From owner-freebsd-ports@freebsd.org Wed Feb 24 02:54:31 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C93AAB10CD for ; Wed, 24 Feb 2016 02:54:31 +0000 (UTC) (envelope-from amonk@backwatcher.com) Received: from mail.backwatcher.com (mail.backwatcher.com [104.238.223.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.backwatcher.com", Issuer "Let's Encrypt Authority X1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 64F8B13DD; Wed, 24 Feb 2016 02:54:30 +0000 (UTC) (envelope-from amonk@backwatcher.com) Received: from envy.sec.gnutec.com (d216-232-204-79.bchsia.telus.net [216.232.204.79]) (authenticated) by mail.backwatcher.com (MYOB) via MTA with ESMTPSA id u1O2PKmJ015525; Tue, 23 Feb 2016 18:25:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=backwatcher.com; s=dkim; t=1456280725; bh=/7KJqoD07wPlHP6BdZoAHpZGRP3s0+5mnw5fjzvVtOo=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type; b=Sy/xHkFeKFSbh0mat4ewpG3NAC0LmJZbFx2RlWqLNGSOyfEQGqwN7EvECqda4VTqz VuPu2hsaEseHMayHXiHr1B1Pq3ymAurDmNnx5oF7ShcvG5c2qe3gXyDOTpDQxYwYAs 9+WXZXjVu9Gwuq8nllxQ8mFtSlZy3XvghvF4OQmo= Date: Tue, 23 Feb 2016 18:25:05 -0800 From: Kyle Amon To: ume@freebsd.org, freebsd-ports@freebsd.org Subject: SRP support for the cyrus-sasl-2.1.26_12 port Message-ID: <20160223182505.066765fb@envy.sec.gnutec.com> Organization: BackWatcher, Inc. MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/uCjk_EKNRbg5pOTftyJrRGa"; protocol="application/pgp-signature" X-milter-spamd: ham (-3.0/5.0 ALL_TRUSTED, BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2016 02:54:31 -0000 --Sig_/uCjk_EKNRbg5pOTftyJrRGa Content-Type: multipart/mixed; boundary="MP_/iQQpGVh4AoqS50z.x+6W7JJ" --MP_/iQQpGVh4AoqS50z.x+6W7JJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, I added support for SRP (including srp-setpass [so saslpasswd2 can store srp salts and verifiers in the sasl password database too, if so desired]) to the cyrus-sasl-2.1.26_12 port. Two small patch files are attached. Please consider applying them (or something very similar) so that FreeBSD's cyrus-sasl port can support SRP "out of the box." SRP is and excellent, secure authentication method, support for it has long existed in cyrus-sasl, and that support should be easily obtainable by FreeBSD's users. Help make the net a more secure place. :) Best Regards, --Kyle P.S. I'm not on the freebsd-ports mailing list, FYI. --=20 CA +1-778-819-UNIX BackWatcher, Inc. US +1-425-584-UNIX Information Security Solutions SIP amonk@backwatcher.com www.backwatcher.com INUM +883-5100-0990-1657 / ISN UNIX*1917 / C*NET 1-731-UNIX GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8] 985C 5B61 4ACE C89A 0DEE ECCD F570 91DB D60F BBB8 rsa4096/CF001165F36E1CAB [rsa4096/F36E1CAB] 6050 05B7 9FF1 CC21 3F00 CEBB CF00 1165 F36E 1CAB OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : amonk@backwatcher.com 5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silcnet --MP_/iQQpGVh4AoqS50z.x+6W7JJ Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=Makefile.patch --- Makefile.dist 2016-02-23 07:06:03.323811000 -0800 +++ Makefile 2016-02-23 07:22:56.047782000 -0800 @@ -40,13 +40,13 @@ =20 NO_OPTIONS_SORT=3D yes OPTIONS_DEFINE=3D ALWAYSTRUE AUTHDAEMOND DOCS KEEP_DB_OPEN \ - OBSOLETE_CRAM_ATTR BDB MYSQL PGSQL + OBSOLETE_CRAM_ATTR BDB MYSQL PGSQL SRP-SETPASS OPTIONS_RADIO=3D SQLITE OPTIONS_RADIO_SQLITE=3D SQLITE2 SQLITE3 OPTIONS_GROUP=3D MECH -OPTIONS_GROUP_MECH=3D CRAM DIGEST LOGIN NTLM OTP PLAIN SCRAM +OPTIONS_GROUP_MECH=3D CRAM DIGEST LOGIN NTLM OTP PLAIN SCRAM SRP OPTIONS_DEFAULT=3D AUTHDAEMOND OBSOLETE_CRAM_ATTR CRAM DIGEST \ - LOGIN NTLM OTP PLAIN SCRAM + LOGIN NTLM OTP PLAIN SCRAM SRP SRP-SETPASS OPTIONS_SUB=3D yes ALWAYSTRUE_DESC=3D the alwaystrue password verifier ALWAYSTRUE_CONFIGURE_ENABLE=3Dalwaystrue @@ -90,6 +90,10 @@ PLAIN_CONFIGURE_ENABLE=3D plain SCRAM_DESC=3D SCRAM authentication SCRAM_CONFIGURE_ENABLE=3D scram +SRP_DESC=3D SRP authentication +SRP_CONFIGURE_ENABLE=3D srp +SRP-SETPASS_DESC=3D enable srp-setpass +SRP-SETPASS_CONFIGURE_ENABLE=3D srp-setpass =20 .include =20 --MP_/iQQpGVh4AoqS50z.x+6W7JJ Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=pkg-plist.patch --- pkg-plist.dist 2016-02-23 08:01:04.584010000 -0800 +++ pkg-plist 2016-02-23 07:45:31.537829000 -0800 @@ -55,6 +55,11 @@ %%PLAIN%%lib/sasl2/libplain.so %%PLAIN%%lib/sasl2/libplain.so.3 %%PLAIN%%lib/sasl2/libplain.so.3.0.0 +%%SRP%%lib/sasl2/libsrp.a +%%SRP%%lib/sasl2/libsrp.la +%%SRP%%lib/sasl2/libsrp.so +%%SRP%%lib/sasl2/libsrp.so.3 +%%SRP%%lib/sasl2/libsrp.so.3.0.0 lib/sasl2/libsasldb.a lib/sasl2/libsasldb.la lib/sasl2/libsasldb.so --MP_/iQQpGVh4AoqS50z.x+6W7JJ-- --Sig_/uCjk_EKNRbg5pOTftyJrRGa Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iF4EARYKAAYFAlbNFIEACgkQ9XCR29YPu7i0WgEAvhru3UUDa+C1nQwSB0710K/N AaXqvgOsPWNw23mIY7cA/35C6XiuukaM9UHcOMMx/K4J49RoUt/g4S1IzLzegZME =oWYn -----END PGP SIGNATURE----- --Sig_/uCjk_EKNRbg5pOTftyJrRGa--