mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00
Code Issues Releases Activity

Update krb5 1.9.2 --> 1.10.3

Browse Source 
Feature safe:	yes
This commit is contained in:
Cy Schubert 2012-11-03 18:59:37 +00:00
parent 2b743568b7
commit 132c8dd868
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=306935
5 changed files with 24 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/krb5/Makefile
View File

@ -6,14 +6,12 @@
#
PORTNAME= krb5
PORTVERSION= 1.9.2
PORTREVISION= 3
PORTVERSION= 1.10.3
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
EXTRACT_SUFX= .tar
PATCHFILES= 2011-007-patch.txt
MAINTAINER= cy@FreeBSD.org
COMMENT= An authentication system developed at MIT, successor to Kerberos IV
@ -29,6 +27,7 @@ USE_PERL5_BUILD= yes
USE_LDCONFIG= yes
USE_CSTD= gnu89
USE_AUTOTOOLS= libtool
USE_GETTEXT= yes
CONFIGURE_ARGS?= --enable-shared
CONFIGURE_ENV= INSTALL="${INSTALL}" YACC="${YACC}"
MAKE_ARGS= INSTALL="${INSTALL}"
@ -45,6 +44,7 @@ PREFIX= ${KRB5_HOME}
CFLAGS+= -rpath=${KRB5_HOME}/lib
LDFLAGS+= -rpath=${KRB5_HOME}/lib
.endif
LDFLAGS+= -L${LOCALBASE}/lib
.include <bsd.port.pre.mk>
@ -73,9 +73,11 @@ WITH_OPENSSL_PORT= yes
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
MAN1= k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
kpasswd.1 klist.1 kinit.1 kdestroy.1 kswitch.1 ksu.1 \
ktutil.1 \
sclient.1 kerberos.1 kvno.1 compile_et.1
MAN5= kdc.conf.5 krb5.conf.5 .k5login.5
MAN5= kdc.conf.5 krb5.conf.5 .k5identity.5 .k5login.5 \
k5identity.5 k5login.5
MAN8= krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
kprop.8 kpropd.8 kproplog.8 sserver.8

6
security/krb5/distinfo
View File

@ -1,4 +1,2 @@
SHA256 (krb5-1.9.2-signed.tar) = 96b213345b02862b5fef61ef1dd26f643f07e4207496c35179cea35ddb7ae68c
SIZE (krb5-1.9.2-signed.tar) = 12185600
SHA256 (2011-007-patch.txt) = 0b0413e175e81b5fb7497f3351341066644431d72663bb1cba9d59b715669486
SIZE (2011-007-patch.txt) = 1417
SHA256 (krb5-1.10.3-signed.tar) = fc48f9f985bf04aa91c239dae0daaa0509c85b61b2d172d9d65ab0c52bcea3cf
SIZE (krb5-1.10.3-signed.tar) = 11530240

192
security/krb5/files/patch-as
View File

@ -1,192 +0,0 @@
--- clients/ksu/main.c.orig 2009-11-02 19:27:56.000000000 -0800
+++ clients/ksu/main.c 2010-04-19 12:27:09.090190157 -0700
@@ -33,6 +33,10 @@
#include <signal.h>
#include <grp.h>
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif
+
/* globals */
char * prog_name;
int auth_debug =0;
@@ -62,7 +66,7 @@
ill specified arguments to commands */
void usage (){
- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
}
/* for Ultrix and friends ... */
@@ -78,6 +82,7 @@
int argc;
char ** argv;
{
+ int asme = 0;
int hp =0;
int some_rest_copy = 0;
int all_rest_copy = 0;
@@ -92,6 +97,7 @@
char * cc_target_tag = NULL;
char * target_user = NULL;
char * source_user;
+ char * source_shell;
krb5_ccache cc_source = NULL;
const char * cc_source_tag = NULL;
@@ -119,6 +125,11 @@
krb5_boolean zero_password;
char * dir_of_cc_target;
+#ifdef LOGIN_CAP
+ login_cap_t *lc;
+ int setwhat;
+#endif
+
options.opt = KRB5_DEFAULT_OPTIONS;
options.lifetime = KRB5_DEFAULT_TKT_LIFE;
options.rlife =0;
@@ -182,7 +193,8 @@
com_err (prog_name, errno, "while setting euid to source user");
exit (1);
}
- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){
+
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
@@ -228,6 +240,9 @@
errflg++;
}
break;
+ case 'm':
+ asme = 1;
+ break;
case 'n':
if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
com_err(prog_name, retval, "when parsing name %s", optarg);
@@ -342,6 +357,7 @@
/* allocate space and copy the usernamane there */
source_user = xstrdup(pwd->pw_name);
+ source_shell = xstrdup(pwd->pw_shell);
source_uid = pwd->pw_uid;
source_gid = pwd->pw_gid;
@@ -673,43 +689,64 @@
/* get the shell of the user, this will be the shell used by su */
target_pwd = getpwnam(target_user);
- if (target_pwd->pw_shell)
- shell = xstrdup(target_pwd->pw_shell);
- else {
- shell = _DEF_CSH; /* default is cshell */
+ if (asme) {
+ if (source_shell && *source_shell) {
+ shell = strdup(source_shell);
+ } else {
+ shell = _DEF_CSH;
+ }
+ } else {
+ if (target_pwd->pw_shell)
+ shell = strdup(target_pwd->pw_shell);
+ else {
+ shell = _DEF_CSH; /* default is cshell */
+ }
}
#ifdef HAVE_GETUSERSHELL
/* insist that the target login uses a standard shell (root is omited) */
- if (!standard_shell(target_pwd->pw_shell) && source_uid) {
- fprintf(stderr, "ksu: permission denied (shell).\n");
- sweep_up(ksu_context, cc_target);
- exit(1);
+ if (asme) {
+ if (!standard_shell(pwd->pw_shell) && source_uid) {
+ fprintf(stderr, "ksu: permission denied (shell).\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
+ } else {
+ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+ fprintf(stderr, "ksu: permission denied (shell).\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
}
#endif /* HAVE_GETUSERSHELL */
- if (target_pwd->pw_uid){
+ if (!asme) {
+ if (target_pwd->pw_uid){
+ if (set_env_var("USER", target_pwd->pw_name)){
+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
+ }
- if(set_env_var("USER", target_pwd->pw_name)){
+ if (set_env_var( "HOME", target_pwd->pw_dir)){
fprintf(stderr,"ksu: couldn't set environment variable USER\n");
sweep_up(ksu_context, cc_target);
exit(1);
- }
- }
+ }
- if(set_env_var( "HOME", target_pwd->pw_dir)){
- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
- sweep_up(ksu_context, cc_target);
- exit(1);
+ if (set_env_var( "SHELL", shell)){
+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
}
- if(set_env_var( "SHELL", shell)){
- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
- sweep_up(ksu_context, cc_target);
- exit(1);
- }
+#ifdef LOGIN_CAP
+ lc = login_getpwclass(pwd);
+#endif
/* set the cc env name to target */
@@ -720,6 +757,19 @@
exit(1);
}
+#ifdef LOGIN_CAP
+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORIT
+
+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+ /*
+ * Don't touch resource/priority settings if -m has been
+ * used or -l and -c hasn't, and we're not su'ing to root.
+ */
+ if (target_pwd->pw_uid)
+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
+ err(1, "setusercontext");
+#else
/* set permissions */
if (setgid(target_pwd->pw_gid) < 0) {
perror("ksu: setgid");
@@ -760,6 +810,7 @@
sweep_up(ksu_context, cc_target);
exit(1);
}
+#endif /* LOGIN_CAP */
if (access( cc_target_tag_tmp, R_OK | W_OK )){
com_err(prog_name, errno,

9
security/krb5/files/patch-config::shlib.conf
View File

@ -1,13 +1,13 @@
--- config/shlib.conf.orig 2008-12-08 14:33:07.000000000 -0800
+++ config/shlib.conf 2009-08-28 13:27:39.000000000 -0700
@@ -299,24 +299,17 @@
--- config/shlib.conf.orig 2012-08-08 15:27:55.000000000 -0700
+++ config/shlib.conf 2012-11-02 17:49:31.140500618 -0700
@@ -306,24 +306,18 @@
;;
*-*-freebsd*)
- if test -x /usr/bin/objformat ; then
- objformat=`/usr/bin/objformat`
- else
- objformat="aout"
- objformat="elf"
- fi
- PICFLAGS=-fpic
- if test "x$objformat" = "xelf" ; then
@ -15,6 +15,7 @@
+ sparc64-*) PICFLAGS=-fPIC;;
+ *) PICFLAGS=-fpic;;
+ esac
+
SHLIBVEXT='.so.$(LIBMAJOR)'
+ LDCOMBINE="libtool --mode=link cc -Xcompiler -shared"
RPATH_FLAG='-Wl,-rpath -Wl,'

12
security/krb5/pkg-plist
View File

@ -7,6 +7,7 @@ bin/kinit
bin/klist
bin/kpasswd
bin/krb5-config
bin/kswitch
bin/ksu
bin/ktutil
bin/kvno
@ -46,7 +47,10 @@ include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
include/kadm5/kadm_err.h
include/kdb.h
include/krb5/preauth_plugin.h
include/profile.h
include/verto-module.h
include/verto.h
lib/libcom_err.so
lib/libcom_err.so.3
lib/libgssapi_krb5.so
@ -62,14 +66,17 @@ lib/libkadm5srv.so
lib/libkadm5srv_mit.so
lib/libkadm5srv_mit.so.8
lib/libkdb5.so
lib/libkdb5.so.5
lib/libkdb5.so.6
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5support.so
lib/libkrb5support.so.0
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/encrypted_challenge.so
lib/krb5/plugins/preauth/pkinit.so
lib/libverto-k5ev.so.0
lib/libverto-k5ev.so
lib/libverto.so.0
lib/libverto.so
sbin/gss-server
sbin/kadmin.local
sbin/kadmind
@ -89,6 +96,7 @@ share/examples/krb5/kdc.conf
share/examples/krb5/krb5.conf
share/examples/krb5/services.append
share/gnats/mit
share/locale/en_US/LC_MESSAGES/mit-krb5.mo
@dirrm lib/krb5/plugins/preauth
@dirrm lib/krb5/plugins/libkrb5
@dirrm lib/krb5/plugins/kdb