details" "$LINENO" 5; } --fi --rm -f conftest conftest$ac_cv_exeext --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 --$as_echo "$ac_cv_exeext" >&6; } -- --rm -f conftest.$ac_ext --EXEEXT=$ac_cv_exeext --ac_exeext=$EXEEXT --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include --int --main () --{ --FILE *f = fopen ("conftest.out", "w"); -- return ferror (f) || fclose (f) != 0; -- -- ; -- return 0; --} --_ACEOF --ac_clean_files="$ac_clean_files conftest.out" --# Check that the compiler produces executables we can run. If not, either --# the compiler is broken, or we cross compile. --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 --$as_echo_n "checking whether we are cross compiling... " >&6; } --if test "$cross_compiling" != yes; then -- { { ac_try="$ac_link" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_link") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; } -- if { ac_try='./conftest$ac_cv_exeext' -- { { case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_try") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; }; then -- cross_compiling=no -- else -- if test "$cross_compiling" = maybe; then -- cross_compiling=yes -- else -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "cannot run C compiled programs. --If you meant to cross compile, use \`--host'. --See \`config.log' for more details" "$LINENO" 5; } -- fi -- fi --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 --$as_echo "$cross_compiling" >&6; } -- --rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out --ac_clean_files=$ac_clean_files_save --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 --$as_echo_n "checking for suffix of object files... " >&6; } --if ${ac_cv_objext+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ -- -- ; -- return 0; --} --_ACEOF --rm -f conftest.o conftest.obj --if { { ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" --$as_echo "$ac_try_echo"; } >&5 -- (eval "$ac_compile") 2>&5 -- ac_status=$? -- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -- test $ac_status = 0; }; then : -- for ac_file in conftest.o conftest.obj conftest.*; do -- test -f "$ac_file" || continue; -- case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; -- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` -- break;; -- esac --done --else -- $as_echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- --{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "cannot compute suffix of object files: cannot compile --See \`config.log' for more details" "$LINENO" 5; } --fi --rm -f conftest.$ac_cv_objext conftest.$ac_ext --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 --$as_echo "$ac_cv_objext" >&6; } --OBJEXT=$ac_cv_objext --ac_objext=$OBJEXT --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 --$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } --if ${ac_cv_c_compiler_gnu+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ --#ifndef __GNUC__ -- choke me --#endif -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- ac_compiler_gnu=yes --else -- ac_compiler_gnu=no --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --ac_cv_c_compiler_gnu=$ac_compiler_gnu -- --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 --$as_echo "$ac_cv_c_compiler_gnu" >&6; } --if test $ac_compiler_gnu = yes; then -- GCC=yes --else -- GCC= --fi --ac_test_CFLAGS=${CFLAGS+set} --ac_save_CFLAGS=$CFLAGS --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 --$as_echo_n "checking whether $CC accepts -g... " >&6; } --if ${ac_cv_prog_cc_g+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- ac_save_c_werror_flag=$ac_c_werror_flag -- ac_c_werror_flag=yes -- ac_cv_prog_cc_g=no -- CFLAGS="-g" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- ac_cv_prog_cc_g=yes --else -- CFLAGS="" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- --else -- ac_c_werror_flag=$ac_save_c_werror_flag -- CFLAGS="-g" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- ac_cv_prog_cc_g=yes --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- ac_c_werror_flag=$ac_save_c_werror_flag --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 --$as_echo "$ac_cv_prog_cc_g" >&6; } --if test "$ac_test_CFLAGS" = set; then -- CFLAGS=$ac_save_CFLAGS --elif test $ac_cv_prog_cc_g = yes; then -- if test "$GCC" = yes; then -- CFLAGS="-g -O2" -- else -- CFLAGS="-g" -- fi --else -- if test "$GCC" = yes; then -- CFLAGS="-O2" -- else -- CFLAGS= -- fi --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 --$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } --if ${ac_cv_prog_cc_c89+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- ac_cv_prog_cc_c89=no --ac_save_CC=$CC --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include --#include --struct stat; --/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ --struct buf { int x; }; --FILE * (*rcsopen) (struct buf *, struct stat *, int); --static char *e (p, i) -- char **p; -- int i; --{ -- return p[i]; --} --static char *f (char * (*g) (char **, int), char **p, ...) --{ -- char *s; -- va_list v; -- va_start (v,p); -- s = g (p, va_arg (v,int)); -- va_end (v); -- return s; --} -- --/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has -- function prototypes and stuff, but not '\xHH' hex character constants. -- These don't provoke an error unfortunately, instead are silently treated -- as 'x'. The following induces an error, until -std is added to get -- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an -- array size at least. It's necessary to write '\x00'==0 to get something -- that's true only with -std. */ --int osf4_cc_array ['\x00' == 0 ? 1 : -1]; -- --/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters -- inside strings and character constants. */ --#define FOO(x) 'x' --int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; -- --int test (int i, double x); --struct s1 {int (*f) (int a);}; --struct s2 {int (*f) (double a);}; --int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); --int argc; --char **argv; --int --main () --{ --return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; -- ; -- return 0; --} --_ACEOF --for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" --do -- CC="$ac_save_CC $ac_arg" -- if ac_fn_c_try_compile "$LINENO"; then : -- ac_cv_prog_cc_c89=$ac_arg --fi --rm -f core conftest.err conftest.$ac_objext -- test "x$ac_cv_prog_cc_c89" != "xno" && break --done --rm -f conftest.$ac_ext --CC=$ac_save_CC -- --fi --# AC_CACHE_VAL --case "x$ac_cv_prog_cc_c89" in -- x) -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 --$as_echo "none needed" >&6; } ;; -- xno) -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 --$as_echo "unsupported" >&6; } ;; -- *) -- CC="$CC $ac_cv_prog_cc_c89" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 --$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; --esac --if test "x$ac_cv_prog_cc_c89" != xno; then : -- --fi -- --ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu -- -- -- -- --ac_safe=`echo "openssl/ec.h" | sed 'y%./+-%__pm%'` --old_CPPFLAGS="$CPPFLAGS" --smart_include= --smart_include_dir="/usr/local/include /opt/include" -- --_smart_try_dir= --_smart_include_dir= -- --for _prefix in $smart_prefix ""; do -- for _dir in $smart_try_dir; do -- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" -- done -- -- for _dir in $smart_include_dir; do -- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" -- done --done -- --if test "x$_smart_try_dir" != "x"; then -- for try in $_smart_try_dir; do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5 --$as_echo_n "checking for openssl/ec.h in $try... " >&6; } -- CPPFLAGS="-isystem $try $old_CPPFLAGS" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- -- #include --int --main () --{ --int a = 1; -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- -- smart_include="-isystem $try" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- -- smart_include= -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- done -- CPPFLAGS="$old_CPPFLAGS" --fi -- --if test "x$smart_include" = "x"; then -- for _prefix in $smart_prefix; do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ec.h" >&5 --$as_echo_n "checking for ${_prefix}/openssl/ec.h... " >&6; } -- -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- -- #include --int --main () --{ --int a = 1; -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- -- smart_include="-isystem ${_prefix}/" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- -- smart_include= -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- done --fi -- --if test "x$smart_include" = "x"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h" >&5 --$as_echo_n "checking for openssl/ec.h... " >&6; } -- -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- -- #include --int --main () --{ --int a = 1; -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- -- smart_include=" " -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- -- smart_include= -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext --fi -- --if test "x$smart_include" = "x"; then -- -- for try in $_smart_include_dir; do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5 --$as_echo_n "checking for openssl/ec.h in $try... " >&6; } -- CPPFLAGS="-isystem $try $old_CPPFLAGS" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- -- #include --int --main () --{ --int a = 1; -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- -- smart_include="-isystem $try" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- -- smart_include= -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- done -- CPPFLAGS="$old_CPPFLAGS" --fi -- --if test "x$smart_include" != "x"; then -- eval "ac_cv_header_$ac_safe=yes" -- CPPFLAGS="$smart_include $old_CPPFLAGS" -- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" --fi -- --smart_prefix= -- --if test "$ac_cv_header_openssl_ec_h" != "yes"; then -- --fail="$fail openssl/ec.h" -- --fi -- --smart_try_dir=$openssl_lib_dir -- -- --sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'` --sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'` -- --old_LIBS="$LIBS" --old_CPPFLAGS="$CPPFLAGS" --smart_lib= --smart_ldflags= --smart_lib_dir= -- --if test "x$smart_try_dir" != "x"; then -- for try in $smart_try_dir; do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5 --$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; } -- LIBS="-lcrypto $old_LIBS" -- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --extern char EVP_CIPHER_CTX_new(); --int --main () --{ --EVP_CIPHER_CTX_new() -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_link "$LINENO"; then : -- -- smart_lib="-lcrypto" -- smart_ldflags="-L$try -Wl,-rpath,$try" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext conftest.$ac_ext -- done -- LIBS="$old_LIBS" -- CPPFLAGS="$old_CPPFLAGS" --fi -- --if test "x$smart_lib" = "x"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5 --$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; } -- LIBS="-lcrypto $old_LIBS" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --extern char EVP_CIPHER_CTX_new(); --int --main () --{ --EVP_CIPHER_CTX_new() -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_link "$LINENO"; then : -- -- smart_lib="-lcrypto" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext conftest.$ac_ext -- LIBS="$old_LIBS" --fi -- --if test "x$smart_lib" = "x"; then -- for try in /usr/local/lib /opt/lib; do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5 --$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; } -- LIBS="-lcrypto $old_LIBS" -- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --extern char EVP_CIPHER_CTX_new(); --int --main () --{ --EVP_CIPHER_CTX_new() -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_link "$LINENO"; then : -- -- smart_lib="-lcrypto" -- smart_ldflags="-L$try -Wl,-rpath,$try" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- break -- --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext conftest.$ac_ext -- done -- LIBS="$old_LIBS" -- CPPFLAGS="$old_CPPFLAGS" --fi -- --if test "x$smart_lib" != "x"; then -- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" -- LIBS="$smart_ldflags $smart_lib $old_LIBS" -- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" --fi -- --if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then -- --fail="$fail libssl" -- --fi -- --ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 --$as_echo_n "checking how to run the C preprocessor... " >&6; } --# On Suns, sometimes $CPP names a directory. --if test -n "$CPP" && test -d "$CPP"; then -- CPP= --fi --if test -z "$CPP"; then -- if ${ac_cv_prog_CPP+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- # Double quotes because CPP needs to be expanded -- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" -- do -- ac_preproc_ok=false --for ac_c_preproc_warn_flag in '' yes --do -- # Use a header file that comes with gcc, so configuring glibc -- # with a fresh cross-compiler works. -- # Prefer to if __STDC__ is defined, since -- # exists even on freestanding compilers. -- # On the NeXT, cc -E runs the code through the compiler's parser, -- # not just through cpp. "Syntax error" is here to catch this case. -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#ifdef __STDC__ --# include --#else --# include --#endif -- Syntax error --_ACEOF --if ac_fn_c_try_cpp "$LINENO"; then : -- --else -- # Broken: fails on valid input. --continue --fi --rm -f conftest.err conftest.i conftest.$ac_ext -- -- # OK, works on sane cases. Now check whether nonexistent headers -- # can be detected and how. -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include --_ACEOF --if ac_fn_c_try_cpp "$LINENO"; then : -- # Broken: success on invalid input. --continue --else -- # Passes both tests. --ac_preproc_ok=: --break --fi --rm -f conftest.err conftest.i conftest.$ac_ext -- --done --# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. --rm -f conftest.i conftest.err conftest.$ac_ext --if $ac_preproc_ok; then : -- break --fi -- -- done -- ac_cv_prog_CPP=$CPP -- --fi -- CPP=$ac_cv_prog_CPP --else -- ac_cv_prog_CPP=$CPP --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 --$as_echo "$CPP" >&6; } --ac_preproc_ok=false --for ac_c_preproc_warn_flag in '' yes --do -- # Use a header file that comes with gcc, so configuring glibc -- # with a fresh cross-compiler works. -- # Prefer to if __STDC__ is defined, since -- # exists even on freestanding compilers. -- # On the NeXT, cc -E runs the code through the compiler's parser, -- # not just through cpp. "Syntax error" is here to catch this case. -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#ifdef __STDC__ --# include --#else --# include --#endif -- Syntax error --_ACEOF --if ac_fn_c_try_cpp "$LINENO"; then : -- --else -- # Broken: fails on valid input. --continue --fi --rm -f conftest.err conftest.i conftest.$ac_ext -- -- # OK, works on sane cases. Now check whether nonexistent headers -- # can be detected and how. -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include --_ACEOF --if ac_fn_c_try_cpp "$LINENO"; then : -- # Broken: success on invalid input. --continue --else -- # Passes both tests. --ac_preproc_ok=: --break --fi --rm -f conftest.err conftest.i conftest.$ac_ext -- --done --# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. --rm -f conftest.i conftest.err conftest.$ac_ext --if $ac_preproc_ok; then : -- --else -- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 --$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} --as_fn_error $? "C preprocessor \"$CPP\" fails sanity check --See \`config.log' for more details" "$LINENO" 5; } --fi -- --ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu -- -- --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 --$as_echo_n "checking for grep that handles long lines and -e... " >&6; } --if ${ac_cv_path_GREP+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if test -z "$GREP"; then -- ac_path_GREP_found=false -- # Loop through the user's path and test for each of PROGNAME-LIST -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_prog in grep ggrep; do -- for ac_exec_ext in '' $ac_executable_extensions; do -- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" -- as_fn_executable_p "$ac_path_GREP" || continue --# Check for GNU ac_path_GREP and select it if it is found. -- # Check for GNU $ac_path_GREP --case `"$ac_path_GREP" --version 2>&1` in --*GNU*) -- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; --*) -- ac_count=0 -- $as_echo_n 0123456789 >"conftest.in" -- while : -- do -- cat "conftest.in" "conftest.in" >"conftest.tmp" -- mv "conftest.tmp" "conftest.in" -- cp "conftest.in" "conftest.nl" -- $as_echo 'GREP' >> "conftest.nl" -- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break -- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break -- as_fn_arith $ac_count + 1 && ac_count=$as_val -- if test $ac_count -gt ${ac_path_GREP_max-0}; then -- # Best one so far, save it but keep looking for a better one -- ac_cv_path_GREP="$ac_path_GREP" -- ac_path_GREP_max=$ac_count -- fi -- # 10*(2^10) chars as input seems more than enough -- test $ac_count -gt 10 && break -- done -- rm -f conftest.in conftest.tmp conftest.nl conftest.out;; --esac -- -- $ac_path_GREP_found && break 3 -- done -- done -- done --IFS=$as_save_IFS -- if test -z "$ac_cv_path_GREP"; then -- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 -- fi --else -- ac_cv_path_GREP=$GREP --fi -- --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 --$as_echo "$ac_cv_path_GREP" >&6; } -- GREP="$ac_cv_path_GREP" -- -- --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 --$as_echo_n "checking for egrep... " >&6; } --if ${ac_cv_path_EGREP+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 -- then ac_cv_path_EGREP="$GREP -E" -- else -- if test -z "$EGREP"; then -- ac_path_EGREP_found=false -- # Loop through the user's path and test for each of PROGNAME-LIST -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_prog in egrep; do -- for ac_exec_ext in '' $ac_executable_extensions; do -- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" -- as_fn_executable_p "$ac_path_EGREP" || continue --# Check for GNU ac_path_EGREP and select it if it is found. -- # Check for GNU $ac_path_EGREP --case `"$ac_path_EGREP" --version 2>&1` in --*GNU*) -- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; --*) -- ac_count=0 -- $as_echo_n 0123456789 >"conftest.in" -- while : -- do -- cat "conftest.in" "conftest.in" >"conftest.tmp" -- mv "conftest.tmp" "conftest.in" -- cp "conftest.in" "conftest.nl" -- $as_echo 'EGREP' >> "conftest.nl" -- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break -- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break -- as_fn_arith $ac_count + 1 && ac_count=$as_val -- if test $ac_count -gt ${ac_path_EGREP_max-0}; then -- # Best one so far, save it but keep looking for a better one -- ac_cv_path_EGREP="$ac_path_EGREP" -- ac_path_EGREP_max=$ac_count -- fi -- # 10*(2^10) chars as input seems more than enough -- test $ac_count -gt 10 && break -- done -- rm -f conftest.in conftest.tmp conftest.nl conftest.out;; --esac -- -- $ac_path_EGREP_found && break 3 -- done -- done -- done --IFS=$as_save_IFS -- if test -z "$ac_cv_path_EGREP"; then -- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 -- fi --else -- ac_cv_path_EGREP=$EGREP --fi -- -- fi --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 --$as_echo "$ac_cv_path_EGREP" >&6; } -- EGREP="$ac_cv_path_EGREP" -- -- --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ --#include -- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -- yes -- #endif -- --_ACEOF --if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- $EGREP "yes" >/dev/null 2>&1; then : -- -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5 --$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; } -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } -- --else -- -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5 --$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; } -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- --fail="$fail OpenSSL>=1.1.1" -- -- -- --fi --rm -f conftest* -- -- -- -- targetname=rlm_eap_teap --else -- targetname= -- echo \*\*\* module rlm_eap_teap is disabled. -- -- --fr_status="disabled" -- --fi -- --if test x"$fail" != x""; then -- targetname="" -- -- -- if test x"${enable_strict_dependencies}" = x"yes"; then -- as_fn_error $? "set --without-rlm_eap_teap to disable it explicitly." "$LINENO" 5 -- else -- -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_teap." >&5 --$as_echo "$as_me: WARNING: silently not building rlm_eap_teap." >&2;} -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&5 --$as_echo "$as_me: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&2;}; -- fail="$(echo $fail)" -- -- --fr_status="skipping (requires $fail)" -- -- fr_features= -- -- fi -- --else -- -- --fr_status="OK" -- --fi -- --if test x"$fr_features" = x""; then -- $as_echo "$fr_status" > "config.report" --else -- $as_echo_n "$fr_status ... " > "config.report" -- cat "config.report.tmp" >> "config.report" --fi -- --rm "config.report.tmp" -- -- -- -- -- -- -- --ac_config_files="$ac_config_files all.mk" -- --cat >confcache <<\_ACEOF --# This file is a shell script that caches the results of configure --# tests run on this system so they can be shared between configure --# scripts and configure runs, see configure's option --config-cache. --# It is not useful on other systems. If it contains results you don't --# want to keep, you may remove or edit it. --# --# config.status only pays attention to the cache file if you give it --# the --recheck option to rerun configure. --# --# `ac_cv_env_foo' variables (set or unset) will be overridden when --# loading this file, other *unset* `ac_cv_foo' will be assigned the --# following values. -- --_ACEOF -- --# The following way of writing the cache mishandles newlines in values, --# but we know of no workaround that is simple, portable, and efficient. --# So, we kill variables containing newlines. --# Ultrix sh set writes to stderr and can't be redirected directly, --# and sets the high bit in the cache file unless we assign to the vars. --( -- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do -- eval ac_val=\$$ac_var -- case $ac_val in #( -- *${as_nl}*) -- case $ac_var in #( -- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 --$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; -- esac -- case $ac_var in #( -- _ | IFS | as_nl) ;; #( -- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( -- *) { eval $ac_var=; unset $ac_var;} ;; -- esac ;; -- esac -- done -- -- (set) 2>&1 | -- case $as_nl`(ac_space=' '; set) 2>&1` in #( -- *${as_nl}ac_space=\ *) -- # `set' does not quote correctly, so add quotes: double-quote -- # substitution turns \\\\ into \\, and sed turns \\ into \. -- sed -n \ -- "s/'/'\\\\''/g; -- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" -- ;; #( -- *) -- # `set' quotes correctly as required by POSIX, so do not add quotes. -- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" -- ;; -- esac | -- sort --) | -- sed ' -- /^ac_cv_env_/b end -- t clear -- :clear -- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ -- t end -- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ -- :end' >>confcache --if diff "$cache_file" confcache >/dev/null 2>&1; then :; else -- if test -w "$cache_file"; then -- if test "x$cache_file" != "x/dev/null"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 --$as_echo "$as_me: updating cache $cache_file" >&6;} -- if test ! -f "$cache_file" || test -h "$cache_file"; then -- cat confcache >"$cache_file" -- else -- case $cache_file in #( -- */* | ?:*) -- mv -f confcache "$cache_file"$$ && -- mv -f "$cache_file"$$ "$cache_file" ;; #( -- *) -- mv -f confcache "$cache_file" ;; -- esac -- fi -- fi -- else -- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 --$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} -- fi --fi --rm -f confcache -- --test "x$prefix" = xNONE && prefix=$ac_default_prefix --# Let make expand exec_prefix. --test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -- --# Transform confdefs.h into DEFS. --# Protect against shell expansion while executing Makefile rules. --# Protect against Makefile macro expansion. --# --# If the first sed substitution is executed (which looks for macros that --# take arguments), then branch to the quote section. Otherwise, --# look for a macro that doesn't take arguments. --ac_script=' --:mline --/\\$/{ -- N -- s,\\\n,, -- b mline --} --t clear --:clear --s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g --t quote --s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g --t quote --b any --:quote --s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g --s/\[/\\&/g --s/\]/\\&/g --s/\$/$$/g --H --:any --${ -- g -- s/^\n// -- s/\n/ /g -- p --} --' --DEFS=`sed -n "$ac_script" confdefs.h` -- -- --ac_libobjs= --ac_ltlibobjs= --U= --for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue -- # 1. Remove the extension, and $U if already installed. -- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' -- ac_i=`$as_echo "$ac_i" | sed "$ac_script"` -- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR -- # will be set to the directory where LIBOBJS objects are built. -- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" -- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' --done --LIBOBJS=$ac_libobjs -- --LTLIBOBJS=$ac_ltlibobjs -- -- -- --: "${CONFIG_STATUS=./config.status}" --ac_write_fail=0 --ac_clean_files_save=$ac_clean_files --ac_clean_files="$ac_clean_files $CONFIG_STATUS" --{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 --$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} --as_write_fail=0 --cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 --#! $SHELL --# Generated by $as_me. --# Run this file to recreate the current configuration. --# Compiler output produced by configure, useful for debugging --# configure, is in config.log if it exists. -- --debug=false --ac_cs_recheck=false --ac_cs_silent=false -- --SHELL=\${CONFIG_SHELL-$SHELL} --export SHELL --_ASEOF --cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 --## -------------------- ## --## M4sh Initialization. ## --## -------------------- ## -- --# Be more Bourne compatible --DUALCASE=1; export DUALCASE # for MKS sh --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : -- emulate sh -- NULLCMD=: -- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which -- # is contrary to our usage. Disable this feature. -- alias -g '${1+"$@"}'='"$@"' -- setopt NO_GLOB_SUBST --else -- case `(set -o) 2>/dev/null` in #( -- *posix*) : -- set -o posix ;; #( -- *) : -- ;; --esac --fi -- -- --as_nl=' --' --export as_nl --# Printing a long string crashes Solaris 7 /usr/bin/printf. --as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo --as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo --# Prefer a ksh shell builtin over an external printf program on Solaris, --# but without wasting forks for bash or zsh. --if test -z "$BASH_VERSION$ZSH_VERSION" \ -- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then -- as_echo='print -r --' -- as_echo_n='print -rn --' --elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then -- as_echo='printf %s\n' -- as_echo_n='printf %s' --else -- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then -- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' -- as_echo_n='/usr/ucb/echo -n' -- else -- as_echo_body='eval expr "X$1" : "X\\(.*\\)"' -- as_echo_n_body='eval -- arg=$1; -- case $arg in #( -- *"$as_nl"*) -- expr "X$arg" : "X\\(.*\\)$as_nl"; -- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; -- esac; -- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" -- ' -- export as_echo_n_body -- as_echo_n='sh -c $as_echo_n_body as_echo' -- fi -- export as_echo_body -- as_echo='sh -c $as_echo_body as_echo' --fi -- --# The user is always right. --if test "${PATH_SEPARATOR+set}" != set; then -- PATH_SEPARATOR=: -- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { -- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || -- PATH_SEPARATOR=';' -- } --fi -- -- --# IFS --# We need space, tab and new line, in precisely that order. Quoting is --# there to prevent editors from complaining about space-tab. --# (If _AS_PATH_WALK were called with IFS unset, it would disable word --# splitting by setting IFS to empty value.) --IFS=" "" $as_nl" -- --# Find who we are. Look in the path if we contain no directory separator. --as_myself= --case $0 in #(( -- *[\\/]* ) as_myself=$0 ;; -- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -- done --IFS=$as_save_IFS -- -- ;; --esac --# We did not find ourselves, most probably we were run as `sh COMMAND' --# in which case we are not to be found in the path. --if test "x$as_myself" = x; then -- as_myself=$0 --fi --if test ! -f "$as_myself"; then -- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -- exit 1 --fi -- --# Unset variables that we do not need and which cause bugs (e.g. in --# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" --# suppresses any "Segmentation fault" message there. '((' could --# trigger a bug in pdksh 5.2.14. --for as_var in BASH_ENV ENV MAIL MAILPATH --do eval test x\${$as_var+set} = xset \ -- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : --done --PS1='$ ' --PS2='> ' --PS4='+ ' -- --# NLS nuisances. --LC_ALL=C --export LC_ALL --LANGUAGE=C --export LANGUAGE -- --# CDPATH. --(unset CDPATH) >/dev/null 2>&1 && unset CDPATH -- -- --# as_fn_error STATUS ERROR [LINENO LOG_FD] --# ---------------------------------------- --# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are --# provided, also output the error to LOG_FD, referencing LINENO. Then exit the --# script with STATUS, using 1 if that was 0. --as_fn_error () --{ -- as_status=$1; test $as_status -eq 0 && as_status=1 -- if test "$4"; then -- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 -- fi -- $as_echo "$as_me: error: $2" >&2 -- as_fn_exit $as_status --} # as_fn_error -- -- --# as_fn_set_status STATUS --# ----------------------- --# Set $? to STATUS, without forking. --as_fn_set_status () --{ -- return $1 --} # as_fn_set_status -- --# as_fn_exit STATUS --# ----------------- --# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. --as_fn_exit () --{ -- set +e -- as_fn_set_status $1 -- exit $1 --} # as_fn_exit -- --# as_fn_unset VAR --# --------------- --# Portably unset VAR. --as_fn_unset () --{ -- { eval $1=; unset $1;} --} --as_unset=as_fn_unset --# as_fn_append VAR VALUE --# ---------------------- --# Append the text in VALUE to the end of the definition contained in VAR. Take --# advantage of any shell optimizations that allow amortized linear growth over --# repeated appends, instead of the typical quadratic growth present in naive --# implementations. --if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : -- eval 'as_fn_append () -- { -- eval $1+=\$2 -- }' --else -- as_fn_append () -- { -- eval $1=\$$1\$2 -- } --fi # as_fn_append -- --# as_fn_arith ARG... --# ------------------ --# Perform arithmetic evaluation on the ARGs, and store the result in the --# global $as_val. Take advantage of shells that can avoid forks. The arguments --# must be portable across $(()) and expr. --if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : -- eval 'as_fn_arith () -- { -- as_val=$(( $* )) -- }' --else -- as_fn_arith () -- { -- as_val=`expr "$@" || test $? -eq 1` -- } --fi # as_fn_arith -- -- --if expr a : '\(a\)' >/dev/null 2>&1 && -- test "X`expr 00001 : '.*\(...\)'`" = X001; then -- as_expr=expr --else -- as_expr=false --fi -- --if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then -- as_basename=basename --else -- as_basename=false --fi -- --if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -- as_dirname=dirname --else -- as_dirname=false --fi -- --as_me=`$as_basename -- "$0" || --$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -- X"$0" : 'X\(//\)$' \| \ -- X"$0" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X/"$0" | -- sed '/^.*\/\([^/][^/]*\)\/*$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- --# Avoid depending upon Character Ranges. --as_cr_letters='abcdefghijklmnopqrstuvwxyz' --as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' --as_cr_Letters=$as_cr_letters$as_cr_LETTERS --as_cr_digits='0123456789' --as_cr_alnum=$as_cr_Letters$as_cr_digits -- --ECHO_C= ECHO_N= ECHO_T= --case `echo -n x` in #((((( ---n*) -- case `echo 'xy\c'` in -- *c*) ECHO_T=' ';; # ECHO_T is single tab character. -- xy) ECHO_C='\c';; -- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null -- ECHO_T=' ';; -- esac;; --*) -- ECHO_N='-n';; --esac -- --rm -f conf$$ conf$$.exe conf$$.file --if test -d conf$$.dir; then -- rm -f conf$$.dir/conf$$.file --else -- rm -f conf$$.dir -- mkdir conf$$.dir 2>/dev/null --fi --if (echo >conf$$.file) 2>/dev/null; then -- if ln -s conf$$.file conf$$ 2>/dev/null; then -- as_ln_s='ln -s' -- # ... but there are two gotchas: -- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -- # In both cases, we have to default to `cp -pR'. -- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -- as_ln_s='cp -pR' -- elif ln conf$$.file conf$$ 2>/dev/null; then -- as_ln_s=ln -- else -- as_ln_s='cp -pR' -- fi --else -- as_ln_s='cp -pR' --fi --rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file --rmdir conf$$.dir 2>/dev/null -- -- --# as_fn_mkdir_p --# ------------- --# Create "$as_dir" as a directory, including parents if necessary. --as_fn_mkdir_p () --{ -- -- case $as_dir in #( -- -*) as_dir=./$as_dir;; -- esac -- test -d "$as_dir" || eval $as_mkdir_p || { -- as_dirs= -- while :; do -- case $as_dir in #( -- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( -- *) as_qdir=$as_dir;; -- esac -- as_dirs="'$as_qdir' $as_dirs" -- as_dir=`$as_dirname -- "$as_dir" || --$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$as_dir" : 'X\(//\)[^/]' \| \ -- X"$as_dir" : 'X\(//\)$' \| \ -- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$as_dir" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- test -d "$as_dir" && break -- done -- test -z "$as_dirs" || eval "mkdir $as_dirs" -- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" -- -- --} # as_fn_mkdir_p --if mkdir -p . 2>/dev/null; then -- as_mkdir_p='mkdir -p "$as_dir"' --else -- test -d ./-p && rmdir ./-p -- as_mkdir_p=false --fi -- -- --# as_fn_executable_p FILE --# ----------------------- --# Test if FILE is an executable regular file. --as_fn_executable_p () --{ -- test -f "$1" && test -x "$1" --} # as_fn_executable_p --as_test_x='test -x' --as_executable_p=as_fn_executable_p -- --# Sed expression to map a string onto a valid CPP name. --as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" -- --# Sed expression to map a string onto a valid variable name. --as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" -- -- --exec 6>&1 --## ----------------------------------- ## --## Main body of $CONFIG_STATUS script. ## --## ----------------------------------- ## --_ASEOF --test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --# Save the log message, to keep $0 and so on meaningful, and to --# report actual input values of CONFIG_FILES etc. instead of their --# values after options handling. --ac_log=" --This file was extended by $as_me, which was --generated by GNU Autoconf 2.69. Invocation command line was -- -- CONFIG_FILES = $CONFIG_FILES -- CONFIG_HEADERS = $CONFIG_HEADERS -- CONFIG_LINKS = $CONFIG_LINKS -- CONFIG_COMMANDS = $CONFIG_COMMANDS -- $ $0 $@ -- --on `(hostname || uname -n) 2>/dev/null | sed 1q` --" -- --_ACEOF -- --case $ac_config_files in *" --"*) set x $ac_config_files; shift; ac_config_files=$*;; --esac -- -- -- --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --# Files that config.status was made for. --config_files="$ac_config_files" -- --_ACEOF -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --ac_cs_usage="\ --\`$as_me' instantiates files and other configuration actions --from templates according to the current configuration. Unless the files --and actions are specified as TAGs, all are instantiated by default. -- --Usage: $0 [OPTION]... [TAG]... -- -- -h, --help print this help, then exit -- -V, --version print version number and configuration settings, then exit -- --config print configuration, then exit -- -q, --quiet, --silent -- do not print progress messages -- -d, --debug don't remove temporary files -- --recheck update $as_me by reconfiguring in the same conditions -- --file=FILE[:TEMPLATE] -- instantiate the configuration file FILE -- --Configuration files: --$config_files -- --Report bugs to the package provider." -- --_ACEOF --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" --ac_cs_version="\\ --config.status --configured by $0, generated by GNU Autoconf 2.69, -- with options \\"\$ac_cs_config\\" -- --Copyright (C) 2012 Free Software Foundation, Inc. --This config.status script is free software; the Free Software Foundation --gives unlimited permission to copy, distribute and modify it." -- --ac_pwd='$ac_pwd' --srcdir='$srcdir' --test -n "\$AWK" || AWK=awk --_ACEOF -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --# The default lists apply if the user does not specify any file. --ac_need_defaults=: --while test $# != 0 --do -- case $1 in -- --*=?*) -- ac_option=`expr "X$1" : 'X\([^=]*\)='` -- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` -- ac_shift=: -- ;; -- --*=) -- ac_option=`expr "X$1" : 'X\([^=]*\)='` -- ac_optarg= -- ac_shift=: -- ;; -- *) -- ac_option=$1 -- ac_optarg=$2 -- ac_shift=shift -- ;; -- esac -- -- case $ac_option in -- # Handling of the options. -- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) -- ac_cs_recheck=: ;; -- --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) -- $as_echo "$ac_cs_version"; exit ;; -- --config | --confi | --conf | --con | --co | --c ) -- $as_echo "$ac_cs_config"; exit ;; -- --debug | --debu | --deb | --de | --d | -d ) -- debug=: ;; -- --file | --fil | --fi | --f ) -- $ac_shift -- case $ac_optarg in -- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; -- '') as_fn_error $? "missing file argument" ;; -- esac -- as_fn_append CONFIG_FILES " '$ac_optarg'" -- ac_need_defaults=false;; -- --he | --h | --help | --hel | -h ) -- $as_echo "$ac_cs_usage"; exit ;; -- -q | -quiet | --quiet | --quie | --qui | --qu | --q \ -- | -silent | --silent | --silen | --sile | --sil | --si | --s) -- ac_cs_silent=: ;; -- -- # This is an error. -- -*) as_fn_error $? "unrecognized option: \`$1' --Try \`$0 --help' for more information." ;; -- -- *) as_fn_append ac_config_targets " $1" -- ac_need_defaults=false ;; -- -- esac -- shift --done -- --ac_configure_extra_args= -- --if $ac_cs_silent; then -- exec 6>/dev/null -- ac_configure_extra_args="$ac_configure_extra_args --silent" --fi -- --_ACEOF --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --if \$ac_cs_recheck; then -- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -- shift -- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 -- CONFIG_SHELL='$SHELL' -- export CONFIG_SHELL -- exec "\$@" --fi -- --_ACEOF --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --exec 5>>config.log --{ -- echo -- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX --## Running $as_me. ## --_ASBOX -- $as_echo "$ac_log" --} >&5 -- --_ACEOF --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --_ACEOF -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -- --# Handling of arguments. --for ac_config_target in $ac_config_targets --do -- case $ac_config_target in -- "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;; -- -- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; -- esac --done -- -- --# If the user did not use the arguments to specify the items to instantiate, --# then the envvar interface is used. Set only those that are not. --# We use the long form for the default assignment because of an extremely --# bizarre bug on SunOS 4.1.3. --if $ac_need_defaults; then -- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files --fi -- --# Have a temporary directory for convenience. Make it in the build tree --# simply because there is no reason against having it here, and in addition, --# creating and moving files from /tmp can sometimes cause problems. --# Hook for its removal unless debugging. --# Note that there is a small window in which the directory will not be cleaned: --# after its creation but before its name has been assigned to `$tmp'. --$debug || --{ -- tmp= ac_tmp= -- trap 'exit_status=$? -- : "${ac_tmp:=$tmp}" -- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status --' 0 -- trap 'as_fn_exit 1' 1 2 13 15 --} --# Create a (secure) tmp directory for tmp files. -- --{ -- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && -- test -d "$tmp" --} || --{ -- tmp=./conf$$-$RANDOM -- (umask 077 && mkdir "$tmp") --} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 --ac_tmp=$tmp -- --# Set up the scripts for CONFIG_FILES section. --# No need to generate them if there are no CONFIG_FILES. --# This happens for instance with `./config.status config.h'. --if test -n "$CONFIG_FILES"; then -- -- --ac_cr=`echo X | tr X '\015'` --# On cygwin, bash can eat \r inside `` if the user requested igncr. --# But we know of no other shell where ac_cr would be empty at this --# point, so we can use a bashism as a fallback. --if test "x$ac_cr" = x; then -- eval ac_cr=\$\'\\r\' --fi --ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` --if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then -- ac_cs_awk_cr='\\r' --else -- ac_cs_awk_cr=$ac_cr --fi -- --echo 'BEGIN {' >"$ac_tmp/subs1.awk" && --_ACEOF -- -- --{ -- echo "cat >conf$$subs.awk <<_ACEOF" && -- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && -- echo "_ACEOF" --} >conf$$subs.sh || -- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 --ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` --ac_delim='%!_!# ' --for ac_last_try in false false false false false :; do -- . ./conf$$subs.sh || -- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -- -- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` -- if test $ac_delim_n = $ac_delim_num; then -- break -- elif $ac_last_try; then -- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -- else -- ac_delim="$ac_delim!$ac_delim _$ac_delim!! " -- fi --done --rm -f conf$$subs.sh -- --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && --_ACEOF --sed -n ' --h --s/^/S["/; s/!.*/"]=/ --p --g --s/^[^!]*!// --:repl --t repl --s/'"$ac_delim"'$// --t delim --:nl --h --s/\(.\{148\}\)..*/\1/ --t more1 --s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ --p --n --b repl --:more1 --s/["\\]/\\&/g; s/^/"/; s/$/"\\/ --p --g --s/.\{148\}// --t nl --:delim --h --s/\(.\{148\}\)..*/\1/ --t more2 --s/["\\]/\\&/g; s/^/"/; s/$/"/ --p --b --:more2 --s/["\\]/\\&/g; s/^/"/; s/$/"\\/ --p --g --s/.\{148\}// --t delim --' >$CONFIG_STATUS || ac_write_fail=1 --rm -f conf$$subs.awk --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --_ACAWK --cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && -- for (key in S) S_is_set[key] = 1 -- FS = "" -- --} --{ -- line = $ 0 -- nfields = split(line, field, "@") -- substed = 0 -- len = length(field[1]) -- for (i = 2; i < nfields; i++) { -- key = field[i] -- keylen = length(key) -- if (S_is_set[key]) { -- value = S[key] -- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) -- len += length(value) + length(field[++i]) -- substed = 1 -- } else -- len += 1 + keylen -- } -- -- print line --} -- --_ACAWK --_ACEOF --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then -- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" --else -- cat --fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ -- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 --_ACEOF -- --# VPATH may cause trouble with some makes, so we remove sole $(srcdir), --# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and --# trailing colons and then remove the whole line if VPATH becomes empty --# (actually we leave an empty line to preserve line numbers). --if test "x$srcdir" = x.; then -- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ --h --s/// --s/^/:/ --s/[ ]*$/:/ --s/:\$(srcdir):/:/g --s/:\${srcdir}:/:/g --s/:@srcdir@:/:/g --s/^:*// --s/:*$// --x --s/\(=[ ]*\).*/\1/ --G --s/\n// --s/^[^=]*=[ ]*$// --}' --fi -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --fi # test -n "$CONFIG_FILES" -- -- --eval set X " :F $CONFIG_FILES " --shift --for ac_tag --do -- case $ac_tag in -- :[FHLC]) ac_mode=$ac_tag; continue;; -- esac -- case $ac_mode$ac_tag in -- :[FHL]*:*);; -- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; -- :[FH]-) ac_tag=-:-;; -- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; -- esac -- ac_save_IFS=$IFS -- IFS=: -- set x $ac_tag -- IFS=$ac_save_IFS -- shift -- ac_file=$1 -- shift -- -- case $ac_mode in -- :L) ac_source=$1;; -- :[FH]) -- ac_file_inputs= -- for ac_f -- do -- case $ac_f in -- -) ac_f="$ac_tmp/stdin";; -- *) # Look for the file first in the build tree, then in the source tree -- # (if the path is not absolute). The absolute path cannot be DOS-style, -- # because $ac_f cannot contain `:'. -- test -f "$ac_f" || -- case $ac_f in -- [\\/$]*) false;; -- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; -- esac || -- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; -- esac -- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac -- as_fn_append ac_file_inputs " '$ac_f'" -- done -- -- # Let's still pretend it is `configure' which instantiates (i.e., don't -- # use $as_me), people would be surprised to read: -- # /* config.h. Generated by config.status. */ -- configure_input='Generated from '` -- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' -- `' by configure.' -- if test x"$ac_file" != x-; then -- configure_input="$ac_file. $configure_input" -- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 --$as_echo "$as_me: creating $ac_file" >&6;} -- fi -- # Neutralize special characters interpreted by sed in replacement strings. -- case $configure_input in #( -- *\&* | *\|* | *\\* ) -- ac_sed_conf_input=`$as_echo "$configure_input" | -- sed 's/[\\\\&|]/\\\\&/g'`;; #( -- *) ac_sed_conf_input=$configure_input;; -- esac -- -- case $ac_tag in -- *:-:* | *:-) cat >"$ac_tmp/stdin" \ -- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; -- esac -- ;; -- esac -- -- ac_dir=`$as_dirname -- "$ac_file" || --$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$ac_file" : 'X\(//\)[^/]' \| \ -- X"$ac_file" : 'X\(//\)$' \| \ -- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || --$as_echo X"$ac_file" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- as_dir="$ac_dir"; as_fn_mkdir_p -- ac_builddir=. -- --case "$ac_dir" in --.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; --*) -- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` -- # A ".." for each directory in $ac_dir_suffix. -- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` -- case $ac_top_builddir_sub in -- "") ac_top_builddir_sub=. ac_top_build_prefix= ;; -- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; -- esac ;; --esac --ac_abs_top_builddir=$ac_pwd --ac_abs_builddir=$ac_pwd$ac_dir_suffix --# for backward compatibility: --ac_top_builddir=$ac_top_build_prefix -- --case $srcdir in -- .) # We are building in place. -- ac_srcdir=. -- ac_top_srcdir=$ac_top_builddir_sub -- ac_abs_top_srcdir=$ac_pwd ;; -- [\\/]* | ?:[\\/]* ) # Absolute name. -- ac_srcdir=$srcdir$ac_dir_suffix; -- ac_top_srcdir=$srcdir -- ac_abs_top_srcdir=$srcdir ;; -- *) # Relative name. -- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix -- ac_top_srcdir=$ac_top_build_prefix$srcdir -- ac_abs_top_srcdir=$ac_pwd/$srcdir ;; --esac --ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix -- -- -- case $ac_mode in -- :F) -- # -- # CONFIG_FILE -- # -- --_ACEOF -- --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --# If the template does not know about datarootdir, expand it. --# FIXME: This hack should be removed a few years after 2.60. --ac_datarootdir_hack=; ac_datarootdir_seen= --ac_sed_dataroot=' --/datarootdir/ { -- p -- q --} --/@datadir@/p --/@docdir@/p --/@infodir@/p --/@localedir@/p --/@mandir@/p' --case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in --*datarootdir*) ac_datarootdir_seen=yes;; --*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 --$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} --_ACEOF --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -- ac_datarootdir_hack=' -- s&@datadir@&$datadir&g -- s&@docdir@&$docdir&g -- s&@infodir@&$infodir&g -- s&@localedir@&$localedir&g -- s&@mandir@&$mandir&g -- s&\\\${datarootdir}&$datarootdir&g' ;; --esac --_ACEOF -- --# Neutralize VPATH when `$srcdir' = `.'. --# Shell code in configure.ac might set extrasub. --# FIXME: do we really want to maintain this feature? --cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 --ac_sed_extra="$ac_vpsub --$extrasub --_ACEOF --cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 --:t --/@[a-zA-Z_][a-zA-Z_0-9]*@/!b --s|@configure_input@|$ac_sed_conf_input|;t t --s&@top_builddir@&$ac_top_builddir_sub&;t t --s&@top_build_prefix@&$ac_top_build_prefix&;t t --s&@srcdir@&$ac_srcdir&;t t --s&@abs_srcdir@&$ac_abs_srcdir&;t t --s&@top_srcdir@&$ac_top_srcdir&;t t --s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t --s&@builddir@&$ac_builddir&;t t --s&@abs_builddir@&$ac_abs_builddir&;t t --s&@abs_top_builddir@&$ac_abs_top_builddir&;t t --$ac_datarootdir_hack --" --eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ -- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 -- --test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && -- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && -- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ -- "$ac_tmp/out"`; test -z "$ac_out"; } && -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' --which seems to be undefined. Please make sure it is defined" >&5 --$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' --which seems to be undefined. Please make sure it is defined" >&2;} -- -- rm -f "$ac_tmp/stdin" -- case $ac_file in -- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; -- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; -- esac \ -- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 -- ;; -- -- -- -- esac -- --done # for ac_tag -- -- --as_fn_exit 0 --_ACEOF --ac_clean_files=$ac_clean_files_save -- --test $ac_write_fail = 0 || -- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 -- -- --# configure is writing to config.log, and then calls config.status. --# config.status does its own redirection, appending to config.log. --# Unfortunately, on DOS this fails, as config.log is still kept open --# by configure, so config.status won't be able to write to it; its --# output is simply discarded. So we exec the FD to /dev/null, --# effectively closing config.log, so it can be properly (re)opened and --# appended to by config.status. When coming back to configure, we --# need to make the FD available again. --if test "$no_create" != yes; then -- ac_cs_success=: -- ac_config_status_args= -- test "$silent" = yes && -- ac_config_status_args="$ac_config_status_args --quiet" -- exec 5>/dev/null -- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false -- exec 5>>config.log -- # Use ||, not &&, to avoid exiting from the if with $? = 1, which -- # would make configure fail if this is the last instruction. -- $ac_cs_success || as_fn_exit 1 --fi --if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 --$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} --fi -- -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac b/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac -deleted file mode 100644 -index 6247f4c8aa..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac -+++ /dev/null -@@ -1,86 +0,0 @@ --AC_PREREQ([2.69]) --AC_INIT --AC_CONFIG_SRCDIR([rlm_eap_teap.c]) --AC_REVISION($Revision$) --FR_INIT_MODULE([rlm_eap_teap]) -- --mod_ldflags= --mod_cflags= -- --FR_MODULE_START_TESTS -- --dnl ############################################################ --dnl # Check for command line options --dnl ############################################################ --dnl extra argument: --with-openssl-lib-dir --openssl_lib_dir= --AC_ARG_WITH(openssl-lib-dir, -- [AS_HELP_STRING([--with-openssl-lib-dir=DIR], -- [directory for LDAP library files])], -- [case "$withval" in -- no) -- AC_MSG_ERROR(Need openssl-lib-dir) -- ;; -- yes) -- ;; -- *) -- openssl_lib_dir="$withval" -- ;; -- esac]) -- --dnl extra argument: --with-openssl-include-dir --openssl_include_dir= --AC_ARG_WITH(openssl-include-dir, -- [AS_HELP_STRING([-with-openssl-include-dir=DIR], -- [directory for LDAP include files])], -- [case "$withval" in -- no) -- AC_MSG_ERROR(Need openssl-include-dir) -- ;; -- yes) -- ;; -- *) -- openssl_include_dir="$withval" -- ;; -- esac]) -- --dnl ############################################################ --dnl # Check for header files --dnl ############################################################ -- --smart_try_dir=$openssl_include_dir --FR_SMART_CHECK_INCLUDE(openssl/ec.h) --if test "$ac_cv_header_openssl_ec_h" != "yes"; then -- FR_MODULE_FAIL([openssl/ec.h]) --fi -- --smart_try_dir=$openssl_lib_dir --FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new) --if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then -- FR_MODULE_FAIL([libssl]) --fi -- --AC_EGREP_CPP(yes, -- [#include -- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -- yes -- #endif -- ], -- [ -- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1]) -- AC_MSG_RESULT(yes) -- ], -- [ -- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1]) -- AC_MSG_RESULT(no) -- FR_MODULE_FAIL([OpenSSL>=1.1.1]) -- ] --) -- --FR_MODULE_END_TESTS -- --AC_SUBST(mod_ldflags) --AC_SUBST(mod_cflags) -- --AC_CONFIG_FILES([all.mk]) --AC_OUTPUT -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c -deleted file mode 100644 -index 8e372c69f3..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c -+++ /dev/null -@@ -1,1817 +0,0 @@ --/* -- * eap_teap.c contains the interfaces that are called from the main handler -- * -- * Version: $Id$ -- * -- * Copyright (C) 2022 Network RADIUS SARL -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --RCSID("$Id$") -- --#include "eap_teap.h" --#include "eap_teap_crypto.h" --#include --#include --#include -- --#define EAPTLS_MPPE_KEY_LEN 32 -- --#define RDEBUGHEX(_label, _data, _length) \ --if (fr_debug_lvl > 2) {\ -- char __buf[8192];\ -- for (size_t i = 0; (i < (size_t) _length) && (3*i < sizeof(__buf)); i++) {\ -- sprintf(&__buf[3*i], " %02x", (uint8_t)(_data)[i]);\ -- }\ -- RDEBUG2("%s - hexdump(len=%zu):%s", _label, (size_t)_length, __buf);\ --} while (0) -- --#define RANDFILL(x) do { rad_assert(sizeof(x) % sizeof(uint32_t) == 0); for (size_t i = 0; i < sizeof(x); i += sizeof(uint32_t)) *((uint32_t *)&x[i]) = fr_rand(); } while(0) --#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) --#define MIN(a,b) (((a)>(b)) ? (b) : (a)) -- --struct crypto_binding_buffer { -- uint16_t tlv_type; -- uint16_t length; -- eap_tlv_crypto_binding_tlv_t binding; -- uint8_t eap_type; -- uint8_t outer_tlvs[1]; --} CC_HINT(__packed__); --#define CRYPTO_BINDING_BUFFER_INIT(_cbb) \ --do {\ -- _cbb->tlv_type = htons(EAP_TEAP_TLV_MANDATORY | EAP_TEAP_TLV_CRYPTO_BINDING);\ -- _cbb->length = htons(sizeof(struct eap_tlv_crypto_binding_tlv_t));\ -- _cbb->eap_type = PW_EAP_TEAP;\ --} while (0) -- --static struct teap_imck_t imck_zeros = { }; -- --/** -- * RFC 7170 EAP-TEAP Authentication Phase 1: Key Derivations -- */ --static void eap_teap_init_keys(REQUEST *request, tls_session_t *tls_session) --{ -- teap_tunnel_t *t = tls_session->opaque; -- -- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl)); -- const int md_type = EVP_MD_type(md); -- -- RDEBUG3("Phase 2: Using MAC %s (%d)", OBJ_nid2sn(md_type), md_type); -- -- RDEBUG3("Phase 2: Deriving keys"); -- -- rad_assert(t->received_version > -1); -- rad_assert(t->imckc == 0); -- -- /* S-IMCK[0] = session_key_seed (RFC7170, Section 5.1) */ -- eaptls_gen_keys_only(request, tls_session->ssl, "EXPORTER: teap session key seed", NULL, 0, t->imck_msk.simck, sizeof(t->imck_msk.simck)); -- memcpy(t->imck_emsk.simck, t->imck_msk.simck, sizeof(t->imck_msk.simck)); -- RDEBUGHEX("Phase 2: S-IMCK[0]", t->imck_msk.simck, sizeof(t->imck_msk.simck)); --} -- --/** -- * RFC 7170 EAP-TEAP Intermediate Compound Key Derivations - Section 5.2 -- */ --/** -- * RFC 7170 - Intermediate Compound Key Derivations -- */ --static void eap_teap_derive_imck(REQUEST *request, tls_session_t *tls_session, -- uint8_t *msk, size_t msklen, -- uint8_t *emsk, size_t emsklen) --{ -- teap_tunnel_t *t = tls_session->opaque; -- -- t->imckc++; -- RDEBUG2("Phase 2: Calculating ICMK for round (j = %d)", t->imckc); -- -- uint8_t imsk_msk[EAP_TEAP_IMSK_LEN] = {0}; -- uint8_t imsk_emsk[EAP_TEAP_IMSK_LEN + 32]; // +32 for EMSK overflow -- struct teap_imck_t imck_msk, imck_emsk; -- -- uint8_t imck_label[27] = "Inner Methods Compound Keys"; // width trims trailing \0 -- struct iovec imck_seed[2] = { -- { (void *)imck_label, sizeof(imck_label) }, -- { NULL, EAP_TEAP_IMSK_LEN } -- }; -- -- if (msklen) { -- memcpy(imsk_msk, msk, MIN(msklen, EAP_TEAP_IMSK_LEN)); -- RDEBUGHEX("Phase 2: IMSK from MSK", imsk_msk, EAP_TEAP_IMSK_LEN); -- } else { -- RDEBUGHEX("Phase 2: IMSK Zero", imsk_msk, EAP_TEAP_IMSK_LEN); -- } -- imck_seed[1].iov_base = imsk_msk; -- TLS_PRF(tls_session->ssl, -- t->imck_msk.simck, sizeof(t->imck_msk.simck), -- imck_seed, ARRAY_SIZE(imck_seed), -- (uint8_t *)&imck_msk, sizeof(imck_msk)); -- -- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */ -- RDEBUGHEX("Phase 2: MSK S-IMCK[j]", imck_msk.simck, sizeof(imck_msk.simck)); -- RDEBUGHEX("Phase 2: MSK CMK[j]", imck_msk.cmk, sizeof(imck_msk.cmk)); -- -- if (emsklen) { -- uint8_t emsk_label[20] = "TEAPbindkey@ietf.org"; -- uint8_t null[1] = {0}; -- uint8_t length[2] = {0,64}; /* length of 64 bytes in two bytes in network order */ -- struct iovec emsk_seed[] = { -- { (void *)emsk_label, sizeof(emsk_label) }, -- { (void *)null, sizeof(null) }, -- { (void *)length, sizeof(length) } -- }; -- -- /* -- * IMSK[j] = First 32 octets of TLS-PRF( -- * EMSK[j], -- * "TEAPbindkey@ietf.org", -- * 0x00 | 0x00 | 0x40) -- */ -- TLS_PRF(tls_session->ssl, -- emsk, emsklen, -- emsk_seed, ARRAY_SIZE(emsk_seed), -- imsk_emsk, sizeof(imsk_emsk)); -- -- RDEBUGHEX("Phase 2: IMSK from EMSK", imsk_emsk, EAP_TEAP_IMSK_LEN); -- -- /* -- * IMCK[j] = the first 60 octets of TLS-PRF(S-IMCK[j-1], -- * "Inner Methods Compound Keys", -- * IMSK[j]) -- */ -- imck_seed[1].iov_base = imsk_emsk; -- TLS_PRF(tls_session->ssl, -- t->imck_emsk.simck, sizeof(t->imck_emsk.simck), -- imck_seed, ARRAY_SIZE(imck_seed), -- (uint8_t *)&imck_emsk, sizeof(imck_emsk)); -- -- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */ -- RDEBUGHEX("Phase 2: EMSK S-IMCK[j]", imck_emsk.simck, sizeof(imck_emsk.simck)); -- RDEBUGHEX("Phase 2: EMSK CMK[j]", imck_emsk.cmk, sizeof(imck_emsk.cmk)); -- -- memcpy(&t->imck_emsk, &imck_emsk, sizeof(imck_emsk)); -- } -- -- memcpy(&t->imck_msk, &imck_msk, sizeof(imck_msk)); --} -- --static void eap_teap_tlv_append(tls_session_t *tls_session, int tlv, bool mandatory, int length, const void *data) --{ -- uint16_t hdr[2]; -- -- hdr[0] = htons(tlv | (mandatory ? EAP_TEAP_TLV_MANDATORY : 0)); -- hdr[1] = htons(length); -- -- tls_session->record_plus(&tls_session->clean_in, &hdr, 4); -- tls_session->record_plus(&tls_session->clean_in, data, length); --} -- --static void eap_teap_send_error(tls_session_t *tls_session, int error) --{ -- uint32_t value; -- value = htonl(error); -- -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_ERROR, true, sizeof(value), &value); --} -- --static void eap_teap_append_identity_type(tls_session_t *tls_session, int value) --{ -- uint16_t identity; -- identity = htons(value); -- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque; -- -- fr_assert(value != 0); -- fr_assert(value <= 2); -- -- /* -- * If we send this, it's required. -- */ -- t->auths[value].required = true; -- t->auths[value].sent = true; -- -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_IDENTITY_TYPE, false, sizeof(identity), &identity); --} -- --static void eap_teap_append_result(REQUEST *request, tls_session_t *tls_session, PW_CODE code) --{ -- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque; -- -- int type = (t->result_final) -- ? EAP_TEAP_TLV_RESULT -- : EAP_TEAP_TLV_INTERMED_RESULT; -- -- char const *name = (t->result_final) ? "Result" : "Intermediate-Result"; -- -- uint16_t state = (code == PW_CODE_ACCESS_REJECT) -- ? EAP_TEAP_TLV_RESULT_FAILURE -- : EAP_TEAP_TLV_RESULT_SUCCESS; -- state = htons(state); -- -- char const *state_name = (code == PW_CODE_ACCESS_REJECT) ? "Failure" : "Success"; -- -- RDEBUG("Phase 2: %s = %s", name, state_name); -- -- eap_teap_tlv_append(tls_session, type, true, sizeof(state), &state); --} -- --static void eap_teap_append_eap_identity_request(REQUEST *request, tls_session_t *tls_session, eap_handler_t *eap_session) --{ -- eap_packet_raw_t eap_packet; -- -- RDEBUG("Phase 2: Sending EAP-Identity"); -- -- eap_packet.code = PW_EAP_REQUEST; -- eap_packet.id = eap_session->eap_ds->response->id + 1; -- eap_packet.length[0] = 0; -- eap_packet.length[1] = EAP_HEADER_LEN + 1; -- eap_packet.data[0] = PW_EAP_IDENTITY; -- -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, sizeof(eap_packet), &eap_packet); --} -- --/* -- * RFC7170 and the consequences of EID5768, EID5770 and EID5775 makes the path forward unclear, -- * so just do what hostapd does...which the IETF probably agree with anyway: -- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/ -- */ --static void eap_teap_append_crypto_binding(REQUEST *request, tls_session_t *tls_session, -- uint8_t *msk, size_t msklen, -- uint8_t *emsk, size_t emsklen) --{ -- teap_tunnel_t *t = tls_session->opaque; -- uint8_t mac_msk[EVP_MAX_MD_SIZE], mac_emsk[EVP_MAX_MD_SIZE]; -- unsigned int maclen = EVP_MAX_MD_SIZE; -- uint8_t *buf; -- size_t olen, buflen; -- struct crypto_binding_buffer *cbb; -- uint8_t *outer_tlvs; -- -- RDEBUG("Phase 2: Sending Cryptobinding"); -- -- eap_teap_derive_imck(request, tls_session, msk, msklen, emsk, emsklen); -- -- t->imck_emsk_available = emsklen > 0; -- -- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0; -- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0; -- -- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen; -- -- buf = talloc_zero_array(request, uint8_t, buflen); -- rad_assert(buf != NULL); -- -- cbb = (struct crypto_binding_buffer *)buf; -- -- CRYPTO_BINDING_BUFFER_INIT(cbb); -- cbb->binding.version = EAP_TEAP_VERSION; -- cbb->binding.received_version = t->received_version; -- -- cbb->binding.subtype = ((emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) << 4) | EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST; -- -- rad_assert(sizeof(cbb->binding.nonce) % sizeof(uint32_t) == 0); -- RANDFILL(cbb->binding.nonce); -- cbb->binding.nonce[sizeof(cbb->binding.nonce) - 1] &= ~0x01; /* RFC 7170, Section 4.2.13 */ -- -- outer_tlvs = &cbb->outer_tlvs[0]; -- -- if (tls_session->outer_tlvs_octets_server) { -- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server); -- -- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len); -- outer_tlvs += len; -- } -- -- if (tls_session->outer_tlvs_octets_peer) { -- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer); -- -- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len); -- } -- -- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen); -- -- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl)); -- HMAC(md, &t->imck_msk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_msk, &maclen); -- if (t->imck_emsk_available) { -- HMAC(md, &t->imck_emsk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_emsk, &maclen); -- } -- memcpy(cbb->binding.msk_compound_mac, &mac_msk, sizeof(cbb->binding.msk_compound_mac)); -- if (t->imck_emsk_available) { -- memcpy(cbb->binding.emsk_compound_mac, &mac_emsk, sizeof(cbb->binding.emsk_compound_mac)); -- } -- -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_CRYPTO_BINDING, true, sizeof(cbb->binding), (uint8_t *)&cbb->binding); --} -- --static int eap_teap_verify(REQUEST *request, tls_session_t *tls_session, uint8_t const *data, unsigned int data_len) --{ -- uint16_t attr; -- uint16_t length; -- unsigned int remaining = data_len; -- int total = 0; -- int num[EAP_TEAP_TLV_MAX] = {0}; -- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque; -- uint32_t present = 0; -- uint32_t error = 0; -- uint16_t status = 0; -- -- rad_assert(sizeof(present) * 8 > EAP_TEAP_TLV_MAX); -- -- while (remaining > 0) { -- if (remaining < 4) { -- REDEBUG("Phase 2: Data is too small (%u) to contain a TLV header", remaining); -- return 0; -- } -- -- memcpy(&attr, data, sizeof(attr)); -- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE; -- -- switch (attr) { -- case EAP_TEAP_TLV_RESULT: -- case EAP_TEAP_TLV_NAK: -- case EAP_TEAP_TLV_ERROR: -- case EAP_TEAP_TLV_VENDOR_SPECIFIC: -- case EAP_TEAP_TLV_EAP_PAYLOAD: -- case EAP_TEAP_TLV_INTERMED_RESULT: -- case EAP_TEAP_TLV_CRYPTO_BINDING: -- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP: -- num[attr]++; -- present |= 1 << attr; -- -- if (num[EAP_TEAP_TLV_EAP_PAYLOAD] > 1) { -- REDEBUG("Phase 2: Too many EAP-Payload TLVs"); --unexpected: -- for (int i = 0; i < EAP_TEAP_TLV_MAX; i++) { -- DICT_ATTR const *da; -- -- if (!(present & (1 << i))) continue; -- -- da = dict_attrbyvalue((i << 8) | PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS); -- if (da) { -- RDEBUG("Phase 2: - attribute %s is present", da->name); -- } else { -- RDEBUG("Phase 2: - attribute %d is present", i); -- } -- } -- eap_teap_send_error(tls_session, EAP_TEAP_ERR_UNEXPECTED_TLV); -- return 0; -- } -- -- if (num[EAP_TEAP_TLV_INTERMED_RESULT] > 1) { -- REDEBUG("Phase 2: Too many Intermediate-Result TLVs"); -- goto unexpected; -- } -- break; -- default: -- if ((data[0] & 0x80) != 0) { -- REDEBUG("Phase 2: Unknown mandatory TLV %02x", attr); -- goto unexpected; -- } -- -- num[0]++; -- } -- -- total++; -- -- memcpy(&length, data + 2, sizeof(length)); -- length = ntohs(length); -- -- data += 4; -- remaining -= 4; -- -- if (length > remaining) { -- REDEBUG2("Phase 2: TLV %u is longer than room remaining in the packet (%u > %u).", attr, -- length, remaining); -- return 0; -- } -- -- /* -- * If the rest of the TLVs are larger than -- * this attribute, continue. -- * -- * Otherwise, if the attribute over-flows the end -- * of the TLCs, die. -- */ -- if (remaining < length) { -- REDEBUG2("Phase 2: TLV overflows packet."); -- return 0; -- } -- -- if (attr == EAP_TEAP_TLV_ERROR) { -- if (length != 4) goto fail_length; -- error = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; -- } -- -- /* -- * If there's an error, we bail out of the -- * authentication process before allocating -- * memory. -- */ -- if ((attr == EAP_TEAP_TLV_INTERMED_RESULT) || (attr == EAP_TEAP_TLV_RESULT)) { -- if (length != 2) { -- fail_length: -- REDEBUG("Phase 2: TLV %u is too short. Expected 2, got %d.", attr, length); -- return 0; -- } -- -- status = (data[0] << 8) | data[1]; -- if (status == 0) goto unknown_value; -- } -- -- /* -- * 1 octet length + User-Name -- * 1 octet length + User-Password -- */ -- if (attr == EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP) { -- uint8_t const *p = data; -- uint16_t vlen = length; -- -- if (vlen <= 2) { -- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is too short. Expected >2, got %d.", vlen); -- return 0; -- } -- -- /* -- * Can't be zero. We must have MORE than "1 octet length + User-Name" -- */ -- if (!p[0] || ((p[0] + 1) >= vlen)) { -- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. User-Name field has bad lenth %u", p[0]); -- return 0; -- } -- -- vlen -= p[0] + 1; -- if (!vlen) { -- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field is missing"); -- return 0; -- } -- -- p += p[0] + 1; -- if (!p[0] || (p[0] >= vlen)) { -- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field has bad lenth %u", p[0]); -- return 0; -- } -- } -- -- if (attr == EAP_TEAP_TLV_IDENTITY_TYPE) { -- if (length != 2) goto fail_length; -- -- if ((data[0] != 0) || (data[1] == 0) || (data[1] > 2)) { -- REDEBUG("Phase 2: Identity-Type TLV contains invalid value %02x%02x", -- data[0], data[1]); -- return 0; -- } -- } -- -- /* -- * Check the size of Crypto-Binding TLV, and the TEAP version. -- */ -- if (attr == EAP_TEAP_TLV_CRYPTO_BINDING) { -- if (length != sizeof(eap_tlv_crypto_binding_tlv_t)) { -- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect length %u", length); -- return 0; -- } -- -- if (data[1] != EAP_TEAP_VERSION) { -- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect version %u", data[1]); -- return 0; -- } -- } -- -- /* -- * remaining > length, continue. -- */ -- remaining -= length; -- data += length; -- } -- -- /* -- * Check status if we have it. -- */ -- if (status) { -- if (status == EAP_TEAP_TLV_RESULT_FAILURE) { -- if (!error) { -- REDEBUG("Phase 2: Received Result from peer which indicates failure with error %u. Rejecting request.", error); -- } else { -- REDEBUG("Phase 2: Received Result from peer which indicates failure. Rejecting request."); -- } -- return 0; -- } -- -- if (status != EAP_TEAP_TLV_RESULT_SUCCESS) { -- unknown_value: -- REDEBUG("Phase 2: Received Result from peer with unknown value %u. Rejecting request.", status); -- goto unexpected; -- } -- } -- -- /* -- * Check if the peer mixed & matched TLVs. -- */ -- if ((num[EAP_TEAP_TLV_NAK] > 0) && (num[EAP_TEAP_TLV_NAK] != total)) { -- REDEBUG("Phase 2: NAK TLV was sent along with non-NAK TLVs. Rejecting request."); -- goto unexpected; -- } -- -- /* -- * RFC7170 EID5844 says we can have Intermediate-Result and Result TLVs all in one -- */ -- -- /* -- * Check mandatory or not mandatory TLVs. -- */ -- switch (t->stage) { -- case TLS_SESSION_HANDSHAKE: -- if (present) { -- REDEBUG("Phase 2: Unexpected TLVs in TLS Session Handshake stage"); -- goto unexpected; -- } -- break; -- case AUTHENTICATION: -- if (present & ~((1 << EAP_TEAP_TLV_EAP_PAYLOAD) | (1 << EAP_TEAP_TLV_CRYPTO_BINDING) | (1 << EAP_TEAP_TLV_INTERMED_RESULT) | (1 << EAP_TEAP_TLV_RESULT) | (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP))) { -- REDEBUG("Phase 2: Unexpected TLVs in authentication stage"); -- goto unexpected; -- } -- -- /* -- * A password request must yield a password response. -- */ -- if (t->sent_basic_password && ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) { -- REDEBUG("Phase 2: Sent Basic-Password-Auth-Req but reply does not contain Basic-Password-Auth-Resp"); -- goto unexpected; -- } -- -- /* -- * If we have Identity-Type, the packet must also -- * contain either EAP-Payload or -- * Basic-Password-Auth-Resp. -- */ -- if (((present & (1 << EAP_TEAP_TLV_IDENTITY_TYPE)) != 0) && -- ((present & (1 << EAP_TEAP_TLV_EAP_PAYLOAD)) == 0) && -- ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) { -- REDEBUG("Phase 2: Received Identity-Type without EAP-Payload or Basic-Password-Auth-Resp"); -- goto unexpected; -- } -- -- break; -- case PROVISIONING: -- if (present & ~(1 << EAP_TEAP_TLV_RESULT)) { -- REDEBUG("Phase 2: Unexpected TLVs in provisioning stage"); -- goto unexpected; -- } -- break; -- case COMPLETE: -- if (present) { -- REDEBUG("Phase 2: Unexpected TLVs in complete stage"); -- goto unexpected; -- } -- break; -- default: -- REDEBUG("Phase 2: Internal error, invalid stage %d", t->stage); -- return 0; -- } -- -- /* -- * We got this far. It looks OK. -- */ -- return 1; --} -- --static ssize_t eap_teap_decode_vp(TALLOC_CTX *request, DICT_ATTR const *parent, -- uint8_t const *data, size_t const attr_len, VALUE_PAIR **out) --{ -- int8_t tag = TAG_NONE; -- VALUE_PAIR *vp; -- uint8_t const *p = data; -- -- /* -- * FIXME: Attrlen can be larger than 253 for extended attrs! -- */ -- if (!parent || !out ) { -- RERROR("eap_teap_decode_vp: Invalid arguments"); -- return -1; -- } -- -- /* -- * Silently ignore zero-length attributes. -- */ -- if (attr_len == 0) return 0; -- -- /* -- * And now that we've verified the basic type -- * information, decode the actual p. -- */ -- vp = fr_pair_afrom_da(request, parent); -- if (!vp) return -1; -- -- vp->vp_length = attr_len; -- vp->tag = tag; -- -- switch (parent->type) { -- case PW_TYPE_STRING: -- fr_pair_value_bstrncpy(vp, p, attr_len); -- break; -- -- case PW_TYPE_OCTETS: -- fr_pair_value_memcpy(vp, p, attr_len); -- break; -- -- case PW_TYPE_ABINARY: -- if (vp->vp_length > sizeof(vp->vp_filter)) { -- vp->vp_length = sizeof(vp->vp_filter); -- } -- memcpy(vp->vp_filter, p, vp->vp_length); -- break; -- -- case PW_TYPE_BYTE: -- vp->vp_byte = p[0]; -- break; -- -- case PW_TYPE_SHORT: -- vp->vp_short = (p[0] << 8) | p[1]; -- break; -- -- case PW_TYPE_INTEGER: -- case PW_TYPE_SIGNED: /* overloaded with vp_integer */ -- memcpy(&vp->vp_integer, p, 4); -- vp->vp_integer = ntohl(vp->vp_integer); -- break; -- -- case PW_TYPE_INTEGER64: -- memcpy(&vp->vp_integer64, p, 8); -- vp->vp_integer64 = ntohll(vp->vp_integer64); -- break; -- -- case PW_TYPE_DATE: -- memcpy(&vp->vp_date, p, 4); -- vp->vp_date = ntohl(vp->vp_date); -- break; -- -- case PW_TYPE_ETHERNET: -- memcpy(vp->vp_ether, p, 6); -- break; -- -- case PW_TYPE_IPV4_ADDR: -- memcpy(&vp->vp_ipaddr, p, 4); -- break; -- -- case PW_TYPE_IFID: -- memcpy(vp->vp_ifid, p, 8); -- break; -- -- case PW_TYPE_IPV6_ADDR: -- memcpy(&vp->vp_ipv6addr, p, 16); -- break; -- -- case PW_TYPE_IPV6_PREFIX: -- /* -- * FIXME: double-check that -- * (vp->vp_octets[1] >> 3) matches vp->vp_length + 2 -- */ -- memcpy(vp->vp_ipv6prefix, p, vp->vp_length); -- if (vp->vp_length < 18) { -- memset(((uint8_t *)vp->vp_ipv6prefix) + vp->vp_length, 0, -- 18 - vp->vp_length); -- } -- break; -- -- case PW_TYPE_IPV4_PREFIX: -- /* FIXME: do the same double-check as for IPv6Prefix */ -- memcpy(vp->vp_ipv4prefix, p, vp->vp_length); -- -- /* -- * /32 means "keep all bits". Otherwise, mask -- * them out. -- */ -- if ((p[1] & 0x3f) > 32) { -- uint32_t addr, mask; -- -- memcpy(&addr, vp->vp_octets + 2, sizeof(addr)); -- mask = 1; -- mask <<= (32 - (p[1] & 0x3f)); -- mask--; -- mask = ~mask; -- mask = htonl(mask); -- addr &= mask; -- memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr)); -- } -- break; -- -- default: -- RERROR("eap_teap_decode_vp: type %d Internal sanity check %d ", parent->type, __LINE__); -- fr_pair_list_free(&vp); -- return -1; -- } -- -- vp->type = VT_DATA; -- *out = vp; -- return attr_len; --} -- -- --VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, SSL *ssl, uint8_t const *data, size_t data_len, -- DICT_ATTR const *teap_da, vp_cursor_t *out) --{ -- uint16_t attr; -- uint16_t length; -- size_t data_left = data_len; -- VALUE_PAIR *first = NULL; -- VALUE_PAIR *vp = NULL; -- DICT_ATTR const *da; -- -- if (!teap_da) -- teap_da = dict_attrbyvalue(PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS); -- rad_assert(teap_da != NULL); -- -- if (!out) { -- out = talloc(request, vp_cursor_t); -- rad_assert(out != NULL); -- fr_cursor_init(out, &first); -- } -- -- /* -- * Decode the TLVs -- */ -- while (data_left > 0) { -- ssize_t decoded; -- -- /* FIXME do something with mandatory */ -- -- memcpy(&attr, data, sizeof(attr)); -- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE; -- -- memcpy(&length, data + 2, sizeof(length)); -- length = ntohs(length); -- -- data += 4; -- data_left -= 4; -- -- /* -- * Look up the TLV. -- * -- * For now, if it doesn't exist, ignore it. -- */ -- da = dict_attrbyparent(teap_da, attr, teap_da->vendor); -- if (!da) { -- RDEBUG3("Phase 2: Skipping unknown attribute %u", attr); -- goto next_attr; -- } -- if (da->type == PW_TYPE_TLV) { -- eap_teap_teap2vp(request, ssl, data, length, da, out); -- goto next_attr; -- } -- decoded = eap_teap_decode_vp(request, da, data, length, &vp); -- if (decoded < 0) { -- REDEBUG3("Phase 2: Failed decoding %s: %s", da->name, fr_strerror()); -- goto next_attr; -- } -- -- fr_cursor_merge(out, vp); -- -- next_attr: -- while (fr_cursor_next(out)) { -- /* nothing */ -- } -- -- data += length; -- data_left -= length; -- } -- -- /* -- * We got this far. It looks OK. -- */ -- return first; --} -- -- --static void eapteap_copy_request_to_tunnel(REQUEST *request, REQUEST *fake) { -- VALUE_PAIR *copy, *vp; -- vp_cursor_t cursor; -- -- for (vp = fr_cursor_init(&cursor, &request->packet->vps); -- vp; -- vp = fr_cursor_next(&cursor)) { -- /* -- * The attribute is a server-side thingy, -- * don't copy it. -- */ -- if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) { -- continue; -- } -- -- /* -- * The outside attribute is already in the -- * tunnel, don't copy it. -- * -- * This works for BOTH attributes which -- * are originally in the tunneled request, -- * AND attributes which are copied there -- * from below. -- */ -- if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue; -- -- /* -- * Some attributes are handled specially. -- */ -- if (!vp->da->vendor) switch (vp->da->attr) { -- /* -- * NEVER copy Message-Authenticator, -- * EAP-Message, or State. They're -- * only for outside of the tunnel. -- */ -- case PW_USER_NAME: -- case PW_USER_PASSWORD: -- case PW_CHAP_PASSWORD: -- case PW_CHAP_CHALLENGE: -- case PW_PROXY_STATE: -- case PW_MESSAGE_AUTHENTICATOR: -- case PW_EAP_MESSAGE: -- case PW_STATE: -- continue; -- -- /* -- * By default, copy it over. -- */ -- default: -- break; -- } -- -- /* -- * Don't copy from the head, we've already -- * checked it. -- */ -- copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY); -- fr_pair_add(&fake->packet->vps, copy); -- } --} -- --static const char *stage_name[] = { -- "TLS session handshake", -- "Authentication", -- "Provisioning", -- "Complete" --}; -- --/* -- * Use a reply packet to determine what to do. -- */ --static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_handler_t *eap_session, -- tls_session_t *tls_session, -- REQUEST *request, RADIUS_PACKET *reply) --{ -- rlm_rcode_t rcode = RLM_MODULE_REJECT; -- VALUE_PAIR *vp; -- vp_cursor_t cursor; -- uint8_t msk[2 * CHAP_VALUE_LENGTH] = {0}, emsk[2 * EAPTLS_MPPE_KEY_LEN] = {0}; -- size_t msklen = 0, emsklen = 0; -- bool doing_eap; -- -- teap_tunnel_t *t = tls_session->opaque; -- -- rad_assert(eap_session->request == request); -- -- RDEBUG("Phase 2: Stage %s", stage_name[t->stage]); -- -- /* -- * If the response packet was Access-Accept, then -- * we're OK. If not, die horribly. -- * -- * FIXME: EAP-Messages can only start with 'identity', -- * NOT 'eap start', so we should check for that.... -- */ -- switch (reply->code) { -- case PW_CODE_ACCESS_ACCEPT: -- RDEBUG("Phase 2: Got tunneled Access-Accept"); -- -- for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) { -- if (vp->da->attr == PW_EAP_EMSK) { -- // FIXME check if we should be generating an emsk from MPPE keys below -- emsklen = MIN(vp->vp_length, sizeof(emsk)); -- memcpy(emsk, vp->vp_octets, emsklen); -- break; -- } -- -- if (vp->da->vendor != VENDORPEC_MICROSOFT) continue; -- -- /* like for EAP-FAST, the keying material is used reversed */ -- switch (vp->da->attr) { -- case PW_MSCHAP_MPPE_SEND_KEY: -- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN) { -- /* do not set emsklen here so not to blat EAP-EMSK */ -- // emsklen = sizeof(emsk); -- memcpy(emsk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN); -- } else if (vp->vp_length == CHAP_VALUE_LENGTH) { -- msklen = sizeof(msk); -- memcpy(msk, vp->vp_octets, CHAP_VALUE_LENGTH); -- } else { -- wrong_length: -- REDEBUG("Phase 2: Found %s with incorrect length. Expected %u or %u, got %zu", -- vp->da->name, CHAP_VALUE_LENGTH, EAPTLS_MPPE_KEY_LEN, vp->vp_length); -- return RLM_MODULE_INVALID; -- } -- -- RDEBUGHEX("Phase 2: MSCHAP-MPPE-SEND-KEY [low MSK]", vp->vp_octets, vp->length); -- break; -- -- case PW_MSCHAP_MPPE_RECV_KEY: -- /* only do this if there is no EAP-EMSK */ -- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN && emsklen == 0) { -- msklen = sizeof(msk); -- memcpy(msk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN); -- emsklen = sizeof(emsk); -- memcpy(&emsk[EAPTLS_MPPE_KEY_LEN], vp->vp_octets, EAPTLS_MPPE_KEY_LEN); -- } else if (vp->vp_length == CHAP_VALUE_LENGTH) { -- msklen = sizeof(msk); -- memcpy(&msk[CHAP_VALUE_LENGTH], vp->vp_octets, CHAP_VALUE_LENGTH); -- } else { -- goto wrong_length; -- } -- -- RDEBUGHEX("Phase 2: MSCHAP-MPPE-RECV-KEY [high MSK]", vp->vp_octets, vp->vp_length); -- break; -- -- case PW_MSCHAP2_SUCCESS: -- RDEBUG("Phase 2: Got %s, tunneling it to the client in a challenge", vp->da->name); -- if (t->use_tunneled_reply) { -- t->authenticated = true; -- /* -- * Clean up the tunneled reply. -- */ -- fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); -- -- /* -- * Delete MPPE keys & encryption policy. We don't -- * want these here. -- */ -- fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); -- -- fr_pair_list_free(&t->accept_vps); /* for proxying MS-CHAP2 */ -- fr_pair_list_mcopy_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY); -- rad_assert(!reply->vps); -- } -- break; -- -- default: -- break; -- } -- } -- -- if (t->use_tunneled_reply) { -- /* -- * Clean up the tunneled reply. -- */ -- fr_pair_delete_by_num(&reply->vps, PW_EAP_EMSK, 0, TAG_ANY); -- fr_pair_delete_by_num(&reply->vps, PW_EAP_SESSION_ID, 0, TAG_ANY); -- } -- -- eap_teap_append_result(request, tls_session, reply->code); -- eap_teap_append_crypto_binding(request, tls_session, msk, msklen, emsk, emsklen); -- -- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY); -- if (vp) { -- RDEBUG("Phase 2: Continuing with Identity-Type = %s", -- (vp->vp_short == 1) ? "User" : "Machine"); -- -- /* RFC3748, Section 2.1 - does not explictly tell us to but we need to eat the EAP-Success */ -- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); -- -- /* new identity */ -- talloc_free(t->username); -- t->username = NULL; -- -- if (t->num_identities == 2) { -- RDEBUG("Phase 2: Configured to send too many identities, failing the session"); -- goto fail; -- } -- -- t->identity_types[t->num_identities++] = vp->vp_short; -- -- /* RFC7170, Appendix C.6 */ -- eap_teap_append_identity_type(tls_session, vp->vp_short); -- -- if (t->default_method || t->eap_method[vp->vp_short]) { -- eap_teap_append_eap_identity_request(request, tls_session, eap_session); -- } -- -- if (!t->auto_chain) goto challenge; -- -- if (!(t->default_method || t->eap_method[vp->vp_short])) { -- RDEBUG("Phase 2: No %s EAP methods configured - assuming password", -- (vp->vp_short == 1) ? "User" : "Machine"); -- -- vp = fr_pair_afrom_num(reply, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS); -- if (vp) { -- fr_pair_add(&reply->vps, vp); -- } else { -- RERROR("Failed adding attribute &reply:FreeRADIUS-EAP-TEAP-Basic-Password-Auth-Req"); -- goto fail; -- } -- } -- -- /* -- * Delete the &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type -- * which we found. -- * -- * If there are more than one, then the -- * next round will pick up the next one. -- */ -- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s", -- (vp->vp_short == 1) ? "User" : "Machine"); -- fr_pair_delete(&request->state, vp); -- -- /* -- * Always challenge, as we're sending EAP-Identity. -- */ -- goto challenge; -- } -- -- if (t->auths[1].required && !t->auths[1].received) { -- REDEBUG("Phase 2: We required Identity-Type = User, but we did not see it - rejecting the session"); -- goto fail; -- } -- -- if (t->auths[2].required && !t->auths[2].received) { -- REDEBUG("Phase 2: We required Identity-Type = Machine, but we did not see it - rejecting the session"); -- goto fail; -- } -- -- RDEBUG("Phase 2: All inner authentications have succeeded"); -- -- t->result_final = true; -- t->sent_basic_password = false; -- eap_teap_append_result(request, tls_session, reply->code); -- -- tls_session->authentication_success = true; -- rcode = RLM_MODULE_OK; -- -- break; -- -- case PW_CODE_ACCESS_REJECT: -- RDEBUG("Phase 2: Got tunneled Access-Reject"); -- -- fail: -- eap_teap_append_result(request, tls_session, PW_CODE_ACCESS_REJECT); -- rcode = RLM_MODULE_REJECT; -- break; -- -- /* -- * Handle Access-Challenge, but only if we -- * send tunneled reply data. This is because -- * an Access-Challenge means that we MUST tunnel -- * a Reply-Message to the client. -- */ -- case PW_CODE_ACCESS_CHALLENGE: -- RDEBUG("Phase 2: Got tunneled Access-Challenge"); --challenge: -- /* -- * Keep the State attribute, if necessary. -- * -- * Get rid of the old State, too. -- */ -- fr_pair_list_free(&t->state); -- fr_pair_list_mcopy_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY); -- -- t->sent_basic_password = false; -- doing_eap = false; -- -- /* -- * Copy the EAP-Message back to the tunnel. Note -- * that there can only be one EAP-Message -- * attribute. The RADIUS encoder takes care of -- * splitting it into multiple chunks in a RADIUS -- * packet. -- * -- * For TEAP, we can only send one EAP-Payload TLV -- * in a packet. -- */ -- vp = fr_pair_find_by_num(reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); -- if (vp) { -- doing_eap = true; -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, vp->vp_length, vp->vp_octets); -- } -- -- /* -- * When chaining, we 'goto challenge' and can use -- * that to now signal back to unlang that a -- * method has completed and we can now move to -- * the next -- */ -- rcode = reply->code == PW_CODE_ACCESS_CHALLENGE ? RLM_MODULE_HANDLED : RLM_MODULE_OK; -- -- if (!doing_eap) { -- vp = fr_pair_find_by_num(reply->vps, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS, TAG_ANY); -- if (!vp) { -- RWDEBUG("Phase 2: Not configured to use EAP or passwords. Authentication will likely fail."); -- break; -- } -- -- t->sent_basic_password = true; -- -- RDEBUG("Phase 2: Sending Basic-Password-Auth-Req"); -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, vp->vp_length, vp->vp_strvalue); -- } -- -- break; -- -- default: -- RDEBUG("Phase 2: Unknown RADIUS packet type %d: rejecting tunneled user", reply->code); -- rcode = RLM_MODULE_INVALID; -- break; -- } -- -- -- return rcode; --} -- --static PW_CODE eap_teap_phase2(REQUEST *request, eap_handler_t *eap_session, -- tls_session_t *tls_session, REQUEST *fake) --{ -- PW_CODE code = PW_CODE_ACCESS_REJECT; -- rlm_rcode_t rcode; -- VALUE_PAIR *vp; -- teap_tunnel_t *t; -- int eap_method = 0; -- -- RDEBUG3("Phase 2: Processing received EAP Payload"); -- -- t = (teap_tunnel_t *) tls_session->opaque; -- -- RDEBUG("Phase 2: Got tunneled request"); -- rdebug_pair_list(L_DBG_LVL_1, request, fake->packet->vps, NULL); -- -- /* -- * Tell the request that it's a fake one. -- */ -- fr_pair_make(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ); -- -- /* -- * No User-Name in the stored data, look for -- * an EAP-Identity, and pull it out of there. -- */ -- if (!t->username) { -- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY); -- if (vp && -- (vp->vp_length >= EAP_HEADER_LEN + 2) && -- (vp->vp_strvalue[0] == PW_EAP_RESPONSE) && -- (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) && -- (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) { -- /* -- * Create & remember a User-Name -- */ -- t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ); -- rad_assert(t->username != NULL); -- -- fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5); -- -- RDEBUG("Phase 2: Got tunneled identity of %s", t->username->vp_strvalue); -- -- } else if (!fake->username) { -- /* -- * Don't reject the request outright, -- * as it's permitted to do EAP without -- * user-name. -- */ -- RWDEBUG2("Phase 2: No EAP-Identity found to start EAP conversation"); -- } -- } /* else there WAS a t->username */ -- -- if (t->username && !fake->username) { -- vp = fr_pair_list_copy(fake->packet, t->username); -- fr_pair_add(&fake->packet->vps, vp); -- fake->username = vp; -- } -- -- /* -- * Add the State attribute, too, if it exists. -- */ -- if (t->state) { -- vp = fr_pair_list_copy(fake->packet, t->state); -- if (vp) fr_pair_add(&fake->packet->vps, vp); -- } -- -- if (t->stage == AUTHENTICATION) { -- VALUE_PAIR *tvp; -- -- eap_method = t->default_method; -- -- RDEBUG2("Phase 2: Authentication"); -- -- /* -- * See which method we're doing. If we're told to do a particular kind of identity -- * check, AND there's not any EAP-Type already set, THEN do it. -- */ -- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY); -- if (vp) { -- VALUE_PAIR *teap_type; -- -- t->auths[vp->vp_short].received++; -- -- /* -- * User auth. Prefer: -- * * values set by the admin for this session. -- * * otherwise configured in the TEAP module -- * * otherwise default_eap_type -- * * otherwise ??? -- */ -- if (vp->vp_short == 1) { -- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_USER, 0, TAG_ANY); -- if (teap_type) { -- eap_method = teap_type->vp_integer; -- -- RDEBUG("Phase 2: Setting User EAP-Type = %s from &config:TEAP-Type-User", -- eap_type2name(eap_method)); -- -- } else if (t->eap_method[vp->vp_short]) { -- eap_method = t->eap_method[vp->vp_short]; -- -- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration user_eap_type", -- eap_type2name(eap_method)); -- -- } else if (eap_method) { -- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration default_eap_type", -- eap_type2name(eap_method)); -- -- } else if (fake->password) { -- RDEBUG("Phase 2: User is not doing EAP, but instead is doing User-Password authentication"); -- -- } else { -- RWDEBUG("Phase 2: Not setting User EAP-Type"); -- } -- } -- -- if (vp->vp_short == 2) { -- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_MACHINE, 0, TAG_ANY); -- if (teap_type) { -- eap_method = teap_type->vp_integer; -- -- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from &config:TEAP-Type-Machine", -- eap_type2name(eap_method)); -- -- } else if (t->eap_method[vp->vp_short]) { -- eap_method = t->eap_method[vp->vp_short]; -- -- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from TEAP configuration machine_eap_type", -- eap_type2name(eap_method)); -- -- } else if (eap_method) { -- RDEBUG("Phase 2: Using Machine EAP-Type = %s from TEAP configuration default_eap_type", -- eap_type2name(eap_method)); -- -- } else if (fake->password) { -- RDEBUG("Phase 2: Machine is not doing EAP, but instead is doing User-Password authentication"); -- -- } else { -- RWDEBUG("Phase 2: Not setting Machine EAP-Type"); -- } -- } -- } -- -- if (eap_method) { -- /* -- * RFC 7170 - Authenticating Using EAP-TEAP-MSCHAPv2 -- */ -- if (eap_method == PW_EAP_MSCHAPV2 && t->mode == EAP_TEAP_PROVISIONING_ANON) { -- tvp = fr_pair_afrom_num(fake, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT); -- //fr_pair_value_memcpy(tvp, t->keyblock->server_challenge, CHAP_VALUE_LENGTH); -- fr_pair_add(&fake->config, tvp); -- -- tvp = fr_pair_afrom_num(fake, PW_MS_CHAP_PEER_CHALLENGE, 0); -- //fr_pair_value_memcpy(tvp, t->keyblock->client_challenge, CHAP_VALUE_LENGTH); -- fr_pair_add(&fake->config, tvp); -- } -- -- /* -- * Set the configuration to force a particular EAP-Type. -- */ -- RDEBUG("Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = %s", eap_type2name(eap_method)); -- vp = fr_pair_afrom_num(fake, PW_EAP_TYPE, 0); -- if (vp) { -- fr_pair_add(&fake->config, vp); -- vp->vp_integer = eap_method; -- } -- -- } else if (!fake->password) { -- RWDEBUG("Phase 2: No explicit EAP-Type set."); -- } else { -- /* else it's User-Password authentication */ -- } -- } -- -- if (t->copy_request_to_tunnel) { -- eapteap_copy_request_to_tunnel(request, fake); -- } -- -- if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { -- fake->server = vp->vp_strvalue; -- -- } else if (t->virtual_server) { -- fake->server = t->virtual_server; -- -- } /* else fake->server == request->server */ -- -- /* -- * Call authentication recursively, which will -- * do PAP, CHAP, MS-CHAP, etc. -- */ -- rad_virtual_server(fake); -- -- /* -- * Decide what to do with the reply. -- */ -- switch (fake->reply->code) { -- case 0: -- vp = fr_pair_find_by_num(fake->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY); -- if (vp && (vp->vp_integer == PW_CODE_ACCESS_CHALLENGE)) { -- fake->reply->code = PW_CODE_ACCESS_CHALLENGE; -- goto do_reply; -- } -- -- RDEBUG("Phase 2: No tunneled reply was found, rejecting the user."); -- code = PW_CODE_ACCESS_REJECT; -- break; -- -- default: -- do_reply: -- /* -- * Returns RLM_MODULE_FOO, and we want to return PW_FOO -- */ -- rcode = process_reply(eap_session, tls_session, request, fake->reply); -- switch (rcode) { -- case RLM_MODULE_REJECT: -- code = PW_CODE_ACCESS_REJECT; -- break; -- -- case RLM_MODULE_HANDLED: -- code = PW_CODE_ACCESS_CHALLENGE; -- break; -- -- case RLM_MODULE_OK: -- code = PW_CODE_ACCESS_ACCEPT; -- break; -- -- default: -- code = PW_CODE_ACCESS_REJECT; -- break; -- } -- break; -- } -- -- return code; --} -- --static PW_CODE eap_teap_crypto_binding(REQUEST *request, UNUSED eap_handler_t *eap_session, -- tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t const *binding) --{ -- teap_tunnel_t *t = tls_session->opaque; -- uint8_t *buf; -- size_t olen, buflen; -- struct crypto_binding_buffer *cbb; -- uint8_t mac[EVP_MAX_MD_SIZE]; -- unsigned int maclen = sizeof(mac); -- unsigned int flags; -- struct teap_imck_t *imck = NULL; -- uint8_t *outer_tlvs; -- -- /* -- * @todo - put crypto binding calculations into a common function, -- */ -- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0; -- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0; -- -- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen; -- -- buf = talloc_zero_array(request, uint8_t, buflen); -- rad_assert(buf != NULL); -- -- cbb = (struct crypto_binding_buffer *)buf; -- -- /* -- * binding->version is what they are using. -- * binding->received_version is what they got from us. -- */ -- if (binding->version != t->received_version || binding->received_version != EAP_TEAP_VERSION) { -- RDEBUG2("Phase 2: Crypto-Binding TLV version mis-match (possible downgrade attack!)"); -- RDEBUG2("Phase 2: Expected client to send %d, got %d. We sent %d, they echoed back %d", -- t->received_version, binding->version, -- EAP_TEAP_VERSION, binding->received_version); -- return PW_CODE_ACCESS_REJECT; -- } -- if ((binding->subtype & 0xf) != EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE) { -- RDEBUG2("Phase 2: Crypto-Binding TLV contains unexpected response"); -- return PW_CODE_ACCESS_REJECT; -- } -- flags = binding->subtype >> 4; -- -- CRYPTO_BINDING_BUFFER_INIT(cbb); -- memcpy(&cbb->binding, binding, sizeof(cbb->binding) - sizeof(cbb->binding.emsk_compound_mac) - sizeof(cbb->binding.msk_compound_mac)); -- -- outer_tlvs = &cbb->outer_tlvs[0]; -- -- if (tls_session->outer_tlvs_octets_server) { -- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server); -- -- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len); -- outer_tlvs += len; -- } -- -- if (tls_session->outer_tlvs_octets_peer) { -- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer); -- -- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len); -- } -- -- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen); -- -- /* -- * we carry forward the S-IMCK[j] based on what we verified for session key generation -- * -- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/ -- * https://github.com/emu-wg/teap-errata/pull/13 -- */ -- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl)); -- -- /* -- * We verify cryptobinding MSK and EMSK, but we prefer -- * EMSK for the later IMCK deriviation. -- */ -- if ((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) != 0) { -- HMAC(md, &t->imck_msk.cmk, sizeof(t->imck_msk.cmk), buf, buflen, mac, &maclen); -- if (memcmp(binding->msk_compound_mac, mac, sizeof(binding->msk_compound_mac))) { -- RDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match"); -- return PW_CODE_ACCESS_REJECT; -- } -- imck = &t->imck_msk; -- } -- -- if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && t->imck_emsk_available) { -- HMAC(md, &t->imck_emsk.cmk, sizeof(t->imck_emsk.cmk), buf, buflen, mac, &maclen); -- if (memcmp(binding->emsk_compound_mac, mac, sizeof(binding->emsk_compound_mac))) { -- RDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match"); -- return PW_CODE_ACCESS_REJECT; -- } -- -- RDEBUG3("Phase 2: Using all EMSK for ICMK"); -- imck = &t->imck_emsk; -- -- } else if (imck) { -- RDEBUG3("Phase 2: Using all MSK for ICMK"); -- -- } else { -- RDEBUG3("Phase 2: Using all zeroes for ICMK"); -- imck = &imck_zeros; -- } -- -- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */ -- RDEBUGHEX("Phase 2: S-IMCK[j]", imck->simck, sizeof(imck->simck)); -- -- uint8_t mk_msk_label[31] = "Session Key Generating Function"; -- -- struct iovec mk_msk_seed[1] = { -- { (void *)mk_msk_label, sizeof(mk_msk_label) } -- }; -- TLS_PRF(tls_session->ssl, -- imck->simck, sizeof(imck->simck), -- mk_msk_seed, ARRAY_SIZE(mk_msk_seed), -- (uint8_t *)&t->msk, sizeof(t->msk)); -- RDEBUGHEX("Phase 2: Derived key (MSK)", t->msk, sizeof(t->msk)); -- -- uint8_t mk_emsk_label[40] = "Extended Session Key Generating Function"; -- struct iovec mk_emsk_seed[1] = { -- { (void *)mk_emsk_label, sizeof(mk_emsk_label) } -- }; -- TLS_PRF(tls_session->ssl, -- imck->simck, sizeof(imck->simck), -- mk_emsk_seed, ARRAY_SIZE(mk_emsk_seed), -- (uint8_t *)&t->emsk, sizeof(t->emsk)); -- RDEBUGHEX("Phase 2: Derived key (EMSK)", t->emsk, sizeof(t->emsk)); -- -- return PW_CODE_ACCESS_ACCEPT; --} -- -- --static PW_CODE eap_teap_process_tlvs(REQUEST *request, eap_handler_t *eap_session, -- tls_session_t *tls_session, VALUE_PAIR *teap_vps) --{ -- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque; -- VALUE_PAIR *vp, *copy; -- vp_cursor_t cursor; -- PW_CODE code = PW_CODE_ACCESS_ACCEPT; -- uint8_t const *p; -- bool gotintermedresult = false, gotresult = false, gotcryptobinding = false; -- REQUEST *fake; -- -- /* -- * Allocate a fake REQUEST structure. -- */ -- fake = request_alloc_fake(request); -- rad_assert(!fake->packet->vps); -- -- fake->eap_inner_tunnel = true; -- -- for (vp = fr_cursor_init(&cursor, &teap_vps); vp; vp = fr_cursor_next(&cursor)) { -- char *value; -- DICT_ATTR const *parent_da = NULL; -- VALUE_PAIR *vp_config; -- -- parent_da = dict_parent(vp->da->attr, vp->da->vendor); -- if (parent_da == NULL || vp->da->vendor != VENDORPEC_FREERADIUS || -- ((vp->da->attr & 0xff) != PW_FREERADIUS_EAP_TEAP_TLV)) { -- continue; -- } -- -- switch (parent_da->attr) { -- case PW_FREERADIUS_EAP_TEAP_TLV: -- switch (vp->da->attr >> 8) { -- case EAP_TEAP_TLV_IDENTITY_TYPE: -- vp_config = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY); -- if (vp_config && (vp_config->vp_short != vp->vp_short)) { -- RWDEBUG("We requested &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %s", -- (vp_config->vp_short == 1) ? "User" : "Machine"); -- RWDEBUG("But the supplicant returned FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %u", -- vp->vp_short); -- RWDEBUG("Authentication will likely fail."); -- } -- -- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp)); -- break; -- -- /* -- * Copy EAP-Payload to EAP-Message -- */ -- case EAP_TEAP_TLV_EAP_PAYLOAD: -- copy = fr_pair_afrom_num(fake->packet, PW_EAP_MESSAGE, 0); -- fr_pair_value_memcpy(copy, vp->vp_octets, vp->vp_length); -- fr_pair_add(&fake->packet->vps, copy); -- break; -- -- /* -- * We copy the full attribute, even if the administrator -- * isn't ever going to use it. The existence of the attribute -- * is a signal that we have a password response, and not an EAP-Message. -- */ -- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP: -- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp)); -- -- p = vp->vp_octets; -- -- copy = fr_pair_afrom_num(fake->packet, PW_USER_NAME, 0); -- fr_pair_value_bstrncpy(copy, p + 1, p[0]); -- fr_pair_add(&fake->packet->vps, copy); -- fake->username = copy; -- -- p += p[0] + 1; -- -- copy = fr_pair_afrom_num(fake->packet, PW_USER_PASSWORD, 0); -- fr_pair_value_bstrncpy(copy, p + 1, p[0]); -- fr_pair_add(&fake->packet->vps, copy); -- fake->password = copy; -- break; -- -- /* -- * The rest of the TEAP -- * attributes are signalling, and -- * aren't needed by the inner-tunnel virtual server. -- */ -- case EAP_TEAP_TLV_RESULT: -- gotresult = true; -- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) { -- REDEBUG("Phase 2: Peer sent Result = Failure - rejecting the session"); -- code = PW_CODE_ACCESS_REJECT; -- } -- break; -- -- case EAP_TEAP_TLV_INTERMED_RESULT: -- gotintermedresult = true; -- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) { -- REDEBUG("Phase 2: Peer sent Intermediate-Result = Failure - rejecting the session"); -- code = PW_CODE_ACCESS_REJECT; -- } -- break; -- -- case EAP_TEAP_TLV_CRYPTO_BINDING: -- gotcryptobinding = true; -- -- code = eap_teap_crypto_binding(request, eap_session, tls_session, -- (eap_tlv_crypto_binding_tlv_t const *)vp->vp_octets); -- break; -- -- default: -- value = vp_aprints_value(request->packet, vp, '"'); -- RDEBUG2("Ignoring unknown attribute %s", value); -- talloc_free(value); -- } -- break; -- -- default: -- value = vp_aprints(request->packet, vp, '"'); -- RDEBUG2("Ignoring TEAP TLV %s", value); -- talloc_free(value); -- } -- -- if (code == PW_CODE_ACCESS_REJECT) { -- talloc_free(fake); -- return PW_CODE_ACCESS_REJECT; -- } -- } -- -- /* -- * Move to the provisioning stage only if we have a final result. -- */ -- if ((t->stage == AUTHENTICATION) && t->result_final) { -- if (gotcryptobinding && gotintermedresult) t->stage = PROVISIONING; -- /* rollback if we have an EAP sequence (chaining) */ -- if (t->stage == PROVISIONING && !gotresult && vp) t->stage = AUTHENTICATION; -- } -- -- if (t->stage == PROVISIONING) { -- if (gotcryptobinding && gotresult) t->stage = COMPLETE; -- } -- -- if (t->stage == COMPLETE) { -- if (!gotcryptobinding) { -- RWDEBUG("Phase 2: Peer did not send Crypto-Binding - rejecting"); -- talloc_free(fake); -- return PW_CODE_ACCESS_REJECT; -- } -- -- if (!gotresult) { -- RWDEBUG("Phase 2: Peer did not send Result - rejecting"); -- talloc_free(fake); -- return PW_CODE_ACCESS_REJECT; -- } -- -- } else { -- code = eap_teap_phase2(request, eap_session, tls_session, fake); -- } -- -- talloc_free(fake); -- return code; --} -- -- --static void print_tunneled_data(uint8_t const *data, size_t data_len) --{ -- size_t i; -- -- DEBUG2(" TEAP tunnel data total %zu", data_len); -- -- if ((rad_debug_lvl > 2) && fr_log_fp) { -- for (i = 0; i < data_len; i++) { -- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TEAP tunnel data in %02x: ", (int) i); -- -- fprintf(fr_log_fp, "%02x ", data[i]); -- -- if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n"); -- } -- if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n"); -- } --} -- -- --/* -- * Process the inner tunnel data -- */ --PW_CODE eap_teap_process(eap_handler_t *eap_session, tls_session_t *tls_session) --{ -- PW_CODE code; -- VALUE_PAIR *teap_vps, *vp; -- uint8_t const *data; -- size_t data_len; -- teap_tunnel_t *t; -- REQUEST *request = eap_session->request; -- -- /* -- * Just look at the buffer directly, without doing -- * record_to_buff. -- */ -- data_len = tls_session->clean_out.used; -- tls_session->clean_out.used = 0; -- data = tls_session->clean_out.data; -- -- t = (teap_tunnel_t *) tls_session->opaque; -- -- if (rad_debug_lvl > 2) print_tunneled_data(data, data_len); -- -- /* -- * See if the tunneled data is well formed. -- */ -- if (!eap_teap_verify(request, tls_session, data, data_len)) return PW_CODE_ACCESS_REJECT; -- -- if (t->stage == TLS_SESSION_HANDSHAKE) { -- rad_assert(t->mode == EAP_TEAP_UNKNOWN); -- -- char buf[256]; -- if (strstr(SSL_CIPHER_description(SSL_get_current_cipher(tls_session->ssl), -- buf, sizeof(buf)), "Au=None")) { -- /* FIXME enforce MSCHAPv2 - RFC 7170 */ -- RDEBUG2("Phase 2: Using anonymous provisioning"); -- t->mode = EAP_TEAP_PROVISIONING_ANON; -- } else { -- if (SSL_session_reused(tls_session->ssl)) { -- RDEBUG("Phase 2: Outer session was resumed"); -- t->mode = EAP_TEAP_NORMAL_AUTH; -- } else { -- RDEBUG2("Phase 2: Using authenticated provisioning"); -- t->mode = EAP_TEAP_PROVISIONING_AUTH; -- } -- } -- -- eap_teap_init_keys(request, tls_session); -- -- -- /* RFC7170, Appendix C.6 */ -- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY); -- if (vp) { -- RDEBUG("Phase 2: Sending Identity-Type = %s", (vp->vp_short == 1) ? "User" : "Machine"); -- eap_teap_append_identity_type(tls_session, vp->vp_short); -- -- if (t->num_identities == 2) { -- RDEBUG("Phase 2: Configured to send too many identities, failing the session"); -- goto fail; -- } -- -- t->identity_types[t->num_identities++] = vp->vp_short; -- -- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s", -- (vp->vp_short == 1) ? "User" : "Machine"); -- fr_pair_delete(&request->state, vp); -- } -- -- /* -- * We always start off with an EAP-Identity-Request. -- */ -- if (t->default_method || (vp && t->eap_method[vp->vp_short])) { -- eap_teap_append_eap_identity_request(request, tls_session, eap_session); -- } else { -- RDEBUG("Phase 2: No %s EAP method configured - sending Basic-Password-Auth-Req = \"\"", -- !vp ? "" : (vp->vp_short == 1) ? "User" : "Machine"); -- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, 0, ""); -- } -- -- t->stage = AUTHENTICATION; -- -- tls_handshake_send(request, tls_session); -- -- return PW_CODE_ACCESS_CHALLENGE; -- } -- -- teap_vps = eap_teap_teap2vp(request, tls_session->ssl, data, data_len, NULL, NULL); -- -- RDEBUG("Phase 2: Got Tunneled TEAP TLVs"); -- rdebug_pair_list(L_DBG_LVL_1, request, teap_vps, NULL); -- -- code = eap_teap_process_tlvs(request, eap_session, tls_session, teap_vps); -- -- fr_pair_list_free(&teap_vps); -- -- if (code == PW_CODE_ACCESS_REJECT) return PW_CODE_ACCESS_REJECT; -- -- switch (t->stage) { -- case AUTHENTICATION: -- code = PW_CODE_ACCESS_CHALLENGE; -- break; -- -- case PROVISIONING: -- if (!t->result_final) { -- t->result_final = true; -- eap_teap_append_result(request, tls_session, code); -- } -- /* FALL-THROUGH */ -- -- case COMPLETE: -- /* -- * TEAP wants to use it's own MSK, so boo to eap_tls_gen_mppe_keys() -- */ -- eap_add_reply(request, "MS-MPPE-Recv-Key", t->msk, EAPTLS_MPPE_KEY_LEN); -- eap_add_reply(request, "MS-MPPE-Send-Key", &t->msk[EAPTLS_MPPE_KEY_LEN], EAPTLS_MPPE_KEY_LEN); -- eap_add_reply(request, "EAP-MSK", t->msk, sizeof(t->msk)); -- eap_add_reply(request, "EAP-EMSK", t->emsk, sizeof(t->emsk)); -- -- break; -- -- default: -- RERROR("Internal sanity check failed in EAP-TEAP at %d", t->stage); -- fail: -- code = PW_CODE_ACCESS_REJECT; -- } -- -- tls_handshake_send(request, tls_session); -- -- return code; --} -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h -deleted file mode 100644 -index 59f7835a26..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h -+++ /dev/null -@@ -1,176 +0,0 @@ --/* -- * eap_teap.h -- * -- * Version: $Id$ -- * -- * Copyright (C) 2022 Network RADIUS SARL -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ --#ifndef _EAP_TEAP_H --#define _EAP_TEAP_H -- --RCSIDH(eap_teap_h, "$Id$") -- --#include "eap_tls.h" -- --#define EAP_TEAP_VERSION 1 -- --#define EAP_TEAP_MSK_LEN 64 --#define EAP_TEAP_EMSK_LEN 64 --#define EAP_TEAP_IMSK_LEN 32 --#define EAP_TEAP_SKS_LEN 40 --#define EAP_TEAP_SIMCK_LEN 40 --#define EAP_TEAP_CMK_LEN 20 -- --#define EAP_TEAP_TLV_MANDATORY 0x8000 --#define EAP_TEAP_TLV_TYPE 0x3fff -- --#define EAP_TEAP_ERR_TUNNEL_COMPROMISED 2001 --#define EAP_TEAP_ERR_UNEXPECTED_TLV 2002 -- --/* intermediate result values also match */ --#define EAP_TEAP_TLV_RESULT_SUCCESS 1 --#define EAP_TEAP_TLV_RESULT_FAILURE 2 -- --#define EAP_TEAP_IDENTITY_TYPE_USER 1 --#define EAP_TEAP_IDENTITY_TYPE_MACHINE 2 -- --#define PW_EAP_TEAP_TLV_IDENTITY_TYPE (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_IDENTITY_TYPE << 8)) --#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ << 8)) --#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP << 8)) -- --typedef enum eap_teap_stage_t { -- TLS_SESSION_HANDSHAKE = 0, -- AUTHENTICATION, -- PROVISIONING, -- COMPLETE --} eap_teap_stage_t; -- --typedef enum eap_teap_auth_type { -- EAP_TEAP_UNKNOWN = 0, -- EAP_TEAP_PROVISIONING_ANON, -- EAP_TEAP_PROVISIONING_AUTH, -- EAP_TEAP_NORMAL_AUTH --} eap_teap_auth_type_t; -- --/* RFC 7170, Section 4.2.13 - Crypto-Binding TLV */ --typedef struct eap_tlv_crypto_binding_tlv_t { -- uint8_t reserved; -- uint8_t version; -- uint8_t received_version; -- uint8_t subtype; /* Flags[4b] and Sub-Type[4b] */ -- uint8_t nonce[32]; -- uint8_t emsk_compound_mac[20]; -- uint8_t msk_compound_mac[20]; --} CC_HINT(__packed__) eap_tlv_crypto_binding_tlv_t; -- --typedef enum eap_teap_tlv_type_t { -- EAP_TEAP_TLV_RESERVED_0 = 0, // 0 -- EAP_TEAP_TLV_AUTHORITY, // 1 -- EAP_TEAP_TLV_IDENTITY_TYPE, // 2 -- EAP_TEAP_TLV_RESULT, // 3 -- EAP_TEAP_TLV_NAK, // 4 -- EAP_TEAP_TLV_ERROR, // 5 -- EAP_TEAP_TLV_CHANNEL_BINDING, // 6 -- EAP_TEAP_TLV_VENDOR_SPECIFIC, // 7 -- EAP_TEAP_TLV_REQUEST_ACTION, // 8 -- EAP_TEAP_TLV_EAP_PAYLOAD, // 9 -- EAP_TEAP_TLV_INTERMED_RESULT, // 10 -- EAP_TEAP_TLV_PAC, // 11 -- EAP_TEAP_TLV_CRYPTO_BINDING, // 12 -- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, // 13 -- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP, // 14 -- EAP_TEAP_TLV_PKCS7, // 15 -- EAP_TEAP_TLV_PKCS10, // 16 -- EAP_TEAP_TLV_TRUSTED_ROOT, // 17 -- EAP_TEAP_TLV_MAX --} eap_teap_tlv_type_t; -- --typedef enum eap_teap_tlv_crypto_binding_tlv_flags_t { -- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK = 1, // 1 -- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK, // 2 -- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH // 3 --} eap_teap_tlv_crypto_binding_tlv_flags_t; -- --typedef enum eap_teap_tlv_crypto_binding_tlv_subtype_t { -- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST = 0, // 0 -- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE // 1 --} eap_teap_tlv_crypto_binding_tlv_subtype_t; -- --typedef struct teap_imck_t { -- uint8_t simck[EAP_TEAP_SIMCK_LEN]; -- uint8_t cmk[EAP_TEAP_CMK_LEN]; --} CC_HINT(__packed__) teap_imck_t; -- --typedef struct { -- bool required; -- bool sent; -- uint8_t received; --} teap_auth_t; -- --typedef struct teap_tunnel_t { -- VALUE_PAIR *username; -- VALUE_PAIR *state; -- VALUE_PAIR *accept_vps; -- bool copy_request_to_tunnel; -- bool use_tunneled_reply; -- -- bool authenticated; -- int received_version; -- -- int mode; -- eap_teap_stage_t stage; -- -- int num_identities; -- uint16_t identity_types[2]; -- -- teap_auth_t auths[3]; /* so we can index by Identity-Type */ -- -- int imckc; -- bool imck_emsk_available; -- struct teap_imck_t imck_msk; -- struct teap_imck_t imck_emsk; -- -- uint8_t msk[EAP_TEAP_MSK_LEN]; -- uint8_t emsk[EAP_TEAP_EMSK_LEN]; -- -- int default_method; -- int eap_method[3]; -- -- bool result_final; -- bool auto_chain; //!< do we automatically chain identities -- bool sent_basic_password; -- --#ifdef WITH_PROXY -- bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated -- //!< protocol. --#endif -- char const *virtual_server; --} teap_tunnel_t; -- --/* -- * Process the TEAP portion of an EAP-TEAP request. -- */ --PW_CODE eap_teap_process(eap_handler_t *handler, tls_session_t *tls_session) CC_HINT(nonnull); -- --/* -- * A bunch of EAP-TEAP helper functions. -- */ --VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, UNUSED SSL *ssl, uint8_t const *data, -- size_t data_len, DICT_ATTR const *teap_da, vp_cursor_t *out); -- --#endif /* _EAP_TEAP_H */ -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c -deleted file mode 100644 -index 17f49f9dfc..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c -+++ /dev/null -@@ -1,198 +0,0 @@ --/* -- * teap-crypto.c Cryptographic functions for EAP-TEAP. -- * -- * Version: $Id$ -- * -- * Copyright (C) 2022 Network RADIUS SARL -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --RCSID("$Id$") --USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ -- --#include --#include -- --#include --#include --#include -- --#include "eap_teap_crypto.h" -- --# define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log -- --static void debug_errors(void) --{ -- unsigned long errCode; -- -- while((errCode = ERR_get_error())) { -- char *err = ERR_error_string(errCode, NULL); -- DEBUG("EAP-TEAP error in OpenSSL - %s", err); -- } --} -- --// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode --int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len, -- uint8_t const *aad, size_t aad_len, -- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext, -- uint8_t *tag) --{ -- EVP_CIPHER_CTX *ctx; -- -- int len; -- -- int ciphertext_len; -- -- -- /* Create and initialise the context */ -- if (!(ctx = EVP_CIPHER_CTX_new())) { -- debug_errors(); -- return -1; -- }; -- -- /* Initialise the encryption operation. */ -- if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { -- debug_errors(); -- return -1; -- }; -- -- /* Set IV length if default 12 bytes (96 bits) is not appropriate */ -- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) { -- debug_errors(); -- return -1; -- }; -- -- /* Initialise key and IV */ -- if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { -- debug_errors(); -- return -1; -- }; -- -- /* Provide any AAD data. This can be called zero or more times as -- * required -- */ -- if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) { -- debug_errors(); -- return -1; -- }; -- -- /* Provide the message to be encrypted, and obtain the encrypted output. -- * EVP_EncryptUpdate can be called multiple times if necessary -- */ -- if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) { -- debug_errors(); -- return -1; -- }; -- ciphertext_len = len; -- -- /* Finalise the encryption. Normally ciphertext bytes may be written at -- * this stage, but this does not occur in GCM mode -- */ -- if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { -- debug_errors(); -- return -1; -- }; -- ciphertext_len += len; -- -- /* Get the tag */ -- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) { -- debug_errors(); -- return -1; -- }; -- -- /* Clean up */ -- EVP_CIPHER_CTX_free(ctx); -- -- return ciphertext_len; --} -- --int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len, -- uint8_t const *aad, size_t aad_len, -- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext) --{ -- EVP_CIPHER_CTX *ctx; -- int len; -- int plaintext_len; -- int ret; -- -- /* Create and initialise the context */ -- if (!(ctx = EVP_CIPHER_CTX_new())) { -- debug_errors(); -- return -1; -- }; -- -- /* Initialise the decryption operation. */ -- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { -- debug_errors(); -- return -1; -- }; -- -- /* Set IV length. Not necessary if this is 12 bytes (96 bits) */ -- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) { -- debug_errors(); -- return -1; -- }; -- -- /* Initialise key and IV */ -- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { -- debug_errors(); -- return -1; -- }; -- -- /* Provide any AAD data. This can be called zero or more times as -- * required -- */ -- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) { -- debug_errors(); -- return -1; -- }; -- -- /* Provide the message to be decrypted, and obtain the plaintext output. -- * EVP_DecryptUpdate can be called multiple times if necessary -- */ -- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) { -- debug_errors(); -- return -1; -- }; -- plaintext_len = len; -- -- { -- unsigned char *tmp; -- -- memcpy(&tmp, &tag, sizeof(tmp)); -- -- /* Set expected tag value. Works in OpenSSL 1.0.1d and later */ -- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) { -- debug_errors(); -- return -1; -- }; -- } -- -- /* Finalise the decryption. A positive return value indicates success, -- * anything else is a failure - the plaintext is not trustworthy. -- */ -- ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len); -- -- /* Clean up */ -- EVP_CIPHER_CTX_free(ctx); -- -- if (ret < 0) return -1; -- -- /* Success */ -- plaintext_len += len; -- return plaintext_len; --} -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h -deleted file mode 100644 -index b02f2b9083..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h -+++ /dev/null -@@ -1,39 +0,0 @@ --/* -- * eap_teap_crypto.h -- * -- * Version: $Id$ -- * -- * Copyright (C) 2022 Network RADIUS SARL -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --#ifndef _EAP_TEAP_CRYPTO_H --#define _EAP_TEAP_CRYPTO_H -- --RCSIDH(eap_teap_crypto_h, "$Id$") -- -- --int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len, -- uint8_t const *aad, size_t aad_len, -- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext, -- uint8_t *tag); -- --int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len, -- uint8_t const *aad, size_t aad_len, -- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext); -- --#endif /* _EAP_TEAP_CRYPTO_H */ -diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c -deleted file mode 100644 -index f2e2cc3d40..0000000000 ---- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c -+++ /dev/null -@@ -1,569 +0,0 @@ --/* -- * rlm_eap_teap.c contains the interfaces that are called from eap -- * -- * Version: $Id$ -- * -- * Copyright (C) 2022 Network RADIUS SARL -- * -- * This software may not be redistributed in any form without the prior -- * written consent of Network RADIUS. -- * -- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --RCSID("$Id$") --USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ -- --#include "eap_teap.h" -- --typedef struct rlm_eap_teap_t { -- /* -- * TLS configuration -- */ -- char const *tls_conf_name; -- fr_tls_server_conf_t *tls_conf; -- -- /* -- * Default tunneled EAP type -- */ -- char const *default_method_name; -- int default_method; -- -- /* -- * User tunneled EAP type -- */ -- char const *user_method_name; -- -- /* -- * Machine tunneled EAP type -- */ -- char const *machine_method_name; -- -- int eap_method[3]; -- -- -- /* -- * Use the reply attributes from the tunneled session in -- * the non-tunneled reply to the client. -- */ -- bool use_tunneled_reply; -- -- /* -- * Use SOME of the request attributes from outside of the -- * tunneled session in the tunneled request -- */ -- bool copy_request_to_tunnel; -- -- /* -- * Do we do require a client cert? -- */ -- bool req_client_cert; -- -- char const *authority_identity; -- -- uint16_t identity_type[2]; -- -- char const *identity_type_name; -- -- /* -- * Virtual server for inner tunnel session. -- */ -- char const *virtual_server; --} rlm_eap_teap_t; -- -- --static CONF_PARSER module_config[] = { -- { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, tls_conf_name), NULL }, -- { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, default_method_name), .dflt = "" }, -- { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, copy_request_to_tunnel), "no" }, -- { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, use_tunneled_reply), "no" }, -- { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, req_client_cert), "no" }, -- { "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_teap_t, authority_identity), NULL }, -- { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, virtual_server), NULL }, -- { "identity_types", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, identity_type_name), NULL }, -- -- { "user_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, user_method_name), .dflt = "" }, -- { "machine_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, machine_method_name), .dflt = "" }, -- CONF_PARSER_TERMINATOR --}; -- --static const bool allowed[PW_EAP_MAX_TYPES] = { -- [PW_EAP_SIM] = true, -- [PW_EAP_TLS] = true, -- [PW_EAP_MSCHAPV2] = true, -- [PW_EAP_PWD] = true, --}; -- --/* -- * Attach the module. -- */ --static int mod_instantiate(CONF_SECTION *cs, void **instance) --{ -- rlm_eap_teap_t *inst; -- -- *instance = inst = talloc_zero(cs, rlm_eap_teap_t); -- if (!inst) return -1; -- -- /* -- * Parse the configuration attributes. -- */ -- if (cf_section_parse(cs, inst, module_config) < 0) { -- return -1; -- } -- -- if (!inst->virtual_server) { -- ERROR("rlm_eap_teap: A 'virtual_server' MUST be defined for security"); -- return -1; -- } -- -- /* -- * Convert the name to an integer, to make it easier to -- * handle. -- */ -- if (inst->default_method_name && *inst->default_method_name) { -- inst->default_method = eap_name2type(inst->default_method_name); -- if (inst->default_method < 0) { -- ERROR("rlm_eap_teap: Unknown EAP type %s", -- inst->default_method_name); -- return -1; -- } -- } -- -- /* -- * @todo - allow a special value like 'basic-password', which -- * means that we propose the Basic-Password-Auth-Req TLV during Phase 2. -- * -- * @todo - and then also track the username across -- * multiple rounds, including some kind of State which -- * can be used to signal where we are in the negotiation -- * process. -- */ -- if (inst->user_method_name && *inst->user_method_name) { -- int method = eap_name2type(inst->user_method_name); -- -- if (method < 0) { -- ERROR("rlm_eap_teap: Unknown User EAP type %s", -- inst->user_method_name); -- return -1; -- } -- -- if (!allowed[method]) { -- ERROR("rlm_eap_teap: Invalid User EAP type %s", -- inst->user_method_name); -- return -1; -- } -- -- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_USER] = method; -- } -- -- if (inst->machine_method_name && *inst->machine_method_name) { -- int method; -- -- method = eap_name2type(inst->machine_method_name); -- if (method < 0) { -- ERROR("rlm_eap_teap: Unknown Machine EAP type %s", -- inst->machine_method_name); -- return -1; -- } -- -- if (!allowed[method]) { -- ERROR("rlm_eap_teap: Invalid Machine EAP type %s", -- inst->machine_method_name); -- return -1; -- } -- -- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_MACHINE] = method; -- } -- -- /* -- * Read tls configuration, either from group given by 'tls' -- * option, or from the eap-tls configuration. -- */ -- inst->tls_conf = eaptls_conf_parse(cs, "tls"); -- -- if (!inst->tls_conf) { -- ERROR("rlm_eap_teap: Failed initializing SSL context"); -- return -1; -- } -- -- /* -- * Parse default identities -- */ -- if (inst->identity_type_name) { -- char const *p; -- int i; -- -- p = inst->identity_type_name; -- i = 0; -- -- while (*p) { -- while (isspace((uint8_t) *p)) p++; -- -- if (strncasecmp(p, "user", 4) == 0) { -- inst->identity_type[i] = 1; -- p += 4; -- -- } else if (strncasecmp(p, "machine", 7) == 0) { -- inst->identity_type[i] = 2; -- p += 7; -- -- } else { -- invalid_identity: -- cf_log_err_cs(cs, "Invalid value in identity_types = '%s' at %s", -- inst->identity_type_name, p); -- return -1; -- } -- -- i++; -- -- while (isspace((uint8_t) *p)) p++; -- -- /* -- * We only support two things. -- */ -- if ((i == 2) && *p) goto invalid_identity; -- -- if (!*p) break; -- -- if (*p != ',') goto invalid_identity; -- -- p++; -- } -- } -- -- return 0; --} -- --/* -- * Allocate the TEAP per-session data -- */ --static teap_tunnel_t *teap_alloc(TALLOC_CTX *ctx, rlm_eap_teap_t *inst) --{ -- teap_tunnel_t *t; -- -- t = talloc_zero(ctx, teap_tunnel_t); -- -- t->received_version = -1; -- t->default_method = inst->default_method; -- memcpy(&t->eap_method, &inst->eap_method, sizeof(t->eap_method)); -- t->copy_request_to_tunnel = inst->copy_request_to_tunnel; -- t->use_tunneled_reply = inst->use_tunneled_reply; -- t->virtual_server = inst->virtual_server; -- return t; --} -- -- --/* -- * Send an initial eap-tls request to the peer, using the libeap functions. -- */ --static int mod_session_init(void *type_arg, eap_handler_t *handler) --{ -- int status; -- tls_session_t *ssn; -- rlm_eap_teap_t *inst; -- VALUE_PAIR *vp; -- bool client_cert; -- REQUEST *request = handler->request; -- -- inst = type_arg; -- -- handler->tls = true; -- -- if (request->parent) { -- RWDEBUG("----------------------------------------------------------------------"); -- RWDEBUG("You have configured TEAP to run inside of TEAP. THIS WILL NOT WORK."); -- RWDEBUG("Supported inner methods for TEAP are EAP-TLS, EAP-MSCHAPv2, and PAP."); -- RWDEBUG("Other methods may work, but are not actively supported."); -- RWDEBUG("----------------------------------------------------------------------"); -- } -- -- /* -- * Check if we need a client certificate. -- */ -- -- /* -- * EAP-TLS-Require-Client-Cert attribute will override -- * the require_client_cert configuration option. -- */ -- vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY); -- if (vp) { -- client_cert = vp->vp_integer ? true : false; -- } else { -- client_cert = inst->req_client_cert; -- } -- -- /* -- * Disallow TLS 1.3 for now. -- */ -- ssn = eaptls_session(handler, inst->tls_conf, client_cert, false); -- if (!ssn) { -- return 0; -- } -- -- handler->opaque = ((void *)ssn); -- -- /* -- * As TEAP is a unique special snowflake and wants to use its -- * own rolling MSK for MPPE we we set the label to NULL so in that -- * eaptls_gen_mppe_keys() is NOT called in eaptls_success. -- */ -- ssn->label = NULL; -- -- /* -- * Really just protocol version. -- */ -- ssn->peap_flag = EAP_TEAP_VERSION; -- -- /* -- * hostapd's wpa_supplicant gets upset if we include all the -- * S+L+O flags but is happy with S+O (TLS payload is zero bytes -- * for S anyway) - FIXME not true for early-data TLSv1.3! -- */ -- ssn->length_flag = false; -- -- vp = fr_pair_make(ssn, NULL, "FreeRADIUS-EAP-TEAP-Authority-ID", inst->authority_identity, T_OP_EQ); -- fr_pair_add(&ssn->outer_tlvs_server, vp); -- -- /* -- * Be nice about identity types. -- */ -- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY); -- if (vp) { -- RDEBUG("Found &session-state:FreeRADIUS-EAP-TEAP-Identity-Type, not setting from configuration"); -- -- } else if (!inst->identity_type[0]) { -- RWDEBUG("No &session-state:FreeRADIUS-EAP-TEAP-Identity-Type was found."); -- RWDEBUG("No 'identity_types' was set in the configuration. TEAP will likely not work."); -- -- } else { -- teap_tunnel_t *t; -- -- fr_assert(ssn->opaque == NULL); -- -- ssn->opaque = teap_alloc(ssn, inst); -- t = (teap_tunnel_t *) ssn->opaque; -- -- /* -- * We automatically add &session-state:FreeRADIUS-EAP-TEAP-Identity-Type -- * to control the flow. -- */ -- t->auto_chain = true; -- -- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_SET); -- if (vp) { -- vp->vp_short = inst->identity_type[0]; -- RDEBUG("Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = %s", -- (vp->vp_short == 1) ? "User" : "Machine"); -- -- t->auths[vp->vp_short].required = true; -- } -- -- if (inst->identity_type[1]) { -- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_ADD); -- if (vp) { -- vp->vp_short = inst->identity_type[1]; -- RDEBUG("Followed by &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s", -- (vp->vp_short == 1) ? "User" : "Machine"); -- -- t->auths[vp->vp_short].required = true; -- } -- } -- } -- -- /* -- * TLS session initialization is over. Now handle TLS -- * related handshaking or application data. -- */ -- status = eaptls_request(handler->eap_ds, ssn, true); -- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) { -- REDEBUG("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "")); -- } else { -- RDEBUG3("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "")); -- } -- if (status == 0) return 0; -- -- /* -- * The next stage to process the packet. -- */ -- handler->stage = PROCESS; -- -- return 1; --} -- -- --/* -- * Do authentication, by letting EAP-TLS do most of the work. -- */ --static int mod_process(void *arg, eap_handler_t *handler) --{ -- int rcode; -- int ret = 0; -- fr_tls_status_t status; -- rlm_eap_teap_t *inst = (rlm_eap_teap_t *) arg; -- tls_session_t *tls_session = (tls_session_t *) handler->opaque; -- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque; -- REQUEST *request = handler->request; -- -- RDEBUG2("Authenticate"); -- -- /* -- * Process TLS layer until done. -- */ -- status = eaptls_process(handler); -- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) { -- REDEBUG("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "")); -- } else { -- RDEBUG3("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "")); -- } -- -- /* -- * Make request available to any SSL callbacks -- */ -- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); -- switch (status) { -- /* -- * EAP-TLS handshake was successful, tell the -- * client to keep talking. -- * -- * If this was EAP-TLS, we would just return -- * an EAP-TLS-Success packet here. -- */ -- case FR_TLS_SUCCESS: -- if (SSL_session_reused(tls_session->ssl)) { -- RDEBUG("Skipping Phase2 due to session resumption"); -- goto do_keys; -- } -- -- if (t && t->authenticated) { -- if (t->accept_vps) { -- RDEBUG2("Using saved attributes from the original Access-Accept"); -- rdebug_pair_list(L_DBG_LVL_2, request, t->accept_vps, NULL); -- fr_pair_list_mcopy_by_num(handler->request->reply, -- &handler->request->reply->vps, -- &t->accept_vps, 0, 0, TAG_ANY); -- } else if (t->use_tunneled_reply) { -- RDEBUG2("No saved attributes in the original Access-Accept"); -- } -- -- do_keys: -- /* -- * Success: Automatically return MPPE keys. -- */ -- ret = eaptls_success(handler, 0); -- goto done; -- } -- goto phase2; -- -- /* -- * The TLS code is still working on the TLS -- * exchange, and it's a valid TLS request. -- * do nothing. -- */ -- case FR_TLS_HANDLED: -- ret = 1; -- goto done; -- -- /* -- * Handshake is done, proceed with decoding tunneled -- * data. -- */ -- case FR_TLS_OK: -- break; -- -- /* -- * Anything else: fail. -- */ -- default: -- ret = 0; -- goto done; -- } -- --phase2: -- /* -- * Session is established, proceed with decoding -- * tunneled data. -- */ -- RDEBUG2("Session established. Proceeding to decode tunneled attributes"); -- -- /* -- * We may need TEAP data associated with the session, so -- * allocate it here, if it wasn't already alloacted. -- */ -- if (!tls_session->opaque) { -- tls_session->opaque = teap_alloc(tls_session, inst); -- t = (teap_tunnel_t *) tls_session->opaque; -- } -- -- if (t->received_version < 0) { -- t->received_version = handler->eap_ds->response->type.data[0] & 0x07; -- -- /* -- * We only support TEAPv1. -- */ -- if (t->received_version != EAP_TEAP_VERSION) { -- RDEBUG("Invalid TEAP version received. Expected 1, got %u", t->received_version); -- goto fail; -- } -- } -- -- /* -- * Process the TEAP portion of the request. -- */ -- rcode = eap_teap_process(handler, tls_session); -- switch (rcode) { -- case PW_CODE_ACCESS_REJECT: -- fail: -- eaptls_fail(handler, 0); -- ret = 0; -- goto done; -- -- /* -- * Access-Challenge, continue tunneled conversation. -- */ -- case PW_CODE_ACCESS_CHALLENGE: -- eaptls_request(handler->eap_ds, tls_session, false); -- ret = 1; -- goto done; -- -- /* -- * Success: Automatically return MPPE keys. -- */ -- case PW_CODE_ACCESS_ACCEPT: -- goto do_keys; -- -- default: -- break; -- } -- -- /* -- * Something we don't understand: Reject it. -- */ -- eaptls_fail(handler, 0); -- --done: -- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL); -- -- return ret; --} -- --/* -- * The module name should be the only globally exported symbol. -- * That is, everything else should be 'static'. -- */ --extern rlm_eap_module_t rlm_eap_teap; --rlm_eap_module_t rlm_eap_teap = { -- .name = "eap_teap", -- .instantiate = mod_instantiate, /* Create new submodule instance */ -- .session_init = mod_session_init, /* Initialise a new EAP session */ -- .process = mod_process /* Process next round of EAP method */ --}; --- -2.34.1 - diff --git a/meta-networking/recipes-connectivity/freeradius/files/0019-update-license-2.patch b/meta-networking/recipes-connectivity/freeradius/files/0019-update-license-2.patch new file mode 100644 index 0000000000..4fa3ecd265 --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0019-update-license-2.patch @@ -0,0 +1,52 @@ +From a46e81a7764b57983ce6724524f745a06222dc0a Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Tue, 28 Oct 2025 11:33:44 -0400 +Subject: [PATCH] update license + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/a46e81a7764b57983ce6724524f745a06222dc0a] + +Signed-off-by: Yi Zhao +--- + .../rlm_proxy_rate_limit.c | 25 ++++++++----------- + 1 file changed, 11 insertions(+), 14 deletions(-) + +diff --git a/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c b/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c +index 744b14a448..a855273784 100644 +--- a/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c ++++ b/src/modules/rlm_proxy_rate_limit/rlm_proxy_rate_limit.c +@@ -1,20 +1,17 @@ + /* +- * Copyright (C) 2024 Network RADIUS SAS (legal@networkradius.com) ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + + /** +-- +2.43.0 + diff --git a/meta-networking/recipes-connectivity/freeradius/files/0020-update-license-3.patch b/meta-networking/recipes-connectivity/freeradius/files/0020-update-license-3.patch new file mode 100644 index 0000000000..f77c585bda --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0020-update-license-3.patch @@ -0,0 +1,101 @@ +From d00440f3290871aef667f80e15f256c64f9b7cd6 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Wed, 29 Oct 2025 09:45:17 -0400 +Subject: [PATCH] update license + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/d00440f3290871aef667f80e15f256c64f9b7cd6] + +Signed-off-by: Yi Zhao +--- + .../types/rlm_eap_teap/eap_teap_crypto.c | 30 +++++++------------ + .../types/rlm_eap_teap/eap_teap_crypto.h | 30 +++++++------------ + 2 files changed, 22 insertions(+), 38 deletions(-) + +diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c +index 17f49f9dfc..aaa74837a9 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c ++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c +@@ -1,26 +1,18 @@ + /* +- * teap-crypto.c Cryptographic functions for EAP-TEAP. ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * Version: $Id$ ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * Copyright (C) 2022 Network RADIUS SARL +- * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ +- + RCSID("$Id$") + USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ + +diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h +index b02f2b9083..f9403dcf93 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h ++++ b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h +@@ -1,26 +1,18 @@ + /* +- * eap_teap_crypto.h ++ * This program is is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or (at ++ * your option) any later version. + * +- * Version: $Id$ ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. + * +- * Copyright (C) 2022 Network RADIUS SARL +- * +- * This software may not be redistributed in any form without the prior +- * written consent of Network RADIUS. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ +- + #ifndef _EAP_TEAP_CRYPTO_H + #define _EAP_TEAP_CRYPTO_H + +-- +2.43.0 + diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.8.bb similarity index 97% rename from meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb rename to meta-networking/recipes-connectivity/freeradius/freeradius_3.2.8.bb index d3c34e1d93..2de6ce5bae 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.8.bb @@ -37,13 +37,14 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0 file://0015-bootstrap-check-commands-of-openssl-exist.patch \ file://0016-version.c-don-t-print-build-flags.patch \ file://0017-Add-acinclude.m4-to-include-required-macros.patch \ - file://0018-Fix-Service-start-error.patch \ - file://0019-freeradius-Remove-files-which-have-license-issues.patch \ + file://0018-update-license-1.patch \ + file://0019-update-license-2.patch \ + file://0020-update-license-3.patch \ " raddbdir = "${sysconfdir}/${MLPREFIX}raddb" -SRCREV = "694a97dddbdd26423504afe7c530e8e1502b7354" +SRCREV = "032be31bb52646171099617928ec1703335bcf73" UPSTREAM_CHECK_GITTAGREGEX = "release_(?P\d+(\_\d+)+)" @@ -84,7 +85,6 @@ EXTRA_OECONF = " --enable-strict-dependencies \ --without-rlm_securid \ --without-rlm_unbound \ --without-rlm_python \ - --without-rlm_eap_teap \ ac_cv_path_PERL=${bindir}/perl \ ax_cv_cc_builtin_choose_expr=no \ ax_cv_cc_builtin_types_compatible_p=no \ @@ -113,6 +113,7 @@ PACKAGECONFIG[ruby] = "--with-rlm_ruby,--without-rlm_ruby,ruby" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl" PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast" PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd" +PACKAGECONFIG[kafka] = "--with-rlm_kafka, --without-rlm_kafka, librdkafka" inherit useradd autotools-brokensep update-rc.d systemd multilib_script multilib_header