[ARGUS] [vanepp: patches for sasl out of ports on freebsd]

Peter Van Epp vanepp at sfu.ca
Wed Aug 11 11:31:06 EDT 2004 

	That will probably work fine, but what I think should happen (probably
a 2.0.7ism since this is an enhancement) is that if sasl.h isn't in 
/usr/include and this is FreeBSD (have to look at the OpenBSD ports setup) then
check /usr/local/include/sasl1 and /usr/local/include/sasl2 and if configure 
finds one of those, set a flag which will conditionally compile in the 
appropriate funny paths that ports uses (as an aside, I expect the funny
paths are so that the ports collection can depend on which sasl version it 
is getting if it wants to use sasl, so this is probably more reasonable than
it at first seemed :-)). That way it will just magically work (as configure
should :-)) whether the user installs a copy of sasl themselves or loads either
of the ports versions. That (and not knowing I could override the include
path in configure :-)) is why I did the patches.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Wed, Aug 11, 2004 at 07:23:04AM -0400, Michael J. Slifcak wrote:
> [I wish I had my FreeBSD running, and more time to experiment!!-Slif]
> 
> Peter, does this accomplish what you want on FreeBSD, for
> an unpatched set of sources ?
> 
> ./configure --includedir=/usr/local/include/sasl1 --with-sasl=/usr/local
> 
> 
> Peter Van Epp wrote:
> >	The compiling part I can help with (although this is an ugly kludge 
> >that needs a configure change that I don't know how to make, which is why
> >I sent it to Carter). This gets /usr/ports/security/cyrus-sasl to link in 
> >to
> >argus if you use ./configure --with-sasl=/usr/local. Once thats away it 
> >prompts
> >for a user id and password when you connect with ra. The documentation 
> >aludes
> >to being able to use shared secrets on each end, but lacks the picture 
> >documentation for the utterly clueless on how to set it up. It also has 
> >notes
> >on setting Kerberos as the authentication method.
> >
> >"<dt><i>sasldb</i><dd> This stores passwords in the SASL secrets
> >  database, the same database that stores the secrets for shared
> >  secret methods.  Its principal advantages are that passwords used by
> >  the shared secrets mechanisms will be in sync with the plaintext
> >  password mechanisms and that this is the only plaintext
> >  authentication method that supports multiple realms on a single
> >  server.  However, system built-in routines will not use sasldb.
> >"
> >	This should mean that I can set a shared secret on each machine 
> >(assuming of course that argus supports that, but I expect it does, its 
> >needed
> >for unattended restart) that authenticates without user interaction if I 
> >can
> >just figure out how (I suspect something in a .conf file is the secret).
> >
> >	I'm finally getting around to trying to get the data storage off the
> >sensor machine so somewhere remote, but I need a secure tunnel between the 
> >two machines and sasl looks like it as the standard method.
> >	Unlike what it says below the same patches work fine (except for the 
> >two that are server only) on the clients.
> >
> >Peter Van Epp / Operations and Technical Support 
> >Simon Fraser University, Burnaby, B.C. Canada
> >
> >
> >----- Forwarded message from Peter Van Epp <vanepp> -----
> >
> >Date: Tue, 10 Aug 2004 14:56:09 -0700
> >From: Peter Van Epp <vanepp>
> >To: Carter Bullard <carter at qosient.com>
> >Subject: patches for sasl out of ports on freebsd
> >In-Reply-To: <200408092024.i79KOAu3008034 at lists2.andrew.cmu.edu>
> >User-Agent: Mutt/1.4.2.1i
> >
> >	Here are the patches against argus-2.0.6.fixes.1 to get the FreeBSD
> >ports version of sasl to compile (I haven't done clients yet to see if it 
> >actually works rather than just compiles :-)). I expect we may want to do 
> >some configure magic and set a flag such as __FreeBSD_ports__ that trips 
> >the conditionals in the patches below (instead of __FreeBSD__ if it finds 
> >sasl.h in /usr/local/include/sasl1 rather than /usr/include somewhere since
> >this is likely to be specific to the ports install of sasl (its not clear
> >why they install it in this odd manner).
> >
> >Peter Van Epp / Operations and Technical Support 
> >Simon Fraser University, Burnaby, B.C. Canada
> >
> >*** configure.orig	Mon May 10 05:53:56 2004
> >--- configure	Tue Aug 10 13:17:30 2004
> >***************
> >*** 4164,4169 ****
> >--- 4164,4170 ----
> >        if test -d ${with_sasl}; then
> >            ac_cv_sasl_where_lib=${with_sasl}/lib
> >            ac_cv_sasl_where_inc=${with_sasl}/include
> >+           ac_cv_sasl_where_inc=${with_sasl}/include/sasl1
> >  
> >            SASLFLAGS="-I$ac_cv_sasl_where_inc"
> >            LIB_SASL="-L$ac_cv_sasl_where_lib"
> >
> >
> >*** server/ArgusAuth.c.orig	Tue Aug 10 13:11:01 2004
> >--- server/ArgusAuth.c	Tue Aug 10 13:12:39 2004
> >***************
> >*** 267,273 ****
> >--- 267,277 ----
> >  #include <stdarg.h>
> >  #include <sysexits.h>
> >  
> >+ #if defined(__FreeBSD__)
> >+ #include "/usr/local/include/sasl1/sasl.h"
> >+ #else
> >  #include <sasl.h>
> >+ #endif
> >  
> >  /* send/recv library for IMAP4 style literals. */
> > 
> > 
> >*** server/ArgusOutput.h.orig	Tue Aug 10 13:06:58 2004
> >--- server/ArgusOutput.h	Tue Aug 10 13:10:02 2004
> >***************
> >*** 83,89 ****
> >--- 83,93 ----
> >  #include <argus_filter.h>
> >  
> >  #ifdef ARGUS_SASL
> >+ #if defined(__FreeBSD__)
> >+ #include "/usr/local/include/sasl1/sasl.h"
> >+ #else
> >  #include <sasl.h>
> >+ #endif
> >  #endif
> >  
> >  struct ArgusClientData {
> >
> >
> >*** common/argus_auth.c.orig	Tue Aug 10 13:37:07 2004
> >--- common/argus_auth.c	Tue Aug 10 13:37:32 2004
> >***************
> >*** 79,85 ****
> >--- 79,89 ----
> >  
> >  #include <ctype.h>
> >  #include <assert.h>
> >+ #if defined(__FreeBSD__) 
> >+ #include "/usr/local/include/sasl1/sasl.h"     
> >+ #else
> >  #include <sasl.h>
> >+ #endif
> >  
> >  #endif /* ARGUS_SASL */
> >  
> >
> >*** include/argus_util.h.orig	Tue Aug 10 13:29:44 2004
> >--- include/argus_util.h	Tue Aug 10 13:36:11 2004
> >***************
> >*** 112,118 ****
> >--- 112,122 ----
> >  
> >  
> >  #ifdef ARGUS_SASL
> >+ #if defined(__FreeBSD__) 
> >+ #include "/usr/local/include/sasl1/sasl.h"     
> >+ #else
> >  #include <sasl.h>
> >+ #endif
> >  #endif
> >  
> >  #define ARGUS_DATA_SOURCE		0x01
> >
> >
> >*** include/saslint.h.orig	Tue Aug 10 13:26:41 2004
> >--- include/saslint.h	Tue Aug 10 13:28:18 2004
> >***************
> >*** 44,50 ****
> >--- 44,54 ----
> >  #ifndef SASLINT_H
> >  #define SASLINT_H
> >  
> >+ #if defined(__FreeBSD__) 
> >+ #include "/usr/local/include/sasl1/sasl.h"     
> >+ #else
> >  #include <sasl.h>
> >+ #endif
> >  
> >  typedef struct {
> >    const sasl_callback_t *callbacks;
> >
> >----- End forwarded message -----
> >

More information about the argus mailing list