Hello community,
here is the log from the commit of package pam_krb5 for openSUSE:Factory
checked in at Mon Jul 27 23:56:15 CEST 2009.
--------
--- pam_krb5/pam_krb5.changes 2009-06-24 19:30:59.000000000 +0200
+++ pam_krb5/pam_krb5.changes 2009-07-27 11:55:10.000000000 +0200
@@ -1,0 +2,8 @@
+Mon Jul 27 11:53:30 CEST 2009 - mc@novell.com
+
+- version 2.3.7
+ * when refreshing credentials, store the new creds in the default
+ ccache if $KRB5CCNAME isn't set.
+ * prefer a "host" key, if one is found, when validating TGTs
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
pam_krb5-2.3.5-1.tar.bz2
New:
----
pam_krb5-2.3.7-1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_krb5.spec ++++++
--- /var/tmp/diff_new_pack.96UUcN/_old 2009-07-27 23:54:22.000000000 +0200
+++ /var/tmp/diff_new_pack.96UUcN/_new 2009-07-27 23:54:22.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package pam_krb5 (Version 2.3.5)
+# spec file for package pam_krb5 (Version 2.3.7)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -30,8 +30,8 @@
Obsoletes: pam_krb5-64bit
%endif
#
-Version: 2.3.5
-Release: 3
+Version: 2.3.7
+Release: 1
Summary: PAM Module for Kerberos Authentication
Url: http://sourceforge.net/projects/pam-krb5/
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
++++++ pam_krb5-2.3.5-1.tar.bz2 -> pam_krb5-2.3.7-1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/ChangeLog new/pam_krb5-2.3.7-1/ChangeLog
--- old/pam_krb5-2.3.5-1/ChangeLog 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/ChangeLog 2009-06-29 09:50:36.000000000 +0200
@@ -1,3 +1,21 @@
+2009-06-26
+ * src/options.c(option_b): don't leak the list of values
+
+2009-06-26
+ * src/sly.c(_pam_krb5_sly_maybe_refresh): refresh creds in the default
+ ccache location when KRB5CCNAME isn't set in the environment (#507984)
+
+2009-06-26
+ * src/stash.c: derive the stash name from the user some bits of the
+ configuration rather than the principal name which we end up hopefully
+ deriving using the user and those bits of the configuration.
+ * src/options.c: hang on to a copy of the mappings list, in its
+ original form, for use later
+
+2009-06-15
+ * src/v5.c(v5_validate): walk the keytab, looking for a host key,
+ and fall back to just using the first one (#450776)
+
2009-06-09
* src/initopts.c,src/v5.c: compile fixes for krb5 1.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/NEWS new/pam_krb5-2.3.7-1/NEWS
--- old/pam_krb5-2.3.5-1/NEWS 2009-06-08 09:47:33.000000000 +0200
+++ new/pam_krb5-2.3.7-1/NEWS 2009-06-29 09:50:36.000000000 +0200
@@ -1,3 +1,7 @@
+- 2.3.7: * when refreshing credentials, store the new creds in the default
+ ccache if $KRB5CCNAME isn't set (#507984)
+- 2.3.6: * prefer a "host" key, if one is found, when validating TGTs
+ (#450776)
- 2.3.5: * make prompting behavior for non-existent accounts and users who
just press enter match up with those who aren't/don't (#502602,
CVE-2009-1384)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/pam_krb5.spec new/pam_krb5-2.3.7-1/pam_krb5.spec
--- old/pam_krb5-2.3.5-1/pam_krb5.spec 2009-06-08 09:47:33.000000000 +0200
+++ new/pam_krb5-2.3.7-1/pam_krb5.spec 2009-06-29 09:50:36.000000000 +0200
@@ -1,6 +1,6 @@
Summary: A Pluggable Authentication Module for Kerberos 5.
Name: pam_krb5
-Version: 2.3.5
+Version: 2.3.7
Release: 1%{?dist}
Source0: pam_krb5-%{version}-1.tar.gz
License: BSD or LGPLv2+
@@ -50,6 +50,14 @@
%doc README* COPYING* ChangeLog NEWS
%changelog
+* Fri Jun 26 2009 Nalin Dahyabhai - 2.3.7-1
+- when called to refresh credentials, store the new creds in the default
+ ccache location if $KRB5CCNAME isn't set (#507984)
+
+* Mon Jun 15 2009 Nalin Dahyabhai - 2.3.6-1
+- prefer keys for services matching the pattern host/*@clientrealm when
+ validating (#450776)
+
* Fri Jun 5 2009 Nalin Dahyabhai - 2.3.5-1
- when we get asked for the user's long-term key, use a plain Password:
prompt value rather than the library-supplied one
Files old/pam_krb5-2.3.5-1/po/ca.gmo and new/pam_krb5-2.3.7-1/po/ca.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/ca.po new/pam_krb5-2.3.7-1/po/ca.po
--- old/pam_krb5-2.3.5-1/po/ca.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/ca.po 2009-07-27 11:52:19.000000000 +0200
@@ -20,7 +20,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-10-18 12:12+0200\n"
"Last-Translator: Xavier Conde Rueda \n"
"Language-Team: Catalan \n"
Files old/pam_krb5-2.3.5-1/po/cs.gmo and new/pam_krb5-2.3.7-1/po/cs.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/cs.po new/pam_krb5-2.3.7-1/po/cs.po
--- old/pam_krb5-2.3.5-1/po/cs.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/cs.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: system-config-firewall.master\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-06-08 20:58+0200\n"
"Last-Translator: Miloslav Trmač \n"
"Language-Team: Czech \n"
Files old/pam_krb5-2.3.5-1/po/de.gmo and new/pam_krb5-2.3.7-1/po/de.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/de.po new/pam_krb5-2.3.7-1/po/de.po
--- old/pam_krb5-2.3.5-1/po/de.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/de.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-03-13 16:08+0000\n"
"Last-Translator: Michael Calmer \n"
"Language-Team: Novell Language \n"
Files old/pam_krb5-2.3.5-1/po/el.gmo and new/pam_krb5-2.3.7-1/po/el.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/el.po new/pam_krb5-2.3.7-1/po/el.po
--- old/pam_krb5-2.3.5-1/po/el.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/el.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: el\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-10 22:03+0300\n"
"Last-Translator: Dimitris Glezos \n"
"Language-Team: Greek Fedora team \n"
Files old/pam_krb5-2.3.5-1/po/es.gmo and new/pam_krb5-2.3.7-1/po/es.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/es.po new/pam_krb5-2.3.7-1/po/es.po
--- old/pam_krb5-2.3.5-1/po/es.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/es.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-12-14 11:26-0200\n"
"Last-Translator: H. Daniel Cabrera \n"
"Language-Team: Spanish \n"
Files old/pam_krb5-2.3.5-1/po/fa.gmo and new/pam_krb5-2.3.7-1/po/fa.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/fa.po new/pam_krb5-2.3.7-1/po/fa.po
--- old/pam_krb5-2.3.5-1/po/fa.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/fa.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: 0.1\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2009-03-15 22:59+0330\n"
"Last-Translator: Mohsen Saeedi \n"
"Language-Team: Persian \n"
Files old/pam_krb5-2.3.5-1/po/fr.gmo and new/pam_krb5-2.3.7-1/po/fr.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/fr.po new/pam_krb5-2.3.7-1/po/fr.po
--- old/pam_krb5-2.3.5-1/po/fr.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/fr.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,12 +9,12 @@
"Project-Id-Version: pam_krb5 2.3.2\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: src/auth.c:132 src/auth.c:325
Files old/pam_krb5-2.3.5-1/po/hu.gmo and new/pam_krb5-2.3.7-1/po/hu.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/hu.po new/pam_krb5-2.3.7-1/po/hu.po
--- old/pam_krb5-2.3.5-1/po/hu.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/hu.po 2009-07-27 11:52:19.000000000 +0200
@@ -3,7 +3,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-30 07:23+0100\n"
"Last-Translator: Sulyok Péter \n"
"Language-Team: Hungarian \n"
Files old/pam_krb5-2.3.5-1/po/it.gmo and new/pam_krb5-2.3.7-1/po/it.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/it.po new/pam_krb5-2.3.7-1/po/it.po
--- old/pam_krb5-2.3.5-1/po/it.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/it.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: it\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-16 20:38+0200\n"
"Last-Translator: Francesco Tombolini \n"
"Language-Team: Italiano \n"
Files old/pam_krb5-2.3.5-1/po/ms.gmo and new/pam_krb5-2.3.7-1/po/ms.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/ms.po new/pam_krb5-2.3.7-1/po/ms.po
--- old/pam_krb5-2.3.5-1/po/ms.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/ms.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-10-29 22:02+0800\n"
"Last-Translator: Sharuzzaman Ahmat Raslan \n"
"Language-Team: Malay \n"
Files old/pam_krb5-2.3.5-1/po/nl.gmo and new/pam_krb5-2.3.7-1/po/nl.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/nl.po new/pam_krb5-2.3.7-1/po/nl.po
--- old/pam_krb5-2.3.5-1/po/nl.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/nl.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-09-04 23:14+0200\n"
"Last-Translator: Peter van Egdom \n"
"Language-Team: Dutch \n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/pam_krb5.pot new/pam_krb5-2.3.7-1/po/pam_krb5.pot
--- old/pam_krb5-2.3.5-1/po/pam_krb5.pot 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/pam_krb5.pot 2009-07-27 11:52:19.000000000 +0200
@@ -6,10 +6,10 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: pam_krb5 2.3.5\n"
+"Project-Id-Version: pam_krb5 2.3.7\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
Files old/pam_krb5-2.3.5-1/po/pl.gmo and new/pam_krb5-2.3.7-1/po/pl.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/pl.po new/pam_krb5-2.3.7-1/po/pl.po
--- old/pam_krb5-2.3.5-1/po/pl.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/pl.po 2009-07-27 11:52:19.000000000 +0200
@@ -6,7 +6,7 @@
"Project-Id-Version: pl\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-10 21:56+0200\n"
"Last-Translator: Piotr Drąg \n"
"Language-Team: Polish \n"
Files old/pam_krb5-2.3.5-1/po/pt_BR.gmo and new/pam_krb5-2.3.7-1/po/pt_BR.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/pt_BR.po new/pam_krb5-2.3.7-1/po/pt_BR.po
--- old/pam_krb5-2.3.5-1/po/pt_BR.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/pt_BR.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-07-17 22:52-0300\n"
"Last-Translator: Taylon Silmer \n"
"Language-Team: Brazilian Portuguese \n"
Files old/pam_krb5-2.3.5-1/po/ro.gmo and new/pam_krb5-2.3.7-1/po/ro.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/ro.po new/pam_krb5-2.3.7-1/po/ro.po
--- old/pam_krb5-2.3.5-1/po/ro.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/ro.po 2009-07-27 11:52:19.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: Pam_krbr5 VERSION\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2009-02-22 22:41+0200\n"
"Last-Translator: Florin Dăscălache \n"
"Language-Team: Romanian \n"
Files old/pam_krb5-2.3.5-1/po/sr.gmo and new/pam_krb5-2.3.7-1/po/sr.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/sr.po new/pam_krb5-2.3.7-1/po/sr.po
--- old/pam_krb5-2.3.5-1/po/sr.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/sr.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-12 19:23+0100\n"
"Last-Translator: Miloš Komarčević \n"
"Language-Team: Serbian (sr) \n"
Files old/pam_krb5-2.3.5-1/po/sr@latin.gmo and new/pam_krb5-2.3.7-1/po/sr@latin.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/sr@latin.po new/pam_krb5-2.3.7-1/po/sr@latin.po
--- old/pam_krb5-2.3.5-1/po/sr@latin.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/sr@latin.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-04-12 19:23+0100\n"
"Last-Translator: Miloš Komarčević \n"
"Language-Team: Serbian (sr) \n"
Files old/pam_krb5-2.3.5-1/po/sv.gmo and new/pam_krb5-2.3.7-1/po/sv.gmo differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/po/sv.po new/pam_krb5-2.3.7-1/po/sv.po
--- old/pam_krb5-2.3.5-1/po/sv.po 2009-06-15 15:30:35.000000000 +0200
+++ new/pam_krb5-2.3.7-1/po/sv.po 2009-07-27 11:52:19.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-06-15 15:30+0200\n"
+"POT-Creation-Date: 2009-07-27 11:52+0200\n"
"PO-Revision-Date: 2008-10-22 18:04+0100\n"
"Last-Translator: Daniel Nylander \n"
"Language-Team: Swedish \n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/acct.c new/pam_krb5-2.3.7-1/src/acct.c
--- old/pam_krb5-2.3.5-1/src/acct.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/acct.c 2009-06-29 09:50:36.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2008,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -126,7 +126,7 @@
}
/* Get the stash for this user. */
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
if (stash == NULL) {
_pam_krb5_user_info_free(ctx, userinfo);
_pam_krb5_options_free(pamh, ctx, options);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/auth.c new/pam_krb5-2.3.7-1/src/auth.c
--- old/pam_krb5-2.3.5-1/src/auth.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/auth.c 2009-06-29 09:50:36.000000000 +0200
@@ -186,7 +186,7 @@
}
/* Get the stash for this user. */
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
if (stash == NULL) {
warn("error retrieving stash for '%s' (shouldn't happen)",
user);
@@ -486,7 +486,7 @@
if (retval == PAM_SUCCESS) {
if (options->use_shmem) {
_pam_krb5_stash_shm_write(pamh, stash, options,
- userinfo);
+ user, userinfo);
}
notice("authentication succeeds for '%s' (%s)", user,
userinfo->unparsed_name);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/options.c new/pam_krb5-2.3.7-1/src/options.c
--- old/pam_krb5-2.3.5-1/src/options.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/options.c 2009-06-29 09:50:36.000000000 +0200
@@ -106,11 +106,16 @@
if ((ret == -1) && (realm != NULL) &&
(service != NULL) && (strlen(service) > 0)) {
list = option_l(argc, argv, ctx, realm, s, "");
- for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) {
- if (strcmp(list[i], service) == 0) {
- ret = 1;
- break;
+ if (list != NULL) {
+ for (i = 0;
+ ((list != NULL) && (list[i] != NULL));
+ i++) {
+ if (strcmp(list[i], service) == 0) {
+ ret = 1;
+ break;
+ }
}
+ free_l(list);
}
}
@@ -902,6 +907,8 @@
}
}
+ options->mappings_s = option_s(argc, argv,
+ ctx, options->realm, "mappings", "");
list = option_l(argc, argv, ctx, options->realm, "mappings", "");
for (i = 0; (list != NULL) && (list[i] != NULL); i++) {
/* nothing */
@@ -970,5 +977,7 @@
}
free(options->mappings);
options->mappings = NULL;
+ free(options->mappings_s);
+ options->mappings_s = NULL;
free(options);
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/options.h new/pam_krb5-2.3.7-1/src/options.h
--- old/pam_krb5-2.3.5-1/src/options.h 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/options.h 2009-06-29 09:50:36.000000000 +0200
@@ -91,6 +91,7 @@
} *afs_cells;
int n_afs_cells;
+ char *mappings_s;
struct name_mapping {
char *pattern, *replacement;
} *mappings;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/pam_krb5.8 new/pam_krb5-2.3.7-1/src/pam_krb5.8
--- old/pam_krb5-2.3.5-1/src/pam_krb5.8 2009-06-15 15:30:21.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/pam_krb5.8 2009-07-27 11:52:13.000000000 +0200
@@ -4,13 +4,13 @@
pam_krb5 \- Kerberos 5 authentication
.SH SYNOPSIS
-.B auth required /lib/security/pam_krb5.so
+.B auth required /lib64/security/pam_krb5.so
.br
-.B session optional /lib/security/pam_krb5.so
+.B session optional /lib64/security/pam_krb5.so
.br
-.B account sufficient /lib/security/pam_krb5.so
+.B account sufficient /lib64/security/pam_krb5.so
.br
-.B password sufficient /lib/security/pam_krb5.so
+.B password sufficient /lib64/security/pam_krb5.so
.SH DESCRIPTION
The pam_krb5.so module is designed to allow smooth integration of Kerberos 5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/pam_krb5_storetmp.8 new/pam_krb5-2.3.7-1/src/pam_krb5_storetmp.8
--- old/pam_krb5-2.3.5-1/src/pam_krb5_storetmp.8 2009-06-15 15:30:21.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/pam_krb5_storetmp.8 2009-07-27 11:52:13.000000000 +0200
@@ -1,7 +1,7 @@
.TH pam_krb5_storetmp 8 2005/10/05 "Red Hat Linux" "System Administrator's Manual"
.SH NAME
-/lib/security/pam_krb5/pam_krb5_storetmp \- Temporary file helper
+/lib64/security/pam_krb5/pam_krb5_storetmp \- Temporary file helper
.SH SYNOPSIS
.B pam_krb5_storetmp pattern [uid] [gid]
@@ -29,7 +29,7 @@
creating the file. The helper continues in its task if the attempt fails.
.SH FILES
-\fI/lib/security/pam_krb5.so\fR
+\fI/lib64/security/pam_krb5.so\fR
.br
.SH "SEE ALSO"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/pam_newpag.8 new/pam_krb5-2.3.7-1/src/pam_newpag.8
--- old/pam_krb5-2.3.5-1/src/pam_newpag.8 2009-06-15 15:30:21.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/pam_newpag.8 2009-07-27 11:52:13.000000000 +0200
@@ -4,9 +4,9 @@
pam_newpag \- create a new process authentication group
.SH SYNOPSIS
-.B auth optional /lib/security/pam_newpag.so
+.B auth optional /lib64/security/pam_newpag.so
.br
-.B session optional /lib/security/pam_newpag.so
+.B session optional /lib64/security/pam_newpag.so
.SH DESCRIPTION
The pam_newpag.so module's sole purpose is to provide a workaround for
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/password.c new/pam_krb5-2.3.7-1/src/password.c
--- old/pam_krb5-2.3.5-1/src/password.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/password.c 2009-06-29 09:50:36.000000000 +0200
@@ -155,7 +155,7 @@
* second pass. It should have a low lifetime, so we needn't free it
* just now. */
retval = PAM_AUTH_ERR;
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
/* If this is the first pass, just check the user's password by
* obtaining a password-changing initial ticket. */
@@ -466,7 +466,7 @@
if (options->use_shmem) {
_pam_krb5_stash_shm_write(pamh, stash,
options,
- userinfo);
+ user, userinfo);
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/session.c new/pam_krb5-2.3.7-1/src/session.c
--- old/pam_krb5-2.3.5-1/src/session.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/session.c 2009-06-29 09:50:36.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2008,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -72,7 +72,7 @@
int argc, PAM_KRB5_MAYBE_CONST char **argv)
{
PAM_KRB5_MAYBE_CONST char *user;
- char envstr[PATH_MAX + 20];
+ char envstr[PATH_MAX + 20], *segname;
const char *ccname;
krb5_context ctx;
struct _pam_krb5_options *options;
@@ -140,7 +140,7 @@
}
/* Get the stash for this user. */
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
if (stash == NULL) {
warn("no stash for '%s' (shouldn't happen)", user);
_pam_krb5_user_info_free(ctx, userinfo);
@@ -167,11 +167,11 @@
_pam_krb5_shm_remove(stash->v5shm_owner, stash->v5shm,
options->debug);
stash->v5shm = -1;
- snprintf(envstr, sizeof(envstr),
- PAM_KRB5_STASH_TEMPLATE
- PAM_KRB5_STASH_SHM5_SUFFIX,
- userinfo->unparsed_name);
- pam_putenv(pamh, envstr);
+ _pam_krb5_stash_shm5_name(options, user, &segname);
+ if (segname != NULL) {
+ pam_putenv(pamh, segname);
+ free(segname);
+ }
}
#ifdef USE_KRB4
if ((stash->v4shm != -1) && (stash->v4shm_owner != -1)) {
@@ -183,11 +183,11 @@
_pam_krb5_shm_remove(stash->v4shm_owner, stash->v4shm,
options->debug);
stash->v4shm = -1;
- snprintf(envstr, sizeof(envstr),
- PAM_KRB5_STASH_TEMPLATE
- PAM_KRB5_STASH_SHM4_SUFFIX,
- userinfo->unparsed_name);
- pam_putenv(pamh, envstr);
+ _pam_krb5_stash_shm4_name(options, user, &segname);
+ if (segname != NULL) {
+ pam_putenv(pamh, segname);
+ free(segname);
+ }
}
#endif
}
@@ -369,7 +369,7 @@
}
/* Get the stash for this user. */
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
if (stash == NULL) {
warn("no stash for user %s (shouldn't happen)", user);
_pam_krb5_user_info_free(ctx, userinfo);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/sly.c new/pam_krb5-2.3.7-1/src/sly.c
--- old/pam_krb5-2.3.5-1/src/sly.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/sly.c 2009-06-29 09:50:36.000000000 +0200
@@ -34,6 +34,8 @@
#include
#include
+#include
+#include
#include
#include
#include
@@ -159,7 +161,10 @@
int i, retval, stored;
uid_t uid;
gid_t gid;
- char *v5ccname, *v5filename, *v4tktfile;
+ const char *v5ccname, *v5filename, *v4tktfile;
+#ifdef TKT_ROOT
+ char v4tktfilebuf[PATH_MAX];
+#endif
/* Inexpensive checks. */
switch (_pam_krb5_sly_looks_unsafe()) {
@@ -237,7 +242,7 @@
}
/* Get the stash for this user. */
- stash = _pam_krb5_stash_get(pamh, userinfo, options);
+ stash = _pam_krb5_stash_get(pamh, user, userinfo, options);
if (stash == NULL) {
warn("error retrieving stash for '%s' (shouldn't happen)",
user);
@@ -249,15 +254,28 @@
retval = PAM_SERVICE_ERR;
- /* Save credentials in the right files. */
- v5ccname = getenv("KRB5CCNAME");
+ /* Save credentials in the right places. */
+ v5ccname = krb5_cc_default_name(ctx);
v5filename = NULL;
if (v5ccname == NULL) {
- /* Ignore us. We have nothing to do. */
- retval = PAM_SUCCESS;
- }
- if ((v5ccname != NULL) && (strncmp(v5ccname, "FILE:", 5) == 0)) {
- v5filename = v5ccname + 5;
+ /* This should never happen, but all we can do is tell libpam
+ * to ignore us. We have nothing to do. */
+ if (options->debug) {
+ debug("ignoring '%s' -- no default ccache name", user);
+ }
+ retval = PAM_IGNORE;
+ } else {
+ if (strncmp(v5ccname, "FILE:", 5) == 0) {
+ v5filename = v5ccname + 5;
+ if (options->debug) {
+ debug("ccache is a file named '%s'",
+ v5filename);
+ }
+ } else {
+ if (options->debug) {
+ debug("ccache '%s' is not a file", v5ccname);
+ }
+ }
}
stored = 0;
@@ -297,7 +315,8 @@
}
} else {
if (v5ccname != NULL) {
- /* Go ahead and update the current ccache. */
+ /* Go ahead and update the current not-a-file
+ * ccache. */
if (options->debug) {
debug("updating ccache '%s' for '%s'",
v5ccname, user);
@@ -306,9 +325,22 @@
stored = (retval == PAM_SUCCESS);
}
}
+ } else {
+ if (options->debug) {
+ debug("no credentials available to store in '%s'",
+ v5ccname);
+ }
+ retval = PAM_SUCCESS;
}
v4tktfile = getenv("KRBTKFILE");
+#ifdef TKT_ROOT
+ if ((v4tktfile == NULL) && (options->user_check)) {
+ snprintf(v4tktfilebuf, sizeof(v4tktfilebuf), "%s%ld",
+ TKT_ROOT, (long) uid);
+ v4tktfile = v4tktfilebuf;
+ }
+#endif
if ((stash->v4present) && (v4tktfile != NULL)) {
if (access(v4tktfile, R_OK | W_OK) == 0) {
if (lstat(v4tktfile, &st) == 0) {
@@ -333,11 +365,19 @@
} else {
if (errno == ENOENT) {
/* We have nothing to do. */
+ if (options->debug) {
+ debug("no preexisting ticket "
+ "file found");
+ }
retval = PAM_SUCCESS;
}
}
} else {
/* Touch nothing. */
+ if (options->debug) {
+ debug("unable to access preexisting ticket "
+ "file");
+ }
retval = PAM_SUCCESS;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/stash.c new/pam_krb5-2.3.7-1/src/stash.c
--- old/pam_krb5-2.3.5-1/src/stash.c 2008-10-06 16:16:40.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/stash.c 2009-06-29 09:50:36.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,6 +70,61 @@
#include "v5.h"
#include "xstr.h"
+#define PAM_KRB5_STASH_TEMPLATE "_pam_krb5_stash_%s_%s_%s_%d"
+#define PAM_KRB5_STASH_SHM5_SUFFIX "_shm5"
+#define PAM_KRB5_STASH_SHM4_SUFFIX "_shm4"
+
+static void
+_pam_krb5_stash_name_with_suffix(struct _pam_krb5_options *options,
+ const char *user, const char *suffix,
+ char **name)
+{
+ int i;
+ *name = malloc(strlen(PAM_KRB5_STASH_TEMPLATE) +
+ strlen(user) + strlen(options->realm) +
+ (options->mappings_s ? strlen(options->mappings_s) : 0) +
+ 3 +
+ (suffix ? strlen(suffix) : 0) +
+ 1);
+ if (*name != NULL) {
+ sprintf(*name, PAM_KRB5_STASH_TEMPLATE "%s",
+ user, options->realm,
+ options->mappings_s ? options->mappings_s : NULL,
+ options->user_check,
+ suffix ? suffix : "");
+ for (i = 0; (*name)[i] != '\0'; i++) {
+ if (strchr("= ", (*name)[i]) != NULL) {
+ (*name)[i] = '_';
+ }
+ }
+ }
+}
+
+void
+_pam_krb5_stash_name(struct _pam_krb5_options *options,
+ const char *user, char **name)
+{
+ _pam_krb5_stash_name_with_suffix(options, user, NULL, name);
+}
+
+void
+_pam_krb5_stash_shm5_name(struct _pam_krb5_options *options,
+ const char *user, char **name)
+{
+ _pam_krb5_stash_name_with_suffix(options, user,
+ PAM_KRB5_STASH_SHM5_SUFFIX, name);
+}
+
+#ifdef USE_KRB4
+void
+_pam_krb5_stash_shm4_name(struct _pam_krb5_options *options,
+ const char *user, char **name)
+{
+ _pam_krb5_stash_name_with_suffix(options, user,
+ PAM_KRB5_STASH_SHM4_SUFFIX, name);
+}
+#endif
+
static int
_pam_krb5_get_data_stash(pam_handle_t *pamh, const char *key,
struct _pam_krb5_stash **stash)
@@ -215,9 +270,10 @@
static void
_pam_krb5_stash_shm_write_v5(pam_handle_t *pamh, struct _pam_krb5_stash *stash,
struct _pam_krb5_options *options,
+ const char *user,
struct _pam_krb5_user_info *userinfo)
{
- char variable[PATH_MAX + 6];
+ char variable[PATH_MAX + 6], *segname;
void *blob;
int *intblob;
size_t blob_size;
@@ -261,7 +317,7 @@
close(fd);
return;
}
- if (krb5_cc_initialize(ctx, ccache, userinfo->principal_name) != 0) {
+ if (krb5_cc_initialize(ctx, ccache, stash->v5creds.client) != 0) {
warn("error initializing credential cache file \"%s\"",
variable + 5);
krb5_cc_close(ctx, ccache);
@@ -306,19 +362,23 @@
close(fd);
if (key != -1) {
- snprintf(variable, sizeof(variable),
- PAM_KRB5_STASH_TEMPLATE
- PAM_KRB5_STASH_SHM5_SUFFIX
- "=%d/%ld",
- userinfo->unparsed_name, key, (long) getpid());
- pam_putenv(pamh, variable);
- if (options->debug) {
- debug("saved v5 credentials to shared memory "
- "segment %d (creator pid %ld)", key,
- (long) getpid());
+ segname = NULL;
+ _pam_krb5_stash_shm5_name(options, user, &segname);
+ if (segname != NULL) {
+ snprintf(variable, sizeof(variable),
+ "%s=%d/%ld",
+ segname, key, (long) getpid());
+ free(segname);
+ pam_putenv(pamh, variable);
+ if (options->debug) {
+ debug("saved v5 credentials to shared memory "
+ "segment %d (creator pid %ld)", key,
+ (long) getpid());
+ debug("set '%s' in environment", variable);
+ }
+ stash->v5shm = key;
+ stash->v5shm_owner = getpid();
}
- stash->v5shm = key;
- stash->v5shm_owner = getpid();
} else {
warn("error saving v5 credential state to shared "
"memory segment");
@@ -365,11 +425,12 @@
static void
_pam_krb5_stash_shm_write_v4(pam_handle_t *pamh, struct _pam_krb5_stash *stash,
struct _pam_krb5_options *options,
+ const char *user,
struct _pam_krb5_user_info *userinfo)
{
void *blob;
int *intblob, key;
- char variable[PATH_MAX];
+ char variable[PATH_MAX], *segname;
key = _pam_krb5_shm_new_from_blob(pamh, sizeof(int) * 2,
&stash->v4creds,
sizeof(stash->v4creds),
@@ -378,19 +439,22 @@
intblob = blob;
intblob[0] = stash->v4present;
intblob[1] = sizeof(stash->v4creds);
- snprintf(variable, sizeof(variable),
- PAM_KRB5_STASH_TEMPLATE
- PAM_KRB5_STASH_SHM4_SUFFIX
- "=%d/%ld",
- userinfo->unparsed_name, key, (long) getpid());
- pam_putenv(pamh, variable);
- if (options->debug) {
- debug("saved v4 credential state to shared "
- "memory segment %d (creator pid %ld)", key,
- (long) getpid());
+ _pam_krb5_stash_shm4_name(options, user, &segname);
+ if (segname != NULL) {
+ snprintf(variable, sizeof(variable),
+ "%s=%d/%ld",
+ segname, key, (long) getpid());
+ free(segname);
+ pam_putenv(pamh, variable);
+ if (options->debug) {
+ debug("saved v4 credential state to shared "
+ "memory segment %d (creator pid %ld)",
+ key, (long) getpid());
+ debug("set '%s' in environment", variable);
+ }
+ stash->v4shm = key;
+ stash->v4shm_owner = getpid();
}
- stash->v4shm = key;
- stash->v4shm_owner = getpid();
} else {
warn("error saving v4 credential state to shared "
"memory segment");
@@ -417,7 +481,8 @@
size_t blob_size;
/* Construct the name of a variable. */
- variable = malloc(strlen(partial_key) + 10);
+ variable = malloc(strlen(partial_key) +
+ 2 * strlen(PAM_KRB5_STASH_SHM5_SUFFIX) + 1);
if (variable == NULL) {
return;
}
@@ -511,11 +576,12 @@
void
_pam_krb5_stash_shm_write(pam_handle_t *pamh, struct _pam_krb5_stash *stash,
struct _pam_krb5_options *options,
+ const char *user,
struct _pam_krb5_user_info *userinfo)
{
- _pam_krb5_stash_shm_write_v5(pamh, stash, options, userinfo);
+ _pam_krb5_stash_shm_write_v5(pamh, stash, options, user, userinfo);
#ifdef USE_KRB4
- _pam_krb5_stash_shm_write_v4(pamh, stash, options, userinfo);
+ _pam_krb5_stash_shm_write_v4(pamh, stash, options, user, userinfo);
#endif
}
@@ -523,6 +589,7 @@
* exists, incorporate contents of the named ccache/tktfiles into the stash. */
static void
_pam_krb5_stash_external_read(pam_handle_t *pamh, struct _pam_krb5_stash *stash,
+ const char *user,
struct _pam_krb5_user_info *userinfo,
struct _pam_krb5_options *options)
{
@@ -575,7 +642,7 @@
princ = NULL;
} else {
if (options->debug) {
- debug("ccache is for a different principal, updating");
+ debug("ccache is for a new or different principal, updating");
}
/* Unparse the name. */
unparsed = NULL;
@@ -693,28 +760,24 @@
* pointer instead of making their own copy of the key, which could lead to
* crashes if we then deallocated the string. */
struct _pam_krb5_stash *
-_pam_krb5_stash_get(pam_handle_t *pamh, struct _pam_krb5_user_info *info,
+_pam_krb5_stash_get(pam_handle_t *pamh, const char *user,
+ struct _pam_krb5_user_info *info,
struct _pam_krb5_options *options)
{
krb5_context ctx;
struct _pam_krb5_stash *stash;
char *key;
- key = malloc(strlen(PAM_KRB5_STASH_TEMPLATE) +
- strlen(info->unparsed_name) +
- 1);
- if (key == NULL) {
- return NULL;
- }
- sprintf(key, PAM_KRB5_STASH_TEMPLATE, info->unparsed_name);
-
+ key = NULL;
stash = NULL;
- if ((_pam_krb5_get_data_stash(pamh, key, &stash) == PAM_SUCCESS) &&
+ _pam_krb5_stash_name(options, user, &key);
+ if ((key != NULL) &&
+ (_pam_krb5_get_data_stash(pamh, key, &stash) == PAM_SUCCESS) &&
(stash != NULL)) {
free(key);
if (options->external && (stash->v5attempted == 0)) {
_pam_krb5_stash_external_read(pamh, stash,
- info, options);
+ user, info, options);
if (stash->v5attempted && (stash->v5result == 0)) {
if ((_pam_krb5_init_ctx(&ctx, 0, NULL) == 0) &&
((options->v4 == 1) || (options->v4_for_afs == 1))) {
@@ -756,7 +819,7 @@
_pam_krb5_stash_shm_read(pamh, key, stash, options);
}
if (options->external && (stash->v5attempted == 0)) {
- _pam_krb5_stash_external_read(pamh, stash, info, options);
+ _pam_krb5_stash_external_read(pamh, stash, user, info, options);
if (stash->v5attempted && (stash->v5result == 0)) {
if ((_pam_krb5_init_ctx(&ctx, 0, NULL) == 0) &&
((options->v4 == 1) || (options->v4_for_afs == 1))) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/stash.h new/pam_krb5-2.3.7-1/src/stash.h
--- old/pam_krb5-2.3.5-1/src/stash.h 2008-04-17 14:04:00.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/stash.h 2009-06-29 09:50:36.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2007 Red Hat, Inc.
+ * Copyright 2003,2007,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -35,10 +35,6 @@
#include "userinfo.h"
-#define PAM_KRB5_STASH_TEMPLATE "_pam_krb5_stash_%s"
-#define PAM_KRB5_STASH_SHM5_SUFFIX "_shm5"
-#define PAM_KRB5_STASH_SHM4_SUFFIX "_shm4"
-
struct _pam_krb5_ccname_list {
char *name;
struct _pam_krb5_ccname_list *next;
@@ -65,6 +61,7 @@
};
struct _pam_krb5_stash *_pam_krb5_stash_get(pam_handle_t *pamh,
+ const char *user,
struct _pam_krb5_user_info *info,
struct _pam_krb5_options *options);
void _pam_krb5_stash_clone_v5(krb5_context ctx, struct _pam_krb5_stash *stash,
@@ -87,6 +84,13 @@
void _pam_krb5_stash_shm_write(pam_handle_t *pamh,
struct _pam_krb5_stash *stash,
struct _pam_krb5_options *options,
+ const char *user,
struct _pam_krb5_user_info *userinfo);
+void _pam_krb5_stash_name(struct _pam_krb5_options *options,
+ const char *user, char **name);
+void _pam_krb5_stash_shm5_name(struct _pam_krb5_options *options,
+ const char *user, char **name);
+void _pam_krb5_stash_shm4_name(struct _pam_krb5_options *options,
+ const char *user, char **name);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_krb5-2.3.5-1/src/v5.c new/pam_krb5-2.3.7-1/src/v5.c
--- old/pam_krb5-2.3.5-1/src/v5.c 2009-06-15 15:28:45.000000000 +0200
+++ new/pam_krb5-2.3.7-1/src/v5.c 2009-06-16 15:48:24.000000000 +0200
@@ -757,7 +757,6 @@
{
int i;
char *principal;
- krb5_data *comp;
krb5_principal princ;
krb5_keytab keytab;
krb5_kt_cursor cursor;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org