diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-08 16:47:14 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-08 16:47:14 +0000 |
| commit | 1605d32c4e6dd40f298bcedca67f4ed253fac0b8 (patch) | |
| tree | e4071e1e3cd5d8318226b422681a0c1c13678ca3 | |
| parent | 85f351a3886ff1e5eec77973d696fda5f7e55eb8 (diff) | |
| download | krb5-1605d32c4e6dd40f298bcedca67f4ed253fac0b8.tar.gz krb5-1605d32c4e6dd40f298bcedca67f4ed253fac0b8.tar.xz krb5-1605d32c4e6dd40f298bcedca67f4ed253fac0b8.zip | |
- pull up patch to get the client libraries to correctly perform password
changes over IPv6 (Sumit Bose, RT#6661)
| -rw-r--r-- | krb5-1.7.1-kpasswd_ipv6.patch | 75 | ||||
| -rw-r--r-- | krb5.spec | 6 |
2 files changed, 81 insertions, 0 deletions
diff --git a/krb5-1.7.1-kpasswd_ipv6.patch b/krb5-1.7.1-kpasswd_ipv6.patch new file mode 100644 index 0000000..16342b2 --- /dev/null +++ b/krb5-1.7.1-kpasswd_ipv6.patch @@ -0,0 +1,75 @@ +Get the client libraries to correctly attempt password changes when using IPv6, +tweaked to apply to older releases. Original patch by Sumit Bose, RT#6661 + +Index: src/lib/krb5/os/changepw.c +=================================================================== +--- src/lib/krb5/os/changepw.c (revision 23766) ++++ src/lib/krb5/os/changepw.c (revision 23767) +@@ -65,20 +65,23 @@ + int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM); + + code = krb5int_locate_server (context, realm, addrlist, +- locate_service_kpasswd, sockType, AF_INET); ++ locate_service_kpasswd, sockType, AF_UNSPEC); + + if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) { + code = krb5int_locate_server (context, realm, addrlist, + locate_service_kadmin, SOCK_STREAM, +- AF_INET); ++ AF_UNSPEC); + if (!code) { + /* Success with admin_server but now we need to change the + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ + int i; + for (i=0; i<addrlist->naddrs; i++) { + struct addrinfo *a = addrlist->addrs[i].ai; ++ krb5_ui_2 kpasswd_port = htons(DEFAULT_KPASSWD_PORT); + if (a->ai_family == AF_INET) +- sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); ++ sa2sin (a->ai_addr)->sin_port = kpasswd_port; ++ if (a->ai_family == AF_INET6) ++ sa2sin6 (a->ai_addr)->sin6_port = kpasswd_port; + if (sockType != SOCK_STREAM) + a->ai_socktype = sockType; + } +@@ -131,10 +134,16 @@ + /* some brain-dead OS's don't return useful information from + * the getsockname call. Namely, windows and solaris. */ + +- if (ss2sin(&local_addr)->sin_addr.s_addr != 0) { ++ if (local_addr.ss_family == AF_INET && ++ ss2sin(&local_addr)->sin_addr.s_addr != 0) { + local_kaddr.addrtype = ADDRTYPE_INET; + local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr); + local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr; ++ } else if (local_addr.ss_family == AF_INET6 && ++ ss2sin6(&local_addr)->sin6_addr.s6_addr != 0) { ++ local_kaddr.addrtype = ADDRTYPE_INET6; ++ local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr); ++ local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr; + } else { + krb5_address **addrs; + +@@ -278,9 +287,19 @@ + break; + } + +- remote_kaddr.addrtype = ADDRTYPE_INET; +- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); +- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; ++ if (remote_addr.ss_family == AF_INET) { ++ remote_kaddr.addrtype = ADDRTYPE_INET; ++ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); ++ remote_kaddr.contents = ++ (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; ++ } else if (remote_addr.ss_family == AF_INET6) { ++ remote_kaddr.addrtype = ADDRTYPE_INET6; ++ remote_kaddr.length = sizeof(ss2sin6(&remote_addr)->sin6_addr); ++ remote_kaddr.contents = ++ (krb5_octet *) &ss2sin6(&remote_addr)->sin6_addr; ++ } else { ++ break; ++ } + + if ((code = krb5_auth_con_setaddrs(callback_ctx.context, + callback_ctx.auth_context, @@ -86,6 +86,7 @@ Patch95: krb5-1.7-opte.patch Patch96: krb5-1.7-exp_warn.patch Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt Patch98: krb5-1.7.1-kpasswd_ccache.patch +Patch99: krb5-1.7.1-kpasswd_ipv6.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -224,6 +225,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Mon Mar 8 2010 Nalin Dahyabhai <nalin@redhat.com> +- pull up patch to get the client libraries to correctly perform password + changes over IPv6 (Sumit Bose, RT#6661) + * Wed Mar 3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-5 - fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasn't known to the @@ -1603,6 +1608,7 @@ popd %patch96 -p1 -b .exp_warn %patch97 -p1 -b .2010-001 %patch98 -p1 -b .kpasswd-ccache +%patch99 -p0 -b .kpasswd-ipv6 gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex |