[krb5] update for 1.10
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Nov 15 17:47:55 UTC 2011
commit efdfc3a2447843d489c909923bbfe74f4fb83c1c
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Nov 9 18:44:22 2011 -0500
update for 1.10
...ux-label.patch => krb5-1.10-selinux-label.patch | 278 +++++++++++---------
1 files changed, 154 insertions(+), 124 deletions(-)
---
diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.10-selinux-label.patch
similarity index 74%
rename from krb5-1.9-selinux-label.patch
rename to krb5-1.10-selinux-label.patch
index 03e58c4..26460c0 100644
--- a/krb5-1.9-selinux-label.patch
+++ b/krb5-1.10-selinux-label.patch
@@ -31,9 +31,8 @@ The selabel APIs for looking up the context should be thread-safe (per
Red Hat #273081), so switching to using them instead of matchpathcon(),
which we used earlier, is some improvement.
-diff -up krb5-1.8/src/aclocal.m4.selinux-label krb5-1.8/src/aclocal.m4
---- krb5-1.8/src/aclocal.m4.selinux-label 2010-03-05 10:57:23.000000000 -0500
-+++ krb5-1.8/src/aclocal.m4 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/aclocal.m4
++++ krb5/src/aclocal.m4
@@ -103,6 +103,7 @@ AC_SUBST_FILE(libnodeps_frag)
dnl
KRB5_AC_PRAGMA_WEAK_REF
@@ -94,9 +93,8 @@ diff -up krb5-1.8/src/aclocal.m4.selinux-label krb5-1.8/src/aclocal.m4
+LIBS="$old_LIBS"
+AC_SUBST(SELINUX_LIBS)
+])dnl
-diff -up krb5-1.8/src/config/pre.in.selinux-label krb5-1.8/src/config/pre.in
---- krb5-1.8/src/config/pre.in.selinux-label 2010-03-05 10:57:23.000000000 -0500
-+++ krb5-1.8/src/config/pre.in 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/config/pre.in
++++ krb5/src/config/pre.in
@@ -180,6 +180,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@
LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
LDARGS = @LDARGS@
@@ -114,9 +112,8 @@ diff -up krb5-1.8/src/config/pre.in.selinux-label krb5-1.8/src/config/pre.in
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
-diff -up krb5-1.8/src/configure.in.selinux-label krb5-1.8/src/configure.in
---- krb5-1.8/src/configure.in.selinux-label 2010-03-05 10:57:23.000000000 -0500
-+++ krb5-1.8/src/configure.in 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/configure.in
++++ krb5/src/configure.in
@@ -1053,6 +1053,8 @@ fi
KRB5_WITH_PAM
@@ -126,9 +123,8 @@ diff -up krb5-1.8/src/configure.in.selinux-label krb5-1.8/src/configure.in
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
V5_AC_OUTPUT_MANPAGE([
-diff -up krb5-1.8/src/include/k5-int.h.selinux-label krb5-1.8/src/include/k5-int.h
---- krb5-1.8/src/include/k5-int.h.selinux-label 2010-01-04 14:59:16.000000000 -0500
-+++ krb5-1.8/src/include/k5-int.h 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/include/k5-int.h
++++ krb5/src/include/k5-int.h
@@ -133,6 +133,7 @@ typedef unsigned char u_char;
typedef UINT64_TYPE krb5_ui_8;
typedef INT64_TYPE krb5_int64;
@@ -137,9 +133,8 @@ diff -up krb5-1.8/src/include/k5-int.h.selinux-label krb5-1.8/src/include/k5-int
#define DEFAULT_PWD_STRING1 "Enter password"
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
-diff -up krb5-1.8/src/include/k5-label.h.selinux-label krb5-1.8/src/include/k5-label.h
---- krb5-1.8/src/include/k5-label.h.selinux-label 2010-03-05 10:57:23.000000000 -0500
-+++ krb5-1.8/src/include/k5-label.h 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/include/k5-label.h
++++ krb5/src/include/k5-label.h
@@ -0,0 +1,32 @@
+#ifndef _KRB5_LABEL_H
+#define _KRB5_LABEL_H
@@ -173,9 +168,8 @@ diff -up krb5-1.8/src/include/k5-label.h.selinux-label krb5-1.8/src/include/k5-l
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
+#endif
+#endif
-diff -up krb5-1.8/src/include/krb5/krb5.hin.selinux-label krb5-1.8/src/include/krb5/krb5.hin
---- krb5-1.8/src/include/krb5/krb5.hin.selinux-label 2010-01-21 17:49:07.000000000 -0500
-+++ krb5-1.8/src/include/krb5/krb5.hin 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/include/krb5/krb5.hin
++++ krb5/src/include/krb5/krb5.hin
@@ -87,6 +87,12 @@
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
#endif
@@ -189,9 +183,17 @@ diff -up krb5-1.8/src/include/krb5/krb5.hin.selinux-label krb5-1.8/src/include/k
#define KRB5_OLD_CRYPTO
#include <stdlib.h>
-diff -up krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label krb5-1.8/src/kadmin/dbutil/dump.c
---- krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
-+++ krb5-1.8/src/kadmin/dbutil/dump.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/kadmin/dbutil/dump.c
++++ krb5/src/kadmin/dbutil/dump.c
+@@ -346,7 +346,7 @@
+ exit_status++;
+ return;
+ }
+- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
++ if ((fd = THREEPARAMOPEN(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
+ com_err(progname, errno, _("while creating 'ok' file, '%s'"),
+ file_ok);
+ exit_status++;
@@ -1274,7 +1274,7 @@ dump_db(argc, argv)
* want to get into.
*/
@@ -201,9 +203,8 @@ diff -up krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label krb5-1.8/src/kadmin/dbu
fprintf(stderr, ofopen_error,
progname, ofile, error_message(errno));
exit_status++;
-diff -up krb5-1.8/src/krb5-config.in.selinux-label krb5-1.8/src/krb5-config.in
---- krb5-1.8/src/krb5-config.in.selinux-label 2010-01-21 17:49:01.000000000 -0500
-+++ krb5-1.8/src/krb5-config.in 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/krb5-config.in
++++ krb5/src/krb5-config.in
@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@'
PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
@@ -212,18 +213,17 @@ diff -up krb5-1.8/src/krb5-config.in.selinux-label krb5-1.8/src/krb5-config.in
LIBS='@LIBS@'
GEN_LIB=@GEN_LIB@
-@@ -214,7 +215,7 @@ if test -n "$do_libs"; then
+@@ -218,7 +219,7 @@
fi
- if test $library = 'krb5'; then
-- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
- fi
+ # If we ever support a flag to generate output suitable for static
+- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
++ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
+ # here.
echo $lib_flags
-diff -up krb5-1.8/src/lib/kadm5/logger.c.selinux-label krb5-1.8/src/lib/kadm5/logger.c
---- krb5-1.8/src/lib/kadm5/logger.c.selinux-label 2009-12-28 21:42:51.000000000 -0500
-+++ krb5-1.8/src/lib/kadm5/logger.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/lib/kadm5/logger.c
++++ krb5/src/lib/kadm5/logger.c
@@ -425,7 +425,7 @@ krb5_klog_init(krb5_context kcontext, ch
* Check for append/overwrite, then open the file.
*/
@@ -242,9 +242,8 @@ diff -up krb5-1.8/src/lib/kadm5/logger.c.selinux-label krb5-1.8/src/lib/kadm5/lo
if (f) {
set_cloexec_file(f);
log_control.log_entries[lindex].lfu_filep = f;
-diff -up krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label krb5-1.8/src/lib/krb5/keytab/kt_file.c
---- krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label 2009-11-10 14:59:39.000000000 -0500
-+++ krb5-1.8/src/lib/krb5/keytab/kt_file.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/lib/krb5/keytab/kt_file.c
++++ krb5/src/lib/krb5/keytab/kt_file.c
@@ -1050,7 +1050,7 @@ krb5_ktfileint_open(krb5_context context
KTCHECKLOCK(id);
@@ -263,9 +262,8 @@ diff -up krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label krb5-1.8/src/lib/k
if (!KTFILEP(id))
goto report_errno;
writevno = 1;
-diff -up krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label krb5-1.8/src/plugins/kdb/db2/adb_openclose.c
---- krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label 2009-11-24 18:52:25.000000000 -0500
-+++ krb5-1.8/src/plugins/kdb/db2/adb_openclose.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/plugins/kdb/db2/adb_openclose.c
++++ krb5/src/plugins/kdb/db2/adb_openclose.c
@@ -201,7 +201,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
* POSIX systems
*/
@@ -275,41 +273,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label krb5-1.8/src
/*
* maybe someone took away write permission so we could only
* get shared locks?
-diff -up krb5-1.8/src/plugins/kdb/db2/kdb_db2.c.selinux-label krb5-1.8/src/plugins/kdb/db2/kdb_db2.c
---- krb5-1.8/src/plugins/kdb/db2/kdb_db2.c.selinux-label 2009-11-25 09:36:05.000000000 -0500
-+++ krb5-1.8/src/plugins/kdb/db2/kdb_db2.c 2010-03-05 10:57:23.000000000 -0500
-@@ -326,8 +326,8 @@ krb5_db2_db_init(krb5_context context)
- * should be opened read/write so that write locking can work with
- * POSIX systems
- */
-- if ((db_ctx->db_lf_file = open(filename, O_RDWR, 0666)) < 0) {
-- if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
-+ if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR, 0666)) < 0) {
-+ if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDONLY, 0666)) < 0) {
- retval = errno;
- goto err_out;
- }
-@@ -745,7 +745,7 @@ krb5_db2_db_create(krb5_context context,
- if (!okname)
- retval = ENOMEM;
- else {
-- fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
-+ fd = THREEPARAMOPEN(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
- if (fd < 0)
- retval = errno;
- else
-@@ -1925,7 +1925,7 @@ krb5_db2_db_rename(context, from, to, me
- retval = ENOMEM;
- goto errout;
- }
-- db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
-+ db_ctx->db_lf_file = THREEPARAMOPEN(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
- if (db_ctx->db_lf_file < 0) {
- retval = errno;
- goto errout;
-diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c
---- krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
-+++ krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c
++++ krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
#include "k5-platform.h" /* mkstemp? */
@@ -327,9 +292,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label krb5-
goto err;
} else {
-diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c
---- krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
-+++ krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/plugins/kdb/db2/libdb2/hash/hash.c
++++ krb5/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
#include <assert.h>
#endif
@@ -347,29 +311,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label krb5-1.8/
RETURN_ERROR(errno, error0);
(void)fcntl(hashp->fp, F_SETFD, 1);
}
-diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c
---- krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c.selinux-label 2007-10-22 15:18:53.000000000 -0400
-+++ krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c 2010-03-05 10:57:23.000000000 -0500
-@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
- #include <stdio.h>
- #include <unistd.h>
-
-+#include "k5-int.h"
- #include "db-int.h"
- #include "recno.h"
-
-@@ -68,7 +69,7 @@ __rec_open(fname, flags, mode, openinfo,
- int rfd, sverrno;
-
- /* Open the user's file -- if this fails, we're done. */
-- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
-+ if (fname != NULL && (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
- return (NULL);
-
- if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
-diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in
---- krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label 2009-11-22 13:13:29.000000000 -0500
-+++ krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/plugins/kdb/db2/libdb2/test/Makefile.in
++++ krb5/src/plugins/kdb/db2/libdb2/test/Makefile.in
@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR)
KRB5_RUN_ENV= @KRB5_RUN_ENV@
@@ -380,9 +323,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label krb5
DB_DEPLIB = ../libdb$(DEPLIBEXT)
all::
-diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-label krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
---- krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-label 2009-11-24 18:52:25.000000000 -0500
-+++ krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
++++ krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -1091,7 +1091,7 @@
/* Create a temporary file which contains all the entries except the
@@ -435,7 +377,7 @@ diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-la
- pfile = fopen(file_name, "a+");
+ pfile = WRITABLEFOPEN(file_name, "a+");
if (pfile == NULL) {
- com_err(me, errno, "Failed to open file %s: %s", file_name,
+ com_err(me, errno, _("Failed to open file %s: %s"), file_name,
strerror (errno));
@@ -2069,7 +2069,7 @@
}
@@ -445,10 +387,9 @@ diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-la
+ newfile = WRITABLEFOPEN(tmp_file, "w");
umask (omask);
if (newfile == NULL) {
- com_err(me, errno, "Error creating file %s", tmp_file);
-diff -up krb5-1.8/src/slave/kpropd.c.selinux-label krb5-1.8/src/slave/kpropd.c
---- krb5-1.8/src/slave/kpropd.c.selinux-label 2009-12-31 17:25:11.000000000 -0500
-+++ krb5-1.8/src/slave/kpropd.c 2010-03-05 10:57:23.000000000 -0500
+ com_err(me, errno, _("Error creating file %s"), tmp_file);
+--- krb5/src/slave/kpropd.c
++++ krb5/src/slave/kpropd.c
@@ -328,7 +328,7 @@ retry:
if (!debug && iproprole != IPROP_SLAVE)
daemon(1, 0);
@@ -458,9 +399,34 @@ diff -up krb5-1.8/src/slave/kpropd.c.selinux-label krb5-1.8/src/slave/kpropd.c
fprintf(pidfile, "%d\n", getpid());
fclose(pidfile);
} else
-diff -up krb5-1.8/src/util/profile/prof_file.c.selinux-label krb5-1.8/src/util/profile/prof_file.c
---- krb5-1.8/src/util/profile/prof_file.c.selinux-label 2009-12-27 19:21:20.000000000 -0500
-+++ krb5-1.8/src/util/profile/prof_file.c 2010-03-05 10:57:23.000000000 -0500
+@@ -437,6 +437,9 @@ void doit(fd)
+ krb5_enctype etype;
+ int database_fd;
+ char host[INET6_ADDRSTRLEN+1];
++#ifdef USE_SELINUX
++ void *selabel;
++#endif
+
+ if (kpropd_context->kdblog_context &&
+ kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) {
+@@ -515,9 +518,15 @@ void doit(fd)
+ free(name);
+ exit(1);
+ }
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(file);
++#endif
+ omask = umask(077);
+ lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
+ (void) umask(omask);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
+ retval = krb5_lock_file(kpropd_context, lock_fd,
+ KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
+ if (retval) {
+--- krb5/src/util/profile/prof_file.c
++++ krb5/src/util/profile/prof_file.c
@@ -30,6 +30,7 @@
#endif
@@ -478,9 +444,8 @@ diff -up krb5-1.8/src/util/profile/prof_file.c.selinux-label krb5-1.8/src/util/p
if (!f) {
retval = errno;
if (retval == 0)
-diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/support/Makefile.in
---- krb5-1.8/src/util/support/Makefile.in.selinux-label 2009-11-23 20:25:10.000000000 -0500
-+++ krb5-1.8/src/util/support/Makefile.in 2010-03-05 10:57:23.000000000 -0500
+--- krb5/src/util/support/Makefile.in
++++ krb5/src/util/support/Makefile.in
@@ -54,6 +54,7 @@ IPC_SYMS= \
STLIBOBJS= \
@@ -498,10 +463,9 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s
SHLIB_DIRS=
SHLIB_RDIRS=$(KRB5_LIBDIR)
-diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c
---- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500
-+++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500
-@@ -0,0 +1,362 @@
+--- krb5/src/util/support/selinux.c
++++ krb5/src/util/support/selinux.c
+@@ -0,0 +1,374 @@
+/*
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
+ *
@@ -725,16 +689,28 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
+krb5int_push_fscreatecon_for(const char *pathname)
+{
+ struct stat st;
-+ if (stat(pathname, &st) != 0) {
-+ st.st_mode = S_IRUSR | S_IWUSR;
++ void *retval;
++ k5_once(&labeled_once, label_mutex_init);
++ if (k5_mutex_lock(&labeled_mutex) == 0) {
++ if (stat(pathname, &st) != 0) {
++ st.st_mode = S_IRUSR | S_IWUSR;
++ }
++ retval = push_fscreatecon(pathname, st.st_mode);
++ return retval ? retval : (void *) -1;
++ } else {
++ return NULL;
+ }
-+ return push_fscreatecon(pathname, st.st_mode);
+}
+
+void
+krb5int_pop_fscreatecon(void *con)
+{
-+ pop_fscreatecon(con);
++ if (con != NULL) {
++ if (con != (void *) -1) {
++ pop_fscreatecon(con);
++ }
++ k5_mutex_unlock(&labeled_mutex);
++ }
+}
+
+FILE *
@@ -864,9 +840,8 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
+}
+
+#endif
-diff -up krb5-1.8/src/lib/krb5/rcache/rc_dfl.c krb5-1.8/src/lib/krb5/rcache/rc_dfl.c
---- krb5-1.8/src/lib/krb5/rcache/rc_dfl.c 2011-06-13 21:04:04.994208850 -0400
-+++ krb5-1.8/src/lib/krb5/rcache/rc_dfl.c 2011-06-13 21:05:07.416208760 -0400
+--- krb5/src/lib/krb5/rcache/rc_dfl.c
++++ krb5/src/lib/krb5/rcache/rc_dfl.c
@@ -813,6 +813,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
krb5_error_code retval = 0;
krb5_rcache tmp;
@@ -895,3 +870,58 @@ diff -up krb5-1.8/src/lib/krb5/rcache/rc_dfl.c krb5-1.8/src/lib/krb5/rcache/rc_d
if (retval)
goto cleanup;
for (q = t->a; q; q = q->na) {
+--- krb5/src/plugins/kdb/db2/kdb_db2.c
++++ krb5/src/plugins/kdb/db2/kdb_db2.c
+@@ -683,8 +683,8 @@
+ if (retval)
+ return retval;
+
+- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
+- 0600);
++ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
++ O_CREAT | O_RDWR | O_TRUNC, 0600);
+ if (dbc->db_lf_file < 0) {
+ retval = errno;
+ goto cleanup;
+--- krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c
++++ krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+@@ -51,6 +51,7 @@
+ #include <stdio.h>
+ #include <unistd.h>
+
++#include "k5-int.h"
+ #include "db-int.h"
+ #include "recno.h"
+
+@@ -68,7 +69,8 @@
+ int rfd = -1, sverrno;
+
+ /* Open the user's file -- if this fails, we're done. */
+- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
++ if (fname != NULL &&
++ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
+ return (NULL);
+
+ if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
+--- krb5/src/kdc/main.c
++++ krb5/src/kdc/main.c
+@@ -905,7 +905,7 @@ write_pid_file(const char *path)
+ FILE *file;
+ unsigned long pid;
+
+- file = fopen(path, "w");
++ file = WRITABLEFOPEN(path, "w");
+ if (file == NULL)
+ return errno;
+ pid = (unsigned long) getpid();
+--- krb5/src/lib/kdb/kdb_log.c
++++ krb5/src/lib/kdb/kdb_log.c
+@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha
+ return (errno);
+ }
+
+- if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
++ if ((ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600)) == -1) {
+ return (errno);
+ }
+
More information about the scm-commits
mailing list