From 2b1fd99a443d0c3bb4b2b18122587d9e5f33760d5a98a10b80866c7f816f4396 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 5 Nov 2007 23:44:27 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=9 --- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif | 49 +++++++++++++++++++++++ pam_krb5-2.2.20-1-debug-log-choice.dif | 19 +++++++++ pam_krb5.changes | 8 ++++ pam_krb5.spec | 11 ++++- 4 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 pam_krb5-2.2.20-1-copy-cache-priv-fix.dif create mode 100644 pam_krb5-2.2.20-1-debug-log-choice.dif diff --git a/pam_krb5-2.2.20-1-copy-cache-priv-fix.dif b/pam_krb5-2.2.20-1-copy-cache-priv-fix.dif new file mode 100644 index 0000000..555732e --- /dev/null +++ b/pam_krb5-2.2.20-1-copy-cache-priv-fix.dif @@ -0,0 +1,49 @@ +--- src/stash.c ++++ src/stash.c 2007/11/05 16:50:15 +@@ -888,10 +888,23 @@ + krb5_cc_close(ctx, occache); + return; + } ++ ++ /* switch effective user and group*/ ++ uid_t save_euid = geteuid(); ++ gid_t save_egid = getegid(); ++ ++ setresgid(-1, gid, save_egid); ++ setresuid(-1, uid, save_euid); ++ debug("switch to effective user %d:%d", geteuid(), getegid()); ++ + if (krb5_cc_resolve(ctx, newname, &nccache) != 0) { + warn("error creating ccache \"%s\"", newname); + free(newname); + krb5_cc_close(ctx, occache); ++ ++ /* switch back to old user */ ++ setresuid(-1, save_euid, -1); ++ setresgid(-1, save_egid, -1); + return; + } + if (_pam_krb5_stash_cc_copy(ctx, occache, nccache) == 0) { +@@ -905,6 +918,11 @@ + stash->v5ccnames->name = newname; + krb5_cc_close(ctx, nccache); + krb5_cc_destroy(ctx, occache); ++ ++ /* switch back to old user */ ++ setresuid(-1, save_euid, -1); ++ setresgid(-1, save_egid, -1); ++ + /* If the new source and the destination are files, + * re-clone it to get the permissions right. */ + if (strncmp(options->ccname_template, +@@ -915,6 +933,10 @@ + uid, gid); + } + } else { ++ /* switch back to old user */ ++ setresuid(-1, save_euid, -1); ++ setresgid(-1, save_egid, -1); ++ + warn("error copying credentials from \"%s\" to " + "\"%s\" for the user", stash->v5ccnames->name, + newname); diff --git a/pam_krb5-2.2.20-1-debug-log-choice.dif b/pam_krb5-2.2.20-1-debug-log-choice.dif new file mode 100644 index 0000000..06ebe82 --- /dev/null +++ b/pam_krb5-2.2.20-1-debug-log-choice.dif @@ -0,0 +1,19 @@ +--- src/options.c ++++ src/options.c 2007/11/05 15:20:39 +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_SECURITY_PAM_APPL_H + #include +@@ -327,7 +328,7 @@ + options->debug = 0; + } + if (options->debug) { +- debug("configured realm '%s'", options->realm); ++ pam_syslog(pamh, LOG_DEBUG, "configured realm '%s'", options->realm); + } + + /* private option */ diff --git a/pam_krb5.changes b/pam_krb5.changes index 362f031..0c72bb6 100644 --- a/pam_krb5.changes +++ b/pam_krb5.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Nov 5 17:51:05 CET 2007 - mc@suse.de + +- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif + fix permissions on the ccache im not file case +- pam_krb5-2.2.20-1-debug-log-choice.dif + improve debug log + ------------------------------------------------------------------- Mon Oct 29 11:51:49 CET 2007 - mc@suse.de diff --git a/pam_krb5.spec b/pam_krb5.spec index a9c946b..6ed50be 100644 --- a/pam_krb5.spec +++ b/pam_krb5.spec @@ -18,12 +18,14 @@ Group: Productivity/Networking/Security Provides: pam_krb AutoReqProv: on Version: 2.2.20 -Release: 1 +Release: 5 Summary: PAM Module for Kerberos Authentication Url: http://sourceforge.net/projects/pam-krb5/ Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2 Patch1: pam_krb5-2.2.0-0.5-configure_ac.dif Patch2: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif +Patch3: pam_krb5-2.2.20-1-debug-log-choice.dif +Patch4: pam_krb5-2.2.20-1-copy-cache-priv-fix.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -41,6 +43,8 @@ Authors: %setup -q -n pam_krb5-%{version}-%{PAM_RELEASE} %patch1 %patch2 +%patch3 +%patch4 %build %{suse_update_config -f} @@ -71,6 +75,11 @@ rm -rf $RPM_BUILD_ROOT %attr(444,root,root) %_mandir/man*/*.* %attr(755,root,root) /usr/bin/afs5log %changelog +* Mon Nov 05 2007 - mc@suse.de +- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif + fix permissions on the ccache im not file case +- pam_krb5-2.2.20-1-debug-log-choice.dif + improve debug log * Mon Oct 29 2007 - mc@suse.de - version 2.2.20 * fixes for credential refreshing