Hi! An update/cleanup for security/dante.
I've also added the required user and rc script for the daemon part (sockd), and sampled the config files socks.conf and sockd.conf. patches/patch-sockd_auth_password_c is not needed anymore. Authentication works just fine without patching (tested on my laptop). Comments? OKs? cheers, david Index: Makefile =================================================================== RCS file: /cvs/ports/security/dante/Makefile,v retrieving revision 1.40 diff -u -p -u -p -r1.40 Makefile --- Makefile 31 Oct 2013 21:12:12 -0000 1.40 +++ Makefile 15 Nov 2013 15:13:15 -0000 @@ -2,12 +2,11 @@ COMMENT= SOCKS client and server -DISTNAME= dante-1.1.19 -REVISION= 1 +DISTNAME= dante-1.3.2 CATEGORIES= security -SHARED_LIBS= dsocks 1.1 \ - socks 1.1 +SHARED_LIBS= dsocks 1.2 \ + socks 1.2 MODGNU_SHARED_LIBS=dsocks '-all-dynamic' \ socks '' @@ -17,6 +16,7 @@ HOMEPAGE= http://www.inet.no/dante/ MAINTAINER= Jakob Schlyter <ja...@openbsd.org> +# BSD/CMU PERMIT_PACKAGE_CDROM= Yes WANTLIB += c wrap @@ -24,15 +24,21 @@ WANTLIB += c wrap CONFIGURE_STYLE= gnu CONFIGURE_ARGS+= ${CONFIGURE_SHARED} CONFIGURE_ARGS+= --enable-static +CONFIGURE_ARGS+= --without-ldap \ + --without-pam \ + --without-sasl \ + --without-upnp MODGNU_CONFIG_GUESS_DIRS+= ${WRKSRC} +pre-configure: + ${SUBST_CMD} ${WRKSRC}/bin/socksify.in + post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/dante ${INSTALL_DATA} ${WRKSRC}/doc/README.* ${PREFIX}/share/doc/dante ${INSTALL_DATA} ${WRKSRC}/doc/SOCKS4.* ${PREFIX}/share/doc/dante ${INSTALL_DATA} ${WRKSRC}/doc/rfc* ${PREFIX}/share/doc/dante - ${INSTALL_DATA} ${WRKSRC}/doc/faq.ps ${PREFIX}/share/doc/dante ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/dante ${INSTALL_DATA} ${WRKSRC}/example/*.conf ${PREFIX}/share/examples/dante Index: distinfo =================================================================== RCS file: /cvs/ports/security/dante/distinfo,v retrieving revision 1.11 diff -u -p -u -p -r1.11 distinfo --- distinfo 31 Oct 2013 21:12:12 -0000 1.11 +++ distinfo 15 Nov 2013 15:13:15 -0000 @@ -1,2 +1,2 @@ -SHA256 (dante-1.1.19.tar.gz) = tJ8JNigqFMQaA81wFY0aEeavNWShjUszN/KR+22uCTY= -SIZE (dante-1.1.19.tar.gz) = 895713 +SHA256 (dante-1.3.2.tar.gz) = a3NvMuxYuJnCTPFL4CSRoGMad444UxQ3DV3qS69ILvs= +SIZE (dante-1.3.2.tar.gz) = 949049 Index: patches/patch-bin_socksify_in =================================================================== RCS file: /cvs/ports/security/dante/patches/patch-bin_socksify_in,v retrieving revision 1.1 diff -u -p -u -p -r1.1 patch-bin_socksify_in --- patches/patch-bin_socksify_in 21 May 2005 06:51:55 -0000 1.1 +++ patches/patch-bin_socksify_in 15 Nov 2013 15:13:15 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-bin_socksify_in,v 1.1 2005/05/21 06:51:55 jakob Exp $ ---- bin/socksify.in.orig Mon Jan 24 02:24:18 2005 -+++ bin/socksify.in Fri May 20 19:26:06 2005 -@@ -52,7 +52,7 @@ SOCKSIFY_PRELOAD_LIBS="@SOCKSIFY_PRELOAD - LIBDIR="@LIBRARY_PREFIX@" +--- bin/socksify.in.orig Thu Nov 14 12:14:14 2013 ++++ bin/socksify.in Thu Nov 14 12:15:53 2013 +@@ -66,7 +66,7 @@ else + fi - #XXX shared library name should be generated too (possibly including version) --LIBRARY="${SOCKS_LIBRARY-${LIBDIR}/libdsocks.@SOLIB_POSTFIX@}" -+LIBRARY="${SOCKS_LIBRARY-${LIBDIR}/libdsocks.@SOLIB_POSTFIX@.1.0}" + #dlib/Makefile.am libtool flags should produce a predictable library name +-LIBRARY="${SOCKS_LIBRARY:-${FULLPATH}libdsocks.@SOLIB_POSTFIX@}" ++LIBRARY="${SOCKS_LIBRARY:-${FULLPATH}libdsocks.@SOLIB_POSTFIX@.${LIBdsocks_VERSION}}" - PRELOAD_SEPERATOR="@PRELOAD_SEPERATOR@" - PRELOAD_POSTFIX="@PRELOAD_POSTFIX@" + if test x"$FULLPATH" != x -a ! -s "$LIBRARY" -o \ + x"$FULLPATH" = x -a ! -s "$SOCKS_LIBDIR/$LIBRARY"; then Index: patches/patch-example_sockd-basic_conf =================================================================== RCS file: patches/patch-example_sockd-basic_conf diff -N patches/patch-example_sockd-basic_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-example_sockd-basic_conf 15 Nov 2013 15:13:15 -0000 @@ -0,0 +1,14 @@ +$OpenBSD$ +--- example/sockd-basic.conf.orig Tue Aug 4 19:22:21 2009 ++++ example/sockd-basic.conf Thu Nov 14 13:58:04 2013 +@@ -4,8 +4,8 @@ + #external: fxp1 + #method: username none + #user.privileged: root +-#user.unprivileged: sockd +-#logoutput: stderr ++#user.unprivileged: _sockd ++#logoutput: syslog/user + + ## client access rules + Index: patches/patch-example_sockd_conf =================================================================== RCS file: patches/patch-example_sockd_conf diff -N patches/patch-example_sockd_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-example_sockd_conf 15 Nov 2013 15:13:15 -0000 @@ -0,0 +1,28 @@ +$OpenBSD$ +--- example/sockd.conf.orig Wed May 18 13:27:32 2011 ++++ example/sockd.conf Thu Nov 14 13:58:29 2013 +@@ -40,7 +40,7 @@ + + # the server will log both via syslog, to stdout and to /var/log/sockd.log + #logoutput: syslog stdout /var/log/sockd.log +-logoutput: stderr ++logoutput: syslog/user + + # The server will bind to the address 10.1.1.1, port 1080 and will only + # accept connections going to that address. +@@ -76,11 +76,11 @@ logoutput: stderr + # + + # when doing something that can require privilege, it will use the +-# userid "sockd". +-#user.privileged: sockd ++# userid "root". ++#user.privileged: root + +-# when running as usual, it will use the unprivileged userid of "sockd". +-#user.unprivileged: sockd ++# when running as usual, it will use the unprivileged userid of "_sockd". ++#user.unprivileged: _sockd + + # If you compiled with libwrap support, what userid should it use + # when executing your libwrap commands? "libwrap". Index: patches/patch-sockd_auth_password_c =================================================================== RCS file: patches/patch-sockd_auth_password_c diff -N patches/patch-sockd_auth_password_c --- patches/patch-sockd_auth_password_c 18 Sep 2007 22:15:11 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,44 +0,0 @@ -$OpenBSD: patch-sockd_auth_password_c,v 1.1 2007/09/18 22:15:11 jakob Exp $ ---- sockd/auth_password.c.orig Wed Jun 8 08:34:54 2005 -+++ sockd/auth_password.c Tue Sep 18 17:27:00 2007 -@@ -57,29 +57,33 @@ passwordcheck(name, clearpassword, emsg, - struct passwd *pw; - char *salt, *password; - uid_t euid; -+ int retval = -1; /* default return value */ - - socks_seteuid(&euid, sockscf.uid.privileged); - pw = socks_getpwnam(name); -- socks_reseteuid(sockscf.uid.privileged, euid); - - if (pw == NULL) { - snprintfn(emsg, emsglen, "system username/password failed"); -- return -1; -+ retval = -1; - } - -- if (clearpassword != NULL) { -+ else if (clearpassword != NULL) { - salt = pw->pw_passwd; - password = pw->pw_passwd; - - if (strcmp(crypt(clearpassword, salt), password) == 0) -- return 0; -+ retval = 0; - else { - snprintfn(emsg, emsglen, "system password userauthentication failed"); -- return -1; -+ retval = -1; - } - } - else -- return 0; -+ retval = 0; - -- return -1; -+ /* reset after checking pw because on OpenBSD pw->pw_passwd -+ resets to stars after euid is no longer 0 */ -+ socks_reseteuid(sockscf.uid.privileged, euid); -+ -+ return retval; - } Index: pkg/PFRAG.shared =================================================================== RCS file: pkg/PFRAG.shared diff -N pkg/PFRAG.shared --- pkg/PFRAG.shared 28 Jan 2006 15:59:06 -0000 1.13 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,4 +0,0 @@ -@comment $OpenBSD: PFRAG.shared,v 1.13 2006/01/28 15:59:06 sturm Exp $ -@conflict dsocks-* -@lib lib/libdsocks.so.${LIBdsocks_VERSION} -@lib lib/libsocks.so.${LIBsocks_VERSION} Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/dante/pkg/PLIST,v retrieving revision 1.14 diff -u -p -u -p -r1.14 PLIST --- pkg/PLIST 21 Jan 2006 11:14:44 -0000 1.14 +++ pkg/PLIST 15 Nov 2013 15:13:15 -0000 @@ -1,28 +1,35 @@ @comment $OpenBSD: PLIST,v 1.14 2006/01/21 11:14:44 jakob Exp $ +@conflict dsocks-* @conflict socks5-* +@newgroup _sockd:727 +@newuser _sockd:727:_sockd:daemon:sockd daemon:/nonexistent:/sbin/nologin bin/socksify include/socks.h -lib/libdsocks.a lib/libdsocks.la +@lib lib/libdsocks.so.${LIBdsocks_VERSION} lib/libsocks.a lib/libsocks.la +@lib lib/libsocks.so.${LIBsocks_VERSION} +@man man/man1/socksify.1 @man man/man5/sockd.conf.5 @man man/man5/socks.conf.5 @man man/man8/sockd.8 -sbin/sockd +@bin sbin/sockd share/doc/dante/ share/doc/dante/README.socksify share/doc/dante/README.survey share/doc/dante/README.usage share/doc/dante/SOCKS4.protocol -share/doc/dante/faq.ps share/doc/dante/rfc1928.txt share/doc/dante/rfc1929.txt +share/doc/dante/rfc1961.txt share/examples/dante/ share/examples/dante/sockd-basic.conf +@sample ${SYSCONFDIR}/sockd.conf share/examples/dante/sockd-chaining.conf share/examples/dante/sockd.conf share/examples/dante/socks-simple-withoutnameserver.conf share/examples/dante/socks-simple.conf +@sample ${SYSCONFDIR}/socks.conf share/examples/dante/socks.conf -%%SHARED%% +@rcscript ${RCDIR}/sockd Index: pkg/sockd.rc =================================================================== RCS file: pkg/sockd.rc diff -N pkg/sockd.rc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pkg/sockd.rc 15 Nov 2013 15:13:15 -0000 @@ -0,0 +1,9 @@ +#!/bin/sh +# +# $OpenBSD$ + +daemon="${TRUEPREFIX}/sbin/sockd -D" + +. /etc/rc.d/rc.subr + +rc_cmd $1