mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-23 04:23:08 +00:00
Functional changes:
- Add a SASL port option - Fix the KERBEROS ports option - it was a no-op, setting a configure flag which modifies how Kerberos was used without setting the flag that actually enables it. - Use GSSAPI instead of $ENV{KRB5CCNAME} to set the credential cache. The latter pollutes the unsuspecting application's environment and does not always work (for instance, it breaks when nss_ldap is invoked from OpenSSH, although I haven't quite determined why) - Add patches to support Heimdal in addition to MIT Kerberos. Note that I tried to ensure that the code is unchanged in the non-Heimdal case, but that I have no way of testing with MIT Kerberos. With the above changes, I have successfully configured a FreeBSD 9.2 server to authenticate users against a Microsoft Windows 2012 Active Directory server. Non-functional changes: - Modernize and stagify - Remove text in pkg-message about a change that was made ten years ago - Take maintainership as current maintainer has been AWOL for 2+ years - Bump PORTREVISION Approved by: maintainer hasn't been heard of for 2+ years
This commit is contained in:
parent
c2e1cd79f8
commit
8e584a521a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=339687
@ -3,13 +3,13 @@
|
||||
|
||||
PORTNAME= nss_ldap
|
||||
PORTVERSION= 1.${NSS_LDAP_VERSION}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= http://www.padl.com/download/ \
|
||||
LOCAL/martymac
|
||||
DISTNAME= ${PORTNAME}-${NSS_LDAP_VERSION}
|
||||
|
||||
MAINTAINER= mikeg@bsd-box.net
|
||||
MAINTAINER= des@FreeBSD.org
|
||||
COMMENT= RFC 2307 NSS module
|
||||
|
||||
LICENSE= GPLv2
|
||||
@ -24,11 +24,13 @@ AUTOMAKE_ARGS= --add-missing
|
||||
USE_LDCONFIG= yes
|
||||
USE_OPENLDAP= yes
|
||||
|
||||
OPTIONS_DEFINE= LCLASS KERBEROS
|
||||
OPTIONS_DEFINE= LCLASS KERBEROS SASL
|
||||
OPTIONS_DEFAULT=LCLASS KERBEROS
|
||||
|
||||
LCLASS_DESC= Enable login classes via the loginClass attribute
|
||||
|
||||
SASL_DESC= Use the SASL-enabled version of OpenLDAP
|
||||
|
||||
CPPFLAGS+= -I${LOCALBASE}/include
|
||||
LDFLAGS+= -L${LOCALBASE}/lib -Wl,-rpath,${LOCALBASE}/lib
|
||||
|
||||
@ -41,17 +43,21 @@ MAN5= nss_ldap.5
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
NO_STAGE= yes
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${PORT_OPTIONS:MKERBEROS}
|
||||
CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-env
|
||||
CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-gssapi \
|
||||
--enable-configurable-krb5-keytab
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MLCLASS}
|
||||
CFLAGS+="-DHAVE_LOGIN_CLASSES"
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MSASL}
|
||||
WANT_OPENLDAP_SASL = YES
|
||||
.endif
|
||||
|
||||
post-extract:
|
||||
${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
|
||||
|
||||
@ -73,16 +79,8 @@ post-configure:
|
||||
@${ECHO} "#define HAVE_RESOLV_H 1" >> ${WRKSRC}/config.h
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/nss_ldap.so ${PREFIX}/lib/nss_ldap.so.1
|
||||
${INSTALL_DATA} ${WRKSRC}/ldap.conf ${PREFIX}/etc/nss_ldap.conf.sample
|
||||
${INSTALL_MAN} ${WRKSRC}/${MAN5} ${MAN5PREFIX}/man/man5
|
||||
|
||||
post-install:
|
||||
@if [ ! -f ${PREFIX}/etc/nss_ldap.conf ]; then \
|
||||
${CP} -pv ${PREFIX}/etc/nss_ldap.conf.sample ${PREFIX}/etc/nss_ldap.conf ; \
|
||||
fi
|
||||
.if !defined(PACKAGE_BUILDING)
|
||||
@${CAT} ${PKGMESSAGE}
|
||||
.endif
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/nss_ldap.so ${STAGEDIR}/${PREFIX}/lib/nss_ldap.so.1
|
||||
${INSTALL_DATA} ${WRKSRC}/ldap.conf ${STAGEDIR}/${PREFIX}/etc/nss_ldap.conf.sample
|
||||
${INSTALL_MAN} ${WRKSRC}/${MAN5} ${STAGEDIR}/${MAN5PREFIX}/man/man5
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,6 +1,6 @@
|
||||
--- configure.in.orig 2007-10-29 06:30:12.000000000 -0700
|
||||
+++ configure.in 2008-09-26 20:38:20.000000000 -0700
|
||||
@@ -96,11 +96,15 @@
|
||||
--- configure.in.orig
|
||||
+++ configure.in
|
||||
@@ -97,11 +97,15 @@
|
||||
linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
|
||||
*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
|
||||
esac
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD")
|
||||
|
||||
@@ -152,7 +156,6 @@
|
||||
@@ -153,7 +157,6 @@
|
||||
aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
|
||||
hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
|
||||
*) AC_CHECK_HEADERS(nss.h)
|
||||
@ -24,7 +24,21 @@
|
||||
AC_CHECK_HEADERS(irs.h) ;;
|
||||
esac
|
||||
AC_CHECK_HEADERS(thread.h)
|
||||
@@ -227,7 +230,6 @@
|
||||
@@ -188,6 +191,13 @@
|
||||
AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h)
|
||||
AC_CHECK_HEADERS(krb5.h)
|
||||
|
||||
+AC_MSG_CHECKING([if Kerberos is Heimdal])
|
||||
+AC_TRY_LINK([#include <krb5.h>],
|
||||
+ [const char hv = heimdal_version;],
|
||||
+ [AC_MSG_RESULT(yes)
|
||||
+ AC_DEFINE(HEIMDAL,1,[Define if Kerberos is Heimdal])],
|
||||
+ [AC_MSG_RESULT(no)])
|
||||
+
|
||||
AC_CHECK_LIB(resolv, main)
|
||||
AC_CHECK_LIB(nsl, main)
|
||||
AC_CHECK_LIB(socket, main)
|
||||
@@ -230,7 +240,6 @@
|
||||
AC_CHECK_FUNCS(gethostbyname)
|
||||
AC_CHECK_FUNCS(nsdispatch)
|
||||
AC_CHECK_LIB(pthread_nonshared, main)
|
||||
|
62
net/nss_ldap/files/patch-ldap-init-krb5-cache.c
Normal file
62
net/nss_ldap/files/patch-ldap-init-krb5-cache.c
Normal file
@ -0,0 +1,62 @@
|
||||
--- ldap-init-krb5-cache.c.orig
|
||||
+++ ldap-init-krb5-cache.c
|
||||
@@ -109,6 +109,10 @@
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <gssapi/gssapi_krb5.h>
|
||||
|
||||
+#ifndef HOST_NAME_MAX
|
||||
+#define HOST_NAME_MAX 1024
|
||||
+#endif
|
||||
+
|
||||
#define MAX_RENEW_TIME "365d"
|
||||
|
||||
#define KT_PATH_MAX 256
|
||||
@@ -213,14 +217,25 @@
|
||||
{
|
||||
krb5_error_code code = 0;
|
||||
krb5_keytab __keytab;
|
||||
+#ifdef HEIMDAL
|
||||
+ char kttypebuf[KRB5_KT_PREFIX_MAX_LEN];
|
||||
+ size_t kttypesize = sizeof kttypebuf;
|
||||
+#endif
|
||||
+ char *kttype;
|
||||
|
||||
debug ("==> krb5_cache_kt_is_accessible: ktname %s", __ktname);
|
||||
assert (context != NULL);
|
||||
if (!(code = krb5_kt_resolve (context, __ktname, &__keytab)))
|
||||
{
|
||||
+#ifdef HEIMDAL
|
||||
+ krb5_kt_get_type (context, __keytab, kttypebuf, kttypesize);
|
||||
+ kttype = kttypebuf;
|
||||
+#else
|
||||
+ kttype = krb5_kt_get_type (context, __keytab);
|
||||
+#endif
|
||||
debug ("==> krb5_cache_kt_is_accessible: resolved ktname %s - %s",
|
||||
- __ktname, krb5_kt_get_type (context, __keytab));
|
||||
- if (strcmp ("FILE", krb5_kt_get_type (context, __keytab)) == 0)
|
||||
+ __ktname, kttype);
|
||||
+ if (strcmp ("FILE", kttype) == 0)
|
||||
{
|
||||
debug ("==> krb5_cache_kt_is_accessible: kt type = FILE");
|
||||
uid_t ruid = getuid ();
|
||||
@@ -542,7 +557,7 @@
|
||||
}
|
||||
profile_release (profile);
|
||||
#else
|
||||
- skew = context->max_skew;
|
||||
+ /* skew = context->max_skew; */
|
||||
#endif
|
||||
ccname = krb5_cache_get_ccname (config);
|
||||
debug ("==> krb5_cache_setup: credential cache name %s",
|
||||
@@ -671,7 +686,11 @@
|
||||
ccname ? ccname : "NULL");
|
||||
}
|
||||
}
|
||||
+#ifdef HEIMDAL
|
||||
+ free (principal_name);
|
||||
+#else
|
||||
krb5_free_unparsed_name (context, principal_name);
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- ldap-nss.c.orig Sat May 27 16:23:40 2006
|
||||
+++ ldap-nss.c Sat May 27 16:23:52 2006
|
||||
--- ldap-nss.c.orig
|
||||
+++ ldap-nss.c
|
||||
@@ -69,7 +69,7 @@
|
||||
#endif
|
||||
|
||||
@ -9,3 +9,18 @@
|
||||
#include <sasl/sasl.h>
|
||||
#elif defined(HAVE_SASL_H)
|
||||
#include <sasl.h>
|
||||
@@ -78,11 +78,11 @@
|
||||
#ifndef HAVE_SNPRINTF
|
||||
#include "snprintf.h"
|
||||
#endif
|
||||
-#ifdef HAVE_GSSAPI_H
|
||||
-#include <gssapi.h>
|
||||
-#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
|
||||
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <gssapi/gssapi_krb5.h>
|
||||
+#elif defined(HAVE_GSSAPI_H)
|
||||
+#include <gssapi.h>
|
||||
#endif
|
||||
#ifdef CONFIGURE_KRB5_CCNAME
|
||||
#include <krb5.h>
|
||||
|
12
net/nss_ldap/files/patch-ldap-nss.h
Normal file
12
net/nss_ldap/files/patch-ldap-nss.h
Normal file
@ -0,0 +1,12 @@
|
||||
--- ldap-nss.h.orig
|
||||
+++ ldap-nss.h
|
||||
@@ -923,6 +923,8 @@
|
||||
int _nss_ldap_get_ld_errno (char **m, char **s);
|
||||
|
||||
#ifdef CONFIGURE_KRB5_KEYTAB
|
||||
-int do_init_krb5_cache(ldap_config_t *config);
|
||||
+int do_init_krb5_cache (ldap_config_t *config);
|
||||
+int do_select_krb5_cache (ldap_config_t * config);
|
||||
+int do_restore_krb5_cache (ldap_config_t * config);
|
||||
#endif /* CONFIGURE_KRB5_KEYTAB */
|
||||
#endif /* _LDAP_NSS_LDAP_LDAP_NSS_H */
|
@ -4,12 +4,4 @@ following paths:
|
||||
|
||||
LDAP configuration: %%PREFIX%%/etc/nss_ldap.conf
|
||||
LDAP secret (optional): %%PREFIX%%/etc/nss_ldap.secret
|
||||
|
||||
|
||||
WARNING: For users of previous versions of this port:
|
||||
WARNING:
|
||||
WARNING: Previous versions of this port expected configuration files
|
||||
WARNING: to be located at /etc/ldap.conf and /etc/ldap.secret. You
|
||||
WARNING: may need to move these configuration files to their new
|
||||
WARNING: location specified above.
|
||||
=====================================================================
|
||||
|
Loading…
Reference in New Issue
Block a user