Hello community, here is the log from the commit of package pam_krb5 checked in at Mon Sep 1 15:27:40 CEST 2008. -------- --- pam_krb5/pam_krb5.changes 2008-06-20 16:31:38.000000000 +0200 +++ /mounts/work_src_done/STABLE/pam_krb5/pam_krb5.changes 2008-09-01 11:20:40.543799000 +0200 @@ -1,0 +2,5 @@ +Mon Sep 1 11:19:22 CEST 2008 - mc@suse.de + +- validate new fetched credentials + +------------------------------------------------------------------- New: ---- pam_krb5-2.3.1-post.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_krb5.spec ++++++ --- /var/tmp/diff_new_pack.i14594/_old 2008-09-01 15:27:28.000000000 +0200 +++ /var/tmp/diff_new_pack.i14594/_new 2008-09-01 15:27:28.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package pam_krb5 (Version 2.3.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -19,7 +26,7 @@ Provides: pam_krb AutoReqProv: on Version: 2.3.1 -Release: 1 +Release: 28 Summary: PAM Module for Kerberos Authentication Url: http://sourceforge.net/projects/pam-krb5/ Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2 @@ -29,6 +36,7 @@ Patch3: pam_krb5-2.3.1-log-choise.dif Patch4: pam_krb5-po-Makevars.dif Patch5: pam_krb5-LINGUAS.dif +Patch6: pam_krb5-2.3.1-post.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -50,6 +58,7 @@ %patch3 -p1 %patch4 -p1 %patch5 +%patch6 %build %{suse_update_config -f} @@ -84,6 +93,8 @@ %attr(755,root,root) /usr/bin/afs5log %changelog +* Mon Sep 01 2008 mc@suse.de +- validate new fetched credentials * Fri Jun 20 2008 mc@suse.de - version 2.3.1 * translations for messages! ++++++ pam_krb5-2.3.1-post.dif ++++++ Index: src/v5.c =================================================================== --- src/v5.c.orig +++ src/v5.c @@ -1,5 +1,5 @@ /* - * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc. + * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -889,11 +889,19 @@ v5_get_creds(krb5_context ctx, tmpcreds.server = service_principal; i = krb5_cc_retrieve_cred(ctx, ccache, 0, &tmpcreds, creds); - /* FIXME: check if the creds are expired? - * What's the right error code if we check, and - * they are? */ memset(&tmpcreds, 0, sizeof(tmpcreds)); krb5_cc_close(ctx, ccache); + switch (v5_validate(ctx, creds, options)) { + case 0: + /* we're fine */ + break; + default: + /* something (anything) went wrong -- + * discard them */ + krb5_free_cred_contents(ctx, creds); + i = KRB5KRB_ERR_GENERIC; + break; + } } else { warn("error opening default ccache"); i = KRB5_CC_NOTFOUND; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org