diff options
Diffstat (limited to 'security/authpf')
| -rw-r--r-- | security/authpf/Makefile | 84 | ||||
| -rw-r--r-- | security/authpf/distinfo | 1 | ||||
| -rw-r--r-- | security/authpf/files/patch-aa | 27 | ||||
| -rw-r--r-- | security/authpf/files/pathnames.h.sed | 40 | ||||
| -rw-r--r-- | security/authpf/pkg-descr | 7 | ||||
| -rw-r--r-- | security/authpf/pkg-install | 85 | ||||
| -rw-r--r-- | security/authpf/pkg-message | 11 | ||||
| -rw-r--r-- | security/authpf/pkg-plist | 12 |
8 files changed, 267 insertions, 0 deletions
diff --git a/security/authpf/Makefile b/security/authpf/Makefile new file mode 100644 index 0000000..87a44bd --- /dev/null +++ b/security/authpf/Makefile @@ -0,0 +1,84 @@ +# New ports collection makefile for: authpf +# Date created: 09 May 2003 +# Whom: Max Laier <max@love2party.net> +# +# $FreeBSD$ +# + +PORTNAME= authpf +PORTVERSION= 1.0 +CATEGORIES= security ipv6 +MASTER_SITES= http://pf4freebsd.love2party.net/ +.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") +PKGNAMESUFFIX= -altq +.endif +DISTNAME= ${PORTNAME}_${PORTVERSION} +DISTFILES= pf_freebsd_${PORTVERSION}${EXTRACT_SUFX} + +MAINTAINER= max@love2party.net +COMMENT= Authentification shell for pf gateways + +WRKSRC= ${WRKDIR}/pf_freebsd_${PORTVERSION} + +RUN_DEPENDS= ${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf + +.if !defined(BATCH) && !defined(PACKAGE_BUILDING) +IS_INTERACTIVE= yes +.endif + +MAN8= authpf.8 + +MANCOMPRESSED= maybe + +MAKE_ARGS= MANDIR="${PREFIX}/man/man" ONLY_AUTHPF=yes + +SRC_BASE?= /usr/src +.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") +SYS_ALTQ?= ${SRC_BASE}/sys.altq +MAKE_ARGS+= WITH_ALTQ="yes" SYS_ALTQ="${SYS_ALTQ}" +PLIST_SUB+= WITH_ALTQ="" +.else +PLIST_SUB+= WITH_ALTQ="@comment " +.endif + +.include <bsd.port.pre.mk> + +.if ${OSVERSION} < 500000 +BROKEN= "Only for 5.0 and above" +.endif + +.if !exists(${SRC_BASE}/sys/Makefile) && \ + (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile) +BROKEN= "Kernel source files required" +.endif + +.if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") +pre-fetch: + @${ECHO_CMD} "=======================================================" + @${ECHO_CMD} "* If you have ALTQ support from: *" + @${ECHO_CMD} "* http://www.rofug.ro/projects/freebsd-altq/ *" + @${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it *" + @${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src *" + @${ECHO_CMD} "* *" + @${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *" + @${ECHO_CMD} "* *" + @${ECHO_CMD} "=======================================================" + @sleep 2 +.endif + +post-patch: + ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PATCHDIR}/pathnames.h.sed > \ + ${WRKSRC}/authpf/pathnames.h + +pre-install: +.if !defined(BATCH) && !defined(PACKAGE_BUILDING) + @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL +.endif + +post-install: + ${MKDIR} ${PREFIX}/etc/authpf + ${MKDIR} ${PREFIX}/etc/authpf/users + ${MKDIR} ${PREFIX}/etc/authpf/banned + ${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/authpf/distinfo b/security/authpf/distinfo new file mode 100644 index 0000000..38a8f26 --- /dev/null +++ b/security/authpf/distinfo @@ -0,0 +1 @@ +MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e diff --git a/security/authpf/files/patch-aa b/security/authpf/files/patch-aa new file mode 100644 index 0000000..b0f6fe7 --- /dev/null +++ b/security/authpf/files/patch-aa @@ -0,0 +1,27 @@ +*** ./authpf/Makefile Thu Apr 17 04:17:07 2003 +--- ./authpf/Makefile Fri May 9 17:07:32 2003 +*************** +*** 3,15 **** + PROG= authpf + MAN= authpf.8 + BINOWN= root +! BINGRP= wheel + BINMODE= 6555 +! .if defined(PREFIX) && !empty(PREFIX) +! BINDIR= ${PREFIX}/libexec +! .else +! BINDIR= /usr/libexec +! .endif + SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c + SRCS+= pfctl_radix.c + #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror +--- 3,11 ---- + PROG= authpf + MAN= authpf.8 + BINOWN= root +! BINGRP= authpf + BINMODE= 6555 +! BINDIR= ${PREFIX}/sbin + SRCS= authpf.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c + SRCS+= pfctl_radix.c + #CFLAGS+= -I${.CURDIR}/../../sbin/pfctl -Wall -Werror diff --git a/security/authpf/files/pathnames.h.sed b/security/authpf/files/pathnames.h.sed new file mode 100644 index 0000000..6398866 --- /dev/null +++ b/security/authpf/files/pathnames.h.sed @@ -0,0 +1,40 @@ +/* $OpenBSD: pathnames.h,v 1.5 2002/10/25 18:35:33 camield Exp $ */ + +/* + * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define PATH_CONFFILE "%%PREFIX%%/etc/authpf/authpf.conf" +#define PATH_ALLOWFILE "%%PREFIX%%/etc/authpf/authpf.allow" +#define PATH_PFRULES "%%PREFIX%%/etc/authpf/authpf.rules" +#define PATH_PROBLEM "%%PREFIX%%/etc/authpf/authpf.problem" +#define PATH_MESSAGE "%%PREFIX%%/etc/authpf/authpf.message" +#define PATH_USER_DIR "%%PREFIX%%/etc/authpf/users" +#define PATH_BAN_DIR "%%PREFIX%%/etc/authpf/banned" +#define PATH_DEVFILE "/dev/pf" +#define PATH_PIDFILE "/var/authpf" +#define PATH_AUTHPF_SHELL "%%PREFIX%%/sbin/authpf" diff --git a/security/authpf/pkg-descr b/security/authpf/pkg-descr new file mode 100644 index 0000000..1b36b37 --- /dev/null +++ b/security/authpf/pkg-descr @@ -0,0 +1,7 @@ +This is an authentification shell that can change pf filterrules according +to the authentificated user. You will need a working installation of pf +and sshd as interconnect. For more information see http://www.OpenBSD.org/ + +WWW: http://pf4freebsd.love2party.net/ + +-Max <reports@pf4freebsd.love2party.net> diff --git a/security/authpf/pkg-install b/security/authpf/pkg-install new file mode 100644 index 0000000..b7134e8 --- /dev/null +++ b/security/authpf/pkg-install @@ -0,0 +1,85 @@ +#!/bin/sh +# an installation script for pf_freebsd copied from Wnn6 + +check_pw() +{ + if which -s pw; then + : + else + cat <<EOF + +This system looks like a pre-2.2 version of FreeBSD. We see that it +is missing the "pw" utility. We need this utility. Please get and +install it, and try again. You can get the source from: + + ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz + +EOF + exit 1 + fi +} + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} (y/n) [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +check_group() { + local name id + + name=$1 + id=$2 + #check + # We need a command 'pw(8)' + check_pw + if pw groupshow $name -q ; then + return 0 + fi + if pw groupadd -g $id -n $name -N -q ; then + echo "" + echo "You need a group '$name' whose ID number is $id" + if yesno "Would you like to create it automatically?" y; then + pw groupadd -g $id -n $name + return 0 + fi + fi + echo "" + echo "I was not able to add group 'proxy:*:71:' as pw reported:" + pw groupadd -g $id -n $name -N + echo "Please correct this and try again!" + echo "" + return 1 +} + +case $2 in +PRE-INSTALL) + + if ! check_group authpf 72 ; then + exit 1 + fi + ;; +esac diff --git a/security/authpf/pkg-message b/security/authpf/pkg-message new file mode 100644 index 0000000..81a14c2 --- /dev/null +++ b/security/authpf/pkg-message @@ -0,0 +1,11 @@ +=========================================================================== +Please note that authpf requires suid bit! Take a look at the man page NOW +authpf(8) and create the following files according to your needs: + + %%PREFIX%%/etc/authpf/authpf.conf + %%PREFIX%%/etc/authpf/authpf.allow + %%PREFIX%%/etc/authpf/authpf.rules + %%PREFIX%%/etc/authpf/authpf.message + %%PREFIX%%/etc/authpf/authpf.problem + +=========================================================================== diff --git a/security/authpf/pkg-plist b/security/authpf/pkg-plist new file mode 100644 index 0000000..dfac6c1 --- /dev/null +++ b/security/authpf/pkg-plist @@ -0,0 +1,12 @@ +@group authpf +@owner root +@mode 6555 +sbin/authpf +@group +@owner +@mode + +@dirrm etc/authpf/users +@dirrm etc/authpf/banned +@dirrm etc/authpf + |
