[krb5] - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached (more of #761317)
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Dec 13 15:50:19 UTC 2011
commit 6d68d342c990821c0bba9baee900a1ff33a472ab
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Tue Dec 13 10:48:28 2011 -0500
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
(more of #761317)
krb5-trunk-7047.patch | 28 ++++++++++++++++++++++++++++
krb5.spec | 4 ++++
2 files changed, 32 insertions(+), 0 deletions(-)
---
diff --git a/krb5-trunk-7047.patch b/krb5-trunk-7047.patch
new file mode 100644
index 0000000..381449b
--- /dev/null
+++ b/krb5-trunk-7047.patch
@@ -0,0 +1,28 @@
+commit 59a8a0861d5aacd4e985ad4dc4d46a11c2ebc136
+Author: ghudson <ghudson at dc483132-0cff-0310-8789-dd5450dbe970>
+Date: Wed Dec 7 19:38:22 2011 +0000
+
+ ticket: 7047
+ subject: Allow S4U2Proxy service tickets to be cached
+
+ Previous to this change, the GSS code avoids caching S4U2Proxy results
+ for fear of the memory cache growing without bound, but that seems
+ unlikely to be a serious problem. Allow these to be cached.
+
+ git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970
+
+diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
+index d7b9ffa..07baefa 100644
+--- a/src/lib/gssapi/krb5/init_sec_context.c
++++ b/src/lib/gssapi/krb5/init_sec_context.c
+@@ -148,9 +148,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
+ !krb5_principal_compare(context, cred->impersonator, server->princ)) {
+ krb5_creds mcreds;
+
+- flags |= KRB5_GC_CANONICALIZE |
+- KRB5_GC_NO_STORE |
+- KRB5_GC_CONSTRAINED_DELEGATION;
++ flags |= KRB5_GC_CANONICALIZE | KRB5_GC_CONSTRAINED_DELEGATION;
+
+ memset(&mcreds, 0, sizeof(mcreds));
+
diff --git a/krb5.spec b/krb5.spec
index 9a7bf44..795834d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -60,6 +60,7 @@ Patch86: krb5-1.9-debuginfo.patch
Patch92: krb5-1.10-alpha1-uninit.patch
Patch93: http://web.mit.edu/kerberos/advisories/2011-007-patch.txt
Patch100: krb5-trunk-7046.patch
+Patch101: krb5-trunk-7047.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -227,6 +228,7 @@ ln -s NOTICE LICENSE
%patch86 -p0 -b .debuginfo
%patch93 -p1 -b .2011-007
%patch100 -p1 -b .7046
+%patch101 -p1 -b .7047
# XXX Temporary, backported from trunk.
%patch92 -p1 -b .uninit
# XXX Temporary, fixed properly in trunk.
@@ -744,6 +746,8 @@ exit 0
* Tue Dec 13 2011 Nalin Dahyabhai <nalin at redhat.com>
- pull in patch for RT#7046: tag a ccache containing credentials obtained via
S4U2Proxy with the principal name of the proxying principal (part of #761317)
+- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
+ (more of #761317)
* Tue Dec 6 2011 Nalin Dahyabhai <nalin at redhat.com> 1.10-0.alpha1.2
- apply upstream patch to fix a null pointer dereference when processing
More information about the scm-commits
mailing list