cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ntroducing the new krb5-devel port, tracking MIT KRB5 development

Browse Source 
on github.
This commit is contained in:
Cy Schubert 2017-07-11 04:13:11 +00:00
parent 535cdf0df3
commit 75c46d3631
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=445467
13 changed files with 524 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/Makefile
View File

@ -299,6 +299,7 @@
SUBDIR += krb5-114
SUBDIR += krb5-115
SUBDIR += krb5-appl
SUBDIR += krb5-devel
SUBDIR += kripp
SUBDIR += kstart
SUBDIR += kwalletmanager

116
security/krb5-devel/Makefile Normal file
View File

@ -0,0 +1,116 @@
# Created by: nectar@FreeBSD.org
# $FreeBSD$
PORTNAME= krb5
DISTVERSION= 1.16
PORTVERSION= ${DISTVERSION}.${MIT_COMMIT_DATE}
CATEGORIES= security
.if !defined(MASTERDIR)
PKGNAMESUFFIX= -devel
.endif
HASH= 83d47cd
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
PATCH_DIST_STRIP= -p2
MAINTAINER= cy@FreeBSD.org
COMMENT= MIT implementation of RFC 4120 network authentication service
LICENSE= MIT
USE_GITHUB= yes
GH_TAGNAME= ${HASH}
MIT_COMMIT_DATE= 2017.06.20
CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-11[34]-[0-9]* krb5-1.[0-9]*
KERBEROSV_URL= http://web.mit.edu/kerberos/
USE_PERL5= build
USE_LDCONFIG= yes
USE_CSTD= gnu99
GNU_CONFIGURE= yes
USES= autoreconf cpe gmake localbase perl5 libtool:build \
gssapi:bootstrap,mit pkgconfig:run ssl
CONFIGURE_ARGS?= --enable-shared --without-system-verto \
--disable-rpath --localstatedir="${PREFIX}/var"
CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}"
MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}"
CPE_VENDOR= mit
CPE_VERSION= 5-${PORTVERSION}
CPE_PRODUCT= kerberos
OPTIONS_DEFINE= EXAMPLES NLS DNS_FOR_REALM LDAP
OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE
OPTIONS_RADIO= CMD_LINE_EDITING
OPTIONS_RADIO_CMD_LINE_EDITING= READLINE READLINE_PORT LIBEDIT
CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil
DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names
DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm
LDAP= Enable LDAP support
LDAP_USE= OPENLDAP=yes
LDAP_CONFIGURE_WITH= ldap
NLS_USES= gettext
READLINE_USES= readline
READLINE_PORT_DESC= Command line editing via devel/readline
READLINE_PORT_USES= readline:port
LIBEDIT_USES= libedit
LIBEDIT_CONFIGURE_WITH= libedit
.if defined(KRB5_HOME)
PREFIX= ${KRB5_HOME}
.endif
CPPFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
USE_RC_SUBR= kpropd
OPTIONS_SUB= yes
WRKSRC= ${WRKDIR}/${PORTNAME}-${HASH}
WRKSRC_SUBDIR= src
PORTEXAMPLES= kdc.conf krb5.conf services.append
.include <bsd.port.options.mk>
# Fix up -Wl,-rpath in LDFLAGS
.if !empty(KRB5_HOME)
_RPATH= ${KRB5_HOME}/lib:
.else
_RPATH= ${LOCALBASE}/lib:
.endif
.if !empty(LDFLAGS:M-Wl,-rpath,*)
.for F in ${LDFLAGS:M-Wl,-rpath,*}
LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \
${LDFLAGS:N-Wl,-rpath,*}
.endfor
.endif
.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE}
BROKEN= LIB_DEPENDS when using KRB5_HOME is broken
.endif
# OPTIONS helper causes conflicting with/without
.if ${PORT_OPTIONS:MREADLINE} || ${PORT_OPTIONS:MREADLINE_PORT}
CONFIGURE_ARGS+= --with-readline
.else
CONFIGURE_ARGS+= --without-readline
.endif
.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}"
.endif
.include <bsd.port.pre.mk>
post-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5
${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST}
post-install-LDAP-on:
${MKDIR} ${STAGEDIR}${DATADIR}
${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \
${STAGEDIR}${DATADIR}
${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \
${STAGEDIR}${DATADIR}
.include <bsd.port.post.mk>

3
security/krb5-devel/distinfo Normal file
View File

@ -0,0 +1,3 @@
TIMESTAMP = 1499742599
SHA256 (krb5-krb5-1.16-83d47cd_GH0.tar.gz) = e436492bfc9ca07c64188075a92817bb4c5a09f94d2f5e0b67fe55c93093c127
SIZE (krb5-krb5-1.16-83d47cd_GH0.tar.gz) = 6094576

28
security/krb5-devel/files/kpropd.in Normal file
View File

@ -0,0 +1,28 @@
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: kpropd
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# kpropd_enable (bool): Set to NO by default.
# Set it to YES to enable kpropd.
# kpropd_flags (str): Set to "" by default.
. /etc/rc.subr
name=kpropd
rcvar=kpropd_enable
load_rc_config $name
: ${kpropd_enable:="NO"}
: ${kpropd_flags=""}
command=%%PREFIX%%/sbin/${name}
run_rc_command "$1"

18
security/krb5-devel/files/patch-clients__ksu__Makefile.in Normal file
View File

@ -0,0 +1,18 @@
--- clients/ksu/Makefile.in.orig 2014-01-15 16:44:15.000000000 -0800
+++ clients/ksu/Makefile.in 2014-05-05 20:51:51.925985974 -0700
@@ -1,6 +1,6 @@
mydir=clients$(S)ksu
BUILDTOP=$(REL)..$(S)..
-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' -DDEBUG
KSU_LIBS=@KSU_LIBS@
@@ -30,6 +30,6 @@
install::
-for f in ksu; do \
- $(INSTALL_SETUID) $$f \
+ $(INSTALL_PROGRAM) $$f \
$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
done

23
security/krb5-devel/files/patch-config__pre.in Normal file
View File

@ -0,0 +1,23 @@
--- config/pre.in.orig 2014-10-15 16:55:10.000000000 -0700
+++ config/pre.in 2015-02-04 12:43:45.693875606 -0800
@@ -178,9 +178,9 @@
INSTALL=@INSTALL@
INSTALL_STRIP=
INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
-INSTALL_SCRIPT=@INSTALL_PROGRAM@
+INSTALL_SCRIPT=@INSTALL_SCRIPT@
INSTALL_DATA=@INSTALL_DATA@
-INSTALL_SHLIB=@INSTALL_SHLIB@
+INSTALL_SHLIB=$(INSTALL_LIB)
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
## This is needed because autoconf will sometimes define @exec_prefix@ to be
## ${prefix}.
@@ -197,7 +197,7 @@
ADMIN_BINDIR = @sbindir@
SERVER_BINDIR = @sbindir@
CLIENT_BINDIR =@bindir@
-PKGCONFIG_DIR = @libdir@/pkgconfig
+PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig
ADMIN_MANDIR = $(KRB5MANROOT)/man8
SERVER_MANDIR = $(KRB5MANROOT)/man8
CLIENT_MANDIR = $(KRB5MANROOT)/man1

22
security/krb5-devel/files/patch-config__shlib.conf Normal file
View File

@ -0,0 +1,22 @@
--- config/shlib.conf.orig 2015-05-08 16:27:02.000000000 -0700
+++ config/shlib.conf 2015-10-20 21:54:39.834348929 -0700
@@ -320,14 +320,15 @@
PICFLAGS=-fpic
;;
esac
- SHLIBVEXT='.so.$(LIBMAJOR)'
- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
+ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+ SHLIBSEXT='.so.$(LIBMAJOR)'
+ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
+ RPATH_FLAG='-Wl,-rpath -Wl,'
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
+ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'

75
security/krb5-devel/files/patch-lib-krb5-os-localaddr.c Normal file
View File

@ -0,0 +1,75 @@
--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700
+++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700
@@ -175,6 +175,7 @@
}
#endif
+#if 0
static int
is_loopback_address(struct sockaddr *sa)
{
@@ -191,6 +192,7 @@
return 0;
}
}
+#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
@@ -467,12 +469,14 @@
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#if 0
if (is_loopback_address(ifp->ifa_addr)) {
/* Pretend it's not up, so the second pass will skip
it. */
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#endif
/* If this address is a duplicate, punt. */
match = 0;
for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
@@ -601,11 +605,13 @@
}
/*@=moduncon@*/
+#if 0
/* None of the current callers want loopback addresses. */
if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.lifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -772,11 +778,13 @@
}
/*@=moduncon@*/
+#if 0
/* None of the current callers want loopback addresses. */
if (is_loopback_address(&lifr->iflr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.iflr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -987,11 +995,13 @@
}
/*@=moduncon@*/
+#if 0
/* None of the current callers want loopback addresses. */
if (is_loopback_address(&ifreq.ifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
+#endif
/* Ignore interfaces that are down. */
if ((ifreq.ifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));

14
security/krb5-devel/files/patch-lib__gssapi__krb5__import_name.c Normal file
View File

@ -0,0 +1,14 @@
--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005
+++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005
@@ -33,6 +33,11 @@
#endif
#endif
+#include <sys/param.h>
+#if __FreeBSD_version < 500100
+#include <stdio.h>
+#endif
+
#ifdef HAVE_STRING_H
#include <string.h>
#else

20
security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c Normal file
View File

@ -0,0 +1,20 @@
--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2016-12-01 22:31:25 UTC
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err);
(*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* 1.1 standardizes constructor and destructor names, renaming
* EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
@@ -3059,7 +3059,7 @@ cleanup:
return retval;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
/*
* We need to decode DomainParameters from RFC 3279 section 2.3.3. We would

11
security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h Normal file
View File

@ -0,0 +1,11 @@
--- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2016-12-01 22:31:25 UTC
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.h
@@ -46,7 +46,7 @@
#include <openssl/asn1.h>
#include <openssl/pem.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_VERSION_NUMBER)
#include <openssl/asn1t.h>
#else
#include <openssl/asn1_mac.h>

24
security/krb5-devel/pkg-descr Normal file
View File

@ -0,0 +1,24 @@
Kerberos V5 is an authentication system developed at MIT.
WWW: http://web.mit.edu/kerberos/
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>

169
security/krb5-devel/pkg-plist Normal file
View File

@ -0,0 +1,169 @@
bin/compile_et
bin/gss-client
bin/k5srvutil
bin/kadmin
bin/kdestroy
bin/kinit
bin/klist
bin/kpasswd
bin/krb5-config
@mode 04755
@owner root
@group wheel
bin/ksu
@mode
@owner root
@group wheel
bin/kswitch
bin/ktutil
bin/kvno
bin/sclient
bin/sim_client
bin/uuclient
include/com_err.h
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth.h
include/gssrpc/auth_gss.h
include/gssrpc/auth_gssapi.h
include/gssrpc/auth_unix.h
include/gssrpc/clnt.h
include/gssrpc/netdb.h
include/gssrpc/pmap_clnt.h
include/gssrpc/pmap_prot.h
include/gssrpc/pmap_rmt.h
include/gssrpc/rename.h
include/gssrpc/rpc.h
include/gssrpc/rpc_msg.h
include/gssrpc/svc.h
include/gssrpc/svc_auth.h
include/gssrpc/types.h
include/gssrpc/xdr.h
include/krad.h
include/krb5.h
include/krb5/ccselect_plugin.h
include/krb5/certauth_plugin.h
include/krb5/clpreauth_plugin.h
include/krb5/hostrealm_plugin.h
include/krb5/kadm5_hook_plugin.h
include/krb5/kdcpreauth_plugin.h
include/krb5/localauth_plugin.h
include/krb5/krb5.h
include/krb5/locate_plugin.h
include/krb5/plugin.h
include/krb5/pwqual_plugin.h
include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
include/kadm5/kadm_err.h
include/kdb.h
include/krb5/preauth_plugin.h
include/profile.h
include/verto-module.h
include/verto.h
lib/libcom_err.so
lib/libcom_err.so.3
lib/libcom_err.so.3.0
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
lib/libgssapi_krb5.so.2.2
lib/libgssrpc.so
lib/libgssrpc.so.4
lib/libgssrpc.so.4.2
lib/libk5crypto.so
lib/libk5crypto.so.3
lib/libk5crypto.so.3.1
lib/libkadm5clnt.so
lib/libkadm5clnt_mit.so
lib/libkadm5clnt_mit.so.11
lib/libkadm5clnt_mit.so.11.0
lib/libkadm5srv.so
lib/libkadm5srv_mit.so
lib/libkadm5srv_mit.so.11
lib/libkadm5srv_mit.so.11.0
lib/libkdb5.so
lib/libkdb5.so.9
lib/libkdb5.so.9.0
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5.so.3.3
lib/libkrb5support.so
lib/libkrb5support.so.0
lib/libkrb5support.so.0.1
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/tls/k5tls.so
%%LDAP%%lib/krb5/plugins/kdb/kldap.so
lib/krb5/plugins/preauth/otp.so
lib/krb5/plugins/preauth/pkinit.so
lib/krb5/plugins/preauth/test.so
%%LDAP%%lib/libkdb_ldap.so
%%LDAP%%lib/libkdb_ldap.so.1
%%LDAP%%lib/libkdb_ldap.so.1.0
lib/libkrad.so
lib/libkrad.so.0
lib/libkrad.so.0.0
lib/libverto.so
lib/libverto.so.0
lib/libverto.so.0.0
libdata/pkgconfig/gssrpc.pc
libdata/pkgconfig/kadm-client.pc
libdata/pkgconfig/kadm-server.pc
libdata/pkgconfig/kdb.pc
libdata/pkgconfig/krb5-gssapi.pc
libdata/pkgconfig/krb5.pc
libdata/pkgconfig/mit-krb5-gssapi.pc
libdata/pkgconfig/mit-krb5.pc
man/man1/k5srvutil.1.gz
man/man1/kadmin.1.gz
man/man1/krb5-config.1.gz
man/man1/kpasswd.1.gz
man/man1/klist.1.gz
man/man1/kinit.1.gz
man/man1/kdestroy.1.gz
man/man1/kswitch.1.gz
man/man1/ksu.1.gz
man/man1/ktutil.1.gz
man/man1/sclient.1.gz
man/man1/kvno.1.gz
man/man1/compile_et.1.gz
man/man5/kadm5.acl.5.gz
man/man5/kdc.conf.5.gz
man/man5/krb5.conf.5.gz
man/man5/.k5identity.5.gz
man/man5/.k5login.5.gz
man/man5/k5identity.5.gz
man/man5/k5login.5.gz
man/man8/krb5kdc.8.gz
man/man8/kadmin.local.8.gz
man/man8/kdb5_ldap_util.8.gz
man/man8/kdb5_util.8.gz
man/man8/kadmind.8.gz
man/man8/kprop.8.gz
man/man8/kpropd.8.gz
man/man8/kproplog.8.gz
man/man8/sserver.8.gz
sbin/gss-server
sbin/kadmin.local
sbin/kadmind
%%LDAP%%sbin/kdb5_ldap_util
sbin/kdb5_util
sbin/kprop
sbin/kpropd
sbin/kproplog
sbin/krb5-send-pr
sbin/krb5kdc
sbin/sim_server
sbin/sserver
sbin/uuserver
share/et/et_c.awk
share/et/et_h.awk
%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo
%%LDAP%%%%DATADIR%%/kerberos.schema
%%LDAP%%%%DATADIR%%/kerberos.ldif
@dir lib/krb5/plugins/authdata
@dir lib/krb5/plugins/libkrb5
@dir var/run/krb5kdc
@dir var/krb5kdc