summaryrefslogtreecommitdiffstats
path: root/ipa-client
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-08-11 10:42:29 +0200
committerEndi S. Dewata <edewata@redhat.com>2011-08-11 22:07:16 +0000
commita1c690cc02a021bc400be00808dcf8463744c083 (patch)
tree9000e2da51e399cf278885609cf4438051e14496 /ipa-client
parentbb31d3df2190edef181799bf2c159f4c986fcece (diff)
downloadfreeipa-a1c690cc02a021bc400be00808dcf8463744c083.tar.gz
freeipa-a1c690cc02a021bc400be00808dcf8463744c083.tar.xz
freeipa-a1c690cc02a021bc400be00808dcf8463744c083.zip
Fix client enrollment
Enable GSSAPI credentials delegation in xmlrpc-c/curl to fix client enrollment. The unconditional GSSAPI was previously dropped from curl because of CVE-2011-2192. https://fedorahosted.org/freeipa/ticket/1452
Diffstat (limited to 'ipa-client')
-rw-r--r--ipa-client/ipa-join.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 95f2939cd..f6ca69367 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -149,11 +149,13 @@ callRPC(xmlrpc_env * const envP,
curlXportParmsP->no_ssl_verifypeer = 1;
curlXportParmsP->no_ssl_verifyhost = 1;
curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
+ /* Enable GSSAPI credentials delegation */
+ curlXportParmsP->gssapi_delegation = 1;
clientparms.transport = "curl";
clientparms.transportparmsP = (struct xmlrpc_xportparms *)
curlXportParmsP;
- clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo);
+ clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation);
xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION,
&clientparms, sizeof(clientparms),
&clientP);