diff options
| author | knu <knu@FreeBSD.org> | 2002-08-15 02:39:46 +0800 |
|---|---|---|
| committer | knu <knu@FreeBSD.org> | 2002-08-15 02:39:46 +0800 |
| commit | 15d5812546c660916f7702f87a03295cba1a07d8 (patch) | |
| tree | 7ae7b285ed9932538a715ebb4a9405361a5279f1 /security | |
| parent | 4dfee39422bdac2d47105a9abd0783573e2f511f (diff) | |
| download | freebsd-ports-graphics-15d5812546c660916f7702f87a03295cba1a07d8.tar.gz freebsd-ports-graphics-15d5812546c660916f7702f87a03295cba1a07d8.tar.zst freebsd-ports-graphics-15d5812546c660916f7702f87a03295cba1a07d8.zip | |
Add saslauthd as default general password checking daemon (replaces
pwcheck{_pam}).
PR: ports/41653
Submitted by: "Scot W. Hetzel" <hetzels@westbend.net> (MAINTAINER)
Diffstat (limited to 'security')
| -rw-r--r-- | security/cyrus-sasl/Makefile | 27 | ||||
| -rw-r--r-- | security/cyrus-sasl/files/patch-saslauthd::Makefile.am | 11 | ||||
| -rw-r--r-- | security/cyrus-sasl/files/pwcheck.sh | 3 | ||||
| -rw-r--r-- | security/cyrus-sasl/files/saslauthd.sh | 75 | ||||
| -rw-r--r-- | security/cyrus-sasl/pkg-deinstall | 2 | ||||
| -rw-r--r-- | security/cyrus-sasl/pkg-install | 8 | ||||
| -rw-r--r-- | security/cyrus-sasl/pkg-message | 13 | ||||
| -rw-r--r-- | security/cyrus-sasl/pkg-plist | 12 | ||||
| -rw-r--r-- | security/cyrus-sasl/scripts/configure.sasl | 33 |
9 files changed, 158 insertions, 26 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile index 5023c743bae..a1d591c5188 100644 --- a/security/cyrus-sasl/Makefile +++ b/security/cyrus-sasl/Makefile @@ -7,7 +7,7 @@ PORTNAME= cyrus-sasl PORTVERSION= 1.5.27 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \ http://www.surf.org.uk/downloads/ \ @@ -42,7 +42,7 @@ MAN3= sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \ sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \ sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \ sasl_setprop.3 sasl_usererr.3 -MAN8= sasldblistusers.8 saslpasswd.8 +MAN8= sasldblistusers.8 saslpasswd.8 saslauthd.8 USE_AUTOMAKE_VER=14 USE_LIBTOOL= YES @@ -54,6 +54,8 @@ CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --includedir=${PREFIX}/include/sasl1 \ --enable-static \ --enable-login \ + --with-saslauthd=/var/state/saslauthd1 \ + --enable-auth-sasldb \ --with-pwcheck=/var/pwcheck \ --with-rc4=openssl @@ -68,8 +70,8 @@ SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \ WITH_LDAP1="${WITH_LDAP1}" \ WITH_LDAP2="${WITH_LDAP2}" -JAVADIR= jdk1.3.1 -JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ +JAVADIR?= jdk1.3.1 +JAVALIBDIR?= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ .if defined(KRB5_HOME) && exists(${KRB5_HOME}) CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME} @@ -124,13 +126,15 @@ post-extract: pre-patch: @(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH}) -# Fix sasldb name in pkg-install/deinstall scripts +# Fix pkg-{install/deinstall/messages} post-patch: @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ ${.CURDIR}/pkg-install > ${PKGINSTALL} @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ ${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL} - @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + @${SED} -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ -e "s;%%PREFIX%%;${PREFIX};g" \ ${.CURDIR}/pkg-message > ${PKGMESSAGE} .ifdef LDAP_MYSQL_MSG @@ -144,12 +148,19 @@ pre-configure: # Create Cyrus user and group pre-install: @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + @if [ -f ${PREFIX}/sbin/saslauthd ]; then \ + mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \ + fi post-install: @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \ ${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck + @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \ + ${FILESDIR}/saslauthd.sh > ${PREFIX}/etc/rc.d/saslauthd1.sh + @${CHMOD} 755 ${PREFIX}/etc/rc.d/saslauthd1.sh + ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/state/saslauthd1 .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in ${DOCS} @@ -162,6 +173,10 @@ post-install: @${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR} @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR} .endif + @mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1 + @if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \ + mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \ + fi @PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} diff --git a/security/cyrus-sasl/files/patch-saslauthd::Makefile.am b/security/cyrus-sasl/files/patch-saslauthd::Makefile.am new file mode 100644 index 00000000000..0dd7869d355 --- /dev/null +++ b/security/cyrus-sasl/files/patch-saslauthd::Makefile.am @@ -0,0 +1,11 @@ +--- saslauthd/Makefile.am.orig Fri Mar 23 19:41:35 2001 ++++ saslauthd/Makefile.am Tue Aug 13 13:57:10 2002 +@@ -2,7 +2,7 @@ + man_MANS = saslauthd.8 + + saslauthd_SOURCES = saslauthd.c mechanisms.c globals.h mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c auth_getpwent.h auth_krb4.c auth_krb4.h auth_pam.c auth_pam.h auth_rimap.c auth_rimap.h auth_shadow.c auth_shadow.h auth_sia.c auth_sia.h +-saslauthd_LDADD = @SASL_KRB_LIB@ ++saslauthd_LDADD = @SASL_KRB_LIB@ @LIB_PAM@ @LIB_CRYPT@ + + INCLUDES = -I$(top_srcdir)/include + EXTRA_DIST = saslauthd.8 diff --git a/security/cyrus-sasl/files/pwcheck.sh b/security/cyrus-sasl/files/pwcheck.sh index faca0910847..2fdfa60cb93 100644 --- a/security/cyrus-sasl/files/pwcheck.sh +++ b/security/cyrus-sasl/files/pwcheck.sh @@ -41,8 +41,7 @@ case "${sasl_pwcheck_enable}" in start) if [ -x ${sasl_pwcheck_program} ] ; then - ${sasl_pwcheck_program} & - echo -n " pwcheck" + ${sasl_pwcheck_program} && echo -n " pwcheck" fi ;; diff --git a/security/cyrus-sasl/files/saslauthd.sh b/security/cyrus-sasl/files/saslauthd.sh new file mode 100644 index 00000000000..70a99b42d6c --- /dev/null +++ b/security/cyrus-sasl/files/saslauthd.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +action=$1 + +PREFIX=%%PREFIX%% + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +# The following sasl_saslauthd_* variables may be defined in rc.conf +# +# sasl_saslauthd1_enable - Set to YES to enable saslauthd +# Default: %%ENABLESASLAUTHD%% +# +# sasl_saslauthd1_program - Path to saslauthd program +# Default: ${PREFIX}/sbin/saslauthd1 +# +# sasl_saslauthd1_flags - Flags to saslauthd program +# Default: -a pam + +if [ -z "${sasl_saslauthd1_enable}" ]; then + sasl_saslauthd1_enable=%%ENABLESASLAUTHD%% +fi + +if [ -z "${sasl_saslauthd1_program}" ]; then + sasl_saslauthd1_program=${PREFIX}/sbin/saslauthd1 +fi + +if [ -z "${sasl_saslauthd1_flags}" ]; then + sasl_saslauthd1_flags="-a pam" +fi + +rc=0 + +case "${sasl_saslauthd1_enable}" in + [Yy][Ee][Ss]) + case "${action}" in + + start) + if [ -x ${sasl_saslauthd1_program} ] ; then + ${sasl_saslauthd1_program} ${sasl_saslauthd1_flags} \ + && echo -n " saslauthd1" + fi + ;; + + stop) + if [ -r /var/state/saslauthd1/mux.pid ]; then + kill `cat /var/state/saslauthd1/mux.pid` && \ + echo -n " saslauthd1" + rm /var/state/saslauthd1/mux.pid + fi + ;; + + *) + echo "usage: $0 {start|stop}" 1>&2 + rc=64 + ;; + esac + ;; + *) + rc=0 + ;; +esac + +exit $rc diff --git a/security/cyrus-sasl/pkg-deinstall b/security/cyrus-sasl/pkg-deinstall index cda7889285c..232102427a8 100644 --- a/security/cyrus-sasl/pkg-deinstall +++ b/security/cyrus-sasl/pkg-deinstall @@ -38,7 +38,7 @@ delete_user() { sendmail_conf() { if [ -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then - echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp + echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp if cmp -s ${PKG_PREFIX}/lib/sasl/Sendmail.conf ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp; then rm -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf fi diff --git a/security/cyrus-sasl/pkg-install b/security/cyrus-sasl/pkg-install index 3e0c005656d..9237718a970 100644 --- a/security/cyrus-sasl/pkg-install +++ b/security/cyrus-sasl/pkg-install @@ -67,12 +67,6 @@ create_user() { fi echo "*** Updated user \`${USER}'." fi -# Don't know why we need the daemon user in the cyrus group -# hopefully this doesn't affect anyone. It's a leftover from -# the pre-SASL cyrus-imapd server. -# if ! ${PW} group mod ${GROUP} -m daemon; then -# echo "*** can't add user \`daemon' to group \`${GROUP}'" -# fi } create_sasldb() { @@ -92,7 +86,7 @@ create_sasldb() { sendmail_conf() { if [ ! -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then - echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf + echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf fi } diff --git a/security/cyrus-sasl/pkg-message b/security/cyrus-sasl/pkg-message index 5dfe7ff7763..2af80271395 100644 --- a/security/cyrus-sasl/pkg-message +++ b/security/cyrus-sasl/pkg-message @@ -1,12 +1,19 @@ -You may need to start the pwcheck daemon for authentication with -the system password files: +You may need to start the pwcheck or saslauthd daemon for authentication +with the system password files: %%PREFIX%%/etc/rc.d/pwcheck.sh start +or + %%PREFIX%%/etc/rc.d/saslauthd1.sh start or you can use sasldb for authentication, to add users use: saslpasswd -c username -How to enable SMTP AUTH with system Sendmail 8.11 - Sendmail.README +If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README + +NOTE: This port has been compiled with a default pwcheck_method of + %%PWCHECK_METHOD%%. Set sasl_pwcheck_method to %%PWCHECK_METHOD%%, + after installing the Cyrus-IMAPd 1.6.24 port. You should also check + the %%PREFIX%%/lib/sasl/*.conf files for the correct pwcheck_method. diff --git a/security/cyrus-sasl/pkg-plist b/security/cyrus-sasl/pkg-plist index b3c88df1781..9aa77e2385d 100644 --- a/security/cyrus-sasl/pkg-plist +++ b/security/cyrus-sasl/pkg-plist @@ -1,5 +1,9 @@ +@comment The following makes sure that the pwcheck and saslauthd +@comment daemons are stopped before removing the files. @unexec if [ -f /var/run/pwcheck.pid ] ; then %D/etc/rc.d/pwcheck.sh stop ; echo " stopped." ; fi +@unexec if [ -f /var/state/saslauthd1/mux.pid ] ; then %D/etc/rc.d/saslauthd1.sh stop ; echo " stopped." ; fi etc/rc.d/pwcheck.sh +etc/rc.d/saslauthd1.sh include/sasl1/hmac-md5.h include/sasl1/md5.h include/sasl1/md5global.h @@ -38,6 +42,7 @@ sbin/sasldblistusers sbin/saslpasswd sbin/pwcheck sbin/pwcheck_pam +sbin/saslauthd1 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class @@ -91,4 +96,11 @@ sbin/pwcheck_pam @comment This file gets created by the pwcheck program @unexec rm -f %D/pwcheck/pwcheck @dirrm pwcheck +@mode ug=rwx,o= +@exec mkdir -p /var/state/saslauthd1 +@exec chown -R cyrus:cyrus state +@exec chmod -R o= state +@comment This file gets created by the state/saslauthd program +@unexec rm -fr /var/state/saslauthd1 +@unexec rmdir /var/state @cwd %%PREFIX%% diff --git a/security/cyrus-sasl/scripts/configure.sasl b/security/cyrus-sasl/scripts/configure.sasl index 65a36ef5c87..40139034b44 100644 --- a/security/cyrus-sasl/scripts/configure.sasl +++ b/security/cyrus-sasl/scripts/configure.sasl @@ -25,7 +25,7 @@ if [ "${BATCH}" ]; then OPTIONS="${OPTIONS} \"OpenLDAP1\"" fi if [ "${OPTIONS}" != "x" ]; then - OPTIONS="${OPTIONS} \"PWCHECK\"" + OPTIONS="${OPTIONS} \"SASLAUTHD\"" set ${OPTIONS} fi else @@ -65,8 +65,9 @@ JAVA "JavaSASL [Experimental]" ${SET_JAVA} \ MySQL "MySQL password Authentication" ${SET_MYSQL} \ OpenLDAP1 "OpenLDAP 1.x password Authentication" ${SET_LDAP1} \ OpenLDAP2 "OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \ -PWCHECK "Use pwcheck for password Authentication" ON \ -PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \ +PWCHECK "Use pwcheck for password Authentication" OFF \ +PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \ +SASLAUTHD "Use saslauthd for password Authentication" ON \ 2> $tempfile retval=$? @@ -172,6 +173,12 @@ while [ "$1" ]; do PWCHECK=1 fi ;; + \"SASLAUTHD\") + if [ "$PWCHECK" ]; then + echo "SASLAUTHD is preferred over PWCHECK: Enabling saslauthd and disabling pwcheck in rc.d scripts" > /dev/stderr + fi + SASLAUTHD=1 + ;; *) echo "Invalid option(s): $*" > /dev/stderr rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc @@ -181,12 +188,24 @@ while [ "$1" ]; do shift done -if [ "$PWCHECK" ]; then - echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\"" +if [ ! "${PWCHECK}" ]; then + echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\"" +fi + +if [ "$SASLAUTHD" ]; then + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;no;g\"" + echo "PWCHECK_METHOD= saslauthd" + echo "SASLAUTHD_SUB+= -e \"s;%%ENABLESASLAUTHD%%;yes;g\"" else - echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\" \\" - echo " -e \"s;%%ENABLEPWCHECK%%;no;g\"" + if [ "$PWCHECK" ]; then + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\"" + else + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;no;g\"" + fi + echo "PWCHECK_METHOD+= pwcheck" + echo "SASLAUTHD_SUB+= -e \"s;%%ENABLESASLAUTHD%%;no;g\"" fi + if [ ! "${DEFJAVA}" ]; then echo "PLIST_SUB+= JAVASASL=\"@comment \"" fi |