update conserver to 8.2.0, and make some port changes ...

- Switch to using unix domain sockets instead of network sockets for
comms between "console" client and "conserver" server. This is a compile-
time toggle and disables network sockets. Uses SO_PEERCRED for access
control so it's possible to do per-user acls in conserver without
the need to re-enter user passwords.

- Add a flavour to use network sockets for those that need it (i.e.
running the client on a different machine to the server).

- Tweaks to pkg-readme explaining the above.

comms/conserver/Makefile

@@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.49 2014/10/07 15:21:42 sthen Exp $
+# $OpenBSD: Makefile,v 1.50 2014/10/07 22:14:17 sthen Exp $
 
 COMMENT=	manage remote serial consoles via TCP/IP
 
-DISTNAME=	conserver-8.1.20
-REVISION=	2
+DISTNAME=	conserver-8.2.0
 CATEGORIES=	comms
 
 MAINTAINER=	Stuart Henderson <sthen@openbsd.org>
@@ -13,22 +12,33 @@ HOMEPAGE=	http://www.conserver.com/
 # BSD
 PERMIT_PACKAGE_CDROM=	Yes
 
-WANTLIB=		c ssl crypto util
+WANTLIB += c util
+
+FLAVORS=	net
+FLAVOR?=
 
 MASTER_SITES=	${HOMEPAGE} \
 		ftp://ftp.conserver.com/conserver/
 
 AUTOCONF_VERSION= 2.68
 CONFIGURE_STYLE= autoconf
-CONFIGURE_ARGS=	--with-openssl \
-		--with-pidfile=${LOCALSTATEDIR}/run/conserver/conserver.pid \
-		--with-master=localhost \
+CONFIGURE_ARGS=	--with-master=localhost \
+		--with-pidfile=${LOCALSTATEDIR}/run/conserver/conserver.pid
+
+.if ${FLAVOR:Mnet}
+# not yet using experimental IPv6 support added in 8.2.0; investigate
+# implications of ifdef'ing out ProbeInterfaces in cutil.c before enabling
+WANTLIB += crypto ssl
+CONFIGURE_ARGS+= --with-openssl \
 		--with-port=3109
+.else
+CONFIGURE_ARGS+= --with-uds=${LOCALSTATEDIR}/run/conserver \
+		--with-trust-uds-cred
+.endif
 
 post-install:
-	${INSTALL_DATA} ${FILESDIR}/console.cf \
-	    ${WRKSRC}/conserver.cf/samples/* \
-	    ${PREFIX}/share/examples/conserver/
+	${INSTALL_DATA} ${WRKSRC}/conserver.cf/samples/* \
+	    ${FILESDIR}/console.cf ${PREFIX}/share/examples/conserver/
 
 TEST_TARGET=	test
 

comms/conserver/distinfo

@@ -1,2 +1,2 @@
-SHA256 (conserver-8.1.20.tar.gz) = YaEHJ0hGmwWktmqilxn4GsHLgdtqj6llIWAolWjeisw=
-SIZE (conserver-8.1.20.tar.gz) = 334147
+SHA256 (conserver-8.2.0.tar.gz) = oFvre2bAIo7OYnhsPP5LAEjF1Qjgcvs2McK/RgyrkE8=
+SIZE (conserver-8.2.0.tar.gz) = 334326

comms/conserver/files/console.cf

@@ -1,6 +1,5 @@
-# $OpenBSD: console.cf,v 1.1 2014/07/15 13:47:26 benno Exp $
+# $OpenBSD: console.cf,v 1.2 2014/10/07 22:14:17 sthen Exp $
 
 config * {
-	master localhost;
 	port 3109;
 }

comms/conserver/patches/patch-configure_in

@@ -0,0 +1,62 @@
+$OpenBSD: patch-configure_in,v 1.4 2014/10/07 22:14:17 sthen Exp $
+--- configure.in.orig	Fri Apr 18 05:55:38 2014
++++ configure.in	Tue Oct  7 21:24:43 2014
+@@ -413,14 +413,14 @@ AC_ARG_WITH(uds,
+ 			    AC_TRY_COMPILE([#include <sys/types.h>
+ 				    #include <sys/socket.h>],
+ 				    [
+-struct ucred u;
++struct sockpeercred u;
+ u.uid = 0;
+ #if !defined(SO_PEERCRED)
+ #error "no SO_PEERCRED defined"
+ #endif
+ 				    ],
+ 				    [AC_MSG_RESULT(yes)
+-				     AC_DEFINE(UDS_CRED_STYPE, ucred, [Defined to UDS credential structure name])
++				     AC_DEFINE(UDS_CRED_STYPE, sockpeercred, [Defined to UDS credential structure name])
+ 				     AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
+ 				     AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
+ 				     AC_DEFINE(TRUST_UDS_CRED)],
+@@ -428,18 +428,34 @@ u.uid = 0;
+ 					AC_TRY_COMPILE([#include <sys/types.h>
+ 						#include <sys/socket.h>],
+ 						[
++struct ucred u;
++u.euid = 0;
++#if !defined(SO_PEERCRED)
++#error "no SO_PEERCRED defined"
++#endif
++						],
++				    		[AC_MSG_RESULT(yes)
++				     		AC_DEFINE(UDS_CRED_STYPE, ucred, [Defined to UDS credential structure name])
++				     		AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
++				     		AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
++				     		AC_DEFINE(TRUST_UDS_CRED)],
++						[
++							AC_TRY_COMPILE([#include <sys/types.h>
++								#include <sys/socket.h>],
++								[
+ struct peercred_struct u;
+ u.euid = 0;
+ #if !defined(SO_PEERID)
+ #error "no SO_PEERID defined"
+ #endif
+-						],
+-						[AC_MSG_RESULT(yes)
+-						 AC_DEFINE(UDS_CRED_STYPE, peercred_struct, [Defined to UDS credential structure name])
+-						 AC_DEFINE(UDS_CRED_UID, euid, [Defined to UDS credential structure uid field])
+-						 AC_DEFINE(UDS_CRED_SO, SO_PEERID, [Defined to UDS credential socket option])
+-						 AC_DEFINE(TRUST_UDS_CRED)],
+-						[AC_MSG_RESULT(no)])
++								],
++								[AC_MSG_RESULT(yes)
++								 AC_DEFINE(UDS_CRED_STYPE, peercred_struct, [Defined to UDS credential structure name])
++								 AC_DEFINE(UDS_CRED_UID, euid, [Defined to UDS credential structure uid field])
++								 AC_DEFINE(UDS_CRED_SO, SO_PEERID, [Defined to UDS credential socket option])
++								 AC_DEFINE(TRUST_UDS_CRED)],
++								[AC_MSG_RESULT(no)]),
++						    ])
+ 				    ])
+ 			    ;;
+ 			*)

comms/conserver/patches/patch-conserver_consent_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-conserver_consent_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
---- conserver/consent.c.orig	Fri Apr  4 06:34:13 2014
-+++ conserver/consent.c	Tue Sep  2 20:24:00 2014
-@@ -557,7 +557,8 @@ SetupTty(pCE, fd)
+$OpenBSD: patch-conserver_consent_c,v 1.5 2014/10/07 22:14:17 sthen Exp $
+--- conserver/consent.c.orig	Sun Apr 20 08:14:49 2014
++++ conserver/consent.c	Tue Oct  7 16:49:57 2014
+@@ -521,7 +521,8 @@ SetupTty(CONSENT *pCE, int fd)
      if (0 != tcgetattr(1, &n_tio)) {
  	exit(EX_OSERR);
      }
@@ -11,7 +11,7 @@ $OpenBSD: patch-conserver_consent_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
      n_tio.c_iflag |= ICRNL;
      if (pCE->ixon == FLAGTRUE)
  	n_tio.c_iflag |= IXON;
-@@ -565,10 +566,8 @@ SetupTty(pCE, fd)
+@@ -529,10 +530,8 @@ SetupTty(CONSENT *pCE, int fd)
  	n_tio.c_iflag |= IXANY;
      if (pCE->ixoff == FLAGTRUE)
  	n_tio.c_iflag |= IXOFF;

comms/conserver/patches/patch-conserver_cutil_c

@@ -1,16 +1,16 @@
-$OpenBSD: patch-conserver_cutil_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
---- conserver/cutil.c.orig	Fri Apr  4 17:17:10 2014
-+++ conserver/cutil.c	Tue Sep  2 20:27:36 2014
-@@ -2198,7 +2198,7 @@ ProbeInterfaces(bindAddr)
+$OpenBSD: patch-conserver_cutil_c,v 1.5 2014/10/07 22:14:17 sthen Exp $
+--- conserver/cutil.c.orig	Sun Apr 20 08:17:56 2014
++++ conserver/cutil.c	Tue Oct  7 17:25:07 2014
+@@ -1845,7 +1845,7 @@ ProbeInterfaces(in_addr_t bindAddr)
  {
- #ifdef SIOCGIFCONF
+ # ifdef SIOCGIFCONF
      struct ifconf ifc;
 -    struct ifreq *ifr;
 +    struct ifreq ifr;
- #ifdef SIOCGIFFLAGS
+ #  ifdef SIOCGIFFLAGS
      struct ifreq ifrcopy;
- #endif
-@@ -2267,7 +2267,7 @@ ProbeInterfaces(bindAddr)
+ #  endif
+@@ -1914,7 +1914,7 @@ ProbeInterfaces(in_addr_t bindAddr)
       * than loop through looking for valid interfaces that are up
       * twice, huh?
       */
@@ -19,7 +19,7 @@ $OpenBSD: patch-conserver_cutil_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
      CONDDEBUG((1, "ProbeInterfaces(): ifc_len==%d max_count==%d",
  	       ifc.ifc_len, count));
  
-@@ -2286,17 +2286,18 @@ ProbeInterfaces(bindAddr)
+@@ -1933,17 +1933,17 @@ ProbeInterfaces(in_addr_t bindAddr)
  
      for (m = r = 0; r < ifc.ifc_len;) {
  	struct sockaddr *sa;
@@ -27,42 +27,41 @@ $OpenBSD: patch-conserver_cutil_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
 -	sa = (struct sockaddr *)&ifr->ifr_addr;
 +	memcpy(&ifr, &ifc.ifc_buf[r], sizeof(ifr));
 +	sa = (struct sockaddr *)&ifr.ifr_addr;
-+
  	/* don't use less than a ifreq sized chunk */
 -	if ((ifc.ifc_len - r) < sizeof(*ifr))
 +	if ((ifc.ifc_len - r) < sizeof(ifr))
  	    break;
- #ifdef HAVE_SA_LEN
+ #  ifdef HAVE_SA_LEN
 -	if (sa->sa_len > sizeof(ifr->ifr_ifru))
 -	    r += sizeof(ifr->ifr_name) + sa->sa_len;
 +	if (sa->sa_len > sizeof(ifr.ifr_ifru))
 +	    r += sizeof(ifr.ifr_name) + sa->sa_len;
  	else
- #endif
+ #  endif
 -	    r += sizeof(*ifr);
 +	    r += sizeof(ifr);
  
  	if (sa->sa_family == AF_INET) {
  	    struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-@@ -2317,14 +2318,14 @@ ProbeInterfaces(bindAddr)
+@@ -1964,14 +1964,14 @@ ProbeInterfaces(in_addr_t bindAddr)
  
- #ifdef SIOCGIFFLAGS
+ #  ifdef SIOCGIFFLAGS
  	    /* make sure the interface is up */
 -	    ifrcopy = *ifr;
 +	    memcpy(&ifrcopy, &ifr, sizeof(ifrcopy));
  	    if ((ioctl(sock, SIOCGIFFLAGS, &ifrcopy) == 0) &&
  		((ifrcopy.ifr_flags & IFF_UP) == 0))
  		continue;
- #endif
+ #  endif
  
  	    CONDDEBUG((1, "ProbeInterfaces(): name=%s addr=%s",
 -		       ifr->ifr_name, inet_ntoa(sin->sin_addr)));
 +		       ifr.ifr_name, inet_ntoa(sin->sin_addr)));
  
- #if HAVE_MEMCPY
+ #  if HAVE_MEMCPY
  	    memcpy(&myAddrs[m], &(sin->sin_addr), sizeof(struct in_addr));
-@@ -2333,7 +2334,7 @@ ProbeInterfaces(bindAddr)
- #endif
+@@ -1980,7 +1980,7 @@ ProbeInterfaces(in_addr_t bindAddr)
+ #  endif
  
  	    Verbose("interface address %s (%s)", inet_ntoa(myAddrs[m]),
 -		    ifr->ifr_name);

comms/conserver/patches/patch-conserver_group_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-conserver_group_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
---- conserver/group.c.orig	Fri Apr  4 17:17:10 2014
-+++ conserver/group.c	Tue Sep  2 20:24:00 2014
-@@ -2911,7 +2911,7 @@ TelOpt(o)
+$OpenBSD: patch-conserver_group_c,v 1.5 2014/10/07 22:14:17 sthen Exp $
+--- conserver/group.c.orig	Sun Apr 20 08:20:56 2014
++++ conserver/group.c	Tue Oct  7 16:49:57 2014
+@@ -2553,7 +2553,7 @@ TelOpt(int o)
      if (o < sizeof(telopts) / sizeof(char *))
  	return telopts[o];
      else {

comms/conserver/patches/patch-console_console_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-console_console_c,v 1.4 2014/09/08 16:12:11 sthen Exp $
---- console/console.c.orig	Wed Apr  2 01:02:47 2014
-+++ console/console.c	Tue Sep  2 20:24:00 2014
-@@ -679,7 +679,7 @@ C2Raw()
+$OpenBSD: patch-console_console_c,v 1.5 2014/10/07 22:14:17 sthen Exp $
+--- console/console.c.orig	Sun Apr 20 08:14:49 2014
++++ console/console.c	Tue Oct  7 16:49:57 2014
+@@ -676,7 +676,7 @@ C2Raw(void)
  	Bye(EX_UNAVAILABLE);
      }
      n_tios = o_tios;

comms/conserver/pkg/DESCR

@@ -9,3 +9,9 @@ to the entire cluster.
 This is very handy for remote unattended OpenBSD servers. It can
 send serial break signals (if the driver supports it, cy(4) does not!)
 which is useful for breaking into DDB on hung machines.
+
+Flavors:
+
+net - use network sockets rather than unix domain sockets
+(as was previously the default). This is mainly useful when
+the conserver server is on a separate machine to the client.

comms/conserver/pkg/README

@@ -1,9 +1,11 @@
-$OpenBSD: README,v 1.5 2014/10/07 15:21:42 sthen Exp $
+$OpenBSD: README,v 1.6 2014/10/07 22:14:17 sthen Exp $
 
 +-----------------------------------------------------------------------
 | Running ${FULLPKGNAME} on OpenBSD
 +-----------------------------------------------------------------------
 
+Connecting to /dev/cuaXX serial ports
+=====================================
 As installed, conserver is running as user _conserver. If you want to
 use conserver to manage local serial ports, you have to add _conserver
 to group dialer in /etc/group:
@@ -13,13 +15,32 @@ to group dialer in /etc/group:
 This is not necessary if you only use it to log and control access to
 terminal servers over the network rather than on local serial ports.
 
+Port flavours
+=============
+Conserver can be built using different methods to communicate between the
+server ("conserver" process) and clients ("console") - network sockets, and
+unix domain sockets.
+
+The default in OpenBSD packages before 8.2.0 was to communicate using
+network sockets.
+
+Since 8.2.0, the OpenBSD package has switched to using unix domain sockets
+by default; this means that server and client must be on the same machine.
+The old method is still available by installing the "net" flavour of the
+package; you will need to install the "conserver-XX-net" package. If you
+have already installed the standard package, "pkg_delete conserver" and
+then "pkg_add conserver--net".
+
+Other notes
+===========
+Log files (by default, /var/log/conserver and /var/log/consoles/<name>)
+can get large, so you will probably want to arrange rotation, either with
+newsyslog(8) or some other method.
+
+Upgrading from previous OpenBSD packages
+========================================
 If you have upgraded from a previous version of the OpenBSD package which
-ran as root, you will need to change permissions/ownership on log files to
-ensure that the _conserver user can write to them, e.g.:
+ran as root (pre-OpenBSD 5.6), you will need to change permissions/ownership
+on log files to ensure that the _conserver user can write to them, e.g.:
 
   chown _conserver /var/log/conserver /var/log/consoles/*
-
-Note that you will probably also want to arrange rotation of the above
-log files (via newsyslog(8) or another method).
-
-See more information at http://www.conserver.com/