[Midnightbsd-cvs] mports: security/pam_ldap: add pam_ldap module
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Oct 7 10:51:20 EDT 2007
Log Message:
-----------
add pam_ldap module
Added Files:
-----------
mports/security/pam_ldap:
Makefile (r1.1)
distinfo (r1.1)
pkg-descr (r1.1)
pkg-message (r1.1)
pkg-plist (r1.1)
mports/security/pam_ldap/files:
patch-aa (r1.1)
patch-ab (r1.1)
patch-configure (r1.1)
-------------- next part --------------
--- /dev/null
+++ security/pam_ldap/pkg-message
@@ -0,0 +1,6 @@
+Copy %%PREFIX%%/etc/ldap.conf.dist to %%PREFIX%%/etc/ldap.conf, then edit
+%%PREFIX%%/etc/ldap.conf in order to use this module. Add a line similar to
+the following to /etc/pam.conf on 4.X, or create an /etc/pam.d/ldap
+on 5.X and higher with a line similar to the following:
+
+login auth sufficient %%PREFIX%%/lib/pam_ldap.so
--- /dev/null
+++ security/pam_ldap/pkg-descr
@@ -0,0 +1,3 @@
+This is a PAM module for authenticating with LDAP.
+
+WWW: http://www.padl.com/OSS/pam_ldap.html
--- /dev/null
+++ security/pam_ldap/pkg-plist
@@ -0,0 +1,2 @@
+etc/ldap.conf.dist
+lib/pam_ldap.so
--- /dev/null
+++ security/pam_ldap/Makefile
@@ -0,0 +1,40 @@
+# New ports collection makefile for: pam_ldap
+# Date created: 26 May 2001
+# Whom: Joe Clarke <marcus at marcuscom.com>
+#
+# $MidnightBSD: mports/security/pam_ldap/Makefile,v 1.1 2007/10/07 14:51:17 laffer1 Exp $
+# $FreeBSD: ports/security/pam_ldap/Makefile,v 1.38 2006/07/09 06:51:06 marcus Exp $
+#
+
+PORTNAME= pam_ldap
+PORTVERSION= 1.8.2
+CATEGORIES= security net
+MASTER_SITES= http://www.padl.com/download/ \
+ ftp://ftp.padl.com/pub/
+DISTNAME= pam_ldap-${PORTVERSION:S/.//g}
+
+MAINTAINER= ports at MidnightBSD.org
+COMMENT= A pam module for authenticating with LDAP
+
+USE_GMAKE= yes
+GNU_CONFIGURE= yes
+USE_OPENLDAP= yes
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION:S/.//g}
+CONFIGURE_ARGS= --with-ldap-lib=openldap \
+ --with-ldap-dir=${LOCALBASE} \
+ --with-ldap-conf-file=${PREFIX}/etc/ldap.conf \
+ --with-ldap-secret-file=${PREFIX}/etc/ldap.secret
+CONFIGURE_TARGET=--build=${MACHINE_ARCH}-unknown-freebsd6.0
+
+PKGMESSAGE= ${WRKDIR}/pkg-message
+
+MAN5= pam_ldap.5
+
+post-extract:
+ @${FIND} ${WRKSRC} -type f | ${XARGS} ${TOUCH} -f
+
+post-install:
+ @${SED} -e 's|%%PREFIX%%|${PREFIX}|g' < ${PKGDIR}/pkg-message \
+ | /usr/bin/fmt 75 79 > ${PKGMESSAGE}
+
+.include <bsd.port.mk>
--- /dev/null
+++ security/pam_ldap/distinfo
@@ -0,0 +1,3 @@
+MD5 (pam_ldap-182.tar.gz) = 08f78beb40ee62d4c60e9b21934ebb83
+SHA256 (pam_ldap-182.tar.gz) = 50f886627f46f28c89276d588863b82c3179dcf47f9059f2921aa85453fb2773
+SIZE (pam_ldap-182.tar.gz) = 127582
--- /dev/null
+++ security/pam_ldap/files/patch-configure
@@ -0,0 +1,11 @@
+--- configure.orig Sun Mar 31 16:31:53 2002
++++ configure Sun Mar 31 16:32:13 2002
+@@ -1458,7 +1458,7 @@
+ CPPFLAGS="$CPPFLAGS -DLDAP_REFERRALS"
+
+ case "$target_os" in
+-freebsd*) CPPFLAGS="$CPPFLAGS -DPIC -D_REENTRANT" ;;
++freebsd*) CPPFLAGS="$CPPFLAGS -DPIC -D_REENTRANT $PTHREAD_CFLAGS" ;;
+ aix*) CPPFLAGS="$CPPFLAGS -D_THREAD_SAFE" ;;
+ *) CPPFLAGS="$CPPFLAGS -D_REENTRANT" ;;
+ esac
--- /dev/null
+++ security/pam_ldap/files/patch-ab
@@ -0,0 +1,145 @@
+--- pam_ldap.c.orig Sun Oct 31 02:42:54 2004
++++ pam_ldap.c Sun Oct 31 02:48:03 2004
+@@ -131,12 +131,7 @@
+ #include "pam_ldap.h"
+ #include "md5.h"
+
+-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H)
+- /* FIXME: is there something better to check? */
+ #define CONST_ARG const
+-#else
+-#define CONST_ARG
+-#endif
+
+ #ifndef HAVE_LDAP_MEMFREE
+ #define ldap_memfree(x) free(x)
+@@ -3137,7 +3132,7 @@
+ int rc;
+ const char *username;
+ char *p;
+- int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
++ int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
+ int i;
+ pam_ldap_session_t *session = NULL;
+ const char *configFile = NULL;
+@@ -3158,6 +3153,8 @@
+ ;
+ else if (!strcmp (argv[i], "debug"))
+ ;
++ else if (!strcmp (argv[i], "migrate"))
++ migrate = 1;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+@@ -3171,6 +3168,22 @@
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
++ /* start of migrate facility in "pam_ldap authentication" */
++ if (migrate==1 && rc==PAM_SUCCESS)
++ {
++ /* check if specified username exists in LDAP */
++ if (_get_user_info(session,username)==PAM_SUCCESS)
++ {
++ /*
++ overwrite old LDAP userPassword with a new password
++ obtained during pam authentication process
++ - rootbinddn and ldap.secret must be set
++ */
++ rc=_update_authtok(pamh,session,username,NULL,p);
++ return PAM_IGNORE;
++ }
++ }
++ /* end of migrate facility in "pam_ldap authentication" */
+ if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
+ {
+ rc = _do_authentication (pamh, session, username, p);
+@@ -3419,11 +3432,11 @@
+ {
+ _conv_sendmsg (appconv, "Password change aborted",
+ PAM_ERROR_MSG, no_warn);
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif
+ }
+ else
+ {
+@@ -3437,7 +3450,7 @@
+ if (curpass == NULL)
+ return PAM_MAXTRIES; /* maximum tries exceeded */
+ else
+- pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
++ pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
+ }
+ else
+ {
+@@ -3465,11 +3478,11 @@
+ syslog (LOG_ERR,
+ "pam_ldap: error getting old authentication token (%s)",
+ pam_strerror (pamh, rc));
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ if (try_first_pass || use_first_pass)
+@@ -3479,11 +3492,11 @@
+ newpass = NULL;
+
+ if (use_first_pass && newpass == NULL)
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ tries = 0;
+@@ -3533,11 +3546,11 @@
+ }
+ else
+ {
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ if (cmiscptr == NULL)
+@@ -3569,11 +3582,11 @@
+ {
+ _conv_sendmsg (appconv, "Password change aborted",
+ PAM_ERROR_MSG, no_warn);
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+ }
+ else if (!strcmp (newpass, miscptr))
--- /dev/null
+++ security/pam_ldap/files/patch-aa
@@ -0,0 +1,23 @@
+--- Makefile.in.orig Sat Aug 20 18:44:27 2005
++++ Makefile.in Sat Aug 20 18:45:57 2005
+@@ -434,17 +434,13 @@
+
+ install-exec-local: pam_ldap.so
+ @$(NORMAL_INSTALL)
+- $(mkinstalldirs) $(DESTDIR)$(libdir)/security
+- at EXTENSION_SO_TRUE@ $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so
+- at EXTENSION_SO_FALSE@@EXTENSION_1_TRUE@ $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/libpam_ldap.1
+- at EXTENSION_SO_FALSE@@EXTENSION_1_FALSE@ $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so.1
+- at EXTENSION_SO_FALSE@@EXTENSION_1_FALSE@ (cd $(DESTDIR)$(libdir)/security; rm -f pam_ldap.so; ln -s pam_ldap.so.1 pam_ldap.so)
++ $(INSTALL_PROGRAM) -o root -g wheel pam_ldap.so $(DESTDIR)$(libdir)/pam_ldap.so
+
+ install-data-local:
+ @$(NORMAL_INSTALL)
+- @if test ! -f $(DESTDIR)$(sysconfdir)/ldap.conf; then \
++ @if test ! -f $(DESTDIR)$(sysconfdir)/ldap.conf.dist; then \
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
+- $(INSTALL_DATA) -o root -g root $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \
++ $(INSTALL_DATA) -o root -g wheel $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf.dist; \
+ fi
+
+ uninstall-local:
More information about the Midnightbsd-cvs
mailing list