rpms/tog-pegasus
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix local-or-remote-auth patch to work with IPv6, Distribute modified access.conf file to conform README.RedHat.Security

Browse Source
This commit is contained in:
Vitezslav Crhonek 2012-10-16 15:42:59 +02:00
parent 88c642bdff
commit c8d927d584
2 changed files with 137 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
pegasus-2.9.0-local-or-remote-auth.patch
View File

@ -1,12 +1,23 @@
diff -up pegasus/src/Executor/PAMAuth.h.local-or-remote-auth pegasus/src/Executor/PAMAuth.h diff -up pegasus/src/Executor/Messages.h.orig pegasus/src/Executor/Messages.h
--- pegasus/src/Executor/PAMAuth.h.local-or-remote-auth 2009-12-15 11:52:33.000000000 +0100 --- pegasus/src/Executor/Messages.h.orig 2012-10-16 14:53:31.124376018 +0200
+++ pegasus/src/Executor/PAMAuth.h 2011-05-19 14:26:12.849499761 +0200 +++ pegasus/src/Executor/Messages.h 2012-10-16 14:53:50.642434211 +0200
@@ -199,6 +199,7 @@ struct ExecutorAuthenticatePasswordReque
{
char username[EXECUTOR_BUFFER_SIZE];
char password[EXECUTOR_BUFFER_SIZE];
+ Boolean isRemoteUser;
};
struct ExecutorAuthenticatePasswordResponse
diff -up pegasus/src/Executor/PAMAuth.h.orig pegasus/src/Executor/PAMAuth.h
--- pegasus/src/Executor/PAMAuth.h.orig 2009-12-15 11:52:33.000000000 +0100
+++ pegasus/src/Executor/PAMAuth.h 2012-10-16 14:54:10.162493458 +0200
@@ -49,6 +49,9 @@ @@ -49,6 +49,9 @@
#include <Executor/Defines.h> #include <Executor/Defines.h>
#include <Executor/Socket.h> #include <Executor/Socket.h>
+#include <syslog.h> +#include <syslog.h>
+typedef int Boolean; +typedef bool Boolean;
+ +
#ifdef PEGASUS_FLAVOR #ifdef PEGASUS_FLAVOR
# define PAM_CONFIG_FILE "wbem" PEGASUS_FLAVOR # define PAM_CONFIG_FILE "wbem" PEGASUS_FLAVOR
@ -128,21 +139,21 @@ diff -up pegasus/src/Executor/PAMAuth.h.local-or-remote-auth pegasus/src/Executo
#endif #endif
} }
diff -up pegasus/src/Executor/Parent.c.local-or-remote-auth pegasus/src/Executor/Parent.c diff -up pegasus/src/Executor/Parent.c.orig pegasus/src/Executor/Parent.c
--- pegasus/src/Executor/Parent.c.local-or-remote-auth 2011-05-19 14:26:49.662347923 +0200 --- pegasus/src/Executor/Parent.c.orig 2011-05-19 08:50:25.000000000 +0200
+++ pegasus/src/Executor/Parent.c 2011-05-19 14:44:30.248822405 +0200 +++ pegasus/src/Executor/Parent.c 2012-10-16 14:55:47.731794152 +0200
@@ -635,7 +635,7 @@ static void HandleAuthenticatePasswordRe @@ -633,7 +633,7 @@ static void HandleAuthenticatePasswordRe
#if defined(PEGASUS_PAM_AUTHENTICATION) #if defined(PEGASUS_PAM_AUTHENTICATION)
- if (PAMAuthenticate(request.username, request.password) != 0) - if (PAMAuthenticate(request.username, request.password) != 0)
+ if (PAMAuthenticate(request.username, request.password, 0) != 0) + if (PAMAuthenticate(request.username, request.password, request.isRemoteUser) != 0)
{ {
status = -1; status = -1;
break; break;
diff -up pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.local-or-remote-auth pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c diff -up pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c
--- pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.local-or-remote-auth 2011-05-19 15:34:25.895309730 +0200 --- pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig 2008-12-02 10:00:15.000000000 +0100
+++ pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c 2011-05-19 15:34:39.744506661 +0200 +++ pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c 2012-10-16 14:33:21.159612909 +0200
@@ -49,7 +49,7 @@ int main() @@ -49,7 +49,7 @@ int main()
sprintf(prompt, "Enter password for %s: ", PEGASUS_CIMSERVERMAIN_USER); sprintf(prompt, "Enter password for %s: ", PEGASUS_CIMSERVERMAIN_USER);
pw = getpass(prompt); pw = getpass(prompt);
@ -152,9 +163,9 @@ diff -up pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.local-or-remot
printf("Correct password\n"); printf("Correct password\n");
else else
printf("Wrong password\n"); printf("Wrong password\n");
diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h.local-or-remote-auth pegasus/src/Pegasus/Common/AuthenticationInfo.h diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig pegasus/src/Pegasus/Common/AuthenticationInfo.h
--- pegasus/src/Pegasus/Common/AuthenticationInfo.h.local-or-remote-auth 2008-12-16 19:55:59.000000000 +0100 --- pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig 2008-12-16 19:55:59.000000000 +0100
+++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2011-05-19 14:26:12.849499761 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2012-10-16 14:33:21.160612914 +0200
@@ -354,6 +354,22 @@ public: @@ -354,6 +354,22 @@ public:
return _rep->getRemotePrivilegedUserAccessChecked(); return _rep->getRemotePrivilegedUserAccessChecked();
} }
@ -178,9 +189,9 @@ diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h.local-or-remote-auth pe
private: private:
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep) AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.local-or-remote-auth pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.local-or-remote-auth 2010-07-28 16:37:52.000000000 +0200 --- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig 2010-07-28 16:37:52.000000000 +0200
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2011-05-19 14:26:12.850499919 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2012-10-16 14:33:21.160612914 +0200
@@ -46,7 +46,8 @@ const String AuthenticationInfoRep::AUTH @@ -46,7 +46,8 @@ const String AuthenticationInfoRep::AUTH
AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag) AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag)
@ -208,9 +219,9 @@ diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.local-or-remote-au
void AuthenticationInfoRep::setConnectionAuthenticated( void AuthenticationInfoRep::setConnectionAuthenticated(
Boolean connectionAuthenticated) Boolean connectionAuthenticated)
{ {
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.local-or-remote-auth pegasus/src/Pegasus/Common/AuthenticationInfoRep.h diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.h
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.local-or-remote-auth 2008-12-16 19:55:59.000000000 +0100 --- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig 2008-12-16 19:55:59.000000000 +0100
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2011-05-19 14:26:12.851500077 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2012-10-16 14:33:21.160612914 +0200
@@ -147,6 +147,13 @@ public: @@ -147,6 +147,13 @@ public:
void setSecurityAssociation(); void setSecurityAssociation();
#endif #endif
@ -233,9 +244,9 @@ diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.local-or-remote-auth
}; };
PEGASUS_NAMESPACE_END PEGASUS_NAMESPACE_END
diff -up pegasus/src/Pegasus/Common/Executor.cpp.local-or-remote-auth pegasus/src/Pegasus/Common/Executor.cpp diff -up pegasus/src/Pegasus/Common/Executor.cpp.orig pegasus/src/Pegasus/Common/Executor.cpp
--- pegasus/src/Pegasus/Common/Executor.cpp.local-or-remote-auth 2010-10-29 07:29:50.000000000 +0200 --- pegasus/src/Pegasus/Common/Executor.cpp.orig 2010-10-29 07:29:50.000000000 +0200
+++ pegasus/src/Pegasus/Common/Executor.cpp 2011-05-19 14:26:12.852500235 +0200 +++ pegasus/src/Pegasus/Common/Executor.cpp 2012-10-16 14:57:10.260055467 +0200
@@ -126,7 +126,8 @@ public: @@ -126,7 +126,8 @@ public:
virtual int authenticatePassword( virtual int authenticatePassword(
@ -270,7 +281,15 @@ diff -up pegasus/src/Pegasus/Common/Executor.cpp.local-or-remote-auth pegasus/sr
{ {
AutoMutex autoMutex(_mutex); AutoMutex autoMutex(_mutex);
@@ -1173,10 +1176,11 @@ int Executor::reapProviderAgent( @@ -922,6 +925,7 @@ public:
memset(&request, 0, sizeof(request));
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);
Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE);
+ request.isRemoteUser = isRemoteUser;
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))
return -1;
@@ -1173,10 +1177,11 @@ int Executor::reapProviderAgent(
int Executor::authenticatePassword( int Executor::authenticatePassword(
const char* username, const char* username,
@ -284,9 +303,9 @@ diff -up pegasus/src/Pegasus/Common/Executor.cpp.local-or-remote-auth pegasus/sr
} }
int Executor::validateUser( int Executor::validateUser(
diff -up pegasus/src/Pegasus/Common/Executor.h.local-or-remote-auth pegasus/src/Pegasus/Common/Executor.h diff -up pegasus/src/Pegasus/Common/Executor.h.orig pegasus/src/Pegasus/Common/Executor.h
--- pegasus/src/Pegasus/Common/Executor.h.local-or-remote-auth 2010-10-29 07:29:50.000000000 +0200 --- pegasus/src/Pegasus/Common/Executor.h.orig 2010-10-29 07:29:50.000000000 +0200
+++ pegasus/src/Pegasus/Common/Executor.h 2011-05-19 14:26:12.853500393 +0200 +++ pegasus/src/Pegasus/Common/Executor.h 2012-10-16 14:33:21.162612924 +0200
@@ -184,7 +184,8 @@ public: @@ -184,7 +184,8 @@ public:
*/ */
static int authenticatePassword( static int authenticatePassword(
@ -297,16 +316,16 @@ diff -up pegasus/src/Pegasus/Common/Executor.h.local-or-remote-auth pegasus/src/
/** Check whether the given user is valid for the underlying authentcation /** Check whether the given user is valid for the underlying authentcation
mechanism. mechanism.
diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp.local-or-remote-auth pegasus/src/Pegasus/Common/HTTPConnection.cpp diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig pegasus/src/Pegasus/Common/HTTPConnection.cpp
--- pegasus/src/Pegasus/Common/HTTPConnection.cpp.local-or-remote-auth 2011-04-19 12:39:52.000000000 +0200 --- pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig 2012-08-30 16:49:10.000000000 +0200
+++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2011-05-19 14:26:12.854500551 +0200 +++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2012-10-16 14:59:06.452439014 +0200
@@ -2295,6 +2295,30 @@ void HTTPConnection::_handleReadEvent() @@ -2305,6 +2305,70 @@ void HTTPConnection::_handleReadEvent()
message->contentLanguages = contentLanguages; message->contentLanguages = contentLanguages;
message->dest = _outputMessageQueue->getQueueId(); message->dest = _outputMessageQueue->getQueueId();
+ // Allow authenticators to differentiate Remote and Local users: + // Allow authenticators to differentiate Remote and Local users:
+ struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ... + struct sockaddr_storage sin_peer, sin_svr;
+ socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in); + socklen_t slen1 = sizeof (struct sockaddr_storage), slen2 = sizeof (struct sockaddr_storage);
+ uint32_t sock = _socket.get()->getSocket() ; + uint32_t sock = _socket.get()->getSocket() ;
+ memset(&sin_peer,'\0',slen1); + memset(&sin_peer,'\0',slen1);
+ memset(&sin_svr, '\0',slen2); + memset(&sin_svr, '\0',slen2);
@ -314,27 +333,67 @@ diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp.local-or-remote-auth pega
+ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 ) + ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 )
+ ) + )
+ { + {
+ if( sin_peer.sin_family == AF_INET ) + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "sin_peer.ss_family: %d",
+ sin_peer.ss_family));
+ if( sin_peer.ss_family == AF_INET )
+ { + {
+ if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) + struct sockaddr_in *s = (struct sockaddr_in *)&sin_peer;
+ if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent FROM localhost interface + // message was sent FROM localhost interface
+ message->isFromRemoteHost = false; + message->isFromRemoteHost = false;
+ } + }
+ if( sin_svr.sin_family == AF_INET ) + if( sin_peer.ss_family == AF_INET6 )
+ { + {
+ if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) + char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_peer;
+ static const unsigned char localhost_bytes[] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
+ inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr));
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "Peer IP address: %s",
+ straddr));
+ if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0)
+ // message was sent FROM localhost interface
+ message->isFromRemoteHost = false;
+ }
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "sin_svr.ss_family: %d",
+ sin_svr.ss_family));
+ if( sin_svr.ss_family == AF_INET )
+ {
+ struct sockaddr_in *s = (struct sockaddr_in *)&sin_svr;
+ if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent TO localhost interface
+ message->isFromRemoteHost = false;
+ }
+ if( sin_svr.ss_family == AF_INET6 )
+ {
+ char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_svr;
+ static const unsigned char localhost_bytes[] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
+ inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr));
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "svr IP address: %s",
+ straddr));
+ if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0)
+ // message was sent TO localhost interface + // message was sent TO localhost interface
+ message->isFromRemoteHost = false; + message->isFromRemoteHost = false;
+ } + }
+ } + }
+
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "isFromRemoteHost: %d",
+ message->isFromRemoteHost));
+ +
// //
// The _closeConnection method sets the _connectionClosePending flag. // The _closeConnection method sets the _connectionClosePending flag.
// If we are executing on the client side and the // If we are executing on the client side and the
diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp.local-or-remote-auth pegasus/src/Pegasus/Common/HTTPMessage.cpp diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig pegasus/src/Pegasus/Common/HTTPMessage.cpp
--- pegasus/src/Pegasus/Common/HTTPMessage.cpp.local-or-remote-auth 2011-01-25 13:10:21.000000000 +0100 --- pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig 2012-08-30 16:49:11.000000000 +0200
+++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2011-05-19 14:26:12.856500867 +0200 +++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2012-10-16 14:33:21.164612934 +0200
@@ -134,7 +134,8 @@ HTTPMessage::HTTPMessage( @@ -135,7 +135,8 @@ HTTPMessage::HTTPMessage(
authInfo(0), authInfo(0),
acceptLanguagesDecoded(false), acceptLanguagesDecoded(false),
contentLanguagesDecoded(false), contentLanguagesDecoded(false),
@ -344,9 +403,9 @@ diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp.local-or-remote-auth pegasus
{ {
if (cimException_) if (cimException_)
cimException = *cimException_; cimException = *cimException_;
diff -up pegasus/src/Pegasus/Common/HTTPMessage.h.local-or-remote-auth pegasus/src/Pegasus/Common/HTTPMessage.h diff -up pegasus/src/Pegasus/Common/HTTPMessage.h.orig pegasus/src/Pegasus/Common/HTTPMessage.h
--- pegasus/src/Pegasus/Common/HTTPMessage.h.local-or-remote-auth 2011-01-25 13:10:21.000000000 +0100 --- pegasus/src/Pegasus/Common/HTTPMessage.h.orig 2012-08-30 16:49:11.000000000 +0200
+++ pegasus/src/Pegasus/Common/HTTPMessage.h 2011-05-19 14:26:12.856500867 +0200 +++ pegasus/src/Pegasus/Common/HTTPMessage.h 2012-10-16 14:33:21.164612934 +0200
@@ -73,6 +73,7 @@ public: @@ -73,6 +73,7 @@ public:
ContentLanguageList contentLanguages; ContentLanguageList contentLanguages;
Boolean acceptLanguagesDecoded; Boolean acceptLanguagesDecoded;
@ -355,9 +414,9 @@ diff -up pegasus/src/Pegasus/Common/HTTPMessage.h.local-or-remote-auth pegasus/s
CIMException cimException; CIMException cimException;
bool binaryResponse; bool binaryResponse;
diff -up pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.local-or-remote-auth pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp diff -up pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp
--- pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.local-or-remote-auth 2010-10-29 07:29:50.000000000 +0200 --- pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig 2010-10-29 07:29:50.000000000 +0200
+++ pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp 2011-05-19 14:26:12.857501025 +0200 +++ pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp 2012-10-16 14:33:21.165612939 +0200
@@ -76,7 +76,7 @@ void testExecutorLoopbackImpl() @@ -76,7 +76,7 @@ void testExecutorLoopbackImpl()
#endif #endif
@ -376,9 +435,9 @@ diff -up pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.local-or-rem
PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1); PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1);
char challengeFilePath[EXECUTOR_BUFFER_SIZE]; char challengeFilePath[EXECUTOR_BUFFER_SIZE];
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.local-or-remote-auth 2009-08-07 07:43:31.000000000 +0200 --- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig 2009-08-07 07:43:31.000000000 +0200
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2011-05-19 14:26:12.858501183 +0200 +++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2012-10-16 14:33:21.165612939 +0200
@@ -153,7 +153,7 @@ Boolean BasicAuthenticationHandler::auth @@ -153,7 +153,7 @@ Boolean BasicAuthenticationHandler::auth
} }
authInfo->setRemotePrivilegedUserAccessChecked(); authInfo->setRemotePrivilegedUserAccessChecked();
@ -388,9 +447,9 @@ diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.
// Log audit message. // Log audit message.
PEG_AUDIT_LOG(logBasicAuthentication( PEG_AUDIT_LOG(logBasicAuthentication(
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.local-or-remote-auth 2008-12-16 19:57:08.000000000 +0100 --- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig 2008-12-16 19:57:08.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2011-05-19 14:26:12.858501183 +0200 +++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2012-10-16 14:33:21.165612939 +0200
@@ -65,7 +65,8 @@ public: @@ -65,7 +65,8 @@ public:
*/ */
virtual Boolean authenticate( virtual Boolean authenticate(
@ -401,9 +460,9 @@ diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.local-
/** Construct and return the HTTP Basic authentication challenge header /** Construct and return the HTTP Basic authentication challenge header
@return A string containing the authentication challenge header. @return A string containing the authentication challenge header.
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.local-or-remote-auth 2008-12-16 19:57:08.000000000 +0100 --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig 2008-12-16 19:57:08.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2011-05-19 14:26:12.859501341 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2012-10-16 14:33:21.166612944 +0200
@@ -53,7 +53,8 @@ public: @@ -53,7 +53,8 @@ public:
Boolean authenticate( Boolean authenticate(
@ -414,9 +473,9 @@ diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.loc
Boolean validateUser(const String& userName); Boolean validateUser(const String& userName);
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.local-or-remote-auth 2008-12-16 19:57:08.000000000 +0100 --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig 2008-12-16 19:57:08.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2011-05-19 14:26:12.859501341 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2012-10-16 14:33:21.166612944 +0200
@@ -73,7 +73,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti @@ -73,7 +73,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
Boolean PAMBasicAuthenticator::authenticate( Boolean PAMBasicAuthenticator::authenticate(
@ -427,9 +486,9 @@ diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.c
{ {
PEG_METHOD_ENTER(TRC_AUTHENTICATION, PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::authenticate()"); "PAMBasicAuthenticator::authenticate()");
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.local-or-remote-auth 2008-12-16 19:57:08.000000000 +0100 --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig 2008-12-16 19:57:08.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2011-05-19 14:26:12.860501499 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2012-10-16 14:33:21.166612944 +0200
@@ -64,13 +64,14 @@ PAMBasicAuthenticator::~PAMBasicAuthenti @@ -64,13 +64,14 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
Boolean PAMBasicAuthenticator::authenticate( Boolean PAMBasicAuthenticator::authenticate(
@ -447,9 +506,9 @@ diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.c
{ {
return false; return false;
} }
diff -up pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.local-or-remote-auth pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp diff -up pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp
--- pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.local-or-remote-auth 2009-04-17 16:39:31.000000000 +0200 --- pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig 2009-04-17 16:39:31.000000000 +0200
+++ pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp 2011-05-19 14:26:12.860501499 +0200 +++ pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp 2012-10-16 14:33:21.167612949 +0200
@@ -236,7 +236,7 @@ Boolean SecureBasicAuthenticator::authen @@ -236,7 +236,7 @@ Boolean SecureBasicAuthenticator::authen
if (Executor::detectExecutor() == 0) if (Executor::detectExecutor() == 0)
{ {
@ -459,10 +518,10 @@ diff -up pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cp
{ {
authenticated = true; authenticated = true;
} }
diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.local-or-remote-auth pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
--- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.local-or-remote-auth 2009-08-07 07:43:31.000000000 +0200 --- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig 2012-08-30 16:49:12.000000000 +0200
+++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2011-05-19 14:26:12.862501815 +0200 +++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2012-10-16 14:33:21.168612954 +0200
@@ -421,6 +421,9 @@ void HTTPAuthenticatorDelegator::handleH @@ -426,6 +426,9 @@ void HTTPAuthenticatorDelegator::handleH
Tracer::LEVEL3, Tracer::LEVEL3,
"HTTPAuthenticatorDelegator - Authentication processing start"); "HTTPAuthenticatorDelegator - Authentication processing start");

9
tog-pegasus.spec
View File

@ -8,7 +8,7 @@
Name: tog-pegasus Name: tog-pegasus
Version: %{major_ver}.0 Version: %{major_ver}.0
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 2 Epoch: 2
Summary: OpenPegasus WBEM Services for Linux Summary: OpenPegasus WBEM Services for Linux
@ -26,6 +26,8 @@ Source3: README.RedHat.SSL
Source4: tog-pegasus.tmpfiles Source4: tog-pegasus.tmpfiles
# 5: systemd service file # 5: systemd service file
Source5: tog-pegasus.service Source5: tog-pegasus.service
# 6: This file controls access to the Pegasus services by users with the PAM pam_access module
Source6: access.conf
# 1: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5011 # 1: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5011
# Removing insecure -rpath # Removing insecure -rpath
@ -195,6 +197,7 @@ rm -rf pegasus/
cp -fp %SOURCE1 doc cp -fp %SOURCE1 doc
cp -fp %SOURCE2 rpm cp -fp %SOURCE2 rpm
cp -fp %SOURCE3 doc cp -fp %SOURCE3 doc
cp -fp %SOURCE6 rpm
export PEGASUS_ROOT=%PEGASUS_RPM_ROOT export PEGASUS_ROOT=%PEGASUS_RPM_ROOT
export PEGASUS_HOME=%PEGASUS_RPM_HOME export PEGASUS_HOME=%PEGASUS_RPM_HOME
@ -437,6 +440,10 @@ fi
%changelog %changelog
* Tue Oct 16 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.12.0-2
- Fix local-or-remote-auth patch to work with IPv6
- Distribute modified access.conf file to conform README.RedHat.Security
* Tue Oct 09 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.12.0-1 * Tue Oct 09 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.12.0-1
- Update to upstream version 2.12.0 - Update to upstream version 2.12.0