From 93a0862d1805a02b2b9ec553b13b7300a79d0e04ddc418b4c197197149f1424c Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 1 Sep 2008 13:27:41 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=19 --- pam_krb5-2.3.1-post.dif | 34 ++++++++++++++++++++++++++++++++++ pam_krb5.changes | 5 +++++ pam_krb5.spec | 17 ++++++++++++++--- 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 pam_krb5-2.3.1-post.dif diff --git a/pam_krb5-2.3.1-post.dif b/pam_krb5-2.3.1-post.dif new file mode 100644 index 0000000..0087ed0 --- /dev/null +++ b/pam_krb5-2.3.1-post.dif @@ -0,0 +1,34 @@ +Index: src/v5.c +=================================================================== +--- src/v5.c.orig ++++ src/v5.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc. ++ * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -889,11 +889,19 @@ v5_get_creds(krb5_context ctx, + tmpcreds.server = service_principal; + i = krb5_cc_retrieve_cred(ctx, ccache, 0, + &tmpcreds, creds); +- /* FIXME: check if the creds are expired? +- * What's the right error code if we check, and +- * they are? */ + memset(&tmpcreds, 0, sizeof(tmpcreds)); + krb5_cc_close(ctx, ccache); ++ switch (v5_validate(ctx, creds, options)) { ++ case 0: ++ /* we're fine */ ++ break; ++ default: ++ /* something (anything) went wrong -- ++ * discard them */ ++ krb5_free_cred_contents(ctx, creds); ++ i = KRB5KRB_ERR_GENERIC; ++ break; ++ } + } else { + warn("error opening default ccache"); + i = KRB5_CC_NOTFOUND; diff --git a/pam_krb5.changes b/pam_krb5.changes index 2699599..4eb7abe 100644 --- a/pam_krb5.changes +++ b/pam_krb5.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 1 11:19:22 CEST 2008 - mc@suse.de + +- validate new fetched credentials + ------------------------------------------------------------------- Fri Jun 20 16:26:30 CEST 2008 - mc@suse.de diff --git a/pam_krb5.spec b/pam_krb5.spec index 7242016..283b8e6 100644 --- a/pam_krb5.spec +++ b/pam_krb5.spec @@ -2,9 +2,16 @@ # spec file for package pam_krb5 (Version 2.3.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -19,7 +26,7 @@ Group: Productivity/Networking/Security Provides: pam_krb AutoReqProv: on Version: 2.3.1 -Release: 1 +Release: 28 Summary: PAM Module for Kerberos Authentication Url: http://sourceforge.net/projects/pam-krb5/ Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2 @@ -29,6 +36,7 @@ Patch2: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif Patch3: pam_krb5-2.3.1-log-choise.dif Patch4: pam_krb5-po-Makevars.dif Patch5: pam_krb5-LINGUAS.dif +Patch6: pam_krb5-2.3.1-post.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -50,6 +58,7 @@ Authors: %patch3 -p1 %patch4 -p1 %patch5 +%patch6 %build %{suse_update_config -f} @@ -84,6 +93,8 @@ rm -rf $RPM_BUILD_ROOT %attr(755,root,root) /usr/bin/afs5log %changelog +* Mon Sep 01 2008 mc@suse.de +- validate new fetched credentials * Fri Jun 20 2008 mc@suse.de - version 2.3.1 * translations for messages!