From 90306dc1169ebdb5bbfc78e0d7adefd5e52694d9 Mon Sep 17 00:00:00 2001 From: Foxfair Hu Date: Fri, 13 Jun 2003 01:19:12 +0000 Subject: [PATCH] Add authpf 1.0, authentification shell for pf gateways. This port depends on security/pf first. PR: 52123 Submitted by: Max Laier --- security/Makefile | 1 + security/authpf/Makefile | 84 ++++++++++++++++++++++++++ security/authpf/distinfo | 1 + security/authpf/files/patch-aa | 27 +++++++++ security/authpf/files/pathnames.h.sed | 40 +++++++++++++ security/authpf/pkg-descr | 7 +++ security/authpf/pkg-install | 85 +++++++++++++++++++++++++++ security/authpf/pkg-message | 11 ++++ security/authpf/pkg-plist | 12 ++++ 9 files changed, 268 insertions(+) create mode 100644 security/authpf/Makefile create mode 100644 security/authpf/distinfo create mode 100644 security/authpf/files/patch-aa create mode 100644 security/authpf/files/pathnames.h.sed create mode 100644 security/authpf/pkg-descr create mode 100644 security/authpf/pkg-install create mode 100644 security/authpf/pkg-message create mode 100644 security/authpf/pkg-plist diff --git a/security/Makefile b/security/Makefile index cb2ee076534b..998f09020d52 100644 --- a/security/Makefile +++ b/security/Makefile @@ -15,6 +15,7 @@ SUBDIR += arirang SUBDIR += audit SUBDIR += authforce + SUBDIR += authpf SUBDIR += avcheck SUBDIR += avmailgate SUBDIR += bcwipe diff --git a/security/authpf/Makefile b/security/authpf/Makefile new file mode 100644 index 000000000000..87a44bda9e53 --- /dev/null +++ b/security/authpf/Makefile @@ -0,0 +1,84 @@ +# New ports collection makefile for: authpf +# Date created: 09 May 2003 +# Whom: Max Laier +# +# $FreeBSD$ +# + +PORTNAME= authpf +PORTVERSION= 1.0 +CATEGORIES= security ipv6 +MASTER_SITES= http://pf4freebsd.love2party.net/ +.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") +PKGNAMESUFFIX= -altq +.endif +DISTNAME= ${PORTNAME}_${PORTVERSION} +DISTFILES= pf_freebsd_${PORTVERSION}${EXTRACT_SUFX} + +MAINTAINER= max@love2party.net +COMMENT= Authentification shell for pf gateways + +WRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION} + +RUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf + +.if !defined(BATCH) && !defined(PACKAGE_BUILDING) +IS_INTERACTIVE= yes +.endif + +MAN8= authpf.8 + +MANCOMPRESSED= maybe + +MAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes + +SRC_BASE?= /usr/src +.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") +SYS_ALTQ?= ${SRC_BASE}/sys.altq +MAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}" +PLIST_SUB+= WITH_ALTQ="" +.else +PLIST_SUB+= WITH_ALTQ="@comment " +.endif + +.include + +.if ${OSVERSION} < 500000 +BROKEN= "Only for 5.0 and above" +.endif + +.if !exists(${SRC_BASE}/sys/Makefile) && \ + (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile) +BROKEN= "Kernel source files required" +.endif + +.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") +pre-fetch: + @${ECHO_CMD} "=======================================================" + @${ECHO_CMD} "* If you have ALTQ support from: *" + @${ECHO_CMD} "* http://www.rofug.ro/projects/freebsd-altq/ *" + @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *" + @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *" + @${ECHO_CMD} "* *" + @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *" + @${ECHO_CMD} "* *" + @${ECHO_CMD} "=======================================================" + @sleep 2 +.endif + +post-patch: + ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \ + ${WRKSRC}/authpf/pathnames.h + +pre-install: +.if !defined(BATCH) && !defined(PACKAGE_BUILDING) + @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL +.endif + +post-install: + ${MKDIR} ${PREFIX}/etc/authpf + ${MKDIR} ${PREFIX}/etc/authpf/users + ${MKDIR} ${PREFIX}/etc/authpf/banned + ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE} + +.include diff --git a/security/authpf/distinfo b/security/authpf/distinfo new file mode 100644 index 000000000000..38a8f2633367 --- /dev/null +++ b/security/authpf/distinfo @@ -0,0 +1 @@ +MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e diff --git a/security/authpf/files/patch-aa b/security/authpf/files/patch-aa new file mode 100644 index 000000000000..b0f6fe77b2b0 --- /dev/null +++ b/security/authpf/files/patch-aa @@ -0,0 +1,27 @@ +*** ./authpf/Makefile Thu Apr 17 04:17:07 2003 +--- ./authpf/Makefile Fri May 9 17:07:32 2003 +*************** +*** 3,15 **** + PROG= authpf + MAN= authpf.8 + BINOWN= root +! BINGRP= wheel + BINMODE= 6555 +! .if defined(PREFIX) && !empty(PREFIX) +! BINDIR= ${PREFIX}/libexec +! .else +! BINDIR= /usr/libexec +! .endif + SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c + SRCS+= pfctl_radix.c + #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror +--- 3,11 ---- + PROG= authpf + MAN= authpf.8 + BINOWN= root +! BINGRP= authpf + BINMODE= 6555 +! BINDIR= ${PREFIX}/sbin + SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c + SRCS+= pfctl_radix.c + #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror diff --git a/security/authpf/files/pathnames.h.sed b/security/authpf/files/pathnames.h.sed new file mode 100644 index 000000000000..6398866add39 --- /dev/null +++ b/security/authpf/files/pathnames.h.sed @@ -0,0 +1,40 @@ +/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */ + +/* + * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf" +#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow" +#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules" +#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem" +#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message" +#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users" +#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned" +#define PATH_DEVFILE "/dev/pf" +#define PATH_PIDFILE "/var/authpf" +#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf" diff --git a/security/authpf/pkg-descr b/security/authpf/pkg-descr new file mode 100644 index 000000000000..1b36b3718633 --- /dev/null +++ b/security/authpf/pkg-descr @@ -0,0 +1,7 @@ +This is an authentification shell that can change pf filterrules according +to the authentificated user. You will need a working installation of pf +and sshd as interconnect. For more information see http://www.OpenBSD.org/ + +WWW: http://pf4freebsd.love2party.net/ + +-Max diff --git a/security/authpf/pkg-install b/security/authpf/pkg-install new file mode 100644 index 000000000000..b7134e88cd5a --- /dev/null +++ b/security/authpf/pkg-install @@ -0,0 +1,85 @@ +#!/bin/sh +# an installation script for pf_freebsd copied from Wnn6 + +check_pw() +{ + if which -s pw; then + : + else + cat <