aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/cyrus-sasl/Makefile20
-rw-r--r--security/cyrus-sasl/files/patch-ab15
-rw-r--r--security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am11
-rw-r--r--security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am11
-rw-r--r--security/cyrus-sasl/files/patch-lib::checkpw.c101
-rw-r--r--security/cyrus-sasl/files/patch-pwcheck::Makefile.am17
-rw-r--r--security/cyrus-sasl/files/pwcheck.sh71
-rw-r--r--security/cyrus-sasl/files/pwcheck_pam.c101
-rw-r--r--security/cyrus-sasl/pkg-plist33
-rw-r--r--security/cyrus-sasl/scripts/configure.sasl73
-rw-r--r--security/cyrus-sasl2/Makefile20
-rw-r--r--security/cyrus-sasl2/files/patch-ab15
-rw-r--r--security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am11
-rw-r--r--security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am11
-rw-r--r--security/cyrus-sasl2/files/patch-lib::checkpw.c101
-rw-r--r--security/cyrus-sasl2/files/patch-pwcheck::Makefile.am17
-rw-r--r--security/cyrus-sasl2/files/pwcheck.sh71
-rw-r--r--security/cyrus-sasl2/files/pwcheck_pam.c101
-rw-r--r--security/cyrus-sasl2/pkg-plist33
-rw-r--r--security/cyrus-sasl2/scripts/configure.sasl73
20 files changed, 810 insertions, 96 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile
index 180849c46eec..74b05c44e5a0 100644
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@@ -7,7 +7,7 @@
PORTNAME= cyrus-sasl
PORTVERSION= 1.5.27
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \
http://prdownloads.sourceforge.net/cyrus-utils/ \
@@ -69,7 +69,7 @@ SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \
WITH_LDAP2="${WITH_LDAP2}"
# JavaSASL needs someone to look at to get it to build
-JAVADIR= jdk1.1.8
+JAVADIR= jdk1.3.1
JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
@@ -112,18 +112,21 @@ pre-fetch:
.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc"
.endif
+post-extract:
+ @${CP} ${FILESDIR}/pwcheck_pam.c ${WRKSRC}/pwcheck
+
pre-patch:
@(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH} && \
${MV} configure.orig configure)
# Fix sasldb name in pkg-install/deinstall scripts
post-patch:
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
${.CURDIR}/pkg-install > ${PKGINSTALL}
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL}
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
- -e "/%%PREFIX%%/s##${PREFIX}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+ -e "s;%%PREFIX%%;${PREFIX};g" \
${.CURDIR}/pkg-message > ${PKGMESSAGE}
.ifdef LDAP_MYSQL_MSG
@${ECHO} ${LDAP_MYSQL_MSG} | /usr/bin/fmt -w 67 >> ${PKGMESSAGE}
@@ -138,8 +141,8 @@ pre-install:
@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
- @${SED} -e "/%%PREFIX%%/s##${PREFIX}#g" ${FILESDIR}/pwcheck.sh \
- > ${PREFIX}/etc/rc.d/pwcheck.sh
+ @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
+ ${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
.if !defined(NOPORTDOCS)
@@ -151,6 +154,7 @@ post-install:
for file in `make -V EXTRA_DIST` ; do \
${INSTALL_DATA} ${WRKSRC}/doc/$${file} ${DOCSDIR} ; \
done)
+ @${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR}
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
.endif
@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
diff --git a/security/cyrus-sasl/files/patch-ab b/security/cyrus-sasl/files/patch-ab
index ed6e854ca76d..009a8b4a9f82 100644
--- a/security/cyrus-sasl/files/patch-ab
+++ b/security/cyrus-sasl/files/patch-ab
@@ -1,5 +1,5 @@
---- configure.in.orig Tue Nov 27 11:45:28 2001
-+++ configure.in Tue Nov 27 12:49:28 2001
+--- configure.in.orig Thu Jan 17 19:21:51 2002
++++ configure.in Thu Jan 17 19:47:46 2002
@@ -66,8 +66,9 @@
dnl check for -R, etc. switch
CMU_GUESS_RUNPATH_SWITCH
@@ -12,7 +12,16 @@
AM_DISABLE_STATIC
-@@ -235,6 +236,13 @@
+@@ -122,8 +123,6 @@
+
+ AC_SUBST(JAVA_INCLUDES)
+ AC_MSG_RESULT(JAVA_INCLUDES)
+- JAVAC=`echo "$JAVAC" | sed 's,.*/,,'`
+- JAVAH=`echo "$JAVAH" | sed 's,.*/,,'`
+ fi
+
+ AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes)
+@@ -235,6 +234,13 @@
berkeley)
SASL_DB_BACKEND="db_${dblib}.lo"
AC_DEFINE(SASL_BERKELEYDB)
diff --git a/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am b/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am
new file mode 100644
index 000000000000..bf5be6aef933
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am
@@ -0,0 +1,11 @@
+--- java/CyrusSasl/Makefile.am.orig Tue Nov 21 23:55:17 2000
++++ java/CyrusSasl/Makefile.am Thu Jan 17 21:58:10 2002
+@@ -25,7 +25,7 @@
+
+ javasasl_version = 1:0:0
+
+-javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl
++javasasldir = $(prefix)/share/java/classes/sasl/CyrusSasl
+ javahtmldir = $(prefix)/html/sasl
+
+ INCLUDES=$(JAVA_INCLUDES) -I$(top_srcdir)/include
diff --git a/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am b/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am
new file mode 100644
index 000000000000..d4f02627d7a8
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am
@@ -0,0 +1,11 @@
+--- java/javax/security/auth/callback/Makefile.am.orig Sat Nov 4 16:55:44 2000
++++ java/javax/security/auth/callback/Makefile.am Thu Jan 17 22:05:23 2002
+@@ -39,7 +39,7 @@
+ #
+ ################################################################
+
+-javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback
++javasasldir = $(prefix)/share/java/classes/sasl/javax/security/auth/callback
+ javahtmldir = $(prefix)/html/sasl
+
+ javasasl_JAVA = PasswordCallback.java \
diff --git a/security/cyrus-sasl/files/patch-lib::checkpw.c b/security/cyrus-sasl/files/patch-lib::checkpw.c
new file mode 100644
index 000000000000..a7632c8a4ff6
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-lib::checkpw.c
@@ -0,0 +1,101 @@
+--- lib/checkpw.c.orig Fri Jan 18 21:56:29 2002
++++ lib/checkpw.c Fri Jan 18 22:14:58 2002
+@@ -1491,6 +1491,9 @@
+ # define FALSE 0
+ #endif
+
++#ifndef LDAP_NO_ATTRS
++#define LDAP_NO_ATTRS "1.1"
++#endif
+ static int ldap_isdigits(char *value)
+ {
+ char *ptr;
+@@ -1504,6 +1507,16 @@
+ return num;
+ }
+
++#ifdef LDAP_VENDOR_VERSION
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
++#define SASL_ldap_memfree(dn) ldap_memfree(dn)
++#else
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
++#define SASL_ldap_memfree(dn) free(dn)
++#endif
++
+ static int ldap_verify_password(sasl_conn_t *conn,
+ const char *userid,
+ const char *password,
+@@ -1522,18 +1535,18 @@
+ *ldap_filter="",
+ *ldap_bind_dn="",
+ *ldap_bind_pw="",
+- *ldap_ssl="",
+ *ldap_filter_mode="",
+ *port_num="";
+ int malloc_size; /* safety net */
+ int ldap_filter_flag = 0;
+- int ldap_ssl_flag = 0;
+ int ldap_port = LDAP_PORT;
+ sasl_getopt_t *getopt;
+ void *context;
+ LDAPMessage *result, *e;
+ char *attrs[]={LDAP_NO_ATTRS, NULL};
+ #ifdef LDAP_OPT_X_TLS
++ char *ldap_ssl="";
++ int ldap_ssl_flag = 0;
+ int tls_option;
+ #endif
+
+@@ -1625,9 +1638,11 @@
+ return SASL_FAIL;
+ }
+ /* set ssl mode if needed */
++#ifdef LDAP_OPT_X_TLS
+ if ( ldap_ssl_flag ) {
+ ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
+ }
++#endif
+
+ /* either run the filter or just bind as them ? */
+
+@@ -1657,7 +1672,7 @@
+ snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
+
+ /* Now do the search */
+- if (ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
++ if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+ attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
+ LDAP_SUCCESS) {
+ free(filter);
+@@ -1680,17 +1695,17 @@
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
+ }
+- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+ e = NULL;
+ free(filter);
+- ldap_memfree(dn);
++ SASL_ldap_memfree(dn);
+ ldap_msgfree(result);
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
+ }
+ e = NULL;
+ free(filter);
+- ldap_memfree(dn);
++ SASL_ldap_memfree(dn);
+ ldap_msgfree(result);
+
+ } else {
+@@ -1710,7 +1725,7 @@
+ * If this is not so I have a version or that too
+ * Simon@surf.org.uk
+ */
+- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+ free(dn);
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
diff --git a/security/cyrus-sasl/files/patch-pwcheck::Makefile.am b/security/cyrus-sasl/files/patch-pwcheck::Makefile.am
new file mode 100644
index 000000000000..c9e94adefa82
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-pwcheck::Makefile.am
@@ -0,0 +1,17 @@
+--- pwcheck/Makefile.am.orig Wed Mar 22 11:06:43 2000
++++ pwcheck/Makefile.am Thu Jan 17 19:09:06 2002
+@@ -22,9 +22,13 @@
+ # SOFTWARE.
+ #
+
+-sbin_PROGRAMS = pwcheck
++sbin_PROGRAMS = pwcheck pwcheck_pam
+
+ pwcheck_SOURCES = pwcheck.c
+ EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c
+ pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo
+ pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@
++
++pwcheck_pam_SOURCES = pwcheck.c
++pwcheck_pam_DEPENDECIES = pwcheck_pam.lo
++pwcheck_pam_LDADD = pwcheck_pam.lo @LIB_CRYPT@ @LIB_SOCKET@ @LIB_PAM@
diff --git a/security/cyrus-sasl/files/pwcheck.sh b/security/cyrus-sasl/files/pwcheck.sh
index ba07b9fc580a..3f4c903817a2 100644
--- a/security/cyrus-sasl/files/pwcheck.sh
+++ b/security/cyrus-sasl/files/pwcheck.sh
@@ -3,29 +3,64 @@
# $FreeBSD$
#
+action=$1
+
PREFIX=%%PREFIX%%
-case "$1" in
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+ if [ -r /etc/defaults/rc.conf ]; then
+ . /etc/defaults/rc.conf
+ source_rc_confs
+ elif [ -r /etc/rc.conf ]; then
+ . /etc/rc.conf
+ fi
+fi
-start)
- if [ -x ${PREFIX}/sbin/pwcheck ]
- then
- ${PREFIX}/sbin/pwcheck & && echo -n " pwcheck"
- fi
- ;;
+# The following sasl_pwcheck_* variables may be defined in rc.conf
+#
+# sasl_pwcheck_enable - Set to YES to enable pwcheck
+# Default: %%ENABLEPWCHECK%%
+#
+# sasl_pwcheck_program - Path to pwcheck program (pwcheck/pwcheck_pam)
+# Default: ${PREFIX}/sbin/%%PWCHECK%%
-stop)
- if [ -r /var/run/pwcheck.pid ]
- then
- kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
- rm /var/run/pwcheck.pid
- fi
- ;;
+if [ -z "${sasl_pwcheck_enable}" ] ; then
+ sasl_pwcheck_enable=%%ENABLEPWCHECK%%
+fi
-*)
- echo "usage: $0 {start|stop}" 1>&2
- exit 64
- ;;
+if [ -z "${sasl_pwcheck_program}" ]; then
+ sasl_pwcheck_program=${PREFIX}/sbin/%%PWCHECK%%
+fi
+rc=0
+
+case "${sasl_pwcheck_enable}" in
+ [Yy][Ee][Ss])
+ case "${action}" in
+
+ start)
+ if [ -x ${sasl_pwcheck_program} ] ; then
+ ${sasl_pwcheck_program} & && echo -n " pwcheck"
+ fi
+ ;;
+
+ stop)
+ if [ -r /var/run/pwcheck.pid ]; then
+ kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
+ rm /var/run/pwcheck.pid
+ fi
+ ;;
+
+ *)
+ echo "usage: $0 {start|stop}" 1>&2
+ rc=64
+ ;;
+ esac
+ ;;
+ *)
+ rc=0
+ ;;
esac
+exit $rc
diff --git a/security/cyrus-sasl/files/pwcheck_pam.c b/security/cyrus-sasl/files/pwcheck_pam.c
new file mode 100644
index 000000000000..57e1076ca92a
--- /dev/null
+++ b/security/cyrus-sasl/files/pwcheck_pam.c
@@ -0,0 +1,101 @@
+
+#include <security/pam_appl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Static variables used to communicate between the conversation function
+ * and the server_login function
+ */
+static char *PAM_username;
+static char *PAM_password;
+
+/* PAM conversation function
+ */
+static int PAM_conv (int num_msg,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *appdata_ptr) {
+ int replies = 0;
+ struct pam_response *reply = NULL;
+
+ #define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+ reply = malloc(sizeof(struct pam_response) * num_msg);
+ if (!reply) return PAM_CONV_ERR;
+
+ for (replies = 0; replies < num_msg; replies++) {
+ switch (msg[replies]->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = COPY_STRING(PAM_username);
+ /* PAM frees resp */
+ break;
+ case PAM_PROMPT_ECHO_OFF:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = COPY_STRING(PAM_password);
+ /* PAM frees resp */
+ break;
+ case PAM_TEXT_INFO:
+ /* fall through */
+ case PAM_ERROR_MSG:
+ /* ignore it, but pam still wants a NULL response... */
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = NULL;
+ break;
+ default:
+ /* Must be an error of some sort... */
+ free (reply);
+ return PAM_CONV_ERR;
+ }
+ }
+ *resp = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+ PAM_conv,
+ NULL
+};
+
+/* Server log in
+ * Accepts: user name string
+ * password string
+ * Returns: "OK" if password validated, error message otherwise
+ */
+
+char *pwcheck(char *username, char *password)
+{
+ pam_handle_t *pamh;
+ int pam_error;
+
+ /* PAM only handles authentication, not user information. */
+ if ( !(username && password && strlen(username) && strlen(password)) )
+ return "Incorrect username";
+
+ /* validate password */
+
+ PAM_password = password;
+ PAM_username = username;
+ fprintf(stderr, "checking %s\n", username);
+ pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh);
+ if (pam_error == PAM_SUCCESS)
+ pam_error = pam_authenticate(pamh, 0);
+
+ if (pam_error == PAM_SUCCESS)
+ pam_error = pam_acct_mgmt(pamh, 0);
+
+ if ( pam_error == PAM_SUCCESS)
+ fprintf(stderr, "\tauthenticated %s\n", username);
+ else
+ fprintf(stderr, "\tfailed to authenticate %s\n", username);
+
+ if(pam_end(pamh, pam_error) != PAM_SUCCESS) {
+ pamh = NULL;
+ fprintf(stderr, "pwcheck: failed to release authenticator\n");
+ exit(1);
+ }
+ return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" );
+}
+
+
diff --git a/security/cyrus-sasl/pkg-plist b/security/cyrus-sasl/pkg-plist
index 4f08d1e0edb0..7e772335df14 100644
--- a/security/cyrus-sasl/pkg-plist
+++ b/security/cyrus-sasl/pkg-plist
@@ -7,6 +7,9 @@ include/sasl/sasl.h
include/sasl/saslplug.h
include/sasl/saslutil.h
@dirrm include/sasl
+%%JAVASASL%%lib/libjavasasl.a
+%%JAVASASL%%lib/libjavasasl.so
+%%JAVASASL%%lib/libjavasasl.so.1
lib/libsasl.a
lib/libsasl.so
lib/libsasl.so.8
@@ -34,6 +37,27 @@ lib/sasl/libplain.so.1
sbin/sasldblistusers
sbin/saslpasswd
sbin/pwcheck
+sbin/pwcheck_pam
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/Sasl.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslException.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslInputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslOutputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslUtils.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/Callback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/CallbackHandler.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/NameCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/PasswordCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/RealmCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/UnsupportedCallbackException.class
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
@@ -43,6 +67,7 @@ sbin/pwcheck
%%PORTDOCS%%%%DOCSDIR%%/Sendmail.README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/draft-newman-auth-scram-03.txt
+%%PORTDOCS%%%%DOCSDIR%%/draft-weltman-java-sasl-02.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2095.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt
@@ -54,6 +79,14 @@ sbin/pwcheck
%%PORTDOCS%%%%DOCSDIR%%/programming.html
%%PORTDOCS%%%%DOCSDIR%%/sysadmin.html
%%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth/callback
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax
+%%JAVASASL%%@dirrm share/java/classes/sasl/CyrusSasl
+%%JAVASASL%%@dirrm share/java/classes/sasl
+%%JAVASASL%%@unexec rmdir %D/share/java/classes || true
+%%JAVASASL%%@unexec rmdir %D/share/java || true
@dirrm lib/sasl
@cwd /var
@exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
diff --git a/security/cyrus-sasl/scripts/configure.sasl b/security/cyrus-sasl/scripts/configure.sasl
index b4db08de7d59..65a36ef5c876 100644
--- a/security/cyrus-sasl/scripts/configure.sasl
+++ b/security/cyrus-sasl/scripts/configure.sasl
@@ -25,6 +25,7 @@ if [ "${BATCH}" ]; then
OPTIONS="${OPTIONS} \"OpenLDAP1\""
fi
if [ "${OPTIONS}" != "x" ]; then
+ OPTIONS="${OPTIONS} \"PWCHECK\""
set ${OPTIONS}
fi
else
@@ -58,11 +59,14 @@ else
/usr/bin/dialog --title "Additional SASL options" --clear \
--checklist "\n\
Please select desired options:" -1 -1 16 \
-NDBM "ndbm DB package" ${SET_NDBM} \
-DB3 "Berkeley DB package, revision 3" ${SET_DB3} \
+NDBM "ndbm DB" ${SET_NDBM} \
+DB3 "Berkeley DB, revision 3" ${SET_DB3} \
+JAVA "JavaSASL [Experimental]" ${SET_JAVA} \
MySQL "MySQL password Authentication" ${SET_MYSQL} \
-OpenLDAP1 "OpenLDAP 1.x support" ${SET_LDAP1} \
-OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \
+OpenLDAP1 "OpenLDAP 1.x password Authentication" ${SET_LDAP1} \
+OpenLDAP2 "OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \
+PWCHECK "Use pwcheck for password Authentication" ON \
+PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \
2> $tempfile
retval=$?
@@ -75,6 +79,8 @@ OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \
case $retval in
0) if [ -z "$*" ]; then
echo "Nothing selected"
+ OPTIONS="\"NDBM\""
+ set ${OPTIONS}
fi
;;
1) echo "Cancel pressed."
@@ -112,15 +118,16 @@ while [ "$1" ]; do
DBLIB=1
;;
\"JAVA\")
- echo "JAVA is disabled, Ignoring option" > /dev/stderr
- ;;
- \"DISABLED\")
- echo "RUN_DEPENDS= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk"
- echo "CONFIGURE_ARGS+= --with-java \\"
- echo " --with-javabase=\${LOCALBASE}/include"
+ echo "BUILD_DEPENDS+= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+ echo "RUN_DEPENDS+= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+ echo "USE_GMAKE= yes"
+ echo "CONFIGURE_ARGS+= --enable-java \\"
+ echo " --with-javabase=\${LOCALBASE}/\${JAVADIR}"
echo "CONFIGURE_ENV+= JAVAC=\"\${LOCALBASE}/\${JAVADIR}/bin/javac\" \\"
- echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah" \\"
- echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\"
+ echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah\" \\"
+ echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\""
+ echo "PLIST_SUB+= JAVASASL=\"\""
+ DEFJAVA=1
;;
\"MySQL\")
echo "LIB_DEPENDS+= mysqlclient.10:\${PORTSDIR}/databases/mysql323-client"
@@ -128,7 +135,7 @@ while [ "$1" ]; do
MSG=1
;;
\"OpenLDAP1\")
- if [ "$OPENLDAP2" ]; then
+ if [ "$OPENLDAP" ]; then
echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
exit 1
@@ -136,11 +143,10 @@ while [ "$1" ]; do
echo "LIB_DEPENDS+= ldap.1:\${PORTSDIR}/net/openldap"
echo "LIB_DEPENDS+= lber.1:\${PORTSDIR}/net/openldap"
echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}"
- OPENLDAP1=1
- MSG=1
+ OPENLDAP=1
;;
\"OpenLDAP2\")
- if [ "$OPENLDAP1" ]; then
+ if [ "$OPENLDAP" ]; then
echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
exit 1
@@ -148,8 +154,23 @@ while [ "$1" ]; do
echo "LIB_DEPENDS+= ldap.2:\${PORTSDIR}/net/openldap2"
echo "LIB_DEPENDS+= lber.2:\${PORTSDIR}/net/openldap2"
echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}"
- OPENLDAP2=1
- MSG=1
+ OPENLDAP=1
+ ;;
+ \"PWCHECK\")
+ if [ "$PWCHECK" ]; then
+ echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PAMPWCHECK" > /dev/stderr
+ else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\""
+ PWCHECK=1
+ fi
+ ;;
+ \"PAMPWCHECK\")
+ if [ "$PWCHECK" ]; then
+ echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PWCHECK" > /dev/stderr
+ else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck_pam;g\""
+ PWCHECK=1
+ fi
;;
*)
echo "Invalid option(s): $*" > /dev/stderr
@@ -160,6 +181,20 @@ while [ "$1" ]; do
shift
done
-if [ "x${MSG}" != "x" ]; then
+if [ "$PWCHECK" ]; then
+ echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\""
+else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\" \\"
+ echo " -e \"s;%%ENABLEPWCHECK%%;no;g\""
+fi
+if [ ! "${DEFJAVA}" ]; then
+ echo "PLIST_SUB+= JAVASASL=\"@comment \""
+fi
+if [ ! "${DBLIB}" ]; then
+ echo "CONFIGURE_ARGS+= --with-dblib=ndbm"
+ echo "SASLDB_NAME= sasldb.db"
+fi
+
+if [ "$OPENLDAP" ]; then
echo "LDAP_MYSQL_MSG= \"See sysadmin.html in the Cyrus-SASL docs directory for informaion on using LDAP or MySQL for authentication.\""
fi
diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile
index 180849c46eec..74b05c44e5a0 100644
--- a/security/cyrus-sasl2/Makefile
+++ b/security/cyrus-sasl2/Makefile
@@ -7,7 +7,7 @@
PORTNAME= cyrus-sasl
PORTVERSION= 1.5.27
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \
http://prdownloads.sourceforge.net/cyrus-utils/ \
@@ -69,7 +69,7 @@ SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \
WITH_LDAP2="${WITH_LDAP2}"
# JavaSASL needs someone to look at to get it to build
-JAVADIR= jdk1.1.8
+JAVADIR= jdk1.3.1
JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
@@ -112,18 +112,21 @@ pre-fetch:
.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc"
.endif
+post-extract:
+ @${CP} ${FILESDIR}/pwcheck_pam.c ${WRKSRC}/pwcheck
+
pre-patch:
@(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH} && \
${MV} configure.orig configure)
# Fix sasldb name in pkg-install/deinstall scripts
post-patch:
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
${.CURDIR}/pkg-install > ${PKGINSTALL}
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL}
- @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
- -e "/%%PREFIX%%/s##${PREFIX}#g" \
+ @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+ -e "s;%%PREFIX%%;${PREFIX};g" \
${.CURDIR}/pkg-message > ${PKGMESSAGE}
.ifdef LDAP_MYSQL_MSG
@${ECHO} ${LDAP_MYSQL_MSG} | /usr/bin/fmt -w 67 >> ${PKGMESSAGE}
@@ -138,8 +141,8 @@ pre-install:
@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
- @${SED} -e "/%%PREFIX%%/s##${PREFIX}#g" ${FILESDIR}/pwcheck.sh \
- > ${PREFIX}/etc/rc.d/pwcheck.sh
+ @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
+ ${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
.if !defined(NOPORTDOCS)
@@ -151,6 +154,7 @@ post-install:
for file in `make -V EXTRA_DIST` ; do \
${INSTALL_DATA} ${WRKSRC}/doc/$${file} ${DOCSDIR} ; \
done)
+ @${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR}
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
.endif
@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
diff --git a/security/cyrus-sasl2/files/patch-ab b/security/cyrus-sasl2/files/patch-ab
index ed6e854ca76d..009a8b4a9f82 100644
--- a/security/cyrus-sasl2/files/patch-ab
+++ b/security/cyrus-sasl2/files/patch-ab
@@ -1,5 +1,5 @@
---- configure.in.orig Tue Nov 27 11:45:28 2001
-+++ configure.in Tue Nov 27 12:49:28 2001
+--- configure.in.orig Thu Jan 17 19:21:51 2002
++++ configure.in Thu Jan 17 19:47:46 2002
@@ -66,8 +66,9 @@
dnl check for -R, etc. switch
CMU_GUESS_RUNPATH_SWITCH
@@ -12,7 +12,16 @@
AM_DISABLE_STATIC
-@@ -235,6 +236,13 @@
+@@ -122,8 +123,6 @@
+
+ AC_SUBST(JAVA_INCLUDES)
+ AC_MSG_RESULT(JAVA_INCLUDES)
+- JAVAC=`echo "$JAVAC" | sed 's,.*/,,'`
+- JAVAH=`echo "$JAVAH" | sed 's,.*/,,'`
+ fi
+
+ AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes)
+@@ -235,6 +234,13 @@
berkeley)
SASL_DB_BACKEND="db_${dblib}.lo"
AC_DEFINE(SASL_BERKELEYDB)
diff --git a/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am b/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am
new file mode 100644
index 000000000000..bf5be6aef933
--- /dev/null
+++ b/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am
@@ -0,0 +1,11 @@
+--- java/CyrusSasl/Makefile.am.orig Tue Nov 21 23:55:17 2000
++++ java/CyrusSasl/Makefile.am Thu Jan 17 21:58:10 2002
+@@ -25,7 +25,7 @@
+
+ javasasl_version = 1:0:0
+
+-javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl
++javasasldir = $(prefix)/share/java/classes/sasl/CyrusSasl
+ javahtmldir = $(prefix)/html/sasl
+
+ INCLUDES=$(JAVA_INCLUDES) -I$(top_srcdir)/include
diff --git a/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am b/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am
new file mode 100644
index 000000000000..d4f02627d7a8
--- /dev/null
+++ b/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am
@@ -0,0 +1,11 @@
+--- java/javax/security/auth/callback/Makefile.am.orig Sat Nov 4 16:55:44 2000
++++ java/javax/security/auth/callback/Makefile.am Thu Jan 17 22:05:23 2002
+@@ -39,7 +39,7 @@
+ #
+ ################################################################
+
+-javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback
++javasasldir = $(prefix)/share/java/classes/sasl/javax/security/auth/callback
+ javahtmldir = $(prefix)/html/sasl
+
+ javasasl_JAVA = PasswordCallback.java \
diff --git a/security/cyrus-sasl2/files/patch-lib::checkpw.c b/security/cyrus-sasl2/files/patch-lib::checkpw.c
new file mode 100644
index 000000000000..a7632c8a4ff6
--- /dev/null
+++ b/security/cyrus-sasl2/files/patch-lib::checkpw.c
@@ -0,0 +1,101 @@
+--- lib/checkpw.c.orig Fri Jan 18 21:56:29 2002
++++ lib/checkpw.c Fri Jan 18 22:14:58 2002
+@@ -1491,6 +1491,9 @@
+ # define FALSE 0
+ #endif
+
++#ifndef LDAP_NO_ATTRS
++#define LDAP_NO_ATTRS "1.1"
++#endif
+ static int ldap_isdigits(char *value)
+ {
+ char *ptr;
+@@ -1504,6 +1507,16 @@
+ return num;
+ }
+
++#ifdef LDAP_VENDOR_VERSION
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
++#define SASL_ldap_memfree(dn) ldap_memfree(dn)
++#else
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
++#define SASL_ldap_memfree(dn) free(dn)
++#endif
++
+ static int ldap_verify_password(sasl_conn_t *conn,
+ const char *userid,
+ const char *password,
+@@ -1522,18 +1535,18 @@
+ *ldap_filter="",
+ *ldap_bind_dn="",
+ *ldap_bind_pw="",
+- *ldap_ssl="",
+ *ldap_filter_mode="",
+ *port_num="";
+ int malloc_size; /* safety net */
+ int ldap_filter_flag = 0;
+- int ldap_ssl_flag = 0;
+ int ldap_port = LDAP_PORT;
+ sasl_getopt_t *getopt;
+ void *context;
+ LDAPMessage *result, *e;
+ char *attrs[]={LDAP_NO_ATTRS, NULL};
+ #ifdef LDAP_OPT_X_TLS
++ char *ldap_ssl="";
++ int ldap_ssl_flag = 0;
+ int tls_option;
+ #endif
+
+@@ -1625,9 +1638,11 @@
+ return SASL_FAIL;
+ }
+ /* set ssl mode if needed */
++#ifdef LDAP_OPT_X_TLS
+ if ( ldap_ssl_flag ) {
+ ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
+ }
++#endif
+
+ /* either run the filter or just bind as them ? */
+
+@@ -1657,7 +1672,7 @@
+ snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
+
+ /* Now do the search */
+- if (ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
++ if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+ attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
+ LDAP_SUCCESS) {
+ free(filter);
+@@ -1680,17 +1695,17 @@
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
+ }
+- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+ e = NULL;
+ free(filter);
+- ldap_memfree(dn);
++ SASL_ldap_memfree(dn);
+ ldap_msgfree(result);
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
+ }
+ e = NULL;
+ free(filter);
+- ldap_memfree(dn);
++ SASL_ldap_memfree(dn);
+ ldap_msgfree(result);
+
+ } else {
+@@ -1710,7 +1725,7 @@
+ * If this is not so I have a version or that too
+ * Simon@surf.org.uk
+ */
+- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+ free(dn);
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
diff --git a/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am b/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am
new file mode 100644
index 000000000000..c9e94adefa82
--- /dev/null
+++ b/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am
@@ -0,0 +1,17 @@
+--- pwcheck/Makefile.am.orig Wed Mar 22 11:06:43 2000
++++ pwcheck/Makefile.am Thu Jan 17 19:09:06 2002
+@@ -22,9 +22,13 @@
+ # SOFTWARE.
+ #
+
+-sbin_PROGRAMS = pwcheck
++sbin_PROGRAMS = pwcheck pwcheck_pam
+
+ pwcheck_SOURCES = pwcheck.c
+ EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c
+ pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo
+ pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@
++
++pwcheck_pam_SOURCES = pwcheck.c
++pwcheck_pam_DEPENDECIES = pwcheck_pam.lo
++pwcheck_pam_LDADD = pwcheck_pam.lo @LIB_CRYPT@ @LIB_SOCKET@ @LIB_PAM@
diff --git a/security/cyrus-sasl2/files/pwcheck.sh b/security/cyrus-sasl2/files/pwcheck.sh
index ba07b9fc580a..3f4c903817a2 100644
--- a/security/cyrus-sasl2/files/pwcheck.sh
+++ b/security/cyrus-sasl2/files/pwcheck.sh
@@ -3,29 +3,64 @@
# $FreeBSD$
#
+action=$1
+
PREFIX=%%PREFIX%%
-case "$1" in
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+ if [ -r /etc/defaults/rc.conf ]; then
+ . /etc/defaults/rc.conf
+ source_rc_confs
+ elif [ -r /etc/rc.conf ]; then
+ . /etc/rc.conf
+ fi
+fi
-start)
- if [ -x ${PREFIX}/sbin/pwcheck ]
- then
- ${PREFIX}/sbin/pwcheck & && echo -n " pwcheck"
- fi
- ;;
+# The following sasl_pwcheck_* variables may be defined in rc.conf
+#
+# sasl_pwcheck_enable - Set to YES to enable pwcheck
+# Default: %%ENABLEPWCHECK%%
+#
+# sasl_pwcheck_program - Path to pwcheck program (pwcheck/pwcheck_pam)
+# Default: ${PREFIX}/sbin/%%PWCHECK%%
-stop)
- if [ -r /var/run/pwcheck.pid ]
- then
- kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
- rm /var/run/pwcheck.pid
- fi
- ;;
+if [ -z "${sasl_pwcheck_enable}" ] ; then
+ sasl_pwcheck_enable=%%ENABLEPWCHECK%%
+fi
-*)
- echo "usage: $0 {start|stop}" 1>&2
- exit 64
- ;;
+if [ -z "${sasl_pwcheck_program}" ]; then
+ sasl_pwcheck_program=${PREFIX}/sbin/%%PWCHECK%%
+fi
+rc=0
+
+case "${sasl_pwcheck_enable}" in
+ [Yy][Ee][Ss])
+ case "${action}" in
+
+ start)
+ if [ -x ${sasl_pwcheck_program} ] ; then
+ ${sasl_pwcheck_program} & && echo -n " pwcheck"
+ fi
+ ;;
+
+ stop)
+ if [ -r /var/run/pwcheck.pid ]; then
+ kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
+ rm /var/run/pwcheck.pid
+ fi
+ ;;
+
+ *)
+ echo "usage: $0 {start|stop}" 1>&2
+ rc=64
+ ;;
+ esac
+ ;;
+ *)
+ rc=0
+ ;;
esac
+exit $rc
diff --git a/security/cyrus-sasl2/files/pwcheck_pam.c b/security/cyrus-sasl2/files/pwcheck_pam.c
new file mode 100644
index 000000000000..57e1076ca92a
--- /dev/null
+++ b/security/cyrus-sasl2/files/pwcheck_pam.c
@@ -0,0 +1,101 @@
+
+#include <security/pam_appl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Static variables used to communicate between the conversation function
+ * and the server_login function
+ */
+static char *PAM_username;
+static char *PAM_password;
+
+/* PAM conversation function
+ */
+static int PAM_conv (int num_msg,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *appdata_ptr) {
+ int replies = 0;
+ struct pam_response *reply = NULL;
+
+ #define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+ reply = malloc(sizeof(struct pam_response) * num_msg);
+ if (!reply) return PAM_CONV_ERR;
+
+ for (replies = 0; replies < num_msg; replies++) {
+ switch (msg[replies]->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = COPY_STRING(PAM_username);
+ /* PAM frees resp */
+ break;
+ case PAM_PROMPT_ECHO_OFF:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = COPY_STRING(PAM_password);
+ /* PAM frees resp */
+ break;
+ case PAM_TEXT_INFO:
+ /* fall through */
+ case PAM_ERROR_MSG:
+ /* ignore it, but pam still wants a NULL response... */
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = NULL;
+ break;
+ default:
+ /* Must be an error of some sort... */
+ free (reply);
+ return PAM_CONV_ERR;
+ }
+ }
+ *resp = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+ PAM_conv,
+ NULL
+};
+
+/* Server log in
+ * Accepts: user name string
+ * password string
+ * Returns: "OK" if password validated, error message otherwise
+ */
+
+char *pwcheck(char *username, char *password)
+{
+ pam_handle_t *pamh;
+ int pam_error;
+
+ /* PAM only handles authentication, not user information. */
+ if ( !(username && password && strlen(username) && strlen(password)) )
+ return "Incorrect username";
+
+ /* validate password */
+
+ PAM_password = password;
+ PAM_username = username;
+ fprintf(stderr, "checking %s\n", username);
+ pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh);
+ if (pam_error == PAM_SUCCESS)
+ pam_error = pam_authenticate(pamh, 0);
+
+ if (pam_error == PAM_SUCCESS)
+ pam_error = pam_acct_mgmt(pamh, 0);
+
+ if ( pam_error == PAM_SUCCESS)
+ fprintf(stderr, "\tauthenticated %s\n", username);
+ else
+ fprintf(stderr, "\tfailed to authenticate %s\n", username);
+
+ if(pam_end(pamh, pam_error) != PAM_SUCCESS) {
+ pamh = NULL;
+ fprintf(stderr, "pwcheck: failed to release authenticator\n");
+ exit(1);
+ }
+ return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" );
+}
+
+
diff --git a/security/cyrus-sasl2/pkg-plist b/security/cyrus-sasl2/pkg-plist
index 4f08d1e0edb0..7e772335df14 100644
--- a/security/cyrus-sasl2/pkg-plist
+++ b/security/cyrus-sasl2/pkg-plist
@@ -7,6 +7,9 @@ include/sasl/sasl.h
include/sasl/saslplug.h
include/sasl/saslutil.h
@dirrm include/sasl
+%%JAVASASL%%lib/libjavasasl.a
+%%JAVASASL%%lib/libjavasasl.so
+%%JAVASASL%%lib/libjavasasl.so.1
lib/libsasl.a
lib/libsasl.so
lib/libsasl.so.8
@@ -34,6 +37,27 @@ lib/sasl/libplain.so.1
sbin/sasldblistusers
sbin/saslpasswd
sbin/pwcheck
+sbin/pwcheck_pam
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/Sasl.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslException.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslInputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslOutputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslUtils.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/Callback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/CallbackHandler.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/NameCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/PasswordCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/RealmCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/UnsupportedCallbackException.class
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
@@ -43,6 +67,7 @@ sbin/pwcheck
%%PORTDOCS%%%%DOCSDIR%%/Sendmail.README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/draft-newman-auth-scram-03.txt
+%%PORTDOCS%%%%DOCSDIR%%/draft-weltman-java-sasl-02.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2095.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt
@@ -54,6 +79,14 @@ sbin/pwcheck
%%PORTDOCS%%%%DOCSDIR%%/programming.html
%%PORTDOCS%%%%DOCSDIR%%/sysadmin.html
%%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth/callback
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax
+%%JAVASASL%%@dirrm share/java/classes/sasl/CyrusSasl
+%%JAVASASL%%@dirrm share/java/classes/sasl
+%%JAVASASL%%@unexec rmdir %D/share/java/classes || true
+%%JAVASASL%%@unexec rmdir %D/share/java || true
@dirrm lib/sasl
@cwd /var
@exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
diff --git a/security/cyrus-sasl2/scripts/configure.sasl b/security/cyrus-sasl2/scripts/configure.sasl
index b4db08de7d59..65a36ef5c876 100644
--- a/security/cyrus-sasl2/scripts/configure.sasl
+++ b/security/cyrus-sasl2/scripts/configure.sasl
@@ -25,6 +25,7 @@ if [ "${BATCH}" ]; then
OPTIONS="${OPTIONS} \"OpenLDAP1\""
fi
if [ "${OPTIONS}" != "x" ]; then
+ OPTIONS="${OPTIONS} \"PWCHECK\""
set ${OPTIONS}
fi
else
@@ -58,11 +59,14 @@ else
/usr/bin/dialog --title "Additional SASL options" --clear \
--checklist "\n\
Please select desired options:" -1 -1 16 \
-NDBM "ndbm DB package" ${SET_NDBM} \
-DB3 "Berkeley DB package, revision 3" ${SET_DB3} \
+NDBM "ndbm DB" ${SET_NDBM} \
+DB3 "Berkeley DB, revision 3" ${SET_DB3} \
+JAVA "JavaSASL [Experimental]" ${SET_JAVA} \
MySQL "MySQL password Authentication" ${SET_MYSQL} \
-OpenLDAP1 "OpenLDAP 1.x support" ${SET_LDAP1} \
-OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \
+OpenLDAP1 "OpenLDAP 1.x password Authentication" ${SET_LDAP1} \
+OpenLDAP2 "OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \
+PWCHECK "Use pwcheck for password Authentication" ON \
+PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \
2> $tempfile
retval=$?
@@ -75,6 +79,8 @@ OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \
case $retval in
0) if [ -z "$*" ]; then
echo "Nothing selected"
+ OPTIONS="\"NDBM\""
+ set ${OPTIONS}
fi
;;
1) echo "Cancel pressed."
@@ -112,15 +118,16 @@ while [ "$1" ]; do
DBLIB=1
;;
\"JAVA\")
- echo "JAVA is disabled, Ignoring option" > /dev/stderr
- ;;
- \"DISABLED\")
- echo "RUN_DEPENDS= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk"
- echo "CONFIGURE_ARGS+= --with-java \\"
- echo " --with-javabase=\${LOCALBASE}/include"
+ echo "BUILD_DEPENDS+= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+ echo "RUN_DEPENDS+= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+ echo "USE_GMAKE= yes"
+ echo "CONFIGURE_ARGS+= --enable-java \\"
+ echo " --with-javabase=\${LOCALBASE}/\${JAVADIR}"
echo "CONFIGURE_ENV+= JAVAC=\"\${LOCALBASE}/\${JAVADIR}/bin/javac\" \\"
- echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah" \\"
- echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\"
+ echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah\" \\"
+ echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\""
+ echo "PLIST_SUB+= JAVASASL=\"\""
+ DEFJAVA=1
;;
\"MySQL\")
echo "LIB_DEPENDS+= mysqlclient.10:\${PORTSDIR}/databases/mysql323-client"
@@ -128,7 +135,7 @@ while [ "$1" ]; do
MSG=1
;;
\"OpenLDAP1\")
- if [ "$OPENLDAP2" ]; then
+ if [ "$OPENLDAP" ]; then
echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
exit 1
@@ -136,11 +143,10 @@ while [ "$1" ]; do
echo "LIB_DEPENDS+= ldap.1:\${PORTSDIR}/net/openldap"
echo "LIB_DEPENDS+= lber.1:\${PORTSDIR}/net/openldap"
echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}"
- OPENLDAP1=1
- MSG=1
+ OPENLDAP=1
;;
\"OpenLDAP2\")
- if [ "$OPENLDAP1" ]; then
+ if [ "$OPENLDAP" ]; then
echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
exit 1
@@ -148,8 +154,23 @@ while [ "$1" ]; do
echo "LIB_DEPENDS+= ldap.2:\${PORTSDIR}/net/openldap2"
echo "LIB_DEPENDS+= lber.2:\${PORTSDIR}/net/openldap2"
echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}"
- OPENLDAP2=1
- MSG=1
+ OPENLDAP=1
+ ;;
+ \"PWCHECK\")
+ if [ "$PWCHECK" ]; then
+ echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PAMPWCHECK" > /dev/stderr
+ else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\""
+ PWCHECK=1
+ fi
+ ;;
+ \"PAMPWCHECK\")
+ if [ "$PWCHECK" ]; then
+ echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PWCHECK" > /dev/stderr
+ else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck_pam;g\""
+ PWCHECK=1
+ fi
;;
*)
echo "Invalid option(s): $*" > /dev/stderr
@@ -160,6 +181,20 @@ while [ "$1" ]; do
shift
done
-if [ "x${MSG}" != "x" ]; then
+if [ "$PWCHECK" ]; then
+ echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\""
+else
+ echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\" \\"
+ echo " -e \"s;%%ENABLEPWCHECK%%;no;g\""
+fi
+if [ ! "${DEFJAVA}" ]; then
+ echo "PLIST_SUB+= JAVASASL=\"@comment \""
+fi
+if [ ! "${DBLIB}" ]; then
+ echo "CONFIGURE_ARGS+= --with-dblib=ndbm"
+ echo "SASLDB_NAME= sasldb.db"
+fi
+
+if [ "$OPENLDAP" ]; then
echo "LDAP_MYSQL_MSG= \"See sysadmin.html in the Cyrus-SASL docs directory for informaion on using LDAP or MySQL for authentication.\""
fi