rpms/nfs-utils-lib/devel nfs-utils-lib-1.1.4-nss-localrealms.patch, 1.1, 1.2 nfs-utils-lib.spec, 1.33, 1.34
Steve Dickson
steved at fedoraproject.org
Fri Oct 24 15:40:56 UTC 2008
Author: steved
Update of /cvs/pkgs/rpms/nfs-utils-lib/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10287
Modified Files:
nfs-utils-lib-1.1.4-nss-localrealms.patch nfs-utils-lib.spec
Log Message:
Updated how nss deals with Local Realms
nfs-utils-lib-1.1.4-nss-localrealms.patch:
Index: nfs-utils-lib-1.1.4-nss-localrealms.patch
===================================================================
RCS file: /cvs/pkgs/rpms/nfs-utils-lib/devel/nfs-utils-lib-1.1.4-nss-localrealms.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- nfs-utils-lib-1.1.4-nss-localrealms.patch 18 Oct 2008 13:49:56 -0000 1.1
+++ nfs-utils-lib-1.1.4-nss-localrealms.patch 24 Oct 2008 15:40:25 -0000 1.2
@@ -1,47 +1,111 @@
-Author: Steve Dickson <steved at redhat.com>
-Date: Sat Oct 18 09:12:48 EDT 2008
-
- nss_gss_princ_to_ids() wrongly makes an assume that the krb5
- realm name and the DNS domain name are the same string when
- Local-Realms are not defined in the idmapd.conf file.
-
- This patch removes that assumption, renames the realms
- variable to better describe what it is used for.
-
- Signed-off-by: Steve Dickson <steved at redhat.com>
-
+diff -up nfs-utils-lib-1.1.4/libnfsidmap/idmapd.conf.orig nfs-utils-lib-1.1.4/libnfsidmap/idmapd.conf
+--- nfs-utils-lib-1.1.4/libnfsidmap/idmapd.conf.orig 2008-10-24 11:33:14.000000000 -0400
++++ nfs-utils-lib-1.1.4/libnfsidmap/idmapd.conf 2008-10-24 11:33:23.000000000 -0400
+@@ -1,8 +1,19 @@
+ [General]
+ #Verbosity = 0
+ # The following should be set to the local NFSv4 domain name
++# The default is the host's DNS domain name.
+ #Domain = local.domain.edu
+
++# The following is a comma-separated list of Kerberos realm
++# names that should be considered to be equivalent to the
++# local realm, such that <user>@REALM.A can be assumed to
++# be the same user as <user>@REALM.B
++# If not specified, the default local realm is the domain name,
++# which defaults to the host's DNS domain name,
++# translated to upper-case.
++# Note that if this value is specified, the local realm name
++# must be included in the list!
++#Local-Realms =
+
+ [Mapping]
+
+diff -up nfs-utils-lib-1.1.4/libnfsidmap/libnfsidmap.c.orig nfs-utils-lib-1.1.4/libnfsidmap/libnfsidmap.c
+--- nfs-utils-lib-1.1.4/libnfsidmap/libnfsidmap.c.orig 2008-10-24 11:33:14.000000000 -0400
++++ nfs-utils-lib-1.1.4/libnfsidmap/libnfsidmap.c 2008-10-24 11:33:23.000000000 -0400
+@@ -86,6 +86,14 @@ static void default_logger(const char *f
+ }
+ nfs4_idmap_log_function_t idmap_log_func = default_logger;
+
++static char * toupper_str(char *s)
++{
++ int i;
++ for (i=0; i < strlen(s); i++)
++ s[i] = toupper(s[i]);
++ return s;
++}
++
+ static int domain_from_dns(char **domain)
+ {
+ struct hostent *he;
+@@ -232,7 +240,31 @@ int nfs4_init_name_mapping(char *conffil
+ IDMAP_LOG(1, ("libnfsidmap: using%s domain: %s\n",
+ (dflt ? " (default)" : ""), default_domain));
+
++ /* Get list of "local equivalent" realms. Meaning the list of realms
++ * where john at REALM.A is considered the same user as john at REALM.B
++ * If not specified, default to upper-case of local domain name */
+ local_realms = conf_get_list("General", "Local-Realms");
++ if (local_realms == NULL) {
++ struct conf_list_node *node;
++
++ local_realms = malloc(sizeof *local_realms);
++ if (local_realms == NULL)
++ return -ENOMEM;
++ local_realms->cnt = 0;
++ TAILQ_INIT(&local_realms->fields);
++
++ node = calloc(1, sizeof *node);
++ if (node == NULL)
++ return -ENOMEM;
++ node->field = strdup(get_default_domain());
++ if (node->field == NULL)
++ return -ENOMEM;
++ toupper_str(node->field);
++
++ TAILQ_INSERT_TAIL(&local_realms->fields, node, link);
++ local_realms->cnt++;
++ }
++
+
+ nfs4_methods = conf_get_list("Translation", "Method");
+ if (nfs4_methods) {
diff -up nfs-utils-lib-1.1.4/libnfsidmap/nss.c.orig nfs-utils-lib-1.1.4/libnfsidmap/nss.c
--- nfs-utils-lib-1.1.4/libnfsidmap/nss.c.orig 2008-03-27 16:47:51.000000000 -0400
-+++ nfs-utils-lib-1.1.4/libnfsidmap/nss.c 2008-10-18 09:39:15.000000000 -0400
-@@ -273,7 +273,7 @@ static int nss_gss_princ_to_ids(char *se
- struct passwd *pw;
- int err = 0;
++++ nfs-utils-lib-1.1.4/libnfsidmap/nss.c 2008-10-24 11:33:48.000000000 -0400
+@@ -275,6 +275,7 @@ static int nss_gss_princ_to_ids(char *se
char *princ_realm;
-- struct conf_list *realms;
-+ struct conf_list *local_realms;
+ struct conf_list *realms;
struct conf_list_node *r;
++ int found = 0;
if (strcmp(secname, "spkm3") == 0)
-@@ -288,11 +288,11 @@ static int nss_gss_princ_to_ids(char *se
+ return -ENOENT;
+@@ -288,28 +289,18 @@ static int nss_gss_princ_to_ids(char *se
return -EINVAL;
princ_realm++;
- /* get accepted realms */
-- realms = get_local_realms();
++ /* get list of "local-equivalent" realms and
++ * check against the principal's realm */
+ realms = get_local_realms();
- if (realms) {
-+ /* See if there are any local realms that need to be adhered to */
-+ local_realms = get_local_realms();
-+ if (local_realms) {
- int found = 0;
+- int found = 0;
- for (r = TAILQ_FIRST(&realms->fields); r;
-+ for (r = TAILQ_FIRST(&local_realms->fields); r;
- r = TAILQ_NEXT(r, link)) {
- if (strlen(r->field) == strlen(princ_realm) &&
- !strcmp(r->field, princ_realm)) {
-@@ -302,14 +302,8 @@ static int nss_gss_princ_to_ids(char *se
+- r = TAILQ_NEXT(r, link)) {
+- if (strlen(r->field) == strlen(princ_realm) &&
+- !strcmp(r->field, princ_realm)) {
+- found = 1;
+- break;
+- }
++ TAILQ_FOREACH(r, &realms->fields, link) {
++ if (strcmp(r->field, princ_realm) == 0) {
++ found = 1;
++ break;
}
- if (!found)
- return -EINVAL;
+- if (!found)
+- return -EINVAL;
- } else {
- char *domain;
- domain = get_default_domain();
@@ -49,8 +113,9 @@
- if (strlen(princ_realm) != strlen(domain) ||
- strcmp(princ_realm, domain))
- return -EINVAL;
-- }
-+ }
+ }
++ if (!found)
++ return -ENOENT;
+
/* XXX: this should call something like getgssauthnam instead? */
pw = nss_getpwnam(princ, NULL, &err);
Index: nfs-utils-lib.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nfs-utils-lib/devel/nfs-utils-lib.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- nfs-utils-lib.spec 18 Oct 2008 13:49:56 -0000 1.33
+++ nfs-utils-lib.spec 24 Oct 2008 15:40:25 -0000 1.34
@@ -1,7 +1,7 @@
Summary: Network File System Support Library
Name: nfs-utils-lib
Version: 1.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
URL: http://www.citi.umich.edu/projects/nfsv4/linux/
License: GPL
@@ -144,6 +144,10 @@
%{_libdir}/libnfsidmap*.a
%changelog
+* Fri Oct 24 2008 Steve Dickson <steved at redhat.com> 1.1.4-2
+- Incorporated from upstream as to how how nss deals
+ with Local Realms
+
* Sat Oct 18 2008 Steve Dickson <steved at redhat.com> 1.1.4-1
- Fixed a bad assumtion in nss code.
More information about the scm-commits
mailing list