This commit is contained in:
parent
4da4b4f6fa
commit
7b77761d5a
@ -1,215 +0,0 @@
|
||||
#include <com_err.h>
|
||||
#include <krb5.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
||||
#define krb5_kdb_decode_int16(cp, i16) \
|
||||
*((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \
|
||||
((krb5_int16) ((unsigned char) (cp)[1]) << 8))
|
||||
#define encode_int16(i16, cp) \
|
||||
{ \
|
||||
(cp)[0] = (unsigned char) ((i16) & 0xff); \
|
||||
(cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_db_fetch_mkey(krb5_context context,
|
||||
krb5_enctype etype,
|
||||
char *keyfile,
|
||||
krb5_keyblock * key)
|
||||
{
|
||||
krb5_error_code retval;
|
||||
|
||||
/* from somewhere else */
|
||||
krb5_ui_2 enctype;
|
||||
FILE *kf;
|
||||
|
||||
retval = 0;
|
||||
key->magic = KV5M_KEYBLOCK;
|
||||
|
||||
if (!(kf = fopen(keyfile, "r")))
|
||||
return KRB5_KDB_CANTREAD_STORED;
|
||||
if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
|
||||
retval = KRB5_KDB_CANTREAD_STORED;
|
||||
goto errout;
|
||||
}
|
||||
if (key->enctype == ENCTYPE_UNKNOWN)
|
||||
key->enctype = enctype;
|
||||
else if (enctype != key->enctype) {
|
||||
retval = KRB5_KDB_BADSTORED_MKEY;
|
||||
goto errout;
|
||||
}
|
||||
if (fread((krb5_pointer) &key->length,
|
||||
sizeof(key->length), 1, kf) != 1) {
|
||||
retval = KRB5_KDB_CANTREAD_STORED;
|
||||
goto errout;
|
||||
}
|
||||
if (!key->length || ((int) key->length) < 0) {
|
||||
retval = KRB5_KDB_BADSTORED_MKEY;
|
||||
goto errout;
|
||||
}
|
||||
|
||||
if (!(key->contents = (krb5_octet *)malloc(key->length))) {
|
||||
retval = ENOMEM;
|
||||
goto errout;
|
||||
}
|
||||
if (fread((krb5_pointer) key->contents,
|
||||
sizeof(key->contents[0]), key->length, kf)
|
||||
!= key->length) {
|
||||
retval = KRB5_KDB_CANTREAD_STORED;
|
||||
memset(key->contents, 0, key->length);
|
||||
free(key->contents);
|
||||
key->contents = 0;
|
||||
} else
|
||||
retval = 0;
|
||||
|
||||
errout:
|
||||
(void) fclose(kf);
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
read_octet_string(char *str, krb5_octet *buf, size_t len)
|
||||
{
|
||||
int c;
|
||||
int i, retval;
|
||||
char *s;
|
||||
|
||||
s = str;
|
||||
|
||||
retval = 0;
|
||||
for (i=0; i<len; i++) {
|
||||
if (sscanf(s, "%02x", &c) != 1) {
|
||||
retval = 1;
|
||||
free(s);
|
||||
break;
|
||||
}
|
||||
buf[i] = (krb5_octet) c;
|
||||
if(i+1 < len) {
|
||||
s++;
|
||||
s++;
|
||||
}
|
||||
}
|
||||
s = NULL;
|
||||
return(retval);
|
||||
}
|
||||
|
||||
void usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: "
|
||||
"EncryptWithMasterKey -sf stashfilename -d data [-e enctype]\n"
|
||||
"\t [-sf stashfilename] \n"
|
||||
"\t [-d the data to encrypt]\n"
|
||||
"\t [-e encryption type of the master key] (default des3-cbc-sha1)\n\n"
|
||||
"\t valid enctypes are:\n\n"
|
||||
"\t des-cbc-crc, des-cbc-md4, des-cbc-md5, des, des-cbc-raw,\n"
|
||||
"\t des3-cbc-raw, des3-cbc-sha1, des3-hmac-sha1, des3-cbc-sha1-kd,\n"
|
||||
"\t des-hmac-sha1, arcfour-hmac, rc4-hmac, arcfour-hmac-md5,\n"
|
||||
"\t arcfour-hmac-exp, rc4-hmac-exp, arcfour-hmac-md5-exp,\n"
|
||||
"\t aes128-cts-hmac-sha1-96, aes128-cts, aes256-cts-hmac-sha1-96,\n"
|
||||
"\t aes256-cts\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_error_code retval;
|
||||
krb5_keyblock master_keyblock;
|
||||
krb5_data plain;
|
||||
krb5_enc_data cipher;
|
||||
size_t plainlen = 0;
|
||||
size_t enclen = 0;
|
||||
char *koptarg;
|
||||
char *stashfile = NULL;
|
||||
char *data = NULL;
|
||||
int i = 0;
|
||||
|
||||
master_keyblock.enctype = ENCTYPE_DES3_CBC_SHA1;
|
||||
|
||||
argv++; argc--;
|
||||
while (*argv) {
|
||||
if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
|
||||
stashfile = koptarg;
|
||||
} else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
|
||||
data = koptarg;
|
||||
} else if (strcmp(*argv, "-e") == 0 && ARG_VAL) {
|
||||
if (krb5_string_to_enctype(koptarg, &master_keyblock.enctype))
|
||||
{
|
||||
com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
|
||||
usage();
|
||||
}
|
||||
} else {
|
||||
usage();
|
||||
}
|
||||
argv++; argc--;
|
||||
}
|
||||
|
||||
if (data == NULL || stashfile == NULL)
|
||||
usage();
|
||||
|
||||
|
||||
retval = krb5_init_context(&context);
|
||||
if( retval )
|
||||
{
|
||||
com_err(argv[0], retval, "while initializing krb5_context");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
retval = krb5_db_fetch_mkey(context,
|
||||
master_keyblock.enctype,
|
||||
stashfile,
|
||||
&master_keyblock);
|
||||
if( retval )
|
||||
{
|
||||
com_err(argv[0], retval, "while fetching master key");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
plainlen = strlen(data)/2;
|
||||
|
||||
plain.data = (char *) malloc(plainlen);
|
||||
plain.length = plainlen;
|
||||
|
||||
read_octet_string(data, (krb5_octet*)plain.data, plainlen);
|
||||
|
||||
retval = krb5_c_encrypt_length(context,
|
||||
master_keyblock.enctype,
|
||||
plain.length, &enclen);
|
||||
if( retval )
|
||||
{
|
||||
com_err(argv[0], retval, "while calculating cipher data length");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cipher.ciphertext.data = (char *) malloc(enclen);
|
||||
cipher.ciphertext.length = enclen;
|
||||
|
||||
retval = krb5_c_encrypt(context, &master_keyblock, /* XXX */ 0, 0,
|
||||
&plain, &cipher);
|
||||
if( retval )
|
||||
{
|
||||
com_err(argv[0], retval, "while encrypting data");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* first print out the length of the decrypted hash */
|
||||
|
||||
char l[2];
|
||||
encode_int16((unsigned int)plainlen, l);
|
||||
printf("%02x%02x", l[0], l[1]);
|
||||
|
||||
/* now print the encrypted key */
|
||||
for(i = 0; i < cipher.ciphertext.length; ++i)
|
||||
{
|
||||
printf("%02x",(unsigned char)cipher.ciphertext.data[i]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,23 +0,0 @@
|
||||
.SUFFIXES: .tex .dvi .ps
|
||||
|
||||
all:
|
||||
latex adb-unit-test.tex
|
||||
latex api-funcspec.tex
|
||||
latex api-server-design.tex
|
||||
latex api-unit-test.tex
|
||||
dvips adb-unit-test.dvi -o adb-unit-test.ps
|
||||
dvips api-funcspec.dvi -o api-funcspec.ps
|
||||
dvips api-server-design.dvi -o api-server-design.ps
|
||||
dvips api-unit-test.dvi -o api-unit-test.ps
|
||||
latex2html -dir ../html/adb-unit-test -mkdir adb-unit-test.tex
|
||||
latex2html -dir ../html/api-funcspec -mkdir api-funcspec.tex
|
||||
latex2html -dir ../html/api-server-design -mkdir api-server-design.tex
|
||||
latex2html -dir ../html/api-unit-test -mkdir api-unit-test.tex
|
||||
|
||||
|
||||
clean:
|
||||
rm -f *.toc *.log *.idx *.ind *.aux *.ilg
|
||||
|
||||
really-clean: clean
|
||||
rm -f *.dvi *.ps
|
||||
|
@ -1,4 +0,0 @@
|
||||
krb5
|
||||
obsoletes "heimdal-lib-<targettype>"
|
||||
provides "heimdal-lib-<targettype>"
|
||||
krb5-devel
|
@ -1,13 +0,0 @@
|
||||
Index: krb5-1.6.3/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
+++ krb5-1.6.3/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
@@ -56,7 +56,7 @@ g_display_com_err_status(minor_status, s
|
||||
(void) gssint_initialize_library();
|
||||
|
||||
if (! g_make_string_buffer(((status_value == 0)?no_error:
|
||||
- error_message(status_value)),
|
||||
+ error_message((int)status_value)),
|
||||
status_string)) {
|
||||
*minor_status = ENOMEM;
|
||||
return(GSS_S_FAILURE);
|
@ -1,26 +0,0 @@
|
||||
--- src/slave/kprop.c
|
||||
+++ src/slave/kprop.c 2006/06/21 12:38:34
|
||||
@@ -215,6 +215,7 @@
|
||||
krb5_error_code retval;
|
||||
static char tkstring[] = "/tmp/kproptktXXXXXX";
|
||||
krb5_keytab keytab = NULL;
|
||||
+ int ret = 0;
|
||||
|
||||
/*
|
||||
* Figure out what tickets we'll be using to send stuff
|
||||
@@ -240,7 +241,15 @@
|
||||
/*
|
||||
* Initialize cache file which we're going to be using
|
||||
*/
|
||||
+#ifdef HAVE_MKSTEMP
|
||||
+ ret = mkstemp(tkstring);
|
||||
+ if (ret == -1) {
|
||||
+ com_err(progname, errno, "while initialize cache file");
|
||||
+ exit(1);
|
||||
+ } else close(ret);
|
||||
+#else
|
||||
(void) mktemp(tkstring);
|
||||
+#endif
|
||||
sprintf(buf, "FILE:%s", tkstring);
|
||||
|
||||
retval = krb5_cc_resolve(context, buf, &ccache);
|
@ -1,50 +0,0 @@
|
||||
Fix for CAN-2004-0175, based on Markus Friedl's fix for OpenSSH scp.
|
||||
|
||||
Index: krb5-1.6.3/src/appl/bsd/krcp.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/bsd/krcp.c
|
||||
+++ krb5-1.6.3/src/appl/bsd/krcp.c
|
||||
@@ -1096,6 +1096,10 @@ void sink(argc, argv)
|
||||
size = size * 10 + (*cp++ - '0');
|
||||
if (*cp++ != ' ')
|
||||
SCREWUP("size not delimited");
|
||||
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
|
||||
+ error("error: unexpected filename: %s", cp);
|
||||
+ exit(1);
|
||||
+ }
|
||||
if (targisdir) {
|
||||
if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf))
|
||||
SCREWUP("target name too long");
|
||||
@@ -1109,6 +1113,8 @@ void sink(argc, argv)
|
||||
nambuf[sizeof(nambuf) - 1] = '\0';
|
||||
exists = stat(nambuf, &stb) == 0;
|
||||
if (cmdbuf[0] == 'D') {
|
||||
+ if (!iamrecursive)
|
||||
+ SCREWUP("received directory without -r");
|
||||
if (exists) {
|
||||
if ((stb.st_mode&S_IFMT) != S_IFDIR) {
|
||||
errno = ENOTDIR;
|
||||
Index: krb5-1.6.3/src/appl/bsd/v4rcp.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/bsd/v4rcp.c
|
||||
+++ krb5-1.6.3/src/appl/bsd/v4rcp.c
|
||||
@@ -807,6 +807,10 @@ void sink(argc, argv)
|
||||
size = size * 10 + (*cp++ - '0');
|
||||
if (*cp++ != ' ')
|
||||
SCREWUP("size not delimited");
|
||||
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
|
||||
+ error("error: unexpected filename: %s", cp);
|
||||
+ exit(1);
|
||||
+ }
|
||||
if (targisdir) {
|
||||
if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) {
|
||||
(void) sprintf(nambuf, "%s%s%s", targ,
|
||||
@@ -823,6 +827,8 @@ void sink(argc, argv)
|
||||
nambuf[sizeof(nambuf)-1] = '\0';
|
||||
exists = stat(nambuf, &stb) == 0;
|
||||
if (cmdbuf[0] == 'D') {
|
||||
+ if (!iamrecursive)
|
||||
+ SCREWUP("received directory without -r");
|
||||
if (exists) {
|
||||
if ((stb.st_mode&S_IFMT) != S_IFDIR) {
|
||||
errno = ENOTDIR;
|
@ -1,28 +0,0 @@
|
||||
Index: src/lib/krb5/krb/princ_comp.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/princ_comp.c.orig
|
||||
+++ src/lib/krb5/krb/princ_comp.c
|
||||
@@ -33,6 +33,13 @@
|
||||
krb5_boolean KRB5_CALLCONV
|
||||
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
|
||||
{
|
||||
+ if ((princ1 == NULL) || (princ2 == NULL))
|
||||
+ return FALSE;
|
||||
+
|
||||
+ if ((krb5_princ_realm(context, princ1) == NULL) ||
|
||||
+ (krb5_princ_realm(context, princ2) == NULL))
|
||||
+ return FALSE;
|
||||
+
|
||||
if (krb5_princ_realm(context, princ1)->length !=
|
||||
krb5_princ_realm(context, princ2)->length ||
|
||||
memcmp (krb5_princ_realm(context, princ1)->data,
|
||||
@@ -49,6 +56,9 @@ krb5_principal_compare(krb5_context cont
|
||||
register int i;
|
||||
krb5_int32 nelem;
|
||||
|
||||
+ if ((princ1 == NULL) || (princ2 == NULL))
|
||||
+ return FALSE;
|
||||
+
|
||||
nelem = krb5_princ_size(context, princ1);
|
||||
if (nelem != krb5_princ_size(context, princ2))
|
||||
return FALSE;
|
@ -1,21 +1,13 @@
|
||||
If the error message is going to be ambiguous, try to give the user some clue
|
||||
by returning the last error reported by the OS.
|
||||
|
||||
Index: krb5-1.6.3/src/clients/kinit/kinit.c
|
||||
Index: trunk/src/clients/kinit/kinit.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/clients/kinit/kinit.c
|
||||
+++ krb5-1.6.3/src/clients/kinit/kinit.c
|
||||
@@ -35,6 +35,7 @@
|
||||
#else
|
||||
#undef HAVE_KRB524
|
||||
#endif
|
||||
+#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
@@ -921,8 +922,14 @@ k5_kinit(opts, k5)
|
||||
|
||||
code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me);
|
||||
--- trunk.orig/src/clients/kinit/kinit.c
|
||||
+++ trunk/src/clients/kinit/kinit.c
|
||||
@@ -658,8 +658,14 @@ k5_kinit(opts, k5)
|
||||
code = krb5_cc_initialize(k5->ctx, k5->cc,
|
||||
opts->canonicalize ? my_creds.client : k5->me);
|
||||
if (code) {
|
||||
- com_err(progname, code, "when initializing cache %s",
|
||||
- opts->k5_cache_name?opts->k5_cache_name:"");
|
||||
|
@ -2,7 +2,7 @@ Index: src/appl/gssftp/ftp/ftp.c
|
||||
===================================================================
|
||||
--- src/appl/gssftp/ftp/ftp.c.orig
|
||||
+++ src/appl/gssftp/ftp/ftp.c
|
||||
@@ -1986,7 +1986,7 @@ int do_auth()
|
||||
@@ -1912,7 +1912,7 @@ int do_auth()
|
||||
|
||||
#ifdef GSSAPI
|
||||
if (command("AUTH %s", "GSSAPI") == CONTINUE) {
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- src/lib/krb4/g_cnffile.c
|
||||
+++ src/lib/krb4/g_cnffile.c 2006/10/30 11:12:26
|
||||
@@ -68,7 +68,7 @@
|
||||
&full_name);
|
||||
if (retval == 0 && full_name && full_name[0]) {
|
||||
retname[0] = '\0';
|
||||
- strncat(retname, full_name[0], sizeof(retname));
|
||||
+ strncat(retname, full_name[0], sizeof(retname)-strlen(retname)-1);
|
||||
for (cpp = full_name; *cpp; cpp++)
|
||||
krb5_xfree(*cpp);
|
||||
krb5_xfree(full_name);
|
||||
@@ -76,7 +76,7 @@
|
||||
}
|
||||
}
|
||||
retname[0] = '\0';
|
||||
- strncat(retname, default_srvtabname, sizeof(retname));
|
||||
+ strncat(retname, default_srvtabname, sizeof(retname)-strlen(retname)-1);
|
||||
return retname;
|
||||
}
|
||||
|
@ -1,22 +0,0 @@
|
||||
Index: src/kadmin/dbutil/dump.c
|
||||
===================================================================
|
||||
--- src/kadmin/dbutil/dump.c.orig
|
||||
+++ src/kadmin/dbutil/dump.c
|
||||
@@ -2028,7 +2028,7 @@ process_k5beta7_record(fname, kcontext,
|
||||
linenop);
|
||||
else if (strcmp(rectype, "policy") == 0)
|
||||
process_k5beta7_policy(fname, kcontext, filep, verbose,
|
||||
- linenop);
|
||||
+ linenop, NULL);
|
||||
else {
|
||||
fprintf(stderr, "unknown record type \"%s\" on line %d\n",
|
||||
rectype, *linenop);
|
||||
@@ -2064,7 +2064,7 @@ process_ov_record(fname, kcontext, filep
|
||||
linenop);
|
||||
else if (strcmp(rectype, "policy") == 0)
|
||||
process_k5beta7_policy(fname, kcontext, filep, verbose,
|
||||
- linenop);
|
||||
+ linenop, NULL);
|
||||
else if (strcmp(rectype, "End") == 0)
|
||||
return -1;
|
||||
else {
|
@ -1,336 +0,0 @@
|
||||
Index: krb5-1.6.2/src/kdc/dispatch.c
|
||||
===================================================================
|
||||
--- krb5-1.6.2.orig/src/kdc/dispatch.c
|
||||
+++ krb5-1.6.2/src/kdc/dispatch.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* kdc/dispatch.c
|
||||
*
|
||||
- * Copyright 1990 by the Massachusetts Institute of Technology.
|
||||
+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* Export of this software from the United States of America may
|
||||
* require a specific license from the United States Government.
|
||||
@@ -107,7 +107,7 @@ dispatch(krb5_data *pkt, const krb5_full
|
||||
retval = KRB5KRB_AP_ERR_MSG_TYPE;
|
||||
#ifndef NOCACHE
|
||||
/* put the response into the lookaside buffer */
|
||||
- if (!retval)
|
||||
+ if (!retval && *response != NULL)
|
||||
kdc_insert_lookaside(pkt, *response);
|
||||
#endif
|
||||
|
||||
Index: krb5-1.6.2/src/kdc/kerberos_v4.c
|
||||
===================================================================
|
||||
--- krb5-1.6.2.orig/src/kdc/kerberos_v4.c
|
||||
+++ krb5-1.6.2/src/kdc/kerberos_v4.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* kdc/kerberos_v4.c
|
||||
*
|
||||
- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute
|
||||
+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute
|
||||
* of Technology.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
@@ -87,11 +87,6 @@ extern int krbONE;
|
||||
#define MSB_FIRST 0 /* 68000, IBM RT/PC */
|
||||
#define LSB_FIRST 1 /* Vax, PC8086 */
|
||||
|
||||
-int f;
|
||||
-
|
||||
-/* XXX several files in libkdb know about this */
|
||||
-char *progname;
|
||||
-
|
||||
#ifndef BACKWARD_COMPAT
|
||||
static Key_schedule master_key_schedule;
|
||||
static C_Block master_key;
|
||||
@@ -143,10 +138,8 @@ static void hang(void);
|
||||
#include "com_err.h"
|
||||
#include "extern.h" /* to pick up master_princ */
|
||||
|
||||
-static krb5_data *response;
|
||||
-
|
||||
-void kerberos_v4 (struct sockaddr_in *, KTEXT);
|
||||
-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
|
||||
+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
|
||||
+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
|
||||
static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
|
||||
|
||||
/* Attributes converted from V5 to V4 - internal representation */
|
||||
@@ -262,12 +255,12 @@ process_v4(const krb5_data *pkt, const k
|
||||
(void) klog(L_KRB_PERR, "V4 request too long.");
|
||||
return KRB5KRB_ERR_FIELD_TOOLONG;
|
||||
}
|
||||
+ memset( &v4_pkt, 0, sizeof(v4_pkt));
|
||||
v4_pkt.length = pkt->length;
|
||||
v4_pkt.mbz = 0;
|
||||
memcpy( v4_pkt.dat, pkt->data, pkt->length);
|
||||
|
||||
- kerberos_v4( &client_sockaddr, &v4_pkt);
|
||||
- *resp = response;
|
||||
+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
|
||||
return(retval);
|
||||
}
|
||||
|
||||
@@ -300,19 +293,20 @@ char * v4_klog( int type, const char *fo
|
||||
}
|
||||
|
||||
static
|
||||
-int krb4_sendto(int s, const char *msg, int len, int flags,
|
||||
- const struct sockaddr *to, int to_len)
|
||||
+krb5_data *make_response(const char *msg, int len)
|
||||
{
|
||||
+ krb5_data *response;
|
||||
+
|
||||
if ( !(response = (krb5_data *) malloc( sizeof *response))) {
|
||||
- return ENOMEM;
|
||||
+ return 0;
|
||||
}
|
||||
if ( !(response->data = (char *) malloc( len))) {
|
||||
krb5_free_data(kdc_context, response);
|
||||
- return ENOMEM;
|
||||
+ return 0;
|
||||
}
|
||||
response->length = len;
|
||||
memcpy( response->data, msg, len);
|
||||
- return( 0);
|
||||
+ return response;
|
||||
}
|
||||
static void
|
||||
hang(void)
|
||||
@@ -586,7 +580,7 @@ static void str_length_check(char *str,
|
||||
*cp = 0;
|
||||
}
|
||||
|
||||
-void
|
||||
+static krb5_data *
|
||||
kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
|
||||
{
|
||||
static KTEXT_ST rpkt_st;
|
||||
@@ -599,7 +593,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
KTEXT auth = &auth_st;
|
||||
AUTH_DAT ad_st;
|
||||
AUTH_DAT *ad = &ad_st;
|
||||
-
|
||||
+ krb5_data *response = 0;
|
||||
|
||||
static struct in_addr client_host;
|
||||
static int msg_byte_order;
|
||||
@@ -637,8 +631,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
inet_ntoa(client_host));
|
||||
/* send an error reply */
|
||||
req_name_ptr = req_inst_ptr = req_realm_ptr = "";
|
||||
- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
|
||||
}
|
||||
|
||||
/* check packet version */
|
||||
@@ -648,8 +641,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
KRB_PROT_VERSION, req_version, 0);
|
||||
/* send an error reply */
|
||||
req_name_ptr = req_inst_ptr = req_realm_ptr = "";
|
||||
- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
|
||||
}
|
||||
msg_byte_order = req_msg_type & 1;
|
||||
|
||||
@@ -707,10 +699,10 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
|
||||
if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
|
||||
&a_name_data, &k5key, 0, &ck5life))) {
|
||||
- kerb_err_reply(client, pkt, i, "check_princ failed");
|
||||
+ response = kerb_err_reply(client, pkt, i, "check_princ failed");
|
||||
a_name_data.key_low = a_name_data.key_high = 0;
|
||||
krb5_free_keyblock_contents(kdc_context, &k5key);
|
||||
- return;
|
||||
+ return response;
|
||||
}
|
||||
/* don't use k5key for client */
|
||||
krb5_free_keyblock_contents(kdc_context, &k5key);
|
||||
@@ -722,11 +714,11 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
/* this does all the checking */
|
||||
if ((i = check_princ(service, instance, lifetime,
|
||||
&s_name_data, &k5key, 1, &sk5life))) {
|
||||
- kerb_err_reply(client, pkt, i, "check_princ failed");
|
||||
+ response = kerb_err_reply(client, pkt, i, "check_princ failed");
|
||||
a_name_data.key_high = a_name_data.key_low = 0;
|
||||
s_name_data.key_high = s_name_data.key_low = 0;
|
||||
krb5_free_keyblock_contents(kdc_context, &k5key);
|
||||
- return;
|
||||
+ return response;
|
||||
}
|
||||
/* Bound requested lifetime with service and user */
|
||||
v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life);
|
||||
@@ -797,8 +789,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
|
||||
req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
|
||||
a_name_data.key_version, ciph);
|
||||
- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
|
||||
- (struct sockaddr *) client, sizeof (struct sockaddr_in));
|
||||
+ response = make_response((char *) rpkt->dat, rpkt->length);
|
||||
memset(&a_name_data, 0, sizeof(a_name_data));
|
||||
memset(&s_name_data, 0, sizeof(s_name_data));
|
||||
break;
|
||||
@@ -824,9 +815,8 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
lt = klog(L_KRB_PERR,
|
||||
"APPL request with realm length too long from %s",
|
||||
inet_ntoa(client_host));
|
||||
- kerb_err_reply(client, pkt, RD_AP_INCON,
|
||||
- "realm length too long");
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, RD_AP_INCON,
|
||||
+ "realm length too long");
|
||||
}
|
||||
|
||||
auth->length += (int) *(pkt->dat + auth->length) +
|
||||
@@ -835,9 +825,8 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
lt = klog(L_KRB_PERR,
|
||||
"APPL request with funky tkt or req_id length from %s",
|
||||
inet_ntoa(client_host));
|
||||
- kerb_err_reply(client, pkt, RD_AP_INCON,
|
||||
- "funky tkt or req_id length");
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, RD_AP_INCON,
|
||||
+ "funky tkt or req_id length");
|
||||
}
|
||||
|
||||
memcpy(auth->dat, pkt->dat, auth->length);
|
||||
@@ -848,18 +837,16 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) {
|
||||
lt = klog(L_ERR_UNK,
|
||||
"Cross realm ticket from %s denied by policy,", tktrlm);
|
||||
- kerb_err_reply(client, pkt,
|
||||
- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt,
|
||||
+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
}
|
||||
if (set_tgtkey(tktrlm, kvno, 0)) {
|
||||
- lt = klog(L_ERR_UNK,
|
||||
+ lt = klog(L_ERR_UNK,
|
||||
"FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
|
||||
tktrlm, kvno, inet_ntoa(client_host));
|
||||
/* no better error code */
|
||||
- kerb_err_reply(client, pkt,
|
||||
- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt,
|
||||
+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
}
|
||||
kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
|
||||
ad, 0);
|
||||
@@ -869,9 +856,8 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
"FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ",
|
||||
tktrlm, kvno, inet_ntoa(client_host));
|
||||
/* no better error code */
|
||||
- kerb_err_reply(client, pkt,
|
||||
- KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt,
|
||||
+ KERB_ERR_PRINCIPAL_UNKNOWN, lt);
|
||||
}
|
||||
kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
|
||||
ad, 0);
|
||||
@@ -881,8 +867,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
|
||||
inet_ntoa(client_host), krb_get_err_text(kerno));
|
||||
req_name_ptr = req_inst_ptr = req_realm_ptr = "";
|
||||
- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
|
||||
}
|
||||
ptr = (char *) pkt->dat + auth->length;
|
||||
|
||||
@@ -904,22 +889,21 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
req_realm_ptr = ad->prealm;
|
||||
|
||||
if (strcmp(ad->prealm, tktrlm)) {
|
||||
- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
- "Can't hop realms");
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
+ "Can't hop realms");
|
||||
}
|
||||
if (!strcmp(service, "changepw")) {
|
||||
- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
- "Can't authorize password changed based on TGT");
|
||||
- return;
|
||||
+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
|
||||
+ "Can't authorize password changed based on TGT");
|
||||
}
|
||||
kerno = check_princ(service, instance, req_life,
|
||||
&s_name_data, &k5key, 1, &sk5life);
|
||||
if (kerno) {
|
||||
- kerb_err_reply(client, pkt, kerno, "check_princ failed");
|
||||
+ response = kerb_err_reply(client, pkt, kerno,
|
||||
+ "check_princ failed");
|
||||
s_name_data.key_high = s_name_data.key_low = 0;
|
||||
krb5_free_keyblock_contents(kdc_context, &k5key);
|
||||
- return;
|
||||
+ return response;
|
||||
}
|
||||
/* Bound requested lifetime with service and user */
|
||||
v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life);
|
||||
@@ -975,8 +959,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
rpkt = create_auth_reply(ad->pname, ad->pinst,
|
||||
ad->prealm, time_ws,
|
||||
0, 0, 0, ciph);
|
||||
- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
|
||||
- (struct sockaddr *) client, sizeof (struct sockaddr_in));
|
||||
+ response = make_response((char *) rpkt->dat, rpkt->length);
|
||||
memset(&s_name_data, 0, sizeof(s_name_data));
|
||||
break;
|
||||
}
|
||||
@@ -1001,6 +984,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
break;
|
||||
}
|
||||
}
|
||||
+ return response;
|
||||
}
|
||||
|
||||
|
||||
@@ -1010,7 +994,7 @@ kerberos_v4(struct sockaddr_in *client,
|
||||
* client.
|
||||
*/
|
||||
|
||||
-void
|
||||
+static krb5_data *
|
||||
kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string)
|
||||
{
|
||||
static KTEXT_ST e_pkt_st;
|
||||
@@ -1021,9 +1005,7 @@ kerb_err_reply(struct sockaddr_in *clien
|
||||
strncat(e_msg, string, sizeof(e_msg) - 1 - 19);
|
||||
cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
|
||||
req_time_ws, err, e_msg);
|
||||
- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0,
|
||||
- (struct sockaddr *) client, sizeof (struct sockaddr_in));
|
||||
-
|
||||
+ return make_response((char *) e_pkt->dat, e_pkt->length);
|
||||
}
|
||||
|
||||
static int
|
||||
Index: krb5-1.6.2/src/kdc/network.c
|
||||
===================================================================
|
||||
--- krb5-1.6.2.orig/src/kdc/network.c
|
||||
+++ krb5-1.6.2/src/kdc/network.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* kdc/network.c
|
||||
*
|
||||
- * Copyright 1990,2000 by the Massachusetts Institute of Technology.
|
||||
+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* Export of this software from the United States of America may
|
||||
* require a specific license from the United States Government.
|
||||
@@ -747,6 +747,8 @@ static void process_packet(struct connec
|
||||
com_err(prog, retval, "while dispatching (udp)");
|
||||
return;
|
||||
}
|
||||
+ if (response == NULL)
|
||||
+ return;
|
||||
cc = sendto(port_fd, response->data, (socklen_t) response->length, 0,
|
||||
(struct sockaddr *)&saddr, saddr_len);
|
||||
if (cc == -1) {
|
@ -1,76 +0,0 @@
|
||||
=== src/lib/rpc/svc.c
|
||||
==================================================================
|
||||
Index: src/lib/rpc/svc.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc.c.orig
|
||||
+++ src/lib/rpc/svc.c
|
||||
@@ -109,15 +109,17 @@ xprt_register(SVCXPRT *xprt)
|
||||
if (sock < FD_SETSIZE) {
|
||||
xports[sock] = xprt;
|
||||
FD_SET(sock, &svc_fdset);
|
||||
+ if (sock > svc_maxfd)
|
||||
+ svc_maxfd = sock;
|
||||
}
|
||||
#else
|
||||
if (sock < NOFILE) {
|
||||
xports[sock] = xprt;
|
||||
svc_fds |= (1 << sock);
|
||||
+ if (sock > svc_maxfd)
|
||||
+ svc_maxfd = sock;
|
||||
}
|
||||
#endif /* def FD_SETSIZE */
|
||||
- if (sock > svc_maxfd)
|
||||
- svc_maxfd = sock;
|
||||
}
|
||||
|
||||
/*
|
||||
Index: src/lib/rpc/svc_tcp.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc_tcp.c.orig
|
||||
+++ src/lib/rpc/svc_tcp.c
|
||||
@@ -53,6 +53,14 @@ static char sccsid[] = "@(#)svc_tcp.c 1.
|
||||
extern errno;
|
||||
*/
|
||||
|
||||
+#ifndef FD_SETSIZE
|
||||
+#ifdef NBBY
|
||||
+#define NOFILE (sizeof(int) * NBBY)
|
||||
+#else
|
||||
+#define NOFILE (sizeof(int) * 8)
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Ops vector for TCP/IP based rpc service handle
|
||||
*/
|
||||
@@ -213,6 +221,19 @@ makefd_xprt(
|
||||
register SVCXPRT *xprt;
|
||||
register struct tcp_conn *cd;
|
||||
|
||||
+#ifdef FD_SETSIZE
|
||||
+ if (fd >= FD_SETSIZE) {
|
||||
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
|
||||
+ xprt = NULL;
|
||||
+ goto done;
|
||||
+ }
|
||||
+#else
|
||||
+ if (fd >= NOFILE) {
|
||||
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
|
||||
+ xprt = NULL;
|
||||
+ goto done;
|
||||
+ }
|
||||
+#endif
|
||||
xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
|
||||
if (xprt == (SVCXPRT *)NULL) {
|
||||
(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
|
||||
@@ -268,6 +289,10 @@ rendezvous_request(
|
||||
* make a new transporter (re-uses xprt)
|
||||
*/
|
||||
xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
|
||||
+ if (xprt == NULL) {
|
||||
+ close(sock);
|
||||
+ return (FALSE);
|
||||
+ }
|
||||
xprt->xp_raddr = addr;
|
||||
xprt->xp_addrlen = len;
|
||||
xprt->xp_laddr = laddr;
|
@ -1,13 +0,0 @@
|
||||
Index: src/appl/gssftp/ftpd/ftpd.c
|
||||
===================================================================
|
||||
--- src/appl/gssftp/ftpd/ftpd.c.orig
|
||||
+++ src/appl/gssftp/ftpd/ftpd.c
|
||||
@@ -1823,7 +1823,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
|
||||
* radix_encode, gss_seal, plus slop.
|
||||
*/
|
||||
char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
|
||||
- int length, kerror;
|
||||
+ int length = 0, kerror;
|
||||
if (n) sprintf(in, "%d%c", n, cont_char);
|
||||
else in[0] = '\0';
|
||||
strncat(in, buf, sizeof (in) - strlen(in) - 1);
|
@ -1,13 +0,0 @@
|
||||
Index: src/lib/rpc/svc_auth_gss.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc_auth_gss.c.orig
|
||||
+++ src/lib/rpc/svc_auth_gss.c
|
||||
@@ -671,7 +671,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
|
||||
|
||||
gd = SVCAUTH_PRIVATE(auth);
|
||||
|
||||
- if (gd->cname.length == 0)
|
||||
+ if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
|
||||
return (NULL);
|
||||
|
||||
if ((pname = malloc(gd->cname.length + 1)) == NULL)
|
@ -1,25 +0,0 @@
|
||||
Index: src/lib/gssapi/krb5/k5sealv3.c
|
||||
===================================================================
|
||||
--- src/lib/gssapi/krb5/k5sealv3.c.orig
|
||||
+++ src/lib/gssapi/krb5/k5sealv3.c
|
||||
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
|
||||
plain.data = 0;
|
||||
if (err) {
|
||||
zap(outbuf,bufsize);
|
||||
- free(outbuf);
|
||||
goto error;
|
||||
}
|
||||
if (sum.length != ctx->cksum_size)
|
||||
Index: src/lib/gssapi/mechglue/g_initialize.c
|
||||
===================================================================
|
||||
--- src/lib/gssapi/mechglue/g_initialize.c.orig
|
||||
+++ src/lib/gssapi/mechglue/g_initialize.c
|
||||
@@ -208,7 +208,7 @@ gss_OID_set *mechSet;
|
||||
free((*mechSet)->elements[j].elements);
|
||||
}
|
||||
free((*mechSet)->elements);
|
||||
- free(mechSet);
|
||||
+ free(*mechSet);
|
||||
*mechSet = NULL;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
@ -1,14 +0,0 @@
|
||||
Index: src/lib/kdb/kdb_default.c
|
||||
===================================================================
|
||||
--- src/lib/kdb/kdb_default.c.orig
|
||||
+++ src/lib/kdb/kdb_default.c
|
||||
@@ -185,8 +185,7 @@ krb5_def_store_mkey(context, keyfile, mn
|
||||
kf) != key->length)) {
|
||||
retval = errno;
|
||||
(void) fclose(kf);
|
||||
- }
|
||||
- if (fclose(kf) == EOF)
|
||||
+ } else if (fclose(kf) == EOF)
|
||||
retval = errno;
|
||||
#if HAVE_UMASK
|
||||
(void) umask(oumask);
|
@ -1,22 +0,0 @@
|
||||
Index: src/config-files/krb5.conf.M
|
||||
===================================================================
|
||||
--- src/config-files/krb5.conf.M (revision 19507)
|
||||
+++ src/config-files/krb5.conf.M (working copy)
|
||||
@@ -600,7 +600,7 @@
|
||||
objects used for starting the Kerberos servers. This value is used if no
|
||||
service password file is mentioned in the configuration section under dbmodules.
|
||||
|
||||
-.IP ldap_server
|
||||
+.IP ldap_servers
|
||||
This LDAP specific tag indicates the list of LDAP servers. The list of LDAP servers
|
||||
is whitespace-separated. The LDAP server is specified by a LDAP URI.
|
||||
This value is used if no LDAP servers are mentioned in the configuration
|
||||
@@ -641,7 +641,7 @@
|
||||
This LDAP specific tag indicates the file containing the stashed passwords for the
|
||||
objects used for starting the Kerberos servers.
|
||||
|
||||
-.IP ldap_server
|
||||
+.IP ldap_servers
|
||||
This LDAP specific tag indicates the list of LDAP servers. The list of LDAP servers
|
||||
is whitespace-separated. The LDAP server is specified by a LDAP URI.
|
||||
|
@ -2,7 +2,7 @@ Index: src/krb5-config.in
|
||||
===================================================================
|
||||
--- src/krb5-config.in.orig
|
||||
+++ src/krb5-config.in
|
||||
@@ -186,6 +186,8 @@ if test -n "$do_libs"; then
|
||||
@@ -188,6 +188,8 @@ if test -n "$do_libs"; then
|
||||
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
||||
-e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
|
||||
|
||||
@ -15,13 +15,13 @@ Index: src/config/shlib.conf
|
||||
===================================================================
|
||||
--- src/config/shlib.conf.orig
|
||||
+++ src/config/shlib.conf
|
||||
@@ -378,7 +378,8 @@ mips-*-netbsd*)
|
||||
SHLIB_EXPFLAGS='-Wl,-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
|
||||
@@ -420,7 +420,8 @@ mips-*-netbsd*)
|
||||
PROFFLAGS=-pg
|
||||
RPATH_FLAG='-Wl,-rpath -Wl,'
|
||||
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
|
||||
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) -pie $(LDFLAGS)'
|
||||
+ INSTALL_SHLIB='${INSTALL} -m755'
|
||||
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
|
||||
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
|
||||
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie $(LDFLAGS)'
|
||||
+ INSTALL_SHLIB='${INSTALL} -m755'
|
||||
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
||||
RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH; '
|
||||
|
||||
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
||||
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
||||
|
@ -1,14 +0,0 @@
|
||||
Index: src/lib/krb5/asn.1/ldap_key_seq.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/asn.1/ldap_key_seq.c.orig
|
||||
+++ src/lib/krb5/asn.1/ldap_key_seq.c
|
||||
@@ -341,7 +341,8 @@ static asn1_error_code asn1_decode_key(a
|
||||
if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */
|
||||
ret = decode_tagged_octetstring (&slt, 1, &keylen,
|
||||
&key->key_data_contents[1]); checkerr;
|
||||
- }
|
||||
+ } else
|
||||
+ keylen = 0;
|
||||
safe_syncbuf (&subbuf, &slt);
|
||||
key->key_data_length[1] = keylen; /* XXX range check?? */
|
||||
|
@ -1,111 +0,0 @@
|
||||
Index: src/include/k5-int.h
|
||||
===================================================================
|
||||
--- src/include/k5-int.h.orig
|
||||
+++ src/include/k5-int.h
|
||||
@@ -1253,6 +1253,11 @@ struct _krb5_context {
|
||||
|
||||
#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
|
||||
|
||||
+#ifdef __CI_PRINC__
|
||||
+#define KRB5_LIBOPT_CASE_INSENSITIVE 0x0002
|
||||
+#define KRB5_LIBOPT_RD_REQ_TRY_HOST_SPN 0x0004
|
||||
+#endif
|
||||
+
|
||||
/* internal message representations */
|
||||
|
||||
typedef struct _krb5_safe {
|
||||
Index: src/lib/krb5/krb/init_ctx.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/init_ctx.c.orig
|
||||
+++ src/lib/krb5/krb/init_ctx.c
|
||||
@@ -222,6 +222,16 @@ init_common (krb5_context *context, krb5
|
||||
&tmp);
|
||||
ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
|
||||
|
||||
+#ifdef __CI_PRINC__
|
||||
+#define DEFAULT_CASE_SENSITIVE 1
|
||||
+ profile_get_boolean(ctx->profile, "libdefaults",
|
||||
+ "case_sensitive", 0, DEFAULT_CASE_SENSITIVE,
|
||||
+ &tmp);
|
||||
+ if (tmp == 0)
|
||||
+ ctx->library_options |= KRB5_LIBOPT_CASE_INSENSITIVE;
|
||||
+
|
||||
+#endif /* __CI_PRINC__ */
|
||||
+
|
||||
/*
|
||||
* We use a default file credentials cache of 3. See
|
||||
* lib/krb5/krb/ccache/file/fcc.h for a description of the
|
||||
Index: src/lib/krb5/krb/princ_comp.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/princ_comp.c.orig
|
||||
+++ src/lib/krb5/krb/princ_comp.c
|
||||
@@ -33,13 +33,35 @@
|
||||
krb5_boolean KRB5_CALLCONV
|
||||
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
|
||||
{
|
||||
+ krb5_boolean ret;
|
||||
+
|
||||
if ((princ1 == NULL) || (princ2 == NULL))
|
||||
return FALSE;
|
||||
|
||||
if ((krb5_princ_realm(context, princ1) == NULL) ||
|
||||
(krb5_princ_realm(context, princ2) == NULL))
|
||||
return FALSE;
|
||||
+#ifdef __CI_PRINC__
|
||||
+ /* XXX this needs to be Unicode-aware */
|
||||
+
|
||||
+ if (krb5_princ_realm(context, princ1)->length !=
|
||||
+ krb5_princ_realm(context, princ2)->length) {
|
||||
+ /* NB this test won't be necessarily correct for UTF-8 */
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE) {
|
||||
+ ret = (strncasecmp (krb5_princ_realm(context, princ1)->data,
|
||||
+ krb5_princ_realm(context, princ2)->data,
|
||||
+ krb5_princ_realm(context, princ2)->length) == 0);
|
||||
+ } else {
|
||||
+ ret = (memcmp (krb5_princ_realm(context, princ1)->data,
|
||||
+ krb5_princ_realm(context, princ2)->data,
|
||||
+ krb5_princ_realm(context, princ2)->length) == 0);
|
||||
+ }
|
||||
|
||||
+ return ret;
|
||||
+#else
|
||||
if (krb5_princ_realm(context, princ1)->length !=
|
||||
krb5_princ_realm(context, princ2)->length ||
|
||||
memcmp (krb5_princ_realm(context, princ1)->data,
|
||||
@@ -48,6 +70,7 @@ krb5_realm_compare(krb5_context context,
|
||||
return FALSE;
|
||||
|
||||
return TRUE;
|
||||
+#endif /* __CI_PRINC__ */
|
||||
}
|
||||
|
||||
krb5_boolean KRB5_CALLCONV
|
||||
@@ -69,9 +92,25 @@ krb5_principal_compare(krb5_context cont
|
||||
for (i = 0; i < (int) nelem; i++) {
|
||||
register const krb5_data *p1 = krb5_princ_component(context, princ1, i);
|
||||
register const krb5_data *p2 = krb5_princ_component(context, princ2, i);
|
||||
+#ifdef __CI_PRINC__
|
||||
+ /* XXX this needs to be Unicode-aware */
|
||||
+ krb5_boolean ret;
|
||||
+
|
||||
+ if (p1->length != p2->length)
|
||||
+ return FALSE;
|
||||
+
|
||||
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE)
|
||||
+ ret = (strncasecmp(p1->data, p2->data, p1->length) == 0);
|
||||
+ else
|
||||
+ ret = (memcmp(p1->data, p2->data, p1->length) == 0);
|
||||
+
|
||||
+ if (ret == FALSE)
|
||||
+ return ret;
|
||||
+#else
|
||||
if (p1->length != p2->length ||
|
||||
memcmp(p1->data, p2->data, p1->length))
|
||||
return FALSE;
|
||||
+#endif /* __CI_PRINC__ */
|
||||
}
|
||||
return TRUE;
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
Index: krb5-1.6.3/src/lib/krb5/os/hostaddr.c
|
||||
Index: trunk/src/lib/krb5/os/hostaddr.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/lib/krb5/os/hostaddr.c
|
||||
+++ krb5-1.6.3/src/lib/krb5/os/hostaddr.c
|
||||
--- trunk.orig/src/lib/krb5/os/hostaddr.c
|
||||
+++ trunk/src/lib/krb5/os/hostaddr.c
|
||||
@@ -43,7 +43,7 @@ krb5_os_hostaddr(krb5_context context, c
|
||||
return KRB5_ERR_BAD_HOSTNAME;
|
||||
|
||||
@ -11,11 +11,11 @@ Index: krb5-1.6.3/src/lib/krb5/os/hostaddr.c
|
||||
/* We don't care what kind at this point, really, but without
|
||||
this, we can get back multiple sockaddrs per address, for
|
||||
SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW. I haven't checked if
|
||||
Index: krb5-1.6.3/src/lib/krb5/os/hst_realm.c
|
||||
Index: trunk/src/lib/krb5/os/hst_realm.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/lib/krb5/os/hst_realm.c
|
||||
+++ krb5-1.6.3/src/lib/krb5/os/hst_realm.c
|
||||
@@ -167,7 +167,7 @@ krb5int_get_fq_hostname (char *buf, size
|
||||
--- trunk.orig/src/lib/krb5/os/hst_realm.c
|
||||
+++ trunk/src/lib/krb5/os/hst_realm.c
|
||||
@@ -171,7 +171,7 @@ krb5int_get_fq_hostname (char *buf, size
|
||||
int err;
|
||||
|
||||
memset (&hints, 0, sizeof (hints));
|
||||
@ -24,10 +24,10 @@ Index: krb5-1.6.3/src/lib/krb5/os/hst_realm.c
|
||||
err = getaddrinfo (name, 0, &hints, &ai);
|
||||
if (err)
|
||||
return krb5int_translate_gai_error (err);
|
||||
Index: krb5-1.6.3/src/lib/krb5/os/locate_kdc.c
|
||||
Index: trunk/src/lib/krb5/os/locate_kdc.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/lib/krb5/os/locate_kdc.c
|
||||
+++ krb5-1.6.3/src/lib/krb5/os/locate_kdc.c
|
||||
--- trunk.orig/src/lib/krb5/os/locate_kdc.c
|
||||
+++ trunk/src/lib/krb5/os/locate_kdc.c
|
||||
@@ -254,8 +254,9 @@ krb5int_add_host_to_list (struct addrlis
|
||||
memset(&hint, 0, sizeof(hint));
|
||||
hint.ai_family = family;
|
||||
@ -37,17 +37,18 @@ Index: krb5-1.6.3/src/lib/krb5/os/locate_kdc.c
|
||||
- hint.ai_flags = AI_NUMERICSERV;
|
||||
+ hint.ai_flags |= AI_NUMERICSERV;
|
||||
#endif
|
||||
sprintf(portbuf, "%d", ntohs(port));
|
||||
sprintf(secportbuf, "%d", ntohs(secport));
|
||||
Index: krb5-1.6.3/src/lib/krb5/os/sn2princ.c
|
||||
if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
|
||||
/* XXX */
|
||||
Index: trunk/src/lib/krb5/os/sn2princ.c
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/lib/krb5/os/sn2princ.c
|
||||
+++ krb5-1.6.3/src/lib/krb5/os/sn2princ.c
|
||||
@@ -107,6 +107,7 @@ krb5_sname_to_principal(krb5_context con
|
||||
--- trunk.orig/src/lib/krb5/os/sn2princ.c
|
||||
+++ trunk/src/lib/krb5/os/sn2princ.c
|
||||
@@ -107,7 +107,7 @@ krb5_sname_to_principal(krb5_context con
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_INET;
|
||||
+ hints.ai_flags = AI_ADDRCONFIG;
|
||||
- hints.ai_flags = AI_CANONNAME;
|
||||
+ hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG;
|
||||
try_getaddrinfo_again:
|
||||
err = getaddrinfo(hostname, 0, &hints, &ai);
|
||||
if (err) {
|
||||
|
13
krb5-1.6.3-gssapi_improve_errormessages.dif
Normal file
13
krb5-1.6.3-gssapi_improve_errormessages.dif
Normal file
@ -0,0 +1,13 @@
|
||||
Index: trunk/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
===================================================================
|
||||
--- trunk.orig/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
+++ trunk/src/lib/gssapi/generic/disp_com_err_status.c
|
||||
@@ -54,7 +54,7 @@ g_display_com_err_status(minor_status, s
|
||||
status_string->value = NULL;
|
||||
|
||||
if (! g_make_string_buffer(((status_value == 0)?no_error:
|
||||
- error_message(status_value)),
|
||||
+ error_message((long)status_value)),
|
||||
status_string)) {
|
||||
*minor_status = ENOMEM;
|
||||
return(GSS_S_FAILURE);
|
@ -3,9 +3,9 @@ to wait for UDP to fail, so this might not be ideal. RT #5868.
|
||||
|
||||
Index: src/lib/krb5/os/changepw.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/os/changepw.c (revision 20199)
|
||||
+++ src/lib/krb5/os/changepw.c (working copy)
|
||||
@@ -251,11 +251,22 @@
|
||||
--- src/lib/krb5/os/changepw.c.orig
|
||||
+++ src/lib/krb5/os/changepw.c
|
||||
@@ -261,11 +261,22 @@ krb5_change_set_password(krb5_context co
|
||||
NULL,
|
||||
NULL
|
||||
))) {
|
28
krb5-1.6.3-kprop-use-mkstemp.dif
Normal file
28
krb5-1.6.3-kprop-use-mkstemp.dif
Normal file
@ -0,0 +1,28 @@
|
||||
Index: src/slave/kprop.c
|
||||
===================================================================
|
||||
--- src/slave/kprop.c.orig
|
||||
+++ src/slave/kprop.c
|
||||
@@ -215,6 +215,7 @@ void get_tickets(context)
|
||||
krb5_error_code retval;
|
||||
static char tkstring[] = "/tmp/kproptktXXXXXX";
|
||||
krb5_keytab keytab = NULL;
|
||||
+ int ret = 0;
|
||||
|
||||
/*
|
||||
* Figure out what tickets we'll be using to send stuff
|
||||
@@ -240,7 +241,15 @@ void get_tickets(context)
|
||||
/*
|
||||
* Initialize cache file which we're going to be using
|
||||
*/
|
||||
+#ifdef HAVE_MKSTEMP
|
||||
+ ret = mkstemp(tkstring);
|
||||
+ if (ret == -1) {
|
||||
+ com_err(progname, errno, "while initialize cache file");
|
||||
+ exit(1);
|
||||
+ } else close(ret);
|
||||
+#else
|
||||
(void) mktemp(tkstring);
|
||||
+#endif
|
||||
snprintf(buf, sizeof(buf), "FILE:%s", tkstring);
|
||||
|
||||
retval = krb5_cc_resolve(context, buf, &ccache);
|
3056
krb5-1.6.3-post.dif
3056
krb5-1.6.3-post.dif
File diff suppressed because it is too large
Load Diff
@ -1,2 +0,0 @@
|
||||
addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so")
|
||||
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz")
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c272bea49a48059f9a31bca38e9d838c9b52d4257ba764aaed24783c24b36173
|
||||
size 10091032
|
@ -1,8 +1,8 @@
|
||||
|
||||
Index: krb5-1.6.3/src/appl/bsd/klogind.M
|
||||
Index: trunk/src/appl/bsd/klogind.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/bsd/klogind.M
|
||||
+++ krb5-1.6.3/src/appl/bsd/klogind.M
|
||||
--- trunk.orig/src/appl/bsd/klogind.M
|
||||
+++ trunk/src/appl/bsd/klogind.M
|
||||
@@ -27,7 +27,7 @@ server is invoked by \fIinetd(8)\fP when
|
||||
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
|
||||
configuration line for \fIklogind\fP might be:
|
||||
@ -12,10 +12,10 @@ Index: krb5-1.6.3/src/appl/bsd/klogind.M
|
||||
|
||||
When a service request is received, the following protocol is initiated:
|
||||
|
||||
Index: krb5-1.6.3/src/appl/bsd/kshd.M
|
||||
Index: trunk/src/appl/bsd/kshd.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/bsd/kshd.M
|
||||
+++ krb5-1.6.3/src/appl/bsd/kshd.M
|
||||
--- trunk.orig/src/appl/bsd/kshd.M
|
||||
+++ trunk/src/appl/bsd/kshd.M
|
||||
@@ -8,7 +8,7 @@
|
||||
.SH NAME
|
||||
kshd \- kerberized remote shell server
|
||||
@ -34,10 +34,10 @@ Index: krb5-1.6.3/src/appl/bsd/kshd.M
|
||||
|
||||
When a service request is received, the following protocol is initiated:
|
||||
|
||||
Index: krb5-1.6.3/src/appl/sample/sserver/sserver.M
|
||||
Index: trunk/src/appl/sample/sserver/sserver.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/sample/sserver/sserver.M
|
||||
+++ krb5-1.6.3/src/appl/sample/sserver/sserver.M
|
||||
--- trunk.orig/src/appl/sample/sserver/sserver.M
|
||||
+++ trunk/src/appl/sample/sserver/sserver.M
|
||||
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
||||
using a line in
|
||||
/etc/inetd.conf that looks like this:
|
||||
@ -47,10 +47,10 @@ Index: krb5-1.6.3/src/appl/sample/sserver/sserver.M
|
||||
.PP
|
||||
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
||||
usually have to add a line to /etc/services which looks like this:
|
||||
Index: krb5-1.6.3/src/appl/telnet/telnetd/telnetd.8
|
||||
Index: trunk/src/appl/telnet/telnetd/telnetd.8
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/appl/telnet/telnetd/telnetd.8
|
||||
+++ krb5-1.6.3/src/appl/telnet/telnetd/telnetd.8
|
||||
--- trunk.orig/src/appl/telnet/telnetd/telnetd.8
|
||||
+++ trunk/src/appl/telnet/telnetd/telnetd.8
|
||||
@@ -37,7 +37,7 @@ telnetd \-
|
||||
.SM DARPA TELNET
|
||||
protocol server
|
||||
@ -60,10 +60,10 @@ Index: krb5-1.6.3/src/appl/telnet/telnetd/telnetd.8
|
||||
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
|
||||
[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
|
||||
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
|
||||
Index: krb5-1.6.3/src/config-files/kdc.conf.M
|
||||
Index: trunk/src/config-files/kdc.conf.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/config-files/kdc.conf.M
|
||||
+++ krb5-1.6.3/src/config-files/kdc.conf.M
|
||||
--- trunk.orig/src/config-files/kdc.conf.M
|
||||
+++ trunk/src/config-files/kdc.conf.M
|
||||
@@ -82,14 +82,14 @@ This
|
||||
.B string
|
||||
specifies the location of the access control list (acl) file that
|
||||
@ -81,7 +81,7 @@ Index: krb5-1.6.3/src/config-files/kdc.conf.M
|
||||
|
||||
.IP database_name
|
||||
This
|
||||
@@ -239,7 +239,7 @@ tickets should be checked against the tr
|
||||
@@ -257,7 +257,7 @@ tickets should be checked against the tr
|
||||
realm names and the [capaths] section of its krb5.conf file
|
||||
|
||||
.SH FILES
|
||||
@ -90,12 +90,12 @@ Index: krb5-1.6.3/src/config-files/kdc.conf.M
|
||||
|
||||
.SH SEE ALSO
|
||||
krb5.conf(5), krb5kdc(8)
|
||||
Index: krb5-1.6.3/src/configure.in
|
||||
Index: trunk/src/configure.in
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/configure.in
|
||||
+++ krb5-1.6.3/src/configure.in
|
||||
@@ -944,6 +944,73 @@ if false; then
|
||||
fi
|
||||
--- trunk.orig/src/configure.in
|
||||
+++ trunk/src/configure.in
|
||||
@@ -1041,6 +1041,69 @@ dnl
|
||||
AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
|
||||
|
||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
||||
+
|
||||
@ -124,7 +124,6 @@ Index: krb5-1.6.3/src/configure.in
|
||||
+ appl/bsd/rcp.M
|
||||
+ appl/bsd/rlogin.M
|
||||
+ appl/bsd/rsh.M
|
||||
+ appl/bsd/v4rcp.M
|
||||
+ appl/gssftp/ftpd/ftpd.M
|
||||
+ appl/gssftp/ftp/ftp.M
|
||||
+ appl/sample/sclient/sclient.M
|
||||
@ -150,10 +149,7 @@ Index: krb5-1.6.3/src/configure.in
|
||||
+ kadmin/ktutil/ktutil.M
|
||||
+ kadmin/passwd/kpasswd.M
|
||||
+ kadmin/server/kadmind.M
|
||||
+ kdc/fakeka.M
|
||||
+ kdc/krb5kdc.M
|
||||
+ krb524/k524init.M
|
||||
+ krb524/krb524d.M
|
||||
+ krb5-config.M
|
||||
+ plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
|
||||
+ slave/kpropd.M
|
||||
@ -168,11 +164,11 @@ Index: krb5-1.6.3/src/configure.in
|
||||
V5_AC_OUTPUT_MAKEFILE(.
|
||||
|
||||
util util/support util/profile util/send-pr
|
||||
Index: krb5-1.6.3/src/kadmin/cli/kadmin.M
|
||||
Index: trunk/src/kadmin/cli/kadmin.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/kadmin/cli/kadmin.M
|
||||
+++ krb5-1.6.3/src/kadmin/cli/kadmin.M
|
||||
@@ -808,9 +808,9 @@ option is specified, less verbose status
|
||||
--- trunk.orig/src/kadmin/cli/kadmin.M
|
||||
+++ trunk/src/kadmin/cli/kadmin.M
|
||||
@@ -840,9 +840,9 @@ option is specified, less verbose status
|
||||
.RS
|
||||
.TP
|
||||
EXAMPLE:
|
||||
@ -184,7 +180,7 @@ Index: krb5-1.6.3/src/kadmin/cli/kadmin.M
|
||||
kadmin:
|
||||
.RE
|
||||
.fi
|
||||
@@ -852,7 +852,7 @@ passwords.
|
||||
@@ -884,7 +884,7 @@ passwords.
|
||||
.SH HISTORY
|
||||
The
|
||||
.B kadmin
|
||||
@ -193,10 +189,10 @@ Index: krb5-1.6.3/src/kadmin/cli/kadmin.M
|
||||
OpenVision Kerberos administration program.
|
||||
.SH SEE ALSO
|
||||
.IR kerberos (1),
|
||||
Index: krb5-1.6.3/src/slave/kprop.M
|
||||
Index: trunk/src/slave/kprop.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/slave/kprop.M
|
||||
+++ krb5-1.6.3/src/slave/kprop.M
|
||||
--- trunk.orig/src/slave/kprop.M
|
||||
+++ trunk/src/slave/kprop.M
|
||||
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
||||
This is done by transmitting the dumped database file to the slave
|
||||
server over an encrypted, secure channel. The dump file must be created
|
||||
@ -215,11 +211,11 @@ Index: krb5-1.6.3/src/slave/kprop.M
|
||||
.TP
|
||||
\fB\-P\fP \fIport\fP
|
||||
specifies the port to use to contact the
|
||||
Index: krb5-1.6.3/src/slave/kpropd.M
|
||||
Index: trunk/src/slave/kpropd.M
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/slave/kpropd.M
|
||||
+++ krb5-1.6.3/src/slave/kpropd.M
|
||||
@@ -69,7 +69,7 @@ Normally, kpropd is invoked out of
|
||||
--- trunk.orig/src/slave/kpropd.M
|
||||
+++ trunk/src/slave/kpropd.M
|
||||
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
||||
This is done by adding a line to the inetd.conf file which looks like
|
||||
this:
|
||||
|
||||
@ -228,7 +224,7 @@ Index: krb5-1.6.3/src/slave/kpropd.M
|
||||
|
||||
However, kpropd can also run as a standalone deamon, if the
|
||||
.B \-S
|
||||
@@ -87,13 +87,13 @@ is used.
|
||||
@@ -111,13 +111,13 @@ is used.
|
||||
\fB\-f\fP \fIfile\fP
|
||||
specifies the filename where the dumped principal database file is to be
|
||||
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
|
||||
@ -244,9 +240,9 @@ Index: krb5-1.6.3/src/slave/kpropd.M
|
||||
.TP
|
||||
.B \-S
|
||||
turn on standalone mode. Normally, kpropd is invoked out of
|
||||
@@ -124,14 +124,14 @@ mode.
|
||||
@@ -148,14 +148,14 @@ mode.
|
||||
allows the user to specify the path to the
|
||||
.KR kpropd.acl
|
||||
kpropd.acl
|
||||
file; by default the path used is KPROPD_ACL_FILE
|
||||
-(normally /usr/local/var/krb5kdc/kpropd.acl).
|
||||
+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
@ -4,7 +4,6 @@ appl/bsd/login.M
|
||||
appl/bsd/rcp.M
|
||||
appl/bsd/rlogin.M
|
||||
appl/bsd/rsh.M
|
||||
appl/bsd/v4rcp.M
|
||||
appl/gssftp/ftpd/ftpd.M
|
||||
appl/gssftp/ftp/ftp.M
|
||||
appl/sample/sclient/sclient.M
|
||||
@ -30,10 +29,7 @@ kadmin/dbutil/kdb5_util.M
|
||||
kadmin/ktutil/ktutil.M
|
||||
kadmin/passwd/kpasswd.M
|
||||
kadmin/server/kadmind.M
|
||||
kdc/fakeka.M
|
||||
kdc/krb5kdc.M
|
||||
krb524/k524init.M
|
||||
krb524/krb524d.M
|
||||
krb5-config.M
|
||||
plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
|
||||
slave/kpropd.M
|
6
krb5-1.7-rpmlintrc
Normal file
6
krb5-1.7-rpmlintrc
Normal file
@ -0,0 +1,6 @@
|
||||
addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so")
|
||||
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz")
|
||||
addFilter("files-duplicate .*css")
|
||||
addFilter("files-duplicate .*img.*png")
|
||||
addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so")
|
||||
addFilter("shlib-policy-missing-suffix")
|
3
krb5-1.7.tar.bz2
Normal file
3
krb5-1.7.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2043f38c46a9721cfab28f0fdf876af17d542cab458a87d0324783189e9570cd
|
||||
size 10407001
|
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to final version 1.7
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 13 11:34:07 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to version 1.7 Beta2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 16 13:08:05 CET 2009 - mc@suse.de
|
||||
|
||||
- update to pre 1.7 version
|
||||
* remove outdated documentation for kadm5 API
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 25 12:17:10 CEST 2008 - mc@suse.de
|
||||
|
||||
|
176
krb5-doc.spec
176
krb5-doc.spec
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package krb5-doc (Version 1.6.3)
|
||||
# spec file for package krb5-doc (Version 1.7)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
@ -20,20 +20,18 @@
|
||||
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html texlive
|
||||
Version: 1.6.3
|
||||
Release: 133
|
||||
%define srcRoot krb5-1.6.3
|
||||
Version: 1.7
|
||||
Release: 4
|
||||
%define srcRoot krb5-1.7
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: X11/MIT
|
||||
License: MIT License (or similar)
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
Group: Documentation/Other
|
||||
Source: krb5-1.6.3.tar.bz2
|
||||
Source: krb5-%{version}.tar.bz2
|
||||
Source1: README.Source
|
||||
Source2: Makefile.kadm5
|
||||
Source3: %{name}-%{version}-rpmlintrc
|
||||
Patch0: krb5-1.3.5-perlfix.dif
|
||||
Patch1: krb5-1.6.3-texi2dvi-fix.dif
|
||||
Patch2: krb5-1.6.3-post.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
|
||||
@ -56,8 +54,6 @@ Authors:
|
||||
%setup -n %{srcRoot}
|
||||
%patch0
|
||||
%patch1
|
||||
%patch2
|
||||
cp %{_sourcedir}/Makefile.kadm5 %{_builddir}/%{srcRoot}/doc/kadm5/Makefile
|
||||
|
||||
%build
|
||||
|
||||
@ -68,17 +64,13 @@ make
|
||||
make implementor.ps
|
||||
make -C api
|
||||
make -C implement
|
||||
make -C kadm5
|
||||
cd api
|
||||
latex2html -dir ../html/library -mkdir library.tex
|
||||
latex2html -dir ../html/libdes -mkdir libdes.tex
|
||||
cd ../implement
|
||||
latex2html -dir ../html/implement -mkdir implement.tex
|
||||
cd ..
|
||||
#mv krb5-admin html/
|
||||
#mv krb5-install html/
|
||||
#mv krb5-user html/
|
||||
#mv krb425 html/
|
||||
#make -C kadm5
|
||||
#cd api
|
||||
#latex2html -dir ../html/library -mkdir library.tex
|
||||
#latex2html -dir ../html/libdes -mkdir libdes.tex
|
||||
#cd ../implement
|
||||
#latex2html -dir ../html/implement -mkdir implement.tex
|
||||
#cd ..
|
||||
mv *.html html/
|
||||
cd ..
|
||||
find . -type f -name '*.ps' -exec gzip -9 {} \;
|
||||
@ -89,134 +81,34 @@ rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
rm -f doc/html/*/WARNINGS
|
||||
rm -f doc/html/*/images.aux
|
||||
rm -f doc/html/*/labels.pl
|
||||
# check for duplicate files and replace them with a link
|
||||
cd doc/html/api-funcspec
|
||||
if cmp --quiet api-funcspec.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s api-funcspec.html index.html
|
||||
fi
|
||||
cd ../library
|
||||
if cmp --quiet library.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s library.html index.html
|
||||
fi
|
||||
cd ../api-server-design
|
||||
if cmp --quiet api-server-design.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s api-server-design.html index.html
|
||||
fi
|
||||
cd ../adb-unit-test
|
||||
if cmp --quiet adb-unit-test.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s adb-unit-test.html index.html
|
||||
fi
|
||||
cd ../api-unit-test
|
||||
if cmp --quiet api-unit-test.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s api-unit-test.html index.html
|
||||
fi
|
||||
cd ../libdes
|
||||
if cmp --quiet libdes.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s libdes.html index.html
|
||||
fi
|
||||
cd ../implement
|
||||
if cmp --quiet implement.html index.html ; then
|
||||
rm -f index.html
|
||||
ln -s implement.html index.html
|
||||
fi
|
||||
cd ../..
|
||||
#rm -f doc/html/*/WARNINGS
|
||||
#rm -f doc/html/*/images.aux
|
||||
#rm -f doc/html/*/labels.pl
|
||||
#### check for duplicate files and replace them with a link
|
||||
#cd doc/html/library
|
||||
#if cmp --quiet library.html index.html ; then
|
||||
# rm -f index.html
|
||||
# ln -s library.html index.html
|
||||
#fi
|
||||
#cd ../libdes
|
||||
#if cmp --quiet libdes.html index.html ; then
|
||||
# rm -f index.html
|
||||
# ln -s libdes.html index.html
|
||||
#fi
|
||||
#cd ../implement
|
||||
#if cmp --quiet implement.html index.html ; then
|
||||
# rm -f index.html
|
||||
# ln -s implement.html index.html
|
||||
#fi
|
||||
#cd ../..
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz doc/kadm5/*.ps.gz
|
||||
%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz
|
||||
%doc doc/krb5-protocol doc/kadmin
|
||||
%doc doc/html
|
||||
|
||||
%changelog
|
||||
* Fri Jul 25 2008 mc@suse.de
|
||||
- add patches from SVN post 1.6.3
|
||||
* some fixes in the man pages
|
||||
* Wed Jun 18 2008 mc@suse.de
|
||||
- reduce rpmlint warnings
|
||||
* Tue Oct 23 2007 mc@suse.de
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
* Thu Jul 12 2007 mc@suse.de
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
* Wed Jun 13 2007 sschober@suse.de
|
||||
- removed executable permission from doc file
|
||||
* Mon Apr 23 2007 mc@suse.de
|
||||
- update to final 1.6.1 version
|
||||
- replace te_ams with texlive in BuildRequires
|
||||
* Wed Apr 18 2007 mc@suse.de
|
||||
- build implementor.ps
|
||||
* Mon Apr 16 2007 mc@suse.de
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
* Mon Feb 19 2007 mc@suse.de
|
||||
- add krb5-1.6-post.dif
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- update to version 1.6
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
* Thu Aug 24 2006 mc@suse.de
|
||||
- update to version 1.5.1
|
||||
- remove obsolete patches which are now included upstream
|
||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
* trunk-fix-uninitialized-vars.dif
|
||||
* Mon Jul 03 2006 mc@suse.de
|
||||
- update to version 1.5
|
||||
* KDB abstraction layer, donated by Novell.
|
||||
* plug-in architecture, allowing for extension modules to be
|
||||
loaded at run-time.
|
||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
||||
donated by Sun Microsystems
|
||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||
implementation, donated by Sun Microsystems
|
||||
- remove obsolete patches and add some new
|
||||
* Mon Mar 13 2006 mc@suse.de
|
||||
- set BuildArchitectures to noarch
|
||||
- set norootforbuild
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Fri Nov 18 2005 mc@suse.de
|
||||
- update to version 1.4.3
|
||||
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
|
||||
* Wed Oct 12 2005 mc@suse.de
|
||||
- build kadm5 documentation
|
||||
- build documentation also as html
|
||||
- include the text only documentation
|
||||
* Tue Oct 11 2005 mc@suse.de
|
||||
- update to version 1.4.2
|
||||
- remove some obsolet patches
|
||||
* Mon Jun 27 2005 mc@suse.de
|
||||
- update to version 1.4.1
|
||||
- remove obsolet patches
|
||||
- krb5-1.4-VUL-0-telnet.dif
|
||||
* Thu Feb 10 2005 ro@suse.de
|
||||
- added libpng to neededforbuild (for tetex)
|
||||
* Fri Feb 04 2005 mc@suse.de
|
||||
- remove spx.c from tarball because of legal risk
|
||||
- add README.Source which tell the user about this
|
||||
action.
|
||||
* Fri Jan 28 2005 mc@suse.de
|
||||
- update to version 1.4
|
||||
* Mon Jan 10 2005 mc@suse.de
|
||||
- update to version 1.3.6
|
||||
* Tue Dec 14 2004 mc@suse.de
|
||||
- initial release
|
||||
|
693
krb5-mini.changes
Normal file
693
krb5-mini.changes
Normal file
@ -0,0 +1,693 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to final 1.7 release
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to version 1.7 Beta2
|
||||
* Incremental propagation support for the KDC database.
|
||||
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
||||
framework that can protect the AS exchange from dictionary attack.
|
||||
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
|
||||
allows a GSS application to request credential delegation only if
|
||||
permitted by KDC policy.
|
||||
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
|
||||
various vulnerabilities in SPNEGO and ASN.1 code.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
||||
|
||||
- update to pre 1.7 version
|
||||
* Remove support for version 4 of the Kerberos protocol (krb4).
|
||||
* New libdefaults configuration variable "allow_weak_crypto".
|
||||
* Client library now follows client principal referrals, for
|
||||
compatibility with Windows.
|
||||
* KDC can issue realm referrals for service principals based on domain
|
||||
names.
|
||||
* Encryption algorithm negotiation (RFC 4537).
|
||||
* In the replay cache, use a hash over the complete ciphertext to
|
||||
avoid false-positive replay indications.
|
||||
* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
|
||||
similar to the equivalent SSPI functionality.
|
||||
* DCE RPC, including three-leg GSS context setup and unencapsulated
|
||||
GSS tokens.
|
||||
* NTLM recognition support in GSS-API, to facilitate dropping in an
|
||||
NTLM implementation.
|
||||
* KDC support for principal aliases, if the back end supports them.
|
||||
* Microsoft set/change password (RFC 3244) protocol in kadmind.
|
||||
* Master key rollover support.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 14 09:21:36 CET 2009 - olh@suse.de
|
||||
|
||||
- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
||||
|
||||
- do not query IPv6 addresses if no IPv6 address exists on this host
|
||||
[bnc#449143]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
||||
|
||||
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
||||
(bnc#437293)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
||||
|
||||
- obsolete old -XXbit packages (bnc#437293)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
||||
|
||||
- in case we use ldap as database backend, ldap should be
|
||||
started before krb5kdc
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
||||
|
||||
- add new fixes to post 1.6.3 patch
|
||||
* fix mem leak in krb5_gss_accept_sec_context()
|
||||
* keep minor_status
|
||||
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
||||
"to be ignored"
|
||||
* Reject socket fds > FD_SETSIZE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de
|
||||
|
||||
- add patches from SVN post 1.6.3
|
||||
* krb5_string_to_keysalts: Fix an infinite loop
|
||||
* fix some mutex issues
|
||||
* better recovery from corrupt rcache files
|
||||
* some more small fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de
|
||||
|
||||
- add case-insensitive.dif (FATE#300771)
|
||||
- minor fixes for ktutil man page
|
||||
- reduce rpmlint warnings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
||||
|
||||
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
||||
- restore valid sequence number before generating requests
|
||||
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
||||
|
||||
- added baselibs.conf file to build xxbit packages
|
||||
for multilib support
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
||||
|
||||
- modify krb5-config to not output rpath and cflags in --libs
|
||||
(bnc#378270)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 14 11:27:55 CET 2008 - mc@suse.de
|
||||
|
||||
- fix two security bugs:
|
||||
* MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
|
||||
fix double free [bnc#361373]
|
||||
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
||||
Memory corruption while too many open file descriptors
|
||||
[bnc#363151]
|
||||
- change default config file. Comment out the examples.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
||||
|
||||
- fix several security bugs:
|
||||
* CVE-2007-5894 apparent uninit length
|
||||
* CVE-2007-5902 integer overflow
|
||||
* CVE-2007-5971 free of non-heap pointer and double-free
|
||||
* CVE-2007-5972 double fclose()
|
||||
[#346745, #346748, #346746, #346749, #346747]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
||||
|
||||
- improve GSSAPI error messages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
||||
|
||||
- add coreutils to PreReq
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||
that the client library will not failover to the next KDC.
|
||||
[#310540]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 5 12:18:21 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
||||
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
session key enctype of a returned credential for the final
|
||||
service is among the enctypes explicitly selected by the
|
||||
application, and retry with old_use_conf_ktypes if it is not.
|
||||
* If mkstemp() is available, the new ccache file gets created but
|
||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||
was already created by mkstemp(). Apply patch from Apple to keep
|
||||
the file descriptor open.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
||||
|
||||
- change requires to libcom_err-devel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix unstripped-binary-or-object rpmlint warning
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
||||
|
||||
- fixing rpmlint warnings and errors:
|
||||
* merged logrotate scripts kadmin and krb5kdc into a single file
|
||||
krb5-server.
|
||||
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
||||
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
||||
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
||||
* added surpression filter for
|
||||
"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
|
||||
(see [#147912]).
|
||||
* set default runlevel of init scripts in chkconfig line to 3 and
|
||||
5
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
||||
|
||||
- adding krb5-1.6.1-post.dif
|
||||
* fix segfault in krb5_get_init_creds_password
|
||||
* remove debug output in ftp client
|
||||
* profile stores empty string values without double quotes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to final 1.6.1 version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
||||
|
||||
- add plugin directories to main package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
- rework compile_pie patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 11 10:58:09 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
* fix kadmind stack overflow in krb5_klog_syslog
|
||||
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
||||
[#253548]
|
||||
* fix double free attack in the RPC library
|
||||
(MITKRB5-SA-2007-003 - CVE-2007-1216)
|
||||
[#252487]
|
||||
* fix krb5 telnetd login injection
|
||||
(MIT-SA-2007-001 - CVE-2007-0956)
|
||||
#247765
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de
|
||||
|
||||
- add ncurses-devel and bison to BuildRequires
|
||||
- rework some patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
||||
|
||||
- move SuSEFirewall service definitions to
|
||||
/etc/sysconfig/SuSEfirewall2.d/services
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
||||
|
||||
- add firewall definition to krb5-server, FATE #300687
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
- move some applications into the right package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
||||
|
||||
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
||||
are now upstream. Remove patches.
|
||||
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
|
||||
|
||||
- fix "local variable used before set" in ftp.c
|
||||
[#237684]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
||||
|
||||
- krb5-devel should require keyutils-devel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
- remove obsolete patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
|
||||
|
||||
- fix for
|
||||
kadmind (via RPC library) calls uninitialized function pointer
|
||||
(CVE-2006-6143)(Bug #225990)
|
||||
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
|
||||
- fix for
|
||||
kadmind (via GSS-API mechglue) frees uninitialized pointers
|
||||
(CVE-2006-6144)(Bug #225992)
|
||||
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
||||
|
||||
- Fix Requires in krb5-devel
|
||||
[Bug #231008]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
||||
|
||||
- fix "local variable used before set" [#217692]
|
||||
- fix strncat warning
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
||||
|
||||
- add a default kadm5.dict file
|
||||
- require $network on daemon start
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
||||
|
||||
- fix function call with too few arguments [#203837]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
||||
|
||||
- update to version 1.5.1
|
||||
- remove obsolete patches which are now included upstream
|
||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
* trunk-fix-uninitialized-vars.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
||||
|
||||
- krb5 setuid return check fixes
|
||||
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
[#182351]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
||||
|
||||
- remove update-messages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
||||
|
||||
- add check for krb5_prop in services to kpropd init script.
|
||||
[#192446]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
||||
|
||||
- update to version 1.5
|
||||
* KDB abstraction layer, donated by Novell.
|
||||
* plug-in architecture, allowing for extension modules to be
|
||||
loaded at run-time.
|
||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
||||
donated by Sun Microsystems
|
||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||
implementation, donated by Sun Microsystems
|
||||
- remove obsolete patches and add some new
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 26 14:50:00 CEST 2006 - ro@suse.de
|
||||
|
||||
- libcom is not in e2fsck-devel but in its own package now, change
|
||||
Requires accordingly.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de
|
||||
|
||||
- add all daemons to %stop_on_removal and %restart_on_update
|
||||
- add reload to kpropd init script
|
||||
- add force-reload to all init scripts
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
||||
|
||||
- add libgssapi_krb5.so link to main package [#147912]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
||||
|
||||
- fix logging section for kadmind in convert script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
||||
|
||||
- converted neededforbuild to BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
||||
|
||||
- change the logging defaults
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
||||
|
||||
- add tools and README for heimdal => MIT update
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
||||
|
||||
- fix build problems, define _GNU_SOURCE
|
||||
(krb5-1.4.3-set_gnu_source.dif )
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
||||
|
||||
- added "make %{?jobs:-j%jobs}"
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.3
|
||||
* some memmory leaks fixed
|
||||
* fix for "AS_REP padata has wrong enctype"
|
||||
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
||||
* ... and more
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
||||
|
||||
- don't build as root
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.2
|
||||
- remove some obsolet patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
||||
|
||||
- build with --disable-static
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
||||
|
||||
- remove devel-static subpackage
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
||||
|
||||
- better patch for princ_comp problem
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.1
|
||||
- remove obsolet patches
|
||||
- krb5-1.4-gcc4.dif
|
||||
- krb5-1.4-reduce-namespace-polution.dif
|
||||
- krb5-1.4-VUL-0-telnet.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de
|
||||
|
||||
- fixed krb5 KDC heap corruption by random free
|
||||
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
|
||||
- fixed krb5 double free()
|
||||
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
||||
- fix krb5 NULL pointer reference while comparing principals
|
||||
[#91600]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
||||
|
||||
- fix uninitialized variables
|
||||
- compile with -fPIE/ link with -pie
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
||||
|
||||
- fixed wrong xinetd files [#77149]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
||||
|
||||
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
|
||||
by libcom_err locking patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
||||
|
||||
- fixed missing descriptions in init files
|
||||
[#76164, #76165, #76166, #76169]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
||||
|
||||
- enhance $PATH via /etc/profile.d/ [#74018]
|
||||
- remove the "links to important programs"
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
||||
|
||||
- fixed not running converter script [#72854]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
||||
|
||||
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
||||
Overflow
|
||||
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
||||
Overflow
|
||||
[#73618]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 16 13:10:18 CET 2005 - mc@suse.de
|
||||
|
||||
- fixed wrong PreReqs [#73020]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 15 19:54:58 CET 2005 - mc@suse.de
|
||||
|
||||
- add a simple krb5.conf converter [#72854]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
||||
|
||||
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
||||
[#72446]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
||||
|
||||
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
||||
|
||||
- fix double free [#66534]
|
||||
krb5-1.4-fix-error_tables.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
||||
|
||||
- change mode for shared libraries to 755
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
||||
|
||||
- remove spx.c from tarball because of legal risk
|
||||
- add README.Source which tell the user about this
|
||||
action.
|
||||
- add a check for spx.c in the spec-file
|
||||
- use rich-text for update-messages [#50250]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
||||
|
||||
- add krb5-1.4-reduce-namespace-polution.dif
|
||||
reduce namespace polution in gssapi.h [#50356]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4
|
||||
- Add implementation of the RPCSEC_GSS authentication flavor to the
|
||||
RPC library.
|
||||
- Thread safety for krb5 libraries.
|
||||
- Merged Athena telnetd changes for creating a new option for
|
||||
requiring encryption.
|
||||
- The kadmind4 backwards-compatibility admin server and the v5passwdd
|
||||
backwards-compatibility password-changing server have been removed.
|
||||
- Yarrow code now uses AES.
|
||||
- Merged Athena changes to allow ftpd to require encrypted passwords.
|
||||
- Incorporate gss_krb5_set_allowable_enctypes() and
|
||||
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
|
||||
- remove obsolet patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
||||
|
||||
- add proofreaded update-messages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
||||
|
||||
- remove Conflicts: and add Provides:
|
||||
- add some insserv stuff
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
||||
|
||||
- move vendor files to vendor-files.tar.bz2
|
||||
- add obsoletes: heimdal
|
||||
- add %pre and %post sections to detect update
|
||||
from heimdal and backup invalid configuration files
|
||||
- add update-messages for heimdal update
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.3.6
|
||||
- fix for: heap buffer overflow in libkadm5srv
|
||||
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
||||
|
||||
- build doc subpackage in an own specfile
|
||||
- removed unnecessary neededforbuild requirements
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de
|
||||
|
||||
- fix build with gcc 4
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
||||
|
||||
- added Conflicts with heimdal*
|
||||
- rename some manpages to avoid conflicts
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
||||
|
||||
- new init scripts
|
||||
- fix logrotate scripts
|
||||
- add some 64Bit fixes
|
||||
- add default krb5.conf, kdc.conf and kadm5.acl
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
||||
|
||||
- add e2fsprogs to NFB
|
||||
- use system-et and system-ss
|
||||
- fix includes of com_err.h
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
||||
|
||||
- Initital checkin
|
||||
|
686
krb5-mini.spec
Normal file
686
krb5-mini.spec
Normal file
@ -0,0 +1,686 @@
|
||||
#
|
||||
# spec file for package krb5-mini (Version 1.7)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
|
||||
%define build_mini 1
|
||||
%define srcRoot krb5-1.7
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
|
||||
Name: krb5-mini
|
||||
License: MIT License (or similar)
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
Version: 1.7
|
||||
Release: 4
|
||||
%if ! 0%{?build_mini}
|
||||
BuildRequires: libopenssl-devel openldap2-devel
|
||||
# bug437293
|
||||
%ifarch ppc64
|
||||
Obsoletes: krb5-64bit
|
||||
%endif
|
||||
#
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
Group: Productivity/Networking/Security
|
||||
%else
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
Group: Productivity/Networking/Security
|
||||
%endif
|
||||
Source: krb5-1.7.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: README.Source
|
||||
Source3: spx.c
|
||||
Source5: krb5-%{version}-rpmlintrc
|
||||
Source10: krb5-1.7-manpaths.txt
|
||||
Patch2: krb5-1.6.1-compile_pie.dif
|
||||
Patch20: krb5-1.6.3-kprop-use-mkstemp.dif
|
||||
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
|
||||
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch30: krb5-1.7-manpaths.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch41: krb5-1.6.3-kpasswd_tcp.patch
|
||||
Patch44: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch46: krb5-1.6.3-fix-ipv6-query.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
|
||||
%description
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of clear text passwords.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%if ! %{build_mini}
|
||||
|
||||
%package client
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 implementation - client programs
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description client
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some required
|
||||
client programs, like kinit, kadmin, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package server
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 implementation - server
|
||||
Group: Productivity/Networking/Security
|
||||
Requires: perl-Date-Calc
|
||||
Requires: logrotate cron
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
|
||||
%description server
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes the kdc, kadmind
|
||||
and more.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-servers
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 server applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-servers
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible server applications like ftpd, klogind, telnetd, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-clients
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 client applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-clients
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible client applications like ftp, rpc, rlogin, telnet, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package plugin-kdb-ldap
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 Implementation--LDAP Database Plugin
|
||||
Group: Productivity/Networking/Security
|
||||
Requires: krb5-server = %{version}
|
||||
|
||||
%description plugin-kdb-ldap
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of clear text passwords. This package contains the LDAP
|
||||
database plugin.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package plugin-preauth-pkinit
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 Implementation--PKINIT preauth Plugin
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description plugin-preauth-pkinit
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%endif #! build_mini
|
||||
|
||||
%package devel
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 - Include Files and Libraries
|
||||
Group: Development/Libraries/C and C++
|
||||
PreReq: %{name} = %{version}
|
||||
Requires: libcom_err-devel
|
||||
Requires: keyutils-devel
|
||||
# bug437293
|
||||
%ifarch ppc64
|
||||
Obsoletes: krb5-devel-64bit
|
||||
%endif
|
||||
%if %{build_mini}
|
||||
Provides: krb5-devel = %{version}
|
||||
%endif
|
||||
#
|
||||
|
||||
%description devel
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes Libraries and
|
||||
Include Files for Development
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
|
||||
then
|
||||
echo "spx.c contains potential legal risks."
|
||||
exit 1;
|
||||
else
|
||||
cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
|
||||
fi
|
||||
%patch2
|
||||
%patch20
|
||||
%patch21
|
||||
%patch22
|
||||
%patch30 -p1
|
||||
%patch32 -p1
|
||||
%patch34 -p1
|
||||
%patch41
|
||||
%patch44 -p1
|
||||
%patch46 -p1
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat %{SOURCE10} | while read manpage ; do
|
||||
mv "$manpage" "$manpage".in
|
||||
done
|
||||
popd
|
||||
|
||||
%build
|
||||
cd src
|
||||
%{?suse_update_config:%{suse_update_config -f}}
|
||||
./util/reconf
|
||||
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC " \
|
||||
./configure \
|
||||
--prefix=/usr/lib/mit \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--mandir=%{_mandir} \
|
||||
--infodir=%{_infodir} \
|
||||
--libexecdir=/usr/lib/mit/sbin \
|
||||
--libdir=%{_libdir} \
|
||||
--includedir=%{_includedir} \
|
||||
--localstatedir=%{_localstatedir}/lib/kerberos \
|
||||
--enable-shared \
|
||||
--disable-static \
|
||||
--enable-kdc-replay-cache \
|
||||
--enable-dns-for-realm \
|
||||
--disable-rpath \
|
||||
%if ! %{build_mini}
|
||||
--with-ldap \
|
||||
%else
|
||||
--disable-pkinit \
|
||||
%endif
|
||||
--with-system-et \
|
||||
--with-system-ss
|
||||
make %{?jobs:-j%jobs}
|
||||
|
||||
%install
|
||||
cd src
|
||||
make DESTDIR=%{buildroot} install
|
||||
cd ..
|
||||
# Munge the krb5-config script to remove rpaths and CFLAGS.
|
||||
sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config
|
||||
# install sample config files
|
||||
# I'll probably do something about this later on
|
||||
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
|
||||
mkdir -p %{buildroot}%{_sysconfdir}
|
||||
mkdir -p %{buildroot}/etc/profile.d/
|
||||
mkdir -p %{buildroot}/var/log/krb5
|
||||
mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/
|
||||
# create plugin directories
|
||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
|
||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
|
||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
|
||||
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
|
||||
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
||||
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
||||
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
||||
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
|
||||
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
||||
for n in ftpd.8 telnetd.8; do
|
||||
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
|
||||
done
|
||||
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
|
||||
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
|
||||
done
|
||||
# all libs must have permissions 0755
|
||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||
do
|
||||
chmod 0755 ${lib}
|
||||
done
|
||||
# and binaries too
|
||||
chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu
|
||||
# install init scripts
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/init.d
|
||||
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
|
||||
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
|
||||
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
||||
# install xinetd files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
|
||||
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
|
||||
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
|
||||
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
|
||||
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
|
||||
# install logrotate files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
||||
find . -type f -name '*.ps' -exec gzip -9 {} \;
|
||||
# create rc* links
|
||||
mkdir -p %{buildroot}/usr/bin/
|
||||
ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind
|
||||
ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc
|
||||
ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd
|
||||
# create links for kinit and klist, because of the java ones
|
||||
ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit
|
||||
ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist
|
||||
# install doc
|
||||
install -d -m 755 %{buildroot}/%{krb5docdir}
|
||||
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
|
||||
%if ! %{build_mini}
|
||||
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
|
||||
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
|
||||
%endif
|
||||
# cleanup
|
||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
#####################################################
|
||||
# krb5-mini-devel pre/post/postun
|
||||
#####################################################
|
||||
%if %{build_mini}
|
||||
|
||||
%preun
|
||||
%stop_on_removal krb5kdc kadmind kpropd
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
%restart_on_update krb5kdc kadmind kpropd
|
||||
%{insserv_cleanup}
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%else
|
||||
#####################################################
|
||||
# krb5 pre/post/postun
|
||||
#####################################################
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%preun server
|
||||
#####################################################
|
||||
# krb5-server preun/postun
|
||||
#####################################################
|
||||
%stop_on_removal krb5kdc kadmind kpropd
|
||||
|
||||
%postun server
|
||||
%restart_on_update krb5kdc kadmind kpropd
|
||||
%{insserv_cleanup}
|
||||
#####################################################
|
||||
# krb5-plugin-kdb-ldap post/postun
|
||||
#####################################################
|
||||
|
||||
%post plugin-kdb-ldap -p /sbin/ldconfig
|
||||
|
||||
%postun plugin-kdb-ldap -p /sbin/ldconfig
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
########################################################
|
||||
# files sections
|
||||
########################################################
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/sbin
|
||||
%{_libdir}/libgssrpc.so
|
||||
%{_libdir}/libk5crypto.so
|
||||
%{_libdir}/libkadm5clnt.so
|
||||
%{_libdir}/libkadm5srv.so
|
||||
%{_libdir}/libkdb5.so
|
||||
%{_libdir}/libkrb5.so
|
||||
%{_libdir}/libkrb5support.so
|
||||
%{_includedir}/*
|
||||
/usr/lib/mit/bin/krb5-config
|
||||
/usr/lib/mit/sbin/krb5-send-pr
|
||||
%{_mandir}/man1/krb5-send-pr.1*
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
%if %{build_mini}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%dir %{krb5docdir}
|
||||
# add directories
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/kdb
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%dir %{_libdir}/krb5/plugins/libkrb5
|
||||
%dir %{_localstatedir}/lib/kerberos/
|
||||
%dir %{_localstatedir}/lib/kerberos/krb5kdc
|
||||
%attr(0700,root,root) %dir /var/log/krb5
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir /usr/lib/mit/bin
|
||||
%doc %{krb5docdir}/README
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
|
||||
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||
%{_sysconfdir}/init.d/*
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/krb5/plugins/kdb/*
|
||||
%{_libdir}/krb5/plugins/preauth/*
|
||||
#/usr/lib/mit/sbin/*
|
||||
/usr/lib/mit/sbin/kadmin.local
|
||||
/usr/lib/mit/sbin/kadmind
|
||||
/usr/lib/mit/sbin/kpropd
|
||||
/usr/lib/mit/sbin/kproplog
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/lib/mit/bin/kvno
|
||||
/usr/lib/mit/bin/kinit
|
||||
/usr/lib/mit/bin/kdestroy
|
||||
/usr/lib/mit/bin/kpasswd
|
||||
/usr/lib/mit/bin/klist
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
#/usr/lib/mit/bin/*
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
/usr/bin/rc*
|
||||
#%{_mandir}/man1/*
|
||||
%{_mandir}/man1/kvno.1*
|
||||
%{_mandir}/man1/kinit.1*
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man5/.k5login.5.gz
|
||||
%{_mandir}/man8/*
|
||||
%else
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%dir %{krb5docdir}
|
||||
# add plugin directories
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/kdb
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%dir %{_libdir}/krb5/plugins/libkrb5
|
||||
# add log directory
|
||||
%attr(0700,root,root) %dir /var/log/krb5
|
||||
%doc %{krb5docdir}/README
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
|
||||
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/krb5/plugins/preauth/encrypted_challenge.so
|
||||
|
||||
%files server
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
|
||||
%{_sysconfdir}/init.d/kadmind
|
||||
%{_sysconfdir}/init.d/krb5kdc
|
||||
%{_sysconfdir}/init.d/kpropd
|
||||
%dir %{krb5docdir}
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir %{_localstatedir}/lib/kerberos/
|
||||
%dir %{_localstatedir}/lib/kerberos/krb5kdc
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/kdb
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||
/usr/bin/rc*
|
||||
/usr/lib/mit/sbin/kadmin.local
|
||||
/usr/lib/mit/sbin/kadmind
|
||||
/usr/lib/mit/sbin/kpropd
|
||||
/usr/lib/mit/sbin/kproplog
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||
%{_mandir}/man5/kdc.conf.5*
|
||||
%{_mandir}/man8/kadmind.8*
|
||||
%{_mandir}/man8/kadmin.local.8*
|
||||
%{_mandir}/man8/kpropd.8*
|
||||
%{_mandir}/man8/kprop.8*
|
||||
%{_mandir}/man8/kproplog.8.gz
|
||||
%{_mandir}/man8/kdb5_util.8*
|
||||
%{_mandir}/man8/krb5kdc.8*
|
||||
|
||||
%files client
|
||||
%defattr(-,root,root)
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/sbin
|
||||
/usr/lib/mit/bin/kvno
|
||||
/usr/lib/mit/bin/kinit
|
||||
/usr/lib/mit/bin/kdestroy
|
||||
/usr/lib/mit/bin/kpasswd
|
||||
/usr/lib/mit/bin/klist
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
%{_mandir}/man1/kvno.1*
|
||||
%{_mandir}/man1/kinit.1*
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
%{_mandir}/man5/krb5.conf.5*
|
||||
%{_mandir}/man5/.k5login.5*
|
||||
|
||||
%files apps-servers
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
%{_mandir}/man8/kftpd.8*
|
||||
%{_mandir}/man8/klogind.8*
|
||||
%{_mandir}/man8/kshd.8*
|
||||
%{_mandir}/man8/ktelnetd.8*
|
||||
%{_mandir}/man8/sserver.8*
|
||||
%{_mandir}/man8/login.krb5.8*
|
||||
|
||||
%files apps-clients
|
||||
%defattr(-,root,root)
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
# removed SUID bit, we will rely on su + pam_krb
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
|
||||
%files plugin-kdb-ldap
|
||||
%defattr(-,root,root)
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/kdb
|
||||
%dir /usr/lib/mit/sbin/
|
||||
%dir %{krb5docdir}
|
||||
%doc %{krb5docdir}/kerberos.schema
|
||||
%doc %{krb5docdir}/kerberos.ldif
|
||||
%{_libdir}/krb5/plugins/kdb/kldap.so
|
||||
/usr/lib/mit/sbin/kdb5_ldap_util
|
||||
%{_libdir}/libkdb_ldap*
|
||||
%{_mandir}/man8/kdb5_ldap_util.8*
|
||||
|
||||
%files plugin-preauth-pkinit
|
||||
%defattr(-,root,root)
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||
%endif #build_mini
|
||||
|
||||
%changelog
|
@ -1,2 +0,0 @@
|
||||
addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so")
|
||||
addFilter("shlib-policy-missing-suffix")
|
@ -1,177 +0,0 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 25 12:17:44 CEST 2008 - mc@suse.de
|
||||
|
||||
- add patches from SVN post 1.6.3
|
||||
* krb5_string_to_keysalts: Fix an infinite loop
|
||||
* fix some mutex issues
|
||||
* better recovery from corrupt rcache files
|
||||
* some more small fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 18 15:33:18 CEST 2008 - mc@suse.de
|
||||
|
||||
- reduce rpmlint warnings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 4 16:36:43 CET 2007 - mc@suse.de
|
||||
|
||||
- improve GSSAPI error messages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 23 10:29:14 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 14 12:10:01 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||
that the client library will not failover to the next KDC.
|
||||
[#310540]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 6 10:43:50 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 5 12:18:38 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de
|
||||
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
session key enctype of a returned credential for the final
|
||||
service is among the enctypes explicitly selected by the
|
||||
application, and retry with old_use_conf_ktypes if it is not.
|
||||
* If mkstemp() is available, the new ccache file gets created but
|
||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||
was already created by mkstemp(). Apply patch from Apple to keep
|
||||
the file descriptor open.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 12 17:02:19 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 2 11:39:54 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 9 15:31:08 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 3 12:13:35 CEST 2007 - mc@suse.de
|
||||
|
||||
- adding krb5-1.6.1-post.dif
|
||||
* fix segfault in krb5_get_init_creds_password
|
||||
* remove debug output in ftp client
|
||||
* profile stores empty string values without double quotes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 23 11:17:04 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to final 1.6.1 version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 16 14:39:58 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
- rework compile_pie patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 11 10:59:20 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
* fix kadmind stack overflow in krb5_klog_syslog
|
||||
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
||||
[#253548]
|
||||
* fix double free attack in the RPC library
|
||||
(MITKRB5-SA-2007-003 - CVE-2007-1216)
|
||||
[#252487]
|
||||
* fix krb5 telnetd login injection
|
||||
(MIT-SA-2007-001 - CVE-2007-0956)
|
||||
#247765
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 29 12:42:51 CEST 2007 - mc@suse.de
|
||||
|
||||
- add ncurses-devel and bison to BuildRequires
|
||||
- rework some patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 19 14:00:34 CET 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 9 13:31:54 CET 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6-post.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 17:47:22 CET 2007 - ro@suse.de
|
||||
|
||||
- no main package, no debuginfo
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 11:30:35 CET 2007 - mc@suse.de
|
||||
|
||||
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
||||
are now upstream. Remove patches.
|
||||
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 23 17:21:53 CET 2007 - mc@suse.de
|
||||
|
||||
- fix "local variable used before set" in ftp.c
|
||||
[#237684]
|
||||
- use less BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 22 12:21:41 CET 2007 - mc@suse.de
|
||||
|
||||
- initial release (version 1.6)
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
|
@ -1,392 +0,0 @@
|
||||
#
|
||||
# spec file for package krb5-plugins (Version 1.6.3)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
# nodebuginfo
|
||||
|
||||
|
||||
Name: krb5-plugins
|
||||
Version: 1.6.3
|
||||
Release: 16
|
||||
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
||||
%define srcRoot krb5-1.6.3
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
Requires: krb5-server
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
License: X11/MIT
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
Group: Productivity/Networking/Security
|
||||
Source: krb5-1.6.3.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: README.Source
|
||||
Source3: spx.c
|
||||
Source4: EncryptWithMasterKey.c
|
||||
Source5: %{name}-%{version}-rpmlintrc
|
||||
Source10: krb5-trunk-manpaths.txt
|
||||
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
||||
Patch2: krb5-1.6.1-compile_pie.dif
|
||||
Patch3: krb5-1.4-fix-segfault.dif
|
||||
Patch6: trunk-EncryptWithMasterKey.dif
|
||||
Patch14: warning-fix-lib-crypto-des.dif
|
||||
Patch15: warning-fix-lib-crypto-dk.dif
|
||||
Patch16: warning-fix-lib-crypto.dif
|
||||
Patch17: warning-fix-lib-crypto-enc_provider.dif
|
||||
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
|
||||
Patch20: kprop-use-mkstemp.dif
|
||||
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
|
||||
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch24: krb5-1.5.1-fix-strncat-warning.dif
|
||||
Patch25: krb5-1.6.1-init-salt-length.dif
|
||||
Patch30: trunk-manpaths.dif
|
||||
Patch31: krb5-1.6-ldap-man.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch33: krb5-1.3.3-rcp-markus.dif
|
||||
Patch34: gssapi_improve_errormessages.dif
|
||||
Patch35: krb5-1.6-fix-CVE-2007-5894.dif
|
||||
Patch36: krb5-1.6-fix-CVE-2007-5902.dif
|
||||
Patch37: krb5-1.6-fix-CVE-2007-5971.dif
|
||||
Patch38: krb5-1.6-fix-CVE-2007-5972.dif
|
||||
Patch39: krb5-1.6-MITKRB5-SA-2008-001.dif
|
||||
Patch40: krb5-1.6-MITKRB5-SA-2008-002.dif
|
||||
Patch41: krb5-trunk-kpasswd_tcp.patch
|
||||
Patch42: krb5-trunk-seqnum.patch
|
||||
Patch43: krb5-1.6.3-case-insensitive.dif
|
||||
Patch44: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch45: krb5-1.6.3-post.dif
|
||||
Patch46: krb5-1.6.3-fix-ipv6-query.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of clear text passwords.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package -n krb5-plugin-kdb-ldap
|
||||
Requires: krb5-server = %{version}
|
||||
Summary: MIT Kerberos5 Implementation--LDAP Database Plugin
|
||||
License: X11/MIT
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description -n krb5-plugin-kdb-ldap
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of clear text passwords. This package contains the LDAP
|
||||
database plugin.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package -n krb5-plugin-preauth-pkinit
|
||||
License: X11/MIT
|
||||
Summary: MIT Kerberos5 Implementation--PKINIT preauth Plugin
|
||||
Group: Productivity/Networking/Security
|
||||
Conflicts: krb5-plugin-preauth-pkinit-nss
|
||||
|
||||
%description -n krb5-plugin-preauth-pkinit
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
|
||||
then
|
||||
echo "spx.c contains potential legal risks."
|
||||
exit 1;
|
||||
else
|
||||
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
|
||||
fi
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch6
|
||||
%patch14
|
||||
%patch15
|
||||
%patch16
|
||||
%patch17
|
||||
%patch18
|
||||
%patch20
|
||||
%patch21
|
||||
%patch22
|
||||
%patch24
|
||||
%patch25
|
||||
%patch30 -p1
|
||||
%patch31
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35
|
||||
%patch36
|
||||
%patch37
|
||||
%patch38
|
||||
%patch39 -p1
|
||||
%patch40
|
||||
%patch41
|
||||
%patch42
|
||||
%patch43
|
||||
%patch44 -p1
|
||||
%patch45
|
||||
%patch46 -p1
|
||||
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat $RPM_SOURCE_DIR/krb5-trunk-manpaths.txt | while read manpage ; do
|
||||
mv "$manpage" "$manpage".in
|
||||
done
|
||||
popd
|
||||
|
||||
%build
|
||||
cd src
|
||||
%{?suse_update_config:%{suse_update_config -f}}
|
||||
./util/reconf
|
||||
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE -D__CI_PRINC__ -fPIC " \
|
||||
./configure \
|
||||
--prefix=/usr/lib/mit \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--mandir=%{_mandir} \
|
||||
--infodir=%{_infodir} \
|
||||
--libexecdir=/usr/lib/mit/sbin \
|
||||
--libdir=%{_libdir} \
|
||||
--includedir=%{_includedir} \
|
||||
--localstatedir=%{_localstatedir}/lib/kerberos \
|
||||
--enable-shared \
|
||||
--disable-static \
|
||||
--enable-kdc-replay-cache \
|
||||
--enable-dns-for-realm \
|
||||
--with-ldap \
|
||||
--with-system-et \
|
||||
--with-system-ss
|
||||
cd util/profile
|
||||
make install-headers-unix
|
||||
cd ../../include
|
||||
make
|
||||
cd ../lib/kadm5
|
||||
make includes
|
||||
cd ../gssapi/generic
|
||||
make gssapi-include
|
||||
ln -s %{_libdir}/libgssrpc.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libgssapi_krb5.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libk5crypto.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libkrb5support.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libkrb5.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libkadm5srv.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libkdb5.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libkrb4.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
ln -s %{_libdir}/libdes425.so %{_builddir}/%{srcRoot}/src/lib/
|
||||
cd ../../../kadmin/cli
|
||||
make getdate.o
|
||||
cd ../../plugins/kdb/ldap/
|
||||
make %{?jobs:-j%jobs}
|
||||
cd ../../preauth/pkinit/
|
||||
make %{?jobs:-j%jobs}
|
||||
#make check
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
|
||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
|
||||
mkdir -p %{buildroot}/%{krb5docdir}
|
||||
mkdir -p %{buildroot}/usr/lib/mit/sbin/
|
||||
mkdir -p %{buildroot}/%{_mandir}/man8/
|
||||
cd src/plugins/kdb/ldap/
|
||||
make DESTDIR=%{buildroot} install
|
||||
cd ../../preauth/pkinit/
|
||||
make DESTDIR=%{buildroot} install
|
||||
# all libs must have permissions 0755
|
||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||
do
|
||||
chmod 0755 ${lib}
|
||||
done
|
||||
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
|
||||
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
|
||||
# cleanup
|
||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
#####################################################
|
||||
# krb5 pre/post/postun
|
||||
#####################################################
|
||||
|
||||
%post -n krb5-plugin-kdb-ldap
|
||||
/sbin/ldconfig
|
||||
|
||||
%postun -n krb5-plugin-kdb-ldap
|
||||
/sbin/ldconfig
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
########################################################
|
||||
# files sections
|
||||
########################################################
|
||||
|
||||
%files -n krb5-plugin-kdb-ldap
|
||||
%defattr(-,root,root)
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/kdb
|
||||
%dir /usr/lib/mit/sbin/
|
||||
%dir %{krb5docdir}
|
||||
%doc %{krb5docdir}/kerberos.schema
|
||||
%doc %{krb5docdir}/kerberos.ldif
|
||||
%{_libdir}/krb5/plugins/kdb/*.so
|
||||
/usr/lib/mit/sbin/*
|
||||
%{_libdir}/libkdb_ldap*
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%files -n krb5-plugin-preauth-pkinit
|
||||
%defattr(-,root,root)
|
||||
%dir %{_libdir}/krb5
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||
|
||||
%changelog
|
||||
* Fri Jul 25 2008 mc@suse.de
|
||||
- add patches from SVN post 1.6.3
|
||||
* krb5_string_to_keysalts: Fix an infinite loop
|
||||
* fix some mutex issues
|
||||
* better recovery from corrupt rcache files
|
||||
* some more small fixes
|
||||
* Wed Jun 18 2008 mc@suse.de
|
||||
- reduce rpmlint warnings
|
||||
* Tue Dec 04 2007 mc@suse.de
|
||||
- improve GSSAPI error messages
|
||||
* Tue Oct 23 2007 mc@suse.de
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
* Fri Sep 14 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||
that the client library will not failover to the next KDC.
|
||||
[#310540]
|
||||
* Tue Sep 11 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
* Thu Sep 06 2007 mc@suse.de
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
* Wed Sep 05 2007 mc@suse.de
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
* Tue Aug 07 2007 mc@suse.de
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
session key enctype of a returned credential for the final
|
||||
service is among the enctypes explicitly selected by the
|
||||
application, and retry with old_use_conf_ktypes if it is not.
|
||||
* If mkstemp() is available, the new ccache file gets created but
|
||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||
was already created by mkstemp(). Apply patch from Apple to keep
|
||||
the file descriptor open.
|
||||
* Thu Jul 12 2007 mc@suse.de
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
* Mon Jul 02 2007 mc@suse.de
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
* Wed May 09 2007 mc@suse.de
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
* Thu May 03 2007 mc@suse.de
|
||||
- adding krb5-1.6.1-post.dif
|
||||
* fix segfault in krb5_get_init_creds_password
|
||||
* remove debug output in ftp client
|
||||
* profile stores empty string values without double quotes
|
||||
* Mon Apr 23 2007 mc@suse.de
|
||||
- update to final 1.6.1 version
|
||||
* Mon Apr 16 2007 mc@suse.de
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
- rework compile_pie patch
|
||||
* Wed Apr 11 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* fix kadmind stack overflow in krb5_klog_syslog
|
||||
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
||||
[#253548]
|
||||
* fix double free attack in the RPC library
|
||||
(MITKRB5-SA-2007-003 - CVE-2007-1216)
|
||||
[#252487]
|
||||
* fix krb5 telnetd login injection
|
||||
(MIT-SA-2007-001 - CVE-2007-0956)
|
||||
[#247765]
|
||||
* Thu Mar 29 2007 mc@suse.de
|
||||
- add ncurses-devel and bison to BuildRequires
|
||||
- rework some patches
|
||||
* Mon Feb 19 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* Fri Feb 09 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* Mon Jan 29 2007 ro@suse.de
|
||||
- no main package, no debuginfo
|
||||
* Mon Jan 29 2007 mc@suse.de
|
||||
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
||||
are now upstream. Remove patches.
|
||||
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
||||
* Tue Jan 23 2007 mc@suse.de
|
||||
- fix "local variable used before set" in ftp.c
|
||||
[#237684]
|
||||
- use less BuildRequires
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- initial release (version 1.6)
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
@ -1,49 +0,0 @@
|
||||
Every KRB-PRIV message we generate to include as part of a password change
|
||||
request we create (after the first one) will include sequence numbers which
|
||||
look "wrong" to the recipient, because previously generating other KRB-PRIV
|
||||
messages will mess with the counters in the auth_context. Because the
|
||||
current code attempts to reuse auth_context structures (and changing that
|
||||
would be more invasive), we'll just save the sequence number values as they
|
||||
are after we build the AP-REQ, and restore them before generating requests.
|
||||
RT#5867.
|
||||
|
||||
Index: src/lib/krb5/os/changepw.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/os/changepw.c (revision 20195)
|
||||
+++ src/lib/krb5/os/changepw.c (working copy)
|
||||
@@ -34,6 +34,7 @@
|
||||
#include "k5-int.h"
|
||||
#include "os-proto.h"
|
||||
#include "cm.h"
|
||||
+#include "../krb/auth_con.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
@@ -48,6 +49,7 @@
|
||||
krb5_principal set_password_for;
|
||||
char *newpw;
|
||||
krb5_data ap_req;
|
||||
+ krb5_ui_4 remote_seq_num, local_seq_num;
|
||||
};
|
||||
|
||||
|
||||
@@ -159,6 +161,9 @@
|
||||
&local_kaddr, NULL)))
|
||||
goto cleanup;
|
||||
|
||||
+ ctx->auth_context->remote_seq_number = ctx->remote_seq_num;
|
||||
+ ctx->auth_context->local_seq_number = ctx->local_seq_num;
|
||||
+
|
||||
if (ctx->set_password_for)
|
||||
code = krb5int_mk_setpw_req(ctx->context,
|
||||
ctx->auth_context,
|
||||
@@ -225,6 +230,9 @@
|
||||
&callback_ctx.ap_req)))
|
||||
goto cleanup;
|
||||
|
||||
+ callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number;
|
||||
+ callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number;
|
||||
+
|
||||
do {
|
||||
if ((code = krb5_locate_kpasswd(callback_ctx.context,
|
||||
krb5_princ_realm(callback_ctx.context,
|
41
krb5.changes
41
krb5.changes
@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to final 1.7 release
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to version 1.7 Beta2
|
||||
* Incremental propagation support for the KDC database.
|
||||
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
||||
framework that can protect the AS exchange from dictionary attack.
|
||||
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
|
||||
allows a GSS application to request credential delegation only if
|
||||
permitted by KDC policy.
|
||||
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
|
||||
various vulnerabilities in SPNEGO and ASN.1 code.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
||||
|
||||
- update to pre 1.7 version
|
||||
* Remove support for version 4 of the Kerberos protocol (krb4).
|
||||
* New libdefaults configuration variable "allow_weak_crypto".
|
||||
* Client library now follows client principal referrals, for
|
||||
compatibility with Windows.
|
||||
* KDC can issue realm referrals for service principals based on domain
|
||||
names.
|
||||
* Encryption algorithm negotiation (RFC 4537).
|
||||
* In the replay cache, use a hash over the complete ciphertext to
|
||||
avoid false-positive replay indications.
|
||||
* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
|
||||
similar to the equivalent SSPI functionality.
|
||||
* DCE RPC, including three-leg GSS context setup and unencapsulated
|
||||
GSS tokens.
|
||||
* NTLM recognition support in GSS-API, to facilitate dropping in an
|
||||
NTLM implementation.
|
||||
* KDC support for principal aliases, if the back end supports them.
|
||||
* Microsoft set/change password (RFC 3244) protocol in kadmind.
|
||||
* Master key rollover support.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 14 09:21:36 CET 2009 - olh@suse.de
|
||||
|
||||
|
5
pre_checkin.sh
Normal file
5
pre_checkin.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
sed -e 's/Name:.*/Name: krb5-mini/g;' \
|
||||
-e 's/%define.*build_mini.*/%define build_mini 1/g' krb5.spec > krb5-mini.spec
|
||||
cp krb5.changes krb5-mini.changes
|
||||
|
@ -1,35 +0,0 @@
|
||||
Index: src/kadmin/dbutil/Makefile.in
|
||||
===================================================================
|
||||
--- src/kadmin/dbutil/Makefile.in.orig
|
||||
+++ src/kadmin/dbutil/Makefile.in
|
||||
@@ -19,21 +19,28 @@ SRCS = kdb5_util.c kdb5_create.c kadm5_c
|
||||
|
||||
OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o
|
||||
|
||||
-all:: $(PROG)
|
||||
+all:: $(PROG) EncryptWithMasterKey
|
||||
|
||||
$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
|
||||
$(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
|
||||
|
||||
+EncryptWithMasterKey: EncryptWithMasterKey.o
|
||||
+ $(CC_LINK) -o EncryptWithMasterKey EncryptWithMasterKey.o $(KRB5_BASE_LIBS)
|
||||
+
|
||||
+EncryptWithMasterKey.o: EncryptWithMasterKey.c
|
||||
+
|
||||
+
|
||||
import_err.c import_err.h: $(srcdir)/import_err.et
|
||||
|
||||
$(OBJS): import_err.h
|
||||
|
||||
install::
|
||||
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
|
||||
+ $(INSTALL_PROGRAM) EncryptWithMasterKey ${DESTDIR}$(ADMIN_BINDIR)/EncryptWithMasterKey
|
||||
$(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8
|
||||
|
||||
clean::
|
||||
- $(RM) $(PROG) $(OBJS) import_err.c import_err.h
|
||||
+ $(RM) $(PROG) $(OBJS) import_err.c import_err.h EncryptWithMasterKey EncryptWithMasterKey.o
|
||||
|
||||
# +++ Dependency line eater +++
|
||||
#
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d6c325cc28c01e7e51fc96e3b966bb741060efb11a3b154b1ec0f07986a9571f
|
||||
size 186676
|
||||
oid sha256:50ad02a920579585da9d44999c680c731ba9c2530fbc542e3298eacab1286617
|
||||
size 182015
|
||||
|
@ -1,15 +0,0 @@
|
||||
# fix warning:
|
||||
# string2key.c: In function 'mit_des_string_to_key_int':
|
||||
# string2key.c:229: warning: pointer targets in passing argument 1 of 'mit_des_cbc_cksum' differ in signedness
|
||||
#
|
||||
--- src/lib/crypto/des/string2key.c
|
||||
+++ src/lib/crypto/des/string2key.c 2006/06/21 08:16:12
|
||||
@@ -44,7 +44,7 @@
|
||||
krb5_ui_4 x, y, z;
|
||||
unsigned char *p;
|
||||
des_key_schedule sched;
|
||||
- char *copy;
|
||||
+ unsigned char *copy;
|
||||
size_t copylen;
|
||||
|
||||
/* As long as the architecture is big-endian or little-endian, it
|
@ -1,169 +0,0 @@
|
||||
# warning fix for:
|
||||
# derive.c:63: warning: pointer targets in assignment differ in signedness
|
||||
# derive.c:66: warning: pointer targets in assignment differ in signedness
|
||||
# derive.c:75: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness
|
||||
# derive.c:75: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness
|
||||
# derive.c:96: warning: pointer targets in assignment differ in signedness
|
||||
# derive.c: In function 'krb5_derive_random':
|
||||
# derive.c:148: warning: pointer targets in assignment differ in signedness
|
||||
# derive.c:151: warning: pointer targets in assignment differ in signedness
|
||||
# derive.c:160: warning: pointer targets in passing argument 2 of 'krb5_nfold' differ in signedness
|
||||
# derive.c:160: warning: pointer targets in passing argument 4 of 'krb5_nfold' differ in signedness
|
||||
#
|
||||
# dk_decrypt.c:153: warning: pointer targets in assignment differ in signedness
|
||||
#
|
||||
# dk_encrypt.c: In function 'krb5_dk_encrypt':
|
||||
# dk_encrypt.c:98: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:119: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:132: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:141: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c: In function 'krb5int_aes_dk_encrypt':
|
||||
# dk_encrypt.c:263: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:284: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:298: warning: pointer targets in assignment differ in signedness
|
||||
# dk_encrypt.c:308: warning: pointer targets in assignment differ in signedness
|
||||
#
|
||||
--- src/lib/crypto/dk/derive.c
|
||||
+++ src/lib/crypto/dk/derive.c 2006/06/21 10:13:47
|
||||
@@ -60,10 +60,10 @@
|
||||
return(ENOMEM);
|
||||
}
|
||||
|
||||
- inblock.data = inblockdata;
|
||||
+ inblock.data = (char*)inblockdata;
|
||||
inblock.length = blocksize;
|
||||
|
||||
- outblock.data = outblockdata;
|
||||
+ outblock.data = (char*)outblockdata;
|
||||
outblock.length = blocksize;
|
||||
|
||||
/* initialize the input block */
|
||||
@@ -71,8 +71,8 @@
|
||||
if (in_constant->length == inblock.length) {
|
||||
memcpy(inblock.data, in_constant->data, inblock.length);
|
||||
} else {
|
||||
- krb5_nfold(in_constant->length*8, in_constant->data,
|
||||
- inblock.length*8, inblock.data);
|
||||
+ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data,
|
||||
+ inblock.length*8, (unsigned char*)inblock.data);
|
||||
}
|
||||
|
||||
/* loop encrypting the blocks until enough key bytes are generated */
|
||||
@@ -93,7 +93,7 @@
|
||||
|
||||
/* postprocess the key */
|
||||
|
||||
- inblock.data = rawkey;
|
||||
+ inblock.data = (char*)rawkey;
|
||||
inblock.length = keybytes;
|
||||
|
||||
(*(enc->make_key))(&inblock, outkey);
|
||||
@@ -145,10 +145,10 @@
|
||||
return(ENOMEM);
|
||||
}
|
||||
|
||||
- inblock.data = inblockdata;
|
||||
+ inblock.data = (char*)inblockdata;
|
||||
inblock.length = blocksize;
|
||||
|
||||
- outblock.data = outblockdata;
|
||||
+ outblock.data = (char*)outblockdata;
|
||||
outblock.length = blocksize;
|
||||
|
||||
/* initialize the input block */
|
||||
@@ -156,8 +156,8 @@
|
||||
if (in_constant->length == inblock.length) {
|
||||
memcpy(inblock.data, in_constant->data, inblock.length);
|
||||
} else {
|
||||
- krb5_nfold(in_constant->length*8, in_constant->data,
|
||||
- inblock.length*8, inblock.data);
|
||||
+ krb5_nfold(in_constant->length*8, (unsigned char*)in_constant->data,
|
||||
+ inblock.length*8, (unsigned char*)inblock.data);
|
||||
}
|
||||
|
||||
/* loop encrypting the blocks until enough key bytes are generated */
|
||||
--- src/lib/crypto/dk/dk_decrypt.c
|
||||
+++ src/lib/crypto/dk/dk_decrypt.c 2006/06/21 10:13:47
|
||||
@@ -150,7 +150,7 @@
|
||||
cn = (unsigned char *) d1.data + d1.length - blocksize;
|
||||
else if (ivec_mode == 1) {
|
||||
int nblocks = (d1.length + blocksize - 1) / blocksize;
|
||||
- cn = d1.data + blocksize * (nblocks - 2);
|
||||
+ cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
|
||||
} else
|
||||
abort();
|
||||
} else
|
||||
--- src/lib/crypto/dk/dk_encrypt.c
|
||||
+++ src/lib/crypto/dk/dk_encrypt.c 2006/06/21 10:19:00
|
||||
@@ -95,7 +95,7 @@
|
||||
|
||||
/* derive the keys */
|
||||
|
||||
- d1.data = constantdata;
|
||||
+ d1.data = (char*)constantdata;
|
||||
d1.length = K5CLENGTH;
|
||||
|
||||
d1.data[0] = (usage>>24)&0xff;
|
||||
@@ -116,7 +116,7 @@
|
||||
/* put together the plaintext */
|
||||
|
||||
d1.length = blocksize;
|
||||
- d1.data = plaintext;
|
||||
+ d1.data = (char*)plaintext;
|
||||
|
||||
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
|
||||
goto cleanup;
|
||||
@@ -129,7 +129,7 @@
|
||||
/* encrypt the plaintext */
|
||||
|
||||
d1.length = plainlen;
|
||||
- d1.data = plaintext;
|
||||
+ d1.data = (char*)plaintext;
|
||||
|
||||
d2.length = plainlen;
|
||||
d2.data = output->data;
|
||||
@@ -138,7 +138,7 @@
|
||||
goto cleanup;
|
||||
|
||||
if (ivec != NULL && ivec->length == blocksize)
|
||||
- cn = d2.data + d2.length - blocksize;
|
||||
+ cn = (unsigned char*)d2.data + d2.length - blocksize;
|
||||
else
|
||||
cn = NULL;
|
||||
|
||||
@@ -260,7 +260,7 @@
|
||||
|
||||
/* derive the keys */
|
||||
|
||||
- d1.data = constantdata;
|
||||
+ d1.data = (char*)constantdata;
|
||||
d1.length = K5CLENGTH;
|
||||
|
||||
d1.data[0] = (usage>>24)&0xff;
|
||||
@@ -281,7 +281,7 @@
|
||||
/* put together the plaintext */
|
||||
|
||||
d1.length = blocksize;
|
||||
- d1.data = plaintext;
|
||||
+ d1.data = (char*)plaintext;
|
||||
|
||||
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
|
||||
goto cleanup;
|
||||
@@ -295,7 +295,7 @@
|
||||
/* encrypt the plaintext */
|
||||
|
||||
d1.length = plainlen;
|
||||
- d1.data = plaintext;
|
||||
+ d1.data = (char*)plaintext;
|
||||
|
||||
d2.length = plainlen;
|
||||
d2.data = output->data;
|
||||
@@ -305,7 +305,7 @@
|
||||
|
||||
if (ivec != NULL && ivec->length == blocksize) {
|
||||
int nblocks = (d2.length + blocksize - 1) / blocksize;
|
||||
- cn = d2.data + blocksize * (nblocks - 2);
|
||||
+ cn = (unsigned char*)d2.data + blocksize * (nblocks - 2);
|
||||
} else
|
||||
cn = NULL;
|
||||
|
@ -1,77 +0,0 @@
|
||||
# fix warnings for:
|
||||
# aes.c: In function 'krb5int_aes_encrypt':
|
||||
# aes.c:72: warning: pointer targets in passing argument 1 of 'krb5int_aes_enc_blk' differ in signedness
|
||||
# aes.c:72: warning: pointer targets in passing argument 2 of 'krb5int_aes_enc_blk' differ in signedness
|
||||
# aes.c:77: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:86: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:94: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:94: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
|
||||
# aes.c: In function 'krb5int_aes_decrypt':
|
||||
# aes.c:127: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
|
||||
# aes.c:127: warning: pointer targets in passing argument 2 of 'krb5int_aes_dec_blk' differ in signedness
|
||||
# aes.c:131: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
|
||||
# aes.c:132: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:132: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
|
||||
# aes.c:138: warning: pointer targets in passing argument 1 of 'krb5int_aes_dec_blk' differ in signedness
|
||||
# aes.c:145: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:145: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
|
||||
# aes.c:154: warning: pointer targets in passing argument 1 of 'xorblock' differ in signedness
|
||||
# aes.c:154: warning: pointer targets in passing argument 2 of 'xorblock' differ in signedness
|
||||
#
|
||||
--- src/lib/crypto/enc_provider/aes.c
|
||||
+++ src/lib/crypto/enc_provider/aes.c 2006/06/21 10:50:23
|
||||
@@ -40,7 +40,7 @@
|
||||
#define enc(OUT, IN, CTX) (aes_enc_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
|
||||
#define dec(OUT, IN, CTX) (aes_dec_blk((IN),(OUT),(CTX)) == aes_good ? (void) 0 : abort())
|
||||
|
||||
-static void xorblock(char *out, const char *in)
|
||||
+static void xorblock(unsigned char *out, const unsigned char *in)
|
||||
{
|
||||
int z;
|
||||
for (z = 0; z < BLOCK_SIZE; z++)
|
||||
@@ -69,12 +69,12 @@
|
||||
|
||||
if (nblocks == 1) {
|
||||
/* XXX Used for DK function. */
|
||||
- enc(output->data, input->data, &ctx);
|
||||
+ enc((unsigned char*)output->data, (unsigned char*)input->data, &ctx);
|
||||
} else {
|
||||
unsigned int nleft;
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
- xorblock(tmp, input->data + blockno * BLOCK_SIZE);
|
||||
+ xorblock(tmp, (unsigned char*) input->data + blockno * BLOCK_SIZE);
|
||||
enc(tmp2, tmp, &ctx);
|
||||
memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
|
||||
|
||||
@@ -83,7 +83,7 @@
|
||||
}
|
||||
/* Do final CTS step for last two blocks (the second of which
|
||||
may or may not be incomplete). */
|
||||
- xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
|
||||
+ xorblock(tmp, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE);
|
||||
enc(tmp2, tmp, &ctx);
|
||||
nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
|
||||
memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
|
||||
@@ -124,18 +124,18 @@
|
||||
if (nblocks == 1) {
|
||||
if (input->length < BLOCK_SIZE)
|
||||
abort();
|
||||
- dec(output->data, input->data, &ctx);
|
||||
+ dec((unsigned char*)output->data, (unsigned char*) input->data, &ctx);
|
||||
} else {
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
- dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
|
||||
+ dec(tmp2, (unsigned char*)input->data + blockno * BLOCK_SIZE, &ctx);
|
||||
xorblock(tmp2, tmp);
|
||||
memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
|
||||
memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
|
||||
}
|
||||
/* Do last two blocks, the second of which (next-to-last block
|
||||
of plaintext) may be incomplete. */
|
||||
- dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
|
||||
+ dec(tmp2, (unsigned char*) input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
|
||||
/* Set tmp3 to last ciphertext block, padded. */
|
||||
memset(tmp3, 0, sizeof(tmp3));
|
||||
memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,
|
@ -1,27 +0,0 @@
|
||||
# warning fixes for:
|
||||
# arcfour_s2k.c:46: warning: pointer targets in passing argument 2 of 'asctouni' differ in signedness
|
||||
#
|
||||
# ycipher.c:77: warning: pointer targets in assignment differ in signedness
|
||||
#
|
||||
--- src/lib/crypto/arcfour/arcfour_s2k.c
|
||||
+++ src/lib/crypto/arcfour/arcfour_s2k.c 2006/06/21 10:55:47
|
||||
@@ -43,7 +43,7 @@
|
||||
return ENOMEM;
|
||||
|
||||
/* make the string. start by creating the unicode version of the password*/
|
||||
- asctouni(copystr, string->data, slen );
|
||||
+ asctouni(copystr, (unsigned char*)string->data, slen );
|
||||
|
||||
/* the actual MD4 hash of the data */
|
||||
krb5_MD4Init(&md4_context);
|
||||
--- src/lib/crypto/yarrow/ycipher.c
|
||||
+++ src/lib/crypto/yarrow/ycipher.c 2006/06/21 10:56:48
|
||||
@@ -74,7 +74,7 @@
|
||||
const struct krb5_enc_provider *enc = &yarrow_enc_provider;
|
||||
ind.data = (char *) in;
|
||||
ind.length = CIPHER_BLOCK_SIZE;
|
||||
- outd.data = out;
|
||||
+ outd.data = (char*)out;
|
||||
outd.length = CIPHER_BLOCK_SIZE;
|
||||
ret = enc->encrypt (&ctx->key, 0, &ind, &outd);
|
||||
if (ret)
|
@ -1,76 +0,0 @@
|
||||
# warning fix for:
|
||||
# old_api_glue.c: In function 'krb5_encrypt':
|
||||
# old_api_glue.c:49: warning: assignment discards qualifiers from pointer target type
|
||||
# old_api_glue.c: In function 'krb5_decrypt':
|
||||
# old_api_glue.c:85: warning: assignment discards qualifiers from pointer target type
|
||||
# old_api_glue.c: In function 'krb5_calculate_checksum':
|
||||
# old_api_glue.c:206: warning: assignment discards qualifiers from pointer target type
|
||||
# old_api_glue.c:210: warning: assignment discards qualifiers from pointer target type
|
||||
# old_api_glue.c: In function 'krb5_verify_checksum':
|
||||
# old_api_glue.c:242: warning: assignment discards qualifiers from pointer target type
|
||||
# old_api_glue.c:246: warning: assignment discards qualifiers from pointer target type
|
||||
#
|
||||
# pbkdf2.c:86: warning: pointer targets in assignment differ in signedness
|
||||
#
|
||||
# prng.c:33: warning: 'init_error' defined but not used
|
||||
#
|
||||
--- src/lib/crypto/old_api_glue.c
|
||||
+++ src/lib/crypto/old_api_glue.c 2006/06/21 10:23:07
|
||||
@@ -46,7 +46,7 @@
|
||||
|
||||
/* size is the length of the input cleartext data */
|
||||
inputd.length = size;
|
||||
- inputd.data = inptr;
|
||||
+ inputd.data = (char*)inptr;
|
||||
|
||||
/* The size of the output buffer isn't part of the old api. Not too
|
||||
safe. So, we assume here that it's big enough. */
|
||||
@@ -82,7 +82,7 @@
|
||||
/* size is the length of the input ciphertext data */
|
||||
inputd.enctype = eblock->key->enctype;
|
||||
inputd.ciphertext.length = size;
|
||||
- inputd.ciphertext.data = inptr;
|
||||
+ inputd.ciphertext.data = (char*)inptr;
|
||||
|
||||
/* we don't really know how big this is, but the code tends to assume
|
||||
that the output buffer size should be the same as the input
|
||||
@@ -203,11 +203,11 @@
|
||||
krb5_error_code ret;
|
||||
krb5_checksum cksum;
|
||||
|
||||
- input.data = in;
|
||||
+ input.data = (char*)in;
|
||||
input.length = in_length;
|
||||
|
||||
key.length = seed_length;
|
||||
- key.contents = seed;
|
||||
+ key.contents = (krb5_octet*)seed;
|
||||
|
||||
if ((ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum)))
|
||||
return(ret);
|
||||
@@ -239,11 +239,11 @@
|
||||
krb5_error_code ret;
|
||||
krb5_boolean valid;
|
||||
|
||||
- input.data = in;
|
||||
+ input.data = (char*)in;
|
||||
input.length = in_length;
|
||||
|
||||
key.length = seed_length;
|
||||
- key.contents = seed;
|
||||
+ key.contents = (krb5_octet*)seed;
|
||||
|
||||
if ((ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum,
|
||||
&valid)))
|
||||
--- src/lib/crypto/pbkdf2.c
|
||||
+++ src/lib/crypto/pbkdf2.c 2006/06/21 10:25:54
|
||||
@@ -83,7 +83,7 @@
|
||||
krb5_data out;
|
||||
krb5_error_code err;
|
||||
|
||||
- pdata.contents = pass->data;
|
||||
+ pdata.contents = (krb5_octet*) pass->data;
|
||||
pdata.length = pass->length;
|
||||
|
||||
#if 0
|
||||
|
Loading…
Reference in New Issue
Block a user