OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=19

pam_krb5-2.3.1-post.dif

@@ -0,0 +1,34 @@
+Index: src/v5.c
+===================================================================
+--- src/v5.c.orig
++++ src/v5.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc.
++ * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -889,11 +889,19 @@ v5_get_creds(krb5_context ctx,
+ 				tmpcreds.server = service_principal;
+ 				i = krb5_cc_retrieve_cred(ctx, ccache, 0,
+ 							  &tmpcreds, creds);
+-				/* FIXME: check if the creds are expired?
+-				 * What's the right error code if we check, and
+-				 * they are? */
+ 				memset(&tmpcreds, 0, sizeof(tmpcreds));
+ 				krb5_cc_close(ctx, ccache);
++				switch (v5_validate(ctx, creds, options)) {
++				case 0:
++				       /* we're fine */
++				       break;
++				default:
++				       /* something (anything) went wrong --
++				        * discard them */
++				       krb5_free_cred_contents(ctx, creds);
++				       i = KRB5KRB_ERR_GENERIC;
++				       break;
++				}
+ 			} else {
+ 				warn("error opening default ccache");
+ 				i = KRB5_CC_NOTFOUND;

pam_krb5.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Sep  1 11:19:22 CEST 2008 - mc@suse.de
+
+- validate new fetched credentials 
+
 -------------------------------------------------------------------
 Fri Jun 20 16:26:30 CEST 2008 - mc@suse.de
 

pam_krb5.spec

@@ -2,9 +2,16 @@
 # spec file for package pam_krb5 (Version 2.3.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -19,7 +26,7 @@ Group:          Productivity/Networking/Security
 Provides:       pam_krb
 AutoReqProv:    on
 Version:        2.3.1
-Release:        1
+Release:        28
 Summary:        PAM Module for Kerberos Authentication
 Url:            http://sourceforge.net/projects/pam-krb5/
 Source:         pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
@@ -29,6 +36,7 @@ Patch2:         pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
 Patch3:         pam_krb5-2.3.1-log-choise.dif
 Patch4:         pam_krb5-po-Makevars.dif
 Patch5:         pam_krb5-LINGUAS.dif
+Patch6:         pam_krb5-2.3.1-post.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -50,6 +58,7 @@ Authors:
 %patch3 -p1
 %patch4 -p1
 %patch5
+%patch6
 
 %build
 %{suse_update_config -f}
@@ -84,6 +93,8 @@ rm -rf $RPM_BUILD_ROOT
 %attr(755,root,root) /usr/bin/afs5log
 
 %changelog
+* Mon Sep 01 2008 mc@suse.de
+- validate new fetched credentials
 * Fri Jun 20 2008 mc@suse.de
 - version 2.3.1
   * translations for messages!