SecBSD's official ports repository

security/ssh-ldap-helper/Makefile

@@ -0,0 +1,61 @@
+COMMENT =	fetch ssh AuthorizedKeys from LDAP
+
+V =		8.0p1
+DISTNAME =	openssh-${V}-10
+PKGNAME =	ssh-ldap-helper-8.0
+
+CATEGORIES =	security net
+EXTRACT_SUFX=	.el8.src.rpm
+
+# BSD
+PERMIT_PACKAGE=	Yes
+
+WANTLIB +=	c crypto lber ldap util z
+
+MASTER_SITES =	https://dl.rockylinux.org/pub/rocky/8/BaseOS/source/tree/Packages/o/
+
+LDAP_PATCH =	${WRKDIR}/openssh-6.7p1-ldap.patch
+
+PATCH_LIST =	${LDAP_PATCH} patch-*
+PATCH_STRIP =	-p1
+WRKDIST =	${WRKDIR}/openssh-${V}
+
+CONFIGURE_STYLE =	autoconf
+AUTOCONF_VERSION =	2.69
+CONFIGURE_ARGS =	--with-ldap=${LOCALBASE} \
+			--without-pam
+NO_TEST =	Yes
+ALL_TARGET =	ssh-ldap-helper
+
+LIB_DEPENDS =	databases/openldap
+
+post-extract:
+	# Fix a 64-bit time_t issue in the LDAP_PATCH
+	sed -i 's/timeout to %l/&l/' ${LDAP_PATCH}
+	cd ${WRKDIR} && ${TAR} xzf openssh-${V}.tar.gz
+
+# The LDAP_SET_REBIND_PROC_ARGS macro is set to literal
+# "$ac_cv_ldap_set_rebind_proc" instead of "3" because of the improper
+# use of AC_DEFINE instead of AC_DEFINE_UNQUOTED. This fails on arm,
+# where '$' is reserved. Fixing this would lead the preprocessor tests
+# to succeed, and the code to call ldap_set_rebind_proc() with bogus
+# parameters, so let's just define the macro to 0.
+# XXX should really be a patch
+post-patch:
+	sed -i 's/AC_DEFINE(LDAP_SET_REBIND_PROC_ARGS, $$ac_cv_ldap_set_rebind_proc/AC_DEFINE(LDAP_SET_REBIND_PROC_ARGS, 0/' \
+	    ${WRKSRC}/configure.ac
+
+post-configure:
+	${SUBST_CMD} ${WRKSRC}/ssh-ldap-{helper.8,wrapper}
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/ssh-ldap-helper ${PREFIX}/libexec/
+	$(INSTALL_SCRIPT) ${WRKSRC}/ssh-ldap-wrapper ${PREFIX}/libexec/
+	${INSTALL_MAN} ${WRKSRC}/ssh-ldap-helper.8 ${PREFIX}/man/man8/
+	${INSTALL_MAN} ${WRKSRC}/ssh-ldap.conf.5 ${PREFIX}/man/man5/
+	${INSTALL_DATA_DIR} ${PREFIX}/share/{doc,examples}/ssh-ldap-helper/
+	${INSTALL_DATA} ${WRKSRC}/ldap.conf ${PREFIX}/share/examples/ssh-ldap-helper/
+	${INSTALL_DATA} ${WRKSRC}/HOWTO.ldap-keys ${PREFIX}/share/doc/ssh-ldap-helper/
+	${INSTALL_DATA} ${WRKSRC}/openssh-lpk-openldap.schema ${PREFIX}/share/doc/ssh-ldap-helper/
+
+.include <bsd.port.mk>

security/ssh-ldap-helper/distinfo

@@ -0,0 +1,2 @@
+SHA256 (openssh-8.0p1-10.el8.src.rpm) = yT3B6BwP1vrXWNm2WRjwbT6KNG9hWHlGYzgkqjRuiYw=
+SIZE (openssh-8.0p1-10.el8.src.rpm) = 2998520

security/ssh-ldap-helper/patches/patch-log_h

@@ -0,0 +1,13 @@
+Index: log.h
+--- log.h.orig
++++ log.h
+@@ -15,6 +15,9 @@
+ #ifndef SSH_LOG_H
+ #define SSH_LOG_H
+ 
++#include <stdarg.h>
++#include <stdio.h>
++
+ /* Supported syslog facilities and levels. */
+ typedef enum {
+ 	SYSLOG_FACILITY_DAEMON,

security/ssh-ldap-helper/patches/patch-ssh-ldap-helper_8

@@ -0,0 +1,11 @@
+--- ssh-ldap-helper.8.orig	Sun Nov 11 22:51:52 2012
++++ ssh-ldap-helper.8	Sun Nov 11 22:52:17 2012
+@@ -37,7 +37,7 @@ sshd configuration file
+ by setting
+ .Cm AuthorizedKeysCommand
+ to
+-.Dq /usr/libexec/ssh-ldap-wrapper .
++.Dq ${TRUEPREFIX}/libexec/ssh-ldap-wrapper .
+ .Pp
+ .Nm
+ is not intended to be invoked by the user, but from

security/ssh-ldap-helper/patches/patch-ssh-ldap-wrapper

@@ -0,0 +1,8 @@
+--- ssh-ldap-wrapper.orig	Sun Nov 11 22:52:54 2012
++++ ssh-ldap-wrapper	Sun Nov 11 22:53:13 2012
+@@ -1,4 +1,4 @@
+ #!/bin/sh
+ 
+-exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
++exec ${TRUEPREFIX}/libexec/ssh-ldap-helper -s "$1"
+ 

security/ssh-ldap-helper/pkg/DESCR

@@ -0,0 +1,3 @@
+ssh-ldap-helper is a small helper for sshd's AuthorizedKeysCommand
+config keyword, allowing to fetch the AuthorizedKeys from an LDAP
+directory with a given schema.

security/ssh-ldap-helper/pkg/PLIST

@@ -0,0 +1,10 @@
+@bin libexec/ssh-ldap-helper
+libexec/ssh-ldap-wrapper
+@man man/man5/ssh-ldap.conf.5
+@man man/man8/ssh-ldap-helper.8
+share/doc/ssh-ldap-helper/
+share/doc/ssh-ldap-helper/HOWTO.ldap-keys
+share/doc/ssh-ldap-helper/openssh-lpk-openldap.schema
+share/examples/ssh-ldap-helper/
+share/examples/ssh-ldap-helper/ldap.conf
+@sample ${SYSCONFDIR}/ssh/ldap.conf