[csw-devel] SF.net SVN: gar:[7939] csw/mgar/pkg/dante/trunk
skayser at users.sourceforge.net
skayser at users.sourceforge.net
Sun Jan 10 13:59:40 CET 2010
Revision: 7939
http://gar.svn.sourceforge.net/gar/?rev=7939&view=rev
Author: skayser
Date: 2010-01-10 12:59:40 +0000 (Sun, 10 Jan 2010)
Log Message:
-----------
dante: add kerberos, tweaked init script, added sample config
Modified Paths:
--------------
csw/mgar/pkg/dante/trunk/Makefile
Added Paths:
-----------
csw/mgar/pkg/dante/trunk/files/cswdante
csw/mgar/pkg/dante/trunk/files/sockd.conf.CSW
Removed Paths:
-------------
csw/mgar/pkg/dante/trunk/files/CSWdante.cswdante
Modified: csw/mgar/pkg/dante/trunk/Makefile
===================================================================
--- csw/mgar/pkg/dante/trunk/Makefile 2010-01-10 12:01:56 UTC (rev 7938)
+++ csw/mgar/pkg/dante/trunk/Makefile 2010-01-10 12:59:40 UTC (rev 7939)
@@ -1,10 +1,6 @@
-# Known issue:
+# Known limitation:
# - The libsocks build doesn't support $SOCKS_CONF. See README.CSW
# and INSTALL with its description of `--without-glibc-secure'.
-#
-# Todo:
-# - Look into kerberos linking issues
-# - Test sockd and its init script
GARNAME = dante
GARVERSION = 1.2.0
CATEGORIES = net
@@ -21,7 +17,7 @@
the server administrator.
endef
-SPKG_SOURCEURL = http://www.inet.no/dante/
+VENDOR_URL = http://www.inet.no/dante/
MASTER_SITES = ftp://ftp.inet.no/pub/socks/
MASTER_SITES += ftp://ftp.inet.no/pub/socks/old/
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
@@ -29,21 +25,23 @@
LICENSE = LICENSE
-PACKAGES = CSWlibsocks CSWdante
+# See doc/README.usage: dante is stand-alone. libsocks can be used to
+# compile or run-time link applications against the SOCKS library
+PACKAGES = CSWdante CSWlibsocks
-SPKG_DESC_CSWlibsocks = Dante SOCKS runtime libraries (and socksify wrapper)
-SPKG_DESC_CSWdante = Dante SOCKS (v4 and v5) proxy daemon
+SPKG_DESC_CSWdante = Dante SOCKS (v4 and v5) proxy daemon
+SPKG_DESC_CSWlibsocks = Dante SOCKS library (and socksify wrapper)
-# There is no pkg compiling against dante right now, just drop the dev files
-EXTRA_MERGE_EXCLUDE_FILES = $(includedir)/.*
-
+PKGFILES_CSWdante = .*sockd.* /etc/opt/csw/init.d/cswdante
+PKGFILES_CSWdante += $(docdir)/dante/.*
PKGFILES_CSWlibsocks = $(PKGFILES_RT) .*socks.*
PKGFILES_CSWlibsocks += $(docdir)/libsocks/.*
-PKGFILES_CSWdante = .*sockd.* /etc/opt/csw/init.d/cswdante
-PKGFILES_CSWdante += $(docdir)/dante/.*
+PKGFILES_CSWlibsocks += $(PKGFILES_DEVEL)
-REQUIRED_PKGS_CSWdante = CSWtcpwrap
+REQUIRED_PKGS_CSWdante = CSWtcpwrap CSWkrb5lib
+REQUIRED_PKGS_CSWlibsocks = CSWkrb5lib
+# dante doesn't come with a test suite
TEST_SCRIPTS =
sysconfdir = /etc/opt/csw
@@ -60,11 +58,6 @@
CONFIGURE_ARGS += --with-sockd-conf=$(sysconfdir)/sockd.conf
CONFIGURE_ARGS += --with-pidfile=/var/run/cswsockd.pid
CONFIGURE_ARGS += --without-glibc-secure
-
-# Kerberos linking fails .. looks like it is missing -L/opt/csw/lib.
-# Needs investigation.
-CONFIGURE_ARGS += --without-gssapi
-
# UPNP support requires miniupnp from http://miniupnp.free.fr/
CONFIGURE_ARGS += --without-upnp
@@ -78,6 +71,11 @@
# Get rid of debugging flags which ./configure determines per default
perl -pi -e 's#-(g|xs|xO0) ##g if /^CFLAGS =/' $(WORKSRC)/*/Makefile
endif
+ # Kerberos linking fails with the shipped libtool, so make ./configure
+ # use /opt/csw/bin/libtool (similar to what Debian does). See
+ # http://article.gmane.org/gmane.os.solaris.opencsw.maintainers/5275
+ gsed -ie 's,^LIBTOOL=.*,LIBTOOL=/opt/csw/bin/libtool,' \
+ $(WORKSRC)/configure
@$(MAKECOOKIE)
post-install-libsocks: DOCDEST = $(DESTDIR)$(docdir)/libsocks
@@ -102,8 +100,14 @@
cp $(addprefix $(FILEDIR)/,$(CSWDOCS)) $(DOCDEST)
ginstall -d $(DESTDIR)/etc/opt/csw/init.d
- ginstall -m 0755 $(FILEDIR)/CSWdante.cswdante \
+ ginstall -m 0755 $(FILEDIR)/cswdante \
$(DESTDIR)/etc/opt/csw/init.d/cswdante
+
+ ginstall -d $(DESTDIR)/etc/opt/csw
+ cp $(FILEDIR)/sockd.conf.CSW $(DESTDIR)/etc/opt/csw
+
+ # This is where sockd.log goes, ref. $(FILEDIR)/sockd.conf.CSW
+ ginstall -d $(DESTDIR)$(localstatedir)/dante
@$(MAKECOOKIE)
# Make the man pages reference our CSW locations instead of /etc/*.conf
Deleted: csw/mgar/pkg/dante/trunk/files/CSWdante.cswdante
===================================================================
--- csw/mgar/pkg/dante/trunk/files/CSWdante.cswdante 2010-01-10 12:01:56 UTC (rev 7938)
+++ csw/mgar/pkg/dante/trunk/files/CSWdante.cswdante 2010-01-10 12:59:40 UTC (rev 7939)
@@ -1,55 +0,0 @@
-#!/sbin/sh
-# Simple init script for dante.
-#
-#AUTOENABLE no
-
-PATH=/usr/bin:/opt/csw/bin:/usr/sbin
-
-PIDFILE=/var/run/cswsockd.pid
-CONFIG=/etc/opt/csw/etc/sockd.conf
-
-case $1 in
- 'start')
- printf "Starting SOCKS proxy: cswdante ... "
- if [ ! -f "$CONFIG" ]; then
- echo "no configuration, not starting"
- exit 96
- fi
- /opt/csw/sbin/sockd -D -f $CONFIG; RC=$?
- if [ $RC -ne 0 ]; then
- echo "failed"
- exit $RC
- else
- echo "ok"
- fi
- ;;
- 'stop')
- printf "Stopping SOCKS proxy: cswdante ... "
- if [ -f "$PIDFILE" ]; then
- /usr/bin/kill `/usr/bin/cat $PIDFILE`
- echo "ok"
- else
- echo " no pid file, not running?"
- fi
- ;;
- 'restart')
- $0 stop
- $0 start
- ;;
- 'reload')
- # Make the parent process reload the config file, but leave
- # child processes untouched.
- printf "Reloading SOCKS proxy: cswdante ... "
- if [ -f "$PIDFILE" ]; then
- /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
- else
- echo " no pid file, not running?"
- fi
- ;;
- *)
- echo "Usage: $0 { start | stop | restart | reload }"
- exit 1
- ;;
-esac
-
-exit 0
Copied: csw/mgar/pkg/dante/trunk/files/cswdante (from rev 7929, csw/mgar/pkg/dante/trunk/files/CSWdante.cswdante)
===================================================================
--- csw/mgar/pkg/dante/trunk/files/cswdante (rev 0)
+++ csw/mgar/pkg/dante/trunk/files/cswdante 2010-01-10 12:59:40 UTC (rev 7939)
@@ -0,0 +1,64 @@
+#!/sbin/sh
+# Simple init script for dante.
+#
+#AUTOENABLE no
+
+DAEMON=/opt/csw/sbin/sockd
+CONFIG=/etc/opt/csw/sockd.conf
+OUTPUT=/var/opt/csw/dante/sockd.log
+# PIDFILE is not deleted upon stop by sockd, but simply emptied
+PIDFILE=/var/run/cswsockd.pid
+
+case $1 in
+ 'start')
+ printf "Starting SOCKS proxy: cswdante ... "
+ if [ ! -f "$CONFIG" ]; then
+ echo "no configuration, not starting"
+ # exit code 96 translates to SMF_EXIT_ERR_CONFIG on Solaris 10
+ exit 96
+ fi
+ $DAEMON -D -f $CONFIG; RC=$?
+ if [ $RC -ne 0 ]; then
+ echo "failed (see $OUTPUT)"
+ exit $RC
+ else
+ echo "OK"
+ fi
+ ;;
+ 'stop')
+ printf "Stopping SOCKS proxy: cswdante ... "
+ if [ -s "$PIDFILE" ]; then
+ /usr/bin/kill `/usr/bin/cat $PIDFILE`
+ echo "OK"
+ else
+ echo " no PID found, not running?"
+ fi
+ ;;
+ 'restart')
+ if $DAEMON -V -f $CONFIG; then
+ $0 stop
+ $0 start
+ else
+ RC=$?
+ echo "Not restarting cswdante. Configuration verification failed."
+ echo "(see $OUTPUT)"
+ exit $RC
+ fi
+ ;;
+ 'reload')
+ # Make the parent process reload the config file, but leave
+ # child processes untouched.
+ printf "Reloading SOCKS proxy: cswdante ... "
+ if [ -s "$PIDFILE" ]; then
+ /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
+ else
+ echo " no PID found, not running?"
+ fi
+ ;;
+ *)
+ echo "Usage: $0 { start | stop | restart | reload }"
+ exit 1
+ ;;
+esac
+
+exit 0
Added: csw/mgar/pkg/dante/trunk/files/sockd.conf.CSW
===================================================================
--- csw/mgar/pkg/dante/trunk/files/sockd.conf.CSW (rev 0)
+++ csw/mgar/pkg/dante/trunk/files/sockd.conf.CSW 2010-01-10 12:59:40 UTC (rev 7939)
@@ -0,0 +1,78 @@
+##
+## This configuration serves as a very basic example. It makes sockd listen
+## on localhost and accepts PAM authenticated connection requestes to any
+## target. All requested connections are logged to /var/opt/csw/dante/sockd.log.
+##
+## Please see sockd.conf(5) and /opt/csw/share/doc/dante/examples for
+## guidance on how to configure sockd to your requirements.
+##
+
+## Part #1: general server setttings
+
+# Write sockd output to a logfile
+logoutput: /var/opt/csw/dante/sockd.log
+
+# sockd listens on localhost and uses interface pcn0:1 for outgoing connections.
+# You will very likely need to adjust the external interface name.
+internal: localhost port = 1080
+external: pcn0:1
+
+# Globally enable authentication modules
+method: pam
+# PAM service name defaults to "sockd". If no PAM configuration for this service
+# name can be found, the PAM libs will default to "other".
+#pam.servicename: sockd
+
+user.privileged: root
+user.unprivileged: nobody
+user.libwrap: nobody
+
+
+## Part #2: client access rules
+## There are two sets of access rules and they work at different levels. Rules
+## prefixed with client are checked first and are used to see if the client
+## is allowed to connect to the Dante server.
+
+# Allow connections from localhost to our sockd listening on localhost.
+client pass {
+ from: localhost to: localhost
+}
+
+# To allow LAN connections for an example network of 192.168.0.0
+# you would need to un-comment the following and add another interface
+# for sockd to listen to via the "internal" directive at the top.
+# client pass { from: 192.168.0.0/24 to: 0.0.0.0/0 }
+
+
+## Part #3: SOCKS request rules
+## The other rules, are a level higher and are checked after the client
+## connection has been accepted by the client-rules. The socks-rules are
+## used to evaluate the socks request that the client sends.
+##
+## The format and content of the rules is identical, but
+## client-rules may contain only a subset of the socks-rules. More
+## concrete, they may not contain any keywords related to the socks
+## protocol.
+
+# Block connections to localhost, or they will appear to come from the proxy.
+block {
+ from: 0.0.0.0/0 to: localhost
+ log: connect
+}
+
+# Block bind to ports lower than 1023
+block {
+ from: 0.0.0.0/0 to: 0.0.0.0/0 port le 1023
+ command: bind
+ log: connect
+}
+
+# Allow all other SOCKS requestes, but require them to be authenticated.
+# Authentication is a SOCKS5 feature only, thus requires SOCKS5 clients.
+pass {
+ from: 0.0.0.0/0 to: 0.0.0.0/0
+ log: connect
+ method: pam
+}
+
+# Fallthrough would be an implicit block
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list