rpms/ipa/F-12 Fix-install-with-krb-1.7.patch, NONE, 1.1 ipa.spec, 1.25, 1.26
Simo Sorce
simo at fedoraproject.org
Tue Nov 24 20:22:59 UTC 2009
Author: simo
Update of /cvs/pkgs/rpms/ipa/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22568
Modified Files:
ipa.spec
Added Files:
Fix-install-with-krb-1.7.patch
Log Message:
* Tue Nov 24 2009 Simo Sorce <ssorce at redhat.com> - 1.2.2-2
- Add patch to fix installation with krb5 1.7
Fix-install-with-krb-1.7.patch:
krbinstance.py | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 59 insertions(+), 3 deletions(-)
--- NEW FILE Fix-install-with-krb-1.7.patch ---
diff -uPr freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py
--- freeipa-1.2.2/ipa-server/ipaserver/krbinstance.py 2009-09-09 15:41:27.000000000 -0400
+++ freeipa-1.2.2.new/ipa-server/ipaserver/krbinstance.py 2009-11-24 12:11:41.589001023 -0500
@@ -344,12 +344,68 @@
self.__ldap_mod("pwd-extop-conf.ldif")
def __add_master_key(self):
+ #check for a keytab file by checking if the header magic is for a keytab
+ def __is_keytab(header):
+ if header == 0x0502 or header == 0x0501 or header == 0x0205 or header == 0x0105:
+ return 1
+ else:
+ return 0
+ #check whether a keytab file is v1 or v2
+ def __keytab_version(header):
+ if header == 0x0502 or header == 0x0205:
+ return 2
+ elif header == 0x0501 or header == 0x0105:
+ return 1
+ else:
+ return 0
#get the Master Key from the stash file
try:
stash = open("/var/kerberos/krb5kdc/.k5."+self.realm, "r")
keytype = struct.unpack('h', stash.read(2))[0]
- keylen = struct.unpack('i', stash.read(4))[0]
- keydata = stash.read(keylen)
+ if __is_keytab(keytype):
+ #in v2, all numbers are stored in network order
+ if __keytab_version(keytype) > 1:
+ __endian = '!'
+ else:
+ __endian = ''
+ #walk the first entry (there should only be one)
+ keyentrylen = struct.unpack(__endian + 'i', stash.read(4))[0]
+ #number of components in the principal name
+ keyprinccomps = struct.unpack(__endian + 'h', stash.read(2))[0]
+ #version 1 counted the realm as a component, version 2 doesn't
+ if __keytab_version(keytype) == 1:
+ keyprinccomps = keyprinccomps - 1
+ keyprinc = []
+ #read the components. the realm goes first, so we should
+ #end up with (realm, "K", "M")
+ for i in range(keyprinccomps + 1):
+ keyprinccompsize = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keyprinc = keyprinc + [stash.read(keyprinccompsize)]
+ #version 2 added the principal name type, otherwise we just
+ #assume it's a regular old principal name
+ if __keytab_version(keytype) > 1:
+ keyprinctype = struct.unpack(__endian + 'i', stash.read(4))[0]
+ else:
+ keyprinctype = 1
+ #date the key was added to this keytab
+ keydate = struct.unpack(__endian + 'i', stash.read(4))[0]
+ #kvno
+ keyversion = struct.unpack('B', stash.read(1))[0]
+ #read the real enctype
+ keytype = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keylen = struct.unpack(__endian + 'h', stash.read(2))[0]
+ keydata = stash.read(keylen)
+ #check that we parsed the whole file, so no surprises
+ keyoffset = stash.tell()
+ stash.seek(0,2)
+ if stash.tell() != keyoffset:
+ logging.critical("Unexpected unprocessed data in Stash file (processed %ld bytes, %ld left)." % (keyoffset, stash.tell() - keyoffset))
+ else:
+ keyversion = 1
+ keyprinctype = 1
+ keyprinc = [self.realm,"K","M"]
+ keylen = struct.unpack('i', stash.read(4))[0]
+ keydata = stash.read(keylen)
except os.error:
logging.critical("Failed to retrieve Master Key from Stash file: %s")
#encode it in the asn.1 attribute
@@ -357,7 +413,7 @@
MasterKey.setComponentByPosition(0, univ.Integer(keytype))
MasterKey.setComponentByPosition(1, univ.OctetString(keydata))
krbMKey = univ.Sequence()
- krbMKey.setComponentByPosition(0, univ.Integer(0)) #we have no kvno
+ krbMKey.setComponentByPosition(0, univ.Integer(keyversion))
krbMKey.setComponentByPosition(1, MasterKey)
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
Index: ipa.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipa/F-12/ipa.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- ipa.spec 10 Sep 2009 21:25:13 -0000 1.25
+++ ipa.spec 24 Nov 2009 20:22:59 -0000 1.26
@@ -6,7 +6,7 @@
Name: ipa
Version: 1.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -15,6 +15,8 @@ URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch01: Fix-install-with-krb-1.7.patch
+
BuildRequires: fedora-ds-base-devel >= 1.1.3
BuildRequires: mozldap-devel
BuildRequires: svrcore-devel
@@ -192,6 +194,7 @@ administering radius authentication sett
%prep
%setup -n freeipa-%{version} -q
+%patch01 -p1 -b .stash-as-keytab
%build
export CFLAGS="$CFLAGS %{optflags}"
@@ -472,6 +475,9 @@ fi
%{_sbindir}/ipa-modradiusprofile
%changelog
+* Tue Nov 24 2009 Simo Sorce <ssorce at redhat.com> - 1.2.2-2
+- Add patch to fix installation with krb5 1.7
+
* Wed Sep 9 2009 Rob Crittenden <rcritten at redhat.com> - 1.2.2-1
- New upstream release 1.2.2
- Own /etc/httpd/conf.d/ipa-*.conf as config files
More information about the scm-commits
mailing list