Fix SPNEGO acceptor mech filtering
This commit is contained in:
Robbie Harwood
parent
0963a62bc3
commit
d370e2a431
32
Fix-SPNEGO-acceptor-mech-filtering.patch
Normal file
32
Fix-SPNEGO-acceptor-mech-filtering.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From b8a19522f0169be3b4a2f539e28c89755cd85d6f Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Thu, 21 May 2020 14:15:25 -0400
|
||||
Subject: [PATCH] Fix SPNEGO acceptor mech filtering
|
||||
|
||||
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
|
||||
accidentally changed the SPNEGO acceptor code to filter mechanisms by
|
||||
the obtainability of initiator credentials rather than acceptor
|
||||
credentials, when the default acceptor credential is used.
|
||||
|
||||
ticket: 8908 (new)
|
||||
tags: pullup
|
||||
target_version: 1.18-next
|
||||
|
||||
(cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
|
||||
---
|
||||
src/lib/gssapi/spnego/spnego_mech.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
index 8d36a05e8..255db6e30 100644
|
||||
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
||||
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
|
||||
+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
*return_token = NO_TOKEN_SEND;
|
||||
goto cleanup;
|
||||
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.18.1
|
||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
|
||||
# rharwood has trust path to signing key and verifies on check-in
|
||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
|
||||
@ -59,6 +59,7 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
|
||||
Patch17: Pass-gss_localname-through-SPNEGO.patch
|
||||
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
|
||||
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
|
||||
Patch20: Fix-SPNEGO-acceptor-mech-filtering.patch
|
||||
|
||||
License: MIT
|
||||
URL: https://web.mit.edu/kerberos/www/
|
||||
@ -631,6 +632,9 @@ exit 0
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
|
||||
%changelog
|
||||
* Fri May 22 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-6
|
||||
- Fix SPNEGO acceptor mech filtering
|
||||
|
||||
* Mon May 18 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-5
|
||||
- Fix typo ("in in") in the ksu man page
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user