From owner-freebsd-ports@FreeBSD.ORG Sun Mar 6 03:56:03 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 725231065670; Sun, 6 Mar 2011 03:56:03 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lauren.room52.net (lauren.room52.net [210.50.193.198]) by mx1.freebsd.org (Postfix) with ESMTP id CC4BB8FC23; Sun, 6 Mar 2011 03:56:02 +0000 (UTC) Received: from lawrence1.loshell.room52.net (ppp59-167-184-191.static.internode.on.net [59.167.184.191]) by lauren.room52.net (Postfix) with ESMTPSA id 68D067E922; Sun, 6 Mar 2011 14:56:00 +1100 (EST) Message-ID: <4D7305C5.5040709@freebsd.org> Date: Sun, 06 Mar 2011 14:55:49 +1100 From: Lawrence Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-AU; rv:1.9.2.13) Gecko/20101214 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Ashish SHUKLA References: <4D44FD91.7070607@freebsd.org> <86r5buec8e.fsf@chateau.d.if> <4D45F219.6070207@freebsd.org> <86ipx5esde.fsf@chateau.d.if> In-Reply-To: <86ipx5esde.fsf@chateau.d.if> Content-Type: multipart/mixed; boundary="------------010305030507060809090602" X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lauren.room52.net Cc: freebsd-ports@freebsd.org Subject: Re: Adding a PAM config option to net-im/ejabberd X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Mar 2011 03:56:03 -0000 This is a multi-part message in MIME format. --------------010305030507060809090602 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 01/31/11 13:09, Ashish SHUKLA wrote: > Lawrence Stewart writes: >> On 01/31/11 00:45, Ashish SHUKLA wrote: >>> Hi Lawrence, >>> >>> Lawrence Stewart writes: >>>> Hi Ashish, >>> >>>> What do you think about applying the attached patch to the ejabberd >>>> port? It installs some parts required to allow ejabberd to auth against >>>> PAM and is working great for me. >>> >>> Sure, I can apply it, once ports freeze is over. I also need to update >>> ejabberd. I'll do both together. > >> Sounds good, thanks. One question: in order to get PAM auth working, you >> have to set uid root on the epam bits and chown them appropriately in >> order to allow things to work. Should the port installation process do >> these steps as well or should we leave them to the user? I would be >> inclined to have the port do them so that upgrading the port doesn't >> break PAM auth after the upgrade. We would want to print a big warning >> at the end of the port install about the set uid security aspects though. > > Thanks for the mention, I suggest adding mention of setuid bit in the > description of the OPTION. And ofcourse port is going to set the setuid bit > during installation. > > And `security-check' target in bsd.port.mk will catch the setuid bit set on > the installed executable, and will inform the user as well. So, adding a > warning about setuid bit be redundant, IMHO. Updated patch attached. Feel like committing it for me? Cheers, Lawrence --------------010305030507060809090602 Content-Type: text/plain; name="ejabberd_withpam.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ejabberd_withpam.patch" LS0tIE1ha2VmaWxlLm9yaWcJMjAxMC0xMC0yNSAwODo1NTowNC4wMDAwMDAwMDAgKzExMDAK KysrIE1ha2VmaWxlCTIwMTEtMDMtMDYgMTQ6NDc6MjcuMDAwMDAwMDAwICsxMTAwCkBAIC0y Myw3ICsyMyw4IEBACiBVU0VfUkNfU1VCUj0JJHtQT1JUTkFNRX0KIE5PUFJFQ0lPVVNNQUtF VkFSUz0JeWVzCiAKLU9QVElPTlM9CU9EQkMJIkVuYWJsZSBPREJDIHN1cHBvcnQiCQlvZmYK K09QVElPTlM9CU9EQkMJIkVuYWJsZSBPREJDIHN1cHBvcnQiCQkJb2ZmIFwKKwkJUEFNCSJF bmFibGUgc2V0dWlkIFBBTSBhdXRoIHN1cHBvcnQiCW9mZgogCiBNQUtFX0VOVj0JUE9SVFZF UlNJT049JHtQT1JUVkVSU0lPTn0KIENPTkZJR1VSRV9BUkdTKz0tLWxvY2Fsc3RhdGVkaXI9 L3ZhcgpAQCAtNTUsNiArNTYsMTMgQEAKIFBMSVNUX1NVQis9CU9EQkM9IkBjb21tZW50ICIK IC5lbmRpZgogCisuaWYgZGVmaW5lZChXSVRIX1BBTSkKK0NPTkZJR1VSRV9BUkdTKz0tLWVu YWJsZS1wYW0KK1BMSVNUX1NVQis9CVBBTT0iIgorLmVsc2UKK1BMSVNUX1NVQis9CVBBTT0i QGNvbW1lbnQgIgorLmVuZGlmCisKIC5pZiBkZWZpbmVkKE5PUE9SVERPQ1MpCiBNQUtFX0FS R1MrPQlOT1BPUlRET0NTPSR7Tk9QT1JURE9DU30KIC5lbmRpZgpAQCAtNjcsNiArNzUsMTIg QEAKIAkke0ZJTkR9ICR7UFJFRklYfS9saWIvZXJsYW5nL2xpYi8ke0RJU1ROQU1FfSAtdHlw ZSBmIC1wcmludDAgfCAke1hBUkdTfSAtMCAke0NITU9EfSAke1NIQVJFTU9ERX0KIAkke0ZJ TkR9ICR7UFJFRklYfS9saWIvZXJsYW5nL2xpYi8ke0RJU1ROQU1FfSAtdHlwZSBmIC1wcmlu dDAgfCAke1hBUkdTfSAtMCAke0NIT1dOfSAke1NIQVJFT1dOfToke1NIQVJFR1JQfQogCisu aWYgZGVmaW5lZChXSVRIX1BBTSkKKwkke0NITU9EfSA0NzUwICR7UFJFRklYfS9saWIvZXJs YW5nL2xpYi8ke0RJU1ROQU1FfS9wcml2L2Jpbi9lcGFtCisJJHtDSE9XTn0gcm9vdDplamFi YmVyZCAke1BSRUZJWH0vbGliL2VybGFuZy9saWIvJHtESVNUTkFNRX0vcHJpdi9iaW4vZXBh bQorCSR7SU5TVEFMTH0gLW0gNDQ0ICR7RklMRVNESVJ9L3BhbV9lamFiYmVyZCAke1BSRUZJ WH0vZXRjL3BhbS5kL2VqYWJiZXJkCisuZW5kaWYKKwogCUAke0NBVH0gJHtQS0dNRVNTQUdF fQogCiAuaW5jbHVkZSA8YnNkLnBvcnQucG9zdC5taz4KLS0tIHBrZy1wbGlzdC5vcmlnCTIw MTAtMTAtMDEgMDI6MjI6MTUuMDAwMDAwMDAwICsxMDAwCisrKyBwa2ctcGxpc3QJMjAxMS0w My0wNiAxNDoxNjo1MC4wMDAwMDAwMDAgKzExMDAKQEAgLTU4LDYgKzU4LDkgQEAKICUlT0RC QyUlbGliL2VybGFuZy9saWIvJSVQT1JUTkFNRSUlLSUlUE9SVFZFUlNJT04lJS9lYmluLyUl UE9SVE5BTUUlJV9vZGJjLmJlYW0KICUlT0RCQyUlbGliL2VybGFuZy9saWIvJSVQT1JUTkFN RSUlLSUlUE9SVFZFUlNJT04lJS9lYmluLyUlUE9SVE5BTUUlJV9vZGJjX3N1cC5iZWFtCiAl JU9EQkMlJWxpYi9lcmxhbmcvbGliLyUlUE9SVE5BTUUlJS0lJVBPUlRWRVJTSU9OJSUvZWJp bi9vZGJjX3F1ZXJpZXMuYmVhbQorJSVQQU0lJWxpYi9lcmxhbmcvbGliLyUlUE9SVE5BTUUl JS0lJVBPUlRWRVJTSU9OJSUvZWJpbi9lcGFtLmJlYW0KKyUlUEFNJSVsaWIvZXJsYW5nL2xp Yi8lJVBPUlROQU1FJSUtJSVQT1JUVkVSU0lPTiUlL3ByaXYvYmluL2VwYW0KKyUlUEFNJSVl dGMvcGFtLmQvZWphYmJlcmQKIGxpYi9lcmxhbmcvbGliLyUlUE9SVE5BTUUlJS0lJVBPUlRW RVJTSU9OJSUvZWJpbi9keW5hbWljX2NvbXBpbGUuYmVhbQogbGliL2VybGFuZy9saWIvJSVQ T1JUTkFNRSUlLSUlUE9SVFZFUlNJT04lJS9lYmluL2VqYWJiZXJkX2NhcHRjaGEuYmVhbQog bGliL2VybGFuZy9saWIvJSVQT1JUTkFNRSUlLSUlUE9SVFZFUlNJT04lJS9lYmluL2VqYWJi ZXJkX2NvbW1hbmRzLmJlYW0KLS0tIGZpbGVzL3BhbV9lamFiYmVyZC5vcmlnCTIwMTEtMDMt MDYgMTM6MDA6MTUuMDAwMDAwMDAwICsxMTAwCisrKyBmaWxlcy9wYW1fZWphYmJlcmQJMjAx MS0wMy0wNiAxNDo0NToxMS4wMDAwMDAwMDAgKzExMDAKQEAgLTAsMCArMSw2IEBACisjCisj IFBBTSBjb25maWd1cmF0aW9uIGZvciB0aGUgImVqYWJiZXJkIiBzZXJ2aWNlCisjCisKKyMg YXV0aAorYXV0aAkJcmVxdWlyZWQJcGFtX3VuaXguc28JCW5vX3dhcm4gdHJ5X2ZpcnN0X3Bh c3MK --------------010305030507060809090602--