[ARGUS] [vanepp: patches for sasl out of ports on freebsd]
Michael J. Slifcak
slif at bellsouth.net
Wed Aug 11 07:23:04 EDT 2004
[I wish I had my FreeBSD running, and more time to experiment!!-Slif]
Peter, does this accomplish what you want on FreeBSD, for
an unpatched set of sources ?
./configure --includedir=/usr/local/include/sasl1 --with-sasl=/usr/local
Peter Van Epp wrote:
> The compiling part I can help with (although this is an ugly kludge
> that needs a configure change that I don't know how to make, which is why
> I sent it to Carter). This gets /usr/ports/security/cyrus-sasl to link in to
> argus if you use ./configure --with-sasl=/usr/local. Once thats away it prompts
> for a user id and password when you connect with ra. The documentation aludes
> to being able to use shared secrets on each end, but lacks the picture
> documentation for the utterly clueless on how to set it up. It also has notes
> on setting Kerberos as the authentication method.
>
> "<dt><i>sasldb</i><dd> This stores passwords in the SASL secrets
> database, the same database that stores the secrets for shared
> secret methods. Its principal advantages are that passwords used by
> the shared secrets mechanisms will be in sync with the plaintext
> password mechanisms and that this is the only plaintext
> authentication method that supports multiple realms on a single
> server. However, system built-in routines will not use sasldb.
> "
> This should mean that I can set a shared secret on each machine
> (assuming of course that argus supports that, but I expect it does, its needed
> for unattended restart) that authenticates without user interaction if I can
> just figure out how (I suspect something in a .conf file is the secret).
>
> I'm finally getting around to trying to get the data storage off the
> sensor machine so somewhere remote, but I need a secure tunnel between the
> two machines and sasl looks like it as the standard method.
> Unlike what it says below the same patches work fine (except for the
> two that are server only) on the clients.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
> ----- Forwarded message from Peter Van Epp <vanepp> -----
>
> Date: Tue, 10 Aug 2004 14:56:09 -0700
> From: Peter Van Epp <vanepp>
> To: Carter Bullard <carter at qosient.com>
> Subject: patches for sasl out of ports on freebsd
> In-Reply-To: <200408092024.i79KOAu3008034 at lists2.andrew.cmu.edu>
> User-Agent: Mutt/1.4.2.1i
>
> Here are the patches against argus-2.0.6.fixes.1 to get the FreeBSD
> ports version of sasl to compile (I haven't done clients yet to see if it
> actually works rather than just compiles :-)). I expect we may want to do
> some configure magic and set a flag such as __FreeBSD_ports__ that trips the
> conditionals in the patches below (instead of __FreeBSD__ if it finds
> sasl.h in /usr/local/include/sasl1 rather than /usr/include somewhere since
> this is likely to be specific to the ports install of sasl (its not clear
> why they install it in this odd manner).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> *** configure.orig Mon May 10 05:53:56 2004
> --- configure Tue Aug 10 13:17:30 2004
> ***************
> *** 4164,4169 ****
> --- 4164,4170 ----
> if test -d ${with_sasl}; then
> ac_cv_sasl_where_lib=${with_sasl}/lib
> ac_cv_sasl_where_inc=${with_sasl}/include
> + ac_cv_sasl_where_inc=${with_sasl}/include/sasl1
>
> SASLFLAGS="-I$ac_cv_sasl_where_inc"
> LIB_SASL="-L$ac_cv_sasl_where_lib"
>
>
> *** server/ArgusAuth.c.orig Tue Aug 10 13:11:01 2004
> --- server/ArgusAuth.c Tue Aug 10 13:12:39 2004
> ***************
> *** 267,273 ****
> --- 267,277 ----
> #include <stdarg.h>
> #include <sysexits.h>
>
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
> #include <sasl.h>
> + #endif
>
> /* send/recv library for IMAP4 style literals. */
>
>
> *** server/ArgusOutput.h.orig Tue Aug 10 13:06:58 2004
> --- server/ArgusOutput.h Tue Aug 10 13:10:02 2004
> ***************
> *** 83,89 ****
> --- 83,93 ----
> #include <argus_filter.h>
>
> #ifdef ARGUS_SASL
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
> #include <sasl.h>
> + #endif
> #endif
>
> struct ArgusClientData {
>
>
> *** common/argus_auth.c.orig Tue Aug 10 13:37:07 2004
> --- common/argus_auth.c Tue Aug 10 13:37:32 2004
> ***************
> *** 79,85 ****
> --- 79,89 ----
>
> #include <ctype.h>
> #include <assert.h>
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
> #include <sasl.h>
> + #endif
>
> #endif /* ARGUS_SASL */
>
>
> *** include/argus_util.h.orig Tue Aug 10 13:29:44 2004
> --- include/argus_util.h Tue Aug 10 13:36:11 2004
> ***************
> *** 112,118 ****
> --- 112,122 ----
>
>
> #ifdef ARGUS_SASL
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
> #include <sasl.h>
> + #endif
> #endif
>
> #define ARGUS_DATA_SOURCE 0x01
>
>
> *** include/saslint.h.orig Tue Aug 10 13:26:41 2004
> --- include/saslint.h Tue Aug 10 13:28:18 2004
> ***************
> *** 44,50 ****
> --- 44,54 ----
> #ifndef SASLINT_H
> #define SASLINT_H
>
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
> #include <sasl.h>
> + #endif
>
> typedef struct {
> const sasl_callback_t *callbacks;
>
> ----- End forwarded message -----
>
More information about the argus
mailing list