diff options
author | jlam <jlam> | 2002-07-29 04:19:00 +0000 |
---|---|---|
committer | jlam <jlam> | 2002-07-29 04:19:00 +0000 |
commit | 020f698151ab387c27910d342a39df47eb36c698 (patch) | |
tree | bfed1fdcebcd1d61b2e3e406012600659dd5656f | |
parent | 1b86a73b35974f5b8be38575d5acf7fe6c9b328b (diff) | |
download | pkgsrc-020f698151ab387c27910d342a39df47eb36c698.tar.gz |
security/winbind - unified logon information between UNIX and Windows NT
Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable
Authentication Modules, and the Name Service Switch to allow Windows NT
domain users to appear and operate as UNIX users on a UNIX machine.
Users and groups are allocated as they are resolved to a range of user and
group ids specified by the administrator of the Samba system.
Currently, the nsswitch module doesn't work on NetBSD as NetBSD doesn't
support dynamically loadable nsdispatch callbacks. However, the
pam_winbind.so module may (quite usefully) be used to authenticate against
a domain controller for a Windows domain via the NT user authentication
protocol.
This package currently tracks the winbind components from the Samba 2.2.x
releases, but may be used in conjunction with older Samba 2.0.x releases
as well.
-rw-r--r-- | security/winbind/DESCR | 5 | ||||
-rw-r--r-- | security/winbind/Makefile | 87 | ||||
-rw-r--r-- | security/winbind/PLIST | 6 | ||||
-rw-r--r-- | security/winbind/distinfo | 9 | ||||
-rwxr-xr-x | security/winbind/files/winbindd.sh | 27 | ||||
-rw-r--r-- | security/winbind/patches/patch-aa | 31 | ||||
-rw-r--r-- | security/winbind/patches/patch-ab | 15 | ||||
-rw-r--r-- | security/winbind/patches/patch-ac | 71 | ||||
-rw-r--r-- | security/winbind/patches/patch-ad | 17 | ||||
-rw-r--r-- | security/winbind/patches/patch-ae | 13 |
10 files changed, 281 insertions, 0 deletions
diff --git a/security/winbind/DESCR b/security/winbind/DESCR new file mode 100644 index 00000000000..14745a4f54d --- /dev/null +++ b/security/winbind/DESCR @@ -0,0 +1,5 @@ +Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable +Authentication Modules, and the Name Service Switch to allow Windows NT +domain users to appear and operate as UNIX users on a UNIX machine. +Users and groups are allocated as they are resolved to a range of user and +group ids specified by the administrator of the Samba system. diff --git a/security/winbind/Makefile b/security/winbind/Makefile new file mode 100644 index 00000000000..99bed34e55e --- /dev/null +++ b/security/winbind/Makefile @@ -0,0 +1,87 @@ +# $NetBSD: Makefile,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +DISTNAME= samba-2.2.5 +PKGNAME= winbind-2.2.5 +CATEGORIES= security +MASTER_SITES= ftp://ftp.samba.org/pub/samba/ \ + ftp://ring.asahi-net.or.jp/pub/net/samba/ \ + ftp://samba.anu.edu.au/pub/samba/ \ + http://de.samba.org/samba/ftp/ \ + ftp://ftp.sunet.se/pub/unix/utilities/samba/ +COUNTRY_MIRRORS= au1 ca fi fr de it pl ru sg se us1 us6 +.for COUNTRY in ${COUNTRY_MIRRORS} +MASTER_SITES+= ftp://${COUNTRY}.samba.org/pub/samba/ +.endfor +EXTRACT_SUFX= .tar.bz2 + +MAINTAINER= jlam@netbsd.org +HOMEPAGE= http://www.samba.org/ +COMMENT= unified logon information between UNIX and Windows NT + +DEPENDS+= {samba>=2.0,ja-samba>=2.0}:../../net/samba + +USE_BUILDLINK_ONLY= # defined +WRKSRC= ${WRKDIR}/${DISTNAME}/source + +USE_LIBTOOL= # defined +LTCONFIG_OVERRIDE= ${WRKSRC}/ltconfig + +PKG_SYSCONFSUBDIR?= samba + +VARDIR?= /var +SAMBA_ETCDIR?= ${PKG_SYSCONFDIR} +SAMBA_DATADIR= ${PREFIX}/share +SAMBA_LOCKDIR?= ${VARDIR}/db/samba +SAMBA_LOGDIR?= ${VARDIR}/log +SAMBA_PIDDIR?= ${VARDIR}/run +SAMBA_PRIVATE?= ${SAMBA_ETCDIR}/private + +GNU_CONFIGURE= # defined +CONFIGURE_ARGS+= --localstatedir=${VARDIR} +CONFIGURE_ARGS+= --sbindir=${PREFIX}/sbin +CONFIGURE_ARGS+= --with-configdir=${SAMBA_ETCDIR} +CONFIGURE_ARGS+= --with-codepagedir=${SAMBA_DATADIR}/samba/codepages +CONFIGURE_ARGS+= --with-datadir=${SAMBA_DATADIR} +CONFIGURE_ARGS+= --with-lockdir=${SAMBA_LOCKDIR} +CONFIGURE_ARGS+= --with-logfilebase=${SAMBA_LOGDIR} +CONFIGURE_ARGS+= --with-piddir=${SAMBA_PIDDIR} +CONFIGURE_ARGS+= --with-privatedir=${SAMBA_PRIVATE} +CONFIGURE_ARGS+= --with-swatdir=${SAMBA_DATADIR}/samba/swat + +CONFIGURE_ARGS+= --with-ssl +CONFIGURE_ARGS+= --with-sslinc=${BUILDLINK_DIR} +CFLAGS+= -I${BUILDLINK_DIR}/include/openssl # ssl.h, err.h + +CONFIGURE_ENV+= ac_cv_lib_curses_tgetent=no + +CONFIGURE_ARGS+= --with-pam +CONFIGURE_ARGS+= --with-winbind + +FILES_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR} + +ALL_TARGET= nsswitch + +PAMDIR= ${PREFIX}/lib/security +RCD_SCRIPTS= winbindd + +INSTALL_LIBRARY= \ + ${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} + +# The man pages remain with the samba package. +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/bin/wbinfo ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/bin/winbindd ${PREFIX}/sbin + ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/pam_winbind.so ${PAMDIR} + ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/libnss_winbind.so ${PREFIX}/lib + +post-install: + @for file in ${RCD_SCRIPTS}; do \ + ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${file}.sh \ + > ${WRKDIR}/$${file}.sh; \ + ${INSTALL_SCRIPT} ${WRKDIR}/$${file}.sh \ + ${PREFIX}/etc/rc.d/$${file}; \ + done + +.include "../../security/PAM/buildlink.mk" +.include "../../mk/bsd.pkg.install.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/security/winbind/PLIST b/security/winbind/PLIST new file mode 100644 index 00000000000..3e3994ab0ba --- /dev/null +++ b/security/winbind/PLIST @@ -0,0 +1,6 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ +bin/wbinfo +etc/rc.d/winbindd +lib/libnss_winbind.so +lib/security/pam_winbind.so +sbin/winbindd diff --git a/security/winbind/distinfo b/security/winbind/distinfo new file mode 100644 index 00000000000..7b13226cfc4 --- /dev/null +++ b/security/winbind/distinfo @@ -0,0 +1,9 @@ +$NetBSD: distinfo,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +SHA1 (samba-2.2.5.tar.bz2) = 67e1025a8d01ba51b8cea6f04176fdbc57b7c012 +Size (samba-2.2.5.tar.bz2) = 4343641 bytes +SHA1 (patch-aa) = 38dc1cf2d2c322db32a1a3cbebf9dff59841fa4f +SHA1 (patch-ab) = 994befda25575f26829ea096d609dd204511d117 +SHA1 (patch-ac) = 3e371d34ce859ff6b9e65ba93e5d6f1248d3a1b5 +SHA1 (patch-ad) = beb6775da56e45d5f85760ef0ef2e3f40751bb59 +SHA1 (patch-ae) = fa9ddbf5988a44006c6108476c0a68e6b49b93ad diff --git a/security/winbind/files/winbindd.sh b/security/winbind/files/winbindd.sh new file mode 100755 index 00000000000..382bdb5af32 --- /dev/null +++ b/security/winbind/files/winbindd.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $NetBSD: winbindd.sh,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ +# +# PROVIDE: winbindd +# REQUIRE: nmbd + +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + +name="winbindd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +required_vars="nmbd" +required_files="@SAMBA_ETCDIR@/smb.conf" +extra_commands="reload" + +if [ -f /etc/rc.subr ] +then + load_rc_config $name + run_rc_command "$1" +else + @ECHO@ -n ' ${name}' + ${command} ${winbindd_flags} +fi diff --git a/security/winbind/patches/patch-aa b/security/winbind/patches/patch-aa new file mode 100644 index 00000000000..2d15350a008 --- /dev/null +++ b/security/winbind/patches/patch-aa @@ -0,0 +1,31 @@ +$NetBSD: patch-aa,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +--- Makefile.in.orig Sun Jul 28 18:13:04 2002 ++++ Makefile.in +@@ -89,6 +89,8 @@ FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $ + FLAGS = $(ISA) $(FLAGS5) $(PASSWD_FLAGS) + FLAGS32 = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS) + ++PAM_NEEDS_LIBC = @PAM_NEEDS_LIBC@ ++ + WINBIND_PROGS = @WINBIND_TARGETS@ + WINBIND_SPROGS = @WINBIND_STARGETS@ + WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@ +@@ -650,7 +652,7 @@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOB + + bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ) bin/.dummy + @echo Linking shared library $@ +- $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \ ++ $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(PAM_NEEDS_LIBC) \ + @SONAMEFLAG@`basename $@` + + nsswitch/libnss_wins.so: $(NSS_OBJ) +@@ -674,7 +676,7 @@ nsswitch/libnss_winbind.so: $(WINBIND_NS + + nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) + @echo Linking $@ +- @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) \ ++ @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) $(LDFLAGS) $(DYNEXP) $(PAM_NEEDS_LIBC) \ + @SONAMEFLAG@`basename $@` + + bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ diff --git a/security/winbind/patches/patch-ab b/security/winbind/patches/patch-ab new file mode 100644 index 00000000000..a99a3e7b734 --- /dev/null +++ b/security/winbind/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +--- configure.in.orig Sun Jul 28 18:13:04 2002 ++++ configure.in +@@ -1976,6 +1976,10 @@ AC_ARG_WITH(pam, + # we can't build a pam module if we don't have pam. + AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)]) + ++dnl Checks for libraries. ++AC_CHECK_LIB(c, __libc_sched_setscheduler, PAM_NEEDS_LIBC=, PAM_NEEDS_LIBC=-lc) ++AC_SUBST(PAM_NEEDS_LIBC) ++ + ################################################# + # check for pam_smbpass support + AC_MSG_CHECKING(whether to use pam_smbpass) diff --git a/security/winbind/patches/patch-ac b/security/winbind/patches/patch-ac new file mode 100644 index 00000000000..6e2e59e00eb --- /dev/null +++ b/security/winbind/patches/patch-ac @@ -0,0 +1,71 @@ +$NetBSD: patch-ac,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +--- configure.orig Sun Jul 28 18:13:04 2002 ++++ configure +@@ -1106,7 +1106,7 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCR + + test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +-for ac_prog in gawk mawk nawk awk ++for ac_prog in mawk gawk nawk awk + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +@@ -11945,6 +11945,49 @@ else + fi + + ++echo $ac_n "checking for __libc_sched_setscheduler in -lc""... $ac_c" 1>&6 ++echo "configure:11950: checking for __libc_sched_setscheduler in -lc" >&5 ++ac_lib_var=`echo c'_'__libc_sched_setscheduler | sed 'y%./+-%__p_%'` ++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ ac_save_LIBS="$LIBS" ++LIBS="-lc $LIBS" ++cat > conftest.$ac_ext <<EOF ++#line 11958 "configure" ++#include "confdefs.h" ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char __libc_sched_setscheduler(); ++ ++int main() { ++__libc_sched_setscheduler() ++; return 0; } ++EOF ++if { (eval echo configure:11969: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=no" ++fi ++rm -f conftest* ++LIBS="$ac_save_LIBS" ++ ++fi ++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ PAM_NEEDS_LIBC= ++else ++ echo "$ac_t""no" 1>&6 ++PAM_NEEDS_LIBC=-lc ++fi ++ ++ ++ + ################################################# + # check for pam_smbpass support + echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 +@@ -13787,6 +13830,7 @@ s%@TERMLIBS@%$TERMLIBS%g + s%@TERMLDFLAGS@%$TERMLDFLAGS%g + s%@ROFF@%$ROFF%g + s%@DYNEXP@%$DYNEXP%g ++s%@PAM_NEEDS_LIBC@%$PAM_NEEDS_LIBC%g + s%@LDAPLIBS@%$LDAPLIBS%g + s%@QUOTAOBJS@%$QUOTAOBJS%g + s%@WINBIND_TARGETS@%$WINBIND_TARGETS%g diff --git a/security/winbind/patches/patch-ad b/security/winbind/patches/patch-ad new file mode 100644 index 00000000000..da6b2ba7d59 --- /dev/null +++ b/security/winbind/patches/patch-ad @@ -0,0 +1,17 @@ +$NetBSD: patch-ad,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +--- include/local.h.orig Sat Feb 2 19:46:39 2002 ++++ include/local.h +@@ -170,10 +170,10 @@ + * Default passwd chat script. + */ + +-#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*" ++#define DEFAULT_PASSWD_CHAT "*\\n*ew\\spassword* %n\\n *ew\\spassword* %n\\n *updating\\sthe\\sdatabase...\\npasswd:\\sdone\\n" + + /* Minimum length of allowed password when changing UNIX password. */ +-#define MINPASSWDLENGTH 5 ++#define MINPASSWDLENGTH 6 + + /* maximum ID number used for session control. This cannot be larger + than 62*62 for the current code */ diff --git a/security/winbind/patches/patch-ae b/security/winbind/patches/patch-ae new file mode 100644 index 00000000000..665e6637600 --- /dev/null +++ b/security/winbind/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $ + +--- profile/profile.c.orig Sat Feb 2 19:46:49 2002 ++++ profile/profile.c +@@ -22,7 +22,7 @@ + + #include "includes.h" + +-#define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R>>3) | (SHM_R>>6)) ++#define IPC_PERMS ((S_IRUSR | S_IWUSR) | S_IRGRP | S_IROTH) + + static int shm_id; + static BOOL read_only; |