rpms/ipa/devel Fix-install-with-krb-1.7.patch, NONE, 1.1 ipa.spec, 1.26, 1.27
rcritten
rcritten at fedoraproject.org
Tue May 4 21:57:52 UTC 2010
- Previous message: rpms/python-repoze-who/devel python-repoze-who.spec,1.3,1.4
- Next message: rpms/python-repoze-who/F-13 .cvsignore, 1.2, 1.3 python-repoze-who-setup.patch, 1.1, 1.2 python-repoze-who.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/extras/rpms/ipa/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv21195
Modified Files:
ipa.spec
Added Files:
Fix-install-with-krb-1.7.patch
Log Message:
Add patch to fix installation with krb5 1.7
Fix-install-with-krb-1.7.patch:
krbinstance.py | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 59 insertions(+), 3 deletions(-)
--- NEW FILE Fix-install-with-krb-1.7.patch ---
diff -uPr freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py
--- freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py 2009-09-09 15:41:27.000000000 -0400
+++ freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py 2009-11-24 12:11:41.589001023 -0500
@@ -344,12 +344,68 @@
self.__ldap_mod("pwd-extop-conf.ldif")
def __add_master_key(self):
+ #check for a keytab file by checking if the header magic is for a keytab
+ def __is_keytab(header):
+ if header == 0x0502 or header == 0x0501 or header == 0x0205 or header == 0x0105:
+ return 1
+ else:
+ return 0
+ #check whether a keytab file is v1 or v2
+ def __keytab_version(header):
+ if header == 0x0502 or header == 0x0205:
+ return 2
+ elif header == 0x0501 or header == 0x0105:
+ return 1
+ else:
+ return 0
#get the Master Key from the stash file
try:
stash = open("/var/kerberos/krb5kdc/.k5."+self.realm, "r")
keytype = struct.unpack('h', stash.read(2))[0]
- keylen = struct.unpack('i', stash.read(4))[0]
- keydata = stash.read(keylen)
+ if __is_keytab(keytype):
+ #in v2, all numbers are stored in network order
+ if __keytab_version(keytype) > 1:
+ __endian = '!'
+ else:
+ __endian = ''
+ #walk the first entry (there should only be one)
+ keyentrylen = struct.unpack(__endian + 'i', stash.read(4))[0]
+ #number of components in the principal name
+ keyprinccomps = struct.unpack(__endian + 'h', stash.read(2))[0]
+ #version 1 counted the realm as a component, version 2 doesn't
+ if __keytab_version(keytype) == 1:
+ keyprinccomps = keyprinccomps - 1
+ keyprinc = []
+ #read the components. the realm goes first, so we should
+ #end up with (realm, "K", "M")
+ for i in range(keyprinccomps + 1):
+ keyprinccompsize = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keyprinc = keyprinc + [stash.read(keyprinccompsize)]
+ #version 2 added the principal name type, otherwise we just
+ #assume it's a regular old principal name
+ if __keytab_version(keytype) > 1:
+ keyprinctype = struct.unpack(__endian + 'i', stash.read(4))[0]
+ else:
+ keyprinctype = 1
+ #date the key was added to this keytab
+ keydate = struct.unpack(__endian + 'i', stash.read(4))[0]
+ #kvno
+ keyversion = struct.unpack('B', stash.read(1))[0]
+ #read the real enctype
+ keytype = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keylen = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keydata = stash.read(keylen)
+ #check that we parsed the whole file, so no surprises
+ keyoffset = stash.tell()
+ stash.seek(0,2)
+ if stash.tell() != keyoffset:
+ logging.critical("Unexpected unprocessed data in Stash file (processed %ld bytes, %ld left)." % (keyoffset, stash.tell() - keyoffset))
+ else:
+ keyversion = 1
+ keyprinctype = 1
+ keyprinc = [self.realm,"K","M"]
+ keylen = struct.unpack('i', stash.read(4))[0]
+ keydata = stash.read(keylen)
except os.error:
logging.critical("Failed to retrieve Master Key from Stash file: %s")
#encode it in the asn.1 attribute
@@ -357,7 +413,7 @@
MasterKey.setComponentByPosition(0, univ.Integer(keytype))
MasterKey.setComponentByPosition(1, univ.OctetString(keydata))
krbMKey = univ.Sequence()
- krbMKey.setComponentByPosition(0, univ.Integer(0)) #we have no kvno
+ krbMKey.setComponentByPosition(0, univ.Integer(keyversion))
krbMKey.setComponentByPosition(1, MasterKey)
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
Index: ipa.spec
===================================================================
RCS file: /cvs/extras/rpms/ipa/devel/ipa.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- ipa.spec 18 Jan 2010 18:12:53 -0000 1.26
+++ ipa.spec 4 May 2010 21:57:51 -0000 1.27
@@ -6,7 +6,7 @@
Name: ipa
Version: 1.2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -14,7 +14,9 @@ License: GPLv2
URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch1: ipa-schema.patch
+
+Patch01: Fix-install-with-krb-1.7.patch
+Patch02: ipa-schema.patch
BuildRequires: fedora-ds-base-devel >= 1.1.3
BuildRequires: mozldap-devel
@@ -193,7 +195,8 @@ administering radius authentication sett
%prep
%setup -n freeipa-%{version} -q
-%patch1 -p1
+%patch01 -p1 -b .stash-as-keytab
+%patch02 -p1 -b .schema
%build
export CFLAGS="$CFLAGS %{optflags}"
@@ -474,6 +477,9 @@ fi
%{_sbindir}/ipa-modradiusprofile
%changelog
+* Tue May 4 2010 Rob Crittenden <rcritten at redhat.com> - 1.2.2-3
+- Add patch to fix installation with krb5 1.7
+
* Wed Sep 9 2009 Rob Crittenden <rcritten at redhat.com> - 1.2.2-2
- Add patch to explicitly pull schema attributes (BZ #544927)
- Previous message: rpms/python-repoze-who/devel python-repoze-who.spec,1.3,1.4
- Next message: rpms/python-repoze-who/F-13 .cvsignore, 1.2, 1.3 python-repoze-who-setup.patch, 1.1, 1.2 python-repoze-who.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list