From 0e5bcbfa6c0b83de7bd2013d2c0b74a1e4affa9d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 7 Apr 2003 03:31:11 +0000 Subject: Sync with sudo 1.6.7p3; fixes kerberos 5 compilation issues w/ MIT kerberos. --- usr.bin/sudo/CHANGES | 6 ++++ usr.bin/sudo/Makefile.in | 2 +- usr.bin/sudo/auth/kerb5.c | 12 ++++++-- usr.bin/sudo/config.h.in | 3 ++ usr.bin/sudo/configure | 73 ++++++++++++++++++++++++++++++++++++++++------- usr.bin/sudo/configure.in | 17 +++++++++-- usr.bin/sudo/version.h | 2 +- 7 files changed, 96 insertions(+), 19 deletions(-) diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 31bce32bcc9..b4290f8c3d1 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1615,3 +1615,9 @@ Sudo 1.6.7p1 released. caused problems on Tru64 Unix. Sudo 1.6.7p2 released. + +507) Kerberos V support should work on latest MIT Kerberos V and Heimdal. + +Sudo 1.6.7p3 released. + +508) BSD-style warn/err functions are now used throughout. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 451433fcb76..027522c894f 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -140,7 +140,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.7p2 +VERSION = 1.6.7p3 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c index 151b40573cd..358c4f18e37 100644 --- a/usr.bin/sudo/auth/kerb5.c +++ b/usr.bin/sudo/auth/kerb5.c @@ -65,9 +65,15 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: kerb5.c,v 1.14 2003/04/02 18:57:34 millert Exp $"; +static const char rcsid[] = "$Sudo: kerb5.c,v 1.16 2003/04/04 17:46:57 millert Exp $"; #endif /* lint */ +#ifdef HAVE_HEIMDAL +# define krb5_free_data_contents(c, d) krb5_data_free(d) +#else +# define krb5_principal_get_realm(c, p) (krb5_princ_realm(c, p)->data) +#endif + static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *)); static struct _sudo_krb5_data { krb5_context sudo_context; @@ -276,7 +282,7 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name) * and enctype is currently ignored anyhow.) */ if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0, - ETYPE_DES_CBC_MD5, &keyblock))) { + ENCTYPE_DES_CBC_MD5, &keyblock))) { /* Keytab or service key does not exist. */ log_error(NO_EXIT, "%s: host service key not found: %s", auth_name, @@ -301,7 +307,7 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name) NULL, NULL, NULL); cleanup: if (packet.data) - krb5_data_free(&packet); + krb5_free_data_contents(sudo_context, &packet); krb5_free_principal(sudo_context, princ); if (error) diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in index cbcc2200d0a..de446890570 100644 --- a/usr.bin/sudo/config.h.in +++ b/usr.bin/sudo/config.h.in @@ -124,6 +124,9 @@ passwords) */ #undef HAVE_GETSPWUID +/* Define if your Kerberos is Heimdal. */ +#undef HAVE_HEIMDAL + /* Define to 1 if you have the `initgroups' function. */ #undef HAVE_INITGROUPS diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index 20168b173f2..43b3c71d9ef 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.57 for sudo 1.6.7p2. +# Generated by GNU Autoconf 2.57 for sudo 1.6.7p3. # # Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 # Free Software Foundation, Inc. @@ -266,8 +266,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.6.7p2' -PACKAGE_STRING='sudo 1.6.7p2' +PACKAGE_VERSION='1.6.7p3' +PACKAGE_STRING='sudo 1.6.7p3' PACKAGE_BUGREPORT='' # Factoring default headers for most tests. @@ -776,7 +776,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.6.7p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.6.7p3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -837,7 +837,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.6.7p2:";; + short | recursive ) echo "Configuration of sudo 1.6.7p3:";; esac cat <<\_ACEOF @@ -1004,7 +1004,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.6.7p2 +sudo configure 1.6.7p3 generated by GNU Autoconf 2.57 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -1019,7 +1019,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.6.7p2, which was +It was created by sudo $as_me 1.6.7p3, which was generated by GNU Autoconf 2.57. Invocation command line was $ $0 $@ @@ -1357,8 +1357,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h pathnames.h" -{ echo "$as_me:$LINENO: Configuring Sudo version 1.6.7p2" >&5 -echo "$as_me: Configuring Sudo version 1.6.7p2" >&6;} +{ echo "$as_me:$LINENO: Configuring Sudo version 1.6.7p3" >&5 +echo "$as_me: Configuring Sudo version 1.6.7p3" >&6;} @@ -13363,6 +13363,52 @@ _ACEOF AUTH_OBJS="${AUTH_OBJS} kerb5.o" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 +echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +const char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\_ACEOF +#define HAVE_HEIMDAL 1 +_ACEOF + + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.$ac_objext conftest.$ac_ext fi fi if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then @@ -13457,6 +13503,11 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\_ACEOF +#define HAVE_HEIMDAL 1 +_ACEOF + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" echo "$as_me:$LINENO: checking for main in -lroken" >&5 echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6 @@ -14646,7 +14697,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by sudo $as_me 1.6.7p2, which was +This file was extended by sudo $as_me 1.6.7p3, which was generated by GNU Autoconf 2.57. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14706,7 +14757,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.6.7p2 +sudo config.status 1.6.7p3 configured by $0, generated by GNU Autoconf 2.57, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index bc67c458f3c..58255a12005 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -1,15 +1,15 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.381 2003/04/02 18:45:35 millert Exp $ +dnl $Sudo: configure.in,v 1.382 2003/04/04 17:45:24 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2003 Todd C. Miller dnl -AC_INIT(sudo, 1.6.7p2) +AC_INIT(sudo, 1.6.7p3) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -AC_MSG_NOTICE([Configuring Sudo version 1.6.7p2]) +AC_MSG_NOTICE([Configuring Sudo version 1.6.7p3]) dnl dnl Variables that get substituted in the Makefile and man pages dnl @@ -1779,6 +1779,16 @@ if test "$with_kerb5" = "yes"; then AUTH_OBJS="${AUTH_OBJS} kerb5.o" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + dnl + dnl Try to determine whether we have Heimdal or MIT Kerberos + dnl + AC_MSG_CHECKING(whether we are using Heimdal) + AC_TRY_COMPILE([#include ], [const char *tmp = heimdal_version;], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_HEIMDAL, 1, [Define if your Kerberos is Heimdal.]) + ] + ) fi fi if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then @@ -1810,6 +1820,7 @@ if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then AC_TRY_COMPILE([#include ], [const char *tmp = heimdal_version;], [ AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_HEIMDAL, 1, [Define if your Kerberos is Heimdal.]) SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) ], [ diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 6fb72bff8a9..461415158be 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -37,6 +37,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.7p2"; +static const char version[] = "1.6.7p3"; #endif /* _SUDO_VERSION_H */ -- cgit v1.2.3