OBS User unknown 2006-12-18 23:16:52 +00:00 committed by Git OBS Bridge
commit 4ba35e7992
27 changed files with 2433 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

215
EncryptWithMasterKey.c Normal file
View File

@ -0,0 +1,215 @@
#include <com_err.h>
#include <krb5.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#define krb5_kdb_decode_int16(cp, i16) \
*((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \
((krb5_int16) ((unsigned char) (cp)[1]) << 8))
#define encode_int16(i16, cp) \
{ \
(cp)[0] = (unsigned char) ((i16) & 0xff); \
(cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \
}
krb5_error_code
krb5_db_fetch_mkey(krb5_context context,
krb5_enctype etype,
char *keyfile,
krb5_keyblock * key)
{
krb5_error_code retval;
/* from somewhere else */
krb5_ui_2 enctype;
FILE *kf;
retval = 0;
key->magic = KV5M_KEYBLOCK;
if (!(kf = fopen(keyfile, "r")))
return KRB5_KDB_CANTREAD_STORED;
if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
retval = KRB5_KDB_CANTREAD_STORED;
goto errout;
}
if (key->enctype == ENCTYPE_UNKNOWN)
key->enctype = enctype;
else if (enctype != key->enctype) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
}
if (fread((krb5_pointer) &key->length,
sizeof(key->length), 1, kf) != 1) {
retval = KRB5_KDB_CANTREAD_STORED;
goto errout;
}
if (!key->length || ((int) key->length) < 0) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
}
if (!(key->contents = (krb5_octet *)malloc(key->length))) {
retval = ENOMEM;
goto errout;
}
if (fread((krb5_pointer) key->contents,
sizeof(key->contents[0]), key->length, kf)
!= key->length) {
retval = KRB5_KDB_CANTREAD_STORED;
memset(key->contents, 0, key->length);
free(key->contents);
key->contents = 0;
} else
retval = 0;
errout:
(void) fclose(kf);
return retval;
}
static int
read_octet_string(char *str, krb5_octet *buf, size_t len)
{
int c;
int i, retval;
char *s;
s = str;
retval = 0;
for (i=0; i<len; i++) {
if (sscanf(s, "%02x", &c) != 1) {
retval = 1;
free(s);
break;
}
buf[i] = (krb5_octet) c;
if(i+1 < len) {
s++;
s++;
}
}
s = NULL;
return(retval);
}
void usage()
{
fprintf(stderr, "Usage: "
"EncryptWithMasterKey -sf stashfilename -d data [-e enctype]\n"
"\t [-sf stashfilename] \n"
"\t [-d the data to encrypt]\n"
"\t [-e encryption type of the master key] (default des3-cbc-sha1)\n\n"
"\t valid enctypes are:\n\n"
"\t des-cbc-crc, des-cbc-md4, des-cbc-md5, des, des-cbc-raw,\n"
"\t des3-cbc-raw, des3-cbc-sha1, des3-hmac-sha1, des3-cbc-sha1-kd,\n"
"\t des-hmac-sha1, arcfour-hmac, rc4-hmac, arcfour-hmac-md5,\n"
"\t arcfour-hmac-exp, rc4-hmac-exp, arcfour-hmac-md5-exp,\n"
"\t aes128-cts-hmac-sha1-96, aes128-cts, aes256-cts-hmac-sha1-96,\n"
"\t aes256-cts\n");
exit(1);
}
#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
int main(int argc, char *argv[])
{
krb5_context context;
krb5_error_code retval;
krb5_keyblock master_keyblock;
krb5_data plain;
krb5_enc_data cipher;
size_t plainlen = 0;
size_t enclen = 0;
char *koptarg;
char *stashfile = NULL;
char *data = NULL;
int i = 0;
master_keyblock.enctype = ENCTYPE_DES3_CBC_SHA1;
argv++; argc--;
while (*argv) {
if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
stashfile = koptarg;
} else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
data = koptarg;
} else if (strcmp(*argv, "-e") == 0 && ARG_VAL) {
if (krb5_string_to_enctype(koptarg, &master_keyblock.enctype))
{
com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
usage();
}
} else {
usage();
}
argv++; argc--;
}
if (data == NULL || stashfile == NULL)
usage();
retval = krb5_init_context(&context);
if( retval )
{
com_err(argv[0], retval, "while initializing krb5_context");
exit(1);
}
retval = krb5_db_fetch_mkey(context,
master_keyblock.enctype,
stashfile,
&master_keyblock);
if( retval )
{
com_err(argv[0], retval, "while fetching master key");
exit(1);
}
plainlen = strlen(data)/2;
plain.data = (char *) malloc(plainlen);
plain.length = plainlen;
read_octet_string(data, (krb5_octet*)plain.data, plainlen);
retval = krb5_c_encrypt_length(context,
master_keyblock.enctype,
plain.length, &enclen);
if( retval )
{
com_err(argv[0], retval, "while calculating cipher data length");
exit(1);
}
cipher.ciphertext.data = (char *) malloc(enclen);
cipher.ciphertext.length = enclen;
retval = krb5_c_encrypt(context, &master_keyblock, /* XXX */ 0, 0,
&plain, &cipher);
if( retval )
{
com_err(argv[0], retval, "while encrypting data");
exit(1);
}
/* first print out the length of the decrypted hash */
char l[2];
encode_int16((unsigned int)plainlen, l);
printf("%02x%02x", l[0], l[1]);
/* now print the encrypted key */
for(i = 0; i < cipher.ciphertext.length; ++i)
{
printf("%02x",(unsigned char)cipher.ciphertext.data[i]);
}
printf("\n");
return 0;
}

23
Makefile.kadm5 Normal file
View File

@ -0,0 +1,23 @@
.SUFFIXES: .tex .dvi .ps
all:
latex adb-unit-test.tex
latex api-funcspec.tex
latex api-server-design.tex
latex api-unit-test.tex
dvips adb-unit-test.dvi -o adb-unit-test.ps
dvips api-funcspec.dvi -o api-funcspec.ps
dvips api-server-design.dvi -o api-server-design.ps
dvips api-unit-test.dvi -o api-unit-test.ps
latex2html -dir ../html/adb-unit-test -mkdir adb-unit-test.tex
latex2html -dir ../html/api-funcspec -mkdir api-funcspec.tex
latex2html -dir ../html/api-server-design -mkdir api-server-design.tex
latex2html -dir ../html/api-unit-test -mkdir api-unit-test.tex
clean:
rm -f *.toc *.log *.idx *.ind *.aux *.ilg
really-clean: clean
rm -f *.dvi *.ps

9
README.Source Normal file
View File

@ -0,0 +1,9 @@
Because of potential legal risk we have removed the
file "src/appl/telnet/libtelnet/spx.c" from the
source tarball.
If you want to see the original sources you can download
them from
http://web.mit.edu/kerberos/www/ .

26
kprop-use-mkstemp.dif Normal file
View File

@ -0,0 +1,26 @@
--- slave/kprop.c
+++ slave/kprop.c 2006/06/21 12:38:34
@@ -215,6 +215,7 @@
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
krb5_keytab keytab = NULL;
+ int ret = 0;
/*
* Figure out what tickets we'll be using to send stuff
@@ -240,7 +241,15 @@
/*
* Initialize cache file which we're going to be using
*/
+#ifdef HAVE_MKSTEMP
+ ret = mkstemp(tkstring);
+ if (ret == -1) {
+ com_err(progname, errno, "while initialize cache file");
+ exit(1);
+ } else close(ret);
+#else
(void) mktemp(tkstring);
+#endif
sprintf(buf, "FILE:%s", tkstring);
retval = krb5_cc_resolve(context, buf, &ccache);

9
krb5-1.3.5-perlfix.dif Normal file
View File

@ -0,0 +1,9 @@
--- doc/man2html
+++ doc/man2html 2004/10/18 16:20:53
@@ -1,5 +1,4 @@
-#!/usr/athena/bin/perl
-#!/usr/local/bin/perl
+#!/usr/bin/perl
##---------------------------------------------------------------------------##
## File:
## @(#) man2html 1.2 97/08/12 12:57:30 @(#)

310
krb5-1.4-compile_pie.dif Normal file
View File

@ -0,0 +1,310 @@
--- src/appl/bsd/Makefile.in
+++ src/appl/bsd/Makefile.in 2005/06/17 14:00:37
@@ -15,6 +15,9 @@
V4RCPO=@V4RCPO@
KRSHDLIBS=@KRSHDLIBS@
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
SRCS= $(srcdir)/krcp.c $(srcdir)/krlogin.c $(srcdir)/krsh.c $(srcdir)/kcmd.c \
$(srcdir)/forward.c $(srcdir)/compat_recv.c \
$(srcdir)/login.c $(srcdir)/krshd.c $(srcdir)/krlogind.c \
--- src/appl/gssftp/ftpd/Makefile.in
+++ src/appl/gssftp/ftpd/Makefile.in 2005/06/17 14:06:35
@@ -15,6 +15,9 @@
COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
FTPD_LIBS=@FTPD_LIBS@
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
SRCS = $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \
$(srcdir)/vers.c \
$(srcdir)/../ftp/glob.c \
--- src/appl/gssftp/ftp/Makefile.in
+++ src/appl/gssftp/ftp/Makefile.in 2005/06/17 13:52:20
@@ -9,6 +9,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
SRCS = $(srcdir)/cmds.c $(srcdir)/cmdtab.c $(srcdir)/domacro.c \
$(srcdir)/ftp.c $(srcdir)/getpass.c $(srcdir)/glob.c \
$(srcdir)/main.c $(srcdir)/radix.c \
--- src/appl/gss-sample/Makefile.in
+++ src/appl/gss-sample/Makefile.in 2005/06/17 13:54:49
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
SRCS= $(srcdir)/gss-client.c $(srcdir)/gss-misc.c $(srcdir)/gss-server.c
OBJS= gss-client.o gss-misc.o gss-server.o
--- src/appl/sample/sclient/Makefile.in
+++ src/appl/sample/sclient/Makefile.in 2005/06/17 14:03:00
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: sclient
sclient: sclient.o $(KRB5_BASE_DEPLIBS)
--- src/appl/sample/sserver/Makefile.in
+++ src/appl/sample/sserver/Makefile.in 2005/06/17 14:13:52
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: sserver
sserver: sserver.o $(KRB5_BASE_DEPLIBS)
--- src/appl/simple/client/Makefile.in
+++ src/appl/simple/client/Makefile.in 2005/06/17 14:03:53
@@ -5,6 +5,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: sim_client
LOCALINCLUDES= -I.. -I$(srcdir)/..
--- src/appl/simple/server/Makefile.in
+++ src/appl/simple/server/Makefile.in 2005/06/17 14:13:21
@@ -8,6 +8,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: sim_server
sim_server: sim_server.o $(KRB5_BASE_DEPLIBS)
--- src/appl/telnet/libtelnet/Makefile.in
+++ src/appl/telnet/libtelnet/Makefile.in 2005/06/17 15:04:13
@@ -32,6 +32,8 @@
SETENVSRC=@SETENVSRC@
SETENVOBJ=@SETENVOBJ@
+CFLAGS += -fPIE
+
LIBBASE=telnet
LIBMAJOR=0
LIBMINOR=0
--- src/appl/telnet/telnetd/Makefile.in
+++ src/appl/telnet/telnetd/Makefile.in 2005/06/17 14:14:22
@@ -33,6 +33,9 @@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
LIBS= @TELNETD_LIBS@
SRCS= $(srcdir)/telnetd.c \
--- src/appl/telnet/telnet/Makefile.in
+++ src/appl/telnet/telnet/Makefile.in 2005/06/17 14:04:54
@@ -33,6 +33,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
LIBS= @TELNET_LIBS@
SRCS= $(srcdir)/authenc.c $(srcdir)/commands.c $(srcdir)/main.c $(srcdir)/network.c $(srcdir)/ring.c \
--- src/appl/user_user/Makefile.in
+++ src/appl/user_user/Makefile.in 2005/06/17 14:06:03
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: uuclient uuserver
uuclient: client.o $(KRB5_BASE_DEPLIBS)
--- src/clients/kdestroy/Makefile.in
+++ src/clients/kdestroy/Makefile.in 2005/06/17 13:55:38
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all-unix:: kdestroy
all-windows:: $(OUTPRE)kdestroy.exe
--- src/clients/kinit/Makefile.in
+++ src/clients/kinit/Makefile.in 2005/06/17 13:56:02
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows
##WIN32##DEFINES=-DGETOPT_LONG
--- src/clients/klist/Makefile.in
+++ src/clients/klist/Makefile.in 2005/06/17 13:56:46
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all-unix:: klist
all-windows:: $(OUTPRE)klist.exe
--- src/clients/kpasswd/Makefile.in
+++ src/clients/kpasswd/Makefile.in 2005/06/17 13:57:19
@@ -5,6 +5,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o kpasswd kpasswd.o $(KRB5_BASE_LIBS)
--- src/clients/ksu/Makefile.in
+++ src/clients/ksu/Makefile.in 2005/06/17 13:59:09
@@ -9,6 +9,9 @@
KSU_LIBS=@KSU_LIBS@
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
SRCS = \
$(srcdir)/krb_auth_su.c \
$(srcdir)/ccache.c \
--- src/clients/kvno/Makefile.in
+++ src/clients/kvno/Makefile.in 2005/06/17 13:59:27
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all-unix:: kvno
all-windows:: $(OUTPRE)kvno.exe
--- src/kadmin/cli/Makefile.in
+++ src/kadmin/cli/Makefile.in 2005/06/17 14:07:57
@@ -5,6 +5,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
PROG = kadmin
OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o
--- src/kadmin/dbutil/Makefile.in
+++ src/kadmin/dbutil/Makefile.in 2005/06/17 14:09:05
@@ -7,6 +7,9 @@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
PROG = kdb5_util
OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \
kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \
--- src/kadmin/ktutil/Makefile.in
+++ src/kadmin/ktutil/Makefile.in 2005/06/17 14:12:36
@@ -6,6 +6,9 @@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
OBJS= ktutil.o \
ktutil_ct.o \
ktutil_funcs.o
--- src/kadmin/server/Makefile.in
+++ src/kadmin/server/Makefile.in 2005/06/17 14:08:29
@@ -9,6 +9,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
PROG = kadmind
OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o
--- src/kdc/Makefile.in
+++ src/kdc/Makefile.in 2005/06/17 14:12:04
@@ -13,6 +13,9 @@
PROG_RPATH=$(KRB5_LIBDIR)
FAKEKA=@FAKEKA@
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: krb5kdc rtest $(FAKEKA)
# DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
--- src/krb524/Makefile.in
+++ src/krb524/Makefile.in 2005/06/17 14:10:47
@@ -27,6 +27,9 @@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES
##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES)
##WIN32##!endif
--- src/slave/Makefile.in
+++ src/slave/Makefile.in 2005/06/17 14:09:57
@@ -5,6 +5,9 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+LDFLAGS += -pie
+
all:: kprop kpropd
CLIENTSRCS= $(srcdir)/kprop.c
--- src/appl/libpty/Makefile.in
+++ src/appl/libpty/Makefile.in 2005/06/17 14:44:50
@@ -10,6 +10,8 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS += -fPIE
+
LIBBASE=pty
LIBMAJOR=1
LIBMINOR=2

26
krb5-1.4-fix-segfault.dif Normal file
View File

@ -0,0 +1,26 @@
--- src/lib/krb5/krb/princ_comp.c 2002-09-02 21:13:46.000000000 -0400
+++ src/lib/krb5/krb/princ_comp.c 2005-06-29 13:56:55.000000000 -0400
@@ -33,6 +33,13 @@
krb5_boolean KRB5_CALLCONV
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
{
+ if ((princ1 == NULL) || (princ2 == NULL))
+ return FALSE;
+
+ if ((krb5_princ_realm(context, princ1) == NULL) ||
+ (krb5_princ_realm(context, princ2) == NULL))
+ return FALSE;
+
if (krb5_princ_realm(context, princ1)->length !=
krb5_princ_realm(context, princ2)->length ||
memcmp (krb5_princ_realm(context, princ1)->data,
@@ -49,6 +56,9 @@
register int i;
krb5_int32 nelem;
+ if ((princ1 == NULL) || (princ2 == NULL))
+ return FALSE;
+
nelem = krb5_princ_size(context, princ1);
if (nelem != krb5_princ_size(context, princ2))
return FALSE;

View File

@ -0,0 +1,20 @@
--- src/lib/krb4/g_cnffile.c
+++ src/lib/krb4/g_cnffile.c 2006/10/30 11:12:26
@@ -68,7 +68,7 @@
&full_name);
if (retval == 0 && full_name && full_name[0]) {
retname[0] = '\0';
- strncat(retname, full_name[0], sizeof(retname));
+ strncat(retname, full_name[0], sizeof(retname)-strlen(retname)-1);
for (cpp = full_name; *cpp; cpp++)
krb5_xfree(*cpp);
krb5_xfree(full_name);
@@ -76,7 +76,7 @@
}
}
retname[0] = '\0';
- strncat(retname, default_srvtabname, sizeof(retname));
+ strncat(retname, default_srvtabname, sizeof(retname)-strlen(retname)-1);
return retname;
}

View File

@ -0,0 +1,20 @@
--- src/kadmin/dbutil/dump.c
+++ src/kadmin/dbutil/dump.c 2006/09/13 08:27:05
@@ -1986,7 +1986,7 @@
linenop);
else if (strcmp(rectype, "policy") == 0)
process_k5beta7_policy(fname, kcontext, filep, verbose,
- linenop);
+ linenop, NULL);
else {
fprintf(stderr, "unknown record type \"%s\" on line %d\n",
rectype, *linenop);
@@ -2022,7 +2022,7 @@
linenop);
else if (strcmp(rectype, "policy") == 0)
process_k5beta7_policy(fname, kcontext, filep, verbose,
- linenop);
+ linenop, NULL);
else if (strcmp(rectype, "End") == 0)
return -1;
else {

View File

@ -0,0 +1,10 @@
--- src/appl/telnet/telnetd/utility.c
+++ src/appl/telnet/telnetd/utility.c 2006/11/06 10:34:09
@@ -127,6 +127,7 @@
}
tv.tv_sec = 1;
tv.tv_usec = 0;
+ FD_ZERO(&fds);
FD_SET(net, &fds);
while (select(net + 1, &fds, NULL, NULL, &tv) == 1)

3
krb5-1.5.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a33c68ad46d2262481c18e59a14043e53bf692d7d83f7c88f0827f66324fd686
size 8524127

85
krb5-doc.changes Normal file
View File

@ -0,0 +1,85 @@
-------------------------------------------------------------------
Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
-------------------------------------------------------------------
Mon Jul 3 15:01:57 CEST 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
-------------------------------------------------------------------
Mon Mar 13 18:01:06 CET 2006 - mc@suse.de
- set BuildArchitectures to noarch
- set norootforbuild
-------------------------------------------------------------------
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Nov 18 12:15:07 CET 2005 - mc@suse.de
- update to version 1.4.3
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
-------------------------------------------------------------------
Wed Oct 12 16:19:08 CEST 2005 - mc@suse.de
- build kadm5 documentation
- build documentation also as html
- include the text only documentation
-------------------------------------------------------------------
Tue Oct 11 17:40:26 CEST 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
-------------------------------------------------------------------
Mon Jun 27 13:36:04 CEST 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-VUL-0-telnet.dif
-------------------------------------------------------------------
Thu Feb 10 02:38:39 CET 2005 - ro@suse.de
- added libpng to neededforbuild (for tetex)
-------------------------------------------------------------------
Fri Feb 4 16:50:34 CET 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
-------------------------------------------------------------------
Fri Jan 28 13:28:18 CET 2005 - mc@suse.de
- update to version 1.4
-------------------------------------------------------------------
Mon Jan 10 12:20:11 CET 2005 - mc@suse.de
- update to version 1.3.6
-------------------------------------------------------------------
Tue Dec 14 15:21:02 CET 2004 - mc@suse.de
- initial release

134
krb5-doc.spec Normal file
View File

@ -0,0 +1,134 @@
#
# spec file for package krb5-doc (Version 1.5.1)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5-doc
BuildRequires: ghostscript-library latex2html te_ams
Version: 1.5.1
Release: 20
%define srcRoot krb5-1.5.1
Summary: MIT Kerberos5 Implementation--Documentation
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Documentation/Other
Source: krb5-1.5.1.tar.bz2
Source1: README.Source
Source2: Makefile.kadm5
Patch0: krb5-1.3.5-perlfix.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArchitectures: noarch
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package includes extended
documentation for MIT Kerberos.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -n %{srcRoot}
%patch0
cp %{_sourcedir}/Makefile.kadm5 %{_builddir}/%{srcRoot}/doc/kadm5/Makefile
%build
%install
rm -rf %{buildroot}
cd doc
mkdir -p html
make
make -C api
make -C implement
make -C kadm5
cd api
latex2html -dir ../html/library -mkdir library.tex
latex2html -dir ../html/libdes -mkdir libdes.tex
cd ../implement
latex2html -dir ../html/implement -mkdir implement.tex
cd ..
mv krb5-admin html/
mv krb5-install html/
mv krb5-user html/
mv krb425 html/
mv *.html html/
cd ..
find . -type f -name '*.ps' -exec gzip -9 {} \;
chmod 644 doc/man2ps
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz doc/kadm5/*.ps.gz
%doc doc/krb5-protocol doc/kadmin
%doc doc/html
%changelog -n krb5-doc
* Thu Aug 24 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Mon Jul 03 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
* Mon Mar 13 2006 - mc@suse.de
- set BuildArchitectures to noarch
- set norootforbuild
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Nov 18 2005 - mc@suse.de
- update to version 1.4.3
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
* Wed Oct 12 2005 - mc@suse.de
- build kadm5 documentation
- build documentation also as html
- include the text only documentation
* Tue Oct 11 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
* Mon Jun 27 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-VUL-0-telnet.dif
* Thu Feb 10 2005 - ro@suse.de
- added libpng to neededforbuild (for tetex)
* Fri Feb 04 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
* Fri Jan 28 2005 - mc@suse.de
- update to version 1.4
* Mon Jan 10 2005 - mc@suse.de
- update to version 1.3.6
* Tue Dec 14 2004 - mc@suse.de
- initial release

330
krb5.changes Normal file
View File

@ -0,0 +1,330 @@
-------------------------------------------------------------------
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
- fix "local variable used before set" [#217692]
- fix strncat warning
-------------------------------------------------------------------
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
- add a default kadm5.dict file
- require $network on daemon start
-------------------------------------------------------------------
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
- fix function call with too few arguments [#203837]
-------------------------------------------------------------------
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
-------------------------------------------------------------------
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]
-------------------------------------------------------------------
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
- remove update-messages
-------------------------------------------------------------------
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]
-------------------------------------------------------------------
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
-------------------------------------------------------------------
Fri May 26 14:50:00 CEST 2006 - ro@suse.de
- libcom is not in e2fsck-devel but in its own package now, change
Requires accordingly.
-------------------------------------------------------------------
Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de
- add all daemons to %stop_on_removal and %restart_on_update
- add reload to kpropd init script
- add force-reload to all init scripts
-------------------------------------------------------------------
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
- add libgssapi_krb5.so link to main package [#147912]
-------------------------------------------------------------------
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
- fix logging section for kadmind in convert script
-------------------------------------------------------------------
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
- change the logging defaults
-------------------------------------------------------------------
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
- add tools and README for heimdal => MIT update
-------------------------------------------------------------------
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
- fix build problems, define _GNU_SOURCE
(krb5-1.4.3-set_gnu_source.dif )
-------------------------------------------------------------------
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
- added "make %{?jobs:-j%jobs}"
-------------------------------------------------------------------
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
- update to version 1.4.3
* some memmory leaks fixed
* fix for "AS_REP padata has wrong enctype"
* fix for "AS_REP padata missing PA-ETYPE-INFO"
* ... and more
-------------------------------------------------------------------
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
- don't build as root
-------------------------------------------------------------------
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
-------------------------------------------------------------------
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
- build with --disable-static
-------------------------------------------------------------------
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
- remove devel-static subpackage
-------------------------------------------------------------------
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
- better patch for princ_comp problem
-------------------------------------------------------------------
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-gcc4.dif
- krb5-1.4-reduce-namespace-polution.dif
- krb5-1.4-VUL-0-telnet.dif
-------------------------------------------------------------------
Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de
- fixed krb5 KDC heap corruption by random free
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
- fixed krb5 double free()
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
- fix krb5 NULL pointer reference while comparing principals
[#91600]
-------------------------------------------------------------------
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
- fix uninitialized variables
- compile with -fPIE/ link with -pie
-------------------------------------------------------------------
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
- fixed wrong xinetd files [#77149]
-------------------------------------------------------------------
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
by libcom_err locking patches
-------------------------------------------------------------------
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
- fixed missing descriptions in init files
[#76164, #76165, #76166, #76169]
-------------------------------------------------------------------
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
- enhance $PATH via /etc/profile.d/ [#74018]
- remove the "links to important programs"
-------------------------------------------------------------------
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
- fixed not running converter script [#72854]
-------------------------------------------------------------------
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
Overflow
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
Overflow
[#73618]
-------------------------------------------------------------------
Wed Mar 16 13:10:18 CET 2005 - mc@suse.de
- fixed wrong PreReqs [#73020]
-------------------------------------------------------------------
Tue Mar 15 19:54:58 CET 2005 - mc@suse.de
- add a simple krb5.conf converter [#72854]
-------------------------------------------------------------------
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
- fixed: rckrb5kdc restart gives wrong status with non-running service
[#72446]
-------------------------------------------------------------------
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
-------------------------------------------------------------------
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
- fix double free [#66534]
krb5-1.4-fix-error_tables.dif
-------------------------------------------------------------------
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
- change mode for shared libraries to 755
-------------------------------------------------------------------
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
- add a check for spx.c in the spec-file
- use rich-text for update-messages [#50250]
-------------------------------------------------------------------
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
- add krb5-1.4-reduce-namespace-polution.dif
reduce namespace polution in gssapi.h [#50356]
-------------------------------------------------------------------
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
- update to version 1.4
- Add implementation of the RPCSEC_GSS authentication flavor to the
RPC library.
- Thread safety for krb5 libraries.
- Merged Athena telnetd changes for creating a new option for
requiring encryption.
- The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
- Yarrow code now uses AES.
- Merged Athena changes to allow ftpd to require encrypted passwords.
- Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
- remove obsolet patches
-------------------------------------------------------------------
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
- add proofreaded update-messages
-------------------------------------------------------------------
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
- remove Conflicts: and add Provides:
- add some insserv stuff
-------------------------------------------------------------------
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
- move vendor files to vendor-files.tar.bz2
- add obsoletes: heimdal
- add %pre and %post sections to detect update
from heimdal and backup invalid configuration files
- add update-messages for heimdal update
-------------------------------------------------------------------
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
- update to version 1.3.6
- fix for: heap buffer overflow in libkadm5srv
[CAN-2004-1189 / MITKRB5-SA-2004-004]
-------------------------------------------------------------------
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
- build doc subpackage in an own specfile
- removed unnecessary neededforbuild requirements
-------------------------------------------------------------------
Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de
- fix build with gcc 4
-------------------------------------------------------------------
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
- added Conflicts with heimdal*
- rename some manpages to avoid conflicts
-------------------------------------------------------------------
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
- new init scripts
- fix logrotate scripts
- add some 64Bit fixes
- add default krb5.conf, kdc.conf and kadm5.acl
-------------------------------------------------------------------
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
- add e2fsprogs to NFB
- use system-et and system-ss
- fix includes of com_err.h
-------------------------------------------------------------------
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
- Initital checkin

659
krb5.spec Normal file
View File

@ -0,0 +1,659 @@
#
# spec file for package krb5 (Version 1.5.1)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5
Version: 1.5.1
Release: 17
BuildRequires: libcom_err
%define srcRoot krb5-1.5.1
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/%{name}
Provides: heimdal-lib
Obsoletes: heimdal-lib
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.5.1.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.4-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch12: warning-fix-util-support.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-strncat-warning.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package client
Summary: MIT Kerberos5 implementation - client programms
Group: Productivity/Networking/Security
Provides: heimdal-tools, heimdal-x11
Obsoletes: heimdal-tools, heimdal-x11
%description client
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package server
Summary: MIT Kerberos5 implementation - server
Group: Productivity/Networking/Security
Provides: heimdal
Obsoletes: heimdal
Requires: perl-Date-Calc
PreReq: %insserv_prereq %fillup_prereq
%description server
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes the kdc, kadmind
and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package devel
Summary: MIT Kerberos5 - Include Files and Libraries
Group: Development/Libraries/C and C++
PreReq: %{name} = %{version}
Requires: e2fsprogs-devel
Provides: heimdal-tools-devel, heimdal-devel
Obsoletes: heimdal-tools-devel, heimdal-devel
%description devel
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes Libraries and
Include Files for Development
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch6
cd %{_builddir}/%{srcRoot}/src
%patch12
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
cd -
%patch21
%patch22
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-kdc-replay-cache \
--enable-dns-for-realm \
--with-system-et \
--with-system-ss
make %{?jobs:-j%jobs}
#make check
%install
rm -rf %{buildroot}
cd src
make DESTDIR=%{buildroot} install
cd ..
# install sample config files
# I'll probably do something about this later on
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}/etc/profile.d/
mkdir -p %{buildroot}/var/log/krb5
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
# install init scripts
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5kdc.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5kdc
install -m 644 %{vendorFiles}/kadmind.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/kadmind
find . -type f -name '*.ps' -exec gzip -9 {} \;
# create rc* links
mkdir -p %{buildroot}/usr/bin/
ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind
ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc
ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd
ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d
# create links for kinit and klist, because of the java ones
ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit
ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist
# install doc
install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/%{krb5docdir}/heimdal2mit-DumpConvert.pl
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
install -m 644 %{_builddir}/%{srcRoot}/doc/CHANGES %{buildroot}/%{krb5docdir}/CHANGES
install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/%{krb5docdir}/simple_convert_krb5conf.pl
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%pre
# test update from heimdal-lib
if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null`
then
# we update from heimdal
echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal"
mv etc/krb5.conf etc/krb5.conf.heimdal
touch var/adm/fillup-templates/heimdal-update
if [ -e etc/krb5.keytab ]
then
echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal"
mv etc/krb5.keytab etc/krb5.keytab.heimdal
fi
fi
%post
%run_ldconfig
if [ -e var/adm/fillup-templates/heimdal-update ]
then
%_defaultdocdir/krb5/simple_convert_krb5conf.pl
rm -f /var/adm/fillup-templates/heimdal-update
fi
if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ]
then
echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf"
mv etc/krb5.conf.rpmnew etc/krb5.conf
fi
%postun
%run_ldconfig
#####################################################
# krb5-server preun/postun
#####################################################
%preun server
%stop_on_removal krb5kdc kadmind kpropd krb524d
%postun server
%restart_on_update krb5kdc kadmind kpropd krb524d
%{insserv_cleanup}
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files
%defattr(-,root,root)
%dir %{krb5docdir}
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
%doc %{krb5docdir}/CHANGES
%doc %{krb5docdir}/simple_convert_krb5conf.pl
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
%{_libdir}/lib*.so.*
%{_libdir}/libgssapi_krb5.so
%files server
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5kdc
%config(noreplace) %{_sysconfdir}/logrotate.d/kadmind
%{_sysconfdir}/init.d/kadmind
%{_sysconfdir}/init.d/krb5kdc
%{_sysconfdir}/init.d/kpropd
%{_sysconfdir}/init.d/krb524d
%dir %{krb5docdir}
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
%dir %{_localstatedir}/lib/kerberos/
%dir %{_localstatedir}/lib/kerberos/krb5kdc
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%doc %{krb5docdir}/heimdal2mit-DumpConvert.pl
%doc %{krb5docdir}/README.ConvertHeimdalMIT
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
/usr/bin/rc*
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/kadmin.local
/usr/lib/mit/sbin/kadmind
/usr/lib/mit/sbin/kpropd
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/krb524d
/usr/lib/mit/sbin/login.krb5
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/EncryptWithMasterKey
%{_libdir}/krb5/plugins/kdb/*.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
%{_mandir}/man8/kpropd.8*
%{_mandir}/man8/kprop.8*
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/krb524d.8*
%{_mandir}/man8/login.krb5.8*
%files client
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
/usr/lib/mit/bin/kdestroy
/usr/lib/mit/bin/kpasswd
/usr/lib/mit/bin/klist
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/krb524init
/usr/lib/mit/bin/sim_client
/usr/lib/mit/sbin/kadmin
/usr/lib/mit/sbin/ktutil
/usr/lib/mit/sbin/k5srvutil
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
%{_mandir}/man1/kinit.1*
%{_mandir}/man1/krb524init.1*
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man8/kadmin.8*
%{_mandir}/man8/ktutil.8*
%{_mandir}/man8/k5srvutil.8*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
# removed SUID bit
%attr(0755,root,root)/usr/lib/mit/bin/v4rcp
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/v4rcp.1*
%files devel
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/krb5-config
%{_libdir}/libdes425.so
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb4.so
%{_libdir}/libkrb5.so
%{_libdir}/libkrb5support.so
%{_includedir}/*
/usr/lib/mit/sbin/krb5-send-pr
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%changelog -n krb5
* Mon Nov 06 2006 - mc@suse.de
- fix "local variable used before set" [#217692]
- fix strncat warning
* Fri Oct 27 2006 - mc@suse.de
- add a default kadm5.dict file
- require $network on daemon start
* Wed Sep 13 2006 - mc@suse.de
- fix function call with too few arguments [#203837]
* Thu Aug 24 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Fri Aug 11 2006 - mc@suse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]
* Mon Aug 07 2006 - mc@suse.de
- remove update-messages
* Mon Jul 24 2006 - mc@suse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]
* Mon Jul 03 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
* Fri May 26 2006 - ro@suse.de
- libcom is not in e2fsck-devel but in its own package now, change
Requires accordingly.
* Mon Mar 27 2006 - mc@suse.de
- add all daemons to %%stop_on_removal and %%restart_on_update
- add reload to kpropd init script
- add force-reload to all init scripts
* Mon Mar 13 2006 - mc@suse.de
- add libgssapi_krb5.so link to main package [#147912]
* Fri Feb 03 2006 - mc@suse.de
- fix logging section for kadmind in convert script
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 - mc@suse.de
- change the logging defaults
* Wed Jan 11 2006 - mc@suse.de
- add tools and README for heimdal => MIT update
* Mon Jan 09 2006 - mc@suse.de
- fix build problems, define _GNU_SOURCE
(krb5-1.4.3-set_gnu_source.dif )
* Tue Jan 03 2006 - mc@suse.de
- added "make %%{?jobs:-j%%jobs}"
* Fri Nov 18 2005 - mc@suse.de
- update to version 1.4.3
* some memmory leaks fixed
* fix for "AS_REP padata has wrong enctype"
* fix for "AS_REP padata missing PA-ETYPE-INFO"
* ... and more
* Wed Nov 02 2005 - dmueller@suse.de
- don't build as root
* Tue Oct 11 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
* Mon Aug 08 2005 - mc@suse.de
- build with --disable-static
* Thu Aug 04 2005 - ro@suse.de
- remove devel-static subpackage
* Thu Jun 30 2005 - mc@suse.de
- better patch for princ_comp problem
* Mon Jun 27 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-gcc4.dif
- krb5-1.4-reduce-namespace-polution.dif
- krb5-1.4-VUL-0-telnet.dif
* Thu Jun 23 2005 - mc@suse.de
- fixed krb5 KDC heap corruption by random free
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
- fixed krb5 double free()
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
- fix krb5 NULL pointer reference while comparing principals
[#91600]
* Fri Jun 17 2005 - mc@suse.de
- fix uninitialized variables
- compile with -fPIE/ link with -pie
* Wed Apr 20 2005 - mc@suse.de
- fixed wrong xinetd files [#77149]
* Fri Apr 08 2005 - mt@suse.de
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
by libcom_err locking patches
* Thu Apr 07 2005 - mc@suse.de
- fixed missing descriptions in init files
[#76164, #76165, #76166, #76169]
* Wed Mar 30 2005 - mc@suse.de
- enhance $PATH via /etc/profile.d/ [#74018]
- remove the "links to important programs"
* Fri Mar 18 2005 - mc@suse.de
- fixed not running converter script [#72854]
* Thu Mar 17 2005 - mc@suse.de
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
Overflow
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
Overflow
[#73618]
* Wed Mar 16 2005 - mc@suse.de
- fixed wrong PreReqs [#73020]
* Tue Mar 15 2005 - mc@suse.de
- add a simple krb5.conf converter [#72854]
* Mon Mar 14 2005 - mc@suse.de
- fixed: rckrb5kdc restart gives wrong status with non-running service
[#72446]
* Thu Mar 10 2005 - mc@suse.de
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
* Fri Feb 25 2005 - mc@suse.de
- fix double free [#66534]
krb5-1.4-fix-error_tables.dif
* Fri Feb 11 2005 - mc@suse.de
- change mode for shared libraries to 755
* Fri Feb 04 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
- add a check for spx.c in the spec-file
- use rich-text for update-messages [#50250]
* Tue Feb 01 2005 - mc@suse.de
- add krb5-1.4-reduce-namespace-polution.dif
reduce namespace polution in gssapi.h [#50356]
* Fri Jan 28 2005 - mc@suse.de
- update to version 1.4
- Add implementation of the RPCSEC_GSS authentication flavor to the
RPC library.
- Thread safety for krb5 libraries.
- Merged Athena telnetd changes for creating a new option for
requiring encryption.
- The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
- Yarrow code now uses AES.
- Merged Athena changes to allow ftpd to require encrypted passwords.
- Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
- remove obsolet patches
* Mon Jan 17 2005 - mc@suse.de
- add proofreaded update-messages
* Fri Jan 14 2005 - mc@suse.de
- remove Conflicts: and add Provides:
- add some insserv stuff
* Thu Jan 13 2005 - mc@suse.de
- move vendor files to vendor-files.tar.bz2
- add obsoletes: heimdal
- add %%pre and %%post sections to detect update
from heimdal and backup invalid configuration files
- add update-messages for heimdal update
* Mon Jan 10 2005 - mc@suse.de
- update to version 1.3.6
- fix for: heap buffer overflow in libkadm5srv
[CAN-2004-1189 / MITKRB5-SA-2004-004]
* Tue Dec 14 2004 - mc@suse.de
- build doc subpackage in an own specfile
- removed unnecessary neededforbuild requirements
* Wed Nov 24 2004 - coolo@suse.de
- fix build with gcc 4
* Mon Nov 15 2004 - mc@suse.de
- added Conflicts with heimdal*
- rename some manpages to avoid conflicts
* Thu Nov 04 2004 - mc@suse.de
- new init scripts
- fix logrotate scripts
- add some 64Bit fixes
- add default krb5.conf, kdc.conf and kadm5.acl
* Wed Nov 03 2004 - mc@suse.de
- add e2fsprogs to NFB
- use system-et and system-ss
- fix includes of com_err.h
* Thu Oct 28 2004 - mc@suse.de
- Initital checkin

0
ready Normal file
View File

50
spx.c Normal file
View File

@ -0,0 +1,50 @@
/*-
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* based on @(#)spx.c 8.1 (Berkeley) 6/4/93 */
#include "misc-proto.h"
#ifdef notdef
prkey(msg, key)
char *msg;
unsigned char *key;
{
register int i;
printf("%s:", msg);
for (i = 0; i < 8; i++)
printf(" %3d", key[i]);
printf("\r\n");
}
#endif

View File

@ -0,0 +1,33 @@
--- src/kadmin/dbutil/Makefile.in
+++ src/kadmin/dbutil/Makefile.in 2006/06/02 11:40:51
@@ -22,21 +22,28 @@
OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o
-all:: $(PROG)
+all:: $(PROG) EncryptWithMasterKey
$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
+EncryptWithMasterKey: EncryptWithMasterKey.o
+ $(CC_LINK) -o EncryptWithMasterKey EncryptWithMasterKey.o $(KRB5_BASE_LIBS)
+
+EncryptWithMasterKey.o: EncryptWithMasterKey.c
+
+
import_err.c import_err.h: $(srcdir)/import_err.et
$(OBJS): import_err.h
install::
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
+ $(INSTALL_PROGRAM) EncryptWithMasterKey ${DESTDIR}$(ADMIN_BINDIR)/EncryptWithMasterKey
$(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8
clean::
- $(RM) $(PROG) $(OBJS) import_err.c import_err.h
+ $(RM) $(PROG) $(OBJS) import_err.c import_err.h EncryptWithMasterKey EncryptWithMasterKey.o
# +++ Dependency line eater +++
#

3
vendor-files.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:365b0ed6435c553cd505d595c9f2709b676ae15be3acdb419e6e85a0ec6b91c8
size 185388

View File

@ -0,0 +1,15 @@
# fix warning:
# string2key.c: In function 'mit_des_string_to_key_int':
# string2key.c:229: warning: pointer targets in passing argument 1 of 'mit_des_cbc_cksum' differ in signedness
#
--- lib/crypto/des/string2key.c
+++ lib/crypto/des/string2key.c 2006/06/21 08:16:12
@@ -44,7 +44,7 @@
krb5_ui_4 x, y, z;
unsigned char *p;
des_key_schedule sched;
- char *copy;
+ unsigned char *copy;
size_t copylen;
/* As long as the architecture is big-endian or little-endian, it

View File

@ -0,0 +1,169 @@
# warning fix for:
# derive.c:63: warning: pointer targets in assignment differ in signedness
# derive.c:66: warning: pointer targets in assignment differ in signedness
# derive.c:75: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness
# derive.c:75: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness
# derive.c:96: warning: pointer targets in assignment differ in signedness
# derive.c: In function 'krb5_derive_random':
# derive.c:148: warning: pointer targets in assignment differ in signedness
# derive.c:151: warning: pointer targets in assignment differ in signedness
# derive.c:160: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness
# derive.c:160: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness
#
# dk_decrypt.c:153: warning: pointer targets in assignment differ in signedness
#
# dk_encrypt.c: In function 'krb5_dk_encrypt':
# dk_encrypt.c:98: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:119: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:132: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:141: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c: In function 'krb5int_aes_dk_encrypt':
# dk_encrypt.c:263: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:284: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:298: warning: pointer targets in assignment differ in signedness
# dk_encrypt.c:308: warning: pointer targets in assignment differ in signedness
#
--- lib/crypto/dk/derive.c
+++ lib/crypto/dk/derive.c 2006/06/21 10:13:47
@@ -60,10 +60,10 @@
return(ENOMEM);
}
- inblock.data = inblockdata;
+ inblock.data = (char*)inblockdata;
inblock.length = blocksize;
- outblock.data = outblockdata;
+ outblock.data = (char*)outblockdata;
outblock.length = blocksize;
/* initialize the input block */
@@ -71,8 +71,8 @@
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5_nfold(in_constant->length*8, in_constant->data,
- inblock.length*8, inblock.data);
+ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data,
+ inblock.length*8, (unsigned char*)inblock.data);
}
/* loop encrypting the blocks until enough key bytes are generated */
@@ -93,7 +93,7 @@
/* postprocess the key */
- inblock.data = rawkey;
+ inblock.data = (char*)rawkey;
inblock.length = keybytes;
(*(enc->make_key))(&inblock, outkey);
@@ -145,10 +145,10 @@
return(ENOMEM);
}
- inblock.data = inblockdata;
+ inblock.data = (char*)inblockdata;
inblock.length = blocksize;
- outblock.data = outblockdata;
+ outblock.data = (char*)outblockdata;
outblock.length = blocksize;
/* initialize the input block */
@@ -156,8 +156,8 @@
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5_nfold(in_constant->length*8, in_constant->data,
- inblock.length*8, inblock.data);
+ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data,
+ inblock.length*8, (unsigned char*)inblock.data);
}
/* loop encrypting the blocks until enough key bytes are generated */
--- lib/crypto/dk/dk_decrypt.c
+++ lib/crypto/dk/dk_decrypt.c 2006/06/21 10:13:47
@@ -150,7 +150,7 @@
cn = (unsigned char *) d1.data + d1.length - blocksize;
else if (ivec_mode == 1) {
int nblocks = (d1.length + blocksize - 1) / blocksize;
- cn = d1.data + blocksize * (nblocks - 2);
+ cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
} else
abort();
} else
--- lib/crypto/dk/dk_encrypt.c
+++ lib/crypto/dk/dk_encrypt.c 2006/06/21 10:19:00
@@ -95,7 +95,7 @@
/* derive the keys */
- d1.data = constantdata;
+ d1.data = (char*)constantdata;
d1.length = K5CLENGTH;
d1.data[0] = (usage>>24)&0xff;
@@ -116,7 +116,7 @@
/* put together the plaintext */
d1.length = blocksize;
- d1.data = plaintext;
+ d1.data = (char*)plaintext;
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
goto cleanup;
@@ -129,7 +129,7 @@
/* encrypt the plaintext */
d1.length = plainlen;
- d1.data = plaintext;
+ d1.data = (char*)plaintext;
d2.length = plainlen;
d2.data = output->data;
@@ -138,7 +138,7 @@
goto cleanup;
if (ivec != NULL && ivec->length == blocksize)
- cn = d2.data + d2.length - blocksize;
+ cn = (unsigned char*)d2.data + d2.length - blocksize;
else
cn = NULL;
@@ -260,7 +260,7 @@
/* derive the keys */
- d1.data = constantdata;
+ d1.data = (char*)constantdata;
d1.length = K5CLENGTH;
d1.data[0] = (usage>>24)&0xff;
@@ -281,7 +281,7 @@
/* put together the plaintext */
d1.length = blocksize;
- d1.data = plaintext;
+ d1.data = (char*)plaintext;
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
goto cleanup;
@@ -295,7 +295,7 @@
/* encrypt the plaintext */
d1.length = plainlen;
- d1.data = plaintext;
+ d1.data = (char*)plaintext;
d2.length = plainlen;
d2.data = output->data;
@@ -305,7 +305,7 @@
if (ivec != NULL && ivec->length == blocksize) {
int nblocks = (d2.length + blocksize - 1) / blocksize;
- cn = d2.data + blocksize * (nblocks - 2);
+ cn = (unsigned char*)d2.data + blocksize * (nblocks - 2);
} else
cn = NULL;

View File

@ -0,0 +1,77 @@
# fix warnings for:
# aes.c: In function 'krb5int_aes_encrypt':
# aes.c:72: warning: pointer targets in passing argument 1 of 'krb5int_aes_enc_blk' differ in signedness
# aes.c:72: warning: pointer targets in passing argument 2 of 'krb5int_aes_enc_blk' differ in signedness
# aes.c:77: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:86: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:94: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:94: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
# aes.c: In function 'krb5int_aes_decrypt':
# aes.c:127: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
# aes.c:127: warning: pointer targets in passing argument 2 of 'krb5int_aes_dec_blk' differ in signedness
# aes.c:131: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
# aes.c:132: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:132: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
# aes.c:138: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
# aes.c:145: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:145: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
# aes.c:154: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
# aes.c:154: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
#
--- lib/crypto/enc_provider/aes.c
+++ lib/crypto/enc_provider/aes.c 2006/06/21 10:50:23
@@ -40,7 +40,7 @@
#define enc(OUT, IN, CTX) (aes_enc_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
#define dec(OUT, IN, CTX) (aes_dec_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
-static void xorblock(char *out, const char *in)
+static void xorblock(unsigned char *out, const unsigned char *in)
{
int z;
for (z = 0; z < BLOCK_SIZE; z++)
@@ -69,12 +69,12 @@
if (nblocks == 1) {
/* XXX Used for DK function. */
- enc(output->data, input->data, &ctx);
+ enc((unsigned char*)output->data, (unsigned char*)input->data, &ctx);
} else {
unsigned int nleft;
for (blockno = 0; blockno < nblocks - 2; blockno++) {
- xorblock(tmp, input->data + blockno * BLOCK_SIZE);
+ xorblock(tmp, (unsigned char*) input->data + blockno * BLOCK_SIZE);
enc(tmp2, tmp, &ctx);
memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
@@ -83,7 +83,7 @@
}
/* Do final CTS step for last two blocks (the second of which
may or may not be incomplete). */
- xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
+ xorblock(tmp, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE);
enc(tmp2, tmp, &ctx);
nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
@@ -124,18 +124,18 @@
if (nblocks == 1) {
if (input->length < BLOCK_SIZE)
abort();
- dec(output->data, input->data, &ctx);
+ dec((unsigned char*)output->data, (unsigned char*) input->data, &ctx);
} else {
for (blockno = 0; blockno < nblocks - 2; blockno++) {
- dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
+ dec(tmp2, (unsigned char*)input->data + blockno * BLOCK_SIZE, &ctx);
xorblock(tmp2, tmp);
memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
}
/* Do last two blocks, the second of which (next-to-last block
of plaintext) may be incomplete. */
- dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
+ dec(tmp2, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
/* Set tmp3 to last ciphertext block, padded. */
memset(tmp3, 0, sizeof(tmp3));
memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,

View File

@ -0,0 +1,27 @@
# warning fixes for:
# arcfour_s2k.c:46: warning: pointer targets in passing argument 2 of 'asctouni' differ in signedness
#
# ycipher.c:77: warning: pointer targets in assignment differ in signedness
#
--- lib/crypto/arcfour/arcfour_s2k.c
+++ lib/crypto/arcfour/arcfour_s2k.c 2006/06/21 10:55:47
@@ -43,7 +43,7 @@
return ENOMEM;
/* make the string. start by creating the unicode version of the password*/
- asctouni(copystr, string->data, slen );
+ asctouni(copystr, (unsigned char*)string->data, slen );
/* the actual MD4 hash of the data */
krb5_MD4Init(&md4_context);
--- lib/crypto/yarrow/ycipher.c
+++ lib/crypto/yarrow/ycipher.c 2006/06/21 10:56:48
@@ -74,7 +74,7 @@
const struct krb5_enc_provider *enc = &yarrow_enc_provider;
ind.data = (char *) in;
ind.length = CIPHER_BLOCK_SIZE;
- outd.data = out;
+ outd.data = (char*)out;
outd.length = CIPHER_BLOCK_SIZE;
ret = enc->encrypt (&ctx->key, 0, &ind, &outd);
if (ret)

View File

@ -0,0 +1,85 @@
# warning fix for:
# old_api_glue.c: In function 'krb5_encrypt':
# old_api_glue.c:49: warning: assignment discards qualifiers from pointer target type
# old_api_glue.c: In function 'krb5_decrypt':
# old_api_glue.c:85: warning: assignment discards qualifiers from pointer target type
# old_api_glue.c: In function 'krb5_calculate_checksum':
# old_api_glue.c:206: warning: assignment discards qualifiers from pointer target type
# old_api_glue.c:210: warning: assignment discards qualifiers from pointer target type
# old_api_glue.c: In function 'krb5_verify_checksum':
# old_api_glue.c:242: warning: assignment discards qualifiers from pointer target type
# old_api_glue.c:246: warning: assignment discards qualifiers from pointer target type
#
# pbkdf2.c:86: warning: pointer targets in assignment differ in signedness
#
# prng.c:33: warning: 'init_error' defined but not used
#
--- lib/crypto/old_api_glue.c
+++ lib/crypto/old_api_glue.c 2006/06/21 10:23:07
@@ -46,7 +46,7 @@
/* size is the length of the input cleartext data */
inputd.length = size;
- inputd.data = inptr;
+ inputd.data = (char*)inptr;
/* The size of the output buffer isn't part of the old api. Not too
safe. So, we assume here that it's big enough. */
@@ -82,7 +82,7 @@
/* size is the length of the input ciphertext data */
inputd.enctype = eblock->key->enctype;
inputd.ciphertext.length = size;
- inputd.ciphertext.data = inptr;
+ inputd.ciphertext.data = (char*)inptr;
/* we don't really know how big this is, but the code tends to assume
that the output buffer size should be the same as the input
@@ -203,11 +203,11 @@
krb5_error_code ret;
krb5_checksum cksum;
- input.data = in;
+ input.data = (char*)in;
input.length = in_length;
key.length = seed_length;
- key.contents = seed;
+ key.contents = (krb5_octet*)seed;
if ((ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum)))
return(ret);
@@ -239,11 +239,11 @@
krb5_error_code ret;
krb5_boolean valid;
- input.data = in;
+ input.data = (char*)in;
input.length = in_length;
key.length = seed_length;
- key.contents = seed;
+ key.contents = (krb5_octet*)seed;
if ((ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum,
&valid)))
--- lib/crypto/pbkdf2.c
+++ lib/crypto/pbkdf2.c 2006/06/21 10:25:54
@@ -83,7 +83,7 @@
krb5_data out;
krb5_error_code err;
- pdata.contents = pass->data;
+ pdata.contents = (krb5_octet*) pass->data;
pdata.length = pass->length;
#if 0
--- lib/crypto/prng.c
+++ lib/crypto/prng.c 2006/06/21 10:27:07
@@ -30,7 +30,6 @@
#include "yarrow.h"
static Yarrow_CTX y_ctx;
-static int init_error;
#define yarrow_lock krb5int_yarrow_lock
k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;

View File

@ -0,0 +1,71 @@
# threads.c: In function 'krb5int_thread_support_init':
# threads.c:456: warning: implicit declaration of function 'krb5int_err_init'
# errors.c: In function 'krb5int_vset_error':
# errors.c:52: warning: passing argument 1 of 'free' discards qualifiers from pointer target type
# errors.c:59: warning: implicit declaration of function 'vasprintf'
# errors.c: In function 'krb5int_get_error':
# errors.c:76: warning: assignment discards qualifiers from pointer target type
# errors.c:80: warning: implicit declaration of function 'krb5int_call_thread_support_init'
# errors.c:120: warning: assignment discards qualifiers from pointer target type
# errors.c: In function 'krb5int_clear_error':
# errors.c:146: warning: passing argument 2 of 'krb5int_free_error' discards qualifiers from pointer target type
#
--- util/support/errors.c
+++ util/support/errors.c 2006/06/21 07:36:30
@@ -31,6 +31,9 @@
{
return k5_mutex_finish_init (&krb5int_error_info_support_mutex);
}
+
+extern int krb5int_call_thread_support_init(void);
+
#define initialize() krb5int_call_thread_support_init()
#define lock() k5_mutex_lock(&krb5int_error_info_support_mutex)
#define unlock() k5_mutex_unlock(&krb5int_error_info_support_mutex)
@@ -49,7 +52,7 @@
const char *fmt, va_list args)
{
if (ep->msg && ep->msg != ep->scratch_buf) {
- free (ep->msg);
+ free ((char*)ep->msg);
ep->msg = NULL;
}
ep->code = code;
@@ -73,7 +76,7 @@
if (code != ep->code)
krb5int_clear_error (ep);
if (ep->msg) {
- r = ep->msg;
+ r = (char*)ep->msg;
ep->msg = NULL;
return r;
}
@@ -117,7 +120,7 @@
sprintf (ep->scratch_buf, _("error %ld"), code);
return ep->scratch_buf;
}
- r = fptr(code);
+ r = (char*)fptr(code);
if (r == NULL) {
unlock();
goto format_number;
@@ -143,7 +146,7 @@
void
krb5int_clear_error (struct errinfo *ep)
{
- krb5int_free_error (ep, ep->msg);
+ krb5int_free_error (ep, (char*)ep->msg);
ep->msg = NULL;
}
--- util/support/threads.c
+++ util/support/threads.c 2006/06/21 07:25:22
@@ -36,6 +36,8 @@
MAKE_INIT_FUNCTION(krb5int_thread_support_init);
MAKE_FINI_FUNCTION(krb5int_thread_support_fini);
+extern int krb5int_err_init(void);
+
#ifndef ENABLE_THREADS /* no thread support */
static void (*destructors[K5_KEY_MAX])(void *);