]>
Commit | Line | Data |
---|---|---|
7aa240b7 JR |
1 | --- nfs-utils-1.2.3.dist/configure.ac.orig 2010-09-28 14:24:16.000000000 +0200 |
2 | +++ nfs-utils-1.2.3.dist/configure.ac 2010-10-03 14:47:50.699424847 +0200 | |
3 | @@ -246,12 +246,6 @@ | |
4 | ||
d277a362 JR |
5 | dnl check for the keyutils libraries and headers |
6 | AC_KEYUTILS | |
7aa240b7 JR |
7 | - |
8 | - dnl librpcsecgss already has a dependency on libgssapi, | |
9 | - dnl but we need to make sure we get the right version | |
10 | - if test "$enable_gss" = yes; then | |
11 | - AC_RPCSEC_VERSION | |
12 | - fi | |
13 | fi | |
14 | ||
15 | if test "$knfsd_cv_glibc2" = no; then | |
16 | @@ -295,6 +289,11 @@ | |
17 | dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set | |
18 | AC_LIBRPCSECGSS | |
19 | ||
20 | + dnl Invoked after AC_KERBEROS_V5 | |
21 | + dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using | |
22 | + dnl librpcsecgss already has a dependency on libgssapi, | |
23 | + dnl but we need to make sure we get the right version | |
24 | + AC_RPCSEC_VERSION | |
25 | fi | |
26 | ||
27 | dnl Check for IPv6 support | |
28 | --- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200 | |
29 | +++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200 | |
30 | @@ -1,7 +1,10 @@ | |
31 | dnl Checks librpcsec version | |
32 | AC_DEFUN([AC_RPCSEC_VERSION], [ | |
33 | ||
d1c5b6d6 | 34 | - PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) |
7aa240b7 JR |
35 | + dnl libgssglue is needed only for MIT Kerberos |
36 | + if test "$gssapi_lib" = gssapi_krb5; then | |
d1c5b6d6 | 37 | + PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) |
7aa240b7 JR |
38 | + fi |
39 | ||
40 | dnl TI-RPC replaces librpcsecgss | |
41 | if test "$enable_tirpc" = no; then | |
42 | --- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200 | |
43 | +++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200 | |
44 | @@ -32,13 +32,13 @@ | |
45 | if test "$K5CONFIG" != ""; then | |
46 | KRBCFLAGS=`$K5CONFIG --cflags` | |
47 | KRBLIBS=`$K5CONFIG --libs gssapi` | |
48 | - K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` | |
49 | AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) | |
50 | if test -f $dir/include/gssapi/gssapi_krb5.h -a \ | |
51 | \( -f $dir/lib/libgssapi_krb5.a -o \ | |
52 | -f $dir/lib64/libgssapi_krb5.a -o \ | |
53 | -f $dir/lib64/libgssapi_krb5.so -o \ | |
54 | -f $dir/lib/libgssapi_krb5.so \) ; then | |
55 | + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` | |
56 | AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) | |
57 | KRBDIR="$dir" | |
58 | dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the | |
59 | @@ -56,7 +56,11 @@ | |
60 | dnl of Heimdal Kerberos on SuSe | |
61 | elif test \( -f $dir/include/heim_err.h -o\ | |
62 | -f $dir/include/heimdal/heim_err.h \) -a \ | |
63 | - -f $dir/lib/libroken.a; then | |
64 | + \( -f $dir/lib/libroken.a -o \ | |
65 | + -f $dir/lib64/libroken.a -o \ | |
66 | + -f $dir/lib64/libroken.so -o \ | |
67 | + -f $dir/lib/libroken.so \) ; then | |
68 | + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` | |
69 | AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) | |
70 | KRBDIR="$dir" | |
71 | gssapi_lib=gssapi | |
72 | --- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig 2010-09-28 14:24:16.000000000 +0200 | |
73 | +++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c 2010-10-03 14:31:31.150424854 +0200 | |
74 | @@ -267,8 +267,13 @@ | |
75 | int retcode = 0; | |
76 | ||
77 | printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__); | |
78 | +#ifdef HAVE_HEIMDAL | |
79 | + maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, | |
80 | + 1, &return_ctx); | |
81 | +#else | |
82 | maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx, | |
83 | 1, &return_ctx); | |
84 | +#endif | |
85 | if (maj_stat != GSS_S_COMPLETE) { | |
86 | pgsserr("gss_export_lucid_sec_context", | |
87 | maj_stat, min_stat, &krb5oid); | |
88 | @@ -303,7 +308,11 @@ | |
89 | else | |
90 | retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime); | |
91 | ||
92 | +#ifdef HAVE_HEIMDAL | |
93 | + maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx); | |
94 | +#else | |
95 | maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); | |
96 | +#endif | |
97 | if (maj_stat != GSS_S_COMPLETE) { | |
98 | pgsserr("gss_export_lucid_sec_context", | |
99 | maj_stat, min_stat, &krb5oid); | |
100 | --- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig 2010-09-28 14:24:16.000000000 +0200 | |
101 | +++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200 | |
102 | @@ -115,7 +115,7 @@ | |
103 | #include <errno.h> | |
104 | #include <time.h> | |
105 | #include <gssapi/gssapi.h> | |
106 | -#ifdef USE_PRIVATE_KRB5_FUNCTIONS | |
107 | +#ifdef HAVE_HEIMDAL | |
108 | #include <gssapi/gssapi_krb5.h> | |
109 | #endif | |
110 | #include <krb5.h> | |
111 | @@ -927,9 +927,37 @@ | |
112 | { | |
113 | krb5_error_code ret; | |
114 | krb5_creds creds; | |
115 | - krb5_cc_cursor cur; | |
116 | int found = 0; | |
117 | ||
118 | +#ifdef HAVE_HEIMDAL | |
119 | + krb5_creds pattern; | |
120 | + krb5_const_realm client_realm; | |
121 | + | |
122 | + krb5_cc_clear_mcred(&pattern); | |
123 | + | |
124 | + client_realm = krb5_principal_get_realm (context, principal); | |
125 | + | |
126 | + ret = krb5_make_principal (context, &pattern.server, | |
127 | + client_realm, KRB5_TGS_NAME, client_realm, | |
128 | + NULL); | |
129 | + if (ret) | |
130 | + krb5_err (context, 1, ret, "krb5_make_principal"); | |
131 | + pattern.client = principal; | |
132 | + | |
133 | + ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds); | |
134 | + krb5_free_principal (context, pattern.server); | |
135 | + if (ret) { | |
136 | + if (ret == KRB5_CC_END) | |
137 | + return 1; | |
138 | + krb5_err (context, 1, ret, "krb5_cc_retrieve_cred"); | |
139 | + } | |
140 | + | |
141 | + found = creds.times.endtime > time(NULL); | |
142 | + | |
143 | + krb5_free_cred_contents (context, &creds); | |
144 | +#else | |
145 | + krb5_cc_cursor cur; | |
146 | + | |
147 | ret = krb5_cc_start_seq_get(context, ccache, &cur); | |
148 | if (ret) | |
149 | return 0; | |
150 | @@ -949,6 +977,7 @@ | |
151 | krb5_free_cred_contents(context, &creds); | |
152 | } | |
153 | krb5_cc_end_seq_get(context, ccache, &cur); | |
154 | +#endif | |
155 | ||
156 | return found; | |
157 | } | |
158 | @@ -995,6 +1024,9 @@ | |
159 | } | |
160 | krb5_free_principal(context, principal); | |
161 | err_princ: | |
162 | +#ifdef HAVE_HEIMDAL | |
163 | +#define KRB5_TC_OPENCLOSE 0x00000001 | |
164 | +#endif | |
165 | krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); | |
166 | krb5_cc_close(context, ccache); | |
167 | err_cache: | |
168 | @@ -1316,12 +1316,21 @@ | |
169 | * If we failed for any reason to produce global | |
170 | * list of supported enctypes, use local default here. | |
171 | */ | |
172 | +#ifdef HAVE_HEIMDAL | |
173 | + if (krb5_enctypes == NULL) | |
174 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, | |
175 | + num_enctypes, enctypes); | |
176 | + else | |
177 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, | |
178 | + num_krb5_enctypes, krb5_enctypes); | |
179 | +#else | |
180 | if (krb5_enctypes == NULL) | |
181 | maj_stat = gss_set_allowable_enctypes(&min_stat, credh, | |
182 | &krb5oid, num_enctypes, enctypes); | |
183 | else | |
184 | maj_stat = gss_set_allowable_enctypes(&min_stat, credh, | |
185 | &krb5oid, num_krb5_enctypes, krb5_enctypes); | |
186 | +#endif | |
187 | ||
188 | if (maj_stat != GSS_S_COMPLETE) { | |
189 | pgsserr("gss_set_allowable_enctypes", | |
d4dccdd5 JR |
190 | --- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~ 2011-06-30 15:00:42.000000000 +0200 |
191 | +++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-08-03 12:40:53.865782009 +0200 | |
42a950ba | 192 | @@ -186,8 +186,13 @@ |
d4dccdd5 JR |
193 | num_enctypes = default_num_enctypes; |
194 | } | |
195 | ||
196 | +#ifdef HAVE_HEIMDAL | |
197 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds, | |
198 | + num_enctypes, enctypes); | |
199 | +#else | |
200 | maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds, | |
201 | &krb5oid, num_enctypes, enctypes); | |
202 | +#endif | |
203 | if (maj_stat != GSS_S_COMPLETE) { | |
204 | printerr(1, "WARNING: gss_set_allowable_enctypes failed\n"); | |
205 | pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes", |