rpms/krb5/F-12 krb5.spec,1.225,1.226 krb5-1.7-pam.patch,1.4,1.5

Wed Mar 3 16:09:49 UTC 2010

Author: nalin

Update of /cvs/extras/rpms/krb5/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29800/F-12

Modified Files:
	krb5.spec krb5-1.7-pam.patch 
Log Message:
- fix a null pointer dereference and crash introduced in our PAM patch that
  would happen if ftpd was given the name of a user who wasn't known to the
  local system, limited to being triggerable by gssapi-authenticated clients by
  the default xinetd config (Olivier Fourdan, #569472)



Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-12/krb5.spec,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -p -r1.225 -r1.226

--- krb5.spec	2 Mar 2010 23:01:24 -0000	1.225
+++ krb5.spec	3 Mar 2010 16:09:48 -0000	1.226
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -223,6 +223,12 @@ to obtain initial credentials from a KDC
 certificate.
 
 %changelog
+* Wed Mar  3 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-4
+- fix a null pointer dereference and crash introduced in our PAM patch that
+  would happen if ftpd was given the name of a user who wasn't known to the
+  local system, limited to being triggerable by gssapi-authenticated clients by
+  the default xinetd config (Olivier Fourdan, #569472)
+
 * Tue Mar  2 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-3
 - fix a regression (not labeling a kdb database lock file correctly, #569902)
 

krb5-1.7-pam.patch:
 aclocal.m4                   |   83 ++++++++
 appl/bsd/Makefile.in         |   11 -
 appl/bsd/configure.in        |    1 
 appl/bsd/krshd.c             |   64 +++++-
 appl/bsd/login.c             |   61 ++++++
 appl/bsd/pam.c               |  433 +++++++++++++++++++++++++++++++++++++++++++
 appl/bsd/pam.h               |   65 ++++++
 appl/gssftp/configure.in     |    1 
 appl/gssftp/ftpd/Makefile.in |    8 
 appl/gssftp/ftpd/ftpd.c      |   72 ++++++-
 clients/ksu/Makefile.in      |    7 
 clients/ksu/main.c           |   75 +++++++
 config/pre.in                |    1 
 configure.in                 |    2 
 14 files changed, 862 insertions(+), 22 deletions(-)

Index: krb5-1.7-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-12/krb5-1.7-pam.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- krb5-1.7-pam.patch	21 Dec 2009 19:43:57 -0000	1.4
+++ krb5-1.7-pam.patch	3 Mar 2010 16:09:49 -0000	1.5
@@ -937,7 +937,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
 +#ifdef USE_PAM
 +		if (appl_pam_enabled(kcontext, "ftpd")) {
 +			if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
-+					       pw->pw_name, "",
++					       name, "",
 +					       hostname,
 +					       NULL,
 +					       FTP_PAM_SERVICE) != 0) {
@@ -971,7 +971,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
 -		if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
 -				   (want_creds || !*pw->pw_passwd ||
 -				    strcmp(xpasswd, pw->pw_passwd)))) {
-+		if ((pw == NULL) ||
++		if ((pw == NULL) || (
 +#ifdef USE_PAM
 +		    appl_pam_enabled(kcontext, "ftpd") ?
 +		    (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@@ -983,7 +983,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
 +		    (!kpass(pw->pw_name, passwd) &&
 +		     (want_creds ||
 +		      !*pw->pw_passwd ||
-+		      strcmp(xpasswd, pw->pw_passwd)))) {
++		      strcmp(xpasswd, pw->pw_passwd))))) {
  			pw = NULL;
  			sleep(5);
  			if (++login_attempts >= 3) {

