aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2002-02-10 22:45:32 +0000
committerCy Schubert <cy@FreeBSD.org>2002-02-10 22:45:32 +0000
commit0d5e01e01dc6c1127ac2e0b1279fc2cf4371fc0a (patch)
tree89859ace9b7e6561b94f63fe37080b1aa3fd8ae5
parentcc99216876a77c6fb4ac13b642926d167fa943de (diff)
downloadports-0d5e01e01dc6c1127ac2e0b1279fc2cf4371fc0a.tar.gz
ports-0d5e01e01dc6c1127ac2e0b1279fc2cf4371fc0a.zip
Notes
-rw-r--r--security/krb5-beta/Makefile127
-rw-r--r--security/krb5-beta/distinfo1
-rw-r--r--security/krb5-beta/files/README.FreeBSD32
-rw-r--r--security/krb5-beta/files/patch-ac13
-rw-r--r--security/krb5-beta/files/patch-ad13
-rw-r--r--security/krb5-beta/files/patch-ae13
-rw-r--r--security/krb5-beta/files/patch-af13
-rw-r--r--security/krb5-beta/files/patch-ai28
-rw-r--r--security/krb5-beta/files/patch-aj19
-rw-r--r--security/krb5-beta/files/patch-appl::bsd::Makefile.in11
-rw-r--r--security/krb5-beta/files/patch-appl::bsd::klogind.M34
-rw-r--r--security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in11
-rw-r--r--security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.822
-rw-r--r--security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c38
-rw-r--r--security/krb5-beta/files/patch-as199
-rw-r--r--security/krb5-beta/files/patch-at14
-rw-r--r--security/krb5-beta/files/patch-av15
-rw-r--r--security/krb5-beta/files/patch-ax11
-rw-r--r--security/krb5-beta/files/patch-ay50
-rw-r--r--security/krb5-beta/files/patch-ba81
-rw-r--r--security/krb5-beta/files/patch-bb10
-rw-r--r--security/krb5-beta/pkg-comment1
-rw-r--r--security/krb5-beta/pkg-descr24
-rw-r--r--security/krb5-beta/pkg-plist124
24 files changed, 904 insertions, 0 deletions
diff --git a/security/krb5-beta/Makefile b/security/krb5-beta/Makefile
new file mode 100644
index 000000000000..35fbeedc56c3
--- /dev/null
+++ b/security/krb5-beta/Makefile
@@ -0,0 +1,127 @@
+# Ports collection Makefile for: MIT Kerberos V Beta
+# Date created: 2/10/2002
+# Whom: cy@FreeBSD.org
+#
+# $FreeBSD$
+#
+
+PORTNAME= krb5
+PORTVERSION= 1.2.4b1
+CATEGORIES= security
+MASTER_SITES= # manual download
+DISTNAME= krb5-1.2.4-beta1
+
+MAINTAINER= cy@FreeBSD.org
+
+BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4
+
+KERBEROSV_URL= http://web.mit.edu/network/kerberos-form.html
+USE_GMAKE= yes
+INSTALLS_SHLIB= yes
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS?= --enable-shared --with-ccopts="${CFLAGS}"
+CONFIGURE_ENV= INSTALL="${INSTALL}"
+MAKE_ARGS= INSTALL="${INSTALL}"
+KRB5_KRB4_COMPAT?= YES
+
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == "NO"
+MASTER_SITES= http://www.crypto-publish.org/dist/mit-kerberos5/
+.endif
+
+.if !defined(KRB5_KRB4_COMPAT) || ${KRB5_KRB4_COMPAT} == "NO"
+CONFIGURE_ARGS+= --without-krb4
+.endif
+
+.if defined(KRB5_HOME)
+PREFIX= ${KRB5_HOME}
+.endif
+
+RESTRICTED= "Crypto; export-controlled"
+# Set USA_RESIDENT appropriately in /etc/make.conf if you like
+
+INFO_FILES= krb425.info krb5-admin.info krb5-admin.info-1 \
+ krb5-admin.info-2 krb5-admin.info-3 krb5-install.info \
+ krb5-install.info-1 krb5-install.info-2 krb5-user.info
+
+MAN1= krb5-send-pr.1 kpasswd.1 v5passwd.1 klist.1 kinit.1 \
+ kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 rlogin.1 \
+ v4rcp.1 ftp.1 telnet.1 kerberos.1 kvno.1
+MAN5= kdc.conf.5 krb5.conf.5 .k5login.5
+MAN8= krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \
+ ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \
+ kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8
+
+WRKSRC= ${WRKDIR}/${DISTNAME}/src
+
+WANT_HTML?= YES
+HTML_DOC_DIR= ${WRKDIR}/${DISTNAME}/doc
+HTML_DOCS= admin.html install_foot.html user-guide.html \
+ admin_foot.html install_toc.html user-guide_foot.html \
+ admin_toc.html krb425.html user-guide_toc.html \
+ install.html krb425_toc.html
+
+.if !defined(USA_RESIDENT) || ${USA_RESIDENT} == "YES"
+do-fetch:
+ @if [ ! -f ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX} ]; then \
+ ${ECHO} ""; \
+ ${ECHO} ">> Kerberos V contains encryption software and is"; \
+ ${ECHO} " export restricted. If you are not a USA resident,";\
+ ${ECHO} " then you cannot obtain the Kerberos V sources from";\
+ ${ECHO} " within the United States."; \
+ ${ECHO} ""; \
+ ${ECHO} ">> The Kerberos V sources must be fetched manually."; \
+ ${ECHO} " Please visit ${KERBEROSV_URL}"; \
+ ${ECHO} " to download ${DISTNAME}${EXTRACT_SUFX} and place"; \
+ ${ECHO} " it in ${DISTDIR}. Then run make again."; \
+ ${FALSE}; \
+ fi
+.endif
+
+pre-build:
+.if !defined(KRB5_KRB4_COMPAT)
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "Set KRB5_KRB4_COMPAT=NO if you do not want to build "
+ @${ECHO} "the KerberosIV compatibility libraries. "
+ @${ECHO} "------------------------------------------------------"
+.endif
+
+post-build:
+ @(cd ${WRKSRC}/../doc && \
+ ${MAKE} ${INFO_FILES})
+
+.include <bsd.port.pre.mk>
+
+post-install:
+# html documentation
+.if defined(WANT_HTML) && ${WANT_HTML} == "YES"
+ @${MKDIR} ${PREFIX}/share/doc/krb5
+.for html in ${HTML_DOCS}
+ ${INSTALL_MAN} ${HTML_DOC_DIR}/${html} ${PREFIX}/share/doc/krb5
+.endfor
+.endif
+# handle info files
+.for info in ${INFO_FILES}
+ ${INSTALL_MAN} ${WRKSRC}/../doc/${info} ${PREFIX}/info/${info}
+.endfor
+.for info in ${INFO_FILES:M*.info}
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
+# fixup packing list (no libs without version numbers in aout case)
+.if ${PORTOBJFORMAT} == "aout"
+ ${ECHO_MSG} "Fixing packing list for a.out"
+ ${MV} ${TMPPLIST} ${TMPPLIST}.new
+ ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST}
+ ${RM} ${TMPPLIST}.new
+.endif
+ @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR} > ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD
+ @${ECHO} "------------------------------------------------------"
+ @${ECHO} "This port of MIT Kerberos 5 includes remote login "
+ @${ECHO} "daemons (telnetd and klogind). These daemons default "
+ @${ECHO} "to using the system login program (/usr/bin/login). "
+ @${ECHO} "Please see the file "
+ @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
+ @${ECHO} "for more information. "
+ @${ECHO} "------------------------------------------------------"
+
+.include <bsd.port.post.mk>
diff --git a/security/krb5-beta/distinfo b/security/krb5-beta/distinfo
new file mode 100644
index 000000000000..225d61b0f06f
--- /dev/null
+++ b/security/krb5-beta/distinfo
@@ -0,0 +1 @@
+MD5 (krb5-1.2.4-beta1.tar.gz) = a58727b616cf8a5f88ebdb539f6e46a2
diff --git a/security/krb5-beta/files/README.FreeBSD b/security/krb5-beta/files/README.FreeBSD
new file mode 100644
index 000000000000..e888e689eb04
--- /dev/null
+++ b/security/krb5-beta/files/README.FreeBSD
@@ -0,0 +1,32 @@
+The MIT KRB5 port provides its own login program at
+${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
+the FreeBSD login.conf and login.access files that provide a means of
+setting up and controlling sessions under FreeBSD. To overcome this,
+the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
+interactive login password authentication instead of the login.krb5
+program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
+not have support for Kerberos V password authentication,
+e.g. authentication at the console. The pam_krb5 port must be used to
+provide Kerberos V password authentication.
+
+For more information about pam_krb5, please see pam(8) and pam_krb5(8).
+
+If you wish to use login.krb5 that is provided by the MIT KRB5 port,
+the arguments "-L ${PREFIX}/sbin/login.krb5" must be
+specified as arguments to klogind and KRB5 telnetd, e.g.
+
+klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
+eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
+telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
+
+Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
+of the FreeBSD provided /usr/bin/login for local tty logins,
+"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
+
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:\
+ :lo=${PREFIX}/sbin/login.krb5:
+
+It is recommended that the FreeBSD /usr/bin/login be used with the
+pam_krb5 port instead of the MIT KRB5 provided login.krb5.
diff --git a/security/krb5-beta/files/patch-ac b/security/krb5-beta/files/patch-ac
new file mode 100644
index 000000000000..8bca5437d964
--- /dev/null
+++ b/security/krb5-beta/files/patch-ac
@@ -0,0 +1,13 @@
+--- ../doc/admin.texinfo Fri Feb 6 21:40:56 1998
++++ admin.texinfo Fri Jun 19 15:13:45 1998
+@@ -5,6 +5,10 @@
+ @c guide
+ @setfilename krb5-admin.info
+ @settitle Kerberos V5 System Administrator's Guide
++@dircategory Kerberos V5
++@direntry
++* Admin Guide: (krb5-admin). Kerberos V5 System Admin's Guide
++@end direntry
+ @setchapternewpage odd @c chapter begins on next odd page
+ @c @setchapternewpage on @c chapter begins on next page
+ @c @smallbook @c Format for 7" X 9.25" paper
diff --git a/security/krb5-beta/files/patch-ad b/security/krb5-beta/files/patch-ad
new file mode 100644
index 000000000000..c8b6d3e99e91
--- /dev/null
+++ b/security/krb5-beta/files/patch-ad
@@ -0,0 +1,13 @@
+--- ../doc/user-guide.texinfo Fri Feb 6 21:40:58 1998
++++ user-guide.texinfo Fri Jun 19 15:13:45 1998
+@@ -3,6 +3,10 @@
+ @c guide
+ @setfilename krb5-user.info
+ @settitle Kerberos V5 UNIX User's Guide
++@dircategory Kerberos V5
++@direntry
++* User's Guide: (krb5-user). Kerberos V5 UNIX User's Guide
++@end direntry
+ @setchapternewpage odd @c chapter begins on next odd page
+ @c @setchapternewpage on @c chapter begins on next page
+ @c @smallbook @c Format for 7" X 9.25" paper
diff --git a/security/krb5-beta/files/patch-ae b/security/krb5-beta/files/patch-ae
new file mode 100644
index 000000000000..f5643b5aa04f
--- /dev/null
+++ b/security/krb5-beta/files/patch-ae
@@ -0,0 +1,13 @@
+--- ../doc/install.texinfo Fri Feb 6 21:40:56 1998
++++ install.texinfo Fri Jun 19 15:13:45 1998
+@@ -5,6 +5,10 @@
+ @c guide
+ @setfilename krb5-install.info
+ @settitle Kerberos V5 Installation Guide
++@dircategory Kerberos V5
++@direntry
++* Installation Guide: (krb5-install). Kerberos V5 Installation Guide
++@end direntry
+ @setchapternewpage odd @c chapter begins on next odd page
+ @c @setchapternewpage on @c chapter begins on next page
+ @c @smallbook @c Format for 7" X 9.25" paper
diff --git a/security/krb5-beta/files/patch-af b/security/krb5-beta/files/patch-af
new file mode 100644
index 000000000000..e054b18bbef5
--- /dev/null
+++ b/security/krb5-beta/files/patch-af
@@ -0,0 +1,13 @@
+--- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998
++++ krb425.texinfo Fri Jun 19 15:13:45 1998
+@@ -5,6 +5,10 @@
+ @c guide
+ @setfilename krb425.info
+ @settitle Upgrading to Kerberos V5 from Kerberos V4
++@dircategory Kerberos V5
++@direntry
++* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5
++@end direntry
+ @setchapternewpage odd @c chapter begins on next odd page
+ @c @setchapternewpage on @c chapter begins on next page
+ @c @smallbook @c Format for 7" X 9.25" paper
diff --git a/security/krb5-beta/files/patch-ai b/security/krb5-beta/files/patch-ai
new file mode 100644
index 000000000000..f5b733194344
--- /dev/null
+++ b/security/krb5-beta/files/patch-ai
@@ -0,0 +1,28 @@
+--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002
++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002
+@@ -487,7 +487,13 @@
+ #ifndef LOG_DAEMON
+ #define LOG_DAEMON 0
+ #endif
+- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
++
++#ifndef LOG_FTP
++#define FACILITY LOG_DAEMON
++#else
++#define FACILITY LOG_FTP
++#endif
++ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
+
+ addrlen = sizeof (his_addr);
+ if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
+@@ -2312,6 +2318,10 @@
+ if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
+ &kdata.session,&ctrl_addr, &his_addr)) == -1) {
+ secure_error("ADAT: krb_mk_safe failed");
++ return(0);
++ }
++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
++ secure_error("ADAT: reply too long");
+ return(0);
+ }
+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
diff --git a/security/krb5-beta/files/patch-aj b/security/krb5-beta/files/patch-aj
new file mode 100644
index 000000000000..c3bb8dfd6960
--- /dev/null
+++ b/security/krb5-beta/files/patch-aj
@@ -0,0 +1,19 @@
+*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998
+--- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998
+***************
+*** 66,72 ****
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+--- 66,72 ----
+ struct stat buf;
+ time_t time();
+
+! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
diff --git a/security/krb5-beta/files/patch-appl::bsd::Makefile.in b/security/krb5-beta/files/patch-appl::bsd::Makefile.in
new file mode 100644
index 000000000000..603c399a287f
--- /dev/null
+++ b/security/krb5-beta/files/patch-appl::bsd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001
+@@ -28,7 +28,7 @@
+ -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
+
+ DEFINES = $(RSH) $(BSD) $(RPROGS) \
+- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
++ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
+ all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP)
+
diff --git a/security/krb5-beta/files/patch-appl::bsd::klogind.M b/security/krb5-beta/files/patch-appl::bsd::klogind.M
new file mode 100644
index 000000000000..1523c3d593df
--- /dev/null
+++ b/security/krb5-beta/files/patch-appl::bsd::klogind.M
@@ -0,0 +1,34 @@
+--- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001
++++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001
+@@ -14,6 +14,7 @@
+ ]
+ [
+ [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ]
++[\fB\-L\fP \fIloginpath\fP]
+ .SH DESCRIPTION
+ .I Klogind
+ is the server for the
+@@ -107,6 +108,10 @@
+ Beta5 (May 1995)--present bogus checksums that prevent Kerberos
+ authentication from succeeding in the default mode.
+
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
++
+
+ .PP
+ If the
+@@ -157,12 +162,6 @@
+
+ .IP \fB\-M\ realm\fP
+ Set the Kerberos realm to use.
+-
+-.IP \fB\-L\ login\fP
+-Set the login program to use. This option only has an effect if
+-DO_NOT_USE_K_LOGIN was not defined when
+-.I klogind
+-was compiled.
+ .SH DIAGNOSTICS
+ All diagnostic messages are returned on the connection
+ associated with the
diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in
new file mode 100644
index 000000000000..cb5a0e26d49d
--- /dev/null
+++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in
@@ -0,0 +1,11 @@
+--- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001
+@@ -24,7 +24,7 @@
+ # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
+ #
+
+-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
++AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\"
+ OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
+ LOCALINCLUDES=-I.. -I$(srcdir)/..
+ DEFINES = $(AUTH_DEF) $(OTHERDEFS)
diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8
new file mode 100644
index 000000000000..951ee0d5692a
--- /dev/null
+++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8
@@ -0,0 +1,22 @@
+--- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001
+@@ -43,7 +43,7 @@
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+ [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
+ [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
+-[\fB\-debug\fP [\fIport\fP]]
++[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP]
+ .SH DESCRIPTION
+ The
+ .B telnetd
+@@ -221,6 +221,10 @@
+ in response to a
+ .SM DO TIMING-MARK)
+ for kludge linemode support.
++.TP
++\fB\-L\fP \fIloginpath\fP
++Specify pathname to an alternative login program. Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
+ .TP
+ .B \-l
+ Specifies line mode. Tries to force clients to use line-at-a-time
diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c
new file mode 100644
index 000000000000..8bb656dc0673
--- /dev/null
+++ b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c
@@ -0,0 +1,38 @@
+--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002
++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002
+@@ -408,18 +408,25 @@
+ int
+ netwrite(const char *buf, size_t len)
+ {
+- size_t remain;
++ int remaining, copied;
++
++ remaining = BUFSIZ - (nfrontp - netobuf);
++ while (len > 0) {
++ /* Free up enough space if the room is too low*/
++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
++ netflush();
++ remaining = BUFSIZ - (nfrontp - netobuf);
++ }
+
+- remain = sizeof(netobuf) - (nfrontp - netobuf);
+- if (remain < len) {
+- netflush();
+- remain = sizeof(netobuf) - (nfrontp - netobuf);
++ /* Copy out as much as will fit */
++ copied = remaining > len ? len : remaining;
++ memmove(nfrontp, buf, copied);
++ nfrontp += copied;
++ len -= copied;
++ remaining -= copied;
++ buf += copied;
+ }
+- if (remain < len)
+- return 0;
+- memcpy(nfrontp, buf, len);
+- nfrontp += len;
+- return len;
++ return copied;
+ }
+
+ /*
diff --git a/security/krb5-beta/files/patch-as b/security/krb5-beta/files/patch-as
new file mode 100644
index 000000000000..0b26c449fe11
--- /dev/null
+++ b/security/krb5-beta/files/patch-as
@@ -0,0 +1,199 @@
+--- clients/ksu/main.c.orig Wed Feb 28 14:06:55 2001
++++ clients/ksu/main.c Thu Sep 6 16:21:46 2001
+@@ -31,6 +31,10 @@
+ #include <sys/wait.h>
+ #include <signal.h>
+
++#ifdef LOGIN_CAP
++#include <login_cap.h>
++#endif
++
+ /* globals */
+ char * prog_name;
+ int auth_debug =0;
+@@ -60,7 +64,7 @@
+ ill specified arguments to commands */
+
+ void usage (){
+- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+ }
+
+ /* for Ultrix and friends ... */
+@@ -76,6 +80,7 @@
+ int argc;
+ char ** argv;
+ {
++int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+@@ -90,6 +95,7 @@
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ const char * cc_source_tag = NULL;
+@@ -118,6 +124,11 @@
+ char * dir_of_cc_target;
+ char * dir_of_cc_source;
+
++#ifdef LOGIN_CAP
++login_cap_t *lc;
++int setwhat;
++#endif
++
+ options.opt = KRB5_DEFAULT_OPTIONS;
+ options.lifetime = KRB5_DEFAULT_TKT_LIFE;
+ options.rlife =0;
+@@ -181,7 +192,7 @@
+ com_err (prog_name, errno, "while setting euid to source user");
+ exit (1);
+ }
+- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
++ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){
+ switch (option) {
+ case 'r':
+ options.opt |= KDC_OPT_RENEWABLE;
+@@ -227,6 +238,9 @@
+ errflg++;
+ }
+ break;
++ case 'm':
++ asme = 1;
++ break;
+ case 'n':
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+ com_err(prog_name, retval, "when parsing name %s", optarg);
+@@ -341,6 +355,7 @@
+
+ /* allocate space and copy the usernamane there */
+ source_user = xstrdup(pwd->pw_name);
++ source_shell = xstrdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+@@ -668,43 +683,64 @@
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+- if (target_pwd->pw_shell)
+- shell = xstrdup(target_pwd->pw_shell);
+- else {
+- shell = _DEF_CSH; /* default is cshell */
+- }
++ if (asme) {
++ if (source_shell && *source_shell) {
++ shell = strdup(source_shell);
++ } else {
++ shell = _DEF_CSH;
++ }
++ } else {
++ if (target_pwd->pw_shell)
++ shell = strdup(target_pwd->pw_shell);
++ else {
++ shell = _DEF_CSH; /* default is cshell */
++ }
++ }
+
+ #ifdef HAVE_GETUSERSHELL
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+- if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+- fprintf(stderr, "ksu: permission denied (shell).\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
++ if (asme) {
++ if (!standard_shell(pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ } else {
++ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+ }
+ #endif /* HAVE_GETUSERSHELL */
+
+- if (target_pwd->pw_uid){
+-
+- if(set_env_var("USER", target_pwd->pw_name)){
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
+- }
++ if (!asme) {
++ if (target_pwd->pw_uid){
++ if (set_env_var("USER", target_pwd->pw_name)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ }
+
+- if(set_env_var( "HOME", target_pwd->pw_dir)){
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
++ if (set_env_var( "HOME", target_pwd->pw_dir)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+
+- if(set_env_var( "SHELL", shell)){
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
++ if (set_env_var( "SHELL", shell)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ }
++
++#ifdef LOGIN_CAP
++ lc = login_getpwclass(pwd);
++#endif
+
+ /* set the cc env name to target */
+
+@@ -714,7 +750,18 @@
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
+-
++#ifdef LOGIN_CAP
++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
++ /*
++ * Don't touch resource/priority settings if -m has been
++ * used or -l and -c hasn't, and we're not su'ing to root.
++ */
++ if (target_pwd->pw_uid)
++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
++ err(1, "setusercontext");
++#else
+ /* set permissions */
+ if (setgid(target_pwd->pw_gid) < 0) {
+ perror("ksu: setgid");
+@@ -754,7 +801,8 @@
+ perror("ksu: setuid");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+- }
++ }
++#endif
+
+ if (access( cc_target_tag_tmp, R_OK | W_OK )){
+ com_err(prog_name, errno,
diff --git a/security/krb5-beta/files/patch-at b/security/krb5-beta/files/patch-at
new file mode 100644
index 000000000000..ef9ea4856f7a
--- /dev/null
+++ b/security/krb5-beta/files/patch-at
@@ -0,0 +1,14 @@
+*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998
+--- include/sys/syslog.h Tue Jun 30 19:46:02 1998
+***************
+*** 34,39 ****
+--- 34,42 ----
+ #define LOG_LPR (6<<3) /* line printer subsystem */
+ #define LOG_NEWS (7<<3) /* network news subsystem */
+ #define LOG_UUCP (8<<3) /* UUCP subsystem */
++ #if (defined(BSD) && (BSD >= 199306))
++ #define LOG_FTP (11<<3) /* ftp daemon */
++ #endif
+ /* other codes through 15 reserved for system use */
+ #define LOG_LOCAL0 (16<<3) /* reserved for local use */
+ #define LOG_LOCAL1 (17<<3) /* reserved for local use */
diff --git a/security/krb5-beta/files/patch-av b/security/krb5-beta/files/patch-av
new file mode 100644
index 000000000000..8363b8bb1e2d
--- /dev/null
+++ b/security/krb5-beta/files/patch-av
@@ -0,0 +1,15 @@
+*** clients/ksu/Makefile.in.ORIG Sun Aug 2 16:51:18 1998
+--- clients/ksu/Makefile.in Sun Aug 2 16:53:48 1998
+***************
+*** 3,7 ****
+ mydir=ksu
+ BUILDTOP=$(REL)$(U)$(S)$(U)
+! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
+ CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE)
+
+--- 3,7 ----
+ mydir=ksu
+ BUILDTOP=$(REL)$(U)$(S)$(U)
+! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"'
+ CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE)
+
diff --git a/security/krb5-beta/files/patch-ax b/security/krb5-beta/files/patch-ax
new file mode 100644
index 000000000000..58cfe89d9294
--- /dev/null
+++ b/security/krb5-beta/files/patch-ax
@@ -0,0 +1,11 @@
+--- ../doc/Makefile.orig Wed Jan 20 21:57:45 1999
++++ ../doc/Makefile Wed Jan 20 21:59:19 1999
+@@ -1,7 +1,7 @@
+ SRCDIR=../src
+ DVI=texi2dvi
+ DVIPS=dvips -o "$@"
+-INFO=makeinfo
++INFO=makeinfo --no-validate
+ HTML=texi2html
+ RM=rm -f
+ TAR=tar -chvf
diff --git a/security/krb5-beta/files/patch-ay b/security/krb5-beta/files/patch-ay
new file mode 100644
index 000000000000..54c041e205f1
--- /dev/null
+++ b/security/krb5-beta/files/patch-ay
@@ -0,0 +1,50 @@
+--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002
++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002
+@@ -24,13 +24,26 @@
+ #include "libpty.h"
+ #include "pty-int.h"
+
++#ifdef __FreeBSD__
++#define PTYCHARS1 "pqrsPQRS"
++#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv"
++#endif
++
++#ifndef PTYCHARS1
++#define PTYCHARS1 "pqrstuvwxyzPQRST"
++#endif
++
++#ifndef PTYCHARS2
++#define PTYCHARS2 "0123456789abcdef"
++#endif
++
+ long
+ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
+ {
++ int ptynum;
++ char *cp1, *cp2;
+ #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY)
+- char *cp;
+ char *p;
+- int i,ptynum;
+ struct stat stb;
+ char slavebuf[1024];
+ #endif
+@@ -115,14 +128,14 @@
+ strncpy(slave, slavebuf, slavelength);
+ return 0;
+ } else {
+- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
++ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
+ sprintf(slavebuf,"/dev/ptyXX");
+- slavebuf[sizeof("/dev/pty") - 1] = *cp;
++ slavebuf[sizeof("/dev/pty") - 1] = *cp1;
+ slavebuf[sizeof("/dev/ptyp") - 1] = '0';
+ if (stat(slavebuf, &stb) < 0)
+ break;
+- for (i = 0; i < 16; i++) {
+- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
++ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) {
++ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2;
+ *fd = open(slavebuf, O_RDWR);
+ if (*fd < 0) continue;
+
diff --git a/security/krb5-beta/files/patch-ba b/security/krb5-beta/files/patch-ba
new file mode 100644
index 000000000000..60d70466eff3
--- /dev/null
+++ b/security/krb5-beta/files/patch-ba
@@ -0,0 +1,81 @@
+--- appl/bsd/login.c.ORIG Wed Oct 13 12:55:47 1999
++++ appl/bsd/login.c Wed Oct 13 12:56:29 1999
+@@ -1303,19 +1304,6 @@
+ setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+ }
+
+- /* Policy: If local password is good, user is good.
+- We really can't trust the Kerberos password,
+- because somebody on the net could spoof the
+- Kerberos server (not easy, but possible).
+- Some sites might want to use it anyways, in
+- which case they should change this line
+- to:
+- if (kpass_ok)
+- */
+-
+- if (lpass_ok)
+- break;
+-
+ if (got_v5_tickets) {
+ if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
+ NULL, &xtra_creds,
+@@ -1338,6 +1326,9 @@
+ }
+ #endif /* KRB4_GET_TICKETS */
+
++ if (lpass_ok)
++ break;
++
+ bad_login:
+ setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+
+@@ -1640,20 +1631,28 @@
+ /* set up credential cache -- obeying KRB5_ENV_CCNAME
+ set earlier */
+ /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
+- if (retval = krb5_cc_default(kcontext, &ccache)) {
++ retval = krb5_cc_default(kcontext, &ccache);
++ if (retval)
+ com_err(argv[0], retval, "while getting default ccache");
+- } else if (retval = krb5_cc_initialize(kcontext, ccache, me)) {
+- com_err(argv[0], retval, "when initializing cache");
+- } else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) {
+- com_err(argv[0], retval, "while storing credentials");
+- } else if (xtra_creds &&
+- (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
+- ccache))) {
+- com_err(argv[0], retval, "while storing credentials");
++ else {
++ retval = krb5_cc_initialize(kcontext, ccache, me);
++ if (retval)
++ com_err(argv[0], retval, "when initializing cache");
++ else {
++ retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
++ if (retval)
++ com_err(argv[0], retval, "while storing credentials");
++ else {
++ if (xtra_creds) {
++ retval = krb5_cc_copy_creds(kcontext, xtra_creds,
++ ccache);
++ if (retval)
++ com_err(argv[0], retval, "while storing credentials");
++ krb5_cc_destroy(kcontext, xtra_creds);
++ }
++ }
++ }
+ }
+-
+- if (xtra_creds)
+- krb5_cc_destroy(kcontext, xtra_creds);
+ } else if (forwarded_v5_tickets && rewrite_ccache) {
+ if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
+ syslog(LOG_ERR,
+@@ -1727,6 +1727,7 @@
+
+ if (ccname)
+ setenv("KRB5CCNAME", ccname, 1);
++ krb5_cc_set_default_name(kcontext, ccname);
+
+ setenv("HOME", pwd->pw_dir, 1);
+ setenv("PATH", LPATH, 1);
diff --git a/security/krb5-beta/files/patch-bb b/security/krb5-beta/files/patch-bb
new file mode 100644
index 000000000000..6545ae682c53
--- /dev/null
+++ b/security/krb5-beta/files/patch-bb
@@ -0,0 +1,10 @@
+--- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999
++++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999
+@@ -58,7 +58,6 @@
+ $(INSTALL_DATA) $(srcdir)/$$f.1 \
+ ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
+ done
+- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc
+
+ authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
+ commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
diff --git a/security/krb5-beta/pkg-comment b/security/krb5-beta/pkg-comment
new file mode 100644
index 000000000000..339cc4cd5571
--- /dev/null
+++ b/security/krb5-beta/pkg-comment
@@ -0,0 +1 @@
+An authentication system developed at MIT, successor to Kerberos IV
diff --git a/security/krb5-beta/pkg-descr b/security/krb5-beta/pkg-descr
new file mode 100644
index 000000000000..376a48c52faf
--- /dev/null
+++ b/security/krb5-beta/pkg-descr
@@ -0,0 +1,24 @@
+Kerberos V5 is an authentication system developed at MIT.
+WWW: http://web.mit.edu/kerberos/www/
+
+Abridged from the User Guide:
+ Under Kerberos, a client sends a request for a ticket to the
+ Key Distribution Center (KDC). The KDC creates a ticket-granting
+ ticket (TGT) for the client, encrypts it using the client's
+ password as the key, and sends the encrypted TGT back to the
+ client. The client then attempts to decrypt the TGT, using
+ its password. If the client successfully decrypts the TGT, it
+ keeps the decrypted TGT, which indicates proof of the client's
+ identity. The TGT permits the client to obtain additional tickets,
+ which give permission for specific services.
+ Since Kerberos negotiates authenticated, and optionally encrypted,
+ communications between two points anywhere on the internet, it
+ provides a layer of security that is not dependent on which side of a
+ firewall either client is on.
+ The Kerberos V5 package is designed to be easy to use. Most of the
+ commands are nearly identical to UNIX network programs you are already
+ used to. Kerberos V5 is a single-sign-on system, which means that you
+ have to type your password only once per session, and Kerberos does
+ the authenticating and encrypting transparently.
+
+Jacques Vidrine <n@nectar.com>
diff --git a/security/krb5-beta/pkg-plist b/security/krb5-beta/pkg-plist
new file mode 100644
index 000000000000..01977cd59d64
--- /dev/null
+++ b/security/krb5-beta/pkg-plist
@@ -0,0 +1,124 @@
+@unexec install-info --delete %D/info/krb425.info %D/info/dir
+@unexec install-info --delete %D/info/krb5-admin.info %D/info/dir
+@unexec install-info --delete %D/info/krb5-install.info %D/info/dir
+@unexec install-info --delete %D/info/krb5-user.info %D/info/dir
+bin/ftp
+bin/gss-client
+bin/kdestroy
+bin/kinit
+bin/klist
+bin/kpasswd
+bin/krb524init
+bin/ksu
+bin/kvno
+bin/rcp
+bin/rlogin
+bin/rsh
+bin/sclient
+bin/sim_client
+bin/telnet
+bin/uuclient
+bin/v4rcp
+bin/v5passwd
+include/com_err.h
+include/gssapi/gssapi.h
+include/gssapi/gssapi_generic.h
+include/gssapi/gssapi_krb5.h
+include/kerberosIV/des.h
+include/kerberosIV/kadm.h
+include/kerberosIV/krb.h
+include/kerberosIV/krb_err.h
+include/kerberosIV/mit-copyright.h
+include/krb5.h
+include/libpty.h
+include/mit-sipb-copyright.h
+include/port-sockets.h
+include/profile.h
+info/krb425.info
+info/krb5-admin.info
+info/krb5-admin.info-1
+info/krb5-admin.info-2
+info/krb5-admin.info-3
+info/krb5-install.info
+info/krb5-install.info-1
+info/krb5-install.info-2
+info/krb5-user.info
+lib/libcom_err.a
+lib/libcom_err.so
+lib/libcom_err.so.3
+lib/libdes425.a
+lib/libdes425.so
+lib/libdes425.so.3
+lib/libdyn.a
+lib/libdyn.so
+lib/libdyn.so.1
+lib/libgssapi_krb5.a
+lib/libgssapi_krb5.so
+lib/libgssapi_krb5.so.2
+lib/libgssrpc.a
+lib/libgssrpc.so
+lib/libgssrpc.so.3
+lib/libk5crypto.a
+lib/libk5crypto.so
+lib/libk5crypto.so.3
+lib/libkadm5clnt.a
+lib/libkadm5clnt.so
+lib/libkadm5clnt.so.5
+lib/libkadm5srv.a
+lib/libkadm5srv.so
+lib/libkadm5srv.so.5
+lib/libkdb5.a
+lib/libkdb5.so
+lib/libkdb5.so.3
+lib/libkrb4.a
+lib/libkrb4.so
+lib/libkrb4.so.2
+lib/libkrb5.a
+lib/libkrb5.so
+lib/libkrb5.so.3
+lib/libkrb524.a
+lib/libpty.a
+lib/libpty.so
+lib/libpty.so.1
+lib/libss.a
+sbin/ftpd
+sbin/gss-server
+sbin/kadmin
+sbin/kadmin.local
+sbin/kadmind
+sbin/kadmind4
+sbin/kdb5_util
+sbin/klogind
+sbin/kprop
+sbin/kpropd
+sbin/krb5-send-pr
+sbin/krb524d
+sbin/krb5kdc
+sbin/kshd
+sbin/ktutil
+sbin/login.krb5
+sbin/sim_server
+sbin/sserver
+sbin/telnetd
+sbin/uuserver
+sbin/v5passwdd
+share/doc/krb5/README.FreeBSD
+share/doc/krb5/admin.html
+share/doc/krb5/admin_foot.html
+share/doc/krb5/admin_toc.html
+share/doc/krb5/install.html
+share/doc/krb5/install_foot.html
+share/doc/krb5/install_toc.html
+share/doc/krb5/krb425.html
+share/doc/krb5/krb425_toc.html
+share/doc/krb5/user-guide.html
+share/doc/krb5/user-guide_foot.html
+share/doc/krb5/user-guide_toc.html
+share/gnats/mit
+@dirrm include/gssapi
+@dirrm include/kerberosIV
+@dirrm share/doc/krb5
+@exec install-info %D/info/krb425.info %D/info/dir
+@exec install-info %D/info/krb5-admin.info %D/info/dir
+@exec install-info %D/info/krb5-install.info %D/info/dir
+@exec install-info %D/info/krb5-user.info %D/info/dir