Add authpf 1.0, authentification shell for pf gateways. This port depends

on security/pf first. PR: 52123 Submitted by: Max Laier <max@love2party.net>
svn path=/head/; revision=82909
2024-10-22 20:41:26 +00:00 · 2003-06-13 01:19:12 +00:00 · 2003-06-13 01:19:12 +00:00 · 90306dc116 · 2021-03-31 03:12:20 +00:00
commit 90306dc116
parent 03667b3c5e
9 changed files with 268 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -15,6 +15,7 @@
    SUBDIR += arirang
    SUBDIR += audit
    SUBDIR += authforce
    SUBDIR += authpf
    SUBDIR += avcheck
    SUBDIR += avmailgate
    SUBDIR += bcwipe
--- a/security/authpf/Makefile
+++ b/security/authpf/Makefile
@ -0,0 +1,84 @@
 # New ports collection makefile for:	authpf
 # Date created:		09 May 2003
 # Whom:			Max Laier <max@love2party.net>
 #
 # $FreeBSD$
 #
 PORTNAME=	authpf
 PORTVERSION=	1.0
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
 PKGNAMESUFFIX=	-altq
 .endif
 DISTNAME=	${PORTNAME}_${PORTVERSION}
 DISTFILES=	pf_freebsd_${PORTVERSION}${EXTRACT_SUFX}
 MAINTAINER=	max@love2party.net
 COMMENT=	Authentification shell for pf gateways
 WRKSRC=		${WRKDIR}/pf_freebsd_${PORTVERSION}
 RUN_DEPENDS=	${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf
 .if !defined(BATCH) && !defined(PACKAGE_BUILDING)
 IS_INTERACTIVE= yes
 .endif
 MAN8=		authpf.8
 MANCOMPRESSED=	maybe
 MAKE_ARGS=	MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes
 SRC_BASE?=	/usr/src
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
 SYS_ALTQ?=	${SRC_BASE}/sys.altq
 MAKE_ARGS+=	WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}"
 PLIST_SUB+=	WITH_ALTQ=""
 .else
 PLIST_SUB+=	WITH_ALTQ="@comment "
 .endif
 .include <bsd.port.pre.mk>
 .if ${OSVERSION} < 500000
 BROKEN=	"Only for 5.0 and above"
 .endif
 .if !exists(${SRC_BASE}/sys/Makefile) && \
    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
 BROKEN=	"Kernel source files required"
 .endif
 .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
 pre-fetch:
 	@${ECHO_CMD} "======================================================="
 	@${ECHO_CMD} "* If you have ALTQ support from:                      *"
 	@${ECHO_CMD} "*   http://www.rofug.ro/projects/freebsd-altq/        *"
 	@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it  *"
 	@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src  *"
 	@${ECHO_CMD} "*                                                     *"
 	@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *"
 	@${ECHO_CMD} "*                                                     *"
 	@${ECHO_CMD} "======================================================="
 	@sleep 2
 .endif
 post-patch:
 	${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \
 	${WRKSRC}/authpf/pathnames.h
 pre-install:
 .if !defined(BATCH) && !defined(PACKAGE_BUILDING)
 	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 .endif
 post-install:
 	${MKDIR} ${PREFIX}/etc/authpf
 	${MKDIR} ${PREFIX}/etc/authpf/users
 	${MKDIR} ${PREFIX}/etc/authpf/banned
 	${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
 .include <bsd.port.post.mk>
--- a/security/authpf/distinfo
+++ b/security/authpf/distinfo
@ -0,0 +1 @@
 MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e
--- a/security/authpf/files/patch-aa
+++ b/security/authpf/files/patch-aa
@ -0,0 +1,27 @@
 *** ./authpf/Makefile				Thu Apr 17 04:17:07 2003
 --- ./authpf/Makefile				Fri May  9 17:07:32 2003
 ***************
 *** 3,15 ****
  PROG=	authpf
  MAN=	authpf.8
  BINOWN= root
 ! BINGRP= wheel
  BINMODE= 6555
 ! .if defined(PREFIX) && !empty(PREFIX)
 ! BINDIR= ${PREFIX}/libexec
 ! .else
 ! BINDIR= /usr/libexec
 ! .endif
  SRCS=	authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
  SRCS+=	pfctl_radix.c
  #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
 --- 3,11 ----
  PROG=	authpf
  MAN=	authpf.8
  BINOWN= root
 ! BINGRP= authpf
  BINMODE= 6555
 ! BINDIR= ${PREFIX}/sbin
  SRCS=	authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
  SRCS+=	pfctl_radix.c
  #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror
--- a/security/authpf/files/pathnames.h.sed
+++ b/security/authpf/files/pathnames.h.sed
@ -0,0 +1,40 @@
 /*	$OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $	*/
 /*
 * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca)
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the author nor the names of contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
 #define PATH_CONFFILE		"%%PREFIX%%/etc/authpf/authpf.conf"
 #define PATH_ALLOWFILE		"%%PREFIX%%/etc/authpf/authpf.allow"
 #define PATH_PFRULES		"%%PREFIX%%/etc/authpf/authpf.rules"
 #define PATH_PROBLEM		"%%PREFIX%%/etc/authpf/authpf.problem"
 #define PATH_MESSAGE		"%%PREFIX%%/etc/authpf/authpf.message"
 #define PATH_USER_DIR		"%%PREFIX%%/etc/authpf/users"
 #define PATH_BAN_DIR		"%%PREFIX%%/etc/authpf/banned"
 #define PATH_DEVFILE		"/dev/pf"
 #define PATH_PIDFILE		"/var/authpf"
 #define PATH_AUTHPF_SHELL	"%%PREFIX%%/sbin/authpf"
--- a/security/authpf/pkg-descr
+++ b/security/authpf/pkg-descr
@ -0,0 +1,7 @@
 This is an authentification shell that can change pf filterrules according
 to the authentificated user. You will need a working installation of pf 
 and sshd as interconnect. For more information see http://www.OpenBSD.org/
 WWW: http://pf4freebsd.love2party.net/
 -Max <reports@pf4freebsd.love2party.net>
--- a/security/authpf/pkg-install
+++ b/security/authpf/pkg-install
@ -0,0 +1,85 @@
 #!/bin/sh
 # an installation script for pf_freebsd copied from Wnn6
 check_pw()
 {
    if which -s pw; then
 	:
    else
 	cat <<EOF
 This system looks like a pre-2.2 version of FreeBSD.  We see that it
 is missing the "pw" utility.  We need this utility.  Please get and
 install it, and try again.  You can get the source from:
  ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
 EOF
 	exit 1
    fi
 }
 ask() {
    local question default answer
    question=$1
    default=$2
    if [ -z "${PACKAGE_BUILDING}" ]; then
 	read -p "${question} (y/n) [${default}]? " answer
    fi
    if [ x${answer} = x ]; then
 	answer=${default}
    fi
    echo ${answer}
 }
 yesno() {
    local dflt question answer
    question=$1
    dflt=$2
    while :; do
 	answer=$(ask "${question}" "${dflt}")
 	case "${answer}" in
 	[Yy]*)		return 0;;
 	[Nn]*)		return 1;;
 	esac
 	echo "Please answer yes or no."
    done
 }
 check_group() {
    local name id
    name=$1
    id=$2
    #check
    # We need a command 'pw(8)'
    check_pw
    if pw groupshow $name -q ; then
 	return 0
    fi
    if pw groupadd -g $id -n $name -N -q ; then 
    	echo ""
    	echo "You need a group '$name' whose ID number is $id"
    	if yesno "Would you like to create it automatically?" y; then
 	    pw groupadd -g $id -n $name
 	    return 0
 	fi
    fi
    echo ""
    echo "I was not able to add group 'proxy:*:71:' as pw reported:"
    pw groupadd -g $id -n $name -N
    echo "Please correct this and try again!"
    echo ""
    return 1
 }
 case $2 in
 PRE-INSTALL)
    if ! check_group authpf 72 ; then 
 	exit 1
    fi
    ;;
 esac
--- a/security/authpf/pkg-message
+++ b/security/authpf/pkg-message
@ -0,0 +1,11 @@
 ===========================================================================
 Please note that authpf requires suid bit! Take a look at the man page NOW
 authpf(8) and create the following files according to your needs:
 	%%PREFIX%%/etc/authpf/authpf.conf
 	%%PREFIX%%/etc/authpf/authpf.allow
 	%%PREFIX%%/etc/authpf/authpf.rules
 	%%PREFIX%%/etc/authpf/authpf.message
 	%%PREFIX%%/etc/authpf/authpf.problem
 ===========================================================================
--- a/security/authpf/pkg-plist
+++ b/security/authpf/pkg-plist
@ -0,0 +1,12 @@
@group authpf
@owner root
@mode 6555
 sbin/authpf
@group
@owner
@mode
@dirrm etc/authpf/users
@dirrm etc/authpf/banned
@dirrm etc/authpf
		`@ -0,0 +1 @@`
							`MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e`