Fix OpenLDAP v1 errors

Allow PAM aware pwcheck daemon Add JavaSASL PR: 34068 Submitted by: maintainer
author: David W. Chapman Jr. <dwcjr@FreeBSD.org> 2002-01-20 19:23:25 +0000
committer: David W. Chapman Jr. <dwcjr@FreeBSD.org> 2002-01-20 19:23:25 +0000
commit: cfa957e244f3eb0c36faceadb82dbd23c04e1011 (patch)
tree: 7dc1af8e27a7f0718be9dc48c263580ab199c935 /security/cyrus-sasl
parent: Limit attempt to build with 3DNow! support to i386 architecture. (diff)
10 files changed, 405 insertions, 48 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile
index 180849c46eec..74b05c44e5a0 100644
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	cyrus-sasl
 PORTVERSION=	1.5.27
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \
 		http://prdownloads.sourceforge.net/cyrus-utils/ \
@@ -69,7 +69,7 @@ SCRIPTS_ENV=	WRKDIRPREFIX="${WRKDIRPREFIX}" \
 		WITH_LDAP2="${WITH_LDAP2}"
 
 # JavaSASL needs someone to look at to get it to build
-JAVADIR=	jdk1.1.8
+JAVADIR=	jdk1.3.1
 JAVALIBDIR=	${PREFIX}/${JAVADIR}/lib/i386/green_threads/
 
 .if defined(KRB5_HOME) && exists(${KRB5_HOME})
@@ -112,18 +112,21 @@ pre-fetch:
 .include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc"
 .endif
 
+post-extract:
+	@${CP} ${FILESDIR}/pwcheck_pam.c ${WRKSRC}/pwcheck
+
 pre-patch:
 	@(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH} && \
 	${MV} configure.orig configure)
 
 # Fix sasldb name in pkg-install/deinstall scripts
 post-patch:
-	@${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
 		${.CURDIR}/pkg-install > ${PKGINSTALL}
-	@${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
+	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
 		${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL}
-	@${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \
-		-e "/%%PREFIX%%/s##${PREFIX}#g" \
+	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+		-e "s;%%PREFIX%%;${PREFIX};g" \
 		${.CURDIR}/pkg-message > ${PKGMESSAGE}
 .ifdef LDAP_MYSQL_MSG
 	@${ECHO} ${LDAP_MYSQL_MSG} | /usr/bin/fmt -w 67 >> ${PKGMESSAGE}
@@ -138,8 +141,8 @@ pre-install:
 	@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 
 post-install:
-	@${SED} -e "/%%PREFIX%%/s##${PREFIX}#g" ${FILESDIR}/pwcheck.sh \
-		> ${PREFIX}/etc/rc.d/pwcheck.sh
+	@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
+		${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
 	@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
 	${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
 .if !defined(NOPORTDOCS)
@@ -151,6 +154,7 @@ post-install:
 	for file in `make -V EXTRA_DIST` ; do \
 		${INSTALL_DATA} ${WRKSRC}/doc/$${file} ${DOCSDIR} ; \
 	done)
+	@${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR}
 	@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
 .endif
 	@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
diff --git a/security/cyrus-sasl/files/patch-ab b/security/cyrus-sasl/files/patch-ab
index ed6e854ca76d..009a8b4a9f82 100644
--- a/security/cyrus-sasl/files/patch-ab
+++ b/security/cyrus-sasl/files/patch-ab
@@ -1,5 +1,5 @@
---- configure.in.orig	Tue Nov 27 11:45:28 2001
-+++ configure.in	Tue Nov 27 12:49:28 2001
+--- configure.in.orig	Thu Jan 17 19:21:51 2002
++++ configure.in	Thu Jan 17 19:47:46 2002
 @@ -66,8 +66,9 @@
  dnl check for -R, etc. switch
  CMU_GUESS_RUNPATH_SWITCH
@@ -12,7 +12,16 @@
  
  AM_DISABLE_STATIC
  
-@@ -235,6 +236,13 @@
+@@ -122,8 +123,6 @@
+ 
+   AC_SUBST(JAVA_INCLUDES)
+   AC_MSG_RESULT(JAVA_INCLUDES)
+-  JAVAC=`echo "$JAVAC" | sed 's,.*/,,'`
+-  JAVAH=`echo "$JAVAH" | sed 's,.*/,,'`
+ fi
+ 
+ AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes)
+@@ -235,6 +234,13 @@
    berkeley)
      SASL_DB_BACKEND="db_${dblib}.lo"
      AC_DEFINE(SASL_BERKELEYDB)
diff --git a/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am b/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am
new file mode 100644
index 000000000000..bf5be6aef933
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-java::CyrusSasl::Makefile.am
@@ -0,0 +1,11 @@
+--- java/CyrusSasl/Makefile.am.orig	Tue Nov 21 23:55:17 2000
++++ java/CyrusSasl/Makefile.am	Thu Jan 17 21:58:10 2002
+@@ -25,7 +25,7 @@
+ 
+ javasasl_version = 1:0:0
+ 
+-javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl
++javasasldir = $(prefix)/share/java/classes/sasl/CyrusSasl
+ javahtmldir = $(prefix)/html/sasl
+ 
+ INCLUDES=$(JAVA_INCLUDES) -I$(top_srcdir)/include
diff --git a/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am b/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am
new file mode 100644
index 000000000000..d4f02627d7a8
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-java::javax::security::auth::callback::Makefile.am
@@ -0,0 +1,11 @@
+--- java/javax/security/auth/callback/Makefile.am.orig	Sat Nov  4 16:55:44 2000
++++ java/javax/security/auth/callback/Makefile.am	Thu Jan 17 22:05:23 2002
+@@ -39,7 +39,7 @@
+ #
+ ################################################################
+ 
+-javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback
++javasasldir = $(prefix)/share/java/classes/sasl/javax/security/auth/callback
+ javahtmldir = $(prefix)/html/sasl
+ 
+ javasasl_JAVA = PasswordCallback.java \
diff --git a/security/cyrus-sasl/files/patch-lib::checkpw.c b/security/cyrus-sasl/files/patch-lib::checkpw.c
new file mode 100644
index 000000000000..a7632c8a4ff6
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-lib::checkpw.c
@@ -0,0 +1,101 @@
+--- lib/checkpw.c.orig	Fri Jan 18 21:56:29 2002
++++ lib/checkpw.c	Fri Jan 18 22:14:58 2002
+@@ -1491,6 +1491,9 @@
+ # define FALSE         0
+ #endif
+ 
++#ifndef LDAP_NO_ATTRS
++#define LDAP_NO_ATTRS	"1.1"
++#endif
+ static int ldap_isdigits(char *value)
+ {
+   char *ptr;
+@@ -1504,6 +1507,16 @@
+   return num;
+ }
+ 
++#ifdef LDAP_VENDOR_VERSION
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++	ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
++#define SASL_ldap_memfree(dn) ldap_memfree(dn)
++#else
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++	 ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
++#define SASL_ldap_memfree(dn) free(dn)
++#endif
++
+ static int ldap_verify_password(sasl_conn_t *conn,
+ 				const char *userid,
+ 				const char *password,
+@@ -1522,18 +1535,18 @@
+     *ldap_filter="",
+     *ldap_bind_dn="",
+     *ldap_bind_pw="",
+-    *ldap_ssl="",
+     *ldap_filter_mode="",
+     *port_num="";
+   int malloc_size; /* safety net */
+   int ldap_filter_flag = 0;
+-  int ldap_ssl_flag = 0;
+   int ldap_port = LDAP_PORT;
+   sasl_getopt_t *getopt;
+   void *context;
+   LDAPMessage	*result, *e;
+   char *attrs[]={LDAP_NO_ATTRS, NULL};
+ #ifdef LDAP_OPT_X_TLS
++  char *ldap_ssl="";
++  int ldap_ssl_flag = 0;
+   int tls_option;
+ #endif
+   
+@@ -1625,9 +1638,11 @@
+     return SASL_FAIL;
+   }
+   /* set ssl mode if needed */
++#ifdef LDAP_OPT_X_TLS
+   if ( ldap_ssl_flag ) {
+     ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);  
+   }
++#endif
+   
+   /* either run the filter or just bind as them ? */
+   
+@@ -1657,7 +1672,7 @@
+     snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
+     
+     /* Now do the search */
+-    if (ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
++    if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+                           attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
+ 	LDAP_SUCCESS) {
+       free(filter);
+@@ -1680,17 +1695,17 @@
+       ldap_unbind(ld);
+       return SASL_BADAUTH;
+     }
+-    if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+       e = NULL;
+       free(filter);
+-      ldap_memfree(dn);
++      SASL_ldap_memfree(dn);
+       ldap_msgfree(result);
+       ldap_unbind(ld);
+       return SASL_BADAUTH;
+     }
+     e = NULL;
+     free(filter);
+-    ldap_memfree(dn);
++    SASL_ldap_memfree(dn);
+     ldap_msgfree(result);
+     
+   } else {
+@@ -1710,7 +1725,7 @@
+    * If this is not so I have a version or that too
+    * Simon@surf.org.uk
+    */
+-    if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+       free(dn);
+       ldap_unbind(ld);
+       return SASL_BADAUTH;
diff --git a/security/cyrus-sasl/files/patch-pwcheck::Makefile.am b/security/cyrus-sasl/files/patch-pwcheck::Makefile.am
new file mode 100644
index 000000000000..c9e94adefa82
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-pwcheck::Makefile.am
@@ -0,0 +1,17 @@
+--- pwcheck/Makefile.am.orig	Wed Mar 22 11:06:43 2000
++++ pwcheck/Makefile.am	Thu Jan 17 19:09:06 2002
+@@ -22,9 +22,13 @@
+ # SOFTWARE.
+ #
+ 
+-sbin_PROGRAMS = pwcheck
++sbin_PROGRAMS = pwcheck pwcheck_pam
+ 
+ pwcheck_SOURCES = pwcheck.c
+ EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c
+ pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo
+ pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@
++
++pwcheck_pam_SOURCES = pwcheck.c
++pwcheck_pam_DEPENDECIES = pwcheck_pam.lo
++pwcheck_pam_LDADD = pwcheck_pam.lo @LIB_CRYPT@ @LIB_SOCKET@ @LIB_PAM@
diff --git a/security/cyrus-sasl/files/pwcheck.sh b/security/cyrus-sasl/files/pwcheck.sh
index ba07b9fc580a..3f4c903817a2 100644
--- a/security/cyrus-sasl/files/pwcheck.sh
+++ b/security/cyrus-sasl/files/pwcheck.sh
@@ -3,29 +3,64 @@
 # $FreeBSD$
 #
 
+action=$1
+
 PREFIX=%%PREFIX%%
 
-case "$1" in
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+        if [ -r /etc/defaults/rc.conf ]; then
+                . /etc/defaults/rc.conf
+                source_rc_confs
+        elif [ -r /etc/rc.conf ]; then
+                . /etc/rc.conf
+        fi
+fi
 
-start)
-	if [ -x ${PREFIX}/sbin/pwcheck ]
-	then
-		${PREFIX}/sbin/pwcheck & && echo -n " pwcheck"
-	fi
-	;;
+# The following sasl_pwcheck_* variables may be defined in rc.conf
+#
+# 	sasl_pwcheck_enable  -	Set to YES to enable pwcheck
+#				Default: %%ENABLEPWCHECK%%
+#
+#	sasl_pwcheck_program -	Path to pwcheck program (pwcheck/pwcheck_pam)
+#				Default: ${PREFIX}/sbin/%%PWCHECK%%
 
-stop)
-	if [ -r /var/run/pwcheck.pid ]
-	then
-		kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
-		rm /var/run/pwcheck.pid
-	fi
-	;;
+if [ -z "${sasl_pwcheck_enable}" ] ; then
+	sasl_pwcheck_enable=%%ENABLEPWCHECK%%
+fi
 
-*)
-	echo "usage: $0 {start|stop}" 1>&2
-	exit 64
-	;;
+if [ -z "${sasl_pwcheck_program}" ]; then
+	sasl_pwcheck_program=${PREFIX}/sbin/%%PWCHECK%%
+fi
 
+rc=0
+
+case "${sasl_pwcheck_enable}" in
+    [Yy][Ee][Ss])
+	case "${action}" in
+
+	    start)
+		if [ -x ${sasl_pwcheck_program} ] ; then
+		    ${sasl_pwcheck_program} & && echo -n " pwcheck"
+		fi
+		;;
+
+	    stop)
+		if [ -r /var/run/pwcheck.pid ]; then
+		    kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
+		    rm /var/run/pwcheck.pid
+		fi
+		;;
+
+	    *)
+		echo "usage: $0 {start|stop}" 1>&2
+		rc=64
+		;;
+	esac
+	;;
+    *)
+	rc=0
+	;;
 esac
 
+exit $rc
diff --git a/security/cyrus-sasl/files/pwcheck_pam.c b/security/cyrus-sasl/files/pwcheck_pam.c
new file mode 100644
index 000000000000..57e1076ca92a
--- /dev/null
+++ b/security/cyrus-sasl/files/pwcheck_pam.c
@@ -0,0 +1,101 @@
+
+#include <security/pam_appl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Static variables used to communicate between the conversation function
+ * and the server_login function
+ */
+static char *PAM_username;
+static char *PAM_password;
+
+/* PAM conversation function
+ */
+static int PAM_conv (int num_msg,
+                     const struct pam_message **msg,
+                     struct pam_response **resp,
+                     void *appdata_ptr) {
+  int replies = 0;
+  struct pam_response *reply = NULL;
+
+  #define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+  reply = malloc(sizeof(struct pam_response) * num_msg);
+  if (!reply) return PAM_CONV_ERR;
+
+  for (replies = 0; replies < num_msg; replies++) {
+    switch (msg[replies]->msg_style) {
+      case PAM_PROMPT_ECHO_ON:
+        reply[replies].resp_retcode = PAM_SUCCESS;
+        reply[replies].resp = COPY_STRING(PAM_username);
+          /* PAM frees resp */
+        break;
+      case PAM_PROMPT_ECHO_OFF:
+        reply[replies].resp_retcode = PAM_SUCCESS;
+        reply[replies].resp = COPY_STRING(PAM_password);
+          /* PAM frees resp */
+        break;
+      case PAM_TEXT_INFO:
+        /* fall through */
+      case PAM_ERROR_MSG:
+        /* ignore it, but pam still wants a NULL response... */
+        reply[replies].resp_retcode = PAM_SUCCESS;
+        reply[replies].resp = NULL;
+        break;
+      default:
+        /* Must be an error of some sort... */
+        free (reply);
+        return PAM_CONV_ERR;
+    }
+  }
+  *resp = reply;
+  return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+    PAM_conv,
+    NULL
+};
+
+/* Server log in
+ * Accepts: user name string
+ *          password string
+ * Returns: "OK" if password validated, error message otherwise
+ */ 
+ 
+char *pwcheck(char *username, char *password)
+{
+  pam_handle_t *pamh;
+  int pam_error;
+
+  /* PAM only handles authentication, not user information. */
+  if ( !(username && password && strlen(username) && strlen(password)) )
+      return "Incorrect username";
+
+  /* validate password */
+
+  PAM_password = password;
+  PAM_username = username;
+  fprintf(stderr, "checking %s\n", username);
+  pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh);
+  if (pam_error == PAM_SUCCESS) 
+    pam_error = pam_authenticate(pamh, 0);
+    
+  if (pam_error == PAM_SUCCESS) 
+    pam_error = pam_acct_mgmt(pamh, 0);
+
+  if ( pam_error == PAM_SUCCESS) 
+    fprintf(stderr, "\tauthenticated %s\n", username);
+  else
+    fprintf(stderr, "\tfailed to authenticate %s\n", username);
+  
+  if(pam_end(pamh, pam_error) != PAM_SUCCESS) {
+    pamh = NULL;
+    fprintf(stderr, "pwcheck: failed to release authenticator\n");
+    exit(1);
+  }
+  return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" );
+}
+
+
diff --git a/security/cyrus-sasl/pkg-plist b/security/cyrus-sasl/pkg-plist
index 4f08d1e0edb0..7e772335df14 100644
--- a/security/cyrus-sasl/pkg-plist
+++ b/security/cyrus-sasl/pkg-plist
@@ -7,6 +7,9 @@ include/sasl/sasl.h
 include/sasl/saslplug.h
 include/sasl/saslutil.h
 @dirrm include/sasl
+%%JAVASASL%%lib/libjavasasl.a
+%%JAVASASL%%lib/libjavasasl.so
+%%JAVASASL%%lib/libjavasasl.so.1
 lib/libsasl.a
 lib/libsasl.so
 lib/libsasl.so.8
@@ -34,6 +37,27 @@ lib/sasl/libplain.so.1
 sbin/sasldblistusers
 sbin/saslpasswd
 sbin/pwcheck
+sbin/pwcheck_pam
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/Sasl.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClient.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslClientFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslException.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslInputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslOutputStream.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServer.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/SaslUtils.class
+%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ServerFactory.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/Callback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/CallbackHandler.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/NameCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/PasswordCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/RealmCallback.class
+%%JAVASASL%%share/java/classes/sasl/javax/security/auth/callback/UnsupportedCallbackException.class
 %%PORTDOCS%%%%DOCSDIR%%/AUTHORS
 %%PORTDOCS%%%%DOCSDIR%%/COPYING
 %%PORTDOCS%%%%DOCSDIR%%/ChangeLog
@@ -43,6 +67,7 @@ sbin/pwcheck
 %%PORTDOCS%%%%DOCSDIR%%/Sendmail.README
 %%PORTDOCS%%%%DOCSDIR%%/TODO
 %%PORTDOCS%%%%DOCSDIR%%/draft-newman-auth-scram-03.txt
+%%PORTDOCS%%%%DOCSDIR%%/draft-weltman-java-sasl-02.txt
 %%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt
 %%PORTDOCS%%%%DOCSDIR%%/rfc2095.txt
 %%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt
@@ -54,6 +79,14 @@ sbin/pwcheck
 %%PORTDOCS%%%%DOCSDIR%%/programming.html
 %%PORTDOCS%%%%DOCSDIR%%/sysadmin.html
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth/callback
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security/auth
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax/security
+%%JAVASASL%%@dirrm share/java/classes/sasl/javax
+%%JAVASASL%%@dirrm share/java/classes/sasl/CyrusSasl
+%%JAVASASL%%@dirrm share/java/classes/sasl
+%%JAVASASL%%@unexec rmdir %D/share/java/classes || true
+%%JAVASASL%%@unexec rmdir %D/share/java || true
 @dirrm lib/sasl
 @cwd /var
 @exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
diff --git a/security/cyrus-sasl/scripts/configure.sasl b/security/cyrus-sasl/scripts/configure.sasl
index b4db08de7d59..65a36ef5c876 100644
--- a/security/cyrus-sasl/scripts/configure.sasl
+++ b/security/cyrus-sasl/scripts/configure.sasl
@@ -25,6 +25,7 @@ if [ "${BATCH}" ]; then
 		OPTIONS="${OPTIONS} \"OpenLDAP1\""
 	fi
 	if [ "${OPTIONS}" != "x" ]; then
+		OPTIONS="${OPTIONS} \"PWCHECK\""
 		set ${OPTIONS}
 	fi
 else
@@ -58,11 +59,14 @@ else
 	/usr/bin/dialog --title "Additional SASL options" --clear \
 		--checklist "\n\
 Please select desired options:" -1 -1 16 \
-NDBM		"ndbm DB package" ${SET_NDBM} \
-DB3		"Berkeley DB package, revision 3" ${SET_DB3} \
+NDBM		"ndbm DB" ${SET_NDBM} \
+DB3		"Berkeley DB, revision 3" ${SET_DB3} \
+JAVA		"JavaSASL [Experimental]" ${SET_JAVA} \
 MySQL		"MySQL password Authentication" ${SET_MYSQL} \
-OpenLDAP1	"OpenLDAP 1.x support" ${SET_LDAP1} \
-OpenLDAP2	"OpenLDAP 2.x support" ${SET_LDAP2} \
+OpenLDAP1	"OpenLDAP 1.x password Authentication" ${SET_LDAP1} \
+OpenLDAP2	"OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \
+PWCHECK		"Use pwcheck for password Authentication" ON \
+PAMPWCHECK      "Use pwcheck_pam for password Authentication" OFF \
 2> $tempfile
 
 	retval=$?
@@ -75,6 +79,8 @@ OpenLDAP2	"OpenLDAP 2.x support" ${SET_LDAP2} \
 	case $retval in
 		0)	if [ -z "$*" ]; then
 				echo "Nothing selected"
+				OPTIONS="\"NDBM\""
+				set ${OPTIONS}
 			fi
 			;;
 		1)	echo "Cancel pressed."
@@ -112,15 +118,16 @@ while [ "$1" ]; do
 			DBLIB=1
 			;;
 		\"JAVA\")
-			echo "JAVA is disabled, Ignoring option" > /dev/stderr
-			;;
-		\"DISABLED\")
-			echo "RUN_DEPENDS=	\${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk"
-			echo "CONFIGURE_ARGS+=	--with-java \\"
-			echo "			--with-javabase=\${LOCALBASE}/include"
+			echo "BUILD_DEPENDS+=	\${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+			echo "RUN_DEPENDS+=	\${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk13"
+			echo "USE_GMAKE=	yes"
+			echo "CONFIGURE_ARGS+=	--enable-java \\"
+			echo "			--with-javabase=\${LOCALBASE}/\${JAVADIR}"
 			echo "CONFIGURE_ENV+=	JAVAC=\"\${LOCALBASE}/\${JAVADIR}/bin/javac\" \\"
-			echo "			JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah" \\"
-			echo "			JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\"
+			echo "		JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah\" \\"
+			echo "		JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\""
+			echo "PLIST_SUB+=	JAVASASL=\"\""
+			DEFJAVA=1
 			;;
 		\"MySQL\")
 			echo "LIB_DEPENDS+=	mysqlclient.10:\${PORTSDIR}/databases/mysql323-client"
@@ -128,7 +135,7 @@ while [ "$1" ]; do
 			MSG=1
 			;;
 		\"OpenLDAP1\")
-			if [ "$OPENLDAP2" ]; then
+			if [ "$OPENLDAP" ]; then
 				echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
 				rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
 				exit 1
@@ -136,11 +143,10 @@ while [ "$1" ]; do
 			echo "LIB_DEPENDS+=	ldap.1:\${PORTSDIR}/net/openldap"
 			echo "LIB_DEPENDS+=	lber.1:\${PORTSDIR}/net/openldap"
 			echo "CONFIGURE_ARGS+=	--with-ldap=\${PREFIX}"
-			OPENLDAP1=1
-			MSG=1
+			OPENLDAP=1
 			;;
 		\"OpenLDAP2\")
-			if [ "$OPENLDAP1" ]; then
+			if [ "$OPENLDAP" ]; then
 				echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr
 				rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
 				exit 1
@@ -148,8 +154,23 @@ while [ "$1" ]; do
 			echo "LIB_DEPENDS+=	ldap.2:\${PORTSDIR}/net/openldap2"
 			echo "LIB_DEPENDS+=	lber.2:\${PORTSDIR}/net/openldap2"
 			echo "CONFIGURE_ARGS+=	--with-ldap=\${PREFIX}"
-			OPENLDAP2=1
-			MSG=1
+			OPENLDAP=1
+			;;
+		\"PWCHECK\")
+			if [ "$PWCHECK" ]; then
+				echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PAMPWCHECK" > /dev/stderr
+			else
+				echo "PWCHECK_SUB+=	-e \"s;%%PWCHECK%%;pwcheck;g\""
+				PWCHECK=1
+			fi
+			;;
+		\"PAMPWCHECK\")
+			if [ "$PWCHECK" ]; then
+				echo "PWCHECK or PAMPWCHECK must be choosen seperately: Defaulting to PWCHECK" > /dev/stderr
+			else
+				echo "PWCHECK_SUB+=	-e \"s;%%PWCHECK%%;pwcheck_pam;g\""
+				PWCHECK=1
+			fi
 			;;
 		*)
 			echo "Invalid option(s): $*" > /dev/stderr
@@ -160,6 +181,20 @@ while [ "$1" ]; do
 	shift
 done
 
-if [ "x${MSG}" != "x" ]; then
+if [ "$PWCHECK" ]; then
+	echo "PWCHECK_SUB+=	-e \"s;%%ENABLEPWCHECK%%;yes;g\""
+else
+	echo "PWCHECK_SUB+=	-e \"s;%%PWCHECK%%;pwcheck;g\" \\"
+	echo "			-e \"s;%%ENABLEPWCHECK%%;no;g\""
+fi
+if [ ! "${DEFJAVA}" ]; then
+	echo "PLIST_SUB+=	JAVASASL=\"@comment \""
+fi
+if [ ! "${DBLIB}" ]; then
+	echo "CONFIGURE_ARGS+=	--with-dblib=ndbm"
+	echo "SASLDB_NAME=	sasldb.db"
+fi
+
+if [ "$OPENLDAP" ]; then
 	echo "LDAP_MYSQL_MSG=	\"See sysadmin.html in the Cyrus-SASL docs directory for informaion on using LDAP or MySQL for authentication.\""
 fi
author	David W. Chapman Jr. <dwcjr@FreeBSD.org>	2002-01-20 19:23:25 +0000
committer	David W. Chapman Jr. <dwcjr@FreeBSD.org>	2002-01-20 19:23:25 +0000
commit	cfa957e244f3eb0c36faceadb82dbd23c04e1011 (patch)
tree	7dc1af8e27a7f0718be9dc48c263580ab199c935 /security/cyrus-sasl
parent	Limit attempt to build with 3DNow! support to i386 architecture. (diff)