diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2016-12-03 00:54:22 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2016-12-03 00:54:22 +0000 |
| commit | 2ab7cc62c4aac7da986d179d5a92e0888e8ef19e (patch) | |
| tree | a20671456eb65e4017ae16b457dd2f1919135c80 /security | |
| parent | ee7dd701b1e50d68f65c56ed6aa634c95326d00f (diff) | |
Notes
Diffstat (limited to 'security')
26 files changed, 1133 insertions, 1 deletions
diff --git a/security/Makefile b/security/Makefile index 1a8aaac3f18d..7beeefc498ed 100644 --- a/security/Makefile +++ b/security/Makefile @@ -288,6 +288,7 @@ SUBDIR += krb5 SUBDIR += krb5-113 SUBDIR += krb5-114 + SUBDIR += krb5-115 SUBDIR += krb5-appl SUBDIR += kripp SUBDIR += kstart diff --git a/security/krb5-112/Makefile b/security/krb5-112/Makefile new file mode 100644 index 000000000000..6c19b73567b0 --- /dev/null +++ b/security/krb5-112/Makefile @@ -0,0 +1,159 @@ +# Created by: nectar@FreeBSD.org +# $FreeBSD$ + +PORTNAME= krb5 +PORTVERSION= 1.12.5 +CATEGORIES= security +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +.if !defined(MASTERDIR) +PKGNAMESUFFIX= -112 +.endif + +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ +PATCH_DIST_STRIP= -p2 + +MAINTAINER= cy@FreeBSD.org +COMMENT= Authentication system developed at MIT, successor to Kerberos IV + +LICENSE= MIT + +DEPRECATED= EOL twelve months after release of krb5-1.14 +EXPIRATION_DATE= 2016-11-20 + +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-[0-9].* krb5-11[014-9]-* + +KERBEROSV_URL= http://web.mit.edu/kerberos/ +USE_PERL5= build +USE_LDCONFIG= yes +USE_CSTD= gnu99 +GNU_CONFIGURE= yes +USES= cpe gettext gmake perl5 libtool:build \ + gssapi:bootstrap,mit pkgconfig:both ssl +CONFIGURE_ARGS?= --enable-shared --without-system-verto \ + --disable-rpath --localstatedir="${PREFIX}/var" +CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" +MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" + +CPE_VENDOR= mit +CPE_VERSION= 5-${PORTVERSION} +CPE_PRODUCT= kerberos + +OPTIONS_DEFINE= KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML +OPTIONS_RADIO= CMD_LINE_EDITING +OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT +KRB5_PDF_DESC= Install krb5 PDF documentation +KRB5_HTML_DESC= Install krb5 HTML documentation +DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names +LDAP= Enable LDAP support + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +.endif +CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC} +LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB} + +USE_RC_SUBR= kpropd + +.include <bsd.port.options.mk> + +# Fix up -Wl,-rpath in LDFLAGS +.if !empty(KRB5_HOME) +_RPATH= ${KRB5_HOME}/lib: +.else +_RPATH= ${LOCALBASE}/lib: +.endif +.if !empty(LDFLAGS:M-Wl,-rpath,*) +.for F in ${LDFLAGS:M-Wl,-rpath,*} +LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ + ${LDFLAGS:N-Wl,-rpath,*} +.endfor +.endif + +.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} +BROKEN= LIB_DEPENDS when using KRB5_HOME is broken +.endif + +.if ${PORT_OPTIONS:MDNS_FOR_REALM} +CONFIGURE_ARGS+= --enable-dns-for-realm +.endif + +.if ${PORT_OPTIONS:MLDAP} +USE_OPENLDAP= yes +CONFIGURE_ARGS+= --with-ldap +PLIST_SUB+= LDAP="" +.else +PLIST_SUB+= LDAP="@comment " +.endif + +.if ${PORT_OPTIONS:MREADLINE} +USES+= readline +CONFIGURE_ARGS+= --with-readline +.else +CONFIGURE_ARGS+= --without-readline +.endif + +.if ${PORT_OPTIONS:MLIBEDIT} +USES+= libedit +CONFIGURE_ARGS+= --with-libedit +.else +CONFIGURE_ARGS+= --without-libedit +.endif + +.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" +CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" +.endif + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src + +HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html +PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 +# html documentation +.if ${PORT_OPTIONS:MKRB5_PDF} + pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` + pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` + for i in $${pdf_dirs}; do \ + ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${pdf_files}; do \ + ${INSTALL_MAN} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` + html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` + for i in $${html_dirs}; do \ + ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${html_files}; do \ + ${INSTALL_MAN} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_PDF} + for i in $${pdf_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + for i in $${html_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif + ${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" + +.include <bsd.port.mk> diff --git a/security/krb5-112/distinfo b/security/krb5-112/distinfo new file mode 100644 index 000000000000..94ea1986cc9a --- /dev/null +++ b/security/krb5-112/distinfo @@ -0,0 +1,2 @@ +SHA256 (krb5-1.12.5.tar.gz) = bcb3bb24234beb7a4724a2f9e119039eedf49977efe56697c714d92b269e8e45 +SIZE (krb5-1.12.5.tar.gz) = 12020731 diff --git a/security/krb5-112/files/README.FreeBSD b/security/krb5-112/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-112/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-112/files/kpropd.in b/security/krb5-112/files/kpropd.in new file mode 100644 index 000000000000..faa27dc7dbba --- /dev/null +++ b/security/krb5-112/files/kpropd.in @@ -0,0 +1,28 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-112/files/patch-clients__ksu__Makefile.in b/security/krb5-112/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..7ec54abdc076 --- /dev/null +++ b/security/krb5-112/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2014-01-15 16:44:15.000000000 -0800 ++++ clients/ksu/Makefile.in 2014-05-05 20:51:51.925985974 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install:: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-112/files/patch-config__pre.in b/security/krb5-112/files/patch-config__pre.in new file mode 100644 index 000000000000..06ddd412d618 --- /dev/null +++ b/security/krb5-112/files/patch-config__pre.in @@ -0,0 +1,23 @@ +--- config/pre.in.orig 2014-08-11 15:46:27.000000000 -0700 ++++ config/pre.in 2015-02-04 19:23:51.174245898 -0800 +@@ -178,9 +178,9 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -197,7 +197,7 @@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 diff --git a/security/krb5-112/files/patch-config__shlib.conf b/security/krb5-112/files/patch-config__shlib.conf new file mode 100644 index 000000000000..805e56e91e7f --- /dev/null +++ b/security/krb5-112/files/patch-config__shlib.conf @@ -0,0 +1,19 @@ +--- config/shlib.conf.orig 2013-12-10 14:49:15.000000000 -0800 ++++ config/shlib.conf 2013-12-11 12:58:51.983110392 -0800 +@@ -315,13 +315,13 @@ + ;; + esac + SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ LDCOMBINE="libtool --mode=link cc -Xcompiler -shared" ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-112/files/patch-lib-krb5-os-localaddr.c b/security/krb5-112/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-112/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-112/files/patch-plugins__preauth__pkinit__pkinit_crypto_openssl.c b/security/krb5-112/files/patch-plugins__preauth__pkinit__pkinit_crypto_openssl.c new file mode 100644 index 000000000000..4d202a7d1c45 --- /dev/null +++ b/security/krb5-112/files/patch-plugins__preauth__pkinit__pkinit_crypto_openssl.c @@ -0,0 +1,11 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2015-02-18 23:31:13.000000000 +0100 ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2015-02-28 22:05:52.151654774 +0100 +@@ -172,7 +172,7 @@ + pkinit_pkcs11_code_to_text(int err); + + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_CMS) + /* Use CMS support present in OpenSSL 1.0 and later. */ + #include <openssl/cms.h> + #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms) diff --git a/security/krb5-112/pkg-descr b/security/krb5-112/pkg-descr new file mode 100644 index 000000000000..5940aeab0176 --- /dev/null +++ b/security/krb5-112/pkg-descr @@ -0,0 +1,24 @@ +Kerberos V5 is an authentication system developed at MIT. +WWW: http://web.mit.edu/kerberos/ + +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-112/pkg-plist b/security/krb5-112/pkg-plist new file mode 100644 index 000000000000..e7f6aed868d6 --- /dev/null +++ b/security/krb5-112/pkg-plist @@ -0,0 +1,157 @@ +bin/compile_et +bin/gss-client +bin/k5srvutil +bin/kadmin +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +@mode 04755 +@owner root +@group wheel +bin/ksu +@mode +@owner root +@group wheel +bin/kswitch +bin/ktutil +bin/kvno +bin/sclient +bin/sim_client +bin/uuclient +include/com_err.h +include/gssapi.h +include/gssapi/gssapi.h +include/gssapi/gssapi_ext.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +include/gssapi/mechglue.h +include/gssrpc/auth.h +include/gssrpc/auth_gss.h +include/gssrpc/auth_gssapi.h +include/gssrpc/auth_unix.h +include/gssrpc/clnt.h +include/gssrpc/netdb.h +include/gssrpc/pmap_clnt.h +include/gssrpc/pmap_prot.h +include/gssrpc/pmap_rmt.h +include/gssrpc/rename.h +include/gssrpc/rpc.h +include/gssrpc/rpc_msg.h +include/gssrpc/svc.h +include/gssrpc/svc_auth.h +include/gssrpc/types.h +include/gssrpc/xdr.h +include/krad.h +include/krb5.h +include/krb5/ccselect_plugin.h +include/krb5/clpreauth_plugin.h +include/krb5/hostrealm_plugin.h +include/krb5/kadm5_hook_plugin.h +include/krb5/kdcpreauth_plugin.h +include/krb5/localauth_plugin.h +include/krb5/krb5.h +include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/pwqual_plugin.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/kadm5/kadm_err.h +include/kdb.h +include/krb5/preauth_plugin.h +include/profile.h +include/verto-module.h +include/verto.h +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssrpc.so +lib/libgssrpc.so.4 +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libkadm5clnt.so +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.9 +lib/libkadm5srv.so +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.9 +lib/libkdb5.so +lib/libkdb5.so.7 +lib/libkrb5.so +lib/libkrb5.so.3 +lib/libkrb5support.so +lib/libkrb5support.so.0 +lib/krb5/plugins/kdb/db2.so +%%LDAP%%lib/krb5/plugins/kdb/kldap.so +lib/krb5/plugins/preauth/otp.so +lib/krb5/plugins/preauth/pkinit.so +%%LDAP%%lib/libkdb_ldap.so +%%LDAP%%lib/libkdb_ldap.so.1 +lib/libkrad.so +lib/libkrad.so.0 +lib/libverto.so.0 +lib/libverto.so +libdata/pkgconfig/gssrpc.pc +libdata/pkgconfig/kadm-client.pc +libdata/pkgconfig/kadm-server.pc +libdata/pkgconfig/kdb.pc +libdata/pkgconfig/krb5-gssapi.pc +libdata/pkgconfig/krb5.pc +libdata/pkgconfig/mit-krb5-gssapi.pc +libdata/pkgconfig/mit-krb5.pc +man/man1/k5srvutil.1.gz +man/man1/kadmin.1.gz +man/man1/krb5-config.1.gz +man/man1/krb5-send-pr.1.gz +man/man1/kpasswd.1.gz +man/man1/klist.1.gz +man/man1/kinit.1.gz +man/man1/kdestroy.1.gz +man/man1/kswitch.1.gz +man/man1/ksu.1.gz +man/man1/ktutil.1.gz +man/man1/sclient.1.gz +man/man1/kvno.1.gz +man/man1/compile_et.1.gz +man/man5/kadm5.acl.5.gz +man/man5/kdc.conf.5.gz +man/man5/krb5.conf.5.gz +man/man5/.k5identity.5.gz +man/man5/.k5login.5.gz +man/man5/k5identity.5.gz +man/man5/k5login.5.gz +man/man8/krb5kdc.8.gz +man/man8/kadmin.local.8.gz +man/man8/kdb5_ldap_util.8.gz +man/man8/kdb5_util.8.gz +man/man8/kadmind.8.gz +man/man8/kprop.8.gz +man/man8/kpropd.8.gz +man/man8/kproplog.8.gz +man/man8/sserver.8.gz +sbin/gss-server +sbin/kadmin.local +sbin/kadmind +%%LDAP%%sbin/kdb5_ldap_util +sbin/kdb5_util +sbin/kprop +sbin/kpropd +sbin/kproplog +sbin/krb5-send-pr +sbin/krb5kdc +sbin/sim_server +sbin/sserver +sbin/uuserver +share/doc/krb5/README.FreeBSD +share/et/et_c.awk +share/et/et_h.awk +share/examples/krb5/kdc.conf +share/examples/krb5/krb5.conf +share/examples/krb5/services.append +share/gnats/mit +share/locale/en_US/LC_MESSAGES/mit-krb5.mo +@dir lib/krb5/plugins/authdata +@dir lib/krb5/plugins/libkrb5 +@dir var/krb5kdc diff --git a/security/krb5-113/Makefile b/security/krb5-113/Makefile index 6df1cbb76631..fa7cd2c8d8f6 100644 --- a/security/krb5-113/Makefile +++ b/security/krb5-113/Makefile @@ -17,6 +17,9 @@ COMMENT= Authentication system developed at MIT, successor to Kerberos IV LICENSE= MIT +DEPRECATED= EOL twelve months after release of krb5-1.15 +EXPIRATION_DATE= 2017-12-02 + CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-11[0-2]-* krb5-[0-9].* KERBEROSV_URL= http://web.mit.edu/kerberos/ diff --git a/security/krb5-115/Makefile b/security/krb5-115/Makefile new file mode 100644 index 000000000000..7f436c792edf --- /dev/null +++ b/security/krb5-115/Makefile @@ -0,0 +1,157 @@ +# Created by: nectar@FreeBSD.org +# $FreeBSD$ + +PORTNAME= krb5 +PORTVERSION= 1.15 +CATEGORIES= security +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +.if !defined(MASTERDIR) +PKGNAMESUFFIX= -115 +.endif + + +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ +PATCH_DIST_STRIP= -p2 + +MAINTAINER= cy@FreeBSD.org +COMMENT= Authentication system developed at MIT, successor to Kerberos IV + +LICENSE= MIT + +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-11[0-9]-* + +KERBEROSV_URL= http://web.mit.edu/kerberos/ +USE_PERL5= build +USE_LDCONFIG= yes +USE_CSTD= gnu99 +GNU_CONFIGURE= yes +USES= cpe gettext gmake perl5 libtool:build \ + gssapi:bootstrap,mit pkgconfig:both ssl +CONFIGURE_ARGS?= --enable-shared --without-system-verto \ + --disable-rpath --localstatedir="${PREFIX}/var" +CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" +MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" + +CPE_VENDOR= mit +CPE_VERSION= 5-${PORTVERSION} +CPE_PRODUCT= kerberos + +OPTIONS_DEFINE= KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML +OPTIONS_RADIO= CMD_LINE_EDITING +OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT +KRB5_PDF_DESC= Install krb5 PDF documentation +KRB5_HTML_DESC= Install krb5 HTML documentation +DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names +LDAP= Enable LDAP support + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +.endif +CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC} +LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB} + +USE_RC_SUBR= kpropd + +.include <bsd.port.options.mk> + +# Fix up -Wl,-rpath in LDFLAGS +.if !empty(KRB5_HOME) +_RPATH= ${KRB5_HOME}/lib: +.else +_RPATH= ${LOCALBASE}/lib: +.endif +.if !empty(LDFLAGS:M-Wl,-rpath,*) +.for F in ${LDFLAGS:M-Wl,-rpath,*} +LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ + ${LDFLAGS:N-Wl,-rpath,*} +.endfor +.endif + +.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} +BROKEN= LIB_DEPENDS when using KRB5_HOME is broken +.endif + +.if ${PORT_OPTIONS:MDNS_FOR_REALM} +CONFIGURE_ARGS+= --enable-dns-for-realm +.endif + +.if ${PORT_OPTIONS:MLDAP} +USE_OPENLDAP= yes +CONFIGURE_ARGS+= --with-ldap +PLIST_SUB+= LDAP="" +.else +PLIST_SUB+= LDAP="@comment " +.endif + +.if ${PORT_OPTIONS:MREADLINE} +USES+= readline +CONFIGURE_ARGS+= --with-readline +.else +CONFIGURE_ARGS+= --without-readline +.endif + +.if ${PORT_OPTIONS:MLIBEDIT} +USES+= libedit +CONFIGURE_ARGS+= --with-libedit +.else +CONFIGURE_ARGS+= --without-libedit +.endif + +.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" +CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" +.endif + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src + +HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html +PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 +# html documentation +.if ${PORT_OPTIONS:MKRB5_PDF} + pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` + pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` + for i in $${pdf_dirs}; do \ + ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${pdf_files}; do \ + ${INSTALL_MAN} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` + html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` + for i in $${html_dirs}; do \ + ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${html_files}; do \ + ${INSTALL_MAN} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_PDF} + for i in $${pdf_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + for i in $${html_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif + ${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" + +.include <bsd.port.mk> diff --git a/security/krb5-115/distinfo b/security/krb5-115/distinfo new file mode 100644 index 000000000000..bb297b132b77 --- /dev/null +++ b/security/krb5-115/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1480725624 +SHA256 (krb5-1.15.tar.gz) = fd34752774c808ab4f6f864f935c49945f5a56b62240b1ad4ab1af7b4ded127c +SIZE (krb5-1.15.tar.gz) = 9327157 diff --git a/security/krb5-115/files/README.FreeBSD b/security/krb5-115/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-115/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-115/files/kpropd.in b/security/krb5-115/files/kpropd.in new file mode 100644 index 000000000000..faa27dc7dbba --- /dev/null +++ b/security/krb5-115/files/kpropd.in @@ -0,0 +1,28 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-115/files/patch-clients__ksu__Makefile.in b/security/krb5-115/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..7ec54abdc076 --- /dev/null +++ b/security/krb5-115/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2014-01-15 16:44:15.000000000 -0800 ++++ clients/ksu/Makefile.in 2014-05-05 20:51:51.925985974 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install:: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-115/files/patch-config__pre.in b/security/krb5-115/files/patch-config__pre.in new file mode 100644 index 000000000000..8527c550dc25 --- /dev/null +++ b/security/krb5-115/files/patch-config__pre.in @@ -0,0 +1,23 @@ +--- config/pre.in.orig 2014-10-15 16:55:10.000000000 -0700 ++++ config/pre.in 2015-02-04 12:43:45.693875606 -0800 +@@ -178,9 +178,9 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -197,7 +197,7 @@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 diff --git a/security/krb5-115/files/patch-config__shlib.conf b/security/krb5-115/files/patch-config__shlib.conf new file mode 100644 index 000000000000..3697783e47be --- /dev/null +++ b/security/krb5-115/files/patch-config__shlib.conf @@ -0,0 +1,22 @@ +--- config/shlib.conf.orig 2015-05-08 16:27:02.000000000 -0700 ++++ config/shlib.conf 2015-10-20 21:54:39.834348929 -0700 +@@ -320,14 +320,15 @@ + PICFLAGS=-fpic + ;; + esac +- SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' ++ SHLIBSEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-115/files/patch-lib-krb5-os-localaddr.c b/security/krb5-115/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-115/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-115/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-115/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-115/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-115/pkg-descr b/security/krb5-115/pkg-descr new file mode 100644 index 000000000000..5940aeab0176 --- /dev/null +++ b/security/krb5-115/pkg-descr @@ -0,0 +1,24 @@ +Kerberos V5 is an authentication system developed at MIT. +WWW: http://web.mit.edu/kerberos/ + +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-115/pkg-plist b/security/krb5-115/pkg-plist new file mode 100644 index 000000000000..0cff96c96255 --- /dev/null +++ b/security/krb5-115/pkg-plist @@ -0,0 +1,170 @@ +bin/compile_et +bin/gss-client +bin/k5srvutil +bin/kadmin +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +@mode 04755 +@owner root +@group wheel +bin/ksu +@mode +@owner root +@group wheel +bin/kswitch +bin/ktutil +bin/kvno +bin/sclient +bin/sim_client +bin/uuclient +include/com_err.h +include/gssapi.h +include/gssapi/gssapi.h +include/gssapi/gssapi_ext.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +include/gssapi/mechglue.h +include/gssrpc/auth.h +include/gssrpc/auth_gss.h +include/gssrpc/auth_gssapi.h +include/gssrpc/auth_unix.h +include/gssrpc/clnt.h +include/gssrpc/netdb.h +include/gssrpc/pmap_clnt.h +include/gssrpc/pmap_prot.h +include/gssrpc/pmap_rmt.h +include/gssrpc/rename.h +include/gssrpc/rpc.h +include/gssrpc/rpc_msg.h +include/gssrpc/svc.h +include/gssrpc/svc_auth.h +include/gssrpc/types.h +include/gssrpc/xdr.h +include/krad.h +include/krb5.h +include/krb5/ccselect_plugin.h +include/krb5/clpreauth_plugin.h +include/krb5/hostrealm_plugin.h +include/krb5/kadm5_hook_plugin.h +include/krb5/kdcpreauth_plugin.h +include/krb5/localauth_plugin.h +include/krb5/krb5.h +include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/pwqual_plugin.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/kadm5/kadm_err.h +include/kdb.h +include/krb5/preauth_plugin.h +include/profile.h +include/verto-module.h +include/verto.h +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libcom_err.so.3.0 +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssapi_krb5.so.2.2 +lib/libgssrpc.so +lib/libgssrpc.so.4 +lib/libgssrpc.so.4.2 +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libk5crypto.so.3.1 +lib/libkadm5clnt.so +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.11 +lib/libkadm5clnt_mit.so.11.0 +lib/libkadm5srv.so +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.11 +lib/libkadm5srv_mit.so.11.0 +lib/libkdb5.so +lib/libkdb5.so.8 +lib/libkdb5.so.8.0 +lib/libkrb5.so +lib/libkrb5.so.3 +lib/libkrb5.so.3.3 +lib/libkrb5support.so +lib/libkrb5support.so.0 +lib/libkrb5support.so.0.1 +lib/krb5/plugins/kdb/db2.so +lib/krb5/plugins/tls/k5tls.so +%%LDAP%%lib/krb5/plugins/kdb/kldap.so +lib/krb5/plugins/preauth/otp.so +lib/krb5/plugins/preauth/pkinit.so +lib/krb5/plugins/preauth/test.so +%%LDAP%%lib/libkdb_ldap.so +%%LDAP%%lib/libkdb_ldap.so.1 +%%LDAP%%lib/libkdb_ldap.so.1.0 +lib/libkrad.so +lib/libkrad.so.0 +lib/libkrad.so.0.0 +lib/libverto.so +lib/libverto.so.0 +lib/libverto.so.0.0 +libdata/pkgconfig/gssrpc.pc +libdata/pkgconfig/kadm-client.pc +libdata/pkgconfig/kadm-server.pc +libdata/pkgconfig/kdb.pc +libdata/pkgconfig/krb5-gssapi.pc +libdata/pkgconfig/krb5.pc +libdata/pkgconfig/mit-krb5-gssapi.pc +libdata/pkgconfig/mit-krb5.pc +man/man1/k5srvutil.1.gz +man/man1/kadmin.1.gz +man/man1/krb5-config.1.gz +man/man1/kpasswd.1.gz +man/man1/klist.1.gz +man/man1/kinit.1.gz +man/man1/kdestroy.1.gz +man/man1/kswitch.1.gz +man/man1/ksu.1.gz +man/man1/ktutil.1.gz +man/man1/sclient.1.gz +man/man1/kvno.1.gz +man/man1/compile_et.1.gz +man/man5/kadm5.acl.5.gz +man/man5/kdc.conf.5.gz +man/man5/krb5.conf.5.gz +man/man5/.k5identity.5.gz +man/man5/.k5login.5.gz +man/man5/k5identity.5.gz +man/man5/k5login.5.gz +man/man8/krb5kdc.8.gz +man/man8/kadmin.local.8.gz +man/man8/kdb5_ldap_util.8.gz +man/man8/kdb5_util.8.gz +man/man8/kadmind.8.gz +man/man8/kprop.8.gz +man/man8/kpropd.8.gz +man/man8/kproplog.8.gz +man/man8/sserver.8.gz +sbin/gss-server +sbin/kadmin.local +sbin/kadmind +%%LDAP%%sbin/kdb5_ldap_util +sbin/kdb5_util +sbin/kprop +sbin/kpropd +sbin/kproplog +sbin/krb5-send-pr +sbin/krb5kdc +sbin/sim_server +sbin/sserver +sbin/uuserver +share/doc/krb5/README.FreeBSD +share/et/et_c.awk +share/et/et_h.awk +share/examples/krb5/kdc.conf +share/examples/krb5/krb5.conf +share/examples/krb5/services.append +share/locale/en_US/LC_MESSAGES/mit-krb5.mo +@dir lib/krb5/plugins/authdata +@dir lib/krb5/plugins/libkrb5 +@dir var/run/krb5kdc +@dir var/krb5kdc diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 061d4f996cd8..eefaa532033b 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -VERSIONS= 112 113 114 +VERSIONS= 112 113 114 115 KRB5_VERSION?= 114 MASTERDIR= ${.CURDIR}/../krb5-${KRB5_VERSION} |