diff options
Diffstat (limited to 'security/krb5-beta/files')
26 files changed, 723 insertions, 0 deletions
diff --git a/security/krb5-beta/files/README.FreeBSD b/security/krb5-beta/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-beta/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-beta/files/patch-ac b/security/krb5-beta/files/patch-ac new file mode 100644 index 000000000000..8bca5437d964 --- /dev/null +++ b/security/krb5-beta/files/patch-ac @@ -0,0 +1,13 @@ +--- ../doc/admin.texinfo Fri Feb 6 21:40:56 1998 ++++ admin.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb5-admin.info + @settitle Kerberos V5 System Administrator's Guide ++@dircategory Kerberos V5 ++@direntry ++* Admin Guide: (krb5-admin). Kerberos V5 System Admin's Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ad b/security/krb5-beta/files/patch-ad new file mode 100644 index 000000000000..c8b6d3e99e91 --- /dev/null +++ b/security/krb5-beta/files/patch-ad @@ -0,0 +1,13 @@ +--- ../doc/user-guide.texinfo Fri Feb 6 21:40:58 1998 ++++ user-guide.texinfo Fri Jun 19 15:13:45 1998 +@@ -3,6 +3,10 @@ + @c guide + @setfilename krb5-user.info + @settitle Kerberos V5 UNIX User's Guide ++@dircategory Kerberos V5 ++@direntry ++* User's Guide: (krb5-user). Kerberos V5 UNIX User's Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ae b/security/krb5-beta/files/patch-ae new file mode 100644 index 000000000000..f5643b5aa04f --- /dev/null +++ b/security/krb5-beta/files/patch-ae @@ -0,0 +1,13 @@ +--- ../doc/install.texinfo Fri Feb 6 21:40:56 1998 ++++ install.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb5-install.info + @settitle Kerberos V5 Installation Guide ++@dircategory Kerberos V5 ++@direntry ++* Installation Guide: (krb5-install). Kerberos V5 Installation Guide ++@end direntry + @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-af b/security/krb5-beta/files/patch-af new file mode 100644 index 000000000000..49425d6efceb --- /dev/null +++ b/security/krb5-beta/files/patch-af @@ -0,0 +1,13 @@ +--- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998 ++++ krb425.texinfo Fri Jun 19 15:13:45 1998 +@@ -5,6 +5,10 @@ + @c guide + @setfilename krb425.info + @settitle Upgrading to Kerberos V5 from Kerberos V4 ++@dircategory Kerberos V5 ++@direntry ++* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5 ++@end direntry + @c @setchapternewpage odd @c chapter begins on next odd page + @c @setchapternewpage on @c chapter begins on next page + @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ai b/security/krb5-beta/files/patch-ai new file mode 100644 index 000000000000..f5b733194344 --- /dev/null +++ b/security/krb5-beta/files/patch-ai @@ -0,0 +1,28 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); ++ ++#ifndef LOG_FTP ++#define FACILITY LOG_DAEMON ++#else ++#define FACILITY LOG_FTP ++#endif ++ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { + secure_error("ADAT: krb_mk_safe failed"); ++ return(0); ++ } ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); + } + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-beta/files/patch-aj b/security/krb5-beta/files/patch-aj new file mode 100644 index 000000000000..c3bb8dfd6960 --- /dev/null +++ b/security/krb5-beta/files/patch-aj @@ -0,0 +1,19 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-beta/files/patch-appl::bsd::Makefile.in b/security/krb5-beta/files/patch-appl::bsd::Makefile.in new file mode 100644 index 000000000000..581048933264 --- /dev/null +++ b/security/krb5-beta/files/patch-appl::bsd::Makefile.in @@ -0,0 +1,12 @@ +--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 +@@ -31,8 +31,8 @@ + -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" + + DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \ +- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ ++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ + -DHEIMDAL_FRIENDLY + + all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) + diff --git a/security/krb5-beta/files/patch-appl::bsd::klogind.M b/security/krb5-beta/files/patch-appl::bsd::klogind.M new file mode 100644 index 000000000000..9cddd5fc222d --- /dev/null +++ b/security/krb5-beta/files/patch-appl::bsd::klogind.M @@ -0,0 +1,35 @@ +--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 ++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 +@@ -14,7 +14,7 @@ + .B \-kr54cpPef + ] + [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ] +-[ \fB\-D\fP \fIport\fP ] ++[ \fB\-D\fP \fIport\fP ] [\fB\-L\fP \fIloginpath\fP] + .SH DESCRIPTION + .I Klogind + is the server for the +@@ -107,6 +108,10 @@ + Beta5 (May 1995)--present bogus checksums that prevent Kerberos + authentication from succeeding in the default mode. + ++.IP \fB\-L\ loginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. ++ + + .PP + If the +@@ -157,12 +162,6 @@ + + .IP \fB\-M\ realm\fP + Set the Kerberos realm to use. +- +-.IP \fB\-L\ login\fP +-Set the login program to use. This option only has an effect if +-DO_NOT_USE_K_LOGIN was not defined when +-.I klogind +-was compiled. + + .IP \fB\-D\ port\fP + Run in standalone mode, listening on \fBport\fP. The daemon will exit diff --git a/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h b/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h new file mode 100644 index 000000000000..256e929aa68f --- /dev/null +++ b/security/krb5-beta/files/patch-appl::gssftp::ftp::ftp_var.h @@ -0,0 +1,23 @@ +--- appl/gssftp/ftp/ftp_var.h.orig Tue Jun 17 02:37:40 2003 ++++ appl/gssftp/ftp/ftp_var.h Sat Aug 30 05:30:44 2003 +@@ -33,6 +33,10 @@ + * @(#)ftp_var.h 5.9 (Berkeley) 6/1/90 + */ + ++#if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version > 500000 ++#undef __BSD_VISIBLE ++#endif ++ + #ifdef _WIN32 + #include <windows.h> + #include <winsock2.h> +@@ -57,9 +61,7 @@ + typedef void (*sig_t)(int); + typedef void sigtype; + #else +-#define sig_t my_sig_t + #define sigtype krb5_sigtype +-typedef sigtype (*sig_t)(); + #endif + + /* diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in new file mode 100644 index 000000000000..cb5a0e26d49d --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in @@ -0,0 +1,11 @@ +--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 +@@ -24,7 +24,7 @@ + # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 + # + +-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN ++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" + OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON + LOCALINCLUDES=-I.. -I$(srcdir)/.. + DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 new file mode 100644 index 000000000000..951ee0d5692a --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 @@ -0,0 +1,22 @@ +--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 +@@ -43,7 +43,7 @@ + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] + [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] + [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] +-[\fB\-debug\fP [\fIport\fP]] ++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] + .SH DESCRIPTION + The + .B telnetd +@@ -221,6 +221,10 @@ + in response to a + .SM DO TIMING-MARK) + for kludge linemode support. ++.TP ++\fB\-L\fP \fIloginpath\fP ++Specify pathname to an alternative login program. Default: /usr/bin/login. ++KRB5_HOME/sbin/login.krb5 may be specified. + .TP + .B \-l + Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c new file mode 100644 index 000000000000..8bb656dc0673 --- /dev/null +++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c @@ -0,0 +1,38 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) + { +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { +- netflush(); +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; + } +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; + } + + /* diff --git a/security/krb5-beta/files/patch-as b/security/krb5-beta/files/patch-as new file mode 100644 index 000000000000..de19886eac08 --- /dev/null +++ b/security/krb5-beta/files/patch-as @@ -0,0 +1,195 @@ +--- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 ++++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 +@@ -32,6 +32,10 @@ + #include <signal.h> + #include <grp.h> + ++#ifdef LOGIN_CAP ++#include <login_cap.h> ++#endif ++ + /* globals */ + char * prog_name; + int auth_debug =0; +@@ -61,7 +65,7 @@ + ill specified arguments to commands */ + + void usage (){ +- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); ++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + } + + /* for Ultrix and friends ... */ +@@ -77,6 +81,7 @@ + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +@@ -91,6 +96,7 @@ + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + const char * cc_source_tag = NULL; +@@ -117,6 +123,11 @@ + krb5_principal kdc_server; + krb5_boolean zero_password; + char * dir_of_cc_target; ++ ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ int setwhat; ++#endif + + options.opt = KRB5_DEFAULT_OPTIONS; + options.lifetime = KRB5_DEFAULT_TKT_LIFE; +@@ -181,7 +192,7 @@ + com_err (prog_name, errno, "while setting euid to source user"); + exit (1); + } +- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ ++ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +@@ -227,6 +238,9 @@ + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +@@ -341,6 +355,7 @@ + + /* allocate space and copy the usernamane there */ + source_user = xstrdup(pwd->pw_name); ++ source_shell = xstrdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +@@ -672,43 +687,64 @@ + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +- if (target_pwd->pw_shell) +- shell = xstrdup(target_pwd->pw_shell); +- else { +- shell = _DEF_CSH; /* default is cshell */ ++ if (asme) { ++ if (source_shell && *source_shell) { ++ shell = strdup(source_shell); ++ } else { ++ shell = _DEF_CSH; ++ } ++ } else { ++ if (target_pwd->pw_shell) ++ shell = strdup(target_pwd->pw_shell); ++ else { ++ shell = _DEF_CSH; /* default is cshell */ ++ } + } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +- if (!standard_shell(target_pwd->pw_shell) && source_uid) { +- fprintf(stderr, "ksu: permission denied (shell).\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); ++ if (asme) { ++ if (!standard_shell(pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } else { ++ if (!standard_shell(target_pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } + #endif /* HAVE_GETUSERSHELL */ + +- if (target_pwd->pw_uid){ +- +- if(set_env_var("USER", target_pwd->pw_name)){ ++ if (!asme) { ++ if (target_pwd->pw_uid){ ++ if (set_env_var("USER", target_pwd->pw_name)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } ++ ++ if (set_env_var( "HOME", target_pwd->pw_dir)){ + fprintf(stderr,"ksu: couldn't set environment variable USER\n"); + sweep_up(ksu_context, cc_target); + exit(1); +- } +- } +- +- if(set_env_var( "HOME", target_pwd->pw_dir)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ } + +- if(set_env_var( "SHELL", shell)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ if (set_env_var( "SHELL", shell)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } ++ ++#ifdef LOGIN_CAP ++ lc = login_getpwclass(pwd); ++#endif + + /* set the cc env name to target */ + +@@ -718,7 +754,19 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } +- ++ ++#ifdef LOGIN_CAP ++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; ++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; ++ /* ++ * Don't touch resource/priority settings if -m has been ++ * used or -l and -c hasn't, and we're not su'ing to root. ++ */ ++ if (target_pwd->pw_uid) ++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); ++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) ++ err(1, "setusercontext"); ++#else + /* set permissions */ + if (setgid(target_pwd->pw_gid) < 0) { + perror("ksu: setgid"); +@@ -759,6 +807,7 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } ++#endif + + if (access( cc_target_tag_tmp, R_OK | W_OK )){ + com_err(prog_name, errno, diff --git a/security/krb5-beta/files/patch-at b/security/krb5-beta/files/patch-at new file mode 100644 index 000000000000..060207ec644a --- /dev/null +++ b/security/krb5-beta/files/patch-at @@ -0,0 +1,14 @@ +*** include/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-beta/files/patch-av b/security/krb5-beta/files/patch-av new file mode 100644 index 000000000000..8363b8bb1e2d --- /dev/null +++ b/security/krb5-beta/files/patch-av @@ -0,0 +1,15 @@ +*** clients/ksu/Makefile.in.ORIG Sun Aug 2 16:51:18 1998 +--- clients/ksu/Makefile.in Sun Aug 2 16:53:48 1998 +*************** +*** 3,7 **** + mydir=ksu + BUILDTOP=$(REL)$(U)$(S)$(U) +! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' + CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) + +--- 3,7 ---- + mydir=ksu + BUILDTOP=$(REL)$(U)$(S)$(U) +! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' + CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) + diff --git a/security/krb5-beta/files/patch-ax b/security/krb5-beta/files/patch-ax new file mode 100644 index 000000000000..443b321e28db --- /dev/null +++ b/security/krb5-beta/files/patch-ax @@ -0,0 +1,11 @@ +--- ../doc/Makefile.orig Fri Sep 20 10:35:27 2002 ++++ ../doc/Makefile Tue Jul 29 18:53:08 2003 +@@ -1,7 +1,7 @@ + SRCDIR=../src + DVI=texi2dvi + DVIPS=dvips -o "$@" +-INFO=makeinfo ++INFO=makeinfo --no-validate + HTML=makeinfo --html + RM=rm -f + TAR=tar -chvf diff --git a/security/krb5-beta/files/patch-ay b/security/krb5-beta/files/patch-ay new file mode 100644 index 000000000000..54c041e205f1 --- /dev/null +++ b/security/krb5-beta/files/patch-ay @@ -0,0 +1,50 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ + #include "libpty.h" + #include "pty-int.h" + ++#ifdef __FreeBSD__ ++#define PTYCHARS1 "pqrsPQRS" ++#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv" ++#endif ++ ++#ifndef PTYCHARS1 ++#define PTYCHARS1 "pqrstuvwxyzPQRST" ++#endif ++ ++#ifndef PTYCHARS2 ++#define PTYCHARS2 "0123456789abcdef" ++#endif ++ + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) + { ++ int ptynum; ++ char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; + char *p; +- int i,ptynum; + struct stat stb; + char slavebuf[1024]; + #endif +@@ -115,14 +128,14 @@ + strncpy(slave, slavebuf, slavelength); + return 0; + } else { +- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { ++ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) { + sprintf(slavebuf,"/dev/ptyXX"); +- slavebuf[sizeof("/dev/pty") - 1] = *cp; ++ slavebuf[sizeof("/dev/pty") - 1] = *cp1; + slavebuf[sizeof("/dev/ptyp") - 1] = '0'; + if (stat(slavebuf, &stb) < 0) + break; +- for (i = 0; i < 16; i++) { +- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i]; ++ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) { ++ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2; + *fd = open(slavebuf, O_RDWR); + if (*fd < 0) continue; + diff --git a/security/krb5-beta/files/patch-ba b/security/krb5-beta/files/patch-ba new file mode 100644 index 000000000000..dd0c760df7d2 --- /dev/null +++ b/security/krb5-beta/files/patch-ba @@ -0,0 +1,77 @@ +--- appl/bsd/login.c.orig Tue May 27 21:06:25 2003 ++++ appl/bsd/login.c Tue Jul 29 20:52:25 2003 +@@ -1342,19 +1342,6 @@ + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + } + +- /* Policy: If local password is good, user is good. +- We really can't trust the Kerberos password, +- because somebody on the net could spoof the +- Kerberos server (not easy, but possible). +- Some sites might want to use it anyways, in +- which case they should change this line +- to: +- if (kpass_ok) +- */ +- +- if (lpass_ok) +- break; +- + if (got_v5_tickets) { + retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, + NULL, &xtra_creds, +@@ -1378,6 +1365,9 @@ + } + #endif /* KRB4_GET_TICKETS */ + ++ if (lpass_ok) ++ break; ++ + bad_login: + setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); + +@@ -1667,21 +1657,23 @@ + /* set up credential cache -- obeying KRB5_ENV_CCNAME + set earlier */ + /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ +- if ((retval = krb5_cc_default(kcontext, &ccache))) { ++ if ((retval = krb5_cc_default(kcontext, &ccache))) + com_err(argv[0], retval, "while getting default ccache"); +- } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) { +- com_err(argv[0], retval, "when initializing cache"); +- } else if ((retval = krb5_cc_store_cred(kcontext, ccache, +- &my_creds))) { +- com_err(argv[0], retval, "while storing credentials"); +- } else if (xtra_creds && +- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, +- ccache))) { +- com_err(argv[0], retval, "while storing credentials"); ++ else { ++ if (retval = krb5_cc_initialize(kcontext, ccache, me)) ++ com_err(argv[0], retval, "when initializing cache"); ++ else { ++ if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) ++ com_err(argv[0], retval, "while storing credentials"); ++ else { ++ if (xtra_creds && ++ (retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) { ++ com_err(argv[0], retval, "while storing credentials"); ++ krb5_cc_destroy(kcontext, xtra_creds); ++ } ++ } ++ } + } +- +- if (xtra_creds) +- krb5_cc_destroy(kcontext, xtra_creds); + } else if (forwarded_v5_tickets && rewrite_ccache) { + if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { + syslog(LOG_ERR, +@@ -1762,6 +1754,7 @@ + + if (ccname) + setenv("KRB5CCNAME", ccname, 1); ++ krb5_cc_set_default_name(kcontext, ccname); + + setenv("HOME", pwd->pw_dir, 1); + setenv("PATH", LPATH, 1); diff --git a/security/krb5-beta/files/patch-bb b/security/krb5-beta/files/patch-bb new file mode 100644 index 000000000000..6545ae682c53 --- /dev/null +++ b/security/krb5-beta/files/patch-bb @@ -0,0 +1,10 @@ +--- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999 ++++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999 +@@ -58,7 +58,6 @@ + $(INSTALL_DATA) $(srcdir)/$$f.1 \ + ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ + done +- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc + + authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) + commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) diff --git a/security/krb5-beta/files/patch-config::pre.in b/security/krb5-beta/files/patch-config::pre.in new file mode 100644 index 000000000000..fc3ff4c7a047 --- /dev/null +++ b/security/krb5-beta/files/patch-config::pre.in @@ -0,0 +1,10 @@ +--- config/pre.in.orig Tue May 27 21:06:28 2003 ++++ config/pre.in Wed Aug 6 11:11:54 2003 +@@ -152,6 +152,7 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ + INSTALL_SHLIB=@INSTALL_SHLIB@ + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root diff --git a/security/krb5-beta/files/patch-config::shlib.conf b/security/krb5-beta/files/patch-config::shlib.conf new file mode 100644 index 000000000000..48d5e9a51f8b --- /dev/null +++ b/security/krb5-beta/files/patch-config::shlib.conf @@ -0,0 +1,19 @@ +--- config/shlib.conf.orig Sun Mar 2 23:09:45 2003 ++++ config/shlib.conf Tue Jul 29 18:16:43 2003 +@@ -179,14 +179,15 @@ + PICFLAGS=-fpic + if test "x$objformat" = "xelf" ; then + SHLIBVEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='cc -shared -Wl,-soname,lib$(LIB)$(SHLIBVEXT)' + RPATH_FLAG='-Wl,-rpath -Wl,' + else ++ LDCOMBINE='ld -Bshareable' + RPATH_FLAG=-R + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' + fi + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' + SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' diff --git a/security/krb5-beta/files/patch-kadmin::cli::Makefile.in b/security/krb5-beta/files/patch-kadmin::cli::Makefile.in new file mode 100644 index 000000000000..266deea90231 --- /dev/null +++ b/security/krb5-beta/files/patch-kadmin::cli::Makefile.in @@ -0,0 +1,11 @@ +--- kadmin/cli/Makefile.in.orig Fri Feb 7 13:41:20 2003 ++++ kadmin/cli/Makefile.in Tue Aug 5 16:32:02 2003 +@@ -21,7 +21,7 @@ + install:: + $(INSTALL_PROGRAM) $(PROG).local ${DESTDIR}$(ADMIN_BINDIR)/$(PROG).local + $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) +- $(INSTALL_PROGRAM) $(srcdir)/k5srvutil.sh ${DESTDIR}$(ADMIN_BINDIR)/k5srvutil ++ $(INSTALL_SCRIPT) $(srcdir)/k5srvutil.sh ${DESTDIR}$(ADMIN_BINDIR)/k5srvutil + $(INSTALL_DATA) $(srcdir)/k5srvutil.M ${DESTDIR}$(ADMIN_MANDIR)/k5srvutil.8 + $(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8 + $(INSTALL_DATA) $(srcdir)/$(PROG).local.M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).local.8 diff --git a/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c b/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c new file mode 100644 index 000000000000..79e16f93110d --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::krb::srv_rcache.c @@ -0,0 +1,12 @@ +--- lib/krb5/krb/srv_rcache.c 1999-09-24 17:19:48.000000000 -0400 ++++ lib/krb5/krb/srv_rcache.c 2003-02-03 19:29:32.000000000 -0500 +@@ -48,6 +48,9 @@ + unsigned long uid = geteuid(); + #endif + ++ if (piece == NULL) ++ return ENOMEM; ++ + rcache = (krb5_rcache) malloc(sizeof(*rcache)); + if (!rcache) + return ENOMEM; diff --git a/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c b/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c new file mode 100644 index 000000000000..d3caed59fd30 --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::os::hst_realm.c @@ -0,0 +1,14 @@ +--- lib/krb5/os/hst_realm.c.orig Tue Oct 15 15:51:50 2002 ++++ lib/krb5/os/hst_realm.c Sat Jan 24 20:11:05 2004 +@@ -438,9 +438,11 @@ + return EAFNOSUPPORT; + case EAI_MEMORY: + return ENOMEM; ++#ifdef EAI_NODATA + #if EAI_NODATA != EAI_NONAME + case EAI_NODATA: + return KRB5_EAI_NODATA; ++#endif + #endif + case EAI_NONAME: + return KRB5_EAI_NONAME; diff --git a/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c b/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c new file mode 100644 index 000000000000..5cfbbe3553de --- /dev/null +++ b/security/krb5-beta/files/patch-lib::krb5::os::locate_kdc.c @@ -0,0 +1,13 @@ +--- lib/krb5/os/locate_kdc.c.orig Mon Jun 9 14:27:56 2003 ++++ lib/krb5/os/locate_kdc.c Sun Jan 25 13:28:01 2004 +@@ -185,8 +185,10 @@ + #ifdef EAI_ADDRFAMILY + case EAI_ADDRFAMILY: + #endif ++#ifdef EAI_NODATA + #if EAI_NODATA != EAI_NONAME + case EAI_NODATA: ++#endif + #endif + case EAI_NONAME: + /* Name not known or no address data, but no error. Do |