[Bug 257906] security/sudo: add openssl support

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 17 Aug 2021 06:19:52 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257906

            Bug ID: 257906
           Summary: security/sudo: add openssl support
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: garga_at_FreeBSD.org
          Reporter: peter_at_czanik.hu
          Assignee: garga_at_FreeBSD.org
             Flags: maintainer-feedback?(garga_at_FreeBSD.org)

I'm writing technical blogs about sudo, and while doing so, I discovered that
openssl support is not enabled in the security/sudo port and it's not even
available as an option. When it is enabled, one can encrypt the connection
between sudo and sudo_logsrvd.

The simple patch below adds optional openssl support. I think, it should be
enabled by default, but for now I kept it optional. 

root_at_fb130:~ # diff -u /usr/ports/security/sudo/Makefile  sudo/Makefile
--- /usr/ports/security/sudo/Makefile 2021-08-13 15:10:44.000000000 +0200
+++ sudo/Makefile 2021-08-11 11:20:21.962615000 +0200
_at__at_ -28,7 +28,7 _at__at_
  --with-rundir=/var/run/sudo

 OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \
- AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES
+ AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES SSL
 OPTIONS_RADIO= KERBEROS
 OPTIONS_DEFAULT= AUDIT PAM
 OPTIONS_SUB= yes
_at__at_ -42,6 +42,7 _at__at_
 OPIE_DESC= Enable one-time passwords (no PAM support)
 PYTHON_DESC= Enable python plugin support
 SSSD_DESC= Enable SSSD backend support.
+SSL_DESC= Allow encryption between sudo and sudo_logsrvd

 PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
 PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
_at__at_ -93,6 +94,9 _at__at_
 .if defined(SUDO_KERB5_INSTANCE)
 CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
 .endif
+
+SSL_USES= ssl
+SSL_CONFIGURE_ON= --enable-openssl

 .include <bsd.port.options.mk>

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Tue Aug 17 2021 - 06:19:52 UTC

Original text of this message