- pull up the change to make kpasswd's behavior better match the docs when
there's no ccache (#563431)
This commit is contained in:
Nalin Dahyabhai
parent
6a46621b1a
commit
33efa14da1
32
krb5-1.7.1-kpasswd_ccache.patch
Normal file
32
krb5-1.7.1-kpasswd_ccache.patch
Normal file
@ -0,0 +1,32 @@
|
||||
If we encounter any errors reading the user's principal name from the default
|
||||
ccache, fall back to the default of using the current user's name.
|
||||
--- krb5/src/clients/kpasswd/kpasswd.c
|
||||
+++ krb5/src/clients/kpasswd/kpasswd.c
|
||||
@@ -84,21 +84,23 @@ int main(int argc, char *argv[])
|
||||
exit(1);
|
||||
}
|
||||
} else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
|
||||
+ princ = NULL;
|
||||
+
|
||||
if (ret) {
|
||||
com_err(argv[0], ret, "opening default ccache");
|
||||
- exit(1);
|
||||
}
|
||||
+ else
|
||||
|
||||
if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
|
||||
com_err(argv[0], ret, "getting principal from ccache");
|
||||
- exit(1);
|
||||
}
|
||||
+ else
|
||||
|
||||
if ((ret = krb5_cc_close(context, ccache))) {
|
||||
com_err(argv[0], ret, "closing ccache");
|
||||
- exit(1);
|
||||
}
|
||||
- } else {
|
||||
+ }
|
||||
+ if (princ == NULL) {
|
||||
get_name_from_passwd_file(argv[0], context, &princ);
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.7.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -85,6 +85,7 @@ Patch93: krb5-1.7-create_on_load.patch
|
||||
Patch95: krb5-1.7-opte.patch
|
||||
Patch96: krb5-1.7-exp_warn.patch
|
||||
Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt
|
||||
Patch98: krb5-1.7.1-kpasswd_ccache.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -223,6 +224,10 @@ to obtain initial credentials from a KDC using a private key and a
|
||||
certificate.
|
||||
|
||||
%changelog
|
||||
* Wed Feb 17 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-3
|
||||
- pull up the change to make kpasswd's behavior better match the docs
|
||||
when there's no ccache (#563431)
|
||||
|
||||
* Tue Feb 16 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-2
|
||||
- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
|
||||
#566002)
|
||||
@ -1588,6 +1593,7 @@ popd
|
||||
%patch95 -p1 -b .opte
|
||||
%patch96 -p1 -b .exp_warn
|
||||
%patch97 -p1 -b .2010-001
|
||||
%patch98 -p1 -b .kpasswd-ccache
|
||||
gzip doc/*.ps
|
||||
|
||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
||||
|
||||
Loading…
Reference in New Issue
Block a user