aboutsummaryrefslogtreecommitdiff
path: root/security/pam_krb5
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2001-07-24 17:14:44 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2001-07-24 17:14:44 +0000
commit598e7cdedd17cf7cbf0e0cdd562c90b81be458f0 (patch)
treef7e9d187e4d3086ced4883cc82c76b8ed904b297 /security/pam_krb5
parent818599d4d6b7c2cb4c962d2f2067fa93d87e25e1 (diff)
downloadports-598e7cdedd17cf7cbf0e0cdd562c90b81be458f0.tar.gz
ports-598e7cdedd17cf7cbf0e0cdd562c90b81be458f0.zip
Notes
Diffstat (limited to 'security/pam_krb5')
-rw-r--r--security/pam_krb5/Makefile77
-rw-r--r--security/pam_krb5/distinfo2
-rw-r--r--security/pam_krb5/files/patch-aa95
-rw-r--r--security/pam_krb5/files/patch-ab22
-rw-r--r--security/pam_krb5/files/patch-ac40
-rw-r--r--security/pam_krb5/files/patch-ad337
-rw-r--r--security/pam_krb5/files/patch-ae140
-rw-r--r--security/pam_krb5/files/patch-af274
-rw-r--r--security/pam_krb5/files/patch-ag52
-rw-r--r--security/pam_krb5/files/patch-ah128
-rw-r--r--security/pam_krb5/files/patch-ai143
-rw-r--r--security/pam_krb5/pkg-plist1
12 files changed, 40 insertions, 1271 deletions
diff --git a/security/pam_krb5/Makefile b/security/pam_krb5/Makefile
index 8ca177815d85..5493d8138bf8 100644
--- a/security/pam_krb5/Makefile
+++ b/security/pam_krb5/Makefile
@@ -6,51 +6,50 @@
#
PORTNAME= pam_krb5
-PORTVERSION= 1.0
-PORTREVISION= 2
+PORTVERSION= 1.0.1
CATEGORIES= security
-MASTER_SITES= http://www.fcusack.com/soft/
+MASTER_SITES= http://www.nectar.com/distfiles/
MAINTAINER= nectar@FreeBSD.org
-WRKSRC= ${WRKDIR}/pam_krb5
-PREFIX?= ${DESTDIR}/usr
-MANPREFIX?= ${DESTDIR}/usr/share
-MAKE_ENV= PREFIX="${PREFIX}" MANPREFIX="${MANPREFIX}" \
- KRB5BASE="${KRB5BASE}" KRB5_IMPL="${KRB5_IMPL}"
-
MAN8= pam_krb5.8
-.include <bsd.port.pre.mk>
-
-# Try hard to figure out which Kerberos implementation we should use to
-# build this thing. There are three possibilities:
-# Heimdal in the base system -- XXX disabled for now (missing libraries)
-# Heimdal from ports
-# MIT Kerberos from ports
-.if defined(KRB5BASE) && defined(KRB5_IMPL)
-# the user thinks he knows what he is doing, so let it be
-.elif exists(/usr/include/heim_err.h) && defined(REALLY_WANT_BASE) && (${REALLY_WANT_BASE} == "yes")
-KRB5BASE=/usr
-KRB5_IMPL="heimdal"
-.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/include/heim_err.h)
-KRB5BASE=${HEIMDAL_HOME}
-KRB5_IMPL=heimdal
-LIB_DEPENDS+= krb5.16:${PORTSDIR}/security/heimdal
-.elif exists(${LOCALBASE}/include/heim_err.h)
-KRB5BASE=${LOCALBASE}
-KRB5_IMPL=heimdal
-LIB_DEPENDS+= krb5.16:${PORTSDIR}/security/heimdal
-.elif defined(KRB5_HOME) && exists(${KRB5_HOME}/include/mit-sipb-copyright.h)
-KRB5BASE=${KRB5_HOME}
-KRB5_IMPL=mit
-LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
-.elif exists(${LOCALBASE}/include/mit-sipb-copyright.h)
-KRB5BASE=${LOCALBASE}
-KRB5_IMPL=mit
-LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
+USE_BZIP2= yes
+GNU_CONFIGURE= yes
+
+.if defined(PACKAGE_BUILDING)
+KRB5_IMPL= heimdal
+.endif
+
+.if defined(KRB5_IMPL) && ${KRB5_IMPL} == heimdal
+LIB_DEPENDS= krb5.18:${PORTSDIR}/security/heimdal
+.if defined(HEIMDAL_HOME)
+KRB5_DIR?= ${HEIMDAL_HOME}
+.endif
+.elif defined(KRB5_IMPL) && ${KRB5_IMPL} == mit
+LIB_DEPENDS= krb5.3:${PORTSDIR}/security/krb5
+.if defined(KRB5_HOME)
+KRB5_DIR?= ${KRB5_HOME}
+.endif
+.else
+BROKEN= You must define KRB5_IMPL to be \"mit\" or \"heimdal\"
+.endif
+
+.if defined(PREFIX)
+MANDIR= ${PREFIX}/man
.else
-BROKEN= "No version of Kerberos is installed."
+PREFIX= ${DESTDIR}/usr
+MANPREFIX= ${DESTDIR}/usr/share
+MANDIR= ${PREFIX}/share/man
.endif
+KRB5_DIR?= ${LOCALBASE}
+CONFIGURE_ENV= CFLAGS="${CFLAGS}"
+CONFIGURE_ARGS= --with-krb5="${KRB5_DIR}" \
+ --with-pamdir="${PREFIX}/lib" \
+ --with-man-sect=8 \
+ --mandir=${MANDIR}
+
+post-install:
+ cd ${WRKSRC} && ${MAKE} install-man
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/pam_krb5/distinfo b/security/pam_krb5/distinfo
index 54736530a4ab..f8a28dd1042e 100644
--- a/security/pam_krb5/distinfo
+++ b/security/pam_krb5/distinfo
@@ -1 +1 @@
-MD5 (pam_krb5-1.0.tar.gz) = dd4ca3cc1b6b6b124625544e870968cb
+MD5 (pam_krb5-1.0.1.tar.bz2) = 3aa146141dd1cba31d98e608f333f7e4
diff --git a/security/pam_krb5/files/patch-aa b/security/pam_krb5/files/patch-aa
deleted file mode 100644
index 73a1e0e78aea..000000000000
--- a/security/pam_krb5/files/patch-aa
+++ /dev/null
@@ -1,95 +0,0 @@
---- Makefile.orig Tue Jan 4 19:08:51 2000
-+++ Makefile Tue Jan 23 15:38:42 2001
-@@ -1,46 +1,56 @@
- #
- # Makefile for pam_krb5
- #
-+CC = cc
-+CFLAGS = -O -fPIC -Wall
-+# WHAT? shared and static? are you mad?
-+# No, this allows us to make a shared object that has minimal undefined
-+# references.
-+LDFLAGS = -shared -Wl,-Bstatic
-+
-+OSLIBS = -lpam
-+
-+# We have to specify full paths to some of these libraries so that we
-+# are sure we get the right version... in most cases, we don't want the
-+# version in the base system. Version numbers don't help us, because we
-+# are not looking for shared libraries.
-+
-+# HEIMDAL
-+LIBS_heimdal = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libgssapi.a \
-+ ${KRB5BASE}/lib/libasn1.a ${KRB5BASE}/lib/libroken.a \
-+ -lcrypto -lcrypt
-+# MIT
-+LIBS_mit = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libcom_err.a \
-+ ${KRB5BASE}/lib/libk5crypto.a
-
--CC = gcc
--CFLAGS = -O2 -fPIC
--#LDFLAGS = -shared
--LDFLAGS = -G
-+LIBS = $(OSLIBS) ${LIBS_${KRB5_IMPL}}
-+COMPAT = compat_${KRB5_IMPL}.c
-
--DESTDIR = /usr/lib/security
--MANDIR = /opt/local/man/man5
--
--OSLIBS = -lpam -lnsl -lsocket
--KRB5LIBS = -L/opt/local/lib -lkrb5 -lk5crypto -lcom_err
--
--LIBS = $(OSLIBS) $(KRB5LIBS)
--
--INC = -I/opt/local/include
-+INC = -I${KRB5BASE}/include
-
-
- ####################################################################
- # No changes below this line
-
- SRCS = pam_krb5_auth.c pam_krb5_pass.c pam_krb5_acct.c pam_krb5_sess.c \
-- support.c
-+ support.c ${COMPAT}
-
- OBJS = pam_krb5_auth.o pam_krb5_pass.o pam_krb5_acct.o pam_krb5_sess.o \
-- support.o
-+ support.o ${COMPAT:.c=.o}
-
--all: pam_krb5.so.1
-+all: pam_krb5.so
-
--pam_krb5.so.1: $(OBJS)
-- $(CC) -o $@ $(LDFLAGS) $(OBJS) $(LIBS)
-+pam_krb5.so: $(OBJS)
-+ $(CC) -o $@ $(LDFLAGS) $(OBJS) -L${KRB5BASE}/lib $(LIBS)
-
- install:
-- cp pam_krb5.so.1 $(DESTDIR)
-- chown root:sys $(DESTDIR)/pam_krb5.so.1
-- ln -s ./pam_krb5.so.1 $(DESTDIR)/pam_krb5.so
-- cp pam_krb5.5 $(MANDIR)
-- chown root:sys $(MANDIR)/pam_krb5.5
-+ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 0555 pam_krb5.so \
-+ ${PREFIX}/lib/pam_krb5.so
-+ ${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m 0444 pam_krb5.5 \
-+ ${MANPREFIX}/man/man8/pam_krb5.8
-
- clean:
-- rm -f *.so.1 *.o
-+ rm -f *.so *.o
-
- pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h
- $(CC) -c $(CFLAGS) $(INC) $<
-@@ -55,5 +65,11 @@
- $(CC) -c $(CFLAGS) $(INC) $<
-
- support.o: support.c pam_krb5.h
-+ $(CC) -c $(CFLAGS) $(INC) $<
-+
-+compat_heimdal.o: compat_heimdal.c
-+ $(CC) -c $(CFLAGS) $(INC) $<
-+
-+compat_mit.o: compat_mit.c
- $(CC) -c $(CFLAGS) $(INC) $<
-
diff --git a/security/pam_krb5/files/patch-ab b/security/pam_krb5/files/patch-ab
deleted file mode 100644
index f384620a3699..000000000000
--- a/security/pam_krb5/files/patch-ab
+++ /dev/null
@@ -1,22 +0,0 @@
---- pam_krb5.h.orig Tue Jan 4 19:08:51 2000
-+++ pam_krb5.h Mon Jun 11 13:24:14 2001
-@@ -5,7 +5,16 @@
- */
-
- int get_user_info(pam_handle_t *, char *, int, char **);
--krb5_error_code pam_prompter(krb5_context, void *, const char *,
-- const char *, int, krb5_prompt[]);
--int verify_krb_v5_tgt(krb5_context, krb5_ccache, int);
-+int verify_krb_v5_tgt(krb5_context, krb5_ccache, char *, int);
- void cleanup_cache(pam_handle_t *, void *, int);
-+
-+krb5_prompter_fct pam_prompter;
-+
-+const char *compat_princ_component(krb5_context, krb5_principal, int);
-+void compat_free_data_contents(krb5_context, krb5_data *);
-+
-+#ifndef ENCTYPE_DES_CBC_MD5
-+#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5
-+#endif
-+
-+
diff --git a/security/pam_krb5/files/patch-ac b/security/pam_krb5/files/patch-ac
deleted file mode 100644
index 20a5fc0f9ffb..000000000000
--- a/security/pam_krb5/files/patch-ac
+++ /dev/null
@@ -1,40 +0,0 @@
---- pam_krb5_acct.c.orig Tue Jan 4 19:08:51 2000
-+++ pam_krb5_acct.c Mon Nov 6 10:21:49 2000
-@@ -11,6 +11,7 @@
- #include <security/pam_appl.h>
- #include <security/pam_modules.h>
- #include <krb5.h>
-+#include <com_err.h>
- #include "pam_krb5.h"
-
- /* A useful logging macro */
-@@ -38,12 +39,12 @@
- }
-
- /* Get username */
-- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
-+ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
- return PAM_PERM_DENIED;;
- }
-
- /* Get service name */
-- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
-+ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
- if (!service)
- service = "unknown";
-
-@@ -55,12 +56,12 @@
- return PAM_SUCCESS;
- }
-
-- if (krb5_init_context(&pam_context)) {
-+ if ((krbret = krb5_init_context(&pam_context)) != 0) {
- DLOG("krb5_init_context()", error_message(krbret));
- return PAM_PERM_DENIED;;
- }
-
-- if (krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) {
-+ if ((krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) != 0) {
- DLOG("krb5_cc_get_principal()", error_message(krbret));
- pamret = PAM_PERM_DENIED;;
- goto cleanup;
diff --git a/security/pam_krb5/files/patch-ad b/security/pam_krb5/files/patch-ad
deleted file mode 100644
index 908ea7d649aa..000000000000
--- a/security/pam_krb5/files/patch-ad
+++ /dev/null
@@ -1,337 +0,0 @@
---- pam_krb5_auth.c.orig Tue Jan 4 19:08:51 2000
-+++ pam_krb5_auth.c Mon Jun 11 13:22:45 2001
-@@ -7,18 +7,22 @@
-
- static const char rcsid[] = "$Id: pam_krb5_auth.c,v 1.18 2000/01/04 08:44:08 fcusack Exp $";
-
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <errno.h>
- #include <limits.h> /* PATH_MAX */
- #include <pwd.h> /* getpwnam */
- #include <stdio.h> /* tmpnam */
-+#include <stdlib.h> /* malloc */
- #include <strings.h> /* strchr */
- #include <syslog.h> /* syslog */
- #include <unistd.h> /* chown */
--#include <sys/types.h> /* chown */
-
- #include <security/pam_appl.h>
- #include <security/pam_modules.h>
-
- #include <krb5.h>
-+#include <com_err.h>
- #include "pam_krb5.h"
-
- extern krb5_cc_ops krb5_mcc_ops;
-@@ -42,7 +46,7 @@
- krb5_get_init_creds_opt opts;
-
- int pamret, i;
-- char *name, *name2;
-+ const char *name;
- char *princ_name = NULL;
- char *pass = NULL, *service = NULL;
- char *prompt = NULL;
-@@ -74,13 +78,13 @@
- }
-
- /* Get service name */
-- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
-+ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
- if (!service)
- service = "unknown";
-
- DLOG("entry", "");
-
-- if (krb5_init_context(&pam_context)) {
-+ if ((krbret = krb5_init_context(&pam_context)) != 0) {
- DLOG("krb5_init_context()", error_message(krbret));
- return PAM_SERVICE_ERR;
- }
-@@ -93,7 +97,7 @@
- krb5_get_init_creds_opt_set_forwardable(&opts, 1);
-
- /* For CNS */
-- if (krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) {
-+ if ((krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) != 0) {
- /* Solaris dtlogin doesn't call pam_end() on failure */
- if (krbret != KRB5_CC_TYPE_EXISTS) {
- DLOG("krb5_cc_register()", error_message(krbret));
-@@ -103,14 +107,14 @@
- }
-
- /* Get principal name */
-- if (krbret = krb5_parse_name(pam_context, name, &princ)) {
-+ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
- DLOG("krb5_parse_name()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup3;
- }
-
- /* Now convert the principal name into something human readable */
-- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
-+ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
- DLOG("krb5_unparse_name()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
-@@ -126,18 +130,19 @@
- (void) sprintf(prompt, "Password for %s: ", princ_name);
-
- if (try_first_pass || use_first_pass)
-- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-+ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
-
- get_pass:
- if (!pass) {
- try_first_pass = 0;
-- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
-+ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
-+ &pass)) != 0) {
- DLOG("get_user_info()", pam_strerror(pamh, pamret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
- /* We have to free pass. */
-- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
-+ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
- DLOG("pam_set_item()", pam_strerror(pamh, pamret));
- free(pass);
- pamret = PAM_SERVICE_ERR;
-@@ -145,25 +150,26 @@
- }
- free(pass);
- /* Now we get it back from the library. */
-- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-+ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
- }
-
- /* Verify the local user exists (AFTER getting the password) */
- if (strchr(name, '@')) {
- /* get a local account name for this principal */
-- if (krbret = krb5_aname_to_localname(pam_context, princ,
-- sizeof(lname), lname)) {
-+ if ((krbret = krb5_aname_to_localname(pam_context, princ,
-+ sizeof(lname), lname)) != 0) {
- DLOG("krb5_aname_to_localname()", error_message(krbret));
- pamret = PAM_USER_UNKNOWN;
- goto cleanup2;
- }
- DLOG("changing PAM_USER to", lname);
-- if (pamret = pam_set_item(pamh, PAM_USER, lname)) {
-+ if ((pamret = pam_set_item(pamh, PAM_USER, lname)) != 0) {
- DLOG("pam_set_item()", pam_strerror(pamh, pamret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
-- if (pamret = pam_get_item(pamh, PAM_USER, (void **) &name)) {
-+ if ((pamret = pam_get_item(pamh, PAM_USER, (const void **) &name)
-+ != 0)) {
- DLOG("pam_get_item()", pam_strerror(pamh, pamret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
-@@ -177,9 +183,8 @@
- }
-
- /* Get a TGT */
-- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
-- pass, pam_prompter, pamh,
-- 0, NULL, &opts)) {
-+ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
-+ pass, pam_prompter, pamh, 0, NULL, &opts)) != 0) {
- DLOG("krb5_get_init_creds_password()", error_message(krbret));
- if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
- pass = NULL;
-@@ -193,17 +198,17 @@
- strcpy(cache_name, "MEMORY:");
- (void) tmpnam(&cache_name[7]);
-
-- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) {
-+ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) != 0) {
- DLOG("krb5_cc_resolve()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup;
- }
-- if (krbret = krb5_cc_initialize(pam_context, ccache, princ)) {
-+ if ((krbret = krb5_cc_initialize(pam_context, ccache, princ)) != 0) {
- DLOG("krb5_cc_initialize()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup;
- }
-- if (krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) {
-+ if ((krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) != 0) {
- DLOG("krb5_cc_store_cred()", error_message(krbret));
- (void) krb5_cc_destroy(pam_context, ccache);
- pamret = PAM_SERVICE_ERR;
-@@ -211,7 +216,7 @@
- }
-
- /* Verify it */
-- if (verify_krb_v5_tgt(pam_context, ccache, debug) == -1) {
-+ if (verify_krb_v5_tgt(pam_context, ccache, service, debug) == -1) {
- (void) krb5_cc_destroy(pam_context, ccache);
- pamret = PAM_AUTH_ERR;
- goto cleanup;
-@@ -224,7 +229,7 @@
- pamret = PAM_AUTH_ERR;
- goto cleanup;
- }
-- if (pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) {
-+ if ((pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) != 0) {
- DLOG("pam_set_data()", pam_strerror(pamh, pamret));
- (void) krb5_cc_destroy(pam_context, ccache);
- pamret = PAM_SERVICE_ERR;
-@@ -275,6 +280,7 @@
-
- int debug = 0;
- uid_t euid;
-+ gid_t egid;
-
- if (flags == PAM_REINITIALIZE_CRED)
- return PAM_SUCCESS; /* XXX Incorrect behavior */
-@@ -288,30 +294,32 @@
- else if (strcmp(argv[i], "no_ccache") == 0)
- return PAM_SUCCESS;
- else if (strstr(argv[i], "ccache=") == argv[i])
-- cache_name = &argv[i][7]; /* save for later */
-+ cache_name = (char *) &argv[i][7]; /* save for later */
- }
-
- /* Get username */
-- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
-+ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
- return PAM_SERVICE_ERR;
- }
-
- /* Get service name */
-- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
-+ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
- if (!service)
- service = "unknown";
-
- DLOG("entry", "");
-
-- if (krb5_init_context(&pam_context)) {
-+ if ((krbret = krb5_init_context(&pam_context)) != 0) {
- DLOG("krb5_init_context()", error_message(krbret));
- return PAM_SERVICE_ERR;
- }
-
- euid = geteuid(); /* Usually 0 */
-+ egid = getegid();
-
- /* Retrieve the cache name */
-- if (pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) {
-+ if ((pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp))
-+ != 0) {
- DLOG("pam_get_data()", pam_strerror(pamh, pamret));
- pamret = PAM_CRED_UNAVAIL;
- goto cleanup3;
-@@ -326,6 +334,11 @@
- }
-
- /* Avoid following a symlink as root */
-+ if (setegid(pw->pw_gid)) {
-+ DLOG("setegid()", name); /* XXX should really log group name or id */
-+ pamret = PAM_SERVICE_ERR;
-+ goto cleanup3;
-+ }
- if (seteuid(pw->pw_uid)) {
- DLOG("seteuid()", name);
- pamret = PAM_SERVICE_ERR;
-@@ -340,7 +353,7 @@
- pamret = PAM_BUF_ERR;
- goto cleanup3;
- }
-- sprintf(cache_name, "FILE:/tmp/krb5cc_%ld", pw->pw_uid);
-+ sprintf(cache_name, "FILE:/tmp/krb5cc_%d", pw->pw_uid);
- } else {
- /* cache_name was supplied */
- char *p = calloc(PATH_MAX + 10, 1); /* should be plenty */
-@@ -357,10 +370,10 @@
- if (*q == '%') {
- q++;
- if (*q == 'u') {
-- sprintf(p, "%ld", pw->pw_uid);
-+ sprintf(p, "%d", pw->pw_uid);
- p += strlen(p);
- } else if (*q == 'p') {
-- sprintf(p, "%ld", getpid());
-+ sprintf(p, "%d", getpid());
- p += strlen(p);
- } else {
- /* Not a special token */
-@@ -375,24 +388,27 @@
- }
-
- /* Initialize the new ccache */
-- if (krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) {
-+ if ((krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ))
-+ != 0) {
- DLOG("krb5_cc_get_principal()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup3;
- }
-- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) {
-+ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm))
-+ != 0) {
- DLOG("krb5_cc_resolve()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
-- if (krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) {
-+ if ((krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) != 0) {
- DLOG("krb5_cc_initialize()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
-
- /* Prepare for iteration over creds */
-- if (krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) {
-+ if ((krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor))
-+ != 0) {
- DLOG("krb5_cc_start_seq_get()", error_message(krbret));
- (void) krb5_cc_destroy(pam_context, ccache_perm);
- pamret = PAM_SERVICE_ERR;
-@@ -401,8 +417,9 @@
-
- /* Copy the creds (should be two of them) */
- while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp,
-- &cursor, &creds) == 0)) {
-- if (krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds)) {
-+ &cursor, &creds) == 0)) {
-+ if ((krbret = krb5_cc_store_cred(pam_context, ccache_perm,
-+ &creds)) != 0) {
- DLOG("krb5_cc_store_cred()", error_message(krbret));
- (void) krb5_cc_destroy(pam_context, ccache_perm);
- krb5_free_cred_contents(pam_context, &creds);
-@@ -420,6 +437,12 @@
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
-+ if (chmod(&cache_name[5], (S_IRUSR|S_IWUSR)) == -1) {
-+ DLOG("chmod()", strerror(errno));
-+ (void) krb5_cc_destroy(pam_context, ccache_perm);
-+ pamret = PAM_SERVICE_ERR;
-+ goto cleanup2;
-+ }
- }
- (void) krb5_cc_close(pam_context, ccache_perm);
-
-@@ -432,7 +455,7 @@
- }
-
- sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name);
-- if (pamret = pam_putenv(pamh, cache_env_name)) {
-+ if ((pamret = pam_putenv(pamh, cache_env_name)) != 0) {
- DLOG("pam_putenv()", pam_strerror(pamh, pamret));
- (void) krb5_cc_destroy(pam_context, ccache_perm);
- pamret = PAM_SERVICE_ERR;
-@@ -445,6 +468,7 @@
- krb5_free_context(pam_context);
- DLOG("exit", pamret ? "failure" : "success");
- (void) seteuid(euid);
-+ (void) setegid(egid);
- return pamret;
- }
-
diff --git a/security/pam_krb5/files/patch-ae b/security/pam_krb5/files/patch-ae
deleted file mode 100644
index 494de5ec23dd..000000000000
--- a/security/pam_krb5/files/patch-ae
+++ /dev/null
@@ -1,140 +0,0 @@
---- pam_krb5_pass.c.orig Tue Jan 4 19:08:51 2000
-+++ pam_krb5_pass.c Mon Nov 6 10:21:49 2000
-@@ -7,10 +7,14 @@
-
- static const char rcsid[] = "$Id: pam_krb5_pass.c,v 1.3 1999/01/19 23:43:11 fcusack Exp $";
-
-+#include <errno.h>
-+#include <stdio.h> /* sprintf */
-+#include <stdlib.h> /* malloc */
- #include <syslog.h> /* syslog */
- #include <security/pam_appl.h>
- #include <security/pam_modules.h>
- #include <krb5.h>
-+#include <com_err.h>
- #include "pam_krb5.h"
-
- /* A useful logging macro */
-@@ -27,7 +31,6 @@
- krb5_context pam_context;
- krb5_creds creds;
- krb5_principal princ;
-- krb5_ccache ccache;
- krb5_get_init_creds_opt opts;
-
- int result_code;
-@@ -54,23 +57,23 @@
- }
-
- /* Get username */
-- if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
-+ if ((pam_get_item(pamh, PAM_USER, (const void **) &name)) != 0) {
- return PAM_SERVICE_ERR;
- }
-
- /* Get service name */
-- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
-+ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
- if (!service)
- service = "unknown";
-
- DLOG("entry", "");
-
-- if (krb5_init_context(&pam_context)) {
-+ if ((krbret = krb5_init_context(&pam_context)) != 0) {
- DLOG("krb5_init_context()", error_message(krbret));
- return PAM_SERVICE_ERR;
- }
-
-- if (krb5_init_context(&pam_context)) {
-+ if ((krbret = krb5_init_context(&pam_context)) != 0) {
- DLOG("krb5_init_context()", error_message(krbret));
- return PAM_SERVICE_ERR;
- }
-@@ -78,14 +81,14 @@
- memset(&creds, 0, sizeof(krb5_creds));
-
- /* Get principal name */
-- if (krbret = krb5_parse_name(pam_context, name, &princ)) {
-+ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
- DLOG("krb5_parse_name()", error_message(krbret));
- pamret = PAM_USER_UNKNOWN;
- goto cleanup3;
- }
-
- /* Now convert the principal name into something human readable */
-- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
-+ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
- DLOG("krb5_unparse_name()", error_message(krbret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
-@@ -101,18 +104,19 @@
- (void) sprintf(prompt, "Password for %s: ", princ_name);
-
- if (try_first_pass || use_first_pass)
-- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-+ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
-
- get_pass:
- if (!pass) {
- try_first_pass = 0;
-- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
-+ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
-+ &pass)) != 0) {
- DLOG("get_user_info()", pam_strerror(pamh, pamret));
- pamret = PAM_SERVICE_ERR;
- goto cleanup2;
- }
- /* We have to free pass. */
-- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
-+ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
- DLOG("pam_set_item()", pam_strerror(pamh, pamret));
- free(pass);
- pamret = PAM_SERVICE_ERR;
-@@ -120,12 +124,11 @@
- }
- free(pass);
- /* Now we get it back from the library. */
-- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-+ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
- }
-
-- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
-- pass, pam_prompter, pamh,
-- 0, "kadmin/changepw", &opts)) {
-+ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
-+ pass, pam_prompter, pamh, 0, "kadmin/changepw", &opts)) != 0) {
- DLOG("krb5_get_init_creds_password()", error_message(krbret));
- if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
- pass = NULL;
-@@ -138,14 +141,16 @@
- /* Now get the new password */
- free(prompt);
- prompt = "Enter new password: ";
-- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
-+ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass))
-+ != 0) {
- DLOG("get_user_info()", pam_strerror(pamh, pamret));
- prompt = NULL;
- pamret = PAM_SERVICE_ERR;
- goto cleanup;
- }
- prompt = "Enter it again: ";
-- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2)) {
-+ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2))
-+ != 0) {
- DLOG("get_user_info()", pam_strerror(pamh, pamret));
- prompt = NULL;
- pamret = PAM_SERVICE_ERR;
-@@ -160,9 +165,8 @@
- }
-
- /* Change it */
-- if (krbret = krb5_change_password(pam_context, &creds, pass,
-- &result_code, &result_code_string,
-- &result_string)) {
-+ if ((krbret = krb5_change_password(pam_context, &creds, pass,
-+ &result_code, &result_code_string, &result_string)) != 0) {
- DLOG("krb5_change_password()", error_message(krbret));
- pamret = PAM_AUTHTOK_ERR;
- goto cleanup;
diff --git a/security/pam_krb5/files/patch-af b/security/pam_krb5/files/patch-af
deleted file mode 100644
index 552f6b726a86..000000000000
--- a/security/pam_krb5/files/patch-af
+++ /dev/null
@@ -1,274 +0,0 @@
---- support.c.orig Tue Jan 4 19:08:51 2000
-+++ support.c Wed Jan 24 13:37:28 2001
-@@ -6,11 +6,15 @@
-
- static const char rcsid[] = "$Id: support.c,v 1.8 2000/01/04 09:50:03 fcusack Exp $";
-
-+#include <errno.h>
- #include <stdio.h> /* BUFSIZ */
-+#include <stdlib.h> /* malloc */
-+#include <string.h> /* strncpy */
- #include <syslog.h> /* syslog */
- #include <security/pam_appl.h>
- #include <security/pam_modules.h>
- #include <krb5.h>
-+#include <com_err.h>
- #include "pam_krb5.h"
-
- /*
-@@ -22,11 +26,12 @@
- get_user_info(pam_handle_t *pamh, char *prompt, int type, char **response)
- {
- int pamret;
-- struct pam_message msg, *pmsg;
-+ struct pam_message msg;
-+ const struct pam_message *pmsg;
- struct pam_response *resp = NULL;
- struct pam_conv *conv;
-
-- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv))
-+ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
- return pamret;
-
- /* set up conversation call */
-@@ -34,7 +39,7 @@
- msg.msg_style = type;
- msg.msg = prompt;
-
-- if (pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr))
-+ if ((pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr)) != 0)
- return pamret;
-
- /* Caller should ignore errors for non-response conversations */
-@@ -51,172 +56,71 @@
- return pamret;
- }
-
--
--krb5_error_code
--pam_prompter(krb5_context context, void *data, const char *name,
-- const char *banner, int num_prompts, krb5_prompt prompts[])
--{
-- int pam_prompts = num_prompts;
-- int pamret, i;
--
-- struct pam_message *msg;
-- struct pam_response *resp = NULL;
-- struct pam_conv *conv;
-- pam_handle_t *pamh = (pam_handle_t *) data;
--
-- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv))
-- return KRB5KRB_ERR_GENERIC;
--
-- if (name)
-- pam_prompts++;
--
-- if (banner)
-- pam_prompts++;
--
-- msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
-- if (!msg)
-- return ENOMEM;
--
-- /* Now use pam_prompts as an index */
-- pam_prompts = 0;
--
-- /* Sigh. malloc all the prompts. */
-- if (name) {
-- msg[pam_prompts].msg = malloc(strlen(name) + 1);
-- if (!msg[pam_prompts].msg)
-- goto cleanup;
-- strcpy(msg[pam_prompts].msg, name);
-- msg[pam_prompts].msg_style = PAM_TEXT_INFO;
-- pam_prompts++;
-- }
--
-- if (banner) {
-- msg[pam_prompts].msg = malloc(strlen(banner) + 1);
-- if (!msg[pam_prompts].msg)
-- goto cleanup;
-- strcpy(msg[pam_prompts].msg, banner);
-- msg[pam_prompts].msg_style = PAM_TEXT_INFO;
-- pam_prompts++;
-- }
--
-- for (i = 0; i < num_prompts; i++) {
-- msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
-- if (!msg[pam_prompts].msg)
-- goto cleanup;
-- sprintf(msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
-- msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
-- : PAM_PROMPT_ECHO_ON;
-- pam_prompts++;
-- }
--
-- if (pamret = conv->conv(pam_prompts, &msg, &resp, conv->appdata_ptr))
-- goto cleanup;
--
-- if (!resp)
-- goto cleanup;
--
-- /* Reuse pam_prompts as a starting index */
-- pam_prompts = 0;
-- if (name)
-- pam_prompts++;
-- if (banner)
-- pam_prompts++;
--
-- for (i = 0; i < num_prompts; i++, pam_prompts++) {
-- register int len;
-- if (!resp[pam_prompts].resp) {
-- pamret = PAM_AUTH_ERR;
-- goto cleanup;
-- }
-- len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
-- if (len > prompts[i].reply->length) {
-- pamret = PAM_AUTH_ERR;
-- goto cleanup;
-- }
-- memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
-- prompts[i].reply->length = len;
-- }
--
--cleanup:
-- /* pam_prompts is correct at this point */
--
-- for (i = 0; i < pam_prompts; i++) {
-- if (msg[i].msg)
-- free(msg[i].msg);
-- }
-- free(msg);
--
-- if (resp) {
-- for (i = 0; i < pam_prompts; i++) {
-- /*
-- * Note that PAM is underspecified wrt free()'ing resp[i].resp.
-- * It's not clear if I should free it, or if the application
-- * has to. Therefore most (all?) apps won't free() it, and I
-- * can't either, as I am not sure it was malloc()'d. All PAM
-- * implementations I've seen leak memory here. Not so bad, IFF
-- * you fork/exec for each PAM authentication (as is typical).
-- */
--#if 0
-- if (resp[i].resp)
-- free(resp[i].resp);
--#endif /* 0 */
-- }
-- /* This does not lose resp[i].resp if the application saved a copy. */
-- free(resp);
-- }
--
-- return (pamret ? KRB5KRB_ERR_GENERIC : 0);
--}
--
--
- /*
- * This routine with some modification is from the MIT V5B6 appl/bsd/login.c
-+ * Modified by Sam Hartman <hartmans@mit.edu> to support PAM services
-+ * for Debian.
- *
- * Verify the Kerberos ticket-granting ticket just retrieved for the
- * user. If the Kerberos server doesn't respond, assume the user is
- * trying to fake us out (since we DID just get a TGT from what is
- * supposedly our KDC). If the host/<host> service is unknown (i.e.,
-- * the local keytab doesn't have it), let her in.
-+ * the local keytab doesn't have it), and we cannot find another
-+ * service we do have, let her in.
- *
- * Returns 1 for confirmation, -1 for failure, 0 for uncertainty.
- */
- int
--verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache, int debug)
-+verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache,
-+ char * pam_service, int debug)
- {
- char phost[BUFSIZ];
-- krb5_error_code retval;
-+ char *services [3];
-+ char **service;
-+ krb5_error_code retval = -1;
- krb5_principal princ;
- krb5_keyblock * keyblock = 0;
- krb5_data packet;
- krb5_auth_context auth_context = NULL;
-- krb5_keytab keytab = NULL;
-- char * kt_name = NULL;
-
- packet.data = 0;
-
- /*
-- * Get the server principal for the local host.
-- * (Use defaults of "host" and canonicalized local name.)
-- */
-- if (retval = krb5_sname_to_principal(context, NULL, NULL,
-- KRB5_NT_SRV_HST, &princ)) {
-+ * If possible we want to try and verify the ticket we have
-+ * received against a keytab. We will try multiple service
-+ * principals, including at least the host principal and the PAM
-+ * service principal. The host principal is preferred because access
-+ * to that key is generally sufficient to compromise root, while the
-+ * service key for this PAM service may be less carefully guarded.
-+ * It is important to check the keytab first before the KDC so we do
-+ * not get spoofed by a fake KDC.*/
-+ services [0] = "host";
-+ services [1] = pam_service;
-+ services [2] = NULL;
-+ for ( service = &services[0]; *service != NULL; service++ ) {
-+ if ((retval = krb5_sname_to_principal(context, NULL, *service, KRB5_NT_SRV_HST,
-+ &princ)) != 0) {
- if (debug)
-- syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
-- "krb5_sname_to_principal()", error_message(retval));
-+ syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
-+ "krb5_sname_to_principal()", error_message(retval));
- return -1;
-- }
-+ }
-
-- /* Extract the name directly. */
-- strncpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ);
-- phost[BUFSIZ - 1] = '\0';
--
-- /*
-- * Do we have host/<host> keys?
-- * (use default/configured keytab, kvno IGNORE_VNO to get the
-- * first match, and enctype is currently ignored anyhow.)
-- */
-- if (retval = krb5_kt_read_service_key(context, NULL, princ, 0,
-- ENCTYPE_DES_CBC_MD5, &keyblock)) {
-+ /* Extract the name directly. */
-+ strncpy(phost, compat_princ_component(context, princ, 1), BUFSIZ);
-+ phost[BUFSIZ - 1] = '\0';
-+
-+ /*
-+ * Do we have service/<host> keys?
-+ * (use default/configured keytab, kvno IGNORE_VNO to get the
-+ * first match, and ignore enctype.)
-+ */
-+ if ((retval = krb5_kt_read_service_key(context, NULL, princ, 0,
-+ 0, &keyblock)) != 0)
-+ continue;
-+ break;
-+ }
-+ if (retval != 0 ) { /* failed to find key */
- /* Keytab or service key does not exist */
- if (debug)
- syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
-@@ -228,7 +132,7 @@
- krb5_free_keyblock(context, keyblock);
-
- /* Talk to the kdc and construct the ticket. */
-- retval = krb5_mk_req(context, &auth_context, 0, "host", phost,
-+ retval = krb5_mk_req(context, &auth_context, 0, *service, phost,
- NULL, ccache, &packet);
- if (auth_context) {
- krb5_auth_con_free(context, auth_context);
-@@ -256,7 +160,7 @@
-
- cleanup:
- if (packet.data)
-- krb5_free_data_contents(context, &packet);
-+ compat_free_data_contents(context, &packet);
- krb5_free_principal(context, princ);
- return retval;
-
diff --git a/security/pam_krb5/files/patch-ag b/security/pam_krb5/files/patch-ag
deleted file mode 100644
index 2e1c65eb640c..000000000000
--- a/security/pam_krb5/files/patch-ag
+++ /dev/null
@@ -1,52 +0,0 @@
---- pam_krb5.5.orig Tue Jan 4 19:08:51 2000
-+++ pam_krb5.5 Mon Nov 6 10:27:01 2000
-@@ -1,24 +1,24 @@
- .\"
- .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $
--.TH pam_krb5 5 "15 Jan 1999"
-+.TH pam_krb5 8 "15 Jan 1999"
- .SH NAME
- pam_krb5 \- Kerberos 5 PAM module
- .SH SYNOPSIS
- .LP
--.B /usr/lib/security/pam_krb5.so.1
-+.B /usr/lib/pam_krb5.so
- .LP
- .SH DESCRIPTION
- .IX "pam_krb5" "" "\fLpam_krb5\fP \(em Kerberos 5 PAM module"
- .PP
- The Kerberos 5 service module for PAM, typically
--.BR /usr/lib/security/pam_krb5.so.1 ,
-+.BR /usr/lib/pam_krb5.so ,
- provides functionality for three PAM categories:
- authentication,
- account management,
- and password management.
- It also provides null functions for session management.
- The
--.B pam_krb5.so.1
-+.B pam_krb5.so
- module is a shared object
- that can be dynamically loaded to provide
- the necessary functionality upon demand.
-@@ -177,10 +177,9 @@
- .SH SEE ALSO
- .BR kdestroy (1),
- .BR passwd (1),
--.BR pam (3),
-+.BR pam (8),
- .BR syslog (3),
--.BR libpam (4),
--.BR pam.conf (4).
-+.BR pam.conf (5).
- .SH NOTES
- Applications should not call
- .B pam_authenticate()
-@@ -189,7 +188,3 @@
- and
- .B pam_end()
- when using the Kerberos 5 PAM module.
--.LP
--dtlogin will not successfully authenticate a user who enters a realm
--name as part of their username (even if the authentication
--module returns success).
diff --git a/security/pam_krb5/files/patch-ah b/security/pam_krb5/files/patch-ah
deleted file mode 100644
index cd7fcaef3b27..000000000000
--- a/security/pam_krb5/files/patch-ah
+++ /dev/null
@@ -1,128 +0,0 @@
---- compat_heimdal.c.orig Mon Jun 11 13:29:54 2001
-+++ compat_heimdal.c Mon Jun 11 13:32:00 2001
-@@ -0,0 +1,125 @@
-+#include <errno.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+#include <krb5.h>
-+#include <security/pam_appl.h>
-+#include <security/pam_modules.h>
-+#include "pam_krb5.h"
-+
-+const char *
-+compat_princ_component(krb5_context context, krb5_principal princ, int n)
-+{
-+ return princ->name.name_string.val[n];
-+}
-+
-+void
-+compat_free_data_contents(krb5_context context, krb5_data *data)
-+{
-+ krb5_xfree(data->data);
-+}
-+
-+static krb5_error_code
-+heimdal_pam_prompter(krb5_context context, void *data, const char *name,
-+ const char *banner, int num_prompts, krb5_prompt prompts[])
-+{
-+ int pam_prompts = num_prompts;
-+ int pamret, i;
-+
-+ struct pam_message *msg;
-+ struct pam_response *resp = NULL;
-+ struct pam_conv *conv;
-+ pam_handle_t *pamh = (pam_handle_t *) data;
-+
-+ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
-+ return KRB5KRB_ERR_GENERIC;
-+
-+ if (banner)
-+ pam_prompts++;
-+
-+ msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
-+ if (!msg)
-+ return ENOMEM;
-+
-+ /* Now use pam_prompts as an index */
-+ pam_prompts = 0;
-+
-+ if (banner) {
-+ msg[pam_prompts].msg = malloc(strlen(banner) + 1);
-+ if (!msg[pam_prompts].msg)
-+ goto cleanup;
-+ strcpy((char *) msg[pam_prompts].msg, banner);
-+ msg[pam_prompts].msg_style = PAM_TEXT_INFO;
-+ pam_prompts++;
-+ }
-+
-+ for (i = 0; i < num_prompts; i++) {
-+ msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
-+ if (!msg[pam_prompts].msg)
-+ goto cleanup;
-+ sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
-+ msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
-+ : PAM_PROMPT_ECHO_ON;
-+ pam_prompts++;
-+ }
-+
-+ if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg,
-+ &resp, conv->appdata_ptr)) != 0)
-+ goto cleanup;
-+
-+ if (!resp)
-+ goto cleanup;
-+
-+ /* Reuse pam_prompts as a starting index */
-+ pam_prompts = 0;
-+ if (banner)
-+ pam_prompts++;
-+
-+ for (i = 0; i < num_prompts; i++, pam_prompts++) {
-+ register int len;
-+ if (!resp[pam_prompts].resp) {
-+ pamret = PAM_AUTH_ERR;
-+ goto cleanup;
-+ }
-+ len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
-+ if (len > prompts[i].reply->length) {
-+ pamret = PAM_AUTH_ERR;
-+ goto cleanup;
-+ }
-+ memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
-+ prompts[i].reply->length = len;
-+ }
-+
-+cleanup:
-+ /* pam_prompts is correct at this point */
-+
-+ for (i = 0; i < pam_prompts; i++) {
-+ if (msg[i].msg)
-+ free((char *) msg[i].msg);
-+ }
-+ free(msg);
-+
-+ if (resp) {
-+ for (i = 0; i < pam_prompts; i++) {
-+ /*
-+ * Note that PAM is underspecified wrt free()'ing resp[i].resp.
-+ * It's not clear if I should free it, or if the application
-+ * has to. Therefore most (all?) apps won't free() it, and I
-+ * can't either, as I am not sure it was malloc()'d. All PAM
-+ * implementations I've seen leak memory here. Not so bad, IFF
-+ * you fork/exec for each PAM authentication (as is typical).
-+ */
-+#if 0
-+ if (resp[i].resp)
-+ free(resp[i].resp);
-+#endif /* 0 */
-+ }
-+ /* This does not lose resp[i].resp if the application saved a copy. */
-+ free(resp);
-+ }
-+
-+ return (pamret ? KRB5KRB_ERR_GENERIC : 0);
-+}
-+
-+krb5_prompter_fct pam_prompter = heimdal_pam_prompter;
diff --git a/security/pam_krb5/files/patch-ai b/security/pam_krb5/files/patch-ai
deleted file mode 100644
index fab81814e912..000000000000
--- a/security/pam_krb5/files/patch-ai
+++ /dev/null
@@ -1,143 +0,0 @@
---- compat_mit.c.orig Mon Jun 11 13:20:39 2001
-+++ compat_mit.c Mon Jun 11 13:22:18 2001
-@@ -0,0 +1,140 @@
-+#include <errno.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+#include <krb5.h>
-+#include <security/pam_appl.h>
-+#include <security/pam_modules.h>
-+#include "pam_krb5.h"
-+
-+const char *
-+compat_princ_component(krb5_context context, krb5_principal princ, int n)
-+{
-+ return krb5_princ_component(context, princ, n)->data;
-+}
-+
-+void
-+compat_free_data_contents(krb5_context context, krb5_data *data)
-+{
-+ krb5_free_data_contents(context, data);
-+}
-+
-+static krb5_error_code
-+mit_pam_prompter(krb5_context context, void *data, const char *name,
-+ const char *banner, int num_prompts, krb5_prompt prompts[])
-+{
-+ int pam_prompts = num_prompts;
-+ int pamret, i;
-+
-+ struct pam_message *msg;
-+ struct pam_response *resp = NULL;
-+ struct pam_conv *conv;
-+ pam_handle_t *pamh = (pam_handle_t *) data;
-+
-+ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
-+ return KRB5KRB_ERR_GENERIC;
-+
-+ if (name)
-+ pam_prompts++;
-+
-+ if (banner)
-+ pam_prompts++;
-+
-+ msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
-+ if (!msg)
-+ return ENOMEM;
-+
-+ /* Now use pam_prompts as an index */
-+ pam_prompts = 0;
-+
-+ /* Sigh. malloc all the prompts. */
-+ if (name) {
-+ msg[pam_prompts].msg = malloc(strlen(name) + 1);
-+ if (!msg[pam_prompts].msg)
-+ goto cleanup;
-+ strcpy((char *) msg[pam_prompts].msg, name);
-+ msg[pam_prompts].msg_style = PAM_TEXT_INFO;
-+ pam_prompts++;
-+ }
-+
-+ if (banner) {
-+ msg[pam_prompts].msg = malloc(strlen(banner) + 1);
-+ if (!msg[pam_prompts].msg)
-+ goto cleanup;
-+ strcpy((char *) msg[pam_prompts].msg, banner);
-+ msg[pam_prompts].msg_style = PAM_TEXT_INFO;
-+ pam_prompts++;
-+ }
-+
-+ for (i = 0; i < num_prompts; i++) {
-+ msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
-+ if (!msg[pam_prompts].msg)
-+ goto cleanup;
-+ sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
-+ msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
-+ : PAM_PROMPT_ECHO_ON;
-+ pam_prompts++;
-+ }
-+
-+ if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg,
-+ &resp, conv->appdata_ptr)) != 0)
-+ goto cleanup;
-+
-+ if (!resp)
-+ goto cleanup;
-+
-+ /* Reuse pam_prompts as a starting index */
-+ pam_prompts = 0;
-+ if (name)
-+ pam_prompts++;
-+ if (banner)
-+ pam_prompts++;
-+
-+ for (i = 0; i < num_prompts; i++, pam_prompts++) {
-+ register int len;
-+ if (!resp[pam_prompts].resp) {
-+ pamret = PAM_AUTH_ERR;
-+ goto cleanup;
-+ }
-+ len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
-+ if (len > prompts[i].reply->length) {
-+ pamret = PAM_AUTH_ERR;
-+ goto cleanup;
-+ }
-+ memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
-+ prompts[i].reply->length = len;
-+ }
-+
-+cleanup:
-+ /* pam_prompts is correct at this point */
-+
-+ for (i = 0; i < pam_prompts; i++) {
-+ if (msg[i].msg)
-+ free((char *) msg[i].msg);
-+ }
-+ free(msg);
-+
-+ if (resp) {
-+ for (i = 0; i < pam_prompts; i++) {
-+ /*
-+ * Note that PAM is underspecified wrt free()'ing resp[i].resp.
-+ * It's not clear if I should free it, or if the application
-+ * has to. Therefore most (all?) apps won't free() it, and I
-+ * can't either, as I am not sure it was malloc()'d. All PAM
-+ * implementations I've seen leak memory here. Not so bad, IFF
-+ * you fork/exec for each PAM authentication (as is typical).
-+ */
-+#if 0
-+ if (resp[i].resp)
-+ free(resp[i].resp);
-+#endif /* 0 */
-+ }
-+ /* This does not lose resp[i].resp if the application saved a copy. */
-+ free(resp);
-+ }
-+
-+ return (pamret ? KRB5KRB_ERR_GENERIC : 0);
-+}
-+
-+krb5_prompter_fct pam_prompter = mit_pam_prompter;
diff --git a/security/pam_krb5/pkg-plist b/security/pam_krb5/pkg-plist
index ed0796d89284..2c1938c01a42 100644
--- a/security/pam_krb5/pkg-plist
+++ b/security/pam_krb5/pkg-plist
@@ -1 +1,2 @@
lib/pam_krb5.so
+lib/pam_krb5.so.1