rpms/krb5/devel krb5-1.6.1-pam.patch,1.4,1.5
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Sep 11 14:11:26 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3380
Modified Files:
krb5-1.6.1-pam.patch
Log Message:
- ftpd: also do PAM management for clients who use strong authentication
krb5-1.6.1-pam.patch:
Index: krb5-1.6.1-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5-1.6.1-pam.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- krb5-1.6.1-pam.patch 17 Jul 2007 21:02:32 -0000 1.4
+++ krb5-1.6.1-pam.patch 11 Sep 2007 14:11:22 -0000 1.5
@@ -825,7 +825,24 @@
#include <grp.h>
#include <setjmp.h>
#ifndef POSIX_SETJMP
-@@ -903,6 +906,10 @@ end_login()
+@@ -803,6 +807,16 @@
+ }
+ #endif /* KRB5_KRB4_COMPAT */
+
++#ifdef USE_PAM
++ if (appl_pam_enabled(kcontext, "ftpd")) {
++ if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
++ pw->pw_name, "",
++ FTP_PAM_SERVICE) != 0) {
++ reply(530, "Login incorrect.");
++ return;
++ }
++ }
++#endif
+ if (!authorized && authlevel == AUTHLEVEL_AUTHORIZE) {
+ strncat(buf, "; Access denied.",
+ sizeof(buf) - strlen(buf) - 1);
+@@ -903,6 +916,10 @@ end_login()
(void) krb5_seteuid((uid_t)0);
if (logged_in)
pty_logwtmp(ttyline, "", "");
@@ -836,7 +853,7 @@
if (have_creds) {
#ifdef GSSAPI
krb5_cc_destroy(kcontext, ccache);
-@@ -1073,9 +1080,17 @@ pass(passwd)
+@@ -1073,9 +1090,17 @@ pass(passwd)
* kpass fails and the user has no local password
* kpass fails and the provided password doesn't match pw
*/
@@ -857,7 +874,7 @@
pw = NULL;
sleep(5);
if (++login_attempts >= 3) {
-@@ -1092,6 +1107,17 @@ pass(passwd)
+@@ -1092,6 +1117,17 @@ pass(passwd)
}
login_attempts = 0; /* this time successful */
@@ -875,7 +892,7 @@
login(passwd, 0);
return;
}
-@@ -1110,6 +1136,18 @@ login(passwd, logincode)
+@@ -1110,6 +1146,18 @@ login(passwd, logincode)
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
#endif
}
@@ -894,7 +911,7 @@
(void) krb5_setegid((gid_t)pw->pw_gid);
(void) initgroups(pw->pw_name, pw->pw_gid);
-@@ -2125,6 +2163,10 @@ dologout(status)
+@@ -2125,6 +2173,10 @@ dologout(status)
dest_tkt();
#endif
}
More information about the fedora-extras-commits
mailing list