New upstream release v0.6.0

2017-01-18 23:38:16 +00:00 · 2017-01-18 23:38:16 +00:00 · 5068d17a09
commit 5068d17a09
parent d59e9cc267
4 changed files with 17 additions and 76 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@
 /gssproxy-0.4.1.tar.gz
 /gssproxy-0.5.0.tar.gz
 /gssproxy-0.5.1.tar.gz
 /gssproxy-0.6.0.tar.gz
--- a/gssproxy-0.5.1-socket_permission_checking.patch
+++ b/gssproxy-0.5.1-socket_permission_checking.patch
@ -1,73 +0,0 @@
 From bbda272145ebbe0cbb65467c1573e583b9e1b7c7 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 3 Jun 2016 14:30:36 +0000
 Subject: [PATCH] Use new socket if uid, pid, or gid changes
 The gssproxy daemon uses SO_PEERCRED to determine credentials of the
 connecting process.  However, these credentials are set only at the time
 connect has called.  Therefore they must be reset every time uid or pid
 changes.  For completeness, we check gid as well.
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 Reviewed-by: Simo Sorce <simo@redhat.com>
 Closes #27
 ---
 proxy/src/client/gpm_common.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
 index cb4ccdb..0a54dbc 100644
 --- a/proxy/src/client/gpm_common.c
 +++ b/proxy/src/client/gpm_common.c
@@ -13,6 +13,12 @@
 struct gpm_ctx {
     pthread_mutex_t lock;
     int fd;
 +
 +    /* these are only meaningful if fd != -1 */
 +    pid_t pid;
 +    uid_t uid;
 +    gid_t gid;
 +
     int next_xid;
 };
@@ -93,6 +99,9 @@ done:
         }
     }
     gpmctx->fd = fd;
 +    gpmctx->pid = getpid();
 +    gpmctx->uid = geteuid();
 +    gpmctx->gid = getegid();
     return ret;
 }
@@ -120,12 +129,25 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx)
 static int gpm_grab_sock(struct gpm_ctx *gpmctx)
 {
     int ret;
 +    pid_t p;
 +    uid_t u;
 +    gid_t g;
     ret = pthread_mutex_lock(&gpmctx->lock);
     if (ret) {
         return ret;
     }
 +    /* Detect fork / setresuid and friends */
 +    p = getpid();
 +    u = geteuid();
 +    g = getegid();
 +
 +    if (gpmctx->fd != -1 &&
 +        (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) {
 +        gpm_close_socket(gpmctx);
 +    }
 +
     if (gpmctx->fd == -1) {
         ret = gpm_open_socket(gpmctx);
     }
 -- 
 2.8.1
--- a/gssproxy.spec
+++ b/gssproxy.spec
@ -1,6 +1,6 @@
 Name:		gssproxy
-Version:	0.5.1
+Version:	0.6.0
-Release:	3%{?dist}
+Release:	1%{?dist}
 Summary:	GSSAPI Proxy
 Group:		System Environment/Libraries
@ -44,6 +44,13 @@ BuildRequires: popt-devel
 BuildRequires: findutils
 BuildRequires: systemd-units
 # Tests stuff
 # BuildRequires: openldap-clients
 # BuildRequires: openldap-servers
 # BuildRequires: krb5-server-ldap
 # BuildRequires: valgrind
 # BuildRequires: socket_wrapper
 # BuildRequires: nss_wrapper
 %description
 A proxy for GSSAPI credential handling
@ -65,6 +72,9 @@ autoreconf -f -i
 make %{?_smp_mflags} all
 make test_proxymech
 # %check
 # make check
 %install
 rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
@ -109,6 +119,9 @@ rm -rf %{buildroot}
 %systemd_postun_with_restart gssproxy.service
 %changelog
 * Wed Jan 18 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.0-1
 - New upstream release v0.6.0
 * Tue Sep 27 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-3
 - Adjust libverto dependency to not use a specific backend
 - Resolves: #1379812
--- a/2
+++ b/2
@ -1 +1 @@
-1d19da2c2fa4cd07d1200439019b7251  gssproxy-0.5.1.tar.gz
+SHA512 (gssproxy-0.6.0.tar.gz) = 6df20703b6fa0c19df61ef08505e54b0b4f5e9464c8112f2d0dc22b8c182f78a8e2bd02bb92158dbbb3a9eb2b04bae3e070d4f55956577f49ee2c1aa241a0617
`@ -1 +1 @@`
	`1d19da2c2fa4cd07d1200439019b7251 gssproxy-0.5.1.tar.gz`	`SHA512 (gssproxy-0.6.0.tar.gz) = 6df20703b6fa0c19df61ef08505e54b0b4f5e9464c8112f2d0dc22b8c182f78a8e2bd02bb92158dbbb3a9eb2b04bae3e070d4f55956577f49ee2c1aa241a0617`