[gssntlmssp/f20] Backport patch that fixes failures with gss_set_neg_mechs() calls.
Simo Sorce
simo at fedoraproject.org
Wed Dec 4 18:39:22 UTC 2013
commit f92d03db381e198c1da9430c30e2a36bdeff3565
Author: Simo Sorce <simo at redhat.com>
Date: Wed Dec 4 13:25:33 2013 -0500
Backport patch that fixes failures with gss_set_neg_mechs() calls.
gss-set-neg-mech-fix.patch | 204 ++++++++++++++++++++++++++++++++++++++++++++
gssntlmssp.spec | 8 ++-
2 files changed, 211 insertions(+), 1 deletions(-)
---
diff --git a/gss-set-neg-mech-fix.patch b/gss-set-neg-mech-fix.patch
new file mode 100644
index 0000000..27a7077
--- /dev/null
+++ b/gss-set-neg-mech-fix.patch
@@ -0,0 +1,204 @@
+diff -uPr gssntlmssp-0.2.0.orig/src/gss_creds.c gssntlmssp-0.2.0.new/src/gss_creds.c
+--- gssntlmssp-0.2.0.orig/src/gss_creds.c 2013-10-17 19:34:01.387283054 -0400
++++ gssntlmssp-0.2.0.new/src/gss_creds.c 2013-12-04 13:27:04.802224591 -0500
+@@ -358,6 +358,7 @@
+ gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&cred);
+ } else {
+ *output_cred_handle = (gss_cred_id_t)cred;
++ if (time_rec) *time_rec = GSS_C_INDEFINITE;
+ }
+ *minor_status = retmin;
+ return retmaj;
+@@ -425,3 +426,112 @@
+ actual_mechs,
+ time_rec);
+ }
++
++uint32_t gssntlm_inquire_cred(uint32_t *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_name_t *name,
++ uint32_t *lifetime,
++ gss_cred_usage_t *cred_usage,
++ gss_OID_set *mechanisms)
++{
++ struct gssntlm_cred *cred;
++ uint32_t maj, min;
++
++ if (minor_status == NULL)
++ return GSS_S_CALL_INACCESSIBLE_WRITE;
++ *minor_status = 0;
++
++ if (cred_handle == GSS_C_NO_CREDENTIAL)
++ return GSS_S_NO_CRED;
++
++ cred = (struct gssntlm_cred *)cred_handle;
++
++ if (cred->type == GSSNTLM_CRED_NONE)
++ return GSS_S_NO_CRED;
++
++ if (name) {
++ switch (cred->type) {
++ case GSSNTLM_CRED_NONE:
++ case GSSNTLM_CRED_ANON:
++ *name = GSS_C_NO_NAME;
++ break;
++ case GSSNTLM_CRED_USER:
++ maj = gssntlm_duplicate_name(minor_status,
++ (gss_name_t)&cred->cred.user.user,
++ name);
++ if (maj != GSS_S_COMPLETE) return maj;
++ break;
++ case GSSNTLM_CRED_SERVER:
++ maj = gssntlm_duplicate_name(minor_status,
++ (gss_name_t)&cred->cred.server.name,
++ name);
++ if (maj != GSS_S_COMPLETE) return maj;
++ break;
++ }
++ }
++
++ if (lifetime) *lifetime = GSS_C_INDEFINITE;
++ if (cred_usage) {
++ if (cred->type == GSSNTLM_CRED_SERVER) {
++ *cred_usage = GSS_C_ACCEPT;
++ } else {
++ *cred_usage = GSS_C_INITIATE;
++ }
++ }
++
++ if (mechanisms) {
++ maj = gss_create_empty_oid_set(minor_status, mechanisms);
++ if (maj != GSS_S_COMPLETE) {
++ gss_release_name(&min, name);
++ return maj;
++ }
++ maj = gss_add_oid_set_member(minor_status,
++ discard_const(&gssntlm_oid),
++ mechanisms);
++ if (maj != GSS_S_COMPLETE) {
++ gss_release_oid_set(&min, mechanisms);
++ gss_release_name(&min, name);
++ return maj;
++ }
++ }
++
++ return GSS_S_COMPLETE;
++}
++
++uint32_t gssntlm_inquire_cred_by_mech(uint32_t *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_OID mech_type,
++ gss_name_t *name,
++ uint32_t *initiator_lifetime,
++ uint32_t *acceptor_lifetime,
++ gss_cred_usage_t *cred_usage)
++{
++ gss_cred_usage_t usage;
++ uint32_t lifetime;
++ uint32_t maj;
++
++ maj = gssntlm_inquire_cred(minor_status, cred_handle, name,
++ &lifetime, &usage, NULL);
++ if (maj != GSS_S_COMPLETE) return maj;
++
++ switch (usage) {
++ case GSS_C_INITIATE:
++ if (initiator_lifetime) *initiator_lifetime = lifetime;
++ if (acceptor_lifetime) *acceptor_lifetime = 0;
++ break;
++ case GSS_C_ACCEPT:
++ if (initiator_lifetime) *initiator_lifetime = 0;
++ if (acceptor_lifetime) *acceptor_lifetime = lifetime;
++ break;
++ case GSS_C_BOTH:
++ if (initiator_lifetime) *initiator_lifetime = lifetime;
++ if (acceptor_lifetime) *acceptor_lifetime = lifetime;
++ break;
++ default:
++ *minor_status = EINVAL;
++ return GSS_S_FAILURE;
++ }
++
++ if (cred_usage) *cred_usage = usage;
++ return GSS_S_COMPLETE;
++}
+diff -uPr gssntlmssp-0.2.0.orig/src/gss_ntlmssp.h gssntlmssp-0.2.0.new/src/gss_ntlmssp.h
+--- gssntlmssp-0.2.0.orig/src/gss_ntlmssp.h 2013-10-18 17:41:55.973715207 -0400
++++ gssntlmssp-0.2.0.new/src/gss_ntlmssp.h 2013-12-04 13:27:04.802224591 -0500
+@@ -303,4 +303,19 @@
+ gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID *output_name_type);
++
++uint32_t gssntlm_inquire_cred(uint32_t *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_name_t *name,
++ uint32_t *lifetime,
++ gss_cred_usage_t *cred_usage,
++ gss_OID_set *mechanisms);
++
++uint32_t gssntlm_inquire_cred_by_mech(uint32_t *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_OID mech_type,
++ gss_name_t *name,
++ uint32_t *initiator_lifetime,
++ uint32_t *acceptor_lifetime,
++ gss_cred_usage_t *cred_usage);
+ #endif /* _GSS_NTLMSSP_H_ */
+diff -uPr gssntlmssp-0.2.0.orig/src/gss_spi.c gssntlmssp-0.2.0.new/src/gss_spi.c
+--- gssntlmssp-0.2.0.orig/src/gss_spi.c 2013-10-18 17:41:55.974715214 -0400
++++ gssntlmssp-0.2.0.new/src/gss_spi.c 2013-12-04 13:27:04.803224598 -0500
+@@ -296,3 +296,35 @@
+ desired_object,
+ value);
+ }
++
++OM_uint32 gss_inquire_cred(OM_uint32 *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_name_t *name,
++ OM_uint32 *lifetime,
++ gss_cred_usage_t *cred_usage,
++ gss_OID_set *mechanisms)
++{
++ return gssntlm_inquire_cred(minor_status,
++ cred_handle,
++ name,
++ lifetime,
++ cred_usage,
++ mechanisms);
++}
++
++OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status,
++ gss_cred_id_t cred_handle,
++ gss_OID mech_type,
++ gss_name_t *name,
++ OM_uint32 *initiator_lifetime,
++ OM_uint32 *acceptor_lifetime,
++ gss_cred_usage_t *cred_usage)
++{
++ return gssntlm_inquire_cred_by_mech(minor_status,
++ cred_handle,
++ mech_type,
++ name,
++ initiator_lifetime,
++ acceptor_lifetime,
++ cred_usage);
++}
+diff -uPr gssntlmssp-0.2.0.orig/tests/ntlmssptest.c gssntlmssp-0.2.0.new/tests/ntlmssptest.c
+--- gssntlmssp-0.2.0.orig/tests/ntlmssptest.c 2013-10-18 17:41:55.976715229 -0400
++++ gssntlmssp-0.2.0.new/tests/ntlmssptest.c 2013-12-04 13:27:04.803224598 -0500
+@@ -1117,6 +1117,14 @@
+ }
+ }
+
++ retmaj = gssntlm_inquire_cred_by_mech(&retmin, cli_cred, GSS_C_NO_OID,
++ NULL, NULL, NULL, NULL);
++ if (retmaj != GSS_S_COMPLETE) {
++ fprintf(stderr, "gssntlm_import_cred_by_mech failed! (%d/%d, %s)",
++ retmaj, retmin, strerror(retmin));
++ return EINVAL;
++ }
++
+ nbuf.value = discard_const(srvname);
+ nbuf.length = strlen(srvname);
+ retmaj = gssntlm_import_name(&retmin, &nbuf,
diff --git a/gssntlmssp.spec b/gssntlmssp.spec
index 96b2206..1c907f3 100644
--- a/gssntlmssp.spec
+++ b/gssntlmssp.spec
@@ -1,6 +1,6 @@
Name: gssntlmssp
Version: 0.2.0
-Release: 0%{?dist}
+Release: 1%{?dist}
Summary: GSSAPI NTLMSSP Mechanism
Group: System Environment/Libraries
@@ -8,6 +8,8 @@ License: LGPLv3+
URL: https://fedorahosted.org/gss-ntlmssp
Source0: https://fedorahosted.org/released/gss-ntlmssp/%{name}-%{version}.tar.gz
+Patch0: gss-set-neg-mech-fix.patch
+
Requires: krb5-libs%{?_isa} >= 1.11.2
BuildRequires: autoconf
@@ -38,6 +40,7 @@ Adds a header file with definition for custom GSSAPI extensions for NTLMSSP
%prep
%setup -q
+%patch0 -p1
%build
autoreconf -fiv
@@ -66,6 +69,9 @@ make test_gssntlmssp
%{_includedir}/gssapi/gssapi_ntlmssp.h
%changelog
+* Wed Dec 4 2013 Simo Sorce <simo at samba.org> - 0.2.0-1
+- Backport patch that fixes failures with gss_set_neg_mechs() calls.
+
* Fri Oct 18 2013 Simo Sorce <simo at samba.org> - 0.2.0-0
- New upstream realease 0.2.0:
* Add support for acquire_cred_with_password()
More information about the scm-commits
mailing list