rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 33933 from network

Browse Source 
Copy from network/krb5 based on submit request 33933 from user mcalmer

OBS-URL: https://build.opensuse.org/request/show/33933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=46
This commit is contained in:
OBS User autobuild 2010-03-05 01:10:04 +00:00 committed by Git OBS Bridge
parent 5670e1eed5
commit 2400da9106
24 changed files with 217 additions and 977 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.Source
View File

@ -1,9 +0,0 @@
Because of potential legal risk we have removed the
file "src/appl/telnet/libtelnet/spx.c" from the
source tarball.
If you want to see the original sources you can download
them from
http://web.mit.edu/kerberos/www/ .

38
krb5-1.4.3-enospc.dif
View File

@ -1,24 +1,24 @@
If the error message is going to be ambiguous, try to give the user some clue
by returning the last error reported by the OS.
Index: krb5-1.7/src/clients/kinit/kinit.c
Index: krb5-1.8-alpha1/src/clients/kinit/kinit.c
===================================================================
--- krb5-1.7.orig/src/clients/kinit/kinit.c
+++ krb5-1.7/src/clients/kinit/kinit.c
@@ -670,8 +670,14 @@ k5_kinit(opts, k5)
code = krb5_cc_initialize(k5->ctx, k5->cc,
opts->canonicalize ? my_creds.client : k5->me);
if (code) {
- com_err(progname, code, "when initializing cache %s",
- opts->k5_cache_name?opts->k5_cache_name:"");
+ if ((code == KRB5_CC_IO) && (errno != 0)) {
+ com_err(progname, code, "when initializing cache %s: %s",
+ opts->k5_cache_name?opts->k5_cache_name:"",
+ strerror(errno));
+ } else {
+ com_err(progname, code, "when initializing cache %s",
+ opts->k5_cache_name?opts->k5_cache_name:"");
+ }
goto cleanup;
}
--- krb5-1.8-alpha1.orig/src/clients/kinit/kinit.c
+++ krb5-1.8-alpha1/src/clients/kinit/kinit.c
@@ -712,8 +712,14 @@ k5_kinit(opts, k5)
code = krb5_cc_initialize(k5->ctx, k5->cc, opts->canonicalize ?
my_creds.client : k5->me);
if (code) {
- com_err(progname, code, "when initializing cache %s",
- opts->k5_cache_name?opts->k5_cache_name:"");
+ if ((code == KRB5_CC_IO) && (errno != 0)) {
+ com_err(progname, code, "when initializing cache %s: %s",
+ opts->k5_cache_name?opts->k5_cache_name:"",
+ strerror(errno));
+ } else {
+ com_err(progname, code, "when initializing cache %s",
+ opts->k5_cache_name?opts->k5_cache_name:"");
+ }
goto cleanup;
}

13
krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
View File

@ -1,13 +0,0 @@
Index: src/appl/gssftp/ftp/ftp.c
===================================================================
--- src/appl/gssftp/ftp/ftp.c.orig
+++ src/appl/gssftp/ftp/ftp.c
@@ -1912,7 +1912,7 @@ int do_auth()
#ifdef GSSAPI
if (command("AUTH %s", "GSSAPI") == CONTINUE) {
- OM_uint32 maj_stat, min_stat, dummy_stat;
+ OM_uint32 maj_stat = GSS_S_FAILURE , min_stat, dummy_stat;
gss_name_t target_name;
gss_buffer_desc send_tok, recv_tok, *token_ptr;
char stbuf[FTP_BUFSIZ];

10
krb5-1.5.1-fix-var-used-before-value-set.dif
View File

@ -1,10 +0,0 @@
--- src/appl/telnet/telnetd/utility.c
+++ src/appl/telnet/telnetd/utility.c 2006/11/06 10:34:09
@@ -127,6 +127,7 @@
}
tv.tv_sec = 1;
tv.tv_usec = 0;
+ FD_ZERO(&fds);
FD_SET(net, &fds);
while (select(net + 1, &fds, NULL, NULL, &tv) == 1)

2
krb5-1.6.1-compile_pie.dif
View File

@ -15,7 +15,7 @@ Index: src/config/shlib.conf
===================================================================
--- src/config/shlib.conf.orig
+++ src/config/shlib.conf
@@ -420,7 +420,8 @@ mips-*-netbsd*)
@@ -419,7 +419,8 @@ mips-*-netbsd*)
PROFFLAGS=-pg
RPATH_FLAG='-Wl,-rpath -Wl,'
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'

54
krb5-1.6.3-fix-ipv6-query.dif
View File

@ -1,9 +1,9 @@
Index: trunk/src/lib/krb5/os/hostaddr.c
Index: krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
===================================================================
--- trunk.orig/src/lib/krb5/os/hostaddr.c
+++ trunk/src/lib/krb5/os/hostaddr.c
@@ -43,7 +43,7 @@ krb5_os_hostaddr(krb5_context context, c
return KRB5_ERR_BAD_HOSTNAME;
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hostaddr.c
+++ krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
@@ -44,7 +44,7 @@ krb5_os_hostaddr(krb5_context context, c
return KRB5_ERR_BAD_HOSTNAME;
memset (&hints, 0, sizeof (hints));
- hints.ai_flags = AI_NUMERICHOST;
@ -11,11 +11,11 @@ Index: trunk/src/lib/krb5/os/hostaddr.c
/* We don't care what kind at this point, really, but without
this, we can get back multiple sockaddrs per address, for
SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW. I haven't checked if
Index: trunk/src/lib/krb5/os/hst_realm.c
Index: krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
===================================================================
--- trunk.orig/src/lib/krb5/os/hst_realm.c
+++ trunk/src/lib/krb5/os/hst_realm.c
@@ -171,7 +171,7 @@ krb5int_get_fq_hostname (char *buf, size
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hst_realm.c
+++ krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
@@ -103,7 +103,7 @@ get_fq_hostname(char *buf, size_t bufsiz
int err;
memset (&hints, 0, sizeof (hints));
@ -23,12 +23,12 @@ Index: trunk/src/lib/krb5/os/hst_realm.c
+ hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
err = getaddrinfo (name, 0, &hints, &ai);
if (err)
return krb5int_translate_gai_error (err);
Index: trunk/src/lib/krb5/os/locate_kdc.c
return krb5int_translate_gai_error (err);
Index: krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
===================================================================
--- trunk.orig/src/lib/krb5/os/locate_kdc.c
+++ trunk/src/lib/krb5/os/locate_kdc.c
@@ -254,8 +254,9 @@ krb5int_add_host_to_list (struct addrlis
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/locate_kdc.c
+++ krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
@@ -259,8 +259,9 @@ krb5int_add_host_to_list (struct addrlis
memset(&hint, 0, sizeof(hint));
hint.ai_family = family;
hint.ai_socktype = socktype;
@ -37,18 +37,18 @@ Index: trunk/src/lib/krb5/os/locate_kdc.c
- hint.ai_flags = AI_NUMERICSERV;
+ hint.ai_flags |= AI_NUMERICSERV;
#endif
if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
/* XXX */
Index: trunk/src/lib/krb5/os/sn2princ.c
result = snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port));
if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
Index: krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
===================================================================
--- trunk.orig/src/lib/krb5/os/sn2princ.c
+++ trunk/src/lib/krb5/os/sn2princ.c
@@ -107,7 +107,7 @@ krb5_sname_to_principal(krb5_context con
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/sn2princ.c
+++ krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
@@ -108,7 +108,7 @@ krb5_sname_to_principal(krb5_context con
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
- hints.ai_flags = AI_CANONNAME;
+ hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG;
try_getaddrinfo_again:
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
- hints.ai_flags = AI_CANONNAME;
+ hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG;
try_getaddrinfo_again:
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {

53
krb5-1.6.3-kpasswd_tcp.patch
View File

@ -5,31 +5,30 @@ Index: src/lib/krb5/os/changepw.c
===================================================================
--- src/lib/krb5/os/changepw.c.orig
+++ src/lib/krb5/os/changepw.c
@@ -261,11 +261,22 @@ krb5_change_set_password(krb5_context co
NULL,
NULL
))) {
-
- /*
- * Here we may want to switch to TCP on some errors.
- * right?
- */
+ /* if we're not using a stream socket, and it's an error which
+ * might reasonably be specific to a datagram "connection", try
+ * again with a stream socket */
+ if (!useTcp) {
+ switch (code) {
+ case KRB5_KDC_UNREACH:
+ case KRB5_REALM_CANT_RESOLVE:
+ case KRB5KRB_ERR_RESPONSE_TOO_BIG:
+ /* should we do this for more result codes than these? */
+ krb5int_free_addrlist (&al);
+ useTcp = 1;
+ continue;
+ default:
+ break;
+ }
+ }
break;
}
@@ -271,10 +271,22 @@ change_set_password(krb5_context context
NULL
))) {
- /*
- * Here we may want to switch to TCP on some errors.
- * right?
- */
+ /* if we're not using a stream socket, and it's an error which
+ * might reasonably be specific to a datagram "connection", try
+ * again with a stream socket */
+ if (!useTcp) {
+ switch (code) {
+ case KRB5_KDC_UNREACH:
+ case KRB5_REALM_CANT_RESOLVE:
+ case KRB5KRB_ERR_RESPONSE_TOO_BIG:
+ /* should we do this for more result codes than these? */
+ krb5int_free_addrlist (&al);
+ useTcp = 1;
+ continue;
+ default:
+ break;
+ }
+ }
break;
}

28
krb5-1.6.3-kprop-use-mkstemp.dif
View File

@ -2,18 +2,18 @@ Index: src/slave/kprop.c
===================================================================
--- src/slave/kprop.c.orig
+++ src/slave/kprop.c
@@ -215,6 +215,7 @@ void get_tickets(context)
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
krb5_keytab keytab = NULL;
+ int ret = 0;
@@ -206,6 +206,7 @@ void get_tickets(context)
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
krb5_keytab keytab = NULL;
+ int ret = 0;
/*
* Figure out what tickets we'll be using to send stuff
@@ -240,7 +241,15 @@ void get_tickets(context)
/*
* Initialize cache file which we're going to be using
*/
/*
* Figure out what tickets we'll be using to send stuff
@@ -231,7 +232,15 @@ void get_tickets(context)
/*
* Initialize cache file which we're going to be using
*/
+#ifdef HAVE_MKSTEMP
+ ret = mkstemp(tkstring);
+ if (ret == -1) {
@ -21,8 +21,8 @@ Index: src/slave/kprop.c
+ exit(1);
+ } else close(ret);
+#else
(void) mktemp(tkstring);
(void) mktemp(tkstring);
+#endif
snprintf(buf, sizeof(buf), "FILE:%s", tkstring);
snprintf(buf, sizeof(buf), "FILE:%s", tkstring);
retval = krb5_cc_resolve(context, buf, &ccache);
retval = krb5_cc_resolve(context, buf, &ccache);

27
krb5-1.7-MITKRB5-SA-2009-003.dif
View File

@ -1,27 +0,0 @@
Index: krb5-1.7/src/kdc/do_tgs_req.c
===================================================================
--- krb5-1.7.orig/src/kdc/do_tgs_req.c
+++ krb5-1.7/src/kdc/do_tgs_req.c
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request
free(temp_buf);
if (retval) {
/* no match found */
- kdc_err(kdc_context, retval, 0);
+ kdc_err(kdc_context, retval, "unable to find realm of host");
goto cleanup;
}
if (realms == 0) {
Index: krb5-1.7/src/lib/kadm5/logger.c
===================================================================
--- krb5-1.7.orig/src/lib/kadm5/logger.c
+++ krb5-1.7/src/lib/kadm5/logger.c
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, lo
char *cp;
char *syslogp;
+ if (whoami == NULL || format == NULL)
+ return;
+
/* Make the header */
snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
/*

377
krb5-1.7-MITKRB5-SA-2009-004.dif
View File

@ -1,377 +0,0 @@
Index: krb5-1.7/src/lib/crypto/Makefile.in
===================================================================
--- krb5-1.7.orig/src/lib/crypto/Makefile.in
+++ krb5-1.7/src/lib/crypto/Makefile.in
@@ -18,6 +18,7 @@ EXTRADEPSRCS=\
$(srcdir)/t_nfold.c \
$(srcdir)/t_cf2.c \
$(srcdir)/t_encrypt.c \
+ $(srcdir)/t_short.c \
$(srcdir)/t_prf.c \
$(srcdir)/t_prng.c \
$(srcdir)/t_hmac.c \
@@ -206,7 +207,7 @@ libcrypto.lib:
clean-unix:: clean-liblinks clean-libs clean-libobjs
-check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2
+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 t_short
$(RUN_SETUP) $(VALGRIND) ./t_nfold
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
@@ -216,6 +217,7 @@ check-unix:: t_nfold t_encrypt t_prf t_p
diff t_prf.output $(srcdir)/t_prf.expected
$(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
diff t_cf2.output $(srcdir)/t_cf2.expected
+ $(RUN_SETUP) $(VALGRIND) ./t_short
# $(RUN_SETUP) $(VALGRIND) ./t_pkcs5
@@ -249,10 +251,14 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(CRYPTO
$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
$(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \
+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
clean::
$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \
- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o t_cf2 t_cf2.o
+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
+ t_cf2 t_cf2.o t_short t_short.o
-$(RM) t_prng.output
all-windows::
Index: krb5-1.7/src/lib/crypto/arcfour/arcfour.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/arcfour/arcfour.c
+++ krb5-1.7/src/lib/crypto/arcfour/arcfour.c
@@ -199,6 +199,12 @@ krb5_arcfour_decrypt(const struct krb5_e
keylength = enc->keylength;
hashsize = hash->hashsize;
+ /* Verify input and output lengths. */
+ if (input->length < hashsize + CONFOUNDERLENGTH)
+ return KRB5_BAD_MSIZE;
+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
+ return KRB5_BAD_MSIZE;
+
d1.length=keybytes;
d1.data=malloc(d1.length);
if (d1.data == NULL)
Index: krb5-1.7/src/lib/crypto/enc_provider/aes.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/enc_provider/aes.c
+++ krb5-1.7/src/lib/crypto/enc_provider/aes.c
@@ -105,9 +105,11 @@ krb5int_aes_encrypt(const krb5_keyblock
nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
- /* XXX Used for DK function. */
+ /* Used when deriving keys. */
+ if (input->length < BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
enc(output->data, input->data, &ctx);
- } else {
+ } else if (nblocks > 1) {
unsigned int nleft;
for (blockno = 0; blockno < nblocks - 2; blockno++) {
@@ -160,9 +162,9 @@ krb5int_aes_decrypt(const krb5_keyblock
if (nblocks == 1) {
if (input->length < BLOCK_SIZE)
- abort();
+ return KRB5_BAD_MSIZE;
dec(output->data, input->data, &ctx);
- } else {
+ } else if (nblocks > 1) {
for (blockno = 0; blockno < nblocks - 2; blockno++) {
dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
@@ -208,6 +210,7 @@ krb5int_aes_encrypt_iov(const krb5_keybl
char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
int nblocks = 0, blockno;
size_t input_length, i;
+ struct iov_block_state input_pos, output_pos;
if (aes_enc_key(key->contents, key->length, &ctx) != aes_good)
abort();
@@ -224,17 +227,19 @@ krb5int_aes_encrypt_iov(const krb5_keybl
input_length += iov->data.length;
}
- nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
- assert(nblocks > 1);
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
- {
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ if (nblocks == 1) {
+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
+ data, num_data, &input_pos);
+ enc(tmp2, tmp, &ctx);
+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
+ BLOCK_SIZE, &output_pos);
+ } else if (nblocks > 1) {
char blockN2[BLOCK_SIZE]; /* second last */
char blockN1[BLOCK_SIZE]; /* last block */
- struct iov_block_state input_pos, output_pos;
-
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
for (blockno = 0; blockno < nblocks - 2; blockno++) {
char blockN[BLOCK_SIZE];
@@ -288,6 +293,7 @@ krb5int_aes_decrypt_iov(const krb5_keybl
char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
int nblocks = 0, blockno, i;
size_t input_length;
+ struct iov_block_state input_pos, output_pos;
CHECK_SIZES;
@@ -305,18 +311,19 @@ krb5int_aes_decrypt_iov(const krb5_keybl
if (ENCRYPT_IOV(iov))
input_length += iov->data.length;
}
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
- assert(nblocks > 1);
-
- {
+ if (nblocks == 1) {
+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
+ data, num_data, &input_pos);
+ dec(tmp2, tmp, &ctx);
+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
+ BLOCK_SIZE, &output_pos);
+ } else if (nblocks > 1) {
char blockN2[BLOCK_SIZE]; /* second last */
char blockN1[BLOCK_SIZE]; /* last block */
- struct iov_block_state input_pos, output_pos;
-
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
for (blockno = 0; blockno < nblocks - 2; blockno++) {
char blockN[BLOCK_SIZE];
Index: krb5-1.7/src/lib/crypto/old/old_decrypt.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/old/old_decrypt.c
+++ krb5-1.7/src/lib/crypto/old/old_decrypt.c
@@ -45,8 +45,10 @@ krb5_old_decrypt(const struct krb5_enc_p
blocksize = enc->block_size;
hashsize = hash->hashsize;
+ /* Verify input and output lengths. */
+ if (input->length < blocksize + hashsize || input->length % blocksize != 0)
+ return(KRB5_BAD_MSIZE);
plainsize = input->length - blocksize - hashsize;
-
if (arg_output->length < plainsize)
return(KRB5_BAD_MSIZE);
Index: krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/raw/raw_decrypt.c
+++ krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
@@ -34,5 +34,7 @@ krb5_raw_decrypt(const struct krb5_enc_p
const krb5_data *ivec, const krb5_data *input,
krb5_data *output)
{
- return((*(enc->decrypt))(key, ivec, input, output));
+ if (output->length < input->length)
+ return KRB5_BAD_MSIZE;
+ return((*(enc->decrypt))(key, ivec, input, output));
}
Index: krb5-1.7/src/lib/crypto/t_short.c
===================================================================
--- /dev/null
+++ krb5-1.7/src/lib/crypto/t_short.c
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/crypto_tests/t_short.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Tests the outcome of decrypting overly short tokens. This program can be
+ * run under a tool like valgrind to detect bad memory accesses; when run
+ * normally by the test suite, it verifies that each operation returns
+ * KRB5_BAD_MSIZE.
+ */
+
+#include "k5-int.h"
+
+
+krb5_enctype interesting_enctypes[] = {
+ ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES3_CBC_SHA1,
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_ARCFOUR_HMAC_EXP,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ 0
+};
+
+/* Abort if an operation unexpectedly fails. */
+static void
+x(krb5_error_code code)
+{
+ if (code != 0)
+ abort();
+}
+
+/* Abort if a decrypt operation doesn't have the expected result. */
+static void
+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
+{
+ if (len < min_len) {
+ /* Undersized tokens should always result in BAD_MSIZE. */
+ if (code != KRB5_BAD_MSIZE)
+ abort();
+ } else {
+ /* Min-size tokens should succeed or fail the integrity check. */
+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ abort();
+ }
+}
+
+static void
+test_enctype(krb5_enctype enctype)
+{
+ krb5_error_code ret;
+ krb5_keyblock keyblock;
+ krb5_enc_data input;
+ krb5_data output;
+ krb5_crypto_iov iov[2];
+ unsigned int dummy;
+ size_t min_len, len;
+
+ printf("Testing enctype %d\n", (int) enctype);
+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
+ x(krb5_c_make_random_key(NULL, enctype, &keyblock));
+ input.enctype = enctype;
+
+ /* Try each length up to the minimum length. */
+ for (len = 0; len <= min_len; len++) {
+ input.ciphertext.data = calloc(len, 1);
+ input.ciphertext.length = len;
+ output.data = calloc(len, 1);
+ output.length = len;
+
+ /* Attempt a normal decryption. */
+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
+ check_decrypt_result(ret, len, min_len);
+
+ if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER,
+ &dummy) == 0) {
+ /* Attempt an IOV stream decryption. */
+ iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
+ iov[0].data = input.ciphertext;
+ iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[1].data.data = NULL;
+ iov[1].data.length = 0;
+ ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2);
+ check_decrypt_result(ret, len, min_len);
+ }
+
+ free(input.ciphertext.data);
+ free(output.data);
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ int i;
+ krb5_data notrandom;
+
+ notrandom.data = "notrandom";
+ notrandom.length = 9;
+ krb5_c_random_seed(NULL, &notrandom);
+ for (i = 0; interesting_enctypes[i]; i++)
+ test_enctype(interesting_enctypes[i]);
+ return 0;
+}
+
Index: krb5-1.7/src/lib/crypto/deps
===================================================================
--- krb5-1.7.orig/src/lib/crypto/deps
+++ krb5-1.7/src/lib/crypto/deps
@@ -463,6 +463,16 @@ t_encrypt.so t_encrypt.po $(OUTPRE)t_enc
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h etypes.h t_encrypt.c
+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
+ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ t_short.c
t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
Index: krb5-1.7/src/lib/crypto/dk/dk_aead.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/dk/dk_aead.c
+++ krb5-1.7/src/lib/crypto/dk/dk_aead.c
@@ -248,7 +248,7 @@ krb5int_dk_decrypt_iov(const struct krb5
for (i = 0; i < num_data; i++) {
const krb5_crypto_iov *iov = &data[i];
- if (ENCRYPT_DATA_IOV(iov))
+ if (ENCRYPT_IOV(iov))
cipherlen += iov->data.length;
}
Index: krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
===================================================================
--- krb5-1.7.orig/src/lib/crypto/dk/dk_decrypt.c
+++ krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
@@ -89,6 +89,12 @@ krb5_dk_decrypt_maybe_trunc_hmac(const s
else if (hmacsize > hashsize)
return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ /* Verify input and output lengths. */
+ if (input->length < blocksize + hmacsize)
+ return KRB5_BAD_MSIZE;
+ if (output->length < input->length - blocksize - hmacsize)
+ return KRB5_BAD_MSIZE;
+
enclen = input->length - hmacsize;
if ((kedata = (unsigned char *) malloc(keylength)) == NULL)

108
krb5-1.7-manpaths.dif
View File

@ -1,43 +1,9 @@
Index: krb5-1.7/src/appl/bsd/klogind.M
Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
===================================================================
--- krb5-1.7.orig/src/appl/bsd/klogind.M
+++ krb5-1.7/src/appl/bsd/klogind.M
@@ -27,7 +27,7 @@ server is invoked by \fIinetd(8)\fP when
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIklogind\fP might be:
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
+klogin stream tcp nowait root @mansbindir@/klogind klogind -e5c
When a service request is received, the following protocol is initiated:
Index: krb5-1.7/src/appl/bsd/kshd.M
===================================================================
--- krb5-1.7.orig/src/appl/bsd/kshd.M
+++ krb5-1.7/src/appl/bsd/kshd.M
@@ -8,7 +8,7 @@
.SH NAME
kshd \- kerberized remote shell server
.SH SYNOPSIS
-.B /usr/local/sbin/kshd
+.B @mansbindir@/kshd
[
.B \-kr45ec
]
@@ -30,7 +30,7 @@ server is invoked by \fIinetd(8c)\fP whe
on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIkrshd\fP might be:
-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
+kshell stream tcp nowait root @mansbindir@/kshd kshd -5c
When a service request is received, the following protocol is initiated:
Index: krb5-1.7/src/appl/sample/sserver/sserver.M
===================================================================
--- krb5-1.7.orig/src/appl/sample/sserver/sserver.M
+++ krb5-1.7/src/appl/sample/sserver/sserver.M
--- krb5-1.8-alpha1.orig/src/appl/sample/sserver/sserver.M
+++ krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
@@ -59,7 +59,7 @@ option allows for a different keytab tha
using a line in
/etc/inetd.conf that looks like this:
@ -47,23 +13,10 @@ Index: krb5-1.7/src/appl/sample/sserver/sserver.M
.PP
Since \fBsample\fP is normally not a port defined in /etc/services, you will
usually have to add a line to /etc/services which looks like this:
Index: krb5-1.7/src/appl/telnet/telnetd/telnetd.8
Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
===================================================================
--- krb5-1.7.orig/src/appl/telnet/telnetd/telnetd.8
+++ krb5-1.7/src/appl/telnet/telnetd/telnetd.8
@@ -37,7 +37,7 @@ telnetd \-
.SM DARPA TELNET
protocol server
.SH SYNOPSIS
-.B /usr/libexec/telnetd
+.B @manlibexecdir@/telnetd
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
Index: krb5-1.7/src/config-files/kdc.conf.M
===================================================================
--- krb5-1.7.orig/src/config-files/kdc.conf.M
+++ krb5-1.7/src/config-files/kdc.conf.M
--- krb5-1.8-alpha1.orig/src/config-files/kdc.conf.M
+++ krb5-1.8-alpha1/src/config-files/kdc.conf.M
@@ -82,14 +82,14 @@ This
.B string
specifies the location of the access control list (acl) file that
@ -81,7 +34,7 @@ Index: krb5-1.7/src/config-files/kdc.conf.M
.IP database_name
This
@@ -257,7 +257,7 @@ tickets should be checked against the tr
@@ -254,7 +254,7 @@ tickets should be checked against the tr
realm names and the [capaths] section of its krb5.conf file
.SH FILES
@ -90,12 +43,12 @@ Index: krb5-1.7/src/config-files/kdc.conf.M
.SH SEE ALSO
krb5.conf(5), krb5kdc(8)
Index: krb5-1.7/src/configure.in
Index: krb5-1.8-alpha1/src/configure.in
===================================================================
--- krb5-1.7.orig/src/configure.in
+++ krb5-1.7/src/configure.in
@@ -1041,6 +1041,69 @@ dnl
AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
--- krb5-1.8-alpha1.orig/src/configure.in
+++ krb5-1.8-alpha1/src/configure.in
@@ -1052,6 +1052,58 @@ if test "$ac_cv_lib_socket" = "yes" -a "
fi
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
+
@ -118,18 +71,8 @@ Index: krb5-1.7/src/configure.in
+AC_SUBST(manlocalstatedir)
+AC_SUBST(manlibexecdir)
+AC_OUTPUT([
+ appl/bsd/klogind.M
+ appl/bsd/kshd.M
+ appl/bsd/login.M
+ appl/bsd/rcp.M
+ appl/bsd/rlogin.M
+ appl/bsd/rsh.M
+ appl/gssftp/ftpd/ftpd.M
+ appl/gssftp/ftp/ftp.M
+ appl/sample/sclient/sclient.M
+ appl/sample/sserver/sserver.M
+ appl/telnet/telnetd/telnetd.8
+ appl/telnet/telnet/telnet.1
+ clients/kcpytkt/kcpytkt.M
+ clients/kdeltkt/kdeltkt.M
+ clients/kdestroy/kdestroy.M
@ -147,7 +90,6 @@ Index: krb5-1.7/src/configure.in
+ kadmin/cli/kadmin.M
+ kadmin/dbutil/kdb5_util.M
+ kadmin/ktutil/ktutil.M
+ kadmin/passwd/kpasswd.M
+ kadmin/server/kadmind.M
+ kdc/krb5kdc.M
+ krb5-config.M
@ -164,11 +106,11 @@ Index: krb5-1.7/src/configure.in
V5_AC_OUTPUT_MAKEFILE(.
util util/support util/profile util/send-pr
Index: krb5-1.7/src/kadmin/cli/kadmin.M
Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
===================================================================
--- krb5-1.7.orig/src/kadmin/cli/kadmin.M
+++ krb5-1.7/src/kadmin/cli/kadmin.M
@@ -850,9 +850,9 @@ option is specified, less verbose status
--- krb5-1.8-alpha1.orig/src/kadmin/cli/kadmin.M
+++ krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
@@ -869,9 +869,9 @@ option is specified, less verbose status
.RS
.TP
EXAMPLE:
@ -180,7 +122,7 @@ Index: krb5-1.7/src/kadmin/cli/kadmin.M
kadmin:
.RE
.fi
@@ -894,7 +894,7 @@ passwords.
@@ -913,7 +913,7 @@ passwords.
.SH HISTORY
The
.B kadmin
@ -189,10 +131,10 @@ Index: krb5-1.7/src/kadmin/cli/kadmin.M
OpenVision Kerberos administration program.
.SH SEE ALSO
.IR kerberos (1),
Index: krb5-1.7/src/slave/kprop.M
Index: krb5-1.8-alpha1/src/slave/kprop.M
===================================================================
--- krb5-1.7.orig/src/slave/kprop.M
+++ krb5-1.7/src/slave/kprop.M
--- krb5-1.8-alpha1.orig/src/slave/kprop.M
+++ krb5-1.8-alpha1/src/slave/kprop.M
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
@ -211,10 +153,10 @@ Index: krb5-1.7/src/slave/kprop.M
.TP
\fB\-P\fP \fIport\fP
specifies the port to use to contact the
Index: krb5-1.7/src/slave/kpropd.M
Index: krb5-1.8-alpha1/src/slave/kpropd.M
===================================================================
--- krb5-1.7.orig/src/slave/kpropd.M
+++ krb5-1.7/src/slave/kpropd.M
--- krb5-1.8-alpha1.orig/src/slave/kpropd.M
+++ krb5-1.8-alpha1/src/slave/kpropd.M
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
This is done by adding a line to the inetd.conf file which looks like
this:
@ -222,7 +164,7 @@ Index: krb5-1.7/src/slave/kpropd.M
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the
However, kpropd can also run as a standalone daemon, if the
.B \-S
@@ -111,13 +111,13 @@ is used.
\fB\-f\fP \fIfile\fP

11
krb5-1.7-manpaths.txt
View File

@ -1,15 +1,5 @@
appl/bsd/klogind.M
appl/bsd/kshd.M
appl/bsd/login.M
appl/bsd/rcp.M
appl/bsd/rlogin.M
appl/bsd/rsh.M
appl/gssftp/ftpd/ftpd.M
appl/gssftp/ftp/ftp.M
appl/sample/sclient/sclient.M
appl/sample/sserver/sserver.M
appl/telnet/telnetd/telnetd.8
appl/telnet/telnet/telnet.1
clients/kcpytkt/kcpytkt.M
clients/kdeltkt/kdeltkt.M
clients/kdestroy/kdestroy.M
@ -27,7 +17,6 @@ kadmin/cli/kadmin.local.M
kadmin/cli/kadmin.M
kadmin/dbutil/kdb5_util.M
kadmin/ktutil/ktutil.M
kadmin/passwd/kpasswd.M
kadmin/server/kadmind.M
kdc/krb5kdc.M
krb5-config.M

3
krb5-1.7.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2043f38c46a9721cfab28f0fdf876af17d542cab458a87d0324783189e9570cd
size 10407001

0
krb5-1.7-rpmlintrc → krb5-1.8-rpmlintrc
View File

3
krb5-1.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:10890ef19905e36e99d82cbe7caa6e8b0875b2a304f9a9e2d05137c87aff8212
size 9958816

0
krb5-doc-1.7-rpmlintrc → krb5-doc-1.8-rpmlintrc
View File

5
krb5-doc.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Mar 4 11:45:22 CET 2010 - mc@suse.de
- update to version 1.8
-------------------------------------------------------------------
Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de

11
krb5-doc.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-doc (Version 1.7)
# spec file for package krb5-doc (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -20,15 +20,14 @@
Name: krb5-doc
BuildRequires: ghostscript-library latex2html texlive
Version: 1.7
Release: 7
%define srcRoot krb5-1.7
Version: 1.8
Release: 1
%define srcRoot krb5-1.8
Summary: MIT Kerberos5 Implementation--Documentation
License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
Group: Documentation/Other
Source: krb5-%{version}.tar.bz2
Source1: README.Source
Source: krb5-1.8.tar.bz2
Source3: %{name}-%{version}-rpmlintrc
Patch0: krb5-1.3.5-perlfix.dif
Patch1: krb5-1.6.3-texi2dvi-fix.dif

24
krb5-mini.changes
View File

@ -1,11 +1,29 @@
-------------------------------------------------------------------
Thu Jan 7 11:45:14 CET 2010 - mc@suse.de
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance
bottlenecks.
* Reduce DNS dependence by implementing an interface that allows
client library to track whether a KDC supports service
principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB
backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT
- fix KDC denial of service
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
- fix KDC denial of service in cross-realm referral processing
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
-------------------------------------------------------------------
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de

170
krb5-mini.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-mini (Version 1.7)
# spec file for package krb5-mini (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,7 +18,7 @@
# norootforbuild
%define build_mini 1
%define srcRoot krb5-1.7
%define srcRoot krb5-1.8
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -27,8 +27,8 @@ License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.7
Release: 7
Version: 1.8
Release: 1
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
# bug437293
@ -42,25 +42,19 @@ Group: Productivity/Networking/Security
Summary: MIT Kerberos5 Implementation--Libraries
Group: Productivity/Networking/Security
%endif
Source: krb5-1.7.tar.bz2
Source: krb5-1.8.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: baselibs.conf
Source2: baselibs.conf
Source5: krb5-%{version}-rpmlintrc
Source10: krb5-1.7-manpaths.txt
Patch2: krb5-1.6.1-compile_pie.dif
Patch20: krb5-1.6.3-kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Patch30: krb5-1.7-manpaths.dif
Patch32: krb5-1.4.3-enospc.dif
Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch41: krb5-1.6.3-kpasswd_tcp.patch
Patch44: krb5-1.6.3-ktutil-manpage.dif
Patch46: krb5-1.6.3-fix-ipv6-query.dif
Patch47: krb5-1.7-MITKRB5-SA-2009-003.dif
Patch48: krb5-1.7-MITKRB5-SA-2009-004.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -117,46 +111,6 @@ and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
License: MIT License (or similar)
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
License: MIT License (or similar)
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
@ -240,25 +194,14 @@ Authors:
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch2
%patch20
%patch21
%patch22
%patch30 -p1
%patch32 -p1
%patch34 -p1
%patch41
%patch44 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do
@ -319,12 +262,6 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
@ -337,12 +274,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
@ -421,7 +352,9 @@ rm -rf %{buildroot}
%dir /usr/lib/mit/sbin
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt_mit.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv_mit.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb5.so
@ -455,17 +388,13 @@ rm -rf %{buildroot}
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
%{_sysconfdir}/init.d/*
%{_libdir}/libgssapi_krb5.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkadm5clnt.so.*
%{_libdir}/libkadm5srv.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
@ -479,15 +408,10 @@ rm -rf %{buildroot}
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
/usr/lib/mit/bin/k5srvutil
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
@ -497,16 +421,10 @@ rm -rf %{buildroot}
/usr/lib/mit/bin/kadmin
/usr/lib/mit/bin/ktutil
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
#/usr/lib/mit/bin/*
/usr/bin/kinit
/usr/bin/klist
/usr/bin/rc*
@ -517,12 +435,7 @@ rm -rf %{buildroot}
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/kadmin.1*
%{_mandir}/man1/ktutil.1*
@ -549,8 +462,8 @@ rm -rf %{buildroot}
%{_libdir}/libgssapi_krb5.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkadm5clnt.so.*
%{_libdir}/libkadm5srv.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
@ -582,6 +495,10 @@ rm -rf %{buildroot}
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/uuserver
%{_libdir}/krb5/plugins/kdb/db2.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man8/kadmind.8*
@ -591,6 +508,7 @@ rm -rf %{buildroot}
%{_mandir}/man8/kproplog.8.gz
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/sserver.8*
%files client
%defattr(-,root,root)
@ -605,6 +523,11 @@ rm -rf %{buildroot}
/usr/lib/mit/bin/kadmin
/usr/lib/mit/bin/ktutil
/usr/lib/mit/bin/k5srvutil
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/ksu
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/sim_client
/usr/lib/mit/bin/uuclient
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
@ -618,53 +541,8 @@ rm -rf %{buildroot}
%{_mandir}/man1/k5srvutil.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/login.krb5.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/ksu.1.gz
%{_mandir}/man1/sclient.1.gz
%files plugin-kdb-ldap
%defattr(-,root,root)

24
krb5.changes
View File

@ -1,11 +1,29 @@
-------------------------------------------------------------------
Thu Jan 7 11:45:14 CET 2010 - mc@suse.de
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance
bottlenecks.
* Reduce DNS dependence by implementing an interface that allows
client library to track whether a KDC supports service
principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB
backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT
- fix KDC denial of service
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
- fix KDC denial of service in cross-realm referral processing
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
-------------------------------------------------------------------
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de

170
krb5.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5 (Version 1.7)
# spec file for package krb5 (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,7 +18,7 @@
# norootforbuild
%define build_mini 0
%define srcRoot krb5-1.7
%define srcRoot krb5-1.8
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -27,8 +27,8 @@ License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.7
Release: 7
Version: 1.8
Release: 1
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
# bug437293
@ -42,25 +42,19 @@ Group: Productivity/Networking/Security
Summary: MIT Kerberos5 Implementation--Libraries
Group: Productivity/Networking/Security
%endif
Source: krb5-1.7.tar.bz2
Source: krb5-1.8.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: baselibs.conf
Source2: baselibs.conf
Source5: krb5-%{version}-rpmlintrc
Source10: krb5-1.7-manpaths.txt
Patch2: krb5-1.6.1-compile_pie.dif
Patch20: krb5-1.6.3-kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Patch30: krb5-1.7-manpaths.dif
Patch32: krb5-1.4.3-enospc.dif
Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch41: krb5-1.6.3-kpasswd_tcp.patch
Patch44: krb5-1.6.3-ktutil-manpage.dif
Patch46: krb5-1.6.3-fix-ipv6-query.dif
Patch47: krb5-1.7-MITKRB5-SA-2009-003.dif
Patch48: krb5-1.7-MITKRB5-SA-2009-004.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -117,46 +111,6 @@ and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
License: MIT License (or similar)
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
License: MIT License (or similar)
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
@ -240,25 +194,14 @@ Authors:
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch2
%patch20
%patch21
%patch22
%patch30 -p1
%patch32 -p1
%patch34 -p1
%patch41
%patch44 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do
@ -319,12 +262,6 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
@ -337,12 +274,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
@ -421,7 +352,9 @@ rm -rf %{buildroot}
%dir /usr/lib/mit/sbin
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt_mit.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv_mit.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb5.so
@ -455,17 +388,13 @@ rm -rf %{buildroot}
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
%{_sysconfdir}/init.d/*
%{_libdir}/libgssapi_krb5.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkadm5clnt.so.*
%{_libdir}/libkadm5srv.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
@ -479,15 +408,10 @@ rm -rf %{buildroot}
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
/usr/lib/mit/bin/k5srvutil
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
@ -497,16 +421,10 @@ rm -rf %{buildroot}
/usr/lib/mit/bin/kadmin
/usr/lib/mit/bin/ktutil
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
#/usr/lib/mit/bin/*
/usr/bin/kinit
/usr/bin/klist
/usr/bin/rc*
@ -517,12 +435,7 @@ rm -rf %{buildroot}
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/kadmin.1*
%{_mandir}/man1/ktutil.1*
@ -549,8 +462,8 @@ rm -rf %{buildroot}
%{_libdir}/libgssapi_krb5.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkadm5clnt.so.*
%{_libdir}/libkadm5srv.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
@ -582,6 +495,10 @@ rm -rf %{buildroot}
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/uuserver
%{_libdir}/krb5/plugins/kdb/db2.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man8/kadmind.8*
@ -591,6 +508,7 @@ rm -rf %{buildroot}
%{_mandir}/man8/kproplog.8.gz
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/sserver.8*
%files client
%defattr(-,root,root)
@ -605,6 +523,11 @@ rm -rf %{buildroot}
/usr/lib/mit/bin/kadmin
/usr/lib/mit/bin/ktutil
/usr/lib/mit/bin/k5srvutil
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/ksu
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/sim_client
/usr/lib/mit/bin/uuclient
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
@ -618,53 +541,8 @@ rm -rf %{buildroot}
%{_mandir}/man1/k5srvutil.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/login.krb5.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/ksu.1.gz
%{_mandir}/man1/sclient.1.gz
%files plugin-kdb-ldap
%defattr(-,root,root)

50
spx.c
View File

@ -1,50 +0,0 @@
/*-
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* based on @(#)spx.c 8.1 (Berkeley) 6/4/93 */
#include "misc-proto.h"
#ifdef notdef
prkey(msg, key)
char *msg;
unsigned char *key;
{
register int i;
printf("%s:", msg);
for (i = 0; i < 8; i++)
printf(" %3d", key[i]);
printf("\r\n");
}
#endif

4
vendor-files.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cc8af64eb451283d9ed22d52848a923e65a50b5c80442fe3165f238efdd34571
size 182153
oid sha256:afd7fcef667fa671ba023b747d95c62dd83b03c4bb93c7132e1ae78fe837c35e
size 182067