rpms/krb5/devel krb5-1-8-gss-noexp.patch, NONE, 1.1 krb5.spec, 1.272, 1.273
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Jun 21 18:26:35 UTC 2010
- Previous message: rpms/iwl6000-firmware/F-12 .cvsignore, 1.3, 1.4 iwl6000-firmware.spec, 1.2, 1.3 sources, 1.3, 1.4
- Next message: rpms/wicd/EL-6 wicd-1.7.0-initscript.patch, NONE, 1.1 wicd-1.7.0-remove-WHEREAREMYFILES.patch, NONE, 1.1 wicd.logrotate, NONE, 1.1 wicd.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/extras/rpms/krb5/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv23077
Modified Files:
krb5.spec
Added Files:
krb5-1-8-gss-noexp.patch
Log Message:
- libgssapi: pull in patch from svn to stop returning context-expired errors
when the ticket which was used to set up the context expires (#605366,
upstream #6739)
krb5-1-8-gss-noexp.patch:
k5seal.c | 9 +--------
k5sealiov.c | 12 ++----------
k5unseal.c | 11 -----------
k5unsealiov.c | 14 --------------
4 files changed, 3 insertions(+), 43 deletions(-)
--- NEW FILE krb5-1-8-gss-noexp.patch ---
Pending change to not fail wrap/unwrap/seal/unseal after the ticket
that was used for authentication expires.
Index: src/lib/gssapi/krb5/k5sealiov.c
===================================================================
--- src/lib/gssapi/krb5/k5sealiov.c (revision 24129)
+++ src/lib/gssapi/krb5/k5sealiov.c (revision 24130)
@@ -279,7 +279,6 @@
{
krb5_gss_ctx_id_rec *ctx;
krb5_error_code code;
- krb5_timestamp now;
krb5_context context;
if (qop_req != 0) {
@@ -298,19 +297,12 @@
return GSS_S_NO_CONTEXT;
}
- context = ctx->k5_context;
- code = krb5_timeofday(context, &now);
- if (code != 0) {
- *minor_status = code;
- save_error_info(*minor_status, context);
- return GSS_S_FAILURE;
- }
-
if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) {
/* may be more sensible to return an error here */
conf_req_flag = FALSE;
}
+ context = ctx->k5_context;
switch (ctx->proto) {
case 0:
code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
@@ -333,7 +325,7 @@
*minor_status = 0;
- return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
+ return GSS_S_COMPLETE;
}
#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
Index: src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- src/lib/gssapi/krb5/k5unsealiov.c (revision 24129)
+++ src/lib/gssapi/krb5/k5unsealiov.c (revision 24130)
@@ -52,7 +52,6 @@
int signalg;
krb5_checksum cksum;
krb5_checksum md5cksum;
- krb5_timestamp now;
size_t cksum_len = 0;
size_t conflen = 0;
int direction;
@@ -280,19 +279,6 @@
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
- code = krb5_timeofday(context, &now);
- if (code != 0) {
- *minor_status = code;
- retval = GSS_S_FAILURE;
- goto cleanup;
- }
-
- if (now > ctx->krb_times.endtime) {
- *minor_status = 0;
- retval = GSS_S_CONTEXT_EXPIRED;
- goto cleanup;
- }
-
if ((ctx->initiate && direction != 0xff) ||
(!ctx->initiate && direction != 0)) {
*minor_status = (OM_uint32)G_BAD_DIRECTION;
Index: src/lib/gssapi/krb5/k5seal.c
===================================================================
--- src/lib/gssapi/krb5/k5seal.c (revision 24129)
+++ src/lib/gssapi/krb5/k5seal.c (revision 24130)
@@ -328,7 +328,6 @@
{
krb5_gss_ctx_id_rec *ctx;
krb5_error_code code;
- krb5_timestamp now;
krb5_context context;
output_message_buffer->length = 0;
@@ -359,12 +358,6 @@
}
context = ctx->k5_context;
- if ((code = krb5_timeofday(context, &now))) {
- *minor_status = code;
- save_error_info(*minor_status, context);
- return(GSS_S_FAILURE);
- }
-
switch (ctx->proto)
{
case 0:
@@ -396,5 +389,5 @@
*conf_state = conf_req_flag;
*minor_status = 0;
- return((ctx->krb_times.endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
+ return(GSS_S_COMPLETE);
}
Index: src/lib/gssapi/krb5/k5unseal.c
===================================================================
--- src/lib/gssapi/krb5/k5unseal.c (revision 24129)
+++ src/lib/gssapi/krb5/k5unseal.c (revision 24130)
@@ -79,7 +79,6 @@
krb5_checksum md5cksum;
krb5_data plaind;
char *data_ptr;
- krb5_timestamp now;
unsigned char *plain;
unsigned int cksum_len = 0;
size_t plainlen;
@@ -441,16 +440,6 @@
if (qop_state)
*qop_state = GSS_C_QOP_DEFAULT;
- if ((code = krb5_timeofday(context, &now))) {
- *minor_status = code;
- return(GSS_S_FAILURE);
- }
-
- if (now > ctx->krb_times.endtime) {
- *minor_status = 0;
- return(GSS_S_CONTEXT_EXPIRED);
- }
-
/* do sequencing checks */
if ((ctx->initiate && direction != 0xff) ||
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.272
retrieving revision 1.273
diff -u -p -r1.272 -r1.273
--- krb5.spec 21 Jun 2010 18:11:40 -0000 1.272
+++ krb5.spec 21 Jun 2010 18:26:35 -0000 1.273
@@ -5,7 +5,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.8.2
-Release: 1%{?dist}
+Release: 2%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -46,6 +46,7 @@ Patch63: krb5-1.8-selinux-label.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch
Patch71: krb5-1.8-dirsrv-accountlock.patch
Patch72: krb5-1.7.1-24139.patch
+Patch73: krb5-1-8-gss-noexp.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -182,6 +183,7 @@ ln -s NOTICE LICENSE
#%patch70 -p0 -b .kpasswd_tcp2
%patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .24139
+%patch73 -p0 -b .gss-noexp
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -623,6 +625,11 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Mon Jun 21 2010 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-2
+- libgssapi: pull in patch from svn to stop returning context-expired errors
+ when the ticket which was used to set up the context expires (#605366,
+ upstream #6739)
+
* Mon Jun 21 2010 Nalin Dahyabhai <nalin at redhat.com>
- pull up fix for upstream #6745, in which the gssapi library would add the
wrong error table but subsequently attempt to unload the right one
- Previous message: rpms/iwl6000-firmware/F-12 .cvsignore, 1.3, 1.4 iwl6000-firmware.spec, 1.2, 1.3 sources, 1.3, 1.4
- Next message: rpms/wicd/EL-6 wicd-1.7.0-initscript.patch, NONE, 1.1 wicd-1.7.0-remove-WHEREAREMYFILES.patch, NONE, 1.1 wicd.logrotate, NONE, 1.1 wicd.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list