OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=9

pam_krb5-2.2.20-1-copy-cache-priv-fix.dif

@@ -0,0 +1,49 @@
+--- src/stash.c
++++ src/stash.c	2007/11/05 16:50:15
+@@ -888,10 +888,23 @@
+ 			krb5_cc_close(ctx, occache);
+ 			return;
+ 		}
++
++		/* switch effective user and group*/
++		uid_t save_euid = geteuid();
++		gid_t save_egid = getegid();
++
++		setresgid(-1, gid, save_egid);
++		setresuid(-1, uid, save_euid);
++		debug("switch to effective user %d:%d", geteuid(), getegid());
++
+ 		if (krb5_cc_resolve(ctx, newname, &nccache) != 0) {
+ 			warn("error creating ccache \"%s\"", newname);
+ 			free(newname);
+ 			krb5_cc_close(ctx, occache);
++
++			/* switch back to old user */
++			setresuid(-1, save_euid, -1);
++			setresgid(-1, save_egid, -1);
+ 			return;
+ 		}
+ 		if (_pam_krb5_stash_cc_copy(ctx, occache, nccache) == 0) {
+@@ -905,6 +918,11 @@
+ 			stash->v5ccnames->name = newname;
+ 			krb5_cc_close(ctx, nccache);
+ 			krb5_cc_destroy(ctx, occache);
++
++			/* switch back to old user */
++			setresuid(-1, save_euid, -1);
++			setresgid(-1, save_egid, -1);
++
+ 			/* If the new source and the destination are files,
+ 			 * re-clone it to get the permissions right. */
+ 			if (strncmp(options->ccname_template,
+@@ -915,6 +933,10 @@
+ 							 uid, gid);
+ 			}
+ 		} else {
++			/* switch back to old user */
++			setresuid(-1, save_euid, -1);
++			setresgid(-1, save_egid, -1);
++
+ 			warn("error copying credentials from \"%s\" to "
+ 			     "\"%s\" for the user", stash->v5ccnames->name,
+ 			     newname);

pam_krb5-2.2.20-1-debug-log-choice.dif

@@ -0,0 +1,19 @@
+--- src/options.c
++++ src/options.c	2007/11/05 15:20:39
+@@ -40,6 +40,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <syslog.h>
+ 
+ #ifdef HAVE_SECURITY_PAM_APPL_H
+ #include <security/pam_appl.h>
+@@ -327,7 +328,7 @@
+ 		options->debug = 0;
+ 	}
+ 	if (options->debug) {
+-		debug("configured realm '%s'", options->realm);
++	  pam_syslog(pamh, LOG_DEBUG, "configured realm '%s'", options->realm);
+ 	}
+ 
+ 	/* private option */

pam_krb5.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Nov  5 17:51:05 CET 2007 - mc@suse.de
+
+- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
+  fix permissions on the ccache im not file case
+- pam_krb5-2.2.20-1-debug-log-choice.dif
+  improve debug log
+
 -------------------------------------------------------------------
 Mon Oct 29 11:51:49 CET 2007 - mc@suse.de
 

pam_krb5.spec

@@ -18,12 +18,14 @@ Group:          Productivity/Networking/Security
 Provides:       pam_krb
 AutoReqProv:    on
 Version:        2.2.20
-Release:        1
+Release:        5
 Summary:        PAM Module for Kerberos Authentication
 Url:            http://sourceforge.net/projects/pam-krb5/
 Source:         pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
 Patch1:         pam_krb5-2.2.0-0.5-configure_ac.dif
 Patch2:         pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+Patch3:         pam_krb5-2.2.20-1-debug-log-choice.dif
+Patch4:         pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -41,6 +43,8 @@ Authors:
 %setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
 %patch1
 %patch2
+%patch3
+%patch4
 
 %build
 %{suse_update_config -f}
@@ -71,6 +75,11 @@ rm -rf $RPM_BUILD_ROOT
 %attr(444,root,root) %_mandir/man*/*.*
 %attr(755,root,root) /usr/bin/afs5log
 %changelog
+* Mon Nov 05 2007 - mc@suse.de
+- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
+  fix permissions on the ccache im not file case
+- pam_krb5-2.2.20-1-debug-log-choice.dif
+  improve debug log
 * Mon Oct 29 2007 - mc@suse.de
 - version 2.2.20
   * fixes for credential refreshing