summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2002-07-29 04:19:00 +0000
committerjlam <jlam@pkgsrc.org>2002-07-29 04:19:00 +0000
commitabce5fd1f5c495b9969bd98f65e350cafd17ea01 (patch)
treebfed1fdcebcd1d61b2e3e406012600659dd5656f /security
parent80f71b62e42a2b83dfbacde1c42f585052466cae (diff)
downloadpkgsrc-abce5fd1f5c495b9969bd98f65e350cafd17ea01.tar.gz
security/winbind - unified logon information between UNIX and Windows NT
Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system. Currently, the nsswitch module doesn't work on NetBSD as NetBSD doesn't support dynamically loadable nsdispatch callbacks. However, the pam_winbind.so module may (quite usefully) be used to authenticate against a domain controller for a Windows domain via the NT user authentication protocol. This package currently tracks the winbind components from the Samba 2.2.x releases, but may be used in conjunction with older Samba 2.0.x releases as well.
Diffstat (limited to 'security')
-rw-r--r--security/winbind/DESCR5
-rw-r--r--security/winbind/Makefile87
-rw-r--r--security/winbind/PLIST6
-rw-r--r--security/winbind/distinfo9
-rwxr-xr-xsecurity/winbind/files/winbindd.sh27
-rw-r--r--security/winbind/patches/patch-aa31
-rw-r--r--security/winbind/patches/patch-ab15
-rw-r--r--security/winbind/patches/patch-ac71
-rw-r--r--security/winbind/patches/patch-ad17
-rw-r--r--security/winbind/patches/patch-ae13
10 files changed, 281 insertions, 0 deletions
diff --git a/security/winbind/DESCR b/security/winbind/DESCR
new file mode 100644
index 00000000000..14745a4f54d
--- /dev/null
+++ b/security/winbind/DESCR
@@ -0,0 +1,5 @@
+Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable
+Authentication Modules, and the Name Service Switch to allow Windows NT
+domain users to appear and operate as UNIX users on a UNIX machine.
+Users and groups are allocated as they are resolved to a range of user and
+group ids specified by the administrator of the Samba system.
diff --git a/security/winbind/Makefile b/security/winbind/Makefile
new file mode 100644
index 00000000000..99bed34e55e
--- /dev/null
+++ b/security/winbind/Makefile
@@ -0,0 +1,87 @@
+# $NetBSD: Makefile,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+DISTNAME= samba-2.2.5
+PKGNAME= winbind-2.2.5
+CATEGORIES= security
+MASTER_SITES= ftp://ftp.samba.org/pub/samba/ \
+ ftp://ring.asahi-net.or.jp/pub/net/samba/ \
+ ftp://samba.anu.edu.au/pub/samba/ \
+ http://de.samba.org/samba/ftp/ \
+ ftp://ftp.sunet.se/pub/unix/utilities/samba/
+COUNTRY_MIRRORS= au1 ca fi fr de it pl ru sg se us1 us6
+.for COUNTRY in ${COUNTRY_MIRRORS}
+MASTER_SITES+= ftp://${COUNTRY}.samba.org/pub/samba/
+.endfor
+EXTRACT_SUFX= .tar.bz2
+
+MAINTAINER= jlam@netbsd.org
+HOMEPAGE= http://www.samba.org/
+COMMENT= unified logon information between UNIX and Windows NT
+
+DEPENDS+= {samba>=2.0,ja-samba>=2.0}:../../net/samba
+
+USE_BUILDLINK_ONLY= # defined
+WRKSRC= ${WRKDIR}/${DISTNAME}/source
+
+USE_LIBTOOL= # defined
+LTCONFIG_OVERRIDE= ${WRKSRC}/ltconfig
+
+PKG_SYSCONFSUBDIR?= samba
+
+VARDIR?= /var
+SAMBA_ETCDIR?= ${PKG_SYSCONFDIR}
+SAMBA_DATADIR= ${PREFIX}/share
+SAMBA_LOCKDIR?= ${VARDIR}/db/samba
+SAMBA_LOGDIR?= ${VARDIR}/log
+SAMBA_PIDDIR?= ${VARDIR}/run
+SAMBA_PRIVATE?= ${SAMBA_ETCDIR}/private
+
+GNU_CONFIGURE= # defined
+CONFIGURE_ARGS+= --localstatedir=${VARDIR}
+CONFIGURE_ARGS+= --sbindir=${PREFIX}/sbin
+CONFIGURE_ARGS+= --with-configdir=${SAMBA_ETCDIR}
+CONFIGURE_ARGS+= --with-codepagedir=${SAMBA_DATADIR}/samba/codepages
+CONFIGURE_ARGS+= --with-datadir=${SAMBA_DATADIR}
+CONFIGURE_ARGS+= --with-lockdir=${SAMBA_LOCKDIR}
+CONFIGURE_ARGS+= --with-logfilebase=${SAMBA_LOGDIR}
+CONFIGURE_ARGS+= --with-piddir=${SAMBA_PIDDIR}
+CONFIGURE_ARGS+= --with-privatedir=${SAMBA_PRIVATE}
+CONFIGURE_ARGS+= --with-swatdir=${SAMBA_DATADIR}/samba/swat
+
+CONFIGURE_ARGS+= --with-ssl
+CONFIGURE_ARGS+= --with-sslinc=${BUILDLINK_DIR}
+CFLAGS+= -I${BUILDLINK_DIR}/include/openssl # ssl.h, err.h
+
+CONFIGURE_ENV+= ac_cv_lib_curses_tgetent=no
+
+CONFIGURE_ARGS+= --with-pam
+CONFIGURE_ARGS+= --with-winbind
+
+FILES_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR}
+
+ALL_TARGET= nsswitch
+
+PAMDIR= ${PREFIX}/lib/security
+RCD_SCRIPTS= winbindd
+
+INSTALL_LIBRARY= \
+ ${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE}
+
+# The man pages remain with the samba package.
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/wbinfo ${PREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/winbindd ${PREFIX}/sbin
+ ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/pam_winbind.so ${PAMDIR}
+ ${INSTALL_LIBRARY} ${WRKSRC}/nsswitch/libnss_winbind.so ${PREFIX}/lib
+
+post-install:
+ @for file in ${RCD_SCRIPTS}; do \
+ ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${file}.sh \
+ > ${WRKDIR}/$${file}.sh; \
+ ${INSTALL_SCRIPT} ${WRKDIR}/$${file}.sh \
+ ${PREFIX}/etc/rc.d/$${file}; \
+ done
+
+.include "../../security/PAM/buildlink.mk"
+.include "../../mk/bsd.pkg.install.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/winbind/PLIST b/security/winbind/PLIST
new file mode 100644
index 00000000000..3e3994ab0ba
--- /dev/null
+++ b/security/winbind/PLIST
@@ -0,0 +1,6 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+bin/wbinfo
+etc/rc.d/winbindd
+lib/libnss_winbind.so
+lib/security/pam_winbind.so
+sbin/winbindd
diff --git a/security/winbind/distinfo b/security/winbind/distinfo
new file mode 100644
index 00000000000..7b13226cfc4
--- /dev/null
+++ b/security/winbind/distinfo
@@ -0,0 +1,9 @@
+$NetBSD: distinfo,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+SHA1 (samba-2.2.5.tar.bz2) = 67e1025a8d01ba51b8cea6f04176fdbc57b7c012
+Size (samba-2.2.5.tar.bz2) = 4343641 bytes
+SHA1 (patch-aa) = 38dc1cf2d2c322db32a1a3cbebf9dff59841fa4f
+SHA1 (patch-ab) = 994befda25575f26829ea096d609dd204511d117
+SHA1 (patch-ac) = 3e371d34ce859ff6b9e65ba93e5d6f1248d3a1b5
+SHA1 (patch-ad) = beb6775da56e45d5f85760ef0ef2e3f40751bb59
+SHA1 (patch-ae) = fa9ddbf5988a44006c6108476c0a68e6b49b93ad
diff --git a/security/winbind/files/winbindd.sh b/security/winbind/files/winbindd.sh
new file mode 100755
index 00000000000..382bdb5af32
--- /dev/null
+++ b/security/winbind/files/winbindd.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# $NetBSD: winbindd.sh,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+#
+# PROVIDE: winbindd
+# REQUIRE: nmbd
+
+if [ -f /etc/rc.subr ]
+then
+ . /etc/rc.subr
+fi
+
+name="winbindd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+required_vars="nmbd"
+required_files="@SAMBA_ETCDIR@/smb.conf"
+extra_commands="reload"
+
+if [ -f /etc/rc.subr ]
+then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ @ECHO@ -n ' ${name}'
+ ${command} ${winbindd_flags}
+fi
diff --git a/security/winbind/patches/patch-aa b/security/winbind/patches/patch-aa
new file mode 100644
index 00000000000..2d15350a008
--- /dev/null
+++ b/security/winbind/patches/patch-aa
@@ -0,0 +1,31 @@
+$NetBSD: patch-aa,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- Makefile.in.orig Sun Jul 28 18:13:04 2002
++++ Makefile.in
+@@ -89,6 +89,8 @@ FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $
+ FLAGS = $(ISA) $(FLAGS5) $(PASSWD_FLAGS)
+ FLAGS32 = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS)
+
++PAM_NEEDS_LIBC = @PAM_NEEDS_LIBC@
++
+ WINBIND_PROGS = @WINBIND_TARGETS@
+ WINBIND_SPROGS = @WINBIND_STARGETS@
+ WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@
+@@ -650,7 +652,7 @@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOB
+
+ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ) bin/.dummy
+ @echo Linking shared library $@
+- $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \
++ $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(PAM_NEEDS_LIBC) \
+ @SONAMEFLAG@`basename $@`
+
+ nsswitch/libnss_wins.so: $(NSS_OBJ)
+@@ -674,7 +676,7 @@ nsswitch/libnss_winbind.so: $(WINBIND_NS
+
+ nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ)
+ @echo Linking $@
+- @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) \
++ @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) $(LDFLAGS) $(DYNEXP) $(PAM_NEEDS_LIBC) \
+ @SONAMEFLAG@`basename $@`
+
+ bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
diff --git a/security/winbind/patches/patch-ab b/security/winbind/patches/patch-ab
new file mode 100644
index 00000000000..a99a3e7b734
--- /dev/null
+++ b/security/winbind/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- configure.in.orig Sun Jul 28 18:13:04 2002
++++ configure.in
+@@ -1976,6 +1976,10 @@ AC_ARG_WITH(pam,
+ # we can't build a pam module if we don't have pam.
+ AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)])
+
++dnl Checks for libraries.
++AC_CHECK_LIB(c, __libc_sched_setscheduler, PAM_NEEDS_LIBC=, PAM_NEEDS_LIBC=-lc)
++AC_SUBST(PAM_NEEDS_LIBC)
++
+ #################################################
+ # check for pam_smbpass support
+ AC_MSG_CHECKING(whether to use pam_smbpass)
diff --git a/security/winbind/patches/patch-ac b/security/winbind/patches/patch-ac
new file mode 100644
index 00000000000..6e2e59e00eb
--- /dev/null
+++ b/security/winbind/patches/patch-ac
@@ -0,0 +1,71 @@
+$NetBSD: patch-ac,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- configure.orig Sun Jul 28 18:13:04 2002
++++ configure
+@@ -1106,7 +1106,7 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCR
+
+ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+-for ac_prog in gawk mawk nawk awk
++for ac_prog in mawk gawk nawk awk
+ do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+ set dummy $ac_prog; ac_word=$2
+@@ -11945,6 +11945,49 @@ else
+ fi
+
+
++echo $ac_n "checking for __libc_sched_setscheduler in -lc""... $ac_c" 1>&6
++echo "configure:11950: checking for __libc_sched_setscheduler in -lc" >&5
++ac_lib_var=`echo c'_'__libc_sched_setscheduler | sed 'y%./+-%__p_%'`
++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ ac_save_LIBS="$LIBS"
++LIBS="-lc $LIBS"
++cat > conftest.$ac_ext <<EOF
++#line 11958 "configure"
++#include "confdefs.h"
++/* Override any gcc2 internal prototype to avoid an error. */
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char __libc_sched_setscheduler();
++
++int main() {
++__libc_sched_setscheduler()
++; return 0; }
++EOF
++if { (eval echo configure:11969: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=yes"
++else
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=no"
++fi
++rm -f conftest*
++LIBS="$ac_save_LIBS"
++
++fi
++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ PAM_NEEDS_LIBC=
++else
++ echo "$ac_t""no" 1>&6
++PAM_NEEDS_LIBC=-lc
++fi
++
++
++
+ #################################################
+ # check for pam_smbpass support
+ echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
+@@ -13787,6 +13830,7 @@ s%@TERMLIBS@%$TERMLIBS%g
+ s%@TERMLDFLAGS@%$TERMLDFLAGS%g
+ s%@ROFF@%$ROFF%g
+ s%@DYNEXP@%$DYNEXP%g
++s%@PAM_NEEDS_LIBC@%$PAM_NEEDS_LIBC%g
+ s%@LDAPLIBS@%$LDAPLIBS%g
+ s%@QUOTAOBJS@%$QUOTAOBJS%g
+ s%@WINBIND_TARGETS@%$WINBIND_TARGETS%g
diff --git a/security/winbind/patches/patch-ad b/security/winbind/patches/patch-ad
new file mode 100644
index 00000000000..da6b2ba7d59
--- /dev/null
+++ b/security/winbind/patches/patch-ad
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- include/local.h.orig Sat Feb 2 19:46:39 2002
++++ include/local.h
+@@ -170,10 +170,10 @@
+ * Default passwd chat script.
+ */
+
+-#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*"
++#define DEFAULT_PASSWD_CHAT "*\\n*ew\\spassword* %n\\n *ew\\spassword* %n\\n *updating\\sthe\\sdatabase...\\npasswd:\\sdone\\n"
+
+ /* Minimum length of allowed password when changing UNIX password. */
+-#define MINPASSWDLENGTH 5
++#define MINPASSWDLENGTH 6
+
+ /* maximum ID number used for session control. This cannot be larger
+ than 62*62 for the current code */
diff --git a/security/winbind/patches/patch-ae b/security/winbind/patches/patch-ae
new file mode 100644
index 00000000000..665e6637600
--- /dev/null
+++ b/security/winbind/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1.1.1 2002/07/29 04:19:00 jlam Exp $
+
+--- profile/profile.c.orig Sat Feb 2 19:46:49 2002
++++ profile/profile.c
+@@ -22,7 +22,7 @@
+
+ #include "includes.h"
+
+-#define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R>>3) | (SHM_R>>6))
++#define IPC_PERMS ((S_IRUSR | S_IWUSR) | S_IRGRP | S_IROTH)
+
+ static int shm_id;
+ static BOOL read_only;