Import freeradius2

Also bump to version 2.2.5 and add myself as maintainer.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

net/freeradius2/Config.in

@@ -0,0 +1,14 @@
+# FreeRADIUS avanced configuration
+
+choice
+	prompt "SSL library"
+	default FREERADIUS_OPENSSL
+	depends on PACKAGE_freeradius2-common
+
+config FREERADIUS_NOSSL
+	bool "No SSL support"
+
+config FREERADIUS_OPENSSL
+	bool "OpenSSL"
+
+endchoice

net/freeradius2/Makefile

@@ -0,0 +1,632 @@
+#
+# Copyright (C) 2008-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=freeradius2
+PKG_VERSION:=2.2.5
+PKG_RELEASE:=1
+
+PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/
+PKG_MD5SUM:=40535bace507d7a3134c3d858f3cbc5a
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
+PKG_FIXUP:=autoreconf
+
+PKG_CONFIG_DEPENDS := \
+  FREERADIUS_OPENSSL \
+  FREERADIUS_NOSSL
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/freeradius2/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define Package/freeradius2/Default
+  SECTION:=net
+  CATEGORY:=Network
+  URL:=http://freeradius.org/
+  SUBMENU:=FreeRADIUS (version 2)
+endef
+
+define Package/freeradius2
+  $(call Package/freeradius2/Default)
+  DEPENDS:=+libltdl +libreadline +freeradius2-common
+  TITLE:=A flexible RADIUS server (version 2)
+endef
+
+define Package/freeradius2/conffiles
+/etc/freeradius2/clients.conf
+/etc/freeradius2/radiusd.conf
+/etc/freeradius2/sites/default
+endef
+
+define Package/freeradius2-democerts
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Demo certificates to test the server
+endef
+
+define Package/freeradius2-common
+  $(call Package/freeradius2/Default)
+  TITLE:=common files
+  DEPENDS:=+libpthread +FREERADIUS_OPENSSL:libopenssl
+endef
+
+define Package/freeradius2-mod-chap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=CHAP module
+endef
+
+define Package/freeradius2-mod-chap/conffiles
+/etc/freeradius2/modules/chap
+endef
+
+define Package/freeradius2-mod-detail
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Detailed accounting module
+endef
+
+define Package/freeradius2-mod-detail/conffiles
+/etc/freeradius2/modules/detail
+endef
+
+define Package/freeradius2-mod-eap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Base EAP module
+endef
+
+define Package/freeradius2-mod-eap/conffiles
+/etc/freeradius2/eap.conf
+endef
+
+define Package/freeradius2-mod-eap-gtc
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap
+  TITLE:=EAP/GTC module
+endef
+
+define Package/freeradius2-mod-eap-md5
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap
+  TITLE:=EAP/MD5 module
+endef
+
+define Package/freeradius2-mod-eap-mschapv2
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap +freeradius2-mod-mschap
+  TITLE:=EAP/MS-CHAPv2 module
+endef
+
+define Package/freeradius2-mod-eap-peap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap @FREERADIUS_OPENSSL
+  TITLE:=EAP/PEAP module
+endef
+
+define Package/freeradius2-mod-eap-tls
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap @FREERADIUS_OPENSSL
+  TITLE:=EAP/TLS module
+endef
+
+define Package/freeradius2-mod-eap-ttls
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-eap-tls
+  TITLE:=EAP/TTLS module
+endef
+
+define Package/freeradius2-mod-exec
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=EXEC module
+endef
+
+define Package/freeradius2-mod-exec/conffiles
+/etc/freeradius2/modules/exec
+endef
+
+define Package/freeradius2-mod-expiration
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Expiration module
+endef
+
+define Package/freeradius2-mod-expiration/conffiles
+/etc/freeradius2/modules/expiration
+endef
+
+define Package/freeradius2-mod-always
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Always module
+endef
+
+define Package/freeradius2-mod-always/conffiles
+/etc/freeradius2/modules/always
+endef
+
+define Package/freeradius2-mod-expr
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=EXPR module
+endef
+
+define Package/freeradius2-mod-expr/conffiles
+/etc/freeradius2/modules/expr
+endef
+
+define Package/freeradius2-mod-attr-filter
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=ATTR filter module
+endef
+
+define Package/freeradius2-mod-attr-filter/conffiles
+/etc/freeradius2/modules/attr_filter
+/etc/freeradius2/attrs
+/etc/freeradius2/attrs.access_reject
+/etc/freeradius2/attrs.accounting_response
+/etc/freeradius2/attrs.pre-proxy
+endef
+
+define Package/freeradius2-mod-attr-rewrite
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=ATTR rewrite module
+endef
+
+define Package/freeradius2-mod-attr-rewrite/conffiles
+/etc/freeradius2/modules/attr_rewrite
+endef
+
+define Package/freeradius2-mod-files
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Module using local files for authorization
+endef
+
+define Package/freeradius2-mod-files/conffiles
+/etc/freeradius2/acct_users
+/etc/freeradius2/preproxy_users
+/etc/freeradius2/users
+/etc/freeradius2/modules/files
+endef
+
+define Package/freeradius2-mod-passwd
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Rlm passwd module
+endef
+
+define Package/freeradius2-mod-passwd/conffiles
+/etc/freeradius2/modules/passwd
+endef
+
+define Package/freeradius2-mod-ldap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2 +PACKAGE_freeradius2-mod-ldap:libopenldap
+  TITLE:=LDAP module
+endef
+
+define Package/freeradius2-mod-ldap/conffiles
+/etc/freeradius2/ldap.attrmap
+/etc/freeradius2/modules/ldap
+endef
+
+define Package/freeradius2-mod-logintime
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Logintime module
+endef
+
+define Package/freeradius2-mod-logintime/conffiles
+/etc/freeradius2/modules/logintime
+endef
+
+define Package/freeradius2-mod-mschap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=MS-CHAP and MS-CHAPv2 module
+endef
+
+define Package/freeradius2-mod-mschap/conffiles
+/etc/freeradius2/modules/mschap
+endef
+
+define Package/freeradius2-mod-pap
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=PAP module
+endef
+
+define Package/freeradius2-mod-pap/conffiles
+/etc/freeradius2/modules/pap
+endef
+
+define Package/freeradius2-mod-preprocess
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Request pre-processing module
+endef
+
+define Package/freeradius2-mod-preprocess/conffiles
+/etc/freeradius2/hints
+/etc/freeradius2/huntgroups
+/etc/freeradius2/modules/preprocess
+endef
+
+define Package/freeradius2-mod-realm
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Realms handling module
+endef
+
+define Package/freeradius2-mod-realm/conffiles
+/etc/freeradius2/proxy.conf
+/etc/freeradius2/modules/realm
+endef
+
+define Package/freeradius2-mod-sql
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Base SQL module
+endef
+
+define Package/freeradius2-mod-sql/conffiles
+/etc/freeradius2/sql.conf
+endef
+
+define Package/freeradius2-mod-sql-mysql
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-sql \
+  	+PACKAGE_freeradius2-mod-sql-mysql:libmysqlclient-r
+  TITLE:=MySQL module
+endef
+
+define Package/freeradius2-mod-sql-pgsql
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-sql \
+  	+PACKAGE_freeradius2-mod-sql-pgsql:libpq
+  TITLE:=PostgreSQL module
+endef
+
+define Package/freeradius2-mod-sql-sqlite
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-sql \
+  	+PACKAGE_freeradius2-mod-sql-sqlite:libsqlite3
+  TITLE:=SQLite module
+endef
+
+define Package/freeradius2-mod-sqlcounter
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2-mod-sql
+  TITLE:=Generic SQL Counter module
+endef
+
+define Package/freeradius2-mod-radutmp
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=Radius UTMP module
+endef
+
+define Package/freeradius2-mod-radutmp/conffiles
+/etc/freeradius2/modules/radutmp
+/etc/freeradius2/modules/sradutmp
+endef
+
+define Package/freeradius2-utils
+  $(call Package/freeradius2/Default)
+  DEPENDS:=+freeradius2-common
+  TITLE:=Misc. client utilities
+endef
+
+define Package/freeradius2-mod-sqllog
+  $(call Package/freeradius2/Default)
+  DEPENDS:=freeradius2
+  TITLE:=SQL Logging module
+endef
+
+CONFIGURE_ARGS+= \
+	--libdir=/usr/lib/freeradius2 \
+	--libexecdir=/usr/lib/freeradius2 \
+	--enable-shared \
+	--disable-static \
+	--disable-developer \
+	--with-threads \
+	$(if $(CONFIG_FREERADIUS_OPENSSL),--with,--without)-openssl \
+	$(if $(CONFIG_FREERADIUS_OPENSSL),--with-openssl-includes="$(STAGING_DIR)/usr/include",) \
+	$(if $(CONFIG_FREERADIUS_OPENSSL),--with-openssl-libraries="$(STAGING_DIR)/usr/lib",) \
+	--with-system-libtool \
+	--with-system-libltdl \
+	--enable-strict-dependencies \
+	--with-raddbdir=/etc/freeradius2 \
+	--with-radacctdir=/var/db/radacct \
+	--with-logdir=/var/log \
+	--without-edir \
+	--without-snmp \
+	--without-rlm_checkval \
+	--without-rlm_dbm \
+	--without-rlm_counter \
+	--with-rlm_expr \
+	--with-rlm_eap \
+	--without-rlm_eap_sim \
+	--without-rlm_example \
+	--without-rlm_ippool \
+	--without-rlm_krb5 \
+	--without-rlm_otp \
+	--without-rlm_smsotp \
+	--without-rlm_pam \
+	--without-rlm_perl \
+	--without-rlm_python \
+	--without-rlm_smb \
+	--with-rlm_sql \
+	--with-rlm_sqlcounter \
+	--without-rlm_sqlhpwippool \
+	--without-rlm_sqlippool \
+	--without-rlm_sql_db2 \
+	--without-rlm_sql_firebird \
+	--without-rlm_sql_freetds \
+	--without-rlm_sql_iodbc \
+	--without-rlm_sql_oracle \
+	--without-rlm_sql_sybase \
+	--without-rlm_sql_unixodbc \
+	--without-rlm_sql_log \
+	--without-rlm_unix \
+	--without-rlm_eap_tnc \
+	--without-rlm_eap_ikev2 \
+	--without-rlm_opendirectory \
+	--without-rlm_wimax \
+	--without-rlm_ruby \
+	--without-rlm_caching \
+	--without-rlm_redis \
+	--without-rlm_rediswho \
+	--without-rlm_soh \
+	--without-rlm_sim \
+	--without-rlm_replicate \
+	--without-rlm_protocol_filter \
+	--without-rlm_policy \
+	--without-rlm_linelog \
+	--without-rlm_jradius \
+	--without-rlm_fastusers \
+	--without-rlm_eap_leap \
+	--without-rlm_dynamic_clients \
+	--without-rlm_digest \
+	--without-rlm_cram \
+	--without-rlm_copy_packet \
+	--without-rlm_acct_unique \
+	--without-rlm_acctlog
+	
+
+PKG_DICTIONARIES:= \
+	freeradius freeradius.internal \
+	rfc2865 rfc2866 rfc2867 rfc2868 rfc2869 rfc3162 rfc3576 rfc3580 \
+	rfc4372 rfc4675 rfc4679 \
+	microsoft \
+	wispr \
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-ldap),)
+  CONFIGURE_ARGS+= \
+		--with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib"
+  CONFIGURE_LIBS+= -lcrypto -lssl
+else
+  CONFIGURE_ARGS+= --without-rlm_ldap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-mysql),)
+  CONFIGURE_ARGS+= \
+		--with-mysql-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-mysql-lib-dir="$(STAGING_DIR)/usr/lib/mysql"
+  CONFIGURE_LIBS+= -lz
+  CONFIGURE_VARS+= ac_cv_lib_mysqlclient_r_mysql_init=yes
+else
+  CONFIGURE_ARGS+= --without-rlm_sql_mysql
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-pgsql),)
+  CONFIGURE_ARGS+= \
+		--with-rlm_sql_postgresql-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_sql_postgresql-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+  CONFIGURE_ARGS+= --without-rlm_sql_postgresql
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sqllog),)
+  CONFIGURE_ARGS+= \
+        --with-rlm_sql_log \
+        --with-experimental-modules \
+else
+  CONFIGURE_ARGS+= --without-rlm_sql_log
+endif
+
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-sql-sqlite),)
+  CONFIGURE_ARGS+= \
+	--with-rlm_sql_sqlite \
+	--with-experimental-modules \
+	--with-sqlite-include-dir="$(STAGING_DIR)/usr/include" \
+	--with-sqlite-lib-dir="$(STAGING_DIR)/usr/lib"
+else
+  CONFIGURE_ARGS+= --without-rlm_sql_sqlite
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-peap),)
+  CONFIGURE_ARGS+= \
+  		--with-rlm_eap_peap \
+		--with-rlm_eap_peap-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_eap_peap-lib-dir="$(STAGING_DIR)/usr/lib"
+  CONFIGURE_LIBS+= -lcrypto -lssl
+else
+  CONFIGURE_ARGS+= --without-rlm_eap_peap
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-tls),)
+  CONFIGURE_ARGS+= \
+  		--with-rlm_eap_tls \
+		--with-rlm_eap_tls-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_eap_tls-lib-dir="$(STAGING_DIR)/usr/lib"
+  CONFIGURE_LIBS+= -lcrypto -lssl
+else
+  CONFIGURE_ARGS+= --without-rlm_eap_tls
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-eap-ttls),)
+  CONFIGURE_ARGS+= \
+  		--with-rlm_eap_ttls \
+		--with-rlm_eap_ttls-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_eap_ttls-lib-dir="$(STAGING_DIR)/usr/lib"
+  CONFIGURE_LIBS+= -lcrypto -lssl
+else
+  CONFIGURE_ARGS+= --without-rlm_eap_ttls
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-attr-rewrite),)
+  CONFIGURE_ARGS+= --with-rlm_attr-rewrite
+else
+  CONFIGURE_ARGS+= --without-rlm_attr-rewrite
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-radutmp),)
+  CONFIGURE_ARGS+= --with-rlm_radutmp
+else
+  CONFIGURE_ARGS+= --without-rlm_radutmp
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-logintime),)
+  CONFIGURE_ARGS+= --with-rlm_logintime
+else
+  CONFIGURE_ARGS+= --without-rlm_logintime
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-expiration),)
+  CONFIGURE_ARGS+= --with-rlm_expiration
+else
+  CONFIGURE_ARGS+= --without-rlm_expiration
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius2-mod-always),)
+  CONFIGURE_ARGS+= --with-rlm_always
+else
+  CONFIGURE_ARGS+= --without-rlm_always
+endif
+
+CONFIGURE_VARS+= \
+	LDFLAGS="$$$$LDFLAGS" \
+	LIBS="$(CONFIGURE_LIBS)" \
+	MYSQL_CONFIG="no" \
+	ac_cv_lib_readline=no \
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		R="$(PKG_INSTALL_DIR)" \
+		INSTALLSTRIP="" \
+		all certs install
+endef
+
+define Package/freeradius2-common/install
+	$(INSTALL_DIR) $(1)/etc/freeradius2
+	chmod 771 $(1)/etc/freeradius2
+	$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/dictionary $(1)/etc/freeradius2/ ; \
+	$(INSTALL_DIR) $(1)/usr/lib/freeradius2
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/libfreeradius-radius{,-*}.so $(1)/usr/lib/freeradius2
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/libfreeradius-eap{,-*}.so $(1)/usr/lib/freeradius2
+	$(INSTALL_DIR) $(1)/usr/share/freeradius2
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/freeradius/dictionary $(1)/usr/share/freeradius2/
+	$(SED) "s,^\(\$$$$INCLUDE\),#\1,g" $(1)/usr/share/freeradius2/dictionary
+	for f in $(PKG_DICTIONARIES); do \
+		$(CP) $(PKG_INSTALL_DIR)/usr/share/freeradius/dictionary.$$$${f} $(1)/usr/share/freeradius2/ ; \
+		$(SED) "s,^#\(\$$$$INCLUDE dictionary\.$$$${f}\),\1,g" $(1)/usr/share/freeradius2/dictionary ; \
+	done
+endef
+
+define Package/freeradius2/install
+	$(INSTALL_DIR) $(1)/etc/freeradius2/modules
+	$(INSTALL_DIR) $(1)/etc/freeradius2/sites
+	for f in clients.conf radiusd.conf policy.conf; do \
+		$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/$$$${f} $(1)/etc/freeradius2/ ; \
+	done
+	$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/sites-available/default $(1)/etc/freeradius2/sites/default
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/radiusd $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/radiusd.init $(1)/etc/init.d/radiusd
+endef
+
+define Package/freeradius2-democerts/install
+	$(INSTALL_DIR) $(1)/etc/freeradius2/certs
+	$(CP) \
+		$(PKG_BUILD_DIR)/raddb/certs/ca.pem \
+		$(PKG_BUILD_DIR)/raddb/certs/dh \
+		$(PKG_BUILD_DIR)/raddb/certs/random \
+		$(PKG_BUILD_DIR)/raddb/certs/server.pem \
+		$(1)/etc/freeradius2/certs/
+endef
+
+define Package/freeradius2-utils/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	for f in radclient radeapclient radwho; do \
+		$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/$$$${f} $(1)/usr/bin/ ; \
+	done
+endef
+
+define BuildPlugin
+  define Package/$(1)/install
+	[ -z "$(2)" ] || $(INSTALL_DIR) $$(1)/usr/lib/freeradius2
+	for m in $(2); do \
+		$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeradius2/$$$$$$$${m}{,-*}.so $$(1)/usr/lib/freeradius2 ; \
+	done
+	[ -z "$(3)" ] || $(INSTALL_DIR) $$(1)/etc/freeradius2
+	[ -z "$(4)" ] || $(INSTALL_DIR) $$(1)/etc/freeradius2/$(4)
+	for f in $(3); do \
+		$(CP) $(PKG_INSTALL_DIR)/etc/freeradius2/$$$$$$$${f} $$(1)/etc/freeradius2/$$$$$$$${f} ; \
+	done
+  endef
+
+  $$(eval $$(call BuildPackage,$(1)))
+endef
+
+$(eval $(call BuildPackage,freeradius2))
+$(eval $(call BuildPackage,freeradius2-common))
+$(eval $(call BuildPackage,freeradius2-democerts))
+$(eval $(call BuildPlugin,freeradius2-mod-chap,rlm_chap,modules/chap,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-detail,rlm_detail,modules/detail,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap,rlm_eap,eap.conf))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-gtc,rlm_eap_gtc,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-md5,rlm_eap_md5,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-mschapv2,rlm_eap_mschapv2,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-peap,rlm_eap_peap,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-tls,rlm_eap_tls,))
+$(eval $(call BuildPlugin,freeradius2-mod-eap-ttls,rlm_eap_ttls,))
+$(eval $(call BuildPlugin,freeradius2-mod-exec,rlm_exec,modules/exec modules/echo ,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-attr-rewrite,rlm_attr_rewrite,modules/attr_rewrite,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-files,rlm_files,acct_users preproxy_users users modules/files,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-passwd,rlm_passwd,modules/passwd,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-ldap,rlm_ldap,ldap.attrmap modules/ldap,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-mschap,rlm_mschap,modules/mschap,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-pap,rlm_pap,modules/pap,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-preprocess,rlm_preprocess,hints huntgroups modules/preprocess,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-realm,rlm_realm,proxy.conf modules/realm modules/inner-eap,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-sql,rlm_sql,sql.conf,))
+$(eval $(call BuildPlugin,freeradius2-mod-sql-mysql,rlm_sql_mysql,))
+$(eval $(call BuildPlugin,freeradius2-mod-sql-pgsql,rlm_sql_postgresql,))
+$(eval $(call BuildPlugin,freeradius2-mod-sql-sqlite,rlm_sql_sqlite,))
+$(eval $(call BuildPlugin,freeradius2-mod-sqlcounter,rlm_sqlcounter,))
+$(eval $(call BuildPlugin,freeradius2-mod-sqllog,rlm_sql_log,))
+$(eval $(call BuildPlugin,freeradius2-mod-radutmp,rlm_radutmp,modules/radutmp modules/sradutmp,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-logintime,rlm_logintime,modules/logintime,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-expr,rlm_expr,modules/expr,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-attr-filter,rlm_attr_filter,modules/attr_filter attrs attrs.access_reject attrs.accounting_response attrs.pre-proxy,modules,,))
+$(eval $(call BuildPlugin,freeradius2-mod-expiration,rlm_expiration,modules/expiration,modules,))
+$(eval $(call BuildPlugin,freeradius2-mod-always,rlm_always,modules/always,modules,))
+$(eval $(call BuildPackage,freeradius2-utils))

net/freeradius2/files/radiusd.init

@@ -0,0 +1,22 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+START=50
+
+DEFAULT=/etc/default/radiusd
+LOG_D=/var/log
+RUN_D=/var/run
+PID_F=$RUN_D/radiusd.pid
+RADACCT_D=/var/db/radacct
+IPADDR=$(ifconfig br-lan | sed -n 's/.*dr:\(.*\)Bc.*/\1/p')
+
+start() {
+	[ -f $DEFAULT ] && . $DEFAULT
+	mkdir -p $LOG_D
+	mkdir -p $RUN_D
+	mkdir -p $RADACCT_D
+	radiusd -i $IPADDR -p 1812,1813 $OPTIONS
+}
+
+stop() {
+	[ -f $PID_F ] && kill $(cat $PID_F)
+}

net/freeradius2/patches/001-fix-makefile.patch

@@ -0,0 +1,10 @@
+--- a/Make.inc.in
++++ b/Make.inc.in
+@@ -5,6 +5,7 @@
+ #
+ 
+ # Location of files.
++SHELL		= @SHELL@
+ prefix		= @prefix@
+ exec_prefix	= @exec_prefix@
+ sysconfdir	= @sysconfdir@

net/freeradius2/patches/002-config.patch

@@ -0,0 +1,588 @@
+--- a/raddb/dictionary.in
++++ b/raddb/dictionary.in
+@@ -11,7 +11,7 @@
+ #
+ #	The filename given here should be an absolute path. 
+ #
+-$INCLUDE	@prefix@/share/freeradius/dictionary
++$INCLUDE	@prefix@/share/freeradius2/dictionary
+ 
+ #
+ #	Place additional attributes or $INCLUDEs here.  They will
+--- a/raddb/eap.conf
++++ b/raddb/eap.conf
+@@ -27,7 +27,7 @@
+ 		#  then that EAP type takes precedence over the
+ 		#  default type configured here.
+ 		#
+-		default_eap_type = md5
++		default_eap_type = peap
+ 
+ 		#  A list is maintained to correlate EAP-Response
+ 		#  packets with EAP-Request packets.  After a
+@@ -72,8 +72,8 @@
+ 		#  for wireless connections.  It is insecure, and does
+ 		#  not provide for dynamic WEP keys.
+ 		#
+-		md5 {
+-		}
++#		md5 {
++#		}
+ 
+ 		# Cisco LEAP
+ 		#
+@@ -87,8 +87,8 @@
+ 		#  User-Password, or the NT-Password attributes.
+ 		#  'System' authentication is impossible with LEAP.
+ 		#
+-		leap {
+-		}
++#		leap {
++#		}
+ 
+ 		#  Generic Token Card.
+ 		#
+@@ -101,7 +101,7 @@
+ 		#  the users password will go over the wire in plain-text,
+ 		#  for anyone to see.
+ 		#
+-		gtc {
++#		gtc {
+ 			#  The default challenge, which many clients
+ 			#  ignore..
+ 			#challenge = "Password: "
+@@ -118,8 +118,8 @@
+ 			#  configured for the request, and do the
+ 			#  authentication itself.
+ 			#
+-			auth_type = PAP
+-		}
++#			auth_type = PAP
++#		}
+ 
+ 		## EAP-TLS
+ 		#
+@@ -215,7 +215,7 @@
+ 			#  In these cases, fragment size should be
+ 			#  1024 or less.
+ 			#
+-		#	fragment_size = 1024
++			fragment_size = 1024
+ 
+ 			#  include_length is a flag which is
+ 			#  by default set to yes If set to
+@@ -225,7 +225,7 @@
+ 			#  message is included ONLY in the
+ 			#  First packet of a fragment series.
+ 			#
+-		#	include_length = yes
++			include_length = yes
+ 
+ 			#  Check the Certificate Revocation List
+ 			#
+@@ -297,7 +297,7 @@
+ 			# for the server to print out an error message,
+ 			# and refuse to start.
+ 			#
+-			make_cert_command = "${certdir}/bootstrap"
++		#	make_cert_command = "${certdir}/bootstrap"
+ 
+ 			#
+ 			#  Elliptical cryptography configuration
+@@ -332,7 +332,7 @@
+ 			#  You probably also want "use_tunneled_reply = yes"
+ 			#  when using fast session resumption.
+ 			#
+-			cache {
++		#	cache {
+ 			      #
+ 			      #  Enable it.  The default is "no".
+ 			      #  Deleting the entire "cache" subsection
+@@ -348,14 +348,14 @@
+ 			      #  enable resumption for just one user
+ 			      #  by setting the above attribute to "yes".
+ 			      #
+-			      enable = no
++		#	      enable = no
+ 
+ 			      #
+ 			      #  Lifetime of the cached entries, in hours.
+ 			      #  The sessions will be deleted after this
+ 			      #  time.
+ 			      #
+-			      lifetime = 24 # hours
++		#	      lifetime = 24 # hours
+ 
+ 			      #
+ 			      #  The maximum number of entries in the
+@@ -364,8 +364,8 @@
+ 			      #  This could be set to the number of users
+ 			      #  who are logged in... which can be a LOT.
+ 			      #
+-			      max_entries = 255
+-			}
++		#	      max_entries = 255
++		#	}
+ 
+ 			#
+ 			#  As of version 2.1.10, client certificates can be
+@@ -503,7 +503,7 @@
+ 		#
+ 		#  in the control items for a request.
+ 		#
+-		ttls {
++#		ttls {
+ 			#  The tunneled EAP session needs a default
+ 			#  EAP type which is separate from the one for
+ 			#  the non-tunneled EAP module.  Inside of the
+@@ -511,7 +511,7 @@
+ 			#  If the request does not contain an EAP
+ 			#  conversation, then this configuration entry
+ 			#  is ignored.
+-			default_eap_type = md5
++#			default_eap_type = mschapv2
+ 
+ 			#  The tunneled authentication request does
+ 			#  not usually contain useful attributes
+@@ -527,7 +527,7 @@
+ 			#  is copied to the tunneled request.
+ 			#
+ 			# allowed values: {no, yes}
+-			copy_request_to_tunnel = no
++#			copy_request_to_tunnel = yes
+ 
+ 			#  The reply attributes sent to the NAS are
+ 			#  usually based on the name of the user
+@@ -540,7 +540,7 @@
+ 			#  the tunneled request.
+ 			#
+ 			# allowed values: {no, yes}
+-			use_tunneled_reply = no
++#			use_tunneled_reply = no
+ 
+ 			#
+ 			#  The inner tunneled request can be sent
+@@ -552,13 +552,13 @@
+ 			#  the virtual server that processed the
+ 			#  outer requests.
+ 			#
+-			virtual_server = "inner-tunnel"
++#			virtual_server = "inner-tunnel"
+ 
+ 			#  This has the same meaning as the
+ 			#  same field in the "tls" module, above.
+ 			#  The default value here is "yes".
+ 		#	include_length = yes
+-		}
++#		}
+ 
+ 		##################################################
+ 		#
+@@ -627,14 +627,14 @@
+ 
+ 			#  the PEAP module also has these configuration
+ 			#  items, which are the same as for TTLS.
+-			copy_request_to_tunnel = no
+-			use_tunneled_reply = no
++			copy_request_to_tunnel = yes
++			use_tunneled_reply = yes
+ 
+ 			#  When the tunneled session is proxied, the
+ 			#  home server may not understand EAP-MSCHAP-V2.
+ 			#  Set this entry to "no" to proxy the tunneled
+ 			#  EAP-MSCHAP-V2 as normal MSCHAPv2.
+-		#	proxy_tunneled_request_as_eap = yes
++			proxy_tunneled_request_as_eap = no
+ 
+ 			#
+ 			#  The inner tunneled request can be sent
+@@ -646,7 +646,8 @@
+ 			#  the virtual server that processed the
+ 			#  outer requests.
+ 			#
+-			virtual_server = "inner-tunnel"
++		#	virtual_server = "inner-tunnel"
++			EAP-TLS-Require-Client-Cert = no
+ 
+ 			# This option enables support for MS-SoH
+ 			# see doc/SoH.txt for more info.
+--- a/raddb/modules/counter
++++ b/raddb/modules/counter
+@@ -69,7 +69,7 @@
+ #  'check-name' attribute.
+ #
+ counter daily {
+-	filename = ${db_dir}/db.daily
++	filename = ${radacctdir}/db.daily
+ 	key = User-Name
+ 	count-attribute = Acct-Session-Time
+ 	reset = daily
+--- a/raddb/modules/pap
++++ b/raddb/modules/pap
+@@ -18,5 +18,5 @@
+ #
+ #  http://www.openldap.org/faq/data/cache/347.html
+ pap {
+-	auto_header = no
++	auto_header = yes
+ }
+--- a/raddb/modules/radutmp
++++ b/raddb/modules/radutmp
+@@ -12,7 +12,7 @@ radutmp {
+ 	#  Where the file is stored.  It's not a log file,
+ 	#  so it doesn't need rotating.
+ 	#
+-	filename = ${logdir}/radutmp
++	filename = ${radacctdir}/radutmp
+ 
+ 	#  The field in the packet to key on for the
+ 	#  'user' name,  If you have other fields which you want
+--- a/raddb/modules/sradutmp
++++ b/raddb/modules/sradutmp
+@@ -10,7 +10,7 @@
+ # then name "sradutmp" to identify it later in the "accounting"
+ # section.
+ radutmp sradutmp {
+-	filename = ${logdir}/sradutmp
++	filename = ${radacctdir}/sradutmp
+ 	perm = 0644
+ 	callerid = "no"
+ }
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -66,7 +66,7 @@ name = radiusd
+ 
+ #  Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/${name}
++run_dir = ${localstatedir}/run
+ 
+ # Should likely be ${localstatedir}/lib/radiusd
+ db_dir = ${raddbdir}
+@@ -323,7 +323,7 @@ listen {
+ 	#  If your system does not support this feature, you will
+ 	#  get an error if you try to use it.
+ 	#
+-#	interface = eth0
++	interface = br-lan
+ 
+ 	#  Per-socket lists of clients.  This is a very useful feature.
+ 	#
+@@ -350,7 +350,7 @@ listen {
+ #	ipv6addr = ::
+ 	port = 0
+ 	type = acct
+-#	interface = eth0
++	interface = br-lan
+ #	clients = per_socket_clients
+ }
+ 
+@@ -584,8 +584,8 @@ security {
+ #
+ #  allowed values: {no, yes}
+ #
+-proxy_requests  = yes
+-$INCLUDE proxy.conf
++proxy_requests  = no
++#$INCLUDE proxy.conf
+ 
+ 
+ # CLIENTS CONFIGURATION
+@@ -782,7 +782,7 @@ instantiate {
+ 	#  The entire command line (and output) must fit into 253 bytes.
+ 	#
+ 	#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+-	exec
++#	exec
+ 
+ 	#
+ 	#  The expression module doesn't do authorization,
+@@ -799,15 +799,15 @@ instantiate {
+ 	#  other xlat functions such as md5, sha1 and lc.
+ 	#
+ 	#  We do not recommend removing it's listing here.
+-	expr
++#	expr
+ 
+ 	#
+ 	# We add the counter module here so that it registers
+ 	# the check-name attribute before any module which sets
+ 	# it
+ #	daily
+-	expiration
+-	logintime
++#	expiration
++#	logintime
+ 
+ 	# subsections here can be thought of as "virtual" modules.
+ 	#
+@@ -831,7 +831,7 @@ instantiate {
+ #	to multiple times.
+ #
+ ######################################################################
+-$INCLUDE policy.conf
++#$INCLUDE policy.conf
+ 
+ ######################################################################
+ #
+@@ -841,9 +841,9 @@ $INCLUDE policy.conf
+ #	match the regular expression: /[a-zA-Z0-9_.]+/
+ #
+ #	It allows you to define new virtual servers simply by placing
+-#	a file into the raddb/sites-enabled/ directory.
++#	a file into the /etc/freeradius2/sites/ directory.
+ #
+-$INCLUDE sites-enabled/
++$INCLUDE sites/
+ 
+ ######################################################################
+ #
+@@ -851,7 +851,7 @@ $INCLUDE sites-enabled/
+ #	"authenticate {}", "accounting {}", have been moved to the
+ #	the file:
+ #
+-#		raddb/sites-available/default
++#		/etc/freeradius2/sites/default
+ #
+ #	This is the "default" virtual server that has the same
+ #	configuration as in version 1.0.x and 1.1.x.  The default
+--- a/raddb/sites-available/default
++++ b/raddb/sites-available/default
+@@ -85,7 +85,7 @@ authorize {
+ 	#
+ 	#  It takes care of processing the 'raddb/hints' and the
+ 	#  'raddb/huntgroups' files.
+-	preprocess
++#	preprocess
+ 
+ 	#
+ 	#  If you want to have a log of authentication requests,
+@@ -96,7 +96,7 @@ authorize {
+ 	#
+ 	#  The chap module will set 'Auth-Type := CHAP' if we are
+ 	#  handling a CHAP request and Auth-Type has not already been set
+-	chap
++#	chap
+ 
+ 	#
+ 	#  If the users are logging in with an MS-CHAP-Challenge
+@@ -104,13 +104,13 @@ authorize {
+ 	#  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ 	#  to the request, which will cause the server to then use
+ 	#  the mschap module for authentication.
+-	mschap
++#	mschap
+ 
+ 	#
+ 	#  If you have a Cisco SIP server authenticating against
+ 	#  FreeRADIUS, uncomment the following line, and the 'digest'
+ 	#  line in the 'authenticate' section.
+-	digest
++#	digest
+ 
+ 	#
+ 	#  The WiMAX specification says that the Calling-Station-Id
+@@ -133,7 +133,7 @@ authorize {
+ 	#  Otherwise, when the first style of realm doesn't match,
+ 	#  the other styles won't be checked.
+ 	#
+-	suffix
++#	suffix
+ #	ntdomain
+ 
+ 	#
+@@ -195,8 +195,8 @@ authorize {
+ 	# Use the checkval module
+ #	checkval
+ 
+-	expiration
+-	logintime
++#	expiration
++#	logintime
+ 
+ 	#
+ 	#  If no other module has claimed responsibility for
+@@ -277,7 +277,7 @@ authenticate {
+ 	#  If you have a Cisco SIP server authenticating against
+ 	#  FreeRADIUS, uncomment the following line, and the 'digest'
+ 	#  line in the 'authorize' section.
+-	digest
++#	digest
+ 
+ 	#
+ 	#  Pluggable Authentication Modules.
+@@ -294,7 +294,7 @@ authenticate {
+ 	#  be used for authentication ONLY for compatibility with legacy
+ 	#  FreeRADIUS configurations.
+ 	#
+-	unix
++#	unix
+ 
+ 	# Uncomment it if you want to use ldap for authentication
+ 	#
+@@ -330,8 +330,8 @@ authenticate {
+ #
+ #  Pre-accounting.  Decide which accounting type to use.
+ #
+-preacct {
+-	preprocess
++#preacct {
++#	preprocess
+ 
+ 	#
+ 	#  Session start times are *implied* in RADIUS.
+@@ -354,7 +354,7 @@ preacct {
+ 	#
+ 	#  Ensure that we have a semi-unique identifier for every
+ 	#  request, and many NAS boxes are broken.
+-	acct_unique
++#	acct_unique
+ 
+ 	#
+ 	#  Look for IPASS-style 'realm/', and if not found, look for
+@@ -364,13 +364,13 @@ preacct {
+ 	#  Accounting requests are generally proxied to the same
+ 	#  home server as authentication requests.
+ #	IPASS
+-	suffix
++#	suffix
+ #	ntdomain
+ 
+ 	#
+ 	#  Read the 'acct_users' file
+-	files
+-}
++#	files
++#}
+ 
+ #
+ #  Accounting.  Log the accounting data.
+@@ -380,7 +380,7 @@ accounting {
+ 	#  Create a 'detail'ed log of the packets.
+ 	#  Note that accounting requests which are proxied
+ 	#  are also logged in the detail file.
+-	detail
++#	detail
+ #	daily
+ 
+ 	#  Update the wtmp file
+@@ -432,7 +432,7 @@ accounting {
+ 	exec
+ 
+ 	#  Filter attributes from the accounting response.
+-	attr_filter.accounting_response
++	#attr_filter.accounting_response
+ 
+ 	#
+ 	#  See "Autz-Type Status-Server" for how this works.
+@@ -458,7 +458,7 @@ session {
+ #  Post-Authentication
+ #  Once we KNOW that the user has been authenticated, there are
+ #  additional steps we can take.
+-post-auth {
++#post-auth {
+ 	#  Get an address from the IP Pool.
+ #	main_pool
+ 
+@@ -488,7 +488,7 @@ post-auth {
+ #	ldap
+ 
+ 	# For Exec-Program and Exec-Program-Wait
+-	exec
++#	exec
+ 
+ 	#
+ 	#  Calculate the various WiMAX keys.  In order for this to work,
+@@ -572,12 +572,12 @@ post-auth {
+ 	#  Add the ldap module name (or instance) if you have set 
+ 	#  'edir_account_policy_check = yes' in the ldap module configuration
+ 	#
+-	Post-Auth-Type REJECT {
+-		# log failed authentications in SQL, too.
++#	Post-Auth-Type REJECT {
++#		# log failed authentications in SQL, too.
+ #		sql
+-		attr_filter.access_reject
+-	}
+-}
++#		attr_filter.access_reject
++#	}
++#}
+ 
+ #
+ #  When the server decides to proxy a request to a home server,
+@@ -587,7 +587,7 @@ post-auth {
+ #
+ #  Only a few modules currently have this method.
+ #
+-pre-proxy {
++#pre-proxy {
+ #	attr_rewrite
+ 
+ 	#  Uncomment the following line if you want to change attributes
+@@ -603,14 +603,14 @@ pre-proxy {
+ 	#  server, un-comment the following line, and the
+ 	#  'detail pre_proxy_log' section, above.
+ #	pre_proxy_log
+-}
++#}
+ 
+ #
+ #  When the server receives a reply to a request it proxied
+ #  to a home server, the request may be massaged here, in the
+ #  post-proxy stage.
+ #
+-post-proxy {
++#post-proxy {
+ 
+ 	#  If you want to have a log of replies from a home server,
+ 	#  un-comment the following line, and the 'detail post_proxy_log'
+@@ -634,7 +634,7 @@ post-proxy {
+ 	#  hidden inside of the EAP packet, and the end server will
+ 	#  reject the EAP request.
+ 	#
+-	eap
++#	eap
+ 
+ 	#
+ 	#  If the server tries to proxy a request and fails, then the
+@@ -656,5 +656,5 @@ post-proxy {
+ #	Post-Proxy-Type Fail {
+ #			detail
+ #	}
+-}
++#}
+ 
+--- a/raddb/users
++++ b/raddb/users
+@@ -169,22 +169,22 @@
+ #	by the terminal server in which case there may not be a "P" suffix.
+ #	The terminal server sends "Framed-Protocol = PPP" for auto PPP.
+ #
+-DEFAULT	Framed-Protocol == PPP
+-	Framed-Protocol = PPP,
+-	Framed-Compression = Van-Jacobson-TCP-IP
++#DEFAULT	Framed-Protocol == PPP
++#	Framed-Protocol = PPP,
++#	Framed-Compression = Van-Jacobson-TCP-IP
+ 
+ #
+ # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
+ #
+-DEFAULT	Hint == "CSLIP"
+-	Framed-Protocol = SLIP,
+-	Framed-Compression = Van-Jacobson-TCP-IP
++#DEFAULT	Hint == "CSLIP"
++#	Framed-Protocol = SLIP,
++#	Framed-Compression = Van-Jacobson-TCP-IP
+ 
+ #
+ # Default for SLIP: dynamic IP address, SLIP mode.
+ #
+-DEFAULT	Hint == "SLIP"
+-	Framed-Protocol = SLIP
++#DEFAULT	Hint == "SLIP"
++#	Framed-Protocol = SLIP
+ 
+ #
+ # Last default: rlogin to our main server.

net/freeradius2/patches/008-honor_ccpflags.patch

@@ -0,0 +1,15 @@
+--- a/src/modules/rules.mak
++++ b/src/modules/rules.mak
+@@ -63,10 +63,10 @@ $(LT_OBJS): $(SERVER_HEADERS)
+ #
+ #######################################################################
+ %.lo: %.c
+-	$(LIBTOOL) --mode=compile --tag=CC $(CC) $(CFLAGS) $(RLM_CFLAGS) -c $<
++	$(LIBTOOL) --mode=compile --tag=CC $(CC) $(CFLAGS) $(CPPFLAGS) $(RLM_CFLAGS) -c $<
+ 
+ %.lo: %.cpp
+-	$(LIBTOOL) --mode=compile --tag=CXX $(CXX) $(CFLAGS) $(RLM_CFLAGS) -c $<
++	$(LIBTOOL) --mode=compile --tag=CXX $(CXX) $(CFLAGS) $(CPPFLAGS) $(RLM_CFLAGS) -c $<
+ 
+ ifneq ($(TARGET),)
+ #######################################################################

net/freeradius2/patches/010-disbale-openssl-check.patch

@@ -0,0 +1,38 @@
+--- a/configure.in
++++ b/configure.in
+@@ -832,35 +832,6 @@ if test "x$WITH_OPENSSL" = xyes; then
+     OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5"
+   fi
+ 
+-  dnl #
+-  dnl #  Now check that the header versions match the library
+-  dnl #
+-  AC_MSG_CHECKING([OpenSSL library and header version consistency])
+-  AC_RUN_IFELSE(
+-    [AC_LANG_PROGRAM(
+-      [[
+-        #include <stdio.h>
+-        #include <openssl/opensslv.h>
+-        #include <openssl/crypto.h>
+-      ]],
+-      [[
+-        if (SSLeay() == OPENSSL_VERSION_NUMBER) {
+-          return 0;
+-        } else {
+-          printf("library: %lx header: %lx... ", (unsigned long) SSLeay(), (unsigned long) OPENSSL_VERSION_NUMBER);
+-          return 1;
+-        }
+-      ]]
+-    )],
+-    [
+-      AC_MSG_RESULT(yes)
+-    ],
+-    [
+-      AC_MSG_RESULT(no)
+-      AC_MSG_FAILURE([OpenSSL library version does not match header version])
+-    ]
+-  )
+-
+   if test "x$OPENSSL_LIBS" = x; then
+     LIBS=$old_LIBS
+     LDFLAGS="$old_LDFLAGS"