aboutsummaryrefslogtreecommitdiffstats
path: root/security/cyrus-sasl2
diff options
context:
space:
mode:
authorjeh <jeh@FreeBSD.org>2000-11-01 19:59:18 +0800
committerjeh <jeh@FreeBSD.org>2000-11-01 19:59:18 +0800
commit8d68fc3632fc7cb21a93f3532191003cd83ccf48 (patch)
tree9c798de56950cadbcf94bb3553965ab8d1897864 /security/cyrus-sasl2
parent032206df1c271325db78d0f2e89609faa8d38ca2 (diff)
downloadfreebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.gz
freebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.zst
freebsd-ports-gnome-8d68fc3632fc7cb21a93f3532191003cd83ccf48.zip
- Change /var/pwcheck permissions so Postfix can use pwcheck for SASL Authentication.
- Update MySQL & LDAP Authentication Methods - Correct bento warning for extra file (Sendmail.conf). - Correct mysql detection code in configure.sasl, and use LIB_DEPENDS for db3. PR: 22462 Submitted by: Scot W. Hetzel <hetzels@westbend.net> MAINTAINER
Diffstat (limited to 'security/cyrus-sasl2')
-rw-r--r--security/cyrus-sasl2/Makefile4
-rw-r--r--security/cyrus-sasl2/files/patch-ai106
-rw-r--r--security/cyrus-sasl2/pkg-install2
-rw-r--r--security/cyrus-sasl2/pkg-plist12
-rw-r--r--security/cyrus-sasl2/scripts/configure.sasl9
5 files changed, 44 insertions, 89 deletions
diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile
index cf06b0f6dc03..593f4862bf1a 100644
--- a/security/cyrus-sasl2/Makefile
+++ b/security/cyrus-sasl2/Makefile
@@ -7,7 +7,7 @@
PORTNAME= cyrus-sasl
PORTVERSION= 1.5.24
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \
${MASTER_SITE_LOCAL} \
@@ -120,7 +120,7 @@ post-install:
@${SED} -e "/%%PREFIX%%/s##${PREFIX}#g" ${FILESDIR}/pwcheck.sh \
> ${PREFIX}/etc/rc.d/pwcheck.sh
@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
- ${INSTALL} -d -m 700 -o cyrus -g cyrus /var/pwcheck
+ ${INSTALL} -d -m 760 -o cyrus -g cyrus /var/pwcheck
.if !defined(NOPORTDOCS)
@${MKDIR} ${PREFIX}/share/doc/SASL/html
.for file in ${DOCS}
diff --git a/security/cyrus-sasl2/files/patch-ai b/security/cyrus-sasl2/files/patch-ai
index a630c2ca8d67..ea925f0e9f6f 100644
--- a/security/cyrus-sasl2/files/patch-ai
+++ b/security/cyrus-sasl2/files/patch-ai
@@ -1,5 +1,5 @@
--- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000
-+++ lib/checkpw.c Sat Sep 16 21:07:33 2000
++++ lib/checkpw.c Tue Oct 31 20:52:21 2000
@@ -95,10 +95,19 @@
#include <sys/un.h>
#ifdef HAVE_UNISTD_H
@@ -81,13 +81,14 @@
if (reply) { *reply = NULL; }
-@@ -902,6 +928,260 @@
+@@ -902,6 +928,224 @@
#endif
+#ifdef HAVE_MYSQL
+/* DMZ mysql auth 12/29/1999
+ * Updated to 1.5.24 by SWH 09/12/2000
++ * changed to malloc qbuf Simon Loader 10/21/2000
+ */
+#ifdef USE_CRYPT_PASSWORD
+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')"
@@ -105,7 +106,7 @@
+ unsigned int numrows;
+ MYSQL mysql,*sock;
+ MYSQL_RES *result;
-+ char qbuf[300];
++ char *qbuf;
+ char *db_user="",
+ *db_passwd="",
+ *db_host="",
@@ -152,9 +153,17 @@
+ return SASL_FAIL;
+ }
+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
++ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
++ +strlen(db_table)+strlen(db_uidcol)
++ +strlen(userid)+strlen(db_pwcol)
++ +strlen(password)+1)) == NULL ) {
++ if (reply) { *reply = "cannot malloc memory for sql query"; }
++ return SASL_FAIL;
++ }
+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password);
+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
+ {
++ free(qbuf);
+ mysql_close(sock);
+ return SASL_FAIL;
+ }
@@ -166,13 +175,16 @@
+ mysql_free_result(result);
+ mysql_close(sock);
+ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
++ free(qbuf);
+ return SASL_BADAUTH;
+ } else {
++ free(qbuf);
+ mysql_free_result(result);
+ mysql_close(sock);
+ return SASL_OK;
+ }
+ }
++ free(qbuf);
+ mysql_free_result(result);
+ mysql_close(sock);
+ return SASL_BADAUTH;
@@ -182,6 +194,7 @@
+#ifdef HAVE_LDAP
+/* simon@surf.org.uk LDAP auth 07/11/2000
+ * Updated to 1.5.24 by SWH 09/12/2000
++ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
+ */
+
+#define LDAP_SERVER "localhost"
@@ -215,24 +228,19 @@
+{
+
+ LDAP *ld;
-+ LDAPMessage *result;
-+ LDAPMessage *entry;
-+ char *attrs[2];
-+ char filter[200];
+ char *dn,
+ *ldap_server="",
+ *ldap_basedn="",
+ *ldap_uidattr="",
+ *port_num="";
+ int ldap_port = LDAP_PORT;
-+ int count;
+ sasl_getopt_t *getopt;
+ void *context;
+
+ /* If the password is NULL, reject the login...
+ * Otherwise the bind will succed as a reference bind. Not good...
+ */
-+ if (strcmp(password,"") == 0)
++ if (!userid || !password)
+ {
+ return SASL_BADPARAM;
+ }
@@ -264,75 +272,31 @@
+ /* Open the LDAP connection. */
+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL)
+ {
-+ if (reply) { *reply = "cannot connect to LDAP server"; }
-+ return SASL_FAIL;
-+ }
-+
-+ /* Bind anonymously so that you can find the DN of the appropriate user. */
-+ if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS)
-+ {
-+ ldap_unbind(ld);
-+ if (reply) { *reply = "cannot bind to LDAP server"; }
-+ return SASL_FAIL;
-+ }
-+
-+ /* Generate a filter that will return the entry with a matching UID */
-+ sprintf(filter,"(%s=%s)", ldap_uidattr,userid);
-+
-+ /* Just return country...This doesn't actually matter, since we will
-+ * not read the attributes and values, only the DN
-+ */
-+ attrs[0] = "c";
-+ attrs[1] = NULL;
-+
-+ /* Perform the search... */
-+ if (ldap_search_s(ld,ldap_basedn,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result) != LDAP_SUCCESS )
-+ {
-+ ldap_unbind(ld);
-+ return SASL_BADAUTH;
-+ }
-+
-+ /* If the entry count is not equal to one, either the UID was not unique or
-+ * there was no match
-+ */
-+ if ((count = ldap_count_entries(ld,result)) != 1)
-+ {
-+ ldap_msgfree(result);
-+ ldap_unbind(ld);
-+ if ((count > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
-+ return SASL_BADAUTH;
-+ }
-+
-+ /* Get the first entry */
-+ if ((entry = ldap_first_entry(ld,result)) == NULL)
-+ {
-+ ldap_msgfree(result);
-+ ldap_unbind(ld);
-+ return SASL_BADAUTH;
++ if (reply) { *reply = "cannot connect to LDAP server"; }
++ return SASL_FAIL;
+ }
+
-+ /* Get the DN of the entry */
-+ if ((dn = ldap_get_dn(ld,entry)) == NULL)
-+ {
-+ ldap_msgfree(entry);
-+ ldap_unbind(ld);
-+ return SASL_BADAUTH;
++ if ( (dn = (char *)malloc(strlen(ldap_uidattr)
++ +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) {
++ if (reply) { *reply = "cannnot allocate memory for ldap dn"; }
++ return SASL_FAIL;
+ }
++ /* Generate a dn that we will try and login with */
++ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
+
-+ /* Now bind as the DN with the password supplied earlier...
-+ * Successful bind means the password was correct, otherwise the
-+ * password is invalid.
++ /*
++ * Just try and bind with the dn we have been given
++ * In most cases the basedn is correct.
++ * If this is not so I have a version or that too
++ * Simon@surf.org.uk
+ */
-+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS)
-+ {
-+ free(dn);
-+ ldap_msgfree(entry);
-+ ldap_unbind(ld);
-+ return SASL_BADAUTH;
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
++ free(dn);
++ ldap_unbind(ld);
++ return SASL_BADAUTH;
+ }
+
+ free(dn);
-+ ldap_msgfree(entry);
+ ldap_unbind(ld);
+ return SASL_OK;
+}
@@ -342,7 +306,7 @@
struct sasl_verify_password_s _sasl_verify_password[] = {
{ "sasldb", &sasldb_verify_password },
#ifdef HAVE_KRB
-@@ -921,6 +1201,12 @@
+@@ -921,6 +1165,12 @@
#endif
#ifdef HAVE_PWCHECK
{ "pwcheck", &pwcheck_verify_password },
diff --git a/security/cyrus-sasl2/pkg-install b/security/cyrus-sasl2/pkg-install
index b3b0fa2cdd31..785e57aea06e 100644
--- a/security/cyrus-sasl2/pkg-install
+++ b/security/cyrus-sasl2/pkg-install
@@ -3,7 +3,7 @@
# $FreeBSD$
#
# Created by: stb@FreeBSD.org for the cyrus imap server
-# Added to the cyrus-sasl port by hetzel@westbend.net
+# Added to the cyrus-sasl port by hetzels@westbend.net
#set -vx
diff --git a/security/cyrus-sasl2/pkg-plist b/security/cyrus-sasl2/pkg-plist
index dbb7a8d31995..e428a3fef312 100644
--- a/security/cyrus-sasl2/pkg-plist
+++ b/security/cyrus-sasl2/pkg-plist
@@ -1,7 +1,5 @@
-@unexec %D/etc/rc.d/pwcheck.sh stop ; echo "pwcheck stopped."
+@unexec [ -r /var/run/pwcheck.pid ] && %D/etc/rc.d/pwcheck.sh stop && echo " stopped."
etc/rc.d/pwcheck.sh
-@comment remove ../etc/sasldb.db only if it exists and has a zero size.
-@unexec [ -f %D/etc/sasldb.db -a ! -s %D/etc/sasldb.db ] && rm %D/etc/sasldb.db
include/sasl/hmac-md5.h
include/sasl/md5.h
include/sasl/md5global.h
@@ -33,10 +31,6 @@ lib/sasl/liblogin.so.0
lib/sasl/libplain.a
lib/sasl/libplain.so
lib/sasl/libplain.so.1
-@comment Sendmail.conf should be installed/uninstalled by Sendmail 8.11.
-@comment We install it here because Sendmail 8.11 is in the base system.
-@unexec echo "pwcheck_method: pwcheck" > %B/Sendmail.conf.tmp
-@unexec if cmp -s %B/Sendmail.conf %B/Sendmail.conf.tmp; then rm -f %B/Sendmail.conf %B/Sendmail.conf.tmp; else rm -f %B/Sendmail.conf.tmp fi
sbin/sasldblistusers
sbin/saslpasswd
sbin/pwcheck
@@ -62,11 +56,11 @@ sbin/pwcheck
%%NOPORTDOCS%%@dirrm share/doc/SASL/html
%%NOPORTDOCS%%@dirrm share/doc/SASL
@dirrm lib/sasl
-@mode u=rwx,go=
+@mode u=rwx,g=rw,o=
@cwd /var
@exec mkdir pwcheck
@exec chown cyrus:cyrus pwcheck
-@exec chmod go= pwcheck
+@exec chmod o= pwcheck
@comment This file gets created by the pwcheck program
@unexec rm -f /var/pwcheck/pwcheck
@dirrm pwcheck
diff --git a/security/cyrus-sasl2/scripts/configure.sasl b/security/cyrus-sasl2/scripts/configure.sasl
index 540ab1afa5e5..40e33f3c69a3 100644
--- a/security/cyrus-sasl2/scripts/configure.sasl
+++ b/security/cyrus-sasl2/scripts/configure.sasl
@@ -20,12 +20,12 @@ if [ "${BATCH}" ]; then
fi
else
- if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so ] ; then
+ if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so.1 ] ; then
SET_DB3="ON"
else
SET_DB3="OFF"
fi
- if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/libmysqlclient.so ] ; then
+ if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then
SET_MYSQL="ON"
else
SET_MYSQL="OFF"
@@ -71,10 +71,7 @@ echo "PREFIX= ${PREFIX}"
while [ "$1" ]; do
case $1 in
\"DB3\")
- #Can't use LIB_DEPENDS - no libdb3.so.1 in db3 port
- #echo "LIB_DEPENDS+= db3.1:\${PORTSDIR}/databases/db3"
- echo "BUILD_DEPENDS+= \${LOCALBASE}/lib/libdb3.1.so:\${PORTSDIR}/databases/db3"
- echo "RUN_DEPENDS+= \${LOCALBASE}/lib/libdb3.1.so:\${PORTSDIR}/databases/db3"
+ echo "LIB_DEPENDS+= db3.1:\${PORTSDIR}/databases/db3"
echo "CONFIGURE_ARGS+=--with-dblib=berkeley"
;;
\"MySQL\")