diff options
Diffstat (limited to 'security')
28 files changed, 332 insertions, 1264 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile index 1eab6560b7fd..180849c46eec 100644 --- a/security/cyrus-sasl/Makefile +++ b/security/cyrus-sasl/Makefile @@ -6,15 +6,24 @@ # PORTNAME= cyrus-sasl -PORTVERSION= 1.5.24 -PORTREVISION= 8 -CATEGORIES= security -MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR% \ +PORTVERSION= 1.5.27 +PORTREVISION= 0 +CATEGORIES= security ipv6 +MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \ + http://prdownloads.sourceforge.net/cyrus-utils/ \ + http://www.surf.org.uk/downloads/ \ + ftp://ftp.westbend.net/pub/cyrus-mail/%SUBDIR%/ \ + ${MASTER_SITE_SOURCEFORGE} \ ftp://ftp.hanse.de/sites/transit/mirror/ftp.andrew.cmu.edu/pub/cyrus-mail/ -MASTER_SITE_SUBDIR= ./ OLD-VERSIONS/sasl/ +MASTER_SITE_SUBDIR= . OLD-VERSIONS/sasl cyrus-utils -PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= ${DISTNAME}-ipv6-20010321.diff.gz +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ + sasl-${PORTVERSION}-ldap-ssl-filter-mysql-patch3.tgz + +PATCH_SITES= ftp://ftp.westbend.net/pub/cyrus-mail/contrib/ \ + http://www.imasy.or.jp/~ume/ipv6/ +PATCHFILES= sasl_apop_patch.gz \ + ${DISTNAME}-ipv6-${IPV6_VER}.diff.gz MAINTAINER= hetzels@westbend.net @@ -22,6 +31,9 @@ USE_OPENSSL= YES INSTALLS_SHLIB= yes +# IPv6 Patch provided by Hajimu UMEMOTO <ume@mahoroba.org> +IPV6_VER= 20020106 + MAN3= sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \ sasl_client_init.3 sasl_client_new.3 sasl_client_start.3 \ sasl_client_step.3 sasl_decode.3 sasl_done.3 sasl_encode.3 \ @@ -43,32 +55,22 @@ CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --enable-static \ --enable-login \ --with-pwcheck=/var/pwcheck \ - --with-dblib=ndbm \ --with-rc4=openssl SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \ PREFIX="${PREFIX}" \ TOUCH="${TOUCH}" \ MKDIR="${MKDIR}" \ - ENABLE_DB3="${ENABLE_DB3}" \ - ENABLE_MYSQL="${ENABLE_MYSQL}" \ - ENABLE_LDAP="${ENABLE_LDAP}" - -# ENABLE_* variables can be used by depending ports to enable options. + REALCURDIR="${.CURDIR}" \ + WITH_DB3="${WITH_DB3}" \ + WITH_JAVA="${WITH_JAVA}" \ + WITH_MYSQL="${WITH_MYSQL}" \ + WITH_LDAP1="${WITH_LDAP1}" \ + WITH_LDAP2="${WITH_LDAP2}" # JavaSASL needs someone to look at to get it to build -#JAVADIR= jdk1.1.8 -#JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ - -#.if defined(USE_JAVA) || exists(${LOCALBASE}/${JAVADIR}/bin/java) -#BUILD_DEPENDS= ${LOCALBASE}/${JAVADIR}/bin/java:${PORTSDIR}/java/jdk -#CONFIGURE_ARGS+= --with-java \ -# --with-javabase=${LOCALBASE}/include -# -#CONFIGURE_ENV= JAVAC="${LOCALBASE}/${JAVADIR}/bin/javac" \ -# JAVAH="${LOCALBASE}/${JAVADIR}/bin/javah" \ -# JAVADOC="${LOCALBASE}/${JAVADIR}/bin/javadoc" -#.endif +JAVADIR= jdk1.1.8 +JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ .if defined(KRB5_HOME) && exists(${KRB5_HOME}) CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME} @@ -92,18 +94,13 @@ CONFIGURE_ENV+= LOCALBASE=${LOCALBASE} \ DOCS= AUTHORS COPYING ChangeLog INSTALL NEWS README TODO -DOC2= draft-leach-digest-sasl-05.txt \ - draft-newman-auth-scram-03.txt \ - rfc1321.txt rfc2095.txt rfc2104.txt \ - rfc2222.txt rfc2245.txt - -HTDOCS= gssapi index programming sysadmin - PLIST_SUB= PREFIX=${PREFIX} \ GSSAPI=${GSSAPI} \ EBONES=${EBONES} \ DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \ +LDAP_MYSQL_PATCH= ldap-mysql_sasl/sasl-ldap+mysql.patch + PKGDEINSTALL= ${WRKDIR}/pkg-deinstall PKGINSTALL= ${WRKDIR}/pkg-install PKGMESSAGE= ${WRKDIR}/pkg-message @@ -111,6 +108,14 @@ PKGMESSAGE= ${WRKDIR}/pkg-message pre-fetch: @${SETENV} ${SCRIPTS_ENV} ${SH} ${SCRIPTDIR}/configure.sasl +.if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) +.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" +.endif + +pre-patch: + @(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH} && \ + ${MV} configure.orig configure) + # Fix sasldb name in pkg-install/deinstall scripts post-patch: @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \ @@ -119,8 +124,11 @@ post-patch: ${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL} @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \ -e "/%%PREFIX%%/s##${PREFIX}#g" \ - -e "/%%DOCSDIR%%/s##${DOCSDIR}#g" \ ${.CURDIR}/pkg-message > ${PKGMESSAGE} +.ifdef LDAP_MYSQL_MSG + @${ECHO} ${LDAP_MYSQL_MSG} | /usr/bin/fmt -w 67 >> ${PKGMESSAGE} + @${ECHO} >> ${PKGMESSAGE} +.endif pre-configure: @(cd ${WRKSRC} && ${AUTOHEADER}) @@ -134,19 +142,16 @@ post-install: > ${PREFIX}/etc/rc.d/pwcheck.sh @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck - @${LN} ${PREFIX}/sbin/pwcheck ${PREFIX}/sbin/pwcheck_pwnam .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in ${DOCS} @${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR} .endfor -.for file in ${DOC2} - @${INSTALL_DATA} ${WRKSRC}/doc/${file} ${DOCSDIR} -.endfor + (cd ${WRKSRC}/doc ; \ + for file in `make -V EXTRA_DIST` ; do \ + ${INSTALL_DATA} ${WRKSRC}/doc/$${file} ${DOCSDIR} ; \ + done) @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR} -.for file in ${HTDOCS} - @${INSTALL_DATA} ${WRKSRC}/doc/${file}.html ${DOCSDIR} -.endfor .endif @PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} @@ -154,8 +159,8 @@ post-install: post-clean: @${RM} -f ${WRKDIRPREFIX}${.CURDIR}/Makefile.inc -.if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) -.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" -.endif +#if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) +#include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" +#endif .include <bsd.port.mk> diff --git a/security/cyrus-sasl/distinfo b/security/cyrus-sasl/distinfo index 1b1e11d6810f..eb631c1d2f49 100644 --- a/security/cyrus-sasl/distinfo +++ b/security/cyrus-sasl/distinfo @@ -1,2 +1,4 @@ -MD5 (cyrus-sasl-1.5.24.tar.gz) = ac3837c071c258b80021325936db2583 -MD5 (cyrus-sasl-1.5.24-ipv6-20010321.diff.gz) = a306953c91d9fbf2f4676ef394b38449 +MD5 (cyrus-sasl-1.5.27.tar.gz) = 76ea426e2e2da3b8d2e3a43af5488f3b +MD5 (sasl-1.5.27-ldap-ssl-filter-mysql-patch3.tgz) = 19e6783c1f4095e265648d26c4679544 +MD5 (sasl_apop_patch.gz) = 6bf7a34b73d1c8d139d2269069d1ba4c +MD5 (cyrus-sasl-1.5.27-ipv6-20020106.diff.gz) = b2956a084954a46ba2d751f56a80a275 diff --git a/security/cyrus-sasl/files/patch-ab b/security/cyrus-sasl/files/patch-ab index 403d1b8c8ace..ed6e854ca76d 100644 --- a/security/cyrus-sasl/files/patch-ab +++ b/security/cyrus-sasl/files/patch-ab @@ -1,5 +1,5 @@ ---- configure.in.orig Thu Jul 20 21:35:01 2000 -+++ configure.in Thu Nov 16 09:07:00 2000 +--- configure.in.orig Tue Nov 27 11:45:28 2001 ++++ configure.in Tue Nov 27 12:49:28 2001 @@ -66,8 +66,9 @@ dnl check for -R, etc. switch CMU_GUESS_RUNPATH_SWITCH @@ -12,126 +12,17 @@ AM_DISABLE_STATIC -@@ -232,6 +233,13 @@ +@@ -235,6 +236,13 @@ + berkeley) SASL_DB_BACKEND="db_${dblib}.lo" AC_DEFINE(SASL_BERKELEYDB) - SASL_DB_LIB="-ldb" + for db3loc in ${prefix} /usr/local /usr + do + if test -d ${db3loc}/include/db3; then -+ CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS" -+ break ++ CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS" ++ break + fi + done ;; *) AC_MSG_WARN([Disabling SASL authentication database support]) -@@ -310,6 +318,88 @@ - fi - AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no) - -+dnl MySQL -+AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ], -+ with_mysql=$withval, -+ with_mysql=no) -+ -+if test -z "$with_mysql"; then -+ for mysqlloc in lib/mysql lib -+ do -+ if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="${prefix}" -+ break -+ elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="/usr/local" -+ break -+ elif test -f /usr/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="/usr" -+ break -+ fi -+ done -+fi -+ -+LIB_MYSQL="" -+case "$with_mysql" in -+ no) true;; -+ ""|yes) AC_CHECK_LIB(mysqlclient, mysql_select_db, -+ AC_DEFINE(HAVE_MYSQL) -+ LIB_MYSQL="-lmysqlclient", -+ with_mysql=no);; -+ *) if test -d ${with_mysql}/include/mysql; then -+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include/mysql" -+ else -+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include" -+ fi -+ if test -d ${with_mysql}/lib/mysql; then -+ LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql" -+ fi -+ AC_DEFINE(HAVE_MYSQL) -+ LIB_MYSQL="-lmysqlclient";; -+esac -+AC_SUBST(LIB_MYSQL) -+ -+dnl LDAP -+AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ], -+ with_ldap=$withval, -+ with_ldap=no) -+ -+if test -z "$with_ldap"; then -+ for ldaploc in lib/ldap lib -+ do -+ if test -f ${prefix}/${ldaploc}/libldap.a; then -+ with_ldap="${prefix}" -+ break -+ elif test -f /usr/local/${ldaploc}/libldap.a; then -+ with_ldap="/usr/local" -+ break -+ elif test -f /usr/${ldaploc}/libldap.a; then -+ with_ldap="/usr" -+ break -+ fi -+ done -+fi -+ -+LIB_LDAP="" -+case "$with_ldap" in -+ no) true;; -+ ""|yes) AC_CHECK_LIB(ldap, ldap_open, -+ AC_DEFINE(HAVE_LDAP) -+ LIB_LDAP="-lldap -llber", -+ with_ldap=no);; -+ *) if test -d ${with_ldap}/include/ldap; then -+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap" -+ else -+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" -+ fi -+ if test -d ${with_ldap}/lib/ldap; then -+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap" -+ fi -+ AC_DEFINE(HAVE_LDAP) -+ LIB_LDAP="-lldap -llber";; -+esac -+AC_SUBST(LIB_LDAP) -+ - dnl CRAM-MD5 - AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ], - cram=$enableval, -@@ -434,11 +524,15 @@ - fi - - if test "$with_des" != no; then -+ case "$host_os" in -+ freebsd*) -+ COM_ERR="-lcom_err" -+ ;; -+ esac - AC_CHECK_HEADER(krb.h, -- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", -- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err", -- AC_WARN(No Kerberos V4 found); krb4=no, -ldes -lcom_err), -- -ldes), -+ AC_CHECK_LIB(krb, krb_mk_priv,:, -+ AC_WARN(No Kerberos V4 found); krb4=no, -+ -ldes $COM_ERR), - AC_WARN(No Kerberos V4 found); krb4=no) - else - AC_WARN(No DES library found for Kerberos V4 support) diff --git a/security/cyrus-sasl/files/patch-ag b/security/cyrus-sasl/files/patch-ag deleted file mode 100644 index 591a08e66ab5..000000000000 --- a/security/cyrus-sasl/files/patch-ag +++ /dev/null @@ -1,15 +0,0 @@ ---- acconfig.h.orig Wed Jul 5 11:59:25 2000 -+++ acconfig.h Fri Sep 15 20:56:28 2000 -@@ -84,6 +84,12 @@ - /* do we have PAM for plaintext password checking? */ - #undef HAVE_PAM - -+/* do we have MySQL for plaintext password checking? */ -+#undef HAVE_MYSQL -+ -+/* do we have LDAP for plaintext password checking? */ -+#undef HAVE_LDAP -+ - /* what flavor of GSSAPI are we using? */ - #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE - diff --git a/security/cyrus-sasl/files/patch-ah b/security/cyrus-sasl/files/patch-ah deleted file mode 100644 index deb47e550737..000000000000 --- a/security/cyrus-sasl/files/patch-ah +++ /dev/null @@ -1,9 +0,0 @@ ---- lib/Makefile.am.orig Thu Jul 20 21:35:02 2000 -+++ lib/Makefile.am Fri Sep 15 20:56:28 2000 -@@ -53,5 +53,5 @@ - EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c - libsasl_la_LDFLAGS = -version-info $(sasl_version) - libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@ --libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) -+libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL} - # PLAIN_LIBS are linked in for sasl_checkpass diff --git a/security/cyrus-sasl/files/patch-ai b/security/cyrus-sasl/files/patch-ai deleted file mode 100644 index ea925f0e9f6f..000000000000 --- a/security/cyrus-sasl/files/patch-ai +++ /dev/null @@ -1,321 +0,0 @@ ---- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000 -+++ lib/checkpw.c Tue Oct 31 20:52:21 2000 -@@ -95,10 +95,19 @@ - #include <sys/un.h> - #ifdef HAVE_UNISTD_H - #include <unistd.h> --#endif -+#endif /* HAVE_UNISTD_H */ - - extern int errno; --#endif -+#endif /* HAVE_PWCHECK */ -+ -+#ifdef HAVE_MYSQL -+#include <mysql.h> -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+#include <lber.h> -+#include <ldap.h> -+#endif /* HAVE_LDAP */ - - #ifdef HAVE_KRB - -@@ -170,12 +179,20 @@ - memcpy (&temp_key, "kerberos", 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); -+#endif - - memcpy (&temp_key, &ivec, sizeof temp_key); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, key, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); -+#endif - - des_fixup_key_parity (key); - -@@ -210,10 +227,17 @@ - return (str); - } - -+#ifdef __FreeBSD__ -+static int use_key(const char *user __attribute__((unused)), -+ char *instance __attribute__((unused)), -+ const char *realm __attribute__((unused)), -+ const void *key, des_cblock *returned_key) -+#else - static int use_key(char *user __attribute__((unused)), - char *instance __attribute__((unused)), - char *realm __attribute__((unused)), - void *key, des_cblock *returned_key) -+#endif - { - memcpy (returned_key, key, sizeof(des_cblock)); - return 0; -@@ -838,7 +862,7 @@ - - - /* pwcheck daemon-authenticated login */ --static int pwcheck_verify_password(sasl_conn_t *conn, -+static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)), - const char *userid, - const char *passwd, - const char *service __attribute__((unused)), -@@ -853,8 +877,10 @@ - static char response[1024]; - int start, n; - char pwpath[1024]; -+#if 0 /* Not used */ - sasl_getopt_t *getopt; - void *context; -+#endif - - if (reply) { *reply = NULL; } - -@@ -902,6 +928,224 @@ - - #endif - -+#ifdef HAVE_MYSQL -+/* DMZ mysql auth 12/29/1999 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ * changed to malloc qbuf Simon Loader 10/21/2000 -+ */ -+#ifdef USE_CRYPT_PASSWORD -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" -+#else -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'" -+#endif -+ -+static int mysql_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ unsigned int numrows; -+ MYSQL mysql,*sock; -+ MYSQL_RES *result; -+ char *qbuf; -+ char *db_user="", -+ *db_passwd="", -+ *db_host="", -+ *db_uidcol="", -+ *db_pwcol="", -+ *db_database="", -+ *db_table=""; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ if (!userid || !password) { -+ return SASL_BADPARAM; -+ } -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL); -+ if (!db_user) db_user = ""; -+ getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL); -+ if (!db_passwd) db_passwd = ""; -+ getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL); -+ if (!db_host) db_host = ""; -+ getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL); -+ if (!db_database) db_database = ""; -+ getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL); -+ if (!db_table) db_table = ""; -+ getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL); -+ if (!db_uidcol) db_uidcol = ""; -+ getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL); -+ if (!db_pwcol) db_pwcol = ""; -+ } -+ -+ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd))) -+ { -+ if (reply) { *reply = "cannot connect to MySQL server"; } -+ return SASL_FAIL; -+ } -+ -+ if (mysql_select_db(sock,db_database) < 0) -+ { -+ mysql_close(sock); -+ if (reply) { *reply = "cannot select MySQL database"; } -+ return SASL_FAIL; -+ } -+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ -+ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol) -+ +strlen(db_table)+strlen(db_uidcol) -+ +strlen(userid)+strlen(db_pwcol) -+ +strlen(password)+1)) == NULL ) { -+ if (reply) { *reply = "cannot malloc memory for sql query"; } -+ return SASL_FAIL; -+ } -+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); -+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) -+ { -+ free(qbuf); -+ mysql_close(sock); -+ return SASL_FAIL; -+ } -+ -+ if (result) //There were some rows found -+ { -+ if ((numrows = mysql_affected_rows(&mysql)) != 1) -+ { -+ mysql_free_result(result); -+ mysql_close(sock); -+ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } -+ free(qbuf); -+ return SASL_BADAUTH; -+ } else { -+ free(qbuf); -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_OK; -+ } -+ } -+ free(qbuf); -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_BADAUTH; -+} -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+/* simon@surf.org.uk LDAP auth 07/11/2000 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000 -+ */ -+ -+#define LDAP_SERVER "localhost" -+#define LDAP_BASEDN "o=JOFA, c=UK" -+#define LDAP_UIDATTR "uid" -+ -+#ifndef TRUE -+# define TRUE 1 -+# define FALSE 0 -+#endif -+ -+static int ldap_isdigits(char *value) -+{ -+ char *ptr; -+ int num = TRUE; -+ -+ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) { -+ if (!isdigit(*ptr)) -+ num = FALSE; -+ } -+ -+ return num; -+} -+ -+static int ldap_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ -+ LDAP *ld; -+ char *dn, -+ *ldap_server="", -+ *ldap_basedn="", -+ *ldap_uidattr="", -+ *port_num=""; -+ int ldap_port = LDAP_PORT; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ /* If the password is NULL, reject the login... -+ * Otherwise the bind will succed as a reference bind. Not good... -+ */ -+ if (!userid || !password) -+ { -+ return SASL_BADPARAM; -+ } -+ -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL); -+ if (!ldap_server) ldap_server = LDAP_SERVER; -+ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL); -+ if (!ldap_basedn) { -+ if (reply) { *reply = "ldap_basedn not defined"; } -+ return SASL_BADPARAM; -+ } -+ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL); -+ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR; -+ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL); -+ if (!port_num) { -+ ldap_port = LDAP_PORT; -+ } else if (!ldap_isdigits(port_num)) { -+ if (reply) { *reply = "ldap_port - invalid value"; } -+ return SASL_BADPARAM; -+ } else { -+ ldap_port = atoi(port_num); -+ } -+ } -+ -+ /* Open the LDAP connection. */ -+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) -+ { -+ if (reply) { *reply = "cannot connect to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ if ( (dn = (char *)malloc(strlen(ldap_uidattr) -+ +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) { -+ if (reply) { *reply = "cannnot allocate memory for ldap dn"; } -+ return SASL_FAIL; -+ } -+ /* Generate a dn that we will try and login with */ -+ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn); -+ -+ /* -+ * Just try and bind with the dn we have been given -+ * In most cases the basedn is correct. -+ * If this is not so I have a version or that too -+ * Simon@surf.org.uk -+ */ -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) { -+ free(dn); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ free(dn); -+ ldap_unbind(ld); -+ return SASL_OK; -+} -+ -+#endif /* HAVE_LDAP */ -+ - struct sasl_verify_password_s _sasl_verify_password[] = { - { "sasldb", &sasldb_verify_password }, - #ifdef HAVE_KRB -@@ -921,6 +1165,12 @@ - #endif - #ifdef HAVE_PWCHECK - { "pwcheck", &pwcheck_verify_password }, -+#endif -+#ifdef HAVE_MYSQL -+ { "mysql", &mysql_verify_password }, -+#endif -+#ifdef HAVE_LDAP -+ { "ldap", &ldap_verify_password }, - #endif - { NULL, NULL } - }; diff --git a/security/cyrus-sasl/files/patch-aj b/security/cyrus-sasl/files/patch-aj deleted file mode 100644 index 569384a100d4..000000000000 --- a/security/cyrus-sasl/files/patch-aj +++ /dev/null @@ -1,46 +0,0 @@ ---- doc/sysadmin.html.orig Wed Jul 12 21:59:51 2000 -+++ doc/sysadmin.html Fri Sep 15 20:56:28 2000 -@@ -171,6 +171,43 @@ - <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate, - helper daemon. <b>needs to be documented.</b><p> - -+<dt><i>mysql</i><dd> A MySQL database can be used for plaintext -+ password checking by setting "pwcheck_method" to "mysql".<p> -+ -+ <p>The following SASL options are used for MySQL Authentication:<p> -+ -+ <dl> -+ <dd>mysql_user: <user></dd> -+ <dd>mysql_passwd: <cleartext pw></dd> -+ <dd>mysql_host: <host></dd> -+ <dd>mysql_database: <database></dd> -+ <dd>mysql_table: <table></dd> -+ <dd>mysql_uidcol: <username col></dd> -+ <dd>mysql_pwdcol: <password col></dd> -+ </dl> -+ -+ <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a> -+ the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p> -+ -+<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password -+ checking by setting "pwcheck_method" to "ldap".<p> -+ -+ <p>The following SASL options are used for LDAP Authentication:<p> -+ -+ <dl> -+ <dd>ldap_server: <LDAP Server [localhost]> -+ <dd>ldap_basedn: <LDAP base dn> -+ <dd>ldap_uidattr: <LDAP uid attribute [uid]> -+ <dd>ldap_port: <LDAP port [389]> -+ </dl> -+ -+ <p>It is a requirement that "ldap_basedn" be set to the appropriate -+ value for your site<br> -+ (ex. ldap_basedn: o=surf, c=UK)<p> -+ -+ <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@surf.org.uk</a> -+ the original patch may be found at <a href="http://www.surf.org.uk/">http://www.surf.org.uk/</a>.<p> -+ - <dt><i>write your own</i><dd> Last, but not least, the most flexible - method of authentication for PLAIN is to write your own. If you do - so, any application that calls the "<tt>sasl_checkpass()</tt>" diff --git a/security/cyrus-sasl/files/patch-ak b/security/cyrus-sasl/files/patch-ak deleted file mode 100644 index ecbd20ca3239..000000000000 --- a/security/cyrus-sasl/files/patch-ak +++ /dev/null @@ -1,30 +0,0 @@ ---- plugins/kerberos4.c.orig Wed Apr 19 11:18:48 2000 -+++ plugins/kerberos4.c Sat Sep 16 18:49:20 2000 -@@ -696,8 +696,13 @@ - - /* decrypt; verify checksum */ - -+#ifdef __FreeBSD__ -+ des_pcbc_encrypt((const unsigned char *)in, -+ (unsigned char *)in, -+#else - des_pcbc_encrypt((des_cblock *)in, - (des_cblock *)in, -+#endif - clientinlen, - text->init_keysched, - &text->session, -@@ -1192,8 +1197,13 @@ - } - sout[len]=0; - -+#ifdef __FreeBSD__ -+ des_pcbc_encrypt((const unsigned char *)sout, -+ (unsigned char *)sout, -+#else - des_pcbc_encrypt((des_cblock *)sout, - (des_cblock *)sout, -+#endif - len, - text->init_keysched, - (des_cblock *)text->session, diff --git a/security/cyrus-sasl/files/patch-lib::common.c b/security/cyrus-sasl/files/patch-lib::common.c deleted file mode 100644 index 1bc58a81c3d6..000000000000 --- a/security/cyrus-sasl/files/patch-lib::common.c +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/common.c.orig Thu Dec 6 18:34:09 2001 -+++ lib/common.c Thu Dec 6 18:34:24 2001 -@@ -596,7 +596,7 @@ - } - - /* do the syslog call. do not need to call openlog */ -- syslog(syslog_priority | LOG_AUTH, message); -+ syslog(syslog_priority | LOG_AUTH, "%s", message); - - return SASL_OK; - } diff --git a/security/cyrus-sasl/pkg-deinstall b/security/cyrus-sasl/pkg-deinstall index 9e18cc7e18ed..fe997778b912 100644 --- a/security/cyrus-sasl/pkg-deinstall +++ b/security/cyrus-sasl/pkg-deinstall @@ -15,7 +15,13 @@ SASLDB_NAME=${PKG_PREFIX}/etc/%%SASLDB%% # delete sasldb database delete_sasldb() { - [ -f ${SASLDB_NAME} -a ! -s ${SASLDB_NAME} ] && rm ${SASLDB_NAME} + if [ -f ${SASLDB_NAME} ] ; then + if [ `${PKG_PREFIX}/sbin/sasldblistusers | wc -l` -eq 0 ] ; then + rm ${SASLDB_NAME} + else + echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file" + fi + fi } # This should really be uninstalled by Sendmail diff --git a/security/cyrus-sasl/pkg-install b/security/cyrus-sasl/pkg-install index 5bceae998de5..b0a9c1961b71 100644 --- a/security/cyrus-sasl/pkg-install +++ b/security/cyrus-sasl/pkg-install @@ -73,7 +73,8 @@ create_user() { create_sasldb() { if [ ! -f ${SASLDB_NAME} ]; then - touch ${SASLDB_NAME} + echo "test" | ${PKG_PREFIX}/sbin/saslpasswd -p -c cyrus + ${PKG_PREFIX}/sbin/saslpasswd -d cyrus chown cyrus:mail ${SASLDB_NAME} chmod 640 ${SASLDB_NAME} fi diff --git a/security/cyrus-sasl/pkg-message b/security/cyrus-sasl/pkg-message index 49423c13741d..5dfe7ff77639 100644 --- a/security/cyrus-sasl/pkg-message +++ b/security/cyrus-sasl/pkg-message @@ -1,15 +1,12 @@ -%%PREFIX%%/etc/%%SASLDB%% now needs to be created -before applications that depend on SASL are used. - su cyrus - %%PREFIX%%/sbin/saslpasswd -c userid - -You will also need to start the pwcheck daemon: +You may need to start the pwcheck daemon for authentication with +the system password files: %%PREFIX%%/etc/rc.d/pwcheck.sh start -Read the documentation in %%DOCSDIR%% +or you can use sasldb for authentication, to add users use: + + saslpasswd -c username How to enable SMTP AUTH with system Sendmail 8.11 - Sendmail.README -How to use LDAP or MySQL for passwords - see html/sysadmin.html diff --git a/security/cyrus-sasl/pkg-plist b/security/cyrus-sasl/pkg-plist index 2ec1121a3687..4f08d1e0edb0 100644 --- a/security/cyrus-sasl/pkg-plist +++ b/security/cyrus-sasl/pkg-plist @@ -33,9 +33,7 @@ lib/sasl/libplain.so lib/sasl/libplain.so.1 sbin/sasldblistusers sbin/saslpasswd -sbin/pwcheck_pwnam -@exec ln %D/sbin/pwcheck_pwnam %D/sbin/pwcheck -@unexec rm -f %D/sbin/pwcheck +sbin/pwcheck %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/ChangeLog @@ -44,13 +42,13 @@ sbin/pwcheck_pwnam %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/Sendmail.README %%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/draft-leach-digest-sasl-05.txt %%PORTDOCS%%%%DOCSDIR%%/draft-newman-auth-scram-03.txt %%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2095.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2222.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2245.txt +%%PORTDOCS%%%%DOCSDIR%%/rfc2831.txt %%PORTDOCS%%%%DOCSDIR%%/gssapi.html %%PORTDOCS%%%%DOCSDIR%%/index.html %%PORTDOCS%%%%DOCSDIR%%/programming.html diff --git a/security/cyrus-sasl/scripts/configure.sasl b/security/cyrus-sasl/scripts/configure.sasl index 930c7acb3758..b4db08de7d59 100644 --- a/security/cyrus-sasl/scripts/configure.sasl +++ b/security/cyrus-sasl/scripts/configure.sasl @@ -1,51 +1,68 @@ #!/bin/sh # $FreeBSD$ -if [ -f ${WRKDIRPREFIX}${CURDIR}/Makefile.inc ]; then +if [ -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc ]; then exit fi -SASLDB_NAME=sasldb.db - tempfile=`mktemp -t checklist` if [ "${BATCH}" ]; then - if [ "x${ENABLE_DB3}" = "xYES" ]; then - OPTIONS=\"DB3\" + if [ "${WITH_DB3}" ]; then + OPTIONS="\"DB3\"" + else + OPTIONS="\"NDBM\"" fi - if [ "x${ENABLE_MYSQL}" = "xYES" ]; then + if [ "${WITH_JAVA}" ]; then + OPTIONS="${OPTIONS} \"JAVA\"" + fi + if [ "${WITH_MYSQL}" ]; then OPTIONS="${OPTIONS} \"MySQL\"" fi - if [ "x${ENABLE_LDAP}" = "xYES" ]; then - OPTIONS="${OPTIONS} \"OpenLDAP\"" + if [ "${WITH_LDAP2}" ]; then + OPTIONS="${OPTIONS} \"OpenLDAP2\"" + elif [ "${WITH_LDAP1}" ]; then + OPTIONS="${OPTIONS} \"OpenLDAP1\"" fi - if [ "x${OPTIONS}" != "x" ]; then + if [ "${OPTIONS}" != "x" ]; then set ${OPTIONS} fi else - if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so ] ; then + if [ "${WITH_DB3}" -o -f ${PREFIX}/lib/libdb3.so ] ; then SET_DB3="ON" + SET_NDBM="OFF" else SET_DB3="OFF" + SET_NDBM="ON" + fi + if [ "${WITH_JAVA}" ] ; then + SET_JAVA="ON" + else + SET_JAVA="OFF" fi - if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then + if [ "${WITH_MYSQL}" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then SET_MYSQL="ON" else SET_MYSQL="OFF" fi - if [ "x${ENABLE_LDAP}" = "xYES" -o \ - -f ${PREFIX}/lib/libldap.so -a -f ${PREFIX}/lib/liblber.so ] ; then - SET_LDAP="ON" - else - SET_LDAP="OFF" + + #Perfer LDAP2 over LDAP1 + SET_LDAP1="OFF" + SET_LDAP2="OFF" + if [ "${WITH_LDAP2}" -o -f ${PREFIX}/lib/libldap.so.2 -a -f ${PREFIX}/lib/liblber.so.2 ] ; then + SET_LDAP2="ON" + elif [ "${WITH_LDAP1}" -o -f ${PREFIX}/lib/libldap.so.1 -a -f ${PREFIX}/lib/liblber.so.1 ]; then + SET_LDAP1="ON" fi /usr/bin/dialog --title "Additional SASL options" --clear \ --checklist "\n\ Please select desired options:" -1 -1 16 \ +NDBM "ndbm DB package" ${SET_NDBM} \ DB3 "Berkeley DB package, revision 3" ${SET_DB3} \ MySQL "MySQL password Authentication" ${SET_MYSQL} \ -OpenLDAP "OpenLDAP password Authentication" ${SET_LDAP} \ +OpenLDAP1 "OpenLDAP 1.x support" ${SET_LDAP1} \ +OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \ 2> $tempfile retval=$? @@ -66,34 +83,83 @@ OpenLDAP "OpenLDAP password Authentication" ${SET_LDAP} \ esac fi -${MKDIR} ${WRKDIRPREFIX}${CURDIR} -exec > ${WRKDIRPREFIX}${CURDIR}/Makefile.inc +${MKDIR} ${WRKDIRPREFIX}${REALCURDIR} +exec > ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc echo "PREFIX= ${PREFIX}" while [ "$1" ]; do case $1 in + \"NDBM\") + if [ "${DBLIB}" ]; then + echo "ndbm and db3 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi + echo "CONFIGURE_ARGS+= --with-dblib=ndbm" + echo "SASLDB_NAME= sasldb.db" + DBLIB=1 + ;; \"DB3\") + if [ "${DBLIB}" ]; then + echo "ndbm and db3 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi echo "LIB_DEPENDS+= db3.2:\${PORTSDIR}/databases/db3" - echo "CONFIGURE_ARGS+=--with-dblib=berkeley" - SASLDB_NAME=sasldb + echo "CONFIGURE_ARGS+= --with-dblib=berkeley" + echo "SASLDB_NAME= sasldb" + DBLIB=1 + ;; + \"JAVA\") + echo "JAVA is disabled, Ignoring option" > /dev/stderr + ;; + \"DISABLED\") + echo "RUN_DEPENDS= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk" + echo "CONFIGURE_ARGS+= --with-java \\" + echo " --with-javabase=\${LOCALBASE}/include" + echo "CONFIGURE_ENV+= JAVAC=\"\${LOCALBASE}/\${JAVADIR}/bin/javac\" \\" + echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah" \\" + echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\" ;; \"MySQL\") echo "LIB_DEPENDS+= mysqlclient.10:\${PORTSDIR}/databases/mysql323-client" - echo "CONFIGURE_ARGS+=--with-mysql=\${PREFIX}" + echo "CONFIGURE_ARGS+= --with-mysql=\${PREFIX}" + MSG=1 ;; - \"OpenLDAP\") + \"OpenLDAP1\") + if [ "$OPENLDAP2" ]; then + echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi echo "LIB_DEPENDS+= ldap.1:\${PORTSDIR}/net/openldap" echo "LIB_DEPENDS+= lber.1:\${PORTSDIR}/net/openldap" - echo "CONFIGURE_ARGS+=--with-ldap=\${PREFIX}" + echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}" + OPENLDAP1=1 + MSG=1 + ;; + \"OpenLDAP2\") + if [ "$OPENLDAP1" ]; then + echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi + echo "LIB_DEPENDS+= ldap.2:\${PORTSDIR}/net/openldap2" + echo "LIB_DEPENDS+= lber.2:\${PORTSDIR}/net/openldap2" + echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}" + OPENLDAP2=1 + MSG=1 ;; *) echo "Invalid option(s): $*" > /dev/stderr - rm -f ${WRKDIRPREFIX}${CURDIR}/Makefile.inc + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc exit 1 ;; esac shift done -echo "SASLDB_NAME= ${SASLDB_NAME}" +if [ "x${MSG}" != "x" ]; then + echo "LDAP_MYSQL_MSG= \"See sysadmin.html in the Cyrus-SASL docs directory for informaion on using LDAP or MySQL for authentication.\"" +fi diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile index 1eab6560b7fd..180849c46eec 100644 --- a/security/cyrus-sasl2/Makefile +++ b/security/cyrus-sasl2/Makefile @@ -6,15 +6,24 @@ # PORTNAME= cyrus-sasl -PORTVERSION= 1.5.24 -PORTREVISION= 8 -CATEGORIES= security -MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR% \ +PORTVERSION= 1.5.27 +PORTREVISION= 0 +CATEGORIES= security ipv6 +MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \ + http://prdownloads.sourceforge.net/cyrus-utils/ \ + http://www.surf.org.uk/downloads/ \ + ftp://ftp.westbend.net/pub/cyrus-mail/%SUBDIR%/ \ + ${MASTER_SITE_SOURCEFORGE} \ ftp://ftp.hanse.de/sites/transit/mirror/ftp.andrew.cmu.edu/pub/cyrus-mail/ -MASTER_SITE_SUBDIR= ./ OLD-VERSIONS/sasl/ +MASTER_SITE_SUBDIR= . OLD-VERSIONS/sasl cyrus-utils -PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= ${DISTNAME}-ipv6-20010321.diff.gz +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ + sasl-${PORTVERSION}-ldap-ssl-filter-mysql-patch3.tgz + +PATCH_SITES= ftp://ftp.westbend.net/pub/cyrus-mail/contrib/ \ + http://www.imasy.or.jp/~ume/ipv6/ +PATCHFILES= sasl_apop_patch.gz \ + ${DISTNAME}-ipv6-${IPV6_VER}.diff.gz MAINTAINER= hetzels@westbend.net @@ -22,6 +31,9 @@ USE_OPENSSL= YES INSTALLS_SHLIB= yes +# IPv6 Patch provided by Hajimu UMEMOTO <ume@mahoroba.org> +IPV6_VER= 20020106 + MAN3= sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \ sasl_client_init.3 sasl_client_new.3 sasl_client_start.3 \ sasl_client_step.3 sasl_decode.3 sasl_done.3 sasl_encode.3 \ @@ -43,32 +55,22 @@ CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --enable-static \ --enable-login \ --with-pwcheck=/var/pwcheck \ - --with-dblib=ndbm \ --with-rc4=openssl SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \ PREFIX="${PREFIX}" \ TOUCH="${TOUCH}" \ MKDIR="${MKDIR}" \ - ENABLE_DB3="${ENABLE_DB3}" \ - ENABLE_MYSQL="${ENABLE_MYSQL}" \ - ENABLE_LDAP="${ENABLE_LDAP}" - -# ENABLE_* variables can be used by depending ports to enable options. + REALCURDIR="${.CURDIR}" \ + WITH_DB3="${WITH_DB3}" \ + WITH_JAVA="${WITH_JAVA}" \ + WITH_MYSQL="${WITH_MYSQL}" \ + WITH_LDAP1="${WITH_LDAP1}" \ + WITH_LDAP2="${WITH_LDAP2}" # JavaSASL needs someone to look at to get it to build -#JAVADIR= jdk1.1.8 -#JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ - -#.if defined(USE_JAVA) || exists(${LOCALBASE}/${JAVADIR}/bin/java) -#BUILD_DEPENDS= ${LOCALBASE}/${JAVADIR}/bin/java:${PORTSDIR}/java/jdk -#CONFIGURE_ARGS+= --with-java \ -# --with-javabase=${LOCALBASE}/include -# -#CONFIGURE_ENV= JAVAC="${LOCALBASE}/${JAVADIR}/bin/javac" \ -# JAVAH="${LOCALBASE}/${JAVADIR}/bin/javah" \ -# JAVADOC="${LOCALBASE}/${JAVADIR}/bin/javadoc" -#.endif +JAVADIR= jdk1.1.8 +JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ .if defined(KRB5_HOME) && exists(${KRB5_HOME}) CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME} @@ -92,18 +94,13 @@ CONFIGURE_ENV+= LOCALBASE=${LOCALBASE} \ DOCS= AUTHORS COPYING ChangeLog INSTALL NEWS README TODO -DOC2= draft-leach-digest-sasl-05.txt \ - draft-newman-auth-scram-03.txt \ - rfc1321.txt rfc2095.txt rfc2104.txt \ - rfc2222.txt rfc2245.txt - -HTDOCS= gssapi index programming sysadmin - PLIST_SUB= PREFIX=${PREFIX} \ GSSAPI=${GSSAPI} \ EBONES=${EBONES} \ DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \ +LDAP_MYSQL_PATCH= ldap-mysql_sasl/sasl-ldap+mysql.patch + PKGDEINSTALL= ${WRKDIR}/pkg-deinstall PKGINSTALL= ${WRKDIR}/pkg-install PKGMESSAGE= ${WRKDIR}/pkg-message @@ -111,6 +108,14 @@ PKGMESSAGE= ${WRKDIR}/pkg-message pre-fetch: @${SETENV} ${SCRIPTS_ENV} ${SH} ${SCRIPTDIR}/configure.sasl +.if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) +.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" +.endif + +pre-patch: + @(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH} && \ + ${MV} configure.orig configure) + # Fix sasldb name in pkg-install/deinstall scripts post-patch: @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \ @@ -119,8 +124,11 @@ post-patch: ${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL} @${SED} -e "/%%SASLDB%%/s##${SASLDB_NAME}#g" \ -e "/%%PREFIX%%/s##${PREFIX}#g" \ - -e "/%%DOCSDIR%%/s##${DOCSDIR}#g" \ ${.CURDIR}/pkg-message > ${PKGMESSAGE} +.ifdef LDAP_MYSQL_MSG + @${ECHO} ${LDAP_MYSQL_MSG} | /usr/bin/fmt -w 67 >> ${PKGMESSAGE} + @${ECHO} >> ${PKGMESSAGE} +.endif pre-configure: @(cd ${WRKSRC} && ${AUTOHEADER}) @@ -134,19 +142,16 @@ post-install: > ${PREFIX}/etc/rc.d/pwcheck.sh @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck - @${LN} ${PREFIX}/sbin/pwcheck ${PREFIX}/sbin/pwcheck_pwnam .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in ${DOCS} @${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR} .endfor -.for file in ${DOC2} - @${INSTALL_DATA} ${WRKSRC}/doc/${file} ${DOCSDIR} -.endfor + (cd ${WRKSRC}/doc ; \ + for file in `make -V EXTRA_DIST` ; do \ + ${INSTALL_DATA} ${WRKSRC}/doc/$${file} ${DOCSDIR} ; \ + done) @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR} -.for file in ${HTDOCS} - @${INSTALL_DATA} ${WRKSRC}/doc/${file}.html ${DOCSDIR} -.endfor .endif @PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} @@ -154,8 +159,8 @@ post-install: post-clean: @${RM} -f ${WRKDIRPREFIX}${.CURDIR}/Makefile.inc -.if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) -.include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" -.endif +#if exists(${WRKDIRPREFIX}${.CURDIR}/Makefile.inc) +#include "${WRKDIRPREFIX}${.CURDIR}/Makefile.inc" +#endif .include <bsd.port.mk> diff --git a/security/cyrus-sasl2/distinfo b/security/cyrus-sasl2/distinfo index 1b1e11d6810f..eb631c1d2f49 100644 --- a/security/cyrus-sasl2/distinfo +++ b/security/cyrus-sasl2/distinfo @@ -1,2 +1,4 @@ -MD5 (cyrus-sasl-1.5.24.tar.gz) = ac3837c071c258b80021325936db2583 -MD5 (cyrus-sasl-1.5.24-ipv6-20010321.diff.gz) = a306953c91d9fbf2f4676ef394b38449 +MD5 (cyrus-sasl-1.5.27.tar.gz) = 76ea426e2e2da3b8d2e3a43af5488f3b +MD5 (sasl-1.5.27-ldap-ssl-filter-mysql-patch3.tgz) = 19e6783c1f4095e265648d26c4679544 +MD5 (sasl_apop_patch.gz) = 6bf7a34b73d1c8d139d2269069d1ba4c +MD5 (cyrus-sasl-1.5.27-ipv6-20020106.diff.gz) = b2956a084954a46ba2d751f56a80a275 diff --git a/security/cyrus-sasl2/files/patch-ab b/security/cyrus-sasl2/files/patch-ab index 403d1b8c8ace..ed6e854ca76d 100644 --- a/security/cyrus-sasl2/files/patch-ab +++ b/security/cyrus-sasl2/files/patch-ab @@ -1,5 +1,5 @@ ---- configure.in.orig Thu Jul 20 21:35:01 2000 -+++ configure.in Thu Nov 16 09:07:00 2000 +--- configure.in.orig Tue Nov 27 11:45:28 2001 ++++ configure.in Tue Nov 27 12:49:28 2001 @@ -66,8 +66,9 @@ dnl check for -R, etc. switch CMU_GUESS_RUNPATH_SWITCH @@ -12,126 +12,17 @@ AM_DISABLE_STATIC -@@ -232,6 +233,13 @@ +@@ -235,6 +236,13 @@ + berkeley) SASL_DB_BACKEND="db_${dblib}.lo" AC_DEFINE(SASL_BERKELEYDB) - SASL_DB_LIB="-ldb" + for db3loc in ${prefix} /usr/local /usr + do + if test -d ${db3loc}/include/db3; then -+ CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS" -+ break ++ CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS" ++ break + fi + done ;; *) AC_MSG_WARN([Disabling SASL authentication database support]) -@@ -310,6 +318,88 @@ - fi - AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no) - -+dnl MySQL -+AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ], -+ with_mysql=$withval, -+ with_mysql=no) -+ -+if test -z "$with_mysql"; then -+ for mysqlloc in lib/mysql lib -+ do -+ if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="${prefix}" -+ break -+ elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="/usr/local" -+ break -+ elif test -f /usr/${mysqlloc}/libmysqlclient.a; then -+ with_mysql="/usr" -+ break -+ fi -+ done -+fi -+ -+LIB_MYSQL="" -+case "$with_mysql" in -+ no) true;; -+ ""|yes) AC_CHECK_LIB(mysqlclient, mysql_select_db, -+ AC_DEFINE(HAVE_MYSQL) -+ LIB_MYSQL="-lmysqlclient", -+ with_mysql=no);; -+ *) if test -d ${with_mysql}/include/mysql; then -+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include/mysql" -+ else -+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include" -+ fi -+ if test -d ${with_mysql}/lib/mysql; then -+ LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql" -+ fi -+ AC_DEFINE(HAVE_MYSQL) -+ LIB_MYSQL="-lmysqlclient";; -+esac -+AC_SUBST(LIB_MYSQL) -+ -+dnl LDAP -+AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ], -+ with_ldap=$withval, -+ with_ldap=no) -+ -+if test -z "$with_ldap"; then -+ for ldaploc in lib/ldap lib -+ do -+ if test -f ${prefix}/${ldaploc}/libldap.a; then -+ with_ldap="${prefix}" -+ break -+ elif test -f /usr/local/${ldaploc}/libldap.a; then -+ with_ldap="/usr/local" -+ break -+ elif test -f /usr/${ldaploc}/libldap.a; then -+ with_ldap="/usr" -+ break -+ fi -+ done -+fi -+ -+LIB_LDAP="" -+case "$with_ldap" in -+ no) true;; -+ ""|yes) AC_CHECK_LIB(ldap, ldap_open, -+ AC_DEFINE(HAVE_LDAP) -+ LIB_LDAP="-lldap -llber", -+ with_ldap=no);; -+ *) if test -d ${with_ldap}/include/ldap; then -+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap" -+ else -+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" -+ fi -+ if test -d ${with_ldap}/lib/ldap; then -+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap" -+ fi -+ AC_DEFINE(HAVE_LDAP) -+ LIB_LDAP="-lldap -llber";; -+esac -+AC_SUBST(LIB_LDAP) -+ - dnl CRAM-MD5 - AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ], - cram=$enableval, -@@ -434,11 +524,15 @@ - fi - - if test "$with_des" != no; then -+ case "$host_os" in -+ freebsd*) -+ COM_ERR="-lcom_err" -+ ;; -+ esac - AC_CHECK_HEADER(krb.h, -- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", -- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err", -- AC_WARN(No Kerberos V4 found); krb4=no, -ldes -lcom_err), -- -ldes), -+ AC_CHECK_LIB(krb, krb_mk_priv,:, -+ AC_WARN(No Kerberos V4 found); krb4=no, -+ -ldes $COM_ERR), - AC_WARN(No Kerberos V4 found); krb4=no) - else - AC_WARN(No DES library found for Kerberos V4 support) diff --git a/security/cyrus-sasl2/files/patch-ag b/security/cyrus-sasl2/files/patch-ag deleted file mode 100644 index 591a08e66ab5..000000000000 --- a/security/cyrus-sasl2/files/patch-ag +++ /dev/null @@ -1,15 +0,0 @@ ---- acconfig.h.orig Wed Jul 5 11:59:25 2000 -+++ acconfig.h Fri Sep 15 20:56:28 2000 -@@ -84,6 +84,12 @@ - /* do we have PAM for plaintext password checking? */ - #undef HAVE_PAM - -+/* do we have MySQL for plaintext password checking? */ -+#undef HAVE_MYSQL -+ -+/* do we have LDAP for plaintext password checking? */ -+#undef HAVE_LDAP -+ - /* what flavor of GSSAPI are we using? */ - #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE - diff --git a/security/cyrus-sasl2/files/patch-ah b/security/cyrus-sasl2/files/patch-ah deleted file mode 100644 index deb47e550737..000000000000 --- a/security/cyrus-sasl2/files/patch-ah +++ /dev/null @@ -1,9 +0,0 @@ ---- lib/Makefile.am.orig Thu Jul 20 21:35:02 2000 -+++ lib/Makefile.am Fri Sep 15 20:56:28 2000 -@@ -53,5 +53,5 @@ - EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c - libsasl_la_LDFLAGS = -version-info $(sasl_version) - libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@ --libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) -+libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL} - # PLAIN_LIBS are linked in for sasl_checkpass diff --git a/security/cyrus-sasl2/files/patch-ai b/security/cyrus-sasl2/files/patch-ai deleted file mode 100644 index ea925f0e9f6f..000000000000 --- a/security/cyrus-sasl2/files/patch-ai +++ /dev/null @@ -1,321 +0,0 @@ ---- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000 -+++ lib/checkpw.c Tue Oct 31 20:52:21 2000 -@@ -95,10 +95,19 @@ - #include <sys/un.h> - #ifdef HAVE_UNISTD_H - #include <unistd.h> --#endif -+#endif /* HAVE_UNISTD_H */ - - extern int errno; --#endif -+#endif /* HAVE_PWCHECK */ -+ -+#ifdef HAVE_MYSQL -+#include <mysql.h> -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+#include <lber.h> -+#include <ldap.h> -+#endif /* HAVE_LDAP */ - - #ifdef HAVE_KRB - -@@ -170,12 +179,20 @@ - memcpy (&temp_key, "kerberos", 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); -+#endif - - memcpy (&temp_key, &ivec, sizeof temp_key); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, key, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); -+#endif - - des_fixup_key_parity (key); - -@@ -210,10 +227,17 @@ - return (str); - } - -+#ifdef __FreeBSD__ -+static int use_key(const char *user __attribute__((unused)), -+ char *instance __attribute__((unused)), -+ const char *realm __attribute__((unused)), -+ const void *key, des_cblock *returned_key) -+#else - static int use_key(char *user __attribute__((unused)), - char *instance __attribute__((unused)), - char *realm __attribute__((unused)), - void *key, des_cblock *returned_key) -+#endif - { - memcpy (returned_key, key, sizeof(des_cblock)); - return 0; -@@ -838,7 +862,7 @@ - - - /* pwcheck daemon-authenticated login */ --static int pwcheck_verify_password(sasl_conn_t *conn, -+static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)), - const char *userid, - const char *passwd, - const char *service __attribute__((unused)), -@@ -853,8 +877,10 @@ - static char response[1024]; - int start, n; - char pwpath[1024]; -+#if 0 /* Not used */ - sasl_getopt_t *getopt; - void *context; -+#endif - - if (reply) { *reply = NULL; } - -@@ -902,6 +928,224 @@ - - #endif - -+#ifdef HAVE_MYSQL -+/* DMZ mysql auth 12/29/1999 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ * changed to malloc qbuf Simon Loader 10/21/2000 -+ */ -+#ifdef USE_CRYPT_PASSWORD -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" -+#else -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'" -+#endif -+ -+static int mysql_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ unsigned int numrows; -+ MYSQL mysql,*sock; -+ MYSQL_RES *result; -+ char *qbuf; -+ char *db_user="", -+ *db_passwd="", -+ *db_host="", -+ *db_uidcol="", -+ *db_pwcol="", -+ *db_database="", -+ *db_table=""; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ if (!userid || !password) { -+ return SASL_BADPARAM; -+ } -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL); -+ if (!db_user) db_user = ""; -+ getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL); -+ if (!db_passwd) db_passwd = ""; -+ getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL); -+ if (!db_host) db_host = ""; -+ getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL); -+ if (!db_database) db_database = ""; -+ getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL); -+ if (!db_table) db_table = ""; -+ getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL); -+ if (!db_uidcol) db_uidcol = ""; -+ getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL); -+ if (!db_pwcol) db_pwcol = ""; -+ } -+ -+ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd))) -+ { -+ if (reply) { *reply = "cannot connect to MySQL server"; } -+ return SASL_FAIL; -+ } -+ -+ if (mysql_select_db(sock,db_database) < 0) -+ { -+ mysql_close(sock); -+ if (reply) { *reply = "cannot select MySQL database"; } -+ return SASL_FAIL; -+ } -+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ -+ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol) -+ +strlen(db_table)+strlen(db_uidcol) -+ +strlen(userid)+strlen(db_pwcol) -+ +strlen(password)+1)) == NULL ) { -+ if (reply) { *reply = "cannot malloc memory for sql query"; } -+ return SASL_FAIL; -+ } -+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); -+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) -+ { -+ free(qbuf); -+ mysql_close(sock); -+ return SASL_FAIL; -+ } -+ -+ if (result) //There were some rows found -+ { -+ if ((numrows = mysql_affected_rows(&mysql)) != 1) -+ { -+ mysql_free_result(result); -+ mysql_close(sock); -+ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } -+ free(qbuf); -+ return SASL_BADAUTH; -+ } else { -+ free(qbuf); -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_OK; -+ } -+ } -+ free(qbuf); -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_BADAUTH; -+} -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+/* simon@surf.org.uk LDAP auth 07/11/2000 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000 -+ */ -+ -+#define LDAP_SERVER "localhost" -+#define LDAP_BASEDN "o=JOFA, c=UK" -+#define LDAP_UIDATTR "uid" -+ -+#ifndef TRUE -+# define TRUE 1 -+# define FALSE 0 -+#endif -+ -+static int ldap_isdigits(char *value) -+{ -+ char *ptr; -+ int num = TRUE; -+ -+ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) { -+ if (!isdigit(*ptr)) -+ num = FALSE; -+ } -+ -+ return num; -+} -+ -+static int ldap_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ -+ LDAP *ld; -+ char *dn, -+ *ldap_server="", -+ *ldap_basedn="", -+ *ldap_uidattr="", -+ *port_num=""; -+ int ldap_port = LDAP_PORT; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ /* If the password is NULL, reject the login... -+ * Otherwise the bind will succed as a reference bind. Not good... -+ */ -+ if (!userid || !password) -+ { -+ return SASL_BADPARAM; -+ } -+ -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL); -+ if (!ldap_server) ldap_server = LDAP_SERVER; -+ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL); -+ if (!ldap_basedn) { -+ if (reply) { *reply = "ldap_basedn not defined"; } -+ return SASL_BADPARAM; -+ } -+ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL); -+ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR; -+ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL); -+ if (!port_num) { -+ ldap_port = LDAP_PORT; -+ } else if (!ldap_isdigits(port_num)) { -+ if (reply) { *reply = "ldap_port - invalid value"; } -+ return SASL_BADPARAM; -+ } else { -+ ldap_port = atoi(port_num); -+ } -+ } -+ -+ /* Open the LDAP connection. */ -+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) -+ { -+ if (reply) { *reply = "cannot connect to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ if ( (dn = (char *)malloc(strlen(ldap_uidattr) -+ +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) { -+ if (reply) { *reply = "cannnot allocate memory for ldap dn"; } -+ return SASL_FAIL; -+ } -+ /* Generate a dn that we will try and login with */ -+ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn); -+ -+ /* -+ * Just try and bind with the dn we have been given -+ * In most cases the basedn is correct. -+ * If this is not so I have a version or that too -+ * Simon@surf.org.uk -+ */ -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) { -+ free(dn); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ free(dn); -+ ldap_unbind(ld); -+ return SASL_OK; -+} -+ -+#endif /* HAVE_LDAP */ -+ - struct sasl_verify_password_s _sasl_verify_password[] = { - { "sasldb", &sasldb_verify_password }, - #ifdef HAVE_KRB -@@ -921,6 +1165,12 @@ - #endif - #ifdef HAVE_PWCHECK - { "pwcheck", &pwcheck_verify_password }, -+#endif -+#ifdef HAVE_MYSQL -+ { "mysql", &mysql_verify_password }, -+#endif -+#ifdef HAVE_LDAP -+ { "ldap", &ldap_verify_password }, - #endif - { NULL, NULL } - }; diff --git a/security/cyrus-sasl2/files/patch-aj b/security/cyrus-sasl2/files/patch-aj deleted file mode 100644 index 569384a100d4..000000000000 --- a/security/cyrus-sasl2/files/patch-aj +++ /dev/null @@ -1,46 +0,0 @@ ---- doc/sysadmin.html.orig Wed Jul 12 21:59:51 2000 -+++ doc/sysadmin.html Fri Sep 15 20:56:28 2000 -@@ -171,6 +171,43 @@ - <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate, - helper daemon. <b>needs to be documented.</b><p> - -+<dt><i>mysql</i><dd> A MySQL database can be used for plaintext -+ password checking by setting "pwcheck_method" to "mysql".<p> -+ -+ <p>The following SASL options are used for MySQL Authentication:<p> -+ -+ <dl> -+ <dd>mysql_user: <user></dd> -+ <dd>mysql_passwd: <cleartext pw></dd> -+ <dd>mysql_host: <host></dd> -+ <dd>mysql_database: <database></dd> -+ <dd>mysql_table: <table></dd> -+ <dd>mysql_uidcol: <username col></dd> -+ <dd>mysql_pwdcol: <password col></dd> -+ </dl> -+ -+ <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a> -+ the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p> -+ -+<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password -+ checking by setting "pwcheck_method" to "ldap".<p> -+ -+ <p>The following SASL options are used for LDAP Authentication:<p> -+ -+ <dl> -+ <dd>ldap_server: <LDAP Server [localhost]> -+ <dd>ldap_basedn: <LDAP base dn> -+ <dd>ldap_uidattr: <LDAP uid attribute [uid]> -+ <dd>ldap_port: <LDAP port [389]> -+ </dl> -+ -+ <p>It is a requirement that "ldap_basedn" be set to the appropriate -+ value for your site<br> -+ (ex. ldap_basedn: o=surf, c=UK)<p> -+ -+ <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@surf.org.uk</a> -+ the original patch may be found at <a href="http://www.surf.org.uk/">http://www.surf.org.uk/</a>.<p> -+ - <dt><i>write your own</i><dd> Last, but not least, the most flexible - method of authentication for PLAIN is to write your own. If you do - so, any application that calls the "<tt>sasl_checkpass()</tt>" diff --git a/security/cyrus-sasl2/files/patch-ak b/security/cyrus-sasl2/files/patch-ak deleted file mode 100644 index ecbd20ca3239..000000000000 --- a/security/cyrus-sasl2/files/patch-ak +++ /dev/null @@ -1,30 +0,0 @@ ---- plugins/kerberos4.c.orig Wed Apr 19 11:18:48 2000 -+++ plugins/kerberos4.c Sat Sep 16 18:49:20 2000 -@@ -696,8 +696,13 @@ - - /* decrypt; verify checksum */ - -+#ifdef __FreeBSD__ -+ des_pcbc_encrypt((const unsigned char *)in, -+ (unsigned char *)in, -+#else - des_pcbc_encrypt((des_cblock *)in, - (des_cblock *)in, -+#endif - clientinlen, - text->init_keysched, - &text->session, -@@ -1192,8 +1197,13 @@ - } - sout[len]=0; - -+#ifdef __FreeBSD__ -+ des_pcbc_encrypt((const unsigned char *)sout, -+ (unsigned char *)sout, -+#else - des_pcbc_encrypt((des_cblock *)sout, - (des_cblock *)sout, -+#endif - len, - text->init_keysched, - (des_cblock *)text->session, diff --git a/security/cyrus-sasl2/files/patch-lib::common.c b/security/cyrus-sasl2/files/patch-lib::common.c deleted file mode 100644 index 1bc58a81c3d6..000000000000 --- a/security/cyrus-sasl2/files/patch-lib::common.c +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/common.c.orig Thu Dec 6 18:34:09 2001 -+++ lib/common.c Thu Dec 6 18:34:24 2001 -@@ -596,7 +596,7 @@ - } - - /* do the syslog call. do not need to call openlog */ -- syslog(syslog_priority | LOG_AUTH, message); -+ syslog(syslog_priority | LOG_AUTH, "%s", message); - - return SASL_OK; - } diff --git a/security/cyrus-sasl2/pkg-deinstall b/security/cyrus-sasl2/pkg-deinstall index 9e18cc7e18ed..fe997778b912 100644 --- a/security/cyrus-sasl2/pkg-deinstall +++ b/security/cyrus-sasl2/pkg-deinstall @@ -15,7 +15,13 @@ SASLDB_NAME=${PKG_PREFIX}/etc/%%SASLDB%% # delete sasldb database delete_sasldb() { - [ -f ${SASLDB_NAME} -a ! -s ${SASLDB_NAME} ] && rm ${SASLDB_NAME} + if [ -f ${SASLDB_NAME} ] ; then + if [ `${PKG_PREFIX}/sbin/sasldblistusers | wc -l` -eq 0 ] ; then + rm ${SASLDB_NAME} + else + echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file" + fi + fi } # This should really be uninstalled by Sendmail diff --git a/security/cyrus-sasl2/pkg-install b/security/cyrus-sasl2/pkg-install index 5bceae998de5..b0a9c1961b71 100644 --- a/security/cyrus-sasl2/pkg-install +++ b/security/cyrus-sasl2/pkg-install @@ -73,7 +73,8 @@ create_user() { create_sasldb() { if [ ! -f ${SASLDB_NAME} ]; then - touch ${SASLDB_NAME} + echo "test" | ${PKG_PREFIX}/sbin/saslpasswd -p -c cyrus + ${PKG_PREFIX}/sbin/saslpasswd -d cyrus chown cyrus:mail ${SASLDB_NAME} chmod 640 ${SASLDB_NAME} fi diff --git a/security/cyrus-sasl2/pkg-message b/security/cyrus-sasl2/pkg-message index 49423c13741d..5dfe7ff77639 100644 --- a/security/cyrus-sasl2/pkg-message +++ b/security/cyrus-sasl2/pkg-message @@ -1,15 +1,12 @@ -%%PREFIX%%/etc/%%SASLDB%% now needs to be created -before applications that depend on SASL are used. - su cyrus - %%PREFIX%%/sbin/saslpasswd -c userid - -You will also need to start the pwcheck daemon: +You may need to start the pwcheck daemon for authentication with +the system password files: %%PREFIX%%/etc/rc.d/pwcheck.sh start -Read the documentation in %%DOCSDIR%% +or you can use sasldb for authentication, to add users use: + + saslpasswd -c username How to enable SMTP AUTH with system Sendmail 8.11 - Sendmail.README -How to use LDAP or MySQL for passwords - see html/sysadmin.html diff --git a/security/cyrus-sasl2/pkg-plist b/security/cyrus-sasl2/pkg-plist index 2ec1121a3687..4f08d1e0edb0 100644 --- a/security/cyrus-sasl2/pkg-plist +++ b/security/cyrus-sasl2/pkg-plist @@ -33,9 +33,7 @@ lib/sasl/libplain.so lib/sasl/libplain.so.1 sbin/sasldblistusers sbin/saslpasswd -sbin/pwcheck_pwnam -@exec ln %D/sbin/pwcheck_pwnam %D/sbin/pwcheck -@unexec rm -f %D/sbin/pwcheck +sbin/pwcheck %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/ChangeLog @@ -44,13 +42,13 @@ sbin/pwcheck_pwnam %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/Sendmail.README %%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/draft-leach-digest-sasl-05.txt %%PORTDOCS%%%%DOCSDIR%%/draft-newman-auth-scram-03.txt %%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2095.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2222.txt %%PORTDOCS%%%%DOCSDIR%%/rfc2245.txt +%%PORTDOCS%%%%DOCSDIR%%/rfc2831.txt %%PORTDOCS%%%%DOCSDIR%%/gssapi.html %%PORTDOCS%%%%DOCSDIR%%/index.html %%PORTDOCS%%%%DOCSDIR%%/programming.html diff --git a/security/cyrus-sasl2/scripts/configure.sasl b/security/cyrus-sasl2/scripts/configure.sasl index 930c7acb3758..b4db08de7d59 100644 --- a/security/cyrus-sasl2/scripts/configure.sasl +++ b/security/cyrus-sasl2/scripts/configure.sasl @@ -1,51 +1,68 @@ #!/bin/sh # $FreeBSD$ -if [ -f ${WRKDIRPREFIX}${CURDIR}/Makefile.inc ]; then +if [ -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc ]; then exit fi -SASLDB_NAME=sasldb.db - tempfile=`mktemp -t checklist` if [ "${BATCH}" ]; then - if [ "x${ENABLE_DB3}" = "xYES" ]; then - OPTIONS=\"DB3\" + if [ "${WITH_DB3}" ]; then + OPTIONS="\"DB3\"" + else + OPTIONS="\"NDBM\"" fi - if [ "x${ENABLE_MYSQL}" = "xYES" ]; then + if [ "${WITH_JAVA}" ]; then + OPTIONS="${OPTIONS} \"JAVA\"" + fi + if [ "${WITH_MYSQL}" ]; then OPTIONS="${OPTIONS} \"MySQL\"" fi - if [ "x${ENABLE_LDAP}" = "xYES" ]; then - OPTIONS="${OPTIONS} \"OpenLDAP\"" + if [ "${WITH_LDAP2}" ]; then + OPTIONS="${OPTIONS} \"OpenLDAP2\"" + elif [ "${WITH_LDAP1}" ]; then + OPTIONS="${OPTIONS} \"OpenLDAP1\"" fi - if [ "x${OPTIONS}" != "x" ]; then + if [ "${OPTIONS}" != "x" ]; then set ${OPTIONS} fi else - if [ "x${ENABLE_DB3}" = "xYES" -o -f ${PREFIX}/lib/libdb3.so ] ; then + if [ "${WITH_DB3}" -o -f ${PREFIX}/lib/libdb3.so ] ; then SET_DB3="ON" + SET_NDBM="OFF" else SET_DB3="OFF" + SET_NDBM="ON" + fi + if [ "${WITH_JAVA}" ] ; then + SET_JAVA="ON" + else + SET_JAVA="OFF" fi - if [ "x${ENABLE_MYSQL}" = "xYES" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then + if [ "${WITH_MYSQL}" -o -f ${PREFIX}/lib/mysql/libmysqlclient.so ] ; then SET_MYSQL="ON" else SET_MYSQL="OFF" fi - if [ "x${ENABLE_LDAP}" = "xYES" -o \ - -f ${PREFIX}/lib/libldap.so -a -f ${PREFIX}/lib/liblber.so ] ; then - SET_LDAP="ON" - else - SET_LDAP="OFF" + + #Perfer LDAP2 over LDAP1 + SET_LDAP1="OFF" + SET_LDAP2="OFF" + if [ "${WITH_LDAP2}" -o -f ${PREFIX}/lib/libldap.so.2 -a -f ${PREFIX}/lib/liblber.so.2 ] ; then + SET_LDAP2="ON" + elif [ "${WITH_LDAP1}" -o -f ${PREFIX}/lib/libldap.so.1 -a -f ${PREFIX}/lib/liblber.so.1 ]; then + SET_LDAP1="ON" fi /usr/bin/dialog --title "Additional SASL options" --clear \ --checklist "\n\ Please select desired options:" -1 -1 16 \ +NDBM "ndbm DB package" ${SET_NDBM} \ DB3 "Berkeley DB package, revision 3" ${SET_DB3} \ MySQL "MySQL password Authentication" ${SET_MYSQL} \ -OpenLDAP "OpenLDAP password Authentication" ${SET_LDAP} \ +OpenLDAP1 "OpenLDAP 1.x support" ${SET_LDAP1} \ +OpenLDAP2 "OpenLDAP 2.x support" ${SET_LDAP2} \ 2> $tempfile retval=$? @@ -66,34 +83,83 @@ OpenLDAP "OpenLDAP password Authentication" ${SET_LDAP} \ esac fi -${MKDIR} ${WRKDIRPREFIX}${CURDIR} -exec > ${WRKDIRPREFIX}${CURDIR}/Makefile.inc +${MKDIR} ${WRKDIRPREFIX}${REALCURDIR} +exec > ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc echo "PREFIX= ${PREFIX}" while [ "$1" ]; do case $1 in + \"NDBM\") + if [ "${DBLIB}" ]; then + echo "ndbm and db3 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi + echo "CONFIGURE_ARGS+= --with-dblib=ndbm" + echo "SASLDB_NAME= sasldb.db" + DBLIB=1 + ;; \"DB3\") + if [ "${DBLIB}" ]; then + echo "ndbm and db3 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi echo "LIB_DEPENDS+= db3.2:\${PORTSDIR}/databases/db3" - echo "CONFIGURE_ARGS+=--with-dblib=berkeley" - SASLDB_NAME=sasldb + echo "CONFIGURE_ARGS+= --with-dblib=berkeley" + echo "SASLDB_NAME= sasldb" + DBLIB=1 + ;; + \"JAVA\") + echo "JAVA is disabled, Ignoring option" > /dev/stderr + ;; + \"DISABLED\") + echo "RUN_DEPENDS= \${LOCALBASE}/\${JAVADIR}/bin/java:\${PORTSDIR}/java/jdk" + echo "CONFIGURE_ARGS+= --with-java \\" + echo " --with-javabase=\${LOCALBASE}/include" + echo "CONFIGURE_ENV+= JAVAC=\"\${LOCALBASE}/\${JAVADIR}/bin/javac\" \\" + echo " JAVAH=\"\${LOCALBASE}/\${JAVADIR}/bin/javah" \\" + echo " JAVADOC=\"\${LOCALBASE}/\${JAVADIR}/bin/javadoc\" ;; \"MySQL\") echo "LIB_DEPENDS+= mysqlclient.10:\${PORTSDIR}/databases/mysql323-client" - echo "CONFIGURE_ARGS+=--with-mysql=\${PREFIX}" + echo "CONFIGURE_ARGS+= --with-mysql=\${PREFIX}" + MSG=1 ;; - \"OpenLDAP\") + \"OpenLDAP1\") + if [ "$OPENLDAP2" ]; then + echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi echo "LIB_DEPENDS+= ldap.1:\${PORTSDIR}/net/openldap" echo "LIB_DEPENDS+= lber.1:\${PORTSDIR}/net/openldap" - echo "CONFIGURE_ARGS+=--with-ldap=\${PREFIX}" + echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}" + OPENLDAP1=1 + MSG=1 + ;; + \"OpenLDAP2\") + if [ "$OPENLDAP1" ]; then + echo "OpenLDAP1 and OpenLDAP2 are mutually exclusive." > /dev/stderr + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc + exit 1 + fi + echo "LIB_DEPENDS+= ldap.2:\${PORTSDIR}/net/openldap2" + echo "LIB_DEPENDS+= lber.2:\${PORTSDIR}/net/openldap2" + echo "CONFIGURE_ARGS+= --with-ldap=\${PREFIX}" + OPENLDAP2=1 + MSG=1 ;; *) echo "Invalid option(s): $*" > /dev/stderr - rm -f ${WRKDIRPREFIX}${CURDIR}/Makefile.inc + rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc exit 1 ;; esac shift done -echo "SASLDB_NAME= ${SASLDB_NAME}" +if [ "x${MSG}" != "x" ]; then + echo "LDAP_MYSQL_MSG= \"See sysadmin.html in the Cyrus-SASL docs directory for informaion on using LDAP or MySQL for authentication.\"" +fi |