New port: security/pam_krb5-rh
The pam_krb5 module allows PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC. This module includes many configurable options and provides functionality and features that other pam_krb5 modules do not provide. WWW: https://fedorahosted.org/pam_krb5/
This commit is contained in:
parent
0f64a7859c
commit
523261f271
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=284809
9 changed files with 210 additions and 0 deletions
|
@ -572,6 +572,7 @@
|
|||
SUBDIR += pam_jail
|
||||
SUBDIR += pam_kde
|
||||
SUBDIR += pam_krb5
|
||||
SUBDIR += pam_krb5-rh
|
||||
SUBDIR += pam_ldap
|
||||
SUBDIR += pam_mkhomedir
|
||||
SUBDIR += pam_p11
|
||||
|
|
51
security/pam_krb5-rh/Makefile
Normal file
51
security/pam_krb5-rh/Makefile
Normal file
|
@ -0,0 +1,51 @@
|
|||
# New ports collection makefile for: pam_krb5
|
||||
# Date created: 18 October 2011
|
||||
# Whom: Ryan Steinmetz <zi@FreeBSD.org>
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= pam_krb5
|
||||
DISTVERSION= 2.3.13-1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \
|
||||
http://people.rit.edu/rpsfa/distfiles/
|
||||
PKGNAMESUFFIX= -rh
|
||||
|
||||
MAINTAINER= zi@FreeBSD.org
|
||||
COMMENT= The Red Hat Pluggable Authentication Module for Kerberos 5
|
||||
|
||||
LICENSE= LGPL21 BSD
|
||||
LICENSE_COMB= dual
|
||||
|
||||
CONFLICTS= pam_krb5-4.*
|
||||
|
||||
USE_ICONV= yes
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS+=--with-libiconv-prefix=${LOCALBASE} --without-afs \
|
||||
--with-libintl-prefix=${LOCALBASE} --with-krb4=no \
|
||||
--without-keyutils
|
||||
LDFLAGS= -L${LOCALBASE}/lib
|
||||
|
||||
MAN5= pam_krb5.5
|
||||
MAN8= pam_krb5.8 pam_krb5_storetmp.8
|
||||
|
||||
.if defined(WITHOUT_NLS)
|
||||
PLIST_SUB+= NLS="@comment "
|
||||
CONFIGURE_ARGS+=--disable-nls
|
||||
.else
|
||||
PLIST_SUB+= NLS=""
|
||||
LDFLAGS+= -lintl
|
||||
USE_GETTEXT= yes
|
||||
.endif
|
||||
|
||||
post-patch:
|
||||
@${REINPLACE_CMD} -e 's|libdir)/security|libdir)|g' ${WRKSRC}/src/Makefile.in
|
||||
@${REINPLACE_CMD} -e 's|/lib64/security|${LOCALBASE}/lib|g' \
|
||||
${WRKSRC}/src/*.8
|
||||
@${REINPLACE_CMD} -e 's|-ldl||g' ${WRKSRC}/tests/tools/Makefile.in
|
||||
@${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_SYMBOL_ERR|g' ${WRKSRC}/src/conv.c
|
||||
@${REINPLACE_CMD} -e 's|PAM_AUTHTOK_RECOVER_ERR|PAM_AUTHTOK_RECOVERY_ERR|g' \
|
||||
${WRKSRC}/src/password.c
|
||||
|
||||
.include <bsd.port.mk>
|
2
security/pam_krb5-rh/distinfo
Normal file
2
security/pam_krb5-rh/distinfo
Normal file
|
@ -0,0 +1,2 @@
|
|||
SHA256 (pam_krb5-2.3.13-1.tar.gz) = bc5b45afcb5951edc0c4b98a3342d96a3b59cedd4234560b6d1450ebe990195f
|
||||
SIZE (pam_krb5-2.3.13-1.tar.gz) = 566365
|
10
security/pam_krb5-rh/files/patch-src__acct.c
Normal file
10
security/pam_krb5-rh/files/patch-src__acct.c
Normal file
|
@ -0,0 +1,10 @@
|
|||
--- ./src/acct.c.orig 2011-07-29 15:31:01.000000000 -0400
|
||||
+++ ./src/acct.c 2011-10-18 11:49:37.000000000 -0400
|
||||
@@ -38,7 +38,6 @@
|
||||
|
||||
#ifdef HAVE_SECURITY_PAM_MODULES_H
|
||||
#define PAM_SM_ACCT_MGMT
|
||||
-#include <security/pam_modules.h>
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
10
security/pam_krb5-rh/files/patch-src__kuserok.c
Normal file
10
security/pam_krb5-rh/files/patch-src__kuserok.c
Normal file
|
@ -0,0 +1,10 @@
|
|||
--- ./src/kuserok.c.orig 2011-07-29 15:31:01.000000000 -0400
|
||||
+++ ./src/kuserok.c 2011-10-18 11:46:19.000000000 -0400
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <sys/select.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
+#include <sys/signal.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <grp.h>
|
10
security/pam_krb5-rh/files/patch-src__storetmp.c
Normal file
10
security/pam_krb5-rh/files/patch-src__storetmp.c
Normal file
|
@ -0,0 +1,10 @@
|
|||
--- ./src/storetmp.c.orig 2011-10-18 11:47:04.000000000 -0400
|
||||
+++ ./src/storetmp.c 2011-10-18 11:47:16.000000000 -0400
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <sys/select.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
+#include <sys/signal.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <grp.h>
|
70
security/pam_krb5-rh/files/patch-src__v5.c
Normal file
70
security/pam_krb5-rh/files/patch-src__v5.c
Normal file
|
@ -0,0 +1,70 @@
|
|||
--- ./src/v5.c.orig 2011-07-29 15:31:01.000000000 -0400
|
||||
+++ ./src/v5.c 2011-10-24 09:25:15.000000000 -0400
|
||||
@@ -1350,6 +1350,9 @@
|
||||
krb5_creds tmpcreds;
|
||||
krb5_ccache ccache;
|
||||
krb5_get_init_creds_opt *tmp_gicopts;
|
||||
+ krb5_timestamp sec;
|
||||
+ const char *e = NULL;
|
||||
+ char *p;
|
||||
|
||||
/* In case we already have creds, get rid of them. */
|
||||
krb5_free_cred_contents(ctx, creds);
|
||||
@@ -1393,23 +1396,50 @@
|
||||
memset(&service_principal, 0, sizeof(service_principal));
|
||||
if (krb5_parse_name(ctx, realm_service,
|
||||
&service_principal) == 0) {
|
||||
- if (options->debug) {
|
||||
- debug("attempting to read existing credentials "
|
||||
- "from %s", krb5_cc_default_name(ctx));
|
||||
- }
|
||||
memset(&ccache, 0, sizeof(ccache));
|
||||
/* In case we're setuid/setgid, switch to the caller's
|
||||
* permissions. */
|
||||
saved_perms = _pam_krb5_switch_perms();
|
||||
+
|
||||
+ e = getenv("KRB5CCNAME");
|
||||
+ if (e) {
|
||||
+ p = strndup(e, 128);
|
||||
+ if (p == NULL) {
|
||||
+ memset(&e, 0, sizeof(e));
|
||||
+ if (options->debug)
|
||||
+ debug("malloc: out of memory");
|
||||
+ return ENOMEM;
|
||||
+ }
|
||||
+ if ((strnlen(p, 128) > 96) || strnlen(p, 128) <= 0) {
|
||||
+ memset(&e, 0, sizeof(e));
|
||||
+ if (options->debug)
|
||||
+ debug("KRB5CCNAME is too long or too short, aborting");
|
||||
+ return PAM_SYSTEM_ERR;
|
||||
+ }
|
||||
+ if (strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '='))
|
||||
+ krb5_cc_set_default_name(ctx, p);
|
||||
+ else {
|
||||
+ if (options->debug)
|
||||
+ debug("KRB5CCNAME does not start with FILE:");
|
||||
+ }
|
||||
+ memset(&e, 0, sizeof(e));
|
||||
+ }
|
||||
+ if (options->debug) {
|
||||
+ debug("attempting to read existing credentials "
|
||||
+ "from %s", krb5_cc_default_name(ctx));
|
||||
+ }
|
||||
if ((saved_perms != NULL) &&
|
||||
(krb5_cc_default(ctx, &ccache) == 0)) {
|
||||
+ krb5_timeofday (ctx, &sec);
|
||||
tmpcreds.client = userinfo->principal_name;
|
||||
tmpcreds.server = service_principal;
|
||||
i = krb5_cc_retrieve_cred(ctx, ccache, 0,
|
||||
&tmpcreds, creds);
|
||||
- /* FIXME: check if the creds are expired?
|
||||
- * What's the right error code if we check, and
|
||||
- * they are? */
|
||||
+ if ((i == 0) && creds->times.endtime < sec) {
|
||||
+ if (options->debug)
|
||||
+ warn("Credentials expired");
|
||||
+ i = KRB5_KPASSWD_AUTHERROR;
|
||||
+ }
|
||||
memset(&tmpcreds, 0, sizeof(tmpcreds));
|
||||
krb5_cc_close(ctx, ccache);
|
||||
/* In case we're setuid/setgid, restore the
|
7
security/pam_krb5-rh/pkg-descr
Normal file
7
security/pam_krb5-rh/pkg-descr
Normal file
|
@ -0,0 +1,7 @@
|
|||
The pam_krb5 module allows PAM-aware applications to authenticate
|
||||
users by performing an AS exchange with a Kerberos KDC.
|
||||
|
||||
This module includes many configurable options and provides functionality
|
||||
and features that other pam_krb5 modules do not provide.
|
||||
|
||||
WWW: https://fedorahosted.org/pam_krb5/
|
49
security/pam_krb5-rh/pkg-plist
Normal file
49
security/pam_krb5-rh/pkg-plist
Normal file
|
@ -0,0 +1,49 @@
|
|||
lib/pam_krb5/pam_krb5_storetmp
|
||||
lib/pam_krb5.so
|
||||
lib/pam_krb5.la
|
||||
@dirrm lib/pam_krb5
|
||||
%%NLS%%share/locale/as/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/bn_IN/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ca/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/cs/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/da/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/de/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/el/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/es/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/fa/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/fr/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/gu/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/hi/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/hu/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/it/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ja/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/kn/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ko/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ml/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/mr/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ms/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/nl/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/or/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/pa/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/pl/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/pt_BR/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ro/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ru/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/sr/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/sr@latin/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/sv/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/ta/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/te/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/uk/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/zh_CN/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%share/locale/zh_TW/LC_MESSAGES/pam_krb5.mo
|
||||
%%NLS%%@dirrmtry share/locale/as/LC_MESSAGES
|
||||
%%NLS%%@dirrmtry share/locale/bn_IN/LC_MESSAGES
|
||||
%%NLS%%@dirrmtry share/locale/mr/LC_MESSAGES
|
||||
%%NLS%%@dirrmtry share/locale/sr@latin/LC_MESSAGES
|
||||
%%NLS%%@dirrmtry share/locale/te/LC_MESSAGES
|
||||
%%NLS%%@dirrmtry share/locale/as
|
||||
%%NLS%%@dirrmtry share/locale/bn_IN
|
||||
%%NLS%%@dirrmtry share/locale/mr
|
||||
%%NLS%%@dirrmtry share/locale/sr@latin
|
||||
%%NLS%%@dirrmtry share/locale/te
|
Loading…
Reference in a new issue