Add saslauthd as default general password checking daemon (replaces

pwcheck{_pam}). PR: ports/41653 Submitted by: "Scot W. Hetzel" <hetzels@westbend.net> (MAINTAINER)
svn path=/head/; revision=64513
2002-08-14 18:39:46 +00:00 · 2002-08-14 18:39:46 +00:00 · f1a8c6d8f3 · 2021-03-31 03:12:20 +00:00
commit f1a8c6d8f3
parent f8e954f21d
9 changed files with 159 additions and 27 deletions
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	cyrus-sasl
 PORTVERSION=	1.5.27
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \
 		http://www.surf.org.uk/downloads/ \
@ -42,7 +42,7 @@ MAN3=		sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \
 		sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \
 		sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \
 		sasl_setprop.3 sasl_usererr.3
-MAN8=		sasldblistusers.8 saslpasswd.8
+MAN8=		sasldblistusers.8 saslpasswd.8 saslauthd.8

 USE_AUTOMAKE_VER=14
 USE_LIBTOOL=	YES
@ -54,6 +54,8 @@ CONFIGURE_ARGS=	--sysconfdir=${PREFIX}/etc \
 		--includedir=${PREFIX}/include/sasl1 \
 		--enable-static \
 		--enable-login \
+		--with-saslauthd=/var/state/saslauthd1 \
+		--enable-auth-sasldb \
 		--with-pwcheck=/var/pwcheck \
 		--with-rc4=openssl

@ -68,8 +70,8 @@ SCRIPTS_ENV=	WRKDIRPREFIX="${WRKDIRPREFIX}" \
 		WITH_LDAP1="${WITH_LDAP1}" \
 		WITH_LDAP2="${WITH_LDAP2}"

-JAVADIR=	jdk1.3.1
-JAVALIBDIR=	${PREFIX}/${JAVADIR}/lib/i386/green_threads/
+JAVADIR?=	jdk1.3.1
+JAVALIBDIR?=	${PREFIX}/${JAVADIR}/lib/i386/green_threads/

 .if defined(KRB5_HOME) && exists(${KRB5_HOME})
 CONFIGURE_ARGS+=	--enable-gssapi=${KRB5_HOME}
@ -124,13 +126,15 @@ post-extract:
 pre-patch:
 	@(cd ${WRKSRC} && ${PATCH} -p1 < ${WRKDIR}/${LDAP_MYSQL_PATCH})

-# Fix sasldb name in pkg-install/deinstall scripts
+# Fix pkg-{install/deinstall/messages}
 post-patch:
 	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+		-e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
 		${.CURDIR}/pkg-install > ${PKGINSTALL}
 	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+		-e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
 		${.CURDIR}/pkg-deinstall > ${PKGDEINSTALL}
-	@${SED} -e "s;%%SASLDB%%;${SASLDB_NAME};g" \
+	@${SED} -e "s;%%PWCHECK_METHOD%%;${PWCHECK_METHOD};g" \
 		-e "s;%%PREFIX%%;${PREFIX};g" \
 		${.CURDIR}/pkg-message > ${PKGMESSAGE}
 .ifdef LDAP_MYSQL_MSG
@ -144,12 +148,19 @@ pre-configure:
 # Create Cyrus user and group
 pre-install:
 	@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+	@if [ -f ${PREFIX}/sbin/saslauthd ]; then \
+		mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
+	fi

 post-install:
 	@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
 		${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
 	@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
 	${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
+	@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \
+		${FILESDIR}/saslauthd.sh > ${PREFIX}/etc/rc.d/saslauthd1.sh
+	@${CHMOD} 755 ${PREFIX}/etc/rc.d/saslauthd1.sh
+	${INSTALL} -d -m 770 -o cyrus -g cyrus /var/state/saslauthd1
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 .for file in ${DOCS}
@ -162,6 +173,10 @@ post-install:
 	@${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR}
 	@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
 .endif
+	@mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
+	@if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \
+		mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
+	fi
 	@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 	@${CAT} ${PKGMESSAGE}

--- a/security/cyrus-sasl/files/patch-saslauthd::Makefile.am
+++ b/security/cyrus-sasl/files/patch-saslauthd::Makefile.am
@ -0,0 +1,11 @@
+--- saslauthd/Makefile.am.orig	Fri Mar 23 19:41:35 2001
+++ saslauthd/Makefile.am	Tue Aug 13 13:57:10 2002
+@@ -2,7 +2,7 @@
+ man_MANS	= saslauthd.8
+ 
+ saslauthd_SOURCES = saslauthd.c mechanisms.c globals.h mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c auth_getpwent.h auth_krb4.c auth_krb4.h auth_pam.c auth_pam.h auth_rimap.c auth_rimap.h auth_shadow.c auth_shadow.h auth_sia.c auth_sia.h
+-saslauthd_LDADD	= @SASL_KRB_LIB@
+saslauthd_LDADD	= @SASL_KRB_LIB@ @LIB_PAM@ @LIB_CRYPT@
+ 
+ INCLUDES	= -I$(top_srcdir)/include
+ EXTRA_DIST	= saslauthd.8
--- a/security/cyrus-sasl/files/pwcheck.sh
+++ b/security/cyrus-sasl/files/pwcheck.sh
@ -41,8 +41,7 @@ case "${sasl_pwcheck_enable}" in

 	    start)
 		if [ -x ${sasl_pwcheck_program} ] ; then
-		    ${sasl_pwcheck_program} &
-		    echo -n " pwcheck"
+		    ${sasl_pwcheck_program} && echo -n " pwcheck"
 		fi
 		;;

--- a/security/cyrus-sasl/files/saslauthd.sh
+++ b/security/cyrus-sasl/files/saslauthd.sh
@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+action=$1
+
+PREFIX=%%PREFIX%%
+
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+        if [ -r /etc/defaults/rc.conf ]; then
+                . /etc/defaults/rc.conf
+                source_rc_confs
+        elif [ -r /etc/rc.conf ]; then
+                . /etc/rc.conf
+        fi
+fi
+
+# The following sasl_saslauthd_* variables may be defined in rc.conf
+#
+# 	sasl_saslauthd1_enable  - Set to YES to enable saslauthd
+#				 Default: %%ENABLESASLAUTHD%%
+#
+#	sasl_saslauthd1_program - Path to saslauthd program
+#				 Default: ${PREFIX}/sbin/saslauthd1
+#
+#	sasl_saslauthd1_flags   - Flags to saslauthd program
+#				 Default: -a pam
+
+if [ -z "${sasl_saslauthd1_enable}" ]; then
+	sasl_saslauthd1_enable=%%ENABLESASLAUTHD%%
+fi
+
+if [ -z "${sasl_saslauthd1_program}" ]; then
+	sasl_saslauthd1_program=${PREFIX}/sbin/saslauthd1
+fi
+
+if [ -z "${sasl_saslauthd1_flags}" ]; then
+	sasl_saslauthd1_flags="-a pam"
+fi
+
+rc=0
+
+case "${sasl_saslauthd1_enable}" in
+    [Yy][Ee][Ss])
+	case "${action}" in
+
+	    start)
+		if [ -x ${sasl_saslauthd1_program} ] ; then
+		    ${sasl_saslauthd1_program} ${sasl_saslauthd1_flags} \
+			&& echo -n " saslauthd1"
+		fi
+		;;
+
+	    stop)
+		if [ -r /var/state/saslauthd1/mux.pid ]; then
+		    kill `cat /var/state/saslauthd1/mux.pid` && \
+			echo -n " saslauthd1"
+		    rm /var/state/saslauthd1/mux.pid
+		fi
+		;;
+
+	    *)
+		echo "usage: $0 {start|stop}" 1>&2
+		rc=64
+		;;
+	esac
+	;;
+    *)
+	rc=0
+	;;
+esac
+
+exit $rc
--- a/security/cyrus-sasl/pkg-deinstall
+++ b/security/cyrus-sasl/pkg-deinstall
@ -38,7 +38,7 @@ delete_user() {

 sendmail_conf() {
 	if [ -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then
-		echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp
+		echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp
 		if cmp -s ${PKG_PREFIX}/lib/sasl/Sendmail.conf ${PKG_PREFIX}/lib/sasl/Sendmail.conf.tmp; then
 			rm -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf
 		fi
--- a/security/cyrus-sasl/pkg-install
+++ b/security/cyrus-sasl/pkg-install
@ -67,12 +67,6 @@ create_user() {
 		fi
 		echo "*** Updated user \`${USER}'."
 	fi
-# Don't know why we need the daemon user in the cyrus group
-# hopefully this doesn't affect anyone. It's a leftover from
-# the pre-SASL cyrus-imapd server.
-#	if ! ${PW} group mod ${GROUP} -m daemon; then
-#		echo "*** can't add user \`daemon' to group \`${GROUP}'"
-#	fi
 }

 create_sasldb() {
@ -92,7 +86,7 @@ create_sasldb() {

 sendmail_conf() {
 	if [ ! -f ${PKG_PREFIX}/lib/sasl/Sendmail.conf ]; then
-		echo "pwcheck_method: pwcheck" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf
+		echo "pwcheck_method: %%PWCHECK_METHOD%%" > ${PKG_PREFIX}/lib/sasl/Sendmail.conf
 	fi
 }

--- a/security/cyrus-sasl/pkg-message
+++ b/security/cyrus-sasl/pkg-message
@ -1,12 +1,19 @@

-You may need to start the pwcheck daemon for authentication with
-the system password files:
+You may need to start the pwcheck or saslauthd daemon for authentication
+with the system password files:

 	%%PREFIX%%/etc/rc.d/pwcheck.sh start
+or
+	%%PREFIX%%/etc/rc.d/saslauthd1.sh start

 or you can use sasldb for authentication, to add users use:

 	saslpasswd -c username

-How to enable SMTP AUTH with system Sendmail 8.11 - Sendmail.README
+If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README
+
+NOTE: This port has been compiled with a default pwcheck_method of
+      %%PWCHECK_METHOD%%. Set sasl_pwcheck_method to %%PWCHECK_METHOD%%,
+      after installing the Cyrus-IMAPd 1.6.24 port.  You should also check
+      the %%PREFIX%%/lib/sasl/*.conf files for the correct pwcheck_method.

--- a/security/cyrus-sasl/pkg-plist
+++ b/security/cyrus-sasl/pkg-plist
@ -1,5 +1,9 @@
+@comment The following makes sure that the pwcheck and saslauthd
+@comment daemons are stopped before removing the files.
@unexec if [ -f /var/run/pwcheck.pid ] ; then %D/etc/rc.d/pwcheck.sh stop ; echo " stopped." ; fi
+@unexec if [ -f /var/state/saslauthd1/mux.pid ] ; then %D/etc/rc.d/saslauthd1.sh stop ; echo " stopped." ; fi
 etc/rc.d/pwcheck.sh
+etc/rc.d/saslauthd1.sh
 include/sasl1/hmac-md5.h
 include/sasl1/md5.h
 include/sasl1/md5global.h
@ -38,6 +42,7 @@ sbin/sasldblistusers
 sbin/saslpasswd
 sbin/pwcheck
 sbin/pwcheck_pam
+sbin/saslauthd1
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
@ -91,4 +96,11 @@ sbin/pwcheck_pam
@comment This file gets created by the pwcheck program
@unexec rm -f %D/pwcheck/pwcheck
@dirrm pwcheck
+@mode ug=rwx,o=
+@exec mkdir -p /var/state/saslauthd1
+@exec chown -R cyrus:cyrus state
+@exec chmod -R o= state
+@comment This file gets created by the state/saslauthd program
+@unexec rm -fr /var/state/saslauthd1
+@unexec rmdir /var/state
@cwd %%PREFIX%%
--- a/security/cyrus-sasl/scripts/configure.sasl
+++ b/security/cyrus-sasl/scripts/configure.sasl
@ -25,7 +25,7 @@ if [ "${BATCH}" ]; then
 		OPTIONS="${OPTIONS} \"OpenLDAP1\""
 	fi
 	if [ "${OPTIONS}" != "x" ]; then
-		OPTIONS="${OPTIONS} \"PWCHECK\""
+		OPTIONS="${OPTIONS} \"SASLAUTHD\""
 		set ${OPTIONS}
 	fi
 else
@ -65,8 +65,9 @@ JAVA		"JavaSASL [Experimental]" ${SET_JAVA} \
 MySQL		"MySQL password Authentication" ${SET_MYSQL} \
 OpenLDAP1	"OpenLDAP 1.x password Authentication" ${SET_LDAP1} \
 OpenLDAP2	"OpenLDAP 2.x password Authentication w/TLS" ${SET_LDAP2} \
-PWCHECK		"Use pwcheck for password Authentication" ON \
-PAMPWCHECK      "Use pwcheck_pam for password Authentication" OFF \
+PWCHECK		"Use pwcheck for password Authentication" OFF \
+PAMPWCHECK	"Use pwcheck_pam for password Authentication" OFF \
+SASLAUTHD	"Use saslauthd for password Authentication" ON \
 2> $tempfile

 	retval=$?
@ -172,6 +173,12 @@ while [ "$1" ]; do
 				PWCHECK=1
 			fi
 			;;
+		\"SASLAUTHD\")
+			if [ "$PWCHECK" ]; then
+				echo "SASLAUTHD is preferred over PWCHECK: Enabling saslauthd and disabling pwcheck in rc.d scripts" > /dev/stderr
+			fi
+			SASLAUTHD=1
+			;;
 		*)
 			echo "Invalid option(s): $*" > /dev/stderr
 			rm -f ${WRKDIRPREFIX}${REALCURDIR}/Makefile.inc
@ -181,12 +188,24 @@ while [ "$1" ]; do
 	shift
 done

-if [ "$PWCHECK" ]; then
-	echo "PWCHECK_SUB+=	-e \"s;%%ENABLEPWCHECK%%;yes;g\""
-else
-	echo "PWCHECK_SUB+=	-e \"s;%%PWCHECK%%;pwcheck;g\" \\"
-	echo "			-e \"s;%%ENABLEPWCHECK%%;no;g\""
+if [ ! "${PWCHECK}" ]; then
+	echo "PWCHECK_SUB+=	-e \"s;%%PWCHECK%%;pwcheck;g\""
 fi
+
+if [ "$SASLAUTHD" ]; then
+	echo "PWCHECK_SUB+=	-e \"s;%%ENABLEPWCHECK%%;no;g\""
+	echo "PWCHECK_METHOD=	saslauthd"
+	echo "SASLAUTHD_SUB+=	-e \"s;%%ENABLESASLAUTHD%%;yes;g\""
+else
+	if [ "$PWCHECK" ]; then
+		echo "PWCHECK_SUB+=	-e \"s;%%ENABLEPWCHECK%%;yes;g\""
+	else
+		echo "PWCHECK_SUB+=	-e \"s;%%ENABLEPWCHECK%%;no;g\""
+	fi
+	echo "PWCHECK_METHOD+=	pwcheck"
+	echo "SASLAUTHD_SUB+=	-e \"s;%%ENABLESASLAUTHD%%;no;g\""
+fi
+
 if [ ! "${DEFJAVA}" ]; then
 	echo "PLIST_SUB+=	JAVASASL=\"@comment \""
 fi