commit 4ba35e7992b92bf0a0323bfb80af84e901ac3f2305257f8c9a3ec9dfd16e47d5 Author: OBS User unknown Date: Mon Dec 18 23:16:52 2006 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/EncryptWithMasterKey.c b/EncryptWithMasterKey.c new file mode 100644 index 0000000..30f09f9 --- /dev/null +++ b/EncryptWithMasterKey.c @@ -0,0 +1,215 @@ +#include +#include +#include +#include +#include + +#define krb5_kdb_decode_int16(cp, i16) \ + *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \ + ((krb5_int16) ((unsigned char) (cp)[1]) << 8)) +#define encode_int16(i16, cp) \ + { \ + (cp)[0] = (unsigned char) ((i16) & 0xff); \ + (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \ + } + +krb5_error_code +krb5_db_fetch_mkey(krb5_context context, + krb5_enctype etype, + char *keyfile, + krb5_keyblock * key) +{ + krb5_error_code retval; + + /* from somewhere else */ + krb5_ui_2 enctype; + FILE *kf; + + retval = 0; + key->magic = KV5M_KEYBLOCK; + + if (!(kf = fopen(keyfile, "r"))) + return KRB5_KDB_CANTREAD_STORED; + if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; + } + if (key->enctype == ENCTYPE_UNKNOWN) + key->enctype = enctype; + else if (enctype != key->enctype) { + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; + } + if (fread((krb5_pointer) &key->length, + sizeof(key->length), 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; + } + if (!key->length || ((int) key->length) < 0) { + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; + } + + if (!(key->contents = (krb5_octet *)malloc(key->length))) { + retval = ENOMEM; + goto errout; + } + if (fread((krb5_pointer) key->contents, + sizeof(key->contents[0]), key->length, kf) + != key->length) { + retval = KRB5_KDB_CANTREAD_STORED; + memset(key->contents, 0, key->length); + free(key->contents); + key->contents = 0; + } else + retval = 0; + +errout: + (void) fclose(kf); + return retval; +} + + +static int +read_octet_string(char *str, krb5_octet *buf, size_t len) +{ + int c; + int i, retval; + char *s; + + s = str; + + retval = 0; + for (i=0; i 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL)) + +int main(int argc, char *argv[]) +{ + krb5_context context; + krb5_error_code retval; + krb5_keyblock master_keyblock; + krb5_data plain; + krb5_enc_data cipher; + size_t plainlen = 0; + size_t enclen = 0; + char *koptarg; + char *stashfile = NULL; + char *data = NULL; + int i = 0; + + master_keyblock.enctype = ENCTYPE_DES3_CBC_SHA1; + + argv++; argc--; + while (*argv) { + if (strcmp(*argv, "-sf") == 0 && ARG_VAL) { + stashfile = koptarg; + } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { + data = koptarg; + } else if (strcmp(*argv, "-e") == 0 && ARG_VAL) { + if (krb5_string_to_enctype(koptarg, &master_keyblock.enctype)) + { + com_err(argv[0], 0, "%s is an invalid enctype", koptarg); + usage(); + } + } else { + usage(); + } + argv++; argc--; + } + + if (data == NULL || stashfile == NULL) + usage(); + + + retval = krb5_init_context(&context); + if( retval ) + { + com_err(argv[0], retval, "while initializing krb5_context"); + exit(1); + } + + retval = krb5_db_fetch_mkey(context, + master_keyblock.enctype, + stashfile, + &master_keyblock); + if( retval ) + { + com_err(argv[0], retval, "while fetching master key"); + exit(1); + } + + plainlen = strlen(data)/2; + + plain.data = (char *) malloc(plainlen); + plain.length = plainlen; + + read_octet_string(data, (krb5_octet*)plain.data, plainlen); + + retval = krb5_c_encrypt_length(context, + master_keyblock.enctype, + plain.length, &enclen); + if( retval ) + { + com_err(argv[0], retval, "while calculating cipher data length"); + exit(1); + } + + cipher.ciphertext.data = (char *) malloc(enclen); + cipher.ciphertext.length = enclen; + + retval = krb5_c_encrypt(context, &master_keyblock, /* XXX */ 0, 0, + &plain, &cipher); + if( retval ) + { + com_err(argv[0], retval, "while encrypting data"); + exit(1); + } + + /* first print out the length of the decrypted hash */ + + char l[2]; + encode_int16((unsigned int)plainlen, l); + printf("%02x%02x", l[0], l[1]); + + /* now print the encrypted key */ + for(i = 0; i < cipher.ciphertext.length; ++i) + { + printf("%02x",(unsigned char)cipher.ciphertext.data[i]); + } + printf("\n"); + + return 0; +} + diff --git a/Makefile.kadm5 b/Makefile.kadm5 new file mode 100644 index 0000000..8d26677 --- /dev/null +++ b/Makefile.kadm5 @@ -0,0 +1,23 @@ +.SUFFIXES: .tex .dvi .ps + +all: + latex adb-unit-test.tex + latex api-funcspec.tex + latex api-server-design.tex + latex api-unit-test.tex + dvips adb-unit-test.dvi -o adb-unit-test.ps + dvips api-funcspec.dvi -o api-funcspec.ps + dvips api-server-design.dvi -o api-server-design.ps + dvips api-unit-test.dvi -o api-unit-test.ps + latex2html -dir ../html/adb-unit-test -mkdir adb-unit-test.tex + latex2html -dir ../html/api-funcspec -mkdir api-funcspec.tex + latex2html -dir ../html/api-server-design -mkdir api-server-design.tex + latex2html -dir ../html/api-unit-test -mkdir api-unit-test.tex + + +clean: + rm -f *.toc *.log *.idx *.ind *.aux *.ilg + +really-clean: clean + rm -f *.dvi *.ps + diff --git a/README.Source b/README.Source new file mode 100644 index 0000000..9bf6da7 --- /dev/null +++ b/README.Source @@ -0,0 +1,9 @@ +Because of potential legal risk we have removed the +file "src/appl/telnet/libtelnet/spx.c" from the +source tarball. + +If you want to see the original sources you can download +them from + + http://web.mit.edu/kerberos/www/ . + diff --git a/kprop-use-mkstemp.dif b/kprop-use-mkstemp.dif new file mode 100644 index 0000000..b4ad439 --- /dev/null +++ b/kprop-use-mkstemp.dif @@ -0,0 +1,26 @@ +--- slave/kprop.c ++++ slave/kprop.c 2006/06/21 12:38:34 +@@ -215,6 +215,7 @@ + krb5_error_code retval; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + krb5_keytab keytab = NULL; ++ int ret = 0; + + /* + * Figure out what tickets we'll be using to send stuff +@@ -240,7 +241,15 @@ + /* + * Initialize cache file which we're going to be using + */ ++#ifdef HAVE_MKSTEMP ++ ret = mkstemp(tkstring); ++ if (ret == -1) { ++ com_err(progname, errno, "while initialize cache file"); ++ exit(1); ++ } else close(ret); ++#else + (void) mktemp(tkstring); ++#endif + sprintf(buf, "FILE:%s", tkstring); + + retval = krb5_cc_resolve(context, buf, &ccache); diff --git a/krb5-1.3.5-perlfix.dif b/krb5-1.3.5-perlfix.dif new file mode 100644 index 0000000..8920770 --- /dev/null +++ b/krb5-1.3.5-perlfix.dif @@ -0,0 +1,9 @@ +--- doc/man2html ++++ doc/man2html 2004/10/18 16:20:53 +@@ -1,5 +1,4 @@ +-#!/usr/athena/bin/perl +-#!/usr/local/bin/perl ++#!/usr/bin/perl + ##---------------------------------------------------------------------------## + ## File: + ## @(#) man2html 1.2 97/08/12 12:57:30 @(#) diff --git a/krb5-1.4-compile_pie.dif b/krb5-1.4-compile_pie.dif new file mode 100644 index 0000000..48f238b --- /dev/null +++ b/krb5-1.4-compile_pie.dif @@ -0,0 +1,310 @@ +--- src/appl/bsd/Makefile.in ++++ src/appl/bsd/Makefile.in 2005/06/17 14:00:37 +@@ -15,6 +15,9 @@ + V4RCPO=@V4RCPO@ + KRSHDLIBS=@KRSHDLIBS@ + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + SRCS= $(srcdir)/krcp.c $(srcdir)/krlogin.c $(srcdir)/krsh.c $(srcdir)/kcmd.c \ + $(srcdir)/forward.c $(srcdir)/compat_recv.c \ + $(srcdir)/login.c $(srcdir)/krshd.c $(srcdir)/krlogind.c \ +--- src/appl/gssftp/ftpd/Makefile.in ++++ src/appl/gssftp/ftpd/Makefile.in 2005/06/17 14:06:35 +@@ -15,6 +15,9 @@ + COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a + FTPD_LIBS=@FTPD_LIBS@ + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + SRCS = $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \ + $(srcdir)/vers.c \ + $(srcdir)/../ftp/glob.c \ +--- src/appl/gssftp/ftp/Makefile.in ++++ src/appl/gssftp/ftp/Makefile.in 2005/06/17 13:52:20 +@@ -9,6 +9,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + SRCS = $(srcdir)/cmds.c $(srcdir)/cmdtab.c $(srcdir)/domacro.c \ + $(srcdir)/ftp.c $(srcdir)/getpass.c $(srcdir)/glob.c \ + $(srcdir)/main.c $(srcdir)/radix.c \ +--- src/appl/gss-sample/Makefile.in ++++ src/appl/gss-sample/Makefile.in 2005/06/17 13:54:49 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + SRCS= $(srcdir)/gss-client.c $(srcdir)/gss-misc.c $(srcdir)/gss-server.c + + OBJS= gss-client.o gss-misc.o gss-server.o +--- src/appl/sample/sclient/Makefile.in ++++ src/appl/sample/sclient/Makefile.in 2005/06/17 14:03:00 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: sclient + + sclient: sclient.o $(KRB5_BASE_DEPLIBS) +--- src/appl/sample/sserver/Makefile.in ++++ src/appl/sample/sserver/Makefile.in 2005/06/17 14:13:52 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: sserver + + sserver: sserver.o $(KRB5_BASE_DEPLIBS) +--- src/appl/simple/client/Makefile.in ++++ src/appl/simple/client/Makefile.in 2005/06/17 14:03:53 +@@ -5,6 +5,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: sim_client + + LOCALINCLUDES= -I.. -I$(srcdir)/.. +--- src/appl/simple/server/Makefile.in ++++ src/appl/simple/server/Makefile.in 2005/06/17 14:13:21 +@@ -8,6 +8,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: sim_server + + sim_server: sim_server.o $(KRB5_BASE_DEPLIBS) +--- src/appl/telnet/libtelnet/Makefile.in ++++ src/appl/telnet/libtelnet/Makefile.in 2005/06/17 15:04:13 +@@ -32,6 +32,8 @@ + SETENVSRC=@SETENVSRC@ + SETENVOBJ=@SETENVOBJ@ + ++CFLAGS += -fPIE ++ + LIBBASE=telnet + LIBMAJOR=0 + LIBMINOR=0 +--- src/appl/telnet/telnetd/Makefile.in ++++ src/appl/telnet/telnetd/Makefile.in 2005/06/17 14:14:22 +@@ -33,6 +33,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + LIBS= @TELNETD_LIBS@ + + SRCS= $(srcdir)/telnetd.c \ +--- src/appl/telnet/telnet/Makefile.in ++++ src/appl/telnet/telnet/Makefile.in 2005/06/17 14:04:54 +@@ -33,6 +33,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + LIBS= @TELNET_LIBS@ + + SRCS= $(srcdir)/authenc.c $(srcdir)/commands.c $(srcdir)/main.c $(srcdir)/network.c $(srcdir)/ring.c \ +--- src/appl/user_user/Makefile.in ++++ src/appl/user_user/Makefile.in 2005/06/17 14:06:03 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: uuclient uuserver + + uuclient: client.o $(KRB5_BASE_DEPLIBS) +--- src/clients/kdestroy/Makefile.in ++++ src/clients/kdestroy/Makefile.in 2005/06/17 13:55:38 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all-unix:: kdestroy + all-windows:: $(OUTPRE)kdestroy.exe + +--- src/clients/kinit/Makefile.in ++++ src/clients/kinit/Makefile.in 2005/06/17 13:56:02 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + ##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows + ##WIN32##DEFINES=-DGETOPT_LONG + +--- src/clients/klist/Makefile.in ++++ src/clients/klist/Makefile.in 2005/06/17 13:56:46 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all-unix:: klist + all-windows:: $(OUTPRE)klist.exe + +--- src/clients/kpasswd/Makefile.in ++++ src/clients/kpasswd/Makefile.in 2005/06/17 13:57:19 +@@ -5,6 +5,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o kpasswd kpasswd.o $(KRB5_BASE_LIBS) + +--- src/clients/ksu/Makefile.in ++++ src/clients/ksu/Makefile.in 2005/06/17 13:59:09 +@@ -9,6 +9,9 @@ + + KSU_LIBS=@KSU_LIBS@ + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + SRCS = \ + $(srcdir)/krb_auth_su.c \ + $(srcdir)/ccache.c \ +--- src/clients/kvno/Makefile.in ++++ src/clients/kvno/Makefile.in 2005/06/17 13:59:27 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all-unix:: kvno + all-windows:: $(OUTPRE)kvno.exe + +--- src/kadmin/cli/Makefile.in ++++ src/kadmin/cli/Makefile.in 2005/06/17 14:07:57 +@@ -5,6 +5,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + PROG = kadmin + OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o + +--- src/kadmin/dbutil/Makefile.in ++++ src/kadmin/dbutil/Makefile.in 2005/06/17 14:09:05 +@@ -7,6 +7,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + PROG = kdb5_util + OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ + kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ +--- src/kadmin/ktutil/Makefile.in ++++ src/kadmin/ktutil/Makefile.in 2005/06/17 14:12:36 +@@ -6,6 +6,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + OBJS= ktutil.o \ + ktutil_ct.o \ + ktutil_funcs.o +--- src/kadmin/server/Makefile.in ++++ src/kadmin/server/Makefile.in 2005/06/17 14:08:29 +@@ -9,6 +9,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + PROG = kadmind + OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o + +--- src/kdc/Makefile.in ++++ src/kdc/Makefile.in 2005/06/17 14:12:04 +@@ -13,6 +13,9 @@ + PROG_RPATH=$(KRB5_LIBDIR) + FAKEKA=@FAKEKA@ + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: krb5kdc rtest $(FAKEKA) + + # DEFINES = -DBACKWARD_COMPAT $(KRB4DEF) +--- src/krb524/Makefile.in ++++ src/krb524/Makefile.in 2005/06/17 14:10:47 +@@ -27,6 +27,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + ##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES + ##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES) + ##WIN32##!endif +--- src/slave/Makefile.in ++++ src/slave/Makefile.in 2005/06/17 14:09:57 +@@ -5,6 +5,9 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++LDFLAGS += -pie ++ + all:: kprop kpropd + + CLIENTSRCS= $(srcdir)/kprop.c +--- src/appl/libpty/Makefile.in ++++ src/appl/libpty/Makefile.in 2005/06/17 14:44:50 +@@ -10,6 +10,8 @@ + PROG_LIBPATH=-L$(TOPLIBD) + PROG_RPATH=$(KRB5_LIBDIR) + ++CFLAGS += -fPIE ++ + LIBBASE=pty + LIBMAJOR=1 + LIBMINOR=2 diff --git a/krb5-1.4-fix-segfault.dif b/krb5-1.4-fix-segfault.dif new file mode 100644 index 0000000..56fa712 --- /dev/null +++ b/krb5-1.4-fix-segfault.dif @@ -0,0 +1,26 @@ +--- src/lib/krb5/krb/princ_comp.c 2002-09-02 21:13:46.000000000 -0400 ++++ src/lib/krb5/krb/princ_comp.c 2005-06-29 13:56:55.000000000 -0400 +@@ -33,6 +33,13 @@ + krb5_boolean KRB5_CALLCONV + krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) + { ++ if ((princ1 == NULL) || (princ2 == NULL)) ++ return FALSE; ++ ++ if ((krb5_princ_realm(context, princ1) == NULL) || ++ (krb5_princ_realm(context, princ2) == NULL)) ++ return FALSE; ++ + if (krb5_princ_realm(context, princ1)->length != + krb5_princ_realm(context, princ2)->length || + memcmp (krb5_princ_realm(context, princ1)->data, +@@ -49,6 +56,9 @@ + register int i; + krb5_int32 nelem; + ++ if ((princ1 == NULL) || (princ2 == NULL)) ++ return FALSE; ++ + nelem = krb5_princ_size(context, princ1); + if (nelem != krb5_princ_size(context, princ2)) + return FALSE; diff --git a/krb5-1.5.1-fix-strncat-warning.dif b/krb5-1.5.1-fix-strncat-warning.dif new file mode 100644 index 0000000..9f1ba82 --- /dev/null +++ b/krb5-1.5.1-fix-strncat-warning.dif @@ -0,0 +1,20 @@ +--- src/lib/krb4/g_cnffile.c ++++ src/lib/krb4/g_cnffile.c 2006/10/30 11:12:26 +@@ -68,7 +68,7 @@ + &full_name); + if (retval == 0 && full_name && full_name[0]) { + retname[0] = '\0'; +- strncat(retname, full_name[0], sizeof(retname)); ++ strncat(retname, full_name[0], sizeof(retname)-strlen(retname)-1); + for (cpp = full_name; *cpp; cpp++) + krb5_xfree(*cpp); + krb5_xfree(full_name); +@@ -76,7 +76,7 @@ + } + } + retname[0] = '\0'; +- strncat(retname, default_srvtabname, sizeof(retname)); ++ strncat(retname, default_srvtabname, sizeof(retname)-strlen(retname)-1); + return retname; + } + diff --git a/krb5-1.5.1-fix-too-few-arguments.dif b/krb5-1.5.1-fix-too-few-arguments.dif new file mode 100644 index 0000000..3d80329 --- /dev/null +++ b/krb5-1.5.1-fix-too-few-arguments.dif @@ -0,0 +1,20 @@ +--- src/kadmin/dbutil/dump.c ++++ src/kadmin/dbutil/dump.c 2006/09/13 08:27:05 +@@ -1986,7 +1986,7 @@ + linenop); + else if (strcmp(rectype, "policy") == 0) + process_k5beta7_policy(fname, kcontext, filep, verbose, +- linenop); ++ linenop, NULL); + else { + fprintf(stderr, "unknown record type \"%s\" on line %d\n", + rectype, *linenop); +@@ -2022,7 +2022,7 @@ + linenop); + else if (strcmp(rectype, "policy") == 0) + process_k5beta7_policy(fname, kcontext, filep, verbose, +- linenop); ++ linenop, NULL); + else if (strcmp(rectype, "End") == 0) + return -1; + else { diff --git a/krb5-1.5.1-fix-var-used-before-value-set.dif b/krb5-1.5.1-fix-var-used-before-value-set.dif new file mode 100644 index 0000000..cfa5930 --- /dev/null +++ b/krb5-1.5.1-fix-var-used-before-value-set.dif @@ -0,0 +1,10 @@ +--- src/appl/telnet/telnetd/utility.c ++++ src/appl/telnet/telnetd/utility.c 2006/11/06 10:34:09 +@@ -127,6 +127,7 @@ + } + tv.tv_sec = 1; + tv.tv_usec = 0; ++ FD_ZERO(&fds); + FD_SET(net, &fds); + + while (select(net + 1, &fds, NULL, NULL, &tv) == 1) diff --git a/krb5-1.5.1.tar.bz2 b/krb5-1.5.1.tar.bz2 new file mode 100644 index 0000000..206dbc0 --- /dev/null +++ b/krb5-1.5.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a33c68ad46d2262481c18e59a14043e53bf692d7d83f7c88f0827f66324fd686 +size 8524127 diff --git a/krb5-doc.changes b/krb5-doc.changes new file mode 100644 index 0000000..447d6af --- /dev/null +++ b/krb5-doc.changes @@ -0,0 +1,85 @@ +------------------------------------------------------------------- +Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de + +- update to version 1.5.1 +- remove obsolete patches which are now included upstream + * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + * trunk-fix-uninitialized-vars.dif + +------------------------------------------------------------------- +Mon Jul 3 15:01:57 CEST 2006 - mc@suse.de + +- update to version 1.5 + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems +- remove obsolete patches and add some new + +------------------------------------------------------------------- +Mon Mar 13 18:01:06 CET 2006 - mc@suse.de + +- set BuildArchitectures to noarch +- set norootforbuild + +------------------------------------------------------------------- +Wed Jan 25 21:30:24 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Nov 18 12:15:07 CET 2005 - mc@suse.de + +- update to version 1.4.3 +- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif) + +------------------------------------------------------------------- +Wed Oct 12 16:19:08 CEST 2005 - mc@suse.de + +- build kadm5 documentation +- build documentation also as html +- include the text only documentation + +------------------------------------------------------------------- +Tue Oct 11 17:40:26 CEST 2005 - mc@suse.de + +- update to version 1.4.2 +- remove some obsolet patches + +------------------------------------------------------------------- +Mon Jun 27 13:36:04 CEST 2005 - mc@suse.de + +- update to version 1.4.1 +- remove obsolet patches + - krb5-1.4-VUL-0-telnet.dif + +------------------------------------------------------------------- +Thu Feb 10 02:38:39 CET 2005 - ro@suse.de + +- added libpng to neededforbuild (for tetex) + +------------------------------------------------------------------- +Fri Feb 4 16:50:34 CET 2005 - mc@suse.de + +- remove spx.c from tarball because of legal risk +- add README.Source which tell the user about this + action. + +------------------------------------------------------------------- +Fri Jan 28 13:28:18 CET 2005 - mc@suse.de + +- update to version 1.4 + +------------------------------------------------------------------- +Mon Jan 10 12:20:11 CET 2005 - mc@suse.de + +- update to version 1.3.6 + +------------------------------------------------------------------- +Tue Dec 14 15:21:02 CET 2004 - mc@suse.de + +- initial release + diff --git a/krb5-doc.spec b/krb5-doc.spec new file mode 100644 index 0000000..7e5e67f --- /dev/null +++ b/krb5-doc.spec @@ -0,0 +1,134 @@ +# +# spec file for package krb5-doc (Version 1.5.1) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: krb5-doc +BuildRequires: ghostscript-library latex2html te_ams +Version: 1.5.1 +Release: 20 +%define srcRoot krb5-1.5.1 +Summary: MIT Kerberos5 Implementation--Documentation +License: X11/MIT +URL: http://web.mit.edu/kerberos/www/ +Group: Documentation/Other +Source: krb5-1.5.1.tar.bz2 +Source1: README.Source +Source2: Makefile.kadm5 +Patch0: krb5-1.3.5-perlfix.dif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArchitectures: noarch + +%description +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of clear text passwords. This package includes extended +documentation for MIT Kerberos. + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%prep +%setup -n %{srcRoot} +%patch0 +cp %{_sourcedir}/Makefile.kadm5 %{_builddir}/%{srcRoot}/doc/kadm5/Makefile + +%build + +%install +rm -rf %{buildroot} +cd doc +mkdir -p html +make +make -C api +make -C implement +make -C kadm5 +cd api +latex2html -dir ../html/library -mkdir library.tex +latex2html -dir ../html/libdes -mkdir libdes.tex +cd ../implement +latex2html -dir ../html/implement -mkdir implement.tex +cd .. +mv krb5-admin html/ +mv krb5-install html/ +mv krb5-user html/ +mv krb425 html/ +mv *.html html/ +cd .. +find . -type f -name '*.ps' -exec gzip -9 {} \; +chmod 644 doc/man2ps +# cleanup +rm -f %{buildroot}/usr/share/man/man1/tmac.doc* +rm -f /usr/share/man/man1/tmac.doc* +rm -rf /usr/lib/mit/share +rm -rf %{buildroot}/usr/lib/mit/share + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root) +%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz doc/kadm5/*.ps.gz +%doc doc/krb5-protocol doc/kadmin +%doc doc/html + +%changelog -n krb5-doc +* Thu Aug 24 2006 - mc@suse.de +- update to version 1.5.1 +- remove obsolete patches which are now included upstream + * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + * trunk-fix-uninitialized-vars.dif +* Mon Jul 03 2006 - mc@suse.de +- update to version 1.5 + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems +- remove obsolete patches and add some new +* Mon Mar 13 2006 - mc@suse.de +- set BuildArchitectures to noarch +- set norootforbuild +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Nov 18 2005 - mc@suse.de +- update to version 1.4.3 +- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif) +* Wed Oct 12 2005 - mc@suse.de +- build kadm5 documentation +- build documentation also as html +- include the text only documentation +* Tue Oct 11 2005 - mc@suse.de +- update to version 1.4.2 +- remove some obsolet patches +* Mon Jun 27 2005 - mc@suse.de +- update to version 1.4.1 +- remove obsolet patches + - krb5-1.4-VUL-0-telnet.dif +* Thu Feb 10 2005 - ro@suse.de +- added libpng to neededforbuild (for tetex) +* Fri Feb 04 2005 - mc@suse.de +- remove spx.c from tarball because of legal risk +- add README.Source which tell the user about this + action. +* Fri Jan 28 2005 - mc@suse.de +- update to version 1.4 +* Mon Jan 10 2005 - mc@suse.de +- update to version 1.3.6 +* Tue Dec 14 2004 - mc@suse.de +- initial release diff --git a/krb5.changes b/krb5.changes new file mode 100644 index 0000000..bb4aa47 --- /dev/null +++ b/krb5.changes @@ -0,0 +1,330 @@ +------------------------------------------------------------------- +Mon Nov 6 11:49:39 CET 2006 - mc@suse.de + +- fix "local variable used before set" [#217692] +- fix strncat warning + +------------------------------------------------------------------- +Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de + +- add a default kadm5.dict file +- require $network on daemon start + +------------------------------------------------------------------- +Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de + +- fix function call with too few arguments [#203837] + +------------------------------------------------------------------- +Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de + +- update to version 1.5.1 +- remove obsolete patches which are now included upstream + * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + * trunk-fix-uninitialized-vars.dif + +------------------------------------------------------------------- +Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de + +- krb5 setuid return check fixes + krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + [#182351] + +------------------------------------------------------------------- +Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de + +- remove update-messages + +------------------------------------------------------------------- +Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de + +- add check for krb5_prop in services to kpropd init script. + [#192446] + +------------------------------------------------------------------- +Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de + +- update to version 1.5 + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems +- remove obsolete patches and add some new + +------------------------------------------------------------------- +Fri May 26 14:50:00 CEST 2006 - ro@suse.de + +- libcom is not in e2fsck-devel but in its own package now, change + Requires accordingly. + +------------------------------------------------------------------- +Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de + +- add all daemons to %stop_on_removal and %restart_on_update +- add reload to kpropd init script +- add force-reload to all init scripts + +------------------------------------------------------------------- +Mon Mar 13 18:20:36 CET 2006 - mc@suse.de + +- add libgssapi_krb5.so link to main package [#147912] + +------------------------------------------------------------------- +Fri Feb 3 18:17:01 CET 2006 - mc@suse.de + +- fix logging section for kadmind in convert script + +------------------------------------------------------------------- +Wed Jan 25 21:30:24 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 14:44:24 CET 2006 - mc@suse.de + +- change the logging defaults + +------------------------------------------------------------------- +Wed Jan 11 12:59:08 CET 2006 - mc@suse.de + +- add tools and README for heimdal => MIT update + +------------------------------------------------------------------- +Mon Jan 9 14:41:07 CET 2006 - mc@suse.de + +- fix build problems, define _GNU_SOURCE + (krb5-1.4.3-set_gnu_source.dif ) + +------------------------------------------------------------------- +Tue Jan 3 16:00:13 CET 2006 - mc@suse.de + +- added "make %{?jobs:-j%jobs}" + +------------------------------------------------------------------- +Fri Nov 18 12:12:01 CET 2005 - mc@suse.de + +- update to version 1.4.3 + * some memmory leaks fixed + * fix for "AS_REP padata has wrong enctype" + * fix for "AS_REP padata missing PA-ETYPE-INFO" + * ... and more + +------------------------------------------------------------------- +Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de + +- don't build as root + +------------------------------------------------------------------- +Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de + +- update to version 1.4.2 +- remove some obsolet patches + +------------------------------------------------------------------- +Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de + +- build with --disable-static + +------------------------------------------------------------------- +Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de + +- remove devel-static subpackage + +------------------------------------------------------------------- +Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de + +- better patch for princ_comp problem + +------------------------------------------------------------------- +Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de + +- update to version 1.4.1 +- remove obsolet patches + - krb5-1.4-gcc4.dif + - krb5-1.4-reduce-namespace-polution.dif + - krb5-1.4-VUL-0-telnet.dif + +------------------------------------------------------------------- +Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de + +- fixed krb5 KDC heap corruption by random free + [#80574, CAN-2005-1174, MITKRB5-SA-2005-002] +- fixed krb5 double free() + [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] +- fix krb5 NULL pointer reference while comparing principals + [#91600] + +------------------------------------------------------------------- +Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de + +- fix uninitialized variables +- compile with -fPIE/ link with -pie + +------------------------------------------------------------------- +Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de + +- fixed wrong xinetd files [#77149] + +------------------------------------------------------------------- +Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de + +- removed krb5-1.4-fix-error_tables.dif patch obsoleted + by libcom_err locking patches + +------------------------------------------------------------------- +Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de + +- fixed missing descriptions in init files + [#76164, #76165, #76166, #76169] + +------------------------------------------------------------------- +Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de + +- enhance $PATH via /etc/profile.d/ [#74018] +- remove the "links to important programs" + +------------------------------------------------------------------- +Fri Mar 18 11:09:43 CET 2005 - mc@suse.de + +- fixed not running converter script [#72854] + +------------------------------------------------------------------- +Thu Mar 17 14:15:17 CET 2005 - mc@suse.de + +- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer + Overflow +- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer + Overflow + [#73618] + +------------------------------------------------------------------- +Wed Mar 16 13:10:18 CET 2005 - mc@suse.de + +- fixed wrong PreReqs [#73020] + +------------------------------------------------------------------- +Tue Mar 15 19:54:58 CET 2005 - mc@suse.de + +- add a simple krb5.conf converter [#72854] + +------------------------------------------------------------------- +Mon Mar 14 17:08:59 CET 2005 - mc@suse.de + +- fixed: rckrb5kdc restart gives wrong status with non-running service + [#72446] + +------------------------------------------------------------------- +Thu Mar 10 10:48:07 CET 2005 - mc@suse.de + +- add requires: e2fsprogs-devel to krb5-devel package [#71732] + +------------------------------------------------------------------- +Fri Feb 25 17:35:37 CET 2005 - mc@suse.de + +- fix double free [#66534] + krb5-1.4-fix-error_tables.dif + +------------------------------------------------------------------- +Fri Feb 11 14:01:32 CET 2005 - mc@suse.de + +- change mode for shared libraries to 755 + +------------------------------------------------------------------- +Fri Feb 4 16:48:16 CET 2005 - mc@suse.de + +- remove spx.c from tarball because of legal risk +- add README.Source which tell the user about this + action. +- add a check for spx.c in the spec-file +- use rich-text for update-messages [#50250] + +------------------------------------------------------------------- +Tue Feb 1 12:13:45 CET 2005 - mc@suse.de + +- add krb5-1.4-reduce-namespace-polution.dif + reduce namespace polution in gssapi.h [#50356] + +------------------------------------------------------------------- +Fri Jan 28 13:25:42 CET 2005 - mc@suse.de + +- update to version 1.4 +- Add implementation of the RPCSEC_GSS authentication flavor to the + RPC library. +- Thread safety for krb5 libraries. +- Merged Athena telnetd changes for creating a new option for + requiring encryption. +- The kadmind4 backwards-compatibility admin server and the v5passwdd + backwards-compatibility password-changing server have been removed. +- Yarrow code now uses AES. +- Merged Athena changes to allow ftpd to require encrypted passwords. +- Incorporate gss_krb5_set_allowable_enctypes() and + gss_krb5_export_lucid_sec_context(), which are needed for NFSv4. +- remove obsolet patches + +------------------------------------------------------------------- +Mon Jan 17 11:34:52 CET 2005 - mc@suse.de + +- add proofreaded update-messages + +------------------------------------------------------------------- +Fri Jan 14 14:38:25 CET 2005 - mc@suse.de + +- remove Conflicts: and add Provides: +- add some insserv stuff + +------------------------------------------------------------------- +Thu Jan 13 11:54:01 CET 2005 - mc@suse.de + +- move vendor files to vendor-files.tar.bz2 +- add obsoletes: heimdal +- add %pre and %post sections to detect update + from heimdal and backup invalid configuration files +- add update-messages for heimdal update + +------------------------------------------------------------------- +Mon Jan 10 12:18:02 CET 2005 - mc@suse.de + +- update to version 1.3.6 +- fix for: heap buffer overflow in libkadm5srv + [CAN-2004-1189 / MITKRB5-SA-2004-004] + +------------------------------------------------------------------- +Tue Dec 14 15:30:23 CET 2004 - mc@suse.de + +- build doc subpackage in an own specfile +- removed unnecessary neededforbuild requirements + +------------------------------------------------------------------- +Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de + +- fix build with gcc 4 + +------------------------------------------------------------------- +Mon Nov 15 17:25:56 CET 2004 - mc@suse.de + +- added Conflicts with heimdal* +- rename some manpages to avoid conflicts + +------------------------------------------------------------------- +Thu Nov 4 18:03:11 CET 2004 - mc@suse.de + +- new init scripts +- fix logrotate scripts +- add some 64Bit fixes +- add default krb5.conf, kdc.conf and kadm5.acl + +------------------------------------------------------------------- +Wed Nov 3 18:52:07 CET 2004 - mc@suse.de + +- add e2fsprogs to NFB +- use system-et and system-ss +- fix includes of com_err.h + +------------------------------------------------------------------- +Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de + +- Initital checkin + diff --git a/krb5.spec b/krb5.spec new file mode 100644 index 0000000..d292402 --- /dev/null +++ b/krb5.spec @@ -0,0 +1,659 @@ +# +# spec file for package krb5 (Version 1.5.1) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: krb5 +Version: 1.5.1 +Release: 17 +BuildRequires: libcom_err +%define srcRoot krb5-1.5.1 +%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ +%define krb5docdir %{_defaultdocdir}/%{name} +Provides: heimdal-lib +Obsoletes: heimdal-lib +Summary: MIT Kerberos5 Implementation--Libraries +License: X11/MIT +URL: http://web.mit.edu/kerberos/www/ +Group: Productivity/Networking/Security +Source: krb5-1.5.1.tar.bz2 +Source1: vendor-files.tar.bz2 +Source2: README.Source +Source3: spx.c +Source4: EncryptWithMasterKey.c +Patch1: krb5-1.5.1-fix-too-few-arguments.dif +Patch2: krb5-1.4-compile_pie.dif +Patch3: krb5-1.4-fix-segfault.dif +Patch6: trunk-EncryptWithMasterKey.dif +Patch12: warning-fix-util-support.dif +Patch14: warning-fix-lib-crypto-des.dif +Patch15: warning-fix-lib-crypto-dk.dif +Patch16: warning-fix-lib-crypto.dif +Patch17: warning-fix-lib-crypto-enc_provider.dif +Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif +Patch20: kprop-use-mkstemp.dif +Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif +Patch22: krb5-1.5.1-fix-strncat-warning.dif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: mktemp, grep, /bin/touch + +%description +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of clear text passwords. + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%package client +Summary: MIT Kerberos5 implementation - client programms +Group: Productivity/Networking/Security +Provides: heimdal-tools, heimdal-x11 +Obsoletes: heimdal-tools, heimdal-x11 + +%description client +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. This package includes some required +client programs, like kinit, kadmin, ... + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%package server +Summary: MIT Kerberos5 implementation - server +Group: Productivity/Networking/Security +Provides: heimdal +Obsoletes: heimdal +Requires: perl-Date-Calc +PreReq: %insserv_prereq %fillup_prereq + +%description server +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. This package includes the kdc, kadmind +and more. + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%package devel +Summary: MIT Kerberos5 - Include Files and Libraries +Group: Development/Libraries/C and C++ +PreReq: %{name} = %{version} +Requires: e2fsprogs-devel +Provides: heimdal-tools-devel, heimdal-devel +Obsoletes: heimdal-tools-devel, heimdal-devel + +%description devel +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. This package includes Libraries and +Include Files for Development + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%package apps-servers +Summary: MIT Kerberos5 server applications +Group: Productivity/Networking/Security + +%description apps-servers +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. This package includes some kerberos +compatible server applications like ftpd, klogind, telnetd, ... + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%package apps-clients +Summary: MIT Kerberos5 client applications +Group: Productivity/Networking/Security + +%description apps-clients +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. This package includes some kerberos +compatible client applications like ftp, rpc, rlogin, telnet, ... + + + +Authors: +-------- + The MIT Kerberos Team + Sam Hartman + Ken Raeburn + Tom Yu + +%prep +%setup -q -n %{srcRoot} +%setup -a 1 -T -D -n %{srcRoot} +if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ] +then + echo "spx.c contains potential legal risks." + exit 1; +else + cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c +fi +%patch1 +%patch2 +%patch3 +%patch6 +cd %{_builddir}/%{srcRoot}/src +%patch12 +%patch14 +%patch15 +%patch16 +%patch17 +%patch18 +%patch20 +cd - +%patch21 +%patch22 +cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c + +%build +cd src +%{?suse_update_config:%{suse_update_config -f}} +./util/reconf +CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE " \ +./configure \ + --prefix=/usr/lib/mit \ + --sysconfdir=%{_sysconfdir} \ + --mandir=%{_mandir} \ + --infodir=%{_infodir} \ + --libexecdir=/usr/lib/mit/sbin \ + --libdir=%{_libdir} \ + --includedir=%{_includedir} \ + --localstatedir=%{_localstatedir}/lib/kerberos \ + --enable-shared \ + --disable-static \ + --enable-kdc-replay-cache \ + --enable-dns-for-realm \ + --with-system-et \ + --with-system-ss +make %{?jobs:-j%jobs} +#make check + +%install +rm -rf %{buildroot} +cd src +make DESTDIR=%{buildroot} install +cd .. +# install sample config files +# I'll probably do something about this later on +mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc +mkdir -p %{buildroot}%{_sysconfdir} +mkdir -p %{buildroot}/etc/profile.d/ +mkdir -p %{buildroot}/var/log/krb5 +install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} +install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ +install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ +install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ +install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh +install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh +for n in ftpd.8 telnetd.8; do + mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n} +done +for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do + mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n} +done +# all libs must have permissions 0755 +for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"` +do + chmod 0755 ${lib} +done +# install init scripts +mkdir -p %{buildroot}%{_sysconfdir}/init.d +install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind +install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc +install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd +install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d +# install xinetd files +mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d +install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin +install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet +install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell +# install logrotate files +mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 %{vendorFiles}/krb5kdc.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5kdc +install -m 644 %{vendorFiles}/kadmind.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/kadmind +find . -type f -name '*.ps' -exec gzip -9 {} \; +# create rc* links +mkdir -p %{buildroot}/usr/bin/ +ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind +ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc +ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd +ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d +# create links for kinit and klist, because of the java ones +ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit +ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist +# install doc +install -d -m 755 %{buildroot}/%{krb5docdir} +install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT +install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/%{krb5docdir}/heimdal2mit-DumpConvert.pl +install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README +install -m 644 %{_builddir}/%{srcRoot}/doc/CHANGES %{buildroot}/%{krb5docdir}/CHANGES +install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/%{krb5docdir}/simple_convert_krb5conf.pl +# cleanup +rm -f %{buildroot}/usr/share/man/man1/tmac.doc* +rm -f /usr/share/man/man1/tmac.doc* +rm -rf /usr/lib/mit/share +rm -rf %{buildroot}/usr/lib/mit/share +##################################################### +# krb5 pre/post/postun +##################################################### + +%pre +# test update from heimdal-lib +if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null` +then + # we update from heimdal + echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal" + mv etc/krb5.conf etc/krb5.conf.heimdal + touch var/adm/fillup-templates/heimdal-update + if [ -e etc/krb5.keytab ] + then + echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal" + mv etc/krb5.keytab etc/krb5.keytab.heimdal + fi +fi + +%post +%run_ldconfig +if [ -e var/adm/fillup-templates/heimdal-update ] +then + %_defaultdocdir/krb5/simple_convert_krb5conf.pl + rm -f /var/adm/fillup-templates/heimdal-update +fi +if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ] +then + echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf" + mv etc/krb5.conf.rpmnew etc/krb5.conf +fi + +%postun +%run_ldconfig +##################################################### +# krb5-server preun/postun +##################################################### + +%preun server +%stop_on_removal krb5kdc kadmind kpropd krb524d + +%postun server +%restart_on_update krb5kdc kadmind kpropd krb524d +%{insserv_cleanup} + +%clean +rm -rf %{buildroot} +######################################################## +# files sections +######################################################## + +%files +%defattr(-,root,root) +%dir %{krb5docdir} +%attr(0700,root,root) %dir /var/log/krb5 +%doc %{krb5docdir}/README +%doc %{krb5docdir}/CHANGES +%doc %{krb5docdir}/simple_convert_krb5conf.pl +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf +%attr(0644,root,root) %config /etc/profile.d/krb5* +%{_libdir}/lib*.so.* +%{_libdir}/libgssapi_krb5.so + +%files server +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/logrotate.d/krb5kdc +%config(noreplace) %{_sysconfdir}/logrotate.d/kadmind +%{_sysconfdir}/init.d/kadmind +%{_sysconfdir}/init.d/krb5kdc +%{_sysconfdir}/init.d/kpropd +%{_sysconfdir}/init.d/krb524d +%dir %{krb5docdir} +%dir /usr/lib/mit +%dir /usr/lib/mit/sbin +%dir %{_localstatedir}/lib/kerberos/ +%dir %{_localstatedir}/lib/kerberos/krb5kdc +%dir %{_libdir}/krb5 +%dir %{_libdir}/krb5/plugins +%dir %{_libdir}/krb5/plugins/kdb +%doc %{krb5docdir}/heimdal2mit-DumpConvert.pl +%doc %{krb5docdir}/README.ConvertHeimdalMIT +%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf +%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl +%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict +/usr/bin/rc* +/usr/lib/mit/sbin/sserver +/usr/lib/mit/sbin/gss-server +/usr/lib/mit/sbin/kadmin.local +/usr/lib/mit/sbin/kadmind +/usr/lib/mit/sbin/kpropd +/usr/lib/mit/sbin/kprop +/usr/lib/mit/sbin/kdb5_util +/usr/lib/mit/sbin/krb5kdc +/usr/lib/mit/sbin/krb524d +/usr/lib/mit/sbin/login.krb5 +/usr/lib/mit/sbin/sim_server +/usr/lib/mit/sbin/EncryptWithMasterKey +%{_libdir}/krb5/plugins/kdb/*.so +%{_mandir}/man5/kdc.conf.5* +%{_mandir}/man5/krb5.conf.5* +%{_mandir}/man5/.k5login.5* +%{_mandir}/man8/sserver.8* +%{_mandir}/man8/kadmind.8* +%{_mandir}/man8/kadmin.local.8* +%{_mandir}/man8/kpropd.8* +%{_mandir}/man8/kprop.8* +%{_mandir}/man8/kdb5_util.8* +%{_mandir}/man8/krb5kdc.8* +%{_mandir}/man8/krb524d.8* +%{_mandir}/man8/login.krb5.8* + +%files client +%defattr(-,root,root) +%dir /usr/lib/mit +%dir /usr/lib/mit/bin +%dir /usr/lib/mit/sbin +/usr/lib/mit/bin/kvno +/usr/lib/mit/bin/kinit +/usr/lib/mit/bin/kdestroy +/usr/lib/mit/bin/kpasswd +/usr/lib/mit/bin/klist +/usr/lib/mit/bin/sclient +/usr/lib/mit/bin/gss-client +/usr/lib/mit/bin/krb524init +/usr/lib/mit/bin/sim_client +/usr/lib/mit/sbin/kadmin +/usr/lib/mit/sbin/ktutil +/usr/lib/mit/sbin/k5srvutil +/usr/bin/kinit +/usr/bin/klist +%{_mandir}/man1/kvno.1* +%{_mandir}/man1/kinit.1* +%{_mandir}/man1/krb524init.1* +%{_mandir}/man1/kdestroy.1* +%{_mandir}/man1/kpasswd.1* +%{_mandir}/man1/klist.1* +%{_mandir}/man1/sclient.1* +%{_mandir}/man1/kerberos.1* +%{_mandir}/man8/kadmin.8* +%{_mandir}/man8/ktutil.8* +%{_mandir}/man8/k5srvutil.8* + +%files apps-servers +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/xinetd.d/klogin +%config(noreplace) %{_sysconfdir}/xinetd.d/kshell +%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet +%dir /usr/lib/mit +%dir /usr/lib/mit/sbin +/usr/lib/mit/sbin/ftpd +/usr/lib/mit/sbin/klogind +/usr/lib/mit/sbin/kshd +/usr/lib/mit/sbin/telnetd +/usr/lib/mit/sbin/uuserver +%{_mandir}/man8/kftpd.8* +%{_mandir}/man8/klogind.8* +%{_mandir}/man8/kshd.8* +%{_mandir}/man8/ktelnetd.8* + +%files apps-clients +%defattr(-,root,root) +%dir /usr/lib/mit +%dir /usr/lib/mit/bin +/usr/lib/mit/bin/ftp +/usr/lib/mit/bin/rlogin +# removed SUID bit, we will rely on su + pam_krb +%attr(0755,root,root) /usr/lib/mit/bin/ksu +/usr/lib/mit/bin/rcp +/usr/lib/mit/bin/rsh +/usr/lib/mit/bin/telnet +/usr/lib/mit/bin/uuclient +# removed SUID bit +%attr(0755,root,root)/usr/lib/mit/bin/v4rcp +%{_mandir}/man1/kftp.1* +%{_mandir}/man1/krlogin.1* +%{_mandir}/man1/krsh.1* +%{_mandir}/man1/ktelnet.1* +%{_mandir}/man1/ksu.1* +%{_mandir}/man1/krcp.1* +%{_mandir}/man1/v4rcp.1* + +%files devel +%defattr(-,root,root) +%dir /usr/lib/mit +%dir /usr/lib/mit/bin +%dir /usr/lib/mit/sbin +/usr/lib/mit/bin/krb5-config +%{_libdir}/libdes425.so +%{_libdir}/libgssrpc.so +%{_libdir}/libk5crypto.so +%{_libdir}/libkadm5clnt.so +%{_libdir}/libkadm5srv.so +%{_libdir}/libkdb5.so +%{_libdir}/libkrb4.so +%{_libdir}/libkrb5.so +%{_libdir}/libkrb5support.so +%{_includedir}/* +/usr/lib/mit/sbin/krb5-send-pr +%{_mandir}/man1/krb5-send-pr.1* +%{_mandir}/man1/krb5-config.1* + +%changelog -n krb5 +* Mon Nov 06 2006 - mc@suse.de +- fix "local variable used before set" [#217692] +- fix strncat warning +* Fri Oct 27 2006 - mc@suse.de +- add a default kadm5.dict file +- require $network on daemon start +* Wed Sep 13 2006 - mc@suse.de +- fix function call with too few arguments [#203837] +* Thu Aug 24 2006 - mc@suse.de +- update to version 1.5.1 +- remove obsolete patches which are now included upstream + * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + * trunk-fix-uninitialized-vars.dif +* Fri Aug 11 2006 - mc@suse.de +- krb5 setuid return check fixes + krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif + [#182351] +* Mon Aug 07 2006 - mc@suse.de +- remove update-messages +* Mon Jul 24 2006 - mc@suse.de +- add check for krb5_prop in services to kpropd init script. + [#192446] +* Mon Jul 03 2006 - mc@suse.de +- update to version 1.5 + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems +- remove obsolete patches and add some new +* Fri May 26 2006 - ro@suse.de +- libcom is not in e2fsck-devel but in its own package now, change + Requires accordingly. +* Mon Mar 27 2006 - mc@suse.de +- add all daemons to %%stop_on_removal and %%restart_on_update +- add reload to kpropd init script +- add force-reload to all init scripts +* Mon Mar 13 2006 - mc@suse.de +- add libgssapi_krb5.so link to main package [#147912] +* Fri Feb 03 2006 - mc@suse.de +- fix logging section for kadmind in convert script +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 13 2006 - mc@suse.de +- change the logging defaults +* Wed Jan 11 2006 - mc@suse.de +- add tools and README for heimdal => MIT update +* Mon Jan 09 2006 - mc@suse.de +- fix build problems, define _GNU_SOURCE + (krb5-1.4.3-set_gnu_source.dif ) +* Tue Jan 03 2006 - mc@suse.de +- added "make %%{?jobs:-j%%jobs}" +* Fri Nov 18 2005 - mc@suse.de +- update to version 1.4.3 + * some memmory leaks fixed + * fix for "AS_REP padata has wrong enctype" + * fix for "AS_REP padata missing PA-ETYPE-INFO" + * ... and more +* Wed Nov 02 2005 - dmueller@suse.de +- don't build as root +* Tue Oct 11 2005 - mc@suse.de +- update to version 1.4.2 +- remove some obsolet patches +* Mon Aug 08 2005 - mc@suse.de +- build with --disable-static +* Thu Aug 04 2005 - ro@suse.de +- remove devel-static subpackage +* Thu Jun 30 2005 - mc@suse.de +- better patch for princ_comp problem +* Mon Jun 27 2005 - mc@suse.de +- update to version 1.4.1 +- remove obsolet patches + - krb5-1.4-gcc4.dif + - krb5-1.4-reduce-namespace-polution.dif + - krb5-1.4-VUL-0-telnet.dif +* Thu Jun 23 2005 - mc@suse.de +- fixed krb5 KDC heap corruption by random free + [#80574, CAN-2005-1174, MITKRB5-SA-2005-002] +- fixed krb5 double free() + [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] +- fix krb5 NULL pointer reference while comparing principals + [#91600] +* Fri Jun 17 2005 - mc@suse.de +- fix uninitialized variables +- compile with -fPIE/ link with -pie +* Wed Apr 20 2005 - mc@suse.de +- fixed wrong xinetd files [#77149] +* Fri Apr 08 2005 - mt@suse.de +- removed krb5-1.4-fix-error_tables.dif patch obsoleted + by libcom_err locking patches +* Thu Apr 07 2005 - mc@suse.de +- fixed missing descriptions in init files + [#76164, #76165, #76166, #76169] +* Wed Mar 30 2005 - mc@suse.de +- enhance $PATH via /etc/profile.d/ [#74018] +- remove the "links to important programs" +* Fri Mar 18 2005 - mc@suse.de +- fixed not running converter script [#72854] +* Thu Mar 17 2005 - mc@suse.de +- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer + Overflow +- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer + Overflow + [#73618] +* Wed Mar 16 2005 - mc@suse.de +- fixed wrong PreReqs [#73020] +* Tue Mar 15 2005 - mc@suse.de +- add a simple krb5.conf converter [#72854] +* Mon Mar 14 2005 - mc@suse.de +- fixed: rckrb5kdc restart gives wrong status with non-running service + [#72446] +* Thu Mar 10 2005 - mc@suse.de +- add requires: e2fsprogs-devel to krb5-devel package [#71732] +* Fri Feb 25 2005 - mc@suse.de +- fix double free [#66534] + krb5-1.4-fix-error_tables.dif +* Fri Feb 11 2005 - mc@suse.de +- change mode for shared libraries to 755 +* Fri Feb 04 2005 - mc@suse.de +- remove spx.c from tarball because of legal risk +- add README.Source which tell the user about this + action. +- add a check for spx.c in the spec-file +- use rich-text for update-messages [#50250] +* Tue Feb 01 2005 - mc@suse.de +- add krb5-1.4-reduce-namespace-polution.dif + reduce namespace polution in gssapi.h [#50356] +* Fri Jan 28 2005 - mc@suse.de +- update to version 1.4 +- Add implementation of the RPCSEC_GSS authentication flavor to the + RPC library. +- Thread safety for krb5 libraries. +- Merged Athena telnetd changes for creating a new option for + requiring encryption. +- The kadmind4 backwards-compatibility admin server and the v5passwdd + backwards-compatibility password-changing server have been removed. +- Yarrow code now uses AES. +- Merged Athena changes to allow ftpd to require encrypted passwords. +- Incorporate gss_krb5_set_allowable_enctypes() and + gss_krb5_export_lucid_sec_context(), which are needed for NFSv4. +- remove obsolet patches +* Mon Jan 17 2005 - mc@suse.de +- add proofreaded update-messages +* Fri Jan 14 2005 - mc@suse.de +- remove Conflicts: and add Provides: +- add some insserv stuff +* Thu Jan 13 2005 - mc@suse.de +- move vendor files to vendor-files.tar.bz2 +- add obsoletes: heimdal +- add %%pre and %%post sections to detect update + from heimdal and backup invalid configuration files +- add update-messages for heimdal update +* Mon Jan 10 2005 - mc@suse.de +- update to version 1.3.6 +- fix for: heap buffer overflow in libkadm5srv + [CAN-2004-1189 / MITKRB5-SA-2004-004] +* Tue Dec 14 2004 - mc@suse.de +- build doc subpackage in an own specfile +- removed unnecessary neededforbuild requirements +* Wed Nov 24 2004 - coolo@suse.de +- fix build with gcc 4 +* Mon Nov 15 2004 - mc@suse.de +- added Conflicts with heimdal* +- rename some manpages to avoid conflicts +* Thu Nov 04 2004 - mc@suse.de +- new init scripts +- fix logrotate scripts +- add some 64Bit fixes +- add default krb5.conf, kdc.conf and kadm5.acl +* Wed Nov 03 2004 - mc@suse.de +- add e2fsprogs to NFB +- use system-et and system-ss +- fix includes of com_err.h +* Thu Oct 28 2004 - mc@suse.de +- Initital checkin diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/spx.c b/spx.c new file mode 100644 index 0000000..256ccd5 --- /dev/null +++ b/spx.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* based on @(#)spx.c 8.1 (Berkeley) 6/4/93 */ + +#include "misc-proto.h" + +#ifdef notdef + +prkey(msg, key) + char *msg; + unsigned char *key; +{ + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); +} +#endif diff --git a/trunk-EncryptWithMasterKey.dif b/trunk-EncryptWithMasterKey.dif new file mode 100644 index 0000000..64c918a --- /dev/null +++ b/trunk-EncryptWithMasterKey.dif @@ -0,0 +1,33 @@ +--- src/kadmin/dbutil/Makefile.in ++++ src/kadmin/dbutil/Makefile.in 2006/06/02 11:40:51 +@@ -22,21 +22,28 @@ + + OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o + +-all:: $(PROG) ++all:: $(PROG) EncryptWithMasterKey + + $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) + ++EncryptWithMasterKey: EncryptWithMasterKey.o ++ $(CC_LINK) -o EncryptWithMasterKey EncryptWithMasterKey.o $(KRB5_BASE_LIBS) ++ ++EncryptWithMasterKey.o: EncryptWithMasterKey.c ++ ++ + import_err.c import_err.h: $(srcdir)/import_err.et + + $(OBJS): import_err.h + + install:: + $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) ++ $(INSTALL_PROGRAM) EncryptWithMasterKey ${DESTDIR}$(ADMIN_BINDIR)/EncryptWithMasterKey + $(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8 + + clean:: +- $(RM) $(PROG) $(OBJS) import_err.c import_err.h ++ $(RM) $(PROG) $(OBJS) import_err.c import_err.h EncryptWithMasterKey EncryptWithMasterKey.o + + # +++ Dependency line eater +++ + # diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 new file mode 100644 index 0000000..7addfc0 --- /dev/null +++ b/vendor-files.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:365b0ed6435c553cd505d595c9f2709b676ae15be3acdb419e6e85a0ec6b91c8 +size 185388 diff --git a/warning-fix-lib-crypto-des.dif b/warning-fix-lib-crypto-des.dif new file mode 100644 index 0000000..1288c30 --- /dev/null +++ b/warning-fix-lib-crypto-des.dif @@ -0,0 +1,15 @@ +# fix warning: +# string2key.c: In function 'mit_des_string_to_key_int': +# string2key.c:229: warning: pointer targets in passing argument 1 of 'mit_des_cbc_cksum' differ in signedness +# +--- lib/crypto/des/string2key.c ++++ lib/crypto/des/string2key.c 2006/06/21 08:16:12 +@@ -44,7 +44,7 @@ + krb5_ui_4 x, y, z; + unsigned char *p; + des_key_schedule sched; +- char *copy; ++ unsigned char *copy; + size_t copylen; + + /* As long as the architecture is big-endian or little-endian, it diff --git a/warning-fix-lib-crypto-dk.dif b/warning-fix-lib-crypto-dk.dif new file mode 100644 index 0000000..21ec2c7 --- /dev/null +++ b/warning-fix-lib-crypto-dk.dif @@ -0,0 +1,169 @@ +# warning fix for: +# derive.c:63: warning: pointer targets in assignment differ in signedness +# derive.c:66: warning: pointer targets in assignment differ in signedness +# derive.c:75: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness +# derive.c:75: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness +# derive.c:96: warning: pointer targets in assignment differ in signedness +# derive.c: In function 'krb5_derive_random': +# derive.c:148: warning: pointer targets in assignment differ in signedness +# derive.c:151: warning: pointer targets in assignment differ in signedness +# derive.c:160: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness +# derive.c:160: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness +# +# dk_decrypt.c:153: warning: pointer targets in assignment differ in signedness +# +# dk_encrypt.c: In function 'krb5_dk_encrypt': +# dk_encrypt.c:98: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:119: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:132: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:141: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c: In function 'krb5int_aes_dk_encrypt': +# dk_encrypt.c:263: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:284: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:298: warning: pointer targets in assignment differ in signedness +# dk_encrypt.c:308: warning: pointer targets in assignment differ in signedness +# +--- lib/crypto/dk/derive.c ++++ lib/crypto/dk/derive.c 2006/06/21 10:13:47 +@@ -60,10 +60,10 @@ + return(ENOMEM); + } + +- inblock.data = inblockdata; ++ inblock.data = (char*)inblockdata; + inblock.length = blocksize; + +- outblock.data = outblockdata; ++ outblock.data = (char*)outblockdata; + outblock.length = blocksize; + + /* initialize the input block */ +@@ -71,8 +71,8 @@ + if (in_constant->length == inblock.length) { + memcpy(inblock.data, in_constant->data, inblock.length); + } else { +- krb5_nfold(in_constant->length*8, in_constant->data, +- inblock.length*8, inblock.data); ++ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data, ++ inblock.length*8, (unsigned char*)inblock.data); + } + + /* loop encrypting the blocks until enough key bytes are generated */ +@@ -93,7 +93,7 @@ + + /* postprocess the key */ + +- inblock.data = rawkey; ++ inblock.data = (char*)rawkey; + inblock.length = keybytes; + + (*(enc->make_key))(&inblock, outkey); +@@ -145,10 +145,10 @@ + return(ENOMEM); + } + +- inblock.data = inblockdata; ++ inblock.data = (char*)inblockdata; + inblock.length = blocksize; + +- outblock.data = outblockdata; ++ outblock.data = (char*)outblockdata; + outblock.length = blocksize; + + /* initialize the input block */ +@@ -156,8 +156,8 @@ + if (in_constant->length == inblock.length) { + memcpy(inblock.data, in_constant->data, inblock.length); + } else { +- krb5_nfold(in_constant->length*8, in_constant->data, +- inblock.length*8, inblock.data); ++ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data, ++ inblock.length*8, (unsigned char*)inblock.data); + } + + /* loop encrypting the blocks until enough key bytes are generated */ +--- lib/crypto/dk/dk_decrypt.c ++++ lib/crypto/dk/dk_decrypt.c 2006/06/21 10:13:47 +@@ -150,7 +150,7 @@ + cn = (unsigned char *) d1.data + d1.length - blocksize; + else if (ivec_mode == 1) { + int nblocks = (d1.length + blocksize - 1) / blocksize; +- cn = d1.data + blocksize * (nblocks - 2); ++ cn = (unsigned char *) d1.data + blocksize * (nblocks - 2); + } else + abort(); + } else +--- lib/crypto/dk/dk_encrypt.c ++++ lib/crypto/dk/dk_encrypt.c 2006/06/21 10:19:00 +@@ -95,7 +95,7 @@ + + /* derive the keys */ + +- d1.data = constantdata; ++ d1.data = (char*)constantdata; + d1.length = K5CLENGTH; + + d1.data[0] = (usage>>24)&0xff; +@@ -116,7 +116,7 @@ + /* put together the plaintext */ + + d1.length = blocksize; +- d1.data = plaintext; ++ d1.data = (char*)plaintext; + + if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1))) + goto cleanup; +@@ -129,7 +129,7 @@ + /* encrypt the plaintext */ + + d1.length = plainlen; +- d1.data = plaintext; ++ d1.data = (char*)plaintext; + + d2.length = plainlen; + d2.data = output->data; +@@ -138,7 +138,7 @@ + goto cleanup; + + if (ivec != NULL && ivec->length == blocksize) +- cn = d2.data + d2.length - blocksize; ++ cn = (unsigned char*)d2.data + d2.length - blocksize; + else + cn = NULL; + +@@ -260,7 +260,7 @@ + + /* derive the keys */ + +- d1.data = constantdata; ++ d1.data = (char*)constantdata; + d1.length = K5CLENGTH; + + d1.data[0] = (usage>>24)&0xff; +@@ -281,7 +281,7 @@ + /* put together the plaintext */ + + d1.length = blocksize; +- d1.data = plaintext; ++ d1.data = (char*)plaintext; + + if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1))) + goto cleanup; +@@ -295,7 +295,7 @@ + /* encrypt the plaintext */ + + d1.length = plainlen; +- d1.data = plaintext; ++ d1.data = (char*)plaintext; + + d2.length = plainlen; + d2.data = output->data; +@@ -305,7 +305,7 @@ + + if (ivec != NULL && ivec->length == blocksize) { + int nblocks = (d2.length + blocksize - 1) / blocksize; +- cn = d2.data + blocksize * (nblocks - 2); ++ cn = (unsigned char*)d2.data + blocksize * (nblocks - 2); + } else + cn = NULL; + diff --git a/warning-fix-lib-crypto-enc_provider.dif b/warning-fix-lib-crypto-enc_provider.dif new file mode 100644 index 0000000..f3b178e --- /dev/null +++ b/warning-fix-lib-crypto-enc_provider.dif @@ -0,0 +1,77 @@ +# fix warnings for: +# aes.c: In function 'krb5int_aes_encrypt': +# aes.c:72: warning: pointer targets in passing argument 1 of 'krb5int_aes_enc_blk' differ in signedness +# aes.c:72: warning: pointer targets in passing argument 2 of 'krb5int_aes_enc_blk' differ in signedness +# aes.c:77: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:86: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:94: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:94: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness +# aes.c: In function 'krb5int_aes_decrypt': +# aes.c:127: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness +# aes.c:127: warning: pointer targets in passing argument 2 of 'krb5int_aes_dec_blk' differ in signedness +# aes.c:131: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness +# aes.c:132: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:132: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness +# aes.c:138: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness +# aes.c:145: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:145: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness +# aes.c:154: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness +# aes.c:154: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness +# +--- lib/crypto/enc_provider/aes.c ++++ lib/crypto/enc_provider/aes.c 2006/06/21 10:50:23 +@@ -40,7 +40,7 @@ + #define enc(OUT, IN, CTX) (aes_enc_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort()) + #define dec(OUT, IN, CTX) (aes_dec_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort()) + +-static void xorblock(char *out, const char *in) ++static void xorblock(unsigned char *out, const unsigned char *in) + { + int z; + for (z = 0; z < BLOCK_SIZE; z++) +@@ -69,12 +69,12 @@ + + if (nblocks == 1) { + /* XXX Used for DK function. */ +- enc(output->data, input->data, &ctx); ++ enc((unsigned char*)output->data, (unsigned char*)input->data, &ctx); + } else { + unsigned int nleft; + + for (blockno = 0; blockno < nblocks - 2; blockno++) { +- xorblock(tmp, input->data + blockno * BLOCK_SIZE); ++ xorblock(tmp, (unsigned char*) input->data + blockno * BLOCK_SIZE); + enc(tmp2, tmp, &ctx); + memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE); + +@@ -83,7 +83,7 @@ + } + /* Do final CTS step for last two blocks (the second of which + may or may not be incomplete). */ +- xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE); ++ xorblock(tmp, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE); + enc(tmp2, tmp, &ctx); + nleft = input->length - (nblocks - 1) * BLOCK_SIZE; + memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft); +@@ -124,18 +124,18 @@ + if (nblocks == 1) { + if (input->length < BLOCK_SIZE) + abort(); +- dec(output->data, input->data, &ctx); ++ dec((unsigned char*)output->data, (unsigned char*) input->data, &ctx); + } else { + + for (blockno = 0; blockno < nblocks - 2; blockno++) { +- dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); ++ dec(tmp2, (unsigned char*)input->data + blockno * BLOCK_SIZE, &ctx); + xorblock(tmp2, tmp); + memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE); + memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE); + } + /* Do last two blocks, the second of which (next-to-last block + of plaintext) may be incomplete. */ +- dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx); ++ dec(tmp2, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE, &ctx); + /* Set tmp3 to last ciphertext block, padded. */ + memset(tmp3, 0, sizeof(tmp3)); + memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, diff --git a/warning-fix-lib-crypto-yarrow_arcfour.dif b/warning-fix-lib-crypto-yarrow_arcfour.dif new file mode 100644 index 0000000..9ac32f1 --- /dev/null +++ b/warning-fix-lib-crypto-yarrow_arcfour.dif @@ -0,0 +1,27 @@ +# warning fixes for: +# arcfour_s2k.c:46: warning: pointer targets in passing argument 2 of 'asctouni' differ in signedness +# +# ycipher.c:77: warning: pointer targets in assignment differ in signedness +# +--- lib/crypto/arcfour/arcfour_s2k.c ++++ lib/crypto/arcfour/arcfour_s2k.c 2006/06/21 10:55:47 +@@ -43,7 +43,7 @@ + return ENOMEM; + + /* make the string. start by creating the unicode version of the password*/ +- asctouni(copystr, string->data, slen ); ++ asctouni(copystr, (unsigned char*)string->data, slen ); + + /* the actual MD4 hash of the data */ + krb5_MD4Init(&md4_context); +--- lib/crypto/yarrow/ycipher.c ++++ lib/crypto/yarrow/ycipher.c 2006/06/21 10:56:48 +@@ -74,7 +74,7 @@ + const struct krb5_enc_provider *enc = &yarrow_enc_provider; + ind.data = (char *) in; + ind.length = CIPHER_BLOCK_SIZE; +- outd.data = out; ++ outd.data = (char*)out; + outd.length = CIPHER_BLOCK_SIZE; + ret = enc->encrypt (&ctx->key, 0, &ind, &outd); + if (ret) diff --git a/warning-fix-lib-crypto.dif b/warning-fix-lib-crypto.dif new file mode 100644 index 0000000..7c2338d --- /dev/null +++ b/warning-fix-lib-crypto.dif @@ -0,0 +1,85 @@ +# warning fix for: +# old_api_glue.c: In function 'krb5_encrypt': +# old_api_glue.c:49: warning: assignment discards qualifiers from pointer target type +# old_api_glue.c: In function 'krb5_decrypt': +# old_api_glue.c:85: warning: assignment discards qualifiers from pointer target type +# old_api_glue.c: In function 'krb5_calculate_checksum': +# old_api_glue.c:206: warning: assignment discards qualifiers from pointer target type +# old_api_glue.c:210: warning: assignment discards qualifiers from pointer target type +# old_api_glue.c: In function 'krb5_verify_checksum': +# old_api_glue.c:242: warning: assignment discards qualifiers from pointer target type +# old_api_glue.c:246: warning: assignment discards qualifiers from pointer target type +# +# pbkdf2.c:86: warning: pointer targets in assignment differ in signedness +# +# prng.c:33: warning: 'init_error' defined but not used +# +--- lib/crypto/old_api_glue.c ++++ lib/crypto/old_api_glue.c 2006/06/21 10:23:07 +@@ -46,7 +46,7 @@ + + /* size is the length of the input cleartext data */ + inputd.length = size; +- inputd.data = inptr; ++ inputd.data = (char*)inptr; + + /* The size of the output buffer isn't part of the old api. Not too + safe. So, we assume here that it's big enough. */ +@@ -82,7 +82,7 @@ + /* size is the length of the input ciphertext data */ + inputd.enctype = eblock->key->enctype; + inputd.ciphertext.length = size; +- inputd.ciphertext.data = inptr; ++ inputd.ciphertext.data = (char*)inptr; + + /* we don't really know how big this is, but the code tends to assume + that the output buffer size should be the same as the input +@@ -203,11 +203,11 @@ + krb5_error_code ret; + krb5_checksum cksum; + +- input.data = in; ++ input.data = (char*)in; + input.length = in_length; + + key.length = seed_length; +- key.contents = seed; ++ key.contents = (krb5_octet*)seed; + + if ((ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum))) + return(ret); +@@ -239,11 +239,11 @@ + krb5_error_code ret; + krb5_boolean valid; + +- input.data = in; ++ input.data = (char*)in; + input.length = in_length; + + key.length = seed_length; +- key.contents = seed; ++ key.contents = (krb5_octet*)seed; + + if ((ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, + &valid))) +--- lib/crypto/pbkdf2.c ++++ lib/crypto/pbkdf2.c 2006/06/21 10:25:54 +@@ -83,7 +83,7 @@ + krb5_data out; + krb5_error_code err; + +- pdata.contents = pass->data; ++ pdata.contents = (krb5_octet*) pass->data; + pdata.length = pass->length; + + #if 0 +--- lib/crypto/prng.c ++++ lib/crypto/prng.c 2006/06/21 10:27:07 +@@ -30,7 +30,6 @@ + + #include "yarrow.h" + static Yarrow_CTX y_ctx; +-static int init_error; + #define yarrow_lock krb5int_yarrow_lock + k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; + diff --git a/warning-fix-util-support.dif b/warning-fix-util-support.dif new file mode 100644 index 0000000..dfb708b --- /dev/null +++ b/warning-fix-util-support.dif @@ -0,0 +1,71 @@ +# threads.c: In function 'krb5int_thread_support_init': +# threads.c:456: warning: implicit declaration of function 'krb5int_err_init' +# errors.c: In function 'krb5int_vset_error': +# errors.c:52: warning: passing argument 1 of 'free' discards qualifiers from pointer target type +# errors.c:59: warning: implicit declaration of function 'vasprintf' +# errors.c: In function 'krb5int_get_error': +# errors.c:76: warning: assignment discards qualifiers from pointer target type +# errors.c:80: warning: implicit declaration of function 'krb5int_call_thread_support_init' +# errors.c:120: warning: assignment discards qualifiers from pointer target type +# errors.c: In function 'krb5int_clear_error': +# errors.c:146: warning: passing argument 2 of 'krb5int_free_error' discards qualifiers from pointer target type +# +--- util/support/errors.c ++++ util/support/errors.c 2006/06/21 07:36:30 +@@ -31,6 +31,9 @@ + { + return k5_mutex_finish_init (&krb5int_error_info_support_mutex); + } ++ ++extern int krb5int_call_thread_support_init(void); ++ + #define initialize() krb5int_call_thread_support_init() + #define lock() k5_mutex_lock(&krb5int_error_info_support_mutex) + #define unlock() k5_mutex_unlock(&krb5int_error_info_support_mutex) +@@ -49,7 +52,7 @@ + const char *fmt, va_list args) + { + if (ep->msg && ep->msg != ep->scratch_buf) { +- free (ep->msg); ++ free ((char*)ep->msg); + ep->msg = NULL; + } + ep->code = code; +@@ -73,7 +76,7 @@ + if (code != ep->code) + krb5int_clear_error (ep); + if (ep->msg) { +- r = ep->msg; ++ r = (char*)ep->msg; + ep->msg = NULL; + return r; + } +@@ -117,7 +120,7 @@ + sprintf (ep->scratch_buf, _("error %ld"), code); + return ep->scratch_buf; + } +- r = fptr(code); ++ r = (char*)fptr(code); + if (r == NULL) { + unlock(); + goto format_number; +@@ -143,7 +146,7 @@ + void + krb5int_clear_error (struct errinfo *ep) + { +- krb5int_free_error (ep, ep->msg); ++ krb5int_free_error (ep, (char*)ep->msg); + ep->msg = NULL; + } + +--- util/support/threads.c ++++ util/support/threads.c 2006/06/21 07:25:22 +@@ -36,6 +36,8 @@ + MAKE_INIT_FUNCTION(krb5int_thread_support_init); + MAKE_FINI_FUNCTION(krb5int_thread_support_fini); + ++extern int krb5int_err_init(void); ++ + #ifndef ENABLE_THREADS /* no thread support */ + + static void (*destructors[K5_KEY_MAX])(void *);