netbsd-bugs: pkg/18871: some "enhancements" for security/cyrus-sasl2

Subject: pkg/18871: some "enhancements" for security/cyrus-sasl2
To: None <gnats-bugs@gnats.netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 10/30/2002 22:20:57
>Number:         18871
>Category:       pkg
>Synopsis:       some "enhancements" for security/cyrus-sasl2
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 30 19:22:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Greg A. Woods
>Release:        pkgsrc-current 2002/10/29
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD 1.5W
Architecture: i386
Machine: i386
>Description:

	The testsaslauthd program should probaby be installed, though in
	such a way that it's executable only by root.

	OpenSSL is only really needed for OTP support.  Instead of
	adding yet another variable like SASL_USE_OTP I went the other
	way and used an existing *_USE_SSL trick I've been maintaining
	in my local pkgsrc to control this feature.

	I've also enabled USE_GMAKE.  With --include-deps the generated
	makefiles work _much_ better with gmake.

	Also note: as was mentioned on one of the lists the other day
	SASL should probably use the native db library for its database
	instead of the ndbm compatability interface, but when I tried
	this I soon learned why (its configure wants a real libdbdb!):

	checking for db.h... yes
	checking for db_create in -ldb-4.1... no
	checking for db_create in -ldb4.1... no
	checking for db_create in -ldb-4.0... no
	checking for db_create in -ldb4.0... no
	checking for db_create in -ldb-4... no
	checking for db_create in -ldb4... no
	checking for db_create in -ldb-3.3... no
	checking for db_create in -ldb3.3... no
	checking for db_create in -ldb-3.2... no
	checking for db_create in -ldb3.2... no
	checking for db_create in -ldb-3.1... no
	checking for db_create in -ldb3.1... no
	checking for db_create in -ldb-3... no
	checking for db_create in -ldb3... no
	checking for db_create in -ldb... no
	checking for db_open in -ldb... no
	checking DB library to use... no
	configure: warning: Disabling SASL authentication database support

	I didn't bother to try to fix this -- I'm only using the
	'getpwent' mechanism.  :-)

>How-To-Repeat:

>Fix:

	the bits with SASL_USE_SSL go along with a change to
	bsd.pkg.defaults.mk that I've left out. 

Index: security/cyrus-sasl2/PLIST.common
===================================================================
RCS file: /cvs/master/m-NetBSD/main/pkgsrc/security/cyrus-sasl2/PLIST.common,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 PLIST.common
*** security/cyrus-sasl2/PLIST.common	27 Oct 2002 15:09:00 -0000	1.1.1.1
--- security/cyrus-sasl2/PLIST.common	31 Oct 2002 02:07:03 -0000
***************
*** 59,64 ****
--- 59,65 ----
  sbin/saslauthd
  sbin/sasldblistusers2
  sbin/saslpasswd2
+ sbin/testsaslauthd
  share/doc/html/cyrus-sasl/advanced.html
  share/doc/html/cyrus-sasl/appconvert.html
  share/doc/html/cyrus-sasl/draft-burdis-cat-srp-sasl-06.txt
Index: security/cyrus-sasl2/Makefile
===================================================================
RCS file: /cvs/master/m-NetBSD/main/pkgsrc/security/cyrus-sasl2/Makefile,v
retrieving revision 1.2
diff -c -r1.2 Makefile
*** security/cyrus-sasl2/Makefile	27 Oct 2002 23:32:36 -0000	1.2
--- security/cyrus-sasl2/Makefile	31 Oct 2002 03:19:52 -0000
***************
*** 13,18 ****
--- 13,19 ----
  USE_BUILDLINK2=		YES
  AUTOMAKE_REQD=		1.4
  GNU_CONFIGURE=		YES
+ USE_GMAKE=		YES
  USE_LIBTOOL=		YES
  LTCONFIG_OVERRIDE=	${WRKSRC}/config/ltconfig
  
***************
*** 39,45 ****
--- 40,52 ----
  CONFIGURE_ARGS+=	--with-dbpath=${PKG_SYSCONFDIR}/sasldb
  CONFIGURE_ARGS+=	--with-plugindir=${PREFIX}/lib/sasl2
  CONFIGURE_ARGS+=	--with-rc4=${BUILDLINK_DIR}
+ .if defined(SASL_USE_SSL) && ${SASL_USE_SSL} == "YES"
+ # (SSL is required only for OTP, SRP and NTLM)
  CONFIGURE_ARGS+=	--with-openssl=${BUILDLINK_DIR}
+ CONFIGURE_ARGS+=	--enable-otp		# OTP
+ .else
+ CONFIGURE_ARGS+=	--disable-otp		# OTP
+ .endif
  
  # Authentication mechanisms
  CONFIGURE_ARGS+=	--enable-anon		# ANONYMOUS
***************
*** 51,57 ****
  CONFIGURE_ARGS+=	--disable-sia		# --- no SIA
  CONFIGURE_ARGS+=	--disable-srp		# --- no SRP
  CONFIGURE_ARGS+=	--disable-krb4		# --- no KERBEROS_V4
- CONFIGURE_ARGS+=	--enable-otp		# OTP
  
  .if defined(SASL_USE_GSSAPI) && ${SASL_USE_GSSAPI} == "YES"
  CONFIGURE_ARGS+=	--enable-gssapi=/usr	# GSSAPI
--- 58,63 ----
***************
*** 83,93 ****
  	cd ${WRKSRC} && ${AUTOMAKE} --gnu -i
  	cd ${WRKSRC} && ${AUTOCONF}
  
  post-install:
  	${INSTALL_DATA_DIR} ${HTMLDIR}
  	cd ${WRKSRC}/doc; ${INSTALL_DATA} *.html *.txt ${HTMLDIR}
  
! .include "../../security/openssl/buildlink2.mk"
  .include "../../mk/automake.mk"
  .include "../../mk/bsd.pkg.install.mk"
  .include "../../mk/bsd.pkg.mk"
--- 89,105 ----
  	cd ${WRKSRC} && ${AUTOMAKE} --gnu -i
  	cd ${WRKSRC} && ${AUTOCONF}
  
+ post-build:
+ 	cd ${WRKSRC}/saslauthd; ${MAKE_PROGRAM} testsaslauthd
+ 
  post-install:
+ 	${INSTALL_PROGRAM} -m 0700 ${WRKSRC}/saslauthd/testsaslauthd ${PREFIX}/sbin/
  	${INSTALL_DATA_DIR} ${HTMLDIR}
  	cd ${WRKSRC}/doc; ${INSTALL_DATA} *.html *.txt ${HTMLDIR}
  
! .if defined(SASL_USE_SSL) && ${SASL_USE_SSL} == "YES"
! . include "../../security/openssl/buildlink2.mk"
! .endif
  .include "../../mk/automake.mk"
  .include "../../mk/bsd.pkg.install.mk"
  .include "../../mk/bsd.pkg.mk"
>Release-Note:
>Audit-Trail:
>Unformatted: