[packages/nfs-utils.git] / nfs-utils-heimdal.patch

--- nfs-utils-1.2.3.dist/configure.ac.orig	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/configure.ac	2010-10-03 14:47:50.699424847 +0200
@@ -246,12 +246,6 @@
 
   dnl check for the keyutils libraries and headers
   AC_KEYUTILS
-
-  dnl librpcsecgss already has a dependency on libgssapi,
-  dnl but we need to make sure we get the right version
-  if test "$enable_gss" = yes; then
-    AC_RPCSEC_VERSION
-  fi
 fi
 
 if test "$knfsd_cv_glibc2" = no; then
@@ -295,6 +289,11 @@
   dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set
   AC_LIBRPCSECGSS
 
+  dnl Invoked after AC_KERBEROS_V5
+  dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using
+  dnl librpcsecgss already has a dependency on libgssapi,
+  dnl but we need to make sure we get the right version
+  AC_RPCSEC_VERSION
 fi
 
 dnl Check for IPv6 support
--- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4	2010-10-03 14:53:06.379424854 +0200
@@ -1,7 +1,10 @@
 dnl Checks librpcsec version
 AC_DEFUN([AC_RPCSEC_VERSION], [
 
-  PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
+  dnl libgssglue is needed only for MIT Kerberos
+  if test "$gssapi_lib" = gssapi_krb5; then
+    PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
+  fi
 
   dnl TI-RPC replaces librpcsecgss
   if test "$enable_tirpc" = no; then
--- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4	2010-10-03 14:13:17.274424855 +0200
@@ -32,13 +32,13 @@
     if test "$K5CONFIG" != ""; then
       KRBCFLAGS=`$K5CONFIG --cflags`
       KRBLIBS=`$K5CONFIG --libs gssapi`
-      K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
       AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
       if test -f $dir/include/gssapi/gssapi_krb5.h -a \
                 \( -f $dir/lib/libgssapi_krb5.a -o \
                    -f $dir/lib64/libgssapi_krb5.a -o \
                    -f $dir/lib64/libgssapi_krb5.so -o \
                    -f $dir/lib/libgssapi_krb5.so \) ; then
+         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
          AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
          KRBDIR="$dir"
   dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
@@ -56,7 +56,11 @@
       dnl of Heimdal Kerberos on SuSe
       elif test \( -f $dir/include/heim_err.h -o\
       		 -f $dir/include/heimdal/heim_err.h \) -a \
-                -f $dir/lib/libroken.a; then
+                \( -f $dir/lib/libroken.a -o \
+                   -f $dir/lib64/libroken.a -o \
+                   -f $dir/lib64/libroken.so -o \
+                   -f $dir/lib/libroken.so \) ; then
+         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
          AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
          KRBDIR="$dir"
          gssapi_lib=gssapi
--- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c	2010-10-03 14:31:31.150424854 +0200
@@ -267,8 +267,13 @@
 	int retcode = 0;
 
 	printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
+#ifdef HAVE_HEIMDAL
+	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
+						1, &return_ctx);
+#else
 	maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
 						1, &return_ctx);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_export_lucid_sec_context",
 			maj_stat, min_stat, &krb5oid);
@@ -303,7 +308,11 @@
 	else
 		retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
 
+#ifdef HAVE_HEIMDAL
+	maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
+#else
 	maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_export_lucid_sec_context",
 			maj_stat, min_stat, &krb5oid);
--- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c	2010-10-03 14:33:07.992424854 +0200
@@ -115,7 +115,7 @@
 #include <errno.h>
 #include <time.h>
 #include <gssapi/gssapi.h>
-#ifdef USE_PRIVATE_KRB5_FUNCTIONS
+#ifdef HAVE_HEIMDAL
 #include <gssapi/gssapi_krb5.h>
 #endif
 #include <krb5.h>
@@ -927,9 +927,37 @@ 
 {
 	krb5_error_code ret;
 	krb5_creds creds;
-	krb5_cc_cursor cur;
 	int found = 0;
 
+#ifdef HAVE_HEIMDAL
+	krb5_creds pattern;
+	krb5_const_realm client_realm;
+
+	krb5_cc_clear_mcred(&pattern);
+
+	client_realm = krb5_principal_get_realm (context, principal);
+
+	ret = krb5_make_principal (context, &pattern.server,
+				   client_realm, KRB5_TGS_NAME, client_realm,
+				   NULL);
+	if (ret)
+	  krb5_err (context, 1, ret, "krb5_make_principal");
+	pattern.client = principal;
+
+	ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
+	krb5_free_principal (context, pattern.server);
+	if (ret) {
+	  if (ret == KRB5_CC_END)
+            return 1;
+	  krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+	}
+
+	found = creds.times.endtime > time(NULL);
+
+	krb5_free_cred_contents (context, &creds);
+#else
+	krb5_cc_cursor cur;
+
 	ret = krb5_cc_start_seq_get(context, ccache, &cur);
 	if (ret) 
 		return 0;
@@ -949,6 +977,7 @@ 
 		krb5_free_cred_contents(context, &creds);
 	}
 	krb5_cc_end_seq_get(context, ccache, &cur);
+#endif
 
 	return found;
 }
@@ -995,6 +1024,9 @@ 
 	}
 	krb5_free_principal(context, principal);
 err_princ:
+#ifdef HAVE_HEIMDAL
+#define KRB5_TC_OPENCLOSE              0x00000001
+#endif
 	krb5_cc_set_flags(context, ccache,  KRB5_TC_OPENCLOSE);
 	krb5_cc_close(context, ccache);
 err_cache:
@@ -1316,12 +1316,21 @@
 	 * If we failed for any reason to produce global
 	 * list of supported enctypes, use local default here.
 	 */
+#ifdef HAVE_HEIMDAL
+	if (krb5_enctypes == NULL)
+		maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
+					num_enctypes, enctypes);
+	else
+		maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
+					num_krb5_enctypes, krb5_enctypes);
+#else
 	if (krb5_enctypes == NULL)
 		maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
 					&krb5oid, num_enctypes, enctypes);
 	else
 		maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
 					&krb5oid, num_krb5_enctypes, krb5_enctypes);
+#endif
 
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_set_allowable_enctypes",
--- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~	2011-06-30 15:00:42.000000000 +0200
+++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c	2011-08-03 12:40:53.865782009 +0200
@@ -186,8 +186,13 @@
 		num_enctypes = default_num_enctypes;
 	}
 
+#ifdef HAVE_HEIMDAL
+	maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
+			num_enctypes, enctypes);
+#else
 	maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
 			&krb5oid, num_enctypes, enctypes);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
 		pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",
Commit	Line	Data
7aa240b7 JR	1	--- nfs-utils-1.2.3.dist/configure.ac.orig 2010-09-28 14:24:16.000000000 +0200
	2	+++ nfs-utils-1.2.3.dist/configure.ac 2010-10-03 14:47:50.699424847 +0200
	3	@@ -246,12 +246,6 @@
	4
d277a362 JR	5	dnl check for the keyutils libraries and headers
d277a362 JR	6	AC_KEYUTILS
7aa240b7 JR	7	-
	8	- dnl librpcsecgss already has a dependency on libgssapi,
	9	- dnl but we need to make sure we get the right version
	10	- if test "$enable_gss" = yes; then
	11	- AC_RPCSEC_VERSION
	12	- fi
	13	fi
	14
	15	if test "$knfsd_cv_glibc2" = no; then
	16	@@ -295,6 +289,11 @@
	17	dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set
	18	AC_LIBRPCSECGSS
	19
	20	+ dnl Invoked after AC_KERBEROS_V5
	21	+ dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using
	22	+ dnl librpcsecgss already has a dependency on libgssapi,
	23	+ dnl but we need to make sure we get the right version
	24	+ AC_RPCSEC_VERSION
	25	fi
	26
	27	dnl Check for IPv6 support
	28	--- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200
	29	+++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200
	30	@@ -1,7 +1,10 @@
	31	dnl Checks librpcsec version
	32	AC_DEFUN([AC_RPCSEC_VERSION], [
	33
d1c5b6d6	34	- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
7aa240b7 JR	35	+ dnl libgssglue is needed only for MIT Kerberos
7aa240b7 JR	36	+ if test "$gssapi_lib" = gssapi_krb5; then
d1c5b6d6	37	+ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
7aa240b7 JR	38	+ fi
	39
	40	dnl TI-RPC replaces librpcsecgss
	41	if test "$enable_tirpc" = no; then
	42	--- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200
	43	+++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200
	44	@@ -32,13 +32,13 @@
	45	if test "$K5CONFIG" != ""; then
	46	KRBCFLAGS=`$K5CONFIG --cflags`
	47	KRBLIBS=`$K5CONFIG --libs gssapi`
	48	- K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
	49	AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
	50	if test -f $dir/include/gssapi/gssapi_krb5.h -a \
	51	\( -f $dir/lib/libgssapi_krb5.a -o \
	52	-f $dir/lib64/libgssapi_krb5.a -o \
	53	-f $dir/lib64/libgssapi_krb5.so -o \
	54	-f $dir/lib/libgssapi_krb5.so \) ; then
	55	+ K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
	56	AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
	57	KRBDIR="$dir"
	58	dnl If we are using MIT K5 1.3.1 and before, we MUST use the
	59	@@ -56,7 +56,11 @@
	60	dnl of Heimdal Kerberos on SuSe
	61	elif test \( -f $dir/include/heim_err.h -o\
	62	-f $dir/include/heimdal/heim_err.h \) -a \
	63	- -f $dir/lib/libroken.a; then
	64	+ \( -f $dir/lib/libroken.a -o \
	65	+ -f $dir/lib64/libroken.a -o \
	66	+ -f $dir/lib64/libroken.so -o \
	67	+ -f $dir/lib/libroken.so \) ; then
	68	+ K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
	69	AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
	70	KRBDIR="$dir"
	71	gssapi_lib=gssapi
	72	--- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig 2010-09-28 14:24:16.000000000 +0200
	73	+++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c 2010-10-03 14:31:31.150424854 +0200
	74	@@ -267,8 +267,13 @@
	75	int retcode = 0;
	76
	77	printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
	78	+#ifdef HAVE_HEIMDAL
	79	+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
	80	+ 1, &return_ctx);
	81	+#else
	82	maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
	83	1, &return_ctx);
	84	+#endif
	85	if (maj_stat != GSS_S_COMPLETE) {
	86	pgsserr("gss_export_lucid_sec_context",
	87	maj_stat, min_stat, &krb5oid);
	88	@@ -303,7 +308,11 @@
	89	else
	90	retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
	91
	92	+#ifdef HAVE_HEIMDAL
	93	+ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
	94	+#else
	95	maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
	96	+#endif
	97	if (maj_stat != GSS_S_COMPLETE) {
	98	pgsserr("gss_export_lucid_sec_context",
	99	maj_stat, min_stat, &krb5oid);
	100	--- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig 2010-09-28 14:24:16.000000000 +0200
	101	+++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200
102	@@ -115,7 +115,7 @@
103	#include <errno.h>
104	#include <time.h>
105	#include <gssapi/gssapi.h>
106	-#ifdef USE_PRIVATE_KRB5_FUNCTIONS
107	+#ifdef HAVE_HEIMDAL
108	#include <gssapi/gssapi_krb5.h>
109	#endif
110	#include <krb5.h>
111	@@ -927,9 +927,37 @@
112	{
113	krb5_error_code ret;
114	krb5_creds creds;
115	- krb5_cc_cursor cur;
116	int found = 0;
117
118	+#ifdef HAVE_HEIMDAL
119	+ krb5_creds pattern;
120	+ krb5_const_realm client_realm;
121	+
122	+ krb5_cc_clear_mcred(&pattern);
123	+
124	+ client_realm = krb5_principal_get_realm (context, principal);
125	+
126	+ ret = krb5_make_principal (context, &pattern.server,
127	+ client_realm, KRB5_TGS_NAME, client_realm,
128	+ NULL);
129	+ if (ret)
130	+ krb5_err (context, 1, ret, "krb5_make_principal");
131	+ pattern.client = principal;
132	+
133	+ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
134	+ krb5_free_principal (context, pattern.server);
135	+ if (ret) {
136	+ if (ret == KRB5_CC_END)
137	+ return 1;
138	+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
139	+ }
140	+
141	+ found = creds.times.endtime > time(NULL);
142	+
143	+ krb5_free_cred_contents (context, &creds);
144	+#else
145	+ krb5_cc_cursor cur;
146	+
147	ret = krb5_cc_start_seq_get(context, ccache, &cur);
148	if (ret)
149	return 0;
150	@@ -949,6 +977,7 @@
151	krb5_free_cred_contents(context, &creds);
152	}
153	krb5_cc_end_seq_get(context, ccache, &cur);
154	+#endif
155
156	return found;
157	}
158	@@ -995,6 +1024,9 @@
159	}
160	krb5_free_principal(context, principal);
161	err_princ:
162	+#ifdef HAVE_HEIMDAL
163	+#define KRB5_TC_OPENCLOSE 0x00000001
164	+#endif
165	krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
166	krb5_cc_close(context, ccache);
167	err_cache:
168	@@ -1316,12 +1316,21 @@
169	* If we failed for any reason to produce global
170	* list of supported enctypes, use local default here.
171	*/
172	+#ifdef HAVE_HEIMDAL
173	+ if (krb5_enctypes == NULL)
174	+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
175	+ num_enctypes, enctypes);
176	+ else
177	+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
178	+ num_krb5_enctypes, krb5_enctypes);
179	+#else
180	if (krb5_enctypes == NULL)
181	maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
182	&krb5oid, num_enctypes, enctypes);
183	else
184	maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
185	&krb5oid, num_krb5_enctypes, krb5_enctypes);
186	+#endif
187
188	if (maj_stat != GSS_S_COMPLETE) {
189	pgsserr("gss_set_allowable_enctypes",
d4dccdd5 JR	190	--- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~ 2011-06-30 15:00:42.000000000 +0200
d4dccdd5 JR	191	+++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-08-03 12:40:53.865782009 +0200
42a950ba	192	@@ -186,8 +186,13 @@
d4dccdd5 JR	193	num_enctypes = default_num_enctypes;
	194	}
	195
	196	+#ifdef HAVE_HEIMDAL
	197	+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
	198	+ num_enctypes, enctypes);
	199	+#else
	200	maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
	201	&krb5oid, num_enctypes, enctypes);
	202	+#endif
	203	if (maj_stat != GSS_S_COMPLETE) {
	204	printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
	205	pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",