Add op 1.11, a program to allow others to run commands as root (like

sudo but different).  Hey, CERIAS @ Purdue wrote this.  Cool.

PR:		24771
Submitted by:	Cyrille Lefevre <clefevre@citeweb.net>

8 files changed, 171 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index e492facce5da..17a6db37871c 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -74,6 +74,7 @@
     SUBDIR += nmap
     SUBDIR += nmapfe
     SUBDIR += oidentd
+    SUBDIR += op
     SUBDIR += opencl
     SUBDIR += openssh
     SUBDIR += openssh-askpass
diff --git a/security/op/Makefile b/security/op/Makefile
new file mode 100644
index 000000000000..f9f246eee3b1
--- /dev/null
+++ b/security/op/Makefile
@@ -0,0 +1,97 @@
+# New ports collection makefile for:    op
+# Date created:         Monday 29 January 2001
+# Whom:                 Cyrille Lefevre <clefevre@citeweb.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	op
+PORTVERSION=	1.11
+CATEGORIES=	security
+MASTER_SITES=	ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \
+		ftp://ftp.cso.uiuc.edu/pub/security/coast/%SUBDIR%/ \
+		ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \
+		ftp://ftp.hacktic.nl/pub/security/coast.cs.purdue.edu/%SUBDIR%/ \
+		ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/
+MASTER_SITE_SUBDIR=	unix/sysutils/${PORTNAME}
+
+MAINTAINER=	clefevre@citeweb.net
+
+#
+# Clobal variables
+#
+
+BINMODE=	4555
+MAKE_ARGS+=	BASE="${PREFIX}" \
+		OPTS='-Dbsdi -DOP_ACCESS=\"${PREFIX}/etc/op.access\"' \
+		LIBS='-ll -lcrypt' \
+		BINOWN=${BINOWN} BINGRP=${BINGRP} BINMODE=${BINMODE} \
+		MANOWN=${MANOWN} MANGRP=${MANGRP} MANMODE=${MANMODE}
+ALL_TARGET=	${PORTNAME}
+
+MAN8=		op.8
+
+PKGDEINSTALL=	${PKGINSTALL}
+
+#
+# Local variables
+#
+
+RCS_SUBDIR=	RCS
+
+SAMP_DIR=	${PREFIX}/etc
+DOC_DIR=	${PREFIX}/share/doc/${PKGBASE}
+
+CONF_FILE=	op.access
+SAMP_FILE=	${CONF_FILE}
+SAMP_SUFX=	.sample
+DOC_FILES=	README op.paper
+
+CO?=		co
+
+#
+# Post-extract
+#
+
+post-extract: checkout-files
+
+checkout-files:
+	@cd ${WRKSRC} && ${CO} -q ${RCS_SUBDIR}/*
+
+#
+# Post-patch
+#
+
+post-patch: patch-install patch-conf-file
+
+patch-install:
+	@${PERL} -pi.fbsd -e 's/(install)/$$1 -c/ if (!/:/);' \
+		${WRKSRC}/Makefile
+
+patch-conf-file:
+	@${PERL} -pi.fbsd -e 's/^/#/ if (!/^#|DEFAULT|MAGIC/);' \
+		${WRKSRC}/${CONF_FILE}
+
+#
+# Post-install
+#
+
+post-install: install-samp-files install-conf-file install-doc-files
+
+install-samp-files:
+	@${INSTALL_DATA} ${WRKSRC}/${CONF_FILE} \
+		${SAMP_DIR}/${SAMP_FILE}${SAMP_SUFX}
+
+install-conf-file:
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
+		${PKGINSTALL} ${PKGNAME} POST-INSTALL
+
+install-doc-files:
+.if !defined(NOPORTSDOC)
+	@${MKDIR} ${DOC_DIR}
+.for file in ${DOC_FILES}
+	@${INSTALL_DATA} ${WRKSRC}/${file} ${DOC_DIR}/${file}
+.endfor
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/op/distinfo b/security/op/distinfo
new file mode 100644
index 000000000000..506aa45dbe63
--- /dev/null
+++ b/security/op/distinfo
@@ -0,0 +1 @@
+MD5 (op-1.11.tar.gz) = 9790452f1adfe08e08ea2fa0d015b1b3
diff --git a/security/op/files/patch-defs.h b/security/op/files/patch-defs.h
new file mode 100644
index 000000000000..a953a8d8c372
--- /dev/null
+++ b/security/op/files/patch-defs.h
@@ -0,0 +1,9 @@
+--- defs.h.orig	Sun Nov 23 01:11:52 1997
++++ defs.h	Tue Jan 30 09:45:22 2001
+@@ -19,4 +19,6 @@
+ extern cmd_t	*First, *Build();
+ 
+ #define MAXSTRLEN	256
++#ifndef OP_ACCESS
+ #define OP_ACCESS	"/usr/local/etc/op.access"
++#endif
diff --git a/security/op/pkg-comment b/security/op/pkg-comment
new file mode 100644
index 000000000000..6996dc1566a9
--- /dev/null
+++ b/security/op/pkg-comment
@@ -0,0 +1 @@
+Allow others to run commands as root (like sudo but different)
diff --git a/security/op/pkg-descr b/security/op/pkg-descr
new file mode 100644
index 000000000000..c05d3cef1d1b
--- /dev/null
+++ b/security/op/pkg-descr
@@ -0,0 +1,5 @@
+The `op' tool provides a flexible means for system administrators to
+grant trusted users access to certain root operations without having
+to give them full superuser privileges. Different sets of users
+may access different operations, and the security-related aspects
+of environment of each operation can be carefully controlled
diff --git a/security/op/pkg-install b/security/op/pkg-install
new file mode 100644
index 000000000000..4eb014d2d034
--- /dev/null
+++ b/security/op/pkg-install
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+[ $# != 2 ] && exit 1
+PKGNAME=$1
+ACTION=$2
+
+CONF_DIR=${PKG_PREFIX}/etc
+SAMP_DIR=${CONF_DIR}
+
+CONF_FILE=op.access
+CONF_OWN=root
+CONF_GRP=wheel
+CONF_MODE=400
+
+SAMP_FILE=${CONF_FILE}
+SAMP_SUFX=.sample
+
+INSTALL=install
+CMP=cmp
+RM=rm
+
+case $ACTION in
+
+POST-INSTALL)
+	if [ -f ${CONF_DIR}/${CONF_FILE} ]; then
+		echo "$PKGNAME: Will not overwrite existing ${CONF_DIR}/${CONF_FILE} file."
+	else
+		${INSTALL} -c -o ${CONF_OWN} -g ${CONF_GRP} -m ${CONF_MODE} \
+			${SAMP_DIR}/${SAMP_FILE}${SAMP_SUFX} \
+			${CONF_DIR}/${CONF_FILE}
+	fi
+	;;
+
+DEINSTALL)
+	if ${CMP} -s ${SAMP_DIR}/${SAMP_FILE}${SAMP_SUFX} \
+		  ${CONF_DIR}/${CONF_FILE}; then
+		${RM} -f ${CONF_DIR}/${CONF_FILE}
+	else
+		echo "$PKGNAME: Will not remove existing ${CONF_DIR}/${CONF_FILE} file."
+	fi
+	;;
+
+PRE-INSTALL|POST-DEINSTALL)
+	exit 0
+	;;
+
+*)
+	exit 1
+	;;
+
+esac
+
+exit
diff --git a/security/op/pkg-plist b/security/op/pkg-plist
new file mode 100644
index 000000000000..ce36eda65e3f
--- /dev/null
+++ b/security/op/pkg-plist
@@ -0,0 +1,4 @@
+bin/op
+etc/op.access.sample
+share/doc/op/README
+share/doc/op/op.paper