rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

auto-import changelog data from krb5-1.3.1-6.src.rpm

Browse Source 
Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6
- fix bug in patch to make rlogind start login with a clean environment a
    la netkit rlogin, spotted and fixed by Scott McClung
Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5
- include profile.d scriptlets in krb5-devel so that krb5-config will be in
    the path, reported by Kir Kolyshkin
Mon Sep 08 2003 Nalin Dahyabhai <nalin@redhat.com>
- add more etypes (arcfour) to the default enctype list in kdc.conf
- don't apply previous patch, refused upstream
Fri Sep 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4
- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
Wed Sep 03 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3
- Don't check for write access on /etc/krb5.conf if SELinux
Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2
- fixup some int/pointer varargs wackiness
Tue Aug 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1
- rebuild
Mon Aug 04 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0
- update to 1.3.1
Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2
- pull fix for non-compliant encoding of salt field in etype-info2 preauth
    data from 1.3.1 beta 1, until 1.3.1 is released.
Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1
- update to 1.3
Mon Jul 07 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4
- correctly use stdargs
Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4
- test update to 1.3 beta 4
- ditch statglue build option
- krb5-devel requires e2fsprogs-devel, which now provides libss and
    libcom_err
Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2
- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead
Wed Apr 09 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1
- update to 1.2.8
This commit is contained in:
cvsdist 2004-09-09 07:16:22 +00:00
parent f241d93ce5
commit 0b77dc9b0b
11 changed files with 878 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.cvsignore
View File

@ -1,2 +1 @@
2003-004-krb4_patchkit.tar.gz krb5-1.3.1.tar.gz
krb5-1.2.7.tar.gz

2
kdc.conf
View File

@ -7,5 +7,5 @@
[realms] [realms]
EXAMPLE.COM = { EXAMPLE.COM = {
master_key_type = des-cbc-crc master_key_type = des-cbc-crc
supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
} }

281
krb5-1.3-ftp-glob.patch Normal file
View File

@ -0,0 +1,281 @@
--- krb5-1.3/src/appl/gssftp/ftp/cmds.c
+++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
@@ -99,6 +99,65 @@
static void quote1 (char *, int, char **);
static char *dotrans (char *);
static char *domap (char *);
+static int checkglob(int fd, const char *pattern);
+
+/*
+ * pipeprotect: protect against "special" local filenames by prepending
+ * "./". Special local filenames are "-" and "|..." AND "/...".
+ */
+static char *pipeprotect(char *name)
+{
+ char *nu;
+ if (strcmp(name, "-") && *name!='|' && *name!='/') {
+ return name;
+ }
+
+ /* We're going to leak this memory. XXX. */
+ nu = malloc(strlen(name)+3);
+ if (nu==NULL) {
+ perror("malloc");
+ code = -1;
+ return NULL;
+ }
+ strcpy(nu, ".");
+ if (*name != '/') strcat(nu, "/");
+ strcat(nu, name);
+ return nu;
+}
+
+/*
+ * Look for embedded ".." in a pathname and change it to "!!", printing
+ * a warning.
+ */
+static char *pathprotect(char *name)
+{
+ int gotdots=0, i, len;
+
+ /* Convert null terminator to trailing / to catch a trailing ".." */
+ len = strlen(name)+1;
+ name[len-1] = '/';
+
+ /*
+ * State machine loop. gotdots is < 0 if not looking at dots,
+ * 0 if we just saw a / and thus might start getting dots,
+ * and the count of dots seen so far if we have seen some.
+ */
+ for (i=0; i<len; i++) {
+ if (name[i]=='.' && gotdots>=0) gotdots++;
+ else if (name[i]=='/' && gotdots<0) gotdots=0;
+ else if (name[i]=='/' && gotdots==2) {
+ printf("Warning: embedded .. in %.*s (changing to !!)\n",
+ len-1, name);
+ name[i-1] = '!';
+ name[i-2] = '!';
+ gotdots = 0;
+ }
+ else if (name[i]=='/') gotdots = 0;
+ else gotdots = -1;
+ }
+ name[len-1] = 0;
+ return name;
+}
/*
* `Another' gets another argument, and stores the new argc and argv.
@@ -844,7 +903,15 @@
if (argc == 2) {
argc++;
- argv[2] = argv[1];
+ /*
+ * Protect the user from accidentally retrieving special
+ * local names.
+ */
+ argv[2] = pipeprotect(argv[1]);
+ if (!argv[2]) {
+ code = -1;
+ return 0;
+ }
loc++;
}
if (argc < 2 && !another(&argc, &argv, "remote-file"))
@@ -1016,8 +1083,19 @@
if (mapflag) {
tp = domap(tp);
}
- recvrequest("RETR", tp, cp, "w",
- tp != cp || !interactive, 1);
+
+ /* Reject embedded ".." */
+ tp = pathprotect(tp);
+
+ /* Prepend ./ to "-" or "!*" or leading "/" */
+ tp = pipeprotect(tp);
+ if (tp == NULL) {
+ /* hmm... how best to handle this? */
+ mflag = 0;
+ } else {
+ recvrequest("RETR", tp, cp, "w",
+ tp != cp || !interactive, 1);
+ }
if (!mflag && fromatty) {
ointer = interactive;
interactive = 1;
@@ -1045,8 +1123,8 @@
static char buf[MAXPATHLEN];
static FILE *ftemp = NULL;
static char **args;
- int oldverbose, oldhash;
- char *cp, *rmode;
+ int oldverbose, oldhash, badglob = 0;
+ char *cp;
if (!mflag) {
if (!doglob) {
@@ -1075,23 +1153,46 @@
return (NULL);
}
#else
- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
- temp[sizeof(temp) - 1] = '\0';
- (void) mktemp(temp);
+ int oldumask, fd;
+ (void) strcpy(temp, _PATH_TMP);
+
+ /* libc 5.2.18 creates with mode 0666, which is dumb */
+ oldumask = umask(077);
+ fd = mkstemp(temp);
+ umask(oldumask);
+
+ if (fd<0) {
+ printf("Error creating temporary file, oops\n");
+ return NULL;
+ }
#endif /* !_WIN32 */
oldverbose = verbose, verbose = 0;
oldhash = hash, hash = 0;
if (doswitch) {
pswitch(!proxy);
}
- for (rmode = "w"; *++argv != NULL; rmode = "a")
- recvrequest ("NLST", temp, *argv, rmode, 0, 0);
+
+ while (*++argv != NULL) {
+ int dupfd = dup(fd);
+
+ recvrequest ("NLST", temp, *argv, "a", 0, 0);
+ if (!checkglob(dupfd, *argv)) {
+ badglob = 1;
+ break;
+ }
+ }
+ unlink(temp);
+
if (doswitch) {
pswitch(!proxy);
}
verbose = oldverbose; hash = oldhash;
- ftemp = fopen(temp, "r");
- (void) unlink(temp);
+ if (badglob) {
+ printf("Refusing to handle insecure file list\n");
+ close(fd);
+ return NULL;
+ }
+ ftemp = fdopen(fd, "r");
#ifdef _WIN32
free(temp);
temp = NULL;
@@ -1100,6 +1201,7 @@
printf("can't find list of remote files, oops\n");
return (NULL);
}
+ rewind(ftemp);
}
if (fgets(buf, sizeof (buf), ftemp) == NULL) {
(void) fclose(ftemp), ftemp = NULL;
@@ -1110,6 +1212,100 @@
return (buf);
}
+/*
+ * Check whether given pattern matches `..'
+ * We assume only a glob pattern starting with a dot will match
+ * dot entries on the server.
+ */
+static int
+isdotdotglob(const char *pattern)
+{
+ int havedot = 0;
+ char c;
+
+ if (*pattern++ != '.')
+ return 0;
+ while ((c = *pattern++) != '\0' && c != '/') {
+ if (c == '*' || c == '?')
+ continue;
+ if (c == '.' && havedot++)
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * This function makes sure the list of globbed files returned from
+ * the server doesn't contain anything dangerous such as
+ * /home/<yourname>/.forward, or ../.forward,
+ * or |mail foe@doe </etc/passwd, etc.
+ * Covered areas:
+ * - returned name starts with / but glob pattern doesn't
+ * - glob pattern starts with / but returned name doesn't
+ * - returned name starts with |
+ * - returned name contains .. in a position where glob
+ * pattern doesn't match ..
+ * I.e. foo/.* allows foo/../bar but not foo/.bar/../fly
+ *
+ * Note that globbed names starting with / should really be stored
+ * under the current working directory; this is handled in mget above.
+ * --okir
+ */
+static int
+checkglob(int fd, const char *pattern)
+{
+ const char *sp;
+ char buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
+ int okay = 1, nrslash, initial, nr;
+ FILE *fp;
+
+ /* Find slashes in glob pattern, and verify whether component
+ * matches `..'
+ */
+ initial = (pattern[0] == '/');
+ for (sp = pattern, nrslash = 0; sp != 0; sp = strchr(sp, '/')) {
+ while (*sp == '/')
+ sp++;
+ if (nrslash >= MAXPATHLEN) {
+ printf("Incredible pattern: %s\n", pattern);
+ return 0;
+ }
+ dotdot[nrslash++] = isdotdotglob(sp);
+ }
+
+ fp = fdopen(fd, "r");
+ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
+ char *sp;
+
+ if ((sp = strchr(buffer, '\n')) != 0) {
+ *sp = '\0';
+ } else {
+ printf("Extremely long filename from server: %s",
+ buffer);
+ okay = 0;
+ break;
+ }
+ if (buffer[0] == '|'
+ || (buffer[0] != '/' && initial)
+ || (buffer[0] == '/' && !initial))
+ okay = 0;
+ for (sp = buffer, nr = 0; sp; sp = strchr(sp, '/'), nr++) {
+ while (*sp == '/')
+ sp++;
+ if (sp[0] == '.' && !strncmp(sp, "../", 3)
+ && (nr >= nrslash || !dotdot[nr]))
+ okay = 0;
+ }
+ }
+
+ if (!okay)
+ printf("Filename provided by server "
+ "doesn't match pattern `%s': %s\n", pattern, buffer);
+
+ fclose(fp);
+ return okay;
+}
+
static char *
onoff(bool)
int bool;

45
krb5-1.3-ksu-access.patch Normal file
View File

@ -0,0 +1,45 @@
The idea is to not complain about problems in the default ticket file if we
couldn't read it, because the client would be able to tell if it's there or
not. Still needs work, I think.
--- krb5-1.3/src/clients/ksu/ccache.c
+++ krb5-1.3/src/clients/ksu/ccache.c
@@ -77,7 +77,7 @@
cc_def_name = krb5_cc_get_name(context, cc_def);
cc_other_name = krb5_cc_get_name(context, *cc_other);
- if ( ! stat(cc_def_name, &st_temp)){
+ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
return retval;
}
--- krb5-1.3/src/clients/ksu/heuristic.c
+++ krb5-1.3/src/clients/ksu/heuristic.c
@@ -412,7 +412,7 @@
cc_source_name = krb5_cc_get_name(context, cc);
- if ( ! stat(cc_source_name, &st_temp)){
+ if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
retval = find_ticket(context, cc, client, end_server, &temp_found);
if (retval)
@@ -572,7 +572,7 @@
cc_source_name = krb5_cc_get_name(context, cc_source);
- if (! stat(cc_source_name, &st_temp)) {
+ if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
if (retval)
return retval;
--- krb5-1.3/src/clients/ksu/main.c
+++ krb5-1.3/src/clients/ksu/main.c
@@ -263,7 +263,7 @@
if ( strchr(cc_source_tag, ':')){
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
- if( stat( cc_source_tag_tmp, &st_temp)){
+ if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
com_err (prog_name, errno,
"while looking for credentials file %s",
cc_source_tag_tmp);

28
krb5-1.3-large-file.patch Normal file
View File

@ -0,0 +1,28 @@
The size might be a long long, so deal with that.
--- krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y
+++ krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y
@@ -1515,12 +1515,12 @@
(stbuf.st_mode&S_IFMT) != S_IFREG)
reply(550, "%s: not a plain file.", filename);
else
- reply(213, "%lu", (long) stbuf.st_size);
+ reply(213, "%llu", (long long) stbuf.st_size);
break;}
case TYPE_A: {
FILE *fin;
register int c;
- register long count;
+ register long long count;
struct stat stbuf;
fin = fopen(filename, "r");
if (fin == NULL) {
@@ -1542,7 +1542,7 @@
}
(void) fclose(fin);
- reply(213, "%ld", count);
+ reply(213, "%lld", count);
break;}
default:
reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);

192
krb5-1.3-manpage-paths.patch Normal file
View File

@ -0,0 +1,192 @@
--- krb5-1.3/src/appl/bsd/klogind.M
+++ krb5-1.3/src/appl/bsd/klogind.M
@@ -27,7 +27,7 @@
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIklogind\fP might be:
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
+klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/bsd/kshd.M
+++ krb5-1.3/src/appl/bsd/kshd.M
@@ -8,7 +8,7 @@
.SH NAME
kshd \- kerberized remote shell server
.SH SYNOPSIS
-.B /usr/local/sbin/kshd
+.B /usr/kerberos/sbin/kshd
[
.B \-kr45ec
]
@@ -30,7 +30,7 @@
on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIkrshd\fP might be:
-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
+kshell stream tcp nowait root /usr/kerberos/sbin/kshd kshd -5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/sample/sserver/sserver.M
+++ krb5-1.3/src/appl/sample/sserver/sserver.M
@@ -59,7 +59,7 @@
using a line in
/etc/inetd.conf that looks like this:
.PP
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
+sample stream tcp nowait root /usr/kerberos/sbin/sserver sserver
.PP
Since \fBsample\fP is normally not a port defined in /etc/services, you will
usually have to add a line to /etc/services which looks like this:
--- krb5-1.3/src/appl/telnet/telnet/telnet.1
+++ krb5-1.3/src/appl/telnet/telnet/telnet.1
@@ -8,35 +8,35 @@
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)telnet.1 8.4 (Berkeley) 2/3/94
-.\" "
-.TH TELNET 1
-.SH NAME
-telnet \- user interface to the TELNET protocol
-.SH SYNOPSIS
-.B telnet
-[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
+ .\" documentation and/or other materials provided with the distribution.
+ .\" 3. All advertising materials mentioning features or use of this software
+ .\" must display the following acknowledgement:
+ .\" This product includes software developed by the University of
+ .\" California, Berkeley and its contributors.
+ .\" 4. Neither the name of the University nor the names of its contributors
+ .\" may be used to endorse or promote products derived from this software
+ .\" without specific prior written permission.
+ .\"
+ .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ .\" SUCH DAMAGE.
+ .\"
+ .\" @(#)telnet.1 8.4 (Berkeley) 2/3/94
+ .\" "
+ .TH TELNET 1
+ .SH NAME
+ telnet \- user interface to the TELNET protocol
+ .SH SYNOPSIS
+ .B telnet
+ [\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
\fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP]
[\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP
\fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP]
--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8
+++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8
@@ -37,7 +37,7 @@
.SM DARPA TELNET
protocol server
.SH SYNOPSIS
-.B /usr/libexec/telnetd
+.B /usr/kerberos/sbin/telnetd
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
[\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
--- krb5-1.3/src/config-files/kdc.conf.M
+++ krb5-1.3/src/config-files/kdc.conf.M
@@ -235,7 +235,7 @@
realm names and the [capaths] section of its krb5.conf file
.SH FILES
-/usr/local/var/krb5kdc/kdc.conf
+/var/kerberos/krb5kdc/kdc.conf
.SH SEE ALSO
krb5.conf(5), krb5kdc(8)
--- krb5-1.3/src/kadmin/cli/kadmin.M
+++ krb5-1.3/src/kadmin/cli/kadmin.M
@@ -733,9 +733,9 @@
.RS
.TP
EXAMPLE:
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
+kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
Entry for principal kadmin/admin with kvno 3 removed
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
+ from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
kadmin:
.RE
.fi
--- krb5-1.3/src/slave/kprop.M
+++ krb5-1.3/src/slave/kprop.M
@@ -39,7 +39,7 @@
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
by kdb5_util, and is normally KPROP_DEFAULT_FILE
-(/usr/local/var/krb5kdc/slave_datatrans).
+(/var/kerberos/krb5kdc/slave_datatrans).
.SH OPTIONS
.TP
\fB\-r\fP \fIrealm\fP
@@ -51,7 +51,7 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/slave_datatrans).
+(normally /var/kerberos/krb5kdc/slave_datatrans).
.TP
\fB\-P\fP \fIport\fP
specifies the port to use to contact the
--- krb5-1.3/src/slave/kpropd.M
+++ krb5-1.3/src/slave/kpropd.M
@@ -69,7 +69,7 @@
This is done by adding a line to the inetd.conf file which looks like
this:
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
+kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the
.B \-S
@@ -87,13 +87,13 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/from_master).
+(normally /var/kerberos/krb5kdc/from_master).
.TP
.B \-p
allows the user to specify the pathname to the
.IR kdb5_util (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
-(normally /usr/local/sbin/kdb5_util).
+(normally /usr/kerberos/sbin/kdb5_util).
.TP
.B \-S
turn on standalone mode. Normally, kpropd is invoked out of

16
krb5-1.3-netkit-rsh.patch Normal file
View File

@ -0,0 +1,16 @@
We ship netkit rsh, which isn't smart enough to deal with the oddball case
where argv[0] is an option flag.
--- krb5-1.3/src/appl/bsd/krsh.c
+++ krb5-1.3/src/appl/bsd/krsh.c
@@ -616,8 +616,10 @@
else
host = argv[0];
+#ifdef BERKELEY_RSH
if (!strcmp(host, "rsh"))
argv++;
+#endif
fprintf(stderr,"trying normal rsh (%s)\n",
UCB_RSH);

49
krb5-1.3-rlogind-environ.patch Normal file
View File

@ -0,0 +1,49 @@
Start with only TERM defined in the environment, like NetKit rlogind does.
--- krb5-1.3/src/appl/bsd/krlogind.c
+++ krb5-1.3/src/appl/bsd/krlogind.c
@@ -713,6 +713,9 @@
#else
struct sgttyb b;
#endif /* POSIX_TERMIOS */
+ char environ_term[sizeof(term) + 6], environ_ccname[sizeof(environ_term)];
+ char *bare_environ[] = {environ_term, environ_ccname, NULL};
+
if ((retval = pty_open_slave(line, &t))) {
fatal(f, error_message(retval));
exit(1);
@@ -819,11 +822,15 @@
/* use the vendors login, which has -p and -f. Tested on
* AIX 4.1.4 and HPUX 10
*/
+ memset(environ_term, '\0', sizeof(environ_term));
+ memset(environ_ccname, '\0', sizeof(environ_ccname));
+ if (getenv("KRB5CCNAME") != NULL)
+ snprintf(environ_ccname, sizeof(environ_ccname) - 1, "KRB5CCNAME=%s", getenv("KRB5CCNAME"));
{
char *cp;
if ((cp = strchr(term,'/')))
*cp = '\0';
- setenv("TERM",term, 1);
+ snprintf(environ_term, sizeof(environ_term) - 1, "TERM=%s", term);
}
retval = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen,
@@ -832,13 +839,13 @@
if (retval)
fatalperror(f, "failed make_sane_hostname");
if (passwd_req)
- execl(login_program, "login", "-p", "-h", rhost_sane,
- lusername, 0);
+ execle(login_program, "login", "-p", "-h", rhost_sane,
+ lusername, 0, bare_environ);
else
- execl(login_program, "login", "-p", "-h", rhost_sane,
- "-f", lusername, 0);
+ execle(login_program, "login", "-p", "-h", rhost_sane,
+ "-f", lusername, 0, bare_environ);
#else /* USE_LOGIN_F */
- execl(login_program, "login", "-r", rhost_sane, 0);
+ execle(login_program, "login", "-r", rhost_sane, 0, bare_environ);
#endif /* USE_LOGIN_F */
syslog(LOG_ERR, "failed exec of %s: %s",
login_program, error_message(errno));

13
krb5-selinux.patch Normal file
View File

@ -0,0 +1,13 @@
--- krb5-1.3.1/src/util/profile/prof_file.c.selinux 2003-03-06 13:48:03.000000000 -0500
+++ krb5-1.3.1/src/util/profile/prof_file.c 2003-09-03 13:42:42.343661059 -0400
@@ -220,8 +220,10 @@ errcode_t profile_update_file_data(prf_d
}
data->upd_serial++;
data->flags = 0;
+#ifdef NO_SELINUX
if (rw_access(data->filespec))
data->flags |= PROFILE_FILE_RW;
+#endif
retval = profile_parse_file(f, &data->root);
fclose(f);
if (retval)

479
krb5.spec
View File

@ -1,10 +1,13 @@
%define prefix %{_prefix}/kerberos %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%define statglue 0 %define WITH_SELINUX 0
%endif
%define krb5prefix %{_prefix}/kerberos
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.2.7 Version: 1.3.1
Release: 14 Release: 6
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc Source1: krb5-%{version}.tar.gz.asc
Source2: kpropd.init Source2: kpropd.init
@ -24,47 +27,38 @@ Source15: klogin.xinetd
Source16: kshell.xinetd Source16: kshell.xinetd
Source17: krb5-telnet.xinetd Source17: krb5-telnet.xinetd
Source18: gssftp.xinetd Source18: gssftp.xinetd
Source19: statglue.c
Source20: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz Patch0: krb5-1.3-gcc33.patch
Source21: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig Patch1: krb5-1.3-info-dir.patch
Patch0: krb5-1.1-db.patch Patch2: krb5-1.3-manpage-paths.patch
Patch1: krb5-1.1.1-tiocgltc.patch Patch3: krb5-1.3-netkit-rsh.patch
Patch2: krb5-1.1.1-libpty.patch Patch4: krb5-1.3-rlogind-environ.patch
Patch3: krb5-1.1.1-fixinfo.patch Patch5: krb5-1.3-ksu-access.patch
Patch4: krb5-1.1.1-manpages.patch Patch6: krb5-1.3-ksu-path.patch
Patch5: krb5-1.1.1-netkitr.patch Patch7: krb5-1.1.1-tiocgltc.patch
Patch6: krb5-1.2-rlogind.patch Patch8: krb5-1.1.1-libpty.patch
Patch7: krb5-1.2-ksu.patch Patch9: krb5-1.1.1-brokenrev.patch
Patch8: krb5-1.2-ksu.options.patch Patch10: krb5-1.2.1-term.patch
Patch9: krb5-1.2-ksu.man.patch Patch11: krb5-1.2.1-passive.patch
Patch10: krb5-1.2-quiet.patch Patch12: krb5-1.3-ktany.patch
Patch11: krb5-1.1.1-brokenrev.patch Patch13: krb5-1.3-large-file.patch
Patch12: krb5-1.2-spelling.patch Patch14: krb5-1.3-ftp-glob.patch
Patch13: krb5-1.2.1-term.patch Patch15: krb5-1.3-check.patch
Patch14: krb5-1.2.1-passive.patch Patch16: krb5-1.3-no-rpath.patch
Patch15: krb5-1.2.1-forward.patch Patch17: krb5-1.3-pass-by-address.patch
Patch16: krb5-1.2.1-heap.patch Patch18: krb5-1.2.7-reject-bad-transited.patch
Patch17: krb5-1.2.2-wragg.patch Patch19: krb5-1.2.7-krb524d-double-free.patch
Patch18: krb5-1.2.2-statglue.patch Patch20: krb5-1.3.1-varargs.patch
Patch20: krb5-1.2.2-by-address.patch Patch21: krb5-selinux.patch
Patch21: http://lite.mit.edu/krb5-1.2.2-ktany.patch Patch22: krb5-1.3.1-32.patch
Patch22: krb5-1.2.2-logauth.patch
Patch23: krb5-1.2.2-size.patch
Patch24: krb5-1.2.5-db2-configure.patch
Patch25: krb5-1.2.7-namelength.patch
Patch26: krb5-1.2.7-errno.patch
Patch27: gssftp-patch
Patch28: krb5-1.2.7-princ_size.patch
Patch29: krb5-1.2.7-reject-bad-transited.patch
Patch30: krb5-1.2.7-underrun.patch
Patch31: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
Patch32: krb5-1.2.7-krb524d-double-free.patch
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-root BuildRoot: %{_tmppath}/%{name}-root
Prereq: grep, info, sh-utils, /sbin/install-info Prereq: grep, info, sh-utils, /sbin/install-info
BuildPrereq: bison, e2fsprogs-devel, flex, gzip, libtermcap-devel, rsh, texinfo, tar BuildPrereq: bison, e2fsprogs-devel >= 1.33, flex
BuildPrereq: gzip, libtermcap-devel, rsh, texinfo, tar
%description %description
Kerberos V5 is a trusted-third-party network authentication system, Kerberos V5 is a trusted-third-party network authentication system,
@ -74,7 +68,7 @@ practice of cleartext passwords.
%package devel %package devel
Summary: Development files needed to compile Kerberos 5 programs. Summary: Development files needed to compile Kerberos 5 programs.
Group: Development/Libraries Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}, e2fsprogs-devel
%description devel %description devel
Kerberos is a network authentication system. The krb5-devel package Kerberos is a network authentication system. The krb5-devel package
@ -120,6 +114,57 @@ network uses Kerberos, this package should be installed on every
workstation. workstation.
%changelog %changelog
* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6
- fix bug in patch to make rlogind start login with a clean environment a la
netkit rlogin, spotted and fixed by Scott McClung
* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5
- include profile.d scriptlets in krb5-devel so that krb5-config will be in
the path, reported by Kir Kolyshkin
* Mon Sep 8 2003 Nalin Dahyabhai <nalin@redhat.com>
- add more etypes (arcfour) to the default enctype list in kdc.conf
- don't apply previous patch, refused upstream
* Fri Sep 5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4
- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
* Wed Sep 3 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3
- Don't check for write access on /etc/krb5.conf if SELinux
* Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2
- fixup some int/pointer varargs wackiness
* Tue Aug 5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1
- rebuild
* Mon Aug 4 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0
- update to 1.3.1
* Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2
- pull fix for non-compliant encoding of salt field in etype-info2 preauth
data from 1.3.1 beta 1, until 1.3.1 is released.
* Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1
- update to 1.3
* Mon Jul 7 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4
- correctly use stdargs
* Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4
- test update to 1.3 beta 4
- ditch statglue build option
- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2
- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead
* Wed Apr 9 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1
- update to 1.2.8
* Mon Mar 31 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-14 * Mon Mar 31 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-14
- fix double-free of enc_part2 in krb524d - fix double-free of enc_part2 in krb524d
@ -564,96 +609,72 @@ workstation.
- added --force to makeinfo commands to skip errors during build - added --force to makeinfo commands to skip errors during build
%prep %prep
%setup -q -a 20 %setup -q -n %{name}-%{version}
%patch0 -p0 -b .db %patch0 -p1 -b .gcc33
%patch1 -p0 -b .tciogltc %patch1 -p1 -b .info-dir
%patch2 -p0 -b .libpty %patch2 -p1 -b .manpage-paths
%patch3 -p0 -b .fixinfo %patch3 -p1 -b .netkit-rsh
%patch4 -p0 -b .manpages %patch4 -p1 -b .rlogind-environ
%patch5 -p0 -b .netkitr %patch5 -p1 -b .ksu-access
%patch6 -p1 -b .rlogind %patch6 -p1 -b .ksu-path
%patch7 -p1 -b .ksu %patch7 -p0 -b .tciogltc
%patch8 -p1 -b .ksu-options %patch8 -p0 -b .libpty
%patch9 -p1 -b .ksu-man %patch9 -p1 -b .brokenrev
%patch10 -p1 -b .quiet %patch10 -p1 -b .term
%patch11 -p1 -b .brokenrev %patch11 -p1 -b .passive
%patch12 -p1 -b .spelling %patch12 -p1 -b .ktany
%patch13 -p1 -b .term %patch13 -p1 -b .large-file
%patch14 -p1 -b .passive %patch14 -p1 -b .ftp-glob
%patch15 -p1 -b .forward %patch15 -p1 -b .check
%patch16 -p1 -b .heap %patch16 -p1 -b .no-rpath
%patch17 -p1 -b .wragg %patch17 -p1 -b .pass-by-address
%if %{statglue} %patch18 -p1 -b .reject-bad-transited
%patch18 -p1 -b .statglue %patch19 -p1 -b .double-free
%patch20 -p1 -b .varargs
%if %{WITH_SELINUX}
%patch21 -p1 -b .selinux
%endif %endif
%patch20 -p0 -b .by-address # Removed, per http://mailman.mit.edu/pipermail/krb5-bugs/2003-September/001735.html
%patch21 -p1 -b .ktany # %patch22 -p1 -b .32
%patch22 -p1 -b .logauth
%patch23 -p1 -b .size
%patch24 -p1 -b .db2-configure
%patch25 -p1 -b .namelength
%patch26 -p1 -b .errno
%patch27 -p1 -b .gssftp-patch
%patch28 -p1 -b .princ_size.patch
%patch29 -p1 -b .reject-bad-transited.patch
%patch30 -p1 -b .underrun
pushd src
patch -sp0 -b -z .2003-004-krb4 < ../2003-004-krb4_patchkit/patch.1.2.7
popd
pushd src/lib/rpc
%patch31 -p0 -b .2003-003
popd
%patch32 -p1 -b .double-free
cp src/krb524/README README.krb524 cp src/krb524/README README.krb524
find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
(cd src/util/db2; autoconf )
%if %{statglue}
cp $RPM_SOURCE_DIR/statglue.c src/util/profile/statglue.c
%endif
find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";"
gzip doc/*.ps gzip doc/*.ps
%build %build
cd src cd src
libtoolize --copy --force INCLUDES=-I%{_includedir}/et
cp config.{guess,sub} config/ CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES $INCLUDES -fPIC`"
cp config.{guess,sub} util/autoconf/ %configure \
CC=%{__cc} \
# Get LFS support on systems that need it which aren't already 64-bit. CFLAGS="$CFLAGS" \
%ifarch %{ix86} s390 ppc sparc CPPFLAGS="$DEFINES $INCLUDES" \
DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES
%endif
# Can't use %%configure because we don't use the default mandir.
./configure \
--with-cc=%{__cc} \
--with-ccopts="$RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES -fPIC" \
--enable-shared --enable-static \ --enable-shared --enable-static \
--prefix=%{prefix} \ --bindir=%{krb5prefix}/bin \
--infodir=%{_infodir} \ --mandir=%{krb5prefix}/man \
--libdir=%{prefix}/%{_lib} \ --sbindir=%{krb5prefix}/sbin \
--datadir=%{krb5prefix}/share \
--localstatedir=%{_var}/kerberos \ --localstatedir=%{_var}/kerberos \
--with-krb4 \ --with-krb4 \
--with-system-et \
--with-system-ss \
--with-netlib=-lresolv \ --with-netlib=-lresolv \
--without-tcl \ --without-tcl \
--enable-dns \ --enable-dns
%{_target_platform} # Now build it. Override the RPATH_FLAG and PROG_LIBPATH to drop the rpath, and
# Now build it. Override the CC_LINK variable to exclude the rpath, and
# override LDCOMBINE to use gcc instead of ld to build shared libraries. # override LDCOMBINE to use gcc instead of ld to build shared libraries.
make \ make RPATH_FLAG= PROG_RPATH= \
CC_LINK='$(CC) $(PROG_LIBPATH)' \
LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)' LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)'
# Run the test suite. Won't run in the build system because /dev/pts is # Run the test suite.
# not available for telnet tests and so on. : make RPATH_FLAG= PROG_RPATH= check TMPDIR=%{_tmppath}
# make check TMPDIR=%{_tmppath}
%install %install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Shell scripts wrappers for Kerberized rsh and rlogin. # Shell scripts wrappers for Kerberized rsh and rlogin.
mkdir -p $RPM_BUILD_ROOT%{prefix}/bin mkdir -p $RPM_BUILD_ROOT%{krb5prefix}/bin
install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{prefix}/bin/ install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{krb5prefix}/bin/
# Info docs. # Info docs.
mkdir -p $RPM_BUILD_ROOT%{_infodir} mkdir -p $RPM_BUILD_ROOT%{_infodir}
@ -691,23 +712,19 @@ done
make -C src DESTDIR=$RPM_BUILD_ROOT install make -C src DESTDIR=$RPM_BUILD_ROOT install
# Fixup permissions on header files. # Fixup permissions on header files.
find $RPM_BUILD_ROOT/%{prefix}/include -type d | xargs chmod 755 find $RPM_BUILD_ROOT/%{_includedir} -type d | xargs chmod 755
find $RPM_BUILD_ROOT/%{prefix}/include -type f | xargs chmod 644 find $RPM_BUILD_ROOT/%{_includedir} -type f | xargs chmod 644
# Fixup strange shared library permissions. # Fixup strange shared library permissions.
chmod 755 $RPM_BUILD_ROOT%{prefix}/%{_lib}/*.so* chmod 755 $RPM_BUILD_ROOT%{_libdir}/*.so*
# Munge the krb5-config script to remove rpaths. # Munge the krb5-config script to remove rpaths.
sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{prefix}/bin/krb5-config sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{krb5prefix}/bin/krb5-config
%clean %clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%post libs %post libs -p /sbin/ldconfig
if ! grep -q '^%{prefix}/%{_lib}$' /etc/ld.so.conf ; then
echo %{prefix}/%{_lib} >> /etc/ld.so.conf
fi
/sbin/ldconfig
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
@ -767,72 +784,75 @@ fi
%config(noreplace) /etc/xinetd.d/* %config(noreplace) /etc/xinetd.d/*
%doc doc/user*.html doc/user*.ps.gz src/config-files/services.append %doc doc/krb5-user*.html doc/user*.ps.gz src/config-files/services.append
%doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html
%attr(0755,root,root) %doc src/config-files/convert-config-files %attr(0755,root,root) %doc src/config-files/convert-config-files
%{_infodir}/krb5-user.info* %{_infodir}/krb5-user.info*
%dir %{prefix} %dir %{krb5prefix}
%dir %{prefix}/bin %dir %{krb5prefix}/bin
%dir %{prefix}/man %dir %{krb5prefix}/man
%dir %{prefix}/man/man1 %dir %{krb5prefix}/man/man1
%dir %{prefix}/man/man5 %dir %{krb5prefix}/man/man5
%dir %{prefix}/man/man8 %dir %{krb5prefix}/man/man8
%dir %{prefix}/sbin %dir %{krb5prefix}/sbin
%{prefix}/bin/ftp %{krb5prefix}/bin/ftp
%{prefix}/man/man1/ftp.1* %{krb5prefix}/man/man1/ftp.1*
%{prefix}/bin/gss-client %{krb5prefix}/bin/gss-client
%{prefix}/bin/kdestroy %{krb5prefix}/bin/kdestroy
%{prefix}/man/man1/kdestroy.1* %{krb5prefix}/man/man1/kdestroy.1*
%{prefix}/man/man1/kerberos.1* %{krb5prefix}/man/man1/kerberos.1*
%{prefix}/bin/kinit %{krb5prefix}/bin/kinit
%{prefix}/man/man1/kinit.1* %{krb5prefix}/man/man1/kinit.1*
%{prefix}/bin/klist %{krb5prefix}/bin/klist
%{prefix}/man/man1/klist.1* %{krb5prefix}/man/man1/klist.1*
%{prefix}/bin/kpasswd %{krb5prefix}/bin/kpasswd
%{prefix}/man/man1/kpasswd.1* %{krb5prefix}/man/man1/kpasswd.1*
%{prefix}/bin/krb524init %{krb5prefix}/bin/krb524init
%{prefix}/sbin/kadmin %{krb5prefix}/sbin/k5srvutil
%{prefix}/man/man8/kadmin.8* %{krb5prefix}/man/man8/k5srvutil.8*
%{prefix}/sbin/ktutil %{krb5prefix}/sbin/kadmin
%{prefix}/man/man8/ktutil.8* %{krb5prefix}/man/man8/kadmin.8*
%attr(0755,root,root) %{prefix}/bin/ksu %{krb5prefix}/sbin/ktutil
%{prefix}/man/man1/ksu.1* %{krb5prefix}/man/man8/ktutil.8*
%{prefix}/bin/kvno %attr(0755,root,root) %{krb5prefix}/bin/ksu
%{prefix}/man/man1/kvno.1* %{krb5prefix}/man/man1/ksu.1*
%{prefix}/bin/rcp %{krb5prefix}/bin/kvno
%{prefix}/man/man1/rcp.1* %{krb5prefix}/man/man1/kvno.1*
%{prefix}/bin/krlogin %{krb5prefix}/bin/rcp
%{prefix}/bin/rlogin %{krb5prefix}/man/man1/rcp.1*
%{prefix}/man/man1/rlogin.1* %{krb5prefix}/bin/krlogin
%{prefix}/bin/krsh %{krb5prefix}/bin/rlogin
%{prefix}/bin/rsh %{krb5prefix}/man/man1/rlogin.1*
%{prefix}/man/man1/rsh.1* %{krb5prefix}/bin/krsh
%{prefix}/bin/telnet %{krb5prefix}/bin/rsh
%{prefix}/man/man1/telnet.1* %{krb5prefix}/man/man1/rsh.1*
%{prefix}/man/man1/tmac.doc* %{krb5prefix}/bin/telnet
%attr(0755,root,root) %{prefix}/bin/v4rcp %{krb5prefix}/man/man1/telnet.1*
%{prefix}/man/man1/v4rcp.1* %{krb5prefix}/man/man1/tmac.doc*
%{prefix}/bin/v5passwd %attr(0755,root,root) %{krb5prefix}/bin/v4rcp
%{prefix}/man/man1/v5passwd.1* %{krb5prefix}/man/man1/v4rcp.1*
%{prefix}/bin/sim_client %{krb5prefix}/bin/v5passwd
%{prefix}/bin/uuclient %{krb5prefix}/man/man1/v5passwd.1*
%{prefix}/sbin/login.krb5 %{krb5prefix}/bin/sim_client
%{prefix}/man/man8/login.krb5.8* %{krb5prefix}/bin/uuclient
%{prefix}/sbin/ftpd %{krb5prefix}/sbin/login.krb5
%{prefix}/man/man8/ftpd.8* %{krb5prefix}/man/man8/login.krb5.8*
%{prefix}/sbin/gss-server %{krb5prefix}/sbin/ftpd
%{prefix}/sbin/klogind %{krb5prefix}/man/man8/ftpd.8*
%{prefix}/man/man8/klogind.8* %{krb5prefix}/sbin/gss-server
%{prefix}/sbin/krb5-send-pr %{krb5prefix}/sbin/klogind
%{prefix}/man/man1/krb5-send-pr.1* %{krb5prefix}/man/man8/klogind.8*
%{prefix}/sbin/kshd %{krb5prefix}/sbin/krb5-send-pr
%{prefix}/man/man8/kshd.8* %{krb5prefix}/man/man1/krb5-send-pr.1*
%{prefix}/sbin/telnetd %{krb5prefix}/sbin/kshd
%{prefix}/man/man8/telnetd.8* %{krb5prefix}/man/man8/kshd.8*
%{prefix}/sbin/uuserver %{krb5prefix}/sbin/telnetd
%{prefix}/man/man5/.k5login.5* %{krb5prefix}/man/man8/telnetd.8*
%{prefix}/man/man5/krb5.conf.5* %{krb5prefix}/sbin/uuserver
%{krb5prefix}/man/man5/.k5login.5*
%{krb5prefix}/man/man5/krb5.conf.5*
%files server %files server
%defattr(-,root,root) %defattr(-,root,root)
@ -842,9 +862,9 @@ fi
%config /etc/rc.d/init.d/krb524 %config /etc/rc.d/init.d/krb524
%config /etc/rc.d/init.d/kprop %config /etc/rc.d/init.d/kprop
%doc doc/admin*.ps.gz doc/admin*.html %doc doc/admin*.ps.gz doc/krb5-admin*.html
%doc doc/krb425*.ps.gz doc/krb425*.html %doc doc/krb425*.ps.gz doc/krb425*.html
%doc doc/install*.ps.gz doc/install*.html %doc doc/install*.ps.gz doc/krb5-install*.html
%doc README.krb524 %doc README.krb524
%{_infodir}/krb5-admin.info* %{_infodir}/krb5-admin.info*
@ -856,47 +876,50 @@ fi
%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl %config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl
%dir %{prefix}/bin %dir %{krb5prefix}/bin
%dir %{prefix}/man %dir %{krb5prefix}/man
%dir %{prefix}/man/man1 %dir %{krb5prefix}/man/man1
%dir %{prefix}/man/man5 %dir %{krb5prefix}/man/man5
%dir %{prefix}/man/man8 %dir %{krb5prefix}/man/man8
%dir %{prefix}/sbin %dir %{krb5prefix}/sbin
%{prefix}/man/man5/kdc.conf.5* %{krb5prefix}/man/man5/kdc.conf.5*
%{prefix}/sbin/kadmin.local %{krb5prefix}/sbin/kadmin.local
%{prefix}/man/man8/kadmin.local.8* %{krb5prefix}/man/man8/kadmin.local.8*
%{prefix}/sbin/kadmind %{krb5prefix}/sbin/kadmind
%{prefix}/man/man8/kadmind.8* %{krb5prefix}/man/man8/kadmind.8*
%{prefix}/sbin/kadmind4 %{krb5prefix}/sbin/kadmind4
%{prefix}/sbin/kdb5_util %{krb5prefix}/sbin/kdb5_util
%{prefix}/man/man8/kdb5_util.8* %{krb5prefix}/man/man8/kdb5_util.8*
%{prefix}/sbin/kprop %{krb5prefix}/sbin/kprop
%{prefix}/man/man8/kprop.8* %{krb5prefix}/man/man8/kprop.8*
%{prefix}/sbin/kpropd %{krb5prefix}/sbin/kpropd
%{prefix}/man/man8/kpropd.8* %{krb5prefix}/man/man8/kpropd.8*
%{prefix}/sbin/krb524d %{krb5prefix}/sbin/krb524d
%{prefix}/sbin/krb5kdc %{krb5prefix}/sbin/krb5kdc
%{prefix}/man/man8/krb5kdc.8* %{krb5prefix}/man/man8/krb5kdc.8*
%{prefix}/sbin/sim_server %{krb5prefix}/sbin/sim_server
%{prefix}/sbin/v5passwdd %{krb5prefix}/sbin/v5passwdd
# This is here for people who want to test their server, and also # This is here for people who want to test their server, and also
# included in devel package for similar reasons. # included in devel package for similar reasons.
%{prefix}/bin/sclient %{krb5prefix}/bin/sclient
%{prefix}/man/man1/sclient.1* %{krb5prefix}/man/man1/sclient.1*
%{prefix}/sbin/sserver %{krb5prefix}/sbin/sserver
%{prefix}/man/man8/sserver.8* %{krb5prefix}/man/man8/sserver.8*
%files libs %files libs
%defattr(-,root,root) %defattr(-,root,root)
%config /etc/rc.d/init.d/kdcrotate %config /etc/rc.d/init.d/kdcrotate
%config(noreplace) /etc/krb5.conf %config(noreplace) /etc/krb5.conf
%dir %{prefix}/%{_lib} %{_libdir}/lib*.so.*
%{prefix}/%{_lib}/lib*.so.* %{krb5prefix}/share
%{prefix}/share
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%config /etc/profile.d/krb5.sh
%config /etc/profile.d/krb5.csh
%doc doc/api %doc doc/api
%doc doc/implement %doc doc/implement
%doc doc/kadm5 %doc doc/kadm5
@ -904,19 +927,19 @@ fi
%doc doc/krb5-protocol %doc doc/krb5-protocol
%doc doc/rpc %doc doc/rpc
%dir %{prefix} %dir %{krb5prefix}
%dir %{prefix}/bin %dir %{krb5prefix}/bin
%dir %{prefix}/man %dir %{krb5prefix}/man
%dir %{prefix}/man/man1 %dir %{krb5prefix}/man/man1
%dir %{prefix}/man/man8 %dir %{krb5prefix}/man/man8
%dir %{prefix}/sbin %dir %{krb5prefix}/sbin
%{prefix}/include %{_includedir}/*
%{prefix}/%{_lib}/lib*.a %{_libdir}/lib*.a
%{prefix}/%{_lib}/lib*.so %{_libdir}/lib*.so
%{prefix}/bin/krb5-config %{krb5prefix}/bin/krb5-config
%{prefix}/bin/sclient %{krb5prefix}/bin/sclient
%{prefix}/man/man1/sclient.1* %{krb5prefix}/man/man1/sclient.1*
%{prefix}/man/man8/sserver.8* %{krb5prefix}/man/man8/sserver.8*
%{prefix}/sbin/sserver %{krb5prefix}/sbin/sserver

3
sources
View File

@ -1,2 +1 @@
88d770f2de2c1bd842b511f47002a807 2003-004-krb4_patchkit.tar.gz 73f868cf65bec56d7c718834ca5665fd krb5-1.3.1.tar.gz
854b52face2a8f771caf88166fa269d3 krb5-1.2.7.tar.gz