- update to version 1.11
* Improve ASN.1 support code, making it table-driven for
decoding as well as encoding
* Refactor parts of KDC
* Documentation consolidation
* build docs in the main package
* bugfixing
- revert the -p usage in %postun to fix SLE build
- update to version 1.11
* Improve ASN.1 support code, making it table-driven for
decoding as well as encoding
* Refactor parts of KDC
* Documentation consolidation
* build docs in the main package
* bugfixing
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=81
This commit is contained in:
Michael Calmer
Git OBS Bridge
parent
9f81fd6bf3
commit
ebe2f14d13
@ -4,10 +4,10 @@ the -L/usr/lib* and PIE flags where they might leak out and affect
|
||||
apps which just want to link with the libraries. FIXME: needs to check and
|
||||
not just assume that the compiler supports using these flags.
|
||||
|
||||
Index: krb5-1.10.2/src/config/shlib.conf
|
||||
Index: krb5-1.11/src/config/shlib.conf
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/config/shlib.conf
|
||||
+++ krb5-1.10.2/src/config/shlib.conf
|
||||
--- krb5-1.11.orig/src/config/shlib.conf
|
||||
+++ krb5-1.11/src/config/shlib.conf
|
||||
@@ -419,7 +419,7 @@ mips-*-netbsd*)
|
||||
SHLIBEXT=.so
|
||||
# Linux ld doesn't default to stuffing the SONAME field...
|
||||
@ -27,11 +27,11 @@ Index: krb5-1.10.2/src/config/shlib.conf
|
||||
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
||||
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
||||
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
||||
Index: krb5-1.10.2/src/krb5-config.in
|
||||
Index: krb5-1.11/src/krb5-config.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/krb5-config.in
|
||||
+++ krb5-1.10.2/src/krb5-config.in
|
||||
@@ -189,6 +189,13 @@ if test -n "$do_libs"; then
|
||||
--- krb5-1.11.orig/src/krb5-config.in
|
||||
+++ krb5-1.11/src/krb5-config.in
|
||||
@@ -221,6 +221,13 @@ if test -n "$do_libs"; then
|
||||
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
||||
-e 's#\$(CFLAGS)##'`
|
||||
|
||||
@ -45,11 +45,11 @@ Index: krb5-1.10.2/src/krb5-config.in
|
||||
if test $library = 'kdb'; then
|
||||
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
||||
library=krb5
|
||||
Index: krb5-1.10.2/src/config/pre.in
|
||||
Index: krb5-1.11/src/config/pre.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/config/pre.in
|
||||
+++ krb5-1.10.2/src/config/pre.in
|
||||
@@ -190,7 +190,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST
|
||||
--- krb5-1.11.orig/src/config/pre.in
|
||||
+++ krb5-1.11/src/config/pre.in
|
||||
@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST
|
||||
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
||||
INSTALL_DATA=@INSTALL_DATA@
|
||||
INSTALL_SHLIB=@INSTALL_SHLIB@
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
This file also triggers the maybe-uninitialized warning/error. RT#7080
|
||||
|
||||
--- src/lib/krb5/krb/x-deltat.y
|
||||
+++ src/lib/krb5/krb/x-deltat.y
|
||||
@@ -44,6 +44,7 @@
|
||||
#ifdef __GNUC__
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wuninitialized"
|
||||
+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
|
||||
#endif
|
||||
|
||||
#include <ctype.h>
|
||||
@ -1,999 +0,0 @@
|
||||
SELinux bases access to files on the domain of the requesting process,
|
||||
the operation being performed, and the context applied to the file.
|
||||
|
||||
In many cases, applications needn't be SELinux aware to work properly,
|
||||
because SELinux can apply a default label to a file based on the label
|
||||
of the directory in which it's created.
|
||||
|
||||
In the case of files such as /etc/krb5.keytab, however, this isn't
|
||||
sufficient, as /etc/krb5.keytab will almost always need to be given a
|
||||
label which differs from that of /etc/issue or /etc/resolv.conf. The
|
||||
the kdb stash file needs a different label than the database for which
|
||||
it's holding a master key, even though both typically live in the same
|
||||
directory.
|
||||
|
||||
To give the file the correct label, we can either force a "restorecon"
|
||||
call to fix a file's label after it's created, or create the file with
|
||||
the right label, as we attempt to do here. We lean on THREEPARAMOPEN
|
||||
and define a similar macro named WRITABLEFOPEN with which we replace
|
||||
several uses of fopen().
|
||||
|
||||
The file creation context that we're manipulating here is a process-wide
|
||||
attribute. While for the most part, applications which need to label
|
||||
files when they're created have tended to be single-threaded, there's
|
||||
not much we can do to avoid interfering with an application that
|
||||
manipulates the creation context directly. Right now we're mediating
|
||||
access using a library-local mutex, but that can only work for consumers
|
||||
that are part of this package -- an unsuspecting application will still
|
||||
stomp all over us.
|
||||
|
||||
The selabel APIs for looking up the context should be thread-safe (per
|
||||
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
||||
which we used earlier, is some improvement.
|
||||
|
||||
Index: krb5-1.10.2/src/aclocal.m4
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
||||
+++ krb5-1.10.2/src/aclocal.m4
|
||||
@@ -84,6 +84,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
||||
dnl
|
||||
KRB5_AC_PRAGMA_WEAK_REF
|
||||
WITH_LDAP
|
||||
+KRB5_WITH_SELINUX
|
||||
KRB5_LIB_PARAMS
|
||||
KRB5_AC_INITFINI
|
||||
KRB5_AC_ENABLE_THREADS
|
||||
@@ -1764,3 +1765,51 @@ AC_SUBST(manlocalstatedir)
|
||||
AC_SUBST(manlibexecdir)
|
||||
AC_CONFIG_FILES($1)
|
||||
])
|
||||
+dnl
|
||||
+dnl Use libselinux to set file contexts on newly-created files.
|
||||
+dnl
|
||||
+AC_DEFUN(KRB5_WITH_SELINUX,[
|
||||
+AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])],
|
||||
+ withselinux="$withval",withselinux=auto)
|
||||
+old_LIBS="$LIBS"
|
||||
+if test "$withselinux" != no ; then
|
||||
+ AC_MSG_RESULT([checking for libselinux...])
|
||||
+ SELINUX_LIBS=
|
||||
+ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h)
|
||||
+ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then
|
||||
+ if test "$withselinux" = auto ; then
|
||||
+ AC_MSG_RESULT([Unable to locate selinux/selinux.h.])
|
||||
+ withselinux=no
|
||||
+ else
|
||||
+ AC_MSG_ERROR([Unable to locate selinux/selinux.h.])
|
||||
+ fi
|
||||
+ fi
|
||||
+
|
||||
+ LIBS=
|
||||
+ unset ac_cv_func_setfscreatecon
|
||||
+ AC_CHECK_FUNCS(setfscreatecon selabel_open)
|
||||
+ if test "x$ac_cv_func_setfscreatecon" = xno ; then
|
||||
+ AC_CHECK_LIB(selinux,setfscreatecon)
|
||||
+ unset ac_cv_func_setfscreatecon
|
||||
+ AC_CHECK_FUNCS(setfscreatecon selabel_open)
|
||||
+ if test "x$ac_cv_func_setfscreatecon" = xyes ; then
|
||||
+ SELINUX_LIBS="$LIBS"
|
||||
+ else
|
||||
+ if test "$withselinux" = auto ; then
|
||||
+ AC_MSG_RESULT([Unable to locate libselinux.])
|
||||
+ withselinux=no
|
||||
+ else
|
||||
+ AC_MSG_ERROR([Unable to locate libselinux.])
|
||||
+ fi
|
||||
+ fi
|
||||
+ fi
|
||||
+ if test "$withselinux" != no ; then
|
||||
+ AC_MSG_NOTICE([building with SELinux labeling support])
|
||||
+ AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.])
|
||||
+ SELINUX_LIBS="$LIBS"
|
||||
+ EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon"
|
||||
+ fi
|
||||
+fi
|
||||
+LIBS="$old_LIBS"
|
||||
+AC_SUBST(SELINUX_LIBS)
|
||||
+])dnl
|
||||
Index: krb5-1.10.2/src/config/pre.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/config/pre.in
|
||||
+++ krb5-1.10.2/src/config/pre.in
|
||||
@@ -182,6 +182,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PR
|
||||
LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
|
||||
LDARGS = @LDARGS@
|
||||
LIBS = @LIBS@
|
||||
+SELINUX_LIBS=@SELINUX_LIBS@
|
||||
|
||||
INSTALL=@INSTALL@
|
||||
INSTALL_STRIP=
|
||||
@@ -406,7 +407,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
||||
# HESIOD_LIBS is -lhesiod...
|
||||
HESIOD_LIBS = @HESIOD_LIBS@
|
||||
|
||||
-KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
|
||||
+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
|
||||
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
||||
GSS_LIBS = $(GSS_KRB5_LIB)
|
||||
# needs fixing if ever used on Mac OS X!
|
||||
Index: krb5-1.10.2/src/configure.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/configure.in
|
||||
+++ krb5-1.10.2/src/configure.in
|
||||
@@ -1248,6 +1248,8 @@ AC_SUBST(localedir)
|
||||
|
||||
KRB5_WITH_PAM
|
||||
|
||||
+KRB5_WITH_SELINUX
|
||||
+
|
||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
||||
|
||||
V5_AC_OUTPUT_MANPAGE([
|
||||
Index: krb5-1.10.2/src/include/k5-int.h
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/include/k5-int.h
|
||||
+++ krb5-1.10.2/src/include/k5-int.h
|
||||
@@ -135,6 +135,7 @@ typedef unsigned char u_char;
|
||||
typedef UINT64_TYPE krb5_ui_8;
|
||||
typedef INT64_TYPE krb5_int64;
|
||||
|
||||
+#include "k5-label.h"
|
||||
|
||||
#define DEFAULT_PWD_STRING1 "Enter password"
|
||||
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
|
||||
Index: krb5-1.10.2/src/include/k5-label.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ krb5-1.10.2/src/include/k5-label.h
|
||||
@@ -0,0 +1,32 @@
|
||||
+#ifndef _KRB5_LABEL_H
|
||||
+#define _KRB5_LABEL_H
|
||||
+
|
||||
+#ifdef THREEPARAMOPEN
|
||||
+#undef THREEPARAMOPEN
|
||||
+#endif
|
||||
+#ifdef WRITABLEFOPEN
|
||||
+#undef WRITABLEFOPEN
|
||||
+#endif
|
||||
+
|
||||
+/* Wrapper functions which help us create files and directories with the right
|
||||
+ * context labels. */
|
||||
+#ifdef USE_SELINUX
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <stdio.h>
|
||||
+#include <unistd.h>
|
||||
+FILE *krb5int_labeled_fopen(const char *path, const char *mode);
|
||||
+int krb5int_labeled_creat(const char *path, mode_t mode);
|
||||
+int krb5int_labeled_open(const char *path, int flags, ...);
|
||||
+int krb5int_labeled_mkdir(const char *path, mode_t mode);
|
||||
+int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device);
|
||||
+#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z)
|
||||
+#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y)
|
||||
+void *krb5int_push_fscreatecon_for(const char *pathname);
|
||||
+void krb5int_pop_fscreatecon(void *previous);
|
||||
+#else
|
||||
+#define WRITABLEFOPEN(x,y) fopen(x,y)
|
||||
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||
+#endif
|
||||
+#endif
|
||||
Index: krb5-1.10.2/src/include/krb5/krb5.hin
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/include/krb5/krb5.hin
|
||||
+++ krb5-1.10.2/src/include/krb5/krb5.hin
|
||||
@@ -83,6 +83,12 @@
|
||||
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||
#endif
|
||||
|
||||
+#if KRB5_PRIVATE
|
||||
+#ifndef WRITABLEFOPEN
|
||||
+#define WRITABLEFOPEN(x,y) fopen(x,y)
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
#define KRB5_OLD_CRYPTO
|
||||
|
||||
#include <stdlib.h>
|
||||
Index: krb5-1.10.2/src/kadmin/dbutil/dump.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/kadmin/dbutil/dump.c
|
||||
+++ krb5-1.10.2/src/kadmin/dbutil/dump.c
|
||||
@@ -346,7 +346,7 @@ void update_ok_file (file_name)
|
||||
exit_status++;
|
||||
return;
|
||||
}
|
||||
- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
||||
+ if ((fd = THREEPARAMOPEN(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
||||
com_err(progname, errno, _("while creating 'ok' file, '%s'"),
|
||||
file_ok);
|
||||
exit_status++;
|
||||
@@ -1251,7 +1251,7 @@ dump_db(argc, argv)
|
||||
* want to get into.
|
||||
*/
|
||||
unlink(ofile);
|
||||
- if (!(f = fopen(ofile, "w"))) {
|
||||
+ if (!(f = WRITABLEFOPEN(ofile, "w"))) {
|
||||
fprintf(stderr, ofopen_error,
|
||||
progname, ofile, error_message(errno));
|
||||
exit_status++;
|
||||
Index: krb5-1.10.2/src/krb5-config.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/krb5-config.in
|
||||
+++ krb5-1.10.2/src/krb5-config.in
|
||||
@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@'
|
||||
PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
|
||||
PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
|
||||
DL_LIB='@DL_LIB@'
|
||||
+SELINUX_LIBS='@SELINUX_LIBS@'
|
||||
|
||||
LIBS='@LIBS@'
|
||||
GEN_LIB=@GEN_LIB@
|
||||
@@ -218,7 +219,7 @@ if test -n "$do_libs"; then
|
||||
fi
|
||||
|
||||
# If we ever support a flag to generate output suitable for static
|
||||
- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
|
||||
+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
|
||||
# here.
|
||||
|
||||
echo $lib_flags
|
||||
Index: krb5-1.10.2/src/lib/kadm5/logger.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/lib/kadm5/logger.c
|
||||
+++ krb5-1.10.2/src/lib/kadm5/logger.c
|
||||
@@ -423,7 +423,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
||||
* Check for append/overwrite, then open the file.
|
||||
*/
|
||||
if (cp[4] == ':' || cp[4] == '=') {
|
||||
- f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w");
|
||||
+ f = WRITABLEFOPEN(&cp[5], (cp[4] == ':') ? "a" : "w");
|
||||
if (f) {
|
||||
set_cloexec_file(f);
|
||||
log_control.log_entries[i].lfu_filep = f;
|
||||
@@ -959,7 +959,7 @@ krb5_klog_reopen(krb5_context kcontext)
|
||||
* In case the old logfile did not get moved out of the
|
||||
* way, open for append to prevent squashing the old logs.
|
||||
*/
|
||||
- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
|
||||
+ f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+");
|
||||
if (f) {
|
||||
set_cloexec_file(f);
|
||||
log_control.log_entries[lindex].lfu_filep = f;
|
||||
Index: krb5-1.10.2/src/lib/krb5/keytab/kt_file.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/lib/krb5/keytab/kt_file.c
|
||||
+++ krb5-1.10.2/src/lib/krb5/keytab/kt_file.c
|
||||
@@ -1039,7 +1039,7 @@ krb5_ktfileint_open(krb5_context context
|
||||
|
||||
KTCHECKLOCK(id);
|
||||
errno = 0;
|
||||
- KTFILEP(id) = fopen(KTFILENAME(id),
|
||||
+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id),
|
||||
(mode == KRB5_LOCKMODE_EXCLUSIVE) ?
|
||||
fopen_mode_rbplus : fopen_mode_rb);
|
||||
if (!KTFILEP(id)) {
|
||||
@@ -1047,7 +1047,7 @@ krb5_ktfileint_open(krb5_context context
|
||||
/* try making it first time around */
|
||||
krb5_create_secure_file(context, KTFILENAME(id));
|
||||
errno = 0;
|
||||
- KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);
|
||||
+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), fopen_mode_rbplus);
|
||||
if (!KTFILEP(id))
|
||||
goto report_errno;
|
||||
writevno = 1;
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/adb_openclose.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c
|
||||
@@ -197,7 +197,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
||||
* POSIX systems
|
||||
*/
|
||||
lockp->lockinfo.filename = strdup(lockfilename);
|
||||
- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
|
||||
+ if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) {
|
||||
/*
|
||||
* maybe someone took away write permission so we could only
|
||||
* get shared locks?
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
||||
|
||||
#include "k5-platform.h" /* mkstemp? */
|
||||
|
||||
+#include "k5-int.h"
|
||||
#include "db-int.h"
|
||||
#include "btree.h"
|
||||
|
||||
@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo,
|
||||
goto einval;
|
||||
}
|
||||
|
||||
- if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)
|
||||
+ if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
||||
goto err;
|
||||
|
||||
} else {
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
||||
#include <assert.h>
|
||||
#endif
|
||||
|
||||
+#include "k5-int.h"
|
||||
#include "db-int.h"
|
||||
#include "hash.h"
|
||||
#include "page.h"
|
||||
@@ -140,7 +141,7 @@ __kdb2_hash_open(file, flags, mode, info
|
||||
new_table = 1;
|
||||
}
|
||||
if (file) {
|
||||
- if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1)
|
||||
+ if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1)
|
||||
RETURN_ERROR(errno, error0);
|
||||
(void)fcntl(hashp->fp, F_SETFD, 1);
|
||||
}
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR)
|
||||
|
||||
KRB5_RUN_ENV= @KRB5_RUN_ENV@
|
||||
|
||||
-DB_LIB = -ldb
|
||||
+DB_LIB = -ldb $(SUPPORT_DEPLIB)
|
||||
+
|
||||
DB_DEPLIB = ../libdb$(DEPLIBEXT)
|
||||
|
||||
all::
|
||||
Index: krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
@@ -1088,7 +1088,7 @@ rem_service_entry_from_file(int argc, ch
|
||||
|
||||
/* Create a temporary file which contains all the entries except the
|
||||
entry for the given service dn */
|
||||
- pfile = fopen(file_name, "r+");
|
||||
+ pfile = WRITABLEFOPEN(file_name, "r+");
|
||||
if (pfile == NULL) {
|
||||
com_err(me, errno, "while deleting entry from file %s", file_name);
|
||||
goto cleanup;
|
||||
@@ -1105,7 +1105,7 @@ rem_service_entry_from_file(int argc, ch
|
||||
snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
|
||||
|
||||
|
||||
- tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
|
||||
+ tmpfd = THREEPARAMOPEN(tmp_file, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
|
||||
umask(omask);
|
||||
if (tmpfd == -1) {
|
||||
com_err(me, errno, "while deleting entry from file\n");
|
||||
@@ -1725,7 +1725,7 @@ kdb5_ldap_set_service_password(int argc,
|
||||
|
||||
printf("File does not exist. Creating the file %s...\n", file_name);
|
||||
omask = umask(077);
|
||||
- fd = creat(file_name, S_IRUSR|S_IWUSR);
|
||||
+ fd = THREEPARAMOPEN(file_name, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
|
||||
umask(omask);
|
||||
if (fd == -1) {
|
||||
com_err(me, errno, "Error creating file %s", file_name);
|
||||
@@ -1753,7 +1753,7 @@ kdb5_ldap_set_service_password(int argc,
|
||||
|
||||
/* TODO: file lock for the service password file */
|
||||
/* set password in the file */
|
||||
- pfile = fopen(file_name, "r+");
|
||||
+ pfile = WRITABLEFOPEN(file_name, "r+");
|
||||
if (pfile == NULL) {
|
||||
com_err(me, errno, "Failed to open file %s", file_name);
|
||||
goto cleanup;
|
||||
@@ -1794,7 +1794,7 @@ kdb5_ldap_set_service_password(int argc,
|
||||
}
|
||||
|
||||
omask = umask(077);
|
||||
- newfile = fopen(tmp_file, "w+");
|
||||
+ newfile = WRITABLEFOPEN(tmp_file, "w+");
|
||||
umask(omask);
|
||||
if (newfile == NULL) {
|
||||
com_err(me, errno, "Error creating file %s", tmp_file);
|
||||
@@ -2016,7 +2016,7 @@ done:
|
||||
|
||||
/* set password in the file */
|
||||
old_mode = umask(0177);
|
||||
- pfile = fopen(file_name, "a+");
|
||||
+ pfile = WRITABLEFOPEN(file_name, "a+");
|
||||
if (pfile == NULL) {
|
||||
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
||||
strerror (errno));
|
||||
@@ -2068,7 +2068,7 @@ done:
|
||||
}
|
||||
|
||||
omask = umask(077);
|
||||
- newfile = fopen(tmp_file, "w");
|
||||
+ newfile = WRITABLEFOPEN(tmp_file, "w");
|
||||
umask (omask);
|
||||
if (newfile == NULL) {
|
||||
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
||||
Index: krb5-1.10.2/src/slave/kpropd.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/slave/kpropd.c
|
||||
+++ krb5-1.10.2/src/slave/kpropd.c
|
||||
@@ -336,7 +336,7 @@ retry:
|
||||
if (!debug && iproprole != IPROP_SLAVE)
|
||||
daemon(1, 0);
|
||||
#ifdef PID_FILE
|
||||
- if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
|
||||
+ if ((pidfile = WRITABLEFOPEN(PID_FILE, "w")) != NULL) {
|
||||
fprintf(pidfile, "%d\n", getpid());
|
||||
fclose(pidfile);
|
||||
} else
|
||||
@@ -437,6 +437,9 @@ void doit(fd)
|
||||
krb5_enctype etype;
|
||||
int database_fd;
|
||||
char host[INET6_ADDRSTRLEN+1];
|
||||
+#ifdef USE_SELINUX
|
||||
+ void *selabel;
|
||||
+#endif
|
||||
|
||||
if (kpropd_context->kdblog_context &&
|
||||
kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) {
|
||||
@@ -515,9 +518,15 @@ void doit(fd)
|
||||
free(name);
|
||||
exit(1);
|
||||
}
|
||||
+#ifdef USE_SELINUX
|
||||
+ selabel = krb5int_push_fscreatecon_for(file);
|
||||
+#endif
|
||||
omask = umask(077);
|
||||
lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
|
||||
(void) umask(omask);
|
||||
+#ifdef USE_SELINUX
|
||||
+ krb5int_pop_fscreatecon(selabel);
|
||||
+#endif
|
||||
retval = krb5_lock_file(kpropd_context, lock_fd,
|
||||
KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
|
||||
if (retval) {
|
||||
Index: krb5-1.10.2/src/util/profile/prof_file.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/util/profile/prof_file.c
|
||||
+++ krb5-1.10.2/src/util/profile/prof_file.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#endif
|
||||
|
||||
#include "k5-platform.h"
|
||||
+#include "k5-label.h"
|
||||
|
||||
struct global_shared_profile_data {
|
||||
/* This is the head of the global list of shared trees */
|
||||
@@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_
|
||||
|
||||
errno = 0;
|
||||
|
||||
- f = fopen(new_file, "w");
|
||||
+ f = WRITABLEFOPEN(new_file, "w");
|
||||
if (!f) {
|
||||
retval = errno;
|
||||
if (retval == 0)
|
||||
Index: krb5-1.10.2/src/util/support/Makefile.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/util/support/Makefile.in
|
||||
+++ krb5-1.10.2/src/util/support/Makefile.in
|
||||
@@ -64,6 +64,7 @@ IPC_SYMS= \
|
||||
|
||||
STLIBOBJS= \
|
||||
threads.o \
|
||||
+ selinux.o \
|
||||
init-addrinfo.o \
|
||||
plugins.o \
|
||||
errors.o \
|
||||
@@ -127,7 +128,7 @@ SRCS=\
|
||||
|
||||
SHLIB_EXPDEPS =
|
||||
# Add -lm if dumping thread stats, for sqrt.
|
||||
-SHLIB_EXPLIBS= $(LIBS) $(DL_LIB)
|
||||
+SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
|
||||
SHLIB_DIRS=
|
||||
SHLIB_RDIRS=$(KRB5_LIBDIR)
|
||||
|
||||
Index: krb5-1.10.2/src/util/support/selinux.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ krb5-1.10.2/src/util/support/selinux.c
|
||||
@@ -0,0 +1,372 @@
|
||||
+/*
|
||||
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions are met:
|
||||
+ *
|
||||
+ * Redistributions of source code must retain the above copyright notice, this
|
||||
+ * list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * Redistributions in binary form must reproduce the above copyright notice,
|
||||
+ * this list of conditions and the following disclaimer in the documentation
|
||||
+ * and/or other materials provided with the distribution.
|
||||
+ *
|
||||
+ * Neither the name of Red Hat, Inc. nor the names of its contributors may be
|
||||
+ * used to endorse or promote products derived from this software without
|
||||
+ * specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
||||
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
+ * POSSIBILITY OF SUCH DAMAGE.
|
||||
+ *
|
||||
+ * File-opening wrappers for creating correctly-labeled files. So far, we can
|
||||
+ * assume that this is Linux-specific, so we make many simplifying assumptions.
|
||||
+ */
|
||||
+
|
||||
+#include "../../include/autoconf.h"
|
||||
+
|
||||
+#ifdef USE_SELINUX
|
||||
+
|
||||
+#include <k5-label.h>
|
||||
+#include <k5-thread.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <limits.h>
|
||||
+#include <pthread.h>
|
||||
+#include <stdarg.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <unistd.h>
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/context.h>
|
||||
+#ifdef HAVE_SELINUX_LABEL_H
|
||||
+#include <selinux/label.h>
|
||||
+#endif
|
||||
+
|
||||
+/* #define DEBUG 1 */
|
||||
+
|
||||
+/* Mutex used to serialize use of the process-global file creation context. */
|
||||
+k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
|
||||
+
|
||||
+/* Make sure we finish initializing that mutex before attempting to use it. */
|
||||
+k5_once_t labeled_once = K5_ONCE_INIT;
|
||||
+static void
|
||||
+label_mutex_init(void)
|
||||
+{
|
||||
+ k5_mutex_finish_init(&labeled_mutex);
|
||||
+}
|
||||
+
|
||||
+static security_context_t
|
||||
+push_fscreatecon(const char *pathname, mode_t mode)
|
||||
+{
|
||||
+ security_context_t previous, configuredsc, currentsc, derivedsc;
|
||||
+ context_t current, derived;
|
||||
+ const char *fullpath, *currentuser;
|
||||
+#ifdef HAVE_SELINUX_LABEL_H
|
||||
+ struct selabel_handle *ctx;
|
||||
+#endif
|
||||
+
|
||||
+ previous = NULL;
|
||||
+ if (is_selinux_enabled()) {
|
||||
+ if (getfscreatecon(&previous) == 0) {
|
||||
+ char *genpath;
|
||||
+ genpath = NULL;
|
||||
+ if (pathname[0] != '/') {
|
||||
+ char *wd;
|
||||
+ size_t len;
|
||||
+ len = 0;
|
||||
+ wd = getcwd(NULL, len);
|
||||
+ if (wd == NULL) {
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ len = strlen(wd) + 1 + strlen(pathname) + 1;
|
||||
+ genpath = malloc(len);
|
||||
+ if (genpath == NULL) {
|
||||
+ free(wd);
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ sprintf(genpath, "%s/%s", wd, pathname);
|
||||
+ free(wd);
|
||||
+ fullpath = genpath;
|
||||
+ } else {
|
||||
+ fullpath = pathname;
|
||||
+ }
|
||||
+#ifdef DEBUG
|
||||
+ if (isatty(fileno(stderr))) {
|
||||
+ fprintf(stderr, "Looking up context for "
|
||||
+ "\"%s\"(%05o).\n", fullpath, mode);
|
||||
+ }
|
||||
+#endif
|
||||
+ configuredsc = NULL;
|
||||
+#ifdef HAVE_SELINUX_LABEL_H
|
||||
+ ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
||||
+ if (ctx != NULL) {
|
||||
+ if (selabel_lookup(ctx, &configuredsc,
|
||||
+ fullpath, mode) != 0) {
|
||||
+ selabel_close(ctx);
|
||||
+ free(genpath);
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ selabel_close(ctx);
|
||||
+ }
|
||||
+#else
|
||||
+ if (matchpathcon(fullpath, mode, &configuredsc) != 0) {
|
||||
+ free(genpath);
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+#endif
|
||||
+ free(genpath);
|
||||
+ if (configuredsc == NULL) {
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ currentsc = NULL;
|
||||
+ getcon(¤tsc);
|
||||
+ if (currentsc != NULL) {
|
||||
+ derived = context_new(configuredsc);
|
||||
+ if (derived != NULL) {
|
||||
+ current = context_new(currentsc);
|
||||
+ if (current != NULL) {
|
||||
+ currentuser = context_user_get(current);
|
||||
+ if (currentuser != NULL) {
|
||||
+ if (context_user_set(derived,
|
||||
+ currentuser) == 0) {
|
||||
+ derivedsc = context_str(derived);
|
||||
+ if (derivedsc != NULL) {
|
||||
+ freecon(configuredsc);
|
||||
+ configuredsc = strdup(derivedsc);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ context_free(current);
|
||||
+ }
|
||||
+ context_free(derived);
|
||||
+ }
|
||||
+ freecon(currentsc);
|
||||
+ }
|
||||
+#ifdef DEBUG
|
||||
+ if (isatty(fileno(stderr))) {
|
||||
+ fprintf(stderr, "Setting file creation context "
|
||||
+ "to \"%s\".\n", configuredsc);
|
||||
+ }
|
||||
+#endif
|
||||
+ if (setfscreatecon(configuredsc) != 0) {
|
||||
+ freecon(configuredsc);
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ freecon(configuredsc);
|
||||
+#ifdef DEBUG
|
||||
+ } else {
|
||||
+ if (isatty(fileno(stderr))) {
|
||||
+ fprintf(stderr, "Unable to determine "
|
||||
+ "current context.\n");
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+ return previous;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+pop_fscreatecon(security_context_t previous)
|
||||
+{
|
||||
+ if (is_selinux_enabled()) {
|
||||
+#ifdef DEBUG
|
||||
+ if (isatty(fileno(stderr))) {
|
||||
+ if (previous != NULL) {
|
||||
+ fprintf(stderr, "Resetting file creation "
|
||||
+ "context to \"%s\".\n", previous);
|
||||
+ } else {
|
||||
+ fprintf(stderr, "Resetting file creation "
|
||||
+ "context to default.\n");
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ setfscreatecon(previous);
|
||||
+ if (previous != NULL) {
|
||||
+ freecon(previous);
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void *
|
||||
+krb5int_push_fscreatecon_for(const char *pathname)
|
||||
+{
|
||||
+ struct stat st;
|
||||
+ void *retval;
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ if (stat(pathname, &st) != 0) {
|
||||
+ st.st_mode = S_IRUSR | S_IWUSR;
|
||||
+ }
|
||||
+ retval = push_fscreatecon(pathname, st.st_mode);
|
||||
+ return retval ? retval : (void *) -1;
|
||||
+ } else {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+krb5int_pop_fscreatecon(void *con)
|
||||
+{
|
||||
+ if (con != NULL) {
|
||||
+ pop_fscreatecon((con == (void *) -1) ? NULL : con);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+FILE *
|
||||
+krb5int_labeled_fopen(const char *path, const char *mode)
|
||||
+{
|
||||
+ FILE *fp;
|
||||
+ int errno_save;
|
||||
+ security_context_t ctx;
|
||||
+
|
||||
+ if (strcmp(mode, "r") == 0) {
|
||||
+ return fopen(path, mode);
|
||||
+ }
|
||||
+
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ ctx = push_fscreatecon(path, 0);
|
||||
+ fp = fopen(path, mode);
|
||||
+ errno_save = errno;
|
||||
+ pop_fscreatecon(ctx);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ errno = errno_save;
|
||||
+ } else {
|
||||
+ fp = fopen(path, mode);
|
||||
+ }
|
||||
+
|
||||
+ return fp;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+krb5int_labeled_creat(const char *path, mode_t mode)
|
||||
+{
|
||||
+ int fd;
|
||||
+ int errno_save;
|
||||
+ security_context_t ctx;
|
||||
+
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ ctx = push_fscreatecon(path, 0);
|
||||
+ fd = creat(path, mode);
|
||||
+ errno_save = errno;
|
||||
+ pop_fscreatecon(ctx);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ errno = errno_save;
|
||||
+ } else {
|
||||
+ fd = creat(path, mode);
|
||||
+ }
|
||||
+ return fd;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev)
|
||||
+{
|
||||
+ int ret;
|
||||
+ int errno_save;
|
||||
+ security_context_t ctx;
|
||||
+
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ ctx = push_fscreatecon(path, mode);
|
||||
+ ret = mknod(path, mode, dev);
|
||||
+ errno_save = errno;
|
||||
+ pop_fscreatecon(ctx);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ errno = errno_save;
|
||||
+ } else {
|
||||
+ ret = mknod(path, mode, dev);
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+krb5int_labeled_mkdir(const char *path, mode_t mode)
|
||||
+{
|
||||
+ int ret;
|
||||
+ int errno_save;
|
||||
+ security_context_t ctx;
|
||||
+
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ ctx = push_fscreatecon(path, S_IFDIR);
|
||||
+ ret = mkdir(path, mode);
|
||||
+ errno_save = errno;
|
||||
+ pop_fscreatecon(ctx);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ errno = errno_save;
|
||||
+ } else {
|
||||
+ ret = mkdir(path, mode);
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+krb5int_labeled_open(const char *path, int flags, ...)
|
||||
+{
|
||||
+ int fd;
|
||||
+ int errno_save;
|
||||
+ security_context_t ctx;
|
||||
+ mode_t mode;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ if ((flags & O_CREAT) == 0) {
|
||||
+ return open(path, flags);
|
||||
+ }
|
||||
+
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ ctx = push_fscreatecon(path, 0);
|
||||
+
|
||||
+ va_start(ap, flags);
|
||||
+ mode = va_arg(ap, mode_t);
|
||||
+ fd = open(path, flags, mode);
|
||||
+ va_end(ap);
|
||||
+
|
||||
+ errno_save = errno;
|
||||
+ pop_fscreatecon(ctx);
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ errno = errno_save;
|
||||
+ } else {
|
||||
+ va_start(ap, flags);
|
||||
+ mode = va_arg(ap, mode_t);
|
||||
+ fd = open(path, flags, mode);
|
||||
+ errno_save = errno;
|
||||
+ va_end(ap);
|
||||
+ errno = errno_save;
|
||||
+ }
|
||||
+ return fd;
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
Index: krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/lib/krb5/rcache/rc_dfl.c
|
||||
+++ krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c
|
||||
@@ -812,6 +812,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
||||
krb5_error_code retval = 0;
|
||||
krb5_rcache tmp;
|
||||
krb5_deltat lifespan = t->lifespan; /* save original lifespan */
|
||||
+#ifdef USE_SELINUX
|
||||
+ void *selabel;
|
||||
+#endif
|
||||
|
||||
if (! t->recovering) {
|
||||
name = t->name;
|
||||
@@ -833,7 +836,17 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
||||
retval = krb5_rc_resolve(context, tmp, 0);
|
||||
if (retval)
|
||||
goto cleanup;
|
||||
+#ifdef USE_SELINUX
|
||||
+ if (t->d.fn != NULL)
|
||||
+ selabel = krb5int_push_fscreatecon_for(t->d.fn);
|
||||
+ else
|
||||
+ selabel = NULL;
|
||||
+#endif
|
||||
retval = krb5_rc_initialize(context, tmp, lifespan);
|
||||
+#ifdef USE_SELINUX
|
||||
+ if (selabel != NULL)
|
||||
+ krb5int_pop_fscreatecon(selabel);
|
||||
+#endif
|
||||
if (retval)
|
||||
goto cleanup;
|
||||
for (q = t->a; q; q = q->na) {
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/kdb_db2.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
|
||||
@@ -683,8 +683,8 @@ ctx_create_db(krb5_context context, krb5
|
||||
if (retval)
|
||||
return retval;
|
||||
|
||||
- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
|
||||
- 0600);
|
||||
+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
|
||||
+ O_CREAT | O_RDWR | O_TRUNC, 0600);
|
||||
if (dbc->db_lf_file < 0) {
|
||||
retval = errno;
|
||||
goto cleanup;
|
||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include "k5-int.h"
|
||||
#include "db-int.h"
|
||||
#include "recno.h"
|
||||
|
||||
@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo,
|
||||
int rfd = -1, sverrno;
|
||||
|
||||
/* Open the user's file -- if this fails, we're done. */
|
||||
- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
|
||||
+ if (fname != NULL &&
|
||||
+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
||||
return (NULL);
|
||||
|
||||
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
||||
Index: krb5-1.10.2/src/kdc/main.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/kdc/main.c
|
||||
+++ krb5-1.10.2/src/kdc/main.c
|
||||
@@ -909,7 +909,7 @@ write_pid_file(const char *path)
|
||||
FILE *file;
|
||||
unsigned long pid;
|
||||
|
||||
- file = fopen(path, "w");
|
||||
+ file = WRITABLEFOPEN(path, "w");
|
||||
if (file == NULL)
|
||||
return errno;
|
||||
pid = (unsigned long) getpid();
|
||||
Index: krb5-1.10.2/src/lib/kdb/kdb_log.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/lib/kdb/kdb_log.c
|
||||
+++ krb5-1.10.2/src/lib/kdb/kdb_log.c
|
||||
@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha
|
||||
return (errno);
|
||||
}
|
||||
|
||||
- if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
|
||||
+ if ((ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600)) == -1) {
|
||||
return (errno);
|
||||
}
|
||||
|
||||
Index: krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/util/gss-kernel-lib/Makefile.in
|
||||
+++ krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in
|
||||
@@ -66,6 +66,7 @@ HEADERS= \
|
||||
gssapi_err_generic.h \
|
||||
k5-int.h \
|
||||
k5-int-pkinit.h \
|
||||
+ k5-label.h \
|
||||
k5-thread.h \
|
||||
k5-platform.h \
|
||||
k5-buf.h \
|
||||
@@ -167,10 +168,12 @@ gssapi_generic.h: $(GSS_GENERIC)/gssapi_
|
||||
$(CP) $(GSS_GENERIC)/gssapi_generic.h $@
|
||||
gssapi_err_generic.h: $(GSS_GENERIC_BUILD)/gssapi_err_generic.h
|
||||
$(CP) $(GSS_GENERIC_BUILD)/gssapi_err_generic.h $@
|
||||
-k5-int.h: $(INCLUDE)/k5-int.h
|
||||
+k5-int.h: $(INCLUDE)/k5-int.h k5-label.h
|
||||
$(CP) $(INCLUDE)/k5-int.h $@
|
||||
k5-int-pkinit.h: $(INCLUDE)/k5-int-pkinit.h
|
||||
$(CP) $(INCLUDE)/k5-int-pkinit.h $@
|
||||
+k5-label.h: $(INCLUDE)/k5-label.h
|
||||
+ $(CP) $(INCLUDE)/k5-label.h $@
|
||||
k5-thread.h: $(INCLUDE)/k5-thread.h
|
||||
$(CP) $(INCLUDE)/k5-thread.h $@
|
||||
k5-platform.h: $(INCLUDE)/k5-platform.h
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:479d66291ae989d5db9daca5838ff4bddde45c77b703fadcf78ca6d1db315bd8
|
||||
size 9457236
|
||||
3
krb5-1.11.tar.bz2
Normal file
3
krb5-1.11.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2276b81a25b329724f31ca65de0636d7aec5fe109cee275c7fc935d16051282b
|
||||
size 9433922
|
||||
@ -1,9 +0,0 @@
|
||||
--- doc/man2html
|
||||
+++ doc/man2html 2004/10/18 16:20:53
|
||||
@@ -1,5 +1,4 @@
|
||||
-#!/usr/athena/bin/perl
|
||||
-#!/usr/local/bin/perl
|
||||
+#!/usr/bin/perl
|
||||
##---------------------------------------------------------------------------##
|
||||
## File:
|
||||
## @(#) man2html 1.2 97/08/12 12:57:30 @(#)
|
||||
@ -1,11 +1,11 @@
|
||||
Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
||||
Index: krb5-1.11/src/man/ktutil.man
|
||||
===================================================================
|
||||
--- krb5-1.6.3.orig/src/kadmin/ktutil/ktutil.M
|
||||
+++ krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
||||
@@ -63,5 +63,17 @@ Quits
|
||||
Aliases:
|
||||
.BR exit ,
|
||||
.BR q .
|
||||
--- krb5-1.11.orig/src/man/ktutil.man
|
||||
+++ krb5-1.11/src/man/ktutil.man
|
||||
@@ -158,6 +158,18 @@ ktutil:
|
||||
.fi
|
||||
.UNINDENT
|
||||
.UNINDENT
|
||||
+.SH REMARKS
|
||||
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
|
||||
+is never overwritten). To directly modify a keytab, save the changes to a
|
||||
@ -19,4 +19,5 @@ Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
||||
+ktutil> q
|
||||
+# mv /tmp/krb5.newtab /etc/krb5.keytab
|
||||
.SH SEE ALSO
|
||||
kadmin(8), kdb5_util(8)
|
||||
.sp
|
||||
\fIkadmin(1)\fP, \fIkdb5_util(8)\fP
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
appl/sample/sserver/sserver.M
|
||||
config-files/kdc.conf.M
|
||||
config-files/krb5.conf.M
|
||||
gen-manpages/kerberos.M
|
||||
kadmin/cli/kadmin.M
|
||||
slave/kpropd.M
|
||||
slave/kprop.M
|
||||
@ -11,11 +11,11 @@ When enabled, ksu gains a dependency on libpam.
|
||||
Originally RT#5939, though it's changed since then to perform the account
|
||||
and session management before dropping privileges.
|
||||
|
||||
Index: krb5-1.10.2/src/aclocal.m4
|
||||
Index: krb5-1.11/src/aclocal.m4
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
||||
+++ krb5-1.10.2/src/aclocal.m4
|
||||
@@ -1676,3 +1676,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
|
||||
--- krb5-1.11.orig/src/aclocal.m4
|
||||
+++ krb5-1.11/src/aclocal.m4
|
||||
@@ -1664,3 +1664,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
|
||||
]))
|
||||
])dnl
|
||||
dnl
|
||||
@ -86,10 +86,10 @@ Index: krb5-1.10.2/src/aclocal.m4
|
||||
+AC_SUBST(PAM_MAN)
|
||||
+AC_SUBST(NON_PAM_MAN)
|
||||
+])dnl
|
||||
Index: krb5-1.10.2/src/clients/ksu/main.c
|
||||
Index: krb5-1.11/src/clients/ksu/main.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/clients/ksu/main.c
|
||||
+++ krb5-1.10.2/src/clients/ksu/main.c
|
||||
--- krb5-1.11.orig/src/clients/ksu/main.c
|
||||
+++ krb5-1.11/src/clients/ksu/main.c
|
||||
@@ -26,6 +26,7 @@
|
||||
* KSU was writen by: Ari Medvinsky, ari@isi.edu
|
||||
*/
|
||||
@ -249,10 +249,10 @@ Index: krb5-1.10.2/src/clients/ksu/main.c
|
||||
exit (1);
|
||||
}
|
||||
}
|
||||
Index: krb5-1.10.2/src/clients/ksu/Makefile.in
|
||||
Index: krb5-1.11/src/clients/ksu/Makefile.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/clients/ksu/Makefile.in
|
||||
+++ krb5-1.10.2/src/clients/ksu/Makefile.in
|
||||
--- krb5-1.11.orig/src/clients/ksu/Makefile.in
|
||||
+++ krb5-1.11/src/clients/ksu/Makefile.in
|
||||
@@ -7,12 +7,14 @@ PROG_LIBPATH=-L$(TOPLIBD)
|
||||
PROG_RPATH=$(KRB5_LIBDIR)
|
||||
|
||||
@ -287,10 +287,10 @@ Index: krb5-1.10.2/src/clients/ksu/Makefile.in
|
||||
|
||||
clean::
|
||||
$(RM) ksu
|
||||
Index: krb5-1.10.2/src/clients/ksu/pam.c
|
||||
Index: krb5-1.11/src/clients/ksu/pam.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ krb5-1.10.2/src/clients/ksu/pam.c
|
||||
+++ krb5-1.11/src/clients/ksu/pam.c
|
||||
@@ -0,0 +1,389 @@
|
||||
+/*
|
||||
+ * src/clients/ksu/pam.c
|
||||
@ -681,10 +681,10 @@ Index: krb5-1.10.2/src/clients/ksu/pam.c
|
||||
+ return ret;
|
||||
+}
|
||||
+#endif
|
||||
Index: krb5-1.10.2/src/clients/ksu/pam.h
|
||||
Index: krb5-1.11/src/clients/ksu/pam.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ krb5-1.10.2/src/clients/ksu/pam.h
|
||||
+++ krb5-1.11/src/clients/ksu/pam.h
|
||||
@@ -0,0 +1,57 @@
|
||||
+/*
|
||||
+ * src/clients/ksu/pam.h
|
||||
@ -743,13 +743,13 @@ Index: krb5-1.10.2/src/clients/ksu/pam.h
|
||||
+int appl_pam_cred_init(void);
|
||||
+void appl_pam_cleanup(void);
|
||||
+#endif
|
||||
Index: krb5-1.10.2/src/configure.in
|
||||
Index: krb5-1.11/src/configure.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/configure.in
|
||||
+++ krb5-1.10.2/src/configure.in
|
||||
@@ -1246,6 +1246,8 @@ if test "${localedir+set}" != set; then
|
||||
fi
|
||||
AC_SUBST(localedir)
|
||||
--- krb5-1.11.orig/src/configure.in
|
||||
+++ krb5-1.11/src/configure.in
|
||||
@@ -1290,6 +1290,8 @@ AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNA
|
||||
AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
|
||||
[Define to default client keytab name])
|
||||
|
||||
+KRB5_WITH_PAM
|
||||
+
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
Use an in-memory ccache to silence a compiler warning, for RT#6414.
|
||||
|
||||
Index: krb5-1.10.2/src/slave/kprop.c
|
||||
Index: krb5-1.11/src/slave/kprop.c
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/slave/kprop.c
|
||||
+++ krb5-1.10.2/src/slave/kprop.c
|
||||
@@ -186,9 +186,8 @@ void PRS(argc, argv)
|
||||
--- krb5-1.11.orig/src/slave/kprop.c
|
||||
+++ krb5-1.11/src/slave/kprop.c
|
||||
@@ -187,9 +187,8 @@ void PRS(argc, argv)
|
||||
void get_tickets(context)
|
||||
krb5_context context;
|
||||
{
|
||||
@ -15,7 +15,7 @@ Index: krb5-1.10.2/src/slave/kprop.c
|
||||
krb5_keytab keytab = NULL;
|
||||
|
||||
/*
|
||||
@@ -229,11 +228,8 @@ void get_tickets(context)
|
||||
@@ -230,11 +229,8 @@ void get_tickets(context)
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
@ -3,206 +3,16 @@ values can be dropped in by config.status. After applying this patch,
|
||||
these files should be renamed to their ".in" counterparts, and then the
|
||||
configure scripts should be rebuilt. Originally RT#6525
|
||||
|
||||
Index: krb5-1.10.2/src/aclocal.m4
|
||||
Index: krb5-1.11/src/man/kpropd.man
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
||||
+++ krb5-1.10.2/src/aclocal.m4
|
||||
@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS)
|
||||
AC_SUBST(PAM_MAN)
|
||||
AC_SUBST(NON_PAM_MAN)
|
||||
])dnl
|
||||
+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[
|
||||
+mansysconfdir=$sysconfdir
|
||||
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"`
|
||||
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
||||
+mansbindir=$sbindir
|
||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"`
|
||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"`
|
||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"`
|
||||
+manlocalstatedir=$localstatedir
|
||||
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"`
|
||||
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"`
|
||||
+manlibexecdir=$libexecdir
|
||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"`
|
||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"`
|
||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
||||
+AC_SUBST(mansysconfdir)
|
||||
+AC_SUBST(mansbindir)
|
||||
+AC_SUBST(manlocalstatedir)
|
||||
+AC_SUBST(manlibexecdir)
|
||||
+AC_CONFIG_FILES($1)
|
||||
+])
|
||||
Index: krb5-1.10.2/src/configure.in
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/configure.in
|
||||
+++ krb5-1.10.2/src/configure.in
|
||||
@@ -1249,6 +1249,17 @@ AC_SUBST(localedir)
|
||||
KRB5_WITH_PAM
|
||||
|
||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
||||
+
|
||||
+V5_AC_OUTPUT_MANPAGE([
|
||||
+ appl/sample/sserver/sserver.M
|
||||
+ config-files/kdc.conf.M
|
||||
+ config-files/krb5.conf.M
|
||||
+ gen-manpages/kerberos.M
|
||||
+ kadmin/cli/kadmin.M
|
||||
+ slave/kpropd.M
|
||||
+ slave/kprop.M
|
||||
+])
|
||||
+
|
||||
V5_AC_OUTPUT_MAKEFILE(.
|
||||
|
||||
util util/support util/profile util/profile/testmod util/send-pr
|
||||
Index: krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/appl/sample/sserver/sserver.M
|
||||
+++ krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
||||
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
||||
using a line in
|
||||
/etc/inetd.conf that looks like this:
|
||||
.PP
|
||||
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
|
||||
+sample stream tcp nowait root @mansbindir@/sserver sserver
|
||||
.PP
|
||||
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
||||
usually have to add a line to /etc/services which looks like this:
|
||||
Index: krb5-1.10.2/src/config-files/kdc.conf.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/config-files/kdc.conf.M
|
||||
+++ krb5-1.10.2/src/config-files/kdc.conf.M
|
||||
@@ -92,14 +92,14 @@ This
|
||||
.B string
|
||||
specifies the location of the access control list (acl) file that
|
||||
kadmin uses to determine which principals are allowed which permissions
|
||||
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
|
||||
+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl.
|
||||
|
||||
.IP admin_keytab
|
||||
This
|
||||
.B string
|
||||
Specifies the location of the keytab file that kadmin uses to
|
||||
authenticate to the database. The default value is
|
||||
-/usr/local/var/krb5kdc/kadm5.keytab.
|
||||
+@manlocalstatedir@/krb5kdc/kadm5.keytab.
|
||||
|
||||
.IP database_name
|
||||
This
|
||||
@@ -274,7 +274,7 @@ tickets should be checked against the tr
|
||||
realm names and the [capaths] section of its krb5.conf file
|
||||
|
||||
.SH FILES
|
||||
-/usr/local/var/krb5kdc/kdc.conf
|
||||
+@manlocalstatedir@/krb5kdc/kdc.conf
|
||||
|
||||
.SH SEE ALSO
|
||||
krb5.conf(5), krb5kdc(8)
|
||||
Index: krb5-1.10.2/src/config-files/krb5.conf.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/config-files/krb5.conf.M
|
||||
+++ krb5-1.10.2/src/config-files/krb5.conf.M
|
||||
@@ -808,6 +808,6 @@ This module implements the encrypted cha
|
||||
This module implements the encrypted timestamp mechanism.
|
||||
|
||||
.SH FILES
|
||||
-/etc/krb5.conf
|
||||
+@mansysconfdir@/krb5.conf
|
||||
.SH SEE ALSO
|
||||
syslog(3)
|
||||
Index: krb5-1.10.2/src/gen-manpages/kerberos.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/gen-manpages/kerberos.M
|
||||
+++ krb5-1.10.2/src/gen-manpages/kerberos.M
|
||||
@@ -125,7 +125,7 @@ default is /etc/krb5.conf.
|
||||
Specifies the location of the KDC configuration file, which contains
|
||||
additional configuration directives for the Key Distribution Center
|
||||
daemon and associated programs. The default is
|
||||
-/usr/local/var/krb5kdc/kdc.conf.
|
||||
+@manlocalstatedir@/krb5kdc/kdc.conf.
|
||||
.TP
|
||||
.B KRB5RCACHETYPE
|
||||
Specifies the default type of replay cache to use for servers. Valid
|
||||
Index: krb5-1.10.2/src/kadmin/cli/kadmin.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/kadmin/cli/kadmin.M
|
||||
+++ krb5-1.10.2/src/kadmin/cli/kadmin.M
|
||||
@@ -924,9 +924,9 @@ option is specified, less verbose status
|
||||
.RS
|
||||
.TP
|
||||
EXAMPLE:
|
||||
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
|
||||
+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin
|
||||
Entry for principal kadmin/admin with kvno 3 removed
|
||||
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
|
||||
+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab.
|
||||
kadmin:
|
||||
.RE
|
||||
.fi
|
||||
Index: krb5-1.10.2/src/slave/kpropd.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/slave/kpropd.M
|
||||
+++ krb5-1.10.2/src/slave/kpropd.M
|
||||
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
||||
This is done by adding a line to the inetd.conf file which looks like
|
||||
this:
|
||||
|
||||
--- krb5-1.11.orig/src/man/kpropd.man
|
||||
+++ krb5-1.11/src/man/kpropd.man
|
||||
@@ -63,7 +63,7 @@ the \fB/etc/inetd.conf\fP file which loo
|
||||
.sp
|
||||
.nf
|
||||
.ft C
|
||||
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
||||
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
|
||||
|
||||
However, kpropd can also run as a standalone daemon, if the
|
||||
.B \-S
|
||||
@@ -111,13 +111,13 @@ is used.
|
||||
\fB\-f\fP \fIfile\fP
|
||||
specifies the filename where the dumped principal database file is to be
|
||||
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
|
||||
-(normally /usr/local/var/krb5kdc/from_master).
|
||||
+(normally @manlocalstatedir@/krb5kdc/from_master).
|
||||
.TP
|
||||
.B \-p
|
||||
allows the user to specify the pathname to the
|
||||
.IR kdb5_util (8)
|
||||
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
|
||||
-(normally /usr/local/sbin/kdb5_util).
|
||||
+(normally @mansbindir@/kdb5_util).
|
||||
.TP
|
||||
.B \-S
|
||||
turn on standalone mode. Normally, kpropd is invoked out of
|
||||
@@ -148,14 +148,14 @@ mode.
|
||||
allows the user to specify the path to the
|
||||
kpropd.acl
|
||||
file; by default the path used is KPROPD_ACL_FILE
|
||||
-(normally /usr/local/var/krb5kdc/kpropd.acl).
|
||||
+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
||||
.SH FILES
|
||||
.TP "\w'kpropd.acl\ \ 'u"
|
||||
kpropd.acl
|
||||
Access file for
|
||||
.BR kpropd ;
|
||||
the default location is KPROPD_ACL_FILE (normally
|
||||
-/usr/local/var/krb5kdc/kpropd.acl).
|
||||
+@manlocalstatedir@/krb5kdc/kpropd.acl).
|
||||
Each entry is a line containing the principal of a host from which the
|
||||
local machine will allow Kerberos database propagation via kprop.
|
||||
.SH SEE ALSO
|
||||
Index: krb5-1.10.2/src/slave/kprop.M
|
||||
===================================================================
|
||||
--- krb5-1.10.2.orig/src/slave/kprop.M
|
||||
+++ krb5-1.10.2/src/slave/kprop.M
|
||||
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
||||
This is done by transmitting the dumped database file to the slave
|
||||
server over an encrypted, secure channel. The dump file must be created
|
||||
by kdb5_util, and is normally KPROP_DEFAULT_FILE
|
||||
-(/usr/local/var/krb5kdc/slave_datatrans).
|
||||
+(@manlocalstatedir@/krb5kdc/slave_datatrans).
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
\fB\-r\fP \fIrealm\fP
|
||||
@@ -51,7 +51,7 @@ is used.
|
||||
\fB\-f\fP \fIfile\fP
|
||||
specifies the filename where the dumped principal database file is to be
|
||||
found; by default the dumped database file is KPROP_DEFAULT_FILE
|
||||
-(normally /usr/local/var/krb5kdc/slave_datatrans).
|
||||
+(normally @manlocalstatedir@/krb5kdc/slave_datatrans).
|
||||
.TP
|
||||
\fB\-P\fP \fIport\fP
|
||||
specifies the port to use to contact the
|
||||
+kprop stream tcp nowait root @SBINDIR@/kpropd kpropd
|
||||
.ft P
|
||||
.fi
|
||||
.UNINDENT
|
||||
|
||||
@ -1,2 +0,0 @@
|
||||
addFilter("files-duplicate .*css")
|
||||
addFilter("files-duplicate .*img.*png")
|
||||
196
krb5-doc.changes
196
krb5-doc.changes
@ -1,196 +0,0 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 3 14:34:35 UTC 2012 - idonmez@suse.com
|
||||
|
||||
- Build depend on texinfo & texlive-dvips to fix the build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 6 17:34:26 CEST 2012 - mc@suse.de
|
||||
|
||||
- update to version 1.10.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 22 10:21:56 CEST 2011 - mc@suse.de
|
||||
|
||||
- update to version 1.9.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 9 12:45:30 CEST 2010 - mc@suse.de
|
||||
|
||||
- update to version 1.8.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 23 12:38:29 CET 2010 - mc@suse.de
|
||||
|
||||
- add post 1.8 fixes
|
||||
* Document the ticket_lifetime libdefaults setting
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 4 11:45:22 CET 2010 - mc@suse.de
|
||||
|
||||
- update to version 1.8
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to final version 1.7
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 13 11:34:07 CEST 2009 - mc@suse.de
|
||||
|
||||
- update to version 1.7 Beta2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 16 13:08:05 CET 2009 - mc@suse.de
|
||||
|
||||
- update to pre 1.7 version
|
||||
* remove outdated documentation for kadm5 API
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 25 12:17:10 CEST 2008 - mc@suse.de
|
||||
|
||||
- add patches from SVN post 1.6.3
|
||||
* some fixes in the man pages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 18 15:34:16 CEST 2008 - mc@suse.de
|
||||
|
||||
- reduce rpmlint warnings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 23 10:29:23 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 12 17:02:30 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 13 15:29:42 CEST 2007 - sschober@suse.de
|
||||
|
||||
- removed executable permission from doc file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 23 11:15:59 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to final 1.6.1 version
|
||||
- replace te_ams with texlive in BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 18 14:47:49 CEST 2007 - mc@suse.de
|
||||
|
||||
- build implementor.ps
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 16 14:39:40 CEST 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 19 14:00:49 CET 2007 - mc@suse.de
|
||||
|
||||
- add krb5-1.6-post.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 22 12:21:20 CET 2007 - mc@suse.de
|
||||
|
||||
- update to version 1.6
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de
|
||||
|
||||
- update to version 1.5.1
|
||||
- remove obsolete patches which are now included upstream
|
||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
* trunk-fix-uninitialized-vars.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 3 15:01:57 CEST 2006 - mc@suse.de
|
||||
|
||||
- update to version 1.5
|
||||
* KDB abstraction layer, donated by Novell.
|
||||
* plug-in architecture, allowing for extension modules to be
|
||||
loaded at run-time.
|
||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
||||
donated by Sun Microsystems
|
||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||
implementation, donated by Sun Microsystems
|
||||
- remove obsolete patches and add some new
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 13 18:01:06 CET 2006 - mc@suse.de
|
||||
|
||||
- set BuildArchitectures to noarch
|
||||
- set norootforbuild
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
||||
|
||||
- converted neededforbuild to BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 18 12:15:07 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.3
|
||||
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 12 16:19:08 CEST 2005 - mc@suse.de
|
||||
|
||||
- build kadm5 documentation
|
||||
- build documentation also as html
|
||||
- include the text only documentation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 11 17:40:26 CEST 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.2
|
||||
- remove some obsolet patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 27 13:36:04 CEST 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4.1
|
||||
- remove obsolet patches
|
||||
- krb5-1.4-VUL-0-telnet.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 10 02:38:39 CET 2005 - ro@suse.de
|
||||
|
||||
- added libpng to neededforbuild (for tetex)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 4 16:50:34 CET 2005 - mc@suse.de
|
||||
|
||||
- remove spx.c from tarball because of legal risk
|
||||
- add README.Source which tell the user about this
|
||||
action.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 28 13:28:18 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.4
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 10 12:20:11 CET 2005 - mc@suse.de
|
||||
|
||||
- update to version 1.3.6
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 14 15:21:02 CET 2004 - mc@suse.de
|
||||
|
||||
- initial release
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
#
|
||||
# spec file for package krb5-doc
|
||||
#
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library
|
||||
BuildRequires: texinfo
|
||||
BuildRequires: texlive-dvips
|
||||
Version: 1.10.2
|
||||
Release: 0
|
||||
%define srcRoot krb5-1.10.2
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: MIT
|
||||
Group: Documentation/Other
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
Source: krb5-%{version}.tar.bz2
|
||||
Source3: %{name}-rpmlintrc
|
||||
Patch0: krb5-1.3.5-perlfix.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
Kerberos V5 is a trusted-third-party network authentication
|
||||
system,which can improve your network's security by eliminating the
|
||||
insecurepractice of clear text passwords. This package includes
|
||||
extended documentation for MIT Kerberos.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%prep
|
||||
%setup -n %{srcRoot}
|
||||
%patch0
|
||||
|
||||
%build
|
||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
||||
sed -i -e '1c\
|
||||
\\documentclass{article}\
|
||||
\\usepackage{fixunder}\
|
||||
\\usepackage{functions}\
|
||||
\\usepackage{fancyheadings}\
|
||||
\\usepackage{hyperref}' doc/implement/implement.tex
|
||||
|
||||
%install
|
||||
cd doc
|
||||
mkdir -p html
|
||||
make
|
||||
make implementor.ps
|
||||
make -C api
|
||||
make -C implement
|
||||
mv *.html html/
|
||||
cd ..
|
||||
find . -type f -name '*.ps' -exec gzip -9 {} \;
|
||||
chmod 644 doc/man2ps
|
||||
chmod 644 doc/krb5-protocol/draft-jaganathan-rc4-hmac-03.txt
|
||||
# cleanup
|
||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz
|
||||
%doc doc/krb5-protocol doc/kadmin
|
||||
%doc doc/html
|
||||
|
||||
%changelog
|
||||
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Jan 13 15:01:50 UTC 2013 - mc@suse.com
|
||||
|
||||
- update to version 1.11
|
||||
* Improve ASN.1 support code, making it table-driven for
|
||||
decoding as well as encoding
|
||||
* Refactor parts of KDC
|
||||
* Documentation consolidation
|
||||
* build docs in the main package
|
||||
* bugfixing
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com
|
||||
|
||||
- revert the -p usage in %postun to fix SLE build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 16 12:05:00 UTC 2012 - coolo@suse.com
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package krb5-mini
|
||||
#
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
%define build_mini 1
|
||||
%define srcRoot krb5-1.10.2
|
||||
%define srcRoot krb5-1.11
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
|
||||
@ -25,12 +25,13 @@ Name: krb5-mini
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: bison
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: keyutils
|
||||
BuildRequires: keyutils-devel
|
||||
BuildRequires: libcom_err-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: ncurses-devel
|
||||
Version: 1.10.2
|
||||
Version: 1.11
|
||||
Release: 0
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
License: MIT
|
||||
@ -39,6 +40,10 @@ Group: Productivity/Networking/Security
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: openldap2-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: python-Cheetah
|
||||
BuildRequires: python-Sphinx
|
||||
BuildRequires: python-libxml2
|
||||
BuildRequires: python-lxml
|
||||
%if 0%{?suse_version} >= 1210
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
%endif
|
||||
@ -52,19 +57,16 @@ Source: krb5-%{version}.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: baselibs.conf
|
||||
Source5: krb5-rpmlintrc
|
||||
Source10: krb5-1.8-manpaths.txt
|
||||
Patch1: krb5-1.10-buildconf.patch
|
||||
Patch3: krb5-1.9-manpaths.dif
|
||||
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch6: krb5-1.10-kpasswd_tcp.patch
|
||||
Patch7: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch10: krb5-1.7-doublelog.patch
|
||||
Patch12: krb5-1.8-api.patch
|
||||
Patch13: krb5-1.8-pam.patch
|
||||
Patch18: krb5-1.9-kprop-mktemp.patch
|
||||
Patch19: krb5-1.9-ksu-path.patch
|
||||
Patch20: krb5-1.10-gcc47.patch
|
||||
Patch21: krb5-1.10-selinux-label.patch
|
||||
Patch1: krb5-1.8-pam.patch
|
||||
Patch2: krb5-1.9-manpaths.dif
|
||||
Patch3: krb5-1.10-buildconf.patch
|
||||
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch5: krb5-1.10-kpasswd_tcp.patch
|
||||
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch7: krb5-1.7-doublelog.patch
|
||||
Patch8: krb5-1.8-api.patch
|
||||
Patch9: krb5-1.9-kprop-mktemp.patch
|
||||
Patch10: krb5-1.9-ksu-path.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
@ -121,6 +123,16 @@ Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||
|
||||
%package doc
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
Group: Documentation/Other
|
||||
|
||||
%description doc
|
||||
Kerberos V5 is a trusted-third-party network authentication
|
||||
system,which can improve your network's security by eliminating the
|
||||
insecurepractice of clear text passwords. This package includes
|
||||
extended documentation for MIT Kerberos.
|
||||
|
||||
%endif #! build_mini
|
||||
|
||||
%package devel
|
||||
@ -147,24 +159,16 @@ Include Files for Development
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
%patch13 -p1
|
||||
%patch3 -p1
|
||||
%patch21 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch12 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat %{SOURCE10} | while read manpage ; do
|
||||
mv "$manpage" "$manpage".in
|
||||
done
|
||||
popd
|
||||
|
||||
%build
|
||||
# needs to be re-generated
|
||||
@ -190,7 +194,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
||||
--with-ldap \
|
||||
--with-pam \
|
||||
--enable-pkinit \
|
||||
--with-selinux \
|
||||
%else
|
||||
--disable-pkinit \
|
||||
--without-pam \
|
||||
@ -198,6 +201,10 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
||||
--with-system-et \
|
||||
--with-system-ss
|
||||
make %{?jobs:-j%jobs}
|
||||
cd doc
|
||||
make %{?jobs:-j%jobs} substhtml
|
||||
cp -a html_subst ../../html
|
||||
cd ..
|
||||
|
||||
%install
|
||||
cd src
|
||||
@ -273,8 +280,9 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos
|
||||
# cleanup
|
||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
#rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
||||
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
||||
|
||||
#####################################################
|
||||
# krb5(-mini) pre/post/postun
|
||||
@ -282,7 +290,8 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
|
||||
%if ! %{build_mini}
|
||||
|
||||
@ -324,7 +333,8 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
|
||||
%post plugin-kdb-ldap -p /sbin/ldconfig
|
||||
|
||||
%postun plugin-kdb-ldap -p /sbin/ldconfig
|
||||
%postun plugin-kdb-ldap
|
||||
/sbin/ldconfig
|
||||
|
||||
%endif
|
||||
|
||||
@ -337,6 +347,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir /usr/lib/mit/share
|
||||
%dir %{_datadir}/aclocal
|
||||
%{_libdir}/libgssrpc.so
|
||||
%{_libdir}/libk5crypto.so
|
||||
@ -348,12 +359,11 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so
|
||||
%{_libdir}/libkrb5support.so
|
||||
%{_libdir}/libverto.so
|
||||
%{_libdir}/libverto-k5ev.so
|
||||
%{_includedir}/*
|
||||
/usr/lib/mit/bin/krb5-config
|
||||
/usr/lib/mit/sbin/krb5-send-pr
|
||||
/usr/lib/mit/share/gnats
|
||||
%{_mandir}/man1/krb5-send-pr.1*
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
%{_datadir}/aclocal/ac_check_krb5.m4
|
||||
|
||||
%if %{build_mini}
|
||||
@ -373,6 +383,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/share
|
||||
%doc %{krb5docdir}/README
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
|
||||
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
||||
@ -392,7 +403,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/libverto.so.*
|
||||
%{_libdir}/libverto-k5ev.so.*
|
||||
%{_libdir}/krb5/plugins/kdb/*
|
||||
#/usr/lib/mit/sbin/*
|
||||
/usr/lib/mit/sbin/kadmin.local
|
||||
@ -420,6 +430,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/share/gnats
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
/usr/sbin/rc*
|
||||
@ -429,7 +440,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
@ -465,7 +475,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/libverto.so.*
|
||||
%{_libdir}/libverto-k5ev.so.*
|
||||
|
||||
%files server
|
||||
%defattr(-,root,root)
|
||||
@ -505,6 +514,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||
%{_mandir}/man5/kdc.conf.5*
|
||||
%{_mandir}/man5/kadm5.acl.5*
|
||||
%{_mandir}/man8/kadmind.8*
|
||||
%{_mandir}/man8/kadmin.local.8*
|
||||
%{_mandir}/man8/kpropd.8*
|
||||
@ -540,7 +550,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
@ -573,6 +582,11 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||
|
||||
%files doc
|
||||
%defattr(-,root,root)
|
||||
%doc html doc/CHANGES doc/README
|
||||
|
||||
%endif #build_mini
|
||||
|
||||
%changelog
|
||||
|
||||
11
krb5.changes
11
krb5.changes
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Jan 13 15:01:50 UTC 2013 - mc@suse.com
|
||||
|
||||
- update to version 1.11
|
||||
* Improve ASN.1 support code, making it table-driven for
|
||||
decoding as well as encoding
|
||||
* Refactor parts of KDC
|
||||
* Documentation consolidation
|
||||
* build docs in the main package
|
||||
* bugfixing
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com
|
||||
|
||||
|
||||
88
krb5.spec
88
krb5.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package krb5
|
||||
#
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
%define build_mini 0
|
||||
%define srcRoot krb5-1.10.2
|
||||
%define srcRoot krb5-1.11
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
|
||||
@ -25,12 +25,13 @@ Name: krb5
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: bison
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: keyutils
|
||||
BuildRequires: keyutils-devel
|
||||
BuildRequires: libcom_err-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: ncurses-devel
|
||||
Version: 1.10.2
|
||||
Version: 1.11
|
||||
Release: 0
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
License: MIT
|
||||
@ -39,6 +40,10 @@ Group: Productivity/Networking/Security
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: openldap2-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: python-Cheetah
|
||||
BuildRequires: python-Sphinx
|
||||
BuildRequires: python-libxml2
|
||||
BuildRequires: python-lxml
|
||||
%if 0%{?suse_version} >= 1210
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
%endif
|
||||
@ -52,19 +57,16 @@ Source: krb5-%{version}.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: baselibs.conf
|
||||
Source5: krb5-rpmlintrc
|
||||
Source10: krb5-1.8-manpaths.txt
|
||||
Patch1: krb5-1.10-buildconf.patch
|
||||
Patch3: krb5-1.9-manpaths.dif
|
||||
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch6: krb5-1.10-kpasswd_tcp.patch
|
||||
Patch7: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch10: krb5-1.7-doublelog.patch
|
||||
Patch12: krb5-1.8-api.patch
|
||||
Patch13: krb5-1.8-pam.patch
|
||||
Patch18: krb5-1.9-kprop-mktemp.patch
|
||||
Patch19: krb5-1.9-ksu-path.patch
|
||||
Patch20: krb5-1.10-gcc47.patch
|
||||
Patch21: krb5-1.10-selinux-label.patch
|
||||
Patch1: krb5-1.8-pam.patch
|
||||
Patch2: krb5-1.9-manpaths.dif
|
||||
Patch3: krb5-1.10-buildconf.patch
|
||||
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch5: krb5-1.10-kpasswd_tcp.patch
|
||||
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch7: krb5-1.7-doublelog.patch
|
||||
Patch8: krb5-1.8-api.patch
|
||||
Patch9: krb5-1.9-kprop-mktemp.patch
|
||||
Patch10: krb5-1.9-ksu-path.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
@ -121,6 +123,16 @@ Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||
|
||||
%package doc
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
Group: Documentation/Other
|
||||
|
||||
%description doc
|
||||
Kerberos V5 is a trusted-third-party network authentication
|
||||
system,which can improve your network's security by eliminating the
|
||||
insecurepractice of clear text passwords. This package includes
|
||||
extended documentation for MIT Kerberos.
|
||||
|
||||
%endif #! build_mini
|
||||
|
||||
%package devel
|
||||
@ -147,24 +159,16 @@ Include Files for Development
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
%patch13 -p1
|
||||
%patch3 -p1
|
||||
%patch21 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch12 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat %{SOURCE10} | while read manpage ; do
|
||||
mv "$manpage" "$manpage".in
|
||||
done
|
||||
popd
|
||||
|
||||
%build
|
||||
# needs to be re-generated
|
||||
@ -190,7 +194,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
||||
--with-ldap \
|
||||
--with-pam \
|
||||
--enable-pkinit \
|
||||
--with-selinux \
|
||||
%else
|
||||
--disable-pkinit \
|
||||
--without-pam \
|
||||
@ -198,6 +201,10 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
||||
--with-system-et \
|
||||
--with-system-ss
|
||||
make %{?jobs:-j%jobs}
|
||||
cd doc
|
||||
make %{?jobs:-j%jobs} substhtml
|
||||
cp -a html_subst ../../html
|
||||
cd ..
|
||||
|
||||
%install
|
||||
cd src
|
||||
@ -273,8 +280,9 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos
|
||||
# cleanup
|
||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||
rm -f /usr/share/man/man1/tmac.doc*
|
||||
rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share
|
||||
#rm -rf /usr/lib/mit/share
|
||||
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
||||
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
||||
|
||||
#####################################################
|
||||
# krb5(-mini) pre/post/postun
|
||||
@ -339,6 +347,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir /usr/lib/mit/share
|
||||
%dir %{_datadir}/aclocal
|
||||
%{_libdir}/libgssrpc.so
|
||||
%{_libdir}/libk5crypto.so
|
||||
@ -350,12 +359,11 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so
|
||||
%{_libdir}/libkrb5support.so
|
||||
%{_libdir}/libverto.so
|
||||
%{_libdir}/libverto-k5ev.so
|
||||
%{_includedir}/*
|
||||
/usr/lib/mit/bin/krb5-config
|
||||
/usr/lib/mit/sbin/krb5-send-pr
|
||||
/usr/lib/mit/share/gnats
|
||||
%{_mandir}/man1/krb5-send-pr.1*
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
%{_datadir}/aclocal/ac_check_krb5.m4
|
||||
|
||||
%if %{build_mini}
|
||||
@ -375,6 +383,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
%dir /usr/lib/mit/bin
|
||||
%dir /usr/lib/mit/share
|
||||
%doc %{krb5docdir}/README
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
|
||||
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
||||
@ -394,7 +403,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/libverto.so.*
|
||||
%{_libdir}/libverto-k5ev.so.*
|
||||
%{_libdir}/krb5/plugins/kdb/*
|
||||
#/usr/lib/mit/sbin/*
|
||||
/usr/lib/mit/sbin/kadmin.local
|
||||
@ -422,6 +430,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/share/gnats
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
/usr/sbin/rc*
|
||||
@ -431,7 +440,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
@ -467,7 +475,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
%{_libdir}/libverto.so.*
|
||||
%{_libdir}/libverto-k5ev.so.*
|
||||
|
||||
%files server
|
||||
%defattr(-,root,root)
|
||||
@ -507,6 +514,7 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||
%{_mandir}/man5/kdc.conf.5*
|
||||
%{_mandir}/man5/kadm5.acl.5*
|
||||
%{_mandir}/man8/kadmind.8*
|
||||
%{_mandir}/man8/kadmin.local.8*
|
||||
%{_mandir}/man8/kpropd.8*
|
||||
@ -542,7 +550,6 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%{_mandir}/man1/kdestroy.1*
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
@ -575,6 +582,11 @@ rm -rf %{buildroot}/usr/lib/mit/share
|
||||
%dir %{_libdir}/krb5/plugins
|
||||
%dir %{_libdir}/krb5/plugins/preauth
|
||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||
|
||||
%files doc
|
||||
%defattr(-,root,root)
|
||||
%doc html doc/CHANGES doc/README
|
||||
|
||||
%endif #build_mini
|
||||
|
||||
%changelog
|
||||
|
||||
Loading…
Reference in New Issue
Block a user