From 058a238c3896b3f1c6d00f3b0bf82add8af30557 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Thu, 29 Nov 2012 15:25:13 +0100 Subject: [PATCH] - updated to 1.2.7 - removed kcm patch du to problems with refreshing cache - updated heimdal patch --- nfs-utils-heimdal-kcm.patch | 212 ------------------------------------ nfs-utils-heimdal.patch | 37 +------ nfs-utils.spec | 11 +- 3 files changed, 12 insertions(+), 248 deletions(-) delete mode 100644 nfs-utils-heimdal-kcm.patch diff --git a/nfs-utils-heimdal-kcm.patch b/nfs-utils-heimdal-kcm.patch deleted file mode 100644 index ccf7511..0000000 --- a/nfs-utils-heimdal-kcm.patch +++ /dev/null @@ -1,212 +0,0 @@ -diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c -index ccadb07..c1339b6 100644 ---- a/utils/gssd/gssd.c -+++ b/utils/gssd/gssd.c -@@ -60,6 +60,7 @@ char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE; - char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR; - char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1]; - int use_memcache = 0; -+int use_kcmcache = 0; - int root_uses_machine_creds = 1; - unsigned int context_timeout = 0; - char *preferred_realm = NULL; -@@ -85,7 +86,7 @@ sig_hup(int signal) - static void - usage(char *progname) - { -- fprintf(stderr, "usage: %s [-f] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n", -+ fprintf(stderr, "usage: %s [-f] [-K] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n", - progname); - exit(1); - } -@@ -102,7 +103,7 @@ main(int argc, char *argv[]) - char *progname; - - memset(ccachesearch, 0, sizeof(ccachesearch)); -- while ((opt = getopt(argc, argv, "fvrmnMp:k:d:t:R:")) != -1) { -+ while ((opt = getopt(argc, argv, "fvrmnMKp:k:d:t:R:")) != -1) { - switch (opt) { - case 'f': - fg = 1; -@@ -113,6 +114,9 @@ main(int argc, char *argv[]) - case 'M': - use_memcache = 1; - break; -+ case 'K': -+ use_kcmcache = 1; -+ break; - case 'n': - root_uses_machine_creds = 0; - break; -diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h -index b1b5793..82c4406 100644 ---- a/utils/gssd/gssd.h -+++ b/utils/gssd/gssd.h -@@ -63,6 +63,7 @@ extern char pipefs_dir[PATH_MAX]; - extern char keytabfile[PATH_MAX]; - extern char *ccachesearch[]; - extern int use_memcache; -+extern int use_kcmcache; - extern int root_uses_machine_creds; - extern unsigned int context_timeout; - extern char *preferred_realm; -diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c -index f071600..503cac2 100644 ---- a/utils/gssd/krb5_util.c -+++ b/utils/gssd/krb5_util.c -@@ -125,6 +125,7 @@ - #include "err_util.h" - #include "gss_util.h" - #include "krb5_util.h" -+#include "xcommon.h" - - /* Global list of principals/cache file names for machine credentials */ - struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL; -@@ -299,6 +300,115 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) - return err; - } - -+#ifdef HAVE_HEIMDAL -+static int -+gssd_find_existing_krb5_ccache_kcm(uid_t uid, char **cc) -+{ -+ krb5_context context; -+ krb5_cc_cache_cursor cursor; -+ krb5_ccache id; -+ char *best_match_name = NULL; -+ krb5_timestamp best_match_mtime, mtime; -+ char *ccname; -+ uid_t ccuid; -+ int i; -+ int found = 0; -+ char buf[1030]; -+ char *princname = NULL; -+ char *realm = NULL; -+ int score, best_match_score = 0, err = -EACCES; -+ -+ *cc = NULL; -+ if (krb5_init_context(&context)) -+ return err; -+ -+ if (krb5_cc_cache_get_first(context, "KCM", &cursor)) -+ return err; -+ -+ while (krb5_cc_cache_next(context, cursor, &id) == 0) { -+ ccname = xstrdup(krb5_cc_get_name(context, id)); -+ if (ccname == NULL) { -+ printerr(0, "Error getting CC name\n"); -+ continue; -+ } -+ for (i=0,ccuid=0; ccname[i] && isdigit(ccname[i]); i++) { -+ ccuid = ccuid*10 + (ccname[i] - '0'); -+ } -+ if (i == 0) { -+ printerr(3, "CC '%s' not available due to" -+ " non-standard name\n", -+ ccname); -+ continue; -+ } -+ /* Only pick caches owned by the user (uid) */ -+ if (ccuid != uid) { -+ printerr(3, "CC '%s' owned by %u, not %u\n", -+ ccname, ccuid, uid); -+ continue; -+ } -+ snprintf(buf, sizeof(buf), "KCM:%s", ccname); -+ if (!query_krb5_ccache(buf, &princname, &realm)) { -+ printerr(3, "CC '%s' is expired or corrupt\n", -+ ccname); -+ err = -EKEYEXPIRED; -+ continue; -+ } -+ krb5_cc_last_change_time(context, id, &mtime); -+ -+ score = 0; -+ if (preferred_realm && strcmp(realm, preferred_realm) == 0) -+ score++; -+ -+ printerr(3, "CC '%s'(%s@%s) passed all checks and" -+ " has mtime of %u\n", -+ ccname, princname, realm, mtime); -+ /* -+ * if more than one match is found, return the most -+ * recent (the one with the latest mtime), and -+ * don't free the dirent -+ */ -+ if (!found) { -+ best_match_name = ccname; -+ best_match_mtime = mtime; -+ best_match_score = score; -+ found++; -+ } else { -+ /* -+ * If current score is higher than best match -+ * score, we use the current match. Otherwise, -+ * if the current match has an mtime later -+ * than the one we are looking at, then use -+ * the current match. Otherwise, we still -+ * have the best match. -+ */ -+ if (best_match_score < score || -+ (best_match_score == score && -+ mtime > best_match_mtime)) { -+ free(best_match_name); -+ best_match_name = ccname; -+ best_match_mtime = mtime; -+ best_match_score = score; -+ } else { -+ free(ccname); -+ } -+ printerr(3, "CC '%s' is our current best match " -+ "with mtime of %u\n", -+ best_match_name, best_match_mtime); -+ } -+ free(princname); -+ free(realm); -+ } -+ krb5_cc_cache_end_seq_get(context, cursor); -+ krb5_free_context(context); -+ if (found) { -+ *cc = best_match_name; -+ return 0; -+ } -+ -+ return err; -+} -+#endif -+ - /* - * Obtain credentials via a key in the keytab given - * a keytab handle and a gssd_k5_kt_princ structure. -@@ -1002,12 +1112,26 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname) - printerr(2, "getting credentials for client with uid %u for " - "server %s\n", uid, servername); - memset(buf, 0, sizeof(buf)); -- err = gssd_find_existing_krb5_ccache(uid, dirname, &d); -- if (err) -- return err; -+#ifdef HAVE_HEIMDAL -+ if (use_kcmcache) { -+ char *s; -+ err = gssd_find_existing_krb5_ccache_kcm(uid, &s); -+ if (err) -+ return err; -+ -+ snprintf(buf, sizeof(buf), "KCM:%s", s); -+ free(s); -+ } else { -+#endif -+ err = gssd_find_existing_krb5_ccache(uid, dirname, &d); -+ if (err) -+ return err; - -- snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name); -- free(d); -+ snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name); -+ free(d); -+#ifdef HAVE_HEIMDAL -+ } -+#endif - - printerr(2, "using %s as credentials cache for client with " - "uid %u for server %s\n", buf, uid, servername); diff --git a/nfs-utils-heimdal.patch b/nfs-utils-heimdal.patch index c871fb6..3df950a 100644 --- a/nfs-utils-heimdal.patch +++ b/nfs-utils-heimdal.patch @@ -1,30 +1,3 @@ ---- nfs-utils-1.2.3.dist/configure.ac.orig 2010-09-28 14:24:16.000000000 +0200 -+++ nfs-utils-1.2.3.dist/configure.ac 2010-10-03 14:47:50.699424847 +0200 -@@ -246,12 +246,6 @@ - - dnl check for the keyutils libraries and headers - AC_KEYUTILS -- -- dnl librpcsecgss already has a dependency on libgssapi, -- dnl but we need to make sure we get the right version -- if test "$enable_gss" = yes; then -- AC_RPCSEC_VERSION -- fi - fi - - if test "$knfsd_cv_glibc2" = no; then -@@ -295,6 +289,11 @@ - dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set - AC_LIBRPCSECGSS - -+ dnl Invoked after AC_KERBEROS_V5 -+ dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using -+ dnl librpcsecgss already has a dependency on libgssapi, -+ dnl but we need to make sure we get the right version -+ AC_RPCSEC_VERSION - fi - - dnl Check for IPv6 support --- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200 +++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200 @@ -1,7 +1,10 @@ @@ -41,11 +14,13 @@ if test "$enable_tirpc" = no; then --- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200 +++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200 -@@ -32,13 +32,13 @@ +@@ -32,14 +32,14 @@ + fi if test "$K5CONFIG" != ""; then KRBCFLAGS=`$K5CONFIG --cflags` - KRBLIBS=`$K5CONFIG --libs gssapi` +- KRBLIBS=`$K5CONFIG --libs` - K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` ++ KRBLIBS=`$K5CONFIG --libs gssapi` AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) if test -f $dir/include/gssapi/gssapi_krb5.h -a \ \( -f $dir/lib/libgssapi_krb5.a -o \ @@ -170,14 +145,14 @@ * list of supported enctypes, use local default here. */ +#ifdef HAVE_HEIMDAL -+ if (krb5_enctypes == NULL) ++ if (krb5_enctypes == NULL || limit_to_legacy_enctypes) + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, + num_enctypes, enctypes); + else + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, + num_krb5_enctypes, krb5_enctypes); +#else - if (krb5_enctypes == NULL) + if (krb5_enctypes == NULL || limit_to_legacy_enctypes) maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid, num_enctypes, enctypes); else diff --git a/nfs-utils.spec b/nfs-utils.spec index cd2983a..cc98d37 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -9,13 +9,13 @@ Summary(pt_BR.UTF-8): Os utilitários para o cliente e servidor NFS do Linux Summary(ru.UTF-8): Утилиты для NFS и демоны поддержки для NFS-сервера ядра Summary(uk.UTF-8): Утиліти для NFS та демони підтримки для NFS-сервера ядра Name: nfs-utils -Version: 1.2.5 -Release: 11 +Version: 1.2.7 +Release: 1 License: GPL v2 Group: Networking/Daemons #Source0: http://www.kernel.org/pub/linux/utils/nfs/%{name}-%{version}.tar.bz2 Source0: http://downloads.sourceforge.net/nfs/%{name}-%{version}.tar.bz2 -# Source0-md5: 8395ac770720b83c5c469f88306d7765 +# Source0-md5: 3b5ca797197765dc0c3a4122720c7716 #Source1: ftp://ftp.linuxnfs.sourceforge.org/pub/nfs/nfs.doc.tar.gz Source1: nfs.doc.tar.gz # Source1-md5: ae7db9c61c5ad04f83bb99e5caed73da @@ -48,7 +48,6 @@ Patch1: %{name}-statdpath.patch Patch2: %{name}-subsys.patch Patch3: %{name}-union-mount.patch Patch4: %{name}-heimdal.patch -Patch5: %{name}-heimdal-kcm.patch URL: http://nfs.sourceforge.net/ BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -188,7 +187,6 @@ Wspólne programy do obsługi NFS. %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %build %{__libtoolize} @@ -419,6 +417,7 @@ fi %attr(755,root,root) %{_sbindir}/rpc.nfsd %attr(755,root,root) %{_sbindir}/rpc.svcgssd %attr(755,root,root) %{_sbindir}/nfsstat +%attr(755,root,root) %{_sbindir}/nfsdcltrack %attr(754,root,root) /etc/rc.d/init.d/nfs %attr(754,root,root) /etc/rc.d/init.d/svcgssd @@ -436,6 +435,7 @@ fi %{_mandir}/man8/exportfs.8* %{_mandir}/man8/mountd.8* %{_mandir}/man8/nfsd.8* +%{_mandir}/man8/nfsdcltrack.8* %{_mandir}/man8/nfsstat.8* %{_mandir}/man8/rpc.mountd.8* %{_mandir}/man8/rpc.nfsd.8* @@ -464,6 +464,7 @@ fi %attr(4755,root,root) /sbin/mount.nfs4 %attr(4755,root,root) /sbin/umount.nfs4 %attr(755,root,root) /sbin/blkmapd +%attr(755,root,root) /sbin/osd_login %attr(755,root,root) /sbin/rpc.gssd %attr(755,root,root) %{_sbindir}/mountstats %attr(755,root,root) %{_sbindir}/nfsiostat -- 2.44.0