diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 1998-07-06 18:59:06 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 1998-07-06 18:59:06 +0000 |
| commit | 6b7ea58f15a89a2cb1b6d5e55fb3b8345e0435a9 (patch) | |
| tree | ab3f0bb86a7932f6a9926cf3286a8705a429f3ac /security | |
| parent | Change CATEGORIES to ``databases''. (diff) | |
Additional patches (already committed to krb5-current):
* Paths corrected in applications
* ftpd now logs to facility LOG_FTP
* use openpty to obtain pseudo-terminal
* corrected detection of TCL libraries
* fix a forwarding bug
* add -m flag to ksu (preserve USER, HOME, SHELL)
* cosmetic bug fix to telnet.c
Submitted by: Dima Ruban <dima@best.net>
Notes
Notes:
svn path=/head/; revision=11768
Diffstat (limited to 'security')
| -rw-r--r-- | security/krb5-16/files/patch-ai | 25 | ||||
| -rw-r--r-- | security/krb5-16/files/patch-aj | 46 | ||||
| -rw-r--r-- | security/krb5-16/files/patch-as | 194 | ||||
| -rw-r--r-- | security/krb5-16/files/patch-at | 14 | ||||
| -rw-r--r-- | security/krb5-16/files/patch-au | 19 | ||||
| -rw-r--r-- | security/krb5-17/files/patch-ai | 25 | ||||
| -rw-r--r-- | security/krb5-17/files/patch-aj | 46 | ||||
| -rw-r--r-- | security/krb5-17/files/patch-as | 194 | ||||
| -rw-r--r-- | security/krb5-17/files/patch-at | 14 | ||||
| -rw-r--r-- | security/krb5-17/files/patch-au | 19 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-ai | 25 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-aj | 46 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-as | 194 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-at | 14 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-au | 19 | ||||
| -rw-r--r-- | security/krb5/files/patch-ai | 25 | ||||
| -rw-r--r-- | security/krb5/files/patch-aj | 46 | ||||
| -rw-r--r-- | security/krb5/files/patch-as | 194 | ||||
| -rw-r--r-- | security/krb5/files/patch-at | 14 | ||||
| -rw-r--r-- | security/krb5/files/patch-au | 19 |
20 files changed, 1192 insertions, 0 deletions
diff --git a/security/krb5-16/files/patch-ai b/security/krb5-16/files/patch-ai new file mode 100644 index 000000000000..5eacca9caf86 --- /dev/null +++ b/security/krb5-16/files/patch-ai @@ -0,0 +1,25 @@ +*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998 +*************** +*** 374,380 **** + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); +--- 374,386 ---- + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! +! #ifndef LOG_FTP +! #define FACILITY LOG_DAEMON +! #else +! #define FACILITY LOG_FTP +! #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); diff --git a/security/krb5-16/files/patch-aj b/security/krb5-16/files/patch-aj new file mode 100644 index 000000000000..29e845803294 --- /dev/null +++ b/security/krb5-16/files/patch-aj @@ -0,0 +1,46 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 44,55 **** + #include <unistd.h> + #include <string.h> + +! #ifdef WTMP_FILE +! #define WTMPFILE WTMP_FILE + #endif + +! #ifndef WTMPFILE +! #define WTMPFILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +--- 44,55 ---- + #include <unistd.h> + #include <string.h> + +! #if !defined(WTMP_FILE) && defined(_PATH_WTMP) +! #define WTMP_FILE _PATH_WTMP + #endif + +! #ifndef WTMP_FILE +! #define WTMP_FILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as new file mode 100644 index 000000000000..8ab90bb8494e --- /dev/null +++ b/security/krb5-16/files/patch-as @@ -0,0 +1,194 @@ +*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998 +--- clients/ksu/main.c Tue Jun 30 19:46:02 1998 +*************** +*** 56,62 **** + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +--- 56,62 ---- + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +*************** +*** 75,80 **** +--- 75,81 ---- + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +*************** +*** 90,95 **** +--- 91,97 ---- + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + char * cc_source_tag = NULL; +*************** +*** 174,180 **** + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +--- 176,182 ---- + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +*************** +*** 216,221 **** +--- 218,226 ---- + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +*************** +*** 355,362 **** + exit(1); + } + +! /* allocate space and copy the usernamane there */ + source_user = strdup(pwd->pw_name); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +--- 360,368 ---- + exit(1); + } + +! /* allocate space and copy the username there */ + source_user = strdup(pwd->pw_name); ++ source_shell = strdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +*************** +*** 727,769 **** + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); + } + #endif /* HAVE_GETUSERSHELL */ + +! if (target_pwd->pw_uid){ +! +! if(set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if(set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if(set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + + /* set the cc env name to target */ + +--- 733,792 ---- + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (asme) { +! if (source_shell && *source_shell) { +! shell = strdup(source_shell); +! } else { +! shell = _DEF_CSH; +! } +! } else { +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (asme) { +! if (!standard_shell(pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } else { +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + } + #endif /* HAVE_GETUSERSHELL */ + +! if (!asme) { +! if (target_pwd->pw_uid){ +! if (set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if (set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if (set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } + + /* set the cc env name to target */ + diff --git a/security/krb5-16/files/patch-at b/security/krb5-16/files/patch-at new file mode 100644 index 000000000000..ef9ea4856f7a --- /dev/null +++ b/security/krb5-16/files/patch-at @@ -0,0 +1,14 @@ +*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/sys/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-16/files/patch-au b/security/krb5-16/files/patch-au new file mode 100644 index 000000000000..b408c4a3750d --- /dev/null +++ b/security/krb5-16/files/patch-au @@ -0,0 +1,19 @@ +*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998 +--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998 +*************** +*** 51,57 **** + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 0); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; +--- 51,57 ---- + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 1); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; diff --git a/security/krb5-17/files/patch-ai b/security/krb5-17/files/patch-ai new file mode 100644 index 000000000000..5eacca9caf86 --- /dev/null +++ b/security/krb5-17/files/patch-ai @@ -0,0 +1,25 @@ +*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998 +*************** +*** 374,380 **** + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); +--- 374,386 ---- + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! +! #ifndef LOG_FTP +! #define FACILITY LOG_DAEMON +! #else +! #define FACILITY LOG_FTP +! #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); diff --git a/security/krb5-17/files/patch-aj b/security/krb5-17/files/patch-aj new file mode 100644 index 000000000000..29e845803294 --- /dev/null +++ b/security/krb5-17/files/patch-aj @@ -0,0 +1,46 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 44,55 **** + #include <unistd.h> + #include <string.h> + +! #ifdef WTMP_FILE +! #define WTMPFILE WTMP_FILE + #endif + +! #ifndef WTMPFILE +! #define WTMPFILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +--- 44,55 ---- + #include <unistd.h> + #include <string.h> + +! #if !defined(WTMP_FILE) && defined(_PATH_WTMP) +! #define WTMP_FILE _PATH_WTMP + #endif + +! #ifndef WTMP_FILE +! #define WTMP_FILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-17/files/patch-as b/security/krb5-17/files/patch-as new file mode 100644 index 000000000000..8ab90bb8494e --- /dev/null +++ b/security/krb5-17/files/patch-as @@ -0,0 +1,194 @@ +*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998 +--- clients/ksu/main.c Tue Jun 30 19:46:02 1998 +*************** +*** 56,62 **** + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +--- 56,62 ---- + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +*************** +*** 75,80 **** +--- 75,81 ---- + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +*************** +*** 90,95 **** +--- 91,97 ---- + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + char * cc_source_tag = NULL; +*************** +*** 174,180 **** + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +--- 176,182 ---- + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +*************** +*** 216,221 **** +--- 218,226 ---- + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +*************** +*** 355,362 **** + exit(1); + } + +! /* allocate space and copy the usernamane there */ + source_user = strdup(pwd->pw_name); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +--- 360,368 ---- + exit(1); + } + +! /* allocate space and copy the username there */ + source_user = strdup(pwd->pw_name); ++ source_shell = strdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +*************** +*** 727,769 **** + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); + } + #endif /* HAVE_GETUSERSHELL */ + +! if (target_pwd->pw_uid){ +! +! if(set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if(set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if(set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + + /* set the cc env name to target */ + +--- 733,792 ---- + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (asme) { +! if (source_shell && *source_shell) { +! shell = strdup(source_shell); +! } else { +! shell = _DEF_CSH; +! } +! } else { +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (asme) { +! if (!standard_shell(pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } else { +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + } + #endif /* HAVE_GETUSERSHELL */ + +! if (!asme) { +! if (target_pwd->pw_uid){ +! if (set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if (set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if (set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } + + /* set the cc env name to target */ + diff --git a/security/krb5-17/files/patch-at b/security/krb5-17/files/patch-at new file mode 100644 index 000000000000..ef9ea4856f7a --- /dev/null +++ b/security/krb5-17/files/patch-at @@ -0,0 +1,14 @@ +*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/sys/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-17/files/patch-au b/security/krb5-17/files/patch-au new file mode 100644 index 000000000000..b408c4a3750d --- /dev/null +++ b/security/krb5-17/files/patch-au @@ -0,0 +1,19 @@ +*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998 +--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998 +*************** +*** 51,57 **** + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 0); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; +--- 51,57 ---- + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 1); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; diff --git a/security/krb5-appl/files/patch-ai b/security/krb5-appl/files/patch-ai new file mode 100644 index 000000000000..5eacca9caf86 --- /dev/null +++ b/security/krb5-appl/files/patch-ai @@ -0,0 +1,25 @@ +*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998 +*************** +*** 374,380 **** + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); +--- 374,386 ---- + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! +! #ifndef LOG_FTP +! #define FACILITY LOG_DAEMON +! #else +! #define FACILITY LOG_FTP +! #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); diff --git a/security/krb5-appl/files/patch-aj b/security/krb5-appl/files/patch-aj new file mode 100644 index 000000000000..29e845803294 --- /dev/null +++ b/security/krb5-appl/files/patch-aj @@ -0,0 +1,46 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 44,55 **** + #include <unistd.h> + #include <string.h> + +! #ifdef WTMP_FILE +! #define WTMPFILE WTMP_FILE + #endif + +! #ifndef WTMPFILE +! #define WTMPFILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +--- 44,55 ---- + #include <unistd.h> + #include <string.h> + +! #if !defined(WTMP_FILE) && defined(_PATH_WTMP) +! #define WTMP_FILE _PATH_WTMP + #endif + +! #ifndef WTMP_FILE +! #define WTMP_FILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-appl/files/patch-as b/security/krb5-appl/files/patch-as new file mode 100644 index 000000000000..8ab90bb8494e --- /dev/null +++ b/security/krb5-appl/files/patch-as @@ -0,0 +1,194 @@ +*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998 +--- clients/ksu/main.c Tue Jun 30 19:46:02 1998 +*************** +*** 56,62 **** + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +--- 56,62 ---- + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +*************** +*** 75,80 **** +--- 75,81 ---- + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +*************** +*** 90,95 **** +--- 91,97 ---- + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + char * cc_source_tag = NULL; +*************** +*** 174,180 **** + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +--- 176,182 ---- + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +*************** +*** 216,221 **** +--- 218,226 ---- + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +*************** +*** 355,362 **** + exit(1); + } + +! /* allocate space and copy the usernamane there */ + source_user = strdup(pwd->pw_name); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +--- 360,368 ---- + exit(1); + } + +! /* allocate space and copy the username there */ + source_user = strdup(pwd->pw_name); ++ source_shell = strdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +*************** +*** 727,769 **** + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); + } + #endif /* HAVE_GETUSERSHELL */ + +! if (target_pwd->pw_uid){ +! +! if(set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if(set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if(set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + + /* set the cc env name to target */ + +--- 733,792 ---- + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (asme) { +! if (source_shell && *source_shell) { +! shell = strdup(source_shell); +! } else { +! shell = _DEF_CSH; +! } +! } else { +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (asme) { +! if (!standard_shell(pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } else { +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + } + #endif /* HAVE_GETUSERSHELL */ + +! if (!asme) { +! if (target_pwd->pw_uid){ +! if (set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if (set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if (set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } + + /* set the cc env name to target */ + diff --git a/security/krb5-appl/files/patch-at b/security/krb5-appl/files/patch-at new file mode 100644 index 000000000000..ef9ea4856f7a --- /dev/null +++ b/security/krb5-appl/files/patch-at @@ -0,0 +1,14 @@ +*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/sys/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-appl/files/patch-au b/security/krb5-appl/files/patch-au new file mode 100644 index 000000000000..b408c4a3750d --- /dev/null +++ b/security/krb5-appl/files/patch-au @@ -0,0 +1,19 @@ +*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998 +--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998 +*************** +*** 51,57 **** + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 0); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; +--- 51,57 ---- + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 1); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; diff --git a/security/krb5/files/patch-ai b/security/krb5/files/patch-ai new file mode 100644 index 000000000000..5eacca9caf86 --- /dev/null +++ b/security/krb5/files/patch-ai @@ -0,0 +1,25 @@ +*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998 +*************** +*** 374,380 **** + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); +--- 374,386 ---- + #ifndef LOG_DAEMON + #define LOG_DAEMON 0 + #endif +! +! #ifndef LOG_FTP +! #define FACILITY LOG_DAEMON +! #else +! #define FACILITY LOG_FTP +! #endif +! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); + addrlen = sizeof (his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); diff --git a/security/krb5/files/patch-aj b/security/krb5/files/patch-aj new file mode 100644 index 000000000000..29e845803294 --- /dev/null +++ b/security/krb5/files/patch-aj @@ -0,0 +1,46 @@ +*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 +--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 +*************** +*** 44,55 **** + #include <unistd.h> + #include <string.h> + +! #ifdef WTMP_FILE +! #define WTMPFILE WTMP_FILE + #endif + +! #ifndef WTMPFILE +! #define WTMPFILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +--- 44,55 ---- + #include <unistd.h> + #include <string.h> + +! #if !defined(WTMP_FILE) && defined(_PATH_WTMP) +! #define WTMP_FILE _PATH_WTMP + #endif + +! #ifndef WTMP_FILE +! #define WTMP_FILE "/usr/adm/wtmp" + #endif + + static int fd = -1; +*************** +*** 66,72 **** + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +--- 66,72 ---- + struct stat buf; + time_t time(); + +! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5/files/patch-as b/security/krb5/files/patch-as new file mode 100644 index 000000000000..8ab90bb8494e --- /dev/null +++ b/security/krb5/files/patch-as @@ -0,0 +1,194 @@ +*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998 +--- clients/ksu/main.c Tue Jun 30 19:46:02 1998 +*************** +*** 56,62 **** + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +--- 56,62 ---- + ill specified arguments to commands */ + + void usage (){ +! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + + } + +*************** +*** 75,80 **** +--- 75,81 ---- + int argc; + char ** argv; + { ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +*************** +*** 90,95 **** +--- 91,97 ---- + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + char * cc_source_tag = NULL; +*************** +*** 174,180 **** + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +--- 176,182 ---- + } + + +! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +*************** +*** 216,221 **** +--- 218,226 ---- + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +*************** +*** 355,362 **** + exit(1); + } + +! /* allocate space and copy the usernamane there */ + source_user = strdup(pwd->pw_name); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +--- 360,368 ---- + exit(1); + } + +! /* allocate space and copy the username there */ + source_user = strdup(pwd->pw_name); ++ source_shell = strdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +*************** +*** 727,769 **** + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); + } + #endif /* HAVE_GETUSERSHELL */ + +! if (target_pwd->pw_uid){ +! +! if(set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if(set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if(set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + + /* set the cc env name to target */ + +--- 733,792 ---- + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +! if (asme) { +! if (source_shell && *source_shell) { +! shell = strdup(source_shell); +! } else { +! shell = _DEF_CSH; +! } +! } else { +! if (target_pwd->pw_shell) +! shell = strdup(target_pwd->pw_shell); +! else { +! shell = _DEF_CSH; /* default is cshell */ +! } +! } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +! if (asme) { +! if (!standard_shell(pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } else { +! if (!standard_shell(target_pwd->pw_shell) && source_uid) { +! fprintf(stderr, "ksu: permission denied (shell).\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } + } + #endif /* HAVE_GETUSERSHELL */ + +! if (!asme) { +! if (target_pwd->pw_uid){ +! if (set_env_var("USER", target_pwd->pw_name)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } +! +! if (set_env_var( "HOME", target_pwd->pw_dir)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! +! if (set_env_var( "SHELL", shell)){ +! fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +! sweep_up(ksu_context, use_source_cache, cc_target); +! exit(1); +! } +! } + + /* set the cc env name to target */ + diff --git a/security/krb5/files/patch-at b/security/krb5/files/patch-at new file mode 100644 index 000000000000..ef9ea4856f7a --- /dev/null +++ b/security/krb5/files/patch-at @@ -0,0 +1,14 @@ +*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998 +--- include/sys/syslog.h Tue Jun 30 19:46:02 1998 +*************** +*** 34,39 **** +--- 34,42 ---- + #define LOG_LPR (6<<3) /* line printer subsystem */ + #define LOG_NEWS (7<<3) /* network news subsystem */ + #define LOG_UUCP (8<<3) /* UUCP subsystem */ ++ #if (defined(BSD) && (BSD >= 199306)) ++ #define LOG_FTP (11<<3) /* ftp daemon */ ++ #endif + /* other codes through 15 reserved for system use */ + #define LOG_LOCAL0 (16<<3) /* reserved for local use */ + #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5/files/patch-au b/security/krb5/files/patch-au new file mode 100644 index 000000000000..b408c4a3750d --- /dev/null +++ b/security/krb5/files/patch-au @@ -0,0 +1,19 @@ +*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998 +--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998 +*************** +*** 51,57 **** + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 0); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; +--- 51,57 ---- + */ + + sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); +! setenv("KRB5CCNAME", ccname, 1); + + if (retval = krb5_cc_resolve(context, ccname, ccache)) + goto cleanup; |