diff options
author | Cy Schubert <cy@FreeBSD.org> | 2002-10-15 04:25:18 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2002-10-15 04:25:18 +0000 |
commit | 5222e23c39ad78e6cd20eb211e0a288bbf26cc1b (patch) | |
tree | aa0b5cd9c182f10afe513a535d29bf6efbdfddca /security | |
parent | a18cefbc2b741cd521df9ad5cd9a4f23c5b44fbc (diff) | |
download | ports-5222e23c39ad78e6cd20eb211e0a288bbf26cc1b.tar.gz ports-5222e23c39ad78e6cd20eb211e0a288bbf26cc1b.zip |
Notes
Diffstat (limited to 'security')
25 files changed, 0 insertions, 913 deletions
diff --git a/security/Makefile b/security/Makefile index d92deea6835c..b02430e6df0e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -89,7 +89,6 @@ SUBDIR += keyprint SUBDIR += knocker SUBDIR += krb5 - SUBDIR += krb5-beta SUBDIR += kssh SUBDIR += l0pht-watch SUBDIR += l0phtcrack diff --git a/security/krb5-beta/Makefile b/security/krb5-beta/Makefile deleted file mode 100644 index 79c2563befa9..000000000000 --- a/security/krb5-beta/Makefile +++ /dev/null @@ -1,134 +0,0 @@ -# Ports collection Makefile for: MIT Kerberos V -# Date created: 6/5/1998 -# Whom: nectar@FreeBSD.org -# -# $FreeBSD$ -# - -PORTNAME= krb5 -PORTVERSION= 1.2.6b2 -CATEGORIES= security -MASTER_SITES= # manual download -DISTNAME= krb5-1.2.6-beta2 -EXTRACT_SUFX= .tar - -MAINTAINER= cy@FreeBSD.org - -BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 - -KERBEROSV_URL= http://web.mit.edu/network/kerberos-form.html -USE_GMAKE= yes -INSTALLS_SHLIB= yes -GNU_CONFIGURE= yes -CONFIGURE_ARGS?= --enable-shared --with-ccopts="${CFLAGS}" -CONFIGURE_ENV= INSTALL="${INSTALL}" -MAKE_ARGS= INSTALL="${INSTALL}" -KRB5_KRB4_COMPAT?= YES - -.if !defined(KRB5_KRB4_COMPAT) || ${KRB5_KRB4_COMPAT} == "NO" -CONFIGURE_ARGS+= --without-krb4 -.endif - -.if defined(KRB5_HOME) -PREFIX= ${KRB5_HOME} -.endif - -RESTRICTED= "Crypto; export-controlled" -# Set USA_RESIDENT appropriately in /etc/make.conf if you like - -INFO_FILES= krb425.info krb5-admin.info krb5-admin.info-1 \ - krb5-admin.info-2 krb5-admin.info-3 krb5-install.info \ - krb5-install.info-1 krb5-install.info-2 krb5-user.info - -MAN1= krb5-send-pr.1 kpasswd.1 v5passwd.1 klist.1 kinit.1 \ - kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 rlogin.1 \ - v4rcp.1 ftp.1 telnet.1 kerberos.1 kvno.1 -MAN5= kdc.conf.5 krb5.conf.5 .k5login.5 -MAN8= krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \ - ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \ - kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 - -WRKSRC= ${WRKDIR}/${DISTNAME}/src - -WANT_HTML?= YES -HTML_DOC_DIR= ${WRKDIR}/${DISTNAME}/doc -HTML_DOCS= admin.html install_foot.html user-guide.html \ - admin_foot.html install_toc.html user-guide_foot.html \ - admin_toc.html krb425.html user-guide_toc.html \ - install.html krb425_toc.html - -.if !defined(USA_RESIDENT) || ${USA_RESIDENT} == "YES" -do-fetch: - @if [ ! -f ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX} ]; then \ - ${ECHO} ""; \ - ${ECHO} ">> Kerberos V contains encryption software and is"; \ - ${ECHO} " export restricted. If you are not a USA resident,";\ - ${ECHO} " then you cannot obtain the Kerberos V sources from";\ - ${ECHO} " within the United States."; \ - ${ECHO} ""; \ - ${ECHO} ">> The Kerberos V sources must be fetched manually."; \ - ${ECHO} " Please visit ${KERBEROSV_URL}"; \ - ${ECHO} " to download ${DISTNAME}${EXTRACT_SUFX} and place"; \ - ${ECHO} " it in ${DISTDIR}. Then run make again."; \ - ${FALSE}; \ - fi - -post-extract: - @${TAR} -C ${WRKDIR} -xzf ${WRKDIR}/${DISTNAME}.tar.gz - @${RM} ${WRKDIR}/${DISTNAME}.tar.gz ${WRKDIR}/${DISTNAME}.tar.gz.asc -.if !defined(EXTRACT_PRESERVE_OWNERSHIP) - @if [ `id -u` = 0 ]; then \ - ${CHMOD} -R ug-s,go-w ${WRKDIR}/${DISTNAME}; \ - ${CHOWN} -R 0:0 ${WRKDIR}/${DISTNAME}; \ - fi -.endif -.endif - -pre-build: -.if !defined(KRB5_KRB4_COMPAT) - @${ECHO} "------------------------------------------------------" - @${ECHO} "Set KRB5_KRB4_COMPAT=NO if you do not want to build " - @${ECHO} "the KerberosIV compatibility libraries. " - @${ECHO} "------------------------------------------------------" -.endif - -post-build: - @(cd ${WRKSRC}/../doc && \ - ${MAKE} ${INFO_FILES}) - -.include <bsd.port.pre.mk> - -post-install: -# html documentation -.if defined(WANT_HTML) && ${WANT_HTML} == "YES" - @${MKDIR} ${PREFIX}/share/doc/krb5 -.for html in ${HTML_DOCS} - ${INSTALL_MAN} ${HTML_DOC_DIR}/${html} ${PREFIX}/share/doc/krb5 -.endfor -.endif -# handle info files -.for info in ${INFO_FILES} - ${INSTALL_MAN} ${WRKSRC}/../doc/${info} ${PREFIX}/info/${info} -.endfor -.for info in ${INFO_FILES:M*.info} - install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir -.endfor -# fixup packing list (no libs without version numbers in aout case) -.if ${PORTOBJFORMAT} == "aout" - ${ECHO_MSG} "Fixing packing list for a.out" - ${MV} ${TMPPLIST} ${TMPPLIST}.new - ${GREP} -v '\.so$$' ${TMPPLIST}.new > ${TMPPLIST} - ${RM} ${TMPPLIST}.new -.endif - @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${PREFIX}/share/doc/krb5/README.FreeBSD - @${CHMOD} 444 ${PREFIX}/share/doc/krb5/README.FreeBSD - @${ECHO} "------------------------------------------------------" - @${ECHO} "This port of MIT Kerberos 5 includes remote login " - @${ECHO} "daemons (telnetd and klogind). These daemons default " - @${ECHO} "to using the system login program (/usr/bin/login). " - @${ECHO} "Please see the file " - @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" - @${ECHO} "for more information. " - @${ECHO} "------------------------------------------------------" - -.include <bsd.port.post.mk> diff --git a/security/krb5-beta/distinfo b/security/krb5-beta/distinfo deleted file mode 100644 index d44c3a95402e..000000000000 --- a/security/krb5-beta/distinfo +++ /dev/null @@ -1 +0,0 @@ -MD5 (krb5-1.2.6-beta2.tar) = 785b3d3a0525b6f571c0f725b710fec7 diff --git a/security/krb5-beta/files/README.FreeBSD b/security/krb5-beta/files/README.FreeBSD deleted file mode 100644 index e888e689eb04..000000000000 --- a/security/krb5-beta/files/README.FreeBSD +++ /dev/null @@ -1,32 +0,0 @@ -The MIT KRB5 port provides its own login program at -${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of -the FreeBSD login.conf and login.access files that provide a means of -setting up and controlling sessions under FreeBSD. To overcome this, -the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide -interactive login password authentication instead of the login.krb5 -program provided by MIT KRB5. The FreeBSD /usr/bin/login program does -not have support for Kerberos V password authentication, -e.g. authentication at the console. The pam_krb5 port must be used to -provide Kerberos V password authentication. - -For more information about pam_krb5, please see pam(8) and pam_krb5(8). - -If you wish to use login.krb5 that is provided by the MIT KRB5 port, -the arguments "-L ${PREFIX}/sbin/login.krb5" must be -specified as arguments to klogind and KRB5 telnetd, e.g. - -klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 -eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 -telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 - -Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead -of the FreeBSD provided /usr/bin/login for local tty logins, -"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., - -default:\ - :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ - :if=/etc/issue:\ - :lo=${PREFIX}/sbin/login.krb5: - -It is recommended that the FreeBSD /usr/bin/login be used with the -pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-beta/files/patch-ac b/security/krb5-beta/files/patch-ac deleted file mode 100644 index 8bca5437d964..000000000000 --- a/security/krb5-beta/files/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/admin.texinfo Fri Feb 6 21:40:56 1998 -+++ admin.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb5-admin.info - @settitle Kerberos V5 System Administrator's Guide -+@dircategory Kerberos V5 -+@direntry -+* Admin Guide: (krb5-admin). Kerberos V5 System Admin's Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ad b/security/krb5-beta/files/patch-ad deleted file mode 100644 index c8b6d3e99e91..000000000000 --- a/security/krb5-beta/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/user-guide.texinfo Fri Feb 6 21:40:58 1998 -+++ user-guide.texinfo Fri Jun 19 15:13:45 1998 -@@ -3,6 +3,10 @@ - @c guide - @setfilename krb5-user.info - @settitle Kerberos V5 UNIX User's Guide -+@dircategory Kerberos V5 -+@direntry -+* User's Guide: (krb5-user). Kerberos V5 UNIX User's Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ae b/security/krb5-beta/files/patch-ae deleted file mode 100644 index f5643b5aa04f..000000000000 --- a/security/krb5-beta/files/patch-ae +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/install.texinfo Fri Feb 6 21:40:56 1998 -+++ install.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb5-install.info - @settitle Kerberos V5 Installation Guide -+@dircategory Kerberos V5 -+@direntry -+* Installation Guide: (krb5-install). Kerberos V5 Installation Guide -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-af b/security/krb5-beta/files/patch-af deleted file mode 100644 index e054b18bbef5..000000000000 --- a/security/krb5-beta/files/patch-af +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/krb425.texinfo Fri Feb 6 21:40:57 1998 -+++ krb425.texinfo Fri Jun 19 15:13:45 1998 -@@ -5,6 +5,10 @@ - @c guide - @setfilename krb425.info - @settitle Upgrading to Kerberos V5 from Kerberos V4 -+@dircategory Kerberos V5 -+@direntry -+* Upgrading from V4 to V5: (krb425). Upgrading from Kerberos V4 to V5 -+@end direntry - @setchapternewpage odd @c chapter begins on next odd page - @c @setchapternewpage on @c chapter begins on next page - @c @smallbook @c Format for 7" X 9.25" paper diff --git a/security/krb5-beta/files/patch-ai b/security/krb5-beta/files/patch-ai deleted file mode 100644 index f5b733194344..000000000000 --- a/security/krb5-beta/files/patch-ai +++ /dev/null @@ -1,28 +0,0 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 -+++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 -@@ -487,7 +487,13 @@ - #ifndef LOG_DAEMON - #define LOG_DAEMON 0 - #endif -- openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); -+ -+#ifndef LOG_FTP -+#define FACILITY LOG_DAEMON -+#else -+#define FACILITY LOG_FTP -+#endif -+ openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY); - - addrlen = sizeof (his_addr); - if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -2312,6 +2318,10 @@ - if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), - &kdata.session,&ctrl_addr, &his_addr)) == -1) { - secure_error("ADAT: krb_mk_safe failed"); -+ return(0); -+ } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); - return(0); - } - if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-beta/files/patch-aj b/security/krb5-beta/files/patch-aj deleted file mode 100644 index c3bb8dfd6960..000000000000 --- a/security/krb5-beta/files/patch-aj +++ /dev/null @@ -1,19 +0,0 @@ -*** appl/gssftp/ftpd/logwtmp.c.ORIG Fri Feb 6 19:41:25 1998 ---- appl/gssftp/ftpd/logwtmp.c Tue Jun 30 19:46:01 1998 -*************** -*** 66,72 **** - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); ---- 66,72 ---- - struct stat buf; - time_t time(); - -! if (fd < 0 && (fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (fstat(fd, &buf) == 0) { - (void)strncpy(ut.ut_line, line, sizeof(ut.ut_line)); diff --git a/security/krb5-beta/files/patch-appl::bsd::Makefile.in b/security/krb5-beta/files/patch-appl::bsd::Makefile.in deleted file mode 100644 index 603c399a287f..000000000000 --- a/security/krb5-beta/files/patch-appl::bsd::Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/bsd/Makefile.in.orig Wed Feb 28 14:06:43 2001 -+++ appl/bsd/Makefile.in Mon Dec 31 21:52:45 2001 -@@ -28,7 +28,7 @@ - -DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\" - - DEFINES = $(RSH) $(BSD) $(RPROGS) \ -- -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" -+ -DLOGIN_PROGRAM=\"/usr/bin/login\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" - - all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) - diff --git a/security/krb5-beta/files/patch-appl::bsd::klogind.M b/security/krb5-beta/files/patch-appl::bsd::klogind.M deleted file mode 100644 index 1523c3d593df..000000000000 --- a/security/krb5-beta/files/patch-appl::bsd::klogind.M +++ /dev/null @@ -1,34 +0,0 @@ ---- appl/bsd/klogind.M.orig Wed Feb 28 14:06:43 2001 -+++ appl/bsd/klogind.M Mon Dec 31 21:22:27 2001 -@@ -14,6 +14,7 @@ - ] - [ - [ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] ] -+[\fB\-L\fP \fIloginpath\fP] - .SH DESCRIPTION - .I Klogind - is the server for the -@@ -107,6 +108,10 @@ - Beta5 (May 1995)--present bogus checksums that prevent Kerberos - authentication from succeeding in the default mode. - -+.IP \fB\-L\ loginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. -+ - - .PP - If the -@@ -157,12 +162,6 @@ - - .IP \fB\-M\ realm\fP - Set the Kerberos realm to use. -- --.IP \fB\-L\ login\fP --Set the login program to use. This option only has an effect if --DO_NOT_USE_K_LOGIN was not defined when --.I klogind --was compiled. - .SH DIAGNOSTICS - All diagnostic messages are returned on the connection - associated with the diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in b/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in deleted file mode 100644 index cb5a0e26d49d..000000000000 --- a/security/krb5-beta/files/patch-appl::telnet::telnetd::Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/Makefile.in.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/Makefile.in Mon Dec 31 21:51:19 2001 -@@ -24,7 +24,7 @@ - # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 - # - --AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=\"/usr/bin/login\" - OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON - LOCALINCLUDES=-I.. -I$(srcdir)/.. - DEFINES = $(AUTH_DEF) $(OTHERDEFS) diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 b/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 deleted file mode 100644 index 951ee0d5692a..000000000000 --- a/security/krb5-beta/files/patch-appl::telnet::telnetd::telnetd.8 +++ /dev/null @@ -1,22 +0,0 @@ ---- appl/telnet/telnetd/telnetd.8.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.8 Mon Dec 31 21:16:55 2001 -@@ -43,7 +43,7 @@ - [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] - [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] - [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] --[\fB\-debug\fP [\fIport\fP]] -+[\fB\-debug\fP] [\fB\-L\fP \fIloginpath\fP] [\fIport\fP] - .SH DESCRIPTION - The - .B telnetd -@@ -221,6 +221,10 @@ - in response to a - .SM DO TIMING-MARK) - for kludge linemode support. -+.TP -+\fB\-L\fP \fIloginpath\fP -+Specify pathname to an alternative login program. Default: /usr/bin/login. -+KRB5_HOME/sbin/login.krb5 may be specified. - .TP - .B \-l - Specifies line mode. Tries to force clients to use line-at-a-time diff --git a/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c deleted file mode 100644 index 8bb656dc0673..000000000000 --- a/security/krb5-beta/files/patch-appl::telnet::telnetd::utility.c +++ /dev/null @@ -1,38 +0,0 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 -+++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 -@@ -408,18 +408,25 @@ - int - netwrite(const char *buf, size_t len) - { -- size_t remain; -+ int remaining, copied; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ while (len > 0) { -+ /* Free up enough space if the room is too low*/ -+ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } - -- remain = sizeof(netobuf) - (nfrontp - netobuf); -- if (remain < len) { -- netflush(); -- remain = sizeof(netobuf) - (nfrontp - netobuf); -+ /* Copy out as much as will fit */ -+ copied = remaining > len ? len : remaining; -+ memmove(nfrontp, buf, copied); -+ nfrontp += copied; -+ len -= copied; -+ remaining -= copied; -+ buf += copied; - } -- if (remain < len) -- return 0; -- memcpy(nfrontp, buf, len); -- nfrontp += len; -- return len; -+ return copied; - } - - /* diff --git a/security/krb5-beta/files/patch-as b/security/krb5-beta/files/patch-as deleted file mode 100644 index 0b26c449fe11..000000000000 --- a/security/krb5-beta/files/patch-as +++ /dev/null @@ -1,199 +0,0 @@ ---- clients/ksu/main.c.orig Wed Feb 28 14:06:55 2001 -+++ clients/ksu/main.c Thu Sep 6 16:21:46 2001 -@@ -31,6 +31,10 @@ - #include <sys/wait.h> - #include <signal.h> - -+#ifdef LOGIN_CAP -+#include <login_cap.h> -+#endif -+ - /* globals */ - char * prog_name; - int auth_debug =0; -@@ -60,7 +64,7 @@ - ill specified arguments to commands */ - - void usage (){ -- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); -+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); - } - - /* for Ultrix and friends ... */ -@@ -76,6 +80,7 @@ - int argc; - char ** argv; - { -+int asme = 0; - int hp =0; - int some_rest_copy = 0; - int all_rest_copy = 0; -@@ -90,6 +95,7 @@ - char * cc_target_tag = NULL; - char * target_user = NULL; - char * source_user; -+char * source_shell; - - krb5_ccache cc_source = NULL; - const char * cc_source_tag = NULL; -@@ -118,6 +124,11 @@ - char * dir_of_cc_target; - char * dir_of_cc_source; - -+#ifdef LOGIN_CAP -+login_cap_t *lc; -+int setwhat; -+#endif -+ - options.opt = KRB5_DEFAULT_OPTIONS; - options.lifetime = KRB5_DEFAULT_TKT_LIFE; - options.rlife =0; -@@ -181,7 +192,7 @@ - com_err (prog_name, errno, "while setting euid to source user"); - exit (1); - } -- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ -+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ - switch (option) { - case 'r': - options.opt |= KDC_OPT_RENEWABLE; -@@ -227,6 +238,9 @@ - errflg++; - } - break; -+ case 'm': -+ asme = 1; -+ break; - case 'n': - if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ - com_err(prog_name, retval, "when parsing name %s", optarg); -@@ -341,6 +355,7 @@ - - /* allocate space and copy the usernamane there */ - source_user = xstrdup(pwd->pw_name); -+ source_shell = xstrdup(pwd->pw_shell); - source_uid = pwd->pw_uid; - source_gid = pwd->pw_gid; - -@@ -668,43 +683,64 @@ - /* get the shell of the user, this will be the shell used by su */ - target_pwd = getpwnam(target_user); - -- if (target_pwd->pw_shell) -- shell = xstrdup(target_pwd->pw_shell); -- else { -- shell = _DEF_CSH; /* default is cshell */ -- } -+ if (asme) { -+ if (source_shell && *source_shell) { -+ shell = strdup(source_shell); -+ } else { -+ shell = _DEF_CSH; -+ } -+ } else { -+ if (target_pwd->pw_shell) -+ shell = strdup(target_pwd->pw_shell); -+ else { -+ shell = _DEF_CSH; /* default is cshell */ -+ } -+ } - - #ifdef HAVE_GETUSERSHELL - - /* insist that the target login uses a standard shell (root is omited) */ - -- if (!standard_shell(target_pwd->pw_shell) && source_uid) { -- fprintf(stderr, "ksu: permission denied (shell).\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -+ if (asme) { -+ if (!standard_shell(pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } else { -+ if (!standard_shell(target_pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - } - #endif /* HAVE_GETUSERSHELL */ - -- if (target_pwd->pw_uid){ -- -- if(set_env_var("USER", target_pwd->pw_name)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -- } -+ if (!asme) { -+ if (target_pwd->pw_uid){ -+ if (set_env_var("USER", target_pwd->pw_name)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } - -- if(set_env_var( "HOME", target_pwd->pw_dir)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "HOME", target_pwd->pw_dir)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - -- if(set_env_var( "SHELL", shell)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "SHELL", shell)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+#ifdef LOGIN_CAP -+ lc = login_getpwclass(pwd); -+#endif - - /* set the cc env name to target */ - -@@ -714,7 +750,18 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -- -+#ifdef LOGIN_CAP -+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; -+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; -+ /* -+ * Don't touch resource/priority settings if -m has been -+ * used or -l and -c hasn't, and we're not su'ing to root. -+ */ -+ if (target_pwd->pw_uid) -+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); -+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) -+ err(1, "setusercontext"); -+#else - /* set permissions */ - if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -754,7 +801,8 @@ - perror("ksu: setuid"); - sweep_up(ksu_context, cc_target); - exit(1); -- } -+ } -+#endif - - if (access( cc_target_tag_tmp, R_OK | W_OK )){ - com_err(prog_name, errno, diff --git a/security/krb5-beta/files/patch-at b/security/krb5-beta/files/patch-at deleted file mode 100644 index ef9ea4856f7a..000000000000 --- a/security/krb5-beta/files/patch-at +++ /dev/null @@ -1,14 +0,0 @@ -*** include/sys/syslog.h.ORIG Fri Feb 6 19:42:12 1998 ---- include/sys/syslog.h Tue Jun 30 19:46:02 1998 -*************** -*** 34,39 **** ---- 34,42 ---- - #define LOG_LPR (6<<3) /* line printer subsystem */ - #define LOG_NEWS (7<<3) /* network news subsystem */ - #define LOG_UUCP (8<<3) /* UUCP subsystem */ -+ #if (defined(BSD) && (BSD >= 199306)) -+ #define LOG_FTP (11<<3) /* ftp daemon */ -+ #endif - /* other codes through 15 reserved for system use */ - #define LOG_LOCAL0 (16<<3) /* reserved for local use */ - #define LOG_LOCAL1 (17<<3) /* reserved for local use */ diff --git a/security/krb5-beta/files/patch-av b/security/krb5-beta/files/patch-av deleted file mode 100644 index 8363b8bb1e2d..000000000000 --- a/security/krb5-beta/files/patch-av +++ /dev/null @@ -1,15 +0,0 @@ -*** clients/ksu/Makefile.in.ORIG Sun Aug 2 16:51:18 1998 ---- clients/ksu/Makefile.in Sun Aug 2 16:53:48 1998 -*************** -*** 3,7 **** - mydir=ksu - BUILDTOP=$(REL)$(U)$(S)$(U) -! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' - CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) - ---- 3,7 ---- - mydir=ksu - BUILDTOP=$(REL)$(U)$(S)$(U) -! DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' - CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) - diff --git a/security/krb5-beta/files/patch-ax b/security/krb5-beta/files/patch-ax deleted file mode 100644 index 58cfe89d9294..000000000000 --- a/security/krb5-beta/files/patch-ax +++ /dev/null @@ -1,11 +0,0 @@ ---- ../doc/Makefile.orig Wed Jan 20 21:57:45 1999 -+++ ../doc/Makefile Wed Jan 20 21:59:19 1999 -@@ -1,7 +1,7 @@ - SRCDIR=../src - DVI=texi2dvi - DVIPS=dvips -o "$@" --INFO=makeinfo -+INFO=makeinfo --no-validate - HTML=texi2html - RM=rm -f - TAR=tar -chvf diff --git a/security/krb5-beta/files/patch-ay b/security/krb5-beta/files/patch-ay deleted file mode 100644 index 54c041e205f1..000000000000 --- a/security/krb5-beta/files/patch-ay +++ /dev/null @@ -1,50 +0,0 @@ ---- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 -+++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 -@@ -24,13 +24,26 @@ - #include "libpty.h" - #include "pty-int.h" - -+#ifdef __FreeBSD__ -+#define PTYCHARS1 "pqrsPQRS" -+#define PTYCHARS2 "0123456789abcdefghijklmnopqrstuv" -+#endif -+ -+#ifndef PTYCHARS1 -+#define PTYCHARS1 "pqrstuvwxyzPQRST" -+#endif -+ -+#ifndef PTYCHARS2 -+#define PTYCHARS2 "0123456789abcdef" -+#endif -+ - long - ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) - { -+ int ptynum; -+ char *cp1, *cp2; - #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) -- char *cp; - char *p; -- int i,ptynum; - struct stat stb; - char slavebuf[1024]; - #endif -@@ -115,14 +128,14 @@ - strncpy(slave, slavebuf, slavelength); - return 0; - } else { -- for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { -+ for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) { - sprintf(slavebuf,"/dev/ptyXX"); -- slavebuf[sizeof("/dev/pty") - 1] = *cp; -+ slavebuf[sizeof("/dev/pty") - 1] = *cp1; - slavebuf[sizeof("/dev/ptyp") - 1] = '0'; - if (stat(slavebuf, &stb) < 0) - break; -- for (i = 0; i < 16; i++) { -- slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i]; -+ for (cp2 = PTYCHARS2; *cp2 != '\0'; cp2++) { -+ slavebuf[sizeof("/dev/ptyp") - 1] = *cp2; - *fd = open(slavebuf, O_RDWR); - if (*fd < 0) continue; - diff --git a/security/krb5-beta/files/patch-ba b/security/krb5-beta/files/patch-ba deleted file mode 100644 index 60d70466eff3..000000000000 --- a/security/krb5-beta/files/patch-ba +++ /dev/null @@ -1,81 +0,0 @@ ---- appl/bsd/login.c.ORIG Wed Oct 13 12:55:47 1999 -+++ appl/bsd/login.c Wed Oct 13 12:56:29 1999 -@@ -1303,19 +1304,6 @@ - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - } - -- /* Policy: If local password is good, user is good. -- We really can't trust the Kerberos password, -- because somebody on the net could spoof the -- Kerberos server (not easy, but possible). -- Some sites might want to use it anyways, in -- which case they should change this line -- to: -- if (kpass_ok) -- */ -- -- if (lpass_ok) -- break; -- - if (got_v5_tickets) { - if (retval = krb5_verify_init_creds(kcontext, &my_creds, NULL, - NULL, &xtra_creds, -@@ -1338,6 +1326,9 @@ - } - #endif /* KRB4_GET_TICKETS */ - -+ if (lpass_ok) -+ break; -+ - bad_login: - setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); - -@@ -1640,20 +1631,28 @@ - /* set up credential cache -- obeying KRB5_ENV_CCNAME - set earlier */ - /* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */ -- if (retval = krb5_cc_default(kcontext, &ccache)) { -+ retval = krb5_cc_default(kcontext, &ccache); -+ if (retval) - com_err(argv[0], retval, "while getting default ccache"); -- } else if (retval = krb5_cc_initialize(kcontext, ccache, me)) { -- com_err(argv[0], retval, "when initializing cache"); -- } else if (retval = krb5_cc_store_cred(kcontext, ccache, &my_creds)) { -- com_err(argv[0], retval, "while storing credentials"); -- } else if (xtra_creds && -- (retval = krb5_cc_copy_creds(kcontext, xtra_creds, -- ccache))) { -- com_err(argv[0], retval, "while storing credentials"); -+ else { -+ retval = krb5_cc_initialize(kcontext, ccache, me); -+ if (retval) -+ com_err(argv[0], retval, "when initializing cache"); -+ else { -+ retval = krb5_cc_store_cred(kcontext, ccache, &my_creds); -+ if (retval) -+ com_err(argv[0], retval, "while storing credentials"); -+ else { -+ if (xtra_creds) { -+ retval = krb5_cc_copy_creds(kcontext, xtra_creds, -+ ccache); -+ if (retval) -+ com_err(argv[0], retval, "while storing credentials"); -+ krb5_cc_destroy(kcontext, xtra_creds); -+ } -+ } -+ } - } -- -- if (xtra_creds) -- krb5_cc_destroy(kcontext, xtra_creds); - } else if (forwarded_v5_tickets && rewrite_ccache) { - if ((retval = krb5_cc_initialize (kcontext, ccache, me))) { - syslog(LOG_ERR, -@@ -1727,6 +1727,7 @@ - - if (ccname) - setenv("KRB5CCNAME", ccname, 1); -+ krb5_cc_set_default_name(kcontext, ccname); - - setenv("HOME", pwd->pw_dir, 1); - setenv("PATH", LPATH, 1); diff --git a/security/krb5-beta/files/patch-bb b/security/krb5-beta/files/patch-bb deleted file mode 100644 index 6545ae682c53..000000000000 --- a/security/krb5-beta/files/patch-bb +++ /dev/null @@ -1,10 +0,0 @@ ---- appl/telnet/telnet/Makefile.in.orig Sat Dec 18 10:47:05 1999 -+++ appl/telnet/telnet/Makefile.in Sat Dec 18 10:47:13 1999 -@@ -58,7 +58,6 @@ - $(INSTALL_DATA) $(srcdir)/$$f.1 \ - ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ - done -- $(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc - - authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) - commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) diff --git a/security/krb5-beta/pkg-comment b/security/krb5-beta/pkg-comment deleted file mode 100644 index 339cc4cd5571..000000000000 --- a/security/krb5-beta/pkg-comment +++ /dev/null @@ -1 +0,0 @@ -An authentication system developed at MIT, successor to Kerberos IV diff --git a/security/krb5-beta/pkg-descr b/security/krb5-beta/pkg-descr deleted file mode 100644 index 376a48c52faf..000000000000 --- a/security/krb5-beta/pkg-descr +++ /dev/null @@ -1,24 +0,0 @@ -Kerberos V5 is an authentication system developed at MIT. -WWW: http://web.mit.edu/kerberos/www/ - -Abridged from the User Guide: - Under Kerberos, a client sends a request for a ticket to the - Key Distribution Center (KDC). The KDC creates a ticket-granting - ticket (TGT) for the client, encrypts it using the client's - password as the key, and sends the encrypted TGT back to the - client. The client then attempts to decrypt the TGT, using - its password. If the client successfully decrypts the TGT, it - keeps the decrypted TGT, which indicates proof of the client's - identity. The TGT permits the client to obtain additional tickets, - which give permission for specific services. - Since Kerberos negotiates authenticated, and optionally encrypted, - communications between two points anywhere on the internet, it - provides a layer of security that is not dependent on which side of a - firewall either client is on. - The Kerberos V5 package is designed to be easy to use. Most of the - commands are nearly identical to UNIX network programs you are already - used to. Kerberos V5 is a single-sign-on system, which means that you - have to type your password only once per session, and Kerberos does - the authenticating and encrypting transparently. - -Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-beta/pkg-plist b/security/krb5-beta/pkg-plist deleted file mode 100644 index 26ecbc13fb72..000000000000 --- a/security/krb5-beta/pkg-plist +++ /dev/null @@ -1,125 +0,0 @@ -@unexec install-info --delete %D/info/krb425.info %D/info/dir -@unexec install-info --delete %D/info/krb5-admin.info %D/info/dir -@unexec install-info --delete %D/info/krb5-install.info %D/info/dir -@unexec install-info --delete %D/info/krb5-user.info %D/info/dir -bin/ftp -bin/gss-client -bin/kdestroy -bin/kinit -bin/klist -bin/kpasswd -bin/krb5-config -bin/krb524init -bin/ksu -bin/kvno -bin/rcp -bin/rlogin -bin/rsh -bin/sclient -bin/sim_client -bin/telnet -bin/uuclient -bin/v4rcp -bin/v5passwd -include/com_err.h -include/gssapi/gssapi.h -include/gssapi/gssapi_generic.h -include/gssapi/gssapi_krb5.h -include/kerberosIV/des.h -include/kerberosIV/kadm.h -include/kerberosIV/krb.h -include/kerberosIV/krb_err.h -include/kerberosIV/mit-copyright.h -include/krb5.h -include/libpty.h -include/mit-sipb-copyright.h -include/port-sockets.h -include/profile.h -info/krb425.info -info/krb5-admin.info -info/krb5-admin.info-1 -info/krb5-admin.info-2 -info/krb5-admin.info-3 -info/krb5-install.info -info/krb5-install.info-1 -info/krb5-install.info-2 -info/krb5-user.info -lib/libcom_err.a -lib/libcom_err.so -lib/libcom_err.so.3 -lib/libdes425.a -lib/libdes425.so -lib/libdes425.so.3 -lib/libdyn.a -lib/libdyn.so -lib/libdyn.so.1 -lib/libgssapi_krb5.a -lib/libgssapi_krb5.so -lib/libgssapi_krb5.so.2 -lib/libgssrpc.a -lib/libgssrpc.so -lib/libgssrpc.so.3 -lib/libk5crypto.a -lib/libk5crypto.so -lib/libk5crypto.so.3 -lib/libkadm5clnt.a -lib/libkadm5clnt.so -lib/libkadm5clnt.so.5 -lib/libkadm5srv.a -lib/libkadm5srv.so -lib/libkadm5srv.so.5 -lib/libkdb5.a -lib/libkdb5.so -lib/libkdb5.so.3 -lib/libkrb4.a -lib/libkrb4.so -lib/libkrb4.so.2 -lib/libkrb5.a -lib/libkrb5.so -lib/libkrb5.so.3 -lib/libkrb524.a -lib/libpty.a -lib/libpty.so -lib/libpty.so.1 -lib/libss.a -sbin/ftpd -sbin/gss-server -sbin/kadmin -sbin/kadmin.local -sbin/kadmind -sbin/kadmind4 -sbin/kdb5_util -sbin/klogind -sbin/kprop -sbin/kpropd -sbin/krb5-send-pr -sbin/krb524d -sbin/krb5kdc -sbin/kshd -sbin/ktutil -sbin/login.krb5 -sbin/sim_server -sbin/sserver -sbin/telnetd -sbin/uuserver -sbin/v5passwdd -share/doc/krb5/README.FreeBSD -share/doc/krb5/admin.html -share/doc/krb5/admin_foot.html -share/doc/krb5/admin_toc.html -share/doc/krb5/install.html -share/doc/krb5/install_foot.html -share/doc/krb5/install_toc.html -share/doc/krb5/krb425.html -share/doc/krb5/krb425_toc.html -share/doc/krb5/user-guide.html -share/doc/krb5/user-guide_foot.html -share/doc/krb5/user-guide_toc.html -share/gnats/mit -@dirrm include/gssapi -@dirrm include/kerberosIV -@dirrm share/doc/krb5 -@exec install-info %D/info/krb425.info %D/info/dir -@exec install-info %D/info/krb5-admin.info %D/info/dir -@exec install-info %D/info/krb5-install.info %D/info/dir -@exec install-info %D/info/krb5-user.info %D/info/dir |