diff options
author | cy <cy@FreeBSD.org> | 2010-04-26 11:48:43 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2010-04-26 11:48:43 +0800 |
commit | 44542358c02d2370dd9a007b36cbba7539389d5a (patch) | |
tree | d0c9ec908621d5e08ee686bb2583061abecd446c /security/krb5 | |
parent | d0c7a3c9e690758e2a12a432f3f69b3de2a9fdf6 (diff) | |
download | freebsd-ports-graphics-44542358c02d2370dd9a007b36cbba7539389d5a.tar.gz freebsd-ports-graphics-44542358c02d2370dd9a007b36cbba7539389d5a.tar.zst freebsd-ports-graphics-44542358c02d2370dd9a007b36cbba7539389d5a.zip |
Welcome the new krb5-1.8.1. Significant changes include the removal of
the MIT KRB5 applications (now in a separate tarball and port).
Diffstat (limited to 'security/krb5')
-rw-r--r-- | security/krb5/Makefile | 88 | ||||
-rw-r--r-- | security/krb5/distinfo | 6 | ||||
-rw-r--r-- | security/krb5/files/patch-ai | 17 | ||||
-rw-r--r-- | security/krb5/files/patch-aj | 19 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::bsd::Makefile.in | 12 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::bsd::klogind.M | 26 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h | 23 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::telnet::telnetd::Makefile.in | 11 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 | 22 | ||||
-rw-r--r-- | security/krb5/files/patch-appl::telnet::telnetd::utility.c | 38 | ||||
-rw-r--r-- | security/krb5/files/patch-as | 249 | ||||
-rw-r--r-- | security/krb5/files/patch-ay | 51 | ||||
-rw-r--r-- | security/krb5/files/patch-ba | 77 | ||||
-rw-r--r-- | security/krb5/files/patch-bb | 10 | ||||
-rw-r--r-- | security/krb5/files/patch-lib-krb5-os-localaddr.c | 102 | ||||
-rw-r--r-- | security/krb5/pkg-plist | 16 |
16 files changed, 193 insertions, 574 deletions
diff --git a/security/krb5/Makefile b/security/krb5/Makefile index b4fcaa624b9..635c700e9b2 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -6,10 +6,9 @@ # PORTNAME= krb5 -PORTVERSION= 1.7 -PORTREVISION= 2 +PORTVERSION= 1.8.1 CATEGORIES= security -MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PATCH_SITES= http://web.mit.edu/kerberos/advisories/ DISTNAME= ${PORTNAME}-${PORTVERSION}-signed EXTRACT_SUFX= .tar @@ -21,10 +20,7 @@ BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 CONFLICTS= krb[45]-[0-9]* heimdal-[0-9]* srp-[0-9]* -BROKEN= does not compile -FORBIDDEN= MITKRB5-SA-2010-001, MITKRB5-SA-2010-002, and MITKRB5-SA-2010-003. - -LATEST_LINK= ${PORTNAME}-17 +LATEST_LINK= ${PORTNAME}-18 KERBEROSV_URL= http://web.mit.edu/kerberos/ USE_OPENSSL= yes WITH_OPENSSL_PORT= yes @@ -37,14 +33,9 @@ CONFIGURE_ENV= INSTALL="${INSTALL}" YACC=/usr/bin/yacc \ CFLAGS="${CFLAGS}" MAKE_ARGS= INSTALL="${INSTALL}" -OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \ - KRB5_RENAME_TELNET "Rename telnet to ktelnet" off \ - KRB5_RENAME_RLOGIN "Rename rlogin to krlogin" off \ - KRB5_RENAME_RSH "Rename rsh to krsh" off \ - KRB5_RENAME_RCP "Rename rcp to krcp" off \ - KRB5_KRB4_COMPAT "Build and install krb4 compatibility" off \ - KRB5_DOC "Build and install krb5 documentation" on \ - WANT_HTML "Want HTML documentation too" on +OPTIONS= KRB5_DOC "Build and install krb5 documentation" on \ + WANT_HTML "Want HTML documentation too" on \ + DNS_FOR_REALM "enable DNS lookups of Kerberos realm names" off .include <bsd.port.pre.mk> @@ -52,73 +43,26 @@ OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \ BROKEN= fails to build with new utmpx .endif +.if defined(WITH_DNS_FOR_REALM) +CONFIGURE_ARGS+= --enable-dns-for-realm +.endif + .if defined(WITH_KRB5_DOC) BUILD_DEPENDS+= texi2dvi:${PORTSDIR}/print/texinfo \ dvips:${PORTSDIR}/print/dvipsk-tetex INFO= krb5-admin krb5-install krb5-user .endif -.if !defined(WITH_KRB5_KRB4_COMPAT) -CONFIGURE_ARGS+= --without-krb4 -PLIST_SUB+= KRB4="@comment " -.else -PLIST_SUB+= KRB4="" -.endif - .if defined(KRB5_HOME) PREFIX= ${KRB5_HOME} .endif MAN1= k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \ kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \ - sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \ - kerberos.1 kvno.1 compile_et.1 + sclient.1 kerberos.1 kvno.1 compile_et.1 MAN5= kdc.conf.5 krb5.conf.5 .k5login.5 MAN8= krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \ - kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \ - klogind.8 login.krb5.8 ftpd.8 telnetd.8 - -.if defined(WITH_KRB5_RENAME_FTP) -MAN1:= ${MAN1:C/ftp/kftp/} -MAN8:= ${MAN8:C/ftp/kftp/} -PROGRAM_TRANSFORM_NAME+= s/^ftp/kftp/; -PLIST_SUB+= FTP_PROG="kftp" -.else -PLIST_SUB+= FTP_PROG="ftp" -.endif - -.if defined(WITH_KRB5_RENAME_TELNET) -MAN1:= ${MAN1:C/telnet/ktelnet/} -MAN8:= ${MAN8:C/telnet/ktelnet/} -PROGRAM_TRANSFORM_NAME+= s/^telnet/ktelnet/; -PLIST_SUB+= TELNET_PROG="ktelnet" -.else -PLIST_SUB+= TELNET_PROG="telnet" -.endif - -.if defined(WITH_KRB5_RENAME_RLOGIN) -MAN1:= ${MAN1:C/rlogin/krlogin/} -PROGRAM_TRANSFORM_NAME+= s/^rlogin/krlogin/; -PLIST_SUB+= RLOGIN_PROG="krlogin" -.else -PLIST_SUB+= RLOGIN_PROG="rlogin" -.endif - -.if defined(WITH_KRB5_RENAME_RSH) -MAN1:= ${MAN1:C/rsh/krsh/} -PROGRAM_TRANSFORM_NAME+= s/^rsh/krsh/; -PLIST_SUB+= RSH_PROG="krsh" -.else -PLIST_SUB+= RSH_PROG="rsh" -.endif - -.if defined(WITH_KRB5_RENAME_RCP) -MAN1:= ${MAN1:C/rcp/krcp/} -PROGRAM_TRANSFORM_NAME+= s/^rcp/krcp/; -PLIST_SUB+= RCP_PROG="krcp" -.else -PLIST_SUB+= RCP_PROG="rcp" -.endif + kprop.8 kpropd.8 kproplog.8 sserver.8 .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" @@ -148,14 +92,6 @@ post-patch: @${REINPLACE_CMD} -e '1s,^#!\/usr\/athena/bin/perl,#!${PERL5},' \ ${WRKSRC}/../doc/man2html -pre-build: -.if !defined(KRB5_KRB4_COMPAT) - @${ECHO} "------------------------------------------------------" - @${ECHO} "Set KRB5_KRB4_COMPAT=NO if you do not want to build " - @${ECHO} "the KerberosIV compatibility libraries. " - @${ECHO} "------------------------------------------------------" -.endif - post-build: .if defined(WITH_KRB5_DOC) @cd ${WRKSRC}/../doc && \ diff --git a/security/krb5/distinfo b/security/krb5/distinfo index aef68fcdf9a..a1f6a340ad8 100644 --- a/security/krb5/distinfo +++ b/security/krb5/distinfo @@ -1,3 +1,3 @@ -MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564 -SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5 -SIZE (krb5-1.7-signed.tar) = 12226560 +MD5 (krb5-1.8.1-signed.tar) = e29a78b108c4687f7e7937110d1d0415 +SHA256 (krb5-1.8.1-signed.tar) = 470c486ec5580d12f2a72cde059e3bdfa567cf96215b724fec5a3b6cfa7eebb9 +SIZE (krb5-1.8.1-signed.tar) = 11632640 diff --git a/security/krb5/files/patch-ai b/security/krb5/files/patch-ai deleted file mode 100644 index 3588a76ed19..00000000000 --- a/security/krb5/files/patch-ai +++ /dev/null @@ -1,17 +0,0 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 -+++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 -@@ -487,7 +487,13 @@ - #ifndef LOG_DAEMON - #define LOG_DAEMON 0 - #endif -- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); -+ -+#ifndef LOG_FTP -+#define FACILITY LOG_DAEMON -+#else -+#define FACILITY LOG_FTP -+#endif -+ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); - - addrlen = sizeof (his_addr); - if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { diff --git a/security/krb5/files/patch-aj b/security/krb5/files/patch-aj deleted file mode 100644 index c3bb8dfd696..00000000000 --- a/security/krb5/files/patch-aj +++ /dev/null @@ -1,19 +0,0 @@ -*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 ---- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 -*************** -*** 66,72 **** - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); ---- 66,72 ---- - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5/files/patch-appl::bsd::Makefile.in b/security/krb5/files/patch-appl::bsd::Makefile.in deleted file mode 100644 index 58104893326..00000000000 --- a/security/krb5/files/patch-appl::bsd::Makefile.in +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 -+++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 -@@ -31,8 +31,8 @@ - -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" - - DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \ -- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ -+ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ - -DHEIMDAL_FRIENDLY - - all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) - diff --git a/security/krb5/files/patch-appl::bsd::klogind.M b/security/krb5/files/patch-appl::bsd::klogind.M deleted file mode 100644 index 48544cba895..00000000000 --- a/security/krb5/files/patch-appl::bsd::klogind.M +++ /dev/null @@ -1,26 +0,0 @@ ---- appl/bsd/klogind.M.orig 2008-12-15 12:29:01.000000000 -0800 -+++ appl/bsd/klogind.M 2009-08-28 13:13:28.000000000 -0700 -@@ -13,7 +13,7 @@ - .B \-rcpPef - ] - [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ] --[ \fB\-D\fP \fIport\fP ] -+[ \fB\-D\fP \fIport\fP ] [\fB\-L\fP \fIloginpath\fP] - .SH DESCRIPTION - .I Klogind - is the server for the -@@ -136,11 +136,9 @@ - .IP \fB\-M\ realm\fP - Set the Kerberos realm to use. - --.IP \fB\-L\ login\fP --Set the login program to use. This option only has an effect if --DO_NOT_USE_K_LOGIN was not defined when --.I klogind --was compiled. -+.IP \fB\-L\ loginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. - - .IP \fB\-D\ port\fP - Run in standalone mode, listening on \fBport\fP. The daemon will exit diff --git a/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h b/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h deleted file mode 100644 index 256e929aa68..00000000000 --- a/security/krb5/files/patch-appl::gssftp::ftp::ftp_var.h +++ /dev/null @@ -1,23 +0,0 @@ ---- appl/gssftp/ftp/ftp_var.h.orig Tue Jun 17 02:37:40 2003 -+++ appl/gssftp/ftp/ftp_var.h Sat Aug 30 05:30:44 2003 -@@ -33,6 +33,10 @@ - * @(#)ftp_var.h 5.9 (Berkeley) 6/1/90 - */ - -+#if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version > 500000 -+#undef __BSD_VISIBLE -+#endif -+ - #ifdef _WIN32 - #include <windows.h> - #include <winsock2.h> -@@ -57,9 +61,7 @@ - typedef void (*sig_t)(int); - typedef void sigtype; - #else --#define sig_t my_sig_t - #define sigtype krb5_sigtype --typedef sigtype (*sig_t)(); - #endif - - /* diff --git a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in deleted file mode 100644 index cb5a0e26d49..00000000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 -@@ -24,7 +24,7 @@ - # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 - # - --AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" - OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON - LOCALINCLUDES=-I.. -I$(srcdir)/.. - DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 deleted file mode 100644 index 951ee0d5692..00000000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.8 +++ /dev/null @@ -1,22 +0,0 @@ ---- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 -@@ -43,7 +43,7 @@ - [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] - [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] - [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] --[\fB\-debug\fP [\fIport\fP]] -+[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] - .SH DESCRIPTION - The - .B telnetd -@@ -221,6 +221,10 @@ - in response to a - .SM DO TIMING-MARK) - for kludge linemode support. -+.TP -+\fB\-L\fP \fIloginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. - .TP - .B \-l - Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5/files/patch-appl::telnet::telnetd::utility.c b/security/krb5/files/patch-appl::telnet::telnetd::utility.c deleted file mode 100644 index 8bb656dc067..00000000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::utility.c +++ /dev/null @@ -1,38 +0,0 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 -+++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 -@@ -408,18 +408,25 @@ - int - netwrite(const char *buf, size_t len) - { -- size_t remain; -+ int remaining, copied; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ while (len > 0) { -+ /* Free up enough space if the room is too low*/ -+ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } - -- remain = sizeof(netobuf) - (nfrontp - netobuf); -- if (remain < len) { -- netflush(); -- remain = sizeof(netobuf) - (nfrontp - netobuf); -+ /* Copy out as much as will fit */ -+ copied = remaining > len ? len : remaining; -+ memmove(nfrontp, buf, copied); -+ nfrontp += copied; -+ len -= copied; -+ remaining -= copied; -+ buf += copied; - } -- if (remain < len) -- return 0; -- memcpy(nfrontp, buf, len); -- nfrontp += len; -- return len; -+ return copied; - } - - /* diff --git a/security/krb5/files/patch-as b/security/krb5/files/patch-as index de19886eac0..2ddf97ea110 100644 --- a/security/krb5/files/patch-as +++ b/security/krb5/files/patch-as @@ -1,6 +1,6 @@ ---- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 -+++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 -@@ -32,6 +32,10 @@ +--- clients/ksu/main.c.orig 2009-11-02 19:27:56.000000000 -0800 ++++ clients/ksu/main.c 2010-04-19 12:27:09.090190157 -0700 +@@ -33,6 +33,10 @@ #include <signal.h> #include <grp.h> @@ -10,9 +10,9 @@ + /* globals */ char * prog_name; - int auth_debug =0; -@@ -61,7 +65,7 @@ - ill specified arguments to commands */ + int auth_debug =0; +@@ -62,7 +66,7 @@ + ill specified arguments to commands */ void usage (){ - fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); @@ -20,176 +20,173 @@ } /* for Ultrix and friends ... */ -@@ -77,6 +81,7 @@ +@@ -78,6 +82,7 @@ int argc; char ** argv; - { + { + int asme = 0; int hp =0; - int some_rest_copy = 0; - int all_rest_copy = 0; -@@ -91,6 +96,7 @@ - char * cc_target_tag = NULL; + int some_rest_copy = 0; + int all_rest_copy = 0; +@@ -92,6 +97,7 @@ + char * cc_target_tag = NULL; char * target_user = NULL; char * source_user; + char * source_shell; - + krb5_ccache cc_source = NULL; - const char * cc_source_tag = NULL; -@@ -117,6 +123,11 @@ - krb5_principal kdc_server; + const char * cc_source_tag = NULL; +@@ -119,6 +125,11 @@ krb5_boolean zero_password; - char * dir_of_cc_target; -+ + char * dir_of_cc_target; + +#ifdef LOGIN_CAP + login_cap_t *lc; + int setwhat; +#endif - ++ options.opt = KRB5_DEFAULT_OPTIONS; options.lifetime = KRB5_DEFAULT_TKT_LIFE; -@@ -181,7 +192,7 @@ - com_err (prog_name, errno, "while setting euid to source user"); - exit (1); + options.rlife =0; +@@ -182,7 +193,8 @@ + com_err (prog_name, errno, "while setting euid to source user"); + exit (1); } - while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ + while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ - switch (option) { - case 'r': - options.opt |= KDC_OPT_RENEWABLE; -@@ -227,6 +238,9 @@ - errflg++; - } - break; -+ case 'm': -+ asme = 1; -+ break; - case 'n': - if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ - com_err(prog_name, retval, "when parsing name %s", optarg); -@@ -341,6 +355,7 @@ - - /* allocate space and copy the usernamane there */ ++ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +@@ -228,6 +240,9 @@ + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +@@ -342,6 +357,7 @@ + + /* allocate space and copy the usernamane there */ source_user = xstrdup(pwd->pw_name); + source_shell = xstrdup(pwd->pw_shell); source_uid = pwd->pw_uid; source_gid = pwd->pw_gid; - -@@ -672,43 +687,64 @@ - /* get the shell of the user, this will be the shell used by su */ + +@@ -673,43 +689,64 @@ + /* get the shell of the user, this will be the shell used by su */ target_pwd = getpwnam(target_user); - + - if (target_pwd->pw_shell) -- shell = xstrdup(target_pwd->pw_shell); +- shell = xstrdup(target_pwd->pw_shell); - else { -- shell = _DEF_CSH; /* default is cshell */ +- shell = _DEF_CSH; /* default is cshell */ + if (asme) { -+ if (source_shell && *source_shell) { -+ shell = strdup(source_shell); -+ } else { -+ shell = _DEF_CSH; -+ } ++ if (source_shell && *source_shell) { ++ shell = strdup(source_shell); ++ } else { ++ shell = _DEF_CSH; ++ } + } else { -+ if (target_pwd->pw_shell) -+ shell = strdup(target_pwd->pw_shell); -+ else { -+ shell = _DEF_CSH; /* default is cshell */ -+ } ++ if (target_pwd->pw_shell) ++ shell = strdup(target_pwd->pw_shell); ++ else { ++ shell = _DEF_CSH; /* default is cshell */ ++ } } - + #ifdef HAVE_GETUSERSHELL - - /* insist that the target login uses a standard shell (root is omited) */ - + + /* insist that the target login uses a standard shell (root is omited) */ + - if (!standard_shell(target_pwd->pw_shell) && source_uid) { -- fprintf(stderr, "ksu: permission denied (shell).\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); +- fprintf(stderr, "ksu: permission denied (shell).\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); + if (asme) { -+ if (!standard_shell(pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } ++ if (!standard_shell(pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } else { -+ if (!standard_shell(target_pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } ++ if (!standard_shell(target_pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } } #endif /* HAVE_GETUSERSHELL */ - + - if (target_pwd->pw_uid){ -- -- if(set_env_var("USER", target_pwd->pw_name)){ + if (!asme) { -+ if (target_pwd->pw_uid){ -+ if (set_env_var("USER", target_pwd->pw_name)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+ if (set_env_var( "HOME", target_pwd->pw_dir)){ - fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(ksu_context, cc_target); - exit(1); -- } -- } -- ++ if (target_pwd->pw_uid){ ++ if (set_env_var("USER", target_pwd->pw_name)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } + +- if(set_env_var("USER", target_pwd->pw_name)){ ++ if (set_env_var( "HOME", target_pwd->pw_dir)){ + fprintf(stderr,"ksu: couldn't set environment variable USER\n"); + sweep_up(ksu_context, cc_target); + exit(1); +- } +- } ++ } + - if(set_env_var( "HOME", target_pwd->pw_dir)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ } - +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); ++ if (set_env_var( "SHELL", shell)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } + - if(set_env_var( "SHELL", shell)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "SHELL", shell)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } +#ifdef LOGIN_CAP + lc = login_getpwclass(pwd); +#endif - - /* set the cc env name to target */ - -@@ -718,7 +754,19 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -- -+ + + /* set the cc env name to target */ + +@@ -720,6 +757,19 @@ + exit(1); + } + +#ifdef LOGIN_CAP -+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; ++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORIT ++ + setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; + /* + * Don't touch resource/priority settings if -m has been + * used or -l and -c hasn't, and we're not su'ing to root. + */ + if (target_pwd->pw_uid) -+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); ++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); + if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) -+ err(1, "setusercontext"); ++ err(1, "setusercontext"); +#else /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -759,6 +807,7 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -+#endif - + perror("ksu: setgid"); +@@ -760,6 +810,7 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } ++#endif /* LOGIN_CAP */ + if (access( cc_target_tag_tmp, R_OK | W_OK )){ - com_err(prog_name, errno, + com_err(prog_name, errno, diff --git a/security/krb5/files/patch-ay b/security/krb5/files/patch-ay deleted file mode 100644 index a2141724855..00000000000 --- a/security/krb5/files/patch-ay +++ /dev/null @@ -1,51 +0,0 @@ ---- appl/libpty/getpty.c.orig Wed Jan 9 14:28:37 2002 -+++ appl/libpty/getpty.c Thu Jan 10 21:30:40 2002 -@@ -24,14 +24,27 @@ - #include "libpty.h" - #include "pty-int.h" - #include "k5-platform.h" - -+#ifdef __FreeBSD__ -+#define PTYCHARS1 "pqrsPQRS" -+#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv" -+#endif -+ -+#ifndef PTYCHARS1 -+#define PTYCHARS1 "pqrstuvwxyzPQRST" -+#endif -+ -+#ifndef PTYCHARS2 -+#define PTYCHARS2 "0123456789abcdef" -+#endif -+ - long - ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) - { -+ int ptynum; -+ char *cp1, *cp2; - #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) -- char *cp; - char *p; -- int i,ptynum; - struct stat stb; - char slavebuf[1024]; - #endif -@@ -115,14 +128,14 @@ - strncpy(slave, slavebuf, slavelength); - return 0; - } else { -- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { -+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) { - snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX"); -- slavebuf[sizeof("/dev/pty") - 1] = *cp; -+ slavebuf[sizeof("/dev/pty") - 1] = *cp1; - slavebuf[sizeof("/dev/ptyp") - 1] = '0'; - if (stat(slavebuf, &stb) < 0) - break; -- for (i = 0; i < 16; i++) { -- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i]; -+ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) { -+ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2; - *fd = open(slavebuf, O_RDWR); - if (*fd < 0) continue; - diff --git a/security/krb5/files/patch-ba b/security/krb5/files/patch-ba deleted file mode 100644 index dd0c760df7d..00000000000 --- a/security/krb5/files/patch-ba +++ /dev/null @@ -1,77 +0,0 @@ ---- appl/bsd/login.c.orig Tue May 27 21:06:25 2003 -+++ appl/bsd/login.c Tue Jul 29 20:52:25 2003 -@@ -1342,19 +1342,6 @@ - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - } - -- /* Policy: If local password is good, user is good. -- We really can't trust the Kerberos password, -- because somebody on the net could spoof the -- Kerberos server (not easy, but possible). -- Some sites might want to use it anyways, in -- which case they should change this line -- to: -- if (kpass_ok) -- */ -- -- if (lpass_ok) -- break; -- - if (got_v5_tickets) { - retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, - NULL, &xtra_creds, -@@ -1378,6 +1365,9 @@ - } - #endif /* KRB4_GET_TICKETS */ - -+ if (lpass_ok) -+ break; -+ - bad_login: - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - -@@ -1667,21 +1657,23 @@ - /* set up credential cache -- obeying KRB5_ENV_CCNAME - set earlier */ - /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ -- if ((retval = krb5_cc_default(kcontext, &ccache))) { -+ if ((retval = krb5_cc_default(kcontext, &ccache))) - com_err(argv[0], retval, "while getting default ccache"); -- } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) { -- com_err(argv[0], retval, "when initializing cache"); -- } else if ((retval = krb5_cc_store_cred(kcontext, ccache, -- &my_creds))) { -- com_err(argv[0], retval, "while storing credentials"); -- } else if (xtra_creds && -- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, -- ccache))) { -- com_err(argv[0], retval, "while storing credentials"); -+ else { -+ if (retval = krb5_cc_initialize(kcontext, ccache, me)) -+ com_err(argv[0], retval, "when initializing cache"); -+ else { -+ if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) -+ com_err(argv[0], retval, "while storing credentials"); -+ else { -+ if (xtra_creds && -+ (retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) { -+ com_err(argv[0], retval, "while storing credentials"); -+ krb5_cc_destroy(kcontext, xtra_creds); -+ } -+ } -+ } - } -- -- if (xtra_creds) -- krb5_cc_destroy(kcontext, xtra_creds); - } else if (forwarded_v5_tickets && rewrite_ccache) { - if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { - syslog(LOG_ERR, -@@ -1762,6 +1754,7 @@ - - if (ccname) - setenv("KRB5CCNAME", ccname, 1); -+ krb5_cc_set_default_name(kcontext, ccname); - - setenv("HOME", pwd->pw_dir, 1); - setenv("PATH", LPATH, 1); diff --git a/security/krb5/files/patch-bb b/security/krb5/files/patch-bb deleted file mode 100644 index 6545ae682c5..00000000000 --- a/security/krb5/files/patch-bb +++ /dev/null @@ -1,10 +0,0 @@ ---- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999 -+++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999 -@@ -58,7 +58,6 @@ - $(INSTALL_DATA) $(srcdir)/$$f.1 \ - ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ - done -- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc - - authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) - commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) diff --git a/security/krb5/files/patch-lib-krb5-os-localaddr.c b/security/krb5/files/patch-lib-krb5-os-localaddr.c index d8956daea36..06b6043f22c 100644 --- a/security/krb5/files/patch-lib-krb5-os-localaddr.c +++ b/security/krb5/files/patch-lib-krb5-os-localaddr.c @@ -1,6 +1,6 @@ ---- lib/krb5/os/localaddr.c.orig 2009-02-18 10:14:48.000000000 -0800 -+++ lib/krb5/os/localaddr.c 2009-08-28 13:37:41.000000000 -0700 -@@ -173,6 +173,7 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ } #endif @@ -8,68 +8,68 @@ static int is_loopback_address(struct sockaddr *sa) { -@@ -189,6 +190,7 @@ - return 0; +@@ -191,6 +192,7 @@ + return 0; } } +#endif #ifdef HAVE_IFADDRS_H #include <ifaddrs.h> -@@ -464,12 +466,14 @@ - ifp->ifa_flags &= ~IFF_UP; - continue; - } +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } +#if 0 - if (is_loopback_address(ifp->ifa_addr)) { - /* Pretend it's not up, so the second pass will skip - it. */ - ifp->ifa_flags &= ~IFF_UP; - continue; - } + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } +#endif - /* If this address is a duplicate, punt. */ - match = 0; - for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { -@@ -598,11 +602,13 @@ - } - /*@=moduncon@*/ + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ +#if 0 - /* None of the current callers want loopback addresses. */ - if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } +#endif - /* Ignore interfaces that are down. */ - if ((lifreq.lifr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); -@@ -769,11 +775,13 @@ - } - /*@=moduncon@*/ + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ +#if 0 - /* None of the current callers want loopback addresses. */ - if (is_loopback_address(&lifr->iflr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } +#endif - /* Ignore interfaces that are down. */ - if ((lifreq.iflr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); -@@ -984,11 +992,13 @@ - } - /*@=moduncon@*/ + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ +#if 0 - /* None of the current callers want loopback addresses. */ - if (is_loopback_address(&ifreq.ifr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } +#endif - /* Ignore interfaces that are down. */ - if ((ifreq.ifr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist index bb3f01f2812..113a133be5e 100644 --- a/security/krb5/pkg-plist +++ b/security/krb5/pkg-plist @@ -1,5 +1,4 @@ bin/compile_et -bin/%%FTP_PROG%% bin/gss-client bin/k5srvutil bin/kadmin @@ -11,12 +10,8 @@ bin/krb5-config bin/ksu bin/ktutil bin/kvno -bin/%%RCP_PROG%% -bin/%%RLOGIN_PROG%% -bin/%%RSH_PROG%% bin/sclient bin/sim_client -bin/%%TELNET_PROG%% bin/uuclient include/com_err.h include/gssapi.h @@ -58,9 +53,11 @@ lib/libgssrpc.so.4 lib/libk5crypto.so lib/libk5crypto.so.3 lib/libkadm5clnt.so -lib/libkadm5clnt.so.6 +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.7 lib/libkadm5srv.so -lib/libkadm5srv.so.6 +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.7 lib/libkdb5.so lib/libkdb5.so.4 lib/libkrb5.so @@ -70,22 +67,17 @@ lib/libkrb5support.so.0 lib/krb5/plugins/kdb/db2.so lib/krb5/plugins/preauth/encrypted_challenge.so lib/krb5/plugins/preauth/pkinit.so -sbin/%%FTP_PROG%%d sbin/gss-server sbin/kadmin.local sbin/kadmind sbin/kdb5_util -sbin/klogind sbin/kprop sbin/kpropd sbin/kproplog sbin/krb5-send-pr sbin/krb5kdc -sbin/kshd -sbin/login.krb5 sbin/sim_server sbin/sserver -sbin/%%TELNET_PROG%%d sbin/uuserver share/doc/krb5/README.FreeBSD share/et/et_c.awk |