ports/51505: security/cyrus-sasl: A few fixes and enhancements
Scot W. Hetzel
hetzels at westbend.net
Mon Apr 28 18:40:10 UTC 2003
>Number: 51505
>Category: ports
>Synopsis: security/cyrus-sasl: A few fixes and enhancements
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 28 11:40:07 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Scot W. Hetzel
>Release: FreeBSD 4.8-STABLE i386
>Organization:
West Bend Internet
>Environment:
System: FreeBSD mail.westbend.net 4.8-STABLE FreeBSD 4.8-STABLE #0: Tue Apr 22 06:11:15 CDT 2003 root at WBIw009.westbend.net:/usr/obj/usr/src/4x/sys/GENERIC i386
>Description:
The attached patch fixes some problems with building the Kerberos IV and 5 mechs.
Made the port to optionally not build the mechs, define
WITHOUT_[ANONYMOUS,CRAM,DIGEST,LOGIN,OTP,GSSAPI,PLAIN]. The
Kerberos IV case is special, as we can use the base kerberos 4x (<=5.0-RELEASE),
or use the security/krb4 port.
WITH_KERBEROS4 - use security/krb4 port
if <=5.0-RELEASE, use krb4 port only if /usr/lib/libkrb.a doesn't exist
WITHOUT_KERBEROS4 - disables using the base systems /usr/lib/libkrb.a (<=5.0),
if it exists and MAKE_KERBEROS4 defined in /etc/make.conf
This patch also solves the problems reported in PR 43774 and PR 48731.
Changed the combined rcNG/rcOG scripts, so that the defaults are at the top
of the rc.d script and not in an external file to the script.
>How-To-Repeat:
>Fix:
Apply the attached patch:
Changed Files:
Makefile
pkg-deinstall
pkg-install
pkg-message
pkg-plist
files/patch-ab
files/pwcheck.sh
files/saslauthd.sh
scripts/configure.sasl
New Files:
files/patch-plugins::kerberos4.c
Also the following PR's can be closed: PR 36711, PR 38801, PR 43672, PR 43774, PR 48731.
--- patch0428 begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v
retrieving revision 1.49
diff -u -r1.49 Makefile
--- Makefile 26 Feb 2003 11:25:55 -0000 1.49
+++ Makefile 18 Apr 2003 04:45:55 -0000
@@ -7,7 +7,7 @@
PORTNAME= cyrus-sasl
PORTVERSION= 1.5.28
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \
ftp://ftp.westbend.net/pub/cyrus-mail/%SUBDIR%/ \
@@ -56,7 +56,6 @@
--with-dbpath=${PREFIX}/etc/sasldb \
--includedir=${PREFIX}/include/sasl1 \
--enable-static \
- --enable-login \
--with-saslauthd=/var/state/saslauthd1 \
--enable-auth-sasldb \
--with-pwcheck=/var/pwcheck \
@@ -76,17 +75,67 @@
JAVADIR?= jdk1.3.1
JAVALIBDIR?= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/
-.if defined(KRB5_HOME) && exists(${KRB5_HOME})
+.if defined(WITHOUT_ANONYMOUS)
+CONFIGURE_ARGS+= --disable-anon
+ANON= "@comment "
+.endif
+
+.if defined(WITHOUT_CRAM)
+CONFIGURE_ARGS+= --disable-cram
+CRAM= "@comment "
+.endif
+
+.if defined(WITHOUT_DIGEST)
+CONFIGURE_ARGS+= --disable-digest
+DIGEST= "@comment "
+.endif
+
+# Outlook and Outlook Express requires the LOGIN mech
+.if defined(WITHOUT_LOGIN)
+CONFIGURE_ARGS+= --disable-login
+LOGIN= "@comment "
+.else
+CONFIGURE_ARGS+= --enable-login
+.endif
+
+.if defined(WITHOUT_OTP)
+CONFIGURE_ARGS+= --disable-otp
+OTP= "@comment "
+.endif
+
+# Netscape requires the PLAIN mech
+.if defined(WITHOUT_PLAIN)
+CONFIGURE_ARGS+= --disable-plain
+PLAIN= "@comment "
+.endif
+
+.if !defined(WITHOUT_GSSAPI) && defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libgssapi_krb5.a)
CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME}
-.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME})
+.elif !defined(WITHOUT_GSSAPI) && defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.a)
CONFIGURE_ARGS+= --enable-gssapi=${HEIMDAL_HOME}
+.elif !defined(WITHOUT_GSSAPI) && defined(MAKE_KERBEROS5) && exists(/usr/lib/libkrb5.a)
+CONFIGURE_ARGS+= --enable-gssapi
.else
CONFIGURE_ARGS+= --disable-gssapi
GSSAPI= "@comment "
.endif
-.if exists(/usr/lib/libkrb.a)
+.include <bsd.port.pre.mk>
+
+# KERBEROS 4 was removed in FreeBSD 5.0-CURRENT
+.if ${OSVERSION} > 500105
+.if defined(WITH_KERBEROS4)
+LIB_DEPENDS+= krb.2:${PORTSDIR}/security/krb4
+CONFIGURE_ARGS+= --enable-krb4=${LOCALBASE}/krb4
+.else
+CONFIGURE_ARGS+= --disable-krb4
+EBONES= "@comment "
+.endif
+.elif exists(/usr/lib/libkrb.a) && defined(MAKE_KERBEROS4) && !defined(WITHOUT_KERBEROS4)
CONFIGURE_ARGS+= --enable-krb4
+.elif !exists(/usr/lib/libkrb.a) && defined(WITH_KERBEROS4)
+LIB_DEPENDS+= krb.2:${PORTSDIR}/security/krb4
+CONFIGURE_ARGS+= --enable-krb4=${LOCALBASE}/krb4
.else
CONFIGURE_ARGS+= --disable-krb4
EBONES= "@comment "
@@ -96,9 +145,18 @@
OPENSSLINC=${OPENSSLINC} \
OPENSSLLIB=${OPENSSLLIB}
+CYRUS_USER?= cyrus
+CYRUS_GROUP?= cyrus
+
DOCS= AUTHORS COPYING ChangeLog INSTALL NEWS README TODO
PLIST_SUB= PREFIX=${PREFIX} \
+ ANON=${ANON} \
+ OTP=${OTP} \
+ CRAM=${CRAM} \
+ DIGEST=${DIGEST} \
+ LOGIN=${LOGIN} \
+ PLAIN=${PLAIN} \
GSSAPI=${GSSAPI} \
EBONES=${EBONES} \
DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \
@@ -110,7 +168,6 @@
PKGINSTALL= ${WRKDIR}/pkg-install
PKGMESSAGE= ${WRKDIR}/pkg-message
-.include <bsd.port.pre.mk>
.if ${OSVERSION} < 450000
FMT= /usr/bin/fmt
.else
@@ -124,6 +181,21 @@
.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc"
.endif
+RC_SCRIPTS_SUB= PREFIX=${PREFIX} \
+ PWCHECK=${PWCHECK} \
+ ENABLE_PWCHECK=${ENABLE_PWCHECK} \
+ ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD} \
+ MYSQL_REQ=${MYSQL_REQ}
+
+PKG_SCRIPTS_SUB= PREFIX=${PREFIX} \
+ CYRUS_USER=${CYRUS_USER} \
+ CYRUS_GROUP=${CYRUS_GROUP} \
+ ENABLE_PWCHECK=${ENABLE_PWCHECK} \
+ ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD} \
+ PWCHECK=${PWCHECK} \
+ PWCHECK_METHOD=${PWCHECK_METHOD} \
+ SASLDB=${SASLDB_NAME}
+
post-extract:
@${CP} ${FILESDIR}/pwcheck_pam.c ${WRKSRC}/pwcheck
@@ -132,17 +204,9 @@
# Fix pkg-{install/deinstall/messages}
post-patch:
- @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
- -e "s;%%PWCHECK%%;${PWCHECK};g" \
- -e "s;%%ENABLE_PWCHECK%%;${ENABLE_PWCHECK};g" \
- -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
- -e "s;%%ENABLE_SASLAUTHD%%;${ENABLE_SASLAUTHD};g" \
+ @${SED} ${PKG_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
${.CURDIR}/pkg-install > ${PKGINSTALL}
- @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
- -e "s;%%PWCHECK%%;${PWCHECK};g" \
- -e "s;%%ENABLE_PWCHECK%%;${ENABLE_PWCHECK};g" \
- -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
- -e "s;%%ENABLE_SASLAUTHD%%;${ENABLE_SASLAUTHD};g" \
+ @${SED} ${PKG_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL}
@${SED} -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
-e "s;%%PREFIX%%;${PREFIX};g" \
@@ -182,8 +246,8 @@
@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
${FILESDIR}/cyrus_sasl1 > ${PREFIX}/etc/rc.d/cyrus_sasl1
@${CHMOD} 755 ${PREFIX}/etc/rc.d/cyrus_sasl1
- ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
- ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/state/saslauthd1
+ ${INSTALL} -d -m 770 -o ${CYRUS_USER} -g ${CYRUS_GROUP} /var/pwcheck
+ ${INSTALL} -d -m 770 -o ${CYRUS_USER} -g ${CYRUS_GROUP} /var/state/saslauthd1
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
.for file in ${DOCS}
@@ -213,9 +277,5 @@
post-clean:
@${RM} -f ${WRKDIRPREFIX}${.CURDIR}/Makefile.inc
-
-#if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc)
-#include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc"
-#endif
.include <bsd.port.post.mk>
Index: pkg-deinstall
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-deinstall,v
retrieving revision 1.7
diff -u -r1.7 pkg-deinstall
--- pkg-deinstall 26 Feb 2003 11:25:55 -0000 1.7
+++ pkg-deinstall 18 Apr 2003 04:48:05 -0000
@@ -12,6 +12,9 @@
SASLDB_NAME=${PKG_PREFIX}/etc/%%SASLDB%%
+CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}
+CYRUS_GROUP=${CYRUS_GROUP:=%%CYRUS_GROUP%%}
+
remove_file()
{
file=$1
@@ -22,22 +25,6 @@
rm -f ${file}.tmp
}
-delete_rc_conf_d() {
- PWCHECK_CONF=${PKG_PREFIX}/etc/rc.conf.d/cyrus_pwcheck
- SASLAUTHD_CONF=${PKG_PREFIX}/etc/rc.conf.d/saslauthd1
-
- if [ -f ${SASLAUTHD_CONF} ]; then
- echo "saslauthd1_enable=%%ENABLE_SASLAUTHD%%" >> ${SASLAUTHD_CONF}.tmp
- echo "saslauthd1_flags=\"-a pam\"" >> ${SASLAUTHD_CONF}.tmp
- remove_file ${SASLAUTHD_CONF}
- fi
- if [ -f ${PWCHECK_CONF} ]; then
- echo "cyrus_pwcheck_enable=%%ENABLE_PWCHECK%%" > ${PWCHECK_CONF}.tmp
- echo "cyrus_pwcheck_program=${PKG_PREFIX}/sbin/%%PWCHECK%%" >> ${PWCHECK_CONF}.tmp
- remove_file ${PWCHECK_CONF}
- fi
-}
-
# delete sasldb database
delete_sasldb() {
@@ -51,11 +38,11 @@
}
delete_user() {
- if pw usershow cyrus 2>/dev/null 1>&2; then
- echo "To delete Cyrus user permanently, use 'pw userdel cyrus'"
+ if pw usershow ${CYRUS_USER} 2>/dev/null 1>&2; then
+ echo "To delete Cyrus user permanently, use 'pw userdel ${CYRUS_USER}'"
fi
- if pw groupshow cyrus 2>/dev/null 1>&2; then
- echo "To delete Cyrus group permanently, use 'pw groupdel cyrus'"
+ if pw groupshow ${CYRUS_GROUP} 2>/dev/null 1>&2; then
+ echo "To delete Cyrus group permanently, use 'pw groupdel ${CYRUS_GROUP}'"
fi
}
@@ -72,7 +59,6 @@
case $2 in
DEINSTALL)
delete_sasldb
- delete_rc_conf_d
sendmail_conf
;;
POST-DEINSTALL)
Index: pkg-install
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-install,v
retrieving revision 1.11
diff -u -r1.11 pkg-install
--- pkg-install 26 Feb 2003 11:25:55 -0000 1.11
+++ pkg-install 17 Apr 2003 23:59:23 -0000
@@ -13,13 +13,16 @@
SASLDB_NAME=${PKG_PREFIX}/etc/%%SASLDB%%
+CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}
+CYRUS_GROUP=${CYRUS_GROUP:=%%CYRUS_GROUP%%}
+
#
# create 'cyrus' user and group before installing
#
create_user() {
- USER=cyrus
- GROUP=cyrus
+ USER=${CYRUS_USER}
+ GROUP=${CYRUS_GROUP}
PW=/usr/sbin/pw
if [ -x /sbin/nologin ]; then
@@ -76,7 +79,7 @@
echo "WARNING: Failed to create ${PKG_PREFIX}/etc/$SASLDB_NAME}"
else
${PKG_PREFIX}/sbin/saslpasswd -d cyrus
- chown cyrus:mail ${SASLDB_NAME}
+ chown ${CYRUS_USER}:mail ${SASLDB_NAME}
chmod 640 ${SASLDB_NAME}
fi
fi
@@ -90,23 +93,6 @@
fi
}
-create_rc_conf_d() {
- PWCHECK_CONF=${PKG_PREFIX}/etc/rc.conf.d/cyrus_pwcheck
- SASLAUTHD_CONF=${PKG_PREFIX}/etc/rc.conf.d/saslauthd1
-
- if [ ! -d ${PKG_PREFIX}/etc/rc.conf.d ]; then
- mkdir ${PKG_PREFIX}/etc/rc.conf.d
- fi
- if [ ! -f ${SASLAUTHD_CONF} ]; then
- echo "saslauthd1_enable=%%ENABLE_SASLAUTHD%%" > ${SASLAUTHD_CONF}
- echo "saslauthd1_flags=\"-a pam\"" >> ${SASLAUTHD_CONF}
- fi
- if [ ! -f ${PWCHECK_CONF} ]; then
- echo "cyrus_pwcheck_enable=%%ENABLE_PWCHECK%%" > ${PWCHECK_CONF}
- echo "cyrus_pwcheck_program=${PKG_PREFIX}/sbin/%%PWCHECK%%" >> ${PWCHECK_CONF}
- fi
-}
-
case $2 in
PRE-INSTALL)
create_user
@@ -114,7 +100,6 @@
POST-INSTALL)
if [ "${PKG_BATCH}" = "NO" ]; then
create_sasldb
- create_rc_conf_d
sendmail_conf
fi
;;
Index: pkg-message
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-message,v
retrieving revision 1.5
diff -u -r1.5 pkg-message
--- pkg-message 14 Aug 2002 18:39:45 -0000 1.5
+++ pkg-message 28 Apr 2003 17:05:38 -0000
@@ -2,7 +2,7 @@
You may need to start the pwcheck or saslauthd daemon for authentication
with the system password files:
- %%PREFIX%%/etc/rc.d/pwcheck.sh start
+ %%PREFIX%%/etc/rc.d/cyrus_pwcheck.sh start
or
%%PREFIX%%/etc/rc.d/saslauthd1.sh start
@@ -13,7 +13,9 @@
If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README
NOTE: This port has been compiled with a default pwcheck_method of
- %%PWCHECK_METHOD%%. Set sasl_pwcheck_method to %%PWCHECK_METHOD%%,
- after installing the Cyrus-IMAPd 1.6.24 port. You should also check
- the %%PREFIX%%/lib/sasl/*.conf files for the correct pwcheck_method.
+ %%PWCHECK_METHOD%%. You may need to set sasl_pwcheck_method to
+ %%PWCHECK_METHOD%% after installing either the Cyrus-IMAPd 1.6.24
+ or 2.0.17 ports.
+ You should also check the %%PREFIX%%/lib/sasl/*.conf files for the
+ correct pwcheck_method.
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-plist,v
retrieving revision 1.18
diff -u -r1.18 pkg-plist
--- pkg-plist 26 Feb 2003 11:25:55 -0000 1.18
+++ pkg-plist 18 Apr 2003 03:49:34 -0000
@@ -18,27 +18,27 @@
lib/libsasl.a
lib/libsasl.so
lib/libsasl.so.8
-lib/sasl/libanonymous.a
-lib/sasl/libanonymous.so
-lib/sasl/libanonymous.so.1
-lib/sasl/libcrammd5.a
-lib/sasl/libcrammd5.so
-lib/sasl/libcrammd5.so.1
-lib/sasl/libdigestmd5.a
-lib/sasl/libdigestmd5.so
-lib/sasl/libdigestmd5.so.0
+%%ANON%%lib/sasl/libanonymous.a
+%%ANON%%lib/sasl/libanonymous.so
+%%ANON%%lib/sasl/libanonymous.so.1
+%%CRAM%%lib/sasl/libcrammd5.a
+%%CRAM%%lib/sasl/libcrammd5.so
+%%CRAM%%lib/sasl/libcrammd5.so.1
+%%DIGEST%%lib/sasl/libdigestmd5.a
+%%DIGEST%%lib/sasl/libdigestmd5.so
+%%DIGEST%%lib/sasl/libdigestmd5.so.0
%%GSSAPI%%lib/sasl/libgssapiv2.a
%%GSSAPI%%lib/sasl/libgssapiv2.so
%%GSSAPI%%lib/sasl/libgssapiv2.so.1
%%EBONES%%lib/sasl/libkerberos4.a
%%EBONES%%lib/sasl/libkerberos4.so
%%EBONES%%lib/sasl/libkerberos4.so.1
-lib/sasl/liblogin.a
-lib/sasl/liblogin.so
-lib/sasl/liblogin.so.0
-lib/sasl/libplain.a
-lib/sasl/libplain.so
-lib/sasl/libplain.so.1
+%%LOGIN%%lib/sasl/liblogin.a
+%%LOGIN%%lib/sasl/liblogin.so
+%%LOGIN%%lib/sasl/liblogin.so.0
+%%PLAIN%%lib/sasl/libplain.a
+%%PLAIN%%lib/sasl/libplain.so
+%%PLAIN%%lib/sasl/libplain.so.1
sbin/sasldblistusers
sbin/saslpasswd
sbin/pwcheck
Index: files/patch-ab
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/patch-ab,v
retrieving revision 1.15
diff -u -r1.15 patch-ab
--- files/patch-ab 26 Feb 2003 11:25:55 -0000 1.15
+++ files/patch-ab 13 Mar 2003 03:20:54 -0000
@@ -1,5 +1,5 @@
---- configure.in.orig Tue Feb 18 13:18:11 2003
-+++ configure.in Tue Feb 18 14:34:11 2003
+--- configure.in.orig Wed Feb 26 23:00:39 2003
++++ configure.in Wed Feb 26 23:22:03 2003
@@ -66,8 +66,12 @@
dnl check for -R, etc. switch
CMU_GUESS_RUNPATH_SWITCH
@@ -104,3 +104,41 @@
AC_SUBST(LIB_DES)
+@@ -563,8 +595,8 @@
+ AC_CHECK_HEADER(krb.h,
+ AC_CHECK_LIB(com_err, com_err,
+ AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err",
+- krb4=no, -ldes -lcom_err),
+- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", krb4=no, -ldes)))
++ krb4=no, ${LIB_DES} -lcrypt -lcom_err),
++ AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", krb4=no, ${LIB_DES})))
+
+ else
+ AC_WARN(No DES library found for Kerberos V4 support)
+@@ -592,7 +624,7 @@
+ AC_MSG_RESULT(enabled)
+ SASL_MECHS="$SASL_MECHS libkerberos4.la"
+ AC_DEFINE(HAVE_KRB)
+- SASL_KRB_LIB="-lkrb -ldes $COM_ERR"
++ SASL_KRB_LIB="-lkrb $LIB_DES $COM_ERR"
+ AC_SUBST(SASL_KRB_LIB)
+ else
+ AC_MSG_RESULT(disabled)
+@@ -631,7 +663,7 @@
+
+ # the base64_decode check fails because libroken has dependencies
+ # FIXME: this is probabally non-optimal as well
+- AC_CHECK_LIB(krb5,krb5_vlog,gss_impl="heimdal",,)
++ AC_CHECK_LIB(krb5,krb5_vlog,gss_impl="heimdal",, -lasn1 ${LIB_DES} -lroken ${LIB_CRYPT} -lcom_err)
+ # AC_CHECK_LIB(roken,base64_decode,gss_impl="heimdal",, $LIB_CRYPT)
+
+ if test -d ${gssapi}; then
+@@ -641,7 +673,7 @@
+ if test "$gss_impl" = mit; then
+ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
+ elif test "$gss_impl" = "heimdal"; then
+- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -ldes -lasn1 -lroken ${LIB_CRYPT} -lcom_err"
++ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 ${LIB_DES} -lasn1 -lroken ${LIB_CRYPT} -lcom_err"
+ else
+ gssapi="no"
+ AC_WARN(Disabling GSSAPI)
Index: files/patch-plugins::kerberos4.c
===================================================================
RCS file: files/patch-plugins::kerberos4.c
diff -N files/patch-plugins::kerberos4.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-plugins::kerberos4.c 26 Feb 2003 22:46:29 -0000
@@ -0,0 +1,48 @@
+--- plugins/kerberos4.c.orig Wed Feb 26 22:20:04 2003
++++ plugins/kerberos4.c Wed Feb 26 22:30:25 2003
+@@ -711,14 +730,18 @@
+ #ifdef __FreeBSD__
+ des_pcbc_encrypt((const unsigned char *)in,
+ (unsigned char *)in,
++ clientinlen,
++ text->init_keysched,
++ &text->session,
++ DES_DECRYPT);
+ #else
+ des_pcbc_encrypt((des_cblock *)in,
+ (des_cblock *)in,
+-#endif
+ clientinlen,
+ text->init_keysched,
+ &text->session,
+ DES_DECRYPT);
++#endif
+
+ testnum=(in[0]*256*256*256)+(in[1]*256*256)+(in[2]*256)+in[3];
+
+@@ -1255,18 +1278,22 @@
+ len++;
+ }
+ sout[len]=0;
++
+ #ifdef __FreeBSD__
+ des_pcbc_encrypt((const unsigned char *)sout,
+- (unsigned char *)sout,
++ (unsigned char *)sout,
++ len,
++ text->init_keysched,
++ (des_cblock *)text->session,
++ DES_ENCRYPT);
+ #else
+-
+ des_pcbc_encrypt((des_cblock *)sout,
+ (des_cblock *)sout,
+-#endif
+ len,
+ text->init_keysched,
+ (des_cblock *)text->session,
+ DES_ENCRYPT);
++#endif
+
+ *clientout = params->utils->malloc(len);
+ memcpy((char *) *clientout, sout, len);
Index: files/pwcheck.sh
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/pwcheck.sh,v
retrieving revision 1.7
diff -u -r1.7 pwcheck.sh
--- files/pwcheck.sh 28 Mar 2003 23:37:36 -0000 1.7
+++ files/pwcheck.sh 28 Apr 2003 17:22:41 -0000
@@ -12,18 +12,18 @@
# If you want this script to start with the base rc scripts
# move cyrus_pwcheck.sh to /etc/rc.d/cyrus_pwcheck
-# Define the following cyrus_pwcheck_* variables in one of the following:
-# /etc/rc.conf
-# /etc/rc.conf.d/pwcheck
-# ${prefix}/etc/rc.conf.d/pwcheck
+prefix=%%PREFIX%%
+
+# Define these cyrus_pwcheck_* variables in one of these files:
+# /etc/rc.conf
+# /etc/rc.conf.local
+# /etc/rc.conf.d/cyrus_pwcheck
#
-# cyrus_pwcheck_enable - Set to YES to enable pwcheck
-# Default: %%ENABLE_PWCHECK%%
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
-# cyrus_pwcheck_program - Path to pwcheck program (pwcheck/pwcheck_pam)
-# Default: ${prefix}/sbin/%%PWCHECK%%
-
-prefix=%%PREFIX%%
+cyrus_pwcheck_enable="%%ENABLE_PWCHECK%%" # Enable pwcheck daemon
+cyrus_pwcheck_program="${prefix}/sbin/%%PWCHECK%%" # pwcheck program to use
+ # (pwcheck/pwcheck_pam)
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -33,22 +33,7 @@
command=${prefix}/sbin/%%PWCHECK%%
pidfile="/var/run/pwcheck.pid"
- # The below may be removed when load_local_rc_config is added to rc.subr
-
- if [ -f ${prefix}/etc/rc.conf.d/"$name" ]; then
- debug "Sourcing ${prefix}/etc/rc.conf.d/${name}"
- . ${prefix}/etc/rc.conf.d/"$name"
- fi
-
load_rc_config $name
-
- if [ -z "${cyrus_pwcheck_enable}" ] ; then
- cyrus_pwcheck_enable=%%ENABLE_PWCHECK%%
- fi
-
- # The above may be removed when load_local_rc_config is added to rc.subr
- #
- # load_local_rc_config $name
run_rc_command "$1"
else
# Suck in the configuration variables.
@@ -61,23 +46,11 @@
fi
fi
- if [ -f "${prefix}/etc/rc.conf.d/cyrus_pwcheck" ]; then
- . ${prefix}/etc/rc.conf.d/cyrus_pwcheck
- fi
-
- if [ -z "${cyrus_pwcheck_enable}" ] ; then
- cyrus_pwcheck_enable=%%ENABLE_PWCHECK%%
- fi
-
- if [ -z "${cyrus_pwcheck_program}" ]; then
- cyrus_pwcheck_program=${prefix}/sbin/%%PWCHECK%%
- fi
-
rc=0
case "${cyrus_pwcheck_enable}" in
[Yy][Ee][Ss])
- case "${action}" in
+ case "${1}" in
start)
if [ -x ${cyrus_pwcheck_program} ] ; then
Index: files/saslauthd.sh
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/saslauthd.sh,v
retrieving revision 1.2
diff -u -r1.2 saslauthd.sh
--- files/saslauthd.sh 26 Feb 2003 11:25:55 -0000 1.2
+++ files/saslauthd.sh 18 Apr 2003 04:08:24 -0000
@@ -12,21 +12,18 @@
# If you want this script to start with the base rc scripts
# move saslauthd1.sh to /etc/rc.d/saslauthd1
-# Define the following saslauthd1_* variables in one of the following:
+prefix=%%PREFIX%%
+
+# Define these saslauthd1_* variables in one of these files:
# /etc/rc.conf
+# /etc/rc.conf.local
# /etc/rc.conf.d/saslauthd1
-# ${prefix}/etc/rc.conf.d/saslauthd1
-#
-# saslauthd1_enable - Set to YES to enable saslauthd
-# Default: %%ENABLE_SASLAUTHD%%
#
-# saslauthd1_program - Path to saslauthd program
-# Default: ${prefix}/sbin/saslauthd1
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
-# saslauthd1_flags - Flags to saslauthd program
-# Default: -a pam
-
-prefix=%%PREFIX%%
+saslauthd1_enable="%%ENABLE_SASLAUTHD%%" # Enable saslauthd
+#saslauthd1_program="${prefix}/sbin/saslauthd1" # Location of saslauthd1
+saslauthd1_flags="-a pam" # Flags to saslauthd program
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -36,22 +33,7 @@
command="${prefix}/sbin/${name}"
pidfile="/var/state/${name}/mux.pid"
- # The below may be removed when load_local_rc_config is added to rc.subr
-
- if [ -f ${prefix}/etc/rc.conf.d/"$name" ]; then
- debug "Sourcing ${prefix}/etc/rc.conf.d/${name}"
- . ${prefix}/etc/rc.conf.d/"$name"
- fi
-
load_rc_config $name
-
- if [ -z "${saslauthd1_enable}" ]; then
- saslauthd1_enable=%%ENABLE_SASLAUTHD%%
- fi
-
- # The above may be removed when load_local_rc_config is added to rc.subr
- #
- #load_local_rc_config $name
run_rc_command "$1"
else
# Suck in the configuration variables.
@@ -64,19 +46,11 @@
fi
fi
- if [ -f ${prefix}/etc/rc.conf.d/saslauthd1 ]; then
- . ${prefix}/etc/rc.conf.d/saslauthd1
- fi
-
if [ -n "${sasl_saslauthd1_enable}" ]; then
echo "sasl_saslauthd1_enable has been depreciated, use saslauthd1_enable instead"
saslauthd1_enable=$sasl_saslauthd1_enable
fi
- if [ -z "${saslauthd1_enable}" ]; then
- saslauthd1_enable=%%ENABLE_SASLAUTHD%%
- fi
-
if [ -z "${saslauthd1_program}" ]; then
saslauthd1_program=${prefix}/sbin/saslauthd1
fi
@@ -84,10 +58,6 @@
if [ -n "${sasl_saslauthd1_flags}" ]; then
echo "sasl_saslauthd1_flags has been depreciated, use saslauthd1_flags instead"
saslauthd1_flags=$sasl_saslauthd1_flags
- fi
-
- if [ -z "${saslauthd1_flags}" ]; then
- saslauthd1_flags="-a pam"
fi
rc=0
Index: scripts/configure.sasl
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/scripts/configure.sasl,v
retrieving revision 1.17
diff -u -r1.17 configure.sasl
--- scripts/configure.sasl 26 Feb 2003 11:25:55 -0000 1.17
+++ scripts/configure.sasl 18 Apr 2003 00:14:01 -0000
@@ -209,17 +209,6 @@
ENABLE_SASLAUTHD=no
fi
-echo "PWCHECK= ${PWCHECK}"
-echo "PWCHECK_METHOD= ${PWCHECK_METHOD}"
-echo "ENABLE_PWCHECK= ${ENABLE_PWCHECK}"
-echo "ENABLE_SASLAUTHD= ${ENABLE_SASLAUTHD}"
-
-echo "RC_SCRIPTS_SUB+= PREFIX=\${PREFIX} \\"
-echo " PWCHECK=\${PWCHECK} \\"
-echo " ENABLE_PWCHECK=\${ENABLE_PWCHECK} \\"
-echo " ENABLE_SASLAUTHD=\${ENABLE_SASLAUTHD} \\"
-echo " MYSQL_REQ=${MYSQL_REQ}"
-
if [ ! "${DEFJAVA}" ]; then
echo "PLIST_SUB+= JAVASASL=\"@comment \""
fi
@@ -227,6 +216,11 @@
echo "CONFIGURE_ARGS+= --with-dblib=ndbm"
echo "SASLDB_NAME= sasldb.db"
fi
+
+echo "PWCHECK= ${PWCHECK}"
+echo "PWCHECK_METHOD= ${PWCHECK_METHOD}"
+echo "ENABLE_PWCHECK= ${ENABLE_PWCHECK}"
+echo "ENABLE_SASLAUTHD= ${ENABLE_SASLAUTHD}"
if [ "${MSG}" ]; then
if [ -n "${LDAP_REQ}" ]; then
--- patch0428 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list