Index: head/security/Makefile =================================================================== --- head/security/Makefile (revision 34850) +++ head/security/Makefile (revision 34851) @@ -1,131 +1,132 @@ # $FreeBSD$ # SUBDIR += aafid2 SUBDIR += acid SUBDIR += aide SUBDIR += bjorb SUBDIR += bro SUBDIR += bugs SUBDIR += ca-roots SUBDIR += calife SUBDIR += cfs SUBDIR += checkpassword SUBDIR += chrootuid SUBDIR += cksfv SUBDIR += cops SUBDIR += crack SUBDIR += cyrus-sasl SUBDIR += ddos_scan SUBDIR += donkey SUBDIR += dsniff SUBDIR += fakebo SUBDIR += find_ddos SUBDIR += firewalk SUBDIR += fragrouter SUBDIR += fuzz SUBDIR += fwtk SUBDIR += gag SUBDIR += gnupg SUBDIR += gnupg-idea SUBDIR += gpa SUBDIR += gpasman SUBDIR += gtkportscan SUBDIR += heimdal SUBDIR += hping SUBDIR += ident2 SUBDIR += identify SUBDIR += inflex SUBDIR += its4 SUBDIR += john SUBDIR += keynote SUBDIR += keyprint SUBDIR += kmap SUBDIR += krb5 SUBDIR += kssh SUBDIR += l0pht-watch SUBDIR += l0phtcrack SUBDIR += libident SUBDIR += libmcrypt SUBDIR += libmcrypt-nm SUBDIR += libparanoia SUBDIR += logcheck SUBDIR += lsh SUBDIR += lxnb SUBDIR += mhash SUBDIR += mindterm-binary SUBDIR += nbaudit SUBDIR += nessus SUBDIR += nessus-libraries SUBDIR += nessus-libnasl SUBDIR += nessus-plugins SUBDIR += nmap SUBDIR += nmapfe SUBDIR += oidentd SUBDIR += openssh SUBDIR += openssh-askpass SUBDIR += openssl SUBDIR += p5-Authen-PAM SUBDIR += p5-Authen-Radius SUBDIR += p5-Crypt-Blowfish SUBDIR += p5-Crypt-CBC SUBDIR += p5-Crypt-DES SUBDIR += p5-Crypt-IDEA SUBDIR += p5-Digest-MD5 SUBDIR += p5-GnuPG-Interface SUBDIR += p5-IO-Socket-SSL SUBDIR += p5-MD5 SUBDIR += p5-Net-SSLeay SUBDIR += p5-PGP SUBDIR += p5-PGP-Sign SUBDIR += pad SUBDIR += pam-mysql + SUBDIR += pam_krb5 SUBDIR += pgp SUBDIR += pgp5 SUBDIR += pgp6 SUBDIR += pgpdump SUBDIR += pgpgpg SUBDIR += pidentd SUBDIR += pktsuckers SUBDIR += portscanner SUBDIR += portsentry SUBDIR += pscan SUBDIR += racoon SUBDIR += radiusniff SUBDIR += rid SUBDIR += rsaref SUBDIR += ruby-acl SUBDIR += ruby-tcpwrap SUBDIR += saint SUBDIR += scanssh SUBDIR += seahorse SUBDIR += siphon SUBDIR += skip SUBDIR += slurpie SUBDIR += slush SUBDIR += smurflog SUBDIR += sniff SUBDIR += snort SUBDIR += srm SUBDIR += ssh SUBDIR += ssh2 SUBDIR += sslproxy SUBDIR += sslwrap SUBDIR += strobe SUBDIR += stunnel SUBDIR += sudo SUBDIR += super SUBDIR += swatch SUBDIR += tcp_wrapper SUBDIR += trinokiller SUBDIR += tripwire SUBDIR += tripwire-131 SUBDIR += uvscan-dat SUBDIR += vlock SUBDIR += vscan SUBDIR += whisker SUBDIR += xinetd SUBDIR += zebedee SUBDIR += zombiezapper .include Property changes on: head/security/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.142 \ No newline at end of property +1.143 \ No newline at end of property Index: head/security/pam_krb5/Makefile =================================================================== --- head/security/pam_krb5/Makefile (nonexistent) +++ head/security/pam_krb5/Makefile (revision 34851) @@ -0,0 +1,53 @@ +# Ports collection Makefile for: pam_krb5 +# Date created: 11/03/2000 +# Whom: nectar@FreeBSD.org +# +# $FreeBSD$ +# + +PORTNAME= pam_krb5 +PORTVERSION= 1.0 +CATEGORIES= security +MASTER_SITES= http://www.fcusack.com/soft/ + +MAINTAINER= nectar@FreeBSD.org + +WRKSRC= ${WRKDIR}/pam_krb5 +PREFIX?= ${DESTDIR}/usr +MANPREFIX?= ${DESTDIR}/usr/share +MAKE_ENV= PREFIX="${PREFIX}" MANPREFIX="${MANPREFIX}" \ + KRB5BASE="${KRB5BASE}" KRB5_IMPL="${KRB5_IMPL}" + +MAN8= pam_krb5.8 + +# Try hard to figure out which Kerberos implementation we should use to +# build this thing. There are three possibilities: +# Heimdal in the base system -- XXX disabled for now (missing libraries) +# Heimdal from ports +# MIT Kerberos from ports +.if defined(KRB5BASE) && defined(KRB5_IMPL) +# the user thinks he knows what he is doing, so let it be +.elif exists(/usr/include/heim_err.h) && defined(REALLY_WANT_BASE) && (${REALLY_WANT_BASE} == "yes") +KRB5BASE=/usr +KRB5_IMPL="heimdal" +.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/include/heim_err.h) +KRB5BASE=${HEIMDAL_HOME} +KRB5_IMPL=heimdal +LIB_DEPENDS+= krb5.13:${PORTSDIR}/security/heimdal +.elif exists(${LOCALBASE}/include/heim_err.h) +KRB5BASE=${LOCALBASE} +KRB5_IMPL=heimdal +LIB_DEPENDS+= krb5.13:${PORTSDIR}/security/heimdal +.elif defined(KRB5_HOME) && exists(${KRB5_HOME}/include/mit-sipb-copyright.h) +KRB5BASE=${KRB5_HOME} +KRB5_IMPL=mit +LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5 +.elif exists(${LOCALBASE}/include/mit-sipb-copyright.h) +KRB5BASE=${LOCALBASE} +KRB5_IMPL=mit +LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5 +.else +.error "No version of Kerberos is installed." +.endif + +.include Property changes on: head/security/pam_krb5/Makefile ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: head/security/pam_krb5/distinfo =================================================================== --- head/security/pam_krb5/distinfo (nonexistent) +++ head/security/pam_krb5/distinfo (revision 34851) @@ -0,0 +1 @@ +MD5 (pam_krb5-1.0.tar.gz) = dd4ca3cc1b6b6b124625544e870968cb Property changes on: head/security/pam_krb5/distinfo ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-aa =================================================================== --- head/security/pam_krb5/files/patch-aa (nonexistent) +++ head/security/pam_krb5/files/patch-aa (revision 34851) @@ -0,0 +1,89 @@ +--- Makefile.orig Tue Jan 4 19:08:51 2000 ++++ Makefile Mon Nov 6 10:59:16 2000 +@@ -1,48 +1,51 @@ + # + # Makefile for pam_krb5 + # ++CC = cc ++CFLAGS = -O -fPIC -Wall ++LDFLAGS = -shared + +-CC = gcc +-CFLAGS = -O2 -fPIC +-#LDFLAGS = -shared +-LDFLAGS = -G ++OSLIBS = -lpam + +-DESTDIR = /usr/lib/security +-MANDIR = /opt/local/man/man5 ++# HEIMDAL ++LIBS_heimdal = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libasn1.a \ ++ ${KRB5BASE}/lib/libcom_err.a ${KRB5BASE}/lib/libroken.a \ ++ ${KRB5BASE}/lib/libgssapi.a ${KRB5BASE}/lib/libdes.a + +-OSLIBS = -lpam -lnsl -lsocket +-KRB5LIBS = -L/opt/local/lib -lkrb5 -lk5crypto -lcom_err ++# MIT ++LIBS_mit = ${KRB5BASE}/lib/libkrb5.a ${KRB5BASE}/lib/libcom_err.a \ ++ ${KRB5BASE}/lib/libk5crypto.a + +-LIBS = $(OSLIBS) $(KRB5LIBS) ++LIBS = $(OSLIBS) ${LIBS_${KRB5_IMPL}} ++COMPAT = compat_${KRB5_IMPL}.c + +-INC = -I/opt/local/include ++INC = -I${KRB5BASE}/include + + + #################################################################### + # No changes below this line + + SRCS = pam_krb5_auth.c pam_krb5_pass.c pam_krb5_acct.c pam_krb5_sess.c \ +- support.c ++ support.c ${COMPAT} + + OBJS = pam_krb5_auth.o pam_krb5_pass.o pam_krb5_acct.o pam_krb5_sess.o \ +- support.o ++ support.o ${COMPAT:.c=.o} + +-all: pam_krb5.so.1 ++all: pam_krb5.so + +-pam_krb5.so.1: $(OBJS) ++pam_krb5.so: $(OBJS) + $(CC) -o $@ $(LDFLAGS) $(OBJS) $(LIBS) + + install: +- cp pam_krb5.so.1 $(DESTDIR) +- chown root:sys $(DESTDIR)/pam_krb5.so.1 +- ln -s ./pam_krb5.so.1 $(DESTDIR)/pam_krb5.so +- cp pam_krb5.5 $(MANDIR) +- chown root:sys $(MANDIR)/pam_krb5.5 ++ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 0555 pam_krb5.so \ ++ ${PREFIX}/lib/pam_krb5.so ++ ${INSTALL} -c -o ${MANOWN} -g ${MANGRP} -m 0444 pam_krb5.5 \ ++ ${MANPREFIX}/man/man8/pam_krb5.8 + + clean: +- rm -f *.so.1 *.o ++ rm -f *.so *.o + +-pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h ++pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h krb5compat.h + $(CC) -c $(CFLAGS) $(INC) $< + + pam_krb5_pass.o: pam_krb5_pass.c pam_krb5.h +@@ -54,6 +57,12 @@ + pam_krb5_sess.o: pam_krb5_sess.c pam_krb5.h + $(CC) -c $(CFLAGS) $(INC) $< + +-support.o: support.c pam_krb5.h ++support.o: support.c pam_krb5.h krb5compat.h ++ $(CC) -c $(CFLAGS) $(INC) $< ++ ++compat_heimdal.o: compat_heimdal.c krb5compat.h ++ $(CC) -c $(CFLAGS) $(INC) $< ++ ++compat_mit.o: compat_mit.c krb5compat.h + $(CC) -c $(CFLAGS) $(INC) $< + Property changes on: head/security/pam_krb5/files/patch-aa ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ab =================================================================== --- head/security/pam_krb5/files/patch-ab (nonexistent) +++ head/security/pam_krb5/files/patch-ab (revision 34851) @@ -0,0 +1,10 @@ +--- pam_krb5.h.orig Tue Jan 4 19:08:51 2000 ++++ pam_krb5.h Mon Nov 6 10:21:49 2000 +@@ -6,6 +6,6 @@ + + int get_user_info(pam_handle_t *, char *, int, char **); + krb5_error_code pam_prompter(krb5_context, void *, const char *, +- const char *, int, krb5_prompt[]); ++ int, krb5_prompt[]); + int verify_krb_v5_tgt(krb5_context, krb5_ccache, int); + void cleanup_cache(pam_handle_t *, void *, int); Property changes on: head/security/pam_krb5/files/patch-ab ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ac =================================================================== --- head/security/pam_krb5/files/patch-ac (nonexistent) +++ head/security/pam_krb5/files/patch-ac (revision 34851) @@ -0,0 +1,40 @@ +--- pam_krb5_acct.c.orig Tue Jan 4 19:08:51 2000 ++++ pam_krb5_acct.c Mon Nov 6 10:21:49 2000 +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + #include "pam_krb5.h" + + /* A useful logging macro */ +@@ -38,12 +39,12 @@ + } + + /* Get username */ +- if (pam_get_item(pamh, PAM_USER, (void **) &name)) { ++ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) { + return PAM_PERM_DENIED;; + } + + /* Get service name */ +- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service); ++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + if (!service) + service = "unknown"; + +@@ -55,12 +56,12 @@ + return PAM_SUCCESS; + } + +- if (krb5_init_context(&pam_context)) { ++ if ((krbret = krb5_init_context(&pam_context)) != 0) { + DLOG("krb5_init_context()", error_message(krbret)); + return PAM_PERM_DENIED;; + } + +- if (krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) { ++ if ((krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) != 0) { + DLOG("krb5_cc_get_principal()", error_message(krbret)); + pamret = PAM_PERM_DENIED;; + goto cleanup; Property changes on: head/security/pam_krb5/files/patch-ac ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ad =================================================================== --- head/security/pam_krb5/files/patch-ad (nonexistent) +++ head/security/pam_krb5/files/patch-ad (revision 34851) @@ -0,0 +1,286 @@ +--- pam_krb5_auth.c.orig Tue Jan 4 19:08:51 2000 ++++ pam_krb5_auth.c Mon Nov 6 10:46:08 2000 +@@ -7,9 +7,11 @@ + + static const char rcsid[] = "$Id: pam_krb5_auth.c,v 1.18 2000/01/04 08:44:08 fcusack Exp $"; + ++#include + #include /* PATH_MAX */ + #include /* getpwnam */ + #include /* tmpnam */ ++#include /* malloc */ + #include /* strchr */ + #include /* syslog */ + #include /* chown */ +@@ -19,7 +21,9 @@ + #include + + #include ++#include + #include "pam_krb5.h" ++#include "krb5compat.h" + + extern krb5_cc_ops krb5_mcc_ops; + +@@ -42,7 +46,7 @@ + krb5_get_init_creds_opt opts; + + int pamret, i; +- char *name, *name2; ++ const char *name; + char *princ_name = NULL; + char *pass = NULL, *service = NULL; + char *prompt = NULL; +@@ -74,13 +78,13 @@ + } + + /* Get service name */ +- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service); ++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + if (!service) + service = "unknown"; + + DLOG("entry", ""); + +- if (krb5_init_context(&pam_context)) { ++ if ((krbret = krb5_init_context(&pam_context)) != 0) { + DLOG("krb5_init_context()", error_message(krbret)); + return PAM_SERVICE_ERR; + } +@@ -93,7 +97,7 @@ + krb5_get_init_creds_opt_set_forwardable(&opts, 1); + + /* For CNS */ +- if (krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) { ++ if ((krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) != 0) { + /* Solaris dtlogin doesn't call pam_end() on failure */ + if (krbret != KRB5_CC_TYPE_EXISTS) { + DLOG("krb5_cc_register()", error_message(krbret)); +@@ -103,14 +107,14 @@ + } + + /* Get principal name */ +- if (krbret = krb5_parse_name(pam_context, name, &princ)) { ++ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) { + DLOG("krb5_parse_name()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup3; + } + + /* Now convert the principal name into something human readable */ +- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) { ++ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) { + DLOG("krb5_unparse_name()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; +@@ -126,18 +130,19 @@ + (void) sprintf(prompt, "Password for %s: ", princ_name); + + if (try_first_pass || use_first_pass) +- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); ++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass); + + get_pass: + if (!pass) { + try_first_pass = 0; +- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) { ++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, ++ &pass)) != 0) { + DLOG("get_user_info()", pam_strerror(pamh, pamret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; + } + /* We have to free pass. */ +- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) { ++ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) { + DLOG("pam_set_item()", pam_strerror(pamh, pamret)); + free(pass); + pamret = PAM_SERVICE_ERR; +@@ -145,25 +150,26 @@ + } + free(pass); + /* Now we get it back from the library. */ +- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); ++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass); + } + + /* Verify the local user exists (AFTER getting the password) */ + if (strchr(name, '@')) { + /* get a local account name for this principal */ +- if (krbret = krb5_aname_to_localname(pam_context, princ, +- sizeof(lname), lname)) { ++ if ((krbret = krb5_aname_to_localname(pam_context, princ, ++ sizeof(lname), lname)) != 0) { + DLOG("krb5_aname_to_localname()", error_message(krbret)); + pamret = PAM_USER_UNKNOWN; + goto cleanup2; + } + DLOG("changing PAM_USER to", lname); +- if (pamret = pam_set_item(pamh, PAM_USER, lname)) { ++ if ((pamret = pam_set_item(pamh, PAM_USER, lname)) != 0) { + DLOG("pam_set_item()", pam_strerror(pamh, pamret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; + } +- if (pamret = pam_get_item(pamh, PAM_USER, (void **) &name)) { ++ if ((pamret = pam_get_item(pamh, PAM_USER, (const void **) &name) ++ != 0)) { + DLOG("pam_get_item()", pam_strerror(pamh, pamret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; +@@ -177,9 +183,8 @@ + } + + /* Get a TGT */ +- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ, +- pass, pam_prompter, pamh, +- 0, NULL, &opts)) { ++ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ, ++ pass, pam_prompter, pamh, 0, NULL, &opts)) != 0) { + DLOG("krb5_get_init_creds_password()", error_message(krbret)); + if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + pass = NULL; +@@ -193,17 +198,17 @@ + strcpy(cache_name, "MEMORY:"); + (void) tmpnam(&cache_name[7]); + +- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) { ++ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) != 0) { + DLOG("krb5_cc_resolve()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup; + } +- if (krbret = krb5_cc_initialize(pam_context, ccache, princ)) { ++ if ((krbret = krb5_cc_initialize(pam_context, ccache, princ)) != 0) { + DLOG("krb5_cc_initialize()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup; + } +- if (krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) { ++ if ((krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) != 0) { + DLOG("krb5_cc_store_cred()", error_message(krbret)); + (void) krb5_cc_destroy(pam_context, ccache); + pamret = PAM_SERVICE_ERR; +@@ -224,7 +229,7 @@ + pamret = PAM_AUTH_ERR; + goto cleanup; + } +- if (pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) { ++ if ((pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) != 0) { + DLOG("pam_set_data()", pam_strerror(pamh, pamret)); + (void) krb5_cc_destroy(pam_context, ccache); + pamret = PAM_SERVICE_ERR; +@@ -288,22 +293,22 @@ + else if (strcmp(argv[i], "no_ccache") == 0) + return PAM_SUCCESS; + else if (strstr(argv[i], "ccache=") == argv[i]) +- cache_name = &argv[i][7]; /* save for later */ ++ cache_name = (char *) &argv[i][7]; /* save for later */ + } + + /* Get username */ +- if (pam_get_item(pamh, PAM_USER, (void **) &name)) { ++ if (pam_get_item(pamh, PAM_USER, (const void **) &name)) { + return PAM_SERVICE_ERR; + } + + /* Get service name */ +- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service); ++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + if (!service) + service = "unknown"; + + DLOG("entry", ""); + +- if (krb5_init_context(&pam_context)) { ++ if ((krbret = krb5_init_context(&pam_context)) != 0) { + DLOG("krb5_init_context()", error_message(krbret)); + return PAM_SERVICE_ERR; + } +@@ -311,7 +316,8 @@ + euid = geteuid(); /* Usually 0 */ + + /* Retrieve the cache name */ +- if (pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) { ++ if ((pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) ++ != 0) { + DLOG("pam_get_data()", pam_strerror(pamh, pamret)); + pamret = PAM_CRED_UNAVAIL; + goto cleanup3; +@@ -340,7 +346,7 @@ + pamret = PAM_BUF_ERR; + goto cleanup3; + } +- sprintf(cache_name, "FILE:/tmp/krb5cc_%ld", pw->pw_uid); ++ sprintf(cache_name, "FILE:/tmp/krb5cc_%d", pw->pw_uid); + } else { + /* cache_name was supplied */ + char *p = calloc(PATH_MAX + 10, 1); /* should be plenty */ +@@ -357,10 +363,10 @@ + if (*q == '%') { + q++; + if (*q == 'u') { +- sprintf(p, "%ld", pw->pw_uid); ++ sprintf(p, "%d", pw->pw_uid); + p += strlen(p); + } else if (*q == 'p') { +- sprintf(p, "%ld", getpid()); ++ sprintf(p, "%d", getpid()); + p += strlen(p); + } else { + /* Not a special token */ +@@ -375,24 +381,27 @@ + } + + /* Initialize the new ccache */ +- if (krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) { ++ if ((krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) ++ != 0) { + DLOG("krb5_cc_get_principal()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup3; + } +- if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) { ++ if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) ++ != 0) { + DLOG("krb5_cc_resolve()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; + } +- if (krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) { ++ if ((krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) != 0) { + DLOG("krb5_cc_initialize()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; + } + + /* Prepare for iteration over creds */ +- if (krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) { ++ if ((krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) ++ != 0) { + DLOG("krb5_cc_start_seq_get()", error_message(krbret)); + (void) krb5_cc_destroy(pam_context, ccache_perm); + pamret = PAM_SERVICE_ERR; +@@ -400,9 +409,10 @@ + } + + /* Copy the creds (should be two of them) */ +- while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp, +- &cursor, &creds) == 0)) { +- if (krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds)) { ++ while ((krbret = compat_cc_next_cred(pam_context, ccache_temp, ++ &cursor, &creds) == 0)) { ++ if ((krbret = krb5_cc_store_cred(pam_context, ccache_perm, ++ &creds)) != 0) { + DLOG("krb5_cc_store_cred()", error_message(krbret)); + (void) krb5_cc_destroy(pam_context, ccache_perm); + krb5_free_cred_contents(pam_context, &creds); +@@ -432,7 +442,7 @@ + } + + sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name); +- if (pamret = pam_putenv(pamh, cache_env_name)) { ++ if ((pamret = pam_putenv(pamh, cache_env_name)) != 0) { + DLOG("pam_putenv()", pam_strerror(pamh, pamret)); + (void) krb5_cc_destroy(pam_context, ccache_perm); + pamret = PAM_SERVICE_ERR; Property changes on: head/security/pam_krb5/files/patch-ad ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ae =================================================================== --- head/security/pam_krb5/files/patch-ae (nonexistent) +++ head/security/pam_krb5/files/patch-ae (revision 34851) @@ -0,0 +1,140 @@ +--- pam_krb5_pass.c.orig Tue Jan 4 19:08:51 2000 ++++ pam_krb5_pass.c Mon Nov 6 10:21:49 2000 +@@ -7,10 +7,14 @@ + + static const char rcsid[] = "$Id: pam_krb5_pass.c,v 1.3 1999/01/19 23:43:11 fcusack Exp $"; + ++#include ++#include /* sprintf */ ++#include /* malloc */ + #include /* syslog */ + #include + #include + #include ++#include + #include "pam_krb5.h" + + /* A useful logging macro */ +@@ -27,7 +31,6 @@ + krb5_context pam_context; + krb5_creds creds; + krb5_principal princ; +- krb5_ccache ccache; + krb5_get_init_creds_opt opts; + + int result_code; +@@ -54,23 +57,23 @@ + } + + /* Get username */ +- if (pam_get_item(pamh, PAM_USER, (void **) &name)) { ++ if ((pam_get_item(pamh, PAM_USER, (const void **) &name)) != 0) { + return PAM_SERVICE_ERR; + } + + /* Get service name */ +- (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service); ++ (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + if (!service) + service = "unknown"; + + DLOG("entry", ""); + +- if (krb5_init_context(&pam_context)) { ++ if ((krbret = krb5_init_context(&pam_context)) != 0) { + DLOG("krb5_init_context()", error_message(krbret)); + return PAM_SERVICE_ERR; + } + +- if (krb5_init_context(&pam_context)) { ++ if ((krbret = krb5_init_context(&pam_context)) != 0) { + DLOG("krb5_init_context()", error_message(krbret)); + return PAM_SERVICE_ERR; + } +@@ -78,14 +81,14 @@ + memset(&creds, 0, sizeof(krb5_creds)); + + /* Get principal name */ +- if (krbret = krb5_parse_name(pam_context, name, &princ)) { ++ if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) { + DLOG("krb5_parse_name()", error_message(krbret)); + pamret = PAM_USER_UNKNOWN; + goto cleanup3; + } + + /* Now convert the principal name into something human readable */ +- if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) { ++ if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) { + DLOG("krb5_unparse_name()", error_message(krbret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; +@@ -101,18 +104,19 @@ + (void) sprintf(prompt, "Password for %s: ", princ_name); + + if (try_first_pass || use_first_pass) +- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); ++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass); + + get_pass: + if (!pass) { + try_first_pass = 0; +- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) { ++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, ++ &pass)) != 0) { + DLOG("get_user_info()", pam_strerror(pamh, pamret)); + pamret = PAM_SERVICE_ERR; + goto cleanup2; + } + /* We have to free pass. */ +- if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) { ++ if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) { + DLOG("pam_set_item()", pam_strerror(pamh, pamret)); + free(pass); + pamret = PAM_SERVICE_ERR; +@@ -120,12 +124,11 @@ + } + free(pass); + /* Now we get it back from the library. */ +- (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); ++ (void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass); + } + +- if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ, +- pass, pam_prompter, pamh, +- 0, "kadmin/changepw", &opts)) { ++ if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ, ++ pass, pam_prompter, pamh, 0, "kadmin/changepw", &opts)) != 0) { + DLOG("krb5_get_init_creds_password()", error_message(krbret)); + if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + pass = NULL; +@@ -138,14 +141,16 @@ + /* Now get the new password */ + free(prompt); + prompt = "Enter new password: "; +- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) { ++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) ++ != 0) { + DLOG("get_user_info()", pam_strerror(pamh, pamret)); + prompt = NULL; + pamret = PAM_SERVICE_ERR; + goto cleanup; + } + prompt = "Enter it again: "; +- if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2)) { ++ if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2)) ++ != 0) { + DLOG("get_user_info()", pam_strerror(pamh, pamret)); + prompt = NULL; + pamret = PAM_SERVICE_ERR; +@@ -160,9 +165,8 @@ + } + + /* Change it */ +- if (krbret = krb5_change_password(pam_context, &creds, pass, +- &result_code, &result_code_string, +- &result_string)) { ++ if ((krbret = krb5_change_password(pam_context, &creds, pass, ++ &result_code, &result_code_string, &result_string)) != 0) { + DLOG("krb5_change_password()", error_message(krbret)); + pamret = PAM_AUTHTOK_ERR; + goto cleanup; Property changes on: head/security/pam_krb5/files/patch-ae ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-af =================================================================== --- head/security/pam_krb5/files/patch-af (nonexistent) +++ head/security/pam_krb5/files/patch-af (revision 34851) @@ -0,0 +1,176 @@ +--- support.c.orig Tue Jan 4 19:08:51 2000 ++++ support.c Mon Nov 6 11:55:47 2000 +@@ -6,12 +6,17 @@ + + static const char rcsid[] = "$Id: support.c,v 1.8 2000/01/04 09:50:03 fcusack Exp $"; + ++#include + #include /* BUFSIZ */ ++#include /* malloc */ ++#include /* strncpy */ + #include /* syslog */ + #include + #include + #include ++#include + #include "pam_krb5.h" ++#include "krb5compat.h" + + /* + * Get info from the user. Disallow null responses (regardless of flags). +@@ -22,11 +27,12 @@ + get_user_info(pam_handle_t *pamh, char *prompt, int type, char **response) + { + int pamret; +- struct pam_message msg, *pmsg; ++ struct pam_message msg; ++ const struct pam_message *pmsg; + struct pam_response *resp = NULL; + struct pam_conv *conv; + +- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv)) ++ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0) + return pamret; + + /* set up conversation call */ +@@ -34,7 +40,7 @@ + msg.msg_style = type; + msg.msg = prompt; + +- if (pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr)) ++ if ((pamret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr)) != 0) + return pamret; + + /* Caller should ignore errors for non-response conversations */ +@@ -53,8 +59,8 @@ + + + krb5_error_code +-pam_prompter(krb5_context context, void *data, const char *name, +- const char *banner, int num_prompts, krb5_prompt prompts[]) ++pam_prompter(krb5_context context, void *data, const char *banner, int ++ num_prompts, krb5_prompt prompts[]) + { + int pam_prompts = num_prompts; + int pamret, i; +@@ -64,12 +70,9 @@ + struct pam_conv *conv; + pam_handle_t *pamh = (pam_handle_t *) data; + +- if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv)) ++ if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0) + return KRB5KRB_ERR_GENERIC; + +- if (name) +- pam_prompts++; +- + if (banner) + pam_prompts++; + +@@ -80,21 +83,11 @@ + /* Now use pam_prompts as an index */ + pam_prompts = 0; + +- /* Sigh. malloc all the prompts. */ +- if (name) { +- msg[pam_prompts].msg = malloc(strlen(name) + 1); +- if (!msg[pam_prompts].msg) +- goto cleanup; +- strcpy(msg[pam_prompts].msg, name); +- msg[pam_prompts].msg_style = PAM_TEXT_INFO; +- pam_prompts++; +- } +- + if (banner) { + msg[pam_prompts].msg = malloc(strlen(banner) + 1); + if (!msg[pam_prompts].msg) + goto cleanup; +- strcpy(msg[pam_prompts].msg, banner); ++ strcpy((char *) msg[pam_prompts].msg, banner); + msg[pam_prompts].msg_style = PAM_TEXT_INFO; + pam_prompts++; + } +@@ -103,13 +96,14 @@ + msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3); + if (!msg[pam_prompts].msg) + goto cleanup; +- sprintf(msg[pam_prompts].msg, "%s: ", prompts[i].prompt); ++ sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt); + msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF + : PAM_PROMPT_ECHO_ON; + pam_prompts++; + } + +- if (pamret = conv->conv(pam_prompts, &msg, &resp, conv->appdata_ptr)) ++ if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg, ++ &resp, conv->appdata_ptr)) != 0) + goto cleanup; + + if (!resp) +@@ -117,8 +111,6 @@ + + /* Reuse pam_prompts as a starting index */ + pam_prompts = 0; +- if (name) +- pam_prompts++; + if (banner) + pam_prompts++; + +@@ -142,7 +134,7 @@ + + for (i = 0; i < pam_prompts; i++) { + if (msg[i].msg) +- free(msg[i].msg); ++ free((char *) msg[i].msg); + } + free(msg); + +@@ -189,8 +181,6 @@ + krb5_keyblock * keyblock = 0; + krb5_data packet; + krb5_auth_context auth_context = NULL; +- krb5_keytab keytab = NULL; +- char * kt_name = NULL; + + packet.data = 0; + +@@ -198,8 +188,8 @@ + * Get the server principal for the local host. + * (Use defaults of "host" and canonicalized local name.) + */ +- if (retval = krb5_sname_to_principal(context, NULL, NULL, +- KRB5_NT_SRV_HST, &princ)) { ++ if ((retval = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST, ++ &princ)) != 0) { + if (debug) + syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s", + "krb5_sname_to_principal()", error_message(retval)); +@@ -207,7 +197,7 @@ + } + + /* Extract the name directly. */ +- strncpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ); ++ strncpy(phost, compat_princ_component(context, princ, 1), BUFSIZ); + phost[BUFSIZ - 1] = '\0'; + + /* +@@ -215,8 +205,8 @@ + * (use default/configured keytab, kvno IGNORE_VNO to get the + * first match, and enctype is currently ignored anyhow.) + */ +- if (retval = krb5_kt_read_service_key(context, NULL, princ, 0, +- ENCTYPE_DES_CBC_MD5, &keyblock)) { ++ if ((retval = krb5_kt_read_service_key(context, NULL, princ, 0, ++ ENCTYPE_DES_CBC_MD5, &keyblock)) != 0) { + /* Keytab or service key does not exist */ + if (debug) + syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s", +@@ -256,7 +246,7 @@ + + cleanup: + if (packet.data) +- krb5_free_data_contents(context, &packet); ++ compat_free_data_contents(context, &packet); + krb5_free_principal(context, princ); + return retval; + Property changes on: head/security/pam_krb5/files/patch-af ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ag =================================================================== --- head/security/pam_krb5/files/patch-ag (nonexistent) +++ head/security/pam_krb5/files/patch-ag (revision 34851) @@ -0,0 +1,52 @@ +--- pam_krb5.5.orig Tue Jan 4 19:08:51 2000 ++++ pam_krb5.5 Mon Nov 6 10:27:01 2000 +@@ -1,24 +1,24 @@ + .\" + .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $ +-.TH pam_krb5 5 "15 Jan 1999" ++.TH pam_krb5 8 "15 Jan 1999" + .SH NAME + pam_krb5 \- Kerberos 5 PAM module + .SH SYNOPSIS + .LP +-.B /usr/lib/security/pam_krb5.so.1 ++.B /usr/lib/pam_krb5.so + .LP + .SH DESCRIPTION + .IX "pam_krb5" "" "\fLpam_krb5\fP \(em Kerberos 5 PAM module" + .PP + The Kerberos 5 service module for PAM, typically +-.BR /usr/lib/security/pam_krb5.so.1 , ++.BR /usr/lib/pam_krb5.so , + provides functionality for three PAM categories: + authentication, + account management, + and password management. + It also provides null functions for session management. + The +-.B pam_krb5.so.1 ++.B pam_krb5.so + module is a shared object + that can be dynamically loaded to provide + the necessary functionality upon demand. +@@ -177,10 +177,9 @@ + .SH SEE ALSO + .BR kdestroy (1), + .BR passwd (1), +-.BR pam (3), ++.BR pam (8), + .BR syslog (3), +-.BR libpam (4), +-.BR pam.conf (4). ++.BR pam.conf (5). + .SH NOTES + Applications should not call + .B pam_authenticate() +@@ -189,7 +188,3 @@ + and + .B pam_end() + when using the Kerberos 5 PAM module. +-.LP +-dtlogin will not successfully authenticate a user who enters a realm +-name as part of their username (even if the authentication +-module returns success). Property changes on: head/security/pam_krb5/files/patch-ag ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ah =================================================================== --- head/security/pam_krb5/files/patch-ah (nonexistent) +++ head/security/pam_krb5/files/patch-ah (revision 34851) @@ -0,0 +1,24 @@ +--- compat_heimdal.c.orig Mon Nov 6 10:21:49 2000 ++++ compat_heimdal.c Mon Nov 6 10:48:37 2000 +@@ -0,0 +1,21 @@ ++#include ++#include "krb5compat.h" ++ ++const char * ++compat_princ_component(krb5_context context, krb5_principal princ, int n) ++{ ++ return princ->name.name_string.val[n]; ++} ++ ++void ++compat_free_data_contents(krb5_context context, krb5_data *data) ++{ ++ krb5_xfree(data); ++} ++ ++krb5_error_code ++compat_cc_next_cred(krb5_context context, const krb5_ccache id, ++ krb5_cc_cursor *cursor, krb5_creds *creds) ++{ ++ return krb5_cc_next_cred(context, id, creds, cursor); ++} Property changes on: head/security/pam_krb5/files/patch-ah ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/files/patch-ai =================================================================== --- head/security/pam_krb5/files/patch-ai (nonexistent) +++ head/security/pam_krb5/files/patch-ai (revision 34851) @@ -0,0 +1,24 @@ +--- compat_mit.c.orig Mon Nov 6 10:21:49 2000 ++++ compat_mit.c Mon Nov 6 10:49:14 2000 +@@ -0,0 +1,21 @@ ++#include ++#include "krb5compat.h" ++ ++const char * ++compat_princ_component(krb5_context context, krb5_principal princ, int n) ++{ ++ return krb5_princ_component(context, princ, n)->data; ++} ++ ++void ++compat_free_data_contents(krb5_context context, krb5_data *data) ++{ ++ krb5_free_data_contents(context, data); ++} ++ ++krb5_error_code ++compat_cc_next_cred(krb5_context context, const krb5_ccache id, ++ krb5_cc_cursor *cursor, krb5_creds *creds) ++{ ++ return krb5_cc_next_cred(context, id, cursor, creds); ++} Property changes on: head/security/pam_krb5/files/patch-ai ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/pkg-comment =================================================================== --- head/security/pam_krb5/pkg-comment (nonexistent) +++ head/security/pam_krb5/pkg-comment (revision 34851) @@ -0,0 +1 @@ +A Pluggable Authentication Module for Kerberos 5 Property changes on: head/security/pam_krb5/pkg-comment ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/pkg-descr =================================================================== --- head/security/pam_krb5/pkg-descr (nonexistent) +++ head/security/pam_krb5/pkg-descr (revision 34851) @@ -0,0 +1,4 @@ +A Pluggable Authentication Module for Kerberos 5, which can +be compiled for either Heimdal or MIT Kerberos. + +WWW: http://www.fcusack.com/ Property changes on: head/security/pam_krb5/pkg-descr ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/pam_krb5/pkg-plist =================================================================== --- head/security/pam_krb5/pkg-plist (nonexistent) +++ head/security/pam_krb5/pkg-plist (revision 34851) @@ -0,0 +1 @@ +lib/pam_krb5.so Property changes on: head/security/pam_krb5/pkg-plist ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property