From fa1b2b0c0375495737ab4412be651113fd519b59 Mon Sep 17 00:00:00 2001 From: jogo Date: Mon, 25 Feb 2013 12:45:58 +0000 Subject: [PATCH] AA: packages: krb5: update to 1.11 Backport of r35700. Signed-off-by: Jonas Gorski git-svn-id: svn://svn.openwrt.org/openwrt/branches/packages_12.09@35775 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/krb5/Makefile | 22 +++-- net/krb5/files/krb5kdc | 2 + net/krb5/patches/001-fix-build-warning.patch | 12 +++ net/krb5/patches/001-krb5kdc-dir-to-etc.patch | 51 ----------- net/krb5/patches/002-MITKRB5-SA-2011-002.patch | 112 ------------------------- 5 files changed, 24 insertions(+), 175 deletions(-) create mode 100644 net/krb5/patches/001-fix-build-warning.patch diff --git a/net/krb5/Makefile b/net/krb5/Makefile index 58b5a07..8fcb5a4 100644 --- a/net/krb5/Makefile +++ b/net/krb5/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=krb5 -PKG_VERSION:=1.8 -PKG_RELEASE:=2 +PKG_VERSION:=1.11 +PKG_RELEASE:=1 PKG_SOURCE:=krb5-$(PKG_VERSION)-signed.tar PKG_SOURCE_URL:=http://web.mit.edu/kerberos/dist/krb5/$(PKG_VERSION)/ -PKG_MD5SUM:=74257d68373a8df8b9391fc093d594be +PKG_MD5SUM:=1a13c53899806c4da99a798a04d25545 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) @@ -47,7 +47,7 @@ define Package/krb5-client TITLE:=Kerberos 5 Client endef -define Package/krb5/decription +define Package/krb5/description Kerberos endef @@ -56,8 +56,7 @@ define Build/Prepare # containing source code. tar xf "$(DL_DIR)/$(PKG_SOURCE)" -C "$(BUILD_DIR)" tar xzf "$(BUILD_DIR)/krb5-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)" - patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-krb5kdc-dir-to-etc.patch" - patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/002-MITKRB5-SA-2011-002.patch" + patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-fix-build-warning.patch" endef CONFIGURE_PATH = ./src @@ -71,10 +70,9 @@ CONFIGURE_VARS += \ ac_cv_file__etc_TIMEZONE=no CONFIGURE_ARGS += \ - --enable-thread-support \ - --without-krb4 \ --without-tcl \ - --disable-ipv6 + --without-libedit \ + --localstatedir=/etc define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include @@ -113,11 +111,11 @@ endef define Package/krb5-server/install $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/krb5kdc $(1)/etc/init.d/krb5kdc - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin +# $(INSTALL_DIR) $(1)/usr/bin +# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmin.local $(1)/usr/sbin -# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kdb5_util $(1)/usr/sbin # $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kprop $(1)/usr/sbin # $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kpropd $(1)/usr/sbin diff --git a/net/krb5/files/krb5kdc b/net/krb5/files/krb5kdc index 5962683..dec7188 100644 --- a/net/krb5/files/krb5kdc +++ b/net/krb5/files/krb5kdc @@ -10,8 +10,10 @@ start() { [ -f /etc/krb5kdc/principal ] || ( echo; echo ) | kdb5_util create -s /usr/sbin/krb5kdc + /usr/sbin/kadmind } stop() { killall krb5kdc 2> /dev/null + killall kadmind 2> /dev/null } diff --git a/net/krb5/patches/001-fix-build-warning.patch b/net/krb5/patches/001-fix-build-warning.patch new file mode 100644 index 0000000..d199398 --- /dev/null +++ b/net/krb5/patches/001-fix-build-warning.patch @@ -0,0 +1,12 @@ +diff -ur krb5-1.11-vanilla/src/lib/krb5/krb/preauth2.c krb5-1.11/src/lib/krb5/krb/preauth2.c +--- krb5-1.11-vanilla/src/lib/krb5/krb/preauth2.c 2012-12-18 03:47:05.000000000 +0100 ++++ krb5-1.11/src/lib/krb5/krb/preauth2.c 2013-02-18 03:53:20.580840173 +0100 +@@ -956,7 +956,7 @@ + size_t i, h; + int out_pa_list_size = 0; + krb5_pa_data **out_pa_list = NULL; +- krb5_error_code ret, module_ret; ++ krb5_error_code ret, module_ret = 0; + krb5_responder_fn responder = opte->opt_private->responder; + static const int paorder[] = { PA_INFO, PA_REAL }; + diff --git a/net/krb5/patches/001-krb5kdc-dir-to-etc.patch b/net/krb5/patches/001-krb5kdc-dir-to-etc.patch index a017125..e69de29 100644 --- a/net/krb5/patches/001-krb5kdc-dir-to-etc.patch +++ b/net/krb5/patches/001-krb5kdc-dir-to-etc.patch @@ -1,51 +0,0 @@ -diff -u --recursive krb5-1.8-vanilla/src/include/osconf.hin krb5-1.8/src/include/osconf.hin ---- krb5-1.8-vanilla/src/include/osconf.hin 2010-04-01 16:28:29.408661301 -0500 -+++ krb5-1.8/src/include/osconf.hin 2010-04-01 16:30:52.235467788 -0500 -@@ -61,14 +61,14 @@ - #define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" - #endif /* _WINDOWS */ - --#define DEFAULT_KDB_FILE "@LOCALSTATEDIR/krb5kdc/principal" --#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5." --#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl" -+#define DEFAULT_KDB_FILE "/etc/krb5kdc/principal" -+#define DEFAULT_KEYFILE_STUB "/etc/krb5kdc/.k5." -+#define KRB5_DEFAULT_ADMIN_ACL "/etc/krb5kdc/krb5_adm.acl" - /* Used by old admin server */ --#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl" -+#define DEFAULT_ADMIN_ACL "/etc/krb5kdc/kadm_old.acl" - - /* Location of KDC profile */ --#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf" -+#define DEFAULT_KDC_PROFILE "/etc/krb5kdc/kdc.conf" - #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" - - #if TARGET_OS_MAC -@@ -97,8 +97,8 @@ - /* - * Defaults for the KADM5 admin system. - */ --#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab" --#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl" -+#define DEFAULT_KADM5_KEYTAB "/etc/krb5kdc/kadm5.keytab" -+#define DEFAULT_KADM5_ACL_FILE "/etc/krb5kdc/kadm5.acl" - #define DEFAULT_KADM5_PORT 749 /* assigned by IANA */ - - #define KRB5_DEFAULT_SUPPORTED_ENCTYPES \ -@@ -123,13 +123,13 @@ - * krb5 slave support follows - */ - --#define KPROP_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/slave_datatrans" --#define KPROPD_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/from_master" -+#define KPROP_DEFAULT_FILE "/etc/krb5kdc/slave_datatrans" -+#define KPROPD_DEFAULT_FILE "/etc/krb5kdc/from_master" - #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" - #define KPROPD_DEFAULT_KDB5_EDIT "@SBINDIR/kdb5_edit" - #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" - #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE --#define KPROPD_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kpropd.acl" -+#define KPROPD_ACL_FILE "/etc/krb5kdc/kpropd.acl" - - /* - * GSS mechglue diff --git a/net/krb5/patches/002-MITKRB5-SA-2011-002.patch b/net/krb5/patches/002-MITKRB5-SA-2011-002.patch index 5e0da20..e69de29 100644 --- a/net/krb5/patches/002-MITKRB5-SA-2011-002.patch +++ b/net/krb5/patches/002-MITKRB5-SA-2011-002.patch @@ -1,112 +0,0 @@ -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -index 1ca09b4..60caf3d 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er - #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) - - #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ -- do { \ -- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -- if (ldap_server_handle) \ -- ld = ldap_server_handle->ldap_handle; \ -- } \ -- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ -+ tempst = 0; \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ -+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -+ if (ldap_server_handle) \ -+ ld = ldap_server_handle->ldap_handle; \ -+ if (tempst == 0) \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ -+ NULL, NULL, &timelimit, \ -+ LDAP_NO_LIMIT, &result); \ -+ } \ - \ - if (status_check != IGNORE_STATUS) { \ - if (tempst != 0) { \ -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -index 82b0333..84e80ee 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, - { - krb5_ldap_server_handle *handle = *ldap_server_handle; - -+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); - if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) - || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) - return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index f549e23..b70940f 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, - * portion, then the first portion of the principal name SHOULD be - * "krbtgt". All this check is done in the immediate block. - */ -- if (searchfor->length == 2) -- if ((strncasecmp(searchfor->data[0].data, "krbtgt", -- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && -- (strncasecmp(searchfor->data[1].data, defrealm, -- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) -+ if (searchfor->length == 2) { -+ if (data_eq_string(searchfor->data[0], "krbtgt") && -+ data_eq_string(searchfor->data[1], defrealm)) - return 0; -+ } - - /* first check the length, if they are not equal, then they are not same */ - if (strlen(defrealm) != searchfor->realm.length) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -index 7ad31da..626ed1f 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - unsigned int flags, krb5_db_entry *entries, - int *nentries, krb5_boolean *more) - { -- char *user=NULL, *filter=NULL, **subtree=NULL; -+ char *user=NULL, *filter=NULL, *filtuser=NULL; - unsigned int tree=0, ntrees=1, princlen=0; - krb5_error_code tempst=0, st=0; -- char **values=NULL, *cname=NULL; -+ char **values=NULL, **subtree=NULL, *cname=NULL; - LDAP *ld=NULL; - LDAPMessage *result=NULL, *ent=NULL; - krb5_ldap_context *ldap_context=NULL; -@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - if ((st=krb5_ldap_unparse_principal_name(user)) != 0) - goto cleanup; - -- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ -+ filtuser = ldap_filter_correct(user); -+ if (filtuser == NULL) { -+ st = ENOMEM; -+ goto cleanup; -+ } -+ -+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ - if ((filter = malloc(princlen)) == NULL) { - st = ENOMEM; - goto cleanup; - } -- snprintf(filter, princlen, FILTER"%s))", user); -+ snprintf(filter, princlen, FILTER"%s))", filtuser); - - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) - goto cleanup; -@@ -231,6 +237,9 @@ cleanup: - if (user) - free(user); - -+ if (filtuser) -+ free(filtuser); -+ - if (cname) - free(cname); - -- 2.11.0