ports/52123: pf4freebsd authpf authentification shell for pf gateways
Max Laier
max at love2party.net
Mon May 12 15:30:19 UTC 2003
>Number: 52123
>Category: ports
>Synopsis: pf4freebsd authpf authentification shell for pf gateways
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon May 12 08:30:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Max Laier
>Release: FreeBSD 5.0-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.0-RELEASE-p7 FreeBSD 5.0-RELEASE-p7 #0: Mon Apr 14 13:13:41 CEST 2003 root at router.laiers.local:/usr/src/sys/i386/compile/MAX_SMP i386
>Description:
authpf ported from OpenBSD 3.3 supports pf as a
authentification shell
>How-To-Repeat:
>Fix:
--- authpf_port.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# authpf
# authpf/files
# authpf/files/patch-aa
# authpf/files/pathnames.h.sed
# authpf/Makefile
# authpf/distinfo
# authpf/pkg-descr
# authpf/pkg-install
# authpf/pkg-message
# authpf/pkg-plist
#
echo c - authpf
mkdir -p authpf > /dev/null 2>&1
echo c - authpf/files
mkdir -p authpf/files > /dev/null 2>&1
echo x - authpf/files/patch-aa
sed 's/^X//' >authpf/files/patch-aa << 'END-of-authpf/files/patch-aa'
X*** ./authpf/Makefile Thu Apr 17 04:17:07 2003
X--- ./authpf/Makefile Fri May 9 17:07:32 2003
X***************
X*** 3,15 ****
X PROG= authpf
X MAN= authpf.8
X BINOWN= root
X! BINGRP= wheel
X BINMODE= 6555
X! .if defined(PREFIX) && !empty(PREFIX)
X! BINDIR= ${PREFIX}/libexec
X! .else
X! BINDIR= /usr/libexec
X! .endif
X SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
X SRCS+= pfctl_radix.c
X #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
X--- 3,11 ----
X PROG= authpf
X MAN= authpf.8
X BINOWN= root
X! BINGRP= authpf
X BINMODE= 6555
X! BINDIR= ${PREFIX}/sbin
X SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
X SRCS+= pfctl_radix.c
X #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
END-of-authpf/files/patch-aa
echo x - authpf/files/pathnames.h.sed
sed 's/^X//' >authpf/files/pathnames.h.sed << 'END-of-authpf/files/pathnames.h.sed'
X/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */
X
X/*
X * Copyright (C) 2002 Chris Kuethe (ckuethe at ualberta.ca)
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X * notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X * notice, this list of conditions and the following disclaimer in the
X * documentation and/or other materials provided with the distribution.
X * 3. Neither the name of the author nor the names of contributors
X * may be used to endorse or promote products derived from this software
X * without specific prior written permission.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X */
X
X#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf"
X#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow"
X#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules"
X#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem"
X#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message"
X#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users"
X#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned"
X#define PATH_DEVFILE "/dev/pf"
X#define PATH_PIDFILE "/var/authpf"
X#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf"
END-of-authpf/files/pathnames.h.sed
echo x - authpf/Makefile
sed 's/^X//' >authpf/Makefile << 'END-of-authpf/Makefile'
X# New ports collection makefile for: authpf
X# Date created: 09 May 2003
X# Whom: Max Laier <max at love2party.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= authpf
XPORTVERSION= 1.0
XCATEGORIES= security ipv6
XMASTER_SITES= http://pf4freebsd.love2party.net/
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XPKGNAMESUFFIX= -altq
X.endif
XDISTNAME= ${PORTNAME}_${PORTVERSION}
XDISTFILES= pf_freebsd_${PORTVERSION}${EXTRACT_SUFX}
X
XMAINTAINER= max at love2party.net
XCOMMENT= Authentification shell for pf gateways
X
XWRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION}
X
XRUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PF_PORT}
X
XPF_PORT= ${PORTSDIR}/security/pf
X
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
XIS_INTERACTIVE= yes
X.endif
X
XMAN8= authpf.8
X
XMANCOMPRESSED= maybe
X
XMAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes
X
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XSYS_ALTQ?= /usr/src/sys.altq
XMAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
XPLIST_SUB+= WITH_ALTQ=""
X.else
XPLIST_SUB+= WITH_ALTQ="@comment "
X.endif
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 500000
XBROKEN= "Sorry only for 5.0 and above"
X.endif
X
XSRC_BASE?= /usr/src
X.if !exists(${SRC_BASE}/sys/Makefile) && \
X (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
XBROKEN= "Kernel source files required"
X.endif
X
X.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
Xpre-fetch:
X @${ECHO_CMD} "======================================================="
X @${ECHO_CMD} "* If you have ALTQ support from: *"
X @${ECHO_CMD} "* http://www.rofug.ro/projects/freebsd-altq/ *"
X @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *"
X @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *"
X @${ECHO_CMD} "* *"
X @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
X @${ECHO_CMD} "* *"
X @${ECHO_CMD} "======================================================="
X @sleep 2
X.endif
X
Xpost-patch:
X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \
X ${WRKSRC}/authpf/pathnames.h
X
Xpre-install:
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
X @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
X.endif
X
Xpost-install:
X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' pkg-message
X ${MKDIR} ${PREFIX}/etc/authpf
X ${MKDIR} ${PREFIX}/etc/authpf/users
X ${MKDIR} ${PREFIX}/etc/authpf/banned
X
X.include <bsd.port.post.mk>
END-of-authpf/Makefile
echo x - authpf/distinfo
sed 's/^X//' >authpf/distinfo << 'END-of-authpf/distinfo'
XMD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e
END-of-authpf/distinfo
echo x - authpf/pkg-descr
sed 's/^X//' >authpf/pkg-descr << 'END-of-authpf/pkg-descr'
XThis is an authentification shell that can change pf filterrules according
Xto the authentificated user. You will need a working installation of pf
Xand sshd as interconnect. For more information see http://www.OpenBSD.org/
X
XWWW: http://pf4freebsd.love2party.net/
X
X-Max <reports at pf4freebsd.love2party.net>
END-of-authpf/pkg-descr
echo x - authpf/pkg-install
sed 's/^X//' >authpf/pkg-install << 'END-of-authpf/pkg-install'
X#!/bin/sh
X# an installation script for pf_freebsd copied from Wnn6
X
Xcheck_pw()
X{
X if which -s pw; then
X :
X else
X cat <<EOF
X
XThis system looks like a pre-2.2 version of FreeBSD. We see that it
Xis missing the "pw" utility. We need this utility. Please get and
Xinstall it, and try again. You can get the source from:
X
X ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
X
XEOF
X exit 1
X fi
X}
X
Xask() {
X local question default answer
X
X question=$1
X default=$2
X if [ -z "${PACKAGE_BUILDING}" ]; then
X read -p "${question} (y/n) [${default}]? " answer
X fi
X if [ x${answer} = x ]; then
X answer=${default}
X fi
X echo ${answer}
X}
X
Xyesno() {
X local dflt question answer
X
X question=$1
X dflt=$2
X while :; do
X answer=$(ask "${question}" "${dflt}")
X case "${answer}" in
X [Yy]*) return 0;;
X [Nn]*) return 1;;
X esac
X echo "Please answer yes or no."
X done
X}
X
Xcheck_group() {
X local name id
X
X name=$1
X id=$2
X #check
X # We need a command 'pw(8)'
X check_pw
X if pw groupshow $name -q ; then
X return 0
X fi
X if pw groupadd -g $id -n $name -N -q ; then
X echo ""
X echo "You need a group '$name' whose ID number is $id"
X if yesno "Would you like to create it automatically?" y; then
X pw groupadd -g $id -n $name
X return 0
X fi
X fi
X echo ""
X echo "I was not able to add group 'proxy:*:71:' as pw reported:"
X pw groupadd -g $id -n $name -N
X echo "Please correct this and try again!"
X echo ""
X return 1
X}
X
Xcase $2 in
XPRE-INSTALL)
X
X if ! check_group authpf 72 ; then
X exit 1
X fi
X ;;
Xesac
END-of-authpf/pkg-install
echo x - authpf/pkg-message
sed 's/^X//' >authpf/pkg-message << 'END-of-authpf/pkg-message'
X===========================================================================
XPlease note that authpf requires suid bit! Take a look at the man page NOW
Xauthpf(8) and create the following files according to your needs:
X
X %%PREFIX%%/etc/authpf/authpf.conf
X %%PREFIX%%/etc/authpf/authpf.allow
X %%PREFIX%%/etc/authpf/authpf.rules
X %%PREFIX%%/etc/authpf/authpf.message
X %%PREFIX%%/etc/authpf/authpf.problem
X
X===========================================================================
END-of-authpf/pkg-message
echo x - authpf/pkg-plist
sed 's/^X//' >authpf/pkg-plist << 'END-of-authpf/pkg-plist'
X at group authpf
X at owner root
X at mode 6555
Xsbin/authpf
X at group
X at owner
X at mode
X
X at dirrm etc/authpf/users
X at dirrm etc/authpf/banned
X at dirrm etc/authpf
X
END-of-authpf/pkg-plist
exit
--- authpf_port.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list