Date: Wed, 14 Aug 2002 00:28:24 -0500 (CDT) From: "Scot W. Hetzel" <hetzels@westbend.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/41653: security/cyrus-sasl: add saslauthd daemon and fix interaction with SASL V2 port Message-ID: <200208140528.g7E5SO2G015917@wbiW009.westbend.net>
next in thread | raw e-mail | index | archive | help
>Number: 41653 >Category: ports >Synopsis: security/cyrus-sasl: add saslauthd daemon and fix interaction with SASL V2 port >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Aug 13 22:30:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Scot W. Hetzel >Release: FreeBSD 4.6-STABLE i386 >Organization: West Bend Internet >Environment: System: FreeBSD wbiW009.westbend.net 4.6-STABLE FreeBSD 4.6-STABLE #0: Wed Jul 10 17:04:54 CDT 2002 root@mail.westbend.net:/usr/obj/usr/src/src4/sys/GENERIC-SMP i386 >Description: Add saslauthd as default general password checking daemon (replaces pwcheck{_pam}). Fix "& &&" in pwcheck.sh Correct the interaction between the SASL V1 and SASL V2 libraries. When the SASL V1 and SASL V2 ports are installed, the saslpasswd2 and sasldblistusrs2 will core dump because they are trying to use the SASL V1 plugins (${PREFIX}/lib/sasl) instead of the SASL V2 plugins (${PREFIX}/lib/sasl2). The problem is caused by libtool adding '${PREFIX}/lib/sasl' to the ld-elf.so.hints file during the install. My solution was to save the list of search directories in pre-install, and then restore them in post-install. Packages will not have this problem as ldconfig is only used on ${PREFIX}/lib. >How-To-Repeat: Install security/cyrus-sasl, then install security/cyrus-sasl2. Wait for core dumps to be generated by the saslpasswd2 and sasldblistusers2 programs during the install. (The core dumps are large) >Fix: Changed Files: Makefile files/pwcheck.sh pkg-deinstall pkg-install pkg-message pkg-plist scripts/configure.sasl New Files: files/patch-saslauthd::Makefile.am files/saslauthd.sh Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v retrieving revision 1.44 diff -u -r1.44 Makefile --- Makefile 28 Jul 2002 17:26:11 -0000 1.44 +++ Makefile 14 Aug 2002 05:06:07 -0000 @@ -7,7 +7,7 @@ PORTNAME= cyrus-sasl PORTVERSION= 1.5.27 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \ http://www.surf.org.uk/downloads/ \ @@ -42,7 +42,7 @@ sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \ sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \ sasl_setprop.3 sasl_usererr.3 -MAN8= sasldblistusers.8 saslpasswd.8 +MAN8= sasldblistusers.8 saslpasswd.8 saslauthd.8 USE_AUTOMAKE_VER=14 USE_LIBTOOL= YES @@ -54,6 +54,8 @@ --includedir=${PREFIX}/include/sasl1 \ --enable-static \ --enable-login \ + --with-saslauthd=/var/state/saslauthd1 \ + --enable-auth-sasldb \ --with-pwcheck=/var/pwcheck \ --with-rc4=openssl @@ -68,8 +70,8 @@ WITH_LDAP1="${WITH_LDAP1}" \ WITH_LDAP2="${WITH_LDAP2}" -JAVADIR= jdk1.3.1 -JAVALIBDIR= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ +JAVADIR?= jdk1.3.1 +JAVALIBDIR?= ${PREFIX}/${JAVADIR}/lib/i386/green_threads/ .if defined(KRB5_HOME) && exists(${KRB5_HOME}) CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME} @@ -124,13 +126,15 @@ pre-patch: @(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH}) -# Fix sasldb name in pkg-install/deinstall scripts +# Fix pkg-{install/deinstall/messages} post-patch: @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ ${.CURDIR}/pkg-install > ${PKGINSTALL} @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ ${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL} - @${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \ + @${SED} -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \ -e "s;%%PREFIX%%;${PREFIX};g" \ ${.CURDIR}/pkg-message > ${PKGMESSAGE} .ifdef LDAP_MYSQL_MSG @@ -143,13 +147,21 @@ # Create Cyrus user and group pre-install: + ${LDCONFIG} -r | head -n 2 | tail -n 1 | sed -e 's; search directories:;;g' -e 's;:; ;g' > ${WORKDIR}/ldpath @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + @if [ -f ${PREFIX}/sbin/saslauthd ]; then \ + mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \ + fi post-install: @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \ ${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck + @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \ + ${FILESDIR}/saslauthd.sh > ${PREFIX}/etc/rc.d/saslauthd1.sh + @${CHMOD} 755 ${PREFIX}/etc/rc.d/saslauthd1.sh + ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/state/saslauthd1 .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in ${DOCS} @@ -162,6 +174,11 @@ @${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR} @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR} .endif + @mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1 + @if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \ + mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \ + fi + ${LDCONFIG} `${CAT} ${WORKDIR}/ldpath` @PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} Index: pkg-deinstall =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-deinstall,v retrieving revision 1.5 diff -u -r1.5 pkg-deinstall --- pkg-deinstall 24 May 2002 02:01:13 -0000 1.5 +++ pkg-deinstall 13 Aug 2002 17:27:45 -0000 @@ -38,7 +38,7 @@ sendmail_conf() { if [ -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then - echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp + echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp if cmp -s ${PKG_PREFIX}/lib/sasl/Sendmail.conf ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp; then rm -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf fi Index: pkg-install =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-install,v retrieving revision 1.9 diff -u -r1.9 pkg-install --- pkg-install 26 Jun 2002 18:49:21 -0000 1.9 +++ pkg-install 13 Aug 2002 22:52:18 -0000 @@ -67,12 +67,6 @@ fi echo "*** Updated user \`${USER}'." fi -# Don't know why we need the daemon user in the cyrus group -# hopefully this doesn't affect anyone. It's a leftover from -# the pre-SASL cyrus-imapd server. -# if ! ${PW} group mod ${GROUP} -m daemon; then -# echo "*** can't add user \`daemon' to group \`${GROUP}'" -# fi } create_sasldb() { @@ -92,7 +86,7 @@ sendmail_conf() { if [ ! -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then - echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf + echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf fi } Index: pkg-message =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-message,v retrieving revision 1.4 diff -u -r1.4 pkg-message --- pkg-message 17 Jan 2002 15:04:35 -0000 1.4 +++ pkg-message 13 Aug 2002 22:51:36 -0000 @@ -1,12 +1,19 @@ -You may need to start the pwcheck daemon for authentication with -the system password files: +You may need to start the pwcheck or saslauthd daemon for authentication +with the system password files: %%PREFIX%%/etc/rc.d/pwcheck.sh start +or + %%PREFIX%%/etc/rc.d/saslauthd1.sh start or you can use sasldb for authentication, to add users use: saslpasswd -c username -How to enable SMTP AUTH with system Sendmail 8.11 - Sendmail.README +If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README + +NOTE: This port has been compiled with a default pwcheck_method of + %%PWCHECK_METHOD%%. Set sasl_pwcheck_method to %%PWCHECK_METHOD%%, + after installing the Cyrus-IMAPd 1.6.24 port. You should also check + the %%PREFIX%%/lib/sasl/*.conf files for the correct pwcheck_method. Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-plist,v retrieving revision 1.15 diff -u -r1.15 pkg-plist --- pkg-plist 28 Jul 2002 17:26:11 -0000 1.15 +++ pkg-plist 13 Aug 2002 23:14:06 -0000 @@ -1,5 +1,9 @@ +@comment The following makes sure that the pwcheck and saslauthd +@comment daemons are stopped before removing the files. @unexec if [ -f /var/run/pwcheck.pid ] ; then %D/etc/rc.d/pwcheck.sh stop ; echo " stopped." ; fi +@unexec if [ -f /var/state/saslauthd1/mux.pid ] ; then %D/etc/rc.d/saslauthd1.sh stop ; echo " stopped." ; fi etc/rc.d/pwcheck.sh +etc/rc.d/saslauthd1.sh include/sasl1/hmac-md5.h include/sasl1/md5.h include/sasl1/md5global.h @@ -38,6 +42,7 @@ sbin/saslpasswd sbin/pwcheck sbin/pwcheck_pam +sbin/saslauthd1 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class @@ -88,7 +93,14 @@ @dirrm lib/sasl @cwd /var @exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck -@comment This file gets created by the pwcheck program +@comment This file get created by the pwcheck program @unexec rm -f %D/pwcheck/pwcheck @dirrm pwcheck +@mode ug=rwx,o= +@exec mkdir -p /var/state/saslauthd1 +@exec chown -R cyrus:cyrus state +@exec chmod -R o= state +@comment This file gets created by the state/saslauthd program +@unexec rm -fr /var/state/saslauthd1 +@unexec rmdir /var/state @cwd %%PREFIX%% Index: files/patch-saslauthd::Makefile.am =================================================================== RCS file: files/patch-saslauthd::Makefile.am diff -N files/patch-saslauthd::Makefile.am --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-saslauthd::Makefile.am 13 Aug 2002 18:57:43 -0000 @@ -0,0 +1,11 @@ +--- saslauthd/Makefile.am.orig Fri Mar 23 19:41:35 2001 ++++ saslauthd/Makefile.am Tue Aug 13 13:57:10 2002 +@@ -2,7 +2,7 @@ + man_MANS = saslauthd.8 + + saslauthd_SOURCES = saslauthd.c mechanisms.c globals.h mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c auth_getpwent.h auth_krb4.c auth_krb4.h auth_pam.c auth_pam.h auth_rimap.c auth_rimap.h auth_shadow.c auth_shadow.h auth_sia.c auth_sia.h +-saslauthd_LDADD = @SASL_KRB_LIB@ ++saslauthd_LDADD = @SASL_KRB_LIB@ @LIB_PAM@ @LIB_CRYPT@ + + INCLUDES = -I$(top_srcdir)/include + EXTRA_DIST = saslauthd.8 Index: files/pwcheck.sh =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/pwcheck.sh,v retrieving revision 1.3 diff -u -r1.3 pwcheck.sh --- files/pwcheck.sh 20 Jan 2002 19:23:17 -0000 1.3 +++ files/pwcheck.sh 13 Aug 2002 16:43:32 -0000 @@ -41,7 +41,7 @@ start) if [ -x ${sasl_pwcheck_program} ] ; then - ${sasl_pwcheck_program} & && echo -n " pwcheck" + ${sasl_pwcheck_program} && echo -n " pwcheck" fi ;; Index: files/saslauthd.sh =================================================================== RCS file: files/saslauthd.sh diff -N files/saslauthd.sh --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/saslauthd.sh 14 Aug 2002 02:27:36 -0000 @@ -0,0 +1,75 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +action=$1 + +PREFIX=%%PREFIX%% + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +# The following sasl_saslauthd_* variables may be defined in rc.conf +# +# sasl_saslauthd1_enable - Set to YES to enable saslauthd +# Default: %%ENABLESASLAUTHD%% +# +# sasl_saslauthd1_program - Path to saslauthd program +# Default: ${PREFIX}/sbin/saslauthd1 +# +# sasl_saslauthd1_flags - Flags to saslauthd program +# Default: -a pam + +if [ -z "${sasl_saslauthd1_enable}" ]; then + sasl_saslauthd1_enable=%%ENABLESASLAUTHD%% +fi + +if [ -z "${sasl_saslauthd1_program}" ]; then + sasl_saslauthd1_program=${PREFIX}/sbin/saslauthd1 +fi + +if [ -z "${sasl_saslauthd1_flags}" ]; then + sasl_saslauthd1_flags="-a pam" +fi + +rc=0 + +case "${sasl_saslauthd1_enable}" in + [Yy][Ee][Ss]) + case "${action}" in + + start) + if [ -x ${sasl_saslauthd1_program} ] ; then + ${sasl_saslauthd1_program} ${sasl_saslauthd1_flags} \ + && echo -n " saslauthd1" + fi + ;; + + stop) + if [ -r /var/state/saslauthd1/mux.pid ]; then + kill `cat /var/state/saslauthd1/mux.pid` && \ + echo -n " saslauthd1" + rm /var/state/saslauthd1/mux.pid + fi + ;; + + *) + echo "usage: $0 {start|stop}" 1>&2 + rc=64 + ;; + esac + ;; + *) + rc=0 + ;; +esac + +exit $rc Index: scripts/configure.sasl =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/scripts/configure.sasl,v retrieving revision 1.12 diff -u -r1.12 configure.sasl --- scripts/configure.sasl 20 Jan 2002 19:23:25 -0000 1.12 +++ scripts/configure.sasl 13 Aug 2002 18:46:46 -0000 @@ -25,7 +25,7 @@ OPTIONS="${OPTIONS} \"OpenLDAP1\"" fi if [ "${OPTIONS}" != "x" ]; then - OPTIONS="${OPTIONS} \"PWCHECK\"" + OPTIONS="${OPTIONS} \"SASLAUTHD\"" set ${OPTIONS} fi else @@ -65,8 +65,9 @@ MySQL "MySQL password Authentication" ${SET_MYSQL} \ OpenLDAP1 "OpenLDAP 1.x password Authentication" ${SET_LDAP1} \ OpenLDAP2 "OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \ -PWCHECK "Use pwcheck for password Authentication" ON \ -PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \ +PWCHECK "Use pwcheck for password Authentication" OFF \ +PAMPWCHECK "Use pwcheck_pam for password Authentication" OFF \ +SASLAUTHD "Use saslauthd for password Authentication" ON \ 2> $tempfile retval=$? @@ -172,6 +173,12 @@ PWCHECK=1 fi ;; + \"SASLAUTHD\") + if [ "$PWCHECK" ]; then + echo "SASLAUTHD is preferred over PWCHECK: Enabling saslauthd and disabling pwcheck in rc.d scripts" > /dev/stderr + fi + SASLAUTHD=1 + ;; *) echo "Invalid option(s): $*" > /dev/stderr rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc @@ -181,12 +188,24 @@ shift done -if [ "$PWCHECK" ]; then - echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\"" +if [ ! "${PWCHECK}" ]; then + echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\"" +fi + +if [ "$SASLAUTHD" ]; then + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;no;g\"" + echo "PWCHECK_METHOD= saslauthd" + echo "SASLAUTHD_SUB+= -e \"s;%%ENABLESASLAUTHD%%;yes;g\"" else - echo "PWCHECK_SUB+= -e \"s;%%PWCHECK%%;pwcheck;g\" \\" - echo " -e \"s;%%ENABLEPWCHECK%%;no;g\"" + if [ "$PWCHECK" ]; then + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;yes;g\"" + else + echo "PWCHECK_SUB+= -e \"s;%%ENABLEPWCHECK%%;no;g\"" + fi + echo "PWCHECK_METHOD+= pwcheck" + echo "SASLAUTHD_SUB+= -e \"s;%%ENABLESASLAUTHD%%;no;g\"" fi + if [ ! "${DEFJAVA}" ]; then echo "PLIST_SUB+= JAVASASL=\"@comment \"" fi >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208140528.g7E5SO2G015917>