[krb5] Add a hackish attempt at a workaround for #961235

Thu May 30 19:12:00 UTC 2013

commit dc293b3d84ef42a40b6e4a6ee56d24ee730cb8d6
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Thu May 30 12:26:42 2013 -0400

    Add a hackish attempt at a workaround for #961235
    
    Add a patch to create /run/user/0 if we're trying to resolve a
    DIR: ccache somewhere below it and neither the target location
    nor /run/user/0 exist yet.
    The better workaround is to set the location's owner to "linger"
    via logind, since even after we do what we're doing here, if
    the user logs in and logs back out, our location is still removed.

 krb5-1.11-run_user_0.patch |   34 ++++++++++++++++++++++++++++++++++
 krb5.spec                  |    6 ++++++
 2 files changed, 40 insertions(+), 0 deletions(-)
---

diff --git a/krb5-1.11-run_user_0.patch b/krb5-1.11-run_user_0.patch
new file mode 100644
index 0000000..6be760a
--- /dev/null
+++ b/krb5-1.11-run_user_0.patch
@@ -0,0 +1,34 @@
+A hack: if we're looking at creating a ccache directory directly below
+the /run/user/0 directory, and /run/user/0 doesn't exist, try to create
+it, too.
+
+--- krb5/src/lib/krb5/ccache/cc_dir.c
++++ krb5/src/lib/krb5/ccache/cc_dir.c
+@@ -61,6 +61,8 @@
+ 
+ #include <dirent.h>
+ 
++#define ROOT_SPECIAL_DCC_PARENT "/run/user/0"
++
+ extern const krb5_cc_ops krb5_dcc_ops;
+ extern const krb5_cc_ops krb5_fcc_ops;
+ 
+@@ -239,6 +241,18 @@
+ 
+     if (stat(dirname, &st) < 0) {
+         if (errno == ENOENT) {
++            if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/",
++                        sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 &&
++                stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 &&
++                errno == ENOENT) {
++#ifdef USE_SELINUX
++                selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT);
++#endif
++                status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU);
++#ifdef USE_SELINUX
++                krb5int_pop_fscreatecon(selabel);
++#endif
++            }
+ #ifdef USE_SELINUX
+             selabel = krb5int_push_fscreatecon_for(dirname);
+ #endif
diff --git a/krb5.spec b/krb5.spec
index 31cda69..9405d2a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -85,6 +85,7 @@ Patch125: krb5-1.11.2-skew1.patch
 Patch126: krb5-1.11.2-skew2.patch
 Patch127: krb5-master-test_gss_no_udp.patch
 Patch128: krb5-master-test_no_pmap.patch 
+Patch129: krb5-1.11-run_user_0.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -312,6 +313,7 @@ ln -s NOTICE LICENSE
 %patch126 -p1 -b .skew2
 %patch127 -p1 -b .test_gss_no_udp
 %patch128 -p1 -b .test_no_pmap
+%patch129 -p1 -b .run_user_0
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -840,6 +842,10 @@ exit 0
 * Thu May 30 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-9
 - don't forget to set the SELinux label when creating the directory for
   a DIR: ccache
+- special-case /run/user/0, attempting to create it when resolving a
+  directory cache below it fails due to ENOENT and we find that it doesn't
+  already exist, either, before attempting to create the directory cache
+  (maybe helping, maybe just making things more confusing for #961235)
 
 * Thu May 30 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-8
 - pull in patches from master to not test GSSRPC-over-UDP and to not
