[ARGUS] [vanepp: patches for sasl out of ports on freebsd]

Michael J. Slifcak slif at bellsouth.net
Wed Aug 11 07:23:04 EDT 2004


[I wish I had my FreeBSD running, and more time to experiment!!-Slif]

Peter, does this accomplish what you want on FreeBSD, for
an unpatched set of sources ?

./configure --includedir=/usr/local/include/sasl1 --with-sasl=/usr/local



Peter Van Epp wrote:
> 	The compiling part I can help with (although this is an ugly kludge 
> that needs a configure change that I don't know how to make, which is why
> I sent it to Carter). This gets /usr/ports/security/cyrus-sasl to link in to
> argus if you use ./configure --with-sasl=/usr/local. Once thats away it prompts
> for a user id and password when you connect with ra. The documentation aludes
> to being able to use shared secrets on each end, but lacks the picture 
> documentation for the utterly clueless on how to set it up. It also has notes
> on setting Kerberos as the authentication method.
> 
> "<dt><i>sasldb</i><dd> This stores passwords in the SASL secrets
>   database, the same database that stores the secrets for shared
>   secret methods.  Its principal advantages are that passwords used by
>   the shared secrets mechanisms will be in sync with the plaintext
>   password mechanisms and that this is the only plaintext
>   authentication method that supports multiple realms on a single
>   server.  However, system built-in routines will not use sasldb.
> "
> 	This should mean that I can set a shared secret on each machine 
> (assuming of course that argus supports that, but I expect it does, its needed
> for unattended restart) that authenticates without user interaction if I can
> just figure out how (I suspect something in a .conf file is the secret).
> 
> 	I'm finally getting around to trying to get the data storage off the
> sensor machine so somewhere remote, but I need a secure tunnel between the 
> two machines and sasl looks like it as the standard method.
> 	Unlike what it says below the same patches work fine (except for the 
> two that are server only) on the clients.
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> 
> ----- Forwarded message from Peter Van Epp <vanepp> -----
> 
> Date: Tue, 10 Aug 2004 14:56:09 -0700
> From: Peter Van Epp <vanepp>
> To: Carter Bullard <carter at qosient.com>
> Subject: patches for sasl out of ports on freebsd
> In-Reply-To: <200408092024.i79KOAu3008034 at lists2.andrew.cmu.edu>
> User-Agent: Mutt/1.4.2.1i
> 
> 	Here are the patches against argus-2.0.6.fixes.1 to get the FreeBSD
> ports version of sasl to compile (I haven't done clients yet to see if it 
> actually works rather than just compiles :-)). I expect we may want to do 
> some configure magic and set a flag such as __FreeBSD_ports__ that trips the 
> conditionals in the patches below (instead of __FreeBSD__ if it finds 
> sasl.h in /usr/local/include/sasl1 rather than /usr/include somewhere since
> this is likely to be specific to the ports install of sasl (its not clear
> why they install it in this odd manner).
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> *** configure.orig	Mon May 10 05:53:56 2004
> --- configure	Tue Aug 10 13:17:30 2004
> ***************
> *** 4164,4169 ****
> --- 4164,4170 ----
>         if test -d ${with_sasl}; then
>             ac_cv_sasl_where_lib=${with_sasl}/lib
>             ac_cv_sasl_where_inc=${with_sasl}/include
> +           ac_cv_sasl_where_inc=${with_sasl}/include/sasl1
>   
>             SASLFLAGS="-I$ac_cv_sasl_where_inc"
>             LIB_SASL="-L$ac_cv_sasl_where_lib"
> 
> 
> *** server/ArgusAuth.c.orig	Tue Aug 10 13:11:01 2004
> --- server/ArgusAuth.c	Tue Aug 10 13:12:39 2004
> ***************
> *** 267,273 ****
> --- 267,277 ----
>   #include <stdarg.h>
>   #include <sysexits.h>
>   
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
>   #include <sasl.h>
> + #endif
>   
>   /* send/recv library for IMAP4 style literals. */
>  
>  
> *** server/ArgusOutput.h.orig	Tue Aug 10 13:06:58 2004
> --- server/ArgusOutput.h	Tue Aug 10 13:10:02 2004
> ***************
> *** 83,89 ****
> --- 83,93 ----
>   #include <argus_filter.h>
>   
>   #ifdef ARGUS_SASL
> + #if defined(__FreeBSD__)
> + #include "/usr/local/include/sasl1/sasl.h"
> + #else
>   #include <sasl.h>
> + #endif
>   #endif
>   
>   struct ArgusClientData {
> 
> 
> *** common/argus_auth.c.orig	Tue Aug 10 13:37:07 2004
> --- common/argus_auth.c	Tue Aug 10 13:37:32 2004
> ***************
> *** 79,85 ****
> --- 79,89 ----
>   
>   #include <ctype.h>
>   #include <assert.h>
> + #if defined(__FreeBSD__) 
> + #include "/usr/local/include/sasl1/sasl.h"     
> + #else
>   #include <sasl.h>
> + #endif
>   
>   #endif /* ARGUS_SASL */
>   
> 
> *** include/argus_util.h.orig	Tue Aug 10 13:29:44 2004
> --- include/argus_util.h	Tue Aug 10 13:36:11 2004
> ***************
> *** 112,118 ****
> --- 112,122 ----
>   
>   
>   #ifdef ARGUS_SASL
> + #if defined(__FreeBSD__) 
> + #include "/usr/local/include/sasl1/sasl.h"     
> + #else
>   #include <sasl.h>
> + #endif
>   #endif
>   
>   #define ARGUS_DATA_SOURCE		0x01
> 
> 
> *** include/saslint.h.orig	Tue Aug 10 13:26:41 2004
> --- include/saslint.h	Tue Aug 10 13:28:18 2004
> ***************
> *** 44,50 ****
> --- 44,54 ----
>   #ifndef SASLINT_H
>   #define SASLINT_H
>   
> + #if defined(__FreeBSD__) 
> + #include "/usr/local/include/sasl1/sasl.h"     
> + #else
>   #include <sasl.h>
> + #endif
>   
>   typedef struct {
>     const sasl_callback_t *callbacks;
> 
> ----- End forwarded message -----
> 




More information about the argus mailing list