summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-connectivity')
-rw-r--r--meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch8491
-rw-r--r--meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb4
2 files changed, 8495 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch b/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch
new file mode 100644
index 0000000000..50fa25e406
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0019-freeradius-Remove-files-which-have-license-issues.patch
@@ -0,0 +1,8491 @@
1From c8c36d7bd8aad1dae6a1e6eb8dd8429b837ea035 Mon Sep 17 00:00:00 2001
2From: Libo Chen <libo.chen.cn@windriver.com>
3Date: Fri, 24 Oct 2025 12:12:10 +0800
4Subject: [PATCH] freeradius: Remove files which have license issues
5
6remove the following files which have the following license:
7
8Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
9
10This software may not be redistributed in any form without the prior
11written consent of Network RADIUS.
12
13src/modules/rlm_dpsk/rlm_dpsk.c
14src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
15src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
16src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
17src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
18src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
19
20Upstream-Status: Pending
21
22Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
23---
24 src/modules/rlm_dpsk/all.mk | 10 -
25 src/modules/rlm_dpsk/rlm_dpsk.c | 955 ----
26 .../rlm_eap/types/rlm_eap_teap/.gitignore | 1 -
27 .../rlm_eap/types/rlm_eap_teap/all.mk.in | 12 -
28 .../rlm_eap/types/rlm_eap_teap/configure | 4512 -----------------
29 .../rlm_eap/types/rlm_eap_teap/configure.ac | 86 -
30 .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 1817 -------
31 .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 176 -
32 .../types/rlm_eap_teap/eap_teap_crypto.c | 198 -
33 .../types/rlm_eap_teap/eap_teap_crypto.h | 39 -
34 .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 569 ---
35 11 files changed, 8375 deletions(-)
36 delete mode 100644 src/modules/rlm_dpsk/all.mk
37 delete mode 100644 src/modules/rlm_dpsk/rlm_dpsk.c
38 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
39 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
40 delete mode 100755 src/modules/rlm_eap/types/rlm_eap_teap/configure
41 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
42 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
43 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
44 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
45 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
46 delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
47
48diff --git a/src/modules/rlm_dpsk/all.mk b/src/modules/rlm_dpsk/all.mk
49deleted file mode 100644
50index 8da247565b..0000000000
51--- a/src/modules/rlm_dpsk/all.mk
52+++ /dev/null
53@@ -1,10 +0,0 @@
54-TARGETNAME := rlm_dpsk
55-
56-ifneq "$(OPENSSL_LIBS)" ""
57-TARGET := $(TARGETNAME).a
58-endif
59-
60-SOURCES := $(TARGETNAME).c
61-
62-SRC_CFLAGS :=
63-TGT_LDLIBS :=
64diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c
65deleted file mode 100644
66index 35773056b3..0000000000
67--- a/src/modules/rlm_dpsk/rlm_dpsk.c
68+++ /dev/null
69@@ -1,955 +0,0 @@
70-/*
71- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
72- *
73- * This software may not be redistributed in any form without the prior
74- * written consent of Network RADIUS.
75- *
76- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
77- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
78- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
79- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
80- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
81- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
82- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
83- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
84- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
85- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
86- * SUCH DAMAGE.
87- */
88-
89-/**
90- * $Id$
91- * @file rlm_dpsk.c
92- * @brief Dynamic PSK for WiFi
93- *
94- * @copyright 2023 Network RADIUS SAS (legal@networkradius.com)
95- */
96-RCSID("$Id$")
97-
98-#include <freeradius-devel/radiusd.h>
99-#include <freeradius-devel/modules.h>
100-#include <freeradius-devel/dlist.h>
101-#include <freeradius-devel/rad_assert.h>
102-
103-#include <openssl/ssl.h>
104-#include <openssl/evp.h>
105-#include <openssl/hmac.h>
106-
107-#include <ctype.h>
108-
109-#define PW_FREERADIUS_8021X_ANONCE (1)
110-#define PW_FREERADIUS_8021X_EAPOL_KEY_MSG (2)
111-
112-#define VENDORPEC_FREERADIUS_EVS5 ((((uint32_t) 245) << 24) | VENDORPEC_FREERADIUS)
113-
114-#define VENDORPEC_RUCKUS (25053)
115-#define PW_RUCKUS_BSSID (14)
116-#define PW_RUCKUS_DPSK_PARAMS (152)
117-
118-//#define PW_RUCKUS_DPSK_CIPHER (PW_RUCKUS_DPSK_PARAMS | (2 << 8))
119-#define PW_RUCKUS_DPSK_ANONCE (PW_RUCKUS_DPSK_PARAMS | (3 << 8))
120-#define PW_RUCKUS_DPSK_EAPOL_KEY_FRAME (PW_RUCKUS_DPSK_PARAMS | (4 << 8))
121-
122-
123-/*
124- Header: 02030075
125-
126- descriptor 02
127- information 010a
128- length 0010
129- replay counter 000000000000001
130- snonce c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b
131- IV 0000000000000000000000000000000
132- rsc 0000000000000000
133- reserved 0000000000000000
134- mic 35cddcedad0dfb6a12a2eca55c17c323
135- data length 0016
136- data 30140100000fac040100000fac040100000fac028c00
137-
138- 30
139- 14 length of data
140- 01 ...
141-*/
142-
143-typedef struct eapol_key_frame_t {
144- uint8_t descriptor; // message number 2
145- uint16_t information; //
146- uint16_t length; // always 0010, for 16 octers
147- uint8_t replay_counter[8]; // usually "1"
148- uint8_t nonce[32]; // random token
149- uint8_t iv[16]; // zeroes
150- uint8_t rsc[8]; // zeros
151- uint8_t reserved[8]; // zeroes
152- uint8_t mic[16]; // calculated data
153- uint16_t data_len; // various other things we don't need.
154-// uint8_t data[];
155-} CC_HINT(__packed__) eapol_key_frame_t;
156-
157-typedef struct eapol_attr_t {
158- uint8_t header[4]; // 02030075
159- eapol_key_frame_t frame;
160-} CC_HINT(__packed__) eapol_attr_t;
161-
162-#ifdef HAVE_PTHREAD_H
163-#define PTHREAD_MUTEX_LOCK pthread_mutex_lock
164-#define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock
165-#else
166-#define PTHREAD_MUTEX_LOCK(_x)
167-#define PTHREAD_MUTEX_UNLOCK(_x)
168-#endif
169-
170-typedef struct rlm_dpsk_s rlm_dpsk_t;
171-
172-typedef struct {
173- uint8_t mac[6];
174- uint8_t pmk[32];
175-
176- uint8_t *ssid;
177- size_t ssid_len;
178-
179- char *identity;
180- size_t identity_len;
181-
182- uint8_t *psk;
183- size_t psk_len;
184- time_t expires;
185-
186- fr_dlist_t dlist;
187- rlm_dpsk_t *inst;
188-} rlm_dpsk_cache_t;
189-
190-struct rlm_dpsk_s {
191- char const *xlat_name;
192- bool ruckus;
193- bool dynamic;
194-
195- rbtree_t *cache;
196-
197- uint32_t cache_size;
198- uint32_t cache_lifetime;
199-
200- char const *filename;
201-
202-#ifdef HAVE_PTHREAD_H
203- pthread_mutex_t mutex;
204-#endif
205- fr_dlist_t head;
206-
207- DICT_ATTR const *ssid;
208- DICT_ATTR const *anonce;
209- DICT_ATTR const *frame;
210-};
211-
212-static const CONF_PARSER module_config[] = {
213- { "ruckus", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_dpsk_t, ruckus), "no" },
214-
215- { "cache_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_size), "0" },
216- { "cache_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_lifetime), "0" },
217-
218- { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_dpsk_t, filename), NULL },
219-
220- CONF_PARSER_TERMINATOR
221-};
222-
223-
224-static inline CC_HINT(nonnull) rlm_dpsk_cache_t *fr_dlist_head(fr_dlist_t const *head)
225-{
226- if (head->prev == head) return NULL;
227-
228- return (rlm_dpsk_cache_t *) (((uintptr_t) head->next) - offsetof(rlm_dpsk_cache_t, dlist));
229-}
230-
231-static void rdebug_hex(REQUEST *request, char const *prefix, uint8_t const *data, int len)
232-{
233- int i;
234- char buffer[2048]; /* large enough for largest len */
235-
236- /*
237- * Leave a trailing space, we don't really care about that.
238- */
239- for (i = 0; i < len; i++) {
240- snprintf(buffer + i * 2, sizeof(buffer) - i * 2, "%02x", data[i]);
241- }
242-
243- RDEBUG("%s %s", prefix, buffer);
244-}
245-#define RDEBUG_HEX if (rad_debug_lvl >= 3) rdebug_hex
246-
247-#if 0
248-/*
249- * Find the Ruckus attributes, and convert to FreeRADIUS ones.
250- *
251- * Also check the WPA2 cipher. We need AES + HMAC-SHA1.
252- */
253-static bool normalize(rlm_dpsk_t *inst, REQUEST *request)
254-{
255- VALUE_PAIR *bssid, *cipher, *anonce, *key_msg, *vp;
256-
257- if (!inst->ruckus) return false;
258-
259- bssid = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_BSSID, VENDORPEC_RUCKUS, TAG_ANY);
260- if (!bssid) return false;
261-
262- cipher = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_CIPHER, VENDORPEC_RUCKUS, TAG_ANY);
263- if (!cipher) return false;
264-
265- if (cipher->vp_byte != 4) {
266- RDEBUG("Found Ruckus-DPSK-Cipher != 4, which means that we cannot do DPSK");
267- return false;
268- }
269-
270- anonce = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS, TAG_ANY);
271- if (!anonce) return false;
272-
273- key_msg = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS, TAG_ANY);
274- if (!key_msg) return false;
275-
276- MEM(vp = fr_pair_afrom_da(request->packet, anonce->da));
277- fr_pair_value_memcpy(vp, anonce->vp_octets, anonce->vp_length);
278- fr_pair_add(&request->packet->vps, vp);
279-
280- MEM(vp = fr_pair_afrom_da(request->packet, key_msg->da));
281- fr_pair_value_memcpy(vp, key_msg->vp_octets, key_msg->vp_length);
282- fr_pair_add(&request->packet->vps, vp);
283-
284- return false;
285-}
286-#endif
287-
288-/*
289- * mod_authorize() - authorize user if we can authenticate
290- * it later. Add Auth-Type attribute if present in module
291- * configuration (usually Auth-Type must be "DPSK")
292- */
293-static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void * instance, REQUEST *request)
294-{
295- rlm_dpsk_t *inst = instance;
296-
297- if (!fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY) &&
298- !fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY)) {
299- return RLM_MODULE_NOOP;
300- }
301-
302- if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
303- RWDEBUG2("Auth-Type already set. Not setting to %s", inst->xlat_name);
304- return RLM_MODULE_NOOP;
305- }
306-
307- RDEBUG2("Found %s. Setting 'Auth-Type = %s'", inst->frame->name, inst->xlat_name);
308-
309- /*
310- * Set Auth-Type to MS-CHAP. The authentication code
311- * will take care of turning cleartext passwords into
312- * NT/LM passwords.
313- */
314- if (!pair_make_config("Auth-Type", inst->xlat_name, T_OP_EQ)) {
315- return RLM_MODULE_FAIL;
316- }
317-
318- return RLM_MODULE_OK;
319-}
320-
321-static rlm_dpsk_cache_t *dpsk_cache_find(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac)
322-{
323- rlm_dpsk_cache_t *entry, my_entry;
324-
325- memcpy(my_entry.mac, mac, sizeof(my_entry.mac));
326- memcpy(&my_entry.ssid, &ssid->vp_octets, sizeof(my_entry.ssid)); /* const issues */
327- my_entry.ssid_len = ssid->vp_length;
328-
329- entry = rbtree_finddata(inst->cache, &my_entry);
330- if (entry) {
331- if (entry->expires > request->timestamp) {
332- RDEBUG3("Cache entry found");
333- memcpy(buffer, entry->pmk, buflen);
334- return entry;
335- }
336-
337- RDEBUG3("Cache entry has expired");
338- rbtree_deletebydata(inst->cache, entry);
339- }
340-
341- return NULL;
342-}
343-
344-
345-static int generate_pmk(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac, char const *psk, size_t psk_len)
346-{
347- VALUE_PAIR *vp;
348-
349- fr_assert(buflen == 32);
350-
351- if (!ssid) {
352- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
353- if (!ssid) {
354- RDEBUG("No %s in the request", inst->ssid->name);
355- return 0;
356- }
357- }
358-
359- /*
360- * No provided PSK. Try to look it up in the cache. If
361- * it isn't there, find it in the config items.
362- */
363- if (!psk) {
364- if (inst->cache && mac) {
365- rlm_dpsk_cache_t *entry;
366-
367- entry = dpsk_cache_find(request, inst, buffer, buflen, ssid, mac);
368- if (entry) {
369- memcpy(buffer, entry->pmk, buflen);
370- return 1;
371- }
372- RDEBUG3("Cache entry not found");
373- } /* else no caching */
374-
375- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
376- if (!vp) {
377- RDEBUG("No &config:Pre-Shared-Key");
378- return 0;
379- }
380-
381- psk = vp->vp_strvalue;
382- psk_len = vp->vp_length;
383- }
384-
385- if (PKCS5_PBKDF2_HMAC_SHA1((const char *) psk, psk_len, (const unsigned char *) ssid->vp_strvalue, ssid->vp_length, 4096, buflen, buffer) == 0) {
386- RDEBUG("Failed calling OpenSSL to calculate the PMK");
387- return 0;
388- }
389-
390- return 1;
391-}
392-
393-/*
394- * Verify the DPSK information.
395- */
396-static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *request)
397-{
398- rlm_dpsk_t *inst = instance;
399- VALUE_PAIR *anonce, *key_msg, *ssid, *vp;
400- rlm_dpsk_cache_t *entry;
401- int lineno = 0;
402- size_t len, psk_len;
403- unsigned int digest_len, mic_len;
404- eapol_attr_t const *eapol;
405- eapol_attr_t *zeroed;
406- FILE *fp = NULL;
407- char const *psk_identity = NULL, *psk;
408- uint8_t *p;
409- uint8_t const *snonce, *ap_mac;
410- uint8_t const *min_mac, *max_mac;
411- uint8_t const *min_nonce, *max_nonce;
412- uint8_t pmk[32];
413- uint8_t s_mac[6], message[sizeof("Pairwise key expansion") + 6 + 6 + 32 + 32 + 1], frame[128];
414- uint8_t digest[EVP_MAX_MD_SIZE], mic[EVP_MAX_MD_SIZE];
415- char token_identity[256];
416-
417- /*
418- * Search for the information in a bunch of attributes.
419- */
420- anonce = fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY);
421- if (!anonce) {
422- RDEBUG("No FreeRADIUS-802.1X-Anonce in the request");
423- return RLM_MODULE_NOOP;
424- }
425-
426- if (anonce->vp_length != 32) {
427- RDEBUG("%s has incorrect length (%zu, not 32)", inst->anonce->name, anonce->vp_length);
428- return RLM_MODULE_NOOP;
429- }
430-
431- key_msg = fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY);
432- if (!key_msg) {
433- RDEBUG("No %s in the request", inst->frame->name);
434- return RLM_MODULE_NOOP;
435- }
436-
437- if (key_msg->vp_length < sizeof(*eapol)) {
438- RDEBUG("%s has incorrect length (%zu < %zu)", inst->frame->name, key_msg->vp_length, sizeof(*eapol));
439- return RLM_MODULE_NOOP;
440- }
441-
442- if (key_msg->vp_length > sizeof(frame)) {
443- RDEBUG("%s has incorrect length (%zu > %zu)", inst->frame->name, key_msg->vp_length, sizeof(frame));
444- return RLM_MODULE_NOOP;
445- }
446-
447- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
448- if (!ssid) {
449- RDEBUG("No %s in the request", inst->ssid->name);
450- return 0;
451- }
452-
453- /*
454- * Get supplicant MAC address.
455- */
456- vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
457- if (!vp) {
458- RDEBUG("No &User-Name");
459- return RLM_MODULE_NOOP;
460- }
461-
462- len = fr_hex2bin(s_mac, sizeof(s_mac), vp->vp_strvalue, vp->vp_length);
463- if (len != 6) {
464- RDEBUG("&User-Name is not a recognizable hex MAC address");
465- return RLM_MODULE_NOOP;
466- }
467-
468- /*
469- * In case we're not reading from a file.
470- */
471- vp = fr_pair_find_by_num(request->config, PW_PSK_IDENTITY, 0, TAG_ANY);
472- if (vp) psk_identity = vp->vp_strvalue;
473-
474- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
475- if (vp) {
476- psk = vp->vp_strvalue;
477- psk_len = vp->vp_length;
478- } else {
479- psk = NULL;
480- psk_len = 0;
481- }
482-
483- /*
484- * Get the AP MAC address.
485- */
486- vp = fr_pair_find_by_num(request->packet->vps, PW_CALLED_STATION_MAC, 0, TAG_ANY);
487- if (!vp) {
488- RDEBUG("No &Called-Station-MAC");
489- return RLM_MODULE_NOOP;
490- }
491-
492- if (vp->length != 6) {
493- RDEBUG("&Called-Station-MAC is not a recognizable MAC address");
494- return RLM_MODULE_NOOP;
495- }
496-
497- ap_mac = vp->vp_octets;
498-
499- /*
500- * Sort the MACs
501- */
502- if (memcmp(s_mac, ap_mac, 6) <= 0) {
503- min_mac = s_mac;
504- max_mac = ap_mac;
505- } else {
506- min_mac = ap_mac;
507- max_mac = s_mac;
508- }
509-
510- eapol = (eapol_attr_t const *) key_msg->vp_octets;
511-
512- /*
513- * Get supplicant nonce and AP nonce.
514- *
515- * Then sort the nonces.
516- */
517- snonce = key_msg->vp_octets + 17;
518- if (memcmp(snonce, anonce->vp_octets, 32) <= 0) {
519- min_nonce = snonce;
520- max_nonce = anonce->vp_octets;
521- } else {
522- min_nonce = anonce->vp_octets;
523- max_nonce = snonce;
524- }
525-
526- /*
527- * Create the base message which we will hash.
528- */
529- memcpy(message, "Pairwise key expansion", sizeof("Pairwise key expansion")); /* including trailing NUL */
530- p = &message[sizeof("Pairwise key expansion")];
531-
532- memcpy(p, min_mac, 6);
533- memcpy(p + 6, max_mac, 6);
534- p += 12;
535-
536- memcpy(p, min_nonce, 32);
537- memcpy(p + 32, max_nonce, 32);
538- p += 64;
539- *p = '\0';
540- fr_assert(sizeof(message) == (p + 1 - message));
541-
542- if (inst->filename && !psk) {
543- FR_TOKEN token;
544- char const *q, *filename;
545- char token_psk[256];
546- char token_mac[256];
547- char buffer[1024];
548- char filename_buffer[1024];
549-
550- /*
551- * If there's a cached entry, we don't read the file.
552- */
553- entry = dpsk_cache_find(request, inst, pmk, sizeof(pmk), ssid, s_mac);
554- if (entry) {
555- psk_identity = entry->identity;
556- goto make_digest;
557- }
558-
559- if (!inst->dynamic) {
560- filename = inst->filename;
561- } else {
562- if (radius_xlat(filename_buffer, sizeof(filename_buffer),
563- request, inst->filename, NULL, NULL) < 0) {
564- return RLM_MODULE_FAIL;
565- }
566-
567- filename = filename_buffer;
568- }
569-
570- RDEBUG3("Looking for PSK in file %s", filename);
571-
572- fp = fopen(filename, "r");
573- if (!fp) {
574- REDEBUG("Failed opening %s - %s", filename, fr_syserror(errno));
575- return RLM_MODULE_FAIL;
576- }
577-
578-get_next_psk:
579- q = fgets(buffer, sizeof(buffer), fp);
580- if (!q) {
581- RDEBUG("Failed to find matching key in %s", filename);
582- fail:
583- fclose(fp);
584- return RLM_MODULE_FAIL;
585- }
586-
587- /*
588- * Split the line on commas, paying attention to double quotes.
589- */
590- token = getstring(&q, token_identity, sizeof(token_identity), true);
591- if (token == T_INVALID) {
592- RDEBUG("%s[%d] Failed parsing identity", filename, lineno);
593- goto fail;
594- }
595-
596- if (*q != ',') {
597- RDEBUG("%s[%d] Failed to find ',' after identity", filename, lineno);
598- goto fail;
599- }
600- q++;
601-
602- token = getstring(&q, token_psk, sizeof(token_psk), true);
603- if (token == T_INVALID) {
604- RDEBUG("%s[%d] Failed parsing PSK", filename, lineno);
605- goto fail;
606- }
607-
608- if (*q == ',') {
609- q++;
610-
611- token = getstring(&q, token_mac, sizeof(token_mac), true);
612- if (token == T_INVALID) {
613- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
614- goto fail;
615- }
616-
617- /*
618- * See if the MAC matches. If not, skip
619- * this entry. That's a basic negative cache.
620- */
621- if ((strlen(token_mac) != 12) ||
622- (fr_hex2bin((uint8_t *) token_mac, 6, token_mac, 12) != 12)) {
623- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
624- goto fail;
625- }
626-
627- if (memcmp(s_mac, token_mac, 6) != 0) {
628- psk_identity = NULL;
629- goto get_next_psk;
630- }
631-
632- /*
633- * Close the file so that we don't check any other entries.
634- */
635- MEM(vp = fr_pair_afrom_num(request, PW_PRE_SHARED_KEY, 0));
636- fr_pair_value_bstrncpy(vp, token_psk, strlen(token_psk));
637-
638- fr_pair_add(&request->config, vp);
639- fclose(fp);
640- fp = NULL;
641-
642- RDEBUG3("Found matching MAC");
643- }
644-
645- /*
646- * Generate the PMK using the SSID, this MAC, and the PSK we just read.
647- */
648- RDEBUG3("%s[%d] Trying PSK %s", filename, lineno, token_psk);
649- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, token_psk, strlen(token_psk)) == 0) {
650- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
651- return RLM_MODULE_NOOP;
652- }
653-
654- /*
655- * Remember which identity we had
656- */
657- psk_identity = token_identity;
658- goto make_digest;
659- }
660-
661- /*
662- * Use the PMK if it already exists. Otherwise calculate it from the PSK.
663- */
664- vp = fr_pair_find_by_num(request->config, PW_PAIRWISE_MASTER_KEY, 0, TAG_ANY);
665- if (!vp) {
666- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, psk, psk_len) == 0) {
667- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
668- fr_assert(!fp);
669- return RLM_MODULE_NOOP;
670- }
671-
672- } else if (vp->vp_length != sizeof(pmk)) {
673- RDEBUG("Pairwise-Master-Key has incorrect length (%zu != %zu)", vp->vp_length, sizeof(pmk));
674- fr_assert(!fp);
675- return RLM_MODULE_NOOP;
676-
677- } else {
678- memcpy(pmk, vp->vp_octets, sizeof(pmk));
679- }
680-
681- /*
682- * HMAC = HMAC_SHA1(pmk, message);
683- *
684- * We need the first 16 octets of this.
685- */
686-make_digest:
687- digest_len = sizeof(digest);
688- HMAC(EVP_sha1(), pmk, sizeof(pmk), message, sizeof(message), digest, &digest_len);
689-
690- RDEBUG_HEX(request, "message:", message, sizeof(message));
691- RDEBUG_HEX(request, "pmk :", pmk, sizeof(pmk));
692- RDEBUG_HEX(request, "kck :", digest, 16);
693-
694- /*
695- * Create the frame with the middle field zero, and hash it with the KCK digest we calculated from the key expansion.
696- */
697- memcpy(frame, key_msg->vp_octets, key_msg->vp_length);
698- zeroed = (eapol_attr_t *) &frame[0];
699- memset(&zeroed->frame.mic[0], 0, 16);
700-
701- RDEBUG_HEX(request, "zeroed:", frame, key_msg->vp_length);
702-
703- mic_len = sizeof(mic);
704- HMAC(EVP_sha1(), digest, 16, frame, key_msg->vp_length, mic, &mic_len);
705-
706- /*
707- * Do the MICs match?
708- */
709- if (memcmp(&eapol->frame.mic[0], mic, 16) != 0) {
710- if (fp) {
711- psk_identity = NULL;
712- goto get_next_psk;
713- }
714-
715- RDEBUG_HEX(request, "calculated mic:", mic, 16);
716- RDEBUG_HEX(request, "packet mic :", &eapol->frame.mic[0], 16);
717- return RLM_MODULE_FAIL;
718- }
719-
720- /*
721- * It matches. Close the input file if necessary.
722- */
723- if (fp) fclose(fp);
724-
725- /*
726- * Extend the lifetime of the cache entry, or add the
727- * cache entry if necessary.
728- */
729- if (inst->cache) {
730- rlm_dpsk_cache_t my_entry;
731-
732- /*
733- * Find the entry (again), and update the expiry time.
734- *
735- * Create the entry if neessary.
736- */
737- memcpy(my_entry.mac, s_mac, sizeof(my_entry.mac));
738-
739- vp = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
740- if (!vp) goto save_psk; /* should never really happen, but just to be safe */
741-
742- memcpy(&my_entry.ssid, &vp->vp_octets, sizeof(my_entry.ssid)); /* const issues */
743- my_entry.ssid_len = vp->vp_length;
744-
745- entry = rbtree_finddata(inst->cache, &my_entry);
746- if (!entry) {
747- /*
748- * Too many entries in the cache. Delete the oldest one.
749- */
750- if (rbtree_num_elements(inst->cache) > inst->cache_size) {
751- PTHREAD_MUTEX_LOCK(&inst->mutex);
752- entry = fr_dlist_head(&inst->head);
753- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
754-
755- rbtree_deletebydata(inst->cache, entry);
756- }
757-
758- MEM(entry = talloc_zero(NULL, rlm_dpsk_cache_t));
759-
760- memcpy(entry->mac, s_mac, sizeof(entry->mac));
761- memcpy(entry->pmk, pmk, sizeof(entry->pmk));
762-
763- fr_dlist_entry_init(&entry->dlist);
764- entry->inst = inst;
765-
766- /*
767- * Save the variable-length SSID.
768- */
769- MEM(entry->ssid = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
770- entry->ssid_len = vp->vp_length;
771-
772- /*
773- * Save the PSK. If we just have the
774- * PMK, then we can still cache that.
775- */
776- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
777- if (vp) {
778- MEM(entry->psk = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
779- entry->psk_len = vp->vp_length;
780- }
781-
782- /*
783- * Save the identity.
784- */
785- if (psk_identity) {
786- MEM(entry->identity = talloc_memdup(entry, psk_identity, strlen(psk_identity)));
787- entry->identity_len = strlen(psk_identity);
788- }
789-
790- /*
791- * Cache it.
792- */
793- if (!rbtree_insert(inst->cache, entry)) {
794- talloc_free(entry);
795- goto save_found_psk;
796- }
797- RDEBUG3("Cache entry saved");
798- }
799- entry->expires = request->timestamp + inst->cache_lifetime;
800-
801- PTHREAD_MUTEX_LOCK(&inst->mutex);
802- fr_dlist_entry_unlink(&entry->dlist);
803- fr_dlist_insert_tail(&inst->head, &entry->dlist);
804- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
805-
806- /*
807- * Add the PSK to the reply items, if it was cached.
808- */
809- if (entry->psk) {
810- MEM(vp = fr_pair_afrom_num(request->reply, PW_PRE_SHARED_KEY, 0));
811- fr_pair_value_bstrncpy(vp, entry->psk, entry->psk_len);
812-
813- fr_pair_add(&request->reply->vps, vp);
814- }
815-
816- goto save_psk_identity;
817- }
818-
819- /*
820- * Save a copy of the found PSK in the reply;
821- */
822-save_psk:
823- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
824-
825-save_found_psk:
826- if (!vp) return RLM_MODULE_OK;
827-
828- fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
829-
830-save_psk_identity:
831- /*
832- * Save which identity matched.
833- */
834- if (psk_identity) {
835- MEM(vp = fr_pair_afrom_num(request->reply, PW_PSK_IDENTITY, 0));
836- fr_pair_value_bstrncpy(vp, psk_identity, strlen(psk_identity));
837-
838- fr_pair_add(&request->reply->vps, vp);
839- }
840-
841- return RLM_MODULE_OK;
842-}
843-
844-/*
845- * Generate the PMK from SSID and Pre-Shared-Key
846- */
847-static ssize_t dpsk_xlat(void *instance, REQUEST *request,
848- char const *fmt, char *out, size_t outlen)
849-{
850- rlm_dpsk_t *inst = instance;
851- char const *p, *ssid, *psk;
852- size_t ssid_len, psk_len;
853- uint8_t buffer[32];
854-
855- /*
856- * Prefer xlat arguments. But if they don't exist, use the attributes.
857- */
858- p = fmt;
859- while (isspace((uint8_t) *p)) p++;
860-
861- if (!*p) {
862- if (generate_pmk(request, inst, buffer, sizeof(buffer), NULL, NULL, NULL, 0) == 0) {
863- RDEBUG("No &request:Called-Station-SSID or &config:Pre-Shared-Key found");
864- return 0;
865- }
866- } else {
867- ssid = p;
868-
869- while (*p && !isspace((uint8_t) *p)) p++;
870-
871- ssid_len = p - ssid;
872-
873- if (!*p) {
874- REDEBUG("Found SSID, but no PSK");
875- return 0;
876- }
877-
878- psk = p;
879-
880- while (*p && !isspace((uint8_t) *p)) p++;
881-
882- psk_len = p - psk;
883-
884- if (PKCS5_PBKDF2_HMAC_SHA1(psk, psk_len, (const unsigned char *) ssid, ssid_len, 4096, sizeof(buffer), buffer) == 0) {
885- RDEBUG("Failed calling OpenSSL to calculate the PMK");
886- return 0;
887- }
888- }
889-
890- if (outlen < sizeof(buffer) * 2 + 1) {
891- REDEBUG("Output buffer is too small for PMK");
892- return 0;
893- }
894-
895- return fr_bin2hex(out, buffer, 32);
896-}
897-
898-static int mod_bootstrap(CONF_SECTION *conf, void *instance)
899-{
900- char const *name;
901- rlm_dpsk_t *inst = instance;
902-
903- /*
904- * Create the dynamic translation.
905- */
906- name = cf_section_name2(conf);
907- if (!name) name = cf_section_name1(conf);
908- inst->xlat_name = name;
909- xlat_register(inst->xlat_name, dpsk_xlat, NULL, inst);
910-
911- if (inst->ruckus) {
912- inst->ssid = dict_attrbyvalue(PW_RUCKUS_BSSID, VENDORPEC_RUCKUS);
913- inst->anonce = dict_attrbyvalue(PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS);
914- inst->frame = dict_attrbyvalue(PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS);
915- } else {
916- inst->ssid = dict_attrbyvalue(PW_CALLED_STATION_SSID, 0);
917- inst->anonce = dict_attrbyvalue(PW_FREERADIUS_8021X_ANONCE, VENDORPEC_FREERADIUS_EVS5);
918- inst->frame = dict_attrbyvalue(PW_FREERADIUS_8021X_EAPOL_KEY_MSG, VENDORPEC_FREERADIUS_EVS5);
919- }
920-
921- if (!inst->ssid || !inst->anonce || !inst->frame) {
922- cf_log_err_cs(conf, "Failed to find attributes in the dictionary. Please do not edit the default dictionaries!");
923- return -1;
924- }
925-
926- inst->dynamic = inst->filename && (strchr(inst->filename, '%') != NULL);
927-
928- return 0;
929-}
930-
931-static int cmp_cache_entry(void const *one, void const *two)
932-{
933- rlm_dpsk_cache_t const *a = (rlm_dpsk_cache_t const *) one;
934- rlm_dpsk_cache_t const *b = (rlm_dpsk_cache_t const *) two;
935- int rcode;
936-
937- rcode = memcmp(a->mac, b->mac, sizeof(a->mac));
938- if (rcode != 0) return rcode;
939-
940- if (a->ssid_len < b->ssid_len) return -1;
941- if (a->ssid_len > b->ssid_len) return +1;
942-
943- return memcmp(a->ssid, b->ssid, a->ssid_len);
944-}
945-
946-static void free_cache_entry(void *data)
947-{
948- rlm_dpsk_cache_t *entry = (rlm_dpsk_cache_t *) data;
949-
950- PTHREAD_MUTEX_LOCK(&entry->inst->mutex);
951- fr_dlist_entry_unlink(&entry->dlist);
952- PTHREAD_MUTEX_UNLOCK(&entry->inst->mutex);
953-
954- talloc_free(entry);
955-}
956-
957-static int mod_instantiate(CONF_SECTION *conf, void *instance)
958-{
959- rlm_dpsk_t *inst = instance;
960-
961- if (!inst->cache_size) return 0;
962-
963- FR_INTEGER_BOUND_CHECK("cache_size", inst->cache_size, <=, ((uint32_t) 1) << 16);
964-
965- if (!inst->cache_size) return 0;
966-
967- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, <=, (7 * 86400));
968- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, >=, 3600);
969-
970- inst->cache = rbtree_create(inst, cmp_cache_entry, free_cache_entry, RBTREE_FLAG_LOCK);
971- if (!inst->cache) {
972- cf_log_err_cs(conf, "Failed creating internal cache");
973- return -1;
974- }
975-
976- fr_dlist_entry_init(&inst->head);
977-#ifdef HAVE_PTHREAD_H
978- if (pthread_mutex_init(&inst->mutex, NULL) < 0) {
979- cf_log_err_cs(conf, "Failed creating mutex");
980- return -1;
981- }
982-#endif
983-
984- return 0;
985-}
986-
987-#ifdef HAVE_PTHREAD_H
988-static int mod_detach(void *instance)
989-{
990- rlm_dpsk_t *inst = instance;
991-
992- if (!inst->cache_size) return 0;
993-
994- pthread_mutex_destroy(&inst->mutex);
995- return 0;
996-}
997-#endif
998-
999-/*
1000- * The module name should be the only globally exported symbol.
1001- * That is, everything else should be 'static'.
1002- *
1003- * If the module needs to temporarily modify it's instantiation
1004- * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
1005- * The server will then take care of ensuring that the module
1006- * is single-threaded.
1007- */
1008-extern module_t rlm_dpsk;
1009-module_t rlm_dpsk = {
1010- .magic = RLM_MODULE_INIT,
1011- .name = "dpsk",
1012- .type = RLM_TYPE_THREAD_SAFE,
1013- .inst_size = sizeof(rlm_dpsk_t),
1014- .config = module_config,
1015- .bootstrap = mod_bootstrap,
1016- .instantiate = mod_instantiate,
1017-#ifdef HAVE_PTHREAD_H
1018- .detach = mod_detach,
1019-#endif
1020- .methods = {
1021- [MOD_AUTHORIZE] = mod_authorize,
1022- [MOD_AUTHENTICATE] = mod_authenticate,
1023- },
1024-};
1025diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore b/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
1026deleted file mode 100644
1027index 01a5daa3cc..0000000000
1028--- a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
1029+++ /dev/null
1030@@ -1 +0,0 @@
1031-all.mk
1032diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in b/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
1033deleted file mode 100644
1034index dfdcd71fd3..0000000000
1035--- a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
1036+++ /dev/null
1037@@ -1,12 +0,0 @@
1038-TARGETNAME := @targetname@
1039-
1040-ifneq "$(OPENSSL_LIBS)" ""
1041-ifneq "$(TARGETNAME)" ""
1042-TARGET := $(TARGETNAME).a
1043-endif
1044-endif
1045-
1046-SOURCES := $(TARGETNAME).c eap_teap.c eap_teap_crypto.c
1047-
1048-SRC_INCDIRS := ../../ ../../libeap/
1049-TGT_PREREQS := libfreeradius-eap.a
1050diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure b/src/modules/rlm_eap/types/rlm_eap_teap/configure
1051deleted file mode 100755
1052index e37094d80c..0000000000
1053--- a/src/modules/rlm_eap/types/rlm_eap_teap/configure
1054+++ /dev/null
1055@@ -1,4512 +0,0 @@
1056-#! /bin/sh
1057-# From configure.ac Revision.
1058-# Guess values for system-dependent variables and create Makefiles.
1059-# Generated by GNU Autoconf 2.69.
1060-#
1061-#
1062-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
1063-#
1064-#
1065-# This configure script is free software; the Free Software Foundation
1066-# gives unlimited permission to copy, distribute and modify it.
1067-## -------------------- ##
1068-## M4sh Initialization. ##
1069-## -------------------- ##
1070-
1071-# Be more Bourne compatible
1072-DUALCASE=1; export DUALCASE # for MKS sh
1073-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
1074- emulate sh
1075- NULLCMD=:
1076- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
1077- # is contrary to our usage. Disable this feature.
1078- alias -g '${1+"$@"}'='"$@"'
1079- setopt NO_GLOB_SUBST
1080-else
1081- case `(set -o) 2>/dev/null` in #(
1082- *posix*) :
1083- set -o posix ;; #(
1084- *) :
1085- ;;
1086-esac
1087-fi
1088-
1089-
1090-as_nl='
1091-'
1092-export as_nl
1093-# Printing a long string crashes Solaris 7 /usr/bin/printf.
1094-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
1095-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
1096-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
1097-# Prefer a ksh shell builtin over an external printf program on Solaris,
1098-# but without wasting forks for bash or zsh.
1099-if test -z "$BASH_VERSION$ZSH_VERSION" \
1100- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
1101- as_echo='print -r --'
1102- as_echo_n='print -rn --'
1103-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
1104- as_echo='printf %s\n'
1105- as_echo_n='printf %s'
1106-else
1107- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
1108- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
1109- as_echo_n='/usr/ucb/echo -n'
1110- else
1111- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
1112- as_echo_n_body='eval
1113- arg=$1;
1114- case $arg in #(
1115- *"$as_nl"*)
1116- expr "X$arg" : "X\\(.*\\)$as_nl";
1117- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
1118- esac;
1119- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
1120- '
1121- export as_echo_n_body
1122- as_echo_n='sh -c $as_echo_n_body as_echo'
1123- fi
1124- export as_echo_body
1125- as_echo='sh -c $as_echo_body as_echo'
1126-fi
1127-
1128-# The user is always right.
1129-if test "${PATH_SEPARATOR+set}" != set; then
1130- PATH_SEPARATOR=:
1131- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
1132- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
1133- PATH_SEPARATOR=';'
1134- }
1135-fi
1136-
1137-
1138-# IFS
1139-# We need space, tab and new line, in precisely that order. Quoting is
1140-# there to prevent editors from complaining about space-tab.
1141-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
1142-# splitting by setting IFS to empty value.)
1143-IFS=" "" $as_nl"
1144-
1145-# Find who we are. Look in the path if we contain no directory separator.
1146-as_myself=
1147-case $0 in #((
1148- *[\\/]* ) as_myself=$0 ;;
1149- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1150-for as_dir in $PATH
1151-do
1152- IFS=$as_save_IFS
1153- test -z "$as_dir" && as_dir=.
1154- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
1155- done
1156-IFS=$as_save_IFS
1157-
1158- ;;
1159-esac
1160-# We did not find ourselves, most probably we were run as `sh COMMAND'
1161-# in which case we are not to be found in the path.
1162-if test "x$as_myself" = x; then
1163- as_myself=$0
1164-fi
1165-if test ! -f "$as_myself"; then
1166- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
1167- exit 1
1168-fi
1169-
1170-# Unset variables that we do not need and which cause bugs (e.g. in
1171-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
1172-# suppresses any "Segmentation fault" message there. '((' could
1173-# trigger a bug in pdksh 5.2.14.
1174-for as_var in BASH_ENV ENV MAIL MAILPATH
1175-do eval test x\${$as_var+set} = xset \
1176- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
1177-done
1178-PS1='$ '
1179-PS2='> '
1180-PS4='+ '
1181-
1182-# NLS nuisances.
1183-LC_ALL=C
1184-export LC_ALL
1185-LANGUAGE=C
1186-export LANGUAGE
1187-
1188-# CDPATH.
1189-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
1190-
1191-# Use a proper internal environment variable to ensure we don't fall
1192- # into an infinite loop, continuously re-executing ourselves.
1193- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
1194- _as_can_reexec=no; export _as_can_reexec;
1195- # We cannot yet assume a decent shell, so we have to provide a
1196-# neutralization value for shells without unset; and this also
1197-# works around shells that cannot unset nonexistent variables.
1198-# Preserve -v and -x to the replacement shell.
1199-BASH_ENV=/dev/null
1200-ENV=/dev/null
1201-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
1202-case $- in # ((((
1203- *v*x* | *x*v* ) as_opts=-vx ;;
1204- *v* ) as_opts=-v ;;
1205- *x* ) as_opts=-x ;;
1206- * ) as_opts= ;;
1207-esac
1208-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
1209-# Admittedly, this is quite paranoid, since all the known shells bail
1210-# out after a failed `exec'.
1211-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
1212-as_fn_exit 255
1213- fi
1214- # We don't want this to propagate to other subprocesses.
1215- { _as_can_reexec=; unset _as_can_reexec;}
1216-if test "x$CONFIG_SHELL" = x; then
1217- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
1218- emulate sh
1219- NULLCMD=:
1220- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
1221- # is contrary to our usage. Disable this feature.
1222- alias -g '\${1+\"\$@\"}'='\"\$@\"'
1223- setopt NO_GLOB_SUBST
1224-else
1225- case \`(set -o) 2>/dev/null\` in #(
1226- *posix*) :
1227- set -o posix ;; #(
1228- *) :
1229- ;;
1230-esac
1231-fi
1232-"
1233- as_required="as_fn_return () { (exit \$1); }
1234-as_fn_success () { as_fn_return 0; }
1235-as_fn_failure () { as_fn_return 1; }
1236-as_fn_ret_success () { return 0; }
1237-as_fn_ret_failure () { return 1; }
1238-
1239-exitcode=0
1240-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
1241-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
1242-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
1243-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
1244-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
1245-
1246-else
1247- exitcode=1; echo positional parameters were not saved.
1248-fi
1249-test x\$exitcode = x0 || exit 1
1250-test -x / || exit 1"
1251- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
1252- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
1253- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
1254- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
1255-test \$(( 1 + 1 )) = 2 || exit 1"
1256- if (eval "$as_required") 2>/dev/null; then :
1257- as_have_required=yes
1258-else
1259- as_have_required=no
1260-fi
1261- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
1262-
1263-else
1264- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1265-as_found=false
1266-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
1267-do
1268- IFS=$as_save_IFS
1269- test -z "$as_dir" && as_dir=.
1270- as_found=:
1271- case $as_dir in #(
1272- /*)
1273- for as_base in sh bash ksh sh5; do
1274- # Try only shells that exist, to save several forks.
1275- as_shell=$as_dir/$as_base
1276- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
1277- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
1278- CONFIG_SHELL=$as_shell as_have_required=yes
1279- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
1280- break 2
1281-fi
1282-fi
1283- done;;
1284- esac
1285- as_found=false
1286-done
1287-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
1288- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
1289- CONFIG_SHELL=$SHELL as_have_required=yes
1290-fi; }
1291-IFS=$as_save_IFS
1292-
1293-
1294- if test "x$CONFIG_SHELL" != x; then :
1295- export CONFIG_SHELL
1296- # We cannot yet assume a decent shell, so we have to provide a
1297-# neutralization value for shells without unset; and this also
1298-# works around shells that cannot unset nonexistent variables.
1299-# Preserve -v and -x to the replacement shell.
1300-BASH_ENV=/dev/null
1301-ENV=/dev/null
1302-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
1303-case $- in # ((((
1304- *v*x* | *x*v* ) as_opts=-vx ;;
1305- *v* ) as_opts=-v ;;
1306- *x* ) as_opts=-x ;;
1307- * ) as_opts= ;;
1308-esac
1309-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
1310-# Admittedly, this is quite paranoid, since all the known shells bail
1311-# out after a failed `exec'.
1312-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
1313-exit 255
1314-fi
1315-
1316- if test x$as_have_required = xno; then :
1317- $as_echo "$0: This script requires a shell more modern than all"
1318- $as_echo "$0: the shells that I found on your system."
1319- if test x${ZSH_VERSION+set} = xset ; then
1320- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
1321- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
1322- else
1323- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
1324-$0: including any error possibly output before this
1325-$0: message. Then install a modern shell, or manually run
1326-$0: the script under such a shell if you do have one."
1327- fi
1328- exit 1
1329-fi
1330-fi
1331-fi
1332-SHELL=${CONFIG_SHELL-/bin/sh}
1333-export SHELL
1334-# Unset more variables known to interfere with behavior of common tools.
1335-CLICOLOR_FORCE= GREP_OPTIONS=
1336-unset CLICOLOR_FORCE GREP_OPTIONS
1337-
1338-## --------------------- ##
1339-## M4sh Shell Functions. ##
1340-## --------------------- ##
1341-# as_fn_unset VAR
1342-# ---------------
1343-# Portably unset VAR.
1344-as_fn_unset ()
1345-{
1346- { eval $1=; unset $1;}
1347-}
1348-as_unset=as_fn_unset
1349-
1350-# as_fn_set_status STATUS
1351-# -----------------------
1352-# Set $? to STATUS, without forking.
1353-as_fn_set_status ()
1354-{
1355- return $1
1356-} # as_fn_set_status
1357-
1358-# as_fn_exit STATUS
1359-# -----------------
1360-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
1361-as_fn_exit ()
1362-{
1363- set +e
1364- as_fn_set_status $1
1365- exit $1
1366-} # as_fn_exit
1367-
1368-# as_fn_mkdir_p
1369-# -------------
1370-# Create "$as_dir" as a directory, including parents if necessary.
1371-as_fn_mkdir_p ()
1372-{
1373-
1374- case $as_dir in #(
1375- -*) as_dir=./$as_dir;;
1376- esac
1377- test -d "$as_dir" || eval $as_mkdir_p || {
1378- as_dirs=
1379- while :; do
1380- case $as_dir in #(
1381- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
1382- *) as_qdir=$as_dir;;
1383- esac
1384- as_dirs="'$as_qdir' $as_dirs"
1385- as_dir=`$as_dirname -- "$as_dir" ||
1386-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1387- X"$as_dir" : 'X\(//\)[^/]' \| \
1388- X"$as_dir" : 'X\(//\)$' \| \
1389- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
1390-$as_echo X"$as_dir" |
1391- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
1392- s//\1/
1393- q
1394- }
1395- /^X\(\/\/\)[^/].*/{
1396- s//\1/
1397- q
1398- }
1399- /^X\(\/\/\)$/{
1400- s//\1/
1401- q
1402- }
1403- /^X\(\/\).*/{
1404- s//\1/
1405- q
1406- }
1407- s/.*/./; q'`
1408- test -d "$as_dir" && break
1409- done
1410- test -z "$as_dirs" || eval "mkdir $as_dirs"
1411- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
1412-
1413-
1414-} # as_fn_mkdir_p
1415-
1416-# as_fn_executable_p FILE
1417-# -----------------------
1418-# Test if FILE is an executable regular file.
1419-as_fn_executable_p ()
1420-{
1421- test -f "$1" && test -x "$1"
1422-} # as_fn_executable_p
1423-# as_fn_append VAR VALUE
1424-# ----------------------
1425-# Append the text in VALUE to the end of the definition contained in VAR. Take
1426-# advantage of any shell optimizations that allow amortized linear growth over
1427-# repeated appends, instead of the typical quadratic growth present in naive
1428-# implementations.
1429-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
1430- eval 'as_fn_append ()
1431- {
1432- eval $1+=\$2
1433- }'
1434-else
1435- as_fn_append ()
1436- {
1437- eval $1=\$$1\$2
1438- }
1439-fi # as_fn_append
1440-
1441-# as_fn_arith ARG...
1442-# ------------------
1443-# Perform arithmetic evaluation on the ARGs, and store the result in the
1444-# global $as_val. Take advantage of shells that can avoid forks. The arguments
1445-# must be portable across $(()) and expr.
1446-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
1447- eval 'as_fn_arith ()
1448- {
1449- as_val=$(( $* ))
1450- }'
1451-else
1452- as_fn_arith ()
1453- {
1454- as_val=`expr "$@" || test $? -eq 1`
1455- }
1456-fi # as_fn_arith
1457-
1458-
1459-# as_fn_error STATUS ERROR [LINENO LOG_FD]
1460-# ----------------------------------------
1461-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
1462-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
1463-# script with STATUS, using 1 if that was 0.
1464-as_fn_error ()
1465-{
1466- as_status=$1; test $as_status -eq 0 && as_status=1
1467- if test "$4"; then
1468- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1469- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
1470- fi
1471- $as_echo "$as_me: error: $2" >&2
1472- as_fn_exit $as_status
1473-} # as_fn_error
1474-
1475-if expr a : '\(a\)' >/dev/null 2>&1 &&
1476- test "X`expr 00001 : '.*\(...\)'`" = X001; then
1477- as_expr=expr
1478-else
1479- as_expr=false
1480-fi
1481-
1482-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
1483- as_basename=basename
1484-else
1485- as_basename=false
1486-fi
1487-
1488-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
1489- as_dirname=dirname
1490-else
1491- as_dirname=false
1492-fi
1493-
1494-as_me=`$as_basename -- "$0" ||
1495-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
1496- X"$0" : 'X\(//\)$' \| \
1497- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
1498-$as_echo X/"$0" |
1499- sed '/^.*\/\([^/][^/]*\)\/*$/{
1500- s//\1/
1501- q
1502- }
1503- /^X\/\(\/\/\)$/{
1504- s//\1/
1505- q
1506- }
1507- /^X\/\(\/\).*/{
1508- s//\1/
1509- q
1510- }
1511- s/.*/./; q'`
1512-
1513-# Avoid depending upon Character Ranges.
1514-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
1515-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
1516-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
1517-as_cr_digits='0123456789'
1518-as_cr_alnum=$as_cr_Letters$as_cr_digits
1519-
1520-
1521- as_lineno_1=$LINENO as_lineno_1a=$LINENO
1522- as_lineno_2=$LINENO as_lineno_2a=$LINENO
1523- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
1524- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
1525- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
1526- sed -n '
1527- p
1528- /[$]LINENO/=
1529- ' <$as_myself |
1530- sed '
1531- s/[$]LINENO.*/&-/
1532- t lineno
1533- b
1534- :lineno
1535- N
1536- :loop
1537- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
1538- t loop
1539- s/-\n.*//
1540- ' >$as_me.lineno &&
1541- chmod +x "$as_me.lineno" ||
1542- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
1543-
1544- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
1545- # already done that, so ensure we don't try to do so again and fall
1546- # in an infinite loop. This has already happened in practice.
1547- _as_can_reexec=no; export _as_can_reexec
1548- # Don't try to exec as it changes $[0], causing all sort of problems
1549- # (the dirname of $[0] is not the place where we might find the
1550- # original and so on. Autoconf is especially sensitive to this).
1551- . "./$as_me.lineno"
1552- # Exit status is that of the last command.
1553- exit
1554-}
1555-
1556-ECHO_C= ECHO_N= ECHO_T=
1557-case `echo -n x` in #(((((
1558--n*)
1559- case `echo 'xy\c'` in
1560- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
1561- xy) ECHO_C='\c';;
1562- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
1563- ECHO_T=' ';;
1564- esac;;
1565-*)
1566- ECHO_N='-n';;
1567-esac
1568-
1569-rm -f conf$$ conf$$.exe conf$$.file
1570-if test -d conf$$.dir; then
1571- rm -f conf$$.dir/conf$$.file
1572-else
1573- rm -f conf$$.dir
1574- mkdir conf$$.dir 2>/dev/null
1575-fi
1576-if (echo >conf$$.file) 2>/dev/null; then
1577- if ln -s conf$$.file conf$$ 2>/dev/null; then
1578- as_ln_s='ln -s'
1579- # ... but there are two gotchas:
1580- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
1581- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
1582- # In both cases, we have to default to `cp -pR'.
1583- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
1584- as_ln_s='cp -pR'
1585- elif ln conf$$.file conf$$ 2>/dev/null; then
1586- as_ln_s=ln
1587- else
1588- as_ln_s='cp -pR'
1589- fi
1590-else
1591- as_ln_s='cp -pR'
1592-fi
1593-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
1594-rmdir conf$$.dir 2>/dev/null
1595-
1596-if mkdir -p . 2>/dev/null; then
1597- as_mkdir_p='mkdir -p "$as_dir"'
1598-else
1599- test -d ./-p && rmdir ./-p
1600- as_mkdir_p=false
1601-fi
1602-
1603-as_test_x='test -x'
1604-as_executable_p=as_fn_executable_p
1605-
1606-# Sed expression to map a string onto a valid CPP name.
1607-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
1608-
1609-# Sed expression to map a string onto a valid variable name.
1610-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
1611-
1612-
1613-test -n "$DJDIR" || exec 7<&0 </dev/null
1614-exec 6>&1
1615-
1616-# Name of the host.
1617-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
1618-# so uname gets run too.
1619-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
1620-
1621-#
1622-# Initializations.
1623-#
1624-ac_default_prefix=/usr/local
1625-ac_clean_files=
1626-ac_config_libobj_dir=.
1627-LIBOBJS=
1628-cross_compiling=no
1629-subdirs=
1630-MFLAGS=
1631-MAKEFLAGS=
1632-
1633-# Identity of this package.
1634-PACKAGE_NAME=
1635-PACKAGE_TARNAME=
1636-PACKAGE_VERSION=
1637-PACKAGE_STRING=
1638-PACKAGE_BUGREPORT=
1639-PACKAGE_URL=
1640-
1641-ac_unique_file="rlm_eap_teap.c"
1642-ac_subst_vars='LTLIBOBJS
1643-LIBOBJS
1644-mod_cflags
1645-mod_ldflags
1646-targetname
1647-EGREP
1648-GREP
1649-CPP
1650-OBJEXT
1651-EXEEXT
1652-ac_ct_CC
1653-CPPFLAGS
1654-LDFLAGS
1655-CFLAGS
1656-CC
1657-target_alias
1658-host_alias
1659-build_alias
1660-LIBS
1661-ECHO_T
1662-ECHO_N
1663-ECHO_C
1664-DEFS
1665-mandir
1666-localedir
1667-libdir
1668-psdir
1669-pdfdir
1670-dvidir
1671-htmldir
1672-infodir
1673-docdir
1674-oldincludedir
1675-includedir
1676-runstatedir
1677-localstatedir
1678-sharedstatedir
1679-sysconfdir
1680-datadir
1681-datarootdir
1682-libexecdir
1683-sbindir
1684-bindir
1685-program_transform_name
1686-prefix
1687-exec_prefix
1688-PACKAGE_URL
1689-PACKAGE_BUGREPORT
1690-PACKAGE_STRING
1691-PACKAGE_VERSION
1692-PACKAGE_TARNAME
1693-PACKAGE_NAME
1694-PATH_SEPARATOR
1695-SHELL'
1696-ac_subst_files=''
1697-ac_user_opts='
1698-enable_option_checking
1699-with_rlm_eap_teap
1700-with_openssl_lib_dir
1701-with_openssl_include_dir
1702-'
1703- ac_precious_vars='build_alias
1704-host_alias
1705-target_alias
1706-CC
1707-CFLAGS
1708-LDFLAGS
1709-LIBS
1710-CPPFLAGS
1711-CPP'
1712-
1713-
1714-# Initialize some variables set by options.
1715-ac_init_help=
1716-ac_init_version=false
1717-ac_unrecognized_opts=
1718-ac_unrecognized_sep=
1719-# The variables have the same names as the options, with
1720-# dashes changed to underlines.
1721-cache_file=/dev/null
1722-exec_prefix=NONE
1723-no_create=
1724-no_recursion=
1725-prefix=NONE
1726-program_prefix=NONE
1727-program_suffix=NONE
1728-program_transform_name=s,x,x,
1729-silent=
1730-site=
1731-srcdir=
1732-verbose=
1733-x_includes=NONE
1734-x_libraries=NONE
1735-
1736-# Installation directory options.
1737-# These are left unexpanded so users can "make install exec_prefix=/foo"
1738-# and all the variables that are supposed to be based on exec_prefix
1739-# by default will actually change.
1740-# Use braces instead of parens because sh, perl, etc. also accept them.
1741-# (The list follows the same order as the GNU Coding Standards.)
1742-bindir='${exec_prefix}/bin'
1743-sbindir='${exec_prefix}/sbin'
1744-libexecdir='${exec_prefix}/libexec'
1745-datarootdir='${prefix}/share'
1746-datadir='${datarootdir}'
1747-sysconfdir='${prefix}/etc'
1748-sharedstatedir='${prefix}/com'
1749-localstatedir='${prefix}/var'
1750-runstatedir='${localstatedir}/run'
1751-includedir='${prefix}/include'
1752-oldincludedir='/usr/include'
1753-docdir='${datarootdir}/doc/${PACKAGE}'
1754-infodir='${datarootdir}/info'
1755-htmldir='${docdir}'
1756-dvidir='${docdir}'
1757-pdfdir='${docdir}'
1758-psdir='${docdir}'
1759-libdir='${exec_prefix}/lib'
1760-localedir='${datarootdir}/locale'
1761-mandir='${datarootdir}/man'
1762-
1763-ac_prev=
1764-ac_dashdash=
1765-for ac_option
1766-do
1767- # If the previous option needs an argument, assign it.
1768- if test -n "$ac_prev"; then
1769- eval $ac_prev=\$ac_option
1770- ac_prev=
1771- continue
1772- fi
1773-
1774- case $ac_option in
1775- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
1776- *=) ac_optarg= ;;
1777- *) ac_optarg=yes ;;
1778- esac
1779-
1780- # Accept the important Cygnus configure options, so we can diagnose typos.
1781-
1782- case $ac_dashdash$ac_option in
1783- --)
1784- ac_dashdash=yes ;;
1785-
1786- -bindir | --bindir | --bindi | --bind | --bin | --bi)
1787- ac_prev=bindir ;;
1788- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
1789- bindir=$ac_optarg ;;
1790-
1791- -build | --build | --buil | --bui | --bu)
1792- ac_prev=build_alias ;;
1793- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
1794- build_alias=$ac_optarg ;;
1795-
1796- -cache-file | --cache-file | --cache-fil | --cache-fi \
1797- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
1798- ac_prev=cache_file ;;
1799- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
1800- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
1801- cache_file=$ac_optarg ;;
1802-
1803- --config-cache | -C)
1804- cache_file=config.cache ;;
1805-
1806- -datadir | --datadir | --datadi | --datad)
1807- ac_prev=datadir ;;
1808- -datadir=* | --datadir=* | --datadi=* | --datad=*)
1809- datadir=$ac_optarg ;;
1810-
1811- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
1812- | --dataroo | --dataro | --datar)
1813- ac_prev=datarootdir ;;
1814- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
1815- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
1816- datarootdir=$ac_optarg ;;
1817-
1818- -disable-* | --disable-*)
1819- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
1820- # Reject names that are not valid shell variable names.
1821- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1822- as_fn_error $? "invalid feature name: $ac_useropt"
1823- ac_useropt_orig=$ac_useropt
1824- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1825- case $ac_user_opts in
1826- *"
1827-"enable_$ac_useropt"
1828-"*) ;;
1829- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
1830- ac_unrecognized_sep=', ';;
1831- esac
1832- eval enable_$ac_useropt=no ;;
1833-
1834- -docdir | --docdir | --docdi | --doc | --do)
1835- ac_prev=docdir ;;
1836- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
1837- docdir=$ac_optarg ;;
1838-
1839- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
1840- ac_prev=dvidir ;;
1841- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
1842- dvidir=$ac_optarg ;;
1843-
1844- -enable-* | --enable-*)
1845- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
1846- # Reject names that are not valid shell variable names.
1847- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1848- as_fn_error $? "invalid feature name: $ac_useropt"
1849- ac_useropt_orig=$ac_useropt
1850- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1851- case $ac_user_opts in
1852- *"
1853-"enable_$ac_useropt"
1854-"*) ;;
1855- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
1856- ac_unrecognized_sep=', ';;
1857- esac
1858- eval enable_$ac_useropt=\$ac_optarg ;;
1859-
1860- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
1861- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
1862- | --exec | --exe | --ex)
1863- ac_prev=exec_prefix ;;
1864- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
1865- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
1866- | --exec=* | --exe=* | --ex=*)
1867- exec_prefix=$ac_optarg ;;
1868-
1869- -gas | --gas | --ga | --g)
1870- # Obsolete; use --with-gas.
1871- with_gas=yes ;;
1872-
1873- -help | --help | --hel | --he | -h)
1874- ac_init_help=long ;;
1875- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
1876- ac_init_help=recursive ;;
1877- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
1878- ac_init_help=short ;;
1879-
1880- -host | --host | --hos | --ho)
1881- ac_prev=host_alias ;;
1882- -host=* | --host=* | --hos=* | --ho=*)
1883- host_alias=$ac_optarg ;;
1884-
1885- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
1886- ac_prev=htmldir ;;
1887- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
1888- | --ht=*)
1889- htmldir=$ac_optarg ;;
1890-
1891- -includedir | --includedir | --includedi | --included | --include \
1892- | --includ | --inclu | --incl | --inc)
1893- ac_prev=includedir ;;
1894- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
1895- | --includ=* | --inclu=* | --incl=* | --inc=*)
1896- includedir=$ac_optarg ;;
1897-
1898- -infodir | --infodir | --infodi | --infod | --info | --inf)
1899- ac_prev=infodir ;;
1900- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
1901- infodir=$ac_optarg ;;
1902-
1903- -libdir | --libdir | --libdi | --libd)
1904- ac_prev=libdir ;;
1905- -libdir=* | --libdir=* | --libdi=* | --libd=*)
1906- libdir=$ac_optarg ;;
1907-
1908- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
1909- | --libexe | --libex | --libe)
1910- ac_prev=libexecdir ;;
1911- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
1912- | --libexe=* | --libex=* | --libe=*)
1913- libexecdir=$ac_optarg ;;
1914-
1915- -localedir | --localedir | --localedi | --localed | --locale)
1916- ac_prev=localedir ;;
1917- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
1918- localedir=$ac_optarg ;;
1919-
1920- -localstatedir | --localstatedir | --localstatedi | --localstated \
1921- | --localstate | --localstat | --localsta | --localst | --locals)
1922- ac_prev=localstatedir ;;
1923- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
1924- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
1925- localstatedir=$ac_optarg ;;
1926-
1927- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
1928- ac_prev=mandir ;;
1929- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
1930- mandir=$ac_optarg ;;
1931-
1932- -nfp | --nfp | --nf)
1933- # Obsolete; use --without-fp.
1934- with_fp=no ;;
1935-
1936- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
1937- | --no-cr | --no-c | -n)
1938- no_create=yes ;;
1939-
1940- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
1941- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
1942- no_recursion=yes ;;
1943-
1944- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
1945- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
1946- | --oldin | --oldi | --old | --ol | --o)
1947- ac_prev=oldincludedir ;;
1948- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
1949- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
1950- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
1951- oldincludedir=$ac_optarg ;;
1952-
1953- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
1954- ac_prev=prefix ;;
1955- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
1956- prefix=$ac_optarg ;;
1957-
1958- -program-prefix | --program-prefix | --program-prefi | --program-pref \
1959- | --program-pre | --program-pr | --program-p)
1960- ac_prev=program_prefix ;;
1961- -program-prefix=* | --program-prefix=* | --program-prefi=* \
1962- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
1963- program_prefix=$ac_optarg ;;
1964-
1965- -program-suffix | --program-suffix | --program-suffi | --program-suff \
1966- | --program-suf | --program-su | --program-s)
1967- ac_prev=program_suffix ;;
1968- -program-suffix=* | --program-suffix=* | --program-suffi=* \
1969- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
1970- program_suffix=$ac_optarg ;;
1971-
1972- -program-transform-name | --program-transform-name \
1973- | --program-transform-nam | --program-transform-na \
1974- | --program-transform-n | --program-transform- \
1975- | --program-transform | --program-transfor \
1976- | --program-transfo | --program-transf \
1977- | --program-trans | --program-tran \
1978- | --progr-tra | --program-tr | --program-t)
1979- ac_prev=program_transform_name ;;
1980- -program-transform-name=* | --program-transform-name=* \
1981- | --program-transform-nam=* | --program-transform-na=* \
1982- | --program-transform-n=* | --program-transform-=* \
1983- | --program-transform=* | --program-transfor=* \
1984- | --program-transfo=* | --program-transf=* \
1985- | --program-trans=* | --program-tran=* \
1986- | --progr-tra=* | --program-tr=* | --program-t=*)
1987- program_transform_name=$ac_optarg ;;
1988-
1989- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
1990- ac_prev=pdfdir ;;
1991- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
1992- pdfdir=$ac_optarg ;;
1993-
1994- -psdir | --psdir | --psdi | --psd | --ps)
1995- ac_prev=psdir ;;
1996- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
1997- psdir=$ac_optarg ;;
1998-
1999- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
2000- | -silent | --silent | --silen | --sile | --sil)
2001- silent=yes ;;
2002-
2003- -runstatedir | --runstatedir | --runstatedi | --runstated \
2004- | --runstate | --runstat | --runsta | --runst | --runs \
2005- | --run | --ru | --r)
2006- ac_prev=runstatedir ;;
2007- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
2008- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
2009- | --run=* | --ru=* | --r=*)
2010- runstatedir=$ac_optarg ;;
2011-
2012- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
2013- ac_prev=sbindir ;;
2014- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
2015- | --sbi=* | --sb=*)
2016- sbindir=$ac_optarg ;;
2017-
2018- -sharedstatedir | --sharedstatedir | --sharedstatedi \
2019- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
2020- | --sharedst | --shareds | --shared | --share | --shar \
2021- | --sha | --sh)
2022- ac_prev=sharedstatedir ;;
2023- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
2024- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
2025- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
2026- | --sha=* | --sh=*)
2027- sharedstatedir=$ac_optarg ;;
2028-
2029- -site | --site | --sit)
2030- ac_prev=site ;;
2031- -site=* | --site=* | --sit=*)
2032- site=$ac_optarg ;;
2033-
2034- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
2035- ac_prev=srcdir ;;
2036- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
2037- srcdir=$ac_optarg ;;
2038-
2039- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
2040- | --syscon | --sysco | --sysc | --sys | --sy)
2041- ac_prev=sysconfdir ;;
2042- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
2043- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
2044- sysconfdir=$ac_optarg ;;
2045-
2046- -target | --target | --targe | --targ | --tar | --ta | --t)
2047- ac_prev=target_alias ;;
2048- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
2049- target_alias=$ac_optarg ;;
2050-
2051- -v | -verbose | --verbose | --verbos | --verbo | --verb)
2052- verbose=yes ;;
2053-
2054- -version | --version | --versio | --versi | --vers | -V)
2055- ac_init_version=: ;;
2056-
2057- -with-* | --with-*)
2058- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
2059- # Reject names that are not valid shell variable names.
2060- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
2061- as_fn_error $? "invalid package name: $ac_useropt"
2062- ac_useropt_orig=$ac_useropt
2063- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
2064- case $ac_user_opts in
2065- *"
2066-"with_$ac_useropt"
2067-"*) ;;
2068- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
2069- ac_unrecognized_sep=', ';;
2070- esac
2071- eval with_$ac_useropt=\$ac_optarg ;;
2072-
2073- -without-* | --without-*)
2074- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
2075- # Reject names that are not valid shell variable names.
2076- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
2077- as_fn_error $? "invalid package name: $ac_useropt"
2078- ac_useropt_orig=$ac_useropt
2079- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
2080- case $ac_user_opts in
2081- *"
2082-"with_$ac_useropt"
2083-"*) ;;
2084- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
2085- ac_unrecognized_sep=', ';;
2086- esac
2087- eval with_$ac_useropt=no ;;
2088-
2089- --x)
2090- # Obsolete; use --with-x.
2091- with_x=yes ;;
2092-
2093- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
2094- | --x-incl | --x-inc | --x-in | --x-i)
2095- ac_prev=x_includes ;;
2096- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
2097- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
2098- x_includes=$ac_optarg ;;
2099-
2100- -x-libraries | --x-libraries | --x-librarie | --x-librari \
2101- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
2102- ac_prev=x_libraries ;;
2103- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
2104- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
2105- x_libraries=$ac_optarg ;;
2106-
2107- -*) as_fn_error $? "unrecognized option: \`$ac_option'
2108-Try \`$0 --help' for more information"
2109- ;;
2110-
2111- *=*)
2112- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
2113- # Reject names that are not valid shell variable names.
2114- case $ac_envvar in #(
2115- '' | [0-9]* | *[!_$as_cr_alnum]* )
2116- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
2117- esac
2118- eval $ac_envvar=\$ac_optarg
2119- export $ac_envvar ;;
2120-
2121- *)
2122- # FIXME: should be removed in autoconf 3.0.
2123- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
2124- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
2125- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
2126- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
2127- ;;
2128-
2129- esac
2130-done
2131-
2132-if test -n "$ac_prev"; then
2133- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
2134- as_fn_error $? "missing argument to $ac_option"
2135-fi
2136-
2137-if test -n "$ac_unrecognized_opts"; then
2138- case $enable_option_checking in
2139- no) ;;
2140- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
2141- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
2142- esac
2143-fi
2144-
2145-# Check all directory arguments for consistency.
2146-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
2147- datadir sysconfdir sharedstatedir localstatedir includedir \
2148- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
2149- libdir localedir mandir runstatedir
2150-do
2151- eval ac_val=\$$ac_var
2152- # Remove trailing slashes.
2153- case $ac_val in
2154- */ )
2155- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
2156- eval $ac_var=\$ac_val;;
2157- esac
2158- # Be sure to have absolute directory names.
2159- case $ac_val in
2160- [\\/$]* | ?:[\\/]* ) continue;;
2161- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
2162- esac
2163- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
2164-done
2165-
2166-# There might be people who depend on the old broken behavior: `$host'
2167-# used to hold the argument of --host etc.
2168-# FIXME: To remove some day.
2169-build=$build_alias
2170-host=$host_alias
2171-target=$target_alias
2172-
2173-# FIXME: To remove some day.
2174-if test "x$host_alias" != x; then
2175- if test "x$build_alias" = x; then
2176- cross_compiling=maybe
2177- elif test "x$build_alias" != "x$host_alias"; then
2178- cross_compiling=yes
2179- fi
2180-fi
2181-
2182-ac_tool_prefix=
2183-test -n "$host_alias" && ac_tool_prefix=$host_alias-
2184-
2185-test "$silent" = yes && exec 6>/dev/null
2186-
2187-
2188-ac_pwd=`pwd` && test -n "$ac_pwd" &&
2189-ac_ls_di=`ls -di .` &&
2190-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
2191- as_fn_error $? "working directory cannot be determined"
2192-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
2193- as_fn_error $? "pwd does not report name of working directory"
2194-
2195-
2196-# Find the source files, if location was not specified.
2197-if test -z "$srcdir"; then
2198- ac_srcdir_defaulted=yes
2199- # Try the directory containing this script, then the parent directory.
2200- ac_confdir=`$as_dirname -- "$as_myself" ||
2201-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
2202- X"$as_myself" : 'X\(//\)[^/]' \| \
2203- X"$as_myself" : 'X\(//\)$' \| \
2204- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
2205-$as_echo X"$as_myself" |
2206- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
2207- s//\1/
2208- q
2209- }
2210- /^X\(\/\/\)[^/].*/{
2211- s//\1/
2212- q
2213- }
2214- /^X\(\/\/\)$/{
2215- s//\1/
2216- q
2217- }
2218- /^X\(\/\).*/{
2219- s//\1/
2220- q
2221- }
2222- s/.*/./; q'`
2223- srcdir=$ac_confdir
2224- if test ! -r "$srcdir/$ac_unique_file"; then
2225- srcdir=..
2226- fi
2227-else
2228- ac_srcdir_defaulted=no
2229-fi
2230-if test ! -r "$srcdir/$ac_unique_file"; then
2231- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
2232- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
2233-fi
2234-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
2235-ac_abs_confdir=`(
2236- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
2237- pwd)`
2238-# When building in place, set srcdir=.
2239-if test "$ac_abs_confdir" = "$ac_pwd"; then
2240- srcdir=.
2241-fi
2242-# Remove unnecessary trailing slashes from srcdir.
2243-# Double slashes in file names in object file debugging info
2244-# mess up M-x gdb in Emacs.
2245-case $srcdir in
2246-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
2247-esac
2248-for ac_var in $ac_precious_vars; do
2249- eval ac_env_${ac_var}_set=\${${ac_var}+set}
2250- eval ac_env_${ac_var}_value=\$${ac_var}
2251- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
2252- eval ac_cv_env_${ac_var}_value=\$${ac_var}
2253-done
2254-
2255-#
2256-# Report the --help message.
2257-#
2258-if test "$ac_init_help" = "long"; then
2259- # Omit some internal or obsolete options to make the list less imposing.
2260- # This message is too long to be a string in the A/UX 3.1 sh.
2261- cat <<_ACEOF
2262-\`configure' configures this package to adapt to many kinds of systems.
2263-
2264-Usage: $0 [OPTION]... [VAR=VALUE]...
2265-
2266-To assign environment variables (e.g., CC, CFLAGS...), specify them as
2267-VAR=VALUE. See below for descriptions of some of the useful variables.
2268-
2269-Defaults for the options are specified in brackets.
2270-
2271-Configuration:
2272- -h, --help display this help and exit
2273- --help=short display options specific to this package
2274- --help=recursive display the short help of all the included packages
2275- -V, --version display version information and exit
2276- -q, --quiet, --silent do not print \`checking ...' messages
2277- --cache-file=FILE cache test results in FILE [disabled]
2278- -C, --config-cache alias for \`--cache-file=config.cache'
2279- -n, --no-create do not create output files
2280- --srcdir=DIR find the sources in DIR [configure dir or \`..']
2281-
2282-Installation directories:
2283- --prefix=PREFIX install architecture-independent files in PREFIX
2284- [$ac_default_prefix]
2285- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
2286- [PREFIX]
2287-
2288-By default, \`make install' will install all the files in
2289-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
2290-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
2291-for instance \`--prefix=\$HOME'.
2292-
2293-For better control, use the options below.
2294-
2295-Fine tuning of the installation directories:
2296- --bindir=DIR user executables [EPREFIX/bin]
2297- --sbindir=DIR system admin executables [EPREFIX/sbin]
2298- --libexecdir=DIR program executables [EPREFIX/libexec]
2299- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
2300- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
2301- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
2302- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
2303- --libdir=DIR object code libraries [EPREFIX/lib]
2304- --includedir=DIR C header files [PREFIX/include]
2305- --oldincludedir=DIR C header files for non-gcc [/usr/include]
2306- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
2307- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
2308- --infodir=DIR info documentation [DATAROOTDIR/info]
2309- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
2310- --mandir=DIR man documentation [DATAROOTDIR/man]
2311- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
2312- --htmldir=DIR html documentation [DOCDIR]
2313- --dvidir=DIR dvi documentation [DOCDIR]
2314- --pdfdir=DIR pdf documentation [DOCDIR]
2315- --psdir=DIR ps documentation [DOCDIR]
2316-_ACEOF
2317-
2318- cat <<\_ACEOF
2319-_ACEOF
2320-fi
2321-
2322-if test -n "$ac_init_help"; then
2323-
2324- cat <<\_ACEOF
2325-
2326-Optional Packages:
2327- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
2328- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
2329- --without-rlm_eap_teap build without rlm_eap_teap
2330- --with-openssl-lib-dir=DIR
2331- directory for LDAP library files
2332- -with-openssl-include-dir=DIR
2333- directory for LDAP include files
2334-
2335-Some influential environment variables:
2336- CC C compiler command
2337- CFLAGS C compiler flags
2338- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
2339- nonstandard directory <lib dir>
2340- LIBS libraries to pass to the linker, e.g. -l<library>
2341- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
2342- you have headers in a nonstandard directory <include dir>
2343- CPP C preprocessor
2344-
2345-Use these variables to override the choices made by `configure' or to help
2346-it to find libraries and programs with nonstandard names/locations.
2347-
2348-Report bugs to the package provider.
2349-_ACEOF
2350-ac_status=$?
2351-fi
2352-
2353-if test "$ac_init_help" = "recursive"; then
2354- # If there are subdirs, report their specific --help.
2355- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
2356- test -d "$ac_dir" ||
2357- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
2358- continue
2359- ac_builddir=.
2360-
2361-case "$ac_dir" in
2362-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
2363-*)
2364- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
2365- # A ".." for each directory in $ac_dir_suffix.
2366- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
2367- case $ac_top_builddir_sub in
2368- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
2369- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
2370- esac ;;
2371-esac
2372-ac_abs_top_builddir=$ac_pwd
2373-ac_abs_builddir=$ac_pwd$ac_dir_suffix
2374-# for backward compatibility:
2375-ac_top_builddir=$ac_top_build_prefix
2376-
2377-case $srcdir in
2378- .) # We are building in place.
2379- ac_srcdir=.
2380- ac_top_srcdir=$ac_top_builddir_sub
2381- ac_abs_top_srcdir=$ac_pwd ;;
2382- [\\/]* | ?:[\\/]* ) # Absolute name.
2383- ac_srcdir=$srcdir$ac_dir_suffix;
2384- ac_top_srcdir=$srcdir
2385- ac_abs_top_srcdir=$srcdir ;;
2386- *) # Relative name.
2387- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
2388- ac_top_srcdir=$ac_top_build_prefix$srcdir
2389- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
2390-esac
2391-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
2392-
2393- cd "$ac_dir" || { ac_status=$?; continue; }
2394- # Check for guested configure.
2395- if test -f "$ac_srcdir/configure.gnu"; then
2396- echo &&
2397- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
2398- elif test -f "$ac_srcdir/configure"; then
2399- echo &&
2400- $SHELL "$ac_srcdir/configure" --help=recursive
2401- else
2402- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
2403- fi || ac_status=$?
2404- cd "$ac_pwd" || { ac_status=$?; break; }
2405- done
2406-fi
2407-
2408-test -n "$ac_init_help" && exit $ac_status
2409-if $ac_init_version; then
2410- cat <<\_ACEOF
2411-configure
2412-generated by GNU Autoconf 2.69
2413-
2414-Copyright (C) 2012 Free Software Foundation, Inc.
2415-This configure script is free software; the Free Software Foundation
2416-gives unlimited permission to copy, distribute and modify it.
2417-_ACEOF
2418- exit
2419-fi
2420-
2421-## ------------------------ ##
2422-## Autoconf initialization. ##
2423-## ------------------------ ##
2424-
2425-echo
2426-echo Running tests for rlm_eap_teap
2427-echo
2428-
2429-
2430-# ac_fn_c_try_compile LINENO
2431-# --------------------------
2432-# Try to compile conftest.$ac_ext, and return whether this succeeded.
2433-ac_fn_c_try_compile ()
2434-{
2435- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2436- rm -f conftest.$ac_objext
2437- if { { ac_try="$ac_compile"
2438-case "(($ac_try" in
2439- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2440- *) ac_try_echo=$ac_try;;
2441-esac
2442-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2443-$as_echo "$ac_try_echo"; } >&5
2444- (eval "$ac_compile") 2>conftest.err
2445- ac_status=$?
2446- if test -s conftest.err; then
2447- grep -v '^ *+' conftest.err >conftest.er1
2448- cat conftest.er1 >&5
2449- mv -f conftest.er1 conftest.err
2450- fi
2451- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2452- test $ac_status = 0; } && {
2453- test -z "$ac_c_werror_flag" ||
2454- test ! -s conftest.err
2455- } && test -s conftest.$ac_objext; then :
2456- ac_retval=0
2457-else
2458- $as_echo "$as_me: failed program was:" >&5
2459-sed 's/^/| /' conftest.$ac_ext >&5
2460-
2461- ac_retval=1
2462-fi
2463- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2464- as_fn_set_status $ac_retval
2465-
2466-} # ac_fn_c_try_compile
2467-
2468-# ac_fn_c_try_link LINENO
2469-# -----------------------
2470-# Try to link conftest.$ac_ext, and return whether this succeeded.
2471-ac_fn_c_try_link ()
2472-{
2473- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2474- rm -f conftest.$ac_objext conftest$ac_exeext
2475- if { { ac_try="$ac_link"
2476-case "(($ac_try" in
2477- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2478- *) ac_try_echo=$ac_try;;
2479-esac
2480-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2481-$as_echo "$ac_try_echo"; } >&5
2482- (eval "$ac_link") 2>conftest.err
2483- ac_status=$?
2484- if test -s conftest.err; then
2485- grep -v '^ *+' conftest.err >conftest.er1
2486- cat conftest.er1 >&5
2487- mv -f conftest.er1 conftest.err
2488- fi
2489- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2490- test $ac_status = 0; } && {
2491- test -z "$ac_c_werror_flag" ||
2492- test ! -s conftest.err
2493- } && test -s conftest$ac_exeext && {
2494- test "$cross_compiling" = yes ||
2495- test -x conftest$ac_exeext
2496- }; then :
2497- ac_retval=0
2498-else
2499- $as_echo "$as_me: failed program was:" >&5
2500-sed 's/^/| /' conftest.$ac_ext >&5
2501-
2502- ac_retval=1
2503-fi
2504- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
2505- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
2506- # interfere with the next link command; also delete a directory that is
2507- # left behind by Apple's compiler. We do this before executing the actions.
2508- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
2509- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2510- as_fn_set_status $ac_retval
2511-
2512-} # ac_fn_c_try_link
2513-
2514-# ac_fn_c_try_cpp LINENO
2515-# ----------------------
2516-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
2517-ac_fn_c_try_cpp ()
2518-{
2519- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2520- if { { ac_try="$ac_cpp conftest.$ac_ext"
2521-case "(($ac_try" in
2522- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2523- *) ac_try_echo=$ac_try;;
2524-esac
2525-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2526-$as_echo "$ac_try_echo"; } >&5
2527- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
2528- ac_status=$?
2529- if test -s conftest.err; then
2530- grep -v '^ *+' conftest.err >conftest.er1
2531- cat conftest.er1 >&5
2532- mv -f conftest.er1 conftest.err
2533- fi
2534- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2535- test $ac_status = 0; } > conftest.i && {
2536- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
2537- test ! -s conftest.err
2538- }; then :
2539- ac_retval=0
2540-else
2541- $as_echo "$as_me: failed program was:" >&5
2542-sed 's/^/| /' conftest.$ac_ext >&5
2543-
2544- ac_retval=1
2545-fi
2546- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2547- as_fn_set_status $ac_retval
2548-
2549-} # ac_fn_c_try_cpp
2550-cat >config.log <<_ACEOF
2551-This file contains any messages produced by compilers while
2552-running configure, to aid debugging if configure makes a mistake.
2553-
2554-It was created by $as_me, which was
2555-generated by GNU Autoconf 2.69. Invocation command line was
2556-
2557- $ $0 $@
2558-
2559-_ACEOF
2560-exec 5>>config.log
2561-{
2562-cat <<_ASUNAME
2563-## --------- ##
2564-## Platform. ##
2565-## --------- ##
2566-
2567-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
2568-uname -m = `(uname -m) 2>/dev/null || echo unknown`
2569-uname -r = `(uname -r) 2>/dev/null || echo unknown`
2570-uname -s = `(uname -s) 2>/dev/null || echo unknown`
2571-uname -v = `(uname -v) 2>/dev/null || echo unknown`
2572-
2573-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
2574-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
2575-
2576-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
2577-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
2578-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
2579-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
2580-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
2581-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
2582-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
2583-
2584-_ASUNAME
2585-
2586-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2587-for as_dir in $PATH
2588-do
2589- IFS=$as_save_IFS
2590- test -z "$as_dir" && as_dir=.
2591- $as_echo "PATH: $as_dir"
2592- done
2593-IFS=$as_save_IFS
2594-
2595-} >&5
2596-
2597-cat >&5 <<_ACEOF
2598-
2599-
2600-## ----------- ##
2601-## Core tests. ##
2602-## ----------- ##
2603-
2604-_ACEOF
2605-
2606-
2607-# Keep a trace of the command line.
2608-# Strip out --no-create and --no-recursion so they do not pile up.
2609-# Strip out --silent because we don't want to record it for future runs.
2610-# Also quote any args containing shell meta-characters.
2611-# Make two passes to allow for proper duplicate-argument suppression.
2612-ac_configure_args=
2613-ac_configure_args0=
2614-ac_configure_args1=
2615-ac_must_keep_next=false
2616-for ac_pass in 1 2
2617-do
2618- for ac_arg
2619- do
2620- case $ac_arg in
2621- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
2622- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
2623- | -silent | --silent | --silen | --sile | --sil)
2624- continue ;;
2625- *\'*)
2626- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
2627- esac
2628- case $ac_pass in
2629- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
2630- 2)
2631- as_fn_append ac_configure_args1 " '$ac_arg'"
2632- if test $ac_must_keep_next = true; then
2633- ac_must_keep_next=false # Got value, back to normal.
2634- else
2635- case $ac_arg in
2636- *=* | --config-cache | -C | -disable-* | --disable-* \
2637- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
2638- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
2639- | -with-* | --with-* | -without-* | --without-* | --x)
2640- case "$ac_configure_args0 " in
2641- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
2642- esac
2643- ;;
2644- -* ) ac_must_keep_next=true ;;
2645- esac
2646- fi
2647- as_fn_append ac_configure_args " '$ac_arg'"
2648- ;;
2649- esac
2650- done
2651-done
2652-{ ac_configure_args0=; unset ac_configure_args0;}
2653-{ ac_configure_args1=; unset ac_configure_args1;}
2654-
2655-# When interrupted or exit'd, cleanup temporary files, and complete
2656-# config.log. We remove comments because anyway the quotes in there
2657-# would cause problems or look ugly.
2658-# WARNING: Use '\'' to represent an apostrophe within the trap.
2659-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
2660-trap 'exit_status=$?
2661- # Save into config.log some information that might help in debugging.
2662- {
2663- echo
2664-
2665- $as_echo "## ---------------- ##
2666-## Cache variables. ##
2667-## ---------------- ##"
2668- echo
2669- # The following way of writing the cache mishandles newlines in values,
2670-(
2671- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
2672- eval ac_val=\$$ac_var
2673- case $ac_val in #(
2674- *${as_nl}*)
2675- case $ac_var in #(
2676- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
2677-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
2678- esac
2679- case $ac_var in #(
2680- _ | IFS | as_nl) ;; #(
2681- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
2682- *) { eval $ac_var=; unset $ac_var;} ;;
2683- esac ;;
2684- esac
2685- done
2686- (set) 2>&1 |
2687- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
2688- *${as_nl}ac_space=\ *)
2689- sed -n \
2690- "s/'\''/'\''\\\\'\'''\''/g;
2691- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
2692- ;; #(
2693- *)
2694- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
2695- ;;
2696- esac |
2697- sort
2698-)
2699- echo
2700-
2701- $as_echo "## ----------------- ##
2702-## Output variables. ##
2703-## ----------------- ##"
2704- echo
2705- for ac_var in $ac_subst_vars
2706- do
2707- eval ac_val=\$$ac_var
2708- case $ac_val in
2709- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2710- esac
2711- $as_echo "$ac_var='\''$ac_val'\''"
2712- done | sort
2713- echo
2714-
2715- if test -n "$ac_subst_files"; then
2716- $as_echo "## ------------------- ##
2717-## File substitutions. ##
2718-## ------------------- ##"
2719- echo
2720- for ac_var in $ac_subst_files
2721- do
2722- eval ac_val=\$$ac_var
2723- case $ac_val in
2724- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2725- esac
2726- $as_echo "$ac_var='\''$ac_val'\''"
2727- done | sort
2728- echo
2729- fi
2730-
2731- if test -s confdefs.h; then
2732- $as_echo "## ----------- ##
2733-## confdefs.h. ##
2734-## ----------- ##"
2735- echo
2736- cat confdefs.h
2737- echo
2738- fi
2739- test "$ac_signal" != 0 &&
2740- $as_echo "$as_me: caught signal $ac_signal"
2741- $as_echo "$as_me: exit $exit_status"
2742- } >&5
2743- rm -f core *.core core.conftest.* &&
2744- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
2745- exit $exit_status
2746-' 0
2747-for ac_signal in 1 2 13 15; do
2748- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
2749-done
2750-ac_signal=0
2751-
2752-# confdefs.h avoids OS command line length limits that DEFS can exceed.
2753-rm -f -r conftest* confdefs.h
2754-
2755-$as_echo "/* confdefs.h */" > confdefs.h
2756-
2757-# Predefined preprocessor variables.
2758-
2759-cat >>confdefs.h <<_ACEOF
2760-#define PACKAGE_NAME "$PACKAGE_NAME"
2761-_ACEOF
2762-
2763-cat >>confdefs.h <<_ACEOF
2764-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
2765-_ACEOF
2766-
2767-cat >>confdefs.h <<_ACEOF
2768-#define PACKAGE_VERSION "$PACKAGE_VERSION"
2769-_ACEOF
2770-
2771-cat >>confdefs.h <<_ACEOF
2772-#define PACKAGE_STRING "$PACKAGE_STRING"
2773-_ACEOF
2774-
2775-cat >>confdefs.h <<_ACEOF
2776-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
2777-_ACEOF
2778-
2779-cat >>confdefs.h <<_ACEOF
2780-#define PACKAGE_URL "$PACKAGE_URL"
2781-_ACEOF
2782-
2783-
2784-# Let the site file select an alternate cache file if it wants to.
2785-# Prefer an explicitly selected file to automatically selected ones.
2786-ac_site_file1=NONE
2787-ac_site_file2=NONE
2788-if test -n "$CONFIG_SITE"; then
2789- # We do not want a PATH search for config.site.
2790- case $CONFIG_SITE in #((
2791- -*) ac_site_file1=./$CONFIG_SITE;;
2792- */*) ac_site_file1=$CONFIG_SITE;;
2793- *) ac_site_file1=./$CONFIG_SITE;;
2794- esac
2795-elif test "x$prefix" != xNONE; then
2796- ac_site_file1=$prefix/share/config.site
2797- ac_site_file2=$prefix/etc/config.site
2798-else
2799- ac_site_file1=$ac_default_prefix/share/config.site
2800- ac_site_file2=$ac_default_prefix/etc/config.site
2801-fi
2802-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
2803-do
2804- test "x$ac_site_file" = xNONE && continue
2805- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
2806- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
2807-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
2808- sed 's/^/| /' "$ac_site_file" >&5
2809- . "$ac_site_file" \
2810- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2811-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2812-as_fn_error $? "failed to load site script $ac_site_file
2813-See \`config.log' for more details" "$LINENO" 5; }
2814- fi
2815-done
2816-
2817-if test -r "$cache_file"; then
2818- # Some versions of bash will fail to source /dev/null (special files
2819- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
2820- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
2821- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
2822-$as_echo "$as_me: loading cache $cache_file" >&6;}
2823- case $cache_file in
2824- [\\/]* | ?:[\\/]* ) . "$cache_file";;
2825- *) . "./$cache_file";;
2826- esac
2827- fi
2828-else
2829- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
2830-$as_echo "$as_me: creating cache $cache_file" >&6;}
2831- >$cache_file
2832-fi
2833-
2834-# Check that the precious variables saved in the cache have kept the same
2835-# value.
2836-ac_cache_corrupted=false
2837-for ac_var in $ac_precious_vars; do
2838- eval ac_old_set=\$ac_cv_env_${ac_var}_set
2839- eval ac_new_set=\$ac_env_${ac_var}_set
2840- eval ac_old_val=\$ac_cv_env_${ac_var}_value
2841- eval ac_new_val=\$ac_env_${ac_var}_value
2842- case $ac_old_set,$ac_new_set in
2843- set,)
2844- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
2845-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
2846- ac_cache_corrupted=: ;;
2847- ,set)
2848- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
2849-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
2850- ac_cache_corrupted=: ;;
2851- ,);;
2852- *)
2853- if test "x$ac_old_val" != "x$ac_new_val"; then
2854- # differences in whitespace do not lead to failure.
2855- ac_old_val_w=`echo x $ac_old_val`
2856- ac_new_val_w=`echo x $ac_new_val`
2857- if test "$ac_old_val_w" != "$ac_new_val_w"; then
2858- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
2859-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
2860- ac_cache_corrupted=:
2861- else
2862- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
2863-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
2864- eval $ac_var=\$ac_old_val
2865- fi
2866- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
2867-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
2868- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
2869-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
2870- fi;;
2871- esac
2872- # Pass precious variables to config.status.
2873- if test "$ac_new_set" = set; then
2874- case $ac_new_val in
2875- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
2876- *) ac_arg=$ac_var=$ac_new_val ;;
2877- esac
2878- case " $ac_configure_args " in
2879- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
2880- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
2881- esac
2882- fi
2883-done
2884-if $ac_cache_corrupted; then
2885- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2886-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2887- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
2888-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
2889- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
2890-fi
2891-## -------------------- ##
2892-## Main body of script. ##
2893-## -------------------- ##
2894-
2895-ac_ext=c
2896-ac_cpp='$CPP $CPPFLAGS'
2897-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2898-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2899-ac_compiler_gnu=$ac_cv_c_compiler_gnu
2900-
2901-
2902-
2903-
2904-
2905-
2906-
2907-
2908-
2909-# Check whether --with-rlm_eap_teap was given.
2910-if test "${with_rlm_eap_teap+set}" = set; then :
2911- withval=$with_rlm_eap_teap;
2912-fi
2913-
2914-
2915-
2916-mod_ldflags=
2917-mod_cflags=
2918-
2919-
2920-fail=
2921-fr_status=
2922-fr_features=
2923-: > "config.report"
2924-: > "config.report.tmp"
2925-
2926-
2927-
2928-if test x"$with_rlm_eap_teap" != xno; then
2929-
2930-
2931-openssl_lib_dir=
2932-
2933-# Check whether --with-openssl-lib-dir was given.
2934-if test "${with_openssl_lib_dir+set}" = set; then :
2935- withval=$with_openssl_lib_dir; case "$withval" in
2936- no)
2937- as_fn_error $? "Need openssl-lib-dir" "$LINENO" 5
2938- ;;
2939- yes)
2940- ;;
2941- *)
2942- openssl_lib_dir="$withval"
2943- ;;
2944- esac
2945-fi
2946-
2947-
2948-openssl_include_dir=
2949-
2950-# Check whether --with-openssl-include-dir was given.
2951-if test "${with_openssl_include_dir+set}" = set; then :
2952- withval=$with_openssl_include_dir; case "$withval" in
2953- no)
2954- as_fn_error $? "Need openssl-include-dir" "$LINENO" 5
2955- ;;
2956- yes)
2957- ;;
2958- *)
2959- openssl_include_dir="$withval"
2960- ;;
2961- esac
2962-fi
2963-
2964-
2965-
2966-smart_try_dir=$openssl_include_dir
2967-ac_ext=c
2968-ac_cpp='$CPP $CPPFLAGS'
2969-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2970-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2971-ac_compiler_gnu=$ac_cv_c_compiler_gnu
2972-if test -n "$ac_tool_prefix"; then
2973- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
2974-set dummy ${ac_tool_prefix}gcc; ac_word=$2
2975-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2976-$as_echo_n "checking for $ac_word... " >&6; }
2977-if ${ac_cv_prog_CC+:} false; then :
2978- $as_echo_n "(cached) " >&6
2979-else
2980- if test -n "$CC"; then
2981- ac_cv_prog_CC="$CC" # Let the user override the test.
2982-else
2983-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2984-for as_dir in $PATH
2985-do
2986- IFS=$as_save_IFS
2987- test -z "$as_dir" && as_dir=.
2988- for ac_exec_ext in '' $ac_executable_extensions; do
2989- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2990- ac_cv_prog_CC="${ac_tool_prefix}gcc"
2991- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2992- break 2
2993- fi
2994-done
2995- done
2996-IFS=$as_save_IFS
2997-
2998-fi
2999-fi
3000-CC=$ac_cv_prog_CC
3001-if test -n "$CC"; then
3002- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
3003-$as_echo "$CC" >&6; }
3004-else
3005- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3006-$as_echo "no" >&6; }
3007-fi
3008-
3009-
3010-fi
3011-if test -z "$ac_cv_prog_CC"; then
3012- ac_ct_CC=$CC
3013- # Extract the first word of "gcc", so it can be a program name with args.
3014-set dummy gcc; ac_word=$2
3015-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3016-$as_echo_n "checking for $ac_word... " >&6; }
3017-if ${ac_cv_prog_ac_ct_CC+:} false; then :
3018- $as_echo_n "(cached) " >&6
3019-else
3020- if test -n "$ac_ct_CC"; then
3021- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
3022-else
3023-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3024-for as_dir in $PATH
3025-do
3026- IFS=$as_save_IFS
3027- test -z "$as_dir" && as_dir=.
3028- for ac_exec_ext in '' $ac_executable_extensions; do
3029- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
3030- ac_cv_prog_ac_ct_CC="gcc"
3031- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
3032- break 2
3033- fi
3034-done
3035- done
3036-IFS=$as_save_IFS
3037-
3038-fi
3039-fi
3040-ac_ct_CC=$ac_cv_prog_ac_ct_CC
3041-if test -n "$ac_ct_CC"; then
3042- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
3043-$as_echo "$ac_ct_CC" >&6; }
3044-else
3045- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3046-$as_echo "no" >&6; }
3047-fi
3048-
3049- if test "x$ac_ct_CC" = x; then
3050- CC=""
3051- else
3052- case $cross_compiling:$ac_tool_warned in
3053-yes:)
3054-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
3055-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
3056-ac_tool_warned=yes ;;
3057-esac
3058- CC=$ac_ct_CC
3059- fi
3060-else
3061- CC="$ac_cv_prog_CC"
3062-fi
3063-
3064-if test -z "$CC"; then
3065- if test -n "$ac_tool_prefix"; then
3066- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
3067-set dummy ${ac_tool_prefix}cc; ac_word=$2
3068-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3069-$as_echo_n "checking for $ac_word... " >&6; }
3070-if ${ac_cv_prog_CC+:} false; then :
3071- $as_echo_n "(cached) " >&6
3072-else
3073- if test -n "$CC"; then
3074- ac_cv_prog_CC="$CC" # Let the user override the test.
3075-else
3076-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3077-for as_dir in $PATH
3078-do
3079- IFS=$as_save_IFS
3080- test -z "$as_dir" && as_dir=.
3081- for ac_exec_ext in '' $ac_executable_extensions; do
3082- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
3083- ac_cv_prog_CC="${ac_tool_prefix}cc"
3084- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
3085- break 2
3086- fi
3087-done
3088- done
3089-IFS=$as_save_IFS
3090-
3091-fi
3092-fi
3093-CC=$ac_cv_prog_CC
3094-if test -n "$CC"; then
3095- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
3096-$as_echo "$CC" >&6; }
3097-else
3098- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3099-$as_echo "no" >&6; }
3100-fi
3101-
3102-
3103- fi
3104-fi
3105-if test -z "$CC"; then
3106- # Extract the first word of "cc", so it can be a program name with args.
3107-set dummy cc; ac_word=$2
3108-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3109-$as_echo_n "checking for $ac_word... " >&6; }
3110-if ${ac_cv_prog_CC+:} false; then :
3111- $as_echo_n "(cached) " >&6
3112-else
3113- if test -n "$CC"; then
3114- ac_cv_prog_CC="$CC" # Let the user override the test.
3115-else
3116- ac_prog_rejected=no
3117-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3118-for as_dir in $PATH
3119-do
3120- IFS=$as_save_IFS
3121- test -z "$as_dir" && as_dir=.
3122- for ac_exec_ext in '' $ac_executable_extensions; do
3123- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
3124- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
3125- ac_prog_rejected=yes
3126- continue
3127- fi
3128- ac_cv_prog_CC="cc"
3129- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
3130- break 2
3131- fi
3132-done
3133- done
3134-IFS=$as_save_IFS
3135-
3136-if test $ac_prog_rejected = yes; then
3137- # We found a bogon in the path, so make sure we never use it.
3138- set dummy $ac_cv_prog_CC
3139- shift
3140- if test $# != 0; then
3141- # We chose a different compiler from the bogus one.
3142- # However, it has the same basename, so the bogon will be chosen
3143- # first if we set CC to just the basename; use the full file name.
3144- shift
3145- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
3146- fi
3147-fi
3148-fi
3149-fi
3150-CC=$ac_cv_prog_CC
3151-if test -n "$CC"; then
3152- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
3153-$as_echo "$CC" >&6; }
3154-else
3155- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3156-$as_echo "no" >&6; }
3157-fi
3158-
3159-
3160-fi
3161-if test -z "$CC"; then
3162- if test -n "$ac_tool_prefix"; then
3163- for ac_prog in cl.exe
3164- do
3165- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
3166-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
3167-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3168-$as_echo_n "checking for $ac_word... " >&6; }
3169-if ${ac_cv_prog_CC+:} false; then :
3170- $as_echo_n "(cached) " >&6
3171-else
3172- if test -n "$CC"; then
3173- ac_cv_prog_CC="$CC" # Let the user override the test.
3174-else
3175-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3176-for as_dir in $PATH
3177-do
3178- IFS=$as_save_IFS
3179- test -z "$as_dir" && as_dir=.
3180- for ac_exec_ext in '' $ac_executable_extensions; do
3181- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
3182- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
3183- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
3184- break 2
3185- fi
3186-done
3187- done
3188-IFS=$as_save_IFS
3189-
3190-fi
3191-fi
3192-CC=$ac_cv_prog_CC
3193-if test -n "$CC"; then
3194- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
3195-$as_echo "$CC" >&6; }
3196-else
3197- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3198-$as_echo "no" >&6; }
3199-fi
3200-
3201-
3202- test -n "$CC" && break
3203- done
3204-fi
3205-if test -z "$CC"; then
3206- ac_ct_CC=$CC
3207- for ac_prog in cl.exe
3208-do
3209- # Extract the first word of "$ac_prog", so it can be a program name with args.
3210-set dummy $ac_prog; ac_word=$2
3211-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3212-$as_echo_n "checking for $ac_word... " >&6; }
3213-if ${ac_cv_prog_ac_ct_CC+:} false; then :
3214- $as_echo_n "(cached) " >&6
3215-else
3216- if test -n "$ac_ct_CC"; then
3217- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
3218-else
3219-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3220-for as_dir in $PATH
3221-do
3222- IFS=$as_save_IFS
3223- test -z "$as_dir" && as_dir=.
3224- for ac_exec_ext in '' $ac_executable_extensions; do
3225- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
3226- ac_cv_prog_ac_ct_CC="$ac_prog"
3227- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
3228- break 2
3229- fi
3230-done
3231- done
3232-IFS=$as_save_IFS
3233-
3234-fi
3235-fi
3236-ac_ct_CC=$ac_cv_prog_ac_ct_CC
3237-if test -n "$ac_ct_CC"; then
3238- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
3239-$as_echo "$ac_ct_CC" >&6; }
3240-else
3241- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3242-$as_echo "no" >&6; }
3243-fi
3244-
3245-
3246- test -n "$ac_ct_CC" && break
3247-done
3248-
3249- if test "x$ac_ct_CC" = x; then
3250- CC=""
3251- else
3252- case $cross_compiling:$ac_tool_warned in
3253-yes:)
3254-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
3255-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
3256-ac_tool_warned=yes ;;
3257-esac
3258- CC=$ac_ct_CC
3259- fi
3260-fi
3261-
3262-fi
3263-
3264-
3265-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3266-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3267-as_fn_error $? "no acceptable C compiler found in \$PATH
3268-See \`config.log' for more details" "$LINENO" 5; }
3269-
3270-# Provide some information about the compiler.
3271-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
3272-set X $ac_compile
3273-ac_compiler=$2
3274-for ac_option in --version -v -V -qversion; do
3275- { { ac_try="$ac_compiler $ac_option >&5"
3276-case "(($ac_try" in
3277- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3278- *) ac_try_echo=$ac_try;;
3279-esac
3280-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3281-$as_echo "$ac_try_echo"; } >&5
3282- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
3283- ac_status=$?
3284- if test -s conftest.err; then
3285- sed '10a\
3286-... rest of stderr output deleted ...
3287- 10q' conftest.err >conftest.er1
3288- cat conftest.er1 >&5
3289- fi
3290- rm -f conftest.er1 conftest.err
3291- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3292- test $ac_status = 0; }
3293-done
3294-
3295-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3296-/* end confdefs.h. */
3297-
3298-int
3299-main ()
3300-{
3301-
3302- ;
3303- return 0;
3304-}
3305-_ACEOF
3306-ac_clean_files_save=$ac_clean_files
3307-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
3308-# Try to create an executable without -o first, disregard a.out.
3309-# It will help us diagnose broken compilers, and finding out an intuition
3310-# of exeext.
3311-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
3312-$as_echo_n "checking whether the C compiler works... " >&6; }
3313-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
3314-
3315-# The possible output files:
3316-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
3317-
3318-ac_rmfiles=
3319-for ac_file in $ac_files
3320-do
3321- case $ac_file in
3322- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
3323- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
3324- esac
3325-done
3326-rm -f $ac_rmfiles
3327-
3328-if { { ac_try="$ac_link_default"
3329-case "(($ac_try" in
3330- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3331- *) ac_try_echo=$ac_try;;
3332-esac
3333-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3334-$as_echo "$ac_try_echo"; } >&5
3335- (eval "$ac_link_default") 2>&5
3336- ac_status=$?
3337- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3338- test $ac_status = 0; }; then :
3339- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
3340-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
3341-# in a Makefile. We should not override ac_cv_exeext if it was cached,
3342-# so that the user can short-circuit this test for compilers unknown to
3343-# Autoconf.
3344-for ac_file in $ac_files ''
3345-do
3346- test -f "$ac_file" || continue
3347- case $ac_file in
3348- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
3349- ;;
3350- [ab].out )
3351- # We found the default executable, but exeext='' is most
3352- # certainly right.
3353- break;;
3354- *.* )
3355- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
3356- then :; else
3357- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3358- fi
3359- # We set ac_cv_exeext here because the later test for it is not
3360- # safe: cross compilers may not add the suffix if given an `-o'
3361- # argument, so we may need to know it at that point already.
3362- # Even if this section looks crufty: it has the advantage of
3363- # actually working.
3364- break;;
3365- * )
3366- break;;
3367- esac
3368-done
3369-test "$ac_cv_exeext" = no && ac_cv_exeext=
3370-
3371-else
3372- ac_file=''
3373-fi
3374-if test -z "$ac_file"; then :
3375- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3376-$as_echo "no" >&6; }
3377-$as_echo "$as_me: failed program was:" >&5
3378-sed 's/^/| /' conftest.$ac_ext >&5
3379-
3380-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3381-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3382-as_fn_error 77 "C compiler cannot create executables
3383-See \`config.log' for more details" "$LINENO" 5; }
3384-else
3385- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3386-$as_echo "yes" >&6; }
3387-fi
3388-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
3389-$as_echo_n "checking for C compiler default output file name... " >&6; }
3390-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
3391-$as_echo "$ac_file" >&6; }
3392-ac_exeext=$ac_cv_exeext
3393-
3394-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
3395-ac_clean_files=$ac_clean_files_save
3396-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
3397-$as_echo_n "checking for suffix of executables... " >&6; }
3398-if { { ac_try="$ac_link"
3399-case "(($ac_try" in
3400- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3401- *) ac_try_echo=$ac_try;;
3402-esac
3403-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3404-$as_echo "$ac_try_echo"; } >&5
3405- (eval "$ac_link") 2>&5
3406- ac_status=$?
3407- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3408- test $ac_status = 0; }; then :
3409- # If both `conftest.exe' and `conftest' are `present' (well, observable)
3410-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
3411-# work properly (i.e., refer to `conftest.exe'), while it won't with
3412-# `rm'.
3413-for ac_file in conftest.exe conftest conftest.*; do
3414- test -f "$ac_file" || continue
3415- case $ac_file in
3416- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
3417- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3418- break;;
3419- * ) break;;
3420- esac
3421-done
3422-else
3423- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3424-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3425-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
3426-See \`config.log' for more details" "$LINENO" 5; }
3427-fi
3428-rm -f conftest conftest$ac_cv_exeext
3429-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
3430-$as_echo "$ac_cv_exeext" >&6; }
3431-
3432-rm -f conftest.$ac_ext
3433-EXEEXT=$ac_cv_exeext
3434-ac_exeext=$EXEEXT
3435-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3436-/* end confdefs.h. */
3437-#include <stdio.h>
3438-int
3439-main ()
3440-{
3441-FILE *f = fopen ("conftest.out", "w");
3442- return ferror (f) || fclose (f) != 0;
3443-
3444- ;
3445- return 0;
3446-}
3447-_ACEOF
3448-ac_clean_files="$ac_clean_files conftest.out"
3449-# Check that the compiler produces executables we can run. If not, either
3450-# the compiler is broken, or we cross compile.
3451-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
3452-$as_echo_n "checking whether we are cross compiling... " >&6; }
3453-if test "$cross_compiling" != yes; then
3454- { { ac_try="$ac_link"
3455-case "(($ac_try" in
3456- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3457- *) ac_try_echo=$ac_try;;
3458-esac
3459-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3460-$as_echo "$ac_try_echo"; } >&5
3461- (eval "$ac_link") 2>&5
3462- ac_status=$?
3463- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3464- test $ac_status = 0; }
3465- if { ac_try='./conftest$ac_cv_exeext'
3466- { { case "(($ac_try" in
3467- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3468- *) ac_try_echo=$ac_try;;
3469-esac
3470-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3471-$as_echo "$ac_try_echo"; } >&5
3472- (eval "$ac_try") 2>&5
3473- ac_status=$?
3474- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3475- test $ac_status = 0; }; }; then
3476- cross_compiling=no
3477- else
3478- if test "$cross_compiling" = maybe; then
3479- cross_compiling=yes
3480- else
3481- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3482-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3483-as_fn_error $? "cannot run C compiled programs.
3484-If you meant to cross compile, use \`--host'.
3485-See \`config.log' for more details" "$LINENO" 5; }
3486- fi
3487- fi
3488-fi
3489-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
3490-$as_echo "$cross_compiling" >&6; }
3491-
3492-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
3493-ac_clean_files=$ac_clean_files_save
3494-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
3495-$as_echo_n "checking for suffix of object files... " >&6; }
3496-if ${ac_cv_objext+:} false; then :
3497- $as_echo_n "(cached) " >&6
3498-else
3499- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3500-/* end confdefs.h. */
3501-
3502-int
3503-main ()
3504-{
3505-
3506- ;
3507- return 0;
3508-}
3509-_ACEOF
3510-rm -f conftest.o conftest.obj
3511-if { { ac_try="$ac_compile"
3512-case "(($ac_try" in
3513- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3514- *) ac_try_echo=$ac_try;;
3515-esac
3516-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3517-$as_echo "$ac_try_echo"; } >&5
3518- (eval "$ac_compile") 2>&5
3519- ac_status=$?
3520- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3521- test $ac_status = 0; }; then :
3522- for ac_file in conftest.o conftest.obj conftest.*; do
3523- test -f "$ac_file" || continue;
3524- case $ac_file in
3525- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
3526- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
3527- break;;
3528- esac
3529-done
3530-else
3531- $as_echo "$as_me: failed program was:" >&5
3532-sed 's/^/| /' conftest.$ac_ext >&5
3533-
3534-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3535-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3536-as_fn_error $? "cannot compute suffix of object files: cannot compile
3537-See \`config.log' for more details" "$LINENO" 5; }
3538-fi
3539-rm -f conftest.$ac_cv_objext conftest.$ac_ext
3540-fi
3541-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
3542-$as_echo "$ac_cv_objext" >&6; }
3543-OBJEXT=$ac_cv_objext
3544-ac_objext=$OBJEXT
3545-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
3546-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
3547-if ${ac_cv_c_compiler_gnu+:} false; then :
3548- $as_echo_n "(cached) " >&6
3549-else
3550- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3551-/* end confdefs.h. */
3552-
3553-int
3554-main ()
3555-{
3556-#ifndef __GNUC__
3557- choke me
3558-#endif
3559-
3560- ;
3561- return 0;
3562-}
3563-_ACEOF
3564-if ac_fn_c_try_compile "$LINENO"; then :
3565- ac_compiler_gnu=yes
3566-else
3567- ac_compiler_gnu=no
3568-fi
3569-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3570-ac_cv_c_compiler_gnu=$ac_compiler_gnu
3571-
3572-fi
3573-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
3574-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
3575-if test $ac_compiler_gnu = yes; then
3576- GCC=yes
3577-else
3578- GCC=
3579-fi
3580-ac_test_CFLAGS=${CFLAGS+set}
3581-ac_save_CFLAGS=$CFLAGS
3582-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
3583-$as_echo_n "checking whether $CC accepts -g... " >&6; }
3584-if ${ac_cv_prog_cc_g+:} false; then :
3585- $as_echo_n "(cached) " >&6
3586-else
3587- ac_save_c_werror_flag=$ac_c_werror_flag
3588- ac_c_werror_flag=yes
3589- ac_cv_prog_cc_g=no
3590- CFLAGS="-g"
3591- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3592-/* end confdefs.h. */
3593-
3594-int
3595-main ()
3596-{
3597-
3598- ;
3599- return 0;
3600-}
3601-_ACEOF
3602-if ac_fn_c_try_compile "$LINENO"; then :
3603- ac_cv_prog_cc_g=yes
3604-else
3605- CFLAGS=""
3606- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3607-/* end confdefs.h. */
3608-
3609-int
3610-main ()
3611-{
3612-
3613- ;
3614- return 0;
3615-}
3616-_ACEOF
3617-if ac_fn_c_try_compile "$LINENO"; then :
3618-
3619-else
3620- ac_c_werror_flag=$ac_save_c_werror_flag
3621- CFLAGS="-g"
3622- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3623-/* end confdefs.h. */
3624-
3625-int
3626-main ()
3627-{
3628-
3629- ;
3630- return 0;
3631-}
3632-_ACEOF
3633-if ac_fn_c_try_compile "$LINENO"; then :
3634- ac_cv_prog_cc_g=yes
3635-fi
3636-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3637-fi
3638-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3639-fi
3640-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3641- ac_c_werror_flag=$ac_save_c_werror_flag
3642-fi
3643-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
3644-$as_echo "$ac_cv_prog_cc_g" >&6; }
3645-if test "$ac_test_CFLAGS" = set; then
3646- CFLAGS=$ac_save_CFLAGS
3647-elif test $ac_cv_prog_cc_g = yes; then
3648- if test "$GCC" = yes; then
3649- CFLAGS="-g -O2"
3650- else
3651- CFLAGS="-g"
3652- fi
3653-else
3654- if test "$GCC" = yes; then
3655- CFLAGS="-O2"
3656- else
3657- CFLAGS=
3658- fi
3659-fi
3660-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
3661-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
3662-if ${ac_cv_prog_cc_c89+:} false; then :
3663- $as_echo_n "(cached) " >&6
3664-else
3665- ac_cv_prog_cc_c89=no
3666-ac_save_CC=$CC
3667-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3668-/* end confdefs.h. */
3669-#include <stdarg.h>
3670-#include <stdio.h>
3671-struct stat;
3672-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
3673-struct buf { int x; };
3674-FILE * (*rcsopen) (struct buf *, struct stat *, int);
3675-static char *e (p, i)
3676- char **p;
3677- int i;
3678-{
3679- return p[i];
3680-}
3681-static char *f (char * (*g) (char **, int), char **p, ...)
3682-{
3683- char *s;
3684- va_list v;
3685- va_start (v,p);
3686- s = g (p, va_arg (v,int));
3687- va_end (v);
3688- return s;
3689-}
3690-
3691-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
3692- function prototypes and stuff, but not '\xHH' hex character constants.
3693- These don't provoke an error unfortunately, instead are silently treated
3694- as 'x'. The following induces an error, until -std is added to get
3695- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
3696- array size at least. It's necessary to write '\x00'==0 to get something
3697- that's true only with -std. */
3698-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
3699-
3700-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
3701- inside strings and character constants. */
3702-#define FOO(x) 'x'
3703-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
3704-
3705-int test (int i, double x);
3706-struct s1 {int (*f) (int a);};
3707-struct s2 {int (*f) (double a);};
3708-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
3709-int argc;
3710-char **argv;
3711-int
3712-main ()
3713-{
3714-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
3715- ;
3716- return 0;
3717-}
3718-_ACEOF
3719-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
3720- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
3721-do
3722- CC="$ac_save_CC $ac_arg"
3723- if ac_fn_c_try_compile "$LINENO"; then :
3724- ac_cv_prog_cc_c89=$ac_arg
3725-fi
3726-rm -f core conftest.err conftest.$ac_objext
3727- test "x$ac_cv_prog_cc_c89" != "xno" && break
3728-done
3729-rm -f conftest.$ac_ext
3730-CC=$ac_save_CC
3731-
3732-fi
3733-# AC_CACHE_VAL
3734-case "x$ac_cv_prog_cc_c89" in
3735- x)
3736- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
3737-$as_echo "none needed" >&6; } ;;
3738- xno)
3739- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
3740-$as_echo "unsupported" >&6; } ;;
3741- *)
3742- CC="$CC $ac_cv_prog_cc_c89"
3743- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
3744-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
3745-esac
3746-if test "x$ac_cv_prog_cc_c89" != xno; then :
3747-
3748-fi
3749-
3750-ac_ext=c
3751-ac_cpp='$CPP $CPPFLAGS'
3752-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3753-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3754-ac_compiler_gnu=$ac_cv_c_compiler_gnu
3755-
3756-
3757-
3758-
3759-ac_safe=`echo "openssl/ec.h" | sed 'y%./+-%__pm%'`
3760-old_CPPFLAGS="$CPPFLAGS"
3761-smart_include=
3762-smart_include_dir="/usr/local/include /opt/include"
3763-
3764-_smart_try_dir=
3765-_smart_include_dir=
3766-
3767-for _prefix in $smart_prefix ""; do
3768- for _dir in $smart_try_dir; do
3769- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
3770- done
3771-
3772- for _dir in $smart_include_dir; do
3773- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
3774- done
3775-done
3776-
3777-if test "x$_smart_try_dir" != "x"; then
3778- for try in $_smart_try_dir; do
3779- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
3780-$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
3781- CPPFLAGS="-isystem $try $old_CPPFLAGS"
3782- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3783-/* end confdefs.h. */
3784-
3785- #include <openssl/ec.h>
3786-int
3787-main ()
3788-{
3789-int a = 1;
3790- ;
3791- return 0;
3792-}
3793-_ACEOF
3794-if ac_fn_c_try_compile "$LINENO"; then :
3795-
3796- smart_include="-isystem $try"
3797- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3798-$as_echo "yes" >&6; }
3799- break
3800-
3801-else
3802-
3803- smart_include=
3804- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3805-$as_echo "no" >&6; }
3806-
3807-fi
3808-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3809- done
3810- CPPFLAGS="$old_CPPFLAGS"
3811-fi
3812-
3813-if test "x$smart_include" = "x"; then
3814- for _prefix in $smart_prefix; do
3815- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ec.h" >&5
3816-$as_echo_n "checking for ${_prefix}/openssl/ec.h... " >&6; }
3817-
3818- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3819-/* end confdefs.h. */
3820-
3821- #include <openssl/ec.h>
3822-int
3823-main ()
3824-{
3825-int a = 1;
3826- ;
3827- return 0;
3828-}
3829-_ACEOF
3830-if ac_fn_c_try_compile "$LINENO"; then :
3831-
3832- smart_include="-isystem ${_prefix}/"
3833- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3834-$as_echo "yes" >&6; }
3835- break
3836-
3837-else
3838-
3839- smart_include=
3840- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3841-$as_echo "no" >&6; }
3842-
3843-fi
3844-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3845- done
3846-fi
3847-
3848-if test "x$smart_include" = "x"; then
3849- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h" >&5
3850-$as_echo_n "checking for openssl/ec.h... " >&6; }
3851-
3852- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3853-/* end confdefs.h. */
3854-
3855- #include <openssl/ec.h>
3856-int
3857-main ()
3858-{
3859-int a = 1;
3860- ;
3861- return 0;
3862-}
3863-_ACEOF
3864-if ac_fn_c_try_compile "$LINENO"; then :
3865-
3866- smart_include=" "
3867- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3868-$as_echo "yes" >&6; }
3869- break
3870-
3871-else
3872-
3873- smart_include=
3874- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3875-$as_echo "no" >&6; }
3876-
3877-fi
3878-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3879-fi
3880-
3881-if test "x$smart_include" = "x"; then
3882-
3883- for try in $_smart_include_dir; do
3884- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
3885-$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
3886- CPPFLAGS="-isystem $try $old_CPPFLAGS"
3887- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3888-/* end confdefs.h. */
3889-
3890- #include <openssl/ec.h>
3891-int
3892-main ()
3893-{
3894-int a = 1;
3895- ;
3896- return 0;
3897-}
3898-_ACEOF
3899-if ac_fn_c_try_compile "$LINENO"; then :
3900-
3901- smart_include="-isystem $try"
3902- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3903-$as_echo "yes" >&6; }
3904- break
3905-
3906-else
3907-
3908- smart_include=
3909- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3910-$as_echo "no" >&6; }
3911-
3912-fi
3913-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3914- done
3915- CPPFLAGS="$old_CPPFLAGS"
3916-fi
3917-
3918-if test "x$smart_include" != "x"; then
3919- eval "ac_cv_header_$ac_safe=yes"
3920- CPPFLAGS="$smart_include $old_CPPFLAGS"
3921- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
3922-fi
3923-
3924-smart_prefix=
3925-
3926-if test "$ac_cv_header_openssl_ec_h" != "yes"; then
3927-
3928-fail="$fail openssl/ec.h"
3929-
3930-fi
3931-
3932-smart_try_dir=$openssl_lib_dir
3933-
3934-
3935-sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
3936-sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'`
3937-
3938-old_LIBS="$LIBS"
3939-old_CPPFLAGS="$CPPFLAGS"
3940-smart_lib=
3941-smart_ldflags=
3942-smart_lib_dir=
3943-
3944-if test "x$smart_try_dir" != "x"; then
3945- for try in $smart_try_dir; do
3946- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
3947-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
3948- LIBS="-lcrypto $old_LIBS"
3949- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
3950- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3951-/* end confdefs.h. */
3952-extern char EVP_CIPHER_CTX_new();
3953-int
3954-main ()
3955-{
3956-EVP_CIPHER_CTX_new()
3957- ;
3958- return 0;
3959-}
3960-_ACEOF
3961-if ac_fn_c_try_link "$LINENO"; then :
3962-
3963- smart_lib="-lcrypto"
3964- smart_ldflags="-L$try -Wl,-rpath,$try"
3965- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3966-$as_echo "yes" >&6; }
3967- break
3968-
3969-else
3970- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3971-$as_echo "no" >&6; }
3972-fi
3973-rm -f core conftest.err conftest.$ac_objext \
3974- conftest$ac_exeext conftest.$ac_ext
3975- done
3976- LIBS="$old_LIBS"
3977- CPPFLAGS="$old_CPPFLAGS"
3978-fi
3979-
3980-if test "x$smart_lib" = "x"; then
3981- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5
3982-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; }
3983- LIBS="-lcrypto $old_LIBS"
3984- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3985-/* end confdefs.h. */
3986-extern char EVP_CIPHER_CTX_new();
3987-int
3988-main ()
3989-{
3990-EVP_CIPHER_CTX_new()
3991- ;
3992- return 0;
3993-}
3994-_ACEOF
3995-if ac_fn_c_try_link "$LINENO"; then :
3996-
3997- smart_lib="-lcrypto"
3998- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3999-$as_echo "yes" >&6; }
4000-
4001-else
4002- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4003-$as_echo "no" >&6; }
4004-fi
4005-rm -f core conftest.err conftest.$ac_objext \
4006- conftest$ac_exeext conftest.$ac_ext
4007- LIBS="$old_LIBS"
4008-fi
4009-
4010-if test "x$smart_lib" = "x"; then
4011- for try in /usr/local/lib /opt/lib; do
4012- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
4013-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
4014- LIBS="-lcrypto $old_LIBS"
4015- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
4016- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4017-/* end confdefs.h. */
4018-extern char EVP_CIPHER_CTX_new();
4019-int
4020-main ()
4021-{
4022-EVP_CIPHER_CTX_new()
4023- ;
4024- return 0;
4025-}
4026-_ACEOF
4027-if ac_fn_c_try_link "$LINENO"; then :
4028-
4029- smart_lib="-lcrypto"
4030- smart_ldflags="-L$try -Wl,-rpath,$try"
4031- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
4032-$as_echo "yes" >&6; }
4033- break
4034-
4035-else
4036- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4037-$as_echo "no" >&6; }
4038-fi
4039-rm -f core conftest.err conftest.$ac_objext \
4040- conftest$ac_exeext conftest.$ac_ext
4041- done
4042- LIBS="$old_LIBS"
4043- CPPFLAGS="$old_CPPFLAGS"
4044-fi
4045-
4046-if test "x$smart_lib" != "x"; then
4047- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
4048- LIBS="$smart_ldflags $smart_lib $old_LIBS"
4049- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
4050-fi
4051-
4052-if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
4053-
4054-fail="$fail libssl"
4055-
4056-fi
4057-
4058-ac_ext=c
4059-ac_cpp='$CPP $CPPFLAGS'
4060-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4061-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4062-ac_compiler_gnu=$ac_cv_c_compiler_gnu
4063-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
4064-$as_echo_n "checking how to run the C preprocessor... " >&6; }
4065-# On Suns, sometimes $CPP names a directory.
4066-if test -n "$CPP" && test -d "$CPP"; then
4067- CPP=
4068-fi
4069-if test -z "$CPP"; then
4070- if ${ac_cv_prog_CPP+:} false; then :
4071- $as_echo_n "(cached) " >&6
4072-else
4073- # Double quotes because CPP needs to be expanded
4074- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
4075- do
4076- ac_preproc_ok=false
4077-for ac_c_preproc_warn_flag in '' yes
4078-do
4079- # Use a header file that comes with gcc, so configuring glibc
4080- # with a fresh cross-compiler works.
4081- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4082- # <limits.h> exists even on freestanding compilers.
4083- # On the NeXT, cc -E runs the code through the compiler's parser,
4084- # not just through cpp. "Syntax error" is here to catch this case.
4085- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4086-/* end confdefs.h. */
4087-#ifdef __STDC__
4088-# include <limits.h>
4089-#else
4090-# include <assert.h>
4091-#endif
4092- Syntax error
4093-_ACEOF
4094-if ac_fn_c_try_cpp "$LINENO"; then :
4095-
4096-else
4097- # Broken: fails on valid input.
4098-continue
4099-fi
4100-rm -f conftest.err conftest.i conftest.$ac_ext
4101-
4102- # OK, works on sane cases. Now check whether nonexistent headers
4103- # can be detected and how.
4104- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4105-/* end confdefs.h. */
4106-#include <ac_nonexistent.h>
4107-_ACEOF
4108-if ac_fn_c_try_cpp "$LINENO"; then :
4109- # Broken: success on invalid input.
4110-continue
4111-else
4112- # Passes both tests.
4113-ac_preproc_ok=:
4114-break
4115-fi
4116-rm -f conftest.err conftest.i conftest.$ac_ext
4117-
4118-done
4119-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4120-rm -f conftest.i conftest.err conftest.$ac_ext
4121-if $ac_preproc_ok; then :
4122- break
4123-fi
4124-
4125- done
4126- ac_cv_prog_CPP=$CPP
4127-
4128-fi
4129- CPP=$ac_cv_prog_CPP
4130-else
4131- ac_cv_prog_CPP=$CPP
4132-fi
4133-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
4134-$as_echo "$CPP" >&6; }
4135-ac_preproc_ok=false
4136-for ac_c_preproc_warn_flag in '' yes
4137-do
4138- # Use a header file that comes with gcc, so configuring glibc
4139- # with a fresh cross-compiler works.
4140- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4141- # <limits.h> exists even on freestanding compilers.
4142- # On the NeXT, cc -E runs the code through the compiler's parser,
4143- # not just through cpp. "Syntax error" is here to catch this case.
4144- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4145-/* end confdefs.h. */
4146-#ifdef __STDC__
4147-# include <limits.h>
4148-#else
4149-# include <assert.h>
4150-#endif
4151- Syntax error
4152-_ACEOF
4153-if ac_fn_c_try_cpp "$LINENO"; then :
4154-
4155-else
4156- # Broken: fails on valid input.
4157-continue
4158-fi
4159-rm -f conftest.err conftest.i conftest.$ac_ext
4160-
4161- # OK, works on sane cases. Now check whether nonexistent headers
4162- # can be detected and how.
4163- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4164-/* end confdefs.h. */
4165-#include <ac_nonexistent.h>
4166-_ACEOF
4167-if ac_fn_c_try_cpp "$LINENO"; then :
4168- # Broken: success on invalid input.
4169-continue
4170-else
4171- # Passes both tests.
4172-ac_preproc_ok=:
4173-break
4174-fi
4175-rm -f conftest.err conftest.i conftest.$ac_ext
4176-
4177-done
4178-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4179-rm -f conftest.i conftest.err conftest.$ac_ext
4180-if $ac_preproc_ok; then :
4181-
4182-else
4183- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
4184-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
4185-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
4186-See \`config.log' for more details" "$LINENO" 5; }
4187-fi
4188-
4189-ac_ext=c
4190-ac_cpp='$CPP $CPPFLAGS'
4191-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4192-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4193-ac_compiler_gnu=$ac_cv_c_compiler_gnu
4194-
4195-
4196-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
4197-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
4198-if ${ac_cv_path_GREP+:} false; then :
4199- $as_echo_n "(cached) " >&6
4200-else
4201- if test -z "$GREP"; then
4202- ac_path_GREP_found=false
4203- # Loop through the user's path and test for each of PROGNAME-LIST
4204- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4205-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
4206-do
4207- IFS=$as_save_IFS
4208- test -z "$as_dir" && as_dir=.
4209- for ac_prog in grep ggrep; do
4210- for ac_exec_ext in '' $ac_executable_extensions; do
4211- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
4212- as_fn_executable_p "$ac_path_GREP" || continue
4213-# Check for GNU ac_path_GREP and select it if it is found.
4214- # Check for GNU $ac_path_GREP
4215-case `"$ac_path_GREP" --version 2>&1` in
4216-*GNU*)
4217- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
4218-*)
4219- ac_count=0
4220- $as_echo_n 0123456789 >"conftest.in"
4221- while :
4222- do
4223- cat "conftest.in" "conftest.in" >"conftest.tmp"
4224- mv "conftest.tmp" "conftest.in"
4225- cp "conftest.in" "conftest.nl"
4226- $as_echo 'GREP' >> "conftest.nl"
4227- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
4228- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
4229- as_fn_arith $ac_count + 1 && ac_count=$as_val
4230- if test $ac_count -gt ${ac_path_GREP_max-0}; then
4231- # Best one so far, save it but keep looking for a better one
4232- ac_cv_path_GREP="$ac_path_GREP"
4233- ac_path_GREP_max=$ac_count
4234- fi
4235- # 10*(2^10) chars as input seems more than enough
4236- test $ac_count -gt 10 && break
4237- done
4238- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
4239-esac
4240-
4241- $ac_path_GREP_found && break 3
4242- done
4243- done
4244- done
4245-IFS=$as_save_IFS
4246- if test -z "$ac_cv_path_GREP"; then
4247- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
4248- fi
4249-else
4250- ac_cv_path_GREP=$GREP
4251-fi
4252-
4253-fi
4254-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
4255-$as_echo "$ac_cv_path_GREP" >&6; }
4256- GREP="$ac_cv_path_GREP"
4257-
4258-
4259-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
4260-$as_echo_n "checking for egrep... " >&6; }
4261-if ${ac_cv_path_EGREP+:} false; then :
4262- $as_echo_n "(cached) " >&6
4263-else
4264- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
4265- then ac_cv_path_EGREP="$GREP -E"
4266- else
4267- if test -z "$EGREP"; then
4268- ac_path_EGREP_found=false
4269- # Loop through the user's path and test for each of PROGNAME-LIST
4270- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4271-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
4272-do
4273- IFS=$as_save_IFS
4274- test -z "$as_dir" && as_dir=.
4275- for ac_prog in egrep; do
4276- for ac_exec_ext in '' $ac_executable_extensions; do
4277- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
4278- as_fn_executable_p "$ac_path_EGREP" || continue
4279-# Check for GNU ac_path_EGREP and select it if it is found.
4280- # Check for GNU $ac_path_EGREP
4281-case `"$ac_path_EGREP" --version 2>&1` in
4282-*GNU*)
4283- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
4284-*)
4285- ac_count=0
4286- $as_echo_n 0123456789 >"conftest.in"
4287- while :
4288- do
4289- cat "conftest.in" "conftest.in" >"conftest.tmp"
4290- mv "conftest.tmp" "conftest.in"
4291- cp "conftest.in" "conftest.nl"
4292- $as_echo 'EGREP' >> "conftest.nl"
4293- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
4294- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
4295- as_fn_arith $ac_count + 1 && ac_count=$as_val
4296- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
4297- # Best one so far, save it but keep looking for a better one
4298- ac_cv_path_EGREP="$ac_path_EGREP"
4299- ac_path_EGREP_max=$ac_count
4300- fi
4301- # 10*(2^10) chars as input seems more than enough
4302- test $ac_count -gt 10 && break
4303- done
4304- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
4305-esac
4306-
4307- $ac_path_EGREP_found && break 3
4308- done
4309- done
4310- done
4311-IFS=$as_save_IFS
4312- if test -z "$ac_cv_path_EGREP"; then
4313- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
4314- fi
4315-else
4316- ac_cv_path_EGREP=$EGREP
4317-fi
4318-
4319- fi
4320-fi
4321-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
4322-$as_echo "$ac_cv_path_EGREP" >&6; }
4323- EGREP="$ac_cv_path_EGREP"
4324-
4325-
4326-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4327-/* end confdefs.h. */
4328-#include <openssl/crypto.h>
4329- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
4330- yes
4331- #endif
4332-
4333-_ACEOF
4334-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
4335- $EGREP "yes" >/dev/null 2>&1; then :
4336-
4337- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
4338-$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
4339- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
4340-$as_echo "yes" >&6; }
4341-
4342-else
4343-
4344- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
4345-$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
4346- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4347-$as_echo "no" >&6; }
4348-
4349-fail="$fail OpenSSL>=1.1.1"
4350-
4351-
4352-
4353-fi
4354-rm -f conftest*
4355-
4356-
4357-
4358- targetname=rlm_eap_teap
4359-else
4360- targetname=
4361- echo \*\*\* module rlm_eap_teap is disabled.
4362-
4363-
4364-fr_status="disabled"
4365-
4366-fi
4367-
4368-if test x"$fail" != x""; then
4369- targetname=""
4370-
4371-
4372- if test x"${enable_strict_dependencies}" = x"yes"; then
4373- as_fn_error $? "set --without-rlm_eap_teap to disable it explicitly." "$LINENO" 5
4374- else
4375-
4376- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_teap." >&5
4377-$as_echo "$as_me: WARNING: silently not building rlm_eap_teap." >&2;}
4378- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&5
4379-$as_echo "$as_me: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&2;};
4380- fail="$(echo $fail)"
4381-
4382-
4383-fr_status="skipping (requires $fail)"
4384-
4385- fr_features=
4386-
4387- fi
4388-
4389-else
4390-
4391-
4392-fr_status="OK"
4393-
4394-fi
4395-
4396-if test x"$fr_features" = x""; then
4397- $as_echo "$fr_status" > "config.report"
4398-else
4399- $as_echo_n "$fr_status ... " > "config.report"
4400- cat "config.report.tmp" >> "config.report"
4401-fi
4402-
4403-rm "config.report.tmp"
4404-
4405-
4406-
4407-
4408-
4409-
4410-
4411-ac_config_files="$ac_config_files all.mk"
4412-
4413-cat >confcache <<\_ACEOF
4414-# This file is a shell script that caches the results of configure
4415-# tests run on this system so they can be shared between configure
4416-# scripts and configure runs, see configure's option --config-cache.
4417-# It is not useful on other systems. If it contains results you don't
4418-# want to keep, you may remove or edit it.
4419-#
4420-# config.status only pays attention to the cache file if you give it
4421-# the --recheck option to rerun configure.
4422-#
4423-# `ac_cv_env_foo' variables (set or unset) will be overridden when
4424-# loading this file, other *unset* `ac_cv_foo' will be assigned the
4425-# following values.
4426-
4427-_ACEOF
4428-
4429-# The following way of writing the cache mishandles newlines in values,
4430-# but we know of no workaround that is simple, portable, and efficient.
4431-# So, we kill variables containing newlines.
4432-# Ultrix sh set writes to stderr and can't be redirected directly,
4433-# and sets the high bit in the cache file unless we assign to the vars.
4434-(
4435- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
4436- eval ac_val=\$$ac_var
4437- case $ac_val in #(
4438- *${as_nl}*)
4439- case $ac_var in #(
4440- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
4441-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
4442- esac
4443- case $ac_var in #(
4444- _ | IFS | as_nl) ;; #(
4445- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
4446- *) { eval $ac_var=; unset $ac_var;} ;;
4447- esac ;;
4448- esac
4449- done
4450-
4451- (set) 2>&1 |
4452- case $as_nl`(ac_space=' '; set) 2>&1` in #(
4453- *${as_nl}ac_space=\ *)
4454- # `set' does not quote correctly, so add quotes: double-quote
4455- # substitution turns \\\\ into \\, and sed turns \\ into \.
4456- sed -n \
4457- "s/'/'\\\\''/g;
4458- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
4459- ;; #(
4460- *)
4461- # `set' quotes correctly as required by POSIX, so do not add quotes.
4462- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
4463- ;;
4464- esac |
4465- sort
4466-) |
4467- sed '
4468- /^ac_cv_env_/b end
4469- t clear
4470- :clear
4471- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
4472- t end
4473- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
4474- :end' >>confcache
4475-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
4476- if test -w "$cache_file"; then
4477- if test "x$cache_file" != "x/dev/null"; then
4478- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
4479-$as_echo "$as_me: updating cache $cache_file" >&6;}
4480- if test ! -f "$cache_file" || test -h "$cache_file"; then
4481- cat confcache >"$cache_file"
4482- else
4483- case $cache_file in #(
4484- */* | ?:*)
4485- mv -f confcache "$cache_file"$$ &&
4486- mv -f "$cache_file"$$ "$cache_file" ;; #(
4487- *)
4488- mv -f confcache "$cache_file" ;;
4489- esac
4490- fi
4491- fi
4492- else
4493- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
4494-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
4495- fi
4496-fi
4497-rm -f confcache
4498-
4499-test "x$prefix" = xNONE && prefix=$ac_default_prefix
4500-# Let make expand exec_prefix.
4501-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
4502-
4503-# Transform confdefs.h into DEFS.
4504-# Protect against shell expansion while executing Makefile rules.
4505-# Protect against Makefile macro expansion.
4506-#
4507-# If the first sed substitution is executed (which looks for macros that
4508-# take arguments), then branch to the quote section. Otherwise,
4509-# look for a macro that doesn't take arguments.
4510-ac_script='
4511-:mline
4512-/\\$/{
4513- N
4514- s,\\\n,,
4515- b mline
4516-}
4517-t clear
4518-:clear
4519-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
4520-t quote
4521-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
4522-t quote
4523-b any
4524-:quote
4525-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
4526-s/\[/\\&/g
4527-s/\]/\\&/g
4528-s/\$/$$/g
4529-H
4530-:any
4531-${
4532- g
4533- s/^\n//
4534- s/\n/ /g
4535- p
4536-}
4537-'
4538-DEFS=`sed -n "$ac_script" confdefs.h`
4539-
4540-
4541-ac_libobjs=
4542-ac_ltlibobjs=
4543-U=
4544-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
4545- # 1. Remove the extension, and $U if already installed.
4546- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
4547- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
4548- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
4549- # will be set to the directory where LIBOBJS objects are built.
4550- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
4551- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
4552-done
4553-LIBOBJS=$ac_libobjs
4554-
4555-LTLIBOBJS=$ac_ltlibobjs
4556-
4557-
4558-
4559-: "${CONFIG_STATUS=./config.status}"
4560-ac_write_fail=0
4561-ac_clean_files_save=$ac_clean_files
4562-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
4563-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
4564-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
4565-as_write_fail=0
4566-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
4567-#! $SHELL
4568-# Generated by $as_me.
4569-# Run this file to recreate the current configuration.
4570-# Compiler output produced by configure, useful for debugging
4571-# configure, is in config.log if it exists.
4572-
4573-debug=false
4574-ac_cs_recheck=false
4575-ac_cs_silent=false
4576-
4577-SHELL=\${CONFIG_SHELL-$SHELL}
4578-export SHELL
4579-_ASEOF
4580-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
4581-## -------------------- ##
4582-## M4sh Initialization. ##
4583-## -------------------- ##
4584-
4585-# Be more Bourne compatible
4586-DUALCASE=1; export DUALCASE # for MKS sh
4587-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
4588- emulate sh
4589- NULLCMD=:
4590- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
4591- # is contrary to our usage. Disable this feature.
4592- alias -g '${1+"$@"}'='"$@"'
4593- setopt NO_GLOB_SUBST
4594-else
4595- case `(set -o) 2>/dev/null` in #(
4596- *posix*) :
4597- set -o posix ;; #(
4598- *) :
4599- ;;
4600-esac
4601-fi
4602-
4603-
4604-as_nl='
4605-'
4606-export as_nl
4607-# Printing a long string crashes Solaris 7 /usr/bin/printf.
4608-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
4609-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
4610-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
4611-# Prefer a ksh shell builtin over an external printf program on Solaris,
4612-# but without wasting forks for bash or zsh.
4613-if test -z "$BASH_VERSION$ZSH_VERSION" \
4614- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
4615- as_echo='print -r --'
4616- as_echo_n='print -rn --'
4617-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
4618- as_echo='printf %s\n'
4619- as_echo_n='printf %s'
4620-else
4621- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
4622- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
4623- as_echo_n='/usr/ucb/echo -n'
4624- else
4625- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
4626- as_echo_n_body='eval
4627- arg=$1;
4628- case $arg in #(
4629- *"$as_nl"*)
4630- expr "X$arg" : "X\\(.*\\)$as_nl";
4631- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
4632- esac;
4633- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
4634- '
4635- export as_echo_n_body
4636- as_echo_n='sh -c $as_echo_n_body as_echo'
4637- fi
4638- export as_echo_body
4639- as_echo='sh -c $as_echo_body as_echo'
4640-fi
4641-
4642-# The user is always right.
4643-if test "${PATH_SEPARATOR+set}" != set; then
4644- PATH_SEPARATOR=:
4645- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
4646- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
4647- PATH_SEPARATOR=';'
4648- }
4649-fi
4650-
4651-
4652-# IFS
4653-# We need space, tab and new line, in precisely that order. Quoting is
4654-# there to prevent editors from complaining about space-tab.
4655-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
4656-# splitting by setting IFS to empty value.)
4657-IFS=" "" $as_nl"
4658-
4659-# Find who we are. Look in the path if we contain no directory separator.
4660-as_myself=
4661-case $0 in #((
4662- *[\\/]* ) as_myself=$0 ;;
4663- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4664-for as_dir in $PATH
4665-do
4666- IFS=$as_save_IFS
4667- test -z "$as_dir" && as_dir=.
4668- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
4669- done
4670-IFS=$as_save_IFS
4671-
4672- ;;
4673-esac
4674-# We did not find ourselves, most probably we were run as `sh COMMAND'
4675-# in which case we are not to be found in the path.
4676-if test "x$as_myself" = x; then
4677- as_myself=$0
4678-fi
4679-if test ! -f "$as_myself"; then
4680- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
4681- exit 1
4682-fi
4683-
4684-# Unset variables that we do not need and which cause bugs (e.g. in
4685-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
4686-# suppresses any "Segmentation fault" message there. '((' could
4687-# trigger a bug in pdksh 5.2.14.
4688-for as_var in BASH_ENV ENV MAIL MAILPATH
4689-do eval test x\${$as_var+set} = xset \
4690- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
4691-done
4692-PS1='$ '
4693-PS2='> '
4694-PS4='+ '
4695-
4696-# NLS nuisances.
4697-LC_ALL=C
4698-export LC_ALL
4699-LANGUAGE=C
4700-export LANGUAGE
4701-
4702-# CDPATH.
4703-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
4704-
4705-
4706-# as_fn_error STATUS ERROR [LINENO LOG_FD]
4707-# ----------------------------------------
4708-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
4709-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
4710-# script with STATUS, using 1 if that was 0.
4711-as_fn_error ()
4712-{
4713- as_status=$1; test $as_status -eq 0 && as_status=1
4714- if test "$4"; then
4715- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
4716- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
4717- fi
4718- $as_echo "$as_me: error: $2" >&2
4719- as_fn_exit $as_status
4720-} # as_fn_error
4721-
4722-
4723-# as_fn_set_status STATUS
4724-# -----------------------
4725-# Set $? to STATUS, without forking.
4726-as_fn_set_status ()
4727-{
4728- return $1
4729-} # as_fn_set_status
4730-
4731-# as_fn_exit STATUS
4732-# -----------------
4733-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
4734-as_fn_exit ()
4735-{
4736- set +e
4737- as_fn_set_status $1
4738- exit $1
4739-} # as_fn_exit
4740-
4741-# as_fn_unset VAR
4742-# ---------------
4743-# Portably unset VAR.
4744-as_fn_unset ()
4745-{
4746- { eval $1=; unset $1;}
4747-}
4748-as_unset=as_fn_unset
4749-# as_fn_append VAR VALUE
4750-# ----------------------
4751-# Append the text in VALUE to the end of the definition contained in VAR. Take
4752-# advantage of any shell optimizations that allow amortized linear growth over
4753-# repeated appends, instead of the typical quadratic growth present in naive
4754-# implementations.
4755-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
4756- eval 'as_fn_append ()
4757- {
4758- eval $1+=\$2
4759- }'
4760-else
4761- as_fn_append ()
4762- {
4763- eval $1=\$$1\$2
4764- }
4765-fi # as_fn_append
4766-
4767-# as_fn_arith ARG...
4768-# ------------------
4769-# Perform arithmetic evaluation on the ARGs, and store the result in the
4770-# global $as_val. Take advantage of shells that can avoid forks. The arguments
4771-# must be portable across $(()) and expr.
4772-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
4773- eval 'as_fn_arith ()
4774- {
4775- as_val=$(( $* ))
4776- }'
4777-else
4778- as_fn_arith ()
4779- {
4780- as_val=`expr "$@" || test $? -eq 1`
4781- }
4782-fi # as_fn_arith
4783-
4784-
4785-if expr a : '\(a\)' >/dev/null 2>&1 &&
4786- test "X`expr 00001 : '.*\(...\)'`" = X001; then
4787- as_expr=expr
4788-else
4789- as_expr=false
4790-fi
4791-
4792-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
4793- as_basename=basename
4794-else
4795- as_basename=false
4796-fi
4797-
4798-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
4799- as_dirname=dirname
4800-else
4801- as_dirname=false
4802-fi
4803-
4804-as_me=`$as_basename -- "$0" ||
4805-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
4806- X"$0" : 'X\(//\)$' \| \
4807- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
4808-$as_echo X/"$0" |
4809- sed '/^.*\/\([^/][^/]*\)\/*$/{
4810- s//\1/
4811- q
4812- }
4813- /^X\/\(\/\/\)$/{
4814- s//\1/
4815- q
4816- }
4817- /^X\/\(\/\).*/{
4818- s//\1/
4819- q
4820- }
4821- s/.*/./; q'`
4822-
4823-# Avoid depending upon Character Ranges.
4824-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
4825-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
4826-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
4827-as_cr_digits='0123456789'
4828-as_cr_alnum=$as_cr_Letters$as_cr_digits
4829-
4830-ECHO_C= ECHO_N= ECHO_T=
4831-case `echo -n x` in #(((((
4832--n*)
4833- case `echo 'xy\c'` in
4834- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
4835- xy) ECHO_C='\c';;
4836- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
4837- ECHO_T=' ';;
4838- esac;;
4839-*)
4840- ECHO_N='-n';;
4841-esac
4842-
4843-rm -f conf$$ conf$$.exe conf$$.file
4844-if test -d conf$$.dir; then
4845- rm -f conf$$.dir/conf$$.file
4846-else
4847- rm -f conf$$.dir
4848- mkdir conf$$.dir 2>/dev/null
4849-fi
4850-if (echo >conf$$.file) 2>/dev/null; then
4851- if ln -s conf$$.file conf$$ 2>/dev/null; then
4852- as_ln_s='ln -s'
4853- # ... but there are two gotchas:
4854- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
4855- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
4856- # In both cases, we have to default to `cp -pR'.
4857- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
4858- as_ln_s='cp -pR'
4859- elif ln conf$$.file conf$$ 2>/dev/null; then
4860- as_ln_s=ln
4861- else
4862- as_ln_s='cp -pR'
4863- fi
4864-else
4865- as_ln_s='cp -pR'
4866-fi
4867-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
4868-rmdir conf$$.dir 2>/dev/null
4869-
4870-
4871-# as_fn_mkdir_p
4872-# -------------
4873-# Create "$as_dir" as a directory, including parents if necessary.
4874-as_fn_mkdir_p ()
4875-{
4876-
4877- case $as_dir in #(
4878- -*) as_dir=./$as_dir;;
4879- esac
4880- test -d "$as_dir" || eval $as_mkdir_p || {
4881- as_dirs=
4882- while :; do
4883- case $as_dir in #(
4884- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
4885- *) as_qdir=$as_dir;;
4886- esac
4887- as_dirs="'$as_qdir' $as_dirs"
4888- as_dir=`$as_dirname -- "$as_dir" ||
4889-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
4890- X"$as_dir" : 'X\(//\)[^/]' \| \
4891- X"$as_dir" : 'X\(//\)$' \| \
4892- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
4893-$as_echo X"$as_dir" |
4894- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
4895- s//\1/
4896- q
4897- }
4898- /^X\(\/\/\)[^/].*/{
4899- s//\1/
4900- q
4901- }
4902- /^X\(\/\/\)$/{
4903- s//\1/
4904- q
4905- }
4906- /^X\(\/\).*/{
4907- s//\1/
4908- q
4909- }
4910- s/.*/./; q'`
4911- test -d "$as_dir" && break
4912- done
4913- test -z "$as_dirs" || eval "mkdir $as_dirs"
4914- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
4915-
4916-
4917-} # as_fn_mkdir_p
4918-if mkdir -p . 2>/dev/null; then
4919- as_mkdir_p='mkdir -p "$as_dir"'
4920-else
4921- test -d ./-p && rmdir ./-p
4922- as_mkdir_p=false
4923-fi
4924-
4925-
4926-# as_fn_executable_p FILE
4927-# -----------------------
4928-# Test if FILE is an executable regular file.
4929-as_fn_executable_p ()
4930-{
4931- test -f "$1" && test -x "$1"
4932-} # as_fn_executable_p
4933-as_test_x='test -x'
4934-as_executable_p=as_fn_executable_p
4935-
4936-# Sed expression to map a string onto a valid CPP name.
4937-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
4938-
4939-# Sed expression to map a string onto a valid variable name.
4940-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
4941-
4942-
4943-exec 6>&1
4944-## ----------------------------------- ##
4945-## Main body of $CONFIG_STATUS script. ##
4946-## ----------------------------------- ##
4947-_ASEOF
4948-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
4949-
4950-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4951-# Save the log message, to keep $0 and so on meaningful, and to
4952-# report actual input values of CONFIG_FILES etc. instead of their
4953-# values after options handling.
4954-ac_log="
4955-This file was extended by $as_me, which was
4956-generated by GNU Autoconf 2.69. Invocation command line was
4957-
4958- CONFIG_FILES = $CONFIG_FILES
4959- CONFIG_HEADERS = $CONFIG_HEADERS
4960- CONFIG_LINKS = $CONFIG_LINKS
4961- CONFIG_COMMANDS = $CONFIG_COMMANDS
4962- $ $0 $@
4963-
4964-on `(hostname || uname -n) 2>/dev/null | sed 1q`
4965-"
4966-
4967-_ACEOF
4968-
4969-case $ac_config_files in *"
4970-"*) set x $ac_config_files; shift; ac_config_files=$*;;
4971-esac
4972-
4973-
4974-
4975-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4976-# Files that config.status was made for.
4977-config_files="$ac_config_files"
4978-
4979-_ACEOF
4980-
4981-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4982-ac_cs_usage="\
4983-\`$as_me' instantiates files and other configuration actions
4984-from templates according to the current configuration. Unless the files
4985-and actions are specified as TAGs, all are instantiated by default.
4986-
4987-Usage: $0 [OPTION]... [TAG]...
4988-
4989- -h, --help print this help, then exit
4990- -V, --version print version number and configuration settings, then exit
4991- --config print configuration, then exit
4992- -q, --quiet, --silent
4993- do not print progress messages
4994- -d, --debug don't remove temporary files
4995- --recheck update $as_me by reconfiguring in the same conditions
4996- --file=FILE[:TEMPLATE]
4997- instantiate the configuration file FILE
4998-
4999-Configuration files:
5000-$config_files
5001-
5002-Report bugs to the package provider."
5003-
5004-_ACEOF
5005-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5006-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
5007-ac_cs_version="\\
5008-config.status
5009-configured by $0, generated by GNU Autoconf 2.69,
5010- with options \\"\$ac_cs_config\\"
5011-
5012-Copyright (C) 2012 Free Software Foundation, Inc.
5013-This config.status script is free software; the Free Software Foundation
5014-gives unlimited permission to copy, distribute and modify it."
5015-
5016-ac_pwd='$ac_pwd'
5017-srcdir='$srcdir'
5018-test -n "\$AWK" || AWK=awk
5019-_ACEOF
5020-
5021-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5022-# The default lists apply if the user does not specify any file.
5023-ac_need_defaults=:
5024-while test $# != 0
5025-do
5026- case $1 in
5027- --*=?*)
5028- ac_option=`expr "X$1" : 'X\([^=]*\)='`
5029- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
5030- ac_shift=:
5031- ;;
5032- --*=)
5033- ac_option=`expr "X$1" : 'X\([^=]*\)='`
5034- ac_optarg=
5035- ac_shift=:
5036- ;;
5037- *)
5038- ac_option=$1
5039- ac_optarg=$2
5040- ac_shift=shift
5041- ;;
5042- esac
5043-
5044- case $ac_option in
5045- # Handling of the options.
5046- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
5047- ac_cs_recheck=: ;;
5048- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
5049- $as_echo "$ac_cs_version"; exit ;;
5050- --config | --confi | --conf | --con | --co | --c )
5051- $as_echo "$ac_cs_config"; exit ;;
5052- --debug | --debu | --deb | --de | --d | -d )
5053- debug=: ;;
5054- --file | --fil | --fi | --f )
5055- $ac_shift
5056- case $ac_optarg in
5057- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
5058- '') as_fn_error $? "missing file argument" ;;
5059- esac
5060- as_fn_append CONFIG_FILES " '$ac_optarg'"
5061- ac_need_defaults=false;;
5062- --he | --h | --help | --hel | -h )
5063- $as_echo "$ac_cs_usage"; exit ;;
5064- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
5065- | -silent | --silent | --silen | --sile | --sil | --si | --s)
5066- ac_cs_silent=: ;;
5067-
5068- # This is an error.
5069- -*) as_fn_error $? "unrecognized option: \`$1'
5070-Try \`$0 --help' for more information." ;;
5071-
5072- *) as_fn_append ac_config_targets " $1"
5073- ac_need_defaults=false ;;
5074-
5075- esac
5076- shift
5077-done
5078-
5079-ac_configure_extra_args=
5080-
5081-if $ac_cs_silent; then
5082- exec 6>/dev/null
5083- ac_configure_extra_args="$ac_configure_extra_args --silent"
5084-fi
5085-
5086-_ACEOF
5087-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5088-if \$ac_cs_recheck; then
5089- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
5090- shift
5091- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
5092- CONFIG_SHELL='$SHELL'
5093- export CONFIG_SHELL
5094- exec "\$@"
5095-fi
5096-
5097-_ACEOF
5098-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5099-exec 5>>config.log
5100-{
5101- echo
5102- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
5103-## Running $as_me. ##
5104-_ASBOX
5105- $as_echo "$ac_log"
5106-} >&5
5107-
5108-_ACEOF
5109-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5110-_ACEOF
5111-
5112-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5113-
5114-# Handling of arguments.
5115-for ac_config_target in $ac_config_targets
5116-do
5117- case $ac_config_target in
5118- "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;;
5119-
5120- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
5121- esac
5122-done
5123-
5124-
5125-# If the user did not use the arguments to specify the items to instantiate,
5126-# then the envvar interface is used. Set only those that are not.
5127-# We use the long form for the default assignment because of an extremely
5128-# bizarre bug on SunOS 4.1.3.
5129-if $ac_need_defaults; then
5130- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
5131-fi
5132-
5133-# Have a temporary directory for convenience. Make it in the build tree
5134-# simply because there is no reason against having it here, and in addition,
5135-# creating and moving files from /tmp can sometimes cause problems.
5136-# Hook for its removal unless debugging.
5137-# Note that there is a small window in which the directory will not be cleaned:
5138-# after its creation but before its name has been assigned to `$tmp'.
5139-$debug ||
5140-{
5141- tmp= ac_tmp=
5142- trap 'exit_status=$?
5143- : "${ac_tmp:=$tmp}"
5144- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
5145-' 0
5146- trap 'as_fn_exit 1' 1 2 13 15
5147-}
5148-# Create a (secure) tmp directory for tmp files.
5149-
5150-{
5151- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
5152- test -d "$tmp"
5153-} ||
5154-{
5155- tmp=./conf$$-$RANDOM
5156- (umask 077 && mkdir "$tmp")
5157-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
5158-ac_tmp=$tmp
5159-
5160-# Set up the scripts for CONFIG_FILES section.
5161-# No need to generate them if there are no CONFIG_FILES.
5162-# This happens for instance with `./config.status config.h'.
5163-if test -n "$CONFIG_FILES"; then
5164-
5165-
5166-ac_cr=`echo X | tr X '\015'`
5167-# On cygwin, bash can eat \r inside `` if the user requested igncr.
5168-# But we know of no other shell where ac_cr would be empty at this
5169-# point, so we can use a bashism as a fallback.
5170-if test "x$ac_cr" = x; then
5171- eval ac_cr=\$\'\\r\'
5172-fi
5173-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
5174-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
5175- ac_cs_awk_cr='\\r'
5176-else
5177- ac_cs_awk_cr=$ac_cr
5178-fi
5179-
5180-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
5181-_ACEOF
5182-
5183-
5184-{
5185- echo "cat >conf$$subs.awk <<_ACEOF" &&
5186- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
5187- echo "_ACEOF"
5188-} >conf$$subs.sh ||
5189- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
5190-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
5191-ac_delim='%!_!# '
5192-for ac_last_try in false false false false false :; do
5193- . ./conf$$subs.sh ||
5194- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
5195-
5196- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
5197- if test $ac_delim_n = $ac_delim_num; then
5198- break
5199- elif $ac_last_try; then
5200- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
5201- else
5202- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
5203- fi
5204-done
5205-rm -f conf$$subs.sh
5206-
5207-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5208-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
5209-_ACEOF
5210-sed -n '
5211-h
5212-s/^/S["/; s/!.*/"]=/
5213-p
5214-g
5215-s/^[^!]*!//
5216-:repl
5217-t repl
5218-s/'"$ac_delim"'$//
5219-t delim
5220-:nl
5221-h
5222-s/\(.\{148\}\)..*/\1/
5223-t more1
5224-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
5225-p
5226-n
5227-b repl
5228-:more1
5229-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
5230-p
5231-g
5232-s/.\{148\}//
5233-t nl
5234-:delim
5235-h
5236-s/\(.\{148\}\)..*/\1/
5237-t more2
5238-s/["\\]/\\&/g; s/^/"/; s/$/"/
5239-p
5240-b
5241-:more2
5242-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
5243-p
5244-g
5245-s/.\{148\}//
5246-t delim
5247-' <conf$$subs.awk | sed '
5248-/^[^""]/{
5249- N
5250- s/\n//
5251-}
5252-' >>$CONFIG_STATUS || ac_write_fail=1
5253-rm -f conf$$subs.awk
5254-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5255-_ACAWK
5256-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
5257- for (key in S) S_is_set[key] = 1
5258- FS = ""
5259-
5260-}
5261-{
5262- line = $ 0
5263- nfields = split(line, field, "@")
5264- substed = 0
5265- len = length(field[1])
5266- for (i = 2; i < nfields; i++) {
5267- key = field[i]
5268- keylen = length(key)
5269- if (S_is_set[key]) {
5270- value = S[key]
5271- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
5272- len += length(value) + length(field[++i])
5273- substed = 1
5274- } else
5275- len += 1 + keylen
5276- }
5277-
5278- print line
5279-}
5280-
5281-_ACAWK
5282-_ACEOF
5283-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5284-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
5285- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
5286-else
5287- cat
5288-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
5289- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
5290-_ACEOF
5291-
5292-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
5293-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
5294-# trailing colons and then remove the whole line if VPATH becomes empty
5295-# (actually we leave an empty line to preserve line numbers).
5296-if test "x$srcdir" = x.; then
5297- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
5298-h
5299-s///
5300-s/^/:/
5301-s/[ ]*$/:/
5302-s/:\$(srcdir):/:/g
5303-s/:\${srcdir}:/:/g
5304-s/:@srcdir@:/:/g
5305-s/^:*//
5306-s/:*$//
5307-x
5308-s/\(=[ ]*\).*/\1/
5309-G
5310-s/\n//
5311-s/^[^=]*=[ ]*$//
5312-}'
5313-fi
5314-
5315-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5316-fi # test -n "$CONFIG_FILES"
5317-
5318-
5319-eval set X " :F $CONFIG_FILES "
5320-shift
5321-for ac_tag
5322-do
5323- case $ac_tag in
5324- :[FHLC]) ac_mode=$ac_tag; continue;;
5325- esac
5326- case $ac_mode$ac_tag in
5327- :[FHL]*:*);;
5328- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
5329- :[FH]-) ac_tag=-:-;;
5330- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
5331- esac
5332- ac_save_IFS=$IFS
5333- IFS=:
5334- set x $ac_tag
5335- IFS=$ac_save_IFS
5336- shift
5337- ac_file=$1
5338- shift
5339-
5340- case $ac_mode in
5341- :L) ac_source=$1;;
5342- :[FH])
5343- ac_file_inputs=
5344- for ac_f
5345- do
5346- case $ac_f in
5347- -) ac_f="$ac_tmp/stdin";;
5348- *) # Look for the file first in the build tree, then in the source tree
5349- # (if the path is not absolute). The absolute path cannot be DOS-style,
5350- # because $ac_f cannot contain `:'.
5351- test -f "$ac_f" ||
5352- case $ac_f in
5353- [\\/$]*) false;;
5354- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
5355- esac ||
5356- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
5357- esac
5358- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
5359- as_fn_append ac_file_inputs " '$ac_f'"
5360- done
5361-
5362- # Let's still pretend it is `configure' which instantiates (i.e., don't
5363- # use $as_me), people would be surprised to read:
5364- # /* config.h. Generated by config.status. */
5365- configure_input='Generated from '`
5366- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
5367- `' by configure.'
5368- if test x"$ac_file" != x-; then
5369- configure_input="$ac_file. $configure_input"
5370- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
5371-$as_echo "$as_me: creating $ac_file" >&6;}
5372- fi
5373- # Neutralize special characters interpreted by sed in replacement strings.
5374- case $configure_input in #(
5375- *\&* | *\|* | *\\* )
5376- ac_sed_conf_input=`$as_echo "$configure_input" |
5377- sed 's/[\\\\&|]/\\\\&/g'`;; #(
5378- *) ac_sed_conf_input=$configure_input;;
5379- esac
5380-
5381- case $ac_tag in
5382- *:-:* | *:-) cat >"$ac_tmp/stdin" \
5383- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
5384- esac
5385- ;;
5386- esac
5387-
5388- ac_dir=`$as_dirname -- "$ac_file" ||
5389-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
5390- X"$ac_file" : 'X\(//\)[^/]' \| \
5391- X"$ac_file" : 'X\(//\)$' \| \
5392- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
5393-$as_echo X"$ac_file" |
5394- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
5395- s//\1/
5396- q
5397- }
5398- /^X\(\/\/\)[^/].*/{
5399- s//\1/
5400- q
5401- }
5402- /^X\(\/\/\)$/{
5403- s//\1/
5404- q
5405- }
5406- /^X\(\/\).*/{
5407- s//\1/
5408- q
5409- }
5410- s/.*/./; q'`
5411- as_dir="$ac_dir"; as_fn_mkdir_p
5412- ac_builddir=.
5413-
5414-case "$ac_dir" in
5415-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
5416-*)
5417- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
5418- # A ".." for each directory in $ac_dir_suffix.
5419- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
5420- case $ac_top_builddir_sub in
5421- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
5422- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
5423- esac ;;
5424-esac
5425-ac_abs_top_builddir=$ac_pwd
5426-ac_abs_builddir=$ac_pwd$ac_dir_suffix
5427-# for backward compatibility:
5428-ac_top_builddir=$ac_top_build_prefix
5429-
5430-case $srcdir in
5431- .) # We are building in place.
5432- ac_srcdir=.
5433- ac_top_srcdir=$ac_top_builddir_sub
5434- ac_abs_top_srcdir=$ac_pwd ;;
5435- [\\/]* | ?:[\\/]* ) # Absolute name.
5436- ac_srcdir=$srcdir$ac_dir_suffix;
5437- ac_top_srcdir=$srcdir
5438- ac_abs_top_srcdir=$srcdir ;;
5439- *) # Relative name.
5440- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
5441- ac_top_srcdir=$ac_top_build_prefix$srcdir
5442- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
5443-esac
5444-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
5445-
5446-
5447- case $ac_mode in
5448- :F)
5449- #
5450- # CONFIG_FILE
5451- #
5452-
5453-_ACEOF
5454-
5455-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5456-# If the template does not know about datarootdir, expand it.
5457-# FIXME: This hack should be removed a few years after 2.60.
5458-ac_datarootdir_hack=; ac_datarootdir_seen=
5459-ac_sed_dataroot='
5460-/datarootdir/ {
5461- p
5462- q
5463-}
5464-/@datadir@/p
5465-/@docdir@/p
5466-/@infodir@/p
5467-/@localedir@/p
5468-/@mandir@/p'
5469-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
5470-*datarootdir*) ac_datarootdir_seen=yes;;
5471-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
5472- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
5473-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
5474-_ACEOF
5475-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5476- ac_datarootdir_hack='
5477- s&@datadir@&$datadir&g
5478- s&@docdir@&$docdir&g
5479- s&@infodir@&$infodir&g
5480- s&@localedir@&$localedir&g
5481- s&@mandir@&$mandir&g
5482- s&\\\${datarootdir}&$datarootdir&g' ;;
5483-esac
5484-_ACEOF
5485-
5486-# Neutralize VPATH when `$srcdir' = `.'.
5487-# Shell code in configure.ac might set extrasub.
5488-# FIXME: do we really want to maintain this feature?
5489-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5490-ac_sed_extra="$ac_vpsub
5491-$extrasub
5492-_ACEOF
5493-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
5494-:t
5495-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
5496-s|@configure_input@|$ac_sed_conf_input|;t t
5497-s&@top_builddir@&$ac_top_builddir_sub&;t t
5498-s&@top_build_prefix@&$ac_top_build_prefix&;t t
5499-s&@srcdir@&$ac_srcdir&;t t
5500-s&@abs_srcdir@&$ac_abs_srcdir&;t t
5501-s&@top_srcdir@&$ac_top_srcdir&;t t
5502-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
5503-s&@builddir@&$ac_builddir&;t t
5504-s&@abs_builddir@&$ac_abs_builddir&;t t
5505-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
5506-$ac_datarootdir_hack
5507-"
5508-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
5509- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
5510-
5511-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
5512- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
5513- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
5514- "$ac_tmp/out"`; test -z "$ac_out"; } &&
5515- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
5516-which seems to be undefined. Please make sure it is defined" >&5
5517-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
5518-which seems to be undefined. Please make sure it is defined" >&2;}
5519-
5520- rm -f "$ac_tmp/stdin"
5521- case $ac_file in
5522- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
5523- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
5524- esac \
5525- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
5526- ;;
5527-
5528-
5529-
5530- esac
5531-
5532-done # for ac_tag
5533-
5534-
5535-as_fn_exit 0
5536-_ACEOF
5537-ac_clean_files=$ac_clean_files_save
5538-
5539-test $ac_write_fail = 0 ||
5540- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
5541-
5542-
5543-# configure is writing to config.log, and then calls config.status.
5544-# config.status does its own redirection, appending to config.log.
5545-# Unfortunately, on DOS this fails, as config.log is still kept open
5546-# by configure, so config.status won't be able to write to it; its
5547-# output is simply discarded. So we exec the FD to /dev/null,
5548-# effectively closing config.log, so it can be properly (re)opened and
5549-# appended to by config.status. When coming back to configure, we
5550-# need to make the FD available again.
5551-if test "$no_create" != yes; then
5552- ac_cs_success=:
5553- ac_config_status_args=
5554- test "$silent" = yes &&
5555- ac_config_status_args="$ac_config_status_args --quiet"
5556- exec 5>/dev/null
5557- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
5558- exec 5>>config.log
5559- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
5560- # would make configure fail if this is the last instruction.
5561- $ac_cs_success || as_fn_exit 1
5562-fi
5563-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
5564- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
5565-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
5566-fi
5567-
5568diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac b/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
5569deleted file mode 100644
5570index 6247f4c8aa..0000000000
5571--- a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
5572+++ /dev/null
5573@@ -1,86 +0,0 @@
5574-AC_PREREQ([2.69])
5575-AC_INIT
5576-AC_CONFIG_SRCDIR([rlm_eap_teap.c])
5577-AC_REVISION($Revision$)
5578-FR_INIT_MODULE([rlm_eap_teap])
5579-
5580-mod_ldflags=
5581-mod_cflags=
5582-
5583-FR_MODULE_START_TESTS
5584-
5585-dnl ############################################################
5586-dnl # Check for command line options
5587-dnl ############################################################
5588-dnl extra argument: --with-openssl-lib-dir
5589-openssl_lib_dir=
5590-AC_ARG_WITH(openssl-lib-dir,
5591- [AS_HELP_STRING([--with-openssl-lib-dir=DIR],
5592- [directory for LDAP library files])],
5593- [case "$withval" in
5594- no)
5595- AC_MSG_ERROR(Need openssl-lib-dir)
5596- ;;
5597- yes)
5598- ;;
5599- *)
5600- openssl_lib_dir="$withval"
5601- ;;
5602- esac])
5603-
5604-dnl extra argument: --with-openssl-include-dir
5605-openssl_include_dir=
5606-AC_ARG_WITH(openssl-include-dir,
5607- [AS_HELP_STRING([-with-openssl-include-dir=DIR],
5608- [directory for LDAP include files])],
5609- [case "$withval" in
5610- no)
5611- AC_MSG_ERROR(Need openssl-include-dir)
5612- ;;
5613- yes)
5614- ;;
5615- *)
5616- openssl_include_dir="$withval"
5617- ;;
5618- esac])
5619-
5620-dnl ############################################################
5621-dnl # Check for header files
5622-dnl ############################################################
5623-
5624-smart_try_dir=$openssl_include_dir
5625-FR_SMART_CHECK_INCLUDE(openssl/ec.h)
5626-if test "$ac_cv_header_openssl_ec_h" != "yes"; then
5627- FR_MODULE_FAIL([openssl/ec.h])
5628-fi
5629-
5630-smart_try_dir=$openssl_lib_dir
5631-FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new)
5632-if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
5633- FR_MODULE_FAIL([libssl])
5634-fi
5635-
5636-AC_EGREP_CPP(yes,
5637- [#include <openssl/crypto.h>
5638- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5639- yes
5640- #endif
5641- ],
5642- [
5643- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
5644- AC_MSG_RESULT(yes)
5645- ],
5646- [
5647- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
5648- AC_MSG_RESULT(no)
5649- FR_MODULE_FAIL([OpenSSL>=1.1.1])
5650- ]
5651-)
5652-
5653-FR_MODULE_END_TESTS
5654-
5655-AC_SUBST(mod_ldflags)
5656-AC_SUBST(mod_cflags)
5657-
5658-AC_CONFIG_FILES([all.mk])
5659-AC_OUTPUT
5660diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
5661deleted file mode 100644
5662index 8e372c69f3..0000000000
5663--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
5664+++ /dev/null
5665@@ -1,1817 +0,0 @@
5666-/*
5667- * eap_teap.c contains the interfaces that are called from the main handler
5668- *
5669- * Version: $Id$
5670- *
5671- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
5672- *
5673- * This software may not be redistributed in any form without the prior
5674- * written consent of Network RADIUS.
5675- *
5676- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
5677- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
5678- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
5679- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
5680- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
5681- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
5682- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
5683- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
5684- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5685- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5686- * SUCH DAMAGE.
5687- */
5688-
5689-RCSID("$Id$")
5690-
5691-#include "eap_teap.h"
5692-#include "eap_teap_crypto.h"
5693-#include <freeradius-devel/sha1.h>
5694-#include <openssl/ssl.h>
5695-#include <openssl/rand.h>
5696-
5697-#define EAPTLS_MPPE_KEY_LEN 32
5698-
5699-#define RDEBUGHEX(_label, _data, _length) \
5700-if (fr_debug_lvl > 2) {\
5701- char __buf[8192];\
5702- for (size_t i = 0; (i < (size_t) _length) && (3*i < sizeof(__buf)); i++) {\
5703- sprintf(&__buf[3*i], " %02x", (uint8_t)(_data)[i]);\
5704- }\
5705- RDEBUG2("%s - hexdump(len=%zu):%s", _label, (size_t)_length, __buf);\
5706-} while (0)
5707-
5708-#define RANDFILL(x) do { rad_assert(sizeof(x) % sizeof(uint32_t) == 0); for (size_t i = 0; i < sizeof(x); i += sizeof(uint32_t)) *((uint32_t *)&x[i]) = fr_rand(); } while(0)
5709-#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
5710-#define MIN(a,b) (((a)>(b)) ? (b) : (a))
5711-
5712-struct crypto_binding_buffer {
5713- uint16_t tlv_type;
5714- uint16_t length;
5715- eap_tlv_crypto_binding_tlv_t binding;
5716- uint8_t eap_type;
5717- uint8_t outer_tlvs[1];
5718-} CC_HINT(__packed__);
5719-#define CRYPTO_BINDING_BUFFER_INIT(_cbb) \
5720-do {\
5721- _cbb->tlv_type = htons(EAP_TEAP_TLV_MANDATORY | EAP_TEAP_TLV_CRYPTO_BINDING);\
5722- _cbb->length = htons(sizeof(struct eap_tlv_crypto_binding_tlv_t));\
5723- _cbb->eap_type = PW_EAP_TEAP;\
5724-} while (0)
5725-
5726-static struct teap_imck_t imck_zeros = { };
5727-
5728-/**
5729- * RFC 7170 EAP-TEAP Authentication Phase 1: Key Derivations
5730- */
5731-static void eap_teap_init_keys(REQUEST *request, tls_session_t *tls_session)
5732-{
5733- teap_tunnel_t *t = tls_session->opaque;
5734-
5735- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
5736- const int md_type = EVP_MD_type(md);
5737-
5738- RDEBUG3("Phase 2: Using MAC %s (%d)", OBJ_nid2sn(md_type), md_type);
5739-
5740- RDEBUG3("Phase 2: Deriving keys");
5741-
5742- rad_assert(t->received_version > -1);
5743- rad_assert(t->imckc == 0);
5744-
5745- /* S-IMCK[0] = session_key_seed (RFC7170, Section 5.1) */
5746- eaptls_gen_keys_only(request, tls_session->ssl, "EXPORTER: teap session key seed", NULL, 0, t->imck_msk.simck, sizeof(t->imck_msk.simck));
5747- memcpy(t->imck_emsk.simck, t->imck_msk.simck, sizeof(t->imck_msk.simck));
5748- RDEBUGHEX("Phase 2: S-IMCK[0]", t->imck_msk.simck, sizeof(t->imck_msk.simck));
5749-}
5750-
5751-/**
5752- * RFC 7170 EAP-TEAP Intermediate Compound Key Derivations - Section 5.2
5753- */
5754-/**
5755- * RFC 7170 - Intermediate Compound Key Derivations
5756- */
5757-static void eap_teap_derive_imck(REQUEST *request, tls_session_t *tls_session,
5758- uint8_t *msk, size_t msklen,
5759- uint8_t *emsk, size_t emsklen)
5760-{
5761- teap_tunnel_t *t = tls_session->opaque;
5762-
5763- t->imckc++;
5764- RDEBUG2("Phase 2: Calculating ICMK for round (j = %d)", t->imckc);
5765-
5766- uint8_t imsk_msk[EAP_TEAP_IMSK_LEN] = {0};
5767- uint8_t imsk_emsk[EAP_TEAP_IMSK_LEN + 32]; // +32 for EMSK overflow
5768- struct teap_imck_t imck_msk, imck_emsk;
5769-
5770- uint8_t imck_label[27] = "Inner Methods Compound Keys"; // width trims trailing \0
5771- struct iovec imck_seed[2] = {
5772- { (void *)imck_label, sizeof(imck_label) },
5773- { NULL, EAP_TEAP_IMSK_LEN }
5774- };
5775-
5776- if (msklen) {
5777- memcpy(imsk_msk, msk, MIN(msklen, EAP_TEAP_IMSK_LEN));
5778- RDEBUGHEX("Phase 2: IMSK from MSK", imsk_msk, EAP_TEAP_IMSK_LEN);
5779- } else {
5780- RDEBUGHEX("Phase 2: IMSK Zero", imsk_msk, EAP_TEAP_IMSK_LEN);
5781- }
5782- imck_seed[1].iov_base = imsk_msk;
5783- TLS_PRF(tls_session->ssl,
5784- t->imck_msk.simck, sizeof(t->imck_msk.simck),
5785- imck_seed, ARRAY_SIZE(imck_seed),
5786- (uint8_t *)&imck_msk, sizeof(imck_msk));
5787-
5788- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
5789- RDEBUGHEX("Phase 2: MSK S-IMCK[j]", imck_msk.simck, sizeof(imck_msk.simck));
5790- RDEBUGHEX("Phase 2: MSK CMK[j]", imck_msk.cmk, sizeof(imck_msk.cmk));
5791-
5792- if (emsklen) {
5793- uint8_t emsk_label[20] = "TEAPbindkey@ietf.org";
5794- uint8_t null[1] = {0};
5795- uint8_t length[2] = {0,64}; /* length of 64 bytes in two bytes in network order */
5796- struct iovec emsk_seed[] = {
5797- { (void *)emsk_label, sizeof(emsk_label) },
5798- { (void *)null, sizeof(null) },
5799- { (void *)length, sizeof(length) }
5800- };
5801-
5802- /*
5803- * IMSK[j] = First 32 octets of TLS-PRF(
5804- * EMSK[j],
5805- * "TEAPbindkey@ietf.org",
5806- * 0x00 | 0x00 | 0x40)
5807- */
5808- TLS_PRF(tls_session->ssl,
5809- emsk, emsklen,
5810- emsk_seed, ARRAY_SIZE(emsk_seed),
5811- imsk_emsk, sizeof(imsk_emsk));
5812-
5813- RDEBUGHEX("Phase 2: IMSK from EMSK", imsk_emsk, EAP_TEAP_IMSK_LEN);
5814-
5815- /*
5816- * IMCK[j] = the first 60 octets of TLS-PRF(S-IMCK[j-1],
5817- * "Inner Methods Compound Keys",
5818- * IMSK[j])
5819- */
5820- imck_seed[1].iov_base = imsk_emsk;
5821- TLS_PRF(tls_session->ssl,
5822- t->imck_emsk.simck, sizeof(t->imck_emsk.simck),
5823- imck_seed, ARRAY_SIZE(imck_seed),
5824- (uint8_t *)&imck_emsk, sizeof(imck_emsk));
5825-
5826- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
5827- RDEBUGHEX("Phase 2: EMSK S-IMCK[j]", imck_emsk.simck, sizeof(imck_emsk.simck));
5828- RDEBUGHEX("Phase 2: EMSK CMK[j]", imck_emsk.cmk, sizeof(imck_emsk.cmk));
5829-
5830- memcpy(&t->imck_emsk, &imck_emsk, sizeof(imck_emsk));
5831- }
5832-
5833- memcpy(&t->imck_msk, &imck_msk, sizeof(imck_msk));
5834-}
5835-
5836-static void eap_teap_tlv_append(tls_session_t *tls_session, int tlv, bool mandatory, int length, const void *data)
5837-{
5838- uint16_t hdr[2];
5839-
5840- hdr[0] = htons(tlv | (mandatory ? EAP_TEAP_TLV_MANDATORY : 0));
5841- hdr[1] = htons(length);
5842-
5843- tls_session->record_plus(&tls_session->clean_in, &hdr, 4);
5844- tls_session->record_plus(&tls_session->clean_in, data, length);
5845-}
5846-
5847-static void eap_teap_send_error(tls_session_t *tls_session, int error)
5848-{
5849- uint32_t value;
5850- value = htonl(error);
5851-
5852- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_ERROR, true, sizeof(value), &value);
5853-}
5854-
5855-static void eap_teap_append_identity_type(tls_session_t *tls_session, int value)
5856-{
5857- uint16_t identity;
5858- identity = htons(value);
5859- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
5860-
5861- fr_assert(value != 0);
5862- fr_assert(value <= 2);
5863-
5864- /*
5865- * If we send this, it's required.
5866- */
5867- t->auths[value].required = true;
5868- t->auths[value].sent = true;
5869-
5870- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_IDENTITY_TYPE, false, sizeof(identity), &identity);
5871-}
5872-
5873-static void eap_teap_append_result(REQUEST *request, tls_session_t *tls_session, PW_CODE code)
5874-{
5875- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
5876-
5877- int type = (t->result_final)
5878- ? EAP_TEAP_TLV_RESULT
5879- : EAP_TEAP_TLV_INTERMED_RESULT;
5880-
5881- char const *name = (t->result_final) ? "Result" : "Intermediate-Result";
5882-
5883- uint16_t state = (code == PW_CODE_ACCESS_REJECT)
5884- ? EAP_TEAP_TLV_RESULT_FAILURE
5885- : EAP_TEAP_TLV_RESULT_SUCCESS;
5886- state = htons(state);
5887-
5888- char const *state_name = (code == PW_CODE_ACCESS_REJECT) ? "Failure" : "Success";
5889-
5890- RDEBUG("Phase 2: %s = %s", name, state_name);
5891-
5892- eap_teap_tlv_append(tls_session, type, true, sizeof(state), &state);
5893-}
5894-
5895-static void eap_teap_append_eap_identity_request(REQUEST *request, tls_session_t *tls_session, eap_handler_t *eap_session)
5896-{
5897- eap_packet_raw_t eap_packet;
5898-
5899- RDEBUG("Phase 2: Sending EAP-Identity");
5900-
5901- eap_packet.code = PW_EAP_REQUEST;
5902- eap_packet.id = eap_session->eap_ds->response->id + 1;
5903- eap_packet.length[0] = 0;
5904- eap_packet.length[1] = EAP_HEADER_LEN + 1;
5905- eap_packet.data[0] = PW_EAP_IDENTITY;
5906-
5907- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, sizeof(eap_packet), &eap_packet);
5908-}
5909-
5910-/*
5911- * RFC7170 and the consequences of EID5768, EID5770 and EID5775 makes the path forward unclear,
5912- * so just do what hostapd does...which the IETF probably agree with anyway:
5913- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
5914- */
5915-static void eap_teap_append_crypto_binding(REQUEST *request, tls_session_t *tls_session,
5916- uint8_t *msk, size_t msklen,
5917- uint8_t *emsk, size_t emsklen)
5918-{
5919- teap_tunnel_t *t = tls_session->opaque;
5920- uint8_t mac_msk[EVP_MAX_MD_SIZE], mac_emsk[EVP_MAX_MD_SIZE];
5921- unsigned int maclen = EVP_MAX_MD_SIZE;
5922- uint8_t *buf;
5923- size_t olen, buflen;
5924- struct crypto_binding_buffer *cbb;
5925- uint8_t *outer_tlvs;
5926-
5927- RDEBUG("Phase 2: Sending Cryptobinding");
5928-
5929- eap_teap_derive_imck(request, tls_session, msk, msklen, emsk, emsklen);
5930-
5931- t->imck_emsk_available = emsklen > 0;
5932-
5933- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
5934- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
5935-
5936- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
5937-
5938- buf = talloc_zero_array(request, uint8_t, buflen);
5939- rad_assert(buf != NULL);
5940-
5941- cbb = (struct crypto_binding_buffer *)buf;
5942-
5943- CRYPTO_BINDING_BUFFER_INIT(cbb);
5944- cbb->binding.version = EAP_TEAP_VERSION;
5945- cbb->binding.received_version = t->received_version;
5946-
5947- cbb->binding.subtype = ((emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) << 4) | EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
5948-
5949- rad_assert(sizeof(cbb->binding.nonce) % sizeof(uint32_t) == 0);
5950- RANDFILL(cbb->binding.nonce);
5951- cbb->binding.nonce[sizeof(cbb->binding.nonce) - 1] &= ~0x01; /* RFC 7170, Section 4.2.13 */
5952-
5953- outer_tlvs = &cbb->outer_tlvs[0];
5954-
5955- if (tls_session->outer_tlvs_octets_server) {
5956- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
5957-
5958- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
5959- outer_tlvs += len;
5960- }
5961-
5962- if (tls_session->outer_tlvs_octets_peer) {
5963- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
5964-
5965- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
5966- }
5967-
5968- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
5969-
5970- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
5971- HMAC(md, &t->imck_msk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_msk, &maclen);
5972- if (t->imck_emsk_available) {
5973- HMAC(md, &t->imck_emsk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_emsk, &maclen);
5974- }
5975- memcpy(cbb->binding.msk_compound_mac, &mac_msk, sizeof(cbb->binding.msk_compound_mac));
5976- if (t->imck_emsk_available) {
5977- memcpy(cbb->binding.emsk_compound_mac, &mac_emsk, sizeof(cbb->binding.emsk_compound_mac));
5978- }
5979-
5980- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_CRYPTO_BINDING, true, sizeof(cbb->binding), (uint8_t *)&cbb->binding);
5981-}
5982-
5983-static int eap_teap_verify(REQUEST *request, tls_session_t *tls_session, uint8_t const *data, unsigned int data_len)
5984-{
5985- uint16_t attr;
5986- uint16_t length;
5987- unsigned int remaining = data_len;
5988- int total = 0;
5989- int num[EAP_TEAP_TLV_MAX] = {0};
5990- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
5991- uint32_t present = 0;
5992- uint32_t error = 0;
5993- uint16_t status = 0;
5994-
5995- rad_assert(sizeof(present) * 8 > EAP_TEAP_TLV_MAX);
5996-
5997- while (remaining > 0) {
5998- if (remaining < 4) {
5999- REDEBUG("Phase 2: Data is too small (%u) to contain a TLV header", remaining);
6000- return 0;
6001- }
6002-
6003- memcpy(&attr, data, sizeof(attr));
6004- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
6005-
6006- switch (attr) {
6007- case EAP_TEAP_TLV_RESULT:
6008- case EAP_TEAP_TLV_NAK:
6009- case EAP_TEAP_TLV_ERROR:
6010- case EAP_TEAP_TLV_VENDOR_SPECIFIC:
6011- case EAP_TEAP_TLV_EAP_PAYLOAD:
6012- case EAP_TEAP_TLV_INTERMED_RESULT:
6013- case EAP_TEAP_TLV_CRYPTO_BINDING:
6014- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
6015- num[attr]++;
6016- present |= 1 << attr;
6017-
6018- if (num[EAP_TEAP_TLV_EAP_PAYLOAD] > 1) {
6019- REDEBUG("Phase 2: Too many EAP-Payload TLVs");
6020-unexpected:
6021- for (int i = 0; i < EAP_TEAP_TLV_MAX; i++) {
6022- DICT_ATTR const *da;
6023-
6024- if (!(present & (1 << i))) continue;
6025-
6026- da = dict_attrbyvalue((i << 8) | PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
6027- if (da) {
6028- RDEBUG("Phase 2: - attribute %s is present", da->name);
6029- } else {
6030- RDEBUG("Phase 2: - attribute %d is present", i);
6031- }
6032- }
6033- eap_teap_send_error(tls_session, EAP_TEAP_ERR_UNEXPECTED_TLV);
6034- return 0;
6035- }
6036-
6037- if (num[EAP_TEAP_TLV_INTERMED_RESULT] > 1) {
6038- REDEBUG("Phase 2: Too many Intermediate-Result TLVs");
6039- goto unexpected;
6040- }
6041- break;
6042- default:
6043- if ((data[0] & 0x80) != 0) {
6044- REDEBUG("Phase 2: Unknown mandatory TLV %02x", attr);
6045- goto unexpected;
6046- }
6047-
6048- num[0]++;
6049- }
6050-
6051- total++;
6052-
6053- memcpy(&length, data + 2, sizeof(length));
6054- length = ntohs(length);
6055-
6056- data += 4;
6057- remaining -= 4;
6058-
6059- if (length > remaining) {
6060- REDEBUG2("Phase 2: TLV %u is longer than room remaining in the packet (%u > %u).", attr,
6061- length, remaining);
6062- return 0;
6063- }
6064-
6065- /*
6066- * If the rest of the TLVs are larger than
6067- * this attribute, continue.
6068- *
6069- * Otherwise, if the attribute over-flows the end
6070- * of the TLCs, die.
6071- */
6072- if (remaining < length) {
6073- REDEBUG2("Phase 2: TLV overflows packet.");
6074- return 0;
6075- }
6076-
6077- if (attr == EAP_TEAP_TLV_ERROR) {
6078- if (length != 4) goto fail_length;
6079- error = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
6080- }
6081-
6082- /*
6083- * If there's an error, we bail out of the
6084- * authentication process before allocating
6085- * memory.
6086- */
6087- if ((attr == EAP_TEAP_TLV_INTERMED_RESULT) || (attr == EAP_TEAP_TLV_RESULT)) {
6088- if (length != 2) {
6089- fail_length:
6090- REDEBUG("Phase 2: TLV %u is too short. Expected 2, got %d.", attr, length);
6091- return 0;
6092- }
6093-
6094- status = (data[0] << 8) | data[1];
6095- if (status == 0) goto unknown_value;
6096- }
6097-
6098- /*
6099- * 1 octet length + User-Name
6100- * 1 octet length + User-Password
6101- */
6102- if (attr == EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP) {
6103- uint8_t const *p = data;
6104- uint16_t vlen = length;
6105-
6106- if (vlen <= 2) {
6107- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is too short. Expected >2, got %d.", vlen);
6108- return 0;
6109- }
6110-
6111- /*
6112- * Can't be zero. We must have MORE than "1 octet length + User-Name"
6113- */
6114- if (!p[0] || ((p[0] + 1) >= vlen)) {
6115- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. User-Name field has bad lenth %u", p[0]);
6116- return 0;
6117- }
6118-
6119- vlen -= p[0] + 1;
6120- if (!vlen) {
6121- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field is missing");
6122- return 0;
6123- }
6124-
6125- p += p[0] + 1;
6126- if (!p[0] || (p[0] >= vlen)) {
6127- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field has bad lenth %u", p[0]);
6128- return 0;
6129- }
6130- }
6131-
6132- if (attr == EAP_TEAP_TLV_IDENTITY_TYPE) {
6133- if (length != 2) goto fail_length;
6134-
6135- if ((data[0] != 0) || (data[1] == 0) || (data[1] > 2)) {
6136- REDEBUG("Phase 2: Identity-Type TLV contains invalid value %02x%02x",
6137- data[0], data[1]);
6138- return 0;
6139- }
6140- }
6141-
6142- /*
6143- * Check the size of Crypto-Binding TLV, and the TEAP version.
6144- */
6145- if (attr == EAP_TEAP_TLV_CRYPTO_BINDING) {
6146- if (length != sizeof(eap_tlv_crypto_binding_tlv_t)) {
6147- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect length %u", length);
6148- return 0;
6149- }
6150-
6151- if (data[1] != EAP_TEAP_VERSION) {
6152- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect version %u", data[1]);
6153- return 0;
6154- }
6155- }
6156-
6157- /*
6158- * remaining > length, continue.
6159- */
6160- remaining -= length;
6161- data += length;
6162- }
6163-
6164- /*
6165- * Check status if we have it.
6166- */
6167- if (status) {
6168- if (status == EAP_TEAP_TLV_RESULT_FAILURE) {
6169- if (!error) {
6170- REDEBUG("Phase 2: Received Result from peer which indicates failure with error %u. Rejecting request.", error);
6171- } else {
6172- REDEBUG("Phase 2: Received Result from peer which indicates failure. Rejecting request.");
6173- }
6174- return 0;
6175- }
6176-
6177- if (status != EAP_TEAP_TLV_RESULT_SUCCESS) {
6178- unknown_value:
6179- REDEBUG("Phase 2: Received Result from peer with unknown value %u. Rejecting request.", status);
6180- goto unexpected;
6181- }
6182- }
6183-
6184- /*
6185- * Check if the peer mixed & matched TLVs.
6186- */
6187- if ((num[EAP_TEAP_TLV_NAK] > 0) && (num[EAP_TEAP_TLV_NAK] != total)) {
6188- REDEBUG("Phase 2: NAK TLV was sent along with non-NAK TLVs. Rejecting request.");
6189- goto unexpected;
6190- }
6191-
6192- /*
6193- * RFC7170 EID5844 says we can have Intermediate-Result and Result TLVs all in one
6194- */
6195-
6196- /*
6197- * Check mandatory or not mandatory TLVs.
6198- */
6199- switch (t->stage) {
6200- case TLS_SESSION_HANDSHAKE:
6201- if (present) {
6202- REDEBUG("Phase 2: Unexpected TLVs in TLS Session Handshake stage");
6203- goto unexpected;
6204- }
6205- break;
6206- case AUTHENTICATION:
6207- if (present & ~((1 << EAP_TEAP_TLV_EAP_PAYLOAD) | (1 << EAP_TEAP_TLV_CRYPTO_BINDING) | (1 << EAP_TEAP_TLV_INTERMED_RESULT) | (1 << EAP_TEAP_TLV_RESULT) | (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP))) {
6208- REDEBUG("Phase 2: Unexpected TLVs in authentication stage");
6209- goto unexpected;
6210- }
6211-
6212- /*
6213- * A password request must yield a password response.
6214- */
6215- if (t->sent_basic_password && ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
6216- REDEBUG("Phase 2: Sent Basic-Password-Auth-Req but reply does not contain Basic-Password-Auth-Resp");
6217- goto unexpected;
6218- }
6219-
6220- /*
6221- * If we have Identity-Type, the packet must also
6222- * contain either EAP-Payload or
6223- * Basic-Password-Auth-Resp.
6224- */
6225- if (((present & (1 << EAP_TEAP_TLV_IDENTITY_TYPE)) != 0) &&
6226- ((present & (1 << EAP_TEAP_TLV_EAP_PAYLOAD)) == 0) &&
6227- ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
6228- REDEBUG("Phase 2: Received Identity-Type without EAP-Payload or Basic-Password-Auth-Resp");
6229- goto unexpected;
6230- }
6231-
6232- break;
6233- case PROVISIONING:
6234- if (present & ~(1 << EAP_TEAP_TLV_RESULT)) {
6235- REDEBUG("Phase 2: Unexpected TLVs in provisioning stage");
6236- goto unexpected;
6237- }
6238- break;
6239- case COMPLETE:
6240- if (present) {
6241- REDEBUG("Phase 2: Unexpected TLVs in complete stage");
6242- goto unexpected;
6243- }
6244- break;
6245- default:
6246- REDEBUG("Phase 2: Internal error, invalid stage %d", t->stage);
6247- return 0;
6248- }
6249-
6250- /*
6251- * We got this far. It looks OK.
6252- */
6253- return 1;
6254-}
6255-
6256-static ssize_t eap_teap_decode_vp(TALLOC_CTX *request, DICT_ATTR const *parent,
6257- uint8_t const *data, size_t const attr_len, VALUE_PAIR **out)
6258-{
6259- int8_t tag = TAG_NONE;
6260- VALUE_PAIR *vp;
6261- uint8_t const *p = data;
6262-
6263- /*
6264- * FIXME: Attrlen can be larger than 253 for extended attrs!
6265- */
6266- if (!parent || !out ) {
6267- RERROR("eap_teap_decode_vp: Invalid arguments");
6268- return -1;
6269- }
6270-
6271- /*
6272- * Silently ignore zero-length attributes.
6273- */
6274- if (attr_len == 0) return 0;
6275-
6276- /*
6277- * And now that we've verified the basic type
6278- * information, decode the actual p.
6279- */
6280- vp = fr_pair_afrom_da(request, parent);
6281- if (!vp) return -1;
6282-
6283- vp->vp_length = attr_len;
6284- vp->tag = tag;
6285-
6286- switch (parent->type) {
6287- case PW_TYPE_STRING:
6288- fr_pair_value_bstrncpy(vp, p, attr_len);
6289- break;
6290-
6291- case PW_TYPE_OCTETS:
6292- fr_pair_value_memcpy(vp, p, attr_len);
6293- break;
6294-
6295- case PW_TYPE_ABINARY:
6296- if (vp->vp_length > sizeof(vp->vp_filter)) {
6297- vp->vp_length = sizeof(vp->vp_filter);
6298- }
6299- memcpy(vp->vp_filter, p, vp->vp_length);
6300- break;
6301-
6302- case PW_TYPE_BYTE:
6303- vp->vp_byte = p[0];
6304- break;
6305-
6306- case PW_TYPE_SHORT:
6307- vp->vp_short = (p[0] << 8) | p[1];
6308- break;
6309-
6310- case PW_TYPE_INTEGER:
6311- case PW_TYPE_SIGNED: /* overloaded with vp_integer */
6312- memcpy(&vp->vp_integer, p, 4);
6313- vp->vp_integer = ntohl(vp->vp_integer);
6314- break;
6315-
6316- case PW_TYPE_INTEGER64:
6317- memcpy(&vp->vp_integer64, p, 8);
6318- vp->vp_integer64 = ntohll(vp->vp_integer64);
6319- break;
6320-
6321- case PW_TYPE_DATE:
6322- memcpy(&vp->vp_date, p, 4);
6323- vp->vp_date = ntohl(vp->vp_date);
6324- break;
6325-
6326- case PW_TYPE_ETHERNET:
6327- memcpy(vp->vp_ether, p, 6);
6328- break;
6329-
6330- case PW_TYPE_IPV4_ADDR:
6331- memcpy(&vp->vp_ipaddr, p, 4);
6332- break;
6333-
6334- case PW_TYPE_IFID:
6335- memcpy(vp->vp_ifid, p, 8);
6336- break;
6337-
6338- case PW_TYPE_IPV6_ADDR:
6339- memcpy(&vp->vp_ipv6addr, p, 16);
6340- break;
6341-
6342- case PW_TYPE_IPV6_PREFIX:
6343- /*
6344- * FIXME: double-check that
6345- * (vp->vp_octets[1] >> 3) matches vp->vp_length + 2
6346- */
6347- memcpy(vp->vp_ipv6prefix, p, vp->vp_length);
6348- if (vp->vp_length < 18) {
6349- memset(((uint8_t *)vp->vp_ipv6prefix) + vp->vp_length, 0,
6350- 18 - vp->vp_length);
6351- }
6352- break;
6353-
6354- case PW_TYPE_IPV4_PREFIX:
6355- /* FIXME: do the same double-check as for IPv6Prefix */
6356- memcpy(vp->vp_ipv4prefix, p, vp->vp_length);
6357-
6358- /*
6359- * /32 means "keep all bits". Otherwise, mask
6360- * them out.
6361- */
6362- if ((p[1] & 0x3f) > 32) {
6363- uint32_t addr, mask;
6364-
6365- memcpy(&addr, vp->vp_octets + 2, sizeof(addr));
6366- mask = 1;
6367- mask <<= (32 - (p[1] & 0x3f));
6368- mask--;
6369- mask = ~mask;
6370- mask = htonl(mask);
6371- addr &= mask;
6372- memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr));
6373- }
6374- break;
6375-
6376- default:
6377- RERROR("eap_teap_decode_vp: type %d Internal sanity check %d ", parent->type, __LINE__);
6378- fr_pair_list_free(&vp);
6379- return -1;
6380- }
6381-
6382- vp->type = VT_DATA;
6383- *out = vp;
6384- return attr_len;
6385-}
6386-
6387-
6388-VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, SSL *ssl, uint8_t const *data, size_t data_len,
6389- DICT_ATTR const *teap_da, vp_cursor_t *out)
6390-{
6391- uint16_t attr;
6392- uint16_t length;
6393- size_t data_left = data_len;
6394- VALUE_PAIR *first = NULL;
6395- VALUE_PAIR *vp = NULL;
6396- DICT_ATTR const *da;
6397-
6398- if (!teap_da)
6399- teap_da = dict_attrbyvalue(PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
6400- rad_assert(teap_da != NULL);
6401-
6402- if (!out) {
6403- out = talloc(request, vp_cursor_t);
6404- rad_assert(out != NULL);
6405- fr_cursor_init(out, &first);
6406- }
6407-
6408- /*
6409- * Decode the TLVs
6410- */
6411- while (data_left > 0) {
6412- ssize_t decoded;
6413-
6414- /* FIXME do something with mandatory */
6415-
6416- memcpy(&attr, data, sizeof(attr));
6417- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
6418-
6419- memcpy(&length, data + 2, sizeof(length));
6420- length = ntohs(length);
6421-
6422- data += 4;
6423- data_left -= 4;
6424-
6425- /*
6426- * Look up the TLV.
6427- *
6428- * For now, if it doesn't exist, ignore it.
6429- */
6430- da = dict_attrbyparent(teap_da, attr, teap_da->vendor);
6431- if (!da) {
6432- RDEBUG3("Phase 2: Skipping unknown attribute %u", attr);
6433- goto next_attr;
6434- }
6435- if (da->type == PW_TYPE_TLV) {
6436- eap_teap_teap2vp(request, ssl, data, length, da, out);
6437- goto next_attr;
6438- }
6439- decoded = eap_teap_decode_vp(request, da, data, length, &vp);
6440- if (decoded < 0) {
6441- REDEBUG3("Phase 2: Failed decoding %s: %s", da->name, fr_strerror());
6442- goto next_attr;
6443- }
6444-
6445- fr_cursor_merge(out, vp);
6446-
6447- next_attr:
6448- while (fr_cursor_next(out)) {
6449- /* nothing */
6450- }
6451-
6452- data += length;
6453- data_left -= length;
6454- }
6455-
6456- /*
6457- * We got this far. It looks OK.
6458- */
6459- return first;
6460-}
6461-
6462-
6463-static void eapteap_copy_request_to_tunnel(REQUEST *request, REQUEST *fake) {
6464- VALUE_PAIR *copy, *vp;
6465- vp_cursor_t cursor;
6466-
6467- for (vp = fr_cursor_init(&cursor, &request->packet->vps);
6468- vp;
6469- vp = fr_cursor_next(&cursor)) {
6470- /*
6471- * The attribute is a server-side thingy,
6472- * don't copy it.
6473- */
6474- if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) {
6475- continue;
6476- }
6477-
6478- /*
6479- * The outside attribute is already in the
6480- * tunnel, don't copy it.
6481- *
6482- * This works for BOTH attributes which
6483- * are originally in the tunneled request,
6484- * AND attributes which are copied there
6485- * from below.
6486- */
6487- if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue;
6488-
6489- /*
6490- * Some attributes are handled specially.
6491- */
6492- if (!vp->da->vendor) switch (vp->da->attr) {
6493- /*
6494- * NEVER copy Message-Authenticator,
6495- * EAP-Message, or State. They're
6496- * only for outside of the tunnel.
6497- */
6498- case PW_USER_NAME:
6499- case PW_USER_PASSWORD:
6500- case PW_CHAP_PASSWORD:
6501- case PW_CHAP_CHALLENGE:
6502- case PW_PROXY_STATE:
6503- case PW_MESSAGE_AUTHENTICATOR:
6504- case PW_EAP_MESSAGE:
6505- case PW_STATE:
6506- continue;
6507-
6508- /*
6509- * By default, copy it over.
6510- */
6511- default:
6512- break;
6513- }
6514-
6515- /*
6516- * Don't copy from the head, we've already
6517- * checked it.
6518- */
6519- copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
6520- fr_pair_add(&fake->packet->vps, copy);
6521- }
6522-}
6523-
6524-static const char *stage_name[] = {
6525- "TLS session handshake",
6526- "Authentication",
6527- "Provisioning",
6528- "Complete"
6529-};
6530-
6531-/*
6532- * Use a reply packet to determine what to do.
6533- */
6534-static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_handler_t *eap_session,
6535- tls_session_t *tls_session,
6536- REQUEST *request, RADIUS_PACKET *reply)
6537-{
6538- rlm_rcode_t rcode = RLM_MODULE_REJECT;
6539- VALUE_PAIR *vp;
6540- vp_cursor_t cursor;
6541- uint8_t msk[2 * CHAP_VALUE_LENGTH] = {0}, emsk[2 * EAPTLS_MPPE_KEY_LEN] = {0};
6542- size_t msklen = 0, emsklen = 0;
6543- bool doing_eap;
6544-
6545- teap_tunnel_t *t = tls_session->opaque;
6546-
6547- rad_assert(eap_session->request == request);
6548-
6549- RDEBUG("Phase 2: Stage %s", stage_name[t->stage]);
6550-
6551- /*
6552- * If the response packet was Access-Accept, then
6553- * we're OK. If not, die horribly.
6554- *
6555- * FIXME: EAP-Messages can only start with 'identity',
6556- * NOT 'eap start', so we should check for that....
6557- */
6558- switch (reply->code) {
6559- case PW_CODE_ACCESS_ACCEPT:
6560- RDEBUG("Phase 2: Got tunneled Access-Accept");
6561-
6562- for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) {
6563- if (vp->da->attr == PW_EAP_EMSK) {
6564- // FIXME check if we should be generating an emsk from MPPE keys below
6565- emsklen = MIN(vp->vp_length, sizeof(emsk));
6566- memcpy(emsk, vp->vp_octets, emsklen);
6567- break;
6568- }
6569-
6570- if (vp->da->vendor != VENDORPEC_MICROSOFT) continue;
6571-
6572- /* like for EAP-FAST, the keying material is used reversed */
6573- switch (vp->da->attr) {
6574- case PW_MSCHAP_MPPE_SEND_KEY:
6575- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN) {
6576- /* do not set emsklen here so not to blat EAP-EMSK */
6577- // emsklen = sizeof(emsk);
6578- memcpy(emsk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
6579- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
6580- msklen = sizeof(msk);
6581- memcpy(msk, vp->vp_octets, CHAP_VALUE_LENGTH);
6582- } else {
6583- wrong_length:
6584- REDEBUG("Phase 2: Found %s with incorrect length. Expected %u or %u, got %zu",
6585- vp->da->name, CHAP_VALUE_LENGTH, EAPTLS_MPPE_KEY_LEN, vp->vp_length);
6586- return RLM_MODULE_INVALID;
6587- }
6588-
6589- RDEBUGHEX("Phase 2: MSCHAP-MPPE-SEND-KEY [low MSK]", vp->vp_octets, vp->length);
6590- break;
6591-
6592- case PW_MSCHAP_MPPE_RECV_KEY:
6593- /* only do this if there is no EAP-EMSK */
6594- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN && emsklen == 0) {
6595- msklen = sizeof(msk);
6596- memcpy(msk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
6597- emsklen = sizeof(emsk);
6598- memcpy(&emsk[EAPTLS_MPPE_KEY_LEN], vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
6599- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
6600- msklen = sizeof(msk);
6601- memcpy(&msk[CHAP_VALUE_LENGTH], vp->vp_octets, CHAP_VALUE_LENGTH);
6602- } else {
6603- goto wrong_length;
6604- }
6605-
6606- RDEBUGHEX("Phase 2: MSCHAP-MPPE-RECV-KEY [high MSK]", vp->vp_octets, vp->vp_length);
6607- break;
6608-
6609- case PW_MSCHAP2_SUCCESS:
6610- RDEBUG("Phase 2: Got %s, tunneling it to the client in a challenge", vp->da->name);
6611- if (t->use_tunneled_reply) {
6612- t->authenticated = true;
6613- /*
6614- * Clean up the tunneled reply.
6615- */
6616- fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
6617- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
6618- fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
6619-
6620- /*
6621- * Delete MPPE keys & encryption policy. We don't
6622- * want these here.
6623- */
6624- fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
6625- fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
6626- fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
6627- fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
6628-
6629- fr_pair_list_free(&t->accept_vps); /* for proxying MS-CHAP2 */
6630- fr_pair_list_mcopy_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
6631- rad_assert(!reply->vps);
6632- }
6633- break;
6634-
6635- default:
6636- break;
6637- }
6638- }
6639-
6640- if (t->use_tunneled_reply) {
6641- /*
6642- * Clean up the tunneled reply.
6643- */
6644- fr_pair_delete_by_num(&reply->vps, PW_EAP_EMSK, 0, TAG_ANY);
6645- fr_pair_delete_by_num(&reply->vps, PW_EAP_SESSION_ID, 0, TAG_ANY);
6646- }
6647-
6648- eap_teap_append_result(request, tls_session, reply->code);
6649- eap_teap_append_crypto_binding(request, tls_session, msk, msklen, emsk, emsklen);
6650-
6651- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
6652- if (vp) {
6653- RDEBUG("Phase 2: Continuing with Identity-Type = %s",
6654- (vp->vp_short == 1) ? "User" : "Machine");
6655-
6656- /* RFC3748, Section 2.1 - does not explictly tell us to but we need to eat the EAP-Success */
6657- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
6658-
6659- /* new identity */
6660- talloc_free(t->username);
6661- t->username = NULL;
6662-
6663- if (t->num_identities == 2) {
6664- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
6665- goto fail;
6666- }
6667-
6668- t->identity_types[t->num_identities++] = vp->vp_short;
6669-
6670- /* RFC7170, Appendix C.6 */
6671- eap_teap_append_identity_type(tls_session, vp->vp_short);
6672-
6673- if (t->default_method || t->eap_method[vp->vp_short]) {
6674- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
6675- }
6676-
6677- if (!t->auto_chain) goto challenge;
6678-
6679- if (!(t->default_method || t->eap_method[vp->vp_short])) {
6680- RDEBUG("Phase 2: No %s EAP methods configured - assuming password",
6681- (vp->vp_short == 1) ? "User" : "Machine");
6682-
6683- vp = fr_pair_afrom_num(reply, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS);
6684- if (vp) {
6685- fr_pair_add(&reply->vps, vp);
6686- } else {
6687- RERROR("Failed adding attribute &reply:FreeRADIUS-EAP-TEAP-Basic-Password-Auth-Req");
6688- goto fail;
6689- }
6690- }
6691-
6692- /*
6693- * Delete the &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type
6694- * which we found.
6695- *
6696- * If there are more than one, then the
6697- * next round will pick up the next one.
6698- */
6699- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
6700- (vp->vp_short == 1) ? "User" : "Machine");
6701- fr_pair_delete(&request->state, vp);
6702-
6703- /*
6704- * Always challenge, as we're sending EAP-Identity.
6705- */
6706- goto challenge;
6707- }
6708-
6709- if (t->auths[1].required && !t->auths[1].received) {
6710- REDEBUG("Phase 2: We required Identity-Type = User, but we did not see it - rejecting the session");
6711- goto fail;
6712- }
6713-
6714- if (t->auths[2].required && !t->auths[2].received) {
6715- REDEBUG("Phase 2: We required Identity-Type = Machine, but we did not see it - rejecting the session");
6716- goto fail;
6717- }
6718-
6719- RDEBUG("Phase 2: All inner authentications have succeeded");
6720-
6721- t->result_final = true;
6722- t->sent_basic_password = false;
6723- eap_teap_append_result(request, tls_session, reply->code);
6724-
6725- tls_session->authentication_success = true;
6726- rcode = RLM_MODULE_OK;
6727-
6728- break;
6729-
6730- case PW_CODE_ACCESS_REJECT:
6731- RDEBUG("Phase 2: Got tunneled Access-Reject");
6732-
6733- fail:
6734- eap_teap_append_result(request, tls_session, PW_CODE_ACCESS_REJECT);
6735- rcode = RLM_MODULE_REJECT;
6736- break;
6737-
6738- /*
6739- * Handle Access-Challenge, but only if we
6740- * send tunneled reply data. This is because
6741- * an Access-Challenge means that we MUST tunnel
6742- * a Reply-Message to the client.
6743- */
6744- case PW_CODE_ACCESS_CHALLENGE:
6745- RDEBUG("Phase 2: Got tunneled Access-Challenge");
6746-challenge:
6747- /*
6748- * Keep the State attribute, if necessary.
6749- *
6750- * Get rid of the old State, too.
6751- */
6752- fr_pair_list_free(&t->state);
6753- fr_pair_list_mcopy_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
6754-
6755- t->sent_basic_password = false;
6756- doing_eap = false;
6757-
6758- /*
6759- * Copy the EAP-Message back to the tunnel. Note
6760- * that there can only be one EAP-Message
6761- * attribute. The RADIUS encoder takes care of
6762- * splitting it into multiple chunks in a RADIUS
6763- * packet.
6764- *
6765- * For TEAP, we can only send one EAP-Payload TLV
6766- * in a packet.
6767- */
6768- vp = fr_pair_find_by_num(reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
6769- if (vp) {
6770- doing_eap = true;
6771- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, vp->vp_length, vp->vp_octets);
6772- }
6773-
6774- /*
6775- * When chaining, we 'goto challenge' and can use
6776- * that to now signal back to unlang that a
6777- * method has completed and we can now move to
6778- * the next
6779- */
6780- rcode = reply->code == PW_CODE_ACCESS_CHALLENGE ? RLM_MODULE_HANDLED : RLM_MODULE_OK;
6781-
6782- if (!doing_eap) {
6783- vp = fr_pair_find_by_num(reply->vps, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS, TAG_ANY);
6784- if (!vp) {
6785- RWDEBUG("Phase 2: Not configured to use EAP or passwords. Authentication will likely fail.");
6786- break;
6787- }
6788-
6789- t->sent_basic_password = true;
6790-
6791- RDEBUG("Phase 2: Sending Basic-Password-Auth-Req");
6792- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, vp->vp_length, vp->vp_strvalue);
6793- }
6794-
6795- break;
6796-
6797- default:
6798- RDEBUG("Phase 2: Unknown RADIUS packet type %d: rejecting tunneled user", reply->code);
6799- rcode = RLM_MODULE_INVALID;
6800- break;
6801- }
6802-
6803-
6804- return rcode;
6805-}
6806-
6807-static PW_CODE eap_teap_phase2(REQUEST *request, eap_handler_t *eap_session,
6808- tls_session_t *tls_session, REQUEST *fake)
6809-{
6810- PW_CODE code = PW_CODE_ACCESS_REJECT;
6811- rlm_rcode_t rcode;
6812- VALUE_PAIR *vp;
6813- teap_tunnel_t *t;
6814- int eap_method = 0;
6815-
6816- RDEBUG3("Phase 2: Processing received EAP Payload");
6817-
6818- t = (teap_tunnel_t *) tls_session->opaque;
6819-
6820- RDEBUG("Phase 2: Got tunneled request");
6821- rdebug_pair_list(L_DBG_LVL_1, request, fake->packet->vps, NULL);
6822-
6823- /*
6824- * Tell the request that it's a fake one.
6825- */
6826- fr_pair_make(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
6827-
6828- /*
6829- * No User-Name in the stored data, look for
6830- * an EAP-Identity, and pull it out of there.
6831- */
6832- if (!t->username) {
6833- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
6834- if (vp &&
6835- (vp->vp_length >= EAP_HEADER_LEN + 2) &&
6836- (vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
6837- (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) &&
6838- (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) {
6839- /*
6840- * Create & remember a User-Name
6841- */
6842- t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
6843- rad_assert(t->username != NULL);
6844-
6845- fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
6846-
6847- RDEBUG("Phase 2: Got tunneled identity of %s", t->username->vp_strvalue);
6848-
6849- } else if (!fake->username) {
6850- /*
6851- * Don't reject the request outright,
6852- * as it's permitted to do EAP without
6853- * user-name.
6854- */
6855- RWDEBUG2("Phase 2: No EAP-Identity found to start EAP conversation");
6856- }
6857- } /* else there WAS a t->username */
6858-
6859- if (t->username && !fake->username) {
6860- vp = fr_pair_list_copy(fake->packet, t->username);
6861- fr_pair_add(&fake->packet->vps, vp);
6862- fake->username = vp;
6863- }
6864-
6865- /*
6866- * Add the State attribute, too, if it exists.
6867- */
6868- if (t->state) {
6869- vp = fr_pair_list_copy(fake->packet, t->state);
6870- if (vp) fr_pair_add(&fake->packet->vps, vp);
6871- }
6872-
6873- if (t->stage == AUTHENTICATION) {
6874- VALUE_PAIR *tvp;
6875-
6876- eap_method = t->default_method;
6877-
6878- RDEBUG2("Phase 2: Authentication");
6879-
6880- /*
6881- * See which method we're doing. If we're told to do a particular kind of identity
6882- * check, AND there's not any EAP-Type already set, THEN do it.
6883- */
6884- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
6885- if (vp) {
6886- VALUE_PAIR *teap_type;
6887-
6888- t->auths[vp->vp_short].received++;
6889-
6890- /*
6891- * User auth. Prefer:
6892- * * values set by the admin for this session.
6893- * * otherwise configured in the TEAP module
6894- * * otherwise default_eap_type
6895- * * otherwise ???
6896- */
6897- if (vp->vp_short == 1) {
6898- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_USER, 0, TAG_ANY);
6899- if (teap_type) {
6900- eap_method = teap_type->vp_integer;
6901-
6902- RDEBUG("Phase 2: Setting User EAP-Type = %s from &config:TEAP-Type-User",
6903- eap_type2name(eap_method));
6904-
6905- } else if (t->eap_method[vp->vp_short]) {
6906- eap_method = t->eap_method[vp->vp_short];
6907-
6908- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration user_eap_type",
6909- eap_type2name(eap_method));
6910-
6911- } else if (eap_method) {
6912- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration default_eap_type",
6913- eap_type2name(eap_method));
6914-
6915- } else if (fake->password) {
6916- RDEBUG("Phase 2: User is not doing EAP, but instead is doing User-Password authentication");
6917-
6918- } else {
6919- RWDEBUG("Phase 2: Not setting User EAP-Type");
6920- }
6921- }
6922-
6923- if (vp->vp_short == 2) {
6924- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_MACHINE, 0, TAG_ANY);
6925- if (teap_type) {
6926- eap_method = teap_type->vp_integer;
6927-
6928- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from &config:TEAP-Type-Machine",
6929- eap_type2name(eap_method));
6930-
6931- } else if (t->eap_method[vp->vp_short]) {
6932- eap_method = t->eap_method[vp->vp_short];
6933-
6934- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from TEAP configuration machine_eap_type",
6935- eap_type2name(eap_method));
6936-
6937- } else if (eap_method) {
6938- RDEBUG("Phase 2: Using Machine EAP-Type = %s from TEAP configuration default_eap_type",
6939- eap_type2name(eap_method));
6940-
6941- } else if (fake->password) {
6942- RDEBUG("Phase 2: Machine is not doing EAP, but instead is doing User-Password authentication");
6943-
6944- } else {
6945- RWDEBUG("Phase 2: Not setting Machine EAP-Type");
6946- }
6947- }
6948- }
6949-
6950- if (eap_method) {
6951- /*
6952- * RFC 7170 - Authenticating Using EAP-TEAP-MSCHAPv2
6953- */
6954- if (eap_method == PW_EAP_MSCHAPV2 && t->mode == EAP_TEAP_PROVISIONING_ANON) {
6955- tvp = fr_pair_afrom_num(fake, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT);
6956- //fr_pair_value_memcpy(tvp, t->keyblock->server_challenge, CHAP_VALUE_LENGTH);
6957- fr_pair_add(&fake->config, tvp);
6958-
6959- tvp = fr_pair_afrom_num(fake, PW_MS_CHAP_PEER_CHALLENGE, 0);
6960- //fr_pair_value_memcpy(tvp, t->keyblock->client_challenge, CHAP_VALUE_LENGTH);
6961- fr_pair_add(&fake->config, tvp);
6962- }
6963-
6964- /*
6965- * Set the configuration to force a particular EAP-Type.
6966- */
6967- RDEBUG("Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = %s", eap_type2name(eap_method));
6968- vp = fr_pair_afrom_num(fake, PW_EAP_TYPE, 0);
6969- if (vp) {
6970- fr_pair_add(&fake->config, vp);
6971- vp->vp_integer = eap_method;
6972- }
6973-
6974- } else if (!fake->password) {
6975- RWDEBUG("Phase 2: No explicit EAP-Type set.");
6976- } else {
6977- /* else it's User-Password authentication */
6978- }
6979- }
6980-
6981- if (t->copy_request_to_tunnel) {
6982- eapteap_copy_request_to_tunnel(request, fake);
6983- }
6984-
6985- if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
6986- fake->server = vp->vp_strvalue;
6987-
6988- } else if (t->virtual_server) {
6989- fake->server = t->virtual_server;
6990-
6991- } /* else fake->server == request->server */
6992-
6993- /*
6994- * Call authentication recursively, which will
6995- * do PAP, CHAP, MS-CHAP, etc.
6996- */
6997- rad_virtual_server(fake);
6998-
6999- /*
7000- * Decide what to do with the reply.
7001- */
7002- switch (fake->reply->code) {
7003- case 0:
7004- vp = fr_pair_find_by_num(fake->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
7005- if (vp && (vp->vp_integer == PW_CODE_ACCESS_CHALLENGE)) {
7006- fake->reply->code = PW_CODE_ACCESS_CHALLENGE;
7007- goto do_reply;
7008- }
7009-
7010- RDEBUG("Phase 2: No tunneled reply was found, rejecting the user.");
7011- code = PW_CODE_ACCESS_REJECT;
7012- break;
7013-
7014- default:
7015- do_reply:
7016- /*
7017- * Returns RLM_MODULE_FOO, and we want to return PW_FOO
7018- */
7019- rcode = process_reply(eap_session, tls_session, request, fake->reply);
7020- switch (rcode) {
7021- case RLM_MODULE_REJECT:
7022- code = PW_CODE_ACCESS_REJECT;
7023- break;
7024-
7025- case RLM_MODULE_HANDLED:
7026- code = PW_CODE_ACCESS_CHALLENGE;
7027- break;
7028-
7029- case RLM_MODULE_OK:
7030- code = PW_CODE_ACCESS_ACCEPT;
7031- break;
7032-
7033- default:
7034- code = PW_CODE_ACCESS_REJECT;
7035- break;
7036- }
7037- break;
7038- }
7039-
7040- return code;
7041-}
7042-
7043-static PW_CODE eap_teap_crypto_binding(REQUEST *request, UNUSED eap_handler_t *eap_session,
7044- tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t const *binding)
7045-{
7046- teap_tunnel_t *t = tls_session->opaque;
7047- uint8_t *buf;
7048- size_t olen, buflen;
7049- struct crypto_binding_buffer *cbb;
7050- uint8_t mac[EVP_MAX_MD_SIZE];
7051- unsigned int maclen = sizeof(mac);
7052- unsigned int flags;
7053- struct teap_imck_t *imck = NULL;
7054- uint8_t *outer_tlvs;
7055-
7056- /*
7057- * @todo - put crypto binding calculations into a common function,
7058- */
7059- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
7060- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
7061-
7062- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
7063-
7064- buf = talloc_zero_array(request, uint8_t, buflen);
7065- rad_assert(buf != NULL);
7066-
7067- cbb = (struct crypto_binding_buffer *)buf;
7068-
7069- /*
7070- * binding->version is what they are using.
7071- * binding->received_version is what they got from us.
7072- */
7073- if (binding->version != t->received_version || binding->received_version != EAP_TEAP_VERSION) {
7074- RDEBUG2("Phase 2: Crypto-Binding TLV version mis-match (possible downgrade attack!)");
7075- RDEBUG2("Phase 2: Expected client to send %d, got %d. We sent %d, they echoed back %d",
7076- t->received_version, binding->version,
7077- EAP_TEAP_VERSION, binding->received_version);
7078- return PW_CODE_ACCESS_REJECT;
7079- }
7080- if ((binding->subtype & 0xf) != EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE) {
7081- RDEBUG2("Phase 2: Crypto-Binding TLV contains unexpected response");
7082- return PW_CODE_ACCESS_REJECT;
7083- }
7084- flags = binding->subtype >> 4;
7085-
7086- CRYPTO_BINDING_BUFFER_INIT(cbb);
7087- memcpy(&cbb->binding, binding, sizeof(cbb->binding) - sizeof(cbb->binding.emsk_compound_mac) - sizeof(cbb->binding.msk_compound_mac));
7088-
7089- outer_tlvs = &cbb->outer_tlvs[0];
7090-
7091- if (tls_session->outer_tlvs_octets_server) {
7092- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
7093-
7094- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
7095- outer_tlvs += len;
7096- }
7097-
7098- if (tls_session->outer_tlvs_octets_peer) {
7099- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
7100-
7101- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
7102- }
7103-
7104- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
7105-
7106- /*
7107- * we carry forward the S-IMCK[j] based on what we verified for session key generation
7108- *
7109- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
7110- * https://github.com/emu-wg/teap-errata/pull/13
7111- */
7112- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
7113-
7114- /*
7115- * We verify cryptobinding MSK and EMSK, but we prefer
7116- * EMSK for the later IMCK deriviation.
7117- */
7118- if ((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) != 0) {
7119- HMAC(md, &t->imck_msk.cmk, sizeof(t->imck_msk.cmk), buf, buflen, mac, &maclen);
7120- if (memcmp(binding->msk_compound_mac, mac, sizeof(binding->msk_compound_mac))) {
7121- RDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match");
7122- return PW_CODE_ACCESS_REJECT;
7123- }
7124- imck = &t->imck_msk;
7125- }
7126-
7127- if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && t->imck_emsk_available) {
7128- HMAC(md, &t->imck_emsk.cmk, sizeof(t->imck_emsk.cmk), buf, buflen, mac, &maclen);
7129- if (memcmp(binding->emsk_compound_mac, mac, sizeof(binding->emsk_compound_mac))) {
7130- RDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match");
7131- return PW_CODE_ACCESS_REJECT;
7132- }
7133-
7134- RDEBUG3("Phase 2: Using all EMSK for ICMK");
7135- imck = &t->imck_emsk;
7136-
7137- } else if (imck) {
7138- RDEBUG3("Phase 2: Using all MSK for ICMK");
7139-
7140- } else {
7141- RDEBUG3("Phase 2: Using all zeroes for ICMK");
7142- imck = &imck_zeros;
7143- }
7144-
7145- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
7146- RDEBUGHEX("Phase 2: S-IMCK[j]", imck->simck, sizeof(imck->simck));
7147-
7148- uint8_t mk_msk_label[31] = "Session Key Generating Function";
7149-
7150- struct iovec mk_msk_seed[1] = {
7151- { (void *)mk_msk_label, sizeof(mk_msk_label) }
7152- };
7153- TLS_PRF(tls_session->ssl,
7154- imck->simck, sizeof(imck->simck),
7155- mk_msk_seed, ARRAY_SIZE(mk_msk_seed),
7156- (uint8_t *)&t->msk, sizeof(t->msk));
7157- RDEBUGHEX("Phase 2: Derived key (MSK)", t->msk, sizeof(t->msk));
7158-
7159- uint8_t mk_emsk_label[40] = "Extended Session Key Generating Function";
7160- struct iovec mk_emsk_seed[1] = {
7161- { (void *)mk_emsk_label, sizeof(mk_emsk_label) }
7162- };
7163- TLS_PRF(tls_session->ssl,
7164- imck->simck, sizeof(imck->simck),
7165- mk_emsk_seed, ARRAY_SIZE(mk_emsk_seed),
7166- (uint8_t *)&t->emsk, sizeof(t->emsk));
7167- RDEBUGHEX("Phase 2: Derived key (EMSK)", t->emsk, sizeof(t->emsk));
7168-
7169- return PW_CODE_ACCESS_ACCEPT;
7170-}
7171-
7172-
7173-static PW_CODE eap_teap_process_tlvs(REQUEST *request, eap_handler_t *eap_session,
7174- tls_session_t *tls_session, VALUE_PAIR *teap_vps)
7175-{
7176- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
7177- VALUE_PAIR *vp, *copy;
7178- vp_cursor_t cursor;
7179- PW_CODE code = PW_CODE_ACCESS_ACCEPT;
7180- uint8_t const *p;
7181- bool gotintermedresult = false, gotresult = false, gotcryptobinding = false;
7182- REQUEST *fake;
7183-
7184- /*
7185- * Allocate a fake REQUEST structure.
7186- */
7187- fake = request_alloc_fake(request);
7188- rad_assert(!fake->packet->vps);
7189-
7190- fake->eap_inner_tunnel = true;
7191-
7192- for (vp = fr_cursor_init(&cursor, &teap_vps); vp; vp = fr_cursor_next(&cursor)) {
7193- char *value;
7194- DICT_ATTR const *parent_da = NULL;
7195- VALUE_PAIR *vp_config;
7196-
7197- parent_da = dict_parent(vp->da->attr, vp->da->vendor);
7198- if (parent_da == NULL || vp->da->vendor != VENDORPEC_FREERADIUS ||
7199- ((vp->da->attr & 0xff) != PW_FREERADIUS_EAP_TEAP_TLV)) {
7200- continue;
7201- }
7202-
7203- switch (parent_da->attr) {
7204- case PW_FREERADIUS_EAP_TEAP_TLV:
7205- switch (vp->da->attr >> 8) {
7206- case EAP_TEAP_TLV_IDENTITY_TYPE:
7207- vp_config = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
7208- if (vp_config && (vp_config->vp_short != vp->vp_short)) {
7209- RWDEBUG("We requested &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %s",
7210- (vp_config->vp_short == 1) ? "User" : "Machine");
7211- RWDEBUG("But the supplicant returned FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %u",
7212- vp->vp_short);
7213- RWDEBUG("Authentication will likely fail.");
7214- }
7215-
7216- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
7217- break;
7218-
7219- /*
7220- * Copy EAP-Payload to EAP-Message
7221- */
7222- case EAP_TEAP_TLV_EAP_PAYLOAD:
7223- copy = fr_pair_afrom_num(fake->packet, PW_EAP_MESSAGE, 0);
7224- fr_pair_value_memcpy(copy, vp->vp_octets, vp->vp_length);
7225- fr_pair_add(&fake->packet->vps, copy);
7226- break;
7227-
7228- /*
7229- * We copy the full attribute, even if the administrator
7230- * isn't ever going to use it. The existence of the attribute
7231- * is a signal that we have a password response, and not an EAP-Message.
7232- */
7233- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
7234- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
7235-
7236- p = vp->vp_octets;
7237-
7238- copy = fr_pair_afrom_num(fake->packet, PW_USER_NAME, 0);
7239- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
7240- fr_pair_add(&fake->packet->vps, copy);
7241- fake->username = copy;
7242-
7243- p += p[0] + 1;
7244-
7245- copy = fr_pair_afrom_num(fake->packet, PW_USER_PASSWORD, 0);
7246- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
7247- fr_pair_add(&fake->packet->vps, copy);
7248- fake->password = copy;
7249- break;
7250-
7251- /*
7252- * The rest of the TEAP
7253- * attributes are signalling, and
7254- * aren't needed by the inner-tunnel virtual server.
7255- */
7256- case EAP_TEAP_TLV_RESULT:
7257- gotresult = true;
7258- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
7259- REDEBUG("Phase 2: Peer sent Result = Failure - rejecting the session");
7260- code = PW_CODE_ACCESS_REJECT;
7261- }
7262- break;
7263-
7264- case EAP_TEAP_TLV_INTERMED_RESULT:
7265- gotintermedresult = true;
7266- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
7267- REDEBUG("Phase 2: Peer sent Intermediate-Result = Failure - rejecting the session");
7268- code = PW_CODE_ACCESS_REJECT;
7269- }
7270- break;
7271-
7272- case EAP_TEAP_TLV_CRYPTO_BINDING:
7273- gotcryptobinding = true;
7274-
7275- code = eap_teap_crypto_binding(request, eap_session, tls_session,
7276- (eap_tlv_crypto_binding_tlv_t const *)vp->vp_octets);
7277- break;
7278-
7279- default:
7280- value = vp_aprints_value(request->packet, vp, '"');
7281- RDEBUG2("Ignoring unknown attribute %s", value);
7282- talloc_free(value);
7283- }
7284- break;
7285-
7286- default:
7287- value = vp_aprints(request->packet, vp, '"');
7288- RDEBUG2("Ignoring TEAP TLV %s", value);
7289- talloc_free(value);
7290- }
7291-
7292- if (code == PW_CODE_ACCESS_REJECT) {
7293- talloc_free(fake);
7294- return PW_CODE_ACCESS_REJECT;
7295- }
7296- }
7297-
7298- /*
7299- * Move to the provisioning stage only if we have a final result.
7300- */
7301- if ((t->stage == AUTHENTICATION) && t->result_final) {
7302- if (gotcryptobinding && gotintermedresult) t->stage = PROVISIONING;
7303- /* rollback if we have an EAP sequence (chaining) */
7304- if (t->stage == PROVISIONING && !gotresult && vp) t->stage = AUTHENTICATION;
7305- }
7306-
7307- if (t->stage == PROVISIONING) {
7308- if (gotcryptobinding && gotresult) t->stage = COMPLETE;
7309- }
7310-
7311- if (t->stage == COMPLETE) {
7312- if (!gotcryptobinding) {
7313- RWDEBUG("Phase 2: Peer did not send Crypto-Binding - rejecting");
7314- talloc_free(fake);
7315- return PW_CODE_ACCESS_REJECT;
7316- }
7317-
7318- if (!gotresult) {
7319- RWDEBUG("Phase 2: Peer did not send Result - rejecting");
7320- talloc_free(fake);
7321- return PW_CODE_ACCESS_REJECT;
7322- }
7323-
7324- } else {
7325- code = eap_teap_phase2(request, eap_session, tls_session, fake);
7326- }
7327-
7328- talloc_free(fake);
7329- return code;
7330-}
7331-
7332-
7333-static void print_tunneled_data(uint8_t const *data, size_t data_len)
7334-{
7335- size_t i;
7336-
7337- DEBUG2(" TEAP tunnel data total %zu", data_len);
7338-
7339- if ((rad_debug_lvl > 2) && fr_log_fp) {
7340- for (i = 0; i < data_len; i++) {
7341- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TEAP tunnel data in %02x: ", (int) i);
7342-
7343- fprintf(fr_log_fp, "%02x ", data[i]);
7344-
7345- if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
7346- }
7347- if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n");
7348- }
7349-}
7350-
7351-
7352-/*
7353- * Process the inner tunnel data
7354- */
7355-PW_CODE eap_teap_process(eap_handler_t *eap_session, tls_session_t *tls_session)
7356-{
7357- PW_CODE code;
7358- VALUE_PAIR *teap_vps, *vp;
7359- uint8_t const *data;
7360- size_t data_len;
7361- teap_tunnel_t *t;
7362- REQUEST *request = eap_session->request;
7363-
7364- /*
7365- * Just look at the buffer directly, without doing
7366- * record_to_buff.
7367- */
7368- data_len = tls_session->clean_out.used;
7369- tls_session->clean_out.used = 0;
7370- data = tls_session->clean_out.data;
7371-
7372- t = (teap_tunnel_t *) tls_session->opaque;
7373-
7374- if (rad_debug_lvl > 2) print_tunneled_data(data, data_len);
7375-
7376- /*
7377- * See if the tunneled data is well formed.
7378- */
7379- if (!eap_teap_verify(request, tls_session, data, data_len)) return PW_CODE_ACCESS_REJECT;
7380-
7381- if (t->stage == TLS_SESSION_HANDSHAKE) {
7382- rad_assert(t->mode == EAP_TEAP_UNKNOWN);
7383-
7384- char buf[256];
7385- if (strstr(SSL_CIPHER_description(SSL_get_current_cipher(tls_session->ssl),
7386- buf, sizeof(buf)), "Au=None")) {
7387- /* FIXME enforce MSCHAPv2 - RFC 7170 */
7388- RDEBUG2("Phase 2: Using anonymous provisioning");
7389- t->mode = EAP_TEAP_PROVISIONING_ANON;
7390- } else {
7391- if (SSL_session_reused(tls_session->ssl)) {
7392- RDEBUG("Phase 2: Outer session was resumed");
7393- t->mode = EAP_TEAP_NORMAL_AUTH;
7394- } else {
7395- RDEBUG2("Phase 2: Using authenticated provisioning");
7396- t->mode = EAP_TEAP_PROVISIONING_AUTH;
7397- }
7398- }
7399-
7400- eap_teap_init_keys(request, tls_session);
7401-
7402-
7403- /* RFC7170, Appendix C.6 */
7404- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
7405- if (vp) {
7406- RDEBUG("Phase 2: Sending Identity-Type = %s", (vp->vp_short == 1) ? "User" : "Machine");
7407- eap_teap_append_identity_type(tls_session, vp->vp_short);
7408-
7409- if (t->num_identities == 2) {
7410- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
7411- goto fail;
7412- }
7413-
7414- t->identity_types[t->num_identities++] = vp->vp_short;
7415-
7416- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
7417- (vp->vp_short == 1) ? "User" : "Machine");
7418- fr_pair_delete(&request->state, vp);
7419- }
7420-
7421- /*
7422- * We always start off with an EAP-Identity-Request.
7423- */
7424- if (t->default_method || (vp && t->eap_method[vp->vp_short])) {
7425- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
7426- } else {
7427- RDEBUG("Phase 2: No %s EAP method configured - sending Basic-Password-Auth-Req = \"\"",
7428- !vp ? "" : (vp->vp_short == 1) ? "User" : "Machine");
7429- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, 0, "");
7430- }
7431-
7432- t->stage = AUTHENTICATION;
7433-
7434- tls_handshake_send(request, tls_session);
7435-
7436- return PW_CODE_ACCESS_CHALLENGE;
7437- }
7438-
7439- teap_vps = eap_teap_teap2vp(request, tls_session->ssl, data, data_len, NULL, NULL);
7440-
7441- RDEBUG("Phase 2: Got Tunneled TEAP TLVs");
7442- rdebug_pair_list(L_DBG_LVL_1, request, teap_vps, NULL);
7443-
7444- code = eap_teap_process_tlvs(request, eap_session, tls_session, teap_vps);
7445-
7446- fr_pair_list_free(&teap_vps);
7447-
7448- if (code == PW_CODE_ACCESS_REJECT) return PW_CODE_ACCESS_REJECT;
7449-
7450- switch (t->stage) {
7451- case AUTHENTICATION:
7452- code = PW_CODE_ACCESS_CHALLENGE;
7453- break;
7454-
7455- case PROVISIONING:
7456- if (!t->result_final) {
7457- t->result_final = true;
7458- eap_teap_append_result(request, tls_session, code);
7459- }
7460- /* FALL-THROUGH */
7461-
7462- case COMPLETE:
7463- /*
7464- * TEAP wants to use it's own MSK, so boo to eap_tls_gen_mppe_keys()
7465- */
7466- eap_add_reply(request, "MS-MPPE-Recv-Key", t->msk, EAPTLS_MPPE_KEY_LEN);
7467- eap_add_reply(request, "MS-MPPE-Send-Key", &t->msk[EAPTLS_MPPE_KEY_LEN], EAPTLS_MPPE_KEY_LEN);
7468- eap_add_reply(request, "EAP-MSK", t->msk, sizeof(t->msk));
7469- eap_add_reply(request, "EAP-EMSK", t->emsk, sizeof(t->emsk));
7470-
7471- break;
7472-
7473- default:
7474- RERROR("Internal sanity check failed in EAP-TEAP at %d", t->stage);
7475- fail:
7476- code = PW_CODE_ACCESS_REJECT;
7477- }
7478-
7479- tls_handshake_send(request, tls_session);
7480-
7481- return code;
7482-}
7483diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
7484deleted file mode 100644
7485index 59f7835a26..0000000000
7486--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
7487+++ /dev/null
7488@@ -1,176 +0,0 @@
7489-/*
7490- * eap_teap.h
7491- *
7492- * Version: $Id$
7493- *
7494- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
7495- *
7496- * This software may not be redistributed in any form without the prior
7497- * written consent of Network RADIUS.
7498- *
7499- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
7500- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7501- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
7502- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
7503- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
7504- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
7505- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7506- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
7507- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
7508- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
7509- * SUCH DAMAGE.
7510- */
7511-#ifndef _EAP_TEAP_H
7512-#define _EAP_TEAP_H
7513-
7514-RCSIDH(eap_teap_h, "$Id$")
7515-
7516-#include "eap_tls.h"
7517-
7518-#define EAP_TEAP_VERSION 1
7519-
7520-#define EAP_TEAP_MSK_LEN 64
7521-#define EAP_TEAP_EMSK_LEN 64
7522-#define EAP_TEAP_IMSK_LEN 32
7523-#define EAP_TEAP_SKS_LEN 40
7524-#define EAP_TEAP_SIMCK_LEN 40
7525-#define EAP_TEAP_CMK_LEN 20
7526-
7527-#define EAP_TEAP_TLV_MANDATORY 0x8000
7528-#define EAP_TEAP_TLV_TYPE 0x3fff
7529-
7530-#define EAP_TEAP_ERR_TUNNEL_COMPROMISED 2001
7531-#define EAP_TEAP_ERR_UNEXPECTED_TLV 2002
7532-
7533-/* intermediate result values also match */
7534-#define EAP_TEAP_TLV_RESULT_SUCCESS 1
7535-#define EAP_TEAP_TLV_RESULT_FAILURE 2
7536-
7537-#define EAP_TEAP_IDENTITY_TYPE_USER 1
7538-#define EAP_TEAP_IDENTITY_TYPE_MACHINE 2
7539-
7540-#define PW_EAP_TEAP_TLV_IDENTITY_TYPE (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_IDENTITY_TYPE << 8))
7541-#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ << 8))
7542-#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP << 8))
7543-
7544-typedef enum eap_teap_stage_t {
7545- TLS_SESSION_HANDSHAKE = 0,
7546- AUTHENTICATION,
7547- PROVISIONING,
7548- COMPLETE
7549-} eap_teap_stage_t;
7550-
7551-typedef enum eap_teap_auth_type {
7552- EAP_TEAP_UNKNOWN = 0,
7553- EAP_TEAP_PROVISIONING_ANON,
7554- EAP_TEAP_PROVISIONING_AUTH,
7555- EAP_TEAP_NORMAL_AUTH
7556-} eap_teap_auth_type_t;
7557-
7558-/* RFC 7170, Section 4.2.13 - Crypto-Binding TLV */
7559-typedef struct eap_tlv_crypto_binding_tlv_t {
7560- uint8_t reserved;
7561- uint8_t version;
7562- uint8_t received_version;
7563- uint8_t subtype; /* Flags[4b] and Sub-Type[4b] */
7564- uint8_t nonce[32];
7565- uint8_t emsk_compound_mac[20];
7566- uint8_t msk_compound_mac[20];
7567-} CC_HINT(__packed__) eap_tlv_crypto_binding_tlv_t;
7568-
7569-typedef enum eap_teap_tlv_type_t {
7570- EAP_TEAP_TLV_RESERVED_0 = 0, // 0
7571- EAP_TEAP_TLV_AUTHORITY, // 1
7572- EAP_TEAP_TLV_IDENTITY_TYPE, // 2
7573- EAP_TEAP_TLV_RESULT, // 3
7574- EAP_TEAP_TLV_NAK, // 4
7575- EAP_TEAP_TLV_ERROR, // 5
7576- EAP_TEAP_TLV_CHANNEL_BINDING, // 6
7577- EAP_TEAP_TLV_VENDOR_SPECIFIC, // 7
7578- EAP_TEAP_TLV_REQUEST_ACTION, // 8
7579- EAP_TEAP_TLV_EAP_PAYLOAD, // 9
7580- EAP_TEAP_TLV_INTERMED_RESULT, // 10
7581- EAP_TEAP_TLV_PAC, // 11
7582- EAP_TEAP_TLV_CRYPTO_BINDING, // 12
7583- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, // 13
7584- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP, // 14
7585- EAP_TEAP_TLV_PKCS7, // 15
7586- EAP_TEAP_TLV_PKCS10, // 16
7587- EAP_TEAP_TLV_TRUSTED_ROOT, // 17
7588- EAP_TEAP_TLV_MAX
7589-} eap_teap_tlv_type_t;
7590-
7591-typedef enum eap_teap_tlv_crypto_binding_tlv_flags_t {
7592- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK = 1, // 1
7593- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK, // 2
7594- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH // 3
7595-} eap_teap_tlv_crypto_binding_tlv_flags_t;
7596-
7597-typedef enum eap_teap_tlv_crypto_binding_tlv_subtype_t {
7598- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST = 0, // 0
7599- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE // 1
7600-} eap_teap_tlv_crypto_binding_tlv_subtype_t;
7601-
7602-typedef struct teap_imck_t {
7603- uint8_t simck[EAP_TEAP_SIMCK_LEN];
7604- uint8_t cmk[EAP_TEAP_CMK_LEN];
7605-} CC_HINT(__packed__) teap_imck_t;
7606-
7607-typedef struct {
7608- bool required;
7609- bool sent;
7610- uint8_t received;
7611-} teap_auth_t;
7612-
7613-typedef struct teap_tunnel_t {
7614- VALUE_PAIR *username;
7615- VALUE_PAIR *state;
7616- VALUE_PAIR *accept_vps;
7617- bool copy_request_to_tunnel;
7618- bool use_tunneled_reply;
7619-
7620- bool authenticated;
7621- int received_version;
7622-
7623- int mode;
7624- eap_teap_stage_t stage;
7625-
7626- int num_identities;
7627- uint16_t identity_types[2];
7628-
7629- teap_auth_t auths[3]; /* so we can index by Identity-Type */
7630-
7631- int imckc;
7632- bool imck_emsk_available;
7633- struct teap_imck_t imck_msk;
7634- struct teap_imck_t imck_emsk;
7635-
7636- uint8_t msk[EAP_TEAP_MSK_LEN];
7637- uint8_t emsk[EAP_TEAP_EMSK_LEN];
7638-
7639- int default_method;
7640- int eap_method[3];
7641-
7642- bool result_final;
7643- bool auto_chain; //!< do we automatically chain identities
7644- bool sent_basic_password;
7645-
7646-#ifdef WITH_PROXY
7647- bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated
7648- //!< protocol.
7649-#endif
7650- char const *virtual_server;
7651-} teap_tunnel_t;
7652-
7653-/*
7654- * Process the TEAP portion of an EAP-TEAP request.
7655- */
7656-PW_CODE eap_teap_process(eap_handler_t *handler, tls_session_t *tls_session) CC_HINT(nonnull);
7657-
7658-/*
7659- * A bunch of EAP-TEAP helper functions.
7660- */
7661-VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, UNUSED SSL *ssl, uint8_t const *data,
7662- size_t data_len, DICT_ATTR const *teap_da, vp_cursor_t *out);
7663-
7664-#endif /* _EAP_TEAP_H */
7665diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
7666deleted file mode 100644
7667index 17f49f9dfc..0000000000
7668--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
7669+++ /dev/null
7670@@ -1,198 +0,0 @@
7671-/*
7672- * teap-crypto.c Cryptographic functions for EAP-TEAP.
7673- *
7674- * Version: $Id$
7675- *
7676- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
7677- *
7678- * This software may not be redistributed in any form without the prior
7679- * written consent of Network RADIUS.
7680- *
7681- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
7682- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7683- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
7684- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
7685- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
7686- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
7687- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7688- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
7689- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
7690- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
7691- * SUCH DAMAGE.
7692- */
7693-
7694-RCSID("$Id$")
7695-USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
7696-
7697-#include <stdio.h>
7698-#include <freeradius-devel/libradius.h>
7699-
7700-#include <openssl/evp.h>
7701-#include <openssl/aes.h>
7702-#include <openssl/err.h>
7703-
7704-#include "eap_teap_crypto.h"
7705-
7706-# define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log
7707-
7708-static void debug_errors(void)
7709-{
7710- unsigned long errCode;
7711-
7712- while((errCode = ERR_get_error())) {
7713- char *err = ERR_error_string(errCode, NULL);
7714- DEBUG("EAP-TEAP error in OpenSSL - %s", err);
7715- }
7716-}
7717-
7718-// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
7719-int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
7720- uint8_t const *aad, size_t aad_len,
7721- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
7722- uint8_t *tag)
7723-{
7724- EVP_CIPHER_CTX *ctx;
7725-
7726- int len;
7727-
7728- int ciphertext_len;
7729-
7730-
7731- /* Create and initialise the context */
7732- if (!(ctx = EVP_CIPHER_CTX_new())) {
7733- debug_errors();
7734- return -1;
7735- };
7736-
7737- /* Initialise the encryption operation. */
7738- if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
7739- debug_errors();
7740- return -1;
7741- };
7742-
7743- /* Set IV length if default 12 bytes (96 bits) is not appropriate */
7744- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
7745- debug_errors();
7746- return -1;
7747- };
7748-
7749- /* Initialise key and IV */
7750- if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
7751- debug_errors();
7752- return -1;
7753- };
7754-
7755- /* Provide any AAD data. This can be called zero or more times as
7756- * required
7757- */
7758- if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
7759- debug_errors();
7760- return -1;
7761- };
7762-
7763- /* Provide the message to be encrypted, and obtain the encrypted output.
7764- * EVP_EncryptUpdate can be called multiple times if necessary
7765- */
7766- if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
7767- debug_errors();
7768- return -1;
7769- };
7770- ciphertext_len = len;
7771-
7772- /* Finalise the encryption. Normally ciphertext bytes may be written at
7773- * this stage, but this does not occur in GCM mode
7774- */
7775- if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
7776- debug_errors();
7777- return -1;
7778- };
7779- ciphertext_len += len;
7780-
7781- /* Get the tag */
7782- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
7783- debug_errors();
7784- return -1;
7785- };
7786-
7787- /* Clean up */
7788- EVP_CIPHER_CTX_free(ctx);
7789-
7790- return ciphertext_len;
7791-}
7792-
7793-int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
7794- uint8_t const *aad, size_t aad_len,
7795- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext)
7796-{
7797- EVP_CIPHER_CTX *ctx;
7798- int len;
7799- int plaintext_len;
7800- int ret;
7801-
7802- /* Create and initialise the context */
7803- if (!(ctx = EVP_CIPHER_CTX_new())) {
7804- debug_errors();
7805- return -1;
7806- };
7807-
7808- /* Initialise the decryption operation. */
7809- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
7810- debug_errors();
7811- return -1;
7812- };
7813-
7814- /* Set IV length. Not necessary if this is 12 bytes (96 bits) */
7815- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
7816- debug_errors();
7817- return -1;
7818- };
7819-
7820- /* Initialise key and IV */
7821- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
7822- debug_errors();
7823- return -1;
7824- };
7825-
7826- /* Provide any AAD data. This can be called zero or more times as
7827- * required
7828- */
7829- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) {
7830- debug_errors();
7831- return -1;
7832- };
7833-
7834- /* Provide the message to be decrypted, and obtain the plaintext output.
7835- * EVP_DecryptUpdate can be called multiple times if necessary
7836- */
7837- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
7838- debug_errors();
7839- return -1;
7840- };
7841- plaintext_len = len;
7842-
7843- {
7844- unsigned char *tmp;
7845-
7846- memcpy(&tmp, &tag, sizeof(tmp));
7847-
7848- /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
7849- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) {
7850- debug_errors();
7851- return -1;
7852- };
7853- }
7854-
7855- /* Finalise the decryption. A positive return value indicates success,
7856- * anything else is a failure - the plaintext is not trustworthy.
7857- */
7858- ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
7859-
7860- /* Clean up */
7861- EVP_CIPHER_CTX_free(ctx);
7862-
7863- if (ret < 0) return -1;
7864-
7865- /* Success */
7866- plaintext_len += len;
7867- return plaintext_len;
7868-}
7869diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
7870deleted file mode 100644
7871index b02f2b9083..0000000000
7872--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
7873+++ /dev/null
7874@@ -1,39 +0,0 @@
7875-/*
7876- * eap_teap_crypto.h
7877- *
7878- * Version: $Id$
7879- *
7880- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
7881- *
7882- * This software may not be redistributed in any form without the prior
7883- * written consent of Network RADIUS.
7884- *
7885- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
7886- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7887- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
7888- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
7889- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
7890- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
7891- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7892- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
7893- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
7894- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
7895- * SUCH DAMAGE.
7896- */
7897-
7898-#ifndef _EAP_TEAP_CRYPTO_H
7899-#define _EAP_TEAP_CRYPTO_H
7900-
7901-RCSIDH(eap_teap_crypto_h, "$Id$")
7902-
7903-
7904-int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
7905- uint8_t const *aad, size_t aad_len,
7906- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
7907- uint8_t *tag);
7908-
7909-int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
7910- uint8_t const *aad, size_t aad_len,
7911- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext);
7912-
7913-#endif /* _EAP_TEAP_CRYPTO_H */
7914diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
7915deleted file mode 100644
7916index f2e2cc3d40..0000000000
7917--- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
7918+++ /dev/null
7919@@ -1,569 +0,0 @@
7920-/*
7921- * rlm_eap_teap.c contains the interfaces that are called from eap
7922- *
7923- * Version: $Id$
7924- *
7925- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
7926- *
7927- * This software may not be redistributed in any form without the prior
7928- * written consent of Network RADIUS.
7929- *
7930- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
7931- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7932- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
7933- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
7934- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
7935- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
7936- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7937- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
7938- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
7939- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
7940- * SUCH DAMAGE.
7941- */
7942-
7943-RCSID("$Id$")
7944-USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
7945-
7946-#include "eap_teap.h"
7947-
7948-typedef struct rlm_eap_teap_t {
7949- /*
7950- * TLS configuration
7951- */
7952- char const *tls_conf_name;
7953- fr_tls_server_conf_t *tls_conf;
7954-
7955- /*
7956- * Default tunneled EAP type
7957- */
7958- char const *default_method_name;
7959- int default_method;
7960-
7961- /*
7962- * User tunneled EAP type
7963- */
7964- char const *user_method_name;
7965-
7966- /*
7967- * Machine tunneled EAP type
7968- */
7969- char const *machine_method_name;
7970-
7971- int eap_method[3];
7972-
7973-
7974- /*
7975- * Use the reply attributes from the tunneled session in
7976- * the non-tunneled reply to the client.
7977- */
7978- bool use_tunneled_reply;
7979-
7980- /*
7981- * Use SOME of the request attributes from outside of the
7982- * tunneled session in the tunneled request
7983- */
7984- bool copy_request_to_tunnel;
7985-
7986- /*
7987- * Do we do require a client cert?
7988- */
7989- bool req_client_cert;
7990-
7991- char const *authority_identity;
7992-
7993- uint16_t identity_type[2];
7994-
7995- char const *identity_type_name;
7996-
7997- /*
7998- * Virtual server for inner tunnel session.
7999- */
8000- char const *virtual_server;
8001-} rlm_eap_teap_t;
8002-
8003-
8004-static CONF_PARSER module_config[] = {
8005- { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, tls_conf_name), NULL },
8006- { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, default_method_name), .dflt = "" },
8007- { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, copy_request_to_tunnel), "no" },
8008- { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, use_tunneled_reply), "no" },
8009- { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, req_client_cert), "no" },
8010- { "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_teap_t, authority_identity), NULL },
8011- { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, virtual_server), NULL },
8012- { "identity_types", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, identity_type_name), NULL },
8013-
8014- { "user_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, user_method_name), .dflt = "" },
8015- { "machine_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, machine_method_name), .dflt = "" },
8016- CONF_PARSER_TERMINATOR
8017-};
8018-
8019-static const bool allowed[PW_EAP_MAX_TYPES] = {
8020- [PW_EAP_SIM] = true,
8021- [PW_EAP_TLS] = true,
8022- [PW_EAP_MSCHAPV2] = true,
8023- [PW_EAP_PWD] = true,
8024-};
8025-
8026-/*
8027- * Attach the module.
8028- */
8029-static int mod_instantiate(CONF_SECTION *cs, void **instance)
8030-{
8031- rlm_eap_teap_t *inst;
8032-
8033- *instance = inst = talloc_zero(cs, rlm_eap_teap_t);
8034- if (!inst) return -1;
8035-
8036- /*
8037- * Parse the configuration attributes.
8038- */
8039- if (cf_section_parse(cs, inst, module_config) < 0) {
8040- return -1;
8041- }
8042-
8043- if (!inst->virtual_server) {
8044- ERROR("rlm_eap_teap: A 'virtual_server' MUST be defined for security");
8045- return -1;
8046- }
8047-
8048- /*
8049- * Convert the name to an integer, to make it easier to
8050- * handle.
8051- */
8052- if (inst->default_method_name && *inst->default_method_name) {
8053- inst->default_method = eap_name2type(inst->default_method_name);
8054- if (inst->default_method < 0) {
8055- ERROR("rlm_eap_teap: Unknown EAP type %s",
8056- inst->default_method_name);
8057- return -1;
8058- }
8059- }
8060-
8061- /*
8062- * @todo - allow a special value like 'basic-password', which
8063- * means that we propose the Basic-Password-Auth-Req TLV during Phase 2.
8064- *
8065- * @todo - and then also track the username across
8066- * multiple rounds, including some kind of State which
8067- * can be used to signal where we are in the negotiation
8068- * process.
8069- */
8070- if (inst->user_method_name && *inst->user_method_name) {
8071- int method = eap_name2type(inst->user_method_name);
8072-
8073- if (method < 0) {
8074- ERROR("rlm_eap_teap: Unknown User EAP type %s",
8075- inst->user_method_name);
8076- return -1;
8077- }
8078-
8079- if (!allowed[method]) {
8080- ERROR("rlm_eap_teap: Invalid User EAP type %s",
8081- inst->user_method_name);
8082- return -1;
8083- }
8084-
8085- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_USER] = method;
8086- }
8087-
8088- if (inst->machine_method_name && *inst->machine_method_name) {
8089- int method;
8090-
8091- method = eap_name2type(inst->machine_method_name);
8092- if (method < 0) {
8093- ERROR("rlm_eap_teap: Unknown Machine EAP type %s",
8094- inst->machine_method_name);
8095- return -1;
8096- }
8097-
8098- if (!allowed[method]) {
8099- ERROR("rlm_eap_teap: Invalid Machine EAP type %s",
8100- inst->machine_method_name);
8101- return -1;
8102- }
8103-
8104- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_MACHINE] = method;
8105- }
8106-
8107- /*
8108- * Read tls configuration, either from group given by 'tls'
8109- * option, or from the eap-tls configuration.
8110- */
8111- inst->tls_conf = eaptls_conf_parse(cs, "tls");
8112-
8113- if (!inst->tls_conf) {
8114- ERROR("rlm_eap_teap: Failed initializing SSL context");
8115- return -1;
8116- }
8117-
8118- /*
8119- * Parse default identities
8120- */
8121- if (inst->identity_type_name) {
8122- char const *p;
8123- int i;
8124-
8125- p = inst->identity_type_name;
8126- i = 0;
8127-
8128- while (*p) {
8129- while (isspace((uint8_t) *p)) p++;
8130-
8131- if (strncasecmp(p, "user", 4) == 0) {
8132- inst->identity_type[i] = 1;
8133- p += 4;
8134-
8135- } else if (strncasecmp(p, "machine", 7) == 0) {
8136- inst->identity_type[i] = 2;
8137- p += 7;
8138-
8139- } else {
8140- invalid_identity:
8141- cf_log_err_cs(cs, "Invalid value in identity_types = '%s' at %s",
8142- inst->identity_type_name, p);
8143- return -1;
8144- }
8145-
8146- i++;
8147-
8148- while (isspace((uint8_t) *p)) p++;
8149-
8150- /*
8151- * We only support two things.
8152- */
8153- if ((i == 2) && *p) goto invalid_identity;
8154-
8155- if (!*p) break;
8156-
8157- if (*p != ',') goto invalid_identity;
8158-
8159- p++;
8160- }
8161- }
8162-
8163- return 0;
8164-}
8165-
8166-/*
8167- * Allocate the TEAP per-session data
8168- */
8169-static teap_tunnel_t *teap_alloc(TALLOC_CTX *ctx, rlm_eap_teap_t *inst)
8170-{
8171- teap_tunnel_t *t;
8172-
8173- t = talloc_zero(ctx, teap_tunnel_t);
8174-
8175- t->received_version = -1;
8176- t->default_method = inst->default_method;
8177- memcpy(&t->eap_method, &inst->eap_method, sizeof(t->eap_method));
8178- t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
8179- t->use_tunneled_reply = inst->use_tunneled_reply;
8180- t->virtual_server = inst->virtual_server;
8181- return t;
8182-}
8183-
8184-
8185-/*
8186- * Send an initial eap-tls request to the peer, using the libeap functions.
8187- */
8188-static int mod_session_init(void *type_arg, eap_handler_t *handler)
8189-{
8190- int status;
8191- tls_session_t *ssn;
8192- rlm_eap_teap_t *inst;
8193- VALUE_PAIR *vp;
8194- bool client_cert;
8195- REQUEST *request = handler->request;
8196-
8197- inst = type_arg;
8198-
8199- handler->tls = true;
8200-
8201- if (request->parent) {
8202- RWDEBUG("----------------------------------------------------------------------");
8203- RWDEBUG("You have configured TEAP to run inside of TEAP. THIS WILL NOT WORK.");
8204- RWDEBUG("Supported inner methods for TEAP are EAP-TLS, EAP-MSCHAPv2, and PAP.");
8205- RWDEBUG("Other methods may work, but are not actively supported.");
8206- RWDEBUG("----------------------------------------------------------------------");
8207- }
8208-
8209- /*
8210- * Check if we need a client certificate.
8211- */
8212-
8213- /*
8214- * EAP-TLS-Require-Client-Cert attribute will override
8215- * the require_client_cert configuration option.
8216- */
8217- vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
8218- if (vp) {
8219- client_cert = vp->vp_integer ? true : false;
8220- } else {
8221- client_cert = inst->req_client_cert;
8222- }
8223-
8224- /*
8225- * Disallow TLS 1.3 for now.
8226- */
8227- ssn = eaptls_session(handler, inst->tls_conf, client_cert, false);
8228- if (!ssn) {
8229- return 0;
8230- }
8231-
8232- handler->opaque = ((void *)ssn);
8233-
8234- /*
8235- * As TEAP is a unique special snowflake and wants to use its
8236- * own rolling MSK for MPPE we we set the label to NULL so in that
8237- * eaptls_gen_mppe_keys() is NOT called in eaptls_success.
8238- */
8239- ssn->label = NULL;
8240-
8241- /*
8242- * Really just protocol version.
8243- */
8244- ssn->peap_flag = EAP_TEAP_VERSION;
8245-
8246- /*
8247- * hostapd's wpa_supplicant gets upset if we include all the
8248- * S+L+O flags but is happy with S+O (TLS payload is zero bytes
8249- * for S anyway) - FIXME not true for early-data TLSv1.3!
8250- */
8251- ssn->length_flag = false;
8252-
8253- vp = fr_pair_make(ssn, NULL, "FreeRADIUS-EAP-TEAP-Authority-ID", inst->authority_identity, T_OP_EQ);
8254- fr_pair_add(&ssn->outer_tlvs_server, vp);
8255-
8256- /*
8257- * Be nice about identity types.
8258- */
8259- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
8260- if (vp) {
8261- RDEBUG("Found &session-state:FreeRADIUS-EAP-TEAP-Identity-Type, not setting from configuration");
8262-
8263- } else if (!inst->identity_type[0]) {
8264- RWDEBUG("No &session-state:FreeRADIUS-EAP-TEAP-Identity-Type was found.");
8265- RWDEBUG("No 'identity_types' was set in the configuration. TEAP will likely not work.");
8266-
8267- } else {
8268- teap_tunnel_t *t;
8269-
8270- fr_assert(ssn->opaque == NULL);
8271-
8272- ssn->opaque = teap_alloc(ssn, inst);
8273- t = (teap_tunnel_t *) ssn->opaque;
8274-
8275- /*
8276- * We automatically add &session-state:FreeRADIUS-EAP-TEAP-Identity-Type
8277- * to control the flow.
8278- */
8279- t->auto_chain = true;
8280-
8281- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_SET);
8282- if (vp) {
8283- vp->vp_short = inst->identity_type[0];
8284- RDEBUG("Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = %s",
8285- (vp->vp_short == 1) ? "User" : "Machine");
8286-
8287- t->auths[vp->vp_short].required = true;
8288- }
8289-
8290- if (inst->identity_type[1]) {
8291- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_ADD);
8292- if (vp) {
8293- vp->vp_short = inst->identity_type[1];
8294- RDEBUG("Followed by &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
8295- (vp->vp_short == 1) ? "User" : "Machine");
8296-
8297- t->auths[vp->vp_short].required = true;
8298- }
8299- }
8300- }
8301-
8302- /*
8303- * TLS session initialization is over. Now handle TLS
8304- * related handshaking or application data.
8305- */
8306- status = eaptls_request(handler->eap_ds, ssn, true);
8307- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
8308- REDEBUG("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
8309- } else {
8310- RDEBUG3("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
8311- }
8312- if (status == 0) return 0;
8313-
8314- /*
8315- * The next stage to process the packet.
8316- */
8317- handler->stage = PROCESS;
8318-
8319- return 1;
8320-}
8321-
8322-
8323-/*
8324- * Do authentication, by letting EAP-TLS do most of the work.
8325- */
8326-static int mod_process(void *arg, eap_handler_t *handler)
8327-{
8328- int rcode;
8329- int ret = 0;
8330- fr_tls_status_t status;
8331- rlm_eap_teap_t *inst = (rlm_eap_teap_t *) arg;
8332- tls_session_t *tls_session = (tls_session_t *) handler->opaque;
8333- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
8334- REQUEST *request = handler->request;
8335-
8336- RDEBUG2("Authenticate");
8337-
8338- /*
8339- * Process TLS layer until done.
8340- */
8341- status = eaptls_process(handler);
8342- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
8343- REDEBUG("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
8344- } else {
8345- RDEBUG3("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
8346- }
8347-
8348- /*
8349- * Make request available to any SSL callbacks
8350- */
8351- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request);
8352- switch (status) {
8353- /*
8354- * EAP-TLS handshake was successful, tell the
8355- * client to keep talking.
8356- *
8357- * If this was EAP-TLS, we would just return
8358- * an EAP-TLS-Success packet here.
8359- */
8360- case FR_TLS_SUCCESS:
8361- if (SSL_session_reused(tls_session->ssl)) {
8362- RDEBUG("Skipping Phase2 due to session resumption");
8363- goto do_keys;
8364- }
8365-
8366- if (t && t->authenticated) {
8367- if (t->accept_vps) {
8368- RDEBUG2("Using saved attributes from the original Access-Accept");
8369- rdebug_pair_list(L_DBG_LVL_2, request, t->accept_vps, NULL);
8370- fr_pair_list_mcopy_by_num(handler->request->reply,
8371- &handler->request->reply->vps,
8372- &t->accept_vps, 0, 0, TAG_ANY);
8373- } else if (t->use_tunneled_reply) {
8374- RDEBUG2("No saved attributes in the original Access-Accept");
8375- }
8376-
8377- do_keys:
8378- /*
8379- * Success: Automatically return MPPE keys.
8380- */
8381- ret = eaptls_success(handler, 0);
8382- goto done;
8383- }
8384- goto phase2;
8385-
8386- /*
8387- * The TLS code is still working on the TLS
8388- * exchange, and it's a valid TLS request.
8389- * do nothing.
8390- */
8391- case FR_TLS_HANDLED:
8392- ret = 1;
8393- goto done;
8394-
8395- /*
8396- * Handshake is done, proceed with decoding tunneled
8397- * data.
8398- */
8399- case FR_TLS_OK:
8400- break;
8401-
8402- /*
8403- * Anything else: fail.
8404- */
8405- default:
8406- ret = 0;
8407- goto done;
8408- }
8409-
8410-phase2:
8411- /*
8412- * Session is established, proceed with decoding
8413- * tunneled data.
8414- */
8415- RDEBUG2("Session established. Proceeding to decode tunneled attributes");
8416-
8417- /*
8418- * We may need TEAP data associated with the session, so
8419- * allocate it here, if it wasn't already alloacted.
8420- */
8421- if (!tls_session->opaque) {
8422- tls_session->opaque = teap_alloc(tls_session, inst);
8423- t = (teap_tunnel_t *) tls_session->opaque;
8424- }
8425-
8426- if (t->received_version < 0) {
8427- t->received_version = handler->eap_ds->response->type.data[0] & 0x07;
8428-
8429- /*
8430- * We only support TEAPv1.
8431- */
8432- if (t->received_version != EAP_TEAP_VERSION) {
8433- RDEBUG("Invalid TEAP version received. Expected 1, got %u", t->received_version);
8434- goto fail;
8435- }
8436- }
8437-
8438- /*
8439- * Process the TEAP portion of the request.
8440- */
8441- rcode = eap_teap_process(handler, tls_session);
8442- switch (rcode) {
8443- case PW_CODE_ACCESS_REJECT:
8444- fail:
8445- eaptls_fail(handler, 0);
8446- ret = 0;
8447- goto done;
8448-
8449- /*
8450- * Access-Challenge, continue tunneled conversation.
8451- */
8452- case PW_CODE_ACCESS_CHALLENGE:
8453- eaptls_request(handler->eap_ds, tls_session, false);
8454- ret = 1;
8455- goto done;
8456-
8457- /*
8458- * Success: Automatically return MPPE keys.
8459- */
8460- case PW_CODE_ACCESS_ACCEPT:
8461- goto do_keys;
8462-
8463- default:
8464- break;
8465- }
8466-
8467- /*
8468- * Something we don't understand: Reject it.
8469- */
8470- eaptls_fail(handler, 0);
8471-
8472-done:
8473- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL);
8474-
8475- return ret;
8476-}
8477-
8478-/*
8479- * The module name should be the only globally exported symbol.
8480- * That is, everything else should be 'static'.
8481- */
8482-extern rlm_eap_module_t rlm_eap_teap;
8483-rlm_eap_module_t rlm_eap_teap = {
8484- .name = "eap_teap",
8485- .instantiate = mod_instantiate, /* Create new submodule instance */
8486- .session_init = mod_session_init, /* Initialise a new EAP session */
8487- .process = mod_process /* Process next round of EAP method */
8488-};
8489--
84902.34.1
8491
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
index ef98d7285d..d3c34e1d93 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
@@ -13,6 +13,8 @@ LICENSE = "GPL-2.0-only & LGPL-2.0-or-later"
13LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a" 13LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a"
14DEPENDS = "openssl-native openssl libidn libtool libpcap libtalloc" 14DEPENDS = "openssl-native openssl libidn libtool libpcap libtalloc"
15 15
16PATCHTOOL = "git"
17
16SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0;;protocol=https \ 18SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0;;protocol=https \
17 file://freeradius \ 19 file://freeradius \
18 file://volatiles.58_radiusd \ 20 file://volatiles.58_radiusd \
@@ -36,6 +38,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
36 file://0016-version.c-don-t-print-build-flags.patch \ 38 file://0016-version.c-don-t-print-build-flags.patch \
37 file://0017-Add-acinclude.m4-to-include-required-macros.patch \ 39 file://0017-Add-acinclude.m4-to-include-required-macros.patch \
38 file://0018-Fix-Service-start-error.patch \ 40 file://0018-Fix-Service-start-error.patch \
41 file://0019-freeradius-Remove-files-which-have-license-issues.patch \
39" 42"
40 43
41raddbdir = "${sysconfdir}/${MLPREFIX}raddb" 44raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
@@ -81,6 +84,7 @@ EXTRA_OECONF = " --enable-strict-dependencies \
81 --without-rlm_securid \ 84 --without-rlm_securid \
82 --without-rlm_unbound \ 85 --without-rlm_unbound \
83 --without-rlm_python \ 86 --without-rlm_python \
87 --without-rlm_eap_teap \
84 ac_cv_path_PERL=${bindir}/perl \ 88 ac_cv_path_PERL=${bindir}/perl \
85 ax_cv_cc_builtin_choose_expr=no \ 89 ax_cv_cc_builtin_choose_expr=no \
86 ax_cv_cc_builtin_types_compatible_p=no \ 90 ax_cv_cc_builtin_types_compatible_p=no \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-27 07:35:57 +0000