aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2010-04-26 11:48:43 +0800
committercy <cy@FreeBSD.org>2010-04-26 11:48:43 +0800
commit44542358c02d2370dd9a007b36cbba7539389d5a (patch)
treed0c9ec908621d5e08ee686bb2583061abecd446c /security
parentd0c7a3c9e690758e2a12a432f3f69b3de2a9fdf6 (diff)
downloadfreebsd-ports-gnome-44542358c02d2370dd9a007b36cbba7539389d5a.tar.gz
freebsd-ports-gnome-44542358c02d2370dd9a007b36cbba7539389d5a.tar.zst
freebsd-ports-gnome-44542358c02d2370dd9a007b36cbba7539389d5a.zip
Welcome the new krb5-1.8.1. Significant changes include the removal of
the MIT KRB5 applications (now in a separate tarball and port).
Diffstat (limited to 'security')
-rw-r--r--security/krb5/Makefile88
-rw-r--r--security/krb5/distinfo6
-rw-r--r--security/krb5/files/patch-ai17
-rw-r--r--security/krb5/files/patch-aj19
-rw-r--r--security/krb5/files/patch-appl::bsd::Makefile.in12
-rw-r--r--security/krb5/files/patch-appl::bsd::klogind.M26
-rw-r--r--security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h23
-rw-r--r--security/krb5/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5/files/patch-appl::telnet::telnetd::utility.c38
-rw-r--r--security/krb5/files/patch-as249
-rw-r--r--security/krb5/files/patch-ay51
-rw-r--r--security/krb5/files/patch-ba77
-rw-r--r--security/krb5/files/patch-bb10
-rw-r--r--security/krb5/files/patch-lib-krb5-os-localaddr.c102
-rw-r--r--security/krb5/pkg-plist16
16 files changed, 193 insertions, 574 deletions
diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index b4fcaa624b9d..635c700e9b28 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -6,10 +6,9 @@
#
PORTNAME= krb5
-PORTVERSION= 1.7
-PORTREVISION= 2
+PORTVERSION= 1.8.1
CATEGORIES= security
-MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
+MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
EXTRACT_SUFX= .tar
@@ -21,10 +20,7 @@ BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
CONFLICTS= krb[45]-[0-9]* heimdal-[0-9]* srp-[0-9]*
-BROKEN= does not compile
-FORBIDDEN= MITKRB5-SA-2010-001, MITKRB5-SA-2010-002, and MITKRB5-SA-2010-003.
-
-LATEST_LINK= ${PORTNAME}-17
+LATEST_LINK= ${PORTNAME}-18
KERBEROSV_URL= http://web.mit.edu/kerberos/
USE_OPENSSL= yes
WITH_OPENSSL_PORT= yes
@@ -37,14 +33,9 @@ CONFIGURE_ENV= INSTALL="${INSTALL}" YACC=/usr/bin/yacc \
CFLAGS="${CFLAGS}"
MAKE_ARGS= INSTALL="${INSTALL}"
-OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \
- KRB5_RENAME_TELNET "Rename telnet to ktelnet" off \
- KRB5_RENAME_RLOGIN "Rename rlogin to krlogin" off \
- KRB5_RENAME_RSH "Rename rsh to krsh" off \
- KRB5_RENAME_RCP "Rename rcp to krcp" off \
- KRB5_KRB4_COMPAT "Build and install krb4 compatibility" off \
- KRB5_DOC "Build and install krb5 documentation" on \
- WANT_HTML "Want HTML documentation too" on
+OPTIONS= KRB5_DOC "Build and install krb5 documentation" on \
+ WANT_HTML "Want HTML documentation too" on \
+ DNS_FOR_REALM "enable DNS lookups of Kerberos realm names" off
.include <bsd.port.pre.mk>
@@ -52,73 +43,26 @@ OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \
BROKEN= fails to build with new utmpx
.endif
+.if defined(WITH_DNS_FOR_REALM)
+CONFIGURE_ARGS+= --enable-dns-for-realm
+.endif
+
.if defined(WITH_KRB5_DOC)
BUILD_DEPENDS+= texi2dvi:${PORTSDIR}/print/texinfo \
dvips:${PORTSDIR}/print/dvipsk-tetex
INFO= krb5-admin krb5-install krb5-user
.endif
-.if !defined(WITH_KRB5_KRB4_COMPAT)
-CONFIGURE_ARGS+= --without-krb4
-PLIST_SUB+= KRB4="@comment "
-.else
-PLIST_SUB+= KRB4=""
-.endif
-
.if defined(KRB5_HOME)
PREFIX= ${KRB5_HOME}
.endif
MAN1= k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
- sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \
- kerberos.1 kvno.1 compile_et.1
+ sclient.1 kerberos.1 kvno.1 compile_et.1
MAN5= kdc.conf.5 krb5.conf.5 .k5login.5
MAN8= krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
- kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \
- klogind.8 login.krb5.8 ftpd.8 telnetd.8
-
-.if defined(WITH_KRB5_RENAME_FTP)
-MAN1:= ${MAN1:C/ftp/kftp/}
-MAN8:= ${MAN8:C/ftp/kftp/}
-PROGRAM_TRANSFORM_NAME+= s/^ftp/kftp/;
-PLIST_SUB+= FTP_PROG="kftp"
-.else
-PLIST_SUB+= FTP_PROG="ftp"
-.endif
-
-.if defined(WITH_KRB5_RENAME_TELNET)
-MAN1:= ${MAN1:C/telnet/ktelnet/}
-MAN8:= ${MAN8:C/telnet/ktelnet/}
-PROGRAM_TRANSFORM_NAME+= s/^telnet/ktelnet/;
-PLIST_SUB+= TELNET_PROG="ktelnet"
-.else
-PLIST_SUB+= TELNET_PROG="telnet"
-.endif
-
-.if defined(WITH_KRB5_RENAME_RLOGIN)
-MAN1:= ${MAN1:C/rlogin/krlogin/}
-PROGRAM_TRANSFORM_NAME+= s/^rlogin/krlogin/;
-PLIST_SUB+= RLOGIN_PROG="krlogin"
-.else
-PLIST_SUB+= RLOGIN_PROG="rlogin"
-.endif
-
-.if defined(WITH_KRB5_RENAME_RSH)
-MAN1:= ${MAN1:C/rsh/krsh/}
-PROGRAM_TRANSFORM_NAME+= s/^rsh/krsh/;
-PLIST_SUB+= RSH_PROG="krsh"
-.else
-PLIST_SUB+= RSH_PROG="rsh"
-.endif
-
-.if defined(WITH_KRB5_RENAME_RCP)
-MAN1:= ${MAN1:C/rcp/krcp/}
-PROGRAM_TRANSFORM_NAME+= s/^rcp/krcp/;
-PLIST_SUB+= RCP_PROG="krcp"
-.else
-PLIST_SUB+= RCP_PROG="rcp"
-.endif
+ kprop.8 kpropd.8 kproplog.8 sserver.8
.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}"
@@ -148,14 +92,6 @@ post-patch:
@${REINPLACE_CMD} -e '1s,^#!\/usr\/athena/bin/perl,#!${PERL5},' \
${WRKSRC}/../doc/man2html
-pre-build:
-.if !defined(KRB5_KRB4_COMPAT)
- @${ECHO} "------------------------------------------------------"
- @${ECHO} "Set KRB5_KRB4_COMPAT=NO if you do not want to build "
- @${ECHO} "the KerberosIV compatibility libraries. "
- @${ECHO} "------------------------------------------------------"
-.endif
-
post-build:
.if defined(WITH_KRB5_DOC)
@cd ${WRKSRC}/../doc && \
diff --git a/security/krb5/distinfo b/security/krb5/distinfo
index aef68fcdf9a2..a1f6a340ad8a 100644
--- a/security/krb5/distinfo
+++ b/security/krb5/distinfo
@@ -1,3 +1,3 @@
-MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564
-SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5
-SIZE (krb5-1.7-signed.tar) = 12226560
+MD5 (krb5-1.8.1-signed.tar) = e29a78b108c4687f7e7937110d1d0415
+SHA256 (krb5-1.8.1-signed.tar) = 470c486ec5580d12f2a72cde059e3bdfa567cf96215b724fec5a3b6cfa7eebb9
+SIZE (krb5-1.8.1-signed.tar) = 11632640
diff --git a/security/krb5/files/patch-ai b/security/krb5/files/patch-ai
deleted file mode 100644
index 3588a76ed199..000000000000
--- a/security/krb5/files/patch-ai
+++ /dev/null
@@ -1,17 +0,0 @@
---- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002
-+++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002
-@@ -487,7 +487,13 @@
- #ifndef LOG_DAEMON
- #define LOG_DAEMON 0
- #endif
-- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
-+
-+#ifndef LOG_FTP
-+#define FACILITY LOG_DAEMON
-+#else
-+#define FACILITY LOG_FTP
-+#endif
-+ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
-
- addrlen = sizeof (his_addr);
- if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
diff --git a/security/krb5/files/patch-aj b/security/krb5/files/patch-aj
deleted file mode 100644
index c3bb8dfd6960..000000000000
--- a/security/krb5/files/patch-aj
+++ /dev/null
@@ -1,19 +0,0 @@
-*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
---- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
-***************
-*** 66,72 ****
- struct stat buf;
- time_t time();
-
-! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
- return;
- if (fstat(fd, &buf) == 0) {
- (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
---- 66,72 ----
- struct stat buf;
- time_t time();
-
-! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
- return;
- if (fstat(fd, &buf) == 0) {
- (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5/files/patch-appl::bsd::Makefile.in b/security/krb5/files/patch-appl::bsd::Makefile.in
deleted file mode 100644
index 581048933264..000000000000
--- a/security/krb5/files/patch-appl::bsd::Makefile.in
+++ /dev/null
@@ -1,12 +0,0 @@
---- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
-+++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
-@@ -31,8 +31,8 @@
- -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
-
- DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \
-- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \
-+ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \
- -DHEIMDAL_FRIENDLY
-
- all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
-
diff --git a/security/krb5/files/patch-appl::bsd::klogind.M b/security/krb5/files/patch-appl::bsd::klogind.M
deleted file mode 100644
index 48544cba8955..000000000000
--- a/security/krb5/files/patch-appl::bsd::klogind.M
+++ /dev/null
@@ -1,26 +0,0 @@
---- appl/bsd/klogind.M.orig 2008-12-15 12:29:01.000000000 -0800
-+++ appl/bsd/klogind.M 2009-08-28 13:13:28.000000000 -0700
-@@ -13,7 +13,7 @@
- .B \-rcpPef
- ]
- [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
--[ \fB\-D\fP \fIport\fP ]
-+[ \fB\-D\fP \fIport\fP ] [\fB\-L\fP \fIloginpath\fP]
- .SH DESCRIPTION
- .I Klogind
- is the server for the
-@@ -136,11 +136,9 @@
- .IP \fB\-M\ realm\fP
- Set the Kerberos realm to use.
-
--.IP \fB\-L\ login\fP
--Set the login program to use. This option only has an effect if
--DO_NOT_USE_K_LOGIN was not defined when
--.I klogind
--was compiled.
-+.IP \fB\-L\ loginpath\fP
-+Specify pathname to an alternative login program. Default: /usr/bin/login.
-+KRB5_HOME/sbin/login.krb5 may be specified.
-
- .IP \fB\-D\ port\fP
- Run in standalone mode, listening on \fBport\fP. The daemon will exit
diff --git a/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h b/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h
deleted file mode 100644
index 256e929aa68f..000000000000
--- a/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h
+++ /dev/null
@@ -1,23 +0,0 @@
---- appl/gssftp/ftp/ftp_var.h.orig Tue Jun 17 02:37:40 2003
-+++ appl/gssftp/ftp/ftp_var.h Sat Aug 30 05:30:44 2003
-@@ -33,6 +33,10 @@
- * @(#)ftp_var.h 5.9 (Berkeley) 6/1/90
- */
-
-+#if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version > 500000
-+#undef __BSD_VISIBLE
-+#endif
-+
- #ifdef _WIN32
- #include <windows.h>
- #include <winsock2.h>
-@@ -57,9 +61,7 @@
- typedef void (*sig_t)(int);
- typedef void sigtype;
- #else
--#define sig_t my_sig_t
- #define sigtype krb5_sigtype
--typedef sigtype (*sig_t)();
- #endif
-
- /*
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in
deleted file mode 100644
index cb5a0e26d49d..000000000000
--- a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in
+++ /dev/null
@@ -1,11 +0,0 @@
---- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
-+++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
-@@ -24,7 +24,7 @@
- # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
- #
-
--AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
-+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
- OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
- LOCALINCLUDES=-I.. -I$(srcdir)/..
- DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8
deleted file mode 100644
index 951ee0d5692a..000000000000
--- a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8
+++ /dev/null
@@ -1,22 +0,0 @@
---- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
-+++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
-@@ -43,7 +43,7 @@
- [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
- [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
- [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
--[\fB\-debug\fP [\fIport\fP]]
-+[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
- .SH DESCRIPTION
- The
- .B telnetd
-@@ -221,6 +221,10 @@
- in response to a
- .SM DO TIMING-MARK)
- for kludge linemode support.
-+.TP
-+\fB\-L\fP \fIloginpath\fP
-+Specify pathname to an alternative login program. Default: /usr/bin/login.
-+KRB5_HOME/sbin/login.krb5 may be specified.
- .TP
- .B \-l
- Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::utility.c b/security/krb5/files/patch-appl::telnet::telnetd::utility.c
deleted file mode 100644
index 8bb656dc0673..000000000000
--- a/security/krb5/files/patch-appl::telnet::telnetd::utility.c
+++ /dev/null
@@ -1,38 +0,0 @@
---- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002
-+++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002
-@@ -408,18 +408,25 @@
- int
- netwrite(const char *buf, size_t len)
- {
-- size_t remain;
-+ int remaining, copied;
-+
-+ remaining = BUFSIZ - (nfrontp - netobuf);
-+ while (len > 0) {
-+ /* Free up enough space if the room is too low*/
-+ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
-+ netflush();
-+ remaining = BUFSIZ - (nfrontp - netobuf);
-+ }
-
-- remain = sizeof(netobuf) - (nfrontp - netobuf);
-- if (remain < len) {
-- netflush();
-- remain = sizeof(netobuf) - (nfrontp - netobuf);
-+ /* Copy out as much as will fit */
-+ copied = remaining > len ? len : remaining;
-+ memmove(nfrontp, buf, copied);
-+ nfrontp += copied;
-+ len -= copied;
-+ remaining -= copied;
-+ buf += copied;
- }
-- if (remain < len)
-- return 0;
-- memcpy(nfrontp, buf, len);
-- nfrontp += len;
-- return len;
-+ return copied;
- }
-
- /*
diff --git a/security/krb5/files/patch-as b/security/krb5/files/patch-as
index de19886eac08..2ddf97ea1104 100644
--- a/security/krb5/files/patch-as
+++ b/security/krb5/files/patch-as
@@ -1,6 +1,6 @@
---- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002
-+++ clients/ksu/main.c Tue Jul 29 18:46:00 2003
-@@ -32,6 +32,10 @@
+--- clients/ksu/main.c.orig 2009-11-02 19:27:56.000000000 -0800
++++ clients/ksu/main.c 2010-04-19 12:27:09.090190157 -0700
+@@ -33,6 +33,10 @@
#include <signal.h>
#include <grp.h>
@@ -10,9 +10,9 @@
+
/* globals */
char * prog_name;
- int auth_debug =0;
-@@ -61,7 +65,7 @@
- ill specified arguments to commands */
+ int auth_debug =0;
+@@ -62,7 +66,7 @@
+ ill specified arguments to commands */
void usage (){
- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
@@ -20,176 +20,173 @@
}
/* for Ultrix and friends ... */
-@@ -77,6 +81,7 @@
+@@ -78,6 +82,7 @@
int argc;
char ** argv;
- {
+ {
+ int asme = 0;
int hp =0;
- int some_rest_copy = 0;
- int all_rest_copy = 0;
-@@ -91,6 +96,7 @@
- char * cc_target_tag = NULL;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+@@ -92,6 +97,7 @@
+ char * cc_target_tag = NULL;
char * target_user = NULL;
char * source_user;
+ char * source_shell;
-
+
krb5_ccache cc_source = NULL;
- const char * cc_source_tag = NULL;
-@@ -117,6 +123,11 @@
- krb5_principal kdc_server;
+ const char * cc_source_tag = NULL;
+@@ -119,6 +125,11 @@
krb5_boolean zero_password;
- char * dir_of_cc_target;
-+
+ char * dir_of_cc_target;
+
+#ifdef LOGIN_CAP
+ login_cap_t *lc;
+ int setwhat;
+#endif
-
++
options.opt = KRB5_DEFAULT_OPTIONS;
options.lifetime = KRB5_DEFAULT_TKT_LIFE;
-@@ -181,7 +192,7 @@
- com_err (prog_name, errno, "while setting euid to source user");
- exit (1);
+ options.rlife =0;
+@@ -182,7 +193,8 @@
+ com_err (prog_name, errno, "while setting euid to source user");
+ exit (1);
}
- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){
- switch (option) {
- case 'r':
- options.opt |= KDC_OPT_RENEWABLE;
-@@ -227,6 +238,9 @@
- errflg++;
- }
- break;
-+ case 'm':
-+ asme = 1;
-+ break;
- case 'n':
- if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
- com_err(prog_name, retval, "when parsing name %s", optarg);
-@@ -341,6 +355,7 @@
-
- /* allocate space and copy the usernamane there */
++
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+@@ -228,6 +240,9 @@
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+@@ -342,6 +357,7 @@
+
+ /* allocate space and copy the usernamane there */
source_user = xstrdup(pwd->pw_name);
+ source_shell = xstrdup(pwd->pw_shell);
source_uid = pwd->pw_uid;
source_gid = pwd->pw_gid;
-
-@@ -672,43 +687,64 @@
- /* get the shell of the user, this will be the shell used by su */
+
+@@ -673,43 +689,64 @@
+ /* get the shell of the user, this will be the shell used by su */
target_pwd = getpwnam(target_user);
-
+
- if (target_pwd->pw_shell)
-- shell = xstrdup(target_pwd->pw_shell);
+- shell = xstrdup(target_pwd->pw_shell);
- else {
-- shell = _DEF_CSH; /* default is cshell */
+- shell = _DEF_CSH; /* default is cshell */
+ if (asme) {
-+ if (source_shell && *source_shell) {
-+ shell = strdup(source_shell);
-+ } else {
-+ shell = _DEF_CSH;
-+ }
++ if (source_shell && *source_shell) {
++ shell = strdup(source_shell);
++ } else {
++ shell = _DEF_CSH;
++ }
+ } else {
-+ if (target_pwd->pw_shell)
-+ shell = strdup(target_pwd->pw_shell);
-+ else {
-+ shell = _DEF_CSH; /* default is cshell */
-+ }
++ if (target_pwd->pw_shell)
++ shell = strdup(target_pwd->pw_shell);
++ else {
++ shell = _DEF_CSH; /* default is cshell */
++ }
}
-
+
#ifdef HAVE_GETUSERSHELL
-
- /* insist that the target login uses a standard shell (root is omited) */
-
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
- if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-- fprintf(stderr, "ksu: permission denied (shell).\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
+- fprintf(stderr, "ksu: permission denied (shell).\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+ if (asme) {
-+ if (!standard_shell(pwd->pw_shell) && source_uid) {
-+ fprintf(stderr, "ksu: permission denied (shell).\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
++ if (!standard_shell(pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+ } else {
-+ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-+ fprintf(stderr, "ksu: permission denied (shell).\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
++ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
}
#endif /* HAVE_GETUSERSHELL */
-
+
- if (target_pwd->pw_uid){
--
-- if(set_env_var("USER", target_pwd->pw_name)){
+ if (!asme) {
-+ if (target_pwd->pw_uid){
-+ if (set_env_var("USER", target_pwd->pw_name)){
-+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ }
-+
-+ if (set_env_var( "HOME", target_pwd->pw_dir)){
- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
- sweep_up(ksu_context, cc_target);
- exit(1);
-- }
-- }
--
++ if (target_pwd->pw_uid){
++ if (set_env_var("USER", target_pwd->pw_name)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ }
+
+- if(set_env_var("USER", target_pwd->pw_name)){
++ if (set_env_var( "HOME", target_pwd->pw_dir)){
+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+- }
+- }
++ }
+
- if(set_env_var( "HOME", target_pwd->pw_dir)){
-- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-- }
-+ }
-
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
++ if (set_env_var( "SHELL", shell)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+ }
+
- if(set_env_var( "SHELL", shell)){
-- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-- }
-+ if (set_env_var( "SHELL", shell)){
-+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ }
-+
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
+#ifdef LOGIN_CAP
+ lc = login_getpwclass(pwd);
+#endif
-
- /* set the cc env name to target */
-
-@@ -718,7 +754,19 @@
- sweep_up(ksu_context, cc_target);
- exit(1);
- }
--
-+
+
+ /* set the cc env name to target */
+
+@@ -720,6 +757,19 @@
+ exit(1);
+ }
+
+#ifdef LOGIN_CAP
-+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORIT
++
+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+ /*
+ * Don't touch resource/priority settings if -m has been
+ * used or -l and -c hasn't, and we're not su'ing to root.
+ */
+ if (target_pwd->pw_uid)
-+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
-+ err(1, "setusercontext");
++ err(1, "setusercontext");
+#else
/* set permissions */
if (setgid(target_pwd->pw_gid) < 0) {
- perror("ksu: setgid");
-@@ -759,6 +807,7 @@
- sweep_up(ksu_context, cc_target);
- exit(1);
- }
-+#endif
-
+ perror("ksu: setgid");
+@@ -760,6 +810,7 @@
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
++#endif /* LOGIN_CAP */
+
if (access( cc_target_tag_tmp, R_OK | W_OK )){
- com_err(prog_name, errno,
+ com_err(prog_name, errno,
diff --git a/security/krb5/files/patch-ay b/security/krb5/files/patch-ay
deleted file mode 100644
index a2141724855b..000000000000
--- a/security/krb5/files/patch-ay
+++ /dev/null
@@ -1,51 +0,0 @@
---- appl/libpty/getpty.c.orig Wed Jan 9 14:28:37 2002
-+++ appl/libpty/getpty.c Thu Jan 10 21:30:40 2002
-@@ -24,14 +24,27 @@
- #include "libpty.h"
- #include "pty-int.h"
- #include "k5-platform.h"
-
-+#ifdef __FreeBSD__
-+#define PTYCHARS1 "pqrsPQRS"
-+#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv"
-+#endif
-+
-+#ifndef PTYCHARS1
-+#define PTYCHARS1 "pqrstuvwxyzPQRST"
-+#endif
-+
-+#ifndef PTYCHARS2
-+#define PTYCHARS2 "0123456789abcdef"
-+#endif
-+
- long
- ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
- {
-+ int ptynum;
-+ char *cp1, *cp2;
- #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY)
-- char *cp;
- char *p;
-- int i,ptynum;
- struct stat stb;
- char slavebuf[1024];
- #endif
-@@ -115,14 +128,14 @@
- strncpy(slave, slavebuf, slavelength);
- return 0;
- } else {
-- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
-+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
- snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
-- slavebuf[sizeof("/dev/pty") - 1] = *cp;
-+ slavebuf[sizeof("/dev/pty") - 1] = *cp1;
- slavebuf[sizeof("/dev/ptyp") - 1] = '0';
- if (stat(slavebuf, &stb) < 0)
- break;
-- for (i = 0; i < 16; i++) {
-- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
-+ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) {
-+ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2;
- *fd = open(slavebuf, O_RDWR);
- if (*fd < 0) continue;
-
diff --git a/security/krb5/files/patch-ba b/security/krb5/files/patch-ba
deleted file mode 100644
index dd0c760df7d2..000000000000
--- a/security/krb5/files/patch-ba
+++ /dev/null
@@ -1,77 +0,0 @@
---- appl/bsd/login.c.orig Tue May 27 21:06:25 2003
-+++ appl/bsd/login.c Tue Jul 29 20:52:25 2003
-@@ -1342,19 +1342,6 @@
- setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
- }
-
-- /* Policy: If local password is good, user is good.
-- We really can't trust the Kerberos password,
-- because somebody on the net could spoof the
-- Kerberos server (not easy, but possible).
-- Some sites might want to use it anyways, in
-- which case they should change this line
-- to:
-- if (kpass_ok)
-- */
--
-- if (lpass_ok)
-- break;
--
- if (got_v5_tickets) {
- retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
- NULL, &xtra_creds,
-@@ -1378,6 +1365,9 @@
- }
- #endif /* KRB4_GET_TICKETS */
-
-+ if (lpass_ok)
-+ break;
-+
- bad_login:
- setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
-
-@@ -1667,21 +1657,23 @@
- /* set up credential cache -- obeying KRB5_ENV_CCNAME
- set earlier */
- /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
-- if ((retval = krb5_cc_default(kcontext, &ccache))) {
-+ if ((retval = krb5_cc_default(kcontext, &ccache)))
- com_err(argv[0], retval, "while getting default ccache");
-- } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) {
-- com_err(argv[0], retval, "when initializing cache");
-- } else if ((retval = krb5_cc_store_cred(kcontext, ccache,
-- &my_creds))) {
-- com_err(argv[0], retval, "while storing credentials");
-- } else if (xtra_creds &&
-- (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
-- ccache))) {
-- com_err(argv[0], retval, "while storing credentials");
-+ else {
-+ if (retval = krb5_cc_initialize(kcontext, ccache, me))
-+ com_err(argv[0], retval, "when initializing cache");
-+ else {
-+ if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds))
-+ com_err(argv[0], retval, "while storing credentials");
-+ else {
-+ if (xtra_creds &&
-+ (retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) {
-+ com_err(argv[0], retval, "while storing credentials");
-+ krb5_cc_destroy(kcontext, xtra_creds);
-+ }
-+ }
-+ }
- }
--
-- if (xtra_creds)
-- krb5_cc_destroy(kcontext, xtra_creds);
- } else if (forwarded_v5_tickets && rewrite_ccache) {
- if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
- syslog(LOG_ERR,
-@@ -1762,6 +1754,7 @@
-
- if (ccname)
- setenv("KRB5CCNAME", ccname, 1);
-+ krb5_cc_set_default_name(kcontext, ccname);
-
- setenv("HOME", pwd->pw_dir, 1);
- setenv("PATH", LPATH, 1);
diff --git a/security/krb5/files/patch-bb b/security/krb5/files/patch-bb
deleted file mode 100644
index 6545ae682c53..000000000000
--- a/security/krb5/files/patch-bb
+++ /dev/null
@@ -1,10 +0,0 @@
---- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999
-+++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999
-@@ -58,7 +58,6 @@
- $(INSTALL_DATA) $(srcdir)/$$f.1 \
- ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
- done
-- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc
-
- authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
- commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
diff --git a/security/krb5/files/patch-lib-krb5-os-localaddr.c b/security/krb5/files/patch-lib-krb5-os-localaddr.c
index d8956daea367..06b6043f22c9 100644
--- a/security/krb5/files/patch-lib-krb5-os-localaddr.c
+++ b/security/krb5/files/patch-lib-krb5-os-localaddr.c
@@ -1,6 +1,6 @@
---- lib/krb5/os/localaddr.c.orig 2009-02-18 10:14:48.000000000 -0800
-+++ lib/krb5/os/localaddr.c 2009-08-28 13:37:41.000000000 -0700
-@@ -173,6 +173,7 @@
+--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700
++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700
+@@ -175,6 +175,7 @@
}
#endif
@@ -8,68 +8,68 @@
static int
is_loopback_address(struct sockaddr *sa)
{
-@@ -189,6 +190,7 @@
- return 0;
+@@ -191,6 +192,7 @@
+ return 0;
}
}
+#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
-@@ -464,12 +466,14 @@
- ifp->ifa_flags &= ~IFF_UP;
- continue;
- }
+@@ -467,12 +469,14 @@
+ ifp->ifa_flags &= ~IFF_UP;
+ continue;
+ }
+#if 0
- if (is_loopback_address(ifp->ifa_addr)) {
- /* Pretend it's not up, so the second pass will skip
- it. */
- ifp->ifa_flags &= ~IFF_UP;
- continue;
- }
+ if (is_loopback_address(ifp->ifa_addr)) {
+ /* Pretend it's not up, so the second pass will skip
+ it. */
+ ifp->ifa_flags &= ~IFF_UP;
+ continue;
+ }
+#endif
- /* If this address is a duplicate, punt. */
- match = 0;
- for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
-@@ -598,11 +602,13 @@
- }
- /*@=moduncon@*/
+ /* If this address is a duplicate, punt. */
+ match = 0;
+ for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
+@@ -601,11 +605,13 @@
+ }
+ /*@=moduncon@*/
+#if 0
- /* None of the current callers want loopback addresses. */
- if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
- Tprintf ((" loopback\n"));
- goto skip;
- }
+ /* None of the current callers want loopback addresses. */
+ if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+ Tprintf ((" loopback\n"));
+ goto skip;
+ }
+#endif
- /* Ignore interfaces that are down. */
- if ((lifreq.lifr_flags & IFF_UP) == 0) {
- Tprintf ((" down\n"));
-@@ -769,11 +775,13 @@
- }
- /*@=moduncon@*/
+ /* Ignore interfaces that are down. */
+ if ((lifreq.lifr_flags & IFF_UP) == 0) {
+ Tprintf ((" down\n"));
+@@ -772,11 +778,13 @@
+ }
+ /*@=moduncon@*/
+#if 0
- /* None of the current callers want loopback addresses. */
- if (is_loopback_address(&lifr->iflr_addr)) {
- Tprintf ((" loopback\n"));
- goto skip;
- }
+ /* None of the current callers want loopback addresses. */
+ if (is_loopback_address(&lifr->iflr_addr)) {
+ Tprintf ((" loopback\n"));
+ goto skip;
+ }
+#endif
- /* Ignore interfaces that are down. */
- if ((lifreq.iflr_flags & IFF_UP) == 0) {
- Tprintf ((" down\n"));
-@@ -984,11 +992,13 @@
- }
- /*@=moduncon@*/
+ /* Ignore interfaces that are down. */
+ if ((lifreq.iflr_flags & IFF_UP) == 0) {
+ Tprintf ((" down\n"));
+@@ -987,11 +995,13 @@
+ }
+ /*@=moduncon@*/
+#if 0
- /* None of the current callers want loopback addresses. */
- if (is_loopback_address(&ifreq.ifr_addr)) {
- Tprintf ((" loopback\n"));
- goto skip;
- }
+ /* None of the current callers want loopback addresses. */
+ if (is_loopback_address(&ifreq.ifr_addr)) {
+ Tprintf ((" loopback\n"));
+ goto skip;
+ }
+#endif
- /* Ignore interfaces that are down. */
- if ((ifreq.ifr_flags & IFF_UP) == 0) {
- Tprintf ((" down\n"));
+ /* Ignore interfaces that are down. */
+ if ((ifreq.ifr_flags & IFF_UP) == 0) {
+ Tprintf ((" down\n"));
diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist
index bb3f01f28121..113a133be5e8 100644
--- a/security/krb5/pkg-plist
+++ b/security/krb5/pkg-plist
@@ -1,5 +1,4 @@
bin/compile_et
-bin/%%FTP_PROG%%
bin/gss-client
bin/k5srvutil
bin/kadmin
@@ -11,12 +10,8 @@ bin/krb5-config
bin/ksu
bin/ktutil
bin/kvno
-bin/%%RCP_PROG%%
-bin/%%RLOGIN_PROG%%
-bin/%%RSH_PROG%%
bin/sclient
bin/sim_client
-bin/%%TELNET_PROG%%
bin/uuclient
include/com_err.h
include/gssapi.h
@@ -58,9 +53,11 @@ lib/libgssrpc.so.4
lib/libk5crypto.so
lib/libk5crypto.so.3
lib/libkadm5clnt.so
-lib/libkadm5clnt.so.6
+lib/libkadm5clnt_mit.so
+lib/libkadm5clnt_mit.so.7
lib/libkadm5srv.so
-lib/libkadm5srv.so.6
+lib/libkadm5srv_mit.so
+lib/libkadm5srv_mit.so.7
lib/libkdb5.so
lib/libkdb5.so.4
lib/libkrb5.so
@@ -70,22 +67,17 @@ lib/libkrb5support.so.0
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/encrypted_challenge.so
lib/krb5/plugins/preauth/pkinit.so
-sbin/%%FTP_PROG%%d
sbin/gss-server
sbin/kadmin.local
sbin/kadmind
sbin/kdb5_util
-sbin/klogind
sbin/kprop
sbin/kpropd
sbin/kproplog
sbin/krb5-send-pr
sbin/krb5kdc
-sbin/kshd
-sbin/login.krb5
sbin/sim_server
sbin/sserver
-sbin/%%TELNET_PROG%%d
sbin/uuserver
share/doc/krb5/README.FreeBSD
share/et/et_c.awk