OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18

2008-06-23 23:15:09 +00:00 · 2008-06-23 23:15:09 +00:00 · c6ed1be057
commit c6ed1be057
parent 7ce6bcfa3b
11 changed files with 159 additions and 170 deletions
--- a/pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+++ b/pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
@ -2,7 +2,7 @@ Index: src/auth.c
 ===================================================================
 --- src/auth.c.orig
 +++ src/auth.c
-@@ -481,9 +481,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
+@@ -480,9 +480,13 @@ pam_sm_setcred(pam_handle_t *pamh, int f
 		return pam_sm_open_session(pamh, flags, argc, argv);
 	}
 	if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
@ -35,8 +35,8 @@ Index: src/sly.c
 +	retuid = setresuid(getuid(), save_euid, getuid());
 +	retgid = setresgid(getgid(), save_egid, getgid());
 +	
-+	debug("restore privileges: UID = %u, EUID = %u\n", getuid(), geteuid());
+	/* debug("restore privileges: UID = %u, EUID = %u\n", getuid(), geteuid()); */
-+	debug("restore privileges: GID = %u, EGID = %u\n", getgid(), getegid());
+	/* debug("restore privileges: GID = %u, EGID = %u\n", getgid(), getegid()); */
 +	
 +	return (retuid == -1 || retgid == -1)?-1:0;
 +}
@ -44,7 +44,7 @@ Index: src/sly.c
 int
 _pam_krb5_sly_maybe_refresh(pam_handle_t *pamh, int flags,
 			    int argc, PAM_KRB5_MAYBE_CONST char **argv)
-@@ -163,6 +178,20 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -163,6 +178,23 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	gid_t gid;
 	char *v5ccname, *v5filename, *v4tktfile;
@ -54,18 +54,21 @@ Index: src/sly.c
 +
 +	if(_pam_krb5_sly_looks_unsafe() == 2 || _pam_krb5_sly_looks_unsafe() == 3)
 +	{
 +		/* debug("current privileges: UID = %u, EUID = %u\n", getuid(), geteuid()); */
 +		/* debug("current privileges: GID = %u, EGID = %u\n", getgid(), getegid()); *(
 +
 +		/* drop privileges temporarily; restore them on every return from this function */
 +		setresuid(getuid(), getuid(), geteuid());
 +		setresgid(getgid(), getgid(), getegid());
 +		
-+		debug("drop privileges temporarily: UID = %u, EUID = %u\n", getuid(), geteuid());
+		/* debug("drop privileges temporarily: UID = %u, EUID = %u\n", getuid(), geteuid()); */
-+		debug("drop privileges temporarily: GID = %u, EGID = %u\n", getgid(), getegid());
+		/* debug("drop privileges temporarily: GID = %u, EGID = %u\n", getgid(), getegid()); */
 +	}
 +
 	/* Inexpensive checks. */
 	switch (_pam_krb5_sly_looks_unsafe()) {
 	case 0:
-@@ -170,18 +199,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -170,18 +202,22 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		break;
 	case 1:
 		warn("won't refresh credentials while running under sudo");
@ -88,7 +91,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 		break;
 	}
-@@ -189,6 +222,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -189,6 +225,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	/* Initialize Kerberos. */
 	if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
 		warn("error initializing Kerberos");
@ -96,7 +99,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
-@@ -197,6 +231,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -197,6 +234,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	if (i != PAM_SUCCESS) {
 		warn("could not identify user name");
 		krb5_free_context(ctx);
@ -104,7 +107,7 @@ Index: src/sly.c
 		return i;
 	}
-@@ -205,6 +240,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -205,6 +243,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	if (options == NULL) {
 		warn("error parsing options (shouldn't happen)");
 		krb5_free_context(ctx);
@ -112,7 +115,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
 	if (options->debug) {
-@@ -226,6 +262,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -226,6 +265,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		}
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -120,7 +123,7 @@ Index: src/sly.c
 		return retval;
 	}
-@@ -238,6 +275,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -238,6 +278,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		_pam_krb5_user_info_free(ctx, userinfo);
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -128,7 +131,7 @@ Index: src/sly.c
 		return PAM_IGNORE;
 	}
-@@ -249,6 +287,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -249,6 +290,7 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 		_pam_krb5_user_info_free(ctx, userinfo);
 		_pam_krb5_options_free(pamh, ctx, options);
 		krb5_free_context(ctx);
@ -136,7 +139,7 @@ Index: src/sly.c
 		return PAM_SERVICE_ERR;
 	}
-@@ -360,5 +399,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
+@@ -360,5 +402,6 @@ _pam_krb5_sly_maybe_refresh(pam_handle_t
 	_pam_krb5_options_free(pamh, ctx, options);
 	krb5_free_context(ctx);
--- a/pam_krb5-2.2.20-1-debug-log-choice.dif
+++ b/pam_krb5-2.2.20-1-debug-log-choice.dif
@ -1,21 +0,0 @@
 Index: src/options.c
 ===================================================================
 --- src/options.c.orig
 +++ src/options.c
@@ -40,6 +40,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 +#include <syslog.h>
 #ifdef HAVE_SECURITY_PAM_APPL_H
 #include <security/pam_appl.h>
@@ -354,7 +355,7 @@ _pam_krb5_options_init(pam_handle_t *pam
 	if (strlen(options->realm) > 0) {
 		krb5_set_default_realm(ctx, options->realm);
 		if (options->debug) {
 -			debug("configured realm '%s'", options->realm);
 +	  pam_syslog(pamh, LOG_DEBUG, "configured realm '%s'", options->realm);
 		}
 	}
--- a/pam_krb5-2.2.22-1.tar.bz2
+++ b/pam_krb5-2.2.22-1.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f71461ba84d1716609670ed74bd515ec5b23a722b083f10a27b6f2a62c36bf9c
 size 340922
--- a/pam_krb5-2.3.1-1.tar.bz2
+++ b/pam_krb5-2.3.1-1.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:faa8fb8d46f74a56352fc80001c1b1570c4ffb0f6b7a456bca227cffcd2dbb58
 size 413865
--- a/pam_krb5-2.3.1-log-choise.dif
+++ b/pam_krb5-2.3.1-log-choise.dif
@ -0,0 +1,92 @@
 Index: pam_krb5-2.3.1-1/src/acct.c
 ===================================================================
 --- pam_krb5-2.3.1-1.orig/src/acct.c
 +++ pam_krb5-2.3.1-1/src/acct.c
@@ -98,6 +98,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
 		krb5_free_context(ctx);
 		return PAM_SERVICE_ERR;
 	}
 +	if (options->debug) {
 +		debug("pam_acct_mgmt called for '%s', realm '%s'", user,
 +			  options->realm);
 +	}
 	/* Get information about the user and the user's principal name. */
 	userinfo = _pam_krb5_user_info_init(ctx, user, options->realm,
 Index: pam_krb5-2.3.1-1/src/auth.c
 ===================================================================
 --- pam_krb5-2.3.1-1.orig/src/auth.c
 +++ pam_krb5-2.3.1-1/src/auth.c
@@ -116,9 +116,10 @@ pam_sm_authenticate(pam_handle_t *pamh,
 		return PAM_SERVICE_ERR;
 	}
 	if (options->debug) {
 -		debug("called to authenticate '%s', realm '%s'", user,
 -		      options->realm);
 +		debug("pam_authenticate called for '%s', realm '%s'", user,
 +			  options->realm);
 	}
 +
 	_pam_krb5_set_init_opts(ctx, gic_options, options);
 	/* Get information about the user and the user's principal name. */
@@ -476,6 +477,11 @@ int
 pam_sm_setcred(pam_handle_t *pamh, int flags,
 	       int argc, PAM_KRB5_MAYBE_CONST char **argv)
 {
 +	notice("pam_setcred (%s) called",
 +		   (flags & PAM_ESTABLISH_CRED)?"establish credential":
 +		   (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
 +		   (flags & PAM_REFRESH_CRED)?"refresh credential":
 +		   (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
 	if (flags & PAM_ESTABLISH_CRED) {
 		return pam_sm_open_session(pamh, flags, argc, argv);
 	}
 Index: pam_krb5-2.3.1-1/src/password.c
 ===================================================================
 --- pam_krb5-2.3.1-1.orig/src/password.c
 +++ pam_krb5-2.3.1-1/src/password.c
@@ -118,6 +118,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 		krb5_free_context(ctx);
 		return PAM_SERVICE_ERR;
 	}
 +	if (options->debug) {
 +		debug("pam_chauthtok called (%s) for '%s', realm '%s'",
 +			   (flags & PAM_PRELIM_CHECK) ?
 +			   "preliminary check" :
 +			   ((flags & PAM_UPDATE_AUTHTOK) ?
 +				"updating authtok":
 +				"unknown phase"),
 +			   user,
 +			   options->realm);
 +	}
 	_pam_krb5_set_init_opts(ctx, gic_options, options);
 	/* Get information about the user and the user's principal name. */
 Index: pam_krb5-2.3.1-1/src/session.c
 ===================================================================
 --- pam_krb5-2.3.1-1.orig/src/session.c
 +++ pam_krb5-2.3.1-1/src/session.c
@@ -103,6 +103,10 @@ pam_sm_open_session(pam_handle_t *pamh,
 		krb5_free_context(ctx);
 		return PAM_SERVICE_ERR;
 	}
 +	if (options->debug) {
 +		debug("pam_open_session called for '%s', realm '%s'", user,
 +			  options->realm);
 +	}
 	/* Get information about the user and the user's principal name. */
 	userinfo = _pam_krb5_user_info_init(ctx, user, options->realm,
@@ -336,7 +340,10 @@ pam_sm_close_session(pam_handle_t *pamh,
 		krb5_free_context(ctx);
 		return PAM_SERVICE_ERR;
 	}
 -
 +	if (options->debug) {
 +		debug("pam_close_session called for '%s', realm '%s'", user,
 +			  options->realm);
 +	}
 	/* Get information about the user and the user's principal name. */
 	userinfo = _pam_krb5_user_info_init(ctx, user, options->realm,
 					    options->user_check,
--- a/pam_krb5-LINGUAS.dif
+++ b/pam_krb5-LINGUAS.dif
@ -1,10 +1,9 @@
 --- po/LINGUAS
 +++ po/LINGUAS	2008/04/14 10:27:51
-@@ -0,0 +1,22 @@
+@@ -0,0 +1,21 @@
 +bg
 +cs
 +da
 +de
 +es
 +fi
 +fr
--- a/pam_krb5-i18n.dif
+++ b/pam_krb5-i18n.dif
@ -1,118 +0,0 @@
 Index: pam_krb5-2.2.22-1/configure.ac
 ===================================================================
 --- pam_krb5-2.2.22-1.orig/configure.ac
 +++ pam_krb5-2.2.22-1/configure.ac
@@ -444,6 +444,24 @@ AC_SUBST(TESTHOST)
 AC_SUBST(default_ccache_dir)
 AC_SUBST(default_ccname_template)
 +AC_PATH_PROG(XGETTEXT, xgettext)
 +if test -z "$XGETTEXT" ; then
 +    AC_MSG_ERROR(xgettext is missing; please install gettext.)
 +fi
 +
 +AM_GNU_GETTEXT([external])
 +AM_GNU_GETTEXT_VERSION(0.16)
 +
 +AH_VERBATIM([_ZZENABLE_NLS],
 +	    [#ifdef ENABLE_NLS
 +	     #include <libintl.h>
 +	     #define _(msgid) dgettext(PACKAGE, msgid)
 +	     #define N_(msgid) msgid
 +	     #else
 +	     #define _(msgid) (msgid)
 +	     #define N_(msgid) msgid
 +	     #endif /* ENABLE_NLS */])
 +
 AC_CONFIG_HEADER(config.h)
 AC_OUTPUT([
 Makefile
@@ -467,4 +485,5 @@ tests/tools/klist_f
 tests/tools/klist_c
 tests/tools/klist_a
 tests/tools/klist_4
 +po/Makefile.in
 ])
 Index: pam_krb5-2.2.22-1/Makefile.am
 ===================================================================
 --- pam_krb5-2.2.22-1.orig/Makefile.am
 +++ pam_krb5-2.2.22-1/Makefile.am
@@ -2,7 +2,7 @@ EXTRA_DIST = pam_krb5.spec TODO README R
 CONFIGURE_DEPENDENCIES = $(top_srcdir)/pam_krb5.spec
 -SUBDIRS = src tests
 +SUBDIRS = src tests po
 VERSION=$(shell rpm -q --specfile $(top_srcdir)/pam_krb5.spec --qf '%{version}\n' | head -n1)
 RELEASE=$(shell rpm -q --specfile $(top_srcdir)/pam_krb5.spec --qf '%{release}\n' | head -n1)
 Index: pam_krb5-2.2.22-1/config.h.in
 ===================================================================
 --- pam_krb5-2.2.22-1.orig/config.h.in
 +++ pam_krb5-2.2.22-1/config.h.in
@@ -274,6 +274,19 @@
  #define PAM_KRB5_GNUC_PRINTF(__x,__y)
  #endif
 +/* Define to 1 if translation of program messages to the user's native
 + *    language is requested. */
 +#undef ENABLE_NLS
 +
 +#ifdef ENABLE_NLS
 +#include <libintl.h>
 +#define _(msgid) dgettext(PACKAGE, msgid)
 +#define N_(msgid) msgid
 +#else
 +#define _(msgid) (msgid)
 +#define N_(msgid) msgid
 +#endif /* ENABLE_NLS */
 +
 /* Define to the proper qualifier (either const or nothing) for your PAM
    implementation. */
 Index: pam_krb5-2.2.22-1/src/auth.c
 ===================================================================
 --- pam_krb5-2.2.22-1.orig/src/auth.c
 +++ pam_krb5-2.2.22-1/src/auth.c
@@ -283,7 +283,7 @@ pam_sm_authenticate(pam_handle_t *pamh, 
 	if ((retval != PAM_SUCCESS) &&
 	    (retval != PAM_USER_UNKNOWN) &&
 	    options->use_second_pass) {
 -		i = _pam_krb5_prompt_for(pamh, "Password: ", &second_pass);
 +		i = _pam_krb5_prompt_for(pamh, _("Password: "), &second_pass);
 		if ((i == PAM_SUCCESS) &&
 		    (flags & PAM_DISALLOW_NULL_AUTHTOK) &&
 		    (second_pass != NULL) &&
 Index: pam_krb5-2.2.22-1/src/password.c
 ===================================================================
 --- pam_krb5-2.2.22-1.orig/src/password.c
 +++ pam_krb5-2.2.22-1/src/password.c
@@ -257,7 +257,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 		}
 		if ((password == NULL) && (options->use_second_pass)) {
 			/* Ask the user for a password. */
 -			sprintf(prompt, "%s%sPassword: ",
 +			sprintf(prompt, _("%s%sPassword: "),
 				options->banner,
 				strlen(options->banner) > 0 ? " " : "");
 			i = _pam_krb5_prompt_for(pamh, prompt, &password);
@@ -345,10 +345,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 		 * okay with that, ask for one. */
 		if ((password == NULL) && (retval == PAM_AUTHTOK_ERR)) {
 			/* Ask for the new password twice. */
 -			sprintf(prompt, "New %s%sPassword: ",
 +			sprintf(prompt, _("New %s%sPassword: "),
 				options->banner,
 				strlen(options->banner) > 0 ? " " : "");
 -			sprintf(prompt2, "Repeat New %s%sPassword: ",
 +			sprintf(prompt2, _("Repeat New %s%sPassword: "),
 				options->banner,
 				strlen(options->banner) > 0 ? " " : "");
 			i = _pam_krb5_prompt_for_2(pamh, prompt, &password,
 Index: pam_krb5-2.2.22-1/po/POTFILES.in
 ===================================================================
 --- /dev/null
 +++ pam_krb5-2.2.22-1/po/POTFILES.in
@@ -0,0 +1,2 @@
 +src/auth.c
 +src/password.c
--- a/pam_krb5-init-podir.tar.gz
+++ b/pam_krb5-init-podir.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:51e14a32e2968d9cbb8229ef42ff8f8f4d51e68c225604e2fa9094d868857950
 size 6692
--- a/pam_krb5-po-Makevars.dif
+++ b/pam_krb5-po-Makevars.dif
@ -0,0 +1,13 @@
 Index: pam_krb5-2.3.1-1/po/Makevars
 ===================================================================
 --- pam_krb5-2.3.1-1.orig/po/Makevars
 +++ pam_krb5-2.3.1-1/po/Makevars
@@ -8,7 +8,7 @@ subdir = po
 top_builddir = ..
 # These options get passed to xgettext.
 -XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
 +XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ --keyword=Y_ 
 # This is the copyright holder that gets inserted into the header of the
 # $(DOMAIN).pot file.  Set this to the copyright holder of the surrounding
--- a/pam_krb5.changes
+++ b/pam_krb5.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Fri Jun 20 16:26:30 CEST 2008 - mc@suse.de
 - version 2.3.1 
  * translations for messages!
  * added the ability to set up tokens in the rxk5 format
  * added the "token_strategy" option to control which methods we'll
    try to use for setting tokens
  * merge "null_afs" functionality from Jan Iven
  * when we're changing passwords, force at least one attempt to
    authenticate using the KDC, even in the pathological case where
    there's no previously- entered password and we were told not to ask
    for one (brc#400611)
 -------------------------------------------------------------------
 Fri Jun  6 10:07:14 CEST 2008 - mc@suse.de
--- a/pam_krb5.spec
+++ b/pam_krb5.spec
@ -1,5 +1,5 @@
 #
-# spec file for package pam_krb5 (Version 2.2.22)
+# spec file for package pam_krb5 (Version 2.3.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -18,17 +18,16 @@ License:        GPL v2 or later
 Group:          Productivity/Networking/Security
 Provides:       pam_krb
 AutoReqProv:    on
-Version:        2.2.22
+Version:        2.3.1
-Release:        36
+Release:        1
 Summary:        PAM Module for Kerberos Authentication
 Url:            http://sourceforge.net/projects/pam-krb5/
 Source:         pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
 Source1:        pam_krb5-init-podir.tar.gz
 Source2:        pam_krb5-po.tar.gz
 Patch1:         pam_krb5-2.2.0-0.5-configure_ac.dif
 Patch2:         pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
-Patch3:         pam_krb5-2.2.20-1-debug-log-choice.dif
+Patch3:         pam_krb5-2.3.1-log-choise.dif
-Patch4:         pam_krb5-i18n.dif
+Patch4:         pam_krb5-po-Makevars.dif
 Patch5:         pam_krb5-LINGUAS.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -45,12 +44,11 @@ Authors:
 %prep
 %setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
 %setup -a 1 -T -D -n pam_krb5-%{version}-%{PAM_RELEASE}
 %setup -a 2 -T -D -n pam_krb5-%{version}-%{PAM_RELEASE}
 %patch1
 %patch2
-%patch3
+%patch3 -p1
-%patch4 -p1 
+%patch4 -p1
 %patch5
 %build
@ -62,6 +60,7 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE "         \
            --mandir=%{_mandir}  \
            --with-os-distribution="openSUSE" 
 make %{?jobs:-j%jobs}
 make -C po update-po
 make check
 %install
@ -85,6 +84,17 @@ rm -rf $RPM_BUILD_ROOT
 %attr(755,root,root) /usr/bin/afs5log
 %changelog
 * Fri Jun 20 2008 mc@suse.de
 - version 2.3.1
  * translations for messages!
  * added the ability to set up tokens in the rxk5 format
  * added the "token_strategy" option to control which methods we'll
  try to use for setting tokens
  * merge "null_afs" functionality from Jan Iven
  * when we're changing passwords, force at least one attempt to
  authenticate using the KDC, even in the pathological case where
  there's no previously- entered password and we were told not to ask
  for one (brc#400611)
 * Fri Jun 06 2008 mc@suse.de
 - update i18n files
 * Fri May 09 2008 mc@suse.de