- switch man pages to being generated with the right paths in them

- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
    errors at same point that keytab routines do (#241805)
This commit is contained in:
Nalin Dahyabhai 2007-06-22 22:04:38 +00:00
parent 513d8d8504
commit 37416c24a6
3 changed files with 43 additions and 168 deletions

View File

@ -1,142 +0,0 @@
--- krb5-1.3/src/appl/bsd/klogind.M
+++ krb5-1.3/src/appl/bsd/klogind.M
@@ -27,7 +27,7 @@
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIklogind\fP might be:
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
+klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/bsd/kshd.M
+++ krb5-1.3/src/appl/bsd/kshd.M
@@ -8,7 +8,7 @@
.SH NAME
kshd \- kerberized remote shell server
.SH SYNOPSIS
-.B /usr/local/sbin/kshd
+.B /usr/kerberos/sbin/kshd
[
.B \-kr45ec
]
@@ -30,7 +30,7 @@
on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIkrshd\fP might be:
-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
+kshell stream tcp nowait root /usr/kerberos/sbin/kshd kshd -5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/sample/sserver/sserver.M
+++ krb5-1.3/src/appl/sample/sserver/sserver.M
@@ -59,7 +59,7 @@
using a line in
/etc/inetd.conf that looks like this:
.PP
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
+sample stream tcp nowait root /usr/kerberos/sbin/sserver sserver
.PP
Since \fBsample\fP is normally not a port defined in /etc/services, you will
usually have to add a line to /etc/services which looks like this:
--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8
+++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8
@@ -37,7 +37,7 @@
.SM DARPA TELNET
protocol server
.SH SYNOPSIS
-.B /usr/libexec/telnetd
+.B /usr/kerberos/sbin/telnetd
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
[\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
--- krb5-1.3/src/config-files/kdc.conf.M
+++ krb5-1.3/src/config-files/kdc.conf.M
@@ -235,7 +235,7 @@
realm names and the [capaths] section of its krb5.conf file
.SH FILES
-/usr/local/var/krb5kdc/kdc.conf
+/var/kerberos/krb5kdc/kdc.conf
.SH SEE ALSO
krb5.conf(5), krb5kdc(8)
--- krb5-1.3/src/kadmin/cli/kadmin.M
+++ krb5-1.3/src/kadmin/cli/kadmin.M
@@ -733,9 +733,9 @@
.RS
.TP
EXAMPLE:
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
+kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
Entry for principal kadmin/admin with kvno 3 removed
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
+ from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
kadmin:
.RE
.fi
--- krb5-1.3/src/slave/kprop.M
+++ krb5-1.3/src/slave/kprop.M
@@ -39,7 +39,7 @@
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
by kdb5_util, and is normally KPROP_DEFAULT_FILE
-(/usr/local/var/krb5kdc/slave_datatrans).
+(/var/kerberos/krb5kdc/slave_datatrans).
.SH OPTIONS
.TP
\fB\-r\fP \fIrealm\fP
@@ -51,7 +51,7 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/slave_datatrans).
+(normally /var/kerberos/krb5kdc/slave_datatrans).
.TP
\fB\-P\fP \fIport\fP
specifies the port to use to contact the
--- krb5-1.3/src/slave/kpropd.M
+++ krb5-1.3/src/slave/kpropd.M
@@ -69,7 +69,7 @@
This is done by adding a line to the inetd.conf file which looks like
this:
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
+kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the
.B \-S
@@ -87,13 +87,13 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/from_master).
+(normally /var/kerberos/krb5kdc/from_master).
.TP
.B \-p
allows the user to specify the pathname to the
.IR kdb5_util (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
-(normally /usr/local/sbin/kdb5_util).
+(normally /usr/kerberos/sbin/kdb5_util).
.TP
.B \-S
turn on standalone mode. Normally, kpropd is invoked out of
@@ -124,14 +124,14 @@
allows the user to specify the path to the
.KR kpropd.acl
file; by default the path used is KPROPD_ACL_FILE
-(normally /usr/local/var/krb5kdc/kpropd.acl).
+(normally /var/kerberos/krb5kdc/kpropd.acl).
.SH FILES
.TP "\w'kpropd.acl\ \ 'u"
kpropd.acl
Access file for
.BR kpropd ;
the default location is KPROPD_ACL_FILE (normally
-/usr/local/var/krb5kdc/kpropd.acl).
+/var/kerberos/krb5kdc/kpropd.acl).
Each entry is a line containing the principal of a host from which the
local machine will allow Kerberos database propagation via kprop.
.SH SEE ALSO

View File

@ -1,13 +0,0 @@
--- krb5-1.3.1/src/util/profile/prof_file.c.selinux 2003-03-06 13:48:03.000000000 -0500
+++ krb5-1.3.1/src/util/profile/prof_file.c 2003-09-03 13:42:42.343661059 -0400
@@ -220,8 +220,10 @@ errcode_t profile_update_file_data(prf_d
}
data->upd_serial++;
data->flags = 0;
+#ifdef NO_SELINUX
if (rw_access(data->filespec))
data->flags |= PROFILE_FILE_RW;
+#endif
retval = profile_parse_file(f, &data->root);
fclose(f);
if (retval)

View File

@ -1,7 +1,3 @@
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%define WITH_SELINUX 0
%endif
%define WITH_LDAP 1 %define WITH_LDAP 1
%define krb5prefix %{_prefix}/kerberos %define krb5prefix %{_prefix}/kerberos
@ -12,6 +8,9 @@
# This'll be pulled out at some point. # This'll be pulled out at some point.
%define build_static 0 %define build_static 0
# For consistency with regular login.
%define login_pam_service remote
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.6.1 Version: 1.6.1
@ -45,8 +44,11 @@ Source22: ekrb5-telnet.xinetd
# and tarred up. # and tarred up.
Source23: krb5-%{version}-pdf.tar.gz Source23: krb5-%{version}-pdf.tar.gz
Source24: krb5-tex-pdf.sh Source24: krb5-tex-pdf.sh
Source25: krb5-trunk-manpaths.txt
Source26: gssftp.pamd
Source27: kshell.pamd
Source28: ekshell.pamd
Patch2: krb5-1.6-manpage-paths.patch
Patch3: krb5-1.3-netkit-rsh.patch Patch3: krb5-1.3-netkit-rsh.patch
Patch4: krb5-1.3-rlogind-environ.patch Patch4: krb5-1.3-rlogind-environ.patch
Patch5: krb5-1.3-ksu-access.patch Patch5: krb5-1.3-ksu-access.patch
@ -58,7 +60,6 @@ Patch13: krb5-1.3-large-file.patch
Patch14: krb5-1.3-ftp-glob.patch Patch14: krb5-1.3-ftp-glob.patch
Patch16: krb5-1.6-buildconf.patch Patch16: krb5-1.6-buildconf.patch
Patch18: krb5-1.2.7-reject-bad-transited.patch Patch18: krb5-1.2.7-reject-bad-transited.patch
Patch21: krb5-selinux.patch
Patch23: krb5-1.3.1-dns.patch Patch23: krb5-1.3.1-dns.patch
Patch25: krb5-1.4-null.patch Patch25: krb5-1.4-null.patch
Patch26: krb5-1.3.2-efence.patch Patch26: krb5-1.3.2-efence.patch
@ -82,6 +83,10 @@ Patch55: krb5-1.6.1-empty.patch
Patch56: krb5-1.6.1-get_opt_fixup.patch Patch56: krb5-1.6.1-get_opt_fixup.patch
Patch57: krb5-1.6.1-ftp-nospew.patch Patch57: krb5-1.6.1-ftp-nospew.patch
Patch60: krb5-1.6.1-pam.patch
Patch61: krb5-trunk-manpaths.patch
Patch62: krb5-any-fixup-patch.txt
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -90,7 +95,6 @@ Prereq: grep, info, sh-utils, /sbin/install-info
BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex
BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar
BuildRequires: tetex-latex BuildRequires: tetex-latex
# Wait until the merge completes -- keyutils lives in Extras.
BuildRequires: keyutils-libs-devel BuildRequires: keyutils-libs-devel
%if %{WITH_LDAP} %if %{WITH_LDAP}
@ -185,7 +189,7 @@ Group: System Environment/Base
Requires: %{name}-workstation = %{version}-%{release} Requires: %{name}-workstation = %{version}-%{release}
Prereq: grep, /sbin/install-info, /bin/sh, sh-utils Prereq: grep, /sbin/install-info, /bin/sh, sh-utils
# mktemp is used by krb5-send-pr # mktemp is used by krb5-send-pr
Requires: mktemp, xinetd Requires: mktemp, xinetd, /etc/pam.d/%{login_pam_service}
%description workstation-servers %description workstation-servers
Kerberos is a network authentication system. The krb5-workstation-servers Kerberos is a network authentication system. The krb5-workstation-servers
@ -195,6 +199,12 @@ installed on systems which are meant provide these services.
%endif %endif
%changelog %changelog
* Fri Jun 22 2007 Nalin Dahyabhai <nalin@redhat.com>
- switch man pages to being generated with the right paths in them
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file errors
at same point that keytab routines do (#241805)
* Thu May 24 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2 * Thu May 24 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2
- pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to undo unintentional chattiness in ftp
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures - pull patch from svn to handle NULL krb5_get_init_creds_opt structures
@ -1087,7 +1097,13 @@ installed on systems which are meant provide these services.
%prep %prep
%setup -q -a 23 %setup -q -a 23
%patch2 -p1 -b .manpage-paths pushd src
%patch60 -p2 -b .pam
%patch61 -p0 -b .manpaths
popd
pushd src/lib/krb5/keytab
%patch62 -p0 -b .any-fixup
popd
%patch3 -p1 -b .netkit-rsh %patch3 -p1 -b .netkit-rsh
%patch4 -p1 -b .rlogind-environ %patch4 -p1 -b .rlogind-environ
%patch5 -p1 -b .ksu-access %patch5 -p1 -b .ksu-access
@ -1099,9 +1115,6 @@ installed on systems which are meant provide these services.
%patch14 -p1 -b .ftp-glob %patch14 -p1 -b .ftp-glob
%patch16 -p1 -b .buildconf %patch16 -p1 -b .buildconf
%patch18 -p1 -b .reject-bad-transited %patch18 -p1 -b .reject-bad-transited
%if %{WITH_SELINUX}
%patch21 -p1 -b .selinux
%endif
%patch23 -p1 -b .dns %patch23 -p1 -b .dns
%patch25 -p1 -b .null %patch25 -p1 -b .null
# Removes a malloc(0) case, nothing more. # Removes a malloc(0) case, nothing more.
@ -1138,6 +1151,13 @@ sed -i -e '1c\
\\usepackage{fancyheadings}\ \\usepackage{fancyheadings}\
\\usepackage{hyperref}' doc/implement/implement.tex \\usepackage{hyperref}' doc/implement/implement.tex
# Rename the man pages so that they'll get generated correctly.
pushd src
cat $RPM_SOURCE_DIR/krb5-trunk-manpaths.txt | while read manpage ; do
mv "$manpage" "$manpage".in
done
popd
# Check that the PDFs we built earlier match this source tree. # Check that the PDFs we built earlier match this source tree.
$RPM_SOURCE_DIR/krb5-tex-pdf.sh check << EOF $RPM_SOURCE_DIR/krb5-tex-pdf.sh check << EOF
doc/api library krb5 doc/api library krb5
@ -1195,7 +1215,9 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
--with-system-ss \ --with-system-ss \
--with-netlib=-lresolv \ --with-netlib=-lresolv \
--without-tcl \ --without-tcl \
--enable-dns --enable-dns \
--with-pam \
--with-pam-login-service=%{login_pam_service}
# Now build it. # Now build it.
make make
@ -1250,6 +1272,13 @@ for xinetd in eklogin klogin kshell ekrb5-telnet krb5-telnet gssftp ; do
$RPM_BUILD_ROOT/etc/xinetd.d/${xinetd} $RPM_BUILD_ROOT/etc/xinetd.d/${xinetd}
done done
# PAM configuration files.
mkdir -p $RPM_BUILD_ROOT/etc/pam.d/
for pam in kshell ekshell remote gssftp ; do
install -pm 644 $RPM_SOURCE_DIR/$pam.pamd \
$RPM_BUILD_ROOT/etc/pam.d/$pam
done
# Plug-in directories. # Plug-in directories.
install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth
install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/kdb install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/kdb
@ -1440,6 +1469,7 @@ exit 0
%endif %endif
%config(noreplace) /etc/xinetd.d/* %config(noreplace) /etc/xinetd.d/*
%config(noreplace) /etc/pam.d/*
# Login is used by telnetd and klogind. # Login is used by telnetd and klogind.
%{krb5prefix}/sbin/login.krb5 %{krb5prefix}/sbin/login.krb5