Hello community, here is the log from the commit of package pam_krb5 for openSUSE:Factory checked in at Wed Aug 24 14:27:59 CEST 2011.
-------- --- pam_krb5/pam_krb5.changes 2011-03-01 17:43:01.000000000 +0100 +++ /mounts/work_src_done/STABLE/pam_krb5/pam_krb5.changes 2011-08-23 15:13:26.000000000 +0200 @@ -1,0 +2,27 @@ +Tue Aug 23 15:12:32 CEST 2011 - [email protected] + +- disable checks during build. Does not work reliable in the + buildservice + +------------------------------------------------------------------- +Sun Aug 21 15:17:26 UTC 2011 - [email protected] + +- update to version 2.3.13 + * don't bother creating a v5 ccache in "external" mode + * add a "trace" option to enable libkrb5 tracing, if available + * avoid trying to get password-change creds twice + * use an in-memory ccache when obtaining tokens using v5 creds + * turn off creds==session in "sshd" + * add a "validate_user_user" option to control trying to perform + user-to-user authentication to validate TGTs when a keytab is not + available + * add an "ignore_k5login" option to control whether or not the module + will use the krb5_kuserok() function to perform additional + authorization checks + * turn on validation by default - verify_ap_req_nofail controls how we + treat errors reading keytab files now + * add an "always_allow_localname" option when we can use + krb5_aname_to_localname() to second-guess the krb5_kuserok() check + * prefer krb5_change_password() to krb5_set_password() + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- pam_krb5-2.3.11-1.tar.bz2 New: ---- pam_krb5-2.3.13-1.tar.bz2 use-urandom-for-tests.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_krb5.spec ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -19,7 +19,7 @@ Name: pam_krb5 -BuildRequires: krb5-client krb5-devel krb5-server openssl-devel pam-devel +BuildRequires: klogd krb5-client krb5-devel krb5-server openssl-devel pam-devel %define PAM_RELEASE 1 License: BSD3c(or similar) ; LGPLv2.0+ Group: Productivity/Networking/Security @@ -30,8 +30,8 @@ Obsoletes: pam_krb5-64bit %endif # -Version: 2.3.11 -Release: 9 +Version: 2.3.13 +Release: 1 Summary: PAM Module for Kerberos Authentication Url: http://sourceforge.net/projects/pam-krb5/ Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2 @@ -43,6 +43,7 @@ Patch4: pam_krb5-2.3.1-switch-perms-on-refresh.dif Patch5: pam_krb5-2.2.3-1-setcred-assume-establish.dif Patch6: bug-641008_pam_krb5-2.3.11-setcred-log.diff +Patch7: use-urandom-for-tests.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -58,16 +59,22 @@ %patch4 -p1 %patch5 %patch6 -p1 +%patch7 -p1 %build CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE " \ ./configure --libdir=/%_lib/ \ --prefix=/usr \ --mandir=%{_mandir} \ - --with-os-distribution="openSUSE" + --with-os-distribution="openSUSE" \ + --with-default-use-shmem="sshd" \ + --with-default-external="sshd sshd-rekey gssftp" \ + --with-default-multiple-ccaches="su su-l" \ + --with-default-no-cred-session="sshd" make %{?jobs:-j%jobs} make -C po update-po -make check +# does not work in the buildservice +#make check %install make install DESTDIR=$RPM_BUILD_ROOT ++++++ bug-641008_pam_krb5-2.3.11-setcred-log.diff ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -1,7 +1,8 @@ -diff -ur pam_krb5-2.3.11-1.orig/src/auth.c pam_krb5-2.3.11-1/src/auth.c ---- pam_krb5-2.3.11-1.orig/src/auth.c 2010-09-21 15:58:10.021370000 +0200 -+++ pam_krb5-2.3.11-1/src/auth.c 2010-09-21 17:02:33.329265000 +0200 -@@ -522,13 +522,32 @@ +Index: pam_krb5-2.3.13-1/src/auth.c +=================================================================== +--- pam_krb5-2.3.13-1.orig/src/auth.c ++++ pam_krb5-2.3.13-1/src/auth.c +@@ -532,13 +532,32 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, PAM_KRB5_MAYBE_CONST char **argv) { @@ -28,18 +29,18 @@ + + if (options->debug) { + debug("pam_setcred (%s) called", -+ (flags & PAM_ESTABLISH_CRED)?"establish credential": -+ (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential": -+ (flags & PAM_REFRESH_CRED)?"refresh credential": -+ (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag"); -+ } ++ (flags & PAM_ESTABLISH_CRED)?"establish credential": ++ (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential": ++ (flags & PAM_REFRESH_CRED)?"refresh credential": ++ (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag"); ++ } if (flags & PAM_ESTABLISH_CRED) { + _pam_krb5_options_free(pamh, ctx, options); + krb5_free_context(ctx); - return pam_sm_open_session(pamh, flags, argc, argv); - } - if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) { -@@ -541,19 +560,29 @@ + return _pam_krb5_open_session(pamh, flags, argc, argv, + "pam_setcred(PAM_ESTABLISH_CRED)", + _pam_krb5_session_caller_setcred); +@@ -553,21 +572,31 @@ pam_sm_setcred(pam_handle_t *pamh, int f } saved_perms = NULL; @@ -50,7 +51,7 @@ - debug("looks unsafe - ignore refresh"); + if (options->debug) { + debug("looks unsafe - ignore refresh"); -+ } ++ } if (saved_perms != NULL) { _pam_krb5_restore_perms_r2e(saved_perms); } @@ -63,7 +64,9 @@ if (flags & PAM_DELETE_CRED) { + _pam_krb5_options_free(pamh, ctx, options); + krb5_free_context(ctx); - return pam_sm_close_session(pamh, flags, argc, argv); + return _pam_krb5_close_session(pamh, flags, argc, argv, + "pam_setcred(PAM_DELETE_CRED)", + _pam_krb5_session_caller_setcred); } warn("pam_setcred() called with no flags. Assume PAM_ESTABLISH_CRED"); + _pam_krb5_options_free(pamh, ctx, options); ++++++ pam_krb5-2.2.0-0.5-configure_ac.dif ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- configure.ac.orig +++ configure.ac -@@ -109,14 +109,14 @@ AC_SUBST(KRB5_BINDIR) +@@ -157,14 +157,14 @@ AC_SUBST(KRB5_BINDIR) AC_CHECK_LIB(resolv,main) KRB5_CFLAGS=`$KRB5_CONFIG --cflags krb5` KRB5_LIBS=`$KRB5_CONFIG --libs krb5` ++++++ pam_krb5-2.2.3-1-setcred-assume-establish.dif ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -2,9 +2,9 @@ =================================================================== --- src/auth.c.orig +++ src/auth.c -@@ -554,6 +554,6 @@ pam_sm_setcred(pam_handle_t *pamh, int f - if (flags & PAM_DELETE_CRED) { - return pam_sm_close_session(pamh, flags, argc, argv); +@@ -568,6 +568,6 @@ pam_sm_setcred(pam_handle_t *pamh, int f + "pam_setcred(PAM_DELETE_CRED)", + _pam_krb5_session_caller_setcred); } - warn("pam_setcred() called with no flags"); - return PAM_SERVICE_ERR; ++++++ pam_krb5-2.3.1-log-choise.dif ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -1,7 +1,7 @@ -Index: pam_krb5-2.3.7-1/src/acct.c +Index: pam_krb5-2.3.13-1/src/acct.c =================================================================== ---- pam_krb5-2.3.7-1.orig/src/acct.c -+++ pam_krb5-2.3.7-1/src/acct.c +--- pam_krb5-2.3.13-1.orig/src/acct.c ++++ pam_krb5-2.3.13-1/src/acct.c @@ -96,6 +96,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int krb5_free_context(ctx); return PAM_SERVICE_ERR; @@ -13,11 +13,11 @@ /* Get information about the user and the user's principal name. */ userinfo = _pam_krb5_user_info_init(ctx, user, options); -Index: pam_krb5-2.3.7-1/src/auth.c +Index: pam_krb5-2.3.13-1/src/auth.c =================================================================== ---- pam_krb5-2.3.7-1.orig/src/auth.c -+++ pam_krb5-2.3.7-1/src/auth.c -@@ -114,9 +114,10 @@ pam_sm_authenticate(pam_handle_t *pamh, +--- pam_krb5-2.3.13-1.orig/src/auth.c ++++ pam_krb5-2.3.13-1/src/auth.c +@@ -115,9 +115,10 @@ pam_sm_authenticate(pam_handle_t *pamh, return PAM_SERVICE_ERR; } if (options->debug) { @@ -30,7 +30,7 @@ _pam_krb5_set_init_opts(ctx, gic_options, options); /* Prompt for the password, as we might need to. */ -@@ -520,6 +521,11 @@ int +@@ -530,6 +531,11 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, PAM_KRB5_MAYBE_CONST char **argv) { @@ -40,12 +40,12 @@ + (flags & PAM_REFRESH_CRED)?"refresh credential": + (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag"); if (flags & PAM_ESTABLISH_CRED) { - return pam_sm_open_session(pamh, flags, argc, argv); - } -Index: pam_krb5-2.3.7-1/src/password.c + return _pam_krb5_open_session(pamh, flags, argc, argv, + "pam_setcred(PAM_ESTABLISH_CRED)", +Index: pam_krb5-2.3.13-1/src/password.c =================================================================== ---- pam_krb5-2.3.7-1.orig/src/password.c -+++ pam_krb5-2.3.7-1/src/password.c +--- pam_krb5-2.3.13-1.orig/src/password.c ++++ pam_krb5-2.3.13-1/src/password.c @@ -116,6 +116,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int krb5_free_context(ctx); return PAM_SERVICE_ERR; @@ -63,11 +63,11 @@ _pam_krb5_set_init_opts(ctx, gic_options, options); /* Get information about the user and the user's principal name. */ -Index: pam_krb5-2.3.7-1/src/session.c +Index: pam_krb5-2.3.13-1/src/session.c =================================================================== ---- pam_krb5-2.3.7-1.orig/src/session.c -+++ pam_krb5-2.3.7-1/src/session.c -@@ -101,6 +101,10 @@ pam_sm_open_session(pam_handle_t *pamh, +--- pam_krb5-2.3.13-1.orig/src/session.c ++++ pam_krb5-2.3.13-1/src/session.c +@@ -104,6 +104,10 @@ _pam_krb5_open_session(pam_handle_t *pam krb5_free_context(ctx); return PAM_SERVICE_ERR; } @@ -76,11 +76,11 @@ + options->realm); + } - /* Get information about the user and the user's principal name. */ - userinfo = _pam_krb5_user_info_init(ctx, user, options); -@@ -331,7 +335,10 @@ pam_sm_close_session(pam_handle_t *pamh, + /* If we're in a no-cred-session situation, return. */ + if ((!options->cred_session) && +@@ -358,7 +362,10 @@ _pam_krb5_close_session(pam_handle_t *pa krb5_free_context(ctx); - return PAM_SERVICE_ERR; + return PAM_SUCCESS; } - + if (options->debug) { ++++++ pam_krb5-2.3.1-switch-perms-on-refresh.dif ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:00.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:00.000000000 +0200 @@ -1,7 +1,7 @@ -Index: pam_krb5-2.3.10-3/src/auth.c +Index: pam_krb5-2.3.13-1/src/auth.c =================================================================== ---- pam_krb5-2.3.10-3.orig/src/auth.c -+++ pam_krb5-2.3.10-3/src/auth.c +--- pam_krb5-2.3.13-1.orig/src/auth.c ++++ pam_krb5-2.3.13-1/src/auth.c @@ -62,6 +62,7 @@ #include "items.h" #include "kuserok.h" @@ -9,8 +9,8 @@ +#include "perms.h" #include "options.h" #include "prompter.h" - #include "sly.h" -@@ -521,6 +522,7 @@ int + #include "session.h" +@@ -531,6 +532,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, PAM_KRB5_MAYBE_CONST char **argv) { @@ -18,8 +18,8 @@ notice("pam_setcred (%s) called", (flags & PAM_ESTABLISH_CRED)?"establish credential": (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential": -@@ -530,10 +532,22 @@ pam_sm_setcred(pam_handle_t *pamh, int f - return pam_sm_open_session(pamh, flags, argc, argv); +@@ -542,10 +544,22 @@ pam_sm_setcred(pam_handle_t *pamh, int f + _pam_krb5_session_caller_setcred); } if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) { + saved_perms = _pam_krb5_switch_perms_r2e(); @@ -43,10 +43,10 @@ return PAM_IGNORE; } } -Index: pam_krb5-2.3.10-3/src/perms.c +Index: pam_krb5-2.3.13-1/src/perms.c =================================================================== ---- pam_krb5-2.3.10-3.orig/src/perms.c -+++ pam_krb5-2.3.10-3/src/perms.c +--- pam_krb5-2.3.13-1.orig/src/perms.c ++++ pam_krb5-2.3.13-1/src/perms.c @@ -87,3 +87,49 @@ _pam_krb5_restore_perms(struct _pam_krb5 } return ret; @@ -97,10 +97,10 @@ + } + return ret; +} -Index: pam_krb5-2.3.10-3/src/perms.h +Index: pam_krb5-2.3.13-1/src/perms.h =================================================================== ---- pam_krb5-2.3.10-3.orig/src/perms.h -+++ pam_krb5-2.3.10-3/src/perms.h +--- pam_krb5-2.3.13-1.orig/src/perms.h ++++ pam_krb5-2.3.13-1/src/perms.h @@ -37,4 +37,7 @@ struct _pam_krb5_perms; struct _pam_krb5_perms *_pam_krb5_switch_perms(void); int _pam_krb5_restore_perms(struct _pam_krb5_perms *saved); ++++++ pam_krb5-2.3.11-1.tar.bz2 -> pam_krb5-2.3.13-1.tar.bz2 ++++++ ++++ 31543 lines of diff (skipped) ++++++ pam_krb5-LINGUAS.dif ++++++ --- /var/tmp/diff_new_pack.sPEtqY/_old 2011-08-24 14:26:01.000000000 +0200 +++ /var/tmp/diff_new_pack.sPEtqY/_new 2011-08-24 14:26:01.000000000 +0200 @@ -2,25 +2,17 @@ =================================================================== --- po/LINGUAS.orig +++ po/LINGUAS -@@ -15,3 +15,21 @@ ro - sr - sr@latin - sv +@@ -33,3 +33,13 @@ te + uk + zh_CN + zh_TW +ar +bg -+da +fi -+fr +hr -+ja +ka +km -+ko +nb +pt -+ru +th -+uk +wa -+zh_CN -+zh_TW ++++++ use-urandom-for-tests.dif ++++++ Index: pam_krb5-2.3.13-1/tests/testenv.sh.in =================================================================== --- pam_krb5-2.3.13-1.orig/tests/testenv.sh.in +++ pam_krb5-2.3.13-1/tests/testenv.sh.in @@ -72,7 +72,7 @@ fi test_kdcinitdb() { test -d @abs_builddir@/kdc || mkdir -p @abs_builddir@/kdc kdb5_util destroy -f 2> /dev/null > /dev/null - (echo .; echo .; echo .) | kdb5_util create -s 2> /dev/null > /dev/null + (echo .; echo .; echo .) | kdb5_util create -s -W 2> /dev/null > /dev/null $kadmin -q 'addpol -minlength 6 minimum_six' 2> /dev/null > /dev/null $kadmin -q 'ank -pw foo '$test_principal 2> /dev/null > /dev/null ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
