]>
Commit | Line | Data |
---|---|---|
7aa240b7 JR |
1 | --- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200 |
2 | +++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200 | |
3 | @@ -1,7 +1,10 @@ | |
4 | dnl Checks librpcsec version | |
5 | AC_DEFUN([AC_RPCSEC_VERSION], [ | |
6 | ||
d1c5b6d6 | 7 | - PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) |
7aa240b7 JR |
8 | + dnl libgssglue is needed only for MIT Kerberos |
9 | + if test "$gssapi_lib" = gssapi_krb5; then | |
d1c5b6d6 | 10 | + PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) |
7aa240b7 JR |
11 | + fi |
12 | ||
13 | dnl TI-RPC replaces librpcsecgss | |
14 | if test "$enable_tirpc" = no; then | |
15 | --- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200 | |
16 | +++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200 | |
058a238c JR |
17 | @@ -32,14 +32,14 @@ |
18 | fi | |
7aa240b7 JR |
19 | if test "$K5CONFIG" != ""; then |
20 | KRBCFLAGS=`$K5CONFIG --cflags` | |
058a238c | 21 | - KRBLIBS=`$K5CONFIG --libs` |
7aa240b7 | 22 | - K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` |
058a238c | 23 | + KRBLIBS=`$K5CONFIG --libs gssapi` |
7aa240b7 JR |
24 | AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) |
25 | if test -f $dir/include/gssapi/gssapi_krb5.h -a \ | |
26 | \( -f $dir/lib/libgssapi_krb5.a -o \ | |
27 | -f $dir/lib64/libgssapi_krb5.a -o \ | |
28 | -f $dir/lib64/libgssapi_krb5.so -o \ | |
29 | -f $dir/lib/libgssapi_krb5.so \) ; then | |
30 | + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` | |
31 | AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) | |
32 | KRBDIR="$dir" | |
33 | dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the | |
34 | @@ -56,7 +56,11 @@ | |
35 | dnl of Heimdal Kerberos on SuSe | |
36 | elif test \( -f $dir/include/heim_err.h -o\ | |
37 | -f $dir/include/heimdal/heim_err.h \) -a \ | |
38 | - -f $dir/lib/libroken.a; then | |
39 | + \( -f $dir/lib/libroken.a -o \ | |
40 | + -f $dir/lib64/libroken.a -o \ | |
41 | + -f $dir/lib64/libroken.so -o \ | |
42 | + -f $dir/lib/libroken.so \) ; then | |
43 | + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` | |
44 | AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) | |
45 | KRBDIR="$dir" | |
46 | gssapi_lib=gssapi | |
47 | --- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig 2010-09-28 14:24:16.000000000 +0200 | |
48 | +++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c 2010-10-03 14:31:31.150424854 +0200 | |
49 | @@ -267,8 +267,13 @@ | |
50 | int retcode = 0; | |
51 | ||
52 | printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__); | |
53 | +#ifdef HAVE_HEIMDAL | |
54 | + maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, | |
55 | + 1, &return_ctx); | |
56 | +#else | |
57 | maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx, | |
58 | 1, &return_ctx); | |
59 | +#endif | |
60 | if (maj_stat != GSS_S_COMPLETE) { | |
61 | pgsserr("gss_export_lucid_sec_context", | |
62 | maj_stat, min_stat, &krb5oid); | |
63 | @@ -303,7 +308,11 @@ | |
64 | else | |
65 | retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime); | |
66 | ||
67 | +#ifdef HAVE_HEIMDAL | |
68 | + maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx); | |
69 | +#else | |
70 | maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); | |
71 | +#endif | |
72 | if (maj_stat != GSS_S_COMPLETE) { | |
73 | pgsserr("gss_export_lucid_sec_context", | |
74 | maj_stat, min_stat, &krb5oid); | |
75 | --- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig 2010-09-28 14:24:16.000000000 +0200 | |
76 | +++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200 | |
77 | @@ -115,7 +115,7 @@ | |
78 | #include <errno.h> | |
79 | #include <time.h> | |
80 | #include <gssapi/gssapi.h> | |
81 | -#ifdef USE_PRIVATE_KRB5_FUNCTIONS | |
82 | +#ifdef HAVE_HEIMDAL | |
83 | #include <gssapi/gssapi_krb5.h> | |
84 | #endif | |
85 | #include <krb5.h> | |
86 | @@ -927,9 +927,37 @@ | |
87 | { | |
88 | krb5_error_code ret; | |
89 | krb5_creds creds; | |
90 | - krb5_cc_cursor cur; | |
91 | int found = 0; | |
92 | ||
93 | +#ifdef HAVE_HEIMDAL | |
94 | + krb5_creds pattern; | |
95 | + krb5_const_realm client_realm; | |
96 | + | |
97 | + krb5_cc_clear_mcred(&pattern); | |
98 | + | |
99 | + client_realm = krb5_principal_get_realm (context, principal); | |
100 | + | |
101 | + ret = krb5_make_principal (context, &pattern.server, | |
102 | + client_realm, KRB5_TGS_NAME, client_realm, | |
103 | + NULL); | |
104 | + if (ret) | |
105 | + krb5_err (context, 1, ret, "krb5_make_principal"); | |
106 | + pattern.client = principal; | |
107 | + | |
108 | + ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds); | |
109 | + krb5_free_principal (context, pattern.server); | |
110 | + if (ret) { | |
111 | + if (ret == KRB5_CC_END) | |
112 | + return 1; | |
113 | + krb5_err (context, 1, ret, "krb5_cc_retrieve_cred"); | |
114 | + } | |
115 | + | |
116 | + found = creds.times.endtime > time(NULL); | |
117 | + | |
118 | + krb5_free_cred_contents (context, &creds); | |
119 | +#else | |
120 | + krb5_cc_cursor cur; | |
121 | + | |
122 | ret = krb5_cc_start_seq_get(context, ccache, &cur); | |
123 | if (ret) | |
124 | return 0; | |
125 | @@ -949,6 +977,7 @@ | |
126 | krb5_free_cred_contents(context, &creds); | |
127 | } | |
128 | krb5_cc_end_seq_get(context, ccache, &cur); | |
129 | +#endif | |
130 | ||
131 | return found; | |
132 | } | |
133 | @@ -995,6 +1024,9 @@ | |
134 | } | |
135 | krb5_free_principal(context, principal); | |
136 | err_princ: | |
137 | +#ifdef HAVE_HEIMDAL | |
138 | +#define KRB5_TC_OPENCLOSE 0x00000001 | |
139 | +#endif | |
140 | krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); | |
141 | krb5_cc_close(context, ccache); | |
142 | err_cache: | |
143 | @@ -1316,12 +1316,21 @@ | |
144 | * If we failed for any reason to produce global | |
145 | * list of supported enctypes, use local default here. | |
146 | */ | |
147 | +#ifdef HAVE_HEIMDAL | |
058a238c | 148 | + if (krb5_enctypes == NULL || limit_to_legacy_enctypes) |
7aa240b7 JR |
149 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, |
150 | + num_enctypes, enctypes); | |
151 | + else | |
152 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, | |
153 | + num_krb5_enctypes, krb5_enctypes); | |
154 | +#else | |
058a238c | 155 | if (krb5_enctypes == NULL || limit_to_legacy_enctypes) |
7aa240b7 JR |
156 | maj_stat = gss_set_allowable_enctypes(&min_stat, credh, |
157 | &krb5oid, num_enctypes, enctypes); | |
158 | else | |
159 | maj_stat = gss_set_allowable_enctypes(&min_stat, credh, | |
160 | &krb5oid, num_krb5_enctypes, krb5_enctypes); | |
161 | +#endif | |
162 | ||
163 | if (maj_stat != GSS_S_COMPLETE) { | |
164 | pgsserr("gss_set_allowable_enctypes", | |
d4dccdd5 JR |
165 | --- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~ 2011-06-30 15:00:42.000000000 +0200 |
166 | +++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-08-03 12:40:53.865782009 +0200 | |
42a950ba | 167 | @@ -186,8 +186,13 @@ |
d4dccdd5 JR |
168 | num_enctypes = default_num_enctypes; |
169 | } | |
170 | ||
171 | +#ifdef HAVE_HEIMDAL | |
172 | + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds, | |
173 | + num_enctypes, enctypes); | |
174 | +#else | |
175 | maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds, | |
176 | &krb5oid, num_enctypes, enctypes); | |
177 | +#endif | |
178 | if (maj_stat != GSS_S_COMPLETE) { | |
179 | printerr(1, "WARNING: gss_set_allowable_enctypes failed\n"); | |
180 | pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes", |