nfs-utils-heimdal.patch

   1 --- nfs-utils-1.2.3.dist/configure.ac.orig      2010-09-28 14:24:16.000000000 +0200
   2 +++ nfs-utils-1.2.3.dist/configure.ac   2010-10-03 14:47:50.699424847 +0200
   3 @@ -246,12 +246,6 @@
   4
   5    dnl check for the keyutils libraries and headers
   6    AC_KEYUTILS
   7 -
   8 -  dnl librpcsecgss already has a dependency on libgssapi,
   9 -  dnl but we need to make sure we get the right version
  10 -  if test "$enable_gss" = yes; then
  11 -    AC_RPCSEC_VERSION
  12 -  fi
  13  fi
  14
  15  if test "$knfsd_cv_glibc2" = no; then
  16 @@ -295,6 +289,11 @@
  17    dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set
  18    AC_LIBRPCSECGSS
  19
  20 +  dnl Invoked after AC_KERBEROS_V5
  21 +  dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using
  22 +  dnl librpcsecgss already has a dependency on libgssapi,
  23 +  dnl but we need to make sure we get the right version
  24 +  AC_RPCSEC_VERSION
  25  fi
  26
  27  dnl Check for IPv6 support
  28 --- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig    2010-09-28 14:24:16.000000000 +0200
  29 +++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200
  30 @@ -1,7 +1,10 @@
  31  dnl Checks librpcsec version
  32  AC_DEFUN([AC_RPCSEC_VERSION], [
  33
  34 -  PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1])
  35 +  dnl libgssglue is needed only for MIT Kerberos
  36 +  if test "$gssapi_lib" = gssapi_krb5; then
  37 +    PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1])
  38 +  fi
  39
  40    dnl TI-RPC replaces librpcsecgss
  41    if test "$enable_tirpc" = no; then
  42 --- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~  2010-09-28 14:24:16.000000000 +0200
  43 +++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4   2010-10-03 14:13:17.274424855 +0200
  44 @@ -32,13 +32,13 @@
  45      if test "$K5CONFIG" != ""; then
  46        KRBCFLAGS=`$K5CONFIG --cflags`
  47        KRBLIBS=`$K5CONFIG --libs gssapi`
  48 -      K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
  49        AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
  50        if test -f $dir/include/gssapi/gssapi_krb5.h -a \
  51                  \( -f $dir/lib/libgssapi_krb5.a -o \
  52                     -f $dir/lib64/libgssapi_krb5.a -o \
  53                     -f $dir/lib64/libgssapi_krb5.so -o \
  54                     -f $dir/lib/libgssapi_krb5.so \) ; then
  55 +         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
  56           AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
  57           KRBDIR="$dir"
  58    dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
  59 @@ -56,7 +56,11 @@
  60        dnl of Heimdal Kerberos on SuSe
  61        elif test \( -f $dir/include/heim_err.h -o\
  62                  -f $dir/include/heimdal/heim_err.h \) -a \
  63 -                -f $dir/lib/libroken.a; then
  64 +                \( -f $dir/lib/libroken.a -o \
  65 +                   -f $dir/lib64/libroken.a -o \
  66 +                   -f $dir/lib64/libroken.so -o \
  67 +                   -f $dir/lib/libroken.so \) ; then
  68 +         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
  69           AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
  70           KRBDIR="$dir"
  71           gssapi_lib=gssapi
  72 --- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig        2010-09-28 14:24:16.000000000 +0200
  73 +++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c     2010-10-03 14:31:31.150424854 +0200
  74 @@ -267,8 +267,13 @@
  75         int retcode = 0;
  76
  77         printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
  78 +#ifdef HAVE_HEIMDAL
  79 +       maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
  80 +                                               1, &return_ctx);
  81 +#else
  82         maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
  83                                                 1, &return_ctx);
  84 +#endif
  85         if (maj_stat != GSS_S_COMPLETE) {
  86                 pgsserr("gss_export_lucid_sec_context",
  87                         maj_stat, min_stat, &krb5oid);
  88 @@ -303,7 +308,11 @@
  89         else
  90                 retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
  91
  92 +#ifdef HAVE_HEIMDAL
  93 +       maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
  94 +#else
  95         maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
  96 +#endif
  97         if (maj_stat != GSS_S_COMPLETE) {
  98                 pgsserr("gss_export_lucid_sec_context",
  99                         maj_stat, min_stat, &krb5oid);
 100 --- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig    2010-09-28 14:24:16.000000000 +0200
 101 +++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200
 102 @@ -115,7 +115,7 @@
 103  #include <errno.h>
 104  #include <time.h>
 105  #include <gssapi/gssapi.h>
 106 -#ifdef USE_PRIVATE_KRB5_FUNCTIONS
 107 +#ifdef HAVE_HEIMDAL
 108  #include <gssapi/gssapi_krb5.h>
 109  #endif
 110  #include <krb5.h>
 111 @@ -927,9 +927,37 @@
 112  {
 113         krb5_error_code ret;
 114         krb5_creds creds;
 115 -       krb5_cc_cursor cur;
 116         int found = 0;
 117
 118 +#ifdef HAVE_HEIMDAL
 119 +       krb5_creds pattern;
 120 +       krb5_const_realm client_realm;
 121 +
 122 +       krb5_cc_clear_mcred(&pattern);
 123 +
 124 +       client_realm = krb5_principal_get_realm (context, principal);
 125 +
 126 +       ret = krb5_make_principal (context, &pattern.server,
 127 +                                  client_realm, KRB5_TGS_NAME, client_realm,
 128 +                                  NULL);
 129 +       if (ret)
 130 +         krb5_err (context, 1, ret, "krb5_make_principal");
 131 +       pattern.client = principal;
 132 +
 133 +       ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
 134 +       krb5_free_principal (context, pattern.server);
 135 +       if (ret) {
 136 +         if (ret == KRB5_CC_END)
 137 +            return 1;
 138 +         krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
 139 +       }
 140 +
 141 +       found = creds.times.endtime > time(NULL);
 142 +
 143 +       krb5_free_cred_contents (context, &creds);
 144 +#else
 145 +       krb5_cc_cursor cur;
 146 +
 147         ret = krb5_cc_start_seq_get(context, ccache, &cur);
 148         if (ret)
 149                 return 0;
 150 @@ -949,6 +977,7 @@
 151                 krb5_free_cred_contents(context, &creds);
 152         }
 153         krb5_cc_end_seq_get(context, ccache, &cur);
 154 +#endif
 155
 156         return found;
 157  }
 158 @@ -995,6 +1024,9 @@
 159         }
 160         krb5_free_principal(context, principal);
 161  err_princ:
 162 +#ifdef HAVE_HEIMDAL
 163 +#define KRB5_TC_OPENCLOSE              0x00000001
 164 +#endif
 165         krb5_cc_set_flags(context, ccache,  KRB5_TC_OPENCLOSE);
 166         krb5_cc_close(context, ccache);
 167  err_cache:
 168 @@ -1316,12 +1316,21 @@
 169          * If we failed for any reason to produce global
 170          * list of supported enctypes, use local default here.
 171          */
 172 +#ifdef HAVE_HEIMDAL
 173 +       if (krb5_enctypes == NULL)
 174 +               maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
 175 +                                       num_enctypes, enctypes);
 176 +       else
 177 +               maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
 178 +                                       num_krb5_enctypes, krb5_enctypes);
 179 +#else
 180         if (krb5_enctypes == NULL)
 181                 maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
 182                                         &krb5oid, num_enctypes, enctypes);
 183         else
 184                 maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
 185                                         &krb5oid, num_krb5_enctypes, krb5_enctypes);
 186 +#endif
 187
 188         if (maj_stat != GSS_S_COMPLETE) {
 189                 pgsserr("gss_set_allowable_enctypes",
 190 --- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~  2011-06-30 15:00:42.000000000 +0200
 191 +++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c   2011-08-03 12:40:53.865782009 +0200
 192 @@ -186,8 +186,13 @@
 193                 num_enctypes = default_num_enctypes;
 194         }
 195
 196 +#ifdef HAVE_HEIMDAL
 197 +       maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
 198 +                       num_enctypes, enctypes);
 199 +#else
 200         maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
 201                         &krb5oid, num_enctypes, enctypes);
 202 +#endif
 203         if (maj_stat != GSS_S_COMPLETE) {
 204                 printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
 205                 pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",