[packages/nfs-utils.git] / nfs-utils-heimdal.patch

--- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~	2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4	2010-10-03 14:13:17.274424855 +0200
@@ -56,7 +56,11 @@
       dnl of Heimdal Kerberos on SuSe
       elif test \( -f $dir/include/heim_err.h -o\
       		 -f $dir/include/heimdal/heim_err.h \) -a \
-                -f $dir/lib/libroken.a; then
+                \( -f $dir/lib/libroken.a -o \
+                   -f $dir/lib64/libroken.a -o \
+                   -f $dir/lib64/libroken.so -o \
+                   -f $dir/lib/libroken.so \) ; then
+         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
          AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
          KRBDIR="$dir"
          gssapi_lib=gssapi
--- nfs-utils-2.5.1/utils/gssd/krb5_util.c.orig	2020-06-18 19:10:06.000000000 +0200
+++ nfs-utils-2.5.1/utils/gssd/krb5_util.c	2020-08-22 18:47:27.393014417 +0200
@@ -484,7 +484,7 @@
 	if (ccache)
 		krb5_cc_close(context, ccache);
 	krb5_free_cred_contents(context, &my_creds);
-	krb5_free_string(context, k5err);
+	free(k5err);
 	return (code);
 }
 
@@ -723,7 +723,7 @@
 				 "we failed to unparse principal name: %s\n",
 				 k5err);
 			k5_free_kt_entry(context, kte);
-			krb5_free_string(context, k5err);
+			free(k5err);
 			k5err = NULL;
 			continue;
 		}
@@ -770,7 +770,7 @@
 	if (retval < 0)
 		retval = 0;
   out:
-	krb5_free_string(context, k5err);
+	free(k5err);
 	return retval;
 }
 
@@ -836,7 +836,11 @@
 	        myhostad[i+1] = 0;
 	}
 	if (adhostoverride)
+#ifdef HAVE_HEIMDAL
+		free(adhostoverride);
+#else
 		krb5_free_string(context, adhostoverride);
+#endif
 
 	if (!srchost) {
 		retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
@@ -927,7 +931,7 @@
 				k5err = gssd_k5_err_msg(context, code);
 				printerr(1, "%s while building principal for '%s'\n",
 					 k5err, spn);
-				krb5_free_string(context, k5err);
+				free(k5err);
 				k5err = NULL;
 				continue;
 			}
@@ -937,7 +941,7 @@
 				k5err = gssd_k5_err_msg(context, code);
 				printerr(3, "%s while getting keytab entry for '%s'\n",
 					 k5err, spn);
-				krb5_free_string(context, k5err);
+				free(k5err);
 				k5err = NULL;
 				/*
 				 * We tried the active directory machine account
@@ -986,7 +990,7 @@
 		k5_free_default_realm(context, default_realm);
 	if (realmnames)
 		krb5_free_host_realm(context, realmnames);
-	krb5_free_string(context, k5err);
+	free(k5err);
 	return retval;
 }
 
@@ -1003,9 +1007,37 @@
 {
 	krb5_error_code ret;
 	krb5_creds creds;
-	krb5_cc_cursor cur;
 	int found = 0;
 
+#ifdef HAVE_HEIMDAL
+	krb5_creds pattern;
+	krb5_const_realm client_realm;
+
+	krb5_cc_clear_mcred(&pattern);
+
+	client_realm = krb5_principal_get_realm (context, principal);
+
+	ret = krb5_make_principal (context, &pattern.server,
+				   client_realm, KRB5_TGS_NAME, client_realm,
+				   NULL);
+	if (ret)
+	  krb5_err (context, 1, ret, "krb5_make_principal");
+	pattern.client = principal;
+
+	ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
+	krb5_free_principal (context, pattern.server);
+	if (ret) {
+	  if (ret == KRB5_CC_END)
+            return 1;
+	  krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+	}
+
+	found = creds.times.endtime > time(NULL);
+
+	krb5_free_cred_contents (context, &creds);
+#else
+	krb5_cc_cursor cur;
+
 	ret = krb5_cc_start_seq_get(context, ccache, &cur);
 	if (ret) 
 		return 0;
@@ -1025,6 +1057,7 @@
 		krb5_free_cred_contents(context, &creds);
 	}
 	krb5_cc_end_seq_get(context, ccache, &cur);
+#endif
 
 	return found;
 }
@@ -1071,6 +1104,9 @@
 	}
 	krb5_free_principal(context, principal);
 err_princ:
+#ifdef HAVE_HEIMDAL
+#define KRB5_TC_OPENCLOSE              0x00000001
+#endif
 	krb5_cc_set_flags(context, ccache,  KRB5_TC_OPENCLOSE);
 	krb5_cc_close(context, ccache);
 err_cache:
@@ -1249,7 +1285,7 @@
 			printerr(0, "WARNING: %s while resolving credential "
 				    "cache '%s' for destruction\n", k5err,
 				    ple->ccname);
-			krb5_free_string(context, k5err);
+			free(k5err);
 			k5err = NULL;
 			continue;
 		}
@@ -1258,13 +1294,13 @@
 			k5err = gssd_k5_err_msg(context, code);
 			printerr(0, "WARNING: %s while destroying credential "
 				    "cache '%s'\n", k5err, ple->ccname);
-			krb5_free_string(context, k5err);
+			free(k5err);
 			k5err = NULL;
 		}
 	}
 	krb5_free_context(context);
   out:
-	krb5_free_string(context, k5err);
+	free(k5err);
 }
 
 /*
@@ -1347,7 +1383,7 @@
 out_free_context:
 	krb5_free_context(context);
 out:
-	krb5_free_string(context, k5err);
+	free(k5err);
 	return retval;
 }
 
@@ -1369,7 +1405,7 @@
 #endif
 	if (msg != NULL)
 		return msg;
-#if HAVE_KRB5
+#ifdef HAVE_KRB5
 	return strdup(error_message(code));
 #else
 	if (context != NULL)
Commit	Line	Data
7aa240b7 JR	1	--- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200
7aa240b7 JR	2	+++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200
7aa240b7 JR	3	@@ -56,7 +56,11 @@
	4	dnl of Heimdal Kerberos on SuSe
	5	elif test \( -f $dir/include/heim_err.h -o\
	6	-f $dir/include/heimdal/heim_err.h \) -a \
	7	- -f $dir/lib/libroken.a; then
	8	+ \( -f $dir/lib/libroken.a -o \
	9	+ -f $dir/lib64/libroken.a -o \
	10	+ -f $dir/lib64/libroken.so -o \
	11	+ -f $dir/lib/libroken.so \) ; then
	12	+ K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
	13	AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
	14	KRBDIR="$dir"
	15	gssapi_lib=gssapi
21904062 JB	16	--- nfs-utils-2.5.1/utils/gssd/krb5_util.c.orig 2020-06-18 19:10:06.000000000 +0200
	17	+++ nfs-utils-2.5.1/utils/gssd/krb5_util.c 2020-08-22 18:47:27.393014417 +0200
	18	@@ -484,7 +484,7 @@
	19	if (ccache)
	20	krb5_cc_close(context, ccache);
	21	krb5_free_cred_contents(context, &my_creds);
	22	- krb5_free_string(context, k5err);
	23	+ free(k5err);
	24	return (code);
	25	}
	26
	27	@@ -723,7 +723,7 @@
	28	"we failed to unparse principal name: %s\n",
	29	k5err);
	30	k5_free_kt_entry(context, kte);
	31	- krb5_free_string(context, k5err);
	32	+ free(k5err);
	33	k5err = NULL;
	34	continue;
	35	}
	36	@@ -770,7 +770,7 @@
	37	if (retval < 0)
	38	retval = 0;
	39	out:
	40	- krb5_free_string(context, k5err);
	41	+ free(k5err);
	42	return retval;
	43	}
	44
	45	@@ -836,7 +836,11 @@
	46	myhostad[i+1] = 0;
	47	}
	48	if (adhostoverride)
	49	+#ifdef HAVE_HEIMDAL
	50	+ free(adhostoverride);
	51	+#else
	52	krb5_free_string(context, adhostoverride);
	53	+#endif
	54
	55	if (!srchost) {
	56	retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
	57	@@ -927,7 +931,7 @@
	58	k5err = gssd_k5_err_msg(context, code);
	59	printerr(1, "%s while building principal for '%s'\n",
	60	k5err, spn);
	61	- krb5_free_string(context, k5err);
	62	+ free(k5err);
	63	k5err = NULL;
	64	continue;
	65	}
	66	@@ -937,7 +941,7 @@
	67	k5err = gssd_k5_err_msg(context, code);
	68	printerr(3, "%s while getting keytab entry for '%s'\n",
	69	k5err, spn);
	70	- krb5_free_string(context, k5err);
	71	+ free(k5err);
	72	k5err = NULL;
	73	/*
	74	* We tried the active directory machine account
	75	@@ -986,7 +990,7 @@
	76	k5_free_default_realm(context, default_realm);
	77	if (realmnames)
	78	krb5_free_host_realm(context, realmnames);
	79	- krb5_free_string(context, k5err);
80	+ free(k5err);
81	return retval;
82	}
83
84	@@ -1003,9 +1007,37 @@
7aa240b7 JR	85	{
	86	krb5_error_code ret;
	87	krb5_creds creds;
	88	- krb5_cc_cursor cur;
	89	int found = 0;
	90
	91	+#ifdef HAVE_HEIMDAL
	92	+ krb5_creds pattern;
	93	+ krb5_const_realm client_realm;
	94	+
	95	+ krb5_cc_clear_mcred(&pattern);
	96	+
	97	+ client_realm = krb5_principal_get_realm (context, principal);
	98	+
	99	+ ret = krb5_make_principal (context, &pattern.server,
	100	+ client_realm, KRB5_TGS_NAME, client_realm,
	101	+ NULL);
	102	+ if (ret)
	103	+ krb5_err (context, 1, ret, "krb5_make_principal");
	104	+ pattern.client = principal;
	105	+
	106	+ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
	107	+ krb5_free_principal (context, pattern.server);
	108	+ if (ret) {
	109	+ if (ret == KRB5_CC_END)
	110	+ return 1;
	111	+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
	112	+ }
	113	+
	114	+ found = creds.times.endtime > time(NULL);
	115	+
	116	+ krb5_free_cred_contents (context, &creds);
	117	+#else
	118	+ krb5_cc_cursor cur;
	119	+
	120	ret = krb5_cc_start_seq_get(context, ccache, &cur);
	121	if (ret)
	122	return 0;
21904062	123	@@ -1025,6 +1057,7 @@
7aa240b7 JR	124	krb5_free_cred_contents(context, &creds);
	125	}
	126	krb5_cc_end_seq_get(context, ccache, &cur);
	127	+#endif
	128
	129	return found;
	130	}
21904062	131	@@ -1071,6 +1104,9 @@
7aa240b7 JR	132	}
	133	krb5_free_principal(context, principal);
	134	err_princ:
	135	+#ifdef HAVE_HEIMDAL
	136	+#define KRB5_TC_OPENCLOSE 0x00000001
	137	+#endif
	138	krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
	139	krb5_cc_close(context, ccache);
	140	err_cache:
21904062 JB	141	@@ -1249,7 +1285,7 @@
	142	printerr(0, "WARNING: %s while resolving credential "
	143	"cache '%s' for destruction\n", k5err,
	144	ple->ccname);
	145	- krb5_free_string(context, k5err);
	146	+ free(k5err);
	147	k5err = NULL;
	148	continue;
	149	}
	150	@@ -1258,13 +1294,13 @@
	151	k5err = gssd_k5_err_msg(context, code);
	152	printerr(0, "WARNING: %s while destroying credential "
	153	"cache '%s'\n", k5err, ple->ccname);
	154	- krb5_free_string(context, k5err);
	155	+ free(k5err);
	156	k5err = NULL;
	157	}
	158	}
	159	krb5_free_context(context);
	160	out:
	161	- krb5_free_string(context, k5err);
	162	+ free(k5err);
	163	}
	164
	165	/*
	166	@@ -1347,7 +1383,7 @@
	167	out_free_context:
	168	krb5_free_context(context);
	169	out:
	170	- krb5_free_string(context, k5err);
	171	+ free(k5err);
	172	return retval;
	173	}
	174
	175	@@ -1369,7 +1405,7 @@
c17b6001 JB	176	#endif
	177	if (msg != NULL)
	178	return msg;
	179	-#if HAVE_KRB5
	180	+#ifdef HAVE_KRB5
	181	return strdup(error_message(code));
	182	#else
	183	if (context != NULL)