summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>1998-07-06 18:59:06 +0000
committerJacques Vidrine <nectar@FreeBSD.org>1998-07-06 18:59:06 +0000
commit6b7ea58f15a89a2cb1b6d5e55fb3b8345e0435a9 (patch)
treeab3f0bb86a7932f6a9926cf3286a8705a429f3ac /security
parentChange CATEGORIES to ``databases''. (diff)
Additional patches (already committed to krb5-current):
* Paths corrected in applications * ftpd now logs to facility LOG_FTP * use openpty to obtain pseudo-terminal * corrected detection of TCL libraries * fix a forwarding bug * add -m flag to ksu (preserve USER, HOME, SHELL) * cosmetic bug fix to telnet.c Submitted by: Dima Ruban <dima@best.net>
Notes
Notes: svn path=/head/; revision=11768
Diffstat (limited to 'security')
-rw-r--r--security/krb5-16/files/patch-ai25
-rw-r--r--security/krb5-16/files/patch-aj46
-rw-r--r--security/krb5-16/files/patch-as194
-rw-r--r--security/krb5-16/files/patch-at14
-rw-r--r--security/krb5-16/files/patch-au19
-rw-r--r--security/krb5-17/files/patch-ai25
-rw-r--r--security/krb5-17/files/patch-aj46
-rw-r--r--security/krb5-17/files/patch-as194
-rw-r--r--security/krb5-17/files/patch-at14
-rw-r--r--security/krb5-17/files/patch-au19
-rw-r--r--security/krb5-appl/files/patch-ai25
-rw-r--r--security/krb5-appl/files/patch-aj46
-rw-r--r--security/krb5-appl/files/patch-as194
-rw-r--r--security/krb5-appl/files/patch-at14
-rw-r--r--security/krb5-appl/files/patch-au19
-rw-r--r--security/krb5/files/patch-ai25
-rw-r--r--security/krb5/files/patch-aj46
-rw-r--r--security/krb5/files/patch-as194
-rw-r--r--security/krb5/files/patch-at14
-rw-r--r--security/krb5/files/patch-au19
20 files changed, 1192 insertions, 0 deletions
diff --git a/security/krb5-16/files/patch-ai b/security/krb5-16/files/patch-ai
new file mode 100644
index 000000000000..5eacca9caf86
--- /dev/null
+++ b/security/krb5-16/files/patch-ai
@@ -0,0 +1,25 @@
+*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998
+***************
+*** 374,380 ****
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+--- 374,386 ----
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+!
+! #ifndef LOG_FTP
+! #define FACILITY LOG_DAEMON
+! #else
+! #define FACILITY LOG_FTP
+! #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
diff --git a/security/krb5-16/files/patch-aj b/security/krb5-16/files/patch-aj
new file mode 100644
index 000000000000..29e845803294
--- /dev/null
+++ b/security/krb5-16/files/patch-aj
@@ -0,0 +1,46 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
+***************
+*** 44,55 ****
+ #include <unistd.h>
+ #include <string.h>
+
+! #ifdef WTMP_FILE
+! #define WTMPFILE WTMP_FILE
+ #endif
+
+! #ifndef WTMPFILE
+! #define WTMPFILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+--- 44,55 ----
+ #include <unistd.h>
+ #include <string.h>
+
+! #if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+! #define WTMP_FILE _PATH_WTMP
+ #endif
+
+! #ifndef WTMP_FILE
+! #define WTMP_FILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+***************
+*** 66,72 ****
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as
new file mode 100644
index 000000000000..8ab90bb8494e
--- /dev/null
+++ b/security/krb5-16/files/patch-as
@@ -0,0 +1,194 @@
+*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998
+--- clients/ksu/main.c Tue Jun 30 19:46:02 1998
+***************
+*** 56,62 ****
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+--- 56,62 ----
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+***************
+*** 75,80 ****
+--- 75,81 ----
+ int argc;
+ char ** argv;
+ {
++ int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+***************
+*** 90,95 ****
+--- 91,97 ----
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++ char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ char * cc_source_tag = NULL;
+***************
+*** 174,180 ****
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+--- 176,182 ----
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+***************
+*** 216,221 ****
+--- 218,226 ----
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+***************
+*** 355,362 ****
+ exit(1);
+ }
+
+! /* allocate space and copy the usernamane there */
+ source_user = strdup(pwd->pw_name);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+--- 360,368 ----
+ exit(1);
+ }
+
+! /* allocate space and copy the username there */
+ source_user = strdup(pwd->pw_name);
++ source_shell = strdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+***************
+*** 727,769 ****
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (target_pwd->pw_uid){
+!
+! if(set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if(set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if(set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+
+ /* set the cc env name to target */
+
+--- 733,792 ----
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (asme) {
+! if (source_shell && *source_shell) {
+! shell = strdup(source_shell);
+! } else {
+! shell = _DEF_CSH;
+! }
+! } else {
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (asme) {
+! if (!standard_shell(pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! } else {
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (!asme) {
+! if (target_pwd->pw_uid){
+! if (set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if (set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if (set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+
+ /* set the cc env name to target */
+
diff --git a/security/krb5-16/files/patch-at b/security/krb5-16/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5-16/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998
+--- include/sys/syslog.h Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+ #define LOG_LPR (6<<3) /* line printer subsystem */
+ #define LOG_NEWS (7<<3) /* network news subsystem */
+ #define LOG_UUCP (8<<3) /* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP (11<<3) /* ftp daemon */
++ #endif
+ /* other codes through 15 reserved for system use */
+ #define LOG_LOCAL0 (16<<3) /* reserved for local use */
+ #define LOG_LOCAL1 (17<<3) /* reserved for local use */
diff --git a/security/krb5-16/files/patch-au b/security/krb5-16/files/patch-au
new file mode 100644
index 000000000000..b408c4a3750d
--- /dev/null
+++ b/security/krb5-16/files/patch-au
@@ -0,0 +1,19 @@
+*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998
+--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998
+***************
+*** 51,57 ****
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 0);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
+--- 51,57 ----
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 1);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
diff --git a/security/krb5-17/files/patch-ai b/security/krb5-17/files/patch-ai
new file mode 100644
index 000000000000..5eacca9caf86
--- /dev/null
+++ b/security/krb5-17/files/patch-ai
@@ -0,0 +1,25 @@
+*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998
+***************
+*** 374,380 ****
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+--- 374,386 ----
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+!
+! #ifndef LOG_FTP
+! #define FACILITY LOG_DAEMON
+! #else
+! #define FACILITY LOG_FTP
+! #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
diff --git a/security/krb5-17/files/patch-aj b/security/krb5-17/files/patch-aj
new file mode 100644
index 000000000000..29e845803294
--- /dev/null
+++ b/security/krb5-17/files/patch-aj
@@ -0,0 +1,46 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
+***************
+*** 44,55 ****
+ #include <unistd.h>
+ #include <string.h>
+
+! #ifdef WTMP_FILE
+! #define WTMPFILE WTMP_FILE
+ #endif
+
+! #ifndef WTMPFILE
+! #define WTMPFILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+--- 44,55 ----
+ #include <unistd.h>
+ #include <string.h>
+
+! #if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+! #define WTMP_FILE _PATH_WTMP
+ #endif
+
+! #ifndef WTMP_FILE
+! #define WTMP_FILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+***************
+*** 66,72 ****
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5-17/files/patch-as b/security/krb5-17/files/patch-as
new file mode 100644
index 000000000000..8ab90bb8494e
--- /dev/null
+++ b/security/krb5-17/files/patch-as
@@ -0,0 +1,194 @@
+*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998
+--- clients/ksu/main.c Tue Jun 30 19:46:02 1998
+***************
+*** 56,62 ****
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+--- 56,62 ----
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+***************
+*** 75,80 ****
+--- 75,81 ----
+ int argc;
+ char ** argv;
+ {
++ int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+***************
+*** 90,95 ****
+--- 91,97 ----
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++ char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ char * cc_source_tag = NULL;
+***************
+*** 174,180 ****
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+--- 176,182 ----
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+***************
+*** 216,221 ****
+--- 218,226 ----
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+***************
+*** 355,362 ****
+ exit(1);
+ }
+
+! /* allocate space and copy the usernamane there */
+ source_user = strdup(pwd->pw_name);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+--- 360,368 ----
+ exit(1);
+ }
+
+! /* allocate space and copy the username there */
+ source_user = strdup(pwd->pw_name);
++ source_shell = strdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+***************
+*** 727,769 ****
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (target_pwd->pw_uid){
+!
+! if(set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if(set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if(set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+
+ /* set the cc env name to target */
+
+--- 733,792 ----
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (asme) {
+! if (source_shell && *source_shell) {
+! shell = strdup(source_shell);
+! } else {
+! shell = _DEF_CSH;
+! }
+! } else {
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (asme) {
+! if (!standard_shell(pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! } else {
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (!asme) {
+! if (target_pwd->pw_uid){
+! if (set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if (set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if (set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+
+ /* set the cc env name to target */
+
diff --git a/security/krb5-17/files/patch-at b/security/krb5-17/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5-17/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998
+--- include/sys/syslog.h Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+ #define LOG_LPR (6<<3) /* line printer subsystem */
+ #define LOG_NEWS (7<<3) /* network news subsystem */
+ #define LOG_UUCP (8<<3) /* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP (11<<3) /* ftp daemon */
++ #endif
+ /* other codes through 15 reserved for system use */
+ #define LOG_LOCAL0 (16<<3) /* reserved for local use */
+ #define LOG_LOCAL1 (17<<3) /* reserved for local use */
diff --git a/security/krb5-17/files/patch-au b/security/krb5-17/files/patch-au
new file mode 100644
index 000000000000..b408c4a3750d
--- /dev/null
+++ b/security/krb5-17/files/patch-au
@@ -0,0 +1,19 @@
+*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998
+--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998
+***************
+*** 51,57 ****
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 0);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
+--- 51,57 ----
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 1);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
diff --git a/security/krb5-appl/files/patch-ai b/security/krb5-appl/files/patch-ai
new file mode 100644
index 000000000000..5eacca9caf86
--- /dev/null
+++ b/security/krb5-appl/files/patch-ai
@@ -0,0 +1,25 @@
+*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998
+***************
+*** 374,380 ****
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+--- 374,386 ----
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+!
+! #ifndef LOG_FTP
+! #define FACILITY LOG_DAEMON
+! #else
+! #define FACILITY LOG_FTP
+! #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
diff --git a/security/krb5-appl/files/patch-aj b/security/krb5-appl/files/patch-aj
new file mode 100644
index 000000000000..29e845803294
--- /dev/null
+++ b/security/krb5-appl/files/patch-aj
@@ -0,0 +1,46 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
+***************
+*** 44,55 ****
+ #include <unistd.h>
+ #include <string.h>
+
+! #ifdef WTMP_FILE
+! #define WTMPFILE WTMP_FILE
+ #endif
+
+! #ifndef WTMPFILE
+! #define WTMPFILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+--- 44,55 ----
+ #include <unistd.h>
+ #include <string.h>
+
+! #if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+! #define WTMP_FILE _PATH_WTMP
+ #endif
+
+! #ifndef WTMP_FILE
+! #define WTMP_FILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+***************
+*** 66,72 ****
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5-appl/files/patch-as b/security/krb5-appl/files/patch-as
new file mode 100644
index 000000000000..8ab90bb8494e
--- /dev/null
+++ b/security/krb5-appl/files/patch-as
@@ -0,0 +1,194 @@
+*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998
+--- clients/ksu/main.c Tue Jun 30 19:46:02 1998
+***************
+*** 56,62 ****
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+--- 56,62 ----
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+***************
+*** 75,80 ****
+--- 75,81 ----
+ int argc;
+ char ** argv;
+ {
++ int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+***************
+*** 90,95 ****
+--- 91,97 ----
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++ char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ char * cc_source_tag = NULL;
+***************
+*** 174,180 ****
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+--- 176,182 ----
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+***************
+*** 216,221 ****
+--- 218,226 ----
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+***************
+*** 355,362 ****
+ exit(1);
+ }
+
+! /* allocate space and copy the usernamane there */
+ source_user = strdup(pwd->pw_name);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+--- 360,368 ----
+ exit(1);
+ }
+
+! /* allocate space and copy the username there */
+ source_user = strdup(pwd->pw_name);
++ source_shell = strdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+***************
+*** 727,769 ****
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (target_pwd->pw_uid){
+!
+! if(set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if(set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if(set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+
+ /* set the cc env name to target */
+
+--- 733,792 ----
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (asme) {
+! if (source_shell && *source_shell) {
+! shell = strdup(source_shell);
+! } else {
+! shell = _DEF_CSH;
+! }
+! } else {
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (asme) {
+! if (!standard_shell(pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! } else {
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (!asme) {
+! if (target_pwd->pw_uid){
+! if (set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if (set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if (set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+
+ /* set the cc env name to target */
+
diff --git a/security/krb5-appl/files/patch-at b/security/krb5-appl/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5-appl/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998
+--- include/sys/syslog.h Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+ #define LOG_LPR (6<<3) /* line printer subsystem */
+ #define LOG_NEWS (7<<3) /* network news subsystem */
+ #define LOG_UUCP (8<<3) /* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP (11<<3) /* ftp daemon */
++ #endif
+ /* other codes through 15 reserved for system use */
+ #define LOG_LOCAL0 (16<<3) /* reserved for local use */
+ #define LOG_LOCAL1 (17<<3) /* reserved for local use */
diff --git a/security/krb5-appl/files/patch-au b/security/krb5-appl/files/patch-au
new file mode 100644
index 000000000000..b408c4a3750d
--- /dev/null
+++ b/security/krb5-appl/files/patch-au
@@ -0,0 +1,19 @@
+*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998
+--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998
+***************
+*** 51,57 ****
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 0);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
+--- 51,57 ----
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 1);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
diff --git a/security/krb5/files/patch-ai b/security/krb5/files/patch-ai
new file mode 100644
index 000000000000..5eacca9caf86
--- /dev/null
+++ b/security/krb5/files/patch-ai
@@ -0,0 +1,25 @@
+*** appl/gssftp/ftpd/ftpd.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/ftpd.c Tue Jun 30 19:46:01 1998
+***************
+*** 374,380 ****
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+--- 374,386 ----
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+!
+! #ifndef LOG_FTP
+! #define FACILITY LOG_DAEMON
+! #else
+! #define FACILITY LOG_FTP
+! #endif
+! openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
diff --git a/security/krb5/files/patch-aj b/security/krb5/files/patch-aj
new file mode 100644
index 000000000000..29e845803294
--- /dev/null
+++ b/security/krb5/files/patch-aj
@@ -0,0 +1,46 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
+***************
+*** 44,55 ****
+ #include <unistd.h>
+ #include <string.h>
+
+! #ifdef WTMP_FILE
+! #define WTMPFILE WTMP_FILE
+ #endif
+
+! #ifndef WTMPFILE
+! #define WTMPFILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+--- 44,55 ----
+ #include <unistd.h>
+ #include <string.h>
+
+! #if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+! #define WTMP_FILE _PATH_WTMP
+ #endif
+
+! #ifndef WTMP_FILE
+! #define WTMP_FILE "/usr/adm/wtmp"
+ #endif
+
+ static int fd = -1;
+***************
+*** 66,72 ****
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5/files/patch-as b/security/krb5/files/patch-as
new file mode 100644
index 000000000000..8ab90bb8494e
--- /dev/null
+++ b/security/krb5/files/patch-as
@@ -0,0 +1,194 @@
+*** clients/ksu/main.c.ORIG Fri Feb 6 19:41:57 1998
+--- clients/ksu/main.c Tue Jun 30 19:46:02 1998
+***************
+*** 56,62 ****
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+--- 56,62 ----
+ ill specified arguments to commands */
+
+ void usage (){
+! fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+
+ }
+
+***************
+*** 75,80 ****
+--- 75,81 ----
+ int argc;
+ char ** argv;
+ {
++ int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+***************
+*** 90,95 ****
+--- 91,97 ----
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++ char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ char * cc_source_tag = NULL;
+***************
+*** 174,180 ****
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+--- 176,182 ----
+ }
+
+
+! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+***************
+*** 216,221 ****
+--- 218,226 ----
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+***************
+*** 355,362 ****
+ exit(1);
+ }
+
+! /* allocate space and copy the usernamane there */
+ source_user = strdup(pwd->pw_name);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+--- 360,368 ----
+ exit(1);
+ }
+
+! /* allocate space and copy the username there */
+ source_user = strdup(pwd->pw_name);
++ source_shell = strdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+***************
+*** 727,769 ****
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (target_pwd->pw_uid){
+!
+! if(set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if(set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if(set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+
+ /* set the cc env name to target */
+
+--- 733,792 ----
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+! if (asme) {
+! if (source_shell && *source_shell) {
+! shell = strdup(source_shell);
+! } else {
+! shell = _DEF_CSH;
+! }
+! } else {
+! if (target_pwd->pw_shell)
+! shell = strdup(target_pwd->pw_shell);
+! else {
+! shell = _DEF_CSH; /* default is cshell */
+! }
+! }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+! if (asme) {
+! if (!standard_shell(pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! } else {
+! if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+! fprintf(stderr, "ksu: permission denied (shell).\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+! if (!asme) {
+! if (target_pwd->pw_uid){
+! if (set_env_var("USER", target_pwd->pw_name)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+!
+! if (set_env_var( "HOME", target_pwd->pw_dir)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+!
+! if (set_env_var( "SHELL", shell)){
+! fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+! sweep_up(ksu_context, use_source_cache, cc_target);
+! exit(1);
+! }
+! }
+
+ /* set the cc env name to target */
+
diff --git a/security/krb5/files/patch-at b/security/krb5/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998
+--- include/sys/syslog.h Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+ #define LOG_LPR (6<<3) /* line printer subsystem */
+ #define LOG_NEWS (7<<3) /* network news subsystem */
+ #define LOG_UUCP (8<<3) /* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP (11<<3) /* ftp daemon */
++ #endif
+ /* other codes through 15 reserved for system use */
+ #define LOG_LOCAL0 (16<<3) /* reserved for local use */
+ #define LOG_LOCAL1 (17<<3) /* reserved for local use */
diff --git a/security/krb5/files/patch-au b/security/krb5/files/patch-au
new file mode 100644
index 000000000000..b408c4a3750d
--- /dev/null
+++ b/security/krb5/files/patch-au
@@ -0,0 +1,19 @@
+*** appl/bsd/forward.c.ORIG Fri Feb 6 19:41:16 1998
+--- appl/bsd/forward.c Tue Jun 30 19:46:01 1998
+***************
+*** 51,57 ****
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 0);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;
+--- 51,57 ----
+ */
+
+ sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
+! setenv("KRB5CCNAME", ccname, 1);
+
+ if (retval = krb5_cc_resolve(context, ccname, ccache))
+ goto cleanup;