debian/0000755000000000000000000000000012166476374007206 5ustar debian/libnuclient4.postinst0000644000000000000000000000031311662505166013374 0ustar #!/bin/sh set -e # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. case "$1" in configure) ldconfig ;; esac #DEBHELPER# exit 0 debian/copyright0000644000000000000000000000222411662505166011131 0ustar This package was debianized by Vincent Deffontaines on Thu, 13 Nov 2003 13:03:54 +0100. It was downloaded from http://www.nufw.org Upstream Authors: Eric Leblond Vincent Deffontaines Pierre Chifflier Copyright (C) 2007-2008 INL NuFW is licensed under the GPLv3 This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 3. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian GNU/Linux systems, the complete text of the GNU General Public License 3 can be found in `/usr/share/common-licenses/GPL-3'. debian/nuauth.preinst0000644000000000000000000000216211662505167012112 0ustar #!/bin/sh set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' case "$1" in install|upgrade) # 1. create group if not existing addgroup --quiet --system nuauth 2>/dev/null || true # 2. create homedir if not existing test -d /var/run/nuauth || mkdir -p /var/run/nuauth # 3. create user if not existing adduser --quiet \ --system \ --ingroup nuauth \ --no-create-home \ --disabled-password \ nuauth 2>/dev/null || true # 4. adjust passwd entry usermod -c "Nuauth for NuFW" \ -d /var/run/nuauth \ -g nuauth \ nuauth # 5. adjust file and directory permissions chown -R nuauth:nuauth /var/run/nuauth chmod u=rwx,g=rx,o= /var/run/nuauth ;; configure) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/nuauth-log-mysql.docs0000644000000000000000000000006611662505166013300 0ustar conf/nulog.ipv4.mysql.dump conf/nulog.ipv6.mysql.dump debian/nuauth.dirs0000644000000000000000000000010711662505167011364 0ustar etc/nufw/certs etc/nufw/nuauth.d etc/default usr/sbin usr/share/nuauth debian/libpam-nufw.dirs0000644000000000000000000000001511662505166012276 0ustar lib/security debian/libnussl1.install0000644000000000000000000000006412164562726012505 0ustar usr/lib/*/libnussl.so.1.0.0 usr/lib/*/libnussl.so.1 debian/nuauth-log-pgsql.docs0000644000000000000000000000002611662505167013256 0ustar conf/nulog.pgsql.dump debian/libnuclient-dev.dirs0000644000000000000000000000002511662505166013142 0ustar usr/include/nuclient debian/nutcpc.install0000644000000000000000000000005312164564262012060 0ustar usr/bin/nutcpc usr/share/man/man1/nutcpc.1 debian/nufw.default0000644000000000000000000000120411662505167011521 0ustar #Change to "true" for Nufw to be started NUFW_START="true" #Add "v"s so nufw gets more verbose NUFW_VERBOSITY="vv" #Address of the nuauth server #NUFW_NUAUTH_ADDRESS="127.0.0.1" #UDP port the nuauth server listens on #NUFW_NUAUTH_PORT=4128 #Timeout to forget about packets when there's no match (seconds) #NUFW_TIMEOUT=15 #Track Size #NUFW_TRACK_SIZE=1000 #SSL certificates and keys NUFW_SSL_CERTIFICATE="/etc/nufw/certs/nufw-cert.pem" NUFW_SSL_KEY="/etc/nufw/certs/nufw-key.pem" # Additional options # For ex., add -s here to disable TLS strict checking mode # See http://nufw.org/docs/handbook22.html#hardening NUFW_OPTIONS="-s -C -M" debian/compat0000644000000000000000000000000212164556105010371 0ustar 9 debian/nuauth-utils.dirs0000644000000000000000000000001111662505167012514 0ustar etc/nufw debian/nufw.init0000644000000000000000000000541711662505167011052 0ustar #! /bin/sh # # Written by Miquel van Smoorenburg . # Modified for Debian # by Ian Murdock . # Customized for nufw by Vincent Deffontaines # # ### BEGIN INIT INFO # Provides: nufw-nfqueue # Required-Start: $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Should-Start: $local_fs # Should-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Control script for nufw # Description: Init script to control (start/stop/reload) # the nufw server. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/nufw NAME=nufw PID=nufw DESC=nufw NUFW_START="false" test -x $DAEMON || exit 0 NUFW_OPTIONS="" # Include nufw defaults if available if [ -f /etc/default/nufw ] ; then . /etc/default/nufw fi if [ "$NUFW_START" != "true" ]; then exit 0 fi if [ -z "$NUFW_VERBOSITY" ]; then NUFW_VERBOSITY="vv" fi if [ "$NUFW_NUAUTH_ADDRESS" != "" ]; then NUFW_OPTIONS="$NUFW_OPTIONS -d $NUFW_NUAUTH_ADDRESS" fi if [ "$NUFW_NUAUTH_PORT" != "" ]; then NUFW_OPTIONS="$NUFW_OPTIONS -p $NUFW_NUAUTH_PORT" fi if [ "$NUFW_TIMEOUT" != "" ]; then NUFW_OPTIONS="$NUFW_OPTIONS -t $NUFW_TIMEOUT" fi if [ "$NUFW_TRACK_SIZE" != "" ]; then NUFW_OPTIONS="$NUFW_OPTIONS -T $NUFW_TRACK_SIZE" fi DAEMON_OPTS="-D -$NUFW_VERBOSITY \ $NUFW_OPTIONS \ -k $NUFW_SSL_KEY -c $NUFW_SSL_CERTIFICATE -m" set -e case "$1" in start) echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/$PID.pid \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/$PID.pid \ --retry 5 --exec $DAEMON echo "$NAME." ;; #reload) # # If the daemon can reload its config files on the fly # for example by sending it SIGHUP, do it here. # # If the daemon responds to changes in its config file # directly anyway, make this a do-nothing entry. # # echo "Reloading $DESC configuration files." # start-stop-daemon --stop --signal 1 --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON #;; restart|force-reload) # # If the "reload" option is implemented, move the "force-reload" # option to the "reload" entry above. If not, "force-reload" is # just the same as "restart". # echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --oknodo --pidfile \ /var/run/$PID.pid --retry 5 --exec $DAEMON sleep 1 start-stop-daemon --start --quiet --pidfile \ /var/run/$PID.pid --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; *) N=/etc/init.d/$NAME # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 debian/patches/0000755000000000000000000000000012164557350010625 5ustar debian/patches/11-fix-ftbfs-pthread_cancel.patch0000644000000000000000000000314712164557350016714 0ustar Index: nufw/src/nufw/Makefile.am =================================================================== --- nufw.orig/src/nufw/Makefile.am 2013-07-02 16:07:28.415877818 +0200 +++ nufw/src/nufw/Makefile.am 2013-07-02 16:08:30.895874819 +0200 @@ -16,18 +16,18 @@ ${noinst_nufw_SOURCES} if HAVE_IPQ -nufw_LDADD = -lipq ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la +nufw_LDADD = -lpthread -lipq ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_NFQUEUE_CONNTRACK -nufw_LDADD = -lnfnetlink -lnetfilter_queue -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la +nufw_LDADD = -lpthread -lnfnetlink -lnetfilter_queue -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_NFQUEUE_ONLY -nufw_LDADD = -lnfnetlink -lnetfilter_queue ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la +nufw_LDADD = -lpthread -lnfnetlink -lnetfilter_queue ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif if HAVE_CONNTRACK_ONLY -nufw_LDADD = -lnfnetlink -lipq -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la +nufw_LDADD = -lpthread -lnfnetlink -lipq -lnetfilter_conntrack -ldl ../libs/nussl/libnussl.la ../libs/nuconfparser/libnuconfparser.la ../libs/nubase/libnubase.la endif nufw$(EXEEXT): $(nufw_OBJECTS) $(nufw_DEPENDENCIES) debian/patches/10-fix-format-strings.patch0000644000000000000000000000072712164556620015634 0ustar Index: nufw/src/nuauth/debug.c =================================================================== --- nufw.orig/src/nuauth/debug.c 2011-11-21 18:31:15.000000000 +0100 +++ nufw/src/nuauth/debug.c 2013-07-02 16:02:31.035892091 +0200 @@ -51,7 +51,7 @@ int debug_level; debug_level = _map_g_loglevel_to_debuglevel(log_level); - log_printf(debug_level, message); + log_printf(debug_level, "%s", message); } void set_glib_loghandlers(int use_stdout, int use_syslog) debian/patches/series0000644000000000000000000000007612164557322012044 0ustar 10-fix-format-strings.patch 11-fix-ftbfs-pthread_cancel.patch debian/control0000644000000000000000000002337712164567251010616 0ustar Source: nufw Section: net Priority: optional XS-Python-Version: all Maintainer: Pierre Chifflier Build-Depends: debhelper (>= 9.0), po-debconf, automake, dh-autoreconf, libldap2-dev, libglib2.0-dev, libmysqlclient-dev | libmysqlclient15-dev, libpq-dev, iptables-dev, libtool, libgnutls-dev, libsasl2-dev, libpam0g-dev, libprelude-dev, libnetfilter-conntrack-dev, libnetfilter-queue-dev, libnfnetlink-dev, python-support (>= 0.4), python-dev, pkg-config, flex, bison, chrpath Standards-Version: 3.9.4 Homepage: http://www.nufw.org/-English-.html Package: nufw Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libnussl1 (= ${binary:Version}), debconf (>= 1.3.22), ucf, ssl-cert, openssl Suggests: ulogd, ulogd-mysql Description: The authenticating firewall [NFQUEUE daemon] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . NuFW can: * Act as a traditional firewall * Add user identity to the list of parameters used to write firewall rules * Authenticate any connection or protocol * Perform accounting, routing and quality of service based on users * Filter packets with criteria such as application and OS * Log all traffic in SQL with username and application information * Be the key of a secure and simple Single Sign On system. . This package provides the daemon receiving packets through the NFQUEUE netfilter rule. Information about those packets are forwarded to the nuauth daemon, which decides if packets should be accepted or denied, sends back the information to Nufw that applies decisions. Package: nuauth Architecture: any Pre-Depends: passwd, adduser Depends: ${shlibs:Depends}, ${misc:Depends}, libnussl1 (= ${binary:Version}), debconf (>= 1.3.22), ucf, libsasl2-modules, ssl-cert, openssl Recommends: nuauth-utils Description: The authenticating firewall [authentication daemon] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . NuFW can: * Act as a traditional firewall * Add user identity to the list of parameters used to write firewall rules * Authenticate any connection or protocol * Perform accounting, routing and quality of service based on users * Filter packets with criteria such as application and OS * Log all traffic in SQL with username and application information * Be the key of a secure and simple Single Sign On system. . This package provides the authentication daemon, which uses a user database (though PAM modules) and an ACL database (which can be a LDAP directory, or XML/DBM files, etc.). Nuauth handles both client authentication, taking decisions on requests sent by the nufw daemon to accept packets or not, and sending decision to the nufw daemon. Package: nuauth-extra Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, nuauth Recommends: nuauth-utils Description: The authenticating firewall [extra modules] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . Nuauth-extra provides extra modules for nuauth, such as the ipauth_guest and auth_mysql modules. Package: nuauth-log-mysql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, nuauth Recommends: nuauth-utils Description: The authenticating firewall [MySQL log module] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This package adds support for nuauth logging users activity into a MySQL database. You can use this for an SSO solution, too. Package: nuauth-log-pgsql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, nuauth Recommends: nuauth-utils Description: The authenticating firewall [PostgreSQL log module] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This package adds support for nuauth logging users activity into a PostgreSQL database. You can use this for an SSO solution, too. Package: nutcpc Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libnuclient4 (= ${binary:Version}) Description: The authenticating firewall [client] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . nutcpc is a console-mode client for the NUFW authenticating firewall. It is in charge of authenticating the user, and replying to nuauth requests to send information on network connections. Package: nuauth-utils Architecture: all Depends: ${shlibs:Depends}, ${python:Depends}, ${misc:Depends}, python-ipy, perl, libnet-ldap-perl, nuauth XB-Python-Version: ${python:Versions} Description: The authenticating firewall [tools for admin] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . nuaclgen is a perl script that helps generate LDAP ACLs for use with nuauth, the nufw authentication daemon. nuauth_command is a Python script to control the nuauth daemon. Package: libnuclient4 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libsasl2-modules, libnussl1 (= ${binary:Version}) Replaces: libnuclient Conflicts: libnuclient Description: The authenticating firewall [client library] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This library provides the library for nufw clients. Package: libnuclient-dev Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libsasl2-dev, libssl-dev, libnuclient4 (= ${binary:Version}) Section: libdevel Description: The authenticating firewall [client development files] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This library provides files needed to develop a NuFW client. Package: libpam-nufw Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libnuclient4 (= ${binary:Version}) Section: admin Description: The authenticating firewall [PAM module] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This package contains a PAM module to transparently authenticate to the NuFW authentication daemon. It uses the login and password to start a NuFW client, for the duration of the session. Package: libnussl1 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: The authenticating firewall [SSL library] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This library provides an abstraction layer over SSL functions. Package: libnussl-dev Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libsasl2-dev, libssl-dev, libnussl1 (= ${binary:Version}) Section: libdevel Description: The authenticating firewall [SSL development files] NuFW is an authenticating firewall based on netfilter's NFQUEUE target. It allows one to write filtering rules based on user identity, in addition to classical network criteria. Unless other solutions, NuFW uses a strict security model and can apply different access rules to users connected on the same host, for example. . This library provides the files needed to develop an application using nussl. debian/nuauth.postinst0000644000000000000000000000507312164554526012316 0ustar #!/bin/sh CONFIGFILE1=/etc/default/nuauth CONFIGFILE2=/etc/nufw/nuauth.conf set -e . /usr/share/debconf/confmodule grepconf () { w=" " # space tab sq=/etc/nufw/nuauth.conf # sed is cool. res=`sed -ne ' s/^\s*'$1'\s*=\s*"\?\([^"]*\)\"$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } grepdefault () { w=" " # space tab sq=/etc/default/nuauth # sed is cool. res=`sed -ne ' s/^\s*'$1'\s*=\s*"\?\([^"]*\)\"$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } replace_file () { newfile=$1 oldfile=$2 if [ ! -f ${oldfile} ] ; then cp ${newfile} ${oldfile} else ucf --three-way --debconf-ok ${newfile} ${oldfile} fi } # Installing the config replace_file /usr/share/nuauth/nuauth.conf /etc/nufw/nuauth.conf #ucf --three-way --debconf-ok /usr/share/nuauth/nuauth.conf /etc/nufw/nuauth.conf for file in `find /usr/share/nuauth/nuauth.d -type f`; do shortname=`basename $file` replace_file /usr/share/nuauth/nuauth.d/$shortname /etc/nufw/nuauth.d/$shortname #ucf --three-way --debconf-ok /usr/share/nuauth/nuauth.d/$shortname /etc/nufw/nuauth.d/$shortname done NUAUTH_USER=`grepdefault NUAUTH_USER nobody` nuauth_tls_key=`grepconf nuauth_tls_key /etc/nufw/certs/nuauth-key.pem` nuauth_tls_cert=`grepconf nuauth_tls_cert /etc/nufw/certs/nuauth-cert.pem` nuauth_tls_dh_params=`grepconf nuauth_tls_dh_params /etc/nufw/certs/nuauth-dh_params.pem` if ! grep -q -e "^$NUAUTH_USER:" /etc/passwd then echo "FATAL : User \"$NUAUTH_USER\" does not exist, but is supposed to run nuauth" exit -1 fi # ssl certificate generation if [ -x /usr/bin/openssl ]; then if [ ! -e $nuauth_tls_key ]; then make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/nufw/certs/nuauth.pem if [ -f /etc/nufw/certs/nuauth.pem ]; then # split key and certificate data openssl x509 -in /etc/nufw/certs/nuauth.pem -out $nuauth_tls_cert openssl rsa -in /etc/nufw/certs/nuauth.pem -out $nuauth_tls_key chmod 0600 $nuauth_tls_key chown $NUAUTH_USER $nuauth_tls_key rm -f /etc/nufw/certs/nuauth.pem find /etc/nufw/certs -type l -maxdepth 1 -delete fi fi if [ ! -e $nuauth_tls_dh_params ]; then # generate DH parameters, defaults to 1024 bits openssl dhparam -out $nuauth_tls_dh_params 1024 chown $NUAUTH_USER $nuauth_tls_dh_params fi fi db_stop #DEBHELPER# exit 0 debian/rules0000755000000000000000000000642512164566707010273 0ustar #!/usr/bin/make -f export DH_VERBOSE = 1 %: dh ${@} --with autoreconf,python2 override_dh_auto_configure: dh_auto_configure -- \ --sysconfdir=/etc/nufw/ --with-mysql-log --with-pgsql-log --with-system-auth --with-ldap \ --with-utf8 --with-nfqueue --with-nfconntrack --without-fixedtimeout --enable-pam-nufw \ --with-prelude-log --with-mysql-auth override_dh_auto_clean: dh_auto_clean find . -name "*.pyc" -delete override_dh_auto_install: dh_auto_install $(MAKE) install-conf DESTDIR=$(CURDIR)/debian/tmp/ sysconfdir=$(CURDIR)/debian/tmp/etc/nufw/ #default certificates # cp $(CURDIR)/conf/certs/nufw-key.pem $(CURDIR)/debian/tmp/etc/nufw/certs # cp $(CURDIR)/conf/certs/nufw-cert.pem $(CURDIR)/debian/tmp/etc/nufw/certs # cp $(CURDIR)/conf/certs/nuauth-key.pem $(CURDIR)/debian/tmp/etc/nufw/certs # cp $(CURDIR)/conf/certs/nuauth-cert.pem $(CURDIR)/debian/tmp/etc/nufw/certs # move nuauth config files to /usr/share/nuauth, we will handle them using ucf in nuauth.postinst file install -d -m0755 $(CURDIR)/debian/tmp/usr/share/nuauth mv $(CURDIR)/debian/tmp/etc/nufw/nuauth.conf $(CURDIR)/debian/tmp/etc/nufw/nuauth.d $(CURDIR)/debian/tmp/usr/share/nuauth/ for file in `find $(CURDIR)/debian/tmp/usr/share/nuauth/ -type f`; do \ sed -e "s+^#\? *nuauth_tls_key=.*+nuauth_tls_key=\"/etc/nufw/certs/nuauth-key.pem\"+" \ -e "s+^#\? *nuauth_tls_cert=.*+nuauth_tls_cert=\"/etc/nufw/certs/nuauth-cert.pem\"+" \ -e "s+^#\? *nuauth_tls_cacert=.*+nuauth_tls_cacert=\"/etc/ssl/certs/ssl-cert-snakeoil.pem\"+" \ -e "s+^#\? *nuauth_tls_dh_params=.*+nuauth_tls_dh_params=\"/etc/nufw/certs/nuauth-dh_params.pem\"+" \ -e "s+^ *plaintext_aclfile=.*+plaintext_aclfile=\"/etc/nufw/acls.nufw\"+" \ -e "s+^ *plaintext_userfile=.*+plaintext_userfile=\"/etc/nufw/users.nufw\"+" \ -e "s+^ *nuauth_user_check_module=.*+nuauth_user_check_module=\"system\"+" \ -e "s+^ *nuauth_tls_request_cert=.*+nuauth_tls_request_cert=1+" \ -e "s+^#\? *nuauth_tls_disable_nufw_fqdn_check=.*+nuauth_tls_disable_nufw_fqdn_check=1+" \ -i $$file; \ done # # do the same for nufw.conf install -d -m0755 $(CURDIR)/debian/tmp/usr/share/nufw mv $(CURDIR)/debian/tmp/etc/nufw/nufw.conf $(CURDIR)/debian/tmp/usr/share/nufw/ for file in `find $(CURDIR)/debian/tmp/usr/share/nufw/ -type f`; do \ sed -e "s+^#\? *nufw_tls_key=.*+nufw_tls_key=\"/etc/nufw/certs/nufw-key.pem\"+" \ -e "s+^#\? *nufw_tls_cert=.*+nufw_tls_cert=\"/etc/nufw/certs/nufw-cert.pem\"+" \ -e "s+^#\? *nufw_tls_cacert=.*+nufw_tls_cacert=\"/etc/ssl/certs/ssl-cert-snakeoil.pem\"+" \ -i $$file; \ done # install -m0755 $(CURDIR)/scripts/nuaclgen $(CURDIR)/debian/tmp/usr/bin install -m0755 $(CURDIR)/scripts/nutop $(CURDIR)/debian/tmp/usr/bin install -m0755 $(CURDIR)/scripts/clean_conntrack.pl $(CURDIR)/debian/tmp/usr/sbin install -m0640 $(CURDIR)/conf/nuaclgen.conf $(CURDIR)/debian/tmp/etc/nufw/ install -m0640 $(CURDIR)/conf/nutop.conf $(CURDIR)/debian/tmp/etc/nufw/ # # remove extra files find $(CURDIR)/debian/tmp -name "*.egg-info" -delete find $(CURDIR)/debian/tmp -name "*.a" -delete find $(CURDIR)/debian/tmp -name "libnobuffer*" -delete find $(CURDIR)/debian/tmp -name "*.pem" -delete find $(CURDIR)/debian/tmp -name "*.pyc" -delete override_dh_install: dh_install -X.la --fail-missing --sourcedir=debian/tmp debian/nuauth.default0000644000000000000000000000041011662505167012044 0ustar #Change to "true" for Nufw to be started NUAUTH_START="true" #Add "v"s so nufw gets more verbose NUAUTH_VERBOSITY="vv" #User nuauth runs on. Change this to some entry existing in /etc/passwd NUAUTH_USER="nuauth" #EDIT /etc/nuauth/nuauth.conf for other options! debian/changelog0000644000000000000000000004561412166476224011064 0ustar nufw (2.4.3-3) unstable; urgency=low * Rewrite packaging files - Switch to DH 9 - Enable all hardening flags - Enable multiarch - Add 10-fix-format-strings.patch - Add 11-fix-ftbfs-pthread_cancel.patch (Closes: #713731) - Switch to dh_python2 (Closes: #715300) -- Pierre Chifflier Mon, 08 Jul 2013 10:47:12 +0200 nufw (2.4.3-2.2) unstable; urgency=low * Non-maintainer upload. * Fix "postinst deletes files from /usr/share/nuauth/": nuauth.postinst: use cp instead of mv in the replace_file function (Closes: #688249) * Fix "postinst deletes /usr/share/nufw/nufw.conf breaking package reconfiguration": nufw.postinst: use cp instead of mv in the replace_file function (Closes: #688615) -- gregor herrmann Sun, 30 Sep 2012 18:49:59 +0200 nufw (2.4.3-2.1) unstable; urgency=low [ Andreas Metzler ] * Stop shipping libtool la files in binary packages. (Closes: #591553) http://wiki.debian.org/ReleaseGoals/LAFileRemoval [ Ondřej Surý ] * Non-maintainer upload. -- Ondřej Surý Mon, 23 May 2011 08:55:37 +0200 nufw (2.4.3-2) unstable; urgency=low * Force linking against -lpthread to fix FTBFS with binutils-gold (Closes: #615757) * Switch to dpkg-source 3.0 (quilt) format -- Pierre Chifflier Mon, 28 Feb 2011 11:31:39 +0100 nufw (2.4.3-1) unstable; urgency=low * Imported Upstream version 2.4.3 * Set section for libpam-nufw to admin * Bump standards version to 3.9.1 -- Pierre Chifflier Tue, 17 Aug 2010 12:10:24 +0200 nufw (2.4.2-1) unstable; urgency=low * Imported Upstream version 2.4.2 * Reapply upstream patch before merge -- Pierre Chifflier Fri, 28 May 2010 07:57:17 +0200 nufw (2.4.1-1) unstable; urgency=high * Imported Upstream version 2.4.1 * Fix bashism in init script (Closes: #581130) * Urgency high, serious bug (and release goal) * Revert upstream patch to support sub-CA, patch is specific to OpenSSL -- Pierre Chifflier Mon, 17 May 2010 21:10:31 +0200 nufw (2.4.0-1) unstable; urgency=low * New upstream major version 2.4.0 * Update watch file * Upload to unstable -- Pierre Chifflier Wed, 03 Mar 2010 21:28:28 +0100 nufw (2.4.0~rc1-1) experimental; urgency=low * New upstream release: release condidate for new major version (2.4) * Add new binary packages libnussl1 and libnussl-dev * Rename libnuclient3 to libnuclient4 (API change) * Add to build-deps: flex, bison * Bump standards version to 3.8.3 * Fix typo in description (Closes: #557564) * Remove nufw certificates on purge (Closes: #455117) -- Pierre Chifflier Sat, 20 Feb 2010 18:52:57 +0100 nufw (2.2.21-4) unstable; urgency=high * Fix FTBFS against gnutls26 >= 2.7.x (Closes: #529841) This required to run autogen.sh * Urgency high because of above bug * Update dependency on libmysqlclient-dev * Bump standards version to 3.8.2 (no changes) -- Pierre Chifflier Sat, 15 Aug 2009 16:33:32 +0200 nufw (2.2.21-3) unstable; urgency=low * Apply patch from Jérôme Soyer: * Add more modules to nuauth: - mark_field - mark_flag - session_authtype * Add more modules to nuauth-extra: - script -- Pierre Chifflier Tue, 10 Mar 2009 15:34:07 +0100 nufw (2.2.21-2) unstable; urgency=low * Upload to unstable -- Pierre Chifflier Wed, 25 Feb 2009 12:03:36 +0100 nufw (2.2.21-1) experimental; urgency=low * New upstream release -- Pierre Chifflier Wed, 04 Feb 2009 13:49:18 +0100 nufw (2.2.20-2) experimental; urgency=low * Add Homepage field (Closes: #511453) -- Pierre Chifflier Mon, 19 Jan 2009 11:08:20 +0100 nufw (2.2.20-1) experimental; urgency=low * New upstream release -- Pierre Chifflier Wed, 10 Dec 2008 13:36:54 +0100 nufw (2.2.19-1) experimental; urgency=low * New upstream release * Upstream uses strict TLS checking mode by default. Use less strict, but easier to use configuration (see README.Debian) -- Pierre Chifflier Fri, 05 Dec 2008 10:21:05 +0100 nufw (2.2.15-3) unstable; urgency=low * Rewrite certificate generation code to use make-ssl-cert (Closes: #497778) -- Pierre Chifflier Thu, 04 Sep 2008 13:49:00 +0200 nufw (2.2.15-2) unstable; urgency=high * Remove rpath to insecure location (Closes: #495769) * urgency=high because of RC bug * Add dependency on rpath * Bump standards version (no changes) -- Pierre Chifflier Mon, 25 Aug 2008 11:42:20 +0200 nufw (2.2.15-1) unstable; urgency=low * New upstream release * Rebuild with support for several python versions (Closes: #476238) -- Pierre Chifflier Tue, 15 Apr 2008 15:54:47 +0200 nufw (2.2.14-2) unstable; urgency=low * Rebuild for python transition (Closes: #476173) -- Pierre Chifflier Tue, 15 Apr 2008 09:16:45 +0200 nufw (2.2.14-1) unstable; urgency=low * New upstream release * Debian directory is now separated from upstream -- Pierre Chifflier Tue, 08 Apr 2008 15:15:58 +0200 nufw (2.2.13-2) unstable; urgency=low * Backport patch from upstream to fix build (error with inline functions) -- Pierre Chifflier Thu, 03 Apr 2008 11:50:15 +0200 nufw (2.2.13-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Wed, 02 Apr 2008 12:12:11 +0200 nufw (2.2.11-2) unstable; urgency=low * Fix bashism in NuFW init script (Closes: #465013) * Fix spelling in control (mysql -> MySQL) -- Pierre Chifflier Sun, 10 Feb 2008 18:22:09 +0100 nufw (2.2.11-1) unstable; urgency=low * New upstream release * Bump standards version -- Pierre Chifflier Wed, 09 Jan 2008 09:24:33 +0100 nufw (2.2.10-2) unstable; urgency=low * Add python-ipy to build-deps -- Pierre Chifflier Wed, 05 Dec 2007 14:13:55 +0100 nufw (2.2.10-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Wed, 05 Dec 2007 09:37:11 +0100 nufw (2.2.9-3) unstable; urgency=low * Change build order and tell dh_shlibdeps to search libs in correct dir .. -- Pierre Chifflier Fri, 30 Nov 2007 13:47:36 +0100 nufw (2.2.9-2) unstable; urgency=low * Tell dh_shlibdeps to use libnuclient3 -- Pierre Chifflier Fri, 30 Nov 2007 12:01:34 +0100 nufw (2.2.9-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Mon, 26 Nov 2007 12:17:37 +0100 nufw (2.2.8-1) unstable; urgency=low * New upstream release * Create directory /var/run/nuauth in package * Do not use --enable-debug, so it does not flood the log with debug messages -- Pierre Chifflier Tue, 13 Nov 2007 13:56:41 +0100 nufw (2.2.7-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Mon, 29 Oct 2007 20:09:27 +0100 nufw (2.2.6-3) unstable; urgency=low * Enable Prelude module -- Pierre Chifflier Sun, 28 Oct 2007 09:36:37 +0100 nufw (2.2.6-2) unstable; urgency=low * Make libnuclient-dev depend on libnuclient3 -- Pierre Chifflier Fri, 26 Oct 2007 17:53:04 +0200 nufw (2.2.6-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Wed, 10 Oct 2007 11:57:28 +0200 nufw (2.2.5-2) unstable; urgency=low * Add binary package libnuclient-dev -- Pierre Chifflier Wed, 12 Sep 2007 21:41:39 +0200 nufw (2.2.5-1) unstable; urgency=low * New upstream release -- Pierre Chifflier Tue, 11 Sep 2007 16:05:35 +0200 nufw (2.2.4-1) unstable; urgency=low * New upstream release * Add nuauth-command script to nuauth-utils * Use python-support for nuauth-utils * Update nuauth-utils dependencies -- Pierre Chifflier Mon, 20 Aug 2007 23:18:37 +0200 nufw (2.2.3-2) unstable; urgency=low * Fix init script (Closes: #436958) * Move system files to nuauth (Closes: #427973) * Add --retry to really wait for script exit -- Pierre Chifflier Mon, 13 Aug 2007 15:14:06 +0200 nufw (2.2.3-1) unstable; urgency=low * New upstream release * Add watch file * Update my mail address -- Pierre Chifflier Sun, 05 Aug 2007 22:28:35 +0200 nufw (2.2.2-2) unstable; urgency=low * Also move system backend to nuauth (Closes: #427973) -- Pierre Chifflier Wed, 04 Jul 2007 11:30:30 +0200 nufw (2.2.2-1) unstable; urgency=medium * New upstream release + restore compatibility with 2.0 versions + not compatible with 2.2.1 * Do not include plaintext files in nuauth-extra (Closes: #427973) * Urgency=medium because of RC bug -- Pierre Chifflier Tue, 26 Jun 2007 16:48:15 +0200 nufw (2.2.1-1) unstable; urgency=low * New upstream release * Change build dependency from postgresql-dev to libpq-dev -- Pierre Chifflier Mon, 18 Jun 2007 11:22:34 +0200 nufw (2.2.0-3) unstable; urgency=high * Move module plaintext to nuauth (Closes: #427973) * Urgency=high because of RC bug * Remove dependency on libnuclient3, now correctly detected by dh_shlibdeps -- Pierre Chifflier Fri, 08 Jun 2007 11:36:36 +0200 nufw (2.2.0-2) unstable; urgency=high * Conficts/Replaces package libnuclient (Closes: #427611) * Urgency=high because of RC bug -- Pierre Chifflier Tue, 05 Jun 2007 14:44:13 +0200 nufw (2.2.0-1) unstable; urgency=low * New upstream release * Complete rewrite of the package * Remove templates (Closes: #414507, #420931, #361428) * Set nuauth-utils arch to all (Closes: #419923) * Set myself as Maintainer, with Jean-Michel's agreement * Update libnuclient files location * Update copyright file * Update dependencies on debconf * Spell check packages descriptions * Add LSB sections to init scripts * Remove dependencies on libnetfilter*, detected by dh_shlibdeps * Rename libnuclient to libnuclient3 * Remove debconf stuff, not needed * Use ucf for nuauth.conf -- Pierre Chifflier Tue, 29 May 2007 09:26:17 +0200 nufw (2.0.16-1) unstable; urgency=low * New upstream release (Closes: #411515) * Ack NMU (Closes: #378385) * Add myself to Uploaders * Bump Standards version to 3.7.2 * Add LSB sections to init scripts * Update depends on debconf * Change libpam-nufw description to be less than 80 characters * Change dependency to libpq-dev (Closes: #409768) * Update Czech template (Closes: #412697) -- Pierre Chifflier Fri, 16 Mar 2007 16:24:56 +0100 nufw (2.0.9-5.2) unstable; urgency=high * Non-maintainer upload. * Added nauth: missing pre-dep on passwd (Closes: #408269) - added pre-dep on adduser too, since it uses adduser in preinst * Urgency high due RCness -- Bastian Venthur Thu, 1 Feb 2007 11:54:30 +0100 nufw (2.0.9-5.1) unstable; urgency=low * Non-maintainer upload to fix longstanding l10n issues * Add debconf-updatepo to the clean target in debian/rules Closes: #349839 * add the nufw20.templates and nuauth20.templates files to debian/po/POTFILES.in so that these files are translated too * General rewrite of the debconf templates in a desperate attempt to have them DevRef compliant, remove untranslatable strings and, unfortunately, drive translators crazy. Closes: #361423 * Fix typo in the package description. Closes: #390090 * Lintian fixes: - Remove redundant declaration of conffiles in /etc. Closes: #356772 * Debconf translation updates: - French updated - Czech updated. Closes: #345142 - Swedish updated. Closes: #347608 - German added. Sent during the call for updates for the NMU campaign. - Russian added. Sent during the call for updates for the NMU campaign. -- Christian Perrier Sun, 3 Dec 2006 12:14:00 +0100 nufw (2.0.9-5) unstable; urgency=low * One more patch for compilation on hppa. -- Jean-Michel Kelbert Sat, 2 Dec 2006 12:31:12 +0100 nufw (2.0.9-4) unstable; urgency=low * Apply a patch provided by upstream to compile on hppa. This time it should work ! -- Jean-Michel Kelbert Tue, 28 Nov 2006 21:12:17 +0100 nufw (2.0.9-3) unstable; urgency=low * Apply a patch provided by upstream to compile on hppa. -- Jean-Michel Kelbert Thu, 9 Nov 2006 21:41:03 +0100 nufw (2.0.9-2) unstable; urgency=low * Change copyright file to not include the entire GPL. -- Jean-Michel Kelbert Wed, 1 Nov 2006 20:04:30 +0100 nufw (2.0.9-1) unstable; urgency=low * New upstream release. * Adapt packaging to version 2. * Many thanks to Vincent Deffontaines for its packaging. -- Jean-Michel Kelbert Mon, 9 Oct 2006 21:58:20 +0200 nufw (1.0.23-1.1) unstable; urgency=high * Non-maintainer upload. * Unbreak syntactically wrong debconf template, which caused problems during package installation. (Closes: #360581) -- Steinar H. Gunderson Sun, 16 Jul 2006 00:02:00 +0200 nufw (1.0.23-1) unstable; urgency=low * New upstream release * Update debconf configuration to take care of new options. * Upgrade build depends to libmysqlclient15-dev (closes: #356719) -- Jean-Michel Kelbert Thu, 30 Mar 2006 21:01:38 +0200 nufw (1.0.16-1) unstable; urgency=low * New upstream release. This is a security release. The NuFW team has identified a problem that could lead to Denial of Service from legitimate users of the authentication service. This has been assigned CVE-2005-3950. (closes: #341544) * Add debconf-updatepo in debian/rules. (closes: #329942) * Add debconf-2.0 as an alternate to debconf. (closes: #332049) * Use gnutls12 instead of gnutls11. (closes: #335769) * Update the French translation for debconf. (closes: #332575) * Add the Swedish translation for debconf. (closes: #336780) -- Jean-Michel Kelbert Tue, 27 Dec 2005 17:04:58 +0100 nufw (1.0.13-1) unstable; urgency=low * New upstream release -- Jean-Michel Kelbert Sun, 16 Oct 2005 18:12:39 +0200 nufw (1.0.11-1) unstable; urgency=low * Add the Vietnamese translation for debconf. (closes: #316322) * Add the French translation for debconf. (closes: #307763) * Add the Czech translation for debconf. (closes: #310700) -- Jean-Michel Kelbert Fri, 2 Sep 2005 22:02:12 +0200 nufw (1.0.10-1) stable; urgency=low * new upstream release -- Eric Leblond Mon, 4 Jul 2005 11:32:01 +0200 nufw (1.0.8-1) unstable; urgency=low * new upstream release -- Eric Leblond Fri, 10 Jun 2005 15:46:35 +0200 nufw (1.0.7-1) unstable; urgency=low * new upstream release -- Eric Leblond Wed, 8 Jun 2005 09:46:42 +0200 nufw (1.0.6-1) unstable; urgency=low * new upstream release -- Eric Leblond Thu, 2 Jun 2005 21:56:16 +0200 nufw (1.0.5-1) unstable; urgency=low * new upstream release -- Eric Leblond Thu, 12 May 2005 12:20:42 +0200 nufw (1.0.3-1) unstable; urgency=low * new upstream release -- Eric Leblond Wed, 20 Apr 2005 09:17:25 +0200 nufw (1.0.2-1) unstable; urgency=low * new upstream release -- Eric Leblond Tue, 29 Mar 2005 07:16:56 +0200 nufw (1.0.1-1) unstable; urgency=low * New upstream release. -- Eric Leblond Tue, 15 Mar 2005 23:22:12 +0100 nufw (1.0-1) unstable; urgency=low * New upstream release. * Add --with-system-auth to configure in debian/rules to support PAM+NSS authentication. * Add --with-ldap to support LDAP directory for users and acl lookup. * Add --with-gdbm to support gdbm users lookup. * Add --with-ident to support support ident users authentication. * Add libgcrypt11-dev, libgnutls11-dev, libident-dev, libpam-dev to Build-Depends. * Add postrm and preinst for nuauth. -- Jean-Michel Kelbert Tue, 22 Feb 2005 22:53:22 +0100 nufw (0.8.5-3) unstable; urgency=low * Change debian/copyright to reflect changes made by upstreams to the license. * Initial upload in Debian. Thanks to Vincent Deffontaines for packaging the package before me. (closes: #258746) -- Jean-Michel Kelbert Mon, 20 Dec 2004 22:23:16 +0100 nufw (0.8.5-1) unstable; urgency=low * New upstream release. * Upstream add an exception to the GPL which allows linking with OpenSSL. -- Jean-Michel Kelbert Wed, 1 Sep 2004 23:03:10 +0200 nufw (0.8.2-1) unstable; urgency=low * Update Description in debian/control. Thanks to Brandon Robinson. * Switch to gettext for the debconf templates. * Change the way of packaging. * Correct minor policy violations. -- Jean-Michel Kelbert Fri, 30 Jul 2004 13:41:25 +0200 nufw (0.8.1-1) unstable; urgency=low * New upstream version. Adds a paquet for libnuclient, the client authentication library. -- Vincent Deffontaines Mon, 19 Jul 2004 21:23:13 +0200 nufw (0.8.0-1) unstable; urgency=low * New upstream version. Adds the strict logs update option, together with some scaling bugfix, that would cause nuauth to grow heavily on some particular [DoS] conditions. -- Vincent Deffontaines Mon, 5 Jul 2004 21:23:13 +0200 nufw (0.7.1-1) unstable; urgency=low * New upstream version. Fixes some bug that would rarely memleak nuauth. Adds the SQL sync option. -- Vincent Deffontaines Fri, 11 Jun 2004 18:08:19 +0200 nufw (0.7.0-1) unstable; urgency=low * New upstream version. 0.7.0 is the first release with SSL connections all the way. -- Vincent Deffontaines Tue, 30 Mar 2004 21:18:37 +0200 nufw (0.6.5-1) unstable; urgency=low * New upstream version -- Vincent Deffontaines Sun, 14 Mar 2004 18:52:38 +0100 nufw (0.6.4-1) unstable; urgency=low * New upstream version * Splitted debian nuauth packages into 3, so that modules support is ... modular -- Vincent Deffontaines Wed, 7 Jan 2004 23:49:34 +0100 nufw (0.6.3-1) unstable; urgency=low * Nesw upstream version -- Vincent Deffontaines Wed, 7 Jan 2004 00:33:47 +0100 nufw (0.6.2-1) unstable; urgency=low * Upstream changed to 0.6.2 -- Vincent Deffontaines Sun, 4 Jan 2004 23:42:57 +0100 nufw (0.6.1-1) unstable; urgency=low * Upstream changed to 0.6.1 -- Vincent Deffontaines Mon, 22 Dec 2003 15:55:24 +0100 nufw (0.5.4-1) unstable; urgency=low * Initial Release. -- Vincent Deffontaines Thu, 13 Nov 2003 13:03:54 +0100 debian/nuauth.install0000644000000000000000000000134612164567222012075 0ustar etc/nufw/acls.nufw etc/nufw/periods.xml etc/nufw/users.nufw usr/lib/*/nuauth/modules/libldap.so usr/lib/*/nuauth/modules/libmark_field.so usr/lib/*/nuauth/modules/libmark_flag.so usr/lib/*/nuauth/modules/libmark_group.so usr/lib/*/nuauth/modules/libmark_uid.so usr/lib/*/nuauth/modules/libnuprelude.so usr/lib/*/nuauth/modules/libplaintext.so usr/lib/*/nuauth/modules/libpostauth_localuser.so usr/lib/*/nuauth/modules/libsession_authtype.so usr/lib/*/nuauth/modules/libsession_expire.so usr/lib/*/nuauth/modules/libsyslog.so usr/lib/*/nuauth/modules/libsystem.so usr/lib/*/nuauth/modules/libulogd2.so usr/lib/*/nuauth/modules/libx509_std.so usr/lib/*/nuauth/modules/libxml_defs.so usr/sbin/nuauth usr/share/nuauth usr/share/man/man8/nuauth.8 debian/nuauth-extra.docs0000644000000000000000000000022311662505166012472 0ustar conf/auth_mysql/auth_mysql.ipv4.mysql.dump conf/auth_mysql/auth_mysql.ipv6.mysql.dump conf/auth_mysql/check_net.mysql scripts/auth_mysql/authmysql debian/nuauth-utils.manpages0000644000000000000000000000003311662505167013352 0ustar doc/nuaclgen.8 doc/nutop.8 debian/libnuclient4.manpages0000644000000000000000000000002411662505166013303 0ustar doc/nuclient.conf.5 debian/nufw.postinst0000644000000000000000000000253612164554526011772 0ustar #!/bin/sh CONFIGFILE=/etc/default/nufw set -e #set -x . /usr/share/debconf/confmodule grepconf () { w=" " # space tab sq=/etc/nufw/nufw.conf # sed is cool. res=`sed -ne ' s/^\s*'$1'\s*=\s*"\?\([^"]*\)\"$/\1/p; t end; d; :end q' < $sq` [ -n "$res" ] || res=$2 echo "$res" } replace_file () { newfile=$1 oldfile=$2 if [ ! -f ${oldfile} ] ; then cp ${newfile} ${oldfile} else ucf --three-way --debconf-ok ${newfile} ${oldfile} fi } # Installing the config replace_file /usr/share/nufw/nufw.conf /etc/nufw/nufw.conf nufw_tls_key=`grepconf nufw_tls_key /etc/nufw/certs/nufw-key.pem` nufw_tls_cert=`grepconf nufw_tls_cert /etc/nufw/certs/nufw-cert.pem` # ssl certificate generation if [ -x /usr/bin/openssl ]; then if [ ! -e /etc/nufw/certs/nufw-key.pem ]; then make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/nufw/certs/nufw.pem if [ -f /etc/nufw/certs/nufw.pem ]; then # split key and certificate data openssl x509 -in /etc/nufw/certs/nufw.pem -out $nufw_tls_cert openssl rsa -in /etc/nufw/certs/nufw.pem -out $nufw_tls_key chmod 0600 $nufw_tls_key rm -f /etc/nufw/certs/nufw.pem find /etc/nufw/certs -type l -maxdepth 1 -delete fi fi fi db_stop #DEBHELPER# exit 0 debian/nuauth-log-pgsql.install0000644000000000000000000000004512164562123013766 0ustar usr/lib/*/nuauth/modules/libpgsql.so debian/nufw.dirs0000644000000000000000000000003011662505167011032 0ustar etc/nufw/certs usr/sbin debian/nutcpc.dirs0000644000000000000000000000001011662505167011345 0ustar usr/bin debian/nuauth.docs0000644000000000000000000000004211662505167011351 0ustar NEWS README TODO conf/acls.schema debian/libnuclient-dev.manpages0000644000000000000000000000002311662505166013772 0ustar doc/libnuclient.3 debian/nutcpc.docs0000644000000000000000000000002111662505167011336 0ustar NEWS README TODO debian/nuauth-utils.install0000644000000000000000000000034512164567234013234 0ustar etc/nufw/nuaclgen.conf etc/nufw/nutop.conf usr/bin/nuaclgen usr/bin/nutop usr/bin/nuauth_command usr/sbin/clean_conntrack.pl usr/lib/python2.*/site-packages/nuauth_command usr/share/man/man8/nutop.8 usr/share/man/man8/nuaclgen.8 debian/README.Debian0000644000000000000000000000344711662505166011247 0ustar Upgrading --------- Warning ! If you are upgrading from a 2.2.x to 2.4.y, you MUST upgrade the servers (nufw and nuauth) before the clients. You must ensure that nufw and nuauth are using the same version. Newer nuauth server support both 2.2 and 2.4 clients, but 2.4 clients support only nuauth 2.4 for the server. Since version 2.4, configuration has changed: * configuration for nuauth supports includes and has been split into multiple files in /etc/nufw/nuauth.d directory * all components now have configuration files (including nufw and nutcpc) TLS and certificates -------------------- By default, NuFW requires a valid certificate authority, and valid certificates to be installed on all components (especially for nuauth and nufw). See http://nufw.org/docs/handbook22.html#hardening for details. To make the installation easier, the Debian package uses the non-strict mode by default. The following modifications have been done (revert them to use strict mode): In file /etc/default/nufw, change :: NUFW_OPTIONS="" to :: NUFW_OPTIONS="-s" In file /etc/nufw/nuauth.conf, change :: nuauth_tls_request_cert=2 # nuauth_tls_disable_nufw_fqdn_check=0 to :: nuauth_tls_request_cert=1 nuauth_tls_disable_nufw_fqdn_check=1 Documentation ------------- NuFW handbook (containing the installation guide, and more information) can be found at: http://nufw.org/docs/handbook22.html PDF version: http://nufw.org/docs/handbook22.pdf The handbook is not packaged in Debian due to the license (Creative Commons by-nc-sa 3.0). An installation guide for Debian can be found at: http://software.inl.fr/trac/wiki/nufw_install_debian More links: Documentation, links, forums, etc.: http://software.inl.fr/trac/wiki/EdenWall/NuFW -- Pierre Chifflier Tue, 25 Nov 2008 11:45:25 +0100 debian/nuauth-log-mysql.install0000644000000000000000000000004512164562111014002 0ustar usr/lib/*/nuauth/modules/libmysql.so debian/libnuclient-dev.install0000644000000000000000000000016412164567016013653 0ustar usr/include/nuclient.h usr/lib/*/libnuclient.so usr/lib/*/pkgconfig/libnuclient.pc usr/share/man/man3/libnuclient.3 debian/nutcpc.manpages0000644000000000000000000000001511662505167012204 0ustar doc/nutcpc.1 debian/nuauth-extra.install0000644000000000000000000000017412164561607013215 0ustar usr/lib/*/nuauth/modules/libipauth_guest.so usr/lib/*/nuauth/modules/libauth_mysql.so usr/lib/*/nuauth/modules/libscript.so debian/libnuclient4.install0000644000000000000000000000020112164566526013160 0ustar usr/lib/*/libnuclient.so.4.0.0 usr/lib/*/libnuclient.so.4 usr/lib/*/nuclient/modules/luser.so usr/share/man/man5/nuclient.conf.5 debian/libpam-nufw.install0000644000000000000000000000003111662505166013001 0ustar lib/security/pam_nufw.so debian/pycompat0000644000000000000000000000000211662505167010746 0ustar 2 debian/docs0000644000000000000000000000002111662505166010042 0ustar NEWS README TODO debian/libnussl1.postinst0000644000000000000000000000031311662505166012714 0ustar #!/bin/sh set -e # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. case "$1" in configure) ldconfig ;; esac #DEBHELPER# exit 0 debian/nuauth-log-mysql.dirs0000644000000000000000000000001011662505166013276 0ustar usr/lib debian/libnuclient4.dirs0000644000000000000000000000003111662505166012447 0ustar usr/lib/nuclient/modules debian/nuauth.manpages0000644000000000000000000000001611662505167012215 0ustar doc/nuauth.8 debian/nufw.install0000644000000000000000000000006712164564242011546 0ustar usr/sbin/nufw usr/share/nufw usr/share/man/man8/nufw.8 debian/libnussl-dev.install0000644000000000000000000000020112164564724013171 0ustar usr/include/nussl.h usr/include/nussl_constants.h usr/include/nussl_hash.h usr/lib/*/libnussl.so usr/lib/*/pkgconfig/libnussl.pc debian/nuauth-log-pgsql.dirs0000644000000000000000000000001011662505167013260 0ustar usr/lib debian/nufw.manpages0000644000000000000000000000001311662505167011665 0ustar doc/nufw.8 debian/nuauth.init0000644000000000000000000000531411662505167011373 0ustar #! /bin/sh # # Written by Miquel van Smoorenburg . # Modified for Debian # by Ian Murdock . # Customized for nuauth by Vincent Deffontaines # # ### BEGIN INIT INFO # Provides: nuauth # Required-Start: $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Should-Start: $local_fs # Should-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Control script for nuauth # Description: Init script to control (start/stop/reload) # the nuauth server. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/nuauth PID=nuauth NAME=nuauth DESC=nuauth NUAUTH_START="no" test -x $DAEMON || exit 0 # Include nuauth defaults if available if [ -f /etc/default/nuauth ] ; then . /etc/default/nuauth fi if [ "$NUAUTH_START" != "true" ]; then exit 0 fi if [ ! "$NUAUTH_VERBOSITY" ]; then NUAUTH_VERBOSITY="vv" fi if [ ! "$NUAUTH_USER" ]; then echo "No user configured to run nuauth... Trying \"nobody\" ..." NUAUTH_USER="nobody" fi DAEMON_OPTS="-D -$NUAUTH_VERBOSITY" set -e check_var_run_dir() { if [ ! -d /var/run/$PID/$PID ]; then mkdir /var/run/$PID/$PID chown $NUAUTH_USER /var/run/$PID/$PID fi } case "$1" in start) check_var_run_dir echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/$PID/$PID.pid \ --chuid $NUAUTH_USER --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/$PID/$PID.pid \ --retry 5 --exec $DAEMON echo "$NAME." ;; #reload) # # If the daemon can reload its config files on the fly # for example by sending it SIGHUP, do it here. # # If the daemon responds to changes in its config file # directly anyway, make this a do-nothing entry. # # echo "Reloading $DESC configuration files." # start-stop-daemon --stop --signal 1 --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON #;; restart|force-reload) # # If the "reload" option is implemented, move the "force-reload" # option to the "reload" entry above. If not, "force-reload" is # just the same as "restart". # check_var_run_dir echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --oknodo --pidfile \ /var/run/$PID/$PID.pid --retry 5 --exec $DAEMON sleep 1 start-stop-daemon --start --quiet --pidfile /var/run/$PID/$PID.pid \ --chuid $NUAUTH_USER --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; *) N=/etc/init.d/$NAME # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 debian/nufw.postrm0000644000000000000000000000273311662505167011431 0ustar #! /bin/sh # postrm script for nufw # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see /usr/doc/packaging-manual/ all_config_files="nufw.conf" tls_data_files=" nufw-cert.pem nufw-key.pem " case "$1" in purge|disappear) for FILE in $all_config_files; do # Taken from the ucf example postrm for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-dist; do rm -f /etc/nufw/$FILE$ext done rm -f /etc/nufw/$FILE if which ucf >/dev/null 2>&1; then ucf --purge /etc/nufw/$FILE fi done # remove certs for FILE in $tls_data_files; do rm -f /etc/nufw/certs/$FILE done ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade) # nothing ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# debian/source/0000755000000000000000000000000011662505342010472 5ustar debian/source/format0000644000000000000000000000001411662505342011700 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000056411662505167010235 0ustar # debian watch file # You can run the "uscan" command # to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 #http://nufw.org/download/nufw/nufw-2.2.3.tar.gz #http://nufw.org/download/nufw/nufw-([0-9].*)\.tar\.gz http://www.nufw.org/projects/nufw/files /attachments/download/.*/nufw-([0-9].*)\.tar\.gz debian/nuauth.postrm0000644000000000000000000000344111662505167011753 0ustar #! /bin/sh # postrm script for nuauth # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see /usr/doc/packaging-manual/ all_config_files="nuauth.conf nuauth.d/nuauth_authtype.conf nuauth.d/nuauth_krb5.conf nuauth.d/nuauth_ldap.conf nuauth.d/nuauth_mark.conf nuauth.d/nuauth_mysql.conf nuauth.d/nuauth_pgsql.conf nuauth.d/nuauth_tls.conf nuauth.d/nuauth_tuning.conf" tls_data_files=" nuauth-cert.pem nuauth-dh_params.pem nuauth-key.pem " case "$1" in purge|disappear) # update-rc.d -f nuauth remove >/dev/null userdel nuauth 2>/dev/null || true for FILE in $all_config_files; do # Taken from the ucf example postrm for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-dist; do rm -f /etc/nufw/$FILE$ext done rm -f /etc/nufw/$FILE if which ucf >/dev/null 2>&1; then ucf --purge /etc/nufw/$FILE fi done # remove certs for FILE in $tls_data_files; do rm -f /etc/nufw/certs/$FILE done ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade) # nothing ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# debian/libnussl-dev.dirs0000644000000000000000000000002211662505166012462 0ustar usr/include/nussl