rpms/krb5/devel krb5-trunk-seqnum.patch, NONE, 1.1 krb5.spec, 1.149, 1.150
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Thu Jan 3 15:48:12 UTC 2008
- Previous message (by thread): rpms/textflow/F-8 textflow.desktop, NONE, 1.1 textflow.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/firefox/devel .cvsignore, 1.40, 1.41 firefox.spec, 1.225, 1.226 sources, 1.47, 1.48
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14177
Modified Files:
krb5.spec
Added Files:
krb5-trunk-seqnum.patch
Log Message:
- reference unapplied patch to fix password-changing with servers other than
the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
krb5-trunk-seqnum.patch:
--- NEW FILE krb5-trunk-seqnum.patch ---
Every KRB-PRIV message we generate to include as part of a password change
request we create (after the first one) will include sequence numbers which
look "wrong" to the recipient, because previously generating other KRB-PRIV
messages will mess with the counters in the auth_context. Because the
current code attempts to reuse auth_context structures (and changing that
would be more invasive), we'll just save the sequence number values as they
are after we build the AP-REQ, and restore them before generating requests.
Index: src/lib/krb5/os/changepw.c
===================================================================
--- src/lib/krb5/os/changepw.c (revision 20195)
+++ src/lib/krb5/os/changepw.c (working copy)
@@ -34,6 +34,7 @@
#include "k5-int.h"
#include "os-proto.h"
#include "cm.h"
+#include "../krb/auth_con.h"
#include <stdio.h>
#include <errno.h>
@@ -48,6 +49,7 @@
krb5_principal set_password_for;
char *newpw;
krb5_data ap_req;
+ krb5_ui_4 remote_seq_num, local_seq_num;
};
@@ -159,6 +161,9 @@
&local_kaddr, NULL)))
goto cleanup;
+ ctx->auth_context->remote_seq_number = ctx->remote_seq_num;
+ ctx->auth_context->local_seq_number = ctx->local_seq_num;
+
if (ctx->set_password_for)
code = krb5int_mk_setpw_req(ctx->context,
ctx->auth_context,
@@ -225,6 +230,9 @@
&callback_ctx.ap_req)))
goto cleanup;
+ callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number;
+ callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number;
+
do {
if ((code = krb5_locate_kpasswd(callback_ctx.context,
krb5_princ_realm(callback_ctx.context,
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- krb5.spec 2 Jan 2008 17:06:19 -0000 1.149
+++ krb5.spec 3 Jan 2008 15:47:35 -0000 1.150
@@ -92,6 +92,7 @@
Patch63: krb5-1.6.1-selinux-label.patch
Patch64: krb5-ok-as-delegate.patch
Patch68: krb5-trunk-spnego_delegation.patch
+Patch69: krb5-trunk-seqnum.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
@@ -224,10 +225,11 @@
%changelog
* Wed Jan 2 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-4
- some init script cleanups
- - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
+ - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242502)
- krb524: don't barf on missing database if it looks like we're using kldap,
same as for kadmin
- - return non-zero status for missing files which cause startup to fail
+ - return non-zero status for missing files which cause startup to
+ fail (#242502)
* Tue Dec 18 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-3
- allocate space for the nul-terminator in the local pathname when looking up
@@ -1278,6 +1280,7 @@
#%patch59 -p0 -b .kpasswd_tcp
#%patch64 -p0 -b .ok-as-delegate
#%patch68 -p0 -b .spnego_delegation
+#%patch69 -p0 -b .seqnum
cp src/krb524/README README.krb524
gzip doc/*.ps
- Previous message (by thread): rpms/textflow/F-8 textflow.desktop, NONE, 1.1 textflow.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/firefox/devel .cvsignore, 1.40, 1.41 firefox.spec, 1.225, 1.226 sources, 1.47, 1.48
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list