From nobody Mon Mar 20 03:50:33 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pg13Y55rVz407Dh; Mon, 20 Mar 2023 03:50:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pg13Y4fY8z3LDF; Mon, 20 Mar 2023 03:50:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679284233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=x3Sr5UVpdUbNXXeMBfH4gRMi7vvzkTmwO3QFTBH7fIA=; b=Z2Aw0PA/pIcBQHa1SKE3Dv8frw8d6MU8NaHMSLN30Zv9Xc3dxAkotQfNMv5T6XHDDcRuya XQ+0hAS6XGjQuiRFSy8U9oOTF9LEQjN4kt6UzD9qfI9vVXQsDgp1N7dik/DCt7UI1BYKEG 39HfEe7FYfsuVxc05w7A4VUwDRF6IAXUWP9w7hTn5PrW1HR9nN47306LT5fA7xpAIAc3V3 iRhKQxW1qzCmiLR/DXpoIUWcp6vjWnDQurYg7zSZXeSLx67d4mI+HVLLZzIVNOMVwl3sIt LVIBShdroHQG+tivAH3ZbZa+64V24JLw5S/AwPIJVnjLq4pJeE+BvFFfCrBpMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679284233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=x3Sr5UVpdUbNXXeMBfH4gRMi7vvzkTmwO3QFTBH7fIA=; b=RwQbTQu2A+gJ9aQ43zz2iv/dIdF72swIHB+00qZsuwF2y5Joe1xvSldfIISU/y76J/2jgK G3JOtJiXIF7NYkgMvDRKLms5uNGuV2VM7LYPCPpRXYlax91b6SGQYx5suvCbr0rDkqqfZq DTMBuhyp/DzTdL/acE5BMqplPUp96SPX6aEP6rm+1huX0gQS85Hhdyq0VvoiPMATJvtfWM BMZfMda2/KHJL3cZhgr8FWsTxelvbSGVQY2SqBN0Zm4l++6VLfxxx22AOtm7D5Q+Qy59hB WkWQZJzNVMotpnh89/9TPLjyvQ0Dqn7gsgJnFT4R7q5B6/3VHDQTh2iGyaUv/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679284233; a=rsa-sha256; cv=none; b=EEbtRXpdYl+ewYNCON0sjUdUGusogK2h8M/jUKGg3JKjx9m1W4HpG9A6eiXvsrqEAu0oyW aqI6OD7LjDiWbC+6m/xIFi5F+1JzxgnEYgUeX9bTde4V2M4uYzlAjttgxYvmHRwvJ32jPQ OvsQSpok0nV+VeMJ/ciNfxY3P6QF2ymSaGkxy+H4FOIQ3Tbr0F0fk+phM9VWdb9hHkMaDY TtNP2QyMR4iGM6oWP0jbVpg4JGJs0N/Ql5aJxuOKs7v7Hkp3fztq94W3gJvWuATFgg1uSR AGokRnpu5R+2q5du4Tj+eDC3v1CLrkCS64MzNYtg9Y5fDvxPaIX7DXkO9nL4Ug== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pg13Y3ltJzFmQ; Mon, 20 Mar 2023 03:50:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32K3oXHt014090; Mon, 20 Mar 2023 03:50:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32K3oX6Y014089; Mon, 20 Mar 2023 03:50:33 GMT (envelope-from git) Date: Mon, 20 Mar 2023 03:50:33 GMT Message-Id: <202303200350.32K3oX6Y014089@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Romain=20Tarti=C3=A8re?= Subject: git: d8560936e35c - main - security/pam_rssh: New port List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: romain X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d8560936e35c4a0fa797431cbe6e234639df690b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by romain: URL: https://cgit.FreeBSD.org/ports/commit/?id=d8560936e35c4a0fa797431cbe6e234639df690b commit d8560936e35c4a0fa797431cbe6e234639df690b Author: Romain Tartière AuthorDate: 2023-03-20 03:33:19 +0000 Commit: Romain Tartière CommitDate: 2023-03-20 03:49:50 +0000 security/pam_rssh: New port This PAM module provides ssh-agent based authentication. The primary design goal is to avoid typing password when you sudo on remote servers. Instead, you can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill user verification. The process is done by forwarding the remote authentication request to client-side ssh-agent as a signature request. --- security/Makefile | 1 + security/pam_rssh/Makefile | 63 +++++++++++++++++++++++++++++++++++++ security/pam_rssh/distinfo | 77 +++++++++++++++++++++++++++++++++++++++++++++ security/pam_rssh/pkg-descr | 5 +++ 4 files changed, 146 insertions(+) diff --git a/security/Makefile b/security/Makefile index 1ade6a6c743e..344e84e11ff9 100644 --- a/security/Makefile +++ b/security/Makefile @@ -732,6 +732,7 @@ SUBDIR += pam_pkcs11 SUBDIR += pam_pwdfile SUBDIR += pam_require + SUBDIR += pam_rssh SUBDIR += pam_script SUBDIR += pam_search_list SUBDIR += pam_ssh_agent_auth diff --git a/security/pam_rssh/Makefile b/security/pam_rssh/Makefile new file mode 100644 index 000000000000..d30e5e22fa85 --- /dev/null +++ b/security/pam_rssh/Makefile @@ -0,0 +1,63 @@ +PORTNAME= pam_rssh +DISTVERSIONPREFIX=v +DISTVERSION= 1.0.0-rc1 +CATEGORIES= security + +MAINTAINER= romain@FreeBSD.org +COMMENT= Remote sudo authenticated via ssh-agent +WWW= https://github.com/z4yx/pam_rssh + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= cargo ssl +USE_GITHUB= yes + +GH_ACCOUNT= z4yx +GH_PROJECT= ssh-agent.rs:sshagent +GH_TAGNAME= 91894139966e01941f17386a84c6b35e6ea155b8:sshagent +GH_SUBDIR= dep/ssh-agent.rs:sshagent + +CARGO_CRATES= autocfg-1.1.0 \ + base64-0.13.1 \ + bitflags-1.3.2 \ + byteorder-1.4.3 \ + cc-1.0.78 \ + cfg-if-1.0.0 \ + error-chain-0.12.4 \ + foreign-types-0.3.2 \ + foreign-types-shared-0.1.1 \ + futures-0.1.31 \ + libc-0.2.139 \ + log-0.4.17 \ + multisock-1.0.0 \ + once_cell-1.17.0 \ + openssl-0.10.45 \ + openssl-macros-0.1.0 \ + openssl-sys-0.9.80 \ + pam-bindings-0.1.1 \ + pkg-config-0.3.26 \ + proc-macro2-1.0.49 \ + pwd-1.4.0 \ + quote-1.0.23 \ + serde-1.0.152 \ + serde_derive-1.0.152 \ + syn-1.0.107 \ + syslog-5.0.0 \ + thiserror-1.0.38 \ + thiserror-impl-1.0.38 \ + time-0.1.45 \ + unicode-ident-1.0.6 \ + vcpkg-0.2.15 \ + version_check-0.9.4 \ + wasi-0.10.0+wasi-snapshot-preview1 \ + winapi-0.3.9 \ + winapi-i686-pc-windows-gnu-0.4.0 \ + winapi-x86_64-pc-windows-gnu-0.4.0 + +PLIST_FILES= lib/pam_rssh.so + +do-install: + ${INSTALL_LIB} ${CARGO_TARGET_DIR}/${CARGO_BUILD_TARGET}/release/libpam_rssh.so ${STAGEDIR}${PREFIX}/lib/pam_rssh.so + +.include diff --git a/security/pam_rssh/distinfo b/security/pam_rssh/distinfo new file mode 100644 index 000000000000..5c7d64fbec2c --- /dev/null +++ b/security/pam_rssh/distinfo @@ -0,0 +1,77 @@ +TIMESTAMP = 1679275918 +SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa +SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 +SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8 +SIZE (rust/crates/base64-0.13.1.crate) = 61002 +SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a +SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 +SHA256 (rust/crates/byteorder-1.4.3.crate) = 14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610 +SIZE (rust/crates/byteorder-1.4.3.crate) = 22512 +SHA256 (rust/crates/cc-1.0.78.crate) = a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d +SIZE (rust/crates/cc-1.0.78.crate) = 61375 +SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd +SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/error-chain-0.12.4.crate) = 2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc +SIZE (rust/crates/error-chain-0.12.4.crate) = 29274 +SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1 +SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504 +SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b +SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672 +SHA256 (rust/crates/futures-0.1.31.crate) = 3a471a38ef8ed83cd6e40aa59c1ffe17db6855c18e3604d9c4ed8c08ebc28678 +SIZE (rust/crates/futures-0.1.31.crate) = 157731 +SHA256 (rust/crates/libc-0.2.139.crate) = 201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79 +SIZE (rust/crates/libc-0.2.139.crate) = 638983 +SHA256 (rust/crates/log-0.4.17.crate) = abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e +SIZE (rust/crates/log-0.4.17.crate) = 38028 +SHA256 (rust/crates/multisock-1.0.0.crate) = 09b00b95a51f8573ee359668dfbfed424212dd0fc74df2333816fddff856f342 +SIZE (rust/crates/multisock-1.0.0.crate) = 4643 +SHA256 (rust/crates/once_cell-1.17.0.crate) = 6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66 +SIZE (rust/crates/once_cell-1.17.0.crate) = 32736 +SHA256 (rust/crates/openssl-0.10.45.crate) = b102428fd03bc5edf97f62620f7298614c45cedf287c271e7ed450bbaf83f2e1 +SIZE (rust/crates/openssl-0.10.45.crate) = 234763 +SHA256 (rust/crates/openssl-macros-0.1.0.crate) = b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c +SIZE (rust/crates/openssl-macros-0.1.0.crate) = 5566 +SHA256 (rust/crates/openssl-sys-0.9.80.crate) = 23bbbf7854cd45b83958ebe919f0e8e516793727652e27fda10a8384cfc790b7 +SIZE (rust/crates/openssl-sys-0.9.80.crate) = 61687 +SHA256 (rust/crates/pam-bindings-0.1.1.crate) = 95c337e922acb6ab9c3ddd1016fed13957a5bf14f51b6caa293ddc8dd47660ca +SIZE (rust/crates/pam-bindings-0.1.1.crate) = 6829 +SHA256 (rust/crates/pkg-config-0.3.26.crate) = 6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160 +SIZE (rust/crates/pkg-config-0.3.26.crate) = 18662 +SHA256 (rust/crates/proc-macro2-1.0.49.crate) = 57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5 +SIZE (rust/crates/proc-macro2-1.0.49.crate) = 41977 +SHA256 (rust/crates/pwd-1.4.0.crate) = 72c71c0c79b9701efe4e1e4b563b2016dd4ee789eb99badcb09d61ac4b92e4a2 +SIZE (rust/crates/pwd-1.4.0.crate) = 4145 +SHA256 (rust/crates/quote-1.0.23.crate) = 8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b +SIZE (rust/crates/quote-1.0.23.crate) = 28058 +SHA256 (rust/crates/serde-1.0.152.crate) = bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb +SIZE (rust/crates/serde-1.0.152.crate) = 77091 +SHA256 (rust/crates/serde_derive-1.0.152.crate) = af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e +SIZE (rust/crates/serde_derive-1.0.152.crate) = 55586 +SHA256 (rust/crates/syn-1.0.107.crate) = 1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5 +SIZE (rust/crates/syn-1.0.107.crate) = 237539 +SHA256 (rust/crates/syslog-5.0.0.crate) = 9a5d8ef1b679c07976f3ee336a436453760c470f54b5e7237556728b8589515d +SIZE (rust/crates/syslog-5.0.0.crate) = 9014 +SHA256 (rust/crates/thiserror-1.0.38.crate) = 6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0 +SIZE (rust/crates/thiserror-1.0.38.crate) = 18947 +SHA256 (rust/crates/thiserror-impl-1.0.38.crate) = 1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f +SIZE (rust/crates/thiserror-impl-1.0.38.crate) = 15429 +SHA256 (rust/crates/time-0.1.45.crate) = 1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a +SIZE (rust/crates/time-0.1.45.crate) = 28911 +SHA256 (rust/crates/unicode-ident-1.0.6.crate) = 84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc +SIZE (rust/crates/unicode-ident-1.0.6.crate) = 42158 +SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426 +SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735 +SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f +SIZE (rust/crates/version_check-0.9.4.crate) = 14895 +SHA256 (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f +SIZE (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 26964 +SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 +SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 +SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 +SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 +SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f +SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 +SHA256 (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 8228ae7a2afccd141c1f2a19f942fb1cb3b5dc0032136553d289d781d4cb1500 +SIZE (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 12458 +SHA256 (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 3cdf7be1161d8afd499c5f43779eb188bb255c5981be268a300dfd229e218259 +SIZE (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 13221 diff --git a/security/pam_rssh/pkg-descr b/security/pam_rssh/pkg-descr new file mode 100644 index 000000000000..575165b652a5 --- /dev/null +++ b/security/pam_rssh/pkg-descr @@ -0,0 +1,5 @@ +This PAM module provides ssh-agent based authentication. The primary design +goal is to avoid typing password when you sudo on remote servers. Instead, you +can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill +user verification. The process is done by forwarding the remote authentication +request to client-side ssh-agent as a signature request.