Date: Mon, 23 Feb 2004 16:01:29 -0600 (CST) From: "Scot W. Hetzel" <freebsd-maintainer@westbend.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/63289: Fix startup scripts to not override settings found in /etc/rc.conf upon startup. Message-ID: <200402232201.i1NM1TnH056786@database.westbend.net> Resent-Message-ID: <200402232210.i1NMAM9W073582@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63289
>Category: ports
>Synopsis: Fix startup scripts to not override settings found in /etc/rc.conf upon startup.
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 23 14:10:22 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Scot W. Hetzel
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
West Bend Internet
>Environment:
System: FreeBSD database.westbend.net 5.2-CURRENT FreeBSD 5.2-CURRENT #2: Thu Feb 19 15:24:02 CST 2004 root@database.westbend.net:/usr/obj/usr/src/C/sys/WB-SMP i386
>Description:
When booting a system, the saslauthd1.sh and pwcheck.sh scripts may
may fail to start, due to the rc.conf script is only sourced once upon
booting the system.
Update Sendmail.README to include instructions on how to test
that all the SASL Mechs are working.
Also, take back maintainership of the port.
>How-To-Repeat:
Install the port, then reboot the system.
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v
retrieving revision 1.53
diff -u -r1.53 Makefile
--- Makefile 22 Feb 2004 02:16:43 -0000 1.53
+++ Makefile 23 Feb 2004 21:41:19 -0000
@@ -10,7 +10,7 @@
PORTREVISION= 2
CATEGORIES= security ipv6
-MAINTAINER= ports@FreeBSD.org
+MAINTAINER= FreeBSD-Maintainer@westbend.net
COMMENT= RFC 2222 SASL (Simple Authentication and Security Layer)
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \
Index: files/Sendmail.README
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/Sendmail.README,v
retrieving revision 1.9
diff -u -r1.9 Sendmail.README
--- files/Sendmail.README 6 May 2003 12:32:13 -0000 1.9
+++ files/Sendmail.README 23 Feb 2004 21:40:22 -0000
@@ -72,3 +72,119 @@
The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
are using cyrus-imapd and sendmail on the same server that requires access
to the sasldb database.
+
+----
+
+To test Authentication with the sendmail server:
+
+ You'll need to install the following PERL ports:
+ converters/p5-MIME-Base64
+ security/p5-Digest-MD5
+ security/p5-Digest-HMAC
+
+ Then use one of the following procedures to test:
+
+ A. PLAIN Mech:
+ 1. Create your Base64 encoded username/password.
+
+ #perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'
+ dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
+
+ 2. telnet to port 25 of your sendmail server
+
+ 3. send "EHLO <client.host.name>"
+ a. check for "250-AUTH *" in the response
+ b. check that the PLAIN mech is listed.
+
+ 4. Send "AUTH PLAIN <Base64 username/password>"
+
+ AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
+
+ you should now see the following response from the server:
+
+ 235 Authentication successful
+
+ 5. Type "QUIT" to close the telnet session to sendmail.
+
+ B. LOGIN Mech:
+ 1. Create your Base64 encoded username and password.
+
+ #perl -MMIME::Base64 -e 'print encode_base64("username");'
+ dXNlcm5hbWU=
+ #perl -MMIME::Base64 -e 'print encode_base64("password");'
+ cGFzc3dvcmQ=
+
+ 2. telnet to port 25 of your sendmail server
+
+ 3. send "EHLO <client.host.name>"
+ a. check for "250-AUTH *" in the response
+ b. check that the LOGIN mech is listed.
+
+ 4. Send "AUTH LOGIN", then the base64 encoded username and passwords.
+
+ C: AUTH LOGIN
+ S: 334 VXNlcm5hbWU6 (base64 encoded "Username:")
+ C: dXNlcm5hbWU=
+ S: 334 UGFzc3dvcmQ6 (base64 encode "Password:")
+ C: cGFzc3dvcmQ=
+ S: 235 2.0.0 OK Authenticated
+
+ 5. Type "QUIT" to close the telnet session to sendmail.
+
+ C. DIGEST-MD5 Mech:
+
+ 1. telnet to port 25 of your sendmail server
+
+ 2. send "EHLO <client.host.name>"
+ a. check for "250-AUTH *" in the response
+ b. check that the DIGEST-MD5 mech is listed.
+
+ 3. Send "AUTH DIGEST-MD5"
+
+ C: AUTH DIGEST-MD5
+ S: 334 ?
+
+ 4. Calculate the DIGEST-MD5 response (use another telnet, ssh, or X Window)
+
+ ?
+
+ 5. Send the DIGEST-MD5 response to the server.
+
+ C: ?
+ S: 235 2.0.0 OK Authenticated
+
+ 6. Type "QUIT" to close the telnet session to sendmail.
+
+ D. CRAM-MD5 Mech:
+
+ 1. telnet to port 25 of your sendmail server
+
+ 2. send "EHLO <client.host.name>"
+ a. check for "250-AUTH *" in the response
+ b. check that the CRAM-MD5 mech is listed.
+
+ 3. Send "AUTH CRAM-MD5"
+
+ C: AUTH CRAM-MD5
+ S: 334 PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
+ (base64 encoded timestamp and hostname)
+
+ 4. Calculate the CRAM-MD5 response (use another telnet, ssh, or X Window)
+
+ perl '-MDigest::HMAC_MD5 qw(hmac_md5 hmac_md5_hex)' -MMIME::Base64 \
+ -e 'print encode_base64("username " . hmac_md5_hex(decode_base64("<ticket>"),"password"));'
+
+ The "<ticket>" is the response received from the server in step 3.
+
+ (i.e. PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+)
+
+ Using the above ticket our CRAM-MD5 response is:
+
+ dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ=
+
+ 5. Send the CRAM-MD5 response to the server.
+
+ C: dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ=
+ S: 235 2.0.0 OK Authenticated
+
+ 6. Type "QUIT" to close the telnet session to sendmail.
Index: files/pwcheck.sh
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/pwcheck.sh,v
retrieving revision 1.9
diff -u -r1.9 pwcheck.sh
--- files/pwcheck.sh 27 Aug 2003 04:38:36 -0000 1.9
+++ files/pwcheck.sh 23 Feb 2004 21:22:25 -0000
@@ -8,9 +8,6 @@
# BEFORE: mail imap
# KEYWORD: FreeBSD shutdown
#
-# NOTE for FreeBSD 5.0+:
-# If you want this script to start with the base rc scripts
-# move cyrus_pwcheck.sh to /etc/rc.d/cyrus_pwcheck
prefix=%%PREFIX%%
@@ -19,11 +16,12 @@
# /etc/rc.conf.local
# /etc/rc.conf.d/cyrus_pwcheck
#
-# DO NOT CHANGE THESE DEFAULT VALUES HERE
-#
-cyrus_pwcheck_enable="%%ENABLE_PWCHECK%%" # Enable pwcheck daemon
-cyrus_pwcheck_program="${prefix}/sbin/%%PWCHECK%%" # pwcheck program to use
- # (pwcheck/pwcheck_pam)
+# DO NOT CHANGE THE DEFAULT VALUES HERE
+
+cyrus_pwcheck_enable=${cyrus_pwcheck_enable:-"%%ENABLE_PWCHECK%%"}
+
+# pwcheck program to use (pwcheck/pwcheck_pam)
+cyrus_pwcheck_program=${cyrus_pwcheck_program:-"${prefix}/sbin/%%PWCHECK%%"}
. %%RC_SUBR%%
Index: files/saslauthd.sh
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/saslauthd.sh,v
retrieving revision 1.4
diff -u -r1.4 saslauthd.sh
--- files/saslauthd.sh 27 Aug 2003 04:38:36 -0000 1.4
+++ files/saslauthd.sh 23 Feb 2004 21:21:45 -0000
@@ -8,9 +8,6 @@
# BEFORE: mail imap
# KEYWORD: FreeBSD shutdown
#
-# NOTE for FreeBSD 5.0+:
-# If you want this script to start with the base rc scripts
-# move saslauthd1.sh to /etc/rc.d/saslauthd1
prefix=%%PREFIX%%
@@ -19,11 +16,10 @@
# /etc/rc.conf.local
# /etc/rc.conf.d/saslauthd1
#
-# DO NOT CHANGE THESE DEFAULT VALUES HERE
-#
-saslauthd1_enable="%%ENABLE_SASLAUTHD%%" # Enable saslauthd
-#saslauthd1_program="${prefix}/sbin/saslauthd1" # Location of saslauthd1
-saslauthd1_flags="-a pam" # Flags to saslauthd program
+# DO NOT CHANGE THE DEFAULT VALUES HERE
+
+saslauthd1_enable=${saslauthd1_enable:-"%%ENABLE_SASLAUTHD%%"}
+saslauthd1_flags=${saslauthd1_flags:-"-a pam}
. %%RC_SUBR%%
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402232201.i1NM1TnH056786>