mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-22 20:41:26 +00:00
Add authpf 1.0, authentification shell for pf gateways. This port depends
on security/pf first. PR: 52123 Submitted by: Max Laier <max@love2party.net>
This commit is contained in:
parent
03667b3c5e
commit
90306dc116
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=82909
@ -15,6 +15,7 @@
|
|||||||
SUBDIR += arirang
|
SUBDIR += arirang
|
||||||
SUBDIR += audit
|
SUBDIR += audit
|
||||||
SUBDIR += authforce
|
SUBDIR += authforce
|
||||||
|
SUBDIR += authpf
|
||||||
SUBDIR += avcheck
|
SUBDIR += avcheck
|
||||||
SUBDIR += avmailgate
|
SUBDIR += avmailgate
|
||||||
SUBDIR += bcwipe
|
SUBDIR += bcwipe
|
||||||
|
84
security/authpf/Makefile
Normal file
84
security/authpf/Makefile
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
# New ports collection makefile for: authpf
|
||||||
|
# Date created: 09 May 2003
|
||||||
|
# Whom: Max Laier <max@love2party.net>
|
||||||
|
#
|
||||||
|
# $FreeBSD$
|
||||||
|
#
|
||||||
|
|
||||||
|
PORTNAME= authpf
|
||||||
|
PORTVERSION= 1.0
|
||||||
|
CATEGORIES= security ipv6
|
||||||
|
MASTER_SITES= http://pf4freebsd.love2party.net/
|
||||||
|
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
|
||||||
|
PKGNAMESUFFIX= -altq
|
||||||
|
.endif
|
||||||
|
DISTNAME= ${PORTNAME}_${PORTVERSION}
|
||||||
|
DISTFILES= pf_freebsd_${PORTVERSION}${EXTRACT_SUFX}
|
||||||
|
|
||||||
|
MAINTAINER= max@love2party.net
|
||||||
|
COMMENT= Authentification shell for pf gateways
|
||||||
|
|
||||||
|
WRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION}
|
||||||
|
|
||||||
|
RUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf
|
||||||
|
|
||||||
|
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
|
||||||
|
IS_INTERACTIVE= yes
|
||||||
|
.endif
|
||||||
|
|
||||||
|
MAN8= authpf.8
|
||||||
|
|
||||||
|
MANCOMPRESSED= maybe
|
||||||
|
|
||||||
|
MAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes
|
||||||
|
|
||||||
|
SRC_BASE?= /usr/src
|
||||||
|
.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
|
||||||
|
SYS_ALTQ?= ${SRC_BASE}/sys.altq
|
||||||
|
MAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
|
||||||
|
PLIST_SUB+= WITH_ALTQ=""
|
||||||
|
.else
|
||||||
|
PLIST_SUB+= WITH_ALTQ="@comment "
|
||||||
|
.endif
|
||||||
|
|
||||||
|
.include <bsd.port.pre.mk>
|
||||||
|
|
||||||
|
.if ${OSVERSION} < 500000
|
||||||
|
BROKEN= "Only for 5.0 and above"
|
||||||
|
.endif
|
||||||
|
|
||||||
|
.if !exists(${SRC_BASE}/sys/Makefile) && \
|
||||||
|
(defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
|
||||||
|
BROKEN= "Kernel source files required"
|
||||||
|
.endif
|
||||||
|
|
||||||
|
.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
|
||||||
|
pre-fetch:
|
||||||
|
@${ECHO_CMD} "======================================================="
|
||||||
|
@${ECHO_CMD} "* If you have ALTQ support from: *"
|
||||||
|
@${ECHO_CMD} "* http://www.rofug.ro/projects/freebsd-altq/ *"
|
||||||
|
@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *"
|
||||||
|
@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *"
|
||||||
|
@${ECHO_CMD} "* *"
|
||||||
|
@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *"
|
||||||
|
@${ECHO_CMD} "* *"
|
||||||
|
@${ECHO_CMD} "======================================================="
|
||||||
|
@sleep 2
|
||||||
|
.endif
|
||||||
|
|
||||||
|
post-patch:
|
||||||
|
${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \
|
||||||
|
${WRKSRC}/authpf/pathnames.h
|
||||||
|
|
||||||
|
pre-install:
|
||||||
|
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
|
||||||
|
@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
|
||||||
|
.endif
|
||||||
|
|
||||||
|
post-install:
|
||||||
|
${MKDIR} ${PREFIX}/etc/authpf
|
||||||
|
${MKDIR} ${PREFIX}/etc/authpf/users
|
||||||
|
${MKDIR} ${PREFIX}/etc/authpf/banned
|
||||||
|
${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
|
||||||
|
|
||||||
|
.include <bsd.port.post.mk>
|
1
security/authpf/distinfo
Normal file
1
security/authpf/distinfo
Normal file
@ -0,0 +1 @@
|
|||||||
|
MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e
|
27
security/authpf/files/patch-aa
Normal file
27
security/authpf/files/patch-aa
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
*** ./authpf/Makefile Thu Apr 17 04:17:07 2003
|
||||||
|
--- ./authpf/Makefile Fri May 9 17:07:32 2003
|
||||||
|
***************
|
||||||
|
*** 3,15 ****
|
||||||
|
PROG= authpf
|
||||||
|
MAN= authpf.8
|
||||||
|
BINOWN= root
|
||||||
|
! BINGRP= wheel
|
||||||
|
BINMODE= 6555
|
||||||
|
! .if defined(PREFIX) && !empty(PREFIX)
|
||||||
|
! BINDIR= ${PREFIX}/libexec
|
||||||
|
! .else
|
||||||
|
! BINDIR= /usr/libexec
|
||||||
|
! .endif
|
||||||
|
SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
|
||||||
|
SRCS+= pfctl_radix.c
|
||||||
|
#CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
|
||||||
|
--- 3,11 ----
|
||||||
|
PROG= authpf
|
||||||
|
MAN= authpf.8
|
||||||
|
BINOWN= root
|
||||||
|
! BINGRP= authpf
|
||||||
|
BINMODE= 6555
|
||||||
|
! BINDIR= ${PREFIX}/sbin
|
||||||
|
SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
|
||||||
|
SRCS+= pfctl_radix.c
|
||||||
|
#CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
|
40
security/authpf/files/pathnames.h.sed
Normal file
40
security/authpf/files/pathnames.h.sed
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca)
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
* 3. Neither the name of the author nor the names of contributors
|
||||||
|
* may be used to endorse or promote products derived from this software
|
||||||
|
* without specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||||
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
* SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf"
|
||||||
|
#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow"
|
||||||
|
#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules"
|
||||||
|
#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem"
|
||||||
|
#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message"
|
||||||
|
#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users"
|
||||||
|
#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned"
|
||||||
|
#define PATH_DEVFILE "/dev/pf"
|
||||||
|
#define PATH_PIDFILE "/var/authpf"
|
||||||
|
#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf"
|
7
security/authpf/pkg-descr
Normal file
7
security/authpf/pkg-descr
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
This is an authentification shell that can change pf filterrules according
|
||||||
|
to the authentificated user. You will need a working installation of pf
|
||||||
|
and sshd as interconnect. For more information see http://www.OpenBSD.org/
|
||||||
|
|
||||||
|
WWW: http://pf4freebsd.love2party.net/
|
||||||
|
|
||||||
|
-Max <reports@pf4freebsd.love2party.net>
|
85
security/authpf/pkg-install
Normal file
85
security/authpf/pkg-install
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# an installation script for pf_freebsd copied from Wnn6
|
||||||
|
|
||||||
|
check_pw()
|
||||||
|
{
|
||||||
|
if which -s pw; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
This system looks like a pre-2.2 version of FreeBSD. We see that it
|
||||||
|
is missing the "pw" utility. We need this utility. Please get and
|
||||||
|
install it, and try again. You can get the source from:
|
||||||
|
|
||||||
|
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
|
||||||
|
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ask() {
|
||||||
|
local question default answer
|
||||||
|
|
||||||
|
question=$1
|
||||||
|
default=$2
|
||||||
|
if [ -z "${PACKAGE_BUILDING}" ]; then
|
||||||
|
read -p "${question} (y/n) [${default}]? " answer
|
||||||
|
fi
|
||||||
|
if [ x${answer} = x ]; then
|
||||||
|
answer=${default}
|
||||||
|
fi
|
||||||
|
echo ${answer}
|
||||||
|
}
|
||||||
|
|
||||||
|
yesno() {
|
||||||
|
local dflt question answer
|
||||||
|
|
||||||
|
question=$1
|
||||||
|
dflt=$2
|
||||||
|
while :; do
|
||||||
|
answer=$(ask "${question}" "${dflt}")
|
||||||
|
case "${answer}" in
|
||||||
|
[Yy]*) return 0;;
|
||||||
|
[Nn]*) return 1;;
|
||||||
|
esac
|
||||||
|
echo "Please answer yes or no."
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
check_group() {
|
||||||
|
local name id
|
||||||
|
|
||||||
|
name=$1
|
||||||
|
id=$2
|
||||||
|
#check
|
||||||
|
# We need a command 'pw(8)'
|
||||||
|
check_pw
|
||||||
|
if pw groupshow $name -q ; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if pw groupadd -g $id -n $name -N -q ; then
|
||||||
|
echo ""
|
||||||
|
echo "You need a group '$name' whose ID number is $id"
|
||||||
|
if yesno "Would you like to create it automatically?" y; then
|
||||||
|
pw groupadd -g $id -n $name
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
echo ""
|
||||||
|
echo "I was not able to add group 'proxy:*:71:' as pw reported:"
|
||||||
|
pw groupadd -g $id -n $name -N
|
||||||
|
echo "Please correct this and try again!"
|
||||||
|
echo ""
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
case $2 in
|
||||||
|
PRE-INSTALL)
|
||||||
|
|
||||||
|
if ! check_group authpf 72 ; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
11
security/authpf/pkg-message
Normal file
11
security/authpf/pkg-message
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
===========================================================================
|
||||||
|
Please note that authpf requires suid bit! Take a look at the man page NOW
|
||||||
|
authpf(8) and create the following files according to your needs:
|
||||||
|
|
||||||
|
%%PREFIX%%/etc/authpf/authpf.conf
|
||||||
|
%%PREFIX%%/etc/authpf/authpf.allow
|
||||||
|
%%PREFIX%%/etc/authpf/authpf.rules
|
||||||
|
%%PREFIX%%/etc/authpf/authpf.message
|
||||||
|
%%PREFIX%%/etc/authpf/authpf.problem
|
||||||
|
|
||||||
|
===========================================================================
|
12
security/authpf/pkg-plist
Normal file
12
security/authpf/pkg-plist
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
@group authpf
|
||||||
|
@owner root
|
||||||
|
@mode 6555
|
||||||
|
sbin/authpf
|
||||||
|
@group
|
||||||
|
@owner
|
||||||
|
@mode
|
||||||
|
|
||||||
|
@dirrm etc/authpf/users
|
||||||
|
@dirrm etc/authpf/banned
|
||||||
|
@dirrm etc/authpf
|
||||||
|
|
Loading…
Reference in New Issue
Block a user