Changeset 1069
- Timestamp:
- Apr 8, 2009, 7:11:17 AM (16 years ago)
- Location:
- server
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/patches/krb5-kuserok-scripts.patch
r125 r1069 18 18 # See /COPYRIGHT in this repository for more information. 19 19 # 20 --- krb5-1. 4.3/src/lib/krb5/os/kuserok.c.old 2006-09-09 19:03:33.000000000 -040021 +++ krb5-1. 4.3/src/lib/krb5/os/kuserok.c 2006-09-09 19:50:48.000000000 -040020 --- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old 2009-04-08 06:17:06.000000000 -0400 21 +++ krb5-1.6.3/src/lib/krb5/os/kuserok.c 2009-04-08 06:17:18.000000000 -0400 22 22 @@ -31,6 +31,7 @@ 23 23 #if !defined(_WIN32) /* Not yet for Windows */ … … 28 28 #if defined(_AIX) && defined(_IBMR2) 29 29 #include <sys/access.h> 30 @@ - 64,7 +65,6 @@30 @@ -71,7 +72,6 @@ 31 31 { 32 32 struct stat sbuf; … … 36 36 FILE *fp; 37 37 char kuser[MAX_USERNAME]; 38 @@ -7 2,70 +72,35 @@38 @@ -79,70 +79,35 @@ 39 39 char linebuf[BUFSIZ]; 40 40 char *newline; … … 80 80 - free(princname); 81 81 - return(FALSE); 82 - } 82 + if ((pid = fork()) == -1) { 83 + free(princname); 84 + return(FALSE); 85 } 83 86 - if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { 84 87 - fclose(fp); 85 88 - free(princname); 86 89 - return(FALSE); 87 - } 90 + if (pid == 0) { 91 + char *args[4]; 92 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof" 93 + args[0] = ADMOF_PATH; 94 + args[1] = (char *) luser; 95 + args[2] = princname; 96 + args[3] = NULL; 97 + execv(ADMOF_PATH, args); 98 + exit(1); 99 } 88 100 - 89 101 - /* check each line */ … … 102 114 - if (!newline) 103 115 - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); 104 - }105 + if ((pid = fork()) == -1) {106 + free(princname);107 + return(FALSE);108 + }109 + if (pid == 0) {110 + char *args[4];111 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof"112 + args[0] = ADMOF_PATH;113 + args[1] = (char *) luser;114 + args[2] = princname;115 + args[3] = NULL;116 + execv(ADMOF_PATH, args);117 + exit(1);118 + }119 116 + if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) { 120 117 + isok=TRUE; 121 +}118 } 122 119 + 123 120 free(princname); -
server/fedora/specs/krb5.spec.patch
r956 r1069 1 --- krb5.spec.old 200 8-08-05 13:46:07.000000000 -04002 +++ krb5.spec 2009-0 1-27 21:30:00.000000000 -05001 --- krb5.spec.old 2009-04-08 06:26:23.000000000 -0400 2 +++ krb5.spec 2009-04-08 06:29:20.000000000 -0400 3 3 @@ -16,7 +16,7 @@ 4 4 Summary: The Kerberos network authentication system. … … 10 10 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar 11 11 Source0: krb5-%{version}.tar.gz 12 @@ -10 2,6 +102,8 @@13 Patch 78: krb5-1.6.3-lucid-acceptor.patch14 Patch 79: krb5-trunk-ftp_mget_case.patch12 @@ -105,6 +105,8 @@ 13 Patch82: krb5-CVE-2009-0846.patch 14 Patch83: krb5-CVE-2009-0847.patch 15 15 16 16 +Patch1000: krb5-kuserok-scripts.patch 17 17 + 18 License: MIT 18 License: MIT, freely distributable. 19 19 URL: http://web.mit.edu/kerberos/www/ 20 20 Group: System Environment/Libraries 21 @@ -14 3,6 +145,7 @@21 @@ -146,6 +148,7 @@ 22 22 Group: System Environment/Libraries 23 23 Prereq: grep, /sbin/ldconfig, sh-utils … … 27 27 %description libs 28 28 Kerberos is a network authentication system. The krb5-libs package 29 @@ -138 3,6 +1386,7 @@30 %patch 77 -p0 -b .2007-597131 %patch 78 -p0 -b .lucid_acceptor32 %patch 79 -p0 -b .ftp_mget_case29 @@ -1389,6 +1392,7 @@ 30 %patch81 -p1 -b .CVE-2009-0844-0845-2 31 %patch82 -p1 -b .CVE-2009-0846 32 %patch83 -p1 -b .CVE-2009-0847 33 33 +%patch1000 -p1 -b .kuserok 34 34 cp src/krb524/README README.krb524
Note: See TracChangeset
for help on using the changeset viewer.