Additional patches (already committed to krb5-current):

* Paths corrected in applications
* ftpd now logs to facility LOG_FTP
* use openpty to obtain pseudo-terminal
* corrected detection of TCL libraries
* fix a forwarding bug
* add -m flag to ksu (preserve USER, HOME, SHELL)
* cosmetic bug fix to telnet.c
Submitted by:	Dima Ruban <dima@best.net>

5 files changed, 298 insertions, 0 deletions

diff --git a/security/krb5-16/files/patch-ai b/security/krb5-16/files/patch-ai
new file mode 100644
index 000000000000..5eacca9caf86
--- /dev/null
+++ b/security/krb5-16/files/patch-ai
@@ -0,0 +1,25 @@
+*** appl/gssftp/ftpd/ftpd.c.ORIG	Fri Feb  6 19:41:25 1998
+--- appl/gssftp/ftpd/ftpd.c	Tue Jun 30 19:46:01 1998
+***************
+*** 374,380 ****
+  #ifndef LOG_DAEMON
+  #define LOG_DAEMON 0
+  #endif
+! 	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+  	addrlen = sizeof (his_addr);
+  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+  		syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+--- 374,386 ----
+  #ifndef LOG_DAEMON
+  #define LOG_DAEMON 0
+  #endif
+! 
+! #ifndef LOG_FTP
+! #define FACILITY	LOG_DAEMON
+! #else
+! #define FACILITY	LOG_FTP
+! #endif
+! 	openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+  	addrlen = sizeof (his_addr);
+  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+  		syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
diff --git a/security/krb5-16/files/patch-aj b/security/krb5-16/files/patch-aj
new file mode 100644
index 000000000000..29e845803294
--- /dev/null
+++ b/security/krb5-16/files/patch-aj
@@ -0,0 +1,46 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG	Fri Feb  6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c	Tue Jun 30 19:46:01 1998
+***************
+*** 44,55 ****
+  #include <unistd.h>
+  #include <string.h>
+  
+! #ifdef WTMP_FILE
+! #define WTMPFILE WTMP_FILE
+  #endif
+  
+! #ifndef WTMPFILE
+! #define	WTMPFILE	"/usr/adm/wtmp"
+  #endif
+  
+  static int fd = -1;
+--- 44,55 ----
+  #include <unistd.h>
+  #include <string.h>
+  
+! #if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+! #define WTMP_FILE _PATH_WTMP
+  #endif
+  
+! #ifndef WTMP_FILE
+! #define	WTMP_FILE "/usr/adm/wtmp"
+  #endif
+  
+  static int fd = -1;
+***************
+*** 66,72 ****
+  	struct stat buf;
+  	time_t time();
+  
+! 	if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+  		return;
+  	if (fstat(fd, &buf) == 0) {
+  		(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+  	struct stat buf;
+  	time_t time();
+  
+! 	if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+  		return;
+  	if (fstat(fd, &buf) == 0) {
+  		(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as
new file mode 100644
index 000000000000..8ab90bb8494e
--- /dev/null
+++ b/security/krb5-16/files/patch-as
@@ -0,0 +1,194 @@
+*** clients/ksu/main.c.ORIG	Fri Feb  6 19:41:57 1998
+--- clients/ksu/main.c	Tue Jun 30 19:46:02 1998
+***************
+*** 56,62 ****
+     ill specified arguments to commands */        
+  
+  void usage (){
+! 	fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+  
+  }
+  
+--- 56,62 ----
+     ill specified arguments to commands */        
+  
+  void usage (){
+! 	fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+  
+  }
+  
+***************
+*** 75,80 ****
+--- 75,81 ----
+  	int argc;
+  	char ** argv;
+  { 
++ int asme = 0;
+  int hp =0;
+  int some_rest_copy = 0;	
+  int all_rest_copy = 0;	
+***************
+*** 90,95 ****
+--- 91,97 ----
+  char * cc_target_tag = NULL; 
+  char * target_user = NULL;
+  char * source_user;
++ char * source_shell;
+  
+  krb5_ccache cc_source = NULL;
+  char * cc_source_tag = NULL; 
+***************
+*** 174,180 ****
+          }
+  
+  
+!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
+  	switch (option) {
+  	case 'r':
+  	    options.opt |= KDC_OPT_RENEWABLE;
+--- 176,182 ----
+          }
+  
+  
+!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
+  	switch (option) {
+  	case 'r':
+  	    options.opt |= KDC_OPT_RENEWABLE;
+***************
+*** 216,221 ****
+--- 218,226 ----
+  		errflg++;
+  	    }
+  	    break;
++ 	case 'm':
++ 	    asme = 1;
++ 	    break;
+  	case 'n': 
+  	    if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+  		com_err(prog_name, retval, "when parsing name %s", optarg); 
+***************
+*** 355,362 ****
+      		exit(1);
+  	}
+  
+! 	/* allocate space and copy the usernamane there */        
+  	source_user = strdup(pwd->pw_name);
+  	source_uid = pwd->pw_uid;
+  	source_gid = pwd->pw_gid;
+  
+--- 360,368 ----
+      		exit(1);
+  	}
+  
+! 	/* allocate space and copy the username there */        
+  	source_user = strdup(pwd->pw_name);
++ 	source_shell = strdup(pwd->pw_shell);
+  	source_uid = pwd->pw_uid;
+  	source_gid = pwd->pw_gid;
+  
+***************
+*** 727,769 ****
+  	/* get the shell of the user, this will be the shell used by su */      
+  	target_pwd = getpwnam(target_user);
+  
+! 	if (target_pwd->pw_shell)
+! 		shell = strdup(target_pwd->pw_shell);
+! 	else {
+! 		shell = _DEF_CSH;  /* default is cshell */   
+!     	}
+  
+  #ifdef HAVE_GETUSERSHELL
+  
+        /* insist that the target login uses a standard shell (root is omited) */ 
+  
+!        if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! 	       fprintf(stderr, "ksu: permission denied (shell).\n");
+! 	       sweep_up(ksu_context, use_source_cache, cc_target);
+! 	       exit(1);
+  	}
+  #endif /* HAVE_GETUSERSHELL */
+  	
+!        if (target_pwd->pw_uid){
+! 	
+! 	      if(set_env_var("USER", target_pwd->pw_name)){
+!    		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 	        sweep_up(ksu_context, use_source_cache, cc_target);
+! 	        exit(1);
+! 	      } 			
+!        }	
+! 
+!       if(set_env_var( "HOME", target_pwd->pw_dir)){
+! 		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 	        sweep_up(ksu_context, use_source_cache, cc_target);
+! 	        exit(1);
+!       } 			
+! 
+!       if(set_env_var( "SHELL", shell)){
+! 		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 	        sweep_up(ksu_context, use_source_cache, cc_target);
+! 	        exit(1);
+!       } 			
+  
+        /* set the cc env name to target */         	
+  
+--- 733,792 ----
+  	/* get the shell of the user, this will be the shell used by su */      
+  	target_pwd = getpwnam(target_user);
+  
+! 	if (asme) {
+! 		if (source_shell && *source_shell) {
+! 			shell = strdup(source_shell);
+! 		} else {
+! 			shell = _DEF_CSH;
+! 		}
+! 	} else {
+! 		if (target_pwd->pw_shell)
+! 			shell = strdup(target_pwd->pw_shell);
+! 		else {
+! 			shell = _DEF_CSH;  /* default is cshell */   
+! 		}
+! 	}
+  
+  #ifdef HAVE_GETUSERSHELL
+  
+        /* insist that the target login uses a standard shell (root is omited) */ 
+  
+! 	if (asme) {
+! 		if (!standard_shell(pwd->pw_shell) && source_uid) {
+! 			fprintf(stderr, "ksu: permission denied (shell).\n");
+! 			sweep_up(ksu_context, use_source_cache, cc_target);
+! 			exit(1);
+! 		}
+! 	} else {
+! 		if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! 			fprintf(stderr, "ksu: permission denied (shell).\n");
+! 			sweep_up(ksu_context, use_source_cache, cc_target);
+! 			exit(1);
+! 		}
+  	}
+  #endif /* HAVE_GETUSERSHELL */
+  	
+! 	if (!asme) {
+! 		if (target_pwd->pw_uid){
+! 		      if (set_env_var("USER", target_pwd->pw_name)){
+! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 			sweep_up(ksu_context, use_source_cache, cc_target);
+! 			exit(1);
+! 		      } 			
+! 		}
+! 
+! 		if (set_env_var( "HOME", target_pwd->pw_dir)){
+! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 			sweep_up(ksu_context, use_source_cache, cc_target);
+! 			exit(1);
+! 		}
+! 
+! 		if (set_env_var( "SHELL", shell)){
+! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! 			sweep_up(ksu_context, use_source_cache, cc_target);
+! 			exit(1);
+! 		} 			
+! 	}
+  
+        /* set the cc env name to target */         	
+  
diff --git a/security/krb5-16/files/patch-at b/security/krb5-16/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5-16/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG	Fri Feb  6 19:42:12 1998
+--- include/sys/syslog.h	Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+  #define LOG_LPR		(6<<3)	/* line printer subsystem */
+  #define LOG_NEWS	(7<<3)	/* network news subsystem */
+  #define LOG_UUCP	(8<<3)	/* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP		(11<<3) /* ftp daemon */
++ #endif
+  	/* other codes through 15 reserved for system use */
+  #define LOG_LOCAL0	(16<<3)	/* reserved for local use */
+  #define LOG_LOCAL1	(17<<3)	/* reserved for local use */
diff --git a/security/krb5-16/files/patch-au b/security/krb5-16/files/patch-au
new file mode 100644
index 000000000000..b408c4a3750d
--- /dev/null
+++ b/security/krb5-16/files/patch-au
@@ -0,0 +1,19 @@
+*** appl/bsd/forward.c.ORIG	Fri Feb  6 19:41:16 1998
+--- appl/bsd/forward.c	Tue Jun 30 19:46:01 1998
+***************
+*** 51,57 ****
+       */
+    
+      sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+!     setenv("KRB5CCNAME", ccname, 0);
+    
+      if (retval = krb5_cc_resolve(context, ccname, ccache)) 
+  	goto cleanup;
+--- 51,57 ----
+       */
+    
+      sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+!     setenv("KRB5CCNAME", ccname, 1);
+    
+      if (retval = krb5_cc_resolve(context, ccname, ccache)) 
+  	goto cleanup;