Johan van Selst johans at
Sun Sep 2 09:04:02 UTC 2012

Author: johans
Date: Sun Sep  2 09:04:01 2012
New Revision: 303539

  - Add patch to fix getsubopt() parsing
    Fixes setting of "realm-kdc" and "server-realm"
  - Reduce Makefile header
  Submitted by:	Mats Erik Andersson <openbsd at>

  head/security/shishi/files/patch-suboptions   (contents, props changed)

Modified: head/security/shishi/Makefile
--- head/security/shishi/Makefile	Sun Sep  2 08:26:16 2012	(r303538)
+++ head/security/shishi/Makefile	Sun Sep  2 09:04:01 2012	(r303539)
@@ -1,14 +1,8 @@
-# ex:ts=8
-# Ports collection makefile for:	shishi
-# Date created:			Oct 19, 2003
-# Whom:				ijliao
 # $FreeBSD$
 PORTNAME=	shishi
 CATEGORIES=	security

Added: head/security/shishi/files/patch-suboptions
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/shishi/files/patch-suboptions	Sun Sep  2 09:04:01 2012	(r303539)
@@ -0,0 +1,256 @@
+>From c688c20e7df466a352f7263c3ec93e3e94c14e3a Mon Sep 17 00:00:00 2001
+From: Mats Erik Andersson <address at hidden>
+Date: Thu, 23 Aug 2012 22:10:33 +0200
+Subject: [PATCH] Configuration parsing of suboptions.
+The library call getsubopt() is not portable
+enough to rely on a catch all case `-1'.
+In particular, FreeBSD was not able to parse
+`kdc-realm=EX.ORG,localhost' at all.
+ lib/cfg.c      |  109 ++++++++++++++++++++++++++++++++------------------------
+ lib/init.c     |    5 ++-
+ lib/realm.c    |   29 +++++++++++++++
+ |    7 +++-
+ 4 files changed, 100 insertions(+), 50 deletions(-)
+diff --git lib/cfg.c b/lib/cfg.c
+index a0e39b3..9b9414e 100644
+--- lib/cfg.c
++++ lib/cfg.c
+@@ -117,7 +117,6 @@ shishi_cfg (Shishi * handle, const char *option)
+   char *opt = option ? xstrdup (option) : NULL;
+   char *p = opt;
+   char *value;
+-  char *realm = NULL;
+   int res;
+   size_t i;
+@@ -182,6 +181,10 @@ shishi_cfg (Shishi * handle, const char *option)
+ 	  {
++	    struct Shishi_realminfo *ri;
++	    char *realm = NULL;
++	    char *protstr;
++	    int transport = UDP;
+ 	    int add_realm = 1;
+ 	    realm = xstrdup (value);
+@@ -194,6 +197,7 @@ shishi_cfg (Shishi * handle, const char *option)
+ 		      free (handle->realminfos[i].kdcaddresses);
+ 		      handle->realminfos[i].kdcaddresses = NULL;
+ 		      handle->realminfos[i].nkdcaddresses = 0;
++		      ri = &handle->realminfos[i];
+ 		      add_realm = 0;
+ 		    }
+ 		  break;
+@@ -206,19 +210,71 @@ shishi_cfg (Shishi * handle, const char *option)
+ 		memset (&handle->realminfos[handle->nrealminfos], 0,
+ 			sizeof (handle->realminfos[handle->nrealminfos]));
+ 		handle->realminfos[handle->nrealminfos].name = realm;
++		ri = &handle->realminfos[handle->nrealminfos];
+ 		handle->nrealminfos++;
+ 	      }
++	    if ((protstr = strchr (p, '/')))
++	      {
++		*protstr = '\0';
++		protstr++;
++		if (strcasecmp (protstr, "udp") == 0)
++		  transport = UDP;
++		else if (strcasecmp (protstr, "tcp") == 0)
++		  transport = TCP;
++		else if (strcasecmp (protstr, "tls") == 0)
++		  transport = TLS;
++		else
++		  shishi_warn (handle,
++			       "Ignoring unknown KDC transport: %s",
++				   protstr);
++	      }
++	    ri->kdcaddresses = xrealloc (ri->kdcaddresses,
++					 (ri->nkdcaddresses + 1) *
++					   sizeof (*ri->kdcaddresses));
++	    ri->kdcaddresses[ri->nkdcaddresses].transport = transport;
++	    ri->kdcaddresses[ri->nkdcaddresses].hostname = xstrdup (p);
++	    if ((protstr = strchr (value, ':')))
++	      {
++		*protstr = '\0';
++		protstr++;
++		ri->kdcaddresses[ri->nkdcaddresses].port = protstr;
++	      }
++	    else
++	      ri->kdcaddresses[ri->nkdcaddresses].port = NULL;
++	    ri->nkdcaddresses++;
++	    p = NULL;	/* Done with suboptions.  */
+ 	  }
+ 	  break;
+ 	  {
+ 	    struct Shishi_realminfo *ri;
+-	    ri = _shishi_realminfo_new (handle, value);
+-	    ri->serverwildcards = xrealloc (ri->serverwildcards,
+-					    ++ri->nserverwildcards *
+-					    sizeof (*ri->serverwildcards));
+-	    ri->serverwildcards[ri->nserverwildcards - 1] = xstrdup (value);
++	    char *subopts, *part, *next;
++	    if (!p || (*p == 0))
++	      {
++		shishi_warn (handle, "Empty server-realm for '%s'.", value);
++		break;
++	      }
++	    ri = _shishi_realminfo_new (handle, xstrdup (value));
++	    part = subopts = xstrdup (p);	/* List of patterns.  */
++	    while (part && *part)
++	      {
++		next = strchr (part, ',');
++		if (next)
++		  *(next++) = '\0';
++		ri->serverwildcards = xrealloc (ri->serverwildcards,
++						++ri->nserverwildcards *
++						sizeof (*ri->serverwildcards));
++		ri->serverwildcards[ri->nserverwildcards - 1] = xstrdup (part);
++		part = next;
++	      }
++	    p = NULL;	/* Done with suboptions.  */
+ 	  }
+ 	  break;
+@@ -275,47 +331,6 @@ shishi_cfg (Shishi * handle, const char *option)
+ 	case -1:
+ 	  if (!value)
+ 	    break;
+-	  for (i = 0; i < handle->nrealminfos; i++)
+-	    if (realm && strcmp (handle->realminfos[i].name, realm) == 0)
+-	      {
+-		struct Shishi_realminfo *ri = &handle->realminfos[i];
+-		char *protstr;
+-		int transport = UDP;
+-		if ((protstr = strchr (value, '/')))
+-		  {
+-		    *protstr = '\0';
+-		    protstr++;
+-		    if (strcasecmp (protstr, "udp") == 0)
+-		      transport = UDP;
+-		    else if (strcasecmp (protstr, "tcp") == 0)
+-		      transport = TCP;
+-		    else if (strcasecmp (protstr, "tls") == 0)
+-		      transport = TLS;
+-		    else
+-		      shishi_warn (handle,
+-				   "Ignoring unknown KDC transport: %s",
+-				   protstr);
+-		  }
+-		ri->kdcaddresses = xrealloc (ri->kdcaddresses,
+-					     (ri->nkdcaddresses + 1) *
+-					     sizeof (*ri->kdcaddresses));
+-		ri->kdcaddresses[ri->nkdcaddresses].transport = transport;
+-		ri->kdcaddresses[ri->nkdcaddresses].hostname =
+-		  xstrdup (value);
+-		if ((protstr = strchr (value, ':')))
+-		  {
+-		    *protstr = '\0';
+-		    protstr++;
+-		    ri->kdcaddresses[ri->nkdcaddresses].port = protstr;
+-		  }
+-		else
+-		  ri->kdcaddresses[ri->nkdcaddresses].port = NULL;
+-		ri->nkdcaddresses++;
+-	      }
+-	  if (realm)
+-	    break;
+ 	  /* fall through */
+ 	default:
+diff --git lib/init.c b/lib/init.c
+index 7fb349c..8c61001 100644
+--- lib/init.c
++++ lib/init.c
+@@ -175,7 +175,7 @@ shishi_done (Shishi * handle)
+   if (handle->realminfos)
+     {
+-      size_t i;
++      size_t i, j;
+       for (i = 0; i < handle->nrealminfos; i++)
+ 	{
+@@ -183,6 +183,9 @@ shishi_done (Shishi * handle)
+ 	  free (handle->realminfos[i].kdcaddresses);
+ 	  free (handle->realminfos[i].name);
++	  for (j = 0; j < handle->realminfos[i].nserverwildcards; j++)
++	    free (handle->realminfos[i].serverwildcards[j]);
+ 	}
+     }
+diff --git lib/realm.c b/lib/realm.c
+index b17010d..1b7c005 100644
+--- lib/realm.c
++++ lib/realm.c
+@@ -111,6 +111,35 @@ shishi_realm_default_set (Shishi * handle, const char *realm)
+ char *
+ shishi_realm_for_server_file (Shishi * handle, char *server)
+ {
++  struct Shishi_realminfo *ri;
++  size_t i, j;
++  char *p;
++  for (i = 0; i < handle->nrealminfos; i++)
++    {
++      ri = &handle->realminfos[i];
++      if (!ri->nserverwildcards)
++	continue;
++      for (j = 0; j < ri->nserverwildcards; j++)
++	{
++	  /* Exact server name match.  */
++	  if (strcmp (server, ri->serverwildcards[j]) == 0)
++	    return ri->name;
++	  /* Is this a tail pattern?  */
++	  if (*(ri->serverwildcards[j]) != '.')
++	    continue;
++	  /* Domain part matching.  */
++	  p = server;
++	  while (p = strchr (p, '.'))
++	    if (strcmp (p++, ri->serverwildcards[j]) == 0)
++	      return ri->name;
++	}
++    }
+   return NULL;
+ }
+diff --git b/
+index 98db22b..2d2c285 100644
+@@ -70,8 +70,11 @@
+ # Specify realm for servers.
+-# SERVERREGEXP is a regular expression matching servers in the realm.
+-# The first match is used.
++# SERVERREGEXP is a pattern used to establish membership in the
++# given realm.  The pattern is either the exact name of a server,
++# or a trailing domain part expected in a qualified server name,
++# whenever the pattern commences with a period.  The first match
++# found will be used in library calls.
+ #server-realm=JOSEFSSON.ORG,
+ # How long shishi waits for a response from a KDC before continuing

