diff --git a/krb5-1.6-patchlevel.dif b/krb5-1.6-patchlevel.dif new file mode 100644 index 0000000..8c4c245 --- /dev/null +++ b/krb5-1.6-patchlevel.dif @@ -0,0 +1,14 @@ +Index: src/patchlevel.h +=================================================================== +--- src/patchlevel.h ++++ src/patchlevel.h 2007/02/09 10:18:23 +@@ -53,6 +53,6 @@ + #define KRB5_MAJOR_RELEASE 1 + #define KRB5_MINOR_RELEASE 6 + #define KRB5_PATCHLEVEL 0 +-/* #undef KRB5_RELTAIL */ ++#define KRB5_RELTAIL "postrelease" + #define KRB5_RELDATE "20070109" +-#define KRB5_RELTAG "tags/krb5-1-6-final" ++#define KRB5_RELTAG "branches/krb5-1-6" + diff --git a/krb5-1.6-post.dif b/krb5-1.6-post.dif index ec4e366..99c2030 100644 --- a/krb5-1.6-post.dif +++ b/krb5-1.6-post.dif @@ -1,7 +1,7 @@ Index: src/plugins/preauth/cksum_body/cksum_body_main.c =================================================================== ---- src/plugins/preauth/cksum_body/cksum_body_main.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/plugins/preauth/cksum_body/cksum_body_main.c (.../branches/krb5-1-6) (Revision 19151) +--- src/plugins/preauth/cksum_body/cksum_body_main.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/plugins/preauth/cksum_body/cksum_body_main.c (.../branches/krb5-1-6) (Revision 19164) @@ -78,6 +78,7 @@ client_process(krb5_context kcontext, void *client_plugin_context, @@ -79,8 +79,8 @@ Index: src/plugins/preauth/cksum_body/cksum_body_main.c struct krb5plugin_preauth_server_ftable_v0 preauthentication_server_0 = { Index: src/plugins/preauth/wpse/wpse_main.c =================================================================== ---- src/plugins/preauth/wpse/wpse_main.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/plugins/preauth/wpse/wpse_main.c (.../branches/krb5-1-6) (Revision 19151) +--- src/plugins/preauth/wpse/wpse_main.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/plugins/preauth/wpse/wpse_main.c (.../branches/krb5-1-6) (Revision 19164) @@ -90,6 +90,7 @@ client_process(krb5_context kcontext, void *plugin_context, @@ -121,8 +121,8 @@ Index: src/plugins/preauth/wpse/wpse_main.c struct krb5plugin_preauth_server_ftable_v0 preauthentication_server_0 = { Index: src/include/Makefile.in =================================================================== ---- src/include/Makefile.in (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/include/Makefile.in (.../branches/krb5-1-6) (Revision 19151) +--- src/include/Makefile.in (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/include/Makefile.in (.../branches/krb5-1-6) (Revision 19164) @@ -85,9 +85,14 @@ asn1_err.h >> krb5/krb5.h echo "#endif /* KRB5_KRB5_H_INCLUDED */" >> krb5/krb5.h @@ -142,8 +142,8 @@ Index: src/include/Makefile.in # asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h Index: src/include/k5-int.h =================================================================== ---- src/include/k5-int.h (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/include/k5-int.h (.../branches/krb5-1-6) (Revision 19151) +--- src/include/k5-int.h (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/include/k5-int.h (.../branches/krb5-1-6) (Revision 19164) @@ -876,6 +876,7 @@ krb5_error_code (*client_process)(krb5_context context, void *plugin_context, @@ -293,9 +293,30 @@ Index: src/include/k5-int.h void KRB5_CALLCONV krb5_preauth_request_context_fini Index: src/include/krb5/krb5.hin =================================================================== ---- src/include/krb5/krb5.hin (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/include/krb5/krb5.hin (.../branches/krb5-1-6) (Revision 19151) -@@ -2431,7 +2431,17 @@ +--- src/include/krb5/krb5.hin (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/include/krb5/krb5.hin (.../branches/krb5-1-6) (Revision 19164) +@@ -1469,8 +1469,20 @@ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); ++ ++krb5_error_code KRB5_CALLCONV ++krb5int_server_decrypt_ticket_keyblock ++ (krb5_context context, ++ const krb5_keyblock *key, ++ krb5_ticket *ticket); + #endif + ++krb5_error_code KRB5_CALLCONV ++krb5_server_decrypt_ticket_keytab ++ (krb5_context context, ++ const krb5_keytab kt, ++ krb5_ticket *ticket); ++ + void KRB5_CALLCONV krb5_free_tgt_creds + (krb5_context, + krb5_creds **); /* XXX too hard to do with const */ +@@ -2431,7 +2443,17 @@ #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 @@ -313,7 +334,7 @@ Index: src/include/krb5/krb5.hin krb5_get_init_creds_opt_init (krb5_get_init_creds_opt *opt); -@@ -2482,7 +2492,28 @@ +@@ -2482,7 +2504,28 @@ (krb5_get_init_creds_opt *opt, int prompt); @@ -344,8 +365,8 @@ Index: src/include/krb5/krb5.hin krb5_creds *creds, Index: src/include/krb5/preauth_plugin.h =================================================================== ---- src/include/krb5/preauth_plugin.h (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/include/krb5/preauth_plugin.h (.../branches/krb5-1-6) (Revision 19151) +--- src/include/krb5/preauth_plugin.h (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/include/krb5/preauth_plugin.h (.../branches/krb5-1-6) (Revision 19164) @@ -158,6 +158,17 @@ void *gak_data); @@ -430,8 +451,8 @@ Index: src/include/krb5/preauth_plugin.h #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */ Index: src/clients/kpasswd/ksetpwd.c =================================================================== ---- src/clients/kpasswd/ksetpwd.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/clients/kpasswd/ksetpwd.c (.../branches/krb5-1-6) (Revision 19151) +--- src/clients/kpasswd/ksetpwd.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/clients/kpasswd/ksetpwd.c (.../branches/krb5-1-6) (Revision 19164) @@ -34,8 +34,6 @@ { krb5_preauthtype preauth[] = { KRB5_PADATA_ENC_TIMESTAMP }; @@ -481,8 +502,8 @@ Index: src/clients/kpasswd/ksetpwd.c if( have_credentials ) Index: src/clients/kpasswd/kpasswd.c =================================================================== ---- src/clients/kpasswd/kpasswd.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/clients/kpasswd/kpasswd.c (.../branches/krb5-1-6) (Revision 19151) +--- src/clients/kpasswd/kpasswd.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/clients/kpasswd/kpasswd.c (.../branches/krb5-1-6) (Revision 19164) @@ -49,7 +49,7 @@ krb5_principal princ; char *pname; @@ -554,10 +575,148 @@ Index: src/clients/kpasswd/kpasswd.c printf("Password changed.\n"); exit(0); +Index: src/clients/kvno/kvno.c +=================================================================== +--- src/clients/kvno/kvno.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/clients/kvno/kvno.c (.../branches/krb5-1-6) (Revision 19164) +@@ -41,10 +41,10 @@ + { + #ifdef KRB5_KRB4_COMPAT + fprintf(stderr, +- "usage: %s [-4 | [-c ccache] [-e etype]] service1 service2 ...\n", ++ "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...\n", + prog); + #else +- fprintf(stderr, "usage: %s [-c ccache] [-e etype] service1 service2 ...\n", ++ fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] service1 service2 ...\n", + prog); + #endif + exit(1); +@@ -54,7 +54,7 @@ + + static void do_v4_kvno (int argc, char *argv[]); + static void do_v5_kvno (int argc, char *argv[], +- char *ccachestr, char *etypestr); ++ char *ccachestr, char *etypestr, char *keytab_name); + + #include + static void extended_com_err_fn (const char *, errcode_t, const char *, +@@ -63,7 +63,7 @@ + int main(int argc, char *argv[]) + { + int option; +- char *etypestr = 0, *ccachestr = 0; ++ char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL; + int v4 = 0; + + set_com_err_hook (extended_com_err_fn); +@@ -71,7 +71,7 @@ + prog = strrchr(argv[0], '/'); + prog = prog ? (prog + 1) : argv[0]; + +- while ((option = getopt(argc, argv, "c:e:hq4")) != -1) { ++ while ((option = getopt(argc, argv, "c:e:hk:q4")) != -1) { + switch (option) { + case 'c': + ccachestr = optarg; +@@ -82,6 +82,9 @@ + case 'h': + xusage(); + break; ++ case 'k': ++ keytab_name = optarg; ++ break; + case 'q': + quiet = 1; + break; +@@ -97,13 +100,13 @@ + if ((argc - optind) < 1) + xusage(); + +- if ((ccachestr != 0 || etypestr != 0) && v4) ++ if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4) + xusage(); + + if (v4) + do_v4_kvno(argc - optind, argv + optind); + else +- do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr); ++ do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name); + return 0; + } + +@@ -169,7 +172,7 @@ + } + + static void do_v5_kvno (int count, char *names[], +- char * ccachestr, char *etypestr) ++ char * ccachestr, char *etypestr, char *keytab_name) + { + krb5_error_code ret; + int i, errors; +@@ -179,6 +182,7 @@ + krb5_creds in_creds, *out_creds; + krb5_ticket *ticket; + char *princ; ++ krb5_keytab keytab = NULL; + + ret = krb5_init_context(&context); + if (ret) { +@@ -205,6 +209,14 @@ + exit(1); + } + ++ if (keytab_name) { ++ ret = krb5_kt_resolve(context, keytab_name, &keytab); ++ if (ret) { ++ com_err(prog, ret, "resolving keytab %s", keytab_name); ++ exit(1); ++ } ++ } ++ + ret = krb5_cc_get_principal(context, ccache, &me); + if (ret) { + com_err(prog, ret, "while getting client principal name"); +@@ -261,14 +273,32 @@ + continue; + } + +- if (!quiet) +- printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno); ++ if (keytab) { ++ ret = krb5_server_decrypt_ticket_keytab(context, keytab, ticket); ++ if (ret) { ++ if (!quiet) ++ printf("%s: kvno = %d, keytab entry invalid", princ, ticket->enc_part.kvno); ++ com_err(prog, ret, "while decrypting ticket for %s", princ); ++ krb5_free_ticket(context, ticket); ++ krb5_free_creds(context, out_creds); ++ krb5_free_unparsed_name(context, princ); + +- krb5_free_ticket(context, ticket); ++ errors++; ++ continue; ++ } ++ if (!quiet) ++ printf("%s: kvno = %d, keytab entry valid\n", princ, ticket->enc_part.kvno); ++ } else { ++ if (!quiet) ++ printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno); ++ } ++ + krb5_free_creds(context, out_creds); + krb5_free_unparsed_name(context, princ); + } + ++ if (keytab) ++ krb5_kt_close(context, keytab); + krb5_free_principal(context, me); + krb5_cc_close(context, ccache); + krb5_free_context(context); Index: src/clients/kinit/kinit.c =================================================================== ---- src/clients/kinit/kinit.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/clients/kinit/kinit.c (.../branches/krb5-1-6) (Revision 19151) +--- src/clients/kinit/kinit.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/clients/kinit/kinit.c (.../branches/krb5-1-6) (Revision 19164) @@ -38,6 +38,7 @@ #include #include @@ -746,8 +905,8 @@ Index: src/clients/kinit/kinit.c krb5_kt_close(k5->ctx, keytab); Index: src/lib/gssapi/krb5/k5sealv3.c =================================================================== ---- src/lib/gssapi/krb5/k5sealv3.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/gssapi/krb5/k5sealv3.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/gssapi/krb5/k5sealv3.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/gssapi/krb5/k5sealv3.c (.../branches/krb5-1-6) (Revision 19164) @@ -412,10 +412,16 @@ if (load_16_be(althdr) != 0x0504 || althdr[2] != ptr[2] @@ -768,8 +927,8 @@ Index: src/lib/gssapi/krb5/k5sealv3.c if (conf_state) Index: src/lib/krb5/keytab/kt_file.c =================================================================== ---- src/lib/krb5/keytab/kt_file.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/keytab/kt_file.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/keytab/kt_file.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/keytab/kt_file.c (.../branches/krb5-1-6) (Revision 19164) @@ -193,6 +193,7 @@ err = k5_mutex_init(&data->lock); @@ -788,8 +947,8 @@ Index: src/lib/krb5/keytab/kt_file.c } Index: src/lib/krb5/os/sendto_kdc.c =================================================================== ---- src/lib/krb5/os/sendto_kdc.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/os/sendto_kdc.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/os/sendto_kdc.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/os/sendto_kdc.c (.../branches/krb5-1-6) (Revision 19164) @@ -1127,7 +1127,7 @@ return ENOMEM; } @@ -810,8 +969,8 @@ Index: src/lib/krb5/os/sendto_kdc.c for (i = 0; i < n_conns; i++) { Index: src/lib/krb5/os/changepw.c =================================================================== ---- src/lib/krb5/os/changepw.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/os/changepw.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/os/changepw.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/os/changepw.c (.../branches/krb5-1-6) (Revision 19164) @@ -70,12 +70,14 @@ locate_service_kadmin, SOCK_STREAM, 0); if (!code) { @@ -830,8 +989,8 @@ Index: src/lib/krb5/os/changepw.c } Index: src/lib/krb5/ccache/ccapi/stdcc.c =================================================================== ---- src/lib/krb5/ccache/ccapi/stdcc.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/ccache/ccapi/stdcc.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/ccache/ccapi/stdcc.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/ccache/ccapi/stdcc.c (.../branches/krb5-1-6) (Revision 19164) @@ -56,6 +56,7 @@ #ifdef USE_CCAPI_V3 @@ -984,8 +1143,8 @@ Index: src/lib/krb5/ccache/ccapi/stdcc.c Index: src/lib/krb5/libkrb5.exports =================================================================== ---- src/lib/krb5/libkrb5.exports (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/libkrb5.exports (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/libkrb5.exports (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/libkrb5.exports (.../branches/krb5-1-6) (Revision 19164) @@ -436,11 +436,16 @@ krb5_get_in_tkt_with_skey krb5_get_init_creds @@ -1003,10 +1162,18 @@ Index: src/lib/krb5/libkrb5.exports krb5_get_init_creds_opt_set_preauth_list krb5_get_init_creds_opt_set_proxiable krb5_get_init_creds_opt_set_renew_life +@@ -614,6 +619,7 @@ + krb5_ser_unpack_bytes + krb5_ser_unpack_int32 + krb5_ser_unpack_int64 ++krb5_server_decrypt_ticket_keytab + krb5_set_config_files + krb5_set_debugging_time + krb5_set_default_in_tkt_ktypes Index: src/lib/krb5/krb/gic_keytab.c =================================================================== ---- src/lib/krb5/krb/gic_keytab.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/krb/gic_keytab.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/krb/gic_keytab.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/gic_keytab.c (.../branches/krb5-1-6) (Revision 19164) @@ -76,11 +76,18 @@ } @@ -1100,10 +1267,153 @@ Index: src/lib/krb5/krb/gic_keytab.c if (retval) { goto cleanup; } +Index: src/lib/krb5/krb/Makefile.in +=================================================================== +--- src/lib/krb5/krb/Makefile.in (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/Makefile.in (.../branches/krb5-1-6) (Revision 19164) +@@ -89,6 +89,7 @@ + ser_princ.o \ + serialize.o \ + set_realm.o \ ++ srv_dec_tkt.o \ + srv_rcache.o \ + str_conv.o \ + tgtname.o \ +@@ -175,6 +176,7 @@ + $(OUTPRE)ser_princ.$(OBJEXT) \ + $(OUTPRE)serialize.$(OBJEXT) \ + $(OUTPRE)set_realm.$(OBJEXT) \ ++ $(OUTPRE)srv_dec_tkt.$(OBJEXT) \ + $(OUTPRE)srv_rcache.$(OBJEXT) \ + $(OUTPRE)str_conv.$(OBJEXT) \ + $(OUTPRE)tgtname.$(OBJEXT) \ +@@ -262,6 +264,7 @@ + $(srcdir)/ser_princ.c \ + $(srcdir)/serialize.c \ + $(srcdir)/set_realm.c \ ++ $(srcdir)/srv_dec_tkt.c \ + $(srcdir)/srv_rcache.c \ + $(srcdir)/str_conv.c \ + $(srcdir)/tgtname.c \ +@@ -1041,6 +1044,15 @@ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + set_realm.c ++srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \ ++ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ ++ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ ++ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ ++ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ ++ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ ++ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ ++ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ ++ srv_dec_tkt.c + srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +Index: src/lib/krb5/krb/srv_dec_tkt.c +=================================================================== +--- src/lib/krb5/krb/srv_dec_tkt.c (.../tags/krb5-1-6-final) (Revision 0) ++++ src/lib/krb5/krb/srv_dec_tkt.c (.../branches/krb5-1-6) (Revision 19164) +@@ -0,0 +1,94 @@ ++/* ++ * lib/krb5/krb/srv_dec_tkt.c ++ * ++ * Copyright 2006 by the Massachusetts Institute of Technology. ++ * All Rights Reserved. ++ * ++ * Export of this software from the United States of America may ++ * require a specific license from the United States Government. ++ * It is the responsibility of any person or organization contemplating ++ * export to obtain such a license before exporting. ++ * ++ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and ++ * distribute this software and its documentation for any purpose and ++ * without fee is hereby granted, provided that the above copyright ++ * notice appear in all copies and that both that copyright notice and ++ * this permission notice appear in supporting documentation, and that ++ * the name of M.I.T. not be used in advertising or publicity pertaining ++ * to distribution of the software without specific, written prior ++ * permission. Furthermore if you modify this software you must label ++ * your software as modified software and not distribute it in such a ++ * fashion that it might be confused with the original M.I.T. software. ++ * M.I.T. makes no representations about the suitability of ++ * this software for any purpose. It is provided "as is" without express ++ * or implied warranty. ++ * ++ * ++ * Server decrypt ticket via keytab or keyblock. ++ * ++ * Different from krb5_rd_req_decoded. (krb5/src/lib/krb5/krb/rd_req_dec.c) ++ * - No krb5_principal_compare or KRB5KRB_AP_ERR_BADMATCH error. ++ * - No replay cache processing. ++ * - No skew checking or KRB5KRB_AP_ERR_SKEW error. ++ * - No address checking or KRB5KRB_AP_ERR_BADADDR error. ++ * - No time validation. ++ * - No permitted enctype validation or KRB5_NOPERM_ETYPE error. ++ * - Does not free ticket->enc_part2 on error. ++ */ ++ ++#include ++ ++krb5_error_code KRB5_CALLCONV ++krb5int_server_decrypt_ticket_keyblock(krb5_context context, ++ const krb5_keyblock *key, ++ krb5_ticket *ticket) ++{ ++ krb5_error_code retval; ++ krb5_data *realm; ++ krb5_transited *trans; ++ ++ retval = krb5_decrypt_tkt_part(context, key, ticket); ++ if (retval) ++ goto done; ++ ++ trans = &ticket->enc_part2->transited; ++ realm = &ticket->enc_part2->client->realm; ++ if (trans->tr_contents.data && *trans->tr_contents.data) { ++ retval = krb5_check_transited_list(context, &trans->tr_contents, ++ realm, &ticket->server->realm); ++ goto done; ++ } ++ ++ if (ticket->enc_part2->flags & TKT_FLG_INVALID) { /* ie, KDC_OPT_POSTDATED */ ++ retval = KRB5KRB_AP_ERR_TKT_INVALID; ++ goto done; ++ } ++ ++ done: ++ return retval; ++} ++ ++ ++krb5_error_code KRB5_CALLCONV ++krb5_server_decrypt_ticket_keytab(krb5_context context, ++ const krb5_keytab kt, ++ krb5_ticket *ticket) ++{ ++ krb5_error_code retval; ++ krb5_enctype enctype; ++ krb5_keytab_entry ktent; ++ ++ enctype = ticket->enc_part.enctype; ++ ++ if ((retval = krb5_kt_get_entry(context, kt, ticket->server, ++ ticket->enc_part.kvno, ++ enctype, &ktent))) ++ return retval; ++ ++ retval = krb5int_server_decrypt_ticket_keyblock(context, ++ &ktent.key, ticket); ++ /* Upon error, Free keytab entry first, then return */ ++ ++ (void) krb5_kt_free_entry(context, &ktent); ++ return retval; ++} Index: src/lib/krb5/krb/gic_opt.c =================================================================== ---- src/lib/krb5/krb/gic_opt.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/krb/gic_opt.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/krb/gic_opt.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/gic_opt.c (.../branches/krb5-1-6) (Revision 19164) @@ -72,3 +72,357 @@ else opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; @@ -1464,8 +1774,8 @@ Index: src/lib/krb5/krb/gic_opt.c +} Index: src/lib/krb5/krb/get_in_tkt.c =================================================================== ---- src/lib/krb5/krb/get_in_tkt.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/krb/get_in_tkt.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/krb/get_in_tkt.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/get_in_tkt.c (.../branches/krb5-1-6) (Revision 19164) @@ -843,7 +843,7 @@ void *prompter_data, krb5_deltat start_time, @@ -1504,8 +1814,8 @@ Index: src/lib/krb5/krb/get_in_tkt.c /* XXX For 1.1.1 and prior KDC's, when SAM is used w/ USE_SAD_AS_KEY, Index: src/lib/krb5/krb/preauth2.c =================================================================== ---- src/lib/krb5/krb/preauth2.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/krb/preauth2.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/krb/preauth2.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/preauth2.c (.../branches/krb5-1-6) (Revision 19164) @@ -163,6 +163,10 @@ context->modules[k].use_count = 0; context->modules[k].client_process = table->process; @@ -1646,8 +1956,8 @@ Index: src/lib/krb5/krb/preauth2.c if (paorder[h] == PA_REAL) { Index: src/lib/krb5/krb/gic_pwd.c =================================================================== ---- src/lib/krb5/krb/gic_pwd.c (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5/krb/gic_pwd.c (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5/krb/gic_pwd.c (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5/krb/gic_pwd.c (.../branches/krb5-1-6) (Revision 19164) @@ -85,18 +85,28 @@ } @@ -1832,8 +2142,8 @@ Index: src/lib/krb5/krb/gic_pwd.c } Index: src/lib/krb5_32.def =================================================================== ---- src/lib/krb5_32.def (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/lib/krb5_32.def (.../branches/krb5-1-6) (Revision 19151) +--- src/lib/krb5_32.def (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/lib/krb5_32.def (.../branches/krb5-1-6) (Revision 19164) @@ -155,7 +155,12 @@ krb5_get_in_tkt_with_password ; DEPRECATED krb5_get_in_tkt_with_skey ; DEPRECATED @@ -1847,23 +2157,18 @@ Index: src/lib/krb5_32.def krb5_get_init_creds_opt_set_address_list krb5_get_init_creds_opt_set_etype_list krb5_get_init_creds_opt_set_forwardable -Index: src/patchlevel.h -=================================================================== ---- src/patchlevel.h -+++ src/patchlevel.h 2007/02/09 10:18:23 -@@ -53,6 +53,6 @@ - #define KRB5_MAJOR_RELEASE 1 - #define KRB5_MINOR_RELEASE 6 - #define KRB5_PATCHLEVEL 0 --/* #undef KRB5_RELTAIL */ -+#define KRB5_RELTAIL "postrelease" - #define KRB5_RELDATE "20070109" --#define KRB5_RELTAG "tags/krb5-1-6-final" -+#define KRB5_RELTAG "branches/krb5-1-6" +@@ -219,6 +224,7 @@ + krb5_recvauth_version + krb5_salttype_to_string + krb5_sendauth ++ krb5_server_decrypt_ticket_keytab + krb5_set_default_realm + krb5_set_default_tgs_enctypes + krb5_set_password Index: src/util/def-check.pl =================================================================== ---- src/util/def-check.pl (.../tags/krb5-1-6-final) (Revision 19151) -+++ src/util/def-check.pl (.../branches/krb5-1-6) (Revision 19151) +--- src/util/def-check.pl (.../tags/krb5-1-6-final) (Revision 19164) ++++ src/util/def-check.pl (.../branches/krb5-1-6) (Revision 19164) @@ -165,7 +165,7 @@ goto Hadcallc; } @@ -1881,7 +2186,7 @@ Name: svk:merge 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 - + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19458 + + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19480 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 diff --git a/krb5-doc.changes b/krb5-doc.changes index 9240445..10dccc8 100644 --- a/krb5-doc.changes +++ b/krb5-doc.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Feb 19 14:00:49 CET 2007 - mc@suse.de + +- add krb5-1.6-post.dif + ------------------------------------------------------------------- Mon Jan 22 12:21:20 CET 2007 - mc@suse.de diff --git a/krb5-doc.spec b/krb5-doc.spec index 91b55d6..a937d61 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -13,7 +13,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html te_ams Version: 1.6 -Release: 7 +Release: 10 %define srcRoot krb5-1.6 Summary: MIT Kerberos5 Implementation--Documentation License: X11/MIT @@ -23,6 +23,8 @@ Source: krb5-1.6.tar.bz2 Source1: README.Source Source2: Makefile.kadm5 Patch0: krb5-1.3.5-perlfix.dif +Patch1: krb5-1.6-post.dif +Patch2: krb5-1.6-patchlevel.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArchitectures: noarch @@ -44,6 +46,8 @@ Authors: %prep %setup -n %{srcRoot} %patch0 +%patch1 +%patch2 cp %{_sourcedir}/Makefile.kadm5 %{_builddir}/%{srcRoot}/doc/kadm5/Makefile %build @@ -85,7 +89,9 @@ rm -rf %{buildroot} %doc doc/krb5-protocol doc/kadmin %doc doc/html -%changelog -n krb5-doc +%changelog +* Mon Feb 19 2007 - mc@suse.de +- add krb5-1.6-post.dif * Mon Jan 22 2007 - mc@suse.de - update to version 1.6 * Major changes in 1.6 include diff --git a/krb5-plugins.changes b/krb5-plugins.changes index 7a614c2..7c1ceca 100644 --- a/krb5-plugins.changes +++ b/krb5-plugins.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Feb 19 14:00:34 CET 2007 - mc@suse.de + +- update krb5-1.6-post.dif + ------------------------------------------------------------------- Fri Feb 9 13:31:54 CET 2007 - mc@suse.de diff --git a/krb5-plugins.spec b/krb5-plugins.spec index 0673805..f8e41ee 100644 --- a/krb5-plugins.spec +++ b/krb5-plugins.spec @@ -13,7 +13,7 @@ Name: krb5-plugins Version: 1.6 -Release: 6 +Release: 7 BuildRequires: krb5-devel openldap2-devel %define srcRoot krb5-1.6 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ @@ -32,6 +32,7 @@ Patch1: krb5-1.5.1-fix-too-few-arguments.dif Patch2: krb5-1.4-compile_pie.dif Patch3: krb5-1.4-fix-segfault.dif Patch4: krb5-1.6-post.dif +Patch5: krb5-1.6-patchlevel.dif Patch6: trunk-EncryptWithMasterKey.dif Patch14: warning-fix-lib-crypto-des.dif Patch15: warning-fix-lib-crypto-dk.dif @@ -95,6 +96,7 @@ fi %patch2 %patch3 %patch4 +%patch5 %patch6 cd %{_builddir}/%{srcRoot}/src %patch14 @@ -204,7 +206,9 @@ rm -rf %{buildroot} %{_libdir}/libkdb_ldap* %{_mandir}/man8/* -%changelog -n krb5-plugins +%changelog +* Mon Feb 19 2007 - mc@suse.de +- update krb5-1.6-post.dif * Fri Feb 09 2007 - mc@suse.de - update krb5-1.6-post.dif * Mon Jan 29 2007 - ro@suse.de diff --git a/krb5.changes b/krb5.changes index db68b29..09bdcbb 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Feb 19 13:59:43 CET 2007 - mc@suse.de + +- update krb5-1.6-post.dif +- move some applications into the right package + ------------------------------------------------------------------- Fri Feb 9 13:31:22 CET 2007 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index 6052f5f..e96d7aa 100644 --- a/krb5.spec +++ b/krb5.spec @@ -12,7 +12,7 @@ Name: krb5 Version: 1.6 -Release: 7 +Release: 9 BuildRequires: libcom_err %if %{suse_version} > 1010 BuildRequires: keyutils keyutils-devel @@ -35,6 +35,7 @@ Patch1: krb5-1.5.1-fix-too-few-arguments.dif Patch2: krb5-1.4-compile_pie.dif Patch3: krb5-1.4-fix-segfault.dif Patch4: krb5-1.6-post.dif +Patch5: krb5-1.6-patchlevel.dif Patch6: trunk-EncryptWithMasterKey.dif Patch14: warning-fix-lib-crypto-des.dif Patch15: warning-fix-lib-crypto-dk.dif @@ -185,6 +186,7 @@ fi %patch2 %patch3 %patch4 +%patch5 %patch6 cd %{_builddir}/%{srcRoot}/src %patch14 @@ -371,8 +373,6 @@ rm -rf %{buildroot} %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict /usr/bin/rc* -/usr/lib/mit/sbin/sserver -/usr/lib/mit/sbin/gss-server /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind /usr/lib/mit/sbin/kpropd @@ -380,12 +380,9 @@ rm -rf %{buildroot} /usr/lib/mit/sbin/kdb5_util /usr/lib/mit/sbin/krb5kdc /usr/lib/mit/sbin/krb524d -/usr/lib/mit/sbin/login.krb5 -/usr/lib/mit/sbin/sim_server /usr/lib/mit/sbin/EncryptWithMasterKey %{_libdir}/krb5/plugins/kdb/*.so %{_mandir}/man5/kdc.conf.5* -%{_mandir}/man8/sserver.8* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* @@ -393,7 +390,6 @@ rm -rf %{buildroot} %{_mandir}/man8/kdb5_util.8* %{_mandir}/man8/krb5kdc.8* %{_mandir}/man8/krb524d.8* -%{_mandir}/man8/login.krb5.8* %files client %defattr(-,root,root) @@ -405,10 +401,7 @@ rm -rf %{buildroot} /usr/lib/mit/bin/kdestroy /usr/lib/mit/bin/kpasswd /usr/lib/mit/bin/klist -/usr/lib/mit/bin/sclient -/usr/lib/mit/bin/gss-client /usr/lib/mit/bin/krb524init -/usr/lib/mit/bin/sim_client /usr/lib/mit/sbin/kadmin /usr/lib/mit/sbin/ktutil /usr/lib/mit/sbin/k5srvutil @@ -420,7 +413,6 @@ rm -rf %{buildroot} %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/sclient.1* %{_mandir}/man1/kerberos.1* %{_mandir}/man5/krb5.conf.5* %{_mandir}/man5/.k5login.5* @@ -440,10 +432,16 @@ rm -rf %{buildroot} /usr/lib/mit/sbin/kshd /usr/lib/mit/sbin/telnetd /usr/lib/mit/sbin/uuserver +/usr/lib/mit/sbin/sserver +/usr/lib/mit/sbin/gss-server +/usr/lib/mit/sbin/sim_server +/usr/lib/mit/sbin/login.krb5 %{_mandir}/man8/kftpd.8* %{_mandir}/man8/klogind.8* %{_mandir}/man8/kshd.8* %{_mandir}/man8/ktelnetd.8* +%{_mandir}/man8/sserver.8* +%{_mandir}/man8/login.krb5.8* %files apps-clients %defattr(-,root,root) @@ -457,6 +455,9 @@ rm -rf %{buildroot} /usr/lib/mit/bin/rsh /usr/lib/mit/bin/telnet /usr/lib/mit/bin/uuclient +/usr/lib/mit/bin/sclient +/usr/lib/mit/bin/gss-client +/usr/lib/mit/bin/sim_client # removed SUID bit %attr(0755,root,root)/usr/lib/mit/bin/v4rcp %{_mandir}/man1/kftp.1* @@ -466,6 +467,7 @@ rm -rf %{buildroot} %{_mandir}/man1/ksu.1* %{_mandir}/man1/krcp.1* %{_mandir}/man1/v4rcp.1* +%{_mandir}/man1/sclient.1* %files devel %defattr(-,root,root) @@ -487,7 +489,10 @@ rm -rf %{buildroot} %{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* -%changelog -n krb5 +%changelog +* Mon Feb 19 2007 - mc@suse.de +- update krb5-1.6-post.dif +- move some applications into the right package * Fri Feb 09 2007 - mc@suse.de - update krb5-1.6-post.dif * Mon Jan 29 2007 - mc@suse.de