Hello community,
here is the log from the commit of package pam_krb5
checked in at Tue Nov 6 00:44:27 CET 2007.
--------
--- pam_krb5/pam_krb5.changes 2007-10-29 11:57:57.000000000 +0100
+++ /mounts/work_src_done/STABLE/pam_krb5/pam_krb5.changes 2007-11-05 17:55:24.821420000 +0100
@@ -1,0 +2,8 @@
+Mon Nov 5 17:51:05 CET 2007 - mc@suse.de
+
+- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
+ fix permissions on the ccache im not file case
+- pam_krb5-2.2.20-1-debug-log-choice.dif
+ improve debug log
+
+-------------------------------------------------------------------
New:
----
pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
pam_krb5-2.2.20-1-debug-log-choice.dif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_krb5.spec ++++++
--- /var/tmp/diff_new_pack.o17094/_old 2007-11-06 00:43:55.000000000 +0100
+++ /var/tmp/diff_new_pack.o17094/_new 2007-11-06 00:43:55.000000000 +0100
@@ -18,12 +18,14 @@
Provides: pam_krb
AutoReqProv: on
Version: 2.2.20
-Release: 1
+Release: 5
Summary: PAM Module for Kerberos Authentication
Url: http://sourceforge.net/projects/pam-krb5/
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
Patch1: pam_krb5-2.2.0-0.5-configure_ac.dif
Patch2: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
+Patch3: pam_krb5-2.2.20-1-debug-log-choice.dif
+Patch4: pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -41,6 +43,8 @@
%setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
%patch1
%patch2
+%patch3
+%patch4
%build
%{suse_update_config -f}
@@ -71,6 +75,11 @@
%attr(444,root,root) %_mandir/man*/*.*
%attr(755,root,root) /usr/bin/afs5log
%changelog
+* Mon Nov 05 2007 - mc@suse.de
+- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
+ fix permissions on the ccache im not file case
+- pam_krb5-2.2.20-1-debug-log-choice.dif
+ improve debug log
* Mon Oct 29 2007 - mc@suse.de
- version 2.2.20
* fixes for credential refreshing
++++++ pam_krb5-2.2.20-1-copy-cache-priv-fix.dif ++++++
--- src/stash.c
+++ src/stash.c 2007/11/05 16:50:15
@@ -888,10 +888,23 @@
krb5_cc_close(ctx, occache);
return;
}
+
+ /* switch effective user and group*/
+ uid_t save_euid = geteuid();
+ gid_t save_egid = getegid();
+
+ setresgid(-1, gid, save_egid);
+ setresuid(-1, uid, save_euid);
+ debug("switch to effective user %d:%d", geteuid(), getegid());
+
if (krb5_cc_resolve(ctx, newname, &nccache) != 0) {
warn("error creating ccache \"%s\"", newname);
free(newname);
krb5_cc_close(ctx, occache);
+
+ /* switch back to old user */
+ setresuid(-1, save_euid, -1);
+ setresgid(-1, save_egid, -1);
return;
}
if (_pam_krb5_stash_cc_copy(ctx, occache, nccache) == 0) {
@@ -905,6 +918,11 @@
stash->v5ccnames->name = newname;
krb5_cc_close(ctx, nccache);
krb5_cc_destroy(ctx, occache);
+
+ /* switch back to old user */
+ setresuid(-1, save_euid, -1);
+ setresgid(-1, save_egid, -1);
+
/* If the new source and the destination are files,
* re-clone it to get the permissions right. */
if (strncmp(options->ccname_template,
@@ -915,6 +933,10 @@
uid, gid);
}
} else {
+ /* switch back to old user */
+ setresuid(-1, save_euid, -1);
+ setresgid(-1, save_egid, -1);
+
warn("error copying credentials from \"%s\" to "
"\"%s\" for the user", stash->v5ccnames->name,
newname);
++++++ pam_krb5-2.2.20-1-debug-log-choice.dif ++++++
--- src/options.c
+++ src/options.c 2007/11/05 15:20:39
@@ -40,6 +40,7 @@
#include
participants (1)
-
root@Hilbert.suse.de