add krb5, the MIT Kerberos 5 implementation (#6101)
authorJo-Philipp Wich <jow@openwrt.org>
Fri, 18 Dec 2009 19:46:07 +0000 (19:46 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Fri, 18 Dec 2009 19:46:07 +0000 (19:46 +0000)
SVN-Revision: 18842

net/krb5/Makefile [new file with mode: 0644]
net/krb5/files/krb5kdc [new file with mode: 0644]
net/krb5/patches/001-uclibc-symbol-collision-fix.patch [new file with mode: 0644]

diff --git a/net/krb5/Makefile b/net/krb5/Makefile
new file mode 100644 (file)
index 0000000..abdae61
--- /dev/null
@@ -0,0 +1,157 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=krb5
+PKG_VERSION:=1.7
+PKG_RELEASE:=1
+
+PKG_SOURCE:=krb5-$(PKG_VERSION)-signed.tar
+PKG_SOURCE_URL:=http://web.mit.edu/kerberos/dist/krb5/1.7/
+PKG_MD5SUM:=9f7b3402b4731a7fa543db193bf1b564
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/krb5/Default
+       SECTION:=net
+       CATAGORY:=Network
+       TITLE:=Kerberos
+       URL:=http://web.mit.edu/kerberos/
+endef
+
+define Package/krb5-libs
+       SECTION:=net
+       CATAGORY:=Network
+       TITLE:=Kerberos
+       DEPENDS:=+libncurses
+       TITLE:=Kerberos 5 Shared Libraries
+       URL:=http://web.mit.edu/kerberos/
+endef
+
+define Package/krb5-server
+       $(call Package/krb5/Default)
+       DEPENDS:=+krb5-libs
+       TITLE:=Kerberos 5 Server
+endef
+
+define Package/krb5-client
+       $(call Package/krb5/Default)
+       TITLE:=Kerberos 5 Client
+endef
+
+define Package/krb5-apps
+       $(call Package/krb5/Default)
+       TITLE:=Kerberized Network Applications
+endef
+
+define Package/krb5-daemons
+       $(call Package/krb5/Default)
+       TITLE:=Kerberized Network Daemons
+endef
+
+define Package/krb5/decription
+       Kerberos
+endef
+
+define Build/Prepare
+       # Krb5 tarball contains signature and a second tarball
+       # containing source code.
+       tar xf "$(DL_DIR)/$(PKG_SOURCE)" -C "$(BUILD_DIR)"
+       tar xzf "$(BUILD_DIR)/krb5-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)"
+       patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-uclibc-symbol-collision-fix.patch"
+endef
+
+CONFIGURE_PATH = ./src
+
+CONFIGURE_VARS += \
+       cross_compiling=yes \
+       krb5_cv_attr_constructor_destructor=yes,yes \
+       ac_cv_func_regcomp=yes \
+       ac_cv_printf_positional=yes \
+       ac_cv_file__etc_environment=no \
+       ac_cv_file__etc_TIMEZONE=no
+
+CONFIGURE_ARGS += \
+       --enable-thread-support \
+       --without-krb4 \
+       --without-tcl \
+       --disable-ipv6
+
+define Build/Configure
+       $(call Build/Configure/Default)
+endef
+
+define Build/Compile
+       rm -rf "$(PKG_INSTALL_DIR)"
+       mkdir -p "$(PKG_INSTALL_DIR)"
+       $(MAKE) -C $(PKG_BUILD_DIR)/src \
+               DESTDIR="$(PKG_INSTALL_DIR)" \
+               CFLAGS="$(TARGET_CFLAGS)" \
+               CC="$(TARGET_CC)" \
+               all install
+endef
+
+define Package/krb5-libs/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(INSTALL_DIR) $(1)/usr/lib/krb5
+       $(INSTALL_DIR) $(1)/usr/lib/krb5/plugins
+       $(INSTALL_DIR) $(1)/usr/lib/krb5/plugins/kdb
+       $(INSTALL_DIR) $(1)/usr/lib/krb5/plugins/libkrb5
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/krb5/plugins/kdb/db2.so $(1)/usr/lib/krb5/plugins/kdb
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib
+endef
+
+define Package/krb5-client/install
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/kdestroy $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/kinit $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/klist $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/kpasswd $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ksu $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/kvno $(1)/usr/bin
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/krb5-send-pr $(1)/usr/sbin
+endef
+
+define Package/krb5-server/install
+       $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_BIN) ./files/krb5kdc $(1)/etc/init.d/krb5kdc
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmin.local $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kdb5_util $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kdb5_util $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kprop $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kpropd $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/krb5kdc $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sim_server $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sserver $(1)/usr/sbin
+endef
+
+define Package/krb5-apps/install
+       $(INSTALL_DIR) $(1)/usr/kerberos
+       $(INSTALL_DIR) $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ftp $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rcp $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rlogin $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rsh $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/telnet $(1)/usr/kerberos/bin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uuclient $(1)/usr/kerberos/bin
+endef
+
+define Package/krb5-daemons/install
+       $(INSTALL_DIR) $(1)/usr/kerberos/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ftpd $(1)/usr/kerberos/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/klogind $(1)/usr/kerberos/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/login.krb5 $(1)/usr/kerberos/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/telnetd $(1)/usr/kerberos/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/uuserver $(1)/usr/kerberos/sbin
+endef
+
+$(eval $(call BuildPackage,krb5-libs))
+$(eval $(call BuildPackage,krb5-server))
+$(eval $(call BuildPackage,krb5-client))
+$(eval $(call BuildPackage,krb5-apps))
+$(eval $(call BuildPackage,krb5-daemons))
diff --git a/net/krb5/files/krb5kdc b/net/krb5/files/krb5kdc
new file mode 100644 (file)
index 0000000..2143363
--- /dev/null
@@ -0,0 +1,17 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009 OpenWrt.org
+
+START=60
+
+start() {
+       mkdir -p /var/tmp
+       mkdir -p /var/krb5kdc
+       
+       [ -f /var/krb5kdc/principal ] || ( echo; echo ) | kdb5_util create -s
+       
+       /usr/sbin/krb5kdc
+}
+
+stop() {
+       killall krb5kdc 2> /dev/null
+}
diff --git a/net/krb5/patches/001-uclibc-symbol-collision-fix.patch b/net/krb5/patches/001-uclibc-symbol-collision-fix.patch
new file mode 100644 (file)
index 0000000..7a98835
--- /dev/null
@@ -0,0 +1,670 @@
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/Makefile.in krb5-1.7/src/appl/gssftp/ftp/Makefile.in
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/Makefile.in   2009-09-30 22:58:22.000000000 -0400
++++ krb5-1.7/src/appl/gssftp/ftp/Makefile.in   2009-10-01 15:35:02.000000000 -0400
+@@ -12,14 +12,14 @@
+ SRCS  = $(srcdir)/cmds.c $(srcdir)/cmdtab.c $(srcdir)/domacro.c \
+         $(srcdir)/ftp.c $(srcdir)/getpass.c $(srcdir)/glob.c \
+         $(srcdir)/main.c $(srcdir)/radix.c \
+-        $(srcdir)/ruserpass.c $(srcdir)/secure.c 
++        $(srcdir)/ruserpw.c $(srcdir)/secure.c 
+ OBJS  = $(OUTPRE)cmds.$(OBJEXT) $(OUTPRE)cmdtab.$(OBJEXT) \
+         $(OUTPRE)domacro.$(OBJEXT) $(OUTPRE)ftp.$(OBJEXT) \
+         $(OUTPRE)getpass.$(OBJEXT) $(OUTPRE)glob.$(OBJEXT) \
+         $(OUTPRE)main.$(OBJEXT) $(OUTPRE)radix.$(OBJEXT) \
+-        $(OUTPRE)ruserpass.$(OBJEXT) $(OUTPRE)secure.$(OBJEXT)
++        $(OUTPRE)ruserpw.$(OBJEXT) $(OUTPRE)secure.$(OBJEXT)
+ LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)
+@@ -47,7 +47,7 @@
+       done
+ ftp.o cmds.o main.o:  $(srcdir)/../arpa/ftp.h
+-ftp.o cmds.o cmdtab.o domacro.o main.o ruserpass.o: $(srcdir)/ftp_var.h 
++ftp.o cmds.o cmdtab.o domacro.o main.o ruserpw.o: $(srcdir)/ftp_var.h 
+ secure.o: secure.h
+ cmds.o: $(srcdir)/cmds.c
+@@ -57,7 +57,7 @@
+ glob.o: $(srcdir)/glob.c
+ main.o: $(srcdir)/main.c
+ pclose.o: $(srcdir)/pclose.c
+-ruserpass.o: $(srcdir)/ruserpass.c
++ruserpw.o: $(srcdir)/ruserpw.c
+ domacro.o: $(srcdir)/domacro.c
+ radix.o: $(srcdir)/radix.c
+ secure.o: $(srcdir)/secure.c
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/deps krb5-1.7/src/appl/gssftp/ftp/deps
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/deps  2009-09-30 22:58:24.000000000 -0400
++++ krb5-1.7/src/appl/gssftp/ftp/deps  2009-10-01 15:35:02.000000000 -0400
+@@ -22,7 +22,7 @@
+   $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \
+   ftp_var.h main.c
+ $(OUTPRE)radix.$(OBJEXT): ftp_var.h radix.c
+-$(OUTPRE)ruserpass.$(OBJEXT): ftp_var.h ruserpass.c
++$(OUTPRE)ruserpw.$(OBJEXT): ftp_var.h ruserpw.c
+ $(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+   $(srcdir)/../arpa/ftp.h secure.c secure.h
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/ftp.c krb5-1.7/src/appl/gssftp/ftp/ftp.c
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/ftp.c 2009-09-30 22:58:22.000000000 -0400
++++ krb5-1.7/src/appl/gssftp/ftp/ftp.c 2009-10-01 15:35:03.000000000 -0400
+@@ -318,7 +318,7 @@
+       int n, aflag = 0;
+       l_user = pass = l_acct = 0;
+-      if (ruserpass(host, &l_user, &pass, &l_acct) < 0) {
++      if (ruserpw(host, &l_user, &pass, &l_acct) < 0) {
+               code = -1;
+               return(0);
+       }
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/ftp_var.h krb5-1.7/src/appl/gssftp/ftp/ftp_var.h
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/ftp_var.h     2009-09-30 22:58:23.000000000 -0400
++++ krb5-1.7/src/appl/gssftp/ftp/ftp_var.h     2009-10-01 15:35:03.000000000 -0400
+@@ -274,8 +274,8 @@
+ struct cmd *getcmd (char *);
+-/* ruserpass.c */
+-int ruserpass (char *, char **, char **, char **);
++/* ruserpw.c */
++int ruserpw (char *, char **, char **, char **);
+ /* radix.h */
+ int radix_encode (unsigned char *, unsigned char *, int *, int);
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/ruserpass.c krb5-1.7/src/appl/gssftp/ftp/ruserpass.c
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/ruserpass.c   2009-09-30 22:58:24.000000000 -0400
++++ krb5-1.7/src/appl/gssftp/ftp/ruserpass.c   1969-12-31 19:00:00.000000000 -0500
+@@ -1,293 +0,0 @@
+-/*
+- * Copyright (c) 1985 Regents of the University of California.
+- * All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    This product includes software developed by the University of
+- *    California, Berkeley and its contributors.
+- * 4. Neither the name of the University nor the names of its contributors
+- *    may be used to endorse or promote products derived from this software
+- *    without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-#ifndef lint
+-static char sccsid[] = "@(#)ruserpass.c       5.3 (Berkeley) 3/1/91";
+-#endif /* not lint */
+-
+-#include <sys/types.h>
+-#include <stdio.h>
+-#include <string.h>
+-#ifdef HAVE_STDLIB_H
+-#include <stdlib.h>
+-#endif
+-#ifdef HAVE_UNISTD_H
+-#include <unistd.h>
+-#endif
+-#include <ctype.h>
+-#include <sys/stat.h>
+-#include <errno.h>
+-#include "ftp_var.h"
+-
+-#ifdef _WIN32
+-#include <win-mac.h>
+-#endif
+-
+-#ifndef MAXHOSTNAMELEN
+-#define MAXHOSTNAMELEN 64
+-#endif
+-
+-static int token (void);
+-static        FILE *cfile;
+-
+-#define       DEFAULT 1
+-#define       LOGIN   2
+-#define       PASSWD  3
+-#define       ACCOUNT 4
+-#define MACDEF  5
+-#define       ID      10
+-#define       MACH    11
+-
+-static char tokval[100];
+-
+-static struct toktab {
+-      char *tokstr;
+-      int tval;
+-} toktab[]= {
+-      { "default",    DEFAULT },
+-      { "login",      LOGIN },
+-      { "password",   PASSWD },
+-      { "passwd",     PASSWD },
+-      { "account",    ACCOUNT },
+-      { "machine",    MACH },
+-      { "macdef",     MACDEF },
+-      { NULL,         0 }
+-};
+-
+-
+-static int
+-token()
+-{
+-      char *cp;
+-      int c;
+-      struct toktab *t;
+-
+-      if (feof(cfile))
+-              return (0);
+-      while ((c = getc(cfile)) != EOF &&
+-          (c == '\n' || c == '\t' || c == ' ' || c == ','))
+-              continue;
+-      if (c == EOF)
+-              return (0);
+-      cp = tokval;
+-      if (c == '"') {
+-              while ((c = getc(cfile)) != EOF && c != '"') {
+-                      if (c == '\\')
+-                              c = getc(cfile);
+-                      *cp++ = c;
+-              }
+-      } else {
+-              *cp++ = c;
+-              while ((c = getc(cfile)) != EOF
+-                  && c != '\n' && c != '\t' && c != ' ' && c != ',') {
+-                      if (c == '\\')
+-                              c = getc(cfile);
+-                      *cp++ = c;
+-              }
+-      }
+-      *cp = 0;
+-      if (tokval[0] == 0)
+-              return (0);
+-      for (t = toktab; t->tokstr; t++)
+-              if (!strcmp(t->tokstr, tokval))
+-                      return (t->tval);
+-      return (ID);
+-}
+-
+-int 
+-ruserpass(host, aname, apass, aacct)
+-      char *host, **aname, **apass, **aacct;
+-{
+-      char *hdir, buf[FTP_BUFSIZ], *tmp;
+-      char myname[MAXHOSTNAMELEN + 1], *mydomain;
+-      int t, i, c, usedefault = 0;
+-      struct stat stb;
+-
+-      hdir = getenv("HOME");
+-      if (hdir == NULL)
+-              hdir = ".";
+-      (void) snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+-      cfile = fopen(buf, "r");
+-      if (cfile == NULL) {
+-              if (errno != ENOENT)
+-                      perror(buf);
+-              return(0);
+-      }
+-      if (gethostname(myname, sizeof(myname)) < 0)
+-              myname[0] = '\0';
+-      if ((mydomain = strchr(myname, '.')) == NULL)
+-              mydomain = "";
+-next:
+-      while ((t = token())) switch(t) {
+-
+-      case DEFAULT:
+-              usedefault = 1;
+-              /* FALL THROUGH */
+-
+-      case MACH:
+-              if (!usedefault) {
+-                      if (token() != ID)
+-                              continue;
+-                      /*
+-                       * Allow match either for user's input host name
+-                       * or official hostname.  Also allow match of 
+-                       * incompletely-specified host in local domain.
+-                       */
+-                      if (strcasecmp(host, tokval) == 0)
+-                              goto match;
+-                      if (strcasecmp(hostname, tokval) == 0)
+-                              goto match;
+-                      if ((tmp = strchr(hostname, '.')) != NULL &&
+-                          strcasecmp(tmp, mydomain) == 0 &&
+-                          strncasecmp(hostname, tokval,
+-                                      (unsigned) (tmp-hostname)) == 0 &&
+-                          tokval[tmp - hostname] == '\0')
+-                              goto match;
+-                      if ((tmp = strchr(host, '.')) != NULL &&
+-                          strcasecmp(tmp, mydomain) == 0 &&
+-                          strncasecmp(host, tokval,
+-                                      (unsigned ) (tmp - host)) == 0 &&
+-                          tokval[tmp - host] == '\0')
+-                              goto match;
+-                      continue;
+-              }
+-      match:
+-              while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+-
+-              case LOGIN:
+-                      if (token()) {
+-                              if (*aname == 0) { 
+-                                      *aname = strdup(tokval);
+-                              } else {
+-                                      if (strcmp(*aname, tokval))
+-                                              goto next;
+-                              }
+-                      }
+-                      break;
+-              case PASSWD:
+-                      if (strcmp(*aname, "anonymous") &&
+-                          fstat(fileno(cfile), &stb) >= 0 &&
+-                          (stb.st_mode & 077) != 0) {
+-      fprintf(stderr, "Error - .netrc file not correct mode.\n");
+-      fprintf(stderr, "Remove password or correct mode.\n");
+-                              goto bad;
+-                      }
+-                      if (token() && *apass == 0) {
+-                              *apass = strdup(tokval);
+-                      }
+-                      break;
+-              case ACCOUNT:
+-                      if (fstat(fileno(cfile), &stb) >= 0
+-                          && (stb.st_mode & 077) != 0) {
+-      fprintf(stderr, "Error - .netrc file not correct mode.\n");
+-      fprintf(stderr, "Remove account or correct mode.\n");
+-                              goto bad;
+-                      }
+-                      if (token() && *aacct == 0) {
+-                              *aacct = strdup(tokval);
+-                      }
+-                      break;
+-              case MACDEF:
+-                      if (proxy) {
+-                              (void) fclose(cfile);
+-                              return(0);
+-                      }
+-                      while ((c = getc(cfile)) != EOF)
+-                              if (c != ' ' && c != '\t')
+-                                      break;
+-                      if (c == EOF || c == '\n') {
+-                              printf("Missing macdef name argument.\n");
+-                              goto bad;
+-                      }
+-                      if (macnum == 16) {
+-                              printf("Limit of 16 macros have already been defined\n");
+-                              goto bad;
+-                      }
+-                      tmp = macros[macnum].mac_name;
+-                      *tmp++ = c;
+-                      for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
+-                          !isspace(c); ++i) {
+-                              *tmp++ = c;
+-                      }
+-                      if (c == EOF) {
+-                              printf("Macro definition missing null line terminator.\n");
+-                              goto bad;
+-                      }
+-                      *tmp = '\0';
+-                      if (c != '\n') {
+-                              while ((c=getc(cfile)) != EOF && c != '\n');
+-                      }
+-                      if (c == EOF) {
+-                              printf("Macro definition missing null line terminator.\n");
+-                              goto bad;
+-                      }
+-                      if (macnum == 0) {
+-                              macros[macnum].mac_start = macbuf;
+-                      }
+-                      else {
+-                              macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
+-                      }
+-                      tmp = macros[macnum].mac_start;
+-                      while (tmp != macbuf + 4096) {
+-                              if ((c=getc(cfile)) == EOF) {
+-                              printf("Macro definition missing null line terminator.\n");
+-                                      goto bad;
+-                              }
+-                              *tmp = c;
+-                              if (*tmp == '\n') {
+-                                      if (*(tmp-1) == '\0') {
+-                                         macros[macnum++].mac_end = tmp - 1;
+-                                         break;
+-                                      }
+-                                      *tmp = '\0';
+-                              }
+-                              tmp++;
+-                      }
+-                      if (tmp == macbuf + 4096) {
+-                              printf("4K macro buffer exceeded\n");
+-                              goto bad;
+-                      }
+-                      break;
+-              default:
+-      fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
+-                      break;
+-              }
+-              goto done;
+-      }
+-done:
+-      (void) fclose(cfile);
+-      return(0);
+-bad:
+-      (void) fclose(cfile);
+-      return(-1);
+-}
+diff -u --recursive --new-file krb5-1.7-vanilla/src/appl/gssftp/ftp/ruserpw.c krb5-1.7/src/appl/gssftp/ftp/ruserpw.c
+--- krb5-1.7-vanilla/src/appl/gssftp/ftp/ruserpw.c     1969-12-31 19:00:00.000000000 -0500
++++ krb5-1.7/src/appl/gssftp/ftp/ruserpw.c     2009-10-01 15:35:57.000000000 -0400
+@@ -0,0 +1,293 @@
++/*
++ * Copyright (c) 1985 Regents of the University of California.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *    This product includes software developed by the University of
++ *    California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ *    may be used to endorse or promote products derived from this software
++ *    without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#ifndef lint
++static char sccsid[] = "@(#)ruserpw.c 5.3 (Berkeley) 3/1/91";
++#endif /* not lint */
++
++#include <sys/types.h>
++#include <stdio.h>
++#include <string.h>
++#ifdef HAVE_STDLIB_H
++#include <stdlib.h>
++#endif
++#ifdef HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#include <ctype.h>
++#include <sys/stat.h>
++#include <errno.h>
++#include "ftp_var.h"
++
++#ifdef _WIN32
++#include <win-mac.h>
++#endif
++
++#ifndef MAXHOSTNAMELEN
++#define MAXHOSTNAMELEN 64
++#endif
++
++static int token (void);
++static        FILE *cfile;
++
++#define       DEFAULT 1
++#define       LOGIN   2
++#define       PASSWD  3
++#define       ACCOUNT 4
++#define MACDEF  5
++#define       ID      10
++#define       MACH    11
++
++static char tokval[100];
++
++static struct toktab {
++      char *tokstr;
++      int tval;
++} toktab[]= {
++      { "default",    DEFAULT },
++      { "login",      LOGIN },
++      { "password",   PASSWD },
++      { "passwd",     PASSWD },
++      { "account",    ACCOUNT },
++      { "machine",    MACH },
++      { "macdef",     MACDEF },
++      { NULL,         0 }
++};
++
++
++static int
++token()
++{
++      char *cp;
++      int c;
++      struct toktab *t;
++
++      if (feof(cfile))
++              return (0);
++      while ((c = getc(cfile)) != EOF &&
++          (c == '\n' || c == '\t' || c == ' ' || c == ','))
++              continue;
++      if (c == EOF)
++              return (0);
++      cp = tokval;
++      if (c == '"') {
++              while ((c = getc(cfile)) != EOF && c != '"') {
++                      if (c == '\\')
++                              c = getc(cfile);
++                      *cp++ = c;
++              }
++      } else {
++              *cp++ = c;
++              while ((c = getc(cfile)) != EOF
++                  && c != '\n' && c != '\t' && c != ' ' && c != ',') {
++                      if (c == '\\')
++                              c = getc(cfile);
++                      *cp++ = c;
++              }
++      }
++      *cp = 0;
++      if (tokval[0] == 0)
++              return (0);
++      for (t = toktab; t->tokstr; t++)
++              if (!strcmp(t->tokstr, tokval))
++                      return (t->tval);
++      return (ID);
++}
++
++int 
++ruserpw(host, aname, apass, aacct)
++      char *host, **aname, **apass, **aacct;
++{
++      char *hdir, buf[FTP_BUFSIZ], *tmp;
++      char myname[MAXHOSTNAMELEN + 1], *mydomain;
++      int t, i, c, usedefault = 0;
++      struct stat stb;
++
++      hdir = getenv("HOME");
++      if (hdir == NULL)
++              hdir = ".";
++      (void) snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
++      cfile = fopen(buf, "r");
++      if (cfile == NULL) {
++              if (errno != ENOENT)
++                      perror(buf);
++              return(0);
++      }
++      if (gethostname(myname, sizeof(myname)) < 0)
++              myname[0] = '\0';
++      if ((mydomain = strchr(myname, '.')) == NULL)
++              mydomain = "";
++next:
++      while ((t = token())) switch(t) {
++
++      case DEFAULT:
++              usedefault = 1;
++              /* FALL THROUGH */
++
++      case MACH:
++              if (!usedefault) {
++                      if (token() != ID)
++                              continue;
++                      /*
++                       * Allow match either for user's input host name
++                       * or official hostname.  Also allow match of 
++                       * incompletely-specified host in local domain.
++                       */
++                      if (strcasecmp(host, tokval) == 0)
++                              goto match;
++                      if (strcasecmp(hostname, tokval) == 0)
++                              goto match;
++                      if ((tmp = strchr(hostname, '.')) != NULL &&
++                          strcasecmp(tmp, mydomain) == 0 &&
++                          strncasecmp(hostname, tokval,
++                                      (unsigned) (tmp-hostname)) == 0 &&
++                          tokval[tmp - hostname] == '\0')
++                              goto match;
++                      if ((tmp = strchr(host, '.')) != NULL &&
++                          strcasecmp(tmp, mydomain) == 0 &&
++                          strncasecmp(host, tokval,
++                                      (unsigned ) (tmp - host)) == 0 &&
++                          tokval[tmp - host] == '\0')
++                              goto match;
++                      continue;
++              }
++      match:
++              while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
++
++              case LOGIN:
++                      if (token()) {
++                              if (*aname == 0) { 
++                                      *aname = strdup(tokval);
++                              } else {
++                                      if (strcmp(*aname, tokval))
++                                              goto next;
++                              }
++                      }
++                      break;
++              case PASSWD:
++                      if (strcmp(*aname, "anonymous") &&
++                          fstat(fileno(cfile), &stb) >= 0 &&
++                          (stb.st_mode & 077) != 0) {
++      fprintf(stderr, "Error - .netrc file not correct mode.\n");
++      fprintf(stderr, "Remove password or correct mode.\n");
++                              goto bad;
++                      }
++                      if (token() && *apass == 0) {
++                              *apass = strdup(tokval);
++                      }
++                      break;
++              case ACCOUNT:
++                      if (fstat(fileno(cfile), &stb) >= 0
++                          && (stb.st_mode & 077) != 0) {
++      fprintf(stderr, "Error - .netrc file not correct mode.\n");
++      fprintf(stderr, "Remove account or correct mode.\n");
++                              goto bad;
++                      }
++                      if (token() && *aacct == 0) {
++                              *aacct = strdup(tokval);
++                      }
++                      break;
++              case MACDEF:
++                      if (proxy) {
++                              (void) fclose(cfile);
++                              return(0);
++                      }
++                      while ((c = getc(cfile)) != EOF)
++                              if (c != ' ' && c != '\t')
++                                      break;
++                      if (c == EOF || c == '\n') {
++                              printf("Missing macdef name argument.\n");
++                              goto bad;
++                      }
++                      if (macnum == 16) {
++                              printf("Limit of 16 macros have already been defined\n");
++                              goto bad;
++                      }
++                      tmp = macros[macnum].mac_name;
++                      *tmp++ = c;
++                      for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
++                          !isspace(c); ++i) {
++                              *tmp++ = c;
++                      }
++                      if (c == EOF) {
++                              printf("Macro definition missing null line terminator.\n");
++                              goto bad;
++                      }
++                      *tmp = '\0';
++                      if (c != '\n') {
++                              while ((c=getc(cfile)) != EOF && c != '\n');
++                      }
++                      if (c == EOF) {
++                              printf("Macro definition missing null line terminator.\n");
++                              goto bad;
++                      }
++                      if (macnum == 0) {
++                              macros[macnum].mac_start = macbuf;
++                      }
++                      else {
++                              macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
++                      }
++                      tmp = macros[macnum].mac_start;
++                      while (tmp != macbuf + 4096) {
++                              if ((c=getc(cfile)) == EOF) {
++                              printf("Macro definition missing null line terminator.\n");
++                                      goto bad;
++                              }
++                              *tmp = c;
++                              if (*tmp == '\n') {
++                                      if (*(tmp-1) == '\0') {
++                                         macros[macnum++].mac_end = tmp - 1;
++                                         break;
++                                      }
++                                      *tmp = '\0';
++                              }
++                              tmp++;
++                      }
++                      if (tmp == macbuf + 4096) {
++                              printf("4K macro buffer exceeded\n");
++                              goto bad;
++                      }
++                      break;
++              default:
++      fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
++                      break;
++              }
++              goto done;
++      }
++done:
++      (void) fclose(cfile);
++      return(0);
++bad:
++      (void) fclose(cfile);
++      return(-1);
++}