ALT Linux repositórios
S: | 1.21.2-alt1 |
5.0: | 1.6.3-alt6.M50.2 |
4.1: | 1.6.3-alt3.M41.4 |
4.0: | 1.5.1-alt4.M40.5 |
+updates: | 1.5.1-alt4.M40.5 |
3.0: | 1.4.1-alt1 |
Group :: Sistema/Bibliotecas
RPM: krb5
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: krb5-1.18-alt-default_keytab_group.patch
Download
Download
diff --git a/krb5/src/build-tools/krb5-config.in b/krb5/src/build-tools/krb5-config.in
index f6184da..937b365 100755
--- a/krb5/src/build-tools/krb5-config.in
+++ b/krb5/src/build-tools/krb5-config.in
@@ -40,6 +40,7 @@ PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
DL_LIB='@DL_LIB@'
DEFCCNAME='@DEFCCNAME@'
DEFKTNAME='@DEFKTNAME@'
+DEFKTGROUP='@DEFKTGROUP@'
DEFCKTNAME='@DEFCKTNAME@'
LIBS='@LIBS@'
@@ -70,6 +71,9 @@ while test $# != 0; do
--defktname)
do_defktname=1
;;
+ --defktgroup)
+ do_defktgroup=1
+ ;;
--deps) # historically a no-op
;;
--exec-prefix)
@@ -120,7 +124,7 @@ done
if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a \
-z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a \
-z "$do_defccname" -a -z "$do_defktname" -a -z "$do_defcktname" -a \
- -z "$do_cflags" -a -z "$do_libs"; then
+ -z "$do_defktgroup" -a -z "$do_cflags" -a -z "$do_libs"; then
do_help=1
fi
@@ -136,6 +140,7 @@ if test -n "$do_help"; then
echo " [--exec-prefix] Kerberos installed exec_prefix"
echo " [--defccname] Show built-in default ccache name"
echo " [--defktname] Show built-in default keytab name"
+ echo " [--defktgroup] Show built-in default keytab group name"
echo " [--defcktname] Show built-in default client keytab name"
echo " [--cflags] Compile time CFLAGS"
echo " [--libs] List libraries required to link [LIBRARIES]"
@@ -193,6 +198,11 @@ if test -n "$do_defktname"; then
$all_exit
fi
+if test -n "$do_defktgroup"; then
+ echo "$DEFKTGROUP"
+ $all_exit
+fi
+
if test -n "$do_defcktname"; then
echo "$DEFCKTNAME"
$all_exit
diff --git a/krb5/src/configure.ac b/krb5/src/configure.ac
index 10f45eb..6640fef 100644
--- a/krb5/src/configure.ac
+++ b/krb5/src/configure.ac
@@ -1325,6 +1325,7 @@ AC_SUBST(OSX)
# krb5-config if we can, or fall back to hardcoded defaults.
AC_ARG_VAR(DEFCCNAME, [Default ccache name])
AC_ARG_VAR(DEFKTNAME, [Default keytab name])
+AC_ARG_VAR(DEFKTGROUP, [Default keytab group])
AC_ARG_VAR(DEFCKTNAME, [Default client keytab name])
AC_ARG_WITH([krb5-config],
AC_HELP_STRING([--with-krb5-config=PATH],
@@ -1361,15 +1362,21 @@ fi
if test "${DEFKTNAME+set}" != set; then
DEFKTNAME=FILE:/etc/krb5.keytab
fi
+if test "${DEFKTGROUP+set}" != set; then
+ DEFKTGROUP=_keytab
+fi
if test "${DEFCKTNAME+set}" != set; then
AX_RECURSIVE_EVAL($localstatedir, exp_localstatedir)
DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
fi
AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
+AC_MSG_NOTICE([Default keytab group name: $DEFKTGROUP])
AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name])
AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name])
+AC_DEFINE_UNQUOTED(DEFKTGROUP, ["$DEFKTGROUP"],
+ [Define to default keytab group name])
AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
[Define to default client keytab name])
diff --git a/krb5/src/lib/krb5/os/krbfileio.c b/krb5/src/lib/krb5/os/krbfileio.c
index 41cd40f..b490128 100644
--- a/krb5/src/lib/krb5/os/krbfileio.c
+++ b/krb5/src/lib/krb5/os/krbfileio.c
@@ -48,6 +48,11 @@ static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91";
# define OPEN_MODE_NOT_TRUSTWORTHY
#endif
+#include <sys/types.h>
+#include <errno.h>
+#include <grp.h>
+#define GETGRNAM_BUFFER_SIZE 1024
+
krb5_error_code
k5_create_secure_file(krb5_context context, const char *pathname)
{
@@ -58,6 +63,22 @@ k5_create_secure_file(krb5_context context, const char *pathname)
*/
fd = THREEPARAMOPEN(pathname, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ /*
+ * Change group and permisions for default keytab
+ */
+ if (fd > -1 && strncmp("FILE:", DEFKTNAME, 5) == 0 && strcmp(pathname, DEFKTNAME + 5) == 0) {
+ struct group grp, *grp_ptr;
+ char buffer[GETGRNAM_BUFFER_SIZE];
+ errno = 0;
+
+ if (getgrnam_r(DEFKTGROUP, &grp, buffer, GETGRNAM_BUFFER_SIZE, &grp_ptr) == 0) {
+ if (errno == 0 && grp_ptr != NULL) {
+ fchown(fd, -1, grp.gr_gid);
+ fchmod(fd, 0640);
+ }
+ }
+ }
+
#ifdef OPEN_MODE_NOT_TRUSTWORTHY
/*
* Some systems that support default acl inheritance do not
diff --git a/krb5/src/man/krb5-config.man b/krb5/src/man/krb5-config.man
index 2899808..e1d8ed5 100644
--- a/krb5/src/man/krb5-config.man
+++ b/krb5/src/man/krb5-config.man
@@ -33,7 +33,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.SH SYNOPSIS
.sp
\fBkrb5\-config\fP
-[\fB\-\fP\fB\-help\fP | \fB\-\fP\fB\-all\fP | \fB\-\fP\fB\-version\fP | \fB\-\fP\fB\-vendor\fP | \fB\-\fP\fB\-prefix\fP | \fB\-\fP\fB\-exec\-prefix\fP | \fB\-\fP\fB\-defccname\fP | \fB\-\fP\fB\-defktname\fP | \fB\-\fP\fB\-defcktname\fP | \fB\-\fP\fB\-cflags\fP | \fB\-\fP\fB\-libs\fP [\fIlibraries\fP]]
+[\fB\-\fP\fB\-help\fP | \fB\-\fP\fB\-all\fP | \fB\-\fP\fB\-version\fP | \fB\-\fP\fB\-vendor\fP | \fB\-\fP\fB\-prefix\fP | \fB\-\fP\fB\-exec\-prefix\fP | \fB\-\fP\fB\-defccname\fP | \fB\-\fP\fB\-defktname\fP | \fB\-\fP\fB\-defktgroup\fP | \fB\-\fP\fB\-defcktname\fP | \fB\-\fP\fB\-cflags\fP | \fB\-\fP\fB\-libs\fP [\fIlibraries\fP]]
.SH DESCRIPTION
.sp
krb5\-config tells the application programmer what flags to use to compile
@@ -67,6 +67,9 @@ prints the built\-in default credentials cache location.
\fB\-\fP\fB\-defktname\fP
prints the built\-in default keytab location.
.TP
+\fB\-\fP\fB\-defktgroup\fP
+prints the built\-in default keytab group name.
+.TP
\fB\-\fP\fB\-defcktname\fP
prints the built\-in default client (initiator) keytab location.
.TP