Date: 28 Sep 2003 09:08:45 -0000 From: Max Laier <max@love2party.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/57306: Update port: security/authpf - OpenBSD 3.4 authpf Message-ID: <20030928090845.29762.qmail@vampire.homelinux.org> Resent-Message-ID: <200309281010.h8SAAASM001212@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57306
>Category: ports
>Synopsis: Update port: security/authpf - OpenBSD 3.4 authpf
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 28 03:10:10 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Max Laier
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.1-RELEASE FreeBSD 5.1-RELEASE #1: Tue Aug 5 13:21:55 CEST 2003 mlaier@router.laiers.local:/usr/local/pfsys/freebsd/src/sys/i386/compile/SMP i386
>Description:
Port update after API change of PFIL_HOOKS in -current.
This depends on security/pf to be updated as well.
>How-To-Repeat:
>Fix:
--- authpf.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# authpf
# authpf/files
# authpf/files/patch-aa
# authpf/files/pathnames.h.sed
# authpf/Makefile
# authpf/distinfo
# authpf/pkg-install
# authpf/pkg-message
# authpf/pkg-plist
# authpf/pkg-descr
#
echo c - authpf
mkdir -p authpf > /dev/null 2>&1
echo c - authpf/files
mkdir -p authpf/files > /dev/null 2>&1
echo x - authpf/files/patch-aa
sed 's/^X//' >authpf/files/patch-aa << 'END-of-authpf/files/patch-aa'
X--- Makefile.orig Sat Sep 27 13:16:29 2003
X+++ Makefile Sat Sep 27 13:17:04 2003
X@@ -3,17 +3,10 @@
X #
X
X .if !make(install)
X-SUBDIR= libpcap
X+SUBDIR= libpcap pfctl
X .endif
X
X-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync
X+SUBDIR+= authpf
X
X .include "include/mk/util.mk"
X-
X-.if (ALTQ_SUPPORT) && (${ALTQ_SUPPORT} == "yes")
X-SUBDIR+= pfaltq
X-.endif
X-
X-SUBDIR+= pflogd tcpdump
X-
X .include <bsd.subdir.mk>
END-of-authpf/files/patch-aa
echo x - authpf/files/pathnames.h.sed
sed 's/^X//' >authpf/files/pathnames.h.sed << 'END-of-authpf/files/pathnames.h.sed'
X/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */
X
X/*
X * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca)
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X * notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X * notice, this list of conditions and the following disclaimer in the
X * documentation and/or other materials provided with the distribution.
X * 3. Neither the name of the author nor the names of contributors
X * may be used to endorse or promote products derived from this software
X * without specific prior written permission.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X */
X
X#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf"
X#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow"
X#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules"
X#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem"
X#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message"
X#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users"
X#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned"
X#define PATH_DEVFILE "/dev/pf"
X#define PATH_PIDFILE "/var/authpf"
X#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf"
END-of-authpf/files/pathnames.h.sed
echo x - authpf/Makefile
sed 's/^X//' >authpf/Makefile << 'END-of-authpf/Makefile'
X# New ports collection makefile for: authpf
X# Date created: 09 May 2003
X# Whom: Max Laier <max@love2party.net>
X#
X# $FreeBSD: ports/security/authpf/Makefile,v 1.9 2003/07/28 16:26:29 foxfair Exp $
X#
X
XPORTNAME= authpf
XPORTVERSION= 1.65
XCATEGORIES= security ipv6
XMASTER_SITES= http://pf4freebsd.love2party.net/
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XPKGNAMESUFFIX= -altq
X.endif
XDISTNAME= pf_freebsd_${PORTVERSION}
X
XMAINTAINER= max@love2party.net
XCOMMENT= Authentification shell for pf gateways
X
XRUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf
X.if defined(WITH_ALTQ) && (${WITH_ATLQ} == "yes")
XRUN_DEPENDS+= ${LOCALBASE}/modules/pfaltq.ko:${PORTSDIR}/security/pf
X.endif
X
XWRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION}
X
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
XIS_INTERACTIVE= yes
X.endif
X
XMAN8= authpf.8
X
XMANCOMPRESSED= maybe
X
XMAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes
X
XSRC_BASE?= /usr/src
X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
XSYS_ALTQ?= ${SRC_BASE}/sys.altq
XMAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
XPLIST_SUB+= WITH_ALTQ=""
X.else
XPLIST_SUB+= WITH_ALTQ="@comment "
X.endif
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 500000
XIGNORE= "Only for 5.0 and above"
X.endif
X
X.if !exists(${SRC_BASE}/sys/Makefile) && \
X (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile))
XIGNORE= "Kernel source files required"
X.endif
X
X.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
Xpre-fetch:
X @${ECHO_CMD} "======================================================="
X @${ECHO_CMD} "* If you have ALTQ support from: *"
X @${ECHO_CMD} "* http://www.nipsi.de/altq/index.html *"
X @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *"
X @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *"
X @${ECHO_CMD} "* *"
X @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
X @${ECHO_CMD} "* *"
X @${ECHO_CMD} "======================================================="
X @sleep 2
X.endif
X
Xpost-patch:
X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \
X ${WRKSRC}/authpf/pathnames.h
X
Xpre-su-install:
X.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
X @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
X.endif
X
Xpost-install:
X ${MKDIR} ${PREFIX}/etc/authpf
X ${MKDIR} ${PREFIX}/etc/authpf/users
X ${MKDIR} ${PREFIX}/etc/authpf/banned
X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-authpf/Makefile
echo x - authpf/distinfo
sed 's/^X//' >authpf/distinfo << 'END-of-authpf/distinfo'
XMD5 (pf_freebsd_1.65.tar.gz) = 6956f275a7b971ab07f4ee8e0bdd83e0
END-of-authpf/distinfo
echo x - authpf/pkg-install
sed 's/^X//' >authpf/pkg-install << 'END-of-authpf/pkg-install'
X#!/bin/sh
X# an installation script for pf_freebsd copied from Wnn6
X
Xcheck_pw()
X{
X if which -s pw; then
X :
X else
X cat <<EOF
X
XThis system looks like a pre-2.2 version of FreeBSD. We see that it
Xis missing the "pw" utility. We need this utility. Please get and
Xinstall it, and try again. You can get the source from:
X
X ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
X
XEOF
X exit 1
X fi
X}
X
Xask() {
X local question default answer
X
X question=$1
X default=$2
X if [ -z "${PACKAGE_BUILDING}" ]; then
X read -p "${question} (y/n) [${default}]? " answer
X fi
X if [ x${answer} = x ]; then
X answer=${default}
X fi
X echo ${answer}
X}
X
Xyesno() {
X local dflt question answer
X
X question=$1
X dflt=$2
X while :; do
X answer=$(ask "${question}" "${dflt}")
X case "${answer}" in
X [Yy]*) return 0;;
X [Nn]*) return 1;;
X esac
X echo "Please answer yes or no."
X done
X}
X
Xcheck_group() {
X local name id
X
X name=$1
X id=$2
X #check
X # We need a command 'pw(8)'
X check_pw
X if pw groupshow -n $name > /dev/null ; then
X return 0
X fi
X if pw groupadd -g $id -n $name -N -q ; then
X echo ""
X echo "You need a group '$name' whose ID number is $id"
X if yesno "Would you like to create it automatically?" y; then
X pw groupadd -g $id -n $name
X return 0
X fi
X fi
X echo ""
X echo "I was not able to add group '$name:*:63:' as pw reported:"
X pw groupadd -g $id -n $name -N
X echo "Please correct this and try again!"
X echo ""
X return 1
X}
X
Xcase $2 in
XPRE-INSTALL)
X
X if ! check_group authpf 63 ; then
X exit 1
X fi
X ;;
Xesac
END-of-authpf/pkg-install
echo x - authpf/pkg-message
sed 's/^X//' >authpf/pkg-message << 'END-of-authpf/pkg-message'
X===========================================================================
XPlease note that authpf requires suid bit! Take a look at the man page NOW
Xauthpf(8) and create the following files according to your needs:
X
X %%PREFIX%%/etc/authpf/authpf.conf
X %%PREFIX%%/etc/authpf/authpf.allow
X %%PREFIX%%/etc/authpf/authpf.rules
X %%PREFIX%%/etc/authpf/authpf.message
X %%PREFIX%%/etc/authpf/authpf.problem
X
X===========================================================================
END-of-authpf/pkg-message
echo x - authpf/pkg-plist
sed 's/^X//' >authpf/pkg-plist << 'END-of-authpf/pkg-plist'
X@group authpf
X@owner root
X@mode 6555
Xsbin/authpf
X@group
X@owner
X@mode
X
X@dirrm etc/authpf/users
X@dirrm etc/authpf/banned
X@dirrm etc/authpf
X
END-of-authpf/pkg-plist
echo x - authpf/pkg-descr
sed 's/^X//' >authpf/pkg-descr << 'END-of-authpf/pkg-descr'
XThis is an authentification shell that can change pf filterrules according
Xto the authentificated user. You will need a working installation of pf
Xand sshd as interconnect. For more information see http://www.OpenBSD.org/
X
XWWW: http://pf4freebsd.love2party.net/
X
X-Max <reports@pf4freebsd.love2party.net>
END-of-authpf/pkg-descr
exit
--- authpf.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030928090845.29762.qmail>