diff options
author | Romain Tartière <romain@FreeBSD.org> | 2023-03-20 03:33:19 +0000 |
---|---|---|
committer | Romain Tartière <romain@FreeBSD.org> | 2023-03-20 03:49:50 +0000 |
commit | d8560936e35c4a0fa797431cbe6e234639df690b (patch) | |
tree | fe89be5373e20b30c8db1a28ee5f0008b0fbf227 | |
parent | 502fa56edbf3877c186a8203a782a441df60b6bc (diff) | |
download | ports-d8560936e35c4a0fa797431cbe6e234639df690b.tar.gz ports-d8560936e35c4a0fa797431cbe6e234639df690b.zip |
security/pam_rssh: New port
This PAM module provides ssh-agent based authentication. The primary
design goal is to avoid typing password when you sudo on remote servers.
Instead, you can simply touch your hardware security key (e.g.
Yubikey/Canokey) to fulfill user verification. The process is done by
forwarding the remote authentication request to client-side ssh-agent as
a signature request.
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/pam_rssh/Makefile | 63 | ||||
-rw-r--r-- | security/pam_rssh/distinfo | 77 | ||||
-rw-r--r-- | security/pam_rssh/pkg-descr | 5 |
4 files changed, 146 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 1ade6a6c743e..344e84e11ff9 100644 --- a/security/Makefile +++ b/security/Makefile @@ -732,6 +732,7 @@ SUBDIR += pam_pkcs11 SUBDIR += pam_pwdfile SUBDIR += pam_require + SUBDIR += pam_rssh SUBDIR += pam_script SUBDIR += pam_search_list SUBDIR += pam_ssh_agent_auth diff --git a/security/pam_rssh/Makefile b/security/pam_rssh/Makefile new file mode 100644 index 000000000000..d30e5e22fa85 --- /dev/null +++ b/security/pam_rssh/Makefile @@ -0,0 +1,63 @@ +PORTNAME= pam_rssh +DISTVERSIONPREFIX=v +DISTVERSION= 1.0.0-rc1 +CATEGORIES= security + +MAINTAINER= romain@FreeBSD.org +COMMENT= Remote sudo authenticated via ssh-agent +WWW= https://github.com/z4yx/pam_rssh + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= cargo ssl +USE_GITHUB= yes + +GH_ACCOUNT= z4yx +GH_PROJECT= ssh-agent.rs:sshagent +GH_TAGNAME= 91894139966e01941f17386a84c6b35e6ea155b8:sshagent +GH_SUBDIR= dep/ssh-agent.rs:sshagent + +CARGO_CRATES= autocfg-1.1.0 \ + base64-0.13.1 \ + bitflags-1.3.2 \ + byteorder-1.4.3 \ + cc-1.0.78 \ + cfg-if-1.0.0 \ + error-chain-0.12.4 \ + foreign-types-0.3.2 \ + foreign-types-shared-0.1.1 \ + futures-0.1.31 \ + libc-0.2.139 \ + log-0.4.17 \ + multisock-1.0.0 \ + once_cell-1.17.0 \ + openssl-0.10.45 \ + openssl-macros-0.1.0 \ + openssl-sys-0.9.80 \ + pam-bindings-0.1.1 \ + pkg-config-0.3.26 \ + proc-macro2-1.0.49 \ + pwd-1.4.0 \ + quote-1.0.23 \ + serde-1.0.152 \ + serde_derive-1.0.152 \ + syn-1.0.107 \ + syslog-5.0.0 \ + thiserror-1.0.38 \ + thiserror-impl-1.0.38 \ + time-0.1.45 \ + unicode-ident-1.0.6 \ + vcpkg-0.2.15 \ + version_check-0.9.4 \ + wasi-0.10.0+wasi-snapshot-preview1 \ + winapi-0.3.9 \ + winapi-i686-pc-windows-gnu-0.4.0 \ + winapi-x86_64-pc-windows-gnu-0.4.0 + +PLIST_FILES= lib/pam_rssh.so + +do-install: + ${INSTALL_LIB} ${CARGO_TARGET_DIR}/${CARGO_BUILD_TARGET}/release/libpam_rssh.so ${STAGEDIR}${PREFIX}/lib/pam_rssh.so + +.include <bsd.port.mk> diff --git a/security/pam_rssh/distinfo b/security/pam_rssh/distinfo new file mode 100644 index 000000000000..5c7d64fbec2c --- /dev/null +++ b/security/pam_rssh/distinfo @@ -0,0 +1,77 @@ +TIMESTAMP = 1679275918 +SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa +SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 +SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8 +SIZE (rust/crates/base64-0.13.1.crate) = 61002 +SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a +SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 +SHA256 (rust/crates/byteorder-1.4.3.crate) = 14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610 +SIZE (rust/crates/byteorder-1.4.3.crate) = 22512 +SHA256 (rust/crates/cc-1.0.78.crate) = a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d +SIZE (rust/crates/cc-1.0.78.crate) = 61375 +SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd +SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/error-chain-0.12.4.crate) = 2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc +SIZE (rust/crates/error-chain-0.12.4.crate) = 29274 +SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1 +SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504 +SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b +SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672 +SHA256 (rust/crates/futures-0.1.31.crate) = 3a471a38ef8ed83cd6e40aa59c1ffe17db6855c18e3604d9c4ed8c08ebc28678 +SIZE (rust/crates/futures-0.1.31.crate) = 157731 +SHA256 (rust/crates/libc-0.2.139.crate) = 201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79 +SIZE (rust/crates/libc-0.2.139.crate) = 638983 +SHA256 (rust/crates/log-0.4.17.crate) = abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e +SIZE (rust/crates/log-0.4.17.crate) = 38028 +SHA256 (rust/crates/multisock-1.0.0.crate) = 09b00b95a51f8573ee359668dfbfed424212dd0fc74df2333816fddff856f342 +SIZE (rust/crates/multisock-1.0.0.crate) = 4643 +SHA256 (rust/crates/once_cell-1.17.0.crate) = 6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66 +SIZE (rust/crates/once_cell-1.17.0.crate) = 32736 +SHA256 (rust/crates/openssl-0.10.45.crate) = b102428fd03bc5edf97f62620f7298614c45cedf287c271e7ed450bbaf83f2e1 +SIZE (rust/crates/openssl-0.10.45.crate) = 234763 +SHA256 (rust/crates/openssl-macros-0.1.0.crate) = b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c +SIZE (rust/crates/openssl-macros-0.1.0.crate) = 5566 +SHA256 (rust/crates/openssl-sys-0.9.80.crate) = 23bbbf7854cd45b83958ebe919f0e8e516793727652e27fda10a8384cfc790b7 +SIZE (rust/crates/openssl-sys-0.9.80.crate) = 61687 +SHA256 (rust/crates/pam-bindings-0.1.1.crate) = 95c337e922acb6ab9c3ddd1016fed13957a5bf14f51b6caa293ddc8dd47660ca +SIZE (rust/crates/pam-bindings-0.1.1.crate) = 6829 +SHA256 (rust/crates/pkg-config-0.3.26.crate) = 6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160 +SIZE (rust/crates/pkg-config-0.3.26.crate) = 18662 +SHA256 (rust/crates/proc-macro2-1.0.49.crate) = 57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5 +SIZE (rust/crates/proc-macro2-1.0.49.crate) = 41977 +SHA256 (rust/crates/pwd-1.4.0.crate) = 72c71c0c79b9701efe4e1e4b563b2016dd4ee789eb99badcb09d61ac4b92e4a2 +SIZE (rust/crates/pwd-1.4.0.crate) = 4145 +SHA256 (rust/crates/quote-1.0.23.crate) = 8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b +SIZE (rust/crates/quote-1.0.23.crate) = 28058 +SHA256 (rust/crates/serde-1.0.152.crate) = bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb +SIZE (rust/crates/serde-1.0.152.crate) = 77091 +SHA256 (rust/crates/serde_derive-1.0.152.crate) = af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e +SIZE (rust/crates/serde_derive-1.0.152.crate) = 55586 +SHA256 (rust/crates/syn-1.0.107.crate) = 1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5 +SIZE (rust/crates/syn-1.0.107.crate) = 237539 +SHA256 (rust/crates/syslog-5.0.0.crate) = 9a5d8ef1b679c07976f3ee336a436453760c470f54b5e7237556728b8589515d +SIZE (rust/crates/syslog-5.0.0.crate) = 9014 +SHA256 (rust/crates/thiserror-1.0.38.crate) = 6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0 +SIZE (rust/crates/thiserror-1.0.38.crate) = 18947 +SHA256 (rust/crates/thiserror-impl-1.0.38.crate) = 1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f +SIZE (rust/crates/thiserror-impl-1.0.38.crate) = 15429 +SHA256 (rust/crates/time-0.1.45.crate) = 1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a +SIZE (rust/crates/time-0.1.45.crate) = 28911 +SHA256 (rust/crates/unicode-ident-1.0.6.crate) = 84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc +SIZE (rust/crates/unicode-ident-1.0.6.crate) = 42158 +SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426 +SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735 +SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f +SIZE (rust/crates/version_check-0.9.4.crate) = 14895 +SHA256 (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f +SIZE (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 26964 +SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 +SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 +SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 +SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 +SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f +SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 +SHA256 (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 8228ae7a2afccd141c1f2a19f942fb1cb3b5dc0032136553d289d781d4cb1500 +SIZE (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 12458 +SHA256 (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 3cdf7be1161d8afd499c5f43779eb188bb255c5981be268a300dfd229e218259 +SIZE (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 13221 diff --git a/security/pam_rssh/pkg-descr b/security/pam_rssh/pkg-descr new file mode 100644 index 000000000000..575165b652a5 --- /dev/null +++ b/security/pam_rssh/pkg-descr @@ -0,0 +1,5 @@ +This PAM module provides ssh-agent based authentication. The primary design +goal is to avoid typing password when you sudo on remote servers. Instead, you +can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill +user verification. The process is done by forwarding the remote authentication +request to client-side ssh-agent as a signature request. |