mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Fix client enrollment
Enable GSSAPI credentials delegation in xmlrpc-c/curl to fix client enrollment. The unconditional GSSAPI was previously dropped from curl because of CVE-2011-2192. https://fedorahosted.org/freeipa/ticket/1452
This commit is contained in:
parent
bb31d3df21
commit
a1c690cc02
@ -36,8 +36,18 @@ BuildRequires: openldap-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: krb5-workstation
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: xmlrpc-c-devel
|
||||
%if 0%{?fedora} >= 16
|
||||
BuildRequires: libcurl-devel >= 7.21.7-2
|
||||
BuildRequires: xmlrpc-c-devel >= 1.27.4
|
||||
%else
|
||||
%if 0%{?fedora} == 15
|
||||
BuildRequires: libcurl-devel >= 7.21.3-9
|
||||
BuildRequires: xmlrpc-c-devel >= 1.25.4
|
||||
%else
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: xmlrpc-c-devel
|
||||
%endif
|
||||
%endif
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -150,7 +160,18 @@ Requires: krb5-workstation
|
||||
Requires: authconfig
|
||||
Requires: pam_krb5
|
||||
Requires: wget
|
||||
%if 0%{?fedora} >= 16
|
||||
Requires: libcurl >= 7.21.7-2
|
||||
Requires: xmlrpc-c >= 1.27.4
|
||||
%else
|
||||
%if 0%{?fedora} == 15
|
||||
Requires: libcurl >= 7.21.3-9
|
||||
Requires: xmlrpc-c >= 1.25.4
|
||||
%else
|
||||
Requires: libcurl
|
||||
Requires: xmlrpc-c
|
||||
%endif
|
||||
%endif
|
||||
Requires: sssd >= 1.5.1
|
||||
Requires: certmonger >= 0.26
|
||||
Requires: nss-tools
|
||||
@ -514,6 +535,10 @@ fi
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
||||
|
||||
%changelog
|
||||
* Thu Aug 11 2011 Martin Kosek <mkosek@redhat.com> - 2.0.90-11
|
||||
- Set min nvr of xmlrpc-c and libcurl to make sure GSSAPI delegation
|
||||
support is in
|
||||
|
||||
* Tue Aug 2 2011 Endi S. Dewata <edewata@redhat.com> - 2.0.90-10
|
||||
- Add *.ico files
|
||||
|
||||
|
@ -149,11 +149,13 @@ callRPC(xmlrpc_env * const envP,
|
||||
curlXportParmsP->no_ssl_verifypeer = 1;
|
||||
curlXportParmsP->no_ssl_verifyhost = 1;
|
||||
curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
|
||||
/* Enable GSSAPI credentials delegation */
|
||||
curlXportParmsP->gssapi_delegation = 1;
|
||||
|
||||
clientparms.transport = "curl";
|
||||
clientparms.transportparmsP = (struct xmlrpc_xportparms *)
|
||||
curlXportParmsP;
|
||||
clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo);
|
||||
clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation);
|
||||
xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION,
|
||||
&clientparms, sizeof(clientparms),
|
||||
&clientP);
|
||||
|
Loading…
Reference in New Issue
Block a user