This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
60765cebfb
commit
8ffa239854
@ -2,7 +2,7 @@ Index: src/auth.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- src/auth.c.orig
|
--- src/auth.c.orig
|
||||||
+++ src/auth.c
|
+++ src/auth.c
|
||||||
@@ -425,9 +425,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
|
@@ -435,9 +435,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
|
||||||
return pam_sm_open_session(pamh, flags, argc, argv);
|
return pam_sm_open_session(pamh, flags, argc, argv);
|
||||||
}
|
}
|
||||||
if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
|
if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
|
||||||
@ -22,7 +22,7 @@ Index: src/sly.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- src/sly.c.orig
|
--- src/sly.c.orig
|
||||||
+++ src/sly.c
|
+++ src/sly.c
|
||||||
@@ -146,6 +146,21 @@ _pam_krb5_sly_looks_unsafe(void)
|
@@ -148,6 +148,21 @@ _pam_krb5_sly_looks_unsafe(void)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -44,9 +44,9 @@ Index: src/sly.c
|
|||||||
int
|
int
|
||||||
_pam_krb5_sly_maybe_refresh(pam_handle_t *pamh, int flags,
|
_pam_krb5_sly_maybe_refresh(pam_handle_t *pamh, int flags,
|
||||||
int argc, PAM_KRB5_MAYBE_CONST char **argv)
|
int argc, PAM_KRB5_MAYBE_CONST char **argv)
|
||||||
@@ -159,6 +174,20 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -161,6 +176,20 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
int i, retval, stored;
|
int i, retval, stored;
|
||||||
char *v5ccname, *v4tktfile;
|
char *v5ccname, *v5filename, *v4tktfile;
|
||||||
|
|
||||||
+ uid_t save_euid = geteuid();
|
+ uid_t save_euid = geteuid();
|
||||||
+ gid_t save_egid = getegid();
|
+ gid_t save_egid = getegid();
|
||||||
@ -65,7 +65,7 @@ Index: src/sly.c
|
|||||||
/* Inexpensive checks. */
|
/* Inexpensive checks. */
|
||||||
switch (_pam_krb5_sly_looks_unsafe()) {
|
switch (_pam_krb5_sly_looks_unsafe()) {
|
||||||
case 0:
|
case 0:
|
||||||
@@ -166,18 +195,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -168,18 +197,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
warn("won't refresh credentials while running under sudo");
|
warn("won't refresh credentials while running under sudo");
|
||||||
@ -88,7 +88,7 @@ Index: src/sly.c
|
|||||||
return PAM_SERVICE_ERR;
|
return PAM_SERVICE_ERR;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -185,6 +218,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -187,6 +220,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
/* Initialize Kerberos. */
|
/* Initialize Kerberos. */
|
||||||
if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
|
if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
|
||||||
warn("error initializing Kerberos");
|
warn("error initializing Kerberos");
|
||||||
@ -96,7 +96,7 @@ Index: src/sly.c
|
|||||||
return PAM_SERVICE_ERR;
|
return PAM_SERVICE_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -193,6 +227,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -195,6 +229,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
if (i != PAM_SUCCESS) {
|
if (i != PAM_SUCCESS) {
|
||||||
warn("could not identify user name");
|
warn("could not identify user name");
|
||||||
krb5_free_context(ctx);
|
krb5_free_context(ctx);
|
||||||
@ -104,7 +104,7 @@ Index: src/sly.c
|
|||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -201,6 +236,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -203,6 +238,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
if (options == NULL) {
|
if (options == NULL) {
|
||||||
warn("error parsing options (shouldn't happen)");
|
warn("error parsing options (shouldn't happen)");
|
||||||
krb5_free_context(ctx);
|
krb5_free_context(ctx);
|
||||||
@ -112,7 +112,7 @@ Index: src/sly.c
|
|||||||
return PAM_SERVICE_ERR;
|
return PAM_SERVICE_ERR;
|
||||||
}
|
}
|
||||||
if (options->debug) {
|
if (options->debug) {
|
||||||
@@ -222,6 +258,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -224,6 +260,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
}
|
}
|
||||||
_pam_krb5_options_free(pamh, ctx, options);
|
_pam_krb5_options_free(pamh, ctx, options);
|
||||||
krb5_free_context(ctx);
|
krb5_free_context(ctx);
|
||||||
@ -120,7 +120,7 @@ Index: src/sly.c
|
|||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -233,6 +270,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -235,6 +272,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
_pam_krb5_user_info_free(ctx, userinfo);
|
_pam_krb5_user_info_free(ctx, userinfo);
|
||||||
_pam_krb5_options_free(pamh, ctx, options);
|
_pam_krb5_options_free(pamh, ctx, options);
|
||||||
krb5_free_context(ctx);
|
krb5_free_context(ctx);
|
||||||
@ -128,7 +128,7 @@ Index: src/sly.c
|
|||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -244,6 +282,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -246,6 +284,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
_pam_krb5_user_info_free(ctx, userinfo);
|
_pam_krb5_user_info_free(ctx, userinfo);
|
||||||
_pam_krb5_options_free(pamh, ctx, options);
|
_pam_krb5_options_free(pamh, ctx, options);
|
||||||
krb5_free_context(ctx);
|
krb5_free_context(ctx);
|
||||||
@ -136,9 +136,9 @@ Index: src/sly.c
|
|||||||
return PAM_SERVICE_ERR;
|
return PAM_SERVICE_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -331,5 +370,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
@@ -338,5 +377,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
|
||||||
pam_strerror(pamh, retval));
|
_pam_krb5_options_free(pamh, ctx, options);
|
||||||
}
|
krb5_free_context(ctx);
|
||||||
|
|
||||||
+ _restore_privs(save_euid, save_egid);
|
+ _restore_privs(save_euid, save_egid);
|
||||||
return retval;
|
return retval;
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:d5ade59c5d545a194583e9d0fc5f44f017b64d6f02146193d7df7b8ef3f81815
|
|
||||||
size 326785
|
|
||||||
3
pam_krb5-2.2.19-1.tar.bz2
Normal file
3
pam_krb5-2.2.19-1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5444bc0e94dc57474adec8f9086a099c287596392db4ba0ac79e7903dfd653dd
|
||||||
|
size 336213
|
||||||
13
pam_krb5-2.2.19-fix-format-error.dif
Normal file
13
pam_krb5-2.2.19-fix-format-error.dif
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: pam_krb5-2.2.19-1/src/v5.c
|
||||||
|
===================================================================
|
||||||
|
--- pam_krb5-2.2.19-1.orig/src/v5.c
|
||||||
|
+++ pam_krb5-2.2.19-1/src/v5.c
|
||||||
|
@@ -787,7 +787,7 @@ v5_get_creds(krb5_context ctx,
|
||||||
|
}
|
||||||
|
free(opt);
|
||||||
|
} else {
|
||||||
|
- warn("error resolving preauth option \"%s\" ",
|
||||||
|
+ warn("error resolving preauth option \"%s\" "
|
||||||
|
"to a useful value",
|
||||||
|
options->preauth_options[i]);
|
||||||
|
}
|
||||||
@ -1,3 +1,21 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 26 11:00:16 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
- version 2.2.19:
|
||||||
|
* the "keytab" option can now be used to specify a custom location
|
||||||
|
for a given service from within krb5.conf
|
||||||
|
* log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
|
||||||
|
if LOG_AUTHPRIV is not defined) instead of the application's default
|
||||||
|
or LOG_USER
|
||||||
|
* added the "pkinit_identity" option to provide a way to specify
|
||||||
|
where the user's public-key credentials are, and "pkinit_flags" to
|
||||||
|
specify arbitrary flags for libkrb5 (Heimdal only)
|
||||||
|
* added the "preauth_options" option to provide a way to specify
|
||||||
|
arbitrary preauthentication options to libkrb5 (MIT only)
|
||||||
|
* added the "ccname_template" option to provide a way to specify
|
||||||
|
where the user's credentials should be stored, so that KEYRING:
|
||||||
|
credential caches can be deployed at will.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 7 11:03:59 CEST 2007 - mc@suse.de
|
Tue Aug 7 11:03:59 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package pam_krb5 (Version 2.2.17)
|
# spec file for package pam_krb5 (Version 2.2.19)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
# This file and all modifications and additions to the pristine
|
# This file and all modifications and additions to the pristine
|
||||||
@ -16,14 +16,15 @@ BuildRequires: krb5-client krb5-devel krb5-server openssl-devel pam-devel
|
|||||||
License: GPL v2 or later
|
License: GPL v2 or later
|
||||||
Group: Productivity/Networking/Security
|
Group: Productivity/Networking/Security
|
||||||
Provides: pam_krb
|
Provides: pam_krb
|
||||||
Autoreqprov: on
|
AutoReqProv: on
|
||||||
Version: 2.2.17
|
Version: 2.2.19
|
||||||
Release: 1
|
Release: 1
|
||||||
Summary: PAM Module for Kerberos Authentication
|
Summary: PAM Module for Kerberos Authentication
|
||||||
URL: http://sourceforge.net/projects/pam-krb5/
|
Url: http://sourceforge.net/projects/pam-krb5/
|
||||||
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
|
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
|
||||||
Patch1: pam_krb5-2.2.0-0.5-configure_ac.dif
|
Patch1: pam_krb5-2.2.0-0.5-configure_ac.dif
|
||||||
Patch3: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
|
Patch2: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
|
||||||
|
Patch3: pam_krb5-2.2.19-fix-format-error.dif
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -40,7 +41,8 @@ Authors:
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
|
%setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
|
||||||
%patch1
|
%patch1
|
||||||
%patch3
|
%patch2
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%{suse_update_config -f}
|
%{suse_update_config -f}
|
||||||
@ -54,7 +56,6 @@ make %{?jobs:-j%jobs}
|
|||||||
make check
|
make check
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
ln -sf pam_krb5.so $RPM_BUILD_ROOT/%_lib/security/pam_krb5afs.so
|
ln -sf pam_krb5.so $RPM_BUILD_ROOT/%_lib/security/pam_krb5afs.so
|
||||||
rm -f $RPM_BUILD_ROOT/%_lib/security/*.la
|
rm -f $RPM_BUILD_ROOT/%_lib/security/*.la
|
||||||
@ -71,8 +72,22 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(755,root,root) /%{_lib}/security/pam_krb5/pam_krb5_storetmp
|
%attr(755,root,root) /%{_lib}/security/pam_krb5/pam_krb5_storetmp
|
||||||
%attr(444,root,root) %_mandir/man*/*.*
|
%attr(444,root,root) %_mandir/man*/*.*
|
||||||
%attr(755,root,root) /usr/bin/afs5log
|
%attr(755,root,root) /usr/bin/afs5log
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 26 2007 - mc@suse.de
|
||||||
|
- version 2.2.19:
|
||||||
|
* the "keytab" option can now be used to specify a custom location
|
||||||
|
for a given service from within krb5.conf
|
||||||
|
* log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
|
||||||
|
if LOG_AUTHPRIV is not defined) instead of the application's default
|
||||||
|
or LOG_USER
|
||||||
|
* added the "pkinit_identity" option to provide a way to specify
|
||||||
|
where the user's public-key credentials are, and "pkinit_flags" to
|
||||||
|
specify arbitrary flags for libkrb5 (Heimdal only)
|
||||||
|
* added the "preauth_options" option to provide a way to specify
|
||||||
|
arbitrary preauthentication options to libkrb5 (MIT only)
|
||||||
|
* added the "ccname_template" option to provide a way to specify
|
||||||
|
where the user's credentials should be stored, so that KEYRING:
|
||||||
|
credential caches can be deployed at will.
|
||||||
* Tue Aug 07 2007 - mc@suse.de
|
* Tue Aug 07 2007 - mc@suse.de
|
||||||
- version 2.2.17:
|
- version 2.2.17:
|
||||||
* corrected a typo in the pam_krb5(8) man page
|
* corrected a typo in the pam_krb5(8) man page
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user