Hi!
An update/cleanup for security/dante.
I've also added the required user and rc script for the daemon part
(sockd), and sampled the config files socks.conf and sockd.conf.
patches/patch-sockd_auth_password_c is not needed anymore.
Authentication works just fine without patching (tested on my
laptop).
Comments? OKs?
cheers,
david
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/dante/Makefile,v
retrieving revision 1.40
diff -u -p -u -p -r1.40 Makefile
--- Makefile 31 Oct 2013 21:12:12 -0000 1.40
+++ Makefile 15 Nov 2013 15:13:15 -0000
@@ -2,12 +2,11 @@
COMMENT= SOCKS client and server
-DISTNAME= dante-1.1.19
-REVISION= 1
+DISTNAME= dante-1.3.2
CATEGORIES= security
-SHARED_LIBS= dsocks 1.1 \
- socks 1.1
+SHARED_LIBS= dsocks 1.2 \
+ socks 1.2
MODGNU_SHARED_LIBS=dsocks '-all-dynamic' \
socks ''
@@ -17,6 +16,7 @@ HOMEPAGE= http://www.inet.no/dante/
MAINTAINER= Jakob Schlyter <ja...@openbsd.org>
+# BSD/CMU
PERMIT_PACKAGE_CDROM= Yes
WANTLIB += c wrap
@@ -24,15 +24,21 @@ WANTLIB += c wrap
CONFIGURE_STYLE= gnu
CONFIGURE_ARGS+= ${CONFIGURE_SHARED}
CONFIGURE_ARGS+= --enable-static
+CONFIGURE_ARGS+= --without-ldap \
+ --without-pam \
+ --without-sasl \
+ --without-upnp
MODGNU_CONFIG_GUESS_DIRS+= ${WRKSRC}
+pre-configure:
+ ${SUBST_CMD} ${WRKSRC}/bin/socksify.in
+
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/dante
${INSTALL_DATA} ${WRKSRC}/doc/README.* ${PREFIX}/share/doc/dante
${INSTALL_DATA} ${WRKSRC}/doc/SOCKS4.* ${PREFIX}/share/doc/dante
${INSTALL_DATA} ${WRKSRC}/doc/rfc* ${PREFIX}/share/doc/dante
- ${INSTALL_DATA} ${WRKSRC}/doc/faq.ps ${PREFIX}/share/doc/dante
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/dante
${INSTALL_DATA} ${WRKSRC}/example/*.conf ${PREFIX}/share/examples/dante
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/dante/distinfo,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 distinfo
--- distinfo 31 Oct 2013 21:12:12 -0000 1.11
+++ distinfo 15 Nov 2013 15:13:15 -0000
@@ -1,2 +1,2 @@
-SHA256 (dante-1.1.19.tar.gz) = tJ8JNigqFMQaA81wFY0aEeavNWShjUszN/KR+22uCTY=
-SIZE (dante-1.1.19.tar.gz) = 895713
+SHA256 (dante-1.3.2.tar.gz) = a3NvMuxYuJnCTPFL4CSRoGMad444UxQ3DV3qS69ILvs=
+SIZE (dante-1.3.2.tar.gz) = 949049
Index: patches/patch-bin_socksify_in
===================================================================
RCS file: /cvs/ports/security/dante/patches/patch-bin_socksify_in,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-bin_socksify_in
--- patches/patch-bin_socksify_in 21 May 2005 06:51:55 -0000 1.1
+++ patches/patch-bin_socksify_in 15 Nov 2013 15:13:15 -0000
@@ -1,12 +1,12 @@
$OpenBSD: patch-bin_socksify_in,v 1.1 2005/05/21 06:51:55 jakob Exp $
---- bin/socksify.in.orig Mon Jan 24 02:24:18 2005
-+++ bin/socksify.in Fri May 20 19:26:06 2005
-@@ -52,7 +52,7 @@ SOCKSIFY_PRELOAD_LIBS="@SOCKSIFY_PRELOAD
- LIBDIR="@LIBRARY_PREFIX@"
+--- bin/socksify.in.orig Thu Nov 14 12:14:14 2013
++++ bin/socksify.in Thu Nov 14 12:15:53 2013
+@@ -66,7 +66,7 @@ else
+ fi
- #XXX shared library name should be generated too (possibly including version)
--LIBRARY="${SOCKS_LIBRARY-${LIBDIR}/libdsocks.@SOLIB_POSTFIX@}"
-+LIBRARY="${SOCKS_LIBRARY-${LIBDIR}/libdsocks.@SOLIB_POSTFIX@.1.0}"
+ #dlib/Makefile.am libtool flags should produce a predictable library name
+-LIBRARY="${SOCKS_LIBRARY:-${FULLPATH}libdsocks.@SOLIB_POSTFIX@}"
++LIBRARY="${SOCKS_LIBRARY:-${FULLPATH}libdsocks.@SOLIB_POSTFIX@.${LIBdsocks_VERSION}}"
- PRELOAD_SEPERATOR="@PRELOAD_SEPERATOR@"
- PRELOAD_POSTFIX="@PRELOAD_POSTFIX@"
+ if test x"$FULLPATH" != x -a ! -s "$LIBRARY" -o \
+ x"$FULLPATH" = x -a ! -s "$SOCKS_LIBDIR/$LIBRARY"; then
Index: patches/patch-example_sockd-basic_conf
===================================================================
RCS file: patches/patch-example_sockd-basic_conf
diff -N patches/patch-example_sockd-basic_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-example_sockd-basic_conf 15 Nov 2013 15:13:15 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- example/sockd-basic.conf.orig Tue Aug 4 19:22:21 2009
++++ example/sockd-basic.conf Thu Nov 14 13:58:04 2013
+@@ -4,8 +4,8 @@
+ #external: fxp1
+ #method: username none
+ #user.privileged: root
+-#user.unprivileged: sockd
+-#logoutput: stderr
++#user.unprivileged: _sockd
++#logoutput: syslog/user
+
+ ## client access rules
+
Index: patches/patch-example_sockd_conf
===================================================================
RCS file: patches/patch-example_sockd_conf
diff -N patches/patch-example_sockd_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-example_sockd_conf 15 Nov 2013 15:13:15 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+--- example/sockd.conf.orig Wed May 18 13:27:32 2011
++++ example/sockd.conf Thu Nov 14 13:58:29 2013
+@@ -40,7 +40,7 @@
+
+ # the server will log both via syslog, to stdout and to /var/log/sockd.log
+ #logoutput: syslog stdout /var/log/sockd.log
+-logoutput: stderr
++logoutput: syslog/user
+
+ # The server will bind to the address 10.1.1.1, port 1080 and will only
+ # accept connections going to that address.
+@@ -76,11 +76,11 @@ logoutput: stderr
+ #
+
+ # when doing something that can require privilege, it will use the
+-# userid "sockd".
+-#user.privileged: sockd
++# userid "root".
++#user.privileged: root
+
+-# when running as usual, it will use the unprivileged userid of "sockd".
+-#user.unprivileged: sockd
++# when running as usual, it will use the unprivileged userid of "_sockd".
++#user.unprivileged: _sockd
+
+ # If you compiled with libwrap support, what userid should it use
+ # when executing your libwrap commands? "libwrap".
Index: patches/patch-sockd_auth_password_c
===================================================================
RCS file: patches/patch-sockd_auth_password_c
diff -N patches/patch-sockd_auth_password_c
--- patches/patch-sockd_auth_password_c 18 Sep 2007 22:15:11 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,44 +0,0 @@
-$OpenBSD: patch-sockd_auth_password_c,v 1.1 2007/09/18 22:15:11 jakob Exp $
---- sockd/auth_password.c.orig Wed Jun 8 08:34:54 2005
-+++ sockd/auth_password.c Tue Sep 18 17:27:00 2007
-@@ -57,29 +57,33 @@ passwordcheck(name, clearpassword, emsg,
- struct passwd *pw;
- char *salt, *password;
- uid_t euid;
-+ int retval = -1; /* default return value */
-
- socks_seteuid(&euid, sockscf.uid.privileged);
- pw = socks_getpwnam(name);
-- socks_reseteuid(sockscf.uid.privileged, euid);
-
- if (pw == NULL) {
- snprintfn(emsg, emsglen, "system username/password failed");
-- return -1;
-+ retval = -1;
- }
-
-- if (clearpassword != NULL) {
-+ else if (clearpassword != NULL) {
- salt = pw->pw_passwd;
- password = pw->pw_passwd;
-
- if (strcmp(crypt(clearpassword, salt), password) == 0)
-- return 0;
-+ retval = 0;
- else {
- snprintfn(emsg, emsglen, "system password
userauthentication failed");
-- return -1;
-+ retval = -1;
- }
- }
- else
-- return 0;
-+ retval = 0;
-
-- return -1;
-+ /* reset after checking pw because on OpenBSD pw->pw_passwd
-+ resets to stars after euid is no longer 0 */
-+ socks_reseteuid(sockscf.uid.privileged, euid);
-+
-+ return retval;
- }
Index: pkg/PFRAG.shared
===================================================================
RCS file: pkg/PFRAG.shared
diff -N pkg/PFRAG.shared
--- pkg/PFRAG.shared 28 Jan 2006 15:59:06 -0000 1.13
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,4 +0,0 @@
-@comment $OpenBSD: PFRAG.shared,v 1.13 2006/01/28 15:59:06 sturm Exp $
-@conflict dsocks-*
-@lib lib/libdsocks.so.${LIBdsocks_VERSION}
-@lib lib/libsocks.so.${LIBsocks_VERSION}
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/dante/pkg/PLIST,v
retrieving revision 1.14
diff -u -p -u -p -r1.14 PLIST
--- pkg/PLIST 21 Jan 2006 11:14:44 -0000 1.14
+++ pkg/PLIST 15 Nov 2013 15:13:15 -0000
@@ -1,28 +1,35 @@
@comment $OpenBSD: PLIST,v 1.14 2006/01/21 11:14:44 jakob Exp $
+@conflict dsocks-*
@conflict socks5-*
+@newgroup _sockd:727
+@newuser _sockd:727:_sockd:daemon:sockd daemon:/nonexistent:/sbin/nologin
bin/socksify
include/socks.h
-lib/libdsocks.a
lib/libdsocks.la
+@lib lib/libdsocks.so.${LIBdsocks_VERSION}
lib/libsocks.a
lib/libsocks.la
+@lib lib/libsocks.so.${LIBsocks_VERSION}
+@man man/man1/socksify.1
@man man/man5/sockd.conf.5
@man man/man5/socks.conf.5
@man man/man8/sockd.8
-sbin/sockd
+@bin sbin/sockd
share/doc/dante/
share/doc/dante/README.socksify
share/doc/dante/README.survey
share/doc/dante/README.usage
share/doc/dante/SOCKS4.protocol
-share/doc/dante/faq.ps
share/doc/dante/rfc1928.txt
share/doc/dante/rfc1929.txt
+share/doc/dante/rfc1961.txt
share/examples/dante/
share/examples/dante/sockd-basic.conf
+@sample ${SYSCONFDIR}/sockd.conf
share/examples/dante/sockd-chaining.conf
share/examples/dante/sockd.conf
share/examples/dante/socks-simple-withoutnameserver.conf
share/examples/dante/socks-simple.conf
+@sample ${SYSCONFDIR}/socks.conf
share/examples/dante/socks.conf
-%%SHARED%%
+@rcscript ${RCDIR}/sockd
Index: pkg/sockd.rc
===================================================================
RCS file: pkg/sockd.rc
diff -N pkg/sockd.rc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/sockd.rc 15 Nov 2013 15:13:15 -0000
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# $OpenBSD$
+
+daemon="${TRUEPREFIX}/sbin/sockd -D"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1
