[krb5] Backport from RT#7682

Nalin Dahyabhai nalin at fedoraproject.org
Mon Jul 22 18:30:58 UTC 2013 

commit 66d99286516c96bcfa1ec543b85ea7ccfad1136b
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Mon Jul 22 14:23:24 2013 -0400

    Backport from RT#7682
    
    - pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565)

 krb5-1.11-gss-methods1.patch |   38 ++++++++++++++++++++++++++++++++++++++
 krb5-1.11-gss-methods2.patch |   38 ++++++++++++++++++++++++++++++++++++++
 krb5.spec                    |   10 +++++++++-
 3 files changed, 85 insertions(+), 1 deletions(-)
---
diff --git a/krb5-1.11-gss-methods1.patch b/krb5-1.11-gss-methods1.patch
new file mode 100644
index 0000000..ad7b07f
--- /dev/null
+++ b/krb5-1.11-gss-methods1.patch
@@ -0,0 +1,38 @@
+commit ee53a887bead08ec1354de3e74659da537f87515
+Author: Simo Sorce <simo at redhat.com>
+Date:   Sat Jul 20 13:19:19 2013 -0400
+
+    Load cred store functions from GSS modules
+    
+    When the credential store feature was implement the related functions
+    were added to struct gss_config, but the initialization function that
+    dynamically loads modules was not changed to see if the plugin being
+    loaded provided such functions.
+    
+    This will allow non-builtin mechanism and interposer mechanism to
+    implement custom credential store extensions if they wish.
+    
+    ticket: 7682
+
+diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
+index f5b8b15..70cc4ee 100644
+--- a/src/lib/gssapi/mechglue/g_initialize.c
++++ b/src/lib/gssapi/mechglue/g_initialize.c
+@@ -680,6 +680,8 @@ build_dynamicMech(void *dl, const gss_OID mech_type)
+         GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_mech_for_saslname);
+         /* RFC 5587 */
+         GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
++	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_acquire_cred_from);
++	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_store_cred_into);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+@@ -778,6 +780,8 @@ build_interMech(void *dl, const gss_OID mech_type)
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_mech_for_saslname);
+ 	/* RFC 5587 */
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_attrs_for_mech);
++	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _acquire_cred_from);
++	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _store_cred_into);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
diff --git a/krb5-1.11-gss-methods2.patch b/krb5-1.11-gss-methods2.patch
new file mode 100644
index 0000000..6d6e620
--- /dev/null
+++ b/krb5-1.11-gss-methods2.patch
@@ -0,0 +1,38 @@
+commit 744d6f873393b6bbd12e1c1884738676a089fa65
+Author: Simo Sorce <simo at redhat.com>
+Date:   Sat Jul 20 13:20:43 2013 -0400
+
+    Load import/export cred functions from GSS modules
+    
+    When the import/export credential feature was implement the related
+    functions were added to struct gss_config, but the initialization
+    function that dynamically loads modules was not changed to see if
+    the plugin being loaded provided such functions.
+    
+    This will allow non-builtin mechanism and interposer mechanism to
+    implement custom import/export credential extensions if they wish.
+    
+    ticket: 7682
+
+diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
+index 70cc4ee..48a825e 100644
+--- a/src/lib/gssapi/mechglue/g_initialize.c
++++ b/src/lib/gssapi/mechglue/g_initialize.c
+@@ -683,6 +683,8 @@ build_dynamicMech(void *dl, const gss_OID mech_type)
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_acquire_cred_from);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_store_cred_into);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
++	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_cred);
++	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_cred);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+ 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
+@@ -783,6 +785,8 @@ build_interMech(void *dl, const gss_OID mech_type)
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _acquire_cred_from);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _store_cred_into);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
++	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _export_cred);
++	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _import_cred);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
+ 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_cred_by_mech);
diff --git a/krb5.spec b/krb5.spec
index ff92bdb..3dc8ea9 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -30,7 +30,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -90,6 +90,8 @@ Patch128: krb5-master-test_no_pmap.patch
 Patch129: krb5-1.11-run_user_0.patch
 Patch130: krb5-master-init_referral.patch
 Patch131: krb5-1.11.3-skew3.patch
+Patch132: krb5-1.11-gss-methods1.patch
+Patch133: krb5-1.11-gss-methods2.patch 
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -317,6 +319,8 @@ ln -s NOTICE LICENSE
 %patch129 -p1 -b .run_user_0
 %patch130 -p1 -b .init_referral
 %patch131 -p1 -b .skew3
+%patch132 -p1 -b .gss-methods1
+%patch133 -p1 -b .gss-methods2
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -864,6 +868,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Jul 22 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-5
+- pull up changes to allow GSSAPI modules to provide more functions
+  (RT#7682, #986564/#986565)
+
 * Fri Jul 19 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-4
 - use (a bundled, for now, copy of) nss_wrapper to let us run some of the
   self-tests at build-time in more places than we could previously (#978756)

More information about the scm-commits mailing list