This commit is contained in:
parent
8fb3d1a41f
commit
47047c041c
207
krb5-1.6.2-post.dif
Normal file
207
krb5-1.6.2-post.dif
Normal file
@ -0,0 +1,207 @@
|
|||||||
|
Index: src/lib/krb5/ccache/cc_file.c
|
||||||
|
===================================================================
|
||||||
|
--- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19755)
|
||||||
|
+++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19755)
|
||||||
|
@@ -1954,6 +1954,9 @@
|
||||||
|
char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
|
||||||
|
NUL */
|
||||||
|
krb5_fcc_data *data;
|
||||||
|
+ krb5_int16 fcc_fvno = htons(context->fcc_default_format);
|
||||||
|
+ krb5_int16 fcc_flen = 0;
|
||||||
|
+ int errsave, cnt;
|
||||||
|
|
||||||
|
/* Allocate memory */
|
||||||
|
lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
|
||||||
|
@@ -1968,13 +1971,20 @@
|
||||||
|
ret = mkstemp(scratch);
|
||||||
|
if (ret == -1) {
|
||||||
|
return krb5_fcc_interpret(context, errno);
|
||||||
|
- } else close(ret);
|
||||||
|
+ }
|
||||||
|
#else /*HAVE_MKSTEMP*/
|
||||||
|
mktemp(scratch);
|
||||||
|
+ /* Make sure the file name is reserved */
|
||||||
|
+ ret = THREEPARAMOPEN(scratch, O_CREAT | O_EXCL | O_WRONLY | O_BINARY, 0);
|
||||||
|
+ if (ret == -1) {
|
||||||
|
+ return krb5_fcc_interpret(context, errno);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
lid->data = (krb5_pointer) malloc(sizeof(krb5_fcc_data));
|
||||||
|
if (lid->data == NULL) {
|
||||||
|
+ close(ret);
|
||||||
|
+ unlink(scratch);
|
||||||
|
krb5_xfree(lid);
|
||||||
|
return KRB5_CC_NOMEM;
|
||||||
|
}
|
||||||
|
@@ -1982,6 +1992,8 @@
|
||||||
|
((krb5_fcc_data *) lid->data)->filename = (char *)
|
||||||
|
malloc(strlen(scratch) + 1);
|
||||||
|
if (((krb5_fcc_data *) lid->data)->filename == NULL) {
|
||||||
|
+ close(ret);
|
||||||
|
+ unlink(scratch);
|
||||||
|
krb5_xfree(((krb5_fcc_data *) lid->data));
|
||||||
|
krb5_xfree(lid);
|
||||||
|
return KRB5_CC_NOMEM;
|
||||||
|
@@ -1996,63 +2008,54 @@
|
||||||
|
data = (krb5_fcc_data *) lid->data;
|
||||||
|
|
||||||
|
retcode = k5_mutex_init(&data->lock);
|
||||||
|
- if (retcode)
|
||||||
|
+ if (retcode) {
|
||||||
|
+ close(ret);
|
||||||
|
+ unlink(scratch);
|
||||||
|
goto err_out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Set up the filename */
|
||||||
|
strcpy(((krb5_fcc_data *) lid->data)->filename, scratch);
|
||||||
|
|
||||||
|
- /* Make sure the file name is reserved */
|
||||||
|
- ret = THREEPARAMOPEN(((krb5_fcc_data *) lid->data)->filename,
|
||||||
|
- O_CREAT | O_EXCL | O_WRONLY | O_BINARY, 0);
|
||||||
|
- if (ret == -1) {
|
||||||
|
- retcode = krb5_fcc_interpret(context, errno);
|
||||||
|
- goto err_out;
|
||||||
|
- } else {
|
||||||
|
- krb5_int16 fcc_fvno = htons(context->fcc_default_format);
|
||||||
|
- krb5_int16 fcc_flen = 0;
|
||||||
|
- int errsave, cnt;
|
||||||
|
-
|
||||||
|
- /* Ignore user's umask, set mode = 0600 */
|
||||||
|
+ /* Ignore user's umask, set mode = 0600 */
|
||||||
|
#ifndef HAVE_FCHMOD
|
||||||
|
#ifdef HAVE_CHMOD
|
||||||
|
- chmod(((krb5_fcc_data *) lid->data)->filename, S_IRUSR | S_IWUSR);
|
||||||
|
+ chmod(((krb5_fcc_data *) lid->data)->filename, S_IRUSR | S_IWUSR);
|
||||||
|
#endif
|
||||||
|
#else
|
||||||
|
- fchmod(ret, S_IRUSR | S_IWUSR);
|
||||||
|
+ fchmod(ret, S_IRUSR | S_IWUSR);
|
||||||
|
#endif
|
||||||
|
- if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
|
||||||
|
- != sizeof(fcc_fvno)) {
|
||||||
|
- errsave = errno;
|
||||||
|
- (void) close(ret);
|
||||||
|
- (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
- retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
|
||||||
|
- goto err_out;
|
||||||
|
+ if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
|
||||||
|
+ != sizeof(fcc_fvno)) {
|
||||||
|
+ errsave = errno;
|
||||||
|
+ (void) close(ret);
|
||||||
|
+ (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
+ retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
|
||||||
|
+ goto err_out;
|
||||||
|
+ }
|
||||||
|
+ /* For version 4 we save a length for the rest of the header */
|
||||||
|
+ if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
|
||||||
|
+ if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
|
||||||
|
+ != sizeof(fcc_flen)) {
|
||||||
|
+ errsave = errno;
|
||||||
|
+ (void) close(ret);
|
||||||
|
+ (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
+ retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
|
||||||
|
+ goto err_out;
|
||||||
|
}
|
||||||
|
- /* For version 4 we save a length for the rest of the header */
|
||||||
|
- if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
|
||||||
|
- if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
|
||||||
|
- != sizeof(fcc_flen)) {
|
||||||
|
- errsave = errno;
|
||||||
|
- (void) close(ret);
|
||||||
|
- (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
- retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
|
||||||
|
- goto err_out;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if (close(ret) == -1) {
|
||||||
|
- errsave = errno;
|
||||||
|
- (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
- retcode = krb5_fcc_interpret(context, errsave);
|
||||||
|
- goto err_out;
|
||||||
|
- }
|
||||||
|
- *id = lid;
|
||||||
|
- /* default to open/close on every trn - otherwise destroy
|
||||||
|
- will get as to state confused */
|
||||||
|
- ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
|
||||||
|
- krb5_change_cache ();
|
||||||
|
- return KRB5_OK;
|
||||||
|
}
|
||||||
|
+ if (close(ret) == -1) {
|
||||||
|
+ errsave = errno;
|
||||||
|
+ (void) unlink(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
+ retcode = krb5_fcc_interpret(context, errsave);
|
||||||
|
+ goto err_out;
|
||||||
|
+ }
|
||||||
|
+ *id = lid;
|
||||||
|
+ /* default to open/close on every trn - otherwise destroy
|
||||||
|
+ will get as to state confused */
|
||||||
|
+ ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
|
||||||
|
+ krb5_change_cache ();
|
||||||
|
+ return KRB5_OK;
|
||||||
|
|
||||||
|
err_out:
|
||||||
|
krb5_xfree(((krb5_fcc_data *) lid->data)->filename);
|
||||||
|
Index: src/lib/krb5/krb/gc_frm_kdc.c
|
||||||
|
===================================================================
|
||||||
|
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19755)
|
||||||
|
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19755)
|
||||||
|
@@ -906,7 +906,6 @@
|
||||||
|
/* Whether or not that succeeded, we're done. */
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
- else {
|
||||||
|
/* Referral request succeeded; let's see what it is. */
|
||||||
|
if (krb5_principal_compare(context, in_cred->server,
|
||||||
|
(*out_cred)->server)) {
|
||||||
|
@@ -914,8 +913,40 @@
|
||||||
|
"for requested server principal\n"));
|
||||||
|
DUMP_PRINC("gc_from_kdc final referred reply",
|
||||||
|
in_cred->server);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Check if the return enctype is one that we requested if
|
||||||
|
+ * needed.
|
||||||
|
+ */
|
||||||
|
+ if (old_use_conf_ktypes || context->tgs_ktype_count == 0)
|
||||||
|
goto cleanup;
|
||||||
|
+ for (i = 0; i < context->tgs_ktype_count; i++) {
|
||||||
|
+ if ((*out_cred)->keyblock.enctype == context->tgs_ktypes[i]) {
|
||||||
|
+ /* Found an allowable etype, so we're done */
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ /*
|
||||||
|
+ * We need to try again, but this time use the
|
||||||
|
+ * tgs_ktypes in the context. At this point we should
|
||||||
|
+ * have all the tgts to succeed.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ /* Free "wrong" credential */
|
||||||
|
+ krb5_free_creds(context, *out_cred);
|
||||||
|
+ *out_cred = NULL;
|
||||||
|
+ /* Re-establish tgs etypes */
|
||||||
|
+ context->use_conf_ktypes = old_use_conf_ktypes;
|
||||||
|
+ retval = krb5_get_cred_via_tkt(context, tgtptr,
|
||||||
|
+ KDC_OPT_CANONICALIZE |
|
||||||
|
+ FLAGS2OPTS(tgtptr->ticket_flags) |
|
||||||
|
+ kdcopt |
|
||||||
|
+ (in_cred->second_ticket.length ?
|
||||||
|
+ KDC_OPT_ENC_TKT_IN_SKEY : 0),
|
||||||
|
+ tgtptr->addresses,
|
||||||
|
+ in_cred, out_cred);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
else if (IS_TGS_PRINC(context, (*out_cred)->server)) {
|
||||||
|
krb5_data *r1, *r2;
|
||||||
|
|
||||||
|
@@ -978,7 +1009,6 @@
|
||||||
|
krb5_free_creds(context, *out_cred);
|
||||||
|
*out_cred = NULL;
|
||||||
|
break;
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
|||||||
Name: krb5-doc
|
Name: krb5-doc
|
||||||
BuildRequires: ghostscript-library latex2html texlive
|
BuildRequires: ghostscript-library latex2html texlive
|
||||||
Version: 1.6.2
|
Version: 1.6.2
|
||||||
Release: 1
|
Release: 12
|
||||||
%define srcRoot krb5-1.6.2
|
%define srcRoot krb5-1.6.2
|
||||||
Summary: MIT Kerberos5 Implementation--Documentation
|
Summary: MIT Kerberos5 Implementation--Documentation
|
||||||
License: X11/MIT
|
License: X11/MIT
|
||||||
@ -27,10 +27,10 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|||||||
BuildArchitectures: noarch
|
BuildArchitectures: noarch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Kerberos V5 is a trusted-third-party network authentication system,
|
Kerberos V5 is a trusted-third-party network authentication
|
||||||
which can improve your network's security by eliminating the insecure
|
system,which can improve your network's security by eliminating the
|
||||||
practice of clear text passwords. This package includes extended
|
insecurepractice of clear text passwords. This package includes
|
||||||
documentation for MIT Kerberos.
|
extended documentation for MIT Kerberos.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
- add krb5-1.6.2-post.dif
|
||||||
|
* during the referrals loop, check to see if the
|
||||||
|
session key enctype of a returned credential for the final
|
||||||
|
service is among the enctypes explicitly selected by the
|
||||||
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
|
the file descriptor open.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 12 17:02:19 CEST 2007 - mc@suse.de
|
Thu Jul 12 17:02:19 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
|
|
||||||
Name: krb5-plugins
|
Name: krb5-plugins
|
||||||
Version: 1.6.2
|
Version: 1.6.2
|
||||||
Release: 1
|
Release: 2
|
||||||
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
||||||
%define srcRoot krb5-1.6.2
|
%define srcRoot krb5-1.6.2
|
||||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||||
@ -31,6 +31,7 @@ Source4: EncryptWithMasterKey.c
|
|||||||
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
||||||
Patch2: krb5-1.6.1-compile_pie.dif
|
Patch2: krb5-1.6.1-compile_pie.dif
|
||||||
Patch3: krb5-1.4-fix-segfault.dif
|
Patch3: krb5-1.4-fix-segfault.dif
|
||||||
|
Patch4: krb5-1.6.2-post.dif
|
||||||
Patch6: trunk-EncryptWithMasterKey.dif
|
Patch6: trunk-EncryptWithMasterKey.dif
|
||||||
Patch14: warning-fix-lib-crypto-des.dif
|
Patch14: warning-fix-lib-crypto-des.dif
|
||||||
Patch15: warning-fix-lib-crypto-dk.dif
|
Patch15: warning-fix-lib-crypto-dk.dif
|
||||||
@ -95,6 +96,7 @@ fi
|
|||||||
%patch1
|
%patch1
|
||||||
%patch2
|
%patch2
|
||||||
%patch3
|
%patch3
|
||||||
|
%patch4
|
||||||
%patch6
|
%patch6
|
||||||
%patch14
|
%patch14
|
||||||
%patch15
|
%patch15
|
||||||
@ -205,6 +207,16 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 07 2007 - mc@suse.de
|
||||||
|
- add krb5-1.6.2-post.dif
|
||||||
|
* during the referrals loop, check to see if the
|
||||||
|
session key enctype of a returned credential for the final
|
||||||
|
service is among the enctypes explicitly selected by the
|
||||||
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
|
the file descriptor open.
|
||||||
* Thu Jul 12 2007 - mc@suse.de
|
* Thu Jul 12 2007 - mc@suse.de
|
||||||
- update to version 1.6.2
|
- update to version 1.6.2
|
||||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||||
|
13
krb5.changes
13
krb5.changes
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
- add krb5-1.6.2-post.dif
|
||||||
|
* during the referrals loop, check to see if the
|
||||||
|
session key enctype of a returned credential for the final
|
||||||
|
service is among the enctypes explicitly selected by the
|
||||||
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
|
the file descriptor open.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
|
14
krb5.spec
14
krb5.spec
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.6.2
|
Version: 1.6.2
|
||||||
Release: 1
|
Release: 9
|
||||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||||
%if %{suse_version} > 1010
|
%if %{suse_version} > 1010
|
||||||
BuildRequires: keyutils keyutils-devel
|
BuildRequires: keyutils keyutils-devel
|
||||||
@ -35,6 +35,7 @@ Source5: krb5-1.6.1-rpmlintrc
|
|||||||
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
||||||
Patch2: krb5-1.6.1-compile_pie.dif
|
Patch2: krb5-1.6.1-compile_pie.dif
|
||||||
Patch3: krb5-1.4-fix-segfault.dif
|
Patch3: krb5-1.4-fix-segfault.dif
|
||||||
|
Patch4: krb5-1.6.2-post.dif
|
||||||
Patch6: trunk-EncryptWithMasterKey.dif
|
Patch6: trunk-EncryptWithMasterKey.dif
|
||||||
Patch14: warning-fix-lib-crypto-des.dif
|
Patch14: warning-fix-lib-crypto-des.dif
|
||||||
Patch15: warning-fix-lib-crypto-dk.dif
|
Patch15: warning-fix-lib-crypto-dk.dif
|
||||||
@ -186,6 +187,7 @@ fi
|
|||||||
%patch1
|
%patch1
|
||||||
%patch2
|
%patch2
|
||||||
%patch3
|
%patch3
|
||||||
|
%patch4
|
||||||
%patch6
|
%patch6
|
||||||
%patch14
|
%patch14
|
||||||
%patch15
|
%patch15
|
||||||
@ -509,6 +511,16 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man1/krb5-config.1*
|
%{_mandir}/man1/krb5-config.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 07 2007 - mc@suse.de
|
||||||
|
- add krb5-1.6.2-post.dif
|
||||||
|
* during the referrals loop, check to see if the
|
||||||
|
session key enctype of a returned credential for the final
|
||||||
|
service is among the enctypes explicitly selected by the
|
||||||
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
|
the file descriptor open.
|
||||||
* Thu Jul 12 2007 - mc@suse.de
|
* Thu Jul 12 2007 - mc@suse.de
|
||||||
- update to version 1.6.2
|
- update to version 1.6.2
|
||||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||||
|
Loading…
Reference in New Issue
Block a user