security/cyrus-sasl2{,-saslauthd}: lmdb did not work for postfix

- sasldb2-lock requires write permission for mail group
- introduce SASLDB_IN_VAR option which places sasldb into /var/db

Reported by:	Herbert J. Skuhra <herbert@gojira.at>

5 files changed, 28 insertions, 7 deletions

diff --git a/security/cyrus-sasl2-saslauthd/Makefile b/security/cyrus-sasl2-saslauthd/Makefile
index af1478e08005..0d7fd75ba4cc 100644
--- a/security/cyrus-sasl2-saslauthd/Makefile
+++ b/security/cyrus-sasl2-saslauthd/Makefile
@@ -11,7 +11,7 @@ USE_RC_SUBR=	saslauthd
 CYRUS_CONFIGURE_ARGS=	--with-saslauthd=${SASLAUTHD_RUNPATH}
 CONFIGURE_ENV+=		andrew_cv_runpath_switch=none
 
-OPTIONS_DEFINE=		DOCS HTTPFORM OPENLDAP
+OPTIONS_DEFINE=		DOCS HTTPFORM OPENLDAP SASLDB_IN_VAR
 OPTIONS_RADIO=		GSSAPI SASLDB
 OPTIONS_RADIO_SASLDB=	BDB1 BDB GDBM LMDB
 OPTIONS_DEFAULT=	BDB1
@@ -41,6 +41,8 @@ LMDB_CONFIGURE_ON=	--enable-auth-sasldb \
 			--with-dblib=lmdb
 LMDB_CFLAGS=		-I${LOCALBASE}/include
 LMDB_LDFLAGS=		-L${LOCALBASE}/lib
+# LMDB_IMPLIES=		SASLDB_IN_VAR
+SASLDB_IN_VAR_DESC=	sasldb in /var/db/sasl2
 
 .if exists(/usr/lib/libkrb5.a)
 OPTIONS_RADIO_GSSAPI+=	GSSAPI_BASE
diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile
index 10e1b1a82794..e83dc2936733 100644
--- a/security/cyrus-sasl2/Makefile
+++ b/security/cyrus-sasl2/Makefile
@@ -7,7 +7,8 @@ CYRUS_CONFIGURE_ARGS=	--with-saslauthd=${SASLAUTHD_RUNPATH}
 
 NO_OPTIONS_SORT=	yes
 OPTIONS_DEFINE=		ALWAYSTRUE AUTHDAEMOND DOCS KEEP_DB_OPEN \
-			OBSOLETE_CRAM_ATTR OBSOLETE_DIGEST_ATTR
+			OBSOLETE_CRAM_ATTR OBSOLETE_DIGEST_ATTR \
+			SASLDB_IN_VAR
 OPTIONS_RADIO=		SASLDB
 OPTIONS_RADIO_SASLDB=	BDB1 BDB GDBM LMDB
 OPTIONS_GROUP=		PLUGIN
@@ -41,6 +42,8 @@ LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 LMDB_CONFIGURE_ON=	--with-dblib=lmdb
 LMDB_CFLAGS=		-I${LOCALBASE}/include
 LMDB_LDFLAGS=		-L${LOCALBASE}/lib
+# LMDB_IMPLIES=		SASLDB_IN_VAR
+SASLDB_IN_VAR_DESC=	sasldb in /var/db/sasl2
 ANONYMOUS_DESC=			ANONYMOUS authentication
 ANONYMOUS_CONFIGURE_ENABLE=	anon
 CRAM_DESC=		CRAM-MD5 authentication
diff --git a/security/cyrus-sasl2/Makefile.common b/security/cyrus-sasl2/Makefile.common
index 2a054fc41bc0..4295be597e48 100644
--- a/security/cyrus-sasl2/Makefile.common
+++ b/security/cyrus-sasl2/Makefile.common
@@ -16,7 +16,7 @@ GNU_CONFIGURE=	yes
 CONFIGURE_ARGS+=--sysconfdir=${PREFIX}/etc \
 		--with-configdir=${PREFIX}/lib/sasl2:${PREFIX}/etc/sasl2 \
 		--with-plugindir=${PREFIX}/lib/sasl2 \
-		--with-dbpath=${PREFIX}/etc/sasldb2 \
+		--with-dbpath=${SASLDB_DIR}/sasldb2 \
 		--with-lib-subdir=lib \
 		--with-pkgconfigdir=${PREFIX}/libdata/pkgconfig \
 		--includedir=${PREFIX}/include \
@@ -83,6 +83,12 @@ CONFIGURE_ARGS+=--with-openssl=${OPENSSLBASE}
 CPPFLAGS+=	-fPIC
 .endif
 
+.if ${PORT_OPTIONS:MSASLDB_IN_VAR}
+SASLDB_DIR=	/var/db/sasl2
+.else
+SASLDB_DIR=	${PREFIX}/etc
+.endif
+
 .if ${CYRUS_BUILD_TARGET} == "cyrus-sasl"
 
 .if ${PORT_OPTIONS:MBDB1}
@@ -97,7 +103,7 @@ SASLDB=	"@comment "
 
 SUB_FILES=	pkg-deinstall pkg-install pkg-message
 SUB_LIST=	CYRUS_USER=${CYRUS_USER} CYRUS_GROUP=${CYRUS_GROUP} \
-		SASLDB_NAME=${SASLDB_NAME}
+		SASLDB_DIR=${SASLDB_DIR} SASLDB_NAME=${SASLDB_NAME}
 
 PLIST_SUB+=	PREFIX=${PREFIX} \
 		SASLDB=${SASLDB}
diff --git a/security/cyrus-sasl2/files/pkg-deinstall.in b/security/cyrus-sasl2/files/pkg-deinstall.in
index 887153339b43..0f426a9c8a73 100644
--- a/security/cyrus-sasl2/files/pkg-deinstall.in
+++ b/security/cyrus-sasl2/files/pkg-deinstall.in
@@ -6,8 +6,9 @@
 
 PKG_BATCH=${BATCH:=NO}
 PKG_PREFIX=${PKG_PREFIX:=/usr/local}
+SASLDB_DIR=%%SASLDB_DIR%%
 SASLDB_NAME=%%SASLDB_NAME%%
-SASLDB_NAME=${SASLDB_NAME:+${PKG_PREFIX}/etc/%%SASLDB_NAME%%}
+SASLDB_NAME=${SASLDB_NAME:+%%SASLDB_DIR%%/%%SASLDB_NAME%%}
 CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}
 CYRUS_GROUP=${CYRUS_GROUP:=%%CYRUS_GROUP%%}
 
@@ -20,6 +21,9 @@ delete_sasldb() {
 			if [ -f ${SASLDB_NAME}-lock ] ; then
 				rm ${SASLDB_NAME}-lock
 			fi
+			if [ ${SASLDB_DIR} = '/var/db/sasl2' ]; then
+				rmdir ${SASLDB_DIR}
+			fi
 		else
 			echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file"
 		fi
diff --git a/security/cyrus-sasl2/files/pkg-install.in b/security/cyrus-sasl2/files/pkg-install.in
index da27b55bbc0c..1c0c147e39c3 100644
--- a/security/cyrus-sasl2/files/pkg-install.in
+++ b/security/cyrus-sasl2/files/pkg-install.in
@@ -7,8 +7,9 @@
 
 PKG_BATCH=${BATCH:=NO}
 PKG_PREFIX=${PKG_PREFIX:=/usr/local}
+SASLDB_DIR=%%SASLDB_DIR%%
 SASLDB_NAME=%%SASLDB_NAME%%
-SASLDB_NAME=${SASLDB_NAME:+${PKG_PREFIX}/etc/%%SASLDB_NAME%%}
+SASLDB_NAME=${SASLDB_NAME:+%%SASLDB_DIR%%/%%SASLDB_NAME%%}
 CYRUS_USER=${CYRUS_USER:=%%CYRUS_USER%%}
 CYRUS_GROUP=${CYRUS_GROUP:=%%CYRUS_GROUP%%}
 
@@ -69,6 +70,11 @@ create_user() {
 
 create_sasldb() {
 	if [ ! -f ${SASLDB_NAME} ]; then
+		if [ ${SASLDB_DIR} = '/var/db/sasl2' -a ! -d ${SASLDB_DIR} ]; then
+			mkdir ${SASLDB_DIR}
+			chown ${CYRUS_USER}:mail ${SASLDB_DIR}
+			chmod 750 ${SASLDB_DIR}
+		fi
 		echo "test" | ${PKG_PREFIX}/sbin/saslpasswd2 -p -c ${CYRUS_USER}
 		if [ `${PKG_PREFIX}/sbin/sasldblistusers2 | wc -l` -eq 0 ] ; then
                         echo "WARNING: Failed to create ${SASLDB_NAME}"
@@ -78,7 +84,7 @@ create_sasldb() {
 			chmod 640 ${SASLDB_NAME}
 			if [ -f ${SASLDB_NAME}-lock ]; then
 				chown ${CYRUS_USER}:mail ${SASLDB_NAME}-lock
-				chmod 640 ${SASLDB_NAME}-lock
+				chmod 660 ${SASLDB_NAME}-lock
 			fi
 		fi
 	fi