- krb5_get_init_creds_password: check opte->flags instead of options->flags

when checking whether or not we get to use the prompter callback
    (#555875)
This commit is contained in:
Nalin Dahyabhai 2010-01-15 20:24:36 +00:00
parent 2baf72c02f
commit da536a5974
2 changed files with 21 additions and 1 deletions

14
krb5-1.7-opte.patch Normal file
View File

@ -0,0 +1,14 @@
Check opte->flags instead of options->flags, because we know that opte has
been initialized to the library defaults if options was NULL.
diff -up krb5-1.7/src/lib/krb5/krb/gic_pwd.c krb5-1.7/src/lib/krb5/krb/gic_pwd.c
--- krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-15 15:07:52.000000000 -0500
+++ krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-15 15:07:56.000000000 -0500
@@ -200,7 +200,7 @@ krb5_get_init_creds_password(krb5_contex
* to prompt. Prompting is only disabled if the option has been set
* and the value has been set to false.
*/
- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
+ if (!(opte->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
goto cleanup;
/* ok, we have an expired password. Give the user a few chances

View File

@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.7 Version: 1.7
Release: 19%{?dist} Release: 20%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -84,6 +84,7 @@ Patch91: krb5-1.7-spnego-deleg.patch
Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
Patch93: krb5-1.7-create_on_load.patch Patch93: krb5-1.7-create_on_load.patch
Patch94: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt Patch94: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt
Patch95: krb5-1.7-opte.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -222,6 +223,10 @@ to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%changelog %changelog
* Fri Jan 15 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-20
- krb5_get_init_creds_password: check opte->flags instead of options->flags
when checking whether or not we get to use the prompter callback (#555875)
* Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-19 * Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-19
- use portreserve to make sure the KDC can always bind to the kerberos-iv - use portreserve to make sure the KDC can always bind to the kerberos-iv
port, kpropd can always bind to the krb5_prop port, and that kadmind can port, kpropd can always bind to the krb5_prop port, and that kadmind can
@ -1556,6 +1561,7 @@ popd
%patch92 -p1 -b .2009-003 %patch92 -p1 -b .2009-003
%patch93 -p1 -b .create_on_load %patch93 -p1 -b .create_on_load
%patch94 -p0 -b .2009-004 %patch94 -p0 -b .2009-004
%patch95 -p1 -b .opte
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex