[ARGUS] [vanepp: patches for sasl out of ports on freebsd]

Peter Van Epp vanepp at sfu.ca
Wed Aug 11 00:07:00 EDT 2004 

	The compiling part I can help with (although this is an ugly kludge 
that needs a configure change that I don't know how to make, which is why
I sent it to Carter). This gets /usr/ports/security/cyrus-sasl to link in to
argus if you use ./configure --with-sasl=/usr/local. Once thats away it prompts
for a user id and password when you connect with ra. The documentation aludes
to being able to use shared secrets on each end, but lacks the picture 
documentation for the utterly clueless on how to set it up. It also has notes
on setting Kerberos as the authentication method.

"<dt><i>sasldb</i><dd> This stores passwords in the SASL secrets
  database, the same database that stores the secrets for shared
  secret methods.  Its principal advantages are that passwords used by
  the shared secrets mechanisms will be in sync with the plaintext
  password mechanisms and that this is the only plaintext
  authentication method that supports multiple realms on a single
  server.  However, system built-in routines will not use sasldb.
"
	This should mean that I can set a shared secret on each machine 
(assuming of course that argus supports that, but I expect it does, its needed
for unattended restart) that authenticates without user interaction if I can
just figure out how (I suspect something in a .conf file is the secret).

	I'm finally getting around to trying to get the data storage off the
sensor machine so somewhere remote, but I need a secure tunnel between the 
two machines and sasl looks like it as the standard method.
	Unlike what it says below the same patches work fine (except for the 
two that are server only) on the clients.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


----- Forwarded message from Peter Van Epp <vanepp> -----

Date: Tue, 10 Aug 2004 14:56:09 -0700
From: Peter Van Epp <vanepp>
To: Carter Bullard <carter at qosient.com>
Subject: patches for sasl out of ports on freebsd
In-Reply-To: <200408092024.i79KOAu3008034 at lists2.andrew.cmu.edu>
User-Agent: Mutt/1.4.2.1i

	Here are the patches against argus-2.0.6.fixes.1 to get the FreeBSD
ports version of sasl to compile (I haven't done clients yet to see if it 
actually works rather than just compiles :-)). I expect we may want to do 
some configure magic and set a flag such as __FreeBSD_ports__ that trips the 
conditionals in the patches below (instead of __FreeBSD__ if it finds 
sasl.h in /usr/local/include/sasl1 rather than /usr/include somewhere since
this is likely to be specific to the ports install of sasl (its not clear
why they install it in this odd manner).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

*** configure.orig	Mon May 10 05:53:56 2004
--- configure	Tue Aug 10 13:17:30 2004
***************
*** 4164,4169 ****
--- 4164,4170 ----
        if test -d ${with_sasl}; then
            ac_cv_sasl_where_lib=${with_sasl}/lib
            ac_cv_sasl_where_inc=${with_sasl}/include
+           ac_cv_sasl_where_inc=${with_sasl}/include/sasl1
  
            SASLFLAGS="-I$ac_cv_sasl_where_inc"
            LIB_SASL="-L$ac_cv_sasl_where_lib"


*** server/ArgusAuth.c.orig	Tue Aug 10 13:11:01 2004
--- server/ArgusAuth.c	Tue Aug 10 13:12:39 2004
***************
*** 267,273 ****
--- 267,277 ----
  #include <stdarg.h>
  #include <sysexits.h>
  
+ #if defined(__FreeBSD__)
+ #include "/usr/local/include/sasl1/sasl.h"
+ #else
  #include <sasl.h>
+ #endif
  
  /* send/recv library for IMAP4 style literals. */
 
 
*** server/ArgusOutput.h.orig	Tue Aug 10 13:06:58 2004
--- server/ArgusOutput.h	Tue Aug 10 13:10:02 2004
***************
*** 83,89 ****
--- 83,93 ----
  #include <argus_filter.h>
  
  #ifdef ARGUS_SASL
+ #if defined(__FreeBSD__)
+ #include "/usr/local/include/sasl1/sasl.h"
+ #else
  #include <sasl.h>
+ #endif
  #endif
  
  struct ArgusClientData {


*** common/argus_auth.c.orig	Tue Aug 10 13:37:07 2004
--- common/argus_auth.c	Tue Aug 10 13:37:32 2004
***************
*** 79,85 ****
--- 79,89 ----
  
  #include <ctype.h>
  #include <assert.h>
+ #if defined(__FreeBSD__) 
+ #include "/usr/local/include/sasl1/sasl.h"     
+ #else
  #include <sasl.h>
+ #endif
  
  #endif /* ARGUS_SASL */
  

*** include/argus_util.h.orig	Tue Aug 10 13:29:44 2004
--- include/argus_util.h	Tue Aug 10 13:36:11 2004
***************
*** 112,118 ****
--- 112,122 ----
  
  
  #ifdef ARGUS_SASL
+ #if defined(__FreeBSD__) 
+ #include "/usr/local/include/sasl1/sasl.h"     
+ #else
  #include <sasl.h>
+ #endif
  #endif
  
  #define ARGUS_DATA_SOURCE		0x01


*** include/saslint.h.orig	Tue Aug 10 13:26:41 2004
--- include/saslint.h	Tue Aug 10 13:28:18 2004
***************
*** 44,50 ****
--- 44,54 ----
  #ifndef SASLINT_H
  #define SASLINT_H
  
+ #if defined(__FreeBSD__) 
+ #include "/usr/local/include/sasl1/sasl.h"     
+ #else
  #include <sasl.h>
+ #endif
  
  typedef struct {
    const sasl_callback_t *callbacks;

----- End forwarded message -----

More information about the argus mailing list