summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjlam <jlam>2002-07-29 04:19:00 +0000
committerjlam <jlam>2002-07-29 04:19:00 +0000
commit020f698151ab387c27910d342a39df47eb36c698 (patch)
treebfed1fdcebcd1d61b2e3e406012600659dd5656f
parent1b86a73b35974f5b8be38575d5acf7fe6c9b328b (diff)
downloadpkgsrc-020f698151ab387c27910d342a39df47eb36c698.tar.gz
security/winbind - unified logon information between UNIX and Windows NT
Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system. Currently, the nsswitch module doesn't work on NetBSD as NetBSD doesn't support dynamically loadable nsdispatch callbacks. However, the pam_winbind.so module may (quite usefully) be used to authenticate against a domain controller for a Windows domain via the NT user authentication protocol. This package currently tracks the winbind components from the Samba 2.2.x releases, but may be used in conjunction with older Samba 2.0.x releases as well.
-rw-r--r--security/winbind/DESCR5
-rw-r--r--security/winbind/Makefile87
-rw-r--r--security/winbind/PLIST6
-rw-r--r--security/winbind/distinfo9
-rwxr-xr-xsecurity/winbind/files/winbindd.sh27
-rw-r--r--security/winbind/patches/patch-aa31
-rw-r--r--security/winbind/patches/patch-ab15
-rw-r--r--security/winbind/patches/patch-ac71
-rw-r--r--security/winbind/patches/patch-ad17
-rw-r--r--security/winbind/patches/patch-ae13
10 files changed, 281 insertions, 0 deletions
diff --git a/security/winbind/DESCR b/security/winbind/DESCR
new file mode 100644
index 00000000000..14745a4f54d
--- /dev/null
+++ b/security/winbind/DESCR
@@ -0,0 +1,5 @@
+Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable
+Authentication Modules, and the Name Service Switch to allow Windows NT
+domain users to appear and operate as UNIX users on a UNIX machine.
+Users and groups are allocated as they are resolved to a range of user and
+group ids specified by the administrator of the Samba system.
diff --git a/security/winbind/Makefile b/security/winbind/Makefile
new file mode 100644
index 00000000000..99bed34e55e
--- /dev/null
+++ b/security/winbind/Makefile
@@ -0,0 +1,87 @@
+# $NetBSD: Makefile,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+DISTNAME= samba-2.2.5
+PKGNAME= winbind-2.2.5
+CATEGORIES= security
+MASTER_SITES= ftp://ftp.samba.org/pub/samba/ \
+ ftp://ring.asahi-net.or.jp/pub/net/samba/ \
+ ftp://samba.anu.edu.au/pub/samba/ \
+ http://de.samba.org/samba/ftp/ \
+ ftp://ftp.sunet.se/pub/unix/utilities/samba/
+COUNTRY_MIRRORS= au1 ca fi fr de it pl ru sg se us1 us6
+.for COUNTRY in ${COUNTRY_MIRRORS}
+MASTER_SITES+= ftp://${COUNTRY}.samba.org/pub/samba/
+.endfor
+EXTRACT_SUFX= .tar.bz2
+
+MAINTAINER= jlam@netbsd.org
+HOMEPAGE= http://www.samba.org/
+COMMENT= unified logon information between UNIX and Windows NT
+
+DEPENDS+= {samba>=2.0,ja-samba>=2.0}:../../net/samba
+
+USE_BUILDLINK_ONLY= # defined
+WRKSRC= ${WRKDIR}/${DISTNAME}/source
+
+USE_LIBTOOL= # defined
+LTCONFIG_OVERRIDE= ${WRKSRC}/ltconfig
+
+PKG_SYSCONFSUBDIR?= samba
+
+VARDIR?= /var
+SAMBA_ETCDIR?= ${PKG_SYSCONFDIR}
+SAMBA_DATADIR= ${PREFIX}/share
+SAMBA_LOCKDIR?= ${VARDIR}/db/samba
+SAMBA_LOGDIR?= ${VARDIR}/log
+SAMBA_PIDDIR?= ${VARDIR}/run
+SAMBA_PRIVATE?= ${SAMBA_ETCDIR}/private
+
+GNU_CONFIGURE= # defined
+CONFIGURE_ARGS+= --localstatedir=${VARDIR}
+CONFIGURE_ARGS+= --sbindir=${PREFIX}/sbin
+CONFIGURE_ARGS+= --with-configdir=${SAMBA_ETCDIR}
+CONFIGURE_ARGS+= --with-codepagedir=${SAMBA_DATADIR}/samba/codepages
+CONFIGURE_ARGS+= --with-datadir=${SAMBA_DATADIR}
+CONFIGURE_ARGS+= --with-lockdir=${SAMBA_LOCKDIR}
+CONFIGURE_ARGS+= --with-logfilebase=${SAMBA_LOGDIR}
+CONFIGURE_ARGS+= --with-piddir=${SAMBA_PIDDIR}
+CONFIGURE_ARGS+= --with-privatedir=${SAMBA_PRIVATE}
+CONFIGURE_ARGS+= --with-swatdir=${SAMBA_DATADIR}/samba/swat
+
+CONFIGURE_ARGS+= --with-ssl
+CONFIGURE_ARGS+= --with-sslinc=${BUILDLINK_DIR}
+CFLAGS+= -I${BUILDLINK_DIR}/include/openssl # ssl.h, err.h
+
+CONFIGURE_ENV+= ac_cv_lib_curses_tgetent=no
+
+CONFIGURE_ARGS+= --with-pam
+CONFIGURE_ARGS+= --with-winbind
+
+FILES_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR}
+
+ALL_TARGET= nsswitch
+
+PAMDIR= ${PREFIX}/lib/security
+RCD_SCRIPTS= winbindd
+
+INSTALL_LIBRARY= \
+ ${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE}
+
+# The man pages remain with the samba package.
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/wbinfo ${PREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/winbindd ${PREFIX}/sbin
+ ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/pam_winbind.so ${PAMDIR}
+ ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/libnss_winbind.so ${PREFIX}/lib
+
+post-install:
+ @for file in ${RCD_SCRIPTS}; do \
+ ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${file}.sh \
+ > ${WRKDIR}/$${file}.sh; \
+ ${INSTALL_SCRIPT} ${WRKDIR}/$${file}.sh \
+ ${PREFIX}/etc/rc.d/$${file}; \
+ done
+
+.include "../../security/PAM/buildlink.mk"
+.include "../../mk/bsd.pkg.install.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/winbind/PLIST b/security/winbind/PLIST
new file mode 100644
index 00000000000..3e3994ab0ba
--- /dev/null
+++ b/security/winbind/PLIST
@@ -0,0 +1,6 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+bin/wbinfo
+etc/rc.d/winbindd
+lib/libnss_winbind.so
+lib/security/pam_winbind.so
+sbin/winbindd
diff --git a/security/winbind/distinfo b/security/winbind/distinfo
new file mode 100644
index 00000000000..7b13226cfc4
--- /dev/null
+++ b/security/winbind/distinfo
@@ -0,0 +1,9 @@
+$NetBSD: distinfo,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+SHA1 (samba-2.2.5.tar.bz2) = 67e1025a8d01ba51b8cea6f04176fdbc57b7c012
+Size (samba-2.2.5.tar.bz2) = 4343641 bytes
+SHA1 (patch-aa) = 38dc1cf2d2c322db32a1a3cbebf9dff59841fa4f
+SHA1 (patch-ab) = 994befda25575f26829ea096d609dd204511d117
+SHA1 (patch-ac) = 3e371d34ce859ff6b9e65ba93e5d6f1248d3a1b5
+SHA1 (patch-ad) = beb6775da56e45d5f85760ef0ef2e3f40751bb59
+SHA1 (patch-ae) = fa9ddbf5988a44006c6108476c0a68e6b49b93ad
diff --git a/security/winbind/files/winbindd.sh b/security/winbind/files/winbindd.sh
new file mode 100755
index 00000000000..382bdb5af32
--- /dev/null
+++ b/security/winbind/files/winbindd.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# $NetBSD: winbindd.sh,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+#
+# PROVIDE: winbindd
+# REQUIRE: nmbd
+
+if [ -f /etc/rc.subr ]
+then
+ . /etc/rc.subr
+fi
+
+name="winbindd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+required_vars="nmbd"
+required_files="@SAMBA_ETCDIR@/smb.conf"
+extra_commands="reload"
+
+if [ -f /etc/rc.subr ]
+then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ @ECHO@ -n ' ${name}'
+ ${command} ${winbindd_flags}
+fi
diff --git a/security/winbind/patches/patch-aa b/security/winbind/patches/patch-aa
new file mode 100644
index 00000000000..2d15350a008
--- /dev/null
+++ b/security/winbind/patches/patch-aa
@@ -0,0 +1,31 @@
+$NetBSD: patch-aa,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- Makefile.in.orig Sun Jul 28 18:13:04 2002
++++ Makefile.in
+@@ -89,6 +89,8 @@ FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $
+ FLAGS = $(ISA) $(FLAGS5) $(PASSWD_FLAGS)
+ FLAGS32 = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS)
+
++PAM_NEEDS_LIBC = @PAM_NEEDS_LIBC@
++
+ WINBIND_PROGS = @WINBIND_TARGETS@
+ WINBIND_SPROGS = @WINBIND_STARGETS@
+ WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@
+@@ -650,7 +652,7 @@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOB
+
+ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ) bin/.dummy
+ @echo Linking shared library $@
+- $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \
++ $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(PAM_NEEDS_LIBC) \
+ @SONAMEFLAG@`basename $@`
+
+ nsswitch/libnss_wins.so: $(NSS_OBJ)
+@@ -674,7 +676,7 @@ nsswitch/libnss_winbind.so: $(WINBIND_NS
+
+ nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ)
+ @echo Linking $@
+- @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) \
++ @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) $(LDFLAGS) $(DYNEXP) $(PAM_NEEDS_LIBC) \
+ @SONAMEFLAG@`basename $@`
+
+ bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
diff --git a/security/winbind/patches/patch-ab b/security/winbind/patches/patch-ab
new file mode 100644
index 00000000000..a99a3e7b734
--- /dev/null
+++ b/security/winbind/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- configure.in.orig Sun Jul 28 18:13:04 2002
++++ configure.in
+@@ -1976,6 +1976,10 @@ AC_ARG_WITH(pam,
+ # we can't build a pam module if we don't have pam.
+ AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)])
+
++dnl Checks for libraries.
++AC_CHECK_LIB(c, __libc_sched_setscheduler, PAM_NEEDS_LIBC=, PAM_NEEDS_LIBC=-lc)
++AC_SUBST(PAM_NEEDS_LIBC)
++
+ #################################################
+ # check for pam_smbpass support
+ AC_MSG_CHECKING(whether to use pam_smbpass)
diff --git a/security/winbind/patches/patch-ac b/security/winbind/patches/patch-ac
new file mode 100644
index 00000000000..6e2e59e00eb
--- /dev/null
+++ b/security/winbind/patches/patch-ac
@@ -0,0 +1,71 @@
+$NetBSD: patch-ac,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- configure.orig Sun Jul 28 18:13:04 2002
++++ configure
+@@ -1106,7 +1106,7 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCR
+
+ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+-for ac_prog in gawk mawk nawk awk
++for ac_prog in mawk gawk nawk awk
+ do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+ set dummy $ac_prog; ac_word=$2
+@@ -11945,6 +11945,49 @@ else
+ fi
+
+
++echo $ac_n "checking for __libc_sched_setscheduler in -lc""... $ac_c" 1>&6
++echo "configure:11950: checking for __libc_sched_setscheduler in -lc" >&5
++ac_lib_var=`echo c'_'__libc_sched_setscheduler | sed 'y%./+-%__p_%'`
++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ ac_save_LIBS="$LIBS"
++LIBS="-lc $LIBS"
++cat > conftest.$ac_ext <<EOF
++#line 11958 "configure"
++#include "confdefs.h"
++/* Override any gcc2 internal prototype to avoid an error. */
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char __libc_sched_setscheduler();
++
++int main() {
++__libc_sched_setscheduler()
++; return 0; }
++EOF
++if { (eval echo configure:11969: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=yes"
++else
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=no"
++fi
++rm -f conftest*
++LIBS="$ac_save_LIBS"
++
++fi
++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ PAM_NEEDS_LIBC=
++else
++ echo "$ac_t""no" 1>&6
++PAM_NEEDS_LIBC=-lc
++fi
++
++
++
+ #################################################
+ # check for pam_smbpass support
+ echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
+@@ -13787,6 +13830,7 @@ s%@TERMLIBS@%$TERMLIBS%g
+ s%@TERMLDFLAGS@%$TERMLDFLAGS%g
+ s%@ROFF@%$ROFF%g
+ s%@DYNEXP@%$DYNEXP%g
++s%@PAM_NEEDS_LIBC@%$PAM_NEEDS_LIBC%g
+ s%@LDAPLIBS@%$LDAPLIBS%g
+ s%@QUOTAOBJS@%$QUOTAOBJS%g
+ s%@WINBIND_TARGETS@%$WINBIND_TARGETS%g
diff --git a/security/winbind/patches/patch-ad b/security/winbind/patches/patch-ad
new file mode 100644
index 00000000000..da6b2ba7d59
--- /dev/null
+++ b/security/winbind/patches/patch-ad
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- include/local.h.orig Sat Feb 2 19:46:39 2002
++++ include/local.h
+@@ -170,10 +170,10 @@
+ * Default passwd chat script.
+ */
+
+-#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*"
++#define DEFAULT_PASSWD_CHAT "*\\n*ew\\spassword* %n\\n *ew\\spassword* %n\\n *updating\\sthe\\sdatabase...\\npasswd:\\sdone\\n"
+
+ /* Minimum length of allowed password when changing UNIX password. */
+-#define MINPASSWDLENGTH 5
++#define MINPASSWDLENGTH 6
+
+ /* maximum ID number used for session control. This cannot be larger
+ than 62*62 for the current code */
diff --git a/security/winbind/patches/patch-ae b/security/winbind/patches/patch-ae
new file mode 100644
index 00000000000..665e6637600
--- /dev/null
+++ b/security/winbind/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- profile/profile.c.orig Sat Feb 2 19:46:49 2002
++++ profile/profile.c
+@@ -22,7 +22,7 @@
+
+ #include "includes.h"
+
+-#define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R>>3) | (SHM_R>>6))
++#define IPC_PERMS ((S_IRUSR | S_IWUSR) | S_IRGRP | S_IROTH)
+
+ static int shm_id;
+ static BOOL read_only;