OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=7

2007-10-26 11:08:18 +00:00 · 2007-10-26 11:08:18 +00:00 · 8ffa239854
commit 8ffa239854
parent 60765cebfb
6 changed files with 71 additions and 25 deletions
--- a/pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+++ b/pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
@ -2,7 +2,7 @@ Index: src/auth.c
 ===================================================================
 --- src/auth.c.orig
 +++ src/auth.c
-@@ -425,9 +425,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
+@@ -435,9 +435,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
 		return pam_sm_open_session(pamh, flags, argc, argv);
 	}
 	if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
@ -22,7 +22,7 @@ Index: src/sly.c
 ===================================================================
 --- src/sly.c.orig
 +++ src/sly.c
-@@ -146,6 +146,21 @@ _pam_krb5_sly_looks_unsafe(void)
+@@ -148,6 +148,21 @@ _pam_krb5_sly_looks_unsafe(void)
 	return 0;
 }
 
@ -44,9 +44,9 @@ Index: src/sly.c
 int
 _pam_krb5_sly_maybe_refresh(pam_handle_t *pamh, int flags,
 			    int argc, PAM_KRB5_MAYBE_CONST char **argv)
-@@ -159,6 +174,20 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -161,6 +176,20 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	int i, retval, stored;
- 	char *v5ccname, *v4tktfile;
+ 	char *v5ccname, *v5filename, *v4tktfile;
 
 +	uid_t save_euid = geteuid();
 +	gid_t save_egid = getegid();
@ -65,7 +65,7 @@ Index: src/sly.c
 	/* Inexpensive checks. */
 	switch (_pam_krb5_sly_looks_unsafe()) {
 	case 0:
-@@ -166,18 +195,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -168,18 +197,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		break;
 	case 1:
 		warn("won't refresh credentials while running under sudo");
@ -88,7 +88,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 		break;
 	}
-@@ -185,6 +218,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -187,6 +220,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	/* Initialize Kerberos. */
 	if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
 		warn("error initializing Kerberos");
@ -96,7 +96,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
 
-@@ -193,6 +227,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -195,6 +229,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	if (i != PAM_SUCCESS) {
 		warn("could not identify user name");
 		krb5_free_context(ctx);
@ -104,7 +104,7 @@ Index: src/sly.c
 		return i;
 	}
 
-@@ -201,6 +236,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -203,6 +238,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	if (options == NULL) {
 		warn("error parsing options (shouldn't happen)");
 		krb5_free_context(ctx);
@ -112,7 +112,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
 	if (options->debug) {
-@@ -222,6 +258,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -224,6 +260,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		}
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -120,7 +120,7 @@ Index: src/sly.c
 		return retval;
 	}
 
-@@ -233,6 +270,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -235,6 +272,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		_pam_krb5_user_info_free(ctx, userinfo);
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -128,7 +128,7 @@ Index: src/sly.c
 		return PAM_IGNORE;
 	}
 
-@@ -244,6 +282,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -246,6 +284,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		_pam_krb5_user_info_free(ctx, userinfo);
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -136,9 +136,9 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
 
-@@ -331,5 +370,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
- 		      pam_strerror(pamh, retval));
- 	}
+@@ -338,5 +377,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+ 	_pam_krb5_options_free(pamh, ctx, options);
+ 	krb5_free_context(ctx);
 
 +	_restore_privs(save_euid, save_egid);
 	return retval;
--- a/pam_krb5-2.2.17-1.tar.bz2
+++ b/pam_krb5-2.2.17-1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d5ade59c5d545a194583e9d0fc5f44f017b64d6f02146193d7df7b8ef3f81815
-size 326785
--- a/pam_krb5-2.2.19-1.tar.bz2
+++ b/pam_krb5-2.2.19-1.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5444bc0e94dc57474adec8f9086a099c287596392db4ba0ac79e7903dfd653dd
+size 336213
--- a/pam_krb5-2.2.19-fix-format-error.dif
+++ b/pam_krb5-2.2.19-fix-format-error.dif
@ -0,0 +1,13 @@
+Index: pam_krb5-2.2.19-1/src/v5.c
+===================================================================
+--- pam_krb5-2.2.19-1.orig/src/v5.c
+++ pam_krb5-2.2.19-1/src/v5.c
+@@ -787,7 +787,7 @@ v5_get_creds(krb5_context ctx,
+ 				}
+ 				free(opt);
+ 			} else {
+-				warn("error resolving preauth option \"%s\" ",
+				warn("error resolving preauth option \"%s\" "
+ 				     "to a useful value",
+ 				     options->preauth_options[i]);
+ 			}
--- a/pam_krb5.changes
+++ b/pam_krb5.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Oct 26 11:00:16 CEST 2007 - mc@suse.de
+
+- version 2.2.19: 
+  * the "keytab" option can now be used to specify a custom location
+    for a given service from within krb5.conf
+  * log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
+    if LOG_AUTHPRIV is not defined) instead of the application's default
+    or LOG_USER
+  * added the "pkinit_identity" option to provide a way to specify
+    where the user's public-key credentials are, and "pkinit_flags" to
+    specify arbitrary flags for libkrb5 (Heimdal only)
+  * added the "preauth_options" option to provide a way to specify
+    arbitrary preauthentication options to libkrb5 (MIT only)
+  * added the "ccname_template" option to provide a way to specify
+    where the user's credentials should be stored, so that KEYRING:
+    credential caches can be deployed at will.
+
 -------------------------------------------------------------------
 Tue Aug  7 11:03:59 CEST 2007 - mc@suse.de

--- a/pam_krb5.spec
+++ b/pam_krb5.spec
@ -1,5 +1,5 @@
 #
-# spec file for package pam_krb5 (Version 2.2.17)
+# spec file for package pam_krb5 (Version 2.2.19)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -16,14 +16,15 @@ BuildRequires:  krb5-client krb5-devel krb5-server openssl-devel pam-devel
 License:        GPL v2 or later
 Group:          Productivity/Networking/Security
 Provides:       pam_krb
-Autoreqprov:    on
-Version:        2.2.17
+AutoReqProv:    on
+Version:        2.2.19
 Release:        1
 Summary:        PAM Module for Kerberos Authentication
-URL:            http://sourceforge.net/projects/pam-krb5/
+Url:            http://sourceforge.net/projects/pam-krb5/
 Source:         pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
 Patch1:         pam_krb5-2.2.0-0.5-configure_ac.dif
-Patch3:         pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+Patch2:         pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+Patch3:         pam_krb5-2.2.19-fix-format-error.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -40,7 +41,8 @@ Authors:
 %prep
 %setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
 %patch1
-%patch3
+%patch2
+%patch3 -p1

 %build
 %{suse_update_config -f}
@ -54,7 +56,6 @@ make %{?jobs:-j%jobs}
 make check

 %install
-rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 ln -sf pam_krb5.so $RPM_BUILD_ROOT/%_lib/security/pam_krb5afs.so
 rm -f $RPM_BUILD_ROOT/%_lib/security/*.la
@ -71,8 +72,22 @@ rm -rf $RPM_BUILD_ROOT
 %attr(755,root,root) /%{_lib}/security/pam_krb5/pam_krb5_storetmp
 %attr(444,root,root) %_mandir/man*/*.*
 %attr(755,root,root) /usr/bin/afs5log
-
 %changelog
+* Fri Oct 26 2007 - mc@suse.de
+- version 2.2.19:
+  * the "keytab" option can now be used to specify a custom location
+  for a given service from within krb5.conf
+  * log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
+  if LOG_AUTHPRIV is not defined) instead of the application's default
+  or LOG_USER
+  * added the "pkinit_identity" option to provide a way to specify
+  where the user's public-key credentials are, and "pkinit_flags" to
+  specify arbitrary flags for libkrb5 (Heimdal only)
+  * added the "preauth_options" option to provide a way to specify
+  arbitrary preauthentication options to libkrb5 (MIT only)
+  * added the "ccname_template" option to provide a way to specify
+  where the user's credentials should be stored, so that KEYRING:
+  credential caches can be deployed at will.
 * Tue Aug 07 2007 - mc@suse.de
 - version 2.2.17:
  * corrected a typo in the pam_krb5(8) man page