rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix SPNEGO acceptor mech filtering

Browse Source
This commit is contained in:
Robbie Harwood 2020-05-22 13:28:09 -04:00
parent 0963a62bc3
commit d370e2a431
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Fix-SPNEGO-acceptor-mech-filtering.patch Normal file
View File

@ -0,0 +1,32 @@
From b8a19522f0169be3b4a2f539e28c89755cd85d6f Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 21 May 2020 14:15:25 -0400
Subject: [PATCH] Fix SPNEGO acceptor mech filtering
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
accidentally changed the SPNEGO acceptor code to filter mechanisms by
the obtainability of initiator credentials rather than acceptor
credentials, when the default acceptor credential is used.
ticket: 8908 (new)
tags: pullup
target_version: 1.18-next
(cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
---
src/lib/gssapi/spnego/spnego_mech.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 8d36a05e8..255db6e30 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
goto cleanup;
}
- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
if (ret != GSS_S_COMPLETE) {
*return_token = NO_TOKEN_SEND;
goto cleanup;

6
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.18.1 Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 5%{?dist} Release: 6%{?dist}
# rharwood has trust path to signing key and verifies on check-in # rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
@ -59,6 +59,7 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
Patch20: Fix-SPNEGO-acceptor-mech-filtering.patch
License: MIT License: MIT
URL: https://web.mit.edu/kerberos/www/ URL: https://web.mit.edu/kerberos/www/
@ -631,6 +632,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkadm5srv_mit.so.*
%changelog %changelog
* Fri May 22 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-6
- Fix SPNEGO acceptor mech filtering
* Mon May 18 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-5 * Mon May 18 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-5
- Fix typo ("in in") in the ksu man page - Fix typo ("in in") in the ksu man page