include $(TOPDIR)/rules.mk
PKG_NAME:=krb5
-PKG_VERSION:=1.8
-PKG_RELEASE:=2
+PKG_VERSION:=1.11
+PKG_RELEASE:=1
PKG_SOURCE:=krb5-$(PKG_VERSION)-signed.tar
PKG_SOURCE_URL:=http://web.mit.edu/kerberos/dist/krb5/$(PKG_VERSION)/
-PKG_MD5SUM:=74257d68373a8df8b9391fc093d594be
+PKG_MD5SUM:=1a13c53899806c4da99a798a04d25545
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
TITLE:=Kerberos 5 Client
endef
-define Package/krb5/decription
+define Package/krb5/description
Kerberos
endef
# containing source code.
tar xf "$(DL_DIR)/$(PKG_SOURCE)" -C "$(BUILD_DIR)"
tar xzf "$(BUILD_DIR)/krb5-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)"
- patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-krb5kdc-dir-to-etc.patch"
- patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/002-MITKRB5-SA-2011-002.patch"
+ patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-fix-build-warning.patch"
endef
CONFIGURE_PATH = ./src
ac_cv_file__etc_TIMEZONE=no
CONFIGURE_ARGS += \
- --enable-thread-support \
- --without-krb4 \
--without-tcl \
- --disable-ipv6
+ --without-libedit \
+ --localstatedir=/etc
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
define Package/krb5-server/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/krb5kdc $(1)/etc/init.d/krb5kdc
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin
+# $(INSTALL_DIR) $(1)/usr/bin
+# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmin.local $(1)/usr/sbin
-# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kdb5_util $(1)/usr/sbin
# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kprop $(1)/usr/sbin
# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kpropd $(1)/usr/sbin
-diff -u --recursive krb5-1.8-vanilla/src/include/osconf.hin krb5-1.8/src/include/osconf.hin
---- krb5-1.8-vanilla/src/include/osconf.hin 2010-04-01 16:28:29.408661301 -0500
-+++ krb5-1.8/src/include/osconf.hin 2010-04-01 16:30:52.235467788 -0500
-@@ -61,14 +61,14 @@
- #define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname"
- #endif /* _WINDOWS */
-
--#define DEFAULT_KDB_FILE "@LOCALSTATEDIR/krb5kdc/principal"
--#define DEFAULT_KEYFILE_STUB "@LOCALSTATEDIR/krb5kdc/.k5."
--#define KRB5_DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl"
-+#define DEFAULT_KDB_FILE "/etc/krb5kdc/principal"
-+#define DEFAULT_KEYFILE_STUB "/etc/krb5kdc/.k5."
-+#define KRB5_DEFAULT_ADMIN_ACL "/etc/krb5kdc/krb5_adm.acl"
- /* Used by old admin server */
--#define DEFAULT_ADMIN_ACL "@LOCALSTATEDIR/krb5kdc/kadm_old.acl"
-+#define DEFAULT_ADMIN_ACL "/etc/krb5kdc/kadm_old.acl"
-
- /* Location of KDC profile */
--#define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf"
-+#define DEFAULT_KDC_PROFILE "/etc/krb5kdc/kdc.conf"
- #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE"
-
- #if TARGET_OS_MAC
-@@ -97,8 +97,8 @@
- /*
- * Defaults for the KADM5 admin system.
- */
--#define DEFAULT_KADM5_KEYTAB "@LOCALSTATEDIR/krb5kdc/kadm5.keytab"
--#define DEFAULT_KADM5_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kadm5.acl"
-+#define DEFAULT_KADM5_KEYTAB "/etc/krb5kdc/kadm5.keytab"
-+#define DEFAULT_KADM5_ACL_FILE "/etc/krb5kdc/kadm5.acl"
- #define DEFAULT_KADM5_PORT 749 /* assigned by IANA */
-
- #define KRB5_DEFAULT_SUPPORTED_ENCTYPES \
-@@ -123,13 +123,13 @@
- * krb5 slave support follows
- */
-
--#define KPROP_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/slave_datatrans"
--#define KPROPD_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/from_master"
-+#define KPROP_DEFAULT_FILE "/etc/krb5kdc/slave_datatrans"
-+#define KPROPD_DEFAULT_FILE "/etc/krb5kdc/from_master"
- #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
- #define KPROPD_DEFAULT_KDB5_EDIT "@SBINDIR/kdb5_edit"
- #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
- #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE
--#define KPROPD_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kpropd.acl"
-+#define KPROPD_ACL_FILE "/etc/krb5kdc/kpropd.acl"
-
- /*
- * GSS mechglue
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-index 1ca09b4..60caf3d 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
- #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
-
- #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
-- do { \
-- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
-- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
-- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
-- if (ldap_server_handle) \
-- ld = ldap_server_handle->ldap_handle; \
-- } \
-- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
-+ tempst = 0; \
-+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \
-+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \
-+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
-+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
-+ if (ldap_server_handle) \
-+ ld = ldap_server_handle->ldap_handle; \
-+ if (tempst == 0) \
-+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \
-+ NULL, NULL, &timelimit, \
-+ LDAP_NO_LIMIT, &result); \
-+ } \
- \
- if (status_check != IGNORE_STATUS) { \
- if (tempst != 0) { \
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
-index 82b0333..84e80ee 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
-@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
- {
- krb5_ldap_server_handle *handle = *ldap_server_handle;
-
-+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
- if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
- || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
- return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-index f549e23..b70940f 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
- * portion, then the first portion of the principal name SHOULD be
- * "krbtgt". All this check is done in the immediate block.
- */
-- if (searchfor->length == 2)
-- if ((strncasecmp(searchfor->data[0].data, "krbtgt",
-- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
-- (strncasecmp(searchfor->data[1].data, defrealm,
-- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
-+ if (searchfor->length == 2) {
-+ if (data_eq_string(searchfor->data[0], "krbtgt") &&
-+ data_eq_string(searchfor->data[1], defrealm))
- return 0;
-+ }
-
- /* first check the length, if they are not equal, then they are not same */
- if (strlen(defrealm) != searchfor->realm.length)
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 7ad31da..626ed1f 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
- unsigned int flags, krb5_db_entry *entries,
- int *nentries, krb5_boolean *more)
- {
-- char *user=NULL, *filter=NULL, **subtree=NULL;
-+ char *user=NULL, *filter=NULL, *filtuser=NULL;
- unsigned int tree=0, ntrees=1, princlen=0;
- krb5_error_code tempst=0, st=0;
-- char **values=NULL, *cname=NULL;
-+ char **values=NULL, **subtree=NULL, *cname=NULL;
- LDAP *ld=NULL;
- LDAPMessage *result=NULL, *ent=NULL;
- krb5_ldap_context *ldap_context=NULL;
-@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
- if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
- goto cleanup;
-
-- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */
-+ filtuser = ldap_filter_correct(user);
-+ if (filtuser == NULL) {
-+ st = ENOMEM;
-+ goto cleanup;
-+ }
-+
-+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */
- if ((filter = malloc(princlen)) == NULL) {
- st = ENOMEM;
- goto cleanup;
- }
-- snprintf(filter, princlen, FILTER"%s))", user);
-+ snprintf(filter, princlen, FILTER"%s))", filtuser);
-
- if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
- goto cleanup;
-@@ -231,6 +237,9 @@ cleanup:
- if (user)
- free(user);
-
-+ if (filtuser)
-+ free(filtuser);
-+
- if (cname)
- free(cname);
-
projects / openwrt / svn-archive / archive.git / commitdiff