From 6c8e7e98c6d10a55d6e662170b2b3629ae1edd34 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Mon, 26 Jan 2004 04:13:21 +0000 Subject: [PATCH] Brand new MIT KRB5 beta. --- MOVED | 2 +- security/Makefile | 1 + security/krb5-beta/Makefile | 157 ++++++++++++++ security/krb5-beta/distinfo | 1 + security/krb5-beta/files/README.FreeBSD | 32 +++ security/krb5-beta/files/patch-ac | 13 ++ security/krb5-beta/files/patch-ad | 13 ++ security/krb5-beta/files/patch-ae | 13 ++ security/krb5-beta/files/patch-af | 13 ++ security/krb5-beta/files/patch-ai | 28 +++ security/krb5-beta/files/patch-aj | 19 ++ .../files/patch-appl::bsd::Makefile.in | 12 ++ .../files/patch-appl::bsd::klogind.M | 35 ++++ .../files/patch-appl::gssftp::ftp::ftp_var.h | 23 +++ .../patch-appl::telnet::telnetd::Makefile.in | 11 + .../patch-appl::telnet::telnetd::telnetd.8 | 22 ++ .../patch-appl::telnet::telnetd::utility.c | 38 ++++ security/krb5-beta/files/patch-as | 195 ++++++++++++++++++ security/krb5-beta/files/patch-at | 14 ++ security/krb5-beta/files/patch-av | 15 ++ security/krb5-beta/files/patch-ax | 11 + security/krb5-beta/files/patch-ay | 50 +++++ security/krb5-beta/files/patch-ba | 77 +++++++ security/krb5-beta/files/patch-bb | 10 + security/krb5-beta/files/patch-config::pre.in | 10 + .../krb5-beta/files/patch-config::shlib.conf | 19 ++ .../files/patch-kadmin::cli::Makefile.in | 11 + .../files/patch-lib::krb5::krb::srv_rcache.c | 12 ++ .../files/patch-lib::krb5::os::hst_realm.c | 14 ++ .../files/patch-lib::krb5::os::locate_kdc.c | 13 ++ security/krb5-beta/pkg-descr | 24 +++ security/krb5-beta/pkg-plist | 108 ++++++++++ 32 files changed, 1015 insertions(+), 1 deletion(-) create mode 100644 security/krb5-beta/Makefile create mode 100644 security/krb5-beta/distinfo create mode 100644 security/krb5-beta/files/README.FreeBSD create mode 100644 security/krb5-beta/files/patch-ac create mode 100644 security/krb5-beta/files/patch-ad create mode 100644 security/krb5-beta/files/patch-ae create mode 100644 security/krb5-beta/files/patch-af create mode 100644 security/krb5-beta/files/patch-ai create mode 100644 security/krb5-beta/files/patch-aj create mode 100644 security/krb5-beta/files/patch-appl::bsd::Makefile.in create mode 100644 security/krb5-beta/files/patch-appl::bsd::klogind.M create mode 100644 security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h create mode 100644 security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in create mode 100644 security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 create mode 100644 security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c create mode 100644 security/krb5-beta/files/patch-as create mode 100644 security/krb5-beta/files/patch-at create mode 100644 security/krb5-beta/files/patch-av create mode 100644 security/krb5-beta/files/patch-ax create mode 100644 security/krb5-beta/files/patch-ay create mode 100644 security/krb5-beta/files/patch-ba create mode 100644 security/krb5-beta/files/patch-bb create mode 100644 security/krb5-beta/files/patch-config::pre.in create mode 100644 security/krb5-beta/files/patch-config::shlib.conf create mode 100644 security/krb5-beta/files/patch-kadmin::cli::Makefile.in create mode 100644 security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c create mode 100644 security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c create mode 100644 security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c create mode 100644 security/krb5-beta/pkg-descr create mode 100644 security/krb5-beta/pkg-plist diff --git a/MOVED b/MOVED index da0e1b00561c..54b497b14b62 100644 --- a/MOVED +++ b/MOVED @@ -163,7 +163,7 @@ biology/gaussian||2003-01-31|deleted maintain is hard and gray in license graphics/xine_dvdnav_plugin||2003-02-01|integrated into graphics/libxine devel/ossp-mm||2003-02-01|accidental dupe of devel/mm archivers/linux_rar||2003-02-03|FreeBSD/i386 binary is available -security/krb5-beta||2003-08-07|deleted: no longer in beta, MIT KRB5 1.3 released +security/krb5-beta||2004-01-25|resurrected: brand new MIT KRB5 1.3.2 beta security/pam_krb5||2003-02-12|resurrected: required when MIT KRB5 used in place of base system KRB5 deskutils/gnucash|finance/gnucash|2003-02-05|new category x11-toolkits/crux||2003-02-07|deleted: added to GNOME 2.2 desktop diff --git a/security/Makefile b/security/Makefile index e49678b5ccdf..8a17d83204ec 100644 --- a/security/Makefile +++ b/security/Makefile @@ -137,6 +137,7 @@ SUBDIR += knocker SUBDIR += krb4 SUBDIR += krb5 + SUBDIR += krb5-beta SUBDIR += kripp SUBDIR += kssh SUBDIR += l0pht-watch diff --git a/security/krb5-beta/Makefile b/security/krb5-beta/Makefile new file mode 100644 index 000000000000..1b107ee4be05 --- /dev/null +++ b/security/krb5-beta/Makefile @@ -0,0 +1,157 @@ +# Ports collection Makefile for: MIT Kerberos V +# Date created: 6/5/1998 +# Whom: nectar@FreeBSD.org +# +# $FreeBSD$ +# + +PORTNAME= krb5 +PORTVERSION= 1.3.2.b1 +CATEGORIES= security +# USE_TARBALL tells the port that the user has fetched the source +# directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). +USE_KRB5_TARBALL?= MIT + +.if defined(USE_KRB5_TARBALL) && ${USE_KRB5_TARBALL} == "CRYPTO-PUBLISH" +MASTER_SITES= http://www.crypto-publish.org/dist/mit-kerberos5/ +EXTRACT_SUFX= .tar.gz +.else +MASTER_SITES= http://web.mit.edu/kerberos/www/dist/krb5/${PORTVERSION:C/\.[0-9]*\.b[0-9]$//}/ +EXTRACT_SUFX= .tar +.endif +DISTNAME= ${PORTNAME}-${PORTVERSION:S/.b/-beta/} + +MAINTAINER= cy@FreeBSD.org +COMMENT= An authentication system developed at MIT, successor to Kerberos IV + +BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 + +KERBEROSV_URL= http://web.mit.edu/network/kerberos-form.html +USE_REINPLACE= yes +USE_GMAKE= yes +USE_PERL5_BUILD= yes +INSTALLS_SHLIB= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS?= --enable-shared +CONFIGURE_ENV= INSTALL="${INSTALL}" YACC=/usr/bin/yacc \ + CFLAGS="${CFLAGS}" +MAKE_ARGS= INSTALL="${INSTALL}" +KRB5_KRB4_COMPAT?= NO + +.if !defined(KRB5_KRB4_COMPAT) || ${KRB5_KRB4_COMPAT} == "NO" +CONFIGURE_ARGS+= --without-krb4 +PLIST_SUB+= KRB4="@comment " +.else +PLIST_SUB+= KRB4="" +.endif + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +.endif + +INFO_FILES= krb425.info krb5-admin.info krb5-admin.info-1 \ + krb5-admin.info-2 krb5-admin.info-3 krb5-install.info \ + krb5-install.info-1 krb5-install.info-2 krb5-user.info + +MAN1= krb5-send-pr.1 kpasswd.1 v5passwd.1 klist.1 kinit.1 \ + kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 rlogin.1 \ + ftp.1 telnet.1 kerberos.1 kvno.1 compile_et.1 +.if defined(KRB5_KRB4_COMPAT) && ${KRB5_KRB4_COMPAT} != "NO" +MAN1+= v4rcp.1 +.endif +MAN5= kdc.conf.5 krb5.conf.5 .k5login.5 +MAN8= krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \ + ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \ + kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 \ + k5srvutil.8 + +WRKSRC= ${WRKDIR}/${DISTNAME}/src + +WANT_HTML?= YES +HTML_DOC_DIR= ${WRKDIR}/${DISTNAME}/doc +HTML_DOCS= admin.html user-guide.html install.html +HTML_OUTDIRS= krb5-admin krb5-install + +.include + +.if defined(USE_KRB5_TARBALL) && ${USE_KRB5_TARBALL} == "MIT" +post-extract: + @${TAR} -C ${WRKDIR} -xzf ${WRKDIR}/${DISTNAME}.tar.gz + @${RM} ${WRKDIR}/${DISTNAME}.tar.gz ${WRKDIR}/${DISTNAME}.tar.gz.asc +.if !defined(EXTRACT_PRESERVE_OWNERSHIP) + @if [ `id -u` = 0 ]; then \ + ${CHMOD} -R ug-s,go-w ${WRKDIR}/${DISTNAME}; \ + ${CHOWN} -R 0:0 ${WRKDIR}/${DISTNAME}; \ + fi +.endif +.endif + +post-patch: +.if ${OSVERSION} >= 500000 + @${REINPLACE_CMD} -e '1s,^#!\/usr\/athena,#!${LOCALBASE},' \ + ${WRKSRC}/../doc/man2html +.else + @${REINPLACE_CMD} -e '1s,^#!\/usr\/athena,#!\/usr,' \ + ${WRKSRC}/../doc/man2html +.endif + +pre-build: +.if !defined(KRB5_KRB4_COMPAT) + @${ECHO} "------------------------------------------------------" + @${ECHO} "Set KRB5_KRB4_COMPAT=NO if you do not want to build " + @${ECHO} "the KerberosIV compatibility libraries. " + @${ECHO} "------------------------------------------------------" +.endif + +post-build: + @(cd ${WRKSRC}/../doc && \ + ${MAKE} ${INFO_FILES}) +.if defined(WANT_HTML) && ${WANT_HTML} == "YES" + @(cd ${WRKSRC}/../doc && \ + ${MAKE} ${HTML_DOCS}) +.endif + +post-install: +# html documentation +.if defined(WANT_HTML) && ${WANT_HTML} == "YES" + @${MKDIR} ${PREFIX}/share/doc/krb5 + for html in ${HTML_DOC_DIR}/*.html; do \ + ${INSTALL_MAN} $${html} ${PREFIX}/share/doc/krb5; \ + ${ECHO_CMD} share/doc/krb5/`${BASENAME} $${html}` >> ${TMPPLIST}; \ + done +.for htmldir in ${HTML_OUTDIRS} + @${MKDIR} ${PREFIX}/share/doc/krb5/${htmldir} + for html in ${HTML_DOC_DIR}/${htmldir}/*; do \ + ${INSTALL_MAN} $${html} ${PREFIX}/share/doc/krb5/${htmldir}; \ + ${ECHO_CMD} share/doc/krb5/${htmldir}/`${BASENAME} $${html}` >> ${TMPPLIST}; \ + done + ${ECHO_CMD} @dirrm share/doc/krb5/${htmldir} >> ${TMPPLIST} +.endfor +.endif + ${ECHO_CMD} @dirrm share/doc/krb5 >> ${TMPPLIST} +# handle info files +.for info in ${INFO_FILES} + ${INSTALL_MAN} ${WRKSRC}/../doc/${info} ${PREFIX}/info/${info} +.endfor +.for info in ${INFO_FILES:M*.info} + install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir +.endfor +# fixup packing list (no libs without version numbers in aout case) +.if ${PORTOBJFORMAT} == "aout" + ${ECHO_MSG} "Fixing packing list for a.out" + ${MV} ${TMPPLIST} ${TMPPLIST}.new + ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} + ${RM} ${TMPPLIST}.new +.endif + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" + +.include diff --git a/security/krb5-beta/distinfo b/security/krb5-beta/distinfo new file mode 100644 index 000000000000..ead9928442ad --- /dev/null +++ b/security/krb5-beta/distinfo @@ -0,0 +1 @@ +MD5 (krb5-1.3.2-beta1.tar) = b457d2c6cc43a3220469dec4b7f66d48 diff --git a/security/krb5-beta/files/README.FreeBSD b/security/krb5-beta/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-beta/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-beta/files/patch-ac b/security/krb5-beta/files/patch-ac new file mode 100644 index 000000000000..8bca5437d964 --- /dev/null +++ b/security/krb5-beta/files/patch-ac @@ -0,0 +1,13 @@ +--- ../doc/admin.texinfo Fri Feb 6 21:40:56 1998 ++++ admin.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb5-admin.info + @settitle Kerberos V5 System Administrator's Guide ++@dircategory Kerberos V5 ++@direntry ++* Admin Guide: (krb5-admin). Kerberos V5 System Admin's Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ad b/security/krb5-beta/files/patch-ad new file mode 100644 index 000000000000..c8b6d3e99e91 --- /dev/null +++ b/security/krb5-beta/files/patch-ad @@ -0,0 +1,13 @@ +--- ../doc/user-guide.texinfo Fri Feb 6 21:40:58 1998 ++++ user-guide.texinfo Fri Jun 19 15:13:45 1998 +@@ -3,6 +3,10 @@ + @c guide + @setfilename krb5-user.info + @settitle Kerberos V5 UNIX User's Guide ++@dircategory Kerberos V5 ++@direntry ++* User's Guide: (krb5-user). Kerberos V5 UNIX User's Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ae b/security/krb5-beta/files/patch-ae new file mode 100644 index 000000000000..f5643b5aa04f --- /dev/null +++ b/security/krb5-beta/files/patch-ae @@ -0,0 +1,13 @@ +--- ../doc/install.texinfo Fri Feb 6 21:40:56 1998 ++++ install.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb5-install.info + @settitle Kerberos V5 Installation Guide ++@dircategory Kerberos V5 ++@direntry ++* Installation Guide: (krb5-install). Kerberos V5 Installation Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-af b/security/krb5-beta/files/patch-af new file mode 100644 index 000000000000..49425d6efceb --- /dev/null +++ b/security/krb5-beta/files/patch-af @@ -0,0 +1,13 @@ +--- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998 ++++ krb425.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb425.info + @settitle Upgrading to Kerberos V5 from Kerberos V4 ++@dircategory Kerberos V5 ++@direntry ++* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5 ++@end direntry + @c @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ai b/security/krb5-beta/files/patch-ai new file mode 100644 index 000000000000..f5b733194344 --- /dev/null +++ b/security/krb5-beta/files/patch-ai @@ -0,0 +1,28 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); ++ ++#ifndef LOG_FTP ++#define FACILITY LOG_DAEMON ++#else ++#define FACILITY LOG_FTP ++#endif ++ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { + secure_error("ADAT: krb_mk_safe failed"); ++ return(0); ++ } ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); + } + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-beta/files/patch-aj b/security/krb5-beta/files/patch-aj new file mode 100644 index 000000000000..c3bb8dfd6960 --- /dev/null +++ b/security/krb5-beta/files/patch-aj @@ -0,0 +1,19 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-beta/files/patch-appl::bsd::Makefile.in b/security/krb5-beta/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..581048933264 --- /dev/null +++ b/security/krb5-beta/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,12 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -31,8 +31,8 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ + -DHEIMDAL_FRIENDLY + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-beta/files/patch-appl::bsd::klogind.M b/security/krb5-beta/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..9cddd5fc222d --- /dev/null +++ b/security/krb5-beta/files/patch-appl::bsd::klogind.M @@ -0,0 +1,35 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,7 +14,7 @@ + .B \-kr54cpPef + ] + [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ] +-[ \fB\-D\fP \fIport\fP ] ++[ \fB\-D\fP \fIport\fP ] [\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + + .IP \fB\-D\ port\fP + Run in standalone mode, listening on \fBport\fP. The daemon will exit diff --git a/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h b/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h new file mode 100644 index 000000000000..256e929aa68f --- /dev/null +++ b/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h @@ -0,0 +1,23 @@ +--- appl/gssftp/ftp/ftp_var.h.orig Tue Jun 17 02:37:40 2003 ++++ appl/gssftp/ftp/ftp_var.h Sat Aug 30 05:30:44 2003 +@@ -33,6 +33,10 @@ + * @(#)ftp_var.h 5.9 (Berkeley) 6/1/90 + */ + ++#if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version > 500000 ++#undef __BSD_VISIBLE ++#endif ++ + #ifdef _WIN32 + #include + #include +@@ -57,9 +61,7 @@ + typedef void (*sig_t)(int); + typedef void sigtype; + #else +-#define sig_t my_sig_t + #define sigtype krb5_sigtype +-typedef sigtype (*sig_t)(); + #endif + + /* diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c new file mode 100644 index 000000000000..8bb656dc0673 --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c @@ -0,0 +1,38 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) + { +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { +- netflush(); +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; + } +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; + } + + /* diff --git a/security/krb5-beta/files/patch-as b/security/krb5-beta/files/patch-as new file mode 100644 index 000000000000..de19886eac08 --- /dev/null +++ b/security/krb5-beta/files/patch-as @@ -0,0 +1,195 @@ +--- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 ++++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 +@@ -32,6 +32,10 @@ + #include + #include + ++#ifdef LOGIN_CAP ++#include ++#endif ++ + /* globals */ + char * prog_name; + int auth_debug =0; +@@ -61,7 +65,7 @@ + ill specified arguments to commands */ + + void usage (){ +- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); ++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + } + + /* for Ultrix and friends ... */ +@@ -77,6 +81,7 @@ + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +@@ -91,6 +96,7 @@ + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + const char * cc_source_tag = NULL; +@@ -117,6 +123,11 @@ + krb5_principal kdc_server; + krb5_boolean zero_password; + char * dir_of_cc_target; ++ ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ int setwhat; ++#endif + + options.opt = KRB5_DEFAULT_OPTIONS; + options.lifetime = KRB5_DEFAULT_TKT_LIFE; +@@ -181,7 +192,7 @@ + com_err (prog_name, errno, "while setting euid to source user"); + exit (1); + } +- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ ++ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +@@ -227,6 +238,9 @@ + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +@@ -341,6 +355,7 @@ + + /* allocate space and copy the usernamane there */ + source_user = xstrdup(pwd->pw_name); ++ source_shell = xstrdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +@@ -672,43 +687,64 @@ + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +- if (target_pwd->pw_shell) +- shell = xstrdup(target_pwd->pw_shell); +- else { +- shell = _DEF_CSH; /* default is cshell */ ++ if (asme) { ++ if (source_shell && *source_shell) { ++ shell = strdup(source_shell); ++ } else { ++ shell = _DEF_CSH; ++ } ++ } else { ++ if (target_pwd->pw_shell) ++ shell = strdup(target_pwd->pw_shell); ++ else { ++ shell = _DEF_CSH; /* default is cshell */ ++ } + } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +- if (!standard_shell(target_pwd->pw_shell) && source_uid) { +- fprintf(stderr, "ksu: permission denied (shell).\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); ++ if (asme) { ++ if (!standard_shell(pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } else { ++ if (!standard_shell(target_pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } + #endif /* HAVE_GETUSERSHELL */ + +- if (target_pwd->pw_uid){ +- +- if(set_env_var("USER", target_pwd->pw_name)){ ++ if (!asme) { ++ if (target_pwd->pw_uid){ ++ if (set_env_var("USER", target_pwd->pw_name)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } ++ ++ if (set_env_var( "HOME", target_pwd->pw_dir)){ + fprintf(stderr,"ksu: couldn't set environment variable USER\n"); + sweep_up(ksu_context, cc_target); + exit(1); +- } +- } +- +- if(set_env_var( "HOME", target_pwd->pw_dir)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ } + +- if(set_env_var( "SHELL", shell)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ if (set_env_var( "SHELL", shell)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } ++ ++#ifdef LOGIN_CAP ++ lc = login_getpwclass(pwd); ++#endif + + /* set the cc env name to target */ + +@@ -718,7 +754,19 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } +- ++ ++#ifdef LOGIN_CAP ++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; ++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; ++ /* ++ * Don't touch resource/priority settings if -m has been ++ * used or -l and -c hasn't, and we're not su'ing to root. ++ */ ++ if (target_pwd->pw_uid) ++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); ++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) ++ err(1, "setusercontext"); ++#else + /* set permissions */ + if (setgid(target_pwd->pw_gid) < 0) { + perror("ksu: setgid"); +@@ -759,6 +807,7 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } ++#endif + + if (access( cc_target_tag_tmp, R_OK | W_OK )){ + com_err(prog_name, errno, diff --git a/security/krb5-beta/files/patch-at b/security/krb5-beta/files/patch-at new file mode 100644 index 000000000000..060207ec644a --- /dev/null +++ b/security/krb5-beta/files/patch-at @@ -0,0 +1,14 @@ +*** include/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-beta/files/patch-av b/security/krb5-beta/files/patch-av new file mode 100644 index 000000000000..8363b8bb1e2d --- /dev/null +++ b/security/krb5-beta/files/patch-av @@ -0,0 +1,15 @@ +*** clients/ksu/Makefile.in.ORIG Sun Aug 2 16:51:18 1998 +--- clients/ksu/Makefile.in Sun Aug 2 16:53:48 1998 +*************** +*** 3,7 **** + mydir=ksu + BUILDTOP=$(REL)$(U)$(S)$(U) +! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' + CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) + +--- 3,7 ---- + mydir=ksu + BUILDTOP=$(REL)$(U)$(S)$(U) +! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' + CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) + diff --git a/security/krb5-beta/files/patch-ax b/security/krb5-beta/files/patch-ax new file mode 100644 index 000000000000..443b321e28db --- /dev/null +++ b/security/krb5-beta/files/patch-ax @@ -0,0 +1,11 @@ +--- ../doc/Makefile.orig Fri Sep 20 10:35:27 2002 ++++ ../doc/Makefile Tue Jul 29 18:53:08 2003 +@@ -1,7 +1,7 @@ + SRCDIR=../src + DVI=texi2dvi + DVIPS=dvips -o "$@" +-INFO=makeinfo ++INFO=makeinfo --no-validate + HTML=makeinfo --html + RM=rm -f + TAR=tar -chvf diff --git a/security/krb5-beta/files/patch-ay b/security/krb5-beta/files/patch-ay new file mode 100644 index 000000000000..54c041e205f1 --- /dev/null +++ b/security/krb5-beta/files/patch-ay @@ -0,0 +1,50 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ + #include "libpty.h" + #include "pty-int.h" + ++#ifdef __FreeBSD__ ++#define PTYCHARS1 "pqrsPQRS" ++#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv" ++#endif ++ ++#ifndef PTYCHARS1 ++#define PTYCHARS1 "pqrstuvwxyzPQRST" ++#endif ++ ++#ifndef PTYCHARS2 ++#define PTYCHARS2 "0123456789abcdef" ++#endif ++ + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) + { ++ int ptynum; ++ char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; + char *p; +- int i,ptynum; + struct stat stb; + char slavebuf[1024]; + #endif +@@ -115,14 +128,14 @@ + strncpy(slave, slavebuf, slavelength); + return 0; + } else { +- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { ++ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) { + sprintf(slavebuf,"/dev/ptyXX"); +- slavebuf[sizeof("/dev/pty") - 1] = *cp; ++ slavebuf[sizeof("/dev/pty") - 1] = *cp1; + slavebuf[sizeof("/dev/ptyp") - 1] = '0'; + if (stat(slavebuf, &stb) < 0) + break; +- for (i = 0; i < 16; i++) { +- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i]; ++ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) { ++ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2; + *fd = open(slavebuf, O_RDWR); + if (*fd < 0) continue; + diff --git a/security/krb5-beta/files/patch-ba b/security/krb5-beta/files/patch-ba new file mode 100644 index 000000000000..dd0c760df7d2 --- /dev/null +++ b/security/krb5-beta/files/patch-ba @@ -0,0 +1,77 @@ +--- appl/bsd/login.c.orig Tue May 27 21:06:25 2003 ++++ appl/bsd/login.c Tue Jul 29 20:52:25 2003 +@@ -1342,19 +1342,6 @@ + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + } + +- /* Policy: If local password is good, user is good. +- We really can't trust the Kerberos password, +- because somebody on the net could spoof the +- Kerberos server (not easy, but possible). +- Some sites might want to use it anyways, in +- which case they should change this line +- to: +- if (kpass_ok) +- */ +- +- if (lpass_ok) +- break; +- + if (got_v5_tickets) { + retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, + NULL, &xtra_creds, +@@ -1378,6 +1365,9 @@ + } + #endif /* KRB4_GET_TICKETS */ + ++ if (lpass_ok) ++ break; ++ + bad_login: + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + +@@ -1667,21 +1657,23 @@ + /* set up credential cache -- obeying KRB5_ENV_CCNAME + set earlier */ + /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ +- if ((retval = krb5_cc_default(kcontext, &ccache))) { ++ if ((retval = krb5_cc_default(kcontext, &ccache))) + com_err(argv[0], retval, "while getting default ccache"); +- } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) { +- com_err(argv[0], retval, "when initializing cache"); +- } else if ((retval = krb5_cc_store_cred(kcontext, ccache, +- &my_creds))) { +- com_err(argv[0], retval, "while storing credentials"); +- } else if (xtra_creds && +- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, +- ccache))) { +- com_err(argv[0], retval, "while storing credentials"); ++ else { ++ if (retval = krb5_cc_initialize(kcontext, ccache, me)) ++ com_err(argv[0], retval, "when initializing cache"); ++ else { ++ if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) ++ com_err(argv[0], retval, "while storing credentials"); ++ else { ++ if (xtra_creds && ++ (retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) { ++ com_err(argv[0], retval, "while storing credentials"); ++ krb5_cc_destroy(kcontext, xtra_creds); ++ } ++ } ++ } + } +- +- if (xtra_creds) +- krb5_cc_destroy(kcontext, xtra_creds); + } else if (forwarded_v5_tickets && rewrite_ccache) { + if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { + syslog(LOG_ERR, +@@ -1762,6 +1754,7 @@ + + if (ccname) + setenv("KRB5CCNAME", ccname, 1); ++ krb5_cc_set_default_name(kcontext, ccname); + + setenv("HOME", pwd->pw_dir, 1); + setenv("PATH", LPATH, 1); diff --git a/security/krb5-beta/files/patch-bb b/security/krb5-beta/files/patch-bb new file mode 100644 index 000000000000..6545ae682c53 --- /dev/null +++ b/security/krb5-beta/files/patch-bb @@ -0,0 +1,10 @@ +--- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999 ++++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999 +@@ -58,7 +58,6 @@ + $(INSTALL_DATA) $(srcdir)/$$f.1 \ + ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ + done +- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc + + authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) + commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) diff --git a/security/krb5-beta/files/patch-config::pre.in b/security/krb5-beta/files/patch-config::pre.in new file mode 100644 index 000000000000..fc3ff4c7a047 --- /dev/null +++ b/security/krb5-beta/files/patch-config::pre.in @@ -0,0 +1,10 @@ +--- config/pre.in.orig Tue May 27 21:06:28 2003 ++++ config/pre.in Wed Aug 6 11:11:54 2003 +@@ -152,6 +152,7 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ + INSTALL_SHLIB=@INSTALL_SHLIB@ + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root diff --git a/security/krb5-beta/files/patch-config::shlib.conf b/security/krb5-beta/files/patch-config::shlib.conf new file mode 100644 index 000000000000..48d5e9a51f8b --- /dev/null +++ b/security/krb5-beta/files/patch-config::shlib.conf @@ -0,0 +1,19 @@ +--- config/shlib.conf.orig Sun Mar 2 23:09:45 2003 ++++ config/shlib.conf Tue Jul 29 18:16:43 2003 +@@ -179,14 +179,15 @@ + PICFLAGS=-fpic + if test "x$objformat" = "xelf" ; then + SHLIBVEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='cc -shared -Wl,-soname,lib$(LIB)$(SHLIBVEXT)' + RPATH_FLAG='-Wl,-rpath -Wl,' + else ++ LDCOMBINE='ld -Bshareable' + RPATH_FLAG=-R + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' + fi + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' + SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' diff --git a/security/krb5-beta/files/patch-kadmin::cli::Makefile.in b/security/krb5-beta/files/patch-kadmin::cli::Makefile.in new file mode 100644 index 000000000000..266deea90231 --- /dev/null +++ b/security/krb5-beta/files/patch-kadmin::cli::Makefile.in @@ -0,0 +1,11 @@ +--- kadmin/cli/Makefile.in.orig Fri Feb 7 13:41:20 2003 ++++ kadmin/cli/Makefile.in Tue Aug 5 16:32:02 2003 +@@ -21,7 +21,7 @@ + install:: + $(INSTALL_PROGRAM) $(PROG).local ${DESTDIR}$(ADMIN_BINDIR)/$(PROG).local + $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) +- $(INSTALL_PROGRAM) $(srcdir)/k5srvutil.sh ${DESTDIR}$(ADMIN_BINDIR)/k5srvutil ++ $(INSTALL_SCRIPT) $(srcdir)/k5srvutil.sh ${DESTDIR}$(ADMIN_BINDIR)/k5srvutil + $(INSTALL_DATA) $(srcdir)/k5srvutil.M ${DESTDIR}$(ADMIN_MANDIR)/k5srvutil.8 + $(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8 + $(INSTALL_DATA) $(srcdir)/$(PROG).local.M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).local.8 diff --git a/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c b/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c new file mode 100644 index 000000000000..79e16f93110d --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c @@ -0,0 +1,12 @@ +--- lib/krb5/krb/srv_rcache.c 1999-09-24 17:19:48.000000000 -0400 ++++ lib/krb5/krb/srv_rcache.c 2003-02-03 19:29:32.000000000 -0500 +@@ -48,6 +48,9 @@ + unsigned long uid = geteuid(); + #endif + ++ if (piece == NULL) ++ return ENOMEM; ++ + rcache = (krb5_rcache) malloc(sizeof(*rcache)); + if (!rcache) + return ENOMEM; diff --git a/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c b/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c new file mode 100644 index 000000000000..d3caed59fd30 --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c @@ -0,0 +1,14 @@ +--- lib/krb5/os/hst_realm.c.orig Tue Oct 15 15:51:50 2002 ++++ lib/krb5/os/hst_realm.c Sat Jan 24 20:11:05 2004 +@@ -438,9 +438,11 @@ + return EAFNOSUPPORT; + case EAI_MEMORY: + return ENOMEM; ++#ifdef EAI_NODATA + #if EAI_NODATA != EAI_NONAME + case EAI_NODATA: + return KRB5_EAI_NODATA; ++#endif + #endif + case EAI_NONAME: + return KRB5_EAI_NONAME; diff --git a/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c b/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c new file mode 100644 index 000000000000..5cfbbe3553de --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c @@ -0,0 +1,13 @@ +--- lib/krb5/os/locate_kdc.c.orig Mon Jun 9 14:27:56 2003 ++++ lib/krb5/os/locate_kdc.c Sun Jan 25 13:28:01 2004 +@@ -185,8 +185,10 @@ + #ifdef EAI_ADDRFAMILY + case EAI_ADDRFAMILY: + #endif ++#ifdef EAI_NODATA + #if EAI_NODATA != EAI_NONAME + case EAI_NODATA: ++#endif + #endif + case EAI_NONAME: + /* Name not known or no address data, but no error. Do diff --git a/security/krb5-beta/pkg-descr b/security/krb5-beta/pkg-descr new file mode 100644 index 000000000000..376a48c52faf --- /dev/null +++ b/security/krb5-beta/pkg-descr @@ -0,0 +1,24 @@ +Kerberos V5 is an authentication system developed at MIT. +WWW: http://web.mit.edu/kerberos/www/ + +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine diff --git a/security/krb5-beta/pkg-plist b/security/krb5-beta/pkg-plist new file mode 100644 index 000000000000..55f03d68c13b --- /dev/null +++ b/security/krb5-beta/pkg-plist @@ -0,0 +1,108 @@ +@unexec install-info --delete %D/info/krb425.info %D/info/dir +@unexec install-info --delete %D/info/krb5-admin.info %D/info/dir +@unexec install-info --delete %D/info/krb5-install.info %D/info/dir +@unexec install-info --delete %D/info/krb5-user.info %D/info/dir +bin/compile_et +bin/ftp +bin/gss-client +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +%%KRB4%%bin/krb524init +bin/ksu +bin/kvno +bin/rcp +bin/rlogin +bin/rsh +bin/sclient +bin/sim_client +bin/telnet +bin/uuclient +%%KRB4%%bin/v4rcp +bin/v5passwd +include/com_err.h +include/gssapi/gssapi.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +%%KRB4%%include/kerberosIV/des.h +%%KRB4%%include/kerberosIV/kadm_err.h +%%KRB4%%include/kerberosIV/krb.h +%%KRB4%%include/kerberosIV/krb_err.h +%%KRB4%%include/kerberosIV/mit-copyright.h +include/krb5.h +include/profile.h +info/krb425.info +info/krb5-admin.info +info/krb5-admin.info-1 +info/krb5-admin.info-2 +info/krb5-admin.info-3 +info/krb5-install.info +info/krb5-install.info-1 +info/krb5-install.info-2 +info/krb5-user.info +lib/libcom_err.a +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libdes425.a +lib/libdes425.so +lib/libdes425.so.3 +lib/libgssapi_krb5.a +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssrpc.a +lib/libgssrpc.so +lib/libgssrpc.so.3 +lib/libk5crypto.a +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libkadm5clnt.a +lib/libkadm5clnt.so +lib/libkadm5clnt.so.5 +lib/libkadm5srv.a +lib/libkadm5srv.so +lib/libkadm5srv.so.5 +lib/libkdb5.a +lib/libkdb5.so +lib/libkdb5.so.4 +%%KRB4%%lib/libkrb4.a +%%KRB4%%lib/libkrb4.so +%%KRB4%%lib/libkrb4.so.2 +lib/libkrb5.a +lib/libkrb5.so +lib/libkrb5.so.3 +sbin/ftpd +sbin/gss-server +sbin/k5srvutil +sbin/kadmin +sbin/kadmin.local +sbin/kadmind +%%KRB4%%sbin/kadmind4 +sbin/kdb5_util +sbin/klogind +sbin/kprop +sbin/kpropd +sbin/krb5-send-pr +%%KRB4%%sbin/krb524d +sbin/krb5kdc +sbin/kshd +sbin/ktutil +sbin/login.krb5 +sbin/sim_server +sbin/sserver +sbin/telnetd +sbin/uuserver +sbin/v5passwdd +share/doc/krb5/README.FreeBSD +share/et/et_c.awk +share/et/et_h.awk +share/gnats/mit +@dirrm include/gssapi +@dirrm include/kerberosIV +@dirrm share/et +@dirrm share/gnats +@exec install-info %D/info/krb425.info %D/info/dir +@exec install-info %D/info/krb5-admin.info %D/info/dir +@exec install-info %D/info/krb5-install.info %D/info/dir +@exec install-info %D/info/krb5-user.info %D/info/dir