Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D7B216A4BF for ; Sun, 28 Sep 2003 03:10:12 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC36143FF5 for ; Sun, 28 Sep 2003 03:10:10 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8SAAAFY001213 for ; Sun, 28 Sep 2003 03:10:10 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8SAAASM001212; Sun, 28 Sep 2003 03:10:10 -0700 (PDT) (envelope-from gnats) Resent-Date: Sun, 28 Sep 2003 03:10:10 -0700 (PDT) Resent-Message-Id: <200309281010.h8SAAASM001212@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Max Laier Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0466E16A4B3 for ; Sun, 28 Sep 2003 03:06:11 -0700 (PDT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id D54504400D for ; Sun, 28 Sep 2003 03:06:09 -0700 (PDT) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A3YRN-0002rP-00 for FreeBSD-gnats-submit@freebsd.org; Sun, 28 Sep 2003 12:06:09 +0200 Received: from [217.227.149.114] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1A3YRM-0000vs-00 for FreeBSD-gnats-submit@freebsd.org; Sun, 28 Sep 2003 12:06:08 +0200 Received: (qmail 29763 invoked by uid 1001); 28 Sep 2003 09:08:45 -0000 Message-Id: <20030928090845.29762.qmail@vampire.homelinux.org> Date: 28 Sep 2003 09:08:45 -0000 From: Max Laier To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/57306: Update port: security/authpf - OpenBSD 3.4 authpf X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Max Laier List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Sep 2003 10:10:12 -0000 >Number: 57306 >Category: ports >Synopsis: Update port: security/authpf - OpenBSD 3.4 authpf >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Sep 28 03:10:10 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Max Laier >Release: FreeBSD 5.1-RELEASE i386 >Organization: >Environment: System: FreeBSD router.laiers.local 5.1-RELEASE FreeBSD 5.1-RELEASE #1: Tue Aug 5 13:21:55 CEST 2003 mlaier@router.laiers.local:/usr/local/pfsys/freebsd/src/sys/i386/compile/SMP i386 >Description: Port update after API change of PFIL_HOOKS in -current. This depends on security/pf to be updated as well. >How-To-Repeat: >Fix: --- authpf.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # authpf # authpf/files # authpf/files/patch-aa # authpf/files/pathnames.h.sed # authpf/Makefile # authpf/distinfo # authpf/pkg-install # authpf/pkg-message # authpf/pkg-plist # authpf/pkg-descr # echo c - authpf mkdir -p authpf > /dev/null 2>&1 echo c - authpf/files mkdir -p authpf/files > /dev/null 2>&1 echo x - authpf/files/patch-aa sed 's/^X//' >authpf/files/patch-aa << 'END-of-authpf/files/patch-aa' X--- Makefile.orig Sat Sep 27 13:16:29 2003 X+++ Makefile Sat Sep 27 13:17:04 2003 X@@ -3,17 +3,10 @@ X # X X .if !make(install) X-SUBDIR= libpcap X+SUBDIR= libpcap pfctl X .endif X X-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync X+SUBDIR+= authpf X X .include "include/mk/util.mk" X- X-.if (ALTQ_SUPPORT) && (${ALTQ_SUPPORT} == "yes") X-SUBDIR+= pfaltq X-.endif X- X-SUBDIR+= pflogd tcpdump X- X .include END-of-authpf/files/patch-aa echo x - authpf/files/pathnames.h.sed sed 's/^X//' >authpf/files/pathnames.h.sed << 'END-of-authpf/files/pathnames.h.sed' X/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */ X X/* X * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca) X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that the following conditions X * are met: X * 1. Redistributions of source code must retain the above copyright X * notice, this list of conditions and the following disclaimer. X * 2. Redistributions in binary form must reproduce the above copyright X * notice, this list of conditions and the following disclaimer in the X * documentation and/or other materials provided with the distribution. X * 3. Neither the name of the author nor the names of contributors X * may be used to endorse or promote products derived from this software X * without specific prior written permission. X * X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X * SUCH DAMAGE. X */ X X#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf" X#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow" X#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules" X#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem" X#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message" X#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users" X#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned" X#define PATH_DEVFILE "/dev/pf" X#define PATH_PIDFILE "/var/authpf" X#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf" END-of-authpf/files/pathnames.h.sed echo x - authpf/Makefile sed 's/^X//' >authpf/Makefile << 'END-of-authpf/Makefile' X# New ports collection makefile for: authpf X# Date created: 09 May 2003 X# Whom: Max Laier X# X# $FreeBSD: ports/security/authpf/Makefile,v 1.9 2003/07/28 16:26:29 foxfair Exp $ X# X XPORTNAME= authpf XPORTVERSION= 1.65 XCATEGORIES= security ipv6 XMASTER_SITES= http://pf4freebsd.love2party.net/ X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") XPKGNAMESUFFIX= -altq X.endif XDISTNAME= pf_freebsd_${PORTVERSION} X XMAINTAINER= max@love2party.net XCOMMENT= Authentification shell for pf gateways X XRUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf X.if defined(WITH_ALTQ) && (${WITH_ATLQ} == "yes") XRUN_DEPENDS+= ${LOCALBASE}/modules/pfaltq.ko:${PORTSDIR}/security/pf X.endif X XWRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION} X X.if !defined(BATCH) && !defined(PACKAGE_BUILDING) XIS_INTERACTIVE= yes X.endif X XMAN8= authpf.8 X XMANCOMPRESSED= maybe X XMAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes X XSRC_BASE?= /usr/src X.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") XSYS_ALTQ?= ${SRC_BASE}/sys.altq XMAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}" XPLIST_SUB+= WITH_ALTQ="" X.else XPLIST_SUB+= WITH_ALTQ="@comment " X.endif X X.include X X.if ${OSVERSION} < 500000 XIGNORE= "Only for 5.0 and above" X.endif X X.if !exists(${SRC_BASE}/sys/Makefile) && \ X (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)) XIGNORE= "Kernel source files required" X.endif X X.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") Xpre-fetch: X @${ECHO_CMD} "=======================================================" X @${ECHO_CMD} "* If you have ALTQ support from: *" X @${ECHO_CMD} "* http://www.nipsi.de/altq/index.html *" X @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *" X @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *" X @${ECHO_CMD} "* *" X @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *" X @${ECHO_CMD} "* *" X @${ECHO_CMD} "=======================================================" X @sleep 2 X.endif X Xpost-patch: X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \ X ${WRKSRC}/authpf/pathnames.h X Xpre-su-install: X.if !defined(BATCH) && !defined(PACKAGE_BUILDING) X @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL X.endif X Xpost-install: X ${MKDIR} ${PREFIX}/etc/authpf X ${MKDIR} ${PREFIX}/etc/authpf/users X ${MKDIR} ${PREFIX}/etc/authpf/banned X ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE} X X.include END-of-authpf/Makefile echo x - authpf/distinfo sed 's/^X//' >authpf/distinfo << 'END-of-authpf/distinfo' XMD5 (pf_freebsd_1.65.tar.gz) = 6956f275a7b971ab07f4ee8e0bdd83e0 END-of-authpf/distinfo echo x - authpf/pkg-install sed 's/^X//' >authpf/pkg-install << 'END-of-authpf/pkg-install' X#!/bin/sh X# an installation script for pf_freebsd copied from Wnn6 X Xcheck_pw() X{ X if which -s pw; then X : X else X cat < /dev/null ; then X return 0 X fi X if pw groupadd -g $id -n $name -N -q ; then X echo "" X echo "You need a group '$name' whose ID number is $id" X if yesno "Would you like to create it automatically?" y; then X pw groupadd -g $id -n $name X return 0 X fi X fi X echo "" X echo "I was not able to add group '$name:*:63:' as pw reported:" X pw groupadd -g $id -n $name -N X echo "Please correct this and try again!" X echo "" X return 1 X} X Xcase $2 in XPRE-INSTALL) X X if ! check_group authpf 63 ; then X exit 1 X fi X ;; Xesac END-of-authpf/pkg-install echo x - authpf/pkg-message sed 's/^X//' >authpf/pkg-message << 'END-of-authpf/pkg-message' X=========================================================================== XPlease note that authpf requires suid bit! Take a look at the man page NOW Xauthpf(8) and create the following files according to your needs: X X %%PREFIX%%/etc/authpf/authpf.conf X %%PREFIX%%/etc/authpf/authpf.allow X %%PREFIX%%/etc/authpf/authpf.rules X %%PREFIX%%/etc/authpf/authpf.message X %%PREFIX%%/etc/authpf/authpf.problem X X=========================================================================== END-of-authpf/pkg-message echo x - authpf/pkg-plist sed 's/^X//' >authpf/pkg-plist << 'END-of-authpf/pkg-plist' X@group authpf X@owner root X@mode 6555 Xsbin/authpf X@group X@owner X@mode X X@dirrm etc/authpf/users X@dirrm etc/authpf/banned X@dirrm etc/authpf X END-of-authpf/pkg-plist echo x - authpf/pkg-descr sed 's/^X//' >authpf/pkg-descr << 'END-of-authpf/pkg-descr' XThis is an authentification shell that can change pf filterrules according Xto the authentificated user. You will need a working installation of pf Xand sshd as interconnect. For more information see http://www.OpenBSD.org/ X XWWW: http://pf4freebsd.love2party.net/ X X-Max END-of-authpf/pkg-descr exit --- authpf.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: