summaryrefslogtreecommitdiff
path: root/testing/krb5
diff options
context:
space:
mode:
authorParabola <dev@list.parabolagnulinux.org>2012-01-09 13:47:51 +0000
committerParabola <dev@list.parabolagnulinux.org>2012-01-09 13:47:51 +0000
commit7a3611f5caa5e34c1f2b582640f97b733110ae63 (patch)
tree5b0baf1ad1b36444ffbf73707a377b15fc67692f /testing/krb5
parent46783b68621b6ad45cdd9ed64cfa8cdcfbc6f318 (diff)
Mon Jan 9 13:47:49 UTC 2012
Diffstat (limited to 'testing/krb5')
-rw-r--r--testing/krb5/PKGBUILD90
-rw-r--r--testing/krb5/krb5-1.9.1-2011-007.patch40
-rw-r--r--testing/krb5/krb5-1.9.1-canonicalize-fallback.patch58
-rw-r--r--testing/krb5/krb5-1.9.1-config-script.patch27
-rw-r--r--testing/krb5/krb5-kadmind40
-rw-r--r--testing/krb5/krb5-kdc40
-rw-r--r--testing/krb5/krb5-kpropd40
7 files changed, 0 insertions, 335 deletions
diff --git a/testing/krb5/PKGBUILD b/testing/krb5/PKGBUILD
deleted file mode 100644
index 9cbe8c3d7..000000000
--- a/testing/krb5/PKGBUILD
+++ /dev/null
@@ -1,90 +0,0 @@
-# $Id: PKGBUILD 144605 2011-12-07 21:28:52Z stephane $
-# Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
-
-pkgname=krb5
-pkgver=1.9.2
-pkgrel=2
-pkgdesc="The Kerberos network authentication system"
-arch=('i686' 'x86_64')
-url="http://web.mit.edu/kerberos/"
-license=('custom')
-depends=('e2fsprogs' 'libldap' 'keyutils')
-makedepends=('perl')
-provides=('heimdal')
-replaces=('heimdal')
-conflicts=('heimdal')
-backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
-source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar
- krb5-kadmind
- krb5-kdc
- krb5-kpropd
- krb5-1.9.1-config-script.patch
- krb5-1.9.1-2011-007.patch)
-sha1sums=('aa06f778ee1f9791cd4c5cf4c9e9465769ffec92'
- '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
- '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
- '7f402078fa65bb9ff1beb6cbbbb017450df78560'
- '7342410760cf44bfa01bb99bb4c49e12496cb46f'
- 'ec917dd1d1c96fa331f512331d5aa37c2e9b9df7')
-options=('!emptydirs')
-
-build() {
- tar zxvf ${pkgname}-${pkgver}.tar.gz
- cd "${srcdir}/${pkgname}-${pkgver}/src"
-
- # - Make krb5-config suppress CFLAGS output when called with --libs
- # cf https://bugzilla.redhat.com/show_bug.cgi?id=544391
- #
- # - Omit extra libraries because their interfaces are not exposed to applications
- # by libkrb5, unless do_deps is set to 1, which indicates that the caller
- # wants the whole list.
- #
- # Patch from upstream :
- # http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236
- patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch
-
- # Apply upstream patch to fix a null pointer dereference when processing TGS requests
- # CVE-2011-1530
- # see http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
- patch -Np2 -i ${srcdir}/krb5-1.9.1-2011-007.patch
-
- # FS#25384
- sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
-
- export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
- export CPPFLAGS+=" -I/usr/include/et"
- ./configure --prefix=/usr \
- --mandir=/usr/share/man \
- --localstatedir=/var/lib \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --disable-rpath \
- --without-tcl \
- --enable-dns-for-realm \
- --with-ldap
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}/src"
- make DESTDIR="${pkgdir}" EXAMPLEDIR="/usr/share/doc/${pkgname}/examples" install
-
- # Sample KDC config file
- install -dm 755 "${pkgdir}"/var/lib/krb5kdc
- install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf
-
- # Default configuration file
- install -dm 755 "${pkgdir}"/etc
- install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf
-
- install -dm 755 "${pkgdir}"/etc/rc.d
- install -m 755 ../../krb5-kdc "${pkgdir}"/etc/rc.d
- install -m 755 ../../krb5-kadmind "${pkgdir}"/etc/rc.d
- install -m 755 ../../krb5-kpropd "${pkgdir}"/etc/rc.d
-
- install -dm 755 "${pkgdir}"/usr/share/aclocal
- install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
-
- install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
-}
diff --git a/testing/krb5/krb5-1.9.1-2011-007.patch b/testing/krb5/krb5-1.9.1-2011-007.patch
deleted file mode 100644
index 336a4ad31..000000000
--- a/testing/krb5/krb5-1.9.1-2011-007.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in
-index f46cad3..102fbaa 100644
---- a/src/kdc/Makefile.in
-+++ b/src/kdc/Makefile.in
-@@ -67,6 +67,7 @@ check-unix:: rtest
-
- check-pytests::
- $(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS)
-+ $(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS)
-
- install::
- $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
-diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
-index c169c54..840a2ef 100644
---- a/src/kdc/do_tgs_req.c
-+++ b/src/kdc/do_tgs_req.c
-@@ -243,7 +243,8 @@ tgt_again:
- if (!tgs_1 || !data_eq(*server_1, *tgs_1)) {
- errcode = find_alternate_tgs(request, &server);
- firstpass = 0;
-- goto tgt_again;
-+ if (errcode == 0)
-+ goto tgt_again;
- }
- }
- status = "UNKNOWN_SERVER";
-diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py
-new file mode 100644
-index 0000000..1760bcd
---- /dev/null
-+++ b/src/kdc/t_emptytgt.py
-@@ -0,0 +1,8 @@
-+#!/usr/bin/python
-+from k5test import *
-+
-+realm = K5Realm(start_kadmind=False, create_host=False)
-+output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1)
-+if 'not found in Kerberos database' not in output:
-+ fail('TGT lookup for empty realm failed in unexpected way')
-+success('Empty tgt lookup.')
diff --git a/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch b/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch
deleted file mode 100644
index e5a38498f..000000000
--- a/testing/krb5/krb5-1.9.1-canonicalize-fallback.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c
---- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c 2011-02-09 16:55:36.000000000 -0500
-+++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c 2011-09-26 18:42:01.465190278 -0400
-@@ -470,13 +470,10 @@
-
- /***** STATE_REFERRALS *****/
-
--/*
-- * Possibly retry a request in the fallback realm after a referral request
-- * failure in the local realm. Expects ctx->reply_code to be set to the error
-- * from a referral request.
-- */
-+/* Possibly try a non-referral request after a referral request failure.
-+ * Expects ctx->reply_code to be set to the error from a referral request. */
- static krb5_error_code
--try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx)
-+try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
- {
- krb5_error_code code;
- char **hrealms;
-@@ -485,9 +482,10 @@
- if (ctx->referral_count > 1)
- return ctx->reply_code;
-
-- /* Only fall back if the original request used the referral realm. */
-+ /* If the request used a specified realm, make a non-referral request to
-+ * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
- if (!krb5_is_referral_realm(&ctx->req_server->realm))
-- return ctx->reply_code;
-+ return begin_non_referral(context, ctx);
-
- if (ctx->server->length < 2) {
- /* We need a type/host format principal to find a fallback realm. */
-@@ -500,10 +498,10 @@
- if (code != 0)
- return code;
-
-- /* Give up if the fallback realm isn't any different. */
-+ /* If the fallback realm isn't any different, use the existing TGT. */
- if (data_eq_string(ctx->server->realm, hrealms[0])) {
- krb5_free_host_realm(context, hrealms);
-- return ctx->reply_code;
-+ return begin_non_referral(context, ctx);
- }
-
- /* Rewrite server->realm to be the fallback realm. */
-@@ -540,9 +538,9 @@
- krb5_error_code code;
- const krb5_data *referral_realm;
-
-- /* Possibly retry with the fallback realm on error. */
-+ /* Possibly try a non-referral fallback request on error. */
- if (ctx->reply_code != 0)
-- return try_fallback_realm(context, ctx);
-+ return try_fallback(context, ctx);
-
- if (krb5_principal_compare(context, ctx->reply_creds->server,
- ctx->server)) {
diff --git a/testing/krb5/krb5-1.9.1-config-script.patch b/testing/krb5/krb5-1.9.1-config-script.patch
deleted file mode 100644
index a72a75edf..000000000
--- a/testing/krb5/krb5-1.9.1-config-script.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in
---- krb5-1.9.1.ori/src/krb5-config.in 2010-01-19 13:44:57.000000000 -0500
-+++ krb5-1.9.1/src/krb5-config.in 2011-09-26 18:27:09.018487087 -0400
-@@ -186,7 +186,7 @@
- -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
- -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
-- -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
-+ -e 's#\$(CFLAGS)##'`
-
- if test $library = 'kdb'; then
- lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
-@@ -214,9 +214,13 @@
- fi
-
- if test $library = 'krb5'; then
-- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
- fi
-
-+ # If we ever support a flag to generate output suitable for static
-+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
-+ # here.
-+
- echo $lib_flags
- fi
-
diff --git a/testing/krb5/krb5-kadmind b/testing/krb5/krb5-kadmind
deleted file mode 100644
index 04df0dcff..000000000
--- a/testing/krb5/krb5-kadmind
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-PID=`pidof -o %PPID /usr/sbin/kadmind`
-case "$1" in
- start)
- stat_busy "Starting Kerberos Admin Daemon"
- if [ -z "$PID" ]; then
- /usr/sbin/kadmind
- fi
- if [ ! -z "$PID" -o $? -gt 0 ]; then
- stat_fail
- else
- add_daemon krb5-kadmind
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Kerberos Admin Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon krb5-kadmind
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
- ;;
-esac
-exit 0
diff --git a/testing/krb5/krb5-kdc b/testing/krb5/krb5-kdc
deleted file mode 100644
index 05a03411e..000000000
--- a/testing/krb5/krb5-kdc
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-PID=`pidof -o %PPID /usr/sbin/krb5kdc`
-case "$1" in
- start)
- stat_busy "Starting Kerberos Authentication"
- if [ -z "$PID" ]; then
- /usr/sbin/krb5kdc
- fi
- if [ ! -z "$PID" -o $? -gt 0 ]; then
- stat_fail
- else
- add_daemon krb5-kdc
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Kerberos Authentication"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon krb5-kdc
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
- ;;
-esac
-exit 0
diff --git a/testing/krb5/krb5-kpropd b/testing/krb5/krb5-kpropd
deleted file mode 100644
index a0077d68e..000000000
--- a/testing/krb5/krb5-kpropd
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-PID=`pidof -o %PPID /usr/sbin/kpropd`
-case "$1" in
- start)
- stat_busy "Starting Kerberos Database Propagation Daemon"
- if [ -z "$PID" ]; then
- /usr/sbin/kpropd -S
- fi
- if [ ! -z "$PID" -o $? -gt 0 ]; then
- stat_fail
- else
- add_daemon kpropd
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Kerberos Database Propagation Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon kpropd
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
- ;;
-esac
-exit 0