rpms/krb5/devel krb5-1.7-spnego-deleg.patch, NONE, 1.1 krb5.spec, 1.217, 1.218
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Dec 8 20:05:41 UTC 2009
Author: nalin
Update of /cvs/extras/rpms/krb5/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10026
Modified Files:
krb5.spec
Added Files:
krb5-1.7-spnego-deleg.patch
Log Message:
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
krb5-1.7-spnego-deleg.patch:
gssapiP_spnego.h | 9 +++++++++
spnego_mech.c | 17 ++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
--- NEW FILE krb5-1.7-spnego-deleg.patch ---
Punt a set_cred_option() call down to the mechanism for the first
credential that we have whose mechanism implements a set_cred_option()
method. Not completely sure this is the correct fix, as we may need to
change gssspi_set_cred_option() to keep going if it gets GSS_S_UNAVAILABLE
back from the mechanism-specific function (which is what the Kerberos
mechanism, previously the only provider of a set_cred_option(), returns
if it doesn't understand the request).
diff -up krb5/src/lib/gssapi/spnego/gssapiP_spnego.h krb5/src/lib/gssapi/spnego/gssapiP_spnego.h
--- krb5/src/lib/gssapi/spnego/gssapiP_spnego.h 2009-12-08 14:46:57.000000000 -0500
+++ krb5/src/lib/gssapi/spnego/gssapiP_spnego.h 2009-12-08 14:46:20.000000000 -0500
@@ -333,6 +333,15 @@ spnego_gss_inquire_sec_context_by_oid
);
OM_uint32
+spnego_gss_set_cred_option
+(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value
+);
+
+OM_uint32
spnego_gss_set_sec_context_option
(
OM_uint32 *minor_status,
diff -up krb5/src/lib/gssapi/spnego/spnego_mech.c krb5/src/lib/gssapi/spnego/spnego_mech.c
--- krb5/src/lib/gssapi/spnego/spnego_mech.c 2009-12-08 14:47:01.000000000 -0500
+++ krb5/src/lib/gssapi/spnego/spnego_mech.c 2009-12-08 14:46:20.000000000 -0500
@@ -250,7 +250,7 @@ static struct gss_config spnego_mechanis
spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
NULL, /* gss_inquire_cred_by_oid */
spnego_gss_set_sec_context_option, /* gss_set_sec_context_option */
- NULL, /* gssspi_set_cred_option */
+ spnego_gss_set_cred_option, /* gssspi_set_cred_option */
NULL, /* gssspi_mech_invoke */
spnego_gss_wrap_aead,
spnego_gss_unwrap_aead,
@@ -2081,6 +2081,21 @@ spnego_gss_inquire_sec_context_by_oid(
}
OM_uint32
+spnego_gss_set_cred_option(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ OM_uint32 ret;
+ ret = gssspi_set_cred_option(minor_status,
+ cred_handle,
+ desired_object,
+ value);
+ return (ret);
+}
+
+OM_uint32
spnego_gss_set_sec_context_option(
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -p -r1.217 -r1.218
--- krb5.spec 4 Dec 2009 22:16:38 -0000 1.217
+++ krb5.spec 8 Dec 2009 20:05:41 -0000 1.218
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7
-Release: 11%{?dist}
+Release: 12%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -79,6 +79,7 @@ Patch87: krb5-1.7-errs.patch
Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-1.7-largefile.patch
Patch90: krb5-1.7-openssl-1.0.patch
+Patch91: krb5-1.7-spnego-deleg.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -215,7 +216,10 @@ to obtain initial credentials from a KDC
certificate.
%changelog
-* Fri Dec 4 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-12
+* Tue Dec 8 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-13
+- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
+
+* Fri Dec 4 2009 Nalin Dahyabhai <nalin at redhat.com>
- make krb5-config suppress CFLAGS output when called with --libs (#544391)
* Thu Dec 3 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-11
@@ -1501,6 +1505,7 @@ popd
%patch88 -p1 -b .sizeof
%patch89 -p1 -b .largefile
%patch90 -p0 -b .openssl-1.0
+%patch91 -p1 -b .spnego-deleg
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the scm-commits
mailing list