[gssproxy/f19] Fix default proxymech documentation and fix LOCAL_FIRST implementation resolves: https://fedorahoste
Guenther Deschner
gd at fedoraproject.org
Fri Oct 18 12:45:01 UTC 2013
commit 7122e985dafe122b8eeaca9602e3e1b7dfcdd018
Author: Günther Deschner <gdeschner at redhat.com>
Date: Fri Oct 18 14:42:12 2013 +0200
Fix default proxymech documentation and fix LOCAL_FIRST implementation
resolves: https://fedorahosted.org/gss-proxy/ticket/105
0001-Fix-LOCAL_FIRST-behavior.patch | 79 +++++++++++++++++++++++++
0002-Fix-documentation-to-match-reality.patch | 39 ++++++++++++
gssproxy.spec | 10 +++-
3 files changed, 127 insertions(+), 1 deletions(-)
---
diff --git a/0001-Fix-LOCAL_FIRST-behavior.patch b/0001-Fix-LOCAL_FIRST-behavior.patch
new file mode 100644
index 0000000..ed200a9
--- /dev/null
+++ b/0001-Fix-LOCAL_FIRST-behavior.patch
@@ -0,0 +1,79 @@
+From b73a9a18cb2df0b39c30d3e03c66d2f24ec3f57d Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Tue, 15 Oct 2013 15:45:59 -0400
+Subject: [PATCH 1/2] Fix LOCAL_FIRST behavior
+
+We were erroneously returning and never falling back if LOCAL_FIRST was
+selected. Correct also the remote first fallback flow.
+
+Resolves: https://fedorahosted.org/gss-proxy/ticket/105
+---
+ proxy/src/mechglue/gpp_acquire_cred.c | 39 +++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
+
+diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c
+index a3290dd72ae2d97eaa05f250a4d2dd96824abebf..fb80677eed4680470e21b820633e87b94f36d6cc 100644
+--- a/proxy/src/mechglue/gpp_acquire_cred.c
++++ b/proxy/src/mechglue/gpp_acquire_cred.c
+@@ -109,7 +109,7 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
+ maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
+ out_cred_handle, actual_mechs, time_rec);
+
+- if (maj != GSS_S_NO_CRED || behavior != GPP_LOCAL_FIRST) {
++ if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) {
+ goto done;
+ }
+
+@@ -119,31 +119,30 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
+ }
+
+ /* Then try with remote */
+- if (behavior == GPP_REMOTE_ONLY || behavior == GPP_REMOTE_FIRST) {
+-
+- if (name && name->local && !name->remote) {
+- maj = gpp_local_to_name(&min, name->local, &name->remote);
+- if (maj) {
+- goto done;
+- }
+- }
+-
+- maj = gpm_acquire_cred(&min,
+- name ? name->remote : NULL,
+- time_req,
+- desired_mechs,
+- cred_usage,
+- &out_cred_handle->remote,
+- actual_mechs,
+- time_rec);
+- if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
++ if (name && name->local && !name->remote) {
++ maj = gpp_local_to_name(&min, name->local, &name->remote);
++ if (maj) {
+ goto done;
+ }
++ }
+
++ maj = gpm_acquire_cred(&min,
++ name ? name->remote : NULL,
++ time_req,
++ desired_mechs,
++ cred_usage,
++ &out_cred_handle->remote,
++ actual_mechs,
++ time_rec);
++ if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
++ goto done;
++ }
++
++ if (behavior == GPP_REMOTE_FIRST) {
+ /* So remote failed, but we can fallback to local, try that */
+ maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
+ out_cred_handle, actual_mechs, time_rec);
+- }
++ }
+
+ done:
+ if (maj != GSS_S_COMPLETE &&
+--
+1.8.3.1
+
diff --git a/0002-Fix-documentation-to-match-reality.patch b/0002-Fix-documentation-to-match-reality.patch
new file mode 100644
index 0000000..51d0e9a
--- /dev/null
+++ b/0002-Fix-documentation-to-match-reality.patch
@@ -0,0 +1,39 @@
+From 788132ea70522663efab652d8653e1eaa8819822 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Tue, 15 Oct 2013 15:48:04 -0400
+Subject: [PATCH 2/2] Fix documentation to match reality
+
+LOCAL_FIRST is our default
+---
+ proxy/man/gssproxy-mech.8.xml | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/proxy/man/gssproxy-mech.8.xml b/proxy/man/gssproxy-mech.8.xml
+index b2d008cc8990c214027d2104bf72da776faf1b82..2249ced68af410d9f444ca479df1827712898354 100644
+--- a/proxy/man/gssproxy-mech.8.xml
++++ b/proxy/man/gssproxy-mech.8.xml
+@@ -74,10 +74,7 @@
+ <para>All commands received with this setting will cause
+ to immediately reenter the GSSAPI w/o any interaction
+ with the gssproxy daemon. When the request cannot be
+- processed it will just fail. This is the default
+- behavior when the
+- <emphasis>GSSPROXY_BEHAVIOR</emphasis> environment
+- variable is not set at all.
++ processed it will just fail.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -88,6 +85,9 @@
+ to immediately reenter the GSSAPI. When the local
+ GSSAPI cannot process the request, it will resend the
+ request to the gssproxy daemon.
++ This is the default behavior when the
++ <emphasis>GSSPROXY_BEHAVIOR</emphasis> environment
++ variable is not set.
+ </para>
+ </listitem>
+ </varlistentry>
+--
+1.8.3.1
+
diff --git a/gssproxy.spec b/gssproxy.spec
index 4c5e870..aad4844 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -1,6 +1,6 @@
Name: gssproxy
Version: 0.2.3
-Release: 6%{?dist}
+Release: 8%{?dist}
Summary: GSSAPI Proxy
Group: System Environment/Libraries
@@ -9,6 +9,8 @@ URL: http://fedorahosted.org/gss-proxy
Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0: gssproxy-conf.patch
+Patch1: 0001-Fix-LOCAL_FIRST-behavior.patch
+Patch2: 0002-Fix-documentation-to-match-reality.patch
%global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy
@@ -54,6 +56,8 @@ A proxy for GSSAPI credential handling
%setup -q
%patch0 -p2 -b .gssproxy_conf
+%patch1 -p2 -b .gpp_default_behavior
+%patch2 -p2 -b .gpp_default_behavior_doc
%build
autoreconf -f -i
@@ -106,6 +110,10 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service
%changelog
+* Fri Oct 18 2013 Guenther Deschner <gdeschner at redhat.com> 0.2.3-8
+- Fix default proxymech documentation and fix LOCAL_FIRST implementation
+- resolves: https://fedorahosted.org/gss-proxy/ticket/105
+
* Wed Jul 24 2013 Guenther Deschner <gdeschner at redhat.com> 0.2.3-6
- Add better default gssproxy.conf file for nfs client and server usage
More information about the scm-commits
mailing list