From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Feb 23 14:10:23 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BAF316A4D4 for ; Mon, 23 Feb 2004 14:10:23 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1135443D1D for ; Mon, 23 Feb 2004 14:10:23 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i1NMAMbv073583 for ; Mon, 23 Feb 2004 14:10:22 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1NMAM9W073582; Mon, 23 Feb 2004 14:10:22 -0800 (PST) (envelope-from gnats) Resent-Date: Mon, 23 Feb 2004 14:10:22 -0800 (PST) Resent-Message-Id: <200402232210.i1NMAM9W073582@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Scot W. Hetzel" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 206A916A4CE for ; Mon, 23 Feb 2004 14:02:05 -0800 (PST) Received: from database.westbend.net (database.westbend.net [65.114.87.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB4FA43D1D for ; Mon, 23 Feb 2004 14:02:04 -0800 (PST) (envelope-from admin@database.westbend.net) Received: from database.westbend.net (localhost [127.0.0.1]) i1NM1UNq056787 for ; Mon, 23 Feb 2004 16:01:32 -0600 (CST) (envelope-from admin@database.westbend.net) Received: (from root@localhost) by database.westbend.net (8.12.11/8.12.11/Submit) id i1NM1TnH056786; Mon, 23 Feb 2004 16:01:29 -0600 (CST) (envelope-from admin) Message-Id: <200402232201.i1NM1TnH056786@database.westbend.net> Date: Mon, 23 Feb 2004 16:01:29 -0600 (CST) From: "Scot W. Hetzel" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/63289: Fix startup scripts to not override settings found in /etc/rc.conf upon startup. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Scot W. Hetzel" List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 22:10:23 -0000 >Number: 63289 >Category: ports >Synopsis: Fix startup scripts to not override settings found in /etc/rc.conf upon startup. >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Feb 23 14:10:22 PST 2004 >Closed-Date: >Last-Modified: >Originator: Scot W. Hetzel >Release: FreeBSD 5.2-CURRENT i386 >Organization: West Bend Internet >Environment: System: FreeBSD database.westbend.net 5.2-CURRENT FreeBSD 5.2-CURRENT #2: Thu Feb 19 15:24:02 CST 2004 root@database.westbend.net:/usr/obj/usr/src/C/sys/WB-SMP i386 >Description: When booting a system, the saslauthd1.sh and pwcheck.sh scripts may may fail to start, due to the rc.conf script is only sourced once upon booting the system. Update Sendmail.README to include instructions on how to test that all the SASL Mechs are working. Also, take back maintainership of the port. >How-To-Repeat: Install the port, then reboot the system. >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v retrieving revision 1.53 diff -u -r1.53 Makefile --- Makefile 22 Feb 2004 02:16:43 -0000 1.53 +++ Makefile 23 Feb 2004 21:41:19 -0000 @@ -10,7 +10,7 @@ PORTREVISION= 2 CATEGORIES= security ipv6 -MAINTAINER= ports@FreeBSD.org +MAINTAINER= FreeBSD-Maintainer@westbend.net COMMENT= RFC 2222 SASL (Simple Authentication and Security Layer) DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ Index: files/Sendmail.README =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/Sendmail.README,v retrieving revision 1.9 diff -u -r1.9 Sendmail.README --- files/Sendmail.README 6 May 2003 12:32:13 -0000 1.9 +++ files/Sendmail.README 23 Feb 2004 21:40:22 -0000 @@ -72,3 +72,119 @@ The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb database. + +---- + +To test Authentication with the sendmail server: + + You'll need to install the following PERL ports: + converters/p5-MIME-Base64 + security/p5-Digest-MD5 + security/p5-Digest-HMAC + + Then use one of the following procedures to test: + + A. PLAIN Mech: + 1. Create your Base64 encoded username/password. + + #perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");' + dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= + + 2. telnet to port 25 of your sendmail server + + 3. send "EHLO " + a. check for "250-AUTH *" in the response + b. check that the PLAIN mech is listed. + + 4. Send "AUTH PLAIN " + + AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= + + you should now see the following response from the server: + + 235 Authentication successful + + 5. Type "QUIT" to close the telnet session to sendmail. + + B. LOGIN Mech: + 1. Create your Base64 encoded username and password. + + #perl -MMIME::Base64 -e 'print encode_base64("username");' + dXNlcm5hbWU= + #perl -MMIME::Base64 -e 'print encode_base64("password");' + cGFzc3dvcmQ= + + 2. telnet to port 25 of your sendmail server + + 3. send "EHLO " + a. check for "250-AUTH *" in the response + b. check that the LOGIN mech is listed. + + 4. Send "AUTH LOGIN", then the base64 encoded username and passwords. + + C: AUTH LOGIN + S: 334 VXNlcm5hbWU6 (base64 encoded "Username:") + C: dXNlcm5hbWU= + S: 334 UGFzc3dvcmQ6 (base64 encode "Password:") + C: cGFzc3dvcmQ= + S: 235 2.0.0 OK Authenticated + + 5. Type "QUIT" to close the telnet session to sendmail. + + C. DIGEST-MD5 Mech: + + 1. telnet to port 25 of your sendmail server + + 2. send "EHLO " + a. check for "250-AUTH *" in the response + b. check that the DIGEST-MD5 mech is listed. + + 3. Send "AUTH DIGEST-MD5" + + C: AUTH DIGEST-MD5 + S: 334 ? + + 4. Calculate the DIGEST-MD5 response (use another telnet, ssh, or X Window) + + ? + + 5. Send the DIGEST-MD5 response to the server. + + C: ? + S: 235 2.0.0 OK Authenticated + + 6. Type "QUIT" to close the telnet session to sendmail. + + D. CRAM-MD5 Mech: + + 1. telnet to port 25 of your sendmail server + + 2. send "EHLO " + a. check for "250-AUTH *" in the response + b. check that the CRAM-MD5 mech is listed. + + 3. Send "AUTH CRAM-MD5" + + C: AUTH CRAM-MD5 + S: 334 PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+ + (base64 encoded timestamp and hostname) + + 4. Calculate the CRAM-MD5 response (use another telnet, ssh, or X Window) + + perl '-MDigest::HMAC_MD5 qw(hmac_md5 hmac_md5_hex)' -MMIME::Base64 \ + -e 'print encode_base64("username " . hmac_md5_hex(decode_base64(""),"password"));' + + The "" is the response received from the server in step 3. + + (i.e. PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+) + + Using the above ticket our CRAM-MD5 response is: + + dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ= + + 5. Send the CRAM-MD5 response to the server. + + C: dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ= + S: 235 2.0.0 OK Authenticated + + 6. Type "QUIT" to close the telnet session to sendmail. Index: files/pwcheck.sh =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/pwcheck.sh,v retrieving revision 1.9 diff -u -r1.9 pwcheck.sh --- files/pwcheck.sh 27 Aug 2003 04:38:36 -0000 1.9 +++ files/pwcheck.sh 23 Feb 2004 21:22:25 -0000 @@ -8,9 +8,6 @@ # BEFORE: mail imap # KEYWORD: FreeBSD shutdown # -# NOTE for FreeBSD 5.0+: -# If you want this script to start with the base rc scripts -# move cyrus_pwcheck.sh to /etc/rc.d/cyrus_pwcheck prefix=%%PREFIX%% @@ -19,11 +16,12 @@ # /etc/rc.conf.local # /etc/rc.conf.d/cyrus_pwcheck # -# DO NOT CHANGE THESE DEFAULT VALUES HERE -# -cyrus_pwcheck_enable="%%ENABLE_PWCHECK%%" # Enable pwcheck daemon -cyrus_pwcheck_program="${prefix}/sbin/%%PWCHECK%%" # pwcheck program to use - # (pwcheck/pwcheck_pam) +# DO NOT CHANGE THE DEFAULT VALUES HERE + +cyrus_pwcheck_enable=${cyrus_pwcheck_enable:-"%%ENABLE_PWCHECK%%"} + +# pwcheck program to use (pwcheck/pwcheck_pam) +cyrus_pwcheck_program=${cyrus_pwcheck_program:-"${prefix}/sbin/%%PWCHECK%%"} . %%RC_SUBR%% Index: files/saslauthd.sh =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/saslauthd.sh,v retrieving revision 1.4 diff -u -r1.4 saslauthd.sh --- files/saslauthd.sh 27 Aug 2003 04:38:36 -0000 1.4 +++ files/saslauthd.sh 23 Feb 2004 21:21:45 -0000 @@ -8,9 +8,6 @@ # BEFORE: mail imap # KEYWORD: FreeBSD shutdown # -# NOTE for FreeBSD 5.0+: -# If you want this script to start with the base rc scripts -# move saslauthd1.sh to /etc/rc.d/saslauthd1 prefix=%%PREFIX%% @@ -19,11 +16,10 @@ # /etc/rc.conf.local # /etc/rc.conf.d/saslauthd1 # -# DO NOT CHANGE THESE DEFAULT VALUES HERE -# -saslauthd1_enable="%%ENABLE_SASLAUTHD%%" # Enable saslauthd -#saslauthd1_program="${prefix}/sbin/saslauthd1" # Location of saslauthd1 -saslauthd1_flags="-a pam" # Flags to saslauthd program +# DO NOT CHANGE THE DEFAULT VALUES HERE + +saslauthd1_enable=${saslauthd1_enable:-"%%ENABLE_SASLAUTHD%%"} +saslauthd1_flags=${saslauthd1_flags:-"-a pam} . %%RC_SUBR%% >Release-Note: >Audit-Trail: >Unformatted: