From: Tobias Brunner Date: Fri, 14 Sep 2018 12:41:36 +0000 (+0200) Subject: testing: Remove TNC@FHH dependencies and scenarios that rely on them X-Git-Tag: 5.7.2dr4~18^2~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2fbe44bef3f098fcbe4f833a32316c12796045ce;p=thirdparty%2Fstrongswan.git testing: Remove TNC@FHH dependencies and scenarios that rely on them While we could continue to use FreeRADIUS 2.x that branch is officially EOL. So instead of investing time and effort in updating/migrating the patches to FreeRADIUS 3.x (the module changed quite significantly as it relies solely on the naeap library in that release), for a protocol that is superseded anyway, we just remove these scenarios and the dependencies. Actually, the complete rlm_eap_tnc module will be removed with FreeRADIUS 4.0. --- diff --git a/testing/do-tests b/testing/do-tests index 52d0d70eb6..8c471c128b 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -695,15 +695,10 @@ do $TESTRESULTDIR/${host}.$file > /dev/null 2>&1 done - scp $SSHCONF $HOSTLOGIN:/etc/strongswan.conf \ - $TESTRESULTDIR/${host}.strongswan.conf > /dev/null 2>&1 scp $SSHCONF $HOSTLOGIN:/var/log/freeradius/radius.log \ $TESTRESULTDIR/${host}.radius.log > /dev/null 2>&1 - ssh $SSHCONF $HOSTLOGIN grep imcv /var/log/daemon.log \ - >> $TESTRESULTDIR/${host}.daemon.log 2>/dev/null - chmod a+r $TESTRESULTDIR/* cat >> $TESTRESULTDIR/index.html <<@EOF

$host

@@ -713,14 +708,12 @@ do diff --git a/testing/hosts/alice/etc/freeradius/dictionary b/testing/hosts/alice/etc/freeradius/dictionary index 59a874b3e9..4c2c7ebb4d 100644 --- a/testing/hosts/alice/etc/freeradius/dictionary +++ b/testing/hosts/alice/etc/freeradius/dictionary @@ -11,7 +11,7 @@ # # The filename given here should be an absolute path. # -$INCLUDE /usr/local/share/freeradius/dictionary +$INCLUDE /usr/share/freeradius/dictionary # # Place additional attributes or $INCLUDEs here. They will diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index 93fe04ef82..406d4093f6 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -34,7 +34,7 @@ stretch) *) echo_warn "Package list for '$BASEIMGSUITE' might has to be updated" esac -SERVICES="apache2 dbus isc-dhcp-server slapd bind9" +SERVICES="apache2 dbus isc-dhcp-server slapd bind9 freeradius" INC=$INC,${SERVICES// /,} CACHEDIR=$BUILDDIR/cache diff --git a/testing/scripts/recipes/001_libtnc.mk b/testing/scripts/recipes/001_libtnc.mk deleted file mode 100644 index b835958b75..0000000000 --- a/testing/scripts/recipes/001_libtnc.mk +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/make - -PV = 1.25 -PKG = libtnc-$(PV) -TAR = $(PKG).tar.gz -SRC = http://downloads.sourceforge.net/project/libtnc/libtnc/$(PV)/$(TAR) - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = \ - --sysconfdir=/etc - -all: install - -$(TAR): - wget $(SRC) - -.$(PKG)-unpacked: $(TAR) - tar xfz $(TAR) - @touch $@ - -.$(PKG)-configured: .$(PKG)-unpacked - cd $(PKG) && ./configure $(CONFIG_OPTS) - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG) && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG) && make install diff --git a/testing/scripts/recipes/002_tnc-fhh.mk b/testing/scripts/recipes/002_tnc-fhh.mk deleted file mode 100644 index d4ed4f99c2..0000000000 --- a/testing/scripts/recipes/002_tnc-fhh.mk +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/make - -PKG = fhhtnc -SRC = git://github.com/trustatfhh/tnc-fhh.git - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = \ - -DCOMPONENT=all \ - -DNAL=8021x - -PATCHES = \ - tnc-fhh-tncsim - -all: install - -.$(PKG)-cloned: - git clone $(SRC) $(PKG) - mkdir $(PKG)/build - @touch $@ - -.$(PKG)-patches-applied: .$(PKG)-cloned - cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 - @touch $@ - -.$(PKG)-configured: .$(PKG)-patches-applied - cd $(PKG)/build && cmake $(CONFIG_OPTS) ../ - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG)/build && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG)/build && make install diff --git a/testing/scripts/recipes/003_freeradius.mk b/testing/scripts/recipes/003_freeradius.mk deleted file mode 100644 index 71cfc238c1..0000000000 --- a/testing/scripts/recipes/003_freeradius.mk +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/make - -PV = 2.2.8 -PKG = freeradius-server-$(PV) -TAR = $(PKG).tar.bz2 -SRC = ftp://ftp.freeradius.org/pub/freeradius/old/$(TAR) - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = \ - --with-raddbdir=/etc/freeradius \ - --sysconfdir=/etc \ - --with-logdir=/var/log/freeradius \ - --enable-developer \ - --with-experimental-modules - -PATCHES = \ - freeradius-eap-sim-identity \ - freeradius-tnc-fhh - -all: install - -$(TAR): - wget $(SRC) - -.$(PKG)-unpacked: $(TAR) - tar xfj $(TAR) - @touch $@ - -.$(PKG)-patches-applied: .$(PKG)-unpacked - cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 - @touch $@ - -.$(PKG)-configured: .$(PKG)-patches-applied - cd $(PKG) && ./configure $(CONFIG_OPTS) - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG) && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG) && make install diff --git a/testing/scripts/recipes/004_hostapd.mk b/testing/scripts/recipes/004_hostapd.mk deleted file mode 100644 index 0acd428c93..0000000000 --- a/testing/scripts/recipes/004_hostapd.mk +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/make - -PV = 2.0 -PKG = hostapd-$(PV) -TAR = $(PKG).tar.gz -SRC = http://w1.fi/releases/$(TAR) - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = - -PATCHES = \ - hostapd-config - -SUBDIR = hostapd - -all: install - -$(TAR): - wget $(SRC) - -.$(PKG)-unpacked: $(TAR) - tar xfz $(TAR) - @touch $@ - -.$(PKG)-patches-applied: .$(PKG)-unpacked - cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 - @touch $@ - -.$(PKG)-configured: .$(PKG)-patches-applied - cp $(PKG)/$(SUBDIR)/defconfig $(PKG)/$(SUBDIR)/.config - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG)/$(SUBDIR) && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG)/$(SUBDIR) && make install diff --git a/testing/scripts/recipes/004_wpa_supplicant.mk b/testing/scripts/recipes/004_wpa_supplicant.mk deleted file mode 100644 index 4cc870c122..0000000000 --- a/testing/scripts/recipes/004_wpa_supplicant.mk +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/make - -PV = 2.0 -PKG = wpa_supplicant-$(PV) -TAR = $(PKG).tar.gz -SRC = http://w1.fi/releases/$(TAR) - -NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -CONFIG_OPTS = - -PATCHES = \ - wpa_supplicant-eap-tnc - -SUBDIR = wpa_supplicant - -all: install - -$(TAR): - wget $(SRC) - -.$(PKG)-unpacked: $(TAR) - tar xfz $(TAR) - @touch $@ - -.$(PKG)-patches-applied: .$(PKG)-unpacked - cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1 - @touch $@ - -.$(PKG)-configured: .$(PKG)-patches-applied - cp $(PKG)/$(SUBDIR)/defconfig $(PKG)/$(SUBDIR)/.config - @touch $@ - -.$(PKG)-built: .$(PKG)-configured - cd $(PKG)/$(SUBDIR) && make -j $(NUM_CPUS) - @touch $@ - -install: .$(PKG)-built - cd $(PKG)/$(SUBDIR) && make install diff --git a/testing/scripts/recipes/patches/freeradius-eap-sim-identity b/testing/scripts/recipes/patches/freeradius-eap-sim-identity deleted file mode 100644 index 1ab95ecc64..0000000000 --- a/testing/scripts/recipes/patches/freeradius-eap-sim-identity +++ /dev/null @@ -1,30 +0,0 @@ ---- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c 2012-11-28 11:03:05.081225276 +0100 -+++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c 2012-11-28 11:46:59.746289881 +0100 -@@ -246,14 +246,21 @@ - newvp->vp_integer = ess->sim_id++; - pairreplace(outvps, newvp); - -+ ess->keys.identitylen = strlen(handler->identity); -+ memcpy(ess->keys.identity, handler->identity, ess->keys.identitylen); -+ - /* make a copy of the identity */ - newvp = pairfind(*invps, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_IDENTITY); -- if (newvp) { -- ess->keys.identitylen = newvp->length; -- memcpy(ess->keys.identity, newvp->vp_octets, newvp->length); -- } else { -- ess->keys.identitylen = strlen(handler->identity); -- memcpy(ess->keys.identity, handler->identity, ess->keys.identitylen); -+ if (newvp && newvp->length > 2) { -+ uint16_t len; -+ -+ memcpy(&len, newvp->vp_octets, sizeof(uint16_t)); -+ len = ntohs(len); -+ if (len <= newvp->length - 2 && len <= MAX_STRING_LEN) { -+ ess->keys.identitylen = len; -+ memcpy(ess->keys.identity, newvp->vp_octets + 2, -+ ess->keys.identitylen); -+ } - } - - /* all set, calculate keys! */ diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh deleted file mode 100644 index 26a233d48e..0000000000 --- a/testing/scripts/recipes/patches/freeradius-tnc-fhh +++ /dev/null @@ -1,6687 +0,0 @@ -diff -u -r -N freeradius-server-2.2.0.orig/share/dictionary freeradius-server-2.2.0/share/dictionary ---- freeradius-server-2.2.0.orig/share/dictionary 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/share/dictionary 2012-12-04 19:39:42.261423097 +0100 -@@ -196,6 +196,7 @@ - $INCLUDE dictionary.starent - $INCLUDE dictionary.symbol - $INCLUDE dictionary.telebit -+$INCLUDE dictionary.tncfhh - $INCLUDE dictionary.terena - $INCLUDE dictionary.trapeze - $INCLUDE dictionary.tropos -diff -u -r -N freeradius-server-2.2.0.orig/share/dictionary.tncfhh freeradius-server-2.2.0/share/dictionary.tncfhh ---- freeradius-server-2.2.0.orig/share/dictionary.tncfhh 1970-01-01 01:00:00.000000000 +0100 -+++ freeradius-server-2.2.0/share/dictionary.tncfhh 2012-12-04 19:39:49.645421869 +0100 -@@ -0,0 +1,20 @@ -+# -*- text -*- -+# Dictionary for the tnc@fhh Server. -+# -+# Website: http://trust.inform.fh-hannover.de -+# -+# Version: 0.8.4 -+# Author: Bastian Hellmann -+# Email: trust@f4-i.fh-hannover.de -+# -+ -+VENDOR tncfhh 10000 -+BEGIN-VENDOR tncfhh -+ -+ATTRIBUTE TNC-Status 1 integer -+ -+VALUE TNC-Status Access 0 -+VALUE TNC-Status Isolate 1 -+VALUE TNC-Status None 2 -+ -+END-VENDOR tncfhh -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/configure freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/configure ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/configure 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/configure 2012-12-04 19:38:00.237420970 +0100 -@@ -1,61 +1,84 @@ - #! /bin/sh - # From configure.in Revision. - # Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.61. -+# Generated by GNU Autoconf 2.67. -+# - # - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, --# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software -+# Foundation, Inc. -+# -+# - # This configure script is free software; the Free Software Foundation - # gives unlimited permission to copy, distribute and modify it. --## --------------------- ## --## M4sh Initialization. ## --## --------------------- ## -+## -------------------- ## -+## M4sh Initialization. ## -+## -------------------- ## - - # Be more Bourne compatible - DUALCASE=1; export DUALCASE # for MKS sh --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: -- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST - else -- case `(set -o) 2>/dev/null` in -- *posix*) set -o posix ;; -+ case `(set -o) 2>/dev/null` in #( -+ *posix*) : -+ set -o posix ;; #( -+ *) : -+ ;; - esac -- - fi - - -- -- --# PATH needs CR --# Avoid depending upon Character Ranges. --as_cr_letters='abcdefghijklmnopqrstuvwxyz' --as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' --as_cr_Letters=$as_cr_letters$as_cr_LETTERS --as_cr_digits='0123456789' --as_cr_alnum=$as_cr_Letters$as_cr_digits -- --# The user is always right. --if test "${PATH_SEPARATOR+set}" != set; then -- echo "#! /bin/sh" >conf$$.sh -- echo "exit 0" >>conf$$.sh -- chmod +x conf$$.sh -- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then -- PATH_SEPARATOR=';' -+as_nl=' -+' -+export as_nl -+# Printing a long string crashes Solaris 7 /usr/bin/printf. -+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -+# Prefer a ksh shell builtin over an external printf program on Solaris, -+# but without wasting forks for bash or zsh. -+if test -z "$BASH_VERSION$ZSH_VERSION" \ -+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then -+ as_echo='print -r --' -+ as_echo_n='print -rn --' -+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then -+ as_echo='printf %s\n' -+ as_echo_n='printf %s' -+else -+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then -+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' -+ as_echo_n='/usr/ucb/echo -n' - else -- PATH_SEPARATOR=: -+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"' -+ as_echo_n_body='eval -+ arg=$1; -+ case $arg in #( -+ *"$as_nl"*) -+ expr "X$arg" : "X\\(.*\\)$as_nl"; -+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; -+ esac; -+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" -+ ' -+ export as_echo_n_body -+ as_echo_n='sh -c $as_echo_n_body as_echo' - fi -- rm -f conf$$.sh -+ export as_echo_body -+ as_echo='sh -c $as_echo_body as_echo' - fi - --# Support unset when possible. --if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then -- as_unset=unset --else -- as_unset=false -+# The user is always right. -+if test "${PATH_SEPARATOR+set}" != set; then -+ PATH_SEPARATOR=: -+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { -+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || -+ PATH_SEPARATOR=';' -+ } - fi - - -@@ -64,20 +87,18 @@ - # there to prevent editors from complaining about space-tab. - # (If _AS_PATH_WALK were called with IFS unset, it would disable word - # splitting by setting IFS to empty value.) --as_nl=' --' - IFS=" "" $as_nl" - - # Find who we are. Look in the path if we contain no directory separator. --case $0 in -+case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR - for as_dir in $PATH - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break --done -+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -+ done - IFS=$as_save_IFS - - ;; -@@ -88,354 +109,321 @@ - as_myself=$0 - fi - if test ! -f "$as_myself"; then -- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -- { (exit 1); exit 1; } -+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -+ exit 1 - fi - --# Work around bugs in pre-3.0 UWIN ksh. --for as_var in ENV MAIL MAILPATH --do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -+# Unset variables that we do not need and which cause bugs (e.g. in -+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -+# suppresses any "Segmentation fault" message there. '((' could -+# trigger a bug in pdksh 5.2.14. -+for as_var in BASH_ENV ENV MAIL MAILPATH -+do eval test x\${$as_var+set} = xset \ -+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : - done - PS1='$ ' - PS2='> ' - PS4='+ ' - - # NLS nuisances. --for as_var in \ -- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ -- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ -- LC_TELEPHONE LC_TIME --do -- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then -- eval $as_var=C; export $as_var -- else -- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -- fi --done -- --# Required to use basename. --if expr a : '\(a\)' >/dev/null 2>&1 && -- test "X`expr 00001 : '.*\(...\)'`" = X001; then -- as_expr=expr --else -- as_expr=false --fi -- --if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then -- as_basename=basename --else -- as_basename=false --fi -- -- --# Name of the executable. --as_me=`$as_basename -- "$0" || --$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -- X"$0" : 'X\(//\)$' \| \ -- X"$0" : 'X\(/\)' \| . 2>/dev/null || --echo X/"$0" | -- sed '/^.*\/\([^/][^/]*\)\/*$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\/\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -+LC_ALL=C -+export LC_ALL -+LANGUAGE=C -+export LANGUAGE - - # CDPATH. --$as_unset CDPATH -- -+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - - if test "x$CONFIG_SHELL" = x; then -- if (eval ":") 2>/dev/null; then -- as_have_required=yes -+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : -+ emulate sh -+ NULLCMD=: -+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which -+ # is contrary to our usage. Disable this feature. -+ alias -g '\${1+\"\$@\"}'='\"\$@\"' -+ setopt NO_GLOB_SUBST - else -- as_have_required=no -+ case \`(set -o) 2>/dev/null\` in #( -+ *posix*) : -+ set -o posix ;; #( -+ *) : -+ ;; -+esac - fi -- -- if test $as_have_required = yes && (eval ": --(as_func_return () { -- (exit \$1) --} --as_func_success () { -- as_func_return 0 --} --as_func_failure () { -- as_func_return 1 --} --as_func_ret_success () { -- return 0 --} --as_func_ret_failure () { -- return 1 --} -+" -+ as_required="as_fn_return () { (exit \$1); } -+as_fn_success () { as_fn_return 0; } -+as_fn_failure () { as_fn_return 1; } -+as_fn_ret_success () { return 0; } -+as_fn_ret_failure () { return 1; } - - exitcode=0 --if as_func_success; then -- : --else -- exitcode=1 -- echo as_func_success failed. --fi -- --if as_func_failure; then -- exitcode=1 -- echo as_func_failure succeeded. --fi -- --if as_func_ret_success; then -- : --else -- exitcode=1 -- echo as_func_ret_success failed. --fi -- --if as_func_ret_failure; then -- exitcode=1 -- echo as_func_ret_failure succeeded. --fi -- --if ( set x; as_func_ret_success y && test x = \"\$1\" ); then -- : -+as_fn_success || { exitcode=1; echo as_fn_success failed.; } -+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } -+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } -+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : -+ -+else -+ exitcode=1; echo positional parameters were not saved. -+fi -+test x\$exitcode = x0 || exit 1" -+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO -+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO -+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && -+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -+test \$(( 1 + 1 )) = 2 || exit 1" -+ if (eval "$as_required") 2>/dev/null; then : -+ as_have_required=yes - else -- exitcode=1 -- echo positional parameters were not saved. -+ as_have_required=no - fi -+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : - --test \$exitcode = 0) || { (exit 1); exit 1; } -- --( -- as_lineno_1=\$LINENO -- as_lineno_2=\$LINENO -- test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && -- test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } --") 2> /dev/null; then -- : - else -- as_candidate_shells= -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+as_found=false - for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- case $as_dir in -+ as_found=: -+ case $as_dir in #( - /*) - for as_base in sh bash ksh sh5; do -- as_candidate_shells="$as_candidate_shells $as_dir/$as_base" -+ # Try only shells that exist, to save several forks. -+ as_shell=$as_dir/$as_base -+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } && -+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : -+ CONFIG_SHELL=$as_shell as_have_required=yes -+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : -+ break 2 -+fi -+fi - done;; - esac -+ as_found=false - done -+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && -+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : -+ CONFIG_SHELL=$SHELL as_have_required=yes -+fi; } - IFS=$as_save_IFS - - -- for as_shell in $as_candidate_shells $SHELL; do -- # Try only shells that exist, to save several forks. -- if { test -f "$as_shell" || test -f "$as_shell.exe"; } && -- { ("$as_shell") 2> /dev/null <<\_ASEOF --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -- emulate sh -- NULLCMD=: -- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -- # is contrary to our usage. Disable this feature. -- alias -g '${1+"$@"}'='"$@"' -- setopt NO_GLOB_SUBST --else -- case `(set -o) 2>/dev/null` in -- *posix*) set -o posix ;; --esac -- -+ if test "x$CONFIG_SHELL" != x; then : -+ # We cannot yet assume a decent shell, so we have to provide a -+ # neutralization value for shells without unset; and this also -+ # works around shells that cannot unset nonexistent variables. -+ BASH_ENV=/dev/null -+ ENV=/dev/null -+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -+ export CONFIG_SHELL -+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} -+fi -+ -+ if test x$as_have_required = xno; then : -+ $as_echo "$0: This script requires a shell more modern than all" -+ $as_echo "$0: the shells that I found on your system." -+ if test x${ZSH_VERSION+set} = xset ; then -+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" -+ $as_echo "$0: be upgraded to zsh 4.3.4 or later." -+ else -+ $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, -+$0: including any error possibly output before this -+$0: message. Then install a modern shell, or manually run -+$0: the script under such a shell if you do have one." -+ fi -+ exit 1 - fi -- -- --: --_ASEOF --}; then -- CONFIG_SHELL=$as_shell -- as_have_required=yes -- if { "$as_shell" 2> /dev/null <<\_ASEOF --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -- emulate sh -- NULLCMD=: -- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -- # is contrary to our usage. Disable this feature. -- alias -g '${1+"$@"}'='"$@"' -- setopt NO_GLOB_SUBST --else -- case `(set -o) 2>/dev/null` in -- *posix*) set -o posix ;; --esac -- - fi -+fi -+SHELL=${CONFIG_SHELL-/bin/sh} -+export SHELL -+# Unset more variables known to interfere with behavior of common tools. -+CLICOLOR_FORCE= GREP_OPTIONS= -+unset CLICOLOR_FORCE GREP_OPTIONS - -- --: --(as_func_return () { -- (exit $1) --} --as_func_success () { -- as_func_return 0 --} --as_func_failure () { -- as_func_return 1 --} --as_func_ret_success () { -- return 0 --} --as_func_ret_failure () { -- return 1 -+## --------------------- ## -+## M4sh Shell Functions. ## -+## --------------------- ## -+# as_fn_unset VAR -+# --------------- -+# Portably unset VAR. -+as_fn_unset () -+{ -+ { eval $1=; unset $1;} - } -+as_unset=as_fn_unset - --exitcode=0 --if as_func_success; then -- : --else -- exitcode=1 -- echo as_func_success failed. --fi -+# as_fn_set_status STATUS -+# ----------------------- -+# Set $? to STATUS, without forking. -+as_fn_set_status () -+{ -+ return $1 -+} # as_fn_set_status - --if as_func_failure; then -- exitcode=1 -- echo as_func_failure succeeded. --fi -+# as_fn_exit STATUS -+# ----------------- -+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -+as_fn_exit () -+{ -+ set +e -+ as_fn_set_status $1 -+ exit $1 -+} # as_fn_exit -+ -+# as_fn_mkdir_p -+# ------------- -+# Create "$as_dir" as a directory, including parents if necessary. -+as_fn_mkdir_p () -+{ - --if as_func_ret_success; then -- : --else -- exitcode=1 -- echo as_func_ret_success failed. --fi -+ case $as_dir in #( -+ -*) as_dir=./$as_dir;; -+ esac -+ test -d "$as_dir" || eval $as_mkdir_p || { -+ as_dirs= -+ while :; do -+ case $as_dir in #( -+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( -+ *) as_qdir=$as_dir;; -+ esac -+ as_dirs="'$as_qdir' $as_dirs" -+ as_dir=`$as_dirname -- "$as_dir" || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\/\)[^/].*/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\/\)$/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\).*/{ -+ s//\1/ -+ q -+ } -+ s/.*/./; q'` -+ test -d "$as_dir" && break -+ done -+ test -z "$as_dirs" || eval "mkdir $as_dirs" -+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - --if as_func_ret_failure; then -- exitcode=1 -- echo as_func_ret_failure succeeded. --fi - --if ( set x; as_func_ret_success y && test x = "$1" ); then -- : -+} # as_fn_mkdir_p -+# as_fn_append VAR VALUE -+# ---------------------- -+# Append the text in VALUE to the end of the definition contained in VAR. Take -+# advantage of any shell optimizations that allow amortized linear growth over -+# repeated appends, instead of the typical quadratic growth present in naive -+# implementations. -+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : -+ eval 'as_fn_append () -+ { -+ eval $1+=\$2 -+ }' - else -- exitcode=1 -- echo positional parameters were not saved. --fi -- --test $exitcode = 0) || { (exit 1); exit 1; } -- --( -- as_lineno_1=$LINENO -- as_lineno_2=$LINENO -- test "x$as_lineno_1" != "x$as_lineno_2" && -- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } -- --_ASEOF --}; then -- break --fi -- --fi -- -- done -- -- if test "x$CONFIG_SHELL" != x; then -- for as_var in BASH_ENV ENV -- do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -- done -- export CONFIG_SHELL -- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} --fi -- -- -- if test $as_have_required = no; then -- echo This script requires a shell more modern than all the -- echo shells that I found on your system. Please install a -- echo modern shell, or manually run the script under such a -- echo shell if you do have one. -- { (exit 1); exit 1; } --fi -- -- --fi -- --fi -- -+ as_fn_append () -+ { -+ eval $1=\$$1\$2 -+ } -+fi # as_fn_append -+ -+# as_fn_arith ARG... -+# ------------------ -+# Perform arithmetic evaluation on the ARGs, and store the result in the -+# global $as_val. Take advantage of shells that can avoid forks. The arguments -+# must be portable across $(()) and expr. -+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : -+ eval 'as_fn_arith () -+ { -+ as_val=$(( $* )) -+ }' -+else -+ as_fn_arith () -+ { -+ as_val=`expr "$@" || test $? -eq 1` -+ } -+fi # as_fn_arith - - --(eval "as_func_return () { -- (exit \$1) --} --as_func_success () { -- as_func_return 0 --} --as_func_failure () { -- as_func_return 1 --} --as_func_ret_success () { -- return 0 --} --as_func_ret_failure () { -- return 1 --} -+# as_fn_error STATUS ERROR [LINENO LOG_FD] -+# ---------------------------------------- -+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -+# script with STATUS, using 1 if that was 0. -+as_fn_error () -+{ -+ as_status=$1; test $as_status -eq 0 && as_status=1 -+ if test "$4"; then -+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 -+ fi -+ $as_echo "$as_me: error: $2" >&2 -+ as_fn_exit $as_status -+} # as_fn_error - --exitcode=0 --if as_func_success; then -- : -+if expr a : '\(a\)' >/dev/null 2>&1 && -+ test "X`expr 00001 : '.*\(...\)'`" = X001; then -+ as_expr=expr - else -- exitcode=1 -- echo as_func_success failed. --fi -- --if as_func_failure; then -- exitcode=1 -- echo as_func_failure succeeded. -+ as_expr=false - fi - --if as_func_ret_success; then -- : -+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then -+ as_basename=basename - else -- exitcode=1 -- echo as_func_ret_success failed. --fi -- --if as_func_ret_failure; then -- exitcode=1 -- echo as_func_ret_failure succeeded. -+ as_basename=false - fi - --if ( set x; as_func_ret_success y && test x = \"\$1\" ); then -- : -+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -+ as_dirname=dirname - else -- exitcode=1 -- echo positional parameters were not saved. -+ as_dirname=false - fi - --test \$exitcode = 0") || { -- echo No shell found that supports shell functions. -- echo Please tell autoconf@gnu.org about your system, -- echo including any error possibly output before this -- echo message --} -+as_me=`$as_basename -- "$0" || -+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -+ X"$0" : 'X\(//\)$' \| \ -+ X"$0" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X/"$0" | -+ sed '/^.*\/\([^/][^/]*\)\/*$/{ -+ s//\1/ -+ q -+ } -+ /^X\/\(\/\/\)$/{ -+ s//\1/ -+ q -+ } -+ /^X\/\(\/\).*/{ -+ s//\1/ -+ q -+ } -+ s/.*/./; q'` - -+# Avoid depending upon Character Ranges. -+as_cr_letters='abcdefghijklmnopqrstuvwxyz' -+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -+as_cr_Letters=$as_cr_letters$as_cr_LETTERS -+as_cr_digits='0123456789' -+as_cr_alnum=$as_cr_Letters$as_cr_digits - - -- as_lineno_1=$LINENO -- as_lineno_2=$LINENO -- test "x$as_lineno_1" != "x$as_lineno_2" && -- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { -- -- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO -- # uniformly replaced by the line number. The first 'sed' inserts a -- # line-number line after each line using $LINENO; the second 'sed' -- # does the real work. The second script uses 'N' to pair each -- # line-number line with the line containing $LINENO, and appends -- # trailing '-' during substitution so that $LINENO is not a special -- # case at line end. -- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the -- # scripts with optimization help from Paolo Bonzini. Blame Lee -- # E. McMahon (1931-1989) for sed's syntax. :-) -+ as_lineno_1=$LINENO as_lineno_1a=$LINENO -+ as_lineno_2=$LINENO as_lineno_2a=$LINENO -+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && -+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { -+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= -@@ -452,8 +440,7 @@ - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || -- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 -- { (exit 1); exit 1; }; } -+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the -@@ -463,49 +450,40 @@ - exit - } - -- --if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -- as_dirname=dirname --else -- as_dirname=false --fi -- - ECHO_C= ECHO_N= ECHO_T= --case `echo -n x` in -+case `echo -n x` in #((((( - -n*) -- case `echo 'x\c'` in -+ case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. -- *) ECHO_C='\c';; -+ xy) ECHO_C='\c';; -+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null -+ ECHO_T=' ';; - esac;; - *) - ECHO_N='-n';; - esac - --if expr a : '\(a\)' >/dev/null 2>&1 && -- test "X`expr 00001 : '.*\(...\)'`" = X001; then -- as_expr=expr --else -- as_expr=false --fi -- - rm -f conf$$ conf$$.exe conf$$.file - if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file - else - rm -f conf$$.dir -- mkdir conf$$.dir -+ mkdir conf$$.dir 2>/dev/null - fi --echo >conf$$.file --if ln -s conf$$.file conf$$ 2>/dev/null; then -- as_ln_s='ln -s' -- # ... but there are two gotchas: -- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -- # In both cases, we have to default to `cp -p'. -- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -+if (echo >conf$$.file) 2>/dev/null; then -+ if ln -s conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s='ln -s' -+ # ... but there are two gotchas: -+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -+ # In both cases, we have to default to `cp -p'. -+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -+ as_ln_s='cp -p' -+ elif ln conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s=ln -+ else - as_ln_s='cp -p' --elif ln conf$$.file conf$$ 2>/dev/null; then -- as_ln_s=ln -+ fi - else - as_ln_s='cp -p' - fi -@@ -513,7 +491,7 @@ - rmdir conf$$.dir 2>/dev/null - - if mkdir -p . 2>/dev/null; then -- as_mkdir_p=: -+ as_mkdir_p='mkdir -p "$as_dir"' - else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -@@ -530,12 +508,12 @@ - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then -- test -d "$1/."; -+ test -d "$1/."; - else -- case $1 in -- -*)set "./$1";; -+ case $1 in #( -+ -*)set "./$1";; - esac; -- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in -+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -@@ -549,11 +527,11 @@ - as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -- --exec 7<&0 &1 -+test -n "$DJDIR" || exec 7<&0 &1 - - # Name of the host. --# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, -+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, - # so uname gets run too. - ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` - -@@ -568,7 +546,6 @@ - subdirs= - MFLAGS= - MAKEFLAGS= --SHELL=${CONFIG_SHELL-/bin/sh} - - # Identity of this package. - PACKAGE_NAME= -@@ -576,58 +553,102 @@ - PACKAGE_VERSION= - PACKAGE_STRING= - PACKAGE_BUGREPORT= -+PACKAGE_URL= - - ac_unique_file="rlm_eap_tnc.c" --ac_subst_vars='SHELL --PATH_SEPARATOR --PACKAGE_NAME --PACKAGE_TARNAME --PACKAGE_VERSION --PACKAGE_STRING --PACKAGE_BUGREPORT --exec_prefix --prefix --program_transform_name --bindir --sbindir --libexecdir --datarootdir --datadir --sysconfdir --sharedstatedir --localstatedir --includedir --oldincludedir --docdir --infodir --htmldir --dvidir --pdfdir --psdir --libdir --localedir --mandir --DEFS --ECHO_C --ECHO_N --ECHO_T --LIBS --build_alias --host_alias --target_alias --CC --CFLAGS --LDFLAGS --CPPFLAGS --ac_ct_CC --EXEEXT --OBJEXT --eap_tnc_cflags --eap_tnc_ldflags --targetname -+# Factoring default headers for most tests. -+ac_includes_default="\ -+#include -+#ifdef HAVE_SYS_TYPES_H -+# include -+#endif -+#ifdef HAVE_SYS_STAT_H -+# include -+#endif -+#ifdef STDC_HEADERS -+# include -+# include -+#else -+# ifdef HAVE_STDLIB_H -+# include -+# endif -+#endif -+#ifdef HAVE_STRING_H -+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -+# include -+# endif -+# include -+#endif -+#ifdef HAVE_STRINGS_H -+# include -+#endif -+#ifdef HAVE_INTTYPES_H -+# include -+#endif -+#ifdef HAVE_STDINT_H -+# include -+#endif -+#ifdef HAVE_UNISTD_H -+# include -+#endif" -+ -+ac_subst_vars='LTLIBOBJS - LIBOBJS --LTLIBOBJS' -+targetname -+eap_tnc_ldflags -+eap_tnc_cflags -+EGREP -+GREP -+CPP -+OBJEXT -+EXEEXT -+ac_ct_CC -+CPPFLAGS -+LDFLAGS -+CFLAGS -+CC -+target_alias -+host_alias -+build_alias -+LIBS -+ECHO_T -+ECHO_N -+ECHO_C -+DEFS -+mandir -+localedir -+libdir -+psdir -+pdfdir -+dvidir -+htmldir -+infodir -+docdir -+oldincludedir -+includedir -+localstatedir -+sharedstatedir -+sysconfdir -+datadir -+datarootdir -+libexecdir -+sbindir -+bindir -+program_transform_name -+prefix -+exec_prefix -+PACKAGE_URL -+PACKAGE_BUGREPORT -+PACKAGE_STRING -+PACKAGE_VERSION -+PACKAGE_TARNAME -+PACKAGE_NAME -+PATH_SEPARATOR -+SHELL' - ac_subst_files='' -+ac_user_opts=' -+enable_option_checking -+' - ac_precious_vars='build_alias - host_alias - target_alias -@@ -635,12 +656,15 @@ - CFLAGS - LDFLAGS - LIBS --CPPFLAGS' -+CPPFLAGS -+CPP' - - - # Initialize some variables set by options. - ac_init_help= - ac_init_version=false -+ac_unrecognized_opts= -+ac_unrecognized_sep= - # The variables have the same names as the options, with - # dashes changed to underlines. - cache_file=/dev/null -@@ -696,8 +720,9 @@ - fi - - case $ac_option in -- *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; -- *) ac_optarg=yes ;; -+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; -+ *=) ac_optarg= ;; -+ *) ac_optarg=yes ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. -@@ -739,13 +764,20 @@ - datarootdir=$ac_optarg ;; - - -disable-* | --disable-*) -- ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` -+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` - # Reject names that are not valid shell variable names. -- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && -- { echo "$as_me: error: invalid feature name: $ac_feature" >&2 -- { (exit 1); exit 1; }; } -- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` -- eval enable_$ac_feature=no ;; -+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -+ as_fn_error $? "invalid feature name: $ac_useropt" -+ ac_useropt_orig=$ac_useropt -+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -+ case $ac_user_opts in -+ *" -+"enable_$ac_useropt" -+"*) ;; -+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" -+ ac_unrecognized_sep=', ';; -+ esac -+ eval enable_$ac_useropt=no ;; - - -docdir | --docdir | --docdi | --doc | --do) - ac_prev=docdir ;; -@@ -758,13 +790,20 @@ - dvidir=$ac_optarg ;; - - -enable-* | --enable-*) -- ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` -+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` - # Reject names that are not valid shell variable names. -- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && -- { echo "$as_me: error: invalid feature name: $ac_feature" >&2 -- { (exit 1); exit 1; }; } -- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` -- eval enable_$ac_feature=\$ac_optarg ;; -+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -+ as_fn_error $? "invalid feature name: $ac_useropt" -+ ac_useropt_orig=$ac_useropt -+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -+ case $ac_user_opts in -+ *" -+"enable_$ac_useropt" -+"*) ;; -+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" -+ ac_unrecognized_sep=', ';; -+ esac -+ eval enable_$ac_useropt=\$ac_optarg ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ -@@ -955,22 +994,36 @@ - ac_init_version=: ;; - - -with-* | --with-*) -- ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` -+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` - # Reject names that are not valid shell variable names. -- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && -- { echo "$as_me: error: invalid package name: $ac_package" >&2 -- { (exit 1); exit 1; }; } -- ac_package=`echo $ac_package | sed 's/[-.]/_/g'` -- eval with_$ac_package=\$ac_optarg ;; -+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -+ as_fn_error $? "invalid package name: $ac_useropt" -+ ac_useropt_orig=$ac_useropt -+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -+ case $ac_user_opts in -+ *" -+"with_$ac_useropt" -+"*) ;; -+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" -+ ac_unrecognized_sep=', ';; -+ esac -+ eval with_$ac_useropt=\$ac_optarg ;; - - -without-* | --without-*) -- ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` -+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` - # Reject names that are not valid shell variable names. -- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && -- { echo "$as_me: error: invalid package name: $ac_package" >&2 -- { (exit 1); exit 1; }; } -- ac_package=`echo $ac_package | sed 's/[-.]/_/g'` -- eval with_$ac_package=no ;; -+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && -+ as_fn_error $? "invalid package name: $ac_useropt" -+ ac_useropt_orig=$ac_useropt -+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` -+ case $ac_user_opts in -+ *" -+"with_$ac_useropt" -+"*) ;; -+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" -+ ac_unrecognized_sep=', ';; -+ esac -+ eval with_$ac_useropt=no ;; - - --x) - # Obsolete; use --with-x. -@@ -990,25 +1043,25 @@ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries=$ac_optarg ;; - -- -*) { echo "$as_me: error: unrecognized option: $ac_option --Try \`$0 --help' for more information." >&2 -- { (exit 1); exit 1; }; } -+ -*) as_fn_error $? "unrecognized option: \`$ac_option' -+Try \`$0 --help' for more information" - ;; - - *=*) - ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` - # Reject names that are not valid shell variable names. -- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && -- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 -- { (exit 1); exit 1; }; } -+ case $ac_envvar in #( -+ '' | [0-9]* | *[!_$as_cr_alnum]* ) -+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; -+ esac - eval $ac_envvar=\$ac_optarg - export $ac_envvar ;; - - *) - # FIXME: should be removed in autoconf 3.0. -- echo "$as_me: WARNING: you should use --build, --host, --target" >&2 -+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 - expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && -- echo "$as_me: WARNING: invalid host type: $ac_option" >&2 -+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} - ;; - -@@ -1017,23 +1070,36 @@ - - if test -n "$ac_prev"; then - ac_option=--`echo $ac_prev | sed 's/_/-/g'` -- { echo "$as_me: error: missing argument to $ac_option" >&2 -- { (exit 1); exit 1; }; } -+ as_fn_error $? "missing argument to $ac_option" -+fi -+ -+if test -n "$ac_unrecognized_opts"; then -+ case $enable_option_checking in -+ no) ;; -+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; -+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; -+ esac - fi - --# Be sure to have absolute directory names. -+# Check all directory arguments for consistency. - for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir - do - eval ac_val=\$$ac_var -+ # Remove trailing slashes. -+ case $ac_val in -+ */ ) -+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` -+ eval $ac_var=\$ac_val;; -+ esac -+ # Be sure to have absolute directory names. - case $ac_val in - [\\/$]* | ?:[\\/]* ) continue;; - NONE | '' ) case $ac_var in *prefix ) continue;; esac;; - esac -- { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 -- { (exit 1); exit 1; }; } -+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" - done - - # There might be people who depend on the old broken behavior: `$host' -@@ -1047,8 +1113,8 @@ - if test "x$host_alias" != x; then - if test "x$build_alias" = x; then - cross_compiling=maybe -- echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. -- If a cross compiler is detected then cross compile mode will be used." >&2 -+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. -+ If a cross compiler is detected then cross compile mode will be used" >&2 - elif test "x$build_alias" != "x$host_alias"; then - cross_compiling=yes - fi -@@ -1063,23 +1129,21 @@ - ac_pwd=`pwd` && test -n "$ac_pwd" && - ac_ls_di=`ls -di .` && - ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || -- { echo "$as_me: error: Working directory cannot be determined" >&2 -- { (exit 1); exit 1; }; } -+ as_fn_error $? "working directory cannot be determined" - test "X$ac_ls_di" = "X$ac_pwd_ls_di" || -- { echo "$as_me: error: pwd does not report name of working directory" >&2 -- { (exit 1); exit 1; }; } -+ as_fn_error $? "pwd does not report name of working directory" - - - # Find the source files, if location was not specified. - if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then the parent directory. -- ac_confdir=`$as_dirname -- "$0" || --$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$0" : 'X\(//\)[^/]' \| \ -- X"$0" : 'X\(//\)$' \| \ -- X"$0" : 'X\(/\)' \| . 2>/dev/null || --echo X"$0" | -+ ac_confdir=`$as_dirname -- "$as_myself" || -+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_myself" : 'X\(//\)[^/]' \| \ -+ X"$as_myself" : 'X\(//\)$' \| \ -+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X"$as_myself" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q -@@ -1106,13 +1170,11 @@ - fi - if test ! -r "$srcdir/$ac_unique_file"; then - test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." -- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 -- { (exit 1); exit 1; }; } -+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" - fi - ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" - ac_abs_confdir=`( -- cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 -- { (exit 1); exit 1; }; } -+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" - pwd)` - # When building in place, set srcdir=. - if test "$ac_abs_confdir" = "$ac_pwd"; then -@@ -1152,7 +1214,7 @@ - --help=short display options specific to this package - --help=recursive display the short help of all the included packages - -V, --version display version information and exit -- -q, --quiet, --silent do not print \`checking...' messages -+ -q, --quiet, --silent do not print \`checking ...' messages - --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' - -n, --no-create do not create output files -@@ -1160,9 +1222,9 @@ - - Installation directories: - --prefix=PREFIX install architecture-independent files in PREFIX -- [$ac_default_prefix] -+ [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX -- [PREFIX] -+ [PREFIX] - - By default, \`make install' will install all the files in - \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -@@ -1172,25 +1234,25 @@ - For better control, use the options below. - - Fine tuning of the installation directories: -- --bindir=DIR user executables [EPREFIX/bin] -- --sbindir=DIR system admin executables [EPREFIX/sbin] -- --libexecdir=DIR program executables [EPREFIX/libexec] -- --sysconfdir=DIR read-only single-machine data [PREFIX/etc] -- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] -- --localstatedir=DIR modifiable single-machine data [PREFIX/var] -- --libdir=DIR object code libraries [EPREFIX/lib] -- --includedir=DIR C header files [PREFIX/include] -- --oldincludedir=DIR C header files for non-gcc [/usr/include] -- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] -- --datadir=DIR read-only architecture-independent data [DATAROOTDIR] -- --infodir=DIR info documentation [DATAROOTDIR/info] -- --localedir=DIR locale-dependent data [DATAROOTDIR/locale] -- --mandir=DIR man documentation [DATAROOTDIR/man] -- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] -- --htmldir=DIR html documentation [DOCDIR] -- --dvidir=DIR dvi documentation [DOCDIR] -- --pdfdir=DIR pdf documentation [DOCDIR] -- --psdir=DIR ps documentation [DOCDIR] -+ --bindir=DIR user executables [EPREFIX/bin] -+ --sbindir=DIR system admin executables [EPREFIX/sbin] -+ --libexecdir=DIR program executables [EPREFIX/libexec] -+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] -+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] -+ --localstatedir=DIR modifiable single-machine data [PREFIX/var] -+ --libdir=DIR object code libraries [EPREFIX/lib] -+ --includedir=DIR C header files [PREFIX/include] -+ --oldincludedir=DIR C header files for non-gcc [/usr/include] -+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] -+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR] -+ --infodir=DIR info documentation [DATAROOTDIR/info] -+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale] -+ --mandir=DIR man documentation [DATAROOTDIR/man] -+ --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] -+ --htmldir=DIR html documentation [DOCDIR] -+ --dvidir=DIR dvi documentation [DOCDIR] -+ --pdfdir=DIR pdf documentation [DOCDIR] -+ --psdir=DIR ps documentation [DOCDIR] - _ACEOF - - cat <<\_ACEOF -@@ -1207,12 +1269,14 @@ - LDFLAGS linker flags, e.g. -L if you have libraries in a - nonstandard directory - LIBS libraries to pass to the linker, e.g. -l -- CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if -+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if - you have headers in a nonstandard directory -+ CPP C preprocessor - - Use these variables to override the choices made by `configure' or to help - it to find libraries and programs with nonstandard names/locations. - -+Report bugs to the package provider. - _ACEOF - ac_status=$? - fi -@@ -1220,15 +1284,17 @@ - if test "$ac_init_help" = "recursive"; then - # If there are subdirs, report their specific --help. - for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue -- test -d "$ac_dir" || continue -+ test -d "$ac_dir" || -+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || -+ continue - ac_builddir=. - - case "$ac_dir" in - .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) -- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. -- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` -+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; -@@ -1264,7 +1330,7 @@ - echo && - $SHELL "$ac_srcdir/configure" --help=recursive - else -- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 -+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi || ac_status=$? - cd "$ac_pwd" || { ac_status=$?; break; } - done -@@ -1274,21 +1340,305 @@ - if $ac_init_version; then - cat <<\_ACEOF - configure --generated by GNU Autoconf 2.61 -+generated by GNU Autoconf 2.67 - --Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, --2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -+Copyright (C) 2010 Free Software Foundation, Inc. - This configure script is free software; the Free Software Foundation - gives unlimited permission to copy, distribute and modify it. - _ACEOF - exit - fi -+ -+## ------------------------ ## -+## Autoconf initialization. ## -+## ------------------------ ## -+ -+# ac_fn_c_try_compile LINENO -+# -------------------------- -+# Try to compile conftest.$ac_ext, and return whether this succeeded. -+ac_fn_c_try_compile () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ rm -f conftest.$ac_objext -+ if { { ac_try="$ac_compile" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_compile") 2>conftest.err -+ ac_status=$? -+ if test -s conftest.err; then -+ grep -v '^ *+' conftest.err >conftest.er1 -+ cat conftest.er1 >&5 -+ mv -f conftest.er1 conftest.err -+ fi -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest.$ac_objext; then : -+ ac_retval=0 -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_retval=1 -+fi -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ as_fn_set_status $ac_retval -+ -+} # ac_fn_c_try_compile -+ -+# ac_fn_c_try_link LINENO -+# ----------------------- -+# Try to link conftest.$ac_ext, and return whether this succeeded. -+ac_fn_c_try_link () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ rm -f conftest.$ac_objext conftest$ac_exeext -+ if { { ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_link") 2>conftest.err -+ ac_status=$? -+ if test -s conftest.err; then -+ grep -v '^ *+' conftest.err >conftest.er1 -+ cat conftest.er1 >&5 -+ mv -f conftest.er1 conftest.err -+ fi -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest$ac_exeext && { -+ test "$cross_compiling" = yes || -+ $as_test_x conftest$ac_exeext -+ }; then : -+ ac_retval=0 -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_retval=1 -+fi -+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information -+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would -+ # interfere with the next link command; also delete a directory that is -+ # left behind by Apple's compiler. We do this before executing the actions. -+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ as_fn_set_status $ac_retval -+ -+} # ac_fn_c_try_link -+ -+# ac_fn_c_try_cpp LINENO -+# ---------------------- -+# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -+ac_fn_c_try_cpp () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ if { { ac_try="$ac_cpp conftest.$ac_ext" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err -+ ac_status=$? -+ if test -s conftest.err; then -+ grep -v '^ *+' conftest.err >conftest.er1 -+ cat conftest.er1 >&5 -+ mv -f conftest.er1 conftest.err -+ fi -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } > conftest.i && { -+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || -+ test ! -s conftest.err -+ }; then : -+ ac_retval=0 -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_retval=1 -+fi -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ as_fn_set_status $ac_retval -+ -+} # ac_fn_c_try_cpp -+ -+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -+# ------------------------------------------------------- -+# Tests whether HEADER exists, giving a warning if it cannot be compiled using -+# the include files in INCLUDES and setting the cache variable VAR -+# accordingly. -+ac_fn_c_check_header_mongrel () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ if eval "test \"\${$3+set}\"" = set; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -+$as_echo_n "checking for $2... " >&6; } -+if eval "test \"\${$3+set}\"" = set; then : -+ $as_echo_n "(cached) " >&6 -+fi -+eval ac_res=\$$3 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+else -+ # Is the header compilable? -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -+$as_echo_n "checking $2 usability... " >&6; } -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+$4 -+#include <$2> -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ ac_header_compiler=yes -+else -+ ac_header_compiler=no -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -+$as_echo "$ac_header_compiler" >&6; } -+ -+# Is the header present? -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -+$as_echo_n "checking $2 presence... " >&6; } -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include <$2> -+_ACEOF -+if ac_fn_c_try_cpp "$LINENO"; then : -+ ac_header_preproc=yes -+else -+ ac_header_preproc=no -+fi -+rm -f conftest.err conftest.i conftest.$ac_ext -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -+$as_echo "$ac_header_preproc" >&6; } -+ -+# So? What about this header? -+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( -+ yes:no: ) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -+ ;; -+ no:yes:* ) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -+ ;; -+esac -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -+$as_echo_n "checking for $2... " >&6; } -+if eval "test \"\${$3+set}\"" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ eval "$3=\$ac_header_compiler" -+fi -+eval ac_res=\$$3 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+fi -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ -+} # ac_fn_c_check_header_mongrel -+ -+# ac_fn_c_try_run LINENO -+# ---------------------- -+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -+# that executables *can* be run. -+ac_fn_c_try_run () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ if { { ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_link") 2>&5 -+ ac_status=$? -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' -+ { { case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_try") 2>&5 -+ ac_status=$? -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; }; then : -+ ac_retval=0 -+else -+ $as_echo "$as_me: program exited with status $ac_status" >&5 -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_retval=$ac_status -+fi -+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ as_fn_set_status $ac_retval -+ -+} # ac_fn_c_try_run -+ -+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -+# ------------------------------------------------------- -+# Tests whether HEADER exists and can be compiled using the include files in -+# INCLUDES, setting the cache variable VAR accordingly. -+ac_fn_c_check_header_compile () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -+$as_echo_n "checking for $2... " >&6; } -+if eval "test \"\${$3+set}\"" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+$4 -+#include <$2> -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ eval "$3=yes" -+else -+ eval "$3=no" -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+fi -+eval ac_res=\$$3 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} -+ -+} # ac_fn_c_check_header_compile - cat >config.log <<_ACEOF - This file contains any messages produced by compilers while - running configure, to aid debugging if configure makes a mistake. - - It was created by $as_me, which was --generated by GNU Autoconf 2.61. Invocation command line was -+generated by GNU Autoconf 2.67. Invocation command line was - - $ $0 $@ - -@@ -1324,8 +1674,8 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- echo "PATH: $as_dir" --done -+ $as_echo "PATH: $as_dir" -+ done - IFS=$as_save_IFS - - } >&5 -@@ -1359,12 +1709,12 @@ - | -silent | --silent | --silen | --sile | --sil) - continue ;; - *\'*) -- ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; -+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - case $ac_pass in -- 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; -+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; - 2) -- ac_configure_args1="$ac_configure_args1 '$ac_arg'" -+ as_fn_append ac_configure_args1 " '$ac_arg'" - if test $ac_must_keep_next = true; then - ac_must_keep_next=false # Got value, back to normal. - else -@@ -1380,13 +1730,13 @@ - -* ) ac_must_keep_next=true ;; - esac - fi -- ac_configure_args="$ac_configure_args '$ac_arg'" -+ as_fn_append ac_configure_args " '$ac_arg'" - ;; - esac - done - done --$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } --$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } -+{ ac_configure_args0=; unset ac_configure_args0;} -+{ ac_configure_args1=; unset ac_configure_args1;} - - # When interrupted or exit'd, cleanup temporary files, and complete - # config.log. We remove comments because anyway the quotes in there -@@ -1398,11 +1748,9 @@ - { - echo - -- cat <<\_ASBOX --## ---------------- ## -+ $as_echo "## ---------------- ## - ## Cache variables. ## --## ---------------- ## --_ASBOX -+## ---------------- ##" - echo - # The following way of writing the cache mishandles newlines in values, - ( -@@ -1411,12 +1759,13 @@ - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( -- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 --echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; -+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( -- *) $as_unset $ac_var ;; -+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( -+ *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done -@@ -1435,128 +1784,136 @@ - ) - echo - -- cat <<\_ASBOX --## ----------------- ## -+ $as_echo "## ----------------- ## - ## Output variables. ## --## ----------------- ## --_ASBOX -+## ----------------- ##" - echo - for ac_var in $ac_subst_vars - do - eval ac_val=\$$ac_var - case $ac_val in -- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; -+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac -- echo "$ac_var='\''$ac_val'\''" -+ $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - - if test -n "$ac_subst_files"; then -- cat <<\_ASBOX --## ------------------- ## -+ $as_echo "## ------------------- ## - ## File substitutions. ## --## ------------------- ## --_ASBOX -+## ------------------- ##" - echo - for ac_var in $ac_subst_files - do - eval ac_val=\$$ac_var - case $ac_val in -- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; -+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac -- echo "$ac_var='\''$ac_val'\''" -+ $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - fi - - if test -s confdefs.h; then -- cat <<\_ASBOX --## ----------- ## -+ $as_echo "## ----------- ## - ## confdefs.h. ## --## ----------- ## --_ASBOX -+## ----------- ##" - echo - cat confdefs.h - echo - fi - test "$ac_signal" != 0 && -- echo "$as_me: caught signal $ac_signal" -- echo "$as_me: exit $exit_status" -+ $as_echo "$as_me: caught signal $ac_signal" -+ $as_echo "$as_me: exit $exit_status" - } >&5 - rm -f core *.core core.conftest.* && - rm -f -r conftest* confdefs* conf$$* $ac_clean_files && - exit $exit_status - ' 0 - for ac_signal in 1 2 13 15; do -- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal -+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal - done - ac_signal=0 - - # confdefs.h avoids OS command line length limits that DEFS can exceed. - rm -f -r conftest* confdefs.h - -+$as_echo "/* confdefs.h */" > confdefs.h -+ - # Predefined preprocessor variables. - - cat >>confdefs.h <<_ACEOF - #define PACKAGE_NAME "$PACKAGE_NAME" - _ACEOF - -- - cat >>confdefs.h <<_ACEOF - #define PACKAGE_TARNAME "$PACKAGE_TARNAME" - _ACEOF - -- - cat >>confdefs.h <<_ACEOF - #define PACKAGE_VERSION "$PACKAGE_VERSION" - _ACEOF - -- - cat >>confdefs.h <<_ACEOF - #define PACKAGE_STRING "$PACKAGE_STRING" - _ACEOF - -- - cat >>confdefs.h <<_ACEOF - #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" - _ACEOF - -+cat >>confdefs.h <<_ACEOF -+#define PACKAGE_URL "$PACKAGE_URL" -+_ACEOF -+ - - # Let the site file select an alternate cache file if it wants to. --# Prefer explicitly selected file to automatically selected ones. -+# Prefer an explicitly selected file to automatically selected ones. -+ac_site_file1=NONE -+ac_site_file2=NONE - if test -n "$CONFIG_SITE"; then -- set x "$CONFIG_SITE" -+ # We do not want a PATH search for config.site. -+ case $CONFIG_SITE in #(( -+ -*) ac_site_file1=./$CONFIG_SITE;; -+ */*) ac_site_file1=$CONFIG_SITE;; -+ *) ac_site_file1=./$CONFIG_SITE;; -+ esac - elif test "x$prefix" != xNONE; then -- set x "$prefix/share/config.site" "$prefix/etc/config.site" -+ ac_site_file1=$prefix/share/config.site -+ ac_site_file2=$prefix/etc/config.site - else -- set x "$ac_default_prefix/share/config.site" \ -- "$ac_default_prefix/etc/config.site" -+ ac_site_file1=$ac_default_prefix/share/config.site -+ ac_site_file2=$ac_default_prefix/etc/config.site - fi --shift --for ac_site_file -+for ac_site_file in "$ac_site_file1" "$ac_site_file2" - do -- if test -r "$ac_site_file"; then -- { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 --echo "$as_me: loading site script $ac_site_file" >&6;} -+ test "x$ac_site_file" = xNONE && continue -+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -+$as_echo "$as_me: loading site script $ac_site_file" >&6;} - sed 's/^/| /' "$ac_site_file" >&5 -- . "$ac_site_file" -+ . "$ac_site_file" \ -+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "failed to load site script $ac_site_file -+See \`config.log' for more details" "$LINENO" 5 ; } - fi - done - - if test -r "$cache_file"; then -- # Some versions of bash will fail to source /dev/null (special -- # files actually), so we avoid doing that. -- if test -f "$cache_file"; then -- { echo "$as_me:$LINENO: loading cache $cache_file" >&5 --echo "$as_me: loading cache $cache_file" >&6;} -+ # Some versions of bash will fail to source /dev/null (special files -+ # actually), so we avoid doing that. DJGPP emulates it as a regular file. -+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -+$as_echo "$as_me: loading cache $cache_file" >&6;} - case $cache_file in - [\\/]* | ?:[\\/]* ) . "$cache_file";; - *) . "./$cache_file";; - esac - fi - else -- { echo "$as_me:$LINENO: creating cache $cache_file" >&5 --echo "$as_me: creating cache $cache_file" >&6;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -+$as_echo "$as_me: creating cache $cache_file" >&6;} - >$cache_file - fi - -@@ -1570,60 +1927,56 @@ - eval ac_new_val=\$ac_env_${ac_var}_value - case $ac_old_set,$ac_new_set in - set,) -- { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 --echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,set) -- { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 --echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,);; - *) - if test "x$ac_old_val" != "x$ac_new_val"; then -- { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 --echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} -- { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 --echo "$as_me: former value: $ac_old_val" >&2;} -- { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 --echo "$as_me: current value: $ac_new_val" >&2;} -- ac_cache_corrupted=: -+ # differences in whitespace do not lead to failure. -+ ac_old_val_w=`echo x $ac_old_val` -+ ac_new_val_w=`echo x $ac_new_val` -+ if test "$ac_old_val_w" != "$ac_new_val_w"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} -+ ac_cache_corrupted=: -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} -+ eval $ac_var=\$ac_old_val -+ fi -+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} - fi;; - esac - # Pass precious variables to config.status. - if test "$ac_new_set" = set; then - case $ac_new_val in -- *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; -+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; - *) ac_arg=$ac_var=$ac_new_val ;; - esac - case " $ac_configure_args " in - *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. -- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; -+ *) as_fn_append ac_configure_args " '$ac_arg'" ;; - esac - fi - done - if $ac_cache_corrupted; then -- { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 --echo "$as_me: error: changes in the environment can compromise the build" >&2;} -- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 --echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} -- { (exit 1); exit 1; }; } --fi -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} -+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 -+fi -+## -------------------- ## -+## Main body of script. ## -+## -------------------- ## - - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' -@@ -1635,6 +1988,9 @@ - - - -+eap_tnc_cflags= -+eap_tnc_ldflags=-lnaaeap -+ - if test x$with_rlm_eap_tnc != xno; then - - ac_ext=c -@@ -1645,10 +2001,10 @@ - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. - set dummy ${ac_tool_prefix}gcc; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -@@ -1658,25 +2014,25 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - fi - fi - CC=$ac_cv_prog_CC - if test -n "$CC"; then -- { echo "$as_me:$LINENO: result: $CC" >&5 --echo "${ECHO_T}$CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -+$as_echo "$CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - -@@ -1685,10 +2041,10 @@ - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. - set dummy gcc; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_ac_ct_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -@@ -1698,25 +2054,25 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="gcc" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - fi - fi - ac_ct_CC=$ac_cv_prog_ac_ct_CC - if test -n "$ac_ct_CC"; then -- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 --echo "${ECHO_T}$ac_ct_CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -+$as_echo "$ac_ct_CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - if test "x$ac_ct_CC" = x; then -@@ -1724,12 +2080,8 @@ - else - case $cross_compiling:$ac_tool_warned in - yes:) --{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools --whose name does not start with the host triplet. If you think this --configuration is useful to you, please write to autoconf@gnu.org." >&5 --echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools --whose name does not start with the host triplet. If you think this --configuration is useful to you, please write to autoconf@gnu.org." >&2;} -+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} - ac_tool_warned=yes ;; - esac - CC=$ac_ct_CC -@@ -1742,10 +2094,10 @@ - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. - set dummy ${ac_tool_prefix}cc; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -@@ -1755,25 +2107,25 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}cc" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - fi - fi - CC=$ac_cv_prog_CC - if test -n "$CC"; then -- { echo "$as_me:$LINENO: result: $CC" >&5 --echo "${ECHO_T}$CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -+$as_echo "$CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - -@@ -1782,10 +2134,10 @@ - if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. - set dummy cc; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -@@ -1796,18 +2148,18 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - if test $ac_prog_rejected = yes; then -@@ -1826,11 +2178,11 @@ - fi - CC=$ac_cv_prog_CC - if test -n "$CC"; then -- { echo "$as_me:$LINENO: result: $CC" >&5 --echo "${ECHO_T}$CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -+$as_echo "$CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - -@@ -1841,10 +2193,10 @@ - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. - set dummy $ac_tool_prefix$ac_prog; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -@@ -1854,25 +2206,25 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - fi - fi - CC=$ac_cv_prog_CC - if test -n "$CC"; then -- { echo "$as_me:$LINENO: result: $CC" >&5 --echo "${ECHO_T}$CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -+$as_echo "$CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - -@@ -1885,10 +2237,10 @@ - do - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 --{ echo "$as_me:$LINENO: checking for $ac_word" >&5 --echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } --if test "${ac_cv_prog_ac_ct_CC+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -@@ -1898,25 +2250,25 @@ - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -+ for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="$ac_prog" -- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi - done --done -+ done - IFS=$as_save_IFS - - fi - fi - ac_ct_CC=$ac_cv_prog_ac_ct_CC - if test -n "$ac_ct_CC"; then -- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 --echo "${ECHO_T}$ac_ct_CC" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -+$as_echo "$ac_ct_CC" >&6; } - else -- { echo "$as_me:$LINENO: result: no" >&5 --echo "${ECHO_T}no" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } - fi - - -@@ -1928,12 +2280,8 @@ - else - case $cross_compiling:$ac_tool_warned in - yes:) --{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools --whose name does not start with the host triplet. If you think this --configuration is useful to you, please write to autoconf@gnu.org." >&5 --echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools --whose name does not start with the host triplet. If you think this --configuration is useful to you, please write to autoconf@gnu.org." >&2;} -+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} - ac_tool_warned=yes ;; - esac - CC=$ac_ct_CC -@@ -1943,51 +2291,37 @@ - fi - - --test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH --See \`config.log' for more details." >&5 --echo "$as_me: error: no acceptable C compiler found in \$PATH --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "no acceptable C compiler found in \$PATH -+See \`config.log' for more details" "$LINENO" 5 ; } - - # Provide some information about the compiler. --echo "$as_me:$LINENO: checking for C compiler version" >&5 --ac_compiler=`set X $ac_compile; echo $2` --{ (ac_try="$ac_compiler --version >&5" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compiler --version >&5") 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } --{ (ac_try="$ac_compiler -v >&5" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compiler -v >&5") 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } --{ (ac_try="$ac_compiler -V >&5" -+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -+set X $ac_compile -+ac_compiler=$2 -+for ac_option in --version -v -V -qversion; do -+ { { ac_try="$ac_compiler $ac_option >&5" - case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; - esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compiler -V >&5") 2>&5 -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } -+ if test -s conftest.err; then -+ sed '10a\ -+... rest of stderr output deleted ... -+ 10q' conftest.err >conftest.er1 -+ cat conftest.er1 >&5 -+ fi -+ rm -f conftest.er1 conftest.err -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } -+done - --cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -1999,42 +2333,38 @@ - } - _ACEOF - ac_clean_files_save=$ac_clean_files --ac_clean_files="$ac_clean_files a.out a.exe b.out" -+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" - # Try to create an executable without -o first, disregard a.out. - # It will help us diagnose broken compilers, and finding out an intuition - # of exeext. --{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 --echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } --ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` --# --# List of possible output files, starting from the most likely. --# The algorithm is not robust to junk in `.', hence go to wildcards (a.*) --# only as a last resort. b.out is created by i960 compilers. --ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' --# --# The IRIX 6 linker writes into existing files which may not be --# executable, retaining their permissions. Remove them first so a --# subsequent execution test works. -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -+$as_echo_n "checking whether the C compiler works... " >&6; } -+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` -+ -+# The possible output files: -+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" -+ - ac_rmfiles= - for ac_file in $ac_files - do - case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; -+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac - done - rm -f $ac_rmfiles - --if { (ac_try="$ac_link_default" -+if { { ac_try="$ac_link_default" - case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; - esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; then -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. - # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' - # in a Makefile. We should not override ac_cv_exeext if it was cached, -@@ -2044,14 +2374,14 @@ - do - test -f "$ac_file" || continue - case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) -+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) -- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; -+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - fi -@@ -2070,116 +2400,132 @@ - else - ac_file='' - fi -- --{ echo "$as_me:$LINENO: result: $ac_file" >&5 --echo "${ECHO_T}$ac_file" >&6; } --if test -z "$ac_file"; then -- echo "$as_me: failed program was:" >&5 -+if test -z "$ac_file"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+$as_echo "$as_me: failed program was:" >&5 - sed 's/^/| /' conftest.$ac_ext >&5 - --{ { echo "$as_me:$LINENO: error: C compiler cannot create executables --See \`config.log' for more details." >&5 --echo "$as_me: error: C compiler cannot create executables --See \`config.log' for more details." >&2;} -- { (exit 77); exit 77; }; } --fi -- -+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error 77 "C compiler cannot create executables -+See \`config.log' for more details" "$LINENO" 5 ; } -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; } -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -+$as_echo_n "checking for C compiler default output file name... " >&6; } -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -+$as_echo "$ac_file" >&6; } - ac_exeext=$ac_cv_exeext - -+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -+ac_clean_files=$ac_clean_files_save -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -+$as_echo_n "checking for suffix of executables... " >&6; } -+if { { ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_link") 2>&5 -+ ac_status=$? -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; then : -+ # If both `conftest.exe' and `conftest' are `present' (well, observable) -+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -+# work properly (i.e., refer to `conftest.exe'), while it won't with -+# `rm'. -+for ac_file in conftest.exe conftest conftest.*; do -+ test -f "$ac_file" || continue -+ case $ac_file in -+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; -+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` -+ break;; -+ * ) break;; -+ esac -+done -+else -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "cannot compute suffix of executables: cannot compile and link -+See \`config.log' for more details" "$LINENO" 5 ; } -+fi -+rm -f conftest conftest$ac_cv_exeext -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -+$as_echo "$ac_cv_exeext" >&6; } -+ -+rm -f conftest.$ac_ext -+EXEEXT=$ac_cv_exeext -+ac_exeext=$EXEEXT -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+int -+main () -+{ -+FILE *f = fopen ("conftest.out", "w"); -+ return ferror (f) || fclose (f) != 0; -+ -+ ; -+ return 0; -+} -+_ACEOF -+ac_clean_files="$ac_clean_files conftest.out" - # Check that the compiler produces executables we can run. If not, either - # the compiler is broken, or we cross compile. --{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5 --echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } --# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 --# If not cross compiling, check that we can run a simple program. -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -+$as_echo_n "checking whether we are cross compiling... " >&6; } - if test "$cross_compiling" != yes; then -- if { ac_try='./$ac_file' -- { (case "(($ac_try" in -+ { { ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_link") 2>&5 -+ ac_status=$? -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } -+ if { ac_try='./conftest$ac_cv_exeext' -+ { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; - esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else -- { { echo "$as_me:$LINENO: error: cannot run C compiled programs. --If you meant to cross compile, use \`--host'. --See \`config.log' for more details." >&5 --echo "$as_me: error: cannot run C compiled programs. -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "cannot run C compiled programs. - If you meant to cross compile, use \`--host'. --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details" "$LINENO" 5 ; } - fi - fi - fi --{ echo "$as_me:$LINENO: result: yes" >&5 --echo "${ECHO_T}yes" >&6; } -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -+$as_echo "$cross_compiling" >&6; } - --rm -f a.out a.exe conftest$ac_cv_exeext b.out -+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out - ac_clean_files=$ac_clean_files_save --# Check that the compiler produces executables we can run. If not, either --# the compiler is broken, or we cross compile. --{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 --echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } --{ echo "$as_me:$LINENO: result: $cross_compiling" >&5 --echo "${ECHO_T}$cross_compiling" >&6; } -- --{ echo "$as_me:$LINENO: checking for suffix of executables" >&5 --echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } --if { (ac_try="$ac_link" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_link") 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; then -- # If both `conftest.exe' and `conftest' are `present' (well, observable) --# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will --# work properly (i.e., refer to `conftest.exe'), while it won't with --# `rm'. --for ac_file in conftest.exe conftest conftest.*; do -- test -f "$ac_file" || continue -- case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; -- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` -- break;; -- * ) break;; -- esac --done -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -+$as_echo_n "checking for suffix of object files... " >&6; } -+if test "${ac_cv_objext+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else -- { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link --See \`config.log' for more details." >&5 --echo "$as_me: error: cannot compute suffix of executables: cannot compile and link --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } --fi -- --rm -f conftest$ac_cv_exeext --{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 --echo "${ECHO_T}$ac_cv_exeext" >&6; } -- --rm -f conftest.$ac_ext --EXEEXT=$ac_cv_exeext --ac_exeext=$EXEEXT --{ echo "$as_me:$LINENO: checking for suffix of object files" >&5 --echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } --if test "${ac_cv_objext+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 --else -- cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -2191,51 +2537,46 @@ - } - _ACEOF - rm -f conftest.o conftest.obj --if { (ac_try="$ac_compile" -+if { { ac_try="$ac_compile" - case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; - esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; then -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in -- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; -+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac - done - else -- echo "$as_me: failed program was:" >&5 -+ $as_echo "$as_me: failed program was:" >&5 - sed 's/^/| /' conftest.$ac_ext >&5 - --{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile --See \`config.log' for more details." >&5 --echo "$as_me: error: cannot compute suffix of object files: cannot compile --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "cannot compute suffix of object files: cannot compile -+See \`config.log' for more details" "$LINENO" 5 ; } - fi -- - rm -f conftest.$ac_cv_objext conftest.$ac_ext - fi --{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 --echo "${ECHO_T}$ac_cv_objext" >&6; } -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -+$as_echo "$ac_cv_objext" >&6; } - OBJEXT=$ac_cv_objext - ac_objext=$OBJEXT --{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 --echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } --if test "${ac_cv_c_compiler_gnu+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -+if test "${ac_cv_c_compiler_gnu+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else -- cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -2249,54 +2590,34 @@ - return 0; - } - _ACEOF --rm -f conftest.$ac_objext --if { (ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compile") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then -+if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes - else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- ac_compiler_gnu=no -+ ac_compiler_gnu=no - fi -- - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_c_compiler_gnu=$ac_compiler_gnu - - fi --{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 --echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } --GCC=`test $ac_compiler_gnu = yes && echo yes` -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -+$as_echo "$ac_cv_c_compiler_gnu" >&6; } -+if test $ac_compiler_gnu = yes; then -+ GCC=yes -+else -+ GCC= -+fi - ac_test_CFLAGS=${CFLAGS+set} - ac_save_CFLAGS=$CFLAGS --{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 --echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } --if test "${ac_cv_prog_cc_g+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -+$as_echo_n "checking whether $CC accepts -g... " >&6; } -+if test "${ac_cv_prog_cc_g+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" -- cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -2307,34 +2628,11 @@ - return 0; - } - _ACEOF --rm -f conftest.$ac_objext --if { (ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compile") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then -+if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes - else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- CFLAGS="" -- cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+ CFLAGS="" -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -2345,35 +2643,12 @@ - return 0; - } - _ACEOF --rm -f conftest.$ac_objext --if { (ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compile") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then -- : --else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -+if ac_fn_c_try_compile "$LINENO"; then : - -- ac_c_werror_flag=$ac_save_c_werror_flag -+else -+ ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" -- cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - - int -@@ -2384,42 +2659,18 @@ - return 0; - } - _ACEOF --rm -f conftest.$ac_objext --if { (ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compile") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then -+if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes --else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- - fi -- - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi -- - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi -- - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag - fi --{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 --echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -+$as_echo "$ac_cv_prog_cc_g" >&6; } - if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS - elif test $ac_cv_prog_cc_g = yes; then -@@ -2435,18 +2686,14 @@ - CFLAGS= - fi - fi --{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 --echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } --if test "${ac_cv_prog_cc_c89+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -+if test "${ac_cv_prog_cc_c89+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - ac_cv_prog_cc_c89=no - ac_save_CC=$CC --cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ --_ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - #include - #include -@@ -2503,31 +2750,9 @@ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" - do - CC="$ac_save_CC $ac_arg" -- rm -f conftest.$ac_objext --if { (ac_try="$ac_compile" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_compile") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest.$ac_objext; then -+ if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg --else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -- -- - fi -- - rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break - done -@@ -2538,17 +2763,19 @@ - # AC_CACHE_VAL - case "x$ac_cv_prog_cc_c89" in - x) -- { echo "$as_me:$LINENO: result: none needed" >&5 --echo "${ECHO_T}none needed" >&6; } ;; -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -+$as_echo "none needed" >&6; } ;; - xno) -- { echo "$as_me:$LINENO: result: unsupported" >&5 --echo "${ECHO_T}unsupported" >&6; } ;; -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -+$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" -- { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 --echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; - esac -+if test "x$ac_cv_prog_cc_c89" != xno; then : - -+fi - - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' -@@ -2557,81 +2784,474 @@ - ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -- --{ echo "$as_me:$LINENO: checking for exchangeTNCCSMessages in -lTNCS" >&5 --echo $ECHO_N "checking for exchangeTNCCSMessages in -lTNCS... $ECHO_C" >&6; } --if test "${ac_cv_lib_TNCS_exchangeTNCCSMessages+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for processEAPTNCData in -lnaaeap" >&5 -+$as_echo_n "checking for processEAPTNCData in -lnaaeap... " >&6; } -+if test "${ac_cv_lib_naaeap_processEAPTNCData+set}" = set; then : -+ $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lTNCS $LIBS" --cat >conftest.$ac_ext <<_ACEOF --/* confdefs.h. */ -+LIBS="-lnaaeap $LIBS" -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char processEAPTNCData (); -+int -+main () -+{ -+return processEAPTNCData (); -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ ac_cv_lib_naaeap_processEAPTNCData=yes -+else -+ ac_cv_lib_naaeap_processEAPTNCData=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+LIBS=$ac_check_lib_save_LIBS -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_naaeap_processEAPTNCData" >&5 -+$as_echo "$ac_cv_lib_naaeap_processEAPTNCData" >&6; } -+if test "x$ac_cv_lib_naaeap_processEAPTNCData" = x""yes; then : -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_LIBNAAEAP 1 -+_ACEOF -+ -+ LIBS="-lnaaeap $LIBS" -+ -+else -+ fail="$fail -lnaaeap" -+fi -+ -+ if test -x"$ac_cv_lib_NAAEAP_processEAPTNCData" == -x"no"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the NAAEAP library was not found!" >&5 -+$as_echo "$as_me: WARNING: the NAAEAP library was not found!" >&2;} -+ fail="$fail -lNAAEAP" -+ fi -+ -+ ac_ext=c -+ac_cpp='$CPP $CPPFLAGS' -+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_compiler_gnu=$ac_cv_c_compiler_gnu -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -+$as_echo_n "checking how to run the C preprocessor... " >&6; } -+# On Suns, sometimes $CPP names a directory. -+if test -n "$CPP" && test -d "$CPP"; then -+ CPP= -+fi -+if test -z "$CPP"; then -+ if test "${ac_cv_prog_CPP+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ # Double quotes because CPP needs to be expanded -+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" -+ do -+ ac_preproc_ok=false -+for ac_c_preproc_warn_flag in '' yes -+do -+ # Use a header file that comes with gcc, so configuring glibc -+ # with a fresh cross-compiler works. -+ # Prefer to if __STDC__ is defined, since -+ # exists even on freestanding compilers. -+ # On the NeXT, cc -E runs the code through the compiler's parser, -+ # not just through cpp. "Syntax error" is here to catch this case. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#ifdef __STDC__ -+# include -+#else -+# include -+#endif -+ Syntax error -+_ACEOF -+if ac_fn_c_try_cpp "$LINENO"; then : -+ -+else -+ # Broken: fails on valid input. -+continue -+fi -+rm -f conftest.err conftest.i conftest.$ac_ext -+ -+ # OK, works on sane cases. Now check whether nonexistent headers -+ # can be detected and how. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+_ACEOF -+if ac_fn_c_try_cpp "$LINENO"; then : -+ # Broken: success on invalid input. -+continue -+else -+ # Passes both tests. -+ac_preproc_ok=: -+break -+fi -+rm -f conftest.err conftest.i conftest.$ac_ext -+ -+done -+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -+rm -f conftest.i conftest.err conftest.$ac_ext -+if $ac_preproc_ok; then : -+ break -+fi -+ -+ done -+ ac_cv_prog_CPP=$CPP -+ -+fi -+ CPP=$ac_cv_prog_CPP -+else -+ ac_cv_prog_CPP=$CPP -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -+$as_echo "$CPP" >&6; } -+ac_preproc_ok=false -+for ac_c_preproc_warn_flag in '' yes -+do -+ # Use a header file that comes with gcc, so configuring glibc -+ # with a fresh cross-compiler works. -+ # Prefer to if __STDC__ is defined, since -+ # exists even on freestanding compilers. -+ # On the NeXT, cc -E runs the code through the compiler's parser, -+ # not just through cpp. "Syntax error" is here to catch this case. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#ifdef __STDC__ -+# include -+#else -+# include -+#endif -+ Syntax error -+_ACEOF -+if ac_fn_c_try_cpp "$LINENO"; then : -+ -+else -+ # Broken: fails on valid input. -+continue -+fi -+rm -f conftest.err conftest.i conftest.$ac_ext -+ -+ # OK, works on sane cases. Now check whether nonexistent headers -+ # can be detected and how. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+_ACEOF -+if ac_fn_c_try_cpp "$LINENO"; then : -+ # Broken: success on invalid input. -+continue -+else -+ # Passes both tests. -+ac_preproc_ok=: -+break -+fi -+rm -f conftest.err conftest.i conftest.$ac_ext -+ -+done -+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -+rm -f conftest.i conftest.err conftest.$ac_ext -+if $ac_preproc_ok; then : -+ -+else -+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -+See \`config.log' for more details" "$LINENO" 5 ; } -+fi -+ -+ac_ext=c -+ac_cpp='$CPP $CPPFLAGS' -+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -+ac_compiler_gnu=$ac_cv_c_compiler_gnu -+ -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -+$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -+if test "${ac_cv_path_GREP+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ if test -z "$GREP"; then -+ ac_path_GREP_found=false -+ # Loop through the user's path and test for each of PROGNAME-LIST -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for ac_prog in grep ggrep; do -+ for ac_exec_ext in '' $ac_executable_extensions; do -+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" -+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue -+# Check for GNU ac_path_GREP and select it if it is found. -+ # Check for GNU $ac_path_GREP -+case `"$ac_path_GREP" --version 2>&1` in -+*GNU*) -+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -+*) -+ ac_count=0 -+ $as_echo_n 0123456789 >"conftest.in" -+ while : -+ do -+ cat "conftest.in" "conftest.in" >"conftest.tmp" -+ mv "conftest.tmp" "conftest.in" -+ cp "conftest.in" "conftest.nl" -+ $as_echo 'GREP' >> "conftest.nl" -+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break -+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break -+ as_fn_arith $ac_count + 1 && ac_count=$as_val -+ if test $ac_count -gt ${ac_path_GREP_max-0}; then -+ # Best one so far, save it but keep looking for a better one -+ ac_cv_path_GREP="$ac_path_GREP" -+ ac_path_GREP_max=$ac_count -+ fi -+ # 10*(2^10) chars as input seems more than enough -+ test $ac_count -gt 10 && break -+ done -+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -+esac -+ -+ $ac_path_GREP_found && break 3 -+ done -+ done -+ done -+IFS=$as_save_IFS -+ if test -z "$ac_cv_path_GREP"; then -+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 -+ fi -+else -+ ac_cv_path_GREP=$GREP -+fi -+ -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -+$as_echo "$ac_cv_path_GREP" >&6; } -+ GREP="$ac_cv_path_GREP" -+ -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -+$as_echo_n "checking for egrep... " >&6; } -+if test "${ac_cv_path_EGREP+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 -+ then ac_cv_path_EGREP="$GREP -E" -+ else -+ if test -z "$EGREP"; then -+ ac_path_EGREP_found=false -+ # Loop through the user's path and test for each of PROGNAME-LIST -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for ac_prog in egrep; do -+ for ac_exec_ext in '' $ac_executable_extensions; do -+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" -+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue -+# Check for GNU ac_path_EGREP and select it if it is found. -+ # Check for GNU $ac_path_EGREP -+case `"$ac_path_EGREP" --version 2>&1` in -+*GNU*) -+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -+*) -+ ac_count=0 -+ $as_echo_n 0123456789 >"conftest.in" -+ while : -+ do -+ cat "conftest.in" "conftest.in" >"conftest.tmp" -+ mv "conftest.tmp" "conftest.in" -+ cp "conftest.in" "conftest.nl" -+ $as_echo 'EGREP' >> "conftest.nl" -+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break -+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break -+ as_fn_arith $ac_count + 1 && ac_count=$as_val -+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then -+ # Best one so far, save it but keep looking for a better one -+ ac_cv_path_EGREP="$ac_path_EGREP" -+ ac_path_EGREP_max=$ac_count -+ fi -+ # 10*(2^10) chars as input seems more than enough -+ test $ac_count -gt 10 && break -+ done -+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -+esac -+ -+ $ac_path_EGREP_found && break 3 -+ done -+ done -+ done -+IFS=$as_save_IFS -+ if test -z "$ac_cv_path_EGREP"; then -+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 -+ fi -+else -+ ac_cv_path_EGREP=$EGREP -+fi -+ -+ fi -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -+$as_echo "$ac_cv_path_EGREP" >&6; } -+ EGREP="$ac_cv_path_EGREP" -+ -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -+$as_echo_n "checking for ANSI C header files... " >&6; } -+if test "${ac_cv_header_stdc+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+#include -+#include -+#include -+ -+int -+main () -+{ -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ ac_cv_header_stdc=yes -+else -+ ac_cv_header_stdc=no -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+ -+if test $ac_cv_header_stdc = yes; then -+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+ - _ACEOF --cat confdefs.h >>conftest.$ac_ext --cat >>conftest.$ac_ext <<_ACEOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ $EGREP "memchr" >/dev/null 2>&1; then : -+ -+else -+ ac_cv_header_stdc=no -+fi -+rm -f conftest* -+ -+fi -+ -+if test $ac_cv_header_stdc = yes; then -+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+ -+_ACEOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ $EGREP "free" >/dev/null 2>&1; then : -+ -+else -+ ac_cv_header_stdc=no -+fi -+rm -f conftest* -+ -+fi -+ -+if test $ac_cv_header_stdc = yes; then -+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. -+ if test "$cross_compiling" = yes; then : -+ : -+else -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ -- --/* Override any GCC internal prototype to avoid an error. -- Use char because int might match the return type of a GCC -- builtin and then its argument prototype would still apply. */ --#ifdef __cplusplus --extern "C" -+#include -+#include -+#if ((' ' & 0x0FF) == 0x020) -+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -+#else -+# define ISLOWER(c) \ -+ (('a' <= (c) && (c) <= 'i') \ -+ || ('j' <= (c) && (c) <= 'r') \ -+ || ('s' <= (c) && (c) <= 'z')) -+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) - #endif --char exchangeTNCCSMessages (); -+ -+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) - int - main () - { --return exchangeTNCCSMessages (); -- ; -+ int i; -+ for (i = 0; i < 256; i++) -+ if (XOR (islower (i), ISLOWER (i)) -+ || toupper (i) != TOUPPER (i)) -+ return 2; - return 0; - } - _ACEOF --rm -f conftest.$ac_objext conftest$ac_exeext --if { (ac_try="$ac_link" --case "(($ac_try" in -- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -- *) ac_try_echo=$ac_try;; --esac --eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -- (eval "$ac_link") 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { -- test -z "$ac_c_werror_flag" || -- test ! -s conftest.err -- } && test -s conftest$ac_exeext && -- $as_test_x conftest$ac_exeext; then -- ac_cv_lib_TNCS_exchangeTNCCSMessages=yes -+if ac_fn_c_try_run "$LINENO"; then : -+ - else -- echo "$as_me: failed program was:" >&5 --sed 's/^/| /' conftest.$ac_ext >&5 -+ ac_cv_header_stdc=no -+fi -+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ -+ conftest.$ac_objext conftest.beam conftest.$ac_ext -+fi - -- ac_cv_lib_TNCS_exchangeTNCCSMessages=no - fi -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -+$as_echo "$ac_cv_header_stdc" >&6; } -+if test $ac_cv_header_stdc = yes; then -+ -+$as_echo "#define STDC_HEADERS 1" >>confdefs.h - --rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ -- conftest$ac_exeext conftest.$ac_ext --LIBS=$ac_check_lib_save_LIBS - fi --{ echo "$as_me:$LINENO: result: $ac_cv_lib_TNCS_exchangeTNCCSMessages" >&5 --echo "${ECHO_T}$ac_cv_lib_TNCS_exchangeTNCCSMessages" >&6; } --if test $ac_cv_lib_TNCS_exchangeTNCCSMessages = yes; then -+ -+# On IRIX 5.3, sys/types and inttypes.h are conflicting. -+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ -+ inttypes.h stdint.h unistd.h -+do : -+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -+" -+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF --#define HAVE_LIBTNCS 1 -+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 - _ACEOF - -- LIBS="-lTNCS $LIBS" -+fi -+ -+done -+ -+ -+for ac_header in naaeap/naaeap.h -+do : -+ ac_fn_c_check_header_mongrel "$LINENO" "naaeap/naaeap.h" "ac_cv_header_naaeap_naaeap_h" "$ac_includes_default" -+if test "x$ac_cv_header_naaeap_naaeap_h" = x""yes; then : -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_NAAEAP_NAAEAP_H 1 -+_ACEOF - -+else -+ fail="$fail -Inaaeap.h" - fi - -- if test "x$ac_cv_lib_tncs_exchangetnccsmessages" != xyes; then -- { echo "$as_me:$LINENO: WARNING: the TNCS library isn't found!" >&5 --echo "$as_me: WARNING: the TNCS library isn't found!" >&2;} -- fail="$fail -lTNCS" -+done -+ -+ if test -x"$ac_cv_header_naaeap_h" == -x"no"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the naaeap header was not found!" >&5 -+$as_echo "$as_me: WARNING: the naaeap header was not found!" >&2;} -+ fail="$fail -Inaaeap.h" - fi - - targetname=rlm_eap_tnc -@@ -2642,14 +3262,12 @@ - - if test x"$fail" != x""; then - if test x"${enable_strict_dependencies}" = x"yes"; then -- { { echo "$as_me:$LINENO: error: set --without-rlm_eap_tnc to disable it explicitly." >&5 --echo "$as_me: error: set --without-rlm_eap_tnc to disable it explicitly." >&2;} -- { (exit 1); exit 1; }; } -+ as_fn_error $? "set --without-rlm_eap_tnc to disable it explicitly." "$LINENO" 5 - else -- { echo "$as_me:$LINENO: WARNING: silently not building rlm_eap_tnc." >&5 --echo "$as_me: WARNING: silently not building rlm_eap_tnc." >&2;} -- { echo "$as_me:$LINENO: WARNING: FAILURE: rlm_eap_tnc requires: $fail." >&5 --echo "$as_me: WARNING: FAILURE: rlm_eap_tnc requires: $fail." >&2;}; -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_tnc." >&5 -+$as_echo "$as_me: WARNING: silently not building rlm_eap_tnc." >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_tnc requires: $fail." >&5 -+$as_echo "$as_me: WARNING: FAILURE: rlm_eap_tnc requires: $fail." >&2;}; - targetname="" - fi - fi -@@ -2658,11 +3276,7 @@ - - - -- -- unset ac_cv_env_LIBS_set -- unset ac_cv_env_LIBS_value -- -- ac_config_files="$ac_config_files Makefile" -+ac_config_files="$ac_config_files Makefile" - - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure -@@ -2691,12 +3305,13 @@ - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( -- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 --echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; -+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( -- *) $as_unset $ac_var ;; -+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( -+ *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done -@@ -2704,8 +3319,8 @@ - (set) 2>&1 | - case $as_nl`(ac_space=' '; set) 2>&1` in #( - *${as_nl}ac_space=\ *) -- # `set' does not quote correctly, so add quotes (double-quote -- # substitution turns \\\\ into \\, and sed turns \\ into \). -+ # `set' does not quote correctly, so add quotes: double-quote -+ # substitution turns \\\\ into \\, and sed turns \\ into \. - sed -n \ - "s/'/'\\\\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" -@@ -2728,12 +3343,12 @@ - if diff "$cache_file" confcache >/dev/null 2>&1; then :; else - if test -w "$cache_file"; then - test "x$cache_file" != "x/dev/null" && -- { echo "$as_me:$LINENO: updating cache $cache_file" >&5 --echo "$as_me: updating cache $cache_file" >&6;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -+$as_echo "$as_me: updating cache $cache_file" >&6;} - cat confcache >$cache_file - else -- { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 --echo "$as_me: not updating unwritable cache $cache_file" >&6;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} - fi - fi - rm -f confcache -@@ -2750,6 +3365,12 @@ - # take arguments), then branch to the quote section. Otherwise, - # look for a macro that doesn't take arguments. - ac_script=' -+:mline -+/\\$/{ -+ N -+ s,\\\n,, -+ b mline -+} - t clear - :clear - s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g -@@ -2776,14 +3397,15 @@ - - ac_libobjs= - ac_ltlibobjs= -+U= - for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue - # 1. Remove the extension, and $U if already installed. - ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' -- ac_i=`echo "$ac_i" | sed "$ac_script"` -+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. -- ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" -- ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' -+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" -+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' - done - LIBOBJS=$ac_libobjs - -@@ -2792,11 +3414,13 @@ - - - : ${CONFIG_STATUS=./config.status} -+ac_write_fail=0 - ac_clean_files_save=$ac_clean_files - ac_clean_files="$ac_clean_files $CONFIG_STATUS" --{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 --echo "$as_me: creating $CONFIG_STATUS" >&6;} --cat >$CONFIG_STATUS <<_ACEOF -+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} -+as_write_fail=0 -+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 - #! $SHELL - # Generated by $as_me. - # Run this file to recreate the current configuration. -@@ -2806,59 +3430,79 @@ - debug=false - ac_cs_recheck=false - ac_cs_silent=false --SHELL=\${CONFIG_SHELL-$SHELL} --_ACEOF - --cat >>$CONFIG_STATUS <<\_ACEOF --## --------------------- ## --## M4sh Initialization. ## --## --------------------- ## -+SHELL=\${CONFIG_SHELL-$SHELL} -+export SHELL -+_ASEOF -+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 -+## -------------------- ## -+## M4sh Initialization. ## -+## -------------------- ## - - # Be more Bourne compatible - DUALCASE=1; export DUALCASE # for MKS sh --if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: -- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST - else -- case `(set -o) 2>/dev/null` in -- *posix*) set -o posix ;; -+ case `(set -o) 2>/dev/null` in #( -+ *posix*) : -+ set -o posix ;; #( -+ *) : -+ ;; - esac -- - fi - - -- -- --# PATH needs CR --# Avoid depending upon Character Ranges. --as_cr_letters='abcdefghijklmnopqrstuvwxyz' --as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' --as_cr_Letters=$as_cr_letters$as_cr_LETTERS --as_cr_digits='0123456789' --as_cr_alnum=$as_cr_Letters$as_cr_digits -- --# The user is always right. --if test "${PATH_SEPARATOR+set}" != set; then -- echo "#! /bin/sh" >conf$$.sh -- echo "exit 0" >>conf$$.sh -- chmod +x conf$$.sh -- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then -- PATH_SEPARATOR=';' -+as_nl=' -+' -+export as_nl -+# Printing a long string crashes Solaris 7 /usr/bin/printf. -+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -+# Prefer a ksh shell builtin over an external printf program on Solaris, -+# but without wasting forks for bash or zsh. -+if test -z "$BASH_VERSION$ZSH_VERSION" \ -+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then -+ as_echo='print -r --' -+ as_echo_n='print -rn --' -+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then -+ as_echo='printf %s\n' -+ as_echo_n='printf %s' -+else -+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then -+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' -+ as_echo_n='/usr/ucb/echo -n' - else -- PATH_SEPARATOR=: -+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"' -+ as_echo_n_body='eval -+ arg=$1; -+ case $arg in #( -+ *"$as_nl"*) -+ expr "X$arg" : "X\\(.*\\)$as_nl"; -+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; -+ esac; -+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" -+ ' -+ export as_echo_n_body -+ as_echo_n='sh -c $as_echo_n_body as_echo' - fi -- rm -f conf$$.sh -+ export as_echo_body -+ as_echo='sh -c $as_echo_body as_echo' - fi - --# Support unset when possible. --if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then -- as_unset=unset --else -- as_unset=false -+# The user is always right. -+if test "${PATH_SEPARATOR+set}" != set; then -+ PATH_SEPARATOR=: -+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { -+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || -+ PATH_SEPARATOR=';' -+ } - fi - - -@@ -2867,20 +3511,18 @@ - # there to prevent editors from complaining about space-tab. - # (If _AS_PATH_WALK were called with IFS unset, it would disable word - # splitting by setting IFS to empty value.) --as_nl=' --' - IFS=" "" $as_nl" - - # Find who we are. Look in the path if we contain no directory separator. --case $0 in -+case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR - for as_dir in $PATH - do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. -- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break --done -+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -+ done - IFS=$as_save_IFS - - ;; -@@ -2891,32 +3533,111 @@ - as_myself=$0 - fi - if test ! -f "$as_myself"; then -- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -- { (exit 1); exit 1; } -+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 -+ exit 1 - fi - --# Work around bugs in pre-3.0 UWIN ksh. --for as_var in ENV MAIL MAILPATH --do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -+# Unset variables that we do not need and which cause bugs (e.g. in -+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -+# suppresses any "Segmentation fault" message there. '((' could -+# trigger a bug in pdksh 5.2.14. -+for as_var in BASH_ENV ENV MAIL MAILPATH -+do eval test x\${$as_var+set} = xset \ -+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : - done - PS1='$ ' - PS2='> ' - PS4='+ ' - - # NLS nuisances. --for as_var in \ -- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ -- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ -- LC_TELEPHONE LC_TIME --do -- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then -- eval $as_var=C; export $as_var -- else -- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -+LC_ALL=C -+export LC_ALL -+LANGUAGE=C -+export LANGUAGE -+ -+# CDPATH. -+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH -+ -+ -+# as_fn_error STATUS ERROR [LINENO LOG_FD] -+# ---------------------------------------- -+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -+# script with STATUS, using 1 if that was 0. -+as_fn_error () -+{ -+ as_status=$1; test $as_status -eq 0 && as_status=1 -+ if test "$4"; then -+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi --done -+ $as_echo "$as_me: error: $2" >&2 -+ as_fn_exit $as_status -+} # as_fn_error -+ -+ -+# as_fn_set_status STATUS -+# ----------------------- -+# Set $? to STATUS, without forking. -+as_fn_set_status () -+{ -+ return $1 -+} # as_fn_set_status -+ -+# as_fn_exit STATUS -+# ----------------- -+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -+as_fn_exit () -+{ -+ set +e -+ as_fn_set_status $1 -+ exit $1 -+} # as_fn_exit -+ -+# as_fn_unset VAR -+# --------------- -+# Portably unset VAR. -+as_fn_unset () -+{ -+ { eval $1=; unset $1;} -+} -+as_unset=as_fn_unset -+# as_fn_append VAR VALUE -+# ---------------------- -+# Append the text in VALUE to the end of the definition contained in VAR. Take -+# advantage of any shell optimizations that allow amortized linear growth over -+# repeated appends, instead of the typical quadratic growth present in naive -+# implementations. -+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : -+ eval 'as_fn_append () -+ { -+ eval $1+=\$2 -+ }' -+else -+ as_fn_append () -+ { -+ eval $1=\$$1\$2 -+ } -+fi # as_fn_append -+ -+# as_fn_arith ARG... -+# ------------------ -+# Perform arithmetic evaluation on the ARGs, and store the result in the -+# global $as_val. Take advantage of shells that can avoid forks. The arguments -+# must be portable across $(()) and expr. -+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : -+ eval 'as_fn_arith () -+ { -+ as_val=$(( $* )) -+ }' -+else -+ as_fn_arith () -+ { -+ as_val=`expr "$@" || test $? -eq 1` -+ } -+fi # as_fn_arith -+ - --# Required to use basename. - if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -@@ -2930,13 +3651,17 @@ - as_basename=false - fi - -+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -+ as_dirname=dirname -+else -+ as_dirname=false -+fi - --# Name of the executable. - as_me=`$as_basename -- "$0" || - $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || --echo X/"$0" | -+$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q -@@ -2951,104 +3676,103 @@ - } - s/.*/./; q'` - --# CDPATH. --$as_unset CDPATH -- -- -- -- as_lineno_1=$LINENO -- as_lineno_2=$LINENO -- test "x$as_lineno_1" != "x$as_lineno_2" && -- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { -- -- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO -- # uniformly replaced by the line number. The first 'sed' inserts a -- # line-number line after each line using $LINENO; the second 'sed' -- # does the real work. The second script uses 'N' to pair each -- # line-number line with the line containing $LINENO, and appends -- # trailing '-' during substitution so that $LINENO is not a special -- # case at line end. -- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the -- # scripts with optimization help from Paolo Bonzini. Blame Lee -- # E. McMahon (1931-1989) for sed's syntax. :-) -- sed -n ' -- p -- /[$]LINENO/= -- ' <$as_myself | -- sed ' -- s/[$]LINENO.*/&-/ -- t lineno -- b -- :lineno -- N -- :loop -- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ -- t loop -- s/-\n.*// -- ' >$as_me.lineno && -- chmod +x "$as_me.lineno" || -- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 -- { (exit 1); exit 1; }; } -- -- # Don't try to exec as it changes $[0], causing all sort of problems -- # (the dirname of $[0] is not the place where we might find the -- # original and so on. Autoconf is especially sensitive to this). -- . "./$as_me.lineno" -- # Exit status is that of the last command. -- exit --} -- -- --if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then -- as_dirname=dirname --else -- as_dirname=false --fi -+# Avoid depending upon Character Ranges. -+as_cr_letters='abcdefghijklmnopqrstuvwxyz' -+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -+as_cr_Letters=$as_cr_letters$as_cr_LETTERS -+as_cr_digits='0123456789' -+as_cr_alnum=$as_cr_Letters$as_cr_digits - - ECHO_C= ECHO_N= ECHO_T= --case `echo -n x` in -+case `echo -n x` in #((((( - -n*) -- case `echo 'x\c'` in -+ case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. -- *) ECHO_C='\c';; -+ xy) ECHO_C='\c';; -+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null -+ ECHO_T=' ';; - esac;; - *) - ECHO_N='-n';; - esac - --if expr a : '\(a\)' >/dev/null 2>&1 && -- test "X`expr 00001 : '.*\(...\)'`" = X001; then -- as_expr=expr --else -- as_expr=false --fi -- - rm -f conf$$ conf$$.exe conf$$.file - if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file - else - rm -f conf$$.dir -- mkdir conf$$.dir -+ mkdir conf$$.dir 2>/dev/null - fi --echo >conf$$.file --if ln -s conf$$.file conf$$ 2>/dev/null; then -- as_ln_s='ln -s' -- # ... but there are two gotchas: -- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -- # In both cases, we have to default to `cp -p'. -- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -+if (echo >conf$$.file) 2>/dev/null; then -+ if ln -s conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s='ln -s' -+ # ... but there are two gotchas: -+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. -+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. -+ # In both cases, we have to default to `cp -p'. -+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || -+ as_ln_s='cp -p' -+ elif ln conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s=ln -+ else - as_ln_s='cp -p' --elif ln conf$$.file conf$$ 2>/dev/null; then -- as_ln_s=ln -+ fi - else - as_ln_s='cp -p' - fi - rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file - rmdir conf$$.dir 2>/dev/null - -+ -+# as_fn_mkdir_p -+# ------------- -+# Create "$as_dir" as a directory, including parents if necessary. -+as_fn_mkdir_p () -+{ -+ -+ case $as_dir in #( -+ -*) as_dir=./$as_dir;; -+ esac -+ test -d "$as_dir" || eval $as_mkdir_p || { -+ as_dirs= -+ while :; do -+ case $as_dir in #( -+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( -+ *) as_qdir=$as_dir;; -+ esac -+ as_dirs="'$as_qdir' $as_dirs" -+ as_dir=`$as_dirname -- "$as_dir" || -+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -+$as_echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\/\)[^/].*/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\/\)$/{ -+ s//\1/ -+ q -+ } -+ /^X\(\/\).*/{ -+ s//\1/ -+ q -+ } -+ s/.*/./; q'` -+ test -d "$as_dir" && break -+ done -+ test -z "$as_dirs" || eval "mkdir $as_dirs" -+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" -+ -+ -+} # as_fn_mkdir_p - if mkdir -p . 2>/dev/null; then -- as_mkdir_p=: -+ as_mkdir_p='mkdir -p "$as_dir"' - else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -@@ -3065,12 +3789,12 @@ - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then -- test -d "$1/."; -+ test -d "$1/."; - else -- case $1 in -- -*)set "./$1";; -+ case $1 in #( -+ -*)set "./$1";; - esac; -- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in -+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -@@ -3085,13 +3809,19 @@ - - - exec 6>&1 -+## ----------------------------------- ## -+## Main body of $CONFIG_STATUS script. ## -+## ----------------------------------- ## -+_ASEOF -+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 - --# Save the log message, to keep $[0] and so on meaningful, and to -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -+# Save the log message, to keep $0 and so on meaningful, and to - # report actual input values of CONFIG_FILES etc. instead of their - # values after options handling. - ac_log=" - This file was extended by $as_me, which was --generated by GNU Autoconf 2.61. Invocation command line was -+generated by GNU Autoconf 2.67. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS -@@ -3104,59 +3834,74 @@ - - _ACEOF - --cat >>$CONFIG_STATUS <<_ACEOF -+case $ac_config_files in *" -+"*) set x $ac_config_files; shift; ac_config_files=$*;; -+esac -+ -+ -+ -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - # Files that config.status was made for. - config_files="$ac_config_files" - - _ACEOF - --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - ac_cs_usage="\ --\`$as_me' instantiates files from templates according to the --current configuration. -+\`$as_me' instantiates files and other configuration actions -+from templates according to the current configuration. Unless the files -+and actions are specified as TAGs, all are instantiated by default. - --Usage: $0 [OPTIONS] [FILE]... -+Usage: $0 [OPTION]... [TAG]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit -- -q, --quiet do not print progress messages -+ --config print configuration, then exit -+ -q, --quiet, --silent -+ do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions -- --file=FILE[:TEMPLATE] -- instantiate the configuration file FILE -+ --file=FILE[:TEMPLATE] -+ instantiate the configuration file FILE - - Configuration files: - $config_files - --Report bugs to ." -+Report bugs to the package provider." - - _ACEOF --cat >>$CONFIG_STATUS <<_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" - ac_cs_version="\\ - config.status --configured by $0, generated by GNU Autoconf 2.61, -- with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" -+configured by $0, generated by GNU Autoconf 2.67, -+ with options \\"\$ac_cs_config\\" - --Copyright (C) 2006 Free Software Foundation, Inc. -+Copyright (C) 2010 Free Software Foundation, Inc. - This config.status script is free software; the Free Software Foundation - gives unlimited permission to copy, distribute and modify it." - - ac_pwd='$ac_pwd' - srcdir='$srcdir' -+test -n "\$AWK" || AWK=awk - _ACEOF - --cat >>$CONFIG_STATUS <<\_ACEOF --# If no file are specified by the user, then we need to provide default --# value. By we need to know if files were specified by the user. -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -+# The default lists apply if the user does not specify any file. - ac_need_defaults=: - while test $# != 0 - do - case $1 in -- --*=*) -+ --*=?*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; -+ --*=) -+ ac_option=`expr "X$1" : 'X\([^=]*\)='` -+ ac_optarg= -+ ac_shift=: -+ ;; - *) - ac_option=$1 - ac_optarg=$2 -@@ -3169,25 +3914,30 @@ - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) -- echo "$ac_cs_version"; exit ;; -+ $as_echo "$ac_cs_version"; exit ;; -+ --config | --confi | --conf | --con | --co | --c ) -+ $as_echo "$ac_cs_config"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift -- CONFIG_FILES="$CONFIG_FILES $ac_optarg" -+ case $ac_optarg in -+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; -+ '') as_fn_error $? "missing file argument" ;; -+ esac -+ as_fn_append CONFIG_FILES " '$ac_optarg'" - ac_need_defaults=false;; - --he | --h | --help | --hel | -h ) -- echo "$ac_cs_usage"; exit ;; -+ $as_echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. -- -*) { echo "$as_me: error: unrecognized option: $1 --Try \`$0 --help' for more information." >&2 -- { (exit 1); exit 1; }; } ;; -+ -*) as_fn_error $? "unrecognized option: \`$1' -+Try \`$0 --help' for more information." ;; - -- *) ac_config_targets="$ac_config_targets $1" -+ *) as_fn_append ac_config_targets " $1" - ac_need_defaults=false ;; - - esac -@@ -3202,30 +3952,32 @@ - fi - - _ACEOF --cat >>$CONFIG_STATUS <<_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - if \$ac_cs_recheck; then -- echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 -- CONFIG_SHELL=$SHELL -+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -+ shift -+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 -+ CONFIG_SHELL='$SHELL' - export CONFIG_SHELL -- exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -+ exec "\$@" - fi - - _ACEOF --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - exec 5>>config.log - { - echo - sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX - ## Running $as_me. ## - _ASBOX -- echo "$ac_log" -+ $as_echo "$ac_log" - } >&5 - - _ACEOF --cat >>$CONFIG_STATUS <<_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - _ACEOF - --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - - # Handling of arguments. - for ac_config_target in $ac_config_targets -@@ -3233,9 +3985,7 @@ - case $ac_config_target in - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - -- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 --echo "$as_me: error: invalid argument: $ac_config_target" >&2;} -- { (exit 1); exit 1; }; };; -+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; - esac - done - -@@ -3260,7 +4010,7 @@ - trap 'exit_status=$? - { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status - ' 0 -- trap '{ (exit 1); exit 1; }' 1 2 13 15 -+ trap 'as_fn_exit 1' 1 2 13 15 - } - # Create a (secure) tmp directory for tmp files. - -@@ -3271,145 +4021,177 @@ - { - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") --} || --{ -- echo "$me: cannot create a temporary directory in ." >&2 -- { (exit 1); exit 1; } --} -- --# --# Set up the sed scripts for CONFIG_FILES section. --# -+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 - --# No need to generate the scripts if there are no CONFIG_FILES. --# This happens for instance when ./config.status config.h -+# Set up the scripts for CONFIG_FILES section. -+# No need to generate them if there are no CONFIG_FILES. -+# This happens for instance with `./config.status config.h'. - if test -n "$CONFIG_FILES"; then - --_ACEOF - -+ac_cr=`echo X | tr X '\015'` -+# On cygwin, bash can eat \r inside `` if the user requested igncr. -+# But we know of no other shell where ac_cr would be empty at this -+# point, so we can use a bashism as a fallback. -+if test "x$ac_cr" = x; then -+ eval ac_cr=\$\'\\r\' -+fi -+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` -+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then -+ ac_cs_awk_cr='\\r' -+else -+ ac_cs_awk_cr=$ac_cr -+fi -+ -+echo 'BEGIN {' >"$tmp/subs1.awk" && -+_ACEOF - - -+{ -+ echo "cat >conf$$subs.awk <<_ACEOF" && -+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && -+ echo "_ACEOF" -+} >conf$$subs.sh || -+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` - ac_delim='%!_!# ' - for ac_last_try in false false false false false :; do -- cat >conf$$subs.sed <<_ACEOF --SHELL!$SHELL$ac_delim --PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim --PACKAGE_NAME!$PACKAGE_NAME$ac_delim --PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim --PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim --PACKAGE_STRING!$PACKAGE_STRING$ac_delim --PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim --exec_prefix!$exec_prefix$ac_delim --prefix!$prefix$ac_delim --program_transform_name!$program_transform_name$ac_delim --bindir!$bindir$ac_delim --sbindir!$sbindir$ac_delim --libexecdir!$libexecdir$ac_delim --datarootdir!$datarootdir$ac_delim --datadir!$datadir$ac_delim --sysconfdir!$sysconfdir$ac_delim --sharedstatedir!$sharedstatedir$ac_delim --localstatedir!$localstatedir$ac_delim --includedir!$includedir$ac_delim --oldincludedir!$oldincludedir$ac_delim --docdir!$docdir$ac_delim --infodir!$infodir$ac_delim --htmldir!$htmldir$ac_delim --dvidir!$dvidir$ac_delim --pdfdir!$pdfdir$ac_delim --psdir!$psdir$ac_delim --libdir!$libdir$ac_delim --localedir!$localedir$ac_delim --mandir!$mandir$ac_delim --DEFS!$DEFS$ac_delim --ECHO_C!$ECHO_C$ac_delim --ECHO_N!$ECHO_N$ac_delim --ECHO_T!$ECHO_T$ac_delim --LIBS!$LIBS$ac_delim --build_alias!$build_alias$ac_delim --host_alias!$host_alias$ac_delim --target_alias!$target_alias$ac_delim --CC!$CC$ac_delim --CFLAGS!$CFLAGS$ac_delim --LDFLAGS!$LDFLAGS$ac_delim --CPPFLAGS!$CPPFLAGS$ac_delim --ac_ct_CC!$ac_ct_CC$ac_delim --EXEEXT!$EXEEXT$ac_delim --OBJEXT!$OBJEXT$ac_delim --eap_tnc_cflags!$eap_tnc_cflags$ac_delim --eap_tnc_ldflags!$eap_tnc_ldflags$ac_delim --targetname!$targetname$ac_delim --LIBOBJS!$LIBOBJS$ac_delim --LTLIBOBJS!$LTLIBOBJS$ac_delim --_ACEOF -+ . ./conf$$subs.sh || -+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - -- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 49; then -+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` -+ if test $ac_delim_n = $ac_delim_num; then - break - elif $ac_last_try; then -- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 --echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} -- { (exit 1); exit 1; }; } -+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi - done -+rm -f conf$$subs.sh - --ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` --if test -n "$ac_eof"; then -- ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` -- ac_eof=`expr $ac_eof + 1` --fi -- --cat >>$CONFIG_STATUS <<_ACEOF --cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof --/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end --_ACEOF --sed ' --s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g --s/^/s,@/; s/!/@,|#_!!_#|/ --:n --t n --s/'"$ac_delim"'$/,g/; t --s/$/\\/; p --N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n --' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF --:end --s/|#_!!_#|//g --CEOF$ac_eof -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -+cat >>"\$tmp/subs1.awk" <<\\_ACAWK && - _ACEOF -+sed -n ' -+h -+s/^/S["/; s/!.*/"]=/ -+p -+g -+s/^[^!]*!// -+:repl -+t repl -+s/'"$ac_delim"'$// -+t delim -+:nl -+h -+s/\(.\{148\}\)..*/\1/ -+t more1 -+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ -+p -+n -+b repl -+:more1 -+s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -+p -+g -+s/.\{148\}// -+t nl -+:delim -+h -+s/\(.\{148\}\)..*/\1/ -+t more2 -+s/["\\]/\\&/g; s/^/"/; s/$/"/ -+p -+b -+:more2 -+s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -+p -+g -+s/.\{148\}// -+t delim -+' >$CONFIG_STATUS || ac_write_fail=1 -+rm -f conf$$subs.awk -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -+_ACAWK -+cat >>"\$tmp/subs1.awk" <<_ACAWK && -+ for (key in S) S_is_set[key] = 1 -+ FS = "" -+ -+} -+{ -+ line = $ 0 -+ nfields = split(line, field, "@") -+ substed = 0 -+ len = length(field[1]) -+ for (i = 2; i < nfields; i++) { -+ key = field[i] -+ keylen = length(key) -+ if (S_is_set[key]) { -+ value = S[key] -+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) -+ len += length(value) + length(field[++i]) -+ substed = 1 -+ } else -+ len += 1 + keylen -+ } -+ -+ print line -+} - -+_ACAWK -+_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then -+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" -+else -+ cat -+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ -+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 -+_ACEOF - --# VPATH may cause trouble with some makes, so we remove $(srcdir), --# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and -+# VPATH may cause trouble with some makes, so we remove sole $(srcdir), -+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and - # trailing colons and then remove the whole line if VPATH becomes empty - # (actually we leave an empty line to preserve line numbers). - if test "x$srcdir" = x.; then -- ac_vpsub='/^[ ]*VPATH[ ]*=/{ --s/:*\$(srcdir):*/:/ --s/:*\${srcdir}:*/:/ --s/:*@srcdir@:*/:/ --s/^\([^=]*=[ ]*\):*/\1/ -+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ -+h -+s/// -+s/^/:/ -+s/[ ]*$/:/ -+s/:\$(srcdir):/:/g -+s/:\${srcdir}:/:/g -+s/:@srcdir@:/:/g -+s/^:*// - s/:*$// -+x -+s/\(=[ ]*\).*/\1/ -+G -+s/\n// - s/^[^=]*=[ ]*$// - }' - fi - --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - fi # test -n "$CONFIG_FILES" - - --for ac_tag in :F $CONFIG_FILES -+eval set X " :F $CONFIG_FILES " -+shift -+for ac_tag - do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; -- :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 --echo "$as_me: error: Invalid tag $ac_tag." >&2;} -- { (exit 1); exit 1; }; };; -+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac -@@ -3437,26 +4219,34 @@ - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || -- { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 --echo "$as_me: error: cannot find input file: $ac_f" >&2;} -- { (exit 1); exit 1; }; };; -+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; - esac -- ac_file_inputs="$ac_file_inputs $ac_f" -+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac -+ as_fn_append ac_file_inputs " '$ac_f'" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ -- configure_input="Generated from "`IFS=: -- echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." -+ configure_input='Generated from '` -+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' -+ `' by configure.' - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" -- { echo "$as_me:$LINENO: creating $ac_file" >&5 --echo "$as_me: creating $ac_file" >&6;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -+$as_echo "$as_me: creating $ac_file" >&6;} - fi -+ # Neutralize special characters interpreted by sed in replacement strings. -+ case $configure_input in #( -+ *\&* | *\|* | *\\* ) -+ ac_sed_conf_input=`$as_echo "$configure_input" | -+ sed 's/[\\\\&|]/\\\\&/g'`;; #( -+ *) ac_sed_conf_input=$configure_input;; -+ esac - - case $ac_tag in -- *:-:* | *:-) cat >"$tmp/stdin";; -+ *:-:* | *:-) cat >"$tmp/stdin" \ -+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - esac - ;; - esac -@@ -3466,42 +4256,7 @@ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || --echo X"$ac_file" | -- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)[^/].*/{ -- s//\1/ -- q -- } -- /^X\(\/\/\)$/{ -- s//\1/ -- q -- } -- /^X\(\/\).*/{ -- s//\1/ -- q -- } -- s/.*/./; q'` -- { as_dir="$ac_dir" -- case $as_dir in #( -- -*) as_dir=./$as_dir;; -- esac -- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { -- as_dirs= -- while :; do -- case $as_dir in #( -- *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( -- *) as_qdir=$as_dir;; -- esac -- as_dirs="'$as_qdir' $as_dirs" -- as_dir=`$as_dirname -- "$as_dir" || --$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -- X"$as_dir" : 'X\(//\)[^/]' \| \ -- X"$as_dir" : 'X\(//\)$' \| \ -- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || --echo X"$as_dir" | -+$as_echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q -@@ -3519,20 +4274,15 @@ - q - } - s/.*/./; q'` -- test -d "$as_dir" && break -- done -- test -z "$as_dirs" || eval "mkdir $as_dirs" -- } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 --echo "$as_me: error: cannot create directory $as_dir" >&2;} -- { (exit 1); exit 1; }; }; } -+ as_dir="$ac_dir"; as_fn_mkdir_p - ac_builddir=. - - case "$ac_dir" in - .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) -- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. -- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` -+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; -@@ -3568,12 +4318,12 @@ - - _ACEOF - --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - # If the template does not know about datarootdir, expand it. - # FIXME: This hack should be removed a few years after 2.60. - ac_datarootdir_hack=; ac_datarootdir_seen= -- --case `sed -n '/datarootdir/ { -+ac_sed_dataroot=' -+/datarootdir/ { - p - q - } -@@ -3581,36 +4331,37 @@ - /@docdir@/p - /@infodir@/p - /@localedir@/p --/@mandir@/p --' $ac_file_inputs` in -+/@mandir@/p' -+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in - *datarootdir*) ac_datarootdir_seen=yes;; - *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) -- { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 --echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} - _ACEOF --cat >>$CONFIG_STATUS <<_ACEOF -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - ac_datarootdir_hack=' - s&@datadir@&$datadir&g - s&@docdir@&$docdir&g - s&@infodir@&$infodir&g - s&@localedir@&$localedir&g - s&@mandir@&$mandir&g -- s&\\\${datarootdir}&$datarootdir&g' ;; -+ s&\\\${datarootdir}&$datarootdir&g' ;; - esac - _ACEOF - - # Neutralize VPATH when `$srcdir' = `.'. - # Shell code in configure.ac might set extrasub. - # FIXME: do we really want to maintain this feature? --cat >>$CONFIG_STATUS <<_ACEOF -- sed "$ac_vpsub -+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -+ac_sed_extra="$ac_vpsub - $extrasub - _ACEOF --cat >>$CONFIG_STATUS <<\_ACEOF -+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - :t - /@[a-zA-Z_][a-zA-Z_0-9]*@/!b --s&@configure_input@&$configure_input&;t t -+s|@configure_input@|$ac_sed_conf_input|;t t - s&@top_builddir@&$ac_top_builddir_sub&;t t -+s&@top_build_prefix@&$ac_top_build_prefix&;t t - s&@srcdir@&$ac_srcdir&;t t - s&@abs_srcdir@&$ac_abs_srcdir&;t t - s&@top_srcdir@&$ac_top_srcdir&;t t -@@ -3619,21 +4370,24 @@ - s&@abs_builddir@&$ac_abs_builddir&;t t - s&@abs_top_builddir@&$ac_abs_top_builddir&;t t - $ac_datarootdir_hack --" $ac_file_inputs | sed -f "$tmp/subs-1.sed" >$tmp/out -+" -+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ -+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - - test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && -- { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' --which seems to be undefined. Please make sure it is defined." >&5 --echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' --which seems to be undefined. Please make sure it is defined." >&2;} -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -+which seems to be undefined. Please make sure it is defined" >&5 -+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -+which seems to be undefined. Please make sure it is defined" >&2;} - - rm -f "$tmp/stdin" - case $ac_file in -- -) cat "$tmp/out"; rm -f "$tmp/out";; -- *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; -- esac -+ -) cat "$tmp/out" && rm -f "$tmp/out";; -+ *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; -+ esac \ -+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - ;; - - -@@ -3643,11 +4397,13 @@ - done # for ac_tag - - --{ (exit 0); exit 0; } -+as_fn_exit 0 - _ACEOF --chmod +x $CONFIG_STATUS - ac_clean_files=$ac_clean_files_save - -+test $ac_write_fail = 0 || -+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 -+ - - # configure is writing to config.log, and then calls config.status. - # config.status does its own redirection, appending to config.log. -@@ -3667,7 +4423,10 @@ - exec 5>>config.log - # Use ||, not &&, to avoid exiting from the if with $? = 1, which - # would make configure fail if this is the last instruction. -- $ac_cs_success || { (exit 1); exit 1; } -+ $ac_cs_success || as_fn_exit 1 -+fi -+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} - fi -- - -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/configure.in freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/configure.in ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/configure.in 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/configure.in 2012-12-04 19:38:00.241420966 +0100 -@@ -2,12 +2,21 @@ - AC_REVISION($Revision$) - AC_DEFUN(modname,[rlm_eap_tnc]) - -+eap_tnc_cflags= -+eap_tnc_ldflags=-lnaaeap -+ - if test x$with_[]modname != xno; then - -- AC_CHECK_LIB(TNCS, exchangeTNCCSMessages) -- if test "x$ac_cv_lib_tncs_exchangetnccsmessages" != xyes; then -- AC_MSG_WARN([the TNCS library isn't found!]) -- fail="$fail -lTNCS" -+ AC_CHECK_LIB(naaeap,processEAPTNCData,,fail="$fail -lnaaeap",) -+ if test -x"$ac_cv_lib_NAAEAP_processEAPTNCData" == -x"no"; then -+ AC_MSG_WARN([the NAAEAP library was not found!]) -+ fail="$fail -lNAAEAP" -+ fi -+ -+ AC_CHECK_HEADERS(naaeap/naaeap.h,,fail="$fail -Inaaeap.h",) -+ if test -x"$ac_cv_header_naaeap_h" == -x"no"; then -+ AC_MSG_WARN([the naaeap header was not found!]) -+ fail="$fail -Inaaeap.h" - fi - - targetname=modname -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.c ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.c 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.c 2012-12-04 19:38:00.241420966 +0100 -@@ -1,12 +1,12 @@ - /* - * eap_tnc.c EAP TNC functionality. - * -- * This software is Copyright (C) 2006,2007 FH Hannover -+ * This software is Copyright (C) 2006-2009 FH Hannover - * - * Portions of this code unrelated to FreeRADIUS are available - * separately under a commercial license. If you require an - * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -+ * contact trust@f4-i.fh-hannover.de for details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -23,230 +23,41 @@ - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - * - */ --#include --RCSID("$Id: 213ede51c46a8c533961be8715395c0ab1f6b5c9 $") -- -- --/* -- * -- * MD5 Packet Format in EAP Type-Data -- * --- ------ ------ -- --- --------- -- * 0 1 2 3 -- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Value-Size | Value ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Name ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * -- * EAP-TNC Packet Format in EAP Type-Data -- * -- * 0 1 2 3 -- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Flags |Ver | Data Length ... -- * |L M S R R|=1 | -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * |... | Data ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- -- * -- */ -- - #include - #include - #include "eap.h" - - #include "eap_tnc.h" - -- /* -- * WTF is wrong with htonl ? -- */ --static uint32_t ByteSwap2 (uint32_t nLongNumber) --{ -- return (((nLongNumber&0x000000FF)<<24)+((nLongNumber&0x0000FF00)<<8)+ -- ((nLongNumber&0x00FF0000)>>8)+((nLongNumber&0xFF000000)>>24)); --} -- - /* -- * Allocate a new TNC_PACKET -+ * Forms an EAP_REQUEST packet from the EAP_TNC specific data. - */ --TNC_PACKET *eaptnc_alloc(void) -+int eaptnc_compose(EAP_HANDLER *handler, TNC_BufferReference request, TNC_UInt32 length, uint8_t code) - { -- TNC_PACKET *rp; -- -- if ((rp = malloc(sizeof(TNC_PACKET))) == NULL) { -- radlog(L_ERR, "rlm_eap_tnc: out of memory"); -- return NULL; -+ // check parameters -+ if(handler == NULL || (request == NULL && length != 0) || (request != NULL && length < 1) || code > PW_EAP_MAX_CODES){ -+ radlog(L_ERR, "rlm_eap_tnc: eaptnc_compose invalid parameters: handler == %p, request == %p, length == %lu, code == %u", handler, request, length, code); -+ return 0; - } -- memset(rp, 0, sizeof(TNC_PACKET)); -- return rp; --} -- --/* -- * Free TNC_PACKET -- */ --void eaptnc_free(TNC_PACKET **tnc_packet_ptr) --{ -- TNC_PACKET *tnc_packet; -- -- if (!tnc_packet_ptr) return; -- tnc_packet = *tnc_packet_ptr; -- if (tnc_packet == NULL) return; -- -- if (tnc_packet->data) free(tnc_packet->data); - -- free(tnc_packet); -- -- *tnc_packet_ptr = NULL; --} -- --/* -- * We expect only RESPONSE for which REQUEST, SUCCESS or FAILURE is sent back -- */ --TNC_PACKET *eaptnc_extract(EAP_DS *eap_ds) --{ -- tnc_packet_t *data; -- TNC_PACKET *packet; -- /* -- * We need a response, of type EAP-TNC -- */ -- if (!eap_ds || -- !eap_ds->response || -- (eap_ds->response->code != PW_TNC_RESPONSE) || -- eap_ds->response->type.type != PW_EAP_TNC || -- !eap_ds->response->type.data || -- (eap_ds->response->length <= TNC_HEADER_LEN) || -- (eap_ds->response->type.data[0] <= 0)) { -- radlog(L_ERR, "rlm_eap_tnc: corrupted data"); -- return NULL; -+ // further check parameters -+ if(handler->opaque == NULL || handler->eap_ds == NULL){ -+ radlog(L_ERR, "rlm_eap_tnc: eaptnc_compose invalid parameters: handler->opaque == %p, handler->eap_ds == %p", handler->opaque, handler->eap_ds); -+ return 0; - } -- packet = eaptnc_alloc(); -- if (!packet) return NULL; -- - -- packet->code = eap_ds->response->code; -- packet->id = eap_ds->response->id; -- packet->length = eap_ds->response->length; -- -- data = (tnc_packet_t *)eap_ds->response->type.data; -- /* -- * Already checked the size above. -- */ -- packet->flags_ver = data->flags_ver; -- unsigned char *ptr = (unsigned char*)data; -- -- -- DEBUG2("Flags/Ver: %x\n", packet->flags_ver); -- int thisDataLength; -- int dataStart; -- if(TNC_LENGTH_INCLUDED(packet->flags_ver)){ -- DEBUG2("data_length included\n"); --// memcpy(&packet->flags_ver[1], &data->flags_ver[1], 4); -- //packet->data_length = data->data_length; -- memcpy(&packet->data_length, &ptr[1], TNC_DATA_LENGTH_LENGTH); -- DEBUG2("data_length: %x\n", packet->data_length); -- DEBUG2("data_length: %d\n", packet->data_length); -- DEBUG2("data_length: %x\n", ByteSwap2(packet->data_length)); -- DEBUG2("data_length: %d\n", ByteSwap2(packet->data_length)); -- packet->data_length = ByteSwap2(packet->data_length); -- thisDataLength = packet->length-TNC_PACKET_LENGTH; //1: we need space for flags_ver -- dataStart = TNC_DATA_LENGTH_LENGTH+TNC_FLAGS_VERSION_LENGTH; -- }else{ -- DEBUG2("no data_length included\n"); -- thisDataLength = packet->length-TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH; -- packet->data_length = 0; -- dataStart = TNC_FLAGS_VERSION_LENGTH; -- -- } -- /* -- * Allocate room for the data, and copy over the data. -- */ -- packet->data = malloc(thisDataLength); -- if (packet->data == NULL) { -- radlog(L_ERR, "rlm_eap_tnc: out of memory"); -- eaptnc_free(&packet); -- return NULL; -+ if(handler->eap_ds->request == NULL){ -+ radlog(L_ERR, "rlm_eap_tnc: eaptnc_compose invalid parameters: handler->eap_ds->request == %p", handler->eap_ds->request); -+ return 0; - } -- -- memcpy(packet->data, &(eap_ds->response->type.data[dataStart]), thisDataLength); -- -- return packet; --} - -- --/* -- * Compose the portions of the reply packet specific to the -- * EAP-TNC protocol, in the EAP reply typedata -- */ --int eaptnc_compose(EAP_DS *eap_ds, TNC_PACKET *reply) --{ -- uint8_t *ptr; -- -- -- if (reply->code < 3) { -- //fill: EAP-Type (0x888e) -- eap_ds->request->type.type = PW_EAP_TNC; -- DEBUG2("TYPE: EAP-TNC set\n"); -- rad_assert(reply->length > 0); -- -- //alloc enough space for whole TNC-Packet (from Code on) -- eap_ds->request->type.data = calloc(reply->length, sizeof(unsigned char*)); -- DEBUG2("Malloc %d bytes for packet\n", reply->length); -- if (eap_ds->request->type.data == NULL) { -- radlog(L_ERR, "rlm_eap_tnc: out of memory"); -- return 0; -- } -- //put pointer at position where data starts (behind Type) -- ptr = eap_ds->request->type.data; -- //*ptr = (uint8_t)(reply->data_length & 0xFF); -- -- //ptr++; -- *ptr = reply->flags_ver; -- DEBUG2("Set Flags/Version: %d\n", *ptr); -- if(reply->data_length!=0){ -- DEBUG2("Set data-length: %d\n", reply->data_length); -- ptr++; //move to start-position of "data_length" -- DEBUG2("Set data-length: %x\n", reply->data_length); -- DEBUG2("Set data-length (swapped): %x\n", ByteSwap2(reply->data_length)); -- unsigned long swappedDataLength = ByteSwap2(reply->data_length); -- //DEBUG2("DATA-length: %d", reply->data_ -- memcpy(ptr, &swappedDataLength, 4); -- //*ptr = swappedDataLength; -- } -- uint16_t thisDataLength=0; -- if(reply->data!=NULL){ -- DEBUG2("Adding TNCCS-Data "); -- int offset; -- //if data_length-Field present -- if(reply->data_length !=0){ -- DEBUG2("with Fragmentation\n"); -- offset = TNC_DATA_LENGTH_LENGTH; //length of data_length-field: 4 -- thisDataLength = reply->length-TNC_PACKET_LENGTH; -- }else{ //data_length-Field not present -- DEBUG2("without Fragmentation\n"); -- offset = 1; -- thisDataLength = reply->length-TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH; -- } -- DEBUG2("TNCCS-Datalength: %d\n", thisDataLength); -- ptr=ptr+offset; //move to start-position of "data" -- memcpy(ptr,reply->data, thisDataLength); -- }else{ -- DEBUG2("No TNCCS-Data present"); -- } -- -- //the length of the TNC-packet (behind Type) -- if(reply->data_length!=0){ -- eap_ds->request->type.length = TNC_DATA_LENGTH_LENGTH+TNC_FLAGS_VERSION_LENGTH+thisDataLength; //4:data_length, 1: flags_ver -- }else{ -- eap_ds->request->type.length = TNC_FLAGS_VERSION_LENGTH+thisDataLength; //1: flags_ver -- } -- DEBUG2("Packet built\n"); -- -- } else { -- eap_ds->request->type.length = 0; -- } -- eap_ds->request->code = reply->code; -+ // fill EAP data to handler -+ handler->eap_ds->request->code = code; -+ handler->eap_ds->request->type.type = PW_EAP_TNC; -+ // fill EAP TYPE specific data to handler -+ handler->eap_ds->request->type.length = length; -+ free(handler->eap_ds->request->type.data); -+ handler->eap_ds->request->type.data = request; - - return 1; - } -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.h freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.h ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.h 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/eap_tnc.h 2012-12-04 19:38:00.241420966 +0100 -@@ -1,10 +1,10 @@ - /* -- * This software is Copyright (C) 2006,2007 FH Hannover -+ * This software is Copyright (C) 2006-2009 FH Hannover - * - * Portions of this code unrelated to FreeRADIUS are available - * separately under a commercial license. If you require an - * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -+ * contact trust@f4-i.fh-hannover.de for details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -26,105 +26,20 @@ - #define _EAP_TNC_H - - #include "eap.h" -+#include - --#define PW_TNC_REQUEST 1 --#define PW_TNC_RESPONSE 2 --#define PW_TNC_SUCCESS 3 --#define PW_TNC_FAILURE 4 --#define PW_TNC_MAX_CODES 4 -- --#define TNC_HEADER_LEN 4 --#define TNC_CHALLENGE_LEN 16 --#define TNC_START_LEN 8 -- --#define TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH 6 --#define TNC_PACKET_LENGTH 10 --#define TNC_DATA_LENGTH_LENGTH 4 --#define TNC_FLAGS_VERSION_LENGTH 1 -- --typedef unsigned int VlanAccessMode; -- --#define VLAN_ISOLATE 97 --#define VLAN_ACCESS 2 --/* -- **** -- * EAP - MD5 doesnot specify code, id & length but chap specifies them, -- * for generalization purpose, complete header should be sent -- * and not just value_size, value and name. -- * future implementation. -- * -- * Huh? What does that mean? -- */ -+#define SET_START(x) ((x) | (0x20)) - --/* -+/** -+ * Composes the EAP packet. - * -- * MD5 Packet Format in EAP Type-Data -- * --- ------ ------ -- --- --------- -- * 0 1 2 3 -- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Value-Size | Value ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Name ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * -- * EAP-TNC Packet Format in EAP Type-Data -- * -- * 0 1 2 3 -- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * | Flags |Ver | Data Length ... -- * |L M S R R|=1 | -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- * |... | Data ... -- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- -+ * @param handler The EAP_HANDLER from tnc_initiate() or tnc_authenticate -+ * @param request The EAP_TNC packet received from NAA-TNCS -+ * @param length The length of the EAP_TNC packet received from NAA-TNCS -+ * @param code EAP_CODE for the request - * -+ * @return True if operation was successful, otherwise false. - */ -- --/* eap packet structure */ --typedef struct tnc_packet_t { --/* -- uint8_t code; -- uint8_t id; -- uint16_t length; --*/ -- uint8_t flags_ver; -- uint32_t data_length; -- uint8_t *data; --} tnc_packet_t; -- --typedef struct tnc_packet { -- uint8_t code; -- uint8_t id; -- uint16_t length; -- uint8_t flags_ver; -- uint32_t data_length; -- uint8_t *data; --} TNC_PACKET; -- --#define TNC_START(x) (((x) & 0x20) != 0) --#define TNC_MORE_FRAGMENTS(x) (((x) & 0x40) != 0) --#define TNC_LENGTH_INCLUDED(x) (((x) & 0x80) != 0) --#define TNC_RESERVED_EQ_NULL(x) (((x) & 0x10) == 0 && ((x) & 0x8) == 0) --#define TNC_VERSION_EQ_ONE(x) (((x) & 0x07) == 1) -- --#define SET_START(x) ((x) | (0x20)) --#define SET_MORE_FRAGMENTS(x) ((x) | (0x40)) --#define SET_LENGTH_INCLUDED(x) ((x) | (0x80)) -- -- --/* function declarations here */ -- --TNC_PACKET *eaptnc_alloc(void); --void eaptnc_free(TNC_PACKET **tnc_packet_ptr); -- --int eaptnc_compose(EAP_DS *auth, TNC_PACKET *reply); --TNC_PACKET *eaptnc_extract(EAP_DS *auth); --int eaptnc_verify(TNC_PACKET *pkt, VALUE_PAIR* pwd, uint8_t *ch); -- -- -- -- -+int eaptnc_compose(EAP_HANDLER *handler, TNC_BufferReference request, TNC_UInt32 length, uint8_t code); - - #endif /*_EAP_TNC_H*/ -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/Makefile.in freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/Makefile.in ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/Makefile.in 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/Makefile.in 2012-12-04 19:38:49.277421870 +0100 -@@ -3,8 +3,8 @@ - # - - TARGET = @targetname@ --SRCS = rlm_eap_tnc.c eap_tnc.c tncs_connect.c --HEADERS = eap_tnc.h tncs.h tncs_connect.h ../../eap.h ../../rlm_eap.h -+SRCS = rlm_eap_tnc.c eap_tnc.c -+HEADERS = eap_tnc.h ../../eap.h ../../rlm_eap.h - RLM_CFLAGS = -I../.. -I../../libeap @eap_tnc_cflags@ - RLM_LIBS = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la - RLM_INSTALL = -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c 2012-12-04 19:38:00.241420966 +0100 -@@ -1,12 +1,12 @@ - /* - * rlm_eap_tnc.c Handles that are called from eap - * -- * This software is Copyright (C) 2006,2007 FH Hannover -+ * This software is Copyright (C) 2006-2009 FH Hannover - * - * Portions of this code unrelated to FreeRADIUS are available - * separately under a commercial license. If you require an - * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -+ * contact trust@f4-i.fh-hannover.de for details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -26,96 +26,262 @@ - * Copyright (C) 2007 Alan DeKok - */ - --#include --RCSID("$Id: 985ac01f384110b9a46ec8e84592351c21b3f09a $") -+/* -+ * EAP-TNC Packet with EAP Header, general structure -+ * -+ * 0 1 2 3 -+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * | Code | Identifier | Length | -+ * | | | | -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * | Type | Flags | Ver | Data Length | -+ * | |L M S R R| =1 | | -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * | Data Length | Data ... -+ * | | -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ */ - - #include - - #include - #include - --#include "tncs_connect.h" - #include "eap_tnc.h" --#include "tncs.h" -+#include - #include -+//#include - --typedef struct rlm_eap_tnc_t { -- char *vlan_access; -- char *vlan_isolate; -- char *tnc_path; --} rlm_eap_tnc_t; -+#include - --static int sessionCounter=0; -+/** -+ * Calculates an identifying string based upon nas_port, nas_ip and nas_port_type. -+ * The maximum length of the calculated string is 70 (not including the trailing '\0'). -+ * -+ * @return the number of bytes written to out (not including the trailing '\0') -+ */ -+static uint32_t calculateConnectionString(RADIUS_PACKET* radius_packet, char *out, size_t outMaxLength) -+{ -+ VALUE_PAIR *vp = NULL; -+ uint32_t nas_port = 0; -+ uint32_t nas_ip = 0; -+ uint32_t nas_port_type = 0; -+ -+ char out_nas_port[11]; -+ char out_nas_ip_byte_0[4]; -+ char out_nas_ip_byte_1[4]; -+ char out_nas_ip_byte_2[4]; -+ char out_nas_ip_byte_3[4]; -+ char out_nas_port_type[11]; -+ -+ // check for NULL -+ if (radius_packet == NULL) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: calculateConnectionString failed. radius_packet == NULL!"); -+ return 0; -+ } -+ -+ // read NAS port, ip and port type -+ for (vp = radius_packet->vps; vp; vp=vp->next) { -+ switch (vp->attribute) { -+ case PW_NAS_PORT: -+ nas_port = vp->vp_integer; -+ DEBUG("NAS scr port = %u\n", nas_port); -+ break; -+ case PW_NAS_IP_ADDRESS: -+ nas_ip = vp->vp_ipaddr; -+ DEBUG("NAS scr ip = %X\n", ntohl(nas_ip)); -+ break; -+ case PW_NAS_PORT_TYPE: -+ nas_port_type = vp->vp_integer; -+ DEBUG("NAS scr port type = %u\n", nas_port_type); -+ break; -+ } -+ } -+ -+ snprintf(out_nas_port, 11, "%u", nas_port); -+ snprintf(out_nas_ip_byte_0, 4, "%u", nas_ip & 0xFF); -+ snprintf(out_nas_ip_byte_1, 4, "%u", (nas_ip >> 8) & 0xFF); -+ snprintf(out_nas_ip_byte_2, 4, "%u", (nas_ip >> 16) & 0xFF); -+ snprintf(out_nas_ip_byte_3, 4, "%u", (nas_ip >> 24) & 0xFF); -+ snprintf(out_nas_port_type, 11, "%u", nas_port_type); -+ -+ return snprintf(out, outMaxLength, "NAS Port: %s NAS IP: %s.%s.%s.%s NAS_PORT_TYPE: %s", out_nas_port, out_nas_ip_byte_3, out_nas_ip_byte_2, out_nas_ip_byte_1, out_nas_ip_byte_0, out_nas_port_type); -+} -+ -+/* -+ * This function is called when the FreeRADIUS attach this module. -+ */ -+static int tnc_attach(CONF_SECTION *conf, void **type_data) -+{ -+ // initialize NAA-EAP -+ DEBUG2("TNC-ATTACH initializing NAA-EAP"); -+ TNC_Result result = initializeDefault(); -+ if (result != TNC_RESULT_SUCCESS) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_attach error while calling NAA-EAP initializeDefault()"); -+ return -1; -+ } -+ return 0; -+} -+ -+/* -+ * This function is called when the FreeRADIUS detach this module. -+ */ -+static int tnc_detach(void *args) -+{ -+ // terminate NAA-EAP -+ DEBUG2("TNC-TERMINATE terminating NAA-EAP"); -+ TNC_Result result = terminate(); -+ if (result != TNC_RESULT_SUCCESS) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_attach error while calling NAA-EAP terminate()"); -+ return -1; -+ } -+ return 0; -+} - - /* -- * Initiate the EAP-MD5 session by sending a challenge to the peer. -- * Initiate the EAP-TNC session by sending a EAP Request witch Start Bit set -- * and with no data -+ * This function is called when the first EAP_IDENTITY_RESPONSE message -+ * was received. -+ * -+ * Initiates the EPA_TNC session by sending the first EAP_TNC_RESPONSE -+ * to the peer. The packet has the Start-Bit set and contains no data. -+ * -+ * 0 1 2 3 -+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * | Code | Identifier | Length | -+ * | | | | -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * | Type | Flags | Ver | -+ * | |0 0 1 0 0|0 0 1| -+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+ * -+ * For this package, only 'Identifier' has to be set dynamically. Any -+ * other information is static. - */ - static int tnc_initiate(void *type_data, EAP_HANDLER *handler) - { -- uint8_t flags_ver = 1; //set version to 1 -- rlm_eap_tnc_t *inst = type_data; -- TNC_PACKET *reply; -+ size_t buflen = 71; -+ size_t ret = 0; -+ char buf[buflen]; -+ REQUEST * request = NULL; -+ TNC_Result result; -+ TNC_ConnectionID conID; -+ TNC_BufferReference username; - -+ // check if we run inside a secure EAP method. -+ // FIXME check concrete outer EAP method - if (!handler->request || !handler->request->parent) { -- DEBUG("rlm_eap_tnc: EAP-TNC can only be run inside of a TLS-based method."); -+ DEBUG2("rlm_eap_tnc: EAP_TNC must only be used as an inner method within a protected tunneled EAP created by an outer EAP method."); -+ request = handler->request; - return 0; -+ } else { -+ request = handler->request->parent; - } - -- /* -- * FIXME: Update this when the TTLS and PEAP methods can -- * run EAP-TLC *after* the user has been authenticated. -- * This likely means moving the phase2 handlers to a -- * common code base. -- */ -- if (1) { -- DEBUG("rlm-eap_tnc: EAP-TNC can only be run after the user has been authenticated."); -+ if (request->packet == NULL) { -+ DEBUG2("rlm_eap_tnc: ERROR request->packet is NULL."); - return 0; - } - - DEBUG("tnc_initiate: %ld", handler->timestamp); - -- if(connectToTncs(inst->tnc_path)==-1){ -- DEBUG("Could not connect to TNCS"); -+ //calculate connectionString -+ ret = calculateConnectionString(request->packet, buf, buflen); -+ if(ret == 0){ -+ radlog(L_ERR, "rlm_eap_tnc:tnc_attach: calculating connection String failed."); -+ return 0; - } - -+ DEBUG2("TNC-INITIATE getting connection from NAA-EAP"); -+ - /* -- * Allocate an EAP-MD5 packet. -+ * get connection -+ * (uses a function from the NAA-EAP-library) -+ * the presence of the library is checked via the configure-script - */ -- reply = eaptnc_alloc(); -- if (reply == NULL) { -- radlog(L_ERR, "rlm_eap_tnc: out of memory"); -+ result = getConnection(buf, &conID); -+ -+ // check for errors -+ if (result != TNC_RESULT_SUCCESS) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_initiate error while calling NAA-EAP getConnection"); - return 0; - } - - /* -- * Fill it with data. -+ * tries to get the username from FreeRADIUS; -+ * copied from modules/rlm_eap/types/rlm_eap_ttls/ttls.c - */ -- reply->code = PW_TNC_REQUEST; -- flags_ver = SET_START(flags_ver); //set start-flag -- DEBUG("$$$$$$$$$$$$$$$$Flags: %d", flags_ver); -- reply->flags_ver = flags_ver; -- reply->length = 1+1; /* one byte of flags_ver */ -+ VALUE_PAIR *usernameValuePair; -+ usernameValuePair = pairfind(request->packet->vps, PW_USER_NAME); - -+ VALUE_PAIR *eapMessageValuePair; -+ if (!usernameValuePair) { -+ eapMessageValuePair = pairfind(request->packet->vps, PW_EAP_MESSAGE); -+ -+ if (eapMessageValuePair && -+ (eapMessageValuePair->length >= EAP_HEADER_LEN + 2) && -+ (eapMessageValuePair->vp_strvalue[0] == PW_EAP_RESPONSE) && -+ (eapMessageValuePair->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) && -+ (eapMessageValuePair->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) { -+ -+ /* -+ * Create & remember a User-Name -+ */ -+ usernameValuePair = pairmake("User-Name", "", T_OP_EQ); -+ rad_assert(usernameValuePair != NULL); -+ -+ memcpy(usernameValuePair->vp_strvalue, eapMessageValuePair->vp_strvalue + 5, -+ eapMessageValuePair->length - 5); -+ usernameValuePair->length = eapMessageValuePair->length - 5; -+ usernameValuePair->vp_strvalue[usernameValuePair->length] = 0; -+ } -+ } -+ -+ username = malloc(usernameValuePair->length + 1); -+ memcpy(username, usernameValuePair->vp_strvalue, usernameValuePair->length); -+ username[usernameValuePair->length] = '\0'; -+ -+ RDEBUG("Username for current TNC connection: %s", username); -+ -+ /* -+ * stores the username of this connection -+ * (uses a function from the NAA-EAP-library) -+ * the presence of the library is checked via the configure-script -+ */ -+ result = storeUsername(conID, username, usernameValuePair->length); -+ -+ // check for errors -+ if (result != TNC_RESULT_SUCCESS) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_initiate error while calling NAA-EAP storeUsername"); -+ return 0; -+ } -+ -+ // set connection ID in FreeRADIUS -+ handler->opaque = malloc(sizeof(TNC_ConnectionID)); -+ memcpy(handler->opaque, &conID, sizeof(TNC_ConnectionID)); -+ -+ // build first EAP TNC request -+ TNC_BufferReference eap_tnc_request = malloc(sizeof(unsigned char)); -+ if (eap_tnc_request == NULL) { -+ radlog(L_ERR, "rlm_eap_tnc:tnc_initiate: malloc failed."); -+ return 0; -+ } -+ *eap_tnc_request = SET_START(1); -+ TNC_UInt32 eap_tnc_length = 1; -+ type_data = type_data; /* suppress -Wunused */ - - /* - * Compose the EAP-TNC packet out of the data structure, - * and free it. - */ -- eaptnc_compose(handler->eap_ds, reply); -- eaptnc_free(&reply); -+ eaptnc_compose(handler, eap_tnc_request, eap_tnc_length, PW_EAP_REQUEST); - -- //put sessionAttribute to Handler and increase sessionCounter -- handler->opaque = calloc(sizeof(TNC_ConnectionID), 1); -- if (handler->opaque == NULL) { -- radlog(L_ERR, "rlm_eap_tnc: out of memory"); -- return 0; -- } -- handler->free_opaque = free; -- memcpy(handler->opaque, &sessionCounter, sizeof(int)); -- sessionCounter++; -- - /* - * We don't need to authorize the user at this point. - * -@@ -124,246 +290,114 @@ - * to us... - */ - handler->stage = AUTHENTICATE; -- -- return 1; --} - --static void setVlanAttribute(rlm_eap_tnc_t *inst, EAP_HANDLER *handler, -- VlanAccessMode mode){ -- VALUE_PAIR *vp; -- char *vlanNumber = NULL; -- switch(mode){ -- case VLAN_ISOLATE: -- vlanNumber = inst->vlan_isolate; -- vp = pairfind(handler->request->config_items, -- PW_TNC_VLAN_ISOLATE); -- if (vp) vlanNumber = vp->vp_strvalue; -- break; -- case VLAN_ACCESS: -- vlanNumber = inst->vlan_access; -- vp = pairfind(handler->request->config_items, -- PW_TNC_VLAN_ACCESS); -- if (vp) vlanNumber = vp->vp_strvalue; -- break; -- -- default: -- DEBUG2(" rlm_eap_tnc: Internal error. Not setting vlan number"); -- return; -- } -- pairadd(&handler->request->reply->vps, -- pairmake("Tunnel-Type", "VLAN", T_OP_SET)); -- -- pairadd(&handler->request->reply->vps, -- pairmake("Tunnel-Medium-Type", "IEEE-802", T_OP_SET)); -- -- pairadd(&handler->request->reply->vps, -- pairmake("Tunnel-Private-Group-ID", vlanNumber, T_OP_SET)); -- -+ return 1; - } - --/* -- * Authenticate a previously sent challenge. -+/** -+ * This function is called when a EAP_TNC_RESPONSE was received. -+ * It basically forwards the EAP_TNC data to NAA-TNCS and forms -+ * and appropriate EAP_RESPONSE. Furthermore, it sets the VlanID -+ * based on the TNC_ConnectionState determined by NAA-TNCS. -+ * -+ * @param type_arg The configuration data -+ * @param handler The EAP_HANDLER -+ * @return True, if successfully, else false. - */ --static int tnc_authenticate(void *type_arg, EAP_HANDLER *handler) --{ -- TNC_PACKET *packet; -- TNC_PACKET *reply; -- TNC_ConnectionID connId = *((TNC_ConnectionID *) (handler->opaque)); -- TNC_ConnectionState state; -- rlm_eap_tnc_t *inst = type_arg; -- int isAcknowledgement = 0; -- TNC_UInt32 tnccsMsgLength = 0; -- int isLengthIncluded; -- int moreFragments; -- TNC_UInt32 overallLength; -- TNC_BufferReference outMessage; -- TNC_UInt32 outMessageLength = 2; -- int outIsLengthIncluded=0; -- int outMoreFragments=0; -- TNC_UInt32 outOverallLength=0; -+static int tnc_authenticate(void *type_arg, EAP_HANDLER *handler) { - -- DEBUG2("HANDLER_OPAQUE: %d", (int) *((TNC_ConnectionID *) (handler->opaque))); -- DEBUG2("TNC-AUTHENTICATE is starting now for %d..........", (int) connId); -+ rad_assert(handler->request != NULL); // check that request has been sent previously -+ rad_assert(handler->stage == AUTHENTICATE); // check if initiate has been called - -- /* -- * Get the User-Password for this user. -- */ -- rad_assert(handler->request != NULL); -- rad_assert(handler->stage == AUTHENTICATE); -- -- /* -- * Extract the EAP-TNC packet. -- */ -- if (!(packet = eaptnc_extract(handler->eap_ds))) -+ if (handler == NULL) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_authenticate invalid parameters: handler == NULL"); - return 0; -+ } -+ if (handler->eap_ds == NULL) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_authenticate invalid parameters: handler->eap_ds == NULL"); -+ return 0; -+ } -+ if (handler->eap_ds->response == NULL) { -+ radlog( -+ L_ERR, -+ "rlm_eap_tnc: tnc_authenticate invalid parameters: handler->eap_ds->resonse == NULL"); -+ return 0; -+ } -+ if (handler->eap_ds->response->type.type != PW_EAP_TNC -+ || handler->eap_ds->response->type.length < 1 -+ || handler->eap_ds->response->type.data == NULL) { -+ radlog( -+ L_ERR, -+ "rlm_eap_tnc: tnc_authenticate invalid parameters: handler->eap_ds->response->type.type == %X, ->type.length == %u, ->type.data == %p", -+ handler->eap_ds->response->type.type, -+ handler->eap_ds->response->type.length, -+ handler->eap_ds->response->type.data); -+ return 0; -+ } - -- /* -- * Create a reply, and initialize it. -- */ -- reply = eaptnc_alloc(); -- if (!reply) { -- eaptnc_free(&packet); -- return 0; -- } -- -- reply->id = handler->eap_ds->request->id; -- reply->length = 0; -- if(packet->data_length==0){ -- tnccsMsgLength = packet->length-TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH; -- }else{ -- tnccsMsgLength = packet->length-TNC_PACKET_LENGTH; -- } -- isLengthIncluded = TNC_LENGTH_INCLUDED(packet->flags_ver); -- moreFragments = TNC_MORE_FRAGMENTS(packet->flags_ver); -- overallLength = packet->data_length; -- if(isLengthIncluded == 0 -- && moreFragments == 0 -- && overallLength == 0 -- && tnccsMsgLength == 0 -- && TNC_START(packet->flags_ver)==0){ -- -- isAcknowledgement = 1; -- } -- -- DEBUG("Data received: (%d)", (int) tnccsMsgLength); --/* int i; -- for(i=0;idata)[i]); -- } -- DEBUG2("\n"); -- */ -- state = exchangeTNCCSMessages(inst->tnc_path, -- connId, -- isAcknowledgement, -- packet->data, -- tnccsMsgLength, -- isLengthIncluded, -- moreFragments, -- overallLength, -- &outMessage, -- &outMessageLength, -- &outIsLengthIncluded, -- &outMoreFragments, -- &outOverallLength); -- DEBUG("GOT State %08x from TNCS", (unsigned int) state); -- if(state == TNC_CONNECTION_EAP_ACKNOWLEDGEMENT){ //send back acknoledgement -- reply->code = PW_TNC_REQUEST; -- reply->data = NULL; -- reply->data_length = 0; -- reply->flags_ver = 1; -- reply->length =TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH; -- }else{ //send back normal message -- DEBUG("GOT Message from TNCS (length: %d)", (int) outMessageLength); -- -- /* for(i=0;icode = PW_TNC_REQUEST; -- DEBUG2("Set Reply->Code to EAP-REQUEST\n"); -- break; -- case TNC_CONNECTION_STATE_ACCESS_ALLOWED: -- reply->code = PW_TNC_SUCCESS; -- setVlanAttribute(inst, handler,VLAN_ACCESS); -- break; -- case TNC_CONNECTION_STATE_ACCESS_NONE: -- reply->code = PW_TNC_FAILURE; -- //setVlanAttribute(inst, handler, VLAN_ISOLATE); -- break; -- case TNC_CONNECTION_STATE_ACCESS_ISOLATED: -- reply->code = PW_TNC_SUCCESS; -- setVlanAttribute(inst, handler, VLAN_ISOLATE); -- break; -- default: -- reply->code= PW_TNC_FAILURE; -- -- } -- if(outMessage!=NULL && outMessageLength!=0){ -- reply->data = outMessage; -- } -- reply->flags_ver = 1; -- if(outIsLengthIncluded){ -- reply->flags_ver = SET_LENGTH_INCLUDED(reply->flags_ver); -- reply->data_length = outOverallLength; -- reply->length = TNC_PACKET_LENGTH + outMessageLength; -- DEBUG("SET LENGTH: %d", reply->length); -- DEBUG("SET DATALENGTH: %d", (int) outOverallLength); -- }else{ -- reply->data_length = 0; -- reply->length = TNC_PACKET_LENGTH_WITHOUT_DATA_LENGTH + outMessageLength; -- DEBUG("SET LENGTH: %d", reply->length); -- } -- if(outMoreFragments){ -- reply->flags_ver = SET_MORE_FRAGMENTS(reply->flags_ver); -- } -- } -- -- /* -- * Compose the EAP-MD5 packet out of the data structure, -- * and free it. -- */ -- eaptnc_compose(handler->eap_ds, reply); -- eaptnc_free(&reply); -- -- handler->stage = AUTHENTICATE; -- -- eaptnc_free(&packet); -- return 1; --} -- --/* -- * Detach the EAP-TNC module. -- */ --static int tnc_detach(void *arg) --{ -- free(arg); -- return 0; --} -- -- --static CONF_PARSER module_config[] = { -- { "vlan_access", PW_TYPE_STRING_PTR, -- offsetof(rlm_eap_tnc_t, vlan_access), NULL, NULL }, -- { "vlan_isolate", PW_TYPE_STRING_PTR, -- offsetof(rlm_eap_tnc_t, vlan_isolate), NULL, NULL }, -- { "tnc_path", PW_TYPE_STRING_PTR, -- offsetof(rlm_eap_tnc_t, tnc_path), NULL, -- "/usr/local/lib/libTNCS.so"}, -+ // get connection ID -+ TNC_ConnectionID conID = *((TNC_ConnectionID *) (handler->opaque)); - -- { NULL, -1, 0, NULL, NULL } /* end the list */ --}; -+ DEBUG2("TNC-AUTHENTICATE is starting now for connection ID %lX !", conID); - --/* -- * Attach the EAP-TNC module. -- */ --static int tnc_attach(CONF_SECTION *cs, void **instance) --{ -- rlm_eap_tnc_t *inst; -+ // pass EAP_TNC data to NAA-EAP and get answer data -+ TNC_BufferReference output = NULL; -+ TNC_UInt32 outputLength = 0; -+ TNC_ConnectionState connectionState = TNC_CONNECTION_STATE_CREATE; - -- inst = malloc(sizeof(*inst)); -- if (!inst) return -1; -- memset(inst, 0, sizeof(*inst)); -+ /* -+ * forwards the eap_tnc data to NAA-EAP and gets the response -+ * (uses a function from the NAA-EAP-library) -+ * the presence of the library is checked via the configure-script -+ */ -+ TNC_Result result = processEAPTNCData(conID, handler->eap_ds->response->type.data, -+ handler->eap_ds->response->type.length, &output, &outputLength, -+ &connectionState); -+ -+ // check for errors -+ if (result != TNC_RESULT_SUCCESS) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_authenticate error while calling NAA-EAP processEAPTNCData"); -+ return 0; -+ } - -- if (cf_section_parse(cs, inst, module_config) < 0) { -- tnc_detach(inst); -- return -1; -+ // output contains now the answer from NAA-EAP -+ uint8_t eapCode = 0; -+ // determine eapCode for request -+ switch (connectionState) { -+ case TNC_CONNECTION_STATE_HANDSHAKE: -+ eapCode = PW_EAP_REQUEST; -+ break; -+ case TNC_CONNECTION_STATE_ACCESS_NONE: -+ eapCode = PW_EAP_FAILURE; -+ break; -+ case TNC_CONNECTION_STATE_ACCESS_ALLOWED: -+ eapCode = PW_EAP_SUCCESS; -+ pairadd(&handler->request->config_items, pairmake("TNC-Status", "Access", T_OP_SET)); -+ break; -+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED: -+ eapCode = PW_EAP_SUCCESS; -+ pairadd(&handler->request->config_items, pairmake("TNC-Status", "Isolate", T_OP_SET)); -+ break; -+ default: -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_authenticate invalid TNC_CONNECTION_STATE."); -+ return 0; - } - -- -- if (!inst->vlan_access || !inst->vlan_isolate) { -- radlog(L_ERR, "rlm_eap_tnc: Must set both vlan_access and vlan_isolate"); -- tnc_detach(inst); -- return -1; -+ // form EAP_REQUEST -+ if (!eaptnc_compose(handler, output, outputLength, eapCode)) { -+ radlog(L_ERR, -+ "rlm_eap_tnc: tnc_authenticate error while forming EAP_REQUEST."); -+ return 0; - } - -- *instance = inst; -- return 0; -+ // FIXME: Why is that needed? -+ handler->stage = AUTHENTICATE; -+ -+ return 1; - } - - /* -@@ -371,10 +405,10 @@ - * That is, everything else should be 'static'. - */ - EAP_TYPE rlm_eap_tnc = { -- "eap_tnc", -- tnc_attach, /* attach */ -- tnc_initiate, /* Start the initial request */ -- NULL, /* authorization */ -- tnc_authenticate, /* authentication */ -- tnc_detach /* detach */ -+ "eap_tnc", -+ tnc_attach, /* attach */ -+ tnc_initiate, /* Start the initial request */ -+ NULL, /* authorization */ -+ tnc_authenticate, /* authentication */ -+ tnc_detach /* detach */ - }; -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.c ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.c 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.c 1970-01-01 01:00:00.000000000 +0100 -@@ -1,146 +0,0 @@ --/* -- * This software is Copyright (C) 2006,2007 FH Hannover -- * -- * Portions of this code unrelated to FreeRADIUS are available -- * separately under a commercial license. If you require an -- * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -- * -- * This program is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation; either version 2 of the License, or -- * (at your option) any later version. -- * -- * This program is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with this program; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA -- * -- */ --#include --RCSID("$Id: 6077f6d2bdc2ebdea6575678e80e255f57215900 $") -- --#include "tncs_connect.h" --#include --#include --#include --#include -- -- /* -- * FIXME: This linking should really be done at compile time. -- */ --static lt_dlhandle handle = NULL; -- --static ExchangeTNCCSMessagePointer callTNCS = NULL; -- --/* -- * returns the function-pointer to a function of a shared-object -- * -- * soHandle: handle to a shared-object -- * name: name of the requested function -- * -- * return: the procAddress if found, else NULL -- */ --static void *getProcAddress(lt_dlhandle soHandle, const char *name){ -- void *proc = lt_dlsym(soHandle, name); -- DEBUG("Searching for function %s", name); -- if(proc == NULL){ -- DEBUG("rlm_eap_tnc: Failed to resolve symbol %s: %s", -- name, lt_dlerror()); -- } -- return proc; --} -- -- --/* -- * establishs the connection to the TNCCS without calling functionality. -- * That means that the TNCS-shared-object is loaded and the function-pointer -- * to "exchangeTNCCSMessages" is explored. -- * -- * return: -1 if connect failed, 0 if connect was successful -- */ --int connectToTncs(char *pathToSO){ -- int state = -1; -- if(handle==NULL){ -- handle = lt_dlopen(pathToSO); -- DEBUG("OPENED HANDLE!"); -- } -- -- if(handle==NULL){ -- DEBUG("HANDLE IS NULL"); -- DEBUG("rlm_eap_tnc: Failed to link to library %s: %s", -- pathToSO, lt_dlerror()); -- }else{ -- DEBUG("SO %s found!", pathToSO); -- if(callTNCS==NULL){ -- callTNCS = (ExchangeTNCCSMessagePointer) getProcAddress(handle, "exchangeTNCCSMessages"); -- } -- if(callTNCS!=NULL){ -- DEBUG("TNCS is connected"); -- state = 0; --// int ret = callTNCS2(2, "Bla", NULL); -- // DEBUG("GOT %d from exchangeTNCCSMessages", ret); -- }else{ -- DEBUG("Could not find exchangeTNCCSMessages"); -- } -- -- } -- return state; --} -- --/* -- * Accesspoint to the TNCS for sending and receiving TNCCS-Messages. -- * -pathToSO: Path to TNCCS-Shared Object -- * -connId: identifies the client which the passed message belongs to. -- * -isAcknoledgement: 1 if acknoledgement received (then all following in-parameters unimportant -- * -input: input-TNCCS-message received from the client with connId -- * -inputLength: length of input-TNCCS-message -- * -isFirst: 1 if first message in fragmentation else 0 -- * -moreFragments: are there more Fragments to come (yes: 1, no: 0)? -- * -overallLength: length of all fragments together (only set if fragmentation) -- * -output: answer-TNCCS-message from the TNCS to the client -- * -outputLength: length of answer-TNCCS-message -- * -answerIsFirst: returned answer is first in row -- * -moreFragmentsFollow: more fragments after this answer -- * -overallLengthOut: length of all fragments together (only set if fragmentation) as answer -- * -- * return: state of connection as result of the exchange -- */ --TNC_ConnectionState exchangeTNCCSMessages(/*in*/ char *pathToSO, -- /*in*/ TNC_ConnectionID connId, -- /*in*/ int isAcknoledgement, -- /*in*/ TNC_BufferReference input, -- /*in*/ TNC_UInt32 inputLength, -- /*in*/ int isFirst, -- /*in*/ int moreFragments, -- /*in*/ TNC_UInt32 overallLength, -- /*out*/ TNC_BufferReference *output, -- /*out*/ TNC_UInt32 *outputLength, -- /*out*/ int *answerIsFirst, -- /*out*/ int *moreFragmentsFollow, -- /*out*/ TNC_UInt32 *overallLengthOut){ -- TNC_ConnectionState state = TNC_CONNECTION_STATE_ACCESS_NONE; -- int connectStatus = connectToTncs(pathToSO); -- if(connectStatus!=-1){ -- state = callTNCS(connId, -- isAcknoledgement, -- input, -- inputLength, -- isFirst, -- moreFragments, -- overallLength, -- output, -- outputLength, -- answerIsFirst, -- moreFragmentsFollow, -- overallLengthOut); -- DEBUG("GOT TNC_ConnectionState (juhuuu): %u", (unsigned int) state); -- }else{ -- DEBUG("CAN NOT CONNECT TO TNCS"); -- } -- return state; --} -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.h freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.h ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.h 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs_connect.h 1970-01-01 01:00:00.000000000 +0100 -@@ -1,70 +0,0 @@ --/* -- * This software is Copyright (C) 2006,2007 FH Hannover -- * -- * Portions of this code unrelated to FreeRADIUS are available -- * separately under a commercial license. If you require an -- * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -- * -- * This program is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation; either version 2 of the License, or -- * (at your option) any later version. -- * -- * This program is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with this program; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA -- * -- */ -- --#ifndef _TNCS_CONNECT_H_ --#define _TNCS_CONNECT_H_ -- --#include "tncs.h" -- --/* -- * establishs the connection to the TNCCS without calling functionality. -- * That means that the TNCS-shared-object is loaded and the function-pointer -- * to "exchangeTNCCSMessages" is explored. -- * -- * return: -1 if connect failed, 0 if connect was successful -- */ --int connectToTncs(char *pathToSO); --/* -- * Accesspoint to the TNCS for sending and receiving TNCCS-Messages. -- * -pathToSO: Path to TNCCS-Shared Object -- * -connId: identifies the client which the passed message belongs to. -- * -isAcknoledgement: 1 if acknoledgement received (then all following in-parameters unimportant -- * -input: input-TNCCS-message received from the client with connId -- * -inputLength: length of input-TNCCS-message -- * -isFirst: 1 if first message in fragmentation else 0 -- * -moreFragments: are there more Fragments to come (yes: 1, no: 0)? -- * -overallLength: length of all fragments together (only set if fragmentation) -- * -output: answer-TNCCS-message from the TNCS to the client -- * -outputLength: length of answer-TNCCS-message -- * -answerIsFirst: returned answer is first in row -- * -moreFragmentsFollow: more fragments after this answer -- * -overallLengthOut: length of all fragments together (only set if fragmentation) as answer -- * -- * return: state of connection as result of the exchange -- */ --TNC_ConnectionState exchangeTNCCSMessages(/*in*/ char *pathToSO, -- /*in*/ TNC_ConnectionID connId, -- /*in*/ int isAcknoledgement, -- /*in*/ TNC_BufferReference input, -- /*in*/ TNC_UInt32 inputLength, -- /*in*/ int isFirst, -- /*in*/ int moreFragments, -- /*in*/ TNC_UInt32 overallLength, -- /*out*/ TNC_BufferReference *output, -- /*out*/ TNC_UInt32 *outputLength, -- /*out*/ int *answerIsFirst, -- /*out*/ int *moreFragmentsFollow, -- /*out*/ TNC_UInt32 *overallLengthOut); -- --#endif //_TNCS_CONNECT_H_ -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs.h freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs.h ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/tncs.h 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/tncs.h 1970-01-01 01:00:00.000000000 +0100 -@@ -1,86 +0,0 @@ --/* -- * This software is Copyright (C) 2006,2007 FH Hannover -- * -- * Portions of this code unrelated to FreeRADIUS are available -- * separately under a commercial license. If you require an -- * implementation of EAP-TNC that is not under the GPLv2, please -- * contact tnc@inform.fh-hannover.de for details. -- * -- * This program is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation; either version 2 of the License, or -- * (at your option) any later version. -- * -- * This program is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with this program; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA -- * -- */ -- --#ifndef _TNCS_H_ --#define _TNCS_H_ -- -- -- --#ifdef __cplusplus --extern "C" { --#endif -- --/* -- * copied from tncimv.h: -- */ --typedef unsigned long TNC_UInt32; --typedef TNC_UInt32 TNC_ConnectionState; --typedef unsigned char *TNC_BufferReference; --typedef TNC_UInt32 TNC_ConnectionID; -- --#define TNC_CONNECTION_STATE_CREATE 0 --#define TNC_CONNECTION_STATE_HANDSHAKE 1 --#define TNC_CONNECTION_STATE_ACCESS_ALLOWED 2 --#define TNC_CONNECTION_STATE_ACCESS_ISOLATED 3 --#define TNC_CONNECTION_STATE_ACCESS_NONE 4 --#define TNC_CONNECTION_STATE_DELETE 5 --#define TNC_CONNECTION_EAP_ACKNOWLEDGEMENT 6 -- --/* -- * Accesspoint (as function-pointer) to the TNCS for sending and receiving -- * TNCCS-Messages. -- * -- * -connId: identifies the client which the passed message belongs to. -- * -isAcknoledgement: 1 if acknoledgement received (then all following in-parameters unimportant -- * -input: input-TNCCS-message received from the client with connId -- * -inputLength: length of input-TNCCS-message -- * -isFirst: 1 if first message in fragmentation else 0 -- * -moreFragments: are there more Fragments to come (yes: 1, no: 0)? -- * -overallLength: length of all fragments together (only set if fragmentation) -- * -output: answer-TNCCS-message from the TNCS to the client -- * -outputLength: length of answer-TNCCS-message -- * -answerIsFirst: returned answer is first in row -- * -moreFragmentsFollow: more fragments after this answer -- * -overallLengthOut: length of all fragments together (only set if fragmentation) as answer -- * -- * return: state of connection as result of the exchange -- */ --typedef TNC_ConnectionState (*ExchangeTNCCSMessagePointer)(/*in*/ TNC_ConnectionID connId, -- /*in*/ int isAcknoledgement, -- /*in*/ TNC_BufferReference input, -- /*in*/ TNC_UInt32 inputLength, -- /*in*/ int isFirst, -- /*in*/ int moreFragments, -- /*in*/ TNC_UInt32 overallLength, -- /*out*/ TNC_BufferReference *output, -- /*out*/ TNC_UInt32 *outputLength, -- /*out*/ int *answerIsFirst, -- /*out*/ int *moreFragmentsFollow, -- /*out*/ TNC_UInt32 *overallLengthOut --); -- --#ifdef __cplusplus --} --#endif --#endif //_TNCS_H_ -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h 2012-12-04 19:39:54.749423138 +0100 -@@ -37,6 +37,10 @@ - int copy_request_to_tunnel; - int use_tunneled_reply; - const char *virtual_server; -+ const char *tnc_virtual_server; // virtual server for EAP-TNC as the second inner method -+ VALUE_PAIR *auth_reply; // cache storage of the last reply of the first inner method -+ int auth_code; // cache storage of the reply-code of the first inner method -+ int doing_tnc; // status if we're doing EAP-TNC - } ttls_tunnel_t; - - /* -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c 2012-12-04 19:39:54.749423138 +0100 -@@ -62,6 +62,11 @@ - * Virtual server for inner tunnel session. - */ - char *virtual_server; -+ -+ /* -+ * Virtual server for the second inner tunnel method, which is EAP-TNC. -+ */ -+ char *tnc_virtual_server; - } rlm_eap_ttls_t; - - -@@ -78,6 +83,9 @@ - { "virtual_server", PW_TYPE_STRING_PTR, - offsetof(rlm_eap_ttls_t, virtual_server), NULL, NULL }, - -+ { "tnc_virtual_server", PW_TYPE_STRING_PTR, -+ offsetof(rlm_eap_ttls_t, tnc_virtual_server), NULL, NULL }, -+ - { "include_length", PW_TYPE_BOOLEAN, - offsetof(rlm_eap_ttls_t, include_length), NULL, "yes" }, - -@@ -171,6 +179,10 @@ - t->copy_request_to_tunnel = inst->copy_request_to_tunnel; - t->use_tunneled_reply = inst->use_tunneled_reply; - t->virtual_server = inst->virtual_server; -+ t->tnc_virtual_server = inst->tnc_virtual_server; // virtual server for EAP-TNC as the second inner method -+ t->auth_reply = NULL; // cache storage of the last reply of the first inner method -+ t->auth_code = -1; // cache storage of the reply-code of the first inner method -+ t->doing_tnc = 0; // status if we're doing EAP-TNC (on start we're doing NOT) - return t; - } - -diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c ---- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c 2012-09-10 13:51:34.000000000 +0200 -+++ freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c 2012-12-04 19:39:54.749423138 +0100 -@@ -585,6 +585,94 @@ - } - - /* -+ * Start EAP-TNC as a second inner method. -+ * Creates a new fake-request out of the original incoming request (via EAP_HANDLER). -+ * If it's the first time, we create a EAP-START-packet and send -+ * EAP-START := code = PW_EAP_REQUEST -+ * -+ */ -+static REQUEST* start_tnc(EAP_HANDLER *handler, ttls_tunnel_t *t) { -+ REQUEST* request = handler->request; -+ RDEBUG2("EAP-TNC as second inner authentication method starts now"); -+ -+ /* -+ * Allocate a fake REQUEST struct, -+ * to make a new request, based on the original request. -+ */ -+ REQUEST* fake = request_alloc_fake(request); -+ -+ /* -+ * Set the virtual server to that of EAP-TNC. -+ */ -+ fake->server = t->tnc_virtual_server; -+ -+ /* -+ * Build a new EAP-Message. -+ */ -+ VALUE_PAIR *eap_msg; -+ eap_msg = paircreate(PW_EAP_MESSAGE, PW_TYPE_OCTETS); -+ -+ /* -+ * Set the EAP-Message to look like EAP-Start -+ */ -+ eap_msg->vp_octets[0] = PW_EAP_RESPONSE; -+ eap_msg->vp_octets[1] = 0x00; -+ -+ /* -+ * Only setting EAP-TNC here, -+ * because it is intended to do user-authentication in the first inner method, -+ * and then a hardware-authentication (like EAP-TNC) as the second method. -+ */ -+ eap_msg->vp_octets[4] = PW_EAP_TNC; -+ -+ eap_msg->length = 0; -+ -+ /* -+ * Add the EAP-Message to the request. -+ */ -+ pairadd(&(fake->packet->vps), eap_msg); -+ -+ /* -+ * Process the new request by the virtual server configured for -+ * EAP-TNC. -+ */ -+ rad_authenticate(fake); -+ -+ /* -+ * From now on we're doing EAP-TNC as the second inner authentication method. -+ */ -+ t->doing_tnc = TRUE; -+ -+ return fake; -+} -+ -+/* -+ * Stop EAP-TNC as a second inner method. -+ * Copy the value pairs from the cached Access-Accept of the first inner method -+ * to the Access-Accept/Reject package of EAP-TNC. -+ */ -+static REQUEST* stop_tnc(REQUEST *request, ttls_tunnel_t *t) { -+ RDEBUG2("EAP-TNC as second inner authentication method stops now"); -+ -+ /* -+ * Copy the value-pairs of the origina Access-Accept of the first -+ * inner authentication method to the Access-Accept/Reject of the -+ * second inner authentication method (EAP-TNC). -+ */ -+ if (request->reply->code == PW_AUTHENTICATION_ACK) { -+ pairadd(&(request->reply->vps), t->auth_reply); -+ } else if (request->reply->code == PW_AUTHENTICATION_REJECT) { -+ pairadd(&(request->reply->vps), t->auth_reply); -+ } -+ -+ pairdelete(&(request->reply->vps), PW_MESSAGE_AUTHENTICATOR); -+ pairdelete(&(request->reply->vps), PW_PROXY_STATE); -+ pairdelete(&(request->reply->vps), PW_USER_NAME); -+ -+ return request; -+} -+ -+/* - * Use a reply packet to determine what to do. - */ - static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, -@@ -1135,6 +1223,16 @@ - - } /* else fake->server == request->server */ - -+ /* -+ * If we're doing EAP-TNC as a second method, -+ * then set the server to that one. -+ * Then, rad_authenticate will run EAP-TNC, -+ * so that afterwards we have to look for the state of -+ * EAP-TNC. -+ */ -+ if (t->doing_tnc) { -+ fake->server = t->tnc_virtual_server; -+ } - - if ((debug_flag > 0) && fr_log_fp) { - RDEBUG("Sending tunneled request"); -@@ -1248,6 +1346,53 @@ - - default: - /* -+ * If the result of the first method was an acknowledgment OR -+ * if were already running EAP-TNC, -+ * we're doing additional things before processing the reply. -+ * Also the configuration for EAP-TTLS has to contain a virtual server -+ * for EAP-TNC as the second method. -+ */ -+ if (t->tnc_virtual_server) { -+ /* -+ * If the reply code of the first inner method is PW_AUTHENTICATION_ACK -+ * which means that the method was successful, -+ * and we're not doing EAP-TNC as the second method, -+ * then we want to intercept the Access-Accept and start EAP-TNC as the second inner method. -+ */ -+ if (fake->reply->code == PW_AUTHENTICATION_ACK -+ && t->doing_tnc == FALSE) { -+ RDEBUG2("Reply-Code of the first inner method was: %d (PW_AUTHENTICATION_ACK)", fake->reply->code); -+ -+ /* -+ * Save reply-value pairs and reply-code of the first method. -+ */ -+ t->auth_reply = fake->reply->vps; -+ fake->reply->vps = NULL; -+ t->auth_code = fake->reply->code; -+ -+ /* -+ * Create the start package for EAP-TNC. -+ */ -+ fake = start_tnc(handler, t); -+ -+ /* -+ * If we're doing EAP-TNC as the second inner method, -+ * and the reply->code was PW_AUTHENTICATION_ACK or PW_AUTHENTICATION_REJECT, -+ * then we stop EAP-TNC and create an combined Access-Accept or Access-Reject. -+ */ -+ } else if (t->doing_tnc == TRUE -+ && (fake->reply->code == PW_AUTHENTICATION_ACK || fake->reply->code == PW_AUTHENTICATION_REJECT)) { -+ -+ /* -+ * Create the combined Access-Accept or -Reject. -+ */ -+ RDEBUG2("Reply-Code of EAP-TNC as the second inner method was: %d (%s)", fake->reply->code, -+ fake->reply->code == PW_AUTHENTICATION_ACK ? "PW_AUTHENTICATION_ACK" : "PW_AUTHENTICATION_REJECT"); -+ fake = stop_tnc(fake, t); -+ } -+ } -+ -+ /* - * Returns RLM_MODULE_FOO, and we want to return - * PW_FOO - */ diff --git a/testing/scripts/recipes/patches/hostapd-config b/testing/scripts/recipes/patches/hostapd-config deleted file mode 100644 index b26d2783fa..0000000000 --- a/testing/scripts/recipes/patches/hostapd-config +++ /dev/null @@ -1,38 +0,0 @@ -diff -u -ur hostapd-2.0.orig/hostapd/defconfig hostapd-2.0/hostapd/defconfig ---- hostapd-2.0.orig/hostapd/defconfig 2013-01-12 16:42:53.000000000 +0100 -+++ hostapd-2.0/hostapd/defconfig 2016-06-15 17:32:57.000000000 +0200 -@@ -13,14 +13,14 @@ - CONFIG_DRIVER_HOSTAP=y - - # Driver interface for wired authenticator --#CONFIG_DRIVER_WIRED=y -+CONFIG_DRIVER_WIRED=y - - # Driver interface for madwifi driver - #CONFIG_DRIVER_MADWIFI=y - #CFLAGS += -I../../madwifi # change to the madwifi source directory - - # Driver interface for drivers using the nl80211 kernel interface --CONFIG_DRIVER_NL80211=y -+#CONFIG_DRIVER_NL80211=y - - # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) - #CONFIG_DRIVER_BSD=y -@@ -30,7 +30,7 @@ - #LIBS_c += -L/usr/local/lib - - # Driver interface for no driver (e.g., RADIUS server only) --#CONFIG_DRIVER_NONE=y -+CONFIG_DRIVER_NONE=y - - # IEEE 802.11F/IAPP - CONFIG_IAPP=y -@@ -152,7 +152,7 @@ - - # Add support for writing debug log to a file: -f /tmp/hostapd.log - # Disabled by default. --#CONFIG_DEBUG_FILE=y -+CONFIG_DEBUG_FILE=y - - # Remove support for RADIUS accounting - #CONFIG_NO_ACCOUNTING=y \ No newline at end of file diff --git a/testing/scripts/recipes/patches/tnc-fhh-tncsim b/testing/scripts/recipes/patches/tnc-fhh-tncsim deleted file mode 100644 index 42c714480a..0000000000 --- a/testing/scripts/recipes/patches/tnc-fhh-tncsim +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index fe65134512ea..3c5255f21ea6 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -101,7 +101,6 @@ IF(${COMPONENT} STREQUAL "ALL") - add_subdirectory(tncxacml) - add_subdirectory(imcv) - add_subdirectory(tncs) -- add_subdirectory(tncsim) - - IF(${NAL} STREQUAL "8021X" OR ${NAL} STREQUAL "ALL") - add_subdirectory(naaeap) diff --git a/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc b/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc deleted file mode 100644 index 2e00e5b446..0000000000 --- a/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc +++ /dev/null @@ -1,47 +0,0 @@ -diff -urN wpa_supplicant-2.0.ori/src/eap_peer/tncc.c wpa_supplicant-2.0/src/eap_peer/tncc.c ---- wpa_supplicant-2.0.ori/src/eap_peer/tncc.c 2013-01-12 16:42:53.000000000 +0100 -+++ wpa_supplicant-2.0/src/eap_peer/tncc.c 2013-03-23 13:10:22.151059154 +0100 -@@ -465,7 +465,7 @@ - return -1; - } - #else /* CONFIG_NATIVE_WINDOWS */ -- imc->dlhandle = dlopen(imc->path, RTLD_LAZY); -+ imc->dlhandle = dlopen(imc->path, RTLD_LAZY | RTLD_GLOBAL); - if (imc->dlhandle == NULL) { - wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s", - imc->name, imc->path, dlerror()); -diff -urN wpa_supplicant-2.0.ori/wpa_supplicant/defconfig wpa_supplicant-2.0/wpa_supplicant/defconfig ---- wpa_supplicant-2.0.ori/wpa_supplicant/defconfig 2013-01-12 16:42:53.000000000 +0100 -+++ wpa_supplicant-2.0/wpa_supplicant/defconfig 2013-03-23 13:06:08.759052370 +0100 -@@ -86,7 +86,7 @@ - CONFIG_DRIVER_WEXT=y - - # Driver interface for Linux drivers using the nl80211 kernel interface --CONFIG_DRIVER_NL80211=y -+#CONFIG_DRIVER_NL80211=y - - # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) - #CONFIG_DRIVER_BSD=y -@@ -193,7 +193,7 @@ - #CONFIG_EAP_GPSK_SHA256=y - - # EAP-TNC and related Trusted Network Connect support (experimental) --#CONFIG_EAP_TNC=y -+CONFIG_EAP_TNC=y - - # Wi-Fi Protected Setup (WPS) - #CONFIG_WPS=y -diff -urN wpa_supplicant-2.0.ori/wpa_supplicant/Makefile wpa_supplicant-2.0/wpa_supplicant/Makefile ---- wpa_supplicant-2.0.ori/wpa_supplicant/Makefile 2013-01-12 16:42:53.000000000 +0100 -+++ wpa_supplicant-2.0/wpa_supplicant/Makefile 2013-03-23 13:06:08.759052370 +0100 -@@ -6,8 +6,8 @@ - CFLAGS = -MMD -O2 -Wall -g - endif - --export LIBDIR ?= /usr/local/lib/ --export BINDIR ?= /usr/local/sbin/ -+export LIBDIR ?= /usr/lib/ -+export BINDIR ?= /usr/sbin/ - PKG_CONFIG ?= pkg-config - - CFLAGS += -I../src diff --git a/testing/tests/tnc/tnccs-11-fhh/description.txt b/testing/tests/tnc/tnccs-11-fhh/description.txt deleted file mode 100644 index 8ce1157e9a..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/description.txt +++ /dev/null @@ -1,13 +0,0 @@ -The roadwarriors carol and dave set up a connection each to gateway moon -using EAP-TTLS authentication only with the gateway presenting a server certificate and -the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The Dummy IMC and IMV from the - -TNC@FHH project are used which communicate over a proprietary protocol. -

-carol passes the health test and dave fails. Based on these measurements the -clients are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, -respectively. - diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat deleted file mode 100644 index 0b7655bdda..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat +++ /dev/null @@ -1,18 +0,0 @@ -carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::added group membership 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/init.d/charon b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf deleted file mode 100644 index b094a3aaa1..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index 0f266dd93a..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = carol@strongswan.org - } - remote { - auth = eap-ttls - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file deleted file mode 100644 index f5da834c0c..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -allow diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties deleted file mode 100644 index b1c6941075..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config deleted file mode 100644 index d2fabe109e..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so -#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/init.d/charon b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf deleted file mode 100644 index b094a3aaa1..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 989ab88c74..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = dave@strongswan.org - } - remote { - auth = eap-ttls - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file deleted file mode 100644 index c20b5e57ff..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -isolate \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties deleted file mode 100644 index b1c6941075..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config deleted file mode 100644 index d2fabe109e..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so -#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/init.d/charon b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf deleted file mode 100644 index aacee22214..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,28 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown - - multiple_authentication = no - - syslog { - daemon { - tnc = 3 - } - } - plugins { - eap-ttls { - phase2_method = md5 - phase2_piggyback = yes - phase2_tnc = yes - phase2_tnc_method = tnc - } - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 1238c1a91f..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,64 +0,0 @@ -connections { - - rw-allow { - local_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = moon.strongswan.org - } - remote { - auth = eap-ttls - id = *@strongswan.org - groups = allow - } - children { - rw-allow { - local_ts = 10.1.0.0/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } - - rw-isolate { - local_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = moon.strongswan.org - } - remote { - auth = eap-ttls - id = *@strongswan.org - groups = isolate - } - children { - rw-isolate { - local_ts = 10.1.0.16/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap-carol { - id = carol@strongswan.org - secret = "Ar3etTnp" - } - eap-dave { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy deleted file mode 100644 index d00491fd7e..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy deleted file mode 100644 index d8215dd3cd..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy +++ /dev/null @@ -1,40 +0,0 @@ -#FTP - File Transfer Protocol -TCP 20 = whatever -TCP 21 = close - -#SSH - Secure Shell -TCP 22 = whatever - -#Telnet -TCP 23 = close - -#E-Mail -# -#SMTP - Simple Mail Transfer Protocol -TCP 25 = close -TCP 587 = close -#POP3 - Post Office Protocol version 3 -TCP 110 = close -TCP 995 = close - -#DNS - Domain Name System -UDP 53 = close -TCP 53 = close - -#BOOTP/DHCP - Bootstrap Protocol / -#Dynamic Host Configuration Protocol -UDP 67 = close -#UDP 68 = open -UDP 68 = whatever - -#www - World Wide Web -#HTTP - Hypertext Transfer Protocol -TCP 80 = close -#HTTPS - Hypertext Transfer Protocol Secure -TCP 443 = close - -#examples -TCP 8080 = close -TCP 5223 = whatever -UDP 4444 = close -UDP 631 = whatever diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties deleted file mode 100644 index 122d798b30..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config deleted file mode 100644 index 140caa98f4..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan server - -IMV "Dummy" /usr/local/lib/libdummyimv.so -#IMV "HostScanner" /usr/local/lib/libhostscannerimv.so diff --git a/testing/tests/tnc/tnccs-11-fhh/posttest.dat b/testing/tests/tnc/tnccs-11-fhh/posttest.dat deleted file mode 100644 index 199873ba11..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -carol::systemctl stop strongswan-swanctl -dave::systemctl stop strongswan-swanctl -moon::systemctl stop strongswan-swanctl -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat deleted file mode 100644 index 79340af29e..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/pretest.dat +++ /dev/null @@ -1,20 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -moon::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::cat /etc/tnc/dummyimc.file -dave::cat /etc/tnc/dummyimc.file -carol::rm /etc/swanctl/rsa/* -dave::rm /etc/swanctl/rsa/* -carol::rm /etc/swanctl/x509/* -dave::rm /etc/swanctl/x509/* -moon::systemctl start strongswan-swanctl -carol::systemctl start strongswan-swanctl -dave::systemctl start strongswan-swanctl -moon::expect-connection rw-allow -carol::expect-connection home -carol::swanctl --initiate --child home 2> /dev/null -dave::expect-connection home -dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/tnc/tnccs-11-fhh/test.conf b/testing/tests/tnc/tnccs-11-fhh/test.conf deleted file mode 100644 index 61f2312af1..0000000000 --- a/testing/tests/tnc/tnccs-11-fhh/test.conf +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS= -# charon controlled by swanctl -# -SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-11-radius-block/description.txt b/testing/tests/tnc/tnccs-11-radius-block/description.txt deleted file mode 100644 index 67b1a2a347..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/description.txt +++ /dev/null @@ -1,14 +0,0 @@ -The roadwarriors carol and dave set up a connection each to gateway moon. -At the outset the gateway authenticates itself to the clients by sending an IKEv2 -RSA signature accompanied by a certificate. -carol and dave then set up an EAP-TTLS tunnel each via moon to the - -TNC@FHH-enhanced FreeRADIUS server alice authenticated by an X.509 AAA certificate. -The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The IMC and IMV communicate are using the IF-M protocol defined by RFC 5792 PA-TNC. -

-carol passes the health test and dave fails. Based on these measurements carol -is authenticated successfully and is granted access to the subnet behind moon whereas -dave fails the layered EAP authentication and is rejected. diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat deleted file mode 100644 index b2fc619495..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat +++ /dev/null @@ -1,15 +0,0 @@ -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES -dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home::NO -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf deleted file mode 100644 index 31556361e8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf +++ /dev/null @@ -1,25 +0,0 @@ -eap { - md5 { - } - default_eap_type = ttls - tls { - private_key_file = /etc/raddb/certs/aaaKey.pem - certificate_file = /etc/raddb/certs/aaaCert.pem - CA_file = /etc/raddb/certs/strongswanCert.pem - cipher_list = "DEFAULT" - dh_file = /etc/raddb/certs/dh - random_file = /etc/raddb/certs/random - } - ttls { - default_eap_type = md5 - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - tnc_virtual_server = "inner-tunnel-second" - } -} - -eap eap_tnc { - default_eap_type = tnc - tnc { - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf deleted file mode 100644 index 23cba8d11b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ -realm strongswan.org { - type = radius - authhost = LOCAL - accthost = LOCAL -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default deleted file mode 100644 index dd0825858a..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default +++ /dev/null @@ -1,43 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel deleted file mode 100644 index e088fae14b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel +++ /dev/null @@ -1,32 +0,0 @@ -server inner-tunnel { - -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -session { - radutmp -} - -post-auth { - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - -} # inner-tunnel server block diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second deleted file mode 100644 index c5bde6a9e3..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second +++ /dev/null @@ -1,36 +0,0 @@ -server inner-tunnel-second { - -authorize { - eap_tnc { - ok = return - } -} - -authenticate { - eap_tnc -} - -session { - radutmp -} - -post-auth { - if (control:TNC-Status == "Access") { - update reply { - Tunnel-Type := ESP - Filter-Id := "allow" - } - } - elsif (control:TNC-Status == "Isolate") { - update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" - } - } - - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -} # inner-tunnel-second block diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users deleted file mode 100644 index 50ccf3e763..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users +++ /dev/null @@ -1,2 +0,0 @@ -carol Cleartext-Password := "Ar3etTnp" -dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 7622801ab4..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - assessment_result = no - plugins { - imv-test { - rounds = 1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties deleted file mode 100644 index 2bdc6e4dec..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b0..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 305a9d1e68..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,27 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = allow - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index ff58c7c9aa..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = carol@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 5d17eb638f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = none - } - imc-scanner { - push_info = no - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 5af2098b61..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = dave@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 4c9dd6e1f6..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown - - multiple_authentication=no - - plugins { - eap-radius { - secret = gv6URkSs - server = 10.1.0.10 - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 28b32b74cd..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,27 +0,0 @@ -connections { - - rw { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - certs = moonCert.pem - } - remote { - auth = eap-radius - id = *@strongswan.org - } - children { - rw { - local_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat deleted file mode 100644 index 0d96563c10..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -carol::systemctl stop strongswan-swanctl -dave::systemctl stop strongswan-swanctl -moon::systemctl stop strongswan-swanctl -alice::killall radiusd -alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat deleted file mode 100644 index efddc609e9..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat +++ /dev/null @@ -1,21 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second -alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second -alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd -alice::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::rm /etc/swanctl/rsa/* -dave::rm /etc/swanctl/rsa/* -carol::rm /etc/swanctl/x509/* -dave::rm /etc/swanctl/x509/* -moon::systemctl start strongswan-swanctl -carol::systemctl start strongswan-swanctl -dave::systemctl start strongswan-swanctl -moon::expect-connection rw -carol::expect-connection home -carol::swanctl --initiate --child home -dave::expect-connection home -dave::swanctl --initiate --child home diff --git a/testing/tests/tnc/tnccs-11-radius-block/test.conf b/testing/tests/tnc/tnccs-11-radius-block/test.conf deleted file mode 100644 index 8d7f514498..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/test.conf +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS="alice" - -# charon controlled by swanctl -# -SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-11-radius-pts/description.txt b/testing/tests/tnc/tnccs-11-radius-pts/description.txt deleted file mode 100644 index d5729dd7bf..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/description.txt +++ /dev/null @@ -1,14 +0,0 @@ -The roadwarriors carol and dave set up a connection each to gateway moon. -At the outset the gateway authenticates itself to the clients by sending an IKEv2 -RSA signature accompanied by a certificate. -carol and dave then set up an EAP-TTLS tunnel each via moon to the - -TNC@FHH-enhanced FreeRADIUS server alice authenticated by an X.509 AAA certificate. -The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The communication between the OS and Attestation IMC and the Attestation IMV is based on the - IF-M protocol defined by RFC 5792 PA-TNC. -

-carol passes the health test and dave fails. Based on these measurements the clients -are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, respectively. diff --git a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat deleted file mode 100644 index 588ddf4696..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat +++ /dev/null @@ -1,18 +0,0 @@ -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf deleted file mode 100644 index 31556361e8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf +++ /dev/null @@ -1,25 +0,0 @@ -eap { - md5 { - } - default_eap_type = ttls - tls { - private_key_file = /etc/raddb/certs/aaaKey.pem - certificate_file = /etc/raddb/certs/aaaCert.pem - CA_file = /etc/raddb/certs/strongswanCert.pem - cipher_list = "DEFAULT" - dh_file = /etc/raddb/certs/dh - random_file = /etc/raddb/certs/random - } - ttls { - default_eap_type = md5 - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - tnc_virtual_server = "inner-tunnel-second" - } -} - -eap eap_tnc { - default_eap_type = tnc - tnc { - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf deleted file mode 100644 index 23cba8d11b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ -realm strongswan.org { - type = radius - authhost = LOCAL - accthost = LOCAL -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default deleted file mode 100644 index dd0825858a..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default +++ /dev/null @@ -1,43 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel deleted file mode 100644 index e088fae14b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel +++ /dev/null @@ -1,32 +0,0 @@ -server inner-tunnel { - -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -session { - radutmp -} - -post-auth { - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - -} # inner-tunnel server block diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second deleted file mode 100644 index c5bde6a9e3..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second +++ /dev/null @@ -1,36 +0,0 @@ -server inner-tunnel-second { - -authorize { - eap_tnc { - ok = return - } -} - -authenticate { - eap_tnc -} - -session { - radutmp -} - -post-auth { - if (control:TNC-Status == "Access") { - update reply { - Tunnel-Type := ESP - Filter-Id := "allow" - } - } - elsif (control:TNC-Status == "Isolate") { - update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" - } - } - - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -} # inner-tunnel-second block diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users deleted file mode 100644 index 50ccf3e763..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users +++ /dev/null @@ -1,2 +0,0 @@ -carol Cleartext-Password := "Ar3etTnp" -dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql deleted file mode 100644 index d87b5e7f9c..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql +++ /dev/null @@ -1,29 +0,0 @@ -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) -SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 -FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 16, 2, 0 -); - -DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf deleted file mode 100644 index a3f4ca12c0..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce openssl pubkey sqlite - debug_level = 3 - database = sqlite:///etc/db.d/config.db - policy_script = /usr/local/libexec/ipsec/imv_policy_manager - assessment_result = no -} - -attest { - database = sqlite:///etc/db.d/config.db -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties deleted file mode 100644 index 2bdc6e4dec..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config deleted file mode 100644 index b5ac8c1781..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so -IMV "Attestation" /usr/local/lib/ipsec/imcvs/imv-attestation.so diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf deleted file mode 100644 index a534ac66e8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index 1516ad726f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = carol@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-ecp256 - } - } - version = 2 - proposals = aes128-sha256-ecp256 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config deleted file mode 100644 index 15dc93a0a1..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 469e81156b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,20 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - retransmit_tries = 5 - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 07b35dcb94..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = dave@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-ecp256 - } - } - version = 2 - proposals = aes128-sha256-ecp256 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config deleted file mode 100644 index 15dc93a0a1..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf deleted file mode 100644 index cbaf67c895..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce openssl pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-radius updown - - multiple_authentication=no - - plugins { - eap-radius { - secret = gv6URkSs - server = 10.1.0.10 - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 096eb7b5ab..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,53 +0,0 @@ -connections { - - rw-allow { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - certs = moonCert.pem - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = allow - } - children { - rw-allow { - local_ts = 10.1.0.0/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-ecp256 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-ecp256 - } - - rw-isolate { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = isolate - } - children { - rw-isolate { - local_ts = 10.1.0.16/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-ecp256 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-ecp256 - } -} diff --git a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat deleted file mode 100644 index ab96df0ed2..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat +++ /dev/null @@ -1,9 +0,0 @@ -carol::systemctl stop strongswan-swanctl -dave::systemctl stop strongswan-swanctl -moon::systemctl stop strongswan-swanctl -alice::killall radiusd -alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second -carol::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat deleted file mode 100644 index 7d0dfa3854..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat +++ /dev/null @@ -1,28 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -carol::echo 0 > /proc/sys/net/ipv4/ip_forward -dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id -alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second -alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second -alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db -alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd -alice::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::rm /etc/swanctl/rsa/* -dave::rm /etc/swanctl/rsa/* -carol::rm /etc/swanctl/x509/* -dave::rm /etc/swanctl/x509/* -moon::systemctl start strongswan-swanctl -carol::systemctl start strongswan-swanctl -dave::systemctl start strongswan-swanctl -moon::expect-connection rw-allow -moon::expect-connection rw-isolate -carol::expect-connection home -carol::swanctl --initiate --child home -dave::expect-connection home -dave::swanctl --initiate --child home -alice::ipsec attest --sessions -alice::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-11-radius-pts/test.conf b/testing/tests/tnc/tnccs-11-radius-pts/test.conf deleted file mode 100644 index 05d40f98d9..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-pts/test.conf +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS="alice" - -# Guest instances on which databases are used -# -DBHOSTS="alice" - -# charon controlled by swanctl -# -SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-11-radius/description.txt b/testing/tests/tnc/tnccs-11-radius/description.txt deleted file mode 100644 index 4017c6eda1..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/description.txt +++ /dev/null @@ -1,13 +0,0 @@ -The roadwarriors carol and dave set up a connection each to gateway moon. -At the outset the gateway authenticates itself to the clients by sending an IKEv2 -RSA signature accompanied by a certificate. -carol and dave then set up an EAP-TTLS tunnel each via moon to the - -TNC@FHH-enhanced FreeRADIUS server alice authenticated by an X.509 AAA certificate. -The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The communication between IMCs and IMVs is based on the IF-M protocol defined by RFC 5792 PA-TNC. -

-carol passes the health test and dave fails. Based on these measurements the clients -are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, respectively. diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat deleted file mode 100644 index cbafc13032..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/evaltest.dat +++ /dev/null @@ -1,18 +0,0 @@ -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES -dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf deleted file mode 100644 index 31556361e8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf +++ /dev/null @@ -1,25 +0,0 @@ -eap { - md5 { - } - default_eap_type = ttls - tls { - private_key_file = /etc/raddb/certs/aaaKey.pem - certificate_file = /etc/raddb/certs/aaaCert.pem - CA_file = /etc/raddb/certs/strongswanCert.pem - cipher_list = "DEFAULT" - dh_file = /etc/raddb/certs/dh - random_file = /etc/raddb/certs/random - } - ttls { - default_eap_type = md5 - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - tnc_virtual_server = "inner-tunnel-second" - } -} - -eap eap_tnc { - default_eap_type = tnc - tnc { - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf deleted file mode 100644 index 23cba8d11b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ -realm strongswan.org { - type = radius - authhost = LOCAL - accthost = LOCAL -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default deleted file mode 100644 index dd0825858a..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default +++ /dev/null @@ -1,43 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel deleted file mode 100644 index e088fae14b..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel +++ /dev/null @@ -1,32 +0,0 @@ -server inner-tunnel { - -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -session { - radutmp -} - -post-auth { - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - -} # inner-tunnel server block diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second deleted file mode 100644 index c5bde6a9e3..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second +++ /dev/null @@ -1,36 +0,0 @@ -server inner-tunnel-second { - -authorize { - eap_tnc { - ok = return - } -} - -authenticate { - eap_tnc -} - -session { - radutmp -} - -post-auth { - if (control:TNC-Status == "Access") { - update reply { - Tunnel-Type := ESP - Filter-Id := "allow" - } - } - elsif (control:TNC-Status == "Isolate") { - update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" - } - } - - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -} # inner-tunnel-second block diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users deleted file mode 100644 index 50ccf3e763..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users +++ /dev/null @@ -1,2 +0,0 @@ -carol Cleartext-Password := "Ar3etTnp" -dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 7622801ab4..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - assessment_result = no - plugins { - imv-test { - rounds = 1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties deleted file mode 100644 index 2bdc6e4dec..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b0..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 1ca6c3d104..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = allow - } - } -} -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index ff58c7c9aa..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = carol@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 9df983c805..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = isolate - } - imc-scanner { - push_info = no - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 5af2098b61..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = dave@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 4c9dd6e1f6..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown - - multiple_authentication=no - - plugins { - eap-radius { - secret = gv6URkSs - server = 10.1.0.10 - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 3caad0c66d..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,53 +0,0 @@ -connections { - - rw-allow { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - certs = moonCert.pem - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = allow - } - children { - rw-allow { - local_ts = 10.1.0.0/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } - - rw-isolate { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = isolate - } - children { - rw-isolate { - local_ts = 10.1.0.16/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/posttest.dat b/testing/tests/tnc/tnccs-11-radius/posttest.dat deleted file mode 100644 index 0d96563c10..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -carol::systemctl stop strongswan-swanctl -dave::systemctl stop strongswan-swanctl -moon::systemctl stop strongswan-swanctl -alice::killall radiusd -alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat deleted file mode 100644 index bb2ce93b3f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/pretest.dat +++ /dev/null @@ -1,22 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second -alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second -alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd -alice::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::rm /etc/swanctl/rsa/* -dave::rm /etc/swanctl/rsa/* -carol::rm /etc/swanctl/x509/* -dave::rm /etc/swanctl/x509/* -moon::systemctl start strongswan-swanctl -carol::systemctl start strongswan-swanctl -dave::systemctl start strongswan-swanctl -moon::expect-connection rw-allow -moon::expect-connection rw-isolate -carol::expect-connection home -carol::swanctl --initiate --child home -dave::expect-connection home -dave::swanctl --initiate --child home diff --git a/testing/tests/tnc/tnccs-11-radius/test.conf b/testing/tests/tnc/tnccs-11-radius/test.conf deleted file mode 100644 index 8d7f514498..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/test.conf +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS="alice" - -# charon controlled by swanctl -# -SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-11-supplicant/description.txt b/testing/tests/tnc/tnccs-11-supplicant/description.txt deleted file mode 100644 index 5d0155382e..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/description.txt +++ /dev/null @@ -1,12 +0,0 @@ -The layer 2 supplicants carol and dave want to connect to a network -via switch moon which delegates the IEEE 802.1X authentication to the RADIUS -server alice. carol and dave set up an EAP-TTLS tunnel -each via moon to the TNC@FHH-enhanced FreeRADIUS server alice authenticated -by an X.509 AAA certificate. -The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the IF-TNCCS 1.1 client-server interface. -The communication between IMCs and IMVs is based on the IF-M protocol defined by RFC 5792 PA-TNC. -

-carol passes the health test and dave fails. Based on these measurements the clients -are connected by switch moon to the "allow" and "isolate" VLANs, respectively. diff --git a/testing/tests/tnc/tnccs-11-supplicant/evaltest.dat b/testing/tests/tnc/tnccs-11-supplicant/evaltest.dat deleted file mode 100644 index 2d43b3c7be..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/evaltest.dat +++ /dev/null @@ -1,2 +0,0 @@ -carol::cat /var/log/daemon.log::IMC.*changed state.*Allowed::YES -dave:: cat /var/log/daemon.log::IMC.*changed state.*Isolate::YES diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/eap.conf deleted file mode 100644 index 31556361e8..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/eap.conf +++ /dev/null @@ -1,25 +0,0 @@ -eap { - md5 { - } - default_eap_type = ttls - tls { - private_key_file = /etc/raddb/certs/aaaKey.pem - certificate_file = /etc/raddb/certs/aaaCert.pem - CA_file = /etc/raddb/certs/strongswanCert.pem - cipher_list = "DEFAULT" - dh_file = /etc/raddb/certs/dh - random_file = /etc/raddb/certs/random - } - ttls { - default_eap_type = md5 - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - tnc_virtual_server = "inner-tunnel-second" - } -} - -eap eap_tnc { - default_eap_type = tnc - tnc { - } -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/proxy.conf deleted file mode 100644 index 23cba8d11b..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ -realm strongswan.org { - type = radius - authhost = LOCAL - accthost = LOCAL -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/default deleted file mode 100644 index dd0825858a..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/default +++ /dev/null @@ -1,43 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel deleted file mode 100644 index e088fae14b..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel +++ /dev/null @@ -1,32 +0,0 @@ -server inner-tunnel { - -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -session { - radutmp -} - -post-auth { - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - -} # inner-tunnel server block diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second deleted file mode 100644 index c5bde6a9e3..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second +++ /dev/null @@ -1,36 +0,0 @@ -server inner-tunnel-second { - -authorize { - eap_tnc { - ok = return - } -} - -authenticate { - eap_tnc -} - -session { - radutmp -} - -post-auth { - if (control:TNC-Status == "Access") { - update reply { - Tunnel-Type := ESP - Filter-Id := "allow" - } - } - elsif (control:TNC-Status == "Isolate") { - update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" - } - } - - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -} # inner-tunnel-second block diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/users deleted file mode 100644 index 50ccf3e763..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/freeradius/users +++ /dev/null @@ -1,2 +0,0 @@ -carol Cleartext-Password := "Ar3etTnp" -dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 7622801ab4..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - assessment_result = no - plugins { - imv-test { - rounds = 1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc/log4cxx.properties deleted file mode 100644 index 2bdc6e4dec..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b0..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 965752b5e8..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - plugins { - imc-test { - command = allow - } - } -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index 00ef0f516f..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1 +0,0 @@ -# The strongSwan IMCs are loaded by the WPA supplicant diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/tnc_config deleted file mode 100644 index b4288fd53a..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/wpa_supplicant.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/wpa_supplicant.conf deleted file mode 100644 index 92d84f5706..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/wpa_supplicant.conf +++ /dev/null @@ -1,10 +0,0 @@ - network={ - ssid="eap_ttls" - scan_ssid=0 - key_mgmt=IEEE8021X - eap=TTLS - identity="carol" - password="Ar3etTnp" - ca_cert="/etc/ipsec.d/cacerts/strongswanCert.pem" - id_str="" - } diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf deleted file mode 100644 index ca1f7d9a58..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - plugins { - imc-test { - command = isolate - } - } -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 00ef0f516f..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1 +0,0 @@ -# The strongSwan IMCs are loaded by the WPA supplicant diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/tnc_config deleted file mode 100644 index b4288fd53a..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/wpa_supplicant.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/wpa_supplicant.conf deleted file mode 100644 index 37a343df6a..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/wpa_supplicant.conf +++ /dev/null @@ -1,10 +0,0 @@ - network={ - ssid="eap_ttls" - scan_ssid=0 - key_mgmt=IEEE8021X - eap=TTLS - identity="dave" - password="W7R0g3do" - ca_cert="/etc/ipsec.d/cacerts/strongswanCert.pem" - id_str="" - } diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/hostapd/hostapd.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/hostapd/hostapd.conf deleted file mode 100644 index c84fcbd911..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/hostapd/hostapd.conf +++ /dev/null @@ -1,1127 +0,0 @@ -##### hostapd configuration file ############################################## -# Empty lines and lines starting with # are ignored - -# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for -# management frames); ath0 for madwifi -interface=eth0 - -# In case of madwifi, atheros, and nl80211 driver interfaces, an additional -# configuration parameter, bridge, may be used to notify hostapd if the -# interface is included in a bridge. This parameter is not used with Host AP -# driver. If the bridge parameter is not set, the drivers will automatically -# figure out the bridge interface (assuming sysfs is enabled and mounted to -# /sys) and this parameter may not be needed. -# -# For nl80211, this parameter can be used to request the AP interface to be -# added to the bridge automatically (brctl may refuse to do this before hostapd -# has been started to change the interface mode). If needed, the bridge -# interface is also created. -#bridge=br0 - -# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd); -# default: hostap). nl80211 is used with all Linux mac80211 drivers. -# Use driver=none if building hostapd as a standalone RADIUS server that does -# not control any wireless/wired driver. -driver=wired - -# hostapd event logger configuration -# -# Two output method: syslog and stdout (only usable if not forking to -# background). -# -# Module bitfield (ORed bitfield of modules that will be logged; -1 = all -# modules): -# bit 0 (1) = IEEE 802.11 -# bit 1 (2) = IEEE 802.1X -# bit 2 (4) = RADIUS -# bit 3 (8) = WPA -# bit 4 (16) = driver interface -# bit 5 (32) = IAPP -# bit 6 (64) = MLME -# -# Levels (minimum value for logged events): -# 0 = verbose debugging -# 1 = debugging -# 2 = informational messages -# 3 = notification -# 4 = warning -# -logger_syslog=-1 -logger_syslog_level=2 -logger_stdout=-1 -logger_stdout_level=0 - -# Dump file for state information (on SIGUSR1) -dump_file=/tmp/hostapd.dump - -# Interface for separate control program. If this is specified, hostapd -# will create this directory and a UNIX domain socket for listening to requests -# from external programs (CLI/GUI, etc.) for status information and -# configuration. The socket file will be named based on the interface name, so -# multiple hostapd processes/interfaces can be run at the same time if more -# than one interface is used. -# /var/run/hostapd is the recommended directory for sockets and by default, -# hostapd_cli will use it when trying to connect with hostapd. -ctrl_interface=/var/run/hostapd - -# Access control for the control interface can be configured by setting the -# directory to allow only members of a group to use sockets. This way, it is -# possible to run hostapd as root (since it needs to change network -# configuration and open raw sockets) and still allow GUI/CLI components to be -# run as non-root users. However, since the control interface can be used to -# change the network configuration, this access needs to be protected in many -# cases. By default, hostapd is configured to use gid 0 (root). If you -# want to allow non-root users to use the contron interface, add a new group -# and change this value to match with that group. Add users that should have -# control interface access to this group. -# -# This variable can be a group name or gid. -#ctrl_interface_group=wheel -ctrl_interface_group=0 - - -##### IEEE 802.11 related configuration ####################################### - -# SSID to be used in IEEE 802.11 management frames -#ssid=test - -# Country code (ISO/IEC 3166-1). Used to set regulatory domain. -# Set as needed to indicate country in which device is operating. -# This can limit available channels and transmit power. -#country_code=US - -# Enable IEEE 802.11d. This advertises the country_code and the set of allowed -# channels and transmit power levels based on the regulatory limits. The -# country_code setting must be configured with the correct country for -# IEEE 802.11d functions. -# (default: 0 = disabled) -#ieee80211d=1 - -# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g, -# Default: IEEE 802.11b -hw_mode=g - -# Channel number (IEEE 802.11) -# (default: 0, i.e., not set) -# Please note that some drivers do not use this value from hostapd and the -# channel will need to be configured separately with iwconfig. -channel=1 - -# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535) -beacon_int=100 - -# DTIM (delivery traffic information message) period (range 1..255): -# number of beacons between DTIMs (1 = every beacon includes DTIM element) -# (default: 2) -dtim_period=2 - -# Maximum number of stations allowed in station table. New stations will be -# rejected after the station table is full. IEEE 802.11 has a limit of 2007 -# different association IDs, so this number should not be larger than that. -# (default: 2007) -max_num_sta=255 - -# RTS/CTS threshold; 2347 = disabled (default); range 0..2347 -# If this field is not included in hostapd.conf, hostapd will not control -# RTS threshold and 'iwconfig wlan# rts ' can be used to set it. -rts_threshold=2347 - -# Fragmentation threshold; 2346 = disabled (default); range 256..2346 -# If this field is not included in hostapd.conf, hostapd will not control -# fragmentation threshold and 'iwconfig wlan# frag ' can be used to set -# it. -fragm_threshold=2346 - -# Rate configuration -# Default is to enable all rates supported by the hardware. This configuration -# item allows this list be filtered so that only the listed rates will be left -# in the list. If the list is empty, all rates are used. This list can have -# entries that are not in the list of rates the hardware supports (such entries -# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110. -# If this item is present, at least one rate have to be matching with the rates -# hardware supports. -# default: use the most common supported rate setting for the selected -# hw_mode (i.e., this line can be removed from configuration file in most -# cases) -#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540 - -# Basic rate set configuration -# List of rates (in 100 kbps) that are included in the basic rate set. -# If this item is not included, usually reasonable default set is used. -#basic_rates=10 20 -#basic_rates=10 20 55 110 -#basic_rates=60 120 240 - -# Short Preamble -# This parameter can be used to enable optional use of short preamble for -# frames sent at 2 Mbps, 5.5 Mbps, and 11 Mbps to improve network performance. -# This applies only to IEEE 802.11b-compatible networks and this should only be -# enabled if the local hardware supports use of short preamble. If any of the -# associated STAs do not support short preamble, use of short preamble will be -# disabled (and enabled when such STAs disassociate) dynamically. -# 0 = do not allow use of short preamble (default) -# 1 = allow use of short preamble -#preamble=1 - -# Station MAC address -based authentication -# Please note that this kind of access control requires a driver that uses -# hostapd to take care of management frame processing and as such, this can be -# used with driver=hostap or driver=nl80211, but not with driver=madwifi. -# 0 = accept unless in deny list -# 1 = deny unless in accept list -# 2 = use external RADIUS server (accept/deny lists are searched first) -macaddr_acl=0 - -# Accept/deny lists are read from separate files (containing list of -# MAC addresses, one per line). Use absolute path name to make sure that the -# files can be read on SIGHUP configuration reloads. -#accept_mac_file=/etc/hostapd.accept -#deny_mac_file=/etc/hostapd.deny - -# IEEE 802.11 specifies two authentication algorithms. hostapd can be -# configured to allow both of these or only one. Open system authentication -# should be used with IEEE 802.1X. -# Bit fields of allowed authentication algorithms: -# bit 0 = Open System Authentication -# bit 1 = Shared Key Authentication (requires WEP) -auth_algs=3 - -# Send empty SSID in beacons and ignore probe request frames that do not -# specify full SSID, i.e., require stations to know SSID. -# default: disabled (0) -# 1 = send empty (length=0) SSID in beacon and ignore probe request for -# broadcast SSID -# 2 = clear SSID (ASCII 0), but keep the original length (this may be required -# with some clients that do not support empty SSID) and ignore probe -# requests for broadcast SSID -ignore_broadcast_ssid=0 - -# TX queue parameters (EDCF / bursting) -# tx_queue__ -# queues: data0, data1, data2, data3, after_beacon, beacon -# (data0 is the highest priority queue) -# parameters: -# aifs: AIFS (default 2) -# cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023) -# cwmax: cwMax (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023); cwMax >= cwMin -# burst: maximum length (in milliseconds with precision of up to 0.1 ms) for -# bursting -# -# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): -# These parameters are used by the access point when transmitting frames -# to the clients. -# -# Low priority / AC_BK = background -#tx_queue_data3_aifs=7 -#tx_queue_data3_cwmin=15 -#tx_queue_data3_cwmax=1023 -#tx_queue_data3_burst=0 -# Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0 -# -# Normal priority / AC_BE = best effort -#tx_queue_data2_aifs=3 -#tx_queue_data2_cwmin=15 -#tx_queue_data2_cwmax=63 -#tx_queue_data2_burst=0 -# Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0 -# -# High priority / AC_VI = video -#tx_queue_data1_aifs=1 -#tx_queue_data1_cwmin=7 -#tx_queue_data1_cwmax=15 -#tx_queue_data1_burst=3.0 -# Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0 -# -# Highest priority / AC_VO = voice -#tx_queue_data0_aifs=1 -#tx_queue_data0_cwmin=3 -#tx_queue_data0_cwmax=7 -#tx_queue_data0_burst=1.5 -# Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3 - -# 802.1D Tag (= UP) to AC mappings -# WMM specifies following mapping of data frames to different ACs. This mapping -# can be configured using Linux QoS/tc and sch_pktpri.o module. -# 802.1D Tag 802.1D Designation Access Category WMM Designation -# 1 BK AC_BK Background -# 2 - AC_BK Background -# 0 BE AC_BE Best Effort -# 3 EE AC_BE Best Effort -# 4 CL AC_VI Video -# 5 VI AC_VI Video -# 6 VO AC_VO Voice -# 7 NC AC_VO Voice -# Data frames with no priority information: AC_BE -# Management frames: AC_VO -# PS-Poll frames: AC_BE - -# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): -# for 802.11a or 802.11g networks -# These parameters are sent to WMM clients when they associate. -# The parameters will be used by WMM clients for frames transmitted to the -# access point. -# -# note - txop_limit is in units of 32microseconds -# note - acm is admission control mandatory flag. 0 = admission control not -# required, 1 = mandatory -# note - here cwMin and cmMax are in exponent form. the actual cw value used -# will be (2^n)-1 where n is the value given here -# -wmm_enabled=1 -# -# WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD] -# Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver) -#uapsd_advertisement_enabled=1 -# -# Low priority / AC_BK = background -wmm_ac_bk_cwmin=4 -wmm_ac_bk_cwmax=10 -wmm_ac_bk_aifs=7 -wmm_ac_bk_txop_limit=0 -wmm_ac_bk_acm=0 -# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10 -# -# Normal priority / AC_BE = best effort -wmm_ac_be_aifs=3 -wmm_ac_be_cwmin=4 -wmm_ac_be_cwmax=10 -wmm_ac_be_txop_limit=0 -wmm_ac_be_acm=0 -# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7 -# -# High priority / AC_VI = video -wmm_ac_vi_aifs=2 -wmm_ac_vi_cwmin=3 -wmm_ac_vi_cwmax=4 -wmm_ac_vi_txop_limit=94 -wmm_ac_vi_acm=0 -# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188 -# -# Highest priority / AC_VO = voice -wmm_ac_vo_aifs=2 -wmm_ac_vo_cwmin=2 -wmm_ac_vo_cwmax=3 -wmm_ac_vo_txop_limit=47 -wmm_ac_vo_acm=0 -# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102 - -# Static WEP key configuration -# -# The key number to use when transmitting. -# It must be between 0 and 3, and the corresponding key must be set. -# default: not set -#wep_default_key=0 -# The WEP keys to use. -# A key may be a quoted string or unquoted hexadecimal digits. -# The key length should be 5, 13, or 16 characters, or 10, 26, or 32 -# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or -# 128-bit (152-bit) WEP is used. -# Only the default key must be supplied; the others are optional. -# default: not set -#wep_key0=123456789a -#wep_key1="vwxyz" -#wep_key2=0102030405060708090a0b0c0d -#wep_key3=".2.4.6.8.0.23" - -# Station inactivity limit -# -# If a station does not send anything in ap_max_inactivity seconds, an -# empty data frame is sent to it in order to verify whether it is -# still in range. If this frame is not ACKed, the station will be -# disassociated and then deauthenticated. This feature is used to -# clear station table of old entries when the STAs move out of the -# range. -# -# The station can associate again with the AP if it is still in range; -# this inactivity poll is just used as a nicer way of verifying -# inactivity; i.e., client will not report broken connection because -# disassociation frame is not sent immediately without first polling -# the STA with a data frame. -# default: 300 (i.e., 5 minutes) -ap_max_inactivity=30 - -# Disassociate stations based on excessive transmission failures or other -# indications of connection loss. This depends on the driver capabilities and -# may not be available with all drivers. -#disassoc_low_ack=1 - -# Maximum allowed Listen Interval (how many Beacon periods STAs are allowed to -# remain asleep). Default: 65535 (no limit apart from field size) -#max_listen_interval=100 - -# WDS (4-address frame) mode with per-station virtual interfaces -# (only supported with driver=nl80211) -# This mode allows associated stations to use 4-address frames to allow layer 2 -# bridging to be used. -#wds_sta=1 - -# If bridge parameter is set, the WDS STA interface will be added to the same -# bridge by default. This can be overridden with the wds_bridge parameter to -# use a separate bridge. -#wds_bridge=wds-br0 - -# Client isolation can be used to prevent low-level bridging of frames between -# associated stations in the BSS. By default, this bridging is allowed. -#ap_isolate=1 - -##### IEEE 802.11n related configuration ###################################### - -# ieee80211n: Whether IEEE 802.11n (HT) is enabled -# 0 = disabled (default) -# 1 = enabled -# Note: You will also need to enable WMM for full HT functionality. -#ieee80211n=1 - -# ht_capab: HT capabilities (list of flags) -# LDPC coding capability: [LDPC] = supported -# Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary -# channel below the primary channel; [HT40+] = both 20 MHz and 40 MHz -# with secondary channel below the primary channel -# (20 MHz only if neither is set) -# Note: There are limits on which channels can be used with HT40- and -# HT40+. Following table shows the channels that may be available for -# HT40- and HT40+ use per IEEE 802.11n Annex J: -# freq HT40- HT40+ -# 2.4 GHz 5-13 1-7 (1-9 in Europe/Japan) -# 5 GHz 40,48,56,64 36,44,52,60 -# (depending on the location, not all of these channels may be available -# for use) -# Please note that 40 MHz channels may switch their primary and secondary -# channels if needed or creation of 40 MHz channel maybe rejected based -# on overlapping BSSes. These changes are done automatically when hostapd -# is setting up the 40 MHz channel. -# Spatial Multiplexing (SM) Power Save: [SMPS-STATIC] or [SMPS-DYNAMIC] -# (SMPS disabled if neither is set) -# HT-greenfield: [GF] (disabled if not set) -# Short GI for 20 MHz: [SHORT-GI-20] (disabled if not set) -# Short GI for 40 MHz: [SHORT-GI-40] (disabled if not set) -# Tx STBC: [TX-STBC] (disabled if not set) -# Rx STBC: [RX-STBC1] (one spatial stream), [RX-STBC12] (one or two spatial -# streams), or [RX-STBC123] (one, two, or three spatial streams); Rx STBC -# disabled if none of these set -# HT-delayed Block Ack: [DELAYED-BA] (disabled if not set) -# Maximum A-MSDU length: [MAX-AMSDU-7935] for 7935 octets (3839 octets if not -# set) -# DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set) -# PSMP support: [PSMP] (disabled if not set) -# L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set) -#ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40] - -# Require stations to support HT PHY (reject association if they do not) -#require_ht=1 - -##### IEEE 802.1X-2004 related configuration ################################## - -# Require IEEE 802.1X authorization -ieee8021x=1 - -# IEEE 802.1X/EAPOL version -# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL -# version 2. However, there are many client implementations that do not handle -# the new version number correctly (they seem to drop the frames completely). -# In order to make hostapd interoperate with these clients, the version number -# can be set to the older version (1) with this configuration value. -#eapol_version=2 - -# Optional displayable message sent with EAP Request-Identity. The first \0 -# in this string will be converted to ASCII-0 (nul). This can be used to -# separate network info (comma separated list of attribute=value pairs); see, -# e.g., RFC 4284. -#eap_message=hello -#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com - -# WEP rekeying (disabled if key lengths are not set or are set to 0) -# Key lengths for default/broadcast and individual/unicast keys: -# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits) -# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits) -#wep_key_len_broadcast=5 -#wep_key_len_unicast=5 -# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once) -#wep_rekey_period=300 - -# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if -# only broadcast keys are used) -eapol_key_index_workaround=0 - -# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable -# reauthentication). -#eap_reauth_period=3600 - -# Use PAE group address (01:80:c2:00:00:03) instead of individual target -# address when sending EAPOL frames with driver=wired. This is the most common -# mechanism used in wired authentication, but it also requires that the port -# is only used by one station. -#use_pae_group_addr=1 - -##### Integrated EAP server ################################################### - -# Optionally, hostapd can be configured to use an integrated EAP server -# to process EAP authentication locally without need for an external RADIUS -# server. This functionality can be used both as a local authentication server -# for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. - -# Use integrated EAP server instead of external RADIUS authentication -# server. This is also needed if hostapd is configured to act as a RADIUS -# authentication server. -eap_server=0 - -# Path for EAP server user database -#eap_user_file=/etc/hostapd.eap_user - -# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS -#ca_cert=/etc/hostapd.ca.pem - -# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS -#server_cert=/etc/hostapd.server.pem - -# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS -# This may point to the same file as server_cert if both certificate and key -# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be -# used by commenting out server_cert and specifying the PFX file as the -# private_key. -#private_key=/etc/hostapd.server.prv - -# Passphrase for private key -#private_key_passwd=secret passphrase - -# Enable CRL verification. -# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a -# valid CRL signed by the CA is required to be included in the ca_cert file. -# This can be done by using PEM format for CA certificate and CRL and -# concatenating these into one file. Whenever CRL changes, hostapd needs to be -# restarted to take the new CRL into use. -# 0 = do not verify CRLs (default) -# 1 = check the CRL of the user certificate -# 2 = check all CRLs in the certificate path -#check_crl=1 - -# dh_file: File path to DH/DSA parameters file (in PEM format) -# This is an optional configuration file for setting parameters for an -# ephemeral DH key exchange. In most cases, the default RSA authentication does -# not use this configuration. However, it is possible setup RSA to use -# ephemeral DH key exchange. In addition, ciphers with DSA keys always use -# ephemeral DH keys. This can be used to achieve forward secrecy. If the file -# is in DSA parameters format, it will be automatically converted into DH -# params. This parameter is required if anonymous EAP-FAST is used. -# You can generate DH parameters file with OpenSSL, e.g., -# "openssl dhparam -out /etc/hostapd.dh.pem 1024" -#dh_file=/etc/hostapd.dh.pem - -# Fragment size for EAP methods -#fragment_size=1400 - -# Configuration data for EAP-SIM database/authentication gateway interface. -# This is a text string in implementation specific format. The example -# implementation in eap_sim_db.c uses this as the UNIX domain socket name for -# the HLR/AuC gateway (e.g., hlr_auc_gw). In this case, the path uses "unix:" -# prefix. -#eap_sim_db=unix:/tmp/hlr_auc_gw.sock - -# Encryption key for EAP-FAST PAC-Opaque values. This key must be a secret, -# random value. It is configured as a 16-octet value in hex format. It can be -# generated, e.g., with the following command: -# od -tx1 -v -N16 /dev/random | colrm 1 8 | tr -d ' ' -#pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f - -# EAP-FAST authority identity (A-ID) -# A-ID indicates the identity of the authority that issues PACs. The A-ID -# should be unique across all issuing servers. In theory, this is a variable -# length field, but due to some existing implementations requiring A-ID to be -# 16 octets in length, it is strongly recommended to use that length for the -# field to provid interoperability with deployed peer implementations. This -# field is configured in hex format. -#eap_fast_a_id=101112131415161718191a1b1c1d1e1f - -# EAP-FAST authority identifier information (A-ID-Info) -# This is a user-friendly name for the A-ID. For example, the enterprise name -# and server name in a human-readable format. This field is encoded as UTF-8. -#eap_fast_a_id_info=test server - -# Enable/disable different EAP-FAST provisioning modes: -#0 = provisioning disabled -#1 = only anonymous provisioning allowed -#2 = only authenticated provisioning allowed -#3 = both provisioning modes allowed (default) -#eap_fast_prov=3 - -# EAP-FAST PAC-Key lifetime in seconds (hard limit) -#pac_key_lifetime=604800 - -# EAP-FAST PAC-Key refresh time in seconds (soft limit on remaining hard -# limit). The server will generate a new PAC-Key when this number of seconds -# (or fewer) of the lifetime remains. -#pac_key_refresh_time=86400 - -# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND -# (default: 0 = disabled). -#eap_sim_aka_result_ind=1 - -# Trusted Network Connect (TNC) -# If enabled, TNC validation will be required before the peer is allowed to -# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other -# EAP method is enabled, the peer will be allowed to connect without TNC. -#tnc=1 - - -##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### - -# Interface to be used for IAPP broadcast packets -#iapp_interface=eth0 - - -##### RADIUS client configuration ############################################# -# for IEEE 802.1X with external Authentication Server, IEEE 802.11 -# authentication with external ACL for MAC addresses, and accounting - -# The own IP address of the access point (used as NAS-IP-Address) -own_ip_addr=10.1.0.1 - -# Optional NAS-Identifier string for RADIUS messages. When used, this should be -# a unique to the NAS within the scope of the RADIUS server. For example, a -# fully qualified domain name can be used here. -# When using IEEE 802.11r, nas_identifier must be set and must be between 1 and -# 48 octets long. -#nas_identifier=ap.example.com - -# RADIUS authentication server -auth_server_addr=10.1.0.10 -#auth_server_port=1812 -auth_server_shared_secret=gv6URkSs - -# RADIUS accounting server -#acct_server_addr=127.0.0.1 -#acct_server_port=1813 -#acct_server_shared_secret=secret - -# Secondary RADIUS servers; to be used if primary one does not reply to -# RADIUS packets. These are optional and there can be more than one secondary -# server listed. -#auth_server_addr=127.0.0.2 -#auth_server_port=1812 -#auth_server_shared_secret=secret2 -# -#acct_server_addr=127.0.0.2 -#acct_server_port=1813 -#acct_server_shared_secret=secret2 - -# Retry interval for trying to return to the primary RADIUS server (in -# seconds). RADIUS client code will automatically try to use the next server -# when the current server is not replying to requests. If this interval is set, -# primary server will be retried after configured amount of time even if the -# currently used secondary server is still working. -#radius_retry_primary_interval=600 - - -# Interim accounting update interval -# If this is set (larger than 0) and acct_server is configured, hostapd will -# send interim accounting updates every N seconds. Note: if set, this overrides -# possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this -# value should not be configured in hostapd.conf, if RADIUS server is used to -# control the interim interval. -# This value should not be less 600 (10 minutes) and must not be less than -# 60 (1 minute). -#radius_acct_interim_interval=600 - -# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN -# is used for the stations. This information is parsed from following RADIUS -# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN), -# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value -# VLANID as a string). vlan_file option below must be configured if dynamic -# VLANs are used. Optionally, the local MAC ACL list (accept_mac_file) can be -# used to set static client MAC address to VLAN ID mapping. -# 0 = disabled (default) -# 1 = option; use default interface if RADIUS server does not include VLAN ID -# 2 = required; reject authentication if RADIUS server does not include VLAN ID -#dynamic_vlan=0 - -# VLAN interface list for dynamic VLAN mode is read from a separate text file. -# This list is used to map VLAN ID from the RADIUS server to a network -# interface. Each station is bound to one interface in the same way as with -# multiple BSSIDs or SSIDs. Each line in this text file is defining a new -# interface and the line must include VLAN ID and interface name separated by -# white space (space or tab). -#vlan_file=/etc/hostapd.vlan - -# Interface where 802.1q tagged packets should appear when a RADIUS server is -# used to determine which VLAN a station is on. hostapd creates a bridge for -# each VLAN. Then hostapd adds a VLAN interface (associated with the interface -# indicated by 'vlan_tagged_interface') and the appropriate wireless interface -# to the bridge. -#vlan_tagged_interface=eth0 - - -##### RADIUS authentication server configuration ############################## - -# hostapd can be used as a RADIUS authentication server for other hosts. This -# requires that the integrated EAP server is also enabled and both -# authentication services are sharing the same configuration. - -# File name of the RADIUS clients configuration for the RADIUS server. If this -# commented out, RADIUS server is disabled. -#radius_server_clients=/etc/hostapd.radius_clients - -# The UDP port number for the RADIUS authentication server -#radius_server_auth_port=1812 - -# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API) -#radius_server_ipv6=1 - - -##### WPA/IEEE 802.11i configuration ########################################## - -# Enable WPA. Setting this variable configures the AP to require WPA (either -# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either -# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. -# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), -# RADIUS authentication server must be configured, and WPA-EAP must be included -# in wpa_key_mgmt. -# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) -# and/or WPA2 (full IEEE 802.11i/RSN): -# bit0 = WPA -# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) -#wpa=1 - -# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit -# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase -# (8..63 characters) that will be converted to PSK. This conversion uses SSID -# so the PSK changes when ASCII passphrase is used and the SSID is changed. -# wpa_psk (dot11RSNAConfigPSKValue) -# wpa_passphrase (dot11RSNAConfigPSKPassPhrase) -#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -#wpa_passphrase=secret passphrase - -# Optionally, WPA PSKs can be read from a separate text file (containing list -# of (PSK,MAC address) pairs. This allows more than one PSK to be configured. -# Use absolute path name to make sure that the files can be read on SIGHUP -# configuration reloads. -#wpa_psk_file=/etc/hostapd.wpa_psk - -# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The -# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be -# added to enable SHA256-based stronger algorithms. -# (dot11RSNAConfigAuthenticationSuitesTable) -#wpa_key_mgmt=WPA-PSK WPA-EAP - -# Set of accepted cipher suites (encryption algorithms) for pairwise keys -# (unicast packets). This is a space separated list of algorithms: -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] -# Group cipher suite (encryption algorithm for broadcast and multicast frames) -# is automatically selected based on this configuration. If only CCMP is -# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, -# TKIP will be used as the group cipher. -# (dot11RSNAConfigPairwiseCiphersTable) -# Pairwise cipher for WPA (v1) (default: TKIP) -#wpa_pairwise=TKIP CCMP -# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) -#rsn_pairwise=CCMP - -# Time interval for rekeying GTK (broadcast/multicast encryption keys) in -# seconds. (dot11RSNAConfigGroupRekeyTime) -#wpa_group_rekey=600 - -# Rekey GTK when any STA that possesses the current GTK is leaving the BSS. -# (dot11RSNAConfigGroupRekeyStrict) -#wpa_strict_rekey=1 - -# Time interval for rekeying GMK (master key used internally to generate GTKs -# (in seconds). -#wpa_gmk_rekey=86400 - -# Maximum lifetime for PTK in seconds. This can be used to enforce rekeying of -# PTK to mitigate some attacks against TKIP deficiencies. -#wpa_ptk_rekey=600 - -# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up -# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN -# authentication and key handshake before actually associating with a new AP. -# (dot11RSNAPreauthenticationEnabled) -#rsn_preauth=1 -# -# Space separated list of interfaces from which pre-authentication frames are -# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all -# interface that are used for connections to other APs. This could include -# wired interfaces and WDS links. The normal wireless data interface towards -# associated stations (e.g., wlan0) should not be added, since -# pre-authentication is only used with APs other than the currently associated -# one. -#rsn_preauth_interfaces=eth0 - -# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is -# allowed. This is only used with RSN/WPA2. -# 0 = disabled (default) -# 1 = enabled -#peerkey=1 - -# ieee80211w: Whether management frame protection (MFP) is enabled -# 0 = disabled (default) -# 1 = optional -# 2 = required -#ieee80211w=0 - -# Association SA Query maximum timeout (in TU = 1.024 ms; for MFP) -# (maximum time to wait for a SA Query response) -# dot11AssociationSAQueryMaximumTimeout, 1...4294967295 -#assoc_sa_query_max_timeout=1000 - -# Association SA Query retry timeout (in TU = 1.024 ms; for MFP) -# (time between two subsequent SA Query requests) -# dot11AssociationSAQueryRetryTimeout, 1...4294967295 -#assoc_sa_query_retry_timeout=201 - -# disable_pmksa_caching: Disable PMKSA caching -# This parameter can be used to disable caching of PMKSA created through EAP -# authentication. RSN preauthentication may still end up using PMKSA caching if -# it is enabled (rsn_preauth=1). -# 0 = PMKSA caching enabled (default) -# 1 = PMKSA caching disabled -#disable_pmksa_caching=0 - -# okc: Opportunistic Key Caching (aka Proactive Key Caching) -# Allow PMK cache to be shared opportunistically among configured interfaces -# and BSSes (i.e., all configurations within a single hostapd process). -# 0 = disabled (default) -# 1 = enabled -#okc=1 - - -##### IEEE 802.11r configuration ############################################## - -# Mobility Domain identifier (dot11FTMobilityDomainID, MDID) -# MDID is used to indicate a group of APs (within an ESS, i.e., sharing the -# same SSID) between which a STA can use Fast BSS Transition. -# 2-octet identifier as a hex string. -#mobility_domain=a1b2 - -# PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID) -# 1 to 48 octet identifier. -# This is configured with nas_identifier (see RADIUS client section above). - -# Default lifetime of the PMK-RO in minutes; range 1..65535 -# (dot11FTR0KeyLifetime) -#r0_key_lifetime=10000 - -# PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID) -# 6-octet identifier as a hex string. -#r1_key_holder=000102030405 - -# Reassociation deadline in time units (TUs / 1.024 ms; range 1000..65535) -# (dot11FTReassociationDeadline) -#reassociation_deadline=1000 - -# List of R0KHs in the same Mobility Domain -# format: <128-bit key as hex string> -# This list is used to map R0KH-ID (NAS Identifier) to a destination MAC -# address when requesting PMK-R1 key from the R0KH that the STA used during the -# Initial Mobility Domain Association. -#r0kh=02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f -#r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445566778899aabbccddeeff -# And so on.. One line per R0KH. - -# List of R1KHs in the same Mobility Domain -# format: <128-bit key as hex string> -# This list is used to map R1KH-ID to a destination MAC address when sending -# PMK-R1 key from the R0KH. This is also the list of authorized R1KHs in the MD -# that can request PMK-R1 keys. -#r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f -#r1kh=02:01:02:03:04:06 02:11:22:33:44:66 00112233445566778899aabbccddeeff -# And so on.. One line per R1KH. - -# Whether PMK-R1 push is enabled at R0KH -# 0 = do not push PMK-R1 to all configured R1KHs (default) -# 1 = push PMK-R1 to all configured R1KHs whenever a new PMK-R0 is derived -#pmk_r1_push=1 - -##### Neighbor table ########################################################## -# Maximum number of entries kept in AP table (either for neigbor table or for -# detecting Overlapping Legacy BSS Condition). The oldest entry will be -# removed when adding a new entry that would make the list grow over this -# limit. Note! WFA certification for IEEE 802.11g requires that OLBC is -# enabled, so this field should not be set to 0 when using IEEE 802.11g. -# default: 255 -#ap_table_max_size=255 - -# Number of seconds of no frames received after which entries may be deleted -# from the AP table. Since passive scanning is not usually performed frequently -# this should not be set to very small value. In addition, there is no -# guarantee that every scan cycle will receive beacon frames from the -# neighboring APs. -# default: 60 -#ap_table_expiration_time=3600 - - -##### Wi-Fi Protected Setup (WPS) ############################################# - -# WPS state -# 0 = WPS disabled (default) -# 1 = WPS enabled, not configured -# 2 = WPS enabled, configured -#wps_state=2 - -# AP can be configured into a locked state where new WPS Registrar are not -# accepted, but previously authorized Registrars (including the internal one) -# can continue to add new Enrollees. -#ap_setup_locked=1 - -# Universally Unique IDentifier (UUID; see RFC 4122) of the device -# This value is used as the UUID for the internal WPS Registrar. If the AP -# is also using UPnP, this value should be set to the device's UPnP UUID. -# If not configured, UUID will be generated based on the local MAC address. -#uuid=12345678-9abc-def0-1234-56789abcdef0 - -# Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs -# that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the -# default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of -# per-device PSKs is recommended as the more secure option (i.e., make sure to -# set wpa_psk_file when using WPS with WPA-PSK). - -# When an Enrollee requests access to the network with PIN method, the Enrollee -# PIN will need to be entered for the Registrar. PIN request notifications are -# sent to hostapd ctrl_iface monitor. In addition, they can be written to a -# text file that could be used, e.g., to populate the AP administration UI with -# pending PIN requests. If the following variable is set, the PIN requests will -# be written to the configured file. -#wps_pin_requests=/var/run/hostapd_wps_pin_requests - -# Device Name -# User-friendly description of device; up to 32 octets encoded in UTF-8 -#device_name=Wireless AP - -# Manufacturer -# The manufacturer of the device (up to 64 ASCII characters) -#manufacturer=Company - -# Model Name -# Model of the device (up to 32 ASCII characters) -#model_name=WAP - -# Model Number -# Additional device description (up to 32 ASCII characters) -#model_number=123 - -# Serial Number -# Serial number of the device (up to 32 characters) -#serial_number=12345 - -# Primary Device Type -# Used format: -- -# categ = Category as an integer value -# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for -# default WPS OUI -# subcateg = OUI-specific Sub Category as an integer value -# Examples: -# 1-0050F204-1 (Computer / PC) -# 1-0050F204-2 (Computer / Server) -# 5-0050F204-1 (Storage / NAS) -# 6-0050F204-1 (Network Infrastructure / AP) -#device_type=6-0050F204-1 - -# OS Version -# 4-octet operating system version number (hex string) -#os_version=01020300 - -# Config Methods -# List of the supported configuration methods -# Available methods: usba ethernet label display ext_nfc_token int_nfc_token -# nfc_interface push_button keypad virtual_display physical_display -# virtual_push_button physical_push_button -#config_methods=label virtual_display virtual_push_button keypad - -# WPS capability discovery workaround for PBC with Windows 7 -# Windows 7 uses incorrect way of figuring out AP's WPS capabilities by acting -# as a Registrar and using M1 from the AP. The config methods attribute in that -# message is supposed to indicate only the configuration method supported by -# the AP in Enrollee role, i.e., to add an external Registrar. For that case, -# PBC shall not be used and as such, the PushButton config method is removed -# from M1 by default. If pbc_in_m1=1 is included in the configuration file, -# the PushButton config method is left in M1 (if included in config_methods -# parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from a label -# in the AP). -#pbc_in_m1=1 - -# Static access point PIN for initial configuration and adding Registrars -# If not set, hostapd will not allow external WPS Registrars to control the -# access point. The AP PIN can also be set at runtime with hostapd_cli -# wps_ap_pin command. Use of temporary (enabled by user action) and random -# AP PIN is much more secure than configuring a static AP PIN here. As such, -# use of the ap_pin parameter is not recommended if the AP device has means for -# displaying a random PIN. -#ap_pin=12345670 - -# Skip building of automatic WPS credential -# This can be used to allow the automatically generated Credential attribute to -# be replaced with pre-configured Credential(s). -#skip_cred_build=1 - -# Additional Credential attribute(s) -# This option can be used to add pre-configured Credential attributes into M8 -# message when acting as a Registrar. If skip_cred_build=1, this data will also -# be able to override the Credential attribute that would have otherwise been -# automatically generated based on network configuration. This configuration -# option points to an external file that much contain the WPS Credential -# attribute(s) as binary data. -#extra_cred=hostapd.cred - -# Credential processing -# 0 = process received credentials internally (default) -# 1 = do not process received credentials; just pass them over ctrl_iface to -# external program(s) -# 2 = process received credentials internally and pass them over ctrl_iface -# to external program(s) -# Note: With wps_cred_processing=1, skip_cred_build should be set to 1 and -# extra_cred be used to provide the Credential data for Enrollees. -# -# wps_cred_processing=1 will disabled automatic updates of hostapd.conf file -# both for Credential processing and for marking AP Setup Locked based on -# validation failures of AP PIN. An external program is responsible on updating -# the configuration appropriately in this case. -#wps_cred_processing=0 - -# AP Settings Attributes for M7 -# By default, hostapd generates the AP Settings Attributes for M7 based on the -# current configuration. It is possible to override this by providing a file -# with pre-configured attributes. This is similar to extra_cred file format, -# but the AP Settings attributes are not encapsulated in a Credential -# attribute. -#ap_settings=hostapd.ap_settings - -# WPS UPnP interface -# If set, support for external Registrars is enabled. -#upnp_iface=br0 - -# Friendly Name (required for UPnP) -# Short description for end use. Should be less than 64 characters. -#friendly_name=WPS Access Point - -# Manufacturer URL (optional for UPnP) -#manufacturer_url=http://www.example.com/ - -# Model Description (recommended for UPnP) -# Long description for end user. Should be less than 128 characters. -#model_description=Wireless Access Point - -# Model URL (optional for UPnP) -#model_url=http://www.example.com/model/ - -# Universal Product Code (optional for UPnP) -# 12-digit, all-numeric code that identifies the consumer package. -#upc=123456789012 - -##### Wi-Fi Direct (P2P) ###################################################### - -# Enable P2P Device management -#manage_p2p=1 - -# Allow cross connection -#allow_cross_connection=1 - -#### TDLS (IEEE 802.11z-2010) ################################################# - -# Prohibit use of TDLS in this BSS -#tdls_prohibit=1 - -# Prohibit use of TDLS Channel Switching in this BSS -#tdls_prohibit_chan_switch=1 - -##### IEEE 802.11v-2011 ####################################################### - -# Time advertisement -# 0 = disabled (default) -# 2 = UTC time at which the TSF timer is 0 -#time_advertisement=2 - -# Local time zone as specified in 8.3 of IEEE Std 1003.1-2004: -# stdoffset[dst[offset][,start[/time],end[/time]]] -#time_zone=EST5 - -##### IEEE 802.11u-2011 ####################################################### - -# Enable Interworking service -#interworking=1 - -# Access Network Type -# 0 = Private network -# 1 = Private network with guest access -# 2 = Chargeable public network -# 3 = Free public network -# 4 = Personal device network -# 5 = Emergency services only network -# 14 = Test or experimental -# 15 = Wildcard -#access_network_type=0 - -# Whether the network provides connectivity to the Internet -# 0 = Unspecified -# 1 = Network provides connectivity to the Internet -#internet=1 - -# Additional Step Required for Access -# Note: This is only used with open network, i.e., ASRA shall ne set to 0 if -# RSN is used. -#asra=0 - -# Emergency services reachable -#esr=0 - -# Unauthenticated emergency service accessible -#uesa=0 - -# Venue Info (optional) -# The available values are defined in IEEE Std 802.11u-2011, 7.3.1.34. -# Example values (group,type): -# 0,0 = Unspecified -# 1,7 = Convention Center -# 1,13 = Coffee Shop -# 2,0 = Unspecified Business -# 7,1 Private Residence -#venue_group=7 -#venue_type=1 - -# Homogeneous ESS identifier (optional; dot11HESSID) -# If set, this shall be identifical to one of the BSSIDs in the homogeneous -# ESS and this shall be set to the same value across all BSSs in homogeneous -# ESS. -#hessid=02:03:04:05:06:07 - -# Roaming Consortium List -# Arbitrary number of Roaming Consortium OIs can be configured with each line -# adding a new OI to the list. The first three entries are available through -# Beacon and Probe Response frames. Any additional entry will be available only -# through ANQP queries. Each OI is between 3 and 15 octets and is configured a -# a hexstring. -#roaming_consortium=021122 -#roaming_consortium=2233445566 - -##### Multiple BSSID support ################################################## -# -# Above configuration is using the default interface (wlan#, or multi-SSID VLAN -# interfaces). Other BSSIDs can be added by using separator 'bss' with -# default interface name to be allocated for the data packets of the new BSS. -# -# hostapd will generate BSSID mask based on the BSSIDs that are -# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is -# not the case, the MAC address of the radio must be changed before starting -# hostapd (ifconfig wlan0 hw ether ). If a BSSID is configured for -# every secondary BSS, this limitation is not applied at hostapd and other -# masks may be used if the driver supports them (e.g., swap the locally -# administered bit) -# -# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is -# specified using the 'bssid' parameter. -# If an explicit BSSID is specified, it must be chosen such that it: -# - results in a valid MASK that covers it and the dev_addr -# - is not the same as the MAC address of the radio -# - is not the same as any other explicitly specified BSSID -# -# Please note that hostapd uses some of the values configured for the first BSS -# as the defaults for the following BSSes. However, it is recommended that all -# BSSes include explicit configuration of all relevant configuration items. -# -#bss=wlan0_0 -#ssid=test2 -# most of the above items can be used here (apart from radio interface specific -# items, like channel) - -#bss=wlan0_1 -#bssid=00:13:10:95:fe:0b -# ... diff --git a/testing/tests/tnc/tnccs-11-supplicant/posttest.dat b/testing/tests/tnc/tnccs-11-supplicant/posttest.dat deleted file mode 100644 index b55e0457cc..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/posttest.dat +++ /dev/null @@ -1,5 +0,0 @@ -carol::killall wpa_supplicant -dave::killall wpa_supplicant -moon::killall hostapd -alice::killall radiusd -alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second diff --git a/testing/tests/tnc/tnccs-11-supplicant/pretest.dat b/testing/tests/tnc/tnccs-11-supplicant/pretest.dat deleted file mode 100644 index 4dbff64a34..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/pretest.dat +++ /dev/null @@ -1,11 +0,0 @@ -alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second -alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second -alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd -alice::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -moon::hostapd -B /etc/hostapd/hostapd.conf -carol::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties wpa_supplicant -B -c /etc/wpa_supplicant.conf -D wired -i eth0 -carol::sleep 4 -dave::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties wpa_supplicant -B -c /etc/wpa_supplicant.conf -D wired -i eth0 -dave::sleep 4 diff --git a/testing/tests/tnc/tnccs-11-supplicant/test.conf b/testing/tests/tnc/tnccs-11-supplicant/test.conf deleted file mode 100644 index 2069e4aa5f..0000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/test.conf +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS= - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS="alice" - -# charon controlled by swanctl -# -SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-fhh/description.txt b/testing/tests/tnc/tnccs-20-fhh/description.txt deleted file mode 100644 index 8bf1543d2d..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/description.txt +++ /dev/null @@ -1,13 +0,0 @@ -The roadwarriors carol and dave set up a connection each to gateway moon -using EAP-TTLS authentication only with the gateway presenting a server certificate and -the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of carol and dave via the TNCCS 2.0 client-server interface -compliant with RFC 5793 PB-TNC. The Dummy IMC and IMV from the - -TNC@FHH project are used which communicate over a proprietary protocol. -

-carol passes the health test and dave fails. Based on these measurements the -clients are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, -respectively. -

diff --git a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat deleted file mode 100644 index bf07326049..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat +++ /dev/null @@ -1,18 +0,0 @@ -carol::cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Quarantined::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES -dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::added group membership 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/init.d/charon b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf deleted file mode 100644 index aa4934fb1e..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,18 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - - syslog { - daemon { - tnc = 3 - imc = 2 - } - } -} - -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index 0f266dd93a..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = carol@strongswan.org - } - remote { - auth = eap-ttls - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file deleted file mode 100644 index f5da834c0c..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -allow diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/log4cxx.properties deleted file mode 100644 index b1c6941075..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config deleted file mode 100644 index 3ef7809335..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/init.d/charon b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 8fc1c87291..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - syslog { - daemon { - tnc = 3 - imc = 2 - } - } -} - -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 989ab88c74..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = dave@strongswan.org - } - remote { - auth = eap-ttls - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file deleted file mode 100644 index c20b5e57ff..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -isolate \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/log4cxx.properties deleted file mode 100644 index b1c6941075..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config deleted file mode 100644 index 8eee8068a9..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/init.d/charon b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/init.d/charon deleted file mode 100755 index bf3a6891a4..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/init.d/charon +++ /dev/null @@ -1,158 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: charon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: strongSwan charon IKE daemon -# Description: with swanctl the strongSwan charon daemon must be -# running in the background -### END INIT INFO - -# Author: Andreas Steffen -# -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin -DESC="strongSwan charon IKE daemon" -NAME=charon -DAEMON=/usr/local/libexec/ipsec/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/charon - -export LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 4732fbd4bf..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - - multiple_authentication = no - - syslog { - daemon { - tnc = 3 - imv = 2 - } - } - plugins { - eap-ttls { - phase2_method = md5 - phase2_piggyback = yes - phase2_tnc = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 1238c1a91f..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,64 +0,0 @@ -connections { - - rw-allow { - local_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = moon.strongswan.org - } - remote { - auth = eap-ttls - id = *@strongswan.org - groups = allow - } - children { - rw-allow { - local_ts = 10.1.0.0/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } - - rw-isolate { - local_addrs = 192.168.0.1 - - local { - auth = eap-ttls - id = moon.strongswan.org - } - remote { - auth = eap-ttls - id = *@strongswan.org - groups = isolate - } - children { - rw-isolate { - local_ts = 10.1.0.16/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap-carol { - id = carol@strongswan.org - secret = "Ar3etTnp" - } - eap-dave { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/dummyimv.policy deleted file mode 100644 index d00491fd7e..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/dummyimv.policy +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy deleted file mode 100644 index d8215dd3cd..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy +++ /dev/null @@ -1,40 +0,0 @@ -#FTP - File Transfer Protocol -TCP 20 = whatever -TCP 21 = close - -#SSH - Secure Shell -TCP 22 = whatever - -#Telnet -TCP 23 = close - -#E-Mail -# -#SMTP - Simple Mail Transfer Protocol -TCP 25 = close -TCP 587 = close -#POP3 - Post Office Protocol version 3 -TCP 110 = close -TCP 995 = close - -#DNS - Domain Name System -UDP 53 = close -TCP 53 = close - -#BOOTP/DHCP - Bootstrap Protocol / -#Dynamic Host Configuration Protocol -UDP 67 = close -#UDP 68 = open -UDP 68 = whatever - -#www - World Wide Web -#HTTP - Hypertext Transfer Protocol -TCP 80 = close -#HTTPS - Hypertext Transfer Protocol Secure -TCP 443 = close - -#examples -TCP 8080 = close -TCP 5223 = whatever -UDP 4444 = close -UDP 631 = whatever diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/log4cxx.properties deleted file mode 100644 index 122d798b30..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config deleted file mode 100644 index fa4324e383..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMV configuration file for strongSwan server - -IMV "Dummy" /usr/local/lib/libdummyimv.so diff --git a/testing/tests/tnc/tnccs-20-fhh/posttest.dat b/testing/tests/tnc/tnccs-20-fhh/posttest.dat deleted file mode 100644 index 199873ba11..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -carol::systemctl stop strongswan-swanctl -dave::systemctl stop strongswan-swanctl -moon::systemctl stop strongswan-swanctl -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-fhh/pretest.dat b/testing/tests/tnc/tnccs-20-fhh/pretest.dat deleted file mode 100644 index 79340af29e..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/pretest.dat +++ /dev/null @@ -1,20 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -moon::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::cat /etc/tnc/dummyimc.file -dave::cat /etc/tnc/dummyimc.file -carol::rm /etc/swanctl/rsa/* -dave::rm /etc/swanctl/rsa/* -carol::rm /etc/swanctl/x509/* -dave::rm /etc/swanctl/x509/* -moon::systemctl start strongswan-swanctl -carol::systemctl start strongswan-swanctl -dave::systemctl start strongswan-swanctl -moon::expect-connection rw-allow -carol::expect-connection home -carol::swanctl --initiate --child home 2> /dev/null -dave::expect-connection home -dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/tnc/tnccs-20-fhh/test.conf b/testing/tests/tnc/tnccs-20-fhh/test.conf deleted file mode 100644 index f6db739127..0000000000 --- a/testing/tests/tnc/tnccs-20-fhh/test.conf +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# Guest instances on which FreeRadius is started -# -RADIUSHOSTS= - -# charon controlled by swanctl -# -SWANCTL=1