= Add support for using cracklib with kpasswdd, the password changing

daemon. = Fix a bug in `ktutil get' which was causing a segfault. = Bump PORTREVISION.
svn path=/head/; revision=49329
2001-10-29 13:02:43 +00:00 · 2001-10-29 13:02:43 +00:00 · a1d4de67f0 · 2021-03-31 03:12:20 +00:00
commit a1d4de67f0
parent 89e54006b0
4 changed files with 64 additions and 2 deletions
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@ -7,6 +7,7 @@

 PORTNAME=		heimdal
 PORTVERSION=	0.4e
+PORTREVISION=	1
 CATEGORIES=		security ipv6
 MASTER_SITES=	ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
 				ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \
@ -16,8 +17,12 @@ MASTER_SITES=	ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
 MAINTAINER=		nectar@FreeBSD.ORG

 .if defined(WITH_LDAP)
-LIB_DEPENDS=	ldap.2:${PORTSDIR}/net/openldap2
+LIB_DEPENDS+=	ldap.2:${PORTSDIR}/net/openldap2
 .endif
+.if defined(WITH_CRACKLIB)
+BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrack.a:${PORTSDIR}/security/cracklib
+.endif
+

 RESTRICTED=		"Crypto; export-controlled"

@ -60,6 +65,24 @@ OPENSSL_IN_BASE=	YES

 PLIST:=				${WRKDIR}/PLIST

+pre-configure:
+.if !defined(WITH_CRACKLIB)
+	@${ECHO_MSG}
+	@${ECHO_MSG} You can utilize CrackLib for the kpasswdd by defining
+	@${ECHO_MSG} WITH_CRACKLIB and uncommenting the appropriate lines in
+	@${ECHO_MSG} ${PREFIX}/etc/rc.d/kdc.sh.
+	@${ECHO_MSG}
+.endif
+
+post-build:
+.if defined(WITH_CRACKLIB)
+	sed -e "s;%%LOCALBASE%%;${LOCALBASE};g" \
+	${FILESDIR}/kpasswdd-cracklib.c.in > ${WRKSRC}/kpasswdd-cracklib.c
+	(cd ${WRKSRC} && \
+	${CC} ${CFLAGS} -fPIC -shared -I${LOCALBASE}/include -I./include \
+	-L${LOCALBASE}/lib -o ./kpasswdd-cracklib.so ./kpasswdd-cracklib.c -lcrack)
+.endif
+
 pre-install:
 	@${CP} ${PKGDIR}/pkg-plist ${PLIST}
 .if exists(/usr/lib/libkrb.a) && !defined(WITHOUT_KRB4)
@ -74,6 +97,10 @@ pre-install:
 .if !exists(/usr/include/ifaddrs.h)
 	@${ECHO} include/ifaddrs.h >> ${PLIST}
 .endif
+.if defined(WITH_CRACKLIB)
+	${INSTALL_PROGRAM} ${WRKSRC}/kpasswdd-cracklib.so ${PREFIX}/lib/
+	@${ECHO} lib/kpasswdd-cracklib.so >> ${PLIST}
+.endif

 .include "Makefile.man"

--- a/security/heimdal/files/kdc.sh
+++ b/security/heimdal/files/kdc.sh
@ -10,6 +10,8 @@ IPROP_MASTER_HOST=""

 KDC="${PREFIX}/libexec/kdc"
 KPASSWDD="${PREFIX}/libexec/kpasswdd"
+# Uncomment to use CrackLib
+#KPASSWDD_FLAGS="--check-library=${PREFIX}/lib/kpasswdd-cracklib.so"
 IPROPD_MASTER="${PREFIX}/libexec/ipropd-master"
 IPROPD_SLAVE="${PREFIX}/libexec/ipropd-slave"

@ -25,7 +27,7 @@ esac
 do_start() {
    if test "${run_kdc}" -eq "1"; then
 	${KDC} ${KDC_FLAGS} &
-	test "${run_master}" -eq "1" && ${KPASSWDD} &
+	test "${run_master}" -eq "1" && ${KPASSWDD} ${KPASSWDD_FLAGS} &
 	test "${run_master}" -eq "1" && ${IPROPD_MASTER} &
 	test "${run_slave}"  -eq "1" && ${IPROPD_SLAVE} ${IPROP_MASTER_HOST} &
    fi
--- a/security/heimdal/files/kpasswdd-cracklib.c.in
+++ b/security/heimdal/files/kpasswdd-cracklib.c.in
@ -0,0 +1,21 @@
+#include <stdlib.h>
+#include <krb5.h>
+#include <packer.h>
+
+int version = 0;
+
+const char *
+passwd_check(krb5_context context, krb5_principal principal,
+    krb5_data *password)
+{
+		char *p, *result;
+
+		p = malloc(password->length + 1);
+		if (p == NULL)
+				return "out of memory";
+		memcpy(p, password->data, password->length);
+		p[password->length] = '\0';
+		result = FascistCheck(p, "%%LOCALBASE%%/libdata/cracklib/pw_dict");
+		free(p);
+		return result;
+}
--- a/security/heimdal/files/patch-admin::get.c
+++ b/security/heimdal/files/patch-admin::get.c
@ -0,0 +1,12 @@
+--- admin/get.c.orig	Sun Oct 28 18:41:42 2001
+++ admin/get.c	Sun Oct 28 18:43:13 2001
+@@ -41,8 +41,8 @@
+ 		       char *admin_server, 
+ 		       int server_port)
+ {
+    static kadm5_config_params conf;
+     krb5_error_code ret;
+-    kadm5_config_params conf;
+     void *kadm_handle;
+     memset(&conf, 0, sizeof(conf));
+