cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Welcome the new Kerberos V 1.7.

Browse Source 
PR:		138246
This commit is contained in:
Cy Schubert 2009-08-28 23:35:15 +00:00
parent 4afd96b25b
commit e7a3c62a9f
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=240488
26 changed files with 164 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
security/krb5-17/Makefile
View File

@ -6,15 +6,12 @@
#
PORTNAME= krb5
PORTVERSION= 1.6.3
PORTREVISION= 5
PORTVERSION= 1.7
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
EXTRACT_SUFX= .tar
PATCHFILES= 2008-001-patch.txt
PATCH_DIST_STRIP= -p1
MAINTAINER= cy@FreeBSD.org
COMMENT= An authentication system developed at MIT, successor to Kerberos IV
@ -51,7 +48,7 @@ OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \
.if defined(WITH_KRB5_DOC)
BUILD_DEPENDS+= texi2dvi:${PORTSDIR}/print/texinfo \
dvips:${PORTSDIR}/print/dvipsk-tetex
INFO= krb425 krb5-admin krb5-install krb5-user
INFO= krb5-admin krb5-install krb5-user
.endif
.if !defined(WITH_KRB5_KRB4_COMPAT)
@ -65,17 +62,14 @@ PLIST_SUB+= KRB4=""
PREFIX= ${KRB5_HOME}
.endif
MAN1= krb5-send-pr.1 krb5-config.1 kpasswd.1 klist.1 \
kinit.1 kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 \
rlogin.1 ftp.1 telnet.1 kerberos.1 kvno.1 compile_et.1
MAN1= k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \
kerberos.1 kvno.1 compile_et.1
MAN5= kdc.conf.5 krb5.conf.5 .k5login.5
MAN8= krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \
ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \
kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 \
k5srvutil.8
.if defined(WITH_KRB5_KRB4_COMPAT)
MAN8+= krb524d.8
.endif
MAN8= krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \
klogind.8 login.krb5.8 ftpd.8 telnetd.8
.if defined(WITH_KRB5_RENAME_FTP)
MAN1:= ${MAN1:C/ftp/kftp/}
@ -119,10 +113,6 @@ PLIST_SUB+= RCP_PROG="krcp"
PLIST_SUB+= RCP_PROG="rcp"
.endif
.if defined(WITH_KRB5_KRB4_COMPAT)
MAN1+= krb524init.1 v4rcp.1
.endif
.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}"
.endif
@ -131,7 +121,7 @@ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc
HTML_DOCS= ftp.html kdestroy.html kinit.html klist.html \
kpasswd.html krb425.html krb5-admin.html \
kpasswd.html krb5-admin.html \
krb5-install.html krb5-user.html ksu.html \
rcp.html rlogin.html rsh.html telnet.html

9
security/krb5-17/distinfo
View File

@ -1,6 +1,3 @@
MD5 (krb5-1.6.3-signed.tar) = 2dc1307686eb1c2bf1ab08ea805dad46
SHA256 (krb5-1.6.3-signed.tar) = 7a1bd7d4bd326828c8ee382ed2b69ccd6c58762601df897d6a32169d84583d2a
SIZE (krb5-1.6.3-signed.tar) = 11909120
MD5 (2008-001-patch.txt) = 3bbb7a6a7738c086f5d5dfcf09da9cbb
SHA256 (2008-001-patch.txt) = 4d02be765ff12d21ddf1cfa170e5ff4067e9c364a401d7e06ece329566139736
SIZE (2008-001-patch.txt) = 10854
MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564
SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5
SIZE (krb5-1.7-signed.tar) = 12226560

13
security/krb5-17/files/patch-af
View File

@ -1,13 +0,0 @@
--- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998
+++ krb425.texinfo Fri Jun 19 15:13:45 1998
@@ -5,6 +5,10 @@
@c guide
@setfilename krb425.info
@settitle Upgrading to Kerberos V5 from Kerberos V4
+@dircategory Kerberos V5
+@direntry
+* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5
+@end direntry
@c @setchapternewpage odd @c chapter begins on next odd page
@c @setchapternewpage on @c chapter begins on next page
@c @smallbook @c Format for 7" X 9.25" paper

11
security/krb5-17/files/patch-ai
View File

@ -15,14 +15,3 @@
addrlen = sizeof (his_addr);
if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
@@ -2312,6 +2318,10 @@
if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
&kdata.session,&ctrl_addr, &his_addr)) == -1) {
secure_error("ADAT: krb_mk_safe failed");
+ return(0);
+ }
+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
+ secure_error("ADAT: reply too long");
return(0);
}
if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {

27
security/krb5-17/files/patch-appl::bsd::klogind.M
View File

@ -1,7 +1,7 @@
--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
+++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
@@ -14,7 +14,7 @@
.B \-kr54cpPef
--- appl/bsd/klogind.M.orig 2008-12-15 12:29:01.000000000 -0800
+++ appl/bsd/klogind.M 2009-08-28 13:13:28.000000000 -0700
@@ -13,7 +13,7 @@
.B \-rcpPef
]
[[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
-[ \fB\-D\fP \fIport\fP ]
@ -9,27 +9,18 @@
.SH DESCRIPTION
.I Klogind
is the server for the
@@ -107,6 +108,10 @@
Beta5 (May 1995)--present bogus checksums that prevent Kerberos
authentication from succeeding in the default mode.
+.IP \fB\-L\ loginpath\fP
+Specify pathname to an alternative login program. Default: /usr/bin/login.
+KRB5_HOME/sbin/login.krb5 may be specified.
+
.PP
If the
@@ -157,12 +162,6 @@
@@ -136,11 +136,9 @@
.IP \fB\-M\ realm\fP
Set the Kerberos realm to use.
-
-.IP \fB\-L\ login\fP
-Set the login program to use. This option only has an effect if
-DO_NOT_USE_K_LOGIN was not defined when
-.I klogind
-was compiled.
+.IP \fB\-L\ loginpath\fP
+Specify pathname to an alternative login program. Default: /usr/bin/login.
+KRB5_HOME/sbin/login.krb5 may be specified.
.IP \fB\-D\ port\fP
Run in standalone mode, listening on \fBport\fP. The daemon will exit

14
security/krb5-17/files/patch-at
View File

@ -1,14 +0,0 @@
*** include/syslog.h.ORIG Fri Feb 6 19:42:12 1998
--- include/syslog.h Tue Jun 30 19:46:02 1998
***************
*** 34,39 ****
--- 34,42 ----
#define LOG_LPR (6<<3) /* line printer subsystem */
#define LOG_NEWS (7<<3) /* network news subsystem */
#define LOG_UUCP (8<<3) /* UUCP subsystem */
+ #if (defined(BSD) && (BSD >= 199306))
+ #define LOG_FTP (11<<3) /* ftp daemon */
+ #endif
/* other codes through 15 reserved for system use */
#define LOG_LOCAL0 (16<<3) /* reserved for local use */
#define LOG_LOCAL1 (17<<3) /* reserved for local use */

5
security/krb5-17/files/patch-ay
View File

@ -1,8 +1,9 @@
--- appl/libpty/getpty.c.orig Wed Jan 9 14:28:37 2002
+++ appl/libpty/getpty.c Thu Jan 10 21:30:40 2002
@@ -24,13 +24,26 @@
@@ -24,14 +24,27 @@
#include "libpty.h"
#include "pty-int.h"
#include "k5-platform.h"
+#ifdef __FreeBSD__
+#define PTYCHARS1 "pqrsPQRS"
@ -35,7 +36,7 @@
} else {
- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
sprintf(slavebuf,"/dev/ptyXX");
snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
- slavebuf[sizeof("/dev/pty") - 1] = *cp;
+ slavebuf[sizeof("/dev/pty") - 1] = *cp1;
slavebuf[sizeof("/dev/ptyp") - 1] = '0';

18
security/krb5-17/files/patch-config::shlib.conf
View File

@ -1,6 +1,6 @@
--- config/shlib.conf.orig Mon Oct 23 05:20:11 2006
+++ config/shlib.conf Wed Mar 28 17:17:55 2007
@@ -258,22 +258,15 @@
--- config/shlib.conf.orig 2008-12-08 14:33:07.000000000 -0800
+++ config/shlib.conf 2009-08-28 13:27:39.000000000 -0700
@@ -299,24 +299,17 @@
;;
*-*-freebsd*)
@ -12,8 +12,8 @@
- PICFLAGS=-fpic
- if test "x$objformat" = "xelf" ; then
+ case $krb5_cv_host in
+ sparc64-*) PICFLAGS=-fPIC;;
+ *) PICFLAGS=-fpic;;
+ sparc64-*) PICFLAGS=-fPIC;;
+ *) PICFLAGS=-fpic;;
+ esac
SHLIBVEXT='.so.$(LIBMAJOR)'
+ LDCOMBINE="libtool --mode=link cc -shared"
@ -22,9 +22,11 @@
- RPATH_FLAG=-R
- SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
- fi
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'

66
security/krb5-17/files/patch-lib-krb5-os-localaddr.c
View File

@ -1,75 +1,75 @@
--- lib/krb5/os/localaddr.c.orig Wed Apr 13 09:55:43 2005
+++ lib/krb5/os/localaddr.c Sun Jul 16 09:29:05 2006
@@ -436,12 +436,14 @@
--- lib/krb5/os/localaddr.c.orig 2009-02-18 10:14:48.000000000 -0800
+++ lib/krb5/os/localaddr.c 2009-08-28 13:37:41.000000000 -0700
@@ -173,6 +173,7 @@
}
#endif
if ((ifp->ifa_flags & IFF_UP) == 0)
continue;
+#if 0
if (ifp->ifa_flags & IFF_LOOPBACK) {
static int
is_loopback_address(struct sockaddr *sa)
{
@@ -189,6 +190,7 @@
return 0;
}
}
+#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
@@ -464,12 +466,14 @@
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#if 0
if (is_loopback_address(ifp->ifa_addr)) {
/* Pretend it's not up, so the second pass will skip
it. */
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#endif
if (ifp->ifa_addr == NULL) {
/* Can't use an interface without an address. Linux
apparently does this sometimes. [RT ticket 1770 from
@@ -459,8 +461,10 @@
/* If this address is a duplicate, punt. */
match = 0;
for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
if ((ifp2->ifa_flags & IFF_UP) == 0)
continue;
+#if 0
if (ifp2->ifa_flags & IFF_LOOPBACK)
continue;
+#endif
if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
match = 1;
ifp->ifa_flags &= ~IFF_UP;
@@ -583,6 +587,7 @@
@@ -598,11 +602,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (lifreq.lifr_flags & IFF_LOOPBACK) {
@@ -590,6 +595,7 @@
if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
#endif
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.lifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -755,6 +761,7 @@
@@ -769,11 +775,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (lifreq.iflr_flags & IFF_LOOPBACK) {
@@ -762,6 +769,7 @@
if (is_loopback_address(&lifr->iflr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
#endif
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.iflr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -971,12 +979,14 @@
@@ -984,11 +992,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (ifreq.ifr_flags & IFF_LOOPBACK) {
if (is_loopback_address(&ifreq.ifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
+#endif
#endif
/* Ignore interfaces that are down. */
if ((ifreq.ifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));

24
security/krb5-17/files/patch-lib-rpc-svc.c
View File

@ -1,24 +0,0 @@
=== lib/rpc/svc.c
==================================================================
--- lib/rpc/svc.c (revision 1666)
+++ lib/rpc/svc.c (local)
@@ -109,15 +109,17 @@
if (sock < FD_SETSIZE) {
xports[sock] = xprt;
FD_SET(sock, &svc_fdset);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#else
if (sock < NOFILE) {
xports[sock] = xprt;
svc_fds |= (1 << sock);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#endif /* def FD_SETSIZE */
- if (sock > svc_maxfd)
- svc_maxfd = sock;
}
/*

51
security/krb5-17/files/patch-lib-rpc-svc_tcp.c
View File

@ -1,51 +0,0 @@
=== lib/rpc/svc_tcp.c
==================================================================
--- lib/rpc/svc_tcp.c (revision 1666)
+++ lib/rpc/svc_tcp.c (local)
@@ -54,6 +54,14 @@
extern errno;
*/
+#ifndef FD_SETSIZE
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+#endif
+
/*
* Ops vector for TCP/IP based rpc service handle
*/
@@ -215,6 +223,19 @@
register SVCXPRT *xprt;
register struct tcp_conn *cd;
+#ifdef FD_SETSIZE
+ if (fd >= FD_SETSIZE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#else
+ if (fd >= NOFILE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#endif
xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
if (xprt == (SVCXPRT *)NULL) {
(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
@@ -271,6 +292,10 @@
* make a new transporter (re-uses xprt)
*/
xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+ if (xprt == NULL) {
+ close(sock);
+ return (FALSE);
+ }
xprt->xp_raddr = addr;
xprt->xp_addrlen = len;
xprt->xp_laddr = laddr;

11
security/krb5-17/files/patch-plugins-preauth-pkinit-Makefile.in
View File

@ -1,11 +0,0 @@
--- plugins/preauth/pkinit/Makefile.in.orig 2007-09-28 18:02:10.000000000 -0700
+++ plugins/preauth/pkinit/Makefile.in 2007-10-29 07:03:24.000000000 -0700
@@ -21,7 +21,7 @@
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
$(TOPLIBD)/libkrb5$(SHLIBEXT)
LIBS+= -lcrypto
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -ldl $(SUPPORT_LIB) $(LIBS)
+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)

32
security/krb5-17/pkg-plist
View File

@ -1,13 +1,15 @@
bin/compile_et
bin/%%FTP_PROG%%
bin/gss-client
bin/k5srvutil
bin/kadmin
bin/kdestroy
bin/kinit
bin/klist
bin/kpasswd
bin/krb5-config
%%KRB4%%bin/krb524init
bin/ksu
bin/ktutil
bin/kvno
bin/%%RCP_PROG%%
bin/%%RLOGIN_PROG%%
@ -16,10 +18,10 @@ bin/sclient
bin/sim_client
bin/%%TELNET_PROG%%
bin/uuclient
%%KRB4%%bin/v4rcp
include/com_err.h
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
@ -39,19 +41,16 @@ include/gssrpc/svc.h
include/gssrpc/svc_auth.h
include/gssrpc/types.h
include/gssrpc/xdr.h
%%KRB4%%include/kerberosIV/des.h
%%KRB4%%include/kerberosIV/kadm_err.h
%%KRB4%%include/kerberosIV/krb.h
%%KRB4%%include/kerberosIV/krb_err.h
%%KRB4%%include/kerberosIV/mit-copyright.h
include/krb5.h
include/krb5/krb5.h
include/krb5/locate_plugin.h
include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
include/kadm5/kadm_err.h
include/kdb.h
include/profile.h
lib/libcom_err.so
lib/libcom_err.so.3
lib/libdes425.so
lib/libdes425.so.3
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
lib/libgssrpc.so
@ -59,34 +58,30 @@ lib/libgssrpc.so.4
lib/libk5crypto.so
lib/libk5crypto.so.3
lib/libkadm5clnt.so
lib/libkadm5clnt.so.5
lib/libkadm5clnt.so.6
lib/libkadm5srv.so
lib/libkadm5srv.so.5
lib/libkadm5srv.so.6
lib/libkdb5.so
lib/libkdb5.so.4
%%KRB4%%lib/libkrb4.so
%%KRB4%%lib/libkrb4.so.2
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5support.so
lib/libkrb5support.so.0
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/encrypted_challenge.so
lib/krb5/plugins/preauth/pkinit.so
sbin/%%FTP_PROG%%d
sbin/gss-server
sbin/k5srvutil
sbin/kadmin
sbin/kadmin.local
sbin/kadmind
sbin/kdb5_util
sbin/klogind
sbin/kprop
sbin/kpropd
sbin/kproplog
sbin/krb5-send-pr
%%KRB4%%sbin/krb524d
sbin/krb5kdc
sbin/kshd
sbin/ktutil
sbin/login.krb5
sbin/sim_server
sbin/sserver
@ -102,12 +97,13 @@ share/gnats/mit
@dirrm lib/krb5/plugins/preauth
@dirrm lib/krb5/plugins/libkrb5
@dirrm lib/krb5/plugins/kdb
@dirrm lib/krb5/plugins/authdata
@dirrm lib/krb5/plugins
@dirrm lib/krb5
@dirrm include/gssapi
@dirrm include/gssrpc
@dirrm include/kerberosIV
@dirrm include/krb5
@dirrm include/kadm5
@dirrm share/et
@dirrmtry share/gnats
@dirrm share/examples/krb5

30
security/krb5-appl/Makefile
View File

@ -6,15 +6,12 @@
#
PORTNAME= krb5
PORTVERSION= 1.6.3
PORTREVISION= 5
PORTVERSION= 1.7
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
EXTRACT_SUFX= .tar
PATCHFILES= 2008-001-patch.txt
PATCH_DIST_STRIP= -p1
MAINTAINER= cy@FreeBSD.org
COMMENT= An authentication system developed at MIT, successor to Kerberos IV
@ -51,7 +48,7 @@ OPTIONS= KRB5_RENAME_FTP "Rename ftp to kftp" off \
.if defined(WITH_KRB5_DOC)
BUILD_DEPENDS+= texi2dvi:${PORTSDIR}/print/texinfo \
dvips:${PORTSDIR}/print/dvipsk-tetex
INFO= krb425 krb5-admin krb5-install krb5-user
INFO= krb5-admin krb5-install krb5-user
.endif
.if !defined(WITH_KRB5_KRB4_COMPAT)
@ -65,17 +62,14 @@ PLIST_SUB+= KRB4=""
PREFIX= ${KRB5_HOME}
.endif
MAN1= krb5-send-pr.1 krb5-config.1 kpasswd.1 klist.1 \
kinit.1 kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 \
rlogin.1 ftp.1 telnet.1 kerberos.1 kvno.1 compile_et.1
MAN1= k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \
kerberos.1 kvno.1 compile_et.1
MAN5= kdc.conf.5 krb5.conf.5 .k5login.5
MAN8= krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \
ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \
kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 \
k5srvutil.8
.if defined(WITH_KRB5_KRB4_COMPAT)
MAN8+= krb524d.8
.endif
MAN8= krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \
klogind.8 login.krb5.8 ftpd.8 telnetd.8
.if defined(WITH_KRB5_RENAME_FTP)
MAN1:= ${MAN1:C/ftp/kftp/}
@ -119,10 +113,6 @@ PLIST_SUB+= RCP_PROG="krcp"
PLIST_SUB+= RCP_PROG="rcp"
.endif
.if defined(WITH_KRB5_KRB4_COMPAT)
MAN1+= krb524init.1 v4rcp.1
.endif
.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}"
.endif
@ -131,7 +121,7 @@ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc
HTML_DOCS= ftp.html kdestroy.html kinit.html klist.html \
kpasswd.html krb425.html krb5-admin.html \
kpasswd.html krb5-admin.html \
krb5-install.html krb5-user.html ksu.html \
rcp.html rlogin.html rsh.html telnet.html

9
security/krb5-appl/distinfo
View File

@ -1,6 +1,3 @@
MD5 (krb5-1.6.3-signed.tar) = 2dc1307686eb1c2bf1ab08ea805dad46
SHA256 (krb5-1.6.3-signed.tar) = 7a1bd7d4bd326828c8ee382ed2b69ccd6c58762601df897d6a32169d84583d2a
SIZE (krb5-1.6.3-signed.tar) = 11909120
MD5 (2008-001-patch.txt) = 3bbb7a6a7738c086f5d5dfcf09da9cbb
SHA256 (2008-001-patch.txt) = 4d02be765ff12d21ddf1cfa170e5ff4067e9c364a401d7e06ece329566139736
SIZE (2008-001-patch.txt) = 10854
MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564
SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5
SIZE (krb5-1.7-signed.tar) = 12226560

13
security/krb5-appl/files/patch-af
View File

@ -1,13 +0,0 @@
--- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998
+++ krb425.texinfo Fri Jun 19 15:13:45 1998
@@ -5,6 +5,10 @@
@c guide
@setfilename krb425.info
@settitle Upgrading to Kerberos V5 from Kerberos V4
+@dircategory Kerberos V5
+@direntry
+* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5
+@end direntry
@c @setchapternewpage odd @c chapter begins on next odd page
@c @setchapternewpage on @c chapter begins on next page
@c @smallbook @c Format for 7" X 9.25" paper

11
security/krb5-appl/files/patch-ai
View File

@ -15,14 +15,3 @@
addrlen = sizeof (his_addr);
if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
@@ -2312,6 +2318,10 @@
if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
&kdata.session,&ctrl_addr, &his_addr)) == -1) {
secure_error("ADAT: krb_mk_safe failed");
+ return(0);
+ }
+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
+ secure_error("ADAT: reply too long");
return(0);
}
if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {

27
security/krb5-appl/files/patch-appl::bsd::klogind.M
View File

@ -1,7 +1,7 @@
--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
+++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
@@ -14,7 +14,7 @@
.B \-kr54cpPef
--- appl/bsd/klogind.M.orig 2008-12-15 12:29:01.000000000 -0800
+++ appl/bsd/klogind.M 2009-08-28 13:13:28.000000000 -0700
@@ -13,7 +13,7 @@
.B \-rcpPef
]
[[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
-[ \fB\-D\fP \fIport\fP ]
@ -9,27 +9,18 @@
.SH DESCRIPTION
.I Klogind
is the server for the
@@ -107,6 +108,10 @@
Beta5 (May 1995)--present bogus checksums that prevent Kerberos
authentication from succeeding in the default mode.
+.IP \fB\-L\ loginpath\fP
+Specify pathname to an alternative login program. Default: /usr/bin/login.
+KRB5_HOME/sbin/login.krb5 may be specified.
+
.PP
If the
@@ -157,12 +162,6 @@
@@ -136,11 +136,9 @@
.IP \fB\-M\ realm\fP
Set the Kerberos realm to use.
-
-.IP \fB\-L\ login\fP
-Set the login program to use. This option only has an effect if
-DO_NOT_USE_K_LOGIN was not defined when
-.I klogind
-was compiled.
+.IP \fB\-L\ loginpath\fP
+Specify pathname to an alternative login program. Default: /usr/bin/login.
+KRB5_HOME/sbin/login.krb5 may be specified.
.IP \fB\-D\ port\fP
Run in standalone mode, listening on \fBport\fP. The daemon will exit

14
security/krb5-appl/files/patch-at
View File

@ -1,14 +0,0 @@
*** include/syslog.h.ORIG Fri Feb 6 19:42:12 1998
--- include/syslog.h Tue Jun 30 19:46:02 1998
***************
*** 34,39 ****
--- 34,42 ----
#define LOG_LPR (6<<3) /* line printer subsystem */
#define LOG_NEWS (7<<3) /* network news subsystem */
#define LOG_UUCP (8<<3) /* UUCP subsystem */
+ #if (defined(BSD) && (BSD >= 199306))
+ #define LOG_FTP (11<<3) /* ftp daemon */
+ #endif
/* other codes through 15 reserved for system use */
#define LOG_LOCAL0 (16<<3) /* reserved for local use */
#define LOG_LOCAL1 (17<<3) /* reserved for local use */

5
security/krb5-appl/files/patch-ay
View File

@ -1,8 +1,9 @@
--- appl/libpty/getpty.c.orig Wed Jan 9 14:28:37 2002
+++ appl/libpty/getpty.c Thu Jan 10 21:30:40 2002
@@ -24,13 +24,26 @@
@@ -24,14 +24,27 @@
#include "libpty.h"
#include "pty-int.h"
#include "k5-platform.h"
+#ifdef __FreeBSD__
+#define PTYCHARS1 "pqrsPQRS"
@ -35,7 +36,7 @@
} else {
- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
sprintf(slavebuf,"/dev/ptyXX");
snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
- slavebuf[sizeof("/dev/pty") - 1] = *cp;
+ slavebuf[sizeof("/dev/pty") - 1] = *cp1;
slavebuf[sizeof("/dev/ptyp") - 1] = '0';

18
security/krb5-appl/files/patch-config::shlib.conf
View File

@ -1,6 +1,6 @@
--- config/shlib.conf.orig Mon Oct 23 05:20:11 2006
+++ config/shlib.conf Wed Mar 28 17:17:55 2007
@@ -258,22 +258,15 @@
--- config/shlib.conf.orig 2008-12-08 14:33:07.000000000 -0800
+++ config/shlib.conf 2009-08-28 13:27:39.000000000 -0700
@@ -299,24 +299,17 @@
;;
*-*-freebsd*)
@ -12,8 +12,8 @@
- PICFLAGS=-fpic
- if test "x$objformat" = "xelf" ; then
+ case $krb5_cv_host in
+ sparc64-*) PICFLAGS=-fPIC;;
+ *) PICFLAGS=-fpic;;
+ sparc64-*) PICFLAGS=-fPIC;;
+ *) PICFLAGS=-fpic;;
+ esac
SHLIBVEXT='.so.$(LIBMAJOR)'
+ LDCOMBINE="libtool --mode=link cc -shared"
@ -22,9 +22,11 @@
- RPATH_FLAG=-R
- SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
- fi
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'

66
security/krb5-appl/files/patch-lib-krb5-os-localaddr.c
View File

@ -1,75 +1,75 @@
--- lib/krb5/os/localaddr.c.orig Wed Apr 13 09:55:43 2005
+++ lib/krb5/os/localaddr.c Sun Jul 16 09:29:05 2006
@@ -436,12 +436,14 @@
--- lib/krb5/os/localaddr.c.orig 2009-02-18 10:14:48.000000000 -0800
+++ lib/krb5/os/localaddr.c 2009-08-28 13:37:41.000000000 -0700
@@ -173,6 +173,7 @@
}
#endif
if ((ifp->ifa_flags & IFF_UP) == 0)
continue;
+#if 0
if (ifp->ifa_flags & IFF_LOOPBACK) {
static int
is_loopback_address(struct sockaddr *sa)
{
@@ -189,6 +190,7 @@
return 0;
}
}
+#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
@@ -464,12 +466,14 @@
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#if 0
if (is_loopback_address(ifp->ifa_addr)) {
/* Pretend it's not up, so the second pass will skip
it. */
ifp->ifa_flags &= ~IFF_UP;
continue;
}
+#endif
if (ifp->ifa_addr == NULL) {
/* Can't use an interface without an address. Linux
apparently does this sometimes. [RT ticket 1770 from
@@ -459,8 +461,10 @@
/* If this address is a duplicate, punt. */
match = 0;
for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
if ((ifp2->ifa_flags & IFF_UP) == 0)
continue;
+#if 0
if (ifp2->ifa_flags & IFF_LOOPBACK)
continue;
+#endif
if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
match = 1;
ifp->ifa_flags &= ~IFF_UP;
@@ -583,6 +587,7 @@
@@ -598,11 +602,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (lifreq.lifr_flags & IFF_LOOPBACK) {
@@ -590,6 +595,7 @@
if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
#endif
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.lifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -755,6 +761,7 @@
@@ -769,11 +775,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (lifreq.iflr_flags & IFF_LOOPBACK) {
@@ -762,6 +769,7 @@
if (is_loopback_address(&lifr->iflr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
#endif
+#endif
/* Ignore interfaces that are down. */
if ((lifreq.iflr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));
@@ -971,12 +979,14 @@
@@ -984,11 +992,13 @@
}
/*@=moduncon@*/
+#if 0
#ifdef IFF_LOOPBACK
/* None of the current callers want loopback addresses. */
if (ifreq.ifr_flags & IFF_LOOPBACK) {
if (is_loopback_address(&ifreq.ifr_addr)) {
Tprintf ((" loopback\n"));
goto skip;
}
+#endif
#endif
/* Ignore interfaces that are down. */
if ((ifreq.ifr_flags & IFF_UP) == 0) {
Tprintf ((" down\n"));

24
security/krb5-appl/files/patch-lib-rpc-svc.c
View File

@ -1,24 +0,0 @@
=== lib/rpc/svc.c
==================================================================
--- lib/rpc/svc.c (revision 1666)
+++ lib/rpc/svc.c (local)
@@ -109,15 +109,17 @@
if (sock < FD_SETSIZE) {
xports[sock] = xprt;
FD_SET(sock, &svc_fdset);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#else
if (sock < NOFILE) {
xports[sock] = xprt;
svc_fds |= (1 << sock);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#endif /* def FD_SETSIZE */
- if (sock > svc_maxfd)
- svc_maxfd = sock;
}
/*

51
security/krb5-appl/files/patch-lib-rpc-svc_tcp.c
View File

@ -1,51 +0,0 @@
=== lib/rpc/svc_tcp.c
==================================================================
--- lib/rpc/svc_tcp.c (revision 1666)
+++ lib/rpc/svc_tcp.c (local)
@@ -54,6 +54,14 @@
extern errno;
*/
+#ifndef FD_SETSIZE
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+#endif
+
/*
* Ops vector for TCP/IP based rpc service handle
*/
@@ -215,6 +223,19 @@
register SVCXPRT *xprt;
register struct tcp_conn *cd;
+#ifdef FD_SETSIZE
+ if (fd >= FD_SETSIZE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#else
+ if (fd >= NOFILE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#endif
xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
if (xprt == (SVCXPRT *)NULL) {
(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
@@ -271,6 +292,10 @@
* make a new transporter (re-uses xprt)
*/
xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+ if (xprt == NULL) {
+ close(sock);
+ return (FALSE);
+ }
xprt->xp_raddr = addr;
xprt->xp_addrlen = len;
xprt->xp_laddr = laddr;

11
security/krb5-appl/files/patch-plugins-preauth-pkinit-Makefile.in
View File

@ -1,11 +0,0 @@
--- plugins/preauth/pkinit/Makefile.in.orig 2007-09-28 18:02:10.000000000 -0700
+++ plugins/preauth/pkinit/Makefile.in 2007-10-29 07:03:24.000000000 -0700
@@ -21,7 +21,7 @@
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
$(TOPLIBD)/libkrb5$(SHLIBEXT)
LIBS+= -lcrypto
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -ldl $(SUPPORT_LIB) $(LIBS)
+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)

32
security/krb5-appl/pkg-plist
View File

@ -1,13 +1,15 @@
bin/compile_et
bin/%%FTP_PROG%%
bin/gss-client
bin/k5srvutil
bin/kadmin
bin/kdestroy
bin/kinit
bin/klist
bin/kpasswd
bin/krb5-config
%%KRB4%%bin/krb524init
bin/ksu
bin/ktutil
bin/kvno
bin/%%RCP_PROG%%
bin/%%RLOGIN_PROG%%
@ -16,10 +18,10 @@ bin/sclient
bin/sim_client
bin/%%TELNET_PROG%%
bin/uuclient
%%KRB4%%bin/v4rcp
include/com_err.h
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
@ -39,19 +41,16 @@ include/gssrpc/svc.h
include/gssrpc/svc_auth.h
include/gssrpc/types.h
include/gssrpc/xdr.h
%%KRB4%%include/kerberosIV/des.h
%%KRB4%%include/kerberosIV/kadm_err.h
%%KRB4%%include/kerberosIV/krb.h
%%KRB4%%include/kerberosIV/krb_err.h
%%KRB4%%include/kerberosIV/mit-copyright.h
include/krb5.h
include/krb5/krb5.h
include/krb5/locate_plugin.h
include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
include/kadm5/kadm_err.h
include/kdb.h
include/profile.h
lib/libcom_err.so
lib/libcom_err.so.3
lib/libdes425.so
lib/libdes425.so.3
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
lib/libgssrpc.so
@ -59,34 +58,30 @@ lib/libgssrpc.so.4
lib/libk5crypto.so
lib/libk5crypto.so.3
lib/libkadm5clnt.so
lib/libkadm5clnt.so.5
lib/libkadm5clnt.so.6
lib/libkadm5srv.so
lib/libkadm5srv.so.5
lib/libkadm5srv.so.6
lib/libkdb5.so
lib/libkdb5.so.4
%%KRB4%%lib/libkrb4.so
%%KRB4%%lib/libkrb4.so.2
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5support.so
lib/libkrb5support.so.0
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/encrypted_challenge.so
lib/krb5/plugins/preauth/pkinit.so
sbin/%%FTP_PROG%%d
sbin/gss-server
sbin/k5srvutil
sbin/kadmin
sbin/kadmin.local
sbin/kadmind
sbin/kdb5_util
sbin/klogind
sbin/kprop
sbin/kpropd
sbin/kproplog
sbin/krb5-send-pr
%%KRB4%%sbin/krb524d
sbin/krb5kdc
sbin/kshd
sbin/ktutil
sbin/login.krb5
sbin/sim_server
sbin/sserver
@ -102,12 +97,13 @@ share/gnats/mit
@dirrm lib/krb5/plugins/preauth
@dirrm lib/krb5/plugins/libkrb5
@dirrm lib/krb5/plugins/kdb
@dirrm lib/krb5/plugins/authdata
@dirrm lib/krb5/plugins
@dirrm lib/krb5
@dirrm include/gssapi
@dirrm include/gssrpc
@dirrm include/kerberosIV
@dirrm include/krb5
@dirrm include/kadm5
@dirrm share/et
@dirrmtry share/gnats
@dirrm share/examples/krb5