1 --- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200
2 +++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200
4 dnl Checks librpcsec version
5 AC_DEFUN([AC_RPCSEC_VERSION], [
7 - PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
8 + dnl libgssglue is needed only for MIT Kerberos
9 + if test "$gssapi_lib" = gssapi_krb5; then
10 + PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
13 dnl TI-RPC replaces librpcsecgss
14 if test "$enable_tirpc" = no; then
15 --- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200
16 +++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200
19 if test "$K5CONFIG" != ""; then
20 KRBCFLAGS=`$K5CONFIG --cflags`
21 - KRBLIBS=`$K5CONFIG --libs`
22 - K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
23 + KRBLIBS=`$K5CONFIG --libs gssapi`
24 AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
25 if test -f $dir/include/gssapi/gssapi_krb5.h -a \
26 \( -f $dir/lib/libgssapi_krb5.a -o \
27 -f $dir/lib64/libgssapi_krb5.a -o \
28 -f $dir/lib64/libgssapi_krb5.so -o \
29 -f $dir/lib/libgssapi_krb5.so \) ; then
30 + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
31 AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
33 dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
35 dnl of Heimdal Kerberos on SuSe
36 elif test \( -f $dir/include/heim_err.h -o\
37 -f $dir/include/heimdal/heim_err.h \) -a \
38 - -f $dir/lib/libroken.a; then
39 + \( -f $dir/lib/libroken.a -o \
40 + -f $dir/lib64/libroken.a -o \
41 + -f $dir/lib64/libroken.so -o \
42 + -f $dir/lib/libroken.so \) ; then
43 + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
44 AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
47 --- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig 2010-09-28 14:24:16.000000000 +0200
48 +++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c 2010-10-03 14:31:31.150424854 +0200
52 printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
54 + maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
57 maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
60 if (maj_stat != GSS_S_COMPLETE) {
61 pgsserr("gss_export_lucid_sec_context",
62 maj_stat, min_stat, &krb5oid);
65 retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
68 + maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
70 maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
72 if (maj_stat != GSS_S_COMPLETE) {
73 pgsserr("gss_export_lucid_sec_context",
74 maj_stat, min_stat, &krb5oid);
75 --- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig 2010-09-28 14:24:16.000000000 +0200
76 +++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200
80 #include <gssapi/gssapi.h>
81 -#ifdef USE_PRIVATE_KRB5_FUNCTIONS
83 #include <gssapi/gssapi_krb5.h>
95 + krb5_const_realm client_realm;
97 + krb5_cc_clear_mcred(&pattern);
99 + client_realm = krb5_principal_get_realm (context, principal);
101 + ret = krb5_make_principal (context, &pattern.server,
102 + client_realm, KRB5_TGS_NAME, client_realm,
105 + krb5_err (context, 1, ret, "krb5_make_principal");
106 + pattern.client = principal;
108 + ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
109 + krb5_free_principal (context, pattern.server);
111 + if (ret == KRB5_CC_END)
113 + krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
116 + found = creds.times.endtime > time(NULL);
118 + krb5_free_cred_contents (context, &creds);
120 + krb5_cc_cursor cur;
122 ret = krb5_cc_start_seq_get(context, ccache, &cur);
126 krb5_free_cred_contents(context, &creds);
128 krb5_cc_end_seq_get(context, ccache, &cur);
135 krb5_free_principal(context, principal);
138 +#define KRB5_TC_OPENCLOSE 0x00000001
140 krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
141 krb5_cc_close(context, ccache);
143 @@ -1316,12 +1316,21 @@
144 * If we failed for any reason to produce global
145 * list of supported enctypes, use local default here.
148 + if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
149 + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
150 + num_enctypes, enctypes);
152 + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
153 + num_krb5_enctypes, krb5_enctypes);
155 if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
156 maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
157 &krb5oid, num_enctypes, enctypes);
159 maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
160 &krb5oid, num_krb5_enctypes, krb5_enctypes);
163 if (maj_stat != GSS_S_COMPLETE) {
164 pgsserr("gss_set_allowable_enctypes",
165 --- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~ 2011-06-30 15:00:42.000000000 +0200
166 +++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-08-03 12:40:53.865782009 +0200
168 num_enctypes = default_num_enctypes;
172 + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
173 + num_enctypes, enctypes);
175 maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
176 &krb5oid, num_enctypes, enctypes);
178 if (maj_stat != GSS_S_COMPLETE) {
179 printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
180 pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",
projects / packages / nfs-utils.git / blob