diff options
| author | jlam <jlam@pkgsrc.org> | 2002-07-31 03:23:06 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2002-07-31 03:23:06 +0000 |
| commit | 0b78108b2e426f014c78ecf8352bed816de2d384 (patch) | |
| tree | 692f112313fa60b81c453a0586b14b957b65b947 /security | |
| parent | d9d20415b9acf803d48248f4fc33b02bbcc9a494 (diff) | |
| download | pkgsrc-0b78108b2e426f014c78ecf8352bed816de2d384.tar.gz | |
Build and install "saslauthd", a daemon running as root that performs
plaintext password authentication for Cyrus SASL. This will allow daemons
_not_ running as root to perform SASL PLAIN authentication (including
getpwent and PAM). Bump PKGREVISION to 1.
Diffstat (limited to 'security')
| -rw-r--r-- | security/cyrus-sasl/DEINSTALL | 6 | ||||
| -rw-r--r-- | security/cyrus-sasl/Makefile | 32 | ||||
| -rw-r--r-- | security/cyrus-sasl/PLIST.common | 6 | ||||
| -rw-r--r-- | security/cyrus-sasl/distinfo | 4 | ||||
| -rw-r--r-- | security/cyrus-sasl/files/sasl_pwcheck.sh | 14 | ||||
| -rw-r--r-- | security/cyrus-sasl/files/saslauthd.sh | 45 | ||||
| -rw-r--r-- | security/cyrus-sasl/patches/patch-aj | 13 | ||||
| -rw-r--r-- | security/cyrus-sasl/patches/patch-ak | 13 |
8 files changed, 115 insertions, 18 deletions
diff --git a/security/cyrus-sasl/DEINSTALL b/security/cyrus-sasl/DEINSTALL index 499d1ba5e9d..75d06a8612e 100644 --- a/security/cyrus-sasl/DEINSTALL +++ b/security/cyrus-sasl/DEINSTALL @@ -1,14 +1,14 @@ #!/bin/sh # -# $NetBSD: DEINSTALL,v 1.4 2002/01/31 20:42:08 jlam Exp $ +# $NetBSD: DEINSTALL,v 1.5 2002/07/31 03:23:06 jlam Exp $ SASLDB=@PKG_SYSCONFDIR@/sasldb.db -PWCHECKDIR=@PWCHECKDIR@ +SASLSOCKETDIR=@SASLSOCKETDIR@ case ${STAGE} in POST-DEINSTALL) ${RM} -f /usr/lib/sasl - ${RM} -rf ${PWCHECKDIR} + ${RM} -rf ${SASLSOCKETDIR} if [ -e ${SASLDB} ] then ${CAT} << EOF diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile index a28ef00ce5e..c9f09bf7c12 100644 --- a/security/cyrus-sasl/Makefile +++ b/security/cyrus-sasl/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2002/07/22 19:19:39 jlam Exp $ +# $NetBSD: Makefile,v 1.30 2002/07/31 03:23:06 jlam Exp $ DISTNAME= cyrus-sasl-1.5.27 SVR4_PKGNAME= csasl +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \ ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/OLD-VERSIONS/sasl/ @@ -28,14 +29,16 @@ CYRUS_GROUP?= mail FILES_SUBST+= CYRUS_USER=${CYRUS_USER} HTMLDIR= ${PREFIX}/share/doc/html/cyrus-sasl -PWCHECKDIR= /var/pwcheck -FILES_SUBST+= PWCHECKDIR=${PWCHECKDIR} +SASLSOCKETDIR= /var/run/sasl +FILES_SUBST+= SASLSOCKETDIR=${SASLSOCKETDIR} +PLIST_SUBST+= SASLSOCKETDIR=${SASLSOCKETDIR} BUILD_DEFS+= CYRUS_USER CYRUS_GROUP PLIST_SRC= ${.CURDIR}/PLIST.common -CONFIGURE_ARGS+= --with-pwcheck=${PWCHECKDIR} +CONFIGURE_ARGS+= --with-pwcheck=${SASLSOCKETDIR} +CONFIGURE_ARGS+= --with-saslauthd=${SASLSOCKETDIR} CONFIGURE_ARGS+= --with-dblib=ndbm CONFIGURE_ARGS+= --with-dbpath=${PKG_SYSCONFDIR}/sasldb CONFIGURE_ARGS+= --with-plugindir=${PREFIX}/lib/sasl @@ -63,16 +66,17 @@ CONFIGURE_ARGS+= --disable-gssapi # --- no GSSAPI PLIST_SRC+= ${.CURDIR}/PLIST.plugins .if defined(USE_PAM) -.include "../../security/PAM/buildlink.mk" +. include "../../security/PAM/buildlink.mk" BUILD_DEFS+= USE_PAM -CONFIGURE_ARGS+= --with-pam=${PREFIX} +CONFIGURE_ARGS+= --with-pam=${BUILDLINK_DIR} +.else +CONFIGURE_ARGS+= --without-pam .endif PKG_GROUPS= ${CYRUS_GROUP} PKG_USERS= ${CYRUS_USER}:${CYRUS_GROUP}::::${SH} -RCD_SCRIPTS= sasl_pwcheck +RCD_SCRIPTS= sasl_pwcheck saslauthd OWN_DIRS= ${PREFIX}/lib/sasl -OWN_DIRS_PERMS= ${PWCHECKDIR} ${CYRUS_USER} ${ROOT_GROUP} 0700 DEINSTALL_EXTRA_TMPL= ${.CURDIR}/DEINSTALL INSTALL_EXTRA_TMPL= ${.CURDIR}/INSTALL @@ -88,12 +92,16 @@ pre-configure: ${LOCALBASE}/bin/autoconf pre-install: - @${SED} ${FILES_SUBST_SED} ${FILESDIR}/sasl_pwcheck.sh \ - > ${WRKDIR}/sasl_pwcheck.sh + @for script in ${RCD_SCRIPTS}; do \ + ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${script}.sh \ + > ${WRKDIR}/$${script}; \ + done post-install: - ${INSTALL_SCRIPT} ${WRKDIR}/sasl_pwcheck.sh \ - ${PREFIX}/etc/rc.d/sasl_pwcheck + for script in ${RCD_SCRIPTS}; do \ + ${INSTALL_SCRIPT} ${WRKDIR}/$${script} \ + ${PREFIX}/etc/rc.d/$${script}; \ + done ${INSTALL_DATA_DIR} ${HTMLDIR} cd ${WRKSRC}/doc; ${INSTALL_DATA} *.html *.txt ${HTMLDIR} diff --git a/security/cyrus-sasl/PLIST.common b/security/cyrus-sasl/PLIST.common index 131a177f21a..56498d790e4 100644 --- a/security/cyrus-sasl/PLIST.common +++ b/security/cyrus-sasl/PLIST.common @@ -1,6 +1,7 @@ -@comment $NetBSD: PLIST.common,v 1.2 2002/01/13 14:23:38 skrll Exp $ +@comment $NetBSD: PLIST.common,v 1.3 2002/07/31 03:23:06 jlam Exp $ bin/sasl-config etc/rc.d/sasl_pwcheck +etc/rc.d/saslauthd include/hmac-md5.h include/sasl.h include/saslplug.h @@ -35,9 +36,11 @@ man/man3/sasl_server_start.3 man/man3/sasl_server_step.3 man/man3/sasl_setprop.3 man/man3/sasl_usererr.3 +man/man8/saslauthd.8 man/man8/sasldblistusers.8 man/man8/saslpasswd.8 sbin/pwcheck +sbin/saslauthd sbin/sasldblistusers sbin/saslpasswd share/doc/html/cyrus-sasl/draft-newman-auth-scram-03.txt @@ -52,3 +55,4 @@ share/doc/html/cyrus-sasl/rfc2245.txt share/doc/html/cyrus-sasl/rfc2831.txt share/doc/html/cyrus-sasl/sysadmin.html @dirrm share/doc/html/cyrus-sasl +@unexec ${RM} -rf ${SASLSOCKETDIR} diff --git a/security/cyrus-sasl/distinfo b/security/cyrus-sasl/distinfo index c6243bc6c2c..01828ee9826 100644 --- a/security/cyrus-sasl/distinfo +++ b/security/cyrus-sasl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2002/03/24 23:30:19 wiz Exp $ +$NetBSD: distinfo,v 1.6 2002/07/31 03:23:07 jlam Exp $ SHA1 (cyrus-sasl-1.5.27.tar.gz) = eedaec8355219b61e64236e3a5d9845d3af5a13d Size (cyrus-sasl-1.5.27.tar.gz) = 528252 bytes @@ -11,3 +11,5 @@ SHA1 (patch-af) = 3910389c08f72aaea6c964dbb846843fc57889df SHA1 (patch-ag) = acfc55182396a96d3fccdb93ba3c6207eb7c154f SHA1 (patch-ah) = 84bb1809f9d1914746ca02de3ffc55149c28dd75 SHA1 (patch-ai) = 55ade1200d2c5b8f20b4c1775d6c3b7d3b8ef278 +SHA1 (patch-aj) = 386ebb6e33c93bed497b438b397e903200eb4549 +SHA1 (patch-ak) = c65c4b2f9082e8beedcedca140410f31f9599b76 diff --git a/security/cyrus-sasl/files/sasl_pwcheck.sh b/security/cyrus-sasl/files/sasl_pwcheck.sh index 6415442cfe8..aa2243707a4 100644 --- a/security/cyrus-sasl/files/sasl_pwcheck.sh +++ b/security/cyrus-sasl/files/sasl_pwcheck.sh @@ -1,6 +1,6 @@ #! /bin/sh # -# $NetBSD: sasl_pwcheck.sh,v 1.7 2002/02/05 06:04:40 jlam Exp $ +# $NetBSD: sasl_pwcheck.sh,v 1.8 2002/07/31 03:23:07 jlam Exp $ # # The pwcheck daemon allows UNIX password authentication with Cyrus SASL. # @@ -16,6 +16,17 @@ name="sasl_pwcheck" rcvar="${name}" command="@PREFIX@/sbin/pwcheck" command_args="& sleep 2" +start_precmd=sasl_pwcheck_precmd + +sasl_pwcheck_precmd() +{ + if [ ! -d @SASLSOCKETDIR@ ] + then + @MKDIR@ @SASLSOCKETDIR@ + @CHMOD@ 0700 @SASLSOCKETDIR@ + @CHOWN@ @CYRUS_USER@ @SASLSOCKETDIR@ + fi +} if [ -f /etc/rc.subr ] then @@ -23,5 +34,6 @@ then run_rc_command "$1" else @ECHO@ -n " ${name}" + eval ${start_precmd} ${command} ${sasl_pwcheck_flags} ${command_args} fi diff --git a/security/cyrus-sasl/files/saslauthd.sh b/security/cyrus-sasl/files/saslauthd.sh new file mode 100644 index 00000000000..273c35f782a --- /dev/null +++ b/security/cyrus-sasl/files/saslauthd.sh @@ -0,0 +1,45 @@ +#! /bin/sh +# +# $NetBSD: saslauthd.sh,v 1.1 2002/07/31 03:23:07 jlam Exp $ +# +# The saslauthd daemon allows cleartext UNIX password authentication via +# several authentication mechanisms with Cyrus SASL. +# +# PROVIDE: saslauthd +# REQUIRE: DAEMON + +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + +name="saslauthd" +rcvar="${name}" +command="@PREFIX@/sbin/saslauthd" +command_args="& sleep 2" +start_precmd="saslauthd_precmd" + +# Default to authenticating against local password database. +if [ -z "${saslauthd_flags}" ] +then + saslauthd_flags="-a getpwent" +fi + +saslauthd_precmd() +{ + if [ ! -d @SASLSOCKETDIR@ ] + then + @MKDIR@ @SASLSOCKETDIR@ + @CHMOD@ 0700 @SASLSOCKETDIR@ + @CHOWN@ @CYRUS_USER@ @SASLSOCKETDIR@ + fi +} + +if [ -f /etc/rc.subr ] +then + load_rc_config $name + run_rc_command "$1" +else + @ECHO@ -n " ${name}" + ${command} ${saslauthd_flags} ${command_args} +fi diff --git a/security/cyrus-sasl/patches/patch-aj b/security/cyrus-sasl/patches/patch-aj new file mode 100644 index 00000000000..2510133d45a --- /dev/null +++ b/security/cyrus-sasl/patches/patch-aj @@ -0,0 +1,13 @@ +$NetBSD: patch-aj,v 1.1 2002/07/31 03:23:07 jlam Exp $ + +--- saslauthd/Makefile.am.orig Fri Mar 23 20:41:35 2001 ++++ saslauthd/Makefile.am +@@ -2,7 +2,7 @@ sbin_PROGRAMS = saslauthd + man_MANS = saslauthd.8 + + saslauthd_SOURCES = saslauthd.c mechanisms.c globals.h mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c auth_getpwent.h auth_krb4.c auth_krb4.h auth_pam.c auth_pam.h auth_rimap.c auth_rimap.h auth_shadow.c auth_shadow.h auth_sia.c auth_sia.h +-saslauthd_LDADD = @SASL_KRB_LIB@ ++saslauthd_LDADD = @PLAIN_LIBS@ + + INCLUDES = -I$(top_srcdir)/include + EXTRA_DIST = saslauthd.8 diff --git a/security/cyrus-sasl/patches/patch-ak b/security/cyrus-sasl/patches/patch-ak new file mode 100644 index 00000000000..242fb18bf86 --- /dev/null +++ b/security/cyrus-sasl/patches/patch-ak @@ -0,0 +1,13 @@ +$NetBSD: patch-ak,v 1.1 2002/07/31 03:23:07 jlam Exp $ + +--- lib/checkpw.c.orig Sat Feb 17 00:06:48 2001 ++++ lib/checkpw.c +@@ -1127,7 +1127,7 @@ static int saslauthd_verify_password(sas + r = connect(s, (struct sockaddr *) &srvaddr, sizeof(srvaddr)); + if (r == -1) { + if (reply) +- *reply = "cannot connect to pwcheck server"; ++ *reply = "cannot connect to saslauthd server"; + return SASL_FAIL; + } + |