1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Functional changes:

- Add a SASL port option

  - Fix the KERBEROS ports option - it was a no-op, setting a
    configure flag which modifies how Kerberos was used without
    setting the flag that actually enables it.

  - Use GSSAPI instead of $ENV{KRB5CCNAME} to set the credential
    cache.  The latter pollutes the unsuspecting application's
    environment and does not always work (for instance, it breaks when
    nss_ldap is invoked from OpenSSH, although I haven't quite
    determined why)

  - Add patches to support Heimdal in addition to MIT Kerberos.  Note
    that I tried to ensure that the code is unchanged in the
    non-Heimdal case, but that I have no way of testing with MIT
    Kerberos.

  With the above changes, I have successfully configured a FreeBSD 9.2
  server to authenticate users against a Microsoft Windows 2012 Active
  Directory server.

Non-functional changes:

  - Modernize and stagify

  - Remove text in pkg-message about a change that was made ten years ago

  - Take maintainership as current maintainer has been AWOL for 2+ years

  - Bump PORTREVISION

Approved by:	maintainer hasn't been heard of for 2+ years
This commit is contained in:
Dag-Erling Smørgrav 2014-01-14 14:19:05 +00:00
parent c2e1cd79f8
commit 8e584a521a
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=339687
6 changed files with 124 additions and 31 deletions

View File

@ -3,13 +3,13 @@
PORTNAME= nss_ldap
PORTVERSION= 1.${NSS_LDAP_VERSION}
PORTREVISION= 7
PORTREVISION= 8
CATEGORIES= net
MASTER_SITES= http://www.padl.com/download/ \
LOCAL/martymac
DISTNAME= ${PORTNAME}-${NSS_LDAP_VERSION}
MAINTAINER= mikeg@bsd-box.net
MAINTAINER= des@FreeBSD.org
COMMENT= RFC 2307 NSS module
LICENSE= GPLv2
@ -24,11 +24,13 @@ AUTOMAKE_ARGS= --add-missing
USE_LDCONFIG= yes
USE_OPENLDAP= yes
OPTIONS_DEFINE= LCLASS KERBEROS
OPTIONS_DEFINE= LCLASS KERBEROS SASL
OPTIONS_DEFAULT=LCLASS KERBEROS
LCLASS_DESC= Enable login classes via the loginClass attribute
SASL_DESC= Use the SASL-enabled version of OpenLDAP
CPPFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib -Wl,-rpath,${LOCALBASE}/lib
@ -41,17 +43,21 @@ MAN5= nss_ldap.5
SUB_FILES= pkg-message
NO_STAGE= yes
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MKERBEROS}
CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-env
CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-gssapi \
--enable-configurable-krb5-keytab
.endif
.if ${PORT_OPTIONS:MLCLASS}
CFLAGS+="-DHAVE_LOGIN_CLASSES"
.endif
.if ${PORT_OPTIONS:MSASL}
WANT_OPENLDAP_SASL = YES
.endif
post-extract:
${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
@ -73,16 +79,8 @@ post-configure:
@${ECHO} "#define HAVE_RESOLV_H 1" >> ${WRKSRC}/config.h
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/nss_ldap.so ${PREFIX}/lib/nss_ldap.so.1
${INSTALL_DATA} ${WRKSRC}/ldap.conf ${PREFIX}/etc/nss_ldap.conf.sample
${INSTALL_MAN} ${WRKSRC}/${MAN5} ${MAN5PREFIX}/man/man5
post-install:
@if [ ! -f ${PREFIX}/etc/nss_ldap.conf ]; then \
${CP} -pv ${PREFIX}/etc/nss_ldap.conf.sample ${PREFIX}/etc/nss_ldap.conf ; \
fi
.if !defined(PACKAGE_BUILDING)
@${CAT} ${PKGMESSAGE}
.endif
${INSTALL_PROGRAM} ${WRKSRC}/nss_ldap.so ${STAGEDIR}/${PREFIX}/lib/nss_ldap.so.1
${INSTALL_DATA} ${WRKSRC}/ldap.conf ${STAGEDIR}/${PREFIX}/etc/nss_ldap.conf.sample
${INSTALL_MAN} ${WRKSRC}/${MAN5} ${STAGEDIR}/${MAN5PREFIX}/man/man5
.include <bsd.port.mk>

View File

@ -1,6 +1,6 @@
--- configure.in.orig 2007-10-29 06:30:12.000000000 -0700
+++ configure.in 2008-09-26 20:38:20.000000000 -0700
@@ -96,11 +96,15 @@
--- configure.in.orig
+++ configure.in
@@ -97,11 +97,15 @@
linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
esac
@ -16,7 +16,7 @@
AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD")
@@ -152,7 +156,6 @@
@@ -153,7 +157,6 @@
aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
*) AC_CHECK_HEADERS(nss.h)
@ -24,7 +24,21 @@
AC_CHECK_HEADERS(irs.h) ;;
esac
AC_CHECK_HEADERS(thread.h)
@@ -227,7 +230,6 @@
@@ -188,6 +191,13 @@
AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h)
AC_CHECK_HEADERS(krb5.h)
+AC_MSG_CHECKING([if Kerberos is Heimdal])
+AC_TRY_LINK([#include <krb5.h>],
+ [const char hv = heimdal_version;],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL,1,[Define if Kerberos is Heimdal])],
+ [AC_MSG_RESULT(no)])
+
AC_CHECK_LIB(resolv, main)
AC_CHECK_LIB(nsl, main)
AC_CHECK_LIB(socket, main)
@@ -230,7 +240,6 @@
AC_CHECK_FUNCS(gethostbyname)
AC_CHECK_FUNCS(nsdispatch)
AC_CHECK_LIB(pthread_nonshared, main)

View File

@ -0,0 +1,62 @@
--- ldap-init-krb5-cache.c.orig
+++ ldap-init-krb5-cache.c
@@ -109,6 +109,10 @@
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX 1024
+#endif
+
#define MAX_RENEW_TIME "365d"
#define KT_PATH_MAX 256
@@ -213,14 +217,25 @@
{
krb5_error_code code = 0;
krb5_keytab __keytab;
+#ifdef HEIMDAL
+ char kttypebuf[KRB5_KT_PREFIX_MAX_LEN];
+ size_t kttypesize = sizeof kttypebuf;
+#endif
+ char *kttype;
debug ("==> krb5_cache_kt_is_accessible: ktname %s", __ktname);
assert (context != NULL);
if (!(code = krb5_kt_resolve (context, __ktname, &__keytab)))
{
+#ifdef HEIMDAL
+ krb5_kt_get_type (context, __keytab, kttypebuf, kttypesize);
+ kttype = kttypebuf;
+#else
+ kttype = krb5_kt_get_type (context, __keytab);
+#endif
debug ("==> krb5_cache_kt_is_accessible: resolved ktname %s - %s",
- __ktname, krb5_kt_get_type (context, __keytab));
- if (strcmp ("FILE", krb5_kt_get_type (context, __keytab)) == 0)
+ __ktname, kttype);
+ if (strcmp ("FILE", kttype) == 0)
{
debug ("==> krb5_cache_kt_is_accessible: kt type = FILE");
uid_t ruid = getuid ();
@@ -542,7 +557,7 @@
}
profile_release (profile);
#else
- skew = context->max_skew;
+ /* skew = context->max_skew; */
#endif
ccname = krb5_cache_get_ccname (config);
debug ("==> krb5_cache_setup: credential cache name %s",
@@ -671,7 +686,11 @@
ccname ? ccname : "NULL");
}
}
+#ifdef HEIMDAL
+ free (principal_name);
+#else
krb5_free_unparsed_name (context, principal_name);
+#endif
}
}

View File

@ -1,5 +1,5 @@
--- ldap-nss.c.orig Sat May 27 16:23:40 2006
+++ ldap-nss.c Sat May 27 16:23:52 2006
--- ldap-nss.c.orig
+++ ldap-nss.c
@@ -69,7 +69,7 @@
#endif
@ -9,3 +9,18 @@
#include <sasl/sasl.h>
#elif defined(HAVE_SASL_H)
#include <sasl.h>
@@ -78,11 +78,11 @@
#ifndef HAVE_SNPRINTF
#include "snprintf.h"
#endif
-#ifdef HAVE_GSSAPI_H
-#include <gssapi.h>
-#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
#endif
#ifdef CONFIGURE_KRB5_CCNAME
#include <krb5.h>

View File

@ -0,0 +1,12 @@
--- ldap-nss.h.orig
+++ ldap-nss.h
@@ -923,6 +923,8 @@
int _nss_ldap_get_ld_errno (char **m, char **s);
#ifdef CONFIGURE_KRB5_KEYTAB
-int do_init_krb5_cache(ldap_config_t *config);
+int do_init_krb5_cache (ldap_config_t *config);
+int do_select_krb5_cache (ldap_config_t * config);
+int do_restore_krb5_cache (ldap_config_t * config);
#endif /* CONFIGURE_KRB5_KEYTAB */
#endif /* _LDAP_NSS_LDAP_LDAP_NSS_H */

View File

@ -4,12 +4,4 @@ following paths:
LDAP configuration: %%PREFIX%%/etc/nss_ldap.conf
LDAP secret (optional): %%PREFIX%%/etc/nss_ldap.secret
WARNING: For users of previous versions of this port:
WARNING:
WARNING: Previous versions of this port expected configuration files
WARNING: to be located at /etc/ldap.conf and /etc/ldap.secret. You
WARNING: may need to move these configuration files to their new
WARNING: location specified above.
=====================================================================