Author: randy Date: 2005-07-25 20:28:06 -0600 (Mon, 25 Jul 2005) New Revision: 1025
Added: trunk/heimdal/heimdal-0.7-cracklib-1.patch trunk/heimdal/heimdal-0.7-fhs_compliance-1.patch Log: Added Heimdal-0.7 patches to repository Added: trunk/heimdal/heimdal-0.7-cracklib-1.patch =================================================================== --- trunk/heimdal/heimdal-0.7-cracklib-1.patch 2005-07-25 17:17:34 UTC (rev 1024) +++ trunk/heimdal/heimdal-0.7-cracklib-1.patch 2005-07-26 02:28:06 UTC (rev 1025) @@ -0,0 +1,83 @@ +Patch Name: heimdal-0.7-cracklib-1.patch +Submitted By: Randy McMurchy <randy_at_linuxfromscratch_dot_org> +Date: 2005-07-25 +Initial Package Version: 0.7 (this patch adapted from an 0.6.1 version patch) +Upstream Status: Pending submission +Origin: Randy McMurchy, DJ Lucas and Heimdal sample source code +Description: Enables kpasswd and kadmin to use the cracklib library. + CrackLib must be installed using BLFS instructions. See: + http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html + + +diff -Naur heimdal-0.7-orig/lib/kadm5/Makefile.in heimdal-0.7/lib/kadm5/Makefile.in +--- heimdal-0.7-orig/lib/kadm5/Makefile.in 2005-06-16 16:33:31.000000000 +0000 ++++ heimdal-0.7/lib/kadm5/Makefile.in 2005-07-23 23:48:23.000000000 +0000 +@@ -296,7 +296,7 @@ + LEXLIB = @LEXLIB@ + LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ + LIBOBJS = @LIBOBJS@ +-LIBS = @LIBS@ ++LIBS = @LIBS@ -lcrack_heimdal + LIBTOOL = @LIBTOOL@ + LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ + LIB_NDBM = @LIB_NDBM@ + +diff -Naur heimdal-0.7-orig/lib/kadm5/password_quality.c heimdal-0.7/lib/kadm5/password_quality.c +--- heimdal-0.7-orig/lib/kadm5/password_quality.c 2005-06-16 16:28:07.000000000 +0000 ++++ heimdal-0.7/lib/kadm5/password_quality.c 2005-07-25 00:31:27.000000000 +0000 +@@ -33,6 +33,7 @@ + + #include "kadm5_locl.h" + #include "kadm5-pwcheck.h" ++#include <crack_heimdal.h> + + RCSID("$Id: password_quality.c,v 1.11 2005/05/09 19:17:34 lha Exp $"); + +@@ -63,7 +64,39 @@ + return 0; + } + ++/* The following function was inserted to utilize the CrackLib library to ++ ensure strong passwords. The cracklib library must be patched before ++ this function will work. For more information, see: ++ http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html ++*/ ++ ++#if defined(CRACKLIB_HEIMDAL_H) && defined(CRACKLIB_DICTPATH) ++ + static const char * ++ ++min_length_passwd_quality_v0 (krb5_context context, ++ krb5_principal principal, ++ krb5_data *password) ++{ ++ char *s = malloc(password->length + 1); ++ char *msg; ++ char *strings[2]; ++ if(s == NULL) ++ return NULL; /* XXX */ ++ strings[0] = principal->name.name_string.val[0]; /* XXX */ ++ strings[1] = NULL; ++ memcpy(s, password->data, password->length); ++ s[password->length] = '\0'; ++ msg = FascistCheck(s, CRACKLIB_DICTPATH, strings); ++ memset(s, 0, password->length); ++ free(s); ++ return msg; ++} ++ ++#else /* Not using CrackLib */ ++ ++static const char * ++ + min_length_passwd_quality_v0 (krb5_context context, + krb5_principal principal, + krb5_data *pwd) +@@ -80,6 +113,7 @@ + return NULL; + } + ++#endif /* CRACKLIB_HEIMDAL_H && CRACKLIB_DICTPATH */ + + static int + char_class_passwd_quality (krb5_context context, Added: trunk/heimdal/heimdal-0.7-fhs_compliance-1.patch =================================================================== --- trunk/heimdal/heimdal-0.7-fhs_compliance-1.patch 2005-07-25 17:17:34 UTC (rev 1024) +++ trunk/heimdal/heimdal-0.7-fhs_compliance-1.patch 2005-07-26 02:28:06 UTC (rev 1025) @@ -0,0 +1,263 @@ +Patch Name: heimdal-0.7-fhs-compliance-1.patch +Submitted By: Randy McMurchy <randy_at_linuxfromscratch_dot_org> +Date: 2005-07-23 +Initial Package Version: 0.7 (this patch adapted from an 0.6.1 version patch) +Upstream Status: N/A (LFS specific) +Origin: Randy McMurchy +Description: Changes all references of /var/heimdal to /var/lib/heimdal + in source code and documentation to comply with the FHS + + +diff -Naur heimdal-0.7-orig/configure heimdal-0.7/configure +--- heimdal-0.7-orig/configure 2005-06-16 16:31:02.000000000 +0000 ++++ heimdal-0.7/configure 2005-07-23 23:24:34.000000000 +0000 +@@ -3183,7 +3183,7 @@ + + + test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' +-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' ++test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal' + + # Make sure we can run config.sub. + $ac_config_sub sun4 >/dev/null 2>&1 || + +diff -Naur heimdal-0.7-orig/configure.in heimdal-0.7/configure.in +--- heimdal-0.7-orig/configure.in 2005-06-16 16:29:14.000000000 +0000 ++++ heimdal-0.7/configure.in 2005-07-23 23:24:54.000000000 +0000 +@@ -16,7 +16,7 @@ + AC_PREFIX_DEFAULT(/usr/heimdal) + + test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' +-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' ++test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal' + + AC_CANONICAL_HOST + CANONICAL_HOST=$host + +diff -Naur heimdal-0.7-orig/doc/heimdal.info-1 heimdal-0.7/doc/heimdal.info-1 +--- heimdal-0.7-orig/doc/heimdal.info-1 2005-06-16 16:33:47.000000000 +0000 ++++ heimdal-0.7/doc/heimdal.info-1 2005-07-23 23:27:04.000000000 +0000 +@@ -452,15 +452,15 @@ + ===================== + + The database library will look for the database in the directory +-`/var/heimdal', so you should probably create that directory. Make ++`/var/lib/heimdal', so you should probably create that directory. Make + sure the directory has restrictive permissions. + +- # mkdir /var/heimdal ++ # mkdir /var/lib/heimdal + + The keys of all the principals are stored in the database. If you + choose to, these can be encrypted with a master key. You do not have to + remember this key (or password), but just to enter it once and it will +-be stored in a file (`/var/heimdal/m-key'). If you want to have a ++be stored in a file (`/var/lib/heimdal/m-key'). If you want to have a + master key, run `kstash' to create this master key: + + # kstash +@@ -671,7 +671,7 @@ + `749/tcp'. + + Access to the administration server is controlled by an ACL file, +-(default `/var/heimdal/kadmind.acl'.) The lines in the access file, ++(default `/var/lib/heimdal/kadmind.acl'.) The lines in the access file, + have the following syntax: + principal [priv1,priv2,...] [glob-pattern] + +@@ -822,7 +822,7 @@ + follows: + + slave# ktutil get -p foo/admin hprop/`hostname` +- slave# mkdir /var/heimdal ++ slave# mkdir /var/lib/heimdal + slave# hpropd + + The master will use the principal `kadmin/hprop' to authenticate to the +@@ -870,7 +870,7 @@ + The program that runs on the master is `ipropd-master' and all clients + run `ipropd-slave'. + +-Create the file `/var/heimdal/slaves' on the master containing all the ++Create the file `/var/lib/heimdal/slaves' on the master containing all the + slaves that the database should be propagated to. Each line contains + the full name of the principal (for example + `iprop/[EMAIL PROTECTED]'). +@@ -888,7 +888,7 @@ + + The next step is to start the `ipropd-master' process on the master + server. The `ipropd-master' listens on the UNIX domain socket +-`/var/heimdal/signal' to know when changes have been made to the ++`/var/lib/heimdal/signal' to know when changes have been made to the + database so they can be propagated to the slaves. There is also a + safety feature of testing the version number regularly (every 30 + seconds) to see if it has been modified by some means that do not raise + +diff -Naur heimdal-0.7-orig/doc/setup.texi heimdal-0.7/doc/setup.texi +--- heimdal-0.7-orig/doc/setup.texi 2005-06-16 16:27:48.000000000 +0000 ++++ heimdal-0.7/doc/setup.texi 2005-07-23 23:26:08.000000000 +0000 +@@ -105,17 +105,17 @@ + @section Creating the database + + The database library will look for the database in the directory [EMAIL PROTECTED]/var/heimdal}, so you should probably create that directory. [EMAIL PROTECTED]/var/lib/heimdal}, so you should probably create that directory. + Make sure the directory has restrictive permissions. + + @example +-# mkdir /var/heimdal ++# mkdir /var/lib/heimdal + @end example + + The keys of all the principals are stored in the database. If you + choose to, these can be encrypted with a master key. You do not have to + remember this key (or password), but just to enter it once and it will +-be stored in a file (@file{/var/heimdal/m-key}). If you want to have a ++be stored in a file (@file{/var/lib/heimdal/m-key}). If you want to have a + master key, run @samp{kstash} to create this master key: + + @example +@@ -335,7 +335,7 @@ + as @samp{749/tcp}. + + Access to the administration server is controlled by an ACL file, (default [EMAIL PROTECTED]/var/heimdal/kadmind.acl}.) The lines in the access file, have the [EMAIL PROTECTED]/var/lib/heimdal/kadmind.acl}.) The lines in the access file, have the + following syntax: + @smallexample + principal [priv1,priv2,...] [glob-pattern] +@@ -498,7 +498,7 @@ + + @example + slave# ktutil get -p foo/admin hprop/`hostname` +-slave# mkdir /var/heimdal ++slave# mkdir /var/lib/heimdal + slave# hpropd + @end example + +@@ -550,7 +550,7 @@ + The program that runs on the master is @command{ipropd-master} and all + clients run @command{ipropd-slave}. + +-Create the file @file{/var/heimdal/slaves} on the master containing all ++Create the file @file{/var/lib/heimdal/slaves} on the master containing all + the slaves that the database should be propagated to. Each line contains + the full name of the principal (for example + @samp{iprop/hemligare.foo.se@@FOO.SE}). +@@ -571,7 +571,7 @@ + + The next step is to start the @command{ipropd-master} process on the master + server. The @command{ipropd-master} listens on the UNIX domain socket [EMAIL PROTECTED]/var/heimdal/signal} to know when changes have been made to the [EMAIL PROTECTED]/var/lib/heimdal/signal} to know when changes have been made to the + database so they can be propagated to the slaves. There is also a + safety feature of testing the version number regularly (every 30 + seconds) to see if it has been modified by some means that do not raise + +diff -Naur heimdal-0.7-orig/kadmin/kadmind.8 heimdal-0.7/kadmin/kadmind.8 +--- heimdal-0.7-orig/kadmin/kadmind.8 2005-06-16 16:27:56.000000000 +0000 ++++ heimdal-0.7/kadmin/kadmind.8 2005-07-23 23:27:41.000000000 +0000 +@@ -85,7 +85,7 @@ + Principals are always allowed to change their own password and list + their own principal. Apart from that, doing any operation requires + permission explicitly added in the ACL file +-.Pa /var/heimdal/kadmind.acl . ++.Pa /var/lib/heimdal/kadmind.acl . + The format of this file is: + .Bd -ragged + .Va principal +@@ -155,7 +155,7 @@ + .El + .\".Sh ENVIRONMENT + .Sh FILES +-.Pa /var/heimdal/kadmind.acl ++.Pa /var/lib/heimdal/kadmind.acl + .Sh EXAMPLES + This will cause + .Nm + +diff -Naur heimdal-0.7-orig/kdc/kdc.8 heimdal-0.7/kdc/kdc.8 +--- heimdal-0.7-orig/kdc/kdc.8 2005-06-16 16:27:58.000000000 +0000 ++++ heimdal-0.7/kdc/kdc.8 2005-07-23 23:27:59.000000000 +0000 +@@ -77,7 +77,7 @@ + .Fl -config-file= Ns Ar file + .Xc + Specifies the location of the config file, the default is +-.Pa /var/heimdal/kdc.conf . ++.Pa /var/lib/heimdal/kdc.conf . + This is the only value that can't be specified in the config file. + .It Xo + .Fl p , + +diff -Naur heimdal-0.7-orig/kdc/kstash.8 heimdal-0.7/kdc/kstash.8 +--- heimdal-0.7-orig/kdc/kstash.8 2005-06-16 16:27:58.000000000 +0000 ++++ heimdal-0.7/kdc/kstash.8 2005-07-23 23:28:17.000000000 +0000 +@@ -89,7 +89,7 @@ + .El + .\".Sh ENVIRONMENT + .Sh FILES +-.Pa /var/heimdal/m-key ++.Pa /var/lib/heimdal/m-key + is the default keyfile is no other keyfile is specified. + The format of a Heimdal master key is the same as a keytab, so + .Nm ktutil + +diff -Naur heimdal-0.7-orig/lib/hdb/hdb.h heimdal-0.7/lib/hdb/hdb.h +--- heimdal-0.7-orig/lib/hdb/hdb.h 2005-06-16 16:28:05.000000000 +0000 ++++ heimdal-0.7/lib/hdb/hdb.h 2005-07-23 23:28:55.000000000 +0000 +@@ -86,7 +86,7 @@ + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); + }; + +-#define HDB_DB_DIR "/var/heimdal" ++#define HDB_DB_DIR "/var/lib/heimdal" + #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" + #define HDB_DB_FORMAT_ENTRY "hdb/db-format" + +diff -Naur heimdal-0.7-orig/lib/kadm5/iprop.8 heimdal-0.7/lib/kadm5/iprop.8 +--- heimdal-0.7-orig/lib/kadm5/iprop.8 2005-06-16 16:28:07.000000000 +0000 ++++ heimdal-0.7/lib/kadm5/iprop.8 2005-07-23 23:29:24.000000000 +0000 +@@ -93,7 +93,7 @@ + The slaves are specified by the contents of the + .Pa slaves + file in the KDC's database directory, e.g.\& +-.Pa /var/heimdal/slaves . ++.Pa /var/lib/heimdal/slaves . + This has principals one per-line of the form + .Dl ipropd/ Ns Ar slave Ns @ Ns Ar REALM + where +@@ -131,7 +131,7 @@ + There is a keep-alive feature logged in the master's + .Pa slave-stats + file (e.g.\& +-.Pa /var/heimdal/slave-stats ) . ++.Pa /var/lib/heimdal/slave-stats ) . + .Pp + Supported options for + .Nm ipropd-master : + +diff -Naur heimdal-0.7-orig/lib/krb5/krb5.conf.5 heimdal-0.7/lib/krb5/krb5.conf.5 +--- heimdal-0.7-orig/lib/krb5/krb5.conf.5 2005-06-16 16:28:09.000000000 +0000 ++++ heimdal-0.7/lib/krb5/krb5.conf.5 2005-07-23 23:30:45.000000000 +0000 +@@ -490,7 +490,7 @@ + default_domain = foo.se + } + [logging] +- kdc = FILE:/var/heimdal/kdc.log ++ kdc = FILE:/var/lib/heimdal/kdc.log + kdc = SYSLOG:INFO + default = SYSLOG:INFO:USER + .Ed + +diff -Naur heimdal-0.7-orig/lib/krb5/krb5.conf.cat5 heimdal-0.7/lib/krb5/krb5.conf.cat5 +--- heimdal-0.7-orig/lib/krb5/krb5.conf.cat5 2005-06-16 16:33:58.000000000 +0000 ++++ heimdal-0.7/lib/krb5/krb5.conf.cat5 2005-07-23 23:31:02.000000000 +0000 +@@ -503,7 +503,7 @@ + default_domain = foo.se + } + [logging] +- kdc = FILE:/var/heimdal/kdc.log ++ kdc = FILE:/var/lib/heimdal/kdc.log + kdc = SYSLOG:INFO + default = SYSLOG:INFO:USER + -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
