diff options
author | Parabola <dev@list.parabolagnulinux.org> | 2012-01-09 13:47:51 +0000 |
---|---|---|
committer | Parabola <dev@list.parabolagnulinux.org> | 2012-01-09 13:47:51 +0000 |
commit | 7a3611f5caa5e34c1f2b582640f97b733110ae63 (patch) | |
tree | 5b0baf1ad1b36444ffbf73707a377b15fc67692f /testing/krb5 | |
parent | 46783b68621b6ad45cdd9ed64cfa8cdcfbc6f318 (diff) |
Mon Jan 9 13:47:49 UTC 2012
Diffstat (limited to 'testing/krb5')
-rw-r--r-- | testing/krb5/PKGBUILD | 90 | ||||
-rw-r--r-- | testing/krb5/krb5-1.9.1-2011-007.patch | 40 | ||||
-rw-r--r-- | testing/krb5/krb5-1.9.1-canonicalize-fallback.patch | 58 | ||||
-rw-r--r-- | testing/krb5/krb5-1.9.1-config-script.patch | 27 | ||||
-rw-r--r-- | testing/krb5/krb5-kadmind | 40 | ||||
-rw-r--r-- | testing/krb5/krb5-kdc | 40 | ||||
-rw-r--r-- | testing/krb5/krb5-kpropd | 40 |
7 files changed, 0 insertions, 335 deletions
diff --git a/testing/krb5/PKGBUILD b/testing/krb5/PKGBUILD deleted file mode 100644 index 9cbe8c3d7..000000000 --- a/testing/krb5/PKGBUILD +++ /dev/null @@ -1,90 +0,0 @@ -# $Id: PKGBUILD 144605 2011-12-07 21:28:52Z stephane $ -# Maintainer: Stéphane Gaudreault <stephane@archlinux.org> - -pkgname=krb5 -pkgver=1.9.2 -pkgrel=2 -pkgdesc="The Kerberos network authentication system" -arch=('i686' 'x86_64') -url="http://web.mit.edu/kerberos/" -license=('custom') -depends=('e2fsprogs' 'libldap' 'keyutils') -makedepends=('perl') -provides=('heimdal') -replaces=('heimdal') -conflicts=('heimdal') -backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf') -source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar - krb5-kadmind - krb5-kdc - krb5-kpropd - krb5-1.9.1-config-script.patch - krb5-1.9.1-2011-007.patch) -sha1sums=('aa06f778ee1f9791cd4c5cf4c9e9465769ffec92' - '2aa229369079ed1bbb201a1ef72c47bf143f4dbe' - '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393' - '7f402078fa65bb9ff1beb6cbbbb017450df78560' - '7342410760cf44bfa01bb99bb4c49e12496cb46f' - 'ec917dd1d1c96fa331f512331d5aa37c2e9b9df7') -options=('!emptydirs') - -build() { - tar zxvf ${pkgname}-${pkgver}.tar.gz - cd "${srcdir}/${pkgname}-${pkgver}/src" - - # - Make krb5-config suppress CFLAGS output when called with --libs - # cf https://bugzilla.redhat.com/show_bug.cgi?id=544391 - # - # - Omit extra libraries because their interfaces are not exposed to applications - # by libkrb5, unless do_deps is set to 1, which indicates that the caller - # wants the whole list. - # - # Patch from upstream : - # http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236 - patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch - - # Apply upstream patch to fix a null pointer dereference when processing TGS requests - # CVE-2011-1530 - # see http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt - patch -Np2 -i ${srcdir}/krb5-1.9.1-2011-007.patch - - # FS#25384 - sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4 - - export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all" - export CPPFLAGS+=" -I/usr/include/et" - ./configure --prefix=/usr \ - --mandir=/usr/share/man \ - --localstatedir=/var/lib \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --disable-rpath \ - --without-tcl \ - --enable-dns-for-realm \ - --with-ldap - make -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}/src" - make DESTDIR="${pkgdir}" EXAMPLEDIR="/usr/share/doc/${pkgname}/examples" install - - # Sample KDC config file - install -dm 755 "${pkgdir}"/var/lib/krb5kdc - install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf - - # Default configuration file - install -dm 755 "${pkgdir}"/etc - install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf - - install -dm 755 "${pkgdir}"/etc/rc.d - install -m 755 ../../krb5-kdc "${pkgdir}"/etc/rc.d - install -m 755 ../../krb5-kadmind "${pkgdir}"/etc/rc.d - install -m 755 ../../krb5-kpropd "${pkgdir}"/etc/rc.d - - install -dm 755 "${pkgdir}"/usr/share/aclocal - install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal - - install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE -} diff --git a/testing/krb5/krb5-1.9.1-2011-007.patch b/testing/krb5/krb5-1.9.1-2011-007.patch deleted file mode 100644 index 336a4ad31..000000000 --- a/testing/krb5/krb5-1.9.1-2011-007.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in -index f46cad3..102fbaa 100644 ---- a/src/kdc/Makefile.in -+++ b/src/kdc/Makefile.in -@@ -67,6 +67,7 @@ check-unix:: rtest - - check-pytests:: - $(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS) -+ $(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS) - - install:: - $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc -diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c -index c169c54..840a2ef 100644 ---- a/src/kdc/do_tgs_req.c -+++ b/src/kdc/do_tgs_req.c -@@ -243,7 +243,8 @@ tgt_again: - if (!tgs_1 || !data_eq(*server_1, *tgs_1)) { - errcode = find_alternate_tgs(request, &server); - firstpass = 0; -- goto tgt_again; -+ if (errcode == 0) -+ goto tgt_again; - } - } - status = "UNKNOWN_SERVER"; -diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py -new file mode 100644 -index 0000000..1760bcd ---- /dev/null -+++ b/src/kdc/t_emptytgt.py -@@ -0,0 +1,8 @@ -+#!/usr/bin/python -+from k5test import * -+ -+realm = K5Realm(start_kadmind=False, create_host=False) -+output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1) -+if 'not found in Kerberos database' not in output: -+ fail('TGT lookup for empty realm failed in unexpected way') -+success('Empty tgt lookup.') diff --git a/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch b/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch deleted file mode 100644 index e5a38498f..000000000 --- a/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c ---- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c 2011-02-09 16:55:36.000000000 -0500 -+++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c 2011-09-26 18:42:01.465190278 -0400 -@@ -470,13 +470,10 @@ - - /***** STATE_REFERRALS *****/ - --/* -- * Possibly retry a request in the fallback realm after a referral request -- * failure in the local realm. Expects ctx->reply_code to be set to the error -- * from a referral request. -- */ -+/* Possibly try a non-referral request after a referral request failure. -+ * Expects ctx->reply_code to be set to the error from a referral request. */ - static krb5_error_code --try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx) -+try_fallback(krb5_context context, krb5_tkt_creds_context ctx) - { - krb5_error_code code; - char **hrealms; -@@ -485,9 +482,10 @@ - if (ctx->referral_count > 1) - return ctx->reply_code; - -- /* Only fall back if the original request used the referral realm. */ -+ /* If the request used a specified realm, make a non-referral request to -+ * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */ - if (!krb5_is_referral_realm(&ctx->req_server->realm)) -- return ctx->reply_code; -+ return begin_non_referral(context, ctx); - - if (ctx->server->length < 2) { - /* We need a type/host format principal to find a fallback realm. */ -@@ -500,10 +498,10 @@ - if (code != 0) - return code; - -- /* Give up if the fallback realm isn't any different. */ -+ /* If the fallback realm isn't any different, use the existing TGT. */ - if (data_eq_string(ctx->server->realm, hrealms[0])) { - krb5_free_host_realm(context, hrealms); -- return ctx->reply_code; -+ return begin_non_referral(context, ctx); - } - - /* Rewrite server->realm to be the fallback realm. */ -@@ -540,9 +538,9 @@ - krb5_error_code code; - const krb5_data *referral_realm; - -- /* Possibly retry with the fallback realm on error. */ -+ /* Possibly try a non-referral fallback request on error. */ - if (ctx->reply_code != 0) -- return try_fallback_realm(context, ctx); -+ return try_fallback(context, ctx); - - if (krb5_principal_compare(context, ctx->reply_creds->server, - ctx->server)) { diff --git a/testing/krb5/krb5-1.9.1-config-script.patch b/testing/krb5/krb5-1.9.1-config-script.patch deleted file mode 100644 index a72a75edf..000000000 --- a/testing/krb5/krb5-1.9.1-config-script.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in ---- krb5-1.9.1.ori/src/krb5-config.in 2010-01-19 13:44:57.000000000 -0500 -+++ krb5-1.9.1/src/krb5-config.in 2011-09-26 18:27:09.018487087 -0400 -@@ -186,7 +186,7 @@ - -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ - -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -- -e 's#\$(CFLAGS)#'"$CFLAGS"'#'` -+ -e 's#\$(CFLAGS)##'` - - if test $library = 'kdb'; then - lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" -@@ -214,9 +214,13 @@ - fi - - if test $library = 'krb5'; then -- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" -+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err" - fi - -+ # If we ever support a flag to generate output suitable for static -+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" -+ # here. -+ - echo $lib_flags - fi - diff --git a/testing/krb5/krb5-kadmind b/testing/krb5/krb5-kadmind deleted file mode 100644 index 04df0dcff..000000000 --- a/testing/krb5/krb5-kadmind +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# general config -. /etc/rc.conf -. /etc/rc.d/functions - -PID=`pidof -o %PPID /usr/sbin/kadmind` -case "$1" in - start) - stat_busy "Starting Kerberos Admin Daemon" - if [ -z "$PID" ]; then - /usr/sbin/kadmind - fi - if [ ! -z "$PID" -o $? -gt 0 ]; then - stat_fail - else - add_daemon krb5-kadmind - stat_done - fi - ;; - stop) - stat_busy "Stopping Kerberos Admin Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon krb5-kadmind - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" - ;; -esac -exit 0 diff --git a/testing/krb5/krb5-kdc b/testing/krb5/krb5-kdc deleted file mode 100644 index 05a03411e..000000000 --- a/testing/krb5/krb5-kdc +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# general config -. /etc/rc.conf -. /etc/rc.d/functions - -PID=`pidof -o %PPID /usr/sbin/krb5kdc` -case "$1" in - start) - stat_busy "Starting Kerberos Authentication" - if [ -z "$PID" ]; then - /usr/sbin/krb5kdc - fi - if [ ! -z "$PID" -o $? -gt 0 ]; then - stat_fail - else - add_daemon krb5-kdc - stat_done - fi - ;; - stop) - stat_busy "Stopping Kerberos Authentication" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon krb5-kdc - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" - ;; -esac -exit 0 diff --git a/testing/krb5/krb5-kpropd b/testing/krb5/krb5-kpropd deleted file mode 100644 index a0077d68e..000000000 --- a/testing/krb5/krb5-kpropd +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# general config -. /etc/rc.conf -. /etc/rc.d/functions - -PID=`pidof -o %PPID /usr/sbin/kpropd` -case "$1" in - start) - stat_busy "Starting Kerberos Database Propagation Daemon" - if [ -z "$PID" ]; then - /usr/sbin/kpropd -S - fi - if [ ! -z "$PID" -o $? -gt 0 ]; then - stat_fail - else - add_daemon kpropd - stat_done - fi - ;; - stop) - stat_busy "Stopping Kerberos Database Propagation Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon kpropd - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" - ;; -esac -exit 0 |