---- nfs-utils-1.0.9/configure.in.orig 2006-07-17 12:23:46.164440000 +0200
-+++ nfs-utils-1.0.9/configure.in 2006-07-18 13:06:53.474440000 +0200
-@@ -164,7 +164,8 @@
- AC_MSG_ERROR([variable PKG_CONFIG_PATH to /usr/local/lib/pkgconfig])
- ]
- )
-- PKG_CHECK_MODULES(GSSAPI, libgssapi >= 0.9)
-+ AC_CHECK_LIB(gssapi, main, [GSSAPI_LIBS="-lgssapi"], [AC_MSG_ERROR([Unable to locate libgssapi])])
-+ AC_SUBST(GSSAPI_LIBS)
- fi
+--- nfs-utils-1.2.3.dist/configure.ac.orig 2010-09-28 14:24:16.000000000 +0200
++++ nfs-utils-1.2.3.dist/configure.ac 2010-10-03 14:47:50.699424847 +0200
+@@ -246,12 +246,6 @@
+ dnl check for the keyutils libraries and headers
+ AC_KEYUTILS
+-
+- dnl librpcsecgss already has a dependency on libgssapi,
+- dnl but we need to make sure we get the right version
+- if test "$enable_gss" = yes; then
+- AC_RPCSEC_VERSION
+- fi
fi
-diff -ur nfs-utils-1.0.8/utils/gssd/context.c nfs-utils-1.0.8.heimdal/utils/gssd/context.c
---- nfs-utils-1.0.8/utils/gssd/context.c 2006-03-28 02:48:27.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/context.c 2006-05-05 20:03:21.000000000 +0200
-@@ -32,7 +32,7 @@
- #include <stdio.h>
- #include <syslog.h>
- #include <string.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #include <rpc/rpc.h>
- #include <rpc/auth_gss.h>
- #include "gss_util.h"
-diff -ur nfs-utils-1.0.8/utils/gssd/context_mit.c nfs-utils-1.0.8.heimdal/utils/gssd/context_mit.c
---- nfs-utils-1.0.8/utils/gssd/context_mit.c 2006-04-10 01:51:59.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/context_mit.c 2006-05-05 20:05:28.000000000 +0200
-@@ -32,7 +32,7 @@
- #include <stdio.h>
- #include <syslog.h>
- #include <string.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #include <rpc/rpc.h>
- #include <rpc/auth_gss.h>
- #include "gss_util.h"
-diff -ur nfs-utils-1.0.8/utils/gssd/context_spkm3.c nfs-utils-1.0.8.heimdal/utils/gssd/context_spkm3.c
---- nfs-utils-1.0.8/utils/gssd/context_spkm3.c 2006-04-10 01:51:59.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/context_spkm3.c 2006-05-05 20:05:36.000000000 +0200
-@@ -32,7 +32,7 @@
- #include <stdio.h>
- #include <syslog.h>
- #include <string.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #include <rpc/rpc.h>
- #include <rpc/auth_gss.h>
- #include "gss_util.h"
-diff -ur nfs-utils-1.0.8/utils/gssd/gss_oids.c nfs-utils-1.0.8.heimdal/utils/gssd/gss_oids.c
---- nfs-utils-1.0.8/utils/gssd/gss_oids.c 2005-08-26 03:20:13.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/gss_oids.c 2006-05-05 20:03:44.000000000 +0200
-@@ -29,7 +29,7 @@
- */
- #include <sys/types.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
+ if test "$knfsd_cv_glibc2" = no; then
+@@ -295,6 +289,11 @@
+ dnl Invoked after AC_KERBEROS_V5; AC_LIBRPCSECGSS needs to have KRBLIBS set
+ AC_LIBRPCSECGSS
- /* from kerberos source, gssapi_krb5.c */
- gss_OID_desc krb5oid =
-diff -ur nfs-utils-1.0.8/utils/gssd/gss_util.c nfs-utils-1.0.8.heimdal/utils/gssd/gss_util.c
---- nfs-utils-1.0.8/utils/gssd/gss_util.c 2005-08-26 03:27:18.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/gss_util.c 2006-05-05 20:04:08.000000000 +0200
-@@ -72,7 +72,7 @@
- #include <sys/param.h>
- #include <netdb.h>
- #include <fcntl.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #if defined(HAVE_KRB5) && !defined(GSS_C_NT_HOSTBASED_SERVICE)
- #include <gssapi/gssapi_generic.h>
- #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-diff -ur nfs-utils-1.0.8/utils/gssd/gssd.h nfs-utils-1.0.8.heimdal/utils/gssd/gssd.h
---- nfs-utils-1.0.8/utils/gssd/gssd.h 2006-03-28 02:50:03.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/gssd.h 2006-05-05 20:04:27.000000000 +0200
-@@ -33,7 +33,7 @@
++ dnl Invoked after AC_KERBEROS_V5
++ dnl AC_RPCSEC_VERSION needs to now which Kerberos implementation we're using
++ dnl librpcsecgss already has a dependency on libgssapi,
++ dnl but we need to make sure we get the right version
++ AC_RPCSEC_VERSION
+ fi
- #include <sys/types.h>
- #include <sys/queue.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
+ dnl Check for IPv6 support
+--- nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4.orig 2010-09-28 14:24:16.000000000 +0200
++++ nfs-utils-1.2.3.dist/aclocal/rpcsec_vers.m4 2010-10-03 14:53:06.379424854 +0200
+@@ -1,7 +1,10 @@
+ dnl Checks librpcsec version
+ AC_DEFUN([AC_RPCSEC_VERSION], [
- #define MAX_FILE_NAMELEN 32
- #define FD_ALLOC_BLOCK 32
-diff -ur nfs-utils-1.0.8/utils/gssd/gssd_proc.c nfs-utils-1.0.8.heimdal/utils/gssd/gssd_proc.c
---- nfs-utils-1.0.8/utils/gssd/gssd_proc.c 2006-04-10 11:57:20.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/gssd_proc.c 2006-05-05 20:04:35.000000000 +0200
-@@ -59,7 +59,7 @@
- #include <signal.h>
- #include <unistd.h>
- #include <errno.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #include <netdb.h>
+- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
++ dnl libgssglue is needed only for MIT Kerberos
++ if test "$gssapi_lib" = gssapi_krb5; then
++ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
++ fi
+
+ dnl TI-RPC replaces librpcsecgss
+ if test "$enable_tirpc" = no; then
+--- nfs-utils-1.2.3.dist/aclocal/kerberos5.m4~ 2010-09-28 14:24:16.000000000 +0200
++++ nfs-utils-1.2.3.dist/aclocal/kerberos5.m4 2010-10-03 14:13:17.274424855 +0200
+@@ -32,13 +32,13 @@
+ if test "$K5CONFIG" != ""; then
+ KRBCFLAGS=`$K5CONFIG --cflags`
+ KRBLIBS=`$K5CONFIG --libs gssapi`
+- K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
+ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
+ if test -f $dir/include/gssapi/gssapi_krb5.h -a \
+ \( -f $dir/lib/libgssapi_krb5.a -o \
+ -f $dir/lib64/libgssapi_krb5.a -o \
+ -f $dir/lib64/libgssapi_krb5.so -o \
+ -f $dir/lib/libgssapi_krb5.so \) ; then
++ K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
+ AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
+ KRBDIR="$dir"
+ dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
+@@ -56,7 +56,11 @@
+ dnl of Heimdal Kerberos on SuSe
+ elif test \( -f $dir/include/heim_err.h -o\
+ -f $dir/include/heimdal/heim_err.h \) -a \
+- -f $dir/lib/libroken.a; then
++ \( -f $dir/lib/libroken.a -o \
++ -f $dir/lib64/libroken.a -o \
++ -f $dir/lib64/libroken.so -o \
++ -f $dir/lib/libroken.so \) ; then
++ K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
+ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
+ KRBDIR="$dir"
+ gssapi_lib=gssapi
+--- nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c.orig 2010-09-28 14:24:16.000000000 +0200
++++ nfs-utils-1.2.3.dist/utils/gssd/context_lucid.c 2010-10-03 14:31:31.150424854 +0200
+@@ -267,8 +267,13 @@
+ int retcode = 0;
- #include "gssd.h"
-diff -ur nfs-utils-1.0.8/utils/gssd/krb5_util.c nfs-utils-1.0.8.heimdal/utils/gssd/krb5_util.c
---- nfs-utils-1.0.8/utils/gssd/krb5_util.c 2006-03-28 02:50:03.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/krb5_util.c 2006-05-05 20:04:53.000000000 +0200
-@@ -107,7 +107,7 @@
- #include <dirent.h>
+ printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
++#ifdef HAVE_HEIMDAL
++ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
++ 1, &return_ctx);
++#else
+ maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
+ 1, &return_ctx);
++#endif
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
+@@ -303,7 +308,11 @@
+ else
+ retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
+
++#ifdef HAVE_HEIMDAL
++ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
++#else
+ maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
++#endif
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_export_lucid_sec_context",
+ maj_stat, min_stat, &krb5oid);
+--- nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c.orig 2010-09-28 14:24:16.000000000 +0200
++++ nfs-utils-1.2.3.dist/utils/gssd/krb5_util.c 2010-10-03 14:33:07.992424854 +0200
+@@ -115,7 +115,7 @@
#include <errno.h>
#include <time.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
- #ifdef USE_PRIVATE_KRB5_FUNCTIONS
+ #include <gssapi/gssapi.h>
+-#ifdef USE_PRIVATE_KRB5_FUNCTIONS
++#ifdef HAVE_HEIMDAL
#include <gssapi/gssapi_krb5.h>
#endif
-diff -ur nfs-utils-1.0.8/utils/gssd/svcgssd.h nfs-utils-1.0.8.heimdal/utils/gssd/svcgssd.h
---- nfs-utils-1.0.8/utils/gssd/svcgssd.h 2006-03-27 02:30:09.000000000 +0200
-+++ nfs-utils-1.0.8.heimdal/utils/gssd/svcgssd.h 2006-05-05 20:05:02.000000000 +0200
-@@ -33,7 +33,7 @@
+ #include <krb5.h>
+@@ -927,9 +927,37 @@
+ {
+ krb5_error_code ret;
+ krb5_creds creds;
+- krb5_cc_cursor cur;
+ int found = 0;
+
++#ifdef HAVE_HEIMDAL
++ krb5_creds pattern;
++ krb5_const_realm client_realm;
++
++ krb5_cc_clear_mcred(&pattern);
++
++ client_realm = krb5_principal_get_realm (context, principal);
++
++ ret = krb5_make_principal (context, &pattern.server,
++ client_realm, KRB5_TGS_NAME, client_realm,
++ NULL);
++ if (ret)
++ krb5_err (context, 1, ret, "krb5_make_principal");
++ pattern.client = principal;
++
++ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
++ krb5_free_principal (context, pattern.server);
++ if (ret) {
++ if (ret == KRB5_CC_END)
++ return 1;
++ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
++ }
++
++ found = creds.times.endtime > time(NULL);
++
++ krb5_free_cred_contents (context, &creds);
++#else
++ krb5_cc_cursor cur;
++
+ ret = krb5_cc_start_seq_get(context, ccache, &cur);
+ if (ret)
+ return 0;
+@@ -949,6 +977,7 @@
+ krb5_free_cred_contents(context, &creds);
+ }
+ krb5_cc_end_seq_get(context, ccache, &cur);
++#endif
+
+ return found;
+ }
+@@ -995,6 +1024,9 @@
+ }
+ krb5_free_principal(context, principal);
+ err_princ:
++#ifdef HAVE_HEIMDAL
++#define KRB5_TC_OPENCLOSE 0x00000001
++#endif
+ krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
+ krb5_cc_close(context, ccache);
+ err_cache:
+@@ -1316,12 +1316,21 @@
+ * If we failed for any reason to produce global
+ * list of supported enctypes, use local default here.
+ */
++#ifdef HAVE_HEIMDAL
++ if (krb5_enctypes == NULL)
++ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
++ num_enctypes, enctypes);
++ else
++ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
++ num_krb5_enctypes, krb5_enctypes);
++#else
+ if (krb5_enctypes == NULL)
+ maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
+ &krb5oid, num_enctypes, enctypes);
+ else
+ maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
+ &krb5oid, num_krb5_enctypes, krb5_enctypes);
++#endif
- #include <sys/types.h>
- #include <sys/queue.h>
--#include <gssapi/gssapi.h>
-+#include <gssapi.h>
+ if (maj_stat != GSS_S_COMPLETE) {
+ pgsserr("gss_set_allowable_enctypes",
+--- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c~ 2011-06-30 15:00:42.000000000 +0200
++++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-08-03 12:40:53.865782009 +0200
+@@ -186,8 +186,13 @@
+ num_enctypes = default_num_enctypes;
+ }
- void handle_nullreq(FILE *f);
- void gssd_run(void);
++#ifdef HAVE_HEIMDAL
++ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
++ num_enctypes, enctypes);
++#else
+ maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
+ &krb5oid, num_enctypes, enctypes);
++#endif
+ if (maj_stat != GSS_S_COMPLETE) {
+ printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
+ pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",
projects / packages / nfs-utils.git / blobdiff