From 96fe98e1c6bc0301781b0dd7dbfeef3e3f137f43 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Thu, 23 Mar 2006 22:24:03 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'RELEASE_5_5_0'. --- security/krb5-16/files/README.FreeBSD | 32 ---- security/krb5-16/files/patch-ac | 13 -- security/krb5-16/files/patch-ad | 13 -- security/krb5-16/files/patch-ae | 13 -- security/krb5-16/files/patch-af | 13 -- security/krb5-16/files/patch-ai | 28 --- security/krb5-16/files/patch-aj | 19 -- .../krb5-16/files/patch-appl::bsd::Makefile.in | 12 -- security/krb5-16/files/patch-appl::bsd::klogind.M | 35 ---- .../files/patch-appl::gssftp::ftp::ftp_var.h | 23 --- .../files/patch-appl::telnet::telnetd::Makefile.in | 11 -- .../files/patch-appl::telnet::telnetd::telnetd.8 | 22 --- .../files/patch-appl::telnet::telnetd::utility.c | 38 ---- security/krb5-16/files/patch-as | 195 --------------------- security/krb5-16/files/patch-at | 14 -- security/krb5-16/files/patch-av | 15 -- security/krb5-16/files/patch-ax | 12 -- security/krb5-16/files/patch-ay | 50 ------ security/krb5-16/files/patch-ba | 77 -------- security/krb5-16/files/patch-bb | 10 -- security/krb5-16/files/patch-config::pre.in | 11 -- security/krb5-16/files/patch-config::shlib.conf | 26 --- .../files/patch-lib::gssapi::krb5::import_name.c | 14 -- .../krb5-16/files/patch-lib::krb5::os::hst_realm.c | 14 -- .../files/patch-lib::krb5::os::locate_kdc.c | 13 -- 25 files changed, 723 deletions(-) delete mode 100644 security/krb5-16/files/README.FreeBSD delete mode 100644 security/krb5-16/files/patch-ac delete mode 100644 security/krb5-16/files/patch-ad delete mode 100644 security/krb5-16/files/patch-ae delete mode 100644 security/krb5-16/files/patch-af delete mode 100644 security/krb5-16/files/patch-ai delete mode 100644 security/krb5-16/files/patch-aj delete mode 100644 security/krb5-16/files/patch-appl::bsd::Makefile.in delete mode 100644 security/krb5-16/files/patch-appl::bsd::klogind.M delete mode 100644 security/krb5-16/files/patch-appl::gssftp::ftp::ftp_var.h delete mode 100644 security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in delete mode 100644 security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 delete mode 100644 security/krb5-16/files/patch-appl::telnet::telnetd::utility.c delete mode 100644 security/krb5-16/files/patch-as delete mode 100644 security/krb5-16/files/patch-at delete mode 100644 security/krb5-16/files/patch-av delete mode 100644 security/krb5-16/files/patch-ax delete mode 100644 security/krb5-16/files/patch-ay delete mode 100644 security/krb5-16/files/patch-ba delete mode 100644 security/krb5-16/files/patch-bb delete mode 100644 security/krb5-16/files/patch-config::pre.in delete mode 100644 security/krb5-16/files/patch-config::shlib.conf delete mode 100644 security/krb5-16/files/patch-lib::gssapi::krb5::import_name.c delete mode 100644 security/krb5-16/files/patch-lib::krb5::os::hst_realm.c delete mode 100644 security/krb5-16/files/patch-lib::krb5::os::locate_kdc.c (limited to 'security/krb5-16/files') diff --git a/security/krb5-16/files/README.FreeBSD b/security/krb5-16/files/README.FreeBSD deleted file mode 100644 index e888e689eb04..000000000000 --- a/security/krb5-16/files/README.FreeBSD +++ /dev/null @@ -1,32 +0,0 @@ -The MIT KRB5 port provides its own login program at -${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of -the FreeBSD login.conf and login.access files that provide a means of -setting up and controlling sessions under FreeBSD. To overcome this, -the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide -interactive login password authentication instead of the login.krb5 -program provided by MIT KRB5. The FreeBSD /usr/bin/login program does -not have support for Kerberos V password authentication, -e.g. authentication at the console. The pam_krb5 port must be used to -provide Kerberos V password authentication. - -For more information about pam_krb5, please see pam(8) and pam_krb5(8). - -If you wish to use login.krb5 that is provided by the MIT KRB5 port, -the arguments "-L ${PREFIX}/sbin/login.krb5" must be -specified as arguments to klogind and KRB5 telnetd, e.g. - -klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 -eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 -telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 - -Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead -of the FreeBSD provided /usr/bin/login for local tty logins, -"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., - -default:\ - :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ - :if=/etc/issue:\ - :lo=${PREFIX}/sbin/login.krb5: - -It is recommended that the FreeBSD /usr/bin/login be used with the -pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-16/files/patch-ac b/security/krb5-16/files/patch-ac deleted file mode 100644 index 8bca5437d964..000000000000 --- a/security/krb5-16/files/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/admin.texinfo Fri Feb 6 21:40:56 1998 -+++ admin.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb5-admin.info - @settitle Kerberos V5 System Administrator's Guide -+@dircategory Kerberos V5 -+@direntry -+* Admin Guide: (krb5-admin). Kerberos V5 System Admin's Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-16/files/patch-ad b/security/krb5-16/files/patch-ad deleted file mode 100644 index c8b6d3e99e91..000000000000 --- a/security/krb5-16/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/user-guide.texinfo Fri Feb 6 21:40:58 1998 -+++ user-guide.texinfo Fri Jun 19 15:13:45 1998 -@@ -3,6 +3,10 @@ - @c guide - @setfilename krb5-user.info - @settitle Kerberos V5 UNIX User's Guide -+@dircategory Kerberos V5 -+@direntry -+* User's Guide: (krb5-user). Kerberos V5 UNIX User's Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-16/files/patch-ae b/security/krb5-16/files/patch-ae deleted file mode 100644 index f5643b5aa04f..000000000000 --- a/security/krb5-16/files/patch-ae +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/install.texinfo Fri Feb 6 21:40:56 1998 -+++ install.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb5-install.info - @settitle Kerberos V5 Installation Guide -+@dircategory Kerberos V5 -+@direntry -+* Installation Guide: (krb5-install). Kerberos V5 Installation Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-16/files/patch-af b/security/krb5-16/files/patch-af deleted file mode 100644 index 49425d6efceb..000000000000 --- a/security/krb5-16/files/patch-af +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998 -+++ krb425.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb425.info - @settitle Upgrading to Kerberos V5 from Kerberos V4 -+@dircategory Kerberos V5 -+@direntry -+* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5 -+@end direntry - @c @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-16/files/patch-ai b/security/krb5-16/files/patch-ai deleted file mode 100644 index f5b733194344..000000000000 --- a/security/krb5-16/files/patch-ai +++ /dev/null @@ -1,28 +0,0 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 -+++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 -@@ -487,7 +487,13 @@ - #ifndef LOG_DAEMON - #define LOG_DAEMON 0 - #endif -- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); -+ -+#ifndef LOG_FTP -+#define FACILITY LOG_DAEMON -+#else -+#define FACILITY LOG_FTP -+#endif -+ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); - - addrlen = sizeof (his_addr); - if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -2312,6 +2318,10 @@ - if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), - &kdata.session,&ctrl_addr, &his_addr)) == -1) { - secure_error("ADAT: krb_mk_safe failed"); -+ return(0); -+ } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); - return(0); - } - if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-16/files/patch-aj b/security/krb5-16/files/patch-aj deleted file mode 100644 index c3bb8dfd6960..000000000000 --- a/security/krb5-16/files/patch-aj +++ /dev/null @@ -1,19 +0,0 @@ -*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 ---- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 -*************** -*** 66,72 **** - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); ---- 66,72 ---- - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-16/files/patch-appl::bsd::Makefile.in b/security/krb5-16/files/patch-appl::bsd::Makefile.in deleted file mode 100644 index 581048933264..000000000000 --- a/security/krb5-16/files/patch-appl::bsd::Makefile.in +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 -+++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 -@@ -31,8 +31,8 @@ - -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" - - DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \ -- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ -+ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ - -DHEIMDAL_FRIENDLY - - all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) - diff --git a/security/krb5-16/files/patch-appl::bsd::klogind.M b/security/krb5-16/files/patch-appl::bsd::klogind.M deleted file mode 100644 index 9cddd5fc222d..000000000000 --- a/security/krb5-16/files/patch-appl::bsd::klogind.M +++ /dev/null @@ -1,35 +0,0 @@ ---- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 -+++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 -@@ -14,7 +14,7 @@ - .B \-kr54cpPef - ] - [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ] --[ \fB\-D\fP \fIport\fP ] -+[ \fB\-D\fP \fIport\fP ] [\fB\-L\fP \fIloginpath\fP] - .SH DESCRIPTION - .I Klogind - is the server for the -@@ -107,6 +108,10 @@ - Beta5 (May 1995)--present bogus checksums that prevent Kerberos - authentication from succeeding in the default mode. - -+.IP \fB\-L\ loginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. -+ - - .PP - If the -@@ -157,12 +162,6 @@ - - .IP \fB\-M\ realm\fP - Set the Kerberos realm to use. -- --.IP \fB\-L\ login\fP --Set the login program to use. This option only has an effect if --DO_NOT_USE_K_LOGIN was not defined when --.I klogind --was compiled. - - .IP \fB\-D\ port\fP - Run in standalone mode, listening on \fBport\fP. The daemon will exit diff --git a/security/krb5-16/files/patch-appl::gssftp::ftp::ftp_var.h b/security/krb5-16/files/patch-appl::gssftp::ftp::ftp_var.h deleted file mode 100644 index 256e929aa68f..000000000000 --- a/security/krb5-16/files/patch-appl::gssftp::ftp::ftp_var.h +++ /dev/null @@ -1,23 +0,0 @@ ---- appl/gssftp/ftp/ftp_var.h.orig Tue Jun 17 02:37:40 2003 -+++ appl/gssftp/ftp/ftp_var.h Sat Aug 30 05:30:44 2003 -@@ -33,6 +33,10 @@ - * @(#)ftp_var.h 5.9 (Berkeley) 6/1/90 - */ - -+#if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version > 500000 -+#undef __BSD_VISIBLE -+#endif -+ - #ifdef _WIN32 - #include - #include -@@ -57,9 +61,7 @@ - typedef void (*sig_t)(int); - typedef void sigtype; - #else --#define sig_t my_sig_t - #define sigtype krb5_sigtype --typedef sigtype (*sig_t)(); - #endif - - /* diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in deleted file mode 100644 index cb5a0e26d49d..000000000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 -@@ -24,7 +24,7 @@ - # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 - # - --AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" - OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON - LOCALINCLUDES=-I.. -I$(srcdir)/.. - DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 deleted file mode 100644 index 951ee0d5692a..000000000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.8 +++ /dev/null @@ -1,22 +0,0 @@ ---- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 -@@ -43,7 +43,7 @@ - [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] - [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] - [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] --[\fB\-debug\fP [\fIport\fP]] -+[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] - .SH DESCRIPTION - The - .B telnetd -@@ -221,6 +221,10 @@ - in response to a - .SM DO TIMING-MARK) - for kludge linemode support. -+.TP -+\fB\-L\fP \fIloginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. - .TP - .B \-l - Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c deleted file mode 100644 index 8bb656dc0673..000000000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c +++ /dev/null @@ -1,38 +0,0 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 -+++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 -@@ -408,18 +408,25 @@ - int - netwrite(const char *buf, size_t len) - { -- size_t remain; -+ int remaining, copied; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ while (len > 0) { -+ /* Free up enough space if the room is too low*/ -+ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } - -- remain = sizeof(netobuf) - (nfrontp - netobuf); -- if (remain < len) { -- netflush(); -- remain = sizeof(netobuf) - (nfrontp - netobuf); -+ /* Copy out as much as will fit */ -+ copied = remaining > len ? len : remaining; -+ memmove(nfrontp, buf, copied); -+ nfrontp += copied; -+ len -= copied; -+ remaining -= copied; -+ buf += copied; - } -- if (remain < len) -- return 0; -- memcpy(nfrontp, buf, len); -- nfrontp += len; -- return len; -+ return copied; - } - - /* diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as deleted file mode 100644 index de19886eac08..000000000000 --- a/security/krb5-16/files/patch-as +++ /dev/null @@ -1,195 +0,0 @@ ---- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 -+++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 -@@ -32,6 +32,10 @@ - #include - #include - -+#ifdef LOGIN_CAP -+#include -+#endif -+ - /* globals */ - char * prog_name; - int auth_debug =0; -@@ -61,7 +65,7 @@ - ill specified arguments to commands */ - - void usage (){ -- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); -+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); - } - - /* for Ultrix and friends ... */ -@@ -77,6 +81,7 @@ - int argc; - char ** argv; - { -+ int asme = 0; - int hp =0; - int some_rest_copy = 0; - int all_rest_copy = 0; -@@ -91,6 +96,7 @@ - char * cc_target_tag = NULL; - char * target_user = NULL; - char * source_user; -+ char * source_shell; - - krb5_ccache cc_source = NULL; - const char * cc_source_tag = NULL; -@@ -117,6 +123,11 @@ - krb5_principal kdc_server; - krb5_boolean zero_password; - char * dir_of_cc_target; -+ -+#ifdef LOGIN_CAP -+ login_cap_t *lc; -+ int setwhat; -+#endif - - options.opt = KRB5_DEFAULT_OPTIONS; - options.lifetime = KRB5_DEFAULT_TKT_LIFE; -@@ -181,7 +192,7 @@ - com_err (prog_name, errno, "while setting euid to source user"); - exit (1); - } -- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ -+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ - switch (option) { - case 'r': - options.opt |= KDC_OPT_RENEWABLE; -@@ -227,6 +238,9 @@ - errflg++; - } - break; -+ case 'm': -+ asme = 1; -+ break; - case 'n': - if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ - com_err(prog_name, retval, "when parsing name %s", optarg); -@@ -341,6 +355,7 @@ - - /* allocate space and copy the usernamane there */ - source_user = xstrdup(pwd->pw_name); -+ source_shell = xstrdup(pwd->pw_shell); - source_uid = pwd->pw_uid; - source_gid = pwd->pw_gid; - -@@ -672,43 +687,64 @@ - /* get the shell of the user, this will be the shell used by su */ - target_pwd = getpwnam(target_user); - -- if (target_pwd->pw_shell) -- shell = xstrdup(target_pwd->pw_shell); -- else { -- shell = _DEF_CSH; /* default is cshell */ -+ if (asme) { -+ if (source_shell && *source_shell) { -+ shell = strdup(source_shell); -+ } else { -+ shell = _DEF_CSH; -+ } -+ } else { -+ if (target_pwd->pw_shell) -+ shell = strdup(target_pwd->pw_shell); -+ else { -+ shell = _DEF_CSH; /* default is cshell */ -+ } - } - - #ifdef HAVE_GETUSERSHELL - - /* insist that the target login uses a standard shell (root is omited) */ - -- if (!standard_shell(target_pwd->pw_shell) && source_uid) { -- fprintf(stderr, "ksu: permission denied (shell).\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -+ if (asme) { -+ if (!standard_shell(pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } else { -+ if (!standard_shell(target_pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - } - #endif /* HAVE_GETUSERSHELL */ - -- if (target_pwd->pw_uid){ -- -- if(set_env_var("USER", target_pwd->pw_name)){ -+ if (!asme) { -+ if (target_pwd->pw_uid){ -+ if (set_env_var("USER", target_pwd->pw_name)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+ if (set_env_var( "HOME", target_pwd->pw_dir)){ - fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(ksu_context, cc_target); - exit(1); -- } -- } -- -- if(set_env_var( "HOME", target_pwd->pw_dir)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ } - -- if(set_env_var( "SHELL", shell)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "SHELL", shell)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+#ifdef LOGIN_CAP -+ lc = login_getpwclass(pwd); -+#endif - - /* set the cc env name to target */ - -@@ -718,7 +754,19 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -- -+ -+#ifdef LOGIN_CAP -+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; -+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; -+ /* -+ * Don't touch resource/priority settings if -m has been -+ * used or -l and -c hasn't, and we're not su'ing to root. -+ */ -+ if (target_pwd->pw_uid) -+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); -+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) -+ err(1, "setusercontext"); -+#else - /* set permissions */ - if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -759,6 +807,7 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -+#endif - - if (access( cc_target_tag_tmp, R_OK | W_OK )){ - com_err(prog_name, errno, diff --git a/security/krb5-16/files/patch-at b/security/krb5-16/files/patch-at deleted file mode 100644 index 060207ec644a..000000000000 --- a/security/krb5-16/files/patch-at +++ /dev/null @@ -1,14 +0,0 @@ -*** include/syslog.h.ORIG Fri Feb 6 19:42:12 1998 ---- include/syslog.h Tue Jun 30 19:46:02 1998 -*************** -*** 34,39 **** ---- 34,42 ---- - #define LOG_LPR (6<<3) /* line printer subsystem */ - #define LOG_NEWS (7<<3) /* network news subsystem */ - #define LOG_UUCP (8<<3) /* UUCP subsystem */ -+ #if (defined(BSD) && (BSD >= 199306)) -+ #define LOG_FTP (11<<3) /* ftp daemon */ -+ #endif - /* other codes through 15 reserved for system use */ - #define LOG_LOCAL0 (16<<3) /* reserved for local use */ - #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-16/files/patch-av b/security/krb5-16/files/patch-av deleted file mode 100644 index 8363b8bb1e2d..000000000000 --- a/security/krb5-16/files/patch-av +++ /dev/null @@ -1,15 +0,0 @@ -*** clients/ksu/Makefile.in.ORIG Sun Aug 2 16:51:18 1998 ---- clients/ksu/Makefile.in Sun Aug 2 16:53:48 1998 -*************** -*** 3,7 **** - mydir=ksu - BUILDTOP=$(REL)$(U)$(S)$(U) -! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' - CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) - ---- 3,7 ---- - mydir=ksu - BUILDTOP=$(REL)$(U)$(S)$(U) -! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' - CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) - diff --git a/security/krb5-16/files/patch-ax b/security/krb5-16/files/patch-ax deleted file mode 100644 index 0307d8372b35..000000000000 --- a/security/krb5-16/files/patch-ax +++ /dev/null @@ -1,12 +0,0 @@ ---- ../doc/Makefile.orig Fri Sep 20 10:35:27 2002 -+++ ../doc/Makefile Tue Jul 29 18:53:08 2003 -@@ -1,7 +1,7 @@ - SRCDIR=../src - DVI=texi2dvi - DVIPS=dvips -o "$@" --INFO=makeinfo -+INFO=makeinfo --no-validate --no-split --HTML=makeinfo --html -+HTML=makeinfo --html --no-split - RM=rm -f - TAR=tar -chvf diff --git a/security/krb5-16/files/patch-ay b/security/krb5-16/files/patch-ay deleted file mode 100644 index 54c041e205f1..000000000000 --- a/security/krb5-16/files/patch-ay +++ /dev/null @@ -1,50 +0,0 @@ ---- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 -+++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 -@@ -24,13 +24,26 @@ - #include "libpty.h" - #include "pty-int.h" - -+#ifdef __FreeBSD__ -+#define PTYCHARS1 "pqrsPQRS" -+#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv" -+#endif -+ -+#ifndef PTYCHARS1 -+#define PTYCHARS1 "pqrstuvwxyzPQRST" -+#endif -+ -+#ifndef PTYCHARS2 -+#define PTYCHARS2 "0123456789abcdef" -+#endif -+ - long - ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) - { -+ int ptynum; -+ char *cp1, *cp2; - #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) -- char *cp; - char *p; -- int i,ptynum; - struct stat stb; - char slavebuf[1024]; - #endif -@@ -115,14 +128,14 @@ - strncpy(slave, slavebuf, slavelength); - return 0; - } else { -- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { -+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) { - sprintf(slavebuf,"/dev/ptyXX"); -- slavebuf[sizeof("/dev/pty") - 1] = *cp; -+ slavebuf[sizeof("/dev/pty") - 1] = *cp1; - slavebuf[sizeof("/dev/ptyp") - 1] = '0'; - if (stat(slavebuf, &stb) < 0) - break; -- for (i = 0; i < 16; i++) { -- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i]; -+ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) { -+ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2; - *fd = open(slavebuf, O_RDWR); - if (*fd < 0) continue; - diff --git a/security/krb5-16/files/patch-ba b/security/krb5-16/files/patch-ba deleted file mode 100644 index dd0c760df7d2..000000000000 --- a/security/krb5-16/files/patch-ba +++ /dev/null @@ -1,77 +0,0 @@ ---- appl/bsd/login.c.orig Tue May 27 21:06:25 2003 -+++ appl/bsd/login.c Tue Jul 29 20:52:25 2003 -@@ -1342,19 +1342,6 @@ - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - } - -- /* Policy: If local password is good, user is good. -- We really can't trust the Kerberos password, -- because somebody on the net could spoof the -- Kerberos server (not easy, but possible). -- Some sites might want to use it anyways, in -- which case they should change this line -- to: -- if (kpass_ok) -- */ -- -- if (lpass_ok) -- break; -- - if (got_v5_tickets) { - retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, - NULL, &xtra_creds, -@@ -1378,6 +1365,9 @@ - } - #endif /* KRB4_GET_TICKETS */ - -+ if (lpass_ok) -+ break; -+ - bad_login: - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - -@@ -1667,21 +1657,23 @@ - /* set up credential cache -- obeying KRB5_ENV_CCNAME - set earlier */ - /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ -- if ((retval = krb5_cc_default(kcontext, &ccache))) { -+ if ((retval = krb5_cc_default(kcontext, &ccache))) - com_err(argv[0], retval, "while getting default ccache"); -- } else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) { -- com_err(argv[0], retval, "when initializing cache"); -- } else if ((retval = krb5_cc_store_cred(kcontext, ccache, -- &my_creds))) { -- com_err(argv[0], retval, "while storing credentials"); -- } else if (xtra_creds && -- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, -- ccache))) { -- com_err(argv[0], retval, "while storing credentials"); -+ else { -+ if (retval = krb5_cc_initialize(kcontext, ccache, me)) -+ com_err(argv[0], retval, "when initializing cache"); -+ else { -+ if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) -+ com_err(argv[0], retval, "while storing credentials"); -+ else { -+ if (xtra_creds && -+ (retval = krb5_cc_copy_creds(kcontext, xtra_creds, ccache))) { -+ com_err(argv[0], retval, "while storing credentials"); -+ krb5_cc_destroy(kcontext, xtra_creds); -+ } -+ } -+ } - } -- -- if (xtra_creds) -- krb5_cc_destroy(kcontext, xtra_creds); - } else if (forwarded_v5_tickets && rewrite_ccache) { - if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { - syslog(LOG_ERR, -@@ -1762,6 +1754,7 @@ - - if (ccname) - setenv("KRB5CCNAME", ccname, 1); -+ krb5_cc_set_default_name(kcontext, ccname); - - setenv("HOME", pwd->pw_dir, 1); - setenv("PATH", LPATH, 1); diff --git a/security/krb5-16/files/patch-bb b/security/krb5-16/files/patch-bb deleted file mode 100644 index 6545ae682c53..000000000000 --- a/security/krb5-16/files/patch-bb +++ /dev/null @@ -1,10 +0,0 @@ ---- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999 -+++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999 -@@ -58,7 +58,6 @@ - $(INSTALL_DATA) $(srcdir)/$$f.1 \ - ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ - done -- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc - - authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) - commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) diff --git a/security/krb5-16/files/patch-config::pre.in b/security/krb5-16/files/patch-config::pre.in deleted file mode 100644 index bdd183e98ad4..000000000000 --- a/security/krb5-16/files/patch-config::pre.in +++ /dev/null @@ -1,11 +0,0 @@ ---- config/pre.in.orig Fri Nov 19 13:47:51 2004 -+++ config/pre.in Thu Jan 27 17:43:12 2005 -@@ -177,7 +177,7 @@ - INSTALL=@INSTALL@ - INSTALL_STRIP= - INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) --INSTALL_SCRIPT=@INSTALL_PROGRAM@ -+INSTALL_SCRIPT=@INSTALL_SCRIPT@ - INSTALL_DATA=@INSTALL_DATA@ - INSTALL_SHLIB=@INSTALL_SHLIB@ - INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root diff --git a/security/krb5-16/files/patch-config::shlib.conf b/security/krb5-16/files/patch-config::shlib.conf deleted file mode 100644 index 272865fd23dc..000000000000 --- a/security/krb5-16/files/patch-config::shlib.conf +++ /dev/null @@ -1,26 +0,0 @@ ---- config/shlib.conf.orig Thu Apr 7 14:38:55 2005 -+++ config/shlib.conf Wed Nov 23 16:32:40 2005 -@@ -238,17 +238,21 @@ - else - objformat="aout" - fi -- PICFLAGS=-fpic -+ case $krb5_cv_host in -+ sparc64-*) PICFLAGS=-fPIC;; -+ *) PICFLAGS=-fpic;; -+ esac - if test "x$objformat" = "xelf" ; then - SHLIBVEXT='.so.$(LIBMAJOR)' -+ LDCOMBINE="libtool --mode=link cc -shared" - RPATH_FLAG='-Wl,-rpath -Wl,' - else -+ LDCOMBINE='ld -Bshareable' - RPATH_FLAG=-R - SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' - fi - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' - SHLIBEXT=.so -- LDCOMBINE='ld -Bshareable' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' diff --git a/security/krb5-16/files/patch-lib::gssapi::krb5::import_name.c b/security/krb5-16/files/patch-lib::gssapi::krb5::import_name.c deleted file mode 100644 index 40f116af2196..000000000000 --- a/security/krb5-16/files/patch-lib::gssapi::krb5::import_name.c +++ /dev/null @@ -1,14 +0,0 @@ ---- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 -+++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 -@@ -33,6 +33,11 @@ - #endif - #endif - -+#include -+#if __FreeBSD_version < 500100 -+#include -+#endif -+ - #ifdef HAVE_STRING_H - #include - #else diff --git a/security/krb5-16/files/patch-lib::krb5::os::hst_realm.c b/security/krb5-16/files/patch-lib::krb5::os::hst_realm.c deleted file mode 100644 index d3caed59fd30..000000000000 --- a/security/krb5-16/files/patch-lib::krb5::os::hst_realm.c +++ /dev/null @@ -1,14 +0,0 @@ ---- lib/krb5/os/hst_realm.c.orig Tue Oct 15 15:51:50 2002 -+++ lib/krb5/os/hst_realm.c Sat Jan 24 20:11:05 2004 -@@ -438,9 +438,11 @@ - return EAFNOSUPPORT; - case EAI_MEMORY: - return ENOMEM; -+#ifdef EAI_NODATA - #if EAI_NODATA != EAI_NONAME - case EAI_NODATA: - return KRB5_EAI_NODATA; -+#endif - #endif - case EAI_NONAME: - return KRB5_EAI_NONAME; diff --git a/security/krb5-16/files/patch-lib::krb5::os::locate_kdc.c b/security/krb5-16/files/patch-lib::krb5::os::locate_kdc.c deleted file mode 100644 index 5cfbbe3553de..000000000000 --- a/security/krb5-16/files/patch-lib::krb5::os::locate_kdc.c +++ /dev/null @@ -1,13 +0,0 @@ ---- lib/krb5/os/locate_kdc.c.orig Mon Jun 9 14:27:56 2003 -+++ lib/krb5/os/locate_kdc.c Sun Jan 25 13:28:01 2004 -@@ -185,8 +185,10 @@ - #ifdef EAI_ADDRFAMILY - case EAI_ADDRFAMILY: - #endif -+#ifdef EAI_NODATA - #if EAI_NODATA != EAI_NONAME - case EAI_NODATA: -+#endif - #endif - case EAI_NONAME: - /* Name not known or no address data, but no error. Do -- cgit v1.2.3