diff --git a/net/mpd/Makefile b/net/mpd/Makefile index 52ec347e..d10768db 100644 --- a/net/mpd/Makefile +++ b/net/mpd/Makefile @@ -2,12 +2,11 @@ # $Id$ # PORTNAME= mpd -DISTVERSION= 5.8 +DISTVERSION= 5.9 CATEGORIES= net MASTER_SITES= SF/${PORTNAME}/Mpd5/Mpd-${PORTVERSION} DIST_SUBDIR= mpd5 - MAINTAINER= onborodin@gmail.com COMMENT= Multi-link PPP daemon based on netgraph(4) @@ -19,16 +18,22 @@ HAS_CONFIGURE= yes CONFIGURE_WRKSRC= ${WRKSRC}/src MAKE_ENV+= LC_ALL=C +CONFIGURE_ENV+= USE_NG_IPACCT=no +MAKE_ARGS+= USE_NG_IPACCT=no +CONFIGURE_ENV+= USE_RADIUS=no +MAKE_ARGS+= USE_RADIUS=no + + #DOCSDIR= share/doc/${PORTNAME} MAKE_ENV+= DOCSDIR=${PREFIX}/${DOCSDIR} SUB_LIST+= DOCSDIR=${DOCSDIR} -CONFIGURE_ENV+= USE_NG_IPACCT=no -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-no-ng_ipacct +#CONFIGURE_ENV+= USE_NG_IPACCT=no +#EXTRA_PATCHES+= ${FILESDIR}/extra-patch-no-ng_ipacct MANCOMPRESSED= maybe -USE_RC_SUBR+= mpd.sh +USE_RC_SUBR+= mpd5 pre-install: ${MKDIR} ${STAGEDIR}${PREFIX}/sbin diff --git a/net/mpd/distinfo b/net/mpd/distinfo index a85627f0..585d1249 100644 --- a/net/mpd/distinfo +++ b/net/mpd/distinfo @@ -1,2 +1,3 @@ -SHA256 (mpd5/mpd-5.8.tar.gz) = 8c59e01c79c5d35ecfd0d540ddf37dd1eed8da9c980fa4c5b01ed50bb53e7665 -SIZE (mpd5/mpd-5.8.tar.gz) = 597043 +TIMESTAMP = 1646041272 +SHA256 (mpd5/mpd-5.9.tar.gz) = 1f2cda9b3e610713f94e90f3826bbb0d638c6fb678986b1eaa9cd9930b0d66ba +SIZE (mpd5/mpd-5.9.tar.gz) = 627566 diff --git a/net/mpd/files/mpd.sh.in b/net/mpd/files/mpd.sh.in deleted file mode 100644 index dc7defd7..00000000 --- a/net/mpd/files/mpd.sh.in +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# -# PROVIDE: mpd -# REQUIRE: SERVERS -# BEFORE: DAEMON -# KEYWORD: shutdown -# -. /etc/rc.subr - -name="mpd" -rcvar="mpd_enable" - -load_rc_config ${name} - -: ${mpd_enable="NO"} -#: ${mpd_flags="-b"} - -pidfile="/var/run/${name}.pid" -command="%%PREFIX%%/sbin/${name}" -required_files="%%PREFIX%%/etc/${name}/mpd.conf" - -case "${mpd_flags}" in -*-p\ *) - echo "ERROR: \$mpd_flags includes -p option." \ - "PID file is already set to $pidfile." - exit 1 - ;; -*) - command_args="-b -p ${pidfile} ${mpd_flags}" - ;; -esac - -run_rc_command "$1" -#EOF diff --git a/net/mpd/files/mpd5.in b/net/mpd/files/mpd5.in new file mode 100644 index 00000000..6fc0bd37 --- /dev/null +++ b/net/mpd/files/mpd5.in @@ -0,0 +1,40 @@ +#!/bin/sh + +# PROVIDE: mpd5 +# REQUIRE: netif +# BEFORE: routing +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable mpd5: +# mpd_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable mpd5. +# mpd_flags (string): Set to "-b" by default. +# Extra flags passed to start command. +# +# See mpd5(8) for flags. + +. /etc/rc.subr + +name="mpd5" +rcvar=mpd_enable + +load_rc_config ${name} + +: ${mpd_enable="NO"} +: ${mpd_flags="-b"} + +pidfile="/var/run/${name}.pid" +command="%%PREFIX%%/sbin/${name}" + +case "${mpd_flags}" in +*-p\ *) + echo "ERROR: \$mpd_flags includes -p option." \ + "PID file is already set to $pidfile." + exit 1 + ;; +*) + command_args="-p ${pidfile} ${mpd_flags}" + ;; +esac + +run_rc_command "$1" diff --git a/net/mpd/files/extra-patch-no-ng_ipacct b/net/mpd/files/old/extra-patch-no-ng_ipacct similarity index 100% rename from net/mpd/files/extra-patch-no-ng_ipacct rename to net/mpd/files/old/extra-patch-no-ng_ipacct diff --git a/net/mpd/files/patch-configure b/net/mpd/files/old/patch-configure similarity index 100% rename from net/mpd/files/patch-configure rename to net/mpd/files/old/patch-configure diff --git a/net/mpd/files/patch-console.c b/net/mpd/files/old/patch-console.c similarity index 100% rename from net/mpd/files/patch-console.c rename to net/mpd/files/old/patch-console.c diff --git a/net/mpd/files/patch-fixbuffer b/net/mpd/files/old/patch-fixbuffer similarity index 100% rename from net/mpd/files/patch-fixbuffer rename to net/mpd/files/old/patch-fixbuffer diff --git a/net/mpd/files/patch-fixstats b/net/mpd/files/old/patch-fixstats similarity index 100% rename from net/mpd/files/patch-fixstats rename to net/mpd/files/old/patch-fixstats diff --git a/net/mpd/files/patch-mtu-override b/net/mpd/files/old/patch-mtu-override similarity index 100% rename from net/mpd/files/patch-mtu-override rename to net/mpd/files/old/patch-mtu-override diff --git a/net/mpd/files/patch-src-Makefile b/net/mpd/files/old/patch-src-Makefile similarity index 100% rename from net/mpd/files/patch-src-Makefile rename to net/mpd/files/old/patch-src-Makefile diff --git a/net/mpd/files/patch-src_pppoe.c b/net/mpd/files/old/patch-src_pppoe.c similarity index 100% rename from net/mpd/files/patch-src_pppoe.c rename to net/mpd/files/old/patch-src_pppoe.c diff --git a/net/mpd/files/patch-x-conf-Makefile b/net/mpd/files/old/patch-x-conf-Makefile similarity index 100% rename from net/mpd/files/patch-x-conf-Makefile rename to net/mpd/files/old/patch-x-conf-Makefile diff --git a/net/mpd/files/patch-x-doc-Makefile b/net/mpd/files/old/patch-x-doc-Makefile similarity index 100% rename from net/mpd/files/patch-x-doc-Makefile rename to net/mpd/files/old/patch-x-doc-Makefile diff --git a/net/mpd/files/patch-x-src-Makefile b/net/mpd/files/old/patch-x-src-Makefile similarity index 100% rename from net/mpd/files/patch-x-src-Makefile rename to net/mpd/files/old/patch-x-src-Makefile diff --git a/net/mpd/files/patch-l2tp-ctrl-c.diff b/net/mpd/files/patch-l2tp-ctrl-c.diff new file mode 100644 index 00000000..3d766873 --- /dev/null +++ b/net/mpd/files/patch-l2tp-ctrl-c.diff @@ -0,0 +1,71 @@ +Index: src/l2tp_ctrl.c +=================================================================== +--- src/l2tp_ctrl.c (revision 2409) ++++ src/l2tp_ctrl.c (revision 2411) +@@ -244,7 +244,8 @@ Notes + ************************************************************************/ + + static int ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl, +- struct ppp_l2tp_avp_ptrs *ptrs); ++ struct ppp_l2tp_avp_ptrs *ptrs, ++ struct ppp_l2tp_avp_list *avps); + static int ppp_l2tp_ctrl_setup_2(struct ppp_l2tp_ctrl *ctrl, + struct ppp_l2tp_avp_ptrs *ptrs); + static void ppp_l2tp_ctrl_send(struct ppp_l2tp_ctrl *ctrl, +@@ -1031,7 +1032,8 @@ ppp_l2tp_sess_hooked(struct ppp_l2tp_sess *sess) { + */ + static int + ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl, +- struct ppp_l2tp_avp_ptrs *ptrs) ++ struct ppp_l2tp_avp_ptrs *ptrs, ++ struct ppp_l2tp_avp_list *avps) + { + /* Log */ + Log(LOG_INFO, ("L2TP: connected to \"%s\", version=%u.%u", +@@ -1092,7 +1094,7 @@ ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl, + MD5_Update(&md5ctx, &ptrs->challenge->value, ptrs->challenge->length); + MD5_Final(hash, &md5ctx); + +- if (ppp_l2tp_avp_list_append(ctrl->avps, 0, ++ if (ppp_l2tp_avp_list_append(avps, 0, + 0, AVP_CHALLENGE_RESPONSE, hash, sizeof(hash)) == -1) + return (0); + } +@@ -2085,7 +2087,7 @@ ppp_l2tp_handle_SCCRQ(struct ppp_l2tp_ctrl *ctrl, + + ok: + /* Do control connection setup */ +- if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs) == -1) ++ if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs, ctrl->avps) == -1) + return (-1); + + /* Send response and update state */ +@@ -2098,18 +2100,24 @@ static int + ppp_l2tp_handle_SCCRP(struct ppp_l2tp_ctrl *ctrl, + const struct ppp_l2tp_avp_list *avps, struct ppp_l2tp_avp_ptrs *ptrs) + { ++ struct ppp_l2tp_avp_list *avps0; ++ + (void)avps; ++ avps0 = ppp_l2tp_avp_list_create(); ++ + /* Do control connection setup */ +- if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs) == -1) ++ if ((ppp_l2tp_ctrl_setup_1(ctrl, ptrs, avps0) == -1) || ++ (ppp_l2tp_ctrl_setup_2(ctrl, ptrs) == -1)) { ++ ppp_l2tp_avp_list_destroy(&avps0); + return (-1); +- if (ppp_l2tp_ctrl_setup_2(ctrl, ptrs) == -1) +- return (-1); ++ } + + /* Send response and update state */ + ctrl->state = CS_ESTABLISHED; +- ppp_l2tp_ctrl_send(ctrl, 0, SCCCN, ctrl->avps); ++ ppp_l2tp_ctrl_send(ctrl, 0, SCCCN, avps0); + if (*ctrl->cb->ctrl_connected != NULL) + (*ctrl->cb->ctrl_connected)(ctrl); ++ ppp_l2tp_avp_list_destroy(&avps0); + return (0); + } + diff --git a/net/mpd/files/patch-l2tp-multihomed b/net/mpd/files/patch-l2tp-multihomed new file mode 100644 index 00000000..33ec387c --- /dev/null +++ b/net/mpd/files/patch-l2tp-multihomed @@ -0,0 +1,161 @@ +Index: src/util.c +=================================================================== +--- src/util.c (revision 2436) ++++ src/util.c (working copy) +@@ -16,8 +16,9 @@ + #include + #include + #include +-#include ++#include + #include ++#include + #include + #include + #include +@@ -1545,4 +1546,52 @@ IfaceSetFlag(const char *ifname, int value) + } + close(s); + return (0); ++} ++ ++/* ++ * Obtain some data, peer (source) and destination addresses of SOCK_DGRAM IPv4 UDP request. ++ */ ++ssize_t GetDataAddrs(int sock, void *dbuf, size_t dbufsize, ++ struct sockaddr_storage *peer, socklen_t peer_len, ++ struct u_addr *addr) ++{ ++ struct { ++ struct msghdr msg; ++ struct iovec iov; ++ } b; ++ union { /* ensure correct alignment for space */ ++ struct cmsghdr cm; ++ char space[CMSG_SPACE(sizeof(struct in_addr))]; ++ } buf; ++ ++ struct cmsghdr *p; ++ ssize_t size; ++ ++ /* Sanity check */ ++ if (addr->family != AF_INET) { ++ errno = EAFNOSUPPORT; ++ return (-1); ++ } ++ ++ b.msg.msg_name = peer; ++ b.msg.msg_namelen = peer_len; ++ b.msg.msg_iov = &b.iov; ++ b.msg.msg_iovlen = 1; ++ b.msg.msg_control = &buf; ++ b.msg.msg_controllen = sizeof(buf); ++ b.msg.msg_flags = 0; ++ ++ b.iov.iov_base = dbuf; ++ b.iov.iov_len = dbufsize; ++ ++ if ((size = recvmsg(sock, &b.msg, 0)) < 0) { ++ Perror("%s: recvmsg: %s", __FUNCTION__, strerror(errno)); ++ return (size); ++ } ++ ++ p = CMSG_FIRSTHDR(&b.msg); ++ if (p && p->cmsg_level == IPPROTO_IP && p->cmsg_type == IP_RECVDSTADDR) ++ memcpy(&addr->u.ip4, CMSG_DATA(p), sizeof(addr->u.ip4)); ++ ++ return (size); + } +Index: src/util.h +=================================================================== +--- src/util.h (revision 2436) ++++ src/util.h (working copy) +@@ -101,6 +101,10 @@ extern int GetPeerEther(struct u_addr *addr, struct so + extern void ppp_util_ascify(char *buf, size_t max, const char *bytes, size_t len); + extern int IfaceSetFlag(const char *ifname, int value); + ++ssize_t GetDataAddrs(int sock, void *dbuf, size_t dbufsize, ++ struct sockaddr_storage *peer, socklen_t peer_len, ++ struct u_addr *addr); ++ + #ifndef HAVE_NTOA_R + extern char *ether_ntoa_r(const struct ether_addr *n, char *a); + #endif +Index: src/l2tp.c +=================================================================== +--- src/l2tp.c (revision 2436) ++++ src/l2tp.c (working copy) +@@ -1374,6 +1374,7 @@ L2tpServerEvent(int type, void *arg) + struct ngm_mkpeer mkpeer; + struct sockaddr_storage peer_sas; + struct sockaddr_storage sas; ++ struct u_addr server_addr; + const size_t bufsize = 8192; + u_int16_t *buf = NULL; + char hook[NG_HOOKSIZ]; +@@ -1393,9 +1394,18 @@ L2tpServerEvent(int type, void *arg) + /* Allocate buffer */ + buf = Malloc(MB_PHYS, bufsize); + ++ u_addrcopy(&s->self_addr, &server_addr); ++ + /* Read packet */ + sas_len = sizeof(peer_sas); +- if ((len = recvfrom(s->sock, buf, bufsize, 0, ++ ++ if (u_addrempty(&s->self_addr)) { ++ if ((len = GetDataAddrs(s->sock, buf, bufsize, ++ &peer_sas, sas_len, &server_addr)) == -1) { ++ Perror("L2TP: GetDataAddrs"); ++ goto fail; ++ } ++ } else if ((len = recvfrom(s->sock, buf, bufsize, 0, + (struct sockaddr *)&peer_sas, &sas_len)) == -1) { + Perror("L2TP: recvfrom"); + goto fail; +@@ -1415,9 +1425,23 @@ L2tpServerEvent(int type, void *arg) + tun->self_port = s->self_port; + tun->alive = 1; + +- Log(LG_PHYS, ("Incoming L2TP packet from %s %d", +- u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)), tun->peer_port)); ++ if (u_addrempty(&tun->self_addr)) ++ u_addrcopy(&server_addr, &tun->self_addr); + ++ if (u_addrempty(&tun->self_addr)) ++ Log(LG_PHYS, ("Incoming L2TP packet from %s %d", ++ u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)), ++ tun->peer_port)); ++ else { ++ char buf3[INET_ADDRSTRLEN]; ++ ++ Log(LG_PHYS, ("Incoming L2TP packet from %s %d to %s %d", ++ u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)), ++ tun->peer_port, ++ u_addrtoa(&tun->self_addr, buf3, sizeof(buf3)), ++ tun->self_port)); ++ } ++ + /* Examine all L2TP links to get best possible fit tunnel parameters. */ + for (k = 0; k < gNumLinks; k++) { + Link l2; +@@ -1552,7 +1576,7 @@ L2tpServerEvent(int type, void *arg) + } + + /* Bind socket to a new port */ +- u_addrtosockaddr(&s->self_addr,s->self_port,&sas); ++ u_addrtosockaddr(&tun->self_addr,tun->self_port,&sas); + if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE, + NGM_KSOCKET_BIND, &sas, sas.ss_len) == -1) { + Perror("L2TP: bind"); +@@ -1649,6 +1673,10 @@ L2tpListen(Link l) + SO_REUSEPORT, &one, sizeof(one)) == -1) { + Perror("L2TP: setsockopt"); + goto fail; ++ } ++ if (u_addrempty(&s->self_addr)) { ++ int on = 1; ++ setsockopt(s->sock, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on)); + } + u_addrtosockaddr(&s->self_addr, s->self_port, &sa); + if (bind(s->sock, (struct sockaddr *)&sa, sa.ss_len) == -1) { diff --git a/net/mpd/files/patch-nat.c b/net/mpd/files/patch-nat.c new file mode 100644 index 00000000..1c94022f --- /dev/null +++ b/net/mpd/files/patch-nat.c @@ -0,0 +1,13 @@ +Index: src/nat.c +=================================================================== +--- src/nat.c (revision 2445) ++++ src/nat.c (revision 2446) +@@ -192,7 +192,7 @@ NatSetCommand(Context ctx, int ac, const char *const a + if (!inet_aton (av[5], &r_addr)) + Error("bad remote IP address \"%s\"", av[5]); + rp = atoi(av[6]); +- if (rp <= 0 || rp > 65535) ++ if (rp < 0 || rp > 65535) + Error("Incorrect remote port number \"%s\"", av[6]); + } + /* OK */ diff --git a/net/mpd/files/patch-noradius b/net/mpd/files/patch-noradius new file mode 100644 index 00000000..3c29e90d --- /dev/null +++ b/net/mpd/files/patch-noradius @@ -0,0 +1,588 @@ +Index: src/Makefile +=================================================================== +--- src/Makefile (revision 2417) ++++ src/Makefile (working copy) +@@ -60,6 +60,7 @@ USE_TCP_WRAP= yes + #USE_AUTH_OPIE= yes + USE_AUTH_PAM= yes + USE_AUTH_SYSTEM= yes ++USE_RADIUS?= yes + + # Build without builtin web server. + #NOWEB= yes +@@ -108,8 +109,10 @@ CFLAGS+= -DUSE_SYSTEM + LDADD+= -lnetgraph -lutil + DPADD+= ${LIBNETGRAPH} + ++.if defined ( USE_RADIUS ) && ( ${USE_RADIUS} == yes ) + LDADD+= -L/usr/lib -lradius + DPADD+= ${LIBRADIUS} ++.endif + + # Obtained from bsd.port.mk + .if !defined ( OSVERSION ) +@@ -152,8 +155,12 @@ CFLAGS+= -DSYSLOG_FACILITY='"${SYSLOG_FACILITY}"' + STDSRCS= assert.c auth.c bund.c rep.c ccp.c chap.c \ + console.c command.c ecp.c event.c fsm.c iface.c input.c \ + ip.c ipcp.c ipv6cp.c lcp.c link.c log.c main.c mbuf.c mp.c \ +- msg.c ngfunc.c pap.c phys.c proto.c radius.c radsrv.c timer.c \ +- util.c vars.c eap.c msoft.c ippool.c ++ msg.c ngfunc.c pap.c phys.c proto.c timer.c \ ++ util.c vars.c msoft.c ippool.c ++ ++.if defined ( USE_RADIUS ) && ( ${USE_RADIUS} == yes ) ++STDSRCS+= eap.c radius.c radsrv.c ++.endif + + .if defined ( NOWEB ) + CFLAGS+= -DNOWEB +Index: src/auth.c +=================================================================== +--- src/auth.c (revision 2411) ++++ src/auth.c (working copy) +@@ -188,10 +188,12 @@ void + authparamsInit(struct authparams *ap) + { + memset(ap, 0, sizeof(struct authparams)); ++#ifdef USE_RADIUS + ap->eapmsg = NULL; + ap->state = NULL; + ap->class = NULL; + ap->filter_id = NULL; ++#endif + ap->msdomain = NULL; + #ifdef SIOCSIFDESCR + ap->ifdescr = NULL; +@@ -208,10 +210,12 @@ authparamsDestroy(struct authparams *ap) + int i; + #endif + ++#ifdef USE_RADIUS + Freee(ap->eapmsg); + Freee(ap->state); + Freee(ap->class); + Freee(ap->filter_id); ++#endif + + #ifdef USE_IPFW + ACLDestroy(ap->acl_rule); +@@ -252,6 +256,7 @@ authparamsCopy(struct authparams *src, struct authpara + + memcpy(dst, src, sizeof(struct authparams)); + ++#ifdef USE_RADIUS + if (src->eapmsg) + dst->eapmsg = Mdup(MB_AUTH, src->eapmsg, src->eapmsg_len); + if (src->state) +@@ -260,6 +265,7 @@ authparamsCopy(struct authparams *src, struct authpara + dst->class = Mdup(MB_AUTH, src->class, src->class_len); + if (src->filter_id) + dst->filter_id = Mstrdup(MB_AUTH, src->filter_id); ++#endif + + #ifdef USE_IPFW + ACLCopy(src->acl_rule, &dst->acl_rule); +@@ -308,8 +314,10 @@ AuthInit(Link l) + Enable(&ac->options, AUTH_CONF_INTERNAL); + Enable(&ac->options, AUTH_CONF_ACCT_MANDATORY); + ++#ifdef USE_RADIUS + EapInit(l); + RadiusInit(l); ++#endif + } + + /* +@@ -420,9 +428,11 @@ AuthStart(Link l) + case PROTO_CHAP: + ChapStart(l, AUTH_SELF_TO_PEER); + break; ++#ifdef USE_RADIUS + case PROTO_EAP: + EapStart(l, AUTH_SELF_TO_PEER); + break; ++#endif + default: + assert(0); + } +@@ -437,9 +447,11 @@ AuthStart(Link l) + case PROTO_CHAP: + ChapStart(l, AUTH_PEER_TO_SELF); + break; ++#ifdef USE_RADIUS + case PROTO_EAP: + EapStart(l, AUTH_PEER_TO_SELF); + break; ++#endif + default: + assert(0); + } +@@ -449,6 +461,7 @@ AuthStart(Link l) + * AuthInput() + * + * Deal with PAP/CHAP/EAP packet ++ * But cannot be called for EAP packet if RADIUS support is not compiled in. + */ + + void +@@ -494,15 +507,16 @@ AuthInput(Link l, int proto, Mbuf bp) + len -= sizeof(fsmh); + pkt = MBDATA(bp); + ++#ifdef USE_RADIUS + if (proto == PROTO_EAP && bp) { + Log(LG_AUTH, ("[%s] %s: rec'd %s #%d len: %hu, type: %s", l->name, + ProtoName(proto), AuthCode(proto, fsmh.code, buf, sizeof(buf)), fsmh.id, + fsmh_len, EapType(pkt[0]))); +- } else { ++ } else ++#endif + Log(LG_AUTH, ("[%s] %s: rec'd %s #%d len: %hu", l->name, + ProtoName(proto), AuthCode(proto, fsmh.code, buf, sizeof(buf)), fsmh.id, + fsmh_len)); +- } + + auth = AuthDataNew(l); + auth->proto = proto; +@@ -518,9 +532,11 @@ AuthInput(Link l, int proto, Mbuf bp) + case PROTO_CHAP: + ChapInput(l, auth, pkt, len); + break; ++#ifdef USE_RADIUS + case PROTO_EAP: + EapInput(l, auth, pkt, len); + break; ++#endif + default: + assert(0); + } +@@ -563,13 +579,14 @@ AuthOutput(Link l, int proto, u_int code, u_int id, co + } + bp = mbcopyback(bp, MBLEN(bp), ptr, len); + ++#ifdef USE_RADIUS + if (proto == PROTO_EAP) { + Log(LG_AUTH, ("[%s] %s: sending %s #%d len: %d, type: %s", l->name, + ProtoName(proto), AuthCode(proto, code, buf, sizeof(buf)), id, plen, EapType(eap_type))); +- } else { ++ } else ++#endif + Log(LG_AUTH, ("[%s] %s: sending %s #%d len: %d", l->name, + ProtoName(proto), AuthCode(proto, code, buf, sizeof(buf)), id, plen)); +- } + + /* Send it out */ + NgFuncWritePppFrameLink(l, proto, bp); +@@ -718,7 +735,9 @@ AuthStop(Link l) + TimerStop(&a->timer); + PapStop(&a->pap); + ChapStop(&a->chap); ++#ifdef USE_RADIUS + EapStop(&a->eap); ++#endif + paction_cancel(&a->thread); + } + +@@ -979,8 +998,10 @@ AuthAccount(void *arg) + + Log(LG_AUTH2, ("[%s] ACCT: Thread started", auth->info.lnkname)); + ++#ifdef USE_RADIUS + if (Enabled(&auth->conf.options, AUTH_CONF_RADIUS_ACCT)) + err |= RadiusAccount(auth); ++#endif + #ifdef USE_PAM + if (Enabled(&auth->conf.options, AUTH_CONF_PAM_ACCT)) + err |= AuthPAMAcct(auth); +@@ -1020,8 +1041,10 @@ AuthAccountFinish(void *arg, int was_canceled) + auth->info.lnkname)); + } + ++#ifdef USE_RADIUS + /* Cleanup */ + RadiusClose(auth); ++#endif + + if (was_canceled) { + AuthDataDestroy(auth); +@@ -1188,6 +1211,7 @@ AuthAsync(void *arg) + return; + } + } ++#ifdef USE_RADIUS + if (auth->proto == PROTO_EAP && auth->eap_radius) { + auth->params.authentic = AUTH_CONF_RADIUS_AUTH; + RadiusEapProxy(auth); +@@ -1205,6 +1229,7 @@ AuthAsync(void *arg) + return; + } + } ++#endif + #ifdef USE_PAM + if (Enabled(&auth->conf.options, AUTH_CONF_PAM_AUTH)) { + auth->params.authentic = AUTH_CONF_PAM_AUTH; +@@ -1274,8 +1299,10 @@ AuthAsyncFinish(void *arg, int was_canceled) + if (was_canceled) + Log(LG_AUTH2, ("[%s] AUTH: Thread was canceled", auth->info.lnkname)); + ++#ifdef USE_RADIUS + /* cleanup */ + RadiusClose(auth); ++#endif + + if (was_canceled) { + AuthDataDestroy(auth); +@@ -1948,9 +1975,11 @@ static const char * + AuthCode(int proto, u_char code, char *buf, size_t len) + { + switch (proto) { ++#ifdef USE_RADIUS + case PROTO_EAP: + return EapCode(code, buf, len); + ++#endif + case PROTO_CHAP: + return ChapCode(code, buf, len); + +Index: src/auth.h +=================================================================== +--- src/auth.h (revision 2411) ++++ src/auth.h (working copy) +@@ -113,6 +113,7 @@ struct authparams { + struct in_addr peer_dns[2]; /* DNS servers for peer to use */ + struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */ + ++#ifdef USE_RADIUS + char *eapmsg; /* EAP Msg for forwarding to RADIUS + * server */ + int eapmsg_len; +@@ -125,6 +126,7 @@ struct authparams { + + char *filter_id; /* RADIUS Framed-Filter-Id attribute */ + ++#endif + char action[8 + LINK_MAX_NAME]; + + #ifdef USE_IPFW +@@ -204,7 +206,9 @@ struct authparams { + }; + + struct authconf { ++#ifdef USE_RADIUS + struct radiusconf radius; /* RADIUS configuration */ ++#endif + char authname[AUTH_MAX_AUTHNAME]; /* Configured username */ + char password[AUTH_MAX_PASSWORD]; /* Configured password */ + u_int acct_update; +@@ -231,7 +235,9 @@ struct auth { + struct pppTimer acct_timer; /* Timer for accounting updates */ + struct papinfo pap; /* PAP state */ + struct chapinfo chap; /* CHAP state */ ++#ifdef USE_RADIUS + struct eapinfo eap; /* EAP state */ ++#endif + struct paction *thread; /* async auth thread */ + struct paction *acct_thread; /* async accounting auth thread */ + struct authconf conf; /* Auth backends, RADIUS, etc. */ +@@ -253,7 +259,9 @@ struct authdata { + u_int code; /* Proto specific code */ + u_char acct_type; /* Accounting type, Start, Stop, + * Update */ ++#ifdef USE_RADIUS + u_char eap_radius; ++#endif + u_char status; + u_char why_fail; + char *reply_message; /* Text wich may displayed to the user */ +@@ -261,10 +269,13 @@ struct authdata { + char *mschapv2resp; /* Response String for MSCHAPv2 */ + void (*finish) (Link l, struct authdata *auth); /* Finish handler */ + int drop_user; /* RAD_MPD_DROP_USER value sent by +- * RADIUS server */ ++ * RADIUS server or external acct script */ ++#ifdef USE_RADIUS + struct { + struct rad_handle *handle; /* the RADIUS handle */ + } radius; ++#endif ++ + #ifdef USE_OPIE + struct { + struct opie data; +Index: src/command.c +=================================================================== +--- src/command.c (revision 2411) ++++ src/command.c (working copy) +@@ -223,8 +223,10 @@ + #endif + { "ecp", "ECP status", + EcpStat, AdmitBund, 0, NULL }, ++#ifdef USE_RADIUS + { "eap", "EAP status", + EapStat, AdmitLink, 0, NULL }, ++#endif + { "events", "Current events", + ShowEvents, NULL, 0, NULL }, + { "ipcp", "IPCP status", +@@ -253,8 +255,10 @@ + LinkStat, AdmitLink, 0, NULL }, + { "auth", "Auth status", + AuthStat, AdmitLink, 0, NULL }, ++#ifdef USE_RADIUS + { "radius", "RADIUS status", + RadStat, AdmitLink, 0, NULL }, ++#endif + #ifdef RAD_COA_REQUEST + { "radsrv", "RADIUS server status", + RadsrvStat, NULL, 0, NULL }, +@@ -293,8 +297,10 @@ + }; + + static const struct cmdtab UnSetCommands[] = { ++#ifdef USE_RADIUS + { "radius ...", "RADIUS specific stuff", + CMD_SUBMENU, AdmitLink, 2, RadiusUnSetCmds }, ++#endif + #ifdef NG_NAT_DESC_LENGTH + { "nat ...", "NAT specific stuff", + CMD_SUBMENU, AdmitBund, 2, NatUnSetCmds }, +@@ -303,6 +309,8 @@ + }; + + static const struct cmdtab SetCommands[] = { ++ { "auth ...", "Auth specific stuff", ++ CMD_SUBMENU, AdmitLink, 2, AuthSetCmds }, + { "bundle ...", "Bundle specific stuff", + CMD_SUBMENU, AdmitBund, 2, BundSetCmds }, + { "link ...", "Link specific stuff", +@@ -323,15 +331,15 @@ + #endif + { "ecp ...", "ECP specific stuff", + CMD_SUBMENU, AdmitBund, 2, EcpSetCmds }, ++#ifdef USE_RADIUS + { "eap ...", "EAP specific stuff", + CMD_SUBMENU, AdmitLink, 2, EapSetCmds }, +- { "auth ...", "Auth specific stuff", +- CMD_SUBMENU, AdmitLink, 2, AuthSetCmds }, + { "radius ...", "RADIUS specific stuff", + CMD_SUBMENU, AdmitLink, 2, RadiusSetCmds }, + #ifdef RAD_COA_REQUEST + { "radsrv ...", "RADIUS server specific stuff", + CMD_SUBMENU, NULL, 2, RadsrvSetCmds }, ++#endif + #endif + { "console ...", "Console specific stuff", + CMD_SUBMENU, NULL, 0, ConsoleSetCmds }, +Index: src/configure +=================================================================== +--- src/configure (revision 2411) ++++ src/configure (working copy) +@@ -122,6 +122,13 @@ else + echo " not found." + fi + ++echo -n "Looking for radius support ..." ++if [ "$USE_RADIUS" = no ]; then ++ echo " disabled." ++else if [ -e /usr/include/radlib.h ] ++then ++ echo " found." ++ echo "#define HAVE_RADIUS 1" >> $CONFIG + + echo -n "Looking for rad_bind_to() ..." + if /usr/bin/grep rad_bind_to /usr/include/radlib.h >/dev/null 2>&1 +@@ -140,6 +147,8 @@ then + else + echo " not found." + fi ++fi ++fi # RADIUS support + + echo -n "Looking for ether_ntoa_r() ..." + if /usr/bin/grep ether_ntoa_r /usr/include/net/ethernet.h >/dev/null 2>&1 +Index: src/defs.h +=================================================================== +--- src/defs.h (revision 2411) ++++ src/defs.h (working copy) +@@ -55,6 +55,9 @@ + #ifndef HAVE_IPFW + #undef USE_IPFW + #endif ++#ifdef HAVE_RADIUS ++ #define USE_RADIUS ++#endif + #ifndef HAVE_RAD_BIND + #undef HAVE_RAD_BIND + #endif +Index: src/eap.h +=================================================================== +--- src/eap.h (revision 2411) ++++ src/eap.h (working copy) +@@ -77,6 +77,7 @@ + EAP_TYPE_FAST /* EAP-FAST */ + }; + ++#ifdef USE_RADIUS + extern const struct cmdtab EapSetCmds[]; + + /* Configuration for a link */ +@@ -109,5 +110,6 @@ + extern const char *EapType(u_char type); + extern int EapStat(Context ctx, int ac, const char *const av[], const void *arg); + ++#endif /* USE_RADIUS */ + #endif + +Index: src/iface.c +=================================================================== +--- src/iface.c (revision 2416) ++++ src/iface.c (working copy) +@@ -1110,7 +1110,10 @@ IfaceIpIfaceUp(Bund b, int ready) + u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)), + *b->params.authname ? b->params.authname : "-", + ns1buf, ns2buf, *b->params.peeraddr ? b->params.peeraddr : "-", +- b->params.filter_id ? b->params.filter_id : "-"); ++#ifdef USE_RADIUS ++ b->params.filter_id ? b->params.filter_id : ++#endif ++ "-"); + if (res != 0) { + FsmFailure(&b->ipcp.fsm, FAIL_NEGOT_FAILURE); + return (-1); +@@ -1142,7 +1145,10 @@ IfaceIpIfaceDown(Bund b) + u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)), + *b->params.authname ? b->params.authname : "-", + *b->params.peeraddr ? b->params.peeraddr : "-", +- b->params.filter_id ? b->params.filter_id : "-"); ++#ifdef USE_RADIUS ++ b->params.filter_id ? b->params.filter_id : ++#endif ++ "-"); + } + + /* Delete dynamic routes */ +@@ -1254,7 +1260,10 @@ IfaceIpv6IfaceUp(Bund b, int ready) + u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname, + *b->params.authname ? b->params.authname : "-", + *b->params.peeraddr ? b->params.peeraddr : "-", +- b->params.filter_id ? b->params.filter_id : "-"); ++#ifdef USE_RADIUS ++ b->params.filter_id ? b->params.filter_id : ++#endif ++ "-"); + if (res != 0) { + FsmFailure(&b->ipv6cp.fsm, FAIL_NEGOT_FAILURE); + return (-1); +@@ -1287,7 +1296,10 @@ IfaceIpv6IfaceDown(Bund b) + u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname, + *b->params.authname ? b->params.authname : "-", + *b->params.peeraddr ? b->params.peeraddr : "-", +- b->params.filter_id ? b->params.filter_id : "-"); ++#ifdef USE_RADIUS ++ b->params.filter_id ? b->params.filter_id : ++#endif ++ "-"); + } + + /* Delete dynamic routes */ +Index: src/input.c +=================================================================== +--- src/input.c (revision 2411) ++++ src/input.c (working copy) +@@ -101,9 +101,16 @@ InputDispatch(Bund b, Link l, int proto, Mbuf bp) + return(0); + case PROTO_PAP: + case PROTO_CHAP: ++ AuthInput(l, proto, bp); ++ return(0); + case PROTO_EAP: ++#ifdef USE_RADIUS + AuthInput(l, proto, bp); + return(0); ++#else ++ reject = 1; ++ goto done; ++#endif + case PROTO_MP: + if (!Enabled(&l->conf.options, LINK_CONF_MULTILINK)) + reject = 1; +Index: src/main.c +=================================================================== +--- src/main.c (revision 2411) ++++ src/main.c (working copy) +@@ -97,7 +97,9 @@ + #ifndef NOWEB + struct web gWeb; + #endif ++#ifdef USE_RADIUS + struct radsrv gRadsrv; ++#endif + int gBackground = FALSE; + int gShutdownInProgress = FALSE; + int gOverload = 0; +Index: src/ppp.h +=================================================================== +--- src/ppp.h (revision 2414) ++++ src/ppp.h (working copy) +@@ -203,7 +203,9 @@ + extern int gNumBundles; /* Total number of bundles */ + extern struct console gConsole; + extern struct web gWeb; ++#ifdef USE_RADIUS + extern struct radsrv gRadsrv; ++#endif + extern int gBackground; + extern int gShutdownInProgress; + extern int gOverload; +Index: src/radius.h +=================================================================== +--- src/radius.h (revision 2411) ++++ src/radius.h (working copy) +@@ -5,6 +5,13 @@ + * + */ + ++#ifndef _RADIUS_H_ ++#define _RADIUS_H_ ++ ++#include "defs.h" ++ ++#ifdef USE_RADIUS ++ + #ifdef CCP_MPPC + #include + #endif +@@ -15,8 +22,6 @@ + + #include "iface.h" + +-#ifndef _RADIUS_H_ +-#define _RADIUS_H_ + + /* + * DEFINITIONS +@@ -189,4 +194,5 @@ extern void RadiusClose(struct authdata *auth); + extern void RadiusEapProxy(void *arg); + extern int RadStat(Context ctx, int ac, const char *const av[], const void *arg); + ++#endif /* USE_RADIUS */ + #endif +Index: src/radsrv.h +=================================================================== +--- src/radsrv.h (revision 2411) ++++ src/radsrv.h (working copy) +@@ -9,6 +9,8 @@ + #define _RADSRV_H_ + + #include "defs.h" ++ ++#ifdef USE_RADIUS + #include + + /* +@@ -57,4 +59,5 @@ extern int RadsrvOpen(Radsrv c); + extern int RadsrvClose(Radsrv c); + extern int RadsrvStat(Context ctx, int ac, const char *const av[], const void *arg); + ++#endif /* USE_RADIUS */ + #endif diff --git a/net/mpd/files/patch-ppp.h b/net/mpd/files/patch-ppp.h new file mode 100644 index 00000000..46dba257 --- /dev/null +++ b/net/mpd/files/patch-ppp.h @@ -0,0 +1,27 @@ +Index: src/ppp.h +=================================================================== +--- src/ppp.h (revision 2411) ++++ src/ppp.h (working copy) +@@ -69,20 +69,15 @@ + #define assert(e) ((e) ? (void)0 : DoAssert(__FILE__, __LINE__, #e)) + + #ifdef __clang__ +- ++#ifndef NO_THREAD_SAFETY_ANALYSIS + #ifndef THREAD_ANNOTATION_ATTRIBUTE__ + #define THREAD_ANNOTATION_ATTRIBUTE__(x) __attribute__((x)) +-#else +- #define THREAD_ANNOTATION_ATTRIBUTE__(x) + #endif +- +-#ifndef NO_THREAD_SAFETY_ANALYSIS + #define NO_THREAD_SAFETY_ANALYSIS \ + THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis) ++#endif + #else + #define NO_THREAD_SAFETY_ANALYSIS +-#endif +- + #endif /* __clang__ */ + + /* Giant Mutex handling */ diff --git a/net/mpd/files/patch-pppoe.c b/net/mpd/files/patch-pppoe.c new file mode 100644 index 00000000..ccc3e117 --- /dev/null +++ b/net/mpd/files/patch-pppoe.c @@ -0,0 +1,34 @@ +Index: src/pppoe.c +=================================================================== +--- src/pppoe.c (revision 2420) ++++ src/pppoe.c (revision 2423) +@@ -1257,6 +1257,8 @@ PppoeListenEvent(int type, void *arg) + const struct pppoe_hdr *ph; + const struct pppoe_tag *tag; + ++ u_int16_t length; ++ + union { + u_char buf[sizeof(struct ngpppoe_init_data) + MAX_SESSION]; + struct ngpppoe_init_data poeid; +@@ -1288,6 +1290,20 @@ PppoeListenEvent(int type, void *arg) + + wh = (struct pppoe_full_hdr *)response; + ph = &wh->ph; ++ ++ /* Sanity check */ ++ length = ntohs(ph->length); ++ if (length > (size_t)sz - sizeof(struct pppoe_full_hdr)) { ++ Log(LG_PHYS, ("Ignored incoming PPPoE connection request " ++ "via %s for service \"%s\" from %s " ++ "due to bad length %hu > %u", ++ PIf->ifnodepath, session, ++ ether_ntoa((const struct ether_addr *)&wh->eh.ether_shost), ++ length, ++ (unsigned)((size_t)sz - sizeof(struct pppoe_full_hdr)))); ++ return; ++ } ++ + if ((tag = get_tag(ph, PTT_SRV_NAME))) { + size_t len = ntohs(tag->tag_len); + if (len >= sizeof(real_session)) diff --git a/net/mpd/pkg-plist b/net/mpd/pkg-plist index c031d9a7..1b09d31c 100644 --- a/net/mpd/pkg-plist +++ b/net/mpd/pkg-plist @@ -1,5 +1,5 @@ -sbin/mpd -man/man8/mpd.8.gz +sbin/mpd5 +man/man8/mpd5.8.gz