Update includedir processing to match upstream

This commit is contained in:
Robbie Harwood 2018-06-07 12:37:24 -04:00
parent 6e3058a9c5
commit 6dd406494d
32 changed files with 370 additions and 108 deletions

View File

@ -1,4 +1,4 @@
From dd66546bde0bc868a9af2ac702c7466e7494b33b Mon Sep 17 00:00:00 2001
From dff5177801444307d19071fc4fac7de864fda92a Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 13 Jun 2015 16:04:53 -0400
Subject: [PATCH] Add ASN.1 encoders and decoders for SPAKE types

View File

@ -1,4 +1,4 @@
From 9f69b78a93de5ae396eb96d2957f36f8b9dc7458 Mon Sep 17 00:00:00 2001
From c93112a19f73b9a984cabd320129ee8f70cb4823 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 12 Mar 2018 11:31:46 -0400
Subject: [PATCH] Add PKINIT KDC support for freshness token

View File

@ -1,4 +1,4 @@
From 0bc035db40c5badae3cc00f452560785a0cb0a44 Mon Sep 17 00:00:00 2001
From 5edc6de93196b4f07da6695a4b271a067000c84d Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 31 Jan 2017 17:02:34 -0500
Subject: [PATCH] Add PKINIT client support for freshness token

View File

@ -1,4 +1,4 @@
From b054d1d29e676600abd6fdd7a67a283c3c011f95 Mon Sep 17 00:00:00 2001
From f8f2cff0aba6ea7dd9b5fef89549aaff36ce4fee Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 25 Sep 2015 17:47:35 -0400
Subject: [PATCH] Add SPAKE preauth support

View File

@ -1,4 +1,4 @@
From 0ff94a373749e83fb9c2c5c6fa6d5788b2b63460 Mon Sep 17 00:00:00 2001
From c891e4bc54c8083a1af8d28aa9b12ab1177ebb9a Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Mar 2018 00:49:43 -0400
Subject: [PATCH] Add doc index entries for SPAKE constants

View File

@ -1,4 +1,4 @@
From f2402ea18c8587dab261cd724ef62fd7f6bcc8ec Mon Sep 17 00:00:00 2001
From 74e1079df0cc6e8932e487455177a69f782b863a Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 4 Jan 2018 14:35:12 -0500
Subject: [PATCH] Add k5_buf_add_vfmt to k5buf interface

View File

@ -0,0 +1,222 @@
From 9010a0dbf59771cb0a9c1e6fd5a18a92a1200ca7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 5 Jun 2018 14:01:05 -0400
Subject: [PATCH] Add k5_dir_filenames() to libkrb5support
Add a support function to get a list of filenames from a directory in
sorted order.
(cherry picked from commit 27534121eb39089ff4335d8b465027e9ba783682)
---
src/include/k5-platform.h | 7 +
src/util/support/Makefile.in | 3 +
src/util/support/dir_filenames.c | 135 ++++++++++++++++++
src/util/support/libkrb5support-fixed.exports | 2 +
4 files changed, 147 insertions(+)
create mode 100644 src/util/support/dir_filenames.c
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
index 07ef6a4ca..763408a09 100644
--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
@@ -44,6 +44,8 @@
* + constant time memory comparison
* + path manipulation
* + _, N_, dgettext, bindtextdomain (for localization)
+ * + getopt_long
+ * + fetching filenames from a directory
*/
#ifndef K5_PLATFORM_H
@@ -1148,4 +1150,9 @@ extern int k5_getopt_long(int nargc, char **nargv, char *options,
#define getopt_long k5_getopt_long
#endif /* HAVE_GETOPT_LONG */
+/* Set *fnames_out to a null-terminated list of filenames within dirname,
+ * sorted according to strcmp(). Return 0 on success, or ENOENT/ENOMEM. */
+int k5_dir_filenames(const char *dirname, char ***fnames_out);
+void k5_free_filenames(char **fnames);
+
#endif /* K5_PLATFORM_H */
diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
index caaf15822..4715e0391 100644
--- a/src/util/support/Makefile.in
+++ b/src/util/support/Makefile.in
@@ -85,6 +85,7 @@ STLIBOBJS= \
hex.o \
bcmp.o \
strerror_r.o \
+ dir_filenames.o \
$(GETTIMEOFDAY_ST_OBJ) \
$(IPC_ST_OBJ) \
$(STRLCPY_ST_OBJ) \
@@ -111,6 +112,7 @@ LIBOBJS= \
$(OUTPRE)hex.$(OBJEXT) \
$(OUTPRE)bcmp.$(OBJEXT) \
$(OUTPRE)strerror_r.$(OBJEXT) \
+ $(OUTPRE)dir_filenames.$(OBJEXT) \
$(GETTIMEOFDAY_OBJ) \
$(IPC_OBJ) \
$(STRLCPY_OBJ) \
@@ -147,6 +149,7 @@ SRCS=\
$(srcdir)/hex.c \
$(srcdir)/bcmp.c \
$(srcdir)/strerror_r.c \
+ $(srcdir)/dir_filenames.c \
$(srcdir)/t_utf8.c \
$(srcdir)/t_utf16.c \
$(srcdir)/getopt.c \
diff --git a/src/util/support/dir_filenames.c b/src/util/support/dir_filenames.c
new file mode 100644
index 000000000..9312b0238
--- /dev/null
+++ b/src/util/support/dir_filenames.c
@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/dir_filenames.c - fetch filenames in a directory */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+void
+k5_free_filenames(char **fnames)
+{
+ char **fn;
+
+ for (fn = fnames; fn != NULL && *fn != NULL; fn++)
+ free(*fn);
+ free(fnames);
+}
+
+/* Resize the filename list and add a name. */
+static int
+add_filename(char ***fnames, int *n_fnames, const char *name)
+{
+ char **newlist;
+
+ newlist = realloc(*fnames, (*n_fnames + 2) * sizeof(*newlist));
+ if (newlist == NULL)
+ return ENOMEM;
+ *fnames = newlist;
+ newlist[*n_fnames] = strdup(name);
+ if (newlist[*n_fnames] == NULL)
+ return ENOMEM;
+ (*n_fnames)++;
+ newlist[*n_fnames] = NULL;
+ return 0;
+}
+
+static int
+compare_with_strcmp(const void *a, const void *b)
+{
+ return strcmp(*(char **)a, *(char **)b);
+}
+
+#ifdef _WIN32
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+ char *wildcard;
+ WIN32_FIND_DATA ffd;
+ HANDLE handle;
+ char **fnames = NULL;
+ int n_fnames = 0;
+
+ *fnames_out = NULL;
+
+ if (asprintf(&wildcard, "%s\\*", dirname) < 0)
+ return ENOMEM;
+ handle = FindFirstFile(wildcard, &ffd);
+ free(wildcard);
+ if (handle == INVALID_HANDLE_VALUE)
+ return ENOENT;
+
+ do {
+ if (add_filename(&fnames, &n_fnames, &ffd.cFileName) != 0) {
+ k5_free_filenames(fnames);
+ FindClose(handle);
+ return ENOMEM;
+ }
+ } while (FindNextFile(handle, &ffd) != 0);
+
+ FindClose(handle);
+ qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+ *fnames_out = fnames;
+ return 0;
+}
+
+#else /* _WIN32 */
+
+#include <dirent.h>
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+ DIR *dir;
+ struct dirent *ent;
+ char **fnames = NULL;
+ int n_fnames = 0;
+
+ *fnames_out = NULL;
+
+ dir = opendir(dirname);
+ if (dir == NULL)
+ return ENOENT;
+
+ while ((ent = readdir(dir)) != NULL) {
+ if (add_filename(&fnames, &n_fnames, ent->d_name) != 0) {
+ k5_free_filenames(fnames);
+ closedir(dir);
+ return ENOMEM;
+ }
+ }
+
+ closedir(dir);
+ qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+ *fnames_out = fnames;
+ return 0;
+}
+
+#endif /* not _WIN32 */
diff --git a/src/util/support/libkrb5support-fixed.exports b/src/util/support/libkrb5support-fixed.exports
index a5e2ade04..16ed5a6c1 100644
--- a/src/util/support/libkrb5support-fixed.exports
+++ b/src/util/support/libkrb5support-fixed.exports
@@ -58,6 +58,8 @@ k5_path_split
k5_strerror_r
k5_utf8_to_utf16le
k5_utf16le_to_utf8
+k5_dir_filenames
+k5_free_filenames
krb5int_key_register
krb5int_key_delete
krb5int_getspecific

View File

@ -1,4 +1,4 @@
From c8992ad9dc0c7fc4d8bec3b9ecb129fe587d615e Mon Sep 17 00:00:00 2001
From 507b1aff60fdadc91ca7c56d39711049aeeb1e58 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 19 Feb 2018 00:51:44 -0500
Subject: [PATCH] Add libkrb5support hex functions and tests

View File

@ -1,4 +1,4 @@
From 5ed0331bd6bfd39b9c5ca40ec38d536221118998 Mon Sep 17 00:00:00 2001
From f8b14b92cc4c82578f8fc56dd1fddebe88120769 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 3 Feb 2018 20:53:42 -0500
Subject: [PATCH] Add vector support to k5_sha256()

View File

@ -1,4 +1,4 @@
From c98a6fc929b80dd8d221314e31903a9d5ee56295 Mon Sep 17 00:00:00 2001
From 2b9e79d58b28196dba5f7d3ff2f32ca577444ddc Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 31 Mar 2018 10:43:49 -0400
Subject: [PATCH] Be more careful asking for AS key in SPAKE client

View File

@ -1,4 +1,4 @@
From cb8f31e6bbf72e207b428d52c2fd9ed719bbec4f Mon Sep 17 00:00:00 2001
From 3bfe632c7011c335362d78356232507d9ee26f73 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 14 Mar 2018 14:31:22 -0400
Subject: [PATCH] Exit with status 0 from kadmind

View File

@ -1,4 +1,4 @@
From 3ea258c813de4c55a8979f019b716422b998e231 Mon Sep 17 00:00:00 2001
From 390c515e13dffc8c00b44623cba47e27c2f20cf7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Mar 2018 10:36:05 -0400
Subject: [PATCH] Fix SPAKE memory leak

View File

@ -1,4 +1,4 @@
From 6b8f7371e49c3aa636871bb4e2ea2d2e86c743de Mon Sep 17 00:00:00 2001
From 8b898badbe8051270c6da96f5c15f3bc8b6d974e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 26 Jan 2018 11:47:50 -0500
Subject: [PATCH] Fix hex conversion of PKINIT certid strings

View File

@ -1,4 +1,4 @@
From 20c25d4a2f78d8ab33d4879e1cf843e1fdb8a20b Mon Sep 17 00:00:00 2001
From 59a28991e15496e6f9cf867c32dc18e7e1062f59 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 15 Mar 2018 20:27:30 -0400
Subject: [PATCH] Fix read overflow in KDC sort_pa_data()

View File

@ -1,4 +1,4 @@
From 9c9ff189c16b16f848f2e85c1d262f12c6d5e922 Mon Sep 17 00:00:00 2001
From e405f42b532e377e7e3d654313a07f8c11f48f9a Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 3 Jan 2018 12:06:08 -0500
Subject: [PATCH] Fix securid_sam2 preauth for non-default salt

View File

@ -1,4 +1,4 @@
From d134cd489a6841f510b3efdf4ddcb283493655f0 Mon Sep 17 00:00:00 2001
From 617d153bb32d0bd7db33ccec21043d1113651f3a Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 18 Apr 2018 14:13:28 -0400
Subject: [PATCH] Fix segfault in finish_dispatch()

View File

@ -1,4 +1,4 @@
From e6945eee571b0ff776270dea52fb051b62aedabd Mon Sep 17 00:00:00 2001
From 3d651a6e234bed4c4d4865a56c5fa47dab89a5a6 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Mar 2018 11:12:39 -0400
Subject: [PATCH] Implement k5_buf_init_dynamic_zap

View File

@ -1,4 +1,4 @@
From 6f883193ddb63da0f29977e3b95a663321404546 Mon Sep 17 00:00:00 2001
From bbc68d1657306a61a7646dd7b9690f67705e24be Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 3 Jan 2018 11:59:14 -0500
Subject: [PATCH] Include etype-info in for hardware preauth hints

View File

@ -1,4 +1,4 @@
From 265d00ef6bb5469b2464d7813af8c37581338385 Mon Sep 17 00:00:00 2001
From b623881ec039bffc758f53906f7e4f9b884f1cf4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 15 Mar 2018 14:37:28 -0400
Subject: [PATCH] Include preauth name in trace output if possible

View File

@ -1,4 +1,4 @@
From 6b85df6c6f4bb0e61ba0913722317f4e2c3c23fc Mon Sep 17 00:00:00 2001
From 9dd3a84f324979c29e8ab4b472e98dfa73e6b290 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 7 May 2018 16:42:59 -0400
Subject: [PATCH] Log when non-root ksu authorization fails

View File

@ -1,4 +1,4 @@
From 56521276ff20bc05a61c6f070cb4dcab730ff6d6 Mon Sep 17 00:00:00 2001
From ee941a490268bb045ec7e153bdf229adcd6d2f73 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Mar 2018 10:54:29 -0400
Subject: [PATCH] Move zap() definition to k5-platform.h

View File

@ -1,78 +0,0 @@
From 88abb837d8a9ff12b71a848efbeaa9b9a009cc1f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 29 Jan 2018 12:10:53 +0100
Subject: [PATCH] Process included directories in alphabetical order
readdir() and FindFirstFile()/FindNextFile() do not define any
ordering on the entries they return. Use sorted scandir() instead on
Unix-likes.
(cherry picked from commit 4e8518baeedf376ae3e4ce302c9a138263d648df)
---
src/util/profile/prof_parse.c | 30 ++++++++++++++++++++----------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 1baceea9e..309c27d07 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -241,12 +241,18 @@ static int valid_name(const char *filename)
}
return 1;
}
+#ifndef _WIN32
+static int valid_name_scandir(const struct dirent *d)
+{
+ return valid_name(d->d_name);
+}
+#endif
/*
* Include files within dirname. Only files with names ending in ".conf", or
* consisting entirely of alphanumeric characters, dashes, and underscores are
* included. This restriction avoids including editor backup files, .rpmsave
- * files, and the like.
+ * files, and the like. Files are processed in alphanumeric order.
*/
static errcode_t parse_include_dir(const char *dirname,
struct profile_node *root_section)
@@ -287,18 +293,19 @@ cleanup:
#else /* not _WIN32 */
- DIR *dir;
char *pathname;
errcode_t retval = 0;
- struct dirent *ent;
+ struct dirent **namelist;
+ int num_ents, i;
- dir = opendir(dirname);
- if (dir == NULL)
+ num_ents = scandir(dirname, &namelist, &valid_name_scandir, &alphasort);
+ if (num_ents == -1)
return PROF_FAIL_INCLUDE_DIR;
- while ((ent = readdir(dir)) != NULL) {
- if (!valid_name(ent->d_name))
- continue;
- if (asprintf(&pathname, "%s/%s", dirname, ent->d_name) < 0) {
+
+ for (i = 0; i < num_ents; i++) {
+ retval = asprintf(&pathname, "%s/%s", dirname, namelist[i]->d_name);
+ free(namelist[i]);
+ if (retval < 0) {
retval = ENOMEM;
break;
}
@@ -307,7 +314,10 @@ cleanup:
if (retval)
break;
}
- closedir(dir);
+ for (i++; i < num_ents; i++)
+ free(namelist[i]);
+
+ free(namelist);
return retval;
#endif /* not _WIN32 */
}

View File

@ -0,0 +1,114 @@
From 5d868264bca1771aa16abbc8cc0aefb0e1750a73 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 6 Jun 2018 17:58:41 -0400
Subject: [PATCH] Process profile includedir in sorted order
In the profile library, use k5_dir_filenames() so that files within an
included directory are read in a predictable order (alphanumeric
within the C locale).
ticket: 8686
(cherry picked from commit f574eda48740ad192f51e9a382a205e2ea0e60ad)
---
doc/admin/conf_files/krb5_conf.rst | 4 ++-
src/util/profile/prof_parse.c | 56 +++++-------------------------
2 files changed, 12 insertions(+), 48 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 2574e5c26..ce545492d 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -60,7 +60,9 @@ alphanumeric characters, dashes, or underscores. Starting in release
1.15, files with names ending in ".conf" are also included, unless the
name begins with ".". Included profile files are syntactically
independent of their parents, so each included file must begin with a
-section header.
+section header. Starting in release 1.17, files are read in
+alphanumeric order; in previous releases, they may be read in any
+order.
The krb5.conf file can specify that configuration should be obtained
from a loadable module, rather than the file itself, using the
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 1baceea9e..531e4a099 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -246,59 +246,22 @@ static int valid_name(const char *filename)
* Include files within dirname. Only files with names ending in ".conf", or
* consisting entirely of alphanumeric characters, dashes, and underscores are
* included. This restriction avoids including editor backup files, .rpmsave
- * files, and the like.
+ * files, and the like. Files are processed in alphanumeric order.
*/
static errcode_t parse_include_dir(const char *dirname,
struct profile_node *root_section)
{
-#ifdef _WIN32
- char *wildcard = NULL, *pathname;
- WIN32_FIND_DATA ffd;
- HANDLE handle;
errcode_t retval = 0;
+ char **fnames, *pathname;
+ int i;
- if (asprintf(&wildcard, "%s\\*", dirname) < 0)
- return ENOMEM;
-
- handle = FindFirstFile(wildcard, &ffd);
- if (handle == INVALID_HANDLE_VALUE) {
- retval = PROF_FAIL_INCLUDE_DIR;
- goto cleanup;
- }
-
- do {
- if (!valid_name(ffd.cFileName))
- continue;
- if (asprintf(&pathname, "%s\\%s", dirname, ffd.cFileName) < 0) {
- retval = ENOMEM;
- break;
- }
- retval = parse_include_file(pathname, root_section);
- free(pathname);
- if (retval)
- break;
- } while (FindNextFile(handle, &ffd) != 0);
-
- FindClose(handle);
-
-cleanup:
- free(wildcard);
- return retval;
-
-#else /* not _WIN32 */
-
- DIR *dir;
- char *pathname;
- errcode_t retval = 0;
- struct dirent *ent;
-
- dir = opendir(dirname);
- if (dir == NULL)
+ if (k5_dir_filenames(dirname, &fnames) != 0)
return PROF_FAIL_INCLUDE_DIR;
- while ((ent = readdir(dir)) != NULL) {
- if (!valid_name(ent->d_name))
+
+ for (i = 0; fnames != NULL && fnames[i] != NULL; i++) {
+ if (!valid_name(fnames[i]))
continue;
- if (asprintf(&pathname, "%s/%s", dirname, ent->d_name) < 0) {
+ if (asprintf(&pathname, "%s/%s", dirname, fnames[i]) < 0) {
retval = ENOMEM;
break;
}
@@ -307,9 +270,8 @@ cleanup:
if (retval)
break;
}
- closedir(dir);
+ k5_free_filenames(fnames);
return retval;
-#endif /* not _WIN32 */
}
static errcode_t parse_line(char *line, struct parse_state *state,

View File

@ -1,4 +1,4 @@
From 276ecd7ba513ce0bfe5e51d6368e00476041a5b4 Mon Sep 17 00:00:00 2001
From 7c59b7ee063489a4259c34b725728fee7e411c46 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 21 Dec 2017 11:28:52 -0500
Subject: [PATCH] Refactor KDC krb5_pa_data utility functions

View File

@ -1,4 +1,4 @@
From bf6ffd35be7325db3447fec9bf95b626f43b6734 Mon Sep 17 00:00:00 2001
From 83da5675551dba13fee837adc26ce885a061dbc1 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 3 May 2018 14:40:45 -0400
Subject: [PATCH] Remove "-nodes" option from make-certs scripts

View File

@ -1,4 +1,4 @@
From 177cb167cfc151a1f58fb3e771cd29d0598f462f Mon Sep 17 00:00:00 2001
From 3b3e31316ae247e18ea22293dffbc8f604338fa7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 17 Mar 2018 22:47:34 -0400
Subject: [PATCH] Report extended errors in kinit -k -t KDB:

View File

@ -1,4 +1,4 @@
From 1e423ec03dbd65845a4aeb8999d130d3d6a0cdd7 Mon Sep 17 00:00:00 2001
From 70f41a8dafaadfb43aba4918564c22460f812dca Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 5 Apr 2018 16:23:34 -0400
Subject: [PATCH] Restrict pre-authentication fallback cases

View File

@ -1,4 +1,4 @@
From bd2f01d99b623be070c8bc8d660ca92c337147ae Mon Sep 17 00:00:00 2001
From 65f078dfc68f5680e87e686a59970291b64ebd95 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 11 Feb 2018 15:23:35 -0500
Subject: [PATCH] Simplify kdc_preauth.c systems table

View File

@ -1,4 +1,4 @@
From 0c2324e3f88f5ba3dbe7c9053017549f13e1f995 Mon Sep 17 00:00:00 2001
From c5df16a88027d7f9b6eb53b1c3fa949d6538616b Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Mar 2018 11:24:49 -0400
Subject: [PATCH] Use k5_buf_init_dynamic_zap where appropriate

View File

@ -1,4 +1,4 @@
From c7677e91fb406c7ec55cb115155ed0d4c5943b72 Mon Sep 17 00:00:00 2001
From 19109505ad04efdfd70df3ee922e22bcf5a294f3 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 19 Feb 2018 00:52:35 -0500
Subject: [PATCH] Use libkrb5support hex functions where appropriate

View File

@ -1,4 +1,4 @@
From 6f02200464dd484641639f2cb38b775d34af4bcd Mon Sep 17 00:00:00 2001
From 5d970e16e768a134e65ee7cf367b8f34a80e0980 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Mar 2018 15:42:28 -0400
Subject: [PATCH] Zap data when freeing krb5_spake_factor

View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.16.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 3%{?dist}
Release: 4%{?dist}
# lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -60,7 +60,6 @@ Patch33: krb5-1.13-dirsrv-accountlock.patch
Patch34: krb5-1.9-debuginfo.patch
Patch35: krb5-1.11-run_user_0.patch
Patch36: krb5-1.11-kpasswdtest.patch
Patch37: Process-included-directories-in-alphabetical-order.patch
Patch40: Fix-hex-conversion-of-PKINIT-certid-strings.patch
Patch41: Exit-with-status-0-from-kadmind.patch
Patch42: Include-etype-info-in-for-hardware-preauth-hints.patch
@ -89,6 +88,8 @@ Patch68: Restrict-pre-authentication-fallback-cases.patch
Patch69: Remove-nodes-option-from-make-certs-scripts.patch
Patch70: Fix-segfault-in-finish_dispatch.patch
Patch71: Log-when-non-root-ksu-authorization-fails.patch
Patch72: Add-k5_dir_filenames-to-libkrb5support.patch
Patch73: Process-profile-includedir-in-sorted-order.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -740,6 +741,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Thu Jun 07 2018 Robbie Harwood <rharwood@redhat.com> - 1.16.1-4
- Update includedir processing to match upstream
* Fri Jun 01 2018 Robbie Harwood <rharwood@redhat.com> - 1.16.1-3
- Log when non-root ksu authorization fails
- Resolves: #1575771