freeradius-server-3.0.16/000077500000000000000000000000001322570622300152405ustar00rootroot00000000000000freeradius-server-3.0.16/.gitattributes000066400000000000000000000001411322570622300201270ustar00rootroot00000000000000* text=auto * ident *.h linguist-language=c *.c linguist-language=c doc/* linguist-documentation freeradius-server-3.0.16/.gitignore000066400000000000000000000011311322570622300172240ustar00rootroot00000000000000*~ *.o *.a *.lo *.loT *.la *.so *.lai *.bz2 *.gz *.sig *.orig *.rej .libs .depends *.log *.substvars *-stamp *.swp *.cache *.dist *.dylib *.rej *.orig *.dSYM *.patch .pc # Editor projects *.kdev4 *.cproject *.project *.bbprojectd # Exuberant ctags tags # Local icon files icon.png # OS specific cruft .DS_Store # Certificates and signing requests *.pem *.der *.csr *.key # Autoconf and libtool output build config.status *confdefs.h *conftest* *confcache Make.inc libtool autom4te.cache config.guess config.sub config.h src/main/radattr src/modules/lib/ warnings.txt # Analyzer output /*.plist freeradius-server-3.0.16/.travis.yml000066400000000000000000000056721322570622300173630ustar00rootroot00000000000000language: c compiler: - clang - gcc sudo: false env: global: - PANIC_ACTION="gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0" - secure: "H+uQeyOgsIyXtIPPG2VzAG8S/8KYGHlHaWhdiNuz1LM3SMcEKoPqG6o/P+HO8HVvYnA6nelyGuEryV90UfuwGY9YC6A/pqPQvx/gXSso63Zt66XSaiZjulCSm9OV8EB3wyWF7VSQ/ZHcn+L01hIlsQXTqLprMaC33cM0FYPr9fY=" matrix: - DO_BUILD=yes LIBS_OPTIONAL=no LIBS_SHARED=yes BUILD_CFLAGS="-DWITH_EVAL_DEBUG" - DO_BUILD=yes LIBS_OPTIONAL=yes LIBS_SHARED=yes BUILD_CFLAGS="-DWITH_EVAL_DEBUG" - DO_BUILD=yes LIBS_OPTIONAL=yes LIBS_SHARED=yes BUILD_CFLAGS="-DWITH_EVAL_DEBUG -O2 -g3" - DO_BUILD=no addons: coverity_scan: project: name: FreeRADIUS/freeradius-server version: v3.0.x description: The FreeRADIUS server project notification_email: freeradius-devel@lists.freeradius.org build_command_prepend: ./configure build_command: make branch_pattern: coverity_scan apt: sources: - couchbase-precise packages: - autoconf - build-essential - debhelper - devscripts - dh-make - doxygen - fakeroot - gdb - graphviz - lintian - pbuilder - python-dev - quilt - libruby - ruby-dev - libcollectdclient-dev - firebird-dev - freetds-dev - libcap-dev - libcouchbase2-libevent - libcouchbase-dev - libcurl4-openssl-dev - libgdbm-dev - libhiredis-dev - libidn11-dev - libiodbc2-dev libiodbc2 - libjson0 - libjson0-dev - libkrb5-dev - libldap2-dev - libmemcached-dev - libmysqlclient-dev - libpam0g-dev - libpcap-dev - libpcre3-dev - libperl-dev - libpq-dev - libreadline-dev - libsnmp-dev - libssl-dev - libtalloc-dev - libtalloc2-dbg - libunbound-dev - libwbclient-dev - libykclient-dev - libyubikey-dev before_install: - $CC --version before_script: # Configure the server - if [ "${DO_BUILD}" = 'yes' ]; then CFLAGS="${BUILD_CFLAGS}" ./configure -C --enable-werror --prefix=$HOME/freeradius --with-shared-libs=$LIBS_SHARED --with-threads=$LIBS_OPTIONAL --with-udpfromto=$LIBS_OPTIONAL --with-openssl=$LIBS_OPTIONAL --with-pcre=$LIBS_OPTIONAL; fi - if [ "${DO_BUILD}" = 'no' ]; then ./configure -C --without-modules; fi # Build the server - if [ "${DO_BUILD}" = 'yes' ]; then make -j8; fi # Run CLANG analyzer if we're building with CLANG - if [ "${DO_BUILD}" = 'yes' -a "${COVERITY_SCAN_BRANCH}" != 1 -a ${CC} = 'clang' ]; then make -j8 scan && [ "$(find build/plist/ -name *.html)" = '' ]; fi script: - if [ "${DO_BUILD}" = 'yes' -a "${COVERITY_SCAN_BRANCH}" != 1 ]; then make travis-test; fi # - if [ "${DO_BUILD}" = 'no' ]; then make deb; fi # Build the doxygen documentation - if [ "${DO_BUILD}" = 'no' ]; then cd doc/source; doxygen 3>&1 1>&2 2>&3 | grep -iv '^warning:' | tee doxygen_stderr.log && [ ! -n "$(cat doxygen_stderr.log)" ]; fi freeradius-server-3.0.16/CONTRIBUTING000066400000000000000000000115571322570622300171030ustar00rootroot000000000000000.INTRODUCTION The FreeRADIUS project wouldn't exist without contributions from a significant number of developers. We greatly value all comments, defect reports, patches/pull-requests, but must balance individual contributor's desires and practices against what's required for the project to operate efficiently. This document describes best practices when interacting with members of the FreeRADIUS project team via GitHub. If you follow these guidelines, it is very likely that your question, bug report or pull request will be acted on, and in a timely manor. If you choose to ignore these guidelines our response will be a link to this document. 1.GITHUB ISSUE TRACKER The GitHub issue tracker is for non-security related defect reports, feature requests, and pull-requests ONLY. It is not for support requests or questions regarding configuration/operation of the server, they belong on the users mailing list: http://freeradius.org/list/users.html Raising support requests or questions as issues will result in them being closed and locked. If you continue to raise these questions as issues you will be banned from the FreeRADIUS project's GitHub repositories. Security issues should be reported to security@freeradius.org, especially if they can be remotely exploited. This ensures that patches can be developed before the exploit is made public. 2.BEFORE REPORTING A DEFECT Verify it's still present in the Git HEAD. Checkout the appropriate branch for the version of the server you're working with as listed here (http://doc.freeradius.org), build the server, and attempt to reproduce your issue. The ChangeLog (https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/doc/ChangeLog) for the current stable branch may also be used to determine if your issue has already been addressed. The ChangeLog is updated as fixes are made to the server code, and usually reflects the state of the Git HEAD. Do not report non-security defects for EOL branches (as listed on doc.freeradius.org), they will be closed and locked. 3.CONTENTS OF A DEFECT REPORT See doc/bugs (https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/bugs) for information on what to include, and how to obtain it. When logging bug reports using the GitHub issue tracker, pay attention to formatting. You should ensure any log output is surrounded by two sets of tripple backticks (```). If you don't do this Github will automatically link your issue to other pre-existing issues when it encounters a # string. 4.PULL REQUESTS AND CODING STANDARDS If you're developing a new feature, module, or writing large amounts of code to fix a defect, contact a member of the FreeRADIUS development team first. For simpler one or two line fixes, go ahead and open a pull-request immediately. The dev team can be contacted via the devel mailing list (http://freeradius.org/list/devel.html), or via GitHub by using the GitHub issue tracker. Contacting the dev team gives us the opportunity to offer feedback. We may have a solution to your problem that doesn't require additional code, or may have ideas as to how your problem can be solved in a way that will better fit with the longterm vision for the server. Once you've got the go ahead, read through the coding standards document: http://wiki.freeradius.org/contributing/coding-standards If you're creating a new module you may wish to read the module creation guide: http://wiki.freeradius.org/contributing/Modules3 You may also wish to utilise the doxygen site to review code documentation: http://doc.freeradius.org The doxygen site contains the complete reference of all API functions with doxygen headers, as well as structs, and callback declarations. doc.freeradius.org is updated within one minute of each commit to the master branch of the main freeradius-server repo. Finally, this file was written to be displayed automatically on the GitHub issue tracker, so Git/GitHub knowledge is assumed. If you're wondering what the heck a pull-request is, this document may be of some use: http://wiki.freeradius.org/contributing/GitHub 5.CONTINUOUS INTEGRATION TESTS If possible include test cases in your pull-requests. There are currently three test frameworks for different elements of the server: Unit tests - src/tests/unit/*.txt - Tests for conditions and protocol encoders/decoders. Module tests - src/tests/modules/ - Tests for module functionality. Unlang tests - src/tests/unlang/ - Tests for unlang keywords and functions. See README.* docs in the directories above for basic information on writing test cases. The easiest way to write new tests is to use the existing tests as examples. Tests are run via Travis for each pull-request, and on every commit by a developer with repository access. freeradius-server-3.0.16/COPYRIGHT000066400000000000000000000053331322570622300165370ustar00rootroot000000000000001. COPYRIGHT Unless otherwise mentioned, the copyrights described in section 4, below, apply to all files in this distribution. 2. INDIVIDUAL DIRECTORIES 2.1 doc/rfc/ Most of the files in this directory are copyrighted by the Internet Society, Inc. See the contents of the files for details. 2.2 src/lib/ Copyright for files in this directory is held by the contributors. See the contents of the files for details 2.2.1 LICENSE The license for all files in the src/lib directory is the GNU LGPL version 2, which is included with this program in the file src/lib/LICENSE. 3. ALL OTHER FILES Copyright for files in this directory is held by the contributors. See the contents of the files for details. Files without explicit copyright notices are copyright The FreeRADIUS Server Project. See section 4.2 for more information. 3.1 LICENSE The license for all other source code and documentation except the files in src/lib directory is the GNU GPL version 2, which is included with this program in the LICENSE file in this directory. 3.2 LIST OF COPYRIGHT HOLDERS Portions of the source code and documentation included here are copyright by one or more of the following organizations and individuals. This list is not exhaustive. Consult the individual files for more detailed copyright statements. Copyright (C) 1999-2015 The FreeRADIUS Server Project Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Alan DeKok Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. Copyright (C) 2011-2015 Arran Cudbard-Bell Copyright (C) 2003, 2004, 2005 Kostas Kalevras Copyright (C) 2004 Cladju Consulting, Inc. Copyright (C) 2001, 2002, 2003, 2004, 2005 Google, Inc. Copyright (C) 2003, 2004 Michael Richardson Copyright (C) 2002, 2003, 2004 Novell, Inc. Copyright (C) 2002 Miguel A.L. Paraz Copyright (C) 2002 Simon Ekstrand Copyright (C) 2001 Chad Miller Copyright (C) 2001 hereUare Communications, Inc. Copyright (C) 2000 Jochen Friedrich Copyright (C) 2000, 2002 Miquel van Smoorenburg Copyright (C) 2000 Jeff Carneal Copyright (C) 2000 Alan Curry Copyright (C) 2000 David Kerry Copyright (C) 2000 Dmitri Ageev Copyright (C) 2000 Nathan Neulinger Copyright (C) 2000 Mike Machado Copyright (C) 2000, 2001 Chad Miller Copyright (C) 1997, 1998, 1999 Cistron Internet Services B.V. Copyright (C) 1999 Kunihiro Ishiguro freeradius-server-3.0.16/CREDITS000066400000000000000000000001011322570622300162500ustar00rootroot00000000000000Please see: http://wiki.freeradius.org/project/Acknowledgements freeradius-server-3.0.16/INSTALL.rst000066400000000000000000000161311322570622300171020ustar00rootroot00000000000000Installation ============ 1. INTRODUCTION --------------- Ignore the installation instructions in this file if you have a pre-installed binary package. When upgrading from older versions of FreeRADIUS, you should read ALL of this file, especially the section on "UPGRADING" below which gives information on how to update your configuration. Whether you are installing from source or a pre-built binary package, you should read the section below "RUNNING THE SERVER". 2. SIMPLE INSTALLATION ---------------------- If you do not need to modify the default configuration, then take the following steps to build and install the server:: $ ./configure $ make $ make install 3. CUSTOM INSTALLATION ---------------------- FreeRADIUS has autoconf support. This means you have to run ``./configure``, and then run make. To see which configuration options are supported, run ``./configure --help``, and read it's output. The following list is a selection from the available flags:: --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --with-logdir=DIR Directory for logfiles [LOCALSTATEDIR/log] --with-radacctdir=PATH Directory for detail files [LOGDIR/radacct] --with-raddbdir=DIR Directory for config files [SYSCONFDIR/raddb] --with-threads Use threads, if available. (default=yes) --with-snmp Compile in SNMP support. (default=yes) --with-dhcp Compile in DHCP support. (default=yes) --with-experimental-modules Use experimental and unstable modules. (default=no) --enable-developer Turns on super-duper-extra-compile-warnings when using gcc, as well as experimental modules. The ``make install`` stage will install the binaries, the 'man' pages, and MAY install the configuration files. If you have not installed a RADIUS server before, then the configuration files for FreeRADIUS will be installed. If you already have a RADIUS server installed, then **FreeRADIUS WILL NOT over-write your current configuration.** The ``make install`` process will warn you about the files it could not install. If you see a warning message about files that could not be installed, then you MUST ensure that the new server is using the new configuration files, and not the old configuration files. The initial output from running in debugging mode (``radiusd -X``) will tell you which configuration files are being used. See UPGRADING above for information about upgrading from older versions. There MAY be changes in the dictionary files which are REQUIRED for a new version of the software. These files will NOT be installed over your current configuration, so you MUST verify and install any problem files by hand, for example using ``diff(1)`` to check for changes. It is EXTREMELY helpful to read the output of both ``./configure``, ``make``, and ``make install``. If a particular module you expected to be installed was not installed, then the output of the ``./configure; make; make install`` sequence will tell you why that module was not installed. Please do NOT post questions to the FreeRADIUS users list without first carefully reading the output of this process. 4. UPGRADING ------------ The installation process will not over-write your existing configuration files. It will, however, warn you about the files it did not install. For users upgrading from any older version to 3.0, it is *NOT* possible to use the older configuration as-is. However, the version 2.x configuration is largely compatible, so upgrading the configuration should not be too difficult. For details on what has changed, see ``raddb/README.rst``. We STRONGLY recommend that 3.0 be installed in a different location than any existing 1.x or 2.x installation. Any local policies can then be migrated gradually to the new 3.0 configuration. The number of differences in the new configuration mean that is is both simpler and safer to migrate your configurations rather than to try and just get the old configuration to work. 5. RUNNING THE SERVER --------------------- If the server builds and installs, but doesn't run correctly, then you should use debugging mode (radiusd -X) to figure out the problem. This is your BEST HOPE for understanding the problem. Read ALL of the messages which are printed to the screen, the answer to your problem will often be in a warning or error message. We really can't emphasize that last sentence enough. Configuring a RADIUS server for complex local authentication isn't a trivial task. Your ONLY method for debugging it is to read the debug messages, where the server will tell you exactly what it's doing, and why. You should then compare its behaviour to what you intended, and edit the configuration files as appropriate. If you don't use debugging mode, and ask questions on the mailing list, then the responses will all tell you to use debugging mode. The server prints out a lot of information in this mode, including suggestions for fixes to common problems. Look especially for "WARNING" in the output, and read the related messages. Since the main developers of FreeRADIUS use debugging mode to track down their configuration problems with the server, it's a good idea for you to use it, too. If you don't, there is little hope for you to solve ANY configuration problem related to the server. To start the server in debugging mode, do:: $ radiusd -X You should see a lot of text printed on the screen as it starts up. If you don't, or if you see error messages, please read the FAQ: http://www.freeradius.org/faq/ If the server says "Ready to process requests.", then it is running properly. From another shell (or another window), type:: $ radtest test test localhost 0 testing123 You should see the server print out more messages as it receives the request, and responds to it. The 'radtest' program should receive the response within a few seconds. It doesn't matter if the authentication request is accepted or rejected, what matters is that the server received the request, and responded to it. You can now edit the configuration files for your local system. You will usually want to start with ``sites-enabled/default``. To set which NASes (clients) can communicate with this server, edit ``clients.conf``. Please read the configuration files carefully, as many configuration options are only documented in comments in the file. Note that is is HIGHLY recommended that you use some sort of version control system to manage your configuration, such as git or Subversion. You should then make small changes to the configuration, checking in and testing as you go. When a config change causes the server to stop working, you will be able to easily step back and find out what update broke the configuraiton. Configuring and running the server MAY be complicated. Many modules have ``man`` pages. See ``man rlm_pap``, or ``man rlm_*`` for information. Please read the documentation in the doc/ directory. The comments in the configuration files also contain a lot of documentation. If you have any additional issues, the FAQ is also a good place to start. freeradius-server-3.0.16/LICENSE000066400000000000000000000431331322570622300162510ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. freeradius-server-3.0.16/Make.inc.in000066400000000000000000000103441322570622300172170ustar00rootroot00000000000000# -*- makefile -*- # Make.inc.in # # Version: $Id: a69292e333a3fdbadb0636d1d5a536d79e0e266b $ # # Location of files. prefix = @prefix@ exec_prefix = @exec_prefix@ sysconfdir = @sysconfdir@ localstatedir = @localstatedir@ libdir = @libdir@ bindir = @bindir@ sbindir = @sbindir@ docdir = @docdir@ mandir = @mandir@ datadir = @datadir@ dictdir = @dictdir@ logdir = @logdir@ includedir = @includedir@ # # In some systems, we don't want to over-write ANY configuration. # So we do: # # $./configure # $ make # $ make -Draddbdir=/tmp/garbage install # # and all of the configuration files go into /tmp/garbage # ifeq "${raddbdir}" "" raddbdir = @raddbdir@ endif modconfdir = @modconfdir@ radacctdir = @radacctdir@ top_builddir = @abs_top_builddir@ top_build_prefix=@abs_top_builddir@/ top_srcdir = @abs_top_srcdir@ datarootdir = @datarootdir@ MAKE = @MAKE@ # Makeflags set within the makefile appear to be additive and override # flags set on the command line and the environmental variables MAKEFLAGS = @FR_MAKEFLAGS@ CC = @CC@ RANLIB = @RANLIB@ INCLUDE = -I. -Isrc \ -include src/freeradius-devel/autoconf.h \ -include src/freeradius-devel/build.h \ -include src/freeradius-devel/features.h \ -include src/freeradius-devel/radpaths.h CFLAGS = $(INCLUDE) -fno-strict-aliasing @CFLAGS@ CPPFLAGS = @CPPFLAGS@ LIBPREFIX = @LIBPREFIX@ EXEEXT = @EXEEXT@ LIBTOOL = JLIBTOOL ACLOCAL = @ACLOCAL@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ INSTALL = ${top_builddir}/install-sh -c INSTALL_PROGRAM = ${INSTALL} INSTALL_DATA = ${INSTALL} -m 644 INSTALL_SCRIPT = ${INSTALL_PROGRAM} INSTALLSTRIP = @INSTALLSTRIP@ # # Linker arguments for libraries searched for by the main # configure script. # TALLOC_LIBS = @TALLOC_LIBS@ TALLOC_LDFLAGS = @TALLOC_LDFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@ OPENSSL_CPPFLAGS = @OPENSSL_CPPFLAGS@ PCAP_LIBS = @PCAP_LIBS@ PCAP_LDFLAGS = @PCAP_LDFLAGS@ COLLECTDC_LIBS = @COLLECTDC_LIBS@ COLLECTDC_LDFLAGS = @COLLECTDC_LDFLAGS@ LCRYPT = @CRYPTLIB@ # # OpenSSL libs (if used) must be linked everywhere in order for # the server to work properly on on all platforms. # LIBS = $(OPENSSL_LIBS) $(TALLOC_LIBS) @LIBS@ LDFLAGS = $(OPENSSL_LDFLAGS) $(TALLOC_LDFLAGS) @LDFLAGS@ LOGDIR = ${logdir} RADDBDIR = ${raddbdir} RUNDIR = ${localstatedir}/run/radiusd SBINDIR = ${sbindir} RADIR = ${radacctdir} LIBRADIUS = $(top_builddir)/src/lib/$(LIBPREFIX)freeradius-radius.la $(TALLOC_LIBS) USE_SHARED_LIBS = @USE_SHARED_LIBS@ bm_shared_libs = @USE_SHARED_LIBS@ USE_STATIC_LIBS = @USE_STATIC_LIBS@ bm_static_libs = @USE_STATIC_LIBS@ STATIC_MODULES = @STATIC_MODULES@ LIBREADLINE = @LIBREADLINE@ WITH_DHCP = @WITH_DHCP@ # # Version to use for packaging and other Make related things # RADIUSD_VERSION_STRING = @RADIUSD_VERSION_STRING@ # # This allows dlopen to do runtime checks for version mismatches # between what it was originally linked with, and the library it's # actually loading. # MODULES = @MODULES@ HOSTINFO = @HOSTINFO@ # # If the system has OpenSSL, use it's version of MD4/MD5/SHA1, instead of # using ours. # # We don't use OpenSSL SHA1 by default because src/modules/rlm_eap/libeap/fips186prf.c # needs access to the SHA internals. # ifeq "$(WITH_OPENSSL)" "yes" CFLAGS += -DWITH_OPENSSL_MD4 -DWITH_OPENSSL_MD5 CPPFLAGS := "$(OPENSSL_CPPFLAGS) $(CPPFLAGS)" endif OPENSSL_LIBS = @OPENSSL_LIBS@ ifneq ($(WITH_OPENSSL_MD5),) LIBRADIUS_WITH_OPENSSL = 1 CFLAGS += -DWITH_OPENSSL_MD5 endif ifneq ($(WITH_OPENSSL_SHA1),) LIBRADIUS_WITH_OPENSSL = 1 CFLAGS += -DWITH_OPENSSL_SHA1 endif ifneq ($(LIBRADIUS_WITH_OPENSSL),) ifeq ($(OPENSSL_LIBS),) $(error OPENSSL_LIBS must be define in order to use WITH_OPENSSL_*) else LIBRADIUS += $(OPENSSL_LIBS) endif endif # Path to clang, setting this enables the 'scan.*' build targets # which perform static analysis on various server components. ANALYZE.c := @clang_path@ # # With shared libs, the test binaries are in a different place # AND the method we use to run those binaries changes. # ifeq "$(USE_SHARED_LIBS)" "yes" TESTBINDIR = ./$(BUILD_DIR)/bin/local TESTBIN = FR_LIBRARY_PATH=./build/lib/.libs $(JLIBTOOL) --quiet --mode=execute $(TESTBINDIR) else TESTBINDIR = ./$(BUILD_DIR)/bin TESTBIN = ./$(BUILD_DIR)/bin endif freeradius-server-3.0.16/Makefile000066400000000000000000000247161322570622300167120ustar00rootroot00000000000000# # Makefile # # NOTE: This top-level Makefile must not # use GNU-make extensions. The lower ones can. # # Version: $Id: 03de192a783c0ada6e489ab99aa49b7e98ac9234 $ # # # The default rule is "all". # all: # # Catch people who try to use BSD make # ifeq "0" "1" .error GNU Make is required to build FreeRADIUS endif # # We require Make.inc, UNLESS the target is "make deb" # # Since "make deb" re-runs configure... there's no point in # requiring the developer to run configure *before* making # the debian packages. # ifneq "$(MAKECMDGOALS)" "deb" $(if $(wildcard Make.inc),,$(error Missing 'Make.inc' Run './configure [options]' and retry)) include Make.inc endif MFLAGS += --no-print-directory # The version of GNU Make is too old, don't use it (.FEATURES variable was # wad added in 3.81) ifndef .FEATURES $(error The build system requires GNU Make 3.81 or later.) endif export DESTDIR := $(R) # And over-ride all of the other magic. ifneq "$(MAKECMDGOALS)" "deb" include scripts/boiler.mk endif # # To work around OpenSSL issues with travis. # .PHONY: raddb/test.conf: @echo 'security {' >> $@ @echo ' allow_vulnerable_openssl = yes' >> $@ @echo '}' >> $@ @echo '$$INCLUDE radiusd.conf' >> $@ # # Run "radiusd -C", looking for errors. # # Only redirect STDOUT, which should contain details of why the test failed. # Don't molest STDERR as this may be used to receive output from a debugger. $(BUILD_DIR)/tests/radiusd-c: raddb/test.conf ${BUILD_DIR}/bin/radiusd | build.raddb @$(MAKE) -C raddb/certs @printf "radiusd -C... " @if ! FR_LIBRARY_PATH=./build/lib/local/.libs/ ./build/make/jlibtool --mode=execute ./build/bin/radiusd -XCMd ./raddb -D ./share -n test > $(BUILD_DIR)/tests/radiusd.config.log; then \ rm -f raddb/test.conf; \ cat $(BUILD_DIR)/tests/radiusd.config.log; \ echo "fail"; \ exit 1; \ fi @rm -f raddb/test.conf @echo "ok" @touch $@ test: ${BUILD_DIR}/bin/radiusd ${BUILD_DIR}/bin/radclient tests.unit tests.xlat tests.keywords tests.auth tests.modules $(BUILD_DIR)/tests/radiusd-c | build.raddb @$(MAKE) -C src/tests tests #  Tests specifically for Travis.  We do a LOT more than just #  the above tests ifneq "$(findstring travis,${prefix})" "" travis-test: raddb/test.conf test @FR_LIBRARY_PATH=./build/lib/local/.libs/ ./build/make/jlibtool --mode=execute ./build/bin/radiusd -xxxv -n test @rm -f raddb/test.conf @$(MAKE) install @perl -p -i -e 's/allow_vulnerable_openssl = no/allow_vulnerable_openssl = yes/' ${raddbdir}/radiusd.conf @${sbindir}/radiusd -XC endif # # The $(R) is a magic variable not defined anywhere in this source. # It's purpose is to allow an admin to create an installation 'tar' # file *without* actually installing it. e.g.: # # $ R=/home/root/tmp make install # $ cd /home/root/tmp # $ tar -cf ~/freeradius-package.tar * # # The 'tar' file can then be un-tar'd on any similar machine. It's a # cheap way of creating packages, without using a package manager. # Many of the platform-specific packaging tools use the $(R) variable # when creating their packages. # # For compatibility with typical GNU packages (e.g. as seen in libltdl), # we make sure DESTDIR is defined. # export DESTDIR := $(R) DICTIONARIES := $(wildcard share/dictionary*) install.share: $(addprefix $(R)$(dictdir)/,$(notdir $(DICTIONARIES))) $(R)$(dictdir)/%: share/% @echo INSTALL $(notdir $<) @$(INSTALL) -m 644 $< $@ MANFILES := $(wildcard man/man*/*.?) install.man: $(subst man/,$(R)$(mandir)/,$(MANFILES)) $(R)$(mandir)/%: man/% @echo INSTALL $(notdir $<) @sed -e "s,/etc/raddb,$(raddbdir),g" \ -e "s,/usr/local/share,$(datarootdir),g" \ $< > $<.subst @$(INSTALL) -m 644 $<.subst $@ @rm $<.subst # # Don't install rlm_test # ALL_INSTALL := $(patsubst %rlm_test.la,,$(ALL_INSTALL)) install: install.share install.man @$(INSTALL) -d -m 700 $(R)$(logdir) @$(INSTALL) -d -m 700 $(R)$(radacctdir) ifneq ($(RADMIN),) ifneq ($(RGROUP),) .PHONY: install-chown install-chown: chown -R $(RADMIN) $(R)$(raddbdir) chgrp -R $(RGROUP) $(R)$(raddbdir) chmod u=rwx,g=rx,o= `find $(R)$(raddbdir) -type d -print` chmod u=rw,g=r,o= `find $(R)$(raddbdir) -type f -print` chown -R $(RADMIN) $(R)$(logdir) chgrp -R $(RGROUP) $(R)$(logdir) find $(R)$(logdir) -type d -exec chmod u=rwx,g=rwx,o= {} \; find $(R)$(logdir) -type d -exec chmod g+s {} \; find $(R)$(logdir) -type f -exec chmod u=rw,g=rw,o= {} \; chown -R $(RADMIN) $(R)$(RUNDIR) chgrp -R $(RGROUP) $(R)$(RUNDIR) find $(R)$(RUNDIR) -type d -exec chmod u=rwx,g=rwx,o= {} \; find $(R)$(RUNDIR) -type d -exec chmod g+s {} \; find $(R)$(RUNDIR) -type f -exec chmod u=rw,g=rw,o= {} \; endif endif distclean: clean @-find src/modules -regex .\*/config[.][^.]*\$$ -delete @-find src/modules -name autom4te.cache -exec rm -rf '{}' \; @rm -rf config.cache config.log config.status libtool \ src/include/radpaths.h src/include/stamp-h \ libltdl/config.log libltdl/config.status \ libltdl/libtool autom4te.cache build @-find . ! -name configure.ac -name \*.in -print | \ sed 's/\.in$$//' | \ while read file; do rm -f $$file; done ###################################################################### # # Automatic remaking rules suggested by info:autoconf#Automatic_Remaking # ###################################################################### # # Do these checks ONLY if we're re-building the "configure" # scripts, and ONLY the "configure" scripts. If we leave # these rules enabled by default, then they're run too often. # ifeq "$(MAKECMDGOALS)" "reconfig" CONFIGURE_AC_FILES := $(shell find . -name configure.ac -print) CONFIGURE_FILES := $(patsubst %.ac,%,$(CONFIGURE_AC_FILES)) # # The GNU tools make autoconf=="missing autoconf", which then returns # 0, even when autoconf doesn't exist. This check is to ensure that # we run AUTOCONF only when it exists. # AUTOCONF_EXISTS := $(shell autoconf --version 2>/dev/null) ifeq "$(AUTOCONF_EXISTS)" "" $(error You need to install autoconf to re-build the "configure" scripts) endif # Configure files depend on "in" files, and on the top-level macro files # If there are headers, run auto-header, too. src/%configure: src/%configure.ac acinclude.m4 aclocal.m4 $(wildcard $(dir $@)m4/*m4) | src/freeradius-devel @echo AUTOCONF $(dir $@) cd $(dir $@) && $(AUTOCONF) -I $(top_builddir) -I $(top_builddir)/m4 -I $(top_builddir)/$(dir $@)m4 @if grep AC_CONFIG_HEADERS $@ >/dev/null; then\ echo AUTOHEADER $@ \ cd $(dir $@) && $(AUTOHEADER); \ fi # "%configure" doesn't match "configure" configure: configure.ac $(wildcard ac*.m4) $(wildcard m4/*.m4) @echo AUTOCONF $@ @$(AUTOCONF) src/include/autoconf.h.in: configure.ac @echo AUTOHEADER $@ @$(AUTOHEADER) reconfig: $(CONFIGURE_FILES) src/include/autoconf.h.in config.status: configure ./config.status --recheck # target is "configure" endif # If we've already run configure, then add rules which cause the # module-specific "all.mk" files to depend on the mk.in files, and on # the configure script. # ifneq "$(wildcard config.log)" "" CONFIGURE_ARGS := $(shell head -10 config.log | grep '^ \$$' | sed 's/^....//;s:.*configure ::') src/%all.mk: src/%all.mk.in src/%configure @echo CONFIGURE $(dir $@) @rm -f ./config.cache $(dir $<)/config.cache @cd $(dir $<) && ./configure $(CONFIGURE_ARGS) endif .PHONY: check-includes check-includes: scripts/min-includes.pl `find . -name "*.c" -print` .PHONY: TAGS TAGS: etags `find src -type f -name '*.[ch]' -print` > $@ # # Make test certificates. # .PHONY: certs certs: @$(MAKE) -C raddb/certs ###################################################################### # # Make a release. # # Note that "Make.inc" has to be updated with the release number # BEFORE running this command! # ###################################################################### BRANCH = $(shell git rev-parse --abbrev-ref HEAD) freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz: .git git archive --format=tar --prefix=freeradius-server-$(RADIUSD_VERSION_STRING)/ $(BRANCH) | gzip > $@ freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2: .git git archive --format=tar --prefix=freeradius-server-$(RADIUSD_VERSION_STRING)/ $(BRANCH) | bzip2 > $@ %.sig: % gpg --default-key packages@freeradius.org -b $< # high-level targets .PHONY: dist-check dist-check: redhat/freeradius.spec suse/freeradius.spec debian/changelog @if [ `grep ^Version: redhat/freeradius.spec | sed 's/.*://;s/ //'` != "$(RADIUSD_VERSION_STRING)" ]; then \ cat redhat/freeradius.spec | sed 's/^Version: .*/Version: $(RADIUSD_VERSION_STRING)/' > redhat/.foo; \ mv redhat/.foo redhat/freeradius.spec; \ echo redhat/freeradius.spec 'Version' needs to be updated; \ exit 1; \ fi @if [ `grep ^Version: suse/freeradius.spec | sed 's/.*://;s/ //'` != "$(RADIUSD_VERSION_STRING)" ]; then \ cat suse/freeradius.spec | sed 's/^Version: .*/Version: $(RADIUSD_VERSION_STRING)/' > suse/.foo; \ mv suse/.foo suse/freeradius.spec; \ echo suse/freeradius.spec 'Version' needs to be updated; \ exit 1; \ fi @if [ `head -n 1 debian/changelog | sed 's/.*(//;s/-0).*//;s/-1).*//;s/\+.*//'` != "$(RADIUSD_VERSION_STRING)" ]; then \ echo debian/changelog needs to be updated; \ exit 1; \ fi dist: dist-check freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2 dist-sign: freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz.sig freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2.sig dist-publish: freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz.sig freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz.sig freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2 freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz.sig freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2.sig scp $^ freeradius.org@ftp.freeradius.org:public_ftp # # Note that we do NOT do the tagging here! We just print out what # to do! # dist-tag: freeradius-server-$(RADIUSD_VERSION_STRING).tar.gz freeradius-server-$(RADIUSD_VERSION_STRING).tar.bz2 @echo "git tag release_`echo $(RADIUSD_VERSION_STRING) | tr .- __`" # # Build a debian package # .PHONY: deb deb: fakeroot dpkg-buildpackage -b -uc # Developer checks .PHONY: warnings warnings: @(make clean all 2>&1) | egrep -v '^/|deprecated|^In file included|: In function| from |^HEADER|^CC|^LINK' > warnings.txt @wc -l warnings.txt # # Ensure we're using tabs in the configuration files, # and remove trailing whitespace in source files. # .PHONY: whitespace whitespace: @for x in $$(git ls-files raddb/ src/); do unexpand $$x > $$x.bak; cp $$x.bak $$x; rm -f $$x.bak;done @perl -p -i -e 'trim' $$(git ls-files src/) freeradius-server-3.0.16/README.rst000066400000000000000000000157341322570622300167410ustar00rootroot00000000000000The FreeRADIUS server ===================== |BuildStatus|_ |CoverityStatus|_ .. contents:: :local: Introduction ------------ The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4 and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network. FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dialup, PPPoE, VPN's, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Redis, OpenLDAP, and many more. It is used daily to authenticate the Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users. Version 3.0 of the server is largely compatible with version 2.x, but we highly recommend that you recreate your configuration, rather than trying to get the older configuration to work. For a list of changes in version 3.0, please see ``doc/ChangeLog``. See ``raddb/README.rst`` for information on what to do to update your configuration. Administrators upgrading from a previous version should install this version in a different location from their existing systems. Any existing configuration should be carefully migrated to the new version, in order to take advantage of the new features which can greatly simply configuration. Please see http://freeradius.org and http://wiki.freeradius.org for more information. Installation ------------ To install the server, please see the INSTALL file in this directory. Configuring the server ---------------------- We understand that the server may be difficult to configure, install, or administer. It is, after all, a complex system with many different configuration possibilities. The most common problem is that people change large amounts of the configuration without understanding what they're doing, and without testing their changes. The preferred method of operation is the following: 1. Start off with the default configuration files. 2. Save a copy of the default configuration: It WORKS. Don't change it! 3. Verify that the server starts - in debugging mode (``radiusd -X``). 4. Send it test packets using "radclient", or a NAS or AP. 5. Verify that the server does what you expect - If it does not work, change the configuration, and go to step (3) - If you're stuck, revert to using the "last working" configuration. - If it works, proceed to step (6). 6. Save a copy of the working configuration, along with a note of what you changed, and why. 7. Make a SMALL change to the configuration. 8. Repeat from step (3). This method will ensure that you have a working configuration that is customized to your site as quickly as possible. While it may seem frustrating to proceed via a series of small steps, the alternative will always take more time. The "fast and loose" way will be MORE frustrating than quickly making forward progress! Debugging the Server -------------------- Run the server in debugging mode, (``radiusd -X``) and READ the output. We cannot emphasize this point strongly enough. The vast majority of problems can be solved by carefully reading the debugging output, which includes WARNINGs about common issues, and suggestions for how they may be fixed. Read the FAQ. Many questions are answered there. See the Wiki http://wiki.freeradius.org Read the configuration files. Many parts of the server have NO documentation, other than comments in the configuration file. Search the mailing lists. There is a Google link on the bottom of the page: http://www.freeradius.org/list/users.html Type some key words into the search box, and you should find discussions about common problems and solution. Feedback, Defects, and Community Support ---------------------------------------- If you have any comments, or are having difficulty getting FreeRADIUS to do what you want, please post to the 'freeradius-users' list (see the URL above). The FreeRADIUS mailing list is operated and contributed to, by the FreeRADIUS community. Users of the list will be more than happy to answer your questions, with the caveat that you've read documentation relevant to your issue first. If you suspect a defect in the server, would like to request a feature, or submit a code patch, please use the GitHub issue tracker for the freeradius-server `repository `_. Instructions for gathering data for defect reports can be found in ``doc/bugs`` or on the `wiki `_. Under no circumstances should the issue tracker be used for support requests, those questions belong on the user's mailing list. If you post questions related to the server in the issue tracker, the issue will be closed and locked. If you persist in positing questions to the issue tracker you will be banned from all FreeRADIUS project repositories on GitHub. Please do NOT complain that the developers aren't answering your questions quickly enough, or aren't fixing the problems quickly enough. Please do NOT complain if you're told to go read documentation. We recognize that the documentation isn't perfect, but it *does* exist, and reading it can solve most common questions. FreeRADIUS is the cumulative effort of many years of work by many people, and you've gotten it for free. No one is getting paid to answer your questions. This is free software, and the only way it gets better is if you make a contribution back to the project ($$, code, or documentation). We will note that the people who get most upset about any answers to their questions usually do not have any intention of contributing to the project. We will repeat the comments above: no one is getting paid to answer your questions or to fix your bugs. If you don't like the responses you are getting, then fix the bug yourself, or pay someone to address your concerns. Either way, make sure that any fix is contributed back to the project so that no one else runs into the same issue. Books on RADIUS --------------- See ``doc/README`` for more information about FreeRADIUS. There is an O'Reilly book available. It serves as a good introduction for anyone new to RADIUS. However, it is almost 12 years old, and is not much more than a basic introduction to the subject. http://www.amazon.com/exec/obidos/ASIN/0596003226/freeradiusorg-20/ Commercial support ------------------ Technical support, managed systems support, custom deployments, sponsored feature development and many other commercial services are available from `Network RADIUS `_. .. |CoverityStatus| image:: https://scan.coverity.com/projects/58/badge.svg? .. _CoverityStatus: https://scan.coverity.com/projects/58 .. |BuildStatus| image:: https://travis-ci.org/FreeRADIUS/freeradius-server.png?branch=v3.0.x .. _BuildStatus: https://travis-ci.org/FreeRADIUS/freeradius-server freeradius-server-3.0.16/VERSION000066400000000000000000000000071322570622300163050ustar00rootroot000000000000003.0.16 freeradius-server-3.0.16/acinclude.m4000066400000000000000000000400651322570622300174360ustar00rootroot00000000000000dnl Checks to see if this is SUNPro we're building with dnl Usage: dnl AC_PROG_CC_SUNPRO AC_DEFUN([AC_PROG_CC_SUNPRO], [AC_CACHE_CHECK(whether we are using SUNPro C, ac_cv_prog_suncc, [dnl The semicolon is to pacify NeXT's syntax-checking cpp. cat > conftest.c </dev/null 2>&1; then ac_cv_prog_suncc=yes else ac_cv_prog_suncc=no fi])]) dnl # dnl # FR_CHECK_TYPE_INCLUDE([#includes ...], type, default-C-types) dnl # dnl # This function is like AC_CHECK_TYPE, but you can give this one dnl # a list of include files to check. dnl # AC_DEFUN([FR_CHECK_TYPE_INCLUDE], [ AC_CACHE_CHECK(for $2, ac_cv_type_$2, [ ac_cv_type_$2=no AC_TRY_COMPILE($1, [$2 foo], ac_cv_type_$2=yes, ) ] ) if test "$ac_cv_type_$2" != "yes"; then AC_DEFINE($2, $3, $4) fi ]) dnl # dnl # Locate the directory in which a particular file is found. dnl # dnl # Usage: FR_LOCATE_DIR(MYSQLLIB_DIR, libmysqlclient.a) dnl # dnl # Defines the variable MYSQLLIB_DIR to be the directory(s) in dnl # which the file libmysqlclient.a is to be found. dnl # dnl # AC_DEFUN([FR_LOCATE_DIR], [ dnl # If we have the program 'locate', then the problem of finding a dnl # particular file becomes MUCH easier. dnl # dnl # dnl # No 'locate' defined, do NOT do anything. dnl # if test "x$LOCATE" != "x"; then dnl # dnl # Root through a series of directories, looking for the given file. dnl # DIRS= file=$2 for x in `${LOCATE} $file 2>/dev/null`; do dnl # dnl # When asked for 'foo', locate will also find 'foo_bar', which we dnl # don't want. We want that EXACT filename. dnl # dnl # We ALSO want to be able to look for files like 'mysql/mysql.h', dnl # and properly match them, too. So we try to strip off the last dnl # part of the filename, using the name of the file we're looking dnl # for. If we CANNOT strip it off, then the name will be unchanged. dnl # base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` dnl # dnl # Exclude a number of directories. dnl # exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi dnl # dnl # OK, we have an exact match. Let's be sure that we only find ONE dnl # matching directory. dnl # already=`echo \$$1 ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi dnl # dnl # And remember the directory in which we found the file. dnl # eval "$1=\"\$$1 $DIRS\"" ]) dnl ####################################################################### dnl # dnl # Look for a library in a number of places. dnl # dnl # FR_SMART_CHECK_LIB(library, function) dnl # AC_DEFUN([FR_SMART_CHECK_LIB], [ sm_lib_safe=`echo "$1" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "$2" | sed 'y%./+-%__p_%'` dnl # dnl # We pass all arguments for linker testing in CCPFLAGS as these dnl # will be passed to the compiler (then linker) first. dnl # dnl # The linker will search through -L directories in the order they dnl # appear on the command line. Unfortunately the same rules appear dnl # to apply to directories specified with --sysroot, so we must dnl # pass the user specified directory first. dnl # dnl # Really we should be using LDFLAGS (-L) for this. dnl # old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= dnl # dnl # Try first any user-specified directory, otherwise we may pick up dnl # the wrong version. dnl # if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do AC_MSG_CHECKING([for $2 in -l$1 in $try]) LIBS="-l$1 $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" AC_TRY_LINK([extern char $2();], [$2()], [ smart_lib="-l$1" smart_ldflags="-L$try -Wl,-rpath,$try" AC_MSG_RESULT(yes) break ], [AC_MSG_RESULT(no)]) done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi dnl # dnl # Try using the default library path dnl # if test "x$smart_lib" = "x"; then AC_MSG_CHECKING([for $2 in -l$1]) LIBS="-l$1 $old_LIBS" AC_TRY_LINK([extern char $2();], [$2()], [ smart_lib="-l$1" AC_MSG_RESULT(yes) ], [AC_MSG_RESULT(no)]) LIBS="$old_LIBS" fi dnl # dnl # Try to guess possible locations. dnl # if test "x$smart_lib" = "x"; then FR_LOCATE_DIR(smart_lib_dir,[lib$1${libltdl_cv_shlibext}]) FR_LOCATE_DIR(smart_lib_dir,[lib$1.a]) for try in $smart_lib_dir /usr/local/lib /opt/lib; do AC_MSG_CHECKING([for $2 in -l$1 in $try]) LIBS="-l$1 $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" AC_TRY_LINK([extern char $2();], [$2()], [ smart_lib="-l$1" smart_ldflags="-L$try -Wl,-rpath,$try" AC_MSG_RESULT(yes) break ], [AC_MSG_RESULT(no)]) done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi dnl # dnl # Found it, set the appropriate variable. dnl # if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi ]) dnl ####################################################################### dnl # dnl # Look for a header file in a number of places. dnl # dnl # FR_SMART_CHECK_INCLUDE(foo.h, [ #include ]) dnl # AC_DEFUN([FR_SMART_CHECK_INCLUDE], [ ac_safe=`echo "$1" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= dnl # The default directories we search in (in addition to the compilers search path) smart_include_dir="/usr/local/include /opt/include" dnl # Our local versions _smart_try_dir= _smart_include_dir= dnl # Add variants with the different prefixes and one with no prefix for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done dnl # dnl # Try any user-specified directory first otherwise we may pick up dnl # the wrong version. dnl # if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do AC_MSG_CHECKING([for $1 in $try]) CPPFLAGS="-isystem $try $old_CPPFLAGS" AC_TRY_COMPILE([$2 #include <$1>], [int a = 1;], [ smart_include="-isystem $try" AC_MSG_RESULT(yes) break ], [ smart_include= AC_MSG_RESULT(no) ]) done CPPFLAGS="$old_CPPFLAGS" fi dnl # dnl # Try using the default includes (with prefixes). dnl # if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do AC_MSG_CHECKING([for ${_prefix}/$1]) AC_TRY_COMPILE([$2 #include <$1>], [int a = 1;], [ smart_include="-isystem ${_prefix}/" AC_MSG_RESULT(yes) break ], [ smart_include= AC_MSG_RESULT(no) ]) done fi dnl # dnl # Try using the default includes (without prefixes). dnl # if test "x$smart_include" = "x"; then AC_MSG_CHECKING([for $1]) AC_TRY_COMPILE([$2 #include <$1>], [int a = 1;], [ smart_include=" " AC_MSG_RESULT(yes) break ], [ smart_include= AC_MSG_RESULT(no) ]) fi dnl # dnl # Try to guess possible locations. dnl # if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do FR_LOCATE_DIR(_smart_include_dir,"${_prefix}/${1}") done FR_LOCATE_DIR(_smart_include_dir, $1) for try in $_smart_include_dir; do AC_MSG_CHECKING([for $1 in $try]) CPPFLAGS="-isystem $try $old_CPPFLAGS" AC_TRY_COMPILE([$2 #include <$1>], [int a = 1;], [ smart_include="-isystem $try" AC_MSG_RESULT(yes) break ], [ smart_include= AC_MSG_RESULT(no) ]) done CPPFLAGS="$old_CPPFLAGS" fi dnl # dnl # Found it, set the appropriate variable. dnl # if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi dnl # dnl # Consume prefix, it's not likely to be used dnl # between multiple calls. dnl # smart_prefix= ]) dnl ####################################################################### dnl # dnl # Look for a header file in a number of places. dnl # dnl # Usage: FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct foo], member) dnl # If the member is defined, then the variable dnl # ac_cv_type_struct_foo_has_member is set to 'yes' dnl # AC_DEFUN([FR_CHECK_STRUCT_HAS_MEMBER], [ AC_MSG_CHECKING([for $3 in $2]) dnl BASED on 'offsetof': dnl #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) dnl AC_TRY_COMPILE([ $1 #ifdef HAVE_STDDEF_H #include #endif #ifndef offsetof #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER) #endif ], [ int foo = offsetof($2, $3) ], has_element=" ", has_element=) ac_safe_type=`echo "$2" | sed 'y% %_%'` if test "x$has_element" != "x"; then AC_MSG_RESULT(yes) eval "ac_cv_type_${ac_safe_type}_has_$3=yes" else AC_MSG_RESULT(no) eval "ac_cv_type_${ac_safe_type}_has_$3=" fi ]) dnl Autoconf 2.61 breaks the support for chained configure scripts dnl in combination with config.cache m4_pushdef([AC_OUTPUT], [ unset ac_cv_env_LIBS_set unset ac_cv_env_LIBS_value m4_popdef([AC_OUTPUT]) AC_OUTPUT([$1],[$2],[$3]) ]) dnl # dnl # Figure out which storage class specifier for Thread Local Storage is supported by the compiler dnl # AC_DEFUN([FR_TLS], [ dnl # dnl # See if the compilation works with __thread, for thread-local storage dnl # AC_MSG_CHECKING(for __thread support in compiler) AC_RUN_IFELSE( [AC_LANG_SOURCE( [[ static __thread int val; int main(int argc, char **argv) { val = 0; return val; } ]]) ],[have_tls=yes],[have_tls=no],[have_tls=no]) AC_MSG_RESULT($have_tls) if test "x$have_tls" = "xyes"; then AC_DEFINE([TLS_STORAGE_CLASS],[__thread],[Define if the compiler supports a thread local storage class]) fi dnl # dnl # __declspec(thread) does exactly the same thing as __thread, but is supported by MSVS dnl # if test "x$have_tls" = "xno"; then AC_MSG_CHECKING(for __declspec(thread) support in compiler) AC_RUN_IFELSE( [AC_LANG_SOURCE( [[ static _Thread_local int val; int main(int argc, char **argv) { val = 0; return val; } ]]) ],[have_tls=yes],[have_tls=no],[have_tls=no]) AC_MSG_RESULT($have_tls) if test "x$have_tls" = "xyes"; then AC_DEFINE([TLS_STORAGE_CLASS],[__declspec(thread)],[Define if the compiler supports a thread local storage class]) fi fi dnl # dnl # _Thread_local does exactly the same thing as __thread, but it's standards compliant with C11. dnl # we, however, state we are only compliant with C99, so the compiler will probably emit warnings dnl # if we use it. So save it as a last resort. dnl # if test "x$have_tls" = "xno"; then AC_MSG_CHECKING(for _Thread_local support in compiler) AC_RUN_IFELSE( [AC_LANG_SOURCE( [[ static _Thread_local int val; int main(int argc, char **argv) { val = 0; return val; } ]]) ],[have_tls=yes],[have_tls=no],[have_tls=no]) AC_MSG_RESULT($have_tls) if test "x$have_tls" = "xyes"; then AC_DEFINE([TLS_STORAGE_CLASS],[_Thread_local],[Define if the compiler supports a thread local storage class]) fi fi ]) AC_DEFUN([VL_LIB_READLINE], [ AC_CACHE_CHECK([for a readline compatible library], vl_cv_lib_readline, [ ORIG_LIBS="$LIBS" for readline_lib in readline edit editline; do for termcap_lib in "" termcap curses ncurses; do if test -z "$termcap_lib"; then TRY_LIB="-l$readline_lib" else TRY_LIB="-l$readline_lib -l$termcap_lib" fi LIBS="$ORIG_LIBS $TRY_LIB" AC_TRY_LINK_FUNC(readline, vl_cv_lib_readline="$TRY_LIB") if test -n "$vl_cv_lib_readline"; then break fi done if test -n "$vl_cv_lib_readline"; then break fi done if test -z "$vl_cv_lib_readline"; then vl_cv_lib_readline="no" LIBS="$ORIG_LIBS" fi ]) if test "$vl_cv_lib_readline" != "no"; then LIBREADLINE="$vl_cv_lib_readline" AC_DEFINE(HAVE_LIBREADLINE, 1, [Define if you have a readline compatible library]) AC_CHECK_HEADERS(readline.h readline/readline.h) AC_CACHE_CHECK([whether readline supports history], [vl_cv_lib_readline_history], [ vl_cv_lib_readline_history="no" AC_TRY_LINK_FUNC([add_history], [vl_cv_lib_readline_history="yes"]) ]) if test "$vl_cv_lib_readline_history" = "yes"; then AC_DEFINE(HAVE_READLINE_HISTORY, 1, [Define if your readline library has \`add_history']) AC_CHECK_HEADERS(history.h readline/history.h) fi fi AC_SUBST(LIBREADLINE) ])dnl dnl # dnl # Check if we have the choose expr builtin dnl # AC_DEFUN([FR_HAVE_BUILTIN_CHOOSE_EXPR], [ AC_CACHE_CHECK([for __builtin_choose_expr support in compiler], [ax_cv_cc_builtin_choose_expr],[ AC_RUN_IFELSE( [ AC_LANG_SOURCE( [ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return __builtin_choose_expr(0, 1, 0); } ]) ], [ax_cv_cc_builtin_choose_expr=yes], [ax_cv_cc_builtin_choose_expr=no] ) ]) if test "x$ax_cv_cc_builtin_choose_expr" = "xyes"; then AC_DEFINE([HAVE_BUILTIN_CHOOSE_EXPR],1,[Define if the compiler supports __builtin_choose_expr]) fi ]) dnl # dnl # Check if we have the types compatible p builtin dnl # AC_DEFUN([FR_HAVE_BUILTIN_TYPES_COMPATIBLE_P], [ AC_CACHE_CHECK([for __builtin_types_compatible_p support in compiler], [ax_cv_cc_builtin_types_compatible_p],[ AC_RUN_IFELSE( [ AC_LANG_SOURCE( [ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return !(__builtin_types_compatible_p(char *, char *)); } ]) ], [ax_cv_cc_builtin_types_compatible_p=yes], [ax_cv_cc_builtin_types_compatible_p=no] ) ]) if test "x$ax_cv_cc_builtin_types_compatible_p" = "xyes"; then AC_DEFINE([HAVE_BUILTIN_TYPES_COMPATIBLE_P],1,[Define if the compiler supports __builtin_types_compatible_p]) fi ]) dnl # dnl # Check if we have the bwsap64 builtin dnl # AC_DEFUN([FR_HAVE_BUILTIN_BSWAP64], [ AC_CACHE_CHECK([for __builtin_bswap64 support in compiler], [ax_cv_cc_builtin_bswap64],[ AC_RUN_IFELSE( [ AC_LANG_SOURCE([ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return (__builtin_bswap64(0)); } ]) ], [ax_cv_cc_builtin_bswap64=yes], [ax_cv_cc_builtin_bswap64=no] ) ]) if test "x$ax_cv_cc_builtin_bswap64" = "xyes"; then AC_DEFINE([HAVE_BUILTIN_BSWAP_64],1,[Define if the compiler supports __builtin_bswap64]) fi ]) dnl # dnl # Check if we have __attribute__((__bounded__)) (usually only OpenBSD with GCC) dnl # AC_DEFUN([FR_HAVE_BOUNDED_ATTRIBUTE],[ AC_CACHE_CHECK([for __attribute__((__bounded__)) support in compiler], [ax_cv_cc_bounded_attribute],[ CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror" AC_RUN_IFELSE( [ AC_LANG_SOURCE([ void test(char *buff) __attribute__ ((__bounded__ (__string__, 1, 1))); int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return 0; } ]) ], [ax_cv_cc_bounded_attribute=yes], [ax_cv_cc_bounded_attribute=no] ) CFLAGS="$CFLAGS_SAVED" ]) if test "x$ax_cv_cc_bounded_attribute" = "xyes"; then AC_DEFINE(HAVE_ATTRIBUTE_BOUNDED, 1, [Define if your compiler supports the __bounded__ attribute (usually OpenBSD gcc).]) fi ]) AC_INCLUDE(aclocal.m4) freeradius-server-3.0.16/aclocal.m4000066400000000000000000000102411322570622300170760ustar00rootroot00000000000000# generated automatically by aclocal 1.14.1 -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) m4_include([acinclude.m4]) freeradius-server-3.0.16/autogen.sh000077500000000000000000000006461322570622300172470ustar00rootroot00000000000000#!/bin/sh -e parentdir=`dirname $0` cd $parentdir parentdir=`pwd` libtoolize -f -c #aclocal autoheader autoconf mysubdirs="$mysubdirs `find src/modules/ -name configure -print | sed 's%/configure%%'`" mysubdirs=`echo $mysubdirs` for F in $mysubdirs do echo "Configuring in $F..." (cd $F && grep "^AC_CONFIG_HEADER" configure.ac > /dev/null || exit 0; autoheader -I$parentdir) (cd $F && autoconf -I$parentdir) done freeradius-server-3.0.16/config.guess000077500000000000000000001270741322570622300175730ustar00rootroot00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. timestamp='2007-11-19' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit build system type. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep __ELF__ >/dev/null then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:[3456]*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; EM64T | authenticamd) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips #undef mipsel #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mipsel #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips #else CPU= #endif #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^CPU/{ s: ::g p }'`" test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips64 #undef mips64el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mips64el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips64 #else CPU= #endif #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^CPU/{ s: ::g p }'`" test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent # problems with other programs or directories called `ld' in the path. # Set LC_ALL=C to ensure ld outputs messages in English. ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ | sed -ne '/supported targets:/!d s/[ ][ ]*/ /g s/.*supported targets: *// s/ .*// p'` case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #ifdef __ELF__ # ifdef __GLIBC__ # if __GLIBC__ >= 2 LIBC=gnu # else LIBC=gnulibc1 # endif # else LIBC=gnulibc1 # endif #else #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout #endif #endif #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' /^LIBC/{ s: ::g p }'`" test x"${LIBC}" != x && { echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit } test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: freeradius-server-3.0.16/config.sub000077500000000000000000001001231322570622300172200ustar00rootroot00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. timestamp='2007-11-19' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray) os= basic_machine=$1 ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64vr | mips64vrel \ | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | mt \ | msp430 \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | score \ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64vr-* | mips64vrel-* \ | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; c90) basic_machine=c90-cray os=-unicos ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tic55x | c55x*) basic_machine=tic55x-unknown os=-coff ;; tic6x | c6x*) basic_machine=tic6x-unknown os=-coff ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: freeradius-server-3.0.16/configure000077500000000000000000013155651322570622300171670ustar00rootroot00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for freeradius $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: http://bugs.freeradius.org about your system, including $0: any error possibly output before this message. Then $0: install a modern shell, or manually run the script $0: under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='freeradius' PACKAGE_TARNAME='freeradius' PACKAGE_VERSION='$Id: 1968a4a4cd4e455373c554df6401597dda12e92d $' PACKAGE_STRING='freeradius $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $' PACKAGE_BUGREPORT='http://bugs.freeradius.org' PACKAGE_URL='http://www.freeradius.org' ac_unique_file="src/main/radiusd.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" enable_option_checking=no ac_subst_vars='LTLIBOBJS LIBOBJS STATIC_MODULES USE_STATIC_LIBS USE_SHARED_LIBS INSTALLSTRIP MODULES subdirs HOSTINFO CRYPTLIB LIBPREFIX COLLECTDC_LDFLAGS COLLECTDC_LIBS PCAP_LDFLAGS PCAP_LIBS OPENSSL_CPPFLAGS OPENSSL_LDFLAGS OPENSSL_LIBS LIBREADLINE TALLOC_LDFLAGS TALLOC_LIBS DIRNAME LOCATE AUTOHEADER AUTOCONF ACLOCAL RUSERS SNMPWALK SNMPGET PERL openssl_version_check_config WITH_DHCP modconfdir dictdir raddbdir radacctdir logdir GIT FR_MAKEFLAGS MAKE GMAKE clang_path RANLIB EGREP GREP CPP ac_ct_CXX CXXFLAGS CXX OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC target_os target_vendor target_cpu target host_os host_vendor host_cpu host build_os build_vendor build_cpu build RADIUSD_VERSION_STRING target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_developer enable_largefile enable_strict_dependencies enable_werror with_docdir with_logdir with_radacctdir with_raddbdir with_dictdir with_ascend_binary with_threads with_tcp with_vmps with_dhcp with_static_modules with_shared_libs with_modules with_experimental_modules with_udpfromto with_rlm_FOO_lib_dir with_rlm_FOO_include_dir with_openssl with_openssl_lib_dir with_openssl_include_dir enable_openssl_version_check enable_reproducible_builds with_talloc_lib_dir with_talloc_include_dir with_pcap_lib_dir with_pcap_include_dir with_collectdclient_lib_dir with_collectdclient_include_dir with_cap_lib_dir with_cap_include_dir with_execinfo_lib_dir with_execinfo_include_dir with_pcre with_pcre_lib_dir with_pcre_include_dir with_regex ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CXX CXXFLAGS CCC CPP' ac_subdirs_all='$mysubdirs' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures freeradius $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $ to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/freeradius] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] --target=TARGET configure for building compilers for TARGET [HOST] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of freeradius $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-developer enables features of interest to developers. --disable-largefile omit support for large files --enable-strict-dependencies fail configure on lack of module dependancy. --enable-werror causes the build to fail if any warnings are generated. --disable-openssl-version-check disable vulnerable OpenSSL version check --enable-reproducible-builds ensure the build does not change each time Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-docdir=DIR directory for documentation DATADIR/doc/freeradius --with-logdir=DIR directory for logfiles LOCALSTATEDIR/log/radius --with-radacctdir=DIR directory for detail files LOGDIR/radacct --with-raddbdir=DIR directory for config files SYSCONFDIR/raddb --with-dictdir=DIR directory for dictionary files DATAROOTDIR/freeradius --with-ascend-binary include support for Ascend binary filter attributes (default=yes) --with-threads use threads, if available. (default=yes) --with-tcp compile in TCP support. (default=yes) --with-vmps compile in VMPS support. (default=yes) --with-dhcp compile in DHCP support. (default=yes) --with-static-modules=QUOTED-MODULE-LIST --with-shared-libs build dynamic libraries and link against them. (default=yes) --with-modules=QUOTED-MODULE-LIST --with-experimental-modules use experimental and unstable modules. (default=no, unless --enable-developer=yes) --with-udpfromto compile in UDPFROMTO support. (default=yes) --with-rlm-FOO-lib-dir=DIR directory in which to look for library files used by module FOO --with-rlm-FOO-include-dir=DIR directory in which to look for include files used by module FOO --with-openssl use OpenSSL. (default=yes) --with-openssl-lib-dir=DIR directory to look for OpenSSL library files --with-openssl-include-dir=DIR directory to look for OpenSSL include files --with-talloc-lib-dir=DIR directory in which to look for talloc library files --with-talloc-include-dir=DIR directory in which to look for talloc include files --with-pcap-lib-dir=DIR directory in which to look for pcap library files --with-pcap-include-dir=DIR directory in which to look for pcap include files --with-collectdclient-lib-dir=DIR directory in which to look for collectdclient library files --with-collectdclient-include-dir=DIR directory in which to look for collectdclient include files --with-cap-lib-dir=DIR directory in which to look for cap library files --with-cap-include-dir=DIR directory in which to look for cap include files --with-execinfo-lib-dir=DIR directory in which to look for execinfo library files --with-execinfo-include-dir=DIR directory in which to look for execinfo include files --with-pcre use libpcre (if available). (default=yes) --with-pcre-lib-dir=DIR directory in which to look for pcre library files --with-pcre-include-dir=DIR directory in which to look for pcre include files --with-regex Whether to build with regular expressions (default=yes) Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CXX C++ compiler command CXXFLAGS C++ compiler flags CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . freeradius home page: . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF freeradius configure $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $ generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_cxx_try_compile LINENO # ---------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_cxx_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_cxx_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## ----------------------------------------- ## ## Report this to http://bugs.freeradius.org ## ## ----------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES # --------------------------------------------- # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR # accordingly. ac_fn_c_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by freeradius $as_me $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers src/include/autoconf.h" RADIUSD_MAJOR_VERSION=`cat VERSION | cut -f1 -d.` RADIUSD_MINOR_VERSION=`cat VERSION | cut -f2 -d.` RADIUSD_INCRM_VERSION=`cat VERSION | cut -f3 -d. | sed 's/[\.-].*$//'` RADIUSD_VERSION=`printf "%02i%02i%02i" $RADIUSD_MAJOR_VERSION $RADIUSD_MINOR_VERSION $RADIUSD_INCRM_VERSION` RADIUSD_VERSION_STRING=`cat VERSION` cat >>confdefs.h <<_ACEOF #define RADIUSD_VERSION ${RADIUSD_VERSION} _ACEOF cat >>confdefs.h <<_ACEOF #define RADIUSD_VERSION_STRING "${RADIUSD_VERSION_STRING}" _ACEOF # Check whether --enable-developer was given. if test "${enable_developer+set}" = set; then : enableval=$enable_developer; case "$enableval" in no) developer=no ;; *) developer=yes esac fi if test -d $srcdir/.git; then if test "x$developer" != "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: found .git directory, enabling developer build implicitly, disable with --disable-developer" >&5 $as_echo "$as_me: found .git directory, enabling developer build implicitly, disable with --disable-developer" >&6;} developer="yes" fi fi if test "x$developer" = "xyes"; then : ${CFLAGS=-g3} fi ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking target system type" >&5 $as_echo_n "checking target system type... " >&6; } if ${ac_cv_target+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$target_alias" = x; then ac_cv_target=$ac_cv_host else ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $target_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5 $as_echo "$ac_cv_target" >&6; } case $ac_cv_target in *-*-*) ;; *) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;; esac target=$ac_cv_target ac_save_IFS=$IFS; IFS='-' set x $ac_cv_target shift target_cpu=$1 target_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: target_os=$* IFS=$ac_save_IFS case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac # The aliases save the names the user supplied, while $host etc. # will get canonicalized. test -n "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu if test -z "$CXX"; then if test -n "$CCC"; then CXX=$CCC else if test -n "$ac_tool_prefix"; then for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CXX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CXX"; then ac_cv_prog_CXX="$CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CXX=$ac_cv_prog_CXX if test -n "$CXX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5 $as_echo "$CXX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CXX" && break done fi if test -z "$CXX"; then ac_ct_CXX=$CXX for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CXX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CXX"; then ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CXX="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CXX=$ac_cv_prog_ac_ct_CXX if test -n "$ac_ct_CXX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5 $as_echo "$ac_ct_CXX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CXX" && break done if test "x$ac_ct_CXX" = x; then CXX="g++" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CXX=$ac_ct_CXX fi fi fi fi # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5 $as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; } if ${ac_cv_cxx_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_cxx_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5 $as_echo "$ac_cv_cxx_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GXX=yes else GXX= fi ac_test_CXXFLAGS=${CXXFLAGS+set} ac_save_CXXFLAGS=$CXXFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5 $as_echo_n "checking whether $CXX accepts -g... " >&6; } if ${ac_cv_prog_cxx_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_cxx_werror_flag=$ac_cxx_werror_flag ac_cxx_werror_flag=yes ac_cv_prog_cxx_g=no CXXFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_cv_prog_cxx_g=yes else CXXFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : else ac_cxx_werror_flag=$ac_save_cxx_werror_flag CXXFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_cv_prog_cxx_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cxx_werror_flag=$ac_save_cxx_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5 $as_echo "$ac_cv_prog_cxx_g" >&6; } if test "$ac_test_CXXFLAGS" = set; then CXXFLAGS=$ac_save_CXXFLAGS elif test $ac_cv_prog_cxx_g = yes; then if test "$GXX" = yes; then CXXFLAGS="-g -O2" else CXXFLAGS="-g" fi else if test "$GXX" = yes; then CXXFLAGS="-O2" else CXXFLAGS= fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" if test "x$ac_cv_header_minix_config_h" = xyes; then : MINIX=yes else MINIX= fi if test "$MINIX" = yes; then $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h $as_echo "#define _MINIX 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 $as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } if ${ac_cv_safe_to_define___extensions__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 $ac_includes_default int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_safe_to_define___extensions__=yes else ac_cv_safe_to_define___extensions__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } test $ac_cv_safe_to_define___extensions__ = yes && $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h $as_echo "#define _ALL_SOURCE 1" >>confdefs.h $as_echo "#define _GNU_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h if test $ac_cv_c_compiler_gnu = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 $as_echo_n "checking whether $CC needs -traditional... " >&6; } if ${ac_cv_prog_gcc_traditional+:} false; then : $as_echo_n "(cached) " >&6 else ac_pattern="Autoconf.*'x'" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TIOCGETP _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes else ac_cv_prog_gcc_traditional=no fi rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TCGETA _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 $as_echo "$ac_cv_prog_gcc_traditional" >&6; } if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using SUNPro C" >&5 $as_echo_n "checking whether we are using SUNPro C... " >&6; } if ${ac_cv_prog_suncc+:} false; then : $as_echo_n "(cached) " >&6 else cat > conftest.c <&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_suncc=yes else ac_cv_prog_suncc=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_suncc" >&5 $as_echo "$ac_cv_prog_suncc" >&6; } if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is clang" >&5 $as_echo_n "checking if compiler is clang... " >&6; } if ${ax_cv_cc_clang+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __clang__ not clang #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_clang=yes else ax_cv_cc_clang=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_clang" >&5 $as_echo "$ax_cv_cc_clang" >&6; } if test "x$ax_cv_cc_clang" = "xyes"; then clang_path="$CC" else clang_path="" fi if test "x$GCC" = "xyes"; then CFLAGS="$CFLAGS -Wall -std=c99 -D_GNU_SOURCE" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking or the compiler flag \"-Wno-unknown-warning-option\"" >&5 $as_echo_n "checking or the compiler flag \"-Wno-unknown-warning-option\"... " >&6; } if ${ax_cv_cc_no_unknown_warning_option_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="-Werror -Wno-unknown-warning-option" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { /* * gcc will happily accept -Wno-unknown-warning-option * only emitting an error about it, if an error ocurrs in the source file. */ #if defined(__GNUC__) && !defined(__clang__) gcc sucks #endif return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_no_unknown_warning_option_flag=yes else ax_cv_cc_no_unknown_warning_option_flag=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_no_unknown_warning_option_flag" >&5 $as_echo "$ax_cv_cc_no_unknown_warning_option_flag" >&6; } if test "x$ax_cv_cc_no_unknown_warning_option_flag" = "xyes"; then CFLAGS="$CFLAGS -Wno-unknown-warning-option" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-Qunused-arguments\"" >&5 $as_echo_n "checking for the compiler flag \"-Qunused-arguments\"... " >&6; } if ${ax_cv_cc_qunused_arguments_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror -Qunused-arguments -foobar" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_qunused_arguments_flag="yes" else ax_cv_cc_qunused_arguments_flag="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_qunused_arguments_flag" >&5 $as_echo "$ax_cv_cc_qunused_arguments_flag" >&6; } if test "x$ax_cv_cc_qunused_arguments_flag" = "xyes"; then CFLAGS="$CFLAGS -Qunused-arguments" LDFLAGS="$LDFLAGS -Qunused-arguments" fi # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 $as_echo_n "checking for special C compiler options needed for large files... " >&6; } if ${ac_cv_sys_largefile_CC+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext CC="$CC -n32" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 $as_echo "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } if ${ac_cv_sys_file_offset_bits+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=64; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 $as_echo "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } if ${ac_cv_sys_large_files+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 $as_echo "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF ;; esac rm -rf conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 $as_echo_n "checking whether byte ordering is bigendian... " >&6; } if ${ac_cv_c_bigendian+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler #endif typedef int dummy; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # Check for potential -arch flags. It is not universal unless # there are at least two -arch flags with different values. ac_arch= ac_prev= for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do if test -n "$ac_prev"; then case $ac_word in i?86 | x86_64 | ppc | ppc64) if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then ac_arch=$ac_word else ac_cv_c_bigendian=universal break fi ;; esac ac_prev= elif test "x$ac_word" = "x-arch"; then ac_prev=arch fi done fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ && LITTLE_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to _BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #ifndef _BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. if test "$cross_compiling" = yes; then : # Try to guess by grepping values from an object file. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; int use_ascii (int i) { return ascii_mm[i] + ascii_ii[i]; } short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } extern int foo; int main () { return use_ascii (foo) == use_ebcdic (foo); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* Are we little or big endian? From Harbison&Steele. */ union { long int l; char c[sizeof (long int)]; } u; u.l = 1; return u.c[sizeof (long int) - 1] == 1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_bigendian=no else ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 $as_echo "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) $as_echo "#define FR_BIG_ENDIAN 1" >>confdefs.h ;; #( no) $as_echo "#define FR_LITTLE_ENDIAN 1" >>confdefs.h ;; #( universal) $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) as_fn_error $? "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac # Extract the first word of "gmake", so it can be a program name with args. set dummy gmake; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_GMAKE+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$GMAKE"; then ac_cv_prog_GMAKE="$GMAKE" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_GMAKE="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_GMAKE" && ac_cv_prog_GMAKE="no" fi fi GMAKE=$ac_cv_prog_GMAKE if test -n "$GMAKE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMAKE" >&5 $as_echo "$GMAKE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test $GMAKE = no; then # Extract the first word of "make", so it can be a program name with args. set dummy make; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MAKE+:} false; then : $as_echo_n "(cached) " >&6 else case $MAKE in [\\/]* | ?:[\\/]*) ac_cv_path_MAKE="$MAKE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MAKE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_MAKE" && ac_cv_path_MAKE="/usr/local/bin/make" ;; esac fi MAKE=$ac_cv_path_MAKE if test -n "$MAKE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE" >&5 $as_echo "$MAKE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else # Extract the first word of "gmake", so it can be a program name with args. set dummy gmake; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MAKE+:} false; then : $as_echo_n "(cached) " >&6 else case $MAKE in [\\/]* | ?:[\\/]*) ac_cv_path_MAKE="$MAKE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MAKE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_MAKE" && ac_cv_path_MAKE="/usr/local/gnu/bin/make" ;; esac fi MAKE=$ac_cv_path_MAKE if test -n "$MAKE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE" >&5 $as_echo "$MAKE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi makever=`$ac_cv_path_MAKE --version 2>&1 | grep "GNU Make"` if test -z "$makever"; then as_fn_error $? "GNU Make is not installed. Please download and install it from ftp://prep.ai.mit.edu/pub/gnu/make/ before continuing." "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking number of system cores" >&5 $as_echo_n "checking number of system cores... " >&6; } if ${ax_cv_system_cores+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$cross_compiling" = yes; then : ax_cv_system_cores= else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifdef _WIN32 # include #elif MACOS # include # include #else # include #endif int main (int argc, char *argv[]) { uint32_t count; #ifdef WIN32 SYSTEM_INFO sysinfo; GetSystemInfo(&sysinfo); count = sysinfo.dwNumberOfProcessors; #elif MACOS int nm[2]; size_t len = 4; nm[0] = CTL_HW; nm[1] = HW_AVAILCPU; sysctl(nm, 2, &count, &len, NULL, 0); if(count < 1) { nm[1] = HW_NCPU; sysctl(nm, 2, &count, &len, NULL, 0); if(count < 1) { count = 1; } } #else count = sysconf(_SC_NPROCESSORS_ONLN); #endif return count; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ax_cv_system_cores=$? else ax_cv_system_cores=$? fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_system_cores" >&5 $as_echo "$ax_cv_system_cores" >&6; } # Extract the first word of "git", so it can be a program name with args. set dummy git; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_GIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$GIT"; then ac_cv_prog_GIT="$GIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_GIT="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_GIT" && ac_cv_prog_GIT="no" fi fi GIT=$ac_cv_prog_GIT if test -n "$GIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GIT" >&5 $as_echo "$GIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --enable-strict-dependencies was given. if test "${enable_strict_dependencies+set}" = set; then : enableval=$enable_strict_dependencies; fi # Check whether --enable-werror was given. if test "${enable_werror+set}" = set; then : enableval=$enable_werror; case "$enableval" in no) werror=no ;; *) werror=yes esac fi docdir='${datadir}/doc/freeradius' { $as_echo "$as_me:${as_lineno-$LINENO}: checking docdir" >&5 $as_echo_n "checking docdir... " >&6; } # Check whether --with-docdir was given. if test "${with_docdir+set}" = set; then : withval=$with_docdir; case "$withval" in no) docdir=no ;; yes) ;; [\\/$]* | ?:[\\/]* ) docdir="$withval" ;; *) as_fn_error $? "expected an absolute directory name for --with-docdir: $withval" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $docdir" >&5 $as_echo "$docdir" >&6; } if test "x$docdir" = xno; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Documentation files will NOT be installed." >&5 $as_echo "$as_me: WARNING: Documentation files will NOT be installed." >&2;} fi logdir='${localstatedir}/log/radius' { $as_echo "$as_me:${as_lineno-$LINENO}: checking logdir" >&5 $as_echo_n "checking logdir... " >&6; } # Check whether --with-logdir was given. if test "${with_logdir+set}" = set; then : withval=$with_logdir; case "$withval" in no) as_fn_error $? "Need logdir" "$LINENO" 5 ;; yes) ;; [\\/$]* | ?:[\\/]* ) logdir="$withval" ;; *) as_fn_error $? "expected an absolute directory name for --with-logdir: $withval" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $logdir" >&5 $as_echo "$logdir" >&6; } radacctdir='${logdir}/radacct' { $as_echo "$as_me:${as_lineno-$LINENO}: checking radacctdir" >&5 $as_echo_n "checking radacctdir... " >&6; } # Check whether --with-radacctdir was given. if test "${with_radacctdir+set}" = set; then : withval=$with_radacctdir; case "$withval" in no) as_fn_error $? "Need radacctdir" "$LINENO" 5 ;; yes) ;; [\\/$]* | ?:[\\/]* ) radacctdir="$withval" ;; *) as_fn_error $? "expected an absolute directory name for --with-radacctdir: $withval" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $radacctdir" >&5 $as_echo "$radacctdir" >&6; } raddbdir='${sysconfdir}/raddb' { $as_echo "$as_me:${as_lineno-$LINENO}: checking raddbdir" >&5 $as_echo_n "checking raddbdir... " >&6; } # Check whether --with-raddbdir was given. if test "${with_raddbdir+set}" = set; then : withval=$with_raddbdir; case "$withval" in no) as_fn_error $? "Need raddbdir" "$LINENO" 5 ;; yes) ;; [\\/$]* | ?:[\\/]* ) raddbdir="$withval" ;; *) as_fn_error $? "expected an absolute directory name for --with-raddbdir: $withval" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $raddbdir" >&5 $as_echo "$raddbdir" >&6; } dictdir='${datarootdir}/freeradius' { $as_echo "$as_me:${as_lineno-$LINENO}: checking dictdir" >&5 $as_echo_n "checking dictdir... " >&6; } # Check whether --with-dictdir was given. if test "${with_dictdir+set}" = set; then : withval=$with_dictdir; case "$withval" in no) as_fn_error $? "Need dictdir" "$LINENO" 5 ;; yes) ;; [\\/$]* | ?:[\\/]* ) dictdir="$withval" ;; *) as_fn_error $? "expected an absolute directory name for --with-dictdir: $withval" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dictdir" >&5 $as_echo "$dictdir" >&6; } modconfdir='${raddbdir}/mods-config' WITH_ASCEND_BINARY=yes # Check whether --with-ascend-binary was given. if test "${with_ascend_binary+set}" = set; then : withval=$with_ascend_binary; case "$withval" in yes) ;; *) WITH_ASCEND_BINARY=no esac fi if test "x$WITH_ASCEND_BINARY" = "xyes"; then $as_echo "#define WITH_ASCEND_BINARY 1" >>confdefs.h fi WITH_THREADS=yes # Check whether --with-threads was given. if test "${with_threads+set}" = set; then : withval=$with_threads; case "$withval" in yes) ;; *) WITH_THREADS=no esac fi WITH_TCP=yes # Check whether --with-tcp was given. if test "${with_tcp+set}" = set; then : withval=$with_tcp; case "$withval" in yes) ;; *) WITH_TCP=no esac fi if test "x$WITH_TCP" = "xyes"; then $as_echo "#define WITH_TCP 1" >>confdefs.h fi WITH_VMPS=yes # Check whether --with-vmps was given. if test "${with_vmps+set}" = set; then : withval=$with_vmps; case "$withval" in yes) ;; *) WITH_VMPS=no esac fi if test "x$WITH_VMPS" = "xyes"; then $as_echo "#define WITH_VMPS 1" >>confdefs.h fi WITH_DHCP=yes # Check whether --with-dhcp was given. if test "${with_dhcp+set}" = set; then : withval=$with_dhcp; case "$withval" in yes) ;; *) WITH_DHCP=no esac fi if test "x$WITH_DHCP" = "xyes"; then $as_echo "#define WITH_DHCP 1" >>confdefs.h fi STATIC_MODULES= # Check whether --with-static_modules was given. if test "${with_static_modules+set}" = set; then : withval=$with_static_modules; for i in $withval; do STATIC_MODULES="$STATIC_MODULES -dlpreopen ../modules/rlm_$i/rlm_$i.la" done fi USE_SHARED_LIBS=yes # Check whether --with-shared-libs was given. if test "${with_shared_libs+set}" = set; then : withval=$with_shared_libs; case "$withval" in no) USE_SHARED_LIBS=no ;; *) esac fi MODULES= # Check whether --with-modules was given. if test "${with_modules+set}" = set; then : withval=$with_modules; for i in $withval; do MODULES="$MODULES $i" done fi EXPERIMENTAL= # Check whether --with-experimental-modules was given. if test "${with_experimental_modules+set}" = set; then : withval=$with_experimental_modules; case "$withval" in yes) EXPERIMENTAL=yes ;; no) EXPERIMENTAL=no ;; *) esac fi WITH_UDPFROMTO=yes # Check whether --with-udpfromto was given. if test "${with_udpfromto+set}" = set; then : withval=$with_udpfromto; case "$withval" in yes) WITH_UDPFROMTO=yes ;; *) WITH_UDPFROMTO=no esac fi if test "x$WITH_UDPFROMTO" = "xyes"; then $as_echo "#define WITH_UDPFROMTO /**/" >>confdefs.h fi # Check whether --with-rlm-FOO-lib-dir was given. if test "${with_rlm_FOO_lib_dir+set}" = set; then : withval=$with_rlm_FOO_lib_dir; case "$withval" in *) ;; esac fi # Check whether --with-rlm-FOO-include-dir was given. if test "${with_rlm_FOO_include_dir+set}" = set; then : withval=$with_rlm_FOO_include_dir; case "$withval" in *) ;; esac fi WITH_OPENSSL=yes # Check whether --with-openssl was given. if test "${with_openssl+set}" = set; then : withval=$with_openssl; case "$withval" in no) WITH_OPENSSL=no ;; *) WITH_OPENSSL=yes ;; esac fi openssl_lib_dir= # Check whether --with-openssl-lib-dir was given. if test "${with_openssl_lib_dir+set}" = set; then : withval=$with_openssl_lib_dir; case "$withval" in *) openssl_lib_dir="$withval" ;; esac fi openssl_include_dir= # Check whether --with-openssl-include-dir was given. if test "${with_openssl_include_dir+set}" = set; then : withval=$with_openssl_include_dir; case "$withval" in *) openssl_include_dir="$withval" ;; esac fi # Check whether --enable-openssl-version-check was given. if test "${enable_openssl_version_check+set}" = set; then : enableval=$enable_openssl_version_check; fi if test "x$enable_openssl_version_check" != "xno"; then $as_echo "#define ENABLE_OPENSSL_VERSION_CHECK 1" >>confdefs.h openssl_version_check_config="\ # # allow_vulnerable_openssl: Allow the server to start with # versions of OpenSSL known to have critical vulnerabilities. # # This check is based on the version number reported by libssl # and may not reflect patches applied to libssl by # distribution maintainers. # allow_vulnerable_openssl = no" else openssl_version_check_config= fi # Check whether --enable-reproducible-builds was given. if test "${enable_reproducible_builds+set}" = set; then : enableval=$enable_reproducible_builds; case "$enableval" in yes) $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h reproducible_builds=yes ;; *) reproducible_builds=no esac fi CHECKRAD=checkrad # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PERL+:} false; then : $as_echo_n "(cached) " >&6 else case $PERL in [\\/]* | ?:[\\/]*) ac_cv_path_PERL="$PERL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_PERL" && ac_cv_path_PERL="/usr/local/bin/perl" ;; esac fi PERL=$ac_cv_path_PERL if test -n "$PERL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 $as_echo "$PERL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_cv_path_PERL" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: perl not found - Simultaneous-Use and checkrad may not work" >&5 $as_echo "$as_me: WARNING: perl not found - Simultaneous-Use and checkrad may not work" >&2;} fi # Extract the first word of "snmpget", so it can be a program name with args. set dummy snmpget; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SNMPGET+:} false; then : $as_echo_n "(cached) " >&6 else case $SNMPGET in [\\/]* | ?:[\\/]*) ac_cv_path_SNMPGET="$SNMPGET" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SNMPGET="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SNMPGET=$ac_cv_path_SNMPGET if test -n "$SNMPGET"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SNMPGET" >&5 $as_echo "$SNMPGET" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_cv_path_SNMPGET" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: snmpget not found - Simultaneous-Use and checkrad may not work" >&5 $as_echo "$as_me: WARNING: snmpget not found - Simultaneous-Use and checkrad may not work" >&2;} fi # Extract the first word of "snmpwalk", so it can be a program name with args. set dummy snmpwalk; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SNMPWALK+:} false; then : $as_echo_n "(cached) " >&6 else case $SNMPWALK in [\\/]* | ?:[\\/]*) ac_cv_path_SNMPWALK="$SNMPWALK" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SNMPWALK="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SNMPWALK=$ac_cv_path_SNMPWALK if test -n "$SNMPWALK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SNMPWALK" >&5 $as_echo "$SNMPWALK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_cv_path_SNMPWALK" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: snmpwalk not found - Simultaneous-Use and checkrad may not work" >&5 $as_echo "$as_me: WARNING: snmpwalk not found - Simultaneous-Use and checkrad may not work" >&2;} fi # Extract the first word of "rusers", so it can be a program name with args. set dummy rusers; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_RUSERS+:} false; then : $as_echo_n "(cached) " >&6 else case $RUSERS in [\\/]* | ?:[\\/]*) ac_cv_path_RUSERS="$RUSERS" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_RUSERS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_RUSERS" && ac_cv_path_RUSERS="/usr/bin/rusers" ;; esac fi RUSERS=$ac_cv_path_RUSERS if test -n "$RUSERS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUSERS" >&5 $as_echo "$RUSERS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi missing_dir=`cd $ac_aux_dir && pwd` # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} # Extract the first word of "locate", so it can be a program name with args. set dummy locate; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_LOCATE+:} false; then : $as_echo_n "(cached) " >&6 else case $LOCATE in [\\/]* | ?:[\\/]*) ac_cv_path_LOCATE="$LOCATE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_LOCATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi LOCATE=$ac_cv_path_LOCATE if test -n "$LOCATE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LOCATE" >&5 $as_echo "$LOCATE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "dirname", so it can be a program name with args. set dummy dirname; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_DIRNAME+:} false; then : $as_echo_n "(cached) " >&6 else case $DIRNAME in [\\/]* | ?:[\\/]*) ac_cv_path_DIRNAME="$DIRNAME" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DIRNAME="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi DIRNAME=$ac_cv_path_DIRNAME if test -n "$DIRNAME"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DIRNAME" >&5 $as_echo "$DIRNAME" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "grep", so it can be a program name with args. set dummy grep; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else case $GREP in [\\/]* | ?:[\\/]*) ac_cv_path_GREP="$GREP" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GREP="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi GREP=$ac_cv_path_GREP if test -n "$GREP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GREP" >&5 $as_echo "$GREP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi talloc_lib_dir= # Check whether --with-talloc-lib-dir was given. if test "${with_talloc_lib_dir+set}" = set; then : withval=$with_talloc_lib_dir; case "$withval" in no) as_fn_error $? "Need talloc-lib-dir" "$LINENO" 5 ;; yes) ;; *) talloc_lib_dir="$withval" ;; esac fi talloc_include_dir= # Check whether --with-talloc-include-dir was given. if test "${with_talloc_include_dir+set}" = set; then : withval=$with_talloc_include_dir; case "$withval" in no) as_fn_error $? "Need talloc-include-dir" "$LINENO" 5 ;; yes) ;; *) talloc_include_dir="$withval" ;; esac fi smart_try_dir="$talloc_lib_dir" sm_lib_safe=`echo "talloc" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "_talloc" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _talloc in -ltalloc in $try" >&5 $as_echo_n "checking for _talloc in -ltalloc in $try... " >&6; } LIBS="-ltalloc $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char _talloc(); int main () { _talloc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-ltalloc" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _talloc in -ltalloc" >&5 $as_echo_n "checking for _talloc in -ltalloc... " >&6; } LIBS="-ltalloc $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char _talloc(); int main () { _talloc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-ltalloc" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libtalloc${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libtalloc.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _talloc in -ltalloc in $try" >&5 $as_echo_n "checking for _talloc in -ltalloc in $try... " >&6; } LIBS="-ltalloc $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char _talloc(); int main () { _talloc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-ltalloc" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_talloc__talloc" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: talloc library not found. Use --with-talloc-lib-dir=." >&5 $as_echo "$as_me: WARNING: talloc library not found. Use --with-talloc-lib-dir=." >&2;} as_fn_error $? "FreeRADIUS requires libtalloc" "$LINENO" 5 fi TALLOC_LIBS="${smart_lib}" TALLOC_LDFLAGS="${smart_ldflags}" LIBS="$old_LIBS" old_CFLAGS=$CFLAGS if test "x$WITH_THREADS" = "xyes"; then if test $ac_cv_prog_suncc = "yes"; then CFLAGS="$CFLAGS -mt" fi for ac_header in pthread.h do : ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" if test "x$ac_cv_header_pthread_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PTHREAD_H 1 _ACEOF else WITH_THREADS="no" fail=pthread.h fi done if test "x$WITH_THREADS" != "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5 $as_echo_n "checking for pthread_create in -lpthread... " >&6; } if ${ac_cv_lib_pthread_pthread_create+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_create (); int main () { return pthread_create (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pthread_pthread_create=yes else ac_cv_lib_pthread_pthread_create=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_create" >&5 $as_echo "$ac_cv_lib_pthread_pthread_create" >&6; } if test "x$ac_cv_lib_pthread_pthread_create" = xyes; then : HAVE_LPTHREAD='yes' CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS" LIBS="-lpthread $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-pthread\"" >&5 $as_echo_n "checking for the compiler flag \"-pthread\"... " >&6; } if ${ax_cv_cc_pthread_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror -pthread" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_pthread_flag="yes" else ax_cv_cc_pthread_flag="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_pthread_flag" >&5 $as_echo "$ax_cv_cc_pthread_flag" >&6; } if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then CFLAGS="$CFLAGS -pthread" fi fi if test "x$HAVE_LPTHREAD" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lc_r" >&5 $as_echo_n "checking for pthread_create in -lc_r... " >&6; } if ${ac_cv_lib_c_r_pthread_create+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lc_r $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_create (); int main () { return pthread_create (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_c_r_pthread_create=yes else ac_cv_lib_c_r_pthread_create=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_r_pthread_create" >&5 $as_echo "$ac_cv_lib_c_r_pthread_create" >&6; } if test "x$ac_cv_lib_c_r_pthread_create" = xyes; then : CFLAGS="$CFLAGS -D_THREAD_SAFE" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-pthread\"" >&5 $as_echo_n "checking for the compiler flag \"-pthread\"... " >&6; } if ${ax_cv_cc_pthread_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror -pthread" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_pthread_flag="yes" else ax_cv_cc_pthread_flag="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_pthread_flag" >&5 $as_echo "$ax_cv_cc_pthread_flag" >&6; } if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then LIBS="-lc_r $LIBS" else CFLAGS="$CFLAGS -pthread" fi else fail=-lc_r or -lpthread fi fi fi if test "x$WITH_THREADS" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building with thread support." >&5 $as_echo "$as_me: WARNING: silently not building with thread support." >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: thread support requires: $fail." >&5 $as_echo "$as_me: WARNING: FAILURE: thread support requires: $fail." >&2;} else $as_echo "#define WITH_THREADS 1" >>confdefs.h fi fi if test "x$WITH_THREADS" != "xyes"; then CFLAGS=$old_CFLAGS ac_cv_header_pthread_h="no" WITH_THREADS=no else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sem_init" >&5 $as_echo_n "checking for library containing sem_init... " >&6; } if ${ac_cv_search_sem_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sem_init (); int main () { return sem_init (); ; return 0; } _ACEOF for ac_lib in '' pthread sem posix4 rt semaphore; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_sem_init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_sem_init+:} false; then : break fi done if ${ac_cv_search_sem_init+:} false; then : else ac_cv_search_sem_init=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sem_init" >&5 $as_echo "$ac_cv_search_sem_init" >&6; } ac_res=$ac_cv_search_sem_init if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else as_fn_error $? "-lsem not found. You may want to download it from ftp://ftp.to.gd-es.com/pub/BSDI/libsem.tar.bz2 or ftp://ftp.freeradius.org/pub/radius/contrib/libsem.tar.gz" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBDL 1 _ACEOF LIBS="-ldl $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getsockname in -lsocket" >&5 $as_echo_n "checking for getsockname in -lsocket... " >&6; } if ${ac_cv_lib_socket_getsockname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getsockname (); int main () { return getsockname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_getsockname=yes else ac_cv_lib_socket_getsockname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_getsockname" >&5 $as_echo "$ac_cv_lib_socket_getsockname" >&6; } if test "x$ac_cv_lib_socket_getsockname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBSOCKET 1 _ACEOF LIBS="-lsocket $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_aton in -lresolv" >&5 $as_echo_n "checking for inet_aton in -lresolv... " >&6; } if ${ac_cv_lib_resolv_inet_aton+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inet_aton (); int main () { return inet_aton (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv_inet_aton=yes else ac_cv_lib_resolv_inet_aton=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_inet_aton" >&5 $as_echo "$ac_cv_lib_resolv_inet_aton" >&6; } if test "x$ac_cv_lib_resolv_inet_aton" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_ntoa in -lnsl" >&5 $as_echo_n "checking for inet_ntoa in -lnsl... " >&6; } if ${ac_cv_lib_nsl_inet_ntoa+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inet_ntoa (); int main () { return inet_ntoa (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_inet_ntoa=yes else ac_cv_lib_nsl_inet_ntoa=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_inet_ntoa" >&5 $as_echo "$ac_cv_lib_nsl_inet_ntoa" >&6; } if test "x$ac_cv_lib_nsl_inet_ntoa" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBNSL 1 _ACEOF LIBS="-lnsl $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for htonl in -lws2_32" >&5 $as_echo_n "checking for htonl in -lws2_32... " >&6; } if ${ac_cv_lib_ws2_32_htonl+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lws2_32 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char htonl (); int main () { return htonl (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ws2_32_htonl=yes else ac_cv_lib_ws2_32_htonl=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ws2_32_htonl" >&5 $as_echo "$ac_cv_lib_ws2_32_htonl" >&6; } if test "x$ac_cv_lib_ws2_32_htonl" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBWS2_32 1 _ACEOF LIBS="-lws2_32 $LIBS" fi pcap_lib_dir= # Check whether --with-pcap-lib-dir was given. if test "${with_pcap_lib_dir+set}" = set; then : withval=$with_pcap_lib_dir; case "$withval" in no) as_fn_error $? "Need pcap-lib-dir" "$LINENO" 5 ;; yes) ;; *) pcap_lib_dir="$withval" ;; esac fi pcap_include_dir= # Check whether --with-pcap-include-dir was given. if test "${with_pcap_include_dir+set}" = set; then : withval=$with_pcap_include_dir; case "$withval" in no) as_fn_error $? "Need pcap-include-dir" "$LINENO" 5 ;; yes) ;; *) pcap_include_dir="$withval" ;; esac fi smart_try_dir="$pcap_lib_dir" sm_lib_safe=`echo "pcap" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "pcap_open_live" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_open_live in -lpcap in $try" >&5 $as_echo_n "checking for pcap_open_live in -lpcap in $try... " >&6; } LIBS="-lpcap $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcap_open_live(); int main () { pcap_open_live() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcap" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_open_live in -lpcap" >&5 $as_echo_n "checking for pcap_open_live in -lpcap... " >&6; } LIBS="-lpcap $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcap_open_live(); int main () { pcap_open_live() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcap" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libpcap${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libpcap.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_open_live in -lpcap in $try" >&5 $as_echo_n "checking for pcap_open_live in -lpcap in $try... " >&6; } LIBS="-lpcap $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcap_open_live(); int main () { pcap_open_live() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcap" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_pcap_pcap_open_live" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pcap library not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-lib-dir=." >&5 $as_echo "$as_me: WARNING: pcap library not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-lib-dir=." >&2;} else $as_echo "#define HAVE_LIBPCAP 1" >>confdefs.h for ac_func in \ pcap_fopen_offline \ pcap_dump_fopen \ pcap_create \ pcap_activate do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done PCAP_LIBS="${smart_lib}" PCAP_LDFLAGS="${smart_ldflags}" fi LIBS="${old_LIBS}" collectdclient_lib_dir= # Check whether --with-collectdclient-lib-dir was given. if test "${with_collectdclient_lib_dir+set}" = set; then : withval=$with_collectdclient_lib_dir; case "$withval" in no) as_fn_error $? "Need collectdclient-lib-dir" "$LINENO" 5 ;; yes) ;; *) collectdclient_lib_dir="$withval" ;; esac fi collectdclient_include_dir= # Check whether --with-collectdclient-include-dir was given. if test "${with_collectdclient_include_dir+set}" = set; then : withval=$with_collectdclient_include_dir; case "$withval" in no) as_fn_error $? "Need collectdclient-include-dir" "$LINENO" 5 ;; yes) ;; *) collectdclient_include_dir="$withval" ;; esac fi smart_try_dir="$collectdclient_lib_dir" sm_lib_safe=`echo "collectdclient" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "lcc_connect" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lcc_connect in -lcollectdclient in $try" >&5 $as_echo_n "checking for lcc_connect in -lcollectdclient in $try... " >&6; } LIBS="-lcollectdclient $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char lcc_connect(); int main () { lcc_connect() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcollectdclient" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lcc_connect in -lcollectdclient" >&5 $as_echo_n "checking for lcc_connect in -lcollectdclient... " >&6; } LIBS="-lcollectdclient $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char lcc_connect(); int main () { lcc_connect() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcollectdclient" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libcollectdclient${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libcollectdclient.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lcc_connect in -lcollectdclient in $try" >&5 $as_echo_n "checking for lcc_connect in -lcollectdclient in $try... " >&6; } LIBS="-lcollectdclient $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char lcc_connect(); int main () { lcc_connect() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcollectdclient" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_collectdclient_lcc_connect" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=." >&5 $as_echo "$as_me: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=." >&2;} else COLLECTDC_LIBS="${smart_lib}" COLLECTDC_LDFLAGS="${smart_ldflags}" fi LIBS="${old_LIBS}" cap_lib_dir= # Check whether --with-cap-lib-dir was given. if test "${with_cap_lib_dir+set}" = set; then : withval=$with_cap_lib_dir; case "$withval" in no) as_fn_error $? "Need cap-lib-dir" "$LINENO" 5 ;; yes) ;; *) cap_lib_dir="$withval" ;; esac fi cap_include_dir= # Check whether --with-cap-include-dir was given. if test "${with_cap_include_dir+set}" = set; then : withval=$with_cap_include_dir; case "$withval" in no) as_fn_error $? "Need cap-include-dir" "$LINENO" 5 ;; yes) ;; *) cap_include_dir="$withval" ;; esac fi smart_try_dir="$cap_lib_dir" sm_lib_safe=`echo "cap" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "cap_get_proc" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_get_proc in -lcap in $try" >&5 $as_echo_n "checking for cap_get_proc in -lcap in $try... " >&6; } LIBS="-lcap $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char cap_get_proc(); int main () { cap_get_proc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcap" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_get_proc in -lcap" >&5 $as_echo_n "checking for cap_get_proc in -lcap... " >&6; } LIBS="-lcap $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char cap_get_proc(); int main () { cap_get_proc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcap" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libcap${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libcap.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_get_proc in -lcap in $try" >&5 $as_echo_n "checking for cap_get_proc in -lcap in $try... " >&6; } LIBS="-lcap $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char cap_get_proc(); int main () { cap_get_proc() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcap" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_cap_cap_get_proc" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cap library not found, debugger checks will not be enabled. Use --with-cap-lib-dir=." >&5 $as_echo "$as_me: WARNING: cap library not found, debugger checks will not be enabled. Use --with-cap-lib-dir=." >&2;} else $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h HAVE_LIBCAP=1 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a readline compatible library" >&5 $as_echo_n "checking for a readline compatible library... " >&6; } if ${vl_cv_lib_readline+:} false; then : $as_echo_n "(cached) " >&6 else ORIG_LIBS="$LIBS" for readline_lib in readline edit editline; do for termcap_lib in "" termcap curses ncurses; do if test -z "$termcap_lib"; then TRY_LIB="-l$readline_lib" else TRY_LIB="-l$readline_lib -l$termcap_lib" fi LIBS="$ORIG_LIBS $TRY_LIB" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char readline (); int main () { return readline (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : vl_cv_lib_readline="$TRY_LIB" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -n "$vl_cv_lib_readline"; then break fi done if test -n "$vl_cv_lib_readline"; then break fi done if test -z "$vl_cv_lib_readline"; then vl_cv_lib_readline="no" LIBS="$ORIG_LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $vl_cv_lib_readline" >&5 $as_echo "$vl_cv_lib_readline" >&6; } if test "$vl_cv_lib_readline" != "no"; then LIBREADLINE="$vl_cv_lib_readline" $as_echo "#define HAVE_LIBREADLINE 1" >>confdefs.h for ac_header in readline.h readline/readline.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether readline supports history" >&5 $as_echo_n "checking whether readline supports history... " >&6; } if ${vl_cv_lib_readline_history+:} false; then : $as_echo_n "(cached) " >&6 else vl_cv_lib_readline_history="no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char add_history (); int main () { return add_history (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : vl_cv_lib_readline_history="yes" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $vl_cv_lib_readline_history" >&5 $as_echo "$vl_cv_lib_readline_history" >&6; } if test "$vl_cv_lib_readline_history" = "yes"; then $as_echo "#define HAVE_READLINE_HISTORY 1" >>confdefs.h for ac_header in history.h readline/history.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done fi fi smart_try_dir="$talloc_include_dir" ac_safe=`echo "talloc.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for talloc.h in $try" >&5 $as_echo_n "checking for talloc.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/talloc.h" >&5 $as_echo_n "checking for ${_prefix}/talloc.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for talloc.h" >&5 $as_echo_n "checking for talloc.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=talloc.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for talloc.h in $try" >&5 $as_echo_n "checking for talloc.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_talloc_h" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: talloc headers not found. Use --with-talloc-include-dir=." >&5 $as_echo "$as_me: WARNING: talloc headers not found. Use --with-talloc-include-dir=." >&2;} as_fn_error $? "FreeRADIUS requires libtalloc" "$LINENO" 5 fi case "$host" in *-interix*) CFLAGS="$CFLAGS -D_ALL_SOURCE" ;; *-darwin*) CFLAGS="$CFLAGS -DDARWIN" LIBS="-framework DirectoryService $LIBS" $as_echo "#define __APPLE_USE_RFC_3542 1" >>confdefs.h ;; esac ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if eval \${$as_ac_Header+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$as_ac_Header=yes" else eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$as_ac_Header { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 $as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } if ${ac_cv_header_sys_wait_h+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_sys_wait_h=yes else ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 $as_echo "$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then $as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h fi for ac_header in \ arpa/inet.h \ crypt.h \ dlfcn.h \ errno.h \ fcntl.h \ features.h \ fnmatch.h \ getopt.h \ glob.h \ grp.h \ inttypes.h \ limits.h \ linux/if_packet.h \ malloc.h \ netdb.h \ netinet/in.h \ prot.h \ pwd.h \ resource.h \ semaphore.h \ sia.h \ siad.h \ signal.h \ stdbool.h \ stddef.h \ stdint.h \ stdio.h \ sys/event.h \ sys/fcntl.h \ sys/prctl.h \ sys/ptrace.h \ sys/resource.h \ sys/security.h \ sys/select.h \ sys/socket.h \ sys/time.h \ sys/types.h \ sys/un.h \ sys/wait.h \ syslog.h \ unistd.h \ utime.h \ utmp.h \ utmpx.h \ winsock.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in net/if.h do : ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" " #ifdef HAVE_SYS_SOCKET_H # include #endif " if test "x$ac_cv_header_net_if_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NET_IF_H 1 _ACEOF fi done if test "x$ac_cv_header_sys_security_h" = "xyes" && test "x$ac_cv_header_prot_h" = "xyes" then $as_echo "#define OSFC2 /**/" >>confdefs.h fi if test "x$ac_cv_header_sia_h" = "xyes" && test "x$ac_cv_header_siad_h" = "xyes" then $as_echo "#define OSFSIA /**/" >>confdefs.h fi if test "x$WITH_OPENSSL" = xyes; then OLD_LIBS="$LIBS" CFLAGS="$CFLAGS -DOPENSSL_NO_KRB5" smart_try_dir="$openssl_lib_dir" sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } LIBS="-lcrypto $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char DH_new(); int main () { DH_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcrypto" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto" >&5 $as_echo_n "checking for DH_new in -lcrypto... " >&6; } LIBS="-lcrypto $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char DH_new(); int main () { DH_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcrypto" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libcrypto${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libcrypto.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } LIBS="-lcrypto $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char DH_new(); int main () { DH_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lcrypto" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then $as_echo "#define HAVE_LIBCRYPTO 1" >>confdefs.h OPENSSL_LIBS="$smart_lib" OPENSSL_LDFLAGS="$smart_ldflags" sm_lib_safe=`echo "ssl" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "SSL_new" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl in $try" >&5 $as_echo_n "checking for SSL_new in -lssl in $try... " >&6; } LIBS="-lssl $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char SSL_new(); int main () { SSL_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lssl" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 $as_echo_n "checking for SSL_new in -lssl... " >&6; } LIBS="-lssl $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char SSL_new(); int main () { SSL_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lssl" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libssl${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libssl.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl in $try" >&5 $as_echo_n "checking for SSL_new in -lssl in $try... " >&6; } LIBS="-lssl $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char SSL_new(); int main () { SSL_new() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lssl" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_ssl_SSL_new" != "xyes"; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed linking to libssl. Use --with-openssl-lib-dir=, or --with-openssl=no (builds without OpenSSL) See \`config.log' for more details" "$LINENO" 5; } else $as_echo "#define HAVE_LIBSSL 1" >>confdefs.h OPENSSL_LIBS="$OPENSSL_LIBS $smart_lib" if test "$OPENSSL_LDFLAGS" != "$smart_ldflags"; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "\"inconsistent LDFLAGS between -lssl '$smart_ldflags' and -lcrypto '$OPENSSL_LDFLAGS'\" See \`config.log' for more details" "$LINENO" 5; } fi fi else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed linking to libcrypto. Use --with-openssl-lib-dir=, or --with-openssl=no (builds without OpenSSL) See \`config.log' for more details" "$LINENO" 5; } fi smart_try_dir="$openssl_include_dir" ac_safe=`echo "openssl/ssl.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ssl.h in $try" >&5 $as_echo_n "checking for openssl/ssl.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ssl.h" >&5 $as_echo_n "checking for ${_prefix}/openssl/ssl.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ssl.h" >&5 $as_echo_n "checking for openssl/ssl.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=openssl/ssl.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ssl.h in $try" >&5 $as_echo_n "checking for openssl/ssl.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_openssl_ssl_h" = "xyes"; then $as_echo "#define HAVE_OPENSSL_SSL_H 1" >>confdefs.h for ac_header in \ openssl/asn1.h \ openssl/conf.h \ openssl/crypto.h \ openssl/err.h \ openssl/evp.h \ openssl/hmac.h \ openssl/md5.h \ openssl/md4.h \ openssl/sha.h \ openssl/ssl.h \ openssl/ocsp.h \ openssl/engine.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF OPENSSL_CPPFLAGS="$smart_include" else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed locating OpenSSL headers. Use --with-openssl-include-dir=, or --with-openssl=no (builds without OpenSSL) See \`config.log' for more details" "$LINENO" 5; } fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 0.9.7" >&5 $as_echo_n "checking for OpenSSL version >= 0.9.7... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "yes" >/dev/null 2>&1; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "OpenSSL version too old See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest* old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$OPENSSL_CPPFLAGS $CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library and header version consistency" >&5 $as_echo_n "checking OpenSSL library and header version consistency... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling (assuming yes)" >&5 $as_echo "cross-compiling (assuming yes)" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { printf("library: %lx header: %lx... ", (unsigned long) SSLeay(), (unsigned long) OPENSSL_VERSION_NUMBER); if (SSLeay() == OPENSSL_VERSION_NUMBER) { return 0; } else { return 1; } ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "OpenSSL library version does not match header version See \`config.log' for more details" "$LINENO" 5; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi for ac_func in \ SSL_get_client_random \ SSL_get_server_random \ SSL_SESSION_get_master_key \ HMAC_CTX_new \ HMAC_CTX_free \ ASN1_STRING_get0_data \ CONF_modules_load_file \ CRYPTO_set_id_callback \ CRYPTO_set_locking_callback do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done CPPFLAGS="$old_CPPFLAGS" fi LIBS="$OLD_LIBS" export OPENSSL_LIBS OPENSSL_LDFLAGS OPENSSL_CPPFLAGS fi if test "x$PCAP_LIBS" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: skipping test for pcap.h." >&5 $as_echo "$as_me: skipping test for pcap.h." >&6;} else smart_try_dir="$pcap_include_dir" ac_safe=`echo "pcap.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap.h in $try" >&5 $as_echo_n "checking for pcap.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/pcap.h" >&5 $as_echo_n "checking for ${_prefix}/pcap.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap.h" >&5 $as_echo_n "checking for pcap.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=pcap.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap.h in $try" >&5 $as_echo_n "checking for pcap.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_pcap_h" = "xyes"; then $as_echo "#define HAVE_PCAP_H 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pcap headers not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-include-dir=." >&5 $as_echo "$as_me: WARNING: pcap headers not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-include-dir=." >&2;} fi fi if test "x$COLLECTDC_LIBS" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: skipping test for collectd/client.h." >&5 $as_echo "$as_me: skipping test for collectd/client.h." >&6;} else smart_try_dir="$collectdclient_include_dir" ac_safe=`echo "collectd/client.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for collectd/client.h in $try" >&5 $as_echo_n "checking for collectd/client.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/collectd/client.h" >&5 $as_echo_n "checking for ${_prefix}/collectd/client.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for collectd/client.h" >&5 $as_echo_n "checking for collectd/client.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=collectd/client.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for collectd/client.h in $try" >&5 $as_echo_n "checking for collectd/client.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_collectd_client_h" = "xyes"; then $as_echo "#define HAVE_COLLECTDC_H 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: collectdclient headers not found. Use --with-collectdclient-include-dir=." >&5 $as_echo "$as_me: WARNING: collectdclient headers not found. Use --with-collectdclient-include-dir=." >&2;} fi fi if test "x$HAVE_LIBCAP" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: skipping test for cap.h." >&5 $as_echo "$as_me: skipping test for cap.h." >&6;} else smart_try_dir="$cap_include_dir" ac_safe=`echo "sys/capability.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/capability.h in $try" >&5 $as_echo_n "checking for sys/capability.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/sys/capability.h" >&5 $as_echo_n "checking for ${_prefix}/sys/capability.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/capability.h" >&5 $as_echo_n "checking for sys/capability.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=sys/capability.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/capability.h in $try" >&5 $as_echo_n "checking for sys/capability.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_sys_capability_h" = "xyes"; then $as_echo "#define HAVE_CAPABILITY_H 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cap headers not found, will not perform debugger checks. Use --with-cap-include-dir=." >&5 $as_echo "$as_me: WARNING: cap headers not found, will not perform debugger checks. Use --with-cap-include-dir=." >&2;} fi fi ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" if test "x$ac_cv_type_off_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define off_t long int _ACEOF fi ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if ${ac_cv_type_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 $as_echo_n "checking for socklen_t... " >&6; } if ${ac_cv_type_socklen_t+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_socklen_t=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif int main () { socklen_t foo ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_socklen_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_socklen_t" >&5 $as_echo "$ac_cv_type_socklen_t" >&6; } if test "$ac_cv_type_socklen_t" != "yes"; then $as_echo "#define socklen_t int" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint8_t" >&5 $as_echo_n "checking for uint8_t... " >&6; } if ${ac_cv_type_uint8_t+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_uint8_t=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif int main () { uint8_t foo ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_uint8_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uint8_t" >&5 $as_echo "$ac_cv_type_uint8_t" >&6; } if test "$ac_cv_type_uint8_t" != "yes"; then $as_echo "#define uint8_t unsigned char" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint16_t" >&5 $as_echo_n "checking for uint16_t... " >&6; } if ${ac_cv_type_uint16_t+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_uint16_t=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif int main () { uint16_t foo ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_uint16_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uint16_t" >&5 $as_echo "$ac_cv_type_uint16_t" >&6; } if test "$ac_cv_type_uint16_t" != "yes"; then $as_echo "#define uint16_t unsigned short" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint32_t" >&5 $as_echo_n "checking for uint32_t... " >&6; } if ${ac_cv_type_uint32_t+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_uint32_t=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif int main () { uint32_t foo ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_uint32_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uint32_t" >&5 $as_echo "$ac_cv_type_uint32_t" >&6; } if test "$ac_cv_type_uint32_t" != "yes"; then $as_echo "#define uint32_t unsigned int" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint64_t" >&5 $as_echo_n "checking for uint64_t... " >&6; } if ${ac_cv_type_uint64_t+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_uint64_t=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif int main () { uint64_t foo ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_uint64_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uint64_t" >&5 $as_echo "$ac_cv_type_uint64_t" >&6; } if test "$ac_cv_type_uint64_t" != "yes"; then $as_echo "#define uint64_t unsigned long long" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "__uint128_t" "ac_cv_type___uint128_t" "$ac_includes_default" if test "x$ac_cv_type___uint128_t" = xyes; then : $as_echo "#define HAVE___UINT128_T 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "uint128_t" "ac_cv_type_uint128_t" " #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif " if test "x$ac_cv_type_uint128_t" = xyes; then : $as_echo "#define HAVE_UINT128_T 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct in6_addr" "ac_cv_type_struct_in6_addr" " #ifdef HAVE_NETINET_IN_H # include #endif " if test "x$ac_cv_type_struct_in6_addr" = xyes; then : $as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " #ifdef HAVE_NETINET_IN_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif " if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : $as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct sockaddr_in6" "ac_cv_type_struct_sockaddr_in6" " #ifdef HAVE_NETINET_IN_H # include #endif " if test "x$ac_cv_type_struct_sockaddr_in6" = xyes; then : $as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct addrinfo" "ac_cv_type_struct_addrinfo" " #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETDB_H # include #endif " if test "x$ac_cv_type_struct_addrinfo" = xyes; then : $as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if sig_t is defined" >&5 $as_echo_n "checking if sig_t is defined... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SIGNAL_H # include #endif int main () { sig_t func; return 0; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_SIG_T 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext for ac_func in \ bindat \ clock_gettime \ closefrom \ ctime_r \ dladdr \ fcntl \ fopencookie \ funopen \ getaddrinfo \ getnameinfo \ getopt_long \ getpeereid \ getresuid \ gettimeofday \ getusershell \ gmtime_r \ if_indextoname \ inet_aton \ inet_ntop \ inet_pton \ initgroups \ kqueue \ localtime_r \ mallopt \ mkdirat \ openat \ pthread_sigmask \ setlinebuf \ setresuid \ setsid \ setuid \ setvbuf \ sigaction \ sigprocmask \ snprintf \ strcasecmp \ strlcat \ strlcpy \ strncasecmp \ strsep \ strsignal \ unlinkat \ vdprintf \ vsnprintf do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if ${ac_cv_type_signal+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { return *(signal (0, 0)) (0) == 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_signal=int else ac_cv_type_signal=void fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 $as_echo "$ac_cv_type_signal" >&6; } cat >>confdefs.h <<_ACEOF #define RETSIGTYPE $ac_cv_type_signal _ACEOF if test "x$ac_cv_header_utmpx_h" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_xtime in struct utmpx" >&5 $as_echo_n "checking for ut_xtime in struct utmpx... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_STDDEF_H #include #endif #ifndef offsetof #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER) #endif int main () { int foo = offsetof(struct utmpx, ut_xtime) ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : has_element=" " else has_element= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_safe_type=`echo "struct utmpx" | sed 'y% %_%'` if test "x$has_element" != "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ut_xtime=yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ut_xtime=" fi if test "x$ac_cv_type_struct_utmpx_has_ut_xtime" = "x"; then $as_echo "#define ut_xtime ut_tv.tv_sec" >>confdefs.h fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipi_addr in struct in_pktinfo" >&5 $as_echo_n "checking for ipi_addr in struct in_pktinfo... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_STDDEF_H #include #endif #ifndef offsetof #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER) #endif int main () { int foo = offsetof(struct in_pktinfo, ipi_addr) ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : has_element=" " else has_element= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_safe_type=`echo "struct in_pktinfo" | sed 'y% %_%'` if test "x$has_element" != "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ipi_addr=yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ipi_addr=" fi if test "x$ac_cv_type_struct_in_pktinfo_has_ipi_addr" = "xyes"; then $as_echo "#define HAVE_IP_PKTINFO /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipi6_addr in struct in6_pktinfo" >&5 $as_echo_n "checking for ipi6_addr in struct in6_pktinfo... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_STDDEF_H #include #endif #ifndef offsetof #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER) #endif int main () { int foo = offsetof(struct in6_pktinfo, ipi6_addr) ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : has_element=" " else has_element= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_safe_type=`echo "struct in6_pktinfo" | sed 'y% %_%'` if test "x$has_element" != "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ipi6_addr=yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } eval "ac_cv_type_${ac_safe_type}_has_ipi6_addr=" fi if test "x$ac_cv_type_struct_in6_pktinfo_has_ipi6_addr" = "xyes"; then $as_echo "#define HAVE_IN6_PKTINFO /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if htonll is defined" >&5 $as_echo_n "checking if htonll is defined... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { return htonll(0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_HTONLL 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: checking if htonlll is defined" >&5 $as_echo_n "checking if htonlll is defined... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { return htonlll(0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_HTONLLL 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking type of OS" >&5 $as_echo_n "checking type of OS... " >&6; } OS=`uname -s` { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OS" >&5 $as_echo "$OS" >&6; } if test "$OS" = "OS/2"; then LIBPREFIX= else LIBPREFIX=lib fi if test "x$developer" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: Setting additional developer CFLAGS" >&5 $as_echo "$as_me: Setting additional developer CFLAGS" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-Wdocumentation\"" >&5 $as_echo_n "checking for the compiler flag \"-Wdocumentation\"... " >&6; } if ${ax_cv_cc_wdocumentation_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror -Wdocumentation" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_wdocumentation_flag="yes" else ax_cv_cc_wdocumentation_flag="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_wdocumentation_flag" >&5 $as_echo "$ax_cv_cc_wdocumentation_flag" >&6; } if test "x$ax_cv_cc_wdocumentation_flag" = "xyes"; then devflags="-Wdocumentation" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-Weverything\"" >&5 $as_echo_n "checking for the compiler flag \"-Weverything\"... " >&6; } if ${ax_cv_cc_weverything_flag+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror -Weverything -Wno-unused-macros -Wno-unreachable-code-return" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_cc_weverything_flag="yes" else ax_cv_cc_weverything_flag="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_weverything_flag" >&5 $as_echo "$ax_cv_cc_weverything_flag" >&6; } if test "x$ax_cv_cc_weverything_flag" = "xyes"; then devflags="$devflags -W -Weverything -Wformat=2 -Wno-missing-field-initializers -Wno-date-time -Wno-padded -Wno-gnu-zero-variadic-macro-arguments -Wno-shorten-64-to-32 -Wno-sign-conversion -Wno-conversion -Wno-switch-enum -Wno-gnu-statement-expression -Wno-extended-offsetof -Wno-cast-align -Wno-documentation-unknown-command -Wno-covered-switch-default -Wno-packed -DWITH_VERIFY_PTR=1" else if test "x$GCC" = "xyes"; then devflags="$devflags -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1" INSTALLSTRIP="" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: Developer CFLAGS are \"$devflags\"" >&5 $as_echo "$as_me: Developer CFLAGS are \"$devflags\"" >&6;} CFLAGS="$CFLAGS $devflags" if test "x$EXPERIMENTAL" != "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: is developer build, enabling experimental modules implicitly, disable with --without-experimental-modules" >&5 $as_echo "$as_me: is developer build, enabling experimental modules implicitly, disable with --without-experimental-modules" >&6;} EXPERIMENTAL=yes fi else devflags="" CFLAGS="$CFLAGS -DNDEBUG" INSTALLSTRIP="" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if building with -DNDEBUG" >&5 $as_echo_n "checking if building with -DNDEBUG... " >&6; } if echo "$CFLAGS" | grep '\-DNDEBUG' > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define WITH_NDEBUG 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi export EXPERIMENTAL if test -d $srcdir/.git -a "x$GIT" = "xyes"; then RADIUSD_VERSION_COMMIT=`git log --pretty=format:'%h' -n 1` cat >>confdefs.h <<_ACEOF #define RADIUSD_VERSION_COMMIT ${RADIUSD_VERSION_COMMIT} _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __thread support in compiler" >&5 $as_echo_n "checking for __thread support in compiler... " >&6; } if test "$cross_compiling" = yes; then : have_tls=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ static __thread int val; int main(int argc, char **argv) { val = 0; return val; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : have_tls=yes else have_tls=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_tls" >&5 $as_echo "$have_tls" >&6; } if test "x$have_tls" = "xyes"; then $as_echo "#define TLS_STORAGE_CLASS __thread" >>confdefs.h fi if test "x$have_tls" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __declspec(thread) support in compiler" >&5 $as_echo_n "checking for __declspec(thread) support in compiler... " >&6; } if test "$cross_compiling" = yes; then : have_tls=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ static _Thread_local int val; int main(int argc, char **argv) { val = 0; return val; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : have_tls=yes else have_tls=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_tls" >&5 $as_echo "$have_tls" >&6; } if test "x$have_tls" = "xyes"; then $as_echo "#define TLS_STORAGE_CLASS __declspec(thread)" >>confdefs.h fi fi if test "x$have_tls" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _Thread_local support in compiler" >&5 $as_echo_n "checking for _Thread_local support in compiler... " >&6; } if test "$cross_compiling" = yes; then : have_tls=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ static _Thread_local int val; int main(int argc, char **argv) { val = 0; return val; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : have_tls=yes else have_tls=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_tls" >&5 $as_echo "$have_tls" >&6; } if test "x$have_tls" = "xyes"; then $as_echo "#define TLS_STORAGE_CLASS _Thread_local" >>confdefs.h fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_choose_expr support in compiler" >&5 $as_echo_n "checking for __builtin_choose_expr support in compiler... " >&6; } if ${ax_cv_cc_builtin_choose_expr+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run test program while cross compiling See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return __builtin_choose_expr(0, 1, 0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ax_cv_cc_builtin_choose_expr=yes else ax_cv_cc_builtin_choose_expr=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_builtin_choose_expr" >&5 $as_echo "$ax_cv_cc_builtin_choose_expr" >&6; } if test "x$ax_cv_cc_builtin_choose_expr" = "xyes"; then $as_echo "#define HAVE_BUILTIN_CHOOSE_EXPR 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_types_compatible_p support in compiler" >&5 $as_echo_n "checking for __builtin_types_compatible_p support in compiler... " >&6; } if ${ax_cv_cc_builtin_types_compatible_p+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run test program while cross compiling See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return !(__builtin_types_compatible_p(char *, char *)); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ax_cv_cc_builtin_types_compatible_p=yes else ax_cv_cc_builtin_types_compatible_p=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_builtin_types_compatible_p" >&5 $as_echo "$ax_cv_cc_builtin_types_compatible_p" >&6; } if test "x$ax_cv_cc_builtin_types_compatible_p" = "xyes"; then $as_echo "#define HAVE_BUILTIN_TYPES_COMPATIBLE_P 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_bswap64 support in compiler" >&5 $as_echo_n "checking for __builtin_bswap64 support in compiler... " >&6; } if ${ax_cv_cc_builtin_bswap64+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run test program while cross compiling See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return (__builtin_bswap64(0)); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ax_cv_cc_builtin_bswap64=yes else ax_cv_cc_builtin_bswap64=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_builtin_bswap64" >&5 $as_echo "$ax_cv_cc_builtin_bswap64" >&6; } if test "x$ax_cv_cc_builtin_bswap64" = "xyes"; then $as_echo "#define HAVE_BUILTIN_BSWAP_64 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__((__bounded__)) support in compiler" >&5 $as_echo_n "checking for __attribute__((__bounded__)) support in compiler... " >&6; } if ${ax_cv_cc_bounded_attribute+:} false; then : $as_echo_n "(cached) " >&6 else CFLAGS_SAVED=$CFLAGS CFLAGS="$CFLAGS -Werror" if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run test program while cross compiling See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ void test(char *buff) __attribute__ ((__bounded__ (__string__, 1, 1))); int main(int argc, char **argv) { if ((argc < 0) || !argv) return 1; /* -Werror=unused-parameter */ return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ax_cv_cc_bounded_attribute=yes else ax_cv_cc_bounded_attribute=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi CFLAGS="$CFLAGS_SAVED" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_bounded_attribute" >&5 $as_echo "$ax_cv_cc_bounded_attribute" >&6; } if test "x$ax_cv_cc_bounded_attribute" = "xyes"; then $as_echo "#define HAVE_ATTRIBUTE_BOUNDED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for talloc_set_memlimit in -ltalloc" >&5 $as_echo_n "checking for talloc_set_memlimit in -ltalloc... " >&6; } if ${ac_cv_lib_talloc_talloc_set_memlimit+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ltalloc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char talloc_set_memlimit (); int main () { return talloc_set_memlimit (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_talloc_talloc_set_memlimit=yes else ac_cv_lib_talloc_talloc_set_memlimit=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_talloc_talloc_set_memlimit" >&5 $as_echo "$ac_cv_lib_talloc_talloc_set_memlimit" >&6; } if test "x$ac_cv_lib_talloc_talloc_set_memlimit" = xyes; then : $as_echo "#define HAVE_TALLOC_SET_MEMLIMIT 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 $as_echo_n "checking for crypt in -lcrypt... " >&6; } if ${ac_cv_lib_crypt_crypt+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char crypt (); int main () { return crypt (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_crypt_crypt=yes else ac_cv_lib_crypt_crypt=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 $as_echo "$ac_cv_lib_crypt_crypt" >&6; } if test "x$ac_cv_lib_crypt_crypt" = xyes; then : CRYPTLIB="-lcrypt" fi if test "$CRYPTLIB" != ""; then $as_echo "#define HAVE_CRYPT /**/" >>confdefs.h else ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" if test "x$ac_cv_func_crypt" = xyes; then : $as_echo "#define HAVE_CRYPT /**/" >>confdefs.h fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setkey in -lcipher" >&5 $as_echo_n "checking for setkey in -lcipher... " >&6; } if ${ac_cv_lib_cipher_setkey+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcipher $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char setkey (); int main () { return setkey (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_cipher_setkey=yes else ac_cv_lib_cipher_setkey=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cipher_setkey" >&5 $as_echo "$ac_cv_lib_cipher_setkey" >&6; } if test "x$ac_cv_lib_cipher_setkey" = xyes; then : CRYPTLIB="${CRYPTLIB} -lcipher" fi execinfo_lib_dir= # Check whether --with-execinfo-lib-dir was given. if test "${with_execinfo_lib_dir+set}" = set; then : withval=$with_execinfo_lib_dir; case "$withval" in no) as_fn_error $? "Need execinfo-lib-dir" "$LINENO" 5 ;; yes) ;; *) execinfo_lib_dir="$withval" ;; esac fi execinfo_include_dir= # Check whether --with-execinfo-include-dir was given. if test "${with_execinfo_include_dir+set}" = set; then : withval=$with_execinfo_include_dir; case "$withval" in no) as_fn_error $? "Need execinfo-include-dir" "$LINENO" 5 ;; yes) ;; *) execinfo_include_dir="$withval" ;; esac fi smart_try_dir=$execinfo_include_dir ac_safe=`echo "execinfo.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for execinfo.h in $try" >&5 $as_echo_n "checking for execinfo.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/execinfo.h" >&5 $as_echo_n "checking for ${_prefix}/execinfo.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for execinfo.h" >&5 $as_echo_n "checking for execinfo.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=execinfo.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for execinfo.h in $try" >&5 $as_echo_n "checking for execinfo.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_execinfo_h" = "xyes"; then smart_try_dir=$execinfo_lib_dir sm_lib_safe=`echo "execinfo" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "backtrace_symbols" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for backtrace_symbols in -lexecinfo in $try" >&5 $as_echo_n "checking for backtrace_symbols in -lexecinfo in $try... " >&6; } LIBS="-lexecinfo $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char backtrace_symbols(); int main () { backtrace_symbols() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lexecinfo" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for backtrace_symbols in -lexecinfo" >&5 $as_echo_n "checking for backtrace_symbols in -lexecinfo... " >&6; } LIBS="-lexecinfo $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char backtrace_symbols(); int main () { backtrace_symbols() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lexecinfo" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libexecinfo${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libexecinfo.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for backtrace_symbols in -lexecinfo in $try" >&5 $as_echo_n "checking for backtrace_symbols in -lexecinfo in $try... " >&6; } LIBS="-lexecinfo $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char backtrace_symbols(); int main () { backtrace_symbols() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lexecinfo" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_execinfo_backtrace_symbols" != "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if execinfo provided as part of libc" >&5 $as_echo_n "checking if execinfo provided as part of libc... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { void *sym[1]; backtrace_symbols(&sym, sizeof(sym)) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ac_cv_lib_execinfo_backtrace_symbols="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$ac_cv_lib_execinfo_backtrace_symbols" = "xyes"; then $as_echo "#define HAVE_EXECINFO 1" >>confdefs.h fi fi PCRE=yes # Check whether --with-pcre was given. if test "${with_pcre+set}" = set; then : withval=$with_pcre; case "$withval" in no) PCRE=no ;; yes) PCRE=yes ;; esac fi pcre_lib_dir= # Check whether --with-pcre-lib-dir was given. if test "${with_pcre_lib_dir+set}" = set; then : withval=$with_pcre_lib_dir; case "$withval" in no) as_fn_error $? "Need pcre-lib-dir" "$LINENO" 5 ;; yes) ;; *) pcre_lib_dir="$withval" ;; esac fi pcre_include_dir= # Check whether --with-pcre-include-dir was given. if test "${with_pcre_include_dir+set}" = set; then : withval=$with_pcre_include_dir; case "$withval" in no) as_fn_error $? "Need pcre-include-dir" "$LINENO" 5 ;; yes) ;; *) pcre_include_dir="$withval" ;; esac fi REGEX= # Check whether --with-regex was given. if test "${with_regex+set}" = set; then : withval=$with_regex; case "$withval" in no) REGEX=no ;; *) ;; esac fi if test "x$REGEX" != "xno" && test "x$PCRE" != "xno"; then smart_try_dir=$pcre_include_dir ac_safe=`echo "pcre.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre.h in $try" >&5 $as_echo_n "checking for pcre.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/pcre.h" >&5 $as_echo_n "checking for ${_prefix}/pcre.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre.h" >&5 $as_echo_n "checking for pcre.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=pcre.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre.h in $try" >&5 $as_echo_n "checking for pcre.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_pcre_h" = "xyes"; then smart_try_dir=$pcre_lib_dir sm_lib_safe=`echo "pcre" | sed 'y%./+-%__p_%'` sm_func_safe=`echo "pcre_compile" | sed 'y%./+-%__p_%'` old_LIBS="$LIBS" old_CPPFLAGS="$CPPFLAGS" smart_lib= smart_ldflags= smart_lib_dir= if test "x$smart_try_dir" != "x"; then for try in $smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_compile in -lpcre in $try" >&5 $as_echo_n "checking for pcre_compile in -lpcre in $try... " >&6; } LIBS="-lpcre $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcre_compile(); int main () { pcre_compile() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcre" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_compile in -lpcre" >&5 $as_echo_n "checking for pcre_compile in -lpcre... " >&6; } LIBS="-lpcre $old_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcre_compile(); int main () { pcre_compile() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcre" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$old_LIBS" fi if test "x$smart_lib" = "x"; then if test "x$LOCATE" != "x"; then DIRS= file=libpcre${libltdl_cv_shlibext} for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= file=libpcre.a for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" for try in $smart_lib_dir /usr/local/lib /opt/lib; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_compile in -lpcre in $try" >&5 $as_echo_n "checking for pcre_compile in -lpcre in $try... " >&6; } LIBS="-lpcre $old_LIBS" CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char pcre_compile(); int main () { pcre_compile() ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : smart_lib="-lpcre" smart_ldflags="-L$try -Wl,-rpath,$try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done LIBS="$old_LIBS" CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_lib" != "x"; then eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" LIBS="$smart_ldflags $smart_lib $old_LIBS" SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" fi if test "x$ac_cv_lib_pcre_pcre_compile" = "xyes"; then REGEX=yes $as_echo "#define HAVE_PCRE 1" >>confdefs.h $as_echo "#define HAVE_BINSAFE_REGEX 1" >>confdefs.h fi fi fi if test "x$REGEX" = "x"; then smart_try_dir= ac_safe=`echo "regex.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" _smart_try_dir= _smart_include_dir= for _prefix in $smart_prefix ""; do for _dir in $smart_try_dir; do _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" done for _dir in $smart_include_dir; do _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" done done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for regex.h in $try" >&5 $as_echo_n "checking for regex.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/regex.h" >&5 $as_echo_n "checking for ${_prefix}/regex.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem ${_prefix}/" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi if test "x$smart_include" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for regex.h" >&5 $as_echo_n "checking for regex.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include=" " { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then for prefix in $smart_prefix; do if test "x$LOCATE" != "x"; then DIRS= file="${_prefix}/${1}" for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" done if test "x$LOCATE" != "x"; then DIRS= file=regex.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` if test "x$x" = "x$base"; then continue; fi dir=`${DIRNAME} $x 2>/dev/null` exclude=`echo ${dir} | ${GREP} /home` if test "x$exclude" != "x"; then continue fi already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` if test "x$already" = "x"; then DIRS="$DIRS $dir" fi done fi eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for regex.h in $try" >&5 $as_echo_n "checking for regex.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int a = 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : smart_include="-isystem $try" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break else smart_include= { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CPPFLAGS="$old_CPPFLAGS" fi if test "x$smart_include" != "x"; then eval "ac_cv_header_$ac_safe=yes" CPPFLAGS="$smart_include $old_CPPFLAGS" SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" fi smart_prefix= if test "x$ac_cv_header_regex_h" = "xyes"; then REGEX=yes { $as_echo "$as_me:${as_lineno-$LINENO}: checking for extended regular expressions" >&5 $as_echo_n "checking for extended regular expressions... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef REG_EXTENDED yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "yes" >/dev/null 2>&1; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_REG_EXTENDED 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f conftest* { $as_echo "$as_me:${as_lineno-$LINENO}: checking for regcomp in -lregex" >&5 $as_echo_n "checking for regcomp in -lregex... " >&6; } if ${ac_cv_lib_regex_regcomp+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lregex $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char regcomp (); int main () { return regcomp (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_regex_regcomp=yes else ac_cv_lib_regex_regcomp=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_regex_regcomp" >&5 $as_echo "$ac_cv_lib_regex_regcomp" >&6; } if test "x$ac_cv_lib_regex_regcomp" = xyes; then : LIBS="-lregex $LIBS" fi for ac_func in \ regncomp \ regnexec do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test x"$ac_cv_func_regncomp" = x"yes" && test x"$ac_cv_func_regnexec" = x"yes"; then $as_echo "#define HAVE_BINSAFE_REGEX 1" >>confdefs.h fi fi fi if test "x$REGEX" = "xyes"; then $as_echo "#define HAVE_REGEX 1" >>confdefs.h fi $as_echo "#define GNUSTYLE 1" >>confdefs.h $as_echo "#define SYSVSTYLE 2" >>confdefs.h $as_echo "#define BSDSTYLE 3" >>confdefs.h gethostbyaddrrstyle="" { $as_echo "$as_me:${as_lineno-$LINENO}: checking gethostbyaddr_r() syntax" >&5 $as_echo_n "checking gethostbyaddr_r() syntax... " >&6; } case "$host" in *-freebsd*) ac_fn_c_check_decl "$LINENO" "gethostbyaddr_r" "ac_cv_have_decl_gethostbyaddr_r" " #ifdef HAVE_NETDB_H #include #endif " if test "x$ac_cv_have_decl_gethostbyaddr_r" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_GETHOSTBYADDR_R $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : else $as_echo "#define GETHOSTBYADDRRSTYLE BSDSTYLE" >>confdefs.h gethostbyaddrrstyle=BSD { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FreeBSD overridden to BSD-style" >&5 $as_echo "$as_me: WARNING: FreeBSD overridden to BSD-style" >&2;} fi ;; esac if test "x$gethostbyaddrrstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYADDRRSTYLE GNUSTYLE" >>confdefs.h gethostbyaddrrstyle=GNU fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$gethostbyaddrrstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYADDRRSTYLE SYSVSTYLE" >>confdefs.h gethostbyaddrrstyle=SYSV fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$gethostbyaddrrstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyaddr(NULL, 0, 0) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYADDRRSTYLE BSDSTYLE" >>confdefs.h gethostbyaddrrstyle=BSD fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$gethostbyaddrrstyle" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: none! It must not exist, here." >&5 $as_echo "none! It must not exist, here." >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${gethostbyaddrrstyle}-style" >&5 $as_echo "${gethostbyaddrrstyle}-style" >&6; } fi if test "x$gethostbyaddrrstyle" = "xBSD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** BSD-style gethostbyaddr might NOT be thread-safe! ****** " >&5 $as_echo "$as_me: WARNING: ****** BSD-style gethostbyaddr might NOT be thread-safe! ****** " >&2;} fi gethostbynamerstyle="" { $as_echo "$as_me:${as_lineno-$LINENO}: checking gethostbyname_r() syntax" >&5 $as_echo_n "checking gethostbyname_r() syntax... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYNAMERSTYLE GNUSTYLE" >>confdefs.h gethostbynamerstyle=GNU fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "x$gethostbynamerstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyname_r(NULL, NULL, NULL, 0, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYNAMERSTYLE SYSVSTYLE" >>confdefs.h gethostbynamerstyle=SYSV fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$gethostbynamerstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { gethostbyname(NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define GETHOSTBYNAMERSTYLE BSDSTYLE" >>confdefs.h gethostbynamerstyle=BSD fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$gethostbynamerstyle" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: none! It must not exist, here." >&5 $as_echo "none! It must not exist, here." >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${gethostbynamerstyle}-style" >&5 $as_echo "${gethostbynamerstyle}-style" >&6; } fi if test "x$gethostbynamerstyle" = "xBSD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** BSD-style gethostbyname might NOT be thread-safe! ****** " >&5 $as_echo "$as_me: WARNING: ****** BSD-style gethostbyname might NOT be thread-safe! ****** " >&2;} fi if test "x$ac_cv_header_pwd_h" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking getpwnam_r" >&5 $as_echo_n "checking getpwnam_r... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { getpwnam_r(NULL, NULL, NULL, 0, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_GETPWNAM_R 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$ac_cv_header_grp_h" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking getgrnam_r" >&5 $as_echo_n "checking getgrnam_r... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { getgrnam_r(NULL, NULL, NULL, 0, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_GETGRNAM_R 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi $as_echo "#define POSIXSTYLE 1" >>confdefs.h $as_echo "#define SOLARISSTYLE 2" >>confdefs.h ctimerstyle="" { $as_echo "$as_me:${as_lineno-$LINENO}: checking ctime_r() syntax" >&5 $as_echo_n "checking ctime_r() syntax... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ctime_r(NULL, NULL, 0) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define CTIMERSTYLE SOLARISSTYLE" >>confdefs.h ctimerstyle="SOLARIS" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "x$ctimerstyle" = "x"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ctime_r(NULL, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define CTIMERSTYLE POSIXSTYLE" >>confdefs.h ctimerstyle="POSIX" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "x$ctimerstyle" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: none! It must not exist, here." >&5 $as_echo "none! It must not exist, here." >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${ctimerstyle}-style" >&5 $as_echo "${ctimerstyle}-style" >&6; } fi HOSTINFO=$host top_builddir=`pwd` export top_builddir { $as_echo "$as_me:${as_lineno-$LINENO}: result: top_builddir=$top_builddir" >&5 $as_echo "top_builddir=$top_builddir" >&6; } if test "x$EXPERIMENTAL" = "xyes"; then for foo in `ls -1 "${srcdir}"/src/modules | grep rlm_`; do MODULES="$MODULES $foo" done else for foo in `cat "${srcdir}"/src/modules/stable`; do MODULES="$MODULES $foo" done fi mysubdirs="" for bar in $MODULES; do if test -f "${srcdir}"/src/modules/$bar/configure; then mysubdirs="$mysubdirs src/modules/$bar" fi done subdirs="$subdirs $mysubdirs" if test "x$reproducible_builds" != "xyes"; then CFLAGS="-Wno-date-time $CFLAGS" fi if test "x$werror" = "xyes"; then CFLAGS="-Werror $CFLAGS" fi ac_config_commands="$ac_config_commands stamp-h" ac_config_commands="$ac_config_commands build-radpaths-h" ac_config_commands="$ac_config_commands main-chmod" ac_config_commands="$ac_config_commands scripts-chmod" USE_STATIC_LIBS="yes" unset ac_cv_env_LIBS_set unset ac_cv_env_LIBS_value ac_config_files="$ac_config_files ./Make.inc ./src/include/build-radpaths-h ./src/main/radsniff.mk ./src/main/checkrad ./src/main/radlast ./src/main/radtest ./scripts/rc.radiusd ./scripts/cron/radiusd.cron.daily ./scripts/cron/radiusd.cron.monthly ./scripts/cryptpasswd ./raddb/radrelay.conf ./raddb/radiusd.conf" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by freeradius $as_me $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to . freeradius home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ freeradius config.status $Id: 1968a4a4cd4e455373c554df6401597dda12e92d $ configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "src/include/autoconf.h") CONFIG_HEADERS="$CONFIG_HEADERS src/include/autoconf.h" ;; "stamp-h") CONFIG_COMMANDS="$CONFIG_COMMANDS stamp-h" ;; "build-radpaths-h") CONFIG_COMMANDS="$CONFIG_COMMANDS build-radpaths-h" ;; "main-chmod") CONFIG_COMMANDS="$CONFIG_COMMANDS main-chmod" ;; "scripts-chmod") CONFIG_COMMANDS="$CONFIG_COMMANDS scripts-chmod" ;; "./Make.inc") CONFIG_FILES="$CONFIG_FILES ./Make.inc" ;; "./src/include/build-radpaths-h") CONFIG_FILES="$CONFIG_FILES ./src/include/build-radpaths-h" ;; "./src/main/radsniff.mk") CONFIG_FILES="$CONFIG_FILES ./src/main/radsniff.mk" ;; "./src/main/checkrad") CONFIG_FILES="$CONFIG_FILES ./src/main/checkrad" ;; "./src/main/radlast") CONFIG_FILES="$CONFIG_FILES ./src/main/radlast" ;; "./src/main/radtest") CONFIG_FILES="$CONFIG_FILES ./src/main/radtest" ;; "./scripts/rc.radiusd") CONFIG_FILES="$CONFIG_FILES ./scripts/rc.radiusd" ;; "./scripts/cron/radiusd.cron.daily") CONFIG_FILES="$CONFIG_FILES ./scripts/cron/radiusd.cron.daily" ;; "./scripts/cron/radiusd.cron.monthly") CONFIG_FILES="$CONFIG_FILES ./scripts/cron/radiusd.cron.monthly" ;; "./scripts/cryptpasswd") CONFIG_FILES="$CONFIG_FILES ./scripts/cryptpasswd" ;; "./raddb/radrelay.conf") CONFIG_FILES="$CONFIG_FILES ./raddb/radrelay.conf" ;; "./raddb/radiusd.conf") CONFIG_FILES="$CONFIG_FILES ./raddb/radiusd.conf" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "stamp-h":C) echo timestamp > src/include/stamp-h ;; "build-radpaths-h":C) (cd ./src/include && /bin/sh ./build-radpaths-h) ;; "main-chmod":C) (cd ./src/main && chmod +x checkrad radlast radtest) ;; "scripts-chmod":C) (cd ./scripts && chmod +x rc.radiusd cron/radiusd.cron.daily cron/radiusd.cron.monthly cryptpasswd) ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi # # CONFIG_SUBDIRS section. # if test "$no_recursion" != yes; then # Remove --cache-file, --srcdir, and --disable-option-checking arguments # so they do not pile up. ac_sub_configure_args= ac_prev= eval "set x $ac_configure_args" shift for ac_arg do if test -n "$ac_prev"; then ac_prev= continue fi case $ac_arg in -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \ | --c=*) ;; --config-cache | -C) ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) ;; --disable-option-checking) ;; *) case $ac_arg in *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append ac_sub_configure_args " '$ac_arg'" ;; esac done # Always prepend --prefix to ensure using the same prefix # in subdir configurations. ac_arg="--prefix=$prefix" case $ac_arg in *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args" # Pass --silent if test "$silent" = yes; then ac_sub_configure_args="--silent $ac_sub_configure_args" fi # Always prepend --disable-option-checking to silence warnings, since # different subdirs can have different --enable and --with options. ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args" ac_popdir=`pwd` for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue # Do not complain, so a configure script can configure whichever # parts of a large source tree are present. test -d "$srcdir/$ac_dir" || continue ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)" $as_echo "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5 $as_echo "$ac_msg" >&6 as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" # Check for guested configure; otherwise get Cygnus style configure. if test -f "$ac_srcdir/configure.gnu"; then ac_sub_configure=$ac_srcdir/configure.gnu elif test -f "$ac_srcdir/configure"; then ac_sub_configure=$ac_srcdir/configure elif test -f "$ac_srcdir/configure.in"; then # This should be Cygnus configure. ac_sub_configure=$ac_aux_dir/configure else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5 $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;} ac_sub_configure= fi # The recursion is here. if test -n "$ac_sub_configure"; then # Make the cache file name correct relative to the subdirectory. case $cache_file in [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;; *) # Relative name. ac_sub_cache_file=$ac_top_build_prefix$cache_file ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5 $as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;} # The eval makes quoting arguments work. eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \ --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" || as_fn_error $? "$ac_sub_configure failed for $ac_dir" "$LINENO" 5 fi cd "$ac_popdir" done fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi freeradius-server-3.0.16/configure.ac000066400000000000000000001575151322570622300175440ustar00rootroot00000000000000dnl ############################################################# dnl # dnl # For information about autoconf, see: dnl # dnl # http://www.gnu.org/software/autoconf/ dnl # dnl # The recommended order is: dnl # dnl # AC_INIT(file) dnl # 0. checks for compiler, libtool, and command line options dnl # 1. checks for programs dnl # 2. checks for libraries dnl # 3. checks for header files dnl # 4. checks for typedefs dnl # 5. checks for structures and functions dnl # 6. checks for compiler characteristics dnl # 7. checks for library functions dnl # 8. checks for system services dnl # AC_OUTPUT([file...]) dnl # dnl ############################################################# AC_PREREQ([2.59]) export CFLAGS LIBS LDFLAGS CPPFLAGS AC_INIT([freeradius],[$]Id[$],[http://bugs.freeradius.org],,[http://www.freeradius.org]) AC_CONFIG_SRCDIR([src/main/radiusd.c]) AC_CONFIG_HEADER([src/include/autoconf.h]) m4_include([m4/ax_cc.m4]) dnl ############################################################# dnl # dnl # Custom hackery to discover version at configure time dnl # dnl ############################################################# RADIUSD_MAJOR_VERSION=`cat VERSION | cut -f1 -d.` RADIUSD_MINOR_VERSION=`cat VERSION | cut -f2 -d.` RADIUSD_INCRM_VERSION=`cat VERSION | cut -f3 -d. | sed 's/[[\.-]].*$//'` RADIUSD_VERSION=`printf "%02i%02i%02i" $RADIUSD_MAJOR_VERSION $RADIUSD_MINOR_VERSION $RADIUSD_INCRM_VERSION` dnl # dnl # Still useful for custom builds dnl # RADIUSD_VERSION_STRING=`cat VERSION` dnl # dnl # Add definitions to Make.inc as it's used by various build targets dnl # AC_SUBST([RADIUSD_VERSION_STRING]) dnl # dnl # Add definitions to autoconf.h, so that the headers that we install dnl # contain the version number of the server. dnl # AC_DEFINE_UNQUOTED([RADIUSD_VERSION], [${RADIUSD_VERSION}], [Version integer in format ]) AC_DEFINE_UNQUOTED([RADIUSD_VERSION_STRING], ["${RADIUSD_VERSION_STRING}"], [Raw version string from VERSION file]) dnl ############################################################# dnl # dnl # Override some of the default autoconf variables such as dnl # CFLAGS if were building in developer mode dnl # dnl ############################################################# dnl # dnl # Enable developer features like debugging symbols. dnl # These checks must be done before expanding the AC_PROG_CC dnl # and AC_PROG_CXX macros. dnl # AC_ARG_ENABLE(developer, [ --enable-developer enables features of interest to developers.], [ case "$enableval" in no) developer=no ;; *) developer=yes esac ] ) dnl # dnl # Turn on the developer flag when taken from a git checkout (not a release) dnl # if test -d $srcdir/.git; then if test "x$developer" != "xno"; then AC_MSG_NOTICE([found .git directory, enabling developer build implicitly, disable with --disable-developer]) developer="yes" fi fi dnl # dnl # Autoconf sets -O2 and -g by default, but this is a PITA for debugging dnl # so we remove the defaults if were building in developer mode, and set dnl # -g3 so nice things like macro values are included. Other arguments are dnl # added later when we know what compiler were using. dnl # if test "x$developer" = "xyes"; then : ${CFLAGS=-g3} fi dnl ############################################################# dnl # dnl # 0. Checks for compiler, libtool, and command line options. dnl # dnl ############################################################# dnl # dnl # Get system information dnl # AC_CANONICAL_SYSTEM dnl # dnl # Check for GNU cc dnl # AC_PROG_CC AC_PROG_CXX dnl # dnl # check for AIX, to allow us to use some BSD functions dnl # must be before macros that call the compiler. dnl # AC_AIX AC_PROG_GCC_TRADITIONAL AC_PROG_CC_SUNPRO AC_PROG_RANLIB dnl # dnl # Definitive check for whether the compiler is clang dnl # AX_CC_IS_CLANG if test "x$ax_cv_cc_clang" = "xyes"; then AC_SUBST(clang_path, "$CC") else AC_SUBST(clang_path, "") fi dnl # dnl # Set Default CFLAGS for GCC compatible compilers dnl # if test "x$GCC" = "xyes"; then CFLAGS="$CFLAGS -Wall -std=c99 -D_GNU_SOURCE" fi dnl # dnl # -Wno-unknown-warning-option means the compiler doesn't complain about diag pragmas dnl # for warnings it doesn't understand. This may sound like a bad idea, but consider dnl # the number of different compiler versions we build under, and the fact that the dnl # more anally retentive warnings are likely to be added in later versions. dnl # AX_CC_NO_UNKNOWN_WARNING_OPTION_FLAG if test "x$ax_cv_cc_no_unknown_warning_option_flag" = "xyes"; then CFLAGS="$CFLAGS -Wno-unknown-warning-option" fi dnl # dnl # -Qunused-arguments means the compiler won't complain about unsupported arguments dnl # AX_CC_QUNUSED_ARGUMENTS_FLAG if test "x$ax_cv_cc_qunused_arguments_flag" = "xyes"; then CFLAGS="$CFLAGS -Qunused-arguments" LDFLAGS="$LDFLAGS -Qunused-arguments" fi dnl # dnl # Compile in large (2G+) file support. dnl # AC_SYS_LARGEFILE dnl # dnl # check for system bytesex dnl # AC_DEFINES WORDS_BIGENDIAN dnl # AC_C_BIGENDIAN( [AC_DEFINE(FR_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], [AC_DEFINE(FR_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] ) dnl # dnl # Find GNU Make. dnl # AC_CHECK_PROG(GMAKE, gmake, yes, no) if test $GMAKE = no; then AC_PATH_PROG(MAKE, make, /usr/local/bin/make) else AC_PATH_PROG(MAKE, gmake, /usr/local/gnu/bin/make) fi makever=`$ac_cv_path_MAKE --version 2>&1 | grep "GNU Make"` if test -z "$makever"; then AC_MSG_ERROR([GNU Make is not installed. Please download and install it from ftp://prep.ai.mit.edu/pub/gnu/make/ before continuing.]) fi dnl # dnl # autoconf explicitly sets MAKEFLAGS and MFLAGS to '' even though we dnl # didn't tell it to, so we have to use FR_MAKEFLAGS. dnl # dnl # determine the number of cores available and set the number of build dnl # processes appropriately. dnl # AX_SYSTEM_CORES dnl # Temporarily disabled because test and installation targets do not dnl # have dependencies set up correctly for multiple build processes. dnl if test "x$ax_cv_system_cores" != "x"; then dnl : ${FR_MAKEFLAGS=-j$ax_cv_system_cores} dnl fi AC_SUBST(FR_MAKEFLAGS) dnl # dnl # See if we have Git. dnl # AC_CHECK_PROG(GIT, git, yes, no) dnl Put this in later, when all distributed modules use autoconf. dnl AC_ARG_WITH(disablemodulefoo, dnl [ --without-rlm_foo Disables module compilation. Module list:] dnl esyscmd([find src/modules -type d -name rlm_\* -print |\ dnl sed -e 's%src/modules/.*/% (sub)- %; s%.*/%- %' |\ dnl awk '{print " "$0}'])) AC_ARG_ENABLE(strict-dependencies, [ --enable-strict-dependencies fail configure on lack of module dependancy.]) AC_ARG_ENABLE(werror, [ --enable-werror causes the build to fail if any warnings are generated.], [ case "$enableval" in no) werror=no ;; *) werror=yes esac ] ) dnl # dnl # extra argument: --with-docdir dnl # docdir='${datadir}/doc/freeradius' AC_MSG_CHECKING([docdir]) AC_ARG_WITH(docdir, [ --with-docdir=DIR directory for documentation [DATADIR/doc/freeradius] ], [ case "$withval" in no) docdir=no ;; yes) ;; [[\\/$]]* | ?:[[\\/]]* ) docdir="$withval" ;; *) AC_MSG_ERROR([expected an absolute directory name for --with-docdir: $withval]) ;; esac ] ) AC_SUBST(docdir) AC_MSG_RESULT($docdir) if test "x$docdir" = xno; then AC_MSG_WARN([Documentation files will NOT be installed.]) fi dnl # dnl # extra argument: --with-logdir dnl # logdir='${localstatedir}/log/radius' AC_MSG_CHECKING(logdir) AC_ARG_WITH(logdir, [ --with-logdir=DIR directory for logfiles [LOCALSTATEDIR/log/radius] ], [ case "$withval" in no) AC_MSG_ERROR([Need logdir]) ;; yes) ;; [[\\/$]]* | ?:[[\\/]]* ) logdir="$withval" ;; *) AC_MSG_ERROR([expected an absolute directory name for --with-logdir: $withval]) ;; esac ] ) AC_SUBST(logdir) AC_MSG_RESULT($logdir) dnl # dnl # extra argument: --with-radacctdir dnl # radacctdir='${logdir}/radacct' AC_MSG_CHECKING(radacctdir) AC_ARG_WITH(radacctdir, [ --with-radacctdir=DIR directory for detail files [LOGDIR/radacct] ], [ case "$withval" in no) AC_MSG_ERROR([Need radacctdir]) ;; yes) ;; [[\\/$]]* | ?:[[\\/]]* ) radacctdir="$withval" ;; *) AC_MSG_ERROR([expected an absolute directory name for --with-radacctdir: $withval]) ;; esac ] ) AC_SUBST(radacctdir) AC_MSG_RESULT($radacctdir) dnl # dnl # extra argument: --with-raddbdir dnl # raddbdir='${sysconfdir}/raddb' AC_MSG_CHECKING(raddbdir) AC_ARG_WITH(raddbdir, [ --with-raddbdir=DIR directory for config files [SYSCONFDIR/raddb] ], [ case "$withval" in no) AC_MSG_ERROR([Need raddbdir]) ;; yes) ;; [[\\/$]]* | ?:[[\\/]]* ) raddbdir="$withval" ;; *) AC_MSG_ERROR([expected an absolute directory name for --with-raddbdir: $withval]) ;; esac ] ) AC_SUBST(raddbdir) AC_MSG_RESULT($raddbdir) dnl # dnl # extra argument: --with-dictdir dnl # dictdir='${datarootdir}/freeradius' AC_MSG_CHECKING(dictdir) AC_ARG_WITH(dictdir, [ --with-dictdir=DIR directory for dictionary files [DATAROOTDIR/freeradius] ], [ case "$withval" in no) AC_MSG_ERROR([Need dictdir]) ;; yes) ;; [[\\/$]]* | ?:[[\\/]]* ) dictdir="$withval" ;; *) AC_MSG_ERROR([expected an absolute directory name for --with-dictdir: $withval]) ;; esac ] ) AC_SUBST(dictdir) AC_MSG_RESULT($dictdir) modconfdir='${raddbdir}/mods-config' AC_SUBST(modconfdir) dnl # dnl # extra argument: --with-ascend-binary dnl # WITH_ASCEND_BINARY=yes AC_ARG_WITH(ascend-binary, [ --with-ascend-binary include support for Ascend binary filter attributes (default=yes)], [ case "$withval" in yes) ;; *) WITH_ASCEND_BINARY=no esac ] ) if test "x$WITH_ASCEND_BINARY" = "xyes"; then AC_DEFINE(WITH_ASCEND_BINARY, [1], [include support for Ascend binary filter attributes]) fi dnl # dnl # extra argument: --with-threads dnl # WITH_THREADS=yes AC_ARG_WITH(threads, [ --with-threads use threads, if available. (default=yes) ], [ case "$withval" in yes) ;; *) WITH_THREADS=no esac ] ) dnl # dnl # extra argument: --with-tcp dnl # WITH_TCP=yes AC_ARG_WITH(tcp, [ --with-tcp compile in TCP support. (default=yes)], [ case "$withval" in yes) ;; *) WITH_TCP=no esac ] ) if test "x$WITH_TCP" = "xyes"; then AC_DEFINE(WITH_TCP, [1], [define if you want TCP support (For RADSec et al)]) fi dnl # dnl # extra argument: --with-vmps dnl # WITH_VMPS=yes AC_ARG_WITH(vmps, [ --with-vmps compile in VMPS support. (default=yes)], [ case "$withval" in yes) ;; *) WITH_VMPS=no esac ] ) if test "x$WITH_VMPS" = "xyes"; then AC_DEFINE(WITH_VMPS, [1], [define if you want VMPS support]) fi dnl # dnl # extra argument: --with-dhcp dnl # WITH_DHCP=yes AC_ARG_WITH(dhcp, [ --with-dhcp compile in DHCP support. (default=yes)], [ case "$withval" in yes) ;; *) WITH_DHCP=no esac ] ) if test "x$WITH_DHCP" = "xyes"; then AC_DEFINE(WITH_DHCP, [1], [define if you want DHCP support]) fi AC_SUBST(WITH_DHCP) dnl # dnl # Allow the user to specify a list of modules to be linked dnl # statically to the server. dnl # STATIC_MODULES= AC_ARG_WITH(static_modules, [ --with-static-modules=QUOTED-MODULE-LIST],[ for i in $withval; do STATIC_MODULES="$STATIC_MODULES -dlpreopen ../modules/rlm_$i/rlm_$i.la" done ]) USE_SHARED_LIBS=yes AC_ARG_WITH(shared-libs, [AS_HELP_STRING([--with-shared-libs ], [build dynamic libraries and link against them. (default=yes)])], [ case "$withval" in no) USE_SHARED_LIBS=no ;; *) esac ]) MODULES= AC_ARG_WITH(modules, [ --with-modules=QUOTED-MODULE-LIST],[ for i in $withval; do MODULES="$MODULES $i" done ]) dnl # dnl # extra argument: --with-experimental-modules dnl # EXPERIMENTAL= AC_ARG_WITH(experimental-modules, [AS_HELP_STRING([--with-experimental-modules], [use experimental and unstable modules. (default=no, unless --enable-developer=yes)])], [ case "$withval" in yes) EXPERIMENTAL=yes ;; no) EXPERIMENTAL=no ;; *) esac ] ) dnl # dnl # extra argument: --with-udpfromto dnl # WITH_UDPFROMTO=yes AC_ARG_WITH(udpfromto, [ --with-udpfromto compile in UDPFROMTO support. (default=yes)], [ case "$withval" in yes) WITH_UDPFROMTO=yes ;; *) WITH_UDPFROMTO=no esac ] ) if test "x$WITH_UDPFROMTO" = "xyes"; then AC_DEFINE(WITH_UDPFROMTO, [], [define if you want udpfromto]) fi dnl # dnl # These next two arguments don't actually do anything. They're dnl # place holders so that the top-level configure script can tell dnl # the user how to configure lower-level modules dnl # dnl # dnl # extra argument: --with-rlm-FOO-lib-dir dnl # AC_ARG_WITH(rlm-FOO-lib-dir, [AS_HELP_STRING([--with-rlm-FOO-lib-dir=DIR], [directory in which to look for library files used by module FOO])], [ case "$withval" in *) ;; esac ] ) dnl # dnl # extra argument: --with-rlm-FOO-include-dir dnl # AC_ARG_WITH(rlm-FOO-include-dir, [AS_HELP_STRING([--with-rlm-FOO-include-dir=DIR], [directory in which to look for include files used by module FOO])], [ case "$withval" in *) ;; esac ] ) dnl # dnl # extra argument: --with-openssl dnl # WITH_OPENSSL=yes AC_ARG_WITH(openssl, [ --with-openssl use OpenSSL. (default=yes)], [ case "$withval" in no) WITH_OPENSSL=no ;; *) WITH_OPENSSL=yes ;; esac ] ) dnl # dnl # extra argument: --with-openssl-lib-dir=dir dnl # openssl_lib_dir= AC_ARG_WITH(openssl-lib-dir, [AS_HELP_STRING([--with-openssl-lib-dir=DIR], [directory to look for OpenSSL library files])], [ case "$withval" in *) openssl_lib_dir="$withval" ;; esac ] ) dnl # dnl # extra argument: --with-openssl-includes=dir dnl # openssl_include_dir= AC_ARG_WITH(openssl-include-dir, [AS_HELP_STRING([--with-openssl-include-dir=DIR], [directory to look for OpenSSL include files])], [ case "$withval" in *) openssl_include_dir="$withval" ;; esac ] ) dnl # dnl # extra argument: --disable-openssl-version-check dnl # AC_ARG_ENABLE(openssl-version-check, [AS_HELP_STRING([--disable-openssl-version-check], [disable vulnerable OpenSSL version check])] ) if test "x$enable_openssl_version_check" != "xno"; then AC_DEFINE(ENABLE_OPENSSL_VERSION_CHECK, [1], [Define to 1 to have OpenSSL version check enabled]) openssl_version_check_config="\ # # allow_vulnerable_openssl: Allow the server to start with # versions of OpenSSL known to have critical vulnerabilities. # # This check is based on the version number reported by libssl # and may not reflect patches applied to libssl by # distribution maintainers. # allow_vulnerable_openssl = no" else openssl_version_check_config= fi AC_SUBST([openssl_version_check_config]) dnl # dnl # extra argument: --enable-reproducible-builds dnl # AC_ARG_ENABLE(reproducible-builds, [AS_HELP_STRING([--enable-reproducible-builds], [ensure the build does not change each time])], [ case "$enableval" in yes) AC_DEFINE(ENABLE_REPRODUCIBLE_BUILDS, [1], [Define to ensure each build is the same]) reproducible_builds=yes ;; *) reproducible_builds=no esac ] ) dnl ############################################################# dnl # dnl # 1. Checks for programs dnl # dnl ############################################################# CHECKRAD=checkrad AC_PATH_PROG(PERL, perl, /usr/local/bin/perl) if test "x$ac_cv_path_PERL" = "x"; then AC_MSG_WARN([perl not found - Simultaneous-Use and checkrad may not work]) fi AC_PATH_PROG(SNMPGET, snmpget) if test "x$ac_cv_path_SNMPGET" = "x"; then AC_MSG_WARN([snmpget not found - Simultaneous-Use and checkrad may not work]) fi AC_PATH_PROG(SNMPWALK, snmpwalk) if test "x$ac_cv_path_SNMPWALK" = "x"; then AC_MSG_WARN([snmpwalk not found - Simultaneous-Use and checkrad may not work]) fi AC_PATH_PROG(RUSERS, rusers, /usr/bin/rusers) dnl # dnl # FIXME This is truly gross. dnl # missing_dir=`cd $ac_aux_dir && pwd` AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) AC_PATH_PROG(LOCATE,locate) AC_PATH_PROG(DIRNAME,dirname) AC_PATH_PROG(GREP,grep) dnl ############################################################# dnl # dnl # 2. Checks for libraries dnl # dnl ############################################################# dnl Check for talloc dnl extra argument: --with-talloc-lib-dir=DIR talloc_lib_dir= AC_ARG_WITH(talloc-lib-dir, [AS_HELP_STRING([--with-talloc-lib-dir=DIR], [directory in which to look for talloc library files])], [case "$withval" in no) AC_MSG_ERROR([Need talloc-lib-dir]) ;; yes) ;; *) talloc_lib_dir="$withval" ;; esac]) dnl extra argument: --with-talloc-include-dir=DIR talloc_include_dir= AC_ARG_WITH(talloc-include-dir, [AS_HELP_STRING([--with-talloc-include-dir=DIR], [directory in which to look for talloc include files])], [case "$withval" in no) AC_MSG_ERROR([Need talloc-include-dir]) ;; yes) ;; *) talloc_include_dir="$withval" ;; esac]) smart_try_dir="$talloc_lib_dir" FR_SMART_CHECK_LIB(talloc, _talloc) if test "x$ac_cv_lib_talloc__talloc" != "xyes"; then AC_MSG_WARN([talloc library not found. Use --with-talloc-lib-dir=.]) AC_MSG_ERROR([FreeRADIUS requires libtalloc]) fi TALLOC_LIBS="${smart_lib}" TALLOC_LDFLAGS="${smart_ldflags}" AC_SUBST(TALLOC_LIBS) AC_SUBST(TALLOC_LDFLAGS) LIBS="$old_LIBS" dnl # dnl # If using pthreads, check for -lpthread (posix) or -lc_r (*BSD) dnl # old_CFLAGS=$CFLAGS if test "x$WITH_THREADS" = "xyes"; then if test $ac_cv_prog_suncc = "yes"; then CFLAGS="$CFLAGS -mt" fi AC_CHECK_HEADERS(pthread.h, [], [ WITH_THREADS="no" fail=[pthread.h] ]) dnl # dnl # pthread stuff is usually in -lpthread dnl # or in -lc_r, on *BSD dnl # dnl # On Some systems, we need extra pre-processor flags, to get them to dnl # to do the threading properly. dnl # if test "x$WITH_THREADS" != "xno"; then AC_CHECK_LIB(pthread, pthread_create, [ HAVE_LPTHREAD='yes' CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS" LIBS="-lpthread $LIBS" dnl # dnl # -pthread should add all required CPP definitions and linker dnl # arguments. But not all compilers support it, or some compilers dnl # only support it on certain platforms. dnl # AX_CC_PTHREAD_FLAG if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then CFLAGS="$CFLAGS -pthread" fi ] ) dnl # dnl # Check for libc_r which used to be the threading library used dnl # for FreeBSD. Internet says it may be deprecated, but if we dnl # can't find lpthread it's probably worth checking. dnl # if test "x$HAVE_LPTHREAD" != "xyes"; then AC_CHECK_LIB(c_r, pthread_create, [ CFLAGS="$CFLAGS -D_THREAD_SAFE" dnl # dnl # -pthread should add all required CPP definitions and linker dnl # arguments. But not all compilers support it, or some compilers dnl # only support it on certain platforms. dnl # AX_CC_PTHREAD_FLAG if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then LIBS="-lc_r $LIBS" else CFLAGS="$CFLAGS -pthread" fi ], [ fail=[-lc_r or -lpthread] ] ) fi fi if test "x$WITH_THREADS" != "xyes"; then AC_MSG_WARN([silently not building with thread support.]) AC_MSG_WARN([FAILURE: thread support requires: $fail.]) else AC_DEFINE(WITH_THREADS, [1], [define if you want thread support]) fi fi dnl # dnl # If we have NO pthread libraries, remove any knowledge of threads. dnl # if test "x$WITH_THREADS" != "xyes"; then CFLAGS=$old_CFLAGS ac_cv_header_pthread_h="no" WITH_THREADS=no else dnl # dnl # We need sem_init() and friends, as they're the friendliest dnl # semaphore functions for threading. dnl # dnl # HP/UX requires linking with librt, too, to get the sem_* symbols. dnl # Some systems have them in -lsem dnl # Solaris has them in -lposix4 dnl # NetBSD has them in -lsemaphore dnl # AC_SEARCH_LIBS(sem_init, pthread sem posix4 rt semaphore, [], [AC_MSG_ERROR([[-lsem not found. You may want to download it from ftp://ftp.to.gd-es.com/pub/BSDI/libsem.tar.bz2 or ftp://ftp.freeradius.org/pub/radius/contrib/libsem.tar.gz]])] ) fi dnl # dnl # Check if we have -ldl dnl # AC_CHECK_LIB(dl, dlopen) dnl # dnl # Check if we need -lsocket dnl # AC_CHECK_LIB(socket, getsockname) dnl # dnl # Check for -lresolv dnl # This library may be needed later. dnl # AC_CHECK_LIB(resolv, inet_aton) dnl # dnl # Check if we need -lnsl. Usually if we want to dnl # link against -lsocket we need to include -lnsl as well. dnl # AC_CHECK_LIB(nsl, inet_ntoa) AC_CHECK_LIB(ws2_32, htonl) dnl # dnl # Check the pcap library for the RADIUS sniffer. dnl # dnl extra argument: --with-pcap-lib-dir=DIR pcap_lib_dir= AC_ARG_WITH(pcap-lib-dir, [AS_HELP_STRING([--with-pcap-lib-dir=DIR], [directory in which to look for pcap library files])], [case "$withval" in no) AC_MSG_ERROR([Need pcap-lib-dir]) ;; yes) ;; *) pcap_lib_dir="$withval" ;; esac]) dnl extra argument: --with-pcap-include-dir=DIR pcap_include_dir= AC_ARG_WITH(pcap-include-dir, [AS_HELP_STRING([--with-pcap-include-dir=DIR], [directory in which to look for pcap include files])], [case "$withval" in no) AC_MSG_ERROR([Need pcap-include-dir]) ;; yes) ;; *) pcap_include_dir="$withval" ;; esac]) smart_try_dir="$pcap_lib_dir" FR_SMART_CHECK_LIB(pcap, pcap_open_live) if test "x$ac_cv_lib_pcap_pcap_open_live" != "xyes"; then AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-lib-dir=.]) else AC_DEFINE(HAVE_LIBPCAP, 1, [Define to 1 if you have the `pcap' library (-lpcap).] ) AC_CHECK_FUNCS(\ pcap_fopen_offline \ pcap_dump_fopen \ pcap_create \ pcap_activate ) PCAP_LIBS="${smart_lib}" PCAP_LDFLAGS="${smart_ldflags}" fi dnl Set by FR_SMART_CHECK_LIB LIBS="${old_LIBS}" dnl Check for collectdclient dnl extra argument: --with-collectdclient-lib-dir=DIR collectdclient_lib_dir= AC_ARG_WITH(collectdclient-lib-dir, [AS_HELP_STRING([--with-collectdclient-lib-dir=DIR], [directory in which to look for collectdclient library files])], [case "$withval" in no) AC_MSG_ERROR([Need collectdclient-lib-dir]) ;; yes) ;; *) collectdclient_lib_dir="$withval" ;; esac]) dnl extra argument: --with-collectdclient-include-dir=DIR collectdclient_include_dir= AC_ARG_WITH(collectdclient-include-dir, [AS_HELP_STRING([--with-collectdclient-include-dir=DIR], [directory in which to look for collectdclient include files])], [case "$withval" in no) AC_MSG_ERROR([Need collectdclient-include-dir]) ;; yes) ;; *) collectdclient_include_dir="$withval" ;; esac]) smart_try_dir="$collectdclient_lib_dir" FR_SMART_CHECK_LIB(collectdclient, lcc_connect) if test "x$ac_cv_lib_collectdclient_lcc_connect" != "xyes"; then AC_MSG_WARN([collectdclient library not found. Use --with-collectdclient-lib-dir=.]) else COLLECTDC_LIBS="${smart_lib}" COLLECTDC_LDFLAGS="${smart_ldflags}" fi dnl Set by FR_SMART_CHECKLIB LIBS="${old_LIBS}" dnl Check for cap dnl extra argument: --with-cap-lib-dir=DIR cap_lib_dir= AC_ARG_WITH(cap-lib-dir, [AS_HELP_STRING([--with-cap-lib-dir=DIR], [directory in which to look for cap library files])], [case "$withval" in no) AC_MSG_ERROR([Need cap-lib-dir]) ;; yes) ;; *) cap_lib_dir="$withval" ;; esac]) dnl extra argument: --with-cap-include-dir=DIR cap_include_dir= AC_ARG_WITH(cap-include-dir, [AS_HELP_STRING([--with-cap-include-dir=DIR], [directory in which to look for cap include files])], [case "$withval" in no) AC_MSG_ERROR([Need cap-include-dir]) ;; yes) ;; *) cap_include_dir="$withval" ;; esac]) smart_try_dir="$cap_lib_dir" FR_SMART_CHECK_LIB(cap, cap_get_proc) if test "x$ac_cv_lib_cap_cap_get_proc" != "xyes"; then AC_MSG_WARN([cap library not found, debugger checks will not be enabled. Use --with-cap-lib-dir=.]) else AC_DEFINE(HAVE_LIBCAP, 1, [Define to 1 if you have the `cap' library (-lcap).] ) HAVE_LIBCAP=1 fi VL_LIB_READLINE dnl ############################################################# dnl # dnl # 3. Checks for header files dnl # dnl ############################################################# dnl # dnl # Check for talloc header files dnl # smart_try_dir="$talloc_include_dir" FR_SMART_CHECK_INCLUDE([talloc.h]) if test "x$ac_cv_header_talloc_h" != "xyes"; then AC_MSG_WARN([talloc headers not found. Use --with-talloc-include-dir=.]) AC_MSG_ERROR([FreeRADIUS requires libtalloc]) fi dnl # dnl # Interix requires us to set -D_ALL_SOURCE, otherwise dnl # getopt will be #included, but won't link. dnl # case "$host" in *-interix*) CFLAGS="$CFLAGS -D_ALL_SOURCE" ;; *-darwin*) CFLAGS="$CFLAGS -DDARWIN" LIBS="-framework DirectoryService $LIBS" AC_DEFINE([__APPLE_USE_RFC_3542], 1, [Force OSX >= 10.7 Lion to use RFC2292 IPv6 socket options]) ;; esac AC_HEADER_DIRENT AC_HEADER_STDC AC_HEADER_TIME AC_HEADER_SYS_WAIT AC_CHECK_HEADERS( \ arpa/inet.h \ crypt.h \ dlfcn.h \ errno.h \ fcntl.h \ features.h \ fnmatch.h \ getopt.h \ glob.h \ grp.h \ inttypes.h \ limits.h \ linux/if_packet.h \ malloc.h \ netdb.h \ netinet/in.h \ prot.h \ pwd.h \ resource.h \ semaphore.h \ sia.h \ siad.h \ signal.h \ stdbool.h \ stddef.h \ stdint.h \ stdio.h \ sys/event.h \ sys/fcntl.h \ sys/prctl.h \ sys/ptrace.h \ sys/resource.h \ sys/security.h \ sys/select.h \ sys/socket.h \ sys/time.h \ sys/types.h \ sys/un.h \ sys/wait.h \ syslog.h \ unistd.h \ utime.h \ utmp.h \ utmpx.h \ winsock.h ) dnl # dnl # FreeBSD requires sys/socket.h before net/if.h dnl # AC_CHECK_HEADERS(net/if.h, [], [], [ #ifdef HAVE_SYS_SOCKET_H # include #endif ] ) dnl # dnl # other checks which require headers dnl # if test "x$ac_cv_header_sys_security_h" = "xyes" && test "x$ac_cv_header_prot_h" = "xyes" then AC_DEFINE(OSFC2, [], [define if you have OSFC2 authentication]) fi if test "x$ac_cv_header_sia_h" = "xyes" && test "x$ac_cv_header_siad_h" = "xyes" then AC_DEFINE(OSFSIA, [], [define if you have OSFSIA authentication]) fi dnl # dnl # Were we told to use OpenSSL, if we were and we find an error, call AC_MSG_FAILURE and exit dnl # if test "x$WITH_OPENSSL" = xyes; then OLD_LIBS="$LIBS" dnl # dnl # Apparently OpenSSL will attempt to build with kerberos if we don't pass this?! dnl # CFLAGS="$CFLAGS -DOPENSSL_NO_KRB5" dnl # dnl # Check we can link to libcrypto and libssl dnl # smart_try_dir="$openssl_lib_dir" FR_SMART_CHECK_LIB(crypto, DH_new) if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then AC_DEFINE(HAVE_LIBCRYPTO, 1, [Define to 1 if you have the `crypto' library (-lcrypto).]) OPENSSL_LIBS="$smart_lib" OPENSSL_LDFLAGS="$smart_ldflags" FR_SMART_CHECK_LIB(ssl, SSL_new) if test "x$ac_cv_lib_ssl_SSL_new" != "xyes"; then AC_MSG_FAILURE([failed linking to libssl. Use --with-openssl-lib-dir=, or --with-openssl=no (builds without OpenSSL)]) else AC_DEFINE(HAVE_LIBSSL, 1, [Define to 1 if you have the `ssl' library (-lssl).]) OPENSSL_LIBS="$OPENSSL_LIBS $smart_lib" if test "$OPENSSL_LDFLAGS" != "$smart_ldflags"; then AC_MSG_FAILURE(["inconsistent LDFLAGS between -lssl '$smart_ldflags' and -lcrypto '$OPENSSL_LDFLAGS'"]) fi fi else AC_MSG_FAILURE([failed linking to libcrypto. Use --with-openssl-lib-dir=, or --with-openssl=no (builds without OpenSSL)]) fi smart_try_dir="$openssl_include_dir" FR_SMART_CHECK_INCLUDE(openssl/ssl.h) if test "x$ac_cv_header_openssl_ssl_h" = "xyes"; then AC_DEFINE(HAVE_OPENSSL_SSL_H, 1, [Define to 1 if you have the header file.]) AC_CHECK_HEADERS( \ openssl/asn1.h \ openssl/conf.h \ openssl/crypto.h \ openssl/err.h \ openssl/evp.h \ openssl/hmac.h \ openssl/md5.h \ openssl/md4.h \ openssl/sha.h \ openssl/ssl.h \ openssl/ocsp.h \ openssl/engine.h, [ OPENSSL_CPPFLAGS="$smart_include" ], [ AC_MSG_FAILURE([failed locating OpenSSL headers. Use --with-openssl-include-dir=, or --with-openssl=no (builds without OpenSSL)]) ] ) AC_MSG_CHECKING([for OpenSSL version >= 0.9.7]) AC_EGREP_CPP(yes, [#include #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) yes #endif ], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_MSG_FAILURE([OpenSSL version too old]) ] ) dnl # dnl # CPPFLAGS are passed to the compiler first, so we use dnl # them to ensure things like --sysroot don't override the dnl # library location we discovered previously. dnl # old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$OPENSSL_CPPFLAGS $CPPFLAGS" dnl # dnl # Now check that the header versions match the library dnl # AC_MSG_CHECKING([OpenSSL library and header version consistency]) AC_RUN_IFELSE( [AC_LANG_PROGRAM( [[ #include #include #include ]], [[ printf("library: %lx header: %lx... ", (unsigned long) SSLeay(), (unsigned long) OPENSSL_VERSION_NUMBER); if (SSLeay() == OPENSSL_VERSION_NUMBER) { return 0; } else { return 1; } ]] )], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_MSG_FAILURE([OpenSSL library version does not match header version]) ], [ AC_MSG_RESULT([cross-compiling (assuming yes)]) ] ) dnl # dnl # Check if the new HMAC_CTX interface is defined dnl # AC_CHECK_FUNCS( \ SSL_get_client_random \ SSL_get_server_random \ SSL_SESSION_get_master_key \ HMAC_CTX_new \ HMAC_CTX_free \ ASN1_STRING_get0_data \ CONF_modules_load_file \ CRYPTO_set_id_callback \ CRYPTO_set_locking_callback ) CPPFLAGS="$old_CPPFLAGS" fi LIBS="$OLD_LIBS" AC_SUBST(OPENSSL_LIBS) AC_SUBST(OPENSSL_LDFLAGS) AC_SUBST(OPENSSL_CPPFLAGS) export OPENSSL_LIBS OPENSSL_LDFLAGS OPENSSL_CPPFLAGS fi dnl # dnl # Check the pcap includes for the RADIUS sniffer. dnl # if test "x$PCAP_LIBS" = x; then AC_MSG_NOTICE([skipping test for pcap.h.]) else dnl # dnl # Check for pcap header files dnl # smart_try_dir="$pcap_include_dir" FR_SMART_CHECK_INCLUDE([pcap.h]) if test "x$ac_cv_header_pcap_h" = "xyes"; then AC_DEFINE(HAVE_PCAP_H, 1, [Define to 1 if you have the header file.]) AC_SUBST(PCAP_LIBS) AC_SUBST(PCAP_LDFLAGS) else AC_MSG_WARN([pcap headers not found, silently disabling the RADIUS sniffer, and ARP listener. Use --with-pcap-include-dir=.]) fi fi dnl Check for collectd-client if test "x$COLLECTDC_LIBS" = x; then AC_MSG_NOTICE([skipping test for collectd/client.h.]) else dnl # dnl # Check for collectd-client header files dnl # smart_try_dir="$collectdclient_include_dir" FR_SMART_CHECK_INCLUDE([collectd/client.h]) if test "x$ac_cv_header_collectd_client_h" = "xyes"; then AC_DEFINE(HAVE_COLLECTDC_H, 1, [Define to 1 if you have the `collectdclient' library (-lcollectdclient).]) AC_SUBST(COLLECTDC_LIBS) AC_SUBST(COLLECTDC_LDFLAGS) else AC_MSG_WARN([collectdclient headers not found. Use --with-collectdclient-include-dir=.]) fi fi dnl # dnl # Check the CAP includes for debugger checks dnl # if test "x$HAVE_LIBCAP" = x; then AC_MSG_NOTICE([skipping test for cap.h.]) else dnl # dnl # Check for CAP header files dnl # smart_try_dir="$cap_include_dir" FR_SMART_CHECK_INCLUDE([sys/capability.h]) if test "x$ac_cv_header_sys_capability_h" = "xyes"; then AC_DEFINE(HAVE_CAPABILITY_H, 1, [Define to 1 if you have the header file.]) else AC_MSG_WARN([cap headers not found, will not perform debugger checks. Use --with-cap-include-dir=.]) fi fi dnl ############################################################# dnl # dnl # 4. Checks for typedefs dnl # dnl ############################################################# dnl # dnl # Ensure that these are defined dnl # AC_TYPE_OFF_T AC_TYPE_PID_T AC_TYPE_SIZE_T AC_TYPE_UID_T dnl # dnl # Check for socklen_t dnl # FR_CHECK_TYPE_INCLUDE( [ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif ], socklen_t, int, [socklen_t is generally 'int' on systems which don't use it] ) dnl # dnl # Check for uint8_t dnl # FR_CHECK_TYPE_INCLUDE( [ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif ], uint8_t, unsigned char, [uint8_t should be the canonical 'octet' for network traffic] ) dnl # dnl # Check for uint16_t dnl # FR_CHECK_TYPE_INCLUDE( [ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif ], uint16_t, unsigned short, [uint16_t should be the canonical '2 octets' for network traffic] ) dnl # dnl # Check for uint32_t dnl # FR_CHECK_TYPE_INCLUDE( [ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif ], uint32_t, unsigned int, [uint32_t should be the canonical 'network integer'] ) dnl # dnl # Check for uint64_t dnl # FR_CHECK_TYPE_INCLUDE( [ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif ], uint64_t, unsigned long long, [uint64_t is required for larger counters] ) dnl # dnl # Check for __uint128_t (compiler builtin) dnl # AC_CHECK_TYPE(__uint128_t, AC_DEFINE(HAVE___UINT128_T, 1, [compiler specific 128 bit unsigned integer]), [], []) dnl # dnl # Check for uint128_t (fictitious future data type) dnl # AC_CHECK_TYPE(uint128_t, AC_DEFINE(HAVE_UINT128_T, 1, [128 bit unsigned integer]), [], [ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif ] ) AC_CHECK_TYPE(struct in6_addr, AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, [IPv6 address structure]), [], [ #ifdef HAVE_NETINET_IN_H # include #endif ] ) AC_CHECK_TYPE(struct sockaddr_storage, AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, [Generic socket addresses]), [], [ #ifdef HAVE_NETINET_IN_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif ]) AC_CHECK_TYPE(struct sockaddr_in6, AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, [IPv6 socket addresses]), [], [ #ifdef HAVE_NETINET_IN_H # include #endif ]) AC_CHECK_TYPE(struct addrinfo, AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [Generic DNS lookups]), [], [ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETDB_H # include #endif ] ) dnl # dnl # Check for sig_t dnl # dnl # FR_CHECK_TYPE_INCLUDE doesn't work for callbacks as it doesn't produce typedefs dnl # AC_MSG_CHECKING([if sig_t is defined]) AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ #ifdef HAVE_SIGNAL_H # include #endif ]], [[ sig_t func; return 0; ]] )], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_SIG_T, 1, [Define if the type sig_t is defined by signal.h]) ], [ AC_MSG_RESULT(no) ] ) dnl ############################################################# dnl # dnl # 5. Checks for structures and functions dnl # dnl ############################################################# AC_CHECK_FUNCS( \ bindat \ clock_gettime \ closefrom \ ctime_r \ dladdr \ fcntl \ fopencookie \ funopen \ getaddrinfo \ getnameinfo \ getopt_long \ getpeereid \ getresuid \ gettimeofday \ getusershell \ gmtime_r \ if_indextoname \ inet_aton \ inet_ntop \ inet_pton \ initgroups \ kqueue \ localtime_r \ mallopt \ mkdirat \ openat \ pthread_sigmask \ setlinebuf \ setresuid \ setsid \ setuid \ setvbuf \ sigaction \ sigprocmask \ snprintf \ strcasecmp \ strlcat \ strlcpy \ strncasecmp \ strsep \ strsignal \ unlinkat \ vdprintf \ vsnprintf ) AC_TYPE_SIGNAL dnl # dnl # Check if we have utmpx.h dnl # if so, check if struct utmpx has entry ut_xtime dnl # if not, set it to define ut_xtime = ut_tv.tv_sec dnl # if test "x$ac_cv_header_utmpx_h" = "xyes"; then FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct utmpx], ut_xtime) if test "x$ac_cv_type_struct_utmpx_has_ut_xtime" = "x"; then AC_DEFINE(ut_xtime, ut_tv.tv_sec, [define to something if you don't have ut_xtime in struct utmpx]) fi fi dnl # dnl # struct ip_pktinfo dnl # FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct in_pktinfo], ipi_addr) if test "x$ac_cv_type_struct_in_pktinfo_has_ipi_addr" = "xyes"; then AC_DEFINE(HAVE_IP_PKTINFO, [], [define if you have IP_PKTINFO (Linux)]) fi dnl # dnl # struct in6_pktinfo dnl # FR_CHECK_STRUCT_HAS_MEMBER([#include ], [struct in6_pktinfo], ipi6_addr) if test "x$ac_cv_type_struct_in6_pktinfo_has_ipi6_addr" = "xyes"; then AC_DEFINE(HAVE_IN6_PKTINFO, [], [define if you have IN6_PKTINFO (Linux)]) fi dnl # dnl # Check for htonll and htonlll dnl # AC_MSG_CHECKING([if htonll is defined]) AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ #include #include ]], [[ return htonll(0); ]] )], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HTONLL, 1, [Define if the function (or macro) htonll exists.]) ], [ AC_MSG_RESULT(no) ] ) AC_MSG_CHECKING([if htonlll is defined]) AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ #include #include ]], [[ return htonlll(0); ]] )], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HTONLLL, 1, [Define if the function (or macro) htonlll exists.]) ], [ AC_MSG_RESULT(no) ] ) dnl ############################################################# dnl # dnl # 6. Checks for compiler characteristics dnl # dnl ############################################################# dnl # dnl # Ensure that these are defined dnl # AC_C_CONST dnl # dnl # See if this is OS/2 dnl # AC_MSG_CHECKING([type of OS]) OS=`uname -s` AC_MSG_RESULT($OS) if test "$OS" = "OS/2"; then LIBPREFIX= else LIBPREFIX=lib fi AC_SUBST(LIBPREFIX) if test "x$developer" = "xyes"; then AC_MSG_NOTICE([Setting additional developer CFLAGS]) dnl # dnl # Tell the compiler to parse doxygen documentation and verify it against function and variable declarations dnl # AX_CC_WDOCUMENTATION_FLAG if test "x$ax_cv_cc_wdocumentation_flag" = "xyes"; then devflags="-Wdocumentation" fi dnl # dnl # If we have -Weverything, it really means *everything* unlike -Wall dnl # It's so verbose we need to turn off warnings which aren't useful. dnl # AX_CC_WEVERYTHING_FLAG if test "x$ax_cv_cc_weverything_flag" = "xyes"; then devflags="$devflags -W -Weverything -Wformat=2 -Wno-missing-field-initializers -Wno-date-time -Wno-padded -Wno-gnu-zero-variadic-macro-arguments -Wno-shorten-64-to-32 -Wno-sign-conversion -Wno-conversion -Wno-switch-enum -Wno-gnu-statement-expression -Wno-extended-offsetof -Wno-cast-align -Wno-documentation-unknown-command -Wno-covered-switch-default -Wno-packed -DWITH_VERIFY_PTR=1" else if test "x$GCC" = "xyes"; then devflags="$devflags -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1" INSTALLSTRIP="" fi fi AC_MSG_NOTICE([Developer CFLAGS are "$devflags"]) CFLAGS="$CFLAGS $devflags" dnl # dnl # Enable experimental modules (we want to know if code changes breaks one of them) dnl # if test "x$EXPERIMENTAL" != "xno"; then AC_MSG_NOTICE([is developer build, enabling experimental modules implicitly, disable with --without-experimental-modules]) EXPERIMENTAL=yes fi else devflags="" CFLAGS="$CFLAGS -DNDEBUG" INSTALLSTRIP="" fi dnl # dnl # May of been set outside of this configure script dnl # AC_MSG_CHECKING([if building with -DNDEBUG]) if echo "$CFLAGS" | grep '\-DNDEBUG' > /dev/null; then AC_MSG_RESULT([yes]) AC_DEFINE([WITH_NDEBUG], [1], [define if the server was built with -DNDEBUG]) else AC_MSG_RESULT([no]) fi export EXPERIMENTAL dnl # dnl # append the current git hash onto the version string dnl # if test -d $srcdir/.git -a "x$GIT" = "xyes"; then RADIUSD_VERSION_COMMIT=`git log --pretty=format:'%h' -n 1` AC_DEFINE_UNQUOTED([RADIUSD_VERSION_COMMIT],[${RADIUSD_VERSION_COMMIT}],[Commit HEAD at time of configuring]) fi dnl # dnl # check for some compiler features dnl # FR_TLS FR_HAVE_BUILTIN_CHOOSE_EXPR FR_HAVE_BUILTIN_TYPES_COMPATIBLE_P FR_HAVE_BUILTIN_BSWAP64 FR_HAVE_BOUNDED_ATTRIBUTE dnl ############################################################# dnl # dnl # 7. Checks for library functions dnl # dnl ############################################################# dnl # dnl # Check for talloc_set_memlimit dnl # This was only included in version 2.0.8 dnl # AC_CHECK_LIB(talloc, talloc_set_memlimit, [ AC_DEFINE(HAVE_TALLOC_SET_MEMLIMIT, 1, [Define to 1 if you have the function talloc_set_memlimit.]) ] ) dnl # dnl # Check for libcrypt dnl # We use crypt(3) which may be in libc, or in libcrypt (eg FreeBSD) dnl # AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt" ) if test "$CRYPTLIB" != ""; then AC_DEFINE(HAVE_CRYPT, [], [Do we have the crypt function]) else AC_CHECK_FUNC(crypt, AC_DEFINE(HAVE_CRYPT, [], [Do we have the crypt function])) fi dnl Check for libcipher AC_CHECK_LIB(cipher, setkey, CRYPTLIB="${CRYPTLIB} -lcipher" ) AC_SUBST(CRYPTLIB) dnl # dnl # Check for libexecinfo support, on some systems this is built into libc dnl # on others it's a separate library. dnl # dnl extra argument: --with-execinfo-lib-dir execinfo_lib_dir= AC_ARG_WITH(execinfo-lib-dir, [AS_HELP_STRING([--with-execinfo-lib-dir=DIR], [directory in which to look for execinfo library files])], [ case "$withval" in no) AC_MSG_ERROR([Need execinfo-lib-dir]) ;; yes) ;; *) execinfo_lib_dir="$withval" ;; esac ] ) dnl extra argument: --with-execinfo-include-dir execinfo_include_dir= AC_ARG_WITH(execinfo-include-dir, [AS_HELP_STRING([--with-execinfo-include-dir=DIR], [directory in which to look for execinfo include files])], [ case "$withval" in no) AC_MSG_ERROR([Need execinfo-include-dir]) ;; yes) ;; *) execinfo_include_dir="$withval" ;; esac ] ) dnl # dnl # Look for execinfo.h and symbols dnl # smart_try_dir=$execinfo_include_dir FR_SMART_CHECK_INCLUDE(execinfo.h) if test "x$ac_cv_header_execinfo_h" = "xyes"; then smart_try_dir=$execinfo_lib_dir FR_SMART_CHECK_LIB(execinfo, backtrace_symbols) if test "x$ac_cv_lib_execinfo_backtrace_symbols" != "xyes"; then dnl # Might be provided as part of libc AC_MSG_CHECKING([if execinfo provided as part of libc]) AC_TRY_LINK( [ #include ], [ void *sym[1]; backtrace_symbols(&sym, sizeof(sym)) ], [ AC_MSG_RESULT(yes) ac_cv_lib_execinfo_backtrace_symbols="yes" ], [ AC_MSG_RESULT(no) ] ) fi if test "x$ac_cv_lib_execinfo_backtrace_symbols" = "xyes"; then AC_DEFINE(HAVE_EXECINFO, [1], [define this if we have and symbols]) fi fi dnl # dnl # Check for regular expression support. dnl # dnl extra argument: --with-pcre PCRE=yes AC_ARG_WITH(pcre, [AS_HELP_STRING([--with-pcre], [use libpcre (if available). (default=yes)])], [ case "$withval" in no) PCRE=no ;; yes) PCRE=yes ;; esac ] ) dnl extra argument: --with-pcre-lib-dir pcre_lib_dir= AC_ARG_WITH(pcre-lib-dir, [AS_HELP_STRING([--with-pcre-lib-dir=DIR], [directory in which to look for pcre library files])], [ case "$withval" in no) AC_MSG_ERROR(Need pcre-lib-dir) ;; yes) ;; *) pcre_lib_dir="$withval" ;; esac ] ) dnl extra argument: --with-pcre-include-dir pcre_include_dir= AC_ARG_WITH(pcre-include-dir, [AS_HELP_STRING([--with-pcre-include-dir=DIR], [directory in which to look for pcre include files])], [ case "$withval" in no) AC_MSG_ERROR(Need pcre-include-dir) ;; yes) ;; *) pcre_include_dir="$withval" ;; esac ] ) dnl extra argument: --with-regex REGEX= AC_ARG_WITH(regex, [AS_HELP_STRING([--with-regex], [Whether to build with regular expressions (default=yes)])], [ case "$withval" in no) REGEX=no ;; *) ;; esac ] ) dnl # dnl # First look for PCRE dnl # if test "x$REGEX" != "xno" && test "x$PCRE" != "xno"; then smart_try_dir=$pcre_include_dir FR_SMART_CHECK_INCLUDE(pcre.h) if test "x$ac_cv_header_pcre_h" = "xyes"; then smart_try_dir=$pcre_lib_dir FR_SMART_CHECK_LIB(pcre, pcre_compile) if test "x$ac_cv_lib_pcre_pcre_compile" = "xyes"; then REGEX=yes AC_DEFINE(HAVE_PCRE, [1], [define this if we have libpcre]) AC_DEFINE(HAVE_BINSAFE_REGEX, 1, [Define if we have a binary safe regular expression library]) fi fi fi dnl # dnl # If no PCRE, fallback to POSIX regular expressions dnl # if test "x$REGEX" = "x"; then smart_try_dir= FR_SMART_CHECK_INCLUDE(regex.h) if test "x$ac_cv_header_regex_h" = "xyes"; then REGEX=yes AC_MSG_CHECKING([for extended regular expressions]) AC_EGREP_CPP(yes, [ #include #ifdef REG_EXTENDED yes #endif ], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_REG_EXTENDED, [1], [define this if we have REG_EXTENDED (from )]) ], [ AC_MSG_RESULT(no) ] ) dnl # dnl # Some platforms require the regex library to be linked explicitly dnl # AC_CHECK_LIB(regex, regcomp, [ LIBS="-lregex $LIBS" ] ) dnl # dnl # Check for some BSD extensions which allow normal regexes to be dnl # binary safe. dnl # AC_CHECK_FUNCS(\ regncomp \ regnexec ) if test x"$ac_cv_func_regncomp" = x"yes" && test x"$ac_cv_func_regnexec" = x"yes"; then AC_DEFINE(HAVE_BINSAFE_REGEX, 1, [Define if we have a binary safe regular expression library]) fi fi fi if test "x$REGEX" = "xyes"; then AC_DEFINE(HAVE_REGEX, 1, [Define if we have any regular expression library]) fi dnl # dnl # Check the style of gethostbyaddr, in order of preference dnl # GNU (_r eight args) dnl # AC_DEFINE(GNUSTYLE, [1], [GNU-Style get*byaddr_r]) dnl # dnl # SYSV (_r six args) dnl # AC_DEFINE(SYSVSTYLE, [2], [SYSV-Style get*byaddr_r]) dnl # dnl # BSD (three args, may not be thread safe) dnl # AC_DEFINE(BSDSTYLE, [3], [BSD-Style get*byaddr_r]) dnl # dnl # Tru64 has BSD version, but it is thread safe dnl # http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN3/1739____.HTM dnl # We need #stdio.h to define NULL on FreeBSD (at least) dnl # gethostbyaddrrstyle="" AC_MSG_CHECKING([gethostbyaddr_r() syntax]) case "$host" in *-freebsd*) dnl # dnl # With FreeBSD, check if there's a prototype for gethostbyaddr_r. dnl # Some versions (FreeBSD 5.1?) have a symbol but no prototype - so we dnl # override this test to BSDSTYLE. FreeBSD 6.2 and up have proper GNU dnl # style support. dnl # AC_CHECK_DECLS([gethostbyaddr_r], [], [ AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE, [style of gethostbyaddr_r functions ]) gethostbyaddrrstyle=BSD AC_MSG_WARN([FreeBSD overridden to BSD-style]) ], [ #ifdef HAVE_NETDB_H #include #endif ]) ;; esac if test "x$gethostbyaddrrstyle" = "x"; then AC_TRY_LINK( [ #include #include ], [ gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL, NULL) ], [ AC_DEFINE(GETHOSTBYADDRRSTYLE, GNUSTYLE, [style of gethostbyaddr_r functions ]) gethostbyaddrrstyle=GNU ] ) fi if test "x$gethostbyaddrrstyle" = "x"; then AC_TRY_LINK( [ #include #include ], [ gethostbyaddr_r(NULL, 0, 0, NULL, NULL, 0, NULL) ] , [ AC_DEFINE(GETHOSTBYADDRRSTYLE, SYSVSTYLE, [style of gethostbyaddr_r functions ]) gethostbyaddrrstyle=SYSV ] ) fi if test "x$gethostbyaddrrstyle" = "x"; then AC_TRY_LINK( [ #include #include ], [ gethostbyaddr(NULL, 0, 0) ], [ AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE, [style of gethostbyaddr_r functions ]) gethostbyaddrrstyle=BSD ] ) fi if test "x$gethostbyaddrrstyle" = "x"; then AC_MSG_RESULT([none! It must not exist, here.]) else AC_MSG_RESULT([${gethostbyaddrrstyle}-style]) fi if test "x$gethostbyaddrrstyle" = "xBSD"; then AC_MSG_WARN([ ****** BSD-style gethostbyaddr might NOT be thread-safe! ****** ]) fi dnl # dnl # Check the style of gethostbyname, in order of preference dnl # GNU (_r seven args) dnl # SYSV (_r five args) dnl # BSD (two args, may not be thread safe) dnl # Tru64 has BSD version, but it _is_ thread safe dnl # http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN3/1946____.HTM dnl # We need #stdio.h to define NULL on FreeBSD (at least) dnl # gethostbynamerstyle="" AC_MSG_CHECKING([gethostbyname_r() syntax]) AC_TRY_LINK( [ #include #include ], [ gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL) ], [ AC_DEFINE(GETHOSTBYNAMERSTYLE, GNUSTYLE, [style of gethostbyname_r functions ]) gethostbynamerstyle=GNU ] ) if test "x$gethostbynamerstyle" = "x"; then AC_TRY_LINK( [ #include #include ], [ gethostbyname_r(NULL, NULL, NULL, 0, NULL) ] , [ AC_DEFINE(GETHOSTBYNAMERSTYLE, SYSVSTYLE, [style of gethostbyname_r functions ]) gethostbynamerstyle=SYSV ] ) fi if test "x$gethostbynamerstyle" = "x"; then AC_TRY_LINK( [ #include #include ], [ gethostbyname(NULL) ], [ AC_DEFINE(GETHOSTBYNAMERSTYLE, BSDSTYLE, [style of gethostbyname_r functions ]) gethostbynamerstyle=BSD ] ) fi if test "x$gethostbynamerstyle" = "x"; then AC_MSG_RESULT([none! It must not exist, here.]) else AC_MSG_RESULT([${gethostbynamerstyle}-style]) fi if test "x$gethostbynamerstyle" = "xBSD"; then AC_MSG_WARN([ ****** BSD-style gethostbyname might NOT be thread-safe! ****** ]) fi dnl # dnl # Check for thread-safe getpwnam_r and getgrnam_r dnl # if test "x$ac_cv_header_pwd_h" = "xyes"; then AC_MSG_CHECKING([getpwnam_r]) AC_TRY_LINK( [ #include #include #include ], [ getpwnam_r(NULL, NULL, NULL, 0, NULL) ], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_GETPWNAM_R, 1, [Define to 1 if you have the getpwnam_r.] ) ], [ AC_MSG_RESULT(no) ] ) fi if test "x$ac_cv_header_grp_h" = "xyes"; then AC_MSG_CHECKING([getgrnam_r]) AC_TRY_LINK( [ #include #include #include ], [ getgrnam_r(NULL, NULL, NULL, 0, NULL) ], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_GETGRNAM_R, 1, [Define to 1 if you have the getgrnam_r.] ) ], [ AC_MSG_RESULT(no) ] ) fi dnl # dnl # Check for non-posix solaris ctime_r (extra buflen int arg) dnl # AC_DEFINE(POSIXSTYLE, [1], [Posix-Style ctime_r]) AC_DEFINE(SOLARISSTYLE, [2], [Solaris-Style ctime_r]) ctimerstyle="" AC_MSG_CHECKING([ctime_r() syntax]) AC_TRY_LINK( [ #include ], [ ctime_r(NULL, NULL, 0) ], [ AC_DEFINE(CTIMERSTYLE, SOLARISSTYLE, [style of ctime_r function]) ctimerstyle="SOLARIS" ] ) if test "x$ctimerstyle" = "x"; then AC_TRY_LINK( [ #include ], [ ctime_r(NULL, NULL) ], [ AC_DEFINE(CTIMERSTYLE, POSIXSTYLE, [style of ctime_r function]) ctimerstyle="POSIX" ] ) fi if test "x$ctimerstyle" = "x"; then AC_MSG_RESULT([none! It must not exist, here.]) else AC_MSG_RESULT([${ctimerstyle}-style]) fi AC_SUBST(HOSTINFO, $host) dnl ############################################################# dnl # dnl # 8. Checks for system services dnl # dnl ############################################################# dnl # dnl # Figure out where libtool is located, dnl # top_builddir=`pwd` export top_builddir AC_MSG_RESULT([top_builddir=$top_builddir]) dnl # AC_SUBST(top_builddir) dnl # dnl # import libtool stuff dnl # dnl ############################################################# dnl # dnl # Configure in any module directories. dnl # dnl ############################################################# dnl ############################################################ dnl # Remove any conflicting definitions if autoconf.h dnl # is being included by a module. dnl ############################################################# AH_BOTTOM([#include ]) dnl ############################################################ dnl # make modules by list dnl ############################################################# if test "x$EXPERIMENTAL" = "xyes"; then for foo in `ls -1 "${srcdir}"/src/modules | grep rlm_`; do MODULES="$MODULES $foo" done else dnl # dnl # make ONLY the stable modules dnl # for foo in `cat "${srcdir}"/src/modules/stable`; do MODULES="$MODULES $foo" done fi dnl ############################################################ dnl # Add autoconf subdirs, based on the module list we dnl # previously created. dnl ############################################################# mysubdirs="" for bar in $MODULES; do if test -f "${srcdir}"/src/modules/$bar/configure; then mysubdirs="$mysubdirs src/modules/$bar" fi done dnl # dnl # Don't change the variable name here. Autoconf goes bonkers dnl # if you do. dnl # AC_CONFIG_SUBDIRS($mysubdirs) AC_SUBST(MODULES) dnl # dnl # If reproducible builds are not enabled, disable dnl # -Wdate-time so the compiler doesn't croak. dnl # if test "x$reproducible_builds" != "xyes"; then CFLAGS="-Wno-date-time $CFLAGS" fi dnl ############################################################# dnl # dnl # Add -Werror last, so it doesn't interfere with autoconf's dnl # test programs. dnl # dnl ############################################################# if test "x$werror" = "xyes"; then CFLAGS="-Werror $CFLAGS" fi dnl ############################################################# dnl # dnl # And finally, output the results. dnl # dnl ############################################################# AC_CONFIG_COMMANDS([stamp-h], [echo timestamp > src/include/stamp-h]) AC_CONFIG_COMMANDS([build-radpaths-h], [(cd ./src/include && /bin/sh ./build-radpaths-h)]) AC_CONFIG_COMMANDS([main-chmod], [(cd ./src/main && chmod +x checkrad radlast radtest)]) AC_CONFIG_COMMANDS([scripts-chmod], [(cd ./scripts && chmod +x rc.radiusd cron/radiusd.cron.daily cron/radiusd.cron.monthly cryptpasswd)]) dnl # dnl # Substitute whatever libraries we found to be necessary dnl # AC_SUBST(LIBS) AC_SUBST(INSTALLSTRIP) AC_SUBST(USE_SHARED_LIBS) USE_STATIC_LIBS="yes" AC_SUBST(USE_STATIC_LIBS) AC_SUBST(STATIC_MODULES) AC_OUTPUT(\ ./Make.inc \ ./src/include/build-radpaths-h \ ./src/main/radsniff.mk \ ./src/main/checkrad \ ./src/main/radlast \ ./src/main/radtest \ ./scripts/rc.radiusd \ ./scripts/cron/radiusd.cron.daily \ ./scripts/cron/radiusd.cron.monthly \ ./scripts/cryptpasswd \ ./raddb/radrelay.conf \ ./raddb/radiusd.conf ) freeradius-server-3.0.16/doc/000077500000000000000000000000001322570622300160055ustar00rootroot00000000000000freeradius-server-3.0.16/doc/.gitignore000066400000000000000000000000071322570622300177720ustar00rootroot00000000000000_build freeradius-server-3.0.16/doc/ChangeLog000066400000000000000000002220741322570622300175660ustar00rootroot00000000000000FreeRADIUS 3.0.16 Thu 11 Jan 2018 12:00:00 EST urgency=low Feature improvements * rlm_python now supports multiple lists. From #2031. * Add trust router re-keying. From #2007. * Add support for Samba / AD LDAP schema. See doc/schemas/ldap/samba/README.txt and doc/schemas/ldap/samba/ * Add "tls_min_version" and "tls_max_version" to EAP module for Debian OpenSSL issues. * Better documentation for client certificates in PEAP and TTLS: it usually doesn't work. Fixes #2068. * Distinguish login failure from AD unavailable. Fixes #2069. * Update RH spec files. Fixes #2070. * Run Post-Proxy-Type if all home servers are dead. Fixes #2072. * Print offending IP addresses when EAP sessions come from two upstream home servers, and rate-limit the messages. * Minor packaging updates. * Better documentation for rlm_rest. * EAP-FAST now has it's own "cipher_list", so that it is easier to configure. * EAP-FAST now forcibly disables TLS1.2, until such time as we implement the new keying mechanism from TLS1.2. * Add documentation for allow_expired_crl. * Update Debian logrotation. #2093 and #2101. * DHCP relay can now drop responses. #2095. * rlm_sqlippool can now assign Delegated-IPv6-Prefix. It also now can assign any IPv4 or IPv6 address. Based on patches from maximumG. #2094. See raddb/mods-available/sqlippool for changes. * radeapclient can now use EAP-SIM-Ki to dynamically create the necessary triplets. * Explain why many LDAP connections are closed. Fixes #1969. * Debian build / package issues fixed by Matthew Newton. * dictionary.patton updates from Brice Schaffner. Fixes #2137. * Added scripts to build "inner-server.pem", and updated mods-config/inner-eap and certs/README to match. * Added provisions for using an external CA. See raddb/certs/ * Include dhcpclient binary in freeradius-dhcp debian packge. Bug fixes * Bind the lifetime of program name and python path to the module FR-AD-002 (redone) * Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 (redone) * Allow 100-Continue responses with additional headers in rlm_rest. * fix corner case where detail files were not being locked correctly. * Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group. Fixes #1947 * Clean up exfile code. Which should help to avoid issues with reading / writing 100's of detail files. * Fix build for winbind. Patch from Alex Clouter. * Fix checkrad for Mikrotik. Patch from Muchael Ducharme. * Fix home server stats lookup. Patch from Phil Mayers. * Add libjson-c3 as an optional dependency. * Require LTB OpenLDAP on CentOS / Redhat, to avoid linking against NSS, which breaks the server. Fixes #2040. * rlm_python fixes. Fixes #2041 * Typos in "man" pages. Fixes #2045 * Expand "next" in %{%{...}:-%{...}}. Fixes #2048 * Don't add TLS attributes twice. Fixes #2050. * Fix memory allocation in rlm_rest. Fixes #2051. * Update trustrouter for new API. Fixes #2059. * Fix SQLite issues on FreeBSD. Fixes #2060 * Don't do debug logging of bad passwords. Fixes #2064. * More graceful handling of "die" in rlm_perl. Fixes #2073. * Fix occasional crash when using cisco_accounting_username_bug = yes * EAP-FAST fixes from Isaac Boukris. #2078, #2076, and #2082, #2126. * DHCP fixes, relay, #2092, add run-time check, #2028 * Decode multiple RADIUS packets at a time in highly loaded RadSec connections. Patch from Jan Tomasek. #2106. * TunnelPassword is not "single value" in LDAP schema. Fixes #2061. * sql log now opens the expanded filename, not the input one. This was a regression introduced in 3.0.15. * Remove unnecessary UNIQUE constrain in Oracle schemas. * Fix SSL thread and locking issues when modules also use SSL. Fixes #2125 and #2129. * Re-add dhcpclient "raw packet" changes. Patches from Nicolas Chaigne and Matthew Newton. Fixes #2155. FreeRADIUS 3.0.15 Mon 17 Jul 2017 09:00:00 EDT urgency=high Feature improvements * Provide HOSTNAME in default systemd files. * Incorporate RedHat specific files * Update dictionary.starent, dictionary.ruckus * Allow builds without TCP or DHCP Bug fixes * Fix multiple issues. See this web page for details: http://freeradius.org/security/fuzzer-2017.html * Pass correct statement length into sqlite3_prepare[_v2] * Bind the lifetime of program name and python path to the module * Check input / output length in make_secret(). FR-GV-201 * Fix read overflow when decoding DHCP option 63 FR-GV-206 * Fix write overflow in data2vp_wimax() FR-GV-301 * Fix infinite loop and memory exhaustion with 'concat' attributes FR-GV-302 * Fix infinite read in dhcp_attr2vp() FR-GV-303 * Fix buffer over-read in fr_dhcp_decode_suboptions() FR-GV-304 * Decode 'signed' attributes correctly. FR-GV-305 * use strncmp() instead of memcmp() for bounded data FR-AD-001 * Bind the lifetime of program name and python path to the module FR-AD-002 * Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 * print messages when we see deprecated configuration items * show reasons why we couldn't parse a certificate expiry time * be more accepting about truncated ASN1 times. * Fix OpenSSL API issue which could leak small amounts of memory. Issue reported by Guido Vranken. * For Access-Reject, call rad_authlog() after running the post-auth section, just like for Access-Accept. * don't crash when reading corrupted data from session resumption cache. Fixes #1999. * Parse port in dhcpclient. Fixes #2000. * Don't leak memory for OpenSSL. Patch from Guido Vranken. * Portability fixes taken from OpenBSD port collection. * run rad_authlog after post-auth for Access-Reject. * Don't process VMPS packets twice. * Fix attribute truncation in rlm_perl * Fix bug when processing huntgroups. FreeRADIUS 3.0.14 Fri 26 May 2017 13:00:00 EDT urgency=medium Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148. * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. Patch from Peter Lambrechtsen. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. Patch from Matthew Newton. Fixes #1973. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot-*-TargetedId generation. Patch from Stefan Paetow. Bug fixes * radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. Fixes #1933. * Allow session resumption for RadSec connections. Fixes #1936. * Update "huntgroups" file to note that port ranges are not supported. * Fix OpenSSL permissions issues on default key files. Fixes #1941. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. Fixes #1946. * Fixed talloc issue with TLS session resumption. Fixes #1980. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. Fixes #1951. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. Fixes #1959. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. Fixes #1989 * Use correct packet for channel bindings. Fixes #1990. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more information. * Fix incorrect length check in EAP-PWD. This may be exploitable. FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium Feature improvements * Add dictionary.rfc7930. Note that we do not implement the RFC. * Added 'cipher_server_preference' to mods-available/eap Patch from #1797. * OpenSSL 1.1.0 compatibility fixes. * rlm_perl: radiusd::xlat to evaluate xlat string within perl script * Allow authentication retry in winbind. Patch from Herwin Weststrate. See raddb/mods-available/mschap. * Added "recv-coa" method to rlm_rest. It behaves the same as "authorize". * Document Trust Router tr_port option. Patch from Stefan Paetow. * Update elasticsearch/logstash examples so that they work with elastic stack v5. Patch from Matthew Newton. * Print information about packets, replies, and contents in the detail file reader. * Update abfab-tr policy. Pull request #1893 from Stefan Paetow. * Reject packets which contain User-Password and EAP-Message. * Add example for filtering Access-Challenge. See sites-enabled/default. * Pull symlink fixes from v4.0.x. Fixes #1859. * Add systemd reload. Not everything is reloaded, but some is. Fixes #1662. * Better documentation for listen "ipaddr". Fixes #1921 * Add dictionary.cnergee, updated dictionary.nomadix. * radclient no longer needs -x to print statistics with -s. Bug fixes * Minor typos. Fixes #1763 * Fix typo in RPM build. Closes #1767. * rlm_mschap check for password expiry only if password was correct. Fixes #1762. * Update debian build. * update rlm_counter "man" page. Fixes #1775. * Remove erroneous assert. Fixes #1778. * fix mschap password change test. Fixes #1792. * Cleanup config file on data remove. Fixes #1795. * passwd module returns "notfound" if not found. * Check for old OpenSSL, and don't build rlm_eap_fast if it necessary. Fixes #1803 * Cleanup memory better after ldap version query. Patch from Aleksey Katargin. * Rename lt_* functions to avoid linker issues with libtool. Fixes #1277 * Many miscellaneous fixes and typos. * Allow long strings in %{%{foo} bar:-%{baz} blah". Fixes #1866 * Fix filtering operators, along with more documentation and more tests for them. * Fix OpenSSL fixes. Fixes #1876. * Finish SQL select queries even when SELECT returns no rows. Fixes #1879. * Set Module-Failure-Message for more EAP errors. * Correct typo in dictionary.rfc5580. Fixes #1882 * Remove obselete systemd syslog.target. * Client-Port-Balance load-balancing now uses client port. * Radrelay examples fixed from Alex Clouter. * Update systemd target. Pull request #1896. * Trim starting whitespace in xlat strings. * Get MySQL result lengths using normal API. * suid down after fchown(). Fixes #1914. * Fix cases of comparing pointer to NUL character. Fixes #1915. * OpenSSL v1.1 fixes. Pull request #1921. * Better Handle v4/v6 host names. Pull request #1919. * Remove "Auth-Type = System" from docs and examples. * Don't crash on malformed %{home_server}. Fixes #1922 * fix erroneous use of talloc destructor in rlm_eap * Issue trigger modules.sql.fail. Fixes #1923 * Document python_path gotcha's. Fixes #1845 * dlopen() the specific version of Python. Fixes #1592 FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium Feature improvements * Add support for =~ and !~ in update sections. See "man unlang" * Add dictionary.checkpoint. * Simultaneous-Use prints out more information. * Print WARNING in debug mode when packets may be truncated. * Added expansions %{home_server:state} and %{home_server_pool:state}, which show the state of the server / pool. * Mark rlm_sql_freetds as stable. * Make rlm_perl less fragile. Patch from Herwin Weststrate. * Allow extended attributes to have "encrypt=2" * Update dictionary.aruba. * Add support for EAP-FAST. This is an isolated feature which does not affect anything else. * Update OpenSSL vulnerability list. Use a version of OpenSSL released after September 20, 2016. * EAP certificate verification is now done when "verify" is enabled and "ocsp" is disabled. * New dhcpclient and rlm_rad_counter man pages. * Minor abfab and moonshot additions. * Pass CFLAGS through from environment in RPM builds. Allows more custom builds. * Build with Heimdal in addition to libkrb5. Bug fixes * Use correct typedef for older versions of sqlite. * Update mssql schema to add priority * Don't complain on /dev/urandom in ldap * Fix == operator in update sections * Don't create DHCP strings with many trailing zeros. Patch from Nicolas C. Fixes #1526. * Allow MS-CHAP change passwords instead of complaining on large buffer. * Allow assignment or equality operator on SQL. * Update aclocal tests for FreeBSD 10. Patches from Mathieu Simon. * Remove occasional hang in rlm_linelog. * Copy VSAs to inner tunnel for TTLS and PEAP. Fixes #1544 * A few minor bugfixes caught in v3.1.x cleanup, and back-ported to v3.0.x. * do_not_respond again works in post-proxy * Allow realm "~^.*$" {} and User-Name with no realm. * Fix leak when creating unknown attributes * Fix Debian / logrotate. * Make OpenSSL error functions thread-safe. * Fix crash with rlm_sql and updating SQL-User-Name. * Debian build updates. * Allow regular expression comparisons in radclient fixes #1574. * Fix memory leak on unknown attributes in detail file reader. * Update example paths in "man" pages when installing them * Build fixes for rlm_mschap. Fixes #1489. * BSD build fixes. Patch from issue #1583. * Be more careful about /lib/ when building. Fixes #1585. * Correct ifdef placement error. Fixes #1572. * Allow for more files in internal "exfile" API So it will be possible to open more than 64 "detail" files at the same time. * Remove support for statically built EAP modules. Fixes #1591. * Many fixes to rlm_python from Guillaume Pannatier. * Use correct week adjustment in SQLcounter. Fixes #1608 * Minor fixes to allow compilation without DHCP, VMPS, or TCP. * Fix checks for module / config file change on HUP. * Compile regex comparisons when sent via "debug condition". Fixes #1632. * Update filenames in documentation and examples. Patch from Alan Buxey, #1655. * Don't crash if SQL connection becomes unavailable. Fixes #1640. * Disallow originate_coa when proxy_requests = no Fixes #1684. * Free rad_perlconf_hv in correct perl context. Fixes #1675. * Multiple fixes for Debian builds. #1510, among others. * Set OpenSSL FIPS compatibility flag when necessary. * Pulled fixes for the build system over from other branches. * Fix OCSP for RADIUS over TLS. * Fix skip_if_ocsp_ok behavior. * Better fixes for systems without closefrom() but which have /proc. Fixes #1757. * Minor build fixes back-ported from v4.0.x. * build --whout-ascend-binary. Fixes #1761. * Be more aggressive about not opening new connections in debug mode after CTRL-C. Address #1604. FreeRADIUS 3.0.11 Mon 25 Jan 2016 14:00:00 EST urgency=medium Feature improvements * "unlang" comparisons of IP addresses to IP prefixes are now detected, and types automatically cast. * Allow shorthand form of ipv4prefix values e.g. 127/8. * Add "auto_chain" to raddb/mods-available/eap, tls subsection. This allows the disabling of OpenSSL auto-chaining of certificates. Which might be wrong. * Added printing of coa and disconnect stats (radmin). * radclient defaults to expecting Access-Accept responses to Status-Server. * Updated dictionary.lancom, dictionary.starent. * Portability fixes for Solaris. * More errors from ntlm_auth gets passed to MS-CHAP. * Update abfab-tr-idp virtual server. * Added "filter_password" in policy.d/filter. This removes embedded zero bytes in User-Password, for compatibility with broken clients. * The server now issues a WARNING message if duplicate configuration items are found. * TLS can skip the "verify" section if OCSP returns OK. See raddb/mods-available/eap, "skip_if_ocsp_ok". * Set TLS-OCSP-Cert-Valid = yes / no / skipped, which is the result from the OCSP check. * Interoperate with AD and "LmCompatibiltyLevel = 5", by always setting WBC_MSV1_0_ALLOW_MSVCHAPV2 for native winbind in rlm_mschap. * TTLS and PEAP now require "virtual_server" to be a real server. * Print WARNING when TTLS or PEAP identities are spoofed or not properly anonymized. See RFC 7542 for requirements. * Various rlm_python fixes from Herwin Weststrate. * Allow setting Response-Packet-Type in "Post-Proxy-Type Fail", which is useful when the home server does not respond. * elasticsearch updates from Matthew Newton Bug fixes * Fix issue where field nas_type would not be accessible via the %{client:} xlat, for clients loaded from SQL. * Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types. * Data type "ipv4prefix" is parsed correctly. * Use correct talloc context in rlm_exec. Fixes #1338. * Complain in unlang if "else" is used with no previous "if" or "elsif". * Send accounting status packets to the accounting port. Fixes #1364. * Print out CFLAGS when doing "radiusd -Xxv" * Fixed bug with coa/acct stats value #1339. Based on patch from Jorge Pereira. * Fixes for LEAP proxying. Don't use LEAP! * Fix issue with "directory already exists" seen when doing "make install". * Fixed bug with radmin related to the option "stats detail " * Complain if the detail file reader does not have permission to read the "detail.work" file. Fixes #1398 * Fixed SoH. Attributes were not being copied to the virtual server. * Used a wrong list to global statistics in "stats". * Create EAP-PWD identity correctly. Prevents segfaults. * Dynamically validate authentication types for PEAP and EAP-MSCHAPv2. * Fix includes in installed headers. * OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys correctly. See raddb/mods-available/eap, "disable_tlsv1_2" * Allow password change to work for MS-CHAP. This requires 'r=0', because password changes are not retries. * Fix home server fail-over for home servers using TCP and/or RadSec. * Special characters in expanded regexes are now escaped e.g. User-Name containing '.', and comparing /%{User-Name}/, the '.' will now be escaped. See src/tests/keywords/regex-escape. * Use correct authentication vector when sending Access-Reject replies for RadSec. * Set FreeRADIUS-Proxied-To in TTLS again. You should use the "inner-tunnel" virtual server, instead of relying on this attribute. * Fix debugging constants in rlm_perl. Patch from Herwin Weststrate. * Add samba-dev / samba4-dev to debian builds so that rlm_mschap can automatically use the new winbind API. * Automatically skip zero-length attributes when sending packets, instead of erroring out. FreeRADIUS 3.0.10 Mon 05 Oct 2015 15:00:00 EDT urgency=medium Feature improvements * Do more optimization of unlang policies. This makes run-time a bit faster. * Re-name most of the functions in src/lib. Third-party module authors will have to do the same. * More documentation on contributing and how to write modules. * Update radiusd.service for systemd. * Open IPv6 proxy socket if the server is listening on IPV6 auth / acct / coa packets. * Create debian packages for DHCP. Fixes #1125. * Add more tests for "update" section parsing. * Update "man" pages. * Update attributes for Alcatel 7750 * Add dictionary for Boingo Wi-Fi * Add support for DHCP lease queries. See raddb/sites-available/dhcp * On HUP, check all modules for config files which have changed. And only re-load those modules. * Allow FreeRADIUS-Response-Delay(-USec) to be set for RADIUS packets. Patch from Herwin Weststrate. * Documentation fixes from Alan Buxey and Matthew Newton. * Update "logrotate" script. * Added more RFCs to doc/rfc for new standards implemented by FreeRADIUS. * Don't crash when doing "radmin -e "help hup". Patch from Matthew Newton. * The dictionary parser now does more sanity checks, which prevents run-time problems with invalid attributes. * Update debian packages. Patches from Christopher Hoskin. * Many other debian packaging fixes from Matthew Netwon and Herwin Weststrate. * Add "session-state" to Perl. Patch from Herwin Weststrate. Bug fixes * Fix rlm_files so that there are no collisions when loading 10's of 1000's of users. * Fix radclient to use our internal v4/v6 parsing functions. v6 addresses with ports now work correctly. * Fix sending/receiving packet messages to wrap v6 addresses in square brackets '[]'. * Check for sasl/sasl.h when building rlm_ldap, and disable SASL functionality if unavailable. * Fix issue which caused a non \0 terminated buffer to be assigned to attributes if the value being assigned contained an invalid escape sequence. * Fix deadlock when reconnecting connections in the connection pool. * Fix potential overrun in functions that used fr_utf8_char with a non nul terminated buffer. * Fix decoding issue for Tunnel-Password type attributes which were very long. Found by Denis Andzakovic. * Fix radclient issue with TCP sockets on FreeBSD. * The server now creates ${run_dir} and ${logdir} directories in daemon mode, when running as "root". * Handle tags when using maps. Fixes #1191. * Fix crash when CoA packets time out. * Fix parse error in rediswho * Fix regex support in SQL radcheck the "users" file and radsniff. * Register listen xlat earlier, so that it's available when the virtual servers are being parsed. * Parse Ascend-Data-Filter when given as "0x..." * Print Ascend-Data-Filter correctly. Add test cases for both. * Allow old-style clients again. They will be disallowed for 3.1.0 and following. * Complain instead of crash when "else" and "elsif" are in the wrong place. * Clean up memory more aggressively. This lowers the maximum memory used, most typically for TLS based EAP methods. * Prevent the server from unlinking the control socket of an already running instance. * Fallback to using the configured OCSP URL if one exists, and no URL is provided in the certificate. * Return CoA-NAK if proxying CoA fails. Based on patch from Jorge Pereira. * Lower peak memory usage by decreasing size of internal memory pools. * The control socket is now left in place if a second copy of the server is accidentally started. * Allow virtual attributes in "switch", "case", etc. Fixes #1240 and #1265. * Many spell check / typo fixes in comments and example configuration files. * Better handle multiple DHCP listeners. * Don't print secrets for old-style realms. Fixes #1267. * Don't fall through in empty "case" statements. Fixes #1274. * Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2. * Always delete MS-MPPE-* from the TTLS inner tunnel. This allows TTLS / EAP-MSCHAPv2 to work. Fixes #1206. * Fix off by one error that caused some MSCHAP-Error messages to be sent without the password change version (V=3) and the textual message component (M=). * Always include C= V= and M= in MSCHAPv2 errors. RFC 2759 does not say that any of these fields are optional, and not including V= caused errors with wpa_supplicant. * Do not include M= in MSCHAPv1 errors. It's not supported. FreeRADIUS 3.0.9 Wed 08 Jul 2015 12:00:00 EDT urgency=medium Feature improvements * Make "pool" configurations more consistent, and update documentation for them. * Move connection pool logic to "most recently started", instead of MRU. This should help with pool stability. * More VSAs for 3GPP2 * Added examples of multi-value attributes to rlm_perl. * LDAP-Group and SQL-Group attributes are now dynamically allocated. * Only the "sql" module registers SQL-Group. Other instances register "instance-name-SQL-Group", similarly to "ldap". * Unknown attributes are now complained about more often when used in unlang statements. e.g. if (Foo-Bar == 3) used to be a string to string comparison. It is now a parse error. * Rename RLM_COMPONENT_* to MOD_* in the code. This makes many things easier. * Move to C99 initializers for modules. * Load modules in raddb/mods-enabled. This allows attributes like "LDAP-Group" to be used in the "files" module, without explicit ordering or listing in "instantiate". * Added 'bootstrap' section to modules. Third-party modules will need to be updated. * When adding clients from a DB, add them to a virtual server if that virtual server has a "listen" section. Otherwise, add the clients to the global list. * When reading dynamic clients from a file, don't expire them if the underlying file is unchanged. * Allow the server to originate CoA requests from the post-auth stage. * The server creates ${run_dir} and ${logdir} in daemon mode, if they do not already exist. * Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server now supports all mandatory and optional attributes for this specification. * HUP now re-loads the configuration only if the files have changed. If all files are unchanged, HUP re-opens the log file, and does nothing else. * Much better debug messages for EAP-TLS, including which attributes are cached, and when they are retrieved. * Increase default max_requests to 16384. Memory is cheap now. * Added "stats memory" commands to radmin. Debug build only. * Aptilo controller dictionary updates. * SQL modules now use Acct-Unique-Session-Id everywhere. * The redis modules are now stable. * The LDAP module now supports SASL "interactive bind" method. This allows Kerberos based administrator and user binds. * DHCP code is now in libfreeradius-dhcp. * More DHCP encoding / decoding unit tests. * rlm_replicate can now be listed in the "accounting" section. * Better sqlite debugging output. * Remove "required" option from many sql_ippool directives. * Set default CA "basic constraints" to "critical". Fixes #1073 * Updates to help / man pages from Jorge Pereira. * Added more tests. Bug fixes * Be more careful about unused config item warnings when using -Xx. * Move more defines to be auto-generated. * Allow virtual servers in proxy fallback. * Allow %{module:} to work. * Don't crash in RadSec. Closes #980. * Return better errors when a unix group / user is not found. * Re-enable detail module "locking" parameter. * Don't crash when logging replies from Status-Server packets. * The couchbase module now uses "update" instead of "map", for consistent with the rest of the server. See raddb/mods-available/couchbase * Don't require NT-Password for MS-CHAP password changes. * Be a bit more careful about decrypting MS-CHAP-MPPE-Key attributes. Closes #1013. There is no perfect fix, tho. * Fix security issues with EAP-PWD. See http://freeradius.org/security.html#eap-pwd-2015 * Fix dynamic clients read from SQL in non-debug mode * MS-CHAP now allows retries (i.e. password change) when passwords are expired. * Allow "user=radiusd" when the server is already user "radiusd" * suid up/down works on non-Linux systems. This means that the control socket should have the correct ownership. * Fix issue which caused the server to sometimes have problems when a home server was marked zombie. * Fix format.pl because Perl is now more picky. * Fix proxy to Packet-Dst-IP-Address, so that it uses the correct destination port. * Fix corner case with cursor functions and removal. * OpenDirectory fixes and documentation. * Fix leaks in rlm_redis. * RFC 6929 "evs" attributes are now encoded / decoded properly. * Fix talloc pool leaks when receiving malformed or retransmitted Accounting/CoA requests. * Printed attributes again use double quotes instead of single quotes. * Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl" to eap.conf. Fixes oCert CVE-2015-4680. * rlm_expr now errors out correctly on malformed attribute references instead of triggering an assert. * Make "break" work in "foreach" loops * Allow dynamic expansions to work again in the "hints" file. * Correct minor typos in comments and examples from Alan Buxy. * Re-urlencode the path portion of ldapi:// urls before passing it to ldap_initialise. FreeRADIUS 3.0.8 Wed 22 Apr 2015 13:30:00 EDT urgency=medium Feature improvements * Allow syslog_severity to be set in rlm_linelog. * Allow defaults to be set for bulk clients in LDAP and couchbase. * Updates to dhcpclient. Patches from Nicolas C. * rlm_mschap now supports direct connections to winbind, which is faster than ntlm_auth. See raddb/mods-available/mschap. Patch from Matthew Newton. * Recommend /dev/urandom for TLS randomness, instead of ${certdir}/random * Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}. * Allow Expanded EAP types where vendor is 0 (IETF) and type is normal EAP type. Supplicants sending Expanded EAP types like this are broken. * Add support for server side sort controls when searching for user objects in rlm_ldap. Bug fixes * Don't complain about "authorize" in "server {}" blocks, but only if there's no "server" block. * Fix cosmetic issue where debug from the first packet read by a detail reader thread would be emited during config parsing. * Fix ASSERT on truncated detail packets. * Don't use main server log functions from within panic_action, as in the case of syslog this would cause deadlocks if the fault was triggered from within a malloc. * Fix issue in "switch" when "correct_escapes = false". Fixes #911. * Fix sqlcounter configuration to use "%%b" instead of "%b", otherwise the new syntax validation will fail. * Allow forward references in configuration items. Modules aren't always loaded in a sane order. * Fix more escaping issues. Closes #912. * Decode MAC addresses correctly for VMPS. * Fix memory leak with TLS connections. * Fix state machine threading issues for conflicting packets. * Fix copy_request_to_tunnel issues for tagged attributes. * Allow "ok" to over-ride "updated" inside of Auth-Type sections. * Update state machine so that post-proxy is run though child threads for performance, instead of blocking the main thread. * Allow "netmask" to work again in client definitions. * Relax restrictions on SQL group queries. * track outgoing proxy sockets and clean them up more aggressively. * track proxy statistics, including CoA and Disconnect. * If radmin has a connection failure when running a command, it re-connects and runs the command again. * mark home servers "unknown" less aggressively. * Fix potential SEGV in PostgreSQL driver on error. * Fix issue where fields like nas_type would not be accessible via the %{client:} xlat, for dynamic clients. * Set default busy_timeout (of 200ms) in the sqlite driver, so writes don't cause selects to fail in multithreaded mode. This is user configurable, and may be increased if required. * Convert Password-With-Header attributes to binary (from hex or base64), in the authorize method of rlm_pap. * Fix invalid assert in state.c, that could cause abort in post-auth. * Fix double free when -m flag is used, and connection pools are referenced by multiple modules. * RADIUS over TLS accounting uses the same port as authentication. * Regularized return codes from radmin commands. * Fix RHEL spec file so it works correctly for Centos7 which uses systemd, and didn't like the SystemV init script. * radwho and radlast now have a -D option to load dictionaries * DHCP packets are no longer checked for duplicates. * Don't crash in sql module group comparisons in corner case. * Calculate MPPE keys correctly when using TLS 1.2. * Fix load-balance sections. Closes #945 * TLS certificates are available again in the post-auth section. They are not available for session resumption. * radclient encodes CHAP-Password properly when using -c. Closes #955. * Fix issue in rlm_cache_memcached driver that caused variable length values to be truncated. * Fix track functionality in detail reader, so it no longer fails with a "Failed marking detail request as done: Bad file descriptor" error. * Actually add the peer identity (as User-Name) to the inner tunnel in EAP-PWD requests, so it's available for lookups. * Fixes to PostgreSQL queries. Patches from Santiago Gimeno. FreeRADIUS 3.0.7 Thu 19 Feb 2015 12:00:00 EDT urgency=medium Feature improvements * Allow coa home_servers to be derived from client sections if a coa_server section is provided. * Automatically determine the correct port if no port is provided for a home server. * Allow foreach to operate over lists. * Add compile time features to ${feature.*} and versions of core libraries to ${version.*}. Feature and version names match output of radiud -xv. %v is now deprecated. * Add support for PATCH method in rlm_rest. * Validate more module xlats on startup, and warn if an xlat expansion is found in a double quoted config item which will not be expanded. * Add support for sub-second timeouts in rlm_rest. * Add support for connection timeouts in rlm_rest. * Add %{jsonquote:} xlat to escape strings for insertion into json documents. * Add %{ldapquote:} xlat to escape strings for insertion into ldap DNs. * Add %{explode:&ref }, splits value of &ref on and creates new &ref type attributes with the fragments. * Allow rlm_ldap to use attribute references for base_dn and filter config items. The attribute references are not escaped, allowing DNs and filters to be created dynamically. * Add %{nexttime:[]h|d|w|y} to calculate the number of seconds before the next hour(s), day(s), week(s), or year(s). * Allow the left side of update sections to be xlat expansions. The result of the expansion is then used to reference the attribute to be modified. * Added %{lpad:&Attribute-Name 7 x} and rpad. These produce fixed-width output strings, with padding to the left (lpad) or the right (rpad). * For some SQL drivers (MySQL, sqlite) distinguish between constraints violations (on insert), invalid queries, and server errors, and return noop, invalid, and error respectively. * Call SHOW WARNINGS in the MySQL driver and write them to the request log, if libmysqlclient indicates warnings are available on the server. * Forbid the creation of Vendor-Specific for non-standard VSAs. Use Attr-26 = 0x... instead. * Make dhcpclient work with raw sockets and various other improvements - Contributed by nchaigne * Add support for SSHA2 - Contributed by PDD. * Add perle dictionary - Contributed by Hachmer * Modernise init scripts for RHEL, SUSE and Debian. * radmin now tracks the return code of commands, and exits with status "1" if any command failed to execute. * radmin now sends error messages from the server to stderr, instead of to stdout. * radmin now looks for sockets matching it's UID and GID, rather than just always using the first one it finds. * radmin can how delete clients which are tied to a listener. * Moved RADIUS attribute definitions to src/include/rfc*.h * Move to talloc pools for requests. For in-memory tests (default config, 'users' file), performance increases by 30%. * In rlm_ldap allow sasl_mech to be specified for admin and user binds. Only non-interactive mechs (like EXTERNAL) are currently supported. * Remove support for ephemeral RSA keys. They were "export only", and should not be used by anyone. * Syntax errors in the "users" file now produce better error messages. Bug fixes * Fix issues parsing LDAP hostnames with non-standard ports. * Fix issues with realms containing regular expressions. * Allow unary negation before parantheses in rlm_expr. * Fix infinite loop in kevent event loop code. Issue only presented on FreeBSD. * Be more careful to define Auth-Types before loading modules. * Link libfreeradius-radius against OpenSSL too, to avoid multi-version symbols in SSL libraries. * When rlm_ldap rebinds a connection, it should use bind credentials from the module that created the connection pool, not credentials from the module referencing it. * Empty server config pairs should be allowed in rlm_ldap instances that reference another module's connection pool. * Mark rlm_always as huppable, so its rcode can be changed via radmin (allows policy toggles). * Emit warnings when ignoring user configured pool values. * Fix issue that would cause radclient to complain intermittently about differing numbers of filters and requests. * Fix cosmetic issues in connection pool logging, that made it appear as if the same connection was being opened multiple times. * Fix threadsafety issues in SQL drivers, where a static buffer was used to store error messages. * Log RERROR, RWARN, RINFO to the global log if request logging is not enabled. * Link to libldap instead of libldap_r. libldap_r is not supported for use by projects outside of OpenLDAP. * Set connection timeout correctly in rlm_sql_mysql. * Build with older versions of libcurl, and use CFLAGS from curl-config. * Honour Packet-Src-Port and Packet-Src-IP-address in radclient. * Initialise ldapai_info_version field, so libldap will report its vendor and version. * Fix log rotation scripts by using the copyrotate option. * Fix issue that caused opening control sockets to always fail on non-Linux systems, if a user or group was set. * Save Session-State after proxying. * Additional fixes for reading CoA/DM requests from detail files. * Create dynamic clients if the dynamic clients virtual server returns ok *or* updated. Emit useful messages for other codes. * Compile bare "authorize" statements, and issue errors saying using them isn't a good idea. FreeRADIUS 3.0.6 Wed 17 Dec 2014 16:00:00 EDT urgency=medium Feature improvements * radmin / raddebug conditional errors are printed to the output, instead of being discarded. * raddebug will exit if condition set with -c was invalid. * radmin auto-reconnects if the connection to the server has gone away. * rlm_cache now has submodule support. See raddb/mods-available/cache * New memcached driver for rlm_cache. See raddb/mods-available/cache * Add support for &Attribute-Name[*] in conditions. See "man unlang" for details. * Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n]. * Allow for redundant string expansions. See the "instantiate" section of radiusd.conf. * When checking IP addresses in conditions, make the right side be parsed as an IP prefix. * Support JIT compilation of compiled regular expressions when built with libpcre. * Support named capture groups with "%{regex:}" when built with libpcre. * Increase regular expression capture groups from 8 to 32. * Emit error markers for badly formed regular expressions. * Allow 'm' flag to enable multiline mode in regular expressions. * Support limited implicit attribute conversion in update sections. * Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:). Bug fixes * PEAP works again. As does proxying EAP-MSCHAPv2 from inside of a PEAP tunnel. * "group" is allowed inside of "instantiate" sections. * update disconnect {} with disconnect:Packet-Dst-IP-Address now works correctly. * Regular expression comparisons of non string attributes are now disallowed in the files module. Previously they would silently fail or produce undefined behaviour. * Fix parsing of old regular expressions. Closes #842 * Fix off by one error in ascend filters. Closes #843. * Handle NT-Hash in rlm_pap. This allows passwords to have backslashes in them. * Fix infinite loop on "Fall-Through = yes" when processing SQL groups. * Correct the check of SQL query return code. * Run "Post-Auth-Type Reject" if the request was rejected in post-auth * Write "Login OK" only if the post-auth section passed. * Create TLS-Cert-* certificates, even when EAP session caching is disabled. * Finalize the "correct_escapes" with many more tests. * Move to the new OpenLDAP libldap API, fixes more issues with binary values. * Fix potential memory corruption in rlm_ldap if start connections were set to 0, and the server was running in threaded mode. The fix is a workaround for an issue in libldap and was suggested by Howard Chu. * Give parse errors on "%{...", without the closing brace. * Allow spaces in certificate passwords for build rules in raddb/certs// * Make all regular expression evaluation binary safe. Where that's not possible, emit an error if the pattern or subject contains an embedded null byte. * Fix various issues around masking IPv6 addresses. * Give descriptive error if unknown attributes are used in "update" sections. * Deal with cases where ldap_initialize isn't available gracefully, and use it exclusively when it's available. FreeRADIUS 3.0.5 Fri 21 Nov 2014 15:30:00 EDT urgency=medium Feature improvements * Large update to Huawei dictionary. * Added dictionary.rfc7155 * Regular expressions like /%{User-Name}/ are now parsed and validated when the server starts. * All configuration items which are dynamically expanded are now parsed and validated when the server starts. * %{expr:...} expressions can now do bit shifting and more. See raddb/mods-available/expr. * The detail file reader can now track packets which have had replies, so they are never re-transmitted. See raddb/sites-available/buffered-sql, the "track" config item. * CoA and Disconnect packets can now be sent to a specific home server by setting control:Packet-Dst-IP-Address and (optionally) control:Packet-Dst-Port. * Allow CoA and Disconnect packets to be read from the detail file. * Allow LDAP to specify arbitrary attributes for dynamic clients. * Convert all unused attributes in the control: list to config pairs in dynamic clients. This allows arbitrary client attributes to be set for dynamic clients too. * rlm_couchbase now supports bulk loading of clients on startup in a similar way to rlm_ldap. Contributed by Aaron Hurt. * Allow one level of backslashes (finally). See radiusd.conf, "correct_escapes" setting. * Rename dictionary.redback to dictionary.ericsson.ab * Add --disable-openssl-version-check option to configure. So vendors can disable the check. Patch from Nikolai Kondrashov. * Do context-specific indenting in debug messages. This makes the debug output easier to read. * Make configuration a separate RPM, just like for Debian. * better decoding of unknown VSAs * When supported by OpenSSL, allow TLS 1.1 and TLS 1.2 in EAP methods. * Allow multiple new connections to be spawned simultaneously in the connection pool, to cope with spikes in traffic. * Document retry_delay in connection pools. * Allow checksimul in rlm_couchbase. * Use kqueue on systems which support it. This allows for better scaling when using many sockets. Bug fixes * Parse list qualifiers in generic LDAP 'valuepair_attribute' attributes correctly. * Fix issue where prefix length would be ignored for dynamic or static clients if the address matched INADDR_ANY (0.0.0.0). * Allow null user object filter in rlm_ldap, it's valid to specify a complete object DN and use the base scope. * Don't SEGV if a received attribute value in a JSON structure is null, or a value can't be stringified. * Don't assert if the server returns a JSON content-type and the server hasn't been built with support for JSON. Closes #808. * Set CURLOPT_NOSIGNAL to prevent curl from handling signals and causing a longjmp error when the server was running with threads. * Allow tabs after attribute names in the "users" file. Closes #796. * Free unknown DICT_ATTRs. Closes #795 * Handle unknown attributes in the conditions and "update" sections. e.g. Attr-1.2.3.4 = foo. * Use correct array size for MS-CHAP new password. * In rlm_rest, check for older versions of libraries at start time, rather than when a packet comes in. * Don't call detach on parse error in rlm_perl. Closes #802. * Integer fixes for big-endian systems. Closes #803. * Don't optimize %{Packet-Src-IP-Address}. Closes #804. * dhcpclient loads dictionaries correclty. Closes #805. * double quotes are no longer escaped in single-quoted strings. e.g. 'foo "hello" bar'. * Fixes for proxying to virtual servers broke the detail file reader. Now they both work. * Typos and fixes from Nikolai Kondrashov. * Fixes to OpenSSL version checks, for cross-platform issues. * cppcheck fixes from Herwin Weststrate. * Fix build for OSX Yosemite * Merge DHCP sub-options. Closes #812. * Fix decoding of Starent attributes. * When a module asks for a connection, don't return idle connections. * LDAP connection timeouts will now retry, instead of failing. * Prevent race conditions between fork and wait for child. Patch from James Rouzier. * Fix triggers for connection pools. Patches from Nikolai Kondrashov. * Fix SEGV when comparing non string type check items. * Build with newer versions of libmysqlclient. * make the %{escape:} and %{unescape:} xlat functions UTF8 safe. * Don't escape UTF8 chars in SQL query strings. * Fix issue in cached LDAP group comparisons, which caused checks to sometimes fail. * Fix use after free issue in unlang switch evaluation. * Respect operators in rlm_cache when merging into the current request. * Update Cache-Entry-Hits each time rlm_cache is called. * Produce WARN messages if SQL queries are empty strings. * Fix invalid assertion when proxying CoA requests. * Allow empty strings in "case" statements. Closes #836. * Normalize escaping for string expansions. i.e. don't do double escaping in rare situations. * Normalize LDAP escaping. LDAP servers have multiple ways to escape things, so the data has to be normalized before we can compare two LDAP DNs. * Don't go to high debug level if we're proxying inner EAP as EAP. Closes #839. * Fix rlm_rest state handling. Closes #835. FreeRADIUS 3.0.4 Wed 10 Sep 2014 12:00:00 EDT urgency=medium Feature improvements * Home server "response_window" can now take fractions of a second. See proxy.conf. * radmin now supports "show module status", as thee counterpart to "set module status" * Added dictionary ericsson.packet.ccore.networks, bluecoat, citrix, compatible, riverbed, ruckus, and RFC 7268. * Add %{tag:} expansion to get the tag value of an attribute. * Report 'application_name' in connections to PostgreSQL servers. FreeRADIUS connections will now appear as 'FreeRADIUS - ' in pg_stat_activity. * All config item fields are now type checked at compile time to prevent issues similar to #634 occuring again. * Modify pairparsevalue to deal with embedded NULLs better, and use the binary versions of attribute values in rlm_ldap. * "ipaddr" will now use v6 if no v4 address is present. You should use "ipv4addr" or "ipv6addr" to force v4/v6 addresses. * The above applies to "listen", "home_server", and "client" sections. * "client" sections will allow "ipaddr = 192.192.0/24". The old "netmask" is still accepted, but the new format is preferred. * Allow custom HTTP headers to be set for rlm_rest requests using control:REST-HTTP-Header (attributes consumed after use). * Extend format of %{rest:} expansion to allow HTTP method and POST data to be specified e.g. %{rest:POST http://example.org/api foo=bar&baz=boink}. * Add %{hmacsha1:&data &key} and %{hmacmd5:&data &key} expansions for signing data in requests. * rlm_cache now consumes its control attributes to make runtime configuration easier. * Add control:Cache-Read-Only which when set to 'yes' will make the cache module merge existing cache data, but not create new entries. * Add %{unescape:} and %{urlunquote:} expansions to reverse escaping and urlquoting. * Add support for aliases in rlm_ldap. * Add support for connection pool sharing to all modules that use the connection pool (pool = ). * "tls" sections now have a "psk_query" configuration item, for dynamic queries to discover a key from a PSK identity. * Preliminary support for EAP channel bindings. * Foundational work for dynamic home servers. They do not yet work, but this is now only a matter of updating the "realm" module in a future release. * Support &attr[*] syntax to copy all instances of an attribute when used with the += operator in an update section. May be qualified with a tag. * The logintime and expiration modules can now be listed in the post-auth section. This makes some configurations simpler. * Allow comparison of integer attributes of different sizes, without requiring a cast. * rlm_sqlippool is now IPV6 capable. Set "ipv6 = yes" to get Framed-IPv6-Prefix returned. The SQL queries have NOT been updated. Please submit patches. * The debian build now checks for the OpenSSL package with the heartbleed fix, and if found, sets: allow_vulnerable_openssl = 'CVE-2014-0160' * allow bootstrap from multiple files in sqlite driver. Bug fixes * make case-insensitive regular expressions work again, and add tests for them. * A few more talloc parenting issues * Fix delayed proxy reply handling. Closes #637 * Fix OpenSSL initialization order when using RADIUS/TLS. Fixes #646 * Don't double-quote strings in debugging messages * Fix foreach / break. Fixes #639 * Chargeable-User-Identifier, ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id should be "octets" types in the default dictionary. * Fix typo in mainconfig. Fixes #634 * More rlm_perl fixes. Fixes #635 * Free OpenSSL memory on clean exit. * Fix [0] !* ANY - Was removing all instances of * Fix case where multiple attributes were returned from RHS of mapping, as with rlm_ldap. Fixes #652 * Fix corner case in cursor where using fr_cursor_next_by_da after calling fr_cursor_remove may of resulted in a read of uninitialised memory. * Don't SEGV if all connections to a database server go away. Fixes #651. * Fix issue where -= was not removing tagged instances of equal to (only untagged). * Fix issue where tag values were not being set on attributes created with unlang/ldap update blocks. * Create rlm_sqlcounter attributes as integer64 types instead of integer types, so large counter values can be specified. * Fix issue where specifying a dynamic client IP addresss using FreeRADIUS-Client-IPv6-Prefix or FreeRADIUS-Client-IP-Prefix may have caused a validation error. * Don't print two "&" for messages about attribute or list references in debug output. * Fix urlquote and escape to encode Unicode characters correctly. * Fix redundant-load-balance blocks to try other modules in the group if one fails. * Fix issue with rlm_pap password normalisation where 'known good' password strings stored in octets type attributes, would be sometimes misnormalised as base64. * Don't stop processing DHCP options if we find a 0x00 padding option. * Fix issue where modifying the value of an attribute created from a template with a literal value, may have resulted in the template literal being freed. * Fix parenting issues in tls code which may have resulted in memory corruption and crashes. * Fix issue in radsniff where writing to PCAP files and using -R response filters, where the requests would still be written to the PCAP for non matching responses. * Define __APPLE_USE_RFC_2292 so that the server builds with IPv6 support on OSX. * Fix LDAP group lookups for named rlm_ldap instances. Note that attribute references should be used when checking LDAP-Group attributes. e.g. if (&LDAP-Group == 'foo'). * Delayed attribute references can now be used in unlang existence checks. i.e. if (&Attribute-Name) { ... } * Fix issues in EAP-PWD. CVE-2014-4731, CVE-2014-4732, and CVE-2014-4733. There is no external authentication bypass. * Fix a number of uses of the talloc parent/child reference. * Release connection used for reading bulk clients in rlm_ldap. * rlm_rest is now fail-safe if it's used without any configuration * Pull in build fixes for FreeBSD from ports. * Fix error in sqlite postauth query * Evaluate argument to "switch" statements once, instead of for each "case" statement. * Define sig_t on systems without it. Closes #765. * Fix boundary issue with rlm_rest. Closes #768 * Optimize "%{Attribute-Name}" in comparisons only if the dictionary types match. * Don't do chmod() in rad_mkdir() if the directory already exists. We might not have permission to change it. * Use getpwnam_r() and getgrnam_r() on systems which support it. Closes #775. * Clients loaded from SQL are now tied to the "listen" section of a virtual server, instead of being global. * Check for -lpcre. The system might have pcre.h without -lpcre. * When proxying to a virtual server, use the proxy_reply instead of ignoring it. * Fixed typos in DHCP SQL IPPool. * Fix crash when passing multiple arguments to Perl xlat. FreeRADIUS 3.0.3 Mon 12 May 2014 15:30:00 EDT urgency=medium Feature improvements * Everything now builds with no warnings from the C compiler, clang static analyzer, or cppcheck. * rlm_ldap now supports defining the LDAP attribute name via backticked expansion (i.e. shell command) in RADIUS <-> LDAP mappings. * rlm_ldap now supports older style generic attributes. * dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed. * Static regular expressions (e.g. /a*b/) are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed. * dynamic expansions are cached after being parsed. They are no longer re-parsed at run-time for every request. * regular expressions are now parsed and cached when the server starts. * Added the %{rest:} expansion to rlm_rest, which will send a GET request to the URL passed as the format string. Any body text will be written to the expansion buffer. * rlm_rest now available as a debian package. * When an 'if' condition statically evaluates to true/false, unlang does more static optimization. For examples, see src/tests/keywords/if-skip * All modules are marked as safe for '-C', which lets the dynamic expansion checks work in more situations. * Added 'none' and 'custom' rlm_rest body types. 'custom' allows sending of arbitrary expanded text and content-type headers. * Added "config" section to Perl. See mods-available/perl * Added '%v' which expands to the server version - Patch from Alan Buxey. * more mis-matched casts are caught in "if" conditions, and descriptive errors are printed. * Support basic response validation in radclient. This allows administrators to write local test cases for their site-specific configurations. * Removed radconf2xml and radmin "show client config" and "show home_server config". * Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf" * Catch underlying "heartbleed" problem, so that nothing bad happens even when using a vulnerable version of OpenSSL. * Add locking API for sql_null, linelog, and detail modules, which should improve performance and work around issues on platforms with bad file locking. * Allow DHCP NAKs to be delayed, via setting reply:FreeRADIUS-Response-Delay = 1 * Allow tag and array references anywhere attributes are allowed in "unlang". * many enhancements to radsniff, including output to collectd, ipv6 support and packet loss statistics. * Many dictionary updates (ZTE, Brocade, Motorola). * rlm_yubikey now automatically splits passwords from OTP strings. * The detail file reader is now threaded by default. This should improve performance reading the files. Bug fixes * Fix xlat expression %{attribute[n]} so that it actually returns the n'th attribute instead of the first one. * Don't parse string on RHS of update {} when using unary operators (!*). The RHS should always be ignored. * Check for more optional functions in json-c so we can Build with libjson0, which is the name of the json-c package on debian/ubuntu. * Fix issue in radmin where the main dictionaries would not be loaded which, depending on the configuration, may have caused validation errors. * Fix handling of "%{reply:3GPP-*}" * Fix rlm_perl garbage attributes * Fix oracle SQL queries, which amongst other things still used the old expansion format, which is no longer supported/parsed. * Truncate long format strings and error markers instead of omitting them. * Fix multiple attribute parsing in rlm_rest JSON. * Don't crash in rlm_rest if connect_uri is commented out in the configuration. * Don't double-escape strings to / from Perl. You may need to double-check your Perl scripts if they use "\" characters. See mods-available/perl for documentation. * Don't re-run "authorize" if a home server fails to respond. * Don't append "0x" to hex output of octets types, for xlat expansions. This is the same as v2, and makes it easier to concatenate multiple attributes of type "octets" * FreeBSD fixes for execinfo linking. * Make some of the module configurations more consistent. * Fix corner cases where STDOUT wouldn't be closed in daemon mode. * Re-enable "update coa" and originating CoA requests. * Prevent multiple threads writing to the sql query logs. * Fix zombie period calculation. Closes #579 * Properly parent VPs for talloc, when moving them in map2request. * Various fixes for talloc parent / child relationships * Allow rlm_counter to support VSAs. * Normalize return codes for many modules. "do nothing" is noop, not "ok". * Run Post-Proxy-Type Fail. Closes #576 * Fix DHCP destination port for replies to relays. Closes #591 * Do-Not-Respond policy works again Closes #593 * Proxy-To-Virtual-Server works again. Closes #596 * Build fixes for ancient systems. Closes #607, #608, #609. * %{Module-Return-Code} works again. Closes #610. * Don't increment statistics for Status-Server responses. Closes #612. * A duplicate request isn't a duplicate if the original one is marked "done". This should lower retransmissions from clients. * Fix multiple regular expression and glob memory leaks. * Don't allocate any memory in fr_fault() as it can cause malloc to deadlock. * Temporarily set dumpable flag before calling system in fr_fault() else the debugger may not be able to attach. * Set nonblock on all TCP client sockets. * Fix minor buffer overrun in mschapv2 where some attribute strings were not correctly \0 terminated. * Fix crash on authentication failure with MIT kerberos. * Fix code so that octal escape sequences aren't prematurely unescaped in rlm_sql, radclient, preprocess, and other places. This may require configuration changes, as these sequences will no longer need double escaping (\\) of the backslash. * The connection pools no longer have one connection used twice in certain rare conditions. * Use self pipes for internal signals. The code was there, but was unused. * Don't crash if there are outstanding EAP sessions and were told to exit gracefully. * Fix typo in dictionary.rfc4072 FreeRADIUS 3.0.2 Fri 21 Mar 2014 08:30:00 EDT urgency=medium Feature improvements * secret keys and LDAP / SQL passwords are now printed as '<<< secret >>>' in debugging mode. Use -Xx to see the actual passwords. * Print out more information about passwords in -Xx, including hashes, comparisons, etc. * Allow cast (and implicit conversion) of integers to IPv4 addresses * More xlats allow attribute references. This means they can operate on binary data. e.g. expr, base64, md5, sha1. * Added more tests. * The dictionaries are now auto-loaded. raddb/dictionary should no longer have $INCLUDE ${prefix}/share/dictionary * A "panic_action" can be set to have the server dump a gdb log on SEGV or other fatal error. See radiusd.conf * Add support for SHA-224, SHA-256, SHA-384, SHA-512 to rlm_pap. * Add "%{sha256:}" and "%{sha512:}" xlat functions. * Cache CUI in EAP session resumption. * templates can now have sub-sections, which will be included in the section referencing the template. * Update more dictionaries. * Added more instances of the "always" module, for all return codes. * Suppress broken NASes when proxying. Retransmits which occur more than once per second are rate-limited to once per second. * Allow '&' in more xlat expansions. * Update PostgreSQL schema and queries to record last updated time, and accounting interim. * Optimize more "if" conditions when the server loads. This will avoid work at run time. e.g. ("foo" == "bar") --> FALSE. * Allow removal of all attributes within a list with !* operator. * Allow list to list copies with request qualifiers (outer.). * Add support for ipv4 prefixes and ipv6 addresses and prefixes to %{integer:}. * allow radmin command "set module status " which can be used to forcibly enable/disable modules. * pap module now assumes Cleartext-Password if Password-With-Header doesn't have a {...} header. * Added "unpack" module. It can unpack binary data from horrible VSA formats. See raddb/mods-available/unpack * Added example IP Pool for DHCP, using sqlite. From Matthew Newton See raddb/mods-config/sql/ippool-dhcp/ Bug fixes * Fix SQL groups. * Fix operation of fr_strerror() with RE*() macros. * Don't assert if the connection we're trying to reconnect is not in_use. * Fix %{mschap:User-Name} xlat. * Allow comparisons of signed integers and of ethernet addresses. * Fix parsing of text-based ascend binary filters. * Fix a few minor Coverity and clang analyzer issues. * Log WARNING and ERROR prefixes only once, not twice. * Fix attribute truncation seen in Perl and other places. * Use correct port when DHCP relaying. * Fix behaviour on FreeBSD where sending packets from an interface bound to an IP address would fail when the server was built with udpfromto. * Don't abort() when freeing home servers on exit. * Fix edge case in pairmove() when some attributes could be over- written. * Do checks for individual sqlite v2 functions so rlm_sqlite builds correctly with more versions of the library. * In heimdal kerberos, create MEMORY ccaches on a per context basis. This prevents issues with the root ccache being used. * Fix corner case with proxying, where home server goes down. * Rate-limit "max_requests" complaint. We don't want to fill the logs when something goes wrong. * Use /dev/urandom for raddb/certs/random, if it exists. * Issue WARNING that old-style clients should no longer be used. * Auto-set secret to "radsec" for tcp+tls home servers. * Fix double free in home_server_add when there is a parse error on startup. * rlm_unix checks if the dictionaries are broken, instead of crashing * Fix potential memory corruption when normalising salted password hashes from hex, where the combined hash and salt was > 64 bytes. * Register sqlcounter attributes correctly, and other issues with it * treat 127.0.0.1/32 as being identical to 127.0.0.1 * Don't mangle error output of SQL drivers like PostgreSQL * Fix usage of "tls = ${tls}". It could previously cause problems when the reference was used multiple times. * Fix TLS session leak for incoming sockets. * Try harder to clean up memory on exit when using "-mM" * Fix memory leak when home server is down for RadSec connections * rate-limit outgoing connection attempts when the home server is down. It will retry no more than once per second. * When parsing ipv6 address prefixes, always mask off the host portion. * Fix rlm_counter so that it does not create two reply attributes. * Fix issues with DHCP Sub-TLVs where the value of the first Sub-TLV would appear corrupted, and subsequent TLVs would not appear in debug output. * Initialize scope in IP address parsing * Prevent vendor attributes and RFC space attributes from clashing in rlm_attr_filter. * Set source IP address for DHCP packets from DHCP-Server-IP-Address, or DHCP-DHCP-Server-Identifier, if we're unable to otherwise determine the source IP. * Fix POST attribute parsing in rlm_rest. * Fix JSON attribute parsing in rlm_rest. * Don't append trailing & to POST options in rlm_rest (minor). * Process HTTP 100 Continue messages correctly in rlm_rest * Fix generation of long > 512 byte POST payloads, where attribute values on the chunk boundary may have been omitted in rlm_rest. * Remove duplicate escape sequence parsing in rlm_sqlippool and rlm_sqlcounter which caused issues with escaping %. Escape sequence parsing is now handled purely by the xlat functions. * Ensure %% is treated as a string literal, and so not passed to any xlat escape functions for processing. * Correct calculation of Message-Authenticator for CoA packets. Closes #556 FreeRADIUS 3.0.1 Mon 13 Jan 2014 14:30:00 EDT urgency=medium Feature improvements * Add "timeout" to exec, and "ntlm_auth_timeout" to mschap. So that run-away child processes are caught earlier. * Allow TLS clients to use "proto = tls", in which case TLS is required. The shared secret is then set to "radsec". * More documentation in the tls virtual server. * Add "date" module for date formatting. See raddb/mods-available/date. * Added unit test suite for internal server functionality * When loading "update" sections, check if the RHS is a literal value. If so, syntax check it immediately. * Update LDAP module documentation and functionality. The generic attribute can now update lists. * Updated dictionary.extreme. * Update sqlippool to do clears as a separate transaction, and at most once per second. This should help MySQL. * Respect control:Response-Packet-Type for all types of requests. * Add support for SSL encryption to the MySQL driver. * Allow arbitrary connection parameters to be used with the PostgreSQL driver. * Changes to the OpenLDAP schema to fully expose functionality of the new LDAP module. * Update debian packaging to include a freeradius-config package. This package may be provided as a site local package to avoid fighting with the preinstalled config files. Bug fixes * Use correct field for ARP setting in DHCP. * Fix crash on debug condition (#454). * Fix a number of minor issues caught by the clang analyzer. * Set WARNING messages to yellow instead of normal text. * Correct debug colorise logic. Patch from Phil Mayers. * Encode attributes of type "ethernet". No one uses them, but it makes sense. * Work around regex initialization issues. * Fix build when linking against OpenSSL. * Print IDs as positive numbers, which helps for large DHCP XIDs. * Fix issue with sql_ippool. * sqlcounter now uses 64-bit counters, to deal with 4G overflow. * Fix issues with DHCP subsystem. * Don't build / install disabled modules, or their config files. * Fix build for OSX Mavericks, which hid the header files in a magical place. * Fix LEAP buffer issue. You should still avoid LEAP. * Mark "unknown" WiMAX attributes as being WiMAX. * Fix typo in packet decoder for fragmented extended attrs * RPM spec fixes. * Fix rlm_perl build issues when not using threads. * Enable %{Response-Packet-Type} again. * Update configuration file parser to handle "bool" consistently. * Update declarations of global boolean variables to use "bool" consistently. This fixes an issue where some modules were instantiated in "config check" mode and did not work correctly. * Make more messages debug instead of info, to avoid polluting the logs with messages that can't be fixed. * Set operator in internal unlang code to suppress spurious warning messages. * Fix debian packaging. * Added "status" to Debian init script. * Fix "update outer.request" to update the outer request. * Don't print TLS debugging messages when not in debug mode. * Correctly manage counters for "limit" sections of TCP / TLS "listen" sockets. * Fix libldap debug output. * Fix rlm_ldap tls functionality. * Initialise OpenSSL globals early to avoid issues with the PostgreSQL library. * Fix typo in sqlcounter expansion code. Fixes #463 * Overwrite previous instances of SQL-User-Name when adding it to the request. * Work around bugs in both MIT and heimdal versions of krb5_copy_context(), which caused segfaults in multithreaded mode. * Provide meaningful error messages if Heimdal krb5 is used. * Fix attribute supression in rlm_detail. * Exit with error code if child fails to complete server initialisation after forking. This allows init scripts to correctly report whether the server started ok. FreeRADIUS 3.0.0 Mon 7 Oct 2013 15:48:14 EDT urgency=medium Feature improvements * Documentation for upgrading from 2.x is in raddb/README.rst Please follow it. It will make the upgrade easier. * Moved configuration entries in radiusd.conf to make more sense. * Added the "integer64" and "ipv4prefix" data types. * Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls * Updated internal API to support new attributes and formats * Added code to send SNMP Traps. See raddb/trigger.conf. * Added preliminary support for Apple's Grand Central Dispatch * Added provisions for raddb/dictionary.local, for local changes. See raddb/dictionary for more details. * Added packet/s tracking. See max_pps in the "listen" section. * The %{} expansions and "unlang" conditions are now parsed at server start. Descriptive errors are produced for syntax and format errors. * Casting is now supported for "unlang" comparisons. See "man unlang" e.g. 127.0.0.1 == Framed-IP-Address. * Direct comparison of attribute references is now supported. e.g. &Foo == &Bar. This avoids stringification of the attributes. * Direct assignment of attributes is now supported. e.g. Foo := &Bar. It also works for "octets" data types. * Comparisons of IPv4 and IPv6 prefixes are now supported. The "<" operator means "within the prefix" for comparisons. * New sha1 xlat expansion (thanks to Alan Buxey) * Colourised log messages when logging to stdout. Look for yellow warnings and red errors. Doing this will save you a LOT of grief. * If the PCRE library is available, use it (insted of the POSIX functions) to process regular expressions (thanks to Phil Mayers). * -xv now displays all the features the server was built with, and the versions of the core libraries (libtalloc, libssl). Module Changes * Moved raddb/modules/ to raddb/mods-available/, and raddb/mods-enabled/, following the examples of other projects. * Additional files for each module are now in raddb/mods-config/. See raddb/mods-config/README.rst for documentation. * Moved "users" to raddb/mods-config/files/authorize * Moved "hints" and "huntgroups" to raddb/mods-config/preprocess/ * Moved eap.conf to mods-available/eap * Moved sql.conf to mods-available/sql * Moved TLS configuration for EAP into a common subsection. See raddb/mods-available/eap, "tls-config" section. * Added for MS-CHAP Change Password from Phil Mayers. See raddb/mods-available/mschap, "passchange" subsection. * Added EAP-PWD implementation from Dan Harkins * Added connection pools for modules. This unifies connection management which was previously different for different modules. * SQL now uses the connection pool. See mods-available/sql * SQL now supports arbitrary Acct-Status-Types. These changes are not compatible with 2.x. * SQL now has full support for SQLite. See raddb/sql/main/sqlite/ * SQLite supports auto-creation of new databases on server startup for bootstrapping purposes. * LDAP now uses the connection pool. The LDAP module has been completely re-written for performance and simplicity. * LDAP now caches groups. This makes multiple group checks MUCH faster. * Removed all limitations on 253 octet attributes. RFC 6929 allows for attributes up to 4K in length. * New rlm_idn module providing an expansion for performing IDNA encoding of internationalized domain names. Thanks to 'skids'. * New rlm_yubikey module to validate yubikey OTP tokens. See raddb/modules/yubikey Bug fixes * All known bug fixes from 2.2.x are included. * Removed "addport" functionality. * Removed many unused or duplicate modules. See raddb/README.rst. Internal / API changes: * All traces of the old build system have been removed. The new build system is faster and simpler. * clang is fully supported. * We now use "talloc" for memory management. A number of new features required this change. Thanks to the Samba people! * Many internal APIs have been updated to use talloc. * New API for iterating over VALUE_PAIRs. This is in preparation for attributes, in version 3.1. * No new code should directly modify any field of a VALUE_PAIR. * VALUE_PAIRs contain pointers to DICT_ATTR instead of containing attribute and vendor fields. This will allow nested attributes. * Some protocol specific code has been moved out into proto_* modules. More will come in subsequent versions. See proto_dhcp and proto_vmps. * Standardised internal logging macros. radlog() should not be used. See src/include/log.h * Use OpenSSL hashing functions when available. * The server now builds with no warnings on most platforms. * New RADIUS encoder/decoder, to support new formats. * Added RFC 6929 "extended attributes", via the new encoder/decoder. * Added full WiMAX support, via the new encoder/decoder. The old code could not handle some unusual corner cases. freeradius-server-3.0.16/doc/Makefile.sphinx000066400000000000000000000063451322570622300207650ustar00rootroot00000000000000# Makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = BUILDDIR = _build # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . .PHONY: help clean html dirhtml pickle json htmlhelp qthelp latex changes linkcheck doctest help: @echo "Please use \`make ' where is one of" @echo " html to make standalone HTML files" @echo " dirhtml to make HTML files named index.html in directories" @echo " pdf to make standalone PDF files" @echo " pickle to make pickle files" @echo " json to make JSON files" @echo " htmlhelp to make HTML files and a HTML help project" @echo " qthelp to make HTML files and a qthelp project" @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" @echo " changes to make an overview of all changed/added/deprecated items" @echo " linkcheck to check all external links for integrity" @echo " doctest to run all doctests embedded in the documentation (if enabled)" clean: -rm -rf $(BUILDDIR)/* html: $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." dirhtml: $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." pdf: $(SPHINXBUILD) -b pdf $(ALLSPHINXOPTS) _build/pdf @echo @echo "Build finished. The PDFs are in _build/pdf." pickle: $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle @echo @echo "Build finished; now you can process the pickle files." json: $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json @echo @echo "Build finished; now you can process the JSON files." htmlhelp: $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp @echo @echo "Build finished; now you can run HTML Help Workshop with the" \ ".hhp project file in $(BUILDDIR)/htmlhelp." qthelp: $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp @echo @echo "Build finished; now you can run "qcollectiongenerator" with the" \ ".qhcp project file in $(BUILDDIR)/qthelp, like this:" @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/FreeRADIUS.qhcp" @echo "To view the help file:" @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/FreeRADIUS.qhc" latex: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ "run these through (pdf)latex." changes: $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes @echo @echo "The overview file is in $(BUILDDIR)/changes." linkcheck: $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck @echo @echo "Link check complete; look for any errors in the above output " \ "or in $(BUILDDIR)/linkcheck/output.txt." doctest: $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest @echo "Testing of doctests in the sources finished, look at the " \ "results in $(BUILDDIR)/doctest/output.txt." freeradius-server-3.0.16/doc/README000066400000000000000000000220261322570622300166670ustar00rootroot000000000000001. INTRO All code in this server was written for this project. The server is mostly compatible with Livingston radiusd-2.01 (no menus or s/key support though) but with more features, such as: o Can limit the maximum number of simultaneous logins on a per-user basis! o Multiple DEFAULT entries, that can optionally fall-through. o In fact, every entry can fall-through o Deny/permit access based on huntgroup users dials into o Set certain parameters (such as static IP address) based on huntgroup o Extra "hints" file that can select SLIP/PPP/rlogin based on username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc). o Can execute an external program when user has authenticated (for example to run a sendmail queue). o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files o Can act as a proxy server, relaying requests to a remote server o Supports Vendor-Specific attributes o Supports many different plug-in modules for authentication, authorization, and accounting. 2. INSTALLATION See the INSTALL file, in the parent directory. 3. CONFIGURATION FILES For every file there is a fully commented example file included, that explains what is does, and how to use it. Read those sample files too! Again, many of the configuration files are ONLY documented in the comments included in the files. Reading the configuration files is REQUIRED to fully understand how to create complex configurations of the server. 3a. CLIENTS Make sure the clients (portmasters, Linux with portslave etc) are set up to use the host radiusd is running on as authentication and accounting host. Configure these clients to use a "radius secret password". For every client, also enter this "secret password" into the file /etc/raddb/clients. See also the manual page for clients(5). 3b. NASLIST Every NAS (Network Access Server, also known as terminal server) should have an entry in this file with an abbreviated name and the type of NAS it is. Currently FreeRADIUS supports the following NAS types: Terminal Server Type in naslist 3Com/USR Hiper Arc Total Control usrhiper 3Com/USR NetServer netserver 3Com/USR TotalControl tc Ascend Max 4000 family max40xx Cisco Access Server family cisco Cistron PortSlave portslave Computone PowerRack computone Cyclades PathRAS pathras Livingston PortMaster livingston Multitech CommPlete Server multitech Patton 2800 family patton Usually this is the same list as in the "clients" file, but not every NAS is a client and not every client is a NAS (this will start to make sense if you use radius proxy servers). 3c. NASPASSWD If ``checkrad'' needs to login on your terminal server to check who is online on a certain port (i.e. it's not possible to use SNMP or finger) you need to define a loginname and password here. This is normally ONLY needed for USR/3Com Total Control, NetServer and Cyclades PathRAS terminal servers! 3d. HINTS Customize the /etc/raddb/mods-config/preprocess/hints file. This file is used to give users different login type based on a prefix/suffix of their loginname. For example, logging in as "user" may result in a rlogin session to a Unix system, and logging in as "Puser" could start a PPP session. 3e. HUNTGROUPS This is the /etc/raddb/mods-config/preprocess/huntgroups file. Here you can define different huntgroups. These can be used to: - restrict access to certain huntgroups to certain users/groups of users (define this in the huntgroups file itself) - match a loginname with a huntgroup in /etc/raddb/users. One use for this is to give a user a static IP address based on the huntgroup / Point of Presence (s)he dials in to. 3f. USERS With the original RADIUS server, every user had to be defined in this file. There could be one default entry, where you could for example define that a user not in the radius file would be checked agains the UNIX password file and on successful login would get a PPP connection. In the new style file, you can define multiple DEFAULT entries. All entries are processed in the order as they appear in the users file. If an entry matches the username, radiusd will stop scanning the users file unless the attribute "Fall-Through = Yes" is set. You can uses spaces in usernames by escaping them with \ or by using quotes. For example, "joe user" or joe\ user. The FreeRADIUS server does not trim any spaces from a username received from the portmaster (Livingston does, in perl notation, $user =~ s/\s+.*//;) 3g. NEW RADIUS ATTRIBUTES (to be used in the USERS file). Name Type Descr. ---- ---- ------ Simultaneous-Use integer Max. number of concurrent logins Fall-Through integer Yes/No Login-Time string Defines when user may login. Current-Time string Allows you to perform time-based checks when a request is received. Login-Time defines the time span a user may login to the system. The format of a so-called time string is like the format used by UUCP. A time string may be a list of simple time strings separated by "|" or ",". Each simple time string must begin with a day definition. That can be just one day, multiple days, or a range of days separated by a hyphen. A day is Mo, Tu, We, Th, Fr, Sa or Su, or Wk for Mo-Fr. "Any" or "Al" means all days. After that a range of hours follows in hhmm-hhmm format. For example, "Wk2305-0855,Sa,Su2305-1655". radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is "Al0800-1800" and she logs in at 17:30, Session-Timeout is set to 1800 seconds so that she is kicked off at 18:00. 4. LOG FILES 4a. /var/log/radius/radutmp In this file the currently logged in users are held. The program "radwho" reads this file and gives you a summary. Rogue sessions can be deleted from this file with the "radzap" program. 4b. /var/log/radius/radwtmp This file is "wtmp" compatible and keeps a history of all radius logins/ logouts. This file can be read with the "last" program, and other Unix accounting programs (such as "ac" and "sac") can be used to produce a summary. 4c. /var/log/radius/radius.log All RADIUS informational, diagnostic and error messages are logged in this file, including all login attempts. 4d. /var/log/radius/radacct//detail This is the original radius logfile, as written by all the Livingston radius servers. It's only created if the directory /var/log/radius/radacct exists. For more configuration options on the detail file please see raddb/mods-available/detail as it expands upon this greatly. 5. MORE INFO, SUPPORT The latest version of FreeRADIUS is always available from the git repository hosted on GitHub at https://github.com/FreeRADIUS/freeradius-server or see http://freeradius.org/git/ for more information. There are two mailing lists for users and developers. General user, administrator and configuration issues should be discussed on the users list at: http://lists.freeradius.org/mailman/listinfo/freeradius-users When asking for help on the users list, be sure the include a detailed and clear description of the problem, together with full debug output from FreeRADIUS, obtained by running radiusd -X Developers only discussion is to be had on the devel list: http://lists.freeradius.org/mailman/listinfo/freeradius-devel Please do not raise general configuration issues here. 6. OTHER INFORMATION The files in other directories are: debian/ Files to build a "freeradius" Debian Linux package. doc/ Various snippets of documentation doc/rfc/ Copies of the RFC's. If you have Perl, do a 'make' in that directory, and look at the HTML output. libltdl/ Libtool platform independent library system. man/ Unix Manual pages for the server, configuration files, and associated utilities. mibs/ SNMP Mibs for the server. raddb/ Sample configuration files for the server. redhat/ Additional files for a RedHat Linux system. scripts/ Sample scripts for startup and maintenance. src/ Source code src/main source code for the daemon and associated utilities src/lib source code for the RADIUS library src/include header files src/modules dynamic plug-in modules suse/ Aditional files for a SuSE (UnitedLinux) system. todo/ TODO list and assorted files. If you have ANY problems, concerns, or surprises when running the server, then run it in debugging mode, as root, from the command line: $ radiusd -X It will produce a large number of messages. The answers to many questions, and the solution to many problems, can usually be found in these messages. For further details, see: http://www.freeradius.org/faq/ and the 'bugs' file, in this directory. $Date$ freeradius-server-3.0.16/doc/all.mk000066400000000000000000000015731322570622300171140ustar00rootroot00000000000000ifneq "$(docdir)" "no" install: install.doc clean: clean.doc DOCDIRS := $(patsubst doc/%,$(R)$(docdir)/%,$(filter-out doc/source%,$(shell find doc -type d))) DOCFILES := $(filter-out %~ %/all.mk %.gitignore doc/rfc/update.sh doc/source/%,$(shell find doc -type f)) DOCINSTALL := $(patsubst doc/%,$(R)$(docdir)/%,$(DOCFILES)) # Create the directories $(DOCDIRS): @echo INSTALL $(patsubst $(R)$(docdir)/%,doc/%,$@) @$(INSTALL) -d -m 755 $@ # Files depend on directories (order only). # We don't care if the directories change. $(DOCINSTALL): | $(DOCDIRS) # Wildcard installation rule $(R)$(docdir)/%: doc/% @echo INSTALL $< @$(INSTALL) -m 644 $< $@ install.doc: $(DOCINSTALL) .PHONY: clean.doc clean.doc: @rm -f *~ rfc/*~ examples/*~ # # Deal with these later # DOCRST := $(wildcard *.rst) %.html: %.rst @rst2html.py $^ > $@ .PHONY: html html: $(DOCRST:.rst=.html) endif freeradius-server-3.0.16/doc/bugs000066400000000000000000000126661322570622300167030ustar00rootroot00000000000000BUGS 0. INTRODUCTION The FreeRADIUS web site is at , and most information referenced in this document can be found there. This is primarily for non-developers of the FreeRADIUS server. If you are able to patch the code to work correctly, then we invite you to join the development list to discuss it. If you're the type who know little about how to code, then this is the place for you! 1. YOU FOUND A BUG Where the server terminates ungracefully due to a bus error, segmentation violation, or other memory error, you should create a new issue in the issue tracker , including information from sections 4 and 5. For other issues, you should first discuss them on the users list, to see if anyone can reproduce them. Often there's a simple explanation of why the server behaves as it does, and it's not necessarily a bug in the code, so browse the lists' archives of the last two months, and if you don't see messages about it, ask! If the behavior is correct but confusing, we think that's a bug too, and you should file a bug against our documentation. For more information about the users list, the lists' archives and the faq, please visit http://www.freeradius.org/list/users.html Please make sure to READ and RESPECT the house-rules. You will get much better response and much faster if you do! 2. CORE DUMPS If the server, or one of the accompanying programs core dumps, then you should rebuild the server as follows: $ ./configure --enable-developer $ make $ make install and then run the program again. You may have to to enable core dumps, via: $ ulimit -c unlimited When it core dumps, do: $ gdb /path/to/executable /path/to/core/file Enable logging in gdb via the following commands: (gdb) set logging file gdb-radiusd.log (gdb) set logging on and follow the instructions in section 4, below. You can also enable the "panic_action" given in raddb/radiusd.conf. See the comments in that file for more details about automatically collecting gdb debugging information when the server crashes. 3. DEBUGGING A LIVE SERVER If you can't get a core dump, or the problem doesn't result in a core dump, you may have to run the server under gdb. To do this, ensure that you have symbols in the binaries (i.e. a non-stripped binary) by re-building the server as described in the previous section. Then, run the server under gdb as follows: $ gdb radiusd Enable logging in gdb via the following commands: (gdb) set logging file gdb-radiusd.log (gdb) set logging on Tell gdb to pass any necessary command-line arguments to the server: (gdb) set args ... Where the "..." are the command-line arguments you normally pass to radiusd. For debugging, you probably want to do: (gdb) set args -f Then, do: (gdb) run When something interesting happens, you can hit CTRL-C in the window, and you should be back at the gdb prompt: (gdb) And follow the instructions in section 4, below. 4. OBTAINING USEFUL INFORMATION Once you have a core dump loaded into gdb, or FreeRADIUS running under gdb, you may use the commands below to get useful information about the state of the server. If the server was built with threads, you can do: (gdb) info threads Which will give you information about the threads. If the server isn't threaded, that command-line will print a message saying so. Then, do: (gdb) thread apply all bt full If the server isn't threaded, the "thread apply" section isn't necessary The output should be printed to the screen, and also sent to the gdb-radiusd.log file. You should then submit the information from the log file, along with any server output, the output of radiusd -xv, and information about your operating system to: http://bugs.freeradius.org/ Submitting it to the bug database ensures that the bug report won't get forgotten, and that it will be dealt with in due course. You should provide the issue number in any mail sent to the user's list. 5. VALGRIND On Linux systems, "valgrind" is a useful tool that can catch certain classes of bugs. To use it, run the server voa: $ valgrind --tool=memcheck --leak-check=full radiusd -Xm It will print out certain kinds of errors to the screen. There may be a number of errors related to OpenSSL, dlopen(), or libtldl. We cannot do anything about those problems. However, any errors that are inside of the FreeRADIUS source should be brought to our attention. 6. RUNNING WITH "SCREEN" If the bug is a crash of the server, and it takes a long time for the crash to happen, perform the following steps: * log in as root * open a screen session (https://www.gnu.org/software/screen/) $ screen bash * make sure FreeRADIUS is not running * make sure you have all the debug symbols about, or a debugable version of the server installed * configure screen to log to a file; 'Ctrl-A H' * type 'gdb /path/to/radius' (or /path/to/freeradius on Debian) * at the (gdb) prompt, type 'run -X' * detach from screen 'Ctrl-A D' * when you notice FreeRADIUS has died, reconnect to your screen session $ screen -D -r * at the (gdb) prompt type 'where' or for *lots* of info try 'thread apply all bt full' * tell screen to stop logging, 'Ctrl-A H' * logout from screen -- FreeRADIUS Project, copyright 2014 $Id: 6a7843fb4f47b3d4097ceeb8232fdf576ea27236 $ freeradius-server-3.0.16/doc/concepts/000077500000000000000000000000001322570622300176235ustar00rootroot00000000000000freeradius-server-3.0.16/doc/concepts/aaa.rst000066400000000000000000000116171322570622300211050ustar00rootroot00000000000000Authorization, Authentication, and Accounting request handling ============================================================== There are a lot of questions about misconfigured FreeRADIUS servers because of misunderstanding of FreeRADIUS operations. This document explains how the server operates. Normally there are 2 steps in processing authentication request coming from NAS in FreeRADIUS (plus additional steps to proxy request if we use FreeRADIUS as a proxy): authorization and authentication. Authorization ------------- Authorization is a process of obtaining information about the user from external source (file, database or LDAP), and checking that the information in request is enough to authenticate user. Authorization modules deal with data sources, so ldap, sql, files, passwd are authorization modules. The authentication method is decided during the authorization phase, along with any reply attributes. The reason for this behaviour is that for example, a user may not be permitted to use a particular authentication method. So during the authorize phase, we can deny them the ability to use that kind of authentication. Authentication -------------- Authentication is simply a process of comparing user's credentials in request with credentials stored in database. Authentication usually deals with password encryption. PAP, CHAP, MS-CHAP are authentication modules. Few modules act as both authorization and authentication. For example, the MS-CHAP module is normally authentication only, but it may be used during authorization to verify that request contains MS-CHAP related attribute and only in this case perform MS-CHAP based authentication. LDAP is normally an authorization module, but it may be used for authentication (In this case FreeRADIUS will authenticate user in case he can connect to LDAP server with his account). SQL is only an authorization module, as dial-in users are not normally given passwords to access an SQL server. Request Processing ------------------ During authorization and authentication processes, there are 3 lists of RADIUS attributes supported by FreeRADIUS: request items, config items and reply items. (See 'man 5 users' for additional information.) Attributes from the RADIUS authentication request packet are included into request items list. Both authorization and authentication modules can add attributes into reply items list. These attributes will be added to reply will be sent by RADIUS server to NAS. There is third list, called config items. It's used for internal FreeRADIUS operations, for example to pass some data from authorization to authentication module. Before authorization begins FreeRADIUS creates request items list with attributes from request and empty config and reply lists. An authorization module searches a database with attributes (e.g. User-Name) taken from request list as a key, and fetches all relevant records. It retrieves 3 types of attributes: check attributes, configure attributes and reply attributes. It compares the check attributes with attributes from request items. If none of database record for this User-Name matches in check attributes with request items authorization will fail. If a matching record is found, then the configure attributes will be added to configure items, and the reply attributes will be added to reply items list. The check list may be required if we need to authenticate users with same name for different services (for example to treat User1 from NAS1 and User1 from NAS2 as different users). There should be at list one configure attribute provided by authorization module, called Auth-Type (since this attribute is from config items list it can't be in request or reply). This attribute decides which module will be used to authenticate the user. The Config items also contains information from database required to authenticate user, for example valid user's password or it's hash, login restrictions, etc. A quite common mistake is to place the attributes in the wrong lists, for example placing Auth-Type, Password, NT-Password etc in the check list, or in the reply list. When run in debugging mode, the server will normally issue 'WARNING' messages saying that the attributes are in the wrong list. If you place Password into check list and user does cleartext authentication it may work, because authorization module compares 2 cleartext passwords. But if user does some encrypted authentication (for example MS-CHAP), then the authorization will fail, because the Password in the request items will not match the password in the check attributes. You should place Password attribute obtained from database into configure items and also place Auth-Type attribute with value of 'MS-CHAP' into same list. The same goes for NT-Password (before calling MS-CHAP Password attribute should be converted to NT-Password, it may be achieved by calling mschap module in authorization section after module which does actual authorization). freeradius-server-3.0.16/doc/concepts/proxy.rst000066400000000000000000000111411322570622300215340ustar00rootroot00000000000000FreeRADIUS as a proxy RADIUS server. ==================================== Introduction ------------ It is possible to use FreeRADIUS as a proxy RADIUS server. This means that it can consult a remote RADIUS server to validate a user. This is handy for roaming setups, or for renting ports to someone else. Files ----- If a user logs in with a defined realm syntax, the "realm" portion is matched against the configuration to determine how the request should be handled. Common realm formats are: :: username@realm realm/username username%realm realm\username The realm parsing syntax ( and search order ) is user definable via the realm module config in the ``/etc/raddb/mods-available/realm`` configuration file. You can define multiple instances of the realm module to support multiple realm syntax's at the same time. Be sure to pay close attention to the search order that you define, as you may inadvertently get unexpected behaviour ( by having a user use ``realm1/username@realm2`` for instance ). If you need to proxy to IPASS, it should go first, because usernames will be in the form ``IPASS/username@realm`` and you want to proxy these users to IPASS, not to the realm behind the ``@``. The realms are configured in the file ``/etc/raddb/proxy.conf``, which is included by ``radiusd.conf``. The formats and sample configurations are included as comments. The realm ``DEFAULT`` (without the quotes) matches all realms. The realm ``NULL`` matches any requests WITHOUT a realm. If you set the remote server to ``LOCAL``, the request will be handled locally as usual, without sending it to a remote radius server. There are several options you can add in ``/etc/raddb/proxy.conf``: - nostrip: By default the realm is stripped from the username before sending it on to the remote radius server. By specifying the "nostrip" option the @realm suffix will not be stripped. - hints By default the original username is sent to the remote radius server. By specifying the "hints" option the username will be sent as it is after the "hints" file was processed. - notrealm: By default if a realm is matched, it will be proxied to the server specified. However, if you are using Replication functionality, you may want to override this behaviour. This option will prevent a user who enters ``user@foobar`` from being proxied if the ``foobar`` realm configuration contains ``notrealm``. This function used to be called ``notsuffix``, and the old syntax is still supported. The ``/etc/raddb/realms`` file is deprecated and should not be used anymore. If you use the ``/etc/raddb/realms`` file to enter realm configurations you will need to add the hostname and secret for the remote server in the file ``/etc/raddb/clients.conf``. It is not recommended to use both the realms file and the proxy.conf file, as that could cause confusion. Accounting ---------- All accounting data for proxied requests does `not` get stored in the standard logfiles, but in a separate directory. The name of this directory is the name of the remote radius server. Remote Server ---------------- When your server proxies requests to another server, it acts as a NAS for the remote server. On the remote server, you need to add the hostname of your server and the same secret to ``/etc/raddb/clients.conf`` as well. As you might not control the remote radius server, you might want to control the attributes sent back by the remote server in an Access-Accept packet. Have a look at the attrs file for this! What Happens --------------- The exact thing that happens is this: - A user logs in with a realm - The hints file gets processed as usual - The user is checked against the huntgroups file. At this point the user `might` already be rejected. - The realm is looked up in the realms file. If it isn't defined, the users file is processed normally. - If the ``notrealm`` option is defined, the user is processed locally. - The realm is stripped from the username unless ``nostrip`` was set, and the request is sent to a remote radius server. Note that any stripping done in the hints file doesn't have an effect on the username sent to the remote radius server unless you set the ``hints`` option. - The remote server replies with Access-Accept or Access-Reject :: On Access-Accept: The initial Auth-Type is set to Accept On Access-Reject: The initial Auth-Type is set to Reject Then the users file is processed as usual. The username used at this point is the one after hints file processing (regardless of the ``hints`` option). It also includes the realm (regardless of the setting of the ``nostrip`` option) unless the realm is ``LOCAL``. freeradius-server-3.0.16/doc/configuration/000077500000000000000000000000001322570622300206545ustar00rootroot00000000000000freeradius-server-3.0.16/doc/configuration/acct_type.rst000066400000000000000000000043571322570622300233720ustar00rootroot00000000000000Acct-Type ========= FreeRADIUS supports the Acct-Type attribute to select between accounting methods based on arbitrary attribute/value pairs contained in an accounting packet. Its use follows the same general configuration syntax as Auth-Type and Autz-Type. The main difference in configuration between Acct-Type and Auth/Autz-Type lies in where the Acct-Type method is assigned. With Auth/Autz-Type, the method is typically assigned in the 'users' file. The 'users' file, naturally, is not processed during the handling of the accounting {} section. However, part of the default files {} module is the 'acct_users' file, which serves the same purpose as the 'users' file, but applies to accounting packets. For example, a server administrator is responsible for handling the accounting data for two different realms, foo.com and bar.com, and wishes to use different instances of the SQL module for each. In addition, there is one RADIUS client sending accounting data that is to be logged only to a specific detail file. Everything else should use a third SQL instance. The acct_users file would look something like this:: DEFAULT Realm == "foo.com", Acct-Type := "SQLFOO" DEFAULT Realm == "bar.com", Acct-Type := "SQLBAR" DEFAULT Client-IP-Address == "10.0.0.1", Acct-Type := "OTHERNAS" And in radiusd.conf:: $INCLUDE ${confdir}/sql0.conf # Instance named 'sql0'. $INCLUDE ${confdir}/sql1.conf # Instance named 'sql1'. $INCLUDE ${confdir}/sql2.conf # Instance named 'sql2'. detail othernas { filename = ${radacctdir}/10.0.0.1/detail-%Y%m%d } preacct { suffix # Add the Realm A/V pair. files # Add the Acct-Type A/V pair based on the Realm A/V pair. } accounting { # If Acct-Type is SQLFOO use the 'sql1' instance of the SQL module. Acct-Type SQLFOO { sql1 } # If Acct-Type is SQLBAR, use the 'sql2' instance of the SQL module. Acct-Type SQLBAR { sql2 } # If Acct-Type is OTHERNAS, use the 'othernas' instance of the detail # module Acct-Type OTHERNAS { othernas } # If we've made it this far, we haven't matched an Acct-Type, so use # the sql0 instance. sql0 } freeradius-server-3.0.16/doc/configuration/autz_type.rst000066400000000000000000000047651322570622300234460ustar00rootroot00000000000000Autz-Type ========= Like Auth-Type for authentication method selection freeradius also supports the Autz-Type to select between authorization methods. The only problem is that authorization is the first thing to be called when an authentication request is handled. As a result we first have to call the authorize section without checking for Autz-Type. After that we check for Autz-Type and if it exists we call the corresponding subsection in the authorize section. In other words the authorize section in radiusd.conf should look like this:: authorize{ suffix preprocess # whatever other authorize modules here Autz-Type Ldap{ ldap } Autz-Type SQL{ sql } files } What happens is that the first time the authorize section is examined the suffix, preprocess and files modules are executed. If Autz-Type is set after that the server core checks for any matching Autz-Type subsection. If one is found it is called. The users file should look something like this:: DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap DEFAULT Realm == "other.company.com", Autz-Type := SQL Autz-Type could also be used to select between multiple instances of a module (ie sql or ldap) which have been configured differently. For example based on the user realm different ldap servers (belonging to different companies) could be queried. If Auth-Type was also set then we could do both Authentication and Authorization with the user databases belonging to other companies. In detail: radiusd.conf:: authenticate{ Auth-Type customer1{ ldap1 } Auth-Type customer2{ ldap2 } } authorize{ preprocess suffix Autz-Type customer1{ ldap1 } Autz-Type customer2{ ldap2 } files } The users file:: DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1 DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2 Apart from Autz-Type the server also supports the use of Acct-Type, Session-Type and Post-Auth-Type for the corresponding sections. The corresponding section names in the radiusd.conf file are the same. So for example: users file:: DEFAULT Called-Station-Id == "236473", Session-Type := SQL radiusd.conf:: session { radutmp Session-Type SQL { sql } } freeradius-server-3.0.16/doc/configuration/configurable_failover.rst000066400000000000000000000377261322570622300257540ustar00rootroot00000000000000Configurable Module Fail Over ============================= Before configurable module failover, we had this kind of entry in ``radiusd.conf``: :: #--- authorize { preprocess files } #--- This entry instructed the ``authorize`` section to first process the request through the ``preprocess`` module, and if that returned success, to process it through ``files`` module. If that sequence returned success, then the ``authorize`` stage itself would then return success. Processing was strictly linear and if one module failed, the whole section would fail immediately. Configurable failover provides more flexibility. It takes advantage of the tree structure of radiusd.conf to support a configuration language that allows you to ``group`` modules that should work together in ways other than simple lists. You can control the flow of any stage (e.g. ``authorize``) to fit your needs, without touching C code, just by altering radiusd.conf. This configurable fail-over has a convenient short-hand, too. Administrators commonly want to say things like "try SQL1, if it's down, try SQL2, otherwise drop the request." For example: :: #--- modules { sql sql1 { # configuration to connect to SQL database one } sql sql2 { # configuration to connect to SQL database two } always handled { rcode = handled } } # Handle accounting packets accounting { detail # always log to detail, stopping if it fails redundant { sql1 # try module sql1 sql2 # if that's down, try module sql2 handled # otherwise drop the request as # it's been ``handled`` by the ``always`` # module (see doc/rlm_always) } } #--- The ``redundant`` section is a configuration directive which tells the server to process the second module if the first one fails. Any number of modules can be listed in a ``redundant`` section. The server will process each in turn, until one of the modules succeeds. It will then stop processing the ``redundant`` list. Rewriting results for single modules ------------------------------------ Normally, when a module fails, the entire section (``authorize``, ``accounting``, etc.) stops being processed. In some cases, we may want to permit "soft failures". That is, we may want to tell the server that it is "ok" for a module to fail, and that the failure should not be treated as a fatal error. In this case, the module is treated as a "section", rather than just as a single lne in ``radiusd.conf``. The configuration entries for that section are taken from the ``configurable fail-over`` code, and not from the configuration information for that module. For example, the ``detail`` module normally returns ``fail`` if it is unable to write its information to the ``detail`` file. As a test, we can configure the server so that it continues processing the request, even if the ``detail`` module fails. The following example shows how: :: #-- # Handle accounting packets accounting { detail { fail = 1 } redundant { sql1 sql2 handled } } #-- The ``fail = 1`` entry tells the server to remember the ``fail`` code, with priority ``1``. The normal configuration is ``fail = return``, which means ``if the detail module fails, stop processing the accounting section``. Fail-over configuration entries ------------------------------- Modules normally return on of the following codes as their result: +-----------+-----------------------------------------------------+ |Code | Meaning | +===========+=====================================================+ |notfound | the user was not found | +-----------+-----------------------------------------------------+ |noop | the module did nothing | +-----------+-----------------------------------------------------+ |ok | the module succeeded | +-----------+-----------------------------------------------------+ |updated | the module updated information in the request | +-----------+-----------------------------------------------------+ |fail | the module failed | +-----------+-----------------------------------------------------+ |reject | the module rejected the user | +-----------+-----------------------------------------------------+ |userlock | the user was locked out | +-----------+-----------------------------------------------------+ |invalid | the user's configuration entry was invalid | +-----------+-----------------------------------------------------+ |handled | the module has done everything to handle the request| +-----------+-----------------------------------------------------+ In a configurable fail-over section, each of these codes may be listed, with a value. If the code is not listed, or a configurable fail-over section is not defined, then values that make sense for the requested ``group`` (group, redundant, load-balance, etc) are used. The special code ``default`` can be used to set all return codes to the specified value. This value will be used with a lower priority than ones that are explicitly set. The values for each code may be one of two things: +---------+---------------------------------------------------------------+ |Value | Meaning | +=========+===============================================================+ | | Priority for this return code. | +---------+---------------------------------------------------------------+ |return | Stop processing this configurable fail-over list. | +---------+---------------------------------------------------------------+ |reject | Stop processing this configurable fail-over list and | | | immediately return a reject. | +---------+---------------------------------------------------------------+ The ```` used for a value may be any decimal number between 1 and 99999. The number is used when processing a list of modules, to determine which code is returned from the list. For example, if ``module1`` returns ``fail`` with priority ``1``, and a later ``module2`` returns ``ok`` with priority ``3``, the return code from the list of modules will be ``ok``, because it has higher priority than ``fail``. This configurability allows the administrator to permit some modules to fail, so long as a later module succeeds. More Complex Configurations --------------------------- The ``authorize`` section is normally a list of module names. We can create sub-lists by using the section name ``group``. The ``redundant`` section above is just a short-hand for ``group``, with a set of default return codes, which are different than the normal ``stop processing the list on failure``. For example, we can configure two detail modules, and allow either to fail, so long as one of them succeeds. :: #-- # Handle accounting packets accounting { group { detail1 { fail = 1 # remember ``fail`` with priority 1 ok = return # if we succeed, don't do ``detail2`` } detail2 { fail = 1 # remember ``fail`` with priority 1 ok = return # if we succeed, return ``ok`` # if ``detail1`` returned ``fail`` } } # returns ``fail`` only if BOTH modules returned ``fail`` redundant { sql1 sql2 handled } } #-- This configuration says: - log to ``detail1``, and stop processing the ``group`` list if ``detail1`` returned OK. - If ``detail1`` returned ``fail``, then continue, but remember the ``fail`` code, with priority 1. - If ``detail2`` fails, then remember ``fail`` with priority 1. - If ``detail2`` returned ``ok``, return ``ok`` from the ``group``. The return code from the ``group`` is the return code which was either forced to return (e.g. ``ok`` for ``detail1``), or the highest priority return code found by processing the list. This process can be extended to any number of modules listed in a ``group`` section. Virtual Modules --------------- Some configurations may require using the same list of modules, in the same order, in multiple sections. For those systems, the configuration can be simplified through the use of ``virtual`` modules. These modules are configured as named sub-sections of the ``instantiate`` section, as follows: :: instantiate { ... redundant sql1_or_2 { sql1 sql2 } } The name ``sql1_or_2`` can then be used in any other section, such as ``authorize`` or ``accounting``. The result will be *exactly* as if that section was placed at the location of the ``sql1_or_2`` reference. These virtual modules are full-fledged objects in and of themselves. One virtual module can refer to another virtual module, and they can contain ``if`` conditions, or any other configuration permitted in a section. Redundancy and Load-Balancing ----------------------------- See ``man unlang`` or ``doc/load-balance`` for information on simple redundancy (fail-over) and load balancing. The Gory Details ----------------- The fundamental object is called a MODCALLABLE, because it is something that can be passed a specific radius request and returns one of the RLM_MODULE_* results. It is a function - if you can accept the fact that pieces of radiusd.conf are functions. There are two kinds of MODCALLABLEs: GROUPs and SINGLEs. A SINGLE is a reference to a module instance that was set up in the modules{} section of radiusd.conf, like ``preprocess`` or ``sql1``. When a SINGLE is called, the corresponding function in the rlm is invoked, and whichever RLM_MODULE_* it returns becomes the RESULT of the SINGLE. A GROUP is a section of radiusd.conf that includes some MODCALLABLEs. Examples of GROUPs above include ``authorize{...}``, which implements the C function module_authorize, and ``redundant{...}``, which contains two SINGLEs that refer to a couple of redundant databases. Note that a GROUP can contain other GROUPs - ``Auth-Type SQL{...}`` is also a GROUP, which implements the C function module_authenticate when Auth-Type is set to SQL. Now here's the fun part - what happens when a GROUP is called? It simply runs through all of its children in order, and calls each one, whether it is another GROUP or a SINGLE. It then looks at the RESULT of that child, and takes some ACTION, which is basically either ``return that RESULT immediately`` or ``Keep going``. In the first example, any ``bad`` RESULT from the preprocess module causes an immediate return, and any ``good`` RESULT causes the authorize{...} GROUP to proceed to the files module. We can see the exact rules by writing them out the long way: :: authorize { preprocess { notfound = 1 noop = 2 ok = 3 updated = 4 fail = return reject = return userlock = return invalid = return handled = return } files { notfound = 1 noop = 2 ok = 3 updated = 4 fail = return reject = return userlock = return invalid = return handled = return } } This is the same as the first example, with the behavior explicitly spelled out. Each SINGLE becomes its own section, containing a list of RESULTs that it may return and what ACTION should follow from them. So preprocess is called, and if it returns for example RLM_MODULE_REJECT, then the reject=return rule is applied, and the authorize{...} GROUP itself immediately returns RLM_MODULE_REJECT. If preprocess returns RLM_MODULE_NOOP, the corresponding ACTION is ``2``. An integer ACTION serves two purposes - first, it tells the parent GROUP to go on to the next module. Second, it is a hint as to how desirable this RESULT is as a candidate for the GROUP's own RESULT. So files is called... suppose it returns RLM_MODULE_NOTFOUND. The ACTION for notfound inside the files{...} block is ``1``. We have now reached the end of the authorize{...} GROUP and we look at the RESULTs we accumulated along the way - there is a noop with preference level 2, and a notfound with preference level 1, so the authorize{...} GROUP as a whole returns RLM_MODULE_NOOP, which makes sense because to say the user was not found at all would be a lie, since preprocess apparently found him, or else it would have returned RLM_MODULE_NOTFOUND too. We could use the ``default`` code to simplify the above example a little. The following two configurations are identical: :: files { notfound = 1 noop = 2 ok = 3 updated = 4 default = return } When putting the ``default`` first, later definitions over-ride it's return code: :: files { default = return notfound = 1 noop = 2 ok = 3 updated = 4 } [Take a deep breath - the worst is over] That RESULT preference/desirability stuff is pretty complex, but my hope is that it will be complex enough to handle the needs of everyone's real-world imperfect systems, while staying out of sight most of the time since the defaults will be right for the most common configurations. So where does redundant{...} fit in with all that? Well, redundant{...} is simply a group that changes the default ACTIONs to something like :: fail = 1 everythingelse = return so that when one module fails, we keep trying until we find one that doesn't fail, then return whatever it returned. And at the end, if they all failed, the redundant GROUP as a whole returns RLM_MODULE_FAIL, just as you'd want it to (I hope). There are two other kinds of grouping: ``group{...}`` which does not have any specialized default ACTIONs, and ``append{...}``, which should be used when you have separate but similarly structured databases that are guaranteed not to overlap. That's all that really needs to be said. But now a few random notes: GROUPs may have RESULT=ACTION ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It would look like this: :: authorize { preprocess redundant { sql1 sql2 notfound = return } files } which would prevent ``files`` from being called if neither of the SQL instances could find the user. redundant{...} and append{...} are just shortcuts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You could write: :: group { sql1 { fail = 1 notfound = 2 noop = return ok = return updated = return reject = return userlock = return invalid = return handled = return } sql2 { fail = 1 notfound = 2 noop = return ok = return updated = return reject = return userlock = return invalid = return handled = return } } instead of redundant { sql1 sql2 } but the latter is just a whole lot easier to read. ``authenticate{...}`` is not a GROUP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ even though it contains a list of ``Auth-Type`` GROUPs, because its semantics are totally different - it uses ``Auth-Type`` to decide which of its members to call, and their order is irrelevant. The default rules are context-sensitive ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For ``authorize``, the defaults are what you saw above - notfound, noop, ok, and updated are considered success, and anything else has an ACTION of ``return``. For authenticate, the default is to return on success *or* reject, and only try the second and following items if the first one fails. You can read all the default ACTIONs in modcall.c (int defaultactions[][][]), or just trust me. They do the right thing. There are some rules that can't be implemented in this language ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ things like ``notfound = 1-reject``, ``noop = 2-ok``, ``ok = 3-ok``, etc. But I don't feel justified adding that complexity in the first draft. There are already enough things here that may never see real-world usage. Like append{...} -- Pac. 9/18/2000 freeradius-server-3.0.16/doc/configuration/load_balance.rst000066400000000000000000000117341322570622300240000ustar00rootroot00000000000000Load Balancing ============== As of version 2.0.0, the load balance documentation is in the available in the "unlang" man page. The text below may not be up to date, and is here only for historical purposes. As of version 1.1.0, FreeRADIUS supports load balancing in module sections. Please see the "configurable_failover" file in this directory for a more complete description of module sections. The short summary is that you can use a "load-balance" section in any place where a module name may be used. The semantics of the "load-balance" section are that one of the modules in the section will be chosen at random, evenly spread over the modules in the list. An example is below:: accounting { load-balance { sql1 sql2 sql2 } } In this case, 1/3 of the RADIUS requests will be processed by "sql1", one third by "sql2", and 1/3 by "sql3". The "load-balance" section can be nested in a "redundant" section, or vice-versa:: accounting { load-balance { # between two redundant sections below redundant { sql1 sql2 } redundant { sql2 sql1 } } } This says "load balance between sql1 and sql2, but if sql1 is down, use sql2, and if sql2 is down, use sql1". That way, you can guarantee both that load balancing occurs, and that the requests are *always* logged to one of the databases:: accounting { redundant { load-balance { sql1 sql2 } detail } } This says "load balance between sql1 and sql2, but if the one being used is down, then log to detail". And finally:: accounting { redundant { # between load-balance & detail load-balance { # between two redundant sections redundant { sql1 sql2 } redundant { sql2 sql1 } } detail } } This says "try to load balance between sql1 and sql2; if sql1 is down, use sql2; if sql2 is down use sql1; if both sql1 and sql2 are down, then log to the detail file" More complicated scenarios -------------------------- If you want to do redundancy and load-balancing among three modules, the configuration is quite complex:: load-balance { redundant { sql1 load-balance { redundant { sql2 sql3 } redundant { sql3 sql2 } } } # sql1, etc. redundant { sql2 load-balance { redundant { sql3 sql1 } redundant { sql1 sql3 } } } # sql2, etc. redundant { sql3 load-balance { redundant { sql1 sql2 } redundant { sql2 sql1 } } } # sql3, etc. } For four or more modules, it quickly becomes unmanageable. The solution is to use the "redundant-load-balance" section, which combines the features of "load-balance", with "redundant" fail-over between members. The above complex configuration for three modules then becomes:: redundant-load-balance { sql1 sql2 sql3 } Which means "load-balance evenly among all three servers. If the one picked for load-balancing is down, load-balance among the remaining two. If that one is down, pick the one remaining 'live' server". The "redundant-load-balance" section can contain any number of modules. Interaction with "if" and "else" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It's best to have "if" and "else" blocks contain "load-balance" or "redundant-load-balance" sections, rather than the other way around. The "else" and "elsif" sections cannot appear inside of a "load-balance" or "redundant-load-balance" section, because the "else" condition would be chose as one of the modules for load-balancing, which is not what you want. It's OK to have a plain "if" block inside of a "load-balance" or "redundant-load-balance" section. In that case, the "if" condition checks the return code of the module or group that executed just before the "load-balance" section. It does *not* check the return code of the previous module in the section. freeradius-server-3.0.16/doc/configuration/post_auth_type000066400000000000000000000024021322570622300236440ustar00rootroot00000000000000This is now called Post-Auth-Type, for consistency. O.INTRODUCTION Post-Auth-Type is used to select between groupings of modules in the post-auth stanza using arbitrary attributes. It is functionally identical to Acct-Type, apart from the name of the attribute and its dealing with rejected requests.. This means that (unlike Autz-Type) the attribute must be set before the stanza is run. Changes to Post-Auth-Type during post-auth will have no effect. 1.HOW IT WORKS If a request has been rejected, the value of Post-Auth-Type is overwritten with REJECT automatically, so anonymous modules outside the REJECT substanza will not be run, only modules within the appropriate substanza will be run. 2.EXAMPLES In the example below, when a request has been rejected, the module my_ippool will not be run, only the module my_detail will be run. If the request is not rejected, the my_ippool module will be run, but not the my_detail module post-auth { my_ippool Post-Auth-Type REJECT { my_detail } } In the following example, 2 different sql modules are used to store accepted requests and rejected requests. post-auth { my_sql_accept Post-Auth-Type REJECT { my_sql_reject } } freeradius-server-3.0.16/doc/configuration/session_type000066400000000000000000000006311322570622300233230ustar00rootroot00000000000000Session-Type is used to select between groupings of modules in the session stanza using arbitrary attributes. It is functionally identical to Acct-Type, apart from the name of the attribute. This means that (unlike Autz-Type) the attribute must be set before the stanza is run. Changes to Session-Type during session will have no effect. This allows Simultaneous-Use checking behaviour to be very flexible. freeradius-server-3.0.16/doc/configuration/simultaneous_use000066400000000000000000000171141322570622300242070ustar00rootroot00000000000000 FreeRADIUS server and the Simultaneous-Use parameter. 0. INTRODUCTION Lots of people want to limit the number of times one user account can login, usually to one. This is hard to do with the radius protocol; the nature of the accounting stuff is such that the idea the radius server has about the list of logged-in users might be different from the idea the terminal server has about it. However, most terminal servers have an alternative way to get a list of logged-in users. Most support some way through telnet, some have a finger-daemon builtin and a lot of them support SNMP. So if the radius server thinks that someone is trying to login a second time, it is possible to check on the terminal server itself if the first login is indeed still active. Only then access is denied for the second login. 1. PREREQUISITES You need to have perl installed. For SNMP checks, you have 2 options. You can use the `snmpget' program from the cmu-snmp tools. You can probably get precompiled ones, maybe even packaged for your system (Debian/Linux, Redhat/Linux, FreeBSD ports collection etc). The source code is at http://www.net.cmu.edu/projects/snmp/snmpapps/. The Linux-specific version of this is at http://www.gaertner.de/snmp/ The other option is to install the SNMP_Session and BER modules that for example the well known `mrtg' package uses. This is recommended. In that case you need no external snmpget program, checkrad will speak SNMP directly. See http://www.switch.ch/misc/leinen/snmp/perl/ The checkroutine for USR/3Com Total Control racks uses the Net::Telnet module from CPAN, at least version 3.00. If you need that, obtain it from your local CPAN mirror (or see http://www.perl.com/CPAN/). The checkrad.pl perl script will autodetect if that module is installed. 2. USAGE. It works by adding the `check' parameter "Simultaneous-Use" to the entry for a users or DEFAULT in /etc/raddb/users. It should be at least one; it defines the maximum number of users logged in with the same account name. For example: # # Simultaneous use restrictions. # DEFAULT Group == "staff", Simultaneous-Use := 4 Fall-Through = 1 DEFAULT Group == "business", Simultaneous-Use := 2 Fall-Through = 1 DEFAULT Simultaneous-Use := 1 Fall-Through = 1 NOTE!!! The "Simultaneous-Use" parameter is in the "check" A/V pairs, and not in the Reply A/V pairs (it _is_ a check). For SQL, after creating and populating your schema, you should execute the following statement (for MySQL, others may vary): INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values("dialup", "Simultaneous-Use", ":=", "1"); Once that is done, your users should be limited to only one login at a time. 3. IMPLEMENTATION The server keeps a list of logged-in users in the /var/log/radutmp file. This is also called "the session database". When you execute "radwho", all that radwho really does is list the entries in this file in a pretty format. Only when someone tries to login who _already_ has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session. The script uses SNMP for Livingston Portmasters and Ciscos, finger for Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC. Since the script has been witten in perl, it's easy to adjust for any type of terminal server. There are implementations in the script for checks using SNMP, finger, and telnet, so it should be easy to add your own check routine if your terminal server is not supported yet. You can find the script in the file src/checkrad.pl. You need to set the correct type in the file /etc/raddb/naslist so that checkrad KNOWS how it should interrogate the terminal server. At this time you can define the following types: type Vendor Uses method needs Need naspasswd ==== ====== =========== ===== ============== ascend Lucent SNMP SNMP No bay Nortel finger finger command No cisco Cisco SNMP SNMP Optional [1] computone Computone finger finger command No cvx Nortel SNMP SNMP No digitro Digitro rusers rusers command No livingston Livingston SNMP SNMP No [2] max40xx Lucent finger finger command No netserver USR/3com telnet CPAN Net::Telnet Yes pathras Cyclades telnet CPAN Net::Telnet Yes patton Patton SNMP SNMP No portslave ? finger finger command No pr3000 Cyclades SNMP snmpwalk command No pr4000 Cyclades SNMP snmpwalk command No tc USR/3com telnet CPAN Net::Telnet Yes usrhyper USR/3com SNMP SNMP No [3] versanet VersaNet SNMP SNMP No other none N/A - No [1] In naspasswd file: set username to SNMP, password is community. [2] Needs at least ComOS 3.5, SNMP enabled. [3] Set "Reported Port Density" to 256 (default) "other" means "don't bother checking, I believe what radutmp says". This really is not recommended, if a user has a "stuck" entry in the session database she will not be able to login again - hence the extra check that "checkrad" does. 4. IF IT DOESN'T WORK Note that you need to add the Simultaneous-Use parameter to the check item (first line), not the reply item, using the ':=' operator. You can edit the `checkrad' perl script and turn on debugging. Then watch the debug file. The `radius.log' file also gives some hints. You can also run the "checkrad" script manually, use the "-d" switch to get debug output on standard output instead of in the log. See also: http://wrath.geoweb.ge/simult.html which has a good discussion of the use of Simultaneous-Use. 5. CAVEATS This solution checks the radutmp file. This file is kept up-to-date from the Accounting records the NAS sends. Since some NASes delay these records for quite some time, it is possible to get a double login by logging in twice at _exactly_ the same time (plus or minus the mentioned delay time), since neither of the logins are registered yet. The solution would be to create a small 1-minute cache of Authentication records, that is also checked for double login attempts. Perhaps in the next version. When implementing this one thing was considered the most important: when trying to detect double logins, we always try to err on the safe side. So in rare cases, a double login is possible but we try never to limit access for a legitimate login. 6. PROBLEMS WITH DROPPED CONNECTIONS Our PM3, with 2 ISDN-30 lines coming into it, had the habit of sometimes dropping connections. In a few cases, the portmaster thought the session was still alive so if the user tried to login again, he or she was denied access. In our case, this problem was caused by a bad PRI line from the phone company. We tried to compensate this by setting the Idle-Timeout to 15 minutes. That way, even if a user did get locked out the portmaster would clear the rogue session within 15 minutes and the user could login again. freeradius-server-3.0.16/doc/configuration/snmp000066400000000000000000000033051322570622300215550ustar00rootroot00000000000000INSTALL ------- Installing the SNMP patch is straightforward: $ tar -zxf freeradius-server-2.1.11.tar.gz $ cd freeradius-server-2.1.11 $ patch -p1 < ../snmp.patch $ ./configure --args.... $ make $ make install MIB Installation ---------------- The traps *REQUIRE* that the files in the "mibs" directory be copied to the global mibs directory, usually /usr/share/snmp/mibs/. If this is not done, the "snmptrap" program has no idea what information to send, and will not work. The MIB installation is *NOT* done as part of the default installation, so that step *MUST* be done manually. The global MIB directory can be found by running the following command: $ snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR | sed "s/' .*//;s/.* '//;s/.*://" Or maybe just: $ snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR If you have copied the MIBs to that directory, you can test the FreeRADIUS MIBs by running the following command: $ snmptranslate -m +FREERADIUS-NOTIFICATION-MIB -IR -On serverStart It should print out: .1.3.6.1.4.1.11344.4.1.1 As always, run the server in debugging mode after enabling the traps. You will see the "snmptrap" command being run, and it will print out any errors or issues that it encounters. Those need to be fixed before running the server in daemon mode. We also suggest running in debugging mode as the "radiusd" user, if you have "user/group" set in radiusd.conf. The "snmptrap" program may behave differently when run as "root" or as the "radiusd" user. You will also need to edit "radiusd.conf", and uncomment the line saying # $INCLUDE trigger.conf That will enable the triggers. More Documentation ------------------ See raddb/trigger.conf for complete documentation. freeradius-server-3.0.16/doc/configuration/variables.rst000066400000000000000000000167351322570622300233720ustar00rootroot00000000000000Run-time variables ================== See "man unlang" for more complete documentation on the run-time variables. This file is here only for historical purposes. The above variable expansions also support the following meta-attributes. These are not normal RADIUS attributes, but are created by the server to be used like them, for ease of use. They can only be queried, and cannot be assigned. +-----------------------+-------------------------------------------------+ | Packet-Type | RADIUS packet type (Access-Request, etc.) | +-----------------------+-------------------------------------------------+ | Packet-Src-IP-Address | IP address from which the packet was sent | +-----------------------+-------------------------------------------------+ | Packet-Dst-IP-Address | IP address to which the packet was sent. | | | This may be "0.0.0.0", if the server | | | was configured with ``bind_address = *``. | +-----------------------+-------------------------------------------------+ | Packet-Src-Port | UDP port from which the packet was sent | +-----------------------+-------------------------------------------------+ | Packet-Dst-Port | UDP port to which the packet was sent. | +-----------------------+-------------------------------------------------+ ``%{config:section.subsection.item}`` Corresponding value in ``radiusd.conf`` for the string value of that item. The ``%{config:...}`` variables should be used VERY carefully, as they may leak secret information from your RADIUS server, if you use them in reply attributes to the NAS! :: DEFAULT User-Name =~ "^([^@]+)@(.*)" All-That-Matched = `%{0}` Just-The-User-Name = `%{1}` Just-The-Realm-Name = `%{2}` The variables are used in dynamically translated strings. Most of the configuration entries in ``radiusd.conf`` (and related files) will do dynamic string translation. To do the same dynamic translation in a RADIUS attribute (when pulling it from a database, or "users" file), you must put the string into an back-quoted string: :: Session-Timeout = `%{expr: 2 + 3}` To do the dynamic translation in the ``radiusd.conf`` (or some other configuration files), just use the variable as-is. See ``radiusd.conf`` for examples. Attributes as environment variables in executed programs -------------------------------------------------------- When calling an external program (e.g. from ``rlm_exec`` module), these variables can be passed on the command line to the program. In addition, the server places all of the attributes in the RADIUS request into environment variables for the external program. The variables are renamed under the following rules: #. All letters are made upper-case. #. All hyphens '-' are turned into underscores '_' so the attribute ``User-Name`` can be passed on the command line to the program as ``%{User-Name}``, or used inside the program as the environment variable ``USER_NAME`` (or ``$USER_NAME`` for shell scripts). If you want to see the list of all of the variables, try adding a line ``printenv > /tmp/exec-program-wait`` to the script. Then look in the file for a complete list of variables. One-character variables ----------------------- The following one-character variables were defined. They were duplicates of the previous general cases, and were only provided for backwards compatibility. They are in the process of being removed, this table documents the old variables and their new equivalents. (i.e. ``:-``, as described above. +-----------+---------------------------+-----------------------+ | Variable | Description | Proper Equivalent | +===========+===========================+=======================+ |%a |Protocol (SLIP/PPP) |%{Framed-Protocol} | +-----------+---------------------------+-----------------------+ |%c |Callback-Number |%{Callback-Number} | +-----------+---------------------------+-----------------------+ |%d |request day (DD) | | +-----------+---------------------------+-----------------------+ |%f |Framed IP address |%{Framed-IP-Address} | +-----------+---------------------------+-----------------------+ |%i |Calling Station ID |%{Calling-Station-Id} | +-----------+---------------------------+-----------------------+ |%l |request timestamp | | +-----------+---------------------------+-----------------------+ |%m |request month (MM) | | +-----------+---------------------------+-----------------------+ |%n |NAS IP address |%{NAS-IP-Address} | +-----------+---------------------------+-----------------------+ |%p |Port number |%{NAS-Port} | +-----------+---------------------------+-----------------------+ |%s |Speed (PW_CONNECT_INFO) |%{Connect-Info} | +-----------+---------------------------+-----------------------+ |%t |request in ctime format | | +-----------+---------------------------+-----------------------+ |%u |User name |%{User-Name} | +-----------+---------------------------+-----------------------+ |%A |radacct_dir |%{config:radacctdir} | +-----------+---------------------------+-----------------------+ |%C |clientname | | +-----------+---------------------------+-----------------------+ |%D |request date (YYYYMMDD) | | +-----------+---------------------------+-----------------------+ |%G |request minute | | +-----------+---------------------------+-----------------------+ |%H |request hour | | +-----------+---------------------------+-----------------------+ |%I |request ID | | +-----------+---------------------------+-----------------------+ |%L |radlog_dir |%{config:logdir} | +-----------+---------------------------+-----------------------+ |%M |MTU |%{Framed-MTU} | +-----------+---------------------------+-----------------------+ |%R |radius_dir |%{config:raddbdir} | +-----------+---------------------------+-----------------------+ |%S |request timestamp | | | |in SQL format | | +-----------+---------------------------+-----------------------+ |%T |request timestamp | | | |in database format | | +-----------+---------------------------+-----------------------+ |%U |Stripped User name |%{Stripped-User-Name} | +-----------+---------------------------+-----------------------+ |%V |Request-Authenticator | | | |(Verified/None) | | +-----------+---------------------------+-----------------------+ |%v |Server Version | | +-----------+---------------------------+-----------------------+ |%Y |request year (YYYY) | | +-----------+---------------------------+-----------------------+ |%Z |All request attributes | | | |except password | | | |(must have a big buffer) | | +-----------+---------------------------+-----------------------+ $Id: 4a2f28ca4e68aedfaaa02604a70df6b27d9a39e7 $ freeradius-server-3.0.16/doc/deployment/000077500000000000000000000000001322570622300201655ustar00rootroot00000000000000freeradius-server-3.0.16/doc/deployment/CYGWIN.rst000066400000000000000000000255561322570622300217340ustar00rootroot00000000000000FreeRADIUS for EAP under CygWin =============================== From: "Philip Blow" To: Date: Wed, 29 Jan 2003 15:23:45 +1100 Here are some brief notes I but together for compiling FreeRADIUS 0.8.1 on Windows XP with EAP/TLS support. Configuring FreeRADIUS for EAP under CygWin. -------------------------------------------- #. Installing CygWin Install the latest version of CygWin (at time of writing 1.3.19-1) from http://www.cygwin.com #. Install the following packages (make as minimum list) +--------------------+-----------------+ | Package | Version | +====================+=================+ | _update-info-dir | 00126-1 | +--------------------+-----------------+ | ash | 20020731-1 | +--------------------+-----------------+ | autoconf | 2.54-1 | +--------------------+-----------------+ | autoconf-devel | 2.57-1 | +--------------------+-----------------+ | autoconf-stable | 2.13-4 | +--------------------+-----------------+ | automake | 1.7.1-1 | +--------------------+-----------------+ | automake-devel | 1.7.2-1 | +--------------------+-----------------+ | automake-stable | 1.4p5-5 | +--------------------+-----------------+ | base-files | 1.1-1 | +--------------------+-----------------+ | base-passwd | 1.0-1 | +--------------------+-----------------+ | bash | 2.05b-8 | +--------------------+-----------------+ | bc | 1.06-1 | +--------------------+-----------------+ | binutils | 20021117-1 | +--------------------+-----------------+ | byacc | 1.9-1 | +--------------------+-----------------+ | bzip2 | 1.0.2-2 | +--------------------+-----------------+ | crypt | 1.0-1 | +--------------------+-----------------+ | cygrunsrv | 0.95-1 | +--------------------+-----------------+ | cygutils | 1.1.3-1 | +--------------------+-----------------+ | cygwin | 1.3.19-1 | +--------------------+-----------------+ | cygwin-doc | 1.3-2 | +--------------------+-----------------+ | diff | 1.0-1 | +--------------------+-----------------+ | diffutils | 2.8.1-1 | +--------------------+-----------------+ | ed | 0.2-1 | +--------------------+-----------------+ | file | 3.37-1 | +--------------------+-----------------+ | fileutils | 4.1-1 | +--------------------+-----------------+ | findutils | 4.1.7-4 | +--------------------+-----------------+ | gawk | 3.1.1-5 | +--------------------+-----------------+ | gcc | 3.2-3 | +--------------------+-----------------+ | gcc-mingw | 20020817-5 | +--------------------+-----------------+ | gcc2 | 2.95.3-10 | +--------------------+-----------------+ | gdb | 20021218-1 | +--------------------+-----------------+ | gdbm | 1.8.0-4 | +--------------------+-----------------+ | gettext | 0.11.5-1 | +--------------------+-----------------+ | grep | 2.5-1 | +--------------------+-----------------+ | groff | 1.18.1-2 | +--------------------+-----------------+ | gzip | 1.3.3-4 | +--------------------+-----------------+ | inetutils | 1.3.2-20 | +--------------------+-----------------+ | initscripts | 0.9-1 | +--------------------+-----------------+ | less | 378-1 | +--------------------+-----------------+ | libbz2_0 | 1.0.2-1 | +--------------------+-----------------+ | libbz2_1 | 1.0.2-2 | +--------------------+-----------------+ | libiconv2 | 1.8-2 | +--------------------+-----------------+ | libintl | 0.10.38-3 | +--------------------+-----------------+ | libintl1 | 0.10.40-1 | +--------------------+-----------------+ | libintl2 | 0.11.5-1 | +--------------------+-----------------+ | libltdl3 | 20030103-1 | +--------------------+-----------------+ | libncurses5 | 5.2-1 | +--------------------+-----------------+ | libncurses6 | 5.2-8 | +--------------------+-----------------+ | libpng10 | 1.0.14-2 | +--------------------+-----------------+ | libpng12 | 1.2.4-2 | +--------------------+-----------------+ | libpopt0 | 1.6.4-4 | +--------------------+-----------------+ | libreadline4 | 4.1-2 | +--------------------+-----------------+ | libreadline5 | 4.3-2 | +--------------------+-----------------+ | libtool | 20020202a-1 | +--------------------+-----------------+ | libtool-devel | 20021227-1 | +--------------------+-----------------+ | libtool-stable | 1.4.2-2 | +--------------------+-----------------+ | libxml2 | 2.4.23-1 | +--------------------+-----------------+ | login | 1.7-1 | +--------------------+-----------------+ | m4 | 1.4-1 | +--------------------+-----------------+ | make | 3.79.1-7 | +--------------------+-----------------+ | man | 1.5j-1 | +--------------------+-----------------+ | mingw-runtime | 2.3-1 | +--------------------+-----------------+ | mktemp | 1.4-1 | +--------------------+-----------------+ | more | 2.11o-1 | +--------------------+-----------------+ | nasm | 0.98.35-1 | +--------------------+-----------------+ | ncurses | 5.2-8 | +--------------------+-----------------+ | newlib-man | 20020801 | +--------------------+-----------------+ | openssh | 3.5p1-3 | +--------------------+-----------------+ | openssl | 0.9.7-1 | +--------------------+-----------------+ | openssl-devel | 0.9.7-1 | +--------------------+-----------------+ | openssl096 | 0.9.6h-1 | +--------------------+-----------------+ | patch | 2.5.8-2 | +--------------------+-----------------+ | pcre | 3.7-1 | +--------------------+-----------------+ | perl | 5.6.1-2 | +--------------------+-----------------+ | readline | 4.3-2 | +--------------------+-----------------+ | sed | 4.0.5-1 | +--------------------+-----------------+ | sh-utils | 2.0.15-3 | +--------------------+-----------------+ | sharutils | 4.2.1-2 | +--------------------+-----------------+ | sysvinit | 2.84-3 | +--------------------+-----------------+ | tar | 1.13.25-1 | +--------------------+-----------------+ | tcltk | 20021218-1 | +--------------------+-----------------+ | termcap | 20020930-1 | +--------------------+-----------------+ | terminfo | 5.2-3 | +--------------------+-----------------+ | texinfo | 4.2-4 | +--------------------+-----------------+ | textutils | 2.0.21-1 | +--------------------+-----------------+ | tiff | 3.5.7-1 | +--------------------+-----------------+ | time | 1.7-1 | +--------------------+-----------------+ | unzip | 5.50-1 | +--------------------+-----------------+ | vim | 6.1-2 | +--------------------+-----------------+ | w32api | 2.1-1 | +--------------------+-----------------+ | wget | 1.8.2-2 | +--------------------+-----------------+ | which | 1.5-1 | +--------------------+-----------------+ | xinetd | 2.3.9-1 | +--------------------+-----------------+ | zip | 2.3-2 | +--------------------+-----------------+ | zlib | 1.1.4-1 | +--------------------+-----------------+ #. Download Download the FreeRADIUS source code from http://www.freeradius.org/ #. Expand the FreeRADIUS source file. #. Make the following changes to the source code (the diffs are reversed) :: src/main/Makefile.in 145,148c145,148 < $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) radiusd.exe $(R)$(sbindir) < $(INSTALL) -m 755 $(INSTALLSTRIP) radwho.exe $(R)$(bindir) < $(INSTALL) -m 755 $(INSTALLSTRIP) raduse.exe $(R)$(bindir) < $(INSTALL) -m 755 $(INSTALLSTRIP) radzap.exe $(R)$(bindir) --- > $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) radiusd $(R)$(sbindir) > $(INSTALL) -m 755 $(INSTALLSTRIP) radwho $(R)$(bindir) > $(INSTALL) -m 755 $(INSTALLSTRIP) raduse $(R)$(bindir) > $(INSTALL) -m 755 $(INSTALLSTRIP) radzap $(R)$(bindir) 150,151c150,151 < $(INSTALL) -m 755 radclient.exe $(R)$(bindir) < $(INSTALL) -m 755 radrelay.exe $(R)$(bindir) --- > $(INSTALL) -m 755 radclient $(R)$(bindir) > $(INSTALL) -m 755 radrelay $(R)$(bindir) src/modules/rlm_dbm/Makefile.in 22,23c22,23 < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser.exe $(R)$(bindir) < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat.exe $(R)$(bindir) --- > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser $(R)$(bindir) > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat $(R)$(bindir) src/modules/rlm_mschap/Makefile 20c20 < $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt.exe $(R)$(bindir) --- > $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir) #. Run configure with the following command line :: ./configure -without-snmp -disable-shared -enable-static #. Execute make and then make install :: Philip Blow Senior Technical Manager Simply Wireless philipb@simplywireless.com.au freeradius-server-3.0.16/doc/deployment/MACOSX000066400000000000000000000003351322570622300211030ustar00rootroot00000000000000 Installing FreeRADIUS on MAC OSX -------------------------------- 1) download, unzip and untar freeradius.tar.gz 2) $ ./configure 3) $ make 4) $ make install It's what the developers use, so we make sure it works. freeradius-server-3.0.16/doc/deployment/OS2000066400000000000000000000011041322570622300205070ustar00rootroot00000000000000Compiling FreeRADIUS under OS/2 To compile FreeRADIUS unde OS/2 you must have a full EMX environment with GNU utilities (like make,sh) The EMX can be get from http://hobbes.nmsu.edu To work with CVS repository you must install cvs110.zip from hobbes also before entering in sh.exe you must do SET SHELL=sh.exe before running ./configure you must set the shell the variables : export CC=gcc export MAKE=fullpathofyourmake.exe export PERL=fullpathofyourperl.exe The OS/2 version of FreeRADIUS can't directly execute checkrad.pl then the program will execute a checkrad.cmd freeradius-server-3.0.16/doc/deployment/performance-testing000066400000000000000000000141111322570622300240620ustar00rootroot00000000000000 Radius Test Procedures 0. INTRODUCTION This document describes how to test your radius server authentication using random usernames and passwords with the 'radclient' program. 1. WHY TEST Many people want to see the difference in efficiency behind the various authentication methods, compilation methods, etc of their radius server. Before now, this was difficult to do efficiently across a large number of users. However, with this document, you'll be able to test your radius server and determine the best options to use for your system. 2. GETTING STARTED First thing we have to do is generate a large number of users. You'll want to do this even if you have a large passwd file you want to use from your system, because the create user script sets up other files you need for testing. So head to the scripts/ directory, and do this: Make a tmp dir # mkdir tmp # cp create-users.pl tmp # cd tmp Run the script to create 10,000 (or however many you want) random users and passwords # ./create-users.pl 10000 Output from the script will include several files: passwd : A standard passwd file you can append to /etc/passwd shadow : A standard shadow file you can append to /etc/shadow passwd.nocrypt : A file with *unencrypted* users & passes in form "user:pass" radius.test : File you'll use as input for radclient radius.users : A standard radius 'users' file So, equipped with lots of users and passwords, there's several methods of authentication you can test: o System users (Auth-Type:=System) o Local users (Auth-Type:=Local) o Cached system (passwd) users o Others NOTE: Before moving on, you will probably want to add '/dev/null' to /etc/shells *temporarily* so that default system authentication will work. REMEMBER TO TAKE IT OUT! 3. TEST PROCEDURES A. System (/etc/passwd) users testing 1. Append the 'passwd' file from create-users.pl onto your system passwd file: # cat ./passwd >> /etc/passwd 2. If you have shadow, append the shadow file onto /etc/shadow # cat ./shadow >> /etc/shadow 3. Make sure you have a DEFAULT user similar to the following in your radius 'users' file: DEFAULT Auth-Type:=System Reply-Message = "Success!" 4. Start radiusd # /usr/local/sbin/radiusd 5. Run radclient with 'radius.test' as the input file. NOTE: First you need to setup a secret for your local machine in the 'clients' file and use that secret below # time /usr/local/bin/radclient -q -s -f radius.test \ auth NOTE: The above is to be put all on one line. NOTE: Some systems do not have the 'time' command, so you may need to break out the stopwatch instead :) Take note of the output of radclient. If there were lots of failures, something is wrong. All authentications should succeed. 6. Take note of the output from the above 'time' command. The output format should be something similar to the following (on linux, this for example only!): 1.72user 0.53system 5:11.34elapsed 0%CPU (0avgtext+0avgdata 0maxresident)k 0inputs+0outputs (340major+29minor)pagefaults 0swaps This means it took 5:11 (311 seconds) to authenticate 10,000 users. Simple division tells us this is: 10,000 auths / 311 seconds = 32.1543 auths/second B. Local users testing 1. Copy the 'radius.users' file from the script over your 'users' file. Make sure you do NOT have a DEFAULT entry or you will invalidate this test. 2. Restart radiusd (kill and restart) 3. Run radclient (See A-5 above for NOTES on this): # time /usr/local/bin/radclient -q -s -f radius.test \ auth 4. Take note of the output from the above 'time' command, and divide the number of auths (10,000 in this case) with the number of seconds it took to complete. See A6 above for more info. C. Cached system users 1. Set 'cache=yes' in your radiusd.conf file 2. Restart radiusd (ie, kill it and restart, not just a HUP) 3. Perform the same steps outlined above for testing System users (A) D. Other methods There is no reason why you can't use some of this to test modules for PAM, SQL, LDAP, etc, but that will require a little extra work on your end (ie, getting the users/passes you generated into the corresponding database). However, by now you should have a good idea of how to test once you do that. Also, play around with compile options like --with-thread, --with-thread-pool, etc. Run radiusd with '-s' so it runs one process only, etc etc. Play around with it. 4. CAVEATS The above test procedures make no allowances for users that login with incorrect usernames or passwords. If you want a true test of performance, you should add in lots of bad usernames and passwords to the radius.test file and then re-run 'radclient' with that file as input. Additionally, these tests make no reference to how the pre-authenticate, post-authenticate, and accounting methods you choose could affect server performance. For example, checking for simultaneous use after authenti- cating the user is obviously going to slow down authenticate performance. The numbers you get from this test are raw authentications/second in a perfect environment. Do not expect this kind of result in the real world. However, having tested in this manner, you will have a good idea of which authentication methods and compilation options give you the best base to start from, which is key to an efficient server. 5. RESULTS I'd really rather not post results because they will vary tremendously with other system-specific configuration. This is exactly the reason you should run tests of this nature, to find what's best for *your* system. Good luck! freeradius-server-3.0.16/doc/deployment/supervise-radiusd.rst000066400000000000000000000112231322570622300243740ustar00rootroot00000000000000 Supervising the Radiusd Daemon ============================== Introduction ------------ We all hope that our radius daemons won't die in the middle of the nite stranding customer and beeping beepers. But, alas, it's going to happen, and when you least expect it. That's why you want a another process watching your radius daemon, restarting it if and when it dies. This text describes how to setup both the free radius daemon so that it is automatically restarted if the process quits unexpectedly. To do this, we'll use either Dan Bernstein's 'daemontools' package or the inittab file. Note: The radwatch script that used to be part of this distribution, is depreciated and SHOULD NOT BE USED. Setting Up Daemontools ---------------------- First, download (and install) daemontools from: http://cr.yp.to/daemontools.html The latest version as of this writing is 0.70. It would be well worth your while to read all the documentation at that site too, as you can do much more with daemontools than I describe here. Next, we'll need a directory for the radius 'service' to use with daemontools. I usually create a dir '/var/svc' to hold all my daemontool supervised services. i.e.:: $ mkdir /var/svc $ mkdir /var/svc/radiusd Now we just need a short shell script called 'run' in our new service directory that will start our daemon. The following should get you started:: #!/bin/sh # Save as /var/svc/radiusd/run exec /usr/local/sbin/radiusd -s -f Of course you'll want to make that 'run' file executable:: $ chmod +x /var/svc/radiusd/run Note, you *MUST* use the '-f' option when supervising. That option tells radiusd not to detach from the tty when starting. If you don't use that option, the daemontools will always think that radiusd has just died and will (try to) restart it. Not good. Now the only left to do is to start the 'supervise' command that came with daemontools. Do that like so:: $ supervise /var/svc/radiusd Maintenance With Daemontools ---------------------------- Any maintenance you need to do with almost certainly be done with the 'svc' program in the deamontools package. i.e.:: Shutdown radiusd: $ svc -d /var/svc/radiusd Start it back up: $ svc -u /var/svc/radiusd Send HUP to radiusd: $ svc -h /var/svc/radiusd Shutdown and stop supervising radiusd: $ svc -dx /var/svc/radiusd Supervising With Inittab ------------------------ This is really pretty easy, but it is system dependent. I strongly suggest you read the man pages for your 'init' before playing with this. You can seriously hose your system if you screw up your inittab. Add this line (or something similar to it) to your inittab:: fr:23:respawn:/usr/local/sbin/radiusd -f -s &> /dev/null Now all that's left is to have the system reread the inittab. Usually that's done with one of the following:: $ telinit Q or:: $ init q Now you should see a 'radiusd' process when you issue a 'ps'. If you don't, try to run the radiusd command you put in inittab manually. If it works, that means you didn't tell the system to reread inittab properly. If it doesn't work, that means your radius start command is bad and you need to fix it. Acknowledgements ---------------- Document author : Jeff Carneal daemontools auther : Dan Bernstein Further daemontool notes (below): Antonio Dias Radwatch note : Andrey Melnikov Further Daemontools notes ========================= Here are some notes by Antonia Dias sent to the free radius mailing list. Some of you may find this useful after reading the above and the docs for daemontools. Daemontools Instructions ------------------------ I am running radiusd under supervise from daemontools without problems. The only thing I am missing right now is an option to force radiusd to send log to stderr so I can manage logs better with multilog (also included in daemontools package). Here is the procedure I've been following (for Cistron RADIUS):: $ groupadd log $ useradd -g log log $ mkdir /etc/radiusd $ mkdir /etc/radiusd/log $ mkdir /etc/radiusd/log/main $ chmod +t+s /etc/radiusd /etc/radiusd/log $ chown log.log /etc/radiusd/log/main Here are the contents of run files from '/etc/radiusd' and '/etc/radiusd/log':: $ cd /etc/radiusd $ cat run #!/bin/sh exec 2>&1 exec /usr/sbin/radiusd -fyzx $ cd /etc/radiusd/log $ cat run #!/bin/sh exec setuidgid log multilog t ./main To make service wake-up do:: $ ln -sf /etc/radiusd /service Hang-up (to reload config) it using:: $ svc -h /service/radiusd Disable (down) it using:: $ svc -d /service/radiusd Reenable (up) it using:: $ svc -u /service/radiusd freeradius-server-3.0.16/doc/deployment/tuning_guide000066400000000000000000000061751322570622300226020ustar00rootroot00000000000000------------ MAIN SERVER ------------- o If you have a large user base and/or many authentication requests try using a scalable authentication mechanism like ldap or sql. o Enable noatime on all the freeradius log files or better yet on the freeradius log directory. o Always use the latest cvs version. It will probably contain a few fixes and enhancements. o Always try to use the least modules possible. In particular if you can avoid it do not use the detail and radwtmp (files) modules. They will slow down your accounting. o Use the users file to only set default profiles. Do not place any users there. Keep it as small as possible. Always set default attributes in the users file and don't fill the user entries in ldap/sql with default values. In general the ldap/sql user profiles should contain user attributes only in special user cases. o Tune thread pool parameters to match your size requirements. Set max_requests_per_server to zero to avoid server thread restarts. o Enlarge the timeout (10 secs) and retries (5-7) in the access servers for accounting. That way you won't lose any accounting information. o Use well tuned Fast Ethernet connections to minimize latency. o freeradius is multi threaded and i/o bound. That means you should use the latest OS kernels/patches for improved multi processor and network performance. ------------ LDAP MODULE ------------- o Try to maximize caching in the ldap server. In particular *always* enable indexing of the uid attribute (equality index) and the cn attribute (equality index - the cn attribute is used to search for groups). Make the ldap server entry/directory cache memory sizes as large as possible. In general try allocating as much memory as you can afford to your ldap server. o Put default profiles in ldap. User entries should only contain non standard values in order to remain small and maximize the gains of caching the user default/regular profiles. o Enable group caching in groups. ------------ SQL MODULE -------------- o Use the sql module in the session section instead of the radutmp module. It works *much* quicker. o Create a multi column index for the (UserName,AcctStopTime) attributes especially if you are using sql for double login detection. o If you are using mysql and you do a lot of accounting try using InnoDB for the radacct table instead of MyISAM (this should be the default in all schemas) o Add AcctUniqueId in the accounting_stop query. Especially if you have a lot of access servers or your NAS does not send very random Session-Ids. That way you will always have one candidate row to search for, instead of all the rows that have the same AcctSessionId ------------ COUNTER MODULE ---------- o Enable noatime on the counter db files. o Tune the cache_size configuration directive to match your needs. The cache size should be set to 2-3 * number of available nas ports. o Keep the database in a memory mapped file if you can help. Backup the file every 10 mins to the disk and copy it to the memory mapped one on server startup. ------------ RADUTMP MODULE ---------- o Enable noatime on the radutmp file o Don't use it freeradius-server-3.0.16/doc/developer/000077500000000000000000000000001322570622300177725ustar00rootroot00000000000000freeradius-server-3.0.16/doc/developer/coding-methods.rst000066400000000000000000000201271322570622300234320ustar00rootroot00000000000000Helpful coding methods ====================== The following is a short set of guidelines to follow while programming. It does not address coding styles, function naming methods, or debugging methods. Rather, it describes the processes which SHOULD go on in the programmers mind, while he is programming. Coding standards apply to function names, the look of the code, and coding consistency. Coding methods apply to the daily practices used by the programmer to write code. 1. Comment your code. If you don't, you'll be forced to debug it 6 months later, when you have no clue as to what it's doing. If someone REALLY hates you, you'll be forced to debug un-commented code that someone else wrote. You don't want to do that. For FreeRADIUS use doxygen @style comments so you get the benefits of docs.freeradius.org. 2. Give things reasonable names. Variables and functions should have names. Calling them 'x', 'xx', and 'xxx' makes your life hell. Even 'foo' and 'i' are problematic. Avoid smurfs. Don't re-use struct names in field names i.e. struct smurf { char *smurf_pappa_smurf; } If your code reads as full english sentences, you're doing it right. 3. Check input parameters in the functions you write. Your function CANNOT do anything right if the user passed in garbage, and you were too lazy to check for garbage input. assert() (rad_assert()) is ugly. Use it. GIGO is wrong. If your function gets garbage input, it should complain loudly and with great descriptiveness. 4. Write useful error messages. "Function failed" is useless as an error message. It makes debugging the code impossible without source-level instrumentation. If you're going to instrument the code at source level for error messages, leave the error messages there, so the next sucker won't have to do the same work all over again. 5. Check error conditions from the functions you call. Your function CANNOT do anything right if you called another function, and they gave you garbage output. One of the most common mistakes is:: fp = fopen(...); fgetc(fp); /* core dumps! */ If the programmer had bothered to check for a NULL fp (error condition), then he could have produced a DESCRIPTIVE error message, instead of having his program core dump. 6. Core dumps are for weenies. If your program core dumps accidentally, you're a bad programmer. You don't know what your program is doing, or what it's supposed to be doing when anything goes wrong. If it hits an assert() and calls abort(), you're a genius. You've thought ahead to what MIGHT go wrong, and put in an assertion to ensure that it fails in a KNOWN MANNER when something DOES go wrong. (As it usually does...) 7. Initialize your variables. memset() (talloc_zero()) is your friend. 'ptr = NULL' is nice, too. Having variables containing garbage values makes it easy for the code to do garbage things. The contents of local variables are inputs to your function. See #3. It's also nearly impossible for you to debug any problems, as you can't tell the variables with garbage values from the real ones. 8. Don't allow buffer over-runs. They're usually accidental, but they cause core dumps. strcpy() and strcat() are ugly. Use them under duress. sizeof() is your friend. 9. 'const' is your friend. If you don't mean to modify an input structure to your function, declare it 'const'. Declare string constants 'const'. It can't hurt, and it allows more errors to be found at compile time. Use 'const' everywhere. Once you throw a few into your code, and have it save you from stupid bugs, you'll blindly throw in 'const' everywhere. It's a life-saver. 10. Use C compiler warnings. Turn on all of the C compiler warnings possible. You might have to turn some off due to broken system header files, though. But the more warnings the merrier. Getting error messages at compile time is much preferable to getting core dumps at run time. See #7. Notice that the C compiler error messages are helpful? You should write error messages like this, too. See #4. 11. Avoid UNIXisms and ASCIIisms and visualisms. You don't know under what system someone will try to run your code. Don't demand that others use the same OS or character set as you use. Never assign numbers to pointers. If foo is a char*, and you want it to be be null, assign NULL, not 0. The zeroth location is perfectly as addressable as any other on plenty of OSes. Not all the world runs on Unix (though it should :) ). Another common mistake is to assume that the zeroth character in the character set is the string terminator. Instead of terminating a string with 0, use '\0', which is always right. Similarly, memset() with the appropriate value: NULL, '\0', or 0 for pointers, chars, and numbers. Don't put tabs in string constants, either. Always use '\t' to represent a tab, instead of ASCII 9. Literal tabs are presented to readers of your code as arbitrary whitespace, and it's easy to mess up. 12. Make conditionals explicit. Though it's legal to test "if (foo){}", if you test against the appropriate value (like NULL or '\0'), your code is prettier and easier for others to read without having to eyeball your prototypes continuously to figure out what you're doing (especially if your variables aren't well-named). See #2. 13. Test your code. Even Donald Knuth writes buggy code. You'll never find all of the bugs in your code unless you write a test program for it. This also means that you'll have to write your code so that it will be easily testable. As a result, it will look better, and be easier to debug. Hints, Tips, and Tricks ----------------------- This section lists many of the common "rules" associated with code submitted to the project. There are always exceptions... but you must have a really good reason for doing so. 1. Read the Documentation and follow the CodingStyle The FreeRADIUS server has a common coding style. Use real tabs to indent. There is whitespace in variable assignments. (i = 1, NOT i=1). When in doubt, format your code to look the same as code already in the server. If your code deviates too much from the current style, it is likely to be rejected without further review, and without comment. 2. #ifdefs are ugly Code cluttered with ifdefs is difficult to read and maintain. Don't do it. Instead, put your ifdefs in a header, and conditionally define 'static inline' functions, or macros, which are used in the code. Let the compiler optimize away the "no-op" case. Simple example, of poor code:: #ifdef CONFIG_MY_FUNKINESS init_my_stuff(foo); #endif Cleaned-up example: (in header):: #ifndef CONFIG_MY_FUNKINESS static inline void init_my_stuff(char *foo) {} #endif (in the code itself):: init_my_stuff(dev); 3. 'static inline' is better than a macro Static inline functions are greatly preferred over macros. They provide type safety, have no length limitations, no formatting limitations, and under gcc they are as cheap as macros. Macros should only be used for cases where a static inline is clearly suboptimal [there a few, isolated cases of this in fast paths], or where it is impossible to use a static inline function [such as string-izing]. 'static inline' is preferred over 'static __inline__', 'extern inline', and 'extern __inline__'. 4. Don't over-design. Don't try to anticipate nebulous future cases which may or may not be useful: "Make it as simple as you can, and no simpler" Split up functionality as much as possible. If your code needs to do two unrelated things, write two functions. Mashing two kinds of work into one function makes the server difficult to debug and maintain. freeradius-server-3.0.16/doc/developer/contributing.rst000066400000000000000000000107041322570622300232350ustar00rootroot00000000000000Submitting patches or diff's to the FreeRADIUS project ====================================================== For a person or company wishing to submit a change to the FreeRADIUS project the process can sometimes be daunting if you're not familiar with "the system." This text is a collection of suggestions which can greatly increase the chances of your change being accepted. Note: Only trivial patches will be accepted via email. Large patches, or patches that modify a number of files MUST be submitted as a pull-request via GitHub. Hints and tips -------------- 1. Describe your changes ~~~~~~~~~~~~~~~~~~~~~~~~ Describe the technical detail of the change(s) your patch or commit includes. Be as specific as possible. The WORST descriptions possible include things like "update file X", "bug fix for file X", or "this patch includes updates for subsystem X. Please apply." If your description starts to get long, that's a sign that you probably need to split up your commit. See #3, next. 2. Separate your changes ~~~~~~~~~~~~~~~~~~~~~~~~ Separate each logical change into its own commit. For example, if your changes include both bug fixes and performance enhancements for a single module, separate those changes into two or more patches. On the other hand, if you make a single change to numerous files, group those changes into a single commit. Thus a single LOGICAL change is contained within a single commit. If one commit depends on another commit in order for a change to be complete, that is OK. Simply note "this commit depends on commit X" in the extended commit description. If your commit includes significant whitespace changes these should also be broken out into another, separate, commit. Submitting patches via GitHub ----------------------------- See the following links for more details about submitting via github: - https://help.github.com/articles/fork-a-repo - http://wiki.freeradius.org/contributing/GitHub Submitting patches via email ---------------------------- 1. "diff -u" ~~~~~~~~~~~~ Use ``diff -u`` or ``diff -urN`` to create patches. All changes to the source occur in the form of patches, as generated by diff(1). When creating your patch, make sure to create it in "unified diff" format, as supplied by the '-u' argument to diff(1). Patches should be based in the root source directory, not in any lower subdirectory. To create a patch for a single file, it is often sufficient to do:: SRCTREE=/home/user/src/freeradiusd/ MYFILE=src/modules/rlm_foo/foo.c cd $SRCTREE cp $MYFILE $MYFILE.orig vi $MYFILE # make your change diff -u $MYFILE.orig $MYFILE > /tmp/patch To create a patch for multiple files, you should unpack a "vanilla", or unmodified source tree, and generate a diff against your own source tree. For example:: MYSRC=/home/user/src/freeradiusd-feature/ gunzip freeradiusd-version.tar.gz tar xvf freeradiusd-version.tar diff -urN freeradiusd-version $MYSRC > ~/feature-version.patch 2. Select e-mail destination ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you are on the developers mailing list, send the patch there. freeradius-devel@lists.freeradius.org Otherwise, send the patch to 'patches@freeradius.org' 3. No MIME, no links, no compression, no attachments. Just plain text ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The developers need to be able to read and comment on the changes you are submitting. It is important for a developer to be able to "quote" your changes, using standard e-mail tools, so that they may comment on specific portions of your code. For this reason, all patches should be submitting e-mail "inline". Do not attach the patch as a MIME attachment, compressed or not. Many popular e-mail applications will not always transmit a MIME attachment as plain text, making it impossible to comment on your code. A MIME attachment also takes a bit more time to process, decreasing the likelihood of your MIME-attached change being accepted. Compressed patches are generally rejected outright. If the developer has to do additional work to read your patch, the odds are that it will be ignored completely. 4. E-mail size ~~~~~~~~~~~~~~ Large changes are not appropriate for mailing lists, and some maintainers. If your patch, exceeds 5Kb in size, you must submit the patch via GitHub instead. 5. Name the version of the server ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It is important to note, either in the subject line or in the patch description, the server version to which this patch applies. freeradius-server-3.0.16/doc/developer/module_interface.rst000066400000000000000000000163411322570622300240360ustar00rootroot00000000000000 RLM Module Interface (for developers) ===================================== Overview -------- Intent of the server ^^^^^^^^^^^^^^^^^^^^ FreeRADIUS is an authentication server. It does RADIUS authorization, authentication, and accounting. It does NOT do database management, user configuration updates, or email. All of those functions may be more easily (and correctly) performed in programs outside of the server. The only functionality performed by the server is: - receive a RADIUS request - process the request - look up information one or more databases - store information in one or more databases (proxying can be viewed this way) - respond to the request There is no room, or need, for timers, listening on sockets, or anything else in the server. Adding those functions to the server means that it will become more complex, more unstable, more insecure, and more difficult to maintain. Intent of the modules ^^^^^^^^^^^^^^^^^^^^^ The intent of modules is that they do small, simple, well-defined things when RADIUS packets are received. If the module does things when RADIUS packets are NOT received, then it has no business being in the server. Similarly, the module infrastructure is NOT intended to allow servers, applications, timed events, or anything other than handling incoming RADIUS packets. Modules perform an action when RADIUS packets are received. Modules which do more (creating threads, forking programs) will NOT be added to the server, and the server core will NOT be modified to enable these kinds of modules. Those functions more properly belong in a separate application. Modules ARE permitted to open sockets to other network programs, and to send and receive data on those sockets. Modules are NOT permitted to open sockets, and to listen for requests. Only the server core has that functionality, and it only listens for RADIUS requests. Module outline ^^^^^^^^^^^^^^ The fundamental concepts of the rlm interface are module, instance, and component. A module is a chunk of code that knows how to deal with a particular kind of database, or perhaps a collection of similar databases. Examples: - rlm_sql contains code for talking to MySQL or Postgres, and for mapping RADIUS records onto SQL tables - rlm_unix contains code for making radiusd fit in well on unix-like systems, including getpw* authentication and utmp/wtmp-style logging. An instance specifies the actual location of a collection data that can be used by a module. Examples: - /var/log/radutmp - "the MySQL database on bigserver.theisp.com.example" A module can have multiple components which act on RADIUS requests at different stages. The components are: - authorization: check that a user exists, decide on an authentication method or proxy realm, and possibly apply some attributes to be returned in the reply packet. - authentication: verify that the password is correct. - preaccounting: decide whether to proxy the request, and possibly add attributes that should be included in any logs - accounting: record the request in the log - checksimul: count the number of active sessions for the user - postauth: process the response before it's sent to the NAS - preproxy: process a request before it's proxied - postproxy: filter attributes from a reply to a proxied request A module declares which components it supports by putting function pointers in its "module_t rlm_*" structure. Module configuration ^^^^^^^^^^^^^^^^^^^^ The administrator requests the creation of a module instance by adding it inside the modules{} block in radiusd.conf. The instance definition looks like this:: module_name [instance_name] { param1 = value1 param2 = value2 param3 = value3 ... } The module_name is used to load the module. To see the names of the available modules, look for the rlm\_\*.so files in $installprefix/lib. The module_name is that, minus the rlm\_ and the .so. instance_name is an identifier for distinguishing multiple instances of the same module. If you are only loading a module once, you can leave out the instance_name and it will be assumed to be the same as the module_name. The parameters inside the module block are passed without interpretation to the module and generally point to the exact location of a database or enable optional features of the module. Each module should document what parameters it accepts and what they do. For each Access-Request that comes to the server, the authorize{} block is called. Then one of the Auth-Type{} blocks from authenticate{} is called, depending on the Auth-Type attribute that was chosen by authorize{}. Finally, the post-auth{} block is called. If authorize{} set the Proxy-To-Realm attribute, then proxying takes over via pre-proxy{} and post-proxy{}, and the local authenticate{} phase is skipped. For each Accounting-Request that comes to the server, the preacct{} block is called, followed by the accounting{} block. accounting{} is skipped if preacct{} sets Proxy-To-Realm. For an explanation of what "calling" a config block means, see the "configurable_failover" file. The lifetime of a module ^^^^^^^^^^^^^^^^^^^^^^^^ When the server is starting up, or reinitializing itself as a result of a SIGHUP, it reads the modules{} section. Each configured module will be loaded and its init() method will be called:: int init(void) The init() method should take care of any setup that is not tied to a specific instance. It will only be called once, even if there are multiple instances configured. For each configured instance, after the init() method, the instantiate() method is called. It is given a handle to the configuration block holding its parameters, which it can access with cf_section_parse().:: int instantiate(CONF_SECTION \*cs, void \**instance) The instantiate() function should look up options in the config section, and open whatever files or network connections are necessary for the module to do its job. It also should create a structure holding all of the persistent variables that are particular to this instance (open file descriptors, configured pathnames, etc.) and store a pointer to it in \*instance. That void \* becomes a handle (some would call it a "cookie") representing this instance. The instance handle is passed as a parameter in all subsequent calls to the module's methods, so they can determine which database they are supposed to act on. The authorize(), authenticate(), preaccounting(), and accounting() functions are all called the same way:: int authorize(void \*instance, REQUEST \*request) int authenticate(void \*instance, REQUEST \*request) int preaccounting(void \*instance, REQUEST \*request) int accounting(void \*instance, REQUEST \*request) they each receive the instance handle and the request, and are expected to act on the request using the database pointed to by the instance handle (which was set by the instantiate() function). When the server is being shut down (as the first part of SIGHUP for example) detach() is called for each module instance.:: int detach(void \*instance) The detach() method should release whatever resources were allocated by the instantiate() method. After all instances are detached, the destroy() method is called.:: int destroy(void) It should release resources that were acquired by the init() method. --Alan Curry freeradius-server-3.0.16/doc/developer/release-method.rst000066400000000000000000000014121322570622300234200ustar00rootroot00000000000000Release Method ============== As of 2.0, the release process is much simpler. Edit the Changelog with the version number and any last updates. vi doc/ChangeLog git commit doc/ChangeLog Change version numbers in the VERSION file: vi VERSION git commit VERSION Make the files Note that it also does "make dist-check", which checks the build rules for various packages. make dist Validate that the packages are OK. If so, tag the release. Note that this does NOT actually do the tagging! You will have to run the command it prints out yourself. make dist-tag Sign the packages. You will need the correct GPG key for this to work. make dist-sign Push to the FTP site. You will need write access to the FTP site for this to work. make dist-publish freeradius-server-3.0.16/doc/index.rst000066400000000000000000000007751322570622300176570ustar00rootroot00000000000000.. FreeRADIUS documentation master file, created by sphinx-quickstart on Tue May 18 13:26:39 2010. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. .. toctree:: :maxdepth: 2 aaa ldap_howto load-balance coding-methods DIFFS release-method cisco configurable_failover processing_users_file proxy variables Indices and tables ================== * :ref:`genindex` * :ref:`modindex` * :ref:`search` freeradius-server-3.0.16/doc/modules/000077500000000000000000000000001322570622300174555ustar00rootroot00000000000000freeradius-server-3.0.16/doc/modules/RADIUS-LDAP-eDirectory000066400000000000000000000016351322570622300232210ustar00rootroot00000000000000"Integrating Novell eDirectory with FreeRADIUS" Overview You can integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 onwards to allow wireless authentication for eDirectory users. By integrating eDirectory with FreeRADIUS, you can do the following: * Use universal password for RADIUS authentication. Universal password provides single login and authentication for eDirectory users. Therefore, the users need not have a separate password for RADIUS and eDirectory authentication. * Enforce eDirectory account policies for users. The existing eDirectory policies on the user accounts can still be applied even after integrating with RADIUS. Also, you can make use of the intruder lockout facility of eDirectory by logging the failed logins into eDirectory. For configuration information please refer to the Novell documentation http://www.novell.com/documentation/edir_radius/index.html freeradius-server-3.0.16/doc/modules/ldap_howto.rst000066400000000000000000001473061322570622300223620ustar00rootroot00000000000000LDAP Configuration ================== This document describes how to setup Freeradius on a Freebsd machine using LDAP as a backend. This is by no means complete and your mileage may vary. If you are having any problems with the setup of your freeradius installation, please read the documentation that comes with Freeradius first as that is where all the information for this project came from. If you find any bugs, typos, alternative ideas, or just plain wrong information, please let me know by sending an email to the address above. The radius servers in this document are built on Freebsd 4.8, using Freeradius .81 with OpenLDAP 2.0.27 as the backend. The servers are designed to support customers for multiple services. In this document we will use regular dialup and dialup ISDN as examples of two different services using the same radius server for authentication. OVERVIEW -------- The radius servers are to be provisioned by a some sort of system we will call Billing. Billing could simply be a script, a web front-end, or an actual integration into a billing system. Billing will provision to the master LDAP server. The master LDAP server is running slurpd, which will replicate all changes to the other radius servers. Each radius server will run a local instance of LDAP. The radius servers will be accepting Radius auth packets and Radius acct packets. The accounting packets will be stored locally on each radius server and then forwarded to the Accounting radius server, using radrelay. The Accounting radius server will store all the radius information in some sort of database such as MySQL, Postgres, or Oracle. The configuration of the actual Accounting radius server is outside the scope of this document. Please refer to the freeradius documentation for setting up that server. The Accounting radius server will help to provide a searchable interface to the accounting data for billing and usage purposes and could allow a web front-end to be built for helpdesk/customer service usage. If that is not needed for your purposes, then disregard all details about the Accounting radius server. In order to make sure no data is lost in the event of the Accounting radius server going down, the replication of data will take place using radrelay. Radrelay will do the equivalent of a tail on the detail file and will continually attempt to duplicate each radius packet that is stored in the detail file and send it off to the recipient(s) specified. Upon receipt of an accounting_response packet radrelay will consider that packet completed and continue working on the others. Each radius server will also be storing its own copy of all accounting packets that are sent to it. Each NAS will be setup with a primary radius server and a failover radius server. We will spread the load among the group of radius servers that we have so some are acting as a primary to some NAS's and acting as a secondary to others. In the event of a radius failure, the NAS should failover to the backup radius server. How to configure this is dependent on the particular NAS being used. :: Will use Radius acct data Billing will provision for real-time billing out to the Master LDAP server over LDAP +------------+ | Accounting | +---------+ | Radius | | Billing | +------------+ +----+----+ /|\ | | | | | | | | Provisioning | Message | | Duplicate | Acct | | | | \|/ | +------------+ | +------------------| LDAP Master| | | +------------+ | | | | Slurpd Slurpd Replication | Replication | | | | | | \|/ | | +------------+ | | | Radius2 | The Radius servers | | | LDAP Slave | will create a local | \|/ +------------+ copy of all acct +-------------+ packets and then | Radius1 | fwd a copy back | LDAP Slave | All Radius servers run a to accounting +-------------+ local copy of LDAP for /|\ /|\ Authorization and Authentication | | | | | | | | Auth Acct | | | | | | | | | | \|/ \|/ +-----------+ | | | | | NAS | | | +-----------+ The NAS will be setup to use one of the Radius servers as primary and the others as failover LDAP ---- The LDAP directory is designed to start with the top level of dc=mydomain,dc=com. The next level of the tree contains the different services that will be stored within the ldap server. For the radius users, it will be specified as ou=radius. Below ou=radius, will be the different types of accounts. For example, ou=users will store the users and ou=profiles will store the default radius profiles. The profiles are entries that will be used to store group-wide radius profiles. The group ou=admins will be a place to enter the users for Billing, Freeradius, and any other administrative accounts that are needed. :: +---------------------+ | | | Dc=mydomain,dc=com |Objectclass:organizationalUnit | |Objectclass:dcObject +---------------------+ | | \|/ +---------------+ | | | Ou=radius | Objectclass:organizationalUnit | | +---------------+ | +-----------------------+-------------------------| | | | \|/ \|/ \|/ +---------+ +---------------+ +-------------+ | | | | | | |Ou=users | | Ou=profiles | | Ou=admins | | | | | | | +---------+ +---------------+ +------|------+ | | | | | | \|/ | \|/ ----- Objectclass: | ----- Objectclass: // \\ radiusprofile | // \\ person | | | | | \\ // | \\ // ----- \|/ ----- Dn:cn=freeradius Dn: uid=example,ou=users, ----- ObjectClass: ou=admins,ou=radius dc=mydomain,dc=com // \\ radiusprofile dc=mydomain,dc=com | | | | \\ // ----- Dn: uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com An example LDIF file is below. NOTE: There are unique radius attribute types and objectclasses, these will be explained in the configuration section. :: dn: dc=mydomain,dc=com objectClass: dcObject objectClass: organizationUnit ou: Mydomain.com Radius dc: mydomain dn: ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: radius dn: ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: profiles dn: ou=users,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: users dn: ou=admins,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: admins dn: uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: dial radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None dn: uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: isdn radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None dn: uid=example,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusProfile uid: example userPassword: test radiusGroupName: dial radiusGroupName: isdn dn: cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: freeradius cn: freeradius userPassword: freeradius dn: cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: freeradius cn: freeradius userPassword: billing dn: cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: replica cn: replica userPassword: replica In order to configure the ldap server to understand the radius schema that we are using, the attribute types and objectclasses must be defined in slapd.conf. The file is included with the following line in slapd.conf:: include /usr/local/etc/openldap/schema/RADIUS-LDAPv3.schema Below is the complete Schema:: ----Begin RADIUS-LDAPv3.schema---- ################################################# ##### custom radius attributes ################## objectIdentifier myOID 1.1 objectIdentifier mySNMP myOID:1 objectIdentifier myLDAP myOID:2 objectIdentifier myRadiusFlag myLDAP:1 objectIdentifier myObjectClass myLDAP:2 attributetype ( myRadiusFlag:1 NAME 'radiusAscendRouteIP' DESC 'Ascend VSA Route IP' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype (myRadiusFlag:2 NAME 'radiusAscendIdleLimit' DESC 'Ascend VSA Idle Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype (myRadiusFlag:3 NAME 'radiusAscendLinkCompression' DESC 'Ascend VSA Link Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype (myRadiusFlag:4 NAME 'radiusAscendAssignIPPool' DESC 'Ascend VSA AssignIPPool' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype (myRadiusFlag:5 NAME 'radiusAscendMetric' DESC 'Ascend VSA Metric' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) ################################################# attributetype ( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompression' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationAction' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #need to change asn1.id attributetype ( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' SUP top STRUCTURAL DESC '' MUST ( uid ) MAY ( userPassword $ radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusIdleTimeout $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProfileDn $ radiusServiceType $ radiusSessionTimeout $ radiusSimultaneousUse $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusAscendRouteIP $ radiusAscendIdleLimit $ radiusAscendLinkCompression $ radiusAscendAssignIPPool $ radiusAscendMetric ) ) ----End RADIUS-LDAPv3.schema---- Now we need to setup the permissions on the ldap server. Notice above we created three users in the admin ou. These users will be specific for billing, freeradius, and replication. On the master ldap server, we will set the following permissions:: access to attr=userPassword by self write by dn="cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none access to * by self write by dn="cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none This will give the billing user write access to add/delete users. For security we will not give read access to any other users. You can easily add another read-only user to this setup if you want to build some sort of web interface to do only reads. Now on the slave ldap servers (aka the radius servers) we will setup the following permissions:: access to attr=userPassword by self write by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none access to dn="ou=users,ou=radius,dc=mydomain,dc=com" by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by dn="cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com" read by anonymous auth by * none access to * by self write by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none This will give the replica user write access. This user will be discussed below and it is involved in the process of replicating the master server to the slaves. The freeradius user only needs read access to do the lookups for authorization. Now we will want to setup indexes to speed up searches. At the minimum, below will work. Since all radius lookups are currently using the uid, we will want to index that. It is also a good idea to index the objectclass attribute. # Indices to maintain index objectClass eq index uid eq Now we need to setup the replication from the master to the slave servers. To do this, we will add the following to the slapd.conf file on the master: On the master LDAP server:: replica host=radius1.mydomain.com binddn=cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com bindmethod=simple credentials=replica replica host=radius2.mydomain.com binddn=cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com bindmethod=simple credentials=replica We will need to add a replica for each slave LDAP server. The binddn is the name that is used to bind to the slave server, and the credentials is the secret for that user. On the slave LDAP servers:: updatedn cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com updateref ldap://ldapmaster.mydomain.com Those will determine what name is allowed to update the LDAP server and if an update is attempted directly, what server to refer the update to. RADIUS ------ The radius server is setup to use LDAP for both Authorization and Authentication. This section will describe what events will take place during an AAA session with a NAS. When the NAS sends a access_request to the radius server, the radius server will perform authorization and authentication based on a series of modules that are defined in radiusd.conf. For example, the module defined as ldap, will be used to make connections to the LDAP directory. An example is seen in raddb/mods-config/ldap:: The first thing that is done is authorization of the user. The radius server will process the modules in the order specified in the authorization section of radiusd.conf. Currently, they are in the following order. 1) preprocess 2) suffix 3) files 4) ldap The first module will be preprocess. This will first check the huntgroups of the user coming in. The huntgroups are defined in the file huntgroups and they are a group listing of the NAS-IP-Addresses that make the access_request. This is useful in creating specific actions based on the NAS-IP that the request is made from. An example, is below:: isdncombo NAS-IP-Address == 10.10.10.1 dialup NAS-IP-Address == 10.10.10.2 dialup NAS-IP-Address == 10.10.10.3 We will have one NAS that is used for both ISDN and regular dialup customers, the other NAS's will be only used for dialup. The preprocess module may also use the hints file, to load hints to the radius server, and add additional hacks that are based on the type of request that comes in. This is to help with certain NAS's that don't conform to radius RFC's. Check the comments in radiusd.conf for an explanation on those. The second module is suffix. This event will determine which realm the user is in, based on the User-Name attribute. It is currently setup to split the username at the occurence of the @symbol. For example, the username of example@mydomain.com, will be split into example and mydomain.com. The realm is then checked against the file proxy.conf, which will determine what actions should be taken for that realm. Certain realms can be setup to be proxied to a different radius server or set to authenticate locally. Also, the username can be setup to be stripped from the realm or left intact. An example of proxy.conf, is listed below. If the realm is to be proxied, then a secret is needed, which is the secret of the radius server it is to be proxied to. By default the User-Name will be stripped, unless the nostrip option is set. Currently we will not be using realms with our users, but adding this ability in the future will be much easier with already incorporating proxy.conf into the setup:: proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 servers_per_realm = 15 default_fallback = yes } realm NULL { type = radius authhost = LOCAL accthost = LOCAL #secret = testing123 } realm DEFAULT { type = radius authhost = LOCAL accthost = LOCAL #secret = testing123 } The next module is files, which is commonly know as the users file. The users file will start with either a username to determine how to authorize a specific user, or a DEFAULT setting. In each line it will define what items must be present for there to be a match in the form of attribute == value. If all the required attributes are matched, then attributes specified with attribute := value will be set for that user. If no match is found the users file will continue to be processed until there is a match. The last DEFAULT setting will be set as a catch-all, in case there is no previous match. If a match is made, the statement of Fall-Through determines if the users file should continue to be processed or if it should stop right there. The Ldap-Group corresponds to the LDAP attribute of radiusGroupName (see ldap configuration above). The user may be assigned multiple radiusGroupNames, one for each of the services that the user is authorized for. If the user does belong to the correct group, then the user will be authorized for that type of access. If the user does not belong to that group, then there will not be a match and the users file will continue to be processed. If a match is made and there is a User-Profile set, then the radius server will lookup the attributes that exist in that User-Profile in the LDAP directory. These are radius attributes that will be sent to the NAS as a reply-item. An example users file is below:: DEFAULT Ldap-Group == disabled, Auth-Type := Reject Reply-Message = "Account disabled. Please call the helpdesk." DEFAULT Huntgroup-Name == isdncombo, NAS-Port-Type == Async, Ldap-Group == dial, User-Profile := "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com" Fall-Through = no DEFAULT Huntgroup-Name == isdncombo, NAS-Port-Type == ISDN, Ldap-Group == isdn, User-Profile := "uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com" Fall-Through = no DEFAULT Huntgroup-Name == dial, Ldap-Group == dial, User-Profile := "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com" Fall-Through = no DEFAULT Auth-Type := Reject Reply-Message = "Please call the helpdesk." Notice that the catchall DEFAULT is set to Reject the user. This will stop the authorization and immediately send back an access_reject message. Because business rules are applied above to each scenario where the user will be authorized for access, if no match is found, then we will want to stop the process immediately to save resources. By using the Ldap-Group feature we can limit user logins to only the services they are subscribed to. Some examples of possible user setups are below:: #user with access to dial-up dn: uid=user1,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: user1 userPassword: whatever radiusgroupname: dial #user with access to ISDN and dial dn: uid=user2,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: user2 userPassword: whatever radiusgroupname: dial radiusgroupname: isdn #same user as above that was suspended for not paying dn: uid=user2,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: user2 userPassword: whatever radiusgroupname: dial radiusgroupname: isdn radiusgroupname: disabled Now that we have authorized the user, the final piece is to authenticate the user. Authentication is currently done by checking if the password sent in the access_request packet is correct. This action will be done with an attempted bind to the LDAP server using the User-Name and User-Password attributes passed to it from the access_request. If the user is successfully authorized, then an access_accept message will be sent back to the NAS, with any reply items that were defined in the authorization section. If the user did not supply the correct password, then an access_reject message will be sent to the user. If the NAS is sent an access_accept packet then the user will be given access to the service and the NAS will then send an acct_request packet. This will be a request packet to start a radius accounting session. The way the server will log the accounting packets is determined in the detail module in the radiusd.conf file. Since we will be storing a local copy and forwarding on all accounting to the Accounting radius server, we will store two local copies on the machine. The first one is done in a regular detail file as defined in the following:: detail detail1 { filename = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d permissions = 0600 dir_permissions = 0755 } The second detail file will be used by the program radrelay to relay a copy of all accounting packets to the Accounting radius server. This file is stored as a catchall for all accounting packets. The radrelay program will basically do a tail on that file and will then attempt to send a copy of each addition to it to the Accounting server. If the copy is successfully sent, then it will be deleted from this file. If the Accounting server were to go down, then this file will continue to build up entries. As soon as the Accounting server is back online, an attempt to re-send the packets to the Accounting server will made. This file is defined in the following section of radiusd.conf:: detail detail2 { filename = ${radacctdir}/detail-combined permissions = 0600 dir_permissions = 0755 locking = yes } INSTALLATION ------------ The new radius servers are currently built on Freebsd 4.8. As the version may eventually change, these instructions may no longer apply. The steps for building the server are the following: * Install FreeBSD * Install other FreeBSD items * Install OpenLDAP *NOTE: this must be done before installing Freeradius* * Install FreeRadius Under the assumption that FreeBSD is already installed and the kernel rebuilt to the specifications needed for the machine, there are several other things that may be needed at this time and the purpose of this is just as a reminder. install cvsup-without-gui from the ports collection run cvsup on all to update the ports to the most recent versions might be a good idea to upgrade the src edit and run cvsup on /usr/share/examples/cvsup/standard-supfile cd /usr/src - vi Makefile and follow instructions install sendmail from ports to keep up to date with the most recent versions. In the ports collection /ports/mail/sendmail run make; make install; make mailer.conf. Then edit rc.conf and change to sendmail_enable=NO radius servers only need the local interface to send daily reports edit rc.conf to make sure inetd_enable=NO no reason to have extra services running if you rebuilt the kernel to add support for IPFIREWALL, then remember to add a firewall rule to rc.conf firewall_enable=YES firewall_type=OPEN (or actually create a real firewall rule) add crontab to keep date accurate for accounting:: 15 03 * * * /usr/sbin/ntpdate -s thetimeserver.mydomain.com install openldap from ports download the freeradius source as the ports collection is often outdated the default settings are /usr/local/etc/raddb, /var/log/radius.log, /var/log/radacct since openldap was installed first, you should not need any special flags to add ldap support Now its time to configure openlap and freeradius. First we will be looking at configuring OpenLDAP copy RADIUS-LDAPv3.schema to /usr/local/etc/openldap/schema edit /usr/local/etc/openldap/slapd.conf :: ----Begin slapd.conf---- # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 #kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/RADIUS-LDAPv3.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org loglevel 296 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la password-hash {SSHA} access to attr=userPassword by self write by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none access to dn="ou=users,ou=radius,dc=mydomain,dc=com" by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by dn="cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com" read by anonymous auth by * none access to * by self write by dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" write by anonymous auth by * none ####################################################################### # ldbm database definitions ####################################################################### database bdb suffix "dc=mydomain,dc=com" rootdn "cn=root,dc=mydomain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}Eu5EwPxTrwhEGrXQ9SaQZyfpu4iHt3NP # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq index uid eq mode 0600 cachesize 2000 # replica one for each #replica host=radius1.mydomain.com # binddn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com" # bindmethod=simple credentials=secret replogfile /var/db/openldap-slurp/replog ## REMEMBER TO ADD THIS TO THE SLAVES updatedn "cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com" updateref ldap://ldapmaster.mydomain.com ----End slapd.conf---- To create a rootdn that is not stored in plain text, enter the following command:: $ slappasswd it will ask for password and verification:: New password: Re-enter new password:: while in the shell create the directory for the ldap database, this must be created before slapd can start:: $ mkdir /var/db/openldap-data move the slapd.sh.sample file to slapd.sh in /usr/local/etc/rc.d:: $ mv /usr/local/etc/rc.d/slapd.sh.sample slapd.sh enable logging in /etc/syslog.conf by adding the following:: local4.* /var/log/ldap.log restart syslogd start it up on both the master and slave ldap servers:: $ /usr/local/etc/rc.d/slapd start create the structural ldif, schema.ldif:: ----Begin schema.ldif---- dn: dc=mydomain,dc=com objectClass: dcObject objectClass: organizationUnit ou: Mydomain.com Radius dc: mydomain dn: ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: radius dn: ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: profiles dn: ou=users,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: users dn: ou=admins,ou=radius,dc=mydomain,dc=com objectclass: organizationalunit ou: admins dn: uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: dial radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None dn: uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: isdn radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None dn: uid=example,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusProfile uid: example userPassword: test radiusGroupName: dial radiusGroupName: isdn dn: cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: freeradius cn: freeradius userPassword: freeradius dn: cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: freeradius cn: freeradius userPassword: billing dn: cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com objectclass: person sn: replica cn: replica userPassword: replica ----End schema.ldif---- add the organizational structure to the master ldap database:: $ ldapadd -D uid=billing,ou=admins,ou=radius,dc=mydomain,dc=com -w billing -f schema.ldif -h ldapmaster.mydomain.com run slapcat to see what the directory looks like:: $ slapcat If all went well the LDAP directory should be up and running and propagated to the slaves. Now you can add your users to the master. Now its time to setup FreeRadius. First cd into /usr/local/etc/raddb and take a look at all the configuration files, they are heavily documented so you may wish to read through them all before making and changes. edit huntgroups to specify a NAS to a huntgroup:: ----Begin huntgroups---- # dialup and isdn isdncombo NAS-IP-Address == 10.10.10.1 # just dialup dialup NAS-IP-Address == 10.10.10.2 dialup NAS-IP-Address == 10.10.10.3 ----End huntgroups---- * edit proxy.conf to setup the different realms:: ----Begin proxy.conf---- proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 servers_per_realm = 15 default_fallback = yes } realm NULL { type = radius authhost = LOCAL accthost = LOCAL #secret = testing123 } realm DEFAULT { type = radius authhost = LOCAL accthost = LOCAL #secret = testing123 } ----End proxy.conf---- -edit clients.conf to setup the NAS's that can talk to it ----Begin clients.conf---- client 127.0.0.1 { secret = example shortname = localhost nas_type = other } # isdn and dialup nas client 10.10.10.1 { secret = example shortname = isdn nas_type = cisco } #dialup only client 10.10.10.2 { secret = example shortname = dialup1 nas_type = cisco } client 10.10.10.3 { secret = example shortname = dialup2 nas_type = cisco } ----End clients.conf---- You may wish to look at the other files, but they should all be OK by default. create startup files in /usr/local/etc/rc.d radiusd.sh - the radiusd startup file:: ----Begin radiusd.sh---- #!/bin/sh case "$1" in start) /usr/local/sbin/radiusd echo -n ' radiusd' ;; stop) if [ -f /usr/local/var/run/radiusd/radiusd.pid ]; then kill -TERM `cat /usr/local/var/run/radiusd/radiusd.pid` rm -f /usr/local/var/run/radiusd/radiusd.pid echo -n ' radiusd' fi ;; restart) if [ -f /usr/local/var/run/radiusd/radiusd.pid ]; then kill -HUP `cat /usr/local/var/run/radiusd/radiusd.pid` echo 'radiusd restarted' fi ;; *) echo "Usage: ${0##*/}: { start | stop | restart }" 2>&1 exit 65 ;; esac ----End radiusd.sh---- radrelay.sh - the radrelay startup file:: ----Begin radrelay.sh---- #!/bin/sh case "$1" in start) /usr/local/bin/radrelay -a /var/log/radacct -d /usr/local/etc/raddb \ -S /usr/local/etc/raddb/radrelay_secret -f -r accounting.mydomain.com:1813 \ detail-combined echo -n ' radrelay started' ;; stop) /usr/bin/killall radrelay echo ' radrelay stopped' ;; *) echo "Usage: $[0##*/}: { start | stop }" 2>&1 exit 65 ;; esac ----End radrelay.sh---- create radrelay_secret in /usr/local/etc/radddb This file will contain the secret to connect to the Accounting radius server:: ----Begin radrelay_secret---- example ----End radrelay_secret---- Now fire them up:: $ /usr/local/etc/rc.d/radiusd.sh start $ /usr/local/etc/rc.d/radrelay.sh start You should be all set to start testing now. OTHER RANDOM NOTES AND THOUGHTS ------------------------------- The client programs used to connect to the ldap directory are: ldapadd: to add a record ldapmodify: to modify a record ldapdelete: to delete a record ldapsearch: to search for a record slapcat: to show the entire directory slappaswd: to generate a crypted password Read the man pages on those commands, they tell you everything you need to know. They all follow this basic syntax:: $ ldapwhatever -D "uid=someone,ou=admins,ou=radius,dc=mydomain,dc=com" -w thesecret -andthenotherstuff Finally, if you are having trouble with LDAP, run it in debug mode by changing the following in slapd.sh:: slapd_args= to:: slapd_args= '-d 3' There is a program included with freeradius to test the radius server, its called radclient. Typing it alone will tell you all the options. You will need to create a file that contains radius attributes, such as:: User-Name = example User-Password = test Service-Type = Framed-User NAS-IP-Address = 10.10.10.1 NAS-Port-Type = Async Then you fire that radius packet at the server by issuing:: $ radclient -f testradiusfile localhost auth thesecret -f = filename localhost is the server you are hitting auth or acct depending on the type of packet thesecret to connect to that server Finally, if you are having trouble you can run radius in debug mode and it will output everything that happens to the screen. To do that, kill the current process and run:: $ radiusd -X LINKS ----- FREERADIUS ++++++++++ * _`FreeRADIUS`: http://www.freeradius.org * _`FreeRADIUS Documentation`: http://freeradius.org/documentation/ * _`FreeRADIUS Wiki`: http://wiki.freeradius.org/ OPENLDAP ++++++++ * _`OpenLDAP`: http://www.openldap.org * _`OpenLDAP Administrator's Guide`: http://www.openldap.org/doc/admin21 RFCs ++++ * _`RFC2865: RADIUS Authentication`: http://freeradius.org/rfc/rfc2865.txt * _`RFC2866: RADIUS Accounting`: http://freeradius.org/rfc/rfc2866.txt * _`RFC2869: RADIUS Extentions`: http://freeradius.org/rfc/rfc2869.txt * _`RFC2251: LDAP v3`: http://www.ietf.org/rfc/rfc2251.txt * _`RFC2252: LDAP v3 Attribute Syntax Definitions`: http://www.ietf.org/rfc/rfc2252.txt * _`RFC2253: LDAP UTF-8 String Representation of Distinguishe d Names (DNs)`: http://www.ietf.org/rfc/rfc2252.txt * _`RFC2849: LDAP Data Interchange Fromat (LDIFs)`: http://www.ietf.org/rfc/rfc2849.txt * _`RFC3377: LDAP v3 Technical Specs`: http://www.ietf.org/rfc/rfc3377.txt freeradius-server-3.0.16/doc/modules/mschap.rst000066400000000000000000000135571322570622300214750ustar00rootroot00000000000000rlm_mschap ========== The mschap module provides support for MS-CHAPv1 and MS-CHAPv2, which is a common authentication mechanisms for Microsoft clients. If you want to support mschap, there are only 3 possibilities: 1. You have access to the users plaintext password, and you configure FreeRADIUS to read this, and set the Cleartext-Password control attribute. 2. You have access to the NT (MS-CHAPv2) or LM (MS-CHAPv1) hashes, and you configure FreeRADIUS to read this and set the NT/LM-Password control attribute. 3. You have Samba installed, joined into a windows domain, and use the ntlm_auth helper binary to pass authentication onwards to a domain controller. These are the ONLY possibilities; MS-CHAP is IMPOSSIBLE if you e.g. only have the unix/md5/sha crypt of your users password. For more info, see: http://deployingradius.com/documents/protocols/compatibility.html EAP-MSCHAPv2 ============ The EAP module provides MS-CHAPv2 support as well. It simply passes the data through to the mschap module, so you must configure mschap properly. ntlm_auth ========= Method 3 above involves configuring the mschap module to call the Samba ntlm_auth helper: :: mschap { ntlm_auth = "/path/to/bin ..." } You need to be careful about setting this command line. There are several options for the arguments, in particular username and domain: * --username=%{User-Name} - this will fail if you're using realms or host-based auth * --username=%{mschap:User-Name} - this will fail if using using suffix i.e. user@domain You'll need to fit this to your local needs. Disabling ntlm_auth for some users ---------------------------------- You might have some users in the domain, and others in files or SQL that you want to authenticate locally. To do this, set:: MS-CHAP-Use-NTLM-Auth := 0 This will disable ntlm_auth for that user/group. This is also obeyed for password changes (see below). Password changes ================ From FreeRADIUS version 3.0.0 the mschap module supports password changes. There are two options, ntlm_auth and local. ntlm_auth --------- If you are using ntlm_auth to check passwords, you must also use ntlm_auth to change passwords. In modules/mschap you should configure:: mschap { ntlm_auth = "...." passchange { # path to the binary ntlm_auth = "/path/to/ntlm_auth --helper-protocol=ntlm-change-password-1" # initial data to send # this MUST be supplied ntlm_auth_username = "username: %{mschap:User-Name}" ntlm_auth_domain = "nt-domain: %{%{mschap:NT-Domain}:-YOURDOMAIN}" # Or, you could try: ntlm_auth_username = "full-username: %{User-Name}" # ntlm_auth_domain - disabled } If you are using ntlm_auth, then domain controllers might say "Password expired" if the user password is valid but has expired; the mschap module will detect this and return error 648 to the client, instructing it to try a password change. Note: if you have disabled ntlm_auth for a user/group, this will apply for password changes too - they will fall through to using the Local method. Local ----- If you are performing mschap locally with Cleartext-Password/NT-Password, you can decrypt and process the password change locally. To do this, you configure the "local_cpw" string:: mschap { passchange { local_cpw = "%{xlat:...} } } To actually force a client to change passwords, you must set the expiry bit in the SMB-Account-Ctrl value - for example:: update control { # U == user # e == expired SMB-Account-Ctrl-Text := '[Ue]' } This will cause the client to receive "error 648 - password expired". Obviously you will need to ensure your local_cpw xlat clears this value, or else the client password will be expired the next time they log in. For example, you might use an SQL stored procedure to change passwords:: mschap { passchange { local_cpw = "%{sql:select change_password('%{SQL-User-Name}','%{MS-CHAP-New-NT-Password}')}" } } ...and an example stored procedure for Postgres might be:: CREATE FUNCTION change_password(raduser text, ntpassword text) RETURNS text LANGUAGE plpgsql AS $$ BEGIN update radcheck set value=ntpassword where username=raduser and attribute='NT-Password'; if not FOUND then -- the user does not exist; die return ''; end if; update radcheck set value=replace(value,'e','') where username=raduser and attribute='SMB-Account-Ctrl-Text' and value like '%e%'; return 'ok'; END; $$; The local_cpw xlat has access to two variables: * MS-CHAP-New-NT-Password - the new value of NT-Password * MS-CHAP-New-Cleartext-PAssword - the new value of Cleartext-Password This allows you to do things like:: # update via SQL local_cpw = "%{sql:update radcheck set value='%{MS-CHAP-New-NT-Password}' where username='%{SQL-User-Name} and attribute='NT-Password'}" Or:: # update via exec/script local_cpw = "%{exec:/my/script %{User-Name} %{MS-CHAP-New-Cleartext-Password}}" WARNING - wherever possible, you should use MS-CHAP-New-NT-Password. The reason is that cleartext passwords have undergone unicode transformation from the client encoding (utf-16) to the server encoding (utf-8) and the current code does this in a very ad-hoc way. The reverse transformation is also not done - when the server reads Cleartext-Password out of files/database, it assumes US-ASCII and thus international characters will fail. N.B. this could be fixed, if we wanted to pull in something like iconv. In addition, you should beware of Cleartext-Password when using SQL; any password character not in safe_characters will be encoded as a hex number, e.g. =20. Password changes over EAP ========================= You must set the following in eap.conf:: eap { mschapv2 { send_error = yes } } Otherwise password changes for PEAP/MSCHAPv2 will not work. freeradius-server-3.0.16/doc/modules/rlm_dbm000066400000000000000000000132101322570622300210110ustar00rootroot00000000000000Radius DBM module 0. INTRODUCTION rlm_dbm uses a Berkeley or GDBM <** database to store use information. It is a lot faster than the files and passwd modules, takes less memory than the fastusers module and does not require additional server software as the LDAP and SQL modules does. In addition it supports groups, and of course multiple entries per user or group. 1. WHAT DOES IT DO Basically, it opens the file you specifies in radiusd.conf and authenticates users out of it. The file has to be a Berkeley or GDBM <** file database, and may be created by rlm_dbm_parse or by a custom program of your choice. 2. HOW TO USE IT Put the module declaration in your radiusd.conf. It should in general look like this: dbm { usersfile = ${confdir}/users.db } Note: some dbm libraries add .db suffix by itself. Then put "dbm" in the "authorize {}" section of your radiusd.conf: authorize { preprocess realms dbm } 3. MODULE OPTIONS The only option is "usersfile", which is the path and filename of the database file you want rlm_dbm to look for users and groups in. This file needs to be generated, either by the rlm_dbm_parse program or by some custom program, for instance a Perl program using the DB_File or GDBM_File <** modules. 4. EXTERNAL UTILITIES rlm_dbm_cat rlm_dbm_cat: [-f file] [-w] [-i number] [-l number] [-v] [username ...] rlm_dbm_cat simply lists the definition(s) of the username(s) or group name(s), or the entire database. It takes the following options: -f The file name of the database to list. -w Long lines should be wrapped -i Set the left margin then wrapped. -l How long line should be to be wrapped (wrap threshold) -v Print the version number and exit. rlm_dbm_parse rlm_dbm_parser [-c] [-d raddb] [-i inputfile] [-o outputfile] [-x] [-v] [-q] [username ...] rlm_dbm_parses reads a file of the syntax defined below, and writes a database file usable by rlm_dbm or edits current database. It takes the following options: -i Use as the input file. If not defined then use standard input. -o Use as the output file. -c Create a new database (empty output file before writing) -x Enable debug mode. ; Multiple x flag increase debug level -q Do not print statistics (quiet). -v Print the version and exit. -r Remove a username or group name from the database. 5. INPUT FORMAT rlm_dbm_parse reads a format similar to the one used by the files module. In incomplete RFC2234 ABNF, it looks like this: entries = *entry entry = identifier TAB definition identifier = username / group-name username = +PCHAR groupname = +PCHAR definition = (check-item ",")* LF ( *( reply-item ",") / ";" ) LF check-item = AS IN FILES reply-item = AS IN FILES *** need definition of username and groupname *** As an example, these are the standard files definitions (files module). ---8<--- DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes #except who call from number 555-666 DEFAULT Auth-Type := Reject,Service-Type ==Framed-User, Calling-Station-ID == "555-666" #or call number 555-667 DEFAULT Auth-Type := Reject,Service-Type ==Framed-User, Calling-Station-ID == "555-667" ---8<--- To be a valid rlm_dbm input file, it should look like this: ---8<--- DEFAULT Service-Type == Framed-User # (1) Framed-IP-Address = 255.255.255.254, # comma, list cont'd Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes # \n, end of list Auth-Type := Reject,Service-Type ==Framed-User, # (2) Calling-Station-ID == "555-666" ; # ;, no reply items Auth-Type := Reject,Service-Type ==Framed-User, # (3) Calling-Station-ID == "555-667" ; # ditto ---8<--- This user (the DEFAULT user) contains three entries, 1, 2 and 3. The first entry has a list of reply items, terminated by a reply item without a trailing comma. Entries 2 and 3 has empty reply lists, as indicated by the semicolon. This is necessary to separate an empty line (which is ignored) from the empty list. Definition Fall-Through = Yes used in order to say module to check next record. By default Fall-Through = Yes. Groups This is implemented with the special User-Category attribute. Simply set this as a reply item, and rlm_dbm will include the groups definition when evaluating the check and reply items of the user. The group defined the same way as users. Here is a short example: ---8<--- # group definitions gendialup Service-Type = Framed-User, Cisco-AVPair += "ip:addr-pool=SANDY", Framed-Protocol = PPP locked Auth-Type := Reject Reply-Message = "Your account has been disabled." # user definitions ssalex Auth-Type := Local, Password == "passs" User-Category = "GenDialup" ssmike Auth-Type := Local, Password == "pass1" User-Category = "Locked" ---8<--- 6. ACKNOWLEDGMENTS Author - Andrei Koulik Documentation - Bjrn Nordb 8. Bug reports: rlm_dbm_bug@agk.nnov.ru freeradius-server-3.0.16/doc/modules/rlm_eap000066400000000000000000000316111322570622300210210ustar00rootroot00000000000000 Extensible Authentication Protocol (EAP) INTRODUCTION Extensible Authentication Protocol(EAP), rfc2284, is a general protocol that allows network access points to support multiple authentication methods. Each EAP-Type indicates a specific authentication mechanism. 802.1x standard authenticates wireless LAN users trying to access enterprise networks. RADIUS attribute used for EAP is EAP-Message, 79(rfc2869). RADIUS communicates all EAP messages by embedding them in this attribute. General Terminology Supplicant/EAP Client - is the software on the end-user/client machine (machine with the wireless card). Authenticator/NAS/Access Point(AP) - A network device providing users with a point of entry into the network. EAPOL - EAP over LAN as defined in 802.1x standard. EAPOW - EAP over Wireless. +----------+ +----------+ +----------+ | | EAPOL | | RADIUS | | | EAP |<------>| Access |<------>| RADIUS | | Client | EAPOW | Point | (EAP) | Server | | | | | | | +----------+ +----------+ +----------+ The sequence of events, for EAP-MD5, runs as follows: 1. The end-user associates with the Access Point(AP). 2. The supplicant specifies AP to use EAP by sending EAP-Start. 3. AP requests the supplicant to Identify itself (EAP-Identity). 4. Supplicant then sends its Identity (username) to the AP. 5. AP forwards this EAP-response AS-IS to the RADIUS server. (The supplicant and the RADIUS server mutually authenticate via AP. AP just acts as a passthru till authentication is finished.) 6. The server sends a challenge to the supplicant. 7. The supplicant carries out a hash on the password and sends this hashed password to the RADIUS server as its response. 8. The RADIUS server performs a hash on the password for that supplicant in its user database and compares the two hashed values and authenticates the client if the two values match(EAP-Success/EAP-Failure) 9. AP now opens a port to accept data from the end-user. Currently, EAP is widely used in wireless networks than in wired networks. In 802.11/wireless based networking, following sequence of events happen in addition to the above EAP events. 10. RADIUS server and the supplicant agree to a specific WEP key. 11. The supplicant loads the key ready for logging on. 12. The RADIUS server sends the key for this session (Session key) to the AP. 13. The AP encrypts its Broadcast key with the Session key 14. The AP sends the encypted key to the supplicant 15. The supplicant decrypts the Broadcast key with the Session key and the session continues using the Broadcast and Session keys until the session ends. References: The Implementation of EAP over RADIUS is based on the following RFCs rfc2869 -- RADIUS Extensions rfc2284 -- PPP Extensible Authentication Protocol (EAP) rfc2716 -- PPP EAP TLS Authentication Protocol Following links help to understand HOW EAP works www.ieee802.org/1/mirror/8021/docs2000/ieee_plenary.PDF EAP CODE ORGANIZATION EAP is implemented as a module in freeradius and the code is placed in src/modules/rlm_eap. All EAP-Types are organized as subdirectories in rlm_eap/types/. Each EAP-Type, like types/rlm_eap_md5, contains a chunk of code that knows how to deal with a particular kind of authentication mechanism. To add a new EAP-Type then a new directory should be created as rlm_eap/types/rlm_eap_XXXX, where XXXX is EAP-Type name ie for EAP-Type like ONE TIME PASSWORD (OTP) it would be rlm_eap_otp src/modules/rlm_eap -- contains the basic EAP and generalized interfaces to all the EAP-Types. rlm_eap/types -- contains all the supported EAP-Types rlm_eap/types/rlm_eap_md5 -- EAP-MD5 authentication. rlm_eap/types/rlm_eap_tls -- EAP-TLS based authentication. rlm_eap/types/rlm_eap_ttls -- TTLS based authentication. rlm_eap/types/rlm_eap_peap -- Windows PEAP based authentication. rlm_eap/types/rlm_eap_leap -- Cisco LEAP authentication. rlm_eap/types/rlm_eap_sim -- EAP-SIM (GSM) based authentication CONFIGURATION Add the eap configuration stanza to the modules section in radiusd.conf to load and control rlm_eap and all the supported EAP-Types: For example: modules { ... eap { default_eap_type = md5 md5 { } ... } ... } NOTE: You cannot have empty eap stanza. At least one EAP-Type sub-stanza should be defined as above, otherwise the server will not know what type of eap authentication mechanism to be used and the server will exit with error. All the various options and their associated default values for each EAP-Type are documented in the sample radiusd.conf that is provided with the distribution. Since the EAP requests may not contain a requested EAP type, the 'default_eap_type' configuration options is used by the EAP module to determine which EAP type to choose for authentication. NOTE: EAP cannot authorize a user. It can only authenticate. Other Freeradius modules authorize the user. EAP SIM server To configure EAP-SIM authentication, the following attributes must be set in the server. This can be done in the users file, but in many cases will be taken from a database server, via one of the SQL interface. If one has SIM cards that one controls (i.e. whose share secret you know), one should be able to write a module to generate these attributes (the triplets) in the server. If one has access to the SS7 based settlement network, then a module to fetch appropriate triplets could be written. This module would act as an authorization only module. The attributes are: EAP-Sim-Rand1 16 bytes EAP-Sim-SRES1 4 bytes EAP-Sim-KC1 8 bytes EAP-Sim-Rand2 16 bytes EAP-Sim-SRES2 4 bytes EAP-Sim-KC2 8 bytes EAP-Sim-Rand3 16 bytes EAP-Sim-SRES3 4 bytes EAP-Sim-KC3 8 bytes EAP-SIM will send WEP attributes to the resquestor. EAP CLIENTS 1. XSupplicant - freeradius (EAP/TLS) notes may be found at: http://www.eax.com/802/ or http://www.missl.cs.umd.edu/wireless/eaptls/ XSupplicant is hosted by: http://www.open1x.org/ 2. XP - freeradius (EAP/TLS) notes may be found at: http://www.denobula.com/EAPTLS.pdf 3. Freeradius has an "radeapclient" that can do EAP-MD5 (passwords), as well as EAP-SIM. It is in modules/rlm_eap/radeapclient. TESTING You will find several test cases in src/tests/ for the EAP-SIM code. HOW DO I USE IT (FAQ/Examples) 1. How can I enable EAP-MD5 authentication ? In radiusd.conf modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # eap sets the authenticate type as EAP authorize { ... eap } # eap authentication takes place. authenticate { eap } # If you are proxying EAP-LEAP requests # This is required to make LEAP work. post-proxy { eap } 2. My Userbase is in LDAP and I want to use EAP-MD5 authentication In radiusd.conf modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # ldap gets the Configured password. # eap sets the authenticate type as EAP authorize { ... ldap eap ... } # eap authentication takes place. authenticate { ... eap ... } 3. How can I Proxy EAP messages, with/without User-Name attribute in the Access-Request packets With User-Name attribute in Access-Request packet, EAP-proxying is just same as RADIUS-proxying. If User-Name attribute is not present in Access-Request packet, Freeradius can proxy the request with the following configuration in radiusd.conf # eap module should be configured as the First module in # the authorize stanza authorize { eap ... other modules. } With this configuration, eap_authorize creates User-Name attribute from EAP-Identity response, if it is not present. Once User-Name attribute is created, RADIUS proxying takes care of EAP proxying. 4. How Freeradius can handle EAP-START messages ? In most of the cases this is handled by the Authenticator. Only if it is required then, in radiusd.conf authorize { eap ... other modules. } With the above configuration, RADIUS server immediately responds with EAP-Identity request. NOTE: EAP does not check for any Identity or maintains any state in case of EAP-START. It blindly responds with EAP-Identity request. Proxying is handled only after EAP-Identity response is received. 5. I want to enable multiple EAP-Types, how can I configure ? In radiusd.conf modules { ... eap { default_eap_type = tls md5 { } tls { ... } ... } ... } The above configuration will let the server load all the EAP-Types, but the server can have only one default EAP-Type, as above. Once EAP-Identity response is received by the server, based on the default_eap_type, the server will send a new request (MD5-Challenge request incase of md5, TLS-START request incase of tls) to the supplicant. If the supplicant is rfc2284 compliant and does not support the EAP-Type sent by the server then it sends EAP-Acknowledge with the supported EAP-Type. If this EAP-Type is supported by the server then it will send the respective EAP-request. Example: If the supplicant supports only EAP-MD5 but the server default_eap_type is configured as EAP-TLS, as above, then the server will send TLS-START after EAP-Identity is received. Supplicant will respond with EAP-Acknowledge(EAP-MD5). Server now responds with MD5-Challenge. INSTALLATION EAP, EAP-MD5, and Cisco LEAP do not require any additional packages. Freeradius contains all the required packages. For EAP-TLS, EAP-TTLS, and PEAP, OPENSSL, , is required to be installed. Any version from 0.9.7, should fairly work with this module. EAP-SIM should not require any additional packages. IMPLEMENTATION (For Developers) The rlm_eap module only deals with EAP specific authentication mechanism and the generic interface to interact with all the EAP-Types. Currently, these are the existing interfaces, int attach(CONF_SECTION *conf, void **type_arg); int initiate(void *type_arg, EAP_HANDLER *handler); int authenticate(void *type_arg, EAP_HANDLER *handler); int detach(void **type_arg); attach() and detach() functions allocate and deallocate all the required resources. initiate() function begins the conversation when EAP-Identity response is received. Incase of EAP-MD5, initiate() function sends the challenge. authenticate() function uses specific EAP-Type authentication mechanism to authenticate the user. During authentication many EAP-Requests and EAP-Responses takes place for each authentication. Hence authenticate() function may be called many times. EAP_HANDLER contains the complete state information required. HOW EAP WORKS as posted to the list, by John Lindsay To make it clear for everyone, the supplicant is the software on the client (machine with the wireless card). The EAP process doesn't start until the client has associated with the Access Point using Open authentication. If this process isn't crystal clear you need to go away and gain understanding. Once the association is made the AP blocks all traffic that is not 802.1x so although associated the connection only has value for EAP. Any EAP traffic is passed to the radius server and any radius traffic is passed back to the client. So, after the client has associated to the Access Point, the supplicant starts the process for using EAP over LAN by asking the user for their logon and password. Using 802.1x and EAP the supplicant sends the username and a one-way hash of the password to the AP. The AP encapsulates the request and sends it to the RADIUS server. The radius server needs a plaintext password so that it can perform the same one-way hash to determine that the password is correct. If it is, the radius server issues an access challenge which goes back via to the AP to the client. (my study guide says client but my brain says 'supplicant') The client sends the EAP response to the challenge via the AP to the RADIUS server. If the response is valid the RADIUS server sends a success message and the session WEP key (EAP over wireless) to the client via the AP. The same session WEP key is also sent to the AP in the success packet. The client and the AP then begin using session WEP keys. The WEP key used for multicasts is then sent from the AP to the client. It is encrypted using the session WEP key. ACKNOWLEDGEMENTS Primary author - Raghu EAP-SIM - Michael Richardson The development of the EAP/SIM support was funded by Internet Foundation Austria (http://www.nic.at/ipa). freeradius-server-3.0.16/doc/modules/rlm_expiration000066400000000000000000000013531322570622300224360ustar00rootroot00000000000000Module to expire user accounts. This module can be used to expire user accounts. Expired users receive an Access-Reject on every authentication attempt. Expiration is based on the Expiration attribute which should be present in the check item list for the user we wish to perform expiration checks. Expiration attribute format: You can use Expiration := "23 Sep 2004" and the user will no longer be able to connect at 00:00 (midnight) on September 23rd, 2004. If you want a certain time (other than midnight) you can do use Expiration := "23 Sep 2004 12:00". The nas will receive a Session-Timeout attribute calculated to kick the user off when the Expiration time occurs. Example entry (users files): user1 Expiration := "23 Sep 2004" freeradius-server-3.0.16/doc/modules/rlm_krb5000066400000000000000000000022271322570622300211200ustar00rootroot00000000000000The `rlm_krb5` FreeRADIUS module enables the use of Kerberos 5 for authentication. Compilation issues ================== MIT libraries ------------- The `rlm_krb5` module, by default, presumes you have the MIT Kerberos 5 distribution. Notes from that distribution: On linux, you may have to change: deplibs_test_method="pass_all" in `../libtool` Otherwise, it complains if the krb5 libs aren't shared. Heimdal libraries ----------------- If you are using the Heimdal Kerberos 5 distribution, pass an `--enable-heimdal-krb5` option to `configure`. Configuration parameters ======================== You can configure the module with the following parameters: krb5 { # Keytab containing the key used by rlm_krb5 keytab = /path/to/keytab # Principal that is used by rlm_krb5 service_principal = radius/some.host.com } Make sure the keytab is readable by the user that is used to run `radiusd` and that your authorization configuration really uses `rlm_krb5` to do the authentication. You will need to add the following to the 'authenticate' section of your radiusd.conf file: Auth-Type Kerberos { krb5 } freeradius-server-3.0.16/doc/modules/rlm_pam000066400000000000000000000064061322570622300210350ustar00rootroot00000000000000 PAM Support for FreeRadius 0. INTRODUCTION PAM support was done by Jeph Blaize. Miguel a.l. Paraz ported it to FreeRADIUS' parent, Cistron-Radius. Chris Dent added the Pam-Auth attribute. 1. USAGE Use Auth-Type = Pam in the users file. You cannot use User-Password = "PAM" as in other radius servers. Sorry. You can also use ``Pam-Auth = "somestring"'' to specify an entry in /etc/pam.d. The default is "radius". Compile and install freeradius with pam support (./configure --help will tell you how) Within your radiusd.conf file, in the 'modules' section, make sure that the pam section is enabled: pam { # # The name to use for PAM authentication. # PAM looks in /etc/pam.d/${pam_auth_name} # for it's configuration. # # Note that any Pam-Auth attribute set in the 'users' # file over-rides this one. # pam_auth = radiusd } In the 'authenticate' section, do the same: authenticate { # Uncomment this if you want to use PAM (Auth-Type = PAM) pam ... In your /etc/pam.d/ directory create a file called radiusd with the following contents (or whatever you want for your pam configuration, this seems to work for me): #%PAM-1.0 auth required /lib/security/pam_unix_auth.so shadow md5 nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_unix_passwd.so shadow md5 nullok use_authtok session required /lib/security/pam_unix_session.so If you don't want to run your freeradius server in debug mode as root (ie, run as an unpriviledged user) you will need to run freeradius with a group membership that is able to read the /etc/shadow file - otherwise pam will be unable to read the /etc/shadow file and will fail. I suggest a group called 'shadow' or the like. $ chgrp /etc/shadow shadow $ chmod g+w /etc/shadow And in the radiusd.conf file: # On systems with shadow passwords, you might have to set 'group = shadow' # for the server to be able to read the shadow password file. # # Change below to suit your setup. user = radius group = shadow Please understand that giving anything except root read permissions to the /etc/shadow file is something that you want to think a bit upon!! 2. NOTES None. 3. TODO: Real PAM support, figure out how we can write a module that will make it blend in with PAM more seamlessly. With this, we can replace the DENY_SHELL with something more flexible such as a database. 4. EXAMPLE: DEFAULT Auth-Type = Pam, NAS-IP-Address = 206.97.64.5 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Filter-Id = "std.ppp", Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Auth-Type = Pam, Pam-Auth = "radius2", NAS-IP-Address = 127.0.0.1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Filter-Id = "std.ppp", Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP freeradius-server-3.0.16/doc/modules/rlm_passwd000066400000000000000000000043271322570622300215610ustar00rootroot00000000000000RADIUS rlm_passwd (passwd-like files authorization module) FAQ Q: Can I use rlm_passwd to authenticate user against Linux shadow password file or BSD-style master.passwd? A: Yes, but you need RADIUS running as root. Hint: use Crypt-Password attribute. You probably don't want to use this module with FreeBSD to authenticate against system file, as it already takes care of caching passwd file entries, but it may be helpfull to authenticate against alternate file. Q: Can I use rlm_passwd to authenticate user against SAMBA smbpasswd? A: Yes, you can. Hint: use LM-Password/NT-Password attribute, set authtype = MS-CHAP. Q: Can I use rlm_password to authenticate user against BLA-BLA-BLApasswd? A: Probably you can, if BLA-BLA-BLA stores password in some format supported by RADIUS, for example cleartext, NT/LM hashes, crypt, Netscape MD5 format. You have to set authtype to corresponding type, for example authtype = NS-MTA-MD5 for Netscape MD5. Q: Are where are differences between rlm_passwd and rlm_unix? A: rlm_passwd supports passwd files in any format and may be used, for example, to parse FreeBSD's master.passwd or SAMBA smbpasswd files, but it can't perform system authentication (for example to authenticate NIS user, like rlm_unix does). If you need system authentication you need rlm_unix, if you have to authenticate against files only under BSD you need rlm_passwd, if you need to authenticate against files only under Linux, you can choose between rlm_unix and rlm_passwd, probably you will have nearly same results in performance (I hope :) ). Q: I'm using realms with rlm_passwd. I see rlm_passwd do not strip realm from user name. How to configure rlm_passwd to strip realm? A: In case you configured realm to strip username, User-Password attribute is not changed. Instead, rlm_realm creates new attribute Stripped-User-Name. All you need is to use Stripped-User-Name instead of User-Name as a key field for passwd file. Q: How can I say passwd to add attribute even if it's value is empty? A: set ignore_empty to "no" in module configuration. 5. Acknowlegements: ZARAZA, <3APA3A@security.nnov.ru> Michael Chernyakhovsky - reply-items support freeradius-server-3.0.16/doc/modules/rlm_python000066400000000000000000000034231322570622300215750ustar00rootroot00000000000000Python module for freeradius Copyright 2002 Miguel A Paraz Copyright 2002 Imperium Technology, Inc. PURPOSE: To allow module writers to write modules in a high-level language, for implementation or for prototyping. REQUIRES: Python - tested with 2.2 BUILDING: ./configure --with-experimental-modules USAGE: Make your module available to the Python interpreter by either putting it in a standard location, or 'EXPORT PYTHONPATH=$location'. BUGS: 1. Can't compile statically (./configure --enable-shared=no) - causes SIGSEGV on the first malloc() in main(). Design: 1. Support for all module functions. 2. One module per function allowed, for example, from experimental.conf: python { mod_instantiate = radiusd_test func_instantiate = instantiate mod_authorize = radiusd_test func_authorize = authorize mod_accounting = radiusd_test func_accounting = accounting mod_preacct = radiusd_test func_preacct = preacct mod_detach = radiusd_test func_detach = detach } 3. Different functions are wrappers around the same core. 4. func_detach is passed no parameters, returns module return value. 5. If functions returns None (plain 'return' no return), default to RLM_OK 6. Python instantation function can return -1 to signal failure and abort startup. Available to module: import radiusd radiusd.rad_log(radiusd.L_XXX, message_string) radiusd.RLM_XXX TODO: 1. Do we need to support other pair operations beyond set (:=) ? 2. Should we pass the value pair info as a dict and not a tuple? Faster? 2. Give access to more radiusd variables like the dictionary. 3. Give access to other C functions. Let the Python module deal with the structures directly, instead of letting our C code do it afterwards. What's a good way to represent this? freeradius-server-3.0.16/doc/modules/rlm_soh000066400000000000000000000136511322570622300210510ustar00rootroot00000000000000== Intro == This release adds support for Microsoft Statement-of-Health (SoH), which is a form of network access protection. Client support is present in Windows XP SP3, Vista and 7. SoH data can come in from several places: * inside EAP-PEAP packets for 802.1x wireless/wired connections * inside a radius packet (Microsoft VSA #55, MS-Quarantine-SOH) - VPN and terminal services gateways can act as the radius client * inside a DHCP request, in vendor-specific options FreeRadius supports all three types. The SoH statement is decoded into radius-style attributes, and you can write a policy in "unlang" to act on them, and permit, restrict or deny network access. == PEAP support == SoH support in peap is enabled in eap.conf using config like so: eap { peap { soh = yes soh_virtual_server = "soh-server" } } When SoH is enabled, an EAP-PEAP client will be challenged to provide an SoH statement after providing it's identity (or resuming a PEAP session via SSL session resumption). Clients which do not support PEAP will NAK the request, and clients which do will answer it. The client reply will be written into a fake radius request and sent to the virtual server specified above; it will either look like: SoH-Supported = no ...or (from a Vista machine): SoH-Supported = yes SoH-MS-Machine-OS-vendor = Microsoft SoH-MS-Machine-OS-version = 6 SoH-MS-Machine-OS-release = 0 SoH-MS-Machine-OS-build = 6001 SoH-MS-Machine-SP-version = 1 SoH-MS-Machine-SP-release = 0 SoH-MS-Machine-Processor = x86_64 SoH-MS-Machine-Name = "netbios.example.com" SoH-MS-Correlation-Id = 0x54468936cb494374b127a6a3cc3bb11c01ca78d858ee1ef0 SoH-MS-Machine-Role = client SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=1 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus error not-installed" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=1 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "auto-updates ok action=install" SoH-MS-Windows-Health-Status = "security-updates warn some-missing" If you have "copy_request_to_tunnel = yes" set on the peap module, the request variables like NAS-IP-Address and so on will be copied to the fake request as well. Clients without SoH seem to just NAK the SoH request and continue with the inner EAP auth. This has been tested as working with Windows XP SP2 and lower, Linux clients using NetworkManager & wpa_supplicant, MacOS 10.5, Nokia/Symbian S60 and iPhone OS 3.x. It should therefore be safe to deploy. == Radius support == If you are running a Microsoft VPN or Terminal Services Gateway, these can be configured to send the SoH data to an upstream radius server, in this case presumably FreeRadius. To take advantage of this you will need to add the "soh" module to the "authorize" section of your virtual server, like so: server tsgateway { preprocess soh if () { ... policy goes here } } The SoH module simply looks for the Microsoft VSA #55 and decodes the SoH data, adding the SoH attributes to the request - see above for an example of the available attributes. The SoH module also does dynamic expansions - see below for more info. == DHCP support == If you compile FreeRadius with DHCP support, the "soh" module can challenge a DHCP client for SoH data in the DHCPOFFER packet. As with normal radius, the SoH attributes are added to the request. You would use like so: server dhcp { dhcp DHCP-Discover { soh # note - no SoH attributes are added here, the client hasn't sent them yet # other DHCP config } dhcp DHCP-Request { soh if () { # SoH policy } # other DHCP config } } == soh module == The "soh" module decodes the radius & DHCP payloads. It also makes some dynamic variables available, for example: authorize { soh update request { Tmp-String-0 = "%{soh:OS}" } } ...will give you a string like "Windows Vista 6.1.100 sp 1.0" or "Windows XP 5.x.x sp 3.0" At the moment, this is the only dynamic expansion; in future, we will make various bits of info available, for example non-Microsoft SoH records (see below) == Non-microsoft SoH data == The Windows SoH structure is extensible and, in principle, clients can be extended with .dll plugins to add vendor-specific info to the SoH, which can then be checked on the server. At the present time, few plugins are known and I have seen none, so can't add support for them. == Client configuration == The code works fine with Win XP SP3 & Vista on both wired & wireless. However contrary to what some sites claim, the NAP service is disabled by default, as are the many NAP remediation agents. These can be enabled from the command prompt with (for XP; instructions may differ for other windows versions): sc config napagent start= auto sc start napagent # optionally for wired 802.1x; the dot3svc should usually be made dependent # on the napagent service, else the machine might attempt 802.1x before NAP # has started... sc config dot3svc start= auto depend= napagent sc start dot3svc # enable the EAP agent netsh nap client show config # get the "ID" value for the "EAP Quarantine Enforcement Client" netsh nap client set enforce id=$ID admin=enable # repeat for DHCP, VPN or Terminal Services agents This can be automated via Group Policy. You then need to enable EAP, PEAP, Quarantine Checks & the relevant auth method on the relevant adapters. This can be done with "netsh xml profiles" or Group Policy - google for the relevant terms, or see the MS article: http://technet.microsoft.com/en-us/library/bb726965.aspx ...and related links. == TODO == Currently the code does not support sending the final SoH reply. This is because the SoH reply (see section 2.2.9 of MS-SOH version v20091104) needs various fields formatted in a manner which is not obvious to me, and I don't currently have access to a windows NAP server to look at a working example. The clients I have access don't seem to mind. Phil Mayers December 2009 freeradius-server-3.0.16/doc/modules/rlm_sql000066400000000000000000000221271322570622300210550ustar00rootroot00000000000000 SQL Module 0. Introduction The SQL module is composed of two parts: a generic SQL front-end (rlm_sql), and a series of database-dependent back-end drivers, (rlm_sql_mysql, rlm_sql_postgresql, etc.) In order to build the drivers, you MUST ALSO install the development versions of the database. That is, you must have the appropriate header files and client libraries for (say) MySQL. The rlm_sql_mysql driver is NOT a complete MySQL client implementation. Instead, it is a small 'shim' between the FreeRADIUS rlm_sql module, and the MySQL client libraries. In general, the SQL schemas mirror the layout of the 'users' file. So for configuring check items and reply items, see 'man 5 users', and the examples in the 'users' file. 1. Schema and usage The schemas are available in raddb/sql//*, where is the name of the database (mysql, postgresql, etc.) The SQL module employs two sets of check and reply item tables for processing in the authorization stage. One set of tables (radcheck and radreply) are specific to a single user. The other set of tables (radgroupcheck and radgroupreply) is used to apply check and reply items to users that are members of a certain SQL group. The usergroup table provides the list of groups each user is a member of along with a priority field to control the order in which groups are processed. When a request comes into the server and is processed by the SQL module, the flow goes something like this: 1. Search the radcheck table for any check attributes specific to the user 2. If check attributes are found, and there's a match, pull the reply items from the radreply table for this user and add them to the reply 3. Group processing then begins if any of the following conditions are met: a. The user IS NOT found in radcheck b. The user IS found in radcheck, but the check items don't match c. The user IS found in radcheck, the check items DO match AND Fall-Through is set in the radreply table d. The user IS found in radcheck, the check items DO match AND the read_groups directive is set to 'yes' 4. If groups are to be processed for this user, the first thing that is done is the list of groups this user is a member of is pulled from the usergroup table ordered by the priority field. The priority field of the usergroup table allows us to control the order in which groups are processed, so that we can emulate the ordering in the users file. This can be important in many cases. 5. For each group this user is a member of, the corresponding check items are pulled from radgroupcheck table and compared with the request. If there is a match, the reply items for this group are pulled from the radgroupreply table and applied. 6. Processing continues to the next group IF: a. There was not a match for the last group's check items OR b. Fall-Through was set in the last group's reply items (The above is exactly the same as in the users file) 7. Finally, if the user has a User-Profile attribute set or the Default Profile option is set in the sql.conf, then steps 4-6 are repeated for the groups that the profile is a member of. For any fairly complex setup, it is likely that most of the actual processing will be done in the groups. In these cases, the user entry in radcheck will be of limited use except for things like setting the user's password. So, one might have the following setup: radcheck table: joeuser Cleartext-Password := somepassword radreply table: joeuser Fall-Through = Yes radgroupcheck table: Check items for various connection scenarios radgroupreply table: reply items for the groups usergroup table: joeuser WLANgroup 1(this is the priority) joeuser PPPgroup 2 2. What NOT to do. One of the fields of the SQL schema is named 'op' This is for the 'operator' used by the attributes. e.g.: Framed-IP-Address = 1.2.3.4 ^ ATTRIBUTE ----^ ^ OP ^ VALUE If you want the server to be completely misconfigured, and to never do what you want, leave the 'op' field blank. If you want to be rudely told to RTFM, then post questions on the mailing list, asking "why doesn't my SQL configuration work when I leave the 'op' field empty?" The short answer is that with the op field empty, the server does not know what you want it to do with the attribute. Should it be added to the reply? Maybe you wanted to compare the operator to one in the request? The server simply doesn't know. So put a value in the field. The value is the string form of the operator: "=", ">=", etc. See Section 4, below, for more details. 3. Authentication versus Authorization Many people ask if they can "authenticate" users to their SQL database. The answer to this question is "You're asking the wrong question." An SQL database stores information. An SQL database is NOT an authentication server. The ONLY users who should be able to authenticate themselves to the database are the people who administer it. Most administrators do NOT want every user to be able to access the database, which means that most users will not be able to "authenticate" themselves to the database. Instead, the users will have their authorization information (name, password, configuration) stored in the database. The configuration files for FreeRADIUS contain a username and password used to authenticate FreeRADIUS to the SQL server. (See raddb/sql.conf). Once the FreeRADIUS authentication server is connected to the SQL database server, then FreeRADIUS can pull user names and passwords out of the database, and use that information to perform the authentication. 4. Operators The list of operators is given below. Op Example and documentation -- ------------------------- = "Attribute = Value" Not allowed as a check item for RADIUS protocol attributes. It is allowed for server configuration attributes (Auth-Type, etc), and sets the value of on attribute, only if there is no other item of the same attribute. As a reply item, it means "add the item to the reply list, but only if there is no other item of the same attribute." := "Attribute := Value" Always matches as a check item, and replaces in the configuration items any attribute of the same name. If no attribute of that name appears in the request, then this attribute is added. As a reply item, it has an identical meaning, but for the reply items, instead of the request items. == "Attribute == Value" As a check item, it matches if the named attribute is present in the request, AND has the given value. Not allowed as a reply item. += "Attribute += Value" Always matches as a check item, and adds the current attribute with value to the list of configuration items. As a reply item, it has an identical meaning, but the attribute is added to the reply items. != "Attribute != Value" As a check item, matches if the given attribute is in the request, AND does not have the given value. Not allowed as a reply item. > "Attribute > Value" As a check item, it matches if the request contains an attribute with a value greater than the one given. Not allowed as a reply item. >= "Attribute >= Value" As a check item, it matches if the request contains an attribute with a value greater than, or equal to the one given. Not allowed as a reply item. < "Attribute < Value" As a check item, it matches if the request contains an attribute with a value less than the one given. Not allowed as a reply item. <= "Attribute <= Value" As a check item, it matches if the request contains an attribute with a value less than, or equal to the one given. Not allowed as a reply item. =~ "Attribute =~ Expression" As a check item, it matches if the request contains an attribute which matches the given regular expression. This operator may only be applied to string attributes. Not allowed as a reply item. !~ "Attribute !~ Expression" As a check item, it matches if the request contains an attribute which does not match the given regular expression. This operator may only be applied to string attributes. Not allowed as a reply item. =* "Attribute =* Value" As a check item, it matches if the request contains the named attribute, no matter what the value is. Not allowed as a reply item. !* "Attribute !* Value" As a check item, it matches if the request does not contain the named attribute, no matter what the value is. Not allowed as a reply item. 5. Instances Just like any other module, multiple instances of the rlm_sql module can be defined and used wherever you like. The default .conf files for the different database types, contain 1 instance without a name like so: sql { ... } You can create multiple named instances like so: sql sql_instance1 { ... } sql sql_instance2 { ... } And then you can use a specific instance in radiusd.conf, like so: authorize { ... sql_instance1 ... } accounting { ... sql_instance1 sql_instance2 ... } freeradius-server-3.0.16/doc/modules/rlm_sqlcounter000066400000000000000000000124731322570622300224600ustar00rootroot00000000000000rlm_sqlcounter installation and running guide by Ram Narula ram@princess1.net Internet for Education (Thailand) *) Pre-requisites: Make sure to have configured radiusd with rlm_sqlcounter installed > make clean > ./configure --with-experimental-modules > make > make install Make sure to have radiusd running properly under sql and there must be a "sql" entry under accounting{ } section of radiusd.conf *) Configuration: [1] Create a text file called sqlcounter.conf in the same directory where radiusd.conf resides (usually /usr/local/etc/raddb) with the following content (for mysql): #-----# sqlcounter noresetcounter { sql_module_instance = sqlcca3 counter_name = Max-All-Session-Time check_name = Max-All-Session reply_name = Session-Timeout key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { sql_module_instance = sqlcca3 driver = "rlm_sqlcounter" counter_name = Daily-Session-Time check_name = Max-Daily-Session reply_name = Session-Timeout key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { sql_module_instance = sqlcca3 counter_name = Monthly-Session-Time check_name = Max-Monthly-Session reply_name = Session-Timeout key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } #-----# The respective lines for postgresql are: query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" query = "SELECT SUM(AcctSessionTime - GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'" query = "SELECT SUM(AcctSessionTime - GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'" If you are running postgres 7.x, you may not have a GREATER function. An example of one is: CREATE OR REPLACE FUNCTION "greater"(integer, integer) RETURNS integer AS ' DECLARE res INTEGER; one INTEGER := 0; two INTEGER := 0; BEGIN one = $1; two = $2; IF one IS NULL THEN one = 0; END IF; IF two IS NULL THEN two = 0; END IF; IF one > two THEN res := one; ELSE res := two; END IF; RETURN res; END; ' LANGUAGE 'plpgsql'; [2] Include the above file to radiusd.conf by adding a line in modules{ } section modules { $INCLUDE ${confdir}/sqlcounter.conf ...some other entries here... [3] Make sure to have the sqlcounter names under authorize section like the followings: authorize { ...some entries here... ...some entries here... ...some entries here... ...some entries here... noresetcounter dailycounter monthlycounter } noresetcounter: the counter that never resets, can be used for real session-time cumulation dailycounter: the counter that resets everyday, can be used for limiting daily access time (eg. 3 hours a day) monthlycounter: the counter that resets monthly, can be used for limiting monthly access time (eg. 50 hours per month) You can make your own names and directives for resetting the counter by reading the sample sqlcounter configuration in raddb/experimental.conf *) Implementation: Add sqlcounter names to be used into radcheck or radgroupcheck table appropriately for sql. For users file just follow the example below. Note: The users in the example below must be able to login normally as the example will only show how to apply sqlcounter counters. Scenarios [1] username test0001 have total time limit of 15 hours (user can login as many times as needed but can be online for total time of 15 hours which is 54000 seconds) If using normal users file authentication the entry can look like: test0001 Max-All-Session := 54000, User-Password == "blah" Service-Type = Framed-User, Framed-Protocol = PPP or for sql make sure to have Max-All-Session entry under either radcheck or radgroup check table: > INSERT into radcheck VALUES ('','test0001','Max-All-Session','54000',':='); [2] username test0002 have total time limit of 3 hours a day test0002 Max-Daily-Session := 10800, User-Password == "blah" Service-Type = Framed-User, Framed-Protocol = PPP or in sql: > INSERT into radcheck VALUES ('','test0002','Max-Daily-Session','10800',':='); [3] username test0003 have total time limit of 90 hours a month test0003 Max-Monthly-Session := 324000, User-Password == "blah" Service-Type = Framed-User, Framed-Protocol = PPP in sql: > INSERT into radcheck VALUES ('','test0003','Max-Monthly-Session','10800',':='); Note that Max-All-Session, Max-Daily-Session and Max-Monthly-Session are definied in sqlcounter.conf VERY IMPORTANT: Accounting must be done via sql or this will not work. freeradius-server-3.0.16/doc/modules/rlm_sqlippool000066400000000000000000000042421322570622300222760ustar00rootroot00000000000000Welcome to the SQL Based IP Pool module. ********************************************************************** As of September 2006 this module is still under some development and currently is only tested by the developers on PostgreSQL (Version 8.1) Use it at your own risk! If plan to attempt to use a DB other than PostgreSQL please expect to have to do extra work which is not for SQL newbies. Having said that it works great for us in production and should (with some work) function correctly with other SQL server types. ********************************************************************** To use the sqlipool module you simply need to have an IP-Pool Attribute (Keep in mind that its a **CHECK** item, not reply) in the required configuration file, which is either in files(users), sql or any other type of configuration schema. The initialization of the radippool table is left to the user instead of being handled inside the module. This allows pool management to be done from any sql capable programming language and pools can be created, resized, deleted at run time without radiusd needing to be restarted. The only required fields are, pool_name and ip_address. A pool consists of one or more rows in the table with the same pool_name and a different ip_address. There is no restriction on which ip addresses/ranges may be in the same pool, and addresses do not need to be concurrent. We are currently using the variable definitions of the xlat module, so before editing the sqlippool.conf file, please go and read the variables.rst in the doc/configuration directory. It will help you alot!.. As you may noticed, there is a pool-key variable in the config file which allows you to select which attribute is unique according to your NAS setup. On a standard dialup NAS this is going to be "NAS-Port" but on an ethernet or wireless network it will probably be "Calling-Station-Id". Other more exotic options like "3GPP-IMSI" may also exist depending on your NAS. The only requirement is that the pool-key must be unique and must be received in both Access-Request and Accounting packages so that we know to clear the lease on the ip when the session disconnects. freeradius-server-3.0.16/doc/schemas/000077500000000000000000000000001322570622300174305ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/000077500000000000000000000000001322570622300203505ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/edir/000077500000000000000000000000001322570622300212735ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/edir/freeradius-clients.ldif000066400000000000000000000040611322570622300257240ustar00rootroot00000000000000# # LDIF Novell eDirectory schema to load dynamic clients from LDAP # # copyright 2013 Olivier Beytrison # # 1.3.6.1.4.1.11344.1.100 is the toplevel OID for this work # .1 = objectclasses # .2 = attributs dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' DESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServer' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' DESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributetypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=schema changetype: modify add: objectclasses objectclasses: ( 1.3.6.1.4.1.11344.1.100.1.1 NAME 'radiusClient' DESC 'radiusClient object class' SUP top STRUCTURAL MUST ( radiusClientIdentifier $ radiusClientSecret ) MAY ( radiusClientShortname $ radiusClientVirtualServer $ radiusClientType $ radiusClientRequireMa $radiusClientcomment )) freeradius-server-3.0.16/doc/schemas/ldap/iplanet/000077500000000000000000000000001322570622300220045ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/iplanet/freeradius.ldif000066400000000000000000000263471322570622300250110ustar00rootroot00000000000000# This is a LDAPv3 schema for RADIUS attributes. # Converted for use with iPlanet/Sun Directory Servers 5.x by Arne Brutschy # # Originally Tested on OpenLDAP 2.0.7 # Posted by Javier Fernandez-Sanguino Pena # LDAP v3 version by Jochen Friedrich # Updates by Adrian Pavlykevych ############## dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #need to change asn1.id attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.60 NAME 'radiusControlAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusReplyAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusRequestAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectClasses: ( 1.3.6.1.4.1.11344.4.3.2.1 NAME 'radiusprofile' DESC '' SUP top AUXILIARY MUST ( cn ) MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusAttribute $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusControlAttribute $ radiusReplyAttribute $ radiusRequestAttribute ) ) freeradius-server-3.0.16/doc/schemas/ldap/iplanet/freeradius.schema000066400000000000000000000310761322570622300253260ustar00rootroot00000000000000# This is a LDAPv3 schema for RADIUS attributes. # Tested on Sun One Directory server 5.2 # Created by Daniel Wilson (danielwilson_2k@yahoo.com) ############## dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema ####################### # aci to ensure that the standard schema attributes are visible to # all LDAP clients (anonymous access). # aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone"; ####################### objectClasses: ( 1.3.6.1.4.1.11344.4.3.2.1 NAME 'radiusprofile' SUP top AUXILIARY DESC 'Free Radius schema for Directory Server 5.2' MUST (cn) MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusAttribute $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDN $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusControlAttribute $ radiusReplyAttribute $radiusRequestAttribute ) X-ORIGIN 'user defined') attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined') attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined') attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined') attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.11344.4.3.1.60 NAME 'radiusControlAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusReplyAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes: ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusRequestAttribute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) freeradius-server-3.0.16/doc/schemas/ldap/openldap/000077500000000000000000000000001322570622300221525ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/openldap/freeradius-clients.ldif000066400000000000000000000036531322570622300266110ustar00rootroot00000000000000# # LDIF Openldap schema to load dynamic clients from LDAP # # copyright 2013 Olivier Beytrison # dn: cn=radiusClient,cn=schema,cn=config objectClass: olcSchemaConfig cn: radiusClient olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' SINGLE-VALUE DESC 'Client identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' SINGLE-VALUE DESC 'Client secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' SINGLE-VALUE DESC 'Client shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServer' SINGLE-VALUE DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' SINGLE-VALUE DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' SINGLE-VALUE DESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' SINGLE-VALUE DESC 'Client comment' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) olcObjectClasses: ( 1.3.6.1.4.1.11344.1.100.1.1 NAME 'radiusClient' DESC 'radiusClient object class' SUP top STRUCTURAL MUST ( radiusClientIdentifier $ radiusClientSecret ) MAY ( radiusClientShortname $ radiusClientVirtualServer $ radiusClientType $ radiusClientRequireMa $ radiusClientComment )) freeradius-server-3.0.16/doc/schemas/ldap/openldap/freeradius-clients.schema000066400000000000000000000033671322570622300271350ustar00rootroot00000000000000attributetype ( 1.3.6.1.4.1.11344.1.100.2.1 NAME 'radiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.2 NAME 'radiusClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.3 NAME 'radiusClientShortname' DESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.4 NAME 'radiusClientVirtualServer' DESC 'VirtualServer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.5 NAME 'radiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.6 NAME 'radiusClientRequireMa' DESC 'Require Message Authenticator' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.1.100.2.7 NAME 'radiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.11344.1.100.1.1 NAME 'radiusClient' DESC 'radiusClient object class' SUP top STRUCTURAL MUST ( radiusClientIdentifier $ radiusClientSecret ) MAY ( radiusClientShortname $ radiusClientVirtualServer $ radiusClientType $ radiusClientRequireMa $ radiusClientComment ) ) freeradius-server-3.0.16/doc/schemas/ldap/openldap/freeradius.ldif000066400000000000000000000313631322570622300251510ustar00rootroot00000000000000dn: cn=radius,cn=schema,cn=config objectClass: olcSchemaConfig cn: radius olcAttributeTypes: {0}( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'controlItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DESC 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DESC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {9}( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {11}( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {12}( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {13}( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {15}( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {18}( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC' replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol'DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {22}( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {24}( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {25}( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {26}( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {27}( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {28}( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {29}( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {30}( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {31}( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {32}( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {33}( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {34}( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {35}( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {36}( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' DESC ''EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {37}( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {38}( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {39}( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) olcAttributeTypes: {40}( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {41}( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout'DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {42}( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {43}( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {44}( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {45}( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {46}( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {47}( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {48}( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {49}( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {50}( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {51}( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {52}( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DESC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {53}( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {54}( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {55}( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {56}( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {57}( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'controlItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {58}( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {59}( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {60}( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {61}( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {62}( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DESC 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {63}( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' DESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcObjectClasses: {0}( 1.3.6.1.4.1.11344.4.3.2.1 NAME 'radiusprofile' DESC '' SUP top AUXILIARY MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $radiusFramedProtocol $ radiusAttribute $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDN $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage $ radiusControlAttribute $ radiusReplyAttribute $ radiusRequestAttribute ) ) olcObjectClasses: {1}( 1.3.6.1.4.1.11344.4.3.2.2 NAME 'radiusObjectProfile' DESC 'A Container Objectclass to be used for creating radius profile object' SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) freeradius-server-3.0.16/doc/schemas/ldap/openldap/freeradius.schema000066400000000000000000000304611322570622300254710ustar00rootroot00000000000000attributetype ( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'controlItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DESC 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DESC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC 'replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol' DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' DESC 'control:Replicate-To-Realm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout' DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoint' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoint' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DESC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'controlItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DESC 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' DESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.11344.4.3.2.1 NAME 'radiusprofile' SUP top AUXILIARY MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusAttribute $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDN $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage $ radiusControlAttribute $ radiusReplyAttribute $ radiusRequestAttribute ) ) objectclass ( 1.3.6.1.4.1.11344.4.3.2.2 NAME 'radiusObjectProfile' DESC 'A Container Objectclass to be used for creating radius profile object' SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) freeradius-server-3.0.16/doc/schemas/ldap/samba/000077500000000000000000000000001322570622300214335ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/ldap/samba/README.txt000066400000000000000000000007441322570622300231360ustar00rootroot00000000000000Change "dc=samba4,dc=internal" to your LDAP base DN, then install with: ldbmodify -H /usr/local/samba/private/sam.ldb freeradius-attrs.ldif \ --option="dsdb:schema update allowed"=true ldbmodify -H /usr/local/samba/private/sam.ldb freeradius-classes.ldif \ --option="dsdb:schema update allowed"=true These files were created by scripts/ldap/schema_to_samba.py, then split into two because the attributes must be loaded in a separate operation to the classes which use them. freeradius-server-3.0.16/doc/schemas/ldap/samba/freeradius-attrs.ldif000066400000000000000000000533431322570622300255670ustar00rootroot00000000000000dn: CN=radiusArapFeatures,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.1 isSingleValued: TRUE cn: radiusArapFeatures name: radiusArapFeatures lDAPDisplayName: radiusArapFeatures attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusArapSecurity,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.2 isSingleValued: TRUE cn: radiusArapSecurity name: radiusArapSecurity lDAPDisplayName: radiusArapSecurity attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusArapZoneAccess,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.3 isSingleValued: TRUE cn: radiusArapZoneAccess name: radiusArapZoneAccess lDAPDisplayName: radiusArapZoneAccess attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusAuthType,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.44 isSingleValued: TRUE cn: radiusAuthType name: radiusAuthType lDAPDisplayName: radiusAuthType description: controlItem: Auth-Type attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusCallbackId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.4 isSingleValued: TRUE cn: radiusCallbackId name: radiusCallbackId lDAPDisplayName: radiusCallbackId description: replyItem: Callback-Id attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusCallbackNumber,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.5 isSingleValued: TRUE cn: radiusCallbackNumber name: radiusCallbackNumber lDAPDisplayName: radiusCallbackNumber description: replyItem: Callback-Number attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusCalledStationId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.6 isSingleValued: TRUE cn: radiusCalledStationId name: radiusCalledStationId lDAPDisplayName: radiusCalledStationId description: controlItem: Called-Station-Id attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusCallingStationId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.7 isSingleValued: TRUE cn: radiusCallingStationId name: radiusCallingStationId lDAPDisplayName: radiusCallingStationId description: controlItem: Calling-Station-Id attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusClass,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.8 isSingleValued: FALSE cn: radiusClass name: radiusClass lDAPDisplayName: radiusClass description: replyItem: Class attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusClientIPAddress,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.45 isSingleValued: TRUE cn: radiusClientIPAddress name: radiusClientIPAddress lDAPDisplayName: radiusClientIPAddress attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFilterId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.9 isSingleValued: FALSE cn: radiusFilterId name: radiusFilterId lDAPDisplayName: radiusFilterId description: replyItem: Filter-Id attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedAppleTalkLink,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.10 isSingleValued: TRUE cn: radiusFramedAppleTalkLink name: radiusFramedAppleTalkLink lDAPDisplayName: radiusFramedAppleTalkLink description: replyItem: Framed-AppleTalk-Link attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedAppleTalkNetwork,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.11 isSingleValued: FALSE cn: radiusFramedAppleTalkNetwork name: radiusFramedAppleTalkNetwork lDAPDisplayName: radiusFramedAppleTalkNetwork description: replyItem: Framed-AppleTalk-Network attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedAppleTalkZone,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.12 isSingleValued: TRUE cn: radiusFramedAppleTalkZone name: radiusFramedAppleTalkZone lDAPDisplayName: radiusFramedAppleTalkZone description: replyItem: Framed-AppleTalk-Zone attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedCompression,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.13 isSingleValued: FALSE cn: radiusFramedCompression name: radiusFramedCompression lDAPDisplayName: radiusFramedCompression description: replyItem: Framed-Compression attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedIPAddress,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.14 isSingleValued: TRUE cn: radiusFramedIPAddress name: radiusFramedIPAddress lDAPDisplayName: radiusFramedIPAddress description: replyItem: Framed-IP-Address attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedIPNetmask,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.15 isSingleValued: TRUE cn: radiusFramedIPNetmask name: radiusFramedIPNetmask lDAPDisplayName: radiusFramedIPNetmask description: replyItem: Framed-IP-Netmask attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedIPXNetwork,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.16 isSingleValued: TRUE cn: radiusFramedIPXNetwork name: radiusFramedIPXNetwork lDAPDisplayName: radiusFramedIPXNetwork description: replyItem: Framed-IPX-Network attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedMTU,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.17 isSingleValued: TRUE cn: radiusFramedMTU name: radiusFramedMTU lDAPDisplayName: radiusFramedMTU description: replyItem: Framed-MTU attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedProtocol,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.18 isSingleValued: TRUE cn: radiusFramedProtocol name: radiusFramedProtocol lDAPDisplayName: radiusFramedProtocol description: replyItem: Framed-Protocol attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedRoute,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.19 isSingleValued: FALSE cn: radiusFramedRoute name: radiusFramedRoute lDAPDisplayName: radiusFramedRoute description: replyItem: Framed-Route attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusFramedRouting,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.20 isSingleValued: TRUE cn: radiusFramedRouting name: radiusFramedRouting lDAPDisplayName: radiusFramedRouting description: replyItem: Framed-Routing attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusGroupName,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.46 isSingleValued: FALSE cn: radiusGroupName name: radiusGroupName lDAPDisplayName: radiusGroupName attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusHint,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.47 isSingleValued: TRUE cn: radiusHint name: radiusHint lDAPDisplayName: radiusHint attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusHuntgroupName,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.48 isSingleValued: FALSE cn: radiusHuntgroupName name: radiusHuntgroupName lDAPDisplayName: radiusHuntgroupName attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusIdleTimeout,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.21 isSingleValued: TRUE cn: radiusIdleTimeout name: radiusIdleTimeout lDAPDisplayName: radiusIdleTimeout description: replyItem: Idle-Timeout attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginIPHost,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.22 isSingleValued: FALSE cn: radiusLoginIPHost name: radiusLoginIPHost lDAPDisplayName: radiusLoginIPHost description: replyItem: Login-IP-Host attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginLATGroup,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.23 isSingleValued: TRUE cn: radiusLoginLATGroup name: radiusLoginLATGroup lDAPDisplayName: radiusLoginLATGroup description: replyItem: Login-LAT-Group attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginLATNode,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.24 isSingleValued: TRUE cn: radiusLoginLATNode name: radiusLoginLATNode lDAPDisplayName: radiusLoginLATNode description: replyItem: Login-LAT-Node attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginLATPort,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.25 isSingleValued: TRUE cn: radiusLoginLATPort name: radiusLoginLATPort lDAPDisplayName: radiusLoginLATPort description: replyItem: Login-LAT-Port attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginLATService,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.26 isSingleValued: TRUE cn: radiusLoginLATService name: radiusLoginLATService lDAPDisplayName: radiusLoginLATService description: replyItem: Login-LAT-Service attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginService,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.27 isSingleValued: TRUE cn: radiusLoginService name: radiusLoginService lDAPDisplayName: radiusLoginService description: replyItem: Login-Service attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusLoginTCPPort,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.28 isSingleValued: TRUE cn: radiusLoginTCPPort name: radiusLoginTCPPort lDAPDisplayName: radiusLoginTCPPort description: replyItem: Login-TCP-Port attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusPasswordRetry,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.29 isSingleValued: TRUE cn: radiusPasswordRetry name: radiusPasswordRetry lDAPDisplayName: radiusPasswordRetry attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusPortLimit,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.30 isSingleValued: TRUE cn: radiusPortLimit name: radiusPortLimit lDAPDisplayName: radiusPortLimit description: replyItem: Port-Limit attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusProfileDN,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.49 isSingleValued: FALSE cn: radiusProfileDN name: radiusProfileDN lDAPDisplayName: radiusProfileDN attributeSyntax: 2.5.5.1 oMSyntax: 127 dn: CN=radiusPrompt,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.31 isSingleValued: TRUE cn: radiusPrompt name: radiusPrompt lDAPDisplayName: radiusPrompt attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusProxyToRealm,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.50 isSingleValued: TRUE cn: radiusProxyToRealm name: radiusProxyToRealm lDAPDisplayName: radiusProxyToRealm attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusReplicateToRealm,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.51 isSingleValued: TRUE cn: radiusReplicateToRealm name: radiusReplicateToRealm lDAPDisplayName: radiusReplicateToRealm description: control:Replicate-To-Realm attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusRealm,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.52 isSingleValued: TRUE cn: radiusRealm name: radiusRealm lDAPDisplayName: radiusRealm attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusServiceType,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.32 isSingleValued: TRUE cn: radiusServiceType name: radiusServiceType lDAPDisplayName: radiusServiceType description: replyItem: Service-Type attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusSessionTimeout,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.33 isSingleValued: TRUE cn: radiusSessionTimeout name: radiusSessionTimeout lDAPDisplayName: radiusSessionTimeout description: replyItem: Session-Timeout attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTerminationAction,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.34 isSingleValued: TRUE cn: radiusTerminationAction name: radiusTerminationAction lDAPDisplayName: radiusTerminationAction description: replyItem: Termination-Action attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelAssignmentId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.35 isSingleValued: FALSE cn: radiusTunnelAssignmentId name: radiusTunnelAssignmentId lDAPDisplayName: radiusTunnelAssignmentId attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelMediumType,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.36 isSingleValued: FALSE cn: radiusTunnelMediumType name: radiusTunnelMediumType lDAPDisplayName: radiusTunnelMediumType attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelPassword,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.37 isSingleValued: TRUE cn: radiusTunnelPassword name: radiusTunnelPassword lDAPDisplayName: radiusTunnelPassword attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelPreference,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.38 isSingleValued: FALSE cn: radiusTunnelPreference name: radiusTunnelPreference lDAPDisplayName: radiusTunnelPreference attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelPrivateGroupId,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.39 isSingleValued: FALSE cn: radiusTunnelPrivateGroupId name: radiusTunnelPrivateGroupId lDAPDisplayName: radiusTunnelPrivateGroupId attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelServerEndpoint,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.40 isSingleValued: FALSE cn: radiusTunnelServerEndpoint name: radiusTunnelServerEndpoint lDAPDisplayName: radiusTunnelServerEndpoint attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelType,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.41 isSingleValued: FALSE cn: radiusTunnelType name: radiusTunnelType lDAPDisplayName: radiusTunnelType attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusVSA,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.42 isSingleValued: FALSE cn: radiusVSA name: radiusVSA lDAPDisplayName: radiusVSA attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusTunnelClientEndpoint,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.43 isSingleValued: FALSE cn: radiusTunnelClientEndpoint name: radiusTunnelClientEndpoint lDAPDisplayName: radiusTunnelClientEndpoint attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusSimultaneousUse,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.53 isSingleValued: TRUE cn: radiusSimultaneousUse name: radiusSimultaneousUse lDAPDisplayName: radiusSimultaneousUse description: controlItem: Simultaneous-Use attributeSyntax: 2.5.5.9 oMSyntax: 10 dn: CN=radiusLoginTime,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.54 isSingleValued: TRUE cn: radiusLoginTime name: radiusLoginTime lDAPDisplayName: radiusLoginTime attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusUserCategory,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.55 isSingleValued: TRUE cn: radiusUserCategory name: radiusUserCategory lDAPDisplayName: radiusUserCategory attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusStripUserName,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.56 isSingleValued: TRUE cn: radiusStripUserName name: radiusStripUserName lDAPDisplayName: radiusStripUserName attributeSyntax: 2.5.5.8 oMSyntax: 1 dn: CN=dialupAccess,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.57 isSingleValued: TRUE cn: dialupAccess name: dialupAccess lDAPDisplayName: dialupAccess attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusExpiration,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.58 isSingleValued: TRUE cn: radiusExpiration name: radiusExpiration lDAPDisplayName: radiusExpiration description: controlItem: Expiration attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusAttribute,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.59 isSingleValued: FALSE cn: radiusAttribute name: radiusAttribute lDAPDisplayName: radiusAttribute description: controlItem: $GENERIC$ attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusNASIpAddress,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.61 isSingleValued: TRUE cn: radiusNASIpAddress name: radiusNASIpAddress lDAPDisplayName: radiusNASIpAddress attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusReplyMessage,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.62 isSingleValued: FALSE cn: radiusReplyMessage name: radiusReplyMessage lDAPDisplayName: radiusReplyMessage description: replyItem: Reply-Message attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusControlAttribute,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.63 isSingleValued: FALSE cn: radiusControlAttribute name: radiusControlAttribute lDAPDisplayName: radiusControlAttribute description: controlItem: $GENERIC$ attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusReplyAttribute,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.64 isSingleValued: FALSE cn: radiusReplyAttribute name: radiusReplyAttribute lDAPDisplayName: radiusReplyAttribute description: replyItem: $GENERIC$ attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: CN=radiusRequestAttribute,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.4.3.1.65 isSingleValued: FALSE cn: radiusRequestAttribute name: radiusRequestAttribute lDAPDisplayName: radiusRequestAttribute description: requestItem: $GENERIC$ attributeSyntax: 2.5.5.5 oMSyntax: 22 freeradius-server-3.0.16/doc/schemas/ldap/samba/freeradius-classes.ldif000066400000000000000000000053201322570622300260570ustar00rootroot00000000000000dn: CN=radiusprofile,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: classSchema governsID: 1.3.6.1.4.1.11344.4.3.2.1 cn: radiusprofile name: radiusprofile lDAPDisplayName: radiusprofile subClassOf: top objectClassCategory: 3 mayContain: radiusArapFeatures mayContain: radiusArapSecurity mayContain: radiusArapZoneAccess mayContain: radiusAuthType mayContain: radiusCallbackId mayContain: radiusCallbackNumber mayContain: radiusCalledStationId mayContain: radiusCallingStationId mayContain: radiusClass mayContain: radiusClientIPAddress mayContain: radiusFilterId mayContain: radiusFramedAppleTalkLink mayContain: radiusFramedAppleTalkNetwork mayContain: radiusFramedAppleTalkZone mayContain: radiusFramedCompression mayContain: radiusFramedIPAddress mayContain: radiusFramedIPNetmask mayContain: radiusFramedIPXNetwork mayContain: radiusFramedMTU mayContain: radiusFramedProtocol mayContain: radiusAttribute mayContain: radiusFramedRoute mayContain: radiusFramedRouting mayContain: radiusIdleTimeout mayContain: radiusGroupName mayContain: radiusHint mayContain: radiusHuntgroupName mayContain: radiusLoginIPHost mayContain: radiusLoginLATGroup mayContain: radiusLoginLATNode mayContain: radiusLoginLATPort mayContain: radiusLoginLATService mayContain: radiusLoginService mayContain: radiusLoginTCPPort mayContain: radiusLoginTime mayContain: radiusPasswordRetry mayContain: radiusPortLimit mayContain: radiusPrompt mayContain: radiusProxyToRealm mayContain: radiusRealm mayContain: radiusReplicateToRealm mayContain: radiusServiceType mayContain: radiusSessionTimeout mayContain: radiusStripUserName mayContain: radiusTerminationAction mayContain: radiusTunnelClientEndpoint mayContain: radiusProfileDN mayContain: radiusSimultaneousUse mayContain: radiusTunnelAssignmentId mayContain: radiusTunnelMediumType mayContain: radiusTunnelPassword mayContain: radiusTunnelPreference mayContain: radiusTunnelPrivateGroupId mayContain: radiusTunnelServerEndpoint mayContain: radiusTunnelType mayContain: radiusUserCategory mayContain: radiusVSA mayContain: radiusExpiration mayContain: dialupAccess mayContain: radiusNASIpAddress mayContain: radiusReplyMessage mayContain: radiusControlAttribute mayContain: radiusReplyAttribute mayContain: radiusRequestAttribute dn: CN=radiusObjectProfile,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: classSchema governsID: 1.3.6.1.4.1.11344.4.3.2.2 cn: radiusObjectProfile name: radiusObjectProfile lDAPDisplayName: radiusObjectProfile description: A Container Objectclass to be used for creating radius profile object subClassOf: top objectClassCategory: 1 mustContain: cn mayContain: uid mayContain: userPassword mayContain: description freeradius-server-3.0.16/doc/schemas/ldap/samba/freeradius-clients-attrs.ldif000066400000000000000000000047401322570622300272230ustar00rootroot00000000000000dn: CN=radiusClientIdentifier,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.1 isSingleValued: TRUE cn: radiusClientIdentifier name: radiusClientIdentifier lDAPDisplayName: radiusClientIdentifier description: Client Identifier attributeSyntax: 2.5.5.3 oMSyntax: 27 dn: CN=radiusClientSecret,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.2 isSingleValued: TRUE cn: radiusClientSecret name: radiusClientSecret lDAPDisplayName: radiusClientSecret description: Client Secret attributeSyntax: 2.5.5.3 oMSyntax: 27 dn: CN=radiusClientShortname,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.3 isSingleValued: TRUE cn: radiusClientShortname name: radiusClientShortname lDAPDisplayName: radiusClientShortname description: Client Shortname attributeSyntax: 2.5.5.3 oMSyntax: 27 dn: CN=radiusClientVirtualServer,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.4 isSingleValued: TRUE cn: radiusClientVirtualServer name: radiusClientVirtualServer lDAPDisplayName: radiusClientVirtualServer description: VirtualServer attributeSyntax: 2.5.5.3 oMSyntax: 27 dn: CN=radiusClientType,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.5 isSingleValued: TRUE cn: radiusClientType name: radiusClientType lDAPDisplayName: radiusClientType description: Client Type attributeSyntax: 2.5.5.3 oMSyntax: 27 dn: CN=radiusClientRequireMa,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.6 isSingleValued: TRUE cn: radiusClientRequireMa name: radiusClientRequireMa lDAPDisplayName: radiusClientRequireMa description: Require Message Authenticator attributeSyntax: 2.5.5.8 oMSyntax: 1 dn: CN=radiusClientComment,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.4.1.11344.1.100.2.7 isSingleValued: TRUE cn: radiusClientComment name: radiusClientComment lDAPDisplayName: radiusClientComment description: Client comment attributeSyntax: 2.5.5.3 oMSyntax: 27 freeradius-server-3.0.16/doc/schemas/ldap/samba/freeradius-clients-classes.ldif000066400000000000000000000010421322570622300275130ustar00rootroot00000000000000dn: CN=radiusClient,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: add objectClass: top objectClass: classSchema governsID: 1.3.6.1.4.1.11344.1.100.1.1 cn: radiusClient name: radiusClient lDAPDisplayName: radiusClient description: radiusClient object class subClassOf: top objectClassCategory: 1 mustContain: radiusClientIdentifier mustContain: radiusClientSecret mayContain: radiusClientShortname mayContain: radiusClientVirtualServer mayContain: radiusClientType mayContain: radiusClientRequireMa mayContain: radiusClientComment freeradius-server-3.0.16/doc/schemas/ldap/samba/freeradius-user.ldif000066400000000000000000000005711322570622300254030ustar00rootroot00000000000000# Use this if you want to be able to apply radiusprofile # Auxiliary class directly to Users in the directory. # Install with: # ldbmodify -H /usr/local/samba/private/sam.ldb \ # user.ldif \ # --option="dsdb:schema update allowed"=true dn: CN=User,CN=Schema,CN=Configuration,dc=samba4,dc=internal changetype: modify add: auxiliaryClass auxiliaryClass: radiusprofile freeradius-server-3.0.16/doc/schemas/logstash/000077500000000000000000000000001322570622300212545ustar00rootroot00000000000000freeradius-server-3.0.16/doc/schemas/logstash/README000066400000000000000000000064751322570622300221500ustar00rootroot00000000000000Example configuration for logstash/elasticsearch ================================================ So you've got all these RADIUS logs, but how do you analyse them? What is the easiest way to query the logs, find out when a client connected or disconnected, or view the top ten clients logging into the system over the last six hours? The elastic stack is designed and built to do just that. elasticsearch is a search engine; logstash is commonly used to feed data in, and kibana the web interface to query the logs in near real time. Installing the elastic stack is beyond the scope of this document, but can be done in a short amount of time by any competent sysadmin. Then comes getting the logs in. This directory contains the following files as a starting point for feeding RADIUS logs into elasticsearch via logstash, then sample dashboards for Kibana to explore the data. Files ----- Please note that all files should be reviewed before use to determine if they are suitable for your configuration/system, especially if you are integrating this into an existing logstash/elasticsearch setup. radius-mapping.sh Each elasticsearch index needs a mapping to describe how fields are stored. If one is not provided then all is not lost as elasticsearch will build one on the fly. However, this may not be optimal, especially for RADIUS data, as all fields will be analyzed making some visualisations hard or impossible (such as showing top N clients). This shell script (which just runs curl) pushes a template mapping into the elasticsearch cluster. logstash-radius.conf A sample configuration file for logstash that parses RADIUS 'detail' files. It processes these by joining each record onto one line, then splitting the tab-delimited key-value pairs out. Some additional data is then extracted from certain key attributes. The logstash config will need to be edited at least to set the input method: for experimentation the given input (file) may be used. If logstash is running on the RADIUS server itself then this example input may be appropriate, otherwise a different input such as log-courier or filebeat may be better to get the data over the network to logstash. It would be best to use an input method that can join the multiple lines of the detail file together and feed them to logstash as a single entry, rather than using the logstash multiline codec. log-courier.conf An example configuration for the log-courier feeder. kibana4-dashboard.json Basic RADIUS dashboard for Kibana 4 and Kibana 5. To import the dashboard first create a new index called "radius-*" in Settings/Indices. Then go to Kibana's Settings page, "Objects" and "Import". Once imported open the "RADIUS detail" dashboard. Example usage ------------- Install mapping (only needs to be done once): $ ./radius-mapping.sh Edit logstash-radius.conf to point to the correct file, then feed a detail file in: # /usr/share/logstash/bin/logstash --path.settings=/etc/logstash -f logstash-radius.conf See also -------- elasticsearch web site: http://www.elastic.co/ The configuration examples presented here have been tested with the following software versions (note that elasticsearch 2.x may not yet work with this config). elasticsearch 5.1.2 logstash 5.1.2 kibana 5.1.2 kibana 4.1.11 Matthew Newton January 2017 freeradius-server-3.0.16/doc/schemas/logstash/kibana4-dashboard.json000066400000000000000000000154201322570622300254070ustar00rootroot00000000000000[ { "_id": "RADIUS-data", "_type": "search", "_source": { "title": "RADIUS data", "description": "", "hits": 0, "columns": [ "User-Name", "Calling-Station-Id", "Called-Station-Id", "Framed-IP-Address", "NAS-Identifier" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"radius-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" } } }, { "_id": "RADIUS-detail", "_type": "dashboard", "_source": { "title": "RADIUS detail", "hits": 0, "description": "", "panelsJSON": "[{\"col\":5,\"id\":\"RADIUS-unique-User-Name-by-day\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"User-Name\",\"Calling-Station-Id\",\"Called-Station-Id\",\"Framed-IP-Address\",\"NAS-Identifier\"],\"id\":\"RADIUS-data\",\"row\":5,\"size_x\":8,\"size_y\":4,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"RADIUS-accounting-packets-histogram\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"RADIUS-table-topN-data-transferred-by-User-Name\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"RADIUS-Sessions-per-NAS\",\"type\":\"visualization\",\"size_x\":4,\"size_y\":4,\"col\":9,\"row\":5}]", "version": 1, "timeRestore": true, "timeTo": "now", "timeFrom": "now-7d", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "RADIUS-Accounting-Start-data", "_type": "search", "_source": { "title": "RADIUS Accounting-Start data", "description": "", "hits": 0, "columns": [ "User-Name", "Calling-Station-Id", "Called-Station-Id", "Framed-IP-Address", "NAS-Identifier" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"radius-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"radius-*\",\"key\":\"Acct-Status-Type\",\"value\":\"Start\",\"disabled\":false},\"query\":{\"match\":{\"Acct-Status-Type\":{\"query\":\"Start\",\"type\":\"phrase\"}}}}]}" } } }, { "_id": "RADIUS-unique-User-Name-by-day", "_type": "visualization", "_source": { "title": "RADIUS unique User-Name by day", "visState": "{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"User-Name\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"d\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"User-Name\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"filter\": []\n}" }, "savedSearchId": "RADIUS-data" } }, { "_id": "RADIUS-accounting-packets-histogram", "_type": "visualization", "_source": { "title": "RADIUS accounting packets histogram", "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Acct-Status-Type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "savedSearchId": "RADIUS-data", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "RADIUS-table-topN-data-transferred-by-User-Name", "_type": "visualization", "_source": { "title": "RADIUS table topN data transferred by User-Name", "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"Acct-Output-Octets_long\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"User-Name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"Acct-Input-Octets_long\"}}],\"listeners\":{}}", "description": "", "savedSearchId": "RADIUS-data", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } }, { "_id": "RADIUS-Sessions-per-NAS", "_type": "visualization", "_source": { "title": "RADIUS Sessions per NAS", "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"NAS-Identifier\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description": "", "savedSearchId": "RADIUS-Accounting-Start-data", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[]}" } } } ] freeradius-server-3.0.16/doc/schemas/logstash/log-courier.conf000066400000000000000000000022571322570622300243600ustar00rootroot00000000000000# Example log-courier configuration file for RADIUS detail files. # # This has been tested with log-courier version 2.0.4 # { "general": { "persist directory": "/var/lib/log-courier", "log syslog": true, "log stdout": false }, "network": { "transport": "tcp", # Servers to connect to. # "servers": [ "logstash1.example:5140", "logstash2.example:5140" ] }, "files": [ { # Match RADIUS detail files, but not anything that has # been gzipped. # "paths": [ "/var/log/radius/radacct/*/detail-????????" ], # Add a type:"radiusdetail" field to the data so that # logstash can tell what type of data this is (in case # log-courier is being used for other data as well). # "fields": { "type": "radiusdetail" }, # Stop watching a file if nothing has been written in 12h. # "dead time": "12h", # Process multilines. If this is being used then the # "multiline" section should be commented out from the # logstash configuration. Logstash can then also be run # with multiple workers (using -w). # "codecs": [ { "name": "multiline", "patterns": [ "^[A-Z\t]" ], "what": "next" } ] } ] } freeradius-server-3.0.16/doc/schemas/logstash/logstash-radius.conf000066400000000000000000000163451322570622300252450ustar00rootroot00000000000000# logstash configuration to process RADIUS detail files # # Matthew Newton # January 2017 # # This config has been tested with logstash version 5.1.2. # # RADIUS "detail" files are textual representations of the RADIUS # packets, and are written to disk by e.g. FreeRADIUS. They look # something like the following, with the timestamp on the first # line then all attributes/values tab-indented. # # Tue Mar 10 15:32:24 2015 # Packet-Type = Access-Request # User-Name = "test@example.com" # Calling-Station-Id = "01-02-03-04-05-06" # Called-Station-Id = "aa-bb-cc-dd-ee-ff:myssid" # NAS-Port = 10 # NAS-IP-Address = 10.9.0.4 # NAS-Identifier = "Wireless-Controller-1" # Service-Type = Framed-User # NAS-Port-Type = Wireless-802.11 # # Example input - read data from a file. For example, to read in a # detail file with this input you could use: # # # /usr/share/logstash/bin/logstash --path.settings=/etc/logstash -f logstash-radius.conf # input { file { path => "/path/to/radius/detail/file" # Note when testing that logstash will remember where # it got to and continue from there. start_position => "beginning" # Set the type, for below. type => radiusdetail # It is preferable to use a log feeder that can join # multiple lines together, rather than using multiline # here. For an example, see the log-courier # configuration in this directory. # If you didn't read the above, go back and read it again. # If that is not possible you may be able to use the # following section. Note that if you are using the # "stdin" input, the file is chunked into 16k blobs, # so every 16k a detail record is likely to be chopped # in half. If you are using the "file" input (as in this # example), the blank links between records are not # passed through so the regex here has to be aware of # that. Basically, do multiline as early as possible # in your log feeder client not here and you'll avoid # most issues that are likely to come up. codec => multiline { pattern => "^\t" negate => false what => "previous" } # If you really want to use the "stdin" input, this # will work better, but be aware of the comments # above. #codec => multiline { # pattern => "^[A-Z\t]" # negate => false # what => "next" #} } } # Moving into production will likely need something more reliable. # There are many input methods, an example here using log-courier # (which supports client-site multiline processing and does not # lose log events if logstash is restarted). You could also # investigate e.g. filebeat from Elastic. # input { # courier { # port => 5140 # transport => "tcp" # # # Don't set the type here, as it's set in the # # log-courier config instead. # #type => radiusdetail # } # } # Filter stage. Here we take the raw logs and process them into # something structured ready to index. Each attribute is stored as # a separate field in the output document. filter { if [type] == "radiusdetail" { # Pull off the timestamp at the start of the # detail record. Note there may be additional data # after it that has been added by the local admin, # so stop at a newline OR a tab. grok { match => [ "message", "^(?[^\n\t]+)[\n\t]" ] } # Create the @timestamp field. date { match => [ "timestamp", "EEE MMM dd HH:mm:ss yyyy", "EEE MMM d HH:mm:ss yyyy" ] } # Split the attributes and values into fields. # This is the bulk of processing that adds all of # the RADIUS attributes as elasticsearch fields. # Note issue https://github.com/logstash-plugins/logstash-filter-kv/issues/10 # currently means that all spaces will be stripped # from all fields. If this is a problem, adjust the # trim setting. kv { field_split => "\n" source => "message" trim => "\" " trimkey => "\t " } # Now we try and add some useful additional # information. If certain fields can be broken # down into components then do that here and add # the data as sub-fields. For example, # Called-Station-Id might be able to be broken # down to Called-Station-Id_mac and Called-Station-Id_ssid # on some wireless systems, or to _ip and _port # with a VPN. # Multiple calls to grok otherwise it can stop # processing once it has matched one field, but # e.g. you want to pull both IP and port out of # the same field in two different regex's. # Pull out some IP addresses as field_ip: grok { break_on_match => false tag_on_failure => [] match => [ "Framed-IP-Address", "^(?\d+\.\d+\.\d+\.\d+$)", "NAS-IP-Address", "^(?\d+\.\d+\.\d+\.\d+$)", "Calling-Station-Id", "^(?\d+\.\d+\.\d+\.\d+)", "Called-Station-Id", "^(?\d+\.\d+\.\d+\.\d+)" ] } # Split User-Name, Operator-Name, and pull out # some IP ports if they are there: grok { break_on_match => false tag_on_failure => [] match => [ "User-Name", "^(?[^@]+)?(?:@(?[^@]+))$", "Operator-Name", "^(?.)(?.+)$", "Calling-Station-Id", "\[(?\d+)\]$", "Called-Station-Id", "\[(?\d+)\]$" ] } # Extract MAC addresses (and SSIDs if there). # MAC address matching here is lazy, but should be # good enough. grok { break_on_match => false tag_on_failure => [] match => [ "Calling-Station-Id", "^(?[a-fA-F0-9:-]{17})$", "Calling-Station-Id", "^(?[a-fA-F0-9\.]{14})$", "Calling-Station-Id", "^(?[a-fA-F0-9]{12})$", "Called-Station-Id", "^(?[a-fA-F0-9:-]{17})(?::(?.*))?$", "Called-Station-Id", "^(?[a-fA-F0-9\.]{14})(?::(?.*))?$", "Called-Station-Id", "^(?[a-fA-F0-9]{12})(?::(?.*))?$" ] } # With the optional sanitize_mac plugin, it's # possible to make sure all MAC addresses look the # same, which has obvious benefits. # # https://github.com/mcnewton/logstash-filter-sanitize_mac # sanitize_mac { # match => { # "Called-Station-Id_mac" => "Called-Station-Id_mac" # "Calling-Station-Id_mac" => "Calling-Station-Id_mac" # } # separator => "-" # fixcase => "lower" # } # Gigawords presents an issue because the 64-bit # value is split across two attributes. Combine # them both back into a single attribute so that # the full value is available to use. if ([Acct-Input-Octets]) { ruby { code => "event.set('Acct-Input-Octets_long', event.get('Acct-Input-Octets').to_i + (event.get('Acct-Input-Gigawords') ? (event.get('Acct-Input-Gigawords').to_i * (2**32)) : 0))" } } if ([Acct-Output-Octets]) { ruby { code => "event.set('Acct-Output-Octets_long', event.get('Acct-Output-Octets').to_i + (event.get('Acct-Output-Gigawords') ? (event.get('Acct-Output-Gigawords').to_i * (2**32)) : 0))" } } } } # Output data to the local elasticsearch cluster # using type "detail" in index "radius-DATE". output { if [type] == "radiusdetail" { elasticsearch { document_type => "detail" index => "radius-%{+YYYY.MM.dd}" flush_size => 1000 } } } freeradius-server-3.0.16/doc/schemas/logstash/radius-mapping.sh000077500000000000000000000046561322570622300245460ustar00rootroot00000000000000#! /bin/sh # Create an elasticsearch template mapping for RADIUS data # Matthew Newton # April 2015 # This should be run on an elasticsearch node. Alternatively, # adjust the curl URI below. # This version has been tested on elasticsearch 5.1.2 # The template will be called "radius", and will apply to all # indices prefixed with "radius-" that contain data type "detail". # As not all RADIUS attributes are known to begin with it has the # following starting point that can be modified to suit the local # configuration: # # Acct-Input- or Acct-Output- attributes are numbers; # Acct-Session-Time is a number; # Everything else is a keyword, which is a non-analysed string. # Additionally, the supplied logstash config will try and extract # MAC addresses, IP addresses and ports from the data. These are # stored with suffixes on the respective attribute. For example, # an attribute # # Called-Station-Id := "10.0.4.6[4500]" # # will be broken down into the following fields in elasticsearch: # # Called-Station-Id = "10.0.4.6[4500]" # Called-Station-Id_ip = "10.0.4.6" # Called-Station-Id_port = "4500" # # This mapping ensures that these have an appropriate data type. curl -XPUT '127.0.0.1:9200/_template/radius' -d ' { "template":"radius-*", "order":0, "mappings":{ "detail":{ "properties": { "@timestamp": { "format" : "date_optional_time", "type" : "date" }, "@version": { "type" : "keyword" }, "message": { "type" : "text" }, "Acct-Session-Time": { "type" : "long" }, "offset": { "type" : "long" } }, "dynamic_templates": [ { "acct_io_numbers": { "match_pattern": "regex", "match": "^Acct-(Input|Output)-.*$", "mapping": { "type": "long" } } }, { "ipv4_address": { "path_match": "*_ip", "mapping": { "type": "ip" } } }, { "network_port": { "path_match": "*_port", "mapping": { "type": "integer" } } }, { "long_number": { "path_match": "*_long", "mapping": { "type": "long" } } }, { "no_analyze_strings": { "match": "*", "mapping": { "type": "keyword" } } } ] } } }' freeradius-server-3.0.16/doc/schemas/sql000066400000000000000000000003671322570622300201600ustar00rootroot00000000000000SQL Schemas =========== SQL Schemas are included in raddb///schema.sql. It seemed like too much of a pain to split them out and put them here, especially in the case of SQLite where they're sometimes used for bootstrap. freeradius-server-3.0.16/doc/source/000077500000000000000000000000001322570622300173055ustar00rootroot00000000000000freeradius-server-3.0.16/doc/source/.gitignore000066400000000000000000000000251322570622300212720ustar00rootroot00000000000000html latex man *.tmp freeradius-server-3.0.16/doc/source/Doxyfile000066400000000000000000003051721322570622300210230ustar00rootroot00000000000000# Doxyfile 1.8.9 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = FreeRADIUS # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = $Id: 010a21ffec14b21f7009e0fa7baa4258614b3314 $ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify a logo or an icon that is included # in the documentation. The maximum height of the logo should not exceed 55 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy # the logo to the output directory. PROJECT_LOGO = ./extra/freeradius.png # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = # If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = YES # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new # page for each member. If set to NO, the documentation of a member will be part # of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = YES # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 2 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = YES # If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES, all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = YES # If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined # locally in source files will be included in the documentation. If set to NO, # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. If set to YES, local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO, only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = YES # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO, these classes will be included in the various overviews. This option # has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO, these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO, these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES, upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES, the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = YES # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = YES # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo # list. This list is created by putting \todo commands in the documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test # list. This list is created by putting \test commands in the documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES, the # list will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = YES # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error (stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO, doxygen will only warn about wrong or incomplete # parameter documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. # Note: If this tag is empty the current directory is searched. INPUT = ../../src \ extra # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank the # following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, # *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, # *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, # *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, # *.qsf, *.as and *.js. FILE_PATTERNS = *.c \ *.h # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = YES # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = NO # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefore more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra style sheet files is of importance (e.g. the last # style sheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the style sheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = YES # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler (hhc.exe). If non-empty, # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated # (YES) or that it should be included in the master .chm file (NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated # (YES) or a normal table of contents (NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 1 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using pre-rendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://www.mathjax.org/mathjax # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /