diff options
author | jeh <jeh@FreeBSD.org> | 2000-11-01 19:59:18 +0800 |
---|---|---|
committer | jeh <jeh@FreeBSD.org> | 2000-11-01 19:59:18 +0800 |
commit | 8d68fc3632fc7cb21a93f3532191003cd83ccf48 (patch) | |
tree | 9c798de56950cadbcf94bb3553965ab8d1897864 /security/cyrus-sasl2 | |
parent | 032206df1c271325db78d0f2e89609faa8d38ca2 (diff) | |
download | freebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.gz freebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.zst freebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.zip |
- Change /var/pwcheck permissions so Postfix can use pwcheck for SASL Authentication.
- Update MySQL & LDAP Authentication Methods
- Correct bento warning for extra file (Sendmail.conf).
- Correct mysql detection code in configure.sasl, and use LIB_DEPENDS for db3.
PR: 22462
Submitted by: Scot W. Hetzel <hetzels@westbend.net> MAINTAINER
Diffstat (limited to 'security/cyrus-sasl2')
-rw-r--r-- | security/cyrus-sasl2/Makefile | 4 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-ai | 106 | ||||
-rw-r--r-- | security/cyrus-sasl2/pkg-install | 2 | ||||
-rw-r--r-- | security/cyrus-sasl2/pkg-plist | 12 | ||||
-rw-r--r-- | security/cyrus-sasl2/scripts/configure.sasl | 9 |
5 files changed, 44 insertions, 89 deletions
diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile index cf06b0f6dc03..593f4862bf1a 100644 --- a/security/cyrus-sasl2/Makefile +++ b/security/cyrus-sasl2/Makefile @@ -7,7 +7,7 @@ PORTNAME= cyrus-sasl PORTVERSION= 1.5.24 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \ ${MASTER_SITE_LOCAL} \ @@ -120,7 +120,7 @@ post-install: @${SED} -e "/%%PREFIX%%/s##${PREFIX}#g" ${FILESDIR}/pwcheck.sh \ > ${PREFIX}/etc/rc.d/pwcheck.sh @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh - ${INSTALL} -d -m 700 -o cyrus -g cyrus /var/pwcheck + ${INSTALL} -d -m 760 -o cyrus -g cyrus /var/pwcheck .if !defined(NOPORTDOCS) @${MKDIR} ${PREFIX}/share/doc/SASL/html .for file in ${DOCS} diff --git a/security/cyrus-sasl2/files/patch-ai b/security/cyrus-sasl2/files/patch-ai index a630c2ca8d67..ea925f0e9f6f 100644 --- a/security/cyrus-sasl2/files/patch-ai +++ b/security/cyrus-sasl2/files/patch-ai @@ -1,5 +1,5 @@ --- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000 -+++ lib/checkpw.c Sat Sep 16 21:07:33 2000 ++++ lib/checkpw.c Tue Oct 31 20:52:21 2000 @@ -95,10 +95,19 @@ #include <sys/un.h> #ifdef HAVE_UNISTD_H @@ -81,13 +81,14 @@ if (reply) { *reply = NULL; } -@@ -902,6 +928,260 @@ +@@ -902,6 +928,224 @@ #endif +#ifdef HAVE_MYSQL +/* DMZ mysql auth 12/29/1999 + * Updated to 1.5.24 by SWH 09/12/2000 ++ * changed to malloc qbuf Simon Loader 10/21/2000 + */ +#ifdef USE_CRYPT_PASSWORD +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" @@ -105,7 +106,7 @@ + unsigned int numrows; + MYSQL mysql,*sock; + MYSQL_RES *result; -+ char qbuf[300]; ++ char *qbuf; + char *db_user="", + *db_passwd="", + *db_host="", @@ -152,9 +153,17 @@ + return SASL_FAIL; + } + /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ ++ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol) ++ +strlen(db_table)+strlen(db_uidcol) ++ +strlen(userid)+strlen(db_pwcol) ++ +strlen(password)+1)) == NULL ) { ++ if (reply) { *reply = "cannot malloc memory for sql query"; } ++ return SASL_FAIL; ++ } + sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); + if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) + { ++ free(qbuf); + mysql_close(sock); + return SASL_FAIL; + } @@ -166,13 +175,16 @@ + mysql_free_result(result); + mysql_close(sock); + if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } ++ free(qbuf); + return SASL_BADAUTH; + } else { ++ free(qbuf); + mysql_free_result(result); + mysql_close(sock); + return SASL_OK; + } + } ++ free(qbuf); + mysql_free_result(result); + mysql_close(sock); + return SASL_BADAUTH; @@ -182,6 +194,7 @@ +#ifdef HAVE_LDAP +/* simon@surf.org.uk LDAP auth 07/11/2000 + * Updated to 1.5.24 by SWH 09/12/2000 ++ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000 + */ + +#define LDAP_SERVER "localhost" @@ -215,24 +228,19 @@ +{ + + LDAP *ld; -+ LDAPMessage *result; -+ LDAPMessage *entry; -+ char *attrs[2]; -+ char filter[200]; + char *dn, + *ldap_server="", + *ldap_basedn="", + *ldap_uidattr="", + *port_num=""; + int ldap_port = LDAP_PORT; -+ int count; + sasl_getopt_t *getopt; + void *context; + + /* If the password is NULL, reject the login... + * Otherwise the bind will succed as a reference bind. Not good... + */ -+ if (strcmp(password,"") == 0) ++ if (!userid || !password) + { + return SASL_BADPARAM; + } @@ -264,75 +272,31 @@ + /* Open the LDAP connection. */ + if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) + { -+ if (reply) { *reply = "cannot connect to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ /* Bind anonymously so that you can find the DN of the appropriate user. */ -+ if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS) -+ { -+ ldap_unbind(ld); -+ if (reply) { *reply = "cannot bind to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ /* Generate a filter that will return the entry with a matching UID */ -+ sprintf(filter,"(%s=%s)", ldap_uidattr,userid); -+ -+ /* Just return country...This doesn't actually matter, since we will -+ * not read the attributes and values, only the DN -+ */ -+ attrs[0] = "c"; -+ attrs[1] = NULL; -+ -+ /* Perform the search... */ -+ if (ldap_search_s(ld,ldap_basedn,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result) != LDAP_SUCCESS ) -+ { -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ /* If the entry count is not equal to one, either the UID was not unique or -+ * there was no match -+ */ -+ if ((count = ldap_count_entries(ld,result)) != 1) -+ { -+ ldap_msgfree(result); -+ ldap_unbind(ld); -+ if ((count > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } -+ return SASL_BADAUTH; -+ } -+ -+ /* Get the first entry */ -+ if ((entry = ldap_first_entry(ld,result)) == NULL) -+ { -+ ldap_msgfree(result); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; ++ if (reply) { *reply = "cannot connect to LDAP server"; } ++ return SASL_FAIL; + } + -+ /* Get the DN of the entry */ -+ if ((dn = ldap_get_dn(ld,entry)) == NULL) -+ { -+ ldap_msgfree(entry); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; ++ if ( (dn = (char *)malloc(strlen(ldap_uidattr) ++ +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) { ++ if (reply) { *reply = "cannnot allocate memory for ldap dn"; } ++ return SASL_FAIL; + } ++ /* Generate a dn that we will try and login with */ ++ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn); + -+ /* Now bind as the DN with the password supplied earlier... -+ * Successful bind means the password was correct, otherwise the -+ * password is invalid. ++ /* ++ * Just try and bind with the dn we have been given ++ * In most cases the basedn is correct. ++ * If this is not so I have a version or that too ++ * Simon@surf.org.uk + */ -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) -+ { -+ free(dn); -+ ldap_msgfree(entry); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; ++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) { ++ free(dn); ++ ldap_unbind(ld); ++ return SASL_BADAUTH; + } + + free(dn); -+ ldap_msgfree(entry); + ldap_unbind(ld); + return SASL_OK; +} @@ -342,7 +306,7 @@ struct sasl_verify_password_s _sasl_verify_password[] = { { "sasldb", &sasldb_verify_password }, #ifdef HAVE_KRB -@@ -921,6 +1201,12 @@ +@@ -921,6 +1165,12 @@ #endif #ifdef HAVE_PWCHECK { "pwcheck", &pwcheck_verify_password }, diff --git a/security/cyrus-sasl2/pkg-install b/security/cyrus-sasl2/pkg-install index b3b0fa2cdd31..785e57aea06e 100644 --- a/security/cyrus-sasl2/pkg-install +++ b/security/cyrus-sasl2/pkg-install @@ -3,7 +3,7 @@ # $FreeBSD$ # # Created by: stb@FreeBSD.org for the cyrus imap server -# Added to the cyrus-sasl port by hetzel@westbend.net +# Added to the cyrus-sasl port by hetzels@westbend.net #set -vx diff --git a/security/cyrus-sasl2/pkg-plist b/security/cyrus-sasl2/pkg-plist index dbb7a8d31995..e428a3fef312 100644 --- a/security/cyrus-sasl2/pkg-plist +++ b/security/cyrus-sasl2/pkg-plist @@ -1,7 +1,5 @@ -@unexec %D/etc/rc.d/pwcheck.sh stop ; echo "pwcheck stopped." +@unexec [ -r /var/run/pwcheck.pid ] && %D/etc/rc.d/pwcheck.sh stop && echo " stopped." etc/rc.d/pwcheck.sh -@comment remove ../etc/sasldb.db only if it exists and has a zero size. -@unexec [ -f %D/etc/sasldb.db -a ! -s %D/etc/sasldb.db ] && rm %D/etc/sasldb.db include/sasl/hmac-md5.h include/sasl/md5.h include/sasl/md5global.h @@ -33,10 +31,6 @@ lib/sasl/liblogin.so.0 lib/sasl/libplain.a lib/sasl/libplain.so lib/sasl/libplain.so.1 -@comment Sendmail.conf should be installed/uninstalled by Sendmail 8.11. -@comment We install it here because Sendmail 8.11 is in the base system. -@unexec echo "pwcheck_method: pwcheck" > %B/Sendmail.conf.tmp -@unexec if cmp -s %B/Sendmail.conf %B/Sendmail.conf.tmp; then rm -f %B/Sendmail.conf %B/Sendmail.conf.tmp; else rm -f %B/Sendmail.conf.tmp fi sbin/sasldblistusers sbin/saslpasswd sbin/pwcheck @@ -62,11 +56,11 @@ sbin/pwcheck %%NOPORTDOCS%%@dirrm share/doc/SASL/html %%NOPORTDOCS%%@dirrm share/doc/SASL @dirrm lib/sasl -@mode u=rwx,go= +@mode u=rwx,g=rw,o= @cwd /var @exec mkdir pwcheck @exec chown cyrus:cyrus pwcheck -@exec chmod go= pwcheck +@exec chmod o= pwcheck @comment This file gets created by the pwcheck program @unexec rm -f /var/pwcheck/pwcheck @dirrm pwcheck diff --git a/security/cyrus-sasl2/scripts/configure.sasl b/security/cyrus-sasl2/scripts/configure.sasl index 540ab1afa5e5..40e33f3c69a3 100644 --- a/security/cyrus-sasl2/scripts/configure.sasl +++ b/security/cyrus-sasl2/scripts/configure.sasl @@ -20,12 +20,12 @@ if [ "${BATCH}" ]; then fi else - if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so ] ; then + if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so.1 ] ; then SET_DB3="ON" else SET_DB3="OFF" fi - if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/libmysqlclient.so ] ; then + if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then SET_MYSQL="ON" else SET_MYSQL="OFF" @@ -71,10 +71,7 @@ echo "PREFIX= ${PREFIX}" while [ "$1" ]; do case $1 in \"DB3\") - #Can't use LIB_DEPENDS - no libdb3.so.1 in db3 port - #echo "LIB_DEPENDS+= db3.1:\${PORTSDIR}/databases/db3" - echo "BUILD_DEPENDS+= \${LOCALBASE}/lib/libdb3.1.so:\${PORTSDIR}/databases/db3" - echo "RUN_DEPENDS+= \${LOCALBASE}/lib/libdb3.1.so:\${PORTSDIR}/databases/db3" + echo "LIB_DEPENDS+= db3.1:\${PORTSDIR}/databases/db3" echo "CONFIGURE_ARGS+=--with-dblib=berkeley" ;; \"MySQL\") |